spu2.c source code [linux/drivers/crypto/bcm/spu2.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Copyright 2016 Broadcom
4	*/
5
6	/*
7	* This file works with the SPU2 version of the SPU. SPU2 has different message
8	* formats than the previous version of the SPU. All SPU message format
9	* differences should be hidden in the spux.c,h files.
10	*/
11
12	#include <linux/kernel.h>
13	#include <linux/string.h>
14
15	#include "util.h"
16	#include "spu.h"
17	#include "spu2.h"
18
19	#define SPU2_TX_STATUS_LEN 0 /* SPU2 has no STATUS in input packet */
20
21	/*
22	* Controlled by pkt_stat_cnt field in CRYPTO_SS_SPU0_CORE_SPU2_CONTROL0
23	* register. Defaults to 2.
24	*/
25	#define SPU2_RX_STATUS_LEN 2
26
27	enum spu2_proto_sel {
28	SPU2_PROTO_RESV = `0`,
29	SPU2_MACSEC_SECTAG8_ECB = `1`,
30	SPU2_MACSEC_SECTAG8_SCB = `2`,
31	SPU2_MACSEC_SECTAG16 = `3`,
32	SPU2_MACSEC_SECTAG16_8_XPN = `4`,
33	SPU2_IPSEC = `5`,
34	SPU2_IPSEC_ESN = `6`,
35	SPU2_TLS_CIPHER = `7`,
36	SPU2_TLS_AEAD = `8`,
37	SPU2_DTLS_CIPHER = `9`,
38	SPU2_DTLS_AEAD = `10`
39	};
40
41	static char *spu2_cipher_type_names[] = { "None", "AES128", "AES192", "AES256",
42	"DES", "3DES"
43	};
44
45	static char *spu2_cipher_mode_names[] = { "ECB", "CBC", "CTR", "CFB", "OFB",
46	"XTS", "CCM", "GCM"
47	};
48
49	static char *spu2_hash_type_names[] = { "None", "AES128", "AES192", "AES256",
50	"Reserved", "Reserved", "MD5", "SHA1", "SHA224", "SHA256", "SHA384",
51	"SHA512", "SHA512/224", "SHA512/256", "SHA3-224", "SHA3-256",
52	"SHA3-384", "SHA3-512"
53	};
54
55	static char *spu2_hash_mode_names[] = { "CMAC", "CBC-MAC", "XCBC-MAC", "HMAC",
56	"Rabin", "CCM", "GCM", "Reserved"
57	};
58
59	static char spu2_ciph_type_name(enum* spu2_cipher_type cipher_type)
60	{
61	if (cipher_type >= SPU2_CIPHER_TYPE_LAST)
62	return "Reserved";
63	return spu2_cipher_type_names[cipher_type];
64	}
65
66	static char spu2_ciph_mode_name(enum* spu2_cipher_mode cipher_mode)
67	{
68	if (cipher_mode >= SPU2_CIPHER_MODE_LAST)
69	return "Reserved";
70	return spu2_cipher_mode_names[cipher_mode];
71	}
72
73	static char spu2_hash_type_name(enum* spu2_hash_type hash_type)
74	{
75	if (hash_type >= SPU2_HASH_TYPE_LAST)
76	return "Reserved";
77	return spu2_hash_type_names[hash_type];
78	}
79
80	static char spu2_hash_mode_name(enum* spu2_hash_mode hash_mode)
81	{
82	if (hash_mode >= SPU2_HASH_MODE_LAST)
83	return "Reserved";
84	return spu2_hash_mode_names[hash_mode];
85	}
86
87	/*
88	* Convert from a software cipher mode value to the corresponding value
89	* for SPU2.
90	*/
91	static int spu2_cipher_mode_xlate(enum spu_cipher_mode cipher_mode,
92	enum spu2_cipher_mode *spu2_mode)
93	{
94	switch (cipher_mode) {
95	case CIPHER_MODE_ECB:
96	*spu2_mode = SPU2_CIPHER_MODE_ECB;
97	break;
98	case CIPHER_MODE_CBC:
99	*spu2_mode = SPU2_CIPHER_MODE_CBC;
100	break;
101	case CIPHER_MODE_OFB:
102	*spu2_mode = SPU2_CIPHER_MODE_OFB;
103	break;
104	case CIPHER_MODE_CFB:
105	*spu2_mode = SPU2_CIPHER_MODE_CFB;
106	break;
107	case CIPHER_MODE_CTR:
108	*spu2_mode = SPU2_CIPHER_MODE_CTR;
109	break;
110	case CIPHER_MODE_CCM:
111	*spu2_mode = SPU2_CIPHER_MODE_CCM;
112	break;
113	case CIPHER_MODE_GCM:
114	*spu2_mode = SPU2_CIPHER_MODE_GCM;
115	break;
116	case CIPHER_MODE_XTS:
117	*spu2_mode = SPU2_CIPHER_MODE_XTS;
118	break;
119	default:
120	return -EINVAL;
121	}
122	return `0`;
123	}
124
125	/**
126	* spu2_cipher_xlate() - Convert a cipher {alg/mode/type} triple to a SPU2
127	* cipher type and mode.
128	* @cipher_alg: [in] cipher algorithm value from software enumeration
129	* @cipher_mode: [in] cipher mode value from software enumeration
130	* @cipher_type: [in] cipher type value from software enumeration
131	* @spu2_type: [out] cipher type value used by spu2 hardware
132	* @spu2_mode: [out] cipher mode value used by spu2 hardware
133	*
134	* Return: 0 if successful
135	*/
136	static int spu2_cipher_xlate(enum spu_cipher_alg cipher_alg,
137	enum spu_cipher_mode cipher_mode,
138	enum spu_cipher_type cipher_type,
139	enum spu2_cipher_type *spu2_type,
140	enum spu2_cipher_mode *spu2_mode)
141	{
142	int err;
143
144	err = spu2_cipher_mode_xlate(cipher_mode, spu2_mode);
145	if (err) {
146	flow_log(format: "Invalid cipher mode %d\n", cipher_mode);
147	return err;
148	}
149
150	switch (cipher_alg) {
151	case CIPHER_ALG_NONE:
152	*spu2_type = SPU2_CIPHER_TYPE_NONE;
153	break;
154	case CIPHER_ALG_RC4:
155	/ SPU2 does not support RC4 /
156	err = -EINVAL;
157	*spu2_type = SPU2_CIPHER_TYPE_NONE;
158	break;
159	case CIPHER_ALG_DES:
160	*spu2_type = SPU2_CIPHER_TYPE_DES;
161	break;
162	case CIPHER_ALG_3DES:
163	*spu2_type = SPU2_CIPHER_TYPE_3DES;
164	break;
165	case CIPHER_ALG_AES:
166	switch (cipher_type) {
167	case CIPHER_TYPE_AES128:
168	*spu2_type = SPU2_CIPHER_TYPE_AES128;
169	break;
170	case CIPHER_TYPE_AES192:
171	*spu2_type = SPU2_CIPHER_TYPE_AES192;
172	break;
173	case CIPHER_TYPE_AES256:
174	*spu2_type = SPU2_CIPHER_TYPE_AES256;
175	break;
176	default:
177	err = -EINVAL;
178	}
179	break;
180	case CIPHER_ALG_LAST:
181	default:
182	err = -EINVAL;
183	break;
184	}
185
186	if (err)
187	flow_log(format: "Invalid cipher alg %d or type %d\n",
188	cipher_alg, cipher_type);
189	return err;
190	}
191
192	/*
193	* Convert from a software hash mode value to the corresponding value
194	* for SPU2. Note that HASH_MODE_NONE and HASH_MODE_XCBC have the same value.
195	*/
196	static int spu2_hash_mode_xlate(enum hash_mode hash_mode,
197	enum spu2_hash_mode *spu2_mode)
198	{
199	switch (hash_mode) {
200	case HASH_MODE_XCBC:
201	*spu2_mode = SPU2_HASH_MODE_XCBC_MAC;
202	break;
203	case HASH_MODE_CMAC:
204	*spu2_mode = SPU2_HASH_MODE_CMAC;
205	break;
206	case HASH_MODE_HMAC:
207	*spu2_mode = SPU2_HASH_MODE_HMAC;
208	break;
209	case HASH_MODE_CCM:
210	*spu2_mode = SPU2_HASH_MODE_CCM;
211	break;
212	case HASH_MODE_GCM:
213	*spu2_mode = SPU2_HASH_MODE_GCM;
214	break;
215	default:
216	return -EINVAL;
217	}
218	return `0`;
219	}
220
221	/**
222	* spu2_hash_xlate() - Convert a hash {alg/mode/type} triple to a SPU2 hash type
223	* and mode.
224	* @hash_alg: [in] hash algorithm value from software enumeration
225	* @hash_mode: [in] hash mode value from software enumeration
226	* @hash_type: [in] hash type value from software enumeration
227	* @ciph_type: [in] cipher type value from software enumeration
228	* @spu2_type: [out] hash type value used by SPU2 hardware
229	* @spu2_mode: [out] hash mode value used by SPU2 hardware
230	*
231	* Return: 0 if successful
232	*/
233	static int
234	spu2_hash_xlate(enum hash_alg hash_alg, enum hash_mode hash_mode,
235	enum hash_type hash_type, enum spu_cipher_type ciph_type,
236	enum spu2_hash_type spu2_type, enum* spu2_hash_mode *spu2_mode)
237	{
238	int err;
239
240	err = spu2_hash_mode_xlate(hash_mode, spu2_mode);
241	if (err) {
242	flow_log(format: "Invalid hash mode %d\n", hash_mode);
243	return err;
244	}
245
246	switch (hash_alg) {
247	case HASH_ALG_NONE:
248	*spu2_type = SPU2_HASH_TYPE_NONE;
249	break;
250	case HASH_ALG_MD5:
251	*spu2_type = SPU2_HASH_TYPE_MD5;
252	break;
253	case HASH_ALG_SHA1:
254	*spu2_type = SPU2_HASH_TYPE_SHA1;
255	break;
256	case HASH_ALG_SHA224:
257	*spu2_type = SPU2_HASH_TYPE_SHA224;
258	break;
259	case HASH_ALG_SHA256:
260	*spu2_type = SPU2_HASH_TYPE_SHA256;
261	break;
262	case HASH_ALG_SHA384:
263	*spu2_type = SPU2_HASH_TYPE_SHA384;
264	break;
265	case HASH_ALG_SHA512:
266	*spu2_type = SPU2_HASH_TYPE_SHA512;
267	break;
268	case HASH_ALG_AES:
269	switch (ciph_type) {
270	case CIPHER_TYPE_AES128:
271	*spu2_type = SPU2_HASH_TYPE_AES128;
272	break;
273	case CIPHER_TYPE_AES192:
274	*spu2_type = SPU2_HASH_TYPE_AES192;
275	break;
276	case CIPHER_TYPE_AES256:
277	*spu2_type = SPU2_HASH_TYPE_AES256;
278	break;
279	default:
280	err = -EINVAL;
281	}
282	break;
283	case HASH_ALG_SHA3_224:
284	*spu2_type = SPU2_HASH_TYPE_SHA3_224;
285	break;
286	case HASH_ALG_SHA3_256:
287	*spu2_type = SPU2_HASH_TYPE_SHA3_256;
288	break;
289	case HASH_ALG_SHA3_384:
290	*spu2_type = SPU2_HASH_TYPE_SHA3_384;
291	break;
292	case HASH_ALG_SHA3_512:
293	*spu2_type = SPU2_HASH_TYPE_SHA3_512;
294	break;
295	case HASH_ALG_LAST:
296	default:
297	err = -EINVAL;
298	break;
299	}
300
301	if (err)
302	flow_log(format: "Invalid hash alg %d or type %d\n",
303	hash_alg, hash_type);
304	return err;
305	}
306
307	/ Dump FMD ctrl0. The ctrl0 input is in host byte order /
308	static void spu2_dump_fmd_ctrl0(u64 ctrl0)
309	{
310	enum spu2_cipher_type ciph_type;
311	enum spu2_cipher_mode ciph_mode;
312	enum spu2_hash_type hash_type;
313	enum spu2_hash_mode hash_mode;
314	char *ciph_name;
315	char *ciph_mode_name;
316	char *hash_name;
317	char *hash_mode_name;
318	u8 cfb;
319	u8 proto;
320
321	packet_log(format: " FMD CTRL0 %#16llx\n", ctrl0);
322	if (ctrl0 & SPU2_CIPH_ENCRYPT_EN)
323	packet_log(format: " encrypt\n");
324	else
325	packet_log(format: " decrypt\n");
326
327	ciph_type = (ctrl0 & SPU2_CIPH_TYPE) >> SPU2_CIPH_TYPE_SHIFT;
328	ciph_name = spu2_ciph_type_name(cipher_type: ciph_type);
329	packet_log(format: " Cipher type: %s\n", ciph_name);
330
331	if (ciph_type != SPU2_CIPHER_TYPE_NONE) {
332	ciph_mode = (ctrl0 & SPU2_CIPH_MODE) >> SPU2_CIPH_MODE_SHIFT;
333	ciph_mode_name = spu2_ciph_mode_name(cipher_mode: ciph_mode);
334	packet_log(format: " Cipher mode: %s\n", ciph_mode_name);
335	}
336
337	cfb = (ctrl0 & SPU2_CFB_MASK) >> SPU2_CFB_MASK_SHIFT;
338	packet_log(format: " CFB %#x\n", cfb);
339
340	proto = (ctrl0 & SPU2_PROTO_SEL) >> SPU2_PROTO_SEL_SHIFT;
341	packet_log(format: " protocol %#x\n", proto);
342
343	if (ctrl0 & SPU2_HASH_FIRST)
344	packet_log(format: " hash first\n");
345	else
346	packet_log(format: " cipher first\n");
347
348	if (ctrl0 & SPU2_CHK_TAG)
349	packet_log(format: " check tag\n");
350
351	hash_type = (ctrl0 & SPU2_HASH_TYPE) >> SPU2_HASH_TYPE_SHIFT;
352	hash_name = spu2_hash_type_name(hash_type);
353	packet_log(format: " Hash type: %s\n", hash_name);
354
355	if (hash_type != SPU2_HASH_TYPE_NONE) {
356	hash_mode = (ctrl0 & SPU2_HASH_MODE) >> SPU2_HASH_MODE_SHIFT;
357	hash_mode_name = spu2_hash_mode_name(hash_mode);
358	packet_log(format: " Hash mode: %s\n", hash_mode_name);
359	}
360
361	if (ctrl0 & SPU2_CIPH_PAD_EN) {
362	packet_log(format: " Cipher pad: %#2llx\n",
363	(ctrl0 & SPU2_CIPH_PAD) >> SPU2_CIPH_PAD_SHIFT);
364	}
365	}
366
367	/ Dump FMD ctrl1. The ctrl1 input is in host byte order /
368	static void spu2_dump_fmd_ctrl1(u64 ctrl1)
369	{
370	u8 hash_key_len;
371	u8 ciph_key_len;
372	u8 ret_iv_len;
373	u8 iv_offset;
374	u8 iv_len;
375	u8 hash_tag_len;
376	u8 ret_md;
377
378	packet_log(format: " FMD CTRL1 %#16llx\n", ctrl1);
379	if (ctrl1 & SPU2_TAG_LOC)
380	packet_log(format: " Tag after payload\n");
381
382	packet_log(format: " Msg includes ");
383	if (ctrl1 & SPU2_HAS_FR_DATA)
384	packet_log(format: "FD ");
385	if (ctrl1 & SPU2_HAS_AAD1)
386	packet_log(format: "AAD1 ");
387	if (ctrl1 & SPU2_HAS_NAAD)
388	packet_log(format: "NAAD ");
389	if (ctrl1 & SPU2_HAS_AAD2)
390	packet_log(format: "AAD2 ");
391	if (ctrl1 & SPU2_HAS_ESN)
392	packet_log(format: "ESN ");
393	packet_log(format: "\n");
394
395	hash_key_len = (ctrl1 & SPU2_HASH_KEY_LEN) >> SPU2_HASH_KEY_LEN_SHIFT;
396	packet_log(format: " Hash key len %u\n", hash_key_len);
397
398	ciph_key_len = (ctrl1 & SPU2_CIPH_KEY_LEN) >> SPU2_CIPH_KEY_LEN_SHIFT;
399	packet_log(format: " Cipher key len %u\n", ciph_key_len);
400
401	if (ctrl1 & SPU2_GENIV)
402	packet_log(format: " Generate IV\n");
403
404	if (ctrl1 & SPU2_HASH_IV)
405	packet_log(format: " IV included in hash\n");
406
407	if (ctrl1 & SPU2_RET_IV)
408	packet_log(format: " Return IV in output before payload\n");
409
410	ret_iv_len = (ctrl1 & SPU2_RET_IV_LEN) >> SPU2_RET_IV_LEN_SHIFT;
411	packet_log(format: " Length of returned IV %u bytes\n",
412	ret_iv_len ? ret_iv_len : `16`);
413
414	iv_offset = (ctrl1 & SPU2_IV_OFFSET) >> SPU2_IV_OFFSET_SHIFT;
415	packet_log(format: " IV offset %u\n", iv_offset);
416
417	iv_len = (ctrl1 & SPU2_IV_LEN) >> SPU2_IV_LEN_SHIFT;
418	packet_log(format: " Input IV len %u bytes\n", iv_len);
419
420	hash_tag_len = (ctrl1 & SPU2_HASH_TAG_LEN) >> SPU2_HASH_TAG_LEN_SHIFT;
421	packet_log(format: " Hash tag length %u bytes\n", hash_tag_len);
422
423	packet_log(format: " Return ");
424	ret_md = (ctrl1 & SPU2_RETURN_MD) >> SPU2_RETURN_MD_SHIFT;
425	if (ret_md)
426	packet_log(format: "FMD ");
427	if (ret_md == SPU2_RET_FMD_OMD)
428	packet_log(format: "OMD ");
429	else if (ret_md == SPU2_RET_FMD_OMD_IV)
430	packet_log(format: "OMD IV ");
431	if (ctrl1 & SPU2_RETURN_FD)
432	packet_log(format: "FD ");
433	if (ctrl1 & SPU2_RETURN_AAD1)
434	packet_log(format: "AAD1 ");
435	if (ctrl1 & SPU2_RETURN_NAAD)
436	packet_log(format: "NAAD ");
437	if (ctrl1 & SPU2_RETURN_AAD2)
438	packet_log(format: "AAD2 ");
439	if (ctrl1 & SPU2_RETURN_PAY)
440	packet_log(format: "Payload");
441	packet_log(format: "\n");
442	}
443
444	/ Dump FMD ctrl2. The ctrl2 input is in host byte order /
445	static void spu2_dump_fmd_ctrl2(u64 ctrl2)
446	{
447	packet_log(format: " FMD CTRL2 %#16llx\n", ctrl2);
448
449	packet_log(format: " AAD1 offset %llu length %llu bytes\n",
450	ctrl2 & SPU2_AAD1_OFFSET,
451	(ctrl2 & SPU2_AAD1_LEN) >> SPU2_AAD1_LEN_SHIFT);
452	packet_log(format: " AAD2 offset %llu\n",
453	(ctrl2 & SPU2_AAD2_OFFSET) >> SPU2_AAD2_OFFSET_SHIFT);
454	packet_log(format: " Payload offset %llu\n",
455	(ctrl2 & SPU2_PL_OFFSET) >> SPU2_PL_OFFSET_SHIFT);
456	}
457
458	/ Dump FMD ctrl3. The ctrl3 input is in host byte order /
459	static void spu2_dump_fmd_ctrl3(u64 ctrl3)
460	{
461	packet_log(format: " FMD CTRL3 %#16llx\n", ctrl3);
462
463	packet_log(format: " Payload length %llu bytes\n", ctrl3 & SPU2_PL_LEN);
464	packet_log(format: " TLS length %llu bytes\n",
465	(ctrl3 & SPU2_TLS_LEN) >> SPU2_TLS_LEN_SHIFT);
466	}
467
468	static void spu2_dump_fmd(struct SPU2_FMD *fmd)
469	{
470	spu2_dump_fmd_ctrl0(le64_to_cpu(fmd->ctrl0));
471	spu2_dump_fmd_ctrl1(le64_to_cpu(fmd->ctrl1));
472	spu2_dump_fmd_ctrl2(le64_to_cpu(fmd->ctrl2));
473	spu2_dump_fmd_ctrl3(le64_to_cpu(fmd->ctrl3));
474	}
475
476	static void spu2_dump_omd(u8 *omd, u16 hash_key_len, u16 ciph_key_len,
477	u16 hash_iv_len, u16 ciph_iv_len)
478	{
479	u8 *ptr = omd;
480
481	packet_log(format: " OMD:\n");
482
483	if (hash_key_len) {
484	packet_log(format: " Hash Key Length %u bytes\n", hash_key_len);
485	packet_dump(msg: " KEY: ", var: ptr, var_len: hash_key_len);
486	ptr += hash_key_len;
487	}
488
489	if (ciph_key_len) {
490	packet_log(format: " Cipher Key Length %u bytes\n", ciph_key_len);
491	packet_dump(msg: " KEY: ", var: ptr, var_len: ciph_key_len);
492	ptr += ciph_key_len;
493	}
494
495	if (hash_iv_len) {
496	packet_log(format: " Hash IV Length %u bytes\n", hash_iv_len);
497	packet_dump(msg: " hash IV: ", var: ptr, var_len: hash_iv_len);
498	ptr += ciph_key_len;
499	}
500
501	if (ciph_iv_len) {
502	packet_log(format: " Cipher IV Length %u bytes\n", ciph_iv_len);
503	packet_dump(msg: " cipher IV: ", var: ptr, var_len: ciph_iv_len);
504	}
505	}
506
507	/ Dump a SPU2 header for debug /
508	void spu2_dump_msg_hdr(u8 buf, unsigned* int buf_len)
509	{
510	struct SPU2_FMD fmd = (struct* SPU2_FMD *)buf;
511	u8 *omd;
512	u64 ctrl1;
513	u16 hash_key_len;
514	u16 ciph_key_len;
515	u16 hash_iv_len;
516	u16 ciph_iv_len;
517	u16 omd_len;
518
519	packet_log(format: "\n");
520	packet_log(format: "SPU2 message header %p len: %u\n", buf, buf_len);
521
522	spu2_dump_fmd(fmd);
523	omd = (u8 *)(fmd + `1`);
524
525	ctrl1 = le64_to_cpu(fmd->ctrl1);
526	hash_key_len = (ctrl1 & SPU2_HASH_KEY_LEN) >> SPU2_HASH_KEY_LEN_SHIFT;
527	ciph_key_len = (ctrl1 & SPU2_CIPH_KEY_LEN) >> SPU2_CIPH_KEY_LEN_SHIFT;
528	hash_iv_len = `0`;
529	ciph_iv_len = (ctrl1 & SPU2_IV_LEN) >> SPU2_IV_LEN_SHIFT;
530	spu2_dump_omd(omd, hash_key_len, ciph_key_len, hash_iv_len,
531	ciph_iv_len);
532
533	/ Double check sanity /
534	omd_len = hash_key_len + ciph_key_len + hash_iv_len + ciph_iv_len;
535	if (FMD_SIZE + omd_len != buf_len) {
536	packet_log
537	(format: " Packet parsed incorrectly. buf_len %u, sum of MD %zu\n",
538	buf_len, FMD_SIZE + omd_len);
539	}
540	packet_log(format: "\n");
541	}
542
543	/**
544	* spu2_fmd_init() - At setkey time, initialize the fixed meta data for
545	* subsequent skcipher requests for this context.
546	* @fmd: Start of FMD field to be written
547	* @spu2_type: Cipher algorithm
548	* @spu2_mode: Cipher mode
549	* @cipher_key_len: Length of cipher key, in bytes
550	* @cipher_iv_len: Length of cipher initialization vector, in bytes
551	*
552	* Return: 0 (success)
553	*/
554	static int spu2_fmd_init(struct SPU2_FMD *fmd,
555	enum spu2_cipher_type spu2_type,
556	enum spu2_cipher_mode spu2_mode,
557	u32 cipher_key_len, u32 cipher_iv_len)
558	{
559	u64 ctrl0;
560	u64 ctrl1;
561	u64 ctrl2;
562	u64 ctrl3;
563	u32 aad1_offset;
564	u32 aad2_offset;
565	u16 aad1_len = `0`;
566	u64 payload_offset;
567
568	ctrl0 = (spu2_type << SPU2_CIPH_TYPE_SHIFT) \|
569	(spu2_mode << SPU2_CIPH_MODE_SHIFT);
570
571	ctrl1 = (cipher_key_len << SPU2_CIPH_KEY_LEN_SHIFT) \|
572	((u64)cipher_iv_len << SPU2_IV_LEN_SHIFT) \|
573	((u64)SPU2_RET_FMD_ONLY << SPU2_RETURN_MD_SHIFT) \| SPU2_RETURN_PAY;
574
575	/*
576	* AAD1 offset is from start of FD. FD length is always 0 for this
577	* driver. So AAD1_offset is always 0.
578	*/
579	aad1_offset = `0`;
580	aad2_offset = aad1_offset;
581	payload_offset = `0`;
582	ctrl2 = aad1_offset \|
583	(aad1_len << SPU2_AAD1_LEN_SHIFT) \|
584	(aad2_offset << SPU2_AAD2_OFFSET_SHIFT) \|
585	(payload_offset << SPU2_PL_OFFSET_SHIFT);
586
587	ctrl3 = `0`;
588
589	fmd->ctrl0 = cpu_to_le64(ctrl0);
590	fmd->ctrl1 = cpu_to_le64(ctrl1);
591	fmd->ctrl2 = cpu_to_le64(ctrl2);
592	fmd->ctrl3 = cpu_to_le64(ctrl3);
593
594	return `0`;
595	}
596
597	/**
598	* spu2_fmd_ctrl0_write() - Write ctrl0 field in fixed metadata (FMD) field of
599	* SPU request packet.
600	* @fmd: Start of FMD field to be written
601	* @is_inbound: true if decrypting. false if encrypting.
602	* @auth_first: true if alg authenticates before encrypting
603	* @protocol: protocol selector
604	* @cipher_type: cipher algorithm
605	* @cipher_mode: cipher mode
606	* @auth_type: authentication type
607	* @auth_mode: authentication mode
608	*/
609	static void spu2_fmd_ctrl0_write(struct SPU2_FMD *fmd,
610	bool is_inbound, bool auth_first,
611	enum spu2_proto_sel protocol,
612	enum spu2_cipher_type cipher_type,
613	enum spu2_cipher_mode cipher_mode,
614	enum spu2_hash_type auth_type,
615	enum spu2_hash_mode auth_mode)
616	{
617	u64 ctrl0 = `0`;
618
619	if ((cipher_type != SPU2_CIPHER_TYPE_NONE) && !is_inbound)
620	ctrl0 \|= SPU2_CIPH_ENCRYPT_EN;
621
622	ctrl0 \|= ((u64)cipher_type << SPU2_CIPH_TYPE_SHIFT) \|
623	((u64)cipher_mode << SPU2_CIPH_MODE_SHIFT);
624
625	if (protocol)
626	ctrl0 \|= (u64)protocol << SPU2_PROTO_SEL_SHIFT;
627
628	if (auth_first)
629	ctrl0 \|= SPU2_HASH_FIRST;
630
631	if (is_inbound && (auth_type != SPU2_HASH_TYPE_NONE))
632	ctrl0 \|= SPU2_CHK_TAG;
633
634	ctrl0 \|= (((u64)auth_type << SPU2_HASH_TYPE_SHIFT) \|
635	((u64)auth_mode << SPU2_HASH_MODE_SHIFT));
636
637	fmd->ctrl0 = cpu_to_le64(ctrl0);
638	}
639
640	/**
641	* spu2_fmd_ctrl1_write() - Write ctrl1 field in fixed metadata (FMD) field of
642	* SPU request packet.
643	* @fmd: Start of FMD field to be written
644	* @is_inbound: true if decrypting. false if encrypting.
645	* @assoc_size: Length of additional associated data, in bytes
646	* @auth_key_len: Length of authentication key, in bytes
647	* @cipher_key_len: Length of cipher key, in bytes
648	* @gen_iv: If true, hw generates IV and returns in response
649	* @hash_iv: IV participates in hash. Used for IPSEC and TLS.
650	* @return_iv: Return IV in output packet before payload
651	* @ret_iv_len: Length of IV returned from SPU, in bytes
652	* @ret_iv_offset: Offset into full IV of start of returned IV
653	* @cipher_iv_len: Length of input cipher IV, in bytes
654	* @digest_size: Length of digest (aka, hash tag or ICV), in bytes
655	* @return_payload: Return payload in SPU response
656	* @return_md : return metadata in SPU response
657	*
658	* Packet can have AAD2 w/o AAD1. For algorithms currently supported,
659	* associated data goes in AAD2.
660	*/
661	static void spu2_fmd_ctrl1_write(struct SPU2_FMD *fmd, bool is_inbound,
662	u64 assoc_size,
663	u64 auth_key_len, u64 cipher_key_len,
664	bool gen_iv, bool hash_iv, bool return_iv,
665	u64 ret_iv_len, u64 ret_iv_offset,
666	u64 cipher_iv_len, u64 digest_size,
667	bool return_payload, bool return_md)
668	{
669	u64 ctrl1 = `0`;
670
671	if (is_inbound && digest_size)
672	ctrl1 \|= SPU2_TAG_LOC;
673
674	if (assoc_size) {
675	ctrl1 \|= SPU2_HAS_AAD2;
676	ctrl1 \|= SPU2_RETURN_AAD2; / need aad2 for gcm aes esp /
677	}
678
679	if (auth_key_len)
680	ctrl1 \|= ((auth_key_len << SPU2_HASH_KEY_LEN_SHIFT) &
681	SPU2_HASH_KEY_LEN);
682
683	if (cipher_key_len)
684	ctrl1 \|= ((cipher_key_len << SPU2_CIPH_KEY_LEN_SHIFT) &
685	SPU2_CIPH_KEY_LEN);
686
687	if (gen_iv)
688	ctrl1 \|= SPU2_GENIV;
689
690	if (hash_iv)
691	ctrl1 \|= SPU2_HASH_IV;
692
693	if (return_iv) {
694	ctrl1 \|= SPU2_RET_IV;
695	ctrl1 \|= ret_iv_len << SPU2_RET_IV_LEN_SHIFT;
696	ctrl1 \|= ret_iv_offset << SPU2_IV_OFFSET_SHIFT;
697	}
698
699	ctrl1 \|= ((cipher_iv_len << SPU2_IV_LEN_SHIFT) & SPU2_IV_LEN);
700
701	if (digest_size)
702	ctrl1 \|= ((digest_size << SPU2_HASH_TAG_LEN_SHIFT) &
703	SPU2_HASH_TAG_LEN);
704
705	/ Let's ask for the output pkt to include FMD, but don't need to*
706	* get keys and IVs back in OMD.
707	*/
708	if (return_md)
709	ctrl1 \|= ((u64)SPU2_RET_FMD_ONLY << SPU2_RETURN_MD_SHIFT);
710	else
711	ctrl1 \|= ((u64)SPU2_RET_NO_MD << SPU2_RETURN_MD_SHIFT);
712
713	/ Crypto API does not get assoc data back. So no need for AAD2. /
714
715	if (return_payload)
716	ctrl1 \|= SPU2_RETURN_PAY;
717
718	fmd->ctrl1 = cpu_to_le64(ctrl1);
719	}
720
721	/**
722	* spu2_fmd_ctrl2_write() - Set the ctrl2 field in the fixed metadata field of
723	* SPU2 header.
724	* @fmd: Start of FMD field to be written
725	* @cipher_offset: Number of bytes from Start of Packet (end of FD field) where
726	* data to be encrypted or decrypted begins
727	* @auth_key_len: Length of authentication key, in bytes
728	* @auth_iv_len: Length of authentication initialization vector, in bytes
729	* @cipher_key_len: Length of cipher key, in bytes
730	* @cipher_iv_len: Length of cipher IV, in bytes
731	*/
732	static void spu2_fmd_ctrl2_write(struct SPU2_FMD *fmd, u64 cipher_offset,
733	u64 auth_key_len, u64 auth_iv_len,
734	u64 cipher_key_len, u64 cipher_iv_len)
735	{
736	u64 ctrl2;
737	u64 aad1_offset;
738	u64 aad2_offset;
739	u16 aad1_len = `0`;
740	u64 payload_offset;
741
742	/ AAD1 offset is from start of FD. FD length always 0. /
743	aad1_offset = `0`;
744
745	aad2_offset = aad1_offset;
746	payload_offset = cipher_offset;
747	ctrl2 = aad1_offset \|
748	(aad1_len << SPU2_AAD1_LEN_SHIFT) \|
749	(aad2_offset << SPU2_AAD2_OFFSET_SHIFT) \|
750	(payload_offset << SPU2_PL_OFFSET_SHIFT);
751
752	fmd->ctrl2 = cpu_to_le64(ctrl2);
753	}
754
755	/**
756	* spu2_fmd_ctrl3_write() - Set the ctrl3 field in FMD
757	* @fmd: Fixed meta data. First field in SPU2 msg header.
758	* @payload_len: Length of payload, in bytes
759	*/
760	static void spu2_fmd_ctrl3_write(struct SPU2_FMD *fmd, u64 payload_len)
761	{
762	u64 ctrl3;
763
764	ctrl3 = payload_len & SPU2_PL_LEN;
765
766	fmd->ctrl3 = cpu_to_le64(ctrl3);
767	}
768
769	/**
770	* spu2_ctx_max_payload() - Determine the maximum length of the payload for a
771	* SPU message for a given cipher and hash alg context.
772	* @cipher_alg: The cipher algorithm
773	* @cipher_mode: The cipher mode
774	* @blocksize: The size of a block of data for this algo
775	*
776	* For SPU2, the hardware generally ignores the PayloadLen field in ctrl3 of
777	* FMD and just keeps computing until it receives a DMA descriptor with the EOF
778	* flag set. So we consider the max payload to be infinite. AES CCM is an
779	* exception.
780	*
781	* Return: Max payload length in bytes
782	*/
783	u32 spu2_ctx_max_payload(enum spu_cipher_alg cipher_alg,
784	enum spu_cipher_mode cipher_mode,
785	unsigned int blocksize)
786	{
787	if ((cipher_alg == CIPHER_ALG_AES) &&
788	(cipher_mode == CIPHER_MODE_CCM)) {
789	u32 excess = SPU2_MAX_PAYLOAD % blocksize;
790
791	return SPU2_MAX_PAYLOAD - excess;
792	} else {
793	return SPU_MAX_PAYLOAD_INF;
794	}
795	}
796
797	/**
798	* spu2_payload_length() - Given a SPU2 message header, extract the payload
799	* length.
800	* @spu_hdr: Start of SPU message header (FMD)
801	*
802	* Return: payload length, in bytes
803	*/
804	u32 spu2_payload_length(u8 *spu_hdr)
805	{
806	struct SPU2_FMD fmd = (struct* SPU2_FMD *)spu_hdr;
807	u32 pl_len;
808	u64 ctrl3;
809
810	ctrl3 = le64_to_cpu(fmd->ctrl3);
811	pl_len = ctrl3 & SPU2_PL_LEN;
812
813	return pl_len;
814	}
815
816	/**
817	* spu2_response_hdr_len() - Determine the expected length of a SPU response
818	* header.
819	* @auth_key_len: Length of authentication key, in bytes
820	* @enc_key_len: Length of encryption key, in bytes
821	* @is_hash: Unused
822	*
823	* For SPU2, includes just FMD. OMD is never requested.
824	*
825	* Return: Length of FMD, in bytes
826	*/
827	u16 spu2_response_hdr_len(u16 auth_key_len, u16 enc_key_len, bool is_hash)
828	{
829	return FMD_SIZE;
830	}
831
832	/**
833	* spu2_hash_pad_len() - Calculate the length of hash padding required to extend
834	* data to a full block size.
835	* @hash_alg: hash algorithm
836	* @hash_mode: hash mode
837	* @chunksize: length of data, in bytes
838	* @hash_block_size: size of a hash block, in bytes
839	*
840	* SPU2 hardware does all hash padding
841	*
842	* Return: length of hash pad in bytes
843	*/
844	u16 spu2_hash_pad_len(enum hash_alg hash_alg, enum hash_mode hash_mode,
845	u32 chunksize, u16 hash_block_size)
846	{
847	return `0`;
848	}
849
850	/**
851	* spu2_gcm_ccm_pad_len() - Determine the length of GCM/CCM padding for either
852	* the AAD field or the data.
853	* @cipher_mode: Unused
854	* @data_size: Unused
855	*
856	* Return: 0. Unlike SPU-M, SPU2 hardware does any GCM/CCM padding required.
857	*/
858	u32 spu2_gcm_ccm_pad_len(enum spu_cipher_mode cipher_mode,
859	unsigned int data_size)
860	{
861	return `0`;
862	}
863
864	/**
865	* spu2_assoc_resp_len() - Determine the size of the AAD2 buffer needed to catch
866	* associated data in a SPU2 output packet.
867	* @cipher_mode: cipher mode
868	* @assoc_len: length of additional associated data, in bytes
869	* @iv_len: length of initialization vector, in bytes
870	* @is_encrypt: true if encrypting. false if decrypt.
871	*
872	* Return: Length of buffer to catch associated data in response
873	*/
874	u32 spu2_assoc_resp_len(enum spu_cipher_mode cipher_mode,
875	unsigned int assoc_len, unsigned int iv_len,
876	bool is_encrypt)
877	{
878	u32 resp_len = assoc_len;
879
880	if (is_encrypt)
881	/ gcm aes esp has to write 8-byte IV in response /
882	resp_len += iv_len;
883	return resp_len;
884	}
885
886	/**
887	* spu2_aead_ivlen() - Calculate the length of the AEAD IV to be included
888	* in a SPU request after the AAD and before the payload.
889	* @cipher_mode: cipher mode
890	* @iv_len: initialization vector length in bytes
891	*
892	* For SPU2, AEAD IV is included in OMD and does not need to be repeated
893	* prior to the payload.
894	*
895	* Return: Length of AEAD IV in bytes
896	*/
897	u8 spu2_aead_ivlen(enum spu_cipher_mode cipher_mode, u16 iv_len)
898	{
899	return `0`;
900	}
901
902	/**
903	* spu2_hash_type() - Determine the type of hash operation.
904	* @src_sent: The number of bytes in the current request that have already
905	* been sent to the SPU to be hashed.
906	*
907	* SPU2 always does a FULL hash operation
908	*/
909	enum hash_type spu2_hash_type(u32 src_sent)
910	{
911	return HASH_TYPE_FULL;
912	}
913
914	/**
915	* spu2_digest_size() - Determine the size of a hash digest to expect the SPU to
916	* return.
917	* @alg_digest_size: Number of bytes in the final digest for the given algo
918	* @alg: The hash algorithm
919	* @htype: Type of hash operation (init, update, full, etc)
920	*
921	*/
922	u32 spu2_digest_size(u32 alg_digest_size, enum hash_alg alg,
923	enum hash_type htype)
924	{
925	return alg_digest_size;
926	}
927
928	/**
929	* spu2_create_request() - Build a SPU2 request message header, includint FMD and
930	* OMD.
931	* @spu_hdr: Start of buffer where SPU request header is to be written
932	* @req_opts: SPU request message options
933	* @cipher_parms: Parameters related to cipher algorithm
934	* @hash_parms: Parameters related to hash algorithm
935	* @aead_parms: Parameters related to AEAD operation
936	* @data_size: Length of data to be encrypted or authenticated. If AEAD, does
937	* not include length of AAD.
938	*
939	* Construct the message starting at spu_hdr. Caller should allocate this buffer
940	* in DMA-able memory at least SPU_HEADER_ALLOC_LEN bytes long.
941	*
942	* Return: the length of the SPU header in bytes. 0 if an error occurs.
943	*/
944	u32 spu2_create_request(u8 *spu_hdr,
945	struct spu_request_opts *req_opts,
946	struct spu_cipher_parms *cipher_parms,
947	struct spu_hash_parms *hash_parms,
948	struct spu_aead_parms *aead_parms,
949	unsigned int data_size)
950	{
951	struct SPU2_FMD *fmd;
952	u8 *ptr;
953	unsigned int buf_len;
954	int err;
955	enum spu2_cipher_type spu2_ciph_type = SPU2_CIPHER_TYPE_NONE;
956	enum spu2_cipher_mode spu2_ciph_mode;
957	enum spu2_hash_type spu2_auth_type = SPU2_HASH_TYPE_NONE;
958	enum spu2_hash_mode spu2_auth_mode;
959	bool return_md = true;
960	enum spu2_proto_sel proto = SPU2_PROTO_RESV;
961
962	/ size of the payload /
963	unsigned int payload_len =
964	hash_parms->prebuf_len + data_size + hash_parms->pad_len -
965	((req_opts->is_aead && req_opts->is_inbound) ?
966	hash_parms->digestsize : `0`);
967
968	/ offset of prebuf or data from start of AAD2 /
969	unsigned int cipher_offset = aead_parms->assoc_size +
970	aead_parms->aad_pad_len + aead_parms->iv_len;
971
972	/ total size of the data following OMD (without STAT word padding) /
973	unsigned int real_db_size = spu_real_db_size(assoc_size: aead_parms->assoc_size,
974	aead_iv_buf_len: aead_parms->iv_len,
975	prebuf_len: hash_parms->prebuf_len,
976	data_size,
977	aad_pad_len: aead_parms->aad_pad_len,
978	gcm_pad_len: aead_parms->data_pad_len,
979	hash_pad_len: hash_parms->pad_len);
980	unsigned int assoc_size = aead_parms->assoc_size;
981
982	if (req_opts->is_aead &&
983	(cipher_parms->alg == CIPHER_ALG_AES) &&
984	(cipher_parms->mode == CIPHER_MODE_GCM))
985	/*
986	* On SPU 2, aes gcm cipher first on encrypt, auth first on
987	* decrypt
988	*/
989	req_opts->auth_first = req_opts->is_inbound;
990
991	/ and do opposite for ccm (auth 1st on encrypt) /
992	if (req_opts->is_aead &&
993	(cipher_parms->alg == CIPHER_ALG_AES) &&
994	(cipher_parms->mode == CIPHER_MODE_CCM))
995	req_opts->auth_first = !req_opts->is_inbound;
996
997	flow_log(format: "%s()\n", __func__);
998	flow_log(format: " in:%u authFirst:%u\n",
999	req_opts->is_inbound, req_opts->auth_first);
1000	flow_log(format: " cipher alg:%u mode:%u type %u\n", cipher_parms->alg,
1001	cipher_parms->mode, cipher_parms->type);
1002	flow_log(format: " is_esp: %s\n", req_opts->is_esp ? "yes" : "no");
1003	flow_log(format: " key: %d\n", cipher_parms->key_len);
1004	flow_dump(msg: " key: ", var: cipher_parms->key_buf, var_len: cipher_parms->key_len);
1005	flow_log(format: " iv: %d\n", cipher_parms->iv_len);
1006	flow_dump(msg: " iv: ", var: cipher_parms->iv_buf, var_len: cipher_parms->iv_len);
1007	flow_log(format: " auth alg:%u mode:%u type %u\n",
1008	hash_parms->alg, hash_parms->mode, hash_parms->type);
1009	flow_log(format: " digestsize: %u\n", hash_parms->digestsize);
1010	flow_log(format: " authkey: %d\n", hash_parms->key_len);
1011	flow_dump(msg: " authkey: ", var: hash_parms->key_buf, var_len: hash_parms->key_len);
1012	flow_log(format: " assoc_size:%u\n", assoc_size);
1013	flow_log(format: " prebuf_len:%u\n", hash_parms->prebuf_len);
1014	flow_log(format: " data_size:%u\n", data_size);
1015	flow_log(format: " hash_pad_len:%u\n", hash_parms->pad_len);
1016	flow_log(format: " real_db_size:%u\n", real_db_size);
1017	flow_log(format: " cipher_offset:%u payload_len:%u\n",
1018	cipher_offset, payload_len);
1019	flow_log(format: " aead_iv: %u\n", aead_parms->iv_len);
1020
1021	/ Convert to spu2 values for cipher alg, hash alg /
1022	err = spu2_cipher_xlate(cipher_alg: cipher_parms->alg, cipher_mode: cipher_parms->mode,
1023	cipher_type: cipher_parms->type,
1024	spu2_type: &spu2_ciph_type, spu2_mode: &spu2_ciph_mode);
1025
1026	/ If we are doing GCM hashing only - either via rfc4543 transform*
1027	* or because we happen to do GCM with AAD only and no payload - we
1028	* need to configure hardware to use hash key rather than cipher key
1029	* and put data into payload. This is because unlike SPU-M, running
1030	* GCM cipher with 0 size payload is not permitted.
1031	*/
1032	if ((req_opts->is_rfc4543) \|\|
1033	((spu2_ciph_mode == SPU2_CIPHER_MODE_GCM) &&
1034	(payload_len == `0`))) {
1035	/ Use hashing (only) and set up hash key /
1036	spu2_ciph_type = SPU2_CIPHER_TYPE_NONE;
1037	hash_parms->key_len = cipher_parms->key_len;
1038	memcpy(hash_parms->key_buf, cipher_parms->key_buf,
1039	cipher_parms->key_len);
1040	cipher_parms->key_len = `0`;
1041
1042	if (req_opts->is_rfc4543)
1043	payload_len += assoc_size;
1044	else
1045	payload_len = assoc_size;
1046	cipher_offset = `0`;
1047	assoc_size = `0`;
1048	}
1049
1050	if (err)
1051	return `0`;
1052
1053	flow_log(format: "spu2 cipher type %s, cipher mode %s\n",
1054	spu2_ciph_type_name(cipher_type: spu2_ciph_type),
1055	spu2_ciph_mode_name(cipher_mode: spu2_ciph_mode));
1056
1057	err = spu2_hash_xlate(hash_alg: hash_parms->alg, hash_mode: hash_parms->mode,
1058	hash_type: hash_parms->type,
1059	ciph_type: cipher_parms->type,
1060	spu2_type: &spu2_auth_type, spu2_mode: &spu2_auth_mode);
1061	if (err)
1062	return `0`;
1063
1064	flow_log(format: "spu2 hash type %s, hash mode %s\n",
1065	spu2_hash_type_name(hash_type: spu2_auth_type),
1066	spu2_hash_mode_name(hash_mode: spu2_auth_mode));
1067
1068	fmd = (struct SPU2_FMD *)spu_hdr;
1069
1070	spu2_fmd_ctrl0_write(fmd, is_inbound: req_opts->is_inbound, auth_first: req_opts->auth_first,
1071	protocol: proto, cipher_type: spu2_ciph_type, cipher_mode: spu2_ciph_mode,
1072	auth_type: spu2_auth_type, auth_mode: spu2_auth_mode);
1073
1074	spu2_fmd_ctrl1_write(fmd, is_inbound: req_opts->is_inbound, assoc_size,
1075	auth_key_len: hash_parms->key_len, cipher_key_len: cipher_parms->key_len,
1076	gen_iv: false, hash_iv: false,
1077	return_iv: aead_parms->return_iv, ret_iv_len: aead_parms->ret_iv_len,
1078	ret_iv_offset: aead_parms->ret_iv_off,
1079	cipher_iv_len: cipher_parms->iv_len, digest_size: hash_parms->digestsize,
1080	return_payload: !req_opts->bd_suppress, return_md);
1081
1082	spu2_fmd_ctrl2_write(fmd, cipher_offset, auth_key_len: hash_parms->key_len, auth_iv_len: `0`,
1083	cipher_key_len: cipher_parms->key_len, cipher_iv_len: cipher_parms->iv_len);
1084
1085	spu2_fmd_ctrl3_write(fmd, payload_len);
1086
1087	ptr = (u8 *)(fmd + `1`);
1088	buf_len = sizeof(struct SPU2_FMD);
1089
1090	/ Write OMD /
1091	if (hash_parms->key_len) {
1092	memcpy(ptr, hash_parms->key_buf, hash_parms->key_len);
1093	ptr += hash_parms->key_len;
1094	buf_len += hash_parms->key_len;
1095	}
1096	if (cipher_parms->key_len) {
1097	memcpy(ptr, cipher_parms->key_buf, cipher_parms->key_len);
1098	ptr += cipher_parms->key_len;
1099	buf_len += cipher_parms->key_len;
1100	}
1101	if (cipher_parms->iv_len) {
1102	memcpy(ptr, cipher_parms->iv_buf, cipher_parms->iv_len);
1103	ptr += cipher_parms->iv_len;
1104	buf_len += cipher_parms->iv_len;
1105	}
1106
1107	packet_dump(msg: " SPU request header: ", var: spu_hdr, var_len: buf_len);
1108
1109	return buf_len;
1110	}
1111
1112	/**
1113	* spu2_cipher_req_init() - Build an skcipher SPU2 request message header,
1114	* including FMD and OMD.
1115	* @spu_hdr: Location of start of SPU request (FMD field)
1116	* @cipher_parms: Parameters describing cipher request
1117	*
1118	* Called at setkey time to initialize a msg header that can be reused for all
1119	* subsequent skcipher requests. Construct the message starting at spu_hdr.
1120	* Caller should allocate this buffer in DMA-able memory at least
1121	* SPU_HEADER_ALLOC_LEN bytes long.
1122	*
1123	* Return: the total length of the SPU header (FMD and OMD) in bytes. 0 if an
1124	* error occurs.
1125	*/
1126	u16 spu2_cipher_req_init(u8 spu_hdr, struct* spu_cipher_parms *cipher_parms)
1127	{
1128	struct SPU2_FMD *fmd;
1129	u8 *omd;
1130	enum spu2_cipher_type spu2_type = SPU2_CIPHER_TYPE_NONE;
1131	enum spu2_cipher_mode spu2_mode;
1132	int err;
1133
1134	flow_log(format: "%s()\n", __func__);
1135	flow_log(format: " cipher alg:%u mode:%u type %u\n", cipher_parms->alg,
1136	cipher_parms->mode, cipher_parms->type);
1137	flow_log(format: " cipher_iv_len: %u\n", cipher_parms->iv_len);
1138	flow_log(format: " key: %d\n", cipher_parms->key_len);
1139	flow_dump(msg: " key: ", var: cipher_parms->key_buf, var_len: cipher_parms->key_len);
1140
1141	/ Convert to spu2 values /
1142	err = spu2_cipher_xlate(cipher_alg: cipher_parms->alg, cipher_mode: cipher_parms->mode,
1143	cipher_type: cipher_parms->type, spu2_type: &spu2_type, spu2_mode: &spu2_mode);
1144	if (err)
1145	return `0`;
1146
1147	flow_log(format: "spu2 cipher type %s, cipher mode %s\n",
1148	spu2_ciph_type_name(cipher_type: spu2_type),
1149	spu2_ciph_mode_name(cipher_mode: spu2_mode));
1150
1151	/ Construct the FMD header /
1152	fmd = (struct SPU2_FMD *)spu_hdr;
1153	err = spu2_fmd_init(fmd, spu2_type, spu2_mode, cipher_key_len: cipher_parms->key_len,
1154	cipher_iv_len: cipher_parms->iv_len);
1155	if (err)
1156	return `0`;
1157
1158	/ Write cipher key to OMD /
1159	omd = (u8 *)(fmd + `1`);
1160	if (cipher_parms->key_buf && cipher_parms->key_len)
1161	memcpy(omd, cipher_parms->key_buf, cipher_parms->key_len);
1162
1163	packet_dump(msg: " SPU request header: ", var: spu_hdr,
1164	FMD_SIZE + cipher_parms->key_len + cipher_parms->iv_len);
1165
1166	return FMD_SIZE + cipher_parms->key_len + cipher_parms->iv_len;
1167	}
1168
1169	/**
1170	* spu2_cipher_req_finish() - Finish building a SPU request message header for a
1171	* block cipher request.
1172	* @spu_hdr: Start of the request message header (MH field)
1173	* @spu_req_hdr_len: Length in bytes of the SPU request header
1174	* @is_inbound: 0 encrypt, 1 decrypt
1175	* @cipher_parms: Parameters describing cipher operation to be performed
1176	* @data_size: Length of the data in the BD field
1177	*
1178	* Assumes much of the header was already filled in at setkey() time in
1179	* spu_cipher_req_init().
1180	* spu_cipher_req_init() fills in the encryption key.
1181	*/
1182	void spu2_cipher_req_finish(u8 *spu_hdr,
1183	u16 spu_req_hdr_len,
1184	unsigned int is_inbound,
1185	struct spu_cipher_parms *cipher_parms,
1186	unsigned int data_size)
1187	{
1188	struct SPU2_FMD *fmd;
1189	u8 omd; /* start of optional metadata /
1190	u64 ctrl0;
1191	u64 ctrl3;
1192
1193	flow_log(format: "%s()\n", __func__);
1194	flow_log(format: " in: %u\n", is_inbound);
1195	flow_log(format: " cipher alg: %u, cipher_type: %u\n", cipher_parms->alg,
1196	cipher_parms->type);
1197	flow_log(format: " iv len: %d\n", cipher_parms->iv_len);
1198	flow_dump(msg: " iv: ", var: cipher_parms->iv_buf, var_len: cipher_parms->iv_len);
1199	flow_log(format: " data_size: %u\n", data_size);
1200
1201	fmd = (struct SPU2_FMD *)spu_hdr;
1202	omd = (u8 *)(fmd + `1`);
1203
1204	/*
1205	* FMD ctrl0 was initialized at setkey time. update it to indicate
1206	* whether we are encrypting or decrypting.
1207	*/
1208	ctrl0 = le64_to_cpu(fmd->ctrl0);
1209	if (is_inbound)
1210	ctrl0 &= ~SPU2_CIPH_ENCRYPT_EN; / decrypt /
1211	else
1212	ctrl0 \|= SPU2_CIPH_ENCRYPT_EN; / encrypt /
1213	fmd->ctrl0 = cpu_to_le64(ctrl0);
1214
1215	if (cipher_parms->alg && cipher_parms->iv_buf && cipher_parms->iv_len) {
1216	/ cipher iv provided so put it in here /
1217	memcpy(omd + cipher_parms->key_len, cipher_parms->iv_buf,
1218	cipher_parms->iv_len);
1219	}
1220
1221	ctrl3 = le64_to_cpu(fmd->ctrl3);
1222	data_size &= SPU2_PL_LEN;
1223	ctrl3 \|= data_size;
1224	fmd->ctrl3 = cpu_to_le64(ctrl3);
1225
1226	packet_dump(msg: " SPU request header: ", var: spu_hdr, var_len: spu_req_hdr_len);
1227	}
1228
1229	/**
1230	* spu2_request_pad() - Create pad bytes at the end of the data.
1231	* @pad_start: Start of buffer where pad bytes are to be written
1232	* @gcm_padding: Length of GCM padding, in bytes
1233	* @hash_pad_len: Number of bytes of padding extend data to full block
1234	* @auth_alg: Authentication algorithm
1235	* @auth_mode: Authentication mode
1236	* @total_sent: Length inserted at end of hash pad
1237	* @status_padding: Number of bytes of padding to align STATUS word
1238	*
1239	* There may be three forms of pad:
1240	* 1. GCM pad - for GCM mode ciphers, pad to 16-byte alignment
1241	* 2. hash pad - pad to a block length, with 0x80 data terminator and
1242	* size at the end
1243	* 3. STAT pad - to ensure the STAT field is 4-byte aligned
1244	*/
1245	void spu2_request_pad(u8 *pad_start, u32 gcm_padding, u32 hash_pad_len,
1246	enum hash_alg auth_alg, enum hash_mode auth_mode,
1247	unsigned int total_sent, u32 status_padding)
1248	{
1249	u8 *ptr = pad_start;
1250
1251	/ fix data alignent for GCM /
1252	if (gcm_padding > `0`) {
1253	flow_log(format: " GCM: padding to 16 byte alignment: %u bytes\n",
1254	gcm_padding);
1255	memset(ptr, `0`, gcm_padding);
1256	ptr += gcm_padding;
1257	}
1258
1259	if (hash_pad_len > `0`) {
1260	/ clear the padding section /
1261	memset(ptr, `0`, hash_pad_len);
1262
1263	/ terminate the data /
1264	*ptr = `0x80`;
1265	ptr += (hash_pad_len - sizeof(u64));
1266
1267	/ add the size at the end as required per alg /
1268	if (auth_alg == HASH_ALG_MD5)
1269	(__le64 )ptr = cpu_to_le64(total_sent * `8ull`);
1270	else / SHA1, SHA2-224, SHA2-256 /
1271	(__be64 )ptr = cpu_to_be64(total_sent * `8ull`);
1272	ptr += sizeof(u64);
1273	}
1274
1275	/ pad to a 4byte alignment for STAT /
1276	if (status_padding > `0`) {
1277	flow_log(format: " STAT: padding to 4 byte alignment: %u bytes\n",
1278	status_padding);
1279
1280	memset(ptr, `0`, status_padding);
1281	ptr += status_padding;
1282	}
1283	}
1284
1285	/**
1286	* spu2_xts_tweak_in_payload() - Indicate that SPU2 does NOT place the XTS
1287	* tweak field in the packet payload (it uses IV instead)
1288	*
1289	* Return: 0
1290	*/
1291	u8 spu2_xts_tweak_in_payload(void)
1292	{
1293	return `0`;
1294	}
1295
1296	/**
1297	* spu2_tx_status_len() - Return the length of the STATUS field in a SPU
1298	* response message.
1299	*
1300	* Return: Length of STATUS field in bytes.
1301	*/
1302	u8 spu2_tx_status_len(void)
1303	{
1304	return SPU2_TX_STATUS_LEN;
1305	}
1306
1307	/**
1308	* spu2_rx_status_len() - Return the length of the STATUS field in a SPU
1309	* response message.
1310	*
1311	* Return: Length of STATUS field in bytes.
1312	*/
1313	u8 spu2_rx_status_len(void)
1314	{
1315	return SPU2_RX_STATUS_LEN;
1316	}
1317
1318	/**
1319	* spu2_status_process() - Process the status from a SPU response message.
1320	* @statp: start of STATUS word
1321	*
1322	* Return: 0 - if status is good and response should be processed
1323	* !0 - status indicates an error and response is invalid
1324	*/
1325	int spu2_status_process(u8 *statp)
1326	{
1327	/ SPU2 status is 2 bytes by default - SPU_RX_STATUS_LEN /
1328	u16 status = le16_to_cpu((__le16 )statp);
1329
1330	if (status == `0`)
1331	return `0`;
1332
1333	flow_log(format: "rx status is %#x\n", status);
1334	if (status == SPU2_INVALID_ICV)
1335	return SPU_INVALID_ICV;
1336
1337	return -EBADMSG;
1338	}
1339
1340	/**
1341	* spu2_ccm_update_iv() - Update the IV as per the requirements for CCM mode.
1342	*
1343	* @digestsize: Digest size of this request
1344	* @cipher_parms: (pointer to) cipher parmaeters, includes IV buf & IV len
1345	* @assoclen: Length of AAD data
1346	* @chunksize: length of input data to be sent in this req
1347	* @is_encrypt: true if this is an output/encrypt operation
1348	* @is_esp: true if this is an ESP / RFC4309 operation
1349	*
1350	*/
1351	void spu2_ccm_update_iv(unsigned int digestsize,
1352	struct spu_cipher_parms *cipher_parms,
1353	unsigned int assoclen, unsigned int chunksize,
1354	bool is_encrypt, bool is_esp)
1355	{
1356	int L; / size of length field, in bytes /
1357
1358	/*
1359	* In RFC4309 mode, L is fixed at 4 bytes; otherwise, IV from
1360	* testmgr contains (L-1) in bottom 3 bits of first byte,
1361	* per RFC 3610.
1362	*/
1363	if (is_esp)
1364	L = CCM_ESP_L_VALUE;
1365	else
1366	L = ((cipher_parms->iv_buf[`0`] & CCM_B0_L_PRIME) >>
1367	CCM_B0_L_PRIME_SHIFT) + `1`;
1368
1369	/ SPU2 doesn't want these length bytes nor the first byte... /
1370	cipher_parms->iv_len -= (`1` + L);
1371	memmove(cipher_parms->iv_buf, &cipher_parms->iv_buf[`1`],
1372	cipher_parms->iv_len);
1373	}
1374
1375	/**
1376	* spu2_wordalign_padlen() - SPU2 does not require padding.
1377	* @data_size: length of data field in bytes
1378	*
1379	* Return: length of status field padding, in bytes (always 0 on SPU2)
1380	*/
1381	u32 spu2_wordalign_padlen(u32 data_size)
1382	{
1383	return `0`;
1384	}
1385

source code of linux/drivers/crypto/bcm/spu2.c