1 --- a/drivers/crypto/Kconfig
2 +++ b/drivers/crypto/Kconfig
3 @@ -419,4 +419,21 @@ config CRYPTO_DEV_MXS_DCP
4 To compile this driver as a module, choose M here: the module
5 will be called mxs-dcp.
7 +config CRYPTO_DEV_SUNXI_SS
8 + tristate "Support for Allwinner Security System cryptographic accelerator"
9 + depends on ARCH_SUNXI
14 + select CRYPTO_BLKCIPHER
16 + Some Allwinner SoC have a crypto accelerator named
17 + Security System. Select this if you want to use it.
18 + The Security System handle AES/DES/3DES ciphers in CBC mode
19 + and SHA1 and MD5 hash algorithms.
21 + To compile this driver as a module, choose M here: the module
22 + will be called sunxi-ss.
25 --- a/drivers/crypto/Makefile
26 +++ b/drivers/crypto/Makefile
27 @@ -23,3 +23,4 @@ obj-$(CONFIG_CRYPTO_DEV_SAHARA) += sahar
28 obj-$(CONFIG_CRYPTO_DEV_TALITOS) += talitos.o
29 obj-$(CONFIG_CRYPTO_DEV_TEGRA_AES) += tegra-aes.o
30 obj-$(CONFIG_CRYPTO_DEV_UX500) += ux500/
31 +obj-$(CONFIG_CRYPTO_DEV_SUNXI_SS) += sunxi-ss/
33 +++ b/drivers/crypto/sunxi-ss/Makefile
35 +obj-$(CONFIG_CRYPTO_DEV_SUNXI_SS) += sunxi-ss.o
36 +sunxi-ss-y += sunxi-ss-core.o sunxi-ss-hash.o sunxi-ss-cipher.o
38 +++ b/drivers/crypto/sunxi-ss/sunxi-ss-cipher.c
41 + * sunxi-ss-cipher.c - hardware cryptographic accelerator for Allwinner A20 SoC
43 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
45 + * This file add support for AES cipher with 128,192,256 bits
46 + * keysize in CBC mode.
48 + * You could find the datasheet at
49 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
51 + * This program is free software; you can redistribute it and/or modify
52 + * it under the terms of the GNU General Public License as published by
53 + * the Free Software Foundation; either version 2 of the License, or
54 + * (at your option) any later version.
56 +#include "sunxi-ss.h"
58 +extern struct sunxi_ss_ctx *ss;
60 +static int sunxi_ss_cipher(struct ablkcipher_request *areq, u32 mode)
62 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
63 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
64 + const char *cipher_type;
66 + cipher_type = crypto_tfm_alg_name(crypto_ablkcipher_tfm(tfm));
68 + if (areq->nbytes == 0) {
69 + mutex_unlock(&ss->lock);
73 + if (areq->info == NULL) {
74 + dev_err(ss->dev, "ERROR: Empty IV\n");
75 + mutex_unlock(&ss->lock);
79 + if (areq->src == NULL || areq->dst == NULL) {
80 + dev_err(ss->dev, "ERROR: Some SGs are NULL\n");
81 + mutex_unlock(&ss->lock);
85 + if (strcmp("cbc(aes)", cipher_type) == 0) {
86 + op->mode |= SS_OP_AES | SS_CBC | SS_ENABLED | mode;
87 + return sunxi_ss_aes_poll(areq);
89 + if (strcmp("cbc(des)", cipher_type) == 0) {
90 + op->mode = SS_OP_DES | SS_CBC | SS_ENABLED | mode;
91 + return sunxi_ss_des_poll(areq);
93 + if (strcmp("cbc(des3_ede)", cipher_type) == 0) {
94 + op->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | mode;
95 + return sunxi_ss_des_poll(areq);
97 + dev_err(ss->dev, "ERROR: Cipher %s not handled\n", cipher_type);
98 + mutex_unlock(&ss->lock);
102 +int sunxi_ss_cipher_encrypt(struct ablkcipher_request *areq)
104 + return sunxi_ss_cipher(areq, SS_ENCRYPTION);
107 +int sunxi_ss_cipher_decrypt(struct ablkcipher_request *areq)
109 + return sunxi_ss_cipher(areq, SS_DECRYPTION);
112 +int sunxi_ss_cipher_init(struct crypto_tfm *tfm)
114 + struct sunxi_req_ctx *op = crypto_tfm_ctx(tfm);
116 + mutex_lock(&ss->lock);
118 + memset(op, 0, sizeof(struct sunxi_req_ctx));
122 +int sunxi_ss_aes_poll(struct ablkcipher_request *areq)
125 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
126 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
127 + unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
128 + /* when activating SS, the default FIFO space is 32 */
133 + struct scatterlist *in_sg;
134 + struct scatterlist *out_sg;
137 + unsigned int ileft = areq->nbytes;
138 + unsigned int oleft = areq->nbytes;
139 + unsigned int sgileft = areq->src->length;
140 + unsigned int sgoleft = areq->dst->length;
146 + out_sg = areq->dst;
147 + for (i = 0; i < op->keylen; i += 4)
148 + writel(*(op->key + i/4), ss->base + SS_KEY0 + i);
149 + if (areq->info != NULL) {
150 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
151 + v = *(u32 *)(areq->info + i * 4);
152 + writel(v, ss->base + SS_IV0 + i * 4);
155 + writel(op->mode, ss->base + SS_CTL);
157 + /* If we have only one SG, we can use kmap_atomic */
158 + if (sg_next(in_sg) == NULL && sg_next(out_sg) == NULL) {
159 + src_addr = kmap_atomic(sg_page(in_sg)) + in_sg->offset;
160 + if (src_addr == NULL) {
161 + dev_err(ss->dev, "kmap_atomic error for src SG\n");
162 + writel(0, ss->base + SS_CTL);
163 + mutex_unlock(&ss->lock);
166 + dst_addr = kmap_atomic(sg_page(out_sg)) + out_sg->offset;
167 + if (dst_addr == NULL) {
168 + dev_err(ss->dev, "kmap_atomic error for dst SG\n");
169 + writel(0, ss->base + SS_CTL);
170 + kunmap_atomic(src_addr);
171 + mutex_unlock(&ss->lock);
174 + src32 = (u32 *)src_addr;
175 + dst32 = (u32 *)dst_addr;
176 + ileft = areq->nbytes / 4;
177 + oleft = areq->nbytes / 4;
180 + if (ileft > 0 && rx_cnt > 0) {
181 + todo = min(rx_cnt, ileft);
184 + writel_relaxed(*src32++,
188 + } while (todo > 0);
191 + todo = min(tx_cnt, oleft);
194 + *dst32++ = readl_relaxed(ss->base +
197 + } while (todo > 0);
199 + spaces = readl_relaxed(ss->base + SS_FCSR);
200 + rx_cnt = SS_RXFIFO_SPACES(spaces);
201 + tx_cnt = SS_TXFIFO_SPACES(spaces);
202 + } while (oleft > 0);
203 + writel(0, ss->base + SS_CTL);
204 + kunmap_atomic(src_addr);
205 + kunmap_atomic(dst_addr);
206 + mutex_unlock(&ss->lock);
210 + /* If we have more than one SG, we cannot use kmap_atomic since
211 + * we hold the mapping too long
213 + src_addr = kmap(sg_page(in_sg)) + in_sg->offset;
214 + if (src_addr == NULL) {
215 + dev_err(ss->dev, "KMAP error for src SG\n");
216 + mutex_unlock(&ss->lock);
219 + dst_addr = kmap(sg_page(out_sg)) + out_sg->offset;
220 + if (dst_addr == NULL) {
221 + kunmap(sg_page(in_sg));
222 + dev_err(ss->dev, "KMAP error for dst SG\n");
223 + mutex_unlock(&ss->lock);
226 + src32 = (u32 *)src_addr;
227 + dst32 = (u32 *)dst_addr;
228 + ileft = areq->nbytes / 4;
229 + oleft = areq->nbytes / 4;
230 + sgileft = in_sg->length / 4;
231 + sgoleft = out_sg->length / 4;
233 + spaces = readl_relaxed(ss->base + SS_FCSR);
234 + rx_cnt = SS_RXFIFO_SPACES(spaces);
235 + tx_cnt = SS_TXFIFO_SPACES(spaces);
236 + todo = min3(rx_cnt, ileft, sgileft);
242 + writel_relaxed(*src32++, ss->base + SS_RXFIFO);
245 + if (in_sg != NULL && sgileft == 0 && ileft > 0) {
246 + kunmap(sg_page(in_sg));
247 + in_sg = sg_next(in_sg);
248 + while (in_sg != NULL && in_sg->length == 0)
249 + in_sg = sg_next(in_sg);
250 + if (in_sg != NULL && ileft > 0) {
251 + src_addr = kmap(sg_page(in_sg)) + in_sg->offset;
252 + if (src_addr == NULL) {
253 + dev_err(ss->dev, "ERROR: KMAP for src SG\n");
254 + mutex_unlock(&ss->lock);
258 + sgileft = in_sg->length / 4;
261 + /* do not test oleft since when oleft == 0 we have finished */
262 + todo = min3(tx_cnt, oleft, sgoleft);
268 + *dst32++ = readl_relaxed(ss->base + SS_TXFIFO);
271 + if (out_sg != NULL && sgoleft == 0 && oleft >= 0) {
272 + kunmap(sg_page(out_sg));
273 + out_sg = sg_next(out_sg);
274 + while (out_sg != NULL && out_sg->length == 0)
275 + out_sg = sg_next(out_sg);
276 + if (out_sg != NULL && oleft > 0) {
277 + dst_addr = kmap(sg_page(out_sg)) +
279 + if (dst_addr == NULL) {
280 + dev_err(ss->dev, "KMAP error\n");
281 + mutex_unlock(&ss->lock);
285 + sgoleft = out_sg->length / 4;
288 + } while (oleft > 0);
290 + writel(0, ss->base + SS_CTL);
291 + mutex_unlock(&ss->lock);
295 +/* Pure CPU way of doing DES/3DES with SS
296 + * Since DES and 3DES SGs could be smaller than 4 bytes, I use sg_copy_to_buffer
297 + * for "linearize" them.
298 + * The problem with that is that I alloc (2 x areq->nbytes) for buf_in/buf_out
299 + * TODO: change this system
300 + * SGsrc -> buf_in -> SS -> buf_out -> SGdst */
301 +int sunxi_ss_des_poll(struct ablkcipher_request *areq)
304 + size_t nb_in_sg_tx, nb_in_sg_rx;
306 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
307 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
308 + unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
315 + /* if we have only SGs with size multiple of 4,
316 + * we can use the SS AES function */
317 + struct scatterlist *in_sg;
318 + struct scatterlist *out_sg;
321 + out_sg = areq->dst;
323 + while (in_sg != NULL && no_chunk == 1) {
324 + if ((in_sg->length % 4) != 0)
326 + in_sg = sg_next(in_sg);
328 + while (out_sg != NULL && no_chunk == 1) {
329 + if ((out_sg->length % 4) != 0)
331 + out_sg = sg_next(out_sg);
335 + return sunxi_ss_aes_poll(areq);
337 + out_sg = areq->dst;
339 + nb_in_sg_rx = sg_nents(in_sg);
340 + nb_in_sg_tx = sg_nents(out_sg);
342 + mutex_lock(&ss->bufin_lock);
343 + if (ss->buf_in == NULL) {
344 + ss->buf_in = kmalloc(areq->nbytes, GFP_KERNEL);
345 + ss->buf_in_size = areq->nbytes;
347 + if (areq->nbytes > ss->buf_in_size) {
349 + ss->buf_in = kmalloc(areq->nbytes, GFP_KERNEL);
350 + ss->buf_in_size = areq->nbytes;
353 + if (ss->buf_in == NULL) {
354 + ss->buf_in_size = 0;
355 + mutex_unlock(&ss->bufin_lock);
356 + dev_err(ss->dev, "Unable to allocate pages.\n");
359 + if (ss->buf_out == NULL) {
360 + mutex_lock(&ss->bufout_lock);
361 + ss->buf_out = kmalloc(areq->nbytes, GFP_KERNEL);
362 + if (ss->buf_out == NULL) {
363 + ss->buf_out_size = 0;
364 + mutex_unlock(&ss->bufout_lock);
365 + dev_err(ss->dev, "Unable to allocate pages.\n");
368 + ss->buf_out_size = areq->nbytes;
369 + mutex_unlock(&ss->bufout_lock);
371 + if (areq->nbytes > ss->buf_out_size) {
372 + mutex_lock(&ss->bufout_lock);
373 + kfree(ss->buf_out);
374 + ss->buf_out = kmalloc(areq->nbytes, GFP_KERNEL);
375 + if (ss->buf_out == NULL) {
376 + ss->buf_out_size = 0;
377 + mutex_unlock(&ss->bufout_lock);
378 + dev_err(ss->dev, "Unable to allocate pages.\n");
381 + ss->buf_out_size = areq->nbytes;
382 + mutex_unlock(&ss->bufout_lock);
386 + sg_copy_to_buffer(areq->src, nb_in_sg_rx, ss->buf_in, areq->nbytes);
391 + for (i = 0; i < op->keylen; i += 4)
392 + writel(*(op->key + i/4), ss->base + SS_KEY0 + i);
393 + if (areq->info != NULL) {
394 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
395 + v = *(u32 *)(areq->info + i * 4);
396 + writel(v, ss->base + SS_IV0 + i * 4);
399 + writel(op->mode, ss->base + SS_CTL);
402 + if (rx_cnt == 0 || tx_cnt == 0) {
403 + spaces = readl(ss->base + SS_FCSR);
404 + rx_cnt = SS_RXFIFO_SPACES(spaces);
405 + tx_cnt = SS_TXFIFO_SPACES(spaces);
407 + if (rx_cnt > 0 && ir < areq->nbytes) {
409 + value = *(u32 *)(ss->buf_in + ir);
410 + writel(value, ss->base + SS_RXFIFO);
413 + } while (rx_cnt > 0 && ir < areq->nbytes);
415 + if (tx_cnt > 0 && it < areq->nbytes) {
417 + value = readl(ss->base + SS_TXFIFO);
418 + *(u32 *)(ss->buf_out + it) = value;
421 + } while (tx_cnt > 0 && it < areq->nbytes);
423 + if (ir == areq->nbytes) {
424 + mutex_unlock(&ss->bufin_lock);
427 + } while (it < areq->nbytes);
429 + writel(0, ss->base + SS_CTL);
430 + mutex_unlock(&ss->lock);
432 + /* a simple optimization, since we dont need the hardware for this copy
433 + * we release the lock and do the copy. With that we gain 5/10% perf */
434 + mutex_lock(&ss->bufout_lock);
435 + sg_copy_from_buffer(areq->dst, nb_in_sg_tx, ss->buf_out, areq->nbytes);
437 + mutex_unlock(&ss->bufout_lock);
441 +/* check and set the AES key, prepare the mode to be used */
442 +int sunxi_ss_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
443 + unsigned int keylen)
445 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
449 + op->mode = SS_AES_128BITS;
452 + op->mode = SS_AES_192BITS;
455 + op->mode = SS_AES_256BITS;
458 + dev_err(ss->dev, "ERROR: Invalid keylen %u\n", keylen);
459 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
460 + mutex_unlock(&ss->lock);
463 + op->keylen = keylen;
464 + memcpy(op->key, key, keylen);
468 +/* check and set the DES key, prepare the mode to be used */
469 +int sunxi_ss_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
470 + unsigned int keylen)
472 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
474 + if (keylen != DES_KEY_SIZE) {
475 + dev_err(ss->dev, "Invalid keylen %u\n", keylen);
476 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
477 + mutex_unlock(&ss->lock);
480 + op->keylen = keylen;
481 + memcpy(op->key, key, keylen);
485 +/* check and set the 3DES key, prepare the mode to be used */
486 +int sunxi_ss_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
487 + unsigned int keylen)
489 + struct sunxi_req_ctx *op = crypto_ablkcipher_ctx(tfm);
491 + if (keylen != 3 * DES_KEY_SIZE) {
492 + dev_err(ss->dev, "Invalid keylen %u\n", keylen);
493 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
494 + mutex_unlock(&ss->lock);
497 + op->keylen = keylen;
498 + memcpy(op->key, key, keylen);
502 +++ b/drivers/crypto/sunxi-ss/sunxi-ss-core.c
505 + * sunxi-ss.c - hardware cryptographic accelerator for Allwinner A20 SoC
507 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
509 + * Core file which registers crypto algorithms supported by the SS.
511 + * You could find the datasheet at
512 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
515 + * This program is free software; you can redistribute it and/or modify
516 + * it under the terms of the GNU General Public License as published by
517 + * the Free Software Foundation; either version 2 of the License, or
518 + * (at your option) any later version.
520 +#include <linux/clk.h>
521 +#include <linux/crypto.h>
522 +#include <linux/io.h>
523 +#include <linux/module.h>
524 +#include <linux/of.h>
525 +#include <linux/platform_device.h>
526 +#include <crypto/scatterwalk.h>
527 +#include <linux/scatterlist.h>
528 +#include <linux/interrupt.h>
529 +#include <linux/delay.h>
531 +#include "sunxi-ss.h"
533 +struct sunxi_ss_ctx *ss;
536 + * I cannot use a key/IV cache because each time one of these change ALL stuff
537 + * need to be re-writed (rewrite SS_KEYX ans SS_IVX).
538 + * And for example, with dm-crypt IV changes on each request.
540 + * After each request the device must be disabled with a write of 0 in SS_CTL
542 + * For performance reason, we use writel_relaxed/read_relaxed for all
543 + * operations on RX and TX FIFO and also SS_FCSR.
544 + * For all other registers, we use writel/readl.
545 + * See http://permalink.gmane.org/gmane.linux.ports.arm.kernel/117644
546 + * and http://permalink.gmane.org/gmane.linux.ports.arm.kernel/117640
549 +static struct ahash_alg sunxi_md5_alg = {
550 + .init = sunxi_hash_init,
551 + .update = sunxi_hash_update,
552 + .final = sunxi_hash_final,
553 + .finup = sunxi_hash_finup,
554 + .digest = sunxi_hash_digest,
556 + .digestsize = MD5_DIGEST_SIZE,
559 + .cra_driver_name = "md5-sunxi-ss",
560 + .cra_priority = 300,
561 + .cra_alignmask = 3,
562 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
563 + .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
564 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
565 + .cra_module = THIS_MODULE,
566 + .cra_type = &crypto_ahash_type
570 +static struct ahash_alg sunxi_sha1_alg = {
571 + .init = sunxi_hash_init,
572 + .update = sunxi_hash_update,
573 + .final = sunxi_hash_final,
574 + .finup = sunxi_hash_finup,
575 + .digest = sunxi_hash_digest,
577 + .digestsize = SHA1_DIGEST_SIZE,
579 + .cra_name = "sha1",
580 + .cra_driver_name = "sha1-sunxi-ss",
581 + .cra_priority = 300,
582 + .cra_alignmask = 3,
583 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
584 + .cra_blocksize = SHA1_BLOCK_SIZE,
585 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
586 + .cra_module = THIS_MODULE,
587 + .cra_type = &crypto_ahash_type
592 +static struct crypto_alg sunxi_cipher_algs[] = {
594 + .cra_name = "cbc(aes)",
595 + .cra_driver_name = "cbc-aes-sunxi-ss",
596 + .cra_priority = 300,
597 + .cra_blocksize = AES_BLOCK_SIZE,
598 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
599 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
600 + .cra_module = THIS_MODULE,
601 + .cra_alignmask = 3,
602 + .cra_type = &crypto_ablkcipher_type,
603 + .cra_init = sunxi_ss_cipher_init,
606 + .min_keysize = AES_MIN_KEY_SIZE,
607 + .max_keysize = AES_MAX_KEY_SIZE,
608 + .ivsize = AES_BLOCK_SIZE,
609 + .setkey = sunxi_ss_aes_setkey,
610 + .encrypt = sunxi_ss_cipher_encrypt,
611 + .decrypt = sunxi_ss_cipher_decrypt,
615 + .cra_name = "cbc(des)",
616 + .cra_driver_name = "cbc-des-sunxi-ss",
617 + .cra_priority = 300,
618 + .cra_blocksize = DES_BLOCK_SIZE,
619 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
620 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
621 + .cra_module = THIS_MODULE,
622 + .cra_alignmask = 3,
623 + .cra_type = &crypto_ablkcipher_type,
624 + .cra_init = sunxi_ss_cipher_init,
625 + .cra_u.ablkcipher = {
626 + .min_keysize = DES_KEY_SIZE,
627 + .max_keysize = DES_KEY_SIZE,
628 + .ivsize = DES_BLOCK_SIZE,
629 + .setkey = sunxi_ss_des_setkey,
630 + .encrypt = sunxi_ss_cipher_encrypt,
631 + .decrypt = sunxi_ss_cipher_decrypt,
634 + .cra_name = "cbc(des3_ede)",
635 + .cra_driver_name = "cbc-des3-sunxi-ss",
636 + .cra_priority = 300,
637 + .cra_blocksize = DES3_EDE_BLOCK_SIZE,
638 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
639 + .cra_ctxsize = sizeof(struct sunxi_req_ctx),
640 + .cra_module = THIS_MODULE,
641 + .cra_alignmask = 3,
642 + .cra_type = &crypto_ablkcipher_type,
643 + .cra_init = sunxi_ss_cipher_init,
644 + .cra_u.ablkcipher = {
645 + .min_keysize = DES3_EDE_KEY_SIZE,
646 + .max_keysize = DES3_EDE_KEY_SIZE,
647 + .ivsize = DES3_EDE_BLOCK_SIZE,
648 + .setkey = sunxi_ss_des3_setkey,
649 + .encrypt = sunxi_ss_cipher_encrypt,
650 + .decrypt = sunxi_ss_cipher_decrypt,
655 +static int sunxi_ss_probe(struct platform_device *pdev)
657 + struct resource *res;
661 + const unsigned long cr_ahb = 24 * 1000 * 1000;
662 + const unsigned long cr_mod = 150 * 1000 * 1000;
664 + if (!pdev->dev.of_node)
667 + ss = devm_kzalloc(&pdev->dev, sizeof(*ss), GFP_KERNEL);
671 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
672 + ss->base = devm_ioremap_resource(&pdev->dev, res);
673 + if (IS_ERR(ss->base)) {
674 + dev_err(&pdev->dev, "Cannot request MMIO\n");
675 + return PTR_ERR(ss->base);
678 + ss->ssclk = devm_clk_get(&pdev->dev, "mod");
679 + if (IS_ERR(ss->ssclk)) {
680 + err = PTR_ERR(ss->ssclk);
681 + dev_err(&pdev->dev, "Cannot get SS clock err=%d\n", err);
684 + dev_dbg(&pdev->dev, "clock ss acquired\n");
686 + ss->busclk = devm_clk_get(&pdev->dev, "ahb");
687 + if (IS_ERR(ss->busclk)) {
688 + err = PTR_ERR(ss->busclk);
689 + dev_err(&pdev->dev, "Cannot get AHB SS clock err=%d\n", err);
692 + dev_dbg(&pdev->dev, "clock ahb_ss acquired\n");
694 + /* Enable the clocks */
695 + err = clk_prepare_enable(ss->busclk);
697 + dev_err(&pdev->dev, "Cannot prepare_enable busclk\n");
700 + err = clk_prepare_enable(ss->ssclk);
702 + dev_err(&pdev->dev, "Cannot prepare_enable ssclk\n");
703 + clk_disable_unprepare(ss->busclk);
707 + /* Check that clock have the correct rates gived in the datasheet */
708 + /* Try to set the clock to the maximum allowed */
709 + err = clk_set_rate(ss->ssclk, cr_mod);
711 + dev_err(&pdev->dev, "Cannot set clock rate to ssclk\n");
712 + clk_disable_unprepare(ss->ssclk);
713 + clk_disable_unprepare(ss->busclk);
716 + cr = clk_get_rate(ss->busclk);
718 + dev_dbg(&pdev->dev, "Clock bus %lu (%lu MHz) (must be >= %lu)\n",
719 + cr, cr / 1000000, cr_ahb);
721 + dev_warn(&pdev->dev, "Clock bus %lu (%lu MHz) (must be >= %lu)\n",
722 + cr, cr / 1000000, cr_ahb);
723 + cr = clk_get_rate(ss->ssclk);
725 + dev_dbg(&pdev->dev, "Clock ss %lu (%lu MHz) (must be <= %lu)\n",
726 + cr, cr / 1000000, cr_mod);
728 + dev_warn(&pdev->dev, "Clock ss is at %lu (%lu MHz) (must be <= %lu)\n",
729 + cr, cr / 1000000, cr_mod);
732 + /* TODO Does this information could be usefull ? */
733 + writel(SS_ENABLED, ss->base + SS_CTL);
734 + v = readl(ss->base + SS_CTL);
737 + dev_info(&pdev->dev, "Die ID %d\n", v);
738 + writel(0, ss->base + SS_CTL);
740 + ss->dev = &pdev->dev;
742 + mutex_init(&ss->lock);
743 + mutex_init(&ss->bufin_lock);
744 + mutex_init(&ss->bufout_lock);
746 + err = crypto_register_ahash(&sunxi_md5_alg);
749 + err = crypto_register_ahash(&sunxi_sha1_alg);
752 + err = crypto_register_algs(sunxi_cipher_algs,
753 + ARRAY_SIZE(sunxi_cipher_algs));
755 + goto error_ciphers;
759 + crypto_unregister_ahash(&sunxi_sha1_alg);
761 + crypto_unregister_ahash(&sunxi_md5_alg);
763 + clk_disable_unprepare(ss->ssclk);
764 + clk_disable_unprepare(ss->busclk);
768 +static int __exit sunxi_ss_remove(struct platform_device *pdev)
770 + if (!pdev->dev.of_node)
773 + crypto_unregister_ahash(&sunxi_md5_alg);
774 + crypto_unregister_ahash(&sunxi_sha1_alg);
775 + crypto_unregister_algs(sunxi_cipher_algs,
776 + ARRAY_SIZE(sunxi_cipher_algs));
778 + if (ss->buf_in != NULL)
780 + if (ss->buf_out != NULL)
781 + kfree(ss->buf_out);
783 + writel(0, ss->base + SS_CTL);
784 + clk_disable_unprepare(ss->busclk);
785 + clk_disable_unprepare(ss->ssclk);
789 +/*============================================================================*/
790 +/*============================================================================*/
791 +static const struct of_device_id a20ss_crypto_of_match_table[] = {
792 + { .compatible = "allwinner,sun7i-a20-crypto" },
795 +MODULE_DEVICE_TABLE(of, a20ss_crypto_of_match_table);
797 +static struct platform_driver sunxi_ss_driver = {
798 + .probe = sunxi_ss_probe,
799 + .remove = __exit_p(sunxi_ss_remove),
801 + .owner = THIS_MODULE,
802 + .name = "sunxi-ss",
803 + .of_match_table = a20ss_crypto_of_match_table,
807 +module_platform_driver(sunxi_ss_driver);
809 +MODULE_DESCRIPTION("Allwinner Security System cryptographic accelerator");
810 +MODULE_LICENSE("GPL");
811 +MODULE_AUTHOR("Corentin LABBE <clabbe.montjoie@gmail.com>");
813 +++ b/drivers/crypto/sunxi-ss/sunxi-ss-hash.c
816 + * sunxi-ss-hash.c - hardware cryptographic accelerator for Allwinner A20 SoC
818 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
820 + * This file add support for MD5 and SHA1.
822 + * You could find the datasheet at
823 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
825 + * This program is free software; you can redistribute it and/or modify
826 + * it under the terms of the GNU General Public License as published by
827 + * the Free Software Foundation; either version 2 of the License, or
828 + * (at your option) any later version.
830 +#include "sunxi-ss.h"
832 +extern struct sunxi_ss_ctx *ss;
834 +/* sunxi_hash_init: initialize request context
835 + * Activate the SS, and configure it for MD5 or SHA1
837 +int sunxi_hash_init(struct ahash_request *areq)
839 + const char *hash_type;
840 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
841 + struct sunxi_req_ctx *op = crypto_ahash_ctx(tfm);
843 + mutex_lock(&ss->lock);
845 + hash_type = crypto_tfm_alg_name(areq->base.tfm);
847 + op->byte_count = 0;
851 + /* Enable and configure SS for MD5 or SHA1 */
852 + if (strcmp(hash_type, "sha1") == 0)
853 + op->mode = SS_OP_SHA1;
855 + op->mode = SS_OP_MD5;
857 + writel(op->mode | SS_ENABLED, ss->base + SS_CTL);
862 + * sunxi_hash_update: update hash engine
864 + * Could be used for both SHA1 and MD5
865 + * Write data by step of 32bits and put then in the SS.
866 + * The remaining data is stored (nbwait bytes) in op->waitbuf
867 + * As an optimisation, we do not check RXFIFO_SPACES, since SS handle
868 + * the FIFO faster than our writes
870 +int sunxi_hash_update(struct ahash_request *areq)
873 + unsigned int i = 0;/* bytes read, to be compared to areq->nbytes */
874 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
875 + struct sunxi_req_ctx *op = crypto_ahash_ctx(tfm);
876 + struct scatterlist *in_sg;
877 + unsigned int in_i = 0;/* advancement in the current SG */
880 + u8 *waitbuf = (u8 *)(&op->waitbuf);
882 + if (areq->nbytes == 0)
887 + src_addr = kmap(sg_page(in_sg)) + in_sg->offset;
888 + /* step 1, if some bytes remains from last SG,
889 + * try to complete them to 4 and sent its */
890 + if (op->nbwait > 0) {
891 + while (op->nbwait < 4 && i < areq->nbytes &&
892 + in_i < in_sg->length) {
893 + waitbuf[op->nbwait] = *(u8 *)(src_addr + in_i);
898 + if (op->nbwait == 4) {
899 + writel(op->waitbuf, ss->base + SS_RXFIFO);
900 + op->byte_count += 4;
905 + /* step 2, main loop, read data 4bytes at a time */
906 + while (i < areq->nbytes && areq->nbytes - i >= 4 &&
907 + in_i < in_sg->length &&
908 + in_sg->length - in_i >= 4) {
909 + v = *(u32 *)(src_addr + in_i);
910 + writel_relaxed(v, ss->base + SS_RXFIFO);
912 + op->byte_count += 4;
915 + /* step 3, if we have less than 4 bytes, copy them in waitbuf
916 + * no need to check for op->nbwait < 4 since we cannot have
917 + * more than 4 bytes remaining */
918 + if (in_i < in_sg->length && in_sg->length - in_i < 4 &&
919 + i < areq->nbytes) {
921 + waitbuf[op->nbwait] = *(u8 *)(src_addr + in_i);
925 + } while (in_i < in_sg->length && i < areq->nbytes);
927 + /* we have finished the current SG, try next one */
928 + kunmap(sg_page(in_sg));
929 + in_sg = sg_next(in_sg);
931 + } while (in_sg != NULL && i < areq->nbytes);
936 + * sunxi_hash_final: finalize hashing operation
938 + * If we have some remaining bytes, send it.
939 + * Then ask the SS for finalizing the hash
941 +int sunxi_hash_final(struct ahash_request *areq)
946 + unsigned int index, padlen;
948 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
949 + struct sunxi_req_ctx *op = crypto_ahash_ctx(tfm);
951 + if (op->nbwait > 0) {
952 + op->waitbuf |= ((1 << 7) << (op->nbwait * 8));
953 + writel(op->waitbuf, ss->base + SS_RXFIFO);
955 + writel((1 << 7), ss->base + SS_RXFIFO);
958 + /* number of space to pad to obtain 64o minus 8(size) minus 4 (final 1)
963 + /* we have already send 4 more byte of which nbwait data */
964 + if (op->mode == SS_OP_MD5) {
965 + index = (op->byte_count + 4) & 0x3f;
966 + op->byte_count += op->nbwait;
968 + zeros = (120 - index) / 4;
970 + zeros = (56 - index) / 4;
972 + op->byte_count += op->nbwait;
973 + index = op->byte_count & 0x3f;
974 + padlen = (index < 56) ? (56 - index) : ((64+56) - index);
975 + zeros = (padlen - 1) / 4;
977 + for (i = 0; i < zeros; i++)
978 + writel(0, ss->base + SS_RXFIFO);
980 + /* write the lenght */
981 + if (op->mode == SS_OP_SHA1) {
982 + bits = cpu_to_be64(op->byte_count << 3);
983 + writel(bits & 0xffffffff, ss->base + SS_RXFIFO);
984 + writel((bits >> 32) & 0xffffffff, ss->base + SS_RXFIFO);
986 + writel((op->byte_count << 3) & 0xffffffff,
987 + ss->base + SS_RXFIFO);
988 + writel((op->byte_count >> 29) & 0xffffffff,
989 + ss->base + SS_RXFIFO);
992 + /* stop the hashing */
993 + v = readl(ss->base + SS_CTL);
995 + writel(v, ss->base + SS_CTL);
997 + /* check the end */
998 + /* The timeout could happend only in case of bad overcloking */
999 +#define SS_TIMEOUT 100
1002 + v = readl(ss->base + SS_CTL);
1004 + } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
1005 + if (i >= SS_TIMEOUT) {
1006 + dev_err(ss->dev, "ERROR: hash end timeout %d>%d\n",
1008 + writel(0, ss->base + SS_CTL);
1009 + mutex_unlock(&ss->lock);
1013 + if (op->mode == SS_OP_SHA1) {
1014 + for (i = 0; i < 5; i++) {
1015 + v = cpu_to_be32(readl(ss->base + SS_MD0 + i * 4));
1016 + memcpy(areq->result + i * 4, &v, 4);
1019 + for (i = 0; i < 4; i++) {
1020 + v = readl(ss->base + SS_MD0 + i * 4);
1021 + memcpy(areq->result + i * 4, &v, 4);
1024 + writel(0, ss->base + SS_CTL);
1025 + mutex_unlock(&ss->lock);
1029 +/* sunxi_hash_finup: finalize hashing operation after an update */
1030 +int sunxi_hash_finup(struct ahash_request *areq)
1034 + err = sunxi_hash_update(areq);
1038 + return sunxi_hash_final(areq);
1041 +/* combo of init/update/final functions */
1042 +int sunxi_hash_digest(struct ahash_request *areq)
1046 + err = sunxi_hash_init(areq);
1050 + err = sunxi_hash_update(areq);
1054 + return sunxi_hash_final(areq);
1057 +++ b/drivers/crypto/sunxi-ss/sunxi-ss.h
1060 + * sunxi-ss.c - hardware cryptographic accelerator for Allwinner A20 SoC
1062 + * Copyright (C) 2013-2014 Corentin LABBE <clabbe.montjoie@gmail.com>
1064 + * Support AES cipher with 128,192,256 bits keysize.
1065 + * Support MD5 and SHA1 hash algorithms.
1066 + * Support DES and 3DES
1069 + * You could find the datasheet at
1070 + * http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf
1073 + * Licensed under the GPL-2.
1076 +#include <linux/clk.h>
1077 +#include <linux/crypto.h>
1078 +#include <linux/io.h>
1079 +#include <linux/module.h>
1080 +#include <linux/of.h>
1081 +#include <linux/platform_device.h>
1082 +#include <crypto/scatterwalk.h>
1083 +#include <linux/scatterlist.h>
1084 +#include <linux/interrupt.h>
1085 +#include <linux/delay.h>
1086 +#include <crypto/md5.h>
1087 +#include <crypto/sha.h>
1088 +#include <crypto/hash.h>
1089 +#include <crypto/internal/hash.h>
1090 +#include <crypto/aes.h>
1091 +#include <crypto/des.h>
1092 +#include <crypto/internal/rng.h>
1094 +#define SS_CTL 0x00
1095 +#define SS_KEY0 0x04
1096 +#define SS_KEY1 0x08
1097 +#define SS_KEY2 0x0C
1098 +#define SS_KEY3 0x10
1099 +#define SS_KEY4 0x14
1100 +#define SS_KEY5 0x18
1101 +#define SS_KEY6 0x1C
1102 +#define SS_KEY7 0x20
1104 +#define SS_IV0 0x24
1105 +#define SS_IV1 0x28
1106 +#define SS_IV2 0x2C
1107 +#define SS_IV3 0x30
1109 +#define SS_CNT0 0x34
1110 +#define SS_CNT1 0x38
1111 +#define SS_CNT2 0x3C
1112 +#define SS_CNT3 0x40
1114 +#define SS_FCSR 0x44
1115 +#define SS_ICSR 0x48
1117 +#define SS_MD0 0x4C
1118 +#define SS_MD1 0x50
1119 +#define SS_MD2 0x54
1120 +#define SS_MD3 0x58
1121 +#define SS_MD4 0x5C
1123 +#define SS_RXFIFO 0x200
1124 +#define SS_TXFIFO 0x204
1126 +/* SS_CTL configuration values */
1128 +/* PRNG generator mode - bit 15 */
1129 +#define SS_PRNG_ONESHOT (0 << 15)
1130 +#define SS_PRNG_CONTINUE (1 << 15)
1132 +/* SS operation mode - bits 12-13 */
1133 +#define SS_ECB (0 << 12)
1134 +#define SS_CBC (1 << 12)
1135 +#define SS_CNT (2 << 12)
1137 +/* Counter width for CNT mode - bits 10-11 */
1138 +#define SS_CNT_16BITS (0 << 10)
1139 +#define SS_CNT_32BITS (1 << 10)
1140 +#define SS_CNT_64BITS (2 << 10)
1142 +/* Key size for AES - bits 8-9 */
1143 +#define SS_AES_128BITS (0 << 8)
1144 +#define SS_AES_192BITS (1 << 8)
1145 +#define SS_AES_256BITS (2 << 8)
1147 +/* Operation direction - bit 7 */
1148 +#define SS_ENCRYPTION (0 << 7)
1149 +#define SS_DECRYPTION (1 << 7)
1151 +/* SS Method - bits 4-6 */
1152 +#define SS_OP_AES (0 << 4)
1153 +#define SS_OP_DES (1 << 4)
1154 +#define SS_OP_3DES (2 << 4)
1155 +#define SS_OP_SHA1 (3 << 4)
1156 +#define SS_OP_MD5 (4 << 4)
1157 +#define SS_OP_PRNG (5 << 4)
1159 +/* Data end bit - bit 2 */
1160 +#define SS_DATA_END (1 << 2)
1162 +/* PRNG start bit - bit 1 */
1163 +#define SS_PRNG_START (1 << 1)
1165 +/* SS Enable bit - bit 0 */
1166 +#define SS_DISABLED (0 << 0)
1167 +#define SS_ENABLED (1 << 0)
1169 +/* SS_FCSR configuration values */
1170 +/* RX FIFO status - bit 30 */
1171 +#define SS_RXFIFO_FREE (1 << 30)
1173 +/* RX FIFO empty spaces - bits 24-29 */
1174 +#define SS_RXFIFO_SPACES(val) (((val) >> 24) & 0x3f)
1176 +/* TX FIFO status - bit 22 */
1177 +#define SS_TXFIFO_AVAILABLE (1 << 22)
1179 +/* TX FIFO available spaces - bits 16-21 */
1180 +#define SS_TXFIFO_SPACES(val) (((val) >> 16) & 0x3f)
1182 +#define SS_RXFIFO_EMP_INT_PENDING (1 << 10)
1183 +#define SS_TXFIFO_AVA_INT_PENDING (1 << 8)
1184 +#define SS_RXFIFO_EMP_INT_ENABLE (1 << 2)
1185 +#define SS_TXFIFO_AVA_INT_ENABLE (1 << 0)
1187 +/* SS_ICSR configuration values */
1188 +#define SS_ICS_DRQ_ENABLE (1 << 4)
1190 +struct sunxi_ss_ctx {
1191 + void __iomem *base;
1193 + struct clk *busclk;
1194 + struct clk *ssclk;
1195 + struct device *dev;
1196 + struct resource *res;
1197 + void *buf_in; /* pointer to data to be uploaded to the device */
1198 + size_t buf_in_size; /* size of buf_in */
1200 + size_t buf_out_size;
1201 + struct mutex lock; /* control the use of the device */
1202 + struct mutex bufout_lock; /* control the use of buf_out*/
1203 + struct mutex bufin_lock; /* control the sue of buf_in*/
1206 +struct sunxi_req_ctx {
1207 + u32 key[AES_MAX_KEY_SIZE / 4];/* divided by sizeof(u32) */
1210 + u64 byte_count; /* number of bytes "uploaded" to the device */
1211 + u32 waitbuf; /* a partial word waiting to be completed and
1212 + uploaded to the device */
1213 + /* number of bytes to be uploaded in the waitbuf word */
1214 + unsigned int nbwait;
1217 +#define SS_SEED_LEN (192/8)
1218 +#define SS_DATA_LEN (160/8)
1220 +struct prng_context {
1221 + u32 seed[SS_SEED_LEN/4];
1222 + unsigned int slen;
1225 +int sunxi_hash_init(struct ahash_request *areq);
1226 +int sunxi_hash_update(struct ahash_request *areq);
1227 +int sunxi_hash_final(struct ahash_request *areq);
1228 +int sunxi_hash_finup(struct ahash_request *areq);
1229 +int sunxi_hash_digest(struct ahash_request *areq);
1231 +int sunxi_ss_aes_poll(struct ablkcipher_request *areq);
1232 +int sunxi_ss_des_poll(struct ablkcipher_request *areq);
1233 +int sunxi_ss_cipher_init(struct crypto_tfm *tfm);
1234 +int sunxi_ss_cipher_encrypt(struct ablkcipher_request *areq);
1235 +int sunxi_ss_cipher_decrypt(struct ablkcipher_request *areq);
1236 +int sunxi_ss_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1237 + unsigned int keylen);
1238 +int sunxi_ss_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1239 + unsigned int keylen);
1240 +int sunxi_ss_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1241 + unsigned int keylen);