1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * sun4i-ss-cipher.c - hardware cryptographic accelerator for Allwinner A20 SoC
5 * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
7 * This file add support for AES cipher with 128,192,256 bits
8 * keysize in CBC and ECB mode.
9 * Add support also for DES and 3DES in CBC and ECB mode.
11 * You could find the datasheet in Documentation/arm/sunxi.rst
15 static int noinline_for_stack sun4i_ss_opti_poll(struct skcipher_request *areq)
17 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
18 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
19 struct sun4i_ss_ctx *ss = op->ss;
20 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
21 struct sun4i_cipher_req_ctx *ctx = skcipher_request_ctx(areq);
23 void *backup_iv = NULL;
24 /* when activating SS, the default FIFO space is SS_RX_DEFAULT(32) */
25 u32 rx_cnt = SS_RX_DEFAULT;
31 unsigned int ileft = areq->cryptlen;
32 unsigned int oleft = areq->cryptlen;
34 unsigned long pi = 0, po = 0; /* progress for in and out */
36 struct sg_mapping_iter mi, mo;
37 unsigned int oi, oo; /* offset for in and out */
39 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
40 struct sun4i_ss_alg_template *algt;
45 if (!areq->src || !areq->dst) {
46 dev_err_ratelimited(ss->dev, "ERROR: Some SGs are NULL\n");
50 if (areq->iv && ivsize > 0 && mode & SS_DECRYPTION) {
51 backup_iv = kzalloc(ivsize, GFP_KERNEL);
54 scatterwalk_map_and_copy(backup_iv, areq->src, areq->cryptlen - ivsize, ivsize, 0);
57 if (IS_ENABLED(CONFIG_CRYPTO_DEV_SUN4I_SS_DEBUG)) {
58 algt = container_of(alg, struct sun4i_ss_alg_template, alg.crypto);
60 algt->stat_bytes += areq->cryptlen;
63 spin_lock_irqsave(&ss->slock, flags);
65 for (i = 0; i < op->keylen / 4; i++)
66 writesl(ss->base + SS_KEY0 + i * 4, &op->key[i], 1);
69 for (i = 0; i < 4 && i < ivsize / 4; i++) {
70 v = *(u32 *)(areq->iv + i * 4);
71 writesl(ss->base + SS_IV0 + i * 4, &v, 1);
74 writel(mode, ss->base + SS_CTL);
77 ileft = areq->cryptlen / 4;
78 oleft = areq->cryptlen / 4;
83 sg_miter_start(&mi, areq->src, sg_nents(areq->src),
84 SG_MITER_FROM_SG | SG_MITER_ATOMIC);
86 sg_miter_skip(&mi, pi);
87 miter_err = sg_miter_next(&mi);
88 if (!miter_err || !mi.addr) {
89 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
93 todo = min(rx_cnt, ileft);
94 todo = min_t(size_t, todo, (mi.length - oi) / 4);
97 writesl(ss->base + SS_RXFIFO, mi.addr + oi, todo);
100 if (oi == mi.length) {
107 spaces = readl(ss->base + SS_FCSR);
108 rx_cnt = SS_RXFIFO_SPACES(spaces);
109 tx_cnt = SS_TXFIFO_SPACES(spaces);
111 sg_miter_start(&mo, areq->dst, sg_nents(areq->dst),
112 SG_MITER_TO_SG | SG_MITER_ATOMIC);
114 sg_miter_skip(&mo, po);
115 miter_err = sg_miter_next(&mo);
116 if (!miter_err || !mo.addr) {
117 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
121 todo = min(tx_cnt, oleft);
122 todo = min_t(size_t, todo, (mo.length - oo) / 4);
125 readsl(ss->base + SS_TXFIFO, mo.addr + oo, todo);
128 if (oo == mo.length) {
136 if (mode & SS_DECRYPTION) {
137 memcpy(areq->iv, backup_iv, ivsize);
138 kfree_sensitive(backup_iv);
140 scatterwalk_map_and_copy(areq->iv, areq->dst, areq->cryptlen - ivsize,
146 writel(0, ss->base + SS_CTL);
147 spin_unlock_irqrestore(&ss->slock, flags);
151 static int noinline_for_stack sun4i_ss_cipher_poll_fallback(struct skcipher_request *areq)
153 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
154 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
155 struct sun4i_cipher_req_ctx *ctx = skcipher_request_ctx(areq);
157 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
158 struct sun4i_ss_alg_template *algt;
160 if (IS_ENABLED(CONFIG_CRYPTO_DEV_SUN4I_SS_DEBUG)) {
161 algt = container_of(alg, struct sun4i_ss_alg_template, alg.crypto);
165 skcipher_request_set_tfm(&ctx->fallback_req, op->fallback_tfm);
166 skcipher_request_set_callback(&ctx->fallback_req, areq->base.flags,
167 areq->base.complete, areq->base.data);
168 skcipher_request_set_crypt(&ctx->fallback_req, areq->src, areq->dst,
169 areq->cryptlen, areq->iv);
170 if (ctx->mode & SS_DECRYPTION)
171 err = crypto_skcipher_decrypt(&ctx->fallback_req);
173 err = crypto_skcipher_encrypt(&ctx->fallback_req);
178 /* Generic function that support SG with size not multiple of 4 */
179 static int sun4i_ss_cipher_poll(struct skcipher_request *areq)
181 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
182 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
183 struct sun4i_ss_ctx *ss = op->ss;
185 struct scatterlist *in_sg = areq->src;
186 struct scatterlist *out_sg = areq->dst;
187 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
188 struct sun4i_cipher_req_ctx *ctx = skcipher_request_ctx(areq);
189 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
190 struct sun4i_ss_alg_template *algt;
191 u32 mode = ctx->mode;
192 /* when activating SS, the default FIFO space is SS_RX_DEFAULT(32) */
193 u32 rx_cnt = SS_RX_DEFAULT;
199 unsigned int ileft = areq->cryptlen;
200 unsigned int oleft = areq->cryptlen;
202 void *backup_iv = NULL;
203 struct sg_mapping_iter mi, mo;
204 unsigned long pi = 0, po = 0; /* progress for in and out */
206 unsigned int oi, oo; /* offset for in and out */
207 unsigned int ob = 0; /* offset in buf */
208 unsigned int obo = 0; /* offset in bufo*/
209 unsigned int obl = 0; /* length of data in bufo */
211 bool need_fallback = false;
216 if (!areq->src || !areq->dst) {
217 dev_err_ratelimited(ss->dev, "ERROR: Some SGs are NULL\n");
221 algt = container_of(alg, struct sun4i_ss_alg_template, alg.crypto);
222 if (areq->cryptlen % algt->alg.crypto.base.cra_blocksize)
223 need_fallback = true;
226 * if we have only SGs with size multiple of 4,
227 * we can use the SS optimized function
229 while (in_sg && no_chunk == 1) {
230 if ((in_sg->length | in_sg->offset) & 3u)
232 in_sg = sg_next(in_sg);
234 while (out_sg && no_chunk == 1) {
235 if ((out_sg->length | out_sg->offset) & 3u)
237 out_sg = sg_next(out_sg);
240 if (no_chunk == 1 && !need_fallback)
241 return sun4i_ss_opti_poll(areq);
244 return sun4i_ss_cipher_poll_fallback(areq);
246 if (areq->iv && ivsize > 0 && mode & SS_DECRYPTION) {
247 backup_iv = kzalloc(ivsize, GFP_KERNEL);
250 scatterwalk_map_and_copy(backup_iv, areq->src, areq->cryptlen - ivsize, ivsize, 0);
253 if (IS_ENABLED(CONFIG_CRYPTO_DEV_SUN4I_SS_DEBUG)) {
255 algt->stat_bytes += areq->cryptlen;
258 spin_lock_irqsave(&ss->slock, flags);
260 for (i = 0; i < op->keylen / 4; i++)
261 writesl(ss->base + SS_KEY0 + i * 4, &op->key[i], 1);
264 for (i = 0; i < 4 && i < ivsize / 4; i++) {
265 v = *(u32 *)(areq->iv + i * 4);
266 writesl(ss->base + SS_IV0 + i * 4, &v, 1);
269 writel(mode, ss->base + SS_CTL);
271 ileft = areq->cryptlen;
272 oleft = areq->cryptlen;
278 sg_miter_start(&mi, areq->src, sg_nents(areq->src),
279 SG_MITER_FROM_SG | SG_MITER_ATOMIC);
281 sg_miter_skip(&mi, pi);
282 miter_err = sg_miter_next(&mi);
283 if (!miter_err || !mi.addr) {
284 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
289 * todo is the number of consecutive 4byte word that we
290 * can read from current SG
292 todo = min(rx_cnt, ileft / 4);
293 todo = min_t(size_t, todo, (mi.length - oi) / 4);
295 writesl(ss->base + SS_RXFIFO, mi.addr + oi,
301 * not enough consecutive bytes, so we need to
302 * linearize in buf. todo is in bytes
303 * After that copy, if we have a multiple of 4
304 * we need to be able to write all buf in one
305 * pass, so it is why we min() with rx_cnt
307 todo = min(rx_cnt * 4 - ob, ileft);
308 todo = min_t(size_t, todo, mi.length - oi);
309 memcpy(ss->buf + ob, mi.addr + oi, todo);
314 writesl(ss->base + SS_RXFIFO, ss->buf,
319 if (oi == mi.length) {
326 spaces = readl(ss->base + SS_FCSR);
327 rx_cnt = SS_RXFIFO_SPACES(spaces);
328 tx_cnt = SS_TXFIFO_SPACES(spaces);
332 sg_miter_start(&mo, areq->dst, sg_nents(areq->dst),
333 SG_MITER_TO_SG | SG_MITER_ATOMIC);
335 sg_miter_skip(&mo, po);
336 miter_err = sg_miter_next(&mo);
337 if (!miter_err || !mo.addr) {
338 dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
342 /* todo in 4bytes word */
343 todo = min(tx_cnt, oleft / 4);
344 todo = min_t(size_t, todo, (mo.length - oo) / 4);
347 readsl(ss->base + SS_TXFIFO, mo.addr + oo, todo);
350 if (oo == mo.length) {
356 * read obl bytes in bufo, we read at maximum for
357 * emptying the device
359 readsl(ss->base + SS_TXFIFO, ss->bufo, tx_cnt);
364 * how many bytes we can copy ?
365 * no more than remaining SG size
366 * no more than remaining buffer
367 * no need to test against oleft
370 mo.length - oo, obl - obo);
371 memcpy(mo.addr + oo, ss->bufo + obo, todo);
375 if (oo == mo.length) {
381 /* bufo must be fully used here */
386 if (mode & SS_DECRYPTION) {
387 memcpy(areq->iv, backup_iv, ivsize);
388 kfree_sensitive(backup_iv);
390 scatterwalk_map_and_copy(areq->iv, areq->dst, areq->cryptlen - ivsize,
396 writel(0, ss->base + SS_CTL);
397 spin_unlock_irqrestore(&ss->slock, flags);
403 int sun4i_ss_cbc_aes_encrypt(struct skcipher_request *areq)
405 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
406 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
407 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
409 rctx->mode = SS_OP_AES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
411 return sun4i_ss_cipher_poll(areq);
414 int sun4i_ss_cbc_aes_decrypt(struct skcipher_request *areq)
416 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
417 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
418 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
420 rctx->mode = SS_OP_AES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
422 return sun4i_ss_cipher_poll(areq);
426 int sun4i_ss_ecb_aes_encrypt(struct skcipher_request *areq)
428 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
429 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
430 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
432 rctx->mode = SS_OP_AES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
434 return sun4i_ss_cipher_poll(areq);
437 int sun4i_ss_ecb_aes_decrypt(struct skcipher_request *areq)
439 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
440 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
441 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
443 rctx->mode = SS_OP_AES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
445 return sun4i_ss_cipher_poll(areq);
449 int sun4i_ss_cbc_des_encrypt(struct skcipher_request *areq)
451 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
452 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
453 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
455 rctx->mode = SS_OP_DES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
457 return sun4i_ss_cipher_poll(areq);
460 int sun4i_ss_cbc_des_decrypt(struct skcipher_request *areq)
462 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
463 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
464 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
466 rctx->mode = SS_OP_DES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
468 return sun4i_ss_cipher_poll(areq);
472 int sun4i_ss_ecb_des_encrypt(struct skcipher_request *areq)
474 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
475 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
476 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
478 rctx->mode = SS_OP_DES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
480 return sun4i_ss_cipher_poll(areq);
483 int sun4i_ss_ecb_des_decrypt(struct skcipher_request *areq)
485 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
486 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
487 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
489 rctx->mode = SS_OP_DES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
491 return sun4i_ss_cipher_poll(areq);
495 int sun4i_ss_cbc_des3_encrypt(struct skcipher_request *areq)
497 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
498 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
499 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
501 rctx->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
503 return sun4i_ss_cipher_poll(areq);
506 int sun4i_ss_cbc_des3_decrypt(struct skcipher_request *areq)
508 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
509 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
510 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
512 rctx->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
514 return sun4i_ss_cipher_poll(areq);
518 int sun4i_ss_ecb_des3_encrypt(struct skcipher_request *areq)
520 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
521 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
522 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
524 rctx->mode = SS_OP_3DES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
526 return sun4i_ss_cipher_poll(areq);
529 int sun4i_ss_ecb_des3_decrypt(struct skcipher_request *areq)
531 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
532 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
533 struct sun4i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
535 rctx->mode = SS_OP_3DES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
537 return sun4i_ss_cipher_poll(areq);
540 int sun4i_ss_cipher_init(struct crypto_tfm *tfm)
542 struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
543 struct sun4i_ss_alg_template *algt;
544 const char *name = crypto_tfm_alg_name(tfm);
547 memset(op, 0, sizeof(struct sun4i_tfm_ctx));
549 algt = container_of(tfm->__crt_alg, struct sun4i_ss_alg_template,
553 op->fallback_tfm = crypto_alloc_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK);
554 if (IS_ERR(op->fallback_tfm)) {
555 dev_err(op->ss->dev, "ERROR: Cannot allocate fallback for %s %ld\n",
556 name, PTR_ERR(op->fallback_tfm));
557 return PTR_ERR(op->fallback_tfm);
560 crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm),
561 sizeof(struct sun4i_cipher_req_ctx) +
562 crypto_skcipher_reqsize(op->fallback_tfm));
564 err = pm_runtime_resume_and_get(op->ss->dev);
570 crypto_free_skcipher(op->fallback_tfm);
574 void sun4i_ss_cipher_exit(struct crypto_tfm *tfm)
576 struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
578 crypto_free_skcipher(op->fallback_tfm);
579 pm_runtime_put(op->ss->dev);
582 /* check and set the AES key, prepare the mode to be used */
583 int sun4i_ss_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
586 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
587 struct sun4i_ss_ctx *ss = op->ss;
591 op->keymode = SS_AES_128BITS;
594 op->keymode = SS_AES_192BITS;
597 op->keymode = SS_AES_256BITS;
600 dev_dbg(ss->dev, "ERROR: Invalid keylen %u\n", keylen);
604 memcpy(op->key, key, keylen);
606 crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
607 crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
609 return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
612 /* check and set the DES key, prepare the mode to be used */
613 int sun4i_ss_des_setkey(struct crypto_skcipher *tfm, const u8 *key,
616 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
619 err = verify_skcipher_des_key(tfm, key);
624 memcpy(op->key, key, keylen);
626 crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
627 crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
629 return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
632 /* check and set the 3DES key, prepare the mode to be used */
633 int sun4i_ss_des3_setkey(struct crypto_skcipher *tfm, const u8 *key,
636 struct sun4i_tfm_ctx *op = crypto_skcipher_ctx(tfm);
639 err = verify_skcipher_des3_key(tfm, key);
644 memcpy(op->key, key, keylen);
646 crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
647 crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
649 return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);