| /* |
| * QEMU Apple AES device emulation |
| * |
| * Copyright © 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
| * |
| * This work is licensed under the terms of the GNU GPL, version 2 or later. |
| * See the COPYING file in the top-level directory. |
| * |
| * SPDX-License-Identifier: GPL-2.0-or-later |
| */ |
| |
| #include "qemu/osdep.h" |
| #include "trace.h" |
| #include "crypto/hash.h" |
| #include "crypto/aes.h" |
| #include "crypto/cipher.h" |
| #include "hw/irq.h" |
| #include "hw/sysbus.h" |
| #include "hw/vmapple/vmapple.h" |
| #include "migration/vmstate.h" |
| #include "qemu/cutils.h" |
| #include "qemu/log.h" |
| #include "qemu/module.h" |
| #include "system/dma.h" |
| |
| OBJECT_DECLARE_SIMPLE_TYPE(AESState, APPLE_AES) |
| |
| #define MAX_FIFO_SIZE 9 |
| |
| #define CMD_KEY 0x1 |
| #define CMD_KEY_CONTEXT_SHIFT 27 |
| #define CMD_KEY_CONTEXT_MASK (0x1 << CMD_KEY_CONTEXT_SHIFT) |
| #define CMD_KEY_SELECT_MAX_IDX 0x7 |
| #define CMD_KEY_SELECT_SHIFT 24 |
| #define CMD_KEY_SELECT_MASK (CMD_KEY_SELECT_MAX_IDX << CMD_KEY_SELECT_SHIFT) |
| #define CMD_KEY_KEY_LEN_NUM 4u |
| #define CMD_KEY_KEY_LEN_SHIFT 22 |
| #define CMD_KEY_KEY_LEN_MASK ((CMD_KEY_KEY_LEN_NUM - 1u) << CMD_KEY_KEY_LEN_SHIFT) |
| #define CMD_KEY_ENCRYPT_SHIFT 20 |
| #define CMD_KEY_ENCRYPT_MASK (0x1 << CMD_KEY_ENCRYPT_SHIFT) |
| #define CMD_KEY_BLOCK_MODE_SHIFT 16 |
| #define CMD_KEY_BLOCK_MODE_MASK (0x3 << CMD_KEY_BLOCK_MODE_SHIFT) |
| #define CMD_IV 0x2 |
| #define CMD_IV_CONTEXT_SHIFT 26 |
| #define CMD_IV_CONTEXT_MASK (0x3 << CMD_KEY_CONTEXT_SHIFT) |
| #define CMD_DSB 0x3 |
| #define CMD_SKG 0x4 |
| #define CMD_DATA 0x5 |
| #define CMD_DATA_KEY_CTX_SHIFT 27 |
| #define CMD_DATA_KEY_CTX_MASK (0x1 << CMD_DATA_KEY_CTX_SHIFT) |
| #define CMD_DATA_IV_CTX_SHIFT 25 |
| #define CMD_DATA_IV_CTX_MASK (0x3 << CMD_DATA_IV_CTX_SHIFT) |
| #define CMD_DATA_LEN_MASK 0xffffff |
| #define CMD_STORE_IV 0x6 |
| #define CMD_STORE_IV_ADDR_MASK 0xffffff |
| #define CMD_WRITE_REG 0x7 |
| #define CMD_FLAG 0x8 |
| #define CMD_FLAG_STOP_MASK BIT(26) |
| #define CMD_FLAG_RAISE_IRQ_MASK BIT(27) |
| #define CMD_FLAG_INFO_MASK 0xff |
| #define CMD_MAX 0x10 |
| |
| #define CMD_SHIFT 28 |
| |
| #define REG_STATUS 0xc |
| #define REG_STATUS_DMA_READ_RUNNING BIT(0) |
| #define REG_STATUS_DMA_READ_PENDING BIT(1) |
| #define REG_STATUS_DMA_WRITE_RUNNING BIT(2) |
| #define REG_STATUS_DMA_WRITE_PENDING BIT(3) |
| #define REG_STATUS_BUSY BIT(4) |
| #define REG_STATUS_EXECUTING BIT(5) |
| #define REG_STATUS_READY BIT(6) |
| #define REG_STATUS_TEXT_DPA_SEEDED BIT(7) |
| #define REG_STATUS_UNWRAP_DPA_SEEDED BIT(8) |
| |
| #define REG_IRQ_STATUS 0x18 |
| #define REG_IRQ_STATUS_INVALID_CMD BIT(2) |
| #define REG_IRQ_STATUS_FLAG BIT(5) |
| #define REG_IRQ_ENABLE 0x1c |
| #define REG_WATERMARK 0x20 |
| #define REG_Q_STATUS 0x24 |
| #define REG_FLAG_INFO 0x30 |
| #define REG_FIFO 0x200 |
| |
| static const uint32_t key_lens[CMD_KEY_KEY_LEN_NUM] = { |
| [0] = 16, |
| [1] = 24, |
| [2] = 32, |
| [3] = 64, |
| }; |
| |
| typedef struct Key { |
| uint32_t key_len; |
| uint8_t key[32]; |
| } Key; |
| |
| typedef struct IV { |
| uint32_t iv[4]; |
| } IV; |
| |
| static Key builtin_keys[CMD_KEY_SELECT_MAX_IDX + 1] = { |
| [1] = { |
| .key_len = 32, |
| .key = { 0x1 }, |
| }, |
| [2] = { |
| .key_len = 32, |
| .key = { 0x2 }, |
| }, |
| [3] = { |
| .key_len = 32, |
| .key = { 0x3 }, |
| } |
| }; |
| |
| struct AESState { |
| SysBusDevice parent_obj; |
| |
| qemu_irq irq; |
| MemoryRegion iomem1; |
| MemoryRegion iomem2; |
| AddressSpace *as; |
| |
| uint32_t status; |
| uint32_t q_status; |
| uint32_t irq_status; |
| uint32_t irq_enable; |
| uint32_t watermark; |
| uint32_t flag_info; |
| uint32_t fifo[MAX_FIFO_SIZE]; |
| uint32_t fifo_idx; |
| Key key[2]; |
| IV iv[4]; |
| bool is_encrypt; |
| QCryptoCipherMode block_mode; |
| }; |
| |
| static void aes_update_irq(AESState *s) |
| { |
| qemu_set_irq(s->irq, !!(s->irq_status & s->irq_enable)); |
| } |
| |
| static uint64_t aes1_read(void *opaque, hwaddr offset, unsigned size) |
| { |
| AESState *s = opaque; |
| uint64_t res = 0; |
| |
| switch (offset) { |
| case REG_STATUS: |
| res = s->status; |
| break; |
| case REG_IRQ_STATUS: |
| res = s->irq_status; |
| break; |
| case REG_IRQ_ENABLE: |
| res = s->irq_enable; |
| break; |
| case REG_WATERMARK: |
| res = s->watermark; |
| break; |
| case REG_Q_STATUS: |
| res = s->q_status; |
| break; |
| case REG_FLAG_INFO: |
| res = s->flag_info; |
| break; |
| |
| default: |
| qemu_log_mask(LOG_UNIMP, "%s: Unknown AES MMIO offset %" PRIx64 "\n", |
| __func__, offset); |
| break; |
| } |
| |
| trace_aes_read(offset, res); |
| |
| return res; |
| } |
| |
| static void fifo_append(AESState *s, uint64_t val) |
| { |
| if (s->fifo_idx == MAX_FIFO_SIZE) { |
| /* Exceeded the FIFO. Bail out */ |
| return; |
| } |
| |
| s->fifo[s->fifo_idx++] = val; |
| } |
| |
| static bool has_payload(AESState *s, uint32_t elems) |
| { |
| return s->fifo_idx >= elems + 1; |
| } |
| |
| static bool cmd_key(AESState *s) |
| { |
| uint32_t cmd = s->fifo[0]; |
| uint32_t key_select = (cmd & CMD_KEY_SELECT_MASK) >> CMD_KEY_SELECT_SHIFT; |
| uint32_t ctxt = (cmd & CMD_KEY_CONTEXT_MASK) >> CMD_KEY_CONTEXT_SHIFT; |
| uint32_t key_len; |
| |
| switch ((cmd & CMD_KEY_BLOCK_MODE_MASK) >> CMD_KEY_BLOCK_MODE_SHIFT) { |
| case 0: |
| s->block_mode = QCRYPTO_CIPHER_MODE_ECB; |
| break; |
| case 1: |
| s->block_mode = QCRYPTO_CIPHER_MODE_CBC; |
| break; |
| default: |
| return false; |
| } |
| |
| s->is_encrypt = cmd & CMD_KEY_ENCRYPT_MASK; |
| key_len = key_lens[(cmd & CMD_KEY_KEY_LEN_MASK) >> CMD_KEY_KEY_LEN_SHIFT]; |
| |
| if (key_select) { |
| trace_aes_cmd_key_select_builtin(ctxt, key_select, |
| s->is_encrypt ? "en" : "de", |
| QCryptoCipherMode_str(s->block_mode)); |
| s->key[ctxt] = builtin_keys[key_select]; |
| } else { |
| trace_aes_cmd_key_select_new(ctxt, key_len, |
| s->is_encrypt ? "en" : "de", |
| QCryptoCipherMode_str(s->block_mode)); |
| if (key_len > sizeof(s->key[ctxt].key)) { |
| return false; |
| } |
| if (!has_payload(s, key_len / sizeof(uint32_t))) { |
| /* wait for payload */ |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: No payload\n", __func__); |
| return false; |
| } |
| memcpy(&s->key[ctxt].key, &s->fifo[1], key_len); |
| s->key[ctxt].key_len = key_len; |
| } |
| |
| return true; |
| } |
| |
| static bool cmd_iv(AESState *s) |
| { |
| uint32_t cmd = s->fifo[0]; |
| uint32_t ctxt = (cmd & CMD_IV_CONTEXT_MASK) >> CMD_IV_CONTEXT_SHIFT; |
| |
| if (!has_payload(s, 4)) { |
| /* wait for payload */ |
| return false; |
| } |
| memcpy(&s->iv[ctxt].iv, &s->fifo[1], sizeof(s->iv[ctxt].iv)); |
| trace_aes_cmd_iv(ctxt, s->fifo[1], s->fifo[2], s->fifo[3], s->fifo[4]); |
| |
| return true; |
| } |
| |
| static void dump_data(const char *desc, const void *p, size_t len) |
| { |
| static const size_t MAX_LEN = 0x1000; |
| char hex[MAX_LEN * 2 + 1] = ""; |
| |
| if (len > MAX_LEN) { |
| return; |
| } |
| |
| qemu_hexdump_to_buffer(hex, sizeof(hex), p, len); |
| trace_aes_dump_data(desc, hex); |
| } |
| |
| static bool cmd_data(AESState *s) |
| { |
| uint32_t cmd = s->fifo[0]; |
| uint32_t ctxt_iv = 0; |
| uint32_t ctxt_key = (cmd & CMD_DATA_KEY_CTX_MASK) >> CMD_DATA_KEY_CTX_SHIFT; |
| uint32_t len = cmd & CMD_DATA_LEN_MASK; |
| uint64_t src_addr = s->fifo[2]; |
| uint64_t dst_addr = s->fifo[3]; |
| QCryptoCipherAlgo alg; |
| g_autoptr(QCryptoCipher) cipher = NULL; |
| g_autoptr(GByteArray) src = NULL; |
| g_autoptr(GByteArray) dst = NULL; |
| MemTxResult r; |
| |
| src_addr |= ((uint64_t)s->fifo[1] << 16) & 0xffff00000000ULL; |
| dst_addr |= ((uint64_t)s->fifo[1] << 32) & 0xffff00000000ULL; |
| |
| trace_aes_cmd_data(ctxt_key, ctxt_iv, src_addr, dst_addr, len); |
| |
| if (!has_payload(s, 3)) { |
| /* wait for payload */ |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: No payload\n", __func__); |
| return false; |
| } |
| |
| if (ctxt_key >= ARRAY_SIZE(s->key) || |
| ctxt_iv >= ARRAY_SIZE(s->iv)) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: Invalid key or iv\n", __func__); |
| return false; |
| } |
| |
| src = g_byte_array_sized_new(len); |
| g_byte_array_set_size(src, len); |
| dst = g_byte_array_sized_new(len); |
| g_byte_array_set_size(dst, len); |
| |
| r = dma_memory_read(s->as, src_addr, src->data, len, MEMTXATTRS_UNSPECIFIED); |
| if (r != MEMTX_OK) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA read of %"PRIu32" bytes " |
| "from 0x%"PRIx64" failed. (r=%d)\n", |
| __func__, len, src_addr, r); |
| return false; |
| } |
| |
| dump_data("cmd_data(): src_data=", src->data, len); |
| |
| switch (s->key[ctxt_key].key_len) { |
| case 128 / 8: |
| alg = QCRYPTO_CIPHER_ALGO_AES_128; |
| break; |
| case 192 / 8: |
| alg = QCRYPTO_CIPHER_ALGO_AES_192; |
| break; |
| case 256 / 8: |
| alg = QCRYPTO_CIPHER_ALGO_AES_256; |
| break; |
| default: |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: Invalid key length\n", __func__); |
| return false; |
| } |
| cipher = qcrypto_cipher_new(alg, s->block_mode, |
| s->key[ctxt_key].key, |
| s->key[ctxt_key].key_len, NULL); |
| if (!cipher) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to create cipher object\n", |
| __func__); |
| return false; |
| } |
| if (s->block_mode != QCRYPTO_CIPHER_MODE_ECB) { |
| if (qcrypto_cipher_setiv(cipher, (void *)s->iv[ctxt_iv].iv, |
| sizeof(s->iv[ctxt_iv].iv), NULL) != 0) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to set IV\n", __func__); |
| return false; |
| } |
| } |
| if (s->is_encrypt) { |
| if (qcrypto_cipher_encrypt(cipher, src->data, dst->data, len, NULL) != 0) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: Encryption failed\n", __func__); |
| return false; |
| } |
| } else { |
| if (qcrypto_cipher_decrypt(cipher, src->data, dst->data, len, NULL) != 0) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: Decryption failed\n", __func__); |
| return false; |
| } |
| } |
| |
| dump_data("cmd_data(): dst_data=", dst->data, len); |
| r = dma_memory_write(s->as, dst_addr, dst->data, len, MEMTXATTRS_UNSPECIFIED); |
| if (r != MEMTX_OK) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA write of %"PRIu32" bytes " |
| "to 0x%"PRIx64" failed. (r=%d)\n", |
| __func__, len, src_addr, r); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| static bool cmd_store_iv(AESState *s) |
| { |
| uint32_t cmd = s->fifo[0]; |
| uint32_t ctxt = (cmd & CMD_IV_CONTEXT_MASK) >> CMD_IV_CONTEXT_SHIFT; |
| uint64_t addr = s->fifo[1]; |
| MemTxResult dma_result; |
| |
| if (!has_payload(s, 1)) { |
| qemu_log_mask(LOG_GUEST_ERROR, "%s: No payload\n", __func__); |
| return false; |
| } |
| |
| if (ctxt >= ARRAY_SIZE(s->iv)) { |
| qemu_log_mask(LOG_GUEST_ERROR, |
| "%s: Invalid context. ctxt = %u, allowed: 0..%zu\n", |
| __func__, ctxt, ARRAY_SIZE(s->iv) - 1); |
| return false; |
| } |
| |
| addr |= ((uint64_t)cmd << 32) & 0xff00000000ULL; |
| dma_result = dma_memory_write(&address_space_memory, addr, |
| &s->iv[ctxt].iv, sizeof(s->iv[ctxt].iv), |
| MEMTXATTRS_UNSPECIFIED); |
| |
| trace_aes_cmd_store_iv(ctxt, addr, s->iv[ctxt].iv[0], s->iv[ctxt].iv[1], |
| s->iv[ctxt].iv[2], s->iv[ctxt].iv[3]); |
| |
| return dma_result == MEMTX_OK; |
| } |
| |
| static bool cmd_flag(AESState *s) |
| { |
| uint32_t cmd = s->fifo[0]; |
| uint32_t raise_irq = cmd & CMD_FLAG_RAISE_IRQ_MASK; |
| |
| /* We always process data when it's coming in, so fire an IRQ immediately */ |
| if (raise_irq) { |
| s->irq_status |= REG_IRQ_STATUS_FLAG; |
| } |
| |
| s->flag_info = cmd & CMD_FLAG_INFO_MASK; |
| |
| trace_aes_cmd_flag(!!raise_irq, s->flag_info); |
| |
| return true; |
| } |
| |
| static void fifo_process(AESState *s) |
| { |
| uint32_t cmd = s->fifo[0] >> CMD_SHIFT; |
| bool success = false; |
| |
| if (!s->fifo_idx) { |
| return; |
| } |
| |
| switch (cmd) { |
| case CMD_KEY: |
| success = cmd_key(s); |
| break; |
| case CMD_IV: |
| success = cmd_iv(s); |
| break; |
| case CMD_DATA: |
| success = cmd_data(s); |
| break; |
| case CMD_STORE_IV: |
| success = cmd_store_iv(s); |
| break; |
| case CMD_FLAG: |
| success = cmd_flag(s); |
| break; |
| default: |
| s->irq_status |= REG_IRQ_STATUS_INVALID_CMD; |
| break; |
| } |
| |
| if (success) { |
| s->fifo_idx = 0; |
| } |
| |
| trace_aes_fifo_process(cmd, success); |
| } |
| |
| static void aes1_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) |
| { |
| AESState *s = opaque; |
| |
| trace_aes_write(offset, val); |
| |
| switch (offset) { |
| case REG_IRQ_STATUS: |
| s->irq_status &= ~val; |
| break; |
| case REG_IRQ_ENABLE: |
| s->irq_enable = val; |
| break; |
| case REG_FIFO: |
| fifo_append(s, val); |
| fifo_process(s); |
| break; |
| default: |
| qemu_log_mask(LOG_UNIMP, |
| "%s: Unknown AES MMIO offset %"PRIx64", data %"PRIx64"\n", |
| __func__, offset, val); |
| return; |
| } |
| |
| aes_update_irq(s); |
| } |
| |
| static const MemoryRegionOps aes1_ops = { |
| .read = aes1_read, |
| .write = aes1_write, |
| .endianness = DEVICE_NATIVE_ENDIAN, |
| .valid = { |
| .min_access_size = 4, |
| .max_access_size = 8, |
| }, |
| .impl = { |
| .min_access_size = 4, |
| .max_access_size = 4, |
| }, |
| }; |
| |
| static uint64_t aes2_read(void *opaque, hwaddr offset, unsigned size) |
| { |
| uint64_t res = 0; |
| |
| switch (offset) { |
| case 0: |
| res = 0; |
| break; |
| default: |
| qemu_log_mask(LOG_UNIMP, |
| "%s: Unknown AES MMIO 2 offset %"PRIx64"\n", |
| __func__, offset); |
| break; |
| } |
| |
| trace_aes_2_read(offset, res); |
| |
| return res; |
| } |
| |
| static void aes2_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) |
| { |
| trace_aes_2_write(offset, val); |
| |
| switch (offset) { |
| default: |
| qemu_log_mask(LOG_UNIMP, |
| "%s: Unknown AES MMIO 2 offset %"PRIx64", data %"PRIx64"\n", |
| __func__, offset, val); |
| return; |
| } |
| } |
| |
| static const MemoryRegionOps aes2_ops = { |
| .read = aes2_read, |
| .write = aes2_write, |
| .endianness = DEVICE_NATIVE_ENDIAN, |
| .valid = { |
| .min_access_size = 4, |
| .max_access_size = 8, |
| }, |
| .impl = { |
| .min_access_size = 4, |
| .max_access_size = 4, |
| }, |
| }; |
| |
| static void aes_reset(Object *obj, ResetType type) |
| { |
| AESState *s = APPLE_AES(obj); |
| |
| s->status = 0x3f80; |
| s->q_status = 2; |
| s->irq_status = 0; |
| s->irq_enable = 0; |
| s->watermark = 0; |
| } |
| |
| static void aes_init(Object *obj) |
| { |
| AESState *s = APPLE_AES(obj); |
| |
| memory_region_init_io(&s->iomem1, obj, &aes1_ops, s, TYPE_APPLE_AES, 0x4000); |
| memory_region_init_io(&s->iomem2, obj, &aes2_ops, s, TYPE_APPLE_AES, 0x4000); |
| sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem1); |
| sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem2); |
| sysbus_init_irq(SYS_BUS_DEVICE(s), &s->irq); |
| s->as = &address_space_memory; |
| } |
| |
| static void aes_class_init(ObjectClass *klass, const void *data) |
| { |
| ResettableClass *rc = RESETTABLE_CLASS(klass); |
| |
| rc->phases.hold = aes_reset; |
| } |
| |
| static const TypeInfo aes_info = { |
| .name = TYPE_APPLE_AES, |
| .parent = TYPE_SYS_BUS_DEVICE, |
| .instance_size = sizeof(AESState), |
| .class_init = aes_class_init, |
| .instance_init = aes_init, |
| }; |
| |
| static void aes_register_types(void) |
| { |
| type_register_static(&aes_info); |
| } |
| |
| type_init(aes_register_types) |
