1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016,2019 NXP
8 #ifndef __DESC_ALGO_H__
9 #define __DESC_ALGO_H__
15 * DOC: Algorithms - Shared Descriptor Constructors
17 * Shared descriptors for algorithms (i.e. not for protocols).
21 * cnstr_shdsc_zuce - ZUC Enc (EEA2) as a shared descriptor
22 * @descbuf: pointer to descriptor-under-construction buffer
23 * @ps: if 36/40bit addressing is desired, this parameter must be true
24 * @swap: must be true when core endianness doesn't match SEC endianness
25 * @cipherdata: pointer to block cipher transform definitions
26 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
28 * Return: size of descriptor written in words or negative number on error
31 cnstr_shdsc_zuce(uint32_t *descbuf, bool ps, bool swap,
32 struct alginfo *cipherdata, uint8_t dir)
35 struct program *p = &prg;
37 PROGRAM_CNTXT_INIT(p, descbuf, 0);
42 PROGRAM_SET_36BIT_ADDR(p);
43 SHR_HDR(p, SHR_ALWAYS, 1, 0);
45 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
46 cipherdata->keylen, INLINE_KEY(cipherdata));
48 SEQLOAD(p, CONTEXT1, 0, 16, 0);
50 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
51 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
52 ALG_OPERATION(p, OP_ALG_ALGSEL_ZUCE, OP_ALG_AAI_F8,
53 OP_ALG_AS_INITFINAL, 0, dir);
54 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
55 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
57 return PROGRAM_FINALIZE(p);
61 * cnstr_shdsc_zuca - ZUC Auth (EIA2) as a shared descriptor
62 * @descbuf: pointer to descriptor-under-construction buffer
63 * @ps: if 36/40bit addressing is desired, this parameter must be true
64 * @swap: must be true when core endianness doesn't match SEC endianness
65 * @authdata: pointer to authentication transform definitions
66 * @chk_icv: Whether to compare and verify ICV (true/false)
67 * @authlen: size of digest
69 * The IV prepended before hmac payload must be 8 bytes consisting
70 * of COUNT||BEAERER||DIR. The COUNT is of 32-bits, bearer is of 5 bits and
71 * direction is of 1 bit - totalling to 38 bits.
73 * Return: size of descriptor written in words or negative number on error
76 cnstr_shdsc_zuca(uint32_t *descbuf, bool ps, bool swap,
77 struct alginfo *authdata, uint8_t chk_icv,
81 struct program *p = &prg;
82 int dir = chk_icv ? DIR_DEC : DIR_ENC;
84 PROGRAM_CNTXT_INIT(p, descbuf, 0);
89 PROGRAM_SET_36BIT_ADDR(p);
90 SHR_HDR(p, SHR_ALWAYS, 1, 0);
92 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
93 authdata->keylen, INLINE_KEY(authdata));
95 SEQLOAD(p, CONTEXT2, 0, 8, 0);
97 if (chk_icv == ICV_CHECK_ENABLE)
98 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
100 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
102 ALG_OPERATION(p, OP_ALG_ALGSEL_ZUCA, OP_ALG_AAI_F9,
103 OP_ALG_AS_INITFINAL, chk_icv, dir);
105 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
107 if (chk_icv == ICV_CHECK_ENABLE)
108 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
110 /* Save lower half of MAC out into a 32-bit sequence */
111 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
113 return PROGRAM_FINALIZE(p);
118 * cnstr_shdsc_snow_f8 - SNOW/f8 (UEA2) as a shared descriptor
119 * @descbuf: pointer to descriptor-under-construction buffer
120 * @ps: if 36/40bit addressing is desired, this parameter must be true
121 * @swap: must be true when core endianness doesn't match SEC endianness
122 * @cipherdata: pointer to block cipher transform definitions
123 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
125 * Return: size of descriptor written in words or negative number on error
128 cnstr_shdsc_snow_f8(uint32_t *descbuf, bool ps, bool swap,
129 struct alginfo *cipherdata, uint8_t dir)
132 struct program *p = &prg;
134 PROGRAM_CNTXT_INIT(p, descbuf, 0);
136 PROGRAM_SET_BSWAP(p);
139 PROGRAM_SET_36BIT_ADDR(p);
140 SHR_HDR(p, SHR_ALWAYS, 1, 0);
142 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
143 cipherdata->keylen, INLINE_KEY(cipherdata));
145 SEQLOAD(p, CONTEXT1, 0, 16, 0);
147 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
148 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
149 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F8, OP_ALG_AAI_F8,
150 OP_ALG_AS_INITFINAL, 0, dir);
151 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
152 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
154 return PROGRAM_FINALIZE(p);
158 * conv_to_zuc_eia_iv - ZUCA IV 16-byte to 8-byte convert
160 * @iv: 16 bytes of original IV data.
162 * From the original IV, we extract 32-bits of COUNT,
163 * 5-bits of bearer and 1-bit of direction.
164 * Refer to CAAM refman for ZUCA IV format. Then these values are
165 * appended as COUNT||BEARER||DIR continuously to make a 38-bit block.
166 * This 38-bit block is copied left justified into 8-byte array used as
169 * Return: 8-bytes of IV data as understood by SEC HW
172 static inline uint8_t *conv_to_zuc_eia_iv(uint8_t *iv)
174 uint8_t dir = (iv[14] & 0x80) ? 4 : 0;
176 iv[12] = iv[4] | dir;
190 * conv_to_snow_f9_iv - SNOW/f9 (UIA2) IV 16 byte to 12 byte convert
192 * @iv: 16 byte original IV data
194 * Return: 12 byte IV data as understood by SEC HW
197 static inline uint8_t *conv_to_snow_f9_iv(uint8_t *iv)
199 uint8_t temp = (iv[8] == iv[0]) ? 0 : 4;
220 * cnstr_shdsc_snow_f9 - SNOW/f9 (UIA2) as a shared descriptor
221 * @descbuf: pointer to descriptor-under-construction buffer
222 * @ps: if 36/40bit addressing is desired, this parameter must be true
223 * @swap: must be true when core endianness doesn't match SEC endianness
224 * @authdata: pointer to authentication transform definitions
225 * @chk_icv: check or generate ICV value
226 * @authlen: size of digest
228 * Return: size of descriptor written in words or negative number on error
231 cnstr_shdsc_snow_f9(uint32_t *descbuf, bool ps, bool swap,
232 struct alginfo *authdata, uint8_t chk_icv,
236 struct program *p = &prg;
237 int dir = chk_icv ? DIR_DEC : DIR_ENC;
239 PROGRAM_CNTXT_INIT(p, descbuf, 0);
241 PROGRAM_SET_BSWAP(p);
244 PROGRAM_SET_36BIT_ADDR(p);
246 SHR_HDR(p, SHR_ALWAYS, 1, 0);
248 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
249 authdata->keylen, INLINE_KEY(authdata));
251 SEQLOAD(p, CONTEXT2, 0, 12, 0);
253 if (chk_icv == ICV_CHECK_ENABLE)
254 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
256 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
258 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F9, OP_ALG_AAI_F9,
259 OP_ALG_AS_INITFINAL, chk_icv, dir);
261 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
263 if (chk_icv == ICV_CHECK_ENABLE)
264 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
266 /* Save lower half of MAC out into a 32-bit sequence */
267 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
269 return PROGRAM_FINALIZE(p);
273 * cnstr_shdsc_blkcipher - block cipher transformation
274 * @descbuf: pointer to descriptor-under-construction buffer
275 * @ps: if 36/40bit addressing is desired, this parameter must be true
276 * @swap: must be true when core endianness doesn't match SEC endianness
277 * @share: sharing type of shared descriptor
278 * @cipherdata: pointer to block cipher transform definitions
279 * Valid algorithm values one of OP_ALG_ALGSEL_* {DES, 3DES, AES}
281 * AES: OP_ALG_AAI_* {CBC, CTR}
282 * DES, 3DES: OP_ALG_AAI_CBC
283 * @iv: IV data; if NULL, "ivlen" bytes from the input frame will be read as IV
285 * @dir: DIR_ENC/DIR_DEC
287 * Return: size of descriptor written in words or negative number on error
290 cnstr_shdsc_blkcipher(uint32_t *descbuf, bool ps, bool swap,
291 enum rta_share_type share,
292 struct alginfo *cipherdata, uint8_t *iv,
293 uint32_t ivlen, uint8_t dir)
296 struct program *p = &prg;
298 const bool need_dk = (dir == DIR_DEC) &&
299 (cipherdata->algtype == OP_ALG_ALGSEL_AES) &&
300 (cipherdata->algmode == OP_ALG_AAI_CBC);
306 PROGRAM_CNTXT_INIT(p, descbuf, 0);
308 PROGRAM_SET_BSWAP(p);
310 PROGRAM_SET_36BIT_ADDR(p);
311 SHR_HDR(p, share, 1, SC);
313 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
315 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
316 cipherdata->keylen, INLINE_KEY(cipherdata));
319 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
320 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
322 pskipdk = JUMP(p, skipdk, LOCAL_JUMP, ALL_TRUE, 0);
324 SET_LABEL(p, keyjmp);
327 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, cipherdata->algmode |
328 OP_ALG_AAI_DK, OP_ALG_AS_INITFINAL,
329 ICV_CHECK_DISABLE, dir);
330 SET_LABEL(p, skipdk);
332 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
333 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
336 if (cipherdata->algmode == OP_ALG_AAI_CTR)
340 /* IV load, convert size */
341 LOAD(p, (uintptr_t)iv, CONTEXT1, iv_off, ivlen, IMMED | COPY);
343 /* IV is present first before the actual message */
344 SEQLOAD(p, CONTEXT1, iv_off, ivlen, 0);
346 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
347 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
349 /* Insert sequence load/store with VLF */
350 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
351 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
353 PATCH_JUMP(p, pkeyjmp, keyjmp);
355 PATCH_JUMP(p, pskipdk, skipdk);
357 return PROGRAM_FINALIZE(p);
361 * cnstr_shdsc_hmac - HMAC shared
362 * @descbuf: pointer to descriptor-under-construction buffer
363 * @ps: if 36/40bit addressing is desired, this parameter must be true
364 * @swap: must be true when core endianness doesn't match SEC endianness
365 * @share: sharing type of shared descriptor
366 * @authdata: pointer to authentication transform definitions;
367 * message digest algorithm: OP_ALG_ALGSEL_MD5/ SHA1-512.
368 * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
369 * is needed for all the packets processed by this shared descriptor
370 * @trunc_len: Length of the truncated ICV to be written in the output buffer, 0
371 * if no truncation is needed
373 * Note: There's no support for keys longer than the block size of the
374 * underlying hash function, according to the selected algorithm.
376 * Return: size of descriptor written in words or negative number on error
379 cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
380 enum rta_share_type share,
381 struct alginfo *authdata, uint8_t do_icv,
385 struct program *p = &prg;
386 uint8_t storelen, opicv, dir;
390 REFERENCE(pjmpprecomp);
392 /* Compute fixed-size store based on alg selection */
393 switch (authdata->algtype) {
394 case OP_ALG_ALGSEL_MD5:
397 case OP_ALG_ALGSEL_SHA1:
400 case OP_ALG_ALGSEL_SHA224:
403 case OP_ALG_ALGSEL_SHA256:
406 case OP_ALG_ALGSEL_SHA384:
409 case OP_ALG_ALGSEL_SHA512:
416 trunc_len = trunc_len && (trunc_len < storelen) ? trunc_len : storelen;
418 opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
419 dir = do_icv ? DIR_DEC : DIR_ENC;
421 PROGRAM_CNTXT_INIT(p, descbuf, 0);
423 PROGRAM_SET_BSWAP(p);
425 PROGRAM_SET_36BIT_ADDR(p);
426 SHR_HDR(p, share, 1, SC);
428 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
429 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
430 INLINE_KEY(authdata));
433 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
434 OP_ALG_AS_INITFINAL, opicv, dir);
436 pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
437 SET_LABEL(p, keyjmp);
439 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
440 OP_ALG_AS_INITFINAL, opicv, dir);
442 SET_LABEL(p, jmpprecomp);
444 /* compute sequences */
445 if (opicv == ICV_CHECK_ENABLE)
446 MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
448 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
450 /* Do load (variable length) */
451 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
453 if (opicv == ICV_CHECK_ENABLE)
454 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
456 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
458 PATCH_JUMP(p, pkeyjmp, keyjmp);
459 PATCH_JUMP(p, pjmpprecomp, jmpprecomp);
461 return PROGRAM_FINALIZE(p);
465 * cnstr_shdsc_kasumi_f8 - KASUMI F8 (Confidentiality) as a shared descriptor
466 * (ETSI "Document 1: f8 and f9 specification")
467 * @descbuf: pointer to descriptor-under-construction buffer
468 * @ps: if 36/40bit addressing is desired, this parameter must be true
469 * @swap: must be true when core endianness doesn't match SEC endianness
470 * @cipherdata: pointer to block cipher transform definitions
471 * @dir: cipher direction (DIR_ENC/DIR_DEC)
472 * @count: count value (32 bits)
473 * @bearer: bearer ID (5 bits)
474 * @direction: direction (1 bit)
476 * Return: size of descriptor written in words or negative number on error
479 cnstr_shdsc_kasumi_f8(uint32_t *descbuf, bool ps, bool swap,
480 struct alginfo *cipherdata, uint8_t dir)
483 struct program *p = &prg;
485 PROGRAM_CNTXT_INIT(p, descbuf, 0);
487 PROGRAM_SET_BSWAP(p);
489 PROGRAM_SET_36BIT_ADDR(p);
490 SHR_HDR(p, SHR_ALWAYS, 1, 0);
492 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
493 cipherdata->keylen, INLINE_KEY(cipherdata));
494 SEQLOAD(p, CONTEXT1, 0, 8, 0);
495 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
496 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
497 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F8,
498 OP_ALG_AS_INITFINAL, 0, dir);
499 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
500 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
502 return PROGRAM_FINALIZE(p);
506 * cnstr_shdsc_kasumi_f9 - KASUMI F9 (Integrity) as a shared descriptor
507 * (ETSI "Document 1: f8 and f9 specification")
508 * @descbuf: pointer to descriptor-under-construction buffer
509 * @ps: if 36/40bit addressing is desired, this parameter must be true
510 * @swap: must be true when core endianness doesn't match SEC endianness
511 * @authdata: pointer to authentication transform definitions
512 * @chk_icv: check or generate ICV value
513 * @authlen: size of digest
515 * Return: size of descriptor written in words or negative number on error
518 cnstr_shdsc_kasumi_f9(uint32_t *descbuf, bool ps, bool swap,
519 struct alginfo *authdata, uint8_t chk_icv,
523 struct program *p = &prg;
524 int dir = chk_icv ? DIR_DEC : DIR_ENC;
526 PROGRAM_CNTXT_INIT(p, descbuf, 0);
528 PROGRAM_SET_BSWAP(p);
531 PROGRAM_SET_36BIT_ADDR(p);
533 SHR_HDR(p, SHR_ALWAYS, 1, 0);
535 KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
536 authdata->keylen, INLINE_KEY(authdata));
538 SEQLOAD(p, CONTEXT2, 0, 12, 0);
540 if (chk_icv == ICV_CHECK_ENABLE)
541 MATHB(p, SEQINSZ, SUB, authlen, VSEQINSZ, 4, IMMED2);
543 MATHB(p, SEQINSZ, SUB, ZERO, VSEQINSZ, 4, 0);
545 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F9,
546 OP_ALG_AS_INITFINAL, chk_icv, dir);
548 SEQFIFOLOAD(p, MSG2, 0, VLF | CLASS2 | LAST2);
550 if (chk_icv == ICV_CHECK_ENABLE)
551 SEQFIFOLOAD(p, ICV2, authlen, LAST2);
553 /* Save lower half of MAC out into a 32-bit sequence */
554 SEQSTORE(p, CONTEXT2, 0, authlen, 0);
556 return PROGRAM_FINALIZE(p);
560 * cnstr_shdsc_crc - CRC32 Accelerator (IEEE 802 CRC32 protocol mode)
561 * @descbuf: pointer to descriptor-under-construction buffer
562 * @swap: must be true when core endianness doesn't match SEC endianness
564 * Return: size of descriptor written in words or negative number on error
567 cnstr_shdsc_crc(uint32_t *descbuf, bool swap)
570 struct program *p = &prg;
572 PROGRAM_CNTXT_INIT(p, descbuf, 0);
574 PROGRAM_SET_BSWAP(p);
576 SHR_HDR(p, SHR_ALWAYS, 1, 0);
578 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
579 ALG_OPERATION(p, OP_ALG_ALGSEL_CRC,
580 OP_ALG_AAI_802 | OP_ALG_AAI_DOC,
581 OP_ALG_AS_FINALIZE, 0, DIR_ENC);
582 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
583 SEQSTORE(p, CONTEXT2, 0, 4, 0);
585 return PROGRAM_FINALIZE(p);
589 * cnstr_shdsc_gcm_encap - AES-GCM encap as a shared descriptor
590 * @descbuf: pointer to descriptor-under-construction buffer
591 * @ps: if 36/40bit addressing is desired, this parameter must be true
592 * @swap: must be true when core endianness doesn't match SEC endianness
593 * @share: sharing type of shared descriptor
594 * @cipherdata: pointer to block cipher transform definitions
595 * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with
597 * @ivlen: Initialization vector length
598 * @icvsize: integrity check value (ICV) size (truncated or full)
600 * Return: size of descriptor written in words or negative number on error
603 cnstr_shdsc_gcm_encap(uint32_t *descbuf, bool ps, bool swap,
604 enum rta_share_type share,
605 struct alginfo *cipherdata,
606 uint32_t ivlen, uint32_t icvsize)
609 struct program *p = &prg;
612 LABEL(zeroassocjump2);
613 LABEL(zeroassocjump1);
614 LABEL(zeropayloadjump);
616 REFERENCE(pzeroassocjump2);
617 REFERENCE(pzeroassocjump1);
618 REFERENCE(pzeropayloadjump);
620 PROGRAM_CNTXT_INIT(p, descbuf, 0);
623 PROGRAM_SET_BSWAP(p);
625 PROGRAM_SET_36BIT_ADDR(p);
627 SHR_HDR(p, share, 1, SC);
629 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SELF | SHRD);
631 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
632 cipherdata->keylen, INLINE_KEY(cipherdata));
634 SET_LABEL(p, keyjmp);
636 /* class 1 operation */
637 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
638 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, DIR_ENC);
640 MATHB(p, DPOVRD, AND, 0x7fffffff, MATH3, 4, IMMED2);
642 /* if assoclen + cryptlen is ZERO, skip to ICV write */
643 MATHB(p, SEQINSZ, SUB, ivlen, VSEQOUTSZ, 4, IMMED2);
644 pzeroassocjump2 = JUMP(p, zeroassocjump2, LOCAL_JUMP, ALL_TRUE, MATH_Z);
646 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1);
648 /* if assoclen is ZERO, skip reading the assoc data */
649 MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
650 pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
652 /* cryptlen = seqinlen - assoclen */
653 MATHB(p, SEQINSZ, SUB, MATH3, VSEQOUTSZ, 4, 0);
655 /* if cryptlen is ZERO jump to zero-payload commands */
656 pzeropayloadjump = JUMP(p, zeropayloadjump, LOCAL_JUMP, ALL_TRUE,
659 /* read assoc data */
660 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);
661 SET_LABEL(p, zeroassocjump1);
663 MATHB(p, SEQINSZ, SUB, MATH0, VSEQINSZ, 4, 0);
665 /* write encrypted data */
666 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
668 /* read payload data */
669 SEQFIFOLOAD(p, MSG1, 0, CLASS1 | VLF | LAST1);
671 /* jump the zero-payload commands */
672 JUMP(p, 4, LOCAL_JUMP, ALL_TRUE, 0);
674 /* zero-payload commands */
675 SET_LABEL(p, zeropayloadjump);
677 /* read assoc data */
678 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | LAST1);
680 JUMP(p, 2, LOCAL_JUMP, ALL_TRUE, 0);
682 /* There is no input data */
683 SET_LABEL(p, zeroassocjump2);
685 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1 | LAST1);
688 SEQSTORE(p, CONTEXT1, 0, icvsize, 0);
690 PATCH_JUMP(p, pkeyjmp, keyjmp);
691 PATCH_JUMP(p, pzeroassocjump2, zeroassocjump2);
692 PATCH_JUMP(p, pzeroassocjump1, zeroassocjump1);
693 PATCH_JUMP(p, pzeropayloadjump, zeropayloadjump);
695 return PROGRAM_FINALIZE(p);
699 * cnstr_shdsc_gcm_decap - AES-GCM decap as a shared descriptor
700 * @descbuf: pointer to descriptor-under-construction buffer
701 * @ps: if 36/40bit addressing is desired, this parameter must be true
702 * @swap: must be true when core endianness doesn't match SEC endianness
703 * @share: sharing type of shared descriptor
704 * @cipherdata: pointer to block cipher transform definitions
705 * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with
707 * @icvsize: integrity check value (ICV) size (truncated or full)
709 * Return: size of descriptor written in words or negative number on error
712 cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
713 enum rta_share_type share,
714 struct alginfo *cipherdata,
715 uint32_t ivlen, uint32_t icvsize)
718 struct program *p = &prg;
721 LABEL(zeroassocjump1);
722 LABEL(zeropayloadjump);
724 REFERENCE(pzeroassocjump1);
725 REFERENCE(pzeropayloadjump);
727 PROGRAM_CNTXT_INIT(p, descbuf, 0);
730 PROGRAM_SET_BSWAP(p);
732 PROGRAM_SET_36BIT_ADDR(p);
734 SHR_HDR(p, share, 1, SC);
736 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SELF | SHRD);
738 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
739 cipherdata->keylen, INLINE_KEY(cipherdata));
741 SET_LABEL(p, keyjmp);
743 /* class 1 operation */
744 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
745 OP_ALG_AS_INITFINAL, ICV_CHECK_ENABLE, DIR_DEC);
747 MATHB(p, DPOVRD, AND, 0x7fffffff, MATH3, 4, IMMED2);
748 SEQFIFOLOAD(p, IV1, ivlen, FLUSH1);
750 /* if assoclen is ZERO, skip reading the assoc data */
751 MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
752 pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
754 /* read assoc data */
755 SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);
757 SET_LABEL(p, zeroassocjump1);
759 /* cryptlen = seqoutlen - assoclen */
760 MATHB(p, SEQOUTSZ, SUB, MATH0, VSEQINSZ, 4, 0);
762 /* jump to zero-payload command if cryptlen is zero */
763 pzeropayloadjump = JUMP(p, zeropayloadjump, LOCAL_JUMP, ALL_TRUE,
766 MATHB(p, SEQOUTSZ, SUB, MATH0, VSEQOUTSZ, 4, 0);
768 /* store encrypted data */
769 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
771 /* read payload data */
772 SEQFIFOLOAD(p, MSG1, 0, CLASS1 | VLF | FLUSH1);
774 /* zero-payload command */
775 SET_LABEL(p, zeropayloadjump);
778 SEQFIFOLOAD(p, ICV1, icvsize, CLASS1 | LAST1);
780 PATCH_JUMP(p, pkeyjmp, keyjmp);
781 PATCH_JUMP(p, pzeroassocjump1, zeroassocjump1);
782 PATCH_JUMP(p, pzeropayloadjump, zeropayloadjump);
784 return PROGRAM_FINALIZE(p);
787 #endif /* __DESC_ALGO_H__ */