2 * Copyright (C) 2012-2017 ARM Limited or its affiliates.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 /**************************************************************
18 This file defines the driver FIPS Low Level implmentaion functions,
19 that executes the KAT.
20 ***************************************************************/
21 #include <linux/kernel.h>
23 #include "ssi_driver.h"
24 #include "ssi_fips_local.h"
25 #include "ssi_fips_data.h"
26 #include "cc_crypto_ctx.h"
28 #include "ssi_request_mgr.h"
31 static const u32 digest_len_init
[] = {
32 0x00000040, 0x00000000, 0x00000000, 0x00000000 };
33 static const u32 sha1_init
[] = {
34 SHA1_H4
, SHA1_H3
, SHA1_H2
, SHA1_H1
, SHA1_H0
};
35 static const u32 sha256_init
[] = {
36 SHA256_H7
, SHA256_H6
, SHA256_H5
, SHA256_H4
,
37 SHA256_H3
, SHA256_H2
, SHA256_H1
, SHA256_H0
};
38 #if (CC_SUPPORT_SHA > 256)
39 static const u32 digest_len_sha512_init
[] = {
40 0x00000080, 0x00000000, 0x00000000, 0x00000000 };
41 static const u64 sha512_init
[] = {
42 SHA512_H7
, SHA512_H6
, SHA512_H5
, SHA512_H4
,
43 SHA512_H3
, SHA512_H2
, SHA512_H1
, SHA512_H0
};
47 #define NIST_CIPHER_AES_MAX_VECTOR_SIZE 32
49 struct fips_cipher_ctx
{
50 u8 iv
[CC_AES_IV_SIZE
];
51 u8 key
[AES_512_BIT_KEY_SIZE
];
52 u8 din
[NIST_CIPHER_AES_MAX_VECTOR_SIZE
];
53 u8 dout
[NIST_CIPHER_AES_MAX_VECTOR_SIZE
];
56 typedef struct _FipsCipherData
{
58 u8 key
[AES_512_BIT_KEY_SIZE
];
60 u8 iv
[CC_AES_IV_SIZE
];
61 enum drv_crypto_direction direction
;
62 enum drv_cipher_mode oprMode
;
63 u8 dataIn
[NIST_CIPHER_AES_MAX_VECTOR_SIZE
];
64 u8 dataOut
[NIST_CIPHER_AES_MAX_VECTOR_SIZE
];
69 struct fips_cmac_ctx
{
70 u8 key
[AES_256_BIT_KEY_SIZE
];
71 u8 din
[NIST_CIPHER_AES_MAX_VECTOR_SIZE
];
72 u8 mac_res
[CC_DIGEST_SIZE_MAX
];
75 typedef struct _FipsCmacData
{
76 enum drv_crypto_direction direction
;
77 u8 key
[AES_256_BIT_KEY_SIZE
];
79 u8 data_in
[NIST_CIPHER_AES_MAX_VECTOR_SIZE
];
81 u8 mac_res
[CC_DIGEST_SIZE_MAX
];
86 struct fips_hash_ctx
{
87 u8 initial_digest
[CC_DIGEST_SIZE_MAX
];
88 u8 din
[NIST_SHA_MSG_SIZE
];
89 u8 mac_res
[CC_DIGEST_SIZE_MAX
];
92 typedef struct _FipsHashData
{
93 enum drv_hash_mode hash_mode
;
94 u8 data_in
[NIST_SHA_MSG_SIZE
];
96 u8 mac_res
[CC_DIGEST_SIZE_MAX
];
100 /* note that the hmac key length must be equal or less than block size (block size is 64 up to sha256 and 128 for sha384/512) */
101 struct fips_hmac_ctx
{
102 u8 initial_digest
[CC_DIGEST_SIZE_MAX
];
103 u8 key
[CC_HMAC_BLOCK_SIZE_MAX
];
104 u8 k0
[CC_HMAC_BLOCK_SIZE_MAX
];
105 u8 digest_bytes_len
[HASH_LEN_SIZE
];
106 u8 tmp_digest
[CC_DIGEST_SIZE_MAX
];
107 u8 din
[NIST_HMAC_MSG_SIZE
];
108 u8 mac_res
[CC_DIGEST_SIZE_MAX
];
111 typedef struct _FipsHmacData
{
112 enum drv_hash_mode hash_mode
;
113 u8 key
[CC_HMAC_BLOCK_SIZE_MAX
];
115 u8 data_in
[NIST_HMAC_MSG_SIZE
];
117 u8 mac_res
[CC_DIGEST_SIZE_MAX
];
121 #define FIPS_CCM_B0_A0_ADATA_SIZE (NIST_AESCCM_IV_SIZE + NIST_AESCCM_IV_SIZE + NIST_AESCCM_ADATA_SIZE)
123 struct fips_ccm_ctx
{
124 u8 b0_a0_adata
[FIPS_CCM_B0_A0_ADATA_SIZE
];
125 u8 iv
[NIST_AESCCM_IV_SIZE
];
126 u8 ctr_cnt_0
[NIST_AESCCM_IV_SIZE
];
127 u8 key
[CC_AES_KEY_SIZE_MAX
];
128 u8 din
[NIST_AESCCM_TEXT_SIZE
];
129 u8 dout
[NIST_AESCCM_TEXT_SIZE
];
130 u8 mac_res
[NIST_AESCCM_TAG_SIZE
];
133 typedef struct _FipsCcmData
{
134 enum drv_crypto_direction direction
;
135 u8 key
[CC_AES_KEY_SIZE_MAX
];
137 u8 nonce
[NIST_AESCCM_NONCE_SIZE
];
138 u8 adata
[NIST_AESCCM_ADATA_SIZE
];
140 u8 dataIn
[NIST_AESCCM_TEXT_SIZE
];
142 u8 dataOut
[NIST_AESCCM_TEXT_SIZE
];
144 u8 macResOut
[NIST_AESCCM_TAG_SIZE
];
148 struct fips_gcm_ctx
{
149 u8 adata
[NIST_AESGCM_ADATA_SIZE
];
150 u8 key
[CC_AES_KEY_SIZE_MAX
];
151 u8 hkey
[CC_AES_KEY_SIZE_MAX
];
152 u8 din
[NIST_AESGCM_TEXT_SIZE
];
153 u8 dout
[NIST_AESGCM_TEXT_SIZE
];
154 u8 mac_res
[NIST_AESGCM_TAG_SIZE
];
155 u8 len_block
[AES_BLOCK_SIZE
];
156 u8 iv_inc1
[AES_BLOCK_SIZE
];
157 u8 iv_inc2
[AES_BLOCK_SIZE
];
160 typedef struct _FipsGcmData
{
161 enum drv_crypto_direction direction
;
162 u8 key
[CC_AES_KEY_SIZE_MAX
];
164 u8 iv
[NIST_AESGCM_IV_SIZE
];
165 u8 adata
[NIST_AESGCM_ADATA_SIZE
];
167 u8 dataIn
[NIST_AESGCM_TEXT_SIZE
];
169 u8 dataOut
[NIST_AESGCM_TEXT_SIZE
];
171 u8 macResOut
[NIST_AESGCM_TAG_SIZE
];
175 typedef union _fips_ctx
{
176 struct fips_cipher_ctx cipher
;
177 struct fips_cmac_ctx cmac
;
178 struct fips_hash_ctx hash
;
179 struct fips_hmac_ctx hmac
;
180 struct fips_ccm_ctx ccm
;
181 struct fips_gcm_ctx gcm
;
185 /* test data tables */
186 static const FipsCipherData FipsCipherDataTable
[] = {
188 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_ECB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_ECB
, NIST_AES_PLAIN_DATA
, NIST_AES_128_ECB_CIPHER
, NIST_AES_VECTOR_SIZE
},
189 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_ECB_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_ECB
, NIST_AES_128_ECB_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
190 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_ECB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_ECB
, NIST_AES_PLAIN_DATA
, NIST_AES_192_ECB_CIPHER
, NIST_AES_VECTOR_SIZE
},
191 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_ECB_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_ECB
, NIST_AES_192_ECB_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
192 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_ECB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_ECB
, NIST_AES_PLAIN_DATA
, NIST_AES_256_ECB_CIPHER
, NIST_AES_VECTOR_SIZE
},
193 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_ECB_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_ECB
, NIST_AES_256_ECB_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
194 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_CBC_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CBC
, NIST_AES_PLAIN_DATA
, NIST_AES_128_CBC_CIPHER
, NIST_AES_VECTOR_SIZE
},
195 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_CBC_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CBC
, NIST_AES_128_CBC_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
196 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_CBC_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CBC
, NIST_AES_PLAIN_DATA
, NIST_AES_192_CBC_CIPHER
, NIST_AES_VECTOR_SIZE
},
197 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_CBC_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CBC
, NIST_AES_192_CBC_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
198 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_CBC_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CBC
, NIST_AES_PLAIN_DATA
, NIST_AES_256_CBC_CIPHER
, NIST_AES_VECTOR_SIZE
},
199 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_CBC_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CBC
, NIST_AES_256_CBC_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
200 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_OFB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_OFB
, NIST_AES_PLAIN_DATA
, NIST_AES_128_OFB_CIPHER
, NIST_AES_VECTOR_SIZE
},
201 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_OFB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_OFB
, NIST_AES_128_OFB_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
202 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_OFB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_OFB
, NIST_AES_PLAIN_DATA
, NIST_AES_192_OFB_CIPHER
, NIST_AES_VECTOR_SIZE
},
203 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_OFB_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_OFB
, NIST_AES_192_OFB_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
204 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_OFB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_OFB
, NIST_AES_PLAIN_DATA
, NIST_AES_256_OFB_CIPHER
, NIST_AES_VECTOR_SIZE
},
205 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_OFB_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_OFB
, NIST_AES_256_OFB_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
206 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_CTR_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CTR
, NIST_AES_PLAIN_DATA
, NIST_AES_128_CTR_CIPHER
, NIST_AES_VECTOR_SIZE
},
207 { 1, NIST_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, NIST_AES_CTR_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CTR
, NIST_AES_128_CTR_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
208 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_CTR_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CTR
, NIST_AES_PLAIN_DATA
, NIST_AES_192_CTR_CIPHER
, NIST_AES_VECTOR_SIZE
},
209 { 1, NIST_AES_192_KEY
, CC_AES_192_BIT_KEY_SIZE
, NIST_AES_CTR_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CTR
, NIST_AES_192_CTR_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
210 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_CTR_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CTR
, NIST_AES_PLAIN_DATA
, NIST_AES_256_CTR_CIPHER
, NIST_AES_VECTOR_SIZE
},
211 { 1, NIST_AES_256_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_CTR_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CTR
, NIST_AES_256_CTR_CIPHER
, NIST_AES_PLAIN_DATA
, NIST_AES_VECTOR_SIZE
},
212 { 1, RFC3962_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, RFC3962_AES_CBC_CTS_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CBC_CTS
, RFC3962_AES_PLAIN_DATA
, RFC3962_AES_128_CBC_CTS_CIPHER
, RFC3962_AES_VECTOR_SIZE
},
213 { 1, RFC3962_AES_128_KEY
, CC_AES_128_BIT_KEY_SIZE
, RFC3962_AES_CBC_CTS_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CBC_CTS
, RFC3962_AES_128_CBC_CTS_CIPHER
, RFC3962_AES_PLAIN_DATA
, RFC3962_AES_VECTOR_SIZE
},
214 { 1, NIST_AES_256_XTS_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_256_XTS_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_XTS
, NIST_AES_256_XTS_PLAIN
, NIST_AES_256_XTS_CIPHER
, NIST_AES_256_XTS_VECTOR_SIZE
},
215 { 1, NIST_AES_256_XTS_KEY
, CC_AES_256_BIT_KEY_SIZE
, NIST_AES_256_XTS_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_XTS
, NIST_AES_256_XTS_CIPHER
, NIST_AES_256_XTS_PLAIN
, NIST_AES_256_XTS_VECTOR_SIZE
},
216 #if (CC_SUPPORT_SHA > 256)
217 { 1, NIST_AES_512_XTS_KEY
, 2*CC_AES_256_BIT_KEY_SIZE
, NIST_AES_512_XTS_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_XTS
, NIST_AES_512_XTS_PLAIN
, NIST_AES_512_XTS_CIPHER
, NIST_AES_512_XTS_VECTOR_SIZE
},
218 { 1, NIST_AES_512_XTS_KEY
, 2*CC_AES_256_BIT_KEY_SIZE
, NIST_AES_512_XTS_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_XTS
, NIST_AES_512_XTS_CIPHER
, NIST_AES_512_XTS_PLAIN
, NIST_AES_512_XTS_VECTOR_SIZE
},
221 { 0, NIST_TDES_ECB3_KEY
, CC_DRV_DES_TRIPLE_KEY_SIZE
, NIST_TDES_ECB_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_ECB
, NIST_TDES_ECB3_PLAIN_DATA
, NIST_TDES_ECB3_CIPHER
, NIST_TDES_VECTOR_SIZE
},
222 { 0, NIST_TDES_ECB3_KEY
, CC_DRV_DES_TRIPLE_KEY_SIZE
, NIST_TDES_ECB_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_ECB
, NIST_TDES_ECB3_CIPHER
, NIST_TDES_ECB3_PLAIN_DATA
, NIST_TDES_VECTOR_SIZE
},
223 { 0, NIST_TDES_CBC3_KEY
, CC_DRV_DES_TRIPLE_KEY_SIZE
, NIST_TDES_CBC3_IV
, DRV_CRYPTO_DIRECTION_ENCRYPT
, DRV_CIPHER_CBC
, NIST_TDES_CBC3_PLAIN_DATA
, NIST_TDES_CBC3_CIPHER
, NIST_TDES_VECTOR_SIZE
},
224 { 0, NIST_TDES_CBC3_KEY
, CC_DRV_DES_TRIPLE_KEY_SIZE
, NIST_TDES_CBC3_IV
, DRV_CRYPTO_DIRECTION_DECRYPT
, DRV_CIPHER_CBC
, NIST_TDES_CBC3_CIPHER
, NIST_TDES_CBC3_PLAIN_DATA
, NIST_TDES_VECTOR_SIZE
},
226 #define FIPS_CIPHER_NUM_OF_TESTS (sizeof(FipsCipherDataTable) / sizeof(FipsCipherData))
228 static const FipsCmacData FipsCmacDataTable
[] = {
229 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AES_128_CMAC_KEY
, AES_128_BIT_KEY_SIZE
, NIST_AES_128_CMAC_PLAIN_DATA
, NIST_AES_128_CMAC_VECTOR_SIZE
, NIST_AES_128_CMAC_MAC
, NIST_AES_128_CMAC_OUTPUT_SIZE
},
230 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AES_192_CMAC_KEY
, AES_192_BIT_KEY_SIZE
, NIST_AES_192_CMAC_PLAIN_DATA
, NIST_AES_192_CMAC_VECTOR_SIZE
, NIST_AES_192_CMAC_MAC
, NIST_AES_192_CMAC_OUTPUT_SIZE
},
231 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AES_256_CMAC_KEY
, AES_256_BIT_KEY_SIZE
, NIST_AES_256_CMAC_PLAIN_DATA
, NIST_AES_256_CMAC_VECTOR_SIZE
, NIST_AES_256_CMAC_MAC
, NIST_AES_256_CMAC_OUTPUT_SIZE
},
233 #define FIPS_CMAC_NUM_OF_TESTS (sizeof(FipsCmacDataTable) / sizeof(FipsCmacData))
235 static const FipsHashData FipsHashDataTable
[] = {
236 { DRV_HASH_SHA1
, NIST_SHA_1_MSG
, NIST_SHA_MSG_SIZE
, NIST_SHA_1_MD
},
237 { DRV_HASH_SHA256
, NIST_SHA_256_MSG
, NIST_SHA_MSG_SIZE
, NIST_SHA_256_MD
},
238 #if (CC_SUPPORT_SHA > 256)
239 // { DRV_HASH_SHA512, NIST_SHA_512_MSG, NIST_SHA_MSG_SIZE, NIST_SHA_512_MD },
242 #define FIPS_HASH_NUM_OF_TESTS (sizeof(FipsHashDataTable) / sizeof(FipsHashData))
244 static const FipsHmacData FipsHmacDataTable
[] = {
245 { DRV_HASH_SHA1
, NIST_HMAC_SHA1_KEY
, NIST_HMAC_SHA1_KEY_SIZE
, NIST_HMAC_SHA1_MSG
, NIST_HMAC_MSG_SIZE
, NIST_HMAC_SHA1_MD
},
246 { DRV_HASH_SHA256
, NIST_HMAC_SHA256_KEY
, NIST_HMAC_SHA256_KEY_SIZE
, NIST_HMAC_SHA256_MSG
, NIST_HMAC_MSG_SIZE
, NIST_HMAC_SHA256_MD
},
247 #if (CC_SUPPORT_SHA > 256)
248 // { DRV_HASH_SHA512, NIST_HMAC_SHA512_KEY, NIST_HMAC_SHA512_KEY_SIZE, NIST_HMAC_SHA512_MSG, NIST_HMAC_MSG_SIZE, NIST_HMAC_SHA512_MD },
251 #define FIPS_HMAC_NUM_OF_TESTS (sizeof(FipsHmacDataTable) / sizeof(FipsHmacData))
253 static const FipsCcmData FipsCcmDataTable
[] = {
254 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AESCCM_128_KEY
, NIST_AESCCM_128_BIT_KEY_SIZE
, NIST_AESCCM_128_NONCE
, NIST_AESCCM_128_ADATA
, NIST_AESCCM_ADATA_SIZE
, NIST_AESCCM_128_PLAIN_TEXT
, NIST_AESCCM_TEXT_SIZE
, NIST_AESCCM_128_CIPHER
, NIST_AESCCM_TAG_SIZE
, NIST_AESCCM_128_MAC
},
255 { DRV_CRYPTO_DIRECTION_DECRYPT
, NIST_AESCCM_128_KEY
, NIST_AESCCM_128_BIT_KEY_SIZE
, NIST_AESCCM_128_NONCE
, NIST_AESCCM_128_ADATA
, NIST_AESCCM_ADATA_SIZE
, NIST_AESCCM_128_CIPHER
, NIST_AESCCM_TEXT_SIZE
, NIST_AESCCM_128_PLAIN_TEXT
, NIST_AESCCM_TAG_SIZE
, NIST_AESCCM_128_MAC
},
256 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AESCCM_192_KEY
, NIST_AESCCM_192_BIT_KEY_SIZE
, NIST_AESCCM_192_NONCE
, NIST_AESCCM_192_ADATA
, NIST_AESCCM_ADATA_SIZE
, NIST_AESCCM_192_PLAIN_TEXT
, NIST_AESCCM_TEXT_SIZE
, NIST_AESCCM_192_CIPHER
, NIST_AESCCM_TAG_SIZE
, NIST_AESCCM_192_MAC
},
257 { DRV_CRYPTO_DIRECTION_DECRYPT
, NIST_AESCCM_192_KEY
, NIST_AESCCM_192_BIT_KEY_SIZE
, NIST_AESCCM_192_NONCE
, NIST_AESCCM_192_ADATA
, NIST_AESCCM_ADATA_SIZE
, NIST_AESCCM_192_CIPHER
, NIST_AESCCM_TEXT_SIZE
, NIST_AESCCM_192_PLAIN_TEXT
, NIST_AESCCM_TAG_SIZE
, NIST_AESCCM_192_MAC
},
258 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AESCCM_256_KEY
, NIST_AESCCM_256_BIT_KEY_SIZE
, NIST_AESCCM_256_NONCE
, NIST_AESCCM_256_ADATA
, NIST_AESCCM_ADATA_SIZE
, NIST_AESCCM_256_PLAIN_TEXT
, NIST_AESCCM_TEXT_SIZE
, NIST_AESCCM_256_CIPHER
, NIST_AESCCM_TAG_SIZE
, NIST_AESCCM_256_MAC
},
259 { DRV_CRYPTO_DIRECTION_DECRYPT
, NIST_AESCCM_256_KEY
, NIST_AESCCM_256_BIT_KEY_SIZE
, NIST_AESCCM_256_NONCE
, NIST_AESCCM_256_ADATA
, NIST_AESCCM_ADATA_SIZE
, NIST_AESCCM_256_CIPHER
, NIST_AESCCM_TEXT_SIZE
, NIST_AESCCM_256_PLAIN_TEXT
, NIST_AESCCM_TAG_SIZE
, NIST_AESCCM_256_MAC
},
261 #define FIPS_CCM_NUM_OF_TESTS (sizeof(FipsCcmDataTable) / sizeof(FipsCcmData))
263 static const FipsGcmData FipsGcmDataTable
[] = {
264 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AESGCM_128_KEY
, NIST_AESGCM_128_BIT_KEY_SIZE
, NIST_AESGCM_128_IV
, NIST_AESGCM_128_ADATA
, NIST_AESGCM_ADATA_SIZE
, NIST_AESGCM_128_PLAIN_TEXT
, NIST_AESGCM_TEXT_SIZE
, NIST_AESGCM_128_CIPHER
, NIST_AESGCM_TAG_SIZE
, NIST_AESGCM_128_MAC
},
265 { DRV_CRYPTO_DIRECTION_DECRYPT
, NIST_AESGCM_128_KEY
, NIST_AESGCM_128_BIT_KEY_SIZE
, NIST_AESGCM_128_IV
, NIST_AESGCM_128_ADATA
, NIST_AESGCM_ADATA_SIZE
, NIST_AESGCM_128_CIPHER
, NIST_AESGCM_TEXT_SIZE
, NIST_AESGCM_128_PLAIN_TEXT
, NIST_AESGCM_TAG_SIZE
, NIST_AESGCM_128_MAC
},
266 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AESGCM_192_KEY
, NIST_AESGCM_192_BIT_KEY_SIZE
, NIST_AESGCM_192_IV
, NIST_AESGCM_192_ADATA
, NIST_AESGCM_ADATA_SIZE
, NIST_AESGCM_192_PLAIN_TEXT
, NIST_AESGCM_TEXT_SIZE
, NIST_AESGCM_192_CIPHER
, NIST_AESGCM_TAG_SIZE
, NIST_AESGCM_192_MAC
},
267 { DRV_CRYPTO_DIRECTION_DECRYPT
, NIST_AESGCM_192_KEY
, NIST_AESGCM_192_BIT_KEY_SIZE
, NIST_AESGCM_192_IV
, NIST_AESGCM_192_ADATA
, NIST_AESGCM_ADATA_SIZE
, NIST_AESGCM_192_CIPHER
, NIST_AESGCM_TEXT_SIZE
, NIST_AESGCM_192_PLAIN_TEXT
, NIST_AESGCM_TAG_SIZE
, NIST_AESGCM_192_MAC
},
268 { DRV_CRYPTO_DIRECTION_ENCRYPT
, NIST_AESGCM_256_KEY
, NIST_AESGCM_256_BIT_KEY_SIZE
, NIST_AESGCM_256_IV
, NIST_AESGCM_256_ADATA
, NIST_AESGCM_ADATA_SIZE
, NIST_AESGCM_256_PLAIN_TEXT
, NIST_AESGCM_TEXT_SIZE
, NIST_AESGCM_256_CIPHER
, NIST_AESGCM_TAG_SIZE
, NIST_AESGCM_256_MAC
},
269 { DRV_CRYPTO_DIRECTION_DECRYPT
, NIST_AESGCM_256_KEY
, NIST_AESGCM_256_BIT_KEY_SIZE
, NIST_AESGCM_256_IV
, NIST_AESGCM_256_ADATA
, NIST_AESGCM_ADATA_SIZE
, NIST_AESGCM_256_CIPHER
, NIST_AESGCM_TEXT_SIZE
, NIST_AESGCM_256_PLAIN_TEXT
, NIST_AESGCM_TAG_SIZE
, NIST_AESGCM_256_MAC
},
271 #define FIPS_GCM_NUM_OF_TESTS (sizeof(FipsGcmDataTable) / sizeof(FipsGcmData))
274 static inline ssi_fips_error_t
275 FIPS_CipherToFipsError(enum drv_cipher_mode mode
, bool is_aes
)
280 return is_aes
? CC_REE_FIPS_ERROR_AES_ECB_PUT
: CC_REE_FIPS_ERROR_DES_ECB_PUT
;
282 return is_aes
? CC_REE_FIPS_ERROR_AES_CBC_PUT
: CC_REE_FIPS_ERROR_DES_CBC_PUT
;
284 return CC_REE_FIPS_ERROR_AES_OFB_PUT
;
286 return CC_REE_FIPS_ERROR_AES_CTR_PUT
;
287 case DRV_CIPHER_CBC_CTS
:
288 return CC_REE_FIPS_ERROR_AES_CBC_CTS_PUT
;
290 return CC_REE_FIPS_ERROR_AES_XTS_PUT
;
292 return CC_REE_FIPS_ERROR_GENERAL
;
295 return CC_REE_FIPS_ERROR_GENERAL
;
300 ssi_cipher_fips_run_test(struct ssi_drvdata
*drvdata
,
304 dma_addr_t key_dma_addr
,
306 dma_addr_t iv_dma_addr
,
308 dma_addr_t din_dma_addr
,
309 dma_addr_t dout_dma_addr
,
312 /* max number of descriptors used for the flow */
313 #define FIPS_CIPHER_MAX_SEQ_LEN 6
316 struct ssi_crypto_req ssi_req
= {0};
317 struct cc_hw_desc desc
[FIPS_CIPHER_MAX_SEQ_LEN
];
319 int s_flow_mode
= is_aes
? S_DIN_to_AES
: S_DIN_to_DES
;
321 /* create setup descriptors */
322 switch (cipher_mode
) {
324 case DRV_CIPHER_CBC_CTS
:
327 /* Load cipher state */
328 HW_DESC_INIT(&desc
[idx
]);
329 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
330 iv_dma_addr
, iv_len
, NS_BIT
);
331 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], direction
);
332 HW_DESC_SET_FLOW_MODE(&desc
[idx
], s_flow_mode
);
333 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], cipher_mode
);
334 if ((cipher_mode
== DRV_CIPHER_CTR
) ||
335 (cipher_mode
== DRV_CIPHER_OFB
) ) {
336 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
338 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
344 HW_DESC_INIT(&desc
[idx
]);
345 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], cipher_mode
);
346 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], direction
);
348 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
350 ((key_len
== 24) ? AES_MAX_KEY_SIZE
: key_len
),
352 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_len
);
354 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
355 key_dma_addr
, key_len
,
357 HW_DESC_SET_KEY_SIZE_DES(&desc
[idx
], key_len
);
359 HW_DESC_SET_FLOW_MODE(&desc
[idx
], s_flow_mode
);
360 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
365 HW_DESC_INIT(&desc
[idx
]);
366 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], cipher_mode
);
367 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], direction
);
368 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
369 key_dma_addr
, key_len
/2, NS_BIT
);
370 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_len
/2);
371 HW_DESC_SET_FLOW_MODE(&desc
[idx
], s_flow_mode
);
372 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
376 HW_DESC_INIT(&desc
[idx
]);
377 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], cipher_mode
);
378 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], direction
);
379 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
380 (key_dma_addr
+key_len
/2), key_len
/2, NS_BIT
);
381 HW_DESC_SET_XEX_DATA_UNIT_SIZE(&desc
[idx
], data_size
);
382 HW_DESC_SET_FLOW_MODE(&desc
[idx
], s_flow_mode
);
383 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_len
/2);
384 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_XEX_KEY
);
388 HW_DESC_INIT(&desc
[idx
]);
389 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
390 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], cipher_mode
);
391 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], direction
);
392 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_len
/2);
393 HW_DESC_SET_FLOW_MODE(&desc
[idx
], s_flow_mode
);
394 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
395 iv_dma_addr
, CC_AES_BLOCK_SIZE
, NS_BIT
);
399 FIPS_LOG("Unsupported cipher mode (%d)\n", cipher_mode
);
403 /* create data descriptor */
404 HW_DESC_INIT(&desc
[idx
]);
405 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, din_dma_addr
, data_size
, NS_BIT
);
406 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], dout_dma_addr
, data_size
, NS_BIT
, 0);
407 HW_DESC_SET_FLOW_MODE(&desc
[idx
], is_aes
? DIN_AES_DOUT
: DIN_DES_DOUT
);
410 /* perform the operation - Lock HW and push sequence */
411 BUG_ON(idx
> FIPS_CIPHER_MAX_SEQ_LEN
);
412 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, false);
414 // send_request returns error just in some corner cases which should not appear in this flow.
420 ssi_cipher_fips_power_up_tests(struct ssi_drvdata
*drvdata
, void *cpu_addr_buffer
, dma_addr_t dma_coherent_buffer
)
422 ssi_fips_error_t error
= CC_REE_FIPS_ERROR_OK
;
424 struct fips_cipher_ctx
*virt_ctx
= (struct fips_cipher_ctx
*)cpu_addr_buffer
;
426 /* set the phisical pointers for iv, key, din, dout */
427 dma_addr_t iv_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cipher_ctx
, iv
);
428 dma_addr_t key_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cipher_ctx
, key
);
429 dma_addr_t din_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cipher_ctx
, din
);
430 dma_addr_t dout_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cipher_ctx
, dout
);
432 for (i
= 0; i
< FIPS_CIPHER_NUM_OF_TESTS
; ++i
)
434 FipsCipherData
*cipherData
= (FipsCipherData
*)&FipsCipherDataTable
[i
];
436 size_t iv_size
= cipherData
->isAes
? NIST_AES_IV_SIZE
: NIST_TDES_IV_SIZE
;
438 memset(cpu_addr_buffer
, 0, sizeof(struct fips_cipher_ctx
));
440 /* copy into the allocated buffer */
441 memcpy(virt_ctx
->iv
, cipherData
->iv
, iv_size
);
442 memcpy(virt_ctx
->key
, cipherData
->key
, cipherData
->keySize
);
443 memcpy(virt_ctx
->din
, cipherData
->dataIn
, cipherData
->dataInSize
);
445 FIPS_DBG("ssi_cipher_fips_run_test - (i = %d) \n", i
);
446 rc
= ssi_cipher_fips_run_test(drvdata
,
449 cipherData
->direction
,
456 cipherData
->dataInSize
);
459 FIPS_LOG("ssi_cipher_fips_run_test %d returned error - rc = %d \n", i
, rc
);
460 error
= FIPS_CipherToFipsError(cipherData
->oprMode
, cipherData
->isAes
);
464 /* compare actual dout to expected */
465 if (memcmp(virt_ctx
->dout
, cipherData
->dataOut
, cipherData
->dataInSize
) != 0)
467 FIPS_LOG("dout comparison error %d - oprMode=%d, isAes=%d\n", i
, cipherData
->oprMode
, cipherData
->isAes
);
468 FIPS_LOG(" i expected received \n");
469 FIPS_LOG(" i 0x%08x 0x%08x (size=%d) \n", (size_t)cipherData
->dataOut
, (size_t)virt_ctx
->dout
, cipherData
->dataInSize
);
470 for (i
= 0; i
< cipherData
->dataInSize
; ++i
)
472 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, cipherData
->dataOut
[i
], virt_ctx
->dout
[i
]);
475 error
= FIPS_CipherToFipsError(cipherData
->oprMode
, cipherData
->isAes
);
485 ssi_cmac_fips_run_test(struct ssi_drvdata
*drvdata
,
486 dma_addr_t key_dma_addr
,
488 dma_addr_t din_dma_addr
,
490 dma_addr_t digest_dma_addr
,
493 /* max number of descriptors used for the flow */
494 #define FIPS_CMAC_MAX_SEQ_LEN 4
497 struct ssi_crypto_req ssi_req
= {0};
498 struct cc_hw_desc desc
[FIPS_CMAC_MAX_SEQ_LEN
];
502 HW_DESC_INIT(&desc
[idx
]);
503 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, key_dma_addr
,
504 ((key_len
== 24) ? AES_MAX_KEY_SIZE
: key_len
), NS_BIT
);
505 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
506 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CMAC
);
507 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
508 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_len
);
509 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
513 HW_DESC_INIT(&desc
[idx
]);
514 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, digest_dma_addr
, CC_AES_BLOCK_SIZE
, NS_BIT
);
515 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
516 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CMAC
);
517 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
518 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_len
);
519 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
523 //ssi_hash_create_data_desc(state, ctx, DIN_AES_DOUT, desc, false, &idx);
524 HW_DESC_INIT(&desc
[idx
]);
525 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
528 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_AES_DOUT
);
531 /* Get final MAC result */
532 HW_DESC_INIT(&desc
[idx
]);
533 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], digest_dma_addr
, CC_AES_BLOCK_SIZE
, NS_BIT
, 0);
534 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_AES_to_DOUT
);
535 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
536 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
537 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CMAC
);
540 /* perform the operation - Lock HW and push sequence */
541 BUG_ON(idx
> FIPS_CMAC_MAX_SEQ_LEN
);
542 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, false);
544 // send_request returns error just in some corner cases which should not appear in this flow.
549 ssi_cmac_fips_power_up_tests(struct ssi_drvdata
*drvdata
, void *cpu_addr_buffer
, dma_addr_t dma_coherent_buffer
)
551 ssi_fips_error_t error
= CC_REE_FIPS_ERROR_OK
;
553 struct fips_cmac_ctx
*virt_ctx
= (struct fips_cmac_ctx
*)cpu_addr_buffer
;
555 /* set the phisical pointers for key, din, dout */
556 dma_addr_t key_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cmac_ctx
, key
);
557 dma_addr_t din_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cmac_ctx
, din
);
558 dma_addr_t mac_res_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_cmac_ctx
, mac_res
);
560 for (i
= 0; i
< FIPS_CMAC_NUM_OF_TESTS
; ++i
)
562 FipsCmacData
*cmac_data
= (FipsCmacData
*)&FipsCmacDataTable
[i
];
565 memset(cpu_addr_buffer
, 0, sizeof(struct fips_cmac_ctx
));
567 /* copy into the allocated buffer */
568 memcpy(virt_ctx
->key
, cmac_data
->key
, cmac_data
->key_size
);
569 memcpy(virt_ctx
->din
, cmac_data
->data_in
, cmac_data
->data_in_size
);
571 BUG_ON(cmac_data
->direction
!= DRV_CRYPTO_DIRECTION_ENCRYPT
);
573 FIPS_DBG("ssi_cmac_fips_run_test - (i = %d) \n", i
);
574 rc
= ssi_cmac_fips_run_test(drvdata
,
578 cmac_data
->data_in_size
,
580 cmac_data
->mac_res_size
);
583 FIPS_LOG("ssi_cmac_fips_run_test %d returned error - rc = %d \n", i
, rc
);
584 error
= CC_REE_FIPS_ERROR_AES_CMAC_PUT
;
588 /* compare actual mac result to expected */
589 if (memcmp(virt_ctx
->mac_res
, cmac_data
->mac_res
, cmac_data
->mac_res_size
) != 0)
591 FIPS_LOG("comparison error %d - digest_size=%d \n", i
, cmac_data
->mac_res_size
);
592 FIPS_LOG(" i expected received \n");
593 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)cmac_data
->mac_res
, (size_t)virt_ctx
->mac_res
);
594 for (i
= 0; i
< cmac_data
->mac_res_size
; ++i
)
596 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, cmac_data
->mac_res
[i
], virt_ctx
->mac_res
[i
]);
599 error
= CC_REE_FIPS_ERROR_AES_CMAC_PUT
;
608 static inline ssi_fips_error_t
609 FIPS_HashToFipsError(enum drv_hash_mode hash_mode
)
613 return CC_REE_FIPS_ERROR_SHA1_PUT
;
614 case DRV_HASH_SHA256
:
615 return CC_REE_FIPS_ERROR_SHA256_PUT
;
616 #if (CC_SUPPORT_SHA > 256)
617 case DRV_HASH_SHA512
:
618 return CC_REE_FIPS_ERROR_SHA512_PUT
;
621 return CC_REE_FIPS_ERROR_GENERAL
;
624 return CC_REE_FIPS_ERROR_GENERAL
;
628 ssi_hash_fips_run_test(struct ssi_drvdata
*drvdata
,
629 dma_addr_t initial_digest_dma_addr
,
630 dma_addr_t din_dma_addr
,
632 dma_addr_t mac_res_dma_addr
,
633 enum drv_hash_mode hash_mode
,
634 enum drv_hash_hw_mode hw_mode
,
636 int inter_digestsize
)
638 /* max number of descriptors used for the flow */
639 #define FIPS_HASH_MAX_SEQ_LEN 4
642 struct ssi_crypto_req ssi_req
= {0};
643 struct cc_hw_desc desc
[FIPS_HASH_MAX_SEQ_LEN
];
646 /* Load initial digest */
647 HW_DESC_INIT(&desc
[idx
]);
648 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
649 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, initial_digest_dma_addr
, inter_digestsize
, NS_BIT
);
650 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
651 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
654 /* Load the hash current length */
655 HW_DESC_INIT(&desc
[idx
]);
656 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
657 HW_DESC_SET_DIN_CONST(&desc
[idx
], 0, HASH_LEN_SIZE
);
658 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_ENABLED
);
659 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
660 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
663 /* data descriptor */
664 HW_DESC_INIT(&desc
[idx
]);
665 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, din_dma_addr
, data_in_size
, NS_BIT
);
666 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
669 /* Get final MAC result */
670 HW_DESC_INIT(&desc
[idx
]);
671 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
672 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], mac_res_dma_addr
, digest_size
, NS_BIT
, 0);
673 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
674 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
675 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_DISABLED
);
676 if (unlikely((hash_mode
== DRV_HASH_MD5
) ||
677 (hash_mode
== DRV_HASH_SHA384
) ||
678 (hash_mode
== DRV_HASH_SHA512
))) {
679 HW_DESC_SET_BYTES_SWAP(&desc
[idx
], 1);
681 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
685 /* perform the operation - Lock HW and push sequence */
686 BUG_ON(idx
> FIPS_HASH_MAX_SEQ_LEN
);
687 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, false);
693 ssi_hash_fips_power_up_tests(struct ssi_drvdata
*drvdata
, void *cpu_addr_buffer
, dma_addr_t dma_coherent_buffer
)
695 ssi_fips_error_t error
= CC_REE_FIPS_ERROR_OK
;
697 struct fips_hash_ctx
*virt_ctx
= (struct fips_hash_ctx
*)cpu_addr_buffer
;
699 /* set the phisical pointers for initial_digest, din, mac_res */
700 dma_addr_t initial_digest_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hash_ctx
, initial_digest
);
701 dma_addr_t din_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hash_ctx
, din
);
702 dma_addr_t mac_res_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hash_ctx
, mac_res
);
704 for (i
= 0; i
< FIPS_HASH_NUM_OF_TESTS
; ++i
)
706 FipsHashData
*hash_data
= (FipsHashData
*)&FipsHashDataTable
[i
];
708 enum drv_hash_hw_mode hw_mode
= 0;
710 int inter_digestsize
= 0;
712 memset(cpu_addr_buffer
, 0, sizeof(struct fips_hash_ctx
));
714 switch (hash_data
->hash_mode
) {
716 hw_mode
= DRV_HASH_HW_SHA1
;
717 digest_size
= CC_SHA1_DIGEST_SIZE
;
718 inter_digestsize
= CC_SHA1_DIGEST_SIZE
;
719 /* copy the initial digest into the allocated cache coherent buffer */
720 memcpy(virt_ctx
->initial_digest
, (void*)sha1_init
, CC_SHA1_DIGEST_SIZE
);
722 case DRV_HASH_SHA256
:
723 hw_mode
= DRV_HASH_HW_SHA256
;
724 digest_size
= CC_SHA256_DIGEST_SIZE
;
725 inter_digestsize
= CC_SHA256_DIGEST_SIZE
;
726 memcpy(virt_ctx
->initial_digest
, (void*)sha256_init
, CC_SHA256_DIGEST_SIZE
);
728 #if (CC_SUPPORT_SHA > 256)
729 case DRV_HASH_SHA512
:
730 hw_mode
= DRV_HASH_HW_SHA512
;
731 digest_size
= CC_SHA512_DIGEST_SIZE
;
732 inter_digestsize
= CC_SHA512_DIGEST_SIZE
;
733 memcpy(virt_ctx
->initial_digest
, (void*)sha512_init
, CC_SHA512_DIGEST_SIZE
);
737 error
= FIPS_HashToFipsError(hash_data
->hash_mode
);
741 /* copy the din data into the allocated buffer */
742 memcpy(virt_ctx
->din
, hash_data
->data_in
, hash_data
->data_in_size
);
744 /* run the test on HW */
745 FIPS_DBG("ssi_hash_fips_run_test - (i = %d) \n", i
);
746 rc
= ssi_hash_fips_run_test(drvdata
,
747 initial_digest_dma_addr
,
749 hash_data
->data_in_size
,
751 hash_data
->hash_mode
,
757 FIPS_LOG("ssi_hash_fips_run_test %d returned error - rc = %d \n", i
, rc
);
758 error
= FIPS_HashToFipsError(hash_data
->hash_mode
);
762 /* compare actual mac result to expected */
763 if (memcmp(virt_ctx
->mac_res
, hash_data
->mac_res
, digest_size
) != 0)
765 FIPS_LOG("comparison error %d - hash_mode=%d digest_size=%d \n", i
, hash_data
->hash_mode
, digest_size
);
766 FIPS_LOG(" i expected received \n");
767 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)hash_data
->mac_res
, (size_t)virt_ctx
->mac_res
);
768 for (i
= 0; i
< digest_size
; ++i
)
770 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, hash_data
->mac_res
[i
], virt_ctx
->mac_res
[i
]);
773 error
= FIPS_HashToFipsError(hash_data
->hash_mode
);
782 static inline ssi_fips_error_t
783 FIPS_HmacToFipsError(enum drv_hash_mode hash_mode
)
787 return CC_REE_FIPS_ERROR_HMAC_SHA1_PUT
;
788 case DRV_HASH_SHA256
:
789 return CC_REE_FIPS_ERROR_HMAC_SHA256_PUT
;
790 #if (CC_SUPPORT_SHA > 256)
791 case DRV_HASH_SHA512
:
792 return CC_REE_FIPS_ERROR_HMAC_SHA512_PUT
;
795 return CC_REE_FIPS_ERROR_GENERAL
;
798 return CC_REE_FIPS_ERROR_GENERAL
;
802 ssi_hmac_fips_run_test(struct ssi_drvdata
*drvdata
,
803 dma_addr_t initial_digest_dma_addr
,
804 dma_addr_t key_dma_addr
,
806 dma_addr_t din_dma_addr
,
808 dma_addr_t mac_res_dma_addr
,
809 enum drv_hash_mode hash_mode
,
810 enum drv_hash_hw_mode hw_mode
,
812 size_t inter_digestsize
,
814 dma_addr_t k0_dma_addr
,
815 dma_addr_t tmp_digest_dma_addr
,
816 dma_addr_t digest_bytes_len_dma_addr
)
818 /* The implemented flow is not the same as the one implemented in ssi_hash.c (setkey + digest flows).
819 In this flow, there is no need to store and reload some of the intermidiate results. */
821 /* max number of descriptors used for the flow */
822 #define FIPS_HMAC_MAX_SEQ_LEN 12
825 struct ssi_crypto_req ssi_req
= {0};
826 struct cc_hw_desc desc
[FIPS_HMAC_MAX_SEQ_LEN
];
829 /* calc the hash opad first and ipad only afterwards (unlike the flow in ssi_hash.c) */
830 unsigned int hmacPadConst
[2] = { HMAC_OPAD_CONST
, HMAC_IPAD_CONST
};
832 // assume (key_size <= block_size)
833 HW_DESC_INIT(&desc
[idx
]);
834 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, key_dma_addr
, key_size
, NS_BIT
);
835 HW_DESC_SET_FLOW_MODE(&desc
[idx
], BYPASS
);
836 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], k0_dma_addr
, key_size
, NS_BIT
, 0);
839 // if needed, append Key with zeros to create K0
840 if ((block_size
- key_size
) != 0) {
841 HW_DESC_INIT(&desc
[idx
]);
842 HW_DESC_SET_DIN_CONST(&desc
[idx
], 0, (block_size
- key_size
));
843 HW_DESC_SET_FLOW_MODE(&desc
[idx
], BYPASS
);
844 HW_DESC_SET_DOUT_DLLI(&desc
[idx
],
845 (k0_dma_addr
+ key_size
), (block_size
- key_size
),
850 BUG_ON(idx
> FIPS_HMAC_MAX_SEQ_LEN
);
851 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, 0);
852 if (unlikely(rc
!= 0)) {
853 SSI_LOG_ERR("send_request() failed (rc=%d)\n", rc
);
858 /* calc derived HMAC key */
859 for (i
= 0; i
< 2; i
++) {
860 /* Load hash initial state */
861 HW_DESC_INIT(&desc
[idx
]);
862 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
863 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, initial_digest_dma_addr
, inter_digestsize
, NS_BIT
);
864 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
865 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
869 /* Load the hash current length*/
870 HW_DESC_INIT(&desc
[idx
]);
871 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
872 HW_DESC_SET_DIN_CONST(&desc
[idx
], 0, HASH_LEN_SIZE
);
873 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
874 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
877 /* Prepare opad/ipad key */
878 HW_DESC_INIT(&desc
[idx
]);
879 HW_DESC_SET_XOR_VAL(&desc
[idx
], hmacPadConst
[i
]);
880 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
881 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
882 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
885 /* Perform HASH update */
886 HW_DESC_INIT(&desc
[idx
]);
887 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
890 HW_DESC_SET_CIPHER_MODE(&desc
[idx
],hw_mode
);
891 HW_DESC_SET_XOR_ACTIVE(&desc
[idx
]);
892 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
896 /* First iteration - calc H(K0^opad) into tmp_digest_dma_addr */
897 HW_DESC_INIT(&desc
[idx
]);
898 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
899 HW_DESC_SET_DOUT_DLLI(&desc
[idx
],
903 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
904 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
907 // is this needed?? or continue with current descriptors??
908 BUG_ON(idx
> FIPS_HMAC_MAX_SEQ_LEN
);
909 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, 0);
910 if (unlikely(rc
!= 0)) {
911 SSI_LOG_ERR("send_request() failed (rc=%d)\n", rc
);
918 /* data descriptor */
919 HW_DESC_INIT(&desc
[idx
]);
920 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
921 din_dma_addr
, data_in_size
,
923 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
926 /* HW last hash block padding (aka. "DO_PAD") */
927 HW_DESC_INIT(&desc
[idx
]);
928 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
929 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], k0_dma_addr
, HASH_LEN_SIZE
, NS_BIT
, 0);
930 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
931 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE1
);
932 HW_DESC_SET_CIPHER_DO(&desc
[idx
], DO_PAD
);
935 /* store the hash digest result in the context */
936 HW_DESC_INIT(&desc
[idx
]);
937 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
938 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], k0_dma_addr
, digest_size
, NS_BIT
, 0);
939 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
940 if (unlikely((hash_mode
== DRV_HASH_MD5
) ||
941 (hash_mode
== DRV_HASH_SHA384
) ||
942 (hash_mode
== DRV_HASH_SHA512
))) {
943 HW_DESC_SET_BYTES_SWAP(&desc
[idx
], 1);
945 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
947 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
951 tmp_digest = H(o_key_pad)
952 k0 = H(i_key_pad || m)
955 /* Loading hash opad xor key state */
956 HW_DESC_INIT(&desc
[idx
]);
957 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
958 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, tmp_digest_dma_addr
, inter_digestsize
, NS_BIT
);
959 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
960 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
963 /* Load the hash current length */
964 HW_DESC_INIT(&desc
[idx
]);
965 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
966 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, digest_bytes_len_dma_addr
, HASH_LEN_SIZE
, NS_BIT
);
967 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_ENABLED
);
968 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
969 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
972 /* Memory Barrier: wait for IPAD/OPAD axi write to complete */
973 HW_DESC_INIT(&desc
[idx
]);
974 HW_DESC_SET_DIN_NO_DMA(&desc
[idx
], 0, 0xfffff0);
975 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
978 /* Perform HASH update */
979 HW_DESC_INIT(&desc
[idx
]);
980 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, k0_dma_addr
, digest_size
, NS_BIT
);
981 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
985 /* Get final MAC result */
986 HW_DESC_INIT(&desc
[idx
]);
987 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], hw_mode
);
988 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], mac_res_dma_addr
, digest_size
, NS_BIT
, 0);
989 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
990 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
991 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_DISABLED
);
992 if (unlikely((hash_mode
== DRV_HASH_MD5
) ||
993 (hash_mode
== DRV_HASH_SHA384
) ||
994 (hash_mode
== DRV_HASH_SHA512
))) {
995 HW_DESC_SET_BYTES_SWAP(&desc
[idx
], 1);
997 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
1001 /* perform the operation - Lock HW and push sequence */
1002 BUG_ON(idx
> FIPS_HMAC_MAX_SEQ_LEN
);
1003 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, false);
1009 ssi_hmac_fips_power_up_tests(struct ssi_drvdata
*drvdata
, void *cpu_addr_buffer
, dma_addr_t dma_coherent_buffer
)
1011 ssi_fips_error_t error
= CC_REE_FIPS_ERROR_OK
;
1013 struct fips_hmac_ctx
*virt_ctx
= (struct fips_hmac_ctx
*)cpu_addr_buffer
;
1015 /* set the phisical pointers */
1016 dma_addr_t initial_digest_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, initial_digest
);
1017 dma_addr_t key_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, key
);
1018 dma_addr_t k0_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, k0
);
1019 dma_addr_t tmp_digest_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, tmp_digest
);
1020 dma_addr_t digest_bytes_len_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, digest_bytes_len
);
1021 dma_addr_t din_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, din
);
1022 dma_addr_t mac_res_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_hmac_ctx
, mac_res
);
1024 for (i
= 0; i
< FIPS_HMAC_NUM_OF_TESTS
; ++i
)
1026 FipsHmacData
*hmac_data
= (FipsHmacData
*)&FipsHmacDataTable
[i
];
1028 enum drv_hash_hw_mode hw_mode
= 0;
1029 int digest_size
= 0;
1031 int inter_digestsize
= 0;
1033 memset(cpu_addr_buffer
, 0, sizeof(struct fips_hmac_ctx
));
1035 switch (hmac_data
->hash_mode
) {
1037 hw_mode
= DRV_HASH_HW_SHA1
;
1038 digest_size
= CC_SHA1_DIGEST_SIZE
;
1039 block_size
= CC_SHA1_BLOCK_SIZE
;
1040 inter_digestsize
= CC_SHA1_DIGEST_SIZE
;
1041 memcpy(virt_ctx
->initial_digest
, (void*)sha1_init
, CC_SHA1_DIGEST_SIZE
);
1042 memcpy(virt_ctx
->digest_bytes_len
, digest_len_init
, HASH_LEN_SIZE
);
1044 case DRV_HASH_SHA256
:
1045 hw_mode
= DRV_HASH_HW_SHA256
;
1046 digest_size
= CC_SHA256_DIGEST_SIZE
;
1047 block_size
= CC_SHA256_BLOCK_SIZE
;
1048 inter_digestsize
= CC_SHA256_DIGEST_SIZE
;
1049 memcpy(virt_ctx
->initial_digest
, (void*)sha256_init
, CC_SHA256_DIGEST_SIZE
);
1050 memcpy(virt_ctx
->digest_bytes_len
, digest_len_init
, HASH_LEN_SIZE
);
1052 #if (CC_SUPPORT_SHA > 256)
1053 case DRV_HASH_SHA512
:
1054 hw_mode
= DRV_HASH_HW_SHA512
;
1055 digest_size
= CC_SHA512_DIGEST_SIZE
;
1056 block_size
= CC_SHA512_BLOCK_SIZE
;
1057 inter_digestsize
= CC_SHA512_DIGEST_SIZE
;
1058 memcpy(virt_ctx
->initial_digest
, (void*)sha512_init
, CC_SHA512_DIGEST_SIZE
);
1059 memcpy(virt_ctx
->digest_bytes_len
, digest_len_sha512_init
, HASH_LEN_SIZE
);
1063 error
= FIPS_HmacToFipsError(hmac_data
->hash_mode
);
1067 /* copy into the allocated buffer */
1068 memcpy(virt_ctx
->key
, hmac_data
->key
, hmac_data
->key_size
);
1069 memcpy(virt_ctx
->din
, hmac_data
->data_in
, hmac_data
->data_in_size
);
1071 /* run the test on HW */
1072 FIPS_DBG("ssi_hmac_fips_run_test - (i = %d) \n", i
);
1073 rc
= ssi_hmac_fips_run_test(drvdata
,
1074 initial_digest_dma_addr
,
1076 hmac_data
->key_size
,
1078 hmac_data
->data_in_size
,
1080 hmac_data
->hash_mode
,
1086 tmp_digest_dma_addr
,
1087 digest_bytes_len_dma_addr
);
1090 FIPS_LOG("ssi_hmac_fips_run_test %d returned error - rc = %d \n", i
, rc
);
1091 error
= FIPS_HmacToFipsError(hmac_data
->hash_mode
);
1095 /* compare actual mac result to expected */
1096 if (memcmp(virt_ctx
->mac_res
, hmac_data
->mac_res
, digest_size
) != 0)
1098 FIPS_LOG("comparison error %d - hash_mode=%d digest_size=%d \n", i
, hmac_data
->hash_mode
, digest_size
);
1099 FIPS_LOG(" i expected received \n");
1100 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)hmac_data
->mac_res
, (size_t)virt_ctx
->mac_res
);
1101 for (i
= 0; i
< digest_size
; ++i
)
1103 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, hmac_data
->mac_res
[i
], virt_ctx
->mac_res
[i
]);
1106 error
= FIPS_HmacToFipsError(hmac_data
->hash_mode
);
1116 ssi_ccm_fips_run_test(struct ssi_drvdata
*drvdata
,
1117 enum drv_crypto_direction direction
,
1118 dma_addr_t key_dma_addr
,
1120 dma_addr_t iv_dma_addr
,
1121 dma_addr_t ctr_cnt_0_dma_addr
,
1122 dma_addr_t b0_a0_adata_dma_addr
,
1123 size_t b0_a0_adata_size
,
1124 dma_addr_t din_dma_addr
,
1126 dma_addr_t dout_dma_addr
,
1127 dma_addr_t mac_res_dma_addr
)
1129 /* max number of descriptors used for the flow */
1130 #define FIPS_CCM_MAX_SEQ_LEN 10
1133 struct ssi_crypto_req ssi_req
= {0};
1134 struct cc_hw_desc desc
[FIPS_CCM_MAX_SEQ_LEN
];
1135 unsigned int idx
= 0;
1136 unsigned int cipher_flow_mode
;
1138 if (direction
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
1139 cipher_flow_mode
= AES_to_HASH_and_DOUT
;
1140 } else { /* Encrypt */
1141 cipher_flow_mode
= AES_and_HASH
;
1145 HW_DESC_INIT(&desc
[idx
]);
1146 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CTR
);
1147 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, key_dma_addr
,
1148 ((key_size
== NIST_AESCCM_192_BIT_KEY_SIZE
) ? CC_AES_KEY_SIZE_MAX
: key_size
),
1150 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1151 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
1152 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1153 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1156 /* load ctr state */
1157 HW_DESC_INIT(&desc
[idx
]);
1158 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CTR
);
1159 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1160 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1161 iv_dma_addr
, AES_BLOCK_SIZE
,
1163 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1164 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
1165 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1169 HW_DESC_INIT(&desc
[idx
]);
1170 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CBC_MAC
);
1171 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, key_dma_addr
,
1172 ((key_size
== NIST_AESCCM_192_BIT_KEY_SIZE
) ? CC_AES_KEY_SIZE_MAX
: key_size
),
1174 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1175 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
1176 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1177 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
1178 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1181 /* load MAC state */
1182 HW_DESC_INIT(&desc
[idx
]);
1183 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CBC_MAC
);
1184 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1185 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, mac_res_dma_addr
, NIST_AESCCM_TAG_SIZE
, NS_BIT
);
1186 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DESC_DIRECTION_ENCRYPT_ENCRYPT
);
1187 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
1188 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
1189 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1192 /* prcess assoc data */
1193 HW_DESC_INIT(&desc
[idx
]);
1194 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, b0_a0_adata_dma_addr
, b0_a0_adata_size
, NS_BIT
);
1195 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
1198 /* process the cipher */
1199 HW_DESC_INIT(&desc
[idx
]);
1200 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, din_dma_addr
, din_size
, NS_BIT
);
1201 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], dout_dma_addr
, din_size
, NS_BIT
, 0);
1202 HW_DESC_SET_FLOW_MODE(&desc
[idx
], cipher_flow_mode
);
1205 /* Read temporal MAC */
1206 HW_DESC_INIT(&desc
[idx
]);
1207 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CBC_MAC
);
1208 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], mac_res_dma_addr
, NIST_AESCCM_TAG_SIZE
, NS_BIT
, 0);
1209 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
1210 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], HASH_DIGEST_RESULT_LITTLE_ENDIAN
);
1211 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
1212 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1215 /* load AES-CTR state (for last MAC calculation)*/
1216 HW_DESC_INIT(&desc
[idx
]);
1217 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_CTR
);
1218 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1219 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1221 AES_BLOCK_SIZE
, NS_BIT
);
1222 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1223 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
1224 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1227 /* Memory Barrier */
1228 HW_DESC_INIT(&desc
[idx
]);
1229 HW_DESC_SET_DIN_NO_DMA(&desc
[idx
], 0, 0xfffff0);
1230 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
1233 /* encrypt the "T" value and store MAC inplace */
1234 HW_DESC_INIT(&desc
[idx
]);
1235 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
, mac_res_dma_addr
, NIST_AESCCM_TAG_SIZE
, NS_BIT
);
1236 HW_DESC_SET_DOUT_DLLI(&desc
[idx
], mac_res_dma_addr
, NIST_AESCCM_TAG_SIZE
, NS_BIT
, 0);
1237 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_AES_DOUT
);
1240 /* perform the operation - Lock HW and push sequence */
1241 BUG_ON(idx
> FIPS_CCM_MAX_SEQ_LEN
);
1242 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, false);
1248 ssi_ccm_fips_power_up_tests(struct ssi_drvdata
*drvdata
, void *cpu_addr_buffer
, dma_addr_t dma_coherent_buffer
)
1250 ssi_fips_error_t error
= CC_REE_FIPS_ERROR_OK
;
1252 struct fips_ccm_ctx
*virt_ctx
= (struct fips_ccm_ctx
*)cpu_addr_buffer
;
1254 /* set the phisical pointers */
1255 dma_addr_t b0_a0_adata_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, b0_a0_adata
);
1256 dma_addr_t iv_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, iv
);
1257 dma_addr_t ctr_cnt_0_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, ctr_cnt_0
);
1258 dma_addr_t key_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, key
);
1259 dma_addr_t din_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, din
);
1260 dma_addr_t dout_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, dout
);
1261 dma_addr_t mac_res_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_ccm_ctx
, mac_res
);
1263 for (i
= 0; i
< FIPS_CCM_NUM_OF_TESTS
; ++i
)
1265 FipsCcmData
*ccmData
= (FipsCcmData
*)&FipsCcmDataTable
[i
];
1268 memset(cpu_addr_buffer
, 0, sizeof(struct fips_ccm_ctx
));
1270 /* copy the nonce, key, adata, din data into the allocated buffer */
1271 memcpy(virt_ctx
->key
, ccmData
->key
, ccmData
->keySize
);
1272 memcpy(virt_ctx
->din
, ccmData
->dataIn
, ccmData
->dataInSize
);
1274 /* build B0 -- B0, nonce, l(m) */
1275 __be16 data
= cpu_to_be16(NIST_AESCCM_TEXT_SIZE
);
1276 virt_ctx
->b0_a0_adata
[0] = NIST_AESCCM_B0_VAL
;
1277 memcpy(virt_ctx
->b0_a0_adata
+ 1, ccmData
->nonce
, NIST_AESCCM_NONCE_SIZE
);
1278 memcpy(virt_ctx
->b0_a0_adata
+ 14, (u8
*)&data
, sizeof(__be16
));
1279 /* build A0+ADATA */
1280 virt_ctx
->b0_a0_adata
[NIST_AESCCM_IV_SIZE
+ 0] = (ccmData
->adataSize
>> 8) & 0xFF;
1281 virt_ctx
->b0_a0_adata
[NIST_AESCCM_IV_SIZE
+ 1] = ccmData
->adataSize
& 0xFF;
1282 memcpy(virt_ctx
->b0_a0_adata
+ NIST_AESCCM_IV_SIZE
+ 2, ccmData
->adata
, ccmData
->adataSize
);
1284 virt_ctx
->iv
[0] = 1; /* L' */
1285 memcpy(virt_ctx
->iv
+ 1, ccmData
->nonce
, NIST_AESCCM_NONCE_SIZE
);
1286 virt_ctx
->iv
[15] = 1;
1288 memcpy(virt_ctx
->ctr_cnt_0
, virt_ctx
->iv
, NIST_AESCCM_IV_SIZE
);
1289 virt_ctx
->ctr_cnt_0
[15] = 0;
1292 FIPS_DBG("ssi_ccm_fips_run_test - (i = %d) \n", i
);
1293 rc
= ssi_ccm_fips_run_test(drvdata
,
1299 b0_a0_adata_dma_addr
,
1300 FIPS_CCM_B0_A0_ADATA_SIZE
,
1302 ccmData
->dataInSize
,
1307 FIPS_LOG("ssi_ccm_fips_run_test %d returned error - rc = %d \n", i
, rc
);
1308 error
= CC_REE_FIPS_ERROR_AESCCM_PUT
;
1312 /* compare actual dout to expected */
1313 if (memcmp(virt_ctx
->dout
, ccmData
->dataOut
, ccmData
->dataInSize
) != 0)
1315 FIPS_LOG("dout comparison error %d - size=%d \n", i
, ccmData
->dataInSize
);
1316 error
= CC_REE_FIPS_ERROR_AESCCM_PUT
;
1320 /* compare actual mac result to expected */
1321 if (memcmp(virt_ctx
->mac_res
, ccmData
->macResOut
, ccmData
->tagSize
) != 0)
1323 FIPS_LOG("mac_res comparison error %d - mac_size=%d \n", i
, ccmData
->tagSize
);
1324 FIPS_LOG(" i expected received \n");
1325 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)ccmData
->macResOut
, (size_t)virt_ctx
->mac_res
);
1326 for (i
= 0; i
< ccmData
->tagSize
; ++i
)
1328 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, ccmData
->macResOut
[i
], virt_ctx
->mac_res
[i
]);
1331 error
= CC_REE_FIPS_ERROR_AESCCM_PUT
;
1341 ssi_gcm_fips_run_test(struct ssi_drvdata
*drvdata
,
1342 enum drv_crypto_direction direction
,
1343 dma_addr_t key_dma_addr
,
1345 dma_addr_t hkey_dma_addr
,
1346 dma_addr_t block_len_dma_addr
,
1347 dma_addr_t iv_inc1_dma_addr
,
1348 dma_addr_t iv_inc2_dma_addr
,
1349 dma_addr_t adata_dma_addr
,
1351 dma_addr_t din_dma_addr
,
1353 dma_addr_t dout_dma_addr
,
1354 dma_addr_t mac_res_dma_addr
)
1356 /* max number of descriptors used for the flow */
1357 #define FIPS_GCM_MAX_SEQ_LEN 15
1360 struct ssi_crypto_req ssi_req
= {0};
1361 struct cc_hw_desc desc
[FIPS_GCM_MAX_SEQ_LEN
];
1362 unsigned int idx
= 0;
1363 unsigned int cipher_flow_mode
;
1365 if (direction
== DRV_CRYPTO_DIRECTION_DECRYPT
) {
1366 cipher_flow_mode
= AES_and_HASH
;
1367 } else { /* Encrypt */
1368 cipher_flow_mode
= AES_to_HASH_and_DOUT
;
1371 ///////////////////////////////// 1 ////////////////////////////////////
1372 // ssi_aead_gcm_setup_ghash_desc(req, desc, seq_size);
1373 ///////////////////////////////// 1 ////////////////////////////////////
1375 /* load key to AES*/
1376 HW_DESC_INIT(&desc
[idx
]);
1377 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_ECB
);
1378 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1379 HW_DESC_SET_DIN_TYPE(&desc
[idx
],
1380 DMA_DLLI
, key_dma_addr
, key_size
,
1382 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1383 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
1384 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1387 /* process one zero block to generate hkey */
1388 HW_DESC_INIT(&desc
[idx
]);
1389 HW_DESC_SET_DIN_CONST(&desc
[idx
], 0x0, AES_BLOCK_SIZE
);
1390 HW_DESC_SET_DOUT_DLLI(&desc
[idx
],
1391 hkey_dma_addr
, AES_BLOCK_SIZE
,
1393 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_AES_DOUT
);
1396 /* Memory Barrier */
1397 HW_DESC_INIT(&desc
[idx
]);
1398 HW_DESC_SET_DIN_NO_DMA(&desc
[idx
], 0, 0xfffff0);
1399 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
1402 /* Load GHASH subkey */
1403 HW_DESC_INIT(&desc
[idx
]);
1404 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1405 hkey_dma_addr
, AES_BLOCK_SIZE
,
1407 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
1408 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
1409 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1410 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_HASH_HW_GHASH
);
1411 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_ENABLED
);
1412 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
1415 /* Configure Hash Engine to work with GHASH.
1416 Since it was not possible to extend HASH submodes to add GHASH,
1417 The following command is necessary in order to select GHASH (according to HW designers)*/
1418 HW_DESC_INIT(&desc
[idx
]);
1419 HW_DESC_SET_DIN_NO_DMA(&desc
[idx
], 0, 0xfffff0);
1420 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
1421 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
1422 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1423 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_HASH_HW_GHASH
);
1424 HW_DESC_SET_CIPHER_DO(&desc
[idx
], 1); //1=AES_SK RKEK
1425 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1426 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_ENABLED
);
1427 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
1430 /* Load GHASH initial STATE (which is 0). (for any hash there is an initial state) */
1431 HW_DESC_INIT(&desc
[idx
]);
1432 HW_DESC_SET_DIN_CONST(&desc
[idx
], 0x0, AES_BLOCK_SIZE
);
1433 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
1434 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_HASH
);
1435 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1436 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_HASH_HW_GHASH
);
1437 HW_DESC_SET_CIPHER_CONFIG1(&desc
[idx
], HASH_PADDING_ENABLED
);
1438 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE0
);
1443 ///////////////////////////////// 2 ////////////////////////////////////
1444 /* prcess(ghash) assoc data */
1445 // if (req->assoclen > 0)
1446 // ssi_aead_create_assoc_desc(req, DIN_HASH, desc, seq_size);
1447 ///////////////////////////////// 2 ////////////////////////////////////
1449 HW_DESC_INIT(&desc
[idx
]);
1450 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1451 adata_dma_addr
, adata_size
,
1453 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
1457 ///////////////////////////////// 3 ////////////////////////////////////
1458 // ssi_aead_gcm_setup_gctr_desc(req, desc, seq_size);
1459 ///////////////////////////////// 3 ////////////////////////////////////
1461 /* load key to AES*/
1462 HW_DESC_INIT(&desc
[idx
]);
1463 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_GCTR
);
1464 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1465 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1466 key_dma_addr
, key_size
,
1468 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1469 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_KEY0
);
1470 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1473 /* load AES/CTR initial CTR value inc by 2*/
1474 HW_DESC_INIT(&desc
[idx
]);
1475 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_GCTR
);
1476 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1477 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1478 iv_inc2_dma_addr
, AES_BLOCK_SIZE
,
1480 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1481 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
1482 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1486 ///////////////////////////////// 4 ////////////////////////////////////
1487 /* process(gctr+ghash) */
1488 // if (req_ctx->cryptlen != 0)
1489 // ssi_aead_process_cipher_data_desc(req, cipher_flow_mode, desc, seq_size);
1490 ///////////////////////////////// 4 ////////////////////////////////////
1492 HW_DESC_INIT(&desc
[idx
]);
1493 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1494 din_dma_addr
, din_size
,
1496 HW_DESC_SET_DOUT_DLLI(&desc
[idx
],
1497 dout_dma_addr
, din_size
,
1499 HW_DESC_SET_FLOW_MODE(&desc
[idx
], cipher_flow_mode
);
1503 ///////////////////////////////// 5 ////////////////////////////////////
1504 // ssi_aead_process_gcm_result_desc(req, desc, seq_size);
1505 ///////////////////////////////// 5 ////////////////////////////////////
1507 /* prcess(ghash) gcm_block_len */
1508 HW_DESC_INIT(&desc
[idx
]);
1509 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1510 block_len_dma_addr
, AES_BLOCK_SIZE
,
1512 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_HASH
);
1515 /* Store GHASH state after GHASH(Associated Data + Cipher +LenBlock) */
1516 HW_DESC_INIT(&desc
[idx
]);
1517 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_HASH_HW_GHASH
);
1518 HW_DESC_SET_DIN_NO_DMA(&desc
[idx
], 0, 0xfffff0);
1519 HW_DESC_SET_DOUT_DLLI(&desc
[idx
],
1520 mac_res_dma_addr
, AES_BLOCK_SIZE
,
1522 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_WRITE_STATE0
);
1523 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_HASH_to_DOUT
);
1524 HW_DESC_SET_AES_NOT_HASH_MODE(&desc
[idx
]);
1527 /* load AES/CTR initial CTR value inc by 1*/
1528 HW_DESC_INIT(&desc
[idx
]);
1529 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_GCTR
);
1530 HW_DESC_SET_KEY_SIZE_AES(&desc
[idx
], key_size
);
1531 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1532 iv_inc1_dma_addr
, AES_BLOCK_SIZE
,
1534 HW_DESC_SET_CIPHER_CONFIG0(&desc
[idx
], DRV_CRYPTO_DIRECTION_ENCRYPT
);
1535 HW_DESC_SET_SETUP_MODE(&desc
[idx
], SETUP_LOAD_STATE1
);
1536 HW_DESC_SET_FLOW_MODE(&desc
[idx
], S_DIN_to_AES
);
1539 /* Memory Barrier */
1540 HW_DESC_INIT(&desc
[idx
]);
1541 HW_DESC_SET_DIN_NO_DMA(&desc
[idx
], 0, 0xfffff0);
1542 HW_DESC_SET_DOUT_NO_DMA(&desc
[idx
], 0, 0, 1);
1545 /* process GCTR on stored GHASH and store MAC inplace */
1546 HW_DESC_INIT(&desc
[idx
]);
1547 HW_DESC_SET_CIPHER_MODE(&desc
[idx
], DRV_CIPHER_GCTR
);
1548 HW_DESC_SET_DIN_TYPE(&desc
[idx
], DMA_DLLI
,
1549 mac_res_dma_addr
, AES_BLOCK_SIZE
,
1551 HW_DESC_SET_DOUT_DLLI(&desc
[idx
],
1552 mac_res_dma_addr
, AES_BLOCK_SIZE
,
1554 HW_DESC_SET_FLOW_MODE(&desc
[idx
], DIN_AES_DOUT
);
1557 /* perform the operation - Lock HW and push sequence */
1558 BUG_ON(idx
> FIPS_GCM_MAX_SEQ_LEN
);
1559 rc
= send_request(drvdata
, &ssi_req
, desc
, idx
, false);
1565 ssi_gcm_fips_power_up_tests(struct ssi_drvdata
*drvdata
, void *cpu_addr_buffer
, dma_addr_t dma_coherent_buffer
)
1567 ssi_fips_error_t error
= CC_REE_FIPS_ERROR_OK
;
1569 struct fips_gcm_ctx
*virt_ctx
= (struct fips_gcm_ctx
*)cpu_addr_buffer
;
1571 /* set the phisical pointers */
1572 dma_addr_t adata_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, adata
);
1573 dma_addr_t key_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, key
);
1574 dma_addr_t hkey_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, hkey
);
1575 dma_addr_t din_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, din
);
1576 dma_addr_t dout_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, dout
);
1577 dma_addr_t mac_res_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, mac_res
);
1578 dma_addr_t len_block_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, len_block
);
1579 dma_addr_t iv_inc1_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, iv_inc1
);
1580 dma_addr_t iv_inc2_dma_addr
= dma_coherent_buffer
+ offsetof(struct fips_gcm_ctx
, iv_inc2
);
1582 for (i
= 0; i
< FIPS_GCM_NUM_OF_TESTS
; ++i
)
1584 FipsGcmData
*gcmData
= (FipsGcmData
*)&FipsGcmDataTable
[i
];
1587 memset(cpu_addr_buffer
, 0, sizeof(struct fips_gcm_ctx
));
1589 /* copy the key, adata, din data - into the allocated buffer */
1590 memcpy(virt_ctx
->key
, gcmData
->key
, gcmData
->keySize
);
1591 memcpy(virt_ctx
->adata
, gcmData
->adata
, gcmData
->adataSize
);
1592 memcpy(virt_ctx
->din
, gcmData
->dataIn
, gcmData
->dataInSize
);
1597 len_bits
= cpu_to_be64(gcmData
->adataSize
* 8);
1598 memcpy(virt_ctx
->len_block
, &len_bits
, sizeof(len_bits
));
1599 len_bits
= cpu_to_be64(gcmData
->dataInSize
* 8);
1600 memcpy(virt_ctx
->len_block
+ 8, &len_bits
, sizeof(len_bits
));
1602 /* iv_inc1, iv_inc2 */
1604 __be32 counter
= cpu_to_be32(1);
1605 memcpy(virt_ctx
->iv_inc1
, gcmData
->iv
, NIST_AESGCM_IV_SIZE
);
1606 memcpy(virt_ctx
->iv_inc1
+ NIST_AESGCM_IV_SIZE
, &counter
, sizeof(counter
));
1607 counter
= cpu_to_be32(2);
1608 memcpy(virt_ctx
->iv_inc2
, gcmData
->iv
, NIST_AESGCM_IV_SIZE
);
1609 memcpy(virt_ctx
->iv_inc2
+ NIST_AESGCM_IV_SIZE
, &counter
, sizeof(counter
));
1612 FIPS_DBG("ssi_gcm_fips_run_test - (i = %d) \n", i
);
1613 rc
= ssi_gcm_fips_run_test(drvdata
,
1624 gcmData
->dataInSize
,
1629 FIPS_LOG("ssi_gcm_fips_run_test %d returned error - rc = %d \n", i
, rc
);
1630 error
= CC_REE_FIPS_ERROR_AESGCM_PUT
;
1634 if (gcmData
->direction
== DRV_CRYPTO_DIRECTION_ENCRYPT
) {
1635 /* compare actual dout to expected */
1636 if (memcmp(virt_ctx
->dout
, gcmData
->dataOut
, gcmData
->dataInSize
) != 0)
1638 FIPS_LOG("dout comparison error %d - size=%d \n", i
, gcmData
->dataInSize
);
1639 FIPS_LOG(" i expected received \n");
1640 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)gcmData
->dataOut
, (size_t)virt_ctx
->dout
);
1641 for (i
= 0; i
< gcmData
->dataInSize
; ++i
)
1643 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, gcmData
->dataOut
[i
], virt_ctx
->dout
[i
]);
1646 error
= CC_REE_FIPS_ERROR_AESGCM_PUT
;
1651 /* compare actual mac result to expected */
1652 if (memcmp(virt_ctx
->mac_res
, gcmData
->macResOut
, gcmData
->tagSize
) != 0)
1654 FIPS_LOG("mac_res comparison error %d - mac_size=%d \n", i
, gcmData
->tagSize
);
1655 FIPS_LOG(" i expected received \n");
1656 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)gcmData
->macResOut
, (size_t)virt_ctx
->mac_res
);
1657 for (i
= 0; i
< gcmData
->tagSize
; ++i
)
1659 FIPS_LOG(" %d 0x%02x 0x%02x \n", i
, gcmData
->macResOut
[i
], virt_ctx
->mac_res
[i
]);
1662 error
= CC_REE_FIPS_ERROR_AESGCM_PUT
;
1670 size_t ssi_fips_max_mem_alloc_size(void)
1672 FIPS_DBG("sizeof(struct fips_cipher_ctx) %d \n", sizeof(struct fips_cipher_ctx
));
1673 FIPS_DBG("sizeof(struct fips_cmac_ctx) %d \n", sizeof(struct fips_cmac_ctx
));
1674 FIPS_DBG("sizeof(struct fips_hash_ctx) %d \n", sizeof(struct fips_hash_ctx
));
1675 FIPS_DBG("sizeof(struct fips_hmac_ctx) %d \n", sizeof(struct fips_hmac_ctx
));
1676 FIPS_DBG("sizeof(struct fips_ccm_ctx) %d \n", sizeof(struct fips_ccm_ctx
));
1677 FIPS_DBG("sizeof(struct fips_gcm_ctx) %d \n", sizeof(struct fips_gcm_ctx
));
1679 return sizeof(fips_ctx
);