Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-prng.c
26292 views
1
// SPDX-License-Identifier: GPL-2.0

2
/*

3
 * sun8i-ss-prng.c - hardware cryptographic offloader for

4
 * Allwinner A80/A83T SoC

5
 *

6
 * Copyright (C) 2015-2020 Corentin Labbe <[email protected]>

7
 *

8
 * This file handle the PRNG found in the SS

9
 *

10
 * You could find a link for the datasheet in Documentation/arch/arm/sunxi.rst

11
 */

12
#include "sun8i-ss.h"

13
#include <linux/dma-mapping.h>

14
#include <linux/kernel.h>

15
#include <linux/mm.h>

16
#include <linux/pm_runtime.h>

17
#include <crypto/internal/rng.h>

18


19
int sun8i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed,

20
		       unsigned int slen)

21
{

22
	struct sun8i_ss_rng_tfm_ctx *ctx = crypto_rng_ctx(tfm);

23


24
	if (ctx->seed && ctx->slen != slen) {

25
		kfree_sensitive(ctx->seed);

26
		ctx->slen = 0;

27
		ctx->seed = NULL;

28
	}

29
	if (!ctx->seed)

30
		ctx->seed = kmalloc(slen, GFP_KERNEL);

31
	if (!ctx->seed)

32
		return -ENOMEM;

33


34
	memcpy(ctx->seed, seed, slen);

35
	ctx->slen = slen;

36


37
	return 0;

38
}

39


40
int sun8i_ss_prng_init(struct crypto_tfm *tfm)

41
{

42
	struct sun8i_ss_rng_tfm_ctx *ctx = crypto_tfm_ctx(tfm);

43


44
	memset(ctx, 0, sizeof(struct sun8i_ss_rng_tfm_ctx));

45
	return 0;

46
}

47


48
void sun8i_ss_prng_exit(struct crypto_tfm *tfm)

49
{

50
	struct sun8i_ss_rng_tfm_ctx *ctx = crypto_tfm_ctx(tfm);

51


52
	kfree_sensitive(ctx->seed);

53
	ctx->seed = NULL;

54
	ctx->slen = 0;

55
}

56


57
int sun8i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src,

58
			   unsigned int slen, u8 *dst, unsigned int dlen)

59
{

60
	struct sun8i_ss_rng_tfm_ctx *ctx = crypto_rng_ctx(tfm);

61
	struct rng_alg *alg = crypto_rng_alg(tfm);

62
	struct sun8i_ss_alg_template *algt;

63
	unsigned int todo_with_padding;

64
	struct sun8i_ss_dev *ss;

65
	dma_addr_t dma_iv, dma_dst;

66
	unsigned int todo;

67
	int err = 0;

68
	int flow;

69
	void *d;

70
	u32 v;

71


72
	algt = container_of(alg, struct sun8i_ss_alg_template, alg.rng);

73
	ss = algt->ss;

74


75
	if (ctx->slen == 0) {

76
		dev_err(ss->dev, "The PRNG is not seeded\n");

77
		return -EINVAL;

78
	}

79


80
	/* The SS does not give an updated seed, so we need to get a new one.

81
	 * So we will ask for an extra PRNG_SEED_SIZE data.

82
	 * We want dlen + seedsize rounded up to a multiple of PRNG_DATA_SIZE

83
	 */

84
	todo = dlen + PRNG_SEED_SIZE + PRNG_DATA_SIZE;

85
	todo -= todo % PRNG_DATA_SIZE;

86


87
	todo_with_padding = ALIGN(todo, dma_get_cache_alignment());

88
	if (todo_with_padding < todo || todo < dlen)

89
		return -EOVERFLOW;

90


91
	d = kzalloc(todo_with_padding, GFP_KERNEL);

92
	if (!d)

93
		return -ENOMEM;

94


95
	flow = sun8i_ss_get_engine_number(ss);

96


97
#ifdef CONFIG_CRYPTO_DEV_SUN8I_SS_DEBUG

98
	algt->stat_req++;

99
	algt->stat_bytes += todo;

100
#endif

101


102
	v = SS_ALG_PRNG | SS_PRNG_CONTINUE | SS_START;

103
	if (flow)

104
		v |= SS_FLOW1;

105
	else

106
		v |= SS_FLOW0;

107


108
	dma_iv = dma_map_single(ss->dev, ctx->seed, ctx->slen, DMA_TO_DEVICE);

109
	if (dma_mapping_error(ss->dev, dma_iv)) {

110
		dev_err(ss->dev, "Cannot DMA MAP IV\n");

111
		err = -EFAULT;

112
		goto err_free;

113
	}

114


115
	dma_dst = dma_map_single(ss->dev, d, todo, DMA_FROM_DEVICE);

116
	if (dma_mapping_error(ss->dev, dma_dst)) {

117
		dev_err(ss->dev, "Cannot DMA MAP DST\n");

118
		err = -EFAULT;

119
		goto err_iv;

120
	}

121


122
	err = pm_runtime_resume_and_get(ss->dev);

123
	if (err < 0)

124
		goto err_pm;

125
	err = 0;

126


127
	mutex_lock(&ss->mlock);

128
	writel(dma_iv, ss->base + SS_IV_ADR_REG);

129
	/* the PRNG act badly (failing rngtest) without SS_KEY_ADR_REG set */

130
	writel(dma_iv, ss->base + SS_KEY_ADR_REG);

131
	writel(dma_dst, ss->base + SS_DST_ADR_REG);

132
	writel(todo / 4, ss->base + SS_LEN_ADR_REG);

133


134
	reinit_completion(&ss->flows[flow].complete);

135
	ss->flows[flow].status = 0;

136
	/* Be sure all data is written before enabling the task */

137
	wmb();

138


139
	writel(v, ss->base + SS_CTL_REG);

140


141
	wait_for_completion_interruptible_timeout(&ss->flows[flow].complete,

142
						  msecs_to_jiffies(todo));

143
	if (ss->flows[flow].status == 0) {

144
		dev_err(ss->dev, "DMA timeout for PRNG (size=%u)\n", todo);

145
		err = -EFAULT;

146
	}

147
	/* Since cipher and hash use the linux/cryptoengine and that we have

148
	 * a cryptoengine per flow, we are sure that they will issue only one

149
	 * request per flow.

150
	 * Since the cryptoengine wait for completion before submitting a new

151
	 * one, the mlock could be left just after the final writel.

152
	 * But cryptoengine cannot handle crypto_rng, so we need to be sure

153
	 * nothing will use our flow.

154
	 * The easiest way is to grab mlock until the hardware end our requests.

155
	 * We could have used a per flow lock, but this would increase

156
	 * complexity.

157
	 * The drawback is that no request could be handled for the other flow.

158
	 */

159
	mutex_unlock(&ss->mlock);

160


161
	pm_runtime_put(ss->dev);

162


163
err_pm:

164
	dma_unmap_single(ss->dev, dma_dst, todo, DMA_FROM_DEVICE);

165
err_iv:

166
	dma_unmap_single(ss->dev, dma_iv, ctx->slen, DMA_TO_DEVICE);

167


168
	if (!err) {

169
		memcpy(dst, d, dlen);

170
		/* Update seed */

171
		memcpy(ctx->seed, d + dlen, ctx->slen);

172
	}

173
err_free:

174
	kfree_sensitive(d);

175


176
	return err;

177
}

178


179