/* SPDX-License-Identifier: BSD-3-Clause * Copyright(c) 2018 Advanced Micro Devices, Inc. All rights reserved. */ #ifndef _CCP_CRYPTO_H_ #define _CCP_CRYPTO_H_ #include #include #include #include #include #include #include #include #include #include #include #include "ccp_dev.h" #define AES_BLOCK_SIZE 16 #define CMAC_PAD_VALUE 0x80 #define CTR_NONCE_SIZE 4 #define CTR_IV_SIZE 8 #define CCP_SHA3_CTX_SIZE 200 /**Macro helpers for CCP command creation*/ #define CCP_AES_SIZE(p) ((p)->aes.size) #define CCP_AES_ENCRYPT(p) ((p)->aes.encrypt) #define CCP_AES_MODE(p) ((p)->aes.mode) #define CCP_AES_TYPE(p) ((p)->aes.type) #define CCP_DES_ENCRYPT(p) ((p)->des.encrypt) #define CCP_DES_MODE(p) ((p)->des.mode) #define CCP_DES_TYPE(p) ((p)->des.type) #define CCP_SHA_TYPE(p) ((p)->sha.type) #define CCP_PT_BYTESWAP(p) ((p)->pt.byteswap) #define CCP_PT_BITWISE(p) ((p)->pt.bitwise) /* HMAC */ #define HMAC_IPAD_VALUE 0x36 #define HMAC_OPAD_VALUE 0x5c /* MD5 */ #define MD5_DIGEST_SIZE 16 #define MD5_BLOCK_SIZE 64 /* SHA */ #define SHA_COMMON_DIGEST_SIZE 32 #define SHA1_DIGEST_SIZE 20 #define SHA1_BLOCK_SIZE 64 #define SHA224_DIGEST_SIZE 28 #define SHA224_BLOCK_SIZE 64 #define SHA3_224_BLOCK_SIZE 144 #define SHA256_DIGEST_SIZE 32 #define SHA256_BLOCK_SIZE 64 #define SHA3_256_BLOCK_SIZE 136 #define SHA384_DIGEST_SIZE 48 #define SHA384_BLOCK_SIZE 128 #define SHA3_384_BLOCK_SIZE 104 #define SHA512_DIGEST_SIZE 64 #define SHA512_BLOCK_SIZE 128 #define SHA3_512_BLOCK_SIZE 72 /* Maximum length for digest */ #define DIGEST_LENGTH_MAX 64 /* SHA LSB initialization values */ #define SHA1_H0 0x67452301UL #define SHA1_H1 0xefcdab89UL #define SHA1_H2 0x98badcfeUL #define SHA1_H3 0x10325476UL #define SHA1_H4 0xc3d2e1f0UL #define SHA224_H0 0xc1059ed8UL #define SHA224_H1 0x367cd507UL #define SHA224_H2 0x3070dd17UL #define SHA224_H3 0xf70e5939UL #define SHA224_H4 0xffc00b31UL #define SHA224_H5 0x68581511UL #define SHA224_H6 0x64f98fa7UL #define SHA224_H7 0xbefa4fa4UL #define SHA256_H0 0x6a09e667UL #define SHA256_H1 0xbb67ae85UL #define SHA256_H2 0x3c6ef372UL #define SHA256_H3 0xa54ff53aUL #define SHA256_H4 0x510e527fUL #define SHA256_H5 0x9b05688cUL #define SHA256_H6 0x1f83d9abUL #define SHA256_H7 0x5be0cd19UL #define SHA384_H0 0xcbbb9d5dc1059ed8ULL #define SHA384_H1 0x629a292a367cd507ULL #define SHA384_H2 0x9159015a3070dd17ULL #define SHA384_H3 0x152fecd8f70e5939ULL #define SHA384_H4 0x67332667ffc00b31ULL #define SHA384_H5 0x8eb44a8768581511ULL #define SHA384_H6 0xdb0c2e0d64f98fa7ULL #define SHA384_H7 0x47b5481dbefa4fa4ULL #define SHA512_H0 0x6a09e667f3bcc908ULL #define SHA512_H1 0xbb67ae8584caa73bULL #define SHA512_H2 0x3c6ef372fe94f82bULL #define SHA512_H3 0xa54ff53a5f1d36f1ULL #define SHA512_H4 0x510e527fade682d1ULL #define SHA512_H5 0x9b05688c2b3e6c1fULL #define SHA512_H6 0x1f83d9abfb41bd6bULL #define SHA512_H7 0x5be0cd19137e2179ULL /** * CCP supported AES modes */ enum ccp_aes_mode { CCP_AES_MODE_ECB = 0, CCP_AES_MODE_CBC, CCP_AES_MODE_OFB, CCP_AES_MODE_CFB, CCP_AES_MODE_CTR, CCP_AES_MODE_CMAC, CCP_AES_MODE_GHASH, CCP_AES_MODE_GCTR, CCP_AES_MODE__LAST, }; /** * CCP AES GHASH mode */ enum ccp_aes_ghash_mode { CCP_AES_MODE_GHASH_AAD = 0, CCP_AES_MODE_GHASH_FINAL }; /** * CCP supported AES types */ enum ccp_aes_type { CCP_AES_TYPE_128 = 0, CCP_AES_TYPE_192, CCP_AES_TYPE_256, CCP_AES_TYPE__LAST, }; /***** 3DES engine *****/ /** * CCP supported DES/3DES modes */ enum ccp_des_mode { CCP_DES_MODE_ECB = 0, /* Not supported */ CCP_DES_MODE_CBC, CCP_DES_MODE_CFB, }; /** * CCP supported DES types */ enum ccp_des_type { CCP_DES_TYPE_128 = 0, /* 112 + 16 parity */ CCP_DES_TYPE_192, /* 168 + 24 parity */ CCP_DES_TYPE__LAST, }; /***** SHA engine *****/ /** * ccp_sha_type - type of SHA operation * * @CCP_SHA_TYPE_1: SHA-1 operation * @CCP_SHA_TYPE_224: SHA-224 operation * @CCP_SHA_TYPE_256: SHA-256 operation */ enum ccp_sha_type { CCP_SHA_TYPE_1 = 1, CCP_SHA_TYPE_224, CCP_SHA_TYPE_256, CCP_SHA_TYPE_384, CCP_SHA_TYPE_512, CCP_SHA_TYPE_RSVD1, CCP_SHA_TYPE_RSVD2, CCP_SHA3_TYPE_224, CCP_SHA3_TYPE_256, CCP_SHA3_TYPE_384, CCP_SHA3_TYPE_512, CCP_SHA_TYPE__LAST, }; /** * CCP supported cipher algorithms */ enum ccp_cipher_algo { CCP_CIPHER_ALGO_AES_CBC = 0, CCP_CIPHER_ALGO_AES_ECB, CCP_CIPHER_ALGO_AES_CTR, CCP_CIPHER_ALGO_AES_GCM, CCP_CIPHER_ALGO_3DES_CBC, }; /** * CCP cipher operation type */ enum ccp_cipher_dir { CCP_CIPHER_DIR_DECRYPT = 0, CCP_CIPHER_DIR_ENCRYPT = 1, }; /** * CCP supported hash algorithms */ enum ccp_hash_algo { CCP_AUTH_ALGO_SHA1 = 0, CCP_AUTH_ALGO_SHA1_HMAC, CCP_AUTH_ALGO_SHA224, CCP_AUTH_ALGO_SHA224_HMAC, CCP_AUTH_ALGO_SHA3_224, CCP_AUTH_ALGO_SHA3_224_HMAC, CCP_AUTH_ALGO_SHA256, CCP_AUTH_ALGO_SHA256_HMAC, CCP_AUTH_ALGO_SHA3_256, CCP_AUTH_ALGO_SHA3_256_HMAC, CCP_AUTH_ALGO_SHA384, CCP_AUTH_ALGO_SHA384_HMAC, CCP_AUTH_ALGO_SHA3_384, CCP_AUTH_ALGO_SHA3_384_HMAC, CCP_AUTH_ALGO_SHA512, CCP_AUTH_ALGO_SHA512_HMAC, CCP_AUTH_ALGO_SHA3_512, CCP_AUTH_ALGO_SHA3_512_HMAC, CCP_AUTH_ALGO_AES_CMAC, CCP_AUTH_ALGO_AES_GCM, CCP_AUTH_ALGO_MD5_HMAC, }; /** * CCP hash operation type */ enum ccp_hash_op { CCP_AUTH_OP_GENERATE = 0, CCP_AUTH_OP_VERIFY = 1, }; /* CCP crypto private session structure */ struct ccp_session { bool auth_opt; enum ccp_cmd_order cmd_id; /**< chain order mode */ struct { uint16_t length; uint16_t offset; } iv; /**< IV parameters */ struct { enum ccp_cipher_algo algo; enum ccp_engine engine; union { enum ccp_aes_mode aes_mode; enum ccp_des_mode des_mode; } um; union { enum ccp_aes_type aes_type; enum ccp_des_type des_type; } ut; enum ccp_cipher_dir dir; uint64_t key_length; /**< max cipher key size 256 bits */ uint8_t key[32]; /**ccp key format*/ uint8_t key_ccp[32]; phys_addr_t key_phys; /**AES-ctr nonce(4) iv(8) ctr*/ uint8_t nonce[32]; phys_addr_t nonce_phys; } cipher; /**< Cipher Parameters */ struct { enum ccp_hash_algo algo; enum ccp_engine engine; union { enum ccp_aes_mode aes_mode; } um; union { enum ccp_sha_type sha_type; enum ccp_aes_type aes_type; } ut; enum ccp_hash_op op; uint64_t key_length; /**< max hash key size 144 bytes (struct capabilties) */ uint8_t key[144]; /**< max be key size of AES is 32*/ uint8_t key_ccp[32]; phys_addr_t key_phys; uint64_t digest_length; void *ctx; int ctx_len; int offset; int block_size; /**< Buffer to store Software generated precomute values*/ /**< For HMAC H(ipad ^ key) and H(opad ^ key) */ /**< For CMAC K1 IV and K2 IV*/ uint8_t pre_compute[2 * CCP_SHA3_CTX_SIZE]; /**< SHA3 initial ctx all zeros*/ uint8_t sha3_ctx[200]; int aad_length; } auth; /**< Authentication Parameters */ enum rte_crypto_aead_algorithm aead_algo; /**< AEAD Algorithm */ uint32_t reserved; } __rte_cache_aligned; extern uint8_t ccp_cryptodev_driver_id; struct ccp_qp; struct ccp_private; /** * Set and validate CCP crypto session parameters * * @param sess ccp private session * @param xform crypto xform for this session * @return 0 on success otherwise -1 */ int ccp_set_session_parameters(struct ccp_session *sess, const struct rte_crypto_sym_xform *xform, struct ccp_private *internals); /** * Find count of slots * * @param session CCP private session * @return count of free slots available */ int ccp_compute_slot_count(struct ccp_session *session); /** * process crypto ops to be enqueued * * @param qp CCP crypto queue-pair * @param op crypto ops table * @param cmd_q CCP cmd queue * @param nb_ops No. of ops to be submitted * @return 0 on success otherwise -1 */ int process_ops_to_enqueue(struct ccp_qp *qp, struct rte_crypto_op **op, struct ccp_queue *cmd_q, uint16_t nb_ops, uint16_t total_nb_ops, int slots_req, uint16_t b_idx); /** * process crypto ops to be dequeued * * @param qp CCP crypto queue-pair * @param op crypto ops table * @param nb_ops requested no. of ops * @return 0 on success otherwise -1 */ int process_ops_to_dequeue(struct ccp_qp *qp, struct rte_crypto_op **op, uint16_t nb_ops, uint16_t *total_nb_ops); /** * Apis for SHA3 partial hash generation * @param data_in buffer pointer on which phash is applied * @param data_out phash result in ccp be format is written */ int partial_hash_sha3_224(uint8_t *data_in, uint8_t *data_out); int partial_hash_sha3_256(uint8_t *data_in, uint8_t *data_out); int partial_hash_sha3_384(uint8_t *data_in, uint8_t *data_out); int partial_hash_sha3_512(uint8_t *data_in, uint8_t *data_out); #endif /* _CCP_CRYPTO_H_ */