drivers/crypto/sa2ul.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * K3 SA2UL crypto accelerator driver
0004  *
0005  * Copyright (C) 2018-2020 Texas Instruments Incorporated - http://www.ti.com
0006  *
0007  * Authors: Keerthy
0008  *      Vitaly Andrianov
0009  *      Tero Kristo
0010  */
0011
0012 #ifndef _K3_SA2UL_
0013 #define _K3_SA2UL_
0014
0015 #include <crypto/aes.h>
0016 #include <crypto/sha1.h>
0017 #include <crypto/sha2.h>
0018
0019 #define SA_ENGINE_STATUS        0x0008
0020 #define SA_ENGINE_ENABLE_CONTROL    0x1000
0021
0022 struct sa_tfm_ctx;
0023 /*
0024  * SA_ENGINE_ENABLE_CONTROL register bits
0025  */
0026 #define SA_EEC_ENCSS_EN         0x00000001
0027 #define SA_EEC_AUTHSS_EN        0x00000002
0028 #define SA_EEC_TRNG_EN          0x00000008
0029 #define SA_EEC_PKA_EN           0x00000010
0030 #define SA_EEC_CTXCACH_EN       0x00000080
0031 #define SA_EEC_CPPI_PORT_IN_EN      0x00000200
0032 #define SA_EEC_CPPI_PORT_OUT_EN     0x00000800
0033
0034 /*
0035  * Encoding used to identify the typo of crypto operation
0036  * performed on the packet when the packet is returned
0037  * by SA
0038  */
0039 #define SA_REQ_SUBTYPE_ENC  0x0001
0040 #define SA_REQ_SUBTYPE_DEC  0x0002
0041 #define SA_REQ_SUBTYPE_SHIFT    16
0042 #define SA_REQ_SUBTYPE_MASK 0xffff
0043
0044 /* Number of 32 bit words in EPIB  */
0045 #define SA_DMA_NUM_EPIB_WORDS   4
0046
0047 /* Number of 32 bit words in PS data  */
0048 #define SA_DMA_NUM_PS_WORDS     16
0049 #define NKEY_SZ         3
0050 #define MCI_SZ          27
0051
0052 /*
0053  * Maximum number of simultaeneous security contexts
0054  * supported by the driver
0055  */
0056 #define SA_MAX_NUM_CTX  512
0057
0058 /*
0059  * Assumption: CTX size is multiple of 32
0060  */
0061 #define SA_CTX_SIZE_TO_DMA_SIZE(ctx_sz) \
0062         ((ctx_sz) ? ((ctx_sz) / 32 - 1) : 0)
0063
0064 #define SA_CTX_ENC_KEY_OFFSET   32
0065 #define SA_CTX_ENC_AUX1_OFFSET  64
0066 #define SA_CTX_ENC_AUX2_OFFSET  96
0067 #define SA_CTX_ENC_AUX3_OFFSET  112
0068 #define SA_CTX_ENC_AUX4_OFFSET  128
0069
0070 /* Next Engine Select code in CP_ACE */
0071 #define SA_ENG_ID_EM1   2       /* Enc/Dec engine with AES/DEC core */
0072 #define SA_ENG_ID_EM2   3       /* Encryption/Decryption enginefor pass 2 */
0073 #define SA_ENG_ID_AM1   4       /* Auth. engine with SHA1/MD5/SHA2 core */
0074 #define SA_ENG_ID_AM2   5       /*  Authentication engine for pass 2 */
0075 #define SA_ENG_ID_OUTPORT2 20   /*  Egress module 2  */
0076
0077 /*
0078  * Command Label Definitions
0079  */
0080 #define SA_CMDL_OFFSET_NESC           0      /* Next Engine Select Code */
0081 #define SA_CMDL_OFFSET_LABEL_LEN      1      /* Engine Command Label Length */
0082 /* 16-bit Length of Data to be processed */
0083 #define SA_CMDL_OFFSET_DATA_LEN       2
0084 #define SA_CMDL_OFFSET_DATA_OFFSET    4      /* Stat Data Offset */
0085 #define SA_CMDL_OFFSET_OPTION_CTRL1   5      /* Option Control Byte 1 */
0086 #define SA_CMDL_OFFSET_OPTION_CTRL2   6      /* Option Control Byte 2 */
0087 #define SA_CMDL_OFFSET_OPTION_CTRL3   7      /* Option Control Byte 3 */
0088 #define SA_CMDL_OFFSET_OPTION_BYTE    8
0089
0090 #define SA_CMDL_HEADER_SIZE_BYTES   8
0091
0092 #define SA_CMDL_OPTION_BYTES_MAX_SIZE     72
0093 #define SA_CMDL_MAX_SIZE_BYTES (SA_CMDL_HEADER_SIZE_BYTES + \
0094                 SA_CMDL_OPTION_BYTES_MAX_SIZE)
0095
0096 /* SWINFO word-0 flags */
0097 #define SA_SW_INFO_FLAG_EVICT   0x0001
0098 #define SA_SW_INFO_FLAG_TEAR    0x0002
0099 #define SA_SW_INFO_FLAG_NOPD    0x0004
0100
0101 /*
0102  * This type represents the various packet types to be processed
0103  * by the PHP engine in SA.
0104  * It is used to identify the corresponding PHP processing function.
0105  */
0106 #define SA_CTX_PE_PKT_TYPE_3GPP_AIR    0    /* 3GPP Air Cipher */
0107 #define SA_CTX_PE_PKT_TYPE_SRTP        1    /* SRTP */
0108 #define SA_CTX_PE_PKT_TYPE_IPSEC_AH    2    /* IPSec Authentication Header */
0109 /* IPSec Encapsulating Security Payload */
0110 #define SA_CTX_PE_PKT_TYPE_IPSEC_ESP   3
0111 /* Indicates that it is in data mode, It may not be used by PHP */
0112 #define SA_CTX_PE_PKT_TYPE_NONE        4
0113 #define SA_CTX_ENC_TYPE1_SZ     64      /* Encryption SC with Key only */
0114 #define SA_CTX_ENC_TYPE2_SZ     96      /* Encryption SC with Key and Aux1 */
0115
0116 #define SA_CTX_AUTH_TYPE1_SZ    64      /* Auth SC with Key only */
0117 #define SA_CTX_AUTH_TYPE2_SZ    96      /* Auth SC with Key and Aux1 */
0118 /* Size of security context for PHP engine */
0119 #define SA_CTX_PHP_PE_CTX_SZ    64
0120
0121 #define SA_CTX_MAX_SZ (64 + SA_CTX_ENC_TYPE2_SZ + SA_CTX_AUTH_TYPE2_SZ)
0122
0123 /*
0124  * Encoding of F/E control in SCCTL
0125  *  Bit 0-1: Fetch PHP Bytes
0126  *  Bit 2-3: Fetch Encryption/Air Ciphering Bytes
0127  *  Bit 4-5: Fetch Authentication Bytes or Encr pass 2
0128  *  Bit 6-7: Evict PHP Bytes
0129  *
0130  *  where   00 = 0 bytes
0131  *          01 = 64 bytes
0132  *          10 = 96 bytes
0133  *          11 = 128 bytes
0134  */
0135 #define SA_CTX_DMA_SIZE_0       0
0136 #define SA_CTX_DMA_SIZE_64      1
0137 #define SA_CTX_DMA_SIZE_96      2
0138 #define SA_CTX_DMA_SIZE_128     3
0139
0140 /*
0141  * Byte offset of the owner word in SCCTL
0142  * in the security context
0143  */
0144 #define SA_CTX_SCCTL_OWNER_OFFSET 0
0145
0146 #define SA_CTX_ENC_KEY_OFFSET   32
0147 #define SA_CTX_ENC_AUX1_OFFSET  64
0148 #define SA_CTX_ENC_AUX2_OFFSET  96
0149 #define SA_CTX_ENC_AUX3_OFFSET  112
0150 #define SA_CTX_ENC_AUX4_OFFSET  128
0151
0152 #define SA_SCCTL_FE_AUTH_ENC    0x65
0153 #define SA_SCCTL_FE_ENC     0x8D
0154
0155 #define SA_ALIGN_MASK       (sizeof(u32) - 1)
0156 #define SA_ALIGNED      __aligned(32)
0157
0158 #define SA_AUTH_SW_CTRL_MD5 1
0159 #define SA_AUTH_SW_CTRL_SHA1    2
0160 #define SA_AUTH_SW_CTRL_SHA224  3
0161 #define SA_AUTH_SW_CTRL_SHA256  4
0162 #define SA_AUTH_SW_CTRL_SHA384  5
0163 #define SA_AUTH_SW_CTRL_SHA512  6
0164
0165 /* SA2UL can only handle maximum data size of 64KB */
0166 #define SA_MAX_DATA_SZ      U16_MAX
0167
0168 /*
0169  * SA2UL can provide unpredictable results with packet sizes that fall
0170  * the following range, so avoid using it.
0171  */
0172 #define SA_UNSAFE_DATA_SZ_MIN   240
0173 #define SA_UNSAFE_DATA_SZ_MAX   256
0174
0175 struct sa_match_data;
0176
0177 /**
0178  * struct sa_crypto_data - Crypto driver instance data
0179  * @base: Base address of the register space
0180  * @soc_data: Pointer to SoC specific data
0181  * @pdev: Platform device pointer
0182  * @sc_pool: security context pool
0183  * @dev: Device pointer
0184  * @scid_lock: secure context ID lock
0185  * @sc_id_start: starting index for SC ID
0186  * @sc_id_end: Ending index for SC ID
0187  * @sc_id: Security Context ID
0188  * @ctx_bm: Bitmap to keep track of Security context ID's
0189  * @ctx: SA tfm context pointer
0190  * @dma_rx1: Pointer to DMA rx channel for sizes < 256 Bytes
0191  * @dma_rx2: Pointer to DMA rx channel for sizes > 256 Bytes
0192  * @dma_tx: Pointer to DMA TX channel
0193  */
0194 struct sa_crypto_data {
0195     void __iomem *base;
0196     const struct sa_match_data *match_data;
0197     struct platform_device  *pdev;
0198     struct dma_pool     *sc_pool;
0199     struct device *dev;
0200     spinlock_t  scid_lock; /* lock for SC-ID allocation */
0201     /* Security context data */
0202     u16     sc_id_start;
0203     u16     sc_id_end;
0204     u16     sc_id;
0205     unsigned long   ctx_bm[DIV_ROUND_UP(SA_MAX_NUM_CTX,
0206                 BITS_PER_LONG)];
0207     struct sa_tfm_ctx   *ctx;
0208     struct dma_chan     *dma_rx1;
0209     struct dma_chan     *dma_rx2;
0210     struct dma_chan     *dma_tx;
0211 };
0212
0213 /**
0214  * struct sa_cmdl_param_info: Command label parameters info
0215  * @index: Index of the parameter in the command label format
0216  * @offset: the offset of the parameter
0217  * @size: Size of the parameter
0218  */
0219 struct sa_cmdl_param_info {
0220     u16 index;
0221     u16 offset;
0222     u16 size;
0223 };
0224
0225 /* Maximum length of Auxiliary data in 32bit words */
0226 #define SA_MAX_AUX_DATA_WORDS   8
0227
0228 /**
0229  * struct sa_cmdl_upd_info: Command label updation info
0230  * @flags: flags in command label
0231  * @submode: Encryption submodes
0232  * @enc_size: Size of first pass encryption size
0233  * @enc_size2: Size of second pass encryption size
0234  * @enc_offset: Encryption payload offset in the packet
0235  * @enc_iv: Encryption initialization vector for pass2
0236  * @enc_iv2: Encryption initialization vector for pass2
0237  * @aad: Associated data
0238  * @payload: Payload info
0239  * @auth_size: Authentication size for pass 1
0240  * @auth_size2: Authentication size for pass 2
0241  * @auth_offset: Authentication payload offset
0242  * @auth_iv: Authentication initialization vector
0243  * @aux_key_info: Authentication aux key information
0244  * @aux_key: Aux key for authentication
0245  */
0246 struct sa_cmdl_upd_info {
0247     u16 flags;
0248     u16 submode;
0249     struct sa_cmdl_param_info   enc_size;
0250     struct sa_cmdl_param_info   enc_size2;
0251     struct sa_cmdl_param_info   enc_offset;
0252     struct sa_cmdl_param_info   enc_iv;
0253     struct sa_cmdl_param_info   enc_iv2;
0254     struct sa_cmdl_param_info   aad;
0255     struct sa_cmdl_param_info   payload;
0256     struct sa_cmdl_param_info   auth_size;
0257     struct sa_cmdl_param_info   auth_size2;
0258     struct sa_cmdl_param_info   auth_offset;
0259     struct sa_cmdl_param_info   auth_iv;
0260     struct sa_cmdl_param_info   aux_key_info;
0261     u32             aux_key[SA_MAX_AUX_DATA_WORDS];
0262 };
0263
0264 /*
0265  * Number of 32bit words appended after the command label
0266  * in PSDATA to identify the crypto request context.
0267  * word-0: Request type
0268  * word-1: pointer to request
0269  */
0270 #define SA_PSDATA_CTX_WORDS 4
0271
0272 /* Maximum size of Command label in 32 words */
0273 #define SA_MAX_CMDL_WORDS (SA_DMA_NUM_PS_WORDS - SA_PSDATA_CTX_WORDS)
0274
0275 /**
0276  * struct sa_ctx_info: SA context information
0277  * @sc: Pointer to security context
0278  * @sc_phys: Security context physical address that is passed on to SA2UL
0279  * @sc_id: Security context ID
0280  * @cmdl_size: Command label size
0281  * @cmdl: Command label for a particular iteration
0282  * @cmdl_upd_info: structure holding command label updation info
0283  * @epib: Extended protocol information block words
0284  */
0285 struct sa_ctx_info {
0286     u8      *sc;
0287     dma_addr_t  sc_phys;
0288     u16     sc_id;
0289     u16     cmdl_size;
0290     u32     cmdl[SA_MAX_CMDL_WORDS];
0291     struct sa_cmdl_upd_info cmdl_upd_info;
0292     /* Store Auxiliary data such as K2/K3 subkeys in AES-XCBC */
0293     u32     epib[SA_DMA_NUM_EPIB_WORDS];
0294 };
0295
0296 /**
0297  * struct sa_tfm_ctx: TFM context structure
0298  * @dev_data: struct sa_crypto_data pointer
0299  * @enc: struct sa_ctx_info for encryption
0300  * @dec: struct sa_ctx_info for decryption
0301  * @keylen: encrption/decryption keylength
0302  * @iv_idx: Initialization vector index
0303  * @key: encryption key
0304  * @fallback: SW fallback algorithm
0305  */
0306 struct sa_tfm_ctx {
0307     struct sa_crypto_data *dev_data;
0308     struct sa_ctx_info enc;
0309     struct sa_ctx_info dec;
0310     struct sa_ctx_info auth;
0311     int keylen;
0312     int iv_idx;
0313     u32 key[AES_KEYSIZE_256 / sizeof(u32)];
0314     u8 authkey[SHA512_BLOCK_SIZE];
0315     struct crypto_shash *shash;
0316     /* for fallback */
0317     union {
0318         struct crypto_skcipher      *skcipher;
0319         struct crypto_ahash     *ahash;
0320         struct crypto_aead      *aead;
0321     } fallback;
0322 };
0323
0324 /**
0325  * struct sa_sha_req_ctx: Structure used for sha request
0326  * @dev_data: struct sa_crypto_data pointer
0327  * @cmdl: Complete command label with psdata and epib included
0328  * @fallback_req: SW fallback request container
0329  */
0330 struct sa_sha_req_ctx {
0331     struct sa_crypto_data   *dev_data;
0332     u32         cmdl[SA_MAX_CMDL_WORDS + SA_PSDATA_CTX_WORDS];
0333     struct ahash_request    fallback_req;
0334 };
0335
0336 enum sa_submode {
0337     SA_MODE_GEN = 0,
0338     SA_MODE_CCM,
0339     SA_MODE_GCM,
0340     SA_MODE_GMAC
0341 };
0342
0343 /* Encryption algorithms */
0344 enum sa_ealg_id {
0345     SA_EALG_ID_NONE = 0,        /* No encryption */
0346     SA_EALG_ID_NULL,            /* NULL encryption */
0347     SA_EALG_ID_AES_CTR,         /* AES Counter mode */
0348     SA_EALG_ID_AES_F8,          /* AES F8 mode */
0349     SA_EALG_ID_AES_CBC,         /* AES CBC mode */
0350     SA_EALG_ID_DES_CBC,         /* DES CBC mode */
0351     SA_EALG_ID_3DES_CBC,        /* 3DES CBC mode */
0352     SA_EALG_ID_CCM,             /* Counter with CBC-MAC mode */
0353     SA_EALG_ID_GCM,             /* Galois Counter mode */
0354     SA_EALG_ID_AES_ECB,
0355     SA_EALG_ID_LAST
0356 };
0357
0358 /* Authentication algorithms */
0359 enum sa_aalg_id {
0360     SA_AALG_ID_NONE = 0,      /* No Authentication  */
0361     SA_AALG_ID_NULL = SA_EALG_ID_LAST, /* NULL Authentication  */
0362     SA_AALG_ID_MD5,           /* MD5 mode */
0363     SA_AALG_ID_SHA1,          /* SHA1 mode */
0364     SA_AALG_ID_SHA2_224,      /* 224-bit SHA2 mode */
0365     SA_AALG_ID_SHA2_256,      /* 256-bit SHA2 mode */
0366     SA_AALG_ID_SHA2_512,      /* 512-bit SHA2 mode */
0367     SA_AALG_ID_HMAC_MD5,      /* HMAC with MD5 mode */
0368     SA_AALG_ID_HMAC_SHA1,     /* HMAC with SHA1 mode */
0369     SA_AALG_ID_HMAC_SHA2_224, /* HMAC with 224-bit SHA2 mode */
0370     SA_AALG_ID_HMAC_SHA2_256, /* HMAC with 256-bit SHA2 mode */
0371     SA_AALG_ID_GMAC,          /* Galois Message Auth. Code mode */
0372     SA_AALG_ID_CMAC,          /* Cipher-based Mes. Auth. Code mode */
0373     SA_AALG_ID_CBC_MAC,       /* Cipher Block Chaining */
0374     SA_AALG_ID_AES_XCBC       /* AES Extended Cipher Block Chaining */
0375 };
0376
0377 /*
0378  * Mode control engine algorithms used to index the
0379  * mode control instruction tables
0380  */
0381 enum sa_eng_algo_id {
0382     SA_ENG_ALGO_ECB = 0,
0383     SA_ENG_ALGO_CBC,
0384     SA_ENG_ALGO_CFB,
0385     SA_ENG_ALGO_OFB,
0386     SA_ENG_ALGO_CTR,
0387     SA_ENG_ALGO_F8,
0388     SA_ENG_ALGO_F8F9,
0389     SA_ENG_ALGO_GCM,
0390     SA_ENG_ALGO_GMAC,
0391     SA_ENG_ALGO_CCM,
0392     SA_ENG_ALGO_CMAC,
0393     SA_ENG_ALGO_CBCMAC,
0394     SA_NUM_ENG_ALGOS
0395 };
0396
0397 /**
0398  * struct sa_eng_info: Security accelerator engine info
0399  * @eng_id: Engine ID
0400  * @sc_size: security context size
0401  */
0402 struct sa_eng_info {
0403     u8  eng_id;
0404     u16 sc_size;
0405 };
0406
0407 #endif /* _K3_SA2UL_ */