Loading...
1/*
2 * This file is part of the Chelsio T6 Crypto driver for Linux.
3 *
4 * Copyright (c) 2003-2016 Chelsio Communications, Inc. All rights reserved.
5 *
6 * This software is available to you under a choice of one of two
7 * licenses. You may choose to be licensed under the terms of the GNU
8 * General Public License (GPL) Version 2, available from the file
9 * COPYING in the main directory of this source tree, or the
10 * OpenIB.org BSD license below:
11 *
12 * Redistribution and use in source and binary forms, with or
13 * without modification, are permitted provided that the following
14 * conditions are met:
15 *
16 * - Redistributions of source code must retain the above
17 * copyright notice, this list of conditions and the following
18 * disclaimer.
19 *
20 * - Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions and the following
22 * disclaimer in the documentation and/or other materials
23 * provided with the distribution.
24 *
25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * SOFTWARE.
33 *
34 */
35
36#ifndef __CHCR_ALGO_H__
37#define __CHCR_ALGO_H__
38
39/* Crypto key context */
40#define KEY_CONTEXT_CTX_LEN_S 24
41#define KEY_CONTEXT_CTX_LEN_M 0xff
42#define KEY_CONTEXT_CTX_LEN_V(x) ((x) << KEY_CONTEXT_CTX_LEN_S)
43#define KEY_CONTEXT_CTX_LEN_G(x) \
44 (((x) >> KEY_CONTEXT_CTX_LEN_S) & KEY_CONTEXT_CTX_LEN_M)
45
46#define KEY_CONTEXT_DUAL_CK_S 12
47#define KEY_CONTEXT_DUAL_CK_M 0x1
48#define KEY_CONTEXT_DUAL_CK_V(x) ((x) << KEY_CONTEXT_DUAL_CK_S)
49#define KEY_CONTEXT_DUAL_CK_G(x) \
50(((x) >> KEY_CONTEXT_DUAL_CK_S) & KEY_CONTEXT_DUAL_CK_M)
51#define KEY_CONTEXT_DUAL_CK_F KEY_CONTEXT_DUAL_CK_V(1U)
52
53#define KEY_CONTEXT_SALT_PRESENT_S 10
54#define KEY_CONTEXT_SALT_PRESENT_M 0x1
55#define KEY_CONTEXT_SALT_PRESENT_V(x) ((x) << KEY_CONTEXT_SALT_PRESENT_S)
56#define KEY_CONTEXT_SALT_PRESENT_G(x) \
57 (((x) >> KEY_CONTEXT_SALT_PRESENT_S) & \
58 KEY_CONTEXT_SALT_PRESENT_M)
59#define KEY_CONTEXT_SALT_PRESENT_F KEY_CONTEXT_SALT_PRESENT_V(1U)
60
61#define KEY_CONTEXT_VALID_S 0
62#define KEY_CONTEXT_VALID_M 0x1
63#define KEY_CONTEXT_VALID_V(x) ((x) << KEY_CONTEXT_VALID_S)
64#define KEY_CONTEXT_VALID_G(x) \
65 (((x) >> KEY_CONTEXT_VALID_S) & \
66 KEY_CONTEXT_VALID_M)
67#define KEY_CONTEXT_VALID_F KEY_CONTEXT_VALID_V(1U)
68
69#define KEY_CONTEXT_CK_SIZE_S 6
70#define KEY_CONTEXT_CK_SIZE_M 0xf
71#define KEY_CONTEXT_CK_SIZE_V(x) ((x) << KEY_CONTEXT_CK_SIZE_S)
72#define KEY_CONTEXT_CK_SIZE_G(x) \
73 (((x) >> KEY_CONTEXT_CK_SIZE_S) & KEY_CONTEXT_CK_SIZE_M)
74
75#define KEY_CONTEXT_MK_SIZE_S 2
76#define KEY_CONTEXT_MK_SIZE_M 0xf
77#define KEY_CONTEXT_MK_SIZE_V(x) ((x) << KEY_CONTEXT_MK_SIZE_S)
78#define KEY_CONTEXT_MK_SIZE_G(x) \
79 (((x) >> KEY_CONTEXT_MK_SIZE_S) & KEY_CONTEXT_MK_SIZE_M)
80
81#define KEY_CONTEXT_OPAD_PRESENT_S 11
82#define KEY_CONTEXT_OPAD_PRESENT_M 0x1
83#define KEY_CONTEXT_OPAD_PRESENT_V(x) ((x) << KEY_CONTEXT_OPAD_PRESENT_S)
84#define KEY_CONTEXT_OPAD_PRESENT_G(x) \
85 (((x) >> KEY_CONTEXT_OPAD_PRESENT_S) & \
86 KEY_CONTEXT_OPAD_PRESENT_M)
87#define KEY_CONTEXT_OPAD_PRESENT_F KEY_CONTEXT_OPAD_PRESENT_V(1U)
88
89#define TLS_KEYCTX_RXFLIT_CNT_S 24
90#define TLS_KEYCTX_RXFLIT_CNT_V(x) ((x) << TLS_KEYCTX_RXFLIT_CNT_S)
91
92#define TLS_KEYCTX_RXPROT_VER_S 20
93#define TLS_KEYCTX_RXPROT_VER_M 0xf
94#define TLS_KEYCTX_RXPROT_VER_V(x) ((x) << TLS_KEYCTX_RXPROT_VER_S)
95
96#define TLS_KEYCTX_RXCIPH_MODE_S 16
97#define TLS_KEYCTX_RXCIPH_MODE_M 0xf
98#define TLS_KEYCTX_RXCIPH_MODE_V(x) ((x) << TLS_KEYCTX_RXCIPH_MODE_S)
99
100#define TLS_KEYCTX_RXAUTH_MODE_S 12
101#define TLS_KEYCTX_RXAUTH_MODE_M 0xf
102#define TLS_KEYCTX_RXAUTH_MODE_V(x) ((x) << TLS_KEYCTX_RXAUTH_MODE_S)
103
104#define TLS_KEYCTX_RXCIAU_CTRL_S 11
105#define TLS_KEYCTX_RXCIAU_CTRL_V(x) ((x) << TLS_KEYCTX_RXCIAU_CTRL_S)
106
107#define TLS_KEYCTX_RX_SEQCTR_S 9
108#define TLS_KEYCTX_RX_SEQCTR_M 0x3
109#define TLS_KEYCTX_RX_SEQCTR_V(x) ((x) << TLS_KEYCTX_RX_SEQCTR_S)
110
111#define TLS_KEYCTX_RX_VALID_S 8
112#define TLS_KEYCTX_RX_VALID_V(x) ((x) << TLS_KEYCTX_RX_VALID_S)
113
114#define TLS_KEYCTX_RXCK_SIZE_S 3
115#define TLS_KEYCTX_RXCK_SIZE_M 0x7
116#define TLS_KEYCTX_RXCK_SIZE_V(x) ((x) << TLS_KEYCTX_RXCK_SIZE_S)
117
118#define TLS_KEYCTX_RXMK_SIZE_S 0
119#define TLS_KEYCTX_RXMK_SIZE_M 0x7
120#define TLS_KEYCTX_RXMK_SIZE_V(x) ((x) << TLS_KEYCTX_RXMK_SIZE_S)
121
122#define CHCR_HASH_MAX_DIGEST_SIZE 64
123#define CHCR_MAX_SHA_DIGEST_SIZE 64
124
125#define IPSEC_TRUNCATED_ICV_SIZE 12
126#define TLS_TRUNCATED_HMAC_SIZE 10
127#define CBCMAC_DIGEST_SIZE 16
128#define MAX_HASH_NAME 20
129
130#define SHA1_INIT_STATE_5X4B 5
131#define SHA256_INIT_STATE_8X4B 8
132#define SHA512_INIT_STATE_8X8B 8
133#define SHA1_INIT_STATE SHA1_INIT_STATE_5X4B
134#define SHA224_INIT_STATE SHA256_INIT_STATE_8X4B
135#define SHA256_INIT_STATE SHA256_INIT_STATE_8X4B
136#define SHA384_INIT_STATE SHA512_INIT_STATE_8X8B
137#define SHA512_INIT_STATE SHA512_INIT_STATE_8X8B
138
139#define DUMMY_BYTES 16
140
141#define IPAD_DATA 0x36363636
142#define OPAD_DATA 0x5c5c5c5c
143
144#define TRANSHDR_SIZE(kctx_len)\
145 (sizeof(struct chcr_wr) +\
146 kctx_len)
147#define CIPHER_TRANSHDR_SIZE(kctx_len, sge_pairs) \
148 (TRANSHDR_SIZE((kctx_len)) + (sge_pairs) +\
149 sizeof(struct cpl_rx_phys_dsgl) + AES_BLOCK_SIZE)
150#define HASH_TRANSHDR_SIZE(kctx_len)\
151 (TRANSHDR_SIZE(kctx_len) + DUMMY_BYTES)
152
153
154#define FILL_SEC_CPL_OP_IVINSR(id, len, ofst) \
155 htonl( \
156 CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | \
157 CPL_TX_SEC_PDU_RXCHID_V((id)) | \
158 CPL_TX_SEC_PDU_ACKFOLLOWS_V(0) | \
159 CPL_TX_SEC_PDU_ULPTXLPBK_V(1) | \
160 CPL_TX_SEC_PDU_CPLLEN_V((len)) | \
161 CPL_TX_SEC_PDU_PLACEHOLDER_V(0) | \
162 CPL_TX_SEC_PDU_IVINSRTOFST_V((ofst)))
163
164#define FILL_SEC_CPL_CIPHERSTOP_HI(a_start, a_stop, c_start, c_stop_hi) \
165 htonl( \
166 CPL_TX_SEC_PDU_AADSTART_V((a_start)) | \
167 CPL_TX_SEC_PDU_AADSTOP_V((a_stop)) | \
168 CPL_TX_SEC_PDU_CIPHERSTART_V((c_start)) | \
169 CPL_TX_SEC_PDU_CIPHERSTOP_HI_V((c_stop_hi)))
170
171#define FILL_SEC_CPL_AUTHINSERT(c_stop_lo, a_start, a_stop, a_inst) \
172 htonl( \
173 CPL_TX_SEC_PDU_CIPHERSTOP_LO_V((c_stop_lo)) | \
174 CPL_TX_SEC_PDU_AUTHSTART_V((a_start)) | \
175 CPL_TX_SEC_PDU_AUTHSTOP_V((a_stop)) | \
176 CPL_TX_SEC_PDU_AUTHINSERT_V((a_inst)))
177
178#define FILL_SEC_CPL_SCMD0_SEQNO(ctrl, seq, cmode, amode, opad, size) \
179 htonl( \
180 SCMD_SEQ_NO_CTRL_V(0) | \
181 SCMD_STATUS_PRESENT_V(0) | \
182 SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_GENERIC) | \
183 SCMD_ENC_DEC_CTRL_V((ctrl)) | \
184 SCMD_CIPH_AUTH_SEQ_CTRL_V((seq)) | \
185 SCMD_CIPH_MODE_V((cmode)) | \
186 SCMD_AUTH_MODE_V((amode)) | \
187 SCMD_HMAC_CTRL_V((opad)) | \
188 SCMD_IV_SIZE_V((size)) | \
189 SCMD_NUM_IVS_V(0))
190
191#define FILL_SEC_CPL_IVGEN_HDRLEN(last, more, ctx_in, mac, ivdrop, len) htonl( \
192 SCMD_ENB_DBGID_V(0) | \
193 SCMD_IV_GEN_CTRL_V(0) | \
194 SCMD_LAST_FRAG_V((last)) | \
195 SCMD_MORE_FRAGS_V((more)) | \
196 SCMD_TLS_COMPPDU_V(0) | \
197 SCMD_KEY_CTX_INLINE_V((ctx_in)) | \
198 SCMD_TLS_FRAG_ENABLE_V(0) | \
199 SCMD_MAC_ONLY_V((mac)) | \
200 SCMD_AADIVDROP_V((ivdrop)) | \
201 SCMD_HDR_LEN_V((len)))
202
203#define FILL_KEY_CTX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
204 htonl(KEY_CONTEXT_VALID_V(1) | \
205 KEY_CONTEXT_CK_SIZE_V((ck_size)) | \
206 KEY_CONTEXT_MK_SIZE_V(mk_size) | \
207 KEY_CONTEXT_DUAL_CK_V((d_ck)) | \
208 KEY_CONTEXT_OPAD_PRESENT_V((opad)) | \
209 KEY_CONTEXT_SALT_PRESENT_V(1) | \
210 KEY_CONTEXT_CTX_LEN_V((ctx_len)))
211
212#define FILL_KEY_CRX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
213 htonl(TLS_KEYCTX_RXMK_SIZE_V(mk_size) | \
214 TLS_KEYCTX_RXCK_SIZE_V(ck_size) | \
215 TLS_KEYCTX_RX_VALID_V(1) | \
216 TLS_KEYCTX_RX_SEQCTR_V(3) | \
217 TLS_KEYCTX_RXAUTH_MODE_V(4) | \
218 TLS_KEYCTX_RXCIPH_MODE_V(2) | \
219 TLS_KEYCTX_RXFLIT_CNT_V((ctx_len)))
220
221#define FILL_WR_OP_CCTX_SIZE \
222 htonl( \
223 FW_CRYPTO_LOOKASIDE_WR_OPCODE_V( \
224 FW_CRYPTO_LOOKASIDE_WR) | \
225 FW_CRYPTO_LOOKASIDE_WR_COMPL_V(0) | \
226 FW_CRYPTO_LOOKASIDE_WR_IMM_LEN_V((0)) | \
227 FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(0) | \
228 FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V(0))
229
230#define FILL_WR_RX_Q_ID(cid, qid, lcb, fid) \
231 htonl( \
232 FW_CRYPTO_LOOKASIDE_WR_RX_CHID_V((cid)) | \
233 FW_CRYPTO_LOOKASIDE_WR_RX_Q_ID_V((qid)) | \
234 FW_CRYPTO_LOOKASIDE_WR_LCB_V((lcb)) | \
235 FW_CRYPTO_LOOKASIDE_WR_IV_V((IV_NOP)) | \
236 FW_CRYPTO_LOOKASIDE_WR_FQIDX_V(fid))
237
238#define FILL_ULPTX_CMD_DEST(cid, qid) \
239 htonl(ULPTX_CMD_V(ULP_TX_PKT) | \
240 ULP_TXPKT_DEST_V(0) | \
241 ULP_TXPKT_DATAMODIFY_V(0) | \
242 ULP_TXPKT_CHANNELID_V((cid)) | \
243 ULP_TXPKT_RO_V(1) | \
244 ULP_TXPKT_FID_V(qid))
245
246#define KEYCTX_ALIGN_PAD(bs) ({unsigned int _bs = (bs);\
247 _bs == SHA1_DIGEST_SIZE ? 12 : 0; })
248
249#define FILL_PLD_SIZE_HASH_SIZE(payload_sgl_len, sgl_lengths, total_frags) \
250 htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(payload_sgl_len ? \
251 sgl_lengths[total_frags] : 0) |\
252 FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(0))
253
254#define FILL_LEN_PKD(calc_tx_flits_ofld, skb) \
255 htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP((\
256 calc_tx_flits_ofld(skb) * 8), 16)))
257
258#define FILL_CMD_MORE(immdatalen) htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) |\
259 ULP_TX_SC_MORE_V((immdatalen)))
260#define MAX_NK 8
261#define MAX_DSGL_ENT 32
262#define MIN_AUTH_SG 1 /* IV */
263#define MIN_GCM_SG 1 /* IV */
264#define MIN_DIGEST_SG 1 /*Partial Buffer*/
265#define MIN_CCM_SG 1 /*IV+B0*/
266#define CIP_SPACE_LEFT(len) \
267 ((SGE_MAX_WR_LEN - CIP_WR_MIN_LEN - (len)))
268#define HASH_SPACE_LEFT(len) \
269 ((SGE_MAX_WR_LEN - HASH_WR_MIN_LEN - (len)))
270
271struct algo_param {
272 unsigned int auth_mode;
273 unsigned int mk_size;
274 unsigned int result_size;
275};
276
277struct hash_wr_param {
278 struct algo_param alg_prm;
279 unsigned int opad_needed;
280 unsigned int more;
281 unsigned int last;
282 unsigned int kctx_len;
283 unsigned int sg_len;
284 unsigned int bfr_len;
285 unsigned int hash_size;
286 u64 scmd1;
287};
288
289struct cipher_wr_param {
290 struct skcipher_request *req;
291 char *iv;
292 int bytes;
293 unsigned short qid;
294};
295enum {
296 AES_KEYLENGTH_128BIT = 128,
297 AES_KEYLENGTH_192BIT = 192,
298 AES_KEYLENGTH_256BIT = 256
299};
300
301enum {
302 KEYLENGTH_3BYTES = 3,
303 KEYLENGTH_4BYTES = 4,
304 KEYLENGTH_6BYTES = 6,
305 KEYLENGTH_8BYTES = 8
306};
307
308enum {
309 NUMBER_OF_ROUNDS_10 = 10,
310 NUMBER_OF_ROUNDS_12 = 12,
311 NUMBER_OF_ROUNDS_14 = 14,
312};
313
314/*
315 * CCM defines values of 4, 6, 8, 10, 12, 14, and 16 octets,
316 * where they indicate the size of the integrity check value (ICV)
317 */
318enum {
319 ICV_4 = 4,
320 ICV_6 = 6,
321 ICV_8 = 8,
322 ICV_10 = 10,
323 ICV_12 = 12,
324 ICV_13 = 13,
325 ICV_14 = 14,
326 ICV_15 = 15,
327 ICV_16 = 16
328};
329
330struct phys_sge_pairs {
331 __be16 len[8];
332 __be64 addr[8];
333};
334
335
336static const u32 chcr_sha1_init[SHA1_DIGEST_SIZE / 4] = {
337 SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
338};
339
340static const u32 chcr_sha224_init[SHA256_DIGEST_SIZE / 4] = {
341 SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
342 SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
343};
344
345static const u32 chcr_sha256_init[SHA256_DIGEST_SIZE / 4] = {
346 SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
347 SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
348};
349
350static const u64 chcr_sha384_init[SHA512_DIGEST_SIZE / 8] = {
351 SHA384_H0, SHA384_H1, SHA384_H2, SHA384_H3,
352 SHA384_H4, SHA384_H5, SHA384_H6, SHA384_H7,
353};
354
355static const u64 chcr_sha512_init[SHA512_DIGEST_SIZE / 8] = {
356 SHA512_H0, SHA512_H1, SHA512_H2, SHA512_H3,
357 SHA512_H4, SHA512_H5, SHA512_H6, SHA512_H7,
358};
359
360static inline void copy_hash_init_values(char *key, int digestsize)
361{
362 u8 i;
363 __be32 *dkey = (__be32 *)key;
364 u64 *ldkey = (u64 *)key;
365 __be64 *sha384 = (__be64 *)chcr_sha384_init;
366 __be64 *sha512 = (__be64 *)chcr_sha512_init;
367
368 switch (digestsize) {
369 case SHA1_DIGEST_SIZE:
370 for (i = 0; i < SHA1_INIT_STATE; i++)
371 dkey[i] = cpu_to_be32(chcr_sha1_init[i]);
372 break;
373 case SHA224_DIGEST_SIZE:
374 for (i = 0; i < SHA224_INIT_STATE; i++)
375 dkey[i] = cpu_to_be32(chcr_sha224_init[i]);
376 break;
377 case SHA256_DIGEST_SIZE:
378 for (i = 0; i < SHA256_INIT_STATE; i++)
379 dkey[i] = cpu_to_be32(chcr_sha256_init[i]);
380 break;
381 case SHA384_DIGEST_SIZE:
382 for (i = 0; i < SHA384_INIT_STATE; i++)
383 ldkey[i] = be64_to_cpu(sha384[i]);
384 break;
385 case SHA512_DIGEST_SIZE:
386 for (i = 0; i < SHA512_INIT_STATE; i++)
387 ldkey[i] = be64_to_cpu(sha512[i]);
388 break;
389 }
390}
391
392/* Number of len fields(8) * size of one addr field */
393#define PHYSDSGL_MAX_LEN_SIZE 16
394
395static inline u16 get_space_for_phys_dsgl(unsigned int sgl_entr)
396{
397 /* len field size + addr field size */
398 return ((sgl_entr >> 3) + ((sgl_entr % 8) ?
399 1 : 0)) * PHYSDSGL_MAX_LEN_SIZE +
400 (sgl_entr << 3) + ((sgl_entr % 2 ? 1 : 0) << 3);
401}
402
403/* The AES s-transform matrix (s-box). */
404static const u8 aes_sbox[256] = {
405 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215,
406 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175,
407 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165,
408 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7,
409 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90,
410 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32,
411 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170,
412 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81,
413 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243,
414 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100,
415 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184,
416 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194,
417 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78,
418 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166,
419 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102,
420 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248,
421 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
422 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84,
423 187, 22
424};
425
426static inline u32 aes_ks_subword(const u32 w)
427{
428 u8 bytes[4];
429
430 *(u32 *)(&bytes[0]) = w;
431 bytes[0] = aes_sbox[bytes[0]];
432 bytes[1] = aes_sbox[bytes[1]];
433 bytes[2] = aes_sbox[bytes[2]];
434 bytes[3] = aes_sbox[bytes[3]];
435 return *(u32 *)(&bytes[0]);
436}
437
438#endif /* __CHCR_ALGO_H__ */
1/*
2 * This file is part of the Chelsio T6 Crypto driver for Linux.
3 *
4 * Copyright (c) 2003-2016 Chelsio Communications, Inc. All rights reserved.
5 *
6 * This software is available to you under a choice of one of two
7 * licenses. You may choose to be licensed under the terms of the GNU
8 * General Public License (GPL) Version 2, available from the file
9 * COPYING in the main directory of this source tree, or the
10 * OpenIB.org BSD license below:
11 *
12 * Redistribution and use in source and binary forms, with or
13 * without modification, are permitted provided that the following
14 * conditions are met:
15 *
16 * - Redistributions of source code must retain the above
17 * copyright notice, this list of conditions and the following
18 * disclaimer.
19 *
20 * - Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions and the following
22 * disclaimer in the documentation and/or other materials
23 * provided with the distribution.
24 *
25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * SOFTWARE.
33 *
34 */
35
36#ifndef __CHCR_ALGO_H__
37#define __CHCR_ALGO_H__
38
39/* Crypto key context */
40#define KEY_CONTEXT_CTX_LEN_S 24
41#define KEY_CONTEXT_CTX_LEN_M 0xff
42#define KEY_CONTEXT_CTX_LEN_V(x) ((x) << KEY_CONTEXT_CTX_LEN_S)
43#define KEY_CONTEXT_CTX_LEN_G(x) \
44 (((x) >> KEY_CONTEXT_CTX_LEN_S) & KEY_CONTEXT_CTX_LEN_M)
45
46#define KEY_CONTEXT_DUAL_CK_S 12
47#define KEY_CONTEXT_DUAL_CK_M 0x1
48#define KEY_CONTEXT_DUAL_CK_V(x) ((x) << KEY_CONTEXT_DUAL_CK_S)
49#define KEY_CONTEXT_DUAL_CK_G(x) \
50(((x) >> KEY_CONTEXT_DUAL_CK_S) & KEY_CONTEXT_DUAL_CK_M)
51#define KEY_CONTEXT_DUAL_CK_F KEY_CONTEXT_DUAL_CK_V(1U)
52
53#define KEY_CONTEXT_SALT_PRESENT_S 10
54#define KEY_CONTEXT_SALT_PRESENT_M 0x1
55#define KEY_CONTEXT_SALT_PRESENT_V(x) ((x) << KEY_CONTEXT_SALT_PRESENT_S)
56#define KEY_CONTEXT_SALT_PRESENT_G(x) \
57 (((x) >> KEY_CONTEXT_SALT_PRESENT_S) & \
58 KEY_CONTEXT_SALT_PRESENT_M)
59#define KEY_CONTEXT_SALT_PRESENT_F KEY_CONTEXT_SALT_PRESENT_V(1U)
60
61#define KEY_CONTEXT_VALID_S 0
62#define KEY_CONTEXT_VALID_M 0x1
63#define KEY_CONTEXT_VALID_V(x) ((x) << KEY_CONTEXT_VALID_S)
64#define KEY_CONTEXT_VALID_G(x) \
65 (((x) >> KEY_CONTEXT_VALID_S) & \
66 KEY_CONTEXT_VALID_M)
67#define KEY_CONTEXT_VALID_F KEY_CONTEXT_VALID_V(1U)
68
69#define KEY_CONTEXT_CK_SIZE_S 6
70#define KEY_CONTEXT_CK_SIZE_M 0xf
71#define KEY_CONTEXT_CK_SIZE_V(x) ((x) << KEY_CONTEXT_CK_SIZE_S)
72#define KEY_CONTEXT_CK_SIZE_G(x) \
73 (((x) >> KEY_CONTEXT_CK_SIZE_S) & KEY_CONTEXT_CK_SIZE_M)
74
75#define KEY_CONTEXT_MK_SIZE_S 2
76#define KEY_CONTEXT_MK_SIZE_M 0xf
77#define KEY_CONTEXT_MK_SIZE_V(x) ((x) << KEY_CONTEXT_MK_SIZE_S)
78#define KEY_CONTEXT_MK_SIZE_G(x) \
79 (((x) >> KEY_CONTEXT_MK_SIZE_S) & KEY_CONTEXT_MK_SIZE_M)
80
81#define KEY_CONTEXT_OPAD_PRESENT_S 11
82#define KEY_CONTEXT_OPAD_PRESENT_M 0x1
83#define KEY_CONTEXT_OPAD_PRESENT_V(x) ((x) << KEY_CONTEXT_OPAD_PRESENT_S)
84#define KEY_CONTEXT_OPAD_PRESENT_G(x) \
85 (((x) >> KEY_CONTEXT_OPAD_PRESENT_S) & \
86 KEY_CONTEXT_OPAD_PRESENT_M)
87#define KEY_CONTEXT_OPAD_PRESENT_F KEY_CONTEXT_OPAD_PRESENT_V(1U)
88
89#define CHCR_HASH_MAX_DIGEST_SIZE 64
90#define CHCR_MAX_SHA_DIGEST_SIZE 64
91
92#define IPSEC_TRUNCATED_ICV_SIZE 12
93#define TLS_TRUNCATED_HMAC_SIZE 10
94#define CBCMAC_DIGEST_SIZE 16
95#define MAX_HASH_NAME 20
96
97#define SHA1_INIT_STATE_5X4B 5
98#define SHA256_INIT_STATE_8X4B 8
99#define SHA512_INIT_STATE_8X8B 8
100#define SHA1_INIT_STATE SHA1_INIT_STATE_5X4B
101#define SHA224_INIT_STATE SHA256_INIT_STATE_8X4B
102#define SHA256_INIT_STATE SHA256_INIT_STATE_8X4B
103#define SHA384_INIT_STATE SHA512_INIT_STATE_8X8B
104#define SHA512_INIT_STATE SHA512_INIT_STATE_8X8B
105
106#define DUMMY_BYTES 16
107
108#define IPAD_DATA 0x36363636
109#define OPAD_DATA 0x5c5c5c5c
110
111#define TRANSHDR_SIZE(kctx_len)\
112 (sizeof(struct chcr_wr) +\
113 kctx_len)
114#define CIPHER_TRANSHDR_SIZE(kctx_len, sge_pairs) \
115 (TRANSHDR_SIZE((kctx_len)) + (sge_pairs) +\
116 sizeof(struct cpl_rx_phys_dsgl) + AES_BLOCK_SIZE)
117#define HASH_TRANSHDR_SIZE(kctx_len)\
118 (TRANSHDR_SIZE(kctx_len) + DUMMY_BYTES)
119
120
121#define FILL_SEC_CPL_OP_IVINSR(id, len, ofst) \
122 htonl( \
123 CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | \
124 CPL_TX_SEC_PDU_RXCHID_V((id)) | \
125 CPL_TX_SEC_PDU_ACKFOLLOWS_V(0) | \
126 CPL_TX_SEC_PDU_ULPTXLPBK_V(1) | \
127 CPL_TX_SEC_PDU_CPLLEN_V((len)) | \
128 CPL_TX_SEC_PDU_PLACEHOLDER_V(0) | \
129 CPL_TX_SEC_PDU_IVINSRTOFST_V((ofst)))
130
131#define FILL_SEC_CPL_CIPHERSTOP_HI(a_start, a_stop, c_start, c_stop_hi) \
132 htonl( \
133 CPL_TX_SEC_PDU_AADSTART_V((a_start)) | \
134 CPL_TX_SEC_PDU_AADSTOP_V((a_stop)) | \
135 CPL_TX_SEC_PDU_CIPHERSTART_V((c_start)) | \
136 CPL_TX_SEC_PDU_CIPHERSTOP_HI_V((c_stop_hi)))
137
138#define FILL_SEC_CPL_AUTHINSERT(c_stop_lo, a_start, a_stop, a_inst) \
139 htonl( \
140 CPL_TX_SEC_PDU_CIPHERSTOP_LO_V((c_stop_lo)) | \
141 CPL_TX_SEC_PDU_AUTHSTART_V((a_start)) | \
142 CPL_TX_SEC_PDU_AUTHSTOP_V((a_stop)) | \
143 CPL_TX_SEC_PDU_AUTHINSERT_V((a_inst)))
144
145#define FILL_SEC_CPL_SCMD0_SEQNO(ctrl, seq, cmode, amode, opad, size) \
146 htonl( \
147 SCMD_SEQ_NO_CTRL_V(0) | \
148 SCMD_STATUS_PRESENT_V(0) | \
149 SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_GENERIC) | \
150 SCMD_ENC_DEC_CTRL_V((ctrl)) | \
151 SCMD_CIPH_AUTH_SEQ_CTRL_V((seq)) | \
152 SCMD_CIPH_MODE_V((cmode)) | \
153 SCMD_AUTH_MODE_V((amode)) | \
154 SCMD_HMAC_CTRL_V((opad)) | \
155 SCMD_IV_SIZE_V((size)) | \
156 SCMD_NUM_IVS_V(0))
157
158#define FILL_SEC_CPL_IVGEN_HDRLEN(last, more, ctx_in, mac, ivdrop, len) htonl( \
159 SCMD_ENB_DBGID_V(0) | \
160 SCMD_IV_GEN_CTRL_V(0) | \
161 SCMD_LAST_FRAG_V((last)) | \
162 SCMD_MORE_FRAGS_V((more)) | \
163 SCMD_TLS_COMPPDU_V(0) | \
164 SCMD_KEY_CTX_INLINE_V((ctx_in)) | \
165 SCMD_TLS_FRAG_ENABLE_V(0) | \
166 SCMD_MAC_ONLY_V((mac)) | \
167 SCMD_AADIVDROP_V((ivdrop)) | \
168 SCMD_HDR_LEN_V((len)))
169
170#define FILL_KEY_CTX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
171 htonl(KEY_CONTEXT_VALID_V(1) | \
172 KEY_CONTEXT_CK_SIZE_V((ck_size)) | \
173 KEY_CONTEXT_MK_SIZE_V(mk_size) | \
174 KEY_CONTEXT_DUAL_CK_V((d_ck)) | \
175 KEY_CONTEXT_OPAD_PRESENT_V((opad)) | \
176 KEY_CONTEXT_SALT_PRESENT_V(1) | \
177 KEY_CONTEXT_CTX_LEN_V((ctx_len)))
178
179#define FILL_KEY_CRX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
180 htonl(TLS_KEYCTX_RXMK_SIZE_V(mk_size) | \
181 TLS_KEYCTX_RXCK_SIZE_V(ck_size) | \
182 TLS_KEYCTX_RX_VALID_V(1) | \
183 TLS_KEYCTX_RX_SEQCTR_V(3) | \
184 TLS_KEYCTX_RXAUTH_MODE_V(4) | \
185 TLS_KEYCTX_RXCIPH_MODE_V(2) | \
186 TLS_KEYCTX_RXFLIT_CNT_V((ctx_len)))
187
188#define FILL_WR_OP_CCTX_SIZE \
189 htonl( \
190 FW_CRYPTO_LOOKASIDE_WR_OPCODE_V( \
191 FW_CRYPTO_LOOKASIDE_WR) | \
192 FW_CRYPTO_LOOKASIDE_WR_COMPL_V(0) | \
193 FW_CRYPTO_LOOKASIDE_WR_IMM_LEN_V((0)) | \
194 FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(0) | \
195 FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V(0))
196
197#define FILL_WR_RX_Q_ID(cid, qid, lcb, fid) \
198 htonl( \
199 FW_CRYPTO_LOOKASIDE_WR_RX_CHID_V((cid)) | \
200 FW_CRYPTO_LOOKASIDE_WR_RX_Q_ID_V((qid)) | \
201 FW_CRYPTO_LOOKASIDE_WR_LCB_V((lcb)) | \
202 FW_CRYPTO_LOOKASIDE_WR_IV_V((IV_NOP)) | \
203 FW_CRYPTO_LOOKASIDE_WR_FQIDX_V(fid))
204
205#define FILL_ULPTX_CMD_DEST(cid, qid) \
206 htonl(ULPTX_CMD_V(ULP_TX_PKT) | \
207 ULP_TXPKT_DEST_V(0) | \
208 ULP_TXPKT_DATAMODIFY_V(0) | \
209 ULP_TXPKT_CHANNELID_V((cid)) | \
210 ULP_TXPKT_RO_V(1) | \
211 ULP_TXPKT_FID_V(qid))
212
213#define KEYCTX_ALIGN_PAD(bs) ({unsigned int _bs = (bs);\
214 _bs == SHA1_DIGEST_SIZE ? 12 : 0; })
215
216#define FILL_PLD_SIZE_HASH_SIZE(payload_sgl_len, sgl_lengths, total_frags) \
217 htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(payload_sgl_len ? \
218 sgl_lengths[total_frags] : 0) |\
219 FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(0))
220
221#define FILL_LEN_PKD(calc_tx_flits_ofld, skb) \
222 htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP((\
223 calc_tx_flits_ofld(skb) * 8), 16)))
224
225#define FILL_CMD_MORE(immdatalen) htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) |\
226 ULP_TX_SC_MORE_V((immdatalen)))
227#define MAX_NK 8
228#define MAX_DSGL_ENT 32
229#define MIN_AUTH_SG 1 /* IV */
230#define MIN_GCM_SG 1 /* IV */
231#define MIN_DIGEST_SG 1 /*Partial Buffer*/
232#define MIN_CCM_SG 1 /*IV+B0*/
233#define CIP_SPACE_LEFT(len) \
234 ((SGE_MAX_WR_LEN - CIP_WR_MIN_LEN - (len)))
235#define HASH_SPACE_LEFT(len) \
236 ((SGE_MAX_WR_LEN - HASH_WR_MIN_LEN - (len)))
237
238struct algo_param {
239 unsigned int auth_mode;
240 unsigned int mk_size;
241 unsigned int result_size;
242};
243
244struct hash_wr_param {
245 struct algo_param alg_prm;
246 unsigned int opad_needed;
247 unsigned int more;
248 unsigned int last;
249 unsigned int kctx_len;
250 unsigned int sg_len;
251 unsigned int bfr_len;
252 unsigned int hash_size;
253 u64 scmd1;
254};
255
256struct cipher_wr_param {
257 struct skcipher_request *req;
258 char *iv;
259 int bytes;
260 unsigned short qid;
261};
262enum {
263 AES_KEYLENGTH_128BIT = 128,
264 AES_KEYLENGTH_192BIT = 192,
265 AES_KEYLENGTH_256BIT = 256
266};
267
268enum {
269 KEYLENGTH_3BYTES = 3,
270 KEYLENGTH_4BYTES = 4,
271 KEYLENGTH_6BYTES = 6,
272 KEYLENGTH_8BYTES = 8
273};
274
275enum {
276 NUMBER_OF_ROUNDS_10 = 10,
277 NUMBER_OF_ROUNDS_12 = 12,
278 NUMBER_OF_ROUNDS_14 = 14,
279};
280
281/*
282 * CCM defines values of 4, 6, 8, 10, 12, 14, and 16 octets,
283 * where they indicate the size of the integrity check value (ICV)
284 */
285enum {
286 ICV_4 = 4,
287 ICV_6 = 6,
288 ICV_8 = 8,
289 ICV_10 = 10,
290 ICV_12 = 12,
291 ICV_13 = 13,
292 ICV_14 = 14,
293 ICV_15 = 15,
294 ICV_16 = 16
295};
296
297struct phys_sge_pairs {
298 __be16 len[8];
299 __be64 addr[8];
300};
301
302
303static const u32 chcr_sha1_init[SHA1_DIGEST_SIZE / 4] = {
304 SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
305};
306
307static const u32 chcr_sha224_init[SHA256_DIGEST_SIZE / 4] = {
308 SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
309 SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
310};
311
312static const u32 chcr_sha256_init[SHA256_DIGEST_SIZE / 4] = {
313 SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
314 SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
315};
316
317static const u64 chcr_sha384_init[SHA512_DIGEST_SIZE / 8] = {
318 SHA384_H0, SHA384_H1, SHA384_H2, SHA384_H3,
319 SHA384_H4, SHA384_H5, SHA384_H6, SHA384_H7,
320};
321
322static const u64 chcr_sha512_init[SHA512_DIGEST_SIZE / 8] = {
323 SHA512_H0, SHA512_H1, SHA512_H2, SHA512_H3,
324 SHA512_H4, SHA512_H5, SHA512_H6, SHA512_H7,
325};
326
327static inline void copy_hash_init_values(char *key, int digestsize)
328{
329 u8 i;
330 __be32 *dkey = (__be32 *)key;
331 u64 *ldkey = (u64 *)key;
332 __be64 *sha384 = (__be64 *)chcr_sha384_init;
333 __be64 *sha512 = (__be64 *)chcr_sha512_init;
334
335 switch (digestsize) {
336 case SHA1_DIGEST_SIZE:
337 for (i = 0; i < SHA1_INIT_STATE; i++)
338 dkey[i] = cpu_to_be32(chcr_sha1_init[i]);
339 break;
340 case SHA224_DIGEST_SIZE:
341 for (i = 0; i < SHA224_INIT_STATE; i++)
342 dkey[i] = cpu_to_be32(chcr_sha224_init[i]);
343 break;
344 case SHA256_DIGEST_SIZE:
345 for (i = 0; i < SHA256_INIT_STATE; i++)
346 dkey[i] = cpu_to_be32(chcr_sha256_init[i]);
347 break;
348 case SHA384_DIGEST_SIZE:
349 for (i = 0; i < SHA384_INIT_STATE; i++)
350 ldkey[i] = be64_to_cpu(sha384[i]);
351 break;
352 case SHA512_DIGEST_SIZE:
353 for (i = 0; i < SHA512_INIT_STATE; i++)
354 ldkey[i] = be64_to_cpu(sha512[i]);
355 break;
356 }
357}
358
359/* Number of len fields(8) * size of one addr field */
360#define PHYSDSGL_MAX_LEN_SIZE 16
361
362static inline u16 get_space_for_phys_dsgl(unsigned int sgl_entr)
363{
364 /* len field size + addr field size */
365 return ((sgl_entr >> 3) + ((sgl_entr % 8) ?
366 1 : 0)) * PHYSDSGL_MAX_LEN_SIZE +
367 (sgl_entr << 3) + ((sgl_entr % 2 ? 1 : 0) << 3);
368}
369
370/* The AES s-transform matrix (s-box). */
371static const u8 aes_sbox[256] = {
372 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215,
373 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175,
374 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165,
375 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7,
376 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90,
377 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32,
378 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170,
379 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81,
380 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243,
381 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100,
382 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184,
383 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194,
384 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78,
385 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166,
386 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102,
387 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248,
388 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
389 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84,
390 187, 22
391};
392
393static inline u32 aes_ks_subword(const u32 w)
394{
395 u8 bytes[4];
396
397 *(u32 *)(&bytes[0]) = w;
398 bytes[0] = aes_sbox[bytes[0]];
399 bytes[1] = aes_sbox[bytes[1]];
400 bytes[2] = aes_sbox[bytes[2]];
401 bytes[3] = aes_sbox[bytes[3]];
402 return *(u32 *)(&bytes[0]);
403}
404
405#endif /* __CHCR_ALGO_H__ */