diff options
author | Kim Phillips <kim.phillips@freescale.com> | 2008-06-23 07:50:15 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2008-07-10 08:35:16 -0400 |
commit | 9c4a79653b35efc9d6790c295e22f79f4b361125 (patch) | |
tree | 8cc3f6f9b4663d0bc4a4a02ae1adbb12c88c4a6f /drivers/crypto/talitos.c | |
parent | d729de23e86bbbb28adf6c3ded3651ea4ad8c539 (diff) |
crypto: talitos - Freescale integrated security engine (SEC) driver
Add support for the SEC available on a wide range of PowerQUICC devices,
e.g. MPC8349E, MPC8548E.
This initial version supports authenc(hmac(sha1),cbc(aes)) for use with IPsec.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/talitos.c')
-rw-r--r-- | drivers/crypto/talitos.c | 1467 |
1 files changed, 1467 insertions, 0 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c new file mode 100644 index 000000000000..e12331296a00 --- /dev/null +++ b/drivers/crypto/talitos.c | |||
@@ -0,0 +1,1467 @@ | |||
1 | /* | ||
2 | * talitos - Freescale Integrated Security Engine (SEC) device driver | ||
3 | * | ||
4 | * Copyright (c) 2008 Freescale Semiconductor, Inc. | ||
5 | * | ||
6 | * Scatterlist Crypto API glue code copied from files with the following: | ||
7 | * Copyright (c) 2006-2007 Herbert Xu <herbert@gondor.apana.org.au> | ||
8 | * | ||
9 | * Crypto algorithm registration code copied from hifn driver: | ||
10 | * 2007+ Copyright (c) Evgeniy Polyakov <johnpol@2ka.mipt.ru> | ||
11 | * All rights reserved. | ||
12 | * | ||
13 | * This program is free software; you can redistribute it and/or modify | ||
14 | * it under the terms of the GNU General Public License as published by | ||
15 | * the Free Software Foundation; either version 2 of the License, or | ||
16 | * (at your option) any later version. | ||
17 | * | ||
18 | * This program is distributed in the hope that it will be useful, | ||
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
21 | * GNU General Public License for more details. | ||
22 | * | ||
23 | * You should have received a copy of the GNU General Public License | ||
24 | * along with this program; if not, write to the Free Software | ||
25 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
26 | */ | ||
27 | |||
28 | #include <linux/kernel.h> | ||
29 | #include <linux/module.h> | ||
30 | #include <linux/mod_devicetable.h> | ||
31 | #include <linux/device.h> | ||
32 | #include <linux/interrupt.h> | ||
33 | #include <linux/crypto.h> | ||
34 | #include <linux/hw_random.h> | ||
35 | #include <linux/of_platform.h> | ||
36 | #include <linux/dma-mapping.h> | ||
37 | #include <linux/io.h> | ||
38 | #include <linux/spinlock.h> | ||
39 | #include <linux/rtnetlink.h> | ||
40 | |||
41 | #include <crypto/algapi.h> | ||
42 | #include <crypto/aes.h> | ||
43 | #include <crypto/sha.h> | ||
44 | #include <crypto/aead.h> | ||
45 | #include <crypto/authenc.h> | ||
46 | |||
47 | #include "talitos.h" | ||
48 | |||
49 | #define TALITOS_TIMEOUT 100000 | ||
50 | #define TALITOS_MAX_DATA_LEN 65535 | ||
51 | |||
52 | #define DESC_TYPE(desc_hdr) ((be32_to_cpu(desc_hdr) >> 3) & 0x1f) | ||
53 | #define PRIMARY_EU(desc_hdr) ((be32_to_cpu(desc_hdr) >> 28) & 0xf) | ||
54 | #define SECONDARY_EU(desc_hdr) ((be32_to_cpu(desc_hdr) >> 16) & 0xf) | ||
55 | |||
56 | /* descriptor pointer entry */ | ||
57 | struct talitos_ptr { | ||
58 | __be16 len; /* length */ | ||
59 | u8 j_extent; /* jump to sg link table and/or extent */ | ||
60 | u8 eptr; /* extended address */ | ||
61 | __be32 ptr; /* address */ | ||
62 | }; | ||
63 | |||
64 | /* descriptor */ | ||
65 | struct talitos_desc { | ||
66 | __be32 hdr; /* header high bits */ | ||
67 | __be32 hdr_lo; /* header low bits */ | ||
68 | struct talitos_ptr ptr[7]; /* ptr/len pair array */ | ||
69 | }; | ||
70 | |||
71 | /** | ||
72 | * talitos_request - descriptor submission request | ||
73 | * @desc: descriptor pointer (kernel virtual) | ||
74 | * @dma_desc: descriptor's physical bus address | ||
75 | * @callback: whom to call when descriptor processing is done | ||
76 | * @context: caller context (optional) | ||
77 | */ | ||
78 | struct talitos_request { | ||
79 | struct talitos_desc *desc; | ||
80 | dma_addr_t dma_desc; | ||
81 | void (*callback) (struct device *dev, struct talitos_desc *desc, | ||
82 | void *context, int error); | ||
83 | void *context; | ||
84 | }; | ||
85 | |||
86 | struct talitos_private { | ||
87 | struct device *dev; | ||
88 | struct of_device *ofdev; | ||
89 | void __iomem *reg; | ||
90 | int irq; | ||
91 | |||
92 | /* SEC version geometry (from device tree node) */ | ||
93 | unsigned int num_channels; | ||
94 | unsigned int chfifo_len; | ||
95 | unsigned int exec_units; | ||
96 | unsigned int desc_types; | ||
97 | |||
98 | /* next channel to be assigned next incoming descriptor */ | ||
99 | atomic_t last_chan; | ||
100 | |||
101 | /* per-channel request fifo */ | ||
102 | struct talitos_request **fifo; | ||
103 | |||
104 | /* | ||
105 | * length of the request fifo | ||
106 | * fifo_len is chfifo_len rounded up to next power of 2 | ||
107 | * so we can use bitwise ops to wrap | ||
108 | */ | ||
109 | unsigned int fifo_len; | ||
110 | |||
111 | /* per-channel index to next free descriptor request */ | ||
112 | int *head; | ||
113 | |||
114 | /* per-channel index to next in-progress/done descriptor request */ | ||
115 | int *tail; | ||
116 | |||
117 | /* per-channel request submission (head) and release (tail) locks */ | ||
118 | spinlock_t *head_lock; | ||
119 | spinlock_t *tail_lock; | ||
120 | |||
121 | /* request callback tasklet */ | ||
122 | struct tasklet_struct done_task; | ||
123 | struct tasklet_struct error_task; | ||
124 | |||
125 | /* list of registered algorithms */ | ||
126 | struct list_head alg_list; | ||
127 | |||
128 | /* hwrng device */ | ||
129 | struct hwrng rng; | ||
130 | }; | ||
131 | |||
132 | /* | ||
133 | * map virtual single (contiguous) pointer to h/w descriptor pointer | ||
134 | */ | ||
135 | static void map_single_talitos_ptr(struct device *dev, | ||
136 | struct talitos_ptr *talitos_ptr, | ||
137 | unsigned short len, void *data, | ||
138 | unsigned char extent, | ||
139 | enum dma_data_direction dir) | ||
140 | { | ||
141 | talitos_ptr->len = cpu_to_be16(len); | ||
142 | talitos_ptr->ptr = cpu_to_be32(dma_map_single(dev, data, len, dir)); | ||
143 | talitos_ptr->j_extent = extent; | ||
144 | } | ||
145 | |||
146 | /* | ||
147 | * unmap bus single (contiguous) h/w descriptor pointer | ||
148 | */ | ||
149 | static void unmap_single_talitos_ptr(struct device *dev, | ||
150 | struct talitos_ptr *talitos_ptr, | ||
151 | enum dma_data_direction dir) | ||
152 | { | ||
153 | dma_unmap_single(dev, be32_to_cpu(talitos_ptr->ptr), | ||
154 | be16_to_cpu(talitos_ptr->len), dir); | ||
155 | } | ||
156 | |||
157 | static int reset_channel(struct device *dev, int ch) | ||
158 | { | ||
159 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
160 | unsigned int timeout = TALITOS_TIMEOUT; | ||
161 | |||
162 | setbits32(priv->reg + TALITOS_CCCR(ch), TALITOS_CCCR_RESET); | ||
163 | |||
164 | while ((in_be32(priv->reg + TALITOS_CCCR(ch)) & TALITOS_CCCR_RESET) | ||
165 | && --timeout) | ||
166 | cpu_relax(); | ||
167 | |||
168 | if (timeout == 0) { | ||
169 | dev_err(dev, "failed to reset channel %d\n", ch); | ||
170 | return -EIO; | ||
171 | } | ||
172 | |||
173 | /* set done writeback and IRQ */ | ||
174 | setbits32(priv->reg + TALITOS_CCCR_LO(ch), TALITOS_CCCR_LO_CDWE | | ||
175 | TALITOS_CCCR_LO_CDIE); | ||
176 | |||
177 | return 0; | ||
178 | } | ||
179 | |||
180 | static int reset_device(struct device *dev) | ||
181 | { | ||
182 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
183 | unsigned int timeout = TALITOS_TIMEOUT; | ||
184 | |||
185 | setbits32(priv->reg + TALITOS_MCR, TALITOS_MCR_SWR); | ||
186 | |||
187 | while ((in_be32(priv->reg + TALITOS_MCR) & TALITOS_MCR_SWR) | ||
188 | && --timeout) | ||
189 | cpu_relax(); | ||
190 | |||
191 | if (timeout == 0) { | ||
192 | dev_err(dev, "failed to reset device\n"); | ||
193 | return -EIO; | ||
194 | } | ||
195 | |||
196 | return 0; | ||
197 | } | ||
198 | |||
199 | /* | ||
200 | * Reset and initialize the device | ||
201 | */ | ||
202 | static int init_device(struct device *dev) | ||
203 | { | ||
204 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
205 | int ch, err; | ||
206 | |||
207 | /* | ||
208 | * Master reset | ||
209 | * errata documentation: warning: certain SEC interrupts | ||
210 | * are not fully cleared by writing the MCR:SWR bit, | ||
211 | * set bit twice to completely reset | ||
212 | */ | ||
213 | err = reset_device(dev); | ||
214 | if (err) | ||
215 | return err; | ||
216 | |||
217 | err = reset_device(dev); | ||
218 | if (err) | ||
219 | return err; | ||
220 | |||
221 | /* reset channels */ | ||
222 | for (ch = 0; ch < priv->num_channels; ch++) { | ||
223 | err = reset_channel(dev, ch); | ||
224 | if (err) | ||
225 | return err; | ||
226 | } | ||
227 | |||
228 | /* enable channel done and error interrupts */ | ||
229 | setbits32(priv->reg + TALITOS_IMR, TALITOS_IMR_INIT); | ||
230 | setbits32(priv->reg + TALITOS_IMR_LO, TALITOS_IMR_LO_INIT); | ||
231 | |||
232 | return 0; | ||
233 | } | ||
234 | |||
235 | /** | ||
236 | * talitos_submit - submits a descriptor to the device for processing | ||
237 | * @dev: the SEC device to be used | ||
238 | * @desc: the descriptor to be processed by the device | ||
239 | * @callback: whom to call when processing is complete | ||
240 | * @context: a handle for use by caller (optional) | ||
241 | * | ||
242 | * desc must contain valid dma-mapped (bus physical) address pointers. | ||
243 | * callback must check err and feedback in descriptor header | ||
244 | * for device processing status. | ||
245 | */ | ||
246 | static int talitos_submit(struct device *dev, struct talitos_desc *desc, | ||
247 | void (*callback)(struct device *dev, | ||
248 | struct talitos_desc *desc, | ||
249 | void *context, int error), | ||
250 | void *context) | ||
251 | { | ||
252 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
253 | struct talitos_request *request; | ||
254 | unsigned long flags, ch; | ||
255 | int head; | ||
256 | |||
257 | /* select done notification */ | ||
258 | desc->hdr |= DESC_HDR_DONE_NOTIFY; | ||
259 | |||
260 | /* emulate SEC's round-robin channel fifo polling scheme */ | ||
261 | ch = atomic_inc_return(&priv->last_chan) & (priv->num_channels - 1); | ||
262 | |||
263 | spin_lock_irqsave(&priv->head_lock[ch], flags); | ||
264 | |||
265 | head = priv->head[ch]; | ||
266 | request = &priv->fifo[ch][head]; | ||
267 | |||
268 | if (request->desc) { | ||
269 | /* request queue is full */ | ||
270 | spin_unlock_irqrestore(&priv->head_lock[ch], flags); | ||
271 | return -EAGAIN; | ||
272 | } | ||
273 | |||
274 | /* map descriptor and save caller data */ | ||
275 | request->dma_desc = dma_map_single(dev, desc, sizeof(*desc), | ||
276 | DMA_BIDIRECTIONAL); | ||
277 | request->callback = callback; | ||
278 | request->context = context; | ||
279 | |||
280 | /* increment fifo head */ | ||
281 | priv->head[ch] = (priv->head[ch] + 1) & (priv->fifo_len - 1); | ||
282 | |||
283 | smp_wmb(); | ||
284 | request->desc = desc; | ||
285 | |||
286 | /* GO! */ | ||
287 | wmb(); | ||
288 | out_be32(priv->reg + TALITOS_FF_LO(ch), request->dma_desc); | ||
289 | |||
290 | spin_unlock_irqrestore(&priv->head_lock[ch], flags); | ||
291 | |||
292 | return -EINPROGRESS; | ||
293 | } | ||
294 | |||
295 | /* | ||
296 | * process what was done, notify callback of error if not | ||
297 | */ | ||
298 | static void flush_channel(struct device *dev, int ch, int error, int reset_ch) | ||
299 | { | ||
300 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
301 | struct talitos_request *request, saved_req; | ||
302 | unsigned long flags; | ||
303 | int tail, status; | ||
304 | |||
305 | spin_lock_irqsave(&priv->tail_lock[ch], flags); | ||
306 | |||
307 | tail = priv->tail[ch]; | ||
308 | while (priv->fifo[ch][tail].desc) { | ||
309 | request = &priv->fifo[ch][tail]; | ||
310 | |||
311 | /* descriptors with their done bits set don't get the error */ | ||
312 | rmb(); | ||
313 | if ((request->desc->hdr & DESC_HDR_DONE) == DESC_HDR_DONE) | ||
314 | status = 0; | ||
315 | else | ||
316 | if (!error) | ||
317 | break; | ||
318 | else | ||
319 | status = error; | ||
320 | |||
321 | dma_unmap_single(dev, request->dma_desc, | ||
322 | sizeof(struct talitos_desc), DMA_BIDIRECTIONAL); | ||
323 | |||
324 | /* copy entries so we can call callback outside lock */ | ||
325 | saved_req.desc = request->desc; | ||
326 | saved_req.callback = request->callback; | ||
327 | saved_req.context = request->context; | ||
328 | |||
329 | /* release request entry in fifo */ | ||
330 | smp_wmb(); | ||
331 | request->desc = NULL; | ||
332 | |||
333 | /* increment fifo tail */ | ||
334 | priv->tail[ch] = (tail + 1) & (priv->fifo_len - 1); | ||
335 | |||
336 | spin_unlock_irqrestore(&priv->tail_lock[ch], flags); | ||
337 | saved_req.callback(dev, saved_req.desc, saved_req.context, | ||
338 | status); | ||
339 | /* channel may resume processing in single desc error case */ | ||
340 | if (error && !reset_ch && status == error) | ||
341 | return; | ||
342 | spin_lock_irqsave(&priv->tail_lock[ch], flags); | ||
343 | tail = priv->tail[ch]; | ||
344 | } | ||
345 | |||
346 | spin_unlock_irqrestore(&priv->tail_lock[ch], flags); | ||
347 | } | ||
348 | |||
349 | /* | ||
350 | * process completed requests for channels that have done status | ||
351 | */ | ||
352 | static void talitos_done(unsigned long data) | ||
353 | { | ||
354 | struct device *dev = (struct device *)data; | ||
355 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
356 | int ch; | ||
357 | |||
358 | for (ch = 0; ch < priv->num_channels; ch++) | ||
359 | flush_channel(dev, ch, 0, 0); | ||
360 | } | ||
361 | |||
362 | /* | ||
363 | * locate current (offending) descriptor | ||
364 | */ | ||
365 | static struct talitos_desc *current_desc(struct device *dev, int ch) | ||
366 | { | ||
367 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
368 | int tail = priv->tail[ch]; | ||
369 | dma_addr_t cur_desc; | ||
370 | |||
371 | cur_desc = in_be32(priv->reg + TALITOS_CDPR_LO(ch)); | ||
372 | |||
373 | while (priv->fifo[ch][tail].dma_desc != cur_desc) { | ||
374 | tail = (tail + 1) & (priv->fifo_len - 1); | ||
375 | if (tail == priv->tail[ch]) { | ||
376 | dev_err(dev, "couldn't locate current descriptor\n"); | ||
377 | return NULL; | ||
378 | } | ||
379 | } | ||
380 | |||
381 | return priv->fifo[ch][tail].desc; | ||
382 | } | ||
383 | |||
384 | /* | ||
385 | * user diagnostics; report root cause of error based on execution unit status | ||
386 | */ | ||
387 | static void report_eu_error(struct device *dev, int ch, struct talitos_desc *desc) | ||
388 | { | ||
389 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
390 | int i; | ||
391 | |||
392 | switch (desc->hdr & DESC_HDR_SEL0_MASK) { | ||
393 | case DESC_HDR_SEL0_AFEU: | ||
394 | dev_err(dev, "AFEUISR 0x%08x_%08x\n", | ||
395 | in_be32(priv->reg + TALITOS_AFEUISR), | ||
396 | in_be32(priv->reg + TALITOS_AFEUISR_LO)); | ||
397 | break; | ||
398 | case DESC_HDR_SEL0_DEU: | ||
399 | dev_err(dev, "DEUISR 0x%08x_%08x\n", | ||
400 | in_be32(priv->reg + TALITOS_DEUISR), | ||
401 | in_be32(priv->reg + TALITOS_DEUISR_LO)); | ||
402 | break; | ||
403 | case DESC_HDR_SEL0_MDEUA: | ||
404 | case DESC_HDR_SEL0_MDEUB: | ||
405 | dev_err(dev, "MDEUISR 0x%08x_%08x\n", | ||
406 | in_be32(priv->reg + TALITOS_MDEUISR), | ||
407 | in_be32(priv->reg + TALITOS_MDEUISR_LO)); | ||
408 | break; | ||
409 | case DESC_HDR_SEL0_RNG: | ||
410 | dev_err(dev, "RNGUISR 0x%08x_%08x\n", | ||
411 | in_be32(priv->reg + TALITOS_RNGUISR), | ||
412 | in_be32(priv->reg + TALITOS_RNGUISR_LO)); | ||
413 | break; | ||
414 | case DESC_HDR_SEL0_PKEU: | ||
415 | dev_err(dev, "PKEUISR 0x%08x_%08x\n", | ||
416 | in_be32(priv->reg + TALITOS_PKEUISR), | ||
417 | in_be32(priv->reg + TALITOS_PKEUISR_LO)); | ||
418 | break; | ||
419 | case DESC_HDR_SEL0_AESU: | ||
420 | dev_err(dev, "AESUISR 0x%08x_%08x\n", | ||
421 | in_be32(priv->reg + TALITOS_AESUISR), | ||
422 | in_be32(priv->reg + TALITOS_AESUISR_LO)); | ||
423 | break; | ||
424 | case DESC_HDR_SEL0_CRCU: | ||
425 | dev_err(dev, "CRCUISR 0x%08x_%08x\n", | ||
426 | in_be32(priv->reg + TALITOS_CRCUISR), | ||
427 | in_be32(priv->reg + TALITOS_CRCUISR_LO)); | ||
428 | break; | ||
429 | case DESC_HDR_SEL0_KEU: | ||
430 | dev_err(dev, "KEUISR 0x%08x_%08x\n", | ||
431 | in_be32(priv->reg + TALITOS_KEUISR), | ||
432 | in_be32(priv->reg + TALITOS_KEUISR_LO)); | ||
433 | break; | ||
434 | } | ||
435 | |||
436 | switch (desc->hdr & DESC_HDR_SEL1_MASK) { | ||
437 | case DESC_HDR_SEL1_MDEUA: | ||
438 | case DESC_HDR_SEL1_MDEUB: | ||
439 | dev_err(dev, "MDEUISR 0x%08x_%08x\n", | ||
440 | in_be32(priv->reg + TALITOS_MDEUISR), | ||
441 | in_be32(priv->reg + TALITOS_MDEUISR_LO)); | ||
442 | break; | ||
443 | case DESC_HDR_SEL1_CRCU: | ||
444 | dev_err(dev, "CRCUISR 0x%08x_%08x\n", | ||
445 | in_be32(priv->reg + TALITOS_CRCUISR), | ||
446 | in_be32(priv->reg + TALITOS_CRCUISR_LO)); | ||
447 | break; | ||
448 | } | ||
449 | |||
450 | for (i = 0; i < 8; i++) | ||
451 | dev_err(dev, "DESCBUF 0x%08x_%08x\n", | ||
452 | in_be32(priv->reg + TALITOS_DESCBUF(ch) + 8*i), | ||
453 | in_be32(priv->reg + TALITOS_DESCBUF_LO(ch) + 8*i)); | ||
454 | } | ||
455 | |||
456 | /* | ||
457 | * recover from error interrupts | ||
458 | */ | ||
459 | static void talitos_error(unsigned long data) | ||
460 | { | ||
461 | struct device *dev = (struct device *)data; | ||
462 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
463 | unsigned int timeout = TALITOS_TIMEOUT; | ||
464 | int ch, error, reset_dev = 0, reset_ch = 0; | ||
465 | u32 isr, isr_lo, v, v_lo; | ||
466 | |||
467 | isr = in_be32(priv->reg + TALITOS_ISR); | ||
468 | isr_lo = in_be32(priv->reg + TALITOS_ISR_LO); | ||
469 | |||
470 | for (ch = 0; ch < priv->num_channels; ch++) { | ||
471 | /* skip channels without errors */ | ||
472 | if (!(isr & (1 << (ch * 2 + 1)))) | ||
473 | continue; | ||
474 | |||
475 | error = -EINVAL; | ||
476 | |||
477 | v = in_be32(priv->reg + TALITOS_CCPSR(ch)); | ||
478 | v_lo = in_be32(priv->reg + TALITOS_CCPSR_LO(ch)); | ||
479 | |||
480 | if (v_lo & TALITOS_CCPSR_LO_DOF) { | ||
481 | dev_err(dev, "double fetch fifo overflow error\n"); | ||
482 | error = -EAGAIN; | ||
483 | reset_ch = 1; | ||
484 | } | ||
485 | if (v_lo & TALITOS_CCPSR_LO_SOF) { | ||
486 | /* h/w dropped descriptor */ | ||
487 | dev_err(dev, "single fetch fifo overflow error\n"); | ||
488 | error = -EAGAIN; | ||
489 | } | ||
490 | if (v_lo & TALITOS_CCPSR_LO_MDTE) | ||
491 | dev_err(dev, "master data transfer error\n"); | ||
492 | if (v_lo & TALITOS_CCPSR_LO_SGDLZ) | ||
493 | dev_err(dev, "s/g data length zero error\n"); | ||
494 | if (v_lo & TALITOS_CCPSR_LO_FPZ) | ||
495 | dev_err(dev, "fetch pointer zero error\n"); | ||
496 | if (v_lo & TALITOS_CCPSR_LO_IDH) | ||
497 | dev_err(dev, "illegal descriptor header error\n"); | ||
498 | if (v_lo & TALITOS_CCPSR_LO_IEU) | ||
499 | dev_err(dev, "invalid execution unit error\n"); | ||
500 | if (v_lo & TALITOS_CCPSR_LO_EU) | ||
501 | report_eu_error(dev, ch, current_desc(dev, ch)); | ||
502 | if (v_lo & TALITOS_CCPSR_LO_GB) | ||
503 | dev_err(dev, "gather boundary error\n"); | ||
504 | if (v_lo & TALITOS_CCPSR_LO_GRL) | ||
505 | dev_err(dev, "gather return/length error\n"); | ||
506 | if (v_lo & TALITOS_CCPSR_LO_SB) | ||
507 | dev_err(dev, "scatter boundary error\n"); | ||
508 | if (v_lo & TALITOS_CCPSR_LO_SRL) | ||
509 | dev_err(dev, "scatter return/length error\n"); | ||
510 | |||
511 | flush_channel(dev, ch, error, reset_ch); | ||
512 | |||
513 | if (reset_ch) { | ||
514 | reset_channel(dev, ch); | ||
515 | } else { | ||
516 | setbits32(priv->reg + TALITOS_CCCR(ch), | ||
517 | TALITOS_CCCR_CONT); | ||
518 | setbits32(priv->reg + TALITOS_CCCR_LO(ch), 0); | ||
519 | while ((in_be32(priv->reg + TALITOS_CCCR(ch)) & | ||
520 | TALITOS_CCCR_CONT) && --timeout) | ||
521 | cpu_relax(); | ||
522 | if (timeout == 0) { | ||
523 | dev_err(dev, "failed to restart channel %d\n", | ||
524 | ch); | ||
525 | reset_dev = 1; | ||
526 | } | ||
527 | } | ||
528 | } | ||
529 | if (reset_dev || isr & ~TALITOS_ISR_CHERR || isr_lo) { | ||
530 | dev_err(dev, "done overflow, internal time out, or rngu error: " | ||
531 | "ISR 0x%08x_%08x\n", isr, isr_lo); | ||
532 | |||
533 | /* purge request queues */ | ||
534 | for (ch = 0; ch < priv->num_channels; ch++) | ||
535 | flush_channel(dev, ch, -EIO, 1); | ||
536 | |||
537 | /* reset and reinitialize the device */ | ||
538 | init_device(dev); | ||
539 | } | ||
540 | } | ||
541 | |||
542 | static irqreturn_t talitos_interrupt(int irq, void *data) | ||
543 | { | ||
544 | struct device *dev = data; | ||
545 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
546 | u32 isr, isr_lo; | ||
547 | |||
548 | isr = in_be32(priv->reg + TALITOS_ISR); | ||
549 | isr_lo = in_be32(priv->reg + TALITOS_ISR_LO); | ||
550 | |||
551 | /* ack */ | ||
552 | out_be32(priv->reg + TALITOS_ICR, isr); | ||
553 | out_be32(priv->reg + TALITOS_ICR_LO, isr_lo); | ||
554 | |||
555 | if (unlikely((isr & ~TALITOS_ISR_CHDONE) || isr_lo)) | ||
556 | talitos_error((unsigned long)data); | ||
557 | else | ||
558 | if (likely(isr & TALITOS_ISR_CHDONE)) | ||
559 | tasklet_schedule(&priv->done_task); | ||
560 | |||
561 | return (isr || isr_lo) ? IRQ_HANDLED : IRQ_NONE; | ||
562 | } | ||
563 | |||
564 | /* | ||
565 | * hwrng | ||
566 | */ | ||
567 | static int talitos_rng_data_present(struct hwrng *rng, int wait) | ||
568 | { | ||
569 | struct device *dev = (struct device *)rng->priv; | ||
570 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
571 | u32 ofl; | ||
572 | int i; | ||
573 | |||
574 | for (i = 0; i < 20; i++) { | ||
575 | ofl = in_be32(priv->reg + TALITOS_RNGUSR_LO) & | ||
576 | TALITOS_RNGUSR_LO_OFL; | ||
577 | if (ofl || !wait) | ||
578 | break; | ||
579 | udelay(10); | ||
580 | } | ||
581 | |||
582 | return !!ofl; | ||
583 | } | ||
584 | |||
585 | static int talitos_rng_data_read(struct hwrng *rng, u32 *data) | ||
586 | { | ||
587 | struct device *dev = (struct device *)rng->priv; | ||
588 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
589 | |||
590 | /* rng fifo requires 64-bit accesses */ | ||
591 | *data = in_be32(priv->reg + TALITOS_RNGU_FIFO); | ||
592 | *data = in_be32(priv->reg + TALITOS_RNGU_FIFO_LO); | ||
593 | |||
594 | return sizeof(u32); | ||
595 | } | ||
596 | |||
597 | static int talitos_rng_init(struct hwrng *rng) | ||
598 | { | ||
599 | struct device *dev = (struct device *)rng->priv; | ||
600 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
601 | unsigned int timeout = TALITOS_TIMEOUT; | ||
602 | |||
603 | setbits32(priv->reg + TALITOS_RNGURCR_LO, TALITOS_RNGURCR_LO_SR); | ||
604 | while (!(in_be32(priv->reg + TALITOS_RNGUSR_LO) & TALITOS_RNGUSR_LO_RD) | ||
605 | && --timeout) | ||
606 | cpu_relax(); | ||
607 | if (timeout == 0) { | ||
608 | dev_err(dev, "failed to reset rng hw\n"); | ||
609 | return -ENODEV; | ||
610 | } | ||
611 | |||
612 | /* start generating */ | ||
613 | setbits32(priv->reg + TALITOS_RNGUDSR_LO, 0); | ||
614 | |||
615 | return 0; | ||
616 | } | ||
617 | |||
618 | static int talitos_register_rng(struct device *dev) | ||
619 | { | ||
620 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
621 | |||
622 | priv->rng.name = dev_driver_string(dev), | ||
623 | priv->rng.init = talitos_rng_init, | ||
624 | priv->rng.data_present = talitos_rng_data_present, | ||
625 | priv->rng.data_read = talitos_rng_data_read, | ||
626 | priv->rng.priv = (unsigned long)dev; | ||
627 | |||
628 | return hwrng_register(&priv->rng); | ||
629 | } | ||
630 | |||
631 | static void talitos_unregister_rng(struct device *dev) | ||
632 | { | ||
633 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
634 | |||
635 | hwrng_unregister(&priv->rng); | ||
636 | } | ||
637 | |||
638 | /* | ||
639 | * crypto alg | ||
640 | */ | ||
641 | #define TALITOS_CRA_PRIORITY 3000 | ||
642 | #define TALITOS_MAX_KEY_SIZE 64 | ||
643 | #define TALITOS_MAX_AUTH_SIZE 20 | ||
644 | #define TALITOS_AES_MIN_BLOCK_SIZE 16 | ||
645 | #define TALITOS_AES_IV_LENGTH 16 | ||
646 | |||
647 | struct talitos_ctx { | ||
648 | struct device *dev; | ||
649 | __be32 desc_hdr_template; | ||
650 | u8 key[TALITOS_MAX_KEY_SIZE]; | ||
651 | u8 iv[TALITOS_AES_IV_LENGTH]; | ||
652 | unsigned int keylen; | ||
653 | unsigned int enckeylen; | ||
654 | unsigned int authkeylen; | ||
655 | unsigned int authsize; | ||
656 | }; | ||
657 | |||
658 | static int aes_cbc_sha1_hmac_authenc_setauthsize(struct crypto_aead *authenc, | ||
659 | unsigned int authsize) | ||
660 | { | ||
661 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
662 | |||
663 | ctx->authsize = authsize; | ||
664 | |||
665 | return 0; | ||
666 | } | ||
667 | |||
668 | static int aes_cbc_sha1_hmac_authenc_setkey(struct crypto_aead *authenc, | ||
669 | const u8 *key, unsigned int keylen) | ||
670 | { | ||
671 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
672 | struct rtattr *rta = (void *)key; | ||
673 | struct crypto_authenc_key_param *param; | ||
674 | unsigned int authkeylen; | ||
675 | unsigned int enckeylen; | ||
676 | |||
677 | if (!RTA_OK(rta, keylen)) | ||
678 | goto badkey; | ||
679 | |||
680 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) | ||
681 | goto badkey; | ||
682 | |||
683 | if (RTA_PAYLOAD(rta) < sizeof(*param)) | ||
684 | goto badkey; | ||
685 | |||
686 | param = RTA_DATA(rta); | ||
687 | enckeylen = be32_to_cpu(param->enckeylen); | ||
688 | |||
689 | key += RTA_ALIGN(rta->rta_len); | ||
690 | keylen -= RTA_ALIGN(rta->rta_len); | ||
691 | |||
692 | if (keylen < enckeylen) | ||
693 | goto badkey; | ||
694 | |||
695 | authkeylen = keylen - enckeylen; | ||
696 | |||
697 | if (keylen > TALITOS_MAX_KEY_SIZE) | ||
698 | goto badkey; | ||
699 | |||
700 | memcpy(&ctx->key, key, keylen); | ||
701 | |||
702 | ctx->keylen = keylen; | ||
703 | ctx->enckeylen = enckeylen; | ||
704 | ctx->authkeylen = authkeylen; | ||
705 | |||
706 | return 0; | ||
707 | |||
708 | badkey: | ||
709 | crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); | ||
710 | return -EINVAL; | ||
711 | } | ||
712 | |||
713 | /* | ||
714 | * ipsec_esp_edesc - s/w-extended ipsec_esp descriptor | ||
715 | * @src_nents: number of segments in input scatterlist | ||
716 | * @dst_nents: number of segments in output scatterlist | ||
717 | * @dma_len: length of dma mapped link_tbl space | ||
718 | * @dma_link_tbl: bus physical address of link_tbl | ||
719 | * @desc: h/w descriptor | ||
720 | * @link_tbl: input and output h/w link tables (if {src,dst}_nents > 1) | ||
721 | * | ||
722 | * if decrypting (with authcheck), or either one of src_nents or dst_nents | ||
723 | * is greater than 1, an integrity check value is concatenated to the end | ||
724 | * of link_tbl data | ||
725 | */ | ||
726 | struct ipsec_esp_edesc { | ||
727 | int src_nents; | ||
728 | int dst_nents; | ||
729 | int dma_len; | ||
730 | dma_addr_t dma_link_tbl; | ||
731 | struct talitos_desc desc; | ||
732 | struct talitos_ptr link_tbl[0]; | ||
733 | }; | ||
734 | |||
735 | static void ipsec_esp_unmap(struct device *dev, | ||
736 | struct ipsec_esp_edesc *edesc, | ||
737 | struct aead_request *areq) | ||
738 | { | ||
739 | unmap_single_talitos_ptr(dev, &edesc->desc.ptr[6], DMA_FROM_DEVICE); | ||
740 | unmap_single_talitos_ptr(dev, &edesc->desc.ptr[3], DMA_TO_DEVICE); | ||
741 | unmap_single_talitos_ptr(dev, &edesc->desc.ptr[2], DMA_TO_DEVICE); | ||
742 | unmap_single_talitos_ptr(dev, &edesc->desc.ptr[0], DMA_TO_DEVICE); | ||
743 | |||
744 | dma_unmap_sg(dev, areq->assoc, 1, DMA_TO_DEVICE); | ||
745 | |||
746 | if (areq->src != areq->dst) { | ||
747 | dma_unmap_sg(dev, areq->src, edesc->src_nents ? : 1, | ||
748 | DMA_TO_DEVICE); | ||
749 | dma_unmap_sg(dev, areq->dst, edesc->dst_nents ? : 1, | ||
750 | DMA_FROM_DEVICE); | ||
751 | } else { | ||
752 | dma_unmap_sg(dev, areq->src, edesc->src_nents ? : 1, | ||
753 | DMA_BIDIRECTIONAL); | ||
754 | } | ||
755 | |||
756 | if (edesc->dma_len) | ||
757 | dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len, | ||
758 | DMA_BIDIRECTIONAL); | ||
759 | } | ||
760 | |||
761 | /* | ||
762 | * ipsec_esp descriptor callbacks | ||
763 | */ | ||
764 | static void ipsec_esp_encrypt_done(struct device *dev, | ||
765 | struct talitos_desc *desc, void *context, | ||
766 | int err) | ||
767 | { | ||
768 | struct aead_request *areq = context; | ||
769 | struct ipsec_esp_edesc *edesc = | ||
770 | container_of(desc, struct ipsec_esp_edesc, desc); | ||
771 | struct crypto_aead *authenc = crypto_aead_reqtfm(areq); | ||
772 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
773 | struct scatterlist *sg; | ||
774 | void *icvdata; | ||
775 | |||
776 | ipsec_esp_unmap(dev, edesc, areq); | ||
777 | |||
778 | /* copy the generated ICV to dst */ | ||
779 | if (edesc->dma_len) { | ||
780 | icvdata = &edesc->link_tbl[edesc->src_nents + | ||
781 | edesc->dst_nents + 1]; | ||
782 | sg = sg_last(areq->dst, edesc->dst_nents); | ||
783 | memcpy((char *)sg_virt(sg) + sg->length - ctx->authsize, | ||
784 | icvdata, ctx->authsize); | ||
785 | } | ||
786 | |||
787 | kfree(edesc); | ||
788 | |||
789 | aead_request_complete(areq, err); | ||
790 | } | ||
791 | |||
792 | static void ipsec_esp_decrypt_done(struct device *dev, | ||
793 | struct talitos_desc *desc, void *context, | ||
794 | int err) | ||
795 | { | ||
796 | struct aead_request *req = context; | ||
797 | struct ipsec_esp_edesc *edesc = | ||
798 | container_of(desc, struct ipsec_esp_edesc, desc); | ||
799 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
800 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
801 | struct scatterlist *sg; | ||
802 | void *icvdata; | ||
803 | |||
804 | ipsec_esp_unmap(dev, edesc, req); | ||
805 | |||
806 | if (!err) { | ||
807 | /* auth check */ | ||
808 | if (edesc->dma_len) | ||
809 | icvdata = &edesc->link_tbl[edesc->src_nents + | ||
810 | edesc->dst_nents + 1]; | ||
811 | else | ||
812 | icvdata = &edesc->link_tbl[0]; | ||
813 | |||
814 | sg = sg_last(req->dst, edesc->dst_nents ? : 1); | ||
815 | err = memcmp(icvdata, (char *)sg_virt(sg) + sg->length - | ||
816 | ctx->authsize, ctx->authsize) ? -EBADMSG : 0; | ||
817 | } | ||
818 | |||
819 | kfree(edesc); | ||
820 | |||
821 | aead_request_complete(req, err); | ||
822 | } | ||
823 | |||
824 | /* | ||
825 | * convert scatterlist to SEC h/w link table format | ||
826 | * stop at cryptlen bytes | ||
827 | */ | ||
828 | static void sg_to_link_tbl(struct scatterlist *sg, int sg_count, | ||
829 | int cryptlen, struct talitos_ptr *link_tbl_ptr) | ||
830 | { | ||
831 | while (cryptlen > 0) { | ||
832 | link_tbl_ptr->ptr = cpu_to_be32(sg_dma_address(sg)); | ||
833 | link_tbl_ptr->len = cpu_to_be16(sg_dma_len(sg)); | ||
834 | link_tbl_ptr->j_extent = 0; | ||
835 | link_tbl_ptr++; | ||
836 | cryptlen -= sg_dma_len(sg); | ||
837 | sg = sg_next(sg); | ||
838 | } | ||
839 | |||
840 | /* adjust (decrease) last entry's len to cryptlen */ | ||
841 | link_tbl_ptr--; | ||
842 | link_tbl_ptr->len = cpu_to_be16(be16_to_cpu(link_tbl_ptr->len) | ||
843 | + cryptlen); | ||
844 | |||
845 | /* tag end of link table */ | ||
846 | link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN; | ||
847 | } | ||
848 | |||
849 | /* | ||
850 | * fill in and submit ipsec_esp descriptor | ||
851 | */ | ||
852 | static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq, | ||
853 | u8 *giv, u64 seq, | ||
854 | void (*callback) (struct device *dev, | ||
855 | struct talitos_desc *desc, | ||
856 | void *context, int error)) | ||
857 | { | ||
858 | struct crypto_aead *aead = crypto_aead_reqtfm(areq); | ||
859 | struct talitos_ctx *ctx = crypto_aead_ctx(aead); | ||
860 | struct device *dev = ctx->dev; | ||
861 | struct talitos_desc *desc = &edesc->desc; | ||
862 | unsigned int cryptlen = areq->cryptlen; | ||
863 | unsigned int authsize = ctx->authsize; | ||
864 | unsigned int ivsize; | ||
865 | int sg_count; | ||
866 | |||
867 | /* hmac key */ | ||
868 | map_single_talitos_ptr(dev, &desc->ptr[0], ctx->authkeylen, &ctx->key, | ||
869 | 0, DMA_TO_DEVICE); | ||
870 | /* hmac data */ | ||
871 | map_single_talitos_ptr(dev, &desc->ptr[1], sg_virt(areq->src) - | ||
872 | sg_virt(areq->assoc), sg_virt(areq->assoc), 0, | ||
873 | DMA_TO_DEVICE); | ||
874 | /* cipher iv */ | ||
875 | ivsize = crypto_aead_ivsize(aead); | ||
876 | map_single_talitos_ptr(dev, &desc->ptr[2], ivsize, giv ?: areq->iv, 0, | ||
877 | DMA_TO_DEVICE); | ||
878 | |||
879 | /* cipher key */ | ||
880 | map_single_talitos_ptr(dev, &desc->ptr[3], ctx->enckeylen, | ||
881 | (char *)&ctx->key + ctx->authkeylen, 0, | ||
882 | DMA_TO_DEVICE); | ||
883 | |||
884 | /* | ||
885 | * cipher in | ||
886 | * map and adjust cipher len to aead request cryptlen. | ||
887 | * extent is bytes of HMAC postpended to ciphertext, | ||
888 | * typically 12 for ipsec | ||
889 | */ | ||
890 | desc->ptr[4].len = cpu_to_be16(cryptlen); | ||
891 | desc->ptr[4].j_extent = authsize; | ||
892 | |||
893 | if (areq->src == areq->dst) | ||
894 | sg_count = dma_map_sg(dev, areq->src, edesc->src_nents ? : 1, | ||
895 | DMA_BIDIRECTIONAL); | ||
896 | else | ||
897 | sg_count = dma_map_sg(dev, areq->src, edesc->src_nents ? : 1, | ||
898 | DMA_TO_DEVICE); | ||
899 | |||
900 | if (sg_count == 1) { | ||
901 | desc->ptr[4].ptr = cpu_to_be32(sg_dma_address(areq->src)); | ||
902 | } else { | ||
903 | sg_to_link_tbl(areq->src, sg_count, cryptlen, | ||
904 | &edesc->link_tbl[0]); | ||
905 | desc->ptr[4].j_extent |= DESC_PTR_LNKTBL_JUMP; | ||
906 | desc->ptr[4].ptr = cpu_to_be32(edesc->dma_link_tbl); | ||
907 | dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl, | ||
908 | edesc->dma_len, DMA_BIDIRECTIONAL); | ||
909 | } | ||
910 | |||
911 | /* cipher out */ | ||
912 | desc->ptr[5].len = cpu_to_be16(cryptlen); | ||
913 | desc->ptr[5].j_extent = authsize; | ||
914 | |||
915 | if (areq->src != areq->dst) { | ||
916 | sg_count = dma_map_sg(dev, areq->dst, edesc->dst_nents ? : 1, | ||
917 | DMA_FROM_DEVICE); | ||
918 | } | ||
919 | |||
920 | if (sg_count == 1) { | ||
921 | desc->ptr[5].ptr = cpu_to_be32(sg_dma_address(areq->dst)); | ||
922 | } else { | ||
923 | struct talitos_ptr *link_tbl_ptr = | ||
924 | &edesc->link_tbl[edesc->src_nents]; | ||
925 | struct scatterlist *sg; | ||
926 | |||
927 | desc->ptr[5].ptr = cpu_to_be32((struct talitos_ptr *) | ||
928 | edesc->dma_link_tbl + | ||
929 | edesc->src_nents); | ||
930 | if (areq->src == areq->dst) { | ||
931 | memcpy(link_tbl_ptr, &edesc->link_tbl[0], | ||
932 | edesc->src_nents * sizeof(struct talitos_ptr)); | ||
933 | } else { | ||
934 | sg_to_link_tbl(areq->dst, sg_count, cryptlen, | ||
935 | link_tbl_ptr); | ||
936 | } | ||
937 | link_tbl_ptr += sg_count - 1; | ||
938 | |||
939 | /* handle case where sg_last contains the ICV exclusively */ | ||
940 | sg = sg_last(areq->dst, edesc->dst_nents); | ||
941 | if (sg->length == ctx->authsize) | ||
942 | link_tbl_ptr--; | ||
943 | |||
944 | link_tbl_ptr->j_extent = 0; | ||
945 | link_tbl_ptr++; | ||
946 | link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN; | ||
947 | link_tbl_ptr->len = cpu_to_be16(authsize); | ||
948 | |||
949 | /* icv data follows link tables */ | ||
950 | link_tbl_ptr->ptr = cpu_to_be32((struct talitos_ptr *) | ||
951 | edesc->dma_link_tbl + | ||
952 | edesc->src_nents + | ||
953 | edesc->dst_nents + 1); | ||
954 | |||
955 | desc->ptr[5].j_extent |= DESC_PTR_LNKTBL_JUMP; | ||
956 | dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl, | ||
957 | edesc->dma_len, DMA_BIDIRECTIONAL); | ||
958 | } | ||
959 | |||
960 | /* iv out */ | ||
961 | map_single_talitos_ptr(dev, &desc->ptr[6], ivsize, ctx->iv, 0, | ||
962 | DMA_FROM_DEVICE); | ||
963 | |||
964 | return talitos_submit(dev, desc, callback, areq); | ||
965 | } | ||
966 | |||
967 | |||
968 | /* | ||
969 | * derive number of elements in scatterlist | ||
970 | */ | ||
971 | static int sg_count(struct scatterlist *sg_list, int nbytes) | ||
972 | { | ||
973 | struct scatterlist *sg = sg_list; | ||
974 | int sg_nents = 0; | ||
975 | |||
976 | while (nbytes) { | ||
977 | sg_nents++; | ||
978 | nbytes -= sg->length; | ||
979 | sg = sg_next(sg); | ||
980 | } | ||
981 | |||
982 | return sg_nents; | ||
983 | } | ||
984 | |||
985 | /* | ||
986 | * allocate and map the ipsec_esp extended descriptor | ||
987 | */ | ||
988 | static struct ipsec_esp_edesc *ipsec_esp_edesc_alloc(struct aead_request *areq, | ||
989 | int icv_stashing) | ||
990 | { | ||
991 | struct crypto_aead *authenc = crypto_aead_reqtfm(areq); | ||
992 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
993 | struct ipsec_esp_edesc *edesc; | ||
994 | int src_nents, dst_nents, alloc_len, dma_len; | ||
995 | |||
996 | if (areq->cryptlen + ctx->authsize > TALITOS_MAX_DATA_LEN) { | ||
997 | dev_err(ctx->dev, "cryptlen exceeds h/w max limit\n"); | ||
998 | return ERR_PTR(-EINVAL); | ||
999 | } | ||
1000 | |||
1001 | src_nents = sg_count(areq->src, areq->cryptlen + ctx->authsize); | ||
1002 | src_nents = (src_nents == 1) ? 0 : src_nents; | ||
1003 | |||
1004 | if (areq->dst == areq->src) { | ||
1005 | dst_nents = src_nents; | ||
1006 | } else { | ||
1007 | dst_nents = sg_count(areq->dst, areq->cryptlen + ctx->authsize); | ||
1008 | dst_nents = (dst_nents == 1) ? 0 : src_nents; | ||
1009 | } | ||
1010 | |||
1011 | /* | ||
1012 | * allocate space for base edesc plus the link tables, | ||
1013 | * allowing for a separate entry for the generated ICV (+ 1), | ||
1014 | * and the ICV data itself | ||
1015 | */ | ||
1016 | alloc_len = sizeof(struct ipsec_esp_edesc); | ||
1017 | if (src_nents || dst_nents) { | ||
1018 | dma_len = (src_nents + dst_nents + 1) * | ||
1019 | sizeof(struct talitos_ptr) + ctx->authsize; | ||
1020 | alloc_len += dma_len; | ||
1021 | } else { | ||
1022 | dma_len = 0; | ||
1023 | alloc_len += icv_stashing ? ctx->authsize : 0; | ||
1024 | } | ||
1025 | |||
1026 | edesc = kmalloc(alloc_len, GFP_DMA); | ||
1027 | if (!edesc) { | ||
1028 | dev_err(ctx->dev, "could not allocate edescriptor\n"); | ||
1029 | return ERR_PTR(-ENOMEM); | ||
1030 | } | ||
1031 | |||
1032 | edesc->src_nents = src_nents; | ||
1033 | edesc->dst_nents = dst_nents; | ||
1034 | edesc->dma_len = dma_len; | ||
1035 | edesc->dma_link_tbl = dma_map_single(ctx->dev, &edesc->link_tbl[0], | ||
1036 | edesc->dma_len, DMA_BIDIRECTIONAL); | ||
1037 | |||
1038 | return edesc; | ||
1039 | } | ||
1040 | |||
1041 | static int aes_cbc_sha1_hmac_authenc_encrypt(struct aead_request *req) | ||
1042 | { | ||
1043 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
1044 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
1045 | struct ipsec_esp_edesc *edesc; | ||
1046 | |||
1047 | /* allocate extended descriptor */ | ||
1048 | edesc = ipsec_esp_edesc_alloc(req, 0); | ||
1049 | if (IS_ERR(edesc)) | ||
1050 | return PTR_ERR(edesc); | ||
1051 | |||
1052 | /* set encrypt */ | ||
1053 | edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC; | ||
1054 | |||
1055 | return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_encrypt_done); | ||
1056 | } | ||
1057 | |||
1058 | static int aes_cbc_sha1_hmac_authenc_decrypt(struct aead_request *req) | ||
1059 | { | ||
1060 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
1061 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
1062 | unsigned int authsize = ctx->authsize; | ||
1063 | struct ipsec_esp_edesc *edesc; | ||
1064 | struct scatterlist *sg; | ||
1065 | void *icvdata; | ||
1066 | |||
1067 | req->cryptlen -= authsize; | ||
1068 | |||
1069 | /* allocate extended descriptor */ | ||
1070 | edesc = ipsec_esp_edesc_alloc(req, 1); | ||
1071 | if (IS_ERR(edesc)) | ||
1072 | return PTR_ERR(edesc); | ||
1073 | |||
1074 | /* stash incoming ICV for later cmp with ICV generated by the h/w */ | ||
1075 | if (edesc->dma_len) | ||
1076 | icvdata = &edesc->link_tbl[edesc->src_nents + | ||
1077 | edesc->dst_nents + 1]; | ||
1078 | else | ||
1079 | icvdata = &edesc->link_tbl[0]; | ||
1080 | |||
1081 | sg = sg_last(req->src, edesc->src_nents ? : 1); | ||
1082 | |||
1083 | memcpy(icvdata, (char *)sg_virt(sg) + sg->length - ctx->authsize, | ||
1084 | ctx->authsize); | ||
1085 | |||
1086 | /* decrypt */ | ||
1087 | edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_DIR_INBOUND; | ||
1088 | |||
1089 | return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_decrypt_done); | ||
1090 | } | ||
1091 | |||
1092 | static int aes_cbc_sha1_hmac_authenc_givencrypt( | ||
1093 | struct aead_givcrypt_request *req) | ||
1094 | { | ||
1095 | struct aead_request *areq = &req->areq; | ||
1096 | struct crypto_aead *authenc = crypto_aead_reqtfm(areq); | ||
1097 | struct talitos_ctx *ctx = crypto_aead_ctx(authenc); | ||
1098 | struct ipsec_esp_edesc *edesc; | ||
1099 | |||
1100 | /* allocate extended descriptor */ | ||
1101 | edesc = ipsec_esp_edesc_alloc(areq, 0); | ||
1102 | if (IS_ERR(edesc)) | ||
1103 | return PTR_ERR(edesc); | ||
1104 | |||
1105 | /* set encrypt */ | ||
1106 | edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC; | ||
1107 | |||
1108 | memcpy(req->giv, ctx->iv, crypto_aead_ivsize(authenc)); | ||
1109 | |||
1110 | return ipsec_esp(edesc, areq, req->giv, req->seq, | ||
1111 | ipsec_esp_encrypt_done); | ||
1112 | } | ||
1113 | |||
1114 | struct talitos_alg_template { | ||
1115 | char name[CRYPTO_MAX_ALG_NAME]; | ||
1116 | char driver_name[CRYPTO_MAX_ALG_NAME]; | ||
1117 | unsigned int blocksize; | ||
1118 | struct aead_alg aead; | ||
1119 | struct device *dev; | ||
1120 | __be32 desc_hdr_template; | ||
1121 | }; | ||
1122 | |||
1123 | static struct talitos_alg_template driver_algs[] = { | ||
1124 | /* single-pass ipsec_esp descriptor */ | ||
1125 | { | ||
1126 | .name = "authenc(hmac(sha1),cbc(aes))", | ||
1127 | .driver_name = "authenc(hmac(sha1-talitos),cbc(aes-talitos))", | ||
1128 | .blocksize = TALITOS_AES_MIN_BLOCK_SIZE, | ||
1129 | .aead = { | ||
1130 | .setkey = aes_cbc_sha1_hmac_authenc_setkey, | ||
1131 | .setauthsize = aes_cbc_sha1_hmac_authenc_setauthsize, | ||
1132 | .encrypt = aes_cbc_sha1_hmac_authenc_encrypt, | ||
1133 | .decrypt = aes_cbc_sha1_hmac_authenc_decrypt, | ||
1134 | .givencrypt = aes_cbc_sha1_hmac_authenc_givencrypt, | ||
1135 | .geniv = "<built-in>", | ||
1136 | .ivsize = TALITOS_AES_IV_LENGTH, | ||
1137 | .maxauthsize = TALITOS_MAX_AUTH_SIZE, | ||
1138 | }, | ||
1139 | .desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP | | ||
1140 | DESC_HDR_SEL0_AESU | | ||
1141 | DESC_HDR_MODE0_AESU_CBC | | ||
1142 | DESC_HDR_SEL1_MDEUA | | ||
1143 | DESC_HDR_MODE1_MDEU_INIT | | ||
1144 | DESC_HDR_MODE1_MDEU_PAD | | ||
1145 | DESC_HDR_MODE1_MDEU_SHA1_HMAC, | ||
1146 | } | ||
1147 | }; | ||
1148 | |||
1149 | struct talitos_crypto_alg { | ||
1150 | struct list_head entry; | ||
1151 | struct device *dev; | ||
1152 | __be32 desc_hdr_template; | ||
1153 | struct crypto_alg crypto_alg; | ||
1154 | }; | ||
1155 | |||
1156 | static int talitos_cra_init(struct crypto_tfm *tfm) | ||
1157 | { | ||
1158 | struct crypto_alg *alg = tfm->__crt_alg; | ||
1159 | struct talitos_crypto_alg *talitos_alg = | ||
1160 | container_of(alg, struct talitos_crypto_alg, crypto_alg); | ||
1161 | struct talitos_ctx *ctx = crypto_tfm_ctx(tfm); | ||
1162 | |||
1163 | /* update context with ptr to dev */ | ||
1164 | ctx->dev = talitos_alg->dev; | ||
1165 | /* copy descriptor header template value */ | ||
1166 | ctx->desc_hdr_template = talitos_alg->desc_hdr_template; | ||
1167 | |||
1168 | /* random first IV */ | ||
1169 | get_random_bytes(ctx->iv, TALITOS_AES_IV_LENGTH); | ||
1170 | |||
1171 | return 0; | ||
1172 | } | ||
1173 | |||
1174 | /* | ||
1175 | * given the alg's descriptor header template, determine whether descriptor | ||
1176 | * type and primary/secondary execution units required match the hw | ||
1177 | * capabilities description provided in the device tree node. | ||
1178 | */ | ||
1179 | static int hw_supports(struct device *dev, __be32 desc_hdr_template) | ||
1180 | { | ||
1181 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
1182 | int ret; | ||
1183 | |||
1184 | ret = (1 << DESC_TYPE(desc_hdr_template) & priv->desc_types) && | ||
1185 | (1 << PRIMARY_EU(desc_hdr_template) & priv->exec_units); | ||
1186 | |||
1187 | if (SECONDARY_EU(desc_hdr_template)) | ||
1188 | ret = ret && (1 << SECONDARY_EU(desc_hdr_template) | ||
1189 | & priv->exec_units); | ||
1190 | |||
1191 | return ret; | ||
1192 | } | ||
1193 | |||
1194 | static int __devexit talitos_remove(struct of_device *ofdev) | ||
1195 | { | ||
1196 | struct device *dev = &ofdev->dev; | ||
1197 | struct talitos_private *priv = dev_get_drvdata(dev); | ||
1198 | struct talitos_crypto_alg *t_alg, *n; | ||
1199 | int i; | ||
1200 | |||
1201 | list_for_each_entry_safe(t_alg, n, &priv->alg_list, entry) { | ||
1202 | crypto_unregister_alg(&t_alg->crypto_alg); | ||
1203 | list_del(&t_alg->entry); | ||
1204 | kfree(t_alg); | ||
1205 | } | ||
1206 | |||
1207 | if (hw_supports(dev, DESC_HDR_SEL0_RNG)) | ||
1208 | talitos_unregister_rng(dev); | ||
1209 | |||
1210 | kfree(priv->tail); | ||
1211 | kfree(priv->head); | ||
1212 | |||
1213 | if (priv->fifo) | ||
1214 | for (i = 0; i < priv->num_channels; i++) | ||
1215 | kfree(priv->fifo[i]); | ||
1216 | |||
1217 | kfree(priv->fifo); | ||
1218 | kfree(priv->head_lock); | ||
1219 | kfree(priv->tail_lock); | ||
1220 | |||
1221 | if (priv->irq != NO_IRQ) { | ||
1222 | free_irq(priv->irq, dev); | ||
1223 | irq_dispose_mapping(priv->irq); | ||
1224 | } | ||
1225 | |||
1226 | tasklet_kill(&priv->done_task); | ||
1227 | tasklet_kill(&priv->error_task); | ||
1228 | |||
1229 | iounmap(priv->reg); | ||
1230 | |||
1231 | dev_set_drvdata(dev, NULL); | ||
1232 | |||
1233 | kfree(priv); | ||
1234 | |||
1235 | return 0; | ||
1236 | } | ||
1237 | |||
1238 | static struct talitos_crypto_alg *talitos_alg_alloc(struct device *dev, | ||
1239 | struct talitos_alg_template | ||
1240 | *template) | ||
1241 | { | ||
1242 | struct talitos_crypto_alg *t_alg; | ||
1243 | struct crypto_alg *alg; | ||
1244 | |||
1245 | t_alg = kzalloc(sizeof(struct talitos_crypto_alg), GFP_KERNEL); | ||
1246 | if (!t_alg) | ||
1247 | return ERR_PTR(-ENOMEM); | ||
1248 | |||
1249 | alg = &t_alg->crypto_alg; | ||
1250 | |||
1251 | snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", template->name); | ||
1252 | snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", | ||
1253 | template->driver_name); | ||
1254 | alg->cra_module = THIS_MODULE; | ||
1255 | alg->cra_init = talitos_cra_init; | ||
1256 | alg->cra_priority = TALITOS_CRA_PRIORITY; | ||
1257 | alg->cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC; | ||
1258 | alg->cra_blocksize = template->blocksize; | ||
1259 | alg->cra_alignmask = 0; | ||
1260 | alg->cra_type = &crypto_aead_type; | ||
1261 | alg->cra_ctxsize = sizeof(struct talitos_ctx); | ||
1262 | alg->cra_u.aead = template->aead; | ||
1263 | |||
1264 | t_alg->desc_hdr_template = template->desc_hdr_template; | ||
1265 | t_alg->dev = dev; | ||
1266 | |||
1267 | return t_alg; | ||
1268 | } | ||
1269 | |||
1270 | static int talitos_probe(struct of_device *ofdev, | ||
1271 | const struct of_device_id *match) | ||
1272 | { | ||
1273 | struct device *dev = &ofdev->dev; | ||
1274 | struct device_node *np = ofdev->node; | ||
1275 | struct talitos_private *priv; | ||
1276 | const unsigned int *prop; | ||
1277 | int i, err; | ||
1278 | |||
1279 | priv = kzalloc(sizeof(struct talitos_private), GFP_KERNEL); | ||
1280 | if (!priv) | ||
1281 | return -ENOMEM; | ||
1282 | |||
1283 | dev_set_drvdata(dev, priv); | ||
1284 | |||
1285 | priv->ofdev = ofdev; | ||
1286 | |||
1287 | tasklet_init(&priv->done_task, talitos_done, (unsigned long)dev); | ||
1288 | tasklet_init(&priv->error_task, talitos_error, (unsigned long)dev); | ||
1289 | |||
1290 | priv->irq = irq_of_parse_and_map(np, 0); | ||
1291 | |||
1292 | if (priv->irq == NO_IRQ) { | ||
1293 | dev_err(dev, "failed to map irq\n"); | ||
1294 | err = -EINVAL; | ||
1295 | goto err_out; | ||
1296 | } | ||
1297 | |||
1298 | /* get the irq line */ | ||
1299 | err = request_irq(priv->irq, talitos_interrupt, 0, | ||
1300 | dev_driver_string(dev), dev); | ||
1301 | if (err) { | ||
1302 | dev_err(dev, "failed to request irq %d\n", priv->irq); | ||
1303 | irq_dispose_mapping(priv->irq); | ||
1304 | priv->irq = NO_IRQ; | ||
1305 | goto err_out; | ||
1306 | } | ||
1307 | |||
1308 | priv->reg = of_iomap(np, 0); | ||
1309 | if (!priv->reg) { | ||
1310 | dev_err(dev, "failed to of_iomap\n"); | ||
1311 | err = -ENOMEM; | ||
1312 | goto err_out; | ||
1313 | } | ||
1314 | |||
1315 | /* get SEC version capabilities from device tree */ | ||
1316 | prop = of_get_property(np, "fsl,num-channels", NULL); | ||
1317 | if (prop) | ||
1318 | priv->num_channels = *prop; | ||
1319 | |||
1320 | prop = of_get_property(np, "fsl,channel-fifo-len", NULL); | ||
1321 | if (prop) | ||
1322 | priv->chfifo_len = *prop; | ||
1323 | |||
1324 | prop = of_get_property(np, "fsl,exec-units-mask", NULL); | ||
1325 | if (prop) | ||
1326 | priv->exec_units = *prop; | ||
1327 | |||
1328 | prop = of_get_property(np, "fsl,descriptor-types-mask", NULL); | ||
1329 | if (prop) | ||
1330 | priv->desc_types = *prop; | ||
1331 | |||
1332 | if (!is_power_of_2(priv->num_channels) || !priv->chfifo_len || | ||
1333 | !priv->exec_units || !priv->desc_types) { | ||
1334 | dev_err(dev, "invalid property data in device tree node\n"); | ||
1335 | err = -EINVAL; | ||
1336 | goto err_out; | ||
1337 | } | ||
1338 | |||
1339 | of_node_put(np); | ||
1340 | np = NULL; | ||
1341 | |||
1342 | priv->head_lock = kmalloc(sizeof(spinlock_t) * priv->num_channels, | ||
1343 | GFP_KERNEL); | ||
1344 | priv->tail_lock = kmalloc(sizeof(spinlock_t) * priv->num_channels, | ||
1345 | GFP_KERNEL); | ||
1346 | if (!priv->head_lock || !priv->tail_lock) { | ||
1347 | dev_err(dev, "failed to allocate fifo locks\n"); | ||
1348 | err = -ENOMEM; | ||
1349 | goto err_out; | ||
1350 | } | ||
1351 | |||
1352 | for (i = 0; i < priv->num_channels; i++) { | ||
1353 | spin_lock_init(&priv->head_lock[i]); | ||
1354 | spin_lock_init(&priv->tail_lock[i]); | ||
1355 | } | ||
1356 | |||
1357 | priv->fifo = kmalloc(sizeof(struct talitos_request *) * | ||
1358 | priv->num_channels, GFP_KERNEL); | ||
1359 | if (!priv->fifo) { | ||
1360 | dev_err(dev, "failed to allocate request fifo\n"); | ||
1361 | err = -ENOMEM; | ||
1362 | goto err_out; | ||
1363 | } | ||
1364 | |||
1365 | priv->fifo_len = roundup_pow_of_two(priv->chfifo_len); | ||
1366 | |||
1367 | for (i = 0; i < priv->num_channels; i++) { | ||
1368 | priv->fifo[i] = kzalloc(sizeof(struct talitos_request) * | ||
1369 | priv->fifo_len, GFP_KERNEL); | ||
1370 | if (!priv->fifo[i]) { | ||
1371 | dev_err(dev, "failed to allocate request fifo %d\n", i); | ||
1372 | err = -ENOMEM; | ||
1373 | goto err_out; | ||
1374 | } | ||
1375 | } | ||
1376 | |||
1377 | priv->head = kzalloc(sizeof(int) * priv->num_channels, GFP_KERNEL); | ||
1378 | priv->tail = kzalloc(sizeof(int) * priv->num_channels, GFP_KERNEL); | ||
1379 | if (!priv->head || !priv->tail) { | ||
1380 | dev_err(dev, "failed to allocate request index space\n"); | ||
1381 | err = -ENOMEM; | ||
1382 | goto err_out; | ||
1383 | } | ||
1384 | |||
1385 | /* reset and initialize the h/w */ | ||
1386 | err = init_device(dev); | ||
1387 | if (err) { | ||
1388 | dev_err(dev, "failed to initialize device\n"); | ||
1389 | goto err_out; | ||
1390 | } | ||
1391 | |||
1392 | /* register the RNG, if available */ | ||
1393 | if (hw_supports(dev, DESC_HDR_SEL0_RNG)) { | ||
1394 | err = talitos_register_rng(dev); | ||
1395 | if (err) { | ||
1396 | dev_err(dev, "failed to register hwrng: %d\n", err); | ||
1397 | goto err_out; | ||
1398 | } else | ||
1399 | dev_info(dev, "hwrng\n"); | ||
1400 | } | ||
1401 | |||
1402 | /* register crypto algorithms the device supports */ | ||
1403 | INIT_LIST_HEAD(&priv->alg_list); | ||
1404 | |||
1405 | for (i = 0; i < ARRAY_SIZE(driver_algs); i++) { | ||
1406 | if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { | ||
1407 | struct talitos_crypto_alg *t_alg; | ||
1408 | |||
1409 | t_alg = talitos_alg_alloc(dev, &driver_algs[i]); | ||
1410 | if (IS_ERR(t_alg)) { | ||
1411 | err = PTR_ERR(t_alg); | ||
1412 | goto err_out; | ||
1413 | } | ||
1414 | |||
1415 | err = crypto_register_alg(&t_alg->crypto_alg); | ||
1416 | if (err) { | ||
1417 | dev_err(dev, "%s alg registration failed\n", | ||
1418 | t_alg->crypto_alg.cra_driver_name); | ||
1419 | kfree(t_alg); | ||
1420 | } else { | ||
1421 | list_add_tail(&t_alg->entry, &priv->alg_list); | ||
1422 | dev_info(dev, "%s\n", | ||
1423 | t_alg->crypto_alg.cra_driver_name); | ||
1424 | } | ||
1425 | } | ||
1426 | } | ||
1427 | |||
1428 | return 0; | ||
1429 | |||
1430 | err_out: | ||
1431 | talitos_remove(ofdev); | ||
1432 | if (np) | ||
1433 | of_node_put(np); | ||
1434 | |||
1435 | return err; | ||
1436 | } | ||
1437 | |||
1438 | static struct of_device_id talitos_match[] = { | ||
1439 | { | ||
1440 | .compatible = "fsl,sec2.0", | ||
1441 | }, | ||
1442 | {}, | ||
1443 | }; | ||
1444 | MODULE_DEVICE_TABLE(of, talitos_match); | ||
1445 | |||
1446 | static struct of_platform_driver talitos_driver = { | ||
1447 | .name = "talitos", | ||
1448 | .match_table = talitos_match, | ||
1449 | .probe = talitos_probe, | ||
1450 | .remove = __devexit_p(talitos_remove), | ||
1451 | }; | ||
1452 | |||
1453 | static int __init talitos_init(void) | ||
1454 | { | ||
1455 | return of_register_platform_driver(&talitos_driver); | ||
1456 | } | ||
1457 | module_init(talitos_init); | ||
1458 | |||
1459 | static void __exit talitos_exit(void) | ||
1460 | { | ||
1461 | of_unregister_platform_driver(&talitos_driver); | ||
1462 | } | ||
1463 | module_exit(talitos_exit); | ||
1464 | |||
1465 | MODULE_LICENSE("GPL"); | ||
1466 | MODULE_AUTHOR("Kim Phillips <kim.phillips@freescale.com>"); | ||
1467 | MODULE_DESCRIPTION("Freescale integrated security engine (SEC) driver"); | ||