sun4i-ss-hash.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492
  1. /*
  2. * sun4i-ss-hash.c - hardware cryptographic accelerator for Allwinner A20 SoC
  3. *
  4. * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
  5. *
  6. * This file add support for MD5 and SHA1.
  7. *
  8. * You could find the datasheet in Documentation/arm/sunxi/README
  9. *
  10. * This program is free software; you can redistribute it and/or modify
  11. * it under the terms of the GNU General Public License as published by
  12. * the Free Software Foundation; either version 2 of the License, or
  13. * (at your option) any later version.
  14. */
  15. #include "sun4i-ss.h"
  16. #include <linux/scatterlist.h>
  17. /* This is a totally arbitrary value */
  18. #define SS_TIMEOUT 100
  19. int sun4i_hash_crainit(struct crypto_tfm *tfm)
  20. {
  21. crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
  22. sizeof(struct sun4i_req_ctx));
  23. return 0;
  24. }
  25. /* sun4i_hash_init: initialize request context */
  26. int sun4i_hash_init(struct ahash_request *areq)
  27. {
  28. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  29. struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
  30. struct ahash_alg *alg = __crypto_ahash_alg(tfm->base.__crt_alg);
  31. struct sun4i_ss_alg_template *algt;
  32. struct sun4i_ss_ctx *ss;
  33. memset(op, 0, sizeof(struct sun4i_req_ctx));
  34. algt = container_of(alg, struct sun4i_ss_alg_template, alg.hash);
  35. ss = algt->ss;
  36. op->ss = algt->ss;
  37. op->mode = algt->mode;
  38. return 0;
  39. }
  40. int sun4i_hash_export_md5(struct ahash_request *areq, void *out)
  41. {
  42. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  43. struct md5_state *octx = out;
  44. int i;
  45. octx->byte_count = op->byte_count + op->len;
  46. memcpy(octx->block, op->buf, op->len);
  47. if (op->byte_count > 0) {
  48. for (i = 0; i < 4; i++)
  49. octx->hash[i] = op->hash[i];
  50. } else {
  51. octx->hash[0] = SHA1_H0;
  52. octx->hash[1] = SHA1_H1;
  53. octx->hash[2] = SHA1_H2;
  54. octx->hash[3] = SHA1_H3;
  55. }
  56. return 0;
  57. }
  58. int sun4i_hash_import_md5(struct ahash_request *areq, const void *in)
  59. {
  60. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  61. const struct md5_state *ictx = in;
  62. int i;
  63. sun4i_hash_init(areq);
  64. op->byte_count = ictx->byte_count & ~0x3F;
  65. op->len = ictx->byte_count & 0x3F;
  66. memcpy(op->buf, ictx->block, op->len);
  67. for (i = 0; i < 4; i++)
  68. op->hash[i] = ictx->hash[i];
  69. return 0;
  70. }
  71. int sun4i_hash_export_sha1(struct ahash_request *areq, void *out)
  72. {
  73. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  74. struct sha1_state *octx = out;
  75. int i;
  76. octx->count = op->byte_count + op->len;
  77. memcpy(octx->buffer, op->buf, op->len);
  78. if (op->byte_count > 0) {
  79. for (i = 0; i < 5; i++)
  80. octx->state[i] = op->hash[i];
  81. } else {
  82. octx->state[0] = SHA1_H0;
  83. octx->state[1] = SHA1_H1;
  84. octx->state[2] = SHA1_H2;
  85. octx->state[3] = SHA1_H3;
  86. octx->state[4] = SHA1_H4;
  87. }
  88. return 0;
  89. }
  90. int sun4i_hash_import_sha1(struct ahash_request *areq, const void *in)
  91. {
  92. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  93. const struct sha1_state *ictx = in;
  94. int i;
  95. sun4i_hash_init(areq);
  96. op->byte_count = ictx->count & ~0x3F;
  97. op->len = ictx->count & 0x3F;
  98. memcpy(op->buf, ictx->buffer, op->len);
  99. for (i = 0; i < 5; i++)
  100. op->hash[i] = ictx->state[i];
  101. return 0;
  102. }
  103. /*
  104. * sun4i_hash_update: update hash engine
  105. *
  106. * Could be used for both SHA1 and MD5
  107. * Write data by step of 32bits and put then in the SS.
  108. *
  109. * Since we cannot leave partial data and hash state in the engine,
  110. * we need to get the hash state at the end of this function.
  111. * We can get the hash state every 64 bytes
  112. *
  113. * So the first work is to get the number of bytes to write to SS modulo 64
  114. * The extra bytes will go to a temporary buffer op->buf storing op->len bytes
  115. *
  116. * So at the begin of update()
  117. * if op->len + areq->nbytes < 64
  118. * => all data will be written to wait buffer (op->buf) and end=0
  119. * if not, write all data from op->buf to the device and position end to
  120. * complete to 64bytes
  121. *
  122. * example 1:
  123. * update1 60o => op->len=60
  124. * update2 60o => need one more word to have 64 bytes
  125. * end=4
  126. * so write all data from op->buf and one word of SGs
  127. * write remaining data in op->buf
  128. * final state op->len=56
  129. */
  130. int sun4i_hash_update(struct ahash_request *areq)
  131. {
  132. u32 v, ivmode = 0;
  133. unsigned int i = 0;
  134. /*
  135. * i is the total bytes read from SGs, to be compared to areq->nbytes
  136. * i is important because we cannot rely on SG length since the sum of
  137. * SG->length could be greater than areq->nbytes
  138. */
  139. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  140. struct sun4i_ss_ctx *ss = op->ss;
  141. struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
  142. unsigned int in_i = 0; /* advancement in the current SG */
  143. unsigned int end;
  144. /*
  145. * end is the position when we need to stop writing to the device,
  146. * to be compared to i
  147. */
  148. int in_r, err = 0;
  149. unsigned int todo;
  150. u32 spaces, rx_cnt = SS_RX_DEFAULT;
  151. size_t copied = 0;
  152. struct sg_mapping_iter mi;
  153. dev_dbg(ss->dev, "%s %s bc=%llu len=%u mode=%x wl=%u h0=%0x",
  154. __func__, crypto_tfm_alg_name(areq->base.tfm),
  155. op->byte_count, areq->nbytes, op->mode,
  156. op->len, op->hash[0]);
  157. if (areq->nbytes == 0)
  158. return 0;
  159. /* protect against overflow */
  160. if (areq->nbytes > UINT_MAX - op->len) {
  161. dev_err(ss->dev, "Cannot process too large request\n");
  162. return -EINVAL;
  163. }
  164. if (op->len + areq->nbytes < 64) {
  165. /* linearize data to op->buf */
  166. copied = sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
  167. op->buf + op->len, areq->nbytes, 0);
  168. op->len += copied;
  169. return 0;
  170. }
  171. end = ((areq->nbytes + op->len) / 64) * 64 - op->len;
  172. if (end > areq->nbytes || areq->nbytes - end > 63) {
  173. dev_err(ss->dev, "ERROR: Bound error %u %u\n",
  174. end, areq->nbytes);
  175. return -EINVAL;
  176. }
  177. spin_lock_bh(&ss->slock);
  178. /*
  179. * if some data have been processed before,
  180. * we need to restore the partial hash state
  181. */
  182. if (op->byte_count > 0) {
  183. ivmode = SS_IV_ARBITRARY;
  184. for (i = 0; i < 5; i++)
  185. writel(op->hash[i], ss->base + SS_IV0 + i * 4);
  186. }
  187. /* Enable the device */
  188. writel(op->mode | SS_ENABLED | ivmode, ss->base + SS_CTL);
  189. i = 0;
  190. sg_miter_start(&mi, areq->src, sg_nents(areq->src),
  191. SG_MITER_FROM_SG | SG_MITER_ATOMIC);
  192. sg_miter_next(&mi);
  193. in_i = 0;
  194. do {
  195. /*
  196. * we need to linearize in two case:
  197. * - the buffer is already used
  198. * - the SG does not have enough byte remaining ( < 4)
  199. */
  200. if (op->len > 0 || (mi.length - in_i) < 4) {
  201. /*
  202. * if we have entered here we have two reason to stop
  203. * - the buffer is full
  204. * - reach the end
  205. */
  206. while (op->len < 64 && i < end) {
  207. /* how many bytes we can read from current SG */
  208. in_r = min3(mi.length - in_i, end - i,
  209. 64 - op->len);
  210. memcpy(op->buf + op->len, mi.addr + in_i, in_r);
  211. op->len += in_r;
  212. i += in_r;
  213. in_i += in_r;
  214. if (in_i == mi.length) {
  215. sg_miter_next(&mi);
  216. in_i = 0;
  217. }
  218. }
  219. if (op->len > 3 && (op->len % 4) == 0) {
  220. /* write buf to the device */
  221. writesl(ss->base + SS_RXFIFO, op->buf,
  222. op->len / 4);
  223. op->byte_count += op->len;
  224. op->len = 0;
  225. }
  226. }
  227. if (mi.length - in_i > 3 && i < end) {
  228. /* how many bytes we can read from current SG */
  229. in_r = min3(mi.length - in_i, areq->nbytes - i,
  230. ((mi.length - in_i) / 4) * 4);
  231. /* how many bytes we can write in the device*/
  232. todo = min3((u32)(end - i) / 4, rx_cnt, (u32)in_r / 4);
  233. writesl(ss->base + SS_RXFIFO, mi.addr + in_i, todo);
  234. op->byte_count += todo * 4;
  235. i += todo * 4;
  236. in_i += todo * 4;
  237. rx_cnt -= todo;
  238. if (rx_cnt == 0) {
  239. spaces = readl(ss->base + SS_FCSR);
  240. rx_cnt = SS_RXFIFO_SPACES(spaces);
  241. }
  242. if (in_i == mi.length) {
  243. sg_miter_next(&mi);
  244. in_i = 0;
  245. }
  246. }
  247. } while (i < end);
  248. /* final linear */
  249. if ((areq->nbytes - i) < 64) {
  250. while (i < areq->nbytes && in_i < mi.length && op->len < 64) {
  251. /* how many bytes we can read from current SG */
  252. in_r = min3(mi.length - in_i, areq->nbytes - i,
  253. 64 - op->len);
  254. memcpy(op->buf + op->len, mi.addr + in_i, in_r);
  255. op->len += in_r;
  256. i += in_r;
  257. in_i += in_r;
  258. if (in_i == mi.length) {
  259. sg_miter_next(&mi);
  260. in_i = 0;
  261. }
  262. }
  263. }
  264. sg_miter_stop(&mi);
  265. writel(op->mode | SS_ENABLED | SS_DATA_END, ss->base + SS_CTL);
  266. i = 0;
  267. do {
  268. v = readl(ss->base + SS_CTL);
  269. i++;
  270. } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
  271. if (i >= SS_TIMEOUT) {
  272. dev_err_ratelimited(ss->dev,
  273. "ERROR: hash end timeout %d>%d ctl=%x len=%u\n",
  274. i, SS_TIMEOUT, v, areq->nbytes);
  275. err = -EIO;
  276. goto release_ss;
  277. }
  278. /* get the partial hash only if something was written */
  279. for (i = 0; i < crypto_ahash_digestsize(tfm) / 4; i++)
  280. op->hash[i] = readl(ss->base + SS_MD0 + i * 4);
  281. release_ss:
  282. writel(0, ss->base + SS_CTL);
  283. spin_unlock_bh(&ss->slock);
  284. return err;
  285. }
  286. /*
  287. * sun4i_hash_final: finalize hashing operation
  288. *
  289. * If we have some remaining bytes, we write them.
  290. * Then ask the SS for finalizing the hashing operation
  291. *
  292. * I do not check RX FIFO size in this function since the size is 32
  293. * after each enabling and this function neither write more than 32 words.
  294. */
  295. int sun4i_hash_final(struct ahash_request *areq)
  296. {
  297. u32 v, ivmode = 0;
  298. unsigned int i;
  299. unsigned int j = 0;
  300. int zeros, err = 0;
  301. unsigned int index, padlen;
  302. __be64 bits;
  303. struct sun4i_req_ctx *op = ahash_request_ctx(areq);
  304. struct sun4i_ss_ctx *ss = op->ss;
  305. struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
  306. u32 bf[32];
  307. u32 wb = 0;
  308. unsigned int nwait, nbw = 0;
  309. dev_dbg(ss->dev, "%s: byte=%llu len=%u mode=%x wl=%u h=%x",
  310. __func__, op->byte_count, areq->nbytes, op->mode,
  311. op->len, op->hash[0]);
  312. spin_lock_bh(&ss->slock);
  313. /*
  314. * if we have already written something,
  315. * restore the partial hash state
  316. */
  317. if (op->byte_count > 0) {
  318. ivmode = SS_IV_ARBITRARY;
  319. for (i = 0; i < crypto_ahash_digestsize(tfm) / 4; i++)
  320. writel(op->hash[i], ss->base + SS_IV0 + i * 4);
  321. }
  322. writel(op->mode | SS_ENABLED | ivmode, ss->base + SS_CTL);
  323. /* write the remaining words of the wait buffer */
  324. if (op->len > 0) {
  325. nwait = op->len / 4;
  326. if (nwait > 0) {
  327. writesl(ss->base + SS_RXFIFO, op->buf, nwait);
  328. op->byte_count += 4 * nwait;
  329. }
  330. nbw = op->len - 4 * nwait;
  331. wb = *(u32 *)(op->buf + nwait * 4);
  332. wb &= (0xFFFFFFFF >> (4 - nbw) * 8);
  333. }
  334. /* write the remaining bytes of the nbw buffer */
  335. if (nbw > 0) {
  336. wb |= ((1 << 7) << (nbw * 8));
  337. bf[j++] = wb;
  338. } else {
  339. bf[j++] = 1 << 7;
  340. }
  341. /*
  342. * number of space to pad to obtain 64o minus 8(size) minus 4 (final 1)
  343. * I take the operations from other MD5/SHA1 implementations
  344. */
  345. /* we have already send 4 more byte of which nbw data */
  346. if (op->mode == SS_OP_MD5) {
  347. index = (op->byte_count + 4) & 0x3f;
  348. op->byte_count += nbw;
  349. if (index > 56)
  350. zeros = (120 - index) / 4;
  351. else
  352. zeros = (56 - index) / 4;
  353. } else {
  354. op->byte_count += nbw;
  355. index = op->byte_count & 0x3f;
  356. padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
  357. zeros = (padlen - 1) / 4;
  358. }
  359. memset(bf + j, 0, 4 * zeros);
  360. j += zeros;
  361. /* write the length of data */
  362. if (op->mode == SS_OP_SHA1) {
  363. bits = cpu_to_be64(op->byte_count << 3);
  364. bf[j++] = bits & 0xffffffff;
  365. bf[j++] = (bits >> 32) & 0xffffffff;
  366. } else {
  367. bf[j++] = (op->byte_count << 3) & 0xffffffff;
  368. bf[j++] = (op->byte_count >> 29) & 0xffffffff;
  369. }
  370. writesl(ss->base + SS_RXFIFO, bf, j);
  371. /* Tell the SS to stop the hashing */
  372. writel(op->mode | SS_ENABLED | SS_DATA_END, ss->base + SS_CTL);
  373. /*
  374. * Wait for SS to finish the hash.
  375. * The timeout could happen only in case of bad overcloking
  376. * or driver bug.
  377. */
  378. i = 0;
  379. do {
  380. v = readl(ss->base + SS_CTL);
  381. i++;
  382. } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
  383. if (i >= SS_TIMEOUT) {
  384. dev_err_ratelimited(ss->dev,
  385. "ERROR: hash end timeout %d>%d ctl=%x len=%u\n",
  386. i, SS_TIMEOUT, v, areq->nbytes);
  387. err = -EIO;
  388. goto release_ss;
  389. }
  390. /* Get the hash from the device */
  391. if (op->mode == SS_OP_SHA1) {
  392. for (i = 0; i < 5; i++) {
  393. v = cpu_to_be32(readl(ss->base + SS_MD0 + i * 4));
  394. memcpy(areq->result + i * 4, &v, 4);
  395. }
  396. } else {
  397. for (i = 0; i < 4; i++) {
  398. v = readl(ss->base + SS_MD0 + i * 4);
  399. memcpy(areq->result + i * 4, &v, 4);
  400. }
  401. }
  402. release_ss:
  403. writel(0, ss->base + SS_CTL);
  404. spin_unlock_bh(&ss->slock);
  405. return err;
  406. }
  407. /* sun4i_hash_finup: finalize hashing operation after an update */
  408. int sun4i_hash_finup(struct ahash_request *areq)
  409. {
  410. int err;
  411. err = sun4i_hash_update(areq);
  412. if (err != 0)
  413. return err;
  414. return sun4i_hash_final(areq);
  415. }
  416. /* combo of init/update/final functions */
  417. int sun4i_hash_digest(struct ahash_request *areq)
  418. {
  419. int err;
  420. err = sun4i_hash_init(areq);
  421. if (err != 0)
  422. return err;
  423. err = sun4i_hash_update(areq);
  424. if (err != 0)
  425. return err;
  426. return sun4i_hash_final(areq);
  427. }