lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200123110413.23064-1-pankaj.gupta@nxp.com>
Date:   Thu, 23 Jan 2020 11:22:17 +0000
From:   Pankaj Gupta <pankaj.gupta@....com>
To:     Horia Geanta <horia.geanta@....com>,
        Aymen Sghaier <aymen.sghaier@....com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     Pankaj Gupta <pankaj.gupta@....com>,
        Arun Pathak <arun.pathak@....com>
Subject: [PATCH] add support for TLS1.2 algorithms offload

        - aes-128-cbc-hmac-sha256
        - aes-256-cbc-hmac-sha256

Enabled the support of TLS1.1 algorithms offload

        - aes-128-cbc-hmac-sha1
        - aes-256-cbc-hmac-sha1

Signed-off-by: Arun Pathak <arun.pathak@....com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@....com>
---
 drivers/crypto/caam/caamalg_desc.c | 47 ++++++++++++++++++++++++++++--
 drivers/crypto/caam/caamalg_desc.h |  5 ++++
 drivers/crypto/caam/caamalg_qi.c   | 33 +++++++++++++++++++--
 drivers/crypto/caam/caamalg_qi2.c  | 34 +++++++++++++++++++--
 4 files changed, 112 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c
index 0fea15eabf6e..ee9ed9d90530 100644
--- a/drivers/crypto/caam/caamalg_desc.c
+++ b/drivers/crypto/caam/caamalg_desc.c
@@ -643,6 +643,9 @@ void cnstr_shdsc_tls_encap(u32 * const desc, struct alginfo *cdata,
 			   unsigned int blocksize, int era)
 {
 	u32 *key_jump_cmd, *zero_payload_jump_cmd;
+#if TLS1_1_SUPPORT
+	u32 *tls10_jump_cmd, *xplicit_iv_jump_cmd;
+#endif
 	u32 genpad, idx_ld_datasz, idx_ld_pad, stidx;
 
 	/*
@@ -697,15 +700,42 @@ void cnstr_shdsc_tls_encap(u32 * const desc, struct alginfo *cdata,
 	append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL |
 			 OP_ALG_ENCRYPT);
 
+#ifdef TLS1_1_SUPPORT
+	/* skip data to the TLS version field in the Assoclen
+	 * IV + 9 bytes of assoclen = 25
+	 */
+	append_seq_fifo_load(desc, 0, FIFOLD_CLASS_SKIP | 25);
+
+	append_cmd(desc, CMD_SEQ_LOAD | LDST_CLASS_DECO |
+		   LDST_SRCDST_WORD_DECO_MATH3 | (6 << LDST_OFFSET_SHIFT) | 2);
+	append_jump(desc, JUMP_TEST_ALL | JUMP_COND_CALM | 1);
+
+	/* rewind input sequence */
+	append_seq_in_ptr(desc, 0, 27, SQIN_RTO);
+#endif
+
+#ifdef TLS1_1_SUPPORT
+	append_math_and_imm_u64(desc, REG1, REG3, IMM, 0xFCFE);
+	xplicit_iv_jump_cmd = append_jump(desc, JUMP_TEST_ALL |
+					    JUMP_COND_MATH_Z);
+	append_math_add_imm_u32(desc, REG2, ZERO, IMM, ivsize);
+	set_jump_tgt_here(desc, xplicit_iv_jump_cmd);
+#endif
+
 	/* payloadlen = input data length - (assoclen + ivlen) */
 	append_math_sub_imm_u32(desc, REG0, SEQINLEN, IMM, assoclen + ivsize);
-
+#ifdef TLS1_1_SUPPORT
+	append_math_sub(desc, REG0, REG0, REG2, 4);
+#endif
 	/* math1 = payloadlen + icvlen */
 	append_math_add_imm_u32(desc, REG1, REG0, IMM, authsize);
+#ifdef TLS1_1_SUPPORT
+	append_math_add(desc, REG1, REG1, REG2, 4);
+#endif
 
 	/* padlen = block_size - math1 % block_size */
-	append_math_and_imm_u32(desc, REG3, REG1, IMM, blocksize - 1);
-	append_math_sub_imm_u32(desc, REG2, IMM, REG3, blocksize);
+	append_math_and_imm_u32(desc, REG2, REG1, IMM, blocksize - 1);
+	append_math_sub_imm_u32(desc, REG2, IMM, REG2, blocksize);
 
 	/* cryptlen = payloadlen + icvlen + padlen */
 	append_math_add(desc, VARSEQOUTLEN, REG1, REG2, 4);
@@ -740,6 +770,17 @@ void cnstr_shdsc_tls_encap(u32 * const desc, struct alginfo *cdata,
 	/* read assoc for authentication */
 	append_seq_fifo_load(desc, assoclen, FIFOLD_CLASS_CLASS2 |
 			     FIFOLD_TYPE_MSG);
+#ifdef TLS1_1_SUPPORT
+	append_math_and_imm_u64(desc, REG2, REG3, IMM, 0xFCFE);
+	tls10_jump_cmd = append_jump(desc, JUMP_TEST_ALL |
+					    JUMP_COND_MATH_Z);
+
+	/* read xplicit iv in case of >TL10 */
+	append_seq_fifo_load(desc, ivsize, FIFOLD_CLASS_CLASS1 |
+				     FIFOLD_TYPE_MSG);
+
+	set_jump_tgt_here(desc, tls10_jump_cmd);
+#endif
 	/* insnoop payload */
 	append_seq_fifo_load(desc, 0, FIFOLD_CLASS_BOTH | FIFOLD_TYPE_MSG |
 			     FIFOLD_TYPE_LAST2 | FIFOLDST_VLF);
diff --git a/drivers/crypto/caam/caamalg_desc.h b/drivers/crypto/caam/caamalg_desc.h
index 99f0d1471d9c..7b4bfd2d7b96 100644
--- a/drivers/crypto/caam/caamalg_desc.h
+++ b/drivers/crypto/caam/caamalg_desc.h
@@ -16,9 +16,14 @@
 #define DESC_QI_AEAD_ENC_LEN		(DESC_AEAD_ENC_LEN + 3 * CAAM_CMD_SZ)
 #define DESC_QI_AEAD_DEC_LEN		(DESC_AEAD_DEC_LEN + 3 * CAAM_CMD_SZ)
 #define DESC_QI_AEAD_GIVENC_LEN		(DESC_AEAD_GIVENC_LEN + 3 * CAAM_CMD_SZ)
+#define TLS1_1_SUPPORT			1
 
 #define DESC_TLS_BASE			(4 * CAAM_CMD_SZ)
+#ifdef TLS1_1_SUPPORT
+#define DESC_TLS10_ENC_LEN		(DESC_TLS_BASE + 45  * CAAM_CMD_SZ)
+#else
 #define DESC_TLS10_ENC_LEN		(DESC_TLS_BASE + 29 * CAAM_CMD_SZ)
+#endif
 
 /* Note: Nonce is counted in cdata.keylen */
 #define DESC_AEAD_CTR_RFC3686_LEN	(4 * CAAM_CMD_SZ)
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index fceeef155863..29a354ee960e 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -296,8 +296,10 @@ static int tls_set_sh_desc(struct crypto_aead *tls)
 	unsigned int ivsize = crypto_aead_ivsize(tls);
 	unsigned int blocksize = crypto_aead_blocksize(tls);
 	unsigned int assoclen = 13; /* always 13 bytes for TLS */
+#ifndef TLS1_1_SUPPORT
 	unsigned int data_len[2];
 	u32 inl_mask;
+#endif
 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctx->jrdev->parent);
 
 	if (!ctx->cdata.keylen || !ctx->authsize)
@@ -308,6 +310,7 @@ static int tls_set_sh_desc(struct crypto_aead *tls)
 	 * Job Descriptor and Shared Descriptor
 	 * must fit into the 64-word Descriptor h/w Buffer
 	 */
+#ifndef TLS1_1_SUPPORT
 	data_len[0] = ctx->adata.keylen_pad;
 	data_len[1] = ctx->cdata.keylen;
 
@@ -327,6 +330,12 @@ static int tls_set_sh_desc(struct crypto_aead *tls)
 
 	ctx->adata.key_inline = !!(inl_mask & 1);
 	ctx->cdata.key_inline = !!(inl_mask & 2);
+#else
+	ctx->adata.key_dma = ctx->key_dma;
+	ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
+	ctx->adata.key_inline = false;
+	ctx->cdata.key_inline = false;
+#endif
 
 	cnstr_shdsc_tls_encap(ctx->sh_desc_enc, &ctx->cdata, &ctx->adata,
 			      assoclen, ivsize, ctx->authsize, blocksize,
@@ -2847,8 +2856,8 @@ static struct caam_aead_alg driver_aeads[] = {
 	{
 		.aead = {
 			.base = {
-				.cra_name = "tls10(hmac(sha1),cbc(aes))",
-				.cra_driver_name = "tls10-hmac-sha1-cbc-aes-caam-qi",
+				.cra_name = "tls11(hmac(sha1),cbc(aes))",
+				.cra_driver_name = "tls11-hmac-sha1-cbc-aes-caam-qi",
 				.cra_blocksize = AES_BLOCK_SIZE,
 			},
 			.setkey = tls_setkey,
@@ -2862,6 +2871,26 @@ static struct caam_aead_alg driver_aeads[] = {
 			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
 			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
 					   OP_ALG_AAI_HMAC_PRECOMP,
+		},
+	},
+	{
+		.aead = {
+			.base = {
+				.cra_name = "tls12(hmac(sha256),cbc(aes))",
+				.cra_driver_name = "tls12-hmac-sha256-cbc-aes-caam-qi",
+				.cra_blocksize = AES_BLOCK_SIZE,
+			},
+			.setkey = tls_setkey,
+			.setauthsize = tls_setauthsize,
+			.encrypt = tls_encrypt,
+			.decrypt = tls_decrypt,
+			.ivsize = AES_BLOCK_SIZE,
+			.maxauthsize = SHA256_DIGEST_SIZE,
+		},
+		.caam = {
+			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
+			.class2_alg_type = OP_ALG_ALGSEL_SHA256 |
+					   OP_ALG_AAI_HMAC_PRECOMP,
 		}
 	}
 };
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 5fd86bac5cf6..46e1bbe14ecf 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -773,8 +773,10 @@ static int tls_set_sh_desc(struct crypto_aead *tls)
 	struct caam_flc *flc;
 	u32 *desc;
 	unsigned int assoclen = 13; /* always 13 bytes for TLS */
+#ifndef TLS1_1_SUPPORT
 	unsigned int data_len[2];
 	u32 inl_mask;
+#endif
 
 	if (!ctx->cdata.keylen || !ctx->authsize)
 		return 0;
@@ -784,6 +786,7 @@ static int tls_set_sh_desc(struct crypto_aead *tls)
 	 * Job Descriptor and Shared Descriptor
 	 * must fit into the 64-word Descriptor h/w Buffer
 	 */
+#ifndef TLS1_1_SUPPORT
 	data_len[0] = ctx->adata.keylen_pad;
 	data_len[1] = ctx->cdata.keylen;
 
@@ -803,6 +806,13 @@ static int tls_set_sh_desc(struct crypto_aead *tls)
 
 	ctx->adata.key_inline = !!(inl_mask & 1);
 	ctx->cdata.key_inline = !!(inl_mask & 2);
+#else
+	ctx->adata.key_dma = ctx->key_dma;
+	ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
+	ctx->adata.key_inline = false;
+	ctx->cdata.key_inline = false;
+#endif
+
 
 	flc = &ctx->flc[ENCRYPT];
 	desc = flc->sh_desc;
@@ -3362,8 +3372,8 @@ static struct caam_aead_alg driver_aeads[] = {
 	{
 		.aead = {
 			.base = {
-				.cra_name = "tls10(hmac(sha1),cbc(aes))",
-				.cra_driver_name = "tls10-hmac-sha1-cbc-aes-caam-qi2",
+				.cra_name = "tls11(hmac(sha1),cbc(aes))",
+				.cra_driver_name = "tls11-hmac-sha1-cbc-aes-caam-qi2",
 				.cra_blocksize = AES_BLOCK_SIZE,
 			},
 			.setkey = tls_setkey,
@@ -3379,6 +3389,26 @@ static struct caam_aead_alg driver_aeads[] = {
 					   OP_ALG_AAI_HMAC_PRECOMP,
 		},
 	},
+	{
+		.aead = {
+			.base = {
+				.cra_name = "tls12(hmac(sha256),cbc(aes))",
+				.cra_driver_name = "tls12-hmac-sha256-cbc-aes-caam-qi2",
+				.cra_blocksize = AES_BLOCK_SIZE,
+			},
+			.setkey = tls_setkey,
+			.setauthsize = tls_setauthsize,
+			.encrypt = tls_encrypt,
+			.decrypt = tls_decrypt,
+			.ivsize = AES_BLOCK_SIZE,
+			.maxauthsize = SHA256_DIGEST_SIZE,
+		},
+		.caam = {
+			.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
+			.class2_alg_type = OP_ALG_ALGSEL_SHA1 |
+					   OP_ALG_AAI_HMAC_PRECOMP,
+		},
+	},
 };
 
 static void caam_skcipher_alg_init(struct caam_skcipher_alg *t_alg)
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ