1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016,2019-2021 NXP
8 #ifndef __DESC_ALGO_H__
9 #define __DESC_ALGO_H__
15 * DOC: Algorithms - Shared Descriptor Constructors
17 * Shared descriptors for algorithms (i.e. not for protocols).
21 * cnstr_shdsc_zuce - ZUC Enc (EEA2) as a shared descriptor
22 * @descbuf: pointer to descriptor-under-construction buffer
23 * @ps: if 36/40bit addressing is desired, this parameter must be true
24 * @swap: must be true when core endianness doesn't match SEC endianness
25 * @cipherdata: pointer to block cipher transform definitions
26 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
28 * Return: size of descriptor written in words or negative number on error
31 cnstr_shdsc_zuce(uint32_t *descbuf, bool ps, bool swap,
32 struct alginfo *cipherdata, uint8_t dir)
35 struct program *p = &prg;
37 PROGRAM_CNTXT_INIT(p, descbuf, 0);
42 PROGRAM_SET_36BIT_ADDR(p);
43 SHR_HDR(p, SHR_ALWAYS, 1, 0);
45 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
46 cipherdata->keylen, INLINE_KEY(cipherdata));
48 SEQLOAD(p, CONTEXT1, 0, 16, 0);
50 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
51 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
52 ALG_OPERATION(p, OP_ALG_ALGSEL_ZUCE, OP_ALG_AAI_F8,
53 OP_ALG_AS_INITFINAL, 0, dir);
54 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
55 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
57 return PROGRAM_FINALIZE(p);
61 * cnstr_shdsc_zuca - ZUC Auth (EIA2) as a shared descriptor
62 * @descbuf: pointer to descriptor-under-construction buffer
63 * @ps: if 36/40bit addressing is desired, this parameter must be true
64 * @swap: must be true when core endianness doesn't match SEC endianness
65 * @authdata: pointer to authentication transform definitions
66 * @chk_icv: Whether to compare and verify ICV (true/false)
67 * @authlen: size of digest
69 * The IV prepended before hmac payload must be 8 bytes consisting
70 * of COUNT||BEAERER||DIR. The COUNT is of 32-bits, bearer is of 5 bits and
71 * direction is of 1 bit - totalling to 38 bits.
73 * Return: size of descriptor written in words or negative number on error
76 cnstr_shdsc_zuca(uint32_t *descbuf, bool ps, bool swap,
77 struct alginfo *authdata, uint8_t chk_icv,
81 struct program *p = &prg;
82 int dir = chk_icv ? DIR_DEC : DIR_ENC;
84 PROGRAM_CNTXT_INIT(p, descbuf, 0);
89 PROGRAM_SET_36BIT_ADDR(p);
90 SHR_HDR(p, SHR_ALWAYS, 1, 0);
92 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
93 authdata->keylen, INLINE_KEY(authdata));
95 SEQLOAD(p, CONTEXT2, 0, 8, 0);
97 if (chk_icv == ICV_CHECK_ENABLE)
98 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
100 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
102 ALG_OPERATION(p, OP_ALG_ALGSEL_ZUCA, OP_ALG_AAI_F9,
103 OP_ALG_AS_INITFINAL, chk_icv, dir);
105 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
107 if (chk_icv == ICV_CHECK_ENABLE)
108 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
110 /* Save lower half of MAC out into a 32-bit sequence */
111 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
113 return PROGRAM_FINALIZE(p);
118 * cnstr_shdsc_snow_f8 - SNOW/f8 (UEA2) as a shared descriptor
119 * @descbuf: pointer to descriptor-under-construction buffer
120 * @ps: if 36/40bit addressing is desired, this parameter must be true
121 * @swap: must be true when core endianness doesn't match SEC endianness
122 * @cipherdata: pointer to block cipher transform definitions
123 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
125 * Return: size of descriptor written in words or negative number on error
128 cnstr_shdsc_snow_f8(uint32_t *descbuf, bool ps, bool swap,
129 struct alginfo *cipherdata, uint8_t dir)
132 struct program *p = &prg;
134 PROGRAM_CNTXT_INIT(p, descbuf, 0);
136 PROGRAM_SET_BSWAP(p);
139 PROGRAM_SET_36BIT_ADDR(p);
140 SHR_HDR(p, SHR_ALWAYS, 1, 0);
142 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
143 cipherdata->keylen, INLINE_KEY(cipherdata));
145 SEQLOAD(p, CONTEXT1, 0, 16, 0);
147 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
148 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
149 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F8, OP_ALG_AAI_F8,
150 OP_ALG_AS_INITFINAL, 0, dir);
151 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
152 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
154 return PROGRAM_FINALIZE(p);
158 * conv_to_zuc_eia_iv - ZUCA IV 16-byte to 8-byte convert
160 * @iv: 16 bytes of original IV data.
162 * From the original IV, we extract 32-bits of COUNT,
163 * 5-bits of bearer and 1-bit of direction.
164 * Refer to CAAM refman for ZUCA IV format. Then these values are
165 * appended as COUNT||BEARER||DIR continuously to make a 38-bit block.
166 * This 38-bit block is copied left justified into 8-byte array used as
169 * Return: 8-bytes of IV data as understood by SEC HW
172 static inline uint8_t *conv_to_zuc_eia_iv(uint8_t *iv)
174 uint8_t dir = (iv[14] & 0x80) ? 4 : 0;
176 iv[12] = iv[4] | dir;
190 * conv_to_snow_f9_iv - SNOW/f9 (UIA2) IV 16 byte to 12 byte convert
192 * @iv: 16 byte original IV data
194 * Return: 12 byte IV data as understood by SEC HW
197 static inline uint8_t *conv_to_snow_f9_iv(uint8_t *iv)
199 uint8_t temp = (iv[8] == iv[0]) ? 0 : 4;
220 * cnstr_shdsc_snow_f9 - SNOW/f9 (UIA2) as a shared descriptor
221 * @descbuf: pointer to descriptor-under-construction buffer
222 * @ps: if 36/40bit addressing is desired, this parameter must be true
223 * @swap: must be true when core endianness doesn't match SEC endianness
224 * @authdata: pointer to authentication transform definitions
225 * @chk_icv: check or generate ICV value
226 * @authlen: size of digest
228 * Return: size of descriptor written in words or negative number on error
231 cnstr_shdsc_snow_f9(uint32_t *descbuf, bool ps, bool swap,
232 struct alginfo *authdata, uint8_t chk_icv,
236 struct program *p = &prg;
237 int dir = chk_icv ? DIR_DEC : DIR_ENC;
239 PROGRAM_CNTXT_INIT(p, descbuf, 0);
241 PROGRAM_SET_BSWAP(p);
244 PROGRAM_SET_36BIT_ADDR(p);
246 SHR_HDR(p, SHR_ALWAYS, 1, 0);
248 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
249 authdata->keylen, INLINE_KEY(authdata));
251 SEQLOAD(p, CONTEXT2, 0, 12, 0);
253 if (chk_icv == ICV_CHECK_ENABLE)
254 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
256 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
258 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F9, OP_ALG_AAI_F9,
259 OP_ALG_AS_INITFINAL, chk_icv, dir);
261 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
263 if (chk_icv == ICV_CHECK_ENABLE)
264 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
266 /* Save lower half of MAC out into a 32-bit sequence */
267 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
269 return PROGRAM_FINALIZE(p);
273 * cnstr_shdsc_blkcipher - block cipher transformation
274 * @descbuf: pointer to descriptor-under-construction buffer
275 * @ps: if 36/40bit addressing is desired, this parameter must be true
276 * @swap: must be true when core endianness doesn't match SEC endianness
277 * @share: sharing type of shared descriptor
278 * @cipherdata: pointer to block cipher transform definitions
279 * Valid algorithm values one of OP_ALG_ALGSEL_* {DES, 3DES, AES}
281 * AES: OP_ALG_AAI_* {CBC, CTR}
282 * DES, 3DES: OP_ALG_AAI_CBC
283 * @iv: IV data; if NULL, "ivlen" bytes from the input frame will be read as IV
285 * @dir: DIR_ENC/DIR_DEC
287 * Return: size of descriptor written in words or negative number on error
290 cnstr_shdsc_blkcipher(uint32_t *descbuf, bool ps, bool swap,
291 enum rta_share_type share,
292 struct alginfo *cipherdata,
293 uint32_t ivlen, uint8_t dir)
296 struct program *p = &prg;
297 uint32_t iv_off = 0, counter;
298 const bool need_dk = (dir == DIR_DEC) &&
299 (cipherdata->algtype == OP_ALG_ALGSEL_AES) &&
300 (cipherdata->algmode == OP_ALG_AAI_CBC);
306 PROGRAM_CNTXT_INIT(p, descbuf, 0);
308 PROGRAM_SET_BSWAP(p);
310 PROGRAM_SET_36BIT_ADDR(p);
311 SHR_HDR(p, share, 1, SC);
313 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
315 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
316 cipherdata->keylen, INLINE_KEY(cipherdata));
319 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
320 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
322 pskipdk = JUMP(p, skipdk, LOCAL_JUMP, ALL_TRUE, 0);
324 SET_LABEL(p, keyjmp);
327 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, cipherdata->algmode |
328 OP_ALG_AAI_DK, OP_ALG_AS_INITFINAL,
329 ICV_CHECK_DISABLE, dir);
330 SET_LABEL(p, skipdk);
332 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
333 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
336 if (cipherdata->algmode == OP_ALG_AAI_CTR)
339 /* IV is present first before the actual message */
340 SEQLOAD(p, CONTEXT1, iv_off, ivlen, 0);
342 /* If IV len is less than 16 bytes, set 'counter' as 1 */
343 if (cipherdata->algmode == OP_ALG_AAI_CTR && ivlen < 16) {
348 LOAD(p, counter, CONTEXT1, (iv_off + ivlen), 16 - ivlen, IMMED);
351 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
352 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
354 /* Insert sequence load/store with VLF */
355 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
356 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
358 PATCH_JUMP(p, pkeyjmp, keyjmp);
360 PATCH_JUMP(p, pskipdk, skipdk);
362 return PROGRAM_FINALIZE(p);
366 * cnstr_shdsc_hmac - HMAC shared
367 * @descbuf: pointer to descriptor-under-construction buffer
368 * @ps: if 36/40bit addressing is desired, this parameter must be true
369 * @swap: must be true when core endianness doesn't match SEC endianness
370 * @share: sharing type of shared descriptor
371 * @authdata: pointer to authentication transform definitions;
372 * message digest algorithm: OP_ALG_ALGSEL_MD5/ SHA1-512.
373 * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
374 * is needed for all the packets processed by this shared descriptor
375 * @trunc_len: Length of the truncated ICV to be written in the output buffer, 0
376 * if no truncation is needed
378 * Note: There's no support for keys longer than the block size of the
379 * underlying hash function, according to the selected algorithm.
381 * Return: size of descriptor written in words or negative number on error
384 cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
385 enum rta_share_type share,
386 struct alginfo *authdata, uint8_t do_icv,
390 struct program *p = &prg;
391 uint8_t storelen, opicv, dir;
395 REFERENCE(pjmpprecomp);
397 /* Compute fixed-size store based on alg selection */
398 switch (authdata->algtype) {
399 case OP_ALG_ALGSEL_MD5:
402 case OP_ALG_ALGSEL_SHA1:
405 case OP_ALG_ALGSEL_SHA224:
408 case OP_ALG_ALGSEL_SHA256:
411 case OP_ALG_ALGSEL_SHA384:
414 case OP_ALG_ALGSEL_SHA512:
421 trunc_len = trunc_len && (trunc_len < storelen) ? trunc_len : storelen;
423 opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
424 dir = do_icv ? DIR_DEC : DIR_ENC;
426 PROGRAM_CNTXT_INIT(p, descbuf, 0);
428 PROGRAM_SET_BSWAP(p);
430 PROGRAM_SET_36BIT_ADDR(p);
431 SHR_HDR(p, share, 1, SC);
433 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
434 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
435 INLINE_KEY(authdata));
438 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
439 OP_ALG_AS_INITFINAL, opicv, dir);
441 pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
442 SET_LABEL(p, keyjmp);
444 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
445 OP_ALG_AS_INITFINAL, opicv, dir);
447 SET_LABEL(p, jmpprecomp);
449 /* compute sequences */
450 if (opicv == ICV_CHECK_ENABLE)
451 MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
453 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
455 /* Do load (variable length) */
456 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
458 if (opicv == ICV_CHECK_ENABLE)
459 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
461 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
463 PATCH_JUMP(p, pkeyjmp, keyjmp);
464 PATCH_JUMP(p, pjmpprecomp, jmpprecomp);
466 return PROGRAM_FINALIZE(p);
470 * cnstr_shdsc_hash - HASH shared
471 * @descbuf: pointer to descriptor-under-construction buffer
472 * @ps: if 36/40bit addressing is desired, this parameter must be true
473 * @swap: must be true when core endianness doesn't match SEC endianness
474 * @share: sharing type of shared descriptor
475 * @authdata: pointer to authentication transform definitions;
476 * message digest algorithm: OP_ALG_ALGSEL_MD5/ SHA1-512.
477 * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
478 * is needed for all the packets processed by this shared descriptor
479 * @trunc_len: Length of the truncated ICV to be written in the output buffer, 0
480 * if no truncation is needed
482 * Note: There's no support for keys longer than the block size of the
483 * underlying hash function, according to the selected algorithm.
485 * Return: size of descriptor written in words or negative number on error
488 cnstr_shdsc_hash(uint32_t *descbuf, bool ps, bool swap,
489 enum rta_share_type share,
490 struct alginfo *authdata, uint8_t do_icv,
494 struct program *p = &prg;
495 uint8_t storelen, opicv, dir;
497 /* Compute fixed-size store based on alg selection */
498 switch (authdata->algtype) {
499 case OP_ALG_ALGSEL_MD5:
502 case OP_ALG_ALGSEL_SHA1:
505 case OP_ALG_ALGSEL_SHA224:
508 case OP_ALG_ALGSEL_SHA256:
511 case OP_ALG_ALGSEL_SHA384:
514 case OP_ALG_ALGSEL_SHA512:
521 trunc_len = trunc_len && (trunc_len < storelen) ? trunc_len : storelen;
523 opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
524 dir = do_icv ? DIR_DEC : DIR_ENC;
526 PROGRAM_CNTXT_INIT(p, descbuf, 0);
528 PROGRAM_SET_BSWAP(p);
530 PROGRAM_SET_36BIT_ADDR(p);
531 SHR_HDR(p, share, 1, SC);
534 /* compute sequences */
535 if (opicv == ICV_CHECK_ENABLE)
536 MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
538 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
540 ALG_OPERATION(p, authdata->algtype,
542 OP_ALG_AS_INITFINAL, opicv, dir);
543 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
545 if (opicv == ICV_CHECK_ENABLE)
546 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
548 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
550 return PROGRAM_FINALIZE(p);
554 * cnstr_shdsc_kasumi_f8 - KASUMI F8 (Confidentiality) as a shared descriptor
555 * (ETSI "Document 1: f8 and f9 specification")
556 * @descbuf: pointer to descriptor-under-construction buffer
557 * @ps: if 36/40bit addressing is desired, this parameter must be true
558 * @swap: must be true when core endianness doesn't match SEC endianness
559 * @cipherdata: pointer to block cipher transform definitions
560 * @dir: cipher direction (DIR_ENC/DIR_DEC)
561 * @count: count value (32 bits)
562 * @bearer: bearer ID (5 bits)
563 * @direction: direction (1 bit)
565 * Return: size of descriptor written in words or negative number on error
568 cnstr_shdsc_kasumi_f8(uint32_t *descbuf, bool ps, bool swap,
569 struct alginfo *cipherdata, uint8_t dir)
572 struct program *p = &prg;
574 PROGRAM_CNTXT_INIT(p, descbuf, 0);
576 PROGRAM_SET_BSWAP(p);
578 PROGRAM_SET_36BIT_ADDR(p);
579 SHR_HDR(p, SHR_ALWAYS, 1, 0);
581 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
582 cipherdata->keylen, INLINE_KEY(cipherdata));
583 SEQLOAD(p, CONTEXT1, 0, 8, 0);
584 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
585 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
586 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F8,
587 OP_ALG_AS_INITFINAL, 0, dir);
588 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
589 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
591 return PROGRAM_FINALIZE(p);
595 * cnstr_shdsc_kasumi_f9 - KASUMI F9 (Integrity) as a shared descriptor
596 * (ETSI "Document 1: f8 and f9 specification")
597 * @descbuf: pointer to descriptor-under-construction buffer
598 * @ps: if 36/40bit addressing is desired, this parameter must be true
599 * @swap: must be true when core endianness doesn't match SEC endianness
600 * @authdata: pointer to authentication transform definitions
601 * @chk_icv: check or generate ICV value
602 * @authlen: size of digest
604 * Return: size of descriptor written in words or negative number on error
607 cnstr_shdsc_kasumi_f9(uint32_t *descbuf, bool ps, bool swap,
608 struct alginfo *authdata, uint8_t chk_icv,
612 struct program *p = &prg;
613 int dir = chk_icv ? DIR_DEC : DIR_ENC;
615 PROGRAM_CNTXT_INIT(p, descbuf, 0);
617 PROGRAM_SET_BSWAP(p);
620 PROGRAM_SET_36BIT_ADDR(p);
622 SHR_HDR(p, SHR_ALWAYS, 1, 0);
624 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
625 authdata->keylen, INLINE_KEY(authdata));
627 SEQLOAD(p, CONTEXT2, 0, 12, 0);
629 if (chk_icv == ICV_CHECK_ENABLE)
630 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
632 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
634 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F9,
635 OP_ALG_AS_INITFINAL, chk_icv, dir);
637 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
639 if (chk_icv == ICV_CHECK_ENABLE)
640 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
642 /* Save lower half of MAC out into a 32-bit sequence */
643 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
645 return PROGRAM_FINALIZE(p);
649 * cnstr_shdsc_crc - CRC32 Accelerator (IEEE 802 CRC32 protocol mode)
650 * @descbuf: pointer to descriptor-under-construction buffer
651 * @swap: must be true when core endianness doesn't match SEC endianness
653 * Return: size of descriptor written in words or negative number on error
656 cnstr_shdsc_crc(uint32_t *descbuf, bool swap)
659 struct program *p = &prg;
661 PROGRAM_CNTXT_INIT(p, descbuf, 0);
663 PROGRAM_SET_BSWAP(p);
665 SHR_HDR(p, SHR_ALWAYS, 1, 0);
667 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
668 ALG_OPERATION(p, OP_ALG_ALGSEL_CRC,
669 OP_ALG_AAI_802 | OP_ALG_AAI_DOC,
670 OP_ALG_AS_FINALIZE, 0, DIR_ENC);
671 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
672 SEQSTORE(p, CONTEXT2, 0, 4, 0);
674 return PROGRAM_FINALIZE(p);
678 * cnstr_shdsc_gcm_encap - AES-GCM encap as a shared descriptor
679 * @descbuf: pointer to descriptor-under-construction buffer
680 * @ps: if 36/40bit addressing is desired, this parameter must be true
681 * @swap: must be true when core endianness doesn't match SEC endianness
682 * @share: sharing type of shared descriptor
683 * @cipherdata: pointer to block cipher transform definitions
684 * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with
686 * @ivlen: Initialization vector length
687 * @icvsize: integrity check value (ICV) size (truncated or full)
689 * Return: size of descriptor written in words or negative number on error
692 cnstr_shdsc_gcm_encap(uint32_t *descbuf, bool ps, bool swap,
693 enum rta_share_type share,
694 struct alginfo *cipherdata,
695 uint32_t ivlen, uint32_t icvsize)
698 struct program *p = &prg;
701 LABEL(zeroassocjump2);
702 LABEL(zeroassocjump1);
703 LABEL(zeropayloadjump);
705 REFERENCE(pzeroassocjump2);
706 REFERENCE(pzeroassocjump1);
707 REFERENCE(pzeropayloadjump);
709 PROGRAM_CNTXT_INIT(p, descbuf, 0);
712 PROGRAM_SET_BSWAP(p);
714 PROGRAM_SET_36BIT_ADDR(p);
716 SHR_HDR(p, share, 1, SC);
718 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SELF | SHRD);
720 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
721 cipherdata->keylen, INLINE_KEY(cipherdata));
723 SET_LABEL(p, keyjmp);
725 /* class 1 operation */
726 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
727 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, DIR_ENC);
729 MATHB(p, DPOVRD, AND, 0x7fffffff, MATH3, 4, IMMED2);
731 /* if assoclen + cryptlen is ZERO, skip to ICV write */
732 MATHB(p, SEQINSZ, SUB, ivlen, VSEQOUTSZ, 4, IMMED2);
733 pzeroassocjump2 = JUMP(p, zeroassocjump2, LOCAL_JUMP, ALL_TRUE, MATH_Z);
735 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1);
737 /* if assoclen is ZERO, skip reading the assoc data */
738 MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
739 pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
741 /* cryptlen = seqinlen - assoclen */
742 MATHB(p, SEQINSZ, SUB, MATH3, VSEQOUTSZ, 4, 0);
744 /* if cryptlen is ZERO jump to zero-payload commands */
745 pzeropayloadjump = JUMP(p, zeropayloadjump, LOCAL_JUMP, ALL_TRUE,
748 /* read assoc data */
749 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);
750 SET_LABEL(p, zeroassocjump1);
752 MATHB(p, SEQINSZ, SUB, MATH0, VSEQINSZ, 4, 0);
754 /* write encrypted data */
755 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
757 /* read payload data */
758 SEQFIFOLOAD(p, MSG1, 0, CLASS1 | VLF | LAST1);
760 /* jump the zero-payload commands */
761 JUMP(p, 4, LOCAL_JUMP, ALL_TRUE, 0);
763 /* zero-payload commands */
764 SET_LABEL(p, zeropayloadjump);
766 /* read assoc data */
767 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | LAST1);
769 JUMP(p, 2, LOCAL_JUMP, ALL_TRUE, 0);
771 /* There is no input data */
772 SET_LABEL(p, zeroassocjump2);
774 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1 | LAST1);
777 SEQSTORE(p, CONTEXT1, 0, icvsize, 0);
779 PATCH_JUMP(p, pkeyjmp, keyjmp);
780 PATCH_JUMP(p, pzeroassocjump2, zeroassocjump2);
781 PATCH_JUMP(p, pzeroassocjump1, zeroassocjump1);
782 PATCH_JUMP(p, pzeropayloadjump, zeropayloadjump);
784 return PROGRAM_FINALIZE(p);
788 * cnstr_shdsc_gcm_decap - AES-GCM decap as a shared descriptor
789 * @descbuf: pointer to descriptor-under-construction buffer
790 * @ps: if 36/40bit addressing is desired, this parameter must be true
791 * @swap: must be true when core endianness doesn't match SEC endianness
792 * @share: sharing type of shared descriptor
793 * @cipherdata: pointer to block cipher transform definitions
794 * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with
796 * @icvsize: integrity check value (ICV) size (truncated or full)
798 * Return: size of descriptor written in words or negative number on error
801 cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
802 enum rta_share_type share,
803 struct alginfo *cipherdata,
804 uint32_t ivlen, uint32_t icvsize)
807 struct program *p = &prg;
810 LABEL(zeroassocjump1);
811 LABEL(zeropayloadjump);
813 REFERENCE(pzeroassocjump1);
814 REFERENCE(pzeropayloadjump);
816 PROGRAM_CNTXT_INIT(p, descbuf, 0);
819 PROGRAM_SET_BSWAP(p);
821 PROGRAM_SET_36BIT_ADDR(p);
823 SHR_HDR(p, share, 1, SC);
825 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SELF | SHRD);
827 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
828 cipherdata->keylen, INLINE_KEY(cipherdata));
830 SET_LABEL(p, keyjmp);
832 /* class 1 operation */
833 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
834 OP_ALG_AS_INITFINAL, ICV_CHECK_ENABLE, DIR_DEC);
836 MATHB(p, DPOVRD, AND, 0x7fffffff, MATH3, 4, IMMED2);
837 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1);
839 /* if assoclen is ZERO, skip reading the assoc data */
840 MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
841 pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
843 /* read assoc data */
844 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);
846 SET_LABEL(p, zeroassocjump1);
848 /* cryptlen = seqoutlen - assoclen */
849 MATHB(p, SEQOUTSZ, SUB, MATH0, VSEQINSZ, 4, 0);
851 /* jump to zero-payload command if cryptlen is zero */
852 pzeropayloadjump = JUMP(p, zeropayloadjump, LOCAL_JUMP, ALL_TRUE,
855 MATHB(p, SEQOUTSZ, SUB, MATH0, VSEQOUTSZ, 4, 0);
857 /* store encrypted data */
858 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
860 /* read payload data */
861 SEQFIFOLOAD(p, MSG1, 0, CLASS1 | VLF | FLUSH1);
863 /* zero-payload command */
864 SET_LABEL(p, zeropayloadjump);
867 SEQFIFOLOAD(p, ICV1, icvsize, CLASS1 | LAST1);
869 PATCH_JUMP(p, pkeyjmp, keyjmp);
870 PATCH_JUMP(p, pzeroassocjump1, zeroassocjump1);
871 PATCH_JUMP(p, pzeropayloadjump, zeropayloadjump);
873 return PROGRAM_FINALIZE(p);
877 * cnstr_shdsc_aes_mac - AES_XCBC_MAC, CMAC cases
878 * @descbuf: pointer to descriptor-under-construction buffer
879 * @ps: if 36/40bit addressing is desired, this parameter must be true
880 * @swap: must be true when core endianness doesn't match SEC endianness
881 * @share: sharing type of shared descriptor
882 * @authdata: pointer to authentication transform definitions;
883 * message digest algorithm: OP_ALG_ALGSEL_AES.
884 * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
885 * is needed for all the packets processed by this shared descriptor
886 * @trunc_len: Length of the truncated ICV to be written in the output buffer,
887 * 0 if no truncation is needed
889 * Note: There's no support for keys longer than the block size of the
890 * underlying hash function, according to the selected algorithm.
892 * Return: size of descriptor written in words or negative number on error
895 cnstr_shdsc_aes_mac(uint32_t *descbuf, bool ps, bool swap,
896 enum rta_share_type share,
897 struct alginfo *authdata, uint8_t do_icv,
901 struct program *p = &prg;
904 opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
905 dir = do_icv ? DIR_DEC : DIR_ENC;
907 PROGRAM_CNTXT_INIT(p, descbuf, 0);
909 PROGRAM_SET_BSWAP(p);
911 PROGRAM_SET_36BIT_ADDR(p);
912 SHR_HDR(p, share, 1, SC);
914 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
915 INLINE_KEY(authdata));
917 /* compute sequences */
918 if (opicv == ICV_CHECK_ENABLE)
919 MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
921 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
924 ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode,
925 OP_ALG_AS_INITFINAL, opicv, dir);
927 /* Do load (variable length) */
928 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
930 if (opicv == ICV_CHECK_ENABLE) {
931 LOAD(p, trunc_len, ICV2SZ, 0, 4, IMMED);
932 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
934 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
936 return PROGRAM_FINALIZE(p);
939 #endif /* __DESC_ALGO_H__ */