]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - drivers/crypto/bcm/spu2.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ntb: ntb_test: ensure the link is up before trying to configure the mws
[mirror_ubuntu-artful-kernel.git] / drivers / crypto / bcm / spu2.c
1 /*
2 * Copyright 2016 Broadcom
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License, version 2, as
6 * published by the Free Software Foundation (the "GPL").
7 *
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License version 2 (GPLv2) for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * version 2 (GPLv2) along with this source code.
15 */
16
17 /*
18 * This file works with the SPU2 version of the SPU. SPU2 has different message
19 * formats than the previous version of the SPU. All SPU message format
20 * differences should be hidden in the spux.c,h files.
21 */
22
23 #include <linux/kernel.h>
24 #include <linux/string.h>
25
26 #include "util.h"
27 #include "spu.h"
28 #include "spu2.h"
29
30 #define SPU2_TX_STATUS_LEN 0 /* SPU2 has no STATUS in input packet */
31
32 /*
33 * Controlled by pkt_stat_cnt field in CRYPTO_SS_SPU0_CORE_SPU2_CONTROL0
34 * register. Defaults to 2.
35 */
36 #define SPU2_RX_STATUS_LEN 2
37
38 enum spu2_proto_sel {
39 SPU2_PROTO_RESV = 0,
40 SPU2_MACSEC_SECTAG8_ECB = 1,
41 SPU2_MACSEC_SECTAG8_SCB = 2,
42 SPU2_MACSEC_SECTAG16 = 3,
43 SPU2_MACSEC_SECTAG16_8_XPN = 4,
44 SPU2_IPSEC = 5,
45 SPU2_IPSEC_ESN = 6,
46 SPU2_TLS_CIPHER = 7,
47 SPU2_TLS_AEAD = 8,
48 SPU2_DTLS_CIPHER = 9,
49 SPU2_DTLS_AEAD = 10
50 };
51
52 char *spu2_cipher_type_names[] = { "None", "AES128", "AES192", "AES256",
53 "DES", "3DES"
54 };
55
56 char *spu2_cipher_mode_names[] = { "ECB", "CBC", "CTR", "CFB", "OFB", "XTS",
57 "CCM", "GCM"
58 };
59
60 char *spu2_hash_type_names[] = { "None", "AES128", "AES192", "AES256",
61 "Reserved", "Reserved", "MD5", "SHA1", "SHA224", "SHA256", "SHA384",
62 "SHA512", "SHA512/224", "SHA512/256", "SHA3-224", "SHA3-256",
63 "SHA3-384", "SHA3-512"
64 };
65
66 char *spu2_hash_mode_names[] = { "CMAC", "CBC-MAC", "XCBC-MAC", "HMAC",
67 "Rabin", "CCM", "GCM", "Reserved"
68 };
69
70 static char *spu2_ciph_type_name(enum spu2_cipher_type cipher_type)
71 {
72 if (cipher_type >= SPU2_CIPHER_TYPE_LAST)
73 return "Reserved";
74 return spu2_cipher_type_names[cipher_type];
75 }
76
77 static char *spu2_ciph_mode_name(enum spu2_cipher_mode cipher_mode)
78 {
79 if (cipher_mode >= SPU2_CIPHER_MODE_LAST)
80 return "Reserved";
81 return spu2_cipher_mode_names[cipher_mode];
82 }
83
84 static char *spu2_hash_type_name(enum spu2_hash_type hash_type)
85 {
86 if (hash_type >= SPU2_HASH_TYPE_LAST)
87 return "Reserved";
88 return spu2_hash_type_names[hash_type];
89 }
90
91 static char *spu2_hash_mode_name(enum spu2_hash_mode hash_mode)
92 {
93 if (hash_mode >= SPU2_HASH_MODE_LAST)
94 return "Reserved";
95 return spu2_hash_mode_names[hash_mode];
96 }
97
98 /*
99 * Convert from a software cipher mode value to the corresponding value
100 * for SPU2.
101 */
102 static int spu2_cipher_mode_xlate(enum spu_cipher_mode cipher_mode,
103 enum spu2_cipher_mode *spu2_mode)
104 {
105 switch (cipher_mode) {
106 case CIPHER_MODE_ECB:
107 *spu2_mode = SPU2_CIPHER_MODE_ECB;
108 break;
109 case CIPHER_MODE_CBC:
110 *spu2_mode = SPU2_CIPHER_MODE_CBC;
111 break;
112 case CIPHER_MODE_OFB:
113 *spu2_mode = SPU2_CIPHER_MODE_OFB;
114 break;
115 case CIPHER_MODE_CFB:
116 *spu2_mode = SPU2_CIPHER_MODE_CFB;
117 break;
118 case CIPHER_MODE_CTR:
119 *spu2_mode = SPU2_CIPHER_MODE_CTR;
120 break;
121 case CIPHER_MODE_CCM:
122 *spu2_mode = SPU2_CIPHER_MODE_CCM;
123 break;
124 case CIPHER_MODE_GCM:
125 *spu2_mode = SPU2_CIPHER_MODE_GCM;
126 break;
127 case CIPHER_MODE_XTS:
128 *spu2_mode = SPU2_CIPHER_MODE_XTS;
129 break;
130 default:
131 return -EINVAL;
132 }
133 return 0;
134 }
135
136 /**
137 * spu2_cipher_xlate() - Convert a cipher {alg/mode/type} triple to a SPU2
138 * cipher type and mode.
139 * @cipher_alg: [in] cipher algorithm value from software enumeration
140 * @cipher_mode: [in] cipher mode value from software enumeration
141 * @cipher_type: [in] cipher type value from software enumeration
142 * @spu2_type: [out] cipher type value used by spu2 hardware
143 * @spu2_mode: [out] cipher mode value used by spu2 hardware
144 *
145 * Return: 0 if successful
146 */
147 static int spu2_cipher_xlate(enum spu_cipher_alg cipher_alg,
148 enum spu_cipher_mode cipher_mode,
149 enum spu_cipher_type cipher_type,
150 enum spu2_cipher_type *spu2_type,
151 enum spu2_cipher_mode *spu2_mode)
152 {
153 int err;
154
155 err = spu2_cipher_mode_xlate(cipher_mode, spu2_mode);
156 if (err) {
157 flow_log("Invalid cipher mode %d\n", cipher_mode);
158 return err;
159 }
160
161 switch (cipher_alg) {
162 case CIPHER_ALG_NONE:
163 *spu2_type = SPU2_CIPHER_TYPE_NONE;
164 break;
165 case CIPHER_ALG_RC4:
166 /* SPU2 does not support RC4 */
167 err = -EINVAL;
168 *spu2_type = SPU2_CIPHER_TYPE_NONE;
169 break;
170 case CIPHER_ALG_DES:
171 *spu2_type = SPU2_CIPHER_TYPE_DES;
172 break;
173 case CIPHER_ALG_3DES:
174 *spu2_type = SPU2_CIPHER_TYPE_3DES;
175 break;
176 case CIPHER_ALG_AES:
177 switch (cipher_type) {
178 case CIPHER_TYPE_AES128:
179 *spu2_type = SPU2_CIPHER_TYPE_AES128;
180 break;
181 case CIPHER_TYPE_AES192:
182 *spu2_type = SPU2_CIPHER_TYPE_AES192;
183 break;
184 case CIPHER_TYPE_AES256:
185 *spu2_type = SPU2_CIPHER_TYPE_AES256;
186 break;
187 default:
188 err = -EINVAL;
189 }
190 break;
191 case CIPHER_ALG_LAST:
192 default:
193 err = -EINVAL;
194 break;
195 }
196
197 if (err)
198 flow_log("Invalid cipher alg %d or type %d\n",
199 cipher_alg, cipher_type);
200 return err;
201 }
202
203 /*
204 * Convert from a software hash mode value to the corresponding value
205 * for SPU2. Note that HASH_MODE_NONE and HASH_MODE_XCBC have the same value.
206 */
207 static int spu2_hash_mode_xlate(enum hash_mode hash_mode,
208 enum spu2_hash_mode *spu2_mode)
209 {
210 switch (hash_mode) {
211 case HASH_MODE_XCBC:
212 *spu2_mode = SPU2_HASH_MODE_XCBC_MAC;
213 break;
214 case HASH_MODE_CMAC:
215 *spu2_mode = SPU2_HASH_MODE_CMAC;
216 break;
217 case HASH_MODE_HMAC:
218 *spu2_mode = SPU2_HASH_MODE_HMAC;
219 break;
220 case HASH_MODE_CCM:
221 *spu2_mode = SPU2_HASH_MODE_CCM;
222 break;
223 case HASH_MODE_GCM:
224 *spu2_mode = SPU2_HASH_MODE_GCM;
225 break;
226 default:
227 return -EINVAL;
228 }
229 return 0;
230 }
231
232 /**
233 * spu2_hash_xlate() - Convert a hash {alg/mode/type} triple to a SPU2 hash type
234 * and mode.
235 * @hash_alg: [in] hash algorithm value from software enumeration
236 * @hash_mode: [in] hash mode value from software enumeration
237 * @hash_type: [in] hash type value from software enumeration
238 * @ciph_type: [in] cipher type value from software enumeration
239 * @spu2_type: [out] hash type value used by SPU2 hardware
240 * @spu2_mode: [out] hash mode value used by SPU2 hardware
241 *
242 * Return: 0 if successful
243 */
244 static int
245 spu2_hash_xlate(enum hash_alg hash_alg, enum hash_mode hash_mode,
246 enum hash_type hash_type, enum spu_cipher_type ciph_type,
247 enum spu2_hash_type *spu2_type, enum spu2_hash_mode *spu2_mode)
248 {
249 int err;
250
251 err = spu2_hash_mode_xlate(hash_mode, spu2_mode);
252 if (err) {
253 flow_log("Invalid hash mode %d\n", hash_mode);
254 return err;
255 }
256
257 switch (hash_alg) {
258 case HASH_ALG_NONE:
259 *spu2_type = SPU2_HASH_TYPE_NONE;
260 break;
261 case HASH_ALG_MD5:
262 *spu2_type = SPU2_HASH_TYPE_MD5;
263 break;
264 case HASH_ALG_SHA1:
265 *spu2_type = SPU2_HASH_TYPE_SHA1;
266 break;
267 case HASH_ALG_SHA224:
268 *spu2_type = SPU2_HASH_TYPE_SHA224;
269 break;
270 case HASH_ALG_SHA256:
271 *spu2_type = SPU2_HASH_TYPE_SHA256;
272 break;
273 case HASH_ALG_SHA384:
274 *spu2_type = SPU2_HASH_TYPE_SHA384;
275 break;
276 case HASH_ALG_SHA512:
277 *spu2_type = SPU2_HASH_TYPE_SHA512;
278 break;
279 case HASH_ALG_AES:
280 switch (ciph_type) {
281 case CIPHER_TYPE_AES128:
282 *spu2_type = SPU2_HASH_TYPE_AES128;
283 break;
284 case CIPHER_TYPE_AES192:
285 *spu2_type = SPU2_HASH_TYPE_AES192;
286 break;
287 case CIPHER_TYPE_AES256:
288 *spu2_type = SPU2_HASH_TYPE_AES256;
289 break;
290 default:
291 err = -EINVAL;
292 }
293 break;
294 case HASH_ALG_SHA3_224:
295 *spu2_type = SPU2_HASH_TYPE_SHA3_224;
296 break;
297 case HASH_ALG_SHA3_256:
298 *spu2_type = SPU2_HASH_TYPE_SHA3_256;
299 break;
300 case HASH_ALG_SHA3_384:
301 *spu2_type = SPU2_HASH_TYPE_SHA3_384;
302 break;
303 case HASH_ALG_SHA3_512:
304 *spu2_type = SPU2_HASH_TYPE_SHA3_512;
305 case HASH_ALG_LAST:
306 default:
307 err = -EINVAL;
308 break;
309 }
310
311 if (err)
312 flow_log("Invalid hash alg %d or type %d\n",
313 hash_alg, hash_type);
314 return err;
315 }
316
317 /* Dump FMD ctrl0. The ctrl0 input is in host byte order */
318 static void spu2_dump_fmd_ctrl0(u64 ctrl0)
319 {
320 enum spu2_cipher_type ciph_type;
321 enum spu2_cipher_mode ciph_mode;
322 enum spu2_hash_type hash_type;
323 enum spu2_hash_mode hash_mode;
324 char *ciph_name;
325 char *ciph_mode_name;
326 char *hash_name;
327 char *hash_mode_name;
328 u8 cfb;
329 u8 proto;
330
331 packet_log(" FMD CTRL0 %#16llx\n", ctrl0);
332 if (ctrl0 & SPU2_CIPH_ENCRYPT_EN)
333 packet_log(" encrypt\n");
334 else
335 packet_log(" decrypt\n");
336
337 ciph_type = (ctrl0 & SPU2_CIPH_TYPE) >> SPU2_CIPH_TYPE_SHIFT;
338 ciph_name = spu2_ciph_type_name(ciph_type);
339 packet_log(" Cipher type: %s\n", ciph_name);
340
341 if (ciph_type != SPU2_CIPHER_TYPE_NONE) {
342 ciph_mode = (ctrl0 & SPU2_CIPH_MODE) >> SPU2_CIPH_MODE_SHIFT;
343 ciph_mode_name = spu2_ciph_mode_name(ciph_mode);
344 packet_log(" Cipher mode: %s\n", ciph_mode_name);
345 }
346
347 cfb = (ctrl0 & SPU2_CFB_MASK) >> SPU2_CFB_MASK_SHIFT;
348 packet_log(" CFB %#x\n", cfb);
349
350 proto = (ctrl0 & SPU2_PROTO_SEL) >> SPU2_PROTO_SEL_SHIFT;
351 packet_log(" protocol %#x\n", proto);
352
353 if (ctrl0 & SPU2_HASH_FIRST)
354 packet_log(" hash first\n");
355 else
356 packet_log(" cipher first\n");
357
358 if (ctrl0 & SPU2_CHK_TAG)
359 packet_log(" check tag\n");
360
361 hash_type = (ctrl0 & SPU2_HASH_TYPE) >> SPU2_HASH_TYPE_SHIFT;
362 hash_name = spu2_hash_type_name(hash_type);
363 packet_log(" Hash type: %s\n", hash_name);
364
365 if (hash_type != SPU2_HASH_TYPE_NONE) {
366 hash_mode = (ctrl0 & SPU2_HASH_MODE) >> SPU2_HASH_MODE_SHIFT;
367 hash_mode_name = spu2_hash_mode_name(hash_mode);
368 packet_log(" Hash mode: %s\n", hash_mode_name);
369 }
370
371 if (ctrl0 & SPU2_CIPH_PAD_EN) {
372 packet_log(" Cipher pad: %#2llx\n",
373 (ctrl0 & SPU2_CIPH_PAD) >> SPU2_CIPH_PAD_SHIFT);
374 }
375 }
376
377 /* Dump FMD ctrl1. The ctrl1 input is in host byte order */
378 static void spu2_dump_fmd_ctrl1(u64 ctrl1)
379 {
380 u8 hash_key_len;
381 u8 ciph_key_len;
382 u8 ret_iv_len;
383 u8 iv_offset;
384 u8 iv_len;
385 u8 hash_tag_len;
386 u8 ret_md;
387
388 packet_log(" FMD CTRL1 %#16llx\n", ctrl1);
389 if (ctrl1 & SPU2_TAG_LOC)
390 packet_log(" Tag after payload\n");
391
392 packet_log(" Msg includes ");
393 if (ctrl1 & SPU2_HAS_FR_DATA)
394 packet_log("FD ");
395 if (ctrl1 & SPU2_HAS_AAD1)
396 packet_log("AAD1 ");
397 if (ctrl1 & SPU2_HAS_NAAD)
398 packet_log("NAAD ");
399 if (ctrl1 & SPU2_HAS_AAD2)
400 packet_log("AAD2 ");
401 if (ctrl1 & SPU2_HAS_ESN)
402 packet_log("ESN ");
403 packet_log("\n");
404
405 hash_key_len = (ctrl1 & SPU2_HASH_KEY_LEN) >> SPU2_HASH_KEY_LEN_SHIFT;
406 packet_log(" Hash key len %u\n", hash_key_len);
407
408 ciph_key_len = (ctrl1 & SPU2_CIPH_KEY_LEN) >> SPU2_CIPH_KEY_LEN_SHIFT;
409 packet_log(" Cipher key len %u\n", ciph_key_len);
410
411 if (ctrl1 & SPU2_GENIV)
412 packet_log(" Generate IV\n");
413
414 if (ctrl1 & SPU2_HASH_IV)
415 packet_log(" IV included in hash\n");
416
417 if (ctrl1 & SPU2_RET_IV)
418 packet_log(" Return IV in output before payload\n");
419
420 ret_iv_len = (ctrl1 & SPU2_RET_IV_LEN) >> SPU2_RET_IV_LEN_SHIFT;
421 packet_log(" Length of returned IV %u bytes\n",
422 ret_iv_len ? ret_iv_len : 16);
423
424 iv_offset = (ctrl1 & SPU2_IV_OFFSET) >> SPU2_IV_OFFSET_SHIFT;
425 packet_log(" IV offset %u\n", iv_offset);
426
427 iv_len = (ctrl1 & SPU2_IV_LEN) >> SPU2_IV_LEN_SHIFT;
428 packet_log(" Input IV len %u bytes\n", iv_len);
429
430 hash_tag_len = (ctrl1 & SPU2_HASH_TAG_LEN) >> SPU2_HASH_TAG_LEN_SHIFT;
431 packet_log(" Hash tag length %u bytes\n", hash_tag_len);
432
433 packet_log(" Return ");
434 ret_md = (ctrl1 & SPU2_RETURN_MD) >> SPU2_RETURN_MD_SHIFT;
435 if (ret_md)
436 packet_log("FMD ");
437 if (ret_md == SPU2_RET_FMD_OMD)
438 packet_log("OMD ");
439 else if (ret_md == SPU2_RET_FMD_OMD_IV)
440 packet_log("OMD IV ");
441 if (ctrl1 & SPU2_RETURN_FD)
442 packet_log("FD ");
443 if (ctrl1 & SPU2_RETURN_AAD1)
444 packet_log("AAD1 ");
445 if (ctrl1 & SPU2_RETURN_NAAD)
446 packet_log("NAAD ");
447 if (ctrl1 & SPU2_RETURN_AAD2)
448 packet_log("AAD2 ");
449 if (ctrl1 & SPU2_RETURN_PAY)
450 packet_log("Payload");
451 packet_log("\n");
452 }
453
454 /* Dump FMD ctrl2. The ctrl2 input is in host byte order */
455 static void spu2_dump_fmd_ctrl2(u64 ctrl2)
456 {
457 packet_log(" FMD CTRL2 %#16llx\n", ctrl2);
458
459 packet_log(" AAD1 offset %llu length %llu bytes\n",
460 ctrl2 & SPU2_AAD1_OFFSET,
461 (ctrl2 & SPU2_AAD1_LEN) >> SPU2_AAD1_LEN_SHIFT);
462 packet_log(" AAD2 offset %llu\n",
463 (ctrl2 & SPU2_AAD2_OFFSET) >> SPU2_AAD2_OFFSET_SHIFT);
464 packet_log(" Payload offset %llu\n",
465 (ctrl2 & SPU2_PL_OFFSET) >> SPU2_PL_OFFSET_SHIFT);
466 }
467
468 /* Dump FMD ctrl3. The ctrl3 input is in host byte order */
469 static void spu2_dump_fmd_ctrl3(u64 ctrl3)
470 {
471 packet_log(" FMD CTRL3 %#16llx\n", ctrl3);
472
473 packet_log(" Payload length %llu bytes\n", ctrl3 & SPU2_PL_LEN);
474 packet_log(" TLS length %llu bytes\n",
475 (ctrl3 & SPU2_TLS_LEN) >> SPU2_TLS_LEN_SHIFT);
476 }
477
478 static void spu2_dump_fmd(struct SPU2_FMD *fmd)
479 {
480 spu2_dump_fmd_ctrl0(le64_to_cpu(fmd->ctrl0));
481 spu2_dump_fmd_ctrl1(le64_to_cpu(fmd->ctrl1));
482 spu2_dump_fmd_ctrl2(le64_to_cpu(fmd->ctrl2));
483 spu2_dump_fmd_ctrl3(le64_to_cpu(fmd->ctrl3));
484 }
485
486 static void spu2_dump_omd(u8 *omd, u16 hash_key_len, u16 ciph_key_len,
487 u16 hash_iv_len, u16 ciph_iv_len)
488 {
489 u8 *ptr = omd;
490
491 packet_log(" OMD:\n");
492
493 if (hash_key_len) {
494 packet_log(" Hash Key Length %u bytes\n", hash_key_len);
495 packet_dump(" KEY: ", ptr, hash_key_len);
496 ptr += hash_key_len;
497 }
498
499 if (ciph_key_len) {
500 packet_log(" Cipher Key Length %u bytes\n", ciph_key_len);
501 packet_dump(" KEY: ", ptr, ciph_key_len);
502 ptr += ciph_key_len;
503 }
504
505 if (hash_iv_len) {
506 packet_log(" Hash IV Length %u bytes\n", hash_iv_len);
507 packet_dump(" hash IV: ", ptr, hash_iv_len);
508 ptr += ciph_key_len;
509 }
510
511 if (ciph_iv_len) {
512 packet_log(" Cipher IV Length %u bytes\n", ciph_iv_len);
513 packet_dump(" cipher IV: ", ptr, ciph_iv_len);
514 }
515 }
516
517 /* Dump a SPU2 header for debug */
518 void spu2_dump_msg_hdr(u8 *buf, unsigned int buf_len)
519 {
520 struct SPU2_FMD *fmd = (struct SPU2_FMD *)buf;
521 u8 *omd;
522 u64 ctrl1;
523 u16 hash_key_len;
524 u16 ciph_key_len;
525 u16 hash_iv_len;
526 u16 ciph_iv_len;
527 u16 omd_len;
528
529 packet_log("\n");
530 packet_log("SPU2 message header %p len: %u\n", buf, buf_len);
531
532 spu2_dump_fmd(fmd);
533 omd = (u8 *)(fmd + 1);
534
535 ctrl1 = le64_to_cpu(fmd->ctrl1);
536 hash_key_len = (ctrl1 & SPU2_HASH_KEY_LEN) >> SPU2_HASH_KEY_LEN_SHIFT;
537 ciph_key_len = (ctrl1 & SPU2_CIPH_KEY_LEN) >> SPU2_CIPH_KEY_LEN_SHIFT;
538 hash_iv_len = 0;
539 ciph_iv_len = (ctrl1 & SPU2_IV_LEN) >> SPU2_IV_LEN_SHIFT;
540 spu2_dump_omd(omd, hash_key_len, ciph_key_len, hash_iv_len,
541 ciph_iv_len);
542
543 /* Double check sanity */
544 omd_len = hash_key_len + ciph_key_len + hash_iv_len + ciph_iv_len;
545 if (FMD_SIZE + omd_len != buf_len) {
546 packet_log
547 (" Packet parsed incorrectly. buf_len %u, sum of MD %zu\n",
548 buf_len, FMD_SIZE + omd_len);
549 }
550 packet_log("\n");
551 }
552
553 /**
554 * spu2_fmd_init() - At setkey time, initialize the fixed meta data for
555 * subsequent ablkcipher requests for this context.
556 * @spu2_cipher_type: Cipher algorithm
557 * @spu2_mode: Cipher mode
558 * @cipher_key_len: Length of cipher key, in bytes
559 * @cipher_iv_len: Length of cipher initialization vector, in bytes
560 *
561 * Return: 0 (success)
562 */
563 static int spu2_fmd_init(struct SPU2_FMD *fmd,
564 enum spu2_cipher_type spu2_type,
565 enum spu2_cipher_mode spu2_mode,
566 u32 cipher_key_len, u32 cipher_iv_len)
567 {
568 u64 ctrl0;
569 u64 ctrl1;
570 u64 ctrl2;
571 u64 ctrl3;
572 u32 aad1_offset;
573 u32 aad2_offset;
574 u16 aad1_len = 0;
575 u64 payload_offset;
576
577 ctrl0 = (spu2_type << SPU2_CIPH_TYPE_SHIFT) |
578 (spu2_mode << SPU2_CIPH_MODE_SHIFT);
579
580 ctrl1 = (cipher_key_len << SPU2_CIPH_KEY_LEN_SHIFT) |
581 ((u64)cipher_iv_len << SPU2_IV_LEN_SHIFT) |
582 ((u64)SPU2_RET_FMD_ONLY << SPU2_RETURN_MD_SHIFT) | SPU2_RETURN_PAY;
583
584 /*
585 * AAD1 offset is from start of FD. FD length is always 0 for this
586 * driver. So AAD1_offset is always 0.
587 */
588 aad1_offset = 0;
589 aad2_offset = aad1_offset;
590 payload_offset = 0;
591 ctrl2 = aad1_offset |
592 (aad1_len << SPU2_AAD1_LEN_SHIFT) |
593 (aad2_offset << SPU2_AAD2_OFFSET_SHIFT) |
594 (payload_offset << SPU2_PL_OFFSET_SHIFT);
595
596 ctrl3 = 0;
597
598 fmd->ctrl0 = cpu_to_le64(ctrl0);
599 fmd->ctrl1 = cpu_to_le64(ctrl1);
600 fmd->ctrl2 = cpu_to_le64(ctrl2);
601 fmd->ctrl3 = cpu_to_le64(ctrl3);
602
603 return 0;
604 }
605
606 /**
607 * spu2_fmd_ctrl0_write() - Write ctrl0 field in fixed metadata (FMD) field of
608 * SPU request packet.
609 * @fmd: Start of FMD field to be written
610 * @is_inbound: true if decrypting. false if encrypting.
611 * @authFirst: true if alg authenticates before encrypting
612 * @protocol: protocol selector
613 * @cipher_type: cipher algorithm
614 * @cipher_mode: cipher mode
615 * @auth_type: authentication type
616 * @auth_mode: authentication mode
617 */
618 static void spu2_fmd_ctrl0_write(struct SPU2_FMD *fmd,
619 bool is_inbound, bool auth_first,
620 enum spu2_proto_sel protocol,
621 enum spu2_cipher_type cipher_type,
622 enum spu2_cipher_mode cipher_mode,
623 enum spu2_hash_type auth_type,
624 enum spu2_hash_mode auth_mode)
625 {
626 u64 ctrl0 = 0;
627
628 if ((cipher_type != SPU2_CIPHER_TYPE_NONE) && !is_inbound)
629 ctrl0 |= SPU2_CIPH_ENCRYPT_EN;
630
631 ctrl0 |= ((u64)cipher_type << SPU2_CIPH_TYPE_SHIFT) |
632 ((u64)cipher_mode << SPU2_CIPH_MODE_SHIFT);
633
634 if (protocol)
635 ctrl0 |= (u64)protocol << SPU2_PROTO_SEL_SHIFT;
636
637 if (auth_first)
638 ctrl0 |= SPU2_HASH_FIRST;
639
640 if (is_inbound && (auth_type != SPU2_HASH_TYPE_NONE))
641 ctrl0 |= SPU2_CHK_TAG;
642
643 ctrl0 |= (((u64)auth_type << SPU2_HASH_TYPE_SHIFT) |
644 ((u64)auth_mode << SPU2_HASH_MODE_SHIFT));
645
646 fmd->ctrl0 = cpu_to_le64(ctrl0);
647 }
648
649 /**
650 * spu2_fmd_ctrl1_write() - Write ctrl1 field in fixed metadata (FMD) field of
651 * SPU request packet.
652 * @fmd: Start of FMD field to be written
653 * @assoc_size: Length of additional associated data, in bytes
654 * @auth_key_len: Length of authentication key, in bytes
655 * @cipher_key_len: Length of cipher key, in bytes
656 * @gen_iv: If true, hw generates IV and returns in response
657 * @hash_iv: IV participates in hash. Used for IPSEC and TLS.
658 * @return_iv: Return IV in output packet before payload
659 * @ret_iv_len: Length of IV returned from SPU, in bytes
660 * @ret_iv_offset: Offset into full IV of start of returned IV
661 * @cipher_iv_len: Length of input cipher IV, in bytes
662 * @digest_size: Length of digest (aka, hash tag or ICV), in bytes
663 * @return_payload: Return payload in SPU response
664 * @return_md : return metadata in SPU response
665 *
666 * Packet can have AAD2 w/o AAD1. For algorithms currently supported,
667 * associated data goes in AAD2.
668 */
669 static void spu2_fmd_ctrl1_write(struct SPU2_FMD *fmd, bool is_inbound,
670 u64 assoc_size,
671 u64 auth_key_len, u64 cipher_key_len,
672 bool gen_iv, bool hash_iv, bool return_iv,
673 u64 ret_iv_len, u64 ret_iv_offset,
674 u64 cipher_iv_len, u64 digest_size,
675 bool return_payload, bool return_md)
676 {
677 u64 ctrl1 = 0;
678
679 if (is_inbound && digest_size)
680 ctrl1 |= SPU2_TAG_LOC;
681
682 if (assoc_size) {
683 ctrl1 |= SPU2_HAS_AAD2;
684 ctrl1 |= SPU2_RETURN_AAD2; /* need aad2 for gcm aes esp */
685 }
686
687 if (auth_key_len)
688 ctrl1 |= ((auth_key_len << SPU2_HASH_KEY_LEN_SHIFT) &
689 SPU2_HASH_KEY_LEN);
690
691 if (cipher_key_len)
692 ctrl1 |= ((cipher_key_len << SPU2_CIPH_KEY_LEN_SHIFT) &
693 SPU2_CIPH_KEY_LEN);
694
695 if (gen_iv)
696 ctrl1 |= SPU2_GENIV;
697
698 if (hash_iv)
699 ctrl1 |= SPU2_HASH_IV;
700
701 if (return_iv) {
702 ctrl1 |= SPU2_RET_IV;
703 ctrl1 |= ret_iv_len << SPU2_RET_IV_LEN_SHIFT;
704 ctrl1 |= ret_iv_offset << SPU2_IV_OFFSET_SHIFT;
705 }
706
707 ctrl1 |= ((cipher_iv_len << SPU2_IV_LEN_SHIFT) & SPU2_IV_LEN);
708
709 if (digest_size)
710 ctrl1 |= ((digest_size << SPU2_HASH_TAG_LEN_SHIFT) &
711 SPU2_HASH_TAG_LEN);
712
713 /* Let's ask for the output pkt to include FMD, but don't need to
714 * get keys and IVs back in OMD.
715 */
716 if (return_md)
717 ctrl1 |= ((u64)SPU2_RET_FMD_ONLY << SPU2_RETURN_MD_SHIFT);
718 else
719 ctrl1 |= ((u64)SPU2_RET_NO_MD << SPU2_RETURN_MD_SHIFT);
720
721 /* Crypto API does not get assoc data back. So no need for AAD2. */
722
723 if (return_payload)
724 ctrl1 |= SPU2_RETURN_PAY;
725
726 fmd->ctrl1 = cpu_to_le64(ctrl1);
727 }
728
729 /**
730 * spu2_fmd_ctrl2_write() - Set the ctrl2 field in the fixed metadata field of
731 * SPU2 header.
732 * @fmd: Start of FMD field to be written
733 * @cipher_offset: Number of bytes from Start of Packet (end of FD field) where
734 * data to be encrypted or decrypted begins
735 * @auth_key_len: Length of authentication key, in bytes
736 * @auth_iv_len: Length of authentication initialization vector, in bytes
737 * @cipher_key_len: Length of cipher key, in bytes
738 * @cipher_iv_len: Length of cipher IV, in bytes
739 */
740 static void spu2_fmd_ctrl2_write(struct SPU2_FMD *fmd, u64 cipher_offset,
741 u64 auth_key_len, u64 auth_iv_len,
742 u64 cipher_key_len, u64 cipher_iv_len)
743 {
744 u64 ctrl2;
745 u64 aad1_offset;
746 u64 aad2_offset;
747 u16 aad1_len = 0;
748 u64 payload_offset;
749
750 /* AAD1 offset is from start of FD. FD length always 0. */
751 aad1_offset = 0;
752
753 aad2_offset = aad1_offset;
754 payload_offset = cipher_offset;
755 ctrl2 = aad1_offset |
756 (aad1_len << SPU2_AAD1_LEN_SHIFT) |
757 (aad2_offset << SPU2_AAD2_OFFSET_SHIFT) |
758 (payload_offset << SPU2_PL_OFFSET_SHIFT);
759
760 fmd->ctrl2 = cpu_to_le64(ctrl2);
761 }
762
763 /**
764 * spu2_fmd_ctrl3_write() - Set the ctrl3 field in FMD
765 * @fmd: Fixed meta data. First field in SPU2 msg header.
766 * @payload_len: Length of payload, in bytes
767 */
768 static void spu2_fmd_ctrl3_write(struct SPU2_FMD *fmd, u64 payload_len)
769 {
770 u64 ctrl3;
771
772 ctrl3 = payload_len & SPU2_PL_LEN;
773
774 fmd->ctrl3 = cpu_to_le64(ctrl3);
775 }
776
777 /**
778 * spu2_ctx_max_payload() - Determine the maximum length of the payload for a
779 * SPU message for a given cipher and hash alg context.
780 * @cipher_alg: The cipher algorithm
781 * @cipher_mode: The cipher mode
782 * @blocksize: The size of a block of data for this algo
783 *
784 * For SPU2, the hardware generally ignores the PayloadLen field in ctrl3 of
785 * FMD and just keeps computing until it receives a DMA descriptor with the EOF
786 * flag set. So we consider the max payload to be infinite. AES CCM is an
787 * exception.
788 *
789 * Return: Max payload length in bytes
790 */
791 u32 spu2_ctx_max_payload(enum spu_cipher_alg cipher_alg,
792 enum spu_cipher_mode cipher_mode,
793 unsigned int blocksize)
794 {
795 if ((cipher_alg == CIPHER_ALG_AES) &&
796 (cipher_mode == CIPHER_MODE_CCM)) {
797 u32 excess = SPU2_MAX_PAYLOAD % blocksize;
798
799 return SPU2_MAX_PAYLOAD - excess;
800 } else {
801 return SPU_MAX_PAYLOAD_INF;
802 }
803 }
804
805 /**
806 * spu_payload_length() - Given a SPU2 message header, extract the payload
807 * length.
808 * @spu_hdr: Start of SPU message header (FMD)
809 *
810 * Return: payload length, in bytes
811 */
812 u32 spu2_payload_length(u8 *spu_hdr)
813 {
814 struct SPU2_FMD *fmd = (struct SPU2_FMD *)spu_hdr;
815 u32 pl_len;
816 u64 ctrl3;
817
818 ctrl3 = le64_to_cpu(fmd->ctrl3);
819 pl_len = ctrl3 & SPU2_PL_LEN;
820
821 return pl_len;
822 }
823
824 /**
825 * spu_response_hdr_len() - Determine the expected length of a SPU response
826 * header.
827 * @auth_key_len: Length of authentication key, in bytes
828 * @enc_key_len: Length of encryption key, in bytes
829 *
830 * For SPU2, includes just FMD. OMD is never requested.
831 *
832 * Return: Length of FMD, in bytes
833 */
834 u16 spu2_response_hdr_len(u16 auth_key_len, u16 enc_key_len, bool is_hash)
835 {
836 return FMD_SIZE;
837 }
838
839 /**
840 * spu_hash_pad_len() - Calculate the length of hash padding required to extend
841 * data to a full block size.
842 * @hash_alg: hash algorithm
843 * @hash_mode: hash mode
844 * @chunksize: length of data, in bytes
845 * @hash_block_size: size of a hash block, in bytes
846 *
847 * SPU2 hardware does all hash padding
848 *
849 * Return: length of hash pad in bytes
850 */
851 u16 spu2_hash_pad_len(enum hash_alg hash_alg, enum hash_mode hash_mode,
852 u32 chunksize, u16 hash_block_size)
853 {
854 return 0;
855 }
856
857 /**
858 * spu2_gcm_ccm_padlen() - Determine the length of GCM/CCM padding for either
859 * the AAD field or the data.
860 *
861 * Return: 0. Unlike SPU-M, SPU2 hardware does any GCM/CCM padding required.
862 */
863 u32 spu2_gcm_ccm_pad_len(enum spu_cipher_mode cipher_mode,
864 unsigned int data_size)
865 {
866 return 0;
867 }
868
869 /**
870 * spu_assoc_resp_len() - Determine the size of the AAD2 buffer needed to catch
871 * associated data in a SPU2 output packet.
872 * @cipher_mode: cipher mode
873 * @assoc_len: length of additional associated data, in bytes
874 * @iv_len: length of initialization vector, in bytes
875 * @is_encrypt: true if encrypting. false if decrypt.
876 *
877 * Return: Length of buffer to catch associated data in response
878 */
879 u32 spu2_assoc_resp_len(enum spu_cipher_mode cipher_mode,
880 unsigned int assoc_len, unsigned int iv_len,
881 bool is_encrypt)
882 {
883 u32 resp_len = assoc_len;
884
885 if (is_encrypt)
886 /* gcm aes esp has to write 8-byte IV in response */
887 resp_len += iv_len;
888 return resp_len;
889 }
890
891 /*
892 * spu_aead_ivlen() - Calculate the length of the AEAD IV to be included
893 * in a SPU request after the AAD and before the payload.
894 * @cipher_mode: cipher mode
895 * @iv_ctr_len: initialization vector length in bytes
896 *
897 * For SPU2, AEAD IV is included in OMD and does not need to be repeated
898 * prior to the payload.
899 *
900 * Return: Length of AEAD IV in bytes
901 */
902 u8 spu2_aead_ivlen(enum spu_cipher_mode cipher_mode, u16 iv_len)
903 {
904 return 0;
905 }
906
907 /**
908 * spu2_hash_type() - Determine the type of hash operation.
909 * @src_sent: The number of bytes in the current request that have already
910 * been sent to the SPU to be hashed.
911 *
912 * SPU2 always does a FULL hash operation
913 */
914 enum hash_type spu2_hash_type(u32 src_sent)
915 {
916 return HASH_TYPE_FULL;
917 }
918
919 /**
920 * spu2_digest_size() - Determine the size of a hash digest to expect the SPU to
921 * return.
922 * alg_digest_size: Number of bytes in the final digest for the given algo
923 * alg: The hash algorithm
924 * htype: Type of hash operation (init, update, full, etc)
925 *
926 */
927 u32 spu2_digest_size(u32 alg_digest_size, enum hash_alg alg,
928 enum hash_type htype)
929 {
930 return alg_digest_size;
931 }
932
933 /**
934 * spu_create_request() - Build a SPU2 request message header, includint FMD and
935 * OMD.
936 * @spu_hdr: Start of buffer where SPU request header is to be written
937 * @req_opts: SPU request message options
938 * @cipher_parms: Parameters related to cipher algorithm
939 * @hash_parms: Parameters related to hash algorithm
940 * @aead_parms: Parameters related to AEAD operation
941 * @data_size: Length of data to be encrypted or authenticated. If AEAD, does
942 * not include length of AAD.
943 *
944 * Construct the message starting at spu_hdr. Caller should allocate this buffer
945 * in DMA-able memory at least SPU_HEADER_ALLOC_LEN bytes long.
946 *
947 * Return: the length of the SPU header in bytes. 0 if an error occurs.
948 */
949 u32 spu2_create_request(u8 *spu_hdr,
950 struct spu_request_opts *req_opts,
951 struct spu_cipher_parms *cipher_parms,
952 struct spu_hash_parms *hash_parms,
953 struct spu_aead_parms *aead_parms,
954 unsigned int data_size)
955 {
956 struct SPU2_FMD *fmd;
957 u8 *ptr;
958 unsigned int buf_len;
959 int err;
960 enum spu2_cipher_type spu2_ciph_type = SPU2_CIPHER_TYPE_NONE;
961 enum spu2_cipher_mode spu2_ciph_mode;
962 enum spu2_hash_type spu2_auth_type = SPU2_HASH_TYPE_NONE;
963 enum spu2_hash_mode spu2_auth_mode;
964 bool return_md = true;
965 enum spu2_proto_sel proto = SPU2_PROTO_RESV;
966
967 /* size of the payload */
968 unsigned int payload_len =
969 hash_parms->prebuf_len + data_size + hash_parms->pad_len -
970 ((req_opts->is_aead && req_opts->is_inbound) ?
971 hash_parms->digestsize : 0);
972
973 /* offset of prebuf or data from start of AAD2 */
974 unsigned int cipher_offset = aead_parms->assoc_size +
975 aead_parms->aad_pad_len + aead_parms->iv_len;
976
977 #ifdef DEBUG
978 /* total size of the data following OMD (without STAT word padding) */
979 unsigned int real_db_size = spu_real_db_size(aead_parms->assoc_size,
980 aead_parms->iv_len,
981 hash_parms->prebuf_len,
982 data_size,
983 aead_parms->aad_pad_len,
984 aead_parms->data_pad_len,
985 hash_parms->pad_len);
986 #endif
987 unsigned int assoc_size = aead_parms->assoc_size;
988
989 if (req_opts->is_aead &&
990 (cipher_parms->alg == CIPHER_ALG_AES) &&
991 (cipher_parms->mode == CIPHER_MODE_GCM))
992 /*
993 * On SPU 2, aes gcm cipher first on encrypt, auth first on
994 * decrypt
995 */
996 req_opts->auth_first = req_opts->is_inbound;
997
998 /* and do opposite for ccm (auth 1st on encrypt) */
999 if (req_opts->is_aead &&
1000 (cipher_parms->alg == CIPHER_ALG_AES) &&
1001 (cipher_parms->mode == CIPHER_MODE_CCM))
1002 req_opts->auth_first = !req_opts->is_inbound;
1003
1004 flow_log("%s()\n", __func__);
1005 flow_log(" in:%u authFirst:%u\n",
1006 req_opts->is_inbound, req_opts->auth_first);
1007 flow_log(" cipher alg:%u mode:%u type %u\n", cipher_parms->alg,
1008 cipher_parms->mode, cipher_parms->type);
1009 flow_log(" is_esp: %s\n", req_opts->is_esp ? "yes" : "no");
1010 flow_log(" key: %d\n", cipher_parms->key_len);
1011 flow_dump(" key: ", cipher_parms->key_buf, cipher_parms->key_len);
1012 flow_log(" iv: %d\n", cipher_parms->iv_len);
1013 flow_dump(" iv: ", cipher_parms->iv_buf, cipher_parms->iv_len);
1014 flow_log(" auth alg:%u mode:%u type %u\n",
1015 hash_parms->alg, hash_parms->mode, hash_parms->type);
1016 flow_log(" digestsize: %u\n", hash_parms->digestsize);
1017 flow_log(" authkey: %d\n", hash_parms->key_len);
1018 flow_dump(" authkey: ", hash_parms->key_buf, hash_parms->key_len);
1019 flow_log(" assoc_size:%u\n", assoc_size);
1020 flow_log(" prebuf_len:%u\n", hash_parms->prebuf_len);
1021 flow_log(" data_size:%u\n", data_size);
1022 flow_log(" hash_pad_len:%u\n", hash_parms->pad_len);
1023 flow_log(" real_db_size:%u\n", real_db_size);
1024 flow_log(" cipher_offset:%u payload_len:%u\n",
1025 cipher_offset, payload_len);
1026 flow_log(" aead_iv: %u\n", aead_parms->iv_len);
1027
1028 /* Convert to spu2 values for cipher alg, hash alg */
1029 err = spu2_cipher_xlate(cipher_parms->alg, cipher_parms->mode,
1030 cipher_parms->type,
1031 &spu2_ciph_type, &spu2_ciph_mode);
1032
1033 /* If we are doing GCM hashing only - either via rfc4543 transform
1034 * or because we happen to do GCM with AAD only and no payload - we
1035 * need to configure hardware to use hash key rather than cipher key
1036 * and put data into payload. This is because unlike SPU-M, running
1037 * GCM cipher with 0 size payload is not permitted.
1038 */
1039 if ((req_opts->is_rfc4543) ||
1040 ((spu2_ciph_mode == SPU2_CIPHER_MODE_GCM) &&
1041 (payload_len == 0))) {
1042 /* Use hashing (only) and set up hash key */
1043 spu2_ciph_type = SPU2_CIPHER_TYPE_NONE;
1044 hash_parms->key_len = cipher_parms->key_len;
1045 memcpy(hash_parms->key_buf, cipher_parms->key_buf,
1046 cipher_parms->key_len);
1047 cipher_parms->key_len = 0;
1048
1049 if (req_opts->is_rfc4543)
1050 payload_len += assoc_size;
1051 else
1052 payload_len = assoc_size;
1053 cipher_offset = 0;
1054 assoc_size = 0;
1055 }
1056
1057 if (err)
1058 return 0;
1059
1060 flow_log("spu2 cipher type %s, cipher mode %s\n",
1061 spu2_ciph_type_name(spu2_ciph_type),
1062 spu2_ciph_mode_name(spu2_ciph_mode));
1063
1064 err = spu2_hash_xlate(hash_parms->alg, hash_parms->mode,
1065 hash_parms->type,
1066 cipher_parms->type,
1067 &spu2_auth_type, &spu2_auth_mode);
1068 if (err)
1069 return 0;
1070
1071 flow_log("spu2 hash type %s, hash mode %s\n",
1072 spu2_hash_type_name(spu2_auth_type),
1073 spu2_hash_mode_name(spu2_auth_mode));
1074
1075 fmd = (struct SPU2_FMD *)spu_hdr;
1076
1077 spu2_fmd_ctrl0_write(fmd, req_opts->is_inbound, req_opts->auth_first,
1078 proto, spu2_ciph_type, spu2_ciph_mode,
1079 spu2_auth_type, spu2_auth_mode);
1080
1081 spu2_fmd_ctrl1_write(fmd, req_opts->is_inbound, assoc_size,
1082 hash_parms->key_len, cipher_parms->key_len,
1083 false, false,
1084 aead_parms->return_iv, aead_parms->ret_iv_len,
1085 aead_parms->ret_iv_off,
1086 cipher_parms->iv_len, hash_parms->digestsize,
1087 !req_opts->bd_suppress, return_md);
1088
1089 spu2_fmd_ctrl2_write(fmd, cipher_offset, hash_parms->key_len, 0,
1090 cipher_parms->key_len, cipher_parms->iv_len);
1091
1092 spu2_fmd_ctrl3_write(fmd, payload_len);
1093
1094 ptr = (u8 *)(fmd + 1);
1095 buf_len = sizeof(struct SPU2_FMD);
1096
1097 /* Write OMD */
1098 if (hash_parms->key_len) {
1099 memcpy(ptr, hash_parms->key_buf, hash_parms->key_len);
1100 ptr += hash_parms->key_len;
1101 buf_len += hash_parms->key_len;
1102 }
1103 if (cipher_parms->key_len) {
1104 memcpy(ptr, cipher_parms->key_buf, cipher_parms->key_len);
1105 ptr += cipher_parms->key_len;
1106 buf_len += cipher_parms->key_len;
1107 }
1108 if (cipher_parms->iv_len) {
1109 memcpy(ptr, cipher_parms->iv_buf, cipher_parms->iv_len);
1110 ptr += cipher_parms->iv_len;
1111 buf_len += cipher_parms->iv_len;
1112 }
1113
1114 packet_dump(" SPU request header: ", spu_hdr, buf_len);
1115
1116 return buf_len;
1117 }
1118
1119 /**
1120 * spu_cipher_req_init() - Build an ablkcipher SPU2 request message header,
1121 * including FMD and OMD.
1122 * @spu_hdr: Location of start of SPU request (FMD field)
1123 * @cipher_parms: Parameters describing cipher request
1124 *
1125 * Called at setkey time to initialize a msg header that can be reused for all
1126 * subsequent ablkcipher requests. Construct the message starting at spu_hdr.
1127 * Caller should allocate this buffer in DMA-able memory at least
1128 * SPU_HEADER_ALLOC_LEN bytes long.
1129 *
1130 * Return: the total length of the SPU header (FMD and OMD) in bytes. 0 if an
1131 * error occurs.
1132 */
1133 u16 spu2_cipher_req_init(u8 *spu_hdr, struct spu_cipher_parms *cipher_parms)
1134 {
1135 struct SPU2_FMD *fmd;
1136 u8 *omd;
1137 enum spu2_cipher_type spu2_type = SPU2_CIPHER_TYPE_NONE;
1138 enum spu2_cipher_mode spu2_mode;
1139 int err;
1140
1141 flow_log("%s()\n", __func__);
1142 flow_log(" cipher alg:%u mode:%u type %u\n", cipher_parms->alg,
1143 cipher_parms->mode, cipher_parms->type);
1144 flow_log(" cipher_iv_len: %u\n", cipher_parms->iv_len);
1145 flow_log(" key: %d\n", cipher_parms->key_len);
1146 flow_dump(" key: ", cipher_parms->key_buf, cipher_parms->key_len);
1147
1148 /* Convert to spu2 values */
1149 err = spu2_cipher_xlate(cipher_parms->alg, cipher_parms->mode,
1150 cipher_parms->type, &spu2_type, &spu2_mode);
1151 if (err)
1152 return 0;
1153
1154 flow_log("spu2 cipher type %s, cipher mode %s\n",
1155 spu2_ciph_type_name(spu2_type),
1156 spu2_ciph_mode_name(spu2_mode));
1157
1158 /* Construct the FMD header */
1159 fmd = (struct SPU2_FMD *)spu_hdr;
1160 err = spu2_fmd_init(fmd, spu2_type, spu2_mode, cipher_parms->key_len,
1161 cipher_parms->iv_len);
1162 if (err)
1163 return 0;
1164
1165 /* Write cipher key to OMD */
1166 omd = (u8 *)(fmd + 1);
1167 if (cipher_parms->key_buf && cipher_parms->key_len)
1168 memcpy(omd, cipher_parms->key_buf, cipher_parms->key_len);
1169
1170 packet_dump(" SPU request header: ", spu_hdr,
1171 FMD_SIZE + cipher_parms->key_len + cipher_parms->iv_len);
1172
1173 return FMD_SIZE + cipher_parms->key_len + cipher_parms->iv_len;
1174 }
1175
1176 /**
1177 * spu_cipher_req_finish() - Finish building a SPU request message header for a
1178 * block cipher request.
1179 * @spu_hdr: Start of the request message header (MH field)
1180 * @spu_req_hdr_len: Length in bytes of the SPU request header
1181 * @isInbound: 0 encrypt, 1 decrypt
1182 * @cipher_parms: Parameters describing cipher operation to be performed
1183 * @update_key: If true, rewrite the cipher key in SCTX
1184 * @data_size: Length of the data in the BD field
1185 *
1186 * Assumes much of the header was already filled in at setkey() time in
1187 * spu_cipher_req_init().
1188 * spu_cipher_req_init() fills in the encryption key. For RC4, when submitting a
1189 * request for a non-first chunk, we use the 260-byte SUPDT field from the
1190 * previous response as the key. update_key is true for this case. Unused in all
1191 * other cases.
1192 */
1193 void spu2_cipher_req_finish(u8 *spu_hdr,
1194 u16 spu_req_hdr_len,
1195 unsigned int is_inbound,
1196 struct spu_cipher_parms *cipher_parms,
1197 bool update_key,
1198 unsigned int data_size)
1199 {
1200 struct SPU2_FMD *fmd;
1201 u8 *omd; /* start of optional metadata */
1202 u64 ctrl0;
1203 u64 ctrl3;
1204
1205 flow_log("%s()\n", __func__);
1206 flow_log(" in: %u\n", is_inbound);
1207 flow_log(" cipher alg: %u, cipher_type: %u\n", cipher_parms->alg,
1208 cipher_parms->type);
1209 if (update_key) {
1210 flow_log(" cipher key len: %u\n", cipher_parms->key_len);
1211 flow_dump(" key: ", cipher_parms->key_buf,
1212 cipher_parms->key_len);
1213 }
1214 flow_log(" iv len: %d\n", cipher_parms->iv_len);
1215 flow_dump(" iv: ", cipher_parms->iv_buf, cipher_parms->iv_len);
1216 flow_log(" data_size: %u\n", data_size);
1217
1218 fmd = (struct SPU2_FMD *)spu_hdr;
1219 omd = (u8 *)(fmd + 1);
1220
1221 /*
1222 * FMD ctrl0 was initialized at setkey time. update it to indicate
1223 * whether we are encrypting or decrypting.
1224 */
1225 ctrl0 = le64_to_cpu(fmd->ctrl0);
1226 if (is_inbound)
1227 ctrl0 &= ~SPU2_CIPH_ENCRYPT_EN; /* decrypt */
1228 else
1229 ctrl0 |= SPU2_CIPH_ENCRYPT_EN; /* encrypt */
1230 fmd->ctrl0 = cpu_to_le64(ctrl0);
1231
1232 if (cipher_parms->alg && cipher_parms->iv_buf && cipher_parms->iv_len) {
1233 /* cipher iv provided so put it in here */
1234 memcpy(omd + cipher_parms->key_len, cipher_parms->iv_buf,
1235 cipher_parms->iv_len);
1236 }
1237
1238 ctrl3 = le64_to_cpu(fmd->ctrl3);
1239 data_size &= SPU2_PL_LEN;
1240 ctrl3 |= data_size;
1241 fmd->ctrl3 = cpu_to_le64(ctrl3);
1242
1243 packet_dump(" SPU request header: ", spu_hdr, spu_req_hdr_len);
1244 }
1245
1246 /**
1247 * spu_request_pad() - Create pad bytes at the end of the data.
1248 * @pad_start: Start of buffer where pad bytes are to be written
1249 * @gcm_padding: Length of GCM padding, in bytes
1250 * @hash_pad_len: Number of bytes of padding extend data to full block
1251 * @auth_alg: Authentication algorithm
1252 * @auth_mode: Authentication mode
1253 * @total_sent: Length inserted at end of hash pad
1254 * @status_padding: Number of bytes of padding to align STATUS word
1255 *
1256 * There may be three forms of pad:
1257 * 1. GCM pad - for GCM mode ciphers, pad to 16-byte alignment
1258 * 2. hash pad - pad to a block length, with 0x80 data terminator and
1259 * size at the end
1260 * 3. STAT pad - to ensure the STAT field is 4-byte aligned
1261 */
1262 void spu2_request_pad(u8 *pad_start, u32 gcm_padding, u32 hash_pad_len,
1263 enum hash_alg auth_alg, enum hash_mode auth_mode,
1264 unsigned int total_sent, u32 status_padding)
1265 {
1266 u8 *ptr = pad_start;
1267
1268 /* fix data alignent for GCM */
1269 if (gcm_padding > 0) {
1270 flow_log(" GCM: padding to 16 byte alignment: %u bytes\n",
1271 gcm_padding);
1272 memset(ptr, 0, gcm_padding);
1273 ptr += gcm_padding;
1274 }
1275
1276 if (hash_pad_len > 0) {
1277 /* clear the padding section */
1278 memset(ptr, 0, hash_pad_len);
1279
1280 /* terminate the data */
1281 *ptr = 0x80;
1282 ptr += (hash_pad_len - sizeof(u64));
1283
1284 /* add the size at the end as required per alg */
1285 if (auth_alg == HASH_ALG_MD5)
1286 *(u64 *)ptr = cpu_to_le64((u64)total_sent * 8);
1287 else /* SHA1, SHA2-224, SHA2-256 */
1288 *(u64 *)ptr = cpu_to_be64((u64)total_sent * 8);
1289 ptr += sizeof(u64);
1290 }
1291
1292 /* pad to a 4byte alignment for STAT */
1293 if (status_padding > 0) {
1294 flow_log(" STAT: padding to 4 byte alignment: %u bytes\n",
1295 status_padding);
1296
1297 memset(ptr, 0, status_padding);
1298 ptr += status_padding;
1299 }
1300 }
1301
1302 /**
1303 * spu2_xts_tweak_in_payload() - Indicate that SPU2 does NOT place the XTS
1304 * tweak field in the packet payload (it uses IV instead)
1305 *
1306 * Return: 0
1307 */
1308 u8 spu2_xts_tweak_in_payload(void)
1309 {
1310 return 0;
1311 }
1312
1313 /**
1314 * spu2_tx_status_len() - Return the length of the STATUS field in a SPU
1315 * response message.
1316 *
1317 * Return: Length of STATUS field in bytes.
1318 */
1319 u8 spu2_tx_status_len(void)
1320 {
1321 return SPU2_TX_STATUS_LEN;
1322 }
1323
1324 /**
1325 * spu2_rx_status_len() - Return the length of the STATUS field in a SPU
1326 * response message.
1327 *
1328 * Return: Length of STATUS field in bytes.
1329 */
1330 u8 spu2_rx_status_len(void)
1331 {
1332 return SPU2_RX_STATUS_LEN;
1333 }
1334
1335 /**
1336 * spu_status_process() - Process the status from a SPU response message.
1337 * @statp: start of STATUS word
1338 *
1339 * Return: 0 - if status is good and response should be processed
1340 * !0 - status indicates an error and response is invalid
1341 */
1342 int spu2_status_process(u8 *statp)
1343 {
1344 /* SPU2 status is 2 bytes by default - SPU_RX_STATUS_LEN */
1345 u16 status = le16_to_cpu(*(__le16 *)statp);
1346
1347 if (status == 0)
1348 return 0;
1349
1350 flow_log("rx status is %#x\n", status);
1351 if (status == SPU2_INVALID_ICV)
1352 return SPU_INVALID_ICV;
1353
1354 return -EBADMSG;
1355 }
1356
1357 /**
1358 * spu2_ccm_update_iv() - Update the IV as per the requirements for CCM mode.
1359 *
1360 * @digestsize: Digest size of this request
1361 * @cipher_parms: (pointer to) cipher parmaeters, includes IV buf & IV len
1362 * @assoclen: Length of AAD data
1363 * @chunksize: length of input data to be sent in this req
1364 * @is_encrypt: true if this is an output/encrypt operation
1365 * @is_esp: true if this is an ESP / RFC4309 operation
1366 *
1367 */
1368 void spu2_ccm_update_iv(unsigned int digestsize,
1369 struct spu_cipher_parms *cipher_parms,
1370 unsigned int assoclen, unsigned int chunksize,
1371 bool is_encrypt, bool is_esp)
1372 {
1373 int L; /* size of length field, in bytes */
1374
1375 /*
1376 * In RFC4309 mode, L is fixed at 4 bytes; otherwise, IV from
1377 * testmgr contains (L-1) in bottom 3 bits of first byte,
1378 * per RFC 3610.
1379 */
1380 if (is_esp)
1381 L = CCM_ESP_L_VALUE;
1382 else
1383 L = ((cipher_parms->iv_buf[0] & CCM_B0_L_PRIME) >>
1384 CCM_B0_L_PRIME_SHIFT) + 1;
1385
1386 /* SPU2 doesn't want these length bytes nor the first byte... */
1387 cipher_parms->iv_len -= (1 + L);
1388 memmove(cipher_parms->iv_buf, &cipher_parms->iv_buf[1],
1389 cipher_parms->iv_len);
1390 }
1391
1392 /**
1393 * spu2_wordalign_padlen() - SPU2 does not require padding.
1394 * @data_size: length of data field in bytes
1395 *
1396 * Return: length of status field padding, in bytes (always 0 on SPU2)
1397 */
1398 u32 spu2_wordalign_padlen(u32 data_size)
1399 {
1400 return 0;
1401 }
Ubuntu Artful kernel mirror