2 * crypto/ocf/talitos/talitos.c
4 * An OCF-Linux module that uses Freescale's SEC to do the crypto.
5 * Based on crypto/ocf/hifn and crypto/ocf/safe OCF drivers
7 * Copyright (c) 2006 Freescale Semiconductor, Inc.
9 * This code written by Kim A. B. Phillips <kim.phillips@freescale.com>
10 * some code copied from files with the following:
11 * Copyright (C) 2004-2007 David McCullough <david_mccullough@mcafee.com>
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. The name of the author may not be used to endorse or promote products
23 * derived from this software without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 * ---------------------------------------------------------------------------
40 * The Freescale SEC (also known as 'talitos') resides on the
41 * internal bus, and runs asynchronous to the processor core. It has
42 * a wide gamut of cryptographic acceleration features, including single-
43 * pass IPsec (also known as algorithm chaining). To properly utilize
44 * all of the SEC's performance enhancing features, further reworking
45 * of higher level code (framework, applications) will be necessary.
47 * The following table shows which SEC version is present in which devices:
53 * 8555E, 8541E SEC 2.0
57 * The following table shows the features offered by each SEC version:
60 * version Bus I/F Clock nels DEU AESU AFEU MDEU PKEU RNG KEU
62 * SEC 1.0 internal 64b 100MHz 4 1 1 1 1 1 1 0
63 * SEC 1.2 internal 32b 66MHz 1 1 1 0 1 0 0 0
64 * SEC 2.0 internal 64b 166MHz 4 1 1 1 1 1 1 0
65 * SEC 2.01 internal 64b 166MHz 4 1 1 1 1 1 1 0
66 * SEC 2.1 internal 64b 333MHz 4 1 1 1 1 1 1 1
68 * Each execution unit in the SEC has two modes of execution; channel and
69 * slave/debug. This driver employs the channel infrastructure in the
70 * device for convenience. Only the RNG is directly accessed due to the
71 * convenience of its random fifo pool. The relationship between the
72 * channels and execution units is depicted in the following diagram:
74 * ------- ------------
77 * | |------+-------+-------+-------+------------
78 * ------- | | | | | | |
79 * ---| ch1 |---| | | | | | |
80 * ------- | | ------ ------ ------ ------ ------
81 * |controller| |DEU | |AESU| |MDEU| |PKEU| ... |RNG |
82 * ------- | | ------ ------ ------ ------ ------
83 * ---| ch2 |---| | | | | | |
84 * ------- | | | | | | |
85 * | |------+-------+-------+-------+------------
88 * ------- ------------
90 * Channel ch0 may drive an aes operation to the aes unit (AESU),
91 * and, at the same time, ch1 may drive a message digest operation
92 * to the mdeu. Each channel has an input descriptor FIFO, and the
93 * FIFO can contain, e.g. on the 8541E, up to 24 entries, before a
94 * a buffer overrun error is triggered. The controller is responsible
95 * for fetching the data from descriptor pointers, and passing the
96 * data to the appropriate EUs. The controller also writes the
97 * cryptographic operation's result to memory. The SEC notifies
98 * completion by triggering an interrupt and/or setting the 1st byte
99 * of the hdr field to 0xff.
102 * o support more algorithms
103 * o support more versions of the SEC
104 * o add support for linux 2.4
105 * o scatter-gather (sg) support
106 * o add support for public key ops (PKEU)
110 #include <linux/version.h>
111 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
112 #include <generated/autoconf.h>
114 #include <linux/autoconf.h>
116 #include <linux/module.h>
117 #include <linux/init.h>
118 #include <linux/interrupt.h>
119 #include <linux/spinlock.h>
120 #include <linux/random.h>
121 #include <linux/skbuff.h>
122 #include <asm/scatterlist.h>
123 #include <linux/dma-mapping.h> /* dma_map_single() */
124 #include <linux/moduleparam.h>
126 #include <linux/version.h>
127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15)
128 #include <linux/platform_device.h>
131 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
132 #include <linux/of_platform.h>
135 #include <cryptodev.h>
138 #define DRV_NAME "talitos"
140 #include "talitos_dev.h"
141 #include "talitos_soft.h"
143 #define read_random(p,l) get_random_bytes(p,l)
145 const char talitos_driver_name[] = "Talitos OCF";
146 const char talitos_driver_version[] = "0.2";
148 static int talitos_newsession(device_t dev, u_int32_t *sidp,
149 struct cryptoini *cri);
150 static int talitos_freesession(device_t dev, u_int64_t tid);
151 static int talitos_process(device_t dev, struct cryptop *crp, int hint);
152 static void dump_talitos_status(struct talitos_softc *sc);
153 static int talitos_submit(struct talitos_softc *sc, struct talitos_desc *td,
155 static void talitos_doneprocessing(struct talitos_softc *sc);
156 static void talitos_init_device(struct talitos_softc *sc);
157 static void talitos_reset_device_master(struct talitos_softc *sc);
158 static void talitos_reset_device(struct talitos_softc *sc);
159 static void talitos_errorprocessing(struct talitos_softc *sc);
160 #ifdef CONFIG_PPC_MERGE
161 static int talitos_probe(struct of_device *ofdev, const struct of_device_id *match);
162 static int talitos_remove(struct of_device *ofdev);
164 static int talitos_probe(struct platform_device *pdev);
165 static int talitos_remove(struct platform_device *pdev);
167 #ifdef CONFIG_OCF_RANDOMHARVEST
168 static int talitos_read_random(void *arg, u_int32_t *buf, int maxwords);
169 static void talitos_rng_init(struct talitos_softc *sc);
172 static device_method_t talitos_methods = {
173 /* crypto device methods */
174 DEVMETHOD(cryptodev_newsession, talitos_newsession),
175 DEVMETHOD(cryptodev_freesession,talitos_freesession),
176 DEVMETHOD(cryptodev_process, talitos_process),
179 #define debug talitos_debug
180 int talitos_debug = 0;
181 module_param(talitos_debug, int, 0644);
182 MODULE_PARM_DESC(talitos_debug, "Enable debug");
184 static inline void talitos_write(volatile unsigned *addr, u32 val)
189 static inline u32 talitos_read(volatile unsigned *addr)
196 static void dump_talitos_status(struct talitos_softc *sc)
198 unsigned int v, v_hi, i, *ptr;
199 v = talitos_read(sc->sc_base_addr + TALITOS_MCR);
200 v_hi = talitos_read(sc->sc_base_addr + TALITOS_MCR_HI);
201 printk(KERN_INFO "%s: MCR 0x%08x_%08x\n",
202 device_get_nameunit(sc->sc_cdev), v, v_hi);
203 v = talitos_read(sc->sc_base_addr + TALITOS_IMR);
204 v_hi = talitos_read(sc->sc_base_addr + TALITOS_IMR_HI);
205 printk(KERN_INFO "%s: IMR 0x%08x_%08x\n",
206 device_get_nameunit(sc->sc_cdev), v, v_hi);
207 v = talitos_read(sc->sc_base_addr + TALITOS_ISR);
208 v_hi = talitos_read(sc->sc_base_addr + TALITOS_ISR_HI);
209 printk(KERN_INFO "%s: ISR 0x%08x_%08x\n",
210 device_get_nameunit(sc->sc_cdev), v, v_hi);
211 for (i = 0; i < sc->sc_num_channels; i++) {
212 v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
214 v_hi = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
216 printk(KERN_INFO "%s: CDPR ch%d 0x%08x_%08x\n",
217 device_get_nameunit(sc->sc_cdev), i, v, v_hi);
219 for (i = 0; i < sc->sc_num_channels; i++) {
220 v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
222 v_hi = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
223 TALITOS_CH_CCPSR_HI);
224 printk(KERN_INFO "%s: CCPSR ch%d 0x%08x_%08x\n",
225 device_get_nameunit(sc->sc_cdev), i, v, v_hi);
227 ptr = sc->sc_base_addr + TALITOS_CH_DESCBUF;
228 for (i = 0; i < 16; i++) {
229 v = talitos_read(ptr++); v_hi = talitos_read(ptr++);
230 printk(KERN_INFO "%s: DESCBUF ch0 0x%08x_%08x (tdp%02d)\n",
231 device_get_nameunit(sc->sc_cdev), v, v_hi, i);
237 #ifdef CONFIG_OCF_RANDOMHARVEST
239 * pull random numbers off the RNG FIFO, not exceeding amount available
242 talitos_read_random(void *arg, u_int32_t *buf, int maxwords)
244 struct talitos_softc *sc = (struct talitos_softc *) arg;
248 DPRINTF("%s()\n", __FUNCTION__);
250 /* check for things like FIFO underflow */
251 v = talitos_read(sc->sc_base_addr + TALITOS_RNGISR_HI);
253 printk(KERN_ERR "%s: RNGISR_HI error %08x\n",
254 device_get_nameunit(sc->sc_cdev), v);
258 * OFL is number of available 64-bit words,
259 * shift and convert to a 32-bit word count
261 v = talitos_read(sc->sc_base_addr + TALITOS_RNGSR_HI);
262 v = (v & TALITOS_RNGSR_HI_OFL) >> (16 - 1);
265 for (rc = 0; rc < maxwords; rc++) {
266 buf[rc] = talitos_read(sc->sc_base_addr +
267 TALITOS_RNG_FIFO + rc*sizeof(u_int32_t));
271 * RNG will complain with an AE in the RNGISR
272 * if we don't complete the pairs of 32-bit reads
273 * to its 64-bit register based FIFO
275 v = talitos_read(sc->sc_base_addr +
276 TALITOS_RNG_FIFO + rc*sizeof(u_int32_t));
283 talitos_rng_init(struct talitos_softc *sc)
287 DPRINTF("%s()\n", __FUNCTION__);
289 v = talitos_read(sc->sc_base_addr + TALITOS_RNGRCR_HI);
290 v |= TALITOS_RNGRCR_HI_SR;
291 talitos_write(sc->sc_base_addr + TALITOS_RNGRCR_HI, v);
292 while ((talitos_read(sc->sc_base_addr + TALITOS_RNGSR_HI)
293 & TALITOS_RNGSR_HI_RD) == 0)
296 * we tell the RNG to start filling the RNG FIFO
297 * by writing the RNGDSR
299 v = talitos_read(sc->sc_base_addr + TALITOS_RNGDSR_HI);
300 talitos_write(sc->sc_base_addr + TALITOS_RNGDSR_HI, v);
302 * 64 bits of data will be pushed onto the FIFO every
303 * 256 SEC cycles until the FIFO is full. The RNG then
304 * attempts to keep the FIFO full.
306 v = talitos_read(sc->sc_base_addr + TALITOS_RNGISR_HI);
308 printk(KERN_ERR "%s: RNGISR_HI error %08x\n",
309 device_get_nameunit(sc->sc_cdev), v);
313 * n.b. we need to add a FIPS test here - if the RNG is going
314 * to fail, it's going to fail at reset time
318 #endif /* CONFIG_OCF_RANDOMHARVEST */
321 * Generate a new software session.
324 talitos_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
326 struct cryptoini *c, *encini = NULL, *macini = NULL;
327 struct talitos_softc *sc = device_get_softc(dev);
328 struct talitos_session *ses = NULL;
331 DPRINTF("%s()\n", __FUNCTION__);
332 if (sidp == NULL || cri == NULL || sc == NULL) {
333 DPRINTF("%s,%d - EINVAL\n", __FILE__, __LINE__);
336 for (c = cri; c != NULL; c = c->cri_next) {
337 if (c->cri_alg == CRYPTO_MD5 ||
338 c->cri_alg == CRYPTO_MD5_HMAC ||
339 c->cri_alg == CRYPTO_SHA1 ||
340 c->cri_alg == CRYPTO_SHA1_HMAC ||
341 c->cri_alg == CRYPTO_NULL_HMAC) {
345 } else if (c->cri_alg == CRYPTO_DES_CBC ||
346 c->cri_alg == CRYPTO_3DES_CBC ||
347 c->cri_alg == CRYPTO_AES_CBC ||
348 c->cri_alg == CRYPTO_NULL_CBC) {
353 DPRINTF("UNKNOWN c->cri_alg %d\n", encini->cri_alg);
357 if (encini == NULL && macini == NULL)
360 /* validate key length */
361 switch (encini->cri_alg) {
363 if (encini->cri_klen != 64)
366 case CRYPTO_3DES_CBC:
367 if (encini->cri_klen != 192) {
372 if (encini->cri_klen != 128 &&
373 encini->cri_klen != 192 &&
374 encini->cri_klen != 256)
378 DPRINTF("UNKNOWN encini->cri_alg %d\n",
384 if (sc->sc_sessions == NULL) {
385 ses = sc->sc_sessions = (struct talitos_session *)
386 kmalloc(sizeof(struct talitos_session), SLAB_ATOMIC);
389 memset(ses, 0, sizeof(struct talitos_session));
391 sc->sc_nsessions = 1;
393 for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
394 if (sc->sc_sessions[sesn].ses_used == 0) {
395 ses = &sc->sc_sessions[sesn];
401 /* allocating session */
402 sesn = sc->sc_nsessions;
403 ses = (struct talitos_session *) kmalloc(
404 (sesn + 1) * sizeof(struct talitos_session),
409 (sesn + 1) * sizeof(struct talitos_session));
410 memcpy(ses, sc->sc_sessions,
411 sesn * sizeof(struct talitos_session));
412 memset(sc->sc_sessions, 0,
413 sesn * sizeof(struct talitos_session));
414 kfree(sc->sc_sessions);
415 sc->sc_sessions = ses;
416 ses = &sc->sc_sessions[sesn];
425 /* XXX may read fewer than requested */
426 read_random(ses->ses_iv, sizeof(ses->ses_iv));
428 ses->ses_klen = (encini->cri_klen + 7) / 8;
429 memcpy(ses->ses_key, encini->cri_key, ses->ses_klen);
431 /* doing hash on top of cipher */
432 ses->ses_hmac_len = (macini->cri_klen + 7) / 8;
433 memcpy(ses->ses_hmac, macini->cri_key,
438 ses->ses_klen = (macini->cri_klen + 7) / 8;
439 memcpy(ses->ses_key, macini->cri_key, ses->ses_klen);
442 /* back compat way of determining MSC result len */
444 ses->ses_mlen = macini->cri_mlen;
445 if (ses->ses_mlen == 0) {
446 if (macini->cri_alg == CRYPTO_MD5_HMAC)
447 ses->ses_mlen = MD5_HASH_LEN;
449 ses->ses_mlen = SHA1_HASH_LEN;
453 /* really should make up a template td here,
454 * and only fill things like i/o and direction in process() */
456 /* assign session ID */
457 *sidp = TALITOS_SID(sc->sc_num, sesn);
462 * Deallocate a session.
465 talitos_freesession(device_t dev, u_int64_t tid)
467 struct talitos_softc *sc = device_get_softc(dev);
469 u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
473 session = TALITOS_SESSION(sid);
474 if (session < sc->sc_nsessions) {
475 memset(&sc->sc_sessions[session], 0,
476 sizeof(sc->sc_sessions[session]));
484 * launch device processing - it will come back with done notification
485 * in the form of an interrupt and/or HDR_DONE_BITS in header
489 struct talitos_softc *sc,
490 struct talitos_desc *td,
495 v = dma_map_single(NULL, td, sizeof(*td), DMA_TO_DEVICE);
496 talitos_write(sc->sc_base_addr +
497 chsel*TALITOS_CH_OFFSET + TALITOS_CH_FF, 0);
498 talitos_write(sc->sc_base_addr +
499 chsel*TALITOS_CH_OFFSET + TALITOS_CH_FF_HI, v);
504 talitos_process(device_t dev, struct cryptop *crp, int hint)
506 int i, err = 0, ivsize;
507 struct talitos_softc *sc = device_get_softc(dev);
508 struct cryptodesc *crd1, *crd2, *maccrd, *enccrd;
510 struct talitos_session *ses;
511 struct talitos_desc *td;
513 /* descriptor mappings */
514 int hmac_key, hmac_data, cipher_iv, cipher_key,
515 in_fifo, out_fifo, cipher_iv_out;
516 static int chsel = -1;
518 DPRINTF("%s()\n", __FUNCTION__);
520 if (crp == NULL || crp->crp_callback == NULL || sc == NULL) {
524 if (TALITOS_SESSION(crp->crp_sid) >= sc->sc_nsessions) {
528 ses = &sc->sc_sessions[TALITOS_SESSION(crp->crp_sid)];
530 /* enter the channel scheduler */
531 spin_lock_irqsave(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
533 /* reuse channel that already had/has requests for the required EU */
534 for (i = 0; i < sc->sc_num_channels; i++) {
535 if (sc->sc_chnlastalg[i] == crp->crp_desc->crd_alg)
538 if (i == sc->sc_num_channels) {
540 * haven't seen this algo the last sc_num_channels or more
541 * use round robin in this case
542 * nb: sc->sc_num_channels must be power of 2
544 chsel = (chsel + 1) & (sc->sc_num_channels - 1);
547 * matches channel with same target execution unit;
548 * use same channel in this case
552 sc->sc_chnlastalg[chsel] = crp->crp_desc->crd_alg;
554 /* release the channel scheduler lock */
555 spin_unlock_irqrestore(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
557 /* acquire the selected channel fifo lock */
558 spin_lock_irqsave(&sc->sc_chnfifolock[chsel], flags);
560 /* find and reserve next available descriptor-cryptop pair */
561 for (i = 0; i < sc->sc_chfifo_len; i++) {
562 if (sc->sc_chnfifo[chsel][i].cf_desc.hdr == 0) {
564 * ensure correct descriptor formation by
565 * avoiding inadvertently setting "optional" entries
566 * e.g. not using "optional" dptr2 for MD/HMAC descs
568 memset(&sc->sc_chnfifo[chsel][i].cf_desc,
570 /* reserve it with done notification request bit */
571 sc->sc_chnfifo[chsel][i].cf_desc.hdr |=
576 spin_unlock_irqrestore(&sc->sc_chnfifolock[chsel], flags);
578 if (i == sc->sc_chfifo_len) {
584 td = &sc->sc_chnfifo[chsel][i].cf_desc;
585 sc->sc_chnfifo[chsel][i].cf_crp = crp;
587 crd1 = crp->crp_desc;
592 crd2 = crd1->crd_next;
593 /* prevent compiler warning */
597 td->hdr |= TD_TYPE_COMMON_NONSNOOP_NO_AFEU;
598 /* assign descriptor dword ptr mappings for this desc. type */
603 if (crd1->crd_alg == CRYPTO_MD5_HMAC ||
604 crd1->crd_alg == CRYPTO_SHA1_HMAC ||
605 crd1->crd_alg == CRYPTO_SHA1 ||
606 crd1->crd_alg == CRYPTO_MD5) {
610 } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
611 crd1->crd_alg == CRYPTO_3DES_CBC ||
612 crd1->crd_alg == CRYPTO_AES_CBC ||
613 crd1->crd_alg == CRYPTO_ARC4) {
618 DPRINTF("UNKNOWN crd1->crd_alg %d\n", crd1->crd_alg);
623 if (sc->sc_desc_types & TALITOS_HAS_DT_IPSEC_ESP) {
624 td->hdr |= TD_TYPE_IPSEC_ESP;
626 DPRINTF("unimplemented: multiple descriptor ipsec\n");
630 /* assign descriptor dword ptr mappings for this desc. type */
638 if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
639 crd1->crd_alg == CRYPTO_SHA1_HMAC ||
640 crd1->crd_alg == CRYPTO_MD5 ||
641 crd1->crd_alg == CRYPTO_SHA1) &&
642 (crd2->crd_alg == CRYPTO_DES_CBC ||
643 crd2->crd_alg == CRYPTO_3DES_CBC ||
644 crd2->crd_alg == CRYPTO_AES_CBC ||
645 crd2->crd_alg == CRYPTO_ARC4) &&
646 ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
649 } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
650 crd1->crd_alg == CRYPTO_ARC4 ||
651 crd1->crd_alg == CRYPTO_3DES_CBC ||
652 crd1->crd_alg == CRYPTO_AES_CBC) &&
653 (crd2->crd_alg == CRYPTO_MD5_HMAC ||
654 crd2->crd_alg == CRYPTO_SHA1_HMAC ||
655 crd2->crd_alg == CRYPTO_MD5 ||
656 crd2->crd_alg == CRYPTO_SHA1) &&
657 (crd1->crd_flags & CRD_F_ENCRYPT)) {
661 /* We cannot order the SEC as requested */
662 printk("%s: cannot do the order\n",
663 device_get_nameunit(sc->sc_cdev));
668 /* assign in_fifo and out_fifo based on input/output struct type */
669 if (crp->crp_flags & CRYPTO_F_SKBUF) {
670 /* using SKB buffers */
671 struct sk_buff *skb = (struct sk_buff *)crp->crp_buf;
672 if (skb_shinfo(skb)->nr_frags) {
673 printk("%s: skb frags unimplemented\n",
674 device_get_nameunit(sc->sc_cdev));
678 td->ptr[in_fifo].ptr = dma_map_single(NULL, skb->data,
679 skb->len, DMA_TO_DEVICE);
680 td->ptr[in_fifo].len = skb->len;
681 td->ptr[out_fifo].ptr = dma_map_single(NULL, skb->data,
682 skb->len, DMA_TO_DEVICE);
683 td->ptr[out_fifo].len = skb->len;
684 td->ptr[hmac_data].ptr = dma_map_single(NULL, skb->data,
685 skb->len, DMA_TO_DEVICE);
686 } else if (crp->crp_flags & CRYPTO_F_IOV) {
687 /* using IOV buffers */
688 struct uio *uiop = (struct uio *)crp->crp_buf;
689 if (uiop->uio_iovcnt > 1) {
690 printk("%s: iov frags unimplemented\n",
691 device_get_nameunit(sc->sc_cdev));
695 td->ptr[in_fifo].ptr = dma_map_single(NULL,
696 uiop->uio_iov->iov_base, crp->crp_ilen, DMA_TO_DEVICE);
697 td->ptr[in_fifo].len = crp->crp_ilen;
698 /* crp_olen is never set; always use crp_ilen */
699 td->ptr[out_fifo].ptr = dma_map_single(NULL,
700 uiop->uio_iov->iov_base,
701 crp->crp_ilen, DMA_TO_DEVICE);
702 td->ptr[out_fifo].len = crp->crp_ilen;
704 /* using contig buffers */
705 td->ptr[in_fifo].ptr = dma_map_single(NULL,
706 crp->crp_buf, crp->crp_ilen, DMA_TO_DEVICE);
707 td->ptr[in_fifo].len = crp->crp_ilen;
708 td->ptr[out_fifo].ptr = dma_map_single(NULL,
709 crp->crp_buf, crp->crp_ilen, DMA_TO_DEVICE);
710 td->ptr[out_fifo].len = crp->crp_ilen;
713 switch (enccrd->crd_alg) {
714 case CRYPTO_3DES_CBC:
715 td->hdr |= TALITOS_MODE0_DEU_3DES;
718 td->hdr |= TALITOS_SEL0_DEU
719 | TALITOS_MODE0_DEU_CBC;
720 if (enccrd->crd_flags & CRD_F_ENCRYPT)
721 td->hdr |= TALITOS_MODE0_DEU_ENC;
722 ivsize = 2*sizeof(u_int32_t);
723 DPRINTF("%cDES ses %d ch %d len %d\n",
724 (td->hdr & TALITOS_MODE0_DEU_3DES)?'3':'1',
725 (u32)TALITOS_SESSION(crp->crp_sid),
726 chsel, td->ptr[in_fifo].len);
729 td->hdr |= TALITOS_SEL0_AESU
730 | TALITOS_MODE0_AESU_CBC;
731 if (enccrd->crd_flags & CRD_F_ENCRYPT)
732 td->hdr |= TALITOS_MODE0_AESU_ENC;
733 ivsize = 4*sizeof(u_int32_t);
734 DPRINTF("AES ses %d ch %d len %d\n",
735 (u32)TALITOS_SESSION(crp->crp_sid),
736 chsel, td->ptr[in_fifo].len);
739 printk("%s: unimplemented enccrd->crd_alg %d\n",
740 device_get_nameunit(sc->sc_cdev), enccrd->crd_alg);
745 * Setup encrypt/decrypt state. When using basic ops
746 * we can't use an inline IV because hash/crypt offset
747 * must be from the end of the IV to the start of the
748 * crypt data and this leaves out the preceding header
749 * from the hash calculation. Instead we place the IV
750 * in the state record and set the hash/crypt offset to
751 * copy both the header+IV.
753 if (enccrd->crd_flags & CRD_F_ENCRYPT) {
754 td->hdr |= TALITOS_DIR_OUTBOUND;
755 if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
758 iv = (caddr_t) ses->ses_iv;
759 if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
760 crypto_copyback(crp->crp_flags, crp->crp_buf,
761 enccrd->crd_inject, ivsize, iv);
764 td->hdr |= TALITOS_DIR_INBOUND;
765 if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
767 bcopy(enccrd->crd_iv, iv, ivsize);
769 iv = (caddr_t) ses->ses_iv;
770 crypto_copydata(crp->crp_flags, crp->crp_buf,
771 enccrd->crd_inject, ivsize, iv);
774 td->ptr[cipher_iv].ptr = dma_map_single(NULL, iv, ivsize,
776 td->ptr[cipher_iv].len = ivsize;
778 * we don't need the cipher iv out length/pointer
779 * field to do ESP IPsec. Therefore we set the len field as 0,
780 * which tells the SEC not to do anything with this len/ptr
781 * field. Previously, when length/pointer as pointing to iv,
782 * it gave us corruption of packets.
784 td->ptr[cipher_iv_out].len = 0;
786 if (enccrd && maccrd) {
787 /* this is ipsec only for now */
788 td->hdr |= TALITOS_SEL1_MDEU
789 | TALITOS_MODE1_MDEU_INIT
790 | TALITOS_MODE1_MDEU_PAD;
791 switch (maccrd->crd_alg) {
793 td->hdr |= TALITOS_MODE1_MDEU_MD5;
795 case CRYPTO_MD5_HMAC:
796 td->hdr |= TALITOS_MODE1_MDEU_MD5_HMAC;
799 td->hdr |= TALITOS_MODE1_MDEU_SHA1;
801 case CRYPTO_SHA1_HMAC:
802 td->hdr |= TALITOS_MODE1_MDEU_SHA1_HMAC;
805 /* We cannot order the SEC as requested */
806 printk("%s: cannot do the order\n",
807 device_get_nameunit(sc->sc_cdev));
811 if ((maccrd->crd_alg == CRYPTO_MD5_HMAC) ||
812 (maccrd->crd_alg == CRYPTO_SHA1_HMAC)) {
814 * The offset from hash data to the start of
815 * crypt data is the difference in the skips.
817 /* ipsec only for now */
818 td->ptr[hmac_key].ptr = dma_map_single(NULL,
819 ses->ses_hmac, ses->ses_hmac_len, DMA_TO_DEVICE);
820 td->ptr[hmac_key].len = ses->ses_hmac_len;
821 td->ptr[in_fifo].ptr += enccrd->crd_skip;
822 td->ptr[in_fifo].len = enccrd->crd_len;
823 td->ptr[out_fifo].ptr += enccrd->crd_skip;
824 td->ptr[out_fifo].len = enccrd->crd_len;
825 /* bytes of HMAC to postpend to ciphertext */
826 td->ptr[out_fifo].extent = ses->ses_mlen;
827 td->ptr[hmac_data].ptr += maccrd->crd_skip;
828 td->ptr[hmac_data].len = enccrd->crd_skip - maccrd->crd_skip;
830 if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) {
831 printk("%s: CRD_F_KEY_EXPLICIT unimplemented\n",
832 device_get_nameunit(sc->sc_cdev));
835 if (!enccrd && maccrd) {
836 /* single MD5 or SHA */
837 td->hdr |= TALITOS_SEL0_MDEU
838 | TALITOS_MODE0_MDEU_INIT
839 | TALITOS_MODE0_MDEU_PAD;
840 switch (maccrd->crd_alg) {
842 td->hdr |= TALITOS_MODE0_MDEU_MD5;
843 DPRINTF("MD5 ses %d ch %d len %d\n",
844 (u32)TALITOS_SESSION(crp->crp_sid),
845 chsel, td->ptr[in_fifo].len);
847 case CRYPTO_MD5_HMAC:
848 td->hdr |= TALITOS_MODE0_MDEU_MD5_HMAC;
851 td->hdr |= TALITOS_MODE0_MDEU_SHA1;
852 DPRINTF("SHA1 ses %d ch %d len %d\n",
853 (u32)TALITOS_SESSION(crp->crp_sid),
854 chsel, td->ptr[in_fifo].len);
856 case CRYPTO_SHA1_HMAC:
857 td->hdr |= TALITOS_MODE0_MDEU_SHA1_HMAC;
860 /* We cannot order the SEC as requested */
861 DPRINTF("cannot do the order\n");
866 if (crp->crp_flags & CRYPTO_F_IOV)
867 td->ptr[out_fifo].ptr += maccrd->crd_inject;
869 if ((maccrd->crd_alg == CRYPTO_MD5_HMAC) ||
870 (maccrd->crd_alg == CRYPTO_SHA1_HMAC)) {
871 td->ptr[hmac_key].ptr = dma_map_single(NULL,
872 ses->ses_hmac, ses->ses_hmac_len,
874 td->ptr[hmac_key].len = ses->ses_hmac_len;
878 /* using process key (session data has duplicate) */
879 td->ptr[cipher_key].ptr = dma_map_single(NULL,
880 enccrd->crd_key, (enccrd->crd_klen + 7) / 8,
882 td->ptr[cipher_key].len = (enccrd->crd_klen + 7) / 8;
884 /* descriptor complete - GO! */
885 return talitos_submit(sc, td, chsel);
888 if (err != ERESTART) {
889 crp->crp_etype = err;
895 /* go through all channels descriptors, notifying OCF what has
896 * _and_hasn't_ successfully completed and reset the device
897 * (otherwise it's up to decoding desc hdrs!)
899 static void talitos_errorprocessing(struct talitos_softc *sc)
904 /* disable further scheduling until under control */
905 spin_lock_irqsave(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
907 if (debug) dump_talitos_status(sc);
908 /* go through descriptors, try and salvage those successfully done,
909 * and EIO those that weren't
911 for (i = 0; i < sc->sc_num_channels; i++) {
912 spin_lock_irqsave(&sc->sc_chnfifolock[i], flags);
913 for (j = 0; j < sc->sc_chfifo_len; j++) {
914 if (sc->sc_chnfifo[i][j].cf_desc.hdr) {
915 if ((sc->sc_chnfifo[i][j].cf_desc.hdr
916 & TALITOS_HDR_DONE_BITS)
917 != TALITOS_HDR_DONE_BITS) {
918 /* this one didn't finish */
919 /* signify in crp->etype */
920 sc->sc_chnfifo[i][j].cf_crp->crp_etype
924 continue; /* free entry */
925 /* either way, notify ocf */
926 crypto_done(sc->sc_chnfifo[i][j].cf_crp);
927 /* and tag it available again
929 * memset to ensure correct descriptor formation by
930 * avoiding inadvertently setting "optional" entries
931 * e.g. not using "optional" dptr2 MD/HMAC processing
933 memset(&sc->sc_chnfifo[i][j].cf_desc,
934 0, sizeof(struct talitos_desc));
936 spin_unlock_irqrestore(&sc->sc_chnfifolock[i], flags);
938 /* reset and initialize the SEC h/w device */
939 talitos_reset_device(sc);
940 talitos_init_device(sc);
941 #ifdef CONFIG_OCF_RANDOMHARVEST
942 if (sc->sc_exec_units & TALITOS_HAS_EU_RNG)
943 talitos_rng_init(sc);
946 /* Okay. Stand by. */
947 spin_unlock_irqrestore(&sc->sc_chnfifolock[sc->sc_num_channels], flags);
952 /* go through all channels descriptors, notifying OCF what's been done */
953 static void talitos_doneprocessing(struct talitos_softc *sc)
958 /* go through descriptors looking for done bits */
959 for (i = 0; i < sc->sc_num_channels; i++) {
960 spin_lock_irqsave(&sc->sc_chnfifolock[i], flags);
961 for (j = 0; j < sc->sc_chfifo_len; j++) {
962 /* descriptor has done bits set? */
963 if ((sc->sc_chnfifo[i][j].cf_desc.hdr
964 & TALITOS_HDR_DONE_BITS)
965 == TALITOS_HDR_DONE_BITS) {
967 crypto_done(sc->sc_chnfifo[i][j].cf_crp);
968 /* and tag it available again
970 * memset to ensure correct descriptor formation by
971 * avoiding inadvertently setting "optional" entries
972 * e.g. not using "optional" dptr2 MD/HMAC processing
974 memset(&sc->sc_chnfifo[i][j].cf_desc,
975 0, sizeof(struct talitos_desc));
978 spin_unlock_irqrestore(&sc->sc_chnfifolock[i], flags);
984 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
985 talitos_intr(int irq, void *arg)
987 talitos_intr(int irq, void *arg, struct pt_regs *regs)
990 struct talitos_softc *sc = arg;
994 v = talitos_read(sc->sc_base_addr + TALITOS_ISR);
995 v_hi = talitos_read(sc->sc_base_addr + TALITOS_ISR_HI);
996 talitos_write(sc->sc_base_addr + TALITOS_ICR, v);
997 talitos_write(sc->sc_base_addr + TALITOS_ICR_HI, v_hi);
999 if (unlikely(v & TALITOS_ISR_ERROR)) {
1000 /* Okay, Houston, we've had a problem here. */
1001 printk(KERN_DEBUG "%s: got error interrupt - ISR 0x%08x_%08x\n",
1002 device_get_nameunit(sc->sc_cdev), v, v_hi);
1003 talitos_errorprocessing(sc);
1005 if (likely(v & TALITOS_ISR_DONE)) {
1006 talitos_doneprocessing(sc);
1012 * Initialize registers we need to touch only once.
1015 talitos_init_device(struct talitos_softc *sc)
1020 DPRINTF("%s()\n", __FUNCTION__);
1022 /* init all channels */
1023 for (i = 0; i < sc->sc_num_channels; i++) {
1024 v = talitos_read(sc->sc_base_addr +
1025 i*TALITOS_CH_OFFSET + TALITOS_CH_CCCR_HI);
1026 v |= TALITOS_CH_CCCR_HI_CDWE
1027 | TALITOS_CH_CCCR_HI_CDIE; /* invoke interrupt if done */
1028 talitos_write(sc->sc_base_addr +
1029 i*TALITOS_CH_OFFSET + TALITOS_CH_CCCR_HI, v);
1031 /* enable all interrupts */
1032 v = talitos_read(sc->sc_base_addr + TALITOS_IMR);
1033 v |= TALITOS_IMR_ALL;
1034 talitos_write(sc->sc_base_addr + TALITOS_IMR, v);
1035 v = talitos_read(sc->sc_base_addr + TALITOS_IMR_HI);
1036 v |= TALITOS_IMR_HI_ERRONLY;
1037 talitos_write(sc->sc_base_addr + TALITOS_IMR_HI, v);
1042 * set the master reset bit on the device.
1045 talitos_reset_device_master(struct talitos_softc *sc)
1049 /* Reset the device by writing 1 to MCR:SWR and waiting 'til cleared */
1050 v = talitos_read(sc->sc_base_addr + TALITOS_MCR);
1051 talitos_write(sc->sc_base_addr + TALITOS_MCR, v | TALITOS_MCR_SWR);
1053 while (talitos_read(sc->sc_base_addr + TALITOS_MCR) & TALITOS_MCR_SWR)
1060 * Resets the device. Values in the registers are left as is
1061 * from the reset (i.e. initial values are assigned elsewhere).
1064 talitos_reset_device(struct talitos_softc *sc)
1069 DPRINTF("%s()\n", __FUNCTION__);
1073 * errata documentation: warning: certain SEC interrupts
1074 * are not fully cleared by writing the MCR:SWR bit,
1075 * set bit twice to completely reset
1077 talitos_reset_device_master(sc); /* once */
1078 talitos_reset_device_master(sc); /* and once again */
1080 /* reset all channels */
1081 for (i = 0; i < sc->sc_num_channels; i++) {
1082 v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
1084 talitos_write(sc->sc_base_addr + i*TALITOS_CH_OFFSET +
1085 TALITOS_CH_CCCR, v | TALITOS_CH_CCCR_RESET);
1089 /* Set up the crypto device structure, private data,
1090 * and anything else we need before we start */
1091 #ifdef CONFIG_PPC_MERGE
1092 static int talitos_probe(struct of_device *ofdev, const struct of_device_id *match)
1094 static int talitos_probe(struct platform_device *pdev)
1097 struct talitos_softc *sc = NULL;
1099 #ifdef CONFIG_PPC_MERGE
1100 struct device *device = &ofdev->dev;
1101 struct device_node *np = ofdev->node;
1102 const unsigned int *prop;
1104 struct resource res;
1106 static int num_chips = 0;
1110 DPRINTF("%s()\n", __FUNCTION__);
1112 sc = (struct talitos_softc *) kmalloc(sizeof(*sc), GFP_KERNEL);
1115 memset(sc, 0, sizeof(*sc));
1117 softc_device_init(sc, DRV_NAME, num_chips, talitos_methods);
1121 #ifndef CONFIG_PPC_MERGE
1124 sc->sc_num = num_chips++;
1126 #ifdef CONFIG_PPC_MERGE
1127 dev_set_drvdata(device, sc);
1129 platform_set_drvdata(sc->sc_dev, sc);
1132 /* get the irq line */
1133 #ifdef CONFIG_PPC_MERGE
1134 err = of_address_to_resource(np, 0, &res);
1139 sc->sc_irq = irq_of_parse_and_map(np, 0);
1141 /* get a pointer to the register memory */
1142 r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
1144 sc->sc_irq = platform_get_irq(pdev, 0);
1146 rc = request_irq(sc->sc_irq, talitos_intr, 0,
1147 device_get_nameunit(sc->sc_cdev), sc);
1149 printk(KERN_ERR "%s: failed to hook irq %d\n",
1150 device_get_nameunit(sc->sc_cdev), sc->sc_irq);
1155 sc->sc_base_addr = (ocf_iomem_t) ioremap(r->start, (r->end - r->start));
1156 if (!sc->sc_base_addr) {
1157 printk(KERN_ERR "%s: failed to ioremap\n",
1158 device_get_nameunit(sc->sc_cdev));
1162 /* figure out our SEC's properties and capabilities */
1163 sc->sc_chiprev = (u64)talitos_read(sc->sc_base_addr + TALITOS_ID) << 32
1164 | talitos_read(sc->sc_base_addr + TALITOS_ID_HI);
1165 DPRINTF("sec id 0x%llx\n", sc->sc_chiprev);
1167 #ifdef CONFIG_PPC_MERGE
1168 /* get SEC properties from device tree, defaulting to SEC 2.0 */
1170 prop = of_get_property(np, "num-channels", NULL);
1171 sc->sc_num_channels = prop ? *prop : TALITOS_NCHANNELS_SEC_2_0;
1173 prop = of_get_property(np, "channel-fifo-len", NULL);
1174 sc->sc_chfifo_len = prop ? *prop : TALITOS_CHFIFOLEN_SEC_2_0;
1176 prop = of_get_property(np, "exec-units-mask", NULL);
1177 sc->sc_exec_units = prop ? *prop : TALITOS_HAS_EUS_SEC_2_0;
1179 prop = of_get_property(np, "descriptor-types-mask", NULL);
1180 sc->sc_desc_types = prop ? *prop : TALITOS_HAS_DESCTYPES_SEC_2_0;
1182 /* bulk should go away with openfirmware flat device tree support */
1183 if (sc->sc_chiprev & TALITOS_ID_SEC_2_0) {
1184 sc->sc_num_channels = TALITOS_NCHANNELS_SEC_2_0;
1185 sc->sc_chfifo_len = TALITOS_CHFIFOLEN_SEC_2_0;
1186 sc->sc_exec_units = TALITOS_HAS_EUS_SEC_2_0;
1187 sc->sc_desc_types = TALITOS_HAS_DESCTYPES_SEC_2_0;
1189 printk(KERN_ERR "%s: failed to id device\n",
1190 device_get_nameunit(sc->sc_cdev));
1195 /* + 1 is for the meta-channel lock used by the channel scheduler */
1196 sc->sc_chnfifolock = (spinlock_t *) kmalloc(
1197 (sc->sc_num_channels + 1) * sizeof(spinlock_t), GFP_KERNEL);
1198 if (!sc->sc_chnfifolock)
1200 for (i = 0; i < sc->sc_num_channels + 1; i++) {
1201 spin_lock_init(&sc->sc_chnfifolock[i]);
1204 sc->sc_chnlastalg = (int *) kmalloc(
1205 sc->sc_num_channels * sizeof(int), GFP_KERNEL);
1206 if (!sc->sc_chnlastalg)
1208 memset(sc->sc_chnlastalg, 0, sc->sc_num_channels * sizeof(int));
1210 sc->sc_chnfifo = (struct desc_cryptop_pair **) kmalloc(
1211 sc->sc_num_channels * sizeof(struct desc_cryptop_pair *),
1213 if (!sc->sc_chnfifo)
1215 for (i = 0; i < sc->sc_num_channels; i++) {
1216 sc->sc_chnfifo[i] = (struct desc_cryptop_pair *) kmalloc(
1217 sc->sc_chfifo_len * sizeof(struct desc_cryptop_pair),
1219 if (!sc->sc_chnfifo[i])
1221 memset(sc->sc_chnfifo[i], 0,
1222 sc->sc_chfifo_len * sizeof(struct desc_cryptop_pair));
1225 /* reset and initialize the SEC h/w device */
1226 talitos_reset_device(sc);
1227 talitos_init_device(sc);
1229 sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE);
1230 if (sc->sc_cid < 0) {
1231 printk(KERN_ERR "%s: could not get crypto driver id\n",
1232 device_get_nameunit(sc->sc_cdev));
1236 /* register algorithms with the framework */
1237 printk("%s:", device_get_nameunit(sc->sc_cdev));
1239 if (sc->sc_exec_units & TALITOS_HAS_EU_RNG) {
1241 #ifdef CONFIG_OCF_RANDOMHARVEST
1242 talitos_rng_init(sc);
1243 crypto_rregister(sc->sc_cid, talitos_read_random, sc);
1246 if (sc->sc_exec_units & TALITOS_HAS_EU_DEU) {
1247 printk(" des/3des");
1248 crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0);
1249 crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0);
1251 if (sc->sc_exec_units & TALITOS_HAS_EU_AESU) {
1253 crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0);
1255 if (sc->sc_exec_units & TALITOS_HAS_EU_MDEU) {
1257 crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0);
1258 /* HMAC support only with IPsec for now */
1259 crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0);
1261 crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0);
1262 /* HMAC support only with IPsec for now */
1263 crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0);
1269 #ifndef CONFIG_PPC_MERGE
1270 talitos_remove(pdev);
1275 #ifdef CONFIG_PPC_MERGE
1276 static int talitos_remove(struct of_device *ofdev)
1278 static int talitos_remove(struct platform_device *pdev)
1281 #ifdef CONFIG_PPC_MERGE
1282 struct talitos_softc *sc = dev_get_drvdata(&ofdev->dev);
1284 struct talitos_softc *sc = platform_get_drvdata(pdev);
1288 DPRINTF("%s()\n", __FUNCTION__);
1289 if (sc->sc_cid >= 0)
1290 crypto_unregister_all(sc->sc_cid);
1291 if (sc->sc_chnfifo) {
1292 for (i = 0; i < sc->sc_num_channels; i++)
1293 if (sc->sc_chnfifo[i])
1294 kfree(sc->sc_chnfifo[i]);
1295 kfree(sc->sc_chnfifo);
1297 if (sc->sc_chnlastalg)
1298 kfree(sc->sc_chnlastalg);
1299 if (sc->sc_chnfifolock)
1300 kfree(sc->sc_chnfifolock);
1301 if (sc->sc_irq != -1)
1302 free_irq(sc->sc_irq, sc);
1303 if (sc->sc_base_addr)
1304 iounmap((void *) sc->sc_base_addr);
1309 #ifdef CONFIG_PPC_MERGE
1310 static struct of_device_id talitos_match[] = {
1313 .compatible = "talitos",
1318 MODULE_DEVICE_TABLE(of, talitos_match);
1320 static struct of_platform_driver talitos_driver = {
1322 .match_table = talitos_match,
1323 .probe = talitos_probe,
1324 .remove = talitos_remove,
1327 static int __init talitos_init(void)
1329 return of_register_platform_driver(&talitos_driver);
1332 static void __exit talitos_exit(void)
1334 of_unregister_platform_driver(&talitos_driver);
1337 /* Structure for a platform device driver */
1338 static struct platform_driver talitos_driver = {
1339 .probe = talitos_probe,
1340 .remove = talitos_remove,
1346 static int __init talitos_init(void)
1348 return platform_driver_register(&talitos_driver);
1351 static void __exit talitos_exit(void)
1353 platform_driver_unregister(&talitos_driver);
1357 module_init(talitos_init);
1358 module_exit(talitos_exit);
1360 MODULE_LICENSE("Dual BSD/GPL");
1361 MODULE_AUTHOR("kim.phillips@freescale.com");
1362 MODULE_DESCRIPTION("OCF driver for Freescale SEC (talitos)");