[U-Boot] [PATCH 2/2] crypto: add Atmel hardware acceleration for SHA1 & 256

Ben Whitten ben.whitten at gmail.com
Thu May 24 13:43:25 UTC 2018


We can use the hardware hash block to reduce space, particularly useful
for verifying FIT signatures from SPL.

Signed-off-by: Ben Whitten <ben.whitten at lairdtech.com>
---
 drivers/crypto/Kconfig     |   5 +
 drivers/crypto/Makefile    |   1 +
 drivers/crypto/atmel_sha.c | 289 +++++++++++++++++++++++++++++++++++++++++++++
 drivers/crypto/atmel_sha.h |  52 ++++++++
 lib/Makefile               |   2 +
 5 files changed, 349 insertions(+)
 create mode 100644 drivers/crypto/atmel_sha.c
 create mode 100644 drivers/crypto/atmel_sha.h

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 1ea116b..7a20edb 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -2,4 +2,9 @@ menu "Hardware crypto devices"
 
 source drivers/crypto/fsl/Kconfig
 
+config ATMEL_SHA
+	bool "Atmel SHA Driver support"
+	help
+	  Enables the Atmel SHA accelerator.
+
 endmenu
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index efbd1d3..07af449 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -4,5 +4,6 @@
 # 	http://www.samsung.com
 
 obj-$(CONFIG_EXYNOS_ACE_SHA)	+= ace_sha.o
+obj-$(CONFIG_ATMEL_SHA)	+= atmel_sha.o
 obj-y += rsa_mod_exp/
 obj-y += fsl/
diff --git a/drivers/crypto/atmel_sha.c b/drivers/crypto/atmel_sha.c
new file mode 100644
index 0000000..ef969eb
--- /dev/null
+++ b/drivers/crypto/atmel_sha.c
@@ -0,0 +1,289 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Atmel SHA engine
+ * Copyright (c) 2018  Laird
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include "atmel_sha.h"
+
+#ifdef CONFIG_SHA_HW_ACCEL
+#include <u-boot/sha256.h>
+#include <u-boot/sha1.h>
+#include <hw_sha.h>
+
+#include <asm/io.h>
+#include <asm/arch/clk.h>
+#include <asm/arch/at91_pmc.h>
+
+enum atmel_hash_algos {
+	ATMEL_HASH_SHA1,
+	ATMEL_HASH_SHA256
+};
+
+struct sha_ctx {
+	enum atmel_hash_algos algo;
+	u32		length;
+	u8 		buffer[64];
+};
+
+const u8 sha256_der_prefix[SHA256_DER_LEN] = {
+	0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+	0x00, 0x04, 0x20
+};
+
+const u8 sha1_der_prefix[SHA1_DER_LEN] = {
+	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
+	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
+};
+
+static enum atmel_hash_algos get_hash_type(struct hash_algo *algo)
+{
+	if (!strcmp(algo->name, "sha1"))
+		return ATMEL_HASH_SHA1;
+	else
+		return ATMEL_HASH_SHA256;
+};
+
+static int atmel_sha_process(const u8 *in_addr, u8 buflen)
+{
+	struct atmel_sha *sha = (struct atmel_sha *)ATMEL_BASE_SHA;
+	int i;
+	u32 *addr_buf;
+
+	/* Copy data in */
+	addr_buf = (u32 *)in_addr;
+	for (i = 0; i < (buflen / 4); i++)
+		sha->idatarx[i] = addr_buf[i];
+	debug("Atmel sha, engine is loaded\n");
+
+	/* Wait for hash to complete */
+	while ((readl(&sha->isr) & ATMEL_HASH_ISR_MASK)
+			!= ATMEL_HASH_ISR_DATRDY)
+		;
+	debug("Atmel sha, engine signaled completion\n");
+
+	return 0;
+}
+
+static int atmel_sha_chunk(struct sha_ctx *ctx, const u8 *buf, unsigned int size)
+{
+	u8 remaining, fill;
+
+	/* Chunk to 64 byte blocks */
+	remaining = ctx->length & 0x3F;
+	fill = 64 - remaining;
+
+	/* If we have things in the buffer transfer the remaining into it */
+	if (remaining && size >= fill) {
+		memcpy(ctx->buffer + remaining, buf, fill);
+
+		/* Process 64 byte chunk */
+		atmel_sha_process(ctx->buffer, 64);
+
+		size -= fill;
+		buf += fill;
+		ctx->length += fill;
+		remaining = 0;
+	}
+
+	/* We are aligned take from source for any additional */
+	while (size >= 64) {
+		/* Process 64 byte chunk */
+		atmel_sha_process(buf, 64);
+
+		size -= 64;
+		buf += 64;
+		ctx->length += 64;
+	}
+
+	if (size) {
+		memcpy(ctx->buffer + remaining, buf, size);
+		ctx->length += size;
+	}
+
+	return 0;
+}
+
+static int atmel_sha_fill_padding(struct sha_ctx *ctx)
+{
+	unsigned int index, padlen;
+	u64 size, bits;
+	u8 sha256_padding[64] = {
+	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+	};
+
+	size = ctx->length;
+
+	bits = cpu_to_be64(size << 3);
+
+	/* 64 byte, 512 bit block size */
+	index = ctx->length & 0x3F;
+	padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
+
+	/* set last entry to be 0x80 then 0's*/
+	atmel_sha_chunk(ctx, sha256_padding, padlen);
+	/* Bolt number of bits to the end */
+	atmel_sha_chunk(ctx, (u8 *)&bits, 8);
+
+	if (ctx->length & 0x3F)
+		debug("ERROR, Remainder after PADDING");
+
+	return 0;
+}
+
+/**
+ * Computes hash value of input pbuf using h/w acceleration
+ *
+ * @param in_addr	A pointer to the input buffer
+ * @param buflen	Byte length of input buffer
+ * @param out_addr	A pointer to the output buffer. When complete
+ *			32 bytes are copied to pout[0]...pout[31]. Thus, a user
+ *			should allocate at least 32 bytes at pOut in advance.
+ * @param chunk_size	chunk size for sha256
+ */
+void hw_sha256(const uchar *in_addr, uint buflen,
+			uchar *out_addr, uint chunk_size)
+{
+	struct hash_algo *algo;
+	struct sha_ctx *ctx;
+
+	hash_lookup_algo("sha256", &algo);
+	hw_sha_init(algo, (void *)&ctx);
+	atmel_sha_chunk((void *)ctx, in_addr, buflen);
+	atmel_sha_fill_padding(ctx);
+	hw_sha_finish(algo, (void *)ctx, out_addr, buflen);
+}
+
+/**
+ * Computes hash value of input pbuf using h/w acceleration
+ *
+ * @param in_addr	A pointer to the input buffer
+ * @param buflen	Byte length of input buffer
+ * @param out_addr	A pointer to the output buffer. When complete
+ *			32 bytes are copied to pout[0]...pout[31]. Thus, a user
+ *			should allocate at least 32 bytes at pOut in advance.
+ * @param chunk_size	chunk_size for sha1
+ */
+void hw_sha1(const uchar *in_addr, uint buflen,
+			uchar *out_addr, uint chunk_size)
+{
+	struct hash_algo *algo;
+	struct sha_ctx *ctx;
+
+	hash_lookup_algo("sha1", &algo);
+	hw_sha_init(algo, (void *)&ctx);
+	atmel_sha_chunk((void *)ctx, in_addr, buflen);
+	atmel_sha_fill_padding(ctx);
+	hw_sha_finish(algo, (void *)ctx, out_addr, buflen);
+}
+
+/*
+ * Create the context for sha progressive hashing using h/w acceleration
+ *
+ * @algo: Pointer to the hash_algo struct
+ * @ctxp: Pointer to the pointer of the context for hashing
+ * @return 0 if ok, -ve on error
+ */
+int hw_sha_init(struct hash_algo *algo, void **ctxp)
+{
+	struct atmel_sha *sha = (struct atmel_sha *)ATMEL_BASE_SHA;
+	struct sha_ctx *ctx;
+	u32 reg;
+
+	ctx = malloc(sizeof(struct sha_ctx));
+	if (!ctx) {
+		debug("Failed to allocate context\n");
+		return -ENOMEM;
+	}
+	*ctxp = ctx;
+
+	ctx->algo = get_hash_type(algo);
+	ctx->length = 0;
+
+	debug("Atmel sha init\n");
+	at91_periph_clk_enable(ATMEL_ID_SHA);
+
+	/* Reset the SHA engine */
+	writel(ATMEL_HASH_CR_SWRST, &sha->cr);
+
+	/* Set AUTO mode and fastest operation */
+	reg = ATMEL_HASH_MR_SMOD_AUTO | ATMEL_HASH_MR_PROCDLY_SHORT;
+	if (ctx->algo == ATMEL_HASH_SHA1)
+		reg |= ATMEL_HASH_MR_ALGO_SHA1;
+	else
+		reg |= ATMEL_HASH_MR_ALGO_SHA256;
+	writel(reg, &sha->mr);
+
+	/* Set ready to receive first */
+	writel(ATMEL_HASH_CR_FIRST, &sha->cr);
+
+	/* Ready to roll */
+	return 0;
+}
+
+/*
+ * Update buffer for sha progressive hashing using h/w acceleration
+ *
+ * The context is freed by this function if an error occurs.
+ *
+ * @algo: Pointer to the hash_algo struct
+ * @ctx: Pointer to the context for hashing
+ * @buf: Pointer to the buffer being hashed
+ * @size: Size of the buffer being hashed
+ * @is_last: 1 if this is the last update; 0 otherwise
+ * @return 0 if ok, -ve on error
+ */
+int hw_sha_update(struct hash_algo *algo, void *ctx, const void *buf,
+		     unsigned int size, int is_last)
+{
+	struct sha_ctx *sha_ctx = ctx;
+
+	debug("Atmel sha update: %d bytes\n", size);
+
+	/* Send down in chunks */
+	atmel_sha_chunk(sha_ctx, buf, size);
+
+	if (is_last)
+		atmel_sha_fill_padding(sha_ctx);
+
+	return 0;
+}
+
+/*
+ * Copy sha hash result at destination location
+ *
+ * The context is freed after completion of hash operation or after an error.
+ *
+ * @algo: Pointer to the hash_algo struct
+ * @ctx: Pointer to the context for hashing
+ * @dest_buf: Pointer to the destination buffer where hash is to be copied
+ * @size: Size of the buffer being hashed
+ * @return 0 if ok, -ve on error
+ */
+int hw_sha_finish(struct hash_algo *algo, void *ctx, void *dest_buf,
+		     int size)
+{
+	struct atmel_sha *sha = (struct atmel_sha *)ATMEL_BASE_SHA;
+	struct sha_ctx *sha_ctx = ctx;
+	unsigned int len, i;
+	u32 *addr_buf;
+
+	/* Copy data back */
+	len = (sha_ctx->algo == ATMEL_HASH_SHA1) ?
+		SHA1_SUM_LEN : SHA256_SUM_LEN;
+	addr_buf = (u32 *)dest_buf;
+	for (i = 0; i < (len / 4); i++)
+		addr_buf[i] = sha->iodatarx[i];
+
+	free(ctx);
+
+	return 0;
+}
+
+#endif /* CONFIG_SHA_HW_ACCEL */
diff --git a/drivers/crypto/atmel_sha.h b/drivers/crypto/atmel_sha.h
new file mode 100644
index 0000000..68ed988
--- /dev/null
+++ b/drivers/crypto/atmel_sha.h
@@ -0,0 +1,52 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Header file for Atmel SHA engine - SFR definitions
+ *
+ * Copyright (c) 2018 Laird
+ */
+
+#ifndef __DRIVERS_ATMEL_SHA_H__
+#define __DRIVERS_ATMEL_SHA_H__
+
+/* SHA register footprint */
+
+struct atmel_sha {
+	u32 cr;
+	u32 mr;
+	u32 reserved0[2];
+	u32 ier;
+	u32 idr;
+	u32 imr;
+	u32 isr;
+	u32 reserved1[8];
+	u32 idatarx[16];
+	u32 iodatarx[16];
+	u32 reserved2[16];
+};
+
+/* CR */
+#define	ATMEL_HASH_CR_MASK 		(0xffff << 0)
+#define ATMEL_HASH_CR_START		(1 << 0)
+#define ATMEL_HASH_CR_FIRST		(1 << 4)
+#define ATMEL_HASH_CR_SWRST		(1 << 8)
+
+/* MR */
+#define	ATMEL_HASH_MR_MASK 			(0xffff << 0)
+#define ATMEL_HASH_MR_SMOD_MANUAL	(0 << 0)
+#define ATMEL_HASH_MR_SMOD_AUTO		(1 << 0)
+#define ATMEL_HASH_MR_SMOD_IDATAR0	(2 << 0)
+#define ATMEL_HASH_MR_PROCDLY_SHORT	(0 << 4)
+#define ATMEL_HASH_MR_PROCDLY_LONG	(1 << 4)
+#define ATMEL_HASH_MR_ALGO_SHA1		(0 << 8)
+#define ATMEL_HASH_MR_ALGO_SHA256	(1 << 8)
+#define ATMEL_HASH_MR_ALGO_SHA384	(2 << 8)
+#define ATMEL_HASH_MR_ALGO_SHA512	(3 << 8)
+#define ATMEL_HASH_MR_ALGO_SHA224	(4 << 8)
+#define ATMEL_HASH_MR_DUALBUFF_INACTIVE (0 << 16)
+#define ATMEL_HASH_MR_DUALBUFF_ACTIVE	(1 << 16)
+
+/* ISR */
+#define ATMEL_HASH_ISR_MASK 		(1 << 0)
+#define ATMEL_HASH_ISR_DATRDY 		(1 << 0)
+
+#endif /* __DRIVERS_ATMEL_SHA_H__ */
diff --git a/lib/Makefile b/lib/Makefile
index d531ea5..ff0ad2f 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -46,8 +46,10 @@ obj-y += list_sort.o
 endif
 
 obj-$(CONFIG_RSA) += rsa/
+ifneq ($(CONFIG_SHA_PROG_HW_ACCEL),y)
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
+endif
 
 obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
 obj-$(CONFIG_$(SPL_)GZIP) += gunzip.o
-- 
2.7.4



More information about the U-Boot mailing list