1 /* SPDX-License-Identifier: GPL-2.0-only 2 * SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 * 4 * Header file for NVIDIA Security Engine driver. 5 */ 6 7 #ifndef _TEGRA_SE_H 8 #define _TEGRA_SE_H 9 10 #include <linux/bitfield.h> 11 #include <linux/iommu.h> 12 #include <linux/host1x.h> 13 #include <crypto/aead.h> 14 #include <crypto/engine.h> 15 #include <crypto/hash.h> 16 #include <crypto/sha1.h> 17 #include <crypto/sha3.h> 18 #include <crypto/skcipher.h> 19 20 #define SE_OWNERSHIP 0x14 21 #define SE_OWNERSHIP_UID(x) FIELD_GET(GENMASK(7, 0), x) 22 #define TEGRA_GPSE_ID 3 23 24 #define SE_STREAM_ID 0x90 25 26 #define SE_SHA_CFG 0x4004 27 #define SE_SHA_IN_ADDR 0x400c 28 #define SE_SHA_KEY_ADDR 0x4094 29 #define SE_SHA_KEY_DATA 0x4098 30 #define SE_SHA_KEYMANIFEST 0x409c 31 #define SE_SHA_CRYPTO_CFG 0x40a4 32 #define SE_SHA_KEY_DST 0x40a8 33 #define SE_SHA_SRC_KSLT 0x4180 34 #define SE_SHA_TGT_KSLT 0x4184 35 #define SE_SHA_MSG_LENGTH 0x401c 36 #define SE_SHA_OPERATION 0x407c 37 #define SE_SHA_HASH_RESULT 0x40b0 38 39 #define SE_SHA_ENC_MODE(x) FIELD_PREP(GENMASK(31, 24), x) 40 #define SE_SHA_ENC_MODE_SHA1 SE_SHA_ENC_MODE(0) 41 #define SE_SHA_ENC_MODE_SHA224 SE_SHA_ENC_MODE(4) 42 #define SE_SHA_ENC_MODE_SHA256 SE_SHA_ENC_MODE(5) 43 #define SE_SHA_ENC_MODE_SHA384 SE_SHA_ENC_MODE(6) 44 #define SE_SHA_ENC_MODE_SHA512 SE_SHA_ENC_MODE(7) 45 #define SE_SHA_ENC_MODE_SHA_CTX_INTEGRITY SE_SHA_ENC_MODE(8) 46 #define SE_SHA_ENC_MODE_SHA3_224 SE_SHA_ENC_MODE(9) 47 #define SE_SHA_ENC_MODE_SHA3_256 SE_SHA_ENC_MODE(10) 48 #define SE_SHA_ENC_MODE_SHA3_384 SE_SHA_ENC_MODE(11) 49 #define SE_SHA_ENC_MODE_SHA3_512 SE_SHA_ENC_MODE(12) 50 #define SE_SHA_ENC_MODE_SHAKE128 SE_SHA_ENC_MODE(13) 51 #define SE_SHA_ENC_MODE_SHAKE256 SE_SHA_ENC_MODE(14) 52 #define SE_SHA_ENC_MODE_HMAC_SHA256_1KEY SE_SHA_ENC_MODE(0) 53 #define SE_SHA_ENC_MODE_HMAC_SHA256_2KEY SE_SHA_ENC_MODE(1) 54 #define SE_SHA_ENC_MODE_SM3_256 SE_SHA_ENC_MODE(0) 55 56 #define SE_SHA_CFG_ENC_ALG(x) FIELD_PREP(GENMASK(15, 12), x) 57 #define SE_SHA_ENC_ALG_NOP SE_SHA_CFG_ENC_ALG(0) 58 #define SE_SHA_ENC_ALG_SHA_ENC SE_SHA_CFG_ENC_ALG(1) 59 #define SE_SHA_ENC_ALG_RNG SE_SHA_CFG_ENC_ALG(2) 60 #define SE_SHA_ENC_ALG_SHA SE_SHA_CFG_ENC_ALG(3) 61 #define SE_SHA_ENC_ALG_SM3 SE_SHA_CFG_ENC_ALG(4) 62 #define SE_SHA_ENC_ALG_HMAC SE_SHA_CFG_ENC_ALG(7) 63 #define SE_SHA_ENC_ALG_KDF SE_SHA_CFG_ENC_ALG(8) 64 #define SE_SHA_ENC_ALG_KEY_INVLD SE_SHA_CFG_ENC_ALG(10) 65 #define SE_SHA_ENC_ALG_KEY_INQUIRE SE_SHA_CFG_ENC_ALG(12) 66 #define SE_SHA_ENC_ALG_INS SE_SHA_CFG_ENC_ALG(13) 67 68 #define SE_SHA_OP_LASTBUF FIELD_PREP(BIT(16), 1) 69 #define SE_SHA_OP_WRSTALL FIELD_PREP(BIT(15), 1) 70 71 #define SE_SHA_OP_OP(x) FIELD_PREP(GENMASK(2, 0), x) 72 #define SE_SHA_OP_START SE_SHA_OP_OP(1) 73 #define SE_SHA_OP_RESTART_OUT SE_SHA_OP_OP(2) 74 #define SE_SHA_OP_RESTART_IN SE_SHA_OP_OP(4) 75 #define SE_SHA_OP_RESTART_INOUT SE_SHA_OP_OP(5) 76 #define SE_SHA_OP_DUMMY SE_SHA_OP_OP(6) 77 78 #define SE_SHA_CFG_DEC_ALG(x) FIELD_PREP(GENMASK(11, 8), x) 79 #define SE_SHA_DEC_ALG_NOP SE_SHA_CFG_DEC_ALG(0) 80 #define SE_SHA_DEC_ALG_AES_DEC SE_SHA_CFG_DEC_ALG(1) 81 #define SE_SHA_DEC_ALG_HMAC SE_SHA_CFG_DEC_ALG(7) 82 #define SE_SHA_DEC_ALG_HMAC_VERIFY SE_SHA_CFG_DEC_ALG(9) 83 84 #define SE_SHA_CFG_DST(x) FIELD_PREP(GENMASK(4, 2), x) 85 #define SE_SHA_DST_MEMORY SE_SHA_CFG_DST(0) 86 #define SE_SHA_DST_HASH_REG SE_SHA_CFG_DST(1) 87 #define SE_SHA_DST_KEYTABLE SE_SHA_CFG_DST(2) 88 #define SE_SHA_DST_SRK SE_SHA_CFG_DST(3) 89 90 #define SE_SHA_TASK_HASH_INIT BIT(0) 91 92 /* AES Configuration */ 93 #define SE_AES0_CFG 0x1004 94 #define SE_AES0_CRYPTO_CONFIG 0x1008 95 #define SE_AES0_KEY_DST 0x1030 96 #define SE_AES0_OPERATION 0x1038 97 #define SE_AES0_LINEAR_CTR 0x101c 98 #define SE_AES0_LAST_BLOCK 0x102c 99 #define SE_AES0_KEY_ADDR 0x10bc 100 #define SE_AES0_KEY_DATA 0x10c0 101 #define SE_AES0_CMAC_RESULT 0x10c4 102 #define SE_AES0_SRC_KSLT 0x1100 103 #define SE_AES0_TGT_KSLT 0x1104 104 #define SE_AES0_KEYMANIFEST 0x1114 105 #define SE_AES0_AAD_LEN 0x112c 106 #define SE_AES0_CRYPTO_MSG_LEN 0x1134 107 108 #define SE_AES1_CFG 0x2004 109 #define SE_AES1_CRYPTO_CONFIG 0x2008 110 #define SE_AES1_KEY_DST 0x2030 111 #define SE_AES1_OPERATION 0x2038 112 #define SE_AES1_LINEAR_CTR 0x201c 113 #define SE_AES1_LAST_BLOCK 0x202c 114 #define SE_AES1_KEY_ADDR 0x20bc 115 #define SE_AES1_KEY_DATA 0x20c0 116 #define SE_AES1_CMAC_RESULT 0x20c4 117 #define SE_AES1_SRC_KSLT 0x2100 118 #define SE_AES1_TGT_KSLT 0x2104 119 #define SE_AES1_KEYMANIFEST 0x2114 120 #define SE_AES1_AAD_LEN 0x212c 121 #define SE_AES1_CRYPTO_MSG_LEN 0x2134 122 123 #define SE_AES_CFG_ENC_MODE(x) FIELD_PREP(GENMASK(31, 24), x) 124 #define SE_AES_ENC_MODE_GMAC SE_AES_CFG_ENC_MODE(3) 125 #define SE_AES_ENC_MODE_GCM SE_AES_CFG_ENC_MODE(4) 126 #define SE_AES_ENC_MODE_GCM_FINAL SE_AES_CFG_ENC_MODE(5) 127 #define SE_AES_ENC_MODE_CMAC SE_AES_CFG_ENC_MODE(7) 128 #define SE_AES_ENC_MODE_CBC_MAC SE_AES_CFG_ENC_MODE(12) 129 130 #define SE_AES_CFG_DEC_MODE(x) FIELD_PREP(GENMASK(23, 16), x) 131 #define SE_AES_DEC_MODE_GMAC SE_AES_CFG_DEC_MODE(3) 132 #define SE_AES_DEC_MODE_GCM SE_AES_CFG_DEC_MODE(4) 133 #define SE_AES_DEC_MODE_GCM_FINAL SE_AES_CFG_DEC_MODE(5) 134 #define SE_AES_DEC_MODE_CBC_MAC SE_AES_CFG_DEC_MODE(12) 135 136 #define SE_AES_CFG_ENC_ALG(x) FIELD_PREP(GENMASK(15, 12), x) 137 #define SE_AES_ENC_ALG_NOP SE_AES_CFG_ENC_ALG(0) 138 #define SE_AES_ENC_ALG_AES_ENC SE_AES_CFG_ENC_ALG(1) 139 #define SE_AES_ENC_ALG_RNG SE_AES_CFG_ENC_ALG(2) 140 #define SE_AES_ENC_ALG_SHA SE_AES_CFG_ENC_ALG(3) 141 #define SE_AES_ENC_ALG_HMAC SE_AES_CFG_ENC_ALG(7) 142 #define SE_AES_ENC_ALG_KDF SE_AES_CFG_ENC_ALG(8) 143 #define SE_AES_ENC_ALG_INS SE_AES_CFG_ENC_ALG(13) 144 145 #define SE_AES_CFG_DEC_ALG(x) FIELD_PREP(GENMASK(11, 8), x) 146 #define SE_AES_DEC_ALG_NOP SE_AES_CFG_DEC_ALG(0) 147 #define SE_AES_DEC_ALG_AES_DEC SE_AES_CFG_DEC_ALG(1) 148 149 #define SE_AES_CFG_DST(x) FIELD_PREP(GENMASK(4, 2), x) 150 #define SE_AES_DST_MEMORY SE_AES_CFG_DST(0) 151 #define SE_AES_DST_HASH_REG SE_AES_CFG_DST(1) 152 #define SE_AES_DST_KEYTABLE SE_AES_CFG_DST(2) 153 #define SE_AES_DST_SRK SE_AES_CFG_DST(3) 154 155 /* AES Crypto Configuration */ 156 #define SE_AES_KEY2_INDEX(x) FIELD_PREP(GENMASK(31, 28), x) 157 #define SE_AES_KEY_INDEX(x) FIELD_PREP(GENMASK(27, 24), x) 158 159 #define SE_AES_CRYPTO_CFG_SCC_DIS FIELD_PREP(BIT(20), 1) 160 161 #define SE_AES_CRYPTO_CFG_CTR_CNTN(x) FIELD_PREP(GENMASK(18, 11), x) 162 163 #define SE_AES_CRYPTO_CFG_IV_MODE(x) FIELD_PREP(BIT(10), x) 164 #define SE_AES_IV_MODE_SWIV SE_AES_CRYPTO_CFG_IV_MODE(0) 165 #define SE_AES_IV_MODE_HWIV SE_AES_CRYPTO_CFG_IV_MODE(1) 166 167 #define SE_AES_CRYPTO_CFG_CORE_SEL(x) FIELD_PREP(BIT(9), x) 168 #define SE_AES_CORE_SEL_DECRYPT SE_AES_CRYPTO_CFG_CORE_SEL(0) 169 #define SE_AES_CORE_SEL_ENCRYPT SE_AES_CRYPTO_CFG_CORE_SEL(1) 170 171 #define SE_AES_CRYPTO_CFG_IV_SEL(x) FIELD_PREP(GENMASK(8, 7), x) 172 #define SE_AES_IV_SEL_UPDATED SE_AES_CRYPTO_CFG_IV_SEL(1) 173 #define SE_AES_IV_SEL_REG SE_AES_CRYPTO_CFG_IV_SEL(2) 174 #define SE_AES_IV_SEL_RANDOM SE_AES_CRYPTO_CFG_IV_SEL(3) 175 176 #define SE_AES_CRYPTO_CFG_VCTRAM_SEL(x) FIELD_PREP(GENMASK(6, 5), x) 177 #define SE_AES_VCTRAM_SEL_MEMORY SE_AES_CRYPTO_CFG_VCTRAM_SEL(0) 178 #define SE_AES_VCTRAM_SEL_TWEAK SE_AES_CRYPTO_CFG_VCTRAM_SEL(1) 179 #define SE_AES_VCTRAM_SEL_AESOUT SE_AES_CRYPTO_CFG_VCTRAM_SEL(2) 180 #define SE_AES_VCTRAM_SEL_PREV_MEM SE_AES_CRYPTO_CFG_VCTRAM_SEL(3) 181 182 #define SE_AES_CRYPTO_CFG_INPUT_SEL(x) FIELD_PREP(GENMASK(4, 3), x) 183 #define SE_AES_INPUT_SEL_MEMORY SE_AES_CRYPTO_CFG_INPUT_SEL(0) 184 #define SE_AES_INPUT_SEL_RANDOM SE_AES_CRYPTO_CFG_INPUT_SEL(1) 185 #define SE_AES_INPUT_SEL_AESOUT SE_AES_CRYPTO_CFG_INPUT_SEL(2) 186 #define SE_AES_INPUT_SEL_LINEAR_CTR SE_AES_CRYPTO_CFG_INPUT_SEL(3) 187 #define SE_AES_INPUT_SEL_REG SE_AES_CRYPTO_CFG_INPUT_SEL(1) 188 189 #define SE_AES_CRYPTO_CFG_XOR_POS(x) FIELD_PREP(GENMASK(2, 1), x) 190 #define SE_AES_XOR_POS_BYPASS SE_AES_CRYPTO_CFG_XOR_POS(0) 191 #define SE_AES_XOR_POS_BOTH SE_AES_CRYPTO_CFG_XOR_POS(1) 192 #define SE_AES_XOR_POS_TOP SE_AES_CRYPTO_CFG_XOR_POS(2) 193 #define SE_AES_XOR_POS_BOTTOM SE_AES_CRYPTO_CFG_XOR_POS(3) 194 195 #define SE_AES_CRYPTO_CFG_HASH_EN(x) FIELD_PREP(BIT(0), x) 196 #define SE_AES_HASH_DISABLE SE_AES_CRYPTO_CFG_HASH_EN(0) 197 #define SE_AES_HASH_ENABLE SE_AES_CRYPTO_CFG_HASH_EN(1) 198 199 #define SE_LAST_BLOCK_VAL(x) FIELD_PREP(GENMASK(19, 0), x) 200 #define SE_LAST_BLOCK_RES_BITS(x) FIELD_PREP(GENMASK(26, 20), x) 201 202 #define SE_AES_OP_LASTBUF FIELD_PREP(BIT(16), 1) 203 #define SE_AES_OP_WRSTALL FIELD_PREP(BIT(15), 1) 204 #define SE_AES_OP_FINAL FIELD_PREP(BIT(5), 1) 205 #define SE_AES_OP_INIT FIELD_PREP(BIT(4), 1) 206 207 #define SE_AES_OP_OP(x) FIELD_PREP(GENMASK(2, 0), x) 208 #define SE_AES_OP_START SE_AES_OP_OP(1) 209 #define SE_AES_OP_RESTART_OUT SE_AES_OP_OP(2) 210 #define SE_AES_OP_RESTART_IN SE_AES_OP_OP(4) 211 #define SE_AES_OP_RESTART_INOUT SE_AES_OP_OP(5) 212 #define SE_AES_OP_DUMMY SE_AES_OP_OP(6) 213 214 #define SE_KAC_SIZE(x) FIELD_PREP(GENMASK(15, 14), x) 215 #define SE_KAC_SIZE_128 SE_KAC_SIZE(0) 216 #define SE_KAC_SIZE_192 SE_KAC_SIZE(1) 217 #define SE_KAC_SIZE_256 SE_KAC_SIZE(2) 218 219 #define SE_KAC_EXPORTABLE FIELD_PREP(BIT(12), 1) 220 221 #define SE_KAC_PURPOSE(x) FIELD_PREP(GENMASK(11, 8), x) 222 #define SE_KAC_ENC SE_KAC_PURPOSE(0) 223 #define SE_KAC_CMAC SE_KAC_PURPOSE(1) 224 #define SE_KAC_HMAC SE_KAC_PURPOSE(2) 225 #define SE_KAC_GCM_KW SE_KAC_PURPOSE(3) 226 #define SE_KAC_HMAC_KDK SE_KAC_PURPOSE(6) 227 #define SE_KAC_HMAC_KDD SE_KAC_PURPOSE(7) 228 #define SE_KAC_HMAC_KDD_KUW SE_KAC_PURPOSE(8) 229 #define SE_KAC_XTS SE_KAC_PURPOSE(9) 230 #define SE_KAC_GCM SE_KAC_PURPOSE(10) 231 232 #define SE_KAC_USER_NS FIELD_PREP(GENMASK(6, 4), 3) 233 234 #define SE_AES_KEY_DST_INDEX(x) FIELD_PREP(GENMASK(11, 8), x) 235 #define SE_ADDR_HI_MSB(x) FIELD_PREP(GENMASK(31, 24), x) 236 #define SE_ADDR_HI_SZ(x) FIELD_PREP(GENMASK(23, 0), x) 237 238 #define SE_CFG_AES_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 239 SE_AES_DEC_ALG_NOP | \ 240 SE_AES_DST_MEMORY) 241 242 #define SE_CFG_AES_DECRYPT (SE_AES_ENC_ALG_NOP | \ 243 SE_AES_DEC_ALG_AES_DEC | \ 244 SE_AES_DST_MEMORY) 245 246 #define SE_CFG_GMAC_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 247 SE_AES_DEC_ALG_NOP | \ 248 SE_AES_ENC_MODE_GMAC | \ 249 SE_AES_DST_MEMORY) 250 251 #define SE_CFG_GMAC_DECRYPT (SE_AES_ENC_ALG_NOP | \ 252 SE_AES_DEC_ALG_AES_DEC | \ 253 SE_AES_DEC_MODE_GMAC | \ 254 SE_AES_DST_MEMORY) 255 256 #define SE_CFG_GCM_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 257 SE_AES_DEC_ALG_NOP | \ 258 SE_AES_ENC_MODE_GCM | \ 259 SE_AES_DST_MEMORY) 260 261 #define SE_CFG_GCM_DECRYPT (SE_AES_ENC_ALG_NOP | \ 262 SE_AES_DEC_ALG_AES_DEC | \ 263 SE_AES_DEC_MODE_GCM | \ 264 SE_AES_DST_MEMORY) 265 266 #define SE_CFG_GCM_FINAL_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 267 SE_AES_DEC_ALG_NOP | \ 268 SE_AES_ENC_MODE_GCM_FINAL | \ 269 SE_AES_DST_MEMORY) 270 271 #define SE_CFG_GCM_FINAL_DECRYPT (SE_AES_ENC_ALG_NOP | \ 272 SE_AES_DEC_ALG_AES_DEC | \ 273 SE_AES_DEC_MODE_GCM_FINAL | \ 274 SE_AES_DST_MEMORY) 275 276 #define SE_CFG_CMAC (SE_AES_ENC_ALG_AES_ENC | \ 277 SE_AES_ENC_MODE_CMAC | \ 278 SE_AES_DST_HASH_REG) 279 280 #define SE_CFG_CBC_MAC (SE_AES_ENC_ALG_AES_ENC | \ 281 SE_AES_ENC_MODE_CBC_MAC) 282 283 #define SE_CFG_INS (SE_AES_ENC_ALG_INS | \ 284 SE_AES_DEC_ALG_NOP) 285 286 #define SE_CRYPTO_CFG_ECB_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \ 287 SE_AES_XOR_POS_BYPASS | \ 288 SE_AES_CORE_SEL_ENCRYPT) 289 290 #define SE_CRYPTO_CFG_ECB_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 291 SE_AES_XOR_POS_BYPASS | \ 292 SE_AES_CORE_SEL_DECRYPT) 293 294 #define SE_CRYPTO_CFG_CBC_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \ 295 SE_AES_VCTRAM_SEL_AESOUT | \ 296 SE_AES_XOR_POS_TOP | \ 297 SE_AES_CORE_SEL_ENCRYPT | \ 298 SE_AES_IV_SEL_REG) 299 300 #define SE_CRYPTO_CFG_CBC_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 301 SE_AES_VCTRAM_SEL_PREV_MEM | \ 302 SE_AES_XOR_POS_BOTTOM | \ 303 SE_AES_CORE_SEL_DECRYPT | \ 304 SE_AES_IV_SEL_REG) 305 306 #define SE_CRYPTO_CFG_CTR (SE_AES_INPUT_SEL_LINEAR_CTR | \ 307 SE_AES_VCTRAM_SEL_MEMORY | \ 308 SE_AES_XOR_POS_BOTTOM | \ 309 SE_AES_CORE_SEL_ENCRYPT | \ 310 SE_AES_CRYPTO_CFG_CTR_CNTN(1) | \ 311 SE_AES_IV_SEL_REG) 312 313 #define SE_CRYPTO_CFG_XTS_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \ 314 SE_AES_VCTRAM_SEL_TWEAK | \ 315 SE_AES_XOR_POS_BOTH | \ 316 SE_AES_CORE_SEL_ENCRYPT | \ 317 SE_AES_IV_SEL_REG) 318 319 #define SE_CRYPTO_CFG_XTS_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 320 SE_AES_VCTRAM_SEL_TWEAK | \ 321 SE_AES_XOR_POS_BOTH | \ 322 SE_AES_CORE_SEL_DECRYPT | \ 323 SE_AES_IV_SEL_REG) 324 325 #define SE_CRYPTO_CFG_XTS_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 326 SE_AES_VCTRAM_SEL_TWEAK | \ 327 SE_AES_XOR_POS_BOTH | \ 328 SE_AES_CORE_SEL_DECRYPT | \ 329 SE_AES_IV_SEL_REG) 330 331 #define SE_CRYPTO_CFG_CBC_MAC (SE_AES_INPUT_SEL_MEMORY | \ 332 SE_AES_VCTRAM_SEL_AESOUT | \ 333 SE_AES_XOR_POS_TOP | \ 334 SE_AES_CORE_SEL_ENCRYPT | \ 335 SE_AES_HASH_ENABLE | \ 336 SE_AES_IV_SEL_REG) 337 338 #define HASH_RESULT_REG_COUNT 50 339 #define CMAC_RESULT_REG_COUNT 4 340 341 #define SE_CRYPTO_CTR_REG_COUNT 4 342 #define SE_MAX_KEYSLOT 15 343 #define SE_MAX_MEM_ALLOC SZ_4M 344 345 #define TEGRA_AES_RESERVED_KSLT 14 346 #define TEGRA_XTS_RESERVED_KSLT 15 347 348 #define SHA_FIRST BIT(0) 349 #define SHA_INIT BIT(1) 350 #define SHA_UPDATE BIT(2) 351 #define SHA_FINAL BIT(3) 352 353 /* Security Engine operation modes */ 354 enum se_aes_alg { 355 SE_ALG_CBC, /* Cipher Block Chaining (CBC) mode */ 356 SE_ALG_ECB, /* Electronic Codebook (ECB) mode */ 357 SE_ALG_CTR, /* Counter (CTR) mode */ 358 SE_ALG_XTS, /* XTS mode */ 359 SE_ALG_GMAC, /* GMAC mode */ 360 SE_ALG_GCM, /* GCM mode */ 361 SE_ALG_GCM_FINAL, /* GCM FINAL mode */ 362 SE_ALG_CMAC, /* Cipher-based MAC (CMAC) mode */ 363 SE_ALG_CBC_MAC, /* CBC MAC mode */ 364 }; 365 366 enum se_hash_alg { 367 SE_ALG_RNG_DRBG, /* Deterministic Random Bit Generator */ 368 SE_ALG_SHA1, /* Secure Hash Algorithm-1 (SHA1) mode */ 369 SE_ALG_SHA224, /* Secure Hash Algorithm-224 (SHA224) mode */ 370 SE_ALG_SHA256, /* Secure Hash Algorithm-256 (SHA256) mode */ 371 SE_ALG_SHA384, /* Secure Hash Algorithm-384 (SHA384) mode */ 372 SE_ALG_SHA512, /* Secure Hash Algorithm-512 (SHA512) mode */ 373 SE_ALG_SHA3_224, /* Secure Hash Algorithm3-224 (SHA3-224) mode */ 374 SE_ALG_SHA3_256, /* Secure Hash Algorithm3-256 (SHA3-256) mode */ 375 SE_ALG_SHA3_384, /* Secure Hash Algorithm3-384 (SHA3-384) mode */ 376 SE_ALG_SHA3_512, /* Secure Hash Algorithm3-512 (SHA3-512) mode */ 377 SE_ALG_SHAKE128, /* Secure Hash Algorithm3 (SHAKE128) mode */ 378 SE_ALG_SHAKE256, /* Secure Hash Algorithm3 (SHAKE256) mode */ 379 SE_ALG_HMAC_SHA224, /* Hash based MAC (HMAC) - 224 */ 380 SE_ALG_HMAC_SHA256, /* Hash based MAC (HMAC) - 256 */ 381 SE_ALG_HMAC_SHA384, /* Hash based MAC (HMAC) - 384 */ 382 SE_ALG_HMAC_SHA512, /* Hash based MAC (HMAC) - 512 */ 383 }; 384 385 struct tegra_se_alg { 386 struct tegra_se *se_dev; 387 const char *alg_base; 388 389 union { 390 struct skcipher_engine_alg skcipher; 391 struct aead_engine_alg aead; 392 struct ahash_engine_alg ahash; 393 } alg; 394 }; 395 396 struct tegra_se_regs { 397 u32 op; 398 u32 config; 399 u32 last_blk; 400 u32 linear_ctr; 401 u32 out_addr; 402 u32 aad_len; 403 u32 cryp_msg_len; 404 u32 manifest; 405 u32 key_addr; 406 u32 key_data; 407 u32 key_dst; 408 u32 result; 409 }; 410 411 struct tegra_se_hw { 412 const struct tegra_se_regs *regs; 413 int (*init_alg)(struct tegra_se *se); 414 void (*deinit_alg)(struct tegra_se *se); 415 bool support_sm_alg; 416 u32 host1x_class; 417 u32 kac_ver; 418 }; 419 420 struct tegra_se { 421 int (*manifest)(u32 user, u32 alg, u32 keylen); 422 const struct tegra_se_hw *hw; 423 struct host1x_client client; 424 struct host1x_channel *channel; 425 struct tegra_se_cmdbuf *cmdbuf; 426 struct tegra_se_cmdbuf *keybuf; 427 struct crypto_engine *engine; 428 struct host1x_syncpt *syncpt; 429 struct device *dev; 430 struct clk *clk; 431 unsigned int opcode_addr; 432 unsigned int stream_id; 433 unsigned int syncpt_id; 434 void __iomem *base; 435 u32 owner; 436 }; 437 438 struct tegra_se_cmdbuf { 439 dma_addr_t iova; 440 u32 *addr; 441 struct device *dev; 442 struct kref ref; 443 struct host1x_bo bo; 444 ssize_t size; 445 u32 words; 446 }; 447 448 struct tegra_se_datbuf { 449 u8 *buf; 450 dma_addr_t addr; 451 ssize_t size; 452 }; 453 454 static inline int se_algname_to_algid(const char *name) 455 { 456 if (!strcmp(name, "cbc(aes)")) 457 return SE_ALG_CBC; 458 else if (!strcmp(name, "ecb(aes)")) 459 return SE_ALG_ECB; 460 else if (!strcmp(name, "ctr(aes)")) 461 return SE_ALG_CTR; 462 else if (!strcmp(name, "xts(aes)")) 463 return SE_ALG_XTS; 464 else if (!strcmp(name, "cmac(aes)")) 465 return SE_ALG_CMAC; 466 else if (!strcmp(name, "gcm(aes)")) 467 return SE_ALG_GCM; 468 else if (!strcmp(name, "ccm(aes)")) 469 return SE_ALG_CBC_MAC; 470 471 else if (!strcmp(name, "sha1")) 472 return SE_ALG_SHA1; 473 else if (!strcmp(name, "sha224")) 474 return SE_ALG_SHA224; 475 else if (!strcmp(name, "sha256")) 476 return SE_ALG_SHA256; 477 else if (!strcmp(name, "sha384")) 478 return SE_ALG_SHA384; 479 else if (!strcmp(name, "sha512")) 480 return SE_ALG_SHA512; 481 else if (!strcmp(name, "sha3-224")) 482 return SE_ALG_SHA3_224; 483 else if (!strcmp(name, "sha3-256")) 484 return SE_ALG_SHA3_256; 485 else if (!strcmp(name, "sha3-384")) 486 return SE_ALG_SHA3_384; 487 else if (!strcmp(name, "sha3-512")) 488 return SE_ALG_SHA3_512; 489 else if (!strcmp(name, "hmac(sha224)")) 490 return SE_ALG_HMAC_SHA224; 491 else if (!strcmp(name, "hmac(sha256)")) 492 return SE_ALG_HMAC_SHA256; 493 else if (!strcmp(name, "hmac(sha384)")) 494 return SE_ALG_HMAC_SHA384; 495 else if (!strcmp(name, "hmac(sha512)")) 496 return SE_ALG_HMAC_SHA512; 497 else 498 return -EINVAL; 499 } 500 501 /* Functions */ 502 int tegra_init_aes(struct tegra_se *se); 503 int tegra_init_hash(struct tegra_se *se); 504 void tegra_deinit_aes(struct tegra_se *se); 505 void tegra_deinit_hash(struct tegra_se *se); 506 int tegra_key_submit(struct tegra_se *se, const u8 *key, 507 u32 keylen, u32 alg, u32 *keyid); 508 509 int tegra_key_submit_reserved(struct tegra_se *se, const u8 *key, 510 u32 keylen, u32 alg, u32 *keyid); 511 512 void tegra_key_invalidate(struct tegra_se *se, u32 keyid, u32 alg); 513 void tegra_key_invalidate_reserved(struct tegra_se *se, u32 keyid, u32 alg); 514 int tegra_se_host1x_submit(struct tegra_se *se, struct tegra_se_cmdbuf *cmdbuf, u32 size); 515 516 static inline int tegra_key_submit_reserved_aes(struct tegra_se *se, const u8 *key, 517 u32 keylen, u32 alg, u32 *keyid) 518 { 519 *keyid = TEGRA_AES_RESERVED_KSLT; 520 return tegra_key_submit_reserved(se, key, keylen, alg, keyid); 521 } 522 523 static inline int tegra_key_submit_reserved_xts(struct tegra_se *se, const u8 *key, 524 u32 keylen, u32 alg, u32 *keyid) 525 { 526 *keyid = TEGRA_XTS_RESERVED_KSLT; 527 return tegra_key_submit_reserved(se, key, keylen, alg, keyid); 528 } 529 530 static inline bool tegra_key_is_reserved(u32 keyid) 531 { 532 return ((keyid == TEGRA_AES_RESERVED_KSLT) || 533 (keyid == TEGRA_XTS_RESERVED_KSLT)); 534 } 535 536 /* HOST1x OPCODES */ 537 static inline u32 host1x_opcode_setpayload(unsigned int payload) 538 { 539 return (9 << 28) | payload; 540 } 541 542 static inline u32 host1x_opcode_incr_w(unsigned int offset) 543 { 544 /* 22-bit offset supported */ 545 return (10 << 28) | offset; 546 } 547 548 static inline u32 host1x_opcode_nonincr_w(unsigned int offset) 549 { 550 /* 22-bit offset supported */ 551 return (11 << 28) | offset; 552 } 553 554 static inline u32 host1x_opcode_incr(unsigned int offset, unsigned int count) 555 { 556 return (1 << 28) | (offset << 16) | count; 557 } 558 559 static inline u32 host1x_opcode_nonincr(unsigned int offset, unsigned int count) 560 { 561 return (2 << 28) | (offset << 16) | count; 562 } 563 564 static inline u32 host1x_uclass_incr_syncpt_cond_f(u32 v) 565 { 566 return (v & 0xff) << 10; 567 } 568 569 static inline u32 host1x_uclass_incr_syncpt_indx_f(u32 v) 570 { 571 return (v & 0x3ff) << 0; 572 } 573 574 static inline u32 host1x_uclass_wait_syncpt_r(void) 575 { 576 return 0x8; 577 } 578 579 static inline u32 host1x_uclass_incr_syncpt_r(void) 580 { 581 return 0x0; 582 } 583 584 #define se_host1x_opcode_incr_w(x) host1x_opcode_incr_w((x) / 4) 585 #define se_host1x_opcode_nonincr_w(x) host1x_opcode_nonincr_w((x) / 4) 586 #define se_host1x_opcode_incr(x, y) host1x_opcode_incr((x) / 4, y) 587 #define se_host1x_opcode_nonincr(x, y) host1x_opcode_nonincr((x) / 4, y) 588 589 #endif /*_TEGRA_SE_H*/ 590