aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/crypto')
-rw-r--r--drivers/crypto/Kconfig16
-rw-r--r--drivers/crypto/Makefile1
-rw-r--r--drivers/crypto/talitos.c1467
-rw-r--r--drivers/crypto/talitos.h200
4 files changed, 1684 insertions, 0 deletions
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 43b71b69daa5..249c1358058e 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -174,4 +174,20 @@ config CRYPTO_DEV_HIFN_795X_RNG
174 Select this option if you want to enable the random number generator 174 Select this option if you want to enable the random number generator
175 on the HIFN 795x crypto adapters. 175 on the HIFN 795x crypto adapters.
176 176
177config CRYPTO_DEV_TALITOS
178 tristate "Talitos Freescale Security Engine (SEC)"
179 select CRYPTO_ALGAPI
180 select CRYPTO_AUTHENC
181 select HW_RANDOM
182 depends on FSL_SOC
183 help
184 Say 'Y' here to use the Freescale Security Engine (SEC)
185 to offload cryptographic algorithm computation.
186
187 The Freescale SEC is present on PowerQUICC 'E' processors, such
188 as the MPC8349E and MPC8548E.
189
190 To compile this driver as a module, choose M here: the module
191 will be called talitos.
192
177endif # CRYPTO_HW 193endif # CRYPTO_HW
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index c0327f0dadc5..d29d2cd0e658 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -2,3 +2,4 @@ obj-$(CONFIG_CRYPTO_DEV_PADLOCK_AES) += padlock-aes.o
2obj-$(CONFIG_CRYPTO_DEV_PADLOCK_SHA) += padlock-sha.o 2obj-$(CONFIG_CRYPTO_DEV_PADLOCK_SHA) += padlock-sha.o
3obj-$(CONFIG_CRYPTO_DEV_GEODE) += geode-aes.o 3obj-$(CONFIG_CRYPTO_DEV_GEODE) += geode-aes.o
4obj-$(CONFIG_CRYPTO_DEV_HIFN_795X) += hifn_795x.o 4obj-$(CONFIG_CRYPTO_DEV_HIFN_795X) += hifn_795x.o
5obj-$(CONFIG_CRYPTO_DEV_TALITOS) += talitos.o
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
new file mode 100644
index 000000000000..e12331296a00
--- /dev/null
+++ b/drivers/crypto/talitos.c
@@ -0,0 +1,1467 @@
1/*
2 * talitos - Freescale Integrated Security Engine (SEC) device driver
3 *
4 * Copyright (c) 2008 Freescale Semiconductor, Inc.
5 *
6 * Scatterlist Crypto API glue code copied from files with the following:
7 * Copyright (c) 2006-2007 Herbert Xu <herbert@gondor.apana.org.au>
8 *
9 * Crypto algorithm registration code copied from hifn driver:
10 * 2007+ Copyright (c) Evgeniy Polyakov <johnpol@2ka.mipt.ru>
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 */
27
28#include <linux/kernel.h>
29#include <linux/module.h>
30#include <linux/mod_devicetable.h>
31#include <linux/device.h>
32#include <linux/interrupt.h>
33#include <linux/crypto.h>
34#include <linux/hw_random.h>
35#include <linux/of_platform.h>
36#include <linux/dma-mapping.h>
37#include <linux/io.h>
38#include <linux/spinlock.h>
39#include <linux/rtnetlink.h>
40
41#include <crypto/algapi.h>
42#include <crypto/aes.h>
43#include <crypto/sha.h>
44#include <crypto/aead.h>
45#include <crypto/authenc.h>
46
47#include "talitos.h"
48
49#define TALITOS_TIMEOUT 100000
50#define TALITOS_MAX_DATA_LEN 65535
51
52#define DESC_TYPE(desc_hdr) ((be32_to_cpu(desc_hdr) >> 3) & 0x1f)
53#define PRIMARY_EU(desc_hdr) ((be32_to_cpu(desc_hdr) >> 28) & 0xf)
54#define SECONDARY_EU(desc_hdr) ((be32_to_cpu(desc_hdr) >> 16) & 0xf)
55
56/* descriptor pointer entry */
57struct talitos_ptr {
58 __be16 len; /* length */
59 u8 j_extent; /* jump to sg link table and/or extent */
60 u8 eptr; /* extended address */
61 __be32 ptr; /* address */
62};
63
64/* descriptor */
65struct talitos_desc {
66 __be32 hdr; /* header high bits */
67 __be32 hdr_lo; /* header low bits */
68 struct talitos_ptr ptr[7]; /* ptr/len pair array */
69};
70
71/**
72 * talitos_request - descriptor submission request
73 * @desc: descriptor pointer (kernel virtual)
74 * @dma_desc: descriptor's physical bus address
75 * @callback: whom to call when descriptor processing is done
76 * @context: caller context (optional)
77 */
78struct talitos_request {
79 struct talitos_desc *desc;
80 dma_addr_t dma_desc;
81 void (*callback) (struct device *dev, struct talitos_desc *desc,
82 void *context, int error);
83 void *context;
84};
85
86struct talitos_private {
87 struct device *dev;
88 struct of_device *ofdev;
89 void __iomem *reg;
90 int irq;
91
92 /* SEC version geometry (from device tree node) */
93 unsigned int num_channels;
94 unsigned int chfifo_len;
95 unsigned int exec_units;
96 unsigned int desc_types;
97
98 /* next channel to be assigned next incoming descriptor */
99 atomic_t last_chan;
100
101 /* per-channel request fifo */
102 struct talitos_request **fifo;
103
104 /*
105 * length of the request fifo
106 * fifo_len is chfifo_len rounded up to next power of 2
107 * so we can use bitwise ops to wrap
108 */
109 unsigned int fifo_len;
110
111 /* per-channel index to next free descriptor request */
112 int *head;
113
114 /* per-channel index to next in-progress/done descriptor request */
115 int *tail;
116
117 /* per-channel request submission (head) and release (tail) locks */
118 spinlock_t *head_lock;
119 spinlock_t *tail_lock;
120
121 /* request callback tasklet */
122 struct tasklet_struct done_task;
123 struct tasklet_struct error_task;
124
125 /* list of registered algorithms */
126 struct list_head alg_list;
127
128 /* hwrng device */
129 struct hwrng rng;
130};
131
132/*
133 * map virtual single (contiguous) pointer to h/w descriptor pointer
134 */
135static void map_single_talitos_ptr(struct device *dev,
136 struct talitos_ptr *talitos_ptr,
137 unsigned short len, void *data,
138 unsigned char extent,
139 enum dma_data_direction dir)
140{
141 talitos_ptr->len = cpu_to_be16(len);
142 talitos_ptr->ptr = cpu_to_be32(dma_map_single(dev, data, len, dir));
143 talitos_ptr->j_extent = extent;
144}
145
146/*
147 * unmap bus single (contiguous) h/w descriptor pointer
148 */
149static void unmap_single_talitos_ptr(struct device *dev,
150 struct talitos_ptr *talitos_ptr,
151 enum dma_data_direction dir)
152{
153 dma_unmap_single(dev, be32_to_cpu(talitos_ptr->ptr),
154 be16_to_cpu(talitos_ptr->len), dir);
155}
156
157static int reset_channel(struct device *dev, int ch)
158{
159 struct talitos_private *priv = dev_get_drvdata(dev);
160 unsigned int timeout = TALITOS_TIMEOUT;
161
162 setbits32(priv->reg + TALITOS_CCCR(ch), TALITOS_CCCR_RESET);
163
164 while ((in_be32(priv->reg + TALITOS_CCCR(ch)) & TALITOS_CCCR_RESET)
165 && --timeout)
166 cpu_relax();
167
168 if (timeout == 0) {
169 dev_err(dev, "failed to reset channel %d\n", ch);
170 return -EIO;
171 }
172
173 /* set done writeback and IRQ */
174 setbits32(priv->reg + TALITOS_CCCR_LO(ch), TALITOS_CCCR_LO_CDWE |
175 TALITOS_CCCR_LO_CDIE);
176
177 return 0;
178}
179
180static int reset_device(struct device *dev)
181{
182 struct talitos_private *priv = dev_get_drvdata(dev);
183 unsigned int timeout = TALITOS_TIMEOUT;
184
185 setbits32(priv->reg + TALITOS_MCR, TALITOS_MCR_SWR);
186
187 while ((in_be32(priv->reg + TALITOS_MCR) & TALITOS_MCR_SWR)
188 && --timeout)
189 cpu_relax();
190
191 if (timeout == 0) {
192 dev_err(dev, "failed to reset device\n");
193 return -EIO;
194 }
195
196 return 0;
197}
198
199/*
200 * Reset and initialize the device
201 */
202static int init_device(struct device *dev)
203{
204 struct talitos_private *priv = dev_get_drvdata(dev);
205 int ch, err;
206
207 /*
208 * Master reset
209 * errata documentation: warning: certain SEC interrupts
210 * are not fully cleared by writing the MCR:SWR bit,
211 * set bit twice to completely reset
212 */
213 err = reset_device(dev);
214 if (err)
215 return err;
216
217 err = reset_device(dev);
218 if (err)
219 return err;
220
221 /* reset channels */
222 for (ch = 0; ch < priv->num_channels; ch++) {
223 err = reset_channel(dev, ch);
224 if (err)
225 return err;
226 }
227
228 /* enable channel done and error interrupts */
229 setbits32(priv->reg + TALITOS_IMR, TALITOS_IMR_INIT);
230 setbits32(priv->reg + TALITOS_IMR_LO, TALITOS_IMR_LO_INIT);
231
232 return 0;
233}
234
235/**
236 * talitos_submit - submits a descriptor to the device for processing
237 * @dev: the SEC device to be used
238 * @desc: the descriptor to be processed by the device
239 * @callback: whom to call when processing is complete
240 * @context: a handle for use by caller (optional)
241 *
242 * desc must contain valid dma-mapped (bus physical) address pointers.
243 * callback must check err and feedback in descriptor header
244 * for device processing status.
245 */
246static int talitos_submit(struct device *dev, struct talitos_desc *desc,
247 void (*callback)(struct device *dev,
248 struct talitos_desc *desc,
249 void *context, int error),
250 void *context)
251{
252 struct talitos_private *priv = dev_get_drvdata(dev);
253 struct talitos_request *request;
254 unsigned long flags, ch;
255 int head;
256
257 /* select done notification */
258 desc->hdr |= DESC_HDR_DONE_NOTIFY;
259
260 /* emulate SEC's round-robin channel fifo polling scheme */
261 ch = atomic_inc_return(&priv->last_chan) & (priv->num_channels - 1);
262
263 spin_lock_irqsave(&priv->head_lock[ch], flags);
264
265 head = priv->head[ch];
266 request = &priv->fifo[ch][head];
267
268 if (request->desc) {
269 /* request queue is full */
270 spin_unlock_irqrestore(&priv->head_lock[ch], flags);
271 return -EAGAIN;
272 }
273
274 /* map descriptor and save caller data */
275 request->dma_desc = dma_map_single(dev, desc, sizeof(*desc),
276 DMA_BIDIRECTIONAL);
277 request->callback = callback;
278 request->context = context;
279
280 /* increment fifo head */
281 priv->head[ch] = (priv->head[ch] + 1) & (priv->fifo_len - 1);
282
283 smp_wmb();
284 request->desc = desc;
285
286 /* GO! */
287 wmb();
288 out_be32(priv->reg + TALITOS_FF_LO(ch), request->dma_desc);
289
290 spin_unlock_irqrestore(&priv->head_lock[ch], flags);
291
292 return -EINPROGRESS;
293}
294
295/*
296 * process what was done, notify callback of error if not
297 */
298static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
299{
300 struct talitos_private *priv = dev_get_drvdata(dev);
301 struct talitos_request *request, saved_req;
302 unsigned long flags;
303 int tail, status;
304
305 spin_lock_irqsave(&priv->tail_lock[ch], flags);
306
307 tail = priv->tail[ch];
308 while (priv->fifo[ch][tail].desc) {
309 request = &priv->fifo[ch][tail];
310
311 /* descriptors with their done bits set don't get the error */
312 rmb();
313 if ((request->desc->hdr & DESC_HDR_DONE) == DESC_HDR_DONE)
314 status = 0;
315 else
316 if (!error)
317 break;
318 else
319 status = error;
320
321 dma_unmap_single(dev, request->dma_desc,
322 sizeof(struct talitos_desc), DMA_BIDIRECTIONAL);
323
324 /* copy entries so we can call callback outside lock */
325 saved_req.desc = request->desc;
326 saved_req.callback = request->callback;
327 saved_req.context = request->context;
328
329 /* release request entry in fifo */
330 smp_wmb();
331 request->desc = NULL;
332
333 /* increment fifo tail */
334 priv->tail[ch] = (tail + 1) & (priv->fifo_len - 1);
335
336 spin_unlock_irqrestore(&priv->tail_lock[ch], flags);
337 saved_req.callback(dev, saved_req.desc, saved_req.context,
338 status);
339 /* channel may resume processing in single desc error case */
340 if (error && !reset_ch && status == error)
341 return;
342 spin_lock_irqsave(&priv->tail_lock[ch], flags);
343 tail = priv->tail[ch];
344 }
345
346 spin_unlock_irqrestore(&priv->tail_lock[ch], flags);
347}
348
349/*
350 * process completed requests for channels that have done status
351 */
352static void talitos_done(unsigned long data)
353{
354 struct device *dev = (struct device *)data;
355 struct talitos_private *priv = dev_get_drvdata(dev);
356 int ch;
357
358 for (ch = 0; ch < priv->num_channels; ch++)
359 flush_channel(dev, ch, 0, 0);
360}
361
362/*
363 * locate current (offending) descriptor
364 */
365static struct talitos_desc *current_desc(struct device *dev, int ch)
366{
367 struct talitos_private *priv = dev_get_drvdata(dev);
368 int tail = priv->tail[ch];
369 dma_addr_t cur_desc;
370
371 cur_desc = in_be32(priv->reg + TALITOS_CDPR_LO(ch));
372
373 while (priv->fifo[ch][tail].dma_desc != cur_desc) {
374 tail = (tail + 1) & (priv->fifo_len - 1);
375 if (tail == priv->tail[ch]) {
376 dev_err(dev, "couldn't locate current descriptor\n");
377 return NULL;
378 }
379 }
380
381 return priv->fifo[ch][tail].desc;
382}
383
384/*
385 * user diagnostics; report root cause of error based on execution unit status
386 */
387static void report_eu_error(struct device *dev, int ch, struct talitos_desc *desc)
388{
389 struct talitos_private *priv = dev_get_drvdata(dev);
390 int i;
391
392 switch (desc->hdr & DESC_HDR_SEL0_MASK) {
393 case DESC_HDR_SEL0_AFEU:
394 dev_err(dev, "AFEUISR 0x%08x_%08x\n",
395 in_be32(priv->reg + TALITOS_AFEUISR),
396 in_be32(priv->reg + TALITOS_AFEUISR_LO));
397 break;
398 case DESC_HDR_SEL0_DEU:
399 dev_err(dev, "DEUISR 0x%08x_%08x\n",
400 in_be32(priv->reg + TALITOS_DEUISR),
401 in_be32(priv->reg + TALITOS_DEUISR_LO));
402 break;
403 case DESC_HDR_SEL0_MDEUA:
404 case DESC_HDR_SEL0_MDEUB:
405 dev_err(dev, "MDEUISR 0x%08x_%08x\n",
406 in_be32(priv->reg + TALITOS_MDEUISR),
407 in_be32(priv->reg + TALITOS_MDEUISR_LO));
408 break;
409 case DESC_HDR_SEL0_RNG:
410 dev_err(dev, "RNGUISR 0x%08x_%08x\n",
411 in_be32(priv->reg + TALITOS_RNGUISR),
412 in_be32(priv->reg + TALITOS_RNGUISR_LO));
413 break;
414 case DESC_HDR_SEL0_PKEU:
415 dev_err(dev, "PKEUISR 0x%08x_%08x\n",
416 in_be32(priv->reg + TALITOS_PKEUISR),
417 in_be32(priv->reg + TALITOS_PKEUISR_LO));
418 break;
419 case DESC_HDR_SEL0_AESU:
420 dev_err(dev, "AESUISR 0x%08x_%08x\n",
421 in_be32(priv->reg + TALITOS_AESUISR),
422 in_be32(priv->reg + TALITOS_AESUISR_LO));
423 break;
424 case DESC_HDR_SEL0_CRCU:
425 dev_err(dev, "CRCUISR 0x%08x_%08x\n",
426 in_be32(priv->reg + TALITOS_CRCUISR),
427 in_be32(priv->reg + TALITOS_CRCUISR_LO));
428 break;
429 case DESC_HDR_SEL0_KEU:
430 dev_err(dev, "KEUISR 0x%08x_%08x\n",
431 in_be32(priv->reg + TALITOS_KEUISR),
432 in_be32(priv->reg + TALITOS_KEUISR_LO));
433 break;
434 }
435
436 switch (desc->hdr & DESC_HDR_SEL1_MASK) {
437 case DESC_HDR_SEL1_MDEUA:
438 case DESC_HDR_SEL1_MDEUB:
439 dev_err(dev, "MDEUISR 0x%08x_%08x\n",
440 in_be32(priv->reg + TALITOS_MDEUISR),
441 in_be32(priv->reg + TALITOS_MDEUISR_LO));
442 break;
443 case DESC_HDR_SEL1_CRCU:
444 dev_err(dev, "CRCUISR 0x%08x_%08x\n",
445 in_be32(priv->reg + TALITOS_CRCUISR),
446 in_be32(priv->reg + TALITOS_CRCUISR_LO));
447 break;
448 }
449
450 for (i = 0; i < 8; i++)
451 dev_err(dev, "DESCBUF 0x%08x_%08x\n",
452 in_be32(priv->reg + TALITOS_DESCBUF(ch) + 8*i),
453 in_be32(priv->reg + TALITOS_DESCBUF_LO(ch) + 8*i));
454}
455
456/*
457 * recover from error interrupts
458 */
459static void talitos_error(unsigned long data)
460{
461 struct device *dev = (struct device *)data;
462 struct talitos_private *priv = dev_get_drvdata(dev);
463 unsigned int timeout = TALITOS_TIMEOUT;
464 int ch, error, reset_dev = 0, reset_ch = 0;
465 u32 isr, isr_lo, v, v_lo;
466
467 isr = in_be32(priv->reg + TALITOS_ISR);
468 isr_lo = in_be32(priv->reg + TALITOS_ISR_LO);
469
470 for (ch = 0; ch < priv->num_channels; ch++) {
471 /* skip channels without errors */
472 if (!(isr & (1 << (ch * 2 + 1))))
473 continue;
474
475 error = -EINVAL;
476
477 v = in_be32(priv->reg + TALITOS_CCPSR(ch));
478 v_lo = in_be32(priv->reg + TALITOS_CCPSR_LO(ch));
479
480 if (v_lo & TALITOS_CCPSR_LO_DOF) {
481 dev_err(dev, "double fetch fifo overflow error\n");
482 error = -EAGAIN;
483 reset_ch = 1;
484 }
485 if (v_lo & TALITOS_CCPSR_LO_SOF) {
486 /* h/w dropped descriptor */
487 dev_err(dev, "single fetch fifo overflow error\n");
488 error = -EAGAIN;
489 }
490 if (v_lo & TALITOS_CCPSR_LO_MDTE)
491 dev_err(dev, "master data transfer error\n");
492 if (v_lo & TALITOS_CCPSR_LO_SGDLZ)
493 dev_err(dev, "s/g data length zero error\n");
494 if (v_lo & TALITOS_CCPSR_LO_FPZ)
495 dev_err(dev, "fetch pointer zero error\n");
496 if (v_lo & TALITOS_CCPSR_LO_IDH)
497 dev_err(dev, "illegal descriptor header error\n");
498 if (v_lo & TALITOS_CCPSR_LO_IEU)
499 dev_err(dev, "invalid execution unit error\n");
500 if (v_lo & TALITOS_CCPSR_LO_EU)
501 report_eu_error(dev, ch, current_desc(dev, ch));
502 if (v_lo & TALITOS_CCPSR_LO_GB)
503 dev_err(dev, "gather boundary error\n");
504 if (v_lo & TALITOS_CCPSR_LO_GRL)
505 dev_err(dev, "gather return/length error\n");
506 if (v_lo & TALITOS_CCPSR_LO_SB)
507 dev_err(dev, "scatter boundary error\n");
508 if (v_lo & TALITOS_CCPSR_LO_SRL)
509 dev_err(dev, "scatter return/length error\n");
510
511 flush_channel(dev, ch, error, reset_ch);
512
513 if (reset_ch) {
514 reset_channel(dev, ch);
515 } else {
516 setbits32(priv->reg + TALITOS_CCCR(ch),
517 TALITOS_CCCR_CONT);
518 setbits32(priv->reg + TALITOS_CCCR_LO(ch), 0);
519 while ((in_be32(priv->reg + TALITOS_CCCR(ch)) &
520 TALITOS_CCCR_CONT) && --timeout)
521 cpu_relax();
522 if (timeout == 0) {
523 dev_err(dev, "failed to restart channel %d\n",
524 ch);
525 reset_dev = 1;
526 }
527 }
528 }
529 if (reset_dev || isr & ~TALITOS_ISR_CHERR || isr_lo) {
530 dev_err(dev, "done overflow, internal time out, or rngu error: "
531 "ISR 0x%08x_%08x\n", isr, isr_lo);
532
533 /* purge request queues */
534 for (ch = 0; ch < priv->num_channels; ch++)
535 flush_channel(dev, ch, -EIO, 1);
536
537 /* reset and reinitialize the device */
538 init_device(dev);
539 }
540}
541
542static irqreturn_t talitos_interrupt(int irq, void *data)
543{
544 struct device *dev = data;
545 struct talitos_private *priv = dev_get_drvdata(dev);
546 u32 isr, isr_lo;
547
548 isr = in_be32(priv->reg + TALITOS_ISR);
549 isr_lo = in_be32(priv->reg + TALITOS_ISR_LO);
550
551 /* ack */
552 out_be32(priv->reg + TALITOS_ICR, isr);
553 out_be32(priv->reg + TALITOS_ICR_LO, isr_lo);
554
555 if (unlikely((isr & ~TALITOS_ISR_CHDONE) || isr_lo))
556 talitos_error((unsigned long)data);
557 else
558 if (likely(isr & TALITOS_ISR_CHDONE))
559 tasklet_schedule(&priv->done_task);
560
561 return (isr || isr_lo) ? IRQ_HANDLED : IRQ_NONE;
562}
563
564/*
565 * hwrng
566 */
567static int talitos_rng_data_present(struct hwrng *rng, int wait)
568{
569 struct device *dev = (struct device *)rng->priv;
570 struct talitos_private *priv = dev_get_drvdata(dev);
571 u32 ofl;
572 int i;
573
574 for (i = 0; i < 20; i++) {
575 ofl = in_be32(priv->reg + TALITOS_RNGUSR_LO) &
576 TALITOS_RNGUSR_LO_OFL;
577 if (ofl || !wait)
578 break;
579 udelay(10);
580 }
581
582 return !!ofl;
583}
584
585static int talitos_rng_data_read(struct hwrng *rng, u32 *data)
586{
587 struct device *dev = (struct device *)rng->priv;
588 struct talitos_private *priv = dev_get_drvdata(dev);
589
590 /* rng fifo requires 64-bit accesses */
591 *data = in_be32(priv->reg + TALITOS_RNGU_FIFO);
592 *data = in_be32(priv->reg + TALITOS_RNGU_FIFO_LO);
593
594 return sizeof(u32);
595}
596
597static int talitos_rng_init(struct hwrng *rng)
598{
599 struct device *dev = (struct device *)rng->priv;
600 struct talitos_private *priv = dev_get_drvdata(dev);
601 unsigned int timeout = TALITOS_TIMEOUT;
602
603 setbits32(priv->reg + TALITOS_RNGURCR_LO, TALITOS_RNGURCR_LO_SR);
604 while (!(in_be32(priv->reg + TALITOS_RNGUSR_LO) & TALITOS_RNGUSR_LO_RD)
605 && --timeout)
606 cpu_relax();
607 if (timeout == 0) {
608 dev_err(dev, "failed to reset rng hw\n");
609 return -ENODEV;
610 }
611
612 /* start generating */
613 setbits32(priv->reg + TALITOS_RNGUDSR_LO, 0);
614
615 return 0;
616}
617
618static int talitos_register_rng(struct device *dev)
619{
620 struct talitos_private *priv = dev_get_drvdata(dev);
621
622 priv->rng.name = dev_driver_string(dev),
623 priv->rng.init = talitos_rng_init,
624 priv->rng.data_present = talitos_rng_data_present,
625 priv->rng.data_read = talitos_rng_data_read,
626 priv->rng.priv = (unsigned long)dev;
627
628 return hwrng_register(&priv->rng);
629}
630
631static void talitos_unregister_rng(struct device *dev)
632{
633 struct talitos_private *priv = dev_get_drvdata(dev);
634
635 hwrng_unregister(&priv->rng);
636}
637
638/*
639 * crypto alg
640 */
641#define TALITOS_CRA_PRIORITY 3000
642#define TALITOS_MAX_KEY_SIZE 64
643#define TALITOS_MAX_AUTH_SIZE 20
644#define TALITOS_AES_MIN_BLOCK_SIZE 16
645#define TALITOS_AES_IV_LENGTH 16
646
647struct talitos_ctx {
648 struct device *dev;
649 __be32 desc_hdr_template;
650 u8 key[TALITOS_MAX_KEY_SIZE];
651 u8 iv[TALITOS_AES_IV_LENGTH];
652 unsigned int keylen;
653 unsigned int enckeylen;
654 unsigned int authkeylen;
655 unsigned int authsize;
656};
657
658static int aes_cbc_sha1_hmac_authenc_setauthsize(struct crypto_aead *authenc,
659 unsigned int authsize)
660{
661 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
662
663 ctx->authsize = authsize;
664
665 return 0;
666}
667
668static int aes_cbc_sha1_hmac_authenc_setkey(struct crypto_aead *authenc,
669 const u8 *key, unsigned int keylen)
670{
671 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
672 struct rtattr *rta = (void *)key;
673 struct crypto_authenc_key_param *param;
674 unsigned int authkeylen;
675 unsigned int enckeylen;
676
677 if (!RTA_OK(rta, keylen))
678 goto badkey;
679
680 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
681 goto badkey;
682
683 if (RTA_PAYLOAD(rta) < sizeof(*param))
684 goto badkey;
685
686 param = RTA_DATA(rta);
687 enckeylen = be32_to_cpu(param->enckeylen);
688
689 key += RTA_ALIGN(rta->rta_len);
690 keylen -= RTA_ALIGN(rta->rta_len);
691
692 if (keylen < enckeylen)
693 goto badkey;
694
695 authkeylen = keylen - enckeylen;
696
697 if (keylen > TALITOS_MAX_KEY_SIZE)
698 goto badkey;
699
700 memcpy(&ctx->key, key, keylen);
701
702 ctx->keylen = keylen;
703 ctx->enckeylen = enckeylen;
704 ctx->authkeylen = authkeylen;
705
706 return 0;
707
708badkey:
709 crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
710 return -EINVAL;
711}
712
713/*
714 * ipsec_esp_edesc - s/w-extended ipsec_esp descriptor
715 * @src_nents: number of segments in input scatterlist
716 * @dst_nents: number of segments in output scatterlist
717 * @dma_len: length of dma mapped link_tbl space
718 * @dma_link_tbl: bus physical address of link_tbl
719 * @desc: h/w descriptor
720 * @link_tbl: input and output h/w link tables (if {src,dst}_nents > 1)
721 *
722 * if decrypting (with authcheck), or either one of src_nents or dst_nents
723 * is greater than 1, an integrity check value is concatenated to the end
724 * of link_tbl data
725 */
726struct ipsec_esp_edesc {
727 int src_nents;
728 int dst_nents;
729 int dma_len;
730 dma_addr_t dma_link_tbl;
731 struct talitos_desc desc;
732 struct talitos_ptr link_tbl[0];
733};
734
735static void ipsec_esp_unmap(struct device *dev,
736 struct ipsec_esp_edesc *edesc,
737 struct aead_request *areq)
738{
739 unmap_single_talitos_ptr(dev, &edesc->desc.ptr[6], DMA_FROM_DEVICE);
740 unmap_single_talitos_ptr(dev, &edesc->desc.ptr[3], DMA_TO_DEVICE);
741 unmap_single_talitos_ptr(dev, &edesc->desc.ptr[2], DMA_TO_DEVICE);
742 unmap_single_talitos_ptr(dev, &edesc->desc.ptr[0], DMA_TO_DEVICE);
743
744 dma_unmap_sg(dev, areq->assoc, 1, DMA_TO_DEVICE);
745
746 if (areq->src != areq->dst) {
747 dma_unmap_sg(dev, areq->src, edesc->src_nents ? : 1,
748 DMA_TO_DEVICE);
749 dma_unmap_sg(dev, areq->dst, edesc->dst_nents ? : 1,
750 DMA_FROM_DEVICE);
751 } else {
752 dma_unmap_sg(dev, areq->src, edesc->src_nents ? : 1,
753 DMA_BIDIRECTIONAL);
754 }
755
756 if (edesc->dma_len)
757 dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
758 DMA_BIDIRECTIONAL);
759}
760
761/*
762 * ipsec_esp descriptor callbacks
763 */
764static void ipsec_esp_encrypt_done(struct device *dev,
765 struct talitos_desc *desc, void *context,
766 int err)
767{
768 struct aead_request *areq = context;
769 struct ipsec_esp_edesc *edesc =
770 container_of(desc, struct ipsec_esp_edesc, desc);
771 struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
772 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
773 struct scatterlist *sg;
774 void *icvdata;
775
776 ipsec_esp_unmap(dev, edesc, areq);
777
778 /* copy the generated ICV to dst */
779 if (edesc->dma_len) {
780 icvdata = &edesc->link_tbl[edesc->src_nents +
781 edesc->dst_nents + 1];
782 sg = sg_last(areq->dst, edesc->dst_nents);
783 memcpy((char *)sg_virt(sg) + sg->length - ctx->authsize,
784 icvdata, ctx->authsize);
785 }
786
787 kfree(edesc);
788
789 aead_request_complete(areq, err);
790}
791
792static void ipsec_esp_decrypt_done(struct device *dev,
793 struct talitos_desc *desc, void *context,
794 int err)
795{
796 struct aead_request *req = context;
797 struct ipsec_esp_edesc *edesc =
798 container_of(desc, struct ipsec_esp_edesc, desc);
799 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
800 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
801 struct scatterlist *sg;
802 void *icvdata;
803
804 ipsec_esp_unmap(dev, edesc, req);
805
806 if (!err) {
807 /* auth check */
808 if (edesc->dma_len)
809 icvdata = &edesc->link_tbl[edesc->src_nents +
810 edesc->dst_nents + 1];
811 else
812 icvdata = &edesc->link_tbl[0];
813
814 sg = sg_last(req->dst, edesc->dst_nents ? : 1);
815 err = memcmp(icvdata, (char *)sg_virt(sg) + sg->length -
816 ctx->authsize, ctx->authsize) ? -EBADMSG : 0;
817 }
818
819 kfree(edesc);
820
821 aead_request_complete(req, err);
822}
823
824/*
825 * convert scatterlist to SEC h/w link table format
826 * stop at cryptlen bytes
827 */
828static void sg_to_link_tbl(struct scatterlist *sg, int sg_count,
829 int cryptlen, struct talitos_ptr *link_tbl_ptr)
830{
831 while (cryptlen > 0) {
832 link_tbl_ptr->ptr = cpu_to_be32(sg_dma_address(sg));
833 link_tbl_ptr->len = cpu_to_be16(sg_dma_len(sg));
834 link_tbl_ptr->j_extent = 0;
835 link_tbl_ptr++;
836 cryptlen -= sg_dma_len(sg);
837 sg = sg_next(sg);
838 }
839
840 /* adjust (decrease) last entry's len to cryptlen */
841 link_tbl_ptr--;
842 link_tbl_ptr->len = cpu_to_be16(be16_to_cpu(link_tbl_ptr->len)
843 + cryptlen);
844
845 /* tag end of link table */
846 link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN;
847}
848
849/*
850 * fill in and submit ipsec_esp descriptor
851 */
852static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
853 u8 *giv, u64 seq,
854 void (*callback) (struct device *dev,
855 struct talitos_desc *desc,
856 void *context, int error))
857{
858 struct crypto_aead *aead = crypto_aead_reqtfm(areq);
859 struct talitos_ctx *ctx = crypto_aead_ctx(aead);
860 struct device *dev = ctx->dev;
861 struct talitos_desc *desc = &edesc->desc;
862 unsigned int cryptlen = areq->cryptlen;
863 unsigned int authsize = ctx->authsize;
864 unsigned int ivsize;
865 int sg_count;
866
867 /* hmac key */
868 map_single_talitos_ptr(dev, &desc->ptr[0], ctx->authkeylen, &ctx->key,
869 0, DMA_TO_DEVICE);
870 /* hmac data */
871 map_single_talitos_ptr(dev, &desc->ptr[1], sg_virt(areq->src) -
872 sg_virt(areq->assoc), sg_virt(areq->assoc), 0,
873 DMA_TO_DEVICE);
874 /* cipher iv */
875 ivsize = crypto_aead_ivsize(aead);
876 map_single_talitos_ptr(dev, &desc->ptr[2], ivsize, giv ?: areq->iv, 0,
877 DMA_TO_DEVICE);
878
879 /* cipher key */
880 map_single_talitos_ptr(dev, &desc->ptr[3], ctx->enckeylen,
881 (char *)&ctx->key + ctx->authkeylen, 0,
882 DMA_TO_DEVICE);
883
884 /*
885 * cipher in
886 * map and adjust cipher len to aead request cryptlen.
887 * extent is bytes of HMAC postpended to ciphertext,
888 * typically 12 for ipsec
889 */
890 desc->ptr[4].len = cpu_to_be16(cryptlen);
891 desc->ptr[4].j_extent = authsize;
892
893 if (areq->src == areq->dst)
894 sg_count = dma_map_sg(dev, areq->src, edesc->src_nents ? : 1,
895 DMA_BIDIRECTIONAL);
896 else
897 sg_count = dma_map_sg(dev, areq->src, edesc->src_nents ? : 1,
898 DMA_TO_DEVICE);
899
900 if (sg_count == 1) {
901 desc->ptr[4].ptr = cpu_to_be32(sg_dma_address(areq->src));
902 } else {
903 sg_to_link_tbl(areq->src, sg_count, cryptlen,
904 &edesc->link_tbl[0]);
905 desc->ptr[4].j_extent |= DESC_PTR_LNKTBL_JUMP;
906 desc->ptr[4].ptr = cpu_to_be32(edesc->dma_link_tbl);
907 dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl,
908 edesc->dma_len, DMA_BIDIRECTIONAL);
909 }
910
911 /* cipher out */
912 desc->ptr[5].len = cpu_to_be16(cryptlen);
913 desc->ptr[5].j_extent = authsize;
914
915 if (areq->src != areq->dst) {
916 sg_count = dma_map_sg(dev, areq->dst, edesc->dst_nents ? : 1,
917 DMA_FROM_DEVICE);
918 }
919
920 if (sg_count == 1) {
921 desc->ptr[5].ptr = cpu_to_be32(sg_dma_address(areq->dst));
922 } else {
923 struct talitos_ptr *link_tbl_ptr =
924 &edesc->link_tbl[edesc->src_nents];
925 struct scatterlist *sg;
926
927 desc->ptr[5].ptr = cpu_to_be32((struct talitos_ptr *)
928 edesc->dma_link_tbl +
929 edesc->src_nents);
930 if (areq->src == areq->dst) {
931 memcpy(link_tbl_ptr, &edesc->link_tbl[0],
932 edesc->src_nents * sizeof(struct talitos_ptr));
933 } else {
934 sg_to_link_tbl(areq->dst, sg_count, cryptlen,
935 link_tbl_ptr);
936 }
937 link_tbl_ptr += sg_count - 1;
938
939 /* handle case where sg_last contains the ICV exclusively */
940 sg = sg_last(areq->dst, edesc->dst_nents);
941 if (sg->length == ctx->authsize)
942 link_tbl_ptr--;
943
944 link_tbl_ptr->j_extent = 0;
945 link_tbl_ptr++;
946 link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN;
947 link_tbl_ptr->len = cpu_to_be16(authsize);
948
949 /* icv data follows link tables */
950 link_tbl_ptr->ptr = cpu_to_be32((struct talitos_ptr *)
951 edesc->dma_link_tbl +
952 edesc->src_nents +
953 edesc->dst_nents + 1);
954
955 desc->ptr[5].j_extent |= DESC_PTR_LNKTBL_JUMP;
956 dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl,
957 edesc->dma_len, DMA_BIDIRECTIONAL);
958 }
959
960 /* iv out */
961 map_single_talitos_ptr(dev, &desc->ptr[6], ivsize, ctx->iv, 0,
962 DMA_FROM_DEVICE);
963
964 return talitos_submit(dev, desc, callback, areq);
965}
966
967
968/*
969 * derive number of elements in scatterlist
970 */
971static int sg_count(struct scatterlist *sg_list, int nbytes)
972{
973 struct scatterlist *sg = sg_list;
974 int sg_nents = 0;
975
976 while (nbytes) {
977 sg_nents++;
978 nbytes -= sg->length;
979 sg = sg_next(sg);
980 }
981
982 return sg_nents;
983}
984
985/*
986 * allocate and map the ipsec_esp extended descriptor
987 */
988static struct ipsec_esp_edesc *ipsec_esp_edesc_alloc(struct aead_request *areq,
989 int icv_stashing)
990{
991 struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
992 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
993 struct ipsec_esp_edesc *edesc;
994 int src_nents, dst_nents, alloc_len, dma_len;
995
996 if (areq->cryptlen + ctx->authsize > TALITOS_MAX_DATA_LEN) {
997 dev_err(ctx->dev, "cryptlen exceeds h/w max limit\n");
998 return ERR_PTR(-EINVAL);
999 }
1000
1001 src_nents = sg_count(areq->src, areq->cryptlen + ctx->authsize);
1002 src_nents = (src_nents == 1) ? 0 : src_nents;
1003
1004 if (areq->dst == areq->src) {
1005 dst_nents = src_nents;
1006 } else {
1007 dst_nents = sg_count(areq->dst, areq->cryptlen + ctx->authsize);
1008 dst_nents = (dst_nents == 1) ? 0 : src_nents;
1009 }
1010
1011 /*
1012 * allocate space for base edesc plus the link tables,
1013 * allowing for a separate entry for the generated ICV (+ 1),
1014 * and the ICV data itself
1015 */
1016 alloc_len = sizeof(struct ipsec_esp_edesc);
1017 if (src_nents || dst_nents) {
1018 dma_len = (src_nents + dst_nents + 1) *
1019 sizeof(struct talitos_ptr) + ctx->authsize;
1020 alloc_len += dma_len;
1021 } else {
1022 dma_len = 0;
1023 alloc_len += icv_stashing ? ctx->authsize : 0;
1024 }
1025
1026 edesc = kmalloc(alloc_len, GFP_DMA);
1027 if (!edesc) {
1028 dev_err(ctx->dev, "could not allocate edescriptor\n");
1029 return ERR_PTR(-ENOMEM);
1030 }
1031
1032 edesc->src_nents = src_nents;
1033 edesc->dst_nents = dst_nents;
1034 edesc->dma_len = dma_len;
1035 edesc->dma_link_tbl = dma_map_single(ctx->dev, &edesc->link_tbl[0],
1036 edesc->dma_len, DMA_BIDIRECTIONAL);
1037
1038 return edesc;
1039}
1040
1041static int aes_cbc_sha1_hmac_authenc_encrypt(struct aead_request *req)
1042{
1043 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
1044 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
1045 struct ipsec_esp_edesc *edesc;
1046
1047 /* allocate extended descriptor */
1048 edesc = ipsec_esp_edesc_alloc(req, 0);
1049 if (IS_ERR(edesc))
1050 return PTR_ERR(edesc);
1051
1052 /* set encrypt */
1053 edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC;
1054
1055 return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_encrypt_done);
1056}
1057
1058static int aes_cbc_sha1_hmac_authenc_decrypt(struct aead_request *req)
1059{
1060 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
1061 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
1062 unsigned int authsize = ctx->authsize;
1063 struct ipsec_esp_edesc *edesc;
1064 struct scatterlist *sg;
1065 void *icvdata;
1066
1067 req->cryptlen -= authsize;
1068
1069 /* allocate extended descriptor */
1070 edesc = ipsec_esp_edesc_alloc(req, 1);
1071 if (IS_ERR(edesc))
1072 return PTR_ERR(edesc);
1073
1074 /* stash incoming ICV for later cmp with ICV generated by the h/w */
1075 if (edesc->dma_len)
1076 icvdata = &edesc->link_tbl[edesc->src_nents +
1077 edesc->dst_nents + 1];
1078 else
1079 icvdata = &edesc->link_tbl[0];
1080
1081 sg = sg_last(req->src, edesc->src_nents ? : 1);
1082
1083 memcpy(icvdata, (char *)sg_virt(sg) + sg->length - ctx->authsize,
1084 ctx->authsize);
1085
1086 /* decrypt */
1087 edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_DIR_INBOUND;
1088
1089 return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_decrypt_done);
1090}
1091
1092static int aes_cbc_sha1_hmac_authenc_givencrypt(
1093 struct aead_givcrypt_request *req)
1094{
1095 struct aead_request *areq = &req->areq;
1096 struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
1097 struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
1098 struct ipsec_esp_edesc *edesc;
1099
1100 /* allocate extended descriptor */
1101 edesc = ipsec_esp_edesc_alloc(areq, 0);
1102 if (IS_ERR(edesc))
1103 return PTR_ERR(edesc);
1104
1105 /* set encrypt */
1106 edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC;
1107
1108 memcpy(req->giv, ctx->iv, crypto_aead_ivsize(authenc));
1109
1110 return ipsec_esp(edesc, areq, req->giv, req->seq,
1111 ipsec_esp_encrypt_done);
1112}
1113
1114struct talitos_alg_template {
1115 char name[CRYPTO_MAX_ALG_NAME];
1116 char driver_name[CRYPTO_MAX_ALG_NAME];
1117 unsigned int blocksize;
1118 struct aead_alg aead;
1119 struct device *dev;
1120 __be32 desc_hdr_template;
1121};
1122
1123static struct talitos_alg_template driver_algs[] = {
1124 /* single-pass ipsec_esp descriptor */
1125 {
1126 .name = "authenc(hmac(sha1),cbc(aes))",
1127 .driver_name = "authenc(hmac(sha1-talitos),cbc(aes-talitos))",
1128 .blocksize = TALITOS_AES_MIN_BLOCK_SIZE,
1129 .aead = {
1130 .setkey = aes_cbc_sha1_hmac_authenc_setkey,
1131 .setauthsize = aes_cbc_sha1_hmac_authenc_setauthsize,
1132 .encrypt = aes_cbc_sha1_hmac_authenc_encrypt,
1133 .decrypt = aes_cbc_sha1_hmac_authenc_decrypt,
1134 .givencrypt = aes_cbc_sha1_hmac_authenc_givencrypt,
1135 .geniv = "<built-in>",
1136 .ivsize = TALITOS_AES_IV_LENGTH,
1137 .maxauthsize = TALITOS_MAX_AUTH_SIZE,
1138 },
1139 .desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
1140 DESC_HDR_SEL0_AESU |
1141 DESC_HDR_MODE0_AESU_CBC |
1142 DESC_HDR_SEL1_MDEUA |
1143 DESC_HDR_MODE1_MDEU_INIT |
1144 DESC_HDR_MODE1_MDEU_PAD |
1145 DESC_HDR_MODE1_MDEU_SHA1_HMAC,
1146 }
1147};
1148
1149struct talitos_crypto_alg {
1150 struct list_head entry;
1151 struct device *dev;
1152 __be32 desc_hdr_template;
1153 struct crypto_alg crypto_alg;
1154};
1155
1156static int talitos_cra_init(struct crypto_tfm *tfm)
1157{
1158 struct crypto_alg *alg = tfm->__crt_alg;
1159 struct talitos_crypto_alg *talitos_alg =
1160 container_of(alg, struct talitos_crypto_alg, crypto_alg);
1161 struct talitos_ctx *ctx = crypto_tfm_ctx(tfm);
1162
1163 /* update context with ptr to dev */
1164 ctx->dev = talitos_alg->dev;
1165 /* copy descriptor header template value */
1166 ctx->desc_hdr_template = talitos_alg->desc_hdr_template;
1167
1168 /* random first IV */
1169 get_random_bytes(ctx->iv, TALITOS_AES_IV_LENGTH);
1170
1171 return 0;
1172}
1173
1174/*
1175 * given the alg's descriptor header template, determine whether descriptor
1176 * type and primary/secondary execution units required match the hw
1177 * capabilities description provided in the device tree node.
1178 */
1179static int hw_supports(struct device *dev, __be32 desc_hdr_template)
1180{
1181 struct talitos_private *priv = dev_get_drvdata(dev);
1182 int ret;
1183
1184 ret = (1 << DESC_TYPE(desc_hdr_template) & priv->desc_types) &&
1185 (1 << PRIMARY_EU(desc_hdr_template) & priv->exec_units);
1186
1187 if (SECONDARY_EU(desc_hdr_template))
1188 ret = ret && (1 << SECONDARY_EU(desc_hdr_template)
1189 & priv->exec_units);
1190
1191 return ret;
1192}
1193
1194static int __devexit talitos_remove(struct of_device *ofdev)
1195{
1196 struct device *dev = &ofdev->dev;
1197 struct talitos_private *priv = dev_get_drvdata(dev);
1198 struct talitos_crypto_alg *t_alg, *n;
1199 int i;
1200
1201 list_for_each_entry_safe(t_alg, n, &priv->alg_list, entry) {
1202 crypto_unregister_alg(&t_alg->crypto_alg);
1203 list_del(&t_alg->entry);
1204 kfree(t_alg);
1205 }
1206
1207 if (hw_supports(dev, DESC_HDR_SEL0_RNG))
1208 talitos_unregister_rng(dev);
1209
1210 kfree(priv->tail);
1211 kfree(priv->head);
1212
1213 if (priv->fifo)
1214 for (i = 0; i < priv->num_channels; i++)
1215 kfree(priv->fifo[i]);
1216
1217 kfree(priv->fifo);
1218 kfree(priv->head_lock);
1219 kfree(priv->tail_lock);
1220
1221 if (priv->irq != NO_IRQ) {
1222 free_irq(priv->irq, dev);
1223 irq_dispose_mapping(priv->irq);
1224 }
1225
1226 tasklet_kill(&priv->done_task);
1227 tasklet_kill(&priv->error_task);
1228
1229 iounmap(priv->reg);
1230
1231 dev_set_drvdata(dev, NULL);
1232
1233 kfree(priv);
1234
1235 return 0;
1236}
1237
1238static struct talitos_crypto_alg *talitos_alg_alloc(struct device *dev,
1239 struct talitos_alg_template
1240 *template)
1241{
1242 struct talitos_crypto_alg *t_alg;
1243 struct crypto_alg *alg;
1244
1245 t_alg = kzalloc(sizeof(struct talitos_crypto_alg), GFP_KERNEL);
1246 if (!t_alg)
1247 return ERR_PTR(-ENOMEM);
1248
1249 alg = &t_alg->crypto_alg;
1250
1251 snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", template->name);
1252 snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
1253 template->driver_name);
1254 alg->cra_module = THIS_MODULE;
1255 alg->cra_init = talitos_cra_init;
1256 alg->cra_priority = TALITOS_CRA_PRIORITY;
1257 alg->cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC;
1258 alg->cra_blocksize = template->blocksize;
1259 alg->cra_alignmask = 0;
1260 alg->cra_type = &crypto_aead_type;
1261 alg->cra_ctxsize = sizeof(struct talitos_ctx);
1262 alg->cra_u.aead = template->aead;
1263
1264 t_alg->desc_hdr_template = template->desc_hdr_template;
1265 t_alg->dev = dev;
1266
1267 return t_alg;
1268}
1269
1270static int talitos_probe(struct of_device *ofdev,
1271 const struct of_device_id *match)
1272{
1273 struct device *dev = &ofdev->dev;
1274 struct device_node *np = ofdev->node;
1275 struct talitos_private *priv;
1276 const unsigned int *prop;
1277 int i, err;
1278
1279 priv = kzalloc(sizeof(struct talitos_private), GFP_KERNEL);
1280 if (!priv)
1281 return -ENOMEM;
1282
1283 dev_set_drvdata(dev, priv);
1284
1285 priv->ofdev = ofdev;
1286
1287 tasklet_init(&priv->done_task, talitos_done, (unsigned long)dev);
1288 tasklet_init(&priv->error_task, talitos_error, (unsigned long)dev);
1289
1290 priv->irq = irq_of_parse_and_map(np, 0);
1291
1292 if (priv->irq == NO_IRQ) {
1293 dev_err(dev, "failed to map irq\n");
1294 err = -EINVAL;
1295 goto err_out;
1296 }
1297
1298 /* get the irq line */
1299 err = request_irq(priv->irq, talitos_interrupt, 0,
1300 dev_driver_string(dev), dev);
1301 if (err) {
1302 dev_err(dev, "failed to request irq %d\n", priv->irq);
1303 irq_dispose_mapping(priv->irq);
1304 priv->irq = NO_IRQ;
1305 goto err_out;
1306 }
1307
1308 priv->reg = of_iomap(np, 0);
1309 if (!priv->reg) {
1310 dev_err(dev, "failed to of_iomap\n");
1311 err = -ENOMEM;
1312 goto err_out;
1313 }
1314
1315 /* get SEC version capabilities from device tree */
1316 prop = of_get_property(np, "fsl,num-channels", NULL);
1317 if (prop)
1318 priv->num_channels = *prop;
1319
1320 prop = of_get_property(np, "fsl,channel-fifo-len", NULL);
1321 if (prop)
1322 priv->chfifo_len = *prop;
1323
1324 prop = of_get_property(np, "fsl,exec-units-mask", NULL);
1325 if (prop)
1326 priv->exec_units = *prop;
1327
1328 prop = of_get_property(np, "fsl,descriptor-types-mask", NULL);
1329 if (prop)
1330 priv->desc_types = *prop;
1331
1332 if (!is_power_of_2(priv->num_channels) || !priv->chfifo_len ||
1333 !priv->exec_units || !priv->desc_types) {
1334 dev_err(dev, "invalid property data in device tree node\n");
1335 err = -EINVAL;
1336 goto err_out;
1337 }
1338
1339 of_node_put(np);
1340 np = NULL;
1341
1342 priv->head_lock = kmalloc(sizeof(spinlock_t) * priv->num_channels,
1343 GFP_KERNEL);
1344 priv->tail_lock = kmalloc(sizeof(spinlock_t) * priv->num_channels,
1345 GFP_KERNEL);
1346 if (!priv->head_lock || !priv->tail_lock) {
1347 dev_err(dev, "failed to allocate fifo locks\n");
1348 err = -ENOMEM;
1349 goto err_out;
1350 }
1351
1352 for (i = 0; i < priv->num_channels; i++) {
1353 spin_lock_init(&priv->head_lock[i]);
1354 spin_lock_init(&priv->tail_lock[i]);
1355 }
1356
1357 priv->fifo = kmalloc(sizeof(struct talitos_request *) *
1358 priv->num_channels, GFP_KERNEL);
1359 if (!priv->fifo) {
1360 dev_err(dev, "failed to allocate request fifo\n");
1361 err = -ENOMEM;
1362 goto err_out;
1363 }
1364
1365 priv->fifo_len = roundup_pow_of_two(priv->chfifo_len);
1366
1367 for (i = 0; i < priv->num_channels; i++) {
1368 priv->fifo[i] = kzalloc(sizeof(struct talitos_request) *
1369 priv->fifo_len, GFP_KERNEL);
1370 if (!priv->fifo[i]) {
1371 dev_err(dev, "failed to allocate request fifo %d\n", i);
1372 err = -ENOMEM;
1373 goto err_out;
1374 }
1375 }
1376
1377 priv->head = kzalloc(sizeof(int) * priv->num_channels, GFP_KERNEL);
1378 priv->tail = kzalloc(sizeof(int) * priv->num_channels, GFP_KERNEL);
1379 if (!priv->head || !priv->tail) {
1380 dev_err(dev, "failed to allocate request index space\n");
1381 err = -ENOMEM;
1382 goto err_out;
1383 }
1384
1385 /* reset and initialize the h/w */
1386 err = init_device(dev);
1387 if (err) {
1388 dev_err(dev, "failed to initialize device\n");
1389 goto err_out;
1390 }
1391
1392 /* register the RNG, if available */
1393 if (hw_supports(dev, DESC_HDR_SEL0_RNG)) {
1394 err = talitos_register_rng(dev);
1395 if (err) {
1396 dev_err(dev, "failed to register hwrng: %d\n", err);
1397 goto err_out;
1398 } else
1399 dev_info(dev, "hwrng\n");
1400 }
1401
1402 /* register crypto algorithms the device supports */
1403 INIT_LIST_HEAD(&priv->alg_list);
1404
1405 for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
1406 if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
1407 struct talitos_crypto_alg *t_alg;
1408
1409 t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
1410 if (IS_ERR(t_alg)) {
1411 err = PTR_ERR(t_alg);
1412 goto err_out;
1413 }
1414
1415 err = crypto_register_alg(&t_alg->crypto_alg);
1416 if (err) {
1417 dev_err(dev, "%s alg registration failed\n",
1418 t_alg->crypto_alg.cra_driver_name);
1419 kfree(t_alg);
1420 } else {
1421 list_add_tail(&t_alg->entry, &priv->alg_list);
1422 dev_info(dev, "%s\n",
1423 t_alg->crypto_alg.cra_driver_name);
1424 }
1425 }
1426 }
1427
1428 return 0;
1429
1430err_out:
1431 talitos_remove(ofdev);
1432 if (np)
1433 of_node_put(np);
1434
1435 return err;
1436}
1437
1438static struct of_device_id talitos_match[] = {
1439 {
1440 .compatible = "fsl,sec2.0",
1441 },
1442 {},
1443};
1444MODULE_DEVICE_TABLE(of, talitos_match);
1445
1446static struct of_platform_driver talitos_driver = {
1447 .name = "talitos",
1448 .match_table = talitos_match,
1449 .probe = talitos_probe,
1450 .remove = __devexit_p(talitos_remove),
1451};
1452
1453static int __init talitos_init(void)
1454{
1455 return of_register_platform_driver(&talitos_driver);
1456}
1457module_init(talitos_init);
1458
1459static void __exit talitos_exit(void)
1460{
1461 of_unregister_platform_driver(&talitos_driver);
1462}
1463module_exit(talitos_exit);
1464
1465MODULE_LICENSE("GPL");
1466MODULE_AUTHOR("Kim Phillips <kim.phillips@freescale.com>");
1467MODULE_DESCRIPTION("Freescale integrated security engine (SEC) driver");
diff --git a/drivers/crypto/talitos.h b/drivers/crypto/talitos.h
new file mode 100644
index 000000000000..de0e37734af5
--- /dev/null
+++ b/drivers/crypto/talitos.h
@@ -0,0 +1,200 @@
1/*
2 * Freescale SEC (talitos) device register and descriptor header defines
3 *
4 * Copyright (c) 2006-2008 Freescale Semiconductor, Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 */
30
31/*
32 * TALITOS_xxx_LO addresses point to the low data bits (32-63) of the register
33 */
34
35/* global register offset addresses */
36#define TALITOS_MCR 0x1030 /* master control register */
37#define TALITOS_MCR_LO 0x1038
38#define TALITOS_MCR_SWR 0x1 /* s/w reset */
39#define TALITOS_IMR 0x1008 /* interrupt mask register */
40#define TALITOS_IMR_INIT 0x10fff /* enable channel IRQs */
41#define TALITOS_IMR_LO 0x100C
42#define TALITOS_IMR_LO_INIT 0x20000 /* allow RNGU error IRQs */
43#define TALITOS_ISR 0x1010 /* interrupt status register */
44#define TALITOS_ISR_CHERR 0xaa /* channel errors mask */
45#define TALITOS_ISR_CHDONE 0x55 /* channel done mask */
46#define TALITOS_ISR_LO 0x1014
47#define TALITOS_ICR 0x1018 /* interrupt clear register */
48#define TALITOS_ICR_LO 0x101C
49
50/* channel register address stride */
51#define TALITOS_CH_STRIDE 0x100
52
53/* channel configuration register */
54#define TALITOS_CCCR(ch) (ch * TALITOS_CH_STRIDE + 0x1108)
55#define TALITOS_CCCR_CONT 0x2 /* channel continue */
56#define TALITOS_CCCR_RESET 0x1 /* channel reset */
57#define TALITOS_CCCR_LO(ch) (ch * TALITOS_CH_STRIDE + 0x110c)
58#define TALITOS_CCCR_LO_CDWE 0x10 /* chan. done writeback enab. */
59#define TALITOS_CCCR_LO_NT 0x4 /* notification type */
60#define TALITOS_CCCR_LO_CDIE 0x2 /* channel done IRQ enable */
61
62/* CCPSR: channel pointer status register */
63#define TALITOS_CCPSR(ch) (ch * TALITOS_CH_STRIDE + 0x1110)
64#define TALITOS_CCPSR_LO(ch) (ch * TALITOS_CH_STRIDE + 0x1114)
65#define TALITOS_CCPSR_LO_DOF 0x8000 /* double FF write oflow error */
66#define TALITOS_CCPSR_LO_SOF 0x4000 /* single FF write oflow error */
67#define TALITOS_CCPSR_LO_MDTE 0x2000 /* master data transfer error */
68#define TALITOS_CCPSR_LO_SGDLZ 0x1000 /* s/g data len zero error */
69#define TALITOS_CCPSR_LO_FPZ 0x0800 /* fetch ptr zero error */
70#define TALITOS_CCPSR_LO_IDH 0x0400 /* illegal desc hdr error */
71#define TALITOS_CCPSR_LO_IEU 0x0200 /* invalid EU error */
72#define TALITOS_CCPSR_LO_EU 0x0100 /* EU error detected */
73#define TALITOS_CCPSR_LO_GB 0x0080 /* gather boundary error */
74#define TALITOS_CCPSR_LO_GRL 0x0040 /* gather return/length error */
75#define TALITOS_CCPSR_LO_SB 0x0020 /* scatter boundary error */
76#define TALITOS_CCPSR_LO_SRL 0x0010 /* scatter return/length error */
77
78/* channel fetch fifo register */
79#define TALITOS_FF(ch) (ch * TALITOS_CH_STRIDE + 0x1148)
80#define TALITOS_FF_LO(ch) (ch * TALITOS_CH_STRIDE + 0x114c)
81
82/* current descriptor pointer register */
83#define TALITOS_CDPR(ch) (ch * TALITOS_CH_STRIDE + 0x1140)
84#define TALITOS_CDPR_LO(ch) (ch * TALITOS_CH_STRIDE + 0x1144)
85
86/* descriptor buffer register */
87#define TALITOS_DESCBUF(ch) (ch * TALITOS_CH_STRIDE + 0x1180)
88#define TALITOS_DESCBUF_LO(ch) (ch * TALITOS_CH_STRIDE + 0x1184)
89
90/* gather link table */
91#define TALITOS_GATHER(ch) (ch * TALITOS_CH_STRIDE + 0x11c0)
92#define TALITOS_GATHER_LO(ch) (ch * TALITOS_CH_STRIDE + 0x11c4)
93
94/* scatter link table */
95#define TALITOS_SCATTER(ch) (ch * TALITOS_CH_STRIDE + 0x11e0)
96#define TALITOS_SCATTER_LO(ch) (ch * TALITOS_CH_STRIDE + 0x11e4)
97
98/* execution unit interrupt status registers */
99#define TALITOS_DEUISR 0x2030 /* DES unit */
100#define TALITOS_DEUISR_LO 0x2034
101#define TALITOS_AESUISR 0x4030 /* AES unit */
102#define TALITOS_AESUISR_LO 0x4034
103#define TALITOS_MDEUISR 0x6030 /* message digest unit */
104#define TALITOS_MDEUISR_LO 0x6034
105#define TALITOS_AFEUISR 0x8030 /* arc4 unit */
106#define TALITOS_AFEUISR_LO 0x8034
107#define TALITOS_RNGUISR 0xa030 /* random number unit */
108#define TALITOS_RNGUISR_LO 0xa034
109#define TALITOS_RNGUSR 0xa028 /* rng status */
110#define TALITOS_RNGUSR_LO 0xa02c
111#define TALITOS_RNGUSR_LO_RD 0x1 /* reset done */
112#define TALITOS_RNGUSR_LO_OFL 0xff0000/* output FIFO length */
113#define TALITOS_RNGUDSR 0xa010 /* data size */
114#define TALITOS_RNGUDSR_LO 0xa014
115#define TALITOS_RNGU_FIFO 0xa800 /* output FIFO */
116#define TALITOS_RNGU_FIFO_LO 0xa804 /* output FIFO */
117#define TALITOS_RNGURCR 0xa018 /* reset control */
118#define TALITOS_RNGURCR_LO 0xa01c
119#define TALITOS_RNGURCR_LO_SR 0x1 /* software reset */
120#define TALITOS_PKEUISR 0xc030 /* public key unit */
121#define TALITOS_PKEUISR_LO 0xc034
122#define TALITOS_KEUISR 0xe030 /* kasumi unit */
123#define TALITOS_KEUISR_LO 0xe034
124#define TALITOS_CRCUISR 0xf030 /* cyclic redundancy check unit*/
125#define TALITOS_CRCUISR_LO 0xf034
126
127/*
128 * talitos descriptor header (hdr) bits
129 */
130
131/* written back when done */
132#define DESC_HDR_DONE __constant_cpu_to_be32(0xff000000)
133
134/* primary execution unit select */
135#define DESC_HDR_SEL0_MASK __constant_cpu_to_be32(0xf0000000)
136#define DESC_HDR_SEL0_AFEU __constant_cpu_to_be32(0x10000000)
137#define DESC_HDR_SEL0_DEU __constant_cpu_to_be32(0x20000000)
138#define DESC_HDR_SEL0_MDEUA __constant_cpu_to_be32(0x30000000)
139#define DESC_HDR_SEL0_MDEUB __constant_cpu_to_be32(0xb0000000)
140#define DESC_HDR_SEL0_RNG __constant_cpu_to_be32(0x40000000)
141#define DESC_HDR_SEL0_PKEU __constant_cpu_to_be32(0x50000000)
142#define DESC_HDR_SEL0_AESU __constant_cpu_to_be32(0x60000000)
143#define DESC_HDR_SEL0_KEU __constant_cpu_to_be32(0x70000000)
144#define DESC_HDR_SEL0_CRCU __constant_cpu_to_be32(0x80000000)
145
146/* primary execution unit mode (MODE0) and derivatives */
147#define DESC_HDR_MODE0_AESU_CBC __constant_cpu_to_be32(0x00200000)
148#define DESC_HDR_MODE0_AESU_ENC __constant_cpu_to_be32(0x00100000)
149#define DESC_HDR_MODE0_DEU_CBC __constant_cpu_to_be32(0x00400000)
150#define DESC_HDR_MODE0_DEU_3DES __constant_cpu_to_be32(0x00200000)
151#define DESC_HDR_MODE0_DEU_ENC __constant_cpu_to_be32(0x00100000)
152#define DESC_HDR_MODE0_MDEU_INIT __constant_cpu_to_be32(0x01000000)
153#define DESC_HDR_MODE0_MDEU_HMAC __constant_cpu_to_be32(0x00800000)
154#define DESC_HDR_MODE0_MDEU_PAD __constant_cpu_to_be32(0x00400000)
155#define DESC_HDR_MODE0_MDEU_MD5 __constant_cpu_to_be32(0x00200000)
156#define DESC_HDR_MODE0_MDEU_SHA256 __constant_cpu_to_be32(0x00100000)
157#define DESC_HDR_MODE0_MDEU_SHA1 __constant_cpu_to_be32(0x00000000)
158#define DESC_HDR_MODE0_MDEU_MD5_HMAC (DESC_HDR_MODE0_MDEU_MD5 | \
159 DESC_HDR_MODE0_MDEU_HMAC)
160#define DESC_HDR_MODE0_MDEU_SHA256_HMAC (DESC_HDR_MODE0_MDEU_SHA256 | \
161 DESC_HDR_MODE0_MDEU_HMAC)
162#define DESC_HDR_MODE0_MDEU_SHA1_HMAC (DESC_HDR_MODE0_MDEU_SHA1 | \
163 DESC_HDR_MODE0_MDEU_HMAC)
164
165/* secondary execution unit select (SEL1) */
166#define DESC_HDR_SEL1_MASK __constant_cpu_to_be32(0x000f0000)
167#define DESC_HDR_SEL1_MDEUA __constant_cpu_to_be32(0x00030000)
168#define DESC_HDR_SEL1_MDEUB __constant_cpu_to_be32(0x000b0000)
169#define DESC_HDR_SEL1_CRCU __constant_cpu_to_be32(0x00080000)
170
171/* secondary execution unit mode (MODE1) and derivatives */
172#define DESC_HDR_MODE1_MDEU_INIT __constant_cpu_to_be32(0x00001000)
173#define DESC_HDR_MODE1_MDEU_HMAC __constant_cpu_to_be32(0x00000800)
174#define DESC_HDR_MODE1_MDEU_PAD __constant_cpu_to_be32(0x00000400)
175#define DESC_HDR_MODE1_MDEU_MD5 __constant_cpu_to_be32(0x00000200)
176#define DESC_HDR_MODE1_MDEU_SHA256 __constant_cpu_to_be32(0x00000100)
177#define DESC_HDR_MODE1_MDEU_SHA1 __constant_cpu_to_be32(0x00000000)
178#define DESC_HDR_MODE1_MDEU_MD5_HMAC (DESC_HDR_MODE1_MDEU_MD5 | \
179 DESC_HDR_MODE1_MDEU_HMAC)
180#define DESC_HDR_MODE1_MDEU_SHA256_HMAC (DESC_HDR_MODE1_MDEU_SHA256 | \
181 DESC_HDR_MODE1_MDEU_HMAC)
182#define DESC_HDR_MODE1_MDEU_SHA1_HMAC (DESC_HDR_MODE1_MDEU_SHA1 | \
183 DESC_HDR_MODE1_MDEU_HMAC)
184
185/* direction of overall data flow (DIR) */
186#define DESC_HDR_DIR_INBOUND __constant_cpu_to_be32(0x00000002)
187
188/* request done notification (DN) */
189#define DESC_HDR_DONE_NOTIFY __constant_cpu_to_be32(0x00000001)
190
191/* descriptor types */
192#define DESC_HDR_TYPE_AESU_CTR_NONSNOOP __constant_cpu_to_be32(0 << 3)
193#define DESC_HDR_TYPE_IPSEC_ESP __constant_cpu_to_be32(1 << 3)
194#define DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU __constant_cpu_to_be32(2 << 3)
195#define DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU __constant_cpu_to_be32(4 << 3)
196
197/* link table extent field bits */
198#define DESC_PTR_LNKTBL_JUMP 0x80
199#define DESC_PTR_LNKTBL_RETURN 0x02
200#define DESC_PTR_LNKTBL_NEXT 0x01