1 From 6298e948215f2a3eb8a9af5c490d025deb66f179 Mon Sep 17 00:00:00 2001
2 From: LABBE Corentin <clabbe.montjoie@gmail.com>
3 Date: Fri, 17 Jul 2015 16:39:41 +0200
4 Subject: [PATCH] crypto: sunxi-ss - Add Allwinner Security System crypto
7 Add support for the Security System included in Allwinner SoC A20.
8 The Security System is a hardware cryptographic accelerator that support:
9 - MD5 and SHA1 hash algorithms
10 - AES block cipher in CBC/ECB mode with 128/196/256bits keys.
11 - DES and 3DES block cipher in CBC/ECB mode
13 Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
14 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
16 drivers/crypto/Kconfig | 17 +
17 drivers/crypto/Makefile | 1 +
18 drivers/crypto/sunxi-ss/Makefile | 2 +
19 drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 542 ++++++++++++++++++++++++++++++
20 drivers/crypto/sunxi-ss/sun4i-ss-core.c | 403 ++++++++++++++++++++++
21 drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 492 +++++++++++++++++++++++++++
22 drivers/crypto/sunxi-ss/sun4i-ss.h | 199 +++++++++++
23 7 files changed, 1656 insertions(+)
24 create mode 100644 drivers/crypto/sunxi-ss/Makefile
25 create mode 100644 drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
26 create mode 100644 drivers/crypto/sunxi-ss/sun4i-ss-core.c
27 create mode 100644 drivers/crypto/sunxi-ss/sun4i-ss-hash.c
28 create mode 100644 drivers/crypto/sunxi-ss/sun4i-ss.h
30 --- a/drivers/crypto/Kconfig
31 +++ b/drivers/crypto/Kconfig
32 @@ -460,4 +460,21 @@ config CRYPTO_DEV_IMGTEC_HASH
33 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
36 +config CRYPTO_DEV_SUN4I_SS
37 + tristate "Support for Allwinner Security System cryptographic accelerator"
38 + depends on ARCH_SUNXI
43 + select CRYPTO_BLKCIPHER
45 + Some Allwinner SoC have a crypto accelerator named
46 + Security System. Select this if you want to use it.
47 + The Security System handle AES/DES/3DES ciphers in CBC mode
48 + and SHA1 and MD5 hash algorithms.
50 + To compile this driver as a module, choose M here: the module
51 + will be called sun4i-ss.
54 --- a/drivers/crypto/Makefile
55 +++ b/drivers/crypto/Makefile
56 @@ -27,3 +27,4 @@ obj-$(CONFIG_CRYPTO_DEV_UX500) += ux500/
57 obj-$(CONFIG_CRYPTO_DEV_QAT) += qat/
58 obj-$(CONFIG_CRYPTO_DEV_QCE) += qce/
59 obj-$(CONFIG_CRYPTO_DEV_VMX) += vmx/
60 +obj-$(CONFIG_CRYPTO_DEV_SUN4I_SS) += sunxi-ss/
62 +++ b/drivers/crypto/sunxi-ss/Makefile
64 +obj-$(CONFIG_CRYPTO_DEV_SUN4I_SS) += sun4i-ss.o
65 +sun4i-ss-y += sun4i-ss-core.o sun4i-ss-hash.o sun4i-ss-cipher.o
67 +++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
70 + * sun4i-ss-cipher.c - hardware cryptographic accelerator for Allwinner A20 SoC
72 + * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
74 + * This file add support for AES cipher with 128,192,256 bits
75 + * keysize in CBC and ECB mode.
76 + * Add support also for DES and 3DES in CBC and ECB mode.
78 + * You could find the datasheet in Documentation/arm/sunxi/README
80 + * This program is free software; you can redistribute it and/or modify
81 + * it under the terms of the GNU General Public License as published by
82 + * the Free Software Foundation; either version 2 of the License, or
83 + * (at your option) any later version.
85 +#include "sun4i-ss.h"
87 +static int sun4i_ss_opti_poll(struct ablkcipher_request *areq)
89 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
90 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
91 + struct sun4i_ss_ctx *ss = op->ss;
92 + unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
93 + struct sun4i_cipher_req_ctx *ctx = ablkcipher_request_ctx(areq);
94 + u32 mode = ctx->mode;
95 + /* when activating SS, the default FIFO space is SS_RX_DEFAULT(32) */
96 + u32 rx_cnt = SS_RX_DEFAULT;
101 + unsigned int ileft = areq->nbytes;
102 + unsigned int oleft = areq->nbytes;
104 + struct sg_mapping_iter mi, mo;
105 + unsigned int oi, oo; /* offset for in and out */
107 + if (areq->nbytes == 0)
111 + dev_err_ratelimited(ss->dev, "ERROR: Empty IV\n");
115 + if (!areq->src || !areq->dst) {
116 + dev_err_ratelimited(ss->dev, "ERROR: Some SGs are NULL\n");
120 + spin_lock_bh(&ss->slock);
122 + for (i = 0; i < op->keylen; i += 4)
123 + writel(*(op->key + i / 4), ss->base + SS_KEY0 + i);
126 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
127 + v = *(u32 *)(areq->info + i * 4);
128 + writel(v, ss->base + SS_IV0 + i * 4);
131 + writel(mode, ss->base + SS_CTL);
133 + sg_miter_start(&mi, areq->src, sg_nents(areq->src),
134 + SG_MITER_FROM_SG | SG_MITER_ATOMIC);
135 + sg_miter_start(&mo, areq->dst, sg_nents(areq->dst),
136 + SG_MITER_TO_SG | SG_MITER_ATOMIC);
137 + sg_miter_next(&mi);
138 + sg_miter_next(&mo);
139 + if (!mi.addr || !mo.addr) {
140 + dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
145 + ileft = areq->nbytes / 4;
146 + oleft = areq->nbytes / 4;
150 + todo = min3(rx_cnt, ileft, (mi.length - oi) / 4);
153 + writesl(ss->base + SS_RXFIFO, mi.addr + oi, todo);
156 + if (oi == mi.length) {
157 + sg_miter_next(&mi);
161 + spaces = readl(ss->base + SS_FCSR);
162 + rx_cnt = SS_RXFIFO_SPACES(spaces);
163 + tx_cnt = SS_TXFIFO_SPACES(spaces);
165 + todo = min3(tx_cnt, oleft, (mo.length - oo) / 4);
168 + readsl(ss->base + SS_TXFIFO, mo.addr + oo, todo);
171 + if (oo == mo.length) {
172 + sg_miter_next(&mo);
175 + } while (mo.length > 0);
178 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
179 + v = readl(ss->base + SS_IV0 + i * 4);
180 + *(u32 *)(areq->info + i * 4) = v;
185 + sg_miter_stop(&mi);
186 + sg_miter_stop(&mo);
187 + writel(0, ss->base + SS_CTL);
188 + spin_unlock_bh(&ss->slock);
192 +/* Generic function that support SG with size not multiple of 4 */
193 +static int sun4i_ss_cipher_poll(struct ablkcipher_request *areq)
195 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
196 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
197 + struct sun4i_ss_ctx *ss = op->ss;
199 + struct scatterlist *in_sg = areq->src;
200 + struct scatterlist *out_sg = areq->dst;
201 + unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
202 + struct sun4i_cipher_req_ctx *ctx = ablkcipher_request_ctx(areq);
203 + u32 mode = ctx->mode;
204 + /* when activating SS, the default FIFO space is SS_RX_DEFAULT(32) */
205 + u32 rx_cnt = SS_RX_DEFAULT;
210 + unsigned int ileft = areq->nbytes;
211 + unsigned int oleft = areq->nbytes;
213 + struct sg_mapping_iter mi, mo;
214 + unsigned int oi, oo; /* offset for in and out */
215 + char buf[4 * SS_RX_MAX];/* buffer for linearize SG src */
216 + char bufo[4 * SS_TX_MAX]; /* buffer for linearize SG dst */
217 + unsigned int ob = 0; /* offset in buf */
218 + unsigned int obo = 0; /* offset in bufo*/
219 + unsigned int obl = 0; /* length of data in bufo */
221 + if (areq->nbytes == 0)
225 + dev_err_ratelimited(ss->dev, "ERROR: Empty IV\n");
229 + if (!areq->src || !areq->dst) {
230 + dev_err_ratelimited(ss->dev, "ERROR: Some SGs are NULL\n");
235 + * if we have only SGs with size multiple of 4,
236 + * we can use the SS optimized function
238 + while (in_sg && no_chunk == 1) {
239 + if ((in_sg->length % 4) != 0)
241 + in_sg = sg_next(in_sg);
243 + while (out_sg && no_chunk == 1) {
244 + if ((out_sg->length % 4) != 0)
246 + out_sg = sg_next(out_sg);
250 + return sun4i_ss_opti_poll(areq);
252 + spin_lock_bh(&ss->slock);
254 + for (i = 0; i < op->keylen; i += 4)
255 + writel(*(op->key + i / 4), ss->base + SS_KEY0 + i);
258 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
259 + v = *(u32 *)(areq->info + i * 4);
260 + writel(v, ss->base + SS_IV0 + i * 4);
263 + writel(mode, ss->base + SS_CTL);
265 + sg_miter_start(&mi, areq->src, sg_nents(areq->src),
266 + SG_MITER_FROM_SG | SG_MITER_ATOMIC);
267 + sg_miter_start(&mo, areq->dst, sg_nents(areq->dst),
268 + SG_MITER_TO_SG | SG_MITER_ATOMIC);
269 + sg_miter_next(&mi);
270 + sg_miter_next(&mo);
271 + if (!mi.addr || !mo.addr) {
272 + dev_err_ratelimited(ss->dev, "ERROR: sg_miter return null\n");
276 + ileft = areq->nbytes;
277 + oleft = areq->nbytes;
281 + while (oleft > 0) {
284 + * todo is the number of consecutive 4byte word that we
285 + * can read from current SG
287 + todo = min3(rx_cnt, ileft / 4, (mi.length - oi) / 4);
288 + if (todo > 0 && ob == 0) {
289 + writesl(ss->base + SS_RXFIFO, mi.addr + oi,
295 + * not enough consecutive bytes, so we need to
296 + * linearize in buf. todo is in bytes
297 + * After that copy, if we have a multiple of 4
298 + * we need to be able to write all buf in one
299 + * pass, so it is why we min() with rx_cnt
301 + todo = min3(rx_cnt * 4 - ob, ileft,
303 + memcpy(buf + ob, mi.addr + oi, todo);
308 + writesl(ss->base + SS_RXFIFO, buf,
313 + if (oi == mi.length) {
314 + sg_miter_next(&mi);
319 + spaces = readl(ss->base + SS_FCSR);
320 + rx_cnt = SS_RXFIFO_SPACES(spaces);
321 + tx_cnt = SS_TXFIFO_SPACES(spaces);
322 + dev_dbg(ss->dev, "%x %u/%u %u/%u cnt=%u %u/%u %u/%u cnt=%u %u %u\n",
324 + oi, mi.length, ileft, areq->nbytes, rx_cnt,
325 + oo, mo.length, oleft, areq->nbytes, tx_cnt,
330 + /* todo in 4bytes word */
331 + todo = min3(tx_cnt, oleft / 4, (mo.length - oo) / 4);
333 + readsl(ss->base + SS_TXFIFO, mo.addr + oo, todo);
336 + if (oo == mo.length) {
337 + sg_miter_next(&mo);
342 + * read obl bytes in bufo, we read at maximum for
343 + * emptying the device
345 + readsl(ss->base + SS_TXFIFO, bufo, tx_cnt);
350 + * how many bytes we can copy ?
351 + * no more than remaining SG size
352 + * no more than remaining buffer
353 + * no need to test against oleft
355 + todo = min(mo.length - oo, obl - obo);
356 + memcpy(mo.addr + oo, bufo + obo, todo);
360 + if (oo == mo.length) {
361 + sg_miter_next(&mo);
364 + } while (obo < obl);
365 + /* bufo must be fully used here */
369 + for (i = 0; i < 4 && i < ivsize / 4; i++) {
370 + v = readl(ss->base + SS_IV0 + i * 4);
371 + *(u32 *)(areq->info + i * 4) = v;
376 + sg_miter_stop(&mi);
377 + sg_miter_stop(&mo);
378 + writel(0, ss->base + SS_CTL);
379 + spin_unlock_bh(&ss->slock);
385 +int sun4i_ss_cbc_aes_encrypt(struct ablkcipher_request *areq)
387 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
388 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
389 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
391 + rctx->mode = SS_OP_AES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
393 + return sun4i_ss_cipher_poll(areq);
396 +int sun4i_ss_cbc_aes_decrypt(struct ablkcipher_request *areq)
398 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
399 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
400 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
402 + rctx->mode = SS_OP_AES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
404 + return sun4i_ss_cipher_poll(areq);
408 +int sun4i_ss_ecb_aes_encrypt(struct ablkcipher_request *areq)
410 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
411 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
412 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
414 + rctx->mode = SS_OP_AES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
416 + return sun4i_ss_cipher_poll(areq);
419 +int sun4i_ss_ecb_aes_decrypt(struct ablkcipher_request *areq)
421 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
422 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
423 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
425 + rctx->mode = SS_OP_AES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
427 + return sun4i_ss_cipher_poll(areq);
431 +int sun4i_ss_cbc_des_encrypt(struct ablkcipher_request *areq)
433 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
434 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
435 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
437 + rctx->mode = SS_OP_DES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
439 + return sun4i_ss_cipher_poll(areq);
442 +int sun4i_ss_cbc_des_decrypt(struct ablkcipher_request *areq)
444 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
445 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
446 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
448 + rctx->mode = SS_OP_DES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
450 + return sun4i_ss_cipher_poll(areq);
454 +int sun4i_ss_ecb_des_encrypt(struct ablkcipher_request *areq)
456 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
457 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
458 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
460 + rctx->mode = SS_OP_DES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
462 + return sun4i_ss_cipher_poll(areq);
465 +int sun4i_ss_ecb_des_decrypt(struct ablkcipher_request *areq)
467 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
468 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
469 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
471 + rctx->mode = SS_OP_DES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
473 + return sun4i_ss_cipher_poll(areq);
477 +int sun4i_ss_cbc_des3_encrypt(struct ablkcipher_request *areq)
479 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
480 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
481 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
483 + rctx->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | SS_ENCRYPTION |
485 + return sun4i_ss_cipher_poll(areq);
488 +int sun4i_ss_cbc_des3_decrypt(struct ablkcipher_request *areq)
490 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
491 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
492 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
494 + rctx->mode = SS_OP_3DES | SS_CBC | SS_ENABLED | SS_DECRYPTION |
496 + return sun4i_ss_cipher_poll(areq);
500 +int sun4i_ss_ecb_des3_encrypt(struct ablkcipher_request *areq)
502 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
503 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
504 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
506 + rctx->mode = SS_OP_3DES | SS_ECB | SS_ENABLED | SS_ENCRYPTION |
508 + return sun4i_ss_cipher_poll(areq);
511 +int sun4i_ss_ecb_des3_decrypt(struct ablkcipher_request *areq)
513 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(areq);
514 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
515 + struct sun4i_cipher_req_ctx *rctx = ablkcipher_request_ctx(areq);
517 + rctx->mode = SS_OP_3DES | SS_ECB | SS_ENABLED | SS_DECRYPTION |
519 + return sun4i_ss_cipher_poll(areq);
522 +int sun4i_ss_cipher_init(struct crypto_tfm *tfm)
524 + struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
525 + struct crypto_alg *alg = tfm->__crt_alg;
526 + struct sun4i_ss_alg_template *algt;
528 + memset(op, 0, sizeof(struct sun4i_tfm_ctx));
530 + algt = container_of(alg, struct sun4i_ss_alg_template, alg.crypto);
533 + tfm->crt_ablkcipher.reqsize = sizeof(struct sun4i_cipher_req_ctx);
538 +/* check and set the AES key, prepare the mode to be used */
539 +int sun4i_ss_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
540 + unsigned int keylen)
542 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
543 + struct sun4i_ss_ctx *ss = op->ss;
547 + op->keymode = SS_AES_128BITS;
550 + op->keymode = SS_AES_192BITS;
553 + op->keymode = SS_AES_256BITS;
556 + dev_err(ss->dev, "ERROR: Invalid keylen %u\n", keylen);
557 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
560 + op->keylen = keylen;
561 + memcpy(op->key, key, keylen);
565 +/* check and set the DES key, prepare the mode to be used */
566 +int sun4i_ss_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
567 + unsigned int keylen)
569 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
570 + struct sun4i_ss_ctx *ss = op->ss;
572 + u32 tmp[DES_EXPKEY_WORDS];
575 + if (unlikely(keylen != DES_KEY_SIZE)) {
576 + dev_err(ss->dev, "Invalid keylen %u\n", keylen);
577 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
581 + flags = crypto_ablkcipher_get_flags(tfm);
583 + ret = des_ekey(tmp, key);
584 + if (unlikely(ret == 0) && (flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
585 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
586 + dev_dbg(ss->dev, "Weak key %u\n", keylen);
590 + op->keylen = keylen;
591 + memcpy(op->key, key, keylen);
595 +/* check and set the 3DES key, prepare the mode to be used */
596 +int sun4i_ss_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
597 + unsigned int keylen)
599 + struct sun4i_tfm_ctx *op = crypto_ablkcipher_ctx(tfm);
600 + struct sun4i_ss_ctx *ss = op->ss;
602 + if (unlikely(keylen != 3 * DES_KEY_SIZE)) {
603 + dev_err(ss->dev, "Invalid keylen %u\n", keylen);
604 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
607 + op->keylen = keylen;
608 + memcpy(op->key, key, keylen);
612 +++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
615 + * sun4i-ss-core.c - hardware cryptographic accelerator for Allwinner A20 SoC
617 + * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
619 + * Core file which registers crypto algorithms supported by the SS.
621 + * You could find a link for the datasheet in Documentation/arm/sunxi/README
623 + * This program is free software; you can redistribute it and/or modify
624 + * it under the terms of the GNU General Public License as published by
625 + * the Free Software Foundation; either version 2 of the License, or
626 + * (at your option) any later version.
628 +#include <linux/clk.h>
629 +#include <linux/crypto.h>
630 +#include <linux/io.h>
631 +#include <linux/module.h>
632 +#include <linux/of.h>
633 +#include <linux/platform_device.h>
634 +#include <crypto/scatterwalk.h>
635 +#include <linux/scatterlist.h>
636 +#include <linux/interrupt.h>
637 +#include <linux/delay.h>
639 +#include "sun4i-ss.h"
641 +static struct sun4i_ss_alg_template ss_algs[] = {
642 +{ .type = CRYPTO_ALG_TYPE_AHASH,
645 + .init = sun4i_hash_init,
646 + .update = sun4i_hash_update,
647 + .final = sun4i_hash_final,
648 + .finup = sun4i_hash_finup,
649 + .digest = sun4i_hash_digest,
650 + .export = sun4i_hash_export_md5,
651 + .import = sun4i_hash_import_md5,
653 + .digestsize = MD5_DIGEST_SIZE,
656 + .cra_driver_name = "md5-sun4i-ss",
657 + .cra_priority = 300,
658 + .cra_alignmask = 3,
659 + .cra_flags = CRYPTO_ALG_TYPE_AHASH,
660 + .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
661 + .cra_ctxsize = sizeof(struct sun4i_req_ctx),
662 + .cra_module = THIS_MODULE,
663 + .cra_type = &crypto_ahash_type,
664 + .cra_init = sun4i_hash_crainit
669 +{ .type = CRYPTO_ALG_TYPE_AHASH,
670 + .mode = SS_OP_SHA1,
672 + .init = sun4i_hash_init,
673 + .update = sun4i_hash_update,
674 + .final = sun4i_hash_final,
675 + .finup = sun4i_hash_finup,
676 + .digest = sun4i_hash_digest,
677 + .export = sun4i_hash_export_sha1,
678 + .import = sun4i_hash_import_sha1,
680 + .digestsize = SHA1_DIGEST_SIZE,
682 + .cra_name = "sha1",
683 + .cra_driver_name = "sha1-sun4i-ss",
684 + .cra_priority = 300,
685 + .cra_alignmask = 3,
686 + .cra_flags = CRYPTO_ALG_TYPE_AHASH,
687 + .cra_blocksize = SHA1_BLOCK_SIZE,
688 + .cra_ctxsize = sizeof(struct sun4i_req_ctx),
689 + .cra_module = THIS_MODULE,
690 + .cra_type = &crypto_ahash_type,
691 + .cra_init = sun4i_hash_crainit
696 +{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER,
698 + .cra_name = "cbc(aes)",
699 + .cra_driver_name = "cbc-aes-sun4i-ss",
700 + .cra_priority = 300,
701 + .cra_blocksize = AES_BLOCK_SIZE,
702 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
703 + .cra_ctxsize = sizeof(struct sun4i_tfm_ctx),
704 + .cra_module = THIS_MODULE,
705 + .cra_alignmask = 3,
706 + .cra_type = &crypto_ablkcipher_type,
707 + .cra_init = sun4i_ss_cipher_init,
708 + .cra_ablkcipher = {
709 + .min_keysize = AES_MIN_KEY_SIZE,
710 + .max_keysize = AES_MAX_KEY_SIZE,
711 + .ivsize = AES_BLOCK_SIZE,
712 + .setkey = sun4i_ss_aes_setkey,
713 + .encrypt = sun4i_ss_cbc_aes_encrypt,
714 + .decrypt = sun4i_ss_cbc_aes_decrypt,
718 +{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER,
720 + .cra_name = "ecb(aes)",
721 + .cra_driver_name = "ecb-aes-sun4i-ss",
722 + .cra_priority = 300,
723 + .cra_blocksize = AES_BLOCK_SIZE,
724 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
725 + .cra_ctxsize = sizeof(struct sun4i_tfm_ctx),
726 + .cra_module = THIS_MODULE,
727 + .cra_alignmask = 3,
728 + .cra_type = &crypto_ablkcipher_type,
729 + .cra_init = sun4i_ss_cipher_init,
730 + .cra_ablkcipher = {
731 + .min_keysize = AES_MIN_KEY_SIZE,
732 + .max_keysize = AES_MAX_KEY_SIZE,
733 + .ivsize = AES_BLOCK_SIZE,
734 + .setkey = sun4i_ss_aes_setkey,
735 + .encrypt = sun4i_ss_ecb_aes_encrypt,
736 + .decrypt = sun4i_ss_ecb_aes_decrypt,
740 +{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER,
742 + .cra_name = "cbc(des)",
743 + .cra_driver_name = "cbc-des-sun4i-ss",
744 + .cra_priority = 300,
745 + .cra_blocksize = DES_BLOCK_SIZE,
746 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
747 + .cra_ctxsize = sizeof(struct sun4i_req_ctx),
748 + .cra_module = THIS_MODULE,
749 + .cra_alignmask = 3,
750 + .cra_type = &crypto_ablkcipher_type,
751 + .cra_init = sun4i_ss_cipher_init,
752 + .cra_u.ablkcipher = {
753 + .min_keysize = DES_KEY_SIZE,
754 + .max_keysize = DES_KEY_SIZE,
755 + .ivsize = DES_BLOCK_SIZE,
756 + .setkey = sun4i_ss_des_setkey,
757 + .encrypt = sun4i_ss_cbc_des_encrypt,
758 + .decrypt = sun4i_ss_cbc_des_decrypt,
762 +{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER,
764 + .cra_name = "ecb(des)",
765 + .cra_driver_name = "ecb-des-sun4i-ss",
766 + .cra_priority = 300,
767 + .cra_blocksize = DES_BLOCK_SIZE,
768 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
769 + .cra_ctxsize = sizeof(struct sun4i_req_ctx),
770 + .cra_module = THIS_MODULE,
771 + .cra_alignmask = 3,
772 + .cra_type = &crypto_ablkcipher_type,
773 + .cra_init = sun4i_ss_cipher_init,
774 + .cra_u.ablkcipher = {
775 + .min_keysize = DES_KEY_SIZE,
776 + .max_keysize = DES_KEY_SIZE,
777 + .setkey = sun4i_ss_des_setkey,
778 + .encrypt = sun4i_ss_ecb_des_encrypt,
779 + .decrypt = sun4i_ss_ecb_des_decrypt,
783 +{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER,
785 + .cra_name = "cbc(des3_ede)",
786 + .cra_driver_name = "cbc-des3-sun4i-ss",
787 + .cra_priority = 300,
788 + .cra_blocksize = DES3_EDE_BLOCK_SIZE,
789 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
790 + .cra_ctxsize = sizeof(struct sun4i_req_ctx),
791 + .cra_module = THIS_MODULE,
792 + .cra_alignmask = 3,
793 + .cra_type = &crypto_ablkcipher_type,
794 + .cra_init = sun4i_ss_cipher_init,
795 + .cra_u.ablkcipher = {
796 + .min_keysize = DES3_EDE_KEY_SIZE,
797 + .max_keysize = DES3_EDE_KEY_SIZE,
798 + .ivsize = DES3_EDE_BLOCK_SIZE,
799 + .setkey = sun4i_ss_des3_setkey,
800 + .encrypt = sun4i_ss_cbc_des3_encrypt,
801 + .decrypt = sun4i_ss_cbc_des3_decrypt,
805 +{ .type = CRYPTO_ALG_TYPE_ABLKCIPHER,
807 + .cra_name = "ecb(des3_ede)",
808 + .cra_driver_name = "ecb-des3-sun4i-ss",
809 + .cra_priority = 300,
810 + .cra_blocksize = DES3_EDE_BLOCK_SIZE,
811 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER,
812 + .cra_ctxsize = sizeof(struct sun4i_req_ctx),
813 + .cra_module = THIS_MODULE,
814 + .cra_alignmask = 3,
815 + .cra_type = &crypto_ablkcipher_type,
816 + .cra_init = sun4i_ss_cipher_init,
817 + .cra_u.ablkcipher = {
818 + .min_keysize = DES3_EDE_KEY_SIZE,
819 + .max_keysize = DES3_EDE_KEY_SIZE,
820 + .ivsize = DES3_EDE_BLOCK_SIZE,
821 + .setkey = sun4i_ss_des3_setkey,
822 + .encrypt = sun4i_ss_ecb_des3_encrypt,
823 + .decrypt = sun4i_ss_ecb_des3_decrypt,
829 +static int sun4i_ss_probe(struct platform_device *pdev)
831 + struct resource *res;
835 + const unsigned long cr_ahb = 24 * 1000 * 1000;
836 + const unsigned long cr_mod = 150 * 1000 * 1000;
837 + struct sun4i_ss_ctx *ss;
839 + if (!pdev->dev.of_node)
842 + ss = devm_kzalloc(&pdev->dev, sizeof(*ss), GFP_KERNEL);
846 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
847 + ss->base = devm_ioremap_resource(&pdev->dev, res);
848 + if (IS_ERR(ss->base)) {
849 + dev_err(&pdev->dev, "Cannot request MMIO\n");
850 + return PTR_ERR(ss->base);
853 + ss->ssclk = devm_clk_get(&pdev->dev, "mod");
854 + if (IS_ERR(ss->ssclk)) {
855 + err = PTR_ERR(ss->ssclk);
856 + dev_err(&pdev->dev, "Cannot get SS clock err=%d\n", err);
859 + dev_dbg(&pdev->dev, "clock ss acquired\n");
861 + ss->busclk = devm_clk_get(&pdev->dev, "ahb");
862 + if (IS_ERR(ss->busclk)) {
863 + err = PTR_ERR(ss->busclk);
864 + dev_err(&pdev->dev, "Cannot get AHB SS clock err=%d\n", err);
867 + dev_dbg(&pdev->dev, "clock ahb_ss acquired\n");
869 + /* Enable both clocks */
870 + err = clk_prepare_enable(ss->busclk);
872 + dev_err(&pdev->dev, "Cannot prepare_enable busclk\n");
875 + err = clk_prepare_enable(ss->ssclk);
877 + dev_err(&pdev->dev, "Cannot prepare_enable ssclk\n");
882 + * Check that clock have the correct rates given in the datasheet
883 + * Try to set the clock to the maximum allowed
885 + err = clk_set_rate(ss->ssclk, cr_mod);
887 + dev_err(&pdev->dev, "Cannot set clock rate to ssclk\n");
892 + * The only impact on clocks below requirement are bad performance,
893 + * so do not print "errors"
894 + * warn on Overclocked clocks
896 + cr = clk_get_rate(ss->busclk);
898 + dev_dbg(&pdev->dev, "Clock bus %lu (%lu MHz) (must be >= %lu)\n",
899 + cr, cr / 1000000, cr_ahb);
901 + dev_warn(&pdev->dev, "Clock bus %lu (%lu MHz) (must be >= %lu)\n",
902 + cr, cr / 1000000, cr_ahb);
904 + cr = clk_get_rate(ss->ssclk);
907 + dev_warn(&pdev->dev, "Clock ss %lu (%lu MHz) (must be <= %lu)\n",
908 + cr, cr / 1000000, cr_mod);
910 + dev_dbg(&pdev->dev, "Clock ss %lu (%lu MHz) (must be <= %lu)\n",
911 + cr, cr / 1000000, cr_mod);
913 + dev_warn(&pdev->dev, "Clock ss is at %lu (%lu MHz) (must be <= %lu)\n",
914 + cr, cr / 1000000, cr_mod);
917 + * Datasheet named it "Die Bonding ID"
918 + * I expect to be a sort of Security System Revision number.
919 + * Since the A80 seems to have an other version of SS
920 + * this info could be useful
922 + writel(SS_ENABLED, ss->base + SS_CTL);
923 + v = readl(ss->base + SS_CTL);
926 + dev_info(&pdev->dev, "Die ID %d\n", v);
927 + writel(0, ss->base + SS_CTL);
929 + ss->dev = &pdev->dev;
931 + spin_lock_init(&ss->slock);
933 + for (i = 0; i < ARRAY_SIZE(ss_algs); i++) {
934 + ss_algs[i].ss = ss;
935 + switch (ss_algs[i].type) {
936 + case CRYPTO_ALG_TYPE_ABLKCIPHER:
937 + err = crypto_register_alg(&ss_algs[i].alg.crypto);
939 + dev_err(ss->dev, "Fail to register %s\n",
940 + ss_algs[i].alg.crypto.cra_name);
944 + case CRYPTO_ALG_TYPE_AHASH:
945 + err = crypto_register_ahash(&ss_algs[i].alg.hash);
947 + dev_err(ss->dev, "Fail to register %s\n",
948 + ss_algs[i].alg.hash.halg.base.cra_name);
954 + platform_set_drvdata(pdev, ss);
958 + for (; i >= 0; i--) {
959 + switch (ss_algs[i].type) {
960 + case CRYPTO_ALG_TYPE_ABLKCIPHER:
961 + crypto_unregister_alg(&ss_algs[i].alg.crypto);
963 + case CRYPTO_ALG_TYPE_AHASH:
964 + crypto_unregister_ahash(&ss_algs[i].alg.hash);
969 + clk_disable_unprepare(ss->ssclk);
971 + clk_disable_unprepare(ss->busclk);
975 +static int sun4i_ss_remove(struct platform_device *pdev)
978 + struct sun4i_ss_ctx *ss = platform_get_drvdata(pdev);
980 + for (i = 0; i < ARRAY_SIZE(ss_algs); i++) {
981 + switch (ss_algs[i].type) {
982 + case CRYPTO_ALG_TYPE_ABLKCIPHER:
983 + crypto_unregister_alg(&ss_algs[i].alg.crypto);
985 + case CRYPTO_ALG_TYPE_AHASH:
986 + crypto_unregister_ahash(&ss_algs[i].alg.hash);
991 + writel(0, ss->base + SS_CTL);
992 + clk_disable_unprepare(ss->busclk);
993 + clk_disable_unprepare(ss->ssclk);
997 +static const struct of_device_id a20ss_crypto_of_match_table[] = {
998 + { .compatible = "allwinner,sun4i-a10-crypto" },
1001 +MODULE_DEVICE_TABLE(of, a20ss_crypto_of_match_table);
1003 +static struct platform_driver sun4i_ss_driver = {
1004 + .probe = sun4i_ss_probe,
1005 + .remove = sun4i_ss_remove,
1007 + .name = "sun4i-ss",
1008 + .of_match_table = a20ss_crypto_of_match_table,
1012 +module_platform_driver(sun4i_ss_driver);
1014 +MODULE_DESCRIPTION("Allwinner Security System cryptographic accelerator");
1015 +MODULE_LICENSE("GPL");
1016 +MODULE_AUTHOR("Corentin LABBE <clabbe.montjoie@gmail.com>");
1018 +++ b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c
1021 + * sun4i-ss-hash.c - hardware cryptographic accelerator for Allwinner A20 SoC
1023 + * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
1025 + * This file add support for MD5 and SHA1.
1027 + * You could find the datasheet in Documentation/arm/sunxi/README
1029 + * This program is free software; you can redistribute it and/or modify
1030 + * it under the terms of the GNU General Public License as published by
1031 + * the Free Software Foundation; either version 2 of the License, or
1032 + * (at your option) any later version.
1034 +#include "sun4i-ss.h"
1035 +#include <linux/scatterlist.h>
1037 +/* This is a totally arbitrary value */
1038 +#define SS_TIMEOUT 100
1040 +int sun4i_hash_crainit(struct crypto_tfm *tfm)
1042 + crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
1043 + sizeof(struct sun4i_req_ctx));
1047 +/* sun4i_hash_init: initialize request context */
1048 +int sun4i_hash_init(struct ahash_request *areq)
1050 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1051 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
1052 + struct ahash_alg *alg = __crypto_ahash_alg(tfm->base.__crt_alg);
1053 + struct sun4i_ss_alg_template *algt;
1054 + struct sun4i_ss_ctx *ss;
1056 + memset(op, 0, sizeof(struct sun4i_req_ctx));
1058 + algt = container_of(alg, struct sun4i_ss_alg_template, alg.hash);
1060 + op->ss = algt->ss;
1061 + op->mode = algt->mode;
1066 +int sun4i_hash_export_md5(struct ahash_request *areq, void *out)
1068 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1069 + struct md5_state *octx = out;
1072 + octx->byte_count = op->byte_count + op->len;
1074 + memcpy(octx->block, op->buf, op->len);
1076 + if (op->byte_count > 0) {
1077 + for (i = 0; i < 4; i++)
1078 + octx->hash[i] = op->hash[i];
1080 + octx->hash[0] = SHA1_H0;
1081 + octx->hash[1] = SHA1_H1;
1082 + octx->hash[2] = SHA1_H2;
1083 + octx->hash[3] = SHA1_H3;
1089 +int sun4i_hash_import_md5(struct ahash_request *areq, const void *in)
1091 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1092 + const struct md5_state *ictx = in;
1095 + sun4i_hash_init(areq);
1097 + op->byte_count = ictx->byte_count & ~0x3F;
1098 + op->len = ictx->byte_count & 0x3F;
1100 + memcpy(op->buf, ictx->block, op->len);
1102 + for (i = 0; i < 4; i++)
1103 + op->hash[i] = ictx->hash[i];
1108 +int sun4i_hash_export_sha1(struct ahash_request *areq, void *out)
1110 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1111 + struct sha1_state *octx = out;
1114 + octx->count = op->byte_count + op->len;
1116 + memcpy(octx->buffer, op->buf, op->len);
1118 + if (op->byte_count > 0) {
1119 + for (i = 0; i < 5; i++)
1120 + octx->state[i] = op->hash[i];
1122 + octx->state[0] = SHA1_H0;
1123 + octx->state[1] = SHA1_H1;
1124 + octx->state[2] = SHA1_H2;
1125 + octx->state[3] = SHA1_H3;
1126 + octx->state[4] = SHA1_H4;
1132 +int sun4i_hash_import_sha1(struct ahash_request *areq, const void *in)
1134 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1135 + const struct sha1_state *ictx = in;
1138 + sun4i_hash_init(areq);
1140 + op->byte_count = ictx->count & ~0x3F;
1141 + op->len = ictx->count & 0x3F;
1143 + memcpy(op->buf, ictx->buffer, op->len);
1145 + for (i = 0; i < 5; i++)
1146 + op->hash[i] = ictx->state[i];
1152 + * sun4i_hash_update: update hash engine
1154 + * Could be used for both SHA1 and MD5
1155 + * Write data by step of 32bits and put then in the SS.
1157 + * Since we cannot leave partial data and hash state in the engine,
1158 + * we need to get the hash state at the end of this function.
1159 + * We can get the hash state every 64 bytes
1161 + * So the first work is to get the number of bytes to write to SS modulo 64
1162 + * The extra bytes will go to a temporary buffer op->buf storing op->len bytes
1164 + * So at the begin of update()
1165 + * if op->len + areq->nbytes < 64
1166 + * => all data will be written to wait buffer (op->buf) and end=0
1167 + * if not, write all data from op->buf to the device and position end to
1168 + * complete to 64bytes
1171 + * update1 60o => op->len=60
1172 + * update2 60o => need one more word to have 64 bytes
1174 + * so write all data from op->buf and one word of SGs
1175 + * write remaining data in op->buf
1176 + * final state op->len=56
1178 +int sun4i_hash_update(struct ahash_request *areq)
1180 + u32 v, ivmode = 0;
1181 + unsigned int i = 0;
1183 + * i is the total bytes read from SGs, to be compared to areq->nbytes
1184 + * i is important because we cannot rely on SG length since the sum of
1185 + * SG->length could be greater than areq->nbytes
1188 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1189 + struct sun4i_ss_ctx *ss = op->ss;
1190 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
1191 + unsigned int in_i = 0; /* advancement in the current SG */
1194 + * end is the position when we need to stop writing to the device,
1195 + * to be compared to i
1197 + int in_r, err = 0;
1198 + unsigned int todo;
1199 + u32 spaces, rx_cnt = SS_RX_DEFAULT;
1200 + size_t copied = 0;
1201 + struct sg_mapping_iter mi;
1203 + dev_dbg(ss->dev, "%s %s bc=%llu len=%u mode=%x wl=%u h0=%0x",
1204 + __func__, crypto_tfm_alg_name(areq->base.tfm),
1205 + op->byte_count, areq->nbytes, op->mode,
1206 + op->len, op->hash[0]);
1208 + if (areq->nbytes == 0)
1211 + /* protect against overflow */
1212 + if (areq->nbytes > UINT_MAX - op->len) {
1213 + dev_err(ss->dev, "Cannot process too large request\n");
1217 + if (op->len + areq->nbytes < 64) {
1218 + /* linearize data to op->buf */
1219 + copied = sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
1220 + op->buf + op->len, areq->nbytes, 0);
1221 + op->len += copied;
1225 + end = ((areq->nbytes + op->len) / 64) * 64 - op->len;
1227 + if (end > areq->nbytes || areq->nbytes - end > 63) {
1228 + dev_err(ss->dev, "ERROR: Bound error %u %u\n",
1229 + end, areq->nbytes);
1233 + spin_lock_bh(&ss->slock);
1236 + * if some data have been processed before,
1237 + * we need to restore the partial hash state
1239 + if (op->byte_count > 0) {
1240 + ivmode = SS_IV_ARBITRARY;
1241 + for (i = 0; i < 5; i++)
1242 + writel(op->hash[i], ss->base + SS_IV0 + i * 4);
1244 + /* Enable the device */
1245 + writel(op->mode | SS_ENABLED | ivmode, ss->base + SS_CTL);
1248 + sg_miter_start(&mi, areq->src, sg_nents(areq->src),
1249 + SG_MITER_FROM_SG | SG_MITER_ATOMIC);
1250 + sg_miter_next(&mi);
1255 + * we need to linearize in two case:
1256 + * - the buffer is already used
1257 + * - the SG does not have enough byte remaining ( < 4)
1259 + if (op->len > 0 || (mi.length - in_i) < 4) {
1261 + * if we have entered here we have two reason to stop
1262 + * - the buffer is full
1265 + while (op->len < 64 && i < end) {
1266 + /* how many bytes we can read from current SG */
1267 + in_r = min3(mi.length - in_i, end - i,
1269 + memcpy(op->buf + op->len, mi.addr + in_i, in_r);
1273 + if (in_i == mi.length) {
1274 + sg_miter_next(&mi);
1278 + if (op->len > 3 && (op->len % 4) == 0) {
1279 + /* write buf to the device */
1280 + writesl(ss->base + SS_RXFIFO, op->buf,
1282 + op->byte_count += op->len;
1286 + if (mi.length - in_i > 3 && i < end) {
1287 + /* how many bytes we can read from current SG */
1288 + in_r = min3(mi.length - in_i, areq->nbytes - i,
1289 + ((mi.length - in_i) / 4) * 4);
1290 + /* how many bytes we can write in the device*/
1291 + todo = min3((u32)(end - i) / 4, rx_cnt, (u32)in_r / 4);
1292 + writesl(ss->base + SS_RXFIFO, mi.addr + in_i, todo);
1293 + op->byte_count += todo * 4;
1297 + if (rx_cnt == 0) {
1298 + spaces = readl(ss->base + SS_FCSR);
1299 + rx_cnt = SS_RXFIFO_SPACES(spaces);
1301 + if (in_i == mi.length) {
1302 + sg_miter_next(&mi);
1306 + } while (i < end);
1307 + /* final linear */
1308 + if ((areq->nbytes - i) < 64) {
1309 + while (i < areq->nbytes && in_i < mi.length && op->len < 64) {
1310 + /* how many bytes we can read from current SG */
1311 + in_r = min3(mi.length - in_i, areq->nbytes - i,
1313 + memcpy(op->buf + op->len, mi.addr + in_i, in_r);
1317 + if (in_i == mi.length) {
1318 + sg_miter_next(&mi);
1324 + sg_miter_stop(&mi);
1326 + writel(op->mode | SS_ENABLED | SS_DATA_END, ss->base + SS_CTL);
1329 + v = readl(ss->base + SS_CTL);
1331 + } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
1332 + if (i >= SS_TIMEOUT) {
1333 + dev_err_ratelimited(ss->dev,
1334 + "ERROR: hash end timeout %d>%d ctl=%x len=%u\n",
1335 + i, SS_TIMEOUT, v, areq->nbytes);
1340 + /* get the partial hash only if something was written */
1341 + for (i = 0; i < crypto_ahash_digestsize(tfm) / 4; i++)
1342 + op->hash[i] = readl(ss->base + SS_MD0 + i * 4);
1345 + writel(0, ss->base + SS_CTL);
1346 + spin_unlock_bh(&ss->slock);
1351 + * sun4i_hash_final: finalize hashing operation
1353 + * If we have some remaining bytes, we write them.
1354 + * Then ask the SS for finalizing the hashing operation
1356 + * I do not check RX FIFO size in this function since the size is 32
1357 + * after each enabling and this function neither write more than 32 words.
1359 +int sun4i_hash_final(struct ahash_request *areq)
1361 + u32 v, ivmode = 0;
1363 + unsigned int j = 0;
1364 + int zeros, err = 0;
1365 + unsigned int index, padlen;
1367 + struct sun4i_req_ctx *op = ahash_request_ctx(areq);
1368 + struct sun4i_ss_ctx *ss = op->ss;
1369 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
1372 + unsigned int nwait, nbw = 0;
1374 + dev_dbg(ss->dev, "%s: byte=%llu len=%u mode=%x wl=%u h=%x",
1375 + __func__, op->byte_count, areq->nbytes, op->mode,
1376 + op->len, op->hash[0]);
1378 + spin_lock_bh(&ss->slock);
1381 + * if we have already written something,
1382 + * restore the partial hash state
1384 + if (op->byte_count > 0) {
1385 + ivmode = SS_IV_ARBITRARY;
1386 + for (i = 0; i < crypto_ahash_digestsize(tfm) / 4; i++)
1387 + writel(op->hash[i], ss->base + SS_IV0 + i * 4);
1389 + writel(op->mode | SS_ENABLED | ivmode, ss->base + SS_CTL);
1391 + /* write the remaining words of the wait buffer */
1392 + if (op->len > 0) {
1393 + nwait = op->len / 4;
1395 + writesl(ss->base + SS_RXFIFO, op->buf, nwait);
1396 + op->byte_count += 4 * nwait;
1398 + nbw = op->len - 4 * nwait;
1399 + wb = *(u32 *)(op->buf + nwait * 4);
1400 + wb &= (0xFFFFFFFF >> (4 - nbw) * 8);
1403 + /* write the remaining bytes of the nbw buffer */
1405 + wb |= ((1 << 7) << (nbw * 8));
1412 + * number of space to pad to obtain 64o minus 8(size) minus 4 (final 1)
1413 + * I take the operations from other MD5/SHA1 implementations
1416 + /* we have already send 4 more byte of which nbw data */
1417 + if (op->mode == SS_OP_MD5) {
1418 + index = (op->byte_count + 4) & 0x3f;
1419 + op->byte_count += nbw;
1421 + zeros = (120 - index) / 4;
1423 + zeros = (56 - index) / 4;
1425 + op->byte_count += nbw;
1426 + index = op->byte_count & 0x3f;
1427 + padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
1428 + zeros = (padlen - 1) / 4;
1431 + memset(bf + j, 0, 4 * zeros);
1434 + /* write the length of data */
1435 + if (op->mode == SS_OP_SHA1) {
1436 + bits = cpu_to_be64(op->byte_count << 3);
1437 + bf[j++] = bits & 0xffffffff;
1438 + bf[j++] = (bits >> 32) & 0xffffffff;
1440 + bf[j++] = (op->byte_count << 3) & 0xffffffff;
1441 + bf[j++] = (op->byte_count >> 29) & 0xffffffff;
1443 + writesl(ss->base + SS_RXFIFO, bf, j);
1445 + /* Tell the SS to stop the hashing */
1446 + writel(op->mode | SS_ENABLED | SS_DATA_END, ss->base + SS_CTL);
1449 + * Wait for SS to finish the hash.
1450 + * The timeout could happen only in case of bad overcloking
1455 + v = readl(ss->base + SS_CTL);
1457 + } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
1458 + if (i >= SS_TIMEOUT) {
1459 + dev_err_ratelimited(ss->dev,
1460 + "ERROR: hash end timeout %d>%d ctl=%x len=%u\n",
1461 + i, SS_TIMEOUT, v, areq->nbytes);
1466 + /* Get the hash from the device */
1467 + if (op->mode == SS_OP_SHA1) {
1468 + for (i = 0; i < 5; i++) {
1469 + v = cpu_to_be32(readl(ss->base + SS_MD0 + i * 4));
1470 + memcpy(areq->result + i * 4, &v, 4);
1473 + for (i = 0; i < 4; i++) {
1474 + v = readl(ss->base + SS_MD0 + i * 4);
1475 + memcpy(areq->result + i * 4, &v, 4);
1480 + writel(0, ss->base + SS_CTL);
1481 + spin_unlock_bh(&ss->slock);
1485 +/* sun4i_hash_finup: finalize hashing operation after an update */
1486 +int sun4i_hash_finup(struct ahash_request *areq)
1490 + err = sun4i_hash_update(areq);
1494 + return sun4i_hash_final(areq);
1497 +/* combo of init/update/final functions */
1498 +int sun4i_hash_digest(struct ahash_request *areq)
1502 + err = sun4i_hash_init(areq);
1506 + err = sun4i_hash_update(areq);
1510 + return sun4i_hash_final(areq);
1513 +++ b/drivers/crypto/sunxi-ss/sun4i-ss.h
1516 + * sun4i-ss.h - hardware cryptographic accelerator for Allwinner A20 SoC
1518 + * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
1520 + * Support AES cipher with 128,192,256 bits keysize.
1521 + * Support MD5 and SHA1 hash algorithms.
1522 + * Support DES and 3DES
1524 + * You could find the datasheet in Documentation/arm/sunxi/README
1526 + * Licensed under the GPL-2.
1529 +#include <linux/clk.h>
1530 +#include <linux/crypto.h>
1531 +#include <linux/io.h>
1532 +#include <linux/module.h>
1533 +#include <linux/of.h>
1534 +#include <linux/platform_device.h>
1535 +#include <crypto/scatterwalk.h>
1536 +#include <linux/scatterlist.h>
1537 +#include <linux/interrupt.h>
1538 +#include <linux/delay.h>
1539 +#include <crypto/md5.h>
1540 +#include <crypto/sha.h>
1541 +#include <crypto/hash.h>
1542 +#include <crypto/internal/hash.h>
1543 +#include <crypto/aes.h>
1544 +#include <crypto/des.h>
1545 +#include <crypto/internal/rng.h>
1547 +#define SS_CTL 0x00
1548 +#define SS_KEY0 0x04
1549 +#define SS_KEY1 0x08
1550 +#define SS_KEY2 0x0C
1551 +#define SS_KEY3 0x10
1552 +#define SS_KEY4 0x14
1553 +#define SS_KEY5 0x18
1554 +#define SS_KEY6 0x1C
1555 +#define SS_KEY7 0x20
1557 +#define SS_IV0 0x24
1558 +#define SS_IV1 0x28
1559 +#define SS_IV2 0x2C
1560 +#define SS_IV3 0x30
1562 +#define SS_FCSR 0x44
1564 +#define SS_MD0 0x4C
1565 +#define SS_MD1 0x50
1566 +#define SS_MD2 0x54
1567 +#define SS_MD3 0x58
1568 +#define SS_MD4 0x5C
1570 +#define SS_RXFIFO 0x200
1571 +#define SS_TXFIFO 0x204
1573 +/* SS_CTL configuration values */
1575 +/* PRNG generator mode - bit 15 */
1576 +#define SS_PRNG_ONESHOT (0 << 15)
1577 +#define SS_PRNG_CONTINUE (1 << 15)
1579 +/* IV mode for hash */
1580 +#define SS_IV_ARBITRARY (1 << 14)
1582 +/* SS operation mode - bits 12-13 */
1583 +#define SS_ECB (0 << 12)
1584 +#define SS_CBC (1 << 12)
1585 +#define SS_CTS (3 << 12)
1587 +/* Counter width for CNT mode - bits 10-11 */
1588 +#define SS_CNT_16BITS (0 << 10)
1589 +#define SS_CNT_32BITS (1 << 10)
1590 +#define SS_CNT_64BITS (2 << 10)
1592 +/* Key size for AES - bits 8-9 */
1593 +#define SS_AES_128BITS (0 << 8)
1594 +#define SS_AES_192BITS (1 << 8)
1595 +#define SS_AES_256BITS (2 << 8)
1597 +/* Operation direction - bit 7 */
1598 +#define SS_ENCRYPTION (0 << 7)
1599 +#define SS_DECRYPTION (1 << 7)
1601 +/* SS Method - bits 4-6 */
1602 +#define SS_OP_AES (0 << 4)
1603 +#define SS_OP_DES (1 << 4)
1604 +#define SS_OP_3DES (2 << 4)
1605 +#define SS_OP_SHA1 (3 << 4)
1606 +#define SS_OP_MD5 (4 << 4)
1607 +#define SS_OP_PRNG (5 << 4)
1609 +/* Data end bit - bit 2 */
1610 +#define SS_DATA_END (1 << 2)
1612 +/* PRNG start bit - bit 1 */
1613 +#define SS_PRNG_START (1 << 1)
1615 +/* SS Enable bit - bit 0 */
1616 +#define SS_DISABLED (0 << 0)
1617 +#define SS_ENABLED (1 << 0)
1619 +/* SS_FCSR configuration values */
1620 +/* RX FIFO status - bit 30 */
1621 +#define SS_RXFIFO_FREE (1 << 30)
1623 +/* RX FIFO empty spaces - bits 24-29 */
1624 +#define SS_RXFIFO_SPACES(val) (((val) >> 24) & 0x3f)
1626 +/* TX FIFO status - bit 22 */
1627 +#define SS_TXFIFO_AVAILABLE (1 << 22)
1629 +/* TX FIFO available spaces - bits 16-21 */
1630 +#define SS_TXFIFO_SPACES(val) (((val) >> 16) & 0x3f)
1632 +#define SS_RX_MAX 32
1633 +#define SS_RX_DEFAULT SS_RX_MAX
1634 +#define SS_TX_MAX 33
1636 +#define SS_RXFIFO_EMP_INT_PENDING (1 << 10)
1637 +#define SS_TXFIFO_AVA_INT_PENDING (1 << 8)
1638 +#define SS_RXFIFO_EMP_INT_ENABLE (1 << 2)
1639 +#define SS_TXFIFO_AVA_INT_ENABLE (1 << 0)
1641 +struct sun4i_ss_ctx {
1642 + void __iomem *base;
1644 + struct clk *busclk;
1645 + struct clk *ssclk;
1646 + struct device *dev;
1647 + struct resource *res;
1648 + spinlock_t slock; /* control the use of the device */
1651 +struct sun4i_ss_alg_template {
1655 + struct crypto_alg crypto;
1656 + struct ahash_alg hash;
1658 + struct sun4i_ss_ctx *ss;
1661 +struct sun4i_tfm_ctx {
1662 + u32 key[AES_MAX_KEY_SIZE / 4];/* divided by sizeof(u32) */
1665 + struct sun4i_ss_ctx *ss;
1668 +struct sun4i_cipher_req_ctx {
1672 +struct sun4i_req_ctx {
1674 + u64 byte_count; /* number of bytes "uploaded" to the device */
1675 + u32 hash[5]; /* for storing SS_IVx register */
1678 + struct sun4i_ss_ctx *ss;
1681 +int sun4i_hash_crainit(struct crypto_tfm *tfm);
1682 +int sun4i_hash_init(struct ahash_request *areq);
1683 +int sun4i_hash_update(struct ahash_request *areq);
1684 +int sun4i_hash_final(struct ahash_request *areq);
1685 +int sun4i_hash_finup(struct ahash_request *areq);
1686 +int sun4i_hash_digest(struct ahash_request *areq);
1687 +int sun4i_hash_export_md5(struct ahash_request *areq, void *out);
1688 +int sun4i_hash_import_md5(struct ahash_request *areq, const void *in);
1689 +int sun4i_hash_export_sha1(struct ahash_request *areq, void *out);
1690 +int sun4i_hash_import_sha1(struct ahash_request *areq, const void *in);
1692 +int sun4i_ss_cbc_aes_encrypt(struct ablkcipher_request *areq);
1693 +int sun4i_ss_cbc_aes_decrypt(struct ablkcipher_request *areq);
1694 +int sun4i_ss_ecb_aes_encrypt(struct ablkcipher_request *areq);
1695 +int sun4i_ss_ecb_aes_decrypt(struct ablkcipher_request *areq);
1697 +int sun4i_ss_cbc_des_encrypt(struct ablkcipher_request *areq);
1698 +int sun4i_ss_cbc_des_decrypt(struct ablkcipher_request *areq);
1699 +int sun4i_ss_ecb_des_encrypt(struct ablkcipher_request *areq);
1700 +int sun4i_ss_ecb_des_decrypt(struct ablkcipher_request *areq);
1702 +int sun4i_ss_cbc_des3_encrypt(struct ablkcipher_request *areq);
1703 +int sun4i_ss_cbc_des3_decrypt(struct ablkcipher_request *areq);
1704 +int sun4i_ss_ecb_des3_encrypt(struct ablkcipher_request *areq);
1705 +int sun4i_ss_ecb_des3_decrypt(struct ablkcipher_request *areq);
1707 +int sun4i_ss_cipher_init(struct crypto_tfm *tfm);
1708 +int sun4i_ss_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1709 + unsigned int keylen);
1710 +int sun4i_ss_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1711 + unsigned int keylen);
1712 +int sun4i_ss_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1713 + unsigned int keylen);