]>
Commit | Line | Data |
---|---|---|
11fdf7f2 TL |
1 | /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) |
2 | * | |
3 | * Copyright 2008-2016 Freescale Semiconductor Inc. | |
4 | * Copyright 2016 NXP | |
5 | * | |
6 | */ | |
7 | ||
8 | #ifndef __RTA_PROTOCOL_CMD_H__ | |
9 | #define __RTA_PROTOCOL_CMD_H__ | |
10 | ||
11 | extern enum rta_sec_era rta_sec_era; | |
12 | ||
13 | static inline int | |
14 | __rta_ssl_proto(uint16_t protoinfo) | |
15 | { | |
16 | switch (protoinfo) { | |
9f95a23c TL |
17 | case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5: |
18 | case OP_PCL_TLS_RSA_WITH_RC4_128_MD5: | |
19 | case OP_PCL_TLS_RSA_WITH_RC4_128_SHA: | |
20 | case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: | |
21 | case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5: | |
22 | case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA: | |
23 | case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5: | |
24 | case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA: | |
25 | case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5: | |
26 | case OP_PCL_TLS_PSK_WITH_RC4_128_SHA: | |
27 | case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA: | |
28 | case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA: | |
29 | case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA: | |
30 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: | |
31 | case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA: | |
32 | case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA: | |
33 | case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA: | |
34 | case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA: | |
11fdf7f2 TL |
35 | if (rta_sec_era == RTA_SEC_ERA_7) |
36 | return -EINVAL; | |
37 | /* fall through if not Era 7 */ | |
9f95a23c TL |
38 | case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: |
39 | case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA: | |
40 | case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA: | |
41 | case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: | |
42 | case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA: | |
43 | case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: | |
44 | case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: | |
45 | case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA: | |
46 | case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: | |
47 | case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: | |
48 | case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA: | |
49 | case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: | |
50 | case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: | |
51 | case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA: | |
52 | case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: | |
53 | case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: | |
54 | case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA: | |
55 | case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: | |
56 | case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA: | |
57 | case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA: | |
58 | case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5: | |
59 | case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5: | |
60 | case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA: | |
61 | case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5: | |
62 | case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA: | |
63 | case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA: | |
64 | case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA: | |
65 | case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA: | |
66 | case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: | |
67 | case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA: | |
68 | case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA: | |
69 | case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA: | |
70 | case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA: | |
71 | case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA: | |
72 | case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: | |
73 | case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA: | |
74 | case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256: | |
75 | case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256: | |
76 | case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: | |
77 | case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: | |
78 | case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256: | |
79 | case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256: | |
80 | case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: | |
81 | case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: | |
82 | case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256: | |
83 | case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256: | |
84 | case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA: | |
85 | case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA: | |
86 | case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA: | |
87 | case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: | |
88 | case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: | |
89 | case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: | |
90 | case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: | |
91 | case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: | |
92 | case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: | |
93 | case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256: | |
94 | case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384: | |
95 | case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: | |
96 | case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: | |
97 | case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256: | |
98 | case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384: | |
99 | case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: | |
100 | case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: | |
101 | case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256: | |
102 | case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384: | |
103 | case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256: | |
104 | case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384: | |
105 | case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256: | |
106 | case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384: | |
107 | case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: | |
108 | case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: | |
109 | case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: | |
110 | case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: | |
111 | case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256: | |
112 | case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384: | |
113 | case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: | |
114 | case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: | |
115 | case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: | |
116 | case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: | |
117 | case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: | |
118 | case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: | |
119 | case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: | |
120 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: | |
121 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: | |
122 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: | |
123 | case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: | |
124 | case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: | |
125 | case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: | |
126 | case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: | |
127 | case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: | |
128 | case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: | |
129 | case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: | |
130 | case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA: | |
131 | case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA: | |
132 | case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA: | |
133 | case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA: | |
134 | case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA: | |
135 | case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA: | |
136 | case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA: | |
137 | case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA: | |
138 | case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA: | |
139 | case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA: | |
140 | case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA: | |
141 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: | |
142 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: | |
143 | case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: | |
144 | case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: | |
145 | case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: | |
146 | case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: | |
147 | case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: | |
148 | case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: | |
149 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: | |
150 | case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: | |
151 | case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: | |
152 | case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: | |
153 | case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: | |
154 | case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: | |
155 | case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: | |
156 | case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: | |
157 | case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA: | |
158 | case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: | |
159 | case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: | |
160 | case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: | |
161 | case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: | |
162 | case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256: | |
163 | case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256: | |
164 | case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5: | |
165 | case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160: | |
166 | case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224: | |
167 | case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256: | |
168 | case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384: | |
169 | case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512: | |
170 | case OP_PCL_PVT_TLS_AES_128_CBC_SHA160: | |
171 | case OP_PCL_PVT_TLS_AES_128_CBC_SHA224: | |
172 | case OP_PCL_PVT_TLS_AES_128_CBC_SHA256: | |
173 | case OP_PCL_PVT_TLS_AES_128_CBC_SHA384: | |
174 | case OP_PCL_PVT_TLS_AES_128_CBC_SHA512: | |
175 | case OP_PCL_PVT_TLS_AES_192_CBC_SHA160: | |
176 | case OP_PCL_PVT_TLS_AES_192_CBC_SHA224: | |
177 | case OP_PCL_PVT_TLS_AES_192_CBC_SHA256: | |
178 | case OP_PCL_PVT_TLS_AES_192_CBC_SHA512: | |
179 | case OP_PCL_PVT_TLS_AES_256_CBC_SHA160: | |
180 | case OP_PCL_PVT_TLS_AES_256_CBC_SHA224: | |
181 | case OP_PCL_PVT_TLS_AES_256_CBC_SHA384: | |
182 | case OP_PCL_PVT_TLS_AES_256_CBC_SHA512: | |
183 | case OP_PCL_PVT_TLS_AES_256_CBC_SHA256: | |
184 | case OP_PCL_PVT_TLS_AES_192_CBC_SHA384: | |
185 | case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE: | |
186 | case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF: | |
11fdf7f2 TL |
187 | return 0; |
188 | } | |
189 | ||
190 | return -EINVAL; | |
191 | } | |
192 | ||
193 | static inline int | |
194 | __rta_ike_proto(uint16_t protoinfo) | |
195 | { | |
196 | switch (protoinfo) { | |
197 | case OP_PCL_IKE_HMAC_MD5: | |
198 | case OP_PCL_IKE_HMAC_SHA1: | |
199 | case OP_PCL_IKE_HMAC_AES128_CBC: | |
200 | case OP_PCL_IKE_HMAC_SHA256: | |
201 | case OP_PCL_IKE_HMAC_SHA384: | |
202 | case OP_PCL_IKE_HMAC_SHA512: | |
203 | case OP_PCL_IKE_HMAC_AES128_CMAC: | |
204 | return 0; | |
205 | } | |
206 | ||
207 | return -EINVAL; | |
208 | } | |
209 | ||
210 | static inline int | |
211 | __rta_ipsec_proto(uint16_t protoinfo) | |
212 | { | |
213 | uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK; | |
214 | uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK; | |
215 | ||
216 | switch (proto_cls1) { | |
217 | case OP_PCL_IPSEC_AES_NULL_WITH_GMAC: | |
218 | if (rta_sec_era < RTA_SEC_ERA_2) | |
219 | return -EINVAL; | |
220 | /* no break */ | |
221 | case OP_PCL_IPSEC_AES_CCM8: | |
222 | case OP_PCL_IPSEC_AES_CCM12: | |
223 | case OP_PCL_IPSEC_AES_CCM16: | |
224 | case OP_PCL_IPSEC_AES_GCM8: | |
225 | case OP_PCL_IPSEC_AES_GCM12: | |
226 | case OP_PCL_IPSEC_AES_GCM16: | |
227 | /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */ | |
228 | if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL) | |
229 | return 0; | |
230 | return -EINVAL; | |
231 | case OP_PCL_IPSEC_NULL: | |
232 | if (rta_sec_era < RTA_SEC_ERA_2) | |
233 | return -EINVAL; | |
234 | /* no break */ | |
235 | case OP_PCL_IPSEC_DES_IV64: | |
236 | case OP_PCL_IPSEC_DES: | |
237 | case OP_PCL_IPSEC_3DES: | |
238 | case OP_PCL_IPSEC_AES_CBC: | |
239 | case OP_PCL_IPSEC_AES_CTR: | |
240 | break; | |
241 | default: | |
242 | return -EINVAL; | |
243 | } | |
244 | ||
245 | switch (proto_cls2) { | |
246 | case OP_PCL_IPSEC_HMAC_NULL: | |
247 | case OP_PCL_IPSEC_HMAC_MD5_96: | |
248 | case OP_PCL_IPSEC_HMAC_SHA1_96: | |
249 | case OP_PCL_IPSEC_AES_XCBC_MAC_96: | |
250 | case OP_PCL_IPSEC_HMAC_MD5_128: | |
251 | case OP_PCL_IPSEC_HMAC_SHA1_160: | |
252 | case OP_PCL_IPSEC_AES_CMAC_96: | |
253 | case OP_PCL_IPSEC_HMAC_SHA2_256_128: | |
254 | case OP_PCL_IPSEC_HMAC_SHA2_384_192: | |
255 | case OP_PCL_IPSEC_HMAC_SHA2_512_256: | |
256 | return 0; | |
257 | } | |
258 | ||
259 | return -EINVAL; | |
260 | } | |
261 | ||
262 | static inline int | |
263 | __rta_srtp_proto(uint16_t protoinfo) | |
264 | { | |
265 | uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK; | |
266 | uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK; | |
267 | ||
268 | switch (proto_cls1) { | |
269 | case OP_PCL_SRTP_AES_CTR: | |
270 | switch (proto_cls2) { | |
271 | case OP_PCL_SRTP_HMAC_SHA1_160: | |
272 | return 0; | |
273 | } | |
274 | /* no break */ | |
275 | } | |
276 | ||
277 | return -EINVAL; | |
278 | } | |
279 | ||
280 | static inline int | |
281 | __rta_macsec_proto(uint16_t protoinfo) | |
282 | { | |
283 | switch (protoinfo) { | |
284 | case OP_PCL_MACSEC: | |
285 | return 0; | |
286 | } | |
287 | ||
288 | return -EINVAL; | |
289 | } | |
290 | ||
291 | static inline int | |
292 | __rta_wifi_proto(uint16_t protoinfo) | |
293 | { | |
294 | switch (protoinfo) { | |
295 | case OP_PCL_WIFI: | |
296 | return 0; | |
297 | } | |
298 | ||
299 | return -EINVAL; | |
300 | } | |
301 | ||
302 | static inline int | |
303 | __rta_wimax_proto(uint16_t protoinfo) | |
304 | { | |
305 | switch (protoinfo) { | |
306 | case OP_PCL_WIMAX_OFDM: | |
307 | case OP_PCL_WIMAX_OFDMA: | |
308 | return 0; | |
309 | } | |
310 | ||
311 | return -EINVAL; | |
312 | } | |
313 | ||
314 | /* Allowed blob proto flags for each SEC Era */ | |
315 | static const uint32_t proto_blob_flags[] = { | |
316 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK, | |
317 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | | |
318 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK, | |
319 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | | |
320 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK, | |
321 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | | |
322 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, | |
9f95a23c TL |
323 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | |
324 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, | |
325 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | | |
326 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, | |
327 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | | |
328 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, | |
11fdf7f2 TL |
329 | OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | |
330 | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM | |
331 | }; | |
332 | ||
333 | static inline int | |
334 | __rta_blob_proto(uint16_t protoinfo) | |
335 | { | |
336 | if (protoinfo & ~proto_blob_flags[rta_sec_era]) | |
337 | return -EINVAL; | |
338 | ||
339 | switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) { | |
340 | case OP_PCL_BLOB_FORMAT_NORMAL: | |
341 | case OP_PCL_BLOB_FORMAT_MASTER_VER: | |
342 | case OP_PCL_BLOB_FORMAT_TEST: | |
343 | break; | |
344 | default: | |
345 | return -EINVAL; | |
346 | } | |
347 | ||
348 | switch (protoinfo & OP_PCL_BLOB_REG_MASK) { | |
349 | case OP_PCL_BLOB_AFHA_SBOX: | |
350 | if (rta_sec_era < RTA_SEC_ERA_3) | |
351 | return -EINVAL; | |
352 | /* no break */ | |
353 | case OP_PCL_BLOB_REG_MEMORY: | |
354 | case OP_PCL_BLOB_REG_KEY1: | |
355 | case OP_PCL_BLOB_REG_KEY2: | |
356 | case OP_PCL_BLOB_REG_SPLIT: | |
357 | case OP_PCL_BLOB_REG_PKE: | |
358 | return 0; | |
359 | } | |
360 | ||
361 | return -EINVAL; | |
362 | } | |
363 | ||
364 | static inline int | |
365 | __rta_dlc_proto(uint16_t protoinfo) | |
366 | { | |
367 | if ((rta_sec_era < RTA_SEC_ERA_2) && | |
368 | (protoinfo & (OP_PCL_PKPROT_DSA_MSG | OP_PCL_PKPROT_HASH_MASK | | |
369 | OP_PCL_PKPROT_EKT_Z | OP_PCL_PKPROT_DECRYPT_Z | | |
370 | OP_PCL_PKPROT_DECRYPT_PRI))) | |
371 | return -EINVAL; | |
372 | ||
373 | switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) { | |
374 | case OP_PCL_PKPROT_HASH_MD5: | |
375 | case OP_PCL_PKPROT_HASH_SHA1: | |
376 | case OP_PCL_PKPROT_HASH_SHA224: | |
377 | case OP_PCL_PKPROT_HASH_SHA256: | |
378 | case OP_PCL_PKPROT_HASH_SHA384: | |
379 | case OP_PCL_PKPROT_HASH_SHA512: | |
380 | break; | |
381 | default: | |
382 | return -EINVAL; | |
383 | } | |
384 | ||
385 | return 0; | |
386 | } | |
387 | ||
388 | static inline int | |
389 | __rta_rsa_enc_proto(uint16_t protoinfo) | |
390 | { | |
391 | switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) { | |
392 | case OP_PCL_RSAPROT_OP_ENC_F_IN: | |
393 | if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) != | |
394 | OP_PCL_RSAPROT_FFF_RED) | |
395 | return -EINVAL; | |
396 | break; | |
397 | case OP_PCL_RSAPROT_OP_ENC_F_OUT: | |
398 | switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) { | |
399 | case OP_PCL_RSAPROT_FFF_RED: | |
400 | case OP_PCL_RSAPROT_FFF_ENC: | |
401 | case OP_PCL_RSAPROT_FFF_EKT: | |
402 | case OP_PCL_RSAPROT_FFF_TK_ENC: | |
403 | case OP_PCL_RSAPROT_FFF_TK_EKT: | |
404 | break; | |
405 | default: | |
406 | return -EINVAL; | |
407 | } | |
408 | break; | |
409 | default: | |
410 | return -EINVAL; | |
411 | } | |
412 | ||
413 | return 0; | |
414 | } | |
415 | ||
416 | static inline int | |
417 | __rta_rsa_dec_proto(uint16_t protoinfo) | |
418 | { | |
419 | switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) { | |
420 | case OP_PCL_RSAPROT_OP_DEC_ND: | |
421 | case OP_PCL_RSAPROT_OP_DEC_PQD: | |
422 | case OP_PCL_RSAPROT_OP_DEC_PQDPDQC: | |
423 | break; | |
424 | default: | |
425 | return -EINVAL; | |
426 | } | |
427 | ||
428 | switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) { | |
429 | case OP_PCL_RSAPROT_PPP_RED: | |
430 | case OP_PCL_RSAPROT_PPP_ENC: | |
431 | case OP_PCL_RSAPROT_PPP_EKT: | |
432 | case OP_PCL_RSAPROT_PPP_TK_ENC: | |
433 | case OP_PCL_RSAPROT_PPP_TK_EKT: | |
434 | break; | |
435 | default: | |
436 | return -EINVAL; | |
437 | } | |
438 | ||
439 | if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15) | |
440 | switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) { | |
441 | case OP_PCL_RSAPROT_FFF_RED: | |
442 | case OP_PCL_RSAPROT_FFF_ENC: | |
443 | case OP_PCL_RSAPROT_FFF_EKT: | |
444 | case OP_PCL_RSAPROT_FFF_TK_ENC: | |
445 | case OP_PCL_RSAPROT_FFF_TK_EKT: | |
446 | break; | |
447 | default: | |
448 | return -EINVAL; | |
449 | } | |
450 | ||
451 | return 0; | |
452 | } | |
453 | ||
454 | /* | |
455 | * DKP Protocol - Restrictions on key (SRC,DST) combinations | |
456 | * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed | |
457 | */ | |
458 | static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0}, | |
459 | {1, 1, 1, 1}, | |
460 | {1, 0, 1, 0}, | |
461 | {1, 0, 0, 1} }; | |
462 | ||
463 | static inline int | |
464 | __rta_dkp_proto(uint16_t protoinfo) | |
465 | { | |
466 | int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT; | |
467 | int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT; | |
468 | ||
469 | if (!key_in_out[key_src][key_dst]) { | |
470 | pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n"); | |
471 | return -EINVAL; | |
472 | } | |
473 | ||
474 | return 0; | |
475 | } | |
476 | ||
477 | ||
478 | static inline int | |
479 | __rta_3g_dcrc_proto(uint16_t protoinfo) | |
480 | { | |
481 | if (rta_sec_era == RTA_SEC_ERA_7) | |
482 | return -EINVAL; | |
483 | ||
484 | switch (protoinfo) { | |
485 | case OP_PCL_3G_DCRC_CRC7: | |
486 | case OP_PCL_3G_DCRC_CRC11: | |
487 | return 0; | |
488 | } | |
489 | ||
490 | return -EINVAL; | |
491 | } | |
492 | ||
493 | static inline int | |
494 | __rta_3g_rlc_proto(uint16_t protoinfo) | |
495 | { | |
496 | if (rta_sec_era == RTA_SEC_ERA_7) | |
497 | return -EINVAL; | |
498 | ||
499 | switch (protoinfo) { | |
500 | case OP_PCL_3G_RLC_NULL: | |
501 | case OP_PCL_3G_RLC_KASUMI: | |
502 | case OP_PCL_3G_RLC_SNOW: | |
503 | return 0; | |
504 | } | |
505 | ||
506 | return -EINVAL; | |
507 | } | |
508 | ||
509 | static inline int | |
510 | __rta_lte_pdcp_proto(uint16_t protoinfo) | |
511 | { | |
512 | if (rta_sec_era == RTA_SEC_ERA_7) | |
513 | return -EINVAL; | |
514 | ||
515 | switch (protoinfo) { | |
516 | case OP_PCL_LTE_ZUC: | |
517 | if (rta_sec_era < RTA_SEC_ERA_5) | |
518 | break; | |
519 | case OP_PCL_LTE_NULL: | |
520 | case OP_PCL_LTE_SNOW: | |
521 | case OP_PCL_LTE_AES: | |
522 | return 0; | |
523 | } | |
524 | ||
525 | return -EINVAL; | |
526 | } | |
527 | ||
528 | static inline int | |
529 | __rta_lte_pdcp_mixed_proto(uint16_t protoinfo) | |
530 | { | |
531 | switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) { | |
532 | case OP_PCL_LTE_MIXED_AUTH_NULL: | |
533 | case OP_PCL_LTE_MIXED_AUTH_SNOW: | |
534 | case OP_PCL_LTE_MIXED_AUTH_AES: | |
535 | case OP_PCL_LTE_MIXED_AUTH_ZUC: | |
536 | break; | |
537 | default: | |
538 | return -EINVAL; | |
539 | } | |
540 | ||
541 | switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) { | |
542 | case OP_PCL_LTE_MIXED_ENC_NULL: | |
543 | case OP_PCL_LTE_MIXED_ENC_SNOW: | |
544 | case OP_PCL_LTE_MIXED_ENC_AES: | |
545 | case OP_PCL_LTE_MIXED_ENC_ZUC: | |
546 | return 0; | |
547 | } | |
548 | ||
549 | return -EINVAL; | |
550 | } | |
551 | ||
552 | struct proto_map { | |
553 | uint32_t optype; | |
554 | uint32_t protid; | |
555 | int (*protoinfo_func)(uint16_t); | |
556 | }; | |
557 | ||
558 | static const struct proto_map proto_table[] = { | |
559 | /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto}, | |
560 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto}, | |
561 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto}, | |
562 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto}, | |
9f95a23c | 563 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS_PRF, __rta_ssl_proto}, |
11fdf7f2 TL |
564 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto}, |
565 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto}, | |
566 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto}, | |
567 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto}, | |
568 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto}, | |
569 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto}, | |
570 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto}, | |
571 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto}, | |
572 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto}, | |
573 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto}, | |
574 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto}, | |
9f95a23c | 575 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS, __rta_ssl_proto}, |
11fdf7f2 TL |
576 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto}, |
577 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto}, | |
578 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto}, | |
579 | /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto}, | |
580 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto}, | |
581 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto}, | |
582 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto}, | |
583 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto}, | |
584 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto}, | |
585 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto}, | |
586 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto}, | |
587 | /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto}, | |
588 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto}, | |
589 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto}, | |
590 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto}, | |
591 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto}, | |
592 | {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto}, | |
593 | /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto}, | |
594 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto}, | |
595 | /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto}, | |
596 | /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED, | |
597 | __rta_lte_pdcp_mixed_proto}, | |
598 | {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto}, | |
599 | }; | |
600 | ||
601 | /* | |
602 | * Allowed OPERATION protocols for each SEC Era. | |
603 | * Values represent the number of entries from proto_table[] that are supported. | |
604 | */ | |
605 | static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37, 39}; | |
606 | ||
607 | static inline int | |
608 | rta_proto_operation(struct program *program, uint32_t optype, | |
609 | uint32_t protid, uint16_t protoinfo) | |
610 | { | |
611 | uint32_t opcode = CMD_OPERATION; | |
612 | unsigned int i, found = 0; | |
613 | uint32_t optype_tmp = optype; | |
614 | unsigned int start_pc = program->current_pc; | |
615 | int ret = -EINVAL; | |
616 | ||
617 | for (i = 0; i < proto_table_sz[rta_sec_era]; i++) { | |
618 | /* clear last bit in optype to match also decap proto */ | |
619 | optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT); | |
620 | if (optype_tmp == proto_table[i].optype) { | |
621 | if (proto_table[i].protid == protid) { | |
622 | /* nothing else to verify */ | |
623 | if (proto_table[i].protoinfo_func == NULL) { | |
624 | found = 1; | |
625 | break; | |
626 | } | |
627 | /* check protoinfo */ | |
628 | ret = (*proto_table[i].protoinfo_func) | |
629 | (protoinfo); | |
630 | if (ret < 0) { | |
631 | pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n", | |
632 | program->current_pc); | |
633 | goto err; | |
634 | } | |
635 | found = 1; | |
636 | break; | |
637 | } | |
638 | } | |
639 | } | |
640 | if (!found) { | |
641 | pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n", | |
642 | program->current_pc); | |
643 | goto err; | |
644 | } | |
645 | ||
646 | __rta_out32(program, opcode | optype | protid | protoinfo); | |
647 | program->current_instruction++; | |
648 | return (int)start_pc; | |
649 | ||
650 | err: | |
651 | program->first_error_pc = start_pc; | |
652 | program->current_instruction++; | |
653 | return ret; | |
654 | } | |
655 | ||
656 | static inline int | |
657 | rta_dkp_proto(struct program *program, uint32_t protid, | |
658 | uint16_t key_src, uint16_t key_dst, | |
659 | uint16_t keylen, uint64_t key, | |
660 | enum rta_data_type key_type) | |
661 | { | |
662 | unsigned int start_pc = program->current_pc; | |
663 | unsigned int in_words = 0, out_words = 0; | |
664 | int ret; | |
665 | ||
666 | key_src &= OP_PCL_DKP_SRC_MASK; | |
667 | key_dst &= OP_PCL_DKP_DST_MASK; | |
668 | keylen &= OP_PCL_DKP_KEY_MASK; | |
669 | ||
670 | ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid, | |
671 | key_src | key_dst | keylen); | |
672 | if (ret < 0) | |
673 | return ret; | |
674 | ||
675 | if ((key_src == OP_PCL_DKP_SRC_PTR) || | |
676 | (key_src == OP_PCL_DKP_SRC_SGF)) { | |
677 | __rta_out64(program, program->ps, key); | |
678 | in_words = program->ps ? 2 : 1; | |
679 | } else if (key_src == OP_PCL_DKP_SRC_IMM) { | |
680 | __rta_inline_data(program, key, inline_flags(key_type), keylen); | |
681 | in_words = (unsigned int)((keylen + 3) / 4); | |
682 | } | |
683 | ||
684 | if ((key_dst == OP_PCL_DKP_DST_PTR) || | |
685 | (key_dst == OP_PCL_DKP_DST_SGF)) { | |
686 | out_words = in_words; | |
687 | } else if (key_dst == OP_PCL_DKP_DST_IMM) { | |
688 | out_words = split_key_len(protid) / 4; | |
689 | } | |
690 | ||
691 | if (out_words < in_words) { | |
692 | pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n"); | |
693 | program->first_error_pc = start_pc; | |
694 | return -EINVAL; | |
695 | } | |
696 | ||
697 | /* If needed, reserve space in resulting descriptor for derived key */ | |
698 | program->current_pc += (out_words - in_words); | |
699 | ||
700 | return (int)start_pc; | |
701 | } | |
702 | ||
703 | #endif /* __RTA_PROTOCOL_CMD_H__ */ |