Merge "defconfig: Support for QTI inline encryption"

CONFIG_QCOM_KGSL=m

CONFIG_QCOM_QFPROM=m

CONFIG_INTERCONNECT_TEST=m

CONFIG_SCSI_UFS_CRYPTO_QTI=m

CONFIG_QTI_CRYPTO_COMMON=m

CONFIG_QTI_HW_KEY_MANAGER=m

	  Enabling this makes it possible for the kernel to use the crypto

	  capabilities of the UFS device (if present) to perform crypto

	  operations on data being transferred to/from the device.

config SCSI_UFS_CRYPTO_QTI

	tristate "Vendor specific UFS Crypto Engine Support"

	depends on SCSI_UFS_CRYPTO

	help

	 Enable Vendor Crypto Engine Support in UFS

	 Enabling this allows kernel to use UFS crypto operations defined

	 and implemented by QTI.

ufshcd-qti-core-$(CONFIG_SCSI_UFS_BSG)	+= ufs_bsg.o

ufshcd-core-$(CONFIG_SCSI_UFS_CRYPTO) += ufshcd-crypto.o

ufshcd-qti-core-$(CONFIG_SCSI_UFS_CRYPTO) += ufshcd-crypto.o

ufshcd-core-$(CONFIG_SCSI_UFS_CRYPTO_QTI) += ufshcd-crypto-qti.o

ufshcd-qti-core-$(CONFIG_SCSI_UFS_CRYPTO_QTI) += ufshcd-crypto-qti.o

#include "ufs-qcom.h"

#include "ufshci.h"

#include "ufs_quirks.h"

#include "ufshcd-crypto-qti.h"

#define UFS_QCOM_DEFAULT_DBG_PRINT_EN	\

	(UFS_QCOM_DBG_PRINT_REGS_EN | UFS_QCOM_DBG_PRINT_TEST_BUS_EN)

		goto out_variant_clear;

	}

	/*

	 * Set the vendor specific ops needed for ICE.

	 * Default implementation if the ops are not set.

	 */

	ufshcd_crypto_qti_set_vops(hba);

	err = ufs_qcom_bus_register(host);

	if (err)

		goto out_variant_clear;

// SPDX-License-Identifier: GPL-2.0-only

/*

 * UFS Crypto ops QTI implementation.

 *

 * Copyright (c) 2020, Linux Foundation. All rights reserved.

 */

#include <crypto/algapi.h>

#include <linux/platform_device.h>

#include <linux/crypto-qti-common.h>

#include "ufshcd-crypto-qti.h"

#define MINIMUM_DUN_SIZE 512

#define MAXIMUM_DUN_SIZE 65536

#define NUM_KEYSLOTS(hba) (hba->crypto_capabilities.config_count + 1)

static struct ufs_hba_crypto_variant_ops ufshcd_crypto_qti_variant_ops = {

	.hba_init_crypto = ufshcd_crypto_qti_init_crypto,

	.enable = ufshcd_crypto_qti_enable,

	.disable = ufshcd_crypto_qti_disable,

	.resume = ufshcd_crypto_qti_resume,

	.debug = ufshcd_crypto_qti_debug,

};

static uint8_t get_data_unit_size_mask(unsigned int data_unit_size)

{

	if (data_unit_size < MINIMUM_DUN_SIZE ||

		data_unit_size > MAXIMUM_DUN_SIZE ||

	    !is_power_of_2(data_unit_size))

		return 0;

	return data_unit_size / MINIMUM_DUN_SIZE;

}

static bool ice_cap_idx_valid(struct ufs_hba *hba,

			      unsigned int cap_idx)

{

	return cap_idx < hba->crypto_capabilities.num_crypto_cap;

}

void ufshcd_crypto_qti_enable(struct ufs_hba *hba)

{

	int err = 0;

	if (!ufshcd_hba_is_crypto_supported(hba))

		return;

	err = crypto_qti_enable(hba->crypto_vops->priv);

	if (err) {

		pr_err("%s: Error enabling crypto, err %d\n",

				__func__, err);

		ufshcd_crypto_qti_disable(hba);

	}

	ufshcd_crypto_enable_spec(hba);

}

void ufshcd_crypto_qti_disable(struct ufs_hba *hba)

{

	ufshcd_crypto_disable_spec(hba);

	crypto_qti_disable(hba->crypto_vops->priv);

}

static int ufshcd_crypto_qti_keyslot_program(struct keyslot_manager *ksm,

					     const struct blk_crypto_key *key,

					     unsigned int slot)

{

	struct ufs_hba *hba = keyslot_manager_private(ksm);

	int err = 0;

	u8 data_unit_mask;

	int crypto_alg_id;

	crypto_alg_id = ufshcd_crypto_cap_find(hba, key->crypto_mode,

					       key->data_unit_size);

	if (!ufshcd_is_crypto_enabled(hba) ||

	    !ufshcd_keyslot_valid(hba, slot) ||

	    !ice_cap_idx_valid(hba, crypto_alg_id))

		return -EINVAL;

	data_unit_mask = get_data_unit_size_mask(key->data_unit_size);

	if (!(data_unit_mask &

	      hba->crypto_cap_array[crypto_alg_id].sdus_mask))

		return -EINVAL;

	pm_runtime_get_sync(hba->dev);

	err = ufshcd_hold(hba, false);

	if (err) {

		pr_err("%s: failed to enable clocks, err %d\n", __func__, err);

		return err;

	}

	err = crypto_qti_keyslot_program(hba->crypto_vops->priv, key, slot,

					data_unit_mask, crypto_alg_id);

	if (err) {

		pr_err("%s: failed with error %d\n", __func__, err);

		ufshcd_release(hba);

		pm_runtime_put_sync(hba->dev);

		return err;

	}

	ufshcd_release(hba);

	pm_runtime_put_sync(hba->dev);

	return 0;

}

static int ufshcd_crypto_qti_keyslot_evict(struct keyslot_manager *ksm,

					   const struct blk_crypto_key *key,

					   unsigned int slot)

{

	int err = 0;

	struct ufs_hba *hba = keyslot_manager_private(ksm);

	if (!ufshcd_is_crypto_enabled(hba) ||

	    !ufshcd_keyslot_valid(hba, slot))

		return -EINVAL;

	pm_runtime_get_sync(hba->dev);

	err = ufshcd_hold(hba, false);

	if (err) {

		pr_err("%s: failed to enable clocks, err %d\n", __func__, err);

		return err;

	}

	err = crypto_qti_keyslot_evict(hba->crypto_vops->priv, slot);

	if (err) {

		pr_err("%s: failed with error %d\n",

			__func__, err);

		ufshcd_release(hba);

		pm_runtime_put_sync(hba->dev);

		return err;

	}

	ufshcd_release(hba);

	pm_runtime_put_sync(hba->dev);

	return err;

}

static int ufshcd_crypto_qti_derive_raw_secret(struct keyslot_manager *ksm,

					       const u8 *wrapped_key,

					       unsigned int wrapped_key_size,

					       u8 *secret,

					       unsigned int secret_size)

{

	return crypto_qti_derive_raw_secret(wrapped_key, wrapped_key_size,

			secret, secret_size);

}

static const struct keyslot_mgmt_ll_ops ufshcd_crypto_qti_ksm_ops = {

	.keyslot_program	= ufshcd_crypto_qti_keyslot_program,

	.keyslot_evict		= ufshcd_crypto_qti_keyslot_evict,

	.derive_raw_secret	= ufshcd_crypto_qti_derive_raw_secret,

};

static enum blk_crypto_mode_num ufshcd_blk_crypto_qti_mode_num_for_alg_dusize(

					enum ufs_crypto_alg ufs_crypto_alg,

					enum ufs_crypto_key_size key_size)

{

	/*

	 * This is currently the only mode that UFS and blk-crypto both support.

	 */

	if (ufs_crypto_alg == UFS_CRYPTO_ALG_AES_XTS &&

		key_size == UFS_CRYPTO_KEY_SIZE_256)

		return BLK_ENCRYPTION_MODE_AES_256_XTS;

	return BLK_ENCRYPTION_MODE_INVALID;

}

static int ufshcd_hba_init_crypto_qti_spec(struct ufs_hba *hba,

				    const struct keyslot_mgmt_ll_ops *ksm_ops)

{

	int cap_idx = 0;

	int err = 0;

	unsigned int crypto_modes_supported[BLK_ENCRYPTION_MODE_MAX];

	enum blk_crypto_mode_num blk_mode_num;

	/* Default to disabling crypto */

	hba->caps &= ~UFSHCD_CAP_CRYPTO;

	if (!(hba->capabilities & MASK_CRYPTO_SUPPORT)) {

		err = -ENODEV;

		goto out;

	}

	/*

	 * Crypto Capabilities should never be 0, because the

	 * config_array_ptr > 04h. So we use a 0 value to indicate that

	 * crypto init failed, and can't be enabled.

	 */

	hba->crypto_capabilities.reg_val =

			  cpu_to_le32(ufshcd_readl(hba, REG_UFS_CCAP));

	hba->crypto_cfg_register =

		 (u32)hba->crypto_capabilities.config_array_ptr * 0x100;

	hba->crypto_cap_array =

		 devm_kcalloc(hba->dev,

				hba->crypto_capabilities.num_crypto_cap,

				sizeof(hba->crypto_cap_array[0]),

				GFP_KERNEL);

	if (!hba->crypto_cap_array) {

		err = -ENOMEM;

		goto out;

	}

	memset(crypto_modes_supported, 0, sizeof(crypto_modes_supported));

	/*

	 * Store all the capabilities now so that we don't need to repeatedly

	 * access the device each time we want to know its capabilities

	 */

	for (cap_idx = 0; cap_idx < hba->crypto_capabilities.num_crypto_cap;

	     cap_idx++) {

		hba->crypto_cap_array[cap_idx].reg_val =

				cpu_to_le32(ufshcd_readl(hba,

						REG_UFS_CRYPTOCAP +

						cap_idx * sizeof(__le32)));

		blk_mode_num = ufshcd_blk_crypto_qti_mode_num_for_alg_dusize(

				hba->crypto_cap_array[cap_idx].algorithm_id,

				hba->crypto_cap_array[cap_idx].key_size);

		if (blk_mode_num == BLK_ENCRYPTION_MODE_INVALID)

			continue;

		crypto_modes_supported[blk_mode_num] |=

			hba->crypto_cap_array[cap_idx].sdus_mask * 512;

	}

	hba->ksm = keyslot_manager_create(ufshcd_num_keyslots(hba), ksm_ops,

					crypto_modes_supported, hba);

	if (!hba->ksm) {

		err = -ENOMEM;

		goto out;

	}

	pr_debug("%s: keyslot manager created\n", __func__);

	return 0;

out:

	/* Indicate that init failed by setting crypto_capabilities to 0 */

	hba->crypto_capabilities.reg_val = 0;

	return err;

}

int ufshcd_crypto_qti_init_crypto(struct ufs_hba *hba,

				  const struct keyslot_mgmt_ll_ops *ksm_ops)

{

	int err = 0;

	struct platform_device *pdev = to_platform_device(hba->dev);

	void __iomem *mmio_base;

	struct resource *mem_res;

	mem_res = platform_get_resource_byname(pdev, IORESOURCE_MEM,

								"ufs_ice");

	mmio_base = devm_ioremap_resource(hba->dev, mem_res);

	if (IS_ERR(mmio_base)) {

		pr_err("%s: Unable to get ufs_crypto mmio base\n", __func__);

		return PTR_ERR(mmio_base);

	}

	err = ufshcd_hba_init_crypto_qti_spec(hba, &ufshcd_crypto_qti_ksm_ops);

	if (err) {

		pr_err("%s: Error initiating crypto capabilities, err %d\n",

					__func__, err);

		return err;

	}

	err = crypto_qti_init_crypto(hba->dev,

			mmio_base, (void **)&hba->crypto_vops->priv);

	if (err) {

		pr_err("%s: Error initiating crypto, err %d\n",

					__func__, err);

	}

	return err;

}

int ufshcd_crypto_qti_debug(struct ufs_hba *hba)

{

	return crypto_qti_debug(hba->crypto_vops->priv);

}

void ufshcd_crypto_qti_set_vops(struct ufs_hba *hba)

{

	return ufshcd_crypto_set_vops(hba, &ufshcd_crypto_qti_variant_ops);

}

int ufshcd_crypto_qti_resume(struct ufs_hba *hba,

			     enum ufs_pm_op pm_op)

{

	return crypto_qti_resume(hba->crypto_vops->priv);

}

MODULE_LICENSE("GPL v2");

MODULE_DESCRIPTION("UFS Crypto ops QTI implementation");