1 /* 2 * This file is part of the Chelsio T6 Crypto driver for Linux. 3 * 4 * Copyright (c) 2003-2016 Chelsio Communications, Inc. All rights reserved. 5 * 6 * This software is available to you under a choice of one of two 7 * licenses. You may choose to be licensed under the terms of the GNU 8 * General Public License (GPL) Version 2, available from the file 9 * COPYING in the main directory of this source tree, or the 10 * OpenIB.org BSD license below: 11 * 12 * Redistribution and use in source and binary forms, with or 13 * without modification, are permitted provided that the following 14 * conditions are met: 15 * 16 * - Redistributions of source code must retain the above 17 * copyright notice, this list of conditions and the following 18 * disclaimer. 19 * 20 * - Redistributions in binary form must reproduce the above 21 * copyright notice, this list of conditions and the following 22 * disclaimer in the documentation and/or other materials 23 * provided with the distribution. 24 * 25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 32 * SOFTWARE. 33 * 34 */ 35 36 #ifndef __CHCR_ALGO_H__ 37 #define __CHCR_ALGO_H__ 38 39 /* Crypto key context */ 40 #define KEY_CONTEXT_CTX_LEN_S 24 41 #define KEY_CONTEXT_CTX_LEN_M 0xff 42 #define KEY_CONTEXT_CTX_LEN_V(x) ((x) << KEY_CONTEXT_CTX_LEN_S) 43 #define KEY_CONTEXT_CTX_LEN_G(x) \ 44 (((x) >> KEY_CONTEXT_CTX_LEN_S) & KEY_CONTEXT_CTX_LEN_M) 45 46 #define KEY_CONTEXT_DUAL_CK_S 12 47 #define KEY_CONTEXT_DUAL_CK_M 0x1 48 #define KEY_CONTEXT_DUAL_CK_V(x) ((x) << KEY_CONTEXT_DUAL_CK_S) 49 #define KEY_CONTEXT_DUAL_CK_G(x) \ 50 (((x) >> KEY_CONTEXT_DUAL_CK_S) & KEY_CONTEXT_DUAL_CK_M) 51 #define KEY_CONTEXT_DUAL_CK_F KEY_CONTEXT_DUAL_CK_V(1U) 52 53 #define KEY_CONTEXT_SALT_PRESENT_S 10 54 #define KEY_CONTEXT_SALT_PRESENT_M 0x1 55 #define KEY_CONTEXT_SALT_PRESENT_V(x) ((x) << KEY_CONTEXT_SALT_PRESENT_S) 56 #define KEY_CONTEXT_SALT_PRESENT_G(x) \ 57 (((x) >> KEY_CONTEXT_SALT_PRESENT_S) & \ 58 KEY_CONTEXT_SALT_PRESENT_M) 59 #define KEY_CONTEXT_SALT_PRESENT_F KEY_CONTEXT_SALT_PRESENT_V(1U) 60 61 #define KEY_CONTEXT_VALID_S 0 62 #define KEY_CONTEXT_VALID_M 0x1 63 #define KEY_CONTEXT_VALID_V(x) ((x) << KEY_CONTEXT_VALID_S) 64 #define KEY_CONTEXT_VALID_G(x) \ 65 (((x) >> KEY_CONTEXT_VALID_S) & \ 66 KEY_CONTEXT_VALID_M) 67 #define KEY_CONTEXT_VALID_F KEY_CONTEXT_VALID_V(1U) 68 69 #define KEY_CONTEXT_CK_SIZE_S 6 70 #define KEY_CONTEXT_CK_SIZE_M 0xf 71 #define KEY_CONTEXT_CK_SIZE_V(x) ((x) << KEY_CONTEXT_CK_SIZE_S) 72 #define KEY_CONTEXT_CK_SIZE_G(x) \ 73 (((x) >> KEY_CONTEXT_CK_SIZE_S) & KEY_CONTEXT_CK_SIZE_M) 74 75 #define KEY_CONTEXT_MK_SIZE_S 2 76 #define KEY_CONTEXT_MK_SIZE_M 0xf 77 #define KEY_CONTEXT_MK_SIZE_V(x) ((x) << KEY_CONTEXT_MK_SIZE_S) 78 #define KEY_CONTEXT_MK_SIZE_G(x) \ 79 (((x) >> KEY_CONTEXT_MK_SIZE_S) & KEY_CONTEXT_MK_SIZE_M) 80 81 #define KEY_CONTEXT_OPAD_PRESENT_S 11 82 #define KEY_CONTEXT_OPAD_PRESENT_M 0x1 83 #define KEY_CONTEXT_OPAD_PRESENT_V(x) ((x) << KEY_CONTEXT_OPAD_PRESENT_S) 84 #define KEY_CONTEXT_OPAD_PRESENT_G(x) \ 85 (((x) >> KEY_CONTEXT_OPAD_PRESENT_S) & \ 86 KEY_CONTEXT_OPAD_PRESENT_M) 87 #define KEY_CONTEXT_OPAD_PRESENT_F KEY_CONTEXT_OPAD_PRESENT_V(1U) 88 89 #define CHCR_HASH_MAX_DIGEST_SIZE 64 90 #define CHCR_MAX_SHA_DIGEST_SIZE 64 91 92 #define IPSEC_TRUNCATED_ICV_SIZE 12 93 #define TLS_TRUNCATED_HMAC_SIZE 10 94 #define CBCMAC_DIGEST_SIZE 16 95 #define MAX_HASH_NAME 20 96 97 #define SHA1_INIT_STATE_5X4B 5 98 #define SHA256_INIT_STATE_8X4B 8 99 #define SHA512_INIT_STATE_8X8B 8 100 #define SHA1_INIT_STATE SHA1_INIT_STATE_5X4B 101 #define SHA224_INIT_STATE SHA256_INIT_STATE_8X4B 102 #define SHA256_INIT_STATE SHA256_INIT_STATE_8X4B 103 #define SHA384_INIT_STATE SHA512_INIT_STATE_8X8B 104 #define SHA512_INIT_STATE SHA512_INIT_STATE_8X8B 105 106 #define DUMMY_BYTES 16 107 108 #define IPAD_DATA 0x36363636 109 #define OPAD_DATA 0x5c5c5c5c 110 111 #define TRANSHDR_SIZE(kctx_len)\ 112 (sizeof(struct chcr_wr) +\ 113 kctx_len) 114 #define CIPHER_TRANSHDR_SIZE(kctx_len, sge_pairs) \ 115 (TRANSHDR_SIZE((kctx_len)) + (sge_pairs) +\ 116 sizeof(struct cpl_rx_phys_dsgl) + AES_BLOCK_SIZE) 117 #define HASH_TRANSHDR_SIZE(kctx_len)\ 118 (TRANSHDR_SIZE(kctx_len) + DUMMY_BYTES) 119 120 121 #define FILL_SEC_CPL_OP_IVINSR(id, len, ofst) \ 122 htonl( \ 123 CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | \ 124 CPL_TX_SEC_PDU_RXCHID_V((id)) | \ 125 CPL_TX_SEC_PDU_ACKFOLLOWS_V(0) | \ 126 CPL_TX_SEC_PDU_ULPTXLPBK_V(1) | \ 127 CPL_TX_SEC_PDU_CPLLEN_V((len)) | \ 128 CPL_TX_SEC_PDU_PLACEHOLDER_V(0) | \ 129 CPL_TX_SEC_PDU_IVINSRTOFST_V((ofst))) 130 131 #define FILL_SEC_CPL_CIPHERSTOP_HI(a_start, a_stop, c_start, c_stop_hi) \ 132 htonl( \ 133 CPL_TX_SEC_PDU_AADSTART_V((a_start)) | \ 134 CPL_TX_SEC_PDU_AADSTOP_V((a_stop)) | \ 135 CPL_TX_SEC_PDU_CIPHERSTART_V((c_start)) | \ 136 CPL_TX_SEC_PDU_CIPHERSTOP_HI_V((c_stop_hi))) 137 138 #define FILL_SEC_CPL_AUTHINSERT(c_stop_lo, a_start, a_stop, a_inst) \ 139 htonl( \ 140 CPL_TX_SEC_PDU_CIPHERSTOP_LO_V((c_stop_lo)) | \ 141 CPL_TX_SEC_PDU_AUTHSTART_V((a_start)) | \ 142 CPL_TX_SEC_PDU_AUTHSTOP_V((a_stop)) | \ 143 CPL_TX_SEC_PDU_AUTHINSERT_V((a_inst))) 144 145 #define FILL_SEC_CPL_SCMD0_SEQNO(ctrl, seq, cmode, amode, opad, size) \ 146 htonl( \ 147 SCMD_SEQ_NO_CTRL_V(0) | \ 148 SCMD_STATUS_PRESENT_V(0) | \ 149 SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_GENERIC) | \ 150 SCMD_ENC_DEC_CTRL_V((ctrl)) | \ 151 SCMD_CIPH_AUTH_SEQ_CTRL_V((seq)) | \ 152 SCMD_CIPH_MODE_V((cmode)) | \ 153 SCMD_AUTH_MODE_V((amode)) | \ 154 SCMD_HMAC_CTRL_V((opad)) | \ 155 SCMD_IV_SIZE_V((size)) | \ 156 SCMD_NUM_IVS_V(0)) 157 158 #define FILL_SEC_CPL_IVGEN_HDRLEN(last, more, ctx_in, mac, ivdrop, len) htonl( \ 159 SCMD_ENB_DBGID_V(0) | \ 160 SCMD_IV_GEN_CTRL_V(0) | \ 161 SCMD_LAST_FRAG_V((last)) | \ 162 SCMD_MORE_FRAGS_V((more)) | \ 163 SCMD_TLS_COMPPDU_V(0) | \ 164 SCMD_KEY_CTX_INLINE_V((ctx_in)) | \ 165 SCMD_TLS_FRAG_ENABLE_V(0) | \ 166 SCMD_MAC_ONLY_V((mac)) | \ 167 SCMD_AADIVDROP_V((ivdrop)) | \ 168 SCMD_HDR_LEN_V((len))) 169 170 #define FILL_KEY_CTX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \ 171 htonl(KEY_CONTEXT_VALID_V(1) | \ 172 KEY_CONTEXT_CK_SIZE_V((ck_size)) | \ 173 KEY_CONTEXT_MK_SIZE_V(mk_size) | \ 174 KEY_CONTEXT_DUAL_CK_V((d_ck)) | \ 175 KEY_CONTEXT_OPAD_PRESENT_V((opad)) | \ 176 KEY_CONTEXT_SALT_PRESENT_V(1) | \ 177 KEY_CONTEXT_CTX_LEN_V((ctx_len))) 178 179 #define FILL_KEY_CRX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \ 180 htonl(TLS_KEYCTX_RXMK_SIZE_V(mk_size) | \ 181 TLS_KEYCTX_RXCK_SIZE_V(ck_size) | \ 182 TLS_KEYCTX_RX_VALID_V(1) | \ 183 TLS_KEYCTX_RX_SEQCTR_V(3) | \ 184 TLS_KEYCTX_RXAUTH_MODE_V(4) | \ 185 TLS_KEYCTX_RXCIPH_MODE_V(2) | \ 186 TLS_KEYCTX_RXFLIT_CNT_V((ctx_len))) 187 188 #define FILL_WR_OP_CCTX_SIZE \ 189 htonl( \ 190 FW_CRYPTO_LOOKASIDE_WR_OPCODE_V( \ 191 FW_CRYPTO_LOOKASIDE_WR) | \ 192 FW_CRYPTO_LOOKASIDE_WR_COMPL_V(0) | \ 193 FW_CRYPTO_LOOKASIDE_WR_IMM_LEN_V((0)) | \ 194 FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(0) | \ 195 FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V(0)) 196 197 #define FILL_WR_RX_Q_ID(cid, qid, lcb, fid) \ 198 htonl( \ 199 FW_CRYPTO_LOOKASIDE_WR_RX_CHID_V((cid)) | \ 200 FW_CRYPTO_LOOKASIDE_WR_RX_Q_ID_V((qid)) | \ 201 FW_CRYPTO_LOOKASIDE_WR_LCB_V((lcb)) | \ 202 FW_CRYPTO_LOOKASIDE_WR_IV_V((IV_NOP)) | \ 203 FW_CRYPTO_LOOKASIDE_WR_FQIDX_V(fid)) 204 205 #define FILL_ULPTX_CMD_DEST(cid, qid) \ 206 htonl(ULPTX_CMD_V(ULP_TX_PKT) | \ 207 ULP_TXPKT_DEST_V(0) | \ 208 ULP_TXPKT_DATAMODIFY_V(0) | \ 209 ULP_TXPKT_CHANNELID_V((cid)) | \ 210 ULP_TXPKT_RO_V(1) | \ 211 ULP_TXPKT_FID_V(qid)) 212 213 #define KEYCTX_ALIGN_PAD(bs) ({unsigned int _bs = (bs);\ 214 _bs == SHA1_DIGEST_SIZE ? 12 : 0; }) 215 216 #define FILL_PLD_SIZE_HASH_SIZE(payload_sgl_len, sgl_lengths, total_frags) \ 217 htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(payload_sgl_len ? \ 218 sgl_lengths[total_frags] : 0) |\ 219 FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(0)) 220 221 #define FILL_LEN_PKD(calc_tx_flits_ofld, skb) \ 222 htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP((\ 223 calc_tx_flits_ofld(skb) * 8), 16))) 224 225 #define FILL_CMD_MORE(immdatalen) htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) |\ 226 ULP_TX_SC_MORE_V((immdatalen))) 227 #define MAX_NK 8 228 #define MAX_DSGL_ENT 32 229 #define MIN_AUTH_SG 1 /* IV */ 230 #define MIN_GCM_SG 1 /* IV */ 231 #define MIN_DIGEST_SG 1 /*Partial Buffer*/ 232 #define MIN_CCM_SG 1 /*IV+B0*/ 233 #define CIP_SPACE_LEFT(len) \ 234 ((SGE_MAX_WR_LEN - CIP_WR_MIN_LEN - (len))) 235 #define HASH_SPACE_LEFT(len) \ 236 ((SGE_MAX_WR_LEN - HASH_WR_MIN_LEN - (len))) 237 238 struct algo_param { 239 unsigned int auth_mode; 240 unsigned int mk_size; 241 unsigned int result_size; 242 }; 243 244 struct hash_wr_param { 245 struct algo_param alg_prm; 246 unsigned int opad_needed; 247 unsigned int more; 248 unsigned int last; 249 unsigned int kctx_len; 250 unsigned int sg_len; 251 unsigned int bfr_len; 252 unsigned int hash_size; 253 u64 scmd1; 254 }; 255 256 struct cipher_wr_param { 257 struct skcipher_request *req; 258 char *iv; 259 int bytes; 260 unsigned short qid; 261 }; 262 enum { 263 AES_KEYLENGTH_128BIT = 128, 264 AES_KEYLENGTH_192BIT = 192, 265 AES_KEYLENGTH_256BIT = 256 266 }; 267 268 enum { 269 KEYLENGTH_3BYTES = 3, 270 KEYLENGTH_4BYTES = 4, 271 KEYLENGTH_6BYTES = 6, 272 KEYLENGTH_8BYTES = 8 273 }; 274 275 enum { 276 NUMBER_OF_ROUNDS_10 = 10, 277 NUMBER_OF_ROUNDS_12 = 12, 278 NUMBER_OF_ROUNDS_14 = 14, 279 }; 280 281 /* 282 * CCM defines values of 4, 6, 8, 10, 12, 14, and 16 octets, 283 * where they indicate the size of the integrity check value (ICV) 284 */ 285 enum { 286 ICV_4 = 4, 287 ICV_6 = 6, 288 ICV_8 = 8, 289 ICV_10 = 10, 290 ICV_12 = 12, 291 ICV_13 = 13, 292 ICV_14 = 14, 293 ICV_15 = 15, 294 ICV_16 = 16 295 }; 296 297 struct phys_sge_pairs { 298 __be16 len[8]; 299 __be64 addr[8]; 300 }; 301 302 303 static const u32 chcr_sha1_init[SHA1_DIGEST_SIZE / 4] = { 304 SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4, 305 }; 306 307 static const u32 chcr_sha224_init[SHA256_DIGEST_SIZE / 4] = { 308 SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3, 309 SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7, 310 }; 311 312 static const u32 chcr_sha256_init[SHA256_DIGEST_SIZE / 4] = { 313 SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3, 314 SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7, 315 }; 316 317 static const u64 chcr_sha384_init[SHA512_DIGEST_SIZE / 8] = { 318 SHA384_H0, SHA384_H1, SHA384_H2, SHA384_H3, 319 SHA384_H4, SHA384_H5, SHA384_H6, SHA384_H7, 320 }; 321 322 static const u64 chcr_sha512_init[SHA512_DIGEST_SIZE / 8] = { 323 SHA512_H0, SHA512_H1, SHA512_H2, SHA512_H3, 324 SHA512_H4, SHA512_H5, SHA512_H6, SHA512_H7, 325 }; 326 327 static inline void copy_hash_init_values(char *key, int digestsize) 328 { 329 u8 i; 330 __be32 *dkey = (__be32 *)key; 331 u64 *ldkey = (u64 *)key; 332 __be64 *sha384 = (__be64 *)chcr_sha384_init; 333 __be64 *sha512 = (__be64 *)chcr_sha512_init; 334 335 switch (digestsize) { 336 case SHA1_DIGEST_SIZE: 337 for (i = 0; i < SHA1_INIT_STATE; i++) 338 dkey[i] = cpu_to_be32(chcr_sha1_init[i]); 339 break; 340 case SHA224_DIGEST_SIZE: 341 for (i = 0; i < SHA224_INIT_STATE; i++) 342 dkey[i] = cpu_to_be32(chcr_sha224_init[i]); 343 break; 344 case SHA256_DIGEST_SIZE: 345 for (i = 0; i < SHA256_INIT_STATE; i++) 346 dkey[i] = cpu_to_be32(chcr_sha256_init[i]); 347 break; 348 case SHA384_DIGEST_SIZE: 349 for (i = 0; i < SHA384_INIT_STATE; i++) 350 ldkey[i] = be64_to_cpu(sha384[i]); 351 break; 352 case SHA512_DIGEST_SIZE: 353 for (i = 0; i < SHA512_INIT_STATE; i++) 354 ldkey[i] = be64_to_cpu(sha512[i]); 355 break; 356 } 357 } 358 359 /* Number of len fields(8) * size of one addr field */ 360 #define PHYSDSGL_MAX_LEN_SIZE 16 361 362 static inline u16 get_space_for_phys_dsgl(unsigned int sgl_entr) 363 { 364 /* len field size + addr field size */ 365 return ((sgl_entr >> 3) + ((sgl_entr % 8) ? 366 1 : 0)) * PHYSDSGL_MAX_LEN_SIZE + 367 (sgl_entr << 3) + ((sgl_entr % 2 ? 1 : 0) << 3); 368 } 369 370 /* The AES s-transform matrix (s-box). */ 371 static const u8 aes_sbox[256] = { 372 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 373 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 374 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 375 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 376 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 377 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 378 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 379 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 380 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 381 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 382 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 383 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 384 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 385 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 386 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 387 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 388 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 389 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 390 187, 22 391 }; 392 393 static inline u32 aes_ks_subword(const u32 w) 394 { 395 u8 bytes[4]; 396 397 *(u32 *)(&bytes[0]) = w; 398 bytes[0] = aes_sbox[bytes[0]]; 399 bytes[1] = aes_sbox[bytes[1]]; 400 bytes[2] = aes_sbox[bytes[2]]; 401 bytes[3] = aes_sbox[bytes[3]]; 402 return *(u32 *)(&bytes[0]); 403 } 404 405 #endif /* __CHCR_ALGO_H__ */ 406