1 /* 2 * ASPEED Hash and Crypto Engine 3 * 4 * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates 5 * Copyright (C) 2021 IBM Corp. 6 * 7 * Joel Stanley <joel@jms.id.au> 8 * 9 * SPDX-License-Identifier: GPL-2.0-or-later 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "qemu/error-report.h" 15 #include "hw/misc/aspeed_hace.h" 16 #include "qapi/error.h" 17 #include "migration/vmstate.h" 18 #include "crypto/hash.h" 19 #include "hw/qdev-properties.h" 20 #include "hw/irq.h" 21 22 #define R_CRYPT_CMD (0x10 / 4) 23 24 #define R_STATUS (0x1c / 4) 25 #define HASH_IRQ BIT(9) 26 #define CRYPT_IRQ BIT(12) 27 #define TAG_IRQ BIT(15) 28 29 #define R_HASH_SRC (0x20 / 4) 30 #define R_HASH_DEST (0x24 / 4) 31 #define R_HASH_KEY_BUFF (0x28 / 4) 32 #define R_HASH_SRC_LEN (0x2c / 4) 33 34 #define R_HASH_CMD (0x30 / 4) 35 /* Hash algorithm selection */ 36 #define HASH_ALGO_MASK (BIT(4) | BIT(5) | BIT(6)) 37 #define HASH_ALGO_MD5 0 38 #define HASH_ALGO_SHA1 BIT(5) 39 #define HASH_ALGO_SHA224 BIT(6) 40 #define HASH_ALGO_SHA256 (BIT(4) | BIT(6)) 41 #define HASH_ALGO_SHA512_SERIES (BIT(5) | BIT(6)) 42 /* SHA512 algorithm selection */ 43 #define SHA512_HASH_ALGO_MASK (BIT(10) | BIT(11) | BIT(12)) 44 #define HASH_ALGO_SHA512_SHA512 0 45 #define HASH_ALGO_SHA512_SHA384 BIT(10) 46 #define HASH_ALGO_SHA512_SHA256 BIT(11) 47 #define HASH_ALGO_SHA512_SHA224 (BIT(10) | BIT(11)) 48 /* HMAC modes */ 49 #define HASH_HMAC_MASK (BIT(7) | BIT(8)) 50 #define HASH_DIGEST 0 51 #define HASH_DIGEST_HMAC BIT(7) 52 #define HASH_DIGEST_ACCUM BIT(8) 53 #define HASH_HMAC_KEY (BIT(7) | BIT(8)) 54 /* Cascaded operation modes */ 55 #define HASH_ONLY 0 56 #define HASH_ONLY2 BIT(0) 57 #define HASH_CRYPT_THEN_HASH BIT(1) 58 #define HASH_HASH_THEN_CRYPT (BIT(0) | BIT(1)) 59 /* Other cmd bits */ 60 #define HASH_IRQ_EN BIT(9) 61 #define HASH_SG_EN BIT(18) 62 /* Scatter-gather data list */ 63 #define SG_LIST_LEN_SIZE 4 64 #define SG_LIST_LEN_MASK 0x0FFFFFFF 65 #define SG_LIST_LEN_LAST BIT(31) 66 #define SG_LIST_ADDR_SIZE 4 67 #define SG_LIST_ADDR_MASK 0x7FFFFFFF 68 #define SG_LIST_ENTRY_SIZE (SG_LIST_LEN_SIZE + SG_LIST_ADDR_SIZE) 69 70 static const struct { 71 uint32_t mask; 72 QCryptoHashAlgo algo; 73 } hash_algo_map[] = { 74 { HASH_ALGO_MD5, QCRYPTO_HASH_ALGO_MD5 }, 75 { HASH_ALGO_SHA1, QCRYPTO_HASH_ALGO_SHA1 }, 76 { HASH_ALGO_SHA224, QCRYPTO_HASH_ALGO_SHA224 }, 77 { HASH_ALGO_SHA256, QCRYPTO_HASH_ALGO_SHA256 }, 78 { HASH_ALGO_SHA512_SERIES | HASH_ALGO_SHA512_SHA512, 79 QCRYPTO_HASH_ALGO_SHA512 }, 80 { HASH_ALGO_SHA512_SERIES | HASH_ALGO_SHA512_SHA384, 81 QCRYPTO_HASH_ALGO_SHA384 }, 82 { HASH_ALGO_SHA512_SERIES | HASH_ALGO_SHA512_SHA256, 83 QCRYPTO_HASH_ALGO_SHA256 }, 84 }; 85 86 static int hash_algo_lookup(uint32_t reg) 87 { 88 int i; 89 90 reg &= HASH_ALGO_MASK | SHA512_HASH_ALGO_MASK; 91 92 for (i = 0; i < ARRAY_SIZE(hash_algo_map); i++) { 93 if (reg == hash_algo_map[i].mask) { 94 return hash_algo_map[i].algo; 95 } 96 } 97 98 return -1; 99 } 100 101 /** 102 * Check whether the request contains padding message. 103 * 104 * @param s aspeed hace state object 105 * @param iov iov of current request 106 * @param req_len length of the current request 107 * @param total_msg_len length of all acc_mode requests(excluding padding msg) 108 * @param pad_offset start offset of padding message 109 */ 110 static bool has_padding(AspeedHACEState *s, struct iovec *iov, 111 hwaddr req_len, uint32_t *total_msg_len, 112 uint32_t *pad_offset) 113 { 114 *total_msg_len = (uint32_t)(ldq_be_p(iov->iov_base + req_len - 8) / 8); 115 /* 116 * SG_LIST_LEN_LAST asserted in the request length doesn't mean it is the 117 * last request. The last request should contain padding message. 118 * We check whether message contains padding by 119 * 1. Get total message length. If the current message contains 120 * padding, the last 8 bytes are total message length. 121 * 2. Check whether the total message length is valid. 122 * If it is valid, the value should less than or equal to 123 * total_req_len. 124 * 3. Current request len - padding_size to get padding offset. 125 * The padding message's first byte should be 0x80 126 */ 127 if (*total_msg_len <= s->total_req_len) { 128 uint32_t padding_size = s->total_req_len - *total_msg_len; 129 uint8_t *padding = iov->iov_base; 130 *pad_offset = req_len - padding_size; 131 if (padding[*pad_offset] == 0x80) { 132 return true; 133 } 134 } 135 136 return false; 137 } 138 139 static int reconstruct_iov(AspeedHACEState *s, struct iovec *iov, int id, 140 uint32_t *pad_offset) 141 { 142 int i, iov_count; 143 if (*pad_offset != 0) { 144 s->iov_cache[s->iov_count].iov_base = iov[id].iov_base; 145 s->iov_cache[s->iov_count].iov_len = *pad_offset; 146 ++s->iov_count; 147 } 148 for (i = 0; i < s->iov_count; i++) { 149 iov[i].iov_base = s->iov_cache[i].iov_base; 150 iov[i].iov_len = s->iov_cache[i].iov_len; 151 } 152 iov_count = s->iov_count; 153 s->iov_count = 0; 154 s->total_req_len = 0; 155 return iov_count; 156 } 157 158 static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode, 159 bool acc_mode) 160 { 161 struct iovec iov[ASPEED_HACE_MAX_SG]; 162 uint32_t total_msg_len; 163 uint32_t pad_offset; 164 g_autofree uint8_t *digest_buf = NULL; 165 size_t digest_len = 0; 166 bool sg_acc_mode_final_request = false; 167 int i; 168 void *haddr; 169 Error *local_err = NULL; 170 171 if (acc_mode && s->hash_ctx == NULL) { 172 s->hash_ctx = qcrypto_hash_new(algo, &local_err); 173 if (s->hash_ctx == NULL) { 174 qemu_log_mask(LOG_GUEST_ERROR, "qcrypto hash failed : %s", 175 error_get_pretty(local_err)); 176 error_free(local_err); 177 return; 178 } 179 } 180 181 if (sg_mode) { 182 uint32_t len = 0; 183 184 for (i = 0; !(len & SG_LIST_LEN_LAST); i++) { 185 uint32_t addr, src; 186 hwaddr plen; 187 188 if (i == ASPEED_HACE_MAX_SG) { 189 qemu_log_mask(LOG_GUEST_ERROR, 190 "aspeed_hace: guest failed to set end of sg list marker\n"); 191 break; 192 } 193 194 src = s->regs[R_HASH_SRC] + (i * SG_LIST_ENTRY_SIZE); 195 196 len = address_space_ldl_le(&s->dram_as, src, 197 MEMTXATTRS_UNSPECIFIED, NULL); 198 199 addr = address_space_ldl_le(&s->dram_as, src + SG_LIST_LEN_SIZE, 200 MEMTXATTRS_UNSPECIFIED, NULL); 201 addr &= SG_LIST_ADDR_MASK; 202 203 plen = len & SG_LIST_LEN_MASK; 204 haddr = address_space_map(&s->dram_as, addr, &plen, false, 205 MEMTXATTRS_UNSPECIFIED); 206 if (haddr == NULL) { 207 qemu_log_mask(LOG_GUEST_ERROR, 208 "%s: qcrypto failed\n", __func__); 209 return; 210 } 211 iov[i].iov_base = haddr; 212 if (acc_mode) { 213 s->total_req_len += plen; 214 215 if (has_padding(s, &iov[i], plen, &total_msg_len, 216 &pad_offset)) { 217 /* Padding being present indicates the final request */ 218 sg_acc_mode_final_request = true; 219 iov[i].iov_len = pad_offset; 220 } else { 221 iov[i].iov_len = plen; 222 } 223 } else { 224 iov[i].iov_len = plen; 225 } 226 } 227 } else { 228 hwaddr len = s->regs[R_HASH_SRC_LEN]; 229 230 haddr = address_space_map(&s->dram_as, s->regs[R_HASH_SRC], 231 &len, false, MEMTXATTRS_UNSPECIFIED); 232 if (haddr == NULL) { 233 qemu_log_mask(LOG_GUEST_ERROR, "%s: qcrypto failed\n", __func__); 234 return; 235 } 236 iov[0].iov_base = haddr; 237 iov[0].iov_len = len; 238 i = 1; 239 240 if (s->iov_count) { 241 /* 242 * In aspeed sdk kernel driver, sg_mode is disabled in hash_final(). 243 * Thus if we received a request with sg_mode disabled, it is 244 * required to check whether cache is empty. If no, we should 245 * combine cached iov and the current iov. 246 */ 247 s->total_req_len += len; 248 if (has_padding(s, iov, len, &total_msg_len, &pad_offset)) { 249 i = reconstruct_iov(s, iov, 0, &pad_offset); 250 } 251 } 252 } 253 254 if (acc_mode) { 255 if (qcrypto_hash_updatev(s->hash_ctx, iov, i, &local_err) < 0) { 256 qemu_log_mask(LOG_GUEST_ERROR, "qcrypto hash update failed : %s", 257 error_get_pretty(local_err)); 258 error_free(local_err); 259 return; 260 } 261 262 if (sg_acc_mode_final_request) { 263 if (qcrypto_hash_finalize_bytes(s->hash_ctx, &digest_buf, 264 &digest_len, &local_err)) { 265 qemu_log_mask(LOG_GUEST_ERROR, 266 "qcrypto hash finalize failed : %s", 267 error_get_pretty(local_err)); 268 error_free(local_err); 269 local_err = NULL; 270 } 271 272 qcrypto_hash_free(s->hash_ctx); 273 274 s->hash_ctx = NULL; 275 s->iov_count = 0; 276 s->total_req_len = 0; 277 } 278 } else if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf, 279 &digest_len, &local_err) < 0) { 280 qemu_log_mask(LOG_GUEST_ERROR, "qcrypto hash bytesv failed : %s", 281 error_get_pretty(local_err)); 282 error_free(local_err); 283 return; 284 } 285 286 if (address_space_write(&s->dram_as, s->regs[R_HASH_DEST], 287 MEMTXATTRS_UNSPECIFIED, 288 digest_buf, digest_len)) { 289 qemu_log_mask(LOG_GUEST_ERROR, 290 "aspeed_hace: address space write failed\n"); 291 } 292 293 for (; i > 0; i--) { 294 address_space_unmap(&s->dram_as, iov[i - 1].iov_base, 295 iov[i - 1].iov_len, false, 296 iov[i - 1].iov_len); 297 } 298 299 /* 300 * Set status bits to indicate completion. Testing shows hardware sets 301 * these irrespective of HASH_IRQ_EN. 302 */ 303 s->regs[R_STATUS] |= HASH_IRQ; 304 } 305 306 static uint64_t aspeed_hace_read(void *opaque, hwaddr addr, unsigned int size) 307 { 308 AspeedHACEState *s = ASPEED_HACE(opaque); 309 310 addr >>= 2; 311 312 if (addr >= ASPEED_HACE_NR_REGS) { 313 qemu_log_mask(LOG_GUEST_ERROR, 314 "%s: Out-of-bounds read at offset 0x%" HWADDR_PRIx "\n", 315 __func__, addr << 2); 316 return 0; 317 } 318 319 return s->regs[addr]; 320 } 321 322 static void aspeed_hace_write(void *opaque, hwaddr addr, uint64_t data, 323 unsigned int size) 324 { 325 AspeedHACEState *s = ASPEED_HACE(opaque); 326 AspeedHACEClass *ahc = ASPEED_HACE_GET_CLASS(s); 327 328 addr >>= 2; 329 330 if (addr >= ASPEED_HACE_NR_REGS) { 331 qemu_log_mask(LOG_GUEST_ERROR, 332 "%s: Out-of-bounds write at offset 0x%" HWADDR_PRIx "\n", 333 __func__, addr << 2); 334 return; 335 } 336 337 switch (addr) { 338 case R_STATUS: 339 if (data & HASH_IRQ) { 340 data &= ~HASH_IRQ; 341 342 if (s->regs[addr] & HASH_IRQ) { 343 qemu_irq_lower(s->irq); 344 } 345 } 346 break; 347 case R_HASH_SRC: 348 data &= ahc->src_mask; 349 break; 350 case R_HASH_DEST: 351 data &= ahc->dest_mask; 352 break; 353 case R_HASH_KEY_BUFF: 354 data &= ahc->key_mask; 355 break; 356 case R_HASH_SRC_LEN: 357 data &= 0x0FFFFFFF; 358 break; 359 case R_HASH_CMD: { 360 int algo; 361 data &= ahc->hash_mask; 362 363 if ((data & HASH_DIGEST_HMAC)) { 364 qemu_log_mask(LOG_UNIMP, 365 "%s: HMAC mode not implemented\n", 366 __func__); 367 } 368 if (data & BIT(1)) { 369 qemu_log_mask(LOG_UNIMP, 370 "%s: Cascaded mode not implemented\n", 371 __func__); 372 } 373 algo = hash_algo_lookup(data); 374 if (algo < 0) { 375 qemu_log_mask(LOG_GUEST_ERROR, 376 "%s: Invalid hash algorithm selection 0x%"PRIx64"\n", 377 __func__, data & ahc->hash_mask); 378 break; 379 } 380 do_hash_operation(s, algo, data & HASH_SG_EN, 381 ((data & HASH_HMAC_MASK) == HASH_DIGEST_ACCUM)); 382 383 if (data & HASH_IRQ_EN) { 384 qemu_irq_raise(s->irq); 385 } 386 break; 387 } 388 case R_CRYPT_CMD: 389 qemu_log_mask(LOG_UNIMP, "%s: Crypt commands not implemented\n", 390 __func__); 391 break; 392 default: 393 break; 394 } 395 396 s->regs[addr] = data; 397 } 398 399 static const MemoryRegionOps aspeed_hace_ops = { 400 .read = aspeed_hace_read, 401 .write = aspeed_hace_write, 402 .endianness = DEVICE_LITTLE_ENDIAN, 403 .valid = { 404 .min_access_size = 1, 405 .max_access_size = 4, 406 }, 407 }; 408 409 static void aspeed_hace_reset(DeviceState *dev) 410 { 411 struct AspeedHACEState *s = ASPEED_HACE(dev); 412 413 if (s->hash_ctx != NULL) { 414 qcrypto_hash_free(s->hash_ctx); 415 s->hash_ctx = NULL; 416 } 417 418 memset(s->regs, 0, sizeof(s->regs)); 419 s->iov_count = 0; 420 s->total_req_len = 0; 421 } 422 423 static void aspeed_hace_realize(DeviceState *dev, Error **errp) 424 { 425 AspeedHACEState *s = ASPEED_HACE(dev); 426 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 427 428 sysbus_init_irq(sbd, &s->irq); 429 430 memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_hace_ops, s, 431 TYPE_ASPEED_HACE, 0x1000); 432 433 if (!s->dram_mr) { 434 error_setg(errp, TYPE_ASPEED_HACE ": 'dram' link not set"); 435 return; 436 } 437 438 address_space_init(&s->dram_as, s->dram_mr, "dram"); 439 440 sysbus_init_mmio(sbd, &s->iomem); 441 } 442 443 static const Property aspeed_hace_properties[] = { 444 DEFINE_PROP_LINK("dram", AspeedHACEState, dram_mr, 445 TYPE_MEMORY_REGION, MemoryRegion *), 446 }; 447 448 449 static const VMStateDescription vmstate_aspeed_hace = { 450 .name = TYPE_ASPEED_HACE, 451 .version_id = 1, 452 .minimum_version_id = 1, 453 .fields = (const VMStateField[]) { 454 VMSTATE_UINT32_ARRAY(regs, AspeedHACEState, ASPEED_HACE_NR_REGS), 455 VMSTATE_UINT32(total_req_len, AspeedHACEState), 456 VMSTATE_UINT32(iov_count, AspeedHACEState), 457 VMSTATE_END_OF_LIST(), 458 } 459 }; 460 461 static void aspeed_hace_class_init(ObjectClass *klass, void *data) 462 { 463 DeviceClass *dc = DEVICE_CLASS(klass); 464 465 dc->realize = aspeed_hace_realize; 466 device_class_set_legacy_reset(dc, aspeed_hace_reset); 467 device_class_set_props(dc, aspeed_hace_properties); 468 dc->vmsd = &vmstate_aspeed_hace; 469 } 470 471 static const TypeInfo aspeed_hace_info = { 472 .name = TYPE_ASPEED_HACE, 473 .parent = TYPE_SYS_BUS_DEVICE, 474 .instance_size = sizeof(AspeedHACEState), 475 .class_init = aspeed_hace_class_init, 476 .class_size = sizeof(AspeedHACEClass) 477 }; 478 479 static void aspeed_ast2400_hace_class_init(ObjectClass *klass, void *data) 480 { 481 DeviceClass *dc = DEVICE_CLASS(klass); 482 AspeedHACEClass *ahc = ASPEED_HACE_CLASS(klass); 483 484 dc->desc = "AST2400 Hash and Crypto Engine"; 485 486 ahc->src_mask = 0x0FFFFFFF; 487 ahc->dest_mask = 0x0FFFFFF8; 488 ahc->key_mask = 0x0FFFFFC0; 489 ahc->hash_mask = 0x000003ff; /* No SG or SHA512 modes */ 490 } 491 492 static const TypeInfo aspeed_ast2400_hace_info = { 493 .name = TYPE_ASPEED_AST2400_HACE, 494 .parent = TYPE_ASPEED_HACE, 495 .class_init = aspeed_ast2400_hace_class_init, 496 }; 497 498 static void aspeed_ast2500_hace_class_init(ObjectClass *klass, void *data) 499 { 500 DeviceClass *dc = DEVICE_CLASS(klass); 501 AspeedHACEClass *ahc = ASPEED_HACE_CLASS(klass); 502 503 dc->desc = "AST2500 Hash and Crypto Engine"; 504 505 ahc->src_mask = 0x3fffffff; 506 ahc->dest_mask = 0x3ffffff8; 507 ahc->key_mask = 0x3FFFFFC0; 508 ahc->hash_mask = 0x000003ff; /* No SG or SHA512 modes */ 509 } 510 511 static const TypeInfo aspeed_ast2500_hace_info = { 512 .name = TYPE_ASPEED_AST2500_HACE, 513 .parent = TYPE_ASPEED_HACE, 514 .class_init = aspeed_ast2500_hace_class_init, 515 }; 516 517 static void aspeed_ast2600_hace_class_init(ObjectClass *klass, void *data) 518 { 519 DeviceClass *dc = DEVICE_CLASS(klass); 520 AspeedHACEClass *ahc = ASPEED_HACE_CLASS(klass); 521 522 dc->desc = "AST2600 Hash and Crypto Engine"; 523 524 ahc->src_mask = 0x7FFFFFFF; 525 ahc->dest_mask = 0x7FFFFFF8; 526 ahc->key_mask = 0x7FFFFFF8; 527 ahc->hash_mask = 0x00147FFF; 528 } 529 530 static const TypeInfo aspeed_ast2600_hace_info = { 531 .name = TYPE_ASPEED_AST2600_HACE, 532 .parent = TYPE_ASPEED_HACE, 533 .class_init = aspeed_ast2600_hace_class_init, 534 }; 535 536 static void aspeed_ast1030_hace_class_init(ObjectClass *klass, void *data) 537 { 538 DeviceClass *dc = DEVICE_CLASS(klass); 539 AspeedHACEClass *ahc = ASPEED_HACE_CLASS(klass); 540 541 dc->desc = "AST1030 Hash and Crypto Engine"; 542 543 ahc->src_mask = 0x7FFFFFFF; 544 ahc->dest_mask = 0x7FFFFFF8; 545 ahc->key_mask = 0x7FFFFFF8; 546 ahc->hash_mask = 0x00147FFF; 547 } 548 549 static const TypeInfo aspeed_ast1030_hace_info = { 550 .name = TYPE_ASPEED_AST1030_HACE, 551 .parent = TYPE_ASPEED_HACE, 552 .class_init = aspeed_ast1030_hace_class_init, 553 }; 554 555 static void aspeed_ast2700_hace_class_init(ObjectClass *klass, void *data) 556 { 557 DeviceClass *dc = DEVICE_CLASS(klass); 558 AspeedHACEClass *ahc = ASPEED_HACE_CLASS(klass); 559 560 dc->desc = "AST2700 Hash and Crypto Engine"; 561 562 ahc->src_mask = 0x7FFFFFFF; 563 ahc->dest_mask = 0x7FFFFFF8; 564 ahc->key_mask = 0x7FFFFFF8; 565 ahc->hash_mask = 0x00147FFF; 566 } 567 568 static const TypeInfo aspeed_ast2700_hace_info = { 569 .name = TYPE_ASPEED_AST2700_HACE, 570 .parent = TYPE_ASPEED_HACE, 571 .class_init = aspeed_ast2700_hace_class_init, 572 }; 573 574 static void aspeed_hace_register_types(void) 575 { 576 type_register_static(&aspeed_ast2400_hace_info); 577 type_register_static(&aspeed_ast2500_hace_info); 578 type_register_static(&aspeed_ast2600_hace_info); 579 type_register_static(&aspeed_ast1030_hace_info); 580 type_register_static(&aspeed_ast2700_hace_info); 581 type_register_static(&aspeed_hace_info); 582 } 583 584 type_init(aspeed_hace_register_types); 585