sun8i_crypto.c revision 1.14.2.3
1 /* $NetBSD: sun8i_crypto.c,v 1.14.2.3 2021/04/25 11:13:03 martin Exp $ */ 2 3 /*- 4 * Copyright (c) 2019 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Taylor R. Campbell. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * sun8i_crypto -- Allwinner Crypto Engine driver 34 * 35 * The Crypto Engine is documented in Sec. 3.15 of the Allwinner A64 36 * User Manual v1.1, on pp. 230--241. We only use it for the TRNG at 37 * the moment, but in principle it could be wired up with opencrypto(9) 38 * to compute AES, DES, 3DES, MD5, SHA-1, SHA-224, SHA-256, HMAC-SHA1, 39 * HMAC-HA256, RSA, and an undocumented PRNG. It also seems to support 40 * AES keys in SRAM (for some kind of HDMI HDCP stuff?). 41 * 42 * https://linux-sunxi.org/images/b/b4/Allwinner_A64_User_Manual_V1.1.pdf 43 */ 44 45 #include <sys/cdefs.h> 46 __KERNEL_RCSID(1, "$NetBSD: sun8i_crypto.c,v 1.14.2.3 2021/04/25 11:13:03 martin Exp $"); 47 48 #include <sys/types.h> 49 #include <sys/param.h> 50 #include <sys/atomic.h> 51 #include <sys/bus.h> 52 #include <sys/callout.h> 53 #include <sys/conf.h> 54 #include <sys/device.h> 55 #include <sys/kernel.h> 56 #include <sys/kmem.h> 57 #include <sys/mutex.h> 58 #include <sys/rndpool.h> 59 #include <sys/rndsource.h> 60 #include <sys/sysctl.h> 61 #include <sys/workqueue.h> 62 63 #include <dev/fdt/fdtvar.h> 64 65 #include <arm/sunxi/sun8i_crypto.h> 66 67 #define SUN8I_CRYPTO_TIMEOUT hz 68 #define SUN8I_CRYPTO_RNGENTROPY 100 /* estimated bits per bit of entropy */ 69 #define SUN8I_CRYPTO_RNGBYTES PAGE_SIZE 70 71 struct sun8i_crypto_task; 72 73 struct sun8i_crypto_buf { 74 bus_dma_segment_t cb_seg[1]; 75 int cb_nsegs; 76 bus_dmamap_t cb_map; 77 void *cb_kva; 78 }; 79 80 struct sun8i_crypto_softc { 81 device_t sc_dev; 82 bus_space_tag_t sc_bst; 83 bus_space_handle_t sc_bsh; 84 bus_dma_tag_t sc_dmat; 85 kmutex_t sc_lock; 86 struct sun8i_crypto_chan { 87 struct sun8i_crypto_task *cc_task; 88 unsigned cc_starttime; 89 } sc_chan[SUN8I_CRYPTO_NCHAN]; 90 struct callout sc_timeout; 91 struct workqueue *sc_wq; 92 struct work sc_work; 93 void *sc_ih; 94 uint32_t sc_done; 95 uint32_t sc_esr; 96 bool sc_work_pending; 97 struct sun8i_crypto_rng { 98 struct sun8i_crypto_buf cr_buf; 99 struct sun8i_crypto_task *cr_task; 100 struct krndsource cr_rndsource; 101 bool cr_pending; 102 } sc_rng; 103 struct sun8i_crypto_selftest { 104 struct sun8i_crypto_buf cs_in; 105 struct sun8i_crypto_buf cs_key; 106 struct sun8i_crypto_buf cs_out; 107 struct sun8i_crypto_task *cs_task; 108 } sc_selftest; 109 struct sun8i_crypto_sysctl { 110 struct sysctllog *cy_log; 111 const struct sysctlnode *cy_root_node; 112 const struct sysctlnode *cy_trng_node; 113 } sc_sysctl; 114 }; 115 116 struct sun8i_crypto_task { 117 struct sun8i_crypto_buf ct_buf; 118 struct sun8i_crypto_taskdesc *ct_desc; 119 void (*ct_callback)(struct sun8i_crypto_softc *, 120 struct sun8i_crypto_task *, void *, int); 121 void *ct_cookie; 122 }; 123 124 /* 125 * Forward declarations 126 */ 127 128 static int sun8i_crypto_match(device_t, cfdata_t, void *); 129 static void sun8i_crypto_attach(device_t, device_t, void *); 130 131 static struct sun8i_crypto_task * 132 sun8i_crypto_task_get(struct sun8i_crypto_softc *, 133 void (*)(struct sun8i_crypto_softc *, 134 struct sun8i_crypto_task *, void *, int), 135 void *); 136 static void sun8i_crypto_task_put(struct sun8i_crypto_softc *, 137 struct sun8i_crypto_task *); 138 static void sun8i_crypto_task_reset(struct sun8i_crypto_task *); 139 140 static void sun8i_crypto_task_set_key(struct sun8i_crypto_task *, 141 bus_dmamap_t); 142 static void sun8i_crypto_task_set_iv(struct sun8i_crypto_task *, 143 bus_dmamap_t); 144 static void sun8i_crypto_task_set_ctr(struct sun8i_crypto_task *, 145 bus_dmamap_t); 146 static void sun8i_crypto_task_set_input(struct sun8i_crypto_task *, 147 bus_dmamap_t); 148 static void sun8i_crypto_task_set_output(struct sun8i_crypto_task *, 149 bus_dmamap_t); 150 151 static void sun8i_crypto_task_scatter(struct sun8i_crypto_adrlen *, 152 bus_dmamap_t); 153 154 static int sun8i_crypto_submit_trng(struct sun8i_crypto_softc *, 155 struct sun8i_crypto_task *, uint32_t); 156 static int sun8i_crypto_submit_aesecb(struct sun8i_crypto_softc *, 157 struct sun8i_crypto_task *, uint32_t, uint32_t, uint32_t); 158 static int sun8i_crypto_submit(struct sun8i_crypto_softc *, 159 struct sun8i_crypto_task *); 160 161 static void sun8i_crypto_timeout(void *); 162 static int sun8i_crypto_intr(void *); 163 static void sun8i_crypto_schedule_worker(struct sun8i_crypto_softc *); 164 static void sun8i_crypto_worker(struct work *, void *); 165 static void sun8i_crypto_chan_done(struct sun8i_crypto_softc *, unsigned, 166 int); 167 168 static int sun8i_crypto_allocbuf(struct sun8i_crypto_softc *, size_t, 169 struct sun8i_crypto_buf *); 170 static void sun8i_crypto_freebuf(struct sun8i_crypto_softc *, size_t, 171 struct sun8i_crypto_buf *); 172 173 static void sun8i_crypto_rng_attach(struct sun8i_crypto_softc *); 174 static void sun8i_crypto_rng_get(size_t, void *); 175 static void sun8i_crypto_rng_done(struct sun8i_crypto_softc *, 176 struct sun8i_crypto_task *, void *, int); 177 178 static void sun8i_crypto_selftest(device_t); 179 static void sun8i_crypto_selftest_done(struct sun8i_crypto_softc *, 180 struct sun8i_crypto_task *, void *, int); 181 182 static void sun8i_crypto_sysctl_attach(struct sun8i_crypto_softc *); 183 static int sun8i_crypto_sysctl_rng(SYSCTLFN_ARGS); 184 static void sun8i_crypto_sysctl_rng_done(struct sun8i_crypto_softc *, 185 struct sun8i_crypto_task *, void *, int); 186 187 /* 188 * Register access 189 */ 190 191 static uint32_t 192 sun8i_crypto_read(struct sun8i_crypto_softc *sc, bus_addr_t reg) 193 { 194 return bus_space_read_4(sc->sc_bst, sc->sc_bsh, reg); 195 } 196 197 static void 198 sun8i_crypto_write(struct sun8i_crypto_softc *sc, bus_addr_t reg, uint32_t v) 199 { 200 bus_space_write_4(sc->sc_bst, sc->sc_bsh, reg, v); 201 } 202 203 /* 204 * Autoconf goo 205 */ 206 207 CFATTACH_DECL_NEW(sun8i_crypto, sizeof(struct sun8i_crypto_softc), 208 sun8i_crypto_match, sun8i_crypto_attach, NULL, NULL); 209 210 static const struct of_compat_data compat_data[] = { 211 {"allwinner,sun50i-a64-crypto", 0}, 212 {"allwinner,sun50i-h5-crypto", 0}, 213 {NULL} 214 }; 215 216 static int 217 sun8i_crypto_match(device_t parent, cfdata_t cf, void *aux) 218 { 219 const struct fdt_attach_args *const faa = aux; 220 221 return of_match_compat_data(faa->faa_phandle, compat_data); 222 } 223 224 static void 225 sun8i_crypto_attach(device_t parent, device_t self, void *aux) 226 { 227 struct sun8i_crypto_softc *const sc = device_private(self); 228 const struct fdt_attach_args *const faa = aux; 229 bus_addr_t addr; 230 bus_size_t size; 231 const int phandle = faa->faa_phandle; 232 char intrstr[128]; 233 struct clk *clk; 234 struct fdtbus_reset *rst; 235 236 sc->sc_dev = self; 237 sc->sc_dmat = faa->faa_dmat; 238 sc->sc_bst = faa->faa_bst; 239 mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_VM); 240 callout_init(&sc->sc_timeout, CALLOUT_MPSAFE); 241 callout_setfunc(&sc->sc_timeout, &sun8i_crypto_timeout, sc); 242 if (workqueue_create(&sc->sc_wq, device_xname(self), 243 &sun8i_crypto_worker, sc, PRI_NONE, IPL_VM, WQ_MPSAFE) != 0) { 244 aprint_error(": couldn't create workqueue\n"); 245 return; 246 } 247 248 /* Get and map device registers. */ 249 if (fdtbus_get_reg(phandle, 0, &addr, &size) != 0) { 250 aprint_error(": couldn't get registers\n"); 251 return; 252 } 253 if (bus_space_map(sc->sc_bst, addr, size, 0, &sc->sc_bsh) != 0) { 254 aprint_error(": couldn't map registers\n"); 255 return; 256 } 257 258 /* Get an interrupt handle. */ 259 if (!fdtbus_intr_str(phandle, 0, intrstr, sizeof(intrstr))) { 260 aprint_error(": failed to decode interrupt\n"); 261 return; 262 } 263 264 /* Enable the bus clock. */ 265 if (fdtbus_clock_enable(phandle, "bus", true) != 0) { 266 aprint_error(": couldn't enable bus clock\n"); 267 return; 268 } 269 270 /* Get the module clock and set it to 300 MHz. */ 271 if ((clk = fdtbus_clock_get(phandle, "mod")) != NULL) { 272 if (clk_enable(clk) != 0) { 273 aprint_error(": couldn't enable CE clock\n"); 274 return; 275 } 276 if (clk_set_rate(clk, 300*1000*1000) != 0) { 277 aprint_error(": couldn't set CE clock to 300MHz\n"); 278 return; 279 } 280 } 281 282 /* Get a reset handle if we need and try to deassert it. */ 283 if ((rst = fdtbus_reset_get_index(phandle, 0)) != NULL) { 284 if (fdtbus_reset_deassert(rst) != 0) { 285 aprint_error(": couldn't de-assert reset\n"); 286 return; 287 } 288 } 289 290 aprint_naive("\n"); 291 aprint_normal(": Crypto Engine\n"); 292 aprint_debug_dev(self, ": clock freq %d\n", clk_get_rate(clk)); 293 294 /* Disable and clear interrupts. */ 295 sun8i_crypto_write(sc, SUN8I_CRYPTO_ICR, 0); 296 sun8i_crypto_write(sc, SUN8I_CRYPTO_ISR, 0); 297 298 /* Establish an interrupt handler. */ 299 sc->sc_ih = fdtbus_intr_establish(phandle, 0, IPL_VM, FDT_INTR_MPSAFE, 300 &sun8i_crypto_intr, sc); 301 if (sc->sc_ih == NULL) { 302 aprint_error_dev(self, "failed to establish interrupt on %s\n", 303 intrstr); 304 return; 305 } 306 aprint_normal_dev(self, "interrupting on %s\n", intrstr); 307 308 /* Set up the RNG. */ 309 sun8i_crypto_rng_attach(sc); 310 311 /* Attach the sysctl. */ 312 sun8i_crypto_sysctl_attach(sc); 313 314 /* Perform self-tests. */ 315 config_interrupts(self, sun8i_crypto_selftest); 316 } 317 318 /* 319 * Task allocation 320 */ 321 322 static struct sun8i_crypto_task * 323 sun8i_crypto_task_get(struct sun8i_crypto_softc *sc, 324 void (*callback)(struct sun8i_crypto_softc *, struct sun8i_crypto_task *, 325 void *, int), 326 void *cookie) 327 { 328 struct sun8i_crypto_task *task; 329 int error; 330 331 /* Allocate a task. */ 332 task = kmem_zalloc(sizeof(*task), KM_SLEEP); 333 334 /* Allocate a buffer for the descriptor. */ 335 error = sun8i_crypto_allocbuf(sc, sizeof(*task->ct_desc), 336 &task->ct_buf); 337 if (error) 338 goto fail0; 339 340 /* Initialize the task object and return it. */ 341 task->ct_desc = task->ct_buf.cb_kva; 342 task->ct_callback = callback; 343 task->ct_cookie = cookie; 344 return task; 345 346 fail1: __unused 347 sun8i_crypto_freebuf(sc, sizeof(*task->ct_desc), &task->ct_buf); 348 fail0: kmem_free(task, sizeof(*task)); 349 return NULL; 350 } 351 352 static void 353 sun8i_crypto_task_put(struct sun8i_crypto_softc *sc, 354 struct sun8i_crypto_task *task) 355 { 356 357 sun8i_crypto_freebuf(sc, sizeof(*task->ct_desc), &task->ct_buf); 358 kmem_free(task, sizeof(*task)); 359 } 360 361 /* 362 * Task descriptor setup 363 * 364 * WARNING: Task descriptor fields are little-endian, not host-endian. 365 */ 366 367 static void 368 sun8i_crypto_task_reset(struct sun8i_crypto_task *task) 369 { 370 371 memset(task->ct_desc, 0, sizeof(*task->ct_desc)); 372 } 373 374 static void 375 sun8i_crypto_task_set_key(struct sun8i_crypto_task *task, bus_dmamap_t map) 376 { 377 378 KASSERT(map->dm_nsegs == 1); 379 task->ct_desc->td_keydesc = htole32(map->dm_segs[0].ds_addr); 380 } 381 382 static void __unused /* XXX opencrypto(9) */ 383 sun8i_crypto_task_set_iv(struct sun8i_crypto_task *task, bus_dmamap_t map) 384 { 385 386 KASSERT(map->dm_nsegs == 1); 387 task->ct_desc->td_ivdesc = htole32(map->dm_segs[0].ds_addr); 388 } 389 390 static void __unused /* XXX opencrypto(9) */ 391 sun8i_crypto_task_set_ctr(struct sun8i_crypto_task *task, bus_dmamap_t map) 392 { 393 394 KASSERT(map->dm_nsegs == 1); 395 task->ct_desc->td_ctrdesc = htole32(map->dm_segs[0].ds_addr); 396 } 397 398 static void 399 sun8i_crypto_task_set_input(struct sun8i_crypto_task *task, bus_dmamap_t map) 400 { 401 402 sun8i_crypto_task_scatter(task->ct_desc->td_src, map); 403 } 404 405 static void 406 sun8i_crypto_task_set_output(struct sun8i_crypto_task *task, bus_dmamap_t map) 407 { 408 409 sun8i_crypto_task_scatter(task->ct_desc->td_dst, map); 410 } 411 412 static void 413 sun8i_crypto_task_scatter(struct sun8i_crypto_adrlen *adrlen, bus_dmamap_t map) 414 { 415 uint32_t total __diagused = 0; 416 unsigned i; 417 418 KASSERT(map->dm_nsegs <= SUN8I_CRYPTO_MAXSEGS); 419 for (i = 0; i < map->dm_nsegs; i++) { 420 KASSERT((map->dm_segs[i].ds_addr % 4) == 0); 421 KASSERT(map->dm_segs[i].ds_addr <= UINT32_MAX); 422 KASSERT(map->dm_segs[i].ds_len <= UINT32_MAX - total); 423 adrlen[i].adr = htole32(map->dm_segs[i].ds_addr); 424 adrlen[i].len = htole32(map->dm_segs[i].ds_len/4); 425 total += map->dm_segs[i].ds_len; 426 } 427 428 /* Verify the remainder are zero. */ 429 for (; i < SUN8I_CRYPTO_MAXSEGS; i++) { 430 KASSERT(adrlen[i].adr == 0); 431 KASSERT(adrlen[i].len == 0); 432 } 433 434 /* Verify the total size matches the DMA map. */ 435 KASSERT(total == map->dm_mapsize); 436 } 437 438 /* 439 * Task submission 440 * 441 * WARNING: Task descriptor fields are little-endian, not host-endian. 442 */ 443 444 static int 445 sun8i_crypto_submit_trng(struct sun8i_crypto_softc *sc, 446 struct sun8i_crypto_task *task, uint32_t datalen) 447 { 448 struct sun8i_crypto_taskdesc *desc = task->ct_desc; 449 uint32_t tdqc = 0; 450 uint32_t total __diagused; 451 unsigned i __diagused; 452 453 /* Data length must be a multiple of 4 because...reasons. */ 454 KASSERT((datalen % 4) == 0); 455 456 /* All of the sources should be empty. */ 457 for (total = 0, i = 0; i < SUN8I_CRYPTO_MAXSEGS; i++) 458 KASSERT(le32toh(task->ct_desc->td_src[i].len) == 0); 459 460 /* Verify the total output length -- should be datalen/4. */ 461 for (total = 0, i = 0; i < SUN8I_CRYPTO_MAXSEGS; i++) { 462 uint32_t len = le32toh(task->ct_desc->td_dst[i].len); 463 KASSERT(len <= UINT32_MAX - total); 464 total += len; 465 } 466 KASSERT(total == datalen/4); 467 468 /* Verify the key, IV, and CTR are unset. */ 469 KASSERT(desc->td_keydesc == 0); 470 KASSERT(desc->td_ivdesc == 0); 471 KASSERT(desc->td_ctrdesc == 0); 472 473 /* Set up the task descriptor queue control words. */ 474 tdqc |= SUN8I_CRYPTO_TDQC_INTR_EN; 475 tdqc |= __SHIFTIN(SUN8I_CRYPTO_TDQC_METHOD_TRNG, 476 SUN8I_CRYPTO_TDQC_METHOD); 477 desc->td_tdqc = htole32(tdqc); 478 desc->td_tdqs = 0; /* no symmetric crypto */ 479 desc->td_tdqa = 0; /* no asymmetric crypto */ 480 481 /* Set the data length for the output. */ 482 desc->td_datalen = htole32(datalen/4); 483 484 /* Submit! */ 485 return sun8i_crypto_submit(sc, task); 486 } 487 488 static int 489 sun8i_crypto_submit_aesecb(struct sun8i_crypto_softc *sc, 490 struct sun8i_crypto_task *task, 491 uint32_t datalen, uint32_t keysize, uint32_t dir) 492 { 493 struct sun8i_crypto_taskdesc *desc = task->ct_desc; 494 uint32_t tdqc = 0, tdqs = 0; 495 uint32_t total __diagused; 496 unsigned i __diagused; 497 498 /* 499 * Data length must be a multiple of 4 because...reasons. 500 * 501 * WARNING: For `AES-CTS' (maybe that means AES-XTS?), datalen 502 * is in units of bytes, not units of words -- but everything 503 * _else_ is in units of words. This routine applies only to 504 * AES-ECB for the self-test. 505 */ 506 KASSERT((datalen % 4) == 0); 507 508 /* Verify the total input length -- should be datalen/4. */ 509 for (total = 0, i = 0; i < SUN8I_CRYPTO_MAXSEGS; i++) { 510 uint32_t len = le32toh(task->ct_desc->td_src[i].len); 511 KASSERT(len <= UINT32_MAX - total); 512 total += len; 513 } 514 KASSERT(total == datalen/4); 515 516 /* Verify the total output length -- should be datalen/4. */ 517 for (total = 0, i = 0; i < SUN8I_CRYPTO_MAXSEGS; i++) { 518 uint32_t len = le32toh(task->ct_desc->td_dst[i].len); 519 KASSERT(len <= UINT32_MAX - total); 520 total += len; 521 } 522 KASSERT(total == datalen/4); 523 524 /* Set up the task descriptor queue control word. */ 525 tdqc |= SUN8I_CRYPTO_TDQC_INTR_EN; 526 tdqc |= __SHIFTIN(SUN8I_CRYPTO_TDQC_METHOD_AES, 527 SUN8I_CRYPTO_TDQC_METHOD); 528 desc->td_tdqc = htole32(tdqc); 529 530 /* Set up the symmetric control word. */ 531 tdqs |= __SHIFTIN(SUN8I_CRYPTO_TDQS_SKEY_SELECT_SS_KEYx, 532 SUN8I_CRYPTO_TDQS_SKEY_SELECT); 533 tdqs |= __SHIFTIN(SUN8I_CRYPTO_TDQS_OP_MODE_ECB, 534 SUN8I_CRYPTO_TDQS_OP_MODE); 535 tdqs |= __SHIFTIN(SUN8I_CRYPTO_TDQS_AES_KEYSIZE_128, 536 SUN8I_CRYPTO_TDQS_AES_KEYSIZE); 537 desc->td_tdqs = htole32(tdqs); 538 539 desc->td_tdqa = 0; /* no asymmetric crypto */ 540 541 /* Set the data length for the output. */ 542 desc->td_datalen = htole32(datalen/4); 543 544 /* Submit! */ 545 return sun8i_crypto_submit(sc, task); 546 } 547 548 static int 549 sun8i_crypto_submit(struct sun8i_crypto_softc *sc, 550 struct sun8i_crypto_task *task) 551 { 552 unsigned i, retries = 0; 553 uint32_t icr; 554 int error = 0; 555 556 /* One at a time at the device registers, please. */ 557 mutex_enter(&sc->sc_lock); 558 559 /* Find a channel. */ 560 for (i = 0; i < SUN8I_CRYPTO_NCHAN; i++) { 561 if (sc->sc_chan[i].cc_task == NULL) 562 break; 563 } 564 if (i == SUN8I_CRYPTO_NCHAN) { 565 device_printf(sc->sc_dev, "no free channels\n"); 566 error = ERESTART; 567 goto out; 568 } 569 570 /* 571 * Set the channel id. Caller is responsible for setting up 572 * all other parts of the descriptor. 573 */ 574 task->ct_desc->td_cid = htole32(i); 575 576 /* Prepare to send the descriptor to the device by DMA. */ 577 bus_dmamap_sync(sc->sc_dmat, task->ct_buf.cb_map, 0, 578 sizeof(*task->ct_desc), BUS_DMASYNC_PREWRITE); 579 580 /* Confirm we're ready to go. */ 581 if (sun8i_crypto_read(sc, SUN8I_CRYPTO_TLR) & SUN8I_CRYPTO_TLR_LOAD) { 582 device_printf(sc->sc_dev, "TLR not clear\n"); 583 error = EIO; 584 goto out; 585 } 586 587 /* Enable interrupts for this channel. */ 588 icr = sun8i_crypto_read(sc, SUN8I_CRYPTO_ICR); 589 icr |= __SHIFTIN(SUN8I_CRYPTO_ICR_INTR_EN_CHAN(i), 590 SUN8I_CRYPTO_ICR_INTR_EN); 591 sun8i_crypto_write(sc, SUN8I_CRYPTO_ICR, icr); 592 593 /* Set the task descriptor queue address. */ 594 sun8i_crypto_write(sc, SUN8I_CRYPTO_TDQ, 595 task->ct_buf.cb_map->dm_segs[0].ds_addr); 596 597 /* Notify the engine to load it, and wait for acknowledgement. */ 598 sun8i_crypto_write(sc, SUN8I_CRYPTO_TLR, SUN8I_CRYPTO_TLR_LOAD); 599 while (sun8i_crypto_read(sc, SUN8I_CRYPTO_TLR) & SUN8I_CRYPTO_TLR_LOAD) 600 { 601 /* 602 * XXX Timeout pulled from arse. Is it even important 603 * to wait here? 604 */ 605 if (++retries == 1000) { 606 device_printf(sc->sc_dev, "TLR didn't clear: %08x\n", 607 sun8i_crypto_read(sc, SUN8I_CRYPTO_TLR)); 608 /* 609 * Hope it clears eventually; if not, we'll 610 * time out. 611 */ 612 break; 613 } 614 DELAY(1); 615 } 616 617 /* Loaded up and ready to go. Start a timer ticking. */ 618 sc->sc_chan[i].cc_task = task; 619 sc->sc_chan[i].cc_starttime = atomic_load_relaxed(&hardclock_ticks); 620 callout_schedule(&sc->sc_timeout, SUN8I_CRYPTO_TIMEOUT); 621 622 /* XXX Consider polling if cold to get entropy earlier. */ 623 624 out: /* Done! */ 625 mutex_exit(&sc->sc_lock); 626 return error; 627 } 628 629 static void 630 sun8i_crypto_timeout(void *cookie) 631 { 632 struct sun8i_crypto_softc *sc = cookie; 633 unsigned i; 634 635 mutex_enter(&sc->sc_lock); 636 637 /* Check whether there are any tasks pending. */ 638 for (i = 0; i < SUN8I_CRYPTO_NCHAN; i++) { 639 if (sc->sc_chan[i].cc_task) 640 break; 641 } 642 if (i == SUN8I_CRYPTO_NCHAN) 643 /* None pending, so nothing to do. */ 644 goto out; 645 646 /* 647 * Schedule the worker to check for timeouts, and schedule 648 * another timeout in case we need it. 649 */ 650 sun8i_crypto_schedule_worker(sc); 651 callout_schedule(&sc->sc_timeout, SUN8I_CRYPTO_TIMEOUT); 652 653 out: mutex_exit(&sc->sc_lock); 654 } 655 656 static int 657 sun8i_crypto_intr(void *cookie) 658 { 659 struct sun8i_crypto_softc *sc = cookie; 660 uint32_t isr, esr; 661 662 mutex_enter(&sc->sc_lock); 663 664 /* 665 * Get and acknowledge the interrupts and error status. 666 * 667 * XXX Data sheet says the error status register is read-only, 668 * but then advises writing 1 to bit x1xx (keysram access error 669 * for AES, SUN8I_CRYPTO_ESR_KEYSRAMERR) to clear it. What do? 670 */ 671 isr = sun8i_crypto_read(sc, SUN8I_CRYPTO_ISR); 672 esr = sun8i_crypto_read(sc, SUN8I_CRYPTO_ESR); 673 sun8i_crypto_write(sc, SUN8I_CRYPTO_ISR, isr); 674 sun8i_crypto_write(sc, SUN8I_CRYPTO_ESR, esr); 675 676 /* Start the worker if necessary. */ 677 sun8i_crypto_schedule_worker(sc); 678 679 /* Tell the worker what to do. */ 680 sc->sc_done |= __SHIFTOUT(isr, SUN8I_CRYPTO_ISR_DONE); 681 sc->sc_esr |= esr; 682 683 mutex_exit(&sc->sc_lock); 684 685 return __SHIFTOUT(isr, SUN8I_CRYPTO_ISR_DONE) != 0; 686 } 687 688 static void 689 sun8i_crypto_schedule_worker(struct sun8i_crypto_softc *sc) 690 { 691 692 KASSERT(mutex_owned(&sc->sc_lock)); 693 694 /* Start the worker if necessary. */ 695 if (!sc->sc_work_pending) { 696 workqueue_enqueue(sc->sc_wq, &sc->sc_work, NULL); 697 sc->sc_work_pending = true; 698 } 699 } 700 701 static void 702 sun8i_crypto_worker(struct work *wk, void *cookie) 703 { 704 struct sun8i_crypto_softc *sc = cookie; 705 uint32_t done, esr, esr_chan; 706 unsigned i, now; 707 int error; 708 709 /* 710 * Acquire the lock. Note: We will be releasing and 711 * reacquiring it throughout the loop. 712 */ 713 mutex_enter(&sc->sc_lock); 714 715 /* Acknowledge the work. */ 716 KASSERT(sc->sc_work_pending); 717 sc->sc_work_pending = false; 718 719 /* 720 * Claim the done mask and error status once; we will be 721 * releasing and reacquiring the lock for the callbacks, so 722 * they may change. 723 */ 724 done = sc->sc_done; 725 esr = sc->sc_esr; 726 sc->sc_done = 0; 727 sc->sc_esr = 0; 728 729 /* Check the time to determine what's timed out. */ 730 now = atomic_load_relaxed(&hardclock_ticks); 731 732 /* Process the channels. */ 733 for (i = 0; i < SUN8I_CRYPTO_NCHAN; i++) { 734 /* Check whether the channel is done. */ 735 if (!ISSET(done, SUN8I_CRYPTO_ISR_DONE_CHAN(i))) { 736 /* Nope. Do we have a task to time out? */ 737 if ((sc->sc_chan[i].cc_task != NULL) && 738 ((now - sc->sc_chan[i].cc_starttime) >= 739 SUN8I_CRYPTO_TIMEOUT)) 740 sun8i_crypto_chan_done(sc, i, ETIMEDOUT); 741 continue; 742 } 743 744 /* Channel is done. Interpret the error if any. */ 745 esr_chan = __SHIFTOUT(esr, SUN8I_CRYPTO_ESR_CHAN(i)); 746 if (esr_chan & SUN8I_CRYPTO_ESR_CHAN_ALGNOTSUP) { 747 device_printf(sc->sc_dev, "channel %u:" 748 " alg not supported\n", i); 749 error = ENODEV; 750 } else if (esr_chan & SUN8I_CRYPTO_ESR_CHAN_DATALENERR) { 751 device_printf(sc->sc_dev, "channel %u:" 752 " data length error\n", i); 753 error = EIO; /* XXX */ 754 } else if (esr_chan & SUN8I_CRYPTO_ESR_CHAN_KEYSRAMERR) { 755 device_printf(sc->sc_dev, "channel %u:" 756 " key sram error\n", i); 757 error = EIO; /* XXX */ 758 } else if (esr_chan != 0) { 759 error = EIO; /* generic I/O error */ 760 } else { 761 error = 0; 762 } 763 764 /* 765 * Notify the task of completion. May release the lock 766 * to invoke a callback. 767 */ 768 sun8i_crypto_chan_done(sc, i, error); 769 } 770 771 /* All one; release the lock one last time. */ 772 mutex_exit(&sc->sc_lock); 773 } 774 775 static void 776 sun8i_crypto_chan_done(struct sun8i_crypto_softc *sc, unsigned i, int error) 777 { 778 struct sun8i_crypto_task *task; 779 uint32_t icr; 780 781 KASSERT(mutex_owned(&sc->sc_lock)); 782 783 /* Claim the task if there is one; bail if not. */ 784 if ((task = sc->sc_chan[i].cc_task) == NULL) { 785 device_printf(sc->sc_dev, "channel %u: no task but error=%d\n", 786 i, error); 787 return; 788 } 789 sc->sc_chan[i].cc_task = NULL; 790 791 /* Disable interrupts on this channel. */ 792 icr = sun8i_crypto_read(sc, SUN8I_CRYPTO_ICR); 793 icr &= ~__SHIFTIN(SUN8I_CRYPTO_ICR_INTR_EN_CHAN(i), 794 SUN8I_CRYPTO_ICR_INTR_EN); 795 sun8i_crypto_write(sc, SUN8I_CRYPTO_ICR, icr); 796 797 /* Finished sending the descriptor to the device by DMA. */ 798 bus_dmamap_sync(sc->sc_dmat, task->ct_buf.cb_map, 0, 799 sizeof(*task->ct_desc), BUS_DMASYNC_POSTWRITE); 800 801 /* Temporarily release the lock to invoke the callback. */ 802 mutex_exit(&sc->sc_lock); 803 (*task->ct_callback)(sc, task, task->ct_cookie, error); 804 mutex_enter(&sc->sc_lock); 805 } 806 807 /* 808 * DMA buffers 809 */ 810 811 static int 812 sun8i_crypto_allocbuf(struct sun8i_crypto_softc *sc, size_t size, 813 struct sun8i_crypto_buf *buf) 814 { 815 int error; 816 817 /* Allocate a DMA-safe buffer. */ 818 error = bus_dmamem_alloc(sc->sc_dmat, size, 0, 0, buf->cb_seg, 819 __arraycount(buf->cb_seg), &buf->cb_nsegs, BUS_DMA_WAITOK); 820 if (error) 821 goto fail0; 822 823 /* Map the buffer into kernel virtual address space. */ 824 error = bus_dmamem_map(sc->sc_dmat, buf->cb_seg, buf->cb_nsegs, 825 size, &buf->cb_kva, BUS_DMA_WAITOK); 826 if (error) 827 goto fail1; 828 829 /* Create a DMA map for the buffer. */ 830 error = bus_dmamap_create(sc->sc_dmat, size, 1, size, 0, 831 BUS_DMA_WAITOK, &buf->cb_map); 832 if (error) 833 goto fail2; 834 835 /* Load the buffer into the DMA map. */ 836 error = bus_dmamap_load(sc->sc_dmat, buf->cb_map, buf->cb_kva, size, 837 NULL, BUS_DMA_WAITOK); 838 if (error) 839 goto fail3; 840 841 /* Success! */ 842 return 0; 843 844 fail4: __unused 845 bus_dmamap_unload(sc->sc_dmat, buf->cb_map); 846 fail3: bus_dmamap_destroy(sc->sc_dmat, buf->cb_map); 847 fail2: bus_dmamem_unmap(sc->sc_dmat, buf->cb_kva, size); 848 fail1: bus_dmamem_free(sc->sc_dmat, buf->cb_seg, buf->cb_nsegs); 849 fail0: return error; 850 } 851 852 static void 853 sun8i_crypto_freebuf(struct sun8i_crypto_softc *sc, size_t size, 854 struct sun8i_crypto_buf *buf) 855 { 856 857 bus_dmamap_unload(sc->sc_dmat, buf->cb_map); 858 bus_dmamap_destroy(sc->sc_dmat, buf->cb_map); 859 bus_dmamem_unmap(sc->sc_dmat, buf->cb_kva, size); 860 bus_dmamem_free(sc->sc_dmat, buf->cb_seg, buf->cb_nsegs); 861 } 862 863 /* 864 * Crypto Engine - TRNG 865 */ 866 867 static void 868 sun8i_crypto_rng_attach(struct sun8i_crypto_softc *sc) 869 { 870 device_t self = sc->sc_dev; 871 struct sun8i_crypto_rng *rng = &sc->sc_rng; 872 int error; 873 874 /* Preallocate a buffer to reuse. */ 875 error = sun8i_crypto_allocbuf(sc, SUN8I_CRYPTO_RNGBYTES, &rng->cr_buf); 876 if (error) 877 goto fail0; 878 879 /* Create a task to reuse. */ 880 rng->cr_task = sun8i_crypto_task_get(sc, sun8i_crypto_rng_done, rng); 881 if (rng->cr_task == NULL) 882 goto fail1; 883 884 /* 885 * Attach the rndsource. This is _not_ marked as RND_TYPE_RNG 886 * because the output is not uniformly distributed. The bits 887 * are heavily weighted toward 0 or 1, at different times, and 888 * I haven't scienced a satisfactory story out of it yet. 889 */ 890 rndsource_setcb(&rng->cr_rndsource, sun8i_crypto_rng_get, sc); 891 rnd_attach_source(&rng->cr_rndsource, device_xname(self), 892 RND_TYPE_UNKNOWN, 893 RND_FLAG_COLLECT_VALUE|RND_FLAG_ESTIMATE_VALUE|RND_FLAG_HASCB); 894 895 /* Success! */ 896 return; 897 898 fail2: __unused 899 sun8i_crypto_task_put(sc, rng->cr_task); 900 fail1: sun8i_crypto_freebuf(sc, SUN8I_CRYPTO_RNGBYTES, &rng->cr_buf); 901 fail0: aprint_error_dev(self, "failed to set up RNG, error=%d\n", error); 902 } 903 904 static void 905 sun8i_crypto_rng_get(size_t nbytes, void *cookie) 906 { 907 struct sun8i_crypto_softc *sc = cookie; 908 struct sun8i_crypto_rng *rng = &sc->sc_rng; 909 bool pending; 910 int error; 911 912 /* 913 * Test and set the RNG-pending flag. If it's already in 914 * progress, nothing to do here. 915 */ 916 mutex_enter(&sc->sc_lock); 917 pending = rng->cr_pending; 918 rng->cr_pending = true; 919 mutex_exit(&sc->sc_lock); 920 if (pending) 921 return; 922 923 /* Prepare for a DMA read into the buffer. */ 924 bus_dmamap_sync(sc->sc_dmat, rng->cr_buf.cb_map, 925 0, SUN8I_CRYPTO_RNGBYTES, BUS_DMASYNC_PREREAD); 926 927 /* Set the task up for TRNG to our buffer. */ 928 sun8i_crypto_task_reset(rng->cr_task); 929 sun8i_crypto_task_set_output(rng->cr_task, rng->cr_buf.cb_map); 930 931 /* Submit the TRNG task. */ 932 error = sun8i_crypto_submit_trng(sc, rng->cr_task, 933 SUN8I_CRYPTO_RNGBYTES); 934 if (error) 935 goto fail; 936 937 /* All done! */ 938 return; 939 940 fail: mutex_enter(&sc->sc_lock); 941 rng->cr_pending = false; 942 mutex_exit(&sc->sc_lock); 943 } 944 945 static void 946 sun8i_crypto_rng_done(struct sun8i_crypto_softc *sc, 947 struct sun8i_crypto_task *task, void *cookie, int error) 948 { 949 struct sun8i_crypto_rng *rng = cookie; 950 uint8_t *buf = rng->cr_buf.cb_kva; 951 uint32_t entropybits; 952 953 KASSERT(rng == &sc->sc_rng); 954 955 /* Finished the DMA read into the buffer. */ 956 bus_dmamap_sync(sc->sc_dmat, rng->cr_buf.cb_map, 957 0, SUN8I_CRYPTO_RNGBYTES, BUS_DMASYNC_POSTREAD); 958 959 /* If anything went wrong, forget about it. */ 960 if (error) 961 goto out; 962 963 /* 964 * This TRNG has quite low entropy at best. But if it fails a 965 * repeated output test, then assume it's busted. 966 */ 967 CTASSERT(SUN8I_CRYPTO_RNGBYTES <= UINT32_MAX/NBBY); 968 entropybits = (NBBY*SUN8I_CRYPTO_RNGBYTES)/SUN8I_CRYPTO_RNGENTROPY; 969 if (consttime_memequal(buf, buf + SUN8I_CRYPTO_RNGBYTES/2, 970 SUN8I_CRYPTO_RNGBYTES/2)) { 971 device_printf(sc->sc_dev, "failed repeated output test\n"); 972 entropybits = 0; 973 } 974 975 /* 976 * Actually we don't believe in any of the entropy until this 977 * device has had more scrutiny. 978 */ 979 entropybits = 0; 980 981 /* Success! Enter and erase the data. */ 982 rnd_add_data(&rng->cr_rndsource, buf, SUN8I_CRYPTO_RNGBYTES, 983 entropybits); 984 explicit_memset(buf, 0, SUN8I_CRYPTO_RNGBYTES); 985 986 out: /* Done -- clear the RNG-pending flag. */ 987 mutex_enter(&sc->sc_lock); 988 rng->cr_pending = false; 989 mutex_exit(&sc->sc_lock); 990 } 991 992 /* 993 * Self-test 994 */ 995 996 static const uint8_t selftest_input[16]; 997 static const uint8_t selftest_key[16]; 998 static const uint8_t selftest_output[16] = { 999 0x66,0xe9,0x4b,0xd4,0xef,0x8a,0x2c,0x3b, 1000 0x88,0x4c,0xfa,0x59,0xca,0x34,0x2b,0x2e, 1001 }; 1002 1003 static void 1004 sun8i_crypto_selftest(device_t self) 1005 { 1006 const size_t datalen = sizeof selftest_input; 1007 struct sun8i_crypto_softc *sc = device_private(self); 1008 struct sun8i_crypto_selftest *selftest = &sc->sc_selftest; 1009 int error; 1010 1011 CTASSERT(sizeof selftest_input == sizeof selftest_output); 1012 1013 /* Allocate an input buffer. */ 1014 error = sun8i_crypto_allocbuf(sc, sizeof selftest_input, 1015 &selftest->cs_in); 1016 if (error) 1017 goto fail0; 1018 1019 /* Allocate a key buffer. */ 1020 error = sun8i_crypto_allocbuf(sc, sizeof selftest_key, 1021 &selftest->cs_key); 1022 if (error) 1023 goto fail1; 1024 1025 /* Allocate an output buffer. */ 1026 error = sun8i_crypto_allocbuf(sc, sizeof selftest_output, 1027 &selftest->cs_out); 1028 if (error) 1029 goto fail2; 1030 1031 /* Allocate a task descriptor. */ 1032 selftest->cs_task = sun8i_crypto_task_get(sc, 1033 sun8i_crypto_selftest_done, selftest); 1034 if (selftest->cs_task == NULL) 1035 goto fail3; 1036 1037 /* Copy the input and key into their buffers. */ 1038 memcpy(selftest->cs_in.cb_kva, selftest_input, sizeof selftest_input); 1039 memcpy(selftest->cs_key.cb_kva, selftest_key, sizeof selftest_key); 1040 1041 /* Prepare for a DMA write from the input and key buffers. */ 1042 bus_dmamap_sync(sc->sc_dmat, selftest->cs_in.cb_map, 0, 1043 sizeof selftest_input, BUS_DMASYNC_PREWRITE); 1044 bus_dmamap_sync(sc->sc_dmat, selftest->cs_key.cb_map, 0, 1045 sizeof selftest_key, BUS_DMASYNC_PREWRITE); 1046 1047 /* Prepare for a DMA read into the output buffer. */ 1048 bus_dmamap_sync(sc->sc_dmat, selftest->cs_out.cb_map, 0, 1049 sizeof selftest_output, BUS_DMASYNC_PREREAD); 1050 1051 /* Set up the task descriptor. */ 1052 sun8i_crypto_task_reset(selftest->cs_task); 1053 sun8i_crypto_task_set_key(selftest->cs_task, selftest->cs_key.cb_map); 1054 sun8i_crypto_task_set_input(selftest->cs_task, selftest->cs_in.cb_map); 1055 sun8i_crypto_task_set_output(selftest->cs_task, 1056 selftest->cs_out.cb_map); 1057 1058 /* Submit the AES-128 ECB task. */ 1059 error = sun8i_crypto_submit_aesecb(sc, selftest->cs_task, datalen, 1060 SUN8I_CRYPTO_TDQS_AES_KEYSIZE_128, SUN8I_CRYPTO_TDQC_OP_DIR_ENC); 1061 if (error) 1062 goto fail4; 1063 1064 device_printf(sc->sc_dev, "AES-128 self-test initiated\n"); 1065 1066 /* Success! */ 1067 return; 1068 1069 fail4: sun8i_crypto_task_put(sc, selftest->cs_task); 1070 fail3: sun8i_crypto_freebuf(sc, sizeof selftest_output, &selftest->cs_out); 1071 fail2: sun8i_crypto_freebuf(sc, sizeof selftest_key, &selftest->cs_key); 1072 fail1: sun8i_crypto_freebuf(sc, sizeof selftest_input, &selftest->cs_in); 1073 fail0: aprint_error_dev(self, "failed to run self-test, error=%d\n", error); 1074 } 1075 1076 static bool 1077 sun8i_crypto_selftest_check(struct sun8i_crypto_softc *sc, const char *title, 1078 size_t n, const void *expected, const void *actual) 1079 { 1080 const uint8_t *e = expected; 1081 const uint8_t *a = actual; 1082 size_t i; 1083 1084 if (memcmp(e, a, n) == 0) 1085 return true; 1086 1087 device_printf(sc->sc_dev, "self-test: %s\n", title); 1088 printf("expected: "); 1089 for (i = 0; i < n; i++) 1090 printf("%02hhx", e[i]); 1091 printf("\n"); 1092 printf("actual: "); 1093 for (i = 0; i < n; i++) 1094 printf("%02hhx", a[i]); 1095 printf("\n"); 1096 return false; 1097 } 1098 1099 static void 1100 sun8i_crypto_selftest_done(struct sun8i_crypto_softc *sc, 1101 struct sun8i_crypto_task *task, void *cookie, int error) 1102 { 1103 struct sun8i_crypto_selftest *selftest = cookie; 1104 bool ok = true; 1105 1106 KASSERT(selftest == &sc->sc_selftest); 1107 1108 /* 1109 * Finished the DMA read into the output buffer, and finished 1110 * the DMA writes from the key buffer and input buffer. 1111 */ 1112 bus_dmamap_sync(sc->sc_dmat, selftest->cs_out.cb_map, 0, 1113 sizeof selftest_output, BUS_DMASYNC_POSTREAD); 1114 bus_dmamap_sync(sc->sc_dmat, selftest->cs_key.cb_map, 0, 1115 sizeof selftest_key, BUS_DMASYNC_POSTWRITE); 1116 bus_dmamap_sync(sc->sc_dmat, selftest->cs_in.cb_map, 0, 1117 sizeof selftest_input, BUS_DMASYNC_POSTWRITE); 1118 1119 /* If anything went wrong, fail now. */ 1120 if (error) { 1121 device_printf(sc->sc_dev, "self-test error=%d\n", error); 1122 goto out; 1123 } 1124 1125 /* 1126 * Verify the input and key weren't clobbered, and verify the 1127 * output matches what we expect. 1128 */ 1129 ok &= sun8i_crypto_selftest_check(sc, "input clobbered", 1130 sizeof selftest_input, selftest_input, selftest->cs_in.cb_kva); 1131 ok &= sun8i_crypto_selftest_check(sc, "key clobbered", 1132 sizeof selftest_key, selftest_key, selftest->cs_key.cb_kva); 1133 ok &= sun8i_crypto_selftest_check(sc, "output mismatch", 1134 sizeof selftest_output, selftest_output, selftest->cs_out.cb_kva); 1135 1136 /* XXX Disable the RNG and other stuff if this fails... */ 1137 if (ok) 1138 device_printf(sc->sc_dev, "AES-128 self-test passed\n"); 1139 1140 out: sun8i_crypto_task_put(sc, task); 1141 sun8i_crypto_freebuf(sc, sizeof selftest_output, &selftest->cs_out); 1142 sun8i_crypto_freebuf(sc, sizeof selftest_key, &selftest->cs_key); 1143 sun8i_crypto_freebuf(sc, sizeof selftest_input, &selftest->cs_in); 1144 } 1145 1146 /* 1147 * Sysctl for testing 1148 */ 1149 1150 struct sun8i_crypto_userreq { 1151 kmutex_t cu_lock; 1152 kcondvar_t cu_cv; 1153 size_t cu_size; 1154 struct sun8i_crypto_buf cu_buf; 1155 struct sun8i_crypto_task *cu_task; 1156 int cu_error; 1157 bool cu_done; 1158 bool cu_cancel; 1159 }; 1160 1161 static void 1162 sun8i_crypto_sysctl_attach(struct sun8i_crypto_softc *sc) 1163 { 1164 struct sun8i_crypto_sysctl *cy = &sc->sc_sysctl; 1165 int error; 1166 1167 /* hw.sun8icryptoN (node) */ 1168 error = sysctl_createv(&cy->cy_log, 0, NULL, &cy->cy_root_node, 1169 CTLFLAG_PERMANENT, CTLTYPE_NODE, device_xname(sc->sc_dev), 1170 SYSCTL_DESCR("sun8i crypto engine knobs"), 1171 NULL, 0, NULL, 0, 1172 CTL_HW, CTL_CREATE, CTL_EOL); 1173 if (error) { 1174 aprint_error_dev(sc->sc_dev, 1175 "failed to set up sysctl hw.%s: %d\n", 1176 device_xname(sc->sc_dev), error); 1177 return; 1178 } 1179 1180 /* hw.sun8icryptoN.rng (`struct', 4096-byte array) */ 1181 sysctl_createv(&cy->cy_log, 0, &cy->cy_root_node, &cy->cy_trng_node, 1182 CTLFLAG_PERMANENT|CTLFLAG_READONLY|CTLFLAG_PRIVATE, CTLTYPE_STRUCT, 1183 "rng", SYSCTL_DESCR("Read up to 4096 bytes out of the TRNG"), 1184 &sun8i_crypto_sysctl_rng, 0, sc, 0, CTL_CREATE, CTL_EOL); 1185 if (error) { 1186 aprint_error_dev(sc->sc_dev, 1187 "failed to set up sysctl hw.%s.rng: %d\n", 1188 device_xname(sc->sc_dev), error); 1189 return; 1190 } 1191 } 1192 1193 static int 1194 sun8i_crypto_sysctl_rng(SYSCTLFN_ARGS) 1195 { 1196 struct sysctlnode node = *rnode; 1197 struct sun8i_crypto_softc *sc = node.sysctl_data; 1198 struct sun8i_crypto_userreq *req; 1199 size_t size; 1200 int error; 1201 1202 /* If oldp == NULL, the caller wants to learn the size. */ 1203 if (oldp == NULL) { 1204 *oldlenp = 4096; 1205 return 0; 1206 } 1207 1208 /* Verify the output buffer size is reasonable. */ 1209 size = *oldlenp; 1210 if (size > 4096) /* size_t, so never negative */ 1211 return E2BIG; 1212 if (size == 0) 1213 return 0; /* nothing to do */ 1214 1215 /* Allocate a request context. */ 1216 req = kmem_alloc(sizeof(*req), KM_NOSLEEP); 1217 if (req == NULL) 1218 return ENOMEM; 1219 1220 /* Initialize the request context. */ 1221 mutex_init(&req->cu_lock, MUTEX_DEFAULT, IPL_NONE); 1222 cv_init(&req->cu_cv, "sun8isy"); 1223 req->cu_size = size; 1224 req->cu_error = EIO; 1225 req->cu_done = false; 1226 req->cu_cancel = false; 1227 1228 /* Allocate a buffer for the RNG output. */ 1229 error = sun8i_crypto_allocbuf(sc, size, &req->cu_buf); 1230 if (error) 1231 goto out0; 1232 1233 /* Allocate a task. */ 1234 req->cu_task = sun8i_crypto_task_get(sc, sun8i_crypto_sysctl_rng_done, 1235 req); 1236 if (req->cu_task == NULL) 1237 goto out1; 1238 1239 /* Prepare for a DMA read into the buffer. */ 1240 bus_dmamap_sync(sc->sc_dmat, req->cu_buf.cb_map, 0, size, 1241 BUS_DMASYNC_PREREAD); 1242 1243 /* Set the task up for TRNG to our buffer. */ 1244 sun8i_crypto_task_reset(req->cu_task); 1245 sun8i_crypto_task_set_output(req->cu_task, req->cu_buf.cb_map); 1246 1247 /* Submit the TRNG task. */ 1248 error = sun8i_crypto_submit_trng(sc, req->cu_task, size); 1249 if (error) { 1250 if (error == ERESTART) 1251 error = EBUSY; 1252 goto out2; 1253 } 1254 1255 /* Wait for the request to complete. */ 1256 mutex_enter(&req->cu_lock); 1257 while (!req->cu_done) { 1258 error = cv_wait_sig(&req->cu_cv, &req->cu_lock); 1259 if (error) { 1260 /* 1261 * If we finished while waiting to acquire the 1262 * lock, ignore the error and just return now. 1263 * Otherwise, notify the callback that it has 1264 * to clean up after us. 1265 */ 1266 if (req->cu_done) 1267 error = 0; 1268 else 1269 req->cu_cancel = true; 1270 break; 1271 } 1272 } 1273 mutex_exit(&req->cu_lock); 1274 1275 /* 1276 * Return early on error from cv_wait_sig, which means 1277 * interruption; the callback will clean up instead. 1278 */ 1279 if (error) 1280 return error; 1281 1282 /* Check for error from the device. */ 1283 error = req->cu_error; 1284 if (error) 1285 goto out2; 1286 1287 /* Finished the DMA read into the buffer. */ 1288 bus_dmamap_sync(sc->sc_dmat, req->cu_buf.cb_map, 0, req->cu_size, 1289 BUS_DMASYNC_POSTREAD); 1290 1291 /* Copy out the data. */ 1292 node.sysctl_data = req->cu_buf.cb_kva; 1293 node.sysctl_size = size; 1294 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1295 1296 /* Clear the buffer. */ 1297 explicit_memset(req->cu_buf.cb_kva, 0, size); 1298 1299 /* Clean up. */ 1300 out2: sun8i_crypto_task_put(sc, req->cu_task); 1301 out1: sun8i_crypto_freebuf(sc, req->cu_size, &req->cu_buf); 1302 out0: cv_destroy(&req->cu_cv); 1303 mutex_destroy(&req->cu_lock); 1304 kmem_free(req, sizeof(*req)); 1305 return error; 1306 } 1307 1308 static void 1309 sun8i_crypto_sysctl_rng_done(struct sun8i_crypto_softc *sc, 1310 struct sun8i_crypto_task *task, void *cookie, int error) 1311 { 1312 struct sun8i_crypto_userreq *req = cookie; 1313 bool cancel; 1314 1315 /* 1316 * Notify the waiting thread of the error, and find out whether 1317 * that thread cancelled. 1318 */ 1319 mutex_enter(&req->cu_lock); 1320 cancel = req->cu_cancel; 1321 req->cu_error = error; 1322 req->cu_done = true; 1323 cv_broadcast(&req->cu_cv); 1324 mutex_exit(&req->cu_lock); 1325 1326 /* 1327 * If it wasn't cancelled, we're done -- the main thread will 1328 * clean up after itself. 1329 */ 1330 if (!cancel) 1331 return; 1332 1333 /* Clean up after the main thread cancelled. */ 1334 sun8i_crypto_task_put(sc, req->cu_task); 1335 sun8i_crypto_freebuf(sc, req->cu_size, &req->cu_buf); 1336 cv_destroy(&req->cu_cv); 1337 mutex_destroy(&req->cu_lock); 1338 kmem_free(req, sizeof(*req)); 1339 } 1340
Indexes created Mon Oct 27 08:10:08 GMT 2025