2 * crypto/ocf/talitos/talitos.c
4 * An OCF-Linux module that uses Freescale's SEC to do the crypto.
5 * Based on crypto/ocf/hifn and crypto/ocf/safe OCF drivers
7 * Copyright (c) 2006 Freescale Semiconductor, Inc.
9 * This code written by Kim A. B. Phillips <kim.phillips@freescale.com>
10 * some code copied from files with the following:
11 * Copyright (C) 2004-2007 David McCullough <david_mccullough@mcafee.com>
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. The name of the author may not be used to endorse or promote products
23 * derived from this software without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 * ---------------------------------------------------------------------------
40 * The Freescale SEC (also known as 'talitos') resides on the
41 * internal bus, and runs asynchronous to the processor core. It has
42 * a wide gamut of cryptographic acceleration features, including single-
43 * pass IPsec (also known as algorithm chaining). To properly utilize
44 * all of the SEC's performance enhancing features, further reworking
45 * of higher level code (framework, applications) will be necessary.
47 * The following table shows which SEC version is present in which devices:
53 * 8555E, 8541E SEC 2.0
57 * The following table shows the features offered by each SEC version:
60 * version Bus I/F Clock nels DEU AESU AFEU MDEU PKEU RNG KEU
62 * SEC 1.0 internal 64b 100MHz 4 1 1 1 1 1 1 0
63 * SEC 1.2 internal 32b 66MHz 1 1 1 0 1 0 0 0
64 * SEC 2.0 internal 64b 166MHz 4 1 1 1 1 1 1 0
65 * SEC 2.01 internal 64b 166MHz 4 1 1 1 1 1 1 0
66 * SEC 2.1 internal 64b 333MHz 4 1 1 1 1 1 1 1
68 * Each execution unit in the SEC has two modes of execution; channel and
69 * slave/debug. This driver employs the channel infrastructure in the
70 * device for convenience. Only the RNG is directly accessed due to the
71 * convenience of its random fifo pool. The relationship between the
72 * channels and execution units is depicted in the following diagram:
74 * ------- ------------
77 * | |------+-------+-------+-------+------------
78 * ------- | | | | | | |
79 * ---| ch1 |---| | | | | | |
80 * ------- | | ------ ------ ------ ------ ------
81 * |controller| |DEU | |AESU| |MDEU| |PKEU| ... |RNG |
82 * ------- | | ------ ------ ------ ------ ------
83 * ---| ch2 |---| | | | | | |
84 * ------- | | | | | | |
85 * | |------+-------+-------+-------+------------
88 * ------- ------------
90 * Channel ch0 may drive an aes operation to the aes unit (AESU),
91 * and, at the same time, ch1 may drive a message digest operation
92 * to the mdeu. Each channel has an input descriptor FIFO, and the
93 * FIFO can contain, e.g. on the 8541E, up to 24 entries, before a
94 * a buffer overrun error is triggered. The controller is responsible
95 * for fetching the data from descriptor pointers, and passing the
96 * data to the appropriate EUs. The controller also writes the
97 * cryptographic operation's result to memory. The SEC notifies
98 * completion by triggering an interrupt and/or setting the 1st byte
99 * of the hdr field to 0xff.
102 * o support more algorithms
103 * o support more versions of the SEC
104 * o add support for linux 2.4
105 * o scatter-gather (sg) support
106 * o add support for public key ops (PKEU)
110 #ifndef AUTOCONF_INCLUDED
111 #include <linux/config.h>
113 #include <linux/module.h>
114 #include <linux/init.h>
115 #include <linux/interrupt.h>
116 #include <linux/spinlock.h>
117 #include <linux/random.h>
118 #include <linux/skbuff.h>
119 #include <asm/scatterlist.h>
120 #include <linux/dma-mapping.h> /* dma_map_single() */
121 #include <linux/moduleparam.h>
123 #include <linux/version.h>
124 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15)
125 #include <linux/platform_device.h>
128 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
129 #include <linux/of_platform.h>
132 #include <cryptodev.h>
135 #define DRV_NAME "talitos"
137 #include "talitos_dev.h"
138 #include "talitos_soft.h"
140 #define read_random(p,l) get_random_bytes(p,l)
142 const char talitos_driver_name[] = "Talitos OCF";
143 const char talitos_driver_version[] = "0.2";
145 static int talitos_newsession(device_t dev, u_int32_t *sidp,
146 struct cryptoini *cri);
147 static int talitos_freesession(device_t dev, u_int64_t tid);
148 static int talitos_process(device_t dev, struct cryptop *crp, int hint);
149 static void dump_talitos_status(struct talitos_softc *sc);
150 static int talitos_submit(struct talitos_softc *sc, struct talitos_desc *td,
152 static void talitos_doneprocessing(struct talitos_softc *sc);
153 static void talitos_init_device(struct talitos_softc *sc);
154 static void talitos_reset_device_master(struct talitos_softc *sc);
155 static void talitos_reset_device(struct talitos_softc *sc);
156 static void talitos_errorprocessing(struct talitos_softc *sc);
157 #ifdef CONFIG_PPC_MERGE
158 static int talitos_probe(struct of_device *ofdev, const struct of_device_id *match);
159 static int talitos_remove(struct of_device *ofdev);
161 static int talitos_probe(struct platform_device *pdev);
162 static int talitos_remove(struct platform_device *pdev);
164 #ifdef CONFIG_OCF_RANDOMHARVEST
165 static int talitos_read_random(void *arg, u_int32_t *buf, int maxwords);
166 static void talitos_rng_init(struct talitos_softc *sc);
169 static device_method_t talitos_methods = {
170 /* crypto device methods */
171 DEVMETHOD(cryptodev_newsession, talitos_newsession),
172 DEVMETHOD(cryptodev_freesession,talitos_freesession),
173 DEVMETHOD(cryptodev_process, talitos_process),
176 #define debug talitos_debug
177 int talitos_debug = 0;
178 module_param(talitos_debug, int, 0644);
179 MODULE_PARM_DESC(talitos_debug, "Enable debug");
181 static inline void talitos_write(volatile unsigned *addr, u32 val)
186 static inline u32 talitos_read(volatile unsigned *addr)
193 static void dump_talitos_status(struct talitos_softc *sc)
195 unsigned int v, v_hi, i, *ptr;
196 v = talitos_read(sc->sc_base_addr + TALITOS_MCR);
197 v_hi = talitos_read(sc->sc_base_addr + TALITOS_MCR_HI);
198 printk(KERN_INFO "%s: MCR 0x%08x_%08x\n",
199 device_get_nameunit(sc->sc_cdev), v, v_hi);
200 v = talitos_read(sc->sc_base_addr + TALITOS_IMR);
201 v_hi = talitos_read(sc->sc_base_addr + TALITOS_IMR_HI);
202 printk(KERN_INFO "%s: IMR 0x%08x_%08x\n",
203 device_get_nameunit(sc->sc_cdev), v, v_hi);
204 v = talitos_read(sc->sc_base_addr + TALITOS_ISR);
205 v_hi = talitos_read(sc->sc_base_addr + TALITOS_ISR_HI);
206 printk(KERN_INFO "%s: ISR 0x%08x_%08x\n",
207 device_get_nameunit(sc->sc_cdev), v, v_hi);
208 for (i = 0; i < sc->sc_num_channels; i++) {
209 v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
211 v_hi = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
213 printk(KERN_INFO "%s: CDPR ch%d 0x%08x_%08x\n",
214 device_get_nameunit(sc->sc_cdev), i, v, v_hi);
216 for (i = 0; i < sc->sc_num_channels; i++) {
217 v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
219 v_hi = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
220 TALITOS_CH_CCPSR_HI);
221 printk(KERN_INFO "%s: CCPSR ch%d 0x%08x_%08x\n",
222 device_get_nameunit(sc->sc_cdev), i, v, v_hi);
224 ptr = sc->sc_base_addr + TALITOS_CH_DESCBUF;
225 for (i = 0; i < 16; i++) {
226 v = talitos_read(ptr++); v_hi = talitos_read(ptr++);
227 printk(KERN_INFO "%s: DESCBUF ch0 0x%08x_%08x (tdp%02d)\n",
228 device_get_nameunit(sc->sc_cdev), v, v_hi, i);
234 #ifdef CONFIG_OCF_RANDOMHARVEST
236 * pull random numbers off the RNG FIFO, not exceeding amount available
239 talitos_read_random(void *arg, u_int32_t *buf, int maxwords)
241 struct talitos_softc *sc = (struct talitos_softc *) arg;
245 DPRINTF("%s()\n", __FUNCTION__);
247 /* check for things like FIFO underflow */
248 v = talitos_read(sc->sc_base_addr + TALITOS_RNGISR_HI);
250 printk(KERN_ERR "%s: RNGISR_HI error %08x\n",
251 device_get_nameunit(sc->sc_cdev), v);
255 * OFL is number of available 64-bit words,
256 * shift and convert to a 32-bit word count
258 v = talitos_read(sc->sc_base_addr + TALITOS_RNGSR_HI);
259 v = (v & TALITOS_RNGSR_HI_OFL) >> (16 - 1);
262 for (rc = 0; rc < maxwords; rc++) {
263 buf[rc] = talitos_read(sc->sc_base_addr +
264 TALITOS_RNG_FIFO + rc*sizeof(u_int32_t));
268 * RNG will complain with an AE in the RNGISR
269 * if we don't complete the pairs of 32-bit reads
270 * to its 64-bit register based FIFO
272 v = talitos_read(sc->sc_base_addr +
273 TALITOS_RNG_FIFO + rc*sizeof(u_int32_t));
280 talitos_rng_init(struct talitos_softc *sc)
284 DPRINTF("%s()\n", __FUNCTION__);
286 v = talitos_read(sc->sc_base_addr + TALITOS_RNGRCR_HI);
287 v |= TALITOS_RNGRCR_HI_SR;
288 talitos_write(sc->sc_base_addr + TALITOS_RNGRCR_HI, v);
289 while ((talitos_read(sc->sc_base_addr + TALITOS_RNGSR_HI)
290 & TALITOS_RNGSR_HI_RD) == 0)
293 * we tell the RNG to start filling the RNG FIFO
294 * by writing the RNGDSR
296 v = talitos_read(sc->sc_base_addr + TALITOS_RNGDSR_HI);
297 talitos_write(sc->sc_base_addr + TALITOS_RNGDSR_HI, v);
299 * 64 bits of data will be pushed onto the FIFO every
300 * 256 SEC cycles until the FIFO is full. The RNG then
301 * attempts to keep the FIFO full.
303 v = talitos_read(sc->sc_base_addr + TALITOS_RNGISR_HI);
305 printk(KERN_ERR "%s: RNGISR_HI error %08x\n",
306 device_get_nameunit(sc->sc_cdev), v);
310 * n.b. we need to add a FIPS test here - if the RNG is going
311 * to fail, it's going to fail at reset time
315 #endif /* CONFIG_OCF_RANDOMHARVEST */
318 * Generate a new software session.
321 talitos_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
323 struct cryptoini *c, *encini = NULL, *macini = NULL;
324 struct talitos_softc *sc = device_get_softc(dev);
325 struct talitos_session *ses = NULL;
328 DPRINTF("%s()\n", __FUNCTION__);
329 if (sidp == NULL || cri == NULL || sc == NULL) {
330 DPRINTF("%s,%d - EINVAL\n", __FILE__, __LINE__);
333 for (c = cri; c != NULL; c = c->cri_next) {
334 if (c->cri_alg == CRYPTO_MD5 ||
335 c->cri_alg == CRYPTO_MD5_HMAC ||
336 c->cri_alg == CRYPTO_SHA1 ||
337 c->cri_alg == CRYPTO_SHA1_HMAC ||
338 c->cri_alg == CRYPTO_NULL_HMAC) {
342 } else if (c->cri_alg == CRYPTO_DES_CBC ||
343 c->cri_alg == CRYPTO_3DES_CBC ||
344 c->cri_alg == CRYPTO_AES_CBC ||
345 c->cri_alg == CRYPTO_NULL_CBC) {
350 DPRINTF("UNKNOWN c->cri_alg %d\n", encini->cri_alg);
354 if (encini == NULL && macini == NULL)
357 /* validate key length */
358 switch (encini->cri_alg) {
360 if (encini->cri_klen != 64)
363 case CRYPTO_3DES_CBC:
364 if (encini->cri_klen != 192) {
369 if (encini->cri_klen != 128 &&
370 encini->cri_klen != 192 &&
371 encini->cri_klen != 256)
375 DPRINTF("UNKNOWN encini->cri_alg %d\n",
381 if (sc->sc_sessions == NULL) {
382 ses = sc->sc_sessions = (struct talitos_session *)
383 kmalloc(sizeof(struct talitos_session), SLAB_ATOMIC);
386 memset(ses, 0, sizeof(struct talitos_session));
388 sc->sc_nsessions = 1;
390 for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
391 if (sc->sc_sessions[sesn].ses_used == 0) {
392 ses = &sc->sc_sessions[sesn];
398 /* allocating session */
399 sesn = sc->sc_nsessions;
400 ses = (struct talitos_session *) kmalloc(
401 (sesn + 1) * sizeof(struct talitos_session),
406 (sesn + 1) * sizeof(struct talitos_session));
407 memcpy(ses, sc->sc_sessions,
408 sesn * sizeof(struct talitos_session));
409 memset(sc->sc_sessions, 0,
410 sesn * sizeof(struct talitos_session));
411 kfree(sc->sc_sessions);
412 sc->sc_sessions = ses;
413 ses = &sc->sc_sessions[sesn];
422 /* XXX may read fewer than requested */
423 read_random(ses->ses_iv, sizeof(ses->ses_iv));
425 ses->ses_klen = (encini->cri_klen + 7) / 8;
426 memcpy(ses->ses_key, encini->cri_key, ses->ses_klen);
428 /* doing hash on top of cipher */
429 ses->ses_hmac_len = (macini->cri_klen + 7) / 8;
430 memcpy(ses->ses_hmac, macini->cri_key,
435 ses->ses_klen = (macini->cri_klen + 7) / 8;
436 memcpy(ses->ses_key, macini->cri_key, ses->ses_klen);
439 /* back compat way of determining MSC result len */
441 ses->ses_mlen = macini->cri_mlen;
442 if (ses->ses_mlen == 0) {
443 if (macini->cri_alg == CRYPTO_MD5_HMAC)
444 ses->ses_mlen = MD5_HASH_LEN;
446 ses->ses_mlen = SHA1_HASH_LEN;
450 /* really should make up a template td here,
451 * and only fill things like i/o and direction in process() */
453 /* assign session ID */
454 *sidp = TALITOS_SID(sc->sc_num, sesn);
459 * Deallocate a session.
462 talitos_freesession(device_t dev, u_int64_t tid)
464 struct talitos_softc *sc = device_get_softc(dev);
466 u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
470 session = TALITOS_SESSION(sid);
471 if (session < sc->sc_nsessions) {
472 memset(&sc->sc_sessions[session], 0,
473 sizeof(sc->sc_sessions[session]));
481 * launch device processing - it will come back with done notification
482 * in the form of an interrupt and/or HDR_DONE_BITS in header
486 struct talitos_softc *sc,
487 struct talitos_desc *td,
492 v = dma_map_single(NULL, td, sizeof(*td), DMA_TO_DEVICE);
493 talitos_write(sc->sc_base_addr +
494 chsel*TALITOS_CH_OFFSET + TALITOS_CH_FF, 0);
495 talitos_write(sc->sc_base_addr +
496 chsel*TALITOS_CH_OFFSET + TALITOS_CH_FF_HI, v);
501 talitos_process(device_t dev, struct cryptop *crp, int hint)
503 int i, err = 0, ivsize;
504 struct talitos_softc *sc = device_get_softc(dev);
505 struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
507 struct talitos_session *ses;
508 struct talitos_desc *td;
510 /* descriptor mappings */
511 int hmac_key, hmac_data, cipher_iv, cipher_key,
512 in_fifo, out_fifo, cipher_iv_out;
513 static int chsel = -1;
515 DPRINTF("%s()\n", __FUNCTION__);
517 if (crp == NULL || crp->crp_callback == NULL || sc == NULL) {
521 if (TALITOS_SESSION(crp->crp_sid) >= sc->sc_nsessions) {
525 ses = &sc->sc_sessions[TALITOS_SESSION(crp->crp_sid)];
527 /* enter the channel scheduler */
528 spin_lock_irqsave(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
530 /* reuse channel that already had/has requests for the required EU */
531 for (i = 0; i < sc->sc_num_channels; i++) {
532 if (sc->sc_chnlastalg[i] == crp->crp_desc->crd_alg)
535 if (i == sc->sc_num_channels) {
537 * haven't seen this algo the last sc_num_channels or more
538 * use round robin in this case
539 * nb: sc->sc_num_channels must be power of 2
541 chsel = (chsel + 1) & (sc->sc_num_channels - 1);
544 * matches channel with same target execution unit;
545 * use same channel in this case
549 sc->sc_chnlastalg[chsel] = crp->crp_desc->crd_alg;
551 /* release the channel scheduler lock */
552 spin_unlock_irqrestore(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
554 /* acquire the selected channel fifo lock */
555 spin_lock_irqsave(&sc->sc_chnfifolock[chsel], flags);
557 /* find and reserve next available descriptor-cryptop pair */
558 for (i = 0; i < sc->sc_chfifo_len; i++) {
559 if (sc->sc_chnfifo[chsel][i].cf_desc.hdr == 0) {
561 * ensure correct descriptor formation by
562 * avoiding inadvertently setting "optional" entries
563 * e.g. not using "optional" dptr2 for MD/HMAC descs
565 memset(&sc->sc_chnfifo[chsel][i].cf_desc,
567 /* reserve it with done notification request bit */
568 sc->sc_chnfifo[chsel][i].cf_desc.hdr |=
573 spin_unlock_irqrestore(&sc->sc_chnfifolock[chsel], flags);
575 if (i == sc->sc_chfifo_len) {
581 td = &sc->sc_chnfifo[chsel][i].cf_desc;
582 sc->sc_chnfifo[chsel][i].cf_crp = crp;
584 crd1 = crp->crp_desc;
589 crd2 = crd1->crd_next;
590 /* prevent compiler warning */
594 td->hdr |= TD_TYPE_COMMON_NONSNOOP_NO_AFEU;
595 /* assign descriptor dword ptr mappings for this desc. type */
600 if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
601 crd1->crd_alg == CRYPTO_SHA1_HMAC ||
602 crd1->crd_alg == CRYPTO_SHA1 ||
603 crd1->crd_alg == CRYPTO_MD5) {
607 } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
608 crd1->crd_alg == CRYPTO_3DES_CBC ||
609 crd1->crd_alg == CRYPTO_AES_CBC ||
610 crd1->crd_alg == CRYPTO_ARC4) {
615 DPRINTF("UNKNOWN crd1->crd_alg %d\n", crd1->crd_alg);
620 if (sc->sc_desc_types & TALITOS_HAS_DT_IPSEC_ESP) {
621 td->hdr |= TD_TYPE_IPSEC_ESP;
623 DPRINTF("unimplemented: multiple descriptor ipsec\n");
627 /* assign descriptor dword ptr mappings for this desc. type */
635 if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
636 crd1->crd_alg == CRYPTO_SHA1_HMAC ||
637 crd1->crd_alg == CRYPTO_MD5 ||
638 crd1->crd_alg == CRYPTO_SHA1) &&
639 (crd2->crd_alg == CRYPTO_DES_CBC ||
640 crd2->crd_alg == CRYPTO_3DES_CBC ||
641 crd2->crd_alg == CRYPTO_AES_CBC ||
642 crd2->crd_alg == CRYPTO_ARC4) &&
643 ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
646 } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
647 crd1->crd_alg == CRYPTO_ARC4 ||
648 crd1->crd_alg == CRYPTO_3DES_CBC ||
649 crd1->crd_alg == CRYPTO_AES_CBC) &&
650 (crd2->crd_alg == CRYPTO_MD5_HMAC ||
651 crd2->crd_alg == CRYPTO_SHA1_HMAC ||
652 crd2->crd_alg == CRYPTO_MD5 ||
653 crd2->crd_alg == CRYPTO_SHA1) &&
654 (crd1->crd_flags & CRD_F_ENCRYPT)) {
658 /* We cannot order the SEC as requested */
659 printk("%s: cannot do the order\n",
660 device_get_nameunit(sc->sc_cdev));
665 /* assign in_fifo and out_fifo based on input/output struct type */
666 if (crp->crp_flags & CRYPTO_F_SKBUF) {
667 /* using SKB buffers */
668 struct sk_buff *skb = (struct sk_buff *)crp->crp_buf;
669 if (skb_shinfo(skb)->nr_frags) {
670 printk("%s: skb frags unimplemented\n",
671 device_get_nameunit(sc->sc_cdev));
675 td->ptr[in_fifo].ptr = dma_map_single(NULL, skb->data,
676 skb->len, DMA_TO_DEVICE);
677 td->ptr[in_fifo].len = skb->len;
678 td->ptr[out_fifo].ptr = dma_map_single(NULL, skb->data,
679 skb->len, DMA_TO_DEVICE);
680 td->ptr[out_fifo].len = skb->len;
681 td->ptr[hmac_data].ptr = dma_map_single(NULL, skb->data,
682 skb->len, DMA_TO_DEVICE);
683 } else if (crp->crp_flags & CRYPTO_F_IOV) {
684 /* using IOV buffers */
685 struct uio *uiop = (struct uio *)crp->crp_buf;
686 if (uiop->uio_iovcnt > 1) {
687 printk("%s: iov frags unimplemented\n",
688 device_get_nameunit(sc->sc_cdev));
692 td->ptr[in_fifo].ptr = dma_map_single(NULL,
693 uiop->uio_iov->iov_base, crp->crp_ilen, DMA_TO_DEVICE);
694 td->ptr[in_fifo].len = crp->crp_ilen;
695 /* crp_olen is never set; always use crp_ilen */
696 td->ptr[out_fifo].ptr = dma_map_single(NULL,
697 uiop->uio_iov->iov_base,
698 crp->crp_ilen, DMA_TO_DEVICE);
699 td->ptr[out_fifo].len = crp->crp_ilen;
701 /* using contig buffers */
702 td->ptr[in_fifo].ptr = dma_map_single(NULL,
703 crp->crp_buf, crp->crp_ilen, DMA_TO_DEVICE);
704 td->ptr[in_fifo].len = crp->crp_ilen;
705 td->ptr[out_fifo].ptr = dma_map_single(NULL,
706 crp->crp_buf, crp->crp_ilen, DMA_TO_DEVICE);
707 td->ptr[out_fifo].len = crp->crp_ilen;
710 switch (enccrd->crd_alg) {
711 case CRYPTO_3DES_CBC:
712 td->hdr |= TALITOS_MODE0_DEU_3DES;
715 td->hdr |= TALITOS_SEL0_DEU
716 | TALITOS_MODE0_DEU_CBC;
717 if (enccrd->crd_flags & CRD_F_ENCRYPT)
718 td->hdr |= TALITOS_MODE0_DEU_ENC;
719 ivsize = 2*sizeof(u_int32_t);
720 DPRINTF("%cDES ses %d ch %d len %d\n",
721 (td->hdr & TALITOS_MODE0_DEU_3DES)?'3':'1',
722 (u32)TALITOS_SESSION(crp->crp_sid),
723 chsel, td->ptr[in_fifo].len);
726 td->hdr |= TALITOS_SEL0_AESU
727 | TALITOS_MODE0_AESU_CBC;
728 if (enccrd->crd_flags & CRD_F_ENCRYPT)
729 td->hdr |= TALITOS_MODE0_AESU_ENC;
730 ivsize = 4*sizeof(u_int32_t);
731 DPRINTF("AES ses %d ch %d len %d\n",
732 (u32)TALITOS_SESSION(crp->crp_sid),
733 chsel, td->ptr[in_fifo].len);
736 printk("%s: unimplemented enccrd->crd_alg %d\n",
737 device_get_nameunit(sc->sc_cdev), enccrd->crd_alg);
742 * Setup encrypt/decrypt state. When using basic ops
743 * we can't use an inline IV because hash/crypt offset
744 * must be from the end of the IV to the start of the
745 * crypt data and this leaves out the preceding header
746 * from the hash calculation. Instead we place the IV
747 * in the state record and set the hash/crypt offset to
748 * copy both the header+IV.
750 if (enccrd->crd_flags & CRD_F_ENCRYPT) {
751 td->hdr |= TALITOS_DIR_OUTBOUND;
752 if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
755 iv = (caddr_t) ses->ses_iv;
756 if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
757 crypto_copyback(crp->crp_flags, crp->crp_buf,
758 enccrd->crd_inject, ivsize, iv);
761 td->hdr |= TALITOS_DIR_INBOUND;
762 if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
764 bcopy(enccrd->crd_iv, iv, ivsize);
766 iv = (caddr_t) ses->ses_iv;
767 crypto_copydata(crp->crp_flags, crp->crp_buf,
768 enccrd->crd_inject, ivsize, iv);
771 td->ptr[cipher_iv].ptr = dma_map_single(NULL, iv, ivsize,
773 td->ptr[cipher_iv].len = ivsize;
775 * we don't need the cipher iv out length/pointer
776 * field to do ESP IPsec. Therefore we set the len field as 0,
777 * which tells the SEC not to do anything with this len/ptr
778 * field. Previously, when length/pointer as pointing to iv,
779 * it gave us corruption of packets.
781 td->ptr[cipher_iv_out].len = 0;
783 if (enccrd && maccrd) {
784 /* this is ipsec only for now */
785 td->hdr |= TALITOS_SEL1_MDEU
786 | TALITOS_MODE1_MDEU_INIT
787 | TALITOS_MODE1_MDEU_PAD;
788 switch (maccrd->crd_alg) {
790 td->hdr |= TALITOS_MODE1_MDEU_MD5;
792 case CRYPTO_MD5_HMAC:
793 td->hdr |= TALITOS_MODE1_MDEU_MD5_HMAC;
796 td->hdr |= TALITOS_MODE1_MDEU_SHA1;
798 case CRYPTO_SHA1_HMAC:
799 td->hdr |= TALITOS_MODE1_MDEU_SHA1_HMAC;
802 /* We cannot order the SEC as requested */
803 printk("%s: cannot do the order\n",
804 device_get_nameunit(sc->sc_cdev));
808 if ((maccrd->crd_alg == CRYPTO_MD5_HMAC) ||
809 (maccrd->crd_alg == CRYPTO_SHA1_HMAC)) {
811 * The offset from hash data to the start of
812 * crypt data is the difference in the skips.
814 /* ipsec only for now */
815 td->ptr[hmac_key].ptr = dma_map_single(NULL,
816 ses->ses_hmac, ses->ses_hmac_len, DMA_TO_DEVICE);
817 td->ptr[hmac_key].len = ses->ses_hmac_len;
818 td->ptr[in_fifo].ptr += enccrd->crd_skip;
819 td->ptr[in_fifo].len = enccrd->crd_len;
820 td->ptr[out_fifo].ptr += enccrd->crd_skip;
821 td->ptr[out_fifo].len = enccrd->crd_len;
822 /* bytes of HMAC to postpend to ciphertext */
823 td->ptr[out_fifo].extent = ses->ses_mlen;
824 td->ptr[hmac_data].ptr += maccrd->crd_skip;
825 td->ptr[hmac_data].len = enccrd->crd_skip - maccrd->crd_skip;
827 if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) {
828 printk("%s: CRD_F_KEY_EXPLICIT unimplemented\n",
829 device_get_nameunit(sc->sc_cdev));
832 if (!enccrd && maccrd) {
833 /* single MD5 or SHA */
834 td->hdr |= TALITOS_SEL0_MDEU
835 | TALITOS_MODE0_MDEU_INIT
836 | TALITOS_MODE0_MDEU_PAD;
837 switch (maccrd->crd_alg) {
839 td->hdr |= TALITOS_MODE0_MDEU_MD5;
840 DPRINTF("MD5 ses %d ch %d len %d\n",
841 (u32)TALITOS_SESSION(crp->crp_sid),
842 chsel, td->ptr[in_fifo].len);
844 case CRYPTO_MD5_HMAC:
845 td->hdr |= TALITOS_MODE0_MDEU_MD5_HMAC;
848 td->hdr |= TALITOS_MODE0_MDEU_SHA1;
849 DPRINTF("SHA1 ses %d ch %d len %d\n",
850 (u32)TALITOS_SESSION(crp->crp_sid),
851 chsel, td->ptr[in_fifo].len);
853 case CRYPTO_SHA1_HMAC:
854 td->hdr |= TALITOS_MODE0_MDEU_SHA1_HMAC;
857 /* We cannot order the SEC as requested */
858 DPRINTF("cannot do the order\n");
863 if (crp->crp_flags & CRYPTO_F_IOV)
864 td->ptr[out_fifo].ptr += maccrd->crd_inject;
866 if ((maccrd->crd_alg == CRYPTO_MD5_HMAC) ||
867 (maccrd->crd_alg == CRYPTO_SHA1_HMAC)) {
868 td->ptr[hmac_key].ptr = dma_map_single(NULL,
869 ses->ses_hmac, ses->ses_hmac_len,
871 td->ptr[hmac_key].len = ses->ses_hmac_len;
875 /* using process key (session data has duplicate) */
876 td->ptr[cipher_key].ptr = dma_map_single(NULL,
877 enccrd->crd_key, (enccrd->crd_klen + 7) / 8,
879 td->ptr[cipher_key].len = (enccrd->crd_klen + 7) / 8;
881 /* descriptor complete - GO! */
882 return talitos_submit(sc, td, chsel);
885 if (err != ERESTART) {
886 crp->crp_etype = err;
892 /* go through all channels descriptors, notifying OCF what has
893 * _and_hasn't_ successfully completed and reset the device
894 * (otherwise it's up to decoding desc hdrs!)
896 static void talitos_errorprocessing(struct talitos_softc *sc)
901 /* disable further scheduling until under control */
902 spin_lock_irqsave(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
904 if (debug) dump_talitos_status(sc);
905 /* go through descriptors, try and salvage those successfully done,
906 * and EIO those that weren't
908 for (i = 0; i < sc->sc_num_channels; i++) {
909 spin_lock_irqsave(&sc->sc_chnfifolock[i], flags);
910 for (j = 0; j < sc->sc_chfifo_len; j++) {
911 if (sc->sc_chnfifo[i][j].cf_desc.hdr) {
912 if ((sc->sc_chnfifo[i][j].cf_desc.hdr
913 & TALITOS_HDR_DONE_BITS)
914 != TALITOS_HDR_DONE_BITS) {
915 /* this one didn't finish */
916 /* signify in crp->etype */
917 sc->sc_chnfifo[i][j].cf_crp->crp_etype
921 continue; /* free entry */
922 /* either way, notify ocf */
923 crypto_done(sc->sc_chnfifo[i][j].cf_crp);
924 /* and tag it available again
926 * memset to ensure correct descriptor formation by
927 * avoiding inadvertently setting "optional" entries
928 * e.g. not using "optional" dptr2 MD/HMAC processing
930 memset(&sc->sc_chnfifo[i][j].cf_desc,
931 0, sizeof(struct talitos_desc));
933 spin_unlock_irqrestore(&sc->sc_chnfifolock[i], flags);
935 /* reset and initialize the SEC h/w device */
936 talitos_reset_device(sc);
937 talitos_init_device(sc);
938 #ifdef CONFIG_OCF_RANDOMHARVEST
939 if (sc->sc_exec_units & TALITOS_HAS_EU_RNG)
940 talitos_rng_init(sc);
943 /* Okay. Stand by. */
944 spin_unlock_irqrestore(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
949 /* go through all channels descriptors, notifying OCF what's been done */
950 static void talitos_doneprocessing(struct talitos_softc *sc)
955 /* go through descriptors looking for done bits */
956 for (i = 0; i < sc->sc_num_channels; i++) {
957 spin_lock_irqsave(&sc->sc_chnfifolock[i], flags);
958 for (j = 0; j < sc->sc_chfifo_len; j++) {
959 /* descriptor has done bits set? */
960 if ((sc->sc_chnfifo[i][j].cf_desc.hdr
961 & TALITOS_HDR_DONE_BITS)
962 == TALITOS_HDR_DONE_BITS) {
964 crypto_done(sc->sc_chnfifo[i][j].cf_crp);
965 /* and tag it available again
967 * memset to ensure correct descriptor formation by
968 * avoiding inadvertently setting "optional" entries
969 * e.g. not using "optional" dptr2 MD/HMAC processing
971 memset(&sc->sc_chnfifo[i][j].cf_desc,
972 0, sizeof(struct talitos_desc));
975 spin_unlock_irqrestore(&sc->sc_chnfifolock[i], flags);
981 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
982 talitos_intr(int irq, void *arg)
984 talitos_intr(int irq, void *arg, struct pt_regs *regs)
987 struct talitos_softc *sc = arg;
991 v = talitos_read(sc->sc_base_addr + TALITOS_ISR);
992 v_hi = talitos_read(sc->sc_base_addr + TALITOS_ISR_HI);
993 talitos_write(sc->sc_base_addr + TALITOS_ICR, v);
994 talitos_write(sc->sc_base_addr + TALITOS_ICR_HI, v_hi);
996 if (unlikely(v & TALITOS_ISR_ERROR)) {
997 /* Okay, Houston, we've had a problem here. */
998 printk(KERN_DEBUG "%s: got error interrupt - ISR 0x%08x_%08x\n",
999 device_get_nameunit(sc->sc_cdev), v, v_hi);
1000 talitos_errorprocessing(sc);
1002 if (likely(v & TALITOS_ISR_DONE)) {
1003 talitos_doneprocessing(sc);
1009 * Initialize registers we need to touch only once.
1012 talitos_init_device(struct talitos_softc *sc)
1017 DPRINTF("%s()\n", __FUNCTION__);
1019 /* init all channels */
1020 for (i = 0; i < sc->sc_num_channels; i++) {
1021 v = talitos_read(sc->sc_base_addr +
1022 i*TALITOS_CH_OFFSET + TALITOS_CH_CCCR_HI);
1023 v |= TALITOS_CH_CCCR_HI_CDWE
1024 | TALITOS_CH_CCCR_HI_CDIE; /* invoke interrupt if done */
1025 talitos_write(sc->sc_base_addr +
1026 i*TALITOS_CH_OFFSET + TALITOS_CH_CCCR_HI, v);
1028 /* enable all interrupts */
1029 v = talitos_read(sc->sc_base_addr + TALITOS_IMR);
1030 v |= TALITOS_IMR_ALL;
1031 talitos_write(sc->sc_base_addr + TALITOS_IMR, v);
1032 v = talitos_read(sc->sc_base_addr + TALITOS_IMR_HI);
1033 v |= TALITOS_IMR_HI_ERRONLY;
1034 talitos_write(sc->sc_base_addr + TALITOS_IMR_HI, v);
1039 * set the master reset bit on the device.
1042 talitos_reset_device_master(struct talitos_softc *sc)
1046 /* Reset the device by writing 1 to MCR:SWR and waiting 'til cleared */
1047 v = talitos_read(sc->sc_base_addr + TALITOS_MCR);
1048 talitos_write(sc->sc_base_addr + TALITOS_MCR, v | TALITOS_MCR_SWR);
1050 while (talitos_read(sc->sc_base_addr + TALITOS_MCR) & TALITOS_MCR_SWR)
1057 * Resets the device. Values in the registers are left as is
1058 * from the reset (i.e. initial values are assigned elsewhere).
1061 talitos_reset_device(struct talitos_softc *sc)
1066 DPRINTF("%s()\n", __FUNCTION__);
1070 * errata documentation: warning: certain SEC interrupts
1071 * are not fully cleared by writing the MCR:SWR bit,
1072 * set bit twice to completely reset
1074 talitos_reset_device_master(sc); /* once */
1075 talitos_reset_device_master(sc); /* and once again */
1077 /* reset all channels */
1078 for (i = 0; i < sc->sc_num_channels; i++) {
1079 v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
1081 talitos_write(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
1082 TALITOS_CH_CCCR, v | TALITOS_CH_CCCR_RESET);
1086 /* Set up the crypto device structure, private data,
1087 * and anything else we need before we start */
1088 #ifdef CONFIG_PPC_MERGE
1089 static int talitos_probe(struct of_device *ofdev, const struct of_device_id *match)
1091 static int talitos_probe(struct platform_device *pdev)
1094 struct talitos_softc *sc = NULL;
1096 #ifdef CONFIG_PPC_MERGE
1097 struct device *device = &ofdev->dev;
1098 struct device_node *np = ofdev->node;
1099 const unsigned int *prop;
1101 struct resource res;
1103 static int num_chips = 0;
1107 DPRINTF("%s()\n", __FUNCTION__);
1109 sc = (struct talitos_softc *) kmalloc(sizeof(*sc), GFP_KERNEL);
1112 memset(sc, 0, sizeof(*sc));
1114 softc_device_init(sc, DRV_NAME, num_chips, talitos_methods);
1118 #ifndef CONFIG_PPC_MERGE
1121 sc->sc_num = num_chips++;
1123 #ifdef CONFIG_PPC_MERGE
1124 dev_set_drvdata(device, sc);
1126 platform_set_drvdata(sc->sc_dev, sc);
1129 /* get the irq line */
1130 #ifdef CONFIG_PPC_MERGE
1131 err = of_address_to_resource(np, 0, &res);
1136 sc->sc_irq = irq_of_parse_and_map(np, 0);
1138 /* get a pointer to the register memory */
1139 r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
1141 sc->sc_irq = platform_get_irq(pdev, 0);
1143 rc = request_irq(sc->sc_irq, talitos_intr, 0,
1144 device_get_nameunit(sc->sc_cdev), sc);
1146 printk(KERN_ERR "%s: failed to hook irq %d\n",
1147 device_get_nameunit(sc->sc_cdev), sc->sc_irq);
1152 sc->sc_base_addr = (ocf_iomem_t) ioremap(r->start, (r->end - r->start));
1153 if (!sc->sc_base_addr) {
1154 printk(KERN_ERR "%s: failed to ioremap\n",
1155 device_get_nameunit(sc->sc_cdev));
1159 /* figure out our SEC's properties and capabilities */
1160 sc->sc_chiprev = (u64)talitos_read(sc->sc_base_addr + TALITOS_ID) << 32
1161 | talitos_read(sc->sc_base_addr + TALITOS_ID_HI);
1162 DPRINTF("sec id 0x%llx\n", sc->sc_chiprev);
1164 #ifdef CONFIG_PPC_MERGE
1165 /* get SEC properties from device tree, defaulting to SEC 2.0 */
1167 prop = of_get_property(np, "num-channels", NULL);
1168 sc->sc_num_channels = prop ? *prop : TALITOS_NCHANNELS_SEC_2_0;
1170 prop = of_get_property(np, "channel-fifo-len", NULL);
1171 sc->sc_chfifo_len = prop ? *prop : TALITOS_CHFIFOLEN_SEC_2_0;
1173 prop = of_get_property(np, "exec-units-mask", NULL);
1174 sc->sc_exec_units = prop ? *prop : TALITOS_HAS_EUS_SEC_2_0;
1176 prop = of_get_property(np, "descriptor-types-mask", NULL);
1177 sc->sc_desc_types = prop ? *prop : TALITOS_HAS_DESCTYPES_SEC_2_0;
1179 /* bulk should go away with openfirmware flat device tree support */
1180 if (sc->sc_chiprev & TALITOS_ID_SEC_2_0) {
1181 sc->sc_num_channels = TALITOS_NCHANNELS_SEC_2_0;
1182 sc->sc_chfifo_len = TALITOS_CHFIFOLEN_SEC_2_0;
1183 sc->sc_exec_units = TALITOS_HAS_EUS_SEC_2_0;
1184 sc->sc_desc_types = TALITOS_HAS_DESCTYPES_SEC_2_0;
1186 printk(KERN_ERR "%s: failed to id device\n",
1187 device_get_nameunit(sc->sc_cdev));
1192 /* + 1 is for the meta-channel lock used by the channel scheduler */
1193 sc->sc_chnfifolock = (spinlock_t *) kmalloc(
1194 (sc->sc_num_channels + 1) * sizeof(spinlock_t), GFP_KERNEL);
1195 if (!sc->sc_chnfifolock)
1197 for (i = 0; i < sc->sc_num_channels + 1; i++) {
1198 spin_lock_init(&sc->sc_chnfifolock[i]);
1201 sc->sc_chnlastalg = (int *) kmalloc(
1202 sc->sc_num_channels * sizeof(int), GFP_KERNEL);
1203 if (!sc->sc_chnlastalg)
1205 memset(sc->sc_chnlastalg, 0, sc->sc_num_channels * sizeof(int));
1207 sc->sc_chnfifo = (struct desc_cryptop_pair **) kmalloc(
1208 sc->sc_num_channels * sizeof(struct desc_cryptop_pair *),
1210 if (!sc->sc_chnfifo)
1212 for (i = 0; i < sc->sc_num_channels; i++) {
1213 sc->sc_chnfifo[i] = (struct desc_cryptop_pair *) kmalloc(
1214 sc->sc_chfifo_len * sizeof(struct desc_cryptop_pair),
1216 if (!sc->sc_chnfifo[i])
1218 memset(sc->sc_chnfifo[i], 0,
1219 sc->sc_chfifo_len * sizeof(struct desc_cryptop_pair));
1222 /* reset and initialize the SEC h/w device */
1223 talitos_reset_device(sc);
1224 talitos_init_device(sc);
1226 sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE);
1227 if (sc->sc_cid < 0) {
1228 printk(KERN_ERR "%s: could not get crypto driver id\n",
1229 device_get_nameunit(sc->sc_cdev));
1233 /* register algorithms with the framework */
1234 printk("%s:", device_get_nameunit(sc->sc_cdev));
1236 if (sc->sc_exec_units & TALITOS_HAS_EU_RNG) {
1238 #ifdef CONFIG_OCF_RANDOMHARVEST
1239 talitos_rng_init(sc);
1240 crypto_rregister(sc->sc_cid, talitos_read_random, sc);
1243 if (sc->sc_exec_units & TALITOS_HAS_EU_DEU) {
1244 printk(" des/3des");
1245 crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
1246 crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
1248 if (sc->sc_exec_units & TALITOS_HAS_EU_AESU) {
1250 crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
1252 if (sc->sc_exec_units & TALITOS_HAS_EU_MDEU) {
1254 crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0);
1255 /* HMAC support only with IPsec for now */
1256 crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
1258 crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0);
1259 /* HMAC support only with IPsec for now */
1260 crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
1266 #ifndef CONFIG_PPC_MERGE
1267 talitos_remove(pdev);
1272 #ifdef CONFIG_PPC_MERGE
1273 static int talitos_remove(struct of_device *ofdev)
1275 static int talitos_remove(struct platform_device *pdev)
1278 #ifdef CONFIG_PPC_MERGE
1279 struct talitos_softc *sc = dev_get_drvdata(&ofdev->dev);
1281 struct talitos_softc *sc = platform_get_drvdata(pdev);
1285 DPRINTF("%s()\n", __FUNCTION__);
1286 if (sc->sc_cid >= 0)
1287 crypto_unregister_all(sc->sc_cid);
1288 if (sc->sc_chnfifo) {
1289 for (i = 0; i < sc->sc_num_channels; i++)
1290 if (sc->sc_chnfifo[i])
1291 kfree(sc->sc_chnfifo[i]);
1292 kfree(sc->sc_chnfifo);
1294 if (sc->sc_chnlastalg)
1295 kfree(sc->sc_chnlastalg);
1296 if (sc->sc_chnfifolock)
1297 kfree(sc->sc_chnfifolock);
1298 if (sc->sc_irq != -1)
1299 free_irq(sc->sc_irq, sc);
1300 if (sc->sc_base_addr)
1301 iounmap((void *) sc->sc_base_addr);
1306 #ifdef CONFIG_PPC_MERGE
1307 static struct of_device_id talitos_match[] = {
1310 .compatible = "talitos",
1315 MODULE_DEVICE_TABLE(of, talitos_match);
1317 static struct of_platform_driver talitos_driver = {
1319 .match_table = talitos_match,
1320 .probe = talitos_probe,
1321 .remove = talitos_remove,
1324 static int __init talitos_init(void)
1326 return of_register_platform_driver(&talitos_driver);
1329 static void __exit talitos_exit(void)
1331 of_unregister_platform_driver(&talitos_driver);
1334 /* Structure for a platform device driver */
1335 static struct platform_driver talitos_driver = {
1336 .probe = talitos_probe,
1337 .remove = talitos_remove,
1343 static int __init talitos_init(void)
1345 return platform_driver_register(&talitos_driver);
1348 static void __exit talitos_exit(void)
1350 platform_driver_unregister(&talitos_driver);
1354 module_init(talitos_init);
1355 module_exit(talitos_exit);
1357 MODULE_LICENSE("Dual BSD/GPL");
1358 MODULE_AUTHOR("kim.phillips@freescale.com");
1359 MODULE_DESCRIPTION("OCF driver for Freescale SEC (talitos)");