1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * sun4i-ss-cipher.c - hardware cryptographic accelerator for Allwinner A20 SoC
5 * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
7 * This file add support for AES cipher with 128,192,256 bits
8 * keysize in CBC and ECB mode.
9 * Add support also for DES and 3DES in CBC and ECB mode.
11 * You could find the datasheet in Documentation/arm/sunxi.rst
15 static int noinline_for_stack sun4i_ss_opti_poll(struct skcipher_request *areq)
17 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
18 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
19 struct sun4i_ss_ctx *ss = op->ss;
20 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
21 struct sun4i_cipher_req_ctx *ctx = skcipher_request_ctx(areq);
23 void *backup_iv = NULL;
24 /* when activating SS, the default FIFO space is SS_RX_DEFAULT(32) */
25 u32 rx_cnt = SS_RX_DEFAULT;
31 unsigned int ileft = areq->cryptlen;
32 unsigned int oleft = areq->cryptlen;
34 unsigned long pi = 0, po = 0; /* progress for in and out */
36 struct sg_mapping_iter mi, mo;
37 unsigned int oi, oo; /* offset for in and out */
43 if (!areq->src || !areq->dst) {
44 dev_err_ratelimited(ss->dev, "ERROR: Some SGs are NULL\n");
48 if (areq->iv && ivsize > 0 && mode & SS_DECRYPTION) {
49 backup_iv = kzalloc(ivsize, GFP_KERNEL);
52 scatterwalk_map_and_copy(backup_iv, areq->src, areq->cryptlen - ivsize, ivsize, 0);
55 spin_lock_irqsave(&ss->slock, flags);
57 for (i = 0; i < op->keylen / 4; i++)
58 writesl(ss->base + SS_KEY0 + i * 4, &op->key[i], 1);
61 for (i = 0; i < 4 && i < ivsize / 4; i++) {
62 v = *(u32 *)(areq->iv + i * 4);
63 writesl(ss->base + SS_IV0 + i * 4, &v, 1);
66 writel(mode, ss->base + SS_CTL);
69 ileft = areq->cryptlen / 4;
70 oleft = areq->cryptlen / 4;
75 sg_miter_start(&mi, areq->src, sg_nents(areq->src),
76 SG_MITER_FROM_SG | SG_MITER_ATOMIC);
78 sg_miter_skip(&mi, pi);
79 miter_err = sg_miter_next(&mi);
80 if (!miter_err || !mi.addr) {
81 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
85 todo = min(rx_cnt, ileft);
86 todo = min_t(size_t, todo, (mi.length - oi) / 4);
89 writesl(ss->base + SS_RXFIFO, mi.addr + oi, todo);
92 if (oi == mi.length) {
99 spaces = readl(ss->base + SS_FCSR);
100 rx_cnt = SS_RXFIFO_SPACES(spaces);
101 tx_cnt = SS_TXFIFO_SPACES(spaces);
103 sg_miter_start(&mo, areq->dst, sg_nents(areq->dst),
104 SG_MITER_TO_SG | SG_MITER_ATOMIC);
106 sg_miter_skip(&mo, po);
107 miter_err = sg_miter_next(&mo);
108 if (!miter_err || !mo.addr) {
109 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
113 todo = min(tx_cnt, oleft);
114 todo = min_t(size_t, todo, (mo.length - oo) / 4);
117 readsl(ss->base + SS_TXFIFO, mo.addr + oo, todo);
120 if (oo == mo.length) {
128 if (mode & SS_DECRYPTION) {
129 memcpy(areq->iv, backup_iv, ivsize);
130 kfree_sensitive(backup_iv);
132 scatterwalk_map_and_copy(areq->iv, areq->dst, areq->cryptlen - ivsize,
138 writel(0, ss->base + SS_CTL);
139 spin_unlock_irqrestore(&ss->slock, flags);
144 static int noinline_for_stack sun4i_ss_cipher_poll_fallback(struct skcipher_request *areq)
146 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
147 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
148 struct sun4i_cipher_req_ctx *ctx = skcipher_request_ctx(areq);
151 skcipher_request_set_tfm(&ctx->fallback_req, op->fallback_tfm);
152 skcipher_request_set_callback(&ctx->fallback_req, areq->base.flags,
153 areq->base.complete, areq->base.data);
154 skcipher_request_set_crypt(&ctx->fallback_req, areq->src, areq->dst,
155 areq->cryptlen, areq->iv);
156 if (ctx->mode & SS_DECRYPTION)
157 err = crypto_skcipher_decrypt(&ctx->fallback_req);
159 err = crypto_skcipher_encrypt(&ctx->fallback_req);
164 /* Generic function that support SG with size not multiple of 4 */
165 static int sun4i_ss_cipher_poll(struct skcipher_request *areq)
167 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
168 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
169 struct sun4i_ss_ctx *ss = op->ss;
171 struct scatterlist *in_sg = areq->src;
172 struct scatterlist *out_sg = areq->dst;
173 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
174 struct sun4i_cipher_req_ctx *ctx = skcipher_request_ctx(areq);
175 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
176 struct sun4i_ss_alg_template *algt;
177 u32 mode = ctx->mode;
178 /* when activating SS, the default FIFO space is SS_RX_DEFAULT(32) */
179 u32 rx_cnt = SS_RX_DEFAULT;
185 unsigned int ileft = areq->cryptlen;
186 unsigned int oleft = areq->cryptlen;
188 void *backup_iv = NULL;
189 struct sg_mapping_iter mi, mo;
190 unsigned long pi = 0, po = 0; /* progress for in and out */
192 unsigned int oi, oo; /* offset for in and out */
193 unsigned int ob = 0; /* offset in buf */
194 unsigned int obo = 0; /* offset in bufo*/
195 unsigned int obl = 0; /* length of data in bufo */
197 bool need_fallback = false;
202 if (!areq->src || !areq->dst) {
203 dev_err_ratelimited(ss->dev, "ERROR: Some SGs are NULL\n");
207 algt = container_of(alg, struct sun4i_ss_alg_template, alg.crypto);
208 if (areq->cryptlen % algt->alg.crypto.base.cra_blocksize)
209 need_fallback = true;
212 * if we have only SGs with size multiple of 4,
213 * we can use the SS optimized function
215 while (in_sg && no_chunk == 1) {
216 if ((in_sg->length | in_sg->offset) & 3u)
218 in_sg = sg_next(in_sg);
220 while (out_sg && no_chunk == 1) {
221 if ((out_sg->length | out_sg->offset) & 3u)
223 out_sg = sg_next(out_sg);
226 if (no_chunk == 1 && !need_fallback)
227 return sun4i_ss_opti_poll(areq);
230 return sun4i_ss_cipher_poll_fallback(areq);
232 if (areq->iv && ivsize > 0 && mode & SS_DECRYPTION) {
233 backup_iv = kzalloc(ivsize, GFP_KERNEL);
236 scatterwalk_map_and_copy(backup_iv, areq->src, areq->cryptlen - ivsize, ivsize, 0);
239 spin_lock_irqsave(&ss->slock, flags);
241 for (i = 0; i < op->keylen / 4; i++)
242 writesl(ss->base + SS_KEY0 + i * 4, &op->key[i], 1);
245 for (i = 0; i < 4 && i < ivsize / 4; i++) {
246 v = *(u32 *)(areq->iv + i * 4);
247 writesl(ss->base + SS_IV0 + i * 4, &v, 1);
250 writel(mode, ss->base + SS_CTL);
252 ileft = areq->cryptlen;
253 oleft = areq->cryptlen;
259 sg_miter_start(&mi, areq->src, sg_nents(areq->src),
260 SG_MITER_FROM_SG | SG_MITER_ATOMIC);
262 sg_miter_skip(&mi, pi);
263 miter_err = sg_miter_next(&mi);
264 if (!miter_err || !mi.addr) {
265 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
270 * todo is the number of consecutive 4byte word that we
271 * can read from current SG
273 todo = min(rx_cnt, ileft / 4);
274 todo = min_t(size_t, todo, (mi.length - oi) / 4);
276 writesl(ss->base + SS_RXFIFO, mi.addr + oi,
282 * not enough consecutive bytes, so we need to
283 * linearize in buf. todo is in bytes
284 * After that copy, if we have a multiple of 4
285 * we need to be able to write all buf in one
286 * pass, so it is why we min() with rx_cnt
288 todo = min(rx_cnt * 4 - ob, ileft);
289 todo = min_t(size_t, todo, mi.length - oi);
290 memcpy(ss->buf + ob, mi.addr + oi, todo);
295 writesl(ss->base + SS_RXFIFO, ss->buf,
300 if (oi == mi.length) {
307 spaces = readl(ss->base + SS_FCSR);
308 rx_cnt = SS_RXFIFO_SPACES(spaces);
309 tx_cnt = SS_TXFIFO_SPACES(spaces);
313 sg_miter_start(&mo, areq->dst, sg_nents(areq->dst),
314 SG_MITER_TO_SG | SG_MITER_ATOMIC);
316 sg_miter_skip(&mo, po);
317 miter_err = sg_miter_next(&mo);
318 if (!miter_err || !mo.addr) {
319 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
323 /* todo in 4bytes word */
324 todo = min(tx_cnt, oleft / 4);
325 todo = min_t(size_t, todo, (mo.length - oo) / 4);
328 readsl(ss->base + SS_TXFIFO, mo.addr + oo, todo);
331 if (oo == mo.length) {
337 * read obl bytes in bufo, we read at maximum for
338 * emptying the device
340 readsl(ss->base + SS_TXFIFO, ss->bufo, tx_cnt);
345 * how many bytes we can copy ?
346 * no more than remaining SG size
347 * no more than remaining buffer
348 * no need to test against oleft
351 mo.length - oo, obl - obo);
352 memcpy(mo.addr + oo, ss->bufo + obo, todo);
356 if (oo == mo.length) {
362 /* bufo must be fully used here */
367 if (mode & SS_DECRYPTION) {
368 memcpy(areq->iv, backup_iv, ivsize);
369 kfree_sensitive(backup_iv);
371 scatterwalk_map_and_copy(areq->iv, areq->dst, areq->cryptlen - ivsize,
377 writel(0, ss->base + SS_CTL);
378 spin_unlock_irqrestore(&ss->slock, flags);
384 int sun4i_ss_cbc_aes_encrypt(struct skcipher_request *areq)
386 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
387 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
388 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
390 rctx->mode = SS_OP_AES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
392 return sun4i_ss_cipher_poll(areq);
395 int sun4i_ss_cbc_aes_decrypt(struct skcipher_request *areq)
397 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
398 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
399 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
401 rctx->mode = SS_OP_AES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
403 return sun4i_ss_cipher_poll(areq);
407 int sun4i_ss_ecb_aes_encrypt(struct skcipher_request *areq)
409 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
410 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
411 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
413 rctx->mode = SS_OP_AES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
415 return sun4i_ss_cipher_poll(areq);
418 int sun4i_ss_ecb_aes_decrypt(struct skcipher_request *areq)
420 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
421 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
422 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
424 rctx->mode = SS_OP_AES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
426 return sun4i_ss_cipher_poll(areq);
430 int sun4i_ss_cbc_des_encrypt(struct skcipher_request *areq)
432 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
433 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
434 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
436 rctx->mode = SS_OP_DES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
438 return sun4i_ss_cipher_poll(areq);
441 int sun4i_ss_cbc_des_decrypt(struct skcipher_request *areq)
443 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
444 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
445 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
447 rctx->mode = SS_OP_DES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
449 return sun4i_ss_cipher_poll(areq);
453 int sun4i_ss_ecb_des_encrypt(struct skcipher_request *areq)
455 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
456 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
457 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
459 rctx->mode = SS_OP_DES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
461 return sun4i_ss_cipher_poll(areq);
464 int sun4i_ss_ecb_des_decrypt(struct skcipher_request *areq)
466 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
467 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
468 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
470 rctx->mode = SS_OP_DES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
472 return sun4i_ss_cipher_poll(areq);
476 int sun4i_ss_cbc_des3_encrypt(struct skcipher_request *areq)
478 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
479 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
480 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
482 rctx->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
484 return sun4i_ss_cipher_poll(areq);
487 int sun4i_ss_cbc_des3_decrypt(struct skcipher_request *areq)
489 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
490 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
491 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
493 rctx->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
495 return sun4i_ss_cipher_poll(areq);
499 int sun4i_ss_ecb_des3_encrypt(struct skcipher_request *areq)
501 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
502 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
503 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
505 rctx->mode = SS_OP_3DES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
507 return sun4i_ss_cipher_poll(areq);
510 int sun4i_ss_ecb_des3_decrypt(struct skcipher_request *areq)
512 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
513 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
514 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
516 rctx->mode = SS_OP_3DES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
518 return sun4i_ss_cipher_poll(areq);
521 int sun4i_ss_cipher_init(struct crypto_tfm *tfm)
523 struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
524 struct sun4i_ss_alg_template *algt;
525 const char *name = crypto_tfm_alg_name(tfm);
528 memset(op, 0, sizeof(struct sun4i_tfm_ctx));
530 algt = container_of(tfm->__crt_alg, struct sun4i_ss_alg_template,
534 op->fallback_tfm = crypto_alloc_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK);
535 if (IS_ERR(op->fallback_tfm)) {
536 dev_err(op->ss->dev, "ERROR: Cannot allocate fallback for %s %ld\n",
537 name, PTR_ERR(op->fallback_tfm));
538 return PTR_ERR(op->fallback_tfm);
541 crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
542 sizeof(struct sun4i_cipher_req_ctx) +
543 crypto_skcipher_reqsize(op->fallback_tfm));
546 err = pm_runtime_get_sync(op->ss->dev);
552 crypto_free_skcipher(op->fallback_tfm);
556 void sun4i_ss_cipher_exit(struct crypto_tfm *tfm)
558 struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
560 crypto_free_skcipher(op->fallback_tfm);
561 pm_runtime_put(op->ss->dev);
564 /* check and set the AES key, prepare the mode to be used */
565 int sun4i_ss_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
568 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
569 struct sun4i_ss_ctx *ss = op->ss;
573 op->keymode = SS_AES_128BITS;
576 op->keymode = SS_AES_192BITS;
579 op->keymode = SS_AES_256BITS;
582 dev_dbg(ss->dev, "ERROR: Invalid keylen %u\n", keylen);
586 memcpy(op->key, key, keylen);
588 crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
589 crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
591 return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
594 /* check and set the DES key, prepare the mode to be used */
595 int sun4i_ss_des_setkey(struct crypto_skcipher *tfm, const u8 *key,
598 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
601 err = verify_skcipher_des_key(tfm, key);
606 memcpy(op->key, key, keylen);
608 crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
609 crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
611 return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
614 /* check and set the 3DES key, prepare the mode to be used */
615 int sun4i_ss_des3_setkey(struct crypto_skcipher *tfm, const u8 *key,
618 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
621 err = verify_skcipher_des3_key(tfm, key);
626 memcpy(op->key, key, keylen);
628 crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
629 crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
631 return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);