1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
8 #ifndef __RTA_PROTOCOL_CMD_H__
9 #define __RTA_PROTOCOL_CMD_H__
11 extern enum rta_sec_era rta_sec_era
;
14 __rta_ssl_proto(uint16_t protoinfo
)
17 case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5
:
18 case OP_PCL_TLS_RSA_WITH_RC4_128_MD5
:
19 case OP_PCL_TLS_RSA_WITH_RC4_128_SHA
:
20 case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
:
21 case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5
:
22 case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA
:
23 case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5
:
24 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA
:
25 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5
:
26 case OP_PCL_TLS_PSK_WITH_RC4_128_SHA
:
27 case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA
:
28 case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA
:
29 case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
:
30 case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
:
31 case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA
:
32 case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA
:
33 case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA
:
34 case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA
:
35 if (rta_sec_era
== RTA_SEC_ERA_7
)
37 /* fall through if not Era 7 */
38 case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
:
39 case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA
:
40 case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA
:
41 case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
:
42 case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA
:
43 case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
:
44 case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
:
45 case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA
:
46 case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
:
47 case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
:
48 case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA
:
49 case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
:
50 case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
:
51 case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA
:
52 case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:
53 case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
:
54 case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA
:
55 case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
:
56 case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA
:
57 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA
:
58 case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5
:
59 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5
:
60 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
:
61 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
:
62 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA
:
63 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA
:
64 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA
:
65 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA
:
66 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:
67 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA
:
68 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA
:
69 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA
:
70 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA
:
71 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA
:
72 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
:
73 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA
:
74 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256
:
75 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256
:
76 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
:
77 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
:
78 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256
:
79 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256
:
80 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
:
81 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
:
82 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256
:
83 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256
:
84 case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA
:
85 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA
:
86 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA
:
87 case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
:
88 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
:
89 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
:
90 case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
:
91 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
:
92 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
:
93 case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256
:
94 case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384
:
95 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
:
96 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
:
97 case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256
:
98 case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384
:
99 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
:
100 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
:
101 case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256
:
102 case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384
:
103 case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256
:
104 case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384
:
105 case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256
:
106 case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384
:
107 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
:
108 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
:
109 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
:
110 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
:
111 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256
:
112 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384
:
113 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
:
114 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
:
115 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
:
116 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
:
117 case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
:
118 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
:
119 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
:
120 case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
:
121 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
:
122 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
:
123 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
:
124 case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
:
125 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
:
126 case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
:
127 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
:
128 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
:
129 case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
:
130 case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA
:
131 case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA
:
132 case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
:
133 case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
:
134 case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
:
135 case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA
:
136 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
:
137 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
:
138 case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA
:
139 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
:
140 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
:
141 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
:
142 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
:
143 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
:
144 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
145 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
:
146 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
:
147 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
:
148 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
:
149 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
:
150 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
:
151 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
:
152 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
:
153 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
154 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
:
155 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
:
156 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
:
157 case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
:
158 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
:
159 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
:
160 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
:
161 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
:
162 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256
:
163 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256
:
164 case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5
:
165 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160
:
166 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224
:
167 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256
:
168 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384
:
169 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512
:
170 case OP_PCL_PVT_TLS_AES_128_CBC_SHA160
:
171 case OP_PCL_PVT_TLS_AES_128_CBC_SHA224
:
172 case OP_PCL_PVT_TLS_AES_128_CBC_SHA256
:
173 case OP_PCL_PVT_TLS_AES_128_CBC_SHA384
:
174 case OP_PCL_PVT_TLS_AES_128_CBC_SHA512
:
175 case OP_PCL_PVT_TLS_AES_192_CBC_SHA160
:
176 case OP_PCL_PVT_TLS_AES_192_CBC_SHA224
:
177 case OP_PCL_PVT_TLS_AES_192_CBC_SHA256
:
178 case OP_PCL_PVT_TLS_AES_192_CBC_SHA512
:
179 case OP_PCL_PVT_TLS_AES_256_CBC_SHA160
:
180 case OP_PCL_PVT_TLS_AES_256_CBC_SHA224
:
181 case OP_PCL_PVT_TLS_AES_256_CBC_SHA384
:
182 case OP_PCL_PVT_TLS_AES_256_CBC_SHA512
:
183 case OP_PCL_PVT_TLS_AES_256_CBC_SHA256
:
184 case OP_PCL_PVT_TLS_AES_192_CBC_SHA384
:
185 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE
:
186 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF
:
194 __rta_ike_proto(uint16_t protoinfo
)
197 case OP_PCL_IKE_HMAC_MD5
:
198 case OP_PCL_IKE_HMAC_SHA1
:
199 case OP_PCL_IKE_HMAC_AES128_CBC
:
200 case OP_PCL_IKE_HMAC_SHA256
:
201 case OP_PCL_IKE_HMAC_SHA384
:
202 case OP_PCL_IKE_HMAC_SHA512
:
203 case OP_PCL_IKE_HMAC_AES128_CMAC
:
211 __rta_ipsec_proto(uint16_t protoinfo
)
213 uint16_t proto_cls1
= protoinfo
& OP_PCL_IPSEC_CIPHER_MASK
;
214 uint16_t proto_cls2
= protoinfo
& OP_PCL_IPSEC_AUTH_MASK
;
216 switch (proto_cls1
) {
217 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC
:
218 if (rta_sec_era
< RTA_SEC_ERA_2
)
221 case OP_PCL_IPSEC_AES_CCM8
:
222 case OP_PCL_IPSEC_AES_CCM12
:
223 case OP_PCL_IPSEC_AES_CCM16
:
224 case OP_PCL_IPSEC_AES_GCM8
:
225 case OP_PCL_IPSEC_AES_GCM12
:
226 case OP_PCL_IPSEC_AES_GCM16
:
227 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
228 if (proto_cls2
== OP_PCL_IPSEC_HMAC_NULL
)
231 case OP_PCL_IPSEC_NULL
:
232 if (rta_sec_era
< RTA_SEC_ERA_2
)
235 case OP_PCL_IPSEC_DES_IV64
:
236 case OP_PCL_IPSEC_DES
:
237 case OP_PCL_IPSEC_3DES
:
238 case OP_PCL_IPSEC_AES_CBC
:
239 case OP_PCL_IPSEC_AES_CTR
:
245 switch (proto_cls2
) {
246 case OP_PCL_IPSEC_HMAC_NULL
:
247 case OP_PCL_IPSEC_HMAC_MD5_96
:
248 case OP_PCL_IPSEC_HMAC_SHA1_96
:
249 case OP_PCL_IPSEC_AES_XCBC_MAC_96
:
250 case OP_PCL_IPSEC_HMAC_MD5_128
:
251 case OP_PCL_IPSEC_HMAC_SHA1_160
:
252 case OP_PCL_IPSEC_AES_CMAC_96
:
253 case OP_PCL_IPSEC_HMAC_SHA2_256_128
:
254 case OP_PCL_IPSEC_HMAC_SHA2_384_192
:
255 case OP_PCL_IPSEC_HMAC_SHA2_512_256
:
263 __rta_srtp_proto(uint16_t protoinfo
)
265 uint16_t proto_cls1
= protoinfo
& OP_PCL_SRTP_CIPHER_MASK
;
266 uint16_t proto_cls2
= protoinfo
& OP_PCL_SRTP_AUTH_MASK
;
268 switch (proto_cls1
) {
269 case OP_PCL_SRTP_AES_CTR
:
270 switch (proto_cls2
) {
271 case OP_PCL_SRTP_HMAC_SHA1_160
:
281 __rta_macsec_proto(uint16_t protoinfo
)
292 __rta_wifi_proto(uint16_t protoinfo
)
303 __rta_wimax_proto(uint16_t protoinfo
)
306 case OP_PCL_WIMAX_OFDM
:
307 case OP_PCL_WIMAX_OFDMA
:
314 /* Allowed blob proto flags for each SEC Era */
315 static const uint32_t proto_blob_flags
[] = {
316 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
,
317 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
318 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
,
319 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
320 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
,
321 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
322 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
| OP_PCL_BLOB_SEC_MEM
,
323 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
324 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
| OP_PCL_BLOB_SEC_MEM
,
325 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
326 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
| OP_PCL_BLOB_SEC_MEM
,
327 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
328 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
| OP_PCL_BLOB_SEC_MEM
,
329 OP_PCL_BLOB_FORMAT_MASK
| OP_PCL_BLOB_BLACK
| OP_PCL_BLOB_TKEK
|
330 OP_PCL_BLOB_EKT
| OP_PCL_BLOB_REG_MASK
| OP_PCL_BLOB_SEC_MEM
334 __rta_blob_proto(uint16_t protoinfo
)
336 if (protoinfo
& ~proto_blob_flags
[rta_sec_era
])
339 switch (protoinfo
& OP_PCL_BLOB_FORMAT_MASK
) {
340 case OP_PCL_BLOB_FORMAT_NORMAL
:
341 case OP_PCL_BLOB_FORMAT_MASTER_VER
:
342 case OP_PCL_BLOB_FORMAT_TEST
:
348 switch (protoinfo
& OP_PCL_BLOB_REG_MASK
) {
349 case OP_PCL_BLOB_AFHA_SBOX
:
350 if (rta_sec_era
< RTA_SEC_ERA_3
)
353 case OP_PCL_BLOB_REG_MEMORY
:
354 case OP_PCL_BLOB_REG_KEY1
:
355 case OP_PCL_BLOB_REG_KEY2
:
356 case OP_PCL_BLOB_REG_SPLIT
:
357 case OP_PCL_BLOB_REG_PKE
:
365 __rta_dlc_proto(uint16_t protoinfo
)
367 if ((rta_sec_era
< RTA_SEC_ERA_2
) &&
368 (protoinfo
& (OP_PCL_PKPROT_DSA_MSG
| OP_PCL_PKPROT_HASH_MASK
|
369 OP_PCL_PKPROT_EKT_Z
| OP_PCL_PKPROT_DECRYPT_Z
|
370 OP_PCL_PKPROT_DECRYPT_PRI
)))
373 switch (protoinfo
& OP_PCL_PKPROT_HASH_MASK
) {
374 case OP_PCL_PKPROT_HASH_MD5
:
375 case OP_PCL_PKPROT_HASH_SHA1
:
376 case OP_PCL_PKPROT_HASH_SHA224
:
377 case OP_PCL_PKPROT_HASH_SHA256
:
378 case OP_PCL_PKPROT_HASH_SHA384
:
379 case OP_PCL_PKPROT_HASH_SHA512
:
389 __rta_rsa_enc_proto(uint16_t protoinfo
)
391 switch (protoinfo
& OP_PCL_RSAPROT_OP_MASK
) {
392 case OP_PCL_RSAPROT_OP_ENC_F_IN
:
393 if ((protoinfo
& OP_PCL_RSAPROT_FFF_MASK
) !=
394 OP_PCL_RSAPROT_FFF_RED
)
397 case OP_PCL_RSAPROT_OP_ENC_F_OUT
:
398 switch (protoinfo
& OP_PCL_RSAPROT_FFF_MASK
) {
399 case OP_PCL_RSAPROT_FFF_RED
:
400 case OP_PCL_RSAPROT_FFF_ENC
:
401 case OP_PCL_RSAPROT_FFF_EKT
:
402 case OP_PCL_RSAPROT_FFF_TK_ENC
:
403 case OP_PCL_RSAPROT_FFF_TK_EKT
:
417 __rta_rsa_dec_proto(uint16_t protoinfo
)
419 switch (protoinfo
& OP_PCL_RSAPROT_OP_MASK
) {
420 case OP_PCL_RSAPROT_OP_DEC_ND
:
421 case OP_PCL_RSAPROT_OP_DEC_PQD
:
422 case OP_PCL_RSAPROT_OP_DEC_PQDPDQC
:
428 switch (protoinfo
& OP_PCL_RSAPROT_PPP_MASK
) {
429 case OP_PCL_RSAPROT_PPP_RED
:
430 case OP_PCL_RSAPROT_PPP_ENC
:
431 case OP_PCL_RSAPROT_PPP_EKT
:
432 case OP_PCL_RSAPROT_PPP_TK_ENC
:
433 case OP_PCL_RSAPROT_PPP_TK_EKT
:
439 if (protoinfo
& OP_PCL_RSAPROT_FMT_PKCSV15
)
440 switch (protoinfo
& OP_PCL_RSAPROT_FFF_MASK
) {
441 case OP_PCL_RSAPROT_FFF_RED
:
442 case OP_PCL_RSAPROT_FFF_ENC
:
443 case OP_PCL_RSAPROT_FFF_EKT
:
444 case OP_PCL_RSAPROT_FFF_TK_ENC
:
445 case OP_PCL_RSAPROT_FFF_TK_EKT
:
455 * DKP Protocol - Restrictions on key (SRC,DST) combinations
456 * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
458 static const uint8_t key_in_out
[4][4] = { {1, 0, 0, 0},
464 __rta_dkp_proto(uint16_t protoinfo
)
466 int key_src
= (protoinfo
& OP_PCL_DKP_SRC_MASK
) >> OP_PCL_DKP_SRC_SHIFT
;
467 int key_dst
= (protoinfo
& OP_PCL_DKP_DST_MASK
) >> OP_PCL_DKP_DST_SHIFT
;
469 if (!key_in_out
[key_src
][key_dst
]) {
470 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
479 __rta_3g_dcrc_proto(uint16_t protoinfo
)
481 if (rta_sec_era
== RTA_SEC_ERA_7
)
485 case OP_PCL_3G_DCRC_CRC7
:
486 case OP_PCL_3G_DCRC_CRC11
:
494 __rta_3g_rlc_proto(uint16_t protoinfo
)
496 if (rta_sec_era
== RTA_SEC_ERA_7
)
500 case OP_PCL_3G_RLC_NULL
:
501 case OP_PCL_3G_RLC_KASUMI
:
502 case OP_PCL_3G_RLC_SNOW
:
510 __rta_lte_pdcp_proto(uint16_t protoinfo
)
512 if (rta_sec_era
== RTA_SEC_ERA_7
)
517 if (rta_sec_era
< RTA_SEC_ERA_5
)
519 case OP_PCL_LTE_NULL
:
520 case OP_PCL_LTE_SNOW
:
529 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo
)
531 switch (protoinfo
& OP_PCL_LTE_MIXED_AUTH_MASK
) {
532 case OP_PCL_LTE_MIXED_AUTH_NULL
:
533 case OP_PCL_LTE_MIXED_AUTH_SNOW
:
534 case OP_PCL_LTE_MIXED_AUTH_AES
:
535 case OP_PCL_LTE_MIXED_AUTH_ZUC
:
541 switch (protoinfo
& OP_PCL_LTE_MIXED_ENC_MASK
) {
542 case OP_PCL_LTE_MIXED_ENC_NULL
:
543 case OP_PCL_LTE_MIXED_ENC_SNOW
:
544 case OP_PCL_LTE_MIXED_ENC_AES
:
545 case OP_PCL_LTE_MIXED_ENC_ZUC
:
555 int (*protoinfo_func
)(uint16_t);
558 static const struct proto_map proto_table
[] = {
559 /*1*/ {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_SSL30_PRF
, __rta_ssl_proto
},
560 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_TLS10_PRF
, __rta_ssl_proto
},
561 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_TLS11_PRF
, __rta_ssl_proto
},
562 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_TLS12_PRF
, __rta_ssl_proto
},
563 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DTLS_PRF
, __rta_ssl_proto
},
564 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_IKEV1_PRF
, __rta_ike_proto
},
565 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_IKEV2_PRF
, __rta_ike_proto
},
566 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_PUBLICKEYPAIR
, __rta_dlc_proto
},
567 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DSASIGN
, __rta_dlc_proto
},
568 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DSAVERIFY
, __rta_dlc_proto
},
569 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_IPSEC
, __rta_ipsec_proto
},
570 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_SRTP
, __rta_srtp_proto
},
571 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_SSL30
, __rta_ssl_proto
},
572 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_TLS10
, __rta_ssl_proto
},
573 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_TLS11
, __rta_ssl_proto
},
574 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_TLS12
, __rta_ssl_proto
},
575 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_DTLS
, __rta_ssl_proto
},
576 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_MACSEC
, __rta_macsec_proto
},
577 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_WIFI
, __rta_wifi_proto
},
578 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_WIMAX
, __rta_wimax_proto
},
579 /*21*/ {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_BLOB
, __rta_blob_proto
},
580 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DIFFIEHELLMAN
, __rta_dlc_proto
},
581 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_RSAENCRYPT
, __rta_rsa_enc_proto
},
582 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_RSADECRYPT
, __rta_rsa_dec_proto
},
583 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_3G_DCRC
, __rta_3g_dcrc_proto
},
584 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_3G_RLC_PDU
, __rta_3g_rlc_proto
},
585 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_3G_RLC_SDU
, __rta_3g_rlc_proto
},
586 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_LTE_PDCP_USER
, __rta_lte_pdcp_proto
},
587 /*29*/ {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_LTE_PDCP_CTRL
, __rta_lte_pdcp_proto
},
588 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DKP_MD5
, __rta_dkp_proto
},
589 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DKP_SHA1
, __rta_dkp_proto
},
590 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DKP_SHA224
, __rta_dkp_proto
},
591 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DKP_SHA256
, __rta_dkp_proto
},
592 {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DKP_SHA384
, __rta_dkp_proto
},
593 /*35*/ {OP_TYPE_UNI_PROTOCOL
, OP_PCLID_DKP_SHA512
, __rta_dkp_proto
},
594 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_PUBLICKEYPAIR
, __rta_dlc_proto
},
595 /*37*/ {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_DSASIGN
, __rta_dlc_proto
},
596 /*38*/ {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_LTE_PDCP_CTRL_MIXED
,
597 __rta_lte_pdcp_mixed_proto
},
598 {OP_TYPE_DECAP_PROTOCOL
, OP_PCLID_IPSEC_NEW
, __rta_ipsec_proto
},
602 * Allowed OPERATION protocols for each SEC Era.
603 * Values represent the number of entries from proto_table[] that are supported.
605 static const unsigned int proto_table_sz
[] = {21, 29, 29, 29, 29, 35, 37, 39};
608 rta_proto_operation(struct program
*program
, uint32_t optype
,
609 uint32_t protid
, uint16_t protoinfo
)
611 uint32_t opcode
= CMD_OPERATION
;
612 unsigned int i
, found
= 0;
613 uint32_t optype_tmp
= optype
;
614 unsigned int start_pc
= program
->current_pc
;
617 for (i
= 0; i
< proto_table_sz
[rta_sec_era
]; i
++) {
618 /* clear last bit in optype to match also decap proto */
619 optype_tmp
&= (uint32_t)~(1 << OP_TYPE_SHIFT
);
620 if (optype_tmp
== proto_table
[i
].optype
) {
621 if (proto_table
[i
].protid
== protid
) {
622 /* nothing else to verify */
623 if (proto_table
[i
].protoinfo_func
== NULL
) {
627 /* check protoinfo */
628 ret
= (*proto_table
[i
].protoinfo_func
)
631 pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
632 program
->current_pc
);
641 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
642 program
->current_pc
);
646 __rta_out32(program
, opcode
| optype
| protid
| protoinfo
);
647 program
->current_instruction
++;
648 return (int)start_pc
;
651 program
->first_error_pc
= start_pc
;
652 program
->current_instruction
++;
657 rta_dkp_proto(struct program
*program
, uint32_t protid
,
658 uint16_t key_src
, uint16_t key_dst
,
659 uint16_t keylen
, uint64_t key
,
660 enum rta_data_type key_type
)
662 unsigned int start_pc
= program
->current_pc
;
663 unsigned int in_words
= 0, out_words
= 0;
666 key_src
&= OP_PCL_DKP_SRC_MASK
;
667 key_dst
&= OP_PCL_DKP_DST_MASK
;
668 keylen
&= OP_PCL_DKP_KEY_MASK
;
670 ret
= rta_proto_operation(program
, OP_TYPE_UNI_PROTOCOL
, protid
,
671 key_src
| key_dst
| keylen
);
675 if ((key_src
== OP_PCL_DKP_SRC_PTR
) ||
676 (key_src
== OP_PCL_DKP_SRC_SGF
)) {
677 __rta_out64(program
, program
->ps
, key
);
678 in_words
= program
->ps
? 2 : 1;
679 } else if (key_src
== OP_PCL_DKP_SRC_IMM
) {
680 __rta_inline_data(program
, key
, inline_flags(key_type
), keylen
);
681 in_words
= (unsigned int)((keylen
+ 3) / 4);
684 if ((key_dst
== OP_PCL_DKP_DST_PTR
) ||
685 (key_dst
== OP_PCL_DKP_DST_SGF
)) {
686 out_words
= in_words
;
687 } else if (key_dst
== OP_PCL_DKP_DST_IMM
) {
688 out_words
= split_key_len(protid
) / 4;
691 if (out_words
< in_words
) {
692 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
693 program
->first_error_pc
= start_pc
;
697 /* If needed, reserve space in resulting descriptor for derived key */
698 program
->current_pc
+= (out_words
- in_words
);
700 return (int)start_pc
;
703 #endif /* __RTA_PROTOCOL_CMD_H__ */