Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 1 | /* |
| 2 | * Microchip / Atmel ECC (I2C) driver. |
| 3 | * |
| 4 | * Copyright (c) 2017, Microchip Technology Inc. |
| 5 | * Author: Tudor Ambarus <tudor.ambarus@microchip.com> |
| 6 | * |
| 7 | * This software is licensed under the terms of the GNU General Public |
| 8 | * License version 2, as published by the Free Software Foundation, and |
| 9 | * may be copied, distributed, and modified under those terms. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU General Public License for more details. |
| 15 | * |
| 16 | */ |
| 17 | |
| 18 | #include <linux/bitrev.h> |
| 19 | #include <linux/crc16.h> |
| 20 | #include <linux/delay.h> |
| 21 | #include <linux/device.h> |
| 22 | #include <linux/err.h> |
| 23 | #include <linux/errno.h> |
| 24 | #include <linux/i2c.h> |
| 25 | #include <linux/init.h> |
| 26 | #include <linux/kernel.h> |
| 27 | #include <linux/module.h> |
| 28 | #include <linux/of_device.h> |
| 29 | #include <linux/scatterlist.h> |
| 30 | #include <linux/slab.h> |
| 31 | #include <linux/workqueue.h> |
| 32 | #include <crypto/internal/kpp.h> |
| 33 | #include <crypto/ecdh.h> |
| 34 | #include <crypto/kpp.h> |
| 35 | #include "atmel-ecc.h" |
| 36 | |
| 37 | /* Used for binding tfm objects to i2c clients. */ |
| 38 | struct atmel_ecc_driver_data { |
| 39 | struct list_head i2c_client_list; |
| 40 | spinlock_t i2c_list_lock; |
| 41 | } ____cacheline_aligned; |
| 42 | |
| 43 | static struct atmel_ecc_driver_data driver_data; |
| 44 | |
| 45 | /** |
| 46 | * atmel_ecc_i2c_client_priv - i2c_client private data |
| 47 | * @client : pointer to i2c client device |
| 48 | * @i2c_client_list_node: part of i2c_client_list |
| 49 | * @lock : lock for sending i2c commands |
| 50 | * @wake_token : wake token array of zeros |
| 51 | * @wake_token_sz : size in bytes of the wake_token |
| 52 | * @tfm_count : number of active crypto transformations on i2c client |
| 53 | * |
| 54 | * Reads and writes from/to the i2c client are sequential. The first byte |
| 55 | * transmitted to the device is treated as the byte size. Any attempt to send |
| 56 | * more than this number of bytes will cause the device to not ACK those bytes. |
| 57 | * After the host writes a single command byte to the input buffer, reads are |
| 58 | * prohibited until after the device completes command execution. Use a mutex |
| 59 | * when sending i2c commands. |
| 60 | */ |
| 61 | struct atmel_ecc_i2c_client_priv { |
| 62 | struct i2c_client *client; |
| 63 | struct list_head i2c_client_list_node; |
| 64 | struct mutex lock; |
| 65 | u8 wake_token[WAKE_TOKEN_MAX_SIZE]; |
| 66 | size_t wake_token_sz; |
| 67 | atomic_t tfm_count ____cacheline_aligned; |
| 68 | }; |
| 69 | |
| 70 | /** |
| 71 | * atmel_ecdh_ctx - transformation context |
| 72 | * @client : pointer to i2c client device |
| 73 | * @fallback : used for unsupported curves or when user wants to use its own |
| 74 | * private key. |
| 75 | * @public_key : generated when calling set_secret(). It's the responsibility |
| 76 | * of the user to not call set_secret() while |
| 77 | * generate_public_key() or compute_shared_secret() are in flight. |
| 78 | * @curve_id : elliptic curve id |
| 79 | * @n_sz : size in bytes of the n prime |
| 80 | * @do_fallback: true when the device doesn't support the curve or when the user |
| 81 | * wants to use its own private key. |
| 82 | */ |
| 83 | struct atmel_ecdh_ctx { |
| 84 | struct i2c_client *client; |
| 85 | struct crypto_kpp *fallback; |
| 86 | const u8 *public_key; |
| 87 | unsigned int curve_id; |
| 88 | size_t n_sz; |
| 89 | bool do_fallback; |
| 90 | }; |
| 91 | |
| 92 | /** |
| 93 | * atmel_ecc_work_data - data structure representing the work |
| 94 | * @ctx : transformation context. |
| 95 | * @cbk : pointer to a callback function to be invoked upon completion of this |
| 96 | * request. This has the form: |
| 97 | * callback(struct atmel_ecc_work_data *work_data, void *areq, u8 status) |
| 98 | * where: |
| 99 | * @work_data: data structure representing the work |
| 100 | * @areq : optional pointer to an argument passed with the original |
| 101 | * request. |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 102 | * @status : status returned from the i2c client device or i2c error. |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 103 | * @areq: optional pointer to a user argument for use at callback time. |
| 104 | * @work: describes the task to be executed. |
| 105 | * @cmd : structure used for communicating with the device. |
| 106 | */ |
| 107 | struct atmel_ecc_work_data { |
| 108 | struct atmel_ecdh_ctx *ctx; |
| 109 | void (*cbk)(struct atmel_ecc_work_data *work_data, void *areq, |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 110 | int status); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 111 | void *areq; |
| 112 | struct work_struct work; |
| 113 | struct atmel_ecc_cmd cmd; |
| 114 | }; |
| 115 | |
| 116 | static u16 atmel_ecc_crc16(u16 crc, const u8 *buffer, size_t len) |
| 117 | { |
| 118 | return cpu_to_le16(bitrev16(crc16(crc, buffer, len))); |
| 119 | } |
| 120 | |
| 121 | /** |
| 122 | * atmel_ecc_checksum() - Generate 16-bit CRC as required by ATMEL ECC. |
| 123 | * CRC16 verification of the count, opcode, param1, param2 and data bytes. |
| 124 | * The checksum is saved in little-endian format in the least significant |
| 125 | * two bytes of the command. CRC polynomial is 0x8005 and the initial register |
| 126 | * value should be zero. |
| 127 | * |
| 128 | * @cmd : structure used for communicating with the device. |
| 129 | */ |
| 130 | static void atmel_ecc_checksum(struct atmel_ecc_cmd *cmd) |
| 131 | { |
| 132 | u8 *data = &cmd->count; |
| 133 | size_t len = cmd->count - CRC_SIZE; |
| 134 | u16 *crc16 = (u16 *)(data + len); |
| 135 | |
| 136 | *crc16 = atmel_ecc_crc16(0, data, len); |
| 137 | } |
| 138 | |
| 139 | static void atmel_ecc_init_read_cmd(struct atmel_ecc_cmd *cmd) |
| 140 | { |
| 141 | cmd->word_addr = COMMAND; |
| 142 | cmd->opcode = OPCODE_READ; |
| 143 | /* |
| 144 | * Read the word from Configuration zone that contains the lock bytes |
| 145 | * (UserExtra, Selector, LockValue, LockConfig). |
| 146 | */ |
| 147 | cmd->param1 = CONFIG_ZONE; |
| 148 | cmd->param2 = DEVICE_LOCK_ADDR; |
| 149 | cmd->count = READ_COUNT; |
| 150 | |
| 151 | atmel_ecc_checksum(cmd); |
| 152 | |
| 153 | cmd->msecs = MAX_EXEC_TIME_READ; |
| 154 | cmd->rxsize = READ_RSP_SIZE; |
| 155 | } |
| 156 | |
| 157 | static void atmel_ecc_init_genkey_cmd(struct atmel_ecc_cmd *cmd, u16 keyid) |
| 158 | { |
| 159 | cmd->word_addr = COMMAND; |
| 160 | cmd->count = GENKEY_COUNT; |
| 161 | cmd->opcode = OPCODE_GENKEY; |
| 162 | cmd->param1 = GENKEY_MODE_PRIVATE; |
| 163 | /* a random private key will be generated and stored in slot keyID */ |
| 164 | cmd->param2 = cpu_to_le16(keyid); |
| 165 | |
| 166 | atmel_ecc_checksum(cmd); |
| 167 | |
| 168 | cmd->msecs = MAX_EXEC_TIME_GENKEY; |
| 169 | cmd->rxsize = GENKEY_RSP_SIZE; |
| 170 | } |
| 171 | |
| 172 | static int atmel_ecc_init_ecdh_cmd(struct atmel_ecc_cmd *cmd, |
| 173 | struct scatterlist *pubkey) |
| 174 | { |
| 175 | size_t copied; |
| 176 | |
| 177 | cmd->word_addr = COMMAND; |
| 178 | cmd->count = ECDH_COUNT; |
| 179 | cmd->opcode = OPCODE_ECDH; |
| 180 | cmd->param1 = ECDH_PREFIX_MODE; |
| 181 | /* private key slot */ |
| 182 | cmd->param2 = cpu_to_le16(DATA_SLOT_2); |
| 183 | |
| 184 | /* |
| 185 | * The device only supports NIST P256 ECC keys. The public key size will |
| 186 | * always be the same. Use a macro for the key size to avoid unnecessary |
| 187 | * computations. |
| 188 | */ |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 189 | copied = sg_copy_to_buffer(pubkey, |
| 190 | sg_nents_for_len(pubkey, |
| 191 | ATMEL_ECC_PUBKEY_SIZE), |
| 192 | cmd->data, ATMEL_ECC_PUBKEY_SIZE); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 193 | if (copied != ATMEL_ECC_PUBKEY_SIZE) |
| 194 | return -EINVAL; |
| 195 | |
| 196 | atmel_ecc_checksum(cmd); |
| 197 | |
| 198 | cmd->msecs = MAX_EXEC_TIME_ECDH; |
| 199 | cmd->rxsize = ECDH_RSP_SIZE; |
| 200 | |
| 201 | return 0; |
| 202 | } |
| 203 | |
| 204 | /* |
| 205 | * After wake and after execution of a command, there will be error, status, or |
| 206 | * result bytes in the device's output register that can be retrieved by the |
| 207 | * system. When the length of that group is four bytes, the codes returned are |
| 208 | * detailed in error_list. |
| 209 | */ |
| 210 | static int atmel_ecc_status(struct device *dev, u8 *status) |
| 211 | { |
| 212 | size_t err_list_len = ARRAY_SIZE(error_list); |
| 213 | int i; |
| 214 | u8 err_id = status[1]; |
| 215 | |
| 216 | if (*status != STATUS_SIZE) |
| 217 | return 0; |
| 218 | |
| 219 | if (err_id == STATUS_WAKE_SUCCESSFUL || err_id == STATUS_NOERR) |
| 220 | return 0; |
| 221 | |
| 222 | for (i = 0; i < err_list_len; i++) |
| 223 | if (error_list[i].value == err_id) |
| 224 | break; |
| 225 | |
| 226 | /* if err_id is not in the error_list then ignore it */ |
| 227 | if (i != err_list_len) { |
| 228 | dev_err(dev, "%02x: %s:\n", err_id, error_list[i].error_text); |
| 229 | return err_id; |
| 230 | } |
| 231 | |
| 232 | return 0; |
| 233 | } |
| 234 | |
| 235 | static int atmel_ecc_wakeup(struct i2c_client *client) |
| 236 | { |
| 237 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 238 | u8 status[STATUS_RSP_SIZE]; |
| 239 | int ret; |
| 240 | |
| 241 | /* |
| 242 | * The device ignores any levels or transitions on the SCL pin when the |
| 243 | * device is idle, asleep or during waking up. Don't check for error |
| 244 | * when waking up the device. |
| 245 | */ |
| 246 | i2c_master_send(client, i2c_priv->wake_token, i2c_priv->wake_token_sz); |
| 247 | |
| 248 | /* |
| 249 | * Wait to wake the device. Typical execution times for ecdh and genkey |
| 250 | * are around tens of milliseconds. Delta is chosen to 50 microseconds. |
| 251 | */ |
| 252 | usleep_range(TWHI_MIN, TWHI_MAX); |
| 253 | |
| 254 | ret = i2c_master_recv(client, status, STATUS_SIZE); |
| 255 | if (ret < 0) |
| 256 | return ret; |
| 257 | |
| 258 | return atmel_ecc_status(&client->dev, status); |
| 259 | } |
| 260 | |
| 261 | static int atmel_ecc_sleep(struct i2c_client *client) |
| 262 | { |
| 263 | u8 sleep = SLEEP_TOKEN; |
| 264 | |
| 265 | return i2c_master_send(client, &sleep, 1); |
| 266 | } |
| 267 | |
| 268 | static void atmel_ecdh_done(struct atmel_ecc_work_data *work_data, void *areq, |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 269 | int status) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 270 | { |
| 271 | struct kpp_request *req = areq; |
| 272 | struct atmel_ecdh_ctx *ctx = work_data->ctx; |
| 273 | struct atmel_ecc_cmd *cmd = &work_data->cmd; |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 274 | size_t copied, n_sz; |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 275 | |
| 276 | if (status) |
| 277 | goto free_work_data; |
| 278 | |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 279 | /* might want less than we've got */ |
| 280 | n_sz = min_t(size_t, ctx->n_sz, req->dst_len); |
| 281 | |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 282 | /* copy the shared secret */ |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 283 | copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, n_sz), |
| 284 | &cmd->data[RSP_DATA_IDX], n_sz); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 285 | if (copied != n_sz) |
| 286 | status = -EINVAL; |
| 287 | |
| 288 | /* fall through */ |
| 289 | free_work_data: |
| 290 | kzfree(work_data); |
| 291 | kpp_request_complete(req, status); |
| 292 | } |
| 293 | |
| 294 | /* |
| 295 | * atmel_ecc_send_receive() - send a command to the device and receive its |
| 296 | * response. |
| 297 | * @client: i2c client device |
| 298 | * @cmd : structure used to communicate with the device |
| 299 | * |
| 300 | * After the device receives a Wake token, a watchdog counter starts within the |
| 301 | * device. After the watchdog timer expires, the device enters sleep mode |
| 302 | * regardless of whether some I/O transmission or command execution is in |
| 303 | * progress. If a command is attempted when insufficient time remains prior to |
| 304 | * watchdog timer execution, the device will return the watchdog timeout error |
| 305 | * code without attempting to execute the command. There is no way to reset the |
| 306 | * counter other than to put the device into sleep or idle mode and then |
| 307 | * wake it up again. |
| 308 | */ |
| 309 | static int atmel_ecc_send_receive(struct i2c_client *client, |
| 310 | struct atmel_ecc_cmd *cmd) |
| 311 | { |
| 312 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 313 | int ret; |
| 314 | |
| 315 | mutex_lock(&i2c_priv->lock); |
| 316 | |
| 317 | ret = atmel_ecc_wakeup(client); |
| 318 | if (ret) |
| 319 | goto err; |
| 320 | |
| 321 | /* send the command */ |
| 322 | ret = i2c_master_send(client, (u8 *)cmd, cmd->count + WORD_ADDR_SIZE); |
| 323 | if (ret < 0) |
| 324 | goto err; |
| 325 | |
| 326 | /* delay the appropriate amount of time for command to execute */ |
| 327 | msleep(cmd->msecs); |
| 328 | |
| 329 | /* receive the response */ |
| 330 | ret = i2c_master_recv(client, cmd->data, cmd->rxsize); |
| 331 | if (ret < 0) |
| 332 | goto err; |
| 333 | |
| 334 | /* put the device into low-power mode */ |
| 335 | ret = atmel_ecc_sleep(client); |
| 336 | if (ret < 0) |
| 337 | goto err; |
| 338 | |
| 339 | mutex_unlock(&i2c_priv->lock); |
| 340 | return atmel_ecc_status(&client->dev, cmd->data); |
| 341 | err: |
| 342 | mutex_unlock(&i2c_priv->lock); |
| 343 | return ret; |
| 344 | } |
| 345 | |
| 346 | static void atmel_ecc_work_handler(struct work_struct *work) |
| 347 | { |
| 348 | struct atmel_ecc_work_data *work_data = |
| 349 | container_of(work, struct atmel_ecc_work_data, work); |
| 350 | struct atmel_ecc_cmd *cmd = &work_data->cmd; |
| 351 | struct i2c_client *client = work_data->ctx->client; |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 352 | int status; |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 353 | |
| 354 | status = atmel_ecc_send_receive(client, cmd); |
| 355 | work_data->cbk(work_data, work_data->areq, status); |
| 356 | } |
| 357 | |
| 358 | static void atmel_ecc_enqueue(struct atmel_ecc_work_data *work_data, |
| 359 | void (*cbk)(struct atmel_ecc_work_data *work_data, |
Tudor-Dan Ambarus | 6d2bce6 | 2017-07-20 16:35:49 +0300 | [diff] [blame] | 360 | void *areq, int status), |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 361 | void *areq) |
| 362 | { |
| 363 | work_data->cbk = (void *)cbk; |
| 364 | work_data->areq = areq; |
| 365 | |
| 366 | INIT_WORK(&work_data->work, atmel_ecc_work_handler); |
| 367 | schedule_work(&work_data->work); |
| 368 | } |
| 369 | |
| 370 | static unsigned int atmel_ecdh_supported_curve(unsigned int curve_id) |
| 371 | { |
| 372 | if (curve_id == ECC_CURVE_NIST_P256) |
| 373 | return ATMEL_ECC_NIST_P256_N_SIZE; |
| 374 | |
| 375 | return 0; |
| 376 | } |
| 377 | |
| 378 | /* |
| 379 | * A random private key is generated and stored in the device. The device |
| 380 | * returns the pair public key. |
| 381 | */ |
| 382 | static int atmel_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, |
| 383 | unsigned int len) |
| 384 | { |
| 385 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 386 | struct atmel_ecc_cmd *cmd; |
| 387 | void *public_key; |
| 388 | struct ecdh params; |
| 389 | int ret = -ENOMEM; |
| 390 | |
| 391 | /* free the old public key, if any */ |
| 392 | kfree(ctx->public_key); |
| 393 | /* make sure you don't free the old public key twice */ |
| 394 | ctx->public_key = NULL; |
| 395 | |
| 396 | if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0) { |
| 397 | dev_err(&ctx->client->dev, "crypto_ecdh_decode_key failed\n"); |
| 398 | return -EINVAL; |
| 399 | } |
| 400 | |
| 401 | ctx->n_sz = atmel_ecdh_supported_curve(params.curve_id); |
| 402 | if (!ctx->n_sz || params.key_size) { |
| 403 | /* fallback to ecdh software implementation */ |
| 404 | ctx->do_fallback = true; |
| 405 | return crypto_kpp_set_secret(ctx->fallback, buf, len); |
| 406 | } |
| 407 | |
| 408 | cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); |
| 409 | if (!cmd) |
| 410 | return -ENOMEM; |
| 411 | |
| 412 | /* |
| 413 | * The device only supports NIST P256 ECC keys. The public key size will |
| 414 | * always be the same. Use a macro for the key size to avoid unnecessary |
| 415 | * computations. |
| 416 | */ |
| 417 | public_key = kmalloc(ATMEL_ECC_PUBKEY_SIZE, GFP_KERNEL); |
| 418 | if (!public_key) |
| 419 | goto free_cmd; |
| 420 | |
| 421 | ctx->do_fallback = false; |
| 422 | ctx->curve_id = params.curve_id; |
| 423 | |
| 424 | atmel_ecc_init_genkey_cmd(cmd, DATA_SLOT_2); |
| 425 | |
| 426 | ret = atmel_ecc_send_receive(ctx->client, cmd); |
| 427 | if (ret) |
| 428 | goto free_public_key; |
| 429 | |
| 430 | /* save the public key */ |
| 431 | memcpy(public_key, &cmd->data[RSP_DATA_IDX], ATMEL_ECC_PUBKEY_SIZE); |
| 432 | ctx->public_key = public_key; |
| 433 | |
| 434 | kfree(cmd); |
| 435 | return 0; |
| 436 | |
| 437 | free_public_key: |
| 438 | kfree(public_key); |
| 439 | free_cmd: |
| 440 | kfree(cmd); |
| 441 | return ret; |
| 442 | } |
| 443 | |
| 444 | static int atmel_ecdh_generate_public_key(struct kpp_request *req) |
| 445 | { |
| 446 | struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); |
| 447 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 448 | size_t copied, nbytes; |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 449 | int ret = 0; |
| 450 | |
| 451 | if (ctx->do_fallback) { |
| 452 | kpp_request_set_tfm(req, ctx->fallback); |
| 453 | return crypto_kpp_generate_public_key(req); |
| 454 | } |
| 455 | |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 456 | /* might want less than we've got */ |
| 457 | nbytes = min_t(size_t, ATMEL_ECC_PUBKEY_SIZE, req->dst_len); |
| 458 | |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 459 | /* public key was saved at private key generation */ |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 460 | copied = sg_copy_from_buffer(req->dst, |
| 461 | sg_nents_for_len(req->dst, nbytes), |
| 462 | ctx->public_key, nbytes); |
| 463 | if (copied != nbytes) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 464 | ret = -EINVAL; |
| 465 | |
| 466 | return ret; |
| 467 | } |
| 468 | |
| 469 | static int atmel_ecdh_compute_shared_secret(struct kpp_request *req) |
| 470 | { |
| 471 | struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); |
| 472 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 473 | struct atmel_ecc_work_data *work_data; |
| 474 | gfp_t gfp; |
| 475 | int ret; |
| 476 | |
| 477 | if (ctx->do_fallback) { |
| 478 | kpp_request_set_tfm(req, ctx->fallback); |
| 479 | return crypto_kpp_compute_shared_secret(req); |
| 480 | } |
| 481 | |
Tudor-Dan Ambarus | e9440ff | 2018-06-13 16:29:58 +0300 | [diff] [blame] | 482 | /* must have exactly two points to be on the curve */ |
| 483 | if (req->src_len != ATMEL_ECC_PUBKEY_SIZE) |
| 484 | return -EINVAL; |
| 485 | |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 486 | gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL : |
| 487 | GFP_ATOMIC; |
| 488 | |
| 489 | work_data = kmalloc(sizeof(*work_data), gfp); |
| 490 | if (!work_data) |
| 491 | return -ENOMEM; |
| 492 | |
| 493 | work_data->ctx = ctx; |
| 494 | |
| 495 | ret = atmel_ecc_init_ecdh_cmd(&work_data->cmd, req->src); |
| 496 | if (ret) |
| 497 | goto free_work_data; |
| 498 | |
| 499 | atmel_ecc_enqueue(work_data, atmel_ecdh_done, req); |
| 500 | |
| 501 | return -EINPROGRESS; |
| 502 | |
| 503 | free_work_data: |
| 504 | kfree(work_data); |
| 505 | return ret; |
| 506 | } |
| 507 | |
Colin Ian King | 0138d32 | 2017-07-19 10:24:15 +0100 | [diff] [blame] | 508 | static struct i2c_client *atmel_ecc_i2c_client_alloc(void) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 509 | { |
| 510 | struct atmel_ecc_i2c_client_priv *i2c_priv, *min_i2c_priv = NULL; |
| 511 | struct i2c_client *client = ERR_PTR(-ENODEV); |
| 512 | int min_tfm_cnt = INT_MAX; |
| 513 | int tfm_cnt; |
| 514 | |
| 515 | spin_lock(&driver_data.i2c_list_lock); |
| 516 | |
| 517 | if (list_empty(&driver_data.i2c_client_list)) { |
| 518 | spin_unlock(&driver_data.i2c_list_lock); |
| 519 | return ERR_PTR(-ENODEV); |
| 520 | } |
| 521 | |
| 522 | list_for_each_entry(i2c_priv, &driver_data.i2c_client_list, |
| 523 | i2c_client_list_node) { |
| 524 | tfm_cnt = atomic_read(&i2c_priv->tfm_count); |
| 525 | if (tfm_cnt < min_tfm_cnt) { |
| 526 | min_tfm_cnt = tfm_cnt; |
| 527 | min_i2c_priv = i2c_priv; |
| 528 | } |
| 529 | if (!min_tfm_cnt) |
| 530 | break; |
| 531 | } |
| 532 | |
| 533 | if (min_i2c_priv) { |
| 534 | atomic_inc(&min_i2c_priv->tfm_count); |
| 535 | client = min_i2c_priv->client; |
| 536 | } |
| 537 | |
| 538 | spin_unlock(&driver_data.i2c_list_lock); |
| 539 | |
| 540 | return client; |
| 541 | } |
| 542 | |
Colin Ian King | 0138d32 | 2017-07-19 10:24:15 +0100 | [diff] [blame] | 543 | static void atmel_ecc_i2c_client_free(struct i2c_client *client) |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 544 | { |
| 545 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 546 | |
| 547 | atomic_dec(&i2c_priv->tfm_count); |
| 548 | } |
| 549 | |
| 550 | static int atmel_ecdh_init_tfm(struct crypto_kpp *tfm) |
| 551 | { |
| 552 | const char *alg = kpp_alg_name(tfm); |
| 553 | struct crypto_kpp *fallback; |
| 554 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 555 | |
| 556 | ctx->client = atmel_ecc_i2c_client_alloc(); |
| 557 | if (IS_ERR(ctx->client)) { |
| 558 | pr_err("tfm - i2c_client binding failed\n"); |
| 559 | return PTR_ERR(ctx->client); |
| 560 | } |
| 561 | |
| 562 | fallback = crypto_alloc_kpp(alg, 0, CRYPTO_ALG_NEED_FALLBACK); |
| 563 | if (IS_ERR(fallback)) { |
| 564 | dev_err(&ctx->client->dev, "Failed to allocate transformation for '%s': %ld\n", |
| 565 | alg, PTR_ERR(fallback)); |
| 566 | return PTR_ERR(fallback); |
| 567 | } |
| 568 | |
| 569 | crypto_kpp_set_flags(fallback, crypto_kpp_get_flags(tfm)); |
Tudor-Dan Ambarus | 1110569 | 2017-07-05 13:07:59 +0300 | [diff] [blame] | 570 | ctx->fallback = fallback; |
| 571 | |
| 572 | return 0; |
| 573 | } |
| 574 | |
| 575 | static void atmel_ecdh_exit_tfm(struct crypto_kpp *tfm) |
| 576 | { |
| 577 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 578 | |
| 579 | kfree(ctx->public_key); |
| 580 | crypto_free_kpp(ctx->fallback); |
| 581 | atmel_ecc_i2c_client_free(ctx->client); |
| 582 | } |
| 583 | |
| 584 | static unsigned int atmel_ecdh_max_size(struct crypto_kpp *tfm) |
| 585 | { |
| 586 | struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); |
| 587 | |
| 588 | if (ctx->fallback) |
| 589 | return crypto_kpp_maxsize(ctx->fallback); |
| 590 | |
| 591 | /* |
| 592 | * The device only supports NIST P256 ECC keys. The public key size will |
| 593 | * always be the same. Use a macro for the key size to avoid unnecessary |
| 594 | * computations. |
| 595 | */ |
| 596 | return ATMEL_ECC_PUBKEY_SIZE; |
| 597 | } |
| 598 | |
| 599 | static struct kpp_alg atmel_ecdh = { |
| 600 | .set_secret = atmel_ecdh_set_secret, |
| 601 | .generate_public_key = atmel_ecdh_generate_public_key, |
| 602 | .compute_shared_secret = atmel_ecdh_compute_shared_secret, |
| 603 | .init = atmel_ecdh_init_tfm, |
| 604 | .exit = atmel_ecdh_exit_tfm, |
| 605 | .max_size = atmel_ecdh_max_size, |
| 606 | .base = { |
| 607 | .cra_flags = CRYPTO_ALG_NEED_FALLBACK, |
| 608 | .cra_name = "ecdh", |
| 609 | .cra_driver_name = "atmel-ecdh", |
| 610 | .cra_priority = ATMEL_ECC_PRIORITY, |
| 611 | .cra_module = THIS_MODULE, |
| 612 | .cra_ctxsize = sizeof(struct atmel_ecdh_ctx), |
| 613 | }, |
| 614 | }; |
| 615 | |
| 616 | static inline size_t atmel_ecc_wake_token_sz(u32 bus_clk_rate) |
| 617 | { |
| 618 | u32 no_of_bits = DIV_ROUND_UP(TWLO_USEC * bus_clk_rate, USEC_PER_SEC); |
| 619 | |
| 620 | /* return the size of the wake_token in bytes */ |
| 621 | return DIV_ROUND_UP(no_of_bits, 8); |
| 622 | } |
| 623 | |
| 624 | static int device_sanity_check(struct i2c_client *client) |
| 625 | { |
| 626 | struct atmel_ecc_cmd *cmd; |
| 627 | int ret; |
| 628 | |
| 629 | cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); |
| 630 | if (!cmd) |
| 631 | return -ENOMEM; |
| 632 | |
| 633 | atmel_ecc_init_read_cmd(cmd); |
| 634 | |
| 635 | ret = atmel_ecc_send_receive(client, cmd); |
| 636 | if (ret) |
| 637 | goto free_cmd; |
| 638 | |
| 639 | /* |
| 640 | * It is vital that the Configuration, Data and OTP zones be locked |
| 641 | * prior to release into the field of the system containing the device. |
| 642 | * Failure to lock these zones may permit modification of any secret |
| 643 | * keys and may lead to other security problems. |
| 644 | */ |
| 645 | if (cmd->data[LOCK_CONFIG_IDX] || cmd->data[LOCK_VALUE_IDX]) { |
| 646 | dev_err(&client->dev, "Configuration or Data and OTP zones are unlocked!\n"); |
| 647 | ret = -ENOTSUPP; |
| 648 | } |
| 649 | |
| 650 | /* fall through */ |
| 651 | free_cmd: |
| 652 | kfree(cmd); |
| 653 | return ret; |
| 654 | } |
| 655 | |
| 656 | static int atmel_ecc_probe(struct i2c_client *client, |
| 657 | const struct i2c_device_id *id) |
| 658 | { |
| 659 | struct atmel_ecc_i2c_client_priv *i2c_priv; |
| 660 | struct device *dev = &client->dev; |
| 661 | int ret; |
| 662 | u32 bus_clk_rate; |
| 663 | |
| 664 | if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { |
| 665 | dev_err(dev, "I2C_FUNC_I2C not supported\n"); |
| 666 | return -ENODEV; |
| 667 | } |
| 668 | |
| 669 | ret = of_property_read_u32(client->adapter->dev.of_node, |
| 670 | "clock-frequency", &bus_clk_rate); |
| 671 | if (ret) { |
| 672 | dev_err(dev, "of: failed to read clock-frequency property\n"); |
| 673 | return ret; |
| 674 | } |
| 675 | |
| 676 | if (bus_clk_rate > 1000000L) { |
| 677 | dev_err(dev, "%d exceeds maximum supported clock frequency (1MHz)\n", |
| 678 | bus_clk_rate); |
| 679 | return -EINVAL; |
| 680 | } |
| 681 | |
| 682 | i2c_priv = devm_kmalloc(dev, sizeof(*i2c_priv), GFP_KERNEL); |
| 683 | if (!i2c_priv) |
| 684 | return -ENOMEM; |
| 685 | |
| 686 | i2c_priv->client = client; |
| 687 | mutex_init(&i2c_priv->lock); |
| 688 | |
| 689 | /* |
| 690 | * WAKE_TOKEN_MAX_SIZE was calculated for the maximum bus_clk_rate - |
| 691 | * 1MHz. The previous bus_clk_rate check ensures us that wake_token_sz |
| 692 | * will always be smaller than or equal to WAKE_TOKEN_MAX_SIZE. |
| 693 | */ |
| 694 | i2c_priv->wake_token_sz = atmel_ecc_wake_token_sz(bus_clk_rate); |
| 695 | |
| 696 | memset(i2c_priv->wake_token, 0, sizeof(i2c_priv->wake_token)); |
| 697 | |
| 698 | atomic_set(&i2c_priv->tfm_count, 0); |
| 699 | |
| 700 | i2c_set_clientdata(client, i2c_priv); |
| 701 | |
| 702 | ret = device_sanity_check(client); |
| 703 | if (ret) |
| 704 | return ret; |
| 705 | |
| 706 | spin_lock(&driver_data.i2c_list_lock); |
| 707 | list_add_tail(&i2c_priv->i2c_client_list_node, |
| 708 | &driver_data.i2c_client_list); |
| 709 | spin_unlock(&driver_data.i2c_list_lock); |
| 710 | |
| 711 | ret = crypto_register_kpp(&atmel_ecdh); |
| 712 | if (ret) { |
| 713 | spin_lock(&driver_data.i2c_list_lock); |
| 714 | list_del(&i2c_priv->i2c_client_list_node); |
| 715 | spin_unlock(&driver_data.i2c_list_lock); |
| 716 | |
| 717 | dev_err(dev, "%s alg registration failed\n", |
| 718 | atmel_ecdh.base.cra_driver_name); |
| 719 | } else { |
| 720 | dev_info(dev, "atmel ecc algorithms registered in /proc/crypto\n"); |
| 721 | } |
| 722 | |
| 723 | return ret; |
| 724 | } |
| 725 | |
| 726 | static int atmel_ecc_remove(struct i2c_client *client) |
| 727 | { |
| 728 | struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); |
| 729 | |
| 730 | /* Return EBUSY if i2c client already allocated. */ |
| 731 | if (atomic_read(&i2c_priv->tfm_count)) { |
| 732 | dev_err(&client->dev, "Device is busy\n"); |
| 733 | return -EBUSY; |
| 734 | } |
| 735 | |
| 736 | crypto_unregister_kpp(&atmel_ecdh); |
| 737 | |
| 738 | spin_lock(&driver_data.i2c_list_lock); |
| 739 | list_del(&i2c_priv->i2c_client_list_node); |
| 740 | spin_unlock(&driver_data.i2c_list_lock); |
| 741 | |
| 742 | return 0; |
| 743 | } |
| 744 | |
| 745 | #ifdef CONFIG_OF |
| 746 | static const struct of_device_id atmel_ecc_dt_ids[] = { |
| 747 | { |
| 748 | .compatible = "atmel,atecc508a", |
| 749 | }, { |
| 750 | /* sentinel */ |
| 751 | } |
| 752 | }; |
| 753 | MODULE_DEVICE_TABLE(of, atmel_ecc_dt_ids); |
| 754 | #endif |
| 755 | |
| 756 | static const struct i2c_device_id atmel_ecc_id[] = { |
| 757 | { "atecc508a", 0 }, |
| 758 | { } |
| 759 | }; |
| 760 | MODULE_DEVICE_TABLE(i2c, atmel_ecc_id); |
| 761 | |
| 762 | static struct i2c_driver atmel_ecc_driver = { |
| 763 | .driver = { |
| 764 | .name = "atmel-ecc", |
| 765 | .of_match_table = of_match_ptr(atmel_ecc_dt_ids), |
| 766 | }, |
| 767 | .probe = atmel_ecc_probe, |
| 768 | .remove = atmel_ecc_remove, |
| 769 | .id_table = atmel_ecc_id, |
| 770 | }; |
| 771 | |
| 772 | static int __init atmel_ecc_init(void) |
| 773 | { |
| 774 | spin_lock_init(&driver_data.i2c_list_lock); |
| 775 | INIT_LIST_HEAD(&driver_data.i2c_client_list); |
| 776 | return i2c_add_driver(&atmel_ecc_driver); |
| 777 | } |
| 778 | |
| 779 | static void __exit atmel_ecc_exit(void) |
| 780 | { |
| 781 | flush_scheduled_work(); |
| 782 | i2c_del_driver(&atmel_ecc_driver); |
| 783 | } |
| 784 | |
| 785 | module_init(atmel_ecc_init); |
| 786 | module_exit(atmel_ecc_exit); |
| 787 | |
| 788 | MODULE_AUTHOR("Tudor Ambarus <tudor.ambarus@microchip.com>"); |
| 789 | MODULE_DESCRIPTION("Microchip / Atmel ECC (I2C) driver"); |
| 790 | MODULE_LICENSE("GPL v2"); |