crypto/chelsio/chcr_algo.h

0001 /*
0002  * This file is part of the Chelsio T6 Crypto driver for Linux.
0003  *
0004  * Copyright (c) 2003-2016 Chelsio Communications, Inc. All rights reserved.
0005  *
0006  * This software is available to you under a choice of one of two
0007  * licenses.  You may choose to be licensed under the terms of the GNU
0008  * General Public License (GPL) Version 2, available from the file
0009  * COPYING in the main directory of this source tree, or the
0010  * OpenIB.org BSD license below:
0011  *
0012  *     Redistribution and use in source and binary forms, with or
0013  *     without modification, are permitted provided that the following
0014  *     conditions are met:
0015  *
0016  *      - Redistributions of source code must retain the above
0017  *        copyright notice, this list of conditions and the following
0018  *        disclaimer.
0019  *
0020  *      - Redistributions in binary form must reproduce the above
0021  *        copyright notice, this list of conditions and the following
0022  *        disclaimer in the documentation and/or other materials
0023  *        provided with the distribution.
0024  *
0025  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
0026  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
0027  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
0028  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
0029  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
0030  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
0031  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
0032  * SOFTWARE.
0033  *
0034  */
0035
0036 #ifndef __CHCR_ALGO_H__
0037 #define __CHCR_ALGO_H__
0038
0039 /* Crypto key context */
0040 #define KEY_CONTEXT_CTX_LEN_S           24
0041 #define KEY_CONTEXT_CTX_LEN_M           0xff
0042 #define KEY_CONTEXT_CTX_LEN_V(x)        ((x) << KEY_CONTEXT_CTX_LEN_S)
0043 #define KEY_CONTEXT_CTX_LEN_G(x) \
0044     (((x) >> KEY_CONTEXT_CTX_LEN_S) & KEY_CONTEXT_CTX_LEN_M)
0045
0046 #define KEY_CONTEXT_DUAL_CK_S      12
0047 #define KEY_CONTEXT_DUAL_CK_M      0x1
0048 #define KEY_CONTEXT_DUAL_CK_V(x)   ((x) << KEY_CONTEXT_DUAL_CK_S)
0049 #define KEY_CONTEXT_DUAL_CK_G(x)   \
0050 (((x) >> KEY_CONTEXT_DUAL_CK_S) & KEY_CONTEXT_DUAL_CK_M)
0051 #define KEY_CONTEXT_DUAL_CK_F      KEY_CONTEXT_DUAL_CK_V(1U)
0052
0053 #define KEY_CONTEXT_SALT_PRESENT_S      10
0054 #define KEY_CONTEXT_SALT_PRESENT_M      0x1
0055 #define KEY_CONTEXT_SALT_PRESENT_V(x)   ((x) << KEY_CONTEXT_SALT_PRESENT_S)
0056 #define KEY_CONTEXT_SALT_PRESENT_G(x)   \
0057     (((x) >> KEY_CONTEXT_SALT_PRESENT_S) & \
0058      KEY_CONTEXT_SALT_PRESENT_M)
0059 #define KEY_CONTEXT_SALT_PRESENT_F      KEY_CONTEXT_SALT_PRESENT_V(1U)
0060
0061 #define KEY_CONTEXT_VALID_S     0
0062 #define KEY_CONTEXT_VALID_M     0x1
0063 #define KEY_CONTEXT_VALID_V(x)  ((x) << KEY_CONTEXT_VALID_S)
0064 #define KEY_CONTEXT_VALID_G(x)  \
0065     (((x) >> KEY_CONTEXT_VALID_S) & \
0066      KEY_CONTEXT_VALID_M)
0067 #define KEY_CONTEXT_VALID_F     KEY_CONTEXT_VALID_V(1U)
0068
0069 #define KEY_CONTEXT_CK_SIZE_S           6
0070 #define KEY_CONTEXT_CK_SIZE_M           0xf
0071 #define KEY_CONTEXT_CK_SIZE_V(x)        ((x) << KEY_CONTEXT_CK_SIZE_S)
0072 #define KEY_CONTEXT_CK_SIZE_G(x)        \
0073     (((x) >> KEY_CONTEXT_CK_SIZE_S) & KEY_CONTEXT_CK_SIZE_M)
0074
0075 #define KEY_CONTEXT_MK_SIZE_S           2
0076 #define KEY_CONTEXT_MK_SIZE_M           0xf
0077 #define KEY_CONTEXT_MK_SIZE_V(x)        ((x) << KEY_CONTEXT_MK_SIZE_S)
0078 #define KEY_CONTEXT_MK_SIZE_G(x)        \
0079     (((x) >> KEY_CONTEXT_MK_SIZE_S) & KEY_CONTEXT_MK_SIZE_M)
0080
0081 #define KEY_CONTEXT_OPAD_PRESENT_S      11
0082 #define KEY_CONTEXT_OPAD_PRESENT_M      0x1
0083 #define KEY_CONTEXT_OPAD_PRESENT_V(x)   ((x) << KEY_CONTEXT_OPAD_PRESENT_S)
0084 #define KEY_CONTEXT_OPAD_PRESENT_G(x)   \
0085     (((x) >> KEY_CONTEXT_OPAD_PRESENT_S) & \
0086      KEY_CONTEXT_OPAD_PRESENT_M)
0087 #define KEY_CONTEXT_OPAD_PRESENT_F      KEY_CONTEXT_OPAD_PRESENT_V(1U)
0088
0089 #define CHCR_HASH_MAX_DIGEST_SIZE 64
0090 #define CHCR_MAX_SHA_DIGEST_SIZE 64
0091
0092 #define IPSEC_TRUNCATED_ICV_SIZE 12
0093 #define TLS_TRUNCATED_HMAC_SIZE 10
0094 #define CBCMAC_DIGEST_SIZE 16
0095 #define MAX_HASH_NAME 20
0096
0097 #define SHA1_INIT_STATE_5X4B    5
0098 #define SHA256_INIT_STATE_8X4B  8
0099 #define SHA512_INIT_STATE_8X8B  8
0100 #define SHA1_INIT_STATE         SHA1_INIT_STATE_5X4B
0101 #define SHA224_INIT_STATE       SHA256_INIT_STATE_8X4B
0102 #define SHA256_INIT_STATE       SHA256_INIT_STATE_8X4B
0103 #define SHA384_INIT_STATE       SHA512_INIT_STATE_8X8B
0104 #define SHA512_INIT_STATE       SHA512_INIT_STATE_8X8B
0105
0106 #define DUMMY_BYTES 16
0107
0108 #define IPAD_DATA 0x36363636
0109 #define OPAD_DATA 0x5c5c5c5c
0110
0111 #define TRANSHDR_SIZE(kctx_len)\
0112     (sizeof(struct chcr_wr) +\
0113      kctx_len)
0114 #define CIPHER_TRANSHDR_SIZE(kctx_len, sge_pairs) \
0115     (TRANSHDR_SIZE((kctx_len)) + (sge_pairs) +\
0116      sizeof(struct cpl_rx_phys_dsgl) + AES_BLOCK_SIZE)
0117 #define HASH_TRANSHDR_SIZE(kctx_len)\
0118     (TRANSHDR_SIZE(kctx_len) + DUMMY_BYTES)
0119
0120
0121 #define FILL_SEC_CPL_OP_IVINSR(id, len, ofst)      \
0122     htonl( \
0123            CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | \
0124            CPL_TX_SEC_PDU_RXCHID_V((id)) | \
0125            CPL_TX_SEC_PDU_ACKFOLLOWS_V(0) | \
0126            CPL_TX_SEC_PDU_ULPTXLPBK_V(1) | \
0127            CPL_TX_SEC_PDU_CPLLEN_V((len)) | \
0128            CPL_TX_SEC_PDU_PLACEHOLDER_V(0) | \
0129            CPL_TX_SEC_PDU_IVINSRTOFST_V((ofst)))
0130
0131 #define  FILL_SEC_CPL_CIPHERSTOP_HI(a_start, a_stop, c_start, c_stop_hi) \
0132     htonl( \
0133            CPL_TX_SEC_PDU_AADSTART_V((a_start)) | \
0134            CPL_TX_SEC_PDU_AADSTOP_V((a_stop)) | \
0135            CPL_TX_SEC_PDU_CIPHERSTART_V((c_start)) | \
0136            CPL_TX_SEC_PDU_CIPHERSTOP_HI_V((c_stop_hi)))
0137
0138 #define  FILL_SEC_CPL_AUTHINSERT(c_stop_lo, a_start, a_stop, a_inst) \
0139     htonl( \
0140            CPL_TX_SEC_PDU_CIPHERSTOP_LO_V((c_stop_lo)) | \
0141         CPL_TX_SEC_PDU_AUTHSTART_V((a_start)) | \
0142         CPL_TX_SEC_PDU_AUTHSTOP_V((a_stop)) | \
0143         CPL_TX_SEC_PDU_AUTHINSERT_V((a_inst)))
0144
0145 #define  FILL_SEC_CPL_SCMD0_SEQNO(ctrl, seq, cmode, amode, opad, size)  \
0146         htonl( \
0147         SCMD_SEQ_NO_CTRL_V(0) | \
0148         SCMD_STATUS_PRESENT_V(0) | \
0149         SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_GENERIC) | \
0150         SCMD_ENC_DEC_CTRL_V((ctrl)) | \
0151         SCMD_CIPH_AUTH_SEQ_CTRL_V((seq)) | \
0152         SCMD_CIPH_MODE_V((cmode)) | \
0153         SCMD_AUTH_MODE_V((amode)) | \
0154         SCMD_HMAC_CTRL_V((opad)) | \
0155         SCMD_IV_SIZE_V((size)) | \
0156         SCMD_NUM_IVS_V(0))
0157
0158 #define FILL_SEC_CPL_IVGEN_HDRLEN(last, more, ctx_in, mac, ivdrop, len) htonl( \
0159         SCMD_ENB_DBGID_V(0) | \
0160         SCMD_IV_GEN_CTRL_V(0) | \
0161         SCMD_LAST_FRAG_V((last)) | \
0162         SCMD_MORE_FRAGS_V((more)) | \
0163         SCMD_TLS_COMPPDU_V(0) | \
0164         SCMD_KEY_CTX_INLINE_V((ctx_in)) | \
0165         SCMD_TLS_FRAG_ENABLE_V(0) | \
0166         SCMD_MAC_ONLY_V((mac)) |  \
0167         SCMD_AADIVDROP_V((ivdrop)) | \
0168         SCMD_HDR_LEN_V((len)))
0169
0170 #define  FILL_KEY_CTX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
0171         htonl(KEY_CONTEXT_VALID_V(1) | \
0172               KEY_CONTEXT_CK_SIZE_V((ck_size)) | \
0173               KEY_CONTEXT_MK_SIZE_V(mk_size) | \
0174               KEY_CONTEXT_DUAL_CK_V((d_ck)) | \
0175               KEY_CONTEXT_OPAD_PRESENT_V((opad)) | \
0176               KEY_CONTEXT_SALT_PRESENT_V(1) | \
0177               KEY_CONTEXT_CTX_LEN_V((ctx_len)))
0178
0179 #define  FILL_KEY_CRX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \
0180         htonl(TLS_KEYCTX_RXMK_SIZE_V(mk_size) | \
0181               TLS_KEYCTX_RXCK_SIZE_V(ck_size) | \
0182               TLS_KEYCTX_RX_VALID_V(1) | \
0183               TLS_KEYCTX_RX_SEQCTR_V(3) | \
0184               TLS_KEYCTX_RXAUTH_MODE_V(4) | \
0185               TLS_KEYCTX_RXCIPH_MODE_V(2) | \
0186               TLS_KEYCTX_RXFLIT_CNT_V((ctx_len)))
0187
0188 #define FILL_WR_OP_CCTX_SIZE \
0189         htonl( \
0190             FW_CRYPTO_LOOKASIDE_WR_OPCODE_V( \
0191             FW_CRYPTO_LOOKASIDE_WR) | \
0192             FW_CRYPTO_LOOKASIDE_WR_COMPL_V(0) | \
0193             FW_CRYPTO_LOOKASIDE_WR_IMM_LEN_V((0)) | \
0194             FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(0) | \
0195             FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V(0))
0196
0197 #define FILL_WR_RX_Q_ID(cid, qid, lcb, fid) \
0198         htonl( \
0199             FW_CRYPTO_LOOKASIDE_WR_RX_CHID_V((cid)) | \
0200             FW_CRYPTO_LOOKASIDE_WR_RX_Q_ID_V((qid)) | \
0201             FW_CRYPTO_LOOKASIDE_WR_LCB_V((lcb)) | \
0202             FW_CRYPTO_LOOKASIDE_WR_IV_V((IV_NOP)) | \
0203             FW_CRYPTO_LOOKASIDE_WR_FQIDX_V(fid))
0204
0205 #define FILL_ULPTX_CMD_DEST(cid, qid) \
0206     htonl(ULPTX_CMD_V(ULP_TX_PKT) | \
0207           ULP_TXPKT_DEST_V(0) | \
0208           ULP_TXPKT_DATAMODIFY_V(0) | \
0209           ULP_TXPKT_CHANNELID_V((cid)) | \
0210           ULP_TXPKT_RO_V(1) | \
0211           ULP_TXPKT_FID_V(qid))
0212
0213 #define KEYCTX_ALIGN_PAD(bs) ({unsigned int _bs = (bs);\
0214                   _bs == SHA1_DIGEST_SIZE ? 12 : 0; })
0215
0216 #define FILL_PLD_SIZE_HASH_SIZE(payload_sgl_len, sgl_lengths, total_frags) \
0217     htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(payload_sgl_len ? \
0218                         sgl_lengths[total_frags] : 0) |\
0219           FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(0))
0220
0221 #define FILL_LEN_PKD(calc_tx_flits_ofld, skb) \
0222     htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP((\
0223                        calc_tx_flits_ofld(skb) * 8), 16)))
0224
0225 #define FILL_CMD_MORE(immdatalen) htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) |\
0226                     ULP_TX_SC_MORE_V((immdatalen)))
0227 #define MAX_NK 8
0228 #define MAX_DSGL_ENT            32
0229 #define MIN_AUTH_SG         1 /* IV */
0230 #define MIN_GCM_SG          1 /* IV */
0231 #define MIN_DIGEST_SG           1 /*Partial Buffer*/
0232 #define MIN_CCM_SG          1 /*IV+B0*/
0233 #define CIP_SPACE_LEFT(len) \
0234     ((SGE_MAX_WR_LEN - CIP_WR_MIN_LEN - (len)))
0235 #define HASH_SPACE_LEFT(len) \
0236     ((SGE_MAX_WR_LEN - HASH_WR_MIN_LEN - (len)))
0237
0238 struct algo_param {
0239     unsigned int auth_mode;
0240     unsigned int mk_size;
0241     unsigned int result_size;
0242 };
0243
0244 struct hash_wr_param {
0245     struct algo_param alg_prm;
0246     unsigned int opad_needed;
0247     unsigned int more;
0248     unsigned int last;
0249     unsigned int kctx_len;
0250     unsigned int sg_len;
0251     unsigned int bfr_len;
0252     unsigned int hash_size;
0253     u64 scmd1;
0254 };
0255
0256 struct cipher_wr_param {
0257     struct skcipher_request *req;
0258     char *iv;
0259     int bytes;
0260     unsigned short qid;
0261 };
0262 enum {
0263     AES_KEYLENGTH_128BIT = 128,
0264     AES_KEYLENGTH_192BIT = 192,
0265     AES_KEYLENGTH_256BIT = 256
0266 };
0267
0268 enum {
0269     KEYLENGTH_3BYTES = 3,
0270     KEYLENGTH_4BYTES = 4,
0271     KEYLENGTH_6BYTES = 6,
0272     KEYLENGTH_8BYTES = 8
0273 };
0274
0275 enum {
0276     NUMBER_OF_ROUNDS_10 = 10,
0277     NUMBER_OF_ROUNDS_12 = 12,
0278     NUMBER_OF_ROUNDS_14 = 14,
0279 };
0280
0281 /*
0282  * CCM defines values of 4, 6, 8, 10, 12, 14, and 16 octets,
0283  * where they indicate the size of the integrity check value (ICV)
0284  */
0285 enum {
0286     ICV_4  = 4,
0287     ICV_6  = 6,
0288     ICV_8  = 8,
0289     ICV_10 = 10,
0290     ICV_12 = 12,
0291     ICV_13 = 13,
0292     ICV_14 = 14,
0293     ICV_15 = 15,
0294     ICV_16 = 16
0295 };
0296
0297 struct phys_sge_pairs {
0298     __be16 len[8];
0299     __be64 addr[8];
0300 };
0301
0302
0303 static const u32 chcr_sha1_init[SHA1_DIGEST_SIZE / 4] = {
0304         SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
0305 };
0306
0307 static const u32 chcr_sha224_init[SHA256_DIGEST_SIZE / 4] = {
0308         SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
0309         SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
0310 };
0311
0312 static const u32 chcr_sha256_init[SHA256_DIGEST_SIZE / 4] = {
0313         SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
0314         SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
0315 };
0316
0317 static const u64 chcr_sha384_init[SHA512_DIGEST_SIZE / 8] = {
0318         SHA384_H0, SHA384_H1, SHA384_H2, SHA384_H3,
0319         SHA384_H4, SHA384_H5, SHA384_H6, SHA384_H7,
0320 };
0321
0322 static const u64 chcr_sha512_init[SHA512_DIGEST_SIZE / 8] = {
0323         SHA512_H0, SHA512_H1, SHA512_H2, SHA512_H3,
0324         SHA512_H4, SHA512_H5, SHA512_H6, SHA512_H7,
0325 };
0326
0327 static inline void copy_hash_init_values(char *key, int digestsize)
0328 {
0329     u8 i;
0330     __be32 *dkey = (__be32 *)key;
0331     u64 *ldkey = (u64 *)key;
0332     __be64 *sha384 = (__be64 *)chcr_sha384_init;
0333     __be64 *sha512 = (__be64 *)chcr_sha512_init;
0334
0335     switch (digestsize) {
0336     case SHA1_DIGEST_SIZE:
0337         for (i = 0; i < SHA1_INIT_STATE; i++)
0338             dkey[i] = cpu_to_be32(chcr_sha1_init[i]);
0339         break;
0340     case SHA224_DIGEST_SIZE:
0341         for (i = 0; i < SHA224_INIT_STATE; i++)
0342             dkey[i] = cpu_to_be32(chcr_sha224_init[i]);
0343         break;
0344     case SHA256_DIGEST_SIZE:
0345         for (i = 0; i < SHA256_INIT_STATE; i++)
0346             dkey[i] = cpu_to_be32(chcr_sha256_init[i]);
0347         break;
0348     case SHA384_DIGEST_SIZE:
0349         for (i = 0; i < SHA384_INIT_STATE; i++)
0350             ldkey[i] = be64_to_cpu(sha384[i]);
0351         break;
0352     case SHA512_DIGEST_SIZE:
0353         for (i = 0; i < SHA512_INIT_STATE; i++)
0354             ldkey[i] = be64_to_cpu(sha512[i]);
0355         break;
0356     }
0357 }
0358
0359 /* Number of len fields(8) * size of one addr field */
0360 #define PHYSDSGL_MAX_LEN_SIZE 16
0361
0362 static inline u16 get_space_for_phys_dsgl(unsigned int sgl_entr)
0363 {
0364     /* len field size + addr field size */
0365     return ((sgl_entr >> 3) + ((sgl_entr % 8) ?
0366                    1 : 0)) * PHYSDSGL_MAX_LEN_SIZE +
0367         (sgl_entr << 3) + ((sgl_entr % 2 ? 1 : 0) << 3);
0368 }
0369
0370 /* The AES s-transform matrix (s-box). */
0371 static const u8 aes_sbox[256] = {
0372     99,  124, 119, 123, 242, 107, 111, 197, 48,  1,   103, 43,  254, 215,
0373     171, 118, 202, 130, 201, 125, 250, 89,  71,  240, 173, 212, 162, 175,
0374     156, 164, 114, 192, 183, 253, 147, 38,  54,  63,  247, 204, 52,  165,
0375     229, 241, 113, 216, 49,  21, 4,   199, 35,  195, 24,  150, 5, 154, 7,
0376     18,  128, 226, 235, 39,  178, 117, 9,   131, 44,  26,  27,  110, 90,
0377     160, 82,  59,  214, 179, 41,  227, 47,  132, 83,  209, 0,   237, 32,
0378     252, 177, 91,  106, 203, 190, 57,  74,  76,  88,  207, 208, 239, 170,
0379     251, 67,  77,  51,  133, 69,  249, 2,   127, 80,  60,  159, 168, 81,
0380     163, 64,  143, 146, 157, 56,  245, 188, 182, 218, 33,  16,  255, 243,
0381     210, 205, 12,  19,  236, 95,  151, 68,  23,  196, 167, 126, 61,  100,
0382     93,  25,  115, 96,  129, 79,  220, 34,  42,  144, 136, 70,  238, 184,
0383     20,  222, 94,  11,  219, 224, 50,  58,  10,  73,  6,   36,  92,  194,
0384     211, 172, 98,  145, 149, 228, 121, 231, 200, 55,  109, 141, 213, 78,
0385     169, 108, 86,  244, 234, 101, 122, 174, 8, 186, 120, 37,  46,  28, 166,
0386     180, 198, 232, 221, 116, 31,  75,  189, 139, 138, 112, 62,  181, 102,
0387     72,  3,   246, 14,  97,  53,  87,  185, 134, 193, 29,  158, 225, 248,
0388     152, 17,  105, 217, 142, 148, 155, 30,  135, 233, 206, 85,  40,  223,
0389     140, 161, 137, 13,  191, 230, 66,  104, 65,  153, 45,  15,  176, 84,
0390     187, 22
0391 };
0392
0393 static inline u32 aes_ks_subword(const u32 w)
0394 {
0395     u8 bytes[4];
0396
0397     *(u32 *)(&bytes[0]) = w;
0398     bytes[0] = aes_sbox[bytes[0]];
0399     bytes[1] = aes_sbox[bytes[1]];
0400     bytes[2] = aes_sbox[bytes[2]];
0401     bytes[3] = aes_sbox[bytes[3]];
0402     return *(u32 *)(&bytes[0]);
0403 }
0404
0405 #endif /* __CHCR_ALGO_H__ */