1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016,2019 NXP
8 #ifndef __DESC_ALGO_H__
9 #define __DESC_ALGO_H__
15 * DOC: Algorithms - Shared Descriptor Constructors
17 * Shared descriptors for algorithms (i.e. not for protocols).
21 * cnstr_shdsc_zuce - ZUC Enc (EEA2) as a shared descriptor
22 * @descbuf: pointer to descriptor-under-construction buffer
23 * @ps: if 36/40bit addressing is desired, this parameter must be true
24 * @swap: must be true when core endianness doesn't match SEC endianness
25 * @cipherdata: pointer to block cipher transform definitions
26 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
28 * Return: size of descriptor written in words or negative number on error
31 cnstr_shdsc_zuce(uint32_t *descbuf, bool ps, bool swap,
32 struct alginfo *cipherdata, uint8_t dir)
35 struct program *p = &prg;
37 PROGRAM_CNTXT_INIT(p, descbuf, 0);
42 PROGRAM_SET_36BIT_ADDR(p);
43 SHR_HDR(p, SHR_ALWAYS, 1, 0);
45 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
46 cipherdata->keylen, INLINE_KEY(cipherdata));
48 SEQLOAD(p, CONTEXT1, 0, 16, 0);
50 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
51 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
52 ALG_OPERATION(p, OP_ALG_ALGSEL_ZUCE, OP_ALG_AAI_F8,
53 OP_ALG_AS_INITFINAL, 0, dir);
54 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
55 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
57 return PROGRAM_FINALIZE(p);
61 * cnstr_shdsc_zuca - ZUC Auth (EIA2) as a shared descriptor
62 * @descbuf: pointer to descriptor-under-construction buffer
63 * @ps: if 36/40bit addressing is desired, this parameter must be true
64 * @swap: must be true when core endianness doesn't match SEC endianness
65 * @authdata: pointer to authentication transform definitions
66 * @chk_icv: Whether to compare and verify ICV (true/false)
67 * @authlen: size of digest
69 * The IV prepended before hmac payload must be 8 bytes consisting
70 * of COUNT||BEAERER||DIR. The COUNT is of 32-bits, bearer is of 5 bits and
71 * direction is of 1 bit - totalling to 38 bits.
73 * Return: size of descriptor written in words or negative number on error
76 cnstr_shdsc_zuca(uint32_t *descbuf, bool ps, bool swap,
77 struct alginfo *authdata, uint8_t chk_icv,
81 struct program *p = &prg;
82 int dir = chk_icv ? DIR_DEC : DIR_ENC;
84 PROGRAM_CNTXT_INIT(p, descbuf, 0);
89 PROGRAM_SET_36BIT_ADDR(p);
90 SHR_HDR(p, SHR_ALWAYS, 1, 0);
92 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
93 authdata->keylen, INLINE_KEY(authdata));
95 SEQLOAD(p, CONTEXT2, 0, 8, 0);
97 if (chk_icv == ICV_CHECK_ENABLE)
98 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
100 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
102 ALG_OPERATION(p, OP_ALG_ALGSEL_ZUCA, OP_ALG_AAI_F9,
103 OP_ALG_AS_INITFINAL, chk_icv, dir);
105 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
107 if (chk_icv == ICV_CHECK_ENABLE)
108 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
110 /* Save lower half of MAC out into a 32-bit sequence */
111 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
113 return PROGRAM_FINALIZE(p);
118 * cnstr_shdsc_snow_f8 - SNOW/f8 (UEA2) as a shared descriptor
119 * @descbuf: pointer to descriptor-under-construction buffer
120 * @ps: if 36/40bit addressing is desired, this parameter must be true
121 * @swap: must be true when core endianness doesn't match SEC endianness
122 * @cipherdata: pointer to block cipher transform definitions
123 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
125 * Return: size of descriptor written in words or negative number on error
128 cnstr_shdsc_snow_f8(uint32_t *descbuf, bool ps, bool swap,
129 struct alginfo *cipherdata, uint8_t dir)
132 struct program *p = &prg;
134 PROGRAM_CNTXT_INIT(p, descbuf, 0);
136 PROGRAM_SET_BSWAP(p);
139 PROGRAM_SET_36BIT_ADDR(p);
140 SHR_HDR(p, SHR_ALWAYS, 1, 0);
142 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
143 cipherdata->keylen, INLINE_KEY(cipherdata));
145 SEQLOAD(p, CONTEXT1, 0, 16, 0);
147 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
148 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
149 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F8, OP_ALG_AAI_F8,
150 OP_ALG_AS_INITFINAL, 0, dir);
151 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
152 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
154 return PROGRAM_FINALIZE(p);
158 * conv_to_zuc_eia_iv - ZUCA IV 16-byte to 8-byte convert
160 * @iv: 16 bytes of original IV data.
162 * From the original IV, we extract 32-bits of COUNT,
163 * 5-bits of bearer and 1-bit of direction.
164 * Refer to CAAM refman for ZUCA IV format. Then these values are
165 * appended as COUNT||BEARER||DIR continuously to make a 38-bit block.
166 * This 38-bit block is copied left justified into 8-byte array used as
169 * Return: 8-bytes of IV data as understood by SEC HW
172 static inline uint8_t *conv_to_zuc_eia_iv(uint8_t *iv)
174 uint8_t dir = (iv[14] & 0x80) ? 4 : 0;
176 iv[12] = iv[4] | dir;
190 * conv_to_snow_f9_iv - SNOW/f9 (UIA2) IV 16 byte to 12 byte convert
192 * @iv: 16 byte original IV data
194 * Return: 12 byte IV data as understood by SEC HW
197 static inline uint8_t *conv_to_snow_f9_iv(uint8_t *iv)
199 uint8_t temp = (iv[8] == iv[0]) ? 0 : 4;
220 * cnstr_shdsc_snow_f9 - SNOW/f9 (UIA2) as a shared descriptor
221 * @descbuf: pointer to descriptor-under-construction buffer
222 * @ps: if 36/40bit addressing is desired, this parameter must be true
223 * @swap: must be true when core endianness doesn't match SEC endianness
224 * @authdata: pointer to authentication transform definitions
225 * @chk_icv: check or generate ICV value
226 * @authlen: size of digest
228 * Return: size of descriptor written in words or negative number on error
231 cnstr_shdsc_snow_f9(uint32_t *descbuf, bool ps, bool swap,
232 struct alginfo *authdata, uint8_t chk_icv,
236 struct program *p = &prg;
237 int dir = chk_icv ? DIR_DEC : DIR_ENC;
239 PROGRAM_CNTXT_INIT(p, descbuf, 0);
241 PROGRAM_SET_BSWAP(p);
244 PROGRAM_SET_36BIT_ADDR(p);
246 SHR_HDR(p, SHR_ALWAYS, 1, 0);
248 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
249 authdata->keylen, INLINE_KEY(authdata));
251 SEQLOAD(p, CONTEXT2, 0, 12, 0);
253 if (chk_icv == ICV_CHECK_ENABLE)
254 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
256 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
258 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F9, OP_ALG_AAI_F9,
259 OP_ALG_AS_INITFINAL, chk_icv, dir);
261 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
263 if (chk_icv == ICV_CHECK_ENABLE)
264 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
266 /* Save lower half of MAC out into a 32-bit sequence */
267 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
269 return PROGRAM_FINALIZE(p);
273 * cnstr_shdsc_blkcipher - block cipher transformation
274 * @descbuf: pointer to descriptor-under-construction buffer
275 * @ps: if 36/40bit addressing is desired, this parameter must be true
276 * @swap: must be true when core endianness doesn't match SEC endianness
277 * @share: sharing type of shared descriptor
278 * @cipherdata: pointer to block cipher transform definitions
279 * Valid algorithm values one of OP_ALG_ALGSEL_* {DES, 3DES, AES}
281 * AES: OP_ALG_AAI_* {CBC, CTR}
282 * DES, 3DES: OP_ALG_AAI_CBC
283 * @iv: IV data; if NULL, "ivlen" bytes from the input frame will be read as IV
285 * @dir: DIR_ENC/DIR_DEC
287 * Return: size of descriptor written in words or negative number on error
290 cnstr_shdsc_blkcipher(uint32_t *descbuf, bool ps, bool swap,
291 enum rta_share_type share,
292 struct alginfo *cipherdata,
293 uint32_t ivlen, uint8_t dir)
296 struct program *p = &prg;
297 uint32_t iv_off = 0, counter;
298 const bool need_dk = (dir == DIR_DEC) &&
299 (cipherdata->algtype == OP_ALG_ALGSEL_AES) &&
300 (cipherdata->algmode == OP_ALG_AAI_CBC);
306 PROGRAM_CNTXT_INIT(p, descbuf, 0);
308 PROGRAM_SET_BSWAP(p);
310 PROGRAM_SET_36BIT_ADDR(p);
311 SHR_HDR(p, share, 1, SC);
313 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
315 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
316 cipherdata->keylen, INLINE_KEY(cipherdata));
319 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
320 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
322 pskipdk = JUMP(p, skipdk, LOCAL_JUMP, ALL_TRUE, 0);
324 SET_LABEL(p, keyjmp);
327 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, cipherdata->algmode |
328 OP_ALG_AAI_DK, OP_ALG_AS_INITFINAL,
329 ICV_CHECK_DISABLE, dir);
330 SET_LABEL(p, skipdk);
332 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
333 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
336 if (cipherdata->algmode == OP_ALG_AAI_CTR)
339 /* IV is present first before the actual message */
340 SEQLOAD(p, CONTEXT1, iv_off, ivlen, 0);
342 /* If IV len is less than 16 bytes, set 'counter' as 1 */
343 if (cipherdata->algmode == OP_ALG_AAI_CTR && ivlen < 16) {
348 LOAD(p, counter, CONTEXT1, (iv_off + ivlen), 16 - ivlen, IMMED);
351 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
352 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
354 /* Insert sequence load/store with VLF */
355 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
356 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
358 PATCH_JUMP(p, pkeyjmp, keyjmp);
360 PATCH_JUMP(p, pskipdk, skipdk);
362 return PROGRAM_FINALIZE(p);
366 * cnstr_shdsc_hmac - HMAC shared
367 * @descbuf: pointer to descriptor-under-construction buffer
368 * @ps: if 36/40bit addressing is desired, this parameter must be true
369 * @swap: must be true when core endianness doesn't match SEC endianness
370 * @share: sharing type of shared descriptor
371 * @authdata: pointer to authentication transform definitions;
372 * message digest algorithm: OP_ALG_ALGSEL_MD5/ SHA1-512.
373 * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
374 * is needed for all the packets processed by this shared descriptor
375 * @trunc_len: Length of the truncated ICV to be written in the output buffer, 0
376 * if no truncation is needed
378 * Note: There's no support for keys longer than the block size of the
379 * underlying hash function, according to the selected algorithm.
381 * Return: size of descriptor written in words or negative number on error
384 cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
385 enum rta_share_type share,
386 struct alginfo *authdata, uint8_t do_icv,
390 struct program *p = &prg;
391 uint8_t storelen, opicv, dir;
395 REFERENCE(pjmpprecomp);
397 /* Compute fixed-size store based on alg selection */
398 switch (authdata->algtype) {
399 case OP_ALG_ALGSEL_MD5:
402 case OP_ALG_ALGSEL_SHA1:
405 case OP_ALG_ALGSEL_SHA224:
408 case OP_ALG_ALGSEL_SHA256:
411 case OP_ALG_ALGSEL_SHA384:
414 case OP_ALG_ALGSEL_SHA512:
421 trunc_len = trunc_len && (trunc_len < storelen) ? trunc_len : storelen;
423 opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
424 dir = do_icv ? DIR_DEC : DIR_ENC;
426 PROGRAM_CNTXT_INIT(p, descbuf, 0);
428 PROGRAM_SET_BSWAP(p);
430 PROGRAM_SET_36BIT_ADDR(p);
431 SHR_HDR(p, share, 1, SC);
433 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
434 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
435 INLINE_KEY(authdata));
438 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
439 OP_ALG_AS_INITFINAL, opicv, dir);
441 pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
442 SET_LABEL(p, keyjmp);
444 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
445 OP_ALG_AS_INITFINAL, opicv, dir);
447 SET_LABEL(p, jmpprecomp);
449 /* compute sequences */
450 if (opicv == ICV_CHECK_ENABLE)
451 MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
453 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
455 /* Do load (variable length) */
456 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
458 if (opicv == ICV_CHECK_ENABLE)
459 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
461 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
463 PATCH_JUMP(p, pkeyjmp, keyjmp);
464 PATCH_JUMP(p, pjmpprecomp, jmpprecomp);
466 return PROGRAM_FINALIZE(p);
470 * cnstr_shdsc_kasumi_f8 - KASUMI F8 (Confidentiality) as a shared descriptor
471 * (ETSI "Document 1: f8 and f9 specification")
472 * @descbuf: pointer to descriptor-under-construction buffer
473 * @ps: if 36/40bit addressing is desired, this parameter must be true
474 * @swap: must be true when core endianness doesn't match SEC endianness
475 * @cipherdata: pointer to block cipher transform definitions
476 * @dir: cipher direction (DIR_ENC/DIR_DEC)
477 * @count: count value (32 bits)
478 * @bearer: bearer ID (5 bits)
479 * @direction: direction (1 bit)
481 * Return: size of descriptor written in words or negative number on error
484 cnstr_shdsc_kasumi_f8(uint32_t *descbuf, bool ps, bool swap,
485 struct alginfo *cipherdata, uint8_t dir)
488 struct program *p = &prg;
490 PROGRAM_CNTXT_INIT(p, descbuf, 0);
492 PROGRAM_SET_BSWAP(p);
494 PROGRAM_SET_36BIT_ADDR(p);
495 SHR_HDR(p, SHR_ALWAYS, 1, 0);
497 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
498 cipherdata->keylen, INLINE_KEY(cipherdata));
499 SEQLOAD(p, CONTEXT1, 0, 8, 0);
500 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
501 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
502 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F8,
503 OP_ALG_AS_INITFINAL, 0, dir);
504 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
505 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
507 return PROGRAM_FINALIZE(p);
511 * cnstr_shdsc_kasumi_f9 - KASUMI F9 (Integrity) as a shared descriptor
512 * (ETSI "Document 1: f8 and f9 specification")
513 * @descbuf: pointer to descriptor-under-construction buffer
514 * @ps: if 36/40bit addressing is desired, this parameter must be true
515 * @swap: must be true when core endianness doesn't match SEC endianness
516 * @authdata: pointer to authentication transform definitions
517 * @chk_icv: check or generate ICV value
518 * @authlen: size of digest
520 * Return: size of descriptor written in words or negative number on error
523 cnstr_shdsc_kasumi_f9(uint32_t *descbuf, bool ps, bool swap,
524 struct alginfo *authdata, uint8_t chk_icv,
528 struct program *p = &prg;
529 int dir = chk_icv ? DIR_DEC : DIR_ENC;
531 PROGRAM_CNTXT_INIT(p, descbuf, 0);
533 PROGRAM_SET_BSWAP(p);
536 PROGRAM_SET_36BIT_ADDR(p);
538 SHR_HDR(p, SHR_ALWAYS, 1, 0);
540 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
541 authdata->keylen, INLINE_KEY(authdata));
543 SEQLOAD(p, CONTEXT2, 0, 12, 0);
545 if (chk_icv == ICV_CHECK_ENABLE)
546 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
548 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
550 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F9,
551 OP_ALG_AS_INITFINAL, chk_icv, dir);
553 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
555 if (chk_icv == ICV_CHECK_ENABLE)
556 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
558 /* Save lower half of MAC out into a 32-bit sequence */
559 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
561 return PROGRAM_FINALIZE(p);
565 * cnstr_shdsc_crc - CRC32 Accelerator (IEEE 802 CRC32 protocol mode)
566 * @descbuf: pointer to descriptor-under-construction buffer
567 * @swap: must be true when core endianness doesn't match SEC endianness
569 * Return: size of descriptor written in words or negative number on error
572 cnstr_shdsc_crc(uint32_t *descbuf, bool swap)
575 struct program *p = &prg;
577 PROGRAM_CNTXT_INIT(p, descbuf, 0);
579 PROGRAM_SET_BSWAP(p);
581 SHR_HDR(p, SHR_ALWAYS, 1, 0);
583 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
584 ALG_OPERATION(p, OP_ALG_ALGSEL_CRC,
585 OP_ALG_AAI_802 | OP_ALG_AAI_DOC,
586 OP_ALG_AS_FINALIZE, 0, DIR_ENC);
587 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
588 SEQSTORE(p, CONTEXT2, 0, 4, 0);
590 return PROGRAM_FINALIZE(p);
594 * cnstr_shdsc_gcm_encap - AES-GCM encap as a shared descriptor
595 * @descbuf: pointer to descriptor-under-construction buffer
596 * @ps: if 36/40bit addressing is desired, this parameter must be true
597 * @swap: must be true when core endianness doesn't match SEC endianness
598 * @share: sharing type of shared descriptor
599 * @cipherdata: pointer to block cipher transform definitions
600 * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with
602 * @ivlen: Initialization vector length
603 * @icvsize: integrity check value (ICV) size (truncated or full)
605 * Return: size of descriptor written in words or negative number on error
608 cnstr_shdsc_gcm_encap(uint32_t *descbuf, bool ps, bool swap,
609 enum rta_share_type share,
610 struct alginfo *cipherdata,
611 uint32_t ivlen, uint32_t icvsize)
614 struct program *p = &prg;
617 LABEL(zeroassocjump2);
618 LABEL(zeroassocjump1);
619 LABEL(zeropayloadjump);
621 REFERENCE(pzeroassocjump2);
622 REFERENCE(pzeroassocjump1);
623 REFERENCE(pzeropayloadjump);
625 PROGRAM_CNTXT_INIT(p, descbuf, 0);
628 PROGRAM_SET_BSWAP(p);
630 PROGRAM_SET_36BIT_ADDR(p);
632 SHR_HDR(p, share, 1, SC);
634 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SELF | SHRD);
636 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
637 cipherdata->keylen, INLINE_KEY(cipherdata));
639 SET_LABEL(p, keyjmp);
641 /* class 1 operation */
642 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
643 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, DIR_ENC);
645 MATHB(p, DPOVRD, AND, 0x7fffffff, MATH3, 4, IMMED2);
647 /* if assoclen + cryptlen is ZERO, skip to ICV write */
648 MATHB(p, SEQINSZ, SUB, ivlen, VSEQOUTSZ, 4, IMMED2);
649 pzeroassocjump2 = JUMP(p, zeroassocjump2, LOCAL_JUMP, ALL_TRUE, MATH_Z);
651 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1);
653 /* if assoclen is ZERO, skip reading the assoc data */
654 MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
655 pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
657 /* cryptlen = seqinlen - assoclen */
658 MATHB(p, SEQINSZ, SUB, MATH3, VSEQOUTSZ, 4, 0);
660 /* if cryptlen is ZERO jump to zero-payload commands */
661 pzeropayloadjump = JUMP(p, zeropayloadjump, LOCAL_JUMP, ALL_TRUE,
664 /* read assoc data */
665 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);
666 SET_LABEL(p, zeroassocjump1);
668 MATHB(p, SEQINSZ, SUB, MATH0, VSEQINSZ, 4, 0);
670 /* write encrypted data */
671 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
673 /* read payload data */
674 SEQFIFOLOAD(p, MSG1, 0, CLASS1 | VLF | LAST1);
676 /* jump the zero-payload commands */
677 JUMP(p, 4, LOCAL_JUMP, ALL_TRUE, 0);
679 /* zero-payload commands */
680 SET_LABEL(p, zeropayloadjump);
682 /* read assoc data */
683 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | LAST1);
685 JUMP(p, 2, LOCAL_JUMP, ALL_TRUE, 0);
687 /* There is no input data */
688 SET_LABEL(p, zeroassocjump2);
690 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1 | LAST1);
693 SEQSTORE(p, CONTEXT1, 0, icvsize, 0);
695 PATCH_JUMP(p, pkeyjmp, keyjmp);
696 PATCH_JUMP(p, pzeroassocjump2, zeroassocjump2);
697 PATCH_JUMP(p, pzeroassocjump1, zeroassocjump1);
698 PATCH_JUMP(p, pzeropayloadjump, zeropayloadjump);
700 return PROGRAM_FINALIZE(p);
704 * cnstr_shdsc_gcm_decap - AES-GCM decap as a shared descriptor
705 * @descbuf: pointer to descriptor-under-construction buffer
706 * @ps: if 36/40bit addressing is desired, this parameter must be true
707 * @swap: must be true when core endianness doesn't match SEC endianness
708 * @share: sharing type of shared descriptor
709 * @cipherdata: pointer to block cipher transform definitions
710 * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with
712 * @icvsize: integrity check value (ICV) size (truncated or full)
714 * Return: size of descriptor written in words or negative number on error
717 cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
718 enum rta_share_type share,
719 struct alginfo *cipherdata,
720 uint32_t ivlen, uint32_t icvsize)
723 struct program *p = &prg;
726 LABEL(zeroassocjump1);
727 LABEL(zeropayloadjump);
729 REFERENCE(pzeroassocjump1);
730 REFERENCE(pzeropayloadjump);
732 PROGRAM_CNTXT_INIT(p, descbuf, 0);
735 PROGRAM_SET_BSWAP(p);
737 PROGRAM_SET_36BIT_ADDR(p);
739 SHR_HDR(p, share, 1, SC);
741 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SELF | SHRD);
743 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
744 cipherdata->keylen, INLINE_KEY(cipherdata));
746 SET_LABEL(p, keyjmp);
748 /* class 1 operation */
749 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
750 OP_ALG_AS_INITFINAL, ICV_CHECK_ENABLE, DIR_DEC);
752 MATHB(p, DPOVRD, AND, 0x7fffffff, MATH3, 4, IMMED2);
753 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1);
755 /* if assoclen is ZERO, skip reading the assoc data */
756 MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
757 pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
759 /* read assoc data */
760 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);
762 SET_LABEL(p, zeroassocjump1);
764 /* cryptlen = seqoutlen - assoclen */
765 MATHB(p, SEQOUTSZ, SUB, MATH0, VSEQINSZ, 4, 0);
767 /* jump to zero-payload command if cryptlen is zero */
768 pzeropayloadjump = JUMP(p, zeropayloadjump, LOCAL_JUMP, ALL_TRUE,
771 MATHB(p, SEQOUTSZ, SUB, MATH0, VSEQOUTSZ, 4, 0);
773 /* store encrypted data */
774 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
776 /* read payload data */
777 SEQFIFOLOAD(p, MSG1, 0, CLASS1 | VLF | FLUSH1);
779 /* zero-payload command */
780 SET_LABEL(p, zeropayloadjump);
783 SEQFIFOLOAD(p, ICV1, icvsize, CLASS1 | LAST1);
785 PATCH_JUMP(p, pkeyjmp, keyjmp);
786 PATCH_JUMP(p, pzeroassocjump1, zeroassocjump1);
787 PATCH_JUMP(p, pzeropayloadjump, zeropayloadjump);
789 return PROGRAM_FINALIZE(p);
792 #endif /* __DESC_ALGO_H__ */