linux/drivers/crypto/mediatek/mtk-sha.c
Corentin LABBE 1127eea914 crypto: mediatek - Use IPAD/OPAD constant
This patch simply replace all occurrence of HMAC IPAD/OPAD value by their
define.

Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-05-23 12:52:09 +08:00

1360 lines
33 KiB
C

/*
* Cryptographic API.
*
* Driver for EIP97 SHA1/SHA2(HMAC) acceleration.
*
* Copyright (c) 2016 Ryder Lee <ryder.lee@mediatek.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Some ideas are from atmel-sha.c and omap-sham.c drivers.
*/
#include <crypto/hmac.h>
#include <crypto/sha.h>
#include "mtk-platform.h"
#define SHA_ALIGN_MSK (sizeof(u32) - 1)
#define SHA_QUEUE_SIZE 512
#define SHA_BUF_SIZE ((u32)PAGE_SIZE)
#define SHA_OP_UPDATE 1
#define SHA_OP_FINAL 2
#define SHA_DATA_LEN_MSK cpu_to_le32(GENMASK(16, 0))
#define SHA_MAX_DIGEST_BUF_SIZE 32
/* SHA command token */
#define SHA_CT_SIZE 5
#define SHA_CT_CTRL_HDR cpu_to_le32(0x02220000)
#define SHA_CMD0 cpu_to_le32(0x03020000)
#define SHA_CMD1 cpu_to_le32(0x21060000)
#define SHA_CMD2 cpu_to_le32(0xe0e63802)
/* SHA transform information */
#define SHA_TFM_HASH cpu_to_le32(0x2 << 0)
#define SHA_TFM_SIZE(x) cpu_to_le32((x) << 8)
#define SHA_TFM_START cpu_to_le32(0x1 << 4)
#define SHA_TFM_CONTINUE cpu_to_le32(0x1 << 5)
#define SHA_TFM_HASH_STORE cpu_to_le32(0x1 << 19)
#define SHA_TFM_SHA1 cpu_to_le32(0x2 << 23)
#define SHA_TFM_SHA256 cpu_to_le32(0x3 << 23)
#define SHA_TFM_SHA224 cpu_to_le32(0x4 << 23)
#define SHA_TFM_SHA512 cpu_to_le32(0x5 << 23)
#define SHA_TFM_SHA384 cpu_to_le32(0x6 << 23)
#define SHA_TFM_DIGEST(x) cpu_to_le32(((x) & GENMASK(3, 0)) << 24)
/* SHA flags */
#define SHA_FLAGS_BUSY BIT(0)
#define SHA_FLAGS_FINAL BIT(1)
#define SHA_FLAGS_FINUP BIT(2)
#define SHA_FLAGS_SG BIT(3)
#define SHA_FLAGS_ALGO_MSK GENMASK(8, 4)
#define SHA_FLAGS_SHA1 BIT(4)
#define SHA_FLAGS_SHA224 BIT(5)
#define SHA_FLAGS_SHA256 BIT(6)
#define SHA_FLAGS_SHA384 BIT(7)
#define SHA_FLAGS_SHA512 BIT(8)
#define SHA_FLAGS_HMAC BIT(9)
#define SHA_FLAGS_PAD BIT(10)
/**
* mtk_sha_info - hardware information of AES
* @cmd: command token, hardware instruction
* @tfm: transform state of cipher algorithm.
* @state: contains keys and initial vectors.
*
*/
struct mtk_sha_info {
__le32 ctrl[2];
__le32 cmd[3];
__le32 tfm[2];
__le32 digest[SHA_MAX_DIGEST_BUF_SIZE];
};
struct mtk_sha_reqctx {
struct mtk_sha_info info;
unsigned long flags;
unsigned long op;
u64 digcnt;
size_t bufcnt;
dma_addr_t dma_addr;
__le32 ct_hdr;
u32 ct_size;
dma_addr_t ct_dma;
dma_addr_t tfm_dma;
/* Walk state */
struct scatterlist *sg;
u32 offset; /* Offset in current sg */
u32 total; /* Total request */
size_t ds;
size_t bs;
u8 *buffer;
};
struct mtk_sha_hmac_ctx {
struct crypto_shash *shash;
u8 ipad[SHA512_BLOCK_SIZE] __aligned(sizeof(u32));
u8 opad[SHA512_BLOCK_SIZE] __aligned(sizeof(u32));
};
struct mtk_sha_ctx {
struct mtk_cryp *cryp;
unsigned long flags;
u8 id;
u8 buf[SHA_BUF_SIZE] __aligned(sizeof(u32));
struct mtk_sha_hmac_ctx base[0];
};
struct mtk_sha_drv {
struct list_head dev_list;
/* Device list lock */
spinlock_t lock;
};
static struct mtk_sha_drv mtk_sha = {
.dev_list = LIST_HEAD_INIT(mtk_sha.dev_list),
.lock = __SPIN_LOCK_UNLOCKED(mtk_sha.lock),
};
static int mtk_sha_handle_queue(struct mtk_cryp *cryp, u8 id,
struct ahash_request *req);
static inline u32 mtk_sha_read(struct mtk_cryp *cryp, u32 offset)
{
return readl_relaxed(cryp->base + offset);
}
static inline void mtk_sha_write(struct mtk_cryp *cryp,
u32 offset, u32 value)
{
writel_relaxed(value, cryp->base + offset);
}
static inline void mtk_sha_ring_shift(struct mtk_ring *ring,
struct mtk_desc **cmd_curr,
struct mtk_desc **res_curr,
int *count)
{
*cmd_curr = ring->cmd_next++;
*res_curr = ring->res_next++;
(*count)++;
if (ring->cmd_next == ring->cmd_base + MTK_DESC_NUM) {
ring->cmd_next = ring->cmd_base;
ring->res_next = ring->res_base;
}
}
static struct mtk_cryp *mtk_sha_find_dev(struct mtk_sha_ctx *tctx)
{
struct mtk_cryp *cryp = NULL;
struct mtk_cryp *tmp;
spin_lock_bh(&mtk_sha.lock);
if (!tctx->cryp) {
list_for_each_entry(tmp, &mtk_sha.dev_list, sha_list) {
cryp = tmp;
break;
}
tctx->cryp = cryp;
} else {
cryp = tctx->cryp;
}
/*
* Assign record id to tfm in round-robin fashion, and this
* will help tfm to bind to corresponding descriptor rings.
*/
tctx->id = cryp->rec;
cryp->rec = !cryp->rec;
spin_unlock_bh(&mtk_sha.lock);
return cryp;
}
static int mtk_sha_append_sg(struct mtk_sha_reqctx *ctx)
{
size_t count;
while ((ctx->bufcnt < SHA_BUF_SIZE) && ctx->total) {
count = min(ctx->sg->length - ctx->offset, ctx->total);
count = min(count, SHA_BUF_SIZE - ctx->bufcnt);
if (count <= 0) {
/*
* Check if count <= 0 because the buffer is full or
* because the sg length is 0. In the latest case,
* check if there is another sg in the list, a 0 length
* sg doesn't necessarily mean the end of the sg list.
*/
if ((ctx->sg->length == 0) && !sg_is_last(ctx->sg)) {
ctx->sg = sg_next(ctx->sg);
continue;
} else {
break;
}
}
scatterwalk_map_and_copy(ctx->buffer + ctx->bufcnt, ctx->sg,
ctx->offset, count, 0);
ctx->bufcnt += count;
ctx->offset += count;
ctx->total -= count;
if (ctx->offset == ctx->sg->length) {
ctx->sg = sg_next(ctx->sg);
if (ctx->sg)
ctx->offset = 0;
else
ctx->total = 0;
}
}
return 0;
}
/*
* The purpose of this padding is to ensure that the padded message is a
* multiple of 512 bits (SHA1/SHA224/SHA256) or 1024 bits (SHA384/SHA512).
* The bit "1" is appended at the end of the message followed by
* "padlen-1" zero bits. Then a 64 bits block (SHA1/SHA224/SHA256) or
* 128 bits block (SHA384/SHA512) equals to the message length in bits
* is appended.
*
* For SHA1/SHA224/SHA256, padlen is calculated as followed:
* - if message length < 56 bytes then padlen = 56 - message length
* - else padlen = 64 + 56 - message length
*
* For SHA384/SHA512, padlen is calculated as followed:
* - if message length < 112 bytes then padlen = 112 - message length
* - else padlen = 128 + 112 - message length
*/
static void mtk_sha_fill_padding(struct mtk_sha_reqctx *ctx, u32 len)
{
u32 index, padlen;
u64 bits[2];
u64 size = ctx->digcnt;
size += ctx->bufcnt;
size += len;
bits[1] = cpu_to_be64(size << 3);
bits[0] = cpu_to_be64(size >> 61);
switch (ctx->flags & SHA_FLAGS_ALGO_MSK) {
case SHA_FLAGS_SHA384:
case SHA_FLAGS_SHA512:
index = ctx->bufcnt & 0x7f;
padlen = (index < 112) ? (112 - index) : ((128 + 112) - index);
*(ctx->buffer + ctx->bufcnt) = 0x80;
memset(ctx->buffer + ctx->bufcnt + 1, 0, padlen - 1);
memcpy(ctx->buffer + ctx->bufcnt + padlen, bits, 16);
ctx->bufcnt += padlen + 16;
ctx->flags |= SHA_FLAGS_PAD;
break;
default:
index = ctx->bufcnt & 0x3f;
padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
*(ctx->buffer + ctx->bufcnt) = 0x80;
memset(ctx->buffer + ctx->bufcnt + 1, 0, padlen - 1);
memcpy(ctx->buffer + ctx->bufcnt + padlen, &bits[1], 8);
ctx->bufcnt += padlen + 8;
ctx->flags |= SHA_FLAGS_PAD;
break;
}
}
/* Initialize basic transform information of SHA */
static void mtk_sha_info_init(struct mtk_sha_reqctx *ctx)
{
struct mtk_sha_info *info = &ctx->info;
ctx->ct_hdr = SHA_CT_CTRL_HDR;
ctx->ct_size = SHA_CT_SIZE;
info->tfm[0] = SHA_TFM_HASH | SHA_TFM_SIZE(SIZE_IN_WORDS(ctx->ds));
switch (ctx->flags & SHA_FLAGS_ALGO_MSK) {
case SHA_FLAGS_SHA1:
info->tfm[0] |= SHA_TFM_SHA1;
break;
case SHA_FLAGS_SHA224:
info->tfm[0] |= SHA_TFM_SHA224;
break;
case SHA_FLAGS_SHA256:
info->tfm[0] |= SHA_TFM_SHA256;
break;
case SHA_FLAGS_SHA384:
info->tfm[0] |= SHA_TFM_SHA384;
break;
case SHA_FLAGS_SHA512:
info->tfm[0] |= SHA_TFM_SHA512;
break;
default:
/* Should not happen... */
return;
}
info->tfm[1] = SHA_TFM_HASH_STORE;
info->ctrl[0] = info->tfm[0] | SHA_TFM_CONTINUE | SHA_TFM_START;
info->ctrl[1] = info->tfm[1];
info->cmd[0] = SHA_CMD0;
info->cmd[1] = SHA_CMD1;
info->cmd[2] = SHA_CMD2 | SHA_TFM_DIGEST(SIZE_IN_WORDS(ctx->ds));
}
/*
* Update input data length field of transform information and
* map it to DMA region.
*/
static int mtk_sha_info_update(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha,
size_t len1, size_t len2)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(sha->req);
struct mtk_sha_info *info = &ctx->info;
ctx->ct_hdr &= ~SHA_DATA_LEN_MSK;
ctx->ct_hdr |= cpu_to_le32(len1 + len2);
info->cmd[0] &= ~SHA_DATA_LEN_MSK;
info->cmd[0] |= cpu_to_le32(len1 + len2);
/* Setting SHA_TFM_START only for the first iteration */
if (ctx->digcnt)
info->ctrl[0] &= ~SHA_TFM_START;
ctx->digcnt += len1;
ctx->ct_dma = dma_map_single(cryp->dev, info, sizeof(*info),
DMA_BIDIRECTIONAL);
if (unlikely(dma_mapping_error(cryp->dev, ctx->ct_dma))) {
dev_err(cryp->dev, "dma %zu bytes error\n", sizeof(*info));
return -EINVAL;
}
ctx->tfm_dma = ctx->ct_dma + sizeof(info->ctrl) + sizeof(info->cmd);
return 0;
}
/*
* Because of hardware limitation, we must pre-calculate the inner
* and outer digest that need to be processed firstly by engine, then
* apply the result digest to the input message. These complex hashing
* procedures limits HMAC performance, so we use fallback SW encoding.
*/
static int mtk_sha_finish_hmac(struct ahash_request *req)
{
struct mtk_sha_ctx *tctx = crypto_tfm_ctx(req->base.tfm);
struct mtk_sha_hmac_ctx *bctx = tctx->base;
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
SHASH_DESC_ON_STACK(shash, bctx->shash);
shash->tfm = bctx->shash;
shash->flags = 0; /* not CRYPTO_TFM_REQ_MAY_SLEEP */
return crypto_shash_init(shash) ?:
crypto_shash_update(shash, bctx->opad, ctx->bs) ?:
crypto_shash_finup(shash, req->result, ctx->ds, req->result);
}
/* Initialize request context */
static int mtk_sha_init(struct ahash_request *req)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct mtk_sha_ctx *tctx = crypto_ahash_ctx(tfm);
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
ctx->flags = 0;
ctx->ds = crypto_ahash_digestsize(tfm);
switch (ctx->ds) {
case SHA1_DIGEST_SIZE:
ctx->flags |= SHA_FLAGS_SHA1;
ctx->bs = SHA1_BLOCK_SIZE;
break;
case SHA224_DIGEST_SIZE:
ctx->flags |= SHA_FLAGS_SHA224;
ctx->bs = SHA224_BLOCK_SIZE;
break;
case SHA256_DIGEST_SIZE:
ctx->flags |= SHA_FLAGS_SHA256;
ctx->bs = SHA256_BLOCK_SIZE;
break;
case SHA384_DIGEST_SIZE:
ctx->flags |= SHA_FLAGS_SHA384;
ctx->bs = SHA384_BLOCK_SIZE;
break;
case SHA512_DIGEST_SIZE:
ctx->flags |= SHA_FLAGS_SHA512;
ctx->bs = SHA512_BLOCK_SIZE;
break;
default:
return -EINVAL;
}
ctx->bufcnt = 0;
ctx->digcnt = 0;
ctx->buffer = tctx->buf;
if (tctx->flags & SHA_FLAGS_HMAC) {
struct mtk_sha_hmac_ctx *bctx = tctx->base;
memcpy(ctx->buffer, bctx->ipad, ctx->bs);
ctx->bufcnt = ctx->bs;
ctx->flags |= SHA_FLAGS_HMAC;
}
return 0;
}
static int mtk_sha_xmit(struct mtk_cryp *cryp, struct mtk_sha_rec *sha,
dma_addr_t addr1, size_t len1,
dma_addr_t addr2, size_t len2)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(sha->req);
struct mtk_ring *ring = cryp->ring[sha->id];
struct mtk_desc *cmd, *res;
int err, count = 0;
err = mtk_sha_info_update(cryp, sha, len1, len2);
if (err)
return err;
/* Fill in the command/result descriptors */
mtk_sha_ring_shift(ring, &cmd, &res, &count);
res->hdr = MTK_DESC_FIRST | MTK_DESC_BUF_LEN(len1);
cmd->hdr = MTK_DESC_FIRST | MTK_DESC_BUF_LEN(len1) |
MTK_DESC_CT_LEN(ctx->ct_size);
cmd->buf = cpu_to_le32(addr1);
cmd->ct = cpu_to_le32(ctx->ct_dma);
cmd->ct_hdr = ctx->ct_hdr;
cmd->tfm = cpu_to_le32(ctx->tfm_dma);
if (len2) {
mtk_sha_ring_shift(ring, &cmd, &res, &count);
res->hdr = MTK_DESC_BUF_LEN(len2);
cmd->hdr = MTK_DESC_BUF_LEN(len2);
cmd->buf = cpu_to_le32(addr2);
}
cmd->hdr |= MTK_DESC_LAST;
res->hdr |= MTK_DESC_LAST;
/*
* Make sure that all changes to the DMA ring are done before we
* start engine.
*/
wmb();
/* Start DMA transfer */
mtk_sha_write(cryp, RDR_PREP_COUNT(sha->id), MTK_DESC_CNT(count));
mtk_sha_write(cryp, CDR_PREP_COUNT(sha->id), MTK_DESC_CNT(count));
return -EINPROGRESS;
}
static int mtk_sha_dma_map(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha,
struct mtk_sha_reqctx *ctx,
size_t count)
{
ctx->dma_addr = dma_map_single(cryp->dev, ctx->buffer,
SHA_BUF_SIZE, DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(cryp->dev, ctx->dma_addr))) {
dev_err(cryp->dev, "dma map error\n");
return -EINVAL;
}
ctx->flags &= ~SHA_FLAGS_SG;
return mtk_sha_xmit(cryp, sha, ctx->dma_addr, count, 0, 0);
}
static int mtk_sha_update_slow(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(sha->req);
size_t count;
u32 final;
mtk_sha_append_sg(ctx);
final = (ctx->flags & SHA_FLAGS_FINUP) && !ctx->total;
dev_dbg(cryp->dev, "slow: bufcnt: %zu\n", ctx->bufcnt);
if (final) {
sha->flags |= SHA_FLAGS_FINAL;
mtk_sha_fill_padding(ctx, 0);
}
if (final || (ctx->bufcnt == SHA_BUF_SIZE && ctx->total)) {
count = ctx->bufcnt;
ctx->bufcnt = 0;
return mtk_sha_dma_map(cryp, sha, ctx, count);
}
return 0;
}
static int mtk_sha_update_start(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(sha->req);
u32 len, final, tail;
struct scatterlist *sg;
if (!ctx->total)
return 0;
if (ctx->bufcnt || ctx->offset)
return mtk_sha_update_slow(cryp, sha);
sg = ctx->sg;
if (!IS_ALIGNED(sg->offset, sizeof(u32)))
return mtk_sha_update_slow(cryp, sha);
if (!sg_is_last(sg) && !IS_ALIGNED(sg->length, ctx->bs))
/* size is not ctx->bs aligned */
return mtk_sha_update_slow(cryp, sha);
len = min(ctx->total, sg->length);
if (sg_is_last(sg)) {
if (!(ctx->flags & SHA_FLAGS_FINUP)) {
/* not last sg must be ctx->bs aligned */
tail = len & (ctx->bs - 1);
len -= tail;
}
}
ctx->total -= len;
ctx->offset = len; /* offset where to start slow */
final = (ctx->flags & SHA_FLAGS_FINUP) && !ctx->total;
/* Add padding */
if (final) {
size_t count;
tail = len & (ctx->bs - 1);
len -= tail;
ctx->total += tail;
ctx->offset = len; /* offset where to start slow */
sg = ctx->sg;
mtk_sha_append_sg(ctx);
mtk_sha_fill_padding(ctx, len);
ctx->dma_addr = dma_map_single(cryp->dev, ctx->buffer,
SHA_BUF_SIZE, DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(cryp->dev, ctx->dma_addr))) {
dev_err(cryp->dev, "dma map bytes error\n");
return -EINVAL;
}
sha->flags |= SHA_FLAGS_FINAL;
count = ctx->bufcnt;
ctx->bufcnt = 0;
if (len == 0) {
ctx->flags &= ~SHA_FLAGS_SG;
return mtk_sha_xmit(cryp, sha, ctx->dma_addr,
count, 0, 0);
} else {
ctx->sg = sg;
if (!dma_map_sg(cryp->dev, ctx->sg, 1, DMA_TO_DEVICE)) {
dev_err(cryp->dev, "dma_map_sg error\n");
return -EINVAL;
}
ctx->flags |= SHA_FLAGS_SG;
return mtk_sha_xmit(cryp, sha, sg_dma_address(ctx->sg),
len, ctx->dma_addr, count);
}
}
if (!dma_map_sg(cryp->dev, ctx->sg, 1, DMA_TO_DEVICE)) {
dev_err(cryp->dev, "dma_map_sg error\n");
return -EINVAL;
}
ctx->flags |= SHA_FLAGS_SG;
return mtk_sha_xmit(cryp, sha, sg_dma_address(ctx->sg),
len, 0, 0);
}
static int mtk_sha_final_req(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(sha->req);
size_t count;
mtk_sha_fill_padding(ctx, 0);
sha->flags |= SHA_FLAGS_FINAL;
count = ctx->bufcnt;
ctx->bufcnt = 0;
return mtk_sha_dma_map(cryp, sha, ctx, count);
}
/* Copy ready hash (+ finalize hmac) */
static int mtk_sha_finish(struct ahash_request *req)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
__le32 *digest = ctx->info.digest;
u32 *result = (u32 *)req->result;
int i;
/* Get the hash from the digest buffer */
for (i = 0; i < SIZE_IN_WORDS(ctx->ds); i++)
result[i] = le32_to_cpu(digest[i]);
if (ctx->flags & SHA_FLAGS_HMAC)
return mtk_sha_finish_hmac(req);
return 0;
}
static void mtk_sha_finish_req(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha,
int err)
{
if (likely(!err && (SHA_FLAGS_FINAL & sha->flags)))
err = mtk_sha_finish(sha->req);
sha->flags &= ~(SHA_FLAGS_BUSY | SHA_FLAGS_FINAL);
sha->req->base.complete(&sha->req->base, err);
/* Handle new request */
tasklet_schedule(&sha->queue_task);
}
static int mtk_sha_handle_queue(struct mtk_cryp *cryp, u8 id,
struct ahash_request *req)
{
struct mtk_sha_rec *sha = cryp->sha[id];
struct crypto_async_request *async_req, *backlog;
struct mtk_sha_reqctx *ctx;
unsigned long flags;
int err = 0, ret = 0;
spin_lock_irqsave(&sha->lock, flags);
if (req)
ret = ahash_enqueue_request(&sha->queue, req);
if (SHA_FLAGS_BUSY & sha->flags) {
spin_unlock_irqrestore(&sha->lock, flags);
return ret;
}
backlog = crypto_get_backlog(&sha->queue);
async_req = crypto_dequeue_request(&sha->queue);
if (async_req)
sha->flags |= SHA_FLAGS_BUSY;
spin_unlock_irqrestore(&sha->lock, flags);
if (!async_req)
return ret;
if (backlog)
backlog->complete(backlog, -EINPROGRESS);
req = ahash_request_cast(async_req);
ctx = ahash_request_ctx(req);
sha->req = req;
mtk_sha_info_init(ctx);
if (ctx->op == SHA_OP_UPDATE) {
err = mtk_sha_update_start(cryp, sha);
if (err != -EINPROGRESS && (ctx->flags & SHA_FLAGS_FINUP))
/* No final() after finup() */
err = mtk_sha_final_req(cryp, sha);
} else if (ctx->op == SHA_OP_FINAL) {
err = mtk_sha_final_req(cryp, sha);
}
if (unlikely(err != -EINPROGRESS))
/* Task will not finish it, so do it here */
mtk_sha_finish_req(cryp, sha, err);
return ret;
}
static int mtk_sha_enqueue(struct ahash_request *req, u32 op)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
struct mtk_sha_ctx *tctx = crypto_tfm_ctx(req->base.tfm);
ctx->op = op;
return mtk_sha_handle_queue(tctx->cryp, tctx->id, req);
}
static void mtk_sha_unmap(struct mtk_cryp *cryp, struct mtk_sha_rec *sha)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(sha->req);
dma_unmap_single(cryp->dev, ctx->ct_dma, sizeof(ctx->info),
DMA_BIDIRECTIONAL);
if (ctx->flags & SHA_FLAGS_SG) {
dma_unmap_sg(cryp->dev, ctx->sg, 1, DMA_TO_DEVICE);
if (ctx->sg->length == ctx->offset) {
ctx->sg = sg_next(ctx->sg);
if (ctx->sg)
ctx->offset = 0;
}
if (ctx->flags & SHA_FLAGS_PAD) {
dma_unmap_single(cryp->dev, ctx->dma_addr,
SHA_BUF_SIZE, DMA_TO_DEVICE);
}
} else
dma_unmap_single(cryp->dev, ctx->dma_addr,
SHA_BUF_SIZE, DMA_TO_DEVICE);
}
static void mtk_sha_complete(struct mtk_cryp *cryp,
struct mtk_sha_rec *sha)
{
int err = 0;
err = mtk_sha_update_start(cryp, sha);
if (err != -EINPROGRESS)
mtk_sha_finish_req(cryp, sha, err);
}
static int mtk_sha_update(struct ahash_request *req)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
ctx->total = req->nbytes;
ctx->sg = req->src;
ctx->offset = 0;
if ((ctx->bufcnt + ctx->total < SHA_BUF_SIZE) &&
!(ctx->flags & SHA_FLAGS_FINUP))
return mtk_sha_append_sg(ctx);
return mtk_sha_enqueue(req, SHA_OP_UPDATE);
}
static int mtk_sha_final(struct ahash_request *req)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
ctx->flags |= SHA_FLAGS_FINUP;
if (ctx->flags & SHA_FLAGS_PAD)
return mtk_sha_finish(req);
return mtk_sha_enqueue(req, SHA_OP_FINAL);
}
static int mtk_sha_finup(struct ahash_request *req)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
int err1, err2;
ctx->flags |= SHA_FLAGS_FINUP;
err1 = mtk_sha_update(req);
if (err1 == -EINPROGRESS || err1 == -EBUSY)
return err1;
/*
* final() has to be always called to cleanup resources
* even if update() failed
*/
err2 = mtk_sha_final(req);
return err1 ?: err2;
}
static int mtk_sha_digest(struct ahash_request *req)
{
return mtk_sha_init(req) ?: mtk_sha_finup(req);
}
static int mtk_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
u32 keylen)
{
struct mtk_sha_ctx *tctx = crypto_ahash_ctx(tfm);
struct mtk_sha_hmac_ctx *bctx = tctx->base;
size_t bs = crypto_shash_blocksize(bctx->shash);
size_t ds = crypto_shash_digestsize(bctx->shash);
int err, i;
SHASH_DESC_ON_STACK(shash, bctx->shash);
shash->tfm = bctx->shash;
shash->flags = crypto_shash_get_flags(bctx->shash) &
CRYPTO_TFM_REQ_MAY_SLEEP;
if (keylen > bs) {
err = crypto_shash_digest(shash, key, keylen, bctx->ipad);
if (err)
return err;
keylen = ds;
} else {
memcpy(bctx->ipad, key, keylen);
}
memset(bctx->ipad + keylen, 0, bs - keylen);
memcpy(bctx->opad, bctx->ipad, bs);
for (i = 0; i < bs; i++) {
bctx->ipad[i] ^= HMAC_IPAD_VALUE;
bctx->opad[i] ^= HMAC_OPAD_VALUE;
}
return 0;
}
static int mtk_sha_export(struct ahash_request *req, void *out)
{
const struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
memcpy(out, ctx, sizeof(*ctx));
return 0;
}
static int mtk_sha_import(struct ahash_request *req, const void *in)
{
struct mtk_sha_reqctx *ctx = ahash_request_ctx(req);
memcpy(ctx, in, sizeof(*ctx));
return 0;
}
static int mtk_sha_cra_init_alg(struct crypto_tfm *tfm,
const char *alg_base)
{
struct mtk_sha_ctx *tctx = crypto_tfm_ctx(tfm);
struct mtk_cryp *cryp = NULL;
cryp = mtk_sha_find_dev(tctx);
if (!cryp)
return -ENODEV;
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
sizeof(struct mtk_sha_reqctx));
if (alg_base) {
struct mtk_sha_hmac_ctx *bctx = tctx->base;
tctx->flags |= SHA_FLAGS_HMAC;
bctx->shash = crypto_alloc_shash(alg_base, 0,
CRYPTO_ALG_NEED_FALLBACK);
if (IS_ERR(bctx->shash)) {
pr_err("base driver %s could not be loaded.\n",
alg_base);
return PTR_ERR(bctx->shash);
}
}
return 0;
}
static int mtk_sha_cra_init(struct crypto_tfm *tfm)
{
return mtk_sha_cra_init_alg(tfm, NULL);
}
static int mtk_sha_cra_sha1_init(struct crypto_tfm *tfm)
{
return mtk_sha_cra_init_alg(tfm, "sha1");
}
static int mtk_sha_cra_sha224_init(struct crypto_tfm *tfm)
{
return mtk_sha_cra_init_alg(tfm, "sha224");
}
static int mtk_sha_cra_sha256_init(struct crypto_tfm *tfm)
{
return mtk_sha_cra_init_alg(tfm, "sha256");
}
static int mtk_sha_cra_sha384_init(struct crypto_tfm *tfm)
{
return mtk_sha_cra_init_alg(tfm, "sha384");
}
static int mtk_sha_cra_sha512_init(struct crypto_tfm *tfm)
{
return mtk_sha_cra_init_alg(tfm, "sha512");
}
static void mtk_sha_cra_exit(struct crypto_tfm *tfm)
{
struct mtk_sha_ctx *tctx = crypto_tfm_ctx(tfm);
if (tctx->flags & SHA_FLAGS_HMAC) {
struct mtk_sha_hmac_ctx *bctx = tctx->base;
crypto_free_shash(bctx->shash);
}
}
static struct ahash_alg algs_sha1_sha224_sha256[] = {
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.halg.digestsize = SHA1_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "sha1",
.cra_driver_name = "mtk-sha1",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = SHA1_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.halg.digestsize = SHA224_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "sha224",
.cra_driver_name = "mtk-sha224",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = SHA224_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.halg.digestsize = SHA256_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "sha256",
.cra_driver_name = "mtk-sha256",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = SHA256_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.setkey = mtk_sha_setkey,
.halg.digestsize = SHA1_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "hmac(sha1)",
.cra_driver_name = "mtk-hmac-sha1",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK,
.cra_blocksize = SHA1_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx) +
sizeof(struct mtk_sha_hmac_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_sha1_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.setkey = mtk_sha_setkey,
.halg.digestsize = SHA224_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "hmac(sha224)",
.cra_driver_name = "mtk-hmac-sha224",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK,
.cra_blocksize = SHA224_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx) +
sizeof(struct mtk_sha_hmac_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_sha224_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.setkey = mtk_sha_setkey,
.halg.digestsize = SHA256_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "hmac(sha256)",
.cra_driver_name = "mtk-hmac-sha256",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK,
.cra_blocksize = SHA256_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx) +
sizeof(struct mtk_sha_hmac_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_sha256_init,
.cra_exit = mtk_sha_cra_exit,
}
},
};
static struct ahash_alg algs_sha384_sha512[] = {
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.halg.digestsize = SHA384_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "sha384",
.cra_driver_name = "mtk-sha384",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = SHA384_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.halg.digestsize = SHA512_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "sha512",
.cra_driver_name = "mtk-sha512",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = SHA512_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.setkey = mtk_sha_setkey,
.halg.digestsize = SHA384_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "hmac(sha384)",
.cra_driver_name = "mtk-hmac-sha384",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK,
.cra_blocksize = SHA384_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx) +
sizeof(struct mtk_sha_hmac_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_sha384_init,
.cra_exit = mtk_sha_cra_exit,
}
},
{
.init = mtk_sha_init,
.update = mtk_sha_update,
.final = mtk_sha_final,
.finup = mtk_sha_finup,
.digest = mtk_sha_digest,
.export = mtk_sha_export,
.import = mtk_sha_import,
.setkey = mtk_sha_setkey,
.halg.digestsize = SHA512_DIGEST_SIZE,
.halg.statesize = sizeof(struct mtk_sha_reqctx),
.halg.base = {
.cra_name = "hmac(sha512)",
.cra_driver_name = "mtk-hmac-sha512",
.cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK,
.cra_blocksize = SHA512_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct mtk_sha_ctx) +
sizeof(struct mtk_sha_hmac_ctx),
.cra_alignmask = SHA_ALIGN_MSK,
.cra_module = THIS_MODULE,
.cra_init = mtk_sha_cra_sha512_init,
.cra_exit = mtk_sha_cra_exit,
}
},
};
static void mtk_sha_queue_task(unsigned long data)
{
struct mtk_sha_rec *sha = (struct mtk_sha_rec *)data;
mtk_sha_handle_queue(sha->cryp, sha->id - MTK_RING2, NULL);
}
static void mtk_sha_done_task(unsigned long data)
{
struct mtk_sha_rec *sha = (struct mtk_sha_rec *)data;
struct mtk_cryp *cryp = sha->cryp;
mtk_sha_unmap(cryp, sha);
mtk_sha_complete(cryp, sha);
}
static irqreturn_t mtk_sha_irq(int irq, void *dev_id)
{
struct mtk_sha_rec *sha = (struct mtk_sha_rec *)dev_id;
struct mtk_cryp *cryp = sha->cryp;
u32 val = mtk_sha_read(cryp, RDR_STAT(sha->id));
mtk_sha_write(cryp, RDR_STAT(sha->id), val);
if (likely((SHA_FLAGS_BUSY & sha->flags))) {
mtk_sha_write(cryp, RDR_PROC_COUNT(sha->id), MTK_CNT_RST);
mtk_sha_write(cryp, RDR_THRESH(sha->id),
MTK_RDR_PROC_THRESH | MTK_RDR_PROC_MODE);
tasklet_schedule(&sha->done_task);
} else {
dev_warn(cryp->dev, "SHA interrupt when no active requests.\n");
}
return IRQ_HANDLED;
}
/*
* The purpose of two SHA records is used to get extra performance.
* It is similar to mtk_aes_record_init().
*/
static int mtk_sha_record_init(struct mtk_cryp *cryp)
{
struct mtk_sha_rec **sha = cryp->sha;
int i, err = -ENOMEM;
for (i = 0; i < MTK_REC_NUM; i++) {
sha[i] = kzalloc(sizeof(**sha), GFP_KERNEL);
if (!sha[i])
goto err_cleanup;
sha[i]->cryp = cryp;
spin_lock_init(&sha[i]->lock);
crypto_init_queue(&sha[i]->queue, SHA_QUEUE_SIZE);
tasklet_init(&sha[i]->queue_task, mtk_sha_queue_task,
(unsigned long)sha[i]);
tasklet_init(&sha[i]->done_task, mtk_sha_done_task,
(unsigned long)sha[i]);
}
/* Link to ring2 and ring3 respectively */
sha[0]->id = MTK_RING2;
sha[1]->id = MTK_RING3;
cryp->rec = 1;
return 0;
err_cleanup:
for (; i--; )
kfree(sha[i]);
return err;
}
static void mtk_sha_record_free(struct mtk_cryp *cryp)
{
int i;
for (i = 0; i < MTK_REC_NUM; i++) {
tasklet_kill(&cryp->sha[i]->done_task);
tasklet_kill(&cryp->sha[i]->queue_task);
kfree(cryp->sha[i]);
}
}
static void mtk_sha_unregister_algs(void)
{
int i;
for (i = 0; i < ARRAY_SIZE(algs_sha1_sha224_sha256); i++)
crypto_unregister_ahash(&algs_sha1_sha224_sha256[i]);
for (i = 0; i < ARRAY_SIZE(algs_sha384_sha512); i++)
crypto_unregister_ahash(&algs_sha384_sha512[i]);
}
static int mtk_sha_register_algs(void)
{
int err, i;
for (i = 0; i < ARRAY_SIZE(algs_sha1_sha224_sha256); i++) {
err = crypto_register_ahash(&algs_sha1_sha224_sha256[i]);
if (err)
goto err_sha_224_256_algs;
}
for (i = 0; i < ARRAY_SIZE(algs_sha384_sha512); i++) {
err = crypto_register_ahash(&algs_sha384_sha512[i]);
if (err)
goto err_sha_384_512_algs;
}
return 0;
err_sha_384_512_algs:
for (; i--; )
crypto_unregister_ahash(&algs_sha384_sha512[i]);
i = ARRAY_SIZE(algs_sha1_sha224_sha256);
err_sha_224_256_algs:
for (; i--; )
crypto_unregister_ahash(&algs_sha1_sha224_sha256[i]);
return err;
}
int mtk_hash_alg_register(struct mtk_cryp *cryp)
{
int err;
INIT_LIST_HEAD(&cryp->sha_list);
/* Initialize two hash records */
err = mtk_sha_record_init(cryp);
if (err)
goto err_record;
err = devm_request_irq(cryp->dev, cryp->irq[MTK_RING2], mtk_sha_irq,
0, "mtk-sha", cryp->sha[0]);
if (err) {
dev_err(cryp->dev, "unable to request sha irq0.\n");
goto err_res;
}
err = devm_request_irq(cryp->dev, cryp->irq[MTK_RING3], mtk_sha_irq,
0, "mtk-sha", cryp->sha[1]);
if (err) {
dev_err(cryp->dev, "unable to request sha irq1.\n");
goto err_res;
}
/* Enable ring2 and ring3 interrupt for hash */
mtk_sha_write(cryp, AIC_ENABLE_SET(MTK_RING2), MTK_IRQ_RDR2);
mtk_sha_write(cryp, AIC_ENABLE_SET(MTK_RING3), MTK_IRQ_RDR3);
spin_lock(&mtk_sha.lock);
list_add_tail(&cryp->sha_list, &mtk_sha.dev_list);
spin_unlock(&mtk_sha.lock);
err = mtk_sha_register_algs();
if (err)
goto err_algs;
return 0;
err_algs:
spin_lock(&mtk_sha.lock);
list_del(&cryp->sha_list);
spin_unlock(&mtk_sha.lock);
err_res:
mtk_sha_record_free(cryp);
err_record:
dev_err(cryp->dev, "mtk-sha initialization failed.\n");
return err;
}
void mtk_hash_alg_release(struct mtk_cryp *cryp)
{
spin_lock(&mtk_sha.lock);
list_del(&cryp->sha_list);
spin_unlock(&mtk_sha.lock);
mtk_sha_unregister_algs();
mtk_sha_record_free(cryp);
}