2 * This file is provided under a dual BSD/GPLv2 license. When using or
3 * redistributing this file, you may do so under either license.
7 * Copyright 2008-2016 Freescale Semiconductor Inc.
8 * Copyright (c) 2016 NXP.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions are met:
12 * * Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * * Neither the name of the above-listed copyright holders nor the
18 * names of any contributors may be used to endorse or promote products
19 * derived from this software without specific prior written permission.
23 * ALTERNATIVELY, this software may be distributed under the terms of the
24 * GNU General Public License ("GPL") as published by the Free Software
25 * Foundation, either version 2 of that License or (at your option) any
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
29 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
32 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
33 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38 * POSSIBILITY OF SUCH DAMAGE.
41 #ifndef __DESC_ALGO_H__
42 #define __DESC_ALGO_H__
48 * DOC: Algorithms - Shared Descriptor Constructors
50 * Shared descriptors for algorithms (i.e. not for protocols).
54 * cnstr_shdsc_snow_f8 - SNOW/f8 (UEA2) as a shared descriptor
55 * @descbuf: pointer to descriptor-under-construction buffer
56 * @ps: if 36/40bit addressing is desired, this parameter must be true
57 * @swap: must be true when core endianness doesn't match SEC endianness
58 * @cipherdata: pointer to block cipher transform definitions
59 * @dir: Cipher direction (DIR_ENC/DIR_DEC)
60 * @count: UEA2 count value (32 bits)
61 * @bearer: UEA2 bearer ID (5 bits)
62 * @direction: UEA2 direction (1 bit)
64 * Return: size of descriptor written in words or negative number on error
67 cnstr_shdsc_snow_f8(uint32_t *descbuf, bool ps, bool swap,
68 struct alginfo *cipherdata, uint8_t dir,
69 uint32_t count, uint8_t bearer, uint8_t direction)
72 struct program *p = &prg;
75 uint8_t dr = direction;
76 uint32_t context[2] = {ct, (br << 27) | (dr << 26)};
78 PROGRAM_CNTXT_INIT(p, descbuf, 0);
82 context[0] = swab32(context[0]);
83 context[1] = swab32(context[1]);
87 PROGRAM_SET_36BIT_ADDR(p);
88 SHR_HDR(p, SHR_ALWAYS, 1, 0);
90 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
91 cipherdata->keylen, INLINE_KEY(cipherdata));
92 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
93 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
94 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F8, OP_ALG_AAI_F8,
95 OP_ALG_AS_INITFINAL, 0, dir);
96 LOAD(p, (uintptr_t)context, CONTEXT1, 0, 8, IMMED | COPY);
97 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
98 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
100 return PROGRAM_FINALIZE(p);
104 * cnstr_shdsc_snow_f9 - SNOW/f9 (UIA2) as a shared descriptor
105 * @descbuf: pointer to descriptor-under-construction buffer
106 * @ps: if 36/40bit addressing is desired, this parameter must be true
107 * @swap: must be true when core endianness doesn't match SEC endianness
108 * @authdata: pointer to authentication transform definitions
109 * @dir: cipher direction (DIR_ENC/DIR_DEC)
110 * @count: UEA2 count value (32 bits)
111 * @fresh: UEA2 fresh value ID (32 bits)
112 * @direction: UEA2 direction (1 bit)
113 * @datalen: size of data
115 * Return: size of descriptor written in words or negative number on error
118 cnstr_shdsc_snow_f9(uint32_t *descbuf, bool ps, bool swap,
119 struct alginfo *authdata, uint8_t dir, uint32_t count,
120 uint32_t fresh, uint8_t direction, uint32_t datalen)
123 struct program *p = &prg;
126 uint64_t dr = direction;
129 context[0] = (ct << 32) | (dr << 26);
130 context[1] = fr << 32;
132 PROGRAM_CNTXT_INIT(p, descbuf, 0);
134 PROGRAM_SET_BSWAP(p);
136 context[0] = swab64(context[0]);
137 context[1] = swab64(context[1]);
140 PROGRAM_SET_36BIT_ADDR(p);
141 SHR_HDR(p, SHR_ALWAYS, 1, 0);
143 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
144 INLINE_KEY(authdata));
145 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
146 ALG_OPERATION(p, OP_ALG_ALGSEL_SNOW_F9, OP_ALG_AAI_F9,
147 OP_ALG_AS_INITFINAL, 0, dir);
148 LOAD(p, (uintptr_t)context, CONTEXT2, 0, 16, IMMED | COPY);
149 SEQFIFOLOAD(p, BIT_DATA, datalen, CLASS2 | LAST2);
150 /* Save lower half of MAC out into a 32-bit sequence */
151 SEQSTORE(p, CONTEXT2, 0, 4, 0);
153 return PROGRAM_FINALIZE(p);
157 * cnstr_shdsc_blkcipher - block cipher transformation
158 * @descbuf: pointer to descriptor-under-construction buffer
159 * @ps: if 36/40bit addressing is desired, this parameter must be true
160 * @swap: must be true when core endianness doesn't match SEC endianness
161 * @cipherdata: pointer to block cipher transform definitions
162 * Valid algorithm values one of OP_ALG_ALGSEL_* {DES, 3DES, AES}
164 * AES: OP_ALG_AAI_* {CBC, CTR}
165 * DES, 3DES: OP_ALG_AAI_CBC
166 * @iv: IV data; if NULL, "ivlen" bytes from the input frame will be read as IV
168 * @dir: DIR_ENC/DIR_DEC
170 * Return: size of descriptor written in words or negative number on error
173 cnstr_shdsc_blkcipher(uint32_t *descbuf, bool ps, bool swap,
174 struct alginfo *cipherdata, uint8_t *iv,
175 uint32_t ivlen, uint8_t dir)
178 struct program *p = &prg;
180 const bool need_dk = (dir == DIR_DEC) &&
181 (cipherdata->algtype == OP_ALG_ALGSEL_AES) &&
182 (cipherdata->algmode == OP_ALG_AAI_CBC);
188 PROGRAM_CNTXT_INIT(p, descbuf, 0);
190 PROGRAM_SET_BSWAP(p);
192 PROGRAM_SET_36BIT_ADDR(p);
193 SHR_HDR(p, SHR_SERIAL, 1, SC);
195 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
197 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
198 cipherdata->keylen, INLINE_KEY(cipherdata));
201 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
202 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
204 pskipdk = JUMP(p, skipdk, LOCAL_JUMP, ALL_TRUE, 0);
206 SET_LABEL(p, keyjmp);
209 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, cipherdata->algmode |
210 OP_ALG_AAI_DK, OP_ALG_AS_INITFINAL,
211 ICV_CHECK_DISABLE, dir);
212 SET_LABEL(p, skipdk);
214 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
215 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
218 if (cipherdata->algmode == OP_ALG_AAI_CTR)
222 /* IV load, convert size */
223 LOAD(p, (uintptr_t)iv, CONTEXT1, iv_off, ivlen, IMMED | COPY);
225 /* IV is present first before the actual message */
226 SEQLOAD(p, CONTEXT1, iv_off, ivlen, 0);
228 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
229 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
231 /* Insert sequence load/store with VLF */
232 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
233 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
235 PATCH_JUMP(p, pkeyjmp, keyjmp);
237 PATCH_JUMP(p, pskipdk, skipdk);
239 return PROGRAM_FINALIZE(p);
243 * cnstr_shdsc_hmac - HMAC shared
244 * @descbuf: pointer to descriptor-under-construction buffer
245 * @ps: if 36/40bit addressing is desired, this parameter must be true
246 * @swap: must be true when core endianness doesn't match SEC endianness
247 * @authdata: pointer to authentication transform definitions;
248 * message digest algorithm: OP_ALG_ALGSEL_MD5/ SHA1-512.
249 * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
250 * is needed for all the packets processed by this shared descriptor
251 * @trunc_len: Length of the truncated ICV to be written in the output buffer, 0
252 * if no truncation is needed
254 * Note: There's no support for keys longer than the block size of the
255 * underlying hash function, according to the selected algorithm.
257 * Return: size of descriptor written in words or negative number on error
260 cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
261 struct alginfo *authdata, uint8_t do_icv,
265 struct program *p = &prg;
266 uint8_t storelen, opicv, dir;
270 REFERENCE(pjmpprecomp);
272 /* Compute fixed-size store based on alg selection */
273 switch (authdata->algtype) {
274 case OP_ALG_ALGSEL_MD5:
277 case OP_ALG_ALGSEL_SHA1:
280 case OP_ALG_ALGSEL_SHA224:
283 case OP_ALG_ALGSEL_SHA256:
286 case OP_ALG_ALGSEL_SHA384:
289 case OP_ALG_ALGSEL_SHA512:
296 trunc_len = trunc_len && (trunc_len < storelen) ? trunc_len : storelen;
298 opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
299 dir = do_icv ? DIR_DEC : DIR_ENC;
301 PROGRAM_CNTXT_INIT(p, descbuf, 0);
303 PROGRAM_SET_BSWAP(p);
305 PROGRAM_SET_36BIT_ADDR(p);
306 SHR_HDR(p, SHR_SERIAL, 1, SC);
308 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
309 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
310 INLINE_KEY(authdata));
313 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
314 OP_ALG_AS_INITFINAL, opicv, dir);
316 pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
317 SET_LABEL(p, keyjmp);
319 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
320 OP_ALG_AS_INITFINAL, opicv, dir);
322 SET_LABEL(p, jmpprecomp);
324 /* compute sequences */
325 if (opicv == ICV_CHECK_ENABLE)
326 MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
328 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
330 /* Do load (variable length) */
331 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
333 if (opicv == ICV_CHECK_ENABLE)
334 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
336 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
338 PATCH_JUMP(p, pkeyjmp, keyjmp);
339 PATCH_JUMP(p, pjmpprecomp, jmpprecomp);
341 return PROGRAM_FINALIZE(p);
345 * cnstr_shdsc_kasumi_f8 - KASUMI F8 (Confidentiality) as a shared descriptor
346 * (ETSI "Document 1: f8 and f9 specification")
347 * @descbuf: pointer to descriptor-under-construction buffer
348 * @ps: if 36/40bit addressing is desired, this parameter must be true
349 * @swap: must be true when core endianness doesn't match SEC endianness
350 * @cipherdata: pointer to block cipher transform definitions
351 * @dir: cipher direction (DIR_ENC/DIR_DEC)
352 * @count: count value (32 bits)
353 * @bearer: bearer ID (5 bits)
354 * @direction: direction (1 bit)
356 * Return: size of descriptor written in words or negative number on error
359 cnstr_shdsc_kasumi_f8(uint32_t *descbuf, bool ps, bool swap,
360 struct alginfo *cipherdata, uint8_t dir,
361 uint32_t count, uint8_t bearer, uint8_t direction)
364 struct program *p = &prg;
366 uint64_t br = bearer;
367 uint64_t dr = direction;
368 uint32_t context[2] = { ct, (br << 27) | (dr << 26) };
370 PROGRAM_CNTXT_INIT(p, descbuf, 0);
372 PROGRAM_SET_BSWAP(p);
374 context[0] = swab32(context[0]);
375 context[1] = swab32(context[1]);
378 PROGRAM_SET_36BIT_ADDR(p);
379 SHR_HDR(p, SHR_ALWAYS, 1, 0);
381 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
382 cipherdata->keylen, INLINE_KEY(cipherdata));
383 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
384 MATHB(p, SEQINSZ, SUB, MATH2, VSEQOUTSZ, 4, 0);
385 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F8,
386 OP_ALG_AS_INITFINAL, 0, dir);
387 LOAD(p, (uintptr_t)context, CONTEXT1, 0, 8, IMMED | COPY);
388 SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1);
389 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
391 return PROGRAM_FINALIZE(p);
395 * cnstr_shdsc_kasumi_f9 - KASUMI F9 (Integrity) as a shared descriptor
396 * (ETSI "Document 1: f8 and f9 specification")
397 * @descbuf: pointer to descriptor-under-construction buffer
398 * @ps: if 36/40bit addressing is desired, this parameter must be true
399 * @swap: must be true when core endianness doesn't match SEC endianness
400 * @authdata: pointer to authentication transform definitions
401 * @dir: cipher direction (DIR_ENC/DIR_DEC)
402 * @count: count value (32 bits)
403 * @fresh: fresh value ID (32 bits)
404 * @direction: direction (1 bit)
405 * @datalen: size of data
407 * Return: size of descriptor written in words or negative number on error
410 cnstr_shdsc_kasumi_f9(uint32_t *descbuf, bool ps, bool swap,
411 struct alginfo *authdata, uint8_t dir,
412 uint32_t count, uint32_t fresh, uint8_t direction,
416 struct program *p = &prg;
417 uint16_t ctx_offset = 16;
418 uint32_t context[6] = {count, direction << 26, fresh, 0, 0, 0};
420 PROGRAM_CNTXT_INIT(p, descbuf, 0);
422 PROGRAM_SET_BSWAP(p);
424 context[0] = swab32(context[0]);
425 context[1] = swab32(context[1]);
426 context[2] = swab32(context[2]);
429 PROGRAM_SET_36BIT_ADDR(p);
430 SHR_HDR(p, SHR_ALWAYS, 1, 0);
432 KEY(p, KEY1, authdata->key_enc_flags, authdata->key, authdata->keylen,
433 INLINE_KEY(authdata));
434 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
435 ALG_OPERATION(p, OP_ALG_ALGSEL_KASUMI, OP_ALG_AAI_F9,
436 OP_ALG_AS_INITFINAL, 0, dir);
437 LOAD(p, (uintptr_t)context, CONTEXT1, 0, 24, IMMED | COPY);
438 SEQFIFOLOAD(p, BIT_DATA, datalen, CLASS1 | LAST1);
439 /* Save output MAC of DWORD 2 into a 32-bit sequence */
440 SEQSTORE(p, CONTEXT1, ctx_offset, 4, 0);
442 return PROGRAM_FINALIZE(p);
446 * cnstr_shdsc_crc - CRC32 Accelerator (IEEE 802 CRC32 protocol mode)
447 * @descbuf: pointer to descriptor-under-construction buffer
448 * @swap: must be true when core endianness doesn't match SEC endianness
450 * Return: size of descriptor written in words or negative number on error
453 cnstr_shdsc_crc(uint32_t *descbuf, bool swap)
456 struct program *p = &prg;
458 PROGRAM_CNTXT_INIT(p, descbuf, 0);
460 PROGRAM_SET_BSWAP(p);
462 SHR_HDR(p, SHR_ALWAYS, 1, 0);
464 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
465 ALG_OPERATION(p, OP_ALG_ALGSEL_CRC,
466 OP_ALG_AAI_802 | OP_ALG_AAI_DOC,
467 OP_ALG_AS_FINALIZE, 0, DIR_ENC);
468 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
469 SEQSTORE(p, CONTEXT2, 0, 4, 0);
471 return PROGRAM_FINALIZE(p);
474 #endif /* __DESC_ALGO_H__ */