1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #include "roc_api.h" 6 7 static uint8_t zuc_key128[32] = { 8 0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E, 0x57, 0x89, 0x35, 9 0xE2, 0x71, 0x35, 0x09, 0xAF, 0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4, 10 0x1A, 0xF1, 0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC}; 11 12 static uint8_t zuc_key256[16] = {0x22, 0x2f, 0x24, 0x2a, 0x6d, 0x40, 13 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 14 0x40, 0x52, 0x10, 0x30}; 15 16 static uint8_t zuc_key256_mac4[16] = {0x22, 0x2f, 0x25, 0x2a, 0x6d, 0x40, 17 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 18 0x40, 0x52, 0x10, 0x30}; 19 20 static uint8_t zuc_key256_mac8[16] = {0x23, 0x2f, 0x24, 0x2a, 0x6d, 0x40, 21 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 22 0x40, 0x52, 0x10, 0x30}; 23 24 static uint8_t zuc_key256_mac16[16] = {0x23, 0x2f, 0x25, 0x2a, 0x6d, 0x40, 25 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 26 0x40, 0x52, 0x10, 0x30}; 27 28 static inline void 29 cpt_snow3g_key_gen(const uint8_t *ck, uint32_t *keyx) 30 { 31 int i, base; 32 33 for (i = 0; i < 4; i++) { 34 base = 4 * i; 35 keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) | 36 (ck[base + 2] << 8) | (ck[base + 3]); 37 keyx[3 - i] = plt_cpu_to_be_32(keyx[3 - i]); 38 } 39 } 40 41 static inline int 42 cpt_ciph_aes_key_validate(uint16_t key_len) 43 { 44 switch (key_len) { 45 case 16: 46 case 24: 47 case 32: 48 return 0; 49 default: 50 return -1; 51 } 52 } 53 54 static inline int 55 cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, 56 uint16_t key_len) 57 { 58 int fc_type = 0; 59 60 switch (type) { 61 case ROC_SE_PASSTHROUGH: 62 fc_type = ROC_SE_FC_GEN; 63 break; 64 case ROC_SE_DES3_CBC: 65 case ROC_SE_DES3_ECB: 66 fc_type = ROC_SE_FC_GEN; 67 break; 68 case ROC_SE_AES_CBC: 69 case ROC_SE_AES_ECB: 70 case ROC_SE_AES_CFB: 71 case ROC_SE_AES_CTR: 72 case ROC_SE_AES_GCM: 73 if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0)) 74 return -1; 75 fc_type = ROC_SE_FC_GEN; 76 break; 77 case ROC_SE_CHACHA20: 78 fc_type = ROC_SE_FC_GEN; 79 break; 80 case ROC_SE_AES_XTS: 81 key_len = key_len / 2; 82 if (unlikely(key_len == 24)) { 83 plt_err("Invalid AES key len for XTS"); 84 return -1; 85 } 86 if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0)) 87 return -1; 88 fc_type = ROC_SE_FC_GEN; 89 break; 90 case ROC_SE_ZUC_EEA3: 91 /* No support for chained operations */ 92 if (unlikely(ctx->hash_type)) 93 return -1; 94 fc_type = ROC_SE_PDCP; 95 break; 96 case ROC_SE_SNOW3G_UEA2: 97 if (unlikely(key_len != 16)) 98 return -1; 99 /* No support for AEAD yet */ 100 if (unlikely(ctx->hash_type)) 101 return -1; 102 fc_type = ROC_SE_PDCP; 103 break; 104 case ROC_SE_AES_CTR_EEA2: 105 fc_type = ROC_SE_PDCP; 106 break; 107 case ROC_SE_KASUMI_F8_CBC: 108 case ROC_SE_KASUMI_F8_ECB: 109 if (unlikely(key_len != 16)) 110 return -1; 111 /* No support for AEAD yet */ 112 if (unlikely(ctx->hash_type)) 113 return -1; 114 fc_type = ROC_SE_KASUMI; 115 break; 116 default: 117 return -1; 118 } 119 120 ctx->fc_type = fc_type; 121 return 0; 122 } 123 124 static inline void 125 cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len) 126 { 127 roc_se_aes_type aes_key_type = 0; 128 129 switch (key_len) { 130 case 16: 131 aes_key_type = ROC_SE_AES_128_BIT; 132 break; 133 case 24: 134 aes_key_type = ROC_SE_AES_192_BIT; 135 break; 136 case 32: 137 aes_key_type = ROC_SE_AES_256_BIT; 138 break; 139 default: 140 /* This should not happen */ 141 plt_err("Invalid AES key len"); 142 return; 143 } 144 fctx->enc.aes_key = aes_key_type; 145 } 146 147 static int 148 cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t key_len) 149 { 150 roc_se_aes_type key_type = 0; 151 152 if (roc_model_is_cn9k()) { 153 if (key_len != 16) { 154 plt_err("Only key len 16 is supported on cn9k"); 155 return -ENOTSUP; 156 } 157 } 158 159 switch (key_len) { 160 case 16: 161 key_type = ROC_SE_AES_128_BIT; 162 break; 163 case 32: 164 key_type = ROC_SE_AES_256_BIT; 165 break; 166 default: 167 plt_err("Invalid AES key len"); 168 return -ENOTSUP; 169 } 170 zs_ctx->zuc.otk_ctx.w0.s.key_len = key_type; 171 return 0; 172 } 173 174 static int 175 cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t mac_len) 176 { 177 roc_se_pdcp_mac_len_type mac_type = 0; 178 179 if (roc_model_is_cn9k()) { 180 if (mac_len != 4) { 181 plt_err("Only mac len 4 is supported on cn9k"); 182 return -ENOTSUP; 183 } 184 } 185 186 switch (mac_len) { 187 case 4: 188 mac_type = ROC_SE_PDCP_MAC_LEN_32_BIT; 189 break; 190 case 8: 191 mac_type = ROC_SE_PDCP_MAC_LEN_64_BIT; 192 break; 193 case 16: 194 mac_type = ROC_SE_PDCP_MAC_LEN_128_BIT; 195 break; 196 default: 197 plt_err("Invalid ZUC MAC len"); 198 return -ENOTSUP; 199 } 200 zs_ctx->zuc.otk_ctx.w0.s.mac_len = mac_type; 201 return 0; 202 } 203 204 static void 205 cpt_pdcp_update_zuc_const(uint8_t *zuc_const, int key_len, int mac_len) 206 { 207 if (key_len == 16) { 208 memcpy(zuc_const, zuc_key128, 32); 209 } else if (key_len == 32) { 210 switch (mac_len) { 211 case 4: 212 memcpy(zuc_const, zuc_key256_mac4, 16); 213 break; 214 case 8: 215 memcpy(zuc_const, zuc_key256_mac8, 16); 216 break; 217 case 16: 218 memcpy(zuc_const, zuc_key256_mac16, 16); 219 break; 220 default: 221 plt_err("Unsupported mac len"); 222 } 223 } 224 } 225 226 int 227 roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, 228 const uint8_t *key, uint16_t key_len, uint16_t mac_len) 229 { 230 struct roc_se_zuc_snow3g_ctx *zs_ctx; 231 struct roc_se_kasumi_ctx *k_ctx; 232 struct roc_se_context *fctx; 233 int ret; 234 235 if (se_ctx == NULL) 236 return -1; 237 238 zs_ctx = &se_ctx->se_ctx.zs_ctx; 239 k_ctx = &se_ctx->se_ctx.k_ctx; 240 fctx = &se_ctx->se_ctx.fctx; 241 242 if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) { 243 uint8_t *zuc_const; 244 uint32_t keyx[4]; 245 uint8_t *ci_key; 246 247 if (!key_len) 248 return -1; 249 250 /* No support for chained operations yet */ 251 if (se_ctx->enc_cipher) 252 return -1; 253 254 if (roc_model_is_cn9k()) { 255 ci_key = zs_ctx->zuc.onk_ctx.ci_key; 256 zuc_const = zs_ctx->zuc.onk_ctx.zuc_const; 257 } else { 258 ci_key = zs_ctx->zuc.otk_ctx.ci_key; 259 zuc_const = zs_ctx->zuc.otk_ctx.zuc_const; 260 } 261 262 /* For ZUC/SNOW3G/Kasumi */ 263 switch (type) { 264 case ROC_SE_SNOW3G_UIA2: 265 zs_ctx->zuc.otk_ctx.w0.s.alg_type = 266 ROC_SE_PDCP_ALG_TYPE_SNOW3G; 267 zs_ctx->zuc.otk_ctx.w0.s.mac_len = 268 ROC_SE_PDCP_MAC_LEN_32_BIT; 269 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; 270 cpt_snow3g_key_gen(key, keyx); 271 memcpy(ci_key, keyx, key_len); 272 se_ctx->fc_type = ROC_SE_PDCP; 273 se_ctx->zsk_flags = 0x1; 274 break; 275 case ROC_SE_ZUC_EIA3: 276 zs_ctx->zuc.otk_ctx.w0.s.alg_type = 277 ROC_SE_PDCP_ALG_TYPE_ZUC; 278 ret = cpt_pdcp_key_type_set(zs_ctx, key_len); 279 if (ret) 280 return ret; 281 ret = cpt_pdcp_mac_len_set(zs_ctx, mac_len); 282 if (ret) 283 return ret; 284 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; 285 memcpy(ci_key, key, key_len); 286 cpt_pdcp_update_zuc_const(zuc_const, key_len, mac_len); 287 se_ctx->fc_type = ROC_SE_PDCP; 288 se_ctx->zsk_flags = 0x1; 289 break; 290 case ROC_SE_AES_CMAC_EIA2: 291 zs_ctx->zuc.otk_ctx.w0.s.alg_type = 292 ROC_SE_PDCP_ALG_TYPE_AES_CTR; 293 zs_ctx->zuc.otk_ctx.w0.s.mac_len = 294 ROC_SE_PDCP_MAC_LEN_32_BIT; 295 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR; 296 memcpy(ci_key, key, key_len); 297 se_ctx->fc_type = ROC_SE_PDCP; 298 se_ctx->zsk_flags = 0x1; 299 break; 300 case ROC_SE_KASUMI_F9_ECB: 301 /* Kasumi ECB mode */ 302 se_ctx->k_ecb = 1; 303 memcpy(k_ctx->ci_key, key, key_len); 304 se_ctx->fc_type = ROC_SE_KASUMI; 305 se_ctx->zsk_flags = 0x1; 306 break; 307 case ROC_SE_KASUMI_F9_CBC: 308 memcpy(k_ctx->ci_key, key, key_len); 309 se_ctx->fc_type = ROC_SE_KASUMI; 310 se_ctx->zsk_flags = 0x1; 311 break; 312 default: 313 return -1; 314 } 315 se_ctx->mac_len = mac_len; 316 se_ctx->hash_type = type; 317 if (roc_model_is_cn9k()) 318 se_ctx->template_w4.s.opcode_minor = 319 ((1 << 7) | (se_ctx->pdcp_alg_type << 5) | 1); 320 else 321 se_ctx->template_w4.s.opcode_minor = ((1 << 4) | 1); 322 return 0; 323 } 324 325 if (!se_ctx->fc_type || 326 (type && type != ROC_SE_GMAC_TYPE && !se_ctx->enc_cipher)) 327 se_ctx->fc_type = ROC_SE_HASH_HMAC; 328 329 if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64) 330 return -1; 331 332 /* For GMAC auth, cipher must be NULL */ 333 if (type == ROC_SE_GMAC_TYPE) 334 fctx->enc.enc_cipher = 0; 335 336 fctx->enc.hash_type = type; 337 se_ctx->hash_type = type; 338 fctx->enc.mac_len = mac_len; 339 se_ctx->mac_len = mac_len; 340 341 if (key_len) { 342 se_ctx->hmac = 1; 343 344 se_ctx->auth_key = plt_zmalloc(key_len, 8); 345 if (se_ctx->auth_key == NULL) 346 return -1; 347 348 memcpy(se_ctx->auth_key, key, key_len); 349 se_ctx->auth_key_len = key_len; 350 memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); 351 memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad)); 352 353 if (key_len <= 64) 354 memcpy(fctx->hmac.opad, key, key_len); 355 fctx->enc.auth_input_type = 1; 356 } 357 return 0; 358 } 359 360 int 361 roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, 362 const uint8_t *key, uint16_t key_len, uint8_t *salt) 363 { 364 struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx; 365 struct roc_se_context *fctx = &se_ctx->se_ctx.fctx; 366 uint8_t *zuc_const; 367 uint32_t keyx[4]; 368 uint8_t *ci_key; 369 int ret; 370 371 if (roc_model_is_cn9k()) { 372 ci_key = zs_ctx->zuc.onk_ctx.ci_key; 373 zuc_const = zs_ctx->zuc.onk_ctx.zuc_const; 374 } else { 375 ci_key = zs_ctx->zuc.otk_ctx.ci_key; 376 zuc_const = zs_ctx->zuc.otk_ctx.zuc_const; 377 } 378 379 /* For AES-GCM, salt is taken from ctx even if IV source 380 * is from DPTR 381 */ 382 if ((salt != NULL) && (type == ROC_SE_AES_GCM)) { 383 memcpy(fctx->enc.encr_iv, salt, 4); 384 /* Assuming it was just salt update 385 * and nothing else 386 */ 387 if (key == NULL) 388 return 0; 389 } 390 391 ret = cpt_ciph_type_set(type, se_ctx, key_len); 392 if (unlikely(ret)) 393 return -1; 394 395 if (se_ctx->fc_type == ROC_SE_FC_GEN) { 396 /* 397 * We need to always say IV is from DPTR as user can 398 * sometimes override IV per operation. 399 */ 400 fctx->enc.iv_source = ROC_SE_FROM_DPTR; 401 402 if (se_ctx->auth_key_len > 64) 403 return -1; 404 } 405 406 switch (type) { 407 case ROC_SE_PASSTHROUGH: 408 se_ctx->enc_cipher = 0; 409 fctx->enc.enc_cipher = 0; 410 goto success; 411 case ROC_SE_DES3_CBC: 412 /* CPT performs DES using 3DES with the 8B DES-key 413 * replicated 2 more times to match the 24B 3DES-key. 414 * Eg. If org. key is "0x0a 0x0b", then new key is 415 * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b" 416 */ 417 if (key_len == 8) { 418 /* Skipping the first 8B as it will be copied 419 * in the regular code flow 420 */ 421 memcpy(fctx->enc.encr_key + key_len, key, key_len); 422 memcpy(fctx->enc.encr_key + 2 * key_len, key, key_len); 423 } 424 break; 425 case ROC_SE_DES3_ECB: 426 /* For DES3_ECB IV need to be from CTX. */ 427 fctx->enc.iv_source = ROC_SE_FROM_CTX; 428 break; 429 case ROC_SE_AES_CBC: 430 case ROC_SE_AES_ECB: 431 case ROC_SE_AES_CFB: 432 case ROC_SE_AES_CTR: 433 case ROC_SE_CHACHA20: 434 cpt_ciph_aes_key_type_set(fctx, key_len); 435 break; 436 case ROC_SE_AES_GCM: 437 cpt_ciph_aes_key_type_set(fctx, key_len); 438 break; 439 case ROC_SE_AES_XTS: 440 key_len = key_len / 2; 441 cpt_ciph_aes_key_type_set(fctx, key_len); 442 443 /* Copy key2 for XTS into ipad */ 444 memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); 445 memcpy(fctx->hmac.ipad, &key[key_len], key_len); 446 break; 447 case ROC_SE_SNOW3G_UEA2: 448 zs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT; 449 zs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; 450 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; 451 cpt_snow3g_key_gen(key, keyx); 452 memcpy(ci_key, keyx, key_len); 453 se_ctx->zsk_flags = 0; 454 goto success; 455 case ROC_SE_ZUC_EEA3: 456 ret = cpt_pdcp_key_type_set(zs_ctx, key_len); 457 if (ret) 458 return ret; 459 zs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; 460 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; 461 memcpy(ci_key, key, key_len); 462 if (key_len == 32) 463 memcpy(zuc_const, zuc_key256, 16); 464 else 465 memcpy(zuc_const, zuc_key128, 32); 466 467 se_ctx->zsk_flags = 0; 468 goto success; 469 case ROC_SE_AES_CTR_EEA2: 470 zs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT; 471 zs_ctx->zuc.otk_ctx.w0.s.alg_type = 472 ROC_SE_PDCP_ALG_TYPE_AES_CTR; 473 se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR; 474 memcpy(ci_key, key, key_len); 475 se_ctx->zsk_flags = 0; 476 goto success; 477 case ROC_SE_KASUMI_F8_ECB: 478 se_ctx->k_ecb = 1; 479 memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len); 480 se_ctx->zsk_flags = 0; 481 goto success; 482 case ROC_SE_KASUMI_F8_CBC: 483 memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len); 484 se_ctx->zsk_flags = 0; 485 goto success; 486 default: 487 return -1; 488 } 489 490 /* Only for ROC_SE_FC_GEN case */ 491 492 /* For GMAC auth, cipher must be NULL */ 493 if (se_ctx->hash_type != ROC_SE_GMAC_TYPE) 494 fctx->enc.enc_cipher = type; 495 496 memcpy(fctx->enc.encr_key, key, key_len); 497 498 success: 499 se_ctx->enc_cipher = type; 500 if (se_ctx->fc_type == ROC_SE_PDCP) { 501 if (roc_model_is_cn9k()) 502 se_ctx->template_w4.s.opcode_minor = 503 ((1 << 7) | (se_ctx->pdcp_alg_type << 5) | 504 (se_ctx->zsk_flags & 0x7)); 505 else 506 se_ctx->template_w4.s.opcode_minor = ((1 << 4)); 507 } 508 return 0; 509 } 510 511 void 512 roc_se_ctx_swap(struct roc_se_ctx *se_ctx) 513 { 514 struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx; 515 516 if (roc_model_is_cn9k()) 517 return; 518 519 zs_ctx->zuc.otk_ctx.w0.u64 = htobe64(zs_ctx->zuc.otk_ctx.w0.u64); 520 } 521