1 /*
2  * This file is part of the Chelsio T6 Crypto driver for Linux.
3  *
4  * Copyright (c) 2003-2016 Chelsio Communications, Inc. All rights reserved.
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenIB.org BSD license below:
11  *
12  *     Redistribution and use in source and binary forms, with or
13  *     without modification, are permitted provided that the following
14  *     conditions are met:
15  *
16  *      - Redistributions of source code must retain the above
17  *        copyright notice, this list of conditions and the following
18  *        disclaimer.
19  *
20  *      - Redistributions in binary form must reproduce the above
21  *        copyright notice, this list of conditions and the following
22  *        disclaimer in the documentation and/or other materials
23  *        provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  *
34  */
35 
36 #ifndef __CHCR_ALGO_H__
37 #define __CHCR_ALGO_H__
38 
39 /* Crypto key context */
40 #define KEY_CONTEXT_CTX_LEN_S           24
41 #define KEY_CONTEXT_CTX_LEN_M           0xff
42 #define KEY_CONTEXT_CTX_LEN_V(x)        ((x) << KEY_CONTEXT_CTX_LEN_S)
43 #define KEY_CONTEXT_CTX_LEN_G(x) \
44 	(((x) >> KEY_CONTEXT_CTX_LEN_S) & KEY_CONTEXT_CTX_LEN_M)
45 
46 #define KEY_CONTEXT_DUAL_CK_S      12
47 #define KEY_CONTEXT_DUAL_CK_M      0x1
48 #define KEY_CONTEXT_DUAL_CK_V(x)   ((x) << KEY_CONTEXT_DUAL_CK_S)
49 #define KEY_CONTEXT_DUAL_CK_G(x)   \
50 (((x) >> KEY_CONTEXT_DUAL_CK_S) & KEY_CONTEXT_DUAL_CK_M)
51 #define KEY_CONTEXT_DUAL_CK_F      KEY_CONTEXT_DUAL_CK_V(1U)
52 
53 #define KEY_CONTEXT_SALT_PRESENT_S      10
54 #define KEY_CONTEXT_SALT_PRESENT_M      0x1
55 #define KEY_CONTEXT_SALT_PRESENT_V(x)   ((x) << KEY_CONTEXT_SALT_PRESENT_S)
56 #define KEY_CONTEXT_SALT_PRESENT_G(x)   \
57 	(((x) >> KEY_CONTEXT_SALT_PRESENT_S) & \
58 	 KEY_CONTEXT_SALT_PRESENT_M)
59 #define KEY_CONTEXT_SALT_PRESENT_F      KEY_CONTEXT_SALT_PRESENT_V(1U)
60 
61 #define KEY_CONTEXT_VALID_S     0
62 #define KEY_CONTEXT_VALID_M     0x1
63 #define KEY_CONTEXT_VALID_V(x)  ((x) << KEY_CONTEXT_VALID_S)
64 #define KEY_CONTEXT_VALID_G(x)  \
65 	(((x) >> KEY_CONTEXT_VALID_S) & \
66 	 KEY_CONTEXT_VALID_M)
67 #define KEY_CONTEXT_VALID_F     KEY_CONTEXT_VALID_V(1U)
68 
69 #define KEY_CONTEXT_CK_SIZE_S           6
70 #define KEY_CONTEXT_CK_SIZE_M           0xf
71 #define KEY_CONTEXT_CK_SIZE_V(x)        ((x) << KEY_CONTEXT_CK_SIZE_S)
72 #define KEY_CONTEXT_CK_SIZE_G(x)        \
73 	(((x) >> KEY_CONTEXT_CK_SIZE_S) & KEY_CONTEXT_CK_SIZE_M)
74 
75 #define KEY_CONTEXT_MK_SIZE_S           2
76 #define KEY_CONTEXT_MK_SIZE_M           0xf
77 #define KEY_CONTEXT_MK_SIZE_V(x)        ((x) << KEY_CONTEXT_MK_SIZE_S)
78 #define KEY_CONTEXT_MK_SIZE_G(x)        \
79 	(((x) >> KEY_CONTEXT_MK_SIZE_S) & KEY_CONTEXT_MK_SIZE_M)
80 
81 #define KEY_CONTEXT_OPAD_PRESENT_S      11
82 #define KEY_CONTEXT_OPAD_PRESENT_M      0x1
83 #define KEY_CONTEXT_OPAD_PRESENT_V(x)   ((x) << KEY_CONTEXT_OPAD_PRESENT_S)
84 #define KEY_CONTEXT_OPAD_PRESENT_G(x)   \
85 	(((x) >> KEY_CONTEXT_OPAD_PRESENT_S) & \
86 	 KEY_CONTEXT_OPAD_PRESENT_M)
87 #define KEY_CONTEXT_OPAD_PRESENT_F      KEY_CONTEXT_OPAD_PRESENT_V(1U)
88 
89 #define CHCR_HASH_MAX_DIGEST_SIZE 64
90 #define CHCR_MAX_SHA_DIGEST_SIZE 64
91 
92 #define IPSEC_TRUNCATED_ICV_SIZE 12
93 #define TLS_TRUNCATED_HMAC_SIZE 10
94 #define CBCMAC_DIGEST_SIZE 16
95 #define MAX_HASH_NAME 20
96 
97 #define SHA1_INIT_STATE_5X4B    5
98 #define SHA256_INIT_STATE_8X4B  8
99 #define SHA512_INIT_STATE_8X8B  8
100 #define SHA1_INIT_STATE         SHA1_INIT_STATE_5X4B
101 #define SHA224_INIT_STATE       SHA256_INIT_STATE_8X4B
102 #define SHA256_INIT_STATE       SHA256_INIT_STATE_8X4B
103 #define SHA384_INIT_STATE       SHA512_INIT_STATE_8X8B
104 #define SHA512_INIT_STATE       SHA512_INIT_STATE_8X8B
105 
106 #define DUMMY_BYTES 16
107 
108 #define IPAD_DATA 0x36363636
109 #define OPAD_DATA 0x5c5c5c5c
110 
111 #define TRANSHDR_SIZE(kctx_len)\
112 	(sizeof(struct chcr_wr) +\
113 	 kctx_len)
114 #define CIPHER_TRANSHDR_SIZE(kctx_len, sge_pairs) \
115 	(TRANSHDR_SIZE((kctx_len)) + (sge_pairs) +\
116 	 sizeof(struct cpl_rx_phys_dsgl) + AES_BLOCK_SIZE)
117 #define HASH_TRANSHDR_SIZE(kctx_len)\
118 	(TRANSHDR_SIZE(kctx_len) + DUMMY_BYTES)
119 
120 
121 #define FILL_SEC_CPL_OP_IVINSR(id, len, ofst)      \
122 	htonl( \
123 	       CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | \
124 	       CPL_TX_SEC_PDU_RXCHID_V((id)) | \
125 	       CPL_TX_SEC_PDU_ACKFOLLOWS_V(0) | \
126 	       CPL_TX_SEC_PDU_ULPTXLPBK_V(1) | \
127 	       CPL_TX_SEC_PDU_CPLLEN_V((len)) | \
128 	       CPL_TX_SEC_PDU_PLACEHOLDER_V(0) | \
129 	       CPL_TX_SEC_PDU_IVINSRTOFST_V((ofst)))
130 
131 #define  FILL_SEC_CPL_CIPHERSTOP_HI(a_start, a_stop, c_start, c_stop_hi) \
132 	htonl( \
133 	       CPL_TX_SEC_PDU_AADSTART_V((a_start)) | \
134 	       CPL_TX_SEC_PDU_AADSTOP_V((a_stop)) | \
135 	       CPL_TX_SEC_PDU_CIPHERSTART_V((c_start)) | \
136 	       CPL_TX_SEC_PDU_CIPHERSTOP_HI_V((c_stop_hi)))
137 
138 #define  FILL_SEC_CPL_AUTHINSERT(c_stop_lo, a_start, a_stop, a_inst) \
139 	htonl( \
140 	       CPL_TX_SEC_PDU_CIPHERSTOP_LO_V((c_stop_lo)) | \
141 		CPL_TX_SEC_PDU_AUTHSTART_V((a_start)) | \
142 		CPL_TX_SEC_PDU_AUTHSTOP_V((a_stop)) | \
143 		CPL_TX_SEC_PDU_AUTHINSERT_V((a_inst)))
144 
145 #define  FILL_SEC_CPL_SCMD0_SEQNO(ctrl, seq, cmode, amode, opad, size)  \
146 		htonl( \
147 		SCMD_SEQ_NO_CTRL_V(0) | \
148 		SCMD_STATUS_PRESENT_V(0) | \
149 		SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_GENERIC) | \
150 		SCMD_ENC_DEC_CTRL_V((ctrl)) | \
151 		SCMD_CIPH_AUTH_SEQ_CTRL_V((seq)) | \
152 		SCMD_CIPH_MODE_V((cmode)) | \
153 		SCMD_AUTH_MODE_V((amode)) | \
154 		SCMD_HMAC_CTRL_V((opad)) | \
155 		SCMD_IV_SIZE_V((size)) | \
156 		SCMD_NUM_IVS_V(0))
157 
158 #define FILL_SEC_CPL_IVGEN_HDRLEN(last, more, ctx_in, mac, ivdrop, len) htonl( \
159 		SCMD_ENB_DBGID_V(0) | \
160 		SCMD_IV_GEN_CTRL_V(0) | \
161 		SCMD_LAST_FRAG_V((last)) | \
162 		SCMD_MORE_FRAGS_V((more)) | \
163 		SCMD_TLS_COMPPDU_V(0) | \
164 		SCMD_KEY_CTX_INLINE_V((ctx_in)) | \
165 		SCMD_TLS_FRAG_ENABLE_V(0) | \
166 		SCMD_MAC_ONLY_V((mac)) |  \
167 		SCMD_AADIVDROP_V((ivdrop)) | \
168 		SCMD_HDR_LEN_V((len)))
169 
170 #define  FILL_KEY_CTX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
171 		htonl(KEY_CONTEXT_VALID_V(1) | \
172 		      KEY_CONTEXT_CK_SIZE_V((ck_size)) | \
173 		      KEY_CONTEXT_MK_SIZE_V(mk_size) | \
174 		      KEY_CONTEXT_DUAL_CK_V((d_ck)) | \
175 		      KEY_CONTEXT_OPAD_PRESENT_V((opad)) | \
176 		      KEY_CONTEXT_SALT_PRESENT_V(1) | \
177 		      KEY_CONTEXT_CTX_LEN_V((ctx_len)))
178 
179 #define  FILL_KEY_CRX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
180 		htonl(TLS_KEYCTX_RXMK_SIZE_V(mk_size) | \
181 		      TLS_KEYCTX_RXCK_SIZE_V(ck_size) | \
182 		      TLS_KEYCTX_RX_VALID_V(1) | \
183 		      TLS_KEYCTX_RX_SEQCTR_V(3) | \
184 		      TLS_KEYCTX_RXAUTH_MODE_V(4) | \
185 		      TLS_KEYCTX_RXCIPH_MODE_V(2) | \
186 		      TLS_KEYCTX_RXFLIT_CNT_V((ctx_len)))
187 
188 #define FILL_WR_OP_CCTX_SIZE \
189 		htonl( \
190 			FW_CRYPTO_LOOKASIDE_WR_OPCODE_V( \
191 			FW_CRYPTO_LOOKASIDE_WR) | \
192 			FW_CRYPTO_LOOKASIDE_WR_COMPL_V(0) | \
193 			FW_CRYPTO_LOOKASIDE_WR_IMM_LEN_V((0)) | \
194 			FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(0) | \
195 			FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V(0))
196 
197 #define FILL_WR_RX_Q_ID(cid, qid, lcb, fid) \
198 		htonl( \
199 			FW_CRYPTO_LOOKASIDE_WR_RX_CHID_V((cid)) | \
200 			FW_CRYPTO_LOOKASIDE_WR_RX_Q_ID_V((qid)) | \
201 			FW_CRYPTO_LOOKASIDE_WR_LCB_V((lcb)) | \
202 			FW_CRYPTO_LOOKASIDE_WR_IV_V((IV_NOP)) | \
203 			FW_CRYPTO_LOOKASIDE_WR_FQIDX_V(fid))
204 
205 #define FILL_ULPTX_CMD_DEST(cid, qid) \
206 	htonl(ULPTX_CMD_V(ULP_TX_PKT) | \
207 	      ULP_TXPKT_DEST_V(0) | \
208 	      ULP_TXPKT_DATAMODIFY_V(0) | \
209 	      ULP_TXPKT_CHANNELID_V((cid)) | \
210 	      ULP_TXPKT_RO_V(1) | \
211 	      ULP_TXPKT_FID_V(qid))
212 
213 #define KEYCTX_ALIGN_PAD(bs) ({unsigned int _bs = (bs);\
214 			      _bs == SHA1_DIGEST_SIZE ? 12 : 0; })
215 
216 #define FILL_PLD_SIZE_HASH_SIZE(payload_sgl_len, sgl_lengths, total_frags) \
217 	htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(payload_sgl_len ? \
218 						sgl_lengths[total_frags] : 0) |\
219 	      FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(0))
220 
221 #define FILL_LEN_PKD(calc_tx_flits_ofld, skb) \
222 	htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP((\
223 					   calc_tx_flits_ofld(skb) * 8), 16)))
224 
225 #define FILL_CMD_MORE(immdatalen) htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) |\
226 					ULP_TX_SC_MORE_V((immdatalen)))
227 #define MAX_NK 8
228 #define MAX_DSGL_ENT			32
229 #define MIN_AUTH_SG			1 /* IV */
230 #define MIN_GCM_SG			1 /* IV */
231 #define MIN_DIGEST_SG			1 /*Partial Buffer*/
232 #define MIN_CCM_SG			1 /*IV+B0*/
233 #define CIP_SPACE_LEFT(len) \
234 	((SGE_MAX_WR_LEN - CIP_WR_MIN_LEN - (len)))
235 #define HASH_SPACE_LEFT(len) \
236 	((SGE_MAX_WR_LEN - HASH_WR_MIN_LEN - (len)))
237 
238 struct algo_param {
239 	unsigned int auth_mode;
240 	unsigned int mk_size;
241 	unsigned int result_size;
242 };
243 
244 struct hash_wr_param {
245 	struct algo_param alg_prm;
246 	unsigned int opad_needed;
247 	unsigned int more;
248 	unsigned int last;
249 	unsigned int kctx_len;
250 	unsigned int sg_len;
251 	unsigned int bfr_len;
252 	unsigned int hash_size;
253 	u64 scmd1;
254 };
255 
256 struct cipher_wr_param {
257 	struct skcipher_request *req;
258 	char *iv;
259 	int bytes;
260 	unsigned short qid;
261 };
262 enum {
263 	AES_KEYLENGTH_128BIT = 128,
264 	AES_KEYLENGTH_192BIT = 192,
265 	AES_KEYLENGTH_256BIT = 256
266 };
267 
268 enum {
269 	KEYLENGTH_3BYTES = 3,
270 	KEYLENGTH_4BYTES = 4,
271 	KEYLENGTH_6BYTES = 6,
272 	KEYLENGTH_8BYTES = 8
273 };
274 
275 enum {
276 	NUMBER_OF_ROUNDS_10 = 10,
277 	NUMBER_OF_ROUNDS_12 = 12,
278 	NUMBER_OF_ROUNDS_14 = 14,
279 };
280 
281 /*
282  * CCM defines values of 4, 6, 8, 10, 12, 14, and 16 octets,
283  * where they indicate the size of the integrity check value (ICV)
284  */
285 enum {
286 	ICV_4  = 4,
287 	ICV_6  = 6,
288 	ICV_8  = 8,
289 	ICV_10 = 10,
290 	ICV_12 = 12,
291 	ICV_13 = 13,
292 	ICV_14 = 14,
293 	ICV_15 = 15,
294 	ICV_16 = 16
295 };
296 
297 struct phys_sge_pairs {
298 	__be16 len[8];
299 	__be64 addr[8];
300 };
301 
302 
303 static const u32 chcr_sha1_init[SHA1_DIGEST_SIZE / 4] = {
304 		SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
305 };
306 
307 static const u32 chcr_sha224_init[SHA256_DIGEST_SIZE / 4] = {
308 		SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
309 		SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
310 };
311 
312 static const u32 chcr_sha256_init[SHA256_DIGEST_SIZE / 4] = {
313 		SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
314 		SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
315 };
316 
317 static const u64 chcr_sha384_init[SHA512_DIGEST_SIZE / 8] = {
318 		SHA384_H0, SHA384_H1, SHA384_H2, SHA384_H3,
319 		SHA384_H4, SHA384_H5, SHA384_H6, SHA384_H7,
320 };
321 
322 static const u64 chcr_sha512_init[SHA512_DIGEST_SIZE / 8] = {
323 		SHA512_H0, SHA512_H1, SHA512_H2, SHA512_H3,
324 		SHA512_H4, SHA512_H5, SHA512_H6, SHA512_H7,
325 };
326 
327 static inline void copy_hash_init_values(char *key, int digestsize)
328 {
329 	u8 i;
330 	__be32 *dkey = (__be32 *)key;
331 	u64 *ldkey = (u64 *)key;
332 	__be64 *sha384 = (__be64 *)chcr_sha384_init;
333 	__be64 *sha512 = (__be64 *)chcr_sha512_init;
334 
335 	switch (digestsize) {
336 	case SHA1_DIGEST_SIZE:
337 		for (i = 0; i < SHA1_INIT_STATE; i++)
338 			dkey[i] = cpu_to_be32(chcr_sha1_init[i]);
339 		break;
340 	case SHA224_DIGEST_SIZE:
341 		for (i = 0; i < SHA224_INIT_STATE; i++)
342 			dkey[i] = cpu_to_be32(chcr_sha224_init[i]);
343 		break;
344 	case SHA256_DIGEST_SIZE:
345 		for (i = 0; i < SHA256_INIT_STATE; i++)
346 			dkey[i] = cpu_to_be32(chcr_sha256_init[i]);
347 		break;
348 	case SHA384_DIGEST_SIZE:
349 		for (i = 0; i < SHA384_INIT_STATE; i++)
350 			ldkey[i] = be64_to_cpu(sha384[i]);
351 		break;
352 	case SHA512_DIGEST_SIZE:
353 		for (i = 0; i < SHA512_INIT_STATE; i++)
354 			ldkey[i] = be64_to_cpu(sha512[i]);
355 		break;
356 	}
357 }
358 
359 /* Number of len fields(8) * size of one addr field */
360 #define PHYSDSGL_MAX_LEN_SIZE 16
361 
362 static inline u16 get_space_for_phys_dsgl(unsigned int sgl_entr)
363 {
364 	/* len field size + addr field size */
365 	return ((sgl_entr >> 3) + ((sgl_entr % 8) ?
366 				   1 : 0)) * PHYSDSGL_MAX_LEN_SIZE +
367 		(sgl_entr << 3) + ((sgl_entr % 2 ? 1 : 0) << 3);
368 }
369 
370 /* The AES s-transform matrix (s-box). */
371 static const u8 aes_sbox[256] = {
372 	99,  124, 119, 123, 242, 107, 111, 197, 48,  1,   103, 43,  254, 215,
373 	171, 118, 202, 130, 201, 125, 250, 89,  71,  240, 173, 212, 162, 175,
374 	156, 164, 114, 192, 183, 253, 147, 38,  54,  63,  247, 204, 52,  165,
375 	229, 241, 113, 216, 49,  21, 4,   199, 35,  195, 24,  150, 5, 154, 7,
376 	18,  128, 226, 235, 39,  178, 117, 9,   131, 44,  26,  27,  110, 90,
377 	160, 82,  59,  214, 179, 41,  227, 47,  132, 83,  209, 0,   237, 32,
378 	252, 177, 91,  106, 203, 190, 57,  74,  76,  88,  207, 208, 239, 170,
379 	251, 67,  77,  51,  133, 69,  249, 2,   127, 80,  60,  159, 168, 81,
380 	163, 64,  143, 146, 157, 56,  245, 188, 182, 218, 33,  16,  255, 243,
381 	210, 205, 12,  19,  236, 95,  151, 68,  23,  196, 167, 126, 61,  100,
382 	93,  25,  115, 96,  129, 79,  220, 34,  42,  144, 136, 70,  238, 184,
383 	20,  222, 94,  11,  219, 224, 50,  58,  10,  73,  6,   36,  92,  194,
384 	211, 172, 98,  145, 149, 228, 121, 231, 200, 55,  109, 141, 213, 78,
385 	169, 108, 86,  244, 234, 101, 122, 174, 8, 186, 120, 37,  46,  28, 166,
386 	180, 198, 232, 221, 116, 31,  75,  189, 139, 138, 112, 62,  181, 102,
387 	72,  3,   246, 14,  97,  53,  87,  185, 134, 193, 29,  158, 225, 248,
388 	152, 17,  105, 217, 142, 148, 155, 30,  135, 233, 206, 85,  40,  223,
389 	140, 161, 137, 13,  191, 230, 66,  104, 65,  153, 45,  15,  176, 84,
390 	187, 22
391 };
392 
393 static inline u32 aes_ks_subword(const u32 w)
394 {
395 	u8 bytes[4];
396 
397 	*(u32 *)(&bytes[0]) = w;
398 	bytes[0] = aes_sbox[bytes[0]];
399 	bytes[1] = aes_sbox[bytes[1]];
400 	bytes[2] = aes_sbox[bytes[2]];
401 	bytes[3] = aes_sbox[bytes[3]];
402 	return *(u32 *)(&bytes[0]);
403 }
404 
405 #endif /* __CHCR_ALGO_H__ */
406