1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
7 static uint8_t zuc_d[32] = {0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E,
8 0x57, 0x89, 0x35, 0xE2, 0x71, 0x35, 0x09, 0xAF,
9 0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4, 0x1A, 0xF1,
10 0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC};
13 cpt_snow3g_key_gen(const uint8_t *ck, uint32_t *keyx)
17 for (i = 0; i < 4; i++) {
19 keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) |
20 (ck[base + 2] << 8) | (ck[base + 3]);
21 keyx[3 - i] = plt_cpu_to_be_32(keyx[3 - i]);
26 cpt_ciph_aes_key_validate(uint16_t key_len)
39 cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx,
45 case ROC_SE_PASSTHROUGH:
46 fc_type = ROC_SE_FC_GEN;
50 fc_type = ROC_SE_FC_GEN;
57 if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
59 fc_type = ROC_SE_FC_GEN;
62 fc_type = ROC_SE_FC_GEN;
65 key_len = key_len / 2;
66 if (unlikely(key_len == 24)) {
67 plt_err("Invalid AES key len for XTS");
70 if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
72 fc_type = ROC_SE_FC_GEN;
75 case ROC_SE_SNOW3G_UEA2:
76 if (unlikely(key_len != 16))
78 /* No support for AEAD yet */
79 if (unlikely(ctx->hash_type))
81 fc_type = ROC_SE_PDCP;
83 case ROC_SE_AES_CTR_EEA2:
84 fc_type = ROC_SE_PDCP;
86 case ROC_SE_KASUMI_F8_CBC:
87 case ROC_SE_KASUMI_F8_ECB:
88 if (unlikely(key_len != 16))
90 /* No support for AEAD yet */
91 if (unlikely(ctx->hash_type))
93 fc_type = ROC_SE_KASUMI;
99 ctx->fc_type = fc_type;
104 cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len)
106 roc_se_aes_type aes_key_type = 0;
110 aes_key_type = ROC_SE_AES_128_BIT;
113 aes_key_type = ROC_SE_AES_192_BIT;
116 aes_key_type = ROC_SE_AES_256_BIT;
119 /* This should not happen */
120 plt_err("Invalid AES key len");
123 fctx->enc.aes_key = aes_key_type;
127 roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
128 const uint8_t *key, uint16_t key_len, uint16_t mac_len)
130 struct roc_se_zuc_snow3g_ctx *zs_ctx;
131 struct roc_se_kasumi_ctx *k_ctx;
132 struct roc_se_context *fctx;
137 zs_ctx = &se_ctx->se_ctx.zs_ctx;
138 k_ctx = &se_ctx->se_ctx.k_ctx;
139 fctx = &se_ctx->se_ctx.fctx;
141 if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) {
146 /* No support for AEAD yet */
147 if (se_ctx->enc_cipher)
149 /* For ZUC/SNOW3G/Kasumi */
151 case ROC_SE_SNOW3G_UIA2:
152 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
153 cpt_snow3g_key_gen(key, keyx);
154 memcpy(zs_ctx->ci_key, keyx, key_len);
155 se_ctx->fc_type = ROC_SE_PDCP;
156 se_ctx->zsk_flags = 0x1;
158 case ROC_SE_ZUC_EIA3:
159 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
160 memcpy(zs_ctx->ci_key, key, key_len);
161 memcpy(zs_ctx->zuc_const, zuc_d, 32);
162 se_ctx->fc_type = ROC_SE_PDCP;
163 se_ctx->zsk_flags = 0x1;
165 case ROC_SE_AES_CMAC_EIA2:
166 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
167 memcpy(zs_ctx->ci_key, key, key_len);
168 se_ctx->fc_type = ROC_SE_PDCP;
169 se_ctx->zsk_flags = 0x1;
171 case ROC_SE_KASUMI_F9_ECB:
172 /* Kasumi ECB mode */
174 memcpy(k_ctx->ci_key, key, key_len);
175 se_ctx->fc_type = ROC_SE_KASUMI;
176 se_ctx->zsk_flags = 0x1;
178 case ROC_SE_KASUMI_F9_CBC:
179 memcpy(k_ctx->ci_key, key, key_len);
180 se_ctx->fc_type = ROC_SE_KASUMI;
181 se_ctx->zsk_flags = 0x1;
187 se_ctx->hash_type = type;
191 if (!se_ctx->fc_type ||
192 (type && type != ROC_SE_GMAC_TYPE && !se_ctx->enc_cipher))
193 se_ctx->fc_type = ROC_SE_HASH_HMAC;
195 if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64)
198 /* For GMAC auth, cipher must be NULL */
199 if (type == ROC_SE_GMAC_TYPE)
200 fctx->enc.enc_cipher = 0;
202 fctx->enc.hash_type = type;
203 se_ctx->hash_type = type;
204 fctx->enc.mac_len = mac_len;
205 se_ctx->mac_len = mac_len;
209 memset(se_ctx->auth_key, 0, sizeof(se_ctx->auth_key));
210 memcpy(se_ctx->auth_key, key, key_len);
211 se_ctx->auth_key_len = key_len;
212 memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
213 memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad));
216 memcpy(fctx->hmac.opad, key, key_len);
217 fctx->enc.auth_input_type = 1;
223 roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
224 const uint8_t *key, uint16_t key_len, uint8_t *salt)
226 struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
227 struct roc_se_zuc_snow3g_ctx *zs_ctx;
231 /* For AES-GCM, salt is taken from ctx even if IV source
234 if ((salt != NULL) && (type == ROC_SE_AES_GCM)) {
235 memcpy(fctx->enc.encr_iv, salt, 4);
236 /* Assuming it was just salt update
243 ret = cpt_ciph_type_set(type, se_ctx, key_len);
247 if (se_ctx->fc_type == ROC_SE_FC_GEN) {
249 * We need to always say IV is from DPTR as user can
250 * sometimes iverride IV per operation.
252 fctx->enc.iv_source = ROC_SE_FROM_DPTR;
254 if (se_ctx->auth_key_len > 64)
259 case ROC_SE_PASSTHROUGH:
260 se_ctx->enc_cipher = 0;
261 fctx->enc.enc_cipher = 0;
263 case ROC_SE_DES3_CBC:
264 /* CPT performs DES using 3DES with the 8B DES-key
265 * replicated 2 more times to match the 24B 3DES-key.
266 * Eg. If org. key is "0x0a 0x0b", then new key is
267 * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b"
270 /* Skipping the first 8B as it will be copied
271 * in the regular code flow
273 memcpy(fctx->enc.encr_key + key_len, key, key_len);
274 memcpy(fctx->enc.encr_key + 2 * key_len, key, key_len);
277 case ROC_SE_DES3_ECB:
278 /* For DES3_ECB IV need to be from CTX. */
279 fctx->enc.iv_source = ROC_SE_FROM_CTX;
285 case ROC_SE_CHACHA20:
286 cpt_ciph_aes_key_type_set(fctx, key_len);
289 cpt_ciph_aes_key_type_set(fctx, key_len);
292 key_len = key_len / 2;
293 cpt_ciph_aes_key_type_set(fctx, key_len);
295 /* Copy key2 for XTS into ipad */
296 memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
297 memcpy(fctx->hmac.ipad, &key[key_len], key_len);
299 case ROC_SE_SNOW3G_UEA2:
300 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
301 cpt_snow3g_key_gen(key, keyx);
302 memcpy(se_ctx->se_ctx.zs_ctx.ci_key, keyx, key_len);
303 se_ctx->zsk_flags = 0;
305 case ROC_SE_ZUC_EEA3:
306 zs_ctx = &se_ctx->se_ctx.zs_ctx;
307 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
308 memcpy(zs_ctx->ci_key, key, key_len);
309 memcpy(zs_ctx->zuc_const, zuc_d, 32);
310 se_ctx->zsk_flags = 0;
312 case ROC_SE_AES_CTR_EEA2:
313 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
314 memcpy(se_ctx->se_ctx.zs_ctx.ci_key, key, key_len);
315 se_ctx->zsk_flags = 0;
317 case ROC_SE_KASUMI_F8_ECB:
319 memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len);
320 se_ctx->zsk_flags = 0;
322 case ROC_SE_KASUMI_F8_CBC:
323 memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len);
324 se_ctx->zsk_flags = 0;
330 /* Only for ROC_SE_FC_GEN case */
332 /* For GMAC auth, cipher must be NULL */
333 if (se_ctx->hash_type != ROC_SE_GMAC_TYPE)
334 fctx->enc.enc_cipher = type;
336 memcpy(fctx->enc.encr_key, key, key_len);
339 se_ctx->enc_cipher = type;