From: Kamil Konieczny Subject: [PATCH] crypto: s5p-sss: Add HASH support for Exynos Date: Wed, 13 Sep 2017 14:44:32 +0200 Message-ID: <51b3b386-22c0-7663-6f54-d166ebebd332@partner.samsung.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Cc: Krzysztof Kozlowski , Herbert Xu , Vladimir Zapolskiy , linux-samsung-soc@vger.kernel.org, linux-kernel@vger.kernel.org To: linux-crypto@vger.kernel.org Return-path: Received: from mailout1.w1.samsung.com ([210.118.77.11]:34961 "EHLO mailout1.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751773AbdIMMoi (ORCPT ); Wed, 13 Sep 2017 08:44:38 -0400 Content-language: en-US Sender: linux-crypto-owner@vger.kernel.org List-ID: Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW. It uses the crypto framework asynchronous hash api. It is based on omap-sham.c driver. S5P has some HW differencies and is not implemented. Modifications in s5p-sss: - Add hash supporting structures and functions. - Modify irq handler to handle both aes and hash signals. - Disable HASH in probe if Exynos PRNG is enabled. - Add new copyright line and new author. - Tested on Odroid-U3 with Exynos 4412 CPU, kernel 4.13-rc6 with crypto run-time self test testmgr and with tcrypt module with: modprobe tcrypt sec=1 mode=N where N=402, 403, 404 (MD5, SHA1, SHA256). Modifications in drivers/crypto/Kconfig: - Select sw algorithms MD5, SHA1 and SHA256 in S5P as they are nedded for fallback. Signed-off-by: Kamil Konieczny --- drivers/crypto/Kconfig | 6 + drivers/crypto/s5p-sss.c | 2062 +++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 1939 insertions(+), 129 deletions(-) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index fe33c199fc1a..a8bc7e73c6bc 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -434,10 +434,16 @@ config CRYPTO_DEV_S5P depends on HAS_IOMEM && HAS_DMA select CRYPTO_AES select CRYPTO_BLKCIPHER + select CRYPTO_SHA1 + select CRYPTO_MD5 + select CRYPTO_SHA256 help This option allows you to have support for S5P crypto acceleration. Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES algorithms execution. + Select this to offload Exynos from HASH MD5/SHA1/SHA256. + HASH algorithms will be disabled in runtime if EXYNOS_RNG + was enabled due to hw conflict. config CRYPTO_DEV_NX bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration" diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 7ac657f46d15..ed2739198508 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -1,18 +1,21 @@ /* * Cryptographic API. * - * Support for Samsung S5PV210 HW acceleration. + * Support for Samsung S5PV210 and Exynos HW acceleration. * * Copyright (C) 2011 NetUP Inc. All rights reserved. + * Copyright (c) 2017 Samsung Electronics Co., Ltd. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as published * by the Free Software Foundation. * + * Hash part based on omap-sham.c driver. */ #include #include +#include #include #include #include @@ -30,28 +33,67 @@ #include #include +#include +#include +#include +#include + #define _SBF(s, v) ((v) << (s)) +#ifdef DEBUG + +static int flow_debug_logging; +static int flow_debug_dump; + +/* from crypto/bcm/util.h */ +#define FLOW_LOG(...) \ + do { \ + if (flow_debug_logging) { \ + printk(__VA_ARGS__); \ + } \ + } while (0) +#define FLOW_DUMP(msg, var, var_len) \ + do { \ + if (flow_debug_dump) { \ + print_hex_dump(KERN_ALERT, msg, DUMP_PREFIX_NONE, \ + 16, 1, var, var_len, false); \ + } \ + } while (0) +#else /* !DEBUG */ + +#define FLOW_LOG(...) do {} while (0) +#define FLOW_DUMP(msg, var, var_len) do {} while (0) + +#endif /* DEBUG */ + /* Feed control registers */ #define SSS_REG_FCINTSTAT 0x0000 +#define SSS_FCINTSTAT_HPARTINT BIT(7) +#define SSS_FCINTSTAT_HDONEINT BIT(5) #define SSS_FCINTSTAT_BRDMAINT BIT(3) #define SSS_FCINTSTAT_BTDMAINT BIT(2) #define SSS_FCINTSTAT_HRDMAINT BIT(1) #define SSS_FCINTSTAT_PKDMAINT BIT(0) #define SSS_REG_FCINTENSET 0x0004 +#define SSS_FCINTENSET_HPARTINTENSET BIT(7) +#define SSS_FCINTENSET_HDONEINTENSET BIT(5) #define SSS_FCINTENSET_BRDMAINTENSET BIT(3) #define SSS_FCINTENSET_BTDMAINTENSET BIT(2) #define SSS_FCINTENSET_HRDMAINTENSET BIT(1) #define SSS_FCINTENSET_PKDMAINTENSET BIT(0) #define SSS_REG_FCINTENCLR 0x0008 +#define SSS_FCINTENCLR_HPARTINTENCLR BIT(7) +#define SSS_FCINTENCLR_HDONEINTENCLR BIT(5) #define SSS_FCINTENCLR_BRDMAINTENCLR BIT(3) #define SSS_FCINTENCLR_BTDMAINTENCLR BIT(2) #define SSS_FCINTENCLR_HRDMAINTENCLR BIT(1) #define SSS_FCINTENCLR_PKDMAINTENCLR BIT(0) #define SSS_REG_FCINTPEND 0x000C +#define SSS_FCINTPEND_HPARTINTP BIT(7) +#define SSS_FCINTPEND_HDONEINTP BIT(5) #define SSS_FCINTPEND_BRDMAINTP BIT(3) #define SSS_FCINTPEND_BTDMAINTP BIT(2) #define SSS_FCINTPEND_HRDMAINTP BIT(1) @@ -72,6 +114,7 @@ #define SSS_HASHIN_INDEPENDENT _SBF(0, 0x00) #define SSS_HASHIN_CIPHER_INPUT _SBF(0, 0x01) #define SSS_HASHIN_CIPHER_OUTPUT _SBF(0, 0x02) +#define SSS_HASHIN_MASK _SBF(0, 0x03) #define SSS_REG_FCBRDMAS 0x0020 #define SSS_REG_FCBRDMAL 0x0024 @@ -146,9 +189,119 @@ #define AES_KEY_LEN 16 #define CRYPTO_QUEUE_LEN 1 +/* HASH registers */ +#define SSS_REG_HASH_CTRL 0x00 + +#define SSS_HASH_USER_IV_EN BIT(5) +#define SSS_HASH_INIT_BIT BIT(4) +#define SSS_HASH_ENGINE_SHA1 _SBF(1, 0x00) +#define SSS_HASH_ENGINE_MD5 _SBF(1, 0x01) +#define SSS_HASH_ENGINE_SHA256 _SBF(1, 0x02) + +#define SSS_HASH_ENGINE_MASK _SBF(1, 0x03) + +#define SSS_REG_HASH_CTRL_PAUSE 0x04 + +#define SSS_HASH_PAUSE BIT(0) + +#define SSS_REG_HASH_CTRL_FIFO 0x08 + +#define SSS_HASH_FIFO_MODE_DMA BIT(0) +#define SSS_HASH_FIFO_MODE_CPU 0 + +#define SSS_REG_HASH_CTRL_SWAP 0x0c + +#define SSS_HASH_BYTESWAP_DI BIT(3) +#define SSS_HASH_BYTESWAP_DO BIT(2) +#define SSS_HASH_BYTESWAP_IV BIT(1) +#define SSS_HASH_BYTESWAP_KEY BIT(0) + +#define SSS_REG_HASH_STATUS 0x10 + +#define SSS_HASH_STATUS_MSG_DONE BIT(6) +#define SSS_HASH_STATUS_PARTIAL_DONE BIT(4) +#define SSS_HASH_STATUS_BUFFER_READY BIT(0) + +#define SSS_REG_HASH_MSG_SIZE_LOW 0x20 +#define SSS_REG_HASH_MSG_SIZE_HIGH 0x24 + +#define SSS_REG_HASH_PRE_MSG_SIZE_LOW 0x28 +#define SSS_REG_HASH_PRE_MSG_SIZE_HIGH 0x2c + +#define SSS_REG_TYPE u32 +#define HASH_MAX_REG 16 +#define HASH_REG_SIZEOF sizeof(SSS_REG_TYPE) + +#define HASH_BLOCK_SIZE (HASH_MAX_REG*HASH_REG_SIZEOF) + +#define HASH_MD5_MAX_REG (MD5_DIGEST_SIZE / HASH_REG_SIZEOF) +#define HASH_SHA1_MAX_REG (SHA1_DIGEST_SIZE / HASH_REG_SIZEOF) +#define HASH_SHA256_MAX_REG (SHA256_DIGEST_SIZE / HASH_REG_SIZEOF) + +#define SSS_REG_HASH_IV(s) (0xB0 + ((s) << 2)) +#define SSS_REG_HASH_OUT(s) (0x100 + ((s) << 2)) + +#define DEFAULT_TIMEOUT_INTERVAL HZ + +#define DEFAULT_AUTOSUSPEND_DELAY 1000 + +/* HASH flags */ +#define HASH_FLAGS_BUSY 0 +#define HASH_FLAGS_FINAL 1 +#define HASH_FLAGS_DMA_ACTIVE 2 +#define HASH_FLAGS_OUTPUT_READY 3 +#define HASH_FLAGS_INIT 4 +#define HASH_FLAGS_DMA_READY 6 + +#define HASH_FLAGS_SGS_COPIED 9 +#define HASH_FLAGS_SGS_ALLOCED 10 +/* HASH context flags */ +#define HASH_FLAGS_FINUP 16 +#define HASH_FLAGS_ERROR 17 + +#define HASH_FLAGS_MODE_MD5 18 +#define HASH_FLAGS_MODE_SHA1 19 +#define HASH_FLAGS_MODE_SHA256 20 + +#define HASH_FLAGS_MODE_MASK (BIT(18) | BIT(19) | BIT(20)) +/* HASH op codes */ +#define HASH_OP_UPDATE 1 +#define HASH_OP_FINAL 2 + +/* HASH HW constants */ +#define HASH_ALIGN_MASK (HASH_BLOCK_SIZE-1) + +#define BUFLEN HASH_BLOCK_SIZE + +#define SSS_DMA_ALIGN 16 +#define SSS_ALIGNED __attribute__((aligned(SSS_DMA_ALIGN))) +#define SSS_DMA_ALIGN_MASK (SSS_DMA_ALIGN-1) + +/* HASH queue constant */ +#define SSS_HASH_QUEUE_LENGTH 10 + +/** + * struct sss_hash_algs_info - platform specific SSS HASH algorithms + * @algs_list: array of transformations (algorithms) + * @size: size + * @registered: counter used at probe/remove + * + * Specifies platform specific information about hash algorithms + * of SSS module. + */ +struct sss_hash_algs_info { + struct ahash_alg *algs_list; + unsigned int size; + unsigned int registered; +}; + /** * struct samsung_aes_variant - platform specific SSS driver data * @aes_offset: AES register offset from SSS module's base. + * @hash_offset: HASH register offset from SSS module's base. + * + * @hash_algs_info: HASH transformations provided by SS module + * @hash_algs_size: size of hash_algs_info * * Specifies platform specific configuration of SSS module. * Note: A structure for driver specific platform data is used for future @@ -156,6 +309,10 @@ */ struct samsung_aes_variant { unsigned int aes_offset; + unsigned int hash_offset; + + struct sss_hash_algs_info *hash_algs_info; + unsigned int hash_algs_size; }; struct s5p_aes_reqctx { @@ -175,7 +332,7 @@ struct s5p_aes_ctx { * @dev: Associated device * @clk: Clock for accessing hardware * @ioaddr: Mapped IO memory region - * @aes_ioaddr: Per-varian offset for AES block IO memory + * @aes_ioaddr: Per-variant offset for AES block IO memory * @irq_fc: Feed control interrupt line * @req: Crypto request currently handled by the device * @ctx: Configuration for currently handled crypto request @@ -187,14 +344,28 @@ struct s5p_aes_ctx { * with source data. * @sg_dst_cpy: In case of unaligned access, copied scatter list * with destination data. - * @tasklet: New request scheduling jib + * @tasklet: New request scheduling job * @queue: Crypto queue * @busy: Indicates whether the device is currently handling some request * thus it uses some of the fields from this state, like: * req, ctx, sg_src/dst (and copies). This essentially * protects against concurrent access to these fields. * @lock: Lock for protecting both access to device hardware registers - * and fields related to current request (including the busy field). + * and fields related to current request (including the busy + * field). + * @res: Resources for hash. + * @io_hash_base: Per-variant offset for HASH block IO memory. + * @hash_lock: Lock for protecting hash_req and other HASH variables. + * @hash_err: Error flags for current HASH op. + * @hash_tasklet: New HASH request scheduling job. + * @xmit_buf: Buffer for current HASH request transfer into SSS block. + * @hash_flags: Flags for current HASH op. + * @hash_queue: Async hash queue. + * @hash_req: Current request sending to SSS HASH block. + * @hash_sg_iter: Scatterlist transferred through DMA into SSS HASH block. + * @hash_sg_cnt: Counter for hash_sg_iter. + * + * @pdata: Per-variant algorithms for HASH ops. */ struct s5p_aes_dev { struct device *dev; @@ -215,16 +386,85 @@ struct s5p_aes_dev { struct crypto_queue queue; bool busy; spinlock_t lock; + + struct resource *res; + void __iomem *io_hash_base; + + spinlock_t hash_lock; + int hash_err; + struct tasklet_struct hash_tasklet; + u8 xmit_buf[BUFLEN] SSS_ALIGNED; + + unsigned long hash_flags; + struct crypto_queue hash_queue; + struct ahash_request *hash_req; + struct scatterlist *hash_sg_iter; + int hash_sg_cnt; + + struct samsung_aes_variant *pdata; }; -static struct s5p_aes_dev *s5p_dev; +/** + * struct s5p_hash_reqctx - HASH request context + * @dev: Associated device + * @flags: Bits for current HASH request + * @op: Current request operation (OP_UPDATE or UP_FINAL) + * @digcnt: Number of bytes processed by HW (without buffer[] ones) + * @digest: Digest message or IV for partial result + * @bufcnt: Number of bytes holded in buffer[] + * @buflen: Max length of the input data buffer + * @nregs: Number of HW registers for digest or IV read/write. + * @engine: Flags for setting HASH SSS block. + * @sg: sg for DMA transfer. + * @sg_len: Length of sg for DMA transfer. + * @sgl[]: sg for joining buffer and req->src scatterlist. + * @skip: Skip offset in req->src for current op. + * @total: Total number of bytes for current request. + * @buffer[]: For byte(s) from end of req->src in UPDATE op. + */ +struct s5p_hash_reqctx { + struct s5p_aes_dev *dd; + unsigned long flags; + int op; + + u64 digcnt; + u8 digest[SHA256_DIGEST_SIZE] SSS_ALIGNED; + u32 bufcnt; + u32 buflen; + + int nregs; /* digest_size / sizeof(reg) */ + u32 engine; + + struct scatterlist *sg; + int sg_len; + struct scatterlist sgl[2]; + int skip; /* skip offset in req->src sg */ + unsigned int total; /* total request */ + + u8 buffer[0] SSS_ALIGNED; +}; + +/** + * struct s5p_hash_ctx - HASH transformation context + * @dd: Associated device + * @flags: Bits for algorithm HASH. + * @fallback: Software transformation for zero message or size < BUFLEN. + */ +struct s5p_hash_ctx { + struct s5p_aes_dev *dd; + unsigned long flags; + struct crypto_shash *fallback; +}; -static const struct samsung_aes_variant s5p_aes_data = { +static struct samsung_aes_variant s5p_aes_data = { .aes_offset = 0x4000, + .hash_offset = 0x6000, + .hash_algs_size = 0, }; -static const struct samsung_aes_variant exynos_aes_data = { - .aes_offset = 0x200, +static struct samsung_aes_variant exynos_aes_data = { + .aes_offset = 0x200, + .hash_offset = 0x400, }; static const struct of_device_id s5p_sss_dt_match[] = { @@ -254,6 +494,8 @@ static inline struct samsung_aes_variant *find_s5p_sss_version platform_get_device_id(pdev)->driver_data; } +static struct s5p_aes_dev *s5p_dev; + static void s5p_set_dma_indata(struct s5p_aes_dev *dev, struct scatterlist *sg) { SSS_WRITE(dev, FCBRDMAS, sg_dma_address(sg)); @@ -436,19 +678,89 @@ static int s5p_aes_rx(struct s5p_aes_dev *dev/*, bool *set_dma*/) return ret; } +static inline u32 s5p_hash_read(struct s5p_aes_dev *dd, u32 offset) +{ + return __raw_readl(dd->io_hash_base + offset); +} + +static inline void s5p_hash_write(struct s5p_aes_dev *dd, + u32 offset, u32 value) +{ + __raw_writel(value, dd->io_hash_base + offset); +} + +static inline void s5p_hash_write_mask(struct s5p_aes_dev *dd, u32 address, + u32 value, u32 mask) +{ + u32 val; + + val = s5p_hash_read(dd, address); + val &= ~mask; + val |= value; + s5p_hash_write(dd, address, val); +} + +/** + * s5p_set_dma_hashdata - start DMA with sg + * @dev: device + * @sg: scatterlist ready to DMA transmit + * + * decrement sg counter + * write addr and len into HASH regs + * + * DMA starts after writing length + */ +static void s5p_set_dma_hashdata(struct s5p_aes_dev *dev, + struct scatterlist *sg) +{ + FLOW_LOG("sg_cnt=%d, sg=%p len=%d", dev->hash_sg_cnt, sg, sg->length); + dev->hash_sg_cnt--; + WARN_ON(dev->hash_sg_cnt < 0); + WARN_ON(sg_dma_len(sg) <= 0); + SSS_WRITE(dev, FCHRDMAS, sg_dma_address(sg)); + SSS_WRITE(dev, FCHRDMAL, sg_dma_len(sg)); /* DMA starts */ +} + +/** + * s5p_hash_rx - get next hash_sg_iter + * @dev: device + * + * Return: + * 2 if there is no more data, + * 1 if new receiving (input) data is ready and can be written to + * device + */ +static int s5p_hash_rx(struct s5p_aes_dev *dev) +{ + int ret = 2; + + FLOW_LOG("hash_rx sg_cnt=%d", dev->hash_sg_cnt); + if (dev->hash_sg_cnt > 0) { + dev->hash_sg_iter = sg_next(dev->hash_sg_iter); + ret = 1; + } else { + set_bit(HASH_FLAGS_DMA_READY, &dev->hash_flags); + } + + return ret; +} + static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) { struct platform_device *pdev = dev_id; struct s5p_aes_dev *dev = platform_get_drvdata(pdev); int err_dma_tx = 0; int err_dma_rx = 0; + int err_dma_hx = 0; bool tx_end = false; + bool hx_end = false; unsigned long flags; - uint32_t status; + u32 status, st_bits; int err; - spin_lock_irqsave(&dev->lock, flags); + FLOW_LOG("s5p_sss: irq\n"); + spin_lock_irqsave(&dev->lock, flags); /* * Handle rx or tx interrupt. If there is still data (scatterlist did not * reach end), then map next scatterlist entry. @@ -456,6 +768,8 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) * * If there is no more data in tx scatter list, call s5p_aes_complete() * and schedule new tasklet. + * + * Handle hx interrupt. If there is still data map next entry. */ status = SSS_READ(dev, FCINTSTAT); if (status & SSS_FCINTSTAT_BRDMAINT) @@ -467,7 +781,33 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) err_dma_tx = s5p_aes_tx(dev); } - SSS_WRITE(dev, FCINTPEND, status); + if (status & SSS_FCINTSTAT_HRDMAINT) + err_dma_hx = s5p_hash_rx(dev); + + st_bits = status & (SSS_FCINTSTAT_BRDMAINT | SSS_FCINTSTAT_BTDMAINT | + SSS_FCINTSTAT_HRDMAINT); + /* clear DMA bits */ + SSS_WRITE(dev, FCINTPEND, st_bits); + + /* clear HASH irq bits */ + if (status & (SSS_FCINTSTAT_HDONEINT | SSS_FCINTSTAT_HPARTINT)) { + /* cannot have both HPART and HDONE */ + if (status & SSS_FCINTSTAT_HPARTINT) { + FLOW_LOG("s5p_sss: irq HPART\n"); + st_bits = SSS_HASH_STATUS_PARTIAL_DONE; + } + + if (status & SSS_FCINTSTAT_HDONEINT) { + FLOW_LOG("s5p_sss: irq HDONE\n"); + st_bits = SSS_HASH_STATUS_MSG_DONE; + } + + set_bit(HASH_FLAGS_OUTPUT_READY, &dev->hash_flags); + s5p_hash_write(dev, SSS_REG_HASH_STATUS, st_bits); + hx_end = true; + /* when DONE or PART, do not handle HASH DMA */ + err_dma_hx = 0; + } if (err_dma_rx < 0) { err = err_dma_rx; @@ -478,9 +818,13 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) goto error; } + FLOW_LOG("s5p_sss: hx_end=%d err_dma_hx=%d\n", hx_end, err_dma_hx); if (tx_end) { s5p_sg_done(dev); + if (err_dma_hx == 1) + s5p_set_dma_hashdata(dev, dev->hash_sg_iter); + spin_unlock_irqrestore(&dev->lock, flags); s5p_aes_complete(dev, 0); @@ -497,163 +841,1537 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) s5p_set_dma_outdata(dev, dev->sg_dst); if (err_dma_rx == 1) s5p_set_dma_indata(dev, dev->sg_src); + if (err_dma_hx == 1) + s5p_set_dma_hashdata(dev, dev->hash_sg_iter); spin_unlock_irqrestore(&dev->lock, flags); } - return IRQ_HANDLED; + goto hash_irq_end; error: s5p_sg_done(dev); dev->busy = false; + if (err_dma_hx == 1) + s5p_set_dma_hashdata(dev, dev->hash_sg_iter); + spin_unlock_irqrestore(&dev->lock, flags); s5p_aes_complete(dev, err); +hash_irq_end: + /* + * Note about else if: + * when hash_sg_iter reaches end and its UPDATE op, + * issue SSS_HASH_PAUSE and wait for HPART irq + */ + if (hx_end) + tasklet_schedule(&dev->hash_tasklet); + else if ((err_dma_hx == 2) && + !test_bit(HASH_FLAGS_FINAL, &dev->hash_flags)) + s5p_hash_write(dev, SSS_REG_HASH_CTRL_PAUSE, + SSS_HASH_PAUSE); + return IRQ_HANDLED; } -static void s5p_set_aes(struct s5p_aes_dev *dev, - uint8_t *key, uint8_t *iv, unsigned int keylen) +/** + * s5p_hash_wait - wait for HASH status bit + * @dd: secss device + * @offset: offset for HASH register + * @bit: status bit + */ +static inline int s5p_hash_wait(struct s5p_aes_dev *dd, u32 offset, u32 bit) { - void __iomem *keystart; - - if (iv) - memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, 0x10); + unsigned long timeout = jiffies + DEFAULT_TIMEOUT_INTERVAL; - if (keylen == AES_KEYSIZE_256) - keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(0); - else if (keylen == AES_KEYSIZE_192) - keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(2); - else - keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(4); + FLOW_LOG(__func__); + while (!(s5p_hash_read(dd, offset) & bit)) { + if (time_is_before_jiffies(timeout)) + return -ETIMEDOUT; + } - memcpy_toio(keystart, key, keylen); + return 0; } -static bool s5p_is_sg_aligned(struct scatterlist *sg) +/** + * s5p_hash_read_msg - read message or IV from HW + * @req: AHASH request + */ +static void s5p_hash_read_msg(struct ahash_request *req) { - while (sg) { - if (!IS_ALIGNED(sg->length, AES_BLOCK_SIZE)) - return false; - sg = sg_next(sg); - } + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + struct s5p_aes_dev *dd = ctx->dd; + u32 *hash = (u32 *)ctx->digest; + int i; - return true; + FLOW_LOG(__func__); + for (i = 0; i < ctx->nregs; i++) + hash[i] = s5p_hash_read(dd, SSS_REG_HASH_OUT(i)); } -static int s5p_set_indata_start(struct s5p_aes_dev *dev, - struct ablkcipher_request *req) +/** + * s5p_hash_write_ctx_iv - write IV for next partial/finup op. + * @dd: device + * @ctx: request context + */ +static void s5p_hash_write_ctx_iv(struct s5p_aes_dev *dd, + struct s5p_hash_reqctx *ctx) { - struct scatterlist *sg; - int err; - - dev->sg_src_cpy = NULL; - sg = req->src; - if (!s5p_is_sg_aligned(sg)) { - dev_dbg(dev->dev, - "At least one unaligned source scatter list, making a copy\n"); - err = s5p_make_sg_cpy(dev, sg, &dev->sg_src_cpy); - if (err) - return err; - - sg = dev->sg_src_cpy; - } - - err = s5p_set_indata(dev, sg); - if (err) { - s5p_free_sg_cpy(dev, &dev->sg_src_cpy); - return err; - } + u32 *hash = (u32 *)ctx->digest; + int i; - return 0; + FLOW_LOG(__func__); + for (i = 0; i < ctx->nregs; i++) + s5p_hash_write(dd, SSS_REG_HASH_IV(i), hash[i]); } -static int s5p_set_outdata_start(struct s5p_aes_dev *dev, - struct ablkcipher_request *req) +/** + * s5p_hash_write_iv - write IV for next partial/finup op. + * @req: AHASH request + */ +static void s5p_hash_write_iv(struct ahash_request *req) { - struct scatterlist *sg; - int err; + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + struct s5p_aes_dev *dd = ctx->dd; - dev->sg_dst_cpy = NULL; - sg = req->dst; - if (!s5p_is_sg_aligned(sg)) { - dev_dbg(dev->dev, - "At least one unaligned dest scatter list, making a copy\n"); - err = s5p_make_sg_cpy(dev, sg, &dev->sg_dst_cpy); - if (err) - return err; + s5p_hash_write_ctx_iv(dd, ctx); +} - sg = dev->sg_dst_cpy; - } +/** + * s5p_hash_copy_result - copy digest into req->result + * @req: AHASH request + */ +static void s5p_hash_copy_result(struct ahash_request *req) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + int d = ctx->nregs; - err = s5p_set_outdata(dev, sg); - if (err) { - s5p_free_sg_cpy(dev, &dev->sg_dst_cpy); - return err; - } + FLOW_LOG(__func__); + if (!req->result) + return; - return 0; + FLOW_DUMP("digest msg: ", ctx->digest, d * HASH_REG_SIZEOF); + memcpy(req->result, (u8 *)ctx->digest, d * HASH_REG_SIZEOF); } -static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) +/** + * s5p_hash_dma_flush - flush HASH DMA + * @dev: secss device + */ +static void s5p_hash_dma_flush(struct s5p_aes_dev *dev) { - struct ablkcipher_request *req = dev->req; - uint32_t aes_control; - unsigned long flags; - int err; - - aes_control = SSS_AES_KEY_CHANGE_MODE; - if (mode & FLAGS_AES_DECRYPT) - aes_control |= SSS_AES_MODE_DECRYPT; + FLOW_LOG("s5p_sss: %s\n", __func__); + SSS_WRITE(dev, FCHRDMAC, SSS_FCHRDMAC_FLUSH); +} - if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) - aes_control |= SSS_AES_CHAIN_MODE_CBC; - else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) - aes_control |= SSS_AES_CHAIN_MODE_CTR; +/** + * s5p_hash_dma_enable() + * @dev: secss device + * + * enable DMA mode for HASH + */ +static void s5p_hash_dma_enable(struct s5p_aes_dev *dev) +{ + FLOW_LOG("s5p_sss: %s\n", __func__); + s5p_hash_write(dev, SSS_REG_HASH_CTRL_FIFO, SSS_HASH_FIFO_MODE_DMA); +} - if (dev->ctx->keylen == AES_KEYSIZE_192) - aes_control |= SSS_AES_KEY_SIZE_192; - else if (dev->ctx->keylen == AES_KEYSIZE_256) - aes_control |= SSS_AES_KEY_SIZE_256; +/** + * s5p_hash_irq_disable - disable irq HASH signals + * @dev: secss device + * @flags: bitfield with irq's to be disabled + * + * SSS_FCINTENCLR_HRDMAINTENCLR + * SSS_FCINTENCLR_HDONEINTENCLR + * SSS_FCINTENCLR_HPARTINTENCLR + */ +static void s5p_hash_irq_disable(struct s5p_aes_dev *dev, u32 flags) +{ + FLOW_LOG("s5p_sss: %s\n", __func__); + SSS_WRITE(dev, FCINTENCLR, flags); +} - aes_control |= SSS_AES_FIFO_MODE; +/** + * s5p_hash_irq_enable - enable irq signals + * @dev: secss device + * @flags: bitfield with irq's to be enabled + * + * SSS_FCINTENSET_HRDMAINTENSET + * SSS_FCINTENSET_HDONEINTENSET + * SSS_FCINTENSET_HPARTINTENSET + */ +static void s5p_hash_irq_enable(struct s5p_aes_dev *dev, int flags) +{ + FLOW_LOG("s5p_sss: %s\n", __func__); + SSS_WRITE(dev, FCINTENSET, flags); +} - /* as a variant it is possible to use byte swapping on DMA side */ - aes_control |= SSS_AES_BYTESWAP_DI - | SSS_AES_BYTESWAP_DO - | SSS_AES_BYTESWAP_IV - | SSS_AES_BYTESWAP_KEY - | SSS_AES_BYTESWAP_CNT; +/** + * s5p_hash_set_flow() + * @dev: secss device + * @hashflow: HASH stream flow with/without crypto AES/DES + * + */ +static void s5p_hash_set_flow(struct s5p_aes_dev *dev, u32 hashflow) +{ + unsigned long flags; + u32 flow; + FLOW_LOG("s5p_sss: %s\n", __func__); spin_lock_irqsave(&dev->lock, flags); - SSS_WRITE(dev, FCINTENCLR, - SSS_FCINTENCLR_BTDMAINTENCLR | SSS_FCINTENCLR_BRDMAINTENCLR); - SSS_WRITE(dev, FCFIFOCTRL, 0x00); + flow = SSS_READ(dev, FCFIFOCTRL); - err = s5p_set_indata_start(dev, req); - if (err) - goto indata_error; + hashflow &= SSS_HASHIN_MASK; + flow &= ~SSS_HASHIN_MASK; + flow |= hashflow; - err = s5p_set_outdata_start(dev, req); - if (err) - goto outdata_error; + SSS_WRITE(dev, FCFIFOCTRL, hashflow); - SSS_AES_WRITE(dev, AES_CONTROL, aes_control); - s5p_set_aes(dev, dev->ctx->aes_key, req->info, dev->ctx->keylen); + spin_unlock_irqrestore(&dev->lock, flags); +} - s5p_set_dma_indata(dev, dev->sg_src); - s5p_set_dma_outdata(dev, dev->sg_dst); +/** + * s5p_ahash_dma_init - + * @dev: secss device + * @hashflow: HASH stream flow with/without AES/DES + * + * flush HASH DMA and enable DMA, + * set HASH stream flow inside SecSS HW + * enable HASH irq's HRDMA, HDONE, HPART + */ +static void s5p_ahash_dma_init(struct s5p_aes_dev *dev, u32 hashflow) +{ + FLOW_LOG("s5p_sss: %s\n", __func__); + s5p_hash_irq_disable(dev, SSS_FCINTENCLR_HRDMAINTENCLR | + SSS_FCINTENCLR_HDONEINTENCLR | + SSS_FCINTENCLR_HPARTINTENCLR); + s5p_hash_dma_flush(dev); - SSS_WRITE(dev, FCINTENSET, - SSS_FCINTENSET_BTDMAINTENSET | SSS_FCINTENSET_BRDMAINTENSET); +/* SSS_WRITE(dev, FCHRDMAC, SSS_FCHRDMAC_BYTESWAP); swap on */ - spin_unlock_irqrestore(&dev->lock, flags); + s5p_hash_dma_enable(dev); + s5p_hash_set_flow(dev, hashflow); - return; + s5p_hash_irq_enable(dev, SSS_FCINTENSET_HRDMAINTENSET | + SSS_FCINTENSET_HDONEINTENSET | + SSS_FCINTENSET_HPARTINTENSET); +} -outdata_error: - s5p_unset_indata(dev); +/** + * s5p_hash_hw_init - + * @dev: secss device + */ +static int s5p_hash_hw_init(struct s5p_aes_dev *dev) +{ + set_bit(HASH_FLAGS_INIT, &dev->hash_flags); + s5p_ahash_dma_init(dev, SSS_HASHIN_INDEPENDENT); + + return 0; +} + +/** + * s5p_hash_write_ctrl - + * @dd: secss device + * @length: length for request + * @final: 0=not final + * + * Prepare SSS HASH block for processing bytes in DMA mode. + * If it is called after previous updates, fill up IV words. + * For final, calculate and set lengths for SSS HASH so it can + * finalize hash. + * For partial, set SSS HASH length as 2^63 so it will be never + * reached and set to zero prelow and prehigh. + * + * This function do not start DMA transfer. + */ +static void s5p_hash_write_ctrl(struct s5p_aes_dev *dd, size_t length, + int final) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(dd->hash_req); + u32 configflags, swapflags; + u32 prelow, prehigh, low, high; + u64 tmplen; + + FLOW_LOG("s5p_sss: %s engine: 0x%x digcnt=%lld\n", __func__, + ctx->engine, ctx->digcnt); + configflags = ctx->engine | SSS_HASH_INIT_BIT; + + if (likely(ctx->digcnt)) { + s5p_hash_write_ctx_iv(dd, ctx); + configflags |= SSS_HASH_USER_IV_EN; + } + + if (final) { + /* number of bytes for last part */ + low = length; high = 0; + /* total number of bits prev hashed */ + tmplen = ctx->digcnt * 8; + prelow = (u32)tmplen; + prehigh = (u32)(tmplen >> 32); + FLOW_LOG("s5p_sss: %s final, length=%d tmplen=%llx\n", __func__, + low, tmplen); + } else { + FLOW_LOG("s5p_sss: %s partial\n", __func__); + prelow = 0; prehigh = 0; + low = 0; high = BIT(31); + } + + swapflags = SSS_HASH_BYTESWAP_DI | SSS_HASH_BYTESWAP_DO | + SSS_HASH_BYTESWAP_IV | SSS_HASH_BYTESWAP_KEY; + + s5p_hash_write(dd, SSS_REG_HASH_MSG_SIZE_LOW, low); + s5p_hash_write(dd, SSS_REG_HASH_MSG_SIZE_HIGH, high); + s5p_hash_write(dd, SSS_REG_HASH_PRE_MSG_SIZE_LOW, prelow); + s5p_hash_write(dd, SSS_REG_HASH_PRE_MSG_SIZE_HIGH, prehigh); + + s5p_hash_write(dd, SSS_REG_HASH_CTRL_SWAP, swapflags); + s5p_hash_write(dd, SSS_REG_HASH_CTRL, configflags); +} + +/** + * s5p_hash_xmit_dma - start DMA hash processing + * @dd: secss device + * @length: length for request + * @final: 0=not final + * + * Map ctx->sg into DMA_TO_DEVICE, + * remember sg and cnt in device dd->hash_sg_iter, dd->hash_sg_cnt + * so it can be used in loop inside irq handler. + * Update ctx->digcnt, need this to keep number of processed bytes + * for last final/finup request. + * Set dma address and length, this starts DMA, + * return with -EINPROGRESS. + * HW HASH block will issue signal for irq handler. + */ +static int s5p_hash_xmit_dma(struct s5p_aes_dev *dd, size_t length, + int final) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(dd->hash_req); + int cnt; + + dev_dbg(dd->dev, "xmit_dma: digcnt: %lld, length: %d, final: %d\n", + ctx->digcnt, length, final); + + cnt = dma_map_sg(dd->dev, ctx->sg, ctx->sg_len, DMA_TO_DEVICE); + if (!cnt) { + dev_err(dd->dev, "dma_map_sg error\n"); + set_bit(HASH_FLAGS_ERROR, &ctx->flags); + return -EINVAL; + } + + FLOW_LOG("xmit_dma"); + set_bit(HASH_FLAGS_DMA_ACTIVE, &dd->hash_flags); + + dd->hash_sg_iter = ctx->sg; + dd->hash_sg_cnt = cnt; + FLOW_LOG("xmit_dma cnt=%d final=%d len=%d", cnt, final, length); + + s5p_hash_write_ctrl(dd, length, final); + + /* update digcnt in request */ + ctx->digcnt += length; + ctx->total -= length; + + /* catch last interrupt */ + if (final) + set_bit(HASH_FLAGS_FINAL, &dd->hash_flags); + + s5p_set_dma_hashdata(dd, dd->hash_sg_iter); /* DMA starts */ + + return -EINPROGRESS; +} + +/** + * s5p_hash_copy_sgs - + * @ctx: request context + * @sg: source scatterlist request + * @bs: block size + * @new_len: number of bytes to process from sg + * + * Allocate new buffer, copy data for HASH into it. + * If there was xmit_buf filled, copy it first, then + * copy data from sg into it. + * Prepare one sgl[0] with allocated buffer. + * + * Set ctx->sg to sgl[0]. + * Set flag so we can free it after irq ends processing. + */ +static int s5p_hash_copy_sgs(struct s5p_hash_reqctx *ctx, + struct scatterlist *sg, int bs, int new_len) +{ + int pages; + void *buf; + int len; + + FLOW_LOG("copy_sgs new_len=%d", new_len); + len = new_len + ctx->bufcnt; + + FLOW_LOG("copy_sgs len=%d", len); + pages = get_order(len); /* ctx->total); */ + + buf = (void *)__get_free_pages(GFP_ATOMIC, pages); + if (!buf) { + dev_err(ctx->dd->dev, "alloc pages for unaligned case.\n"); + set_bit(HASH_FLAGS_ERROR, &ctx->flags); + return -ENOMEM; + } + + if (ctx->bufcnt) + memcpy(buf, ctx->dd->xmit_buf, ctx->bufcnt); + + scatterwalk_map_and_copy(buf + ctx->bufcnt, sg, ctx->skip, + new_len, 0); + sg_init_table(ctx->sgl, 1); + sg_set_buf(ctx->sgl, buf, len); + ctx->sg = ctx->sgl; + ctx->sg_len = 1; + ctx->bufcnt = 0; + ctx->skip = 0; + set_bit(HASH_FLAGS_SGS_COPIED, &ctx->dd->hash_flags); + + return 0; +} + +/** + * s5p_hash_copy_sg_lists - + * @rctx: request context + * @sg: source scatterlist request + * @bs: block size + * @new_len: number of bytes to process from sg + * + * Allocate new scatterlist table, copy data for HASH into it. + * If there was xmit_buf filled, prepare it first, then + * copy page, length and offset from source sg into it, + * adjusting begin and/or end for skip offset and hash_later value. + * + * Resulting sg table will be assigned to ctx->sg. + * Set flag so we can free it after irq ends processing. + */ +static int s5p_hash_copy_sg_lists(struct s5p_hash_reqctx *ctx, + struct scatterlist *sg, int bs, int new_len) +{ + int n = sg_nents(sg); + struct scatterlist *tmp; + int offset = ctx->skip; + + FLOW_LOG("copy_sg_lists n=%d", n); + if (ctx->bufcnt) + n++; + + FLOW_LOG("copy_sg_lists n=%d, alloc struct sg", n); + ctx->sg = kmalloc_array(n, sizeof(*sg), GFP_KERNEL); + if (!ctx->sg) { + dev_err(ctx->dd->dev, "alloc sg for unaligned case.\n"); + set_bit(HASH_FLAGS_ERROR, &ctx->flags); + return -ENOMEM; + } + + sg_init_table(ctx->sg, n); + + tmp = ctx->sg; + + ctx->sg_len = 0; + + if (ctx->bufcnt) { + sg_set_buf(tmp, ctx->dd->xmit_buf, ctx->bufcnt); + tmp = sg_next(tmp); + ctx->sg_len++; + } + + while (sg && new_len) { + int len = sg->length - offset; + + if (offset) { + offset -= sg->length; + if (offset < 0) + offset = 0; + } + + if (new_len < len) + len = new_len; + + if (len > 0) { + new_len -= len; + sg_set_page(tmp, sg_page(sg), len, sg->offset); + if (new_len <= 0) + sg_mark_end(tmp); + tmp = sg_next(tmp); + ctx->sg_len++; + } + + sg = sg_next(sg); + } + + set_bit(HASH_FLAGS_SGS_ALLOCED, &ctx->dd->hash_flags); + + ctx->bufcnt = 0; + + return 0; +} + +/** + * s5p_hash_prepare_sgs - + * @sg: source scatterlist request + * @nbytes: number of bytes to process from sg + * @bs: block size + * @final: final flag + * @rctx: request context + * + * Check two conditions: (1) if buffers in sg have len aligned data, + * and (2) sg table have good aligned elements (list_ok) + * If one of this checks fails, then either + * (1) allocates new buffer for data with s5p_hash_copy_sgs, + * copy data into this buffer and prepare request in sgl, or + * (2) allocates new sg table and prepare sg elements + * + * For digest or finup all conditions can be good, and we may not need + * any fixes. + */ +static int s5p_hash_prepare_sgs(struct scatterlist *sg, + int nbytes, int bs, bool final, + struct s5p_hash_reqctx *rctx) +{ + int n = 0; + bool aligned = true; + bool list_ok = true; + struct scatterlist *sg_tmp = sg; + int offset = rctx->skip; + int new_len; + + FLOW_LOG("prepare_sgs nbytes=%d bs=%d, final=%d", nbytes, bs, final); + if (!sg || !sg->length || !nbytes) + return 0; + + new_len = nbytes; + + if (offset) + list_ok = false; + + if (!final) + list_ok = false; + + while (nbytes > 0 && sg_tmp) { + n++; + + if (offset < sg_tmp->length) { +#if 0 + if (!IS_ALIGNED(offset + sg_tmp->offset, 4)) { + aligned = false; + break; + } +#endif + if (!IS_ALIGNED(sg_tmp->length - offset, bs)) { + aligned = false; + break; + } + } + + if (!sg_tmp->length) { + aligned = false; + break; + } + + if (offset) { + offset -= sg_tmp->length; + if (offset < 0) { + nbytes += offset; + offset = 0; + } + } else { + nbytes -= sg_tmp->length; + } + + sg_tmp = sg_next(sg_tmp); + + if (nbytes < 0) { /* when hash_later is > 0 */ + list_ok = false; + break; + } + } + + if (!aligned) + return s5p_hash_copy_sgs(rctx, sg, bs, new_len); + else if (!list_ok) + return s5p_hash_copy_sg_lists(rctx, sg, bs, new_len); + + /* have aligned data from previous operation and/or current + * Note: will enter here only if (digest or finup) and aligned + */ + if (rctx->bufcnt) { + FLOW_LOG("prepare_sgs xmit_buf chained with sg sg_len=%d", n+1); + rctx->sg_len = n; + sg_init_table(rctx->sgl, 2); + sg_set_buf(rctx->sgl, rctx->dd->xmit_buf, rctx->bufcnt); + sg_chain(rctx->sgl, 2, sg); + rctx->sg = rctx->sgl; + rctx->sg_len++; + } else { + FLOW_LOG("prepare_sgs no xmit_buf, original sg sg_len=%d", n); + rctx->sg = sg; + rctx->sg_len = n; + } + + return 0; +} + +/** + * s5p_hash_prepare_request - + * @req: AHASH request + * @update: true if UPDATE op + * + * Note 1: we can have update flag _and_ final flag at the same time. + * Note 2: we enter here when digcnt > BUFLEN (=HASH_BLOCK_SIZE) or + * either req->nbytes or ctx->bufcnt + req->nbytes is > BUFLEN or + * we have final op + */ +static int s5p_hash_prepare_request(struct ahash_request *req, bool update) +{ + struct s5p_hash_reqctx *rctx = ahash_request_ctx(req); + int bs; + int ret; + int nbytes; + bool final = rctx->flags & BIT(HASH_FLAGS_FINUP); + int xmit_len, hash_later; + + FLOW_LOG("prepare_req update=%d final=%d", update, final); + if (!req) + return 0; + + bs = BUFLEN; + + if (update) + nbytes = req->nbytes; + else + nbytes = 0; + + rctx->total = nbytes + rctx->bufcnt; + + FLOW_LOG("prepare_req total=%d", rctx->total); + if (!rctx->total) + return 0; + + FLOW_LOG("prepare_req nbytes=%d bufcnt=%d", nbytes, rctx->bufcnt); + if (nbytes && (!IS_ALIGNED(rctx->bufcnt, BUFLEN))) { + /* bytes left from previous request, so fill up to BUFLEN */ + int len = BUFLEN - rctx->bufcnt % BUFLEN; + + FLOW_LOG("prepare_req fillup buffer, needed len=%d", len); + if (len > nbytes) + len = nbytes; + FLOW_LOG("prepare_req fillup, len=%d", len); + scatterwalk_map_and_copy(rctx->buffer + rctx->bufcnt, req->src, + 0, len, 0); + rctx->bufcnt += len; + nbytes -= len; + rctx->skip = len; + FLOW_LOG("prepare_req nbytes=%d bufcnt=%d skip=%d", + nbytes, rctx->bufcnt, rctx->skip); + } else { + rctx->skip = 0; + FLOW_LOG("prepare_req skip=%d", rctx->skip); + } + + if (rctx->bufcnt) + memcpy(rctx->dd->xmit_buf, rctx->buffer, rctx->bufcnt); + + xmit_len = rctx->total; + if (final) { + hash_later = 0; + FLOW_LOG("prepare_req final, zero hash_later"); + } else { + if (IS_ALIGNED(xmit_len, bs)) + xmit_len -= bs; + else + xmit_len -= xmit_len & (bs - 1); + + hash_later = rctx->total - xmit_len; + WARN_ON(req->nbytes == 0); + WARN_ON(hash_later <= 0); + /* == if bufcnt was BUFLEN */ + WARN_ON(req->nbytes < hash_later); + WARN_ON(rctx->skip > (req->nbytes - hash_later)); + /* copy hash_later bytes from end of req->src */ + /* previous bytes are in xmit_buf, so no overwrite */ + FLOW_LOG("prepare_req copy tail to buffer, off=%d, count=%d", + req->nbytes - hash_later, hash_later); + scatterwalk_map_and_copy(rctx->buffer, req->src, + req->nbytes - hash_later, + hash_later, 0); + } + + WARN_ON(hash_later < 0); + WARN_ON(nbytes < hash_later); + + if (xmit_len > bs) { + FLOW_LOG("prepare_req xmit_len > bs %d %d", xmit_len, bs); + WARN_ON(nbytes <= hash_later); + ret = s5p_hash_prepare_sgs(req->src, nbytes - hash_later, bs, + final, rctx); + if (ret) + return ret; + } else { + /* have buffered data only */ + FLOW_LOG("prepare_req data xmit_len=%d, bufcnt=%d", + xmit_len, rctx->bufcnt); + if (unlikely(!rctx->bufcnt)) { + /* first update didn't fill up buffer */ + WARN_ON(xmit_len != BUFLEN); + scatterwalk_map_and_copy(rctx->dd->xmit_buf, req->src, + 0, xmit_len, 0); + } + + sg_init_table(rctx->sgl, 1); + sg_set_buf(rctx->sgl, rctx->dd->xmit_buf, xmit_len); + + rctx->sg = rctx->sgl; + rctx->sg_len = 1; + } + + FLOW_LOG("prepare_req hash_later=%d", hash_later); + rctx->bufcnt = hash_later; + if (!final) + rctx->total = xmit_len; + + return 0; +} + +/** + * s5p_hash_update_dma_stop() + * @dd: secss device + * + * Unmap scatterlist ctx->sg. + */ +static int s5p_hash_update_dma_stop(struct s5p_aes_dev *dd) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(dd->hash_req); + + dma_unmap_sg(dd->dev, ctx->sg, ctx->sg_len, DMA_TO_DEVICE); + + clear_bit(HASH_FLAGS_DMA_ACTIVE, &dd->hash_flags); + + return 0; +} + +/** + * s5p_hash_update_req - process AHASH request + * @dd: device s5p_aes_dev + * + * Processes the input data from AHASH request using DMA + * + * Current request should have ctx->sg prepared before. + * + * Returns: see s5p_hash_final below. + */ +static int s5p_hash_update_req(struct s5p_aes_dev *dd) +{ + struct ahash_request *req = dd->hash_req; + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + int err; + bool final = ctx->flags & BIT(HASH_FLAGS_FINUP); + + dev_dbg(dd->dev, "update_req: total: %u, digcnt: %lld, finup: %d\n", + ctx->total, ctx->digcnt, final); + + err = s5p_hash_xmit_dma(dd, ctx->total, final); + + /* wait for dma completion before can take more data */ + dev_dbg(dd->dev, "update: err: %d, digcnt: %lld\n", err, ctx->digcnt); + + return err; +} + +/** + * s5p_hash_final_req - process the final AHASH request + * @dd: device s5p_aes_dev + * + * Processes the input data from the last AHASH request + * using . Resets the buffer counter (ctx->bufcnt) + * + * Returns: see s5p_hash_final below. + */ +static int s5p_hash_final_req(struct s5p_aes_dev *dd) +{ + struct ahash_request *req = dd->hash_req; + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + int err = 0; + + err = s5p_hash_xmit_dma(dd, ctx->total, 1); + ctx->bufcnt = 0; + dev_dbg(dd->dev, "final_req: err: %d\n", err); + + return err; +} + +/** + * s5p_hash_finish - copy calculated digest to crypto layer + * @req: AHASH request + * + * Copies the calculated hash value to the buffer provided + * by req->result + * + * Returns 0 on success and negative values on error. + */ +static int s5p_hash_finish(struct ahash_request *req) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + struct s5p_aes_dev *dd = ctx->dd; + int err = 0; + + if (ctx->digcnt) + s5p_hash_copy_result(req); + + dev_dbg(dd->dev, "digcnt: %lld, bufcnt: %d\n", ctx->digcnt, + ctx->bufcnt); + + return err; +} + +/** + * s5p_hash_finish_req - finish request + * @req: AHASH request + * @err: error + * + * Clear flags, free memory, + * if FINAL then read output into ctx->digest, + * call completetion + */ +static void s5p_hash_finish_req(struct ahash_request *req, int err) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + struct s5p_aes_dev *dd = ctx->dd; + + FLOW_LOG("s5p_sss: hash_finish_req\n"); + + if (test_bit(HASH_FLAGS_SGS_COPIED, &dd->hash_flags)) + free_pages((unsigned long)sg_virt(ctx->sg), + get_order(ctx->sg->length)); + + if (test_bit(HASH_FLAGS_SGS_ALLOCED, &dd->hash_flags)) + kfree(ctx->sg); + + ctx->sg = NULL; + + dd->hash_flags &= ~(BIT(HASH_FLAGS_SGS_ALLOCED) | + BIT(HASH_FLAGS_SGS_COPIED)); + + if (!err && !test_bit(HASH_FLAGS_ERROR, &ctx->flags)) { + FLOW_LOG("s5p_sss: hash__finish_req read msg\n"); + s5p_hash_read_msg(req); + if (test_bit(HASH_FLAGS_FINAL, &dd->hash_flags)) + err = s5p_hash_finish(req); + } else { + FLOW_LOG("s5p_sss: hash__finish_req error, no read msg\n"); + ctx->flags |= BIT(HASH_FLAGS_ERROR); + } + + /* atomic operation is not needed here */ + dd->hash_flags &= ~(BIT(HASH_FLAGS_BUSY) | BIT(HASH_FLAGS_FINAL) | + BIT(HASH_FLAGS_DMA_READY) | + BIT(HASH_FLAGS_OUTPUT_READY)); + + if (req->base.complete) + req->base.complete(&req->base, err); +} + +/** + * s5p_hash_handle_queue - handle hash queue + * @dd: device s5p_aes_dev + * @req: AHASH request + * + * If req!=NULL enqueue it + * + * Enqueues the current AHASH request on dd->queue and + * if FLAGS_BUSY is not set on the device then processes + * the first request from the dd->queue + * + * Returns: see s5p_hash_final below. + */ +static int s5p_hash_handle_queue(struct s5p_aes_dev *dd, + struct ahash_request *req) +{ + struct crypto_async_request *async_req, *backlog; + struct s5p_hash_reqctx *ctx; + unsigned long flags; + int err = 0, ret = 0; + +retry: + FLOW_LOG("s5p_sss: hash_handle_queue\n"); + spin_lock_irqsave(&dd->hash_lock, flags); + if (req) + ret = ahash_enqueue_request(&dd->hash_queue, req); + if (test_bit(HASH_FLAGS_BUSY, &dd->hash_flags)) { + spin_unlock_irqrestore(&dd->hash_lock, flags); + FLOW_LOG("s5p_sss: hash_handle_queue - exit, busy\n"); + return ret; + } + backlog = crypto_get_backlog(&dd->hash_queue); + async_req = crypto_dequeue_request(&dd->hash_queue); + if (async_req) + set_bit(HASH_FLAGS_BUSY, &dd->hash_flags); + spin_unlock_irqrestore(&dd->hash_lock, flags); + + if (!async_req) { + FLOW_LOG("s5p_sss: hash_handle_queue - exit, empty\n"); + return ret; + } + + FLOW_LOG("s5p_sss: hash_handle_queue - backlog\n"); + if (backlog) + backlog->complete(backlog, -EINPROGRESS); + + FLOW_LOG("s5p_sss: hash_handle_queue - async_req\n"); + req = ahash_request_cast(async_req); + dd->hash_req = req; + ctx = ahash_request_ctx(req); + + FLOW_LOG("s5p_sss: hash_handle_queue - prepare_req\n"); + err = s5p_hash_prepare_request(req, ctx->op == HASH_OP_UPDATE); + if (err || !ctx->total) + goto err1; + + dev_dbg(dd->dev, "handling new req, op: %u, nbytes: %d\n", + ctx->op, req->nbytes); + + err = s5p_hash_hw_init(dd); + if (err) + goto err1; + + dd->hash_err = 0; + if (ctx->digcnt) + /* request has changed - restore hash */ + s5p_hash_write_iv(req); + + if (ctx->op == HASH_OP_UPDATE) { + FLOW_LOG("s5p_sss: hash_handle_queue - op=UPDATE, finup=%d\n", + (ctx->flags & BIT(HASH_FLAGS_FINUP)) != 0); + err = s5p_hash_update_req(dd); + if (err != -EINPROGRESS && + (ctx->flags & BIT(HASH_FLAGS_FINUP))) + /* no final() after finup() */ + err = s5p_hash_final_req(dd); + } else if (ctx->op == HASH_OP_FINAL) { + FLOW_LOG("s5p_sss: hash_handle_queue - op=FINAL\n"); + err = s5p_hash_final_req(dd); + } +err1: + dev_dbg(dd->dev, "exit, err: %d\n", err); + + if (err != -EINPROGRESS) { + /* hash_tasklet_cb will not finish it, so do it here */ + s5p_hash_finish_req(req, err); + req = NULL; + + /* + * Execute next request immediately if there is anything + * in queue. + */ + FLOW_LOG("s5p_sss: hash_handle_queue - retry\n"); + goto retry; + } + + FLOW_LOG("s5p_sss: hash_handle_queue - exit, ret=%d\n", ret); + + return ret; +} + +/** + * s5p_hash_tasklet_cb - hash tasklet + * @data: ptr to s5p_aes_dev + * + */ +static void s5p_hash_tasklet_cb(unsigned long data) +{ + struct s5p_aes_dev *dd = (struct s5p_aes_dev *)data; + int err = 0; + + FLOW_LOG("s5p_sss: hash_tasklet\n"); + if (!test_bit(HASH_FLAGS_BUSY, &dd->hash_flags)) { + FLOW_LOG("s5p_sss: hash_tasklet not BUSY, handle queue\n"); + s5p_hash_handle_queue(dd, NULL); + return; + } + + if (test_bit(HASH_FLAGS_DMA_READY, &dd->hash_flags)) { + FLOW_LOG("s5p_sss: hash_tasklet DMA_READY\n"); + if (test_and_clear_bit(HASH_FLAGS_DMA_ACTIVE, + &dd->hash_flags)) { + FLOW_LOG("s5p_sss: hash_tasklet DMA_ACTIVE cleared\n"); + s5p_hash_update_dma_stop(dd); + if (dd->hash_err) { + FLOW_LOG("s5p_sss: hash_tasklet hash_error\n"); + err = dd->hash_err; + goto finish; + } + } + if (test_and_clear_bit(HASH_FLAGS_OUTPUT_READY, + &dd->hash_flags)) { + /* hash or semi-hash ready */ + FLOW_LOG("s5p_sss: hash_tasklet OUTPUT_READY\n"); + clear_bit(HASH_FLAGS_DMA_READY, &dd->hash_flags); + goto finish; + } + } + + return; + +finish: + FLOW_LOG("s5p_sss: hash_tasklet finish\n"); + dev_dbg(dd->dev, "update done: err: %d\n", err); + /* finish curent request */ + s5p_hash_finish_req(dd->hash_req, err); + + /* If we are not busy, process next req */ + if (!test_bit(HASH_FLAGS_BUSY, &dd->hash_flags)) + s5p_hash_handle_queue(dd, NULL); +} + +/** + * s5p_hash_enqueue - enqueue request + * @req: AHASH request + * @op: operation UPDATE or FINAL + * + * Sets the operation flag in the AHASH request context + * structure and calls s5p_hash_handle_queue(). + * + * Returns: see s5p_hash_final below. + */ +static int s5p_hash_enqueue(struct ahash_request *req, unsigned int op) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + struct s5p_hash_ctx *tctx = crypto_tfm_ctx(req->base.tfm); + struct s5p_aes_dev *dd = tctx->dd; + + ctx->op = op; + + return s5p_hash_handle_queue(dd, req); +} + +/** + * s5p_hash_update - process the hash input data + * @req: AHASH request + * + * If request will fit in buffer, copy it and return immediately + * else enqueue it wit OP_UPDATE. + * + * Returns: see s5p_hash_final below. + */ +static int s5p_hash_update(struct ahash_request *req) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + + FLOW_LOG("hash update len=%d", req->nbytes); + if (!req->nbytes) + return 0; + + FLOW_DUMP("upd: ", req->src, req->nbytes); + if (ctx->bufcnt + req->nbytes <= BUFLEN) { + scatterwalk_map_and_copy(ctx->buffer + ctx->bufcnt, req->src, + 0, req->nbytes, 0); + ctx->bufcnt += req->nbytes; + return 0; + } + + return s5p_hash_enqueue(req, HASH_OP_UPDATE); +} + +/** + * s5p_hash_shash_digest - calculate shash digest + * @tfm: crypto transformation + * @flags: tfm flags + * @data: input data + * @len: length of data + * @out: output buffer + */ +static int s5p_hash_shash_digest(struct crypto_shash *tfm, u32 flags, + const u8 *data, unsigned int len, u8 *out) +{ + SHASH_DESC_ON_STACK(shash, tfm); + + shash->tfm = tfm; + shash->flags = flags & CRYPTO_TFM_REQ_MAY_SLEEP; + + return crypto_shash_digest(shash, data, len, out); +} + +/** + * s5p_hash_final_shash - calculate shash digest + * @req: AHASH request + * + * calculate digest from ctx->buffer, + * with data length ctx->bufcnt, + * store digest in req->result + */ +static int s5p_hash_final_shash(struct ahash_request *req) +{ + struct s5p_hash_ctx *tctx = crypto_tfm_ctx(req->base.tfm); + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + + return s5p_hash_shash_digest(tctx->fallback, req->base.flags, + ctx->buffer, ctx->bufcnt, req->result); +} + +/** + * s5p_hash_final - close up hash and calculate digest + * @req: AHASH request + * + * Set FLAGS_FINUP flag for the current AHASH request context. + * + * If there were no input data processed yet and the buffered + * hash data is less than BUFLEN (64) then calculate the final + * hash immediately by using SW algorithm fallback. + * + * Otherwise enqueues the current AHASH request with OP_FINAL + * operation flag and finalize hash message in HW. + * Note that if digcnt!=0 then there were previous update op, + * so there are always some buffered bytes in ctx->buffer, + * which means that ctx->bufcnt!=0 + * + * Returns: + * 0 if the request has been processed immediately, + * -EINPROGRESS if the operation has been queued for later + * execution or is set to processing by HW, + * -EBUSY if queue is full and request should be resubmitted later, + * other negative values on error. + * + * Note: req->src do not have any data + */ +static int s5p_hash_final(struct ahash_request *req) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + + FLOW_LOG("hash final"); + ctx->flags |= BIT(HASH_FLAGS_FINUP); + + if (ctx->flags & BIT(HASH_FLAGS_ERROR)) + return -EINVAL; /* uncompleted hash is not needed */ + + /* + * If message is small (digcnt==0) and buffersize is less + * than BUFLEN, we use fallback, as using DMA + HW in this + * case doesn't provide any benefit. + * This is also the case for zero-length message. + */ + FLOW_LOG("hash final digcnt=%lld bufcnt=%d", ctx->digcnt, ctx->bufcnt); + if (!ctx->digcnt && ctx->bufcnt < BUFLEN) + return s5p_hash_final_shash(req); + + WARN_ON(ctx->bufcnt == 0); + + return s5p_hash_enqueue(req, HASH_OP_FINAL); +} + +/** + * s5p_hash_finup - process last req->src and calculate digest + * @req: AHASH request containing the last update data + * + * Set FLAGS_FINUP flag in context. + * + * Call update(req) and exit if it was enqueued or is being processing. + * + * If update returns without enqueue, call final(req). + * + * Return values: see s5p_hash_final above. + */ +static int s5p_hash_finup(struct ahash_request *req) +{ + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + int err1, err2; + + FLOW_LOG("hash finup len=%d", req->nbytes); + ctx->flags |= BIT(HASH_FLAGS_FINUP); + + FLOW_DUMP("fin: ", req->src, req->nbytes); + err1 = s5p_hash_update(req); + if (err1 == -EINPROGRESS || err1 == -EBUSY) + return err1; + /* + * final() has to be always called to cleanup resources + * even if update() failed, except EINPROGRESS + * or calculate digest for small size + */ + err2 = s5p_hash_final(req); + + return err1 ?: err2; +} + +/** + * s5p_hash_init - initialize AHASH request contex + * @req: AHASH request + * + * Init async hash request context. + */ +static int s5p_hash_init(struct ahash_request *req) +{ + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + struct s5p_hash_ctx *tctx = crypto_ahash_ctx(tfm); + struct s5p_hash_reqctx *ctx = ahash_request_ctx(req); + struct s5p_aes_dev *dd = tctx->dd; + + ctx->dd = dd; + ctx->flags = 0; + + dev_dbg(dd->dev, "init: digest size: %d\n", + crypto_ahash_digestsize(tfm)); + + switch (crypto_ahash_digestsize(tfm)) { + case MD5_DIGEST_SIZE: + ctx->flags |= HASH_FLAGS_MODE_MD5; + ctx->engine = SSS_HASH_ENGINE_MD5; + ctx->nregs = HASH_MD5_MAX_REG; + break; + case SHA1_DIGEST_SIZE: + ctx->flags |= HASH_FLAGS_MODE_SHA1; + ctx->engine = SSS_HASH_ENGINE_SHA1; + ctx->nregs = HASH_SHA1_MAX_REG; + break; + case SHA256_DIGEST_SIZE: + ctx->flags |= HASH_FLAGS_MODE_SHA256; + ctx->engine = SSS_HASH_ENGINE_SHA256; + ctx->nregs = HASH_SHA256_MAX_REG; + break; + } + + ctx->bufcnt = 0; + ctx->digcnt = 0; + ctx->total = 0; + ctx->skip = 0; + ctx->buflen = BUFLEN; + + return 0; +} + +/** + * s5p_hash_digest - calculate digest from req->src + * @req: AHASH request + * + * Return values: see s5p_hash_final above. + */ +static int s5p_hash_digest(struct ahash_request *req) +{ + FLOW_LOG("hash digest len=%d", req->nbytes); + FLOW_DUMP("dig: ", req->src, req->nbytes); + + return s5p_hash_init(req) ?: s5p_hash_finup(req); +} + +/** + * s5p_hash_cra_init_alg - init crypto alg transformation + * @tfm: crypto transformation + */ +static int s5p_hash_cra_init_alg(struct crypto_tfm *tfm) +{ + struct s5p_hash_ctx *tctx = crypto_tfm_ctx(tfm); + const char *alg_name = crypto_tfm_alg_name(tfm); + + tctx->dd = s5p_dev; + /* Allocate a fallback and abort if it failed. */ + tctx->fallback = crypto_alloc_shash(alg_name, 0, + CRYPTO_ALG_NEED_FALLBACK); + if (IS_ERR(tctx->fallback)) { + pr_err("fallback alloc fails for '%s'\n", alg_name); + return PTR_ERR(tctx->fallback); + } + + crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), + sizeof(struct s5p_hash_reqctx) + BUFLEN); + + return 0; +} + +/** + * s5p_hash_cra_init - init crypto tfm + * @tfm: crypto transformation + */ +static int s5p_hash_cra_init(struct crypto_tfm *tfm) +{ + return s5p_hash_cra_init_alg(tfm); +} + +/** + * s5p_hash_cra_exit - exit crypto tfm + * @tfm: crypto transformation + * + * free allocated fallback + */ +static void s5p_hash_cra_exit(struct crypto_tfm *tfm) +{ + struct s5p_hash_ctx *tctx = crypto_tfm_ctx(tfm); + + crypto_free_shash(tctx->fallback); + tctx->fallback = NULL; +} + +/** + * s5p_hash_export - export hash state + * @req: AHASH request + * @out: buffer for exported state + */ +static int s5p_hash_export(struct ahash_request *req, void *out) +{ + struct s5p_hash_reqctx *rctx = ahash_request_ctx(req); + + FLOW_LOG("hash export"); + memcpy(out, rctx, sizeof(*rctx) + rctx->bufcnt); + + return 0; +} + +/** + * s5p_hash_import - import hash state + * @req: AHASH request + * @in: buffer with state to be imported from + */ +static int s5p_hash_import(struct ahash_request *req, const void *in) +{ + struct s5p_hash_reqctx *rctx = ahash_request_ctx(req); + const struct s5p_hash_reqctx *ctx_in = in; + + FLOW_LOG("hash import"); + WARN_ON(ctx_in->bufcnt < 0); + WARN_ON(ctx_in->bufcnt > BUFLEN); + memcpy(rctx, in, sizeof(*rctx) + BUFLEN); + + return 0; +} + +/** + * struct algs_sha1_md5 + */ +static struct ahash_alg algs_sha1_md5[] = { +{ + .init = s5p_hash_init, + .update = s5p_hash_update, + .final = s5p_hash_final, + .finup = s5p_hash_finup, + .digest = s5p_hash_digest, + .halg.digestsize = SHA1_DIGEST_SIZE, + .halg.base = { + .cra_name = "sha1", + .cra_driver_name = "exynos-sha1", + .cra_priority = 100, + .cra_flags = CRYPTO_ALG_TYPE_AHASH | + CRYPTO_ALG_KERN_DRIVER_ONLY | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = HASH_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s5p_hash_ctx), + .cra_alignmask = SSS_DMA_ALIGN_MASK, + .cra_module = THIS_MODULE, + .cra_init = s5p_hash_cra_init, + .cra_exit = s5p_hash_cra_exit, + } +}, +{ + .init = s5p_hash_init, + .update = s5p_hash_update, + .final = s5p_hash_final, + .finup = s5p_hash_finup, + .digest = s5p_hash_digest, + .halg.digestsize = MD5_DIGEST_SIZE, + .halg.base = { + .cra_name = "md5", + .cra_driver_name = "exynos-md5", + .cra_priority = 100, + .cra_flags = CRYPTO_ALG_TYPE_AHASH | + CRYPTO_ALG_KERN_DRIVER_ONLY | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = HASH_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s5p_hash_ctx), + .cra_alignmask = SSS_DMA_ALIGN_MASK, + .cra_module = THIS_MODULE, + .cra_init = s5p_hash_cra_init, + .cra_exit = s5p_hash_cra_exit, + } +} +}; + +/** + * struct algs_sha256 + */ +static struct ahash_alg algs_sha256[] = { +{ + .init = s5p_hash_init, + .update = s5p_hash_update, + .final = s5p_hash_final, + .finup = s5p_hash_finup, + .digest = s5p_hash_digest, + .halg.digestsize = SHA256_DIGEST_SIZE, + .halg.base = { + .cra_name = "sha256", + .cra_driver_name = "exynos-sha256", + .cra_priority = 100, + .cra_flags = CRYPTO_ALG_TYPE_AHASH | + CRYPTO_ALG_KERN_DRIVER_ONLY | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = HASH_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s5p_hash_ctx), + .cra_alignmask = SSS_DMA_ALIGN_MASK, + .cra_module = THIS_MODULE, + .cra_init = s5p_hash_cra_init, + .cra_exit = s5p_hash_cra_exit, + } +} +}; + +/** + * struct exynos_hash_algs_info + */ +static struct sss_hash_algs_info exynos_hash_algs_info[] = { + { + .algs_list = algs_sha1_md5, + .size = ARRAY_SIZE(algs_sha1_md5), + }, + { + .algs_list = algs_sha256, + .size = ARRAY_SIZE(algs_sha256), + }, +}; + +static void s5p_set_aes(struct s5p_aes_dev *dev, + uint8_t *key, uint8_t *iv, unsigned int keylen) +{ + void __iomem *keystart; + + if (iv) + memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, 0x10); + + if (keylen == AES_KEYSIZE_256) + keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(0); + else if (keylen == AES_KEYSIZE_192) + keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(2); + else + keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(4); + + memcpy_toio(keystart, key, keylen); +} + +static bool s5p_is_sg_aligned(struct scatterlist *sg) +{ + while (sg) { + if (!IS_ALIGNED(sg->length, AES_BLOCK_SIZE)) + return false; + sg = sg_next(sg); + } + + return true; +} + +static int s5p_set_indata_start(struct s5p_aes_dev *dev, + struct ablkcipher_request *req) +{ + struct scatterlist *sg; + int err; + + dev->sg_src_cpy = NULL; + sg = req->src; + if (!s5p_is_sg_aligned(sg)) { + dev_dbg(dev->dev, + "At least one unaligned source scatter list, making a copy\n"); + err = s5p_make_sg_cpy(dev, sg, &dev->sg_src_cpy); + if (err) + return err; + + sg = dev->sg_src_cpy; + } + + err = s5p_set_indata(dev, sg); + if (err) { + s5p_free_sg_cpy(dev, &dev->sg_src_cpy); + return err; + } + + return 0; +} + +static int s5p_set_outdata_start(struct s5p_aes_dev *dev, + struct ablkcipher_request *req) +{ + struct scatterlist *sg; + int err; + + dev->sg_dst_cpy = NULL; + sg = req->dst; + if (!s5p_is_sg_aligned(sg)) { + dev_dbg(dev->dev, + "At least one unaligned dest scatter list, making a copy\n"); + err = s5p_make_sg_cpy(dev, sg, &dev->sg_dst_cpy); + if (err) + return err; + + sg = dev->sg_dst_cpy; + } + + err = s5p_set_outdata(dev, sg); + if (err) { + s5p_free_sg_cpy(dev, &dev->sg_dst_cpy); + return err; + } + + return 0; +} + +static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) +{ + struct ablkcipher_request *req = dev->req; + uint32_t aes_control; + unsigned long flags; + int err; + + aes_control = SSS_AES_KEY_CHANGE_MODE; + if (mode & FLAGS_AES_DECRYPT) + aes_control |= SSS_AES_MODE_DECRYPT; + + if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) + aes_control |= SSS_AES_CHAIN_MODE_CBC; + else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) + aes_control |= SSS_AES_CHAIN_MODE_CTR; + + if (dev->ctx->keylen == AES_KEYSIZE_192) + aes_control |= SSS_AES_KEY_SIZE_192; + else if (dev->ctx->keylen == AES_KEYSIZE_256) + aes_control |= SSS_AES_KEY_SIZE_256; + + aes_control |= SSS_AES_FIFO_MODE; + + /* as a variant it is possible to use byte swapping on DMA side */ + aes_control |= SSS_AES_BYTESWAP_DI + | SSS_AES_BYTESWAP_DO + | SSS_AES_BYTESWAP_IV + | SSS_AES_BYTESWAP_KEY + | SSS_AES_BYTESWAP_CNT; + + spin_lock_irqsave(&dev->lock, flags); + + SSS_WRITE(dev, FCINTENCLR, + SSS_FCINTENCLR_BTDMAINTENCLR | SSS_FCINTENCLR_BRDMAINTENCLR); + SSS_WRITE(dev, FCFIFOCTRL, 0x00); + + err = s5p_set_indata_start(dev, req); + if (err) + goto indata_error; + + err = s5p_set_outdata_start(dev, req); + if (err) + goto outdata_error; + + SSS_AES_WRITE(dev, AES_CONTROL, aes_control); + s5p_set_aes(dev, dev->ctx->aes_key, req->info, dev->ctx->keylen); + + s5p_set_dma_indata(dev, dev->sg_src); + s5p_set_dma_outdata(dev, dev->sg_dst); + + SSS_WRITE(dev, FCINTENSET, + SSS_FCINTENSET_BTDMAINTENSET | SSS_FCINTENSET_BRDMAINTENSET); + + spin_unlock_irqrestore(&dev->lock, flags); + + return; + +outdata_error: + s5p_unset_indata(dev); indata_error: s5p_sg_done(dev); @@ -822,13 +2540,16 @@ static struct crypto_alg algs[] = { }, }; +bool use_hash; + static int s5p_aes_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; - int i, j, err = -ENODEV; + int aes_i, hash_i, hash_algs_size = 0, j, err = -ENODEV; struct samsung_aes_variant *variant; struct s5p_aes_dev *pdata; struct resource *res; + struct sss_hash_algs_info *hash_algs_i; if (s5p_dev) return -EEXIST; @@ -837,12 +2558,38 @@ static int s5p_aes_probe(struct platform_device *pdev) if (!pdata) return -ENOMEM; + variant = find_s5p_sss_version(pdev); + pdata->pdata = variant; + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); - pdata->ioaddr = devm_ioremap_resource(&pdev->dev, res); - if (IS_ERR(pdata->ioaddr)) - return PTR_ERR(pdata->ioaddr); + /* HACK: HASH and PRNG uses the same registers in secss, + * avoid overwrite each other. This will drop HASH when + * CONFIG_EXYNOS_RNG is enabled. + * We need larger size for HASH registers in secss, current + * describe only AES/DES + */ + if (variant == &exynos_aes_data) { + pdata->pdata->hash_algs_info = exynos_hash_algs_info; + pdata->pdata->hash_algs_size = + ARRAY_SIZE(exynos_hash_algs_info); +#ifndef CONFIG_CRYPTO_DEV_EXYNOS_RNG + res->end += 0x300; + use_hash = true; +#endif + } - variant = find_s5p_sss_version(pdev); + pdata->res = res; + pdata->ioaddr = devm_ioremap_resource(&pdev->dev, res); + if (IS_ERR(pdata->ioaddr)) { + if (!use_hash) + return PTR_ERR(pdata->ioaddr); + /* try AES without HASH */ + res->end -= 0x300; + use_hash = false; + pdata->ioaddr = devm_ioremap_resource(&pdev->dev, res); + if (IS_ERR(pdata->ioaddr)) + return PTR_ERR(pdata->ioaddr); + } pdata->clk = devm_clk_get(dev, "secss"); if (IS_ERR(pdata->clk)) { @@ -857,8 +2604,10 @@ static int s5p_aes_probe(struct platform_device *pdev) } spin_lock_init(&pdata->lock); + spin_lock_init(&pdata->hash_lock); pdata->aes_ioaddr = pdata->ioaddr + variant->aes_offset; + pdata->io_hash_base = pdata->ioaddr + variant->hash_offset; pdata->irq_fc = platform_get_irq(pdev, 0); if (pdata->irq_fc < 0) { @@ -877,27 +2626,69 @@ static int s5p_aes_probe(struct platform_device *pdev) pdata->busy = false; pdata->dev = dev; platform_set_drvdata(pdev, pdata); + s5p_dev = pdata; tasklet_init(&pdata->tasklet, s5p_tasklet_cb, (unsigned long)pdata); crypto_init_queue(&pdata->queue, CRYPTO_QUEUE_LEN); - for (i = 0; i < ARRAY_SIZE(algs); i++) { - err = crypto_register_alg(&algs[i]); - if (err) + tasklet_init(&pdata->hash_tasklet, s5p_hash_tasklet_cb, + (unsigned long)pdata); + crypto_init_queue(&pdata->hash_queue, SSS_HASH_QUEUE_LENGTH); + + for (aes_i = 0; aes_i < ARRAY_SIZE(algs); aes_i++) { + err = crypto_register_alg(&algs[aes_i]); + if (err) { + dev_err(dev, "can't register '%s': %d\n", + algs[aes_i].cra_name, err); goto err_algs; + } + } + + if (use_hash) + hash_algs_size = pdata->pdata->hash_algs_size; + + for (hash_i = 0; hash_i < hash_algs_size; hash_i++) { + hash_algs_i = pdata->pdata->hash_algs_info; + hash_algs_i[hash_i].registered = 0; + for (j = 0; j < hash_algs_i[hash_i].size; j++) { + struct ahash_alg *alg; + + alg = &(hash_algs_i[hash_i].algs_list[j]); + alg->export = s5p_hash_export; + alg->import = s5p_hash_import; + alg->halg.statesize = sizeof(struct s5p_hash_reqctx) + + BUFLEN; + err = crypto_register_ahash(alg); + if (err) { + dev_err(dev, "can't register '%s': %d\n", + alg->halg.base.cra_driver_name, err); + goto err_hash; + } + FLOW_LOG("alg registered: %s\n", + alg->halg.base.cra_driver_name); + + hash_algs_i[hash_i].registered++; + } } dev_info(dev, "s5p-sss driver registered\n"); return 0; +err_hash: + for (hash_i = hash_algs_size - 1; hash_i >= 0; hash_i--) + for (j = hash_algs_i[hash_i].registered - 1; + j >= 0; j--) + crypto_unregister_ahash( + &(hash_algs_i[hash_i].algs_list[j])); + err_algs: - dev_err(dev, "can't register '%s': %d\n", algs[i].cra_name, err); - for (j = 0; j < i; j++) + for (j = 0; j < aes_i; j++) crypto_unregister_alg(&algs[j]); + tasklet_kill(&pdata->hash_tasklet); tasklet_kill(&pdata->tasklet); err_irq: @@ -911,7 +2702,8 @@ static int s5p_aes_probe(struct platform_device *pdev) static int s5p_aes_remove(struct platform_device *pdev) { struct s5p_aes_dev *pdata = platform_get_drvdata(pdev); - int i; + struct sss_hash_algs_info *hash_algs_i; + int i, j; if (!pdata) return -ENODEV; @@ -919,9 +2711,20 @@ static int s5p_aes_remove(struct platform_device *pdev) for (i = 0; i < ARRAY_SIZE(algs); i++) crypto_unregister_alg(&algs[i]); + hash_algs_i = pdata->pdata->hash_algs_info; + for (i = pdata->pdata->hash_algs_size - 1; i >= 0; i--) + for (j = hash_algs_i[i].registered - 1; j >= 0; j--) + crypto_unregister_ahash( + &(hash_algs_i[i].algs_list[j])); + + tasklet_kill(&pdata->hash_tasklet); tasklet_kill(&pdata->tasklet); clk_disable_unprepare(pdata->clk); + if (use_hash) { + pdata->res->end -= 0x300; + use_hash = false; + } s5p_dev = NULL; @@ -942,3 +2745,4 @@ module_platform_driver(s5p_aes_crypto); MODULE_DESCRIPTION("S5PV210 AES hw acceleration support."); MODULE_LICENSE("GPL v2"); MODULE_AUTHOR("Vladimir Zapolskiy "); +MODULE_AUTHOR("Kamil Konieczny "); -- 2.14.1.536.g6867272d5b56