1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2019 Fuzhou Rockchip Electronics Co., Ltd 4 */ 5 6 #include <common.h> 7 #include <clk.h> 8 #include <crypto.h> 9 #include <dm.h> 10 #include <asm/io.h> 11 #include <asm/arch/hardware.h> 12 #include <asm/arch/clock.h> 13 #include <rockchip/crypto_hash_cache.h> 14 #include <rockchip/crypto_v2.h> 15 #include <rockchip/crypto_v2_pka.h> 16 17 #define RK_HASH_CTX_MAGIC 0x1A1A1A1A 18 19 #define CRYPTO_TRNG_MAX 32 20 21 enum endian_mode { 22 BIG_ENDIAN = 0, 23 LITTLE_ENDIAN 24 }; 25 26 enum clk_type { 27 CLK = 0, 28 HCLK 29 }; 30 31 struct crypto_lli_desc { 32 u32 src_addr; 33 u32 src_len; 34 u32 dst_addr; 35 u32 dst_len; 36 u32 user_define; 37 u32 reserve; 38 u32 dma_ctrl; 39 u32 next_addr; 40 }; 41 42 struct rk_hash_ctx { 43 struct crypto_lli_desc data_lli; /* lli desc */ 44 struct crypto_hash_cache *hash_cache; 45 u32 magic; /* to check ctx */ 46 u32 algo; /* hash algo */ 47 u8 digest_size; /* hash out length */ 48 u8 reserved[3]; 49 }; 50 51 struct rockchip_crypto_priv { 52 fdt_addr_t reg; 53 struct clk clk; 54 u32 frequency; 55 char *clocks; 56 u32 *frequencies; 57 u32 nclocks; 58 u32 length; 59 struct rk_hash_ctx *hw_ctx; 60 }; 61 62 #define LLI_ADDR_ALIGIN_SIZE 8 63 #define DATA_ADDR_ALIGIN_SIZE 8 64 #define DATA_LEN_ALIGIN_SIZE 64 65 66 /* crypto timeout 500ms, must support more than 32M data per times*/ 67 #define HASH_UPDATE_LIMIT (32 * 1024 * 1024) 68 #define RK_CRYPTO_TIME_OUT 500000 69 70 #define RK_WHILE_TIME_OUT(condition, timeout, ret) { \ 71 u32 time_out = timeout; \ 72 ret = 0; \ 73 while (condition) { \ 74 if (time_out-- == 0) { \ 75 debug("[%s] %d: time out!\n", __func__,\ 76 __LINE__); \ 77 ret = -ETIME; \ 78 break; \ 79 } \ 80 udelay(1); \ 81 } \ 82 } while (0) 83 84 typedef u32 paddr_t; 85 #define virt_to_phys(addr) (((unsigned long)addr) & 0xffffffff) 86 #define phys_to_virt(addr, area) ((unsigned long)addr) 87 88 fdt_addr_t crypto_base; 89 90 static void word2byte(u32 word, u8 *ch, u32 endian) 91 { 92 /* 0: Big-Endian 1: Little-Endian */ 93 if (endian == BIG_ENDIAN) { 94 ch[0] = (word >> 24) & 0xff; 95 ch[1] = (word >> 16) & 0xff; 96 ch[2] = (word >> 8) & 0xff; 97 ch[3] = (word >> 0) & 0xff; 98 } else if (endian == LITTLE_ENDIAN) { 99 ch[0] = (word >> 0) & 0xff; 100 ch[1] = (word >> 8) & 0xff; 101 ch[2] = (word >> 16) & 0xff; 102 ch[3] = (word >> 24) & 0xff; 103 } else { 104 ch[0] = 0; 105 ch[1] = 0; 106 ch[2] = 0; 107 ch[3] = 0; 108 } 109 } 110 111 static inline void clear_hash_out_reg(void) 112 { 113 int i; 114 115 /*clear out register*/ 116 for (i = 0; i < 16; i++) 117 crypto_write(0, CRYPTO_HASH_DOUT_0 + 4 * i); 118 } 119 120 static int hw_crypto_reset(void) 121 { 122 u32 tmp = 0, tmp_mask = 0; 123 int ret; 124 125 tmp = CRYPTO_SW_PKA_RESET | CRYPTO_SW_CC_RESET; 126 tmp_mask = tmp << CRYPTO_WRITE_MASK_SHIFT; 127 128 /* reset pka and crypto modules*/ 129 crypto_write(tmp | tmp_mask, CRYPTO_RST_CTL); 130 131 /* wait reset compelete */ 132 RK_WHILE_TIME_OUT(crypto_read(CRYPTO_RST_CTL), 133 RK_CRYPTO_TIME_OUT, ret); 134 return ret; 135 } 136 137 static void hw_hash_clean_ctx(struct rk_hash_ctx *ctx) 138 { 139 /* clear hash status */ 140 crypto_write(CRYPTO_WRITE_MASK_ALL | 0, CRYPTO_HASH_CTL); 141 142 assert(ctx); 143 assert(ctx->magic == RK_HASH_CTX_MAGIC); 144 145 crypto_hash_cache_free(ctx->hash_cache); 146 147 memset(ctx, 0x00, sizeof(*ctx)); 148 } 149 150 static int rk_hash_init(void *hw_ctx, u32 algo) 151 { 152 struct rk_hash_ctx *tmp_ctx = (struct rk_hash_ctx *)hw_ctx; 153 u32 reg_ctrl = 0; 154 int ret; 155 156 if (!tmp_ctx) 157 return -EINVAL; 158 159 reg_ctrl = CRYPTO_SW_CC_RESET; 160 crypto_write(reg_ctrl | (reg_ctrl << CRYPTO_WRITE_MASK_SHIFT), 161 CRYPTO_RST_CTL); 162 163 /* wait reset compelete */ 164 RK_WHILE_TIME_OUT(crypto_read(CRYPTO_RST_CTL), 165 RK_CRYPTO_TIME_OUT, ret); 166 167 reg_ctrl = 0; 168 tmp_ctx->algo = algo; 169 switch (algo) { 170 case CRYPTO_MD5: 171 reg_ctrl |= CRYPTO_MODE_MD5; 172 tmp_ctx->digest_size = 16; 173 break; 174 case CRYPTO_SHA1: 175 reg_ctrl |= CRYPTO_MODE_SHA1; 176 tmp_ctx->digest_size = 20; 177 break; 178 case CRYPTO_SHA256: 179 reg_ctrl |= CRYPTO_MODE_SHA256; 180 tmp_ctx->digest_size = 32; 181 break; 182 case CRYPTO_SHA512: 183 reg_ctrl |= CRYPTO_MODE_SHA512; 184 tmp_ctx->digest_size = 64; 185 break; 186 187 default: 188 ret = -EINVAL; 189 goto exit; 190 } 191 192 clear_hash_out_reg(); 193 194 /* enable hardware padding */ 195 reg_ctrl |= CRYPTO_HW_PAD_ENABLE; 196 crypto_write(reg_ctrl | CRYPTO_WRITE_MASK_ALL, CRYPTO_HASH_CTL); 197 198 /* FIFO input and output data byte swap */ 199 /* such as B0, B1, B2, B3 -> B3, B2, B1, B0 */ 200 reg_ctrl = CRYPTO_DOUT_BYTESWAP | CRYPTO_DOIN_BYTESWAP; 201 crypto_write(reg_ctrl | CRYPTO_WRITE_MASK_ALL, CRYPTO_FIFO_CTL); 202 203 /* enable src_item_done interrupt */ 204 crypto_write(CRYPTO_SRC_ITEM_INT_EN, CRYPTO_DMA_INT_EN); 205 206 tmp_ctx->magic = RK_HASH_CTX_MAGIC; 207 208 return 0; 209 exit: 210 /* clear hash setting if init failed */ 211 crypto_write(CRYPTO_WRITE_MASK_ALL | 0, CRYPTO_HASH_CTL); 212 213 return ret; 214 } 215 216 static int rk_hash_direct_calc(void *hw_data, const u8 *data, 217 u32 data_len, u8 *started_flag, u8 is_last) 218 { 219 struct rockchip_crypto_priv *priv = hw_data; 220 struct rk_hash_ctx *hash_ctx = priv->hw_ctx; 221 struct crypto_lli_desc *lli = &hash_ctx->data_lli; 222 int ret = -EINVAL; 223 u32 tmp = 0, mask = 0; 224 225 assert(IS_ALIGNED((ulong)data, DATA_ADDR_ALIGIN_SIZE)); 226 assert(is_last || IS_ALIGNED(data_len, DATA_LEN_ALIGIN_SIZE)); 227 228 debug("%s: data = %p, len = %u, s = %x, l = %x\n", 229 __func__, data, data_len, *started_flag, is_last); 230 231 memset(lli, 0x00, sizeof(*lli)); 232 lli->src_addr = (u32)virt_to_phys(data); 233 lli->src_len = data_len; 234 lli->dma_ctrl = LLI_DMA_CTRL_SRC_DONE; 235 236 if (is_last) { 237 lli->user_define |= LLI_USER_STRING_LAST; 238 lli->dma_ctrl |= LLI_DMA_CTRL_LAST; 239 } else { 240 lli->next_addr = (u32)virt_to_phys(lli); 241 lli->dma_ctrl |= LLI_DMA_CTRL_PAUSE; 242 } 243 244 if (!(*started_flag)) { 245 lli->user_define |= 246 (LLI_USER_STRING_START | LLI_USER_CPIHER_START); 247 crypto_write((u32)virt_to_phys(lli), CRYPTO_DMA_LLI_ADDR); 248 crypto_write((CRYPTO_HASH_ENABLE << CRYPTO_WRITE_MASK_SHIFT) | 249 CRYPTO_HASH_ENABLE, CRYPTO_HASH_CTL); 250 tmp = CRYPTO_DMA_START; 251 *started_flag = 1; 252 } else { 253 tmp = CRYPTO_DMA_RESTART; 254 } 255 256 /* flush cache */ 257 crypto_flush_cacheline((ulong)lli, sizeof(*lli)); 258 crypto_flush_cacheline((ulong)data, data_len); 259 260 /* start calculate */ 261 crypto_write(tmp << CRYPTO_WRITE_MASK_SHIFT | tmp, 262 CRYPTO_DMA_CTL); 263 264 /* mask CRYPTO_SYNC_LOCKSTEP_INT_ST flag */ 265 mask = ~(mask | CRYPTO_SYNC_LOCKSTEP_INT_ST); 266 267 /* wait calc ok */ 268 RK_WHILE_TIME_OUT(!(crypto_read(CRYPTO_DMA_INT_ST) & mask), 269 RK_CRYPTO_TIME_OUT, ret); 270 271 /* clear interrupt status */ 272 tmp = crypto_read(CRYPTO_DMA_INT_ST); 273 crypto_write(tmp, CRYPTO_DMA_INT_ST); 274 275 if (tmp != CRYPTO_SRC_ITEM_DONE_INT_ST && 276 tmp != CRYPTO_ZERO_LEN_INT_ST) { 277 debug("[%s] %d: CRYPTO_DMA_INT_ST = 0x%x\n", 278 __func__, __LINE__, tmp); 279 goto exit; 280 } 281 282 priv->length += data_len; 283 exit: 284 return ret; 285 } 286 287 int rk_hash_update(void *ctx, const u8 *data, u32 data_len) 288 { 289 struct rk_hash_ctx *tmp_ctx = (struct rk_hash_ctx *)ctx; 290 int ret = -EINVAL; 291 292 debug("\n"); 293 if (!tmp_ctx || !data) 294 goto exit; 295 296 if (tmp_ctx->digest_size == 0 || tmp_ctx->magic != RK_HASH_CTX_MAGIC) 297 goto exit; 298 299 ret = crypto_hash_update_with_cache(tmp_ctx->hash_cache, 300 data, data_len); 301 302 exit: 303 /* free lli list */ 304 if (ret) 305 hw_hash_clean_ctx(tmp_ctx); 306 307 return ret; 308 } 309 310 int rk_hash_final(void *ctx, u8 *digest, size_t len) 311 { 312 struct rk_hash_ctx *tmp_ctx = (struct rk_hash_ctx *)ctx; 313 int ret = -EINVAL; 314 u32 i; 315 316 if (!digest) 317 goto exit; 318 319 if (!tmp_ctx || 320 tmp_ctx->digest_size == 0 || 321 len > tmp_ctx->digest_size || 322 tmp_ctx->magic != RK_HASH_CTX_MAGIC) { 323 goto exit; 324 } 325 326 /* wait hash value ok */ 327 RK_WHILE_TIME_OUT(!crypto_read(CRYPTO_HASH_VALID), 328 RK_CRYPTO_TIME_OUT, ret); 329 330 for (i = 0; i < len / 4; i++) 331 word2byte(crypto_read(CRYPTO_HASH_DOUT_0 + i * 4), 332 digest + i * 4, BIG_ENDIAN); 333 334 if (len % 4) { 335 u8 tmp_buf[4]; 336 337 word2byte(crypto_read(CRYPTO_HASH_DOUT_0 + i * 4), 338 tmp_buf, BIG_ENDIAN); 339 memcpy(digest + i * 4, tmp_buf, len % 4); 340 } 341 342 /* clear hash status */ 343 crypto_write(CRYPTO_HASH_IS_VALID, CRYPTO_HASH_VALID); 344 crypto_write(CRYPTO_WRITE_MASK_ALL | 0, CRYPTO_HASH_CTL); 345 346 exit: 347 348 return ret; 349 } 350 351 static u32 rockchip_crypto_capability(struct udevice *dev) 352 { 353 u32 val = 0; 354 355 val = CRYPTO_MD5 | 356 CRYPTO_SHA1 | 357 CRYPTO_SHA256 | 358 #if !defined(CONFIG_ROCKCHIP_RK1808) 359 CRYPTO_SHA512 | 360 #endif 361 CRYPTO_RSA512 | 362 CRYPTO_RSA1024 | 363 CRYPTO_RSA2048 | 364 CRYPTO_RSA3072 | 365 CRYPTO_RSA4096; 366 367 return val; 368 } 369 370 static int rockchip_crypto_sha_init(struct udevice *dev, sha_context *ctx) 371 { 372 struct rockchip_crypto_priv *priv = dev_get_priv(dev); 373 struct rk_hash_ctx *hash_ctx = priv->hw_ctx; 374 375 if (!ctx) 376 return -EINVAL; 377 378 memset(hash_ctx, 0x00, sizeof(*hash_ctx)); 379 380 priv->length = 0; 381 382 hash_ctx->hash_cache = crypto_hash_cache_alloc(rk_hash_direct_calc, 383 priv, ctx->length, 384 DATA_ADDR_ALIGIN_SIZE, 385 DATA_LEN_ALIGIN_SIZE); 386 if (!hash_ctx->hash_cache) 387 return -EFAULT; 388 389 return rk_hash_init(hash_ctx, ctx->algo); 390 } 391 392 static int rockchip_crypto_sha_update(struct udevice *dev, 393 u32 *input, u32 len) 394 { 395 struct rockchip_crypto_priv *priv = dev_get_priv(dev); 396 int ret, i; 397 u8 *p; 398 399 if (!len) 400 return -EINVAL; 401 402 p = (u8 *)input; 403 404 for (i = 0; i < len / HASH_UPDATE_LIMIT; i++, p += HASH_UPDATE_LIMIT) { 405 ret = rk_hash_update(priv->hw_ctx, p, HASH_UPDATE_LIMIT); 406 if (ret) 407 goto exit; 408 } 409 410 if (len % HASH_UPDATE_LIMIT) 411 ret = rk_hash_update(priv->hw_ctx, p, len % HASH_UPDATE_LIMIT); 412 413 exit: 414 return ret; 415 } 416 417 static int rockchip_crypto_sha_final(struct udevice *dev, 418 sha_context *ctx, u8 *output) 419 { 420 struct rockchip_crypto_priv *priv = dev_get_priv(dev); 421 u32 nbits; 422 int ret; 423 424 nbits = crypto_algo_nbits(ctx->algo); 425 426 if (priv->length != ctx->length) { 427 printf("total length(0x%08x) != init length(0x%08x)!\n", 428 priv->length, ctx->length); 429 ret = -EIO; 430 goto exit; 431 } 432 433 ret = rk_hash_final(priv->hw_ctx, (u8 *)output, BITS2BYTE(nbits)); 434 435 exit: 436 hw_hash_clean_ctx(priv->hw_ctx); 437 return ret; 438 } 439 440 #if CONFIG_IS_ENABLED(ROCKCHIP_RSA) 441 static int rockchip_crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, 442 u8 *sign, u8 *output) 443 { 444 struct mpa_num *mpa_m = NULL, *mpa_e = NULL, *mpa_n = NULL; 445 struct mpa_num *mpa_c = NULL, *mpa_result = NULL; 446 u32 n_bits, n_words; 447 u32 *rsa_result; 448 int ret; 449 450 if (!ctx) 451 return -EINVAL; 452 453 if (ctx->algo != CRYPTO_RSA512 && 454 ctx->algo != CRYPTO_RSA1024 && 455 ctx->algo != CRYPTO_RSA2048 && 456 ctx->algo != CRYPTO_RSA3072 && 457 ctx->algo != CRYPTO_RSA4096) 458 return -EINVAL; 459 460 n_bits = crypto_algo_nbits(ctx->algo); 461 n_words = BITS2WORD(n_bits); 462 463 rsa_result = malloc(BITS2BYTE(n_bits)); 464 if (!rsa_result) 465 return -ENOMEM; 466 467 memset(rsa_result, 0x00, BITS2BYTE(n_bits)); 468 469 ret = rk_mpa_alloc(&mpa_m); 470 ret |= rk_mpa_alloc(&mpa_e); 471 ret |= rk_mpa_alloc(&mpa_n); 472 ret |= rk_mpa_alloc(&mpa_c); 473 ret |= rk_mpa_alloc(&mpa_result); 474 if (ret) 475 goto exit; 476 477 mpa_m->d = (void *)sign; 478 mpa_e->d = (void *)ctx->e; 479 mpa_n->d = (void *)ctx->n; 480 mpa_c->d = (void *)ctx->c; 481 mpa_result->d = (void *)rsa_result; 482 483 mpa_m->size = n_words; 484 mpa_e->size = n_words; 485 mpa_n->size = n_words; 486 mpa_c->size = n_words; 487 mpa_result->size = n_words; 488 489 ret = rk_exptmod_np(mpa_m, mpa_e, mpa_n, mpa_c, mpa_result); 490 if (!ret) 491 memcpy(output, rsa_result, BITS2BYTE(n_bits)); 492 493 exit: 494 free(rsa_result); 495 rk_mpa_free(&mpa_m); 496 rk_mpa_free(&mpa_e); 497 rk_mpa_free(&mpa_n); 498 rk_mpa_free(&mpa_c); 499 rk_mpa_free(&mpa_result); 500 501 return ret; 502 } 503 #else 504 static int rockchip_crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, 505 u8 *sign, u8 *output) 506 { 507 return -ENOSYS; 508 } 509 #endif 510 511 static const struct dm_crypto_ops rockchip_crypto_ops = { 512 .capability = rockchip_crypto_capability, 513 .sha_init = rockchip_crypto_sha_init, 514 .sha_update = rockchip_crypto_sha_update, 515 .sha_final = rockchip_crypto_sha_final, 516 .rsa_verify = rockchip_crypto_rsa_verify, 517 }; 518 519 /* 520 * Only use "clocks" to parse crypto clock id and use rockchip_get_clk(). 521 * Because we always add crypto node in U-Boot dts, when kernel dtb enabled : 522 * 523 * 1. There is cru phandle mismatch between U-Boot and kernel dtb; 524 * 2. CONFIG_OF_SPL_REMOVE_PROPS removes clock property; 525 */ 526 static int rockchip_crypto_ofdata_to_platdata(struct udevice *dev) 527 { 528 struct rockchip_crypto_priv *priv = dev_get_priv(dev); 529 int len, ret = -EINVAL; 530 531 if (!dev_read_prop(dev, "clocks", &len)) { 532 printf("Can't find \"clocks\" property\n"); 533 return -EINVAL; 534 } 535 536 memset(priv, 0x00, sizeof(*priv)); 537 priv->clocks = malloc(len); 538 if (!priv->clocks) 539 return -ENOMEM; 540 541 priv->nclocks = len / sizeof(u32); 542 if (dev_read_u32_array(dev, "clocks", (u32 *)priv->clocks, 543 priv->nclocks)) { 544 printf("Can't read \"clocks\" property\n"); 545 ret = -EINVAL; 546 goto exit; 547 } 548 549 if (!dev_read_prop(dev, "clock-frequency", &len)) { 550 printf("Can't find \"clock-frequency\" property\n"); 551 ret = -EINVAL; 552 goto exit; 553 } 554 555 priv->frequencies = malloc(len); 556 if (!priv->frequencies) { 557 ret = -ENOMEM; 558 goto exit; 559 } 560 561 priv->nclocks = len / sizeof(u32); 562 if (dev_read_u32_array(dev, "clock-frequency", priv->frequencies, 563 priv->nclocks)) { 564 printf("Can't read \"clock-frequency\" property\n"); 565 ret = -EINVAL; 566 goto exit; 567 } 568 569 priv->reg = (fdt_addr_t)dev_read_addr_ptr(dev); 570 571 crypto_base = priv->reg; 572 573 return 0; 574 exit: 575 if (priv->clocks) 576 free(priv->clocks); 577 578 if (priv->frequencies) 579 free(priv->frequencies); 580 581 return ret; 582 } 583 584 static int rockchip_crypto_probe(struct udevice *dev) 585 { 586 struct rockchip_crypto_priv *priv = dev_get_priv(dev); 587 int i, ret = 0; 588 u32* clocks; 589 590 priv->hw_ctx = memalign(LLI_ADDR_ALIGIN_SIZE, 591 sizeof(struct rk_hash_ctx)); 592 if (!priv->hw_ctx) 593 return -ENOMEM; 594 595 ret = rockchip_get_clk(&priv->clk.dev); 596 if (ret) { 597 printf("Failed to get clk device, ret=%d\n", ret); 598 return ret; 599 } 600 601 clocks = (u32 *)priv->clocks; 602 for (i = 0; i < priv->nclocks; i++) { 603 priv->clk.id = clocks[i * 2 + 1]; 604 ret = clk_set_rate(&priv->clk, priv->frequencies[i]); 605 if (ret < 0) { 606 printf("%s: Failed to set clk(%ld): ret=%d\n", 607 __func__, priv->clk.id, ret); 608 return ret; 609 } 610 } 611 612 hw_crypto_reset(); 613 614 return 0; 615 } 616 617 static const struct udevice_id rockchip_crypto_ids[] = { 618 { .compatible = "rockchip,px30-crypto" }, 619 { .compatible = "rockchip,rk1808-crypto" }, 620 { .compatible = "rockchip,rk3308-crypto" }, 621 { .compatible = "rockchip,rv1126-crypto" }, 622 { .compatible = "rockchip,rk3568-crypto" }, 623 { } 624 }; 625 626 U_BOOT_DRIVER(rockchip_crypto_v2) = { 627 .name = "rockchip_crypto_v2", 628 .id = UCLASS_CRYPTO, 629 .of_match = rockchip_crypto_ids, 630 .ops = &rockchip_crypto_ops, 631 .probe = rockchip_crypto_probe, 632 .ofdata_to_platdata = rockchip_crypto_ofdata_to_platdata, 633 .priv_auto_alloc_size = sizeof(struct rockchip_crypto_priv), 634 }; 635