1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2018 Advanced Micro Devices, Inc. All rights reserved. 3 */ 4 5 #ifndef _CCP_CRYPTO_H_ 6 #define _CCP_CRYPTO_H_ 7 8 #include <limits.h> 9 #include <stdbool.h> 10 #include <stdint.h> 11 #include <string.h> 12 13 #include <rte_atomic.h> 14 #include <rte_byteorder.h> 15 #include <rte_io.h> 16 #include <rte_pci.h> 17 #include <rte_spinlock.h> 18 #include <rte_crypto_sym.h> 19 #include <rte_cryptodev.h> 20 21 #include "ccp_dev.h" 22 23 #define AES_BLOCK_SIZE 16 24 #define CMAC_PAD_VALUE 0x80 25 #define CTR_NONCE_SIZE 4 26 #define CTR_IV_SIZE 8 27 #define CCP_SHA3_CTX_SIZE 200 28 29 /**Macro helpers for CCP command creation*/ 30 #define CCP_AES_SIZE(p) ((p)->aes.size) 31 #define CCP_AES_ENCRYPT(p) ((p)->aes.encrypt) 32 #define CCP_AES_MODE(p) ((p)->aes.mode) 33 #define CCP_AES_TYPE(p) ((p)->aes.type) 34 #define CCP_DES_ENCRYPT(p) ((p)->des.encrypt) 35 #define CCP_DES_MODE(p) ((p)->des.mode) 36 #define CCP_DES_TYPE(p) ((p)->des.type) 37 #define CCP_SHA_TYPE(p) ((p)->sha.type) 38 #define CCP_PT_BYTESWAP(p) ((p)->pt.byteswap) 39 #define CCP_PT_BITWISE(p) ((p)->pt.bitwise) 40 41 /* HMAC */ 42 #define HMAC_IPAD_VALUE 0x36 43 #define HMAC_OPAD_VALUE 0x5c 44 45 /* MD5 */ 46 #define MD5_DIGEST_SIZE 16 47 #define MD5_BLOCK_SIZE 64 48 49 /* SHA */ 50 #define SHA_COMMON_DIGEST_SIZE 32 51 #define SHA1_DIGEST_SIZE 20 52 #define SHA1_BLOCK_SIZE 64 53 54 #define SHA224_DIGEST_SIZE 28 55 #define SHA224_BLOCK_SIZE 64 56 #define SHA3_224_BLOCK_SIZE 144 57 58 #define SHA256_DIGEST_SIZE 32 59 #define SHA256_BLOCK_SIZE 64 60 #define SHA3_256_BLOCK_SIZE 136 61 62 #define SHA384_DIGEST_SIZE 48 63 #define SHA384_BLOCK_SIZE 128 64 #define SHA3_384_BLOCK_SIZE 104 65 66 #define SHA512_DIGEST_SIZE 64 67 #define SHA512_BLOCK_SIZE 128 68 #define SHA3_512_BLOCK_SIZE 72 69 70 /* Maximum length for digest */ 71 #define DIGEST_LENGTH_MAX 64 72 73 /* SHA LSB initialization values */ 74 75 #define SHA1_H0 0x67452301UL 76 #define SHA1_H1 0xefcdab89UL 77 #define SHA1_H2 0x98badcfeUL 78 #define SHA1_H3 0x10325476UL 79 #define SHA1_H4 0xc3d2e1f0UL 80 81 #define SHA224_H0 0xc1059ed8UL 82 #define SHA224_H1 0x367cd507UL 83 #define SHA224_H2 0x3070dd17UL 84 #define SHA224_H3 0xf70e5939UL 85 #define SHA224_H4 0xffc00b31UL 86 #define SHA224_H5 0x68581511UL 87 #define SHA224_H6 0x64f98fa7UL 88 #define SHA224_H7 0xbefa4fa4UL 89 90 #define SHA256_H0 0x6a09e667UL 91 #define SHA256_H1 0xbb67ae85UL 92 #define SHA256_H2 0x3c6ef372UL 93 #define SHA256_H3 0xa54ff53aUL 94 #define SHA256_H4 0x510e527fUL 95 #define SHA256_H5 0x9b05688cUL 96 #define SHA256_H6 0x1f83d9abUL 97 #define SHA256_H7 0x5be0cd19UL 98 99 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL 100 #define SHA384_H1 0x629a292a367cd507ULL 101 #define SHA384_H2 0x9159015a3070dd17ULL 102 #define SHA384_H3 0x152fecd8f70e5939ULL 103 #define SHA384_H4 0x67332667ffc00b31ULL 104 #define SHA384_H5 0x8eb44a8768581511ULL 105 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL 106 #define SHA384_H7 0x47b5481dbefa4fa4ULL 107 108 #define SHA512_H0 0x6a09e667f3bcc908ULL 109 #define SHA512_H1 0xbb67ae8584caa73bULL 110 #define SHA512_H2 0x3c6ef372fe94f82bULL 111 #define SHA512_H3 0xa54ff53a5f1d36f1ULL 112 #define SHA512_H4 0x510e527fade682d1ULL 113 #define SHA512_H5 0x9b05688c2b3e6c1fULL 114 #define SHA512_H6 0x1f83d9abfb41bd6bULL 115 #define SHA512_H7 0x5be0cd19137e2179ULL 116 117 /** 118 * CCP supported AES modes 119 */ 120 enum ccp_aes_mode { 121 CCP_AES_MODE_ECB = 0, 122 CCP_AES_MODE_CBC, 123 CCP_AES_MODE_OFB, 124 CCP_AES_MODE_CFB, 125 CCP_AES_MODE_CTR, 126 CCP_AES_MODE_CMAC, 127 CCP_AES_MODE_GHASH, 128 CCP_AES_MODE_GCTR, 129 CCP_AES_MODE__LAST, 130 }; 131 132 /** 133 * CCP AES GHASH mode 134 */ 135 enum ccp_aes_ghash_mode { 136 CCP_AES_MODE_GHASH_AAD = 0, 137 CCP_AES_MODE_GHASH_FINAL 138 }; 139 140 /** 141 * CCP supported AES types 142 */ 143 enum ccp_aes_type { 144 CCP_AES_TYPE_128 = 0, 145 CCP_AES_TYPE_192, 146 CCP_AES_TYPE_256, 147 CCP_AES_TYPE__LAST, 148 }; 149 150 /***** 3DES engine *****/ 151 152 /** 153 * CCP supported DES/3DES modes 154 */ 155 enum ccp_des_mode { 156 CCP_DES_MODE_ECB = 0, /* Not supported */ 157 CCP_DES_MODE_CBC, 158 CCP_DES_MODE_CFB, 159 }; 160 161 /** 162 * CCP supported DES types 163 */ 164 enum ccp_des_type { 165 CCP_DES_TYPE_128 = 0, /* 112 + 16 parity */ 166 CCP_DES_TYPE_192, /* 168 + 24 parity */ 167 CCP_DES_TYPE__LAST, 168 }; 169 170 /***** SHA engine *****/ 171 172 /** 173 * ccp_sha_type - type of SHA operation 174 * 175 * @CCP_SHA_TYPE_1: SHA-1 operation 176 * @CCP_SHA_TYPE_224: SHA-224 operation 177 * @CCP_SHA_TYPE_256: SHA-256 operation 178 */ 179 enum ccp_sha_type { 180 CCP_SHA_TYPE_1 = 1, 181 CCP_SHA_TYPE_224, 182 CCP_SHA_TYPE_256, 183 CCP_SHA_TYPE_384, 184 CCP_SHA_TYPE_512, 185 CCP_SHA_TYPE_RSVD1, 186 CCP_SHA_TYPE_RSVD2, 187 CCP_SHA3_TYPE_224, 188 CCP_SHA3_TYPE_256, 189 CCP_SHA3_TYPE_384, 190 CCP_SHA3_TYPE_512, 191 CCP_SHA_TYPE__LAST, 192 }; 193 194 /** 195 * CCP supported cipher algorithms 196 */ 197 enum ccp_cipher_algo { 198 CCP_CIPHER_ALGO_AES_CBC = 0, 199 CCP_CIPHER_ALGO_AES_ECB, 200 CCP_CIPHER_ALGO_AES_CTR, 201 CCP_CIPHER_ALGO_AES_GCM, 202 CCP_CIPHER_ALGO_3DES_CBC, 203 }; 204 205 /** 206 * CCP cipher operation type 207 */ 208 enum ccp_cipher_dir { 209 CCP_CIPHER_DIR_DECRYPT = 0, 210 CCP_CIPHER_DIR_ENCRYPT = 1, 211 }; 212 213 /** 214 * CCP supported hash algorithms 215 */ 216 enum ccp_hash_algo { 217 CCP_AUTH_ALGO_SHA1 = 0, 218 CCP_AUTH_ALGO_SHA1_HMAC, 219 CCP_AUTH_ALGO_SHA224, 220 CCP_AUTH_ALGO_SHA224_HMAC, 221 CCP_AUTH_ALGO_SHA3_224, 222 CCP_AUTH_ALGO_SHA3_224_HMAC, 223 CCP_AUTH_ALGO_SHA256, 224 CCP_AUTH_ALGO_SHA256_HMAC, 225 CCP_AUTH_ALGO_SHA3_256, 226 CCP_AUTH_ALGO_SHA3_256_HMAC, 227 CCP_AUTH_ALGO_SHA384, 228 CCP_AUTH_ALGO_SHA384_HMAC, 229 CCP_AUTH_ALGO_SHA3_384, 230 CCP_AUTH_ALGO_SHA3_384_HMAC, 231 CCP_AUTH_ALGO_SHA512, 232 CCP_AUTH_ALGO_SHA512_HMAC, 233 CCP_AUTH_ALGO_SHA3_512, 234 CCP_AUTH_ALGO_SHA3_512_HMAC, 235 CCP_AUTH_ALGO_AES_CMAC, 236 CCP_AUTH_ALGO_AES_GCM, 237 CCP_AUTH_ALGO_MD5_HMAC, 238 }; 239 240 /** 241 * CCP hash operation type 242 */ 243 enum ccp_hash_op { 244 CCP_AUTH_OP_GENERATE = 0, 245 CCP_AUTH_OP_VERIFY = 1, 246 }; 247 248 /* CCP crypto private session structure */ 249 struct __rte_cache_aligned ccp_session { 250 bool auth_opt; 251 enum ccp_cmd_order cmd_id; 252 /**< chain order mode */ 253 struct { 254 uint16_t length; 255 uint16_t offset; 256 } iv; 257 /**< IV parameters */ 258 struct { 259 enum ccp_cipher_algo algo; 260 enum ccp_engine engine; 261 union { 262 enum ccp_aes_mode aes_mode; 263 enum ccp_des_mode des_mode; 264 } um; 265 union { 266 enum ccp_aes_type aes_type; 267 enum ccp_des_type des_type; 268 } ut; 269 enum ccp_cipher_dir dir; 270 uint64_t key_length; 271 /**< max cipher key size 256 bits */ 272 uint8_t key[32]; 273 /**ccp key format*/ 274 uint8_t key_ccp[32]; 275 phys_addr_t key_phys; 276 /**AES-ctr nonce(4) iv(8) ctr*/ 277 uint8_t nonce[32]; 278 phys_addr_t nonce_phys; 279 } cipher; 280 /**< Cipher Parameters */ 281 282 struct { 283 enum ccp_hash_algo algo; 284 enum ccp_engine engine; 285 union { 286 enum ccp_aes_mode aes_mode; 287 } um; 288 union { 289 enum ccp_sha_type sha_type; 290 enum ccp_aes_type aes_type; 291 } ut; 292 enum ccp_hash_op op; 293 uint64_t key_length; 294 /**< max hash key size 144 bytes (struct capabilties) */ 295 uint8_t key[144]; 296 /**< max be key size of AES is 32*/ 297 uint8_t key_ccp[32]; 298 phys_addr_t key_phys; 299 uint64_t digest_length; 300 void *ctx; 301 int ctx_len; 302 int offset; 303 int block_size; 304 /**< Buffer to store Software generated precomute values*/ 305 /**< For HMAC H(ipad ^ key) and H(opad ^ key) */ 306 /**< For CMAC K1 IV and K2 IV*/ 307 uint8_t pre_compute[2 * CCP_SHA3_CTX_SIZE]; 308 /**< SHA3 initial ctx all zeros*/ 309 uint8_t sha3_ctx[200]; 310 int aad_length; 311 } auth; 312 /**< Authentication Parameters */ 313 enum rte_crypto_aead_algorithm aead_algo; 314 /**< AEAD Algorithm */ 315 316 uint32_t reserved; 317 }; 318 319 extern uint8_t ccp_cryptodev_driver_id; 320 321 struct ccp_qp; 322 struct ccp_private; 323 324 /** 325 * Set and validate CCP crypto session parameters 326 * 327 * @param sess ccp private session 328 * @param xform crypto xform for this session 329 * @return 0 on success otherwise -1 330 */ 331 int ccp_set_session_parameters(struct ccp_session *sess, 332 const struct rte_crypto_sym_xform *xform, 333 struct ccp_private *internals); 334 335 /** 336 * Find count of slots 337 * 338 * @param session CCP private session 339 * @return count of free slots available 340 */ 341 int ccp_compute_slot_count(struct ccp_session *session); 342 343 /** 344 * process crypto ops to be enqueued 345 * 346 * @param qp CCP crypto queue-pair 347 * @param op crypto ops table 348 * @param cmd_q CCP cmd queue 349 * @param nb_ops No. of ops to be submitted 350 * @return 0 on success otherwise -1 351 */ 352 int process_ops_to_enqueue(struct ccp_qp *qp, 353 struct rte_crypto_op **op, 354 struct ccp_queue *cmd_q, 355 uint16_t nb_ops, 356 uint16_t total_nb_ops, 357 int slots_req, 358 uint16_t b_idx); 359 360 /** 361 * process crypto ops to be dequeued 362 * 363 * @param qp CCP crypto queue-pair 364 * @param op crypto ops table 365 * @param nb_ops requested no. of ops 366 * @return 0 on success otherwise -1 367 */ 368 int process_ops_to_dequeue(struct ccp_qp *qp, 369 struct rte_crypto_op **op, 370 uint16_t nb_ops, 371 uint16_t *total_nb_ops); 372 373 374 /** 375 * Apis for SHA3 partial hash generation 376 * @param data_in buffer pointer on which phash is applied 377 * @param data_out phash result in ccp be format is written 378 */ 379 int partial_hash_sha3_224(uint8_t *data_in, 380 uint8_t *data_out); 381 382 int partial_hash_sha3_256(uint8_t *data_in, 383 uint8_t *data_out); 384 385 int partial_hash_sha3_384(uint8_t *data_in, 386 uint8_t *data_out); 387 388 int partial_hash_sha3_512(uint8_t *data_in, 389 uint8_t *data_out); 390 391 #endif /* _CCP_CRYPTO_H_ */ 392