]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - drivers/staging/ccree/ssi_fips_ll.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
iio: imu: inv_mpu6050: test whoami first and against all known values
[mirror_ubuntu-artful-kernel.git] / drivers / staging / ccree / ssi_fips_ll.c
1 /*
2 * Copyright (C) 2012-2017 ARM Limited or its affiliates.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, see <http://www.gnu.org/licenses/>.
15 */
16
17 /**************************************************************
18 This file defines the driver FIPS Low Level implmentaion functions,
19 that executes the KAT.
20 ***************************************************************/
21 #include <linux/kernel.h>
22
23 #include "ssi_driver.h"
24 #include "ssi_fips_local.h"
25 #include "ssi_fips_data.h"
26 #include "cc_crypto_ctx.h"
27 #include "ssi_hash.h"
28 #include "ssi_request_mgr.h"
29
30
31 static const u32 digest_len_init[] = {
32 0x00000040, 0x00000000, 0x00000000, 0x00000000 };
33 static const u32 sha1_init[] = {
34 SHA1_H4, SHA1_H3, SHA1_H2, SHA1_H1, SHA1_H0 };
35 static const u32 sha256_init[] = {
36 SHA256_H7, SHA256_H6, SHA256_H5, SHA256_H4,
37 SHA256_H3, SHA256_H2, SHA256_H1, SHA256_H0 };
38 #if (CC_SUPPORT_SHA > 256)
39 static const u32 digest_len_sha512_init[] = {
40 0x00000080, 0x00000000, 0x00000000, 0x00000000 };
41 static const u64 sha512_init[] = {
42 SHA512_H7, SHA512_H6, SHA512_H5, SHA512_H4,
43 SHA512_H3, SHA512_H2, SHA512_H1, SHA512_H0 };
44 #endif
45
46
47 #define NIST_CIPHER_AES_MAX_VECTOR_SIZE 32
48
49 struct fips_cipher_ctx {
50 u8 iv[CC_AES_IV_SIZE];
51 u8 key[AES_512_BIT_KEY_SIZE];
52 u8 din[NIST_CIPHER_AES_MAX_VECTOR_SIZE];
53 u8 dout[NIST_CIPHER_AES_MAX_VECTOR_SIZE];
54 };
55
56 typedef struct _FipsCipherData {
57 u8 isAes;
58 u8 key[AES_512_BIT_KEY_SIZE];
59 size_t keySize;
60 u8 iv[CC_AES_IV_SIZE];
61 enum drv_crypto_direction direction;
62 enum drv_cipher_mode oprMode;
63 u8 dataIn[NIST_CIPHER_AES_MAX_VECTOR_SIZE];
64 u8 dataOut[NIST_CIPHER_AES_MAX_VECTOR_SIZE];
65 size_t dataInSize;
66 } FipsCipherData;
67
68
69 struct fips_cmac_ctx {
70 u8 key[AES_256_BIT_KEY_SIZE];
71 u8 din[NIST_CIPHER_AES_MAX_VECTOR_SIZE];
72 u8 mac_res[CC_DIGEST_SIZE_MAX];
73 };
74
75 typedef struct _FipsCmacData {
76 enum drv_crypto_direction direction;
77 u8 key[AES_256_BIT_KEY_SIZE];
78 size_t key_size;
79 u8 data_in[NIST_CIPHER_AES_MAX_VECTOR_SIZE];
80 size_t data_in_size;
81 u8 mac_res[CC_DIGEST_SIZE_MAX];
82 size_t mac_res_size;
83 } FipsCmacData;
84
85
86 struct fips_hash_ctx {
87 u8 initial_digest[CC_DIGEST_SIZE_MAX];
88 u8 din[NIST_SHA_MSG_SIZE];
89 u8 mac_res[CC_DIGEST_SIZE_MAX];
90 };
91
92 typedef struct _FipsHashData {
93 enum drv_hash_mode hash_mode;
94 u8 data_in[NIST_SHA_MSG_SIZE];
95 size_t data_in_size;
96 u8 mac_res[CC_DIGEST_SIZE_MAX];
97 } FipsHashData;
98
99
100 /* note that the hmac key length must be equal or less than block size (block size is 64 up to sha256 and 128 for sha384/512) */
101 struct fips_hmac_ctx {
102 u8 initial_digest[CC_DIGEST_SIZE_MAX];
103 u8 key[CC_HMAC_BLOCK_SIZE_MAX];
104 u8 k0[CC_HMAC_BLOCK_SIZE_MAX];
105 u8 digest_bytes_len[HASH_LEN_SIZE];
106 u8 tmp_digest[CC_DIGEST_SIZE_MAX];
107 u8 din[NIST_HMAC_MSG_SIZE];
108 u8 mac_res[CC_DIGEST_SIZE_MAX];
109 };
110
111 typedef struct _FipsHmacData {
112 enum drv_hash_mode hash_mode;
113 u8 key[CC_HMAC_BLOCK_SIZE_MAX];
114 size_t key_size;
115 u8 data_in[NIST_HMAC_MSG_SIZE];
116 size_t data_in_size;
117 u8 mac_res[CC_DIGEST_SIZE_MAX];
118 } FipsHmacData;
119
120
121 #define FIPS_CCM_B0_A0_ADATA_SIZE (NIST_AESCCM_IV_SIZE + NIST_AESCCM_IV_SIZE + NIST_AESCCM_ADATA_SIZE)
122
123 struct fips_ccm_ctx {
124 u8 b0_a0_adata[FIPS_CCM_B0_A0_ADATA_SIZE];
125 u8 iv[NIST_AESCCM_IV_SIZE];
126 u8 ctr_cnt_0[NIST_AESCCM_IV_SIZE];
127 u8 key[CC_AES_KEY_SIZE_MAX];
128 u8 din[NIST_AESCCM_TEXT_SIZE];
129 u8 dout[NIST_AESCCM_TEXT_SIZE];
130 u8 mac_res[NIST_AESCCM_TAG_SIZE];
131 };
132
133 typedef struct _FipsCcmData {
134 enum drv_crypto_direction direction;
135 u8 key[CC_AES_KEY_SIZE_MAX];
136 size_t keySize;
137 u8 nonce[NIST_AESCCM_NONCE_SIZE];
138 u8 adata[NIST_AESCCM_ADATA_SIZE];
139 size_t adataSize;
140 u8 dataIn[NIST_AESCCM_TEXT_SIZE];
141 size_t dataInSize;
142 u8 dataOut[NIST_AESCCM_TEXT_SIZE];
143 u8 tagSize;
144 u8 macResOut[NIST_AESCCM_TAG_SIZE];
145 } FipsCcmData;
146
147
148 struct fips_gcm_ctx {
149 u8 adata[NIST_AESGCM_ADATA_SIZE];
150 u8 key[CC_AES_KEY_SIZE_MAX];
151 u8 hkey[CC_AES_KEY_SIZE_MAX];
152 u8 din[NIST_AESGCM_TEXT_SIZE];
153 u8 dout[NIST_AESGCM_TEXT_SIZE];
154 u8 mac_res[NIST_AESGCM_TAG_SIZE];
155 u8 len_block[AES_BLOCK_SIZE];
156 u8 iv_inc1[AES_BLOCK_SIZE];
157 u8 iv_inc2[AES_BLOCK_SIZE];
158 };
159
160 typedef struct _FipsGcmData {
161 enum drv_crypto_direction direction;
162 u8 key[CC_AES_KEY_SIZE_MAX];
163 size_t keySize;
164 u8 iv[NIST_AESGCM_IV_SIZE];
165 u8 adata[NIST_AESGCM_ADATA_SIZE];
166 size_t adataSize;
167 u8 dataIn[NIST_AESGCM_TEXT_SIZE];
168 size_t dataInSize;
169 u8 dataOut[NIST_AESGCM_TEXT_SIZE];
170 u8 tagSize;
171 u8 macResOut[NIST_AESGCM_TAG_SIZE];
172 } FipsGcmData;
173
174
175 typedef union _fips_ctx {
176 struct fips_cipher_ctx cipher;
177 struct fips_cmac_ctx cmac;
178 struct fips_hash_ctx hash;
179 struct fips_hmac_ctx hmac;
180 struct fips_ccm_ctx ccm;
181 struct fips_gcm_ctx gcm;
182 } fips_ctx;
183
184
185 /* test data tables */
186 static const FipsCipherData FipsCipherDataTable[] = {
187 /* AES */
188 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_ECB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_ECB, NIST_AES_PLAIN_DATA, NIST_AES_128_ECB_CIPHER, NIST_AES_VECTOR_SIZE },
189 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_ECB_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_ECB, NIST_AES_128_ECB_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
190 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_ECB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_ECB, NIST_AES_PLAIN_DATA, NIST_AES_192_ECB_CIPHER, NIST_AES_VECTOR_SIZE },
191 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_ECB_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_ECB, NIST_AES_192_ECB_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
192 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_ECB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_ECB, NIST_AES_PLAIN_DATA, NIST_AES_256_ECB_CIPHER, NIST_AES_VECTOR_SIZE },
193 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_ECB_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_ECB, NIST_AES_256_ECB_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
194 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_CBC_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CBC, NIST_AES_PLAIN_DATA, NIST_AES_128_CBC_CIPHER, NIST_AES_VECTOR_SIZE },
195 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_CBC_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CBC, NIST_AES_128_CBC_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
196 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_CBC_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CBC, NIST_AES_PLAIN_DATA, NIST_AES_192_CBC_CIPHER, NIST_AES_VECTOR_SIZE },
197 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_CBC_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CBC, NIST_AES_192_CBC_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
198 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_CBC_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CBC, NIST_AES_PLAIN_DATA, NIST_AES_256_CBC_CIPHER, NIST_AES_VECTOR_SIZE },
199 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_CBC_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CBC, NIST_AES_256_CBC_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
200 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_OFB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_OFB, NIST_AES_PLAIN_DATA, NIST_AES_128_OFB_CIPHER, NIST_AES_VECTOR_SIZE },
201 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_OFB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_OFB, NIST_AES_128_OFB_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
202 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_OFB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_OFB, NIST_AES_PLAIN_DATA, NIST_AES_192_OFB_CIPHER, NIST_AES_VECTOR_SIZE },
203 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_OFB_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_OFB, NIST_AES_192_OFB_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
204 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_OFB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_OFB, NIST_AES_PLAIN_DATA, NIST_AES_256_OFB_CIPHER, NIST_AES_VECTOR_SIZE },
205 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_OFB_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_OFB, NIST_AES_256_OFB_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
206 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_CTR_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CTR, NIST_AES_PLAIN_DATA, NIST_AES_128_CTR_CIPHER, NIST_AES_VECTOR_SIZE },
207 { 1, NIST_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, NIST_AES_CTR_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CTR, NIST_AES_128_CTR_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
208 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_CTR_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CTR, NIST_AES_PLAIN_DATA, NIST_AES_192_CTR_CIPHER, NIST_AES_VECTOR_SIZE },
209 { 1, NIST_AES_192_KEY, CC_AES_192_BIT_KEY_SIZE, NIST_AES_CTR_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CTR, NIST_AES_192_CTR_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
210 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_CTR_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CTR, NIST_AES_PLAIN_DATA, NIST_AES_256_CTR_CIPHER, NIST_AES_VECTOR_SIZE },
211 { 1, NIST_AES_256_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_CTR_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CTR, NIST_AES_256_CTR_CIPHER, NIST_AES_PLAIN_DATA, NIST_AES_VECTOR_SIZE },
212 { 1, RFC3962_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, RFC3962_AES_CBC_CTS_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CBC_CTS, RFC3962_AES_PLAIN_DATA, RFC3962_AES_128_CBC_CTS_CIPHER, RFC3962_AES_VECTOR_SIZE },
213 { 1, RFC3962_AES_128_KEY, CC_AES_128_BIT_KEY_SIZE, RFC3962_AES_CBC_CTS_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CBC_CTS, RFC3962_AES_128_CBC_CTS_CIPHER, RFC3962_AES_PLAIN_DATA, RFC3962_AES_VECTOR_SIZE },
214 { 1, NIST_AES_256_XTS_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_256_XTS_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_XTS, NIST_AES_256_XTS_PLAIN, NIST_AES_256_XTS_CIPHER, NIST_AES_256_XTS_VECTOR_SIZE },
215 { 1, NIST_AES_256_XTS_KEY, CC_AES_256_BIT_KEY_SIZE, NIST_AES_256_XTS_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_XTS, NIST_AES_256_XTS_CIPHER, NIST_AES_256_XTS_PLAIN, NIST_AES_256_XTS_VECTOR_SIZE },
216 #if (CC_SUPPORT_SHA > 256)
217 { 1, NIST_AES_512_XTS_KEY, 2*CC_AES_256_BIT_KEY_SIZE, NIST_AES_512_XTS_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_XTS, NIST_AES_512_XTS_PLAIN, NIST_AES_512_XTS_CIPHER, NIST_AES_512_XTS_VECTOR_SIZE },
218 { 1, NIST_AES_512_XTS_KEY, 2*CC_AES_256_BIT_KEY_SIZE, NIST_AES_512_XTS_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_XTS, NIST_AES_512_XTS_CIPHER, NIST_AES_512_XTS_PLAIN, NIST_AES_512_XTS_VECTOR_SIZE },
219 #endif
220 /* DES */
221 { 0, NIST_TDES_ECB3_KEY, CC_DRV_DES_TRIPLE_KEY_SIZE, NIST_TDES_ECB_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_ECB, NIST_TDES_ECB3_PLAIN_DATA, NIST_TDES_ECB3_CIPHER, NIST_TDES_VECTOR_SIZE },
222 { 0, NIST_TDES_ECB3_KEY, CC_DRV_DES_TRIPLE_KEY_SIZE, NIST_TDES_ECB_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_ECB, NIST_TDES_ECB3_CIPHER, NIST_TDES_ECB3_PLAIN_DATA, NIST_TDES_VECTOR_SIZE },
223 { 0, NIST_TDES_CBC3_KEY, CC_DRV_DES_TRIPLE_KEY_SIZE, NIST_TDES_CBC3_IV, DRV_CRYPTO_DIRECTION_ENCRYPT, DRV_CIPHER_CBC, NIST_TDES_CBC3_PLAIN_DATA, NIST_TDES_CBC3_CIPHER, NIST_TDES_VECTOR_SIZE },
224 { 0, NIST_TDES_CBC3_KEY, CC_DRV_DES_TRIPLE_KEY_SIZE, NIST_TDES_CBC3_IV, DRV_CRYPTO_DIRECTION_DECRYPT, DRV_CIPHER_CBC, NIST_TDES_CBC3_CIPHER, NIST_TDES_CBC3_PLAIN_DATA, NIST_TDES_VECTOR_SIZE },
225 };
226 #define FIPS_CIPHER_NUM_OF_TESTS (sizeof(FipsCipherDataTable) / sizeof(FipsCipherData))
227
228 static const FipsCmacData FipsCmacDataTable[] = {
229 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AES_128_CMAC_KEY, AES_128_BIT_KEY_SIZE, NIST_AES_128_CMAC_PLAIN_DATA, NIST_AES_128_CMAC_VECTOR_SIZE, NIST_AES_128_CMAC_MAC, NIST_AES_128_CMAC_OUTPUT_SIZE },
230 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AES_192_CMAC_KEY, AES_192_BIT_KEY_SIZE, NIST_AES_192_CMAC_PLAIN_DATA, NIST_AES_192_CMAC_VECTOR_SIZE, NIST_AES_192_CMAC_MAC, NIST_AES_192_CMAC_OUTPUT_SIZE },
231 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AES_256_CMAC_KEY, AES_256_BIT_KEY_SIZE, NIST_AES_256_CMAC_PLAIN_DATA, NIST_AES_256_CMAC_VECTOR_SIZE, NIST_AES_256_CMAC_MAC, NIST_AES_256_CMAC_OUTPUT_SIZE },
232 };
233 #define FIPS_CMAC_NUM_OF_TESTS (sizeof(FipsCmacDataTable) / sizeof(FipsCmacData))
234
235 static const FipsHashData FipsHashDataTable[] = {
236 { DRV_HASH_SHA1, NIST_SHA_1_MSG, NIST_SHA_MSG_SIZE, NIST_SHA_1_MD },
237 { DRV_HASH_SHA256, NIST_SHA_256_MSG, NIST_SHA_MSG_SIZE, NIST_SHA_256_MD },
238 #if (CC_SUPPORT_SHA > 256)
239 // { DRV_HASH_SHA512, NIST_SHA_512_MSG, NIST_SHA_MSG_SIZE, NIST_SHA_512_MD },
240 #endif
241 };
242 #define FIPS_HASH_NUM_OF_TESTS (sizeof(FipsHashDataTable) / sizeof(FipsHashData))
243
244 static const FipsHmacData FipsHmacDataTable[] = {
245 { DRV_HASH_SHA1, NIST_HMAC_SHA1_KEY, NIST_HMAC_SHA1_KEY_SIZE, NIST_HMAC_SHA1_MSG, NIST_HMAC_MSG_SIZE, NIST_HMAC_SHA1_MD },
246 { DRV_HASH_SHA256, NIST_HMAC_SHA256_KEY, NIST_HMAC_SHA256_KEY_SIZE, NIST_HMAC_SHA256_MSG, NIST_HMAC_MSG_SIZE, NIST_HMAC_SHA256_MD },
247 #if (CC_SUPPORT_SHA > 256)
248 // { DRV_HASH_SHA512, NIST_HMAC_SHA512_KEY, NIST_HMAC_SHA512_KEY_SIZE, NIST_HMAC_SHA512_MSG, NIST_HMAC_MSG_SIZE, NIST_HMAC_SHA512_MD },
249 #endif
250 };
251 #define FIPS_HMAC_NUM_OF_TESTS (sizeof(FipsHmacDataTable) / sizeof(FipsHmacData))
252
253 static const FipsCcmData FipsCcmDataTable[] = {
254 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AESCCM_128_KEY, NIST_AESCCM_128_BIT_KEY_SIZE, NIST_AESCCM_128_NONCE, NIST_AESCCM_128_ADATA, NIST_AESCCM_ADATA_SIZE, NIST_AESCCM_128_PLAIN_TEXT, NIST_AESCCM_TEXT_SIZE, NIST_AESCCM_128_CIPHER, NIST_AESCCM_TAG_SIZE, NIST_AESCCM_128_MAC },
255 { DRV_CRYPTO_DIRECTION_DECRYPT, NIST_AESCCM_128_KEY, NIST_AESCCM_128_BIT_KEY_SIZE, NIST_AESCCM_128_NONCE, NIST_AESCCM_128_ADATA, NIST_AESCCM_ADATA_SIZE, NIST_AESCCM_128_CIPHER, NIST_AESCCM_TEXT_SIZE, NIST_AESCCM_128_PLAIN_TEXT, NIST_AESCCM_TAG_SIZE, NIST_AESCCM_128_MAC },
256 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AESCCM_192_KEY, NIST_AESCCM_192_BIT_KEY_SIZE, NIST_AESCCM_192_NONCE, NIST_AESCCM_192_ADATA, NIST_AESCCM_ADATA_SIZE, NIST_AESCCM_192_PLAIN_TEXT, NIST_AESCCM_TEXT_SIZE, NIST_AESCCM_192_CIPHER, NIST_AESCCM_TAG_SIZE, NIST_AESCCM_192_MAC },
257 { DRV_CRYPTO_DIRECTION_DECRYPT, NIST_AESCCM_192_KEY, NIST_AESCCM_192_BIT_KEY_SIZE, NIST_AESCCM_192_NONCE, NIST_AESCCM_192_ADATA, NIST_AESCCM_ADATA_SIZE, NIST_AESCCM_192_CIPHER, NIST_AESCCM_TEXT_SIZE, NIST_AESCCM_192_PLAIN_TEXT, NIST_AESCCM_TAG_SIZE, NIST_AESCCM_192_MAC },
258 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AESCCM_256_KEY, NIST_AESCCM_256_BIT_KEY_SIZE, NIST_AESCCM_256_NONCE, NIST_AESCCM_256_ADATA, NIST_AESCCM_ADATA_SIZE, NIST_AESCCM_256_PLAIN_TEXT, NIST_AESCCM_TEXT_SIZE, NIST_AESCCM_256_CIPHER, NIST_AESCCM_TAG_SIZE, NIST_AESCCM_256_MAC },
259 { DRV_CRYPTO_DIRECTION_DECRYPT, NIST_AESCCM_256_KEY, NIST_AESCCM_256_BIT_KEY_SIZE, NIST_AESCCM_256_NONCE, NIST_AESCCM_256_ADATA, NIST_AESCCM_ADATA_SIZE, NIST_AESCCM_256_CIPHER, NIST_AESCCM_TEXT_SIZE, NIST_AESCCM_256_PLAIN_TEXT, NIST_AESCCM_TAG_SIZE, NIST_AESCCM_256_MAC },
260 };
261 #define FIPS_CCM_NUM_OF_TESTS (sizeof(FipsCcmDataTable) / sizeof(FipsCcmData))
262
263 static const FipsGcmData FipsGcmDataTable[] = {
264 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AESGCM_128_KEY, NIST_AESGCM_128_BIT_KEY_SIZE, NIST_AESGCM_128_IV, NIST_AESGCM_128_ADATA, NIST_AESGCM_ADATA_SIZE, NIST_AESGCM_128_PLAIN_TEXT, NIST_AESGCM_TEXT_SIZE, NIST_AESGCM_128_CIPHER, NIST_AESGCM_TAG_SIZE, NIST_AESGCM_128_MAC },
265 { DRV_CRYPTO_DIRECTION_DECRYPT, NIST_AESGCM_128_KEY, NIST_AESGCM_128_BIT_KEY_SIZE, NIST_AESGCM_128_IV, NIST_AESGCM_128_ADATA, NIST_AESGCM_ADATA_SIZE, NIST_AESGCM_128_CIPHER, NIST_AESGCM_TEXT_SIZE, NIST_AESGCM_128_PLAIN_TEXT, NIST_AESGCM_TAG_SIZE, NIST_AESGCM_128_MAC },
266 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AESGCM_192_KEY, NIST_AESGCM_192_BIT_KEY_SIZE, NIST_AESGCM_192_IV, NIST_AESGCM_192_ADATA, NIST_AESGCM_ADATA_SIZE, NIST_AESGCM_192_PLAIN_TEXT, NIST_AESGCM_TEXT_SIZE, NIST_AESGCM_192_CIPHER, NIST_AESGCM_TAG_SIZE, NIST_AESGCM_192_MAC },
267 { DRV_CRYPTO_DIRECTION_DECRYPT, NIST_AESGCM_192_KEY, NIST_AESGCM_192_BIT_KEY_SIZE, NIST_AESGCM_192_IV, NIST_AESGCM_192_ADATA, NIST_AESGCM_ADATA_SIZE, NIST_AESGCM_192_CIPHER, NIST_AESGCM_TEXT_SIZE, NIST_AESGCM_192_PLAIN_TEXT, NIST_AESGCM_TAG_SIZE, NIST_AESGCM_192_MAC },
268 { DRV_CRYPTO_DIRECTION_ENCRYPT, NIST_AESGCM_256_KEY, NIST_AESGCM_256_BIT_KEY_SIZE, NIST_AESGCM_256_IV, NIST_AESGCM_256_ADATA, NIST_AESGCM_ADATA_SIZE, NIST_AESGCM_256_PLAIN_TEXT, NIST_AESGCM_TEXT_SIZE, NIST_AESGCM_256_CIPHER, NIST_AESGCM_TAG_SIZE, NIST_AESGCM_256_MAC },
269 { DRV_CRYPTO_DIRECTION_DECRYPT, NIST_AESGCM_256_KEY, NIST_AESGCM_256_BIT_KEY_SIZE, NIST_AESGCM_256_IV, NIST_AESGCM_256_ADATA, NIST_AESGCM_ADATA_SIZE, NIST_AESGCM_256_CIPHER, NIST_AESGCM_TEXT_SIZE, NIST_AESGCM_256_PLAIN_TEXT, NIST_AESGCM_TAG_SIZE, NIST_AESGCM_256_MAC },
270 };
271 #define FIPS_GCM_NUM_OF_TESTS (sizeof(FipsGcmDataTable) / sizeof(FipsGcmData))
272
273
274 static inline ssi_fips_error_t
275 FIPS_CipherToFipsError(enum drv_cipher_mode mode, bool is_aes)
276 {
277 switch (mode)
278 {
279 case DRV_CIPHER_ECB:
280 return is_aes ? CC_REE_FIPS_ERROR_AES_ECB_PUT : CC_REE_FIPS_ERROR_DES_ECB_PUT ;
281 case DRV_CIPHER_CBC:
282 return is_aes ? CC_REE_FIPS_ERROR_AES_CBC_PUT : CC_REE_FIPS_ERROR_DES_CBC_PUT ;
283 case DRV_CIPHER_OFB:
284 return CC_REE_FIPS_ERROR_AES_OFB_PUT;
285 case DRV_CIPHER_CTR:
286 return CC_REE_FIPS_ERROR_AES_CTR_PUT;
287 case DRV_CIPHER_CBC_CTS:
288 return CC_REE_FIPS_ERROR_AES_CBC_CTS_PUT;
289 case DRV_CIPHER_XTS:
290 return CC_REE_FIPS_ERROR_AES_XTS_PUT;
291 default:
292 return CC_REE_FIPS_ERROR_GENERAL;
293 }
294
295 return CC_REE_FIPS_ERROR_GENERAL;
296 }
297
298
299 static inline int
300 ssi_cipher_fips_run_test(struct ssi_drvdata *drvdata,
301 bool is_aes,
302 int cipher_mode,
303 int direction,
304 dma_addr_t key_dma_addr,
305 size_t key_len,
306 dma_addr_t iv_dma_addr,
307 size_t iv_len,
308 dma_addr_t din_dma_addr,
309 dma_addr_t dout_dma_addr,
310 size_t data_size)
311 {
312 /* max number of descriptors used for the flow */
313 #define FIPS_CIPHER_MAX_SEQ_LEN 6
314
315 int rc;
316 struct ssi_crypto_req ssi_req = {0};
317 struct cc_hw_desc desc[FIPS_CIPHER_MAX_SEQ_LEN];
318 int idx = 0;
319 int s_flow_mode = is_aes ? S_DIN_to_AES : S_DIN_to_DES;
320
321 /* create setup descriptors */
322 switch (cipher_mode) {
323 case DRV_CIPHER_CBC:
324 case DRV_CIPHER_CBC_CTS:
325 case DRV_CIPHER_CTR:
326 case DRV_CIPHER_OFB:
327 /* Load cipher state */
328 HW_DESC_INIT(&desc[idx]);
329 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
330 iv_dma_addr, iv_len, NS_BIT);
331 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], direction);
332 HW_DESC_SET_FLOW_MODE(&desc[idx], s_flow_mode);
333 HW_DESC_SET_CIPHER_MODE(&desc[idx], cipher_mode);
334 if ((cipher_mode == DRV_CIPHER_CTR) ||
335 (cipher_mode == DRV_CIPHER_OFB) ) {
336 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
337 } else {
338 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
339 }
340 idx++;
341 /*FALLTHROUGH*/
342 case DRV_CIPHER_ECB:
343 /* Load key */
344 HW_DESC_INIT(&desc[idx]);
345 HW_DESC_SET_CIPHER_MODE(&desc[idx], cipher_mode);
346 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], direction);
347 if (is_aes) {
348 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
349 key_dma_addr,
350 ((key_len == 24) ? AES_MAX_KEY_SIZE : key_len),
351 NS_BIT);
352 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_len);
353 } else {/*des*/
354 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
355 key_dma_addr, key_len,
356 NS_BIT);
357 HW_DESC_SET_KEY_SIZE_DES(&desc[idx], key_len);
358 }
359 HW_DESC_SET_FLOW_MODE(&desc[idx], s_flow_mode);
360 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
361 idx++;
362 break;
363 case DRV_CIPHER_XTS:
364 /* Load AES key */
365 HW_DESC_INIT(&desc[idx]);
366 HW_DESC_SET_CIPHER_MODE(&desc[idx], cipher_mode);
367 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], direction);
368 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
369 key_dma_addr, key_len/2, NS_BIT);
370 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_len/2);
371 HW_DESC_SET_FLOW_MODE(&desc[idx], s_flow_mode);
372 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
373 idx++;
374
375 /* load XEX key */
376 HW_DESC_INIT(&desc[idx]);
377 HW_DESC_SET_CIPHER_MODE(&desc[idx], cipher_mode);
378 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], direction);
379 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
380 (key_dma_addr+key_len/2), key_len/2, NS_BIT);
381 HW_DESC_SET_XEX_DATA_UNIT_SIZE(&desc[idx], data_size);
382 HW_DESC_SET_FLOW_MODE(&desc[idx], s_flow_mode);
383 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_len/2);
384 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_XEX_KEY);
385 idx++;
386
387 /* Set state */
388 HW_DESC_INIT(&desc[idx]);
389 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
390 HW_DESC_SET_CIPHER_MODE(&desc[idx], cipher_mode);
391 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], direction);
392 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_len/2);
393 HW_DESC_SET_FLOW_MODE(&desc[idx], s_flow_mode);
394 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
395 iv_dma_addr, CC_AES_BLOCK_SIZE, NS_BIT);
396 idx++;
397 break;
398 default:
399 FIPS_LOG("Unsupported cipher mode (%d)\n", cipher_mode);
400 BUG();
401 }
402
403 /* create data descriptor */
404 HW_DESC_INIT(&desc[idx]);
405 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, din_dma_addr, data_size, NS_BIT);
406 HW_DESC_SET_DOUT_DLLI(&desc[idx], dout_dma_addr, data_size, NS_BIT, 0);
407 HW_DESC_SET_FLOW_MODE(&desc[idx], is_aes ? DIN_AES_DOUT : DIN_DES_DOUT);
408 idx++;
409
410 /* perform the operation - Lock HW and push sequence */
411 BUG_ON(idx > FIPS_CIPHER_MAX_SEQ_LEN);
412 rc = send_request(drvdata, &ssi_req, desc, idx, false);
413
414 // send_request returns error just in some corner cases which should not appear in this flow.
415 return rc;
416 }
417
418
419 ssi_fips_error_t
420 ssi_cipher_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer)
421 {
422 ssi_fips_error_t error = CC_REE_FIPS_ERROR_OK;
423 size_t i;
424 struct fips_cipher_ctx *virt_ctx = (struct fips_cipher_ctx *)cpu_addr_buffer;
425
426 /* set the phisical pointers for iv, key, din, dout */
427 dma_addr_t iv_dma_addr = dma_coherent_buffer + offsetof(struct fips_cipher_ctx, iv);
428 dma_addr_t key_dma_addr = dma_coherent_buffer + offsetof(struct fips_cipher_ctx, key);
429 dma_addr_t din_dma_addr = dma_coherent_buffer + offsetof(struct fips_cipher_ctx, din);
430 dma_addr_t dout_dma_addr = dma_coherent_buffer + offsetof(struct fips_cipher_ctx, dout);
431
432 for (i = 0; i < FIPS_CIPHER_NUM_OF_TESTS; ++i)
433 {
434 FipsCipherData *cipherData = (FipsCipherData*)&FipsCipherDataTable[i];
435 int rc = 0;
436 size_t iv_size = cipherData->isAes ? NIST_AES_IV_SIZE : NIST_TDES_IV_SIZE ;
437
438 memset(cpu_addr_buffer, 0, sizeof(struct fips_cipher_ctx));
439
440 /* copy into the allocated buffer */
441 memcpy(virt_ctx->iv, cipherData->iv, iv_size);
442 memcpy(virt_ctx->key, cipherData->key, cipherData->keySize);
443 memcpy(virt_ctx->din, cipherData->dataIn, cipherData->dataInSize);
444
445 FIPS_DBG("ssi_cipher_fips_run_test - (i = %d) \n", i);
446 rc = ssi_cipher_fips_run_test(drvdata,
447 cipherData->isAes,
448 cipherData->oprMode,
449 cipherData->direction,
450 key_dma_addr,
451 cipherData->keySize,
452 iv_dma_addr,
453 iv_size,
454 din_dma_addr,
455 dout_dma_addr,
456 cipherData->dataInSize);
457 if (rc != 0)
458 {
459 FIPS_LOG("ssi_cipher_fips_run_test %d returned error - rc = %d \n", i, rc);
460 error = FIPS_CipherToFipsError(cipherData->oprMode, cipherData->isAes);
461 break;
462 }
463
464 /* compare actual dout to expected */
465 if (memcmp(virt_ctx->dout, cipherData->dataOut, cipherData->dataInSize) != 0)
466 {
467 FIPS_LOG("dout comparison error %d - oprMode=%d, isAes=%d\n", i, cipherData->oprMode, cipherData->isAes);
468 FIPS_LOG(" i expected received \n");
469 FIPS_LOG(" i 0x%08x 0x%08x (size=%d) \n", (size_t)cipherData->dataOut, (size_t)virt_ctx->dout, cipherData->dataInSize);
470 for (i = 0; i < cipherData->dataInSize; ++i)
471 {
472 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, cipherData->dataOut[i], virt_ctx->dout[i]);
473 }
474
475 error = FIPS_CipherToFipsError(cipherData->oprMode, cipherData->isAes);
476 break;
477 }
478 }
479
480 return error;
481 }
482
483
484 static inline int
485 ssi_cmac_fips_run_test(struct ssi_drvdata *drvdata,
486 dma_addr_t key_dma_addr,
487 size_t key_len,
488 dma_addr_t din_dma_addr,
489 size_t din_len,
490 dma_addr_t digest_dma_addr,
491 size_t digest_len)
492 {
493 /* max number of descriptors used for the flow */
494 #define FIPS_CMAC_MAX_SEQ_LEN 4
495
496 int rc;
497 struct ssi_crypto_req ssi_req = {0};
498 struct cc_hw_desc desc[FIPS_CMAC_MAX_SEQ_LEN];
499 int idx = 0;
500
501 /* Setup CMAC Key */
502 HW_DESC_INIT(&desc[idx]);
503 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, key_dma_addr,
504 ((key_len == 24) ? AES_MAX_KEY_SIZE : key_len), NS_BIT);
505 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
506 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CMAC);
507 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
508 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_len);
509 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
510 idx++;
511
512 /* Load MAC state */
513 HW_DESC_INIT(&desc[idx]);
514 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, digest_dma_addr, CC_AES_BLOCK_SIZE, NS_BIT);
515 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
516 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CMAC);
517 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
518 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_len);
519 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
520 idx++;
521
522
523 //ssi_hash_create_data_desc(state, ctx, DIN_AES_DOUT, desc, false, &idx);
524 HW_DESC_INIT(&desc[idx]);
525 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
526 din_dma_addr,
527 din_len, NS_BIT);
528 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_AES_DOUT);
529 idx++;
530
531 /* Get final MAC result */
532 HW_DESC_INIT(&desc[idx]);
533 HW_DESC_SET_DOUT_DLLI(&desc[idx], digest_dma_addr, CC_AES_BLOCK_SIZE, NS_BIT, 0);
534 HW_DESC_SET_FLOW_MODE(&desc[idx], S_AES_to_DOUT);
535 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
536 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
537 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CMAC);
538 idx++;
539
540 /* perform the operation - Lock HW and push sequence */
541 BUG_ON(idx > FIPS_CMAC_MAX_SEQ_LEN);
542 rc = send_request(drvdata, &ssi_req, desc, idx, false);
543
544 // send_request returns error just in some corner cases which should not appear in this flow.
545 return rc;
546 }
547
548 ssi_fips_error_t
549 ssi_cmac_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer)
550 {
551 ssi_fips_error_t error = CC_REE_FIPS_ERROR_OK;
552 size_t i;
553 struct fips_cmac_ctx *virt_ctx = (struct fips_cmac_ctx *)cpu_addr_buffer;
554
555 /* set the phisical pointers for key, din, dout */
556 dma_addr_t key_dma_addr = dma_coherent_buffer + offsetof(struct fips_cmac_ctx, key);
557 dma_addr_t din_dma_addr = dma_coherent_buffer + offsetof(struct fips_cmac_ctx, din);
558 dma_addr_t mac_res_dma_addr = dma_coherent_buffer + offsetof(struct fips_cmac_ctx, mac_res);
559
560 for (i = 0; i < FIPS_CMAC_NUM_OF_TESTS; ++i)
561 {
562 FipsCmacData *cmac_data = (FipsCmacData*)&FipsCmacDataTable[i];
563 int rc = 0;
564
565 memset(cpu_addr_buffer, 0, sizeof(struct fips_cmac_ctx));
566
567 /* copy into the allocated buffer */
568 memcpy(virt_ctx->key, cmac_data->key, cmac_data->key_size);
569 memcpy(virt_ctx->din, cmac_data->data_in, cmac_data->data_in_size);
570
571 BUG_ON(cmac_data->direction != DRV_CRYPTO_DIRECTION_ENCRYPT);
572
573 FIPS_DBG("ssi_cmac_fips_run_test - (i = %d) \n", i);
574 rc = ssi_cmac_fips_run_test(drvdata,
575 key_dma_addr,
576 cmac_data->key_size,
577 din_dma_addr,
578 cmac_data->data_in_size,
579 mac_res_dma_addr,
580 cmac_data->mac_res_size);
581 if (rc != 0)
582 {
583 FIPS_LOG("ssi_cmac_fips_run_test %d returned error - rc = %d \n", i, rc);
584 error = CC_REE_FIPS_ERROR_AES_CMAC_PUT;
585 break;
586 }
587
588 /* compare actual mac result to expected */
589 if (memcmp(virt_ctx->mac_res, cmac_data->mac_res, cmac_data->mac_res_size) != 0)
590 {
591 FIPS_LOG("comparison error %d - digest_size=%d \n", i, cmac_data->mac_res_size);
592 FIPS_LOG(" i expected received \n");
593 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)cmac_data->mac_res, (size_t)virt_ctx->mac_res);
594 for (i = 0; i < cmac_data->mac_res_size; ++i)
595 {
596 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, cmac_data->mac_res[i], virt_ctx->mac_res[i]);
597 }
598
599 error = CC_REE_FIPS_ERROR_AES_CMAC_PUT;
600 break;
601 }
602 }
603
604 return error;
605 }
606
607
608 static inline ssi_fips_error_t
609 FIPS_HashToFipsError(enum drv_hash_mode hash_mode)
610 {
611 switch (hash_mode) {
612 case DRV_HASH_SHA1:
613 return CC_REE_FIPS_ERROR_SHA1_PUT;
614 case DRV_HASH_SHA256:
615 return CC_REE_FIPS_ERROR_SHA256_PUT;
616 #if (CC_SUPPORT_SHA > 256)
617 case DRV_HASH_SHA512:
618 return CC_REE_FIPS_ERROR_SHA512_PUT;
619 #endif
620 default:
621 return CC_REE_FIPS_ERROR_GENERAL;
622 }
623
624 return CC_REE_FIPS_ERROR_GENERAL;
625 }
626
627 static inline int
628 ssi_hash_fips_run_test(struct ssi_drvdata *drvdata,
629 dma_addr_t initial_digest_dma_addr,
630 dma_addr_t din_dma_addr,
631 size_t data_in_size,
632 dma_addr_t mac_res_dma_addr,
633 enum drv_hash_mode hash_mode,
634 enum drv_hash_hw_mode hw_mode,
635 int digest_size,
636 int inter_digestsize)
637 {
638 /* max number of descriptors used for the flow */
639 #define FIPS_HASH_MAX_SEQ_LEN 4
640
641 int rc;
642 struct ssi_crypto_req ssi_req = {0};
643 struct cc_hw_desc desc[FIPS_HASH_MAX_SEQ_LEN];
644 int idx = 0;
645
646 /* Load initial digest */
647 HW_DESC_INIT(&desc[idx]);
648 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
649 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, initial_digest_dma_addr, inter_digestsize, NS_BIT);
650 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
651 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
652 idx++;
653
654 /* Load the hash current length */
655 HW_DESC_INIT(&desc[idx]);
656 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
657 HW_DESC_SET_DIN_CONST(&desc[idx], 0, HASH_LEN_SIZE);
658 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_ENABLED);
659 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
660 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
661 idx++;
662
663 /* data descriptor */
664 HW_DESC_INIT(&desc[idx]);
665 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, din_dma_addr, data_in_size, NS_BIT);
666 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
667 idx++;
668
669 /* Get final MAC result */
670 HW_DESC_INIT(&desc[idx]);
671 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
672 HW_DESC_SET_DOUT_DLLI(&desc[idx], mac_res_dma_addr, digest_size, NS_BIT, 0);
673 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
674 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
675 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_DISABLED);
676 if (unlikely((hash_mode == DRV_HASH_MD5) ||
677 (hash_mode == DRV_HASH_SHA384) ||
678 (hash_mode == DRV_HASH_SHA512))) {
679 HW_DESC_SET_BYTES_SWAP(&desc[idx], 1);
680 } else {
681 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN);
682 }
683 idx++;
684
685 /* perform the operation - Lock HW and push sequence */
686 BUG_ON(idx > FIPS_HASH_MAX_SEQ_LEN);
687 rc = send_request(drvdata, &ssi_req, desc, idx, false);
688
689 return rc;
690 }
691
692 ssi_fips_error_t
693 ssi_hash_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer)
694 {
695 ssi_fips_error_t error = CC_REE_FIPS_ERROR_OK;
696 size_t i;
697 struct fips_hash_ctx *virt_ctx = (struct fips_hash_ctx *)cpu_addr_buffer;
698
699 /* set the phisical pointers for initial_digest, din, mac_res */
700 dma_addr_t initial_digest_dma_addr = dma_coherent_buffer + offsetof(struct fips_hash_ctx, initial_digest);
701 dma_addr_t din_dma_addr = dma_coherent_buffer + offsetof(struct fips_hash_ctx, din);
702 dma_addr_t mac_res_dma_addr = dma_coherent_buffer + offsetof(struct fips_hash_ctx, mac_res);
703
704 for (i = 0; i < FIPS_HASH_NUM_OF_TESTS; ++i)
705 {
706 FipsHashData *hash_data = (FipsHashData*)&FipsHashDataTable[i];
707 int rc = 0;
708 enum drv_hash_hw_mode hw_mode = 0;
709 int digest_size = 0;
710 int inter_digestsize = 0;
711
712 memset(cpu_addr_buffer, 0, sizeof(struct fips_hash_ctx));
713
714 switch (hash_data->hash_mode) {
715 case DRV_HASH_SHA1:
716 hw_mode = DRV_HASH_HW_SHA1;
717 digest_size = CC_SHA1_DIGEST_SIZE;
718 inter_digestsize = CC_SHA1_DIGEST_SIZE;
719 /* copy the initial digest into the allocated cache coherent buffer */
720 memcpy(virt_ctx->initial_digest, (void*)sha1_init, CC_SHA1_DIGEST_SIZE);
721 break;
722 case DRV_HASH_SHA256:
723 hw_mode = DRV_HASH_HW_SHA256;
724 digest_size = CC_SHA256_DIGEST_SIZE;
725 inter_digestsize = CC_SHA256_DIGEST_SIZE;
726 memcpy(virt_ctx->initial_digest, (void*)sha256_init, CC_SHA256_DIGEST_SIZE);
727 break;
728 #if (CC_SUPPORT_SHA > 256)
729 case DRV_HASH_SHA512:
730 hw_mode = DRV_HASH_HW_SHA512;
731 digest_size = CC_SHA512_DIGEST_SIZE;
732 inter_digestsize = CC_SHA512_DIGEST_SIZE;
733 memcpy(virt_ctx->initial_digest, (void*)sha512_init, CC_SHA512_DIGEST_SIZE);
734 break;
735 #endif
736 default:
737 error = FIPS_HashToFipsError(hash_data->hash_mode);
738 break;
739 }
740
741 /* copy the din data into the allocated buffer */
742 memcpy(virt_ctx->din, hash_data->data_in, hash_data->data_in_size);
743
744 /* run the test on HW */
745 FIPS_DBG("ssi_hash_fips_run_test - (i = %d) \n", i);
746 rc = ssi_hash_fips_run_test(drvdata,
747 initial_digest_dma_addr,
748 din_dma_addr,
749 hash_data->data_in_size,
750 mac_res_dma_addr,
751 hash_data->hash_mode,
752 hw_mode,
753 digest_size,
754 inter_digestsize);
755 if (rc != 0)
756 {
757 FIPS_LOG("ssi_hash_fips_run_test %d returned error - rc = %d \n", i, rc);
758 error = FIPS_HashToFipsError(hash_data->hash_mode);
759 break;
760 }
761
762 /* compare actual mac result to expected */
763 if (memcmp(virt_ctx->mac_res, hash_data->mac_res, digest_size) != 0)
764 {
765 FIPS_LOG("comparison error %d - hash_mode=%d digest_size=%d \n", i, hash_data->hash_mode, digest_size);
766 FIPS_LOG(" i expected received \n");
767 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)hash_data->mac_res, (size_t)virt_ctx->mac_res);
768 for (i = 0; i < digest_size; ++i)
769 {
770 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, hash_data->mac_res[i], virt_ctx->mac_res[i]);
771 }
772
773 error = FIPS_HashToFipsError(hash_data->hash_mode);
774 break;
775 }
776 }
777
778 return error;
779 }
780
781
782 static inline ssi_fips_error_t
783 FIPS_HmacToFipsError(enum drv_hash_mode hash_mode)
784 {
785 switch (hash_mode) {
786 case DRV_HASH_SHA1:
787 return CC_REE_FIPS_ERROR_HMAC_SHA1_PUT;
788 case DRV_HASH_SHA256:
789 return CC_REE_FIPS_ERROR_HMAC_SHA256_PUT;
790 #if (CC_SUPPORT_SHA > 256)
791 case DRV_HASH_SHA512:
792 return CC_REE_FIPS_ERROR_HMAC_SHA512_PUT;
793 #endif
794 default:
795 return CC_REE_FIPS_ERROR_GENERAL;
796 }
797
798 return CC_REE_FIPS_ERROR_GENERAL;
799 }
800
801 static inline int
802 ssi_hmac_fips_run_test(struct ssi_drvdata *drvdata,
803 dma_addr_t initial_digest_dma_addr,
804 dma_addr_t key_dma_addr,
805 size_t key_size,
806 dma_addr_t din_dma_addr,
807 size_t data_in_size,
808 dma_addr_t mac_res_dma_addr,
809 enum drv_hash_mode hash_mode,
810 enum drv_hash_hw_mode hw_mode,
811 size_t digest_size,
812 size_t inter_digestsize,
813 size_t block_size,
814 dma_addr_t k0_dma_addr,
815 dma_addr_t tmp_digest_dma_addr,
816 dma_addr_t digest_bytes_len_dma_addr)
817 {
818 /* The implemented flow is not the same as the one implemented in ssi_hash.c (setkey + digest flows).
819 In this flow, there is no need to store and reload some of the intermidiate results. */
820
821 /* max number of descriptors used for the flow */
822 #define FIPS_HMAC_MAX_SEQ_LEN 12
823
824 int rc;
825 struct ssi_crypto_req ssi_req = {0};
826 struct cc_hw_desc desc[FIPS_HMAC_MAX_SEQ_LEN];
827 int idx = 0;
828 int i;
829 /* calc the hash opad first and ipad only afterwards (unlike the flow in ssi_hash.c) */
830 unsigned int hmacPadConst[2] = { HMAC_OPAD_CONST, HMAC_IPAD_CONST };
831
832 // assume (key_size <= block_size)
833 HW_DESC_INIT(&desc[idx]);
834 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, key_dma_addr, key_size, NS_BIT);
835 HW_DESC_SET_FLOW_MODE(&desc[idx], BYPASS);
836 HW_DESC_SET_DOUT_DLLI(&desc[idx], k0_dma_addr, key_size, NS_BIT, 0);
837 idx++;
838
839 // if needed, append Key with zeros to create K0
840 if ((block_size - key_size) != 0) {
841 HW_DESC_INIT(&desc[idx]);
842 HW_DESC_SET_DIN_CONST(&desc[idx], 0, (block_size - key_size));
843 HW_DESC_SET_FLOW_MODE(&desc[idx], BYPASS);
844 HW_DESC_SET_DOUT_DLLI(&desc[idx],
845 (k0_dma_addr + key_size), (block_size - key_size),
846 NS_BIT, 0);
847 idx++;
848 }
849
850 BUG_ON(idx > FIPS_HMAC_MAX_SEQ_LEN);
851 rc = send_request(drvdata, &ssi_req, desc, idx, 0);
852 if (unlikely(rc != 0)) {
853 SSI_LOG_ERR("send_request() failed (rc=%d)\n", rc);
854 return rc;
855 }
856 idx = 0;
857
858 /* calc derived HMAC key */
859 for (i = 0; i < 2; i++) {
860 /* Load hash initial state */
861 HW_DESC_INIT(&desc[idx]);
862 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
863 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, initial_digest_dma_addr, inter_digestsize, NS_BIT);
864 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
865 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
866 idx++;
867
868
869 /* Load the hash current length*/
870 HW_DESC_INIT(&desc[idx]);
871 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
872 HW_DESC_SET_DIN_CONST(&desc[idx], 0, HASH_LEN_SIZE);
873 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
874 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
875 idx++;
876
877 /* Prepare opad/ipad key */
878 HW_DESC_INIT(&desc[idx]);
879 HW_DESC_SET_XOR_VAL(&desc[idx], hmacPadConst[i]);
880 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
881 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
882 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
883 idx++;
884
885 /* Perform HASH update */
886 HW_DESC_INIT(&desc[idx]);
887 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
888 k0_dma_addr,
889 block_size, NS_BIT);
890 HW_DESC_SET_CIPHER_MODE(&desc[idx],hw_mode);
891 HW_DESC_SET_XOR_ACTIVE(&desc[idx]);
892 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
893 idx++;
894
895 if (i == 0) {
896 /* First iteration - calc H(K0^opad) into tmp_digest_dma_addr */
897 HW_DESC_INIT(&desc[idx]);
898 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
899 HW_DESC_SET_DOUT_DLLI(&desc[idx],
900 tmp_digest_dma_addr,
901 inter_digestsize,
902 NS_BIT, 0);
903 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
904 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
905 idx++;
906
907 // is this needed?? or continue with current descriptors??
908 BUG_ON(idx > FIPS_HMAC_MAX_SEQ_LEN);
909 rc = send_request(drvdata, &ssi_req, desc, idx, 0);
910 if (unlikely(rc != 0)) {
911 SSI_LOG_ERR("send_request() failed (rc=%d)\n", rc);
912 return rc;
913 }
914 idx = 0;
915 }
916 }
917
918 /* data descriptor */
919 HW_DESC_INIT(&desc[idx]);
920 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
921 din_dma_addr, data_in_size,
922 NS_BIT);
923 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
924 idx++;
925
926 /* HW last hash block padding (aka. "DO_PAD") */
927 HW_DESC_INIT(&desc[idx]);
928 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
929 HW_DESC_SET_DOUT_DLLI(&desc[idx], k0_dma_addr, HASH_LEN_SIZE, NS_BIT, 0);
930 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
931 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE1);
932 HW_DESC_SET_CIPHER_DO(&desc[idx], DO_PAD);
933 idx++;
934
935 /* store the hash digest result in the context */
936 HW_DESC_INIT(&desc[idx]);
937 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
938 HW_DESC_SET_DOUT_DLLI(&desc[idx], k0_dma_addr, digest_size, NS_BIT, 0);
939 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
940 if (unlikely((hash_mode == DRV_HASH_MD5) ||
941 (hash_mode == DRV_HASH_SHA384) ||
942 (hash_mode == DRV_HASH_SHA512))) {
943 HW_DESC_SET_BYTES_SWAP(&desc[idx], 1);
944 } else {
945 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN);
946 }
947 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
948 idx++;
949
950 /* at this point:
951 tmp_digest = H(o_key_pad)
952 k0 = H(i_key_pad || m)
953 */
954
955 /* Loading hash opad xor key state */
956 HW_DESC_INIT(&desc[idx]);
957 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
958 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, tmp_digest_dma_addr, inter_digestsize, NS_BIT);
959 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
960 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
961 idx++;
962
963 /* Load the hash current length */
964 HW_DESC_INIT(&desc[idx]);
965 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
966 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, digest_bytes_len_dma_addr, HASH_LEN_SIZE, NS_BIT);
967 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_ENABLED);
968 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
969 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
970 idx++;
971
972 /* Memory Barrier: wait for IPAD/OPAD axi write to complete */
973 HW_DESC_INIT(&desc[idx]);
974 HW_DESC_SET_DIN_NO_DMA(&desc[idx], 0, 0xfffff0);
975 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
976 idx++;
977
978 /* Perform HASH update */
979 HW_DESC_INIT(&desc[idx]);
980 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, k0_dma_addr, digest_size, NS_BIT);
981 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
982 idx++;
983
984
985 /* Get final MAC result */
986 HW_DESC_INIT(&desc[idx]);
987 HW_DESC_SET_CIPHER_MODE(&desc[idx], hw_mode);
988 HW_DESC_SET_DOUT_DLLI(&desc[idx], mac_res_dma_addr, digest_size, NS_BIT, 0);
989 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
990 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
991 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_DISABLED);
992 if (unlikely((hash_mode == DRV_HASH_MD5) ||
993 (hash_mode == DRV_HASH_SHA384) ||
994 (hash_mode == DRV_HASH_SHA512))) {
995 HW_DESC_SET_BYTES_SWAP(&desc[idx], 1);
996 } else {
997 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN);
998 }
999 idx++;
1000
1001 /* perform the operation - Lock HW and push sequence */
1002 BUG_ON(idx > FIPS_HMAC_MAX_SEQ_LEN);
1003 rc = send_request(drvdata, &ssi_req, desc, idx, false);
1004
1005 return rc;
1006 }
1007
1008 ssi_fips_error_t
1009 ssi_hmac_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer)
1010 {
1011 ssi_fips_error_t error = CC_REE_FIPS_ERROR_OK;
1012 size_t i;
1013 struct fips_hmac_ctx *virt_ctx = (struct fips_hmac_ctx *)cpu_addr_buffer;
1014
1015 /* set the phisical pointers */
1016 dma_addr_t initial_digest_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, initial_digest);
1017 dma_addr_t key_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, key);
1018 dma_addr_t k0_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, k0);
1019 dma_addr_t tmp_digest_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, tmp_digest);
1020 dma_addr_t digest_bytes_len_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, digest_bytes_len);
1021 dma_addr_t din_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, din);
1022 dma_addr_t mac_res_dma_addr = dma_coherent_buffer + offsetof(struct fips_hmac_ctx, mac_res);
1023
1024 for (i = 0; i < FIPS_HMAC_NUM_OF_TESTS; ++i)
1025 {
1026 FipsHmacData *hmac_data = (FipsHmacData*)&FipsHmacDataTable[i];
1027 int rc = 0;
1028 enum drv_hash_hw_mode hw_mode = 0;
1029 int digest_size = 0;
1030 int block_size = 0;
1031 int inter_digestsize = 0;
1032
1033 memset(cpu_addr_buffer, 0, sizeof(struct fips_hmac_ctx));
1034
1035 switch (hmac_data->hash_mode) {
1036 case DRV_HASH_SHA1:
1037 hw_mode = DRV_HASH_HW_SHA1;
1038 digest_size = CC_SHA1_DIGEST_SIZE;
1039 block_size = CC_SHA1_BLOCK_SIZE;
1040 inter_digestsize = CC_SHA1_DIGEST_SIZE;
1041 memcpy(virt_ctx->initial_digest, (void*)sha1_init, CC_SHA1_DIGEST_SIZE);
1042 memcpy(virt_ctx->digest_bytes_len, digest_len_init, HASH_LEN_SIZE);
1043 break;
1044 case DRV_HASH_SHA256:
1045 hw_mode = DRV_HASH_HW_SHA256;
1046 digest_size = CC_SHA256_DIGEST_SIZE;
1047 block_size = CC_SHA256_BLOCK_SIZE;
1048 inter_digestsize = CC_SHA256_DIGEST_SIZE;
1049 memcpy(virt_ctx->initial_digest, (void*)sha256_init, CC_SHA256_DIGEST_SIZE);
1050 memcpy(virt_ctx->digest_bytes_len, digest_len_init, HASH_LEN_SIZE);
1051 break;
1052 #if (CC_SUPPORT_SHA > 256)
1053 case DRV_HASH_SHA512:
1054 hw_mode = DRV_HASH_HW_SHA512;
1055 digest_size = CC_SHA512_DIGEST_SIZE;
1056 block_size = CC_SHA512_BLOCK_SIZE;
1057 inter_digestsize = CC_SHA512_DIGEST_SIZE;
1058 memcpy(virt_ctx->initial_digest, (void*)sha512_init, CC_SHA512_DIGEST_SIZE);
1059 memcpy(virt_ctx->digest_bytes_len, digest_len_sha512_init, HASH_LEN_SIZE);
1060 break;
1061 #endif
1062 default:
1063 error = FIPS_HmacToFipsError(hmac_data->hash_mode);
1064 break;
1065 }
1066
1067 /* copy into the allocated buffer */
1068 memcpy(virt_ctx->key, hmac_data->key, hmac_data->key_size);
1069 memcpy(virt_ctx->din, hmac_data->data_in, hmac_data->data_in_size);
1070
1071 /* run the test on HW */
1072 FIPS_DBG("ssi_hmac_fips_run_test - (i = %d) \n", i);
1073 rc = ssi_hmac_fips_run_test(drvdata,
1074 initial_digest_dma_addr,
1075 key_dma_addr,
1076 hmac_data->key_size,
1077 din_dma_addr,
1078 hmac_data->data_in_size,
1079 mac_res_dma_addr,
1080 hmac_data->hash_mode,
1081 hw_mode,
1082 digest_size,
1083 inter_digestsize,
1084 block_size,
1085 k0_dma_addr,
1086 tmp_digest_dma_addr,
1087 digest_bytes_len_dma_addr);
1088 if (rc != 0)
1089 {
1090 FIPS_LOG("ssi_hmac_fips_run_test %d returned error - rc = %d \n", i, rc);
1091 error = FIPS_HmacToFipsError(hmac_data->hash_mode);
1092 break;
1093 }
1094
1095 /* compare actual mac result to expected */
1096 if (memcmp(virt_ctx->mac_res, hmac_data->mac_res, digest_size) != 0)
1097 {
1098 FIPS_LOG("comparison error %d - hash_mode=%d digest_size=%d \n", i, hmac_data->hash_mode, digest_size);
1099 FIPS_LOG(" i expected received \n");
1100 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)hmac_data->mac_res, (size_t)virt_ctx->mac_res);
1101 for (i = 0; i < digest_size; ++i)
1102 {
1103 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, hmac_data->mac_res[i], virt_ctx->mac_res[i]);
1104 }
1105
1106 error = FIPS_HmacToFipsError(hmac_data->hash_mode);
1107 break;
1108 }
1109 }
1110
1111 return error;
1112 }
1113
1114
1115 static inline int
1116 ssi_ccm_fips_run_test(struct ssi_drvdata *drvdata,
1117 enum drv_crypto_direction direction,
1118 dma_addr_t key_dma_addr,
1119 size_t key_size,
1120 dma_addr_t iv_dma_addr,
1121 dma_addr_t ctr_cnt_0_dma_addr,
1122 dma_addr_t b0_a0_adata_dma_addr,
1123 size_t b0_a0_adata_size,
1124 dma_addr_t din_dma_addr,
1125 size_t din_size,
1126 dma_addr_t dout_dma_addr,
1127 dma_addr_t mac_res_dma_addr)
1128 {
1129 /* max number of descriptors used for the flow */
1130 #define FIPS_CCM_MAX_SEQ_LEN 10
1131
1132 int rc;
1133 struct ssi_crypto_req ssi_req = {0};
1134 struct cc_hw_desc desc[FIPS_CCM_MAX_SEQ_LEN];
1135 unsigned int idx = 0;
1136 unsigned int cipher_flow_mode;
1137
1138 if (direction == DRV_CRYPTO_DIRECTION_DECRYPT) {
1139 cipher_flow_mode = AES_to_HASH_and_DOUT;
1140 } else { /* Encrypt */
1141 cipher_flow_mode = AES_and_HASH;
1142 }
1143
1144 /* load key */
1145 HW_DESC_INIT(&desc[idx]);
1146 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CTR);
1147 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, key_dma_addr,
1148 ((key_size == NIST_AESCCM_192_BIT_KEY_SIZE) ? CC_AES_KEY_SIZE_MAX : key_size),
1149 NS_BIT);
1150 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1151 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
1152 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1153 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1154 idx++;
1155
1156 /* load ctr state */
1157 HW_DESC_INIT(&desc[idx]);
1158 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CTR);
1159 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1160 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1161 iv_dma_addr, AES_BLOCK_SIZE,
1162 NS_BIT);
1163 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1164 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
1165 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1166 idx++;
1167
1168 /* load MAC key */
1169 HW_DESC_INIT(&desc[idx]);
1170 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CBC_MAC);
1171 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, key_dma_addr,
1172 ((key_size == NIST_AESCCM_192_BIT_KEY_SIZE) ? CC_AES_KEY_SIZE_MAX : key_size),
1173 NS_BIT);
1174 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1175 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
1176 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1177 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
1178 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1179 idx++;
1180
1181 /* load MAC state */
1182 HW_DESC_INIT(&desc[idx]);
1183 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CBC_MAC);
1184 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1185 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, mac_res_dma_addr, NIST_AESCCM_TAG_SIZE, NS_BIT);
1186 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DESC_DIRECTION_ENCRYPT_ENCRYPT);
1187 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
1188 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
1189 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1190 idx++;
1191
1192 /* prcess assoc data */
1193 HW_DESC_INIT(&desc[idx]);
1194 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, b0_a0_adata_dma_addr, b0_a0_adata_size, NS_BIT);
1195 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
1196 idx++;
1197
1198 /* process the cipher */
1199 HW_DESC_INIT(&desc[idx]);
1200 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, din_dma_addr, din_size, NS_BIT);
1201 HW_DESC_SET_DOUT_DLLI(&desc[idx], dout_dma_addr, din_size, NS_BIT, 0);
1202 HW_DESC_SET_FLOW_MODE(&desc[idx], cipher_flow_mode);
1203 idx++;
1204
1205 /* Read temporal MAC */
1206 HW_DESC_INIT(&desc[idx]);
1207 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CBC_MAC);
1208 HW_DESC_SET_DOUT_DLLI(&desc[idx], mac_res_dma_addr, NIST_AESCCM_TAG_SIZE, NS_BIT, 0);
1209 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
1210 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], HASH_DIGEST_RESULT_LITTLE_ENDIAN);
1211 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
1212 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1213 idx++;
1214
1215 /* load AES-CTR state (for last MAC calculation)*/
1216 HW_DESC_INIT(&desc[idx]);
1217 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_CTR);
1218 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1219 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1220 ctr_cnt_0_dma_addr,
1221 AES_BLOCK_SIZE, NS_BIT);
1222 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1223 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
1224 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1225 idx++;
1226
1227 /* Memory Barrier */
1228 HW_DESC_INIT(&desc[idx]);
1229 HW_DESC_SET_DIN_NO_DMA(&desc[idx], 0, 0xfffff0);
1230 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
1231 idx++;
1232
1233 /* encrypt the "T" value and store MAC inplace */
1234 HW_DESC_INIT(&desc[idx]);
1235 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI, mac_res_dma_addr, NIST_AESCCM_TAG_SIZE, NS_BIT);
1236 HW_DESC_SET_DOUT_DLLI(&desc[idx], mac_res_dma_addr, NIST_AESCCM_TAG_SIZE, NS_BIT, 0);
1237 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_AES_DOUT);
1238 idx++;
1239
1240 /* perform the operation - Lock HW and push sequence */
1241 BUG_ON(idx > FIPS_CCM_MAX_SEQ_LEN);
1242 rc = send_request(drvdata, &ssi_req, desc, idx, false);
1243
1244 return rc;
1245 }
1246
1247 ssi_fips_error_t
1248 ssi_ccm_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer)
1249 {
1250 ssi_fips_error_t error = CC_REE_FIPS_ERROR_OK;
1251 size_t i;
1252 struct fips_ccm_ctx *virt_ctx = (struct fips_ccm_ctx *)cpu_addr_buffer;
1253
1254 /* set the phisical pointers */
1255 dma_addr_t b0_a0_adata_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, b0_a0_adata);
1256 dma_addr_t iv_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, iv);
1257 dma_addr_t ctr_cnt_0_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, ctr_cnt_0);
1258 dma_addr_t key_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, key);
1259 dma_addr_t din_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, din);
1260 dma_addr_t dout_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, dout);
1261 dma_addr_t mac_res_dma_addr = dma_coherent_buffer + offsetof(struct fips_ccm_ctx, mac_res);
1262
1263 for (i = 0; i < FIPS_CCM_NUM_OF_TESTS; ++i)
1264 {
1265 FipsCcmData *ccmData = (FipsCcmData*)&FipsCcmDataTable[i];
1266 int rc = 0;
1267
1268 memset(cpu_addr_buffer, 0, sizeof(struct fips_ccm_ctx));
1269
1270 /* copy the nonce, key, adata, din data into the allocated buffer */
1271 memcpy(virt_ctx->key, ccmData->key, ccmData->keySize);
1272 memcpy(virt_ctx->din, ccmData->dataIn, ccmData->dataInSize);
1273 {
1274 /* build B0 -- B0, nonce, l(m) */
1275 __be16 data = cpu_to_be16(NIST_AESCCM_TEXT_SIZE);
1276 virt_ctx->b0_a0_adata[0] = NIST_AESCCM_B0_VAL;
1277 memcpy(virt_ctx->b0_a0_adata + 1, ccmData->nonce, NIST_AESCCM_NONCE_SIZE);
1278 memcpy(virt_ctx->b0_a0_adata + 14, (u8 *)&data, sizeof(__be16));
1279 /* build A0+ADATA */
1280 virt_ctx->b0_a0_adata[NIST_AESCCM_IV_SIZE + 0] = (ccmData->adataSize >> 8) & 0xFF;
1281 virt_ctx->b0_a0_adata[NIST_AESCCM_IV_SIZE + 1] = ccmData->adataSize & 0xFF;
1282 memcpy(virt_ctx->b0_a0_adata + NIST_AESCCM_IV_SIZE + 2, ccmData->adata, ccmData->adataSize);
1283 /* iv */
1284 virt_ctx->iv[0] = 1; /* L' */
1285 memcpy(virt_ctx->iv + 1, ccmData->nonce, NIST_AESCCM_NONCE_SIZE);
1286 virt_ctx->iv[15] = 1;
1287 /* ctr_count_0 */
1288 memcpy(virt_ctx->ctr_cnt_0, virt_ctx->iv, NIST_AESCCM_IV_SIZE);
1289 virt_ctx->ctr_cnt_0[15] = 0;
1290 }
1291
1292 FIPS_DBG("ssi_ccm_fips_run_test - (i = %d) \n", i);
1293 rc = ssi_ccm_fips_run_test(drvdata,
1294 ccmData->direction,
1295 key_dma_addr,
1296 ccmData->keySize,
1297 iv_dma_addr,
1298 ctr_cnt_0_dma_addr,
1299 b0_a0_adata_dma_addr,
1300 FIPS_CCM_B0_A0_ADATA_SIZE,
1301 din_dma_addr,
1302 ccmData->dataInSize,
1303 dout_dma_addr,
1304 mac_res_dma_addr);
1305 if (rc != 0)
1306 {
1307 FIPS_LOG("ssi_ccm_fips_run_test %d returned error - rc = %d \n", i, rc);
1308 error = CC_REE_FIPS_ERROR_AESCCM_PUT;
1309 break;
1310 }
1311
1312 /* compare actual dout to expected */
1313 if (memcmp(virt_ctx->dout, ccmData->dataOut, ccmData->dataInSize) != 0)
1314 {
1315 FIPS_LOG("dout comparison error %d - size=%d \n", i, ccmData->dataInSize);
1316 error = CC_REE_FIPS_ERROR_AESCCM_PUT;
1317 break;
1318 }
1319
1320 /* compare actual mac result to expected */
1321 if (memcmp(virt_ctx->mac_res, ccmData->macResOut, ccmData->tagSize) != 0)
1322 {
1323 FIPS_LOG("mac_res comparison error %d - mac_size=%d \n", i, ccmData->tagSize);
1324 FIPS_LOG(" i expected received \n");
1325 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)ccmData->macResOut, (size_t)virt_ctx->mac_res);
1326 for (i = 0; i < ccmData->tagSize; ++i)
1327 {
1328 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, ccmData->macResOut[i], virt_ctx->mac_res[i]);
1329 }
1330
1331 error = CC_REE_FIPS_ERROR_AESCCM_PUT;
1332 break;
1333 }
1334 }
1335
1336 return error;
1337 }
1338
1339
1340 static inline int
1341 ssi_gcm_fips_run_test(struct ssi_drvdata *drvdata,
1342 enum drv_crypto_direction direction,
1343 dma_addr_t key_dma_addr,
1344 size_t key_size,
1345 dma_addr_t hkey_dma_addr,
1346 dma_addr_t block_len_dma_addr,
1347 dma_addr_t iv_inc1_dma_addr,
1348 dma_addr_t iv_inc2_dma_addr,
1349 dma_addr_t adata_dma_addr,
1350 size_t adata_size,
1351 dma_addr_t din_dma_addr,
1352 size_t din_size,
1353 dma_addr_t dout_dma_addr,
1354 dma_addr_t mac_res_dma_addr)
1355 {
1356 /* max number of descriptors used for the flow */
1357 #define FIPS_GCM_MAX_SEQ_LEN 15
1358
1359 int rc;
1360 struct ssi_crypto_req ssi_req = {0};
1361 struct cc_hw_desc desc[FIPS_GCM_MAX_SEQ_LEN];
1362 unsigned int idx = 0;
1363 unsigned int cipher_flow_mode;
1364
1365 if (direction == DRV_CRYPTO_DIRECTION_DECRYPT) {
1366 cipher_flow_mode = AES_and_HASH;
1367 } else { /* Encrypt */
1368 cipher_flow_mode = AES_to_HASH_and_DOUT;
1369 }
1370
1371 ///////////////////////////////// 1 ////////////////////////////////////
1372 // ssi_aead_gcm_setup_ghash_desc(req, desc, seq_size);
1373 ///////////////////////////////// 1 ////////////////////////////////////
1374
1375 /* load key to AES*/
1376 HW_DESC_INIT(&desc[idx]);
1377 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_ECB);
1378 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1379 HW_DESC_SET_DIN_TYPE(&desc[idx],
1380 DMA_DLLI, key_dma_addr, key_size,
1381 NS_BIT);
1382 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1383 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
1384 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1385 idx++;
1386
1387 /* process one zero block to generate hkey */
1388 HW_DESC_INIT(&desc[idx]);
1389 HW_DESC_SET_DIN_CONST(&desc[idx], 0x0, AES_BLOCK_SIZE);
1390 HW_DESC_SET_DOUT_DLLI(&desc[idx],
1391 hkey_dma_addr, AES_BLOCK_SIZE,
1392 NS_BIT, 0);
1393 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_AES_DOUT);
1394 idx++;
1395
1396 /* Memory Barrier */
1397 HW_DESC_INIT(&desc[idx]);
1398 HW_DESC_SET_DIN_NO_DMA(&desc[idx], 0, 0xfffff0);
1399 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
1400 idx++;
1401
1402 /* Load GHASH subkey */
1403 HW_DESC_INIT(&desc[idx]);
1404 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1405 hkey_dma_addr, AES_BLOCK_SIZE,
1406 NS_BIT);
1407 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
1408 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
1409 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1410 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_HASH_HW_GHASH);
1411 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_ENABLED);
1412 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
1413 idx++;
1414
1415 /* Configure Hash Engine to work with GHASH.
1416 Since it was not possible to extend HASH submodes to add GHASH,
1417 The following command is necessary in order to select GHASH (according to HW designers)*/
1418 HW_DESC_INIT(&desc[idx]);
1419 HW_DESC_SET_DIN_NO_DMA(&desc[idx], 0, 0xfffff0);
1420 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
1421 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
1422 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1423 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_HASH_HW_GHASH);
1424 HW_DESC_SET_CIPHER_DO(&desc[idx], 1); //1=AES_SK RKEK
1425 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1426 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_ENABLED);
1427 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
1428 idx++;
1429
1430 /* Load GHASH initial STATE (which is 0). (for any hash there is an initial state) */
1431 HW_DESC_INIT(&desc[idx]);
1432 HW_DESC_SET_DIN_CONST(&desc[idx], 0x0, AES_BLOCK_SIZE);
1433 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
1434 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_HASH);
1435 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1436 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_HASH_HW_GHASH);
1437 HW_DESC_SET_CIPHER_CONFIG1(&desc[idx], HASH_PADDING_ENABLED);
1438 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE0);
1439 idx++;
1440
1441
1442
1443 ///////////////////////////////// 2 ////////////////////////////////////
1444 /* prcess(ghash) assoc data */
1445 // if (req->assoclen > 0)
1446 // ssi_aead_create_assoc_desc(req, DIN_HASH, desc, seq_size);
1447 ///////////////////////////////// 2 ////////////////////////////////////
1448
1449 HW_DESC_INIT(&desc[idx]);
1450 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1451 adata_dma_addr, adata_size,
1452 NS_BIT);
1453 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
1454 idx++;
1455
1456
1457 ///////////////////////////////// 3 ////////////////////////////////////
1458 // ssi_aead_gcm_setup_gctr_desc(req, desc, seq_size);
1459 ///////////////////////////////// 3 ////////////////////////////////////
1460
1461 /* load key to AES*/
1462 HW_DESC_INIT(&desc[idx]);
1463 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_GCTR);
1464 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1465 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1466 key_dma_addr, key_size,
1467 NS_BIT);
1468 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1469 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_KEY0);
1470 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1471 idx++;
1472
1473 /* load AES/CTR initial CTR value inc by 2*/
1474 HW_DESC_INIT(&desc[idx]);
1475 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_GCTR);
1476 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1477 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1478 iv_inc2_dma_addr, AES_BLOCK_SIZE,
1479 NS_BIT);
1480 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1481 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
1482 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1483 idx++;
1484
1485
1486 ///////////////////////////////// 4 ////////////////////////////////////
1487 /* process(gctr+ghash) */
1488 // if (req_ctx->cryptlen != 0)
1489 // ssi_aead_process_cipher_data_desc(req, cipher_flow_mode, desc, seq_size);
1490 ///////////////////////////////// 4 ////////////////////////////////////
1491
1492 HW_DESC_INIT(&desc[idx]);
1493 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1494 din_dma_addr, din_size,
1495 NS_BIT);
1496 HW_DESC_SET_DOUT_DLLI(&desc[idx],
1497 dout_dma_addr, din_size,
1498 NS_BIT, 0);
1499 HW_DESC_SET_FLOW_MODE(&desc[idx], cipher_flow_mode);
1500 idx++;
1501
1502
1503 ///////////////////////////////// 5 ////////////////////////////////////
1504 // ssi_aead_process_gcm_result_desc(req, desc, seq_size);
1505 ///////////////////////////////// 5 ////////////////////////////////////
1506
1507 /* prcess(ghash) gcm_block_len */
1508 HW_DESC_INIT(&desc[idx]);
1509 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1510 block_len_dma_addr, AES_BLOCK_SIZE,
1511 NS_BIT);
1512 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_HASH);
1513 idx++;
1514
1515 /* Store GHASH state after GHASH(Associated Data + Cipher +LenBlock) */
1516 HW_DESC_INIT(&desc[idx]);
1517 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_HASH_HW_GHASH);
1518 HW_DESC_SET_DIN_NO_DMA(&desc[idx], 0, 0xfffff0);
1519 HW_DESC_SET_DOUT_DLLI(&desc[idx],
1520 mac_res_dma_addr, AES_BLOCK_SIZE,
1521 NS_BIT, 0);
1522 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_WRITE_STATE0);
1523 HW_DESC_SET_FLOW_MODE(&desc[idx], S_HASH_to_DOUT);
1524 HW_DESC_SET_AES_NOT_HASH_MODE(&desc[idx]);
1525 idx++;
1526
1527 /* load AES/CTR initial CTR value inc by 1*/
1528 HW_DESC_INIT(&desc[idx]);
1529 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_GCTR);
1530 HW_DESC_SET_KEY_SIZE_AES(&desc[idx], key_size);
1531 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1532 iv_inc1_dma_addr, AES_BLOCK_SIZE,
1533 NS_BIT);
1534 HW_DESC_SET_CIPHER_CONFIG0(&desc[idx], DRV_CRYPTO_DIRECTION_ENCRYPT);
1535 HW_DESC_SET_SETUP_MODE(&desc[idx], SETUP_LOAD_STATE1);
1536 HW_DESC_SET_FLOW_MODE(&desc[idx], S_DIN_to_AES);
1537 idx++;
1538
1539 /* Memory Barrier */
1540 HW_DESC_INIT(&desc[idx]);
1541 HW_DESC_SET_DIN_NO_DMA(&desc[idx], 0, 0xfffff0);
1542 HW_DESC_SET_DOUT_NO_DMA(&desc[idx], 0, 0, 1);
1543 idx++;
1544
1545 /* process GCTR on stored GHASH and store MAC inplace */
1546 HW_DESC_INIT(&desc[idx]);
1547 HW_DESC_SET_CIPHER_MODE(&desc[idx], DRV_CIPHER_GCTR);
1548 HW_DESC_SET_DIN_TYPE(&desc[idx], DMA_DLLI,
1549 mac_res_dma_addr, AES_BLOCK_SIZE,
1550 NS_BIT);
1551 HW_DESC_SET_DOUT_DLLI(&desc[idx],
1552 mac_res_dma_addr, AES_BLOCK_SIZE,
1553 NS_BIT, 0);
1554 HW_DESC_SET_FLOW_MODE(&desc[idx], DIN_AES_DOUT);
1555 idx++;
1556
1557 /* perform the operation - Lock HW and push sequence */
1558 BUG_ON(idx > FIPS_GCM_MAX_SEQ_LEN);
1559 rc = send_request(drvdata, &ssi_req, desc, idx, false);
1560
1561 return rc;
1562 }
1563
1564 ssi_fips_error_t
1565 ssi_gcm_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer)
1566 {
1567 ssi_fips_error_t error = CC_REE_FIPS_ERROR_OK;
1568 size_t i;
1569 struct fips_gcm_ctx *virt_ctx = (struct fips_gcm_ctx *)cpu_addr_buffer;
1570
1571 /* set the phisical pointers */
1572 dma_addr_t adata_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, adata);
1573 dma_addr_t key_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, key);
1574 dma_addr_t hkey_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, hkey);
1575 dma_addr_t din_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, din);
1576 dma_addr_t dout_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, dout);
1577 dma_addr_t mac_res_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, mac_res);
1578 dma_addr_t len_block_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, len_block);
1579 dma_addr_t iv_inc1_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, iv_inc1);
1580 dma_addr_t iv_inc2_dma_addr = dma_coherent_buffer + offsetof(struct fips_gcm_ctx, iv_inc2);
1581
1582 for (i = 0; i < FIPS_GCM_NUM_OF_TESTS; ++i)
1583 {
1584 FipsGcmData *gcmData = (FipsGcmData*)&FipsGcmDataTable[i];
1585 int rc = 0;
1586
1587 memset(cpu_addr_buffer, 0, sizeof(struct fips_gcm_ctx));
1588
1589 /* copy the key, adata, din data - into the allocated buffer */
1590 memcpy(virt_ctx->key, gcmData->key, gcmData->keySize);
1591 memcpy(virt_ctx->adata, gcmData->adata, gcmData->adataSize);
1592 memcpy(virt_ctx->din, gcmData->dataIn, gcmData->dataInSize);
1593
1594 /* len_block */
1595 {
1596 __be64 len_bits;
1597 len_bits = cpu_to_be64(gcmData->adataSize * 8);
1598 memcpy(virt_ctx->len_block, &len_bits, sizeof(len_bits));
1599 len_bits = cpu_to_be64(gcmData->dataInSize * 8);
1600 memcpy(virt_ctx->len_block + 8, &len_bits, sizeof(len_bits));
1601 }
1602 /* iv_inc1, iv_inc2 */
1603 {
1604 __be32 counter = cpu_to_be32(1);
1605 memcpy(virt_ctx->iv_inc1, gcmData->iv, NIST_AESGCM_IV_SIZE);
1606 memcpy(virt_ctx->iv_inc1 + NIST_AESGCM_IV_SIZE, &counter, sizeof(counter));
1607 counter = cpu_to_be32(2);
1608 memcpy(virt_ctx->iv_inc2, gcmData->iv, NIST_AESGCM_IV_SIZE);
1609 memcpy(virt_ctx->iv_inc2 + NIST_AESGCM_IV_SIZE, &counter, sizeof(counter));
1610 }
1611
1612 FIPS_DBG("ssi_gcm_fips_run_test - (i = %d) \n", i);
1613 rc = ssi_gcm_fips_run_test(drvdata,
1614 gcmData->direction,
1615 key_dma_addr,
1616 gcmData->keySize,
1617 hkey_dma_addr,
1618 len_block_dma_addr,
1619 iv_inc1_dma_addr,
1620 iv_inc2_dma_addr,
1621 adata_dma_addr,
1622 gcmData->adataSize,
1623 din_dma_addr,
1624 gcmData->dataInSize,
1625 dout_dma_addr,
1626 mac_res_dma_addr);
1627 if (rc != 0)
1628 {
1629 FIPS_LOG("ssi_gcm_fips_run_test %d returned error - rc = %d \n", i, rc);
1630 error = CC_REE_FIPS_ERROR_AESGCM_PUT;
1631 break;
1632 }
1633
1634 if (gcmData->direction == DRV_CRYPTO_DIRECTION_ENCRYPT) {
1635 /* compare actual dout to expected */
1636 if (memcmp(virt_ctx->dout, gcmData->dataOut, gcmData->dataInSize) != 0)
1637 {
1638 FIPS_LOG("dout comparison error %d - size=%d \n", i, gcmData->dataInSize);
1639 FIPS_LOG(" i expected received \n");
1640 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)gcmData->dataOut, (size_t)virt_ctx->dout);
1641 for (i = 0; i < gcmData->dataInSize; ++i)
1642 {
1643 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, gcmData->dataOut[i], virt_ctx->dout[i]);
1644 }
1645
1646 error = CC_REE_FIPS_ERROR_AESGCM_PUT;
1647 break;
1648 }
1649 }
1650
1651 /* compare actual mac result to expected */
1652 if (memcmp(virt_ctx->mac_res, gcmData->macResOut, gcmData->tagSize) != 0)
1653 {
1654 FIPS_LOG("mac_res comparison error %d - mac_size=%d \n", i, gcmData->tagSize);
1655 FIPS_LOG(" i expected received \n");
1656 FIPS_LOG(" i 0x%08x 0x%08x \n", (size_t)gcmData->macResOut, (size_t)virt_ctx->mac_res);
1657 for (i = 0; i < gcmData->tagSize; ++i)
1658 {
1659 FIPS_LOG(" %d 0x%02x 0x%02x \n", i, gcmData->macResOut[i], virt_ctx->mac_res[i]);
1660 }
1661
1662 error = CC_REE_FIPS_ERROR_AESGCM_PUT;
1663 break;
1664 }
1665 }
1666 return error;
1667 }
1668
1669
1670 size_t ssi_fips_max_mem_alloc_size(void)
1671 {
1672 FIPS_DBG("sizeof(struct fips_cipher_ctx) %d \n", sizeof(struct fips_cipher_ctx));
1673 FIPS_DBG("sizeof(struct fips_cmac_ctx) %d \n", sizeof(struct fips_cmac_ctx));
1674 FIPS_DBG("sizeof(struct fips_hash_ctx) %d \n", sizeof(struct fips_hash_ctx));
1675 FIPS_DBG("sizeof(struct fips_hmac_ctx) %d \n", sizeof(struct fips_hmac_ctx));
1676 FIPS_DBG("sizeof(struct fips_ccm_ctx) %d \n", sizeof(struct fips_ccm_ctx));
1677 FIPS_DBG("sizeof(struct fips_gcm_ctx) %d \n", sizeof(struct fips_gcm_ctx));
1678
1679 return sizeof(fips_ctx);
1680 }
1681
Ubuntu Artful kernel mirror