[linux-2.6-block.git] / drivers / crypto / ccree / cc_ivgen.c

// SPDX-License-Identifier: GPL-2.0
/* Copyright (C) 2012-2018 ARM Limited or its affiliates. */

#include <crypto/ctr.h>
#include "cc_driver.h"
#include "cc_ivgen.h"
#include "cc_request_mgr.h"
#include "cc_sram_mgr.h"
#include "cc_buffer_mgr.h"

/* The max. size of pool *MUST* be <= SRAM total size */
#define CC_IVPOOL_SIZE 1024
/* The first 32B fraction of pool are dedicated to the
 * next encryption "key" & "IV" for pool regeneration
 */
#define CC_IVPOOL_META_SIZE (CC_AES_IV_SIZE + AES_KEYSIZE_128)
#define CC_IVPOOL_GEN_SEQ_LEN	4

/**
 * struct cc_ivgen_ctx -IV pool generation context
 * @pool:          the start address of the iv-pool resides in internal RAM
 * @ctr_key_dma:   address of pool's encryption key material in internal RAM
 * @ctr_iv_dma:    address of pool's counter iv in internal RAM
 * @next_iv_ofs:   the offset to the next available IV in pool
 * @pool_meta:     virt. address of the initial enc. key/IV
 * @pool_meta_dma: phys. address of the initial enc. key/IV
 */
struct cc_ivgen_ctx {
	cc_sram_addr_t pool;
	cc_sram_addr_t ctr_key;
	cc_sram_addr_t ctr_iv;
	u32 next_iv_ofs;
	u8 *pool_meta;
	dma_addr_t pool_meta_dma;
};

/*!
 * Generates CC_IVPOOL_SIZE of random bytes by
 * encrypting 0's using AES128-CTR.
 *
 * \param ivgen iv-pool context
 * \param iv_seq IN/OUT array to the descriptors sequence
 * \param iv_seq_len IN/OUT pointer to the sequence length
 */
static int cc_gen_iv_pool(struct cc_ivgen_ctx *ivgen_ctx,
			  struct cc_hw_desc iv_seq[], unsigned int *iv_seq_len)
{
	unsigned int idx = *iv_seq_len;

	if ((*iv_seq_len + CC_IVPOOL_GEN_SEQ_LEN) > CC_IVPOOL_SEQ_LEN) {
		/* The sequence will be longer than allowed */
		return -EINVAL;
	}
	/* Setup key */
	hw_desc_init(&iv_seq[idx]);
	set_din_sram(&iv_seq[idx], ivgen_ctx->ctr_key, AES_KEYSIZE_128);
	set_setup_mode(&iv_seq[idx], SETUP_LOAD_KEY0);
	set_cipher_config0(&iv_seq[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
	set_flow_mode(&iv_seq[idx], S_DIN_to_AES);
	set_key_size_aes(&iv_seq[idx], CC_AES_128_BIT_KEY_SIZE);
	set_cipher_mode(&iv_seq[idx], DRV_CIPHER_CTR);
	idx++;

	/* Setup cipher state */
	hw_desc_init(&iv_seq[idx]);
	set_din_sram(&iv_seq[idx], ivgen_ctx->ctr_iv, CC_AES_IV_SIZE);
	set_cipher_config0(&iv_seq[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
	set_flow_mode(&iv_seq[idx], S_DIN_to_AES);
	set_setup_mode(&iv_seq[idx], SETUP_LOAD_STATE1);
	set_key_size_aes(&iv_seq[idx], CC_AES_128_BIT_KEY_SIZE);
	set_cipher_mode(&iv_seq[idx], DRV_CIPHER_CTR);
	idx++;

	/* Perform dummy encrypt to skip first block */
	hw_desc_init(&iv_seq[idx]);
	set_din_const(&iv_seq[idx], 0, CC_AES_IV_SIZE);
	set_dout_sram(&iv_seq[idx], ivgen_ctx->pool, CC_AES_IV_SIZE);
	set_flow_mode(&iv_seq[idx], DIN_AES_DOUT);
	idx++;

	/* Generate IV pool */
	hw_desc_init(&iv_seq[idx]);
	set_din_const(&iv_seq[idx], 0, CC_IVPOOL_SIZE);
	set_dout_sram(&iv_seq[idx], ivgen_ctx->pool, CC_IVPOOL_SIZE);
	set_flow_mode(&iv_seq[idx], DIN_AES_DOUT);
	idx++;

	*iv_seq_len = idx; /* Update sequence length */

	/* queue ordering assures pool readiness */
	ivgen_ctx->next_iv_ofs = CC_IVPOOL_META_SIZE;

	return 0;
}

/*!
 * Generates the initial pool in SRAM.
 * This function should be invoked when resuming driver.
 *
 * \param drvdata
 *
 * \return int Zero for success, negative value otherwise.
 */
int cc_init_iv_sram(struct cc_drvdata *drvdata)
{
	struct cc_ivgen_ctx *ivgen_ctx = drvdata->ivgen_handle;
	struct cc_hw_desc iv_seq[CC_IVPOOL_SEQ_LEN];
	unsigned int iv_seq_len = 0;
	int rc;

	/* Generate initial enc. key/iv */
	get_random_bytes(ivgen_ctx->pool_meta, CC_IVPOOL_META_SIZE);

	/* The first 32B reserved for the enc. Key/IV */
	ivgen_ctx->ctr_key = ivgen_ctx->pool;
	ivgen_ctx->ctr_iv = ivgen_ctx->pool + AES_KEYSIZE_128;

	/* Copy initial enc. key and IV to SRAM at a single descriptor */
	hw_desc_init(&iv_seq[iv_seq_len]);
	set_din_type(&iv_seq[iv_seq_len], DMA_DLLI, ivgen_ctx->pool_meta_dma,
		     CC_IVPOOL_META_SIZE, NS_BIT);
	set_dout_sram(&iv_seq[iv_seq_len], ivgen_ctx->pool,
		      CC_IVPOOL_META_SIZE);
	set_flow_mode(&iv_seq[iv_seq_len], BYPASS);
	iv_seq_len++;

	/* Generate initial pool */
	rc = cc_gen_iv_pool(ivgen_ctx, iv_seq, &iv_seq_len);
	if (rc)
		return rc;

	/* Fire-and-forget */
	return send_request_init(drvdata, iv_seq, iv_seq_len);
}

/*!
 * Free iv-pool and ivgen context.
 *
 * \param drvdata
 */
void cc_ivgen_fini(struct cc_drvdata *drvdata)
{
	struct cc_ivgen_ctx *ivgen_ctx = drvdata->ivgen_handle;
	struct device *device = &drvdata->plat_dev->dev;

	if (!ivgen_ctx)
		return;

	if (ivgen_ctx->pool_meta) {
		memset(ivgen_ctx->pool_meta, 0, CC_IVPOOL_META_SIZE);
		dma_free_coherent(device, CC_IVPOOL_META_SIZE,
				  ivgen_ctx->pool_meta,
				  ivgen_ctx->pool_meta_dma);
	}

	ivgen_ctx->pool = NULL_SRAM_ADDR;

	/* release "this" context */
	kfree(ivgen_ctx);
}

/*!
 * Allocates iv-pool and maps resources.
 * This function generates the first IV pool.
 *
 * \param drvdata Driver's private context
 *
 * \return int Zero for success, negative value otherwise.
 */
int cc_ivgen_init(struct cc_drvdata *drvdata)
{
	struct cc_ivgen_ctx *ivgen_ctx;
	struct device *device = &drvdata->plat_dev->dev;
	int rc;

	/* Allocate "this" context */
	ivgen_ctx = kzalloc(sizeof(*ivgen_ctx), GFP_KERNEL);
	if (!ivgen_ctx)
		return -ENOMEM;

	/* Allocate pool's header for initial enc. key/IV */
	ivgen_ctx->pool_meta = dma_alloc_coherent(device, CC_IVPOOL_META_SIZE,
						  &ivgen_ctx->pool_meta_dma,
						  GFP_KERNEL);
	if (!ivgen_ctx->pool_meta) {
		dev_err(device, "Not enough memory to allocate DMA of pool_meta (%u B)\n",
			CC_IVPOOL_META_SIZE);
		rc = -ENOMEM;
		goto out;
	}
	/* Allocate IV pool in SRAM */
	ivgen_ctx->pool = cc_sram_alloc(drvdata, CC_IVPOOL_SIZE);
	if (ivgen_ctx->pool == NULL_SRAM_ADDR) {
		dev_err(device, "SRAM pool exhausted\n");
		rc = -ENOMEM;
		goto out;
	}

	drvdata->ivgen_handle = ivgen_ctx;

	return cc_init_iv_sram(drvdata);

out:
	cc_ivgen_fini(drvdata);
	return rc;
}

/*!
 * Acquires 16 Bytes IV from the iv-pool
 *
 * \param drvdata Driver private context
 * \param iv_out_dma Array of physical IV out addresses
 * \param iv_out_dma_len Length of iv_out_dma array (additional elements
 *                       of iv_out_dma array are ignore)
 * \param iv_out_size May be 8 or 16 bytes long
 * \param iv_seq IN/OUT array to the descriptors sequence
 * \param iv_seq_len IN/OUT pointer to the sequence length
 *
 * \return int Zero for success, negative value otherwise.
 */
int cc_get_iv(struct cc_drvdata *drvdata, dma_addr_t iv_out_dma[],
	      unsigned int iv_out_dma_len, unsigned int iv_out_size,
	      struct cc_hw_desc iv_seq[], unsigned int *iv_seq_len)
{
	struct cc_ivgen_ctx *ivgen_ctx = drvdata->ivgen_handle;
	unsigned int idx = *iv_seq_len;
	struct device *dev = drvdata_to_dev(drvdata);
	unsigned int t;

	if (iv_out_size != CC_AES_IV_SIZE &&
	    iv_out_size != CTR_RFC3686_IV_SIZE) {
		return -EINVAL;
	}
	if ((iv_out_dma_len + 1) > CC_IVPOOL_SEQ_LEN) {
		/* The sequence will be longer than allowed */
		return -EINVAL;
	}

	/* check that number of generated IV is limited to max dma address
	 * iv buffer size
	 */
	if (iv_out_dma_len > CC_MAX_IVGEN_DMA_ADDRESSES) {
		/* The sequence will be longer than allowed */
		return -EINVAL;
	}

	for (t = 0; t < iv_out_dma_len; t++) {
		/* Acquire IV from pool */
		hw_desc_init(&iv_seq[idx]);
		set_din_sram(&iv_seq[idx], (ivgen_ctx->pool +
					    ivgen_ctx->next_iv_ofs),
			     iv_out_size);
		set_dout_dlli(&iv_seq[idx], iv_out_dma[t], iv_out_size,
			      NS_BIT, 0);
		set_flow_mode(&iv_seq[idx], BYPASS);
		idx++;
	}

	/* Bypass operation is proceeded by crypto sequence, hence must
	 *  assure bypass-write-transaction by a memory barrier
	 */
	hw_desc_init(&iv_seq[idx]);
	set_din_no_dma(&iv_seq[idx], 0, 0xfffff0);
	set_dout_no_dma(&iv_seq[idx], 0, 0, 1);
	idx++;

	*iv_seq_len = idx; /* update seq length */

	/* Update iv index */
	ivgen_ctx->next_iv_ofs += iv_out_size;

	if ((CC_IVPOOL_SIZE - ivgen_ctx->next_iv_ofs) < CC_AES_IV_SIZE) {
		dev_dbg(dev, "Pool exhausted, regenerating iv-pool\n");
		/* pool is drained -regenerate it! */
		return cc_gen_iv_pool(ivgen_ctx, iv_seq, iv_seq_len);
	}

	return 0;
}
Commit	Line	Data
4c3f9727 GBY	1	// SPDX-License-Identifier: GPL-2.0
	2	/* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
	3
	4	#include <crypto/ctr.h>
	5	#include "cc_driver.h"
	6	#include "cc_ivgen.h"
	7	#include "cc_request_mgr.h"
	8	#include "cc_sram_mgr.h"
	9	#include "cc_buffer_mgr.h"
	10
	11	/* The max. size of pool MUST be <= SRAM total size */
	12	#define CC_IVPOOL_SIZE 1024
	13	/* The first 32B fraction of pool are dedicated to the
	14	* next encryption "key" & "IV" for pool regeneration
	15	*/
	16	#define CC_IVPOOL_META_SIZE (CC_AES_IV_SIZE + AES_KEYSIZE_128)
	17	#define CC_IVPOOL_GEN_SEQ_LEN 4
	18
	19	/**
	20	* struct cc_ivgen_ctx -IV pool generation context
	21	* @pool: the start address of the iv-pool resides in internal RAM
	22	* @ctr_key_dma: address of pool's encryption key material in internal RAM
	23	* @ctr_iv_dma: address of pool's counter iv in internal RAM
	24	* @next_iv_ofs: the offset to the next available IV in pool
	25	* @pool_meta: virt. address of the initial enc. key/IV
	26	* @pool_meta_dma: phys. address of the initial enc. key/IV
	27	*/
	28	struct cc_ivgen_ctx {
	29	cc_sram_addr_t pool;
	30	cc_sram_addr_t ctr_key;
	31	cc_sram_addr_t ctr_iv;
	32	u32 next_iv_ofs;
	33	u8 *pool_meta;
	34	dma_addr_t pool_meta_dma;
	35	};
	36
	37	/*!
	38	* Generates CC_IVPOOL_SIZE of random bytes by
	39	* encrypting 0's using AES128-CTR.
	40	*
	41	* \param ivgen iv-pool context
	42	* \param iv_seq IN/OUT array to the descriptors sequence
	43	* \param iv_seq_len IN/OUT pointer to the sequence length
	44	*/
	45	static int cc_gen_iv_pool(struct cc_ivgen_ctx *ivgen_ctx,
	46	struct cc_hw_desc iv_seq[], unsigned int *iv_seq_len)
	47	{
	48	unsigned int idx = *iv_seq_len;
	49
	50	if ((*iv_seq_len + CC_IVPOOL_GEN_SEQ_LEN) > CC_IVPOOL_SEQ_LEN) {
	51	/* The sequence will be longer than allowed */
	52	return -EINVAL;
	53	}
	54	/* Setup key */
	55	hw_desc_init(&iv_seq[idx]);
	56	set_din_sram(&iv_seq[idx], ivgen_ctx->ctr_key, AES_KEYSIZE_128);
	57	set_setup_mode(&iv_seq[idx], SETUP_LOAD_KEY0);
	58	set_cipher_config0(&iv_seq[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
	59	set_flow_mode(&iv_seq[idx], S_DIN_to_AES);
	60	set_key_size_aes(&iv_seq[idx], CC_AES_128_BIT_KEY_SIZE);
	61	set_cipher_mode(&iv_seq[idx], DRV_CIPHER_CTR);
	62	idx++;
	63
	64	/* Setup cipher state */
65	hw_desc_init(&iv_seq[idx]);
66	set_din_sram(&iv_seq[idx], ivgen_ctx->ctr_iv, CC_AES_IV_SIZE);
67	set_cipher_config0(&iv_seq[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
68	set_flow_mode(&iv_seq[idx], S_DIN_to_AES);
69	set_setup_mode(&iv_seq[idx], SETUP_LOAD_STATE1);
70	set_key_size_aes(&iv_seq[idx], CC_AES_128_BIT_KEY_SIZE);
71	set_cipher_mode(&iv_seq[idx], DRV_CIPHER_CTR);
72	idx++;
73
74	/* Perform dummy encrypt to skip first block */
75	hw_desc_init(&iv_seq[idx]);
76	set_din_const(&iv_seq[idx], 0, CC_AES_IV_SIZE);
77	set_dout_sram(&iv_seq[idx], ivgen_ctx->pool, CC_AES_IV_SIZE);
78	set_flow_mode(&iv_seq[idx], DIN_AES_DOUT);
79	idx++;
80
81	/* Generate IV pool */
82	hw_desc_init(&iv_seq[idx]);
83	set_din_const(&iv_seq[idx], 0, CC_IVPOOL_SIZE);
84	set_dout_sram(&iv_seq[idx], ivgen_ctx->pool, CC_IVPOOL_SIZE);
85	set_flow_mode(&iv_seq[idx], DIN_AES_DOUT);
86	idx++;
87
88	iv_seq_len = idx; / Update sequence length */
89
90	/* queue ordering assures pool readiness */
91	ivgen_ctx->next_iv_ofs = CC_IVPOOL_META_SIZE;
92
93	return 0;
94	}
95
96	/*!
97	* Generates the initial pool in SRAM.
98	* This function should be invoked when resuming driver.
99	*
100	* \param drvdata
101	*
102	* \return int Zero for success, negative value otherwise.
103	*/
104	int cc_init_iv_sram(struct cc_drvdata *drvdata)
105	{
106	struct cc_ivgen_ctx *ivgen_ctx = drvdata->ivgen_handle;
107	struct cc_hw_desc iv_seq[CC_IVPOOL_SEQ_LEN];
108	unsigned int iv_seq_len = 0;
109	int rc;
110
111	/* Generate initial enc. key/iv */
112	get_random_bytes(ivgen_ctx->pool_meta, CC_IVPOOL_META_SIZE);
113
114	/* The first 32B reserved for the enc. Key/IV */
115	ivgen_ctx->ctr_key = ivgen_ctx->pool;
116	ivgen_ctx->ctr_iv = ivgen_ctx->pool + AES_KEYSIZE_128;
117
118	/* Copy initial enc. key and IV to SRAM at a single descriptor */
119	hw_desc_init(&iv_seq[iv_seq_len]);
120	set_din_type(&iv_seq[iv_seq_len], DMA_DLLI, ivgen_ctx->pool_meta_dma,
121	CC_IVPOOL_META_SIZE, NS_BIT);
122	set_dout_sram(&iv_seq[iv_seq_len], ivgen_ctx->pool,
123	CC_IVPOOL_META_SIZE);
124	set_flow_mode(&iv_seq[iv_seq_len], BYPASS);
125	iv_seq_len++;
126
127	/* Generate initial pool */
128	rc = cc_gen_iv_pool(ivgen_ctx, iv_seq, &iv_seq_len);
129	if (rc)
130	return rc;
131
132	/* Fire-and-forget */
133	return send_request_init(drvdata, iv_seq, iv_seq_len);
134	}
135
136	/*!
137	* Free iv-pool and ivgen context.
138	*
139	* \param drvdata
140	*/
141	void cc_ivgen_fini(struct cc_drvdata *drvdata)
142	{
143	struct cc_ivgen_ctx *ivgen_ctx = drvdata->ivgen_handle;
144	struct device *device = &drvdata->plat_dev->dev;
145
146	if (!ivgen_ctx)
147	return;
148
149	if (ivgen_ctx->pool_meta) {
150	memset(ivgen_ctx->pool_meta, 0, CC_IVPOOL_META_SIZE);
151	dma_free_coherent(device, CC_IVPOOL_META_SIZE,
152	ivgen_ctx->pool_meta,
153	ivgen_ctx->pool_meta_dma);
154	}
155
156	ivgen_ctx->pool = NULL_SRAM_ADDR;
157
158	/* release "this" context */
159	kfree(ivgen_ctx);
160	}
161
162	/*!
163	* Allocates iv-pool and maps resources.
164	* This function generates the first IV pool.
165	*
166	* \param drvdata Driver's private context
167	*
168	* \return int Zero for success, negative value otherwise.
169	*/
170	int cc_ivgen_init(struct cc_drvdata *drvdata)
171	{
172	struct cc_ivgen_ctx *ivgen_ctx;
173	struct device *device = &drvdata->plat_dev->dev;
174	int rc;
175
176	/* Allocate "this" context */
177	ivgen_ctx = kzalloc(sizeof(*ivgen_ctx), GFP_KERNEL);
178	if (!ivgen_ctx)
179	return -ENOMEM;
180
181	/* Allocate pool's header for initial enc. key/IV */
182	ivgen_ctx->pool_meta = dma_alloc_coherent(device, CC_IVPOOL_META_SIZE,
183	&ivgen_ctx->pool_meta_dma,
184	GFP_KERNEL);
185	if (!ivgen_ctx->pool_meta) {
186	dev_err(device, "Not enough memory to allocate DMA of pool_meta (%u B)\n",
187	CC_IVPOOL_META_SIZE);
188	rc = -ENOMEM;
189	goto out;
190	}
191	/* Allocate IV pool in SRAM */
192	ivgen_ctx->pool = cc_sram_alloc(drvdata, CC_IVPOOL_SIZE);
193	if (ivgen_ctx->pool == NULL_SRAM_ADDR) {
194	dev_err(device, "SRAM pool exhausted\n");
195	rc = -ENOMEM;
196	goto out;
197	}
198
199	drvdata->ivgen_handle = ivgen_ctx;
200
201	return cc_init_iv_sram(drvdata);
202
203	out:
204	cc_ivgen_fini(drvdata);
205	return rc;
206	}
207
208	/*!
209	* Acquires 16 Bytes IV from the iv-pool
210	*
211	* \param drvdata Driver private context
212	* \param iv_out_dma Array of physical IV out addresses
213	* \param iv_out_dma_len Length of iv_out_dma array (additional elements
214	* of iv_out_dma array are ignore)
215	* \param iv_out_size May be 8 or 16 bytes long
216	* \param iv_seq IN/OUT array to the descriptors sequence
217	* \param iv_seq_len IN/OUT pointer to the sequence length
218	*
219	* \return int Zero for success, negative value otherwise.
220	*/
221	int cc_get_iv(struct cc_drvdata *drvdata, dma_addr_t iv_out_dma[],
222	unsigned int iv_out_dma_len, unsigned int iv_out_size,
223	struct cc_hw_desc iv_seq[], unsigned int *iv_seq_len)
224	{
225	struct cc_ivgen_ctx *ivgen_ctx = drvdata->ivgen_handle;
226	unsigned int idx = *iv_seq_len;
227	struct device *dev = drvdata_to_dev(drvdata);
228	unsigned int t;
229
230	if (iv_out_size != CC_AES_IV_SIZE &&
231	iv_out_size != CTR_RFC3686_IV_SIZE) {
232	return -EINVAL;
233	}
234	if ((iv_out_dma_len + 1) > CC_IVPOOL_SEQ_LEN) {
235	/* The sequence will be longer than allowed */
236	return -EINVAL;
237	}
238
239	/* check that number of generated IV is limited to max dma address
240	* iv buffer size
241	*/
242	if (iv_out_dma_len > CC_MAX_IVGEN_DMA_ADDRESSES) {
243	/* The sequence will be longer than allowed */
244	return -EINVAL;
245	}
246
247	for (t = 0; t < iv_out_dma_len; t++) {
248	/* Acquire IV from pool */
249	hw_desc_init(&iv_seq[idx]);
250	set_din_sram(&iv_seq[idx], (ivgen_ctx->pool +
251	ivgen_ctx->next_iv_ofs),
252	iv_out_size);
253	set_dout_dlli(&iv_seq[idx], iv_out_dma[t], iv_out_size,
254	NS_BIT, 0);
255	set_flow_mode(&iv_seq[idx], BYPASS);
256	idx++;
257	}
258
259	/* Bypass operation is proceeded by crypto sequence, hence must
260	* assure bypass-write-transaction by a memory barrier
261	*/
262	hw_desc_init(&iv_seq[idx]);
263	set_din_no_dma(&iv_seq[idx], 0, 0xfffff0);
264	set_dout_no_dma(&iv_seq[idx], 0, 0, 1);
265	idx++;
266
267	iv_seq_len = idx; / update seq length */
268
269	/* Update iv index */
270	ivgen_ctx->next_iv_ofs += iv_out_size;
271
272	if ((CC_IVPOOL_SIZE - ivgen_ctx->next_iv_ofs) < CC_AES_IV_SIZE) {
273	dev_dbg(dev, "Pool exhausted, regenerating iv-pool\n");
274	/* pool is drained -regenerate it! */
275	return cc_gen_iv_pool(ivgen_ctx, iv_seq, iv_seq_len);
276	}
277
278	return 0;
279	}