search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/rockchip: Don't change hdmi reference clock rate
[drm/drm-misc.git] / drivers / crypto / ccp / ccp-crypto-sha.c
blobfa3ae8e78f6f3e412fe89b230dc56d393238688f
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AMD Cryptographic Coprocessor (CCP) SHA crypto API support
4 *
5 * Copyright (C) 2013,2018 Advanced Micro Devices, Inc.
6 *
7 * Author: Tom Lendacky <thomas.lendacky@amd.com>
8 * Author: Gary R Hook <gary.hook@amd.com>
9 */
10
11 #include <linux/module.h>
12 #include <linux/sched.h>
13 #include <linux/delay.h>
14 #include <linux/scatterlist.h>
15 #include <linux/crypto.h>
16 #include <crypto/algapi.h>
17 #include <crypto/hash.h>
18 #include <crypto/hmac.h>
19 #include <crypto/internal/hash.h>
20 #include <crypto/sha1.h>
21 #include <crypto/sha2.h>
22 #include <crypto/scatterwalk.h>
23 #include <linux/string.h>
24
25 #include "ccp-crypto.h"
26
27 static int ccp_sha_complete(struct crypto_async_request *async_req, int ret)
28 {
29 struct ahash_request *req = ahash_request_cast(async_req);
30 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
31 struct ccp_sha_req_ctx *rctx = ahash_request_ctx_dma(req);
32 unsigned int digest_size = crypto_ahash_digestsize(tfm);
33
34 if (ret)
35 goto e_free;
36
37 if (rctx->hash_rem) {
38 /* Save remaining data to buffer */
39 unsigned int offset = rctx->nbytes - rctx->hash_rem;
40
41 scatterwalk_map_and_copy(rctx->buf, rctx->src,
42 offset, rctx->hash_rem, 0);
43 rctx->buf_count = rctx->hash_rem;
44 } else {
45 rctx->buf_count = 0;
46 }
47
48 /* Update result area if supplied */
49 if (req->result && rctx->final)
50 memcpy(req->result, rctx->ctx, digest_size);
51
52 e_free:
53 sg_free_table(&rctx->data_sg);
54
55 return ret;
56 }
57
58 static int ccp_do_sha_update(struct ahash_request *req, unsigned int nbytes,
59 unsigned int final)
60 {
61 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
62 struct ccp_ctx *ctx = crypto_ahash_ctx_dma(tfm);
63 struct ccp_sha_req_ctx *rctx = ahash_request_ctx_dma(req);
64 struct scatterlist *sg;
65 unsigned int block_size =
66 crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
67 unsigned int sg_count;
68 gfp_t gfp;
69 u64 len;
70 int ret;
71
72 len = (u64)rctx->buf_count + (u64)nbytes;
73
74 if (!final && (len <= block_size)) {
75 scatterwalk_map_and_copy(rctx->buf + rctx->buf_count, req->src,
76 0, nbytes, 0);
77 rctx->buf_count += nbytes;
78
79 return 0;
80 }
81
82 rctx->src = req->src;
83 rctx->nbytes = nbytes;
84
85 rctx->final = final;
86 rctx->hash_rem = final ? 0 : len & (block_size - 1);
87 rctx->hash_cnt = len - rctx->hash_rem;
88 if (!final && !rctx->hash_rem) {
89 /* CCP can't do zero length final, so keep some data around */
90 rctx->hash_cnt -= block_size;
91 rctx->hash_rem = block_size;
92 }
93
94 /* Initialize the context scatterlist */
95 sg_init_one(&rctx->ctx_sg, rctx->ctx, sizeof(rctx->ctx));
96
97 sg = NULL;
98 if (rctx->buf_count && nbytes) {
99 /* Build the data scatterlist table - allocate enough entries
100 * for both data pieces (buffer and input data)
101 */
102 gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
103 GFP_KERNEL : GFP_ATOMIC;
104 sg_count = sg_nents(req->src) + 1;
105 ret = sg_alloc_table(&rctx->data_sg, sg_count, gfp);
106 if (ret)
107 return ret;
108
109 sg_init_one(&rctx->buf_sg, rctx->buf, rctx->buf_count);
110 sg = ccp_crypto_sg_table_add(&rctx->data_sg, &rctx->buf_sg);
111 if (!sg) {
112 ret = -EINVAL;
113 goto e_free;
114 }
115 sg = ccp_crypto_sg_table_add(&rctx->data_sg, req->src);
116 if (!sg) {
117 ret = -EINVAL;
118 goto e_free;
119 }
120 sg_mark_end(sg);
121
122 sg = rctx->data_sg.sgl;
123 } else if (rctx->buf_count) {
124 sg_init_one(&rctx->buf_sg, rctx->buf, rctx->buf_count);
125
126 sg = &rctx->buf_sg;
127 } else if (nbytes) {
128 sg = req->src;
129 }
130
131 rctx->msg_bits += (rctx->hash_cnt << 3); /* Total in bits */
132
133 memset(&rctx->cmd, 0, sizeof(rctx->cmd));
134 INIT_LIST_HEAD(&rctx->cmd.entry);
135 rctx->cmd.engine = CCP_ENGINE_SHA;
136 rctx->cmd.u.sha.type = rctx->type;
137 rctx->cmd.u.sha.ctx = &rctx->ctx_sg;
138
139 switch (rctx->type) {
140 case CCP_SHA_TYPE_1:
141 rctx->cmd.u.sha.ctx_len = SHA1_DIGEST_SIZE;
142 break;
143 case CCP_SHA_TYPE_224:
144 rctx->cmd.u.sha.ctx_len = SHA224_DIGEST_SIZE;
145 break;
146 case CCP_SHA_TYPE_256:
147 rctx->cmd.u.sha.ctx_len = SHA256_DIGEST_SIZE;
148 break;
149 case CCP_SHA_TYPE_384:
150 rctx->cmd.u.sha.ctx_len = SHA384_DIGEST_SIZE;
151 break;
152 case CCP_SHA_TYPE_512:
153 rctx->cmd.u.sha.ctx_len = SHA512_DIGEST_SIZE;
154 break;
155 default:
156 /* Should never get here */
157 break;
158 }
159
160 rctx->cmd.u.sha.src = sg;
161 rctx->cmd.u.sha.src_len = rctx->hash_cnt;
162 rctx->cmd.u.sha.opad = ctx->u.sha.key_len ?
163 &ctx->u.sha.opad_sg : NULL;
164 rctx->cmd.u.sha.opad_len = ctx->u.sha.key_len ?
165 ctx->u.sha.opad_count : 0;
166 rctx->cmd.u.sha.first = rctx->first;
167 rctx->cmd.u.sha.final = rctx->final;
168 rctx->cmd.u.sha.msg_bits = rctx->msg_bits;
169
170 rctx->first = 0;
171
172 ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd);
173
174 return ret;
175
176 e_free:
177 sg_free_table(&rctx->data_sg);
178
179 return ret;
180 }
181
182 static int ccp_sha_init(struct ahash_request *req)
183 {
184 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
185 struct ccp_ctx *ctx = crypto_ahash_ctx_dma(tfm);
186 struct ccp_sha_req_ctx *rctx = ahash_request_ctx_dma(req);
187 struct ccp_crypto_ahash_alg *alg =
188 ccp_crypto_ahash_alg(crypto_ahash_tfm(tfm));
189 unsigned int block_size =
190 crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
191
192 memset(rctx, 0, sizeof(*rctx));
193
194 rctx->type = alg->type;
195 rctx->first = 1;
196
197 if (ctx->u.sha.key_len) {
198 /* Buffer the HMAC key for first update */
199 memcpy(rctx->buf, ctx->u.sha.ipad, block_size);
200 rctx->buf_count = block_size;
201 }
202
203 return 0;
204 }
205
206 static int ccp_sha_update(struct ahash_request *req)
207 {
208 return ccp_do_sha_update(req, req->nbytes, 0);
209 }
210
211 static int ccp_sha_final(struct ahash_request *req)
212 {
213 return ccp_do_sha_update(req, 0, 1);
214 }
215
216 static int ccp_sha_finup(struct ahash_request *req)
217 {
218 return ccp_do_sha_update(req, req->nbytes, 1);
219 }
220
221 static int ccp_sha_digest(struct ahash_request *req)
222 {
223 int ret;
224
225 ret = ccp_sha_init(req);
226 if (ret)
227 return ret;
228
229 return ccp_sha_finup(req);
230 }
231
232 static int ccp_sha_export(struct ahash_request *req, void *out)
233 {
234 struct ccp_sha_req_ctx *rctx = ahash_request_ctx_dma(req);
235 struct ccp_sha_exp_ctx state;
236
237 /* Don't let anything leak to 'out' */
238 memset(&state, 0, sizeof(state));
239
240 state.type = rctx->type;
241 state.msg_bits = rctx->msg_bits;
242 state.first = rctx->first;
243 memcpy(state.ctx, rctx->ctx, sizeof(state.ctx));
244 state.buf_count = rctx->buf_count;
245 memcpy(state.buf, rctx->buf, sizeof(state.buf));
246
247 /* 'out' may not be aligned so memcpy from local variable */
248 memcpy(out, &state, sizeof(state));
249
250 return 0;
251 }
252
253 static int ccp_sha_import(struct ahash_request *req, const void *in)
254 {
255 struct ccp_sha_req_ctx *rctx = ahash_request_ctx_dma(req);
256 struct ccp_sha_exp_ctx state;
257
258 /* 'in' may not be aligned so memcpy to local variable */
259 memcpy(&state, in, sizeof(state));
260
261 memset(rctx, 0, sizeof(*rctx));
262 rctx->type = state.type;
263 rctx->msg_bits = state.msg_bits;
264 rctx->first = state.first;
265 memcpy(rctx->ctx, state.ctx, sizeof(rctx->ctx));
266 rctx->buf_count = state.buf_count;
267 memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
268
269 return 0;
270 }
271
272 static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
273 unsigned int key_len)
274 {
275 struct ccp_ctx *ctx = crypto_ahash_ctx_dma(tfm);
276 struct crypto_shash *shash = ctx->u.sha.hmac_tfm;
277 unsigned int block_size = crypto_shash_blocksize(shash);
278 unsigned int digest_size = crypto_shash_digestsize(shash);
279 int i, ret;
280
281 /* Set to zero until complete */
282 ctx->u.sha.key_len = 0;
283
284 /* Clear key area to provide zero padding for keys smaller
285 * than the block size
286 */
287 memset(ctx->u.sha.key, 0, sizeof(ctx->u.sha.key));
288
289 if (key_len > block_size) {
290 /* Must hash the input key */
291 ret = crypto_shash_tfm_digest(shash, key, key_len,
292 ctx->u.sha.key);
293 if (ret)
294 return -EINVAL;
295
296 key_len = digest_size;
297 } else {
298 memcpy(ctx->u.sha.key, key, key_len);
299 }
300
301 for (i = 0; i < block_size; i++) {
302 ctx->u.sha.ipad[i] = ctx->u.sha.key[i] ^ HMAC_IPAD_VALUE;
303 ctx->u.sha.opad[i] = ctx->u.sha.key[i] ^ HMAC_OPAD_VALUE;
304 }
305
306 sg_init_one(&ctx->u.sha.opad_sg, ctx->u.sha.opad, block_size);
307 ctx->u.sha.opad_count = block_size;
308
309 ctx->u.sha.key_len = key_len;
310
311 return 0;
312 }
313
314 static int ccp_sha_cra_init(struct crypto_tfm *tfm)
315 {
316 struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);
317 struct ccp_ctx *ctx = crypto_ahash_ctx_dma(ahash);
318
319 ctx->complete = ccp_sha_complete;
320 ctx->u.sha.key_len = 0;
321
322 crypto_ahash_set_reqsize_dma(ahash, sizeof(struct ccp_sha_req_ctx));
323
324 return 0;
325 }
326
327 static void ccp_sha_cra_exit(struct crypto_tfm *tfm)
328 {
329 }
330
331 static int ccp_hmac_sha_cra_init(struct crypto_tfm *tfm)
332 {
333 struct ccp_ctx *ctx = crypto_tfm_ctx_dma(tfm);
334 struct ccp_crypto_ahash_alg *alg = ccp_crypto_ahash_alg(tfm);
335 struct crypto_shash *hmac_tfm;
336
337 hmac_tfm = crypto_alloc_shash(alg->child_alg, 0, 0);
338 if (IS_ERR(hmac_tfm)) {
339 pr_warn("could not load driver %s need for HMAC support\n",
340 alg->child_alg);
341 return PTR_ERR(hmac_tfm);
342 }
343
344 ctx->u.sha.hmac_tfm = hmac_tfm;
345
346 return ccp_sha_cra_init(tfm);
347 }
348
349 static void ccp_hmac_sha_cra_exit(struct crypto_tfm *tfm)
350 {
351 struct ccp_ctx *ctx = crypto_tfm_ctx_dma(tfm);
352
353 if (ctx->u.sha.hmac_tfm)
354 crypto_free_shash(ctx->u.sha.hmac_tfm);
355
356 ccp_sha_cra_exit(tfm);
357 }
358
359 struct ccp_sha_def {
360 unsigned int version;
361 const char *name;
362 const char *drv_name;
363 enum ccp_sha_type type;
364 u32 digest_size;
365 u32 block_size;
366 };
367
368 static struct ccp_sha_def sha_algs[] = {
369 {
370 .version = CCP_VERSION(3, 0),
371 .name = "sha1",
372 .drv_name = "sha1-ccp",
373 .type = CCP_SHA_TYPE_1,
374 .digest_size = SHA1_DIGEST_SIZE,
375 .block_size = SHA1_BLOCK_SIZE,
376 },
377 {
378 .version = CCP_VERSION(3, 0),
379 .name = "sha224",
380 .drv_name = "sha224-ccp",
381 .type = CCP_SHA_TYPE_224,
382 .digest_size = SHA224_DIGEST_SIZE,
383 .block_size = SHA224_BLOCK_SIZE,
384 },
385 {
386 .version = CCP_VERSION(3, 0),
387 .name = "sha256",
388 .drv_name = "sha256-ccp",
389 .type = CCP_SHA_TYPE_256,
390 .digest_size = SHA256_DIGEST_SIZE,
391 .block_size = SHA256_BLOCK_SIZE,
392 },
393 {
394 .version = CCP_VERSION(5, 0),
395 .name = "sha384",
396 .drv_name = "sha384-ccp",
397 .type = CCP_SHA_TYPE_384,
398 .digest_size = SHA384_DIGEST_SIZE,
399 .block_size = SHA384_BLOCK_SIZE,
400 },
401 {
402 .version = CCP_VERSION(5, 0),
403 .name = "sha512",
404 .drv_name = "sha512-ccp",
405 .type = CCP_SHA_TYPE_512,
406 .digest_size = SHA512_DIGEST_SIZE,
407 .block_size = SHA512_BLOCK_SIZE,
408 },
409 };
410
411 static int ccp_register_hmac_alg(struct list_head *head,
412 const struct ccp_sha_def *def,
413 const struct ccp_crypto_ahash_alg *base_alg)
414 {
415 struct ccp_crypto_ahash_alg *ccp_alg;
416 struct ahash_alg *alg;
417 struct hash_alg_common *halg;
418 struct crypto_alg *base;
419 int ret;
420
421 ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL);
422 if (!ccp_alg)
423 return -ENOMEM;
424
425 /* Copy the base algorithm and only change what's necessary */
426 *ccp_alg = *base_alg;
427 INIT_LIST_HEAD(&ccp_alg->entry);
428
429 strscpy(ccp_alg->child_alg, def->name, CRYPTO_MAX_ALG_NAME);
430
431 alg = &ccp_alg->alg;
432 alg->setkey = ccp_sha_setkey;
433
434 halg = &alg->halg;
435
436 base = &halg->base;
437 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)", def->name);
438 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "hmac-%s",
439 def->drv_name);
440 base->cra_init = ccp_hmac_sha_cra_init;
441 base->cra_exit = ccp_hmac_sha_cra_exit;
442
443 ret = crypto_register_ahash(alg);
444 if (ret) {
445 pr_err("%s ahash algorithm registration error (%d)\n",
446 base->cra_name, ret);
447 kfree(ccp_alg);
448 return ret;
449 }
450
451 list_add(&ccp_alg->entry, head);
452
453 return ret;
454 }
455
456 static int ccp_register_sha_alg(struct list_head *head,
457 const struct ccp_sha_def *def)
458 {
459 struct ccp_crypto_ahash_alg *ccp_alg;
460 struct ahash_alg *alg;
461 struct hash_alg_common *halg;
462 struct crypto_alg *base;
463 int ret;
464
465 ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL);
466 if (!ccp_alg)
467 return -ENOMEM;
468
469 INIT_LIST_HEAD(&ccp_alg->entry);
470
471 ccp_alg->type = def->type;
472
473 alg = &ccp_alg->alg;
474 alg->init = ccp_sha_init;
475 alg->update = ccp_sha_update;
476 alg->final = ccp_sha_final;
477 alg->finup = ccp_sha_finup;
478 alg->digest = ccp_sha_digest;
479 alg->export = ccp_sha_export;
480 alg->import = ccp_sha_import;
481
482 halg = &alg->halg;
483 halg->digestsize = def->digest_size;
484 halg->statesize = sizeof(struct ccp_sha_exp_ctx);
485
486 base = &halg->base;
487 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
488 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
489 def->drv_name);
490 base->cra_flags = CRYPTO_ALG_ASYNC |
491 CRYPTO_ALG_ALLOCATES_MEMORY |
492 CRYPTO_ALG_KERN_DRIVER_ONLY |
493 CRYPTO_ALG_NEED_FALLBACK;
494 base->cra_blocksize = def->block_size;
495 base->cra_ctxsize = sizeof(struct ccp_ctx) + crypto_dma_padding();
496 base->cra_priority = CCP_CRA_PRIORITY;
497 base->cra_init = ccp_sha_cra_init;
498 base->cra_exit = ccp_sha_cra_exit;
499 base->cra_module = THIS_MODULE;
500
501 ret = crypto_register_ahash(alg);
502 if (ret) {
503 pr_err("%s ahash algorithm registration error (%d)\n",
504 base->cra_name, ret);
505 kfree(ccp_alg);
506 return ret;
507 }
508
509 list_add(&ccp_alg->entry, head);
510
511 ret = ccp_register_hmac_alg(head, def, ccp_alg);
512
513 return ret;
514 }
515
516 int ccp_register_sha_algs(struct list_head *head)
517 {
518 int i, ret;
519 unsigned int ccpversion = ccp_version();
520
521 for (i = 0; i < ARRAY_SIZE(sha_algs); i++) {
522 if (sha_algs[i].version > ccpversion)
523 continue;
524 ret = ccp_register_sha_alg(head, &sha_algs[i]);
525 if (ret)
526 return ret;
527 }
528
529 return 0;
530 }
Kernel DRM miscellaneous fixes and cross-tree changes