1// SPDX-License-Identifier: GPL-2.0 2/* 3 * sun8i-ss-prng.c - hardware cryptographic offloader for 4 * Allwinner A80/A83T SoC 5 * 6 * Copyright (C) 2015-2020 Corentin Labbe <clabbe@baylibre.com> 7 * 8 * This file handle the PRNG found in the SS 9 * 10 * You could find a link for the datasheet in Documentation/arm/sunxi.rst 11 */ 12#include "sun8i-ss.h" 13#include <linux/dma-mapping.h> 14#include <linux/pm_runtime.h> 15#include <crypto/internal/rng.h> 16 17int sun8i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed, 18 unsigned int slen) 19{ 20 struct sun8i_ss_rng_tfm_ctx *ctx = crypto_rng_ctx(tfm); 21 22 if (ctx->seed && ctx->slen != slen) { 23 memzero_explicit(ctx->seed, ctx->slen); 24 kfree(ctx->seed); 25 ctx->slen = 0; 26 ctx->seed = NULL; 27 } 28 if (!ctx->seed) 29 ctx->seed = kmalloc(slen, GFP_KERNEL | GFP_DMA); 30 if (!ctx->seed) 31 return -ENOMEM; 32 33 memcpy(ctx->seed, seed, slen); 34 ctx->slen = slen; 35 36 return 0; 37} 38 39int sun8i_ss_prng_init(struct crypto_tfm *tfm) 40{ 41 struct sun8i_ss_rng_tfm_ctx *ctx = crypto_tfm_ctx(tfm); 42 43 memset(ctx, 0, sizeof(struct sun8i_ss_rng_tfm_ctx)); 44 return 0; 45} 46 47void sun8i_ss_prng_exit(struct crypto_tfm *tfm) 48{ 49 struct sun8i_ss_rng_tfm_ctx *ctx = crypto_tfm_ctx(tfm); 50 51 memzero_explicit(ctx->seed, ctx->slen); 52 kfree(ctx->seed); 53 ctx->seed = NULL; 54 ctx->slen = 0; 55} 56 57int sun8i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src, 58 unsigned int slen, u8 *dst, unsigned int dlen) 59{ 60 struct sun8i_ss_rng_tfm_ctx *ctx = crypto_rng_ctx(tfm); 61 struct rng_alg *alg = crypto_rng_alg(tfm); 62 struct sun8i_ss_alg_template *algt; 63 struct sun8i_ss_dev *ss; 64 dma_addr_t dma_iv, dma_dst; 65 unsigned int todo; 66 int err = 0; 67 int flow; 68 void *d; 69 u32 v; 70 71 algt = container_of(alg, struct sun8i_ss_alg_template, alg.rng); 72 ss = algt->ss; 73 74 if (ctx->slen == 0) { 75 dev_err(ss->dev, "The PRNG is not seeded\n"); 76 return -EINVAL; 77 } 78 79 /* The SS does not give an updated seed, so we need to get a new one. 80 * So we will ask for an extra PRNG_SEED_SIZE data. 81 * We want dlen + seedsize rounded up to a multiple of PRNG_DATA_SIZE 82 */ 83 todo = dlen + PRNG_SEED_SIZE + PRNG_DATA_SIZE; 84 todo -= todo % PRNG_DATA_SIZE; 85 86 d = kzalloc(todo, GFP_KERNEL | GFP_DMA); 87 if (!d) 88 return -ENOMEM; 89 90 flow = sun8i_ss_get_engine_number(ss); 91 92#ifdef CONFIG_CRYPTO_DEV_SUN8I_SS_DEBUG 93 algt->stat_req++; 94 algt->stat_bytes += todo; 95#endif 96 97 v = SS_ALG_PRNG | SS_PRNG_CONTINUE | SS_START; 98 if (flow) 99 v |= SS_FLOW1; 100 else 101 v |= SS_FLOW0; 102 103 dma_iv = dma_map_single(ss->dev, ctx->seed, ctx->slen, DMA_TO_DEVICE); 104 if (dma_mapping_error(ss->dev, dma_iv)) { 105 dev_err(ss->dev, "Cannot DMA MAP IV\n"); 106 err = -EFAULT; 107 goto err_free; 108 } 109 110 dma_dst = dma_map_single(ss->dev, d, todo, DMA_FROM_DEVICE); 111 if (dma_mapping_error(ss->dev, dma_dst)) { 112 dev_err(ss->dev, "Cannot DMA MAP DST\n"); 113 err = -EFAULT; 114 goto err_iv; 115 } 116 117 err = pm_runtime_get_sync(ss->dev); 118 if (err < 0) { 119 pm_runtime_put_noidle(ss->dev); 120 goto err_pm; 121 } 122 err = 0; 123 124 mutex_lock(&ss->mlock); 125 writel(dma_iv, ss->base + SS_IV_ADR_REG); 126 /* the PRNG act badly (failing rngtest) without SS_KEY_ADR_REG set */ 127 writel(dma_iv, ss->base + SS_KEY_ADR_REG); 128 writel(dma_dst, ss->base + SS_DST_ADR_REG); 129 writel(todo / 4, ss->base + SS_LEN_ADR_REG); 130 131 reinit_completion(&ss->flows[flow].complete); 132 ss->flows[flow].status = 0; 133 /* Be sure all data is written before enabling the task */ 134 wmb(); 135 136 writel(v, ss->base + SS_CTL_REG); 137 138 wait_for_completion_interruptible_timeout(&ss->flows[flow].complete, 139 msecs_to_jiffies(todo)); 140 if (ss->flows[flow].status == 0) { 141 dev_err(ss->dev, "DMA timeout for PRNG (size=%u)\n", todo); 142 err = -EFAULT; 143 } 144 /* Since cipher and hash use the linux/cryptoengine and that we have 145 * a cryptoengine per flow, we are sure that they will issue only one 146 * request per flow. 147 * Since the cryptoengine wait for completion before submitting a new 148 * one, the mlock could be left just after the final writel. 149 * But cryptoengine cannot handle crypto_rng, so we need to be sure 150 * nothing will use our flow. 151 * The easiest way is to grab mlock until the hardware end our requests. 152 * We could have used a per flow lock, but this would increase 153 * complexity. 154 * The drawback is that no request could be handled for the other flow. 155 */ 156 mutex_unlock(&ss->mlock); 157 158 pm_runtime_put(ss->dev); 159 160err_pm: 161 dma_unmap_single(ss->dev, dma_dst, todo, DMA_FROM_DEVICE); 162err_iv: 163 dma_unmap_single(ss->dev, dma_iv, ctx->slen, DMA_TO_DEVICE); 164 165 if (!err) { 166 memcpy(dst, d, dlen); 167 /* Update seed */ 168 memcpy(ctx->seed, d + dlen, ctx->slen); 169 } 170 memzero_explicit(d, todo); 171err_free: 172 kfree(d); 173 174 return err; 175} 176