drivers/crypto/allwinner/sun8i-ss/sun8i-ss-prng.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * sun8i-ss-prng.c - hardware cryptographic offloader for
   4  * Allwinner A80/A83T SoC
   5  *
   6  * Copyright (C) 2015-2020 Corentin Labbe <clabbe@baylibre.com>
   7  *
   8  * This file handle the PRNG found in the SS
   9  *
  10  * You could find a link for the datasheet in Documentation/arm/sunxi.rst
  11  */
  12 #include "sun8i-ss.h"
  13 #include <linux/dma-mapping.h>
  14 #include <linux/pm_runtime.h>
  15 #include <crypto/internal/rng.h>
  16
  17 int sun8i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed,
  18                        unsigned int slen)
  19 {
  20         struct sun8i_ss_rng_tfm_ctx *ctx = crypto_rng_ctx(tfm);
  21
  22         if (ctx->seed && ctx->slen != slen) {
  23                 memzero_explicit(ctx->seed, ctx->slen);
  24                 kfree(ctx->seed);
  25                 ctx->slen = 0;
  26                 ctx->seed = NULL;
  27         }
  28         if (!ctx->seed)
  29                 ctx->seed = kmalloc(slen, GFP_KERNEL | GFP_DMA);
  30         if (!ctx->seed)
  31                 return -ENOMEM;
  32
  33         memcpy(ctx->seed, seed, slen);
  34         ctx->slen = slen;
  35
  36         return 0;
  37 }
  38
  39 int sun8i_ss_prng_init(struct crypto_tfm *tfm)
  40 {
  41         struct sun8i_ss_rng_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
  42
  43         memset(ctx, 0, sizeof(struct sun8i_ss_rng_tfm_ctx));
  44         return 0;
  45 }
  46
  47 void sun8i_ss_prng_exit(struct crypto_tfm *tfm)
  48 {
  49         struct sun8i_ss_rng_tfm_ctx *ctx = crypto_tfm_ctx(tfm);
  50
  51         memzero_explicit(ctx->seed, ctx->slen);
  52         kfree(ctx->seed);
  53         ctx->seed = NULL;
  54         ctx->slen = 0;
  55 }
  56
  57 int sun8i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src,
  58                            unsigned int slen, u8 *dst, unsigned int dlen)
  59 {
  60         struct sun8i_ss_rng_tfm_ctx *ctx = crypto_rng_ctx(tfm);
  61         struct rng_alg *alg = crypto_rng_alg(tfm);
  62         struct sun8i_ss_alg_template *algt;
  63         struct sun8i_ss_dev *ss;
  64         dma_addr_t dma_iv, dma_dst;
  65         unsigned int todo;
  66         int err = 0;
  67         int flow;
  68         void *d;
  69         u32 v;
  70
  71         algt = container_of(alg, struct sun8i_ss_alg_template, alg.rng);
  72         ss = algt->ss;
  73
  74         if (ctx->slen == 0) {
  75                 dev_err(ss->dev, "The PRNG is not seeded\n");
  76                 return -EINVAL;
  77         }
  78
  79         /* The SS does not give an updated seed, so we need to get a new one.
  80          * So we will ask for an extra PRNG_SEED_SIZE data.
  81          * We want dlen + seedsize rounded up to a multiple of PRNG_DATA_SIZE
  82          */
  83         todo = dlen + PRNG_SEED_SIZE + PRNG_DATA_SIZE;
  84         todo -= todo % PRNG_DATA_SIZE;
  85
  86         d = kzalloc(todo, GFP_KERNEL | GFP_DMA);
  87         if (!d)
  88                 return -ENOMEM;
  89
  90         flow = sun8i_ss_get_engine_number(ss);
  91
  92 #ifdef CONFIG_CRYPTO_DEV_SUN8I_SS_DEBUG
  93         algt->stat_req++;
  94         algt->stat_bytes += todo;
  95 #endif
  96
  97         v = SS_ALG_PRNG | SS_PRNG_CONTINUE | SS_START;
  98         if (flow)
  99                 v |= SS_FLOW1;
 100         else
 101                 v |= SS_FLOW0;
 102
 103         dma_iv = dma_map_single(ss->dev, ctx->seed, ctx->slen, DMA_TO_DEVICE);
 104         if (dma_mapping_error(ss->dev, dma_iv)) {
 105                 dev_err(ss->dev, "Cannot DMA MAP IV\n");
 106                 return -EFAULT;
 107         }
 108
 109         dma_dst = dma_map_single(ss->dev, d, todo, DMA_FROM_DEVICE);
 110         if (dma_mapping_error(ss->dev, dma_dst)) {
 111                 dev_err(ss->dev, "Cannot DMA MAP DST\n");
 112                 err = -EFAULT;
 113                 goto err_iv;
 114         }
 115
 116         err = pm_runtime_get_sync(ss->dev);
 117         if (err < 0) {
 118                 pm_runtime_put_noidle(ss->dev);
 119                 goto err_pm;
 120         }
 121         err = 0;
 122
 123         mutex_lock(&ss->mlock);
 124         writel(dma_iv, ss->base + SS_IV_ADR_REG);
 125         /* the PRNG act badly (failing rngtest) without SS_KEY_ADR_REG set */
 126         writel(dma_iv, ss->base + SS_KEY_ADR_REG);
 127         writel(dma_dst, ss->base + SS_DST_ADR_REG);
 128         writel(todo / 4, ss->base + SS_LEN_ADR_REG);
 129
 130         reinit_completion(&ss->flows[flow].complete);
 131         ss->flows[flow].status = 0;
 132         /* Be sure all data is written before enabling the task */
 133         wmb();
 134
 135         writel(v, ss->base + SS_CTL_REG);
 136
 137         wait_for_completion_interruptible_timeout(&ss->flows[flow].complete,
 138                                                   msecs_to_jiffies(todo));
 139         if (ss->flows[flow].status == 0) {
 140                 dev_err(ss->dev, "DMA timeout for PRNG (size=%u)\n", todo);
 141                 err = -EFAULT;
 142         }
 143         /* Since cipher and hash use the linux/cryptoengine and that we have
 144          * a cryptoengine per flow, we are sure that they will issue only one
 145          * request per flow.
 146          * Since the cryptoengine wait for completion before submitting a new
 147          * one, the mlock could be left just after the final writel.
 148          * But cryptoengine cannot handle crypto_rng, so we need to be sure
 149          * nothing will use our flow.
 150          * The easiest way is to grab mlock until the hardware end our requests.
 151          * We could have used a per flow lock, but this would increase
 152          * complexity.
 153          * The drawback is that no request could be handled for the other flow.
 154          */
 155         mutex_unlock(&ss->mlock);
 156
 157         pm_runtime_put(ss->dev);
 158
 159 err_pm:
 160         dma_unmap_single(ss->dev, dma_dst, todo, DMA_FROM_DEVICE);
 161 err_iv:
 162         dma_unmap_single(ss->dev, dma_iv, ctx->slen, DMA_TO_DEVICE);
 163
 164         if (!err) {
 165                 memcpy(dst, d, dlen);
 166                 /* Update seed */
 167                 memcpy(ctx->seed, d + dlen, ctx->slen);
 168         }
 169         memzero_explicit(d, todo);
 170         kfree(d);
 171
 172         return err;
 173 }