2011-11-05 10:42:33

by Varun Wadekar

[permalink] [raw]
Subject: [PATCH v1] crypto: driver for tegra AES hardware

From: Varun Wadekar <[email protected]>

driver supports ecb/cbc/ofb/ansi_x9.31rng modes and
128, 192 and 256-bit key sizes.

Signed-off-by: Varun Wadekar <[email protected]>
---
v1: fixed comments from Stephen Warren, Kim Phillips and Henning Heinold

drivers/crypto/Kconfig | 8 +
drivers/crypto/Makefile | 1 +
drivers/crypto/tegra-aes.c | 1090 ++++++++++++++++++++++++++++++++++++++++++++
drivers/crypto/tegra-aes.h | 103 +++++
4 files changed, 1202 insertions(+), 0 deletions(-)
create mode 100644 drivers/crypto/tegra-aes.c
create mode 100644 drivers/crypto/tegra-aes.h

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 6d16b4b..6799188 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -293,4 +293,12 @@ config CRYPTO_DEV_S5P
Select this to offload Samsung S5PV210 or S5PC110 from AES
algorithms execution.

+config CRYPTO_DEV_TEGRA_AES
+ tristate "Support for TEGRA AES hw engine"
+ depends on ARCH_TEGRA
+ select CRYPTO_AES
+ help
+ TEGRA processors have AES module accelerator. Select this if you
+ want to use the TEGRA module for AES algorithms.
+
endif # CRYPTO_HW
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index 53ea501..f3e64ea 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -13,3 +13,4 @@ obj-$(CONFIG_CRYPTO_DEV_OMAP_SHAM) += omap-sham.o
obj-$(CONFIG_CRYPTO_DEV_OMAP_AES) += omap-aes.o
obj-$(CONFIG_CRYPTO_DEV_PICOXCELL) += picoxcell_crypto.o
obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o
+obj-$(CONFIG_CRYPTO_DEV_TEGRA_AES) += tegra-aes.o
diff --git a/drivers/crypto/tegra-aes.c b/drivers/crypto/tegra-aes.c
new file mode 100644
index 0000000..18e6429
--- /dev/null
+++ b/drivers/crypto/tegra-aes.c
@@ -0,0 +1,1090 @@
+/*
+ * drivers/crypto/tegra-aes.c
+ *
+ * Driver for NVIDIA Tegra AES hardware engine residing inside the
+ * Bit Stream Engine for Video (BSEV) hardware block.
+ *
+ * The programming sequence for this engine is with the help
+ * of commands which travel via a command queue residing between the
+ * CPU and the BSEV block. The BSEV engine has an internal RAM (VRAM)
+ * where the final input plaintext, keys and the IV have to be copied
+ * before starting the encrypt/decrypt operation.
+ *
+ * Copyright (c) 2010, NVIDIA Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/clk.h>
+#include <linux/platform_device.h>
+#include <linux/scatterlist.h>
+#include <linux/dma-mapping.h>
+#include <linux/io.h>
+#include <linux/mutex.h>
+#include <linux/interrupt.h>
+#include <linux/completion.h>
+#include <linux/workqueue.h>
+
+#include <mach/clk.h>
+
+#include <crypto/scatterwalk.h>
+#include <crypto/aes.h>
+#include <crypto/internal/rng.h>
+
+#include "tegra-aes.h"
+
+#define FLAGS_MODE_MASK 0x00FF
+#define FLAGS_ENCRYPT BIT(0)
+#define FLAGS_CBC BIT(1)
+#define FLAGS_GIV BIT(2)
+#define FLAGS_RNG BIT(3)
+#define FLAGS_OFB BIT(4)
+#define FLAGS_NEW_KEY BIT(5)
+#define FLAGS_NEW_IV BIT(6)
+#define FLAGS_INIT BIT(7)
+#define FLAGS_FAST BIT(8)
+#define FLAGS_BUSY 9
+
+/*
+ * Defines AES engine Max process bytes size in one go, which takes 1 msec.
+ * AES engine spends about 176 cycles/16-bytes or 11 cycles/byte
+ * The duration CPU can use the BSE to 1 msec, then the number of available
+ * cycles of AVP/BSE is 216K. In this duration, AES can process 216/11 ~= 19KB
+ * Based on this AES_HW_DMA_BUFFER_SIZE_BYTES is configured to 16KB.
+ */
+#define AES_HW_DMA_BUFFER_SIZE_BYTES 0x4000
+
+/*
+ * The key table length is 64 bytes
+ * (This includes first upto 32 bytes key + 16 bytes original initial vector
+ * and 16 bytes updated initial vector)
+ */
+#define AES_HW_KEY_TABLE_LENGTH_BYTES 64
+
+/*
+ * The memory being used is divides as follows:
+ * 1. Key - 32 bytes
+ * 2. Original IV - 16 bytes
+ * 3. Updated IV - 16 bytes
+ * 4. Key schedule - 256 bytes
+ *
+ * 1+2+3 constitute the hw key table.
+ */
+#define AES_HW_IV_SIZE 16
+#define AES_HW_KEYSCHEDULE_LEN 256
+#define AES_IVKEY_SIZE (AES_HW_KEY_TABLE_LENGTH_BYTES + AES_HW_KEYSCHEDULE_LEN)
+
+/* Define commands required for AES operation */
+enum {
+ CMD_BLKSTARTENGINE = 0x0E,
+ CMD_DMASETUP = 0x10,
+ CMD_DMACOMPLETE = 0x11,
+ CMD_SETTABLE = 0x15,
+ CMD_MEMDMAVD = 0x22,
+};
+
+/* Define sub-commands */
+enum {
+ SUBCMD_VRAM_SEL = 0x1,
+ SUBCMD_CRYPTO_TABLE_SEL = 0x3,
+ SUBCMD_KEY_TABLE_SEL = 0x8,
+};
+
+/* memdma_vd command */
+#define MEMDMA_DIR_DTOVRAM 0 /* sdram -> vram */
+#define MEMDMA_DIR_VTODRAM 1 /* vram -> sdram */
+#define MEMDMA_DIR_SHIFT 25
+#define MEMDMA_NUM_WORDS_SHIFT 12
+
+/* command queue bit shifts */
+enum {
+ CMDQ_KEYTABLEADDR_SHIFT = 0,
+ CMDQ_KEYTABLEID_SHIFT = 17,
+ CMDQ_VRAMSEL_SHIFT = 23,
+ CMDQ_TABLESEL_SHIFT = 24,
+ CMDQ_OPCODE_SHIFT = 26,
+};
+
+/*
+ * The secure key slot contains a unique secure key generated
+ * and loaded by the bootloader. This slot is marked as non-accessible
+ * to the kernel.
+ */
+#define SSK_SLOT_NUM 4
+
+#define AES_NR_KEYSLOTS 8
+#define TEGRA_AES_QUEUE_LENGTH 50
+#define DEFAULT_RNG_BLK_SZ 16
+
+/* The command queue depth */
+#define AES_HW_MAX_ICQ_LENGTH 5
+
+struct tegra_aes_slot {
+ struct list_head node;
+ int slot_num;
+ bool available;
+};
+
+static struct tegra_aes_slot ssk = {
+ .slot_num = SSK_SLOT_NUM,
+ .available = true,
+};
+
+struct tegra_aes_reqctx {
+ unsigned long mode;
+};
+
+struct tegra_aes_dev {
+ struct device *dev;
+ unsigned long phys_base;
+ void __iomem *io_base;
+ dma_addr_t ivkey_phys_base;
+ void __iomem *ivkey_base;
+ struct clk *aes_clk;
+ struct tegra_aes_ctx *ctx;
+ int irq;
+ unsigned long flags;
+ struct completion op_complete;
+ u32 *buf_in;
+ dma_addr_t dma_buf_in;
+ u32 *buf_out;
+ dma_addr_t dma_buf_out;
+ u8 *iv;
+ u8 dt[DEFAULT_RNG_BLK_SZ];
+ int ivlen;
+ u64 ctr;
+ spinlock_t lock;
+ struct crypto_queue queue;
+ struct tegra_aes_slot *slots;
+ struct ablkcipher_request *req;
+ size_t total;
+ struct scatterlist *in_sg;
+ size_t in_offset;
+ struct scatterlist *out_sg;
+ size_t out_offset;
+};
+
+static struct tegra_aes_dev *aes_dev;
+
+struct tegra_aes_ctx {
+ struct tegra_aes_dev *dd;
+ unsigned long flags;
+ struct tegra_aes_slot *slot;
+ u8 key[AES_MAX_KEY_SIZE];
+ int keylen;
+};
+
+static struct tegra_aes_ctx rng_ctx = {
+ .flags = FLAGS_NEW_KEY,
+ .keylen = AES_KEYSIZE_128,
+};
+
+/* keep registered devices data here */
+static LIST_HEAD(dev_list);
+static DEFINE_SPINLOCK(list_lock);
+static DEFINE_MUTEX(aes_lock);
+
+static void aes_workqueue_handler(struct work_struct *work);
+static DECLARE_WORK(aes_work, aes_workqueue_handler);
+static struct workqueue_struct *aes_wq;
+
+extern unsigned long long tegra_chip_uid(void);
+
+static inline u32 aes_readl(struct tegra_aes_dev *dd, u32 offset)
+{
+ return readl(dd->io_base + offset);
+}
+
+static inline void aes_writel(struct tegra_aes_dev *dd, u32 val, u32 offset)
+{
+ writel(val, dd->io_base + offset);
+}
+
+static int aes_start_crypt(struct tegra_aes_dev *dd, u32 in_addr, u32 out_addr,
+ int nblocks, int mode, bool upd_iv)
+{
+ u32 cmdq[AES_HW_MAX_ICQ_LENGTH];
+ int i, eng_busy, icq_empty, ret;
+ u32 value;
+
+ /* reset all the interrupt bits */
+ aes_writel(dd, 0xFFFFFFFF, TEGRA_AES_INTR_STATUS);
+
+ /* enable error, dma xfer complete interrupts */
+ aes_writel(dd, 0x33, TEGRA_AES_INT_ENB);
+
+ /* this module is shared with the other hardware blocks
+ * and there have been cases where another user of the VDE
+ * has caused this irq to trigger */
+ enable_irq(dd->irq);
+
+ cmdq[0] = CMD_DMASETUP << CMDQ_OPCODE_SHIFT;
+ cmdq[1] = in_addr;
+ cmdq[2] = CMD_BLKSTARTENGINE << CMDQ_OPCODE_SHIFT | (nblocks-1);
+ cmdq[3] = CMD_DMACOMPLETE << CMDQ_OPCODE_SHIFT;
+
+ value = aes_readl(dd, TEGRA_AES_CMDQUE_CONTROL);
+ /* access SDRAM through AHB */
+ value &= ~TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD;
+ value &= ~TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD;
+ value |= (TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD |
+ TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD |
+ TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD);
+ aes_writel(dd, value, TEGRA_AES_CMDQUE_CONTROL);
+ dev_dbg(dd->dev, "cmd_q_ctrl=0x%x", value);
+
+ value = (0x1 << TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT) |
+ ((dd->ctx->keylen * 8) <<
+ TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT) |
+ ((u32)upd_iv << TEGRA_AES_SECURE_IV_SELECT_SHIFT);
+
+ if (mode & FLAGS_CBC) {
+ value |= ((((mode & FLAGS_ENCRYPT) ? 2 : 3)
+ << TEGRA_AES_SECURE_XOR_POS_SHIFT) |
+ (((mode & FLAGS_ENCRYPT) ? 2 : 3)
+ << TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT) |
+ ((mode & FLAGS_ENCRYPT) ? 1 : 0)
+ << TEGRA_AES_SECURE_CORE_SEL_SHIFT);
+ } else if (mode & FLAGS_OFB) {
+ value |= ((TEGRA_AES_SECURE_XOR_POS_FIELD) |
+ (2 << TEGRA_AES_SECURE_INPUT_SEL_SHIFT) |
+ (TEGRA_AES_SECURE_CORE_SEL_FIELD));
+ } else if (mode & FLAGS_RNG) {
+ value |= (((mode & FLAGS_ENCRYPT) ? 1 : 0)
+ << TEGRA_AES_SECURE_CORE_SEL_SHIFT |
+ TEGRA_AES_SECURE_RNG_ENB_FIELD);
+ } else {
+ value |= (((mode & FLAGS_ENCRYPT) ? 1 : 0)
+ << TEGRA_AES_SECURE_CORE_SEL_SHIFT);
+ }
+
+ dev_dbg(dd->dev, "secure_in_sel=0x%x", value);
+ aes_writel(dd, value, TEGRA_AES_SECURE_INPUT_SELECT);
+
+ aes_writel(dd, out_addr, TEGRA_AES_SECURE_DEST_ADDR);
+ INIT_COMPLETION(dd->op_complete);
+
+ for (i = 0; i < AES_HW_MAX_ICQ_LENGTH - 1; i++) {
+ do {
+ value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
+ eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD;
+ icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD;
+ } while (eng_busy & (!icq_empty));
+ aes_writel(dd, cmdq[i], TEGRA_AES_ICMDQUE_WR);
+ }
+
+ ret = wait_for_completion_timeout(&dd->op_complete,
+ msecs_to_jiffies(150));
+ if (ret == 0) {
+ dev_err(dd->dev, "timed out (0x%x)\n",
+ aes_readl(dd, TEGRA_AES_INTR_STATUS));
+ disable_irq(dd->irq);
+ return -ETIMEDOUT;
+ }
+
+ disable_irq(dd->irq);
+ aes_writel(dd, cmdq[AES_HW_MAX_ICQ_LENGTH - 1], TEGRA_AES_ICMDQUE_WR);
+ return 0;
+}
+
+static void aes_release_key_slot(struct tegra_aes_ctx *ctx)
+{
+ spin_lock(&list_lock);
+ ctx->slot->available = true;
+ ctx->slot = NULL;
+ spin_unlock(&list_lock);
+}
+
+static struct tegra_aes_slot *aes_find_key_slot(struct tegra_aes_dev *dd)
+{
+ struct tegra_aes_slot *slot = NULL;
+ bool found = false;
+
+ spin_lock(&list_lock);
+ list_for_each_entry(slot, &dev_list, node) {
+ dev_dbg(dd->dev, "empty:%d, num:%d\n", slot->available,
+ slot->slot_num);
+ if (slot->available) {
+ slot->available = false;
+ found = true;
+ break;
+ }
+ }
+ spin_unlock(&list_lock);
+
+ return found ? slot : NULL;
+}
+
+static int aes_set_key(struct tegra_aes_dev *dd)
+{
+ u32 value, cmdq[2];
+ struct tegra_aes_ctx *ctx = dd->ctx;
+ int eng_busy, icq_empty, dma_busy;
+ bool use_ssk = false;
+
+ /* use ssk? */
+ if (!dd->ctx->slot) {
+ dev_dbg(dd->dev, "using ssk");
+ dd->ctx->slot = &ssk;
+ use_ssk = true;
+ }
+
+ /* enable key schedule generation in hardware */
+ value = aes_readl(dd, TEGRA_AES_SECURE_CONFIG_EXT);
+ value &= ~TEGRA_AES_SECURE_KEY_SCH_DIS_FIELD;
+ aes_writel(dd, value, TEGRA_AES_SECURE_CONFIG_EXT);
+
+ /* select the key slot */
+ value = aes_readl(dd, TEGRA_AES_SECURE_CONFIG);
+ value &= ~TEGRA_AES_SECURE_KEY_INDEX_FIELD;
+ value |= (ctx->slot->slot_num << TEGRA_AES_SECURE_KEY_INDEX_SHIFT);
+ aes_writel(dd, value, TEGRA_AES_SECURE_CONFIG);
+
+ if (use_ssk)
+ return 0;
+
+ /* copy the key table from sdram to vram */
+ cmdq[0] = CMD_MEMDMAVD << CMDQ_OPCODE_SHIFT |
+ MEMDMA_DIR_DTOVRAM << MEMDMA_DIR_SHIFT |
+ AES_HW_KEY_TABLE_LENGTH_BYTES / sizeof(u32) <<
+ MEMDMA_NUM_WORDS_SHIFT;
+ cmdq[1] = (u32)dd->ivkey_phys_base;
+
+ aes_writel(dd, cmdq[0], TEGRA_AES_ICMDQUE_WR);
+ aes_writel(dd, cmdq[1], TEGRA_AES_ICMDQUE_WR);
+
+ do {
+ value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
+ eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD;
+ icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD;
+ dma_busy = value & TEGRA_AES_DMA_BUSY_FIELD;
+ } while (eng_busy & (!icq_empty) & dma_busy);
+
+ /* settable command to get key into internal registers */
+ value = CMD_SETTABLE << CMDQ_OPCODE_SHIFT |
+ SUBCMD_CRYPTO_TABLE_SEL << CMDQ_TABLESEL_SHIFT |
+ SUBCMD_VRAM_SEL << CMDQ_VRAMSEL_SHIFT |
+ (SUBCMD_KEY_TABLE_SEL | ctx->slot->slot_num) <<
+ CMDQ_KEYTABLEID_SHIFT;
+ aes_writel(dd, value, TEGRA_AES_ICMDQUE_WR);
+
+ do {
+ value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
+ eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD;
+ icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD;
+ } while (eng_busy & (!icq_empty));
+
+ return 0;
+}
+
+static int tegra_aes_handle_req(struct tegra_aes_dev *dd)
+{
+ struct crypto_async_request *async_req, *backlog;
+ struct tegra_aes_ctx *ctx;
+ struct tegra_aes_reqctx *rctx;
+ struct ablkcipher_request *req;
+ unsigned long flags;
+ int dma_max = AES_HW_DMA_BUFFER_SIZE_BYTES;
+ int ret = 0, nblocks, total;
+ int count = 0;
+ dma_addr_t addr_in, addr_out;
+ struct scatterlist *in_sg, *out_sg;
+
+ if (!dd)
+ return -EINVAL;
+
+ spin_lock_irqsave(&dd->lock, flags);
+ backlog = crypto_get_backlog(&dd->queue);
+ async_req = crypto_dequeue_request(&dd->queue);
+ if (!async_req)
+ clear_bit(FLAGS_BUSY, &dd->flags);
+ spin_unlock_irqrestore(&dd->lock, flags);
+
+ if (!async_req)
+ return -ENODATA;
+
+ if (backlog)
+ backlog->complete(backlog, -EINPROGRESS);
+
+ req = ablkcipher_request_cast(async_req);
+
+ dev_dbg(dd->dev, "%s: get new req\n", __func__);
+
+ if (!req->src || !req->dst)
+ return -EINVAL;
+
+ /* take mutex to access the aes hw */
+ mutex_lock(&aes_lock);
+
+ /* assign new request to device */
+ dd->req = req;
+ dd->total = req->nbytes;
+ dd->in_offset = 0;
+ dd->in_sg = req->src;
+ dd->out_offset = 0;
+ dd->out_sg = req->dst;
+
+ in_sg = dd->in_sg;
+ out_sg = dd->out_sg;
+
+ total = dd->total;
+ rctx = ablkcipher_request_ctx(req);
+ ctx = crypto_ablkcipher_ctx(crypto_ablkcipher_reqtfm(req));
+ rctx->mode &= FLAGS_MODE_MASK;
+ dd->flags = (dd->flags & ~FLAGS_MODE_MASK) | rctx->mode;
+
+ dd->iv = (u8 *)req->info;
+ dd->ivlen = crypto_ablkcipher_ivsize(crypto_ablkcipher_reqtfm(req));
+
+ /* assign new context to device */
+ ctx->dd = dd;
+ dd->ctx = ctx;
+
+ if (ctx->flags & FLAGS_NEW_KEY) {
+ /* copy the key */
+ memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
+ memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
+ aes_set_key(dd);
+ ctx->flags &= ~FLAGS_NEW_KEY;
+ }
+
+ if (((dd->flags & FLAGS_CBC) || (dd->flags & FLAGS_OFB)) && dd->iv) {
+ /* set iv to the aes hw slot
+ * Hw generates updated iv only after iv is set in slot.
+ * So key and iv is passed asynchronously.
+ */
+ memcpy(dd->buf_in, dd->iv, dd->ivlen);
+
+ ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
+ dd->dma_buf_out, 1, FLAGS_CBC, false);
+ if (ret < 0) {
+ dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
+ goto out;
+ }
+ }
+
+ while (total) {
+ dev_dbg(dd->dev, "remain: %d\n", total);
+ ret = dma_map_sg(dd->dev, in_sg, 1, DMA_TO_DEVICE);
+ if (!ret) {
+ dev_err(dd->dev, "dma_map_sg() error\n");
+ goto out;
+ }
+
+ ret = dma_map_sg(dd->dev, out_sg, 1, DMA_FROM_DEVICE);
+ if (!ret) {
+ dev_err(dd->dev, "dma_map_sg() error\n");
+ dma_unmap_sg(dd->dev, dd->in_sg,
+ 1, DMA_TO_DEVICE);
+ goto out;
+ }
+
+ addr_in = sg_dma_address(in_sg);
+ addr_out = sg_dma_address(out_sg);
+ dd->flags |= FLAGS_FAST;
+ count = min((int)sg_dma_len(in_sg), (int)dma_max);
+ WARN_ON(sg_dma_len(in_sg) != sg_dma_len(out_sg));
+ nblocks = DIV_ROUND_UP(count, AES_BLOCK_SIZE);
+
+ ret = aes_start_crypt(dd, addr_in, addr_out, nblocks,
+ dd->flags, true);
+
+ dma_unmap_sg(dd->dev, out_sg, 1, DMA_FROM_DEVICE);
+ dma_unmap_sg(dd->dev, in_sg, 1, DMA_TO_DEVICE);
+
+ if (ret < 0) {
+ dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
+ goto out;
+ }
+ dd->flags &= ~FLAGS_FAST;
+
+ dev_dbg(dd->dev, "out: copied %d\n", count);
+ total -= count;
+ in_sg = sg_next(in_sg);
+ out_sg = sg_next(out_sg);
+ WARN_ON(((total != 0) && (!in_sg || !out_sg)));
+ }
+
+out:
+ mutex_unlock(&aes_lock);
+
+ dd->total = total;
+
+ if (dd->req->base.complete)
+ dd->req->base.complete(&dd->req->base, ret);
+
+ dev_dbg(dd->dev, "%s: exit\n", __func__);
+ return ret;
+}
+
+static int tegra_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct tegra_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm);
+ struct tegra_aes_dev *dd = aes_dev;
+ struct tegra_aes_slot *key_slot;
+
+ if ((keylen != AES_KEYSIZE_128) && (keylen != AES_KEYSIZE_192) &&
+ (keylen != AES_KEYSIZE_256)) {
+ dev_err(dd->dev, "unsupported key size\n");
+ crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ dev_dbg(dd->dev, "keylen: %d\n", keylen);
+
+ ctx->dd = dd;
+
+ if (key) {
+ if (!ctx->slot) {
+ key_slot = aes_find_key_slot(dd);
+ if (!key_slot) {
+ dev_err(dd->dev, "no empty slot\n");
+ return -ENOMEM;
+ }
+
+ ctx->slot = key_slot;
+ }
+
+ memcpy(ctx->key, key, keylen);
+ ctx->keylen = keylen;
+ }
+
+ ctx->flags |= FLAGS_NEW_KEY;
+ dev_dbg(dd->dev, "done\n");
+ return 0;
+}
+
+static void aes_workqueue_handler(struct work_struct *work)
+{
+ struct tegra_aes_dev *dd = aes_dev;
+ int ret;
+
+ clk_enable(dd->aes_clk);
+
+ /* empty the crypto queue and then return */
+ do {
+ ret = tegra_aes_handle_req(dd);
+ } while (!ret);
+
+ clk_disable(dd->aes_clk);
+}
+
+static irqreturn_t aes_irq(int irq, void *dev_id)
+{
+ struct tegra_aes_dev *dd = (struct tegra_aes_dev *)dev_id;
+ u32 value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
+
+ dev_dbg(dd->dev, "irq_stat: 0x%x", value);
+ if (value & TEGRA_AES_INT_ERROR_MASK)
+ aes_writel(dd, TEGRA_AES_INT_ERROR_MASK, TEGRA_AES_INTR_STATUS);
+
+ if (!(value & TEGRA_AES_ENGINE_BUSY_FIELD))
+ complete(&dd->op_complete);
+
+ return IRQ_HANDLED;
+}
+
+static int tegra_aes_crypt(struct ablkcipher_request *req, unsigned long mode)
+{
+ struct tegra_aes_reqctx *rctx = ablkcipher_request_ctx(req);
+ struct tegra_aes_dev *dd = aes_dev;
+ unsigned long flags;
+ int err = 0;
+ int busy;
+
+ dev_dbg(dd->dev, "nbytes: %d, enc: %d, cbc: %d, ofb: %d\n",
+ req->nbytes, !!(mode & FLAGS_ENCRYPT),
+ !!(mode & FLAGS_CBC), !!(mode & FLAGS_OFB));
+
+ rctx->mode = mode;
+
+ spin_lock_irqsave(&dd->lock, flags);
+ err = ablkcipher_enqueue_request(&dd->queue, req);
+ busy = test_and_set_bit(FLAGS_BUSY, &dd->flags);
+ spin_unlock_irqrestore(&dd->lock, flags);
+
+ if (!busy)
+ queue_work(aes_wq, &aes_work);
+
+ return err;
+}
+
+static int tegra_aes_ecb_encrypt(struct ablkcipher_request *req)
+{
+ return tegra_aes_crypt(req, FLAGS_ENCRYPT);
+}
+
+static int tegra_aes_ecb_decrypt(struct ablkcipher_request *req)
+{
+ return tegra_aes_crypt(req, 0);
+}
+
+static int tegra_aes_cbc_encrypt(struct ablkcipher_request *req)
+{
+ return tegra_aes_crypt(req, FLAGS_ENCRYPT | FLAGS_CBC);
+}
+
+static int tegra_aes_cbc_decrypt(struct ablkcipher_request *req)
+{
+ return tegra_aes_crypt(req, FLAGS_CBC);
+}
+
+static int tegra_aes_ofb_encrypt(struct ablkcipher_request *req)
+{
+ return tegra_aes_crypt(req, FLAGS_ENCRYPT | FLAGS_OFB);
+}
+
+static int tegra_aes_ofb_decrypt(struct ablkcipher_request *req)
+{
+ return tegra_aes_crypt(req, FLAGS_OFB);
+}
+
+static int tegra_aes_get_random(struct crypto_rng *tfm, u8 *rdata,
+ unsigned int dlen)
+{
+ struct tegra_aes_dev *dd = aes_dev;
+ struct tegra_aes_ctx *ctx = &rng_ctx;
+ int ret, i;
+ u8 *dest = rdata, *dt = dd->dt;
+
+ /* take mutex to access the aes hw */
+ mutex_lock(&aes_lock);
+
+ clk_enable(dd->aes_clk);
+
+ ctx->dd = dd;
+ dd->ctx = ctx;
+ dd->flags = FLAGS_ENCRYPT | FLAGS_RNG;
+
+ memcpy(dd->buf_in, dt, DEFAULT_RNG_BLK_SZ);
+
+ ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
+ (u32)dd->dma_buf_out, 1, dd->flags, true);
+ if (ret < 0) {
+ dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
+ dlen = ret;
+ goto out;
+ }
+ memcpy(dest, dd->buf_out, dlen);
+
+ /* update the DT */
+ for (i = DEFAULT_RNG_BLK_SZ - 1; i >= 0; i--) {
+ dt[i] += 1;
+ if (dt[i] != 0)
+ break;
+ }
+
+out:
+ clk_disable(dd->aes_clk);
+ mutex_unlock(&aes_lock);
+
+ dev_dbg(dd->dev, "%s: done\n", __func__);
+ return dlen;
+}
+
+static int tegra_aes_rng_reset(struct crypto_rng *tfm, u8 *seed,
+ unsigned int slen)
+{
+ struct tegra_aes_dev *dd = aes_dev;
+ struct tegra_aes_ctx *ctx = &rng_ctx;
+ struct tegra_aes_slot *key_slot;
+ struct timespec ts;
+ int ret = 0;
+ u64 nsec, tmp[2];
+ u8 *dt;
+
+ if (!ctx || !dd) {
+ dev_err(dd->dev, "ctx=0x%x, dd=0x%x\n",
+ (unsigned int)ctx, (unsigned int)dd);
+ return -EINVAL;
+ }
+
+ if (slen < (DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128)) {
+ dev_err(dd->dev, "seed size invalid");
+ return -ENOMEM;
+ }
+
+ /* take mutex to access the aes hw */
+ mutex_lock(&aes_lock);
+
+ if (!ctx->slot) {
+ key_slot = aes_find_key_slot(dd);
+ if (!key_slot) {
+ dev_err(dd->dev, "no empty slot\n");
+ mutex_unlock(&aes_lock);
+ return -ENOMEM;
+ }
+ ctx->slot = key_slot;
+ }
+
+ ctx->dd = dd;
+ dd->ctx = ctx;
+ dd->ctr = 0;
+
+ ctx->keylen = AES_KEYSIZE_128;
+ ctx->flags |= FLAGS_NEW_KEY;
+
+ /* copy the key to the key slot */
+ memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
+ memcpy(dd->ivkey_base, seed + DEFAULT_RNG_BLK_SZ, AES_KEYSIZE_128);
+
+ dd->iv = seed;
+ dd->ivlen = slen;
+
+ dd->flags = FLAGS_ENCRYPT | FLAGS_RNG;
+
+ clk_enable(dd->aes_clk);
+
+ aes_set_key(dd);
+
+ /* set seed to the aes hw slot */
+ memcpy(dd->buf_in, dd->iv, DEFAULT_RNG_BLK_SZ);
+ ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
+ dd->dma_buf_out, 1, FLAGS_CBC, false);
+ if (ret < 0) {
+ dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
+ goto out;
+ }
+
+ if (dd->ivlen >= (2 * DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128)) {
+ dt = dd->iv + DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128;
+ } else {
+ getnstimeofday(&ts);
+ nsec = timespec_to_ns(&ts);
+ do_div(nsec, 1000);
+ nsec ^= dd->ctr << 56;
+ dd->ctr++;
+ tmp[0] = nsec;
+ tmp[1] = tegra_chip_uid();
+ dt = (u8 *)tmp;
+ }
+ memcpy(dd->dt, dt, DEFAULT_RNG_BLK_SZ);
+
+out:
+ clk_disable(dd->aes_clk);
+ mutex_unlock(&aes_lock);
+
+ dev_dbg(dd->dev, "%s: done\n", __func__);
+ return ret;
+}
+
+static int tegra_aes_cra_init(struct crypto_tfm *tfm)
+{
+ tfm->crt_ablkcipher.reqsize = sizeof(struct tegra_aes_reqctx);
+
+ return 0;
+}
+
+void tegra_aes_cra_exit(struct crypto_tfm *tfm)
+{
+ struct tegra_aes_ctx *ctx =
+ crypto_ablkcipher_ctx((struct crypto_ablkcipher *)tfm);
+
+ if (ctx && ctx->slot)
+ aes_release_key_slot(ctx);
+}
+
+static struct crypto_alg algs[] = {
+ {
+ .cra_name = "ecb(aes)",
+ .cra_driver_name = "ecb-aes-tegra",
+ .cra_priority = 300,
+ .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
+ .cra_blocksize = AES_BLOCK_SIZE,
+ .cra_alignmask = 3,
+ .cra_type = &crypto_ablkcipher_type,
+ .cra_u.ablkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .setkey = tegra_aes_setkey,
+ .encrypt = tegra_aes_ecb_encrypt,
+ .decrypt = tegra_aes_ecb_decrypt,
+ },
+ }, {
+ .cra_name = "cbc(aes)",
+ .cra_driver_name = "cbc-aes-tegra",
+ .cra_priority = 300,
+ .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
+ .cra_blocksize = AES_BLOCK_SIZE,
+ .cra_alignmask = 3,
+ .cra_type = &crypto_ablkcipher_type,
+ .cra_u.ablkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_MIN_KEY_SIZE,
+ .setkey = tegra_aes_setkey,
+ .encrypt = tegra_aes_cbc_encrypt,
+ .decrypt = tegra_aes_cbc_decrypt,
+ }
+ }, {
+ .cra_name = "ofb(aes)",
+ .cra_driver_name = "ofb-aes-tegra",
+ .cra_priority = 300,
+ .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
+ .cra_blocksize = AES_BLOCK_SIZE,
+ .cra_alignmask = 3,
+ .cra_type = &crypto_ablkcipher_type,
+ .cra_u.ablkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_MIN_KEY_SIZE,
+ .setkey = tegra_aes_setkey,
+ .encrypt = tegra_aes_ofb_encrypt,
+ .decrypt = tegra_aes_ofb_decrypt,
+ }
+ }, {
+ .cra_name = "ansi_cprng",
+ .cra_driver_name = "rng-aes-tegra",
+ .cra_flags = CRYPTO_ALG_TYPE_RNG,
+ .cra_ctxsize = sizeof(struct tegra_aes_ctx),
+ .cra_type = &crypto_rng_type,
+ .cra_u.rng = {
+ .rng_make_random = tegra_aes_get_random,
+ .rng_reset = tegra_aes_rng_reset,
+ .seedsize = AES_KEYSIZE_128 + (2 * DEFAULT_RNG_BLK_SZ),
+ }
+ }
+};
+
+static int tegra_aes_probe(struct platform_device *pdev)
+{
+ struct device *dev = &pdev->dev;
+ struct tegra_aes_dev *dd;
+ struct resource *res;
+ int err = -ENOMEM, i = 0, j;
+
+ dd = devm_kzalloc(dev, sizeof(struct tegra_aes_dev), GFP_KERNEL);
+ if (dd == NULL) {
+ dev_err(dev, "unable to alloc data struct.\n");
+ return err;
+ }
+
+ dd->dev = dev;
+ platform_set_drvdata(pdev, dd);
+
+ dd->slots = devm_kzalloc(dev, sizeof(struct tegra_aes_slot) *
+ AES_NR_KEYSLOTS, GFP_KERNEL);
+ if (dd->slots == NULL) {
+ dev_err(dev, "unable to alloc slot struct.\n");
+ goto out;
+ }
+
+ spin_lock_init(&dd->lock);
+ crypto_init_queue(&dd->queue, TEGRA_AES_QUEUE_LENGTH);
+
+ /* Get the module base address */
+ res = platform_get_resource(pdev, IORESOURCE_IO, 0);
+ if (!res) {
+ dev_err(dev, "invalid resource type: base\n");
+ err = -ENODEV;
+ goto out;
+ }
+ dd->phys_base = res->start;
+
+ dd->io_base = devm_ioremap(dev, dd->phys_base, resource_size(res));
+ if (!dd->io_base) {
+ dev_err(dev, "can't ioremap phys_base\n");
+ err = -ENOMEM;
+ goto out;
+ }
+
+ /* Initialize the vde clock */
+ dd->aes_clk = clk_get(dev, "vde");
+ if (IS_ERR(dd->aes_clk)) {
+ dev_err(dev, "iclock intialization failed.\n");
+ err = -ENODEV;
+ goto out;
+ }
+
+ err = clk_set_rate(dd->aes_clk, ULONG_MAX);
+ if (err) {
+ dev_err(dd->dev, "iclk set_rate fail(%d)\n", err);
+ goto out;
+ }
+
+ /*
+ * the foll contiguous memory is allocated as follows -
+ * - hardware key table
+ * - key schedule
+ */
+ dd->ivkey_base = dma_alloc_coherent(dev, SZ_512, &dd->ivkey_phys_base,
+ GFP_KERNEL);
+ if (!dd->ivkey_base) {
+ dev_err(dev, "can not allocate iv/key buffer\n");
+ err = -ENOMEM;
+ goto out;
+ }
+
+ dd->buf_in = dma_alloc_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
+ &dd->dma_buf_in, GFP_KERNEL);
+ if (!dd->buf_in) {
+ dev_err(dev, "can not allocate dma-in buffer\n");
+ err = -ENOMEM;
+ goto out;
+ }
+
+ dd->buf_out = dma_alloc_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
+ &dd->dma_buf_out, GFP_KERNEL);
+ if (!dd->buf_out) {
+ dev_err(dev, "can not allocate dma-out buffer\n");
+ err = -ENOMEM;
+ goto out;
+ }
+
+ init_completion(&dd->op_complete);
+ aes_wq = alloc_workqueue("tegra_aes_wq", WQ_HIGHPRI | WQ_UNBOUND, 1);
+ if (!aes_wq) {
+ dev_err(dev, "alloc_workqueue failed\n");
+ goto out;
+ }
+
+ /* get the irq */
+ res = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
+ if (!res) {
+ dev_err(dev, "invalid resource type: base\n");
+ err = -ENODEV;
+ goto out;
+ }
+ dd->irq = res->start;
+
+ err = request_irq(dd->irq, aes_irq, IRQF_TRIGGER_HIGH,
+ "tegra-aes", dd);
+ if (err) {
+ dev_err(dev, "request_irq failed\n");
+ goto out;
+ }
+
+ disable_irq(dd->irq);
+
+ spin_lock_init(&list_lock);
+ spin_lock(&list_lock);
+ for (i = 0; i < AES_NR_KEYSLOTS; i++) {
+ if (i == SSK_SLOT_NUM)
+ continue;
+ dd->slots[i].available = true;
+ dd->slots[i].slot_num = i;
+ INIT_LIST_HEAD(&dd->slots[i].node);
+ list_add_tail(&dd->slots[i].node, &dev_list);
+ }
+ spin_unlock(&list_lock);
+
+ aes_dev = dd;
+ for (i = 0; i < ARRAY_SIZE(algs); i++) {
+ INIT_LIST_HEAD(&algs[i].cra_list);
+
+ algs[i].cra_priority = 300;
+ algs[i].cra_ctxsize = sizeof(struct tegra_aes_ctx);
+ algs[i].cra_module = THIS_MODULE;
+ algs[i].cra_init = tegra_aes_cra_init;
+ algs[i].cra_exit = tegra_aes_cra_exit;
+
+ err = crypto_register_alg(&algs[i]);
+ if (err)
+ goto out;
+ }
+
+ dev_info(dev, "registered");
+ return 0;
+
+out:
+ for (j = 0; j < i; j++)
+ crypto_unregister_alg(&algs[j]);
+ if (dd->ivkey_base)
+ dma_free_coherent(dev, SZ_512, dd->ivkey_base,
+ dd->ivkey_phys_base);
+ if (dd->buf_in)
+ dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
+ dd->buf_in, dd->dma_buf_in);
+ if (dd->buf_out)
+ dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
+ dd->buf_out, dd->dma_buf_out);
+ if (dd->aes_clk)
+ clk_put(dd->aes_clk);
+ if (aes_wq)
+ destroy_workqueue(aes_wq);
+ free_irq(dd->irq, dd);
+ spin_lock(&list_lock);
+ list_del(&dev_list);
+ spin_unlock(&list_lock);
+
+ aes_dev = NULL;
+
+ dev_err(dev, "%s: initialization failed.\n", __func__);
+ return err;
+}
+
+static int __devexit tegra_aes_remove(struct platform_device *pdev)
+{
+ struct device *dev = &pdev->dev;
+ struct tegra_aes_dev *dd = platform_get_drvdata(pdev);
+ int i;
+
+ if (!dd)
+ return -ENODEV;
+
+ cancel_work_sync(&aes_work);
+ destroy_workqueue(aes_wq);
+ free_irq(dd->irq, dd);
+ spin_lock(&list_lock);
+ list_del(&dev_list);
+ spin_unlock(&list_lock);
+
+ for (i = 0; i < ARRAY_SIZE(algs); i++)
+ crypto_unregister_alg(&algs[i]);
+
+ dma_free_coherent(dev, SZ_512, dd->ivkey_base,
+ dd->ivkey_phys_base);
+ dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
+ dd->buf_in, dd->dma_buf_in);
+ dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
+ dd->buf_out, dd->dma_buf_out);
+ clk_put(dd->aes_clk);
+ aes_dev = NULL;
+
+ return 0;
+}
+
+static struct platform_driver tegra_aes_driver = {
+ .probe = tegra_aes_probe,
+ .remove = __devexit_p(tegra_aes_remove),
+ .driver = {
+ .name = "tegra-aes",
+ .owner = THIS_MODULE,
+ },
+};
+
+static int __init tegra_aes_module_init(void)
+{
+ mutex_init(&aes_lock);
+ INIT_LIST_HEAD(&dev_list);
+ return platform_driver_register(&tegra_aes_driver);
+}
+
+static void __exit tegra_aes_module_exit(void)
+{
+ platform_driver_unregister(&tegra_aes_driver);
+}
+
+module_init(tegra_aes_module_init);
+module_exit(tegra_aes_module_exit);
+
+MODULE_DESCRIPTION("Tegra AES/OFB/CPRNG hw acceleration support.");
+MODULE_AUTHOR("NVIDIA Corporation");
+MODULE_LICENSE("GPL v2");
diff --git a/drivers/crypto/tegra-aes.h b/drivers/crypto/tegra-aes.h
new file mode 100644
index 0000000..de15b7e
--- /dev/null
+++ b/drivers/crypto/tegra-aes.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2010, NVIDIA Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+#ifndef __CRYPTODEV_TEGRA_AES_H
+#define __CRYPTODEV_TEGRA_AES_H
+
+#define TEGRA_AES_ICMDQUE_WR 0x1000
+#define TEGRA_AES_CMDQUE_CONTROL 0x1008
+#define TEGRA_AES_INTR_STATUS 0x1018
+#define TEGRA_AES_INT_ENB 0x1040
+#define TEGRA_AES_CONFIG 0x1044
+#define TEGRA_AES_IRAM_ACCESS_CFG 0x10A0
+#define TEGRA_AES_SECURE_DEST_ADDR 0x1100
+#define TEGRA_AES_SECURE_INPUT_SELECT 0x1104
+#define TEGRA_AES_SECURE_CONFIG 0x1108
+#define TEGRA_AES_SECURE_CONFIG_EXT 0x110C
+#define TEGRA_AES_SECURE_SECURITY 0x1110
+#define TEGRA_AES_SECURE_HASH_RESULT0 0x1120
+#define TEGRA_AES_SECURE_HASH_RESULT1 0x1124
+#define TEGRA_AES_SECURE_HASH_RESULT2 0x1128
+#define TEGRA_AES_SECURE_HASH_RESULT3 0x112C
+#define TEGRA_AES_SECURE_SEC_SEL0 0x1140
+#define TEGRA_AES_SECURE_SEC_SEL1 0x1144
+#define TEGRA_AES_SECURE_SEC_SEL2 0x1148
+#define TEGRA_AES_SECURE_SEC_SEL3 0x114C
+#define TEGRA_AES_SECURE_SEC_SEL4 0x1150
+#define TEGRA_AES_SECURE_SEC_SEL5 0x1154
+#define TEGRA_AES_SECURE_SEC_SEL6 0x1158
+#define TEGRA_AES_SECURE_SEC_SEL7 0x115C
+
+/* interrupt status reg masks and shifts */
+#define TEGRA_AES_ENGINE_BUSY_FIELD BIT(0)
+#define TEGRA_AES_ICQ_EMPTY_FIELD BIT(3)
+#define TEGRA_AES_DMA_BUSY_FIELD BIT(23)
+
+/* secure select reg masks and shifts */
+#define TEGRA_AES_SECURE_SEL0_KEYREAD_ENB0_FIELD BIT(0)
+
+/* secure config ext masks and shifts */
+#define TEGRA_AES_SECURE_KEY_SCH_DIS_FIELD BIT(15)
+
+/* secure config masks and shifts */
+#define TEGRA_AES_SECURE_KEY_INDEX_SHIFT 20
+#define TEGRA_AES_SECURE_KEY_INDEX_FIELD (0x1F << TEGRA_AES_SECURE_KEY_INDEX_SHIFT)
+#define TEGRA_AES_SECURE_BLOCK_CNT_SHIFT 0
+#define TEGRA_AES_SECURE_BLOCK_CNT_FIELD (0xFFFFF << TEGRA_AES_SECURE_BLOCK_CNT_SHIFT)
+
+/* stream interface select masks and shifts */
+#define TEGRA_AES_CMDQ_CTRL_UCMDQEN_FIELD BIT(0)
+#define TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD BIT(1)
+#define TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD BIT(4)
+#define TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD BIT(5)
+
+/* config register masks and shifts */
+#define TEGRA_AES_CONFIG_ENDIAN_ENB_FIELD BIT(10)
+#define TEGRA_AES_CONFIG_MODE_SEL_SHIFT 0
+#define TEGRA_AES_CONFIG_MODE_SEL_FIELD (0x1F << TEGRA_AES_CONFIG_MODE_SEL_SHIFT)
+
+/* extended config */
+#define TEGRA_AES_SECURE_OFFSET_CNT_SHIFT 24
+#define TEGRA_AES_SECURE_OFFSET_CNT_FIELD (0xFF << TEGRA_AES_SECURE_OFFSET_CNT_SHIFT)
+#define TEGRA_AES_SECURE_KEYSCHED_GEN_FIELD BIT(15)
+
+/* init vector select */
+#define TEGRA_AES_SECURE_IV_SELECT_SHIFT (10)
+#define TEGRA_AES_SECURE_IV_SELECT_FIELD BIT(10)
+
+/* secure engine input */
+#define TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT 28
+#define TEGRA_AES_SECURE_INPUT_ALG_SEL_FIELD (0xF << TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT)
+#define TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT 16
+#define TEGRA_AES_SECURE_INPUT_KEY_LEN_FIELD (0xFFF << TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT)
+#define TEGRA_AES_SECURE_RNG_ENB_FIELD BIT(11)
+#define TEGRA_AES_SECURE_CORE_SEL_SHIFT 9
+#define TEGRA_AES_SECURE_CORE_SEL_FIELD BIT(9)
+#define TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT 7
+#define TEGRA_AES_SECURE_VCTRAM_SEL_FIELD (0x3 << TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT)
+#define TEGRA_AES_SECURE_INPUT_SEL_SHIFT 5
+#define TEGRA_AES_SECURE_INPUT_SEL_FIELD (0x3 << TEGRA_AES_SECURE_INPUT_SEL_SHIFT)
+#define TEGRA_AES_SECURE_XOR_POS_SHIFT 3
+#define TEGRA_AES_SECURE_XOR_POS_FIELD (0x3 << TEGRA_AES_SECURE_XOR_POS_SHIFT)
+#define TEGRA_AES_SECURE_HASH_ENB_FIELD BIT(2)
+#define TEGRA_AES_SECURE_ON_THE_FLY_FIELD BIT(0)
+
+/* interrupt error mask */
+#define TEGRA_AES_INT_ERROR_MASK 0xFFF000
+
+#endif
--
1.7.1


2011-11-05 23:10:25

by Kim Phillips

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware

On Sat, 5 Nov 2011 16:12:14 +0530
<[email protected]> wrote:

> +config CRYPTO_DEV_TEGRA_AES
> + tristate "Support for TEGRA AES hw engine"
> + depends on ARCH_TEGRA
> + select CRYPTO_AES
> + help
> + TEGRA processors have AES module accelerator. Select this if you
> + want to use the TEGRA module for AES algorithms.
> +

"To compile this driver as a module, choose M here: the module
will be called tegra-aes."

> +static int aes_start_crypt(struct tegra_aes_dev *dd, u32 in_addr, u32 out_addr,
> + int nblocks, int mode, bool upd_iv)
> +{
> + u32 cmdq[AES_HW_MAX_ICQ_LENGTH];
> + int i, eng_busy, icq_empty, ret;
> + u32 value;
> +
> + /* reset all the interrupt bits */
> + aes_writel(dd, 0xFFFFFFFF, TEGRA_AES_INTR_STATUS);
> +
> + /* enable error, dma xfer complete interrupts */
> + aes_writel(dd, 0x33, TEGRA_AES_INT_ENB);
> +
> + /* this module is shared with the other hardware blocks
> + * and there have been cases where another user of the VDE
> + * has caused this irq to trigger */
> + enable_irq(dd->irq);

do the other users of the VDE cause this IRQ to trigger in error?
If so, they should be fixed. If not, and the IRQ line is shared by
h/w, then all users of the IRQ should request_irq with IRQF_SHARED,
and return IRQ_NONE if the IRQ wasn't for them. Either way, the IRQ
should be left enabled.

> + value = aes_readl(dd, TEGRA_AES_CMDQUE_CONTROL);
> + /* access SDRAM through AHB */
> + value &= ~TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD;
> + value &= ~TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD;
> + value |= (TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD |
> + TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD |
> + TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD);

unnecessary parens

> + ret = wait_for_completion_timeout(&dd->op_complete,
> + msecs_to_jiffies(150));

alignment

> + total = dd->total;
> + rctx = ablkcipher_request_ctx(req);
> + ctx = crypto_ablkcipher_ctx(crypto_ablkcipher_reqtfm(req));
> + rctx->mode &= FLAGS_MODE_MASK;
> + dd->flags = (dd->flags & ~FLAGS_MODE_MASK) | rctx->mode;
> +
> + dd->iv = (u8 *)req->info;
> + dd->ivlen = crypto_ablkcipher_ivsize(crypto_ablkcipher_reqtfm(req));

cleaner:

tfm = crypto_ablkcipher_reqtfm(req);
...
ctx = crypto_ablkcipher_ctx(tfm);
...
dd->ivlen = crypto_ablkcipher_ivsize(tfm);

> + /* assign new context to device */
> + ctx->dd = dd;
> + dd->ctx = ctx;
> +
> + if (ctx->flags & FLAGS_NEW_KEY) {
> + /* copy the key */
> + memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
> + memcpy(dd->ivkey_base, ctx->key, ctx->keylen);

these really should be writes to mutually exclusive addresses.

> + addr_in = sg_dma_address(in_sg);
> + addr_out = sg_dma_address(out_sg);
> + dd->flags |= FLAGS_FAST;
> + count = min((int)sg_dma_len(in_sg), (int)dma_max);

use min_t

> +static irqreturn_t aes_irq(int irq, void *dev_id)
> +{
> + struct tegra_aes_dev *dd = (struct tegra_aes_dev *)dev_id;
> + u32 value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
> +
> + dev_dbg(dd->dev, "irq_stat: 0x%x", value);
> + if (value & TEGRA_AES_INT_ERROR_MASK)
> + aes_writel(dd, TEGRA_AES_INT_ERROR_MASK, TEGRA_AES_INTR_STATUS);
> +
> + if (!(value & TEGRA_AES_ENGINE_BUSY_FIELD))
> + complete(&dd->op_complete);
> +
> + return IRQ_HANDLED;

return IRQ_NONE if there was no error and (value &
TEGRA_AES_ENGINE_BUSY_FIELD).

> + ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
> + (u32)dd->dma_buf_out, 1, dd->flags, true);

alignment

> +static int tegra_aes_rng_reset(struct crypto_rng *tfm, u8 *seed,
> + unsigned int slen)

alignment

> + /* copy the key to the key slot */
> + memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
> + memcpy(dd->ivkey_base, seed + DEFAULT_RNG_BLK_SZ, AES_KEYSIZE_128);

should be to mutually exclusive addresses

> + /* set seed to the aes hw slot */
> + memcpy(dd->buf_in, dd->iv, DEFAULT_RNG_BLK_SZ);
> + ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
> + dd->dma_buf_out, 1, FLAGS_CBC, false);

alignment

> +static int __devexit tegra_aes_remove(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct tegra_aes_dev *dd = platform_get_drvdata(pdev);
> + int i;
> +
> + if (!dd)
> + return -ENODEV;
> +

when would this condition be met?

> +/* init vector select */
> +#define TEGRA_AES_SECURE_IV_SELECT_SHIFT (10)

no parens

Kim

2011-11-12 10:22:32

by Varun Wadekar

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware


>> + /* assign new context to device */
>> + ctx->dd = dd;
>> + dd->ctx = ctx;
>> +
>> + if (ctx->flags & FLAGS_NEW_KEY) {
>> + /* copy the key */
>> + memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
>> + memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
> these really should be writes to mutually exclusive addresses.

Why?

>> + /* copy the key to the key slot */
>> + memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
>> + memcpy(dd->ivkey_base, seed + DEFAULT_RNG_BLK_SZ, AES_KEYSIZE_128);
> should be to mutually exclusive addresses

Why?

2011-11-14 17:26:16

by Stephen Warren

[permalink] [raw]
Subject: RE: [PATCH v1] crypto: driver for tegra AES hardware

Varun Wadekar wrote at Saturday, November 12, 2011 3:23 AM:
> >> + /* assign new context to device */
> >> + ctx->dd = dd;
> >> + dd->ctx = ctx;
> >> +
> >> + if (ctx->flags & FLAGS_NEW_KEY) {
> >> + /* copy the key */
> >> + memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
> >> + memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
> > these really should be writes to mutually exclusive addresses.
>
> Why?

To avoid redundant work; there's little point memset()ing a region that's
going to be copied over the top of immediately afterwards.

--
nvpublic

2011-11-14 19:16:07

by Kim Phillips

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware

On Mon, 14 Nov 2011 09:26:16 -0800
Stephen Warren <[email protected]> wrote:

> Varun Wadekar wrote at Saturday, November 12, 2011 3:23 AM:
> > >> + /* assign new context to device */
> > >> + ctx->dd = dd;
> > >> + dd->ctx = ctx;
> > >> +
> > >> + if (ctx->flags & FLAGS_NEW_KEY) {
> > >> + /* copy the key */
> > >> + memset(dd->ivkey_base, 0, AES_HW_KEY_TABLE_LENGTH_BYTES);
> > >> + memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
> > > these really should be writes to mutually exclusive addresses.
> >
> > Why?
>
> To avoid redundant work; there's little point memset()ing a region that's
> going to be copied over the top of immediately afterwards.

plus, why is the memset needed at all?

Kim

2011-11-15 04:10:48

by Varun Wadekar

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware


>> Why?
> To avoid redundant work; there's little point memset()ing a region that's
> going to be copied over the top of immediately afterwards.
>

The length used for memset is different from the length being copied
over. I am initially memsetting the entire key struct (which contains
the key + original IV + updated IV) and then copying only the key. Down
the line we copy the original IV and/or the updated IV in this memory space.

2011-11-15 16:10:09

by Stephen Warren

[permalink] [raw]
Subject: RE: [PATCH v1] crypto: driver for tegra AES hardware

Varun Wadekar wrote at Monday, November 14, 2011 9:11 PM:
> >> Why?
> > To avoid redundant work; there's little point memset()ing a region that's
> > going to be copied over the top of immediately afterwards.
> >
>
> The length used for memset is different from the length being copied
> over. I am initially memsetting the entire key struct (which contains
> the key + original IV + updated IV) and then copying only the key. Down
> the line we copy the original IV and/or the updated IV in this memory space.

That doesn't make the duplicate memset/copy cease to be redundant.

Why not copy the key to where it goes, then memset the rest of the data;
wouldn't that be as simple as:

memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
memset(dd->ivkey_base + ctx->keylen, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - ctx->keylen);

Related to this, I wonder why:

/*
* The key table length is 64 bytes
* (This includes first upto 32 bytes key + 16 bytes original initial vector
* and 16 bytes updated initial vector)
*/
#define AES_HW_KEY_TABLE_LENGTH_BYTES 64

Yet:

dd->ivkey_base = dma_alloc_coherent(dev, SZ_512, &dd->ivkey_phys_base, ...

Why is SZ_512 used to during alloc instead of AES_HW_KEY_TABLE_LENGTH_BYTES?

--
nvpublic

2011-11-16 07:14:50

by Varun Wadekar

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware


> That doesn't make the duplicate memset/copy cease to be redundant.
>
> Why not copy the key to where it goes, then memset the rest of the data;
> wouldn't that be as simple as:
>
> memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
> memset(dd->ivkey_base + ctx->keylen, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - ctx->keylen);

Seems like the same thing to me. Kim is inclined towards removing the
memset completely, which I think should not be done. We need the memset
to clear the entire key table.

> Related to this, I wonder why:
>
> /*
> * The key table length is 64 bytes
> * (This includes first upto 32 bytes key + 16 bytes original initial vector
> * and 16 bytes updated initial vector)
> */
> #define AES_HW_KEY_TABLE_LENGTH_BYTES 64
>
> Yet:
>
> dd->ivkey_base = dma_alloc_coherent(dev, SZ_512, &dd->ivkey_phys_base, ...
>
> Why is SZ_512 used to during alloc instead of AES_HW_KEY_TABLE_LENGTH_BYTES?

Correct. Will fix this.

2011-11-16 08:57:20

by Kim Phillips

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware

On Wed, 16 Nov 2011 12:44:50 +0530
Varun Wadekar <[email protected]> wrote:

> > That doesn't make the duplicate memset/copy cease to be redundant.
> >
> > Why not copy the key to where it goes, then memset the rest of the data;
> > wouldn't that be as simple as:
> >
> > memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
> > memset(dd->ivkey_base + ctx->keylen, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - ctx->keylen);
>
> Seems like the same thing to me.

it's not - it saves writes.

> Kim is inclined towards removing the
> memset completely, which I think should not be done. We need the memset
> to clear the entire key table.

why do you need to clear the entire key table if it will be
overwritten anyway?

Kim

2011-11-16 09:05:00

by Varun Wadekar

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware


> it's not - it saves writes.

Are you ok with this solution? Either way I wan to start with a clear
key table before programming the hardware.

> why do you need to clear the entire key table if it will be
> overwritten anyway?

If you set a > 128-bit key and then set a 128-bit key, the remaining
bits still remain in the key table. Similarly, if we use updated IV in
one operation and want to use the initial IV for the next, the updated
IV will still remain in the key table. The entire key table is copied to
the AES engine. Even though, we program the engine with the exact number
of bits to use for the key and whether to use the updated/initial IV, I
feel its better if the unused bits are zero instead of having garbage.

2011-11-16 09:17:03

by Kim Phillips

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware

On Wed, 16 Nov 2011 14:35:00 +0530
Varun Wadekar <[email protected]> wrote:

>
> > it's not - it saves writes.
>
> Are you ok with this solution? Either way I wan to start with a clear
> key table before programming the hardware.

the hardware doesn't care.

> > why do you need to clear the entire key table if it will be
> > overwritten anyway?
>
> If you set a > 128-bit key and then set a 128-bit key, the remaining
> bits still remain in the key table. Similarly, if we use updated IV in
> one operation and want to use the initial IV for the next, the updated
> IV will still remain in the key table. The entire key table is copied to
> the AES engine. Even though, we program the engine with the exact number
> of bits to use for the key and whether to use the updated/initial IV, I
> feel its better if the unused bits are zero instead of having garbage.

you're losing free performance.

Kim

2011-11-16 12:28:45

by Varun Wadekar

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware


>>> why do you need to clear the entire key table if it will be
>>> overwritten anyway?
>> If you set a > 128-bit key and then set a 128-bit key, the remaining
>> bits still remain in the key table. Similarly, if we use updated IV in
>> one operation and want to use the initial IV for the next, the updated
>> IV will still remain in the key table. The entire key table is copied to
>> the AES engine. Even though, we program the engine with the exact number
>> of bits to use for the key and whether to use the updated/initial IV, I
>> feel its better if the unused bits are zero instead of having garbage.
> you're losing free performance.

I am really not comfortable having garbage in the keytable. Can you
suggest another way to ensure this?

2011-11-17 11:29:22

by Varun Wadekar

[permalink] [raw]
Subject: Re: [PATCH v1] crypto: driver for tegra AES hardware


>> you're losing free performance.
> I am really not comfortable having garbage in the keytable.

Kim, do you have any other solution in mind?