1 // SPDX-License-Identifier: (GPL-2.0 OR MIT)
3  * Driver for Microsemi VSC85xx PHYs - MACsec support
11 #include <dt-bindings/net/mscc-phy-vsc8531.h>
37 		/* non-MACsec access */  in vsc8584_macsec_phy_read()
321 	struct vsc8531_private *priv = phydev->priv;  in __vsc8584_macsec_init()
358 	proc_bank = (priv->addr < 2) ? PROC_0 : PROC_2;  in __vsc8584_macsec_init()
371 				struct macsec_flow *flow)  in vsc8584_macsec_flow()  argument
373 	struct vsc8531_private *priv = phydev->priv;  in vsc8584_macsec_flow()
374 	enum macsec_bank bank = flow->bank;  in vsc8584_macsec_flow()
375 	u32 val, match = 0, mask = 0, action = 0, idx = flow->index;  in vsc8584_macsec_flow()
377 	if (flow->match.tagged)  in vsc8584_macsec_flow()
379 	if (flow->match.untagged)  in vsc8584_macsec_flow()
382 	if (bank == MACSEC_INGR && flow->assoc_num >= 0) {  in vsc8584_macsec_flow()
383 		match |= MSCC_MS_SAM_MISC_MATCH_AN(flow->assoc_num);  in vsc8584_macsec_flow()
387 	if (bank == MACSEC_INGR && flow->match.sci && flow->rx_sa->sc->sci) {  in vsc8584_macsec_flow()
388 		u64 sci = (__force u64)flow->rx_sa->sc->sci;  in vsc8584_macsec_flow()
400 	if (flow->match.etype) {  in vsc8584_macsec_flow()
404 					 MSCC_MS_SAM_MAC_SA_MATCH_HI_ETYPE((__force u32)htons(flow->etype)));  in vsc8584_macsec_flow()
407 	match |= MSCC_MS_SAM_MISC_MATCH_PRIORITY(flow->priority);  in vsc8584_macsec_flow()
413 	if (flow->action.drop)  in vsc8584_macsec_flow()
415 	else if (flow->action.bypass || flow->port == MSCC_MS_PORT_UNCONTROLLED)  in vsc8584_macsec_flow()
423 	      MSCC_MS_SAM_FLOW_CTRL_DEST_PORT(flow->port);  in vsc8584_macsec_flow()
429 		if (priv->secy->replay_protect)  in vsc8584_macsec_flow()
431 		if (priv->secy->validate_frames == MACSEC_VALIDATE_STRICT)  in vsc8584_macsec_flow()
433 		else if (priv->secy->validate_frames == MACSEC_VALIDATE_CHECK)  in vsc8584_macsec_flow()
436 		if (priv->secy->protect_frames)  in vsc8584_macsec_flow()
438 		if (priv->secy->tx_sc.encrypt)  in vsc8584_macsec_flow()
440 		if (priv->secy->tx_sc.send_sci)  in vsc8584_macsec_flow()
451 	struct vsc8531_private *priv = ctx->phydev->priv;  in vsc8584_macsec_find_flow()
454 	list_for_each_entry_safe(pos, tmp, &priv->macsec_flows, list)  in vsc8584_macsec_find_flow()
455 		if (pos->assoc_num == ctx->sa.assoc_num && pos->bank == bank)  in vsc8584_macsec_find_flow()
458 	return ERR_PTR(-ENOENT);  in vsc8584_macsec_find_flow()
462 				       struct macsec_flow *flow)  in vsc8584_macsec_flow_enable()  argument
464 	enum macsec_bank bank = flow->bank;  in vsc8584_macsec_flow_enable()
465 	u32 val, idx = flow->index;  in vsc8584_macsec_flow_enable()
467 	if ((flow->bank == MACSEC_INGR && flow->rx_sa && !flow->rx_sa->active) ||  in vsc8584_macsec_flow_enable()
468 	    (flow->bank == MACSEC_EGR && flow->tx_sa && !flow->tx_sa->active))  in vsc8584_macsec_flow_enable()
474 	/* Set in-use */  in vsc8584_macsec_flow_enable()
481 					struct macsec_flow *flow)  in vsc8584_macsec_flow_disable()  argument
483 	enum macsec_bank bank = flow->bank;  in vsc8584_macsec_flow_disable()
484 	u32 val, idx = flow->index;  in vsc8584_macsec_flow_disable()
489 	/* Clear in-use */  in vsc8584_macsec_flow_disable()
495 static u32 vsc8584_macsec_flow_context_id(struct macsec_flow *flow)  in vsc8584_macsec_flow_context_id()  argument
497 	if (flow->bank == MACSEC_INGR)  in vsc8584_macsec_flow_context_id()
498 		return flow->index + MSCC_MS_MAX_FLOWS;  in vsc8584_macsec_flow_context_id()
500 	return flow->index;  in vsc8584_macsec_flow_context_id()
521 					 struct macsec_flow *flow)  in vsc8584_macsec_transformation()  argument
523 	struct vsc8531_private *priv = phydev->priv;  in vsc8584_macsec_transformation()
524 	enum macsec_bank bank = flow->bank;  in vsc8584_macsec_transformation()
525 	int i, ret, index = flow->index;  in vsc8584_macsec_transformation()
526 	u32 rec = 0, control = 0;  in vsc8584_macsec_transformation()  local
530 	ret = vsc8584_macsec_derive_key(flow->key, priv->secy->key_len, hkey);  in vsc8584_macsec_transformation()
534 	switch (priv->secy->key_len) {  in vsc8584_macsec_transformation()
536 		control |= CONTROL_CRYPTO_ALG(CTRYPTO_ALG_AES_CTR_128);  in vsc8584_macsec_transformation()
539 		control |= CONTROL_CRYPTO_ALG(CTRYPTO_ALG_AES_CTR_256);  in vsc8584_macsec_transformation()
542 		return -EINVAL;  in vsc8584_macsec_transformation()
545 	control |= (bank == MACSEC_EGR) ?  in vsc8584_macsec_transformation()
546 		   (CONTROL_TYPE_EGRESS | CONTROL_AN(priv->secy->tx_sc.encoding_sa)) :  in vsc8584_macsec_transformation()
549 	control |= CONTROL_UPDATE_SEQ | CONTROL_ENCRYPT_AUTH | CONTROL_KEY_IN_CTX |  in vsc8584_macsec_transformation()
554 	/* Set the control word */  in vsc8584_macsec_transformation()
556 				 control);  in vsc8584_macsec_transformation()
560 				 vsc8584_macsec_flow_context_id(flow));  in vsc8584_macsec_transformation()
563 	for (i = 0; i < priv->secy->key_len / sizeof(u32); i++)  in vsc8584_macsec_transformation()
566 					 ((u32 *)flow->key)[i]);  in vsc8584_macsec_transformation()
577 				 flow->rx_sa->next_pn : flow->tx_sa->next_pn);  in vsc8584_macsec_transformation()
583 					 priv->secy->replay_window);  in vsc8584_macsec_transformation()
586 	sci = (__force u64)(bank == MACSEC_INGR ? flow->rx_sa->sc->sci : priv->secy->sci);  in vsc8584_macsec_transformation()
596 	flow->has_transformation = true;  in vsc8584_macsec_transformation()
604 				&priv->ingr_flows : &priv->egr_flows;  in vsc8584_macsec_alloc_flow()
605 	struct macsec_flow *flow;  in vsc8584_macsec_alloc_flow()  local
611 		return ERR_PTR(-ENOMEM);  in vsc8584_macsec_alloc_flow()
613 	flow = kzalloc(sizeof(*flow), GFP_KERNEL);  in vsc8584_macsec_alloc_flow()
614 	if (!flow)  in vsc8584_macsec_alloc_flow()
615 		return ERR_PTR(-ENOMEM);  in vsc8584_macsec_alloc_flow()
618 	flow->index = index;  in vsc8584_macsec_alloc_flow()
619 	flow->bank = bank;  in vsc8584_macsec_alloc_flow()
620 	flow->priority = 8;  in vsc8584_macsec_alloc_flow()
621 	flow->assoc_num = -1;  in vsc8584_macsec_alloc_flow()
623 	list_add_tail(&flow->list, &priv->macsec_flows);  in vsc8584_macsec_alloc_flow()
624 	return flow;  in vsc8584_macsec_alloc_flow()
628 				     struct macsec_flow *flow)  in vsc8584_macsec_free_flow()  argument
630 	unsigned long *bitmap = flow->bank == MACSEC_INGR ?  in vsc8584_macsec_free_flow()
631 				&priv->ingr_flows : &priv->egr_flows;  in vsc8584_macsec_free_flow()
633 	list_del(&flow->list);  in vsc8584_macsec_free_flow()
634 	clear_bit(flow->index, bitmap);  in vsc8584_macsec_free_flow()
635 	kfree(flow);  in vsc8584_macsec_free_flow()
639 				   struct macsec_flow *flow, bool update)  in vsc8584_macsec_add_flow()  argument
643 	flow->port = MSCC_MS_PORT_CONTROLLED;  in vsc8584_macsec_add_flow()
644 	vsc8584_macsec_flow(phydev, flow);  in vsc8584_macsec_add_flow()
649 	ret = vsc8584_macsec_transformation(phydev, flow);  in vsc8584_macsec_add_flow()
651 		vsc8584_macsec_free_flow(phydev->priv, flow);  in vsc8584_macsec_add_flow()
660 	struct macsec_flow *flow;  in vsc8584_macsec_default_flows()  local
663 	flow = vsc8584_macsec_alloc_flow(phydev->priv, MACSEC_INGR);  in vsc8584_macsec_default_flows()
664 	if (IS_ERR(flow))  in vsc8584_macsec_default_flows()
665 		return PTR_ERR(flow);  in vsc8584_macsec_default_flows()
667 	flow->priority = 15;  in vsc8584_macsec_default_flows()
668 	flow->port = MSCC_MS_PORT_UNCONTROLLED;  in vsc8584_macsec_default_flows()
669 	flow->match.tagged = 1;  in vsc8584_macsec_default_flows()
670 	flow->match.untagged = 1;  in vsc8584_macsec_default_flows()
671 	flow->match.etype = 1;  in vsc8584_macsec_default_flows()
672 	flow->etype = ETH_P_PAE;  in vsc8584_macsec_default_flows()
673 	flow->action.bypass = 1;  in vsc8584_macsec_default_flows()
675 	vsc8584_macsec_flow(phydev, flow);  in vsc8584_macsec_default_flows()
676 	vsc8584_macsec_flow_enable(phydev, flow);  in vsc8584_macsec_default_flows()
679 	flow = vsc8584_macsec_alloc_flow(phydev->priv, MACSEC_EGR);  in vsc8584_macsec_default_flows()
680 	if (IS_ERR(flow))  in vsc8584_macsec_default_flows()
681 		return PTR_ERR(flow);  in vsc8584_macsec_default_flows()
683 	flow->priority = 15;  in vsc8584_macsec_default_flows()
684 	flow->port = MSCC_MS_PORT_COMMON;  in vsc8584_macsec_default_flows()
685 	flow->match.untagged = 1;  in vsc8584_macsec_default_flows()
686 	flow->match.etype = 1;  in vsc8584_macsec_default_flows()
687 	flow->etype = ETH_P_PAE;  in vsc8584_macsec_default_flows()
688 	flow->action.bypass = 1;  in vsc8584_macsec_default_flows()
690 	vsc8584_macsec_flow(phydev, flow);  in vsc8584_macsec_default_flows()
691 	vsc8584_macsec_flow_enable(phydev, flow);  in vsc8584_macsec_default_flows()
697 				    struct macsec_flow *flow)  in vsc8584_macsec_del_flow()  argument
699 	vsc8584_macsec_flow_disable(phydev, flow);  in vsc8584_macsec_del_flow()
700 	vsc8584_macsec_free_flow(phydev->priv, flow);  in vsc8584_macsec_del_flow()
704 				     struct macsec_flow *flow, bool update)  in __vsc8584_macsec_add_rxsa()  argument
706 	struct phy_device *phydev = ctx->phydev;  in __vsc8584_macsec_add_rxsa()
707 	struct vsc8531_private *priv = phydev->priv;  in __vsc8584_macsec_add_rxsa()
709 	if (!flow) {  in __vsc8584_macsec_add_rxsa()
710 		flow = vsc8584_macsec_alloc_flow(priv, MACSEC_INGR);  in __vsc8584_macsec_add_rxsa()
711 		if (IS_ERR(flow))  in __vsc8584_macsec_add_rxsa()
712 			return PTR_ERR(flow);  in __vsc8584_macsec_add_rxsa()
714 		memcpy(flow->key, ctx->sa.key, priv->secy->key_len);  in __vsc8584_macsec_add_rxsa()
717 	flow->assoc_num = ctx->sa.assoc_num;  in __vsc8584_macsec_add_rxsa()
718 	flow->rx_sa = ctx->sa.rx_sa;  in __vsc8584_macsec_add_rxsa()
721 	flow->match.tagged = 1;  in __vsc8584_macsec_add_rxsa()
722 	flow->match.sci = 1;  in __vsc8584_macsec_add_rxsa()
724 	if (priv->secy->validate_frames != MACSEC_VALIDATE_DISABLED)  in __vsc8584_macsec_add_rxsa()
725 		flow->match.untagged = 1;  in __vsc8584_macsec_add_rxsa()
727 	return vsc8584_macsec_add_flow(phydev, flow, update);  in __vsc8584_macsec_add_rxsa()
731 				     struct macsec_flow *flow, bool update)  in __vsc8584_macsec_add_txsa()  argument
733 	struct phy_device *phydev = ctx->phydev;  in __vsc8584_macsec_add_txsa()
734 	struct vsc8531_private *priv = phydev->priv;  in __vsc8584_macsec_add_txsa()
736 	if (!flow) {  in __vsc8584_macsec_add_txsa()
737 		flow = vsc8584_macsec_alloc_flow(priv, MACSEC_EGR);  in __vsc8584_macsec_add_txsa()
738 		if (IS_ERR(flow))  in __vsc8584_macsec_add_txsa()
739 			return PTR_ERR(flow);  in __vsc8584_macsec_add_txsa()
741 		memcpy(flow->key, ctx->sa.key, priv->secy->key_len);  in __vsc8584_macsec_add_txsa()
744 	flow->assoc_num = ctx->sa.assoc_num;  in __vsc8584_macsec_add_txsa()
745 	flow->tx_sa = ctx->sa.tx_sa;  in __vsc8584_macsec_add_txsa()
748 	flow->match.untagged = 1;  in __vsc8584_macsec_add_txsa()
750 	return vsc8584_macsec_add_flow(phydev, flow, update);  in __vsc8584_macsec_add_txsa()
755 	struct vsc8531_private *priv = ctx->phydev->priv;  in vsc8584_macsec_dev_open()
756 	struct macsec_flow *flow, *tmp;  in vsc8584_macsec_dev_open()  local
759 	if (ctx->prepare)  in vsc8584_macsec_dev_open()
762 	list_for_each_entry_safe(flow, tmp, &priv->macsec_flows, list)  in vsc8584_macsec_dev_open()
763 		vsc8584_macsec_flow_enable(ctx->phydev, flow);  in vsc8584_macsec_dev_open()
770 	struct vsc8531_private *priv = ctx->phydev->priv;  in vsc8584_macsec_dev_stop()
771 	struct macsec_flow *flow, *tmp;  in vsc8584_macsec_dev_stop()  local
774 	if (ctx->prepare)  in vsc8584_macsec_dev_stop()
777 	list_for_each_entry_safe(flow, tmp, &priv->macsec_flows, list)  in vsc8584_macsec_dev_stop()
778 		vsc8584_macsec_flow_disable(ctx->phydev, flow);  in vsc8584_macsec_dev_stop()
785 	struct vsc8531_private *priv = ctx->phydev->priv;  in vsc8584_macsec_add_secy()
786 	struct macsec_secy *secy = ctx->secy;  in vsc8584_macsec_add_secy()
788 	if (ctx->prepare) {  in vsc8584_macsec_add_secy()
789 		if (priv->secy)  in vsc8584_macsec_add_secy()
790 			return -EEXIST;  in vsc8584_macsec_add_secy()
795 	priv->secy = secy;  in vsc8584_macsec_add_secy()
797 	vsc8584_macsec_flow_default_action(ctx->phydev, MACSEC_EGR,  in vsc8584_macsec_add_secy()
798 					   secy->validate_frames != MACSEC_VALIDATE_DISABLED);  in vsc8584_macsec_add_secy()
799 	vsc8584_macsec_flow_default_action(ctx->phydev, MACSEC_INGR,  in vsc8584_macsec_add_secy()
800 					   secy->validate_frames != MACSEC_VALIDATE_DISABLED);  in vsc8584_macsec_add_secy()
802 	return vsc8584_macsec_default_flows(ctx->phydev);  in vsc8584_macsec_add_secy()
807 	struct vsc8531_private *priv = ctx->phydev->priv;  in vsc8584_macsec_del_secy()
808 	struct macsec_flow *flow, *tmp;  in vsc8584_macsec_del_secy()  local
811 	if (ctx->prepare)  in vsc8584_macsec_del_secy()
814 	list_for_each_entry_safe(flow, tmp, &priv->macsec_flows, list)  in vsc8584_macsec_del_secy()
815 		vsc8584_macsec_del_flow(ctx->phydev, flow);  in vsc8584_macsec_del_secy()
817 	vsc8584_macsec_flow_default_action(ctx->phydev, MACSEC_EGR, false);  in vsc8584_macsec_del_secy()
818 	vsc8584_macsec_flow_default_action(ctx->phydev, MACSEC_INGR, false);  in vsc8584_macsec_del_secy()
820 	priv->secy = NULL;  in vsc8584_macsec_del_secy()
827 	if (ctx->prepare)  in vsc8584_macsec_upd_secy()
842 	return -EOPNOTSUPP;  in vsc8584_macsec_upd_rxsc()
847 	struct vsc8531_private *priv = ctx->phydev->priv;  in vsc8584_macsec_del_rxsc()
848 	struct macsec_flow *flow, *tmp;  in vsc8584_macsec_del_rxsc()  local
851 	if (ctx->prepare)  in vsc8584_macsec_del_rxsc()
854 	list_for_each_entry_safe(flow, tmp, &priv->macsec_flows, list) {  in vsc8584_macsec_del_rxsc()
855 		if (flow->bank == MACSEC_INGR && flow->rx_sa &&  in vsc8584_macsec_del_rxsc()
856 		    flow->rx_sa->sc->sci == ctx->rx_sc->sci)  in vsc8584_macsec_del_rxsc()
857 			vsc8584_macsec_del_flow(ctx->phydev, flow);  in vsc8584_macsec_del_rxsc()
865 	struct macsec_flow *flow = NULL;  in vsc8584_macsec_add_rxsa()  local
867 	if (ctx->prepare)  in vsc8584_macsec_add_rxsa()
868 		return __vsc8584_macsec_add_rxsa(ctx, flow, false);  in vsc8584_macsec_add_rxsa()
870 	flow = vsc8584_macsec_find_flow(ctx, MACSEC_INGR);  in vsc8584_macsec_add_rxsa()
871 	if (IS_ERR(flow))  in vsc8584_macsec_add_rxsa()
872 		return PTR_ERR(flow);  in vsc8584_macsec_add_rxsa()
874 	vsc8584_macsec_flow_enable(ctx->phydev, flow);  in vsc8584_macsec_add_rxsa()
880 	struct macsec_flow *flow;  in vsc8584_macsec_upd_rxsa()  local
882 	flow = vsc8584_macsec_find_flow(ctx, MACSEC_INGR);  in vsc8584_macsec_upd_rxsa()
883 	if (IS_ERR(flow))  in vsc8584_macsec_upd_rxsa()
884 		return PTR_ERR(flow);  in vsc8584_macsec_upd_rxsa()
886 	if (ctx->prepare) {  in vsc8584_macsec_upd_rxsa()
887 		/* Make sure the flow is disabled before updating it */  in vsc8584_macsec_upd_rxsa()
888 		vsc8584_macsec_flow_disable(ctx->phydev, flow);  in vsc8584_macsec_upd_rxsa()
890 		return __vsc8584_macsec_add_rxsa(ctx, flow, true);  in vsc8584_macsec_upd_rxsa()
893 	vsc8584_macsec_flow_enable(ctx->phydev, flow);  in vsc8584_macsec_upd_rxsa()
899 	struct macsec_flow *flow;  in vsc8584_macsec_del_rxsa()  local
901 	flow = vsc8584_macsec_find_flow(ctx, MACSEC_INGR);  in vsc8584_macsec_del_rxsa()
903 	if (IS_ERR(flow))  in vsc8584_macsec_del_rxsa()
904 		return PTR_ERR(flow);  in vsc8584_macsec_del_rxsa()
905 	if (ctx->prepare)  in vsc8584_macsec_del_rxsa()
908 	vsc8584_macsec_del_flow(ctx->phydev, flow);  in vsc8584_macsec_del_rxsa()
914 	struct macsec_flow *flow = NULL;  in vsc8584_macsec_add_txsa()  local
916 	if (ctx->prepare)  in vsc8584_macsec_add_txsa()
917 		return __vsc8584_macsec_add_txsa(ctx, flow, false);  in vsc8584_macsec_add_txsa()
919 	flow = vsc8584_macsec_find_flow(ctx, MACSEC_EGR);  in vsc8584_macsec_add_txsa()
920 	if (IS_ERR(flow))  in vsc8584_macsec_add_txsa()
921 		return PTR_ERR(flow);  in vsc8584_macsec_add_txsa()
923 	vsc8584_macsec_flow_enable(ctx->phydev, flow);  in vsc8584_macsec_add_txsa()
929 	struct macsec_flow *flow;  in vsc8584_macsec_upd_txsa()  local
931 	flow = vsc8584_macsec_find_flow(ctx, MACSEC_EGR);  in vsc8584_macsec_upd_txsa()
932 	if (IS_ERR(flow))  in vsc8584_macsec_upd_txsa()
933 		return PTR_ERR(flow);  in vsc8584_macsec_upd_txsa()
935 	if (ctx->prepare) {  in vsc8584_macsec_upd_txsa()
936 		/* Make sure the flow is disabled before updating it */  in vsc8584_macsec_upd_txsa()
937 		vsc8584_macsec_flow_disable(ctx->phydev, flow);  in vsc8584_macsec_upd_txsa()
939 		return __vsc8584_macsec_add_txsa(ctx, flow, true);  in vsc8584_macsec_upd_txsa()
942 	vsc8584_macsec_flow_enable(ctx->phydev, flow);  in vsc8584_macsec_upd_txsa()
948 	struct macsec_flow *flow;  in vsc8584_macsec_del_txsa()  local
950 	flow = vsc8584_macsec_find_flow(ctx, MACSEC_EGR);  in vsc8584_macsec_del_txsa()
952 	if (IS_ERR(flow))  in vsc8584_macsec_del_txsa()
953 		return PTR_ERR(flow);  in vsc8584_macsec_del_txsa()
954 	if (ctx->prepare)  in vsc8584_macsec_del_txsa()
957 	vsc8584_macsec_del_flow(ctx->phydev, flow);  in vsc8584_macsec_del_txsa()
980 	struct vsc8531_private *vsc8531 = phydev->priv;  in vsc8584_macsec_init()
982 	switch (phydev->phy_id & phydev->drv->phy_id_mask) {  in vsc8584_macsec_init()
986 		INIT_LIST_HEAD(&vsc8531->macsec_flows);  in vsc8584_macsec_init()
987 		vsc8531->secy = NULL;  in vsc8584_macsec_init()
989 		phydev->macsec_ops = &vsc8584_macsec_ops;  in vsc8584_macsec_init()
999 	struct vsc8531_private *priv = phydev->priv;  in vsc8584_handle_macsec_interrupt()
1000 	struct macsec_flow *flow, *tmp;  in vsc8584_handle_macsec_interrupt()  local
1010 	rec = 6 + priv->secy->key_len / sizeof(u32);  in vsc8584_handle_macsec_interrupt()
1011 	list_for_each_entry_safe(flow, tmp, &priv->macsec_flows, list) {  in vsc8584_handle_macsec_interrupt()
1014 		if (flow->bank != MACSEC_EGR || !flow->has_transformation)  in vsc8584_handle_macsec_interrupt()
1018 					      MSCC_MS_XFORM_REC(flow->index, rec));  in vsc8584_handle_macsec_interrupt()
1020 			vsc8584_macsec_flow_disable(phydev, flow);  in vsc8584_handle_macsec_interrupt()
1021 			macsec_pn_wrapped(priv->secy, flow->tx_sa);  in vsc8584_handle_macsec_interrupt()