| 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
|---|
| 2 | /* |
|---|
| 3 | * AMD Cryptographic Coprocessor (CCP) crypto API support |
|---|
| 4 | * |
|---|
| 5 | * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. |
|---|
| 6 | * |
|---|
| 7 | * Author: Tom Lendacky <thomas.lendacky@amd.com> |
|---|
| 8 | */ |
|---|
| 9 | |
|---|
| 10 | #ifndef __CCP_CRYPTO_H__ |
|---|
| 11 | #define __CCP_CRYPTO_H__ |
|---|
| 12 | |
|---|
| 13 | #include <linux/list.h> |
|---|
| 14 | #include <linux/wait.h> |
|---|
| 15 | #include <linux/ccp.h> |
|---|
| 16 | #include <crypto/algapi.h> |
|---|
| 17 | #include <crypto/aes.h> |
|---|
| 18 | #include <crypto/internal/aead.h> |
|---|
| 19 | #include <crypto/aead.h> |
|---|
| 20 | #include <crypto/ctr.h> |
|---|
| 21 | #include <crypto/hash.h> |
|---|
| 22 | #include <crypto/sha1.h> |
|---|
| 23 | #include <crypto/sha2.h> |
|---|
| 24 | #include <crypto/akcipher.h> |
|---|
| 25 | #include <crypto/skcipher.h> |
|---|
| 26 | #include <crypto/internal/rsa.h> |
|---|
| 27 | |
|---|
| 28 | /* We want the module name in front of our messages */ |
|---|
| 29 | #undef pr_fmt |
|---|
| 30 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
|---|
| 31 | |
|---|
| 32 | #define CCP_LOG_LEVEL KERN_INFO |
|---|
| 33 | |
|---|
| 34 | #define CCP_CRA_PRIORITY 300 |
|---|
| 35 | |
|---|
| 36 | struct ccp_crypto_skcipher_alg { |
|---|
| 37 | struct list_head entry; |
|---|
| 38 | |
|---|
| 39 | u32 mode; |
|---|
| 40 | |
|---|
| 41 | struct skcipher_alg alg; |
|---|
| 42 | }; |
|---|
| 43 | |
|---|
| 44 | struct ccp_crypto_aead { |
|---|
| 45 | struct list_head entry; |
|---|
| 46 | |
|---|
| 47 | u32 mode; |
|---|
| 48 | |
|---|
| 49 | struct aead_alg alg; |
|---|
| 50 | }; |
|---|
| 51 | |
|---|
| 52 | struct ccp_crypto_ahash_alg { |
|---|
| 53 | struct list_head entry; |
|---|
| 54 | |
|---|
| 55 | const __be32 *init; |
|---|
| 56 | u32 type; |
|---|
| 57 | u32 mode; |
|---|
| 58 | |
|---|
| 59 | /* Child algorithm used for HMAC, CMAC, etc */ |
|---|
| 60 | char child_alg[CRYPTO_MAX_ALG_NAME]; |
|---|
| 61 | |
|---|
| 62 | struct ahash_alg alg; |
|---|
| 63 | }; |
|---|
| 64 | |
|---|
| 65 | struct ccp_crypto_akcipher_alg { |
|---|
| 66 | struct list_head entry; |
|---|
| 67 | |
|---|
| 68 | struct akcipher_alg alg; |
|---|
| 69 | }; |
|---|
| 70 | |
|---|
| 71 | static inline struct ccp_crypto_skcipher_alg * |
|---|
| 72 | ccp_crypto_skcipher_alg(struct crypto_skcipher *tfm) |
|---|
| 73 | { |
|---|
| 74 | struct skcipher_alg *alg = crypto_skcipher_alg(tfm); |
|---|
| 75 | |
|---|
| 76 | return container_of(alg, struct ccp_crypto_skcipher_alg, alg); |
|---|
| 77 | } |
|---|
| 78 | |
|---|
| 79 | static inline struct ccp_crypto_ahash_alg * |
|---|
| 80 | ccp_crypto_ahash_alg(struct crypto_tfm *tfm) |
|---|
| 81 | { |
|---|
| 82 | struct crypto_alg *alg = tfm->__crt_alg; |
|---|
| 83 | struct ahash_alg *ahash_alg; |
|---|
| 84 | |
|---|
| 85 | ahash_alg = container_of(alg, struct ahash_alg, halg.base); |
|---|
| 86 | |
|---|
| 87 | return container_of(ahash_alg, struct ccp_crypto_ahash_alg, alg); |
|---|
| 88 | } |
|---|
| 89 | |
|---|
| 90 | /***** AES related defines *****/ |
|---|
| 91 | struct ccp_aes_ctx { |
|---|
| 92 | /* Fallback cipher for XTS with unsupported unit sizes */ |
|---|
| 93 | struct crypto_skcipher *tfm_skcipher; |
|---|
| 94 | |
|---|
| 95 | enum ccp_engine engine; |
|---|
| 96 | enum ccp_aes_type type; |
|---|
| 97 | enum ccp_aes_mode mode; |
|---|
| 98 | |
|---|
| 99 | struct scatterlist key_sg; |
|---|
| 100 | unsigned int key_len; |
|---|
| 101 | u8 key[AES_MAX_KEY_SIZE * 2]; |
|---|
| 102 | |
|---|
| 103 | u8 nonce[CTR_RFC3686_NONCE_SIZE]; |
|---|
| 104 | |
|---|
| 105 | /* CMAC key structures */ |
|---|
| 106 | struct scatterlist k1_sg; |
|---|
| 107 | struct scatterlist k2_sg; |
|---|
| 108 | unsigned int kn_len; |
|---|
| 109 | u8 k1[AES_BLOCK_SIZE]; |
|---|
| 110 | u8 k2[AES_BLOCK_SIZE]; |
|---|
| 111 | }; |
|---|
| 112 | |
|---|
| 113 | struct ccp_aes_req_ctx { |
|---|
| 114 | struct scatterlist iv_sg; |
|---|
| 115 | u8 iv[AES_BLOCK_SIZE]; |
|---|
| 116 | |
|---|
| 117 | struct scatterlist tag_sg; |
|---|
| 118 | u8 tag[AES_BLOCK_SIZE]; |
|---|
| 119 | |
|---|
| 120 | /* Fields used for RFC3686 requests */ |
|---|
| 121 | u8 *rfc3686_info; |
|---|
| 122 | u8 rfc3686_iv[AES_BLOCK_SIZE]; |
|---|
| 123 | |
|---|
| 124 | struct ccp_cmd cmd; |
|---|
| 125 | |
|---|
| 126 | struct skcipher_request fallback_req; // keep at the end |
|---|
| 127 | }; |
|---|
| 128 | |
|---|
| 129 | struct ccp_aes_cmac_req_ctx { |
|---|
| 130 | unsigned int null_msg; |
|---|
| 131 | unsigned int final; |
|---|
| 132 | |
|---|
| 133 | struct scatterlist *src; |
|---|
| 134 | unsigned int nbytes; |
|---|
| 135 | |
|---|
| 136 | u64 hash_cnt; |
|---|
| 137 | unsigned int hash_rem; |
|---|
| 138 | |
|---|
| 139 | struct sg_table data_sg; |
|---|
| 140 | |
|---|
| 141 | struct scatterlist iv_sg; |
|---|
| 142 | u8 iv[AES_BLOCK_SIZE]; |
|---|
| 143 | |
|---|
| 144 | struct scatterlist buf_sg; |
|---|
| 145 | unsigned int buf_count; |
|---|
| 146 | u8 buf[AES_BLOCK_SIZE]; |
|---|
| 147 | |
|---|
| 148 | struct scatterlist pad_sg; |
|---|
| 149 | unsigned int pad_count; |
|---|
| 150 | u8 pad[AES_BLOCK_SIZE]; |
|---|
| 151 | |
|---|
| 152 | struct ccp_cmd cmd; |
|---|
| 153 | }; |
|---|
| 154 | |
|---|
| 155 | struct ccp_aes_cmac_exp_ctx { |
|---|
| 156 | unsigned int null_msg; |
|---|
| 157 | |
|---|
| 158 | u8 iv[AES_BLOCK_SIZE]; |
|---|
| 159 | |
|---|
| 160 | unsigned int buf_count; |
|---|
| 161 | u8 buf[AES_BLOCK_SIZE]; |
|---|
| 162 | }; |
|---|
| 163 | |
|---|
| 164 | /***** 3DES related defines *****/ |
|---|
| 165 | struct ccp_des3_ctx { |
|---|
| 166 | enum ccp_engine engine; |
|---|
| 167 | enum ccp_des3_type type; |
|---|
| 168 | enum ccp_des3_mode mode; |
|---|
| 169 | |
|---|
| 170 | struct scatterlist key_sg; |
|---|
| 171 | unsigned int key_len; |
|---|
| 172 | u8 key[AES_MAX_KEY_SIZE]; |
|---|
| 173 | }; |
|---|
| 174 | |
|---|
| 175 | struct ccp_des3_req_ctx { |
|---|
| 176 | struct scatterlist iv_sg; |
|---|
| 177 | u8 iv[AES_BLOCK_SIZE]; |
|---|
| 178 | |
|---|
| 179 | struct ccp_cmd cmd; |
|---|
| 180 | }; |
|---|
| 181 | |
|---|
| 182 | /* SHA-related defines |
|---|
| 183 | * These values must be large enough to accommodate any variant |
|---|
| 184 | */ |
|---|
| 185 | #define MAX_SHA_CONTEXT_SIZE SHA512_DIGEST_SIZE |
|---|
| 186 | #define MAX_SHA_BLOCK_SIZE SHA512_BLOCK_SIZE |
|---|
| 187 | |
|---|
| 188 | struct ccp_sha_ctx { |
|---|
| 189 | struct scatterlist opad_sg; |
|---|
| 190 | unsigned int opad_count; |
|---|
| 191 | |
|---|
| 192 | unsigned int key_len; |
|---|
| 193 | u8 key[MAX_SHA_BLOCK_SIZE]; |
|---|
| 194 | u8 ipad[MAX_SHA_BLOCK_SIZE]; |
|---|
| 195 | u8 opad[MAX_SHA_BLOCK_SIZE]; |
|---|
| 196 | struct crypto_shash *hmac_tfm; |
|---|
| 197 | }; |
|---|
| 198 | |
|---|
| 199 | struct ccp_sha_req_ctx { |
|---|
| 200 | enum ccp_sha_type type; |
|---|
| 201 | |
|---|
| 202 | u64 msg_bits; |
|---|
| 203 | |
|---|
| 204 | unsigned int first; |
|---|
| 205 | unsigned int final; |
|---|
| 206 | |
|---|
| 207 | struct scatterlist *src; |
|---|
| 208 | unsigned int nbytes; |
|---|
| 209 | |
|---|
| 210 | u64 hash_cnt; |
|---|
| 211 | unsigned int hash_rem; |
|---|
| 212 | |
|---|
| 213 | struct sg_table data_sg; |
|---|
| 214 | |
|---|
| 215 | struct scatterlist ctx_sg; |
|---|
| 216 | u8 ctx[MAX_SHA_CONTEXT_SIZE]; |
|---|
| 217 | |
|---|
| 218 | struct scatterlist buf_sg; |
|---|
| 219 | unsigned int buf_count; |
|---|
| 220 | u8 buf[MAX_SHA_BLOCK_SIZE]; |
|---|
| 221 | |
|---|
| 222 | /* CCP driver command */ |
|---|
| 223 | struct ccp_cmd cmd; |
|---|
| 224 | }; |
|---|
| 225 | |
|---|
| 226 | struct ccp_sha_exp_ctx { |
|---|
| 227 | enum ccp_sha_type type; |
|---|
| 228 | |
|---|
| 229 | u64 msg_bits; |
|---|
| 230 | |
|---|
| 231 | unsigned int first; |
|---|
| 232 | |
|---|
| 233 | u8 ctx[MAX_SHA_CONTEXT_SIZE]; |
|---|
| 234 | |
|---|
| 235 | unsigned int buf_count; |
|---|
| 236 | u8 buf[MAX_SHA_BLOCK_SIZE]; |
|---|
| 237 | }; |
|---|
| 238 | |
|---|
| 239 | /***** RSA related defines *****/ |
|---|
| 240 | |
|---|
| 241 | struct ccp_rsa_ctx { |
|---|
| 242 | unsigned int key_len; /* in bits */ |
|---|
| 243 | struct scatterlist e_sg; |
|---|
| 244 | u8 *e_buf; |
|---|
| 245 | unsigned int e_len; |
|---|
| 246 | struct scatterlist n_sg; |
|---|
| 247 | u8 *n_buf; |
|---|
| 248 | unsigned int n_len; |
|---|
| 249 | struct scatterlist d_sg; |
|---|
| 250 | u8 *d_buf; |
|---|
| 251 | unsigned int d_len; |
|---|
| 252 | }; |
|---|
| 253 | |
|---|
| 254 | struct ccp_rsa_req_ctx { |
|---|
| 255 | struct ccp_cmd cmd; |
|---|
| 256 | }; |
|---|
| 257 | |
|---|
| 258 | #define CCP_RSA_MAXMOD (4 * 1024 / 8) |
|---|
| 259 | #define CCP5_RSA_MAXMOD (16 * 1024 / 8) |
|---|
| 260 | |
|---|
| 261 | /***** Common Context Structure *****/ |
|---|
| 262 | struct ccp_ctx { |
|---|
| 263 | int (*complete)(struct crypto_async_request *req, int ret); |
|---|
| 264 | |
|---|
| 265 | union { |
|---|
| 266 | struct ccp_aes_ctx aes; |
|---|
| 267 | struct ccp_rsa_ctx rsa; |
|---|
| 268 | struct ccp_sha_ctx sha; |
|---|
| 269 | struct ccp_des3_ctx des3; |
|---|
| 270 | } u; |
|---|
| 271 | }; |
|---|
| 272 | |
|---|
| 273 | int ccp_crypto_enqueue_request(struct crypto_async_request *req, |
|---|
| 274 | struct ccp_cmd *cmd); |
|---|
| 275 | struct scatterlist *ccp_crypto_sg_table_add(struct sg_table *table, |
|---|
| 276 | struct scatterlist *sg_add); |
|---|
| 277 | |
|---|
| 278 | int ccp_register_aes_algs(struct list_head *head); |
|---|
| 279 | int ccp_register_aes_cmac_algs(struct list_head *head); |
|---|
| 280 | int ccp_register_aes_xts_algs(struct list_head *head); |
|---|
| 281 | int ccp_register_aes_aeads(struct list_head *head); |
|---|
| 282 | int ccp_register_sha_algs(struct list_head *head); |
|---|
| 283 | int ccp_register_des3_algs(struct list_head *head); |
|---|
| 284 | int ccp_register_rsa_algs(struct list_head *head); |
|---|
| 285 | |
|---|
| 286 | #endif |
|---|
| 287 | |
|---|
