sh_eth: fix EESIPR values for SH77{34|63}
[linux/fpc-iii.git] / drivers / crypto / sunxi-ss / sun4i-ss-hash.c
blob0de2f62d51ff763e5626739ba260da1f7d8599da
1 /*
2 * sun4i-ss-hash.c - hardware cryptographic accelerator for Allwinner A20 SoC
4 * Copyright (C) 2013-2015 Corentin LABBE <clabbe.montjoie@gmail.com>
6 * This file add support for MD5 and SHA1.
8 * You could find the datasheet in Documentation/arm/sunxi/README
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 #include "sun4i-ss.h"
16 #include <linux/scatterlist.h>
18 /* This is a totally arbitrary value */
19 #define SS_TIMEOUT 100
21 int sun4i_hash_crainit(struct crypto_tfm *tfm)
23 struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
24 struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg);
25 struct sun4i_ss_alg_template *algt;
27 memset(op, 0, sizeof(struct sun4i_tfm_ctx));
29 algt = container_of(alg, struct sun4i_ss_alg_template, alg.hash);
30 op->ss = algt->ss;
32 crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
33 sizeof(struct sun4i_req_ctx));
34 return 0;
37 /* sun4i_hash_init: initialize request context */
38 int sun4i_hash_init(struct ahash_request *areq)
40 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
41 struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
42 struct ahash_alg *alg = __crypto_ahash_alg(tfm->base.__crt_alg);
43 struct sun4i_ss_alg_template *algt;
45 memset(op, 0, sizeof(struct sun4i_req_ctx));
47 algt = container_of(alg, struct sun4i_ss_alg_template, alg.hash);
48 op->mode = algt->mode;
50 return 0;
53 int sun4i_hash_export_md5(struct ahash_request *areq, void *out)
55 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
56 struct md5_state *octx = out;
57 int i;
59 octx->byte_count = op->byte_count + op->len;
61 memcpy(octx->block, op->buf, op->len);
63 if (op->byte_count > 0) {
64 for (i = 0; i < 4; i++)
65 octx->hash[i] = op->hash[i];
66 } else {
67 octx->hash[0] = SHA1_H0;
68 octx->hash[1] = SHA1_H1;
69 octx->hash[2] = SHA1_H2;
70 octx->hash[3] = SHA1_H3;
73 return 0;
76 int sun4i_hash_import_md5(struct ahash_request *areq, const void *in)
78 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
79 const struct md5_state *ictx = in;
80 int i;
82 sun4i_hash_init(areq);
84 op->byte_count = ictx->byte_count & ~0x3F;
85 op->len = ictx->byte_count & 0x3F;
87 memcpy(op->buf, ictx->block, op->len);
89 for (i = 0; i < 4; i++)
90 op->hash[i] = ictx->hash[i];
92 return 0;
95 int sun4i_hash_export_sha1(struct ahash_request *areq, void *out)
97 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
98 struct sha1_state *octx = out;
99 int i;
101 octx->count = op->byte_count + op->len;
103 memcpy(octx->buffer, op->buf, op->len);
105 if (op->byte_count > 0) {
106 for (i = 0; i < 5; i++)
107 octx->state[i] = op->hash[i];
108 } else {
109 octx->state[0] = SHA1_H0;
110 octx->state[1] = SHA1_H1;
111 octx->state[2] = SHA1_H2;
112 octx->state[3] = SHA1_H3;
113 octx->state[4] = SHA1_H4;
116 return 0;
119 int sun4i_hash_import_sha1(struct ahash_request *areq, const void *in)
121 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
122 const struct sha1_state *ictx = in;
123 int i;
125 sun4i_hash_init(areq);
127 op->byte_count = ictx->count & ~0x3F;
128 op->len = ictx->count & 0x3F;
130 memcpy(op->buf, ictx->buffer, op->len);
132 for (i = 0; i < 5; i++)
133 op->hash[i] = ictx->state[i];
135 return 0;
138 #define SS_HASH_UPDATE 1
139 #define SS_HASH_FINAL 2
142 * sun4i_hash_update: update hash engine
144 * Could be used for both SHA1 and MD5
145 * Write data by step of 32bits and put then in the SS.
147 * Since we cannot leave partial data and hash state in the engine,
148 * we need to get the hash state at the end of this function.
149 * We can get the hash state every 64 bytes
151 * So the first work is to get the number of bytes to write to SS modulo 64
152 * The extra bytes will go to a temporary buffer op->buf storing op->len bytes
154 * So at the begin of update()
155 * if op->len + areq->nbytes < 64
156 * => all data will be written to wait buffer (op->buf) and end=0
157 * if not, write all data from op->buf to the device and position end to
158 * complete to 64bytes
160 * example 1:
161 * update1 60o => op->len=60
162 * update2 60o => need one more word to have 64 bytes
163 * end=4
164 * so write all data from op->buf and one word of SGs
165 * write remaining data in op->buf
166 * final state op->len=56
168 static int sun4i_hash(struct ahash_request *areq)
170 u32 v, ivmode = 0;
171 unsigned int i = 0;
173 * i is the total bytes read from SGs, to be compared to areq->nbytes
174 * i is important because we cannot rely on SG length since the sum of
175 * SG->length could be greater than areq->nbytes
178 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
179 struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
180 struct sun4i_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm);
181 struct sun4i_ss_ctx *ss = tfmctx->ss;
182 unsigned int in_i = 0; /* advancement in the current SG */
183 unsigned int end;
185 * end is the position when we need to stop writing to the device,
186 * to be compared to i
188 int in_r, err = 0;
189 unsigned int todo;
190 u32 spaces, rx_cnt = SS_RX_DEFAULT;
191 size_t copied = 0;
192 struct sg_mapping_iter mi;
193 unsigned int j = 0;
194 int zeros;
195 unsigned int index, padlen;
196 __be64 bits;
197 u32 bf[32];
198 u32 wb = 0;
199 unsigned int nwait, nbw = 0;
200 struct scatterlist *in_sg = areq->src;
202 dev_dbg(ss->dev, "%s %s bc=%llu len=%u mode=%x wl=%u h0=%0x",
203 __func__, crypto_tfm_alg_name(areq->base.tfm),
204 op->byte_count, areq->nbytes, op->mode,
205 op->len, op->hash[0]);
207 if (unlikely(areq->nbytes == 0) && (op->flags & SS_HASH_FINAL) == 0)
208 return 0;
210 /* protect against overflow */
211 if (unlikely(areq->nbytes > UINT_MAX - op->len)) {
212 dev_err(ss->dev, "Cannot process too large request\n");
213 return -EINVAL;
216 if (op->len + areq->nbytes < 64 && (op->flags & SS_HASH_FINAL) == 0) {
217 /* linearize data to op->buf */
218 copied = sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),
219 op->buf + op->len, areq->nbytes, 0);
220 op->len += copied;
221 return 0;
224 spin_lock_bh(&ss->slock);
227 * if some data have been processed before,
228 * we need to restore the partial hash state
230 if (op->byte_count > 0) {
231 ivmode = SS_IV_ARBITRARY;
232 for (i = 0; i < 5; i++)
233 writel(op->hash[i], ss->base + SS_IV0 + i * 4);
235 /* Enable the device */
236 writel(op->mode | SS_ENABLED | ivmode, ss->base + SS_CTL);
238 if ((op->flags & SS_HASH_UPDATE) == 0)
239 goto hash_final;
241 /* start of handling data */
242 if ((op->flags & SS_HASH_FINAL) == 0) {
243 end = ((areq->nbytes + op->len) / 64) * 64 - op->len;
245 if (end > areq->nbytes || areq->nbytes - end > 63) {
246 dev_err(ss->dev, "ERROR: Bound error %u %u\n",
247 end, areq->nbytes);
248 err = -EINVAL;
249 goto release_ss;
251 } else {
252 /* Since we have the flag final, we can go up to modulo 4 */
253 end = ((areq->nbytes + op->len) / 4) * 4 - op->len;
256 /* TODO if SGlen % 4 and op->len == 0 then DMA */
257 i = 1;
258 while (in_sg && i == 1) {
259 if ((in_sg->length % 4) != 0)
260 i = 0;
261 in_sg = sg_next(in_sg);
263 if (i == 1 && op->len == 0)
264 dev_dbg(ss->dev, "We can DMA\n");
266 i = 0;
267 sg_miter_start(&mi, areq->src, sg_nents(areq->src),
268 SG_MITER_FROM_SG | SG_MITER_ATOMIC);
269 sg_miter_next(&mi);
270 in_i = 0;
272 do {
274 * we need to linearize in two case:
275 * - the buffer is already used
276 * - the SG does not have enough byte remaining ( < 4)
278 if (op->len > 0 || (mi.length - in_i) < 4) {
280 * if we have entered here we have two reason to stop
281 * - the buffer is full
282 * - reach the end
284 while (op->len < 64 && i < end) {
285 /* how many bytes we can read from current SG */
286 in_r = min3(mi.length - in_i, end - i,
287 64 - op->len);
288 memcpy(op->buf + op->len, mi.addr + in_i, in_r);
289 op->len += in_r;
290 i += in_r;
291 in_i += in_r;
292 if (in_i == mi.length) {
293 sg_miter_next(&mi);
294 in_i = 0;
297 if (op->len > 3 && (op->len % 4) == 0) {
298 /* write buf to the device */
299 writesl(ss->base + SS_RXFIFO, op->buf,
300 op->len / 4);
301 op->byte_count += op->len;
302 op->len = 0;
305 if (mi.length - in_i > 3 && i < end) {
306 /* how many bytes we can read from current SG */
307 in_r = min3(mi.length - in_i, areq->nbytes - i,
308 ((mi.length - in_i) / 4) * 4);
309 /* how many bytes we can write in the device*/
310 todo = min3((u32)(end - i) / 4, rx_cnt, (u32)in_r / 4);
311 writesl(ss->base + SS_RXFIFO, mi.addr + in_i, todo);
312 op->byte_count += todo * 4;
313 i += todo * 4;
314 in_i += todo * 4;
315 rx_cnt -= todo;
316 if (rx_cnt == 0) {
317 spaces = readl(ss->base + SS_FCSR);
318 rx_cnt = SS_RXFIFO_SPACES(spaces);
320 if (in_i == mi.length) {
321 sg_miter_next(&mi);
322 in_i = 0;
325 } while (i < end);
328 * Now we have written to the device all that we can,
329 * store the remaining bytes in op->buf
331 if ((areq->nbytes - i) < 64) {
332 while (i < areq->nbytes && in_i < mi.length && op->len < 64) {
333 /* how many bytes we can read from current SG */
334 in_r = min3(mi.length - in_i, areq->nbytes - i,
335 64 - op->len);
336 memcpy(op->buf + op->len, mi.addr + in_i, in_r);
337 op->len += in_r;
338 i += in_r;
339 in_i += in_r;
340 if (in_i == mi.length) {
341 sg_miter_next(&mi);
342 in_i = 0;
347 sg_miter_stop(&mi);
350 * End of data process
351 * Now if we have the flag final go to finalize part
352 * If not, store the partial hash
354 if ((op->flags & SS_HASH_FINAL) > 0)
355 goto hash_final;
357 writel(op->mode | SS_ENABLED | SS_DATA_END, ss->base + SS_CTL);
358 i = 0;
359 do {
360 v = readl(ss->base + SS_CTL);
361 i++;
362 } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
363 if (unlikely(i >= SS_TIMEOUT)) {
364 dev_err_ratelimited(ss->dev,
365 "ERROR: hash end timeout %d>%d ctl=%x len=%u\n",
366 i, SS_TIMEOUT, v, areq->nbytes);
367 err = -EIO;
368 goto release_ss;
371 for (i = 0; i < crypto_ahash_digestsize(tfm) / 4; i++)
372 op->hash[i] = readl(ss->base + SS_MD0 + i * 4);
374 goto release_ss;
377 * hash_final: finalize hashing operation
379 * If we have some remaining bytes, we write them.
380 * Then ask the SS for finalizing the hashing operation
382 * I do not check RX FIFO size in this function since the size is 32
383 * after each enabling and this function neither write more than 32 words.
384 * If we come from the update part, we cannot have more than
385 * 3 remaining bytes to write and SS is fast enough to not care about it.
388 hash_final:
390 /* write the remaining words of the wait buffer */
391 if (op->len > 0) {
392 nwait = op->len / 4;
393 if (nwait > 0) {
394 writesl(ss->base + SS_RXFIFO, op->buf, nwait);
395 op->byte_count += 4 * nwait;
397 nbw = op->len - 4 * nwait;
398 wb = *(u32 *)(op->buf + nwait * 4);
399 wb &= (0xFFFFFFFF >> (4 - nbw) * 8);
402 /* write the remaining bytes of the nbw buffer */
403 if (nbw > 0) {
404 wb |= ((1 << 7) << (nbw * 8));
405 bf[j++] = wb;
406 } else {
407 bf[j++] = 1 << 7;
411 * number of space to pad to obtain 64o minus 8(size) minus 4 (final 1)
412 * I take the operations from other MD5/SHA1 implementations
415 /* we have already send 4 more byte of which nbw data */
416 if (op->mode == SS_OP_MD5) {
417 index = (op->byte_count + 4) & 0x3f;
418 op->byte_count += nbw;
419 if (index > 56)
420 zeros = (120 - index) / 4;
421 else
422 zeros = (56 - index) / 4;
423 } else {
424 op->byte_count += nbw;
425 index = op->byte_count & 0x3f;
426 padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
427 zeros = (padlen - 1) / 4;
430 memset(bf + j, 0, 4 * zeros);
431 j += zeros;
433 /* write the length of data */
434 if (op->mode == SS_OP_SHA1) {
435 bits = cpu_to_be64(op->byte_count << 3);
436 bf[j++] = bits & 0xffffffff;
437 bf[j++] = (bits >> 32) & 0xffffffff;
438 } else {
439 bf[j++] = (op->byte_count << 3) & 0xffffffff;
440 bf[j++] = (op->byte_count >> 29) & 0xffffffff;
442 writesl(ss->base + SS_RXFIFO, bf, j);
444 /* Tell the SS to stop the hashing */
445 writel(op->mode | SS_ENABLED | SS_DATA_END, ss->base + SS_CTL);
448 * Wait for SS to finish the hash.
449 * The timeout could happen only in case of bad overclocking
450 * or driver bug.
452 i = 0;
453 do {
454 v = readl(ss->base + SS_CTL);
455 i++;
456 } while (i < SS_TIMEOUT && (v & SS_DATA_END) > 0);
457 if (unlikely(i >= SS_TIMEOUT)) {
458 dev_err_ratelimited(ss->dev,
459 "ERROR: hash end timeout %d>%d ctl=%x len=%u\n",
460 i, SS_TIMEOUT, v, areq->nbytes);
461 err = -EIO;
462 goto release_ss;
465 /* Get the hash from the device */
466 if (op->mode == SS_OP_SHA1) {
467 for (i = 0; i < 5; i++) {
468 v = cpu_to_be32(readl(ss->base + SS_MD0 + i * 4));
469 memcpy(areq->result + i * 4, &v, 4);
471 } else {
472 for (i = 0; i < 4; i++) {
473 v = readl(ss->base + SS_MD0 + i * 4);
474 memcpy(areq->result + i * 4, &v, 4);
478 release_ss:
479 writel(0, ss->base + SS_CTL);
480 spin_unlock_bh(&ss->slock);
481 return err;
484 int sun4i_hash_final(struct ahash_request *areq)
486 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
488 op->flags = SS_HASH_FINAL;
489 return sun4i_hash(areq);
492 int sun4i_hash_update(struct ahash_request *areq)
494 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
496 op->flags = SS_HASH_UPDATE;
497 return sun4i_hash(areq);
500 /* sun4i_hash_finup: finalize hashing operation after an update */
501 int sun4i_hash_finup(struct ahash_request *areq)
503 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
505 op->flags = SS_HASH_UPDATE | SS_HASH_FINAL;
506 return sun4i_hash(areq);
509 /* combo of init/update/final functions */
510 int sun4i_hash_digest(struct ahash_request *areq)
512 int err;
513 struct sun4i_req_ctx *op = ahash_request_ctx(areq);
515 err = sun4i_hash_init(areq);
516 if (err != 0)
517 return err;
519 op->flags = SS_HASH_UPDATE | SS_HASH_FINAL;
520 return sun4i_hash(areq);