1 diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
2 index 03ccdb0..a2acda4 100644
3 --- a/drivers/crypto/Kconfig
4 +++ b/drivers/crypto/Kconfig
5 @@ -418,4 +418,21 @@ config CRYPTO_DEV_MXS_DCP
6 To compile this driver as a module, choose M here: the module
7 will be called mxs-dcp.
9 +config CRYPTO_DEV_SUNXI_SS
10 + tristate "Support for Allwinner Security System cryptographic accelerator"
11 + depends on ARCH_SUNXI
16 + select CRYPTO_BLKCIPHER
18 + Some Allwinner SoC have a crypto accelerator named
19 + Security System. Select this if you want to use it.
20 + The Security System handle AES/DES/3DES ciphers in CBC mode
21 + and SHA1 and MD5 hash algorithms.
23 + To compile this driver as a module, choose M here: the module
24 + will be called sunxi-ss.
27 diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
28 index 482f090..855292a 100644
29 --- a/drivers/crypto/Makefile
30 +++ b/drivers/crypto/Makefile
31 @@ -23,3 +23,4 @@ obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o
32 obj-$(CONFIG_CRYPTO_DEV_SAHARA) += sahara.o
33 obj-$(CONFIG_CRYPTO_DEV_TALITOS) += talitos.o
34 obj-$(CONFIG_CRYPTO_DEV_UX500) += ux500/
35 +obj-$(CONFIG_CRYPTO_DEV_SUNXI_SS) += sunxi-ss/
36 diff --git a/drivers/crypto/sunxi-ss/Makefile b/drivers/crypto/sunxi-ss/Makefile
38 index 0000000..8bb287d
40 +++ b/drivers/crypto/sunxi-ss/Makefile
42 +obj-$(CONFIG_CRYPTO_DEV_SUNXI_SS) += sunxi-ss.o
43 +sunxi-ss-y += sunxi-ss-core.o sunxi-ss-hash.o sunxi-ss-cipher.o
44 diff --git a/drivers/crypto/sunxi-ss/sunxi-ss-cipher.c b/drivers/crypto/sunxi-ss/sunxi-ss-cipher.c
46 index 0000000..c2422f7
48 +++ b/drivers/crypto/sunxi-ss/sunxi-ss-cipher.c
51 + * sunxi-ss-cipher.c - hardware cryptographic accelerator for Allwinner A20 SoC
53 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
55 + * This file add support for AES cipher with 128,192,256 bits
56 + * keysize in CBC mode.
58 + * You could find the datasheet at
59 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
61 + * This program is free software; you can redistribute it and/or modify
62 + * it under the terms of the GNU General Public License as published by
63 + * the Free Software Foundation; either version 2 of the License, or
64 + * (at your option) any later version.
66 +#include "sunxi-ss.h"
68 +extern struct sunxi_ss_ctx *ss;
70 +static int sunxi_ss_cipher(struct ablkcipher_request *areq, u32 mode)
72 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
73 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
74 + const char *cipher_type;
76 + cipher_type = crypto_tfm_alg_name(crypto_ablkcipher_tfm(tfm));
78 + if (areq->nbytes == 0) {
79 + mutex_unlock(&ss->lock);
83 + if (areq->info == NULL) {
84 + dev_err(ss->dev, "ERROR: Empty IV\n");
85 + mutex_unlock(&ss->lock);
89 + if (areq->src == NULL || areq->dst == NULL) {
90 + dev_err(ss->dev, "ERROR: Some SGs are NULL\n");
91 + mutex_unlock(&ss->lock);
95 + if (strcmp("cbc(aes)", cipher_type) == 0) {
96 + op->mode |= SS_OP_AES | SS_CBC | SS_ENABLED | mode;
97 + return sunxi_ss_aes_poll(areq);
99 + if (strcmp("cbc(des)", cipher_type) == 0) {
100 + op->mode = SS_OP_DES | SS_CBC | SS_ENABLED | mode;
101 + return sunxi_ss_des_poll(areq);
103 + if (strcmp("cbc(des3_ede)", cipher_type) == 0) {
104 + op->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | mode;
105 + return sunxi_ss_des_poll(areq);
107 + dev_err(ss->dev, "ERROR: Cipher %s not handled\n", cipher_type);
108 + mutex_unlock(&ss->lock);
112 +int sunxi_ss_cipher_encrypt(struct ablkcipher_request *areq)
114 + return sunxi_ss_cipher(areq, SS_ENCRYPTION);
117 +int sunxi_ss_cipher_decrypt(struct ablkcipher_request *areq)
119 + return sunxi_ss_cipher(areq, SS_DECRYPTION);
122 +int sunxi_ss_cipher_init(struct crypto_tfm *tfm)
124 + struct sunxi_req_ctx *op = crypto_tfm_ctx(tfm);
126 + mutex_lock(&ss->lock);
128 + memset(op, 0, sizeof(struct sunxi_req_ctx));
132 +int sunxi_ss_aes_poll(struct ablkcipher_request *areq)
135 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
136 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
137 + unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
138 + /* when activating SS, the default FIFO space is 32 */
143 + struct scatterlist *in_sg;
144 + struct scatterlist *out_sg;
147 + unsigned int ileft = areq->nbytes;
148 + unsigned int oleft = areq->nbytes;
149 + unsigned int sgileft = areq->src->length;
150 + unsigned int sgoleft = areq->dst->length;
156 + out_sg = areq->dst;
157 + for (i = 0; i < op->keylen; i += 4)
158 + writel(*(op->key + i/4), ss->base + SS_KEY0 + i);
159 + if (areq->info != NULL) {
160 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
161 + v = *(u32 *)(areq->info + i * 4);
162 + writel(v, ss->base + SS_IV0 + i * 4);
165 + writel(op->mode, ss->base + SS_CTL);
167 + /* If we have only one SG, we can use kmap_atomic */
168 + if (sg_next(in_sg) == NULL && sg_next(out_sg) == NULL) {
169 + src_addr = kmap_atomic(sg_page(in_sg)) + in_sg->offset;
170 + if (src_addr == NULL) {
171 + dev_err(ss->dev, "kmap_atomic error for src SG\n");
172 + writel(0, ss->base + SS_CTL);
173 + mutex_unlock(&ss->lock);
176 + dst_addr = kmap_atomic(sg_page(out_sg)) + out_sg->offset;
177 + if (dst_addr == NULL) {
178 + dev_err(ss->dev, "kmap_atomic error for dst SG\n");
179 + writel(0, ss->base + SS_CTL);
180 + kunmap_atomic(src_addr);
181 + mutex_unlock(&ss->lock);
184 + src32 = (u32 *)src_addr;
185 + dst32 = (u32 *)dst_addr;
186 + ileft = areq->nbytes / 4;
187 + oleft = areq->nbytes / 4;
190 + if (ileft > 0 && rx_cnt > 0) {
191 + todo = min(rx_cnt, ileft);
194 + writel_relaxed(*src32++,
198 + } while (todo > 0);
201 + todo = min(tx_cnt, oleft);
204 + *dst32++ = readl_relaxed(ss->base +
207 + } while (todo > 0);
209 + spaces = readl_relaxed(ss->base + SS_FCSR);
210 + rx_cnt = SS_RXFIFO_SPACES(spaces);
211 + tx_cnt = SS_TXFIFO_SPACES(spaces);
212 + } while (oleft > 0);
213 + writel(0, ss->base + SS_CTL);
214 + kunmap_atomic(src_addr);
215 + kunmap_atomic(dst_addr);
216 + mutex_unlock(&ss->lock);
220 + /* If we have more than one SG, we cannot use kmap_atomic since
221 + * we hold the mapping too long
223 + src_addr = kmap(sg_page(in_sg)) + in_sg->offset;
224 + if (src_addr == NULL) {
225 + dev_err(ss->dev, "KMAP error for src SG\n");
226 + mutex_unlock(&ss->lock);
229 + dst_addr = kmap(sg_page(out_sg)) + out_sg->offset;
230 + if (dst_addr == NULL) {
231 + kunmap(sg_page(in_sg));
232 + dev_err(ss->dev, "KMAP error for dst SG\n");
233 + mutex_unlock(&ss->lock);
236 + src32 = (u32 *)src_addr;
237 + dst32 = (u32 *)dst_addr;
238 + ileft = areq->nbytes / 4;
239 + oleft = areq->nbytes / 4;
240 + sgileft = in_sg->length / 4;
241 + sgoleft = out_sg->length / 4;
243 + spaces = readl_relaxed(ss->base + SS_FCSR);
244 + rx_cnt = SS_RXFIFO_SPACES(spaces);
245 + tx_cnt = SS_TXFIFO_SPACES(spaces);
246 + todo = min3(rx_cnt, ileft, sgileft);
252 + writel_relaxed(*src32++, ss->base + SS_RXFIFO);
255 + if (in_sg != NULL && sgileft == 0 && ileft > 0) {
256 + kunmap(sg_page(in_sg));
257 + in_sg = sg_next(in_sg);
258 + while (in_sg != NULL && in_sg->length == 0)
259 + in_sg = sg_next(in_sg);
260 + if (in_sg != NULL && ileft > 0) {
261 + src_addr = kmap(sg_page(in_sg)) + in_sg->offset;
262 + if (src_addr == NULL) {
263 + dev_err(ss->dev, "ERROR: KMAP for src SG\n");
264 + mutex_unlock(&ss->lock);
268 + sgileft = in_sg->length / 4;
271 + /* do not test oleft since when oleft == 0 we have finished */
272 + todo = min3(tx_cnt, oleft, sgoleft);
278 + *dst32++ = readl_relaxed(ss->base + SS_TXFIFO);
281 + if (out_sg != NULL && sgoleft == 0 && oleft >= 0) {
282 + kunmap(sg_page(out_sg));
283 + out_sg = sg_next(out_sg);
284 + while (out_sg != NULL && out_sg->length == 0)
285 + out_sg = sg_next(out_sg);
286 + if (out_sg != NULL && oleft > 0) {
287 + dst_addr = kmap(sg_page(out_sg)) +
289 + if (dst_addr == NULL) {
290 + dev_err(ss->dev, "KMAP error\n");
291 + mutex_unlock(&ss->lock);
295 + sgoleft = out_sg->length / 4;
298 + } while (oleft > 0);
300 + writel(0, ss->base + SS_CTL);
301 + mutex_unlock(&ss->lock);
305 +/* Pure CPU way of doing DES/3DES with SS
306 + * Since DES and 3DES SGs could be smaller than 4 bytes, I use sg_copy_to_buffer
307 + * for "linearize" them.
308 + * The problem with that is that I alloc (2 x areq->nbytes) for buf_in/buf_out
309 + * TODO: change this system
310 + * SGsrc -> buf_in -> SS -> buf_out -> SGdst */
311 +int sunxi_ss_des_poll(struct ablkcipher_request *areq)
314 + size_t nb_in_sg_tx, nb_in_sg_rx;
316 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
317 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
318 + unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
325 + /* if we have only SGs with size multiple of 4,
326 + * we can use the SS AES function */
327 + struct scatterlist *in_sg;
328 + struct scatterlist *out_sg;
331 + out_sg = areq->dst;
333 + while (in_sg != NULL && no_chunk == 1) {
334 + if ((in_sg->length % 4) != 0)
336 + in_sg = sg_next(in_sg);
338 + while (out_sg != NULL && no_chunk == 1) {
339 + if ((out_sg->length % 4) != 0)
341 + out_sg = sg_next(out_sg);
345 + return sunxi_ss_aes_poll(areq);
347 + out_sg = areq->dst;
349 + nb_in_sg_rx = sg_nents(in_sg);
350 + nb_in_sg_tx = sg_nents(out_sg);
352 + mutex_lock(&ss->bufin_lock);
353 + if (ss->buf_in == NULL) {
354 + ss->buf_in = kmalloc(areq->nbytes, GFP_KERNEL);
355 + ss->buf_in_size = areq->nbytes;
357 + if (areq->nbytes > ss->buf_in_size) {
359 + ss->buf_in = kmalloc(areq->nbytes, GFP_KERNEL);
360 + ss->buf_in_size = areq->nbytes;
363 + if (ss->buf_in == NULL) {
364 + ss->buf_in_size = 0;
365 + mutex_unlock(&ss->bufin_lock);
366 + dev_err(ss->dev, "Unable to allocate pages.\n");
369 + if (ss->buf_out == NULL) {
370 + mutex_lock(&ss->bufout_lock);
371 + ss->buf_out = kmalloc(areq->nbytes, GFP_KERNEL);
372 + if (ss->buf_out == NULL) {
373 + ss->buf_out_size = 0;
374 + mutex_unlock(&ss->bufout_lock);
375 + dev_err(ss->dev, "Unable to allocate pages.\n");
378 + ss->buf_out_size = areq->nbytes;
379 + mutex_unlock(&ss->bufout_lock);
381 + if (areq->nbytes > ss->buf_out_size) {
382 + mutex_lock(&ss->bufout_lock);
383 + kfree(ss->buf_out);
384 + ss->buf_out = kmalloc(areq->nbytes, GFP_KERNEL);
385 + if (ss->buf_out == NULL) {
386 + ss->buf_out_size = 0;
387 + mutex_unlock(&ss->bufout_lock);
388 + dev_err(ss->dev, "Unable to allocate pages.\n");
391 + ss->buf_out_size = areq->nbytes;
392 + mutex_unlock(&ss->bufout_lock);
396 + sg_copy_to_buffer(areq->src, nb_in_sg_rx, ss->buf_in, areq->nbytes);
401 + for (i = 0; i < op->keylen; i += 4)
402 + writel(*(op->key + i/4), ss->base + SS_KEY0 + i);
403 + if (areq->info != NULL) {
404 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
405 + v = *(u32 *)(areq->info + i * 4);
406 + writel(v, ss->base + SS_IV0 + i * 4);
409 + writel(op->mode, ss->base + SS_CTL);
412 + if (rx_cnt == 0 || tx_cnt == 0) {
413 + spaces = readl(ss->base + SS_FCSR);
414 + rx_cnt = SS_RXFIFO_SPACES(spaces);
415 + tx_cnt = SS_TXFIFO_SPACES(spaces);
417 + if (rx_cnt > 0 && ir < areq->nbytes) {
419 + value = *(u32 *)(ss->buf_in + ir);
420 + writel(value, ss->base + SS_RXFIFO);
423 + } while (rx_cnt > 0 && ir < areq->nbytes);
425 + if (tx_cnt > 0 && it < areq->nbytes) {
427 + value = readl(ss->base + SS_TXFIFO);
428 + *(u32 *)(ss->buf_out + it) = value;
431 + } while (tx_cnt > 0 && it < areq->nbytes);
433 + if (ir == areq->nbytes) {
434 + mutex_unlock(&ss->bufin_lock);
437 + } while (it < areq->nbytes);
439 + writel(0, ss->base + SS_CTL);
440 + mutex_unlock(&ss->lock);
442 + /* a simple optimization, since we dont need the hardware for this copy
443 + * we release the lock and do the copy. With that we gain 5/10% perf */
444 + mutex_lock(&ss->bufout_lock);
445 + sg_copy_from_buffer(areq->dst, nb_in_sg_tx, ss->buf_out, areq->nbytes);
447 + mutex_unlock(&ss->bufout_lock);
451 +/* check and set the AES key, prepare the mode to be used */
452 +int sunxi_ss_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
453 + unsigned int keylen)
455 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
459 + op->mode = SS_AES_128BITS;
462 + op->mode = SS_AES_192BITS;
465 + op->mode = SS_AES_256BITS;
468 + dev_err(ss->dev, "ERROR: Invalid keylen %u\n", keylen);
469 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
470 + mutex_unlock(&ss->lock);
473 + op->keylen = keylen;
474 + memcpy(op->key, key, keylen);
478 +/* check and set the DES key, prepare the mode to be used */
479 +int sunxi_ss_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
480 + unsigned int keylen)
482 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
484 + if (keylen != DES_KEY_SIZE) {
485 + dev_err(ss->dev, "Invalid keylen %u\n", keylen);
486 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
487 + mutex_unlock(&ss->lock);
490 + op->keylen = keylen;
491 + memcpy(op->key, key, keylen);
495 +/* check and set the 3DES key, prepare the mode to be used */
496 +int sunxi_ss_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
497 + unsigned int keylen)
499 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
501 + if (keylen != 3 * DES_KEY_SIZE) {
502 + dev_err(ss->dev, "Invalid keylen %u\n", keylen);
503 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
504 + mutex_unlock(&ss->lock);
507 + op->keylen = keylen;
508 + memcpy(op->key, key, keylen);
511 diff --git a/drivers/crypto/sunxi-ss/sunxi-ss-core.c b/drivers/crypto/sunxi-ss/sunxi-ss-core.c
513 index 0000000..c76016e
515 +++ b/drivers/crypto/sunxi-ss/sunxi-ss-core.c
518 + * sunxi-ss.c - hardware cryptographic accelerator for Allwinner A20 SoC
520 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
522 + * Core file which registers crypto algorithms supported by the SS.
524 + * You could find the datasheet at
525 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
528 + * This program is free software; you can redistribute it and/or modify
529 + * it under the terms of the GNU General Public License as published by
530 + * the Free Software Foundation; either version 2 of the License, or
531 + * (at your option) any later version.
533 +#include <linux/clk.h>
534 +#include <linux/crypto.h>
535 +#include <linux/io.h>
536 +#include <linux/module.h>
537 +#include <linux/of.h>
538 +#include <linux/platform_device.h>
539 +#include <crypto/scatterwalk.h>
540 +#include <linux/scatterlist.h>
541 +#include <linux/interrupt.h>
542 +#include <linux/delay.h>
544 +#include "sunxi-ss.h"
546 +struct sunxi_ss_ctx *ss;
549 + * I cannot use a key/IV cache because each time one of these change ALL stuff
550 + * need to be re-writed (rewrite SS_KEYX ans SS_IVX).
551 + * And for example, with dm-crypt IV changes on each request.
553 + * After each request the device must be disabled with a write of 0 in SS_CTL
555 + * For performance reason, we use writel_relaxed/read_relaxed for all
556 + * operations on RX and TX FIFO and also SS_FCSR.
557 + * For all other registers, we use writel/readl.
558 + * See http://permalink.gmane.org/gmane.linux.ports.arm.kernel/117644
559 + * and http://permalink.gmane.org/gmane.linux.ports.arm.kernel/117640
562 +static struct ahash_alg sunxi_md5_alg = {
563 + .init = sunxi_hash_init,
564 + .update = sunxi_hash_update,
565 + .final = sunxi_hash_final,
566 + .finup = sunxi_hash_finup,
567 + .digest = sunxi_hash_digest,
569 + .digestsize = MD5_DIGEST_SIZE,
572 + .cra_driver_name = "md5-sunxi-ss",
573 + .cra_priority = 300,
574 + .cra_alignmask = 3,
575 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
576 + .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
577 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
578 + .cra_module = THIS_MODULE,
579 + .cra_type = &crypto_ahash_type
583 +static struct ahash_alg sunxi_sha1_alg = {
584 + .init = sunxi_hash_init,
585 + .update = sunxi_hash_update,
586 + .final = sunxi_hash_final,
587 + .finup = sunxi_hash_finup,
588 + .digest = sunxi_hash_digest,
590 + .digestsize = SHA1_DIGEST_SIZE,
592 + .cra_name = "sha1",
593 + .cra_driver_name = "sha1-sunxi-ss",
594 + .cra_priority = 300,
595 + .cra_alignmask = 3,
596 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
597 + .cra_blocksize = SHA1_BLOCK_SIZE,
598 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
599 + .cra_module = THIS_MODULE,
600 + .cra_type = &crypto_ahash_type
605 +static struct crypto_alg sunxi_cipher_algs[] = {
607 + .cra_name = "cbc(aes)",
608 + .cra_driver_name = "cbc-aes-sunxi-ss",
609 + .cra_priority = 300,
610 + .cra_blocksize = AES_BLOCK_SIZE,
611 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
612 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
613 + .cra_module = THIS_MODULE,
614 + .cra_alignmask = 3,
615 + .cra_type = &crypto_ablkcipher_type,
616 + .cra_init = sunxi_ss_cipher_init,
619 + .min_keysize = AES_MIN_KEY_SIZE,
620 + .max_keysize = AES_MAX_KEY_SIZE,
621 + .ivsize = AES_BLOCK_SIZE,
622 + .setkey = sunxi_ss_aes_setkey,
623 + .encrypt = sunxi_ss_cipher_encrypt,
624 + .decrypt = sunxi_ss_cipher_decrypt,
628 + .cra_name = "cbc(des)",
629 + .cra_driver_name = "cbc-des-sunxi-ss",
630 + .cra_priority = 300,
631 + .cra_blocksize = DES_BLOCK_SIZE,
632 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
633 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
634 + .cra_module = THIS_MODULE,
635 + .cra_alignmask = 3,
636 + .cra_type = &crypto_ablkcipher_type,
637 + .cra_init = sunxi_ss_cipher_init,
638 + .cra_u.ablkcipher = {
639 + .min_keysize = DES_KEY_SIZE,
640 + .max_keysize = DES_KEY_SIZE,
641 + .ivsize = DES_BLOCK_SIZE,
642 + .setkey = sunxi_ss_des_setkey,
643 + .encrypt = sunxi_ss_cipher_encrypt,
644 + .decrypt = sunxi_ss_cipher_decrypt,
647 + .cra_name = "cbc(des3_ede)",
648 + .cra_driver_name = "cbc-des3-sunxi-ss",
649 + .cra_priority = 300,
650 + .cra_blocksize = DES3_EDE_BLOCK_SIZE,
651 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
652 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
653 + .cra_module = THIS_MODULE,
654 + .cra_alignmask = 3,
655 + .cra_type = &crypto_ablkcipher_type,
656 + .cra_init = sunxi_ss_cipher_init,
657 + .cra_u.ablkcipher = {
658 + .min_keysize = DES3_EDE_KEY_SIZE,
659 + .max_keysize = DES3_EDE_KEY_SIZE,
660 + .ivsize = DES3_EDE_BLOCK_SIZE,
661 + .setkey = sunxi_ss_des3_setkey,
662 + .encrypt = sunxi_ss_cipher_encrypt,
663 + .decrypt = sunxi_ss_cipher_decrypt,
668 +static int sunxi_ss_probe(struct platform_device *pdev)
670 + struct resource *res;
674 + const unsigned long cr_ahb = 24 * 1000 * 1000;
675 + const unsigned long cr_mod = 150 * 1000 * 1000;
677 + if (!pdev->dev.of_node)
680 + ss = devm_kzalloc(&pdev->dev, sizeof(*ss), GFP_KERNEL);
684 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
685 + ss->base = devm_ioremap_resource(&pdev->dev, res);
686 + if (IS_ERR(ss->base)) {
687 + dev_err(&pdev->dev, "Cannot request MMIO\n");
688 + return PTR_ERR(ss->base);
691 + ss->ssclk = devm_clk_get(&pdev->dev, "mod");
692 + if (IS_ERR(ss->ssclk)) {
693 + err = PTR_ERR(ss->ssclk);
694 + dev_err(&pdev->dev, "Cannot get SS clock err=%d\n", err);
697 + dev_dbg(&pdev->dev, "clock ss acquired\n");
699 + ss->busclk = devm_clk_get(&pdev->dev, "ahb");
700 + if (IS_ERR(ss->busclk)) {
701 + err = PTR_ERR(ss->busclk);
702 + dev_err(&pdev->dev, "Cannot get AHB SS clock err=%d\n", err);
705 + dev_dbg(&pdev->dev, "clock ahb_ss acquired\n");
707 + /* Enable the clocks */
708 + err = clk_prepare_enable(ss->busclk);
710 + dev_err(&pdev->dev, "Cannot prepare_enable busclk\n");
713 + err = clk_prepare_enable(ss->ssclk);
715 + dev_err(&pdev->dev, "Cannot prepare_enable ssclk\n");
716 + clk_disable_unprepare(ss->busclk);
720 + /* Check that clock have the correct rates gived in the datasheet */
721 + /* Try to set the clock to the maximum allowed */
722 + err = clk_set_rate(ss->ssclk, cr_mod);
724 + dev_err(&pdev->dev, "Cannot set clock rate to ssclk\n");
725 + clk_disable_unprepare(ss->ssclk);
726 + clk_disable_unprepare(ss->busclk);
729 + cr = clk_get_rate(ss->busclk);
731 + dev_dbg(&pdev->dev, "Clock bus %lu (%lu MHz) (must be >= %lu)\n",
732 + cr, cr / 1000000, cr_ahb);
734 + dev_warn(&pdev->dev, "Clock bus %lu (%lu MHz) (must be >= %lu)\n",
735 + cr, cr / 1000000, cr_ahb);
736 + cr = clk_get_rate(ss->ssclk);
738 + dev_dbg(&pdev->dev, "Clock ss %lu (%lu MHz) (must be <= %lu)\n",
739 + cr, cr / 1000000, cr_mod);
741 + dev_warn(&pdev->dev, "Clock ss is at %lu (%lu MHz) (must be <= %lu)\n",
742 + cr, cr / 1000000, cr_mod);
745 + /* TODO Does this information could be usefull ? */
746 + writel(SS_ENABLED, ss->base + SS_CTL);
747 + v = readl(ss->base + SS_CTL);
750 + dev_info(&pdev->dev, "Die ID %d\n", v);
751 + writel(0, ss->base + SS_CTL);
753 + ss->dev = &pdev->dev;
755 + mutex_init(&ss->lock);
756 + mutex_init(&ss->bufin_lock);
757 + mutex_init(&ss->bufout_lock);
759 + err = crypto_register_ahash(&sunxi_md5_alg);
762 + err = crypto_register_ahash(&sunxi_sha1_alg);
765 + err = crypto_register_algs(sunxi_cipher_algs,
766 + ARRAY_SIZE(sunxi_cipher_algs));
768 + goto error_ciphers;
772 + crypto_unregister_ahash(&sunxi_sha1_alg);
774 + crypto_unregister_ahash(&sunxi_md5_alg);
776 + clk_disable_unprepare(ss->ssclk);
777 + clk_disable_unprepare(ss->busclk);
781 +static int __exit sunxi_ss_remove(struct platform_device *pdev)
783 + if (!pdev->dev.of_node)
786 + crypto_unregister_ahash(&sunxi_md5_alg);
787 + crypto_unregister_ahash(&sunxi_sha1_alg);
788 + crypto_unregister_algs(sunxi_cipher_algs,
789 + ARRAY_SIZE(sunxi_cipher_algs));
791 + if (ss->buf_in != NULL)
793 + if (ss->buf_out != NULL)
794 + kfree(ss->buf_out);
796 + writel(0, ss->base + SS_CTL);
797 + clk_disable_unprepare(ss->busclk);
798 + clk_disable_unprepare(ss->ssclk);
802 +/*============================================================================*/
803 +/*============================================================================*/
804 +static const struct of_device_id a20ss_crypto_of_match_table[] = {
805 + { .compatible = "allwinner,sun7i-a20-crypto" },
808 +MODULE_DEVICE_TABLE(of, a20ss_crypto_of_match_table);
810 +static struct platform_driver sunxi_ss_driver = {
811 + .probe = sunxi_ss_probe,
812 + .remove = __exit_p(sunxi_ss_remove),
814 + .owner = THIS_MODULE,
815 + .name = "sunxi-ss",
816 + .of_match_table = a20ss_crypto_of_match_table,
820 +module_platform_driver(sunxi_ss_driver);
822 +MODULE_DESCRIPTION("Allwinner Security System cryptographic accelerator");
823 +MODULE_LICENSE("GPL");
824 +MODULE_AUTHOR("Corentin LABBE <clabbe.montjoie@gmail.com>");
825 diff --git a/drivers/crypto/sunxi-ss/sunxi-ss-hash.c b/drivers/crypto/sunxi-ss/sunxi-ss-hash.c
827 index 0000000..6412bfb
829 +++ b/drivers/crypto/sunxi-ss/sunxi-ss-hash.c
832 + * sunxi-ss-hash.c - hardware cryptographic accelerator for Allwinner A20 SoC
834 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
836 + * This file add support for MD5 and SHA1.
838 + * You could find the datasheet at
839 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
841 + * This program is free software; you can redistribute it and/or modify
842 + * it under the terms of the GNU General Public License as published by
843 + * the Free Software Foundation; either version 2 of the License, or
844 + * (at your option) any later version.
846 +#include "sunxi-ss.h"
848 +extern struct sunxi_ss_ctx *ss;
850 +/* sunxi_hash_init: initialize request context
851 + * Activate the SS, and configure it for MD5 or SHA1
853 +int sunxi_hash_init(struct ahash_request *areq)
855 + const char *hash_type;
856 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
857 + struct sunxi_req_ctx *op = crypto_ahash_ctx(tfm);
859 + mutex_lock(&ss->lock);
861 + hash_type = crypto_tfm_alg_name(areq->base.tfm);
863 + op->byte_count = 0;
867 + /* Enable and configure SS for MD5 or SHA1 */
868 + if (strcmp(hash_type, "sha1") == 0)
869 + op->mode = SS_OP_SHA1;
871 + op->mode = SS_OP_MD5;
873 + writel(op->mode | SS_ENABLED, ss->base + SS_CTL);
878 + * sunxi_hash_update: update hash engine
880 + * Could be used for both SHA1 and MD5
881 + * Write data by step of 32bits and put then in the SS.
882 + * The remaining data is stored (nbwait bytes) in op->waitbuf
883 + * As an optimisation, we do not check RXFIFO_SPACES, since SS handle
884 + * the FIFO faster than our writes
886 +int sunxi_hash_update(struct ahash_request *areq)
889 + unsigned int i = 0;/* bytes read, to be compared to areq->nbytes */
890 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
891 + struct sunxi_req_ctx *op = crypto_ahash_ctx(tfm);
892 + struct scatterlist *in_sg;
893 + unsigned int in_i = 0;/* advancement in the current SG */
896 + u8 *waitbuf = (u8 *)(&op->waitbuf);
898 + if (areq->nbytes == 0)
903 + src_addr = kmap(sg_page(in_sg)) + in_sg->offset;
904 + /* step 1, if some bytes remains from last SG,
905 + * try to complete them to 4 and sent its */
906 + if (op->nbwait > 0) {
907 + while (op->nbwait < 4 && i < areq->nbytes &&
908 + in_i < in_sg->length) {
909 + waitbuf[op->nbwait] = *(u8 *)(src_addr + in_i);
914 + if (op->nbwait == 4) {
915 + writel(op->waitbuf, ss->base + SS_RXFIFO);
916 + op->byte_count += 4;
921 + /* step 2, main loop, read data 4bytes at a time */
922 + while (i < areq->nbytes && areq->nbytes - i >= 4 &&
923 + in_i < in_sg->length &&
924 + in_sg->length - in_i >= 4) {
925 + v = *(u32 *)(src_addr + in_i);
926 + writel_relaxed(v, ss->base + SS_RXFIFO);
928 + op->byte_count += 4;
931 + /* step 3, if we have less than 4 bytes, copy them in waitbuf
932 + * no need to check for op->nbwait < 4 since we cannot have
933 + * more than 4 bytes remaining */
934 + if (in_i < in_sg->length && in_sg->length - in_i < 4 &&
935 + i < areq->nbytes) {
937 + waitbuf[op->nbwait] = *(u8 *)(src_addr + in_i);
941 + } while (in_i < in_sg->length && i < areq->nbytes);
943 + /* we have finished the current SG, try next one */
944 + kunmap(sg_page(in_sg));
945 + in_sg = sg_next(in_sg);
947 + } while (in_sg != NULL && i < areq->nbytes);
952 + * sunxi_hash_final: finalize hashing operation
954 + * If we have some remaining bytes, send it.
955 + * Then ask the SS for finalizing the hash
957 +int sunxi_hash_final(struct ahash_request *areq)
962 + unsigned int index, padlen;
964 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
965 + struct sunxi_req_ctx *op = crypto_ahash_ctx(tfm);
967 + if (op->nbwait > 0) {
968 + op->waitbuf |= ((1 << 7) << (op->nbwait * 8));
969 + writel(op->waitbuf, ss->base + SS_RXFIFO);
971 + writel((1 << 7), ss->base + SS_RXFIFO);
974 + /* number of space to pad to obtain 64o minus 8(size) minus 4 (final 1)
979 + /* we have already send 4 more byte of which nbwait data */
980 + if (op->mode == SS_OP_MD5) {
981 + index = (op->byte_count + 4) & 0x3f;
982 + op->byte_count += op->nbwait;
984 + zeros = (120 - index) / 4;
986 + zeros = (56 - index) / 4;
988 + op->byte_count += op->nbwait;
989 + index = op->byte_count & 0x3f;
990 + padlen = (index < 56) ? (56 - index) : ((64+56) - index);
991 + zeros = (padlen - 1) / 4;
993 + for (i = 0; i < zeros; i++)
994 + writel(0, ss->base + SS_RXFIFO);
996 + /* write the lenght */
997 + if (op->mode == SS_OP_SHA1) {
998 + bits = cpu_to_be64(op->byte_count << 3);
999 + writel(bits & 0xffffffff, ss->base + SS_RXFIFO);
1000 + writel((bits >> 32) & 0xffffffff, ss->base + SS_RXFIFO);
1002 + writel((op->byte_count << 3) & 0xffffffff,
1003 + ss->base + SS_RXFIFO);
1004 + writel((op->byte_count >> 29) & 0xffffffff,
1005 + ss->base + SS_RXFIFO);
1008 + /* stop the hashing */
1009 + v = readl(ss->base + SS_CTL);
1011 + writel(v, ss->base + SS_CTL);
1013 + /* check the end */
1014 + /* The timeout could happend only in case of bad overcloking */
1015 +#define SS_TIMEOUT 100
1018 + v = readl(ss->base + SS_CTL);
1020 + } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
1021 + if (i >= SS_TIMEOUT) {
1022 + dev_err(ss->dev, "ERROR: hash end timeout %d>%d\n",
1024 + writel(0, ss->base + SS_CTL);
1025 + mutex_unlock(&ss->lock);
1029 + if (op->mode == SS_OP_SHA1) {
1030 + for (i = 0; i < 5; i++) {
1031 + v = cpu_to_be32(readl(ss->base + SS_MD0 + i * 4));
1032 + memcpy(areq->result + i * 4, &v, 4);
1035 + for (i = 0; i < 4; i++) {
1036 + v = readl(ss->base + SS_MD0 + i * 4);
1037 + memcpy(areq->result + i * 4, &v, 4);
1040 + writel(0, ss->base + SS_CTL);
1041 + mutex_unlock(&ss->lock);
1045 +/* sunxi_hash_finup: finalize hashing operation after an update */
1046 +int sunxi_hash_finup(struct ahash_request *areq)
1050 + err = sunxi_hash_update(areq);
1054 + return sunxi_hash_final(areq);
1057 +/* combo of init/update/final functions */
1058 +int sunxi_hash_digest(struct ahash_request *areq)
1062 + err = sunxi_hash_init(areq);
1066 + err = sunxi_hash_update(areq);
1070 + return sunxi_hash_final(areq);
1072 diff --git a/drivers/crypto/sunxi-ss/sunxi-ss.h b/drivers/crypto/sunxi-ss/sunxi-ss.h
1073 new file mode 100644
1074 index 0000000..94aca20
1076 +++ b/drivers/crypto/sunxi-ss/sunxi-ss.h
1079 + * sunxi-ss.c - hardware cryptographic accelerator for Allwinner A20 SoC
1081 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
1083 + * Support AES cipher with 128,192,256 bits keysize.
1084 + * Support MD5 and SHA1 hash algorithms.
1085 + * Support DES and 3DES
1088 + * You could find the datasheet at
1089 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
1092 + * Licensed under the GPL-2.
1095 +#include <linux/clk.h>
1096 +#include <linux/crypto.h>
1097 +#include <linux/io.h>
1098 +#include <linux/module.h>
1099 +#include <linux/of.h>
1100 +#include <linux/platform_device.h>
1101 +#include <crypto/scatterwalk.h>
1102 +#include <linux/scatterlist.h>
1103 +#include <linux/interrupt.h>
1104 +#include <linux/delay.h>
1105 +#include <crypto/md5.h>
1106 +#include <crypto/sha.h>
1107 +#include <crypto/hash.h>
1108 +#include <crypto/internal/hash.h>
1109 +#include <crypto/aes.h>
1110 +#include <crypto/des.h>
1111 +#include <crypto/internal/rng.h>
1113 +#define SS_CTL 0x00
1114 +#define SS_KEY0 0x04
1115 +#define SS_KEY1 0x08
1116 +#define SS_KEY2 0x0C
1117 +#define SS_KEY3 0x10
1118 +#define SS_KEY4 0x14
1119 +#define SS_KEY5 0x18
1120 +#define SS_KEY6 0x1C
1121 +#define SS_KEY7 0x20
1123 +#define SS_IV0 0x24
1124 +#define SS_IV1 0x28
1125 +#define SS_IV2 0x2C
1126 +#define SS_IV3 0x30
1128 +#define SS_CNT0 0x34
1129 +#define SS_CNT1 0x38
1130 +#define SS_CNT2 0x3C
1131 +#define SS_CNT3 0x40
1133 +#define SS_FCSR 0x44
1134 +#define SS_ICSR 0x48
1136 +#define SS_MD0 0x4C
1137 +#define SS_MD1 0x50
1138 +#define SS_MD2 0x54
1139 +#define SS_MD3 0x58
1140 +#define SS_MD4 0x5C
1142 +#define SS_RXFIFO 0x200
1143 +#define SS_TXFIFO 0x204
1145 +/* SS_CTL configuration values */
1147 +/* PRNG generator mode - bit 15 */
1148 +#define SS_PRNG_ONESHOT (0 << 15)
1149 +#define SS_PRNG_CONTINUE (1 << 15)
1151 +/* SS operation mode - bits 12-13 */
1152 +#define SS_ECB (0 << 12)
1153 +#define SS_CBC (1 << 12)
1154 +#define SS_CNT (2 << 12)
1156 +/* Counter width for CNT mode - bits 10-11 */
1157 +#define SS_CNT_16BITS (0 << 10)
1158 +#define SS_CNT_32BITS (1 << 10)
1159 +#define SS_CNT_64BITS (2 << 10)
1161 +/* Key size for AES - bits 8-9 */
1162 +#define SS_AES_128BITS (0 << 8)
1163 +#define SS_AES_192BITS (1 << 8)
1164 +#define SS_AES_256BITS (2 << 8)
1166 +/* Operation direction - bit 7 */
1167 +#define SS_ENCRYPTION (0 << 7)
1168 +#define SS_DECRYPTION (1 << 7)
1170 +/* SS Method - bits 4-6 */
1171 +#define SS_OP_AES (0 << 4)
1172 +#define SS_OP_DES (1 << 4)
1173 +#define SS_OP_3DES (2 << 4)
1174 +#define SS_OP_SHA1 (3 << 4)
1175 +#define SS_OP_MD5 (4 << 4)
1176 +#define SS_OP_PRNG (5 << 4)
1178 +/* Data end bit - bit 2 */
1179 +#define SS_DATA_END (1 << 2)
1181 +/* PRNG start bit - bit 1 */
1182 +#define SS_PRNG_START (1 << 1)
1184 +/* SS Enable bit - bit 0 */
1185 +#define SS_DISABLED (0 << 0)
1186 +#define SS_ENABLED (1 << 0)
1188 +/* SS_FCSR configuration values */
1189 +/* RX FIFO status - bit 30 */
1190 +#define SS_RXFIFO_FREE (1 << 30)
1192 +/* RX FIFO empty spaces - bits 24-29 */
1193 +#define SS_RXFIFO_SPACES(val) (((val) >> 24) & 0x3f)
1195 +/* TX FIFO status - bit 22 */
1196 +#define SS_TXFIFO_AVAILABLE (1 << 22)
1198 +/* TX FIFO available spaces - bits 16-21 */
1199 +#define SS_TXFIFO_SPACES(val) (((val) >> 16) & 0x3f)
1201 +#define SS_RXFIFO_EMP_INT_PENDING (1 << 10)
1202 +#define SS_TXFIFO_AVA_INT_PENDING (1 << 8)
1203 +#define SS_RXFIFO_EMP_INT_ENABLE (1 << 2)
1204 +#define SS_TXFIFO_AVA_INT_ENABLE (1 << 0)
1206 +/* SS_ICSR configuration values */
1207 +#define SS_ICS_DRQ_ENABLE (1 << 4)
1209 +struct sunxi_ss_ctx {
1210 + void __iomem *base;
1212 + struct clk *busclk;
1213 + struct clk *ssclk;
1214 + struct device *dev;
1215 + struct resource *res;
1216 + void *buf_in; /* pointer to data to be uploaded to the device */
1217 + size_t buf_in_size; /* size of buf_in */
1219 + size_t buf_out_size;
1220 + struct mutex lock; /* control the use of the device */
1221 + struct mutex bufout_lock; /* control the use of buf_out*/
1222 + struct mutex bufin_lock; /* control the sue of buf_in*/
1225 +struct sunxi_req_ctx {
1226 + u32 key[AES_MAX_KEY_SIZE / 4];/* divided by sizeof(u32) */
1229 + u64 byte_count; /* number of bytes "uploaded" to the device */
1230 + u32 waitbuf; /* a partial word waiting to be completed and
1231 + uploaded to the device */
1232 + /* number of bytes to be uploaded in the waitbuf word */
1233 + unsigned int nbwait;
1236 +#define SS_SEED_LEN (192/8)
1237 +#define SS_DATA_LEN (160/8)
1239 +struct prng_context {
1240 + u32 seed[SS_SEED_LEN/4];
1241 + unsigned int slen;
1244 +int sunxi_hash_init(struct ahash_request *areq);
1245 +int sunxi_hash_update(struct ahash_request *areq);
1246 +int sunxi_hash_final(struct ahash_request *areq);
1247 +int sunxi_hash_finup(struct ahash_request *areq);
1248 +int sunxi_hash_digest(struct ahash_request *areq);
1250 +int sunxi_ss_aes_poll(struct ablkcipher_request *areq);
1251 +int sunxi_ss_des_poll(struct ablkcipher_request *areq);
1252 +int sunxi_ss_cipher_init(struct crypto_tfm *tfm);
1253 +int sunxi_ss_cipher_encrypt(struct ablkcipher_request *areq);
1254 +int sunxi_ss_cipher_decrypt(struct ablkcipher_request *areq);
1255 +int sunxi_ss_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1256 + unsigned int keylen);
1257 +int sunxi_ss_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1258 + unsigned int keylen);
1259 +int sunxi_ss_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1260 + unsigned int keylen);