1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#include <crypto/internal/hash.h>
23#include <crypto/hash.h>
24#include <crypto/aes.h>
25#include <crypto/sha.h>
26#include <crypto/algapi.h>
27#include <crypto/scatterwalk.h>
28#include <linux/module.h>
29#include <linux/moduleparam.h>
30#include <linux/types.h>
31#include <linux/mm.h>
32#include <linux/crypto.h>
33#include <linux/scatterlist.h>
34#include <linux/device.h>
35#include <linux/of.h>
36#include <asm/hvcall.h>
37#include <asm/vio.h>
38
39#include "nx_csbcpb.h"
40#include "nx.h"
41
42
43
44
45
46
47
48
49
50
51
52
53int nx_hcall_sync(struct nx_crypto_ctx *nx_ctx,
54 struct vio_pfo_op *op,
55 u32 may_sleep)
56{
57 int rc, retries = 10;
58 struct vio_dev *viodev = nx_driver.viodev;
59
60 atomic_inc(&(nx_ctx->stats->sync_ops));
61
62 do {
63 rc = vio_h_cop_sync(viodev, op);
64 } while (rc == -EBUSY && !may_sleep && retries--);
65
66 if (rc) {
67 dev_dbg(&viodev->dev, "vio_h_cop_sync failed: rc: %d "
68 "hcall rc: %ld\n", rc, op->hcall_err);
69 atomic_inc(&(nx_ctx->stats->errors));
70 atomic_set(&(nx_ctx->stats->last_error), op->hcall_err);
71 atomic_set(&(nx_ctx->stats->last_error_pid), current->pid);
72 }
73
74 return rc;
75}
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91struct nx_sg *nx_build_sg_list(struct nx_sg *sg_head,
92 u8 *start_addr,
93 unsigned int len,
94 u32 sgmax)
95{
96 unsigned int sg_len = 0;
97 struct nx_sg *sg;
98 u64 sg_addr = (u64)start_addr;
99 u64 end_addr;
100
101
102
103 if (is_vmalloc_addr(start_addr))
104 sg_addr = page_to_phys(vmalloc_to_page(start_addr))
105 + offset_in_page(sg_addr);
106 else
107 sg_addr = __pa(sg_addr);
108
109 end_addr = sg_addr + len;
110
111
112
113
114
115
116
117
118
119
120
121 for (sg = sg_head; sg_len < len; sg++) {
122 u64 next_page;
123
124 sg->addr = sg_addr;
125 sg_addr = min_t(u64, NX_PAGE_NUM(sg_addr + NX_PAGE_SIZE),
126 end_addr);
127
128 next_page = (sg->addr & PAGE_MASK) + PAGE_SIZE;
129 sg->len = min_t(u64, sg_addr, next_page) - sg->addr;
130 sg_len += sg->len;
131
132 if (sg_addr >= next_page &&
133 is_vmalloc_addr(start_addr + sg_len)) {
134 sg_addr = page_to_phys(vmalloc_to_page(
135 start_addr + sg_len));
136 end_addr = sg_addr + len - sg_len;
137 }
138
139 if ((sg - sg_head) == sgmax) {
140 pr_err("nx: scatter/gather list overflow, pid: %d\n",
141 current->pid);
142 return NULL;
143 }
144 }
145
146
147 return sg;
148}
149
150
151
152
153
154
155
156
157
158
159struct nx_sg *nx_walk_and_build(struct nx_sg *nx_dst,
160 unsigned int sglen,
161 struct scatterlist *sg_src,
162 unsigned int start,
163 unsigned int src_len)
164{
165 struct scatter_walk walk;
166 struct nx_sg *nx_sg = nx_dst;
167 unsigned int n, offset = 0, len = src_len;
168 char *dst;
169
170
171 for (;;) {
172 scatterwalk_start(&walk, sg_src);
173
174 if (start < offset + sg_src->length)
175 break;
176
177 offset += sg_src->length;
178 sg_src = scatterwalk_sg_next(sg_src);
179 }
180
181
182
183 scatterwalk_advance(&walk, start - offset);
184
185 while (len && nx_sg) {
186 n = scatterwalk_clamp(&walk, len);
187 if (!n) {
188 scatterwalk_start(&walk, sg_next(walk.sg));
189 n = scatterwalk_clamp(&walk, len);
190 }
191 dst = scatterwalk_map(&walk);
192
193 nx_sg = nx_build_sg_list(nx_sg, dst, n, sglen);
194 len -= n;
195
196 scatterwalk_unmap(dst);
197 scatterwalk_advance(&walk, n);
198 scatterwalk_done(&walk, SCATTERWALK_FROM_SG, len);
199 }
200
201
202 return nx_sg;
203}
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222int nx_build_sg_lists(struct nx_crypto_ctx *nx_ctx,
223 struct blkcipher_desc *desc,
224 struct scatterlist *dst,
225 struct scatterlist *src,
226 unsigned int nbytes,
227 unsigned int offset,
228 u8 *iv)
229{
230 struct nx_sg *nx_insg = nx_ctx->in_sg;
231 struct nx_sg *nx_outsg = nx_ctx->out_sg;
232
233 if (iv)
234 memcpy(iv, desc->info, AES_BLOCK_SIZE);
235
236 nx_insg = nx_walk_and_build(nx_insg, nx_ctx->ap->sglen, src,
237 offset, nbytes);
238 nx_outsg = nx_walk_and_build(nx_outsg, nx_ctx->ap->sglen, dst,
239 offset, nbytes);
240
241
242
243
244 nx_ctx->op.inlen = (nx_ctx->in_sg - nx_insg) * sizeof(struct nx_sg);
245 nx_ctx->op.outlen = (nx_ctx->out_sg - nx_outsg) * sizeof(struct nx_sg);
246
247 return 0;
248}
249
250
251
252
253
254
255
256void nx_ctx_init(struct nx_crypto_ctx *nx_ctx, unsigned int function)
257{
258 spin_lock_init(&nx_ctx->lock);
259 memset(nx_ctx->kmem, 0, nx_ctx->kmem_len);
260 nx_ctx->csbcpb->csb.valid |= NX_CSB_VALID_BIT;
261
262 nx_ctx->op.flags = function;
263 nx_ctx->op.csbcpb = __pa(nx_ctx->csbcpb);
264 nx_ctx->op.in = __pa(nx_ctx->in_sg);
265 nx_ctx->op.out = __pa(nx_ctx->out_sg);
266
267 if (nx_ctx->csbcpb_aead) {
268 nx_ctx->csbcpb_aead->csb.valid |= NX_CSB_VALID_BIT;
269
270 nx_ctx->op_aead.flags = function;
271 nx_ctx->op_aead.csbcpb = __pa(nx_ctx->csbcpb_aead);
272 nx_ctx->op_aead.in = __pa(nx_ctx->in_sg);
273 nx_ctx->op_aead.out = __pa(nx_ctx->out_sg);
274 }
275}
276
277static void nx_of_update_status(struct device *dev,
278 struct property *p,
279 struct nx_of *props)
280{
281 if (!strncmp(p->value, "okay", p->length)) {
282 props->status = NX_WAITING;
283 props->flags |= NX_OF_FLAG_STATUS_SET;
284 } else {
285 dev_info(dev, "%s: status '%s' is not 'okay'\n", __func__,
286 (char *)p->value);
287 }
288}
289
290static void nx_of_update_sglen(struct device *dev,
291 struct property *p,
292 struct nx_of *props)
293{
294 if (p->length != sizeof(props->max_sg_len)) {
295 dev_err(dev, "%s: unexpected format for "
296 "ibm,max-sg-len property\n", __func__);
297 dev_dbg(dev, "%s: ibm,max-sg-len is %d bytes "
298 "long, expected %zd bytes\n", __func__,
299 p->length, sizeof(props->max_sg_len));
300 return;
301 }
302
303 props->max_sg_len = *(u32 *)p->value;
304 props->flags |= NX_OF_FLAG_MAXSGLEN_SET;
305}
306
307static void nx_of_update_msc(struct device *dev,
308 struct property *p,
309 struct nx_of *props)
310{
311 struct msc_triplet *trip;
312 struct max_sync_cop *msc;
313 unsigned int bytes_so_far, i, lenp;
314
315 msc = (struct max_sync_cop *)p->value;
316 lenp = p->length;
317
318
319
320
321
322 bytes_so_far = 0;
323
324 while ((bytes_so_far + sizeof(struct max_sync_cop)) <= lenp) {
325 bytes_so_far += sizeof(struct max_sync_cop);
326
327 trip = msc->trip;
328
329 for (i = 0;
330 ((bytes_so_far + sizeof(struct msc_triplet)) <= lenp) &&
331 i < msc->triplets;
332 i++) {
333 if (msc->fc > NX_MAX_FC || msc->mode > NX_MAX_MODE) {
334 dev_err(dev, "unknown function code/mode "
335 "combo: %d/%d (ignored)\n", msc->fc,
336 msc->mode);
337 goto next_loop;
338 }
339
340 switch (trip->keybitlen) {
341 case 128:
342 case 160:
343 props->ap[msc->fc][msc->mode][0].databytelen =
344 trip->databytelen;
345 props->ap[msc->fc][msc->mode][0].sglen =
346 trip->sglen;
347 break;
348 case 192:
349 props->ap[msc->fc][msc->mode][1].databytelen =
350 trip->databytelen;
351 props->ap[msc->fc][msc->mode][1].sglen =
352 trip->sglen;
353 break;
354 case 256:
355 if (msc->fc == NX_FC_AES) {
356 props->ap[msc->fc][msc->mode][2].
357 databytelen = trip->databytelen;
358 props->ap[msc->fc][msc->mode][2].sglen =
359 trip->sglen;
360 } else if (msc->fc == NX_FC_AES_HMAC ||
361 msc->fc == NX_FC_SHA) {
362 props->ap[msc->fc][msc->mode][1].
363 databytelen = trip->databytelen;
364 props->ap[msc->fc][msc->mode][1].sglen =
365 trip->sglen;
366 } else {
367 dev_warn(dev, "unknown function "
368 "code/key bit len combo"
369 ": (%u/256)\n", msc->fc);
370 }
371 break;
372 case 512:
373 props->ap[msc->fc][msc->mode][2].databytelen =
374 trip->databytelen;
375 props->ap[msc->fc][msc->mode][2].sglen =
376 trip->sglen;
377 break;
378 default:
379 dev_warn(dev, "unknown function code/key bit "
380 "len combo: (%u/%u)\n", msc->fc,
381 trip->keybitlen);
382 break;
383 }
384next_loop:
385 bytes_so_far += sizeof(struct msc_triplet);
386 trip++;
387 }
388
389 msc = (struct max_sync_cop *)trip;
390 }
391
392 props->flags |= NX_OF_FLAG_MAXSYNCCOP_SET;
393}
394
395
396
397
398
399
400
401
402
403
404
405
406static void nx_of_init(struct device *dev, struct nx_of *props)
407{
408 struct device_node *base_node = dev->of_node;
409 struct property *p;
410
411 p = of_find_property(base_node, "status", NULL);
412 if (!p)
413 dev_info(dev, "%s: property 'status' not found\n", __func__);
414 else
415 nx_of_update_status(dev, p, props);
416
417 p = of_find_property(base_node, "ibm,max-sg-len", NULL);
418 if (!p)
419 dev_info(dev, "%s: property 'ibm,max-sg-len' not found\n",
420 __func__);
421 else
422 nx_of_update_sglen(dev, p, props);
423
424 p = of_find_property(base_node, "ibm,max-sync-cop", NULL);
425 if (!p)
426 dev_info(dev, "%s: property 'ibm,max-sync-cop' not found\n",
427 __func__);
428 else
429 nx_of_update_msc(dev, p, props);
430}
431
432
433
434
435
436
437
438
439
440
441static int nx_register_algs(void)
442{
443 int rc = -1;
444
445 if (nx_driver.of.flags != NX_OF_FLAG_MASK_READY)
446 goto out;
447
448 memset(&nx_driver.stats, 0, sizeof(struct nx_stats));
449
450 rc = NX_DEBUGFS_INIT(&nx_driver);
451 if (rc)
452 goto out;
453
454 nx_driver.of.status = NX_OKAY;
455
456 rc = crypto_register_alg(&nx_ecb_aes_alg);
457 if (rc)
458 goto out;
459
460 rc = crypto_register_alg(&nx_cbc_aes_alg);
461 if (rc)
462 goto out_unreg_ecb;
463
464 rc = crypto_register_alg(&nx_ctr_aes_alg);
465 if (rc)
466 goto out_unreg_cbc;
467
468 rc = crypto_register_alg(&nx_ctr3686_aes_alg);
469 if (rc)
470 goto out_unreg_ctr;
471
472 rc = crypto_register_alg(&nx_gcm_aes_alg);
473 if (rc)
474 goto out_unreg_ctr3686;
475
476 rc = crypto_register_alg(&nx_gcm4106_aes_alg);
477 if (rc)
478 goto out_unreg_gcm;
479
480 rc = crypto_register_alg(&nx_ccm_aes_alg);
481 if (rc)
482 goto out_unreg_gcm4106;
483
484 rc = crypto_register_alg(&nx_ccm4309_aes_alg);
485 if (rc)
486 goto out_unreg_ccm;
487
488 rc = crypto_register_shash(&nx_shash_sha256_alg);
489 if (rc)
490 goto out_unreg_ccm4309;
491
492 rc = crypto_register_shash(&nx_shash_sha512_alg);
493 if (rc)
494 goto out_unreg_s256;
495
496 rc = crypto_register_shash(&nx_shash_aes_xcbc_alg);
497 if (rc)
498 goto out_unreg_s512;
499
500 goto out;
501
502out_unreg_s512:
503 crypto_unregister_shash(&nx_shash_sha512_alg);
504out_unreg_s256:
505 crypto_unregister_shash(&nx_shash_sha256_alg);
506out_unreg_ccm4309:
507 crypto_unregister_alg(&nx_ccm4309_aes_alg);
508out_unreg_ccm:
509 crypto_unregister_alg(&nx_ccm_aes_alg);
510out_unreg_gcm4106:
511 crypto_unregister_alg(&nx_gcm4106_aes_alg);
512out_unreg_gcm:
513 crypto_unregister_alg(&nx_gcm_aes_alg);
514out_unreg_ctr3686:
515 crypto_unregister_alg(&nx_ctr3686_aes_alg);
516out_unreg_ctr:
517 crypto_unregister_alg(&nx_ctr_aes_alg);
518out_unreg_cbc:
519 crypto_unregister_alg(&nx_cbc_aes_alg);
520out_unreg_ecb:
521 crypto_unregister_alg(&nx_ecb_aes_alg);
522out:
523 return rc;
524}
525
526
527
528
529
530
531
532
533static int nx_crypto_ctx_init(struct nx_crypto_ctx *nx_ctx, u32 fc, u32 mode)
534{
535 if (nx_driver.of.status != NX_OKAY) {
536 pr_err("Attempt to initialize NX crypto context while device "
537 "is not available!\n");
538 return -ENODEV;
539 }
540
541
542 if (mode == NX_MODE_AES_GCM || mode == NX_MODE_AES_CCM)
543 nx_ctx->kmem_len = (4 * NX_PAGE_SIZE) +
544 sizeof(struct nx_csbcpb);
545 else
546 nx_ctx->kmem_len = (3 * NX_PAGE_SIZE) +
547 sizeof(struct nx_csbcpb);
548
549 nx_ctx->kmem = kmalloc(nx_ctx->kmem_len, GFP_KERNEL);
550 if (!nx_ctx->kmem)
551 return -ENOMEM;
552
553
554 nx_ctx->csbcpb = (struct nx_csbcpb *)(round_up((u64)nx_ctx->kmem,
555 (u64)NX_PAGE_SIZE));
556 nx_ctx->in_sg = (struct nx_sg *)((u8 *)nx_ctx->csbcpb + NX_PAGE_SIZE);
557 nx_ctx->out_sg = (struct nx_sg *)((u8 *)nx_ctx->in_sg + NX_PAGE_SIZE);
558
559 if (mode == NX_MODE_AES_GCM || mode == NX_MODE_AES_CCM)
560 nx_ctx->csbcpb_aead =
561 (struct nx_csbcpb *)((u8 *)nx_ctx->out_sg +
562 NX_PAGE_SIZE);
563
564
565
566 nx_ctx->stats = &nx_driver.stats;
567 memcpy(nx_ctx->props, nx_driver.of.ap[fc][mode],
568 sizeof(struct alg_props) * 3);
569
570 return 0;
571}
572
573
574int nx_crypto_ctx_aes_ccm_init(struct crypto_tfm *tfm)
575{
576 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_AES,
577 NX_MODE_AES_CCM);
578}
579
580int nx_crypto_ctx_aes_gcm_init(struct crypto_tfm *tfm)
581{
582 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_AES,
583 NX_MODE_AES_GCM);
584}
585
586int nx_crypto_ctx_aes_ctr_init(struct crypto_tfm *tfm)
587{
588 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_AES,
589 NX_MODE_AES_CTR);
590}
591
592int nx_crypto_ctx_aes_cbc_init(struct crypto_tfm *tfm)
593{
594 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_AES,
595 NX_MODE_AES_CBC);
596}
597
598int nx_crypto_ctx_aes_ecb_init(struct crypto_tfm *tfm)
599{
600 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_AES,
601 NX_MODE_AES_ECB);
602}
603
604int nx_crypto_ctx_sha_init(struct crypto_tfm *tfm)
605{
606 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_SHA, NX_MODE_SHA);
607}
608
609int nx_crypto_ctx_aes_xcbc_init(struct crypto_tfm *tfm)
610{
611 return nx_crypto_ctx_init(crypto_tfm_ctx(tfm), NX_FC_AES,
612 NX_MODE_AES_XCBC_MAC);
613}
614
615
616
617
618
619
620
621
622
623void nx_crypto_ctx_exit(struct crypto_tfm *tfm)
624{
625 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(tfm);
626
627 kzfree(nx_ctx->kmem);
628 nx_ctx->csbcpb = NULL;
629 nx_ctx->csbcpb_aead = NULL;
630 nx_ctx->in_sg = NULL;
631 nx_ctx->out_sg = NULL;
632}
633
634static int nx_probe(struct vio_dev *viodev, const struct vio_device_id *id)
635{
636 dev_dbg(&viodev->dev, "driver probed: %s resource id: 0x%x\n",
637 viodev->name, viodev->resource_id);
638
639 if (nx_driver.viodev) {
640 dev_err(&viodev->dev, "%s: Attempt to register more than one "
641 "instance of the hardware\n", __func__);
642 return -EINVAL;
643 }
644
645 nx_driver.viodev = viodev;
646
647 nx_of_init(&viodev->dev, &nx_driver.of);
648
649 return nx_register_algs();
650}
651
652static int nx_remove(struct vio_dev *viodev)
653{
654 dev_dbg(&viodev->dev, "entering nx_remove for UA 0x%x\n",
655 viodev->unit_address);
656
657 if (nx_driver.of.status == NX_OKAY) {
658 NX_DEBUGFS_FINI(&nx_driver);
659
660 crypto_unregister_alg(&nx_ccm_aes_alg);
661 crypto_unregister_alg(&nx_ccm4309_aes_alg);
662 crypto_unregister_alg(&nx_gcm_aes_alg);
663 crypto_unregister_alg(&nx_gcm4106_aes_alg);
664 crypto_unregister_alg(&nx_ctr_aes_alg);
665 crypto_unregister_alg(&nx_ctr3686_aes_alg);
666 crypto_unregister_alg(&nx_cbc_aes_alg);
667 crypto_unregister_alg(&nx_ecb_aes_alg);
668 crypto_unregister_shash(&nx_shash_sha256_alg);
669 crypto_unregister_shash(&nx_shash_sha512_alg);
670 crypto_unregister_shash(&nx_shash_aes_xcbc_alg);
671 }
672
673 return 0;
674}
675
676
677
678static int __init nx_init(void)
679{
680 return vio_register_driver(&nx_driver.viodriver);
681}
682
683static void __exit nx_fini(void)
684{
685 vio_unregister_driver(&nx_driver.viodriver);
686}
687
688static struct vio_device_id nx_crypto_driver_ids[] = {
689 { "ibm,sym-encryption-v1", "ibm,sym-encryption" },
690 { "", "" }
691};
692MODULE_DEVICE_TABLE(vio, nx_crypto_driver_ids);
693
694
695struct nx_crypto_driver nx_driver = {
696 .viodriver = {
697 .id_table = nx_crypto_driver_ids,
698 .probe = nx_probe,
699 .remove = nx_remove,
700 .name = NX_NAME,
701 },
702};
703
704module_init(nx_init);
705module_exit(nx_fini);
706
707MODULE_AUTHOR("Kent Yoder <yoder1@us.ibm.com>");
708MODULE_DESCRIPTION(NX_STRING);
709MODULE_LICENSE("GPL");
710MODULE_VERSION(NX_VERSION);
711