]> git.proxmox.com Git - ceph.git/blob - ceph/src/seastar/dpdk/drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
update sources to ceph Nautilus 14.2.1
[ceph.git] / ceph / src / seastar / dpdk / drivers / crypto / dpaa2_sec / hw / rta / protocol_cmd.h
1 /*-
2 * This file is provided under a dual BSD/GPLv2 license. When using or
3 * redistributing this file, you may do so under either license.
4 *
5 * BSD LICENSE
6 *
7 * Copyright 2008-2016 Freescale Semiconductor Inc.
8 * Copyright (c) 2016 NXP.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions are met:
12 * * Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * * Neither the name of the above-listed copyright holders nor the
18 * names of any contributors may be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * GPL LICENSE SUMMARY
22 *
23 * ALTERNATIVELY, this software may be distributed under the terms of the
24 * GNU General Public License ("GPL") as published by the Free Software
25 * Foundation, either version 2 of that License or (at your option) any
26 * later version.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
29 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
32 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
33 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38 * POSSIBILITY OF SUCH DAMAGE.
39 */
40
41 #ifndef __RTA_PROTOCOL_CMD_H__
42 #define __RTA_PROTOCOL_CMD_H__
43
44 extern enum rta_sec_era rta_sec_era;
45
46 static inline int
47 __rta_ssl_proto(uint16_t protoinfo)
48 {
49 switch (protoinfo) {
50 case OP_PCL_SSL30_RC4_40_MD5_2:
51 case OP_PCL_SSL30_RC4_128_MD5_2:
52 case OP_PCL_SSL30_RC4_128_SHA_5:
53 case OP_PCL_SSL30_RC4_40_MD5_3:
54 case OP_PCL_SSL30_RC4_128_MD5_3:
55 case OP_PCL_SSL30_RC4_128_SHA:
56 case OP_PCL_SSL30_RC4_128_MD5:
57 case OP_PCL_SSL30_RC4_40_SHA:
58 case OP_PCL_SSL30_RC4_40_MD5:
59 case OP_PCL_SSL30_RC4_128_SHA_2:
60 case OP_PCL_SSL30_RC4_128_SHA_3:
61 case OP_PCL_SSL30_RC4_128_SHA_4:
62 case OP_PCL_SSL30_RC4_128_SHA_6:
63 case OP_PCL_SSL30_RC4_128_SHA_7:
64 case OP_PCL_SSL30_RC4_128_SHA_8:
65 case OP_PCL_SSL30_RC4_128_SHA_9:
66 case OP_PCL_SSL30_RC4_128_SHA_10:
67 case OP_PCL_TLS_ECDHE_PSK_RC4_128_SHA:
68 if (rta_sec_era == RTA_SEC_ERA_7)
69 return -EINVAL;
70 /* fall through if not Era 7 */
71 case OP_PCL_SSL30_DES40_CBC_SHA:
72 case OP_PCL_SSL30_DES_CBC_SHA_2:
73 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_5:
74 case OP_PCL_SSL30_DES40_CBC_SHA_2:
75 case OP_PCL_SSL30_DES_CBC_SHA_3:
76 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_6:
77 case OP_PCL_SSL30_DES40_CBC_SHA_3:
78 case OP_PCL_SSL30_DES_CBC_SHA_4:
79 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_7:
80 case OP_PCL_SSL30_DES40_CBC_SHA_4:
81 case OP_PCL_SSL30_DES_CBC_SHA_5:
82 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_8:
83 case OP_PCL_SSL30_DES40_CBC_SHA_5:
84 case OP_PCL_SSL30_DES_CBC_SHA_6:
85 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_9:
86 case OP_PCL_SSL30_DES40_CBC_SHA_6:
87 case OP_PCL_SSL30_DES_CBC_SHA_7:
88 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_10:
89 case OP_PCL_SSL30_DES_CBC_SHA:
90 case OP_PCL_SSL30_3DES_EDE_CBC_SHA:
91 case OP_PCL_SSL30_DES_CBC_MD5:
92 case OP_PCL_SSL30_3DES_EDE_CBC_MD5:
93 case OP_PCL_SSL30_DES40_CBC_SHA_7:
94 case OP_PCL_SSL30_DES40_CBC_MD5:
95 case OP_PCL_SSL30_AES_128_CBC_SHA:
96 case OP_PCL_SSL30_AES_128_CBC_SHA_2:
97 case OP_PCL_SSL30_AES_128_CBC_SHA_3:
98 case OP_PCL_SSL30_AES_128_CBC_SHA_4:
99 case OP_PCL_SSL30_AES_128_CBC_SHA_5:
100 case OP_PCL_SSL30_AES_128_CBC_SHA_6:
101 case OP_PCL_SSL30_AES_256_CBC_SHA:
102 case OP_PCL_SSL30_AES_256_CBC_SHA_2:
103 case OP_PCL_SSL30_AES_256_CBC_SHA_3:
104 case OP_PCL_SSL30_AES_256_CBC_SHA_4:
105 case OP_PCL_SSL30_AES_256_CBC_SHA_5:
106 case OP_PCL_SSL30_AES_256_CBC_SHA_6:
107 case OP_PCL_TLS12_AES_128_CBC_SHA256_2:
108 case OP_PCL_TLS12_AES_128_CBC_SHA256_3:
109 case OP_PCL_TLS12_AES_128_CBC_SHA256_4:
110 case OP_PCL_TLS12_AES_128_CBC_SHA256_5:
111 case OP_PCL_TLS12_AES_256_CBC_SHA256_2:
112 case OP_PCL_TLS12_AES_256_CBC_SHA256_3:
113 case OP_PCL_TLS12_AES_256_CBC_SHA256_4:
114 case OP_PCL_TLS12_AES_256_CBC_SHA256_5:
115 case OP_PCL_TLS12_AES_128_CBC_SHA256_6:
116 case OP_PCL_TLS12_AES_256_CBC_SHA256_6:
117 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_2:
118 case OP_PCL_SSL30_AES_128_CBC_SHA_7:
119 case OP_PCL_SSL30_AES_256_CBC_SHA_7:
120 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_3:
121 case OP_PCL_SSL30_AES_128_CBC_SHA_8:
122 case OP_PCL_SSL30_AES_256_CBC_SHA_8:
123 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_4:
124 case OP_PCL_SSL30_AES_128_CBC_SHA_9:
125 case OP_PCL_SSL30_AES_256_CBC_SHA_9:
126 case OP_PCL_SSL30_AES_128_GCM_SHA256_1:
127 case OP_PCL_SSL30_AES_256_GCM_SHA384_1:
128 case OP_PCL_SSL30_AES_128_GCM_SHA256_2:
129 case OP_PCL_SSL30_AES_256_GCM_SHA384_2:
130 case OP_PCL_SSL30_AES_128_GCM_SHA256_3:
131 case OP_PCL_SSL30_AES_256_GCM_SHA384_3:
132 case OP_PCL_SSL30_AES_128_GCM_SHA256_4:
133 case OP_PCL_SSL30_AES_256_GCM_SHA384_4:
134 case OP_PCL_SSL30_AES_128_GCM_SHA256_5:
135 case OP_PCL_SSL30_AES_256_GCM_SHA384_5:
136 case OP_PCL_SSL30_AES_128_GCM_SHA256_6:
137 case OP_PCL_TLS_DH_ANON_AES_256_GCM_SHA384:
138 case OP_PCL_TLS_PSK_AES_128_GCM_SHA256:
139 case OP_PCL_TLS_PSK_AES_256_GCM_SHA384:
140 case OP_PCL_TLS_DHE_PSK_AES_128_GCM_SHA256:
141 case OP_PCL_TLS_DHE_PSK_AES_256_GCM_SHA384:
142 case OP_PCL_TLS_RSA_PSK_AES_128_GCM_SHA256:
143 case OP_PCL_TLS_RSA_PSK_AES_256_GCM_SHA384:
144 case OP_PCL_TLS_PSK_AES_128_CBC_SHA256:
145 case OP_PCL_TLS_PSK_AES_256_CBC_SHA384:
146 case OP_PCL_TLS_DHE_PSK_AES_128_CBC_SHA256:
147 case OP_PCL_TLS_DHE_PSK_AES_256_CBC_SHA384:
148 case OP_PCL_TLS_RSA_PSK_AES_128_CBC_SHA256:
149 case OP_PCL_TLS_RSA_PSK_AES_256_CBC_SHA384:
150 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_11:
151 case OP_PCL_SSL30_AES_128_CBC_SHA_10:
152 case OP_PCL_SSL30_AES_256_CBC_SHA_10:
153 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_12:
154 case OP_PCL_SSL30_AES_128_CBC_SHA_11:
155 case OP_PCL_SSL30_AES_256_CBC_SHA_11:
156 case OP_PCL_SSL30_AES_128_CBC_SHA_12:
157 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_13:
158 case OP_PCL_SSL30_AES_256_CBC_SHA_12:
159 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_14:
160 case OP_PCL_SSL30_AES_128_CBC_SHA_13:
161 case OP_PCL_SSL30_AES_256_CBC_SHA_13:
162 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_15:
163 case OP_PCL_SSL30_AES_128_CBC_SHA_14:
164 case OP_PCL_SSL30_AES_256_CBC_SHA_14:
165 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_16:
166 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_17:
167 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_18:
168 case OP_PCL_SSL30_AES_128_CBC_SHA_15:
169 case OP_PCL_SSL30_AES_128_CBC_SHA_16:
170 case OP_PCL_SSL30_AES_128_CBC_SHA_17:
171 case OP_PCL_SSL30_AES_256_CBC_SHA_15:
172 case OP_PCL_SSL30_AES_256_CBC_SHA_16:
173 case OP_PCL_SSL30_AES_256_CBC_SHA_17:
174 case OP_PCL_TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:
175 case OP_PCL_TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:
176 case OP_PCL_TLS_ECDH_ECDSA_AES_128_CBC_SHA256:
177 case OP_PCL_TLS_ECDH_ECDSA_AES_256_CBC_SHA384:
178 case OP_PCL_TLS_ECDHE_RSA_AES_128_CBC_SHA256:
179 case OP_PCL_TLS_ECDHE_RSA_AES_256_CBC_SHA384:
180 case OP_PCL_TLS_ECDH_RSA_AES_128_CBC_SHA256:
181 case OP_PCL_TLS_ECDH_RSA_AES_256_CBC_SHA384:
182 case OP_PCL_TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:
183 case OP_PCL_TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:
184 case OP_PCL_TLS_ECDH_ECDSA_AES_128_GCM_SHA256:
185 case OP_PCL_TLS_ECDH_ECDSA_AES_256_GCM_SHA384:
186 case OP_PCL_TLS_ECDHE_RSA_AES_128_GCM_SHA256:
187 case OP_PCL_TLS_ECDHE_RSA_AES_256_GCM_SHA384:
188 case OP_PCL_TLS_ECDH_RSA_AES_128_GCM_SHA256:
189 case OP_PCL_TLS_ECDH_RSA_AES_256_GCM_SHA384:
190 case OP_PCL_TLS_ECDHE_PSK_3DES_EDE_CBC_SHA:
191 case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA:
192 case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA:
193 case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA256:
194 case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA384:
195 case OP_PCL_TLS12_3DES_EDE_CBC_MD5:
196 case OP_PCL_TLS12_3DES_EDE_CBC_SHA160:
197 case OP_PCL_TLS12_3DES_EDE_CBC_SHA224:
198 case OP_PCL_TLS12_3DES_EDE_CBC_SHA256:
199 case OP_PCL_TLS12_3DES_EDE_CBC_SHA384:
200 case OP_PCL_TLS12_3DES_EDE_CBC_SHA512:
201 case OP_PCL_TLS12_AES_128_CBC_SHA160:
202 case OP_PCL_TLS12_AES_128_CBC_SHA224:
203 case OP_PCL_TLS12_AES_128_CBC_SHA256:
204 case OP_PCL_TLS12_AES_128_CBC_SHA384:
205 case OP_PCL_TLS12_AES_128_CBC_SHA512:
206 case OP_PCL_TLS12_AES_192_CBC_SHA160:
207 case OP_PCL_TLS12_AES_192_CBC_SHA224:
208 case OP_PCL_TLS12_AES_192_CBC_SHA256:
209 case OP_PCL_TLS12_AES_192_CBC_SHA512:
210 case OP_PCL_TLS12_AES_256_CBC_SHA160:
211 case OP_PCL_TLS12_AES_256_CBC_SHA224:
212 case OP_PCL_TLS12_AES_256_CBC_SHA256:
213 case OP_PCL_TLS12_AES_256_CBC_SHA384:
214 case OP_PCL_TLS12_AES_256_CBC_SHA512:
215 case OP_PCL_TLS_PVT_AES_192_CBC_SHA160:
216 case OP_PCL_TLS_PVT_AES_192_CBC_SHA384:
217 case OP_PCL_TLS_PVT_AES_192_CBC_SHA224:
218 case OP_PCL_TLS_PVT_AES_192_CBC_SHA512:
219 case OP_PCL_TLS_PVT_AES_192_CBC_SHA256:
220 case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FE:
221 case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FF:
222 return 0;
223 }
224
225 return -EINVAL;
226 }
227
228 static inline int
229 __rta_ike_proto(uint16_t protoinfo)
230 {
231 switch (protoinfo) {
232 case OP_PCL_IKE_HMAC_MD5:
233 case OP_PCL_IKE_HMAC_SHA1:
234 case OP_PCL_IKE_HMAC_AES128_CBC:
235 case OP_PCL_IKE_HMAC_SHA256:
236 case OP_PCL_IKE_HMAC_SHA384:
237 case OP_PCL_IKE_HMAC_SHA512:
238 case OP_PCL_IKE_HMAC_AES128_CMAC:
239 return 0;
240 }
241
242 return -EINVAL;
243 }
244
245 static inline int
246 __rta_ipsec_proto(uint16_t protoinfo)
247 {
248 uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK;
249 uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK;
250
251 switch (proto_cls1) {
252 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
253 if (rta_sec_era < RTA_SEC_ERA_2)
254 return -EINVAL;
255 /* no break */
256 case OP_PCL_IPSEC_AES_CCM8:
257 case OP_PCL_IPSEC_AES_CCM12:
258 case OP_PCL_IPSEC_AES_CCM16:
259 case OP_PCL_IPSEC_AES_GCM8:
260 case OP_PCL_IPSEC_AES_GCM12:
261 case OP_PCL_IPSEC_AES_GCM16:
262 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
263 if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL)
264 return 0;
265 return -EINVAL;
266 case OP_PCL_IPSEC_NULL:
267 if (rta_sec_era < RTA_SEC_ERA_2)
268 return -EINVAL;
269 /* no break */
270 case OP_PCL_IPSEC_DES_IV64:
271 case OP_PCL_IPSEC_DES:
272 case OP_PCL_IPSEC_3DES:
273 case OP_PCL_IPSEC_AES_CBC:
274 case OP_PCL_IPSEC_AES_CTR:
275 break;
276 default:
277 return -EINVAL;
278 }
279
280 switch (proto_cls2) {
281 case OP_PCL_IPSEC_HMAC_NULL:
282 case OP_PCL_IPSEC_HMAC_MD5_96:
283 case OP_PCL_IPSEC_HMAC_SHA1_96:
284 case OP_PCL_IPSEC_AES_XCBC_MAC_96:
285 case OP_PCL_IPSEC_HMAC_MD5_128:
286 case OP_PCL_IPSEC_HMAC_SHA1_160:
287 case OP_PCL_IPSEC_AES_CMAC_96:
288 case OP_PCL_IPSEC_HMAC_SHA2_256_128:
289 case OP_PCL_IPSEC_HMAC_SHA2_384_192:
290 case OP_PCL_IPSEC_HMAC_SHA2_512_256:
291 return 0;
292 }
293
294 return -EINVAL;
295 }
296
297 static inline int
298 __rta_srtp_proto(uint16_t protoinfo)
299 {
300 uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK;
301 uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK;
302
303 switch (proto_cls1) {
304 case OP_PCL_SRTP_AES_CTR:
305 switch (proto_cls2) {
306 case OP_PCL_SRTP_HMAC_SHA1_160:
307 return 0;
308 }
309 /* no break */
310 }
311
312 return -EINVAL;
313 }
314
315 static inline int
316 __rta_macsec_proto(uint16_t protoinfo)
317 {
318 switch (protoinfo) {
319 case OP_PCL_MACSEC:
320 return 0;
321 }
322
323 return -EINVAL;
324 }
325
326 static inline int
327 __rta_wifi_proto(uint16_t protoinfo)
328 {
329 switch (protoinfo) {
330 case OP_PCL_WIFI:
331 return 0;
332 }
333
334 return -EINVAL;
335 }
336
337 static inline int
338 __rta_wimax_proto(uint16_t protoinfo)
339 {
340 switch (protoinfo) {
341 case OP_PCL_WIMAX_OFDM:
342 case OP_PCL_WIMAX_OFDMA:
343 return 0;
344 }
345
346 return -EINVAL;
347 }
348
349 /* Allowed blob proto flags for each SEC Era */
350 static const uint32_t proto_blob_flags[] = {
351 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK,
352 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
353 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
354 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
355 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
356 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
357 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
358 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
359 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
360 };
361
362 static inline int
363 __rta_blob_proto(uint16_t protoinfo)
364 {
365 if (protoinfo & ~proto_blob_flags[rta_sec_era])
366 return -EINVAL;
367
368 switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) {
369 case OP_PCL_BLOB_FORMAT_NORMAL:
370 case OP_PCL_BLOB_FORMAT_MASTER_VER:
371 case OP_PCL_BLOB_FORMAT_TEST:
372 break;
373 default:
374 return -EINVAL;
375 }
376
377 switch (protoinfo & OP_PCL_BLOB_REG_MASK) {
378 case OP_PCL_BLOB_AFHA_SBOX:
379 if (rta_sec_era < RTA_SEC_ERA_3)
380 return -EINVAL;
381 /* no break */
382 case OP_PCL_BLOB_REG_MEMORY:
383 case OP_PCL_BLOB_REG_KEY1:
384 case OP_PCL_BLOB_REG_KEY2:
385 case OP_PCL_BLOB_REG_SPLIT:
386 case OP_PCL_BLOB_REG_PKE:
387 return 0;
388 }
389
390 return -EINVAL;
391 }
392
393 static inline int
394 __rta_dlc_proto(uint16_t protoinfo)
395 {
396 if ((rta_sec_era < RTA_SEC_ERA_2) &&
397 (protoinfo & (OP_PCL_PKPROT_DSA_MSG | OP_PCL_PKPROT_HASH_MASK |
398 OP_PCL_PKPROT_EKT_Z | OP_PCL_PKPROT_DECRYPT_Z |
399 OP_PCL_PKPROT_DECRYPT_PRI)))
400 return -EINVAL;
401
402 switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) {
403 case OP_PCL_PKPROT_HASH_MD5:
404 case OP_PCL_PKPROT_HASH_SHA1:
405 case OP_PCL_PKPROT_HASH_SHA224:
406 case OP_PCL_PKPROT_HASH_SHA256:
407 case OP_PCL_PKPROT_HASH_SHA384:
408 case OP_PCL_PKPROT_HASH_SHA512:
409 break;
410 default:
411 return -EINVAL;
412 }
413
414 return 0;
415 }
416
417 static inline int
418 __rta_rsa_enc_proto(uint16_t protoinfo)
419 {
420 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
421 case OP_PCL_RSAPROT_OP_ENC_F_IN:
422 if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) !=
423 OP_PCL_RSAPROT_FFF_RED)
424 return -EINVAL;
425 break;
426 case OP_PCL_RSAPROT_OP_ENC_F_OUT:
427 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
428 case OP_PCL_RSAPROT_FFF_RED:
429 case OP_PCL_RSAPROT_FFF_ENC:
430 case OP_PCL_RSAPROT_FFF_EKT:
431 case OP_PCL_RSAPROT_FFF_TK_ENC:
432 case OP_PCL_RSAPROT_FFF_TK_EKT:
433 break;
434 default:
435 return -EINVAL;
436 }
437 break;
438 default:
439 return -EINVAL;
440 }
441
442 return 0;
443 }
444
445 static inline int
446 __rta_rsa_dec_proto(uint16_t protoinfo)
447 {
448 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
449 case OP_PCL_RSAPROT_OP_DEC_ND:
450 case OP_PCL_RSAPROT_OP_DEC_PQD:
451 case OP_PCL_RSAPROT_OP_DEC_PQDPDQC:
452 break;
453 default:
454 return -EINVAL;
455 }
456
457 switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) {
458 case OP_PCL_RSAPROT_PPP_RED:
459 case OP_PCL_RSAPROT_PPP_ENC:
460 case OP_PCL_RSAPROT_PPP_EKT:
461 case OP_PCL_RSAPROT_PPP_TK_ENC:
462 case OP_PCL_RSAPROT_PPP_TK_EKT:
463 break;
464 default:
465 return -EINVAL;
466 }
467
468 if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15)
469 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
470 case OP_PCL_RSAPROT_FFF_RED:
471 case OP_PCL_RSAPROT_FFF_ENC:
472 case OP_PCL_RSAPROT_FFF_EKT:
473 case OP_PCL_RSAPROT_FFF_TK_ENC:
474 case OP_PCL_RSAPROT_FFF_TK_EKT:
475 break;
476 default:
477 return -EINVAL;
478 }
479
480 return 0;
481 }
482
483 /*
484 * DKP Protocol - Restrictions on key (SRC,DST) combinations
485 * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
486 */
487 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0},
488 {1, 1, 1, 1},
489 {1, 0, 1, 0},
490 {1, 0, 0, 1} };
491
492 static inline int
493 __rta_dkp_proto(uint16_t protoinfo)
494 {
495 int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT;
496 int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT;
497
498 if (!key_in_out[key_src][key_dst]) {
499 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
500 return -EINVAL;
501 }
502
503 return 0;
504 }
505
506
507 static inline int
508 __rta_3g_dcrc_proto(uint16_t protoinfo)
509 {
510 if (rta_sec_era == RTA_SEC_ERA_7)
511 return -EINVAL;
512
513 switch (protoinfo) {
514 case OP_PCL_3G_DCRC_CRC7:
515 case OP_PCL_3G_DCRC_CRC11:
516 return 0;
517 }
518
519 return -EINVAL;
520 }
521
522 static inline int
523 __rta_3g_rlc_proto(uint16_t protoinfo)
524 {
525 if (rta_sec_era == RTA_SEC_ERA_7)
526 return -EINVAL;
527
528 switch (protoinfo) {
529 case OP_PCL_3G_RLC_NULL:
530 case OP_PCL_3G_RLC_KASUMI:
531 case OP_PCL_3G_RLC_SNOW:
532 return 0;
533 }
534
535 return -EINVAL;
536 }
537
538 static inline int
539 __rta_lte_pdcp_proto(uint16_t protoinfo)
540 {
541 if (rta_sec_era == RTA_SEC_ERA_7)
542 return -EINVAL;
543
544 switch (protoinfo) {
545 case OP_PCL_LTE_ZUC:
546 if (rta_sec_era < RTA_SEC_ERA_5)
547 break;
548 case OP_PCL_LTE_NULL:
549 case OP_PCL_LTE_SNOW:
550 case OP_PCL_LTE_AES:
551 return 0;
552 }
553
554 return -EINVAL;
555 }
556
557 static inline int
558 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo)
559 {
560 switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) {
561 case OP_PCL_LTE_MIXED_AUTH_NULL:
562 case OP_PCL_LTE_MIXED_AUTH_SNOW:
563 case OP_PCL_LTE_MIXED_AUTH_AES:
564 case OP_PCL_LTE_MIXED_AUTH_ZUC:
565 break;
566 default:
567 return -EINVAL;
568 }
569
570 switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) {
571 case OP_PCL_LTE_MIXED_ENC_NULL:
572 case OP_PCL_LTE_MIXED_ENC_SNOW:
573 case OP_PCL_LTE_MIXED_ENC_AES:
574 case OP_PCL_LTE_MIXED_ENC_ZUC:
575 return 0;
576 }
577
578 return -EINVAL;
579 }
580
581 struct proto_map {
582 uint32_t optype;
583 uint32_t protid;
584 int (*protoinfo_func)(uint16_t);
585 };
586
587 static const struct proto_map proto_table[] = {
588 /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto},
589 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto},
590 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto},
591 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto},
592 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS10_PRF, __rta_ssl_proto},
593 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto},
594 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto},
595 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
596 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
597 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto},
598 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto},
599 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto},
600 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto},
601 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto},
602 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto},
603 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto},
604 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS10, __rta_ssl_proto},
605 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto},
606 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto},
607 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto},
608 /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto},
609 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto},
610 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto},
611 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto},
612 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto},
613 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto},
614 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto},
615 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto},
616 /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto},
617 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto},
618 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto},
619 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto},
620 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto},
621 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto},
622 /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto},
623 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
624 /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
625 /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED,
626 __rta_lte_pdcp_mixed_proto},
627 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto},
628 };
629
630 /*
631 * Allowed OPERATION protocols for each SEC Era.
632 * Values represent the number of entries from proto_table[] that are supported.
633 */
634 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37, 39};
635
636 static inline int
637 rta_proto_operation(struct program *program, uint32_t optype,
638 uint32_t protid, uint16_t protoinfo)
639 {
640 uint32_t opcode = CMD_OPERATION;
641 unsigned int i, found = 0;
642 uint32_t optype_tmp = optype;
643 unsigned int start_pc = program->current_pc;
644 int ret = -EINVAL;
645
646 for (i = 0; i < proto_table_sz[rta_sec_era]; i++) {
647 /* clear last bit in optype to match also decap proto */
648 optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT);
649 if (optype_tmp == proto_table[i].optype) {
650 if (proto_table[i].protid == protid) {
651 /* nothing else to verify */
652 if (proto_table[i].protoinfo_func == NULL) {
653 found = 1;
654 break;
655 }
656 /* check protoinfo */
657 ret = (*proto_table[i].protoinfo_func)
658 (protoinfo);
659 if (ret < 0) {
660 pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
661 program->current_pc);
662 goto err;
663 }
664 found = 1;
665 break;
666 }
667 }
668 }
669 if (!found) {
670 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
671 program->current_pc);
672 goto err;
673 }
674
675 __rta_out32(program, opcode | optype | protid | protoinfo);
676 program->current_instruction++;
677 return (int)start_pc;
678
679 err:
680 program->first_error_pc = start_pc;
681 program->current_instruction++;
682 return ret;
683 }
684
685 static inline int
686 rta_dkp_proto(struct program *program, uint32_t protid,
687 uint16_t key_src, uint16_t key_dst,
688 uint16_t keylen, uint64_t key,
689 enum rta_data_type key_type)
690 {
691 unsigned int start_pc = program->current_pc;
692 unsigned int in_words = 0, out_words = 0;
693 int ret;
694
695 key_src &= OP_PCL_DKP_SRC_MASK;
696 key_dst &= OP_PCL_DKP_DST_MASK;
697 keylen &= OP_PCL_DKP_KEY_MASK;
698
699 ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid,
700 key_src | key_dst | keylen);
701 if (ret < 0)
702 return ret;
703
704 if ((key_src == OP_PCL_DKP_SRC_PTR) ||
705 (key_src == OP_PCL_DKP_SRC_SGF)) {
706 __rta_out64(program, program->ps, key);
707 in_words = program->ps ? 2 : 1;
708 } else if (key_src == OP_PCL_DKP_SRC_IMM) {
709 __rta_inline_data(program, key, inline_flags(key_type), keylen);
710 in_words = (unsigned int)((keylen + 3) / 4);
711 }
712
713 if ((key_dst == OP_PCL_DKP_DST_PTR) ||
714 (key_dst == OP_PCL_DKP_DST_SGF)) {
715 out_words = in_words;
716 } else if (key_dst == OP_PCL_DKP_DST_IMM) {
717 out_words = split_key_len(protid) / 4;
718 }
719
720 if (out_words < in_words) {
721 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
722 program->first_error_pc = start_pc;
723 return -EINVAL;
724 }
725
726 /* If needed, reserve space in resulting descriptor for derived key */
727 program->current_pc += (out_words - in_words);
728
729 return (int)start_pc;
730 }
731
732 #endif /* __RTA_PROTOCOL_CMD_H__ */
Ceph