1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (c) 2010-2014, The Linux Foundation. All rights reserved. 4 */ 5 6#include <linux/device.h> 7#include <linux/dma-mapping.h> 8#include <linux/interrupt.h> 9#include <crypto/internal/hash.h> 10 11#include "common.h" 12#include "core.h" 13#include "sha.h" 14 15struct qce_sha_saved_state { 16 u8 pending_buf[QCE_SHA_MAX_BLOCKSIZE]; 17 u8 partial_digest[QCE_SHA_MAX_DIGESTSIZE]; 18 __be32 byte_count[2]; 19 unsigned int pending_buflen; 20 unsigned int flags; 21 u64 count; 22 bool first_blk; 23}; 24 25static LIST_HEAD(ahash_algs); 26 27static const u32 std_iv_sha1[SHA256_DIGEST_SIZE / sizeof(u32)] = { 28 SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4, 0, 0, 0 29}; 30 31static const u32 std_iv_sha256[SHA256_DIGEST_SIZE / sizeof(u32)] = { 32 SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3, 33 SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7 34}; 35 36static void qce_ahash_done(void *data) 37{ 38 struct crypto_async_request *async_req = data; 39 struct ahash_request *req = ahash_request_cast(async_req); 40 struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); 41 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 42 struct qce_alg_template *tmpl = to_ahash_tmpl(async_req->tfm); 43 struct qce_device *qce = tmpl->qce; 44 struct qce_result_dump *result = qce->dma.result_buf; 45 unsigned int digestsize = crypto_ahash_digestsize(ahash); 46 int error; 47 u32 status; 48 49 error = qce_dma_terminate_all(&qce->dma); 50 if (error) 51 dev_dbg(qce->dev, "ahash dma termination error (%d)\n", error); 52 53 dma_unmap_sg(qce->dev, req->src, rctx->src_nents, DMA_TO_DEVICE); 54 dma_unmap_sg(qce->dev, &rctx->result_sg, 1, DMA_FROM_DEVICE); 55 56 memcpy(rctx->digest, result->auth_iv, digestsize); 57 if (req->result && rctx->last_blk) 58 memcpy(req->result, result->auth_iv, digestsize); 59 60 rctx->byte_count[0] = cpu_to_be32(result->auth_byte_count[0]); 61 rctx->byte_count[1] = cpu_to_be32(result->auth_byte_count[1]); 62 63 error = qce_check_status(qce, &status); 64 if (error < 0) 65 dev_dbg(qce->dev, "ahash operation error (%x)\n", status); 66 67 req->src = rctx->src_orig; 68 req->nbytes = rctx->nbytes_orig; 69 rctx->last_blk = false; 70 rctx->first_blk = false; 71 72 qce->async_req_done(tmpl->qce, error); 73} 74 75static int qce_ahash_async_req_handle(struct crypto_async_request *async_req) 76{ 77 struct ahash_request *req = ahash_request_cast(async_req); 78 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 79 struct qce_sha_ctx *ctx = crypto_tfm_ctx(async_req->tfm); 80 struct qce_alg_template *tmpl = to_ahash_tmpl(async_req->tfm); 81 struct qce_device *qce = tmpl->qce; 82 unsigned long flags = rctx->flags; 83 int ret; 84 85 if (IS_SHA_HMAC(flags)) { 86 rctx->authkey = ctx->authkey; 87 rctx->authklen = QCE_SHA_HMAC_KEY_SIZE; 88 } else if (IS_CMAC(flags)) { 89 rctx->authkey = ctx->authkey; 90 rctx->authklen = AES_KEYSIZE_128; 91 } 92 93 rctx->src_nents = sg_nents_for_len(req->src, req->nbytes); 94 if (rctx->src_nents < 0) { 95 dev_err(qce->dev, "Invalid numbers of src SG.\n"); 96 return rctx->src_nents; 97 } 98 99 ret = dma_map_sg(qce->dev, req->src, rctx->src_nents, DMA_TO_DEVICE); 100 if (!ret) 101 return -EIO; 102 103 sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ); 104 105 ret = dma_map_sg(qce->dev, &rctx->result_sg, 1, DMA_FROM_DEVICE); 106 if (!ret) { 107 ret = -EIO; 108 goto error_unmap_src; 109 } 110 111 ret = qce_dma_prep_sgs(&qce->dma, req->src, rctx->src_nents, 112 &rctx->result_sg, 1, qce_ahash_done, async_req); 113 if (ret) 114 goto error_unmap_dst; 115 116 qce_dma_issue_pending(&qce->dma); 117 118 ret = qce_start(async_req, tmpl->crypto_alg_type); 119 if (ret) 120 goto error_terminate; 121 122 return 0; 123 124error_terminate: 125 qce_dma_terminate_all(&qce->dma); 126error_unmap_dst: 127 dma_unmap_sg(qce->dev, &rctx->result_sg, 1, DMA_FROM_DEVICE); 128error_unmap_src: 129 dma_unmap_sg(qce->dev, req->src, rctx->src_nents, DMA_TO_DEVICE); 130 return ret; 131} 132 133static int qce_ahash_init(struct ahash_request *req) 134{ 135 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 136 struct qce_alg_template *tmpl = to_ahash_tmpl(req->base.tfm); 137 const u32 *std_iv = tmpl->std_iv; 138 139 memset(rctx, 0, sizeof(*rctx)); 140 rctx->first_blk = true; 141 rctx->last_blk = false; 142 rctx->flags = tmpl->alg_flags; 143 memcpy(rctx->digest, std_iv, sizeof(rctx->digest)); 144 145 return 0; 146} 147 148static int qce_ahash_export(struct ahash_request *req, void *out) 149{ 150 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 151 struct qce_sha_saved_state *export_state = out; 152 153 memcpy(export_state->pending_buf, rctx->buf, rctx->buflen); 154 memcpy(export_state->partial_digest, rctx->digest, sizeof(rctx->digest)); 155 export_state->byte_count[0] = rctx->byte_count[0]; 156 export_state->byte_count[1] = rctx->byte_count[1]; 157 export_state->pending_buflen = rctx->buflen; 158 export_state->count = rctx->count; 159 export_state->first_blk = rctx->first_blk; 160 export_state->flags = rctx->flags; 161 162 return 0; 163} 164 165static int qce_ahash_import(struct ahash_request *req, const void *in) 166{ 167 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 168 const struct qce_sha_saved_state *import_state = in; 169 170 memset(rctx, 0, sizeof(*rctx)); 171 rctx->count = import_state->count; 172 rctx->buflen = import_state->pending_buflen; 173 rctx->first_blk = import_state->first_blk; 174 rctx->flags = import_state->flags; 175 rctx->byte_count[0] = import_state->byte_count[0]; 176 rctx->byte_count[1] = import_state->byte_count[1]; 177 memcpy(rctx->buf, import_state->pending_buf, rctx->buflen); 178 memcpy(rctx->digest, import_state->partial_digest, sizeof(rctx->digest)); 179 180 return 0; 181} 182 183static int qce_ahash_update(struct ahash_request *req) 184{ 185 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 186 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 187 struct qce_alg_template *tmpl = to_ahash_tmpl(req->base.tfm); 188 struct qce_device *qce = tmpl->qce; 189 struct scatterlist *sg_last, *sg; 190 unsigned int total, len; 191 unsigned int hash_later; 192 unsigned int nbytes; 193 unsigned int blocksize; 194 195 blocksize = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm)); 196 rctx->count += req->nbytes; 197 198 /* check for buffer from previous updates and append it */ 199 total = req->nbytes + rctx->buflen; 200 201 if (total <= blocksize) { 202 scatterwalk_map_and_copy(rctx->buf + rctx->buflen, req->src, 203 0, req->nbytes, 0); 204 rctx->buflen += req->nbytes; 205 return 0; 206 } 207 208 /* save the original req structure fields */ 209 rctx->src_orig = req->src; 210 rctx->nbytes_orig = req->nbytes; 211 212 /* 213 * if we have data from previous update copy them on buffer. The old 214 * data will be combined with current request bytes. 215 */ 216 if (rctx->buflen) 217 memcpy(rctx->tmpbuf, rctx->buf, rctx->buflen); 218 219 /* calculate how many bytes will be hashed later */ 220 hash_later = total % blocksize; 221 222 /* 223 * At this point, there is more than one block size of data. If 224 * the available data to transfer is exactly a multiple of block 225 * size, save the last block to be transferred in qce_ahash_final 226 * (with the last block bit set) if this is indeed the end of data 227 * stream. If not this saved block will be transferred as part of 228 * next update. If this block is not held back and if this is 229 * indeed the end of data stream, the digest obtained will be wrong 230 * since qce_ahash_final will see that rctx->buflen is 0 and return 231 * doing nothing which in turn means that a digest will not be 232 * copied to the destination result buffer. qce_ahash_final cannot 233 * be made to alter this behavior and allowed to proceed if 234 * rctx->buflen is 0 because the crypto engine BAM does not allow 235 * for zero length transfers. 236 */ 237 if (!hash_later) 238 hash_later = blocksize; 239 240 if (hash_later) { 241 unsigned int src_offset = req->nbytes - hash_later; 242 scatterwalk_map_and_copy(rctx->buf, req->src, src_offset, 243 hash_later, 0); 244 } 245 246 /* here nbytes is multiple of blocksize */ 247 nbytes = total - hash_later; 248 249 len = rctx->buflen; 250 sg = sg_last = req->src; 251 252 while (len < nbytes && sg) { 253 if (len + sg_dma_len(sg) > nbytes) 254 break; 255 len += sg_dma_len(sg); 256 sg_last = sg; 257 sg = sg_next(sg); 258 } 259 260 if (!sg_last) 261 return -EINVAL; 262 263 if (rctx->buflen) { 264 sg_init_table(rctx->sg, 2); 265 sg_set_buf(rctx->sg, rctx->tmpbuf, rctx->buflen); 266 sg_chain(rctx->sg, 2, req->src); 267 req->src = rctx->sg; 268 } 269 270 req->nbytes = nbytes; 271 rctx->buflen = hash_later; 272 273 return qce->async_req_enqueue(tmpl->qce, &req->base); 274} 275 276static int qce_ahash_final(struct ahash_request *req) 277{ 278 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 279 struct qce_alg_template *tmpl = to_ahash_tmpl(req->base.tfm); 280 struct qce_device *qce = tmpl->qce; 281 282 if (!rctx->buflen) { 283 if (tmpl->hash_zero) 284 memcpy(req->result, tmpl->hash_zero, 285 tmpl->alg.ahash.halg.digestsize); 286 return 0; 287 } 288 289 rctx->last_blk = true; 290 291 rctx->src_orig = req->src; 292 rctx->nbytes_orig = req->nbytes; 293 294 memcpy(rctx->tmpbuf, rctx->buf, rctx->buflen); 295 sg_init_one(rctx->sg, rctx->tmpbuf, rctx->buflen); 296 297 req->src = rctx->sg; 298 req->nbytes = rctx->buflen; 299 300 return qce->async_req_enqueue(tmpl->qce, &req->base); 301} 302 303static int qce_ahash_digest(struct ahash_request *req) 304{ 305 struct qce_sha_reqctx *rctx = ahash_request_ctx_dma(req); 306 struct qce_alg_template *tmpl = to_ahash_tmpl(req->base.tfm); 307 struct qce_device *qce = tmpl->qce; 308 int ret; 309 310 ret = qce_ahash_init(req); 311 if (ret) 312 return ret; 313 314 rctx->src_orig = req->src; 315 rctx->nbytes_orig = req->nbytes; 316 rctx->first_blk = true; 317 rctx->last_blk = true; 318 319 if (!rctx->nbytes_orig) { 320 if (tmpl->hash_zero) 321 memcpy(req->result, tmpl->hash_zero, 322 tmpl->alg.ahash.halg.digestsize); 323 return 0; 324 } 325 326 return qce->async_req_enqueue(tmpl->qce, &req->base); 327} 328 329static int qce_ahash_hmac_setkey(struct crypto_ahash *tfm, const u8 *key, 330 unsigned int keylen) 331{ 332 unsigned int digestsize = crypto_ahash_digestsize(tfm); 333 struct qce_sha_ctx *ctx = crypto_tfm_ctx(&tfm->base); 334 struct crypto_wait wait; 335 struct ahash_request *req; 336 struct scatterlist sg; 337 unsigned int blocksize; 338 struct crypto_ahash *ahash_tfm; 339 u8 *buf; 340 int ret; 341 const char *alg_name; 342 343 blocksize = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm)); 344 memset(ctx->authkey, 0, sizeof(ctx->authkey)); 345 346 if (keylen <= blocksize) { 347 memcpy(ctx->authkey, key, keylen); 348 return 0; 349 } 350 351 if (digestsize == SHA1_DIGEST_SIZE) 352 alg_name = "sha1-qce"; 353 else if (digestsize == SHA256_DIGEST_SIZE) 354 alg_name = "sha256-qce"; 355 else 356 return -EINVAL; 357 358 ahash_tfm = crypto_alloc_ahash(alg_name, 0, 0); 359 if (IS_ERR(ahash_tfm)) 360 return PTR_ERR(ahash_tfm); 361 362 req = ahash_request_alloc(ahash_tfm, GFP_KERNEL); 363 if (!req) { 364 ret = -ENOMEM; 365 goto err_free_ahash; 366 } 367 368 crypto_init_wait(&wait); 369 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 370 crypto_req_done, &wait); 371 crypto_ahash_clear_flags(ahash_tfm, ~0); 372 373 buf = kzalloc(keylen + QCE_MAX_ALIGN_SIZE, GFP_KERNEL); 374 if (!buf) { 375 ret = -ENOMEM; 376 goto err_free_req; 377 } 378 379 memcpy(buf, key, keylen); 380 sg_init_one(&sg, buf, keylen); 381 ahash_request_set_crypt(req, &sg, ctx->authkey, keylen); 382 383 ret = crypto_wait_req(crypto_ahash_digest(req), &wait); 384 385 kfree(buf); 386err_free_req: 387 ahash_request_free(req); 388err_free_ahash: 389 crypto_free_ahash(ahash_tfm); 390 return ret; 391} 392 393static int qce_ahash_cra_init(struct crypto_tfm *tfm) 394{ 395 struct crypto_ahash *ahash = __crypto_ahash_cast(tfm); 396 struct qce_sha_ctx *ctx = crypto_tfm_ctx(tfm); 397 398 crypto_ahash_set_reqsize_dma(ahash, sizeof(struct qce_sha_reqctx)); 399 memset(ctx, 0, sizeof(*ctx)); 400 return 0; 401} 402 403struct qce_ahash_def { 404 unsigned long flags; 405 const char *name; 406 const char *drv_name; 407 unsigned int digestsize; 408 unsigned int blocksize; 409 unsigned int statesize; 410 const u32 *std_iv; 411}; 412 413static const struct qce_ahash_def ahash_def[] = { 414 { 415 .flags = QCE_HASH_SHA1, 416 .name = "sha1", 417 .drv_name = "sha1-qce", 418 .digestsize = SHA1_DIGEST_SIZE, 419 .blocksize = SHA1_BLOCK_SIZE, 420 .statesize = sizeof(struct qce_sha_saved_state), 421 .std_iv = std_iv_sha1, 422 }, 423 { 424 .flags = QCE_HASH_SHA256, 425 .name = "sha256", 426 .drv_name = "sha256-qce", 427 .digestsize = SHA256_DIGEST_SIZE, 428 .blocksize = SHA256_BLOCK_SIZE, 429 .statesize = sizeof(struct qce_sha_saved_state), 430 .std_iv = std_iv_sha256, 431 }, 432 { 433 .flags = QCE_HASH_SHA1_HMAC, 434 .name = "hmac(sha1)", 435 .drv_name = "hmac-sha1-qce", 436 .digestsize = SHA1_DIGEST_SIZE, 437 .blocksize = SHA1_BLOCK_SIZE, 438 .statesize = sizeof(struct qce_sha_saved_state), 439 .std_iv = std_iv_sha1, 440 }, 441 { 442 .flags = QCE_HASH_SHA256_HMAC, 443 .name = "hmac(sha256)", 444 .drv_name = "hmac-sha256-qce", 445 .digestsize = SHA256_DIGEST_SIZE, 446 .blocksize = SHA256_BLOCK_SIZE, 447 .statesize = sizeof(struct qce_sha_saved_state), 448 .std_iv = std_iv_sha256, 449 }, 450}; 451 452static int qce_ahash_register_one(const struct qce_ahash_def *def, 453 struct qce_device *qce) 454{ 455 struct qce_alg_template *tmpl; 456 struct ahash_alg *alg; 457 struct crypto_alg *base; 458 int ret; 459 460 tmpl = kzalloc(sizeof(*tmpl), GFP_KERNEL); 461 if (!tmpl) 462 return -ENOMEM; 463 464 tmpl->std_iv = def->std_iv; 465 466 alg = &tmpl->alg.ahash; 467 alg->init = qce_ahash_init; 468 alg->update = qce_ahash_update; 469 alg->final = qce_ahash_final; 470 alg->digest = qce_ahash_digest; 471 alg->export = qce_ahash_export; 472 alg->import = qce_ahash_import; 473 if (IS_SHA_HMAC(def->flags)) 474 alg->setkey = qce_ahash_hmac_setkey; 475 alg->halg.digestsize = def->digestsize; 476 alg->halg.statesize = def->statesize; 477 478 if (IS_SHA1(def->flags)) 479 tmpl->hash_zero = sha1_zero_message_hash; 480 else if (IS_SHA256(def->flags)) 481 tmpl->hash_zero = sha256_zero_message_hash; 482 483 base = &alg->halg.base; 484 base->cra_blocksize = def->blocksize; 485 base->cra_priority = 300; 486 base->cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY; 487 base->cra_ctxsize = sizeof(struct qce_sha_ctx); 488 base->cra_alignmask = 0; 489 base->cra_module = THIS_MODULE; 490 base->cra_init = qce_ahash_cra_init; 491 492 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name); 493 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 494 def->drv_name); 495 496 INIT_LIST_HEAD(&tmpl->entry); 497 tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_AHASH; 498 tmpl->alg_flags = def->flags; 499 tmpl->qce = qce; 500 501 ret = crypto_register_ahash(alg); 502 if (ret) { 503 dev_err(qce->dev, "%s registration failed\n", base->cra_name); 504 kfree(tmpl); 505 return ret; 506 } 507 508 list_add_tail(&tmpl->entry, &ahash_algs); 509 dev_dbg(qce->dev, "%s is registered\n", base->cra_name); 510 return 0; 511} 512 513static void qce_ahash_unregister(struct qce_device *qce) 514{ 515 struct qce_alg_template *tmpl, *n; 516 517 list_for_each_entry_safe(tmpl, n, &ahash_algs, entry) { 518 crypto_unregister_ahash(&tmpl->alg.ahash); 519 list_del(&tmpl->entry); 520 kfree(tmpl); 521 } 522} 523 524static int qce_ahash_register(struct qce_device *qce) 525{ 526 int ret, i; 527 528 for (i = 0; i < ARRAY_SIZE(ahash_def); i++) { 529 ret = qce_ahash_register_one(&ahash_def[i], qce); 530 if (ret) 531 goto err; 532 } 533 534 return 0; 535err: 536 qce_ahash_unregister(qce); 537 return ret; 538} 539 540const struct qce_algo_ops ahash_ops = { 541 .type = CRYPTO_ALG_TYPE_AHASH, 542 .register_algs = qce_ahash_register, 543 .unregister_algs = qce_ahash_unregister, 544 .async_req_handle = qce_ahash_async_req_handle, 545}; 546