Tudor Ambarus | 820684c | 2018-08-21 16:36:09 +0300 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0 |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 2 | /* |
| 3 | * Microchip / Atmel ECC (I2C) driver. |
| 4 | * |
| 5 | * Copyright (c) 2017, Microchip Technology Inc. |
| 6 | * Author: Tudor Ambarus <tudor.ambarus@microchip.com> |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 7 | */ |
| 8 | |
| 9 | #include <linux/bitrev.h> |
| 10 | #include <linux/crc16.h> |
| 11 | #include <linux/delay.h> |
| 12 | #include <linux/device.h> |
| 13 | #include <linux/err.h> |
| 14 | #include <linux/errno.h> |
| 15 | #include <linux/i2c.h> |
| 16 | #include <linux/init.h> |
| 17 | #include <linux/kernel.h> |
| 18 | #include <linux/module.h> |
| 19 | #include <linux/of_device.h> |
| 20 | #include <linux/scatterlist.h> |
| 21 | #include <linux/slab.h> |
| 22 | #include <linux/workqueue.h> |
| 23 | #include <crypto/internal/kpp.h> |
| 24 | #include <crypto/ecdh.h> |
| 25 | #include <crypto/kpp.h> |
| 26 | #include "atmel-ecc.h" |
| 27 | |
| 28 | /* Used for binding tfm objects to i2c clients. */ |
| 29 | struct atmel_ecc_driver_data { |
| 30 | struct list_head i2c_client_list; |
| 31 | spinlock_t i2c_list_lock; |
| 32 | } ____cacheline_aligned; |
| 33 | |
| 34 | static struct atmel_ecc_driver_data driver_data; |
| 35 | |
| 36 | /** |
| 37 | * atmel_ecc_i2c_client_priv - i2c_client private data |
| 38 | * @client : pointer to i2c client device |
| 39 | * @i2c_client_list_node: part of i2c_client_list |
| 40 | * @lock : lock for sending i2c commands |
| 41 | * @wake_token : wake token array of zeros |
| 42 | * @wake_token_sz : size in bytes of the wake_token |
| 43 | * @tfm_count : number of active crypto transformations on i2c client |
| 44 | * |
| 45 | * Reads and writes from/to the i2c client are sequential. The first byte |
| 46 | * transmitted to the device is treated as the byte size. Any attempt to send |
| 47 | * more than this number of bytes will cause the device to not ACK those bytes. |
| 48 | * After the host writes a single command byte to the input buffer, reads are |
| 49 | * prohibited until after the device completes command execution. Use a mutex |
| 50 | * when sending i2c commands. |
| 51 | */ |
| 52 | struct atmel_ecc_i2c_client_priv { |
| 53 | struct i2c_client *client; |
| 54 | struct list_head i2c_client_list_node; |
| 55 | struct mutex lock; |
| 56 | u8 wake_token[WAKE_TOKEN_MAX_SIZE]; |
| 57 | size_t wake_token_sz; |
| 58 | atomic_t tfm_count ____cacheline_aligned; |
| 59 | }; |
| 60 | |
| 61 | /** |
| 62 | * atmel_ecdh_ctx - transformation context |
| 63 | * @client : pointer to i2c client device |
| 64 | * @fallback : used for unsupported curves or when user wants to use its own |
| 65 | * private key. |
| 66 | * @public_key : generated when calling set_secret(). It's the responsibility |
| 67 | * of the user to not call set_secret() while |
| 68 | * generate_public_key() or compute_shared_secret() are in flight. |
| 69 | * @curve_id : elliptic curve id |
| 70 | * @n_sz : size in bytes of the n prime |
| 71 | * @do_fallback: true when the device doesn't support the curve or when the user |
| 72 | * wants to use its own private key. |
| 73 | */ |
| 74 | struct atmel_ecdh_ctx { |
| 75 | struct i2c_client *client; |
| 76 | struct crypto_kpp *fallback; |
| 77 | const u8 *public_key; |
| 78 | unsigned int curve_id; |
| 79 | size_t n_sz; |
| 80 | bool do_fallback; |
| 81 | }; |
| 82 | |
| 83 | /** |
| 84 | * atmel_ecc_work_data - data structure representing the work |
| 85 | * @ctx : transformation context. |
| 86 | * @cbk : pointer to a callback function to be invoked upon completion of this |
| 87 | * request. This has the form: |
| 88 | * callback(struct atmel_ecc_work_data *work_data, void *areq, u8 status) |
| 89 | * where: |
| 90 | * @work_data: data structure representing the work |
| 91 | * @areq : optional pointer to an argument passed with the original |
| 92 | * request. |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 93 | * @status : status returned from the i2c client device or i2c error. |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 94 | * @areq: optional pointer to a user argument for use at callback time. |
| 95 | * @work: describes the task to be executed. |
| 96 | * @cmd : structure used for communicating with the device. |
| 97 | */ |
| 98 | struct atmel_ecc_work_data { |
| 99 | struct atmel_ecdh_ctx *ctx; |
| 100 | void (*cbk)(struct atmel_ecc_work_data *work_data, void *areq, |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 101 | int status); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 102 | void *areq; |
| 103 | struct work_struct work; |
| 104 | struct atmel_ecc_cmd cmd; |
| 105 | }; |
| 106 | |
| 107 | static u16 atmel_ecc_crc16(u16 crc, const u8 *buffer, size_t len) |
| 108 | { |
| 109 | return cpu_to_le16(bitrev16(crc16(crc, buffer, len))); |
| 110 | } |
| 111 | |
| 112 | /** |
| 113 | * atmel_ecc_checksum() - Generate 16-bit CRC as required by ATMEL ECC. |
| 114 | * CRC16 verification of the count, opcode, param1, param2 and data bytes. |
| 115 | * The checksum is saved in little-endian format in the least significant |
| 116 | * two bytes of the command. CRC polynomial is 0x8005 and the initial register |
| 117 | * value should be zero. |
| 118 | * |
| 119 | * @cmd : structure used for communicating with the device. |
| 120 | */ |
| 121 | static void atmel_ecc_checksum(struct atmel_ecc_cmd *cmd) |
| 122 | { |
| 123 | u8 *data = &cmd->count; |
| 124 | size_t len = cmd->count - CRC_SIZE; |
| 125 | u16 *crc16 = (u16 *)(data + len); |
| 126 | |
| 127 | *crc16 = atmel_ecc_crc16(0, data, len); |
| 128 | } |
| 129 | |
| 130 | static void atmel_ecc_init_read_cmd(struct atmel_ecc_cmd *cmd) |
| 131 | { |
| 132 | cmd->word_addr = COMMAND; |
| 133 | cmd->opcode = OPCODE_READ; |
| 134 | /* |
| 135 | * Read the word from Configuration zone that contains the lock bytes |
| 136 | * (UserExtra, Selector, LockValue, LockConfig). |
| 137 | */ |
| 138 | cmd->param1 = CONFIG_ZONE; |
| 139 | cmd->param2 = DEVICE_LOCK_ADDR; |
| 140 | cmd->count = READ_COUNT; |
| 141 | |
| 142 | atmel_ecc_checksum(cmd); |
| 143 | |
| 144 | cmd->msecs = MAX_EXEC_TIME_READ; |
| 145 | cmd->rxsize = READ_RSP_SIZE; |
| 146 | } |
| 147 | |
| 148 | static void atmel_ecc_init_genkey_cmd(struct atmel_ecc_cmd *cmd, u16 keyid) |
| 149 | { |
| 150 | cmd->word_addr = COMMAND; |
| 151 | cmd->count = GENKEY_COUNT; |
| 152 | cmd->opcode = OPCODE_GENKEY; |
| 153 | cmd->param1 = GENKEY_MODE_PRIVATE; |
| 154 | /* a random private key will be generated and stored in slot keyID */ |
| 155 | cmd->param2 = cpu_to_le16(keyid); |
| 156 | |
| 157 | atmel_ecc_checksum(cmd); |
| 158 | |
| 159 | cmd->msecs = MAX_EXEC_TIME_GENKEY; |
| 160 | cmd->rxsize = GENKEY_RSP_SIZE; |
| 161 | } |
| 162 | |
| 163 | static int atmel_ecc_init_ecdh_cmd(struct atmel_ecc_cmd *cmd, |
| 164 | struct scatterlist *pubkey) |
| 165 | { |
| 166 | size_t copied; |
| 167 | |
| 168 | cmd->word_addr = COMMAND; |
| 169 | cmd->count = ECDH_COUNT; |
| 170 | cmd->opcode = OPCODE_ECDH; |
| 171 | cmd->param1 = ECDH_PREFIX_MODE; |
| 172 | /* private key slot */ |
| 173 | cmd->param2 = cpu_to_le16(DATA_SLOT_2); |
| 174 | |
| 175 | /* |
| 176 | * The device only supports NIST P256 ECC keys. The public key size will |
| 177 | * always be the same. Use a macro for the key size to avoid unnecessary |
| 178 | * computations. |
| 179 | */ |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 180 | copied = sg_copy_to_buffer(pubkey, |
| 181 | sg_nents_for_len(pubkey, |
| 182 | ATMEL_ECC_PUBKEY_SIZE), |
| 183 | cmd->data, ATMEL_ECC_PUBKEY_SIZE); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 184 | if (copied != ATMEL_ECC_PUBKEY_SIZE) |
| 185 | return -EINVAL; |
| 186 | |
| 187 | atmel_ecc_checksum(cmd); |
| 188 | |
| 189 | cmd->msecs = MAX_EXEC_TIME_ECDH; |
| 190 | cmd->rxsize = ECDH_RSP_SIZE; |
| 191 | |
| 192 | return 0; |
| 193 | } |
| 194 | |
| 195 | /* |
| 196 | * After wake and after execution of a command, there will be error, status, or |
| 197 | * result bytes in the device's output register that can be retrieved by the |
| 198 | * system. When the length of that group is four bytes, the codes returned are |
| 199 | * detailed in error_list. |
| 200 | */ |
| 201 | static int atmel_ecc_status(struct device *dev, u8 *status) |
| 202 | { |
| 203 | size_t err_list_len = ARRAY_SIZE(error_list); |
| 204 | int i; |
| 205 | u8 err_id = status[1]; |
| 206 | |
| 207 | if (*status != STATUS_SIZE) |
| 208 | return 0; |
| 209 | |
| 210 | if (err_id == STATUS_WAKE_SUCCESSFUL || err_id == STATUS_NOERR) |
| 211 | return 0; |
| 212 | |
| 213 | for (i = 0; i < err_list_len; i++) |
| 214 | if (error_list[i].value == err_id) |
| 215 | break; |
| 216 | |
| 217 | /* if err_id is not in the error_list then ignore it */ |
| 218 | if (i != err_list_len) { |
| 219 | dev_err(dev, "%02x: %s:\n", err_id, error_list[i].error_text); |
| 220 | return err_id; |
| 221 | } |
| 222 | |
| 223 | return 0; |
| 224 | } |
| 225 | |
| 226 | static int atmel_ecc_wakeup(struct i2c_client *client) |
| 227 | { |
| 228 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 229 | u8 status[STATUS_RSP_SIZE]; |
| 230 | int ret; |
| 231 | |
| 232 | /* |
| 233 | * The device ignores any levels or transitions on the SCL pin when the |
| 234 | * device is idle, asleep or during waking up. Don't check for error |
| 235 | * when waking up the device. |
| 236 | */ |
| 237 | i2c_master_send(client, i2c_priv->wake_token, i2c_priv->wake_token_sz); |
| 238 | |
| 239 | /* |
| 240 | * Wait to wake the device. Typical execution times for ecdh and genkey |
| 241 | * are around tens of milliseconds. Delta is chosen to 50 microseconds. |
| 242 | */ |
| 243 | usleep_range(TWHI_MIN, TWHI_MAX); |
| 244 | |
| 245 | ret = i2c_master_recv(client, status, STATUS_SIZE); |
| 246 | if (ret < 0) |
| 247 | return ret; |
| 248 | |
| 249 | return atmel_ecc_status(&client->dev, status); |
| 250 | } |
| 251 | |
| 252 | static int atmel_ecc_sleep(struct i2c_client *client) |
| 253 | { |
| 254 | u8 sleep = SLEEP_TOKEN; |
| 255 | |
| 256 | return i2c_master_send(client, &sleep, 1); |
| 257 | } |
| 258 | |
| 259 | static void atmel_ecdh_done(struct atmel_ecc_work_data *work_data, void *areq, |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 260 | int status) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 261 | { |
| 262 | struct kpp_request *req = areq; |
| 263 | struct atmel_ecdh_ctx *ctx = work_data->ctx; |
| 264 | struct atmel_ecc_cmd *cmd = &work_data->cmd; |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 265 | size_t copied, n_sz; |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 266 | |
| 267 | if (status) |
| 268 | goto free_work_data; |
| 269 | |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 270 | /* might want less than we've got */ |
| 271 | n_sz = min_t(size_t, ctx->n_sz, req->dst_len); |
| 272 | |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 273 | /* copy the shared secret */ |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 274 | copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, n_sz), |
| 275 | &cmd->data[RSP_DATA_IDX], n_sz); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 276 | if (copied != n_sz) |
| 277 | status = -EINVAL; |
| 278 | |
| 279 | /* fall through */ |
| 280 | free_work_data: |
| 281 | kzfree(work_data); |
| 282 | kpp_request_complete(req, status); |
| 283 | } |
| 284 | |
| 285 | /* |
| 286 | * atmel_ecc_send_receive() - send a command to the device and receive its |
| 287 | * response. |
| 288 | * @client: i2c client device |
| 289 | * @cmd : structure used to communicate with the device |
| 290 | * |
| 291 | * After the device receives a Wake token, a watchdog counter starts within the |
| 292 | * device. After the watchdog timer expires, the device enters sleep mode |
| 293 | * regardless of whether some I/O transmission or command execution is in |
| 294 | * progress. If a command is attempted when insufficient time remains prior to |
| 295 | * watchdog timer execution, the device will return the watchdog timeout error |
| 296 | * code without attempting to execute the command. There is no way to reset the |
| 297 | * counter other than to put the device into sleep or idle mode and then |
| 298 | * wake it up again. |
| 299 | */ |
| 300 | static int atmel_ecc_send_receive(struct i2c_client *client, |
| 301 | struct atmel_ecc_cmd *cmd) |
| 302 | { |
| 303 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 304 | int ret; |
| 305 | |
| 306 | mutex_lock(&i2c_priv->lock); |
| 307 | |
| 308 | ret = atmel_ecc_wakeup(client); |
| 309 | if (ret) |
| 310 | goto err; |
| 311 | |
| 312 | /* send the command */ |
| 313 | ret = i2c_master_send(client, (u8 *)cmd, cmd->count + WORD_ADDR_SIZE); |
| 314 | if (ret < 0) |
| 315 | goto err; |
| 316 | |
| 317 | /* delay the appropriate amount of time for command to execute */ |
| 318 | msleep(cmd->msecs); |
| 319 | |
| 320 | /* receive the response */ |
| 321 | ret = i2c_master_recv(client, cmd->data, cmd->rxsize); |
| 322 | if (ret < 0) |
| 323 | goto err; |
| 324 | |
| 325 | /* put the device into low-power mode */ |
| 326 | ret = atmel_ecc_sleep(client); |
| 327 | if (ret < 0) |
| 328 | goto err; |
| 329 | |
| 330 | mutex_unlock(&i2c_priv->lock); |
| 331 | return atmel_ecc_status(&client->dev, cmd->data); |
| 332 | err: |
| 333 | mutex_unlock(&i2c_priv->lock); |
| 334 | return ret; |
| 335 | } |
| 336 | |
| 337 | static void atmel_ecc_work_handler(struct work_struct *work) |
| 338 | { |
| 339 | struct atmel_ecc_work_data *work_data = |
| 340 | container_of(work, struct atmel_ecc_work_data, work); |
| 341 | struct atmel_ecc_cmd *cmd = &work_data->cmd; |
| 342 | struct i2c_client *client = work_data->ctx->client; |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 343 | int status; |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 344 | |
| 345 | status = atmel_ecc_send_receive(client, cmd); |
| 346 | work_data->cbk(work_data, work_data->areq, status); |
| 347 | } |
| 348 | |
| 349 | static void atmel_ecc_enqueue(struct atmel_ecc_work_data *work_data, |
| 350 | void (*cbk)(struct atmel_ecc_work_data *work_data, |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 351 | void *areq, int status), |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 352 | void *areq) |
| 353 | { |
| 354 | work_data->cbk = (void *)cbk; |
| 355 | work_data->areq = areq; |
| 356 | |
| 357 | INIT_WORK(&work_data->work, atmel_ecc_work_handler); |
| 358 | schedule_work(&work_data->work); |
| 359 | } |
| 360 | |
| 361 | static unsigned int atmel_ecdh_supported_curve(unsigned int curve_id) |
| 362 | { |
| 363 | if (curve_id == ECC_CURVE_NIST_P256) |
| 364 | return ATMEL_ECC_NIST_P256_N_SIZE; |
| 365 | |
| 366 | return 0; |
| 367 | } |
| 368 | |
| 369 | /* |
| 370 | * A random private key is generated and stored in the device. The device |
| 371 | * returns the pair public key. |
| 372 | */ |
| 373 | static int atmel_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, |
| 374 | unsigned int len) |
| 375 | { |
| 376 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 377 | struct atmel_ecc_cmd *cmd; |
| 378 | void *public_key; |
| 379 | struct ecdh params; |
| 380 | int ret = -ENOMEM; |
| 381 | |
| 382 | /* free the old public key, if any */ |
| 383 | kfree(ctx->public_key); |
| 384 | /* make sure you don't free the old public key twice */ |
| 385 | ctx->public_key = NULL; |
| 386 | |
| 387 | if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0) { |
| 388 | dev_err(&ctx->client->dev, "crypto_ecdh_decode_key failed\n"); |
| 389 | return -EINVAL; |
| 390 | } |
| 391 | |
| 392 | ctx->n_sz = atmel_ecdh_supported_curve(params.curve_id); |
| 393 | if (!ctx->n_sz || params.key_size) { |
| 394 | /* fallback to ecdh software implementation */ |
| 395 | ctx->do_fallback = true; |
| 396 | return crypto_kpp_set_secret(ctx->fallback, buf, len); |
| 397 | } |
| 398 | |
| 399 | cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); |
| 400 | if (!cmd) |
| 401 | return -ENOMEM; |
| 402 | |
| 403 | /* |
| 404 | * The device only supports NIST P256 ECC keys. The public key size will |
| 405 | * always be the same. Use a macro for the key size to avoid unnecessary |
| 406 | * computations. |
| 407 | */ |
| 408 | public_key = kmalloc(ATMEL_ECC_PUBKEY_SIZE, GFP_KERNEL); |
| 409 | if (!public_key) |
| 410 | goto free_cmd; |
| 411 | |
| 412 | ctx->do_fallback = false; |
| 413 | ctx->curve_id = params.curve_id; |
| 414 | |
| 415 | atmel_ecc_init_genkey_cmd(cmd, DATA_SLOT_2); |
| 416 | |
| 417 | ret = atmel_ecc_send_receive(ctx->client, cmd); |
| 418 | if (ret) |
| 419 | goto free_public_key; |
| 420 | |
| 421 | /* save the public key */ |
| 422 | memcpy(public_key, &cmd->data[RSP_DATA_IDX], ATMEL_ECC_PUBKEY_SIZE); |
| 423 | ctx->public_key = public_key; |
| 424 | |
| 425 | kfree(cmd); |
| 426 | return 0; |
| 427 | |
| 428 | free_public_key: |
| 429 | kfree(public_key); |
| 430 | free_cmd: |
| 431 | kfree(cmd); |
| 432 | return ret; |
| 433 | } |
| 434 | |
| 435 | static int atmel_ecdh_generate_public_key(struct kpp_request *req) |
| 436 | { |
| 437 | struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); |
| 438 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 439 | size_t copied, nbytes; |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 440 | int ret = 0; |
| 441 | |
| 442 | if (ctx->do_fallback) { |
| 443 | kpp_request_set_tfm(req, ctx->fallback); |
| 444 | return crypto_kpp_generate_public_key(req); |
| 445 | } |
| 446 | |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 447 | /* might want less than we've got */ |
| 448 | nbytes = min_t(size_t, ATMEL_ECC_PUBKEY_SIZE, req->dst_len); |
| 449 | |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 450 | /* public key was saved at private key generation */ |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 451 | copied = sg_copy_from_buffer(req->dst, |
| 452 | sg_nents_for_len(req->dst, nbytes), |
| 453 | ctx->public_key, nbytes); |
| 454 | if (copied != nbytes) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 455 | ret = -EINVAL; |
| 456 | |
| 457 | return ret; |
| 458 | } |
| 459 | |
| 460 | static int atmel_ecdh_compute_shared_secret(struct kpp_request *req) |
| 461 | { |
| 462 | struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); |
| 463 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 464 | struct atmel_ecc_work_data *work_data; |
| 465 | gfp_t gfp; |
| 466 | int ret; |
| 467 | |
| 468 | if (ctx->do_fallback) { |
| 469 | kpp_request_set_tfm(req, ctx->fallback); |
| 470 | return crypto_kpp_compute_shared_secret(req); |
| 471 | } |
| 472 | |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 473 | /* must have exactly two points to be on the curve */ |
| 474 | if (req->src_len != ATMEL_ECC_PUBKEY_SIZE) |
| 475 | return -EINVAL; |
| 476 | |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 477 | gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL : |
| 478 | GFP_ATOMIC; |
| 479 | |
| 480 | work_data = kmalloc(sizeof(*work_data), gfp); |
| 481 | if (!work_data) |
| 482 | return -ENOMEM; |
| 483 | |
| 484 | work_data->ctx = ctx; |
| 485 | |
| 486 | ret = atmel_ecc_init_ecdh_cmd(&work_data->cmd, req->src); |
| 487 | if (ret) |
| 488 | goto free_work_data; |
| 489 | |
| 490 | atmel_ecc_enqueue(work_data, atmel_ecdh_done, req); |
| 491 | |
| 492 | return -EINPROGRESS; |
| 493 | |
| 494 | free_work_data: |
| 495 | kfree(work_data); |
| 496 | return ret; |
| 497 | } |
| 498 | |
Colin Ian King | 0138d32 | 2017-07-19 10:24:15 +0100 | [diff] [blame] | 499 | static struct i2c_client *atmel_ecc_i2c_client_alloc(void) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 500 | { |
| 501 | struct atmel_ecc_i2c_client_priv *i2c_priv, *min_i2c_priv = NULL; |
| 502 | struct i2c_client *client = ERR_PTR(-ENODEV); |
| 503 | int min_tfm_cnt = INT_MAX; |
| 504 | int tfm_cnt; |
| 505 | |
| 506 | spin_lock(&driver_data.i2c_list_lock); |
| 507 | |
| 508 | if (list_empty(&driver_data.i2c_client_list)) { |
| 509 | spin_unlock(&driver_data.i2c_list_lock); |
| 510 | return ERR_PTR(-ENODEV); |
| 511 | } |
| 512 | |
| 513 | list_for_each_entry(i2c_priv, &driver_data.i2c_client_list, |
| 514 | i2c_client_list_node) { |
| 515 | tfm_cnt = atomic_read(&i2c_priv->tfm_count); |
| 516 | if (tfm_cnt < min_tfm_cnt) { |
| 517 | min_tfm_cnt = tfm_cnt; |
| 518 | min_i2c_priv = i2c_priv; |
| 519 | } |
| 520 | if (!min_tfm_cnt) |
| 521 | break; |
| 522 | } |
| 523 | |
| 524 | if (min_i2c_priv) { |
| 525 | atomic_inc(&min_i2c_priv->tfm_count); |
| 526 | client = min_i2c_priv->client; |
| 527 | } |
| 528 | |
| 529 | spin_unlock(&driver_data.i2c_list_lock); |
| 530 | |
| 531 | return client; |
| 532 | } |
| 533 | |
Colin Ian King | 0138d32 | 2017-07-19 10:24:15 +0100 | [diff] [blame] | 534 | static void atmel_ecc_i2c_client_free(struct i2c_client *client) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 535 | { |
| 536 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 537 | |
| 538 | atomic_dec(&i2c_priv->tfm_count); |
| 539 | } |
| 540 | |
| 541 | static int atmel_ecdh_init_tfm(struct crypto_kpp *tfm) |
| 542 | { |
| 543 | const char *alg = kpp_alg_name(tfm); |
| 544 | struct crypto_kpp *fallback; |
| 545 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 546 | |
| 547 | ctx->client = atmel_ecc_i2c_client_alloc(); |
| 548 | if (IS_ERR(ctx->client)) { |
| 549 | pr_err("tfm - i2c_client binding failed\n"); |
| 550 | return PTR_ERR(ctx->client); |
| 551 | } |
| 552 | |
| 553 | fallback = crypto_alloc_kpp(alg, 0, CRYPTO_ALG_NEED_FALLBACK); |
| 554 | if (IS_ERR(fallback)) { |
| 555 | dev_err(&ctx->client->dev, "Failed to allocate transformation for '%s': %ld\n", |
| 556 | alg, PTR_ERR(fallback)); |
| 557 | return PTR_ERR(fallback); |
| 558 | } |
| 559 | |
| 560 | crypto_kpp_set_flags(fallback, crypto_kpp_get_flags(tfm)); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 561 | ctx->fallback = fallback; |
| 562 | |
| 563 | return 0; |
| 564 | } |
| 565 | |
| 566 | static void atmel_ecdh_exit_tfm(struct crypto_kpp *tfm) |
| 567 | { |
| 568 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 569 | |
| 570 | kfree(ctx->public_key); |
| 571 | crypto_free_kpp(ctx->fallback); |
| 572 | atmel_ecc_i2c_client_free(ctx->client); |
| 573 | } |
| 574 | |
| 575 | static unsigned int atmel_ecdh_max_size(struct crypto_kpp *tfm) |
| 576 | { |
| 577 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 578 | |
| 579 | if (ctx->fallback) |
| 580 | return crypto_kpp_maxsize(ctx->fallback); |
| 581 | |
| 582 | /* |
| 583 | * The device only supports NIST P256 ECC keys. The public key size will |
| 584 | * always be the same. Use a macro for the key size to avoid unnecessary |
| 585 | * computations. |
| 586 | */ |
| 587 | return ATMEL_ECC_PUBKEY_SIZE; |
| 588 | } |
| 589 | |
| 590 | static struct kpp_alg atmel_ecdh = { |
| 591 | .set_secret = atmel_ecdh_set_secret, |
| 592 | .generate_public_key = atmel_ecdh_generate_public_key, |
| 593 | .compute_shared_secret = atmel_ecdh_compute_shared_secret, |
| 594 | .init = atmel_ecdh_init_tfm, |
| 595 | .exit = atmel_ecdh_exit_tfm, |
| 596 | .max_size = atmel_ecdh_max_size, |
| 597 | .base = { |
| 598 | .cra_flags = CRYPTO_ALG_NEED_FALLBACK, |
| 599 | .cra_name = "ecdh", |
| 600 | .cra_driver_name = "atmel-ecdh", |
| 601 | .cra_priority = ATMEL_ECC_PRIORITY, |
| 602 | .cra_module = THIS_MODULE, |
| 603 | .cra_ctxsize = sizeof(struct atmel_ecdh_ctx), |
| 604 | }, |
| 605 | }; |
| 606 | |
| 607 | static inline size_t atmel_ecc_wake_token_sz(u32 bus_clk_rate) |
| 608 | { |
| 609 | u32 no_of_bits = DIV_ROUND_UP(TWLO_USEC * bus_clk_rate, USEC_PER_SEC); |
| 610 | |
| 611 | /* return the size of the wake_token in bytes */ |
| 612 | return DIV_ROUND_UP(no_of_bits, 8); |
| 613 | } |
| 614 | |
| 615 | static int device_sanity_check(struct i2c_client *client) |
| 616 | { |
| 617 | struct atmel_ecc_cmd *cmd; |
| 618 | int ret; |
| 619 | |
| 620 | cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); |
| 621 | if (!cmd) |
| 622 | return -ENOMEM; |
| 623 | |
| 624 | atmel_ecc_init_read_cmd(cmd); |
| 625 | |
| 626 | ret = atmel_ecc_send_receive(client, cmd); |
| 627 | if (ret) |
| 628 | goto free_cmd; |
| 629 | |
| 630 | /* |
| 631 | * It is vital that the Configuration, Data and OTP zones be locked |
| 632 | * prior to release into the field of the system containing the device. |
| 633 | * Failure to lock these zones may permit modification of any secret |
| 634 | * keys and may lead to other security problems. |
| 635 | */ |
| 636 | if (cmd->data[LOCK_CONFIG_IDX] || cmd->data[LOCK_VALUE_IDX]) { |
| 637 | dev_err(&client->dev, "Configuration or Data and OTP zones are unlocked!\n"); |
| 638 | ret = -ENOTSUPP; |
| 639 | } |
| 640 | |
| 641 | /* fall through */ |
| 642 | free_cmd: |
| 643 | kfree(cmd); |
| 644 | return ret; |
| 645 | } |
| 646 | |
| 647 | static int atmel_ecc_probe(struct i2c_client *client, |
| 648 | const struct i2c_device_id *id) |
| 649 | { |
| 650 | struct atmel_ecc_i2c_client_priv *i2c_priv; |
| 651 | struct device *dev = &client->dev; |
| 652 | int ret; |
| 653 | u32 bus_clk_rate; |
| 654 | |
| 655 | if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { |
| 656 | dev_err(dev, "I2C_FUNC_I2C not supported\n"); |
| 657 | return -ENODEV; |
| 658 | } |
| 659 | |
Ard Biesheuvel | 3c756aa | 2019-05-24 18:26:47 +0200 | [diff] [blame^] | 660 | clk_rate = i2c_acpi_find_bus_speed(&client->adapter->dev); |
| 661 | if (!clk_rate) { |
| 662 | ret = device_property_read_u32(&client->adapter->dev, |
| 663 | "clock-frequency", &bus_clk_rate); |
| 664 | if (ret) { |
| 665 | dev_err(dev, "failed to read clock-frequency property\n"); |
| 666 | return ret; |
| 667 | } |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 668 | } |
| 669 | |
| 670 | if (bus_clk_rate > 1000000L) { |
| 671 | dev_err(dev, "%d exceeds maximum supported clock frequency (1MHz)\n", |
| 672 | bus_clk_rate); |
| 673 | return -EINVAL; |
| 674 | } |
| 675 | |
| 676 | i2c_priv = devm_kmalloc(dev, sizeof(*i2c_priv), GFP_KERNEL); |
| 677 | if (!i2c_priv) |
| 678 | return -ENOMEM; |
| 679 | |
| 680 | i2c_priv->client = client; |
| 681 | mutex_init(&i2c_priv->lock); |
| 682 | |
| 683 | /* |
| 684 | * WAKE_TOKEN_MAX_SIZE was calculated for the maximum bus_clk_rate - |
| 685 | * 1MHz. The previous bus_clk_rate check ensures us that wake_token_sz |
| 686 | * will always be smaller than or equal to WAKE_TOKEN_MAX_SIZE. |
| 687 | */ |
| 688 | i2c_priv->wake_token_sz = atmel_ecc_wake_token_sz(bus_clk_rate); |
| 689 | |
| 690 | memset(i2c_priv->wake_token, 0, sizeof(i2c_priv->wake_token)); |
| 691 | |
| 692 | atomic_set(&i2c_priv->tfm_count, 0); |
| 693 | |
| 694 | i2c_set_clientdata(client, i2c_priv); |
| 695 | |
| 696 | ret = device_sanity_check(client); |
| 697 | if (ret) |
| 698 | return ret; |
| 699 | |
| 700 | spin_lock(&driver_data.i2c_list_lock); |
| 701 | list_add_tail(&i2c_priv->i2c_client_list_node, |
| 702 | &driver_data.i2c_client_list); |
| 703 | spin_unlock(&driver_data.i2c_list_lock); |
| 704 | |
| 705 | ret = crypto_register_kpp(&atmel_ecdh); |
| 706 | if (ret) { |
| 707 | spin_lock(&driver_data.i2c_list_lock); |
| 708 | list_del(&i2c_priv->i2c_client_list_node); |
| 709 | spin_unlock(&driver_data.i2c_list_lock); |
| 710 | |
| 711 | dev_err(dev, "%s alg registration failed\n", |
| 712 | atmel_ecdh.base.cra_driver_name); |
| 713 | } else { |
| 714 | dev_info(dev, "atmel ecc algorithms registered in /proc/crypto\n"); |
| 715 | } |
| 716 | |
| 717 | return ret; |
| 718 | } |
| 719 | |
| 720 | static int atmel_ecc_remove(struct i2c_client *client) |
| 721 | { |
| 722 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 723 | |
| 724 | /* Return EBUSY if i2c client already allocated. */ |
| 725 | if (atomic_read(&i2c_priv->tfm_count)) { |
| 726 | dev_err(&client->dev, "Device is busy\n"); |
| 727 | return -EBUSY; |
| 728 | } |
| 729 | |
| 730 | crypto_unregister_kpp(&atmel_ecdh); |
| 731 | |
| 732 | spin_lock(&driver_data.i2c_list_lock); |
| 733 | list_del(&i2c_priv->i2c_client_list_node); |
| 734 | spin_unlock(&driver_data.i2c_list_lock); |
| 735 | |
| 736 | return 0; |
| 737 | } |
| 738 | |
| 739 | #ifdef CONFIG_OF |
| 740 | static const struct of_device_id atmel_ecc_dt_ids[] = { |
| 741 | { |
| 742 | .compatible = "atmel,atecc508a", |
| 743 | }, { |
| 744 | /* sentinel */ |
| 745 | } |
| 746 | }; |
| 747 | MODULE_DEVICE_TABLE(of, atmel_ecc_dt_ids); |
| 748 | #endif |
| 749 | |
| 750 | static const struct i2c_device_id atmel_ecc_id[] = { |
| 751 | { "atecc508a", 0 }, |
| 752 | { } |
| 753 | }; |
| 754 | MODULE_DEVICE_TABLE(i2c, atmel_ecc_id); |
| 755 | |
| 756 | static struct i2c_driver atmel_ecc_driver = { |
| 757 | .driver = { |
| 758 | .name = "atmel-ecc", |
| 759 | .of_match_table = of_match_ptr(atmel_ecc_dt_ids), |
| 760 | }, |
| 761 | .probe = atmel_ecc_probe, |
| 762 | .remove = atmel_ecc_remove, |
| 763 | .id_table = atmel_ecc_id, |
| 764 | }; |
| 765 | |
| 766 | static int __init atmel_ecc_init(void) |
| 767 | { |
| 768 | spin_lock_init(&driver_data.i2c_list_lock); |
| 769 | INIT_LIST_HEAD(&driver_data.i2c_client_list); |
| 770 | return i2c_add_driver(&atmel_ecc_driver); |
| 771 | } |
| 772 | |
| 773 | static void __exit atmel_ecc_exit(void) |
| 774 | { |
| 775 | flush_scheduled_work(); |
| 776 | i2c_del_driver(&atmel_ecc_driver); |
| 777 | } |
| 778 | |
| 779 | module_init(atmel_ecc_init); |
| 780 | module_exit(atmel_ecc_exit); |
| 781 | |
| 782 | MODULE_AUTHOR("Tudor Ambarus <tudor.ambarus@microchip.com>"); |
| 783 | MODULE_DESCRIPTION("Microchip / Atmel ECC (I2C) driver"); |
| 784 | MODULE_LICENSE("GPL v2"); |