xref: /OK3568_Linux_fs/kernel/arch/arm64/crypto/aes-ce-ccm-glue.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * aes-ccm-glue.c - AES-CCM transform for ARMv8 with Crypto Extensions
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
6*4882a593Smuzhiyun  */
7*4882a593Smuzhiyun 
8*4882a593Smuzhiyun #include <asm/neon.h>
9*4882a593Smuzhiyun #include <asm/simd.h>
10*4882a593Smuzhiyun #include <asm/unaligned.h>
11*4882a593Smuzhiyun #include <crypto/aes.h>
12*4882a593Smuzhiyun #include <crypto/scatterwalk.h>
13*4882a593Smuzhiyun #include <crypto/internal/aead.h>
14*4882a593Smuzhiyun #include <crypto/internal/simd.h>
15*4882a593Smuzhiyun #include <crypto/internal/skcipher.h>
16*4882a593Smuzhiyun #include <linux/module.h>
17*4882a593Smuzhiyun 
18*4882a593Smuzhiyun #include "aes-ce-setkey.h"
19*4882a593Smuzhiyun 
num_rounds(struct crypto_aes_ctx * ctx)20*4882a593Smuzhiyun static int num_rounds(struct crypto_aes_ctx *ctx)
21*4882a593Smuzhiyun {
22*4882a593Smuzhiyun 	/*
23*4882a593Smuzhiyun 	 * # of rounds specified by AES:
24*4882a593Smuzhiyun 	 * 128 bit key		10 rounds
25*4882a593Smuzhiyun 	 * 192 bit key		12 rounds
26*4882a593Smuzhiyun 	 * 256 bit key		14 rounds
27*4882a593Smuzhiyun 	 * => n byte key	=> 6 + (n/4) rounds
28*4882a593Smuzhiyun 	 */
29*4882a593Smuzhiyun 	return 6 + ctx->key_length / 4;
30*4882a593Smuzhiyun }
31*4882a593Smuzhiyun 
32*4882a593Smuzhiyun asmlinkage void ce_aes_ccm_auth_data(u8 mac[], u8 const in[], u32 abytes,
33*4882a593Smuzhiyun 				     u32 *macp, u32 const rk[], u32 rounds);
34*4882a593Smuzhiyun 
35*4882a593Smuzhiyun asmlinkage void ce_aes_ccm_encrypt(u8 out[], u8 const in[], u32 cbytes,
36*4882a593Smuzhiyun 				   u32 const rk[], u32 rounds, u8 mac[],
37*4882a593Smuzhiyun 				   u8 ctr[]);
38*4882a593Smuzhiyun 
39*4882a593Smuzhiyun asmlinkage void ce_aes_ccm_decrypt(u8 out[], u8 const in[], u32 cbytes,
40*4882a593Smuzhiyun 				   u32 const rk[], u32 rounds, u8 mac[],
41*4882a593Smuzhiyun 				   u8 ctr[]);
42*4882a593Smuzhiyun 
43*4882a593Smuzhiyun asmlinkage void ce_aes_ccm_final(u8 mac[], u8 const ctr[], u32 const rk[],
44*4882a593Smuzhiyun 				 u32 rounds);
45*4882a593Smuzhiyun 
ccm_setkey(struct crypto_aead * tfm,const u8 * in_key,unsigned int key_len)46*4882a593Smuzhiyun static int ccm_setkey(struct crypto_aead *tfm, const u8 *in_key,
47*4882a593Smuzhiyun 		      unsigned int key_len)
48*4882a593Smuzhiyun {
49*4882a593Smuzhiyun 	struct crypto_aes_ctx *ctx = crypto_aead_ctx(tfm);
50*4882a593Smuzhiyun 
51*4882a593Smuzhiyun 	return ce_aes_expandkey(ctx, in_key, key_len);
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun 
ccm_setauthsize(struct crypto_aead * tfm,unsigned int authsize)54*4882a593Smuzhiyun static int ccm_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
55*4882a593Smuzhiyun {
56*4882a593Smuzhiyun 	if ((authsize & 1) || authsize < 4)
57*4882a593Smuzhiyun 		return -EINVAL;
58*4882a593Smuzhiyun 	return 0;
59*4882a593Smuzhiyun }
60*4882a593Smuzhiyun 
ccm_init_mac(struct aead_request * req,u8 maciv[],u32 msglen)61*4882a593Smuzhiyun static int ccm_init_mac(struct aead_request *req, u8 maciv[], u32 msglen)
62*4882a593Smuzhiyun {
63*4882a593Smuzhiyun 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
64*4882a593Smuzhiyun 	__be32 *n = (__be32 *)&maciv[AES_BLOCK_SIZE - 8];
65*4882a593Smuzhiyun 	u32 l = req->iv[0] + 1;
66*4882a593Smuzhiyun 
67*4882a593Smuzhiyun 	/* verify that CCM dimension 'L' is set correctly in the IV */
68*4882a593Smuzhiyun 	if (l < 2 || l > 8)
69*4882a593Smuzhiyun 		return -EINVAL;
70*4882a593Smuzhiyun 
71*4882a593Smuzhiyun 	/* verify that msglen can in fact be represented in L bytes */
72*4882a593Smuzhiyun 	if (l < 4 && msglen >> (8 * l))
73*4882a593Smuzhiyun 		return -EOVERFLOW;
74*4882a593Smuzhiyun 
75*4882a593Smuzhiyun 	/*
76*4882a593Smuzhiyun 	 * Even if the CCM spec allows L values of up to 8, the Linux cryptoapi
77*4882a593Smuzhiyun 	 * uses a u32 type to represent msglen so the top 4 bytes are always 0.
78*4882a593Smuzhiyun 	 */
79*4882a593Smuzhiyun 	n[0] = 0;
80*4882a593Smuzhiyun 	n[1] = cpu_to_be32(msglen);
81*4882a593Smuzhiyun 
82*4882a593Smuzhiyun 	memcpy(maciv, req->iv, AES_BLOCK_SIZE - l);
83*4882a593Smuzhiyun 
84*4882a593Smuzhiyun 	/*
85*4882a593Smuzhiyun 	 * Meaning of byte 0 according to CCM spec (RFC 3610/NIST 800-38C)
86*4882a593Smuzhiyun 	 * - bits 0..2	: max # of bytes required to represent msglen, minus 1
87*4882a593Smuzhiyun 	 *                (already set by caller)
88*4882a593Smuzhiyun 	 * - bits 3..5	: size of auth tag (1 => 4 bytes, 2 => 6 bytes, etc)
89*4882a593Smuzhiyun 	 * - bit 6	: indicates presence of authenticate-only data
90*4882a593Smuzhiyun 	 */
91*4882a593Smuzhiyun 	maciv[0] |= (crypto_aead_authsize(aead) - 2) << 2;
92*4882a593Smuzhiyun 	if (req->assoclen)
93*4882a593Smuzhiyun 		maciv[0] |= 0x40;
94*4882a593Smuzhiyun 
95*4882a593Smuzhiyun 	memset(&req->iv[AES_BLOCK_SIZE - l], 0, l);
96*4882a593Smuzhiyun 	return 0;
97*4882a593Smuzhiyun }
98*4882a593Smuzhiyun 
ccm_update_mac(struct crypto_aes_ctx * key,u8 mac[],u8 const in[],u32 abytes,u32 * macp)99*4882a593Smuzhiyun static void ccm_update_mac(struct crypto_aes_ctx *key, u8 mac[], u8 const in[],
100*4882a593Smuzhiyun 			   u32 abytes, u32 *macp)
101*4882a593Smuzhiyun {
102*4882a593Smuzhiyun 	if (crypto_simd_usable()) {
103*4882a593Smuzhiyun 		kernel_neon_begin();
104*4882a593Smuzhiyun 		ce_aes_ccm_auth_data(mac, in, abytes, macp, key->key_enc,
105*4882a593Smuzhiyun 				     num_rounds(key));
106*4882a593Smuzhiyun 		kernel_neon_end();
107*4882a593Smuzhiyun 	} else {
108*4882a593Smuzhiyun 		if (*macp > 0 && *macp < AES_BLOCK_SIZE) {
109*4882a593Smuzhiyun 			int added = min(abytes, AES_BLOCK_SIZE - *macp);
110*4882a593Smuzhiyun 
111*4882a593Smuzhiyun 			crypto_xor(&mac[*macp], in, added);
112*4882a593Smuzhiyun 
113*4882a593Smuzhiyun 			*macp += added;
114*4882a593Smuzhiyun 			in += added;
115*4882a593Smuzhiyun 			abytes -= added;
116*4882a593Smuzhiyun 		}
117*4882a593Smuzhiyun 
118*4882a593Smuzhiyun 		while (abytes >= AES_BLOCK_SIZE) {
119*4882a593Smuzhiyun 			aes_encrypt(key, mac, mac);
120*4882a593Smuzhiyun 			crypto_xor(mac, in, AES_BLOCK_SIZE);
121*4882a593Smuzhiyun 
122*4882a593Smuzhiyun 			in += AES_BLOCK_SIZE;
123*4882a593Smuzhiyun 			abytes -= AES_BLOCK_SIZE;
124*4882a593Smuzhiyun 		}
125*4882a593Smuzhiyun 
126*4882a593Smuzhiyun 		if (abytes > 0) {
127*4882a593Smuzhiyun 			aes_encrypt(key, mac, mac);
128*4882a593Smuzhiyun 			crypto_xor(mac, in, abytes);
129*4882a593Smuzhiyun 			*macp = abytes;
130*4882a593Smuzhiyun 		}
131*4882a593Smuzhiyun 	}
132*4882a593Smuzhiyun }
133*4882a593Smuzhiyun 
ccm_calculate_auth_mac(struct aead_request * req,u8 mac[])134*4882a593Smuzhiyun static void ccm_calculate_auth_mac(struct aead_request *req, u8 mac[])
135*4882a593Smuzhiyun {
136*4882a593Smuzhiyun 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
137*4882a593Smuzhiyun 	struct crypto_aes_ctx *ctx = crypto_aead_ctx(aead);
138*4882a593Smuzhiyun 	struct __packed { __be16 l; __be32 h; u16 len; } ltag;
139*4882a593Smuzhiyun 	struct scatter_walk walk;
140*4882a593Smuzhiyun 	u32 len = req->assoclen;
141*4882a593Smuzhiyun 	u32 macp = 0;
142*4882a593Smuzhiyun 
143*4882a593Smuzhiyun 	/* prepend the AAD with a length tag */
144*4882a593Smuzhiyun 	if (len < 0xff00) {
145*4882a593Smuzhiyun 		ltag.l = cpu_to_be16(len);
146*4882a593Smuzhiyun 		ltag.len = 2;
147*4882a593Smuzhiyun 	} else  {
148*4882a593Smuzhiyun 		ltag.l = cpu_to_be16(0xfffe);
149*4882a593Smuzhiyun 		put_unaligned_be32(len, &ltag.h);
150*4882a593Smuzhiyun 		ltag.len = 6;
151*4882a593Smuzhiyun 	}
152*4882a593Smuzhiyun 
153*4882a593Smuzhiyun 	ccm_update_mac(ctx, mac, (u8 *)&ltag, ltag.len, &macp);
154*4882a593Smuzhiyun 	scatterwalk_start(&walk, req->src);
155*4882a593Smuzhiyun 
156*4882a593Smuzhiyun 	do {
157*4882a593Smuzhiyun 		u32 n = scatterwalk_clamp(&walk, len);
158*4882a593Smuzhiyun 		u8 *p;
159*4882a593Smuzhiyun 
160*4882a593Smuzhiyun 		if (!n) {
161*4882a593Smuzhiyun 			scatterwalk_start(&walk, sg_next(walk.sg));
162*4882a593Smuzhiyun 			n = scatterwalk_clamp(&walk, len);
163*4882a593Smuzhiyun 		}
164*4882a593Smuzhiyun 		p = scatterwalk_map(&walk);
165*4882a593Smuzhiyun 		ccm_update_mac(ctx, mac, p, n, &macp);
166*4882a593Smuzhiyun 		len -= n;
167*4882a593Smuzhiyun 
168*4882a593Smuzhiyun 		scatterwalk_unmap(p);
169*4882a593Smuzhiyun 		scatterwalk_advance(&walk, n);
170*4882a593Smuzhiyun 		scatterwalk_done(&walk, 0, len);
171*4882a593Smuzhiyun 	} while (len);
172*4882a593Smuzhiyun }
173*4882a593Smuzhiyun 
ccm_crypt_fallback(struct skcipher_walk * walk,u8 mac[],u8 iv0[],struct crypto_aes_ctx * ctx,bool enc)174*4882a593Smuzhiyun static int ccm_crypt_fallback(struct skcipher_walk *walk, u8 mac[], u8 iv0[],
175*4882a593Smuzhiyun 			      struct crypto_aes_ctx *ctx, bool enc)
176*4882a593Smuzhiyun {
177*4882a593Smuzhiyun 	u8 buf[AES_BLOCK_SIZE];
178*4882a593Smuzhiyun 	int err = 0;
179*4882a593Smuzhiyun 
180*4882a593Smuzhiyun 	while (walk->nbytes) {
181*4882a593Smuzhiyun 		int blocks = walk->nbytes / AES_BLOCK_SIZE;
182*4882a593Smuzhiyun 		u32 tail = walk->nbytes % AES_BLOCK_SIZE;
183*4882a593Smuzhiyun 		u8 *dst = walk->dst.virt.addr;
184*4882a593Smuzhiyun 		u8 *src = walk->src.virt.addr;
185*4882a593Smuzhiyun 		u32 nbytes = walk->nbytes;
186*4882a593Smuzhiyun 
187*4882a593Smuzhiyun 		if (nbytes == walk->total && tail > 0) {
188*4882a593Smuzhiyun 			blocks++;
189*4882a593Smuzhiyun 			tail = 0;
190*4882a593Smuzhiyun 		}
191*4882a593Smuzhiyun 
192*4882a593Smuzhiyun 		do {
193*4882a593Smuzhiyun 			u32 bsize = AES_BLOCK_SIZE;
194*4882a593Smuzhiyun 
195*4882a593Smuzhiyun 			if (nbytes < AES_BLOCK_SIZE)
196*4882a593Smuzhiyun 				bsize = nbytes;
197*4882a593Smuzhiyun 
198*4882a593Smuzhiyun 			crypto_inc(walk->iv, AES_BLOCK_SIZE);
199*4882a593Smuzhiyun 			aes_encrypt(ctx, buf, walk->iv);
200*4882a593Smuzhiyun 			aes_encrypt(ctx, mac, mac);
201*4882a593Smuzhiyun 			if (enc)
202*4882a593Smuzhiyun 				crypto_xor(mac, src, bsize);
203*4882a593Smuzhiyun 			crypto_xor_cpy(dst, src, buf, bsize);
204*4882a593Smuzhiyun 			if (!enc)
205*4882a593Smuzhiyun 				crypto_xor(mac, dst, bsize);
206*4882a593Smuzhiyun 			dst += bsize;
207*4882a593Smuzhiyun 			src += bsize;
208*4882a593Smuzhiyun 			nbytes -= bsize;
209*4882a593Smuzhiyun 		} while (--blocks);
210*4882a593Smuzhiyun 
211*4882a593Smuzhiyun 		err = skcipher_walk_done(walk, tail);
212*4882a593Smuzhiyun 	}
213*4882a593Smuzhiyun 
214*4882a593Smuzhiyun 	if (!err) {
215*4882a593Smuzhiyun 		aes_encrypt(ctx, buf, iv0);
216*4882a593Smuzhiyun 		aes_encrypt(ctx, mac, mac);
217*4882a593Smuzhiyun 		crypto_xor(mac, buf, AES_BLOCK_SIZE);
218*4882a593Smuzhiyun 	}
219*4882a593Smuzhiyun 	return err;
220*4882a593Smuzhiyun }
221*4882a593Smuzhiyun 
ccm_encrypt(struct aead_request * req)222*4882a593Smuzhiyun static int ccm_encrypt(struct aead_request *req)
223*4882a593Smuzhiyun {
224*4882a593Smuzhiyun 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
225*4882a593Smuzhiyun 	struct crypto_aes_ctx *ctx = crypto_aead_ctx(aead);
226*4882a593Smuzhiyun 	struct skcipher_walk walk;
227*4882a593Smuzhiyun 	u8 __aligned(8) mac[AES_BLOCK_SIZE];
228*4882a593Smuzhiyun 	u8 buf[AES_BLOCK_SIZE];
229*4882a593Smuzhiyun 	u32 len = req->cryptlen;
230*4882a593Smuzhiyun 	int err;
231*4882a593Smuzhiyun 
232*4882a593Smuzhiyun 	err = ccm_init_mac(req, mac, len);
233*4882a593Smuzhiyun 	if (err)
234*4882a593Smuzhiyun 		return err;
235*4882a593Smuzhiyun 
236*4882a593Smuzhiyun 	if (req->assoclen)
237*4882a593Smuzhiyun 		ccm_calculate_auth_mac(req, mac);
238*4882a593Smuzhiyun 
239*4882a593Smuzhiyun 	/* preserve the original iv for the final round */
240*4882a593Smuzhiyun 	memcpy(buf, req->iv, AES_BLOCK_SIZE);
241*4882a593Smuzhiyun 
242*4882a593Smuzhiyun 	err = skcipher_walk_aead_encrypt(&walk, req, false);
243*4882a593Smuzhiyun 
244*4882a593Smuzhiyun 	if (crypto_simd_usable()) {
245*4882a593Smuzhiyun 		while (walk.nbytes) {
246*4882a593Smuzhiyun 			u32 tail = walk.nbytes % AES_BLOCK_SIZE;
247*4882a593Smuzhiyun 
248*4882a593Smuzhiyun 			if (walk.nbytes == walk.total)
249*4882a593Smuzhiyun 				tail = 0;
250*4882a593Smuzhiyun 
251*4882a593Smuzhiyun 			kernel_neon_begin();
252*4882a593Smuzhiyun 			ce_aes_ccm_encrypt(walk.dst.virt.addr,
253*4882a593Smuzhiyun 					   walk.src.virt.addr,
254*4882a593Smuzhiyun 					   walk.nbytes - tail, ctx->key_enc,
255*4882a593Smuzhiyun 					   num_rounds(ctx), mac, walk.iv);
256*4882a593Smuzhiyun 			kernel_neon_end();
257*4882a593Smuzhiyun 
258*4882a593Smuzhiyun 			err = skcipher_walk_done(&walk, tail);
259*4882a593Smuzhiyun 		}
260*4882a593Smuzhiyun 		if (!err) {
261*4882a593Smuzhiyun 			kernel_neon_begin();
262*4882a593Smuzhiyun 			ce_aes_ccm_final(mac, buf, ctx->key_enc,
263*4882a593Smuzhiyun 					 num_rounds(ctx));
264*4882a593Smuzhiyun 			kernel_neon_end();
265*4882a593Smuzhiyun 		}
266*4882a593Smuzhiyun 	} else {
267*4882a593Smuzhiyun 		err = ccm_crypt_fallback(&walk, mac, buf, ctx, true);
268*4882a593Smuzhiyun 	}
269*4882a593Smuzhiyun 	if (err)
270*4882a593Smuzhiyun 		return err;
271*4882a593Smuzhiyun 
272*4882a593Smuzhiyun 	/* copy authtag to end of dst */
273*4882a593Smuzhiyun 	scatterwalk_map_and_copy(mac, req->dst, req->assoclen + req->cryptlen,
274*4882a593Smuzhiyun 				 crypto_aead_authsize(aead), 1);
275*4882a593Smuzhiyun 
276*4882a593Smuzhiyun 	return 0;
277*4882a593Smuzhiyun }
278*4882a593Smuzhiyun 
ccm_decrypt(struct aead_request * req)279*4882a593Smuzhiyun static int ccm_decrypt(struct aead_request *req)
280*4882a593Smuzhiyun {
281*4882a593Smuzhiyun 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
282*4882a593Smuzhiyun 	struct crypto_aes_ctx *ctx = crypto_aead_ctx(aead);
283*4882a593Smuzhiyun 	unsigned int authsize = crypto_aead_authsize(aead);
284*4882a593Smuzhiyun 	struct skcipher_walk walk;
285*4882a593Smuzhiyun 	u8 __aligned(8) mac[AES_BLOCK_SIZE];
286*4882a593Smuzhiyun 	u8 buf[AES_BLOCK_SIZE];
287*4882a593Smuzhiyun 	u32 len = req->cryptlen - authsize;
288*4882a593Smuzhiyun 	int err;
289*4882a593Smuzhiyun 
290*4882a593Smuzhiyun 	err = ccm_init_mac(req, mac, len);
291*4882a593Smuzhiyun 	if (err)
292*4882a593Smuzhiyun 		return err;
293*4882a593Smuzhiyun 
294*4882a593Smuzhiyun 	if (req->assoclen)
295*4882a593Smuzhiyun 		ccm_calculate_auth_mac(req, mac);
296*4882a593Smuzhiyun 
297*4882a593Smuzhiyun 	/* preserve the original iv for the final round */
298*4882a593Smuzhiyun 	memcpy(buf, req->iv, AES_BLOCK_SIZE);
299*4882a593Smuzhiyun 
300*4882a593Smuzhiyun 	err = skcipher_walk_aead_decrypt(&walk, req, false);
301*4882a593Smuzhiyun 
302*4882a593Smuzhiyun 	if (crypto_simd_usable()) {
303*4882a593Smuzhiyun 		while (walk.nbytes) {
304*4882a593Smuzhiyun 			u32 tail = walk.nbytes % AES_BLOCK_SIZE;
305*4882a593Smuzhiyun 
306*4882a593Smuzhiyun 			if (walk.nbytes == walk.total)
307*4882a593Smuzhiyun 				tail = 0;
308*4882a593Smuzhiyun 
309*4882a593Smuzhiyun 			kernel_neon_begin();
310*4882a593Smuzhiyun 			ce_aes_ccm_decrypt(walk.dst.virt.addr,
311*4882a593Smuzhiyun 					   walk.src.virt.addr,
312*4882a593Smuzhiyun 					   walk.nbytes - tail, ctx->key_enc,
313*4882a593Smuzhiyun 					   num_rounds(ctx), mac, walk.iv);
314*4882a593Smuzhiyun 			kernel_neon_end();
315*4882a593Smuzhiyun 
316*4882a593Smuzhiyun 			err = skcipher_walk_done(&walk, tail);
317*4882a593Smuzhiyun 		}
318*4882a593Smuzhiyun 		if (!err) {
319*4882a593Smuzhiyun 			kernel_neon_begin();
320*4882a593Smuzhiyun 			ce_aes_ccm_final(mac, buf, ctx->key_enc,
321*4882a593Smuzhiyun 					 num_rounds(ctx));
322*4882a593Smuzhiyun 			kernel_neon_end();
323*4882a593Smuzhiyun 		}
324*4882a593Smuzhiyun 	} else {
325*4882a593Smuzhiyun 		err = ccm_crypt_fallback(&walk, mac, buf, ctx, false);
326*4882a593Smuzhiyun 	}
327*4882a593Smuzhiyun 
328*4882a593Smuzhiyun 	if (err)
329*4882a593Smuzhiyun 		return err;
330*4882a593Smuzhiyun 
331*4882a593Smuzhiyun 	/* compare calculated auth tag with the stored one */
332*4882a593Smuzhiyun 	scatterwalk_map_and_copy(buf, req->src,
333*4882a593Smuzhiyun 				 req->assoclen + req->cryptlen - authsize,
334*4882a593Smuzhiyun 				 authsize, 0);
335*4882a593Smuzhiyun 
336*4882a593Smuzhiyun 	if (crypto_memneq(mac, buf, authsize))
337*4882a593Smuzhiyun 		return -EBADMSG;
338*4882a593Smuzhiyun 	return 0;
339*4882a593Smuzhiyun }
340*4882a593Smuzhiyun 
341*4882a593Smuzhiyun static struct aead_alg ccm_aes_alg = {
342*4882a593Smuzhiyun 	.base = {
343*4882a593Smuzhiyun 		.cra_name		= "ccm(aes)",
344*4882a593Smuzhiyun 		.cra_driver_name	= "ccm-aes-ce",
345*4882a593Smuzhiyun 		.cra_priority		= 300,
346*4882a593Smuzhiyun 		.cra_blocksize		= 1,
347*4882a593Smuzhiyun 		.cra_ctxsize		= sizeof(struct crypto_aes_ctx),
348*4882a593Smuzhiyun 		.cra_module		= THIS_MODULE,
349*4882a593Smuzhiyun 	},
350*4882a593Smuzhiyun 	.ivsize		= AES_BLOCK_SIZE,
351*4882a593Smuzhiyun 	.chunksize	= AES_BLOCK_SIZE,
352*4882a593Smuzhiyun 	.maxauthsize	= AES_BLOCK_SIZE,
353*4882a593Smuzhiyun 	.setkey		= ccm_setkey,
354*4882a593Smuzhiyun 	.setauthsize	= ccm_setauthsize,
355*4882a593Smuzhiyun 	.encrypt	= ccm_encrypt,
356*4882a593Smuzhiyun 	.decrypt	= ccm_decrypt,
357*4882a593Smuzhiyun };
358*4882a593Smuzhiyun 
aes_mod_init(void)359*4882a593Smuzhiyun static int __init aes_mod_init(void)
360*4882a593Smuzhiyun {
361*4882a593Smuzhiyun 	if (!cpu_have_named_feature(AES))
362*4882a593Smuzhiyun 		return -ENODEV;
363*4882a593Smuzhiyun 	return crypto_register_aead(&ccm_aes_alg);
364*4882a593Smuzhiyun }
365*4882a593Smuzhiyun 
aes_mod_exit(void)366*4882a593Smuzhiyun static void __exit aes_mod_exit(void)
367*4882a593Smuzhiyun {
368*4882a593Smuzhiyun 	crypto_unregister_aead(&ccm_aes_alg);
369*4882a593Smuzhiyun }
370*4882a593Smuzhiyun 
371*4882a593Smuzhiyun module_init(aes_mod_init);
372*4882a593Smuzhiyun module_exit(aes_mod_exit);
373*4882a593Smuzhiyun 
374*4882a593Smuzhiyun MODULE_DESCRIPTION("Synchronous AES in CCM mode using ARMv8 Crypto Extensions");
375*4882a593Smuzhiyun MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
376*4882a593Smuzhiyun MODULE_LICENSE("GPL v2");
377*4882a593Smuzhiyun MODULE_ALIAS_CRYPTO("ccm(aes)");
378