1 /* 2 * AMD Cryptographic Coprocessor (CCP) driver 3 * 4 * Copyright (C) 2013 Advanced Micro Devices, Inc. 5 * 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License version 2 as 10 * published by the Free Software Foundation. 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/pci.h> 16 #include <linux/pci_ids.h> 17 #include <linux/kthread.h> 18 #include <linux/sched.h> 19 #include <linux/interrupt.h> 20 #include <linux/spinlock.h> 21 #include <linux/mutex.h> 22 #include <linux/delay.h> 23 #include <linux/ccp.h> 24 #include <linux/scatterlist.h> 25 #include <crypto/scatterwalk.h> 26 #include <crypto/sha.h> 27 28 #include "ccp-dev.h" 29 30 31 enum ccp_memtype { 32 CCP_MEMTYPE_SYSTEM = 0, 33 CCP_MEMTYPE_KSB, 34 CCP_MEMTYPE_LOCAL, 35 CCP_MEMTYPE__LAST, 36 }; 37 38 struct ccp_dma_info { 39 dma_addr_t address; 40 unsigned int offset; 41 unsigned int length; 42 enum dma_data_direction dir; 43 }; 44 45 struct ccp_dm_workarea { 46 struct device *dev; 47 struct dma_pool *dma_pool; 48 unsigned int length; 49 50 u8 *address; 51 struct ccp_dma_info dma; 52 }; 53 54 struct ccp_sg_workarea { 55 struct scatterlist *sg; 56 unsigned int nents; 57 unsigned int length; 58 59 struct scatterlist *dma_sg; 60 struct device *dma_dev; 61 unsigned int dma_count; 62 enum dma_data_direction dma_dir; 63 64 unsigned int sg_used; 65 66 u64 bytes_left; 67 }; 68 69 struct ccp_data { 70 struct ccp_sg_workarea sg_wa; 71 struct ccp_dm_workarea dm_wa; 72 }; 73 74 struct ccp_mem { 75 enum ccp_memtype type; 76 union { 77 struct ccp_dma_info dma; 78 u32 ksb; 79 } u; 80 }; 81 82 struct ccp_aes_op { 83 enum ccp_aes_type type; 84 enum ccp_aes_mode mode; 85 enum ccp_aes_action action; 86 }; 87 88 struct ccp_xts_aes_op { 89 enum ccp_aes_action action; 90 enum ccp_xts_aes_unit_size unit_size; 91 }; 92 93 struct ccp_sha_op { 94 enum ccp_sha_type type; 95 u64 msg_bits; 96 }; 97 98 struct ccp_rsa_op { 99 u32 mod_size; 100 u32 input_len; 101 }; 102 103 struct ccp_passthru_op { 104 enum ccp_passthru_bitwise bit_mod; 105 enum ccp_passthru_byteswap byte_swap; 106 }; 107 108 struct ccp_ecc_op { 109 enum ccp_ecc_function function; 110 }; 111 112 struct ccp_op { 113 struct ccp_cmd_queue *cmd_q; 114 115 u32 jobid; 116 u32 ioc; 117 u32 soc; 118 u32 ksb_key; 119 u32 ksb_ctx; 120 u32 init; 121 u32 eom; 122 123 struct ccp_mem src; 124 struct ccp_mem dst; 125 126 union { 127 struct ccp_aes_op aes; 128 struct ccp_xts_aes_op xts; 129 struct ccp_sha_op sha; 130 struct ccp_rsa_op rsa; 131 struct ccp_passthru_op passthru; 132 struct ccp_ecc_op ecc; 133 } u; 134 }; 135 136 /* SHA initial context values */ 137 static const __be32 ccp_sha1_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = { 138 cpu_to_be32(SHA1_H0), cpu_to_be32(SHA1_H1), 139 cpu_to_be32(SHA1_H2), cpu_to_be32(SHA1_H3), 140 cpu_to_be32(SHA1_H4), 0, 0, 0, 141 }; 142 143 static const __be32 ccp_sha224_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = { 144 cpu_to_be32(SHA224_H0), cpu_to_be32(SHA224_H1), 145 cpu_to_be32(SHA224_H2), cpu_to_be32(SHA224_H3), 146 cpu_to_be32(SHA224_H4), cpu_to_be32(SHA224_H5), 147 cpu_to_be32(SHA224_H6), cpu_to_be32(SHA224_H7), 148 }; 149 150 static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = { 151 cpu_to_be32(SHA256_H0), cpu_to_be32(SHA256_H1), 152 cpu_to_be32(SHA256_H2), cpu_to_be32(SHA256_H3), 153 cpu_to_be32(SHA256_H4), cpu_to_be32(SHA256_H5), 154 cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7), 155 }; 156 157 /* The CCP cannot perform zero-length sha operations so the caller 158 * is required to buffer data for the final operation. However, a 159 * sha operation for a message with a total length of zero is valid 160 * so known values are required to supply the result. 161 */ 162 static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = { 163 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 164 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 165 0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00, 166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 167 }; 168 169 static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = { 170 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 171 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 172 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 173 0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00, 174 }; 175 176 static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = { 177 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 178 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 179 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 180 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 181 }; 182 183 static u32 ccp_addr_lo(struct ccp_dma_info *info) 184 { 185 return lower_32_bits(info->address + info->offset); 186 } 187 188 static u32 ccp_addr_hi(struct ccp_dma_info *info) 189 { 190 return upper_32_bits(info->address + info->offset) & 0x0000ffff; 191 } 192 193 static int ccp_do_cmd(struct ccp_op *op, u32 *cr, unsigned int cr_count) 194 { 195 struct ccp_cmd_queue *cmd_q = op->cmd_q; 196 struct ccp_device *ccp = cmd_q->ccp; 197 void __iomem *cr_addr; 198 u32 cr0, cmd; 199 unsigned int i; 200 int ret = 0; 201 202 /* We could read a status register to see how many free slots 203 * are actually available, but reading that register resets it 204 * and you could lose some error information. 205 */ 206 cmd_q->free_slots--; 207 208 cr0 = (cmd_q->id << REQ0_CMD_Q_SHIFT) 209 | (op->jobid << REQ0_JOBID_SHIFT) 210 | REQ0_WAIT_FOR_WRITE; 211 212 if (op->soc) 213 cr0 |= REQ0_STOP_ON_COMPLETE 214 | REQ0_INT_ON_COMPLETE; 215 216 if (op->ioc || !cmd_q->free_slots) 217 cr0 |= REQ0_INT_ON_COMPLETE; 218 219 /* Start at CMD_REQ1 */ 220 cr_addr = ccp->io_regs + CMD_REQ0 + CMD_REQ_INCR; 221 222 mutex_lock(&ccp->req_mutex); 223 224 /* Write CMD_REQ1 through CMD_REQx first */ 225 for (i = 0; i < cr_count; i++, cr_addr += CMD_REQ_INCR) 226 iowrite32(*(cr + i), cr_addr); 227 228 /* Tell the CCP to start */ 229 wmb(); 230 iowrite32(cr0, ccp->io_regs + CMD_REQ0); 231 232 mutex_unlock(&ccp->req_mutex); 233 234 if (cr0 & REQ0_INT_ON_COMPLETE) { 235 /* Wait for the job to complete */ 236 ret = wait_event_interruptible(cmd_q->int_queue, 237 cmd_q->int_rcvd); 238 if (ret || cmd_q->cmd_error) { 239 /* On error delete all related jobs from the queue */ 240 cmd = (cmd_q->id << DEL_Q_ID_SHIFT) 241 | op->jobid; 242 243 iowrite32(cmd, ccp->io_regs + DEL_CMD_Q_JOB); 244 245 if (!ret) 246 ret = -EIO; 247 } else if (op->soc) { 248 /* Delete just head job from the queue on SoC */ 249 cmd = DEL_Q_ACTIVE 250 | (cmd_q->id << DEL_Q_ID_SHIFT) 251 | op->jobid; 252 253 iowrite32(cmd, ccp->io_regs + DEL_CMD_Q_JOB); 254 } 255 256 cmd_q->free_slots = CMD_Q_DEPTH(cmd_q->q_status); 257 258 cmd_q->int_rcvd = 0; 259 } 260 261 return ret; 262 } 263 264 static int ccp_perform_aes(struct ccp_op *op) 265 { 266 u32 cr[6]; 267 268 /* Fill out the register contents for REQ1 through REQ6 */ 269 cr[0] = (CCP_ENGINE_AES << REQ1_ENGINE_SHIFT) 270 | (op->u.aes.type << REQ1_AES_TYPE_SHIFT) 271 | (op->u.aes.mode << REQ1_AES_MODE_SHIFT) 272 | (op->u.aes.action << REQ1_AES_ACTION_SHIFT) 273 | (op->ksb_key << REQ1_KEY_KSB_SHIFT); 274 cr[1] = op->src.u.dma.length - 1; 275 cr[2] = ccp_addr_lo(&op->src.u.dma); 276 cr[3] = (op->ksb_ctx << REQ4_KSB_SHIFT) 277 | (CCP_MEMTYPE_SYSTEM << REQ4_MEMTYPE_SHIFT) 278 | ccp_addr_hi(&op->src.u.dma); 279 cr[4] = ccp_addr_lo(&op->dst.u.dma); 280 cr[5] = (CCP_MEMTYPE_SYSTEM << REQ6_MEMTYPE_SHIFT) 281 | ccp_addr_hi(&op->dst.u.dma); 282 283 if (op->u.aes.mode == CCP_AES_MODE_CFB) 284 cr[0] |= ((0x7f) << REQ1_AES_CFB_SIZE_SHIFT); 285 286 if (op->eom) 287 cr[0] |= REQ1_EOM; 288 289 if (op->init) 290 cr[0] |= REQ1_INIT; 291 292 return ccp_do_cmd(op, cr, ARRAY_SIZE(cr)); 293 } 294 295 static int ccp_perform_xts_aes(struct ccp_op *op) 296 { 297 u32 cr[6]; 298 299 /* Fill out the register contents for REQ1 through REQ6 */ 300 cr[0] = (CCP_ENGINE_XTS_AES_128 << REQ1_ENGINE_SHIFT) 301 | (op->u.xts.action << REQ1_AES_ACTION_SHIFT) 302 | (op->u.xts.unit_size << REQ1_XTS_AES_SIZE_SHIFT) 303 | (op->ksb_key << REQ1_KEY_KSB_SHIFT); 304 cr[1] = op->src.u.dma.length - 1; 305 cr[2] = ccp_addr_lo(&op->src.u.dma); 306 cr[3] = (op->ksb_ctx << REQ4_KSB_SHIFT) 307 | (CCP_MEMTYPE_SYSTEM << REQ4_MEMTYPE_SHIFT) 308 | ccp_addr_hi(&op->src.u.dma); 309 cr[4] = ccp_addr_lo(&op->dst.u.dma); 310 cr[5] = (CCP_MEMTYPE_SYSTEM << REQ6_MEMTYPE_SHIFT) 311 | ccp_addr_hi(&op->dst.u.dma); 312 313 if (op->eom) 314 cr[0] |= REQ1_EOM; 315 316 if (op->init) 317 cr[0] |= REQ1_INIT; 318 319 return ccp_do_cmd(op, cr, ARRAY_SIZE(cr)); 320 } 321 322 static int ccp_perform_sha(struct ccp_op *op) 323 { 324 u32 cr[6]; 325 326 /* Fill out the register contents for REQ1 through REQ6 */ 327 cr[0] = (CCP_ENGINE_SHA << REQ1_ENGINE_SHIFT) 328 | (op->u.sha.type << REQ1_SHA_TYPE_SHIFT) 329 | REQ1_INIT; 330 cr[1] = op->src.u.dma.length - 1; 331 cr[2] = ccp_addr_lo(&op->src.u.dma); 332 cr[3] = (op->ksb_ctx << REQ4_KSB_SHIFT) 333 | (CCP_MEMTYPE_SYSTEM << REQ4_MEMTYPE_SHIFT) 334 | ccp_addr_hi(&op->src.u.dma); 335 336 if (op->eom) { 337 cr[0] |= REQ1_EOM; 338 cr[4] = lower_32_bits(op->u.sha.msg_bits); 339 cr[5] = upper_32_bits(op->u.sha.msg_bits); 340 } else { 341 cr[4] = 0; 342 cr[5] = 0; 343 } 344 345 return ccp_do_cmd(op, cr, ARRAY_SIZE(cr)); 346 } 347 348 static int ccp_perform_rsa(struct ccp_op *op) 349 { 350 u32 cr[6]; 351 352 /* Fill out the register contents for REQ1 through REQ6 */ 353 cr[0] = (CCP_ENGINE_RSA << REQ1_ENGINE_SHIFT) 354 | (op->u.rsa.mod_size << REQ1_RSA_MOD_SIZE_SHIFT) 355 | (op->ksb_key << REQ1_KEY_KSB_SHIFT) 356 | REQ1_EOM; 357 cr[1] = op->u.rsa.input_len - 1; 358 cr[2] = ccp_addr_lo(&op->src.u.dma); 359 cr[3] = (op->ksb_ctx << REQ4_KSB_SHIFT) 360 | (CCP_MEMTYPE_SYSTEM << REQ4_MEMTYPE_SHIFT) 361 | ccp_addr_hi(&op->src.u.dma); 362 cr[4] = ccp_addr_lo(&op->dst.u.dma); 363 cr[5] = (CCP_MEMTYPE_SYSTEM << REQ6_MEMTYPE_SHIFT) 364 | ccp_addr_hi(&op->dst.u.dma); 365 366 return ccp_do_cmd(op, cr, ARRAY_SIZE(cr)); 367 } 368 369 static int ccp_perform_passthru(struct ccp_op *op) 370 { 371 u32 cr[6]; 372 373 /* Fill out the register contents for REQ1 through REQ6 */ 374 cr[0] = (CCP_ENGINE_PASSTHRU << REQ1_ENGINE_SHIFT) 375 | (op->u.passthru.bit_mod << REQ1_PT_BW_SHIFT) 376 | (op->u.passthru.byte_swap << REQ1_PT_BS_SHIFT); 377 378 if (op->src.type == CCP_MEMTYPE_SYSTEM) 379 cr[1] = op->src.u.dma.length - 1; 380 else 381 cr[1] = op->dst.u.dma.length - 1; 382 383 if (op->src.type == CCP_MEMTYPE_SYSTEM) { 384 cr[2] = ccp_addr_lo(&op->src.u.dma); 385 cr[3] = (CCP_MEMTYPE_SYSTEM << REQ4_MEMTYPE_SHIFT) 386 | ccp_addr_hi(&op->src.u.dma); 387 388 if (op->u.passthru.bit_mod != CCP_PASSTHRU_BITWISE_NOOP) 389 cr[3] |= (op->ksb_key << REQ4_KSB_SHIFT); 390 } else { 391 cr[2] = op->src.u.ksb * CCP_KSB_BYTES; 392 cr[3] = (CCP_MEMTYPE_KSB << REQ4_MEMTYPE_SHIFT); 393 } 394 395 if (op->dst.type == CCP_MEMTYPE_SYSTEM) { 396 cr[4] = ccp_addr_lo(&op->dst.u.dma); 397 cr[5] = (CCP_MEMTYPE_SYSTEM << REQ6_MEMTYPE_SHIFT) 398 | ccp_addr_hi(&op->dst.u.dma); 399 } else { 400 cr[4] = op->dst.u.ksb * CCP_KSB_BYTES; 401 cr[5] = (CCP_MEMTYPE_KSB << REQ6_MEMTYPE_SHIFT); 402 } 403 404 if (op->eom) 405 cr[0] |= REQ1_EOM; 406 407 return ccp_do_cmd(op, cr, ARRAY_SIZE(cr)); 408 } 409 410 static int ccp_perform_ecc(struct ccp_op *op) 411 { 412 u32 cr[6]; 413 414 /* Fill out the register contents for REQ1 through REQ6 */ 415 cr[0] = REQ1_ECC_AFFINE_CONVERT 416 | (CCP_ENGINE_ECC << REQ1_ENGINE_SHIFT) 417 | (op->u.ecc.function << REQ1_ECC_FUNCTION_SHIFT) 418 | REQ1_EOM; 419 cr[1] = op->src.u.dma.length - 1; 420 cr[2] = ccp_addr_lo(&op->src.u.dma); 421 cr[3] = (CCP_MEMTYPE_SYSTEM << REQ4_MEMTYPE_SHIFT) 422 | ccp_addr_hi(&op->src.u.dma); 423 cr[4] = ccp_addr_lo(&op->dst.u.dma); 424 cr[5] = (CCP_MEMTYPE_SYSTEM << REQ6_MEMTYPE_SHIFT) 425 | ccp_addr_hi(&op->dst.u.dma); 426 427 return ccp_do_cmd(op, cr, ARRAY_SIZE(cr)); 428 } 429 430 static u32 ccp_alloc_ksb(struct ccp_device *ccp, unsigned int count) 431 { 432 int start; 433 434 for (;;) { 435 mutex_lock(&ccp->ksb_mutex); 436 437 start = (u32)bitmap_find_next_zero_area(ccp->ksb, 438 ccp->ksb_count, 439 ccp->ksb_start, 440 count, 0); 441 if (start <= ccp->ksb_count) { 442 bitmap_set(ccp->ksb, start, count); 443 444 mutex_unlock(&ccp->ksb_mutex); 445 break; 446 } 447 448 ccp->ksb_avail = 0; 449 450 mutex_unlock(&ccp->ksb_mutex); 451 452 /* Wait for KSB entries to become available */ 453 if (wait_event_interruptible(ccp->ksb_queue, ccp->ksb_avail)) 454 return 0; 455 } 456 457 return KSB_START + start; 458 } 459 460 static void ccp_free_ksb(struct ccp_device *ccp, unsigned int start, 461 unsigned int count) 462 { 463 if (!start) 464 return; 465 466 mutex_lock(&ccp->ksb_mutex); 467 468 bitmap_clear(ccp->ksb, start - KSB_START, count); 469 470 ccp->ksb_avail = 1; 471 472 mutex_unlock(&ccp->ksb_mutex); 473 474 wake_up_interruptible_all(&ccp->ksb_queue); 475 } 476 477 static u32 ccp_gen_jobid(struct ccp_device *ccp) 478 { 479 return atomic_inc_return(&ccp->current_id) & CCP_JOBID_MASK; 480 } 481 482 static void ccp_sg_free(struct ccp_sg_workarea *wa) 483 { 484 if (wa->dma_count) 485 dma_unmap_sg(wa->dma_dev, wa->dma_sg, wa->nents, wa->dma_dir); 486 487 wa->dma_count = 0; 488 } 489 490 static int ccp_init_sg_workarea(struct ccp_sg_workarea *wa, struct device *dev, 491 struct scatterlist *sg, u64 len, 492 enum dma_data_direction dma_dir) 493 { 494 memset(wa, 0, sizeof(*wa)); 495 496 wa->sg = sg; 497 if (!sg) 498 return 0; 499 500 wa->nents = sg_nents(sg); 501 wa->length = sg->length; 502 wa->bytes_left = len; 503 wa->sg_used = 0; 504 505 if (len == 0) 506 return 0; 507 508 if (dma_dir == DMA_NONE) 509 return 0; 510 511 wa->dma_sg = sg; 512 wa->dma_dev = dev; 513 wa->dma_dir = dma_dir; 514 wa->dma_count = dma_map_sg(dev, sg, wa->nents, dma_dir); 515 if (!wa->dma_count) 516 return -ENOMEM; 517 518 519 return 0; 520 } 521 522 static void ccp_update_sg_workarea(struct ccp_sg_workarea *wa, unsigned int len) 523 { 524 unsigned int nbytes = min_t(u64, len, wa->bytes_left); 525 526 if (!wa->sg) 527 return; 528 529 wa->sg_used += nbytes; 530 wa->bytes_left -= nbytes; 531 if (wa->sg_used == wa->sg->length) { 532 wa->sg = sg_next(wa->sg); 533 wa->sg_used = 0; 534 } 535 } 536 537 static void ccp_dm_free(struct ccp_dm_workarea *wa) 538 { 539 if (wa->length <= CCP_DMAPOOL_MAX_SIZE) { 540 if (wa->address) 541 dma_pool_free(wa->dma_pool, wa->address, 542 wa->dma.address); 543 } else { 544 if (wa->dma.address) 545 dma_unmap_single(wa->dev, wa->dma.address, wa->length, 546 wa->dma.dir); 547 kfree(wa->address); 548 } 549 550 wa->address = NULL; 551 wa->dma.address = 0; 552 } 553 554 static int ccp_init_dm_workarea(struct ccp_dm_workarea *wa, 555 struct ccp_cmd_queue *cmd_q, 556 unsigned int len, 557 enum dma_data_direction dir) 558 { 559 memset(wa, 0, sizeof(*wa)); 560 561 if (!len) 562 return 0; 563 564 wa->dev = cmd_q->ccp->dev; 565 wa->length = len; 566 567 if (len <= CCP_DMAPOOL_MAX_SIZE) { 568 wa->dma_pool = cmd_q->dma_pool; 569 570 wa->address = dma_pool_alloc(wa->dma_pool, GFP_KERNEL, 571 &wa->dma.address); 572 if (!wa->address) 573 return -ENOMEM; 574 575 wa->dma.length = CCP_DMAPOOL_MAX_SIZE; 576 577 memset(wa->address, 0, CCP_DMAPOOL_MAX_SIZE); 578 } else { 579 wa->address = kzalloc(len, GFP_KERNEL); 580 if (!wa->address) 581 return -ENOMEM; 582 583 wa->dma.address = dma_map_single(wa->dev, wa->address, len, 584 dir); 585 if (!wa->dma.address) 586 return -ENOMEM; 587 588 wa->dma.length = len; 589 } 590 wa->dma.dir = dir; 591 592 return 0; 593 } 594 595 static void ccp_set_dm_area(struct ccp_dm_workarea *wa, unsigned int wa_offset, 596 struct scatterlist *sg, unsigned int sg_offset, 597 unsigned int len) 598 { 599 WARN_ON(!wa->address); 600 601 scatterwalk_map_and_copy(wa->address + wa_offset, sg, sg_offset, len, 602 0); 603 } 604 605 static void ccp_get_dm_area(struct ccp_dm_workarea *wa, unsigned int wa_offset, 606 struct scatterlist *sg, unsigned int sg_offset, 607 unsigned int len) 608 { 609 WARN_ON(!wa->address); 610 611 scatterwalk_map_and_copy(wa->address + wa_offset, sg, sg_offset, len, 612 1); 613 } 614 615 static void ccp_reverse_set_dm_area(struct ccp_dm_workarea *wa, 616 struct scatterlist *sg, 617 unsigned int len, unsigned int se_len, 618 bool sign_extend) 619 { 620 unsigned int nbytes, sg_offset, dm_offset, ksb_len, i; 621 u8 buffer[CCP_REVERSE_BUF_SIZE]; 622 623 BUG_ON(se_len > sizeof(buffer)); 624 625 sg_offset = len; 626 dm_offset = 0; 627 nbytes = len; 628 while (nbytes) { 629 ksb_len = min_t(unsigned int, nbytes, se_len); 630 sg_offset -= ksb_len; 631 632 scatterwalk_map_and_copy(buffer, sg, sg_offset, ksb_len, 0); 633 for (i = 0; i < ksb_len; i++) 634 wa->address[dm_offset + i] = buffer[ksb_len - i - 1]; 635 636 dm_offset += ksb_len; 637 nbytes -= ksb_len; 638 639 if ((ksb_len != se_len) && sign_extend) { 640 /* Must sign-extend to nearest sign-extend length */ 641 if (wa->address[dm_offset - 1] & 0x80) 642 memset(wa->address + dm_offset, 0xff, 643 se_len - ksb_len); 644 } 645 } 646 } 647 648 static void ccp_reverse_get_dm_area(struct ccp_dm_workarea *wa, 649 struct scatterlist *sg, 650 unsigned int len) 651 { 652 unsigned int nbytes, sg_offset, dm_offset, ksb_len, i; 653 u8 buffer[CCP_REVERSE_BUF_SIZE]; 654 655 sg_offset = 0; 656 dm_offset = len; 657 nbytes = len; 658 while (nbytes) { 659 ksb_len = min_t(unsigned int, nbytes, sizeof(buffer)); 660 dm_offset -= ksb_len; 661 662 for (i = 0; i < ksb_len; i++) 663 buffer[ksb_len - i - 1] = wa->address[dm_offset + i]; 664 scatterwalk_map_and_copy(buffer, sg, sg_offset, ksb_len, 1); 665 666 sg_offset += ksb_len; 667 nbytes -= ksb_len; 668 } 669 } 670 671 static void ccp_free_data(struct ccp_data *data, struct ccp_cmd_queue *cmd_q) 672 { 673 ccp_dm_free(&data->dm_wa); 674 ccp_sg_free(&data->sg_wa); 675 } 676 677 static int ccp_init_data(struct ccp_data *data, struct ccp_cmd_queue *cmd_q, 678 struct scatterlist *sg, u64 sg_len, 679 unsigned int dm_len, 680 enum dma_data_direction dir) 681 { 682 int ret; 683 684 memset(data, 0, sizeof(*data)); 685 686 ret = ccp_init_sg_workarea(&data->sg_wa, cmd_q->ccp->dev, sg, sg_len, 687 dir); 688 if (ret) 689 goto e_err; 690 691 ret = ccp_init_dm_workarea(&data->dm_wa, cmd_q, dm_len, dir); 692 if (ret) 693 goto e_err; 694 695 return 0; 696 697 e_err: 698 ccp_free_data(data, cmd_q); 699 700 return ret; 701 } 702 703 static unsigned int ccp_queue_buf(struct ccp_data *data, unsigned int from) 704 { 705 struct ccp_sg_workarea *sg_wa = &data->sg_wa; 706 struct ccp_dm_workarea *dm_wa = &data->dm_wa; 707 unsigned int buf_count, nbytes; 708 709 /* Clear the buffer if setting it */ 710 if (!from) 711 memset(dm_wa->address, 0, dm_wa->length); 712 713 if (!sg_wa->sg) 714 return 0; 715 716 /* Perform the copy operation 717 * nbytes will always be <= UINT_MAX because dm_wa->length is 718 * an unsigned int 719 */ 720 nbytes = min_t(u64, sg_wa->bytes_left, dm_wa->length); 721 scatterwalk_map_and_copy(dm_wa->address, sg_wa->sg, sg_wa->sg_used, 722 nbytes, from); 723 724 /* Update the structures and generate the count */ 725 buf_count = 0; 726 while (sg_wa->bytes_left && (buf_count < dm_wa->length)) { 727 nbytes = min(sg_wa->sg->length - sg_wa->sg_used, 728 dm_wa->length - buf_count); 729 nbytes = min_t(u64, sg_wa->bytes_left, nbytes); 730 731 buf_count += nbytes; 732 ccp_update_sg_workarea(sg_wa, nbytes); 733 } 734 735 return buf_count; 736 } 737 738 static unsigned int ccp_fill_queue_buf(struct ccp_data *data) 739 { 740 return ccp_queue_buf(data, 0); 741 } 742 743 static unsigned int ccp_empty_queue_buf(struct ccp_data *data) 744 { 745 return ccp_queue_buf(data, 1); 746 } 747 748 static void ccp_prepare_data(struct ccp_data *src, struct ccp_data *dst, 749 struct ccp_op *op, unsigned int block_size, 750 bool blocksize_op) 751 { 752 unsigned int sg_src_len, sg_dst_len, op_len; 753 754 /* The CCP can only DMA from/to one address each per operation. This 755 * requires that we find the smallest DMA area between the source 756 * and destination. The resulting len values will always be <= UINT_MAX 757 * because the dma length is an unsigned int. 758 */ 759 sg_src_len = sg_dma_len(src->sg_wa.sg) - src->sg_wa.sg_used; 760 sg_src_len = min_t(u64, src->sg_wa.bytes_left, sg_src_len); 761 762 if (dst) { 763 sg_dst_len = sg_dma_len(dst->sg_wa.sg) - dst->sg_wa.sg_used; 764 sg_dst_len = min_t(u64, src->sg_wa.bytes_left, sg_dst_len); 765 op_len = min(sg_src_len, sg_dst_len); 766 } else 767 op_len = sg_src_len; 768 769 /* The data operation length will be at least block_size in length 770 * or the smaller of available sg room remaining for the source or 771 * the destination 772 */ 773 op_len = max(op_len, block_size); 774 775 /* Unless we have to buffer data, there's no reason to wait */ 776 op->soc = 0; 777 778 if (sg_src_len < block_size) { 779 /* Not enough data in the sg element, so it 780 * needs to be buffered into a blocksize chunk 781 */ 782 int cp_len = ccp_fill_queue_buf(src); 783 784 op->soc = 1; 785 op->src.u.dma.address = src->dm_wa.dma.address; 786 op->src.u.dma.offset = 0; 787 op->src.u.dma.length = (blocksize_op) ? block_size : cp_len; 788 } else { 789 /* Enough data in the sg element, but we need to 790 * adjust for any previously copied data 791 */ 792 op->src.u.dma.address = sg_dma_address(src->sg_wa.sg); 793 op->src.u.dma.offset = src->sg_wa.sg_used; 794 op->src.u.dma.length = op_len & ~(block_size - 1); 795 796 ccp_update_sg_workarea(&src->sg_wa, op->src.u.dma.length); 797 } 798 799 if (dst) { 800 if (sg_dst_len < block_size) { 801 /* Not enough room in the sg element or we're on the 802 * last piece of data (when using padding), so the 803 * output needs to be buffered into a blocksize chunk 804 */ 805 op->soc = 1; 806 op->dst.u.dma.address = dst->dm_wa.dma.address; 807 op->dst.u.dma.offset = 0; 808 op->dst.u.dma.length = op->src.u.dma.length; 809 } else { 810 /* Enough room in the sg element, but we need to 811 * adjust for any previously used area 812 */ 813 op->dst.u.dma.address = sg_dma_address(dst->sg_wa.sg); 814 op->dst.u.dma.offset = dst->sg_wa.sg_used; 815 op->dst.u.dma.length = op->src.u.dma.length; 816 } 817 } 818 } 819 820 static void ccp_process_data(struct ccp_data *src, struct ccp_data *dst, 821 struct ccp_op *op) 822 { 823 op->init = 0; 824 825 if (dst) { 826 if (op->dst.u.dma.address == dst->dm_wa.dma.address) 827 ccp_empty_queue_buf(dst); 828 else 829 ccp_update_sg_workarea(&dst->sg_wa, 830 op->dst.u.dma.length); 831 } 832 } 833 834 static int ccp_copy_to_from_ksb(struct ccp_cmd_queue *cmd_q, 835 struct ccp_dm_workarea *wa, u32 jobid, u32 ksb, 836 u32 byte_swap, bool from) 837 { 838 struct ccp_op op; 839 840 memset(&op, 0, sizeof(op)); 841 842 op.cmd_q = cmd_q; 843 op.jobid = jobid; 844 op.eom = 1; 845 846 if (from) { 847 op.soc = 1; 848 op.src.type = CCP_MEMTYPE_KSB; 849 op.src.u.ksb = ksb; 850 op.dst.type = CCP_MEMTYPE_SYSTEM; 851 op.dst.u.dma.address = wa->dma.address; 852 op.dst.u.dma.length = wa->length; 853 } else { 854 op.src.type = CCP_MEMTYPE_SYSTEM; 855 op.src.u.dma.address = wa->dma.address; 856 op.src.u.dma.length = wa->length; 857 op.dst.type = CCP_MEMTYPE_KSB; 858 op.dst.u.ksb = ksb; 859 } 860 861 op.u.passthru.byte_swap = byte_swap; 862 863 return ccp_perform_passthru(&op); 864 } 865 866 static int ccp_copy_to_ksb(struct ccp_cmd_queue *cmd_q, 867 struct ccp_dm_workarea *wa, u32 jobid, u32 ksb, 868 u32 byte_swap) 869 { 870 return ccp_copy_to_from_ksb(cmd_q, wa, jobid, ksb, byte_swap, false); 871 } 872 873 static int ccp_copy_from_ksb(struct ccp_cmd_queue *cmd_q, 874 struct ccp_dm_workarea *wa, u32 jobid, u32 ksb, 875 u32 byte_swap) 876 { 877 return ccp_copy_to_from_ksb(cmd_q, wa, jobid, ksb, byte_swap, true); 878 } 879 880 static int ccp_run_aes_cmac_cmd(struct ccp_cmd_queue *cmd_q, 881 struct ccp_cmd *cmd) 882 { 883 struct ccp_aes_engine *aes = &cmd->u.aes; 884 struct ccp_dm_workarea key, ctx; 885 struct ccp_data src; 886 struct ccp_op op; 887 unsigned int dm_offset; 888 int ret; 889 890 if (!((aes->key_len == AES_KEYSIZE_128) || 891 (aes->key_len == AES_KEYSIZE_192) || 892 (aes->key_len == AES_KEYSIZE_256))) 893 return -EINVAL; 894 895 if (aes->src_len & (AES_BLOCK_SIZE - 1)) 896 return -EINVAL; 897 898 if (aes->iv_len != AES_BLOCK_SIZE) 899 return -EINVAL; 900 901 if (!aes->key || !aes->iv || !aes->src) 902 return -EINVAL; 903 904 if (aes->cmac_final) { 905 if (aes->cmac_key_len != AES_BLOCK_SIZE) 906 return -EINVAL; 907 908 if (!aes->cmac_key) 909 return -EINVAL; 910 } 911 912 BUILD_BUG_ON(CCP_AES_KEY_KSB_COUNT != 1); 913 BUILD_BUG_ON(CCP_AES_CTX_KSB_COUNT != 1); 914 915 ret = -EIO; 916 memset(&op, 0, sizeof(op)); 917 op.cmd_q = cmd_q; 918 op.jobid = ccp_gen_jobid(cmd_q->ccp); 919 op.ksb_key = cmd_q->ksb_key; 920 op.ksb_ctx = cmd_q->ksb_ctx; 921 op.init = 1; 922 op.u.aes.type = aes->type; 923 op.u.aes.mode = aes->mode; 924 op.u.aes.action = aes->action; 925 926 /* All supported key sizes fit in a single (32-byte) KSB entry 927 * and must be in little endian format. Use the 256-bit byte 928 * swap passthru option to convert from big endian to little 929 * endian. 930 */ 931 ret = ccp_init_dm_workarea(&key, cmd_q, 932 CCP_AES_KEY_KSB_COUNT * CCP_KSB_BYTES, 933 DMA_TO_DEVICE); 934 if (ret) 935 return ret; 936 937 dm_offset = CCP_KSB_BYTES - aes->key_len; 938 ccp_set_dm_area(&key, dm_offset, aes->key, 0, aes->key_len); 939 ret = ccp_copy_to_ksb(cmd_q, &key, op.jobid, op.ksb_key, 940 CCP_PASSTHRU_BYTESWAP_256BIT); 941 if (ret) { 942 cmd->engine_error = cmd_q->cmd_error; 943 goto e_key; 944 } 945 946 /* The AES context fits in a single (32-byte) KSB entry and 947 * must be in little endian format. Use the 256-bit byte swap 948 * passthru option to convert from big endian to little endian. 949 */ 950 ret = ccp_init_dm_workarea(&ctx, cmd_q, 951 CCP_AES_CTX_KSB_COUNT * CCP_KSB_BYTES, 952 DMA_BIDIRECTIONAL); 953 if (ret) 954 goto e_key; 955 956 dm_offset = CCP_KSB_BYTES - AES_BLOCK_SIZE; 957 ccp_set_dm_area(&ctx, dm_offset, aes->iv, 0, aes->iv_len); 958 ret = ccp_copy_to_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 959 CCP_PASSTHRU_BYTESWAP_256BIT); 960 if (ret) { 961 cmd->engine_error = cmd_q->cmd_error; 962 goto e_ctx; 963 } 964 965 /* Send data to the CCP AES engine */ 966 ret = ccp_init_data(&src, cmd_q, aes->src, aes->src_len, 967 AES_BLOCK_SIZE, DMA_TO_DEVICE); 968 if (ret) 969 goto e_ctx; 970 971 while (src.sg_wa.bytes_left) { 972 ccp_prepare_data(&src, NULL, &op, AES_BLOCK_SIZE, true); 973 if (aes->cmac_final && !src.sg_wa.bytes_left) { 974 op.eom = 1; 975 976 /* Push the K1/K2 key to the CCP now */ 977 ret = ccp_copy_from_ksb(cmd_q, &ctx, op.jobid, 978 op.ksb_ctx, 979 CCP_PASSTHRU_BYTESWAP_256BIT); 980 if (ret) { 981 cmd->engine_error = cmd_q->cmd_error; 982 goto e_src; 983 } 984 985 ccp_set_dm_area(&ctx, 0, aes->cmac_key, 0, 986 aes->cmac_key_len); 987 ret = ccp_copy_to_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 988 CCP_PASSTHRU_BYTESWAP_256BIT); 989 if (ret) { 990 cmd->engine_error = cmd_q->cmd_error; 991 goto e_src; 992 } 993 } 994 995 ret = ccp_perform_aes(&op); 996 if (ret) { 997 cmd->engine_error = cmd_q->cmd_error; 998 goto e_src; 999 } 1000 1001 ccp_process_data(&src, NULL, &op); 1002 } 1003 1004 /* Retrieve the AES context - convert from LE to BE using 1005 * 32-byte (256-bit) byteswapping 1006 */ 1007 ret = ccp_copy_from_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1008 CCP_PASSTHRU_BYTESWAP_256BIT); 1009 if (ret) { 1010 cmd->engine_error = cmd_q->cmd_error; 1011 goto e_src; 1012 } 1013 1014 /* ...but we only need AES_BLOCK_SIZE bytes */ 1015 dm_offset = CCP_KSB_BYTES - AES_BLOCK_SIZE; 1016 ccp_get_dm_area(&ctx, dm_offset, aes->iv, 0, aes->iv_len); 1017 1018 e_src: 1019 ccp_free_data(&src, cmd_q); 1020 1021 e_ctx: 1022 ccp_dm_free(&ctx); 1023 1024 e_key: 1025 ccp_dm_free(&key); 1026 1027 return ret; 1028 } 1029 1030 static int ccp_run_aes_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 1031 { 1032 struct ccp_aes_engine *aes = &cmd->u.aes; 1033 struct ccp_dm_workarea key, ctx; 1034 struct ccp_data src, dst; 1035 struct ccp_op op; 1036 unsigned int dm_offset; 1037 bool in_place = false; 1038 int ret; 1039 1040 if (aes->mode == CCP_AES_MODE_CMAC) 1041 return ccp_run_aes_cmac_cmd(cmd_q, cmd); 1042 1043 if (!((aes->key_len == AES_KEYSIZE_128) || 1044 (aes->key_len == AES_KEYSIZE_192) || 1045 (aes->key_len == AES_KEYSIZE_256))) 1046 return -EINVAL; 1047 1048 if (((aes->mode == CCP_AES_MODE_ECB) || 1049 (aes->mode == CCP_AES_MODE_CBC) || 1050 (aes->mode == CCP_AES_MODE_CFB)) && 1051 (aes->src_len & (AES_BLOCK_SIZE - 1))) 1052 return -EINVAL; 1053 1054 if (!aes->key || !aes->src || !aes->dst) 1055 return -EINVAL; 1056 1057 if (aes->mode != CCP_AES_MODE_ECB) { 1058 if (aes->iv_len != AES_BLOCK_SIZE) 1059 return -EINVAL; 1060 1061 if (!aes->iv) 1062 return -EINVAL; 1063 } 1064 1065 BUILD_BUG_ON(CCP_AES_KEY_KSB_COUNT != 1); 1066 BUILD_BUG_ON(CCP_AES_CTX_KSB_COUNT != 1); 1067 1068 ret = -EIO; 1069 memset(&op, 0, sizeof(op)); 1070 op.cmd_q = cmd_q; 1071 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1072 op.ksb_key = cmd_q->ksb_key; 1073 op.ksb_ctx = cmd_q->ksb_ctx; 1074 op.init = (aes->mode == CCP_AES_MODE_ECB) ? 0 : 1; 1075 op.u.aes.type = aes->type; 1076 op.u.aes.mode = aes->mode; 1077 op.u.aes.action = aes->action; 1078 1079 /* All supported key sizes fit in a single (32-byte) KSB entry 1080 * and must be in little endian format. Use the 256-bit byte 1081 * swap passthru option to convert from big endian to little 1082 * endian. 1083 */ 1084 ret = ccp_init_dm_workarea(&key, cmd_q, 1085 CCP_AES_KEY_KSB_COUNT * CCP_KSB_BYTES, 1086 DMA_TO_DEVICE); 1087 if (ret) 1088 return ret; 1089 1090 dm_offset = CCP_KSB_BYTES - aes->key_len; 1091 ccp_set_dm_area(&key, dm_offset, aes->key, 0, aes->key_len); 1092 ret = ccp_copy_to_ksb(cmd_q, &key, op.jobid, op.ksb_key, 1093 CCP_PASSTHRU_BYTESWAP_256BIT); 1094 if (ret) { 1095 cmd->engine_error = cmd_q->cmd_error; 1096 goto e_key; 1097 } 1098 1099 /* The AES context fits in a single (32-byte) KSB entry and 1100 * must be in little endian format. Use the 256-bit byte swap 1101 * passthru option to convert from big endian to little endian. 1102 */ 1103 ret = ccp_init_dm_workarea(&ctx, cmd_q, 1104 CCP_AES_CTX_KSB_COUNT * CCP_KSB_BYTES, 1105 DMA_BIDIRECTIONAL); 1106 if (ret) 1107 goto e_key; 1108 1109 if (aes->mode != CCP_AES_MODE_ECB) { 1110 /* Load the AES context - conver to LE */ 1111 dm_offset = CCP_KSB_BYTES - AES_BLOCK_SIZE; 1112 ccp_set_dm_area(&ctx, dm_offset, aes->iv, 0, aes->iv_len); 1113 ret = ccp_copy_to_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1114 CCP_PASSTHRU_BYTESWAP_256BIT); 1115 if (ret) { 1116 cmd->engine_error = cmd_q->cmd_error; 1117 goto e_ctx; 1118 } 1119 } 1120 1121 /* Prepare the input and output data workareas. For in-place 1122 * operations we need to set the dma direction to BIDIRECTIONAL 1123 * and copy the src workarea to the dst workarea. 1124 */ 1125 if (sg_virt(aes->src) == sg_virt(aes->dst)) 1126 in_place = true; 1127 1128 ret = ccp_init_data(&src, cmd_q, aes->src, aes->src_len, 1129 AES_BLOCK_SIZE, 1130 in_place ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE); 1131 if (ret) 1132 goto e_ctx; 1133 1134 if (in_place) 1135 dst = src; 1136 else { 1137 ret = ccp_init_data(&dst, cmd_q, aes->dst, aes->src_len, 1138 AES_BLOCK_SIZE, DMA_FROM_DEVICE); 1139 if (ret) 1140 goto e_src; 1141 } 1142 1143 /* Send data to the CCP AES engine */ 1144 while (src.sg_wa.bytes_left) { 1145 ccp_prepare_data(&src, &dst, &op, AES_BLOCK_SIZE, true); 1146 if (!src.sg_wa.bytes_left) { 1147 op.eom = 1; 1148 1149 /* Since we don't retrieve the AES context in ECB 1150 * mode we have to wait for the operation to complete 1151 * on the last piece of data 1152 */ 1153 if (aes->mode == CCP_AES_MODE_ECB) 1154 op.soc = 1; 1155 } 1156 1157 ret = ccp_perform_aes(&op); 1158 if (ret) { 1159 cmd->engine_error = cmd_q->cmd_error; 1160 goto e_dst; 1161 } 1162 1163 ccp_process_data(&src, &dst, &op); 1164 } 1165 1166 if (aes->mode != CCP_AES_MODE_ECB) { 1167 /* Retrieve the AES context - convert from LE to BE using 1168 * 32-byte (256-bit) byteswapping 1169 */ 1170 ret = ccp_copy_from_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1171 CCP_PASSTHRU_BYTESWAP_256BIT); 1172 if (ret) { 1173 cmd->engine_error = cmd_q->cmd_error; 1174 goto e_dst; 1175 } 1176 1177 /* ...but we only need AES_BLOCK_SIZE bytes */ 1178 dm_offset = CCP_KSB_BYTES - AES_BLOCK_SIZE; 1179 ccp_get_dm_area(&ctx, dm_offset, aes->iv, 0, aes->iv_len); 1180 } 1181 1182 e_dst: 1183 if (!in_place) 1184 ccp_free_data(&dst, cmd_q); 1185 1186 e_src: 1187 ccp_free_data(&src, cmd_q); 1188 1189 e_ctx: 1190 ccp_dm_free(&ctx); 1191 1192 e_key: 1193 ccp_dm_free(&key); 1194 1195 return ret; 1196 } 1197 1198 static int ccp_run_xts_aes_cmd(struct ccp_cmd_queue *cmd_q, 1199 struct ccp_cmd *cmd) 1200 { 1201 struct ccp_xts_aes_engine *xts = &cmd->u.xts; 1202 struct ccp_dm_workarea key, ctx; 1203 struct ccp_data src, dst; 1204 struct ccp_op op; 1205 unsigned int unit_size, dm_offset; 1206 bool in_place = false; 1207 int ret; 1208 1209 switch (xts->unit_size) { 1210 case CCP_XTS_AES_UNIT_SIZE_16: 1211 unit_size = 16; 1212 break; 1213 case CCP_XTS_AES_UNIT_SIZE_512: 1214 unit_size = 512; 1215 break; 1216 case CCP_XTS_AES_UNIT_SIZE_1024: 1217 unit_size = 1024; 1218 break; 1219 case CCP_XTS_AES_UNIT_SIZE_2048: 1220 unit_size = 2048; 1221 break; 1222 case CCP_XTS_AES_UNIT_SIZE_4096: 1223 unit_size = 4096; 1224 break; 1225 1226 default: 1227 return -EINVAL; 1228 } 1229 1230 if (xts->key_len != AES_KEYSIZE_128) 1231 return -EINVAL; 1232 1233 if (!xts->final && (xts->src_len & (AES_BLOCK_SIZE - 1))) 1234 return -EINVAL; 1235 1236 if (xts->iv_len != AES_BLOCK_SIZE) 1237 return -EINVAL; 1238 1239 if (!xts->key || !xts->iv || !xts->src || !xts->dst) 1240 return -EINVAL; 1241 1242 BUILD_BUG_ON(CCP_XTS_AES_KEY_KSB_COUNT != 1); 1243 BUILD_BUG_ON(CCP_XTS_AES_CTX_KSB_COUNT != 1); 1244 1245 ret = -EIO; 1246 memset(&op, 0, sizeof(op)); 1247 op.cmd_q = cmd_q; 1248 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1249 op.ksb_key = cmd_q->ksb_key; 1250 op.ksb_ctx = cmd_q->ksb_ctx; 1251 op.init = 1; 1252 op.u.xts.action = xts->action; 1253 op.u.xts.unit_size = xts->unit_size; 1254 1255 /* All supported key sizes fit in a single (32-byte) KSB entry 1256 * and must be in little endian format. Use the 256-bit byte 1257 * swap passthru option to convert from big endian to little 1258 * endian. 1259 */ 1260 ret = ccp_init_dm_workarea(&key, cmd_q, 1261 CCP_XTS_AES_KEY_KSB_COUNT * CCP_KSB_BYTES, 1262 DMA_TO_DEVICE); 1263 if (ret) 1264 return ret; 1265 1266 dm_offset = CCP_KSB_BYTES - AES_KEYSIZE_128; 1267 ccp_set_dm_area(&key, dm_offset, xts->key, 0, xts->key_len); 1268 ccp_set_dm_area(&key, 0, xts->key, dm_offset, xts->key_len); 1269 ret = ccp_copy_to_ksb(cmd_q, &key, op.jobid, op.ksb_key, 1270 CCP_PASSTHRU_BYTESWAP_256BIT); 1271 if (ret) { 1272 cmd->engine_error = cmd_q->cmd_error; 1273 goto e_key; 1274 } 1275 1276 /* The AES context fits in a single (32-byte) KSB entry and 1277 * for XTS is already in little endian format so no byte swapping 1278 * is needed. 1279 */ 1280 ret = ccp_init_dm_workarea(&ctx, cmd_q, 1281 CCP_XTS_AES_CTX_KSB_COUNT * CCP_KSB_BYTES, 1282 DMA_BIDIRECTIONAL); 1283 if (ret) 1284 goto e_key; 1285 1286 ccp_set_dm_area(&ctx, 0, xts->iv, 0, xts->iv_len); 1287 ret = ccp_copy_to_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1288 CCP_PASSTHRU_BYTESWAP_NOOP); 1289 if (ret) { 1290 cmd->engine_error = cmd_q->cmd_error; 1291 goto e_ctx; 1292 } 1293 1294 /* Prepare the input and output data workareas. For in-place 1295 * operations we need to set the dma direction to BIDIRECTIONAL 1296 * and copy the src workarea to the dst workarea. 1297 */ 1298 if (sg_virt(xts->src) == sg_virt(xts->dst)) 1299 in_place = true; 1300 1301 ret = ccp_init_data(&src, cmd_q, xts->src, xts->src_len, 1302 unit_size, 1303 in_place ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE); 1304 if (ret) 1305 goto e_ctx; 1306 1307 if (in_place) 1308 dst = src; 1309 else { 1310 ret = ccp_init_data(&dst, cmd_q, xts->dst, xts->src_len, 1311 unit_size, DMA_FROM_DEVICE); 1312 if (ret) 1313 goto e_src; 1314 } 1315 1316 /* Send data to the CCP AES engine */ 1317 while (src.sg_wa.bytes_left) { 1318 ccp_prepare_data(&src, &dst, &op, unit_size, true); 1319 if (!src.sg_wa.bytes_left) 1320 op.eom = 1; 1321 1322 ret = ccp_perform_xts_aes(&op); 1323 if (ret) { 1324 cmd->engine_error = cmd_q->cmd_error; 1325 goto e_dst; 1326 } 1327 1328 ccp_process_data(&src, &dst, &op); 1329 } 1330 1331 /* Retrieve the AES context - convert from LE to BE using 1332 * 32-byte (256-bit) byteswapping 1333 */ 1334 ret = ccp_copy_from_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1335 CCP_PASSTHRU_BYTESWAP_256BIT); 1336 if (ret) { 1337 cmd->engine_error = cmd_q->cmd_error; 1338 goto e_dst; 1339 } 1340 1341 /* ...but we only need AES_BLOCK_SIZE bytes */ 1342 dm_offset = CCP_KSB_BYTES - AES_BLOCK_SIZE; 1343 ccp_get_dm_area(&ctx, dm_offset, xts->iv, 0, xts->iv_len); 1344 1345 e_dst: 1346 if (!in_place) 1347 ccp_free_data(&dst, cmd_q); 1348 1349 e_src: 1350 ccp_free_data(&src, cmd_q); 1351 1352 e_ctx: 1353 ccp_dm_free(&ctx); 1354 1355 e_key: 1356 ccp_dm_free(&key); 1357 1358 return ret; 1359 } 1360 1361 static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 1362 { 1363 struct ccp_sha_engine *sha = &cmd->u.sha; 1364 struct ccp_dm_workarea ctx; 1365 struct ccp_data src; 1366 struct ccp_op op; 1367 int ret; 1368 1369 if (sha->ctx_len != CCP_SHA_CTXSIZE) 1370 return -EINVAL; 1371 1372 if (!sha->ctx) 1373 return -EINVAL; 1374 1375 if (!sha->final && (sha->src_len & (CCP_SHA_BLOCKSIZE - 1))) 1376 return -EINVAL; 1377 1378 if (!sha->src_len) { 1379 const u8 *sha_zero; 1380 1381 /* Not final, just return */ 1382 if (!sha->final) 1383 return 0; 1384 1385 /* CCP can't do a zero length sha operation so the caller 1386 * must buffer the data. 1387 */ 1388 if (sha->msg_bits) 1389 return -EINVAL; 1390 1391 /* A sha operation for a message with a total length of zero, 1392 * return known result. 1393 */ 1394 switch (sha->type) { 1395 case CCP_SHA_TYPE_1: 1396 sha_zero = ccp_sha1_zero; 1397 break; 1398 case CCP_SHA_TYPE_224: 1399 sha_zero = ccp_sha224_zero; 1400 break; 1401 case CCP_SHA_TYPE_256: 1402 sha_zero = ccp_sha256_zero; 1403 break; 1404 default: 1405 return -EINVAL; 1406 } 1407 1408 scatterwalk_map_and_copy((void *)sha_zero, sha->ctx, 0, 1409 sha->ctx_len, 1); 1410 1411 return 0; 1412 } 1413 1414 if (!sha->src) 1415 return -EINVAL; 1416 1417 BUILD_BUG_ON(CCP_SHA_KSB_COUNT != 1); 1418 1419 memset(&op, 0, sizeof(op)); 1420 op.cmd_q = cmd_q; 1421 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1422 op.ksb_ctx = cmd_q->ksb_ctx; 1423 op.u.sha.type = sha->type; 1424 op.u.sha.msg_bits = sha->msg_bits; 1425 1426 /* The SHA context fits in a single (32-byte) KSB entry and 1427 * must be in little endian format. Use the 256-bit byte swap 1428 * passthru option to convert from big endian to little endian. 1429 */ 1430 ret = ccp_init_dm_workarea(&ctx, cmd_q, 1431 CCP_SHA_KSB_COUNT * CCP_KSB_BYTES, 1432 DMA_BIDIRECTIONAL); 1433 if (ret) 1434 return ret; 1435 1436 if (sha->first) { 1437 const __be32 *init; 1438 1439 switch (sha->type) { 1440 case CCP_SHA_TYPE_1: 1441 init = ccp_sha1_init; 1442 break; 1443 case CCP_SHA_TYPE_224: 1444 init = ccp_sha224_init; 1445 break; 1446 case CCP_SHA_TYPE_256: 1447 init = ccp_sha256_init; 1448 break; 1449 default: 1450 ret = -EINVAL; 1451 goto e_ctx; 1452 } 1453 memcpy(ctx.address, init, CCP_SHA_CTXSIZE); 1454 } else 1455 ccp_set_dm_area(&ctx, 0, sha->ctx, 0, sha->ctx_len); 1456 1457 ret = ccp_copy_to_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1458 CCP_PASSTHRU_BYTESWAP_256BIT); 1459 if (ret) { 1460 cmd->engine_error = cmd_q->cmd_error; 1461 goto e_ctx; 1462 } 1463 1464 /* Send data to the CCP SHA engine */ 1465 ret = ccp_init_data(&src, cmd_q, sha->src, sha->src_len, 1466 CCP_SHA_BLOCKSIZE, DMA_TO_DEVICE); 1467 if (ret) 1468 goto e_ctx; 1469 1470 while (src.sg_wa.bytes_left) { 1471 ccp_prepare_data(&src, NULL, &op, CCP_SHA_BLOCKSIZE, false); 1472 if (sha->final && !src.sg_wa.bytes_left) 1473 op.eom = 1; 1474 1475 ret = ccp_perform_sha(&op); 1476 if (ret) { 1477 cmd->engine_error = cmd_q->cmd_error; 1478 goto e_data; 1479 } 1480 1481 ccp_process_data(&src, NULL, &op); 1482 } 1483 1484 /* Retrieve the SHA context - convert from LE to BE using 1485 * 32-byte (256-bit) byteswapping to BE 1486 */ 1487 ret = ccp_copy_from_ksb(cmd_q, &ctx, op.jobid, op.ksb_ctx, 1488 CCP_PASSTHRU_BYTESWAP_256BIT); 1489 if (ret) { 1490 cmd->engine_error = cmd_q->cmd_error; 1491 goto e_data; 1492 } 1493 1494 ccp_get_dm_area(&ctx, 0, sha->ctx, 0, sha->ctx_len); 1495 1496 if (sha->final && sha->opad) { 1497 /* HMAC operation, recursively perform final SHA */ 1498 struct ccp_cmd hmac_cmd; 1499 struct scatterlist sg; 1500 u64 block_size, digest_size; 1501 u8 *hmac_buf; 1502 1503 switch (sha->type) { 1504 case CCP_SHA_TYPE_1: 1505 block_size = SHA1_BLOCK_SIZE; 1506 digest_size = SHA1_DIGEST_SIZE; 1507 break; 1508 case CCP_SHA_TYPE_224: 1509 block_size = SHA224_BLOCK_SIZE; 1510 digest_size = SHA224_DIGEST_SIZE; 1511 break; 1512 case CCP_SHA_TYPE_256: 1513 block_size = SHA256_BLOCK_SIZE; 1514 digest_size = SHA256_DIGEST_SIZE; 1515 break; 1516 default: 1517 ret = -EINVAL; 1518 goto e_data; 1519 } 1520 1521 if (sha->opad_len != block_size) { 1522 ret = -EINVAL; 1523 goto e_data; 1524 } 1525 1526 hmac_buf = kmalloc(block_size + digest_size, GFP_KERNEL); 1527 if (!hmac_buf) { 1528 ret = -ENOMEM; 1529 goto e_data; 1530 } 1531 sg_init_one(&sg, hmac_buf, block_size + digest_size); 1532 1533 scatterwalk_map_and_copy(hmac_buf, sha->opad, 0, block_size, 0); 1534 memcpy(hmac_buf + block_size, ctx.address, digest_size); 1535 1536 memset(&hmac_cmd, 0, sizeof(hmac_cmd)); 1537 hmac_cmd.engine = CCP_ENGINE_SHA; 1538 hmac_cmd.u.sha.type = sha->type; 1539 hmac_cmd.u.sha.ctx = sha->ctx; 1540 hmac_cmd.u.sha.ctx_len = sha->ctx_len; 1541 hmac_cmd.u.sha.src = &sg; 1542 hmac_cmd.u.sha.src_len = block_size + digest_size; 1543 hmac_cmd.u.sha.opad = NULL; 1544 hmac_cmd.u.sha.opad_len = 0; 1545 hmac_cmd.u.sha.first = 1; 1546 hmac_cmd.u.sha.final = 1; 1547 hmac_cmd.u.sha.msg_bits = (block_size + digest_size) << 3; 1548 1549 ret = ccp_run_sha_cmd(cmd_q, &hmac_cmd); 1550 if (ret) 1551 cmd->engine_error = hmac_cmd.engine_error; 1552 1553 kfree(hmac_buf); 1554 } 1555 1556 e_data: 1557 ccp_free_data(&src, cmd_q); 1558 1559 e_ctx: 1560 ccp_dm_free(&ctx); 1561 1562 return ret; 1563 } 1564 1565 static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 1566 { 1567 struct ccp_rsa_engine *rsa = &cmd->u.rsa; 1568 struct ccp_dm_workarea exp, src; 1569 struct ccp_data dst; 1570 struct ccp_op op; 1571 unsigned int ksb_count, i_len, o_len; 1572 int ret; 1573 1574 if (rsa->key_size > CCP_RSA_MAX_WIDTH) 1575 return -EINVAL; 1576 1577 if (!rsa->exp || !rsa->mod || !rsa->src || !rsa->dst) 1578 return -EINVAL; 1579 1580 /* The RSA modulus must precede the message being acted upon, so 1581 * it must be copied to a DMA area where the message and the 1582 * modulus can be concatenated. Therefore the input buffer 1583 * length required is twice the output buffer length (which 1584 * must be a multiple of 256-bits). 1585 */ 1586 o_len = ((rsa->key_size + 255) / 256) * 32; 1587 i_len = o_len * 2; 1588 1589 ksb_count = o_len / CCP_KSB_BYTES; 1590 1591 memset(&op, 0, sizeof(op)); 1592 op.cmd_q = cmd_q; 1593 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1594 op.ksb_key = ccp_alloc_ksb(cmd_q->ccp, ksb_count); 1595 if (!op.ksb_key) 1596 return -EIO; 1597 1598 /* The RSA exponent may span multiple (32-byte) KSB entries and must 1599 * be in little endian format. Reverse copy each 32-byte chunk 1600 * of the exponent (En chunk to E0 chunk, E(n-1) chunk to E1 chunk) 1601 * and each byte within that chunk and do not perform any byte swap 1602 * operations on the passthru operation. 1603 */ 1604 ret = ccp_init_dm_workarea(&exp, cmd_q, o_len, DMA_TO_DEVICE); 1605 if (ret) 1606 goto e_ksb; 1607 1608 ccp_reverse_set_dm_area(&exp, rsa->exp, rsa->exp_len, CCP_KSB_BYTES, 1609 false); 1610 ret = ccp_copy_to_ksb(cmd_q, &exp, op.jobid, op.ksb_key, 1611 CCP_PASSTHRU_BYTESWAP_NOOP); 1612 if (ret) { 1613 cmd->engine_error = cmd_q->cmd_error; 1614 goto e_exp; 1615 } 1616 1617 /* Concatenate the modulus and the message. Both the modulus and 1618 * the operands must be in little endian format. Since the input 1619 * is in big endian format it must be converted. 1620 */ 1621 ret = ccp_init_dm_workarea(&src, cmd_q, i_len, DMA_TO_DEVICE); 1622 if (ret) 1623 goto e_exp; 1624 1625 ccp_reverse_set_dm_area(&src, rsa->mod, rsa->mod_len, CCP_KSB_BYTES, 1626 false); 1627 src.address += o_len; /* Adjust the address for the copy operation */ 1628 ccp_reverse_set_dm_area(&src, rsa->src, rsa->src_len, CCP_KSB_BYTES, 1629 false); 1630 src.address -= o_len; /* Reset the address to original value */ 1631 1632 /* Prepare the output area for the operation */ 1633 ret = ccp_init_data(&dst, cmd_q, rsa->dst, rsa->mod_len, 1634 o_len, DMA_FROM_DEVICE); 1635 if (ret) 1636 goto e_src; 1637 1638 op.soc = 1; 1639 op.src.u.dma.address = src.dma.address; 1640 op.src.u.dma.offset = 0; 1641 op.src.u.dma.length = i_len; 1642 op.dst.u.dma.address = dst.dm_wa.dma.address; 1643 op.dst.u.dma.offset = 0; 1644 op.dst.u.dma.length = o_len; 1645 1646 op.u.rsa.mod_size = rsa->key_size; 1647 op.u.rsa.input_len = i_len; 1648 1649 ret = ccp_perform_rsa(&op); 1650 if (ret) { 1651 cmd->engine_error = cmd_q->cmd_error; 1652 goto e_dst; 1653 } 1654 1655 ccp_reverse_get_dm_area(&dst.dm_wa, rsa->dst, rsa->mod_len); 1656 1657 e_dst: 1658 ccp_free_data(&dst, cmd_q); 1659 1660 e_src: 1661 ccp_dm_free(&src); 1662 1663 e_exp: 1664 ccp_dm_free(&exp); 1665 1666 e_ksb: 1667 ccp_free_ksb(cmd_q->ccp, op.ksb_key, ksb_count); 1668 1669 return ret; 1670 } 1671 1672 static int ccp_run_passthru_cmd(struct ccp_cmd_queue *cmd_q, 1673 struct ccp_cmd *cmd) 1674 { 1675 struct ccp_passthru_engine *pt = &cmd->u.passthru; 1676 struct ccp_dm_workarea mask; 1677 struct ccp_data src, dst; 1678 struct ccp_op op; 1679 bool in_place = false; 1680 unsigned int i; 1681 int ret; 1682 1683 if (!pt->final && (pt->src_len & (CCP_PASSTHRU_BLOCKSIZE - 1))) 1684 return -EINVAL; 1685 1686 if (!pt->src || !pt->dst) 1687 return -EINVAL; 1688 1689 if (pt->bit_mod != CCP_PASSTHRU_BITWISE_NOOP) { 1690 if (pt->mask_len != CCP_PASSTHRU_MASKSIZE) 1691 return -EINVAL; 1692 if (!pt->mask) 1693 return -EINVAL; 1694 } 1695 1696 BUILD_BUG_ON(CCP_PASSTHRU_KSB_COUNT != 1); 1697 1698 memset(&op, 0, sizeof(op)); 1699 op.cmd_q = cmd_q; 1700 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1701 1702 if (pt->bit_mod != CCP_PASSTHRU_BITWISE_NOOP) { 1703 /* Load the mask */ 1704 op.ksb_key = cmd_q->ksb_key; 1705 1706 ret = ccp_init_dm_workarea(&mask, cmd_q, 1707 CCP_PASSTHRU_KSB_COUNT * 1708 CCP_KSB_BYTES, 1709 DMA_TO_DEVICE); 1710 if (ret) 1711 return ret; 1712 1713 ccp_set_dm_area(&mask, 0, pt->mask, 0, pt->mask_len); 1714 ret = ccp_copy_to_ksb(cmd_q, &mask, op.jobid, op.ksb_key, 1715 CCP_PASSTHRU_BYTESWAP_NOOP); 1716 if (ret) { 1717 cmd->engine_error = cmd_q->cmd_error; 1718 goto e_mask; 1719 } 1720 } 1721 1722 /* Prepare the input and output data workareas. For in-place 1723 * operations we need to set the dma direction to BIDIRECTIONAL 1724 * and copy the src workarea to the dst workarea. 1725 */ 1726 if (sg_virt(pt->src) == sg_virt(pt->dst)) 1727 in_place = true; 1728 1729 ret = ccp_init_data(&src, cmd_q, pt->src, pt->src_len, 1730 CCP_PASSTHRU_MASKSIZE, 1731 in_place ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE); 1732 if (ret) 1733 goto e_mask; 1734 1735 if (in_place) 1736 dst = src; 1737 else { 1738 ret = ccp_init_data(&dst, cmd_q, pt->dst, pt->src_len, 1739 CCP_PASSTHRU_MASKSIZE, DMA_FROM_DEVICE); 1740 if (ret) 1741 goto e_src; 1742 } 1743 1744 /* Send data to the CCP Passthru engine 1745 * Because the CCP engine works on a single source and destination 1746 * dma address at a time, each entry in the source scatterlist 1747 * (after the dma_map_sg call) must be less than or equal to the 1748 * (remaining) length in the destination scatterlist entry and the 1749 * length must be a multiple of CCP_PASSTHRU_BLOCKSIZE 1750 */ 1751 dst.sg_wa.sg_used = 0; 1752 for (i = 1; i <= src.sg_wa.dma_count; i++) { 1753 if (!dst.sg_wa.sg || 1754 (dst.sg_wa.sg->length < src.sg_wa.sg->length)) { 1755 ret = -EINVAL; 1756 goto e_dst; 1757 } 1758 1759 if (i == src.sg_wa.dma_count) { 1760 op.eom = 1; 1761 op.soc = 1; 1762 } 1763 1764 op.src.type = CCP_MEMTYPE_SYSTEM; 1765 op.src.u.dma.address = sg_dma_address(src.sg_wa.sg); 1766 op.src.u.dma.offset = 0; 1767 op.src.u.dma.length = sg_dma_len(src.sg_wa.sg); 1768 1769 op.dst.type = CCP_MEMTYPE_SYSTEM; 1770 op.dst.u.dma.address = sg_dma_address(dst.sg_wa.sg); 1771 op.dst.u.dma.offset = dst.sg_wa.sg_used; 1772 op.dst.u.dma.length = op.src.u.dma.length; 1773 1774 ret = ccp_perform_passthru(&op); 1775 if (ret) { 1776 cmd->engine_error = cmd_q->cmd_error; 1777 goto e_dst; 1778 } 1779 1780 dst.sg_wa.sg_used += src.sg_wa.sg->length; 1781 if (dst.sg_wa.sg_used == dst.sg_wa.sg->length) { 1782 dst.sg_wa.sg = sg_next(dst.sg_wa.sg); 1783 dst.sg_wa.sg_used = 0; 1784 } 1785 src.sg_wa.sg = sg_next(src.sg_wa.sg); 1786 } 1787 1788 e_dst: 1789 if (!in_place) 1790 ccp_free_data(&dst, cmd_q); 1791 1792 e_src: 1793 ccp_free_data(&src, cmd_q); 1794 1795 e_mask: 1796 if (pt->bit_mod != CCP_PASSTHRU_BITWISE_NOOP) 1797 ccp_dm_free(&mask); 1798 1799 return ret; 1800 } 1801 1802 static int ccp_run_ecc_mm_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 1803 { 1804 struct ccp_ecc_engine *ecc = &cmd->u.ecc; 1805 struct ccp_dm_workarea src, dst; 1806 struct ccp_op op; 1807 int ret; 1808 u8 *save; 1809 1810 if (!ecc->u.mm.operand_1 || 1811 (ecc->u.mm.operand_1_len > CCP_ECC_MODULUS_BYTES)) 1812 return -EINVAL; 1813 1814 if (ecc->function != CCP_ECC_FUNCTION_MINV_384BIT) 1815 if (!ecc->u.mm.operand_2 || 1816 (ecc->u.mm.operand_2_len > CCP_ECC_MODULUS_BYTES)) 1817 return -EINVAL; 1818 1819 if (!ecc->u.mm.result || 1820 (ecc->u.mm.result_len < CCP_ECC_MODULUS_BYTES)) 1821 return -EINVAL; 1822 1823 memset(&op, 0, sizeof(op)); 1824 op.cmd_q = cmd_q; 1825 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1826 1827 /* Concatenate the modulus and the operands. Both the modulus and 1828 * the operands must be in little endian format. Since the input 1829 * is in big endian format it must be converted and placed in a 1830 * fixed length buffer. 1831 */ 1832 ret = ccp_init_dm_workarea(&src, cmd_q, CCP_ECC_SRC_BUF_SIZE, 1833 DMA_TO_DEVICE); 1834 if (ret) 1835 return ret; 1836 1837 /* Save the workarea address since it is updated in order to perform 1838 * the concatenation 1839 */ 1840 save = src.address; 1841 1842 /* Copy the ECC modulus */ 1843 ccp_reverse_set_dm_area(&src, ecc->mod, ecc->mod_len, 1844 CCP_ECC_OPERAND_SIZE, false); 1845 src.address += CCP_ECC_OPERAND_SIZE; 1846 1847 /* Copy the first operand */ 1848 ccp_reverse_set_dm_area(&src, ecc->u.mm.operand_1, 1849 ecc->u.mm.operand_1_len, 1850 CCP_ECC_OPERAND_SIZE, false); 1851 src.address += CCP_ECC_OPERAND_SIZE; 1852 1853 if (ecc->function != CCP_ECC_FUNCTION_MINV_384BIT) { 1854 /* Copy the second operand */ 1855 ccp_reverse_set_dm_area(&src, ecc->u.mm.operand_2, 1856 ecc->u.mm.operand_2_len, 1857 CCP_ECC_OPERAND_SIZE, false); 1858 src.address += CCP_ECC_OPERAND_SIZE; 1859 } 1860 1861 /* Restore the workarea address */ 1862 src.address = save; 1863 1864 /* Prepare the output area for the operation */ 1865 ret = ccp_init_dm_workarea(&dst, cmd_q, CCP_ECC_DST_BUF_SIZE, 1866 DMA_FROM_DEVICE); 1867 if (ret) 1868 goto e_src; 1869 1870 op.soc = 1; 1871 op.src.u.dma.address = src.dma.address; 1872 op.src.u.dma.offset = 0; 1873 op.src.u.dma.length = src.length; 1874 op.dst.u.dma.address = dst.dma.address; 1875 op.dst.u.dma.offset = 0; 1876 op.dst.u.dma.length = dst.length; 1877 1878 op.u.ecc.function = cmd->u.ecc.function; 1879 1880 ret = ccp_perform_ecc(&op); 1881 if (ret) { 1882 cmd->engine_error = cmd_q->cmd_error; 1883 goto e_dst; 1884 } 1885 1886 ecc->ecc_result = le16_to_cpup( 1887 (const __le16 *)(dst.address + CCP_ECC_RESULT_OFFSET)); 1888 if (!(ecc->ecc_result & CCP_ECC_RESULT_SUCCESS)) { 1889 ret = -EIO; 1890 goto e_dst; 1891 } 1892 1893 /* Save the ECC result */ 1894 ccp_reverse_get_dm_area(&dst, ecc->u.mm.result, CCP_ECC_MODULUS_BYTES); 1895 1896 e_dst: 1897 ccp_dm_free(&dst); 1898 1899 e_src: 1900 ccp_dm_free(&src); 1901 1902 return ret; 1903 } 1904 1905 static int ccp_run_ecc_pm_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 1906 { 1907 struct ccp_ecc_engine *ecc = &cmd->u.ecc; 1908 struct ccp_dm_workarea src, dst; 1909 struct ccp_op op; 1910 int ret; 1911 u8 *save; 1912 1913 if (!ecc->u.pm.point_1.x || 1914 (ecc->u.pm.point_1.x_len > CCP_ECC_MODULUS_BYTES) || 1915 !ecc->u.pm.point_1.y || 1916 (ecc->u.pm.point_1.y_len > CCP_ECC_MODULUS_BYTES)) 1917 return -EINVAL; 1918 1919 if (ecc->function == CCP_ECC_FUNCTION_PADD_384BIT) { 1920 if (!ecc->u.pm.point_2.x || 1921 (ecc->u.pm.point_2.x_len > CCP_ECC_MODULUS_BYTES) || 1922 !ecc->u.pm.point_2.y || 1923 (ecc->u.pm.point_2.y_len > CCP_ECC_MODULUS_BYTES)) 1924 return -EINVAL; 1925 } else { 1926 if (!ecc->u.pm.domain_a || 1927 (ecc->u.pm.domain_a_len > CCP_ECC_MODULUS_BYTES)) 1928 return -EINVAL; 1929 1930 if (ecc->function == CCP_ECC_FUNCTION_PMUL_384BIT) 1931 if (!ecc->u.pm.scalar || 1932 (ecc->u.pm.scalar_len > CCP_ECC_MODULUS_BYTES)) 1933 return -EINVAL; 1934 } 1935 1936 if (!ecc->u.pm.result.x || 1937 (ecc->u.pm.result.x_len < CCP_ECC_MODULUS_BYTES) || 1938 !ecc->u.pm.result.y || 1939 (ecc->u.pm.result.y_len < CCP_ECC_MODULUS_BYTES)) 1940 return -EINVAL; 1941 1942 memset(&op, 0, sizeof(op)); 1943 op.cmd_q = cmd_q; 1944 op.jobid = ccp_gen_jobid(cmd_q->ccp); 1945 1946 /* Concatenate the modulus and the operands. Both the modulus and 1947 * the operands must be in little endian format. Since the input 1948 * is in big endian format it must be converted and placed in a 1949 * fixed length buffer. 1950 */ 1951 ret = ccp_init_dm_workarea(&src, cmd_q, CCP_ECC_SRC_BUF_SIZE, 1952 DMA_TO_DEVICE); 1953 if (ret) 1954 return ret; 1955 1956 /* Save the workarea address since it is updated in order to perform 1957 * the concatenation 1958 */ 1959 save = src.address; 1960 1961 /* Copy the ECC modulus */ 1962 ccp_reverse_set_dm_area(&src, ecc->mod, ecc->mod_len, 1963 CCP_ECC_OPERAND_SIZE, false); 1964 src.address += CCP_ECC_OPERAND_SIZE; 1965 1966 /* Copy the first point X and Y coordinate */ 1967 ccp_reverse_set_dm_area(&src, ecc->u.pm.point_1.x, 1968 ecc->u.pm.point_1.x_len, 1969 CCP_ECC_OPERAND_SIZE, false); 1970 src.address += CCP_ECC_OPERAND_SIZE; 1971 ccp_reverse_set_dm_area(&src, ecc->u.pm.point_1.y, 1972 ecc->u.pm.point_1.y_len, 1973 CCP_ECC_OPERAND_SIZE, false); 1974 src.address += CCP_ECC_OPERAND_SIZE; 1975 1976 /* Set the first point Z coordianate to 1 */ 1977 *(src.address) = 0x01; 1978 src.address += CCP_ECC_OPERAND_SIZE; 1979 1980 if (ecc->function == CCP_ECC_FUNCTION_PADD_384BIT) { 1981 /* Copy the second point X and Y coordinate */ 1982 ccp_reverse_set_dm_area(&src, ecc->u.pm.point_2.x, 1983 ecc->u.pm.point_2.x_len, 1984 CCP_ECC_OPERAND_SIZE, false); 1985 src.address += CCP_ECC_OPERAND_SIZE; 1986 ccp_reverse_set_dm_area(&src, ecc->u.pm.point_2.y, 1987 ecc->u.pm.point_2.y_len, 1988 CCP_ECC_OPERAND_SIZE, false); 1989 src.address += CCP_ECC_OPERAND_SIZE; 1990 1991 /* Set the second point Z coordianate to 1 */ 1992 *(src.address) = 0x01; 1993 src.address += CCP_ECC_OPERAND_SIZE; 1994 } else { 1995 /* Copy the Domain "a" parameter */ 1996 ccp_reverse_set_dm_area(&src, ecc->u.pm.domain_a, 1997 ecc->u.pm.domain_a_len, 1998 CCP_ECC_OPERAND_SIZE, false); 1999 src.address += CCP_ECC_OPERAND_SIZE; 2000 2001 if (ecc->function == CCP_ECC_FUNCTION_PMUL_384BIT) { 2002 /* Copy the scalar value */ 2003 ccp_reverse_set_dm_area(&src, ecc->u.pm.scalar, 2004 ecc->u.pm.scalar_len, 2005 CCP_ECC_OPERAND_SIZE, false); 2006 src.address += CCP_ECC_OPERAND_SIZE; 2007 } 2008 } 2009 2010 /* Restore the workarea address */ 2011 src.address = save; 2012 2013 /* Prepare the output area for the operation */ 2014 ret = ccp_init_dm_workarea(&dst, cmd_q, CCP_ECC_DST_BUF_SIZE, 2015 DMA_FROM_DEVICE); 2016 if (ret) 2017 goto e_src; 2018 2019 op.soc = 1; 2020 op.src.u.dma.address = src.dma.address; 2021 op.src.u.dma.offset = 0; 2022 op.src.u.dma.length = src.length; 2023 op.dst.u.dma.address = dst.dma.address; 2024 op.dst.u.dma.offset = 0; 2025 op.dst.u.dma.length = dst.length; 2026 2027 op.u.ecc.function = cmd->u.ecc.function; 2028 2029 ret = ccp_perform_ecc(&op); 2030 if (ret) { 2031 cmd->engine_error = cmd_q->cmd_error; 2032 goto e_dst; 2033 } 2034 2035 ecc->ecc_result = le16_to_cpup( 2036 (const __le16 *)(dst.address + CCP_ECC_RESULT_OFFSET)); 2037 if (!(ecc->ecc_result & CCP_ECC_RESULT_SUCCESS)) { 2038 ret = -EIO; 2039 goto e_dst; 2040 } 2041 2042 /* Save the workarea address since it is updated as we walk through 2043 * to copy the point math result 2044 */ 2045 save = dst.address; 2046 2047 /* Save the ECC result X and Y coordinates */ 2048 ccp_reverse_get_dm_area(&dst, ecc->u.pm.result.x, 2049 CCP_ECC_MODULUS_BYTES); 2050 dst.address += CCP_ECC_OUTPUT_SIZE; 2051 ccp_reverse_get_dm_area(&dst, ecc->u.pm.result.y, 2052 CCP_ECC_MODULUS_BYTES); 2053 dst.address += CCP_ECC_OUTPUT_SIZE; 2054 2055 /* Restore the workarea address */ 2056 dst.address = save; 2057 2058 e_dst: 2059 ccp_dm_free(&dst); 2060 2061 e_src: 2062 ccp_dm_free(&src); 2063 2064 return ret; 2065 } 2066 2067 static int ccp_run_ecc_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 2068 { 2069 struct ccp_ecc_engine *ecc = &cmd->u.ecc; 2070 2071 ecc->ecc_result = 0; 2072 2073 if (!ecc->mod || 2074 (ecc->mod_len > CCP_ECC_MODULUS_BYTES)) 2075 return -EINVAL; 2076 2077 switch (ecc->function) { 2078 case CCP_ECC_FUNCTION_MMUL_384BIT: 2079 case CCP_ECC_FUNCTION_MADD_384BIT: 2080 case CCP_ECC_FUNCTION_MINV_384BIT: 2081 return ccp_run_ecc_mm_cmd(cmd_q, cmd); 2082 2083 case CCP_ECC_FUNCTION_PADD_384BIT: 2084 case CCP_ECC_FUNCTION_PMUL_384BIT: 2085 case CCP_ECC_FUNCTION_PDBL_384BIT: 2086 return ccp_run_ecc_pm_cmd(cmd_q, cmd); 2087 2088 default: 2089 return -EINVAL; 2090 } 2091 } 2092 2093 int ccp_run_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 2094 { 2095 int ret; 2096 2097 cmd->engine_error = 0; 2098 cmd_q->cmd_error = 0; 2099 cmd_q->int_rcvd = 0; 2100 cmd_q->free_slots = CMD_Q_DEPTH(ioread32(cmd_q->reg_status)); 2101 2102 switch (cmd->engine) { 2103 case CCP_ENGINE_AES: 2104 ret = ccp_run_aes_cmd(cmd_q, cmd); 2105 break; 2106 case CCP_ENGINE_XTS_AES_128: 2107 ret = ccp_run_xts_aes_cmd(cmd_q, cmd); 2108 break; 2109 case CCP_ENGINE_SHA: 2110 ret = ccp_run_sha_cmd(cmd_q, cmd); 2111 break; 2112 case CCP_ENGINE_RSA: 2113 ret = ccp_run_rsa_cmd(cmd_q, cmd); 2114 break; 2115 case CCP_ENGINE_PASSTHRU: 2116 ret = ccp_run_passthru_cmd(cmd_q, cmd); 2117 break; 2118 case CCP_ENGINE_ECC: 2119 ret = ccp_run_ecc_cmd(cmd_q, cmd); 2120 break; 2121 default: 2122 ret = -EINVAL; 2123 } 2124 2125 return ret; 2126 } 2127