Re: [PATCH v2 14/14] crypto: sun8i-ce: Add support for the TRNG

From: Stephan Mueller
Date: Fri Apr 24 2020 - 10:44:40 EST

Next message: Stephan Mueller: "Re: [PATCH v2 13/14] crypto: sun8i-ce: Add support for the PRNG"
Previous message: Enric Balletbo i Serra: "Re: [PATCH v4] platform: x86: Add ACPI driver for ChromeOS"
In reply to: Corentin Labbe: "[PATCH v2 14/14] crypto: sun8i-ce: Add support for the TRNG"
Next in thread: LABBE Corentin: "Re: [PATCH v2 14/14] crypto: sun8i-ce: Add support for the TRNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Freitag, 24. April 2020, 16:02:14 CEST schrieb Corentin Labbe:

Hi Corentin,

> This patch had support for the TRNG present in the CE.
> Note that according to the algorithm ID, 2 version of the TRNG exists,
> the first present in H3/H5/R40/A64 and the second present in H6.
> This patch adds support for both, but only the second is working
> reliabily accoridng to rngtest.
>
> Signed-off-by: Corentin Labbe <clabbe@xxxxxxxxxxxx>
> ---
> drivers/crypto/allwinner/Kconfig | 8 ++
> drivers/crypto/allwinner/sun8i-ce/Makefile | 1 +
> .../crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 18 +++
> .../crypto/allwinner/sun8i-ce/sun8i-ce-trng.c | 123 ++++++++++++++++++
> drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 18 +++
> 5 files changed, 168 insertions(+)
> create mode 100644 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c
>
> diff --git a/drivers/crypto/allwinner/Kconfig
> b/drivers/crypto/allwinner/Kconfig index 223a5823867c..6aec31f7d2be 100644
> --- a/drivers/crypto/allwinner/Kconfig
> +++ b/drivers/crypto/allwinner/Kconfig
> @@ -87,6 +87,14 @@ config CRYPTO_DEV_SUN8I_CE_PRNG
> Select this option if you want to provide kernel-side support for
> the Pseudo-Random Number Generator found in the Crypto Engine.
>
> +config CRYPTO_DEV_SUN8I_CE_TRNG
> + bool "Support for Allwinner Crypto Engine TRNG"
> + depends on CRYPTO_DEV_SUN8I_CE
> + select HW_RANDOM
> + help
> + Select this option if you want to provide kernel-side support for
> + the True Random Number Generator found in the Crypto Engine.
> +
> config CRYPTO_DEV_SUN8I_SS
> tristate "Support for Allwinner Security System cryptographic
offloader"
> select CRYPTO_SKCIPHER
> diff --git a/drivers/crypto/allwinner/sun8i-ce/Makefile
> b/drivers/crypto/allwinner/sun8i-ce/Makefile index
> c0ea81da2c7d..0842eb2d9408 100644
> --- a/drivers/crypto/allwinner/sun8i-ce/Makefile
> +++ b/drivers/crypto/allwinner/sun8i-ce/Makefile
> @@ -2,3 +2,4 @@ obj-$(CONFIG_CRYPTO_DEV_SUN8I_CE) += sun8i-ce.o
> sun8i-ce-y += sun8i-ce-core.o sun8i-ce-cipher.o
> sun8i-ce-$(CONFIG_CRYPTO_DEV_SUN8I_CE_HASH) += sun8i-ce-hash.o
> sun8i-ce-$(CONFIG_CRYPTO_DEV_SUN8I_CE_PRNG) += sun8i-ce-prng.o
> +sun8i-ce-$(CONFIG_CRYPTO_DEV_SUN8I_CE_TRNG) += sun8i-ce-trng.o
> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c
> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c index
> 23b9fc67d7ea..86d75789811f 100644
> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c
> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c
> @@ -47,6 +47,7 @@ static const struct ce_variant ce_h3_variant = {
> },
> .esr = ESR_H3,
> .prng = CE_ALG_PRNG,
> + .trng = CE_ID_NOTSUPP,
> };
>
> static const struct ce_variant ce_h5_variant = {
> @@ -63,6 +64,7 @@ static const struct ce_variant ce_h5_variant = {
> },
> .esr = ESR_H5,
> .prng = CE_ALG_PRNG,
> + .trng = CE_ID_NOTSUPP,
> };
>
> static const struct ce_variant ce_h6_variant = {
> @@ -76,6 +78,7 @@ static const struct ce_variant ce_h6_variant = {
> .cipher_t_dlen_in_bytes = true,
> .hash_t_dlen_in_bits = true,
> .prng_t_dlen_in_bytes = true,
> + .trng_t_dlen_in_bytes = true,
> .ce_clks = {
> { "bus", 0, 200000000 },
> { "mod", 300000000, 0 },
> @@ -83,6 +86,7 @@ static const struct ce_variant ce_h6_variant = {
> },
> .esr = ESR_H6,
> .prng = CE_ALG_PRNG_V2,
> + .trng = CE_ALG_TRNG_V2,
> };
>
> static const struct ce_variant ce_a64_variant = {
> @@ -99,6 +103,7 @@ static const struct ce_variant ce_a64_variant = {
> },
> .esr = ESR_A64,
> .prng = CE_ALG_PRNG,
> + .trng = CE_ID_NOTSUPP,
> };
>
> static const struct ce_variant ce_r40_variant = {
> @@ -115,6 +120,7 @@ static const struct ce_variant ce_r40_variant = {
> },
> .esr = ESR_R40,
> .prng = CE_ALG_PRNG,
> + .trng = CE_ID_NOTSUPP,
> };
>
> /*
> @@ -579,6 +585,10 @@ static int sun8i_ce_dbgfs_read(struct seq_file *seq,
> void *v) break;
> }
> }
> +#ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_TRNG
> + seq_printf(seq, "HWRNG %lu %lu\n",
> + ce->hwrng_stat_req, ce->hwrng_stat_bytes);
> +#endif
> return 0;
> }
>
> @@ -928,6 +938,10 @@ static int sun8i_ce_probe(struct platform_device *pdev)
> if (err < 0)
> goto error_alg;
>
> +#ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_TRNG
> + sun8i_ce_hwrng_register(ce);
> +#endif
> +
> v = readl(ce->base + CE_CTR);
> v >>= CE_DIE_ID_SHIFT;
> v &= CE_DIE_ID_MASK;
> @@ -957,6 +971,10 @@ static int sun8i_ce_remove(struct platform_device
> *pdev) {
> struct sun8i_ce_dev *ce = platform_get_drvdata(pdev);
>
> +#ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_TRNG
> + sun8i_ce_hwrng_unregister(ce);
> +#endif
> +
> sun8i_ce_unregister_algs(ce);
>
> #ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_DEBUG
> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c
> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c new file mode 100644
> index 000000000000..5e4effe29ed3
> --- /dev/null
> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c
> @@ -0,0 +1,123 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * sun8i-ce-trng.c - hardware cryptographic offloader for
> + * Allwinner H3/A64/H5/H2+/H6/R40 SoC
> + *
> + * Copyright (C) 2015-2020 Corentin Labbe <clabbe@xxxxxxxxxxxx>
> + *
> + * This file handle the TRNG
> + *
> + * You could find a link for the datasheet in
> Documentation/arm/sunxi/README + */
> +#include "sun8i-ce.h"
> +#include <linux/pm_runtime.h>
> +#include <linux/hw_random.h>
> +/*
> + * Note that according to the algorithm ID, 2 versions of the TRNG exists,
> + * The first present in H3/H5/R40/A64 and the second present in H6.
> + * This file adds support for both, but only the second is working
> + * reliabily according to rngtest.
> + **/
> +
> +int sun8i_ce_trng_read(struct hwrng *rng, void *data, size_t max, bool
> wait) +{
> + struct sun8i_ce_dev *ce;
> + dma_addr_t dma_dst;
> + int err = 0;
> + int flow = 3;
> + unsigned int todo;
> + struct sun8i_ce_flow *chan;
> + struct ce_task *cet;
> + u32 common;
> + void *d;
> +
> + ce = container_of(rng, struct sun8i_ce_dev, trng);
> +
> + todo = max + 32;
> + todo -= todo % 32;
> +
> + d = kzalloc(todo, GFP_KERNEL | GFP_DMA);
> + if (!d)
> + return -ENOMEM;
> +
> +#ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_DEBUG
> + ce->hwrng_stat_req++;
> + ce->hwrng_stat_bytes += todo;
> +#endif
> +
> + dma_dst = dma_map_single(ce->dev, d, todo, DMA_FROM_DEVICE);
> + if (dma_mapping_error(ce->dev, dma_dst)) {
> + dev_err(ce->dev, "Cannot DMA MAP DST\n");
> + err = -EFAULT;
> + goto err_dst;
> + }
> +
> + err = pm_runtime_get_sync(ce->dev);
> + if (err < 0)
> + goto err_pm;
> +
> + mutex_lock(&ce->rnglock);
> + chan = &ce->chanlist[flow];
> +
> + cet = &chan->tl[0];
> + memset(cet, 0, sizeof(struct ce_task));
> +
> + cet->t_id = cpu_to_le32(flow);
> + common = ce->variant->trng | CE_COMM_INT;
> + cet->t_common_ctl = cpu_to_le32(common);
> +
> + /* recent CE (H6) need length in bytes, in word otherwise */
> + if (ce->variant->trng_t_dlen_in_bytes)
> + cet->t_dlen = cpu_to_le32(todo);
> + else
> + cet->t_dlen = cpu_to_le32(todo / 4);
> +
> + cet->t_sym_ctl = 0;
> + cet->t_asym_ctl = 0;
> +
> + cet->t_dst[0].addr = cpu_to_le32(dma_dst);
> + cet->t_dst[0].len = cpu_to_le32(todo / 4);
> + ce->chanlist[flow].timeout = 2000;
> +
> + err = sun8i_ce_run_task(ce, 3, "TRNG");
> + mutex_unlock(&ce->rnglock);
> +
> + pm_runtime_put(ce->dev);
> +
> +err_pm:
> + dma_unmap_single(ce->dev, dma_dst, todo, DMA_FROM_DEVICE);
> +
> + if (!err) {
> + memcpy(data, d, max);
> + err = max;
> + }
> +
> +err_dst:
> + kfree(d);

kzfree? I would assume d contains sensitive data, no?

> + return err;
> +}
> +
> +int sun8i_ce_hwrng_register(struct sun8i_ce_dev *ce)
> +{
> + int ret;
> +
> + if (ce->variant->trng == CE_ID_NOTSUPP) {
> + dev_info(ce->dev, "TRNG not supported\n");
> + return 0;
> + }
> + ce->trng.name = "sun8i Crypto Engine TRNG";
> + ce->trng.read = sun8i_ce_trng_read;
> + ce->trng.quality = 1000;
> +
> + ret = hwrng_register(&ce->trng);
> + if (ret)
> + dev_err(ce->dev, "Fail to register the TRNG\n");
> + return ret;
> +}
> +
> +void sun8i_ce_hwrng_unregister(struct sun8i_ce_dev *ce)
> +{
> + if (ce->variant->trng == CE_ID_NOTSUPP)
> + return;
> + hwrng_unregister(&ce->trng);
> +}
> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h index
> 2ef0c3814367..746e56c254d4 100644
> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
> @@ -12,6 +12,7 @@
> #include <linux/atomic.h>
> #include <linux/debugfs.h>
> #include <linux/crypto.h>
> +#include <linux/hw_random.h>
> #include <crypto/internal/hash.h>
> #include <crypto/md5.h>
> #include <crypto/rng.h>
> @@ -55,7 +56,9 @@
> #define CE_ALG_SHA256 19
> #define CE_ALG_SHA384 20
> #define CE_ALG_SHA512 21
> +#define CE_ALG_TRNG 48
> #define CE_ALG_PRNG 49
> +#define CE_ALG_TRNG_V2 0x1c
> #define CE_ALG_PRNG_V2 0x1d
>
> /* Used in ce_variant */
> @@ -129,9 +132,12 @@ struct ce_clock {
> * bits or words
> * @prng_t_dlen_in_bytes: Does the request size for PRNG is in
> * bytes or words
> + * @trng_t_dlen_in_bytes: Does the request size for TRNG is in
> + * bytes or words
> * @ce_clks: list of clocks needed by this variant
> * @esr: The type of error register
> * @prng: The CE_ALG_XXX value for the PRNG
> + * @trng: The CE_ALG_XXX value for the TRNG
> */
> struct ce_variant {
> char alg_cipher[CE_ID_CIPHER_MAX];
> @@ -140,9 +146,11 @@ struct ce_variant {
> bool cipher_t_dlen_in_bytes;
> bool hash_t_dlen_in_bits;
> bool prng_t_dlen_in_bytes;
> + bool trng_t_dlen_in_bytes;
> struct ce_clock ce_clks[CE_MAX_CLOCKS];
> int esr;
> char prng;
> + char trng;
> };
>
> struct sginfo {
> @@ -218,6 +226,13 @@ struct sun8i_ce_dev {
> struct dentry *dbgfs_dir;
> struct dentry *dbgfs_stats;
> #endif
> +#ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_TRNG
> + struct hwrng trng;
> +#ifdef CONFIG_CRYPTO_DEV_SUN8I_CE_DEBUG
> + unsigned long hwrng_stat_req;
> + unsigned long hwrng_stat_bytes;
> +#endif
> +#endif
> };
>
> /*
> @@ -349,3 +364,6 @@ int sun8i_ce_prng_generate(struct crypto_rng *tfm, const
> u8 *src, int sun8i_ce_prng_seed(struct crypto_rng *tfm, const u8 *seed,
> unsigned int slen); void sun8i_ce_prng_exit(struct crypto_tfm *tfm);
> int sun8i_ce_prng_init(struct crypto_tfm *tfm);
> +
> +int sun8i_ce_hwrng_register(struct sun8i_ce_dev *ce);
> +void sun8i_ce_hwrng_unregister(struct sun8i_ce_dev *ce);

Ciao
Stephan
--
atsec information security GmbH, Steinstraße 70, 81667 München, Germany
Phone: +49 89 442 49 830 - Fax: +49 89 442 49 831
Mobile DE: +49 172 216 55 78 - Mobile US: +1 737 346 1613
HRB: 129439 (Amtsgericht München)
GF: Salvatore la Pietra, Staffan Persson, Manuela Gambarotto
atsec it security news blog - atsec-information-security.blogspot.com

Next message: Stephan Mueller: "Re: [PATCH v2 13/14] crypto: sun8i-ce: Add support for the PRNG"
Previous message: Enric Balletbo i Serra: "Re: [PATCH v4] platform: x86: Add ACPI driver for ChromeOS"
In reply to: Corentin Labbe: "[PATCH v2 14/14] crypto: sun8i-ce: Add support for the TRNG"
Next in thread: LABBE Corentin: "Re: [PATCH v2 14/14] crypto: sun8i-ce: Add support for the TRNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]