1 /* 2 * Copyright 2016 Broadcom 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License, version 2, as 6 * published by the Free Software Foundation (the "GPL"). 7 * 8 * This program is distributed in the hope that it will be useful, but 9 * WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 * General Public License version 2 (GPLv2) for more details. 12 * 13 * You should have received a copy of the GNU General Public License 14 * version 2 (GPLv2) along with this source code. 15 */ 16 17 #ifndef _CIPHER_H 18 #define _CIPHER_H 19 20 #include <linux/atomic.h> 21 #include <linux/mailbox/brcm-message.h> 22 #include <linux/mailbox_client.h> 23 #include <crypto/aes.h> 24 #include <crypto/internal/hash.h> 25 #include <crypto/aead.h> 26 #include <crypto/arc4.h> 27 #include <crypto/gcm.h> 28 #include <crypto/sha.h> 29 #include <crypto/sha3.h> 30 31 #include "spu.h" 32 #include "spum.h" 33 #include "spu2.h" 34 35 /* Driver supports up to MAX_SPUS SPU blocks */ 36 #define MAX_SPUS 16 37 38 #define ARC4_STATE_SIZE 4 39 40 #define CCM_AES_IV_SIZE 16 41 #define CCM_ESP_IV_SIZE 8 42 #define RFC4543_ICV_SIZE 16 43 44 #define MAX_KEY_SIZE ARC4_MAX_KEY_SIZE 45 #define MAX_IV_SIZE AES_BLOCK_SIZE 46 #define MAX_DIGEST_SIZE SHA3_512_DIGEST_SIZE 47 #define MAX_ASSOC_SIZE 512 48 49 /* size of salt value for AES-GCM-ESP and AES-CCM-ESP */ 50 #define GCM_ESP_SALT_SIZE 4 51 #define CCM_ESP_SALT_SIZE 3 52 #define MAX_SALT_SIZE GCM_ESP_SALT_SIZE 53 #define GCM_ESP_SALT_OFFSET 0 54 #define CCM_ESP_SALT_OFFSET 1 55 56 #define GCM_ESP_DIGESTSIZE 16 57 58 #define MAX_HASH_BLOCK_SIZE SHA512_BLOCK_SIZE 59 60 /* 61 * Maximum number of bytes from a non-final hash request that can be deferred 62 * until more data is available. With new crypto API framework, this 63 * can be no more than one block of data. 64 */ 65 #define HASH_CARRY_MAX MAX_HASH_BLOCK_SIZE 66 67 /* Force at least 4-byte alignment of all SPU message fields */ 68 #define SPU_MSG_ALIGN 4 69 70 /* Number of times to resend mailbox message if mb queue is full */ 71 #define SPU_MB_RETRY_MAX 1000 72 73 /* op_counts[] indexes */ 74 enum op_type { 75 SPU_OP_CIPHER, 76 SPU_OP_HASH, 77 SPU_OP_HMAC, 78 SPU_OP_AEAD, 79 SPU_OP_NUM 80 }; 81 82 enum spu_spu_type { 83 SPU_TYPE_SPUM, 84 SPU_TYPE_SPU2, 85 }; 86 87 /* 88 * SPUM_NS2 and SPUM_NSP are the SPU-M block on Northstar 2 and Northstar Plus, 89 * respectively. 90 */ 91 enum spu_spu_subtype { 92 SPU_SUBTYPE_SPUM_NS2, 93 SPU_SUBTYPE_SPUM_NSP, 94 SPU_SUBTYPE_SPU2_V1, 95 SPU_SUBTYPE_SPU2_V2 96 }; 97 98 struct spu_type_subtype { 99 enum spu_spu_type type; 100 enum spu_spu_subtype subtype; 101 }; 102 103 struct cipher_op { 104 enum spu_cipher_alg alg; 105 enum spu_cipher_mode mode; 106 }; 107 108 struct auth_op { 109 enum hash_alg alg; 110 enum hash_mode mode; 111 }; 112 113 struct iproc_alg_s { 114 u32 type; 115 union { 116 struct crypto_alg crypto; 117 struct ahash_alg hash; 118 struct aead_alg aead; 119 } alg; 120 struct cipher_op cipher_info; 121 struct auth_op auth_info; 122 bool auth_first; 123 bool registered; 124 }; 125 126 /* 127 * Buffers for a SPU request/reply message pair. All part of one structure to 128 * allow a single alloc per request. 129 */ 130 struct spu_msg_buf { 131 /* Request message fragments */ 132 133 /* 134 * SPU request message header. For SPU-M, holds MH, EMH, SCTX, BDESC, 135 * and BD header. For SPU2, holds FMD, OMD. 136 */ 137 u8 bcm_spu_req_hdr[ALIGN(SPU2_HEADER_ALLOC_LEN, SPU_MSG_ALIGN)]; 138 139 /* IV or counter. Size to include salt. Also used for XTS tweek. */ 140 u8 iv_ctr[ALIGN(2 * AES_BLOCK_SIZE, SPU_MSG_ALIGN)]; 141 142 /* Hash digest. request and response. */ 143 u8 digest[ALIGN(MAX_DIGEST_SIZE, SPU_MSG_ALIGN)]; 144 145 /* SPU request message padding */ 146 u8 spu_req_pad[ALIGN(SPU_PAD_LEN_MAX, SPU_MSG_ALIGN)]; 147 148 /* SPU-M request message STATUS field */ 149 u8 tx_stat[ALIGN(SPU_TX_STATUS_LEN, SPU_MSG_ALIGN)]; 150 151 /* Response message fragments */ 152 153 /* SPU response message header */ 154 u8 spu_resp_hdr[ALIGN(SPU2_HEADER_ALLOC_LEN, SPU_MSG_ALIGN)]; 155 156 /* SPU response message STATUS field padding */ 157 u8 rx_stat_pad[ALIGN(SPU_STAT_PAD_MAX, SPU_MSG_ALIGN)]; 158 159 /* SPU response message STATUS field */ 160 u8 rx_stat[ALIGN(SPU_RX_STATUS_LEN, SPU_MSG_ALIGN)]; 161 162 union { 163 /* Buffers only used for ablkcipher */ 164 struct { 165 /* 166 * Field used for either SUPDT when RC4 is used 167 * -OR- tweak value when XTS/AES is used 168 */ 169 u8 supdt_tweak[ALIGN(SPU_SUPDT_LEN, SPU_MSG_ALIGN)]; 170 } c; 171 172 /* Buffers only used for aead */ 173 struct { 174 /* SPU response pad for GCM data */ 175 u8 gcmpad[ALIGN(AES_BLOCK_SIZE, SPU_MSG_ALIGN)]; 176 177 /* SPU request msg padding for GCM AAD */ 178 u8 req_aad_pad[ALIGN(SPU_PAD_LEN_MAX, SPU_MSG_ALIGN)]; 179 180 /* SPU response data to be discarded */ 181 u8 resp_aad[ALIGN(MAX_ASSOC_SIZE + MAX_IV_SIZE, 182 SPU_MSG_ALIGN)]; 183 } a; 184 }; 185 }; 186 187 struct iproc_ctx_s { 188 u8 enckey[MAX_KEY_SIZE + ARC4_STATE_SIZE]; 189 unsigned int enckeylen; 190 191 u8 authkey[MAX_KEY_SIZE + ARC4_STATE_SIZE]; 192 unsigned int authkeylen; 193 194 u8 salt[MAX_SALT_SIZE]; 195 unsigned int salt_len; 196 unsigned int salt_offset; 197 u8 iv[MAX_IV_SIZE]; 198 199 unsigned int digestsize; 200 201 struct iproc_alg_s *alg; 202 bool is_esp; 203 204 struct cipher_op cipher; 205 enum spu_cipher_type cipher_type; 206 207 struct auth_op auth; 208 bool auth_first; 209 210 /* 211 * The maximum length in bytes of the payload in a SPU message for this 212 * context. For SPU-M, the payload is the combination of AAD and data. 213 * For SPU2, the payload is just data. A value of SPU_MAX_PAYLOAD_INF 214 * indicates that there is no limit to the length of the SPU message 215 * payload. 216 */ 217 unsigned int max_payload; 218 219 struct crypto_aead *fallback_cipher; 220 221 /* auth_type is determined during processing of request */ 222 223 u8 ipad[MAX_HASH_BLOCK_SIZE]; 224 u8 opad[MAX_HASH_BLOCK_SIZE]; 225 226 /* 227 * Buffer to hold SPU message header template. Template is created at 228 * setkey time for ablkcipher requests, since most of the fields in the 229 * header are known at that time. At request time, just fill in a few 230 * missing pieces related to length of data in the request and IVs, etc. 231 */ 232 u8 bcm_spu_req_hdr[ALIGN(SPU2_HEADER_ALLOC_LEN, SPU_MSG_ALIGN)]; 233 234 /* Length of SPU request header */ 235 u16 spu_req_hdr_len; 236 237 /* Expected length of SPU response header */ 238 u16 spu_resp_hdr_len; 239 240 /* 241 * shash descriptor - needed to perform incremental hashing in 242 * in software, when hw doesn't support it. 243 */ 244 struct shash_desc *shash; 245 246 bool is_rfc4543; /* RFC 4543 style of GMAC */ 247 }; 248 249 /* state from iproc_reqctx_s necessary for hash state export/import */ 250 struct spu_hash_export_s { 251 unsigned int total_todo; 252 unsigned int total_sent; 253 u8 hash_carry[HASH_CARRY_MAX]; 254 unsigned int hash_carry_len; 255 u8 incr_hash[MAX_DIGEST_SIZE]; 256 bool is_sw_hmac; 257 }; 258 259 struct iproc_reqctx_s { 260 /* general context */ 261 struct crypto_async_request *parent; 262 263 /* only valid after enqueue() */ 264 struct iproc_ctx_s *ctx; 265 266 u8 chan_idx; /* Mailbox channel to be used to submit this request */ 267 268 /* total todo, rx'd, and sent for this request */ 269 unsigned int total_todo; 270 unsigned int total_received; /* only valid for ablkcipher */ 271 unsigned int total_sent; 272 273 /* 274 * num bytes sent to hw from the src sg in this request. This can differ 275 * from total_sent for incremental hashing. total_sent includes previous 276 * init() and update() data. src_sent does not. 277 */ 278 unsigned int src_sent; 279 280 /* 281 * For AEAD requests, start of associated data. This will typically 282 * point to the beginning of the src scatterlist from the request, 283 * since assoc data is at the beginning of the src scatterlist rather 284 * than in its own sg. 285 */ 286 struct scatterlist *assoc; 287 288 /* 289 * scatterlist entry and offset to start of data for next chunk. Crypto 290 * API src scatterlist for AEAD starts with AAD, if present. For first 291 * chunk, src_sg is sg entry at beginning of input data (after AAD). 292 * src_skip begins at the offset in that sg entry where data begins. 293 */ 294 struct scatterlist *src_sg; 295 int src_nents; /* Number of src entries with data */ 296 u32 src_skip; /* bytes of current sg entry already used */ 297 298 /* 299 * Same for destination. For AEAD, if there is AAD, output data must 300 * be written at offset following AAD. 301 */ 302 struct scatterlist *dst_sg; 303 int dst_nents; /* Number of dst entries with data */ 304 u32 dst_skip; /* bytes of current sg entry already written */ 305 306 /* Mailbox message used to send this request to PDC driver */ 307 struct brcm_message mb_mssg; 308 309 bool bd_suppress; /* suppress BD field in SPU response? */ 310 311 /* cipher context */ 312 bool is_encrypt; 313 314 /* 315 * CBC mode: IV. CTR mode: counter. Else empty. Used as a DMA 316 * buffer for AEAD requests. So allocate as DMAable memory. If IV 317 * concatenated with salt, includes the salt. 318 */ 319 u8 *iv_ctr; 320 /* Length of IV or counter, in bytes */ 321 unsigned int iv_ctr_len; 322 323 /* 324 * Hash requests can be of any size, whether initial, update, or final. 325 * A non-final request must be submitted to the SPU as an integral 326 * number of blocks. This may leave data at the end of the request 327 * that is not a full block. Since the request is non-final, it cannot 328 * be padded. So, we write the remainder to this hash_carry buffer and 329 * hold it until the next request arrives. The carry data is then 330 * submitted at the beginning of the data in the next SPU msg. 331 * hash_carry_len is the number of bytes currently in hash_carry. These 332 * fields are only used for ahash requests. 333 */ 334 u8 hash_carry[HASH_CARRY_MAX]; 335 unsigned int hash_carry_len; 336 unsigned int is_final; /* is this the final for the hash op? */ 337 338 /* 339 * Digest from incremental hash is saved here to include in next hash 340 * operation. Cannot be stored in req->result for truncated hashes, 341 * since result may be sized for final digest. Cannot be saved in 342 * msg_buf because that gets deleted between incremental hash ops 343 * and is not saved as part of export(). 344 */ 345 u8 incr_hash[MAX_DIGEST_SIZE]; 346 347 /* hmac context */ 348 bool is_sw_hmac; 349 350 /* aead context */ 351 struct crypto_tfm *old_tfm; 352 crypto_completion_t old_complete; 353 void *old_data; 354 355 gfp_t gfp; 356 357 /* Buffers used to build SPU request and response messages */ 358 struct spu_msg_buf msg_buf; 359 }; 360 361 /* 362 * Structure encapsulates a set of function pointers specific to the type of 363 * SPU hardware running. These functions handling creation and parsing of 364 * SPU request messages and SPU response messages. Includes hardware-specific 365 * values read from device tree. 366 */ 367 struct spu_hw { 368 void (*spu_dump_msg_hdr)(u8 *buf, unsigned int buf_len); 369 u32 (*spu_ctx_max_payload)(enum spu_cipher_alg cipher_alg, 370 enum spu_cipher_mode cipher_mode, 371 unsigned int blocksize); 372 u32 (*spu_payload_length)(u8 *spu_hdr); 373 u16 (*spu_response_hdr_len)(u16 auth_key_len, u16 enc_key_len, 374 bool is_hash); 375 u16 (*spu_hash_pad_len)(enum hash_alg hash_alg, 376 enum hash_mode hash_mode, u32 chunksize, 377 u16 hash_block_size); 378 u32 (*spu_gcm_ccm_pad_len)(enum spu_cipher_mode cipher_mode, 379 unsigned int data_size); 380 u32 (*spu_assoc_resp_len)(enum spu_cipher_mode cipher_mode, 381 unsigned int assoc_len, 382 unsigned int iv_len, bool is_encrypt); 383 u8 (*spu_aead_ivlen)(enum spu_cipher_mode cipher_mode, 384 u16 iv_len); 385 enum hash_type (*spu_hash_type)(u32 src_sent); 386 u32 (*spu_digest_size)(u32 digest_size, enum hash_alg alg, 387 enum hash_type); 388 u32 (*spu_create_request)(u8 *spu_hdr, 389 struct spu_request_opts *req_opts, 390 struct spu_cipher_parms *cipher_parms, 391 struct spu_hash_parms *hash_parms, 392 struct spu_aead_parms *aead_parms, 393 unsigned int data_size); 394 u16 (*spu_cipher_req_init)(u8 *spu_hdr, 395 struct spu_cipher_parms *cipher_parms); 396 void (*spu_cipher_req_finish)(u8 *spu_hdr, 397 u16 spu_req_hdr_len, 398 unsigned int is_inbound, 399 struct spu_cipher_parms *cipher_parms, 400 bool update_key, 401 unsigned int data_size); 402 void (*spu_request_pad)(u8 *pad_start, u32 gcm_padding, 403 u32 hash_pad_len, enum hash_alg auth_alg, 404 enum hash_mode auth_mode, 405 unsigned int total_sent, u32 status_padding); 406 u8 (*spu_xts_tweak_in_payload)(void); 407 u8 (*spu_tx_status_len)(void); 408 u8 (*spu_rx_status_len)(void); 409 int (*spu_status_process)(u8 *statp); 410 void (*spu_ccm_update_iv)(unsigned int digestsize, 411 struct spu_cipher_parms *cipher_parms, 412 unsigned int assoclen, unsigned int chunksize, 413 bool is_encrypt, bool is_esp); 414 u32 (*spu_wordalign_padlen)(u32 data_size); 415 416 /* The base virtual address of the SPU hw registers */ 417 void __iomem *reg_vbase[MAX_SPUS]; 418 419 /* Version of the SPU hardware */ 420 enum spu_spu_type spu_type; 421 422 /* Sub-version of the SPU hardware */ 423 enum spu_spu_subtype spu_subtype; 424 425 /* The number of SPUs on this platform */ 426 u32 num_spu; 427 428 /* The number of SPU channels on this platform */ 429 u32 num_chan; 430 }; 431 432 struct device_private { 433 struct platform_device *pdev; 434 435 struct spu_hw spu; 436 437 atomic_t session_count; /* number of streams active */ 438 atomic_t stream_count; /* monotonic counter for streamID's */ 439 440 /* Length of BCM header. Set to 0 when hw does not expect BCM HEADER. */ 441 u8 bcm_hdr_len; 442 443 /* The index of the channel to use for the next crypto request */ 444 atomic_t next_chan; 445 446 struct dentry *debugfs_dir; 447 struct dentry *debugfs_stats; 448 449 /* Number of request bytes processed and result bytes returned */ 450 atomic64_t bytes_in; 451 atomic64_t bytes_out; 452 453 /* Number of operations of each type */ 454 atomic_t op_counts[SPU_OP_NUM]; 455 456 atomic_t cipher_cnt[CIPHER_ALG_LAST][CIPHER_MODE_LAST]; 457 atomic_t hash_cnt[HASH_ALG_LAST]; 458 atomic_t hmac_cnt[HASH_ALG_LAST]; 459 atomic_t aead_cnt[AEAD_TYPE_LAST]; 460 461 /* Number of calls to setkey() for each operation type */ 462 atomic_t setkey_cnt[SPU_OP_NUM]; 463 464 /* Number of times request was resubmitted because mb was full */ 465 atomic_t mb_no_spc; 466 467 /* Number of mailbox send failures */ 468 atomic_t mb_send_fail; 469 470 /* Number of ICV check failures for AEAD messages */ 471 atomic_t bad_icv; 472 473 struct mbox_client mcl; 474 475 /* Array of mailbox channel pointers, one for each channel */ 476 struct mbox_chan **mbox; 477 }; 478 479 extern struct device_private iproc_priv; 480 481 #endif 482