tegra-se.h 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589
  1. /* SPDX-License-Identifier: GPL-2.0-only
  2. * SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
  3. *
  4. * Header file for NVIDIA Security Engine driver.
  5. */
  6. #ifndef _TEGRA_SE_H
  7. #define _TEGRA_SE_H
  8. #include <linux/bitfield.h>
  9. #include <linux/iommu.h>
  10. #include <linux/host1x.h>
  11. #include <crypto/aead.h>
  12. #include <crypto/engine.h>
  13. #include <crypto/hash.h>
  14. #include <crypto/sha1.h>
  15. #include <crypto/sha3.h>
  16. #include <crypto/skcipher.h>
  17. #define SE_OWNERSHIP 0x14
  18. #define SE_OWNERSHIP_UID(x) FIELD_GET(GENMASK(7, 0), x)
  19. #define TEGRA_GPSE_ID 3
  20. #define SE_STREAM_ID 0x90
  21. #define SE_SHA_CFG 0x4004
  22. #define SE_SHA_IN_ADDR 0x400c
  23. #define SE_SHA_KEY_ADDR 0x4094
  24. #define SE_SHA_KEY_DATA 0x4098
  25. #define SE_SHA_KEYMANIFEST 0x409c
  26. #define SE_SHA_CRYPTO_CFG 0x40a4
  27. #define SE_SHA_KEY_DST 0x40a8
  28. #define SE_SHA_SRC_KSLT 0x4180
  29. #define SE_SHA_TGT_KSLT 0x4184
  30. #define SE_SHA_MSG_LENGTH 0x401c
  31. #define SE_SHA_OPERATION 0x407c
  32. #define SE_SHA_HASH_RESULT 0x40b0
  33. #define SE_SHA_ENC_MODE(x) FIELD_PREP(GENMASK(31, 24), x)
  34. #define SE_SHA_ENC_MODE_SHA1 SE_SHA_ENC_MODE(0)
  35. #define SE_SHA_ENC_MODE_SHA224 SE_SHA_ENC_MODE(4)
  36. #define SE_SHA_ENC_MODE_SHA256 SE_SHA_ENC_MODE(5)
  37. #define SE_SHA_ENC_MODE_SHA384 SE_SHA_ENC_MODE(6)
  38. #define SE_SHA_ENC_MODE_SHA512 SE_SHA_ENC_MODE(7)
  39. #define SE_SHA_ENC_MODE_SHA_CTX_INTEGRITY SE_SHA_ENC_MODE(8)
  40. #define SE_SHA_ENC_MODE_SHA3_224 SE_SHA_ENC_MODE(9)
  41. #define SE_SHA_ENC_MODE_SHA3_256 SE_SHA_ENC_MODE(10)
  42. #define SE_SHA_ENC_MODE_SHA3_384 SE_SHA_ENC_MODE(11)
  43. #define SE_SHA_ENC_MODE_SHA3_512 SE_SHA_ENC_MODE(12)
  44. #define SE_SHA_ENC_MODE_SHAKE128 SE_SHA_ENC_MODE(13)
  45. #define SE_SHA_ENC_MODE_SHAKE256 SE_SHA_ENC_MODE(14)
  46. #define SE_SHA_ENC_MODE_HMAC_SHA256_1KEY SE_SHA_ENC_MODE(0)
  47. #define SE_SHA_ENC_MODE_HMAC_SHA256_2KEY SE_SHA_ENC_MODE(1)
  48. #define SE_SHA_ENC_MODE_SM3_256 SE_SHA_ENC_MODE(0)
  49. #define SE_SHA_CFG_ENC_ALG(x) FIELD_PREP(GENMASK(15, 12), x)
  50. #define SE_SHA_ENC_ALG_NOP SE_SHA_CFG_ENC_ALG(0)
  51. #define SE_SHA_ENC_ALG_SHA_ENC SE_SHA_CFG_ENC_ALG(1)
  52. #define SE_SHA_ENC_ALG_RNG SE_SHA_CFG_ENC_ALG(2)
  53. #define SE_SHA_ENC_ALG_SHA SE_SHA_CFG_ENC_ALG(3)
  54. #define SE_SHA_ENC_ALG_SM3 SE_SHA_CFG_ENC_ALG(4)
  55. #define SE_SHA_ENC_ALG_HMAC SE_SHA_CFG_ENC_ALG(7)
  56. #define SE_SHA_ENC_ALG_KDF SE_SHA_CFG_ENC_ALG(8)
  57. #define SE_SHA_ENC_ALG_KEY_INVLD SE_SHA_CFG_ENC_ALG(10)
  58. #define SE_SHA_ENC_ALG_KEY_INQUIRE SE_SHA_CFG_ENC_ALG(12)
  59. #define SE_SHA_ENC_ALG_INS SE_SHA_CFG_ENC_ALG(13)
  60. #define SE_SHA_OP_LASTBUF FIELD_PREP(BIT(16), 1)
  61. #define SE_SHA_OP_WRSTALL FIELD_PREP(BIT(15), 1)
  62. #define SE_SHA_OP_OP(x) FIELD_PREP(GENMASK(2, 0), x)
  63. #define SE_SHA_OP_START SE_SHA_OP_OP(1)
  64. #define SE_SHA_OP_RESTART_OUT SE_SHA_OP_OP(2)
  65. #define SE_SHA_OP_RESTART_IN SE_SHA_OP_OP(4)
  66. #define SE_SHA_OP_RESTART_INOUT SE_SHA_OP_OP(5)
  67. #define SE_SHA_OP_DUMMY SE_SHA_OP_OP(6)
  68. #define SE_SHA_CFG_DEC_ALG(x) FIELD_PREP(GENMASK(11, 8), x)
  69. #define SE_SHA_DEC_ALG_NOP SE_SHA_CFG_DEC_ALG(0)
  70. #define SE_SHA_DEC_ALG_AES_DEC SE_SHA_CFG_DEC_ALG(1)
  71. #define SE_SHA_DEC_ALG_HMAC SE_SHA_CFG_DEC_ALG(7)
  72. #define SE_SHA_DEC_ALG_HMAC_VERIFY SE_SHA_CFG_DEC_ALG(9)
  73. #define SE_SHA_CFG_DST(x) FIELD_PREP(GENMASK(4, 2), x)
  74. #define SE_SHA_DST_MEMORY SE_SHA_CFG_DST(0)
  75. #define SE_SHA_DST_HASH_REG SE_SHA_CFG_DST(1)
  76. #define SE_SHA_DST_KEYTABLE SE_SHA_CFG_DST(2)
  77. #define SE_SHA_DST_SRK SE_SHA_CFG_DST(3)
  78. #define SE_SHA_TASK_HASH_INIT BIT(0)
  79. /* AES Configuration */
  80. #define SE_AES0_CFG 0x1004
  81. #define SE_AES0_CRYPTO_CONFIG 0x1008
  82. #define SE_AES0_KEY_DST 0x1030
  83. #define SE_AES0_OPERATION 0x1038
  84. #define SE_AES0_LINEAR_CTR 0x101c
  85. #define SE_AES0_LAST_BLOCK 0x102c
  86. #define SE_AES0_KEY_ADDR 0x10bc
  87. #define SE_AES0_KEY_DATA 0x10c0
  88. #define SE_AES0_CMAC_RESULT 0x10c4
  89. #define SE_AES0_SRC_KSLT 0x1100
  90. #define SE_AES0_TGT_KSLT 0x1104
  91. #define SE_AES0_KEYMANIFEST 0x1114
  92. #define SE_AES0_AAD_LEN 0x112c
  93. #define SE_AES0_CRYPTO_MSG_LEN 0x1134
  94. #define SE_AES1_CFG 0x2004
  95. #define SE_AES1_CRYPTO_CONFIG 0x2008
  96. #define SE_AES1_KEY_DST 0x2030
  97. #define SE_AES1_OPERATION 0x2038
  98. #define SE_AES1_LINEAR_CTR 0x201c
  99. #define SE_AES1_LAST_BLOCK 0x202c
  100. #define SE_AES1_KEY_ADDR 0x20bc
  101. #define SE_AES1_KEY_DATA 0x20c0
  102. #define SE_AES1_CMAC_RESULT 0x20c4
  103. #define SE_AES1_SRC_KSLT 0x2100
  104. #define SE_AES1_TGT_KSLT 0x2104
  105. #define SE_AES1_KEYMANIFEST 0x2114
  106. #define SE_AES1_AAD_LEN 0x212c
  107. #define SE_AES1_CRYPTO_MSG_LEN 0x2134
  108. #define SE_AES_CFG_ENC_MODE(x) FIELD_PREP(GENMASK(31, 24), x)
  109. #define SE_AES_ENC_MODE_GMAC SE_AES_CFG_ENC_MODE(3)
  110. #define SE_AES_ENC_MODE_GCM SE_AES_CFG_ENC_MODE(4)
  111. #define SE_AES_ENC_MODE_GCM_FINAL SE_AES_CFG_ENC_MODE(5)
  112. #define SE_AES_ENC_MODE_CMAC SE_AES_CFG_ENC_MODE(7)
  113. #define SE_AES_ENC_MODE_CBC_MAC SE_AES_CFG_ENC_MODE(12)
  114. #define SE_AES_CFG_DEC_MODE(x) FIELD_PREP(GENMASK(23, 16), x)
  115. #define SE_AES_DEC_MODE_GMAC SE_AES_CFG_DEC_MODE(3)
  116. #define SE_AES_DEC_MODE_GCM SE_AES_CFG_DEC_MODE(4)
  117. #define SE_AES_DEC_MODE_GCM_FINAL SE_AES_CFG_DEC_MODE(5)
  118. #define SE_AES_DEC_MODE_CBC_MAC SE_AES_CFG_DEC_MODE(12)
  119. #define SE_AES_CFG_ENC_ALG(x) FIELD_PREP(GENMASK(15, 12), x)
  120. #define SE_AES_ENC_ALG_NOP SE_AES_CFG_ENC_ALG(0)
  121. #define SE_AES_ENC_ALG_AES_ENC SE_AES_CFG_ENC_ALG(1)
  122. #define SE_AES_ENC_ALG_RNG SE_AES_CFG_ENC_ALG(2)
  123. #define SE_AES_ENC_ALG_SHA SE_AES_CFG_ENC_ALG(3)
  124. #define SE_AES_ENC_ALG_HMAC SE_AES_CFG_ENC_ALG(7)
  125. #define SE_AES_ENC_ALG_KDF SE_AES_CFG_ENC_ALG(8)
  126. #define SE_AES_ENC_ALG_INS SE_AES_CFG_ENC_ALG(13)
  127. #define SE_AES_CFG_DEC_ALG(x) FIELD_PREP(GENMASK(11, 8), x)
  128. #define SE_AES_DEC_ALG_NOP SE_AES_CFG_DEC_ALG(0)
  129. #define SE_AES_DEC_ALG_AES_DEC SE_AES_CFG_DEC_ALG(1)
  130. #define SE_AES_CFG_DST(x) FIELD_PREP(GENMASK(4, 2), x)
  131. #define SE_AES_DST_MEMORY SE_AES_CFG_DST(0)
  132. #define SE_AES_DST_HASH_REG SE_AES_CFG_DST(1)
  133. #define SE_AES_DST_KEYTABLE SE_AES_CFG_DST(2)
  134. #define SE_AES_DST_SRK SE_AES_CFG_DST(3)
  135. /* AES Crypto Configuration */
  136. #define SE_AES_KEY2_INDEX(x) FIELD_PREP(GENMASK(31, 28), x)
  137. #define SE_AES_KEY_INDEX(x) FIELD_PREP(GENMASK(27, 24), x)
  138. #define SE_AES_CRYPTO_CFG_SCC_DIS FIELD_PREP(BIT(20), 1)
  139. #define SE_AES_CRYPTO_CFG_CTR_CNTN(x) FIELD_PREP(GENMASK(18, 11), x)
  140. #define SE_AES_CRYPTO_CFG_IV_MODE(x) FIELD_PREP(BIT(10), x)
  141. #define SE_AES_IV_MODE_SWIV SE_AES_CRYPTO_CFG_IV_MODE(0)
  142. #define SE_AES_IV_MODE_HWIV SE_AES_CRYPTO_CFG_IV_MODE(1)
  143. #define SE_AES_CRYPTO_CFG_CORE_SEL(x) FIELD_PREP(BIT(9), x)
  144. #define SE_AES_CORE_SEL_DECRYPT SE_AES_CRYPTO_CFG_CORE_SEL(0)
  145. #define SE_AES_CORE_SEL_ENCRYPT SE_AES_CRYPTO_CFG_CORE_SEL(1)
  146. #define SE_AES_CRYPTO_CFG_IV_SEL(x) FIELD_PREP(GENMASK(8, 7), x)
  147. #define SE_AES_IV_SEL_UPDATED SE_AES_CRYPTO_CFG_IV_SEL(1)
  148. #define SE_AES_IV_SEL_REG SE_AES_CRYPTO_CFG_IV_SEL(2)
  149. #define SE_AES_IV_SEL_RANDOM SE_AES_CRYPTO_CFG_IV_SEL(3)
  150. #define SE_AES_CRYPTO_CFG_VCTRAM_SEL(x) FIELD_PREP(GENMASK(6, 5), x)
  151. #define SE_AES_VCTRAM_SEL_MEMORY SE_AES_CRYPTO_CFG_VCTRAM_SEL(0)
  152. #define SE_AES_VCTRAM_SEL_TWEAK SE_AES_CRYPTO_CFG_VCTRAM_SEL(1)
  153. #define SE_AES_VCTRAM_SEL_AESOUT SE_AES_CRYPTO_CFG_VCTRAM_SEL(2)
  154. #define SE_AES_VCTRAM_SEL_PREV_MEM SE_AES_CRYPTO_CFG_VCTRAM_SEL(3)
  155. #define SE_AES_CRYPTO_CFG_INPUT_SEL(x) FIELD_PREP(GENMASK(4, 3), x)
  156. #define SE_AES_INPUT_SEL_MEMORY SE_AES_CRYPTO_CFG_INPUT_SEL(0)
  157. #define SE_AES_INPUT_SEL_RANDOM SE_AES_CRYPTO_CFG_INPUT_SEL(1)
  158. #define SE_AES_INPUT_SEL_AESOUT SE_AES_CRYPTO_CFG_INPUT_SEL(2)
  159. #define SE_AES_INPUT_SEL_LINEAR_CTR SE_AES_CRYPTO_CFG_INPUT_SEL(3)
  160. #define SE_AES_INPUT_SEL_REG SE_AES_CRYPTO_CFG_INPUT_SEL(1)
  161. #define SE_AES_CRYPTO_CFG_XOR_POS(x) FIELD_PREP(GENMASK(2, 1), x)
  162. #define SE_AES_XOR_POS_BYPASS SE_AES_CRYPTO_CFG_XOR_POS(0)
  163. #define SE_AES_XOR_POS_BOTH SE_AES_CRYPTO_CFG_XOR_POS(1)
  164. #define SE_AES_XOR_POS_TOP SE_AES_CRYPTO_CFG_XOR_POS(2)
  165. #define SE_AES_XOR_POS_BOTTOM SE_AES_CRYPTO_CFG_XOR_POS(3)
  166. #define SE_AES_CRYPTO_CFG_HASH_EN(x) FIELD_PREP(BIT(0), x)
  167. #define SE_AES_HASH_DISABLE SE_AES_CRYPTO_CFG_HASH_EN(0)
  168. #define SE_AES_HASH_ENABLE SE_AES_CRYPTO_CFG_HASH_EN(1)
  169. #define SE_LAST_BLOCK_VAL(x) FIELD_PREP(GENMASK(19, 0), x)
  170. #define SE_LAST_BLOCK_RES_BITS(x) FIELD_PREP(GENMASK(26, 20), x)
  171. #define SE_AES_OP_LASTBUF FIELD_PREP(BIT(16), 1)
  172. #define SE_AES_OP_WRSTALL FIELD_PREP(BIT(15), 1)
  173. #define SE_AES_OP_FINAL FIELD_PREP(BIT(5), 1)
  174. #define SE_AES_OP_INIT FIELD_PREP(BIT(4), 1)
  175. #define SE_AES_OP_OP(x) FIELD_PREP(GENMASK(2, 0), x)
  176. #define SE_AES_OP_START SE_AES_OP_OP(1)
  177. #define SE_AES_OP_RESTART_OUT SE_AES_OP_OP(2)
  178. #define SE_AES_OP_RESTART_IN SE_AES_OP_OP(4)
  179. #define SE_AES_OP_RESTART_INOUT SE_AES_OP_OP(5)
  180. #define SE_AES_OP_DUMMY SE_AES_OP_OP(6)
  181. #define SE_KAC_SIZE(x) FIELD_PREP(GENMASK(15, 14), x)
  182. #define SE_KAC_SIZE_128 SE_KAC_SIZE(0)
  183. #define SE_KAC_SIZE_192 SE_KAC_SIZE(1)
  184. #define SE_KAC_SIZE_256 SE_KAC_SIZE(2)
  185. #define SE_KAC_EXPORTABLE FIELD_PREP(BIT(12), 1)
  186. #define SE_KAC_PURPOSE(x) FIELD_PREP(GENMASK(11, 8), x)
  187. #define SE_KAC_ENC SE_KAC_PURPOSE(0)
  188. #define SE_KAC_CMAC SE_KAC_PURPOSE(1)
  189. #define SE_KAC_HMAC SE_KAC_PURPOSE(2)
  190. #define SE_KAC_GCM_KW SE_KAC_PURPOSE(3)
  191. #define SE_KAC_HMAC_KDK SE_KAC_PURPOSE(6)
  192. #define SE_KAC_HMAC_KDD SE_KAC_PURPOSE(7)
  193. #define SE_KAC_HMAC_KDD_KUW SE_KAC_PURPOSE(8)
  194. #define SE_KAC_XTS SE_KAC_PURPOSE(9)
  195. #define SE_KAC_GCM SE_KAC_PURPOSE(10)
  196. #define SE_KAC_USER_NS FIELD_PREP(GENMASK(6, 4), 3)
  197. #define SE_AES_KEY_DST_INDEX(x) FIELD_PREP(GENMASK(11, 8), x)
  198. #define SE_ADDR_HI_MSB(x) FIELD_PREP(GENMASK(31, 24), x)
  199. #define SE_ADDR_HI_SZ(x) FIELD_PREP(GENMASK(23, 0), x)
  200. #define SE_CFG_AES_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \
  201. SE_AES_DEC_ALG_NOP | \
  202. SE_AES_DST_MEMORY)
  203. #define SE_CFG_AES_DECRYPT (SE_AES_ENC_ALG_NOP | \
  204. SE_AES_DEC_ALG_AES_DEC | \
  205. SE_AES_DST_MEMORY)
  206. #define SE_CFG_GMAC_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \
  207. SE_AES_DEC_ALG_NOP | \
  208. SE_AES_ENC_MODE_GMAC | \
  209. SE_AES_DST_MEMORY)
  210. #define SE_CFG_GMAC_DECRYPT (SE_AES_ENC_ALG_NOP | \
  211. SE_AES_DEC_ALG_AES_DEC | \
  212. SE_AES_DEC_MODE_GMAC | \
  213. SE_AES_DST_MEMORY)
  214. #define SE_CFG_GCM_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \
  215. SE_AES_DEC_ALG_NOP | \
  216. SE_AES_ENC_MODE_GCM | \
  217. SE_AES_DST_MEMORY)
  218. #define SE_CFG_GCM_DECRYPT (SE_AES_ENC_ALG_NOP | \
  219. SE_AES_DEC_ALG_AES_DEC | \
  220. SE_AES_DEC_MODE_GCM | \
  221. SE_AES_DST_MEMORY)
  222. #define SE_CFG_GCM_FINAL_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \
  223. SE_AES_DEC_ALG_NOP | \
  224. SE_AES_ENC_MODE_GCM_FINAL | \
  225. SE_AES_DST_MEMORY)
  226. #define SE_CFG_GCM_FINAL_DECRYPT (SE_AES_ENC_ALG_NOP | \
  227. SE_AES_DEC_ALG_AES_DEC | \
  228. SE_AES_DEC_MODE_GCM_FINAL | \
  229. SE_AES_DST_MEMORY)
  230. #define SE_CFG_CMAC (SE_AES_ENC_ALG_AES_ENC | \
  231. SE_AES_ENC_MODE_CMAC | \
  232. SE_AES_DST_HASH_REG)
  233. #define SE_CFG_CBC_MAC (SE_AES_ENC_ALG_AES_ENC | \
  234. SE_AES_ENC_MODE_CBC_MAC)
  235. #define SE_CFG_INS (SE_AES_ENC_ALG_INS | \
  236. SE_AES_DEC_ALG_NOP)
  237. #define SE_CRYPTO_CFG_ECB_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \
  238. SE_AES_XOR_POS_BYPASS | \
  239. SE_AES_CORE_SEL_ENCRYPT)
  240. #define SE_CRYPTO_CFG_ECB_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \
  241. SE_AES_XOR_POS_BYPASS | \
  242. SE_AES_CORE_SEL_DECRYPT)
  243. #define SE_CRYPTO_CFG_CBC_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \
  244. SE_AES_VCTRAM_SEL_AESOUT | \
  245. SE_AES_XOR_POS_TOP | \
  246. SE_AES_CORE_SEL_ENCRYPT | \
  247. SE_AES_IV_SEL_REG)
  248. #define SE_CRYPTO_CFG_CBC_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \
  249. SE_AES_VCTRAM_SEL_PREV_MEM | \
  250. SE_AES_XOR_POS_BOTTOM | \
  251. SE_AES_CORE_SEL_DECRYPT | \
  252. SE_AES_IV_SEL_REG)
  253. #define SE_CRYPTO_CFG_CTR (SE_AES_INPUT_SEL_LINEAR_CTR | \
  254. SE_AES_VCTRAM_SEL_MEMORY | \
  255. SE_AES_XOR_POS_BOTTOM | \
  256. SE_AES_CORE_SEL_ENCRYPT | \
  257. SE_AES_CRYPTO_CFG_CTR_CNTN(1) | \
  258. SE_AES_IV_SEL_REG)
  259. #define SE_CRYPTO_CFG_XTS_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \
  260. SE_AES_VCTRAM_SEL_TWEAK | \
  261. SE_AES_XOR_POS_BOTH | \
  262. SE_AES_CORE_SEL_ENCRYPT | \
  263. SE_AES_IV_SEL_REG)
  264. #define SE_CRYPTO_CFG_XTS_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \
  265. SE_AES_VCTRAM_SEL_TWEAK | \
  266. SE_AES_XOR_POS_BOTH | \
  267. SE_AES_CORE_SEL_DECRYPT | \
  268. SE_AES_IV_SEL_REG)
  269. #define SE_CRYPTO_CFG_XTS_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \
  270. SE_AES_VCTRAM_SEL_TWEAK | \
  271. SE_AES_XOR_POS_BOTH | \
  272. SE_AES_CORE_SEL_DECRYPT | \
  273. SE_AES_IV_SEL_REG)
  274. #define SE_CRYPTO_CFG_CBC_MAC (SE_AES_INPUT_SEL_MEMORY | \
  275. SE_AES_VCTRAM_SEL_AESOUT | \
  276. SE_AES_XOR_POS_TOP | \
  277. SE_AES_CORE_SEL_ENCRYPT | \
  278. SE_AES_HASH_ENABLE | \
  279. SE_AES_IV_SEL_REG)
  280. #define HASH_RESULT_REG_COUNT 50
  281. #define CMAC_RESULT_REG_COUNT 4
  282. #define SE_CRYPTO_CTR_REG_COUNT 4
  283. #define SE_MAX_KEYSLOT 15
  284. #define SE_MAX_MEM_ALLOC SZ_4M
  285. #define TEGRA_AES_RESERVED_KSLT 14
  286. #define TEGRA_XTS_RESERVED_KSLT 15
  287. #define SHA_FIRST BIT(0)
  288. #define SHA_INIT BIT(1)
  289. #define SHA_UPDATE BIT(2)
  290. #define SHA_FINAL BIT(3)
  291. /* Security Engine operation modes */
  292. enum se_aes_alg {
  293. SE_ALG_CBC, /* Cipher Block Chaining (CBC) mode */
  294. SE_ALG_ECB, /* Electronic Codebook (ECB) mode */
  295. SE_ALG_CTR, /* Counter (CTR) mode */
  296. SE_ALG_XTS, /* XTS mode */
  297. SE_ALG_GMAC, /* GMAC mode */
  298. SE_ALG_GCM, /* GCM mode */
  299. SE_ALG_GCM_FINAL, /* GCM FINAL mode */
  300. SE_ALG_CMAC, /* Cipher-based MAC (CMAC) mode */
  301. SE_ALG_CBC_MAC, /* CBC MAC mode */
  302. };
  303. enum se_hash_alg {
  304. SE_ALG_RNG_DRBG, /* Deterministic Random Bit Generator */
  305. SE_ALG_SHA1, /* Secure Hash Algorithm-1 (SHA1) mode */
  306. SE_ALG_SHA224, /* Secure Hash Algorithm-224 (SHA224) mode */
  307. SE_ALG_SHA256, /* Secure Hash Algorithm-256 (SHA256) mode */
  308. SE_ALG_SHA384, /* Secure Hash Algorithm-384 (SHA384) mode */
  309. SE_ALG_SHA512, /* Secure Hash Algorithm-512 (SHA512) mode */
  310. SE_ALG_SHA3_224, /* Secure Hash Algorithm3-224 (SHA3-224) mode */
  311. SE_ALG_SHA3_256, /* Secure Hash Algorithm3-256 (SHA3-256) mode */
  312. SE_ALG_SHA3_384, /* Secure Hash Algorithm3-384 (SHA3-384) mode */
  313. SE_ALG_SHA3_512, /* Secure Hash Algorithm3-512 (SHA3-512) mode */
  314. SE_ALG_SHAKE128, /* Secure Hash Algorithm3 (SHAKE128) mode */
  315. SE_ALG_SHAKE256, /* Secure Hash Algorithm3 (SHAKE256) mode */
  316. SE_ALG_HMAC_SHA224, /* Hash based MAC (HMAC) - 224 */
  317. SE_ALG_HMAC_SHA256, /* Hash based MAC (HMAC) - 256 */
  318. SE_ALG_HMAC_SHA384, /* Hash based MAC (HMAC) - 384 */
  319. SE_ALG_HMAC_SHA512, /* Hash based MAC (HMAC) - 512 */
  320. };
  321. struct tegra_se_alg {
  322. struct tegra_se *se_dev;
  323. const char *alg_base;
  324. union {
  325. struct skcipher_engine_alg skcipher;
  326. struct aead_engine_alg aead;
  327. struct ahash_engine_alg ahash;
  328. } alg;
  329. };
  330. struct tegra_se_regs {
  331. u32 op;
  332. u32 config;
  333. u32 last_blk;
  334. u32 linear_ctr;
  335. u32 out_addr;
  336. u32 aad_len;
  337. u32 cryp_msg_len;
  338. u32 manifest;
  339. u32 key_addr;
  340. u32 key_data;
  341. u32 key_dst;
  342. u32 result;
  343. };
  344. struct tegra_se_hw {
  345. const struct tegra_se_regs *regs;
  346. int (*init_alg)(struct tegra_se *se);
  347. void (*deinit_alg)(struct tegra_se *se);
  348. bool support_sm_alg;
  349. u32 host1x_class;
  350. u32 kac_ver;
  351. };
  352. struct tegra_se {
  353. int (*manifest)(u32 user, u32 alg, u32 keylen);
  354. const struct tegra_se_hw *hw;
  355. struct host1x_client client;
  356. struct host1x_channel *channel;
  357. struct tegra_se_cmdbuf *cmdbuf;
  358. struct tegra_se_cmdbuf *keybuf;
  359. struct crypto_engine *engine;
  360. struct host1x_syncpt *syncpt;
  361. struct device *dev;
  362. struct clk *clk;
  363. unsigned int opcode_addr;
  364. unsigned int stream_id;
  365. unsigned int syncpt_id;
  366. void __iomem *base;
  367. u32 owner;
  368. };
  369. struct tegra_se_cmdbuf {
  370. dma_addr_t iova;
  371. u32 *addr;
  372. struct device *dev;
  373. struct kref ref;
  374. struct host1x_bo bo;
  375. ssize_t size;
  376. u32 words;
  377. };
  378. struct tegra_se_datbuf {
  379. u8 *buf;
  380. dma_addr_t addr;
  381. ssize_t size;
  382. };
  383. static inline int se_algname_to_algid(const char *name)
  384. {
  385. if (!strcmp(name, "cbc(aes)"))
  386. return SE_ALG_CBC;
  387. else if (!strcmp(name, "ecb(aes)"))
  388. return SE_ALG_ECB;
  389. else if (!strcmp(name, "ctr(aes)"))
  390. return SE_ALG_CTR;
  391. else if (!strcmp(name, "xts(aes)"))
  392. return SE_ALG_XTS;
  393. else if (!strcmp(name, "cmac(aes)"))
  394. return SE_ALG_CMAC;
  395. else if (!strcmp(name, "gcm(aes)"))
  396. return SE_ALG_GCM;
  397. else if (!strcmp(name, "ccm(aes)"))
  398. return SE_ALG_CBC_MAC;
  399. else if (!strcmp(name, "sha1"))
  400. return SE_ALG_SHA1;
  401. else if (!strcmp(name, "sha224"))
  402. return SE_ALG_SHA224;
  403. else if (!strcmp(name, "sha256"))
  404. return SE_ALG_SHA256;
  405. else if (!strcmp(name, "sha384"))
  406. return SE_ALG_SHA384;
  407. else if (!strcmp(name, "sha512"))
  408. return SE_ALG_SHA512;
  409. else if (!strcmp(name, "sha3-224"))
  410. return SE_ALG_SHA3_224;
  411. else if (!strcmp(name, "sha3-256"))
  412. return SE_ALG_SHA3_256;
  413. else if (!strcmp(name, "sha3-384"))
  414. return SE_ALG_SHA3_384;
  415. else if (!strcmp(name, "sha3-512"))
  416. return SE_ALG_SHA3_512;
  417. else if (!strcmp(name, "hmac(sha224)"))
  418. return SE_ALG_HMAC_SHA224;
  419. else if (!strcmp(name, "hmac(sha256)"))
  420. return SE_ALG_HMAC_SHA256;
  421. else if (!strcmp(name, "hmac(sha384)"))
  422. return SE_ALG_HMAC_SHA384;
  423. else if (!strcmp(name, "hmac(sha512)"))
  424. return SE_ALG_HMAC_SHA512;
  425. else
  426. return -EINVAL;
  427. }
  428. /* Functions */
  429. int tegra_init_aes(struct tegra_se *se);
  430. int tegra_init_hash(struct tegra_se *se);
  431. void tegra_deinit_aes(struct tegra_se *se);
  432. void tegra_deinit_hash(struct tegra_se *se);
  433. int tegra_key_submit(struct tegra_se *se, const u8 *key,
  434. u32 keylen, u32 alg, u32 *keyid);
  435. int tegra_key_submit_reserved(struct tegra_se *se, const u8 *key,
  436. u32 keylen, u32 alg, u32 *keyid);
  437. void tegra_key_invalidate(struct tegra_se *se, u32 keyid, u32 alg);
  438. void tegra_key_invalidate_reserved(struct tegra_se *se, u32 keyid, u32 alg);
  439. int tegra_se_host1x_submit(struct tegra_se *se, struct tegra_se_cmdbuf *cmdbuf, u32 size);
  440. static inline int tegra_key_submit_reserved_aes(struct tegra_se *se, const u8 *key,
  441. u32 keylen, u32 alg, u32 *keyid)
  442. {
  443. *keyid = TEGRA_AES_RESERVED_KSLT;
  444. return tegra_key_submit_reserved(se, key, keylen, alg, keyid);
  445. }
  446. static inline int tegra_key_submit_reserved_xts(struct tegra_se *se, const u8 *key,
  447. u32 keylen, u32 alg, u32 *keyid)
  448. {
  449. *keyid = TEGRA_XTS_RESERVED_KSLT;
  450. return tegra_key_submit_reserved(se, key, keylen, alg, keyid);
  451. }
  452. static inline bool tegra_key_is_reserved(u32 keyid)
  453. {
  454. return ((keyid == TEGRA_AES_RESERVED_KSLT) ||
  455. (keyid == TEGRA_XTS_RESERVED_KSLT));
  456. }
  457. /* HOST1x OPCODES */
  458. static inline u32 host1x_opcode_setpayload(unsigned int payload)
  459. {
  460. return (9 << 28) | payload;
  461. }
  462. static inline u32 host1x_opcode_incr_w(unsigned int offset)
  463. {
  464. /* 22-bit offset supported */
  465. return (10 << 28) | offset;
  466. }
  467. static inline u32 host1x_opcode_nonincr_w(unsigned int offset)
  468. {
  469. /* 22-bit offset supported */
  470. return (11 << 28) | offset;
  471. }
  472. static inline u32 host1x_opcode_incr(unsigned int offset, unsigned int count)
  473. {
  474. return (1 << 28) | (offset << 16) | count;
  475. }
  476. static inline u32 host1x_opcode_nonincr(unsigned int offset, unsigned int count)
  477. {
  478. return (2 << 28) | (offset << 16) | count;
  479. }
  480. static inline u32 host1x_uclass_incr_syncpt_cond_f(u32 v)
  481. {
  482. return (v & 0xff) << 10;
  483. }
  484. static inline u32 host1x_uclass_incr_syncpt_indx_f(u32 v)
  485. {
  486. return (v & 0x3ff) << 0;
  487. }
  488. static inline u32 host1x_uclass_wait_syncpt_r(void)
  489. {
  490. return 0x8;
  491. }
  492. static inline u32 host1x_uclass_incr_syncpt_r(void)
  493. {
  494. return 0x0;
  495. }
  496. #define se_host1x_opcode_incr_w(x) host1x_opcode_incr_w((x) / 4)
  497. #define se_host1x_opcode_nonincr_w(x) host1x_opcode_nonincr_w((x) / 4)
  498. #define se_host1x_opcode_incr(x, y) host1x_opcode_incr((x) / 4, y)
  499. #define se_host1x_opcode_nonincr(x, y) host1x_opcode_nonincr((x) / 4, y)
  500. #endif /*_TEGRA_SE_H*/