1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
3 */
4
5 #include "roc_api.h"
6
7 static uint8_t zuc_key128[32] = {
8 0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E, 0x57, 0x89, 0x35,
9 0xE2, 0x71, 0x35, 0x09, 0xAF, 0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4,
10 0x1A, 0xF1, 0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC};
11
12 static uint8_t zuc_key256[16] = {0x22, 0x2f, 0x24, 0x2a, 0x6d, 0x40,
13 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
14 0x40, 0x52, 0x10, 0x30};
15
16 static uint8_t zuc_key256_mac4[16] = {0x22, 0x2f, 0x25, 0x2a, 0x6d, 0x40,
17 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
18 0x40, 0x52, 0x10, 0x30};
19
20 static uint8_t zuc_key256_mac8[16] = {0x23, 0x2f, 0x24, 0x2a, 0x6d, 0x40,
21 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
22 0x40, 0x52, 0x10, 0x30};
23
24 static uint8_t zuc_key256_mac16[16] = {0x23, 0x2f, 0x25, 0x2a, 0x6d, 0x40,
25 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
26 0x40, 0x52, 0x10, 0x30};
27
28 static inline void
cpt_snow3g_key_gen(const uint8_t * ck,uint32_t * keyx)29 cpt_snow3g_key_gen(const uint8_t *ck, uint32_t *keyx)
30 {
31 int i, base;
32
33 for (i = 0; i < 4; i++) {
34 base = 4 * i;
35 keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) |
36 (ck[base + 2] << 8) | (ck[base + 3]);
37 keyx[3 - i] = plt_cpu_to_be_32(keyx[3 - i]);
38 }
39 }
40
41 static inline int
cpt_ciph_aes_key_validate(uint16_t key_len)42 cpt_ciph_aes_key_validate(uint16_t key_len)
43 {
44 switch (key_len) {
45 case 16:
46 case 24:
47 case 32:
48 return 0;
49 default:
50 return -1;
51 }
52 }
53
54 static inline int
cpt_ciph_type_set(roc_se_cipher_type type,struct roc_se_ctx * ctx,uint16_t key_len)55 cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx,
56 uint16_t key_len)
57 {
58 int fc_type = 0;
59
60 switch (type) {
61 case ROC_SE_PASSTHROUGH:
62 fc_type = ROC_SE_FC_GEN;
63 break;
64 case ROC_SE_DES3_CBC:
65 case ROC_SE_DES3_ECB:
66 fc_type = ROC_SE_FC_GEN;
67 break;
68 case ROC_SE_AES_CBC:
69 case ROC_SE_AES_ECB:
70 case ROC_SE_AES_CFB:
71 case ROC_SE_AES_CTR:
72 case ROC_SE_AES_GCM:
73 if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
74 return -1;
75 fc_type = ROC_SE_FC_GEN;
76 break;
77 case ROC_SE_CHACHA20:
78 fc_type = ROC_SE_FC_GEN;
79 break;
80 case ROC_SE_AES_XTS:
81 key_len = key_len / 2;
82 if (unlikely(key_len == 24)) {
83 plt_err("Invalid AES key len for XTS");
84 return -1;
85 }
86 if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
87 return -1;
88 fc_type = ROC_SE_FC_GEN;
89 break;
90 case ROC_SE_ZUC_EEA3:
91 /* No support for chained operations */
92 if (unlikely(ctx->hash_type))
93 return -1;
94 fc_type = ROC_SE_PDCP;
95 break;
96 case ROC_SE_SNOW3G_UEA2:
97 if (unlikely(key_len != 16))
98 return -1;
99 /* No support for AEAD yet */
100 if (unlikely(ctx->hash_type))
101 return -1;
102 fc_type = ROC_SE_PDCP;
103 break;
104 case ROC_SE_AES_CTR_EEA2:
105 fc_type = ROC_SE_PDCP;
106 break;
107 case ROC_SE_KASUMI_F8_CBC:
108 case ROC_SE_KASUMI_F8_ECB:
109 if (unlikely(key_len != 16))
110 return -1;
111 /* No support for AEAD yet */
112 if (unlikely(ctx->hash_type))
113 return -1;
114 fc_type = ROC_SE_KASUMI;
115 break;
116 default:
117 return -1;
118 }
119
120 ctx->fc_type = fc_type;
121 return 0;
122 }
123
124 static inline void
cpt_ciph_aes_key_type_set(struct roc_se_context * fctx,uint16_t key_len)125 cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len)
126 {
127 roc_se_aes_type aes_key_type = 0;
128
129 switch (key_len) {
130 case 16:
131 aes_key_type = ROC_SE_AES_128_BIT;
132 break;
133 case 24:
134 aes_key_type = ROC_SE_AES_192_BIT;
135 break;
136 case 32:
137 aes_key_type = ROC_SE_AES_256_BIT;
138 break;
139 default:
140 /* This should not happen */
141 plt_err("Invalid AES key len");
142 return;
143 }
144 fctx->enc.aes_key = aes_key_type;
145 }
146
147 static int
cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx * zs_ctx,uint16_t key_len)148 cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t key_len)
149 {
150 roc_se_aes_type key_type = 0;
151
152 if (roc_model_is_cn9k()) {
153 if (key_len != 16) {
154 plt_err("Only key len 16 is supported on cn9k");
155 return -ENOTSUP;
156 }
157 }
158
159 switch (key_len) {
160 case 16:
161 key_type = ROC_SE_AES_128_BIT;
162 break;
163 case 32:
164 key_type = ROC_SE_AES_256_BIT;
165 break;
166 default:
167 plt_err("Invalid AES key len");
168 return -ENOTSUP;
169 }
170 zs_ctx->zuc.otk_ctx.w0.s.key_len = key_type;
171 return 0;
172 }
173
174 static int
cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx * zs_ctx,uint16_t mac_len)175 cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t mac_len)
176 {
177 roc_se_pdcp_mac_len_type mac_type = 0;
178
179 if (roc_model_is_cn9k()) {
180 if (mac_len != 4) {
181 plt_err("Only mac len 4 is supported on cn9k");
182 return -ENOTSUP;
183 }
184 }
185
186 switch (mac_len) {
187 case 4:
188 mac_type = ROC_SE_PDCP_MAC_LEN_32_BIT;
189 break;
190 case 8:
191 mac_type = ROC_SE_PDCP_MAC_LEN_64_BIT;
192 break;
193 case 16:
194 mac_type = ROC_SE_PDCP_MAC_LEN_128_BIT;
195 break;
196 default:
197 plt_err("Invalid ZUC MAC len");
198 return -ENOTSUP;
199 }
200 zs_ctx->zuc.otk_ctx.w0.s.mac_len = mac_type;
201 return 0;
202 }
203
204 static void
cpt_pdcp_update_zuc_const(uint8_t * zuc_const,int key_len,int mac_len)205 cpt_pdcp_update_zuc_const(uint8_t *zuc_const, int key_len, int mac_len)
206 {
207 if (key_len == 16) {
208 memcpy(zuc_const, zuc_key128, 32);
209 } else if (key_len == 32) {
210 switch (mac_len) {
211 case 4:
212 memcpy(zuc_const, zuc_key256_mac4, 16);
213 break;
214 case 8:
215 memcpy(zuc_const, zuc_key256_mac8, 16);
216 break;
217 case 16:
218 memcpy(zuc_const, zuc_key256_mac16, 16);
219 break;
220 default:
221 plt_err("Unsupported mac len");
222 }
223 }
224 }
225
226 int
roc_se_auth_key_set(struct roc_se_ctx * se_ctx,roc_se_auth_type type,const uint8_t * key,uint16_t key_len,uint16_t mac_len)227 roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
228 const uint8_t *key, uint16_t key_len, uint16_t mac_len)
229 {
230 struct roc_se_zuc_snow3g_ctx *zs_ctx;
231 struct roc_se_kasumi_ctx *k_ctx;
232 struct roc_se_context *fctx;
233 int ret;
234
235 if (se_ctx == NULL)
236 return -1;
237
238 zs_ctx = &se_ctx->se_ctx.zs_ctx;
239 k_ctx = &se_ctx->se_ctx.k_ctx;
240 fctx = &se_ctx->se_ctx.fctx;
241
242 if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) {
243 uint8_t *zuc_const;
244 uint32_t keyx[4];
245 uint8_t *ci_key;
246
247 if (!key_len)
248 return -1;
249
250 /* No support for chained operations yet */
251 if (se_ctx->enc_cipher)
252 return -1;
253
254 if (roc_model_is_cn9k()) {
255 ci_key = zs_ctx->zuc.onk_ctx.ci_key;
256 zuc_const = zs_ctx->zuc.onk_ctx.zuc_const;
257 } else {
258 ci_key = zs_ctx->zuc.otk_ctx.ci_key;
259 zuc_const = zs_ctx->zuc.otk_ctx.zuc_const;
260 }
261
262 /* For ZUC/SNOW3G/Kasumi */
263 switch (type) {
264 case ROC_SE_SNOW3G_UIA2:
265 zs_ctx->zuc.otk_ctx.w0.s.alg_type =
266 ROC_SE_PDCP_ALG_TYPE_SNOW3G;
267 zs_ctx->zuc.otk_ctx.w0.s.mac_len =
268 ROC_SE_PDCP_MAC_LEN_32_BIT;
269 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
270 cpt_snow3g_key_gen(key, keyx);
271 memcpy(ci_key, keyx, key_len);
272 se_ctx->fc_type = ROC_SE_PDCP;
273 se_ctx->zsk_flags = 0x1;
274 break;
275 case ROC_SE_ZUC_EIA3:
276 zs_ctx->zuc.otk_ctx.w0.s.alg_type =
277 ROC_SE_PDCP_ALG_TYPE_ZUC;
278 ret = cpt_pdcp_key_type_set(zs_ctx, key_len);
279 if (ret)
280 return ret;
281 ret = cpt_pdcp_mac_len_set(zs_ctx, mac_len);
282 if (ret)
283 return ret;
284 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
285 memcpy(ci_key, key, key_len);
286 cpt_pdcp_update_zuc_const(zuc_const, key_len, mac_len);
287 se_ctx->fc_type = ROC_SE_PDCP;
288 se_ctx->zsk_flags = 0x1;
289 break;
290 case ROC_SE_AES_CMAC_EIA2:
291 zs_ctx->zuc.otk_ctx.w0.s.alg_type =
292 ROC_SE_PDCP_ALG_TYPE_AES_CTR;
293 zs_ctx->zuc.otk_ctx.w0.s.mac_len =
294 ROC_SE_PDCP_MAC_LEN_32_BIT;
295 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
296 memcpy(ci_key, key, key_len);
297 se_ctx->fc_type = ROC_SE_PDCP;
298 se_ctx->zsk_flags = 0x1;
299 break;
300 case ROC_SE_KASUMI_F9_ECB:
301 /* Kasumi ECB mode */
302 se_ctx->k_ecb = 1;
303 memcpy(k_ctx->ci_key, key, key_len);
304 se_ctx->fc_type = ROC_SE_KASUMI;
305 se_ctx->zsk_flags = 0x1;
306 break;
307 case ROC_SE_KASUMI_F9_CBC:
308 memcpy(k_ctx->ci_key, key, key_len);
309 se_ctx->fc_type = ROC_SE_KASUMI;
310 se_ctx->zsk_flags = 0x1;
311 break;
312 default:
313 return -1;
314 }
315 se_ctx->mac_len = mac_len;
316 se_ctx->hash_type = type;
317 if (roc_model_is_cn9k())
318 se_ctx->template_w4.s.opcode_minor =
319 ((1 << 7) | (se_ctx->pdcp_alg_type << 5) | 1);
320 else
321 se_ctx->template_w4.s.opcode_minor = ((1 << 4) | 1);
322 return 0;
323 }
324
325 if (!se_ctx->fc_type ||
326 (type && type != ROC_SE_GMAC_TYPE && !se_ctx->enc_cipher))
327 se_ctx->fc_type = ROC_SE_HASH_HMAC;
328
329 if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64)
330 return -1;
331
332 /* For GMAC auth, cipher must be NULL */
333 if (type == ROC_SE_GMAC_TYPE)
334 fctx->enc.enc_cipher = 0;
335
336 fctx->enc.hash_type = type;
337 se_ctx->hash_type = type;
338 fctx->enc.mac_len = mac_len;
339 se_ctx->mac_len = mac_len;
340
341 if (key_len) {
342 se_ctx->hmac = 1;
343
344 se_ctx->auth_key = plt_zmalloc(key_len, 8);
345 if (se_ctx->auth_key == NULL)
346 return -1;
347
348 memcpy(se_ctx->auth_key, key, key_len);
349 se_ctx->auth_key_len = key_len;
350 memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
351 memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad));
352
353 if (key_len <= 64)
354 memcpy(fctx->hmac.opad, key, key_len);
355 fctx->enc.auth_input_type = 1;
356 }
357 return 0;
358 }
359
360 int
roc_se_ciph_key_set(struct roc_se_ctx * se_ctx,roc_se_cipher_type type,const uint8_t * key,uint16_t key_len,uint8_t * salt)361 roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
362 const uint8_t *key, uint16_t key_len, uint8_t *salt)
363 {
364 struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx;
365 struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
366 uint8_t *zuc_const;
367 uint32_t keyx[4];
368 uint8_t *ci_key;
369 int ret;
370
371 if (roc_model_is_cn9k()) {
372 ci_key = zs_ctx->zuc.onk_ctx.ci_key;
373 zuc_const = zs_ctx->zuc.onk_ctx.zuc_const;
374 } else {
375 ci_key = zs_ctx->zuc.otk_ctx.ci_key;
376 zuc_const = zs_ctx->zuc.otk_ctx.zuc_const;
377 }
378
379 /* For AES-GCM, salt is taken from ctx even if IV source
380 * is from DPTR
381 */
382 if ((salt != NULL) && (type == ROC_SE_AES_GCM)) {
383 memcpy(fctx->enc.encr_iv, salt, 4);
384 /* Assuming it was just salt update
385 * and nothing else
386 */
387 if (key == NULL)
388 return 0;
389 }
390
391 ret = cpt_ciph_type_set(type, se_ctx, key_len);
392 if (unlikely(ret))
393 return -1;
394
395 if (se_ctx->fc_type == ROC_SE_FC_GEN) {
396 /*
397 * We need to always say IV is from DPTR as user can
398 * sometimes override IV per operation.
399 */
400 fctx->enc.iv_source = ROC_SE_FROM_DPTR;
401
402 if (se_ctx->auth_key_len > 64)
403 return -1;
404 }
405
406 switch (type) {
407 case ROC_SE_PASSTHROUGH:
408 se_ctx->enc_cipher = 0;
409 fctx->enc.enc_cipher = 0;
410 goto success;
411 case ROC_SE_DES3_CBC:
412 /* CPT performs DES using 3DES with the 8B DES-key
413 * replicated 2 more times to match the 24B 3DES-key.
414 * Eg. If org. key is "0x0a 0x0b", then new key is
415 * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b"
416 */
417 if (key_len == 8) {
418 /* Skipping the first 8B as it will be copied
419 * in the regular code flow
420 */
421 memcpy(fctx->enc.encr_key + key_len, key, key_len);
422 memcpy(fctx->enc.encr_key + 2 * key_len, key, key_len);
423 }
424 break;
425 case ROC_SE_DES3_ECB:
426 /* For DES3_ECB IV need to be from CTX. */
427 fctx->enc.iv_source = ROC_SE_FROM_CTX;
428 break;
429 case ROC_SE_AES_CBC:
430 case ROC_SE_AES_ECB:
431 case ROC_SE_AES_CFB:
432 case ROC_SE_AES_CTR:
433 case ROC_SE_CHACHA20:
434 cpt_ciph_aes_key_type_set(fctx, key_len);
435 break;
436 case ROC_SE_AES_GCM:
437 cpt_ciph_aes_key_type_set(fctx, key_len);
438 break;
439 case ROC_SE_AES_XTS:
440 key_len = key_len / 2;
441 cpt_ciph_aes_key_type_set(fctx, key_len);
442
443 /* Copy key2 for XTS into ipad */
444 memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
445 memcpy(fctx->hmac.ipad, &key[key_len], key_len);
446 break;
447 case ROC_SE_SNOW3G_UEA2:
448 zs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;
449 zs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
450 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
451 cpt_snow3g_key_gen(key, keyx);
452 memcpy(ci_key, keyx, key_len);
453 se_ctx->zsk_flags = 0;
454 goto success;
455 case ROC_SE_ZUC_EEA3:
456 ret = cpt_pdcp_key_type_set(zs_ctx, key_len);
457 if (ret)
458 return ret;
459 zs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
460 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
461 memcpy(ci_key, key, key_len);
462 if (key_len == 32)
463 memcpy(zuc_const, zuc_key256, 16);
464 else
465 memcpy(zuc_const, zuc_key128, 32);
466
467 se_ctx->zsk_flags = 0;
468 goto success;
469 case ROC_SE_AES_CTR_EEA2:
470 zs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;
471 zs_ctx->zuc.otk_ctx.w0.s.alg_type =
472 ROC_SE_PDCP_ALG_TYPE_AES_CTR;
473 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
474 memcpy(ci_key, key, key_len);
475 se_ctx->zsk_flags = 0;
476 goto success;
477 case ROC_SE_KASUMI_F8_ECB:
478 se_ctx->k_ecb = 1;
479 memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len);
480 se_ctx->zsk_flags = 0;
481 goto success;
482 case ROC_SE_KASUMI_F8_CBC:
483 memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len);
484 se_ctx->zsk_flags = 0;
485 goto success;
486 default:
487 return -1;
488 }
489
490 /* Only for ROC_SE_FC_GEN case */
491
492 /* For GMAC auth, cipher must be NULL */
493 if (se_ctx->hash_type != ROC_SE_GMAC_TYPE)
494 fctx->enc.enc_cipher = type;
495
496 memcpy(fctx->enc.encr_key, key, key_len);
497
498 success:
499 se_ctx->enc_cipher = type;
500 if (se_ctx->fc_type == ROC_SE_PDCP) {
501 if (roc_model_is_cn9k())
502 se_ctx->template_w4.s.opcode_minor =
503 ((1 << 7) | (se_ctx->pdcp_alg_type << 5) |
504 (se_ctx->zsk_flags & 0x7));
505 else
506 se_ctx->template_w4.s.opcode_minor = ((1 << 4));
507 }
508 return 0;
509 }
510
511 void
roc_se_ctx_swap(struct roc_se_ctx * se_ctx)512 roc_se_ctx_swap(struct roc_se_ctx *se_ctx)
513 {
514 struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx;
515
516 if (roc_model_is_cn9k())
517 return;
518
519 zs_ctx->zuc.otk_ctx.w0.u64 = htobe64(zs_ctx->zuc.otk_ctx.w0.u64);
520 }
521