]> git.proxmox.com Git - ceph.git/blob - ceph/src/spdk/dpdk/drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
update sources to ceph Nautilus 14.2.1
[ceph.git] / ceph / src / spdk / dpdk / drivers / crypto / dpaa2_sec / hw / rta / protocol_cmd.h
1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
2 *
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016 NXP
5 *
6 */
7
8 #ifndef __RTA_PROTOCOL_CMD_H__
9 #define __RTA_PROTOCOL_CMD_H__
10
11 extern enum rta_sec_era rta_sec_era;
12
13 static inline int
14 __rta_ssl_proto(uint16_t protoinfo)
15 {
16 switch (protoinfo) {
17 case OP_PCL_SSL30_RC4_40_MD5_2:
18 case OP_PCL_SSL30_RC4_128_MD5_2:
19 case OP_PCL_SSL30_RC4_128_SHA_5:
20 case OP_PCL_SSL30_RC4_40_MD5_3:
21 case OP_PCL_SSL30_RC4_128_MD5_3:
22 case OP_PCL_SSL30_RC4_128_SHA:
23 case OP_PCL_SSL30_RC4_128_MD5:
24 case OP_PCL_SSL30_RC4_40_SHA:
25 case OP_PCL_SSL30_RC4_40_MD5:
26 case OP_PCL_SSL30_RC4_128_SHA_2:
27 case OP_PCL_SSL30_RC4_128_SHA_3:
28 case OP_PCL_SSL30_RC4_128_SHA_4:
29 case OP_PCL_SSL30_RC4_128_SHA_6:
30 case OP_PCL_SSL30_RC4_128_SHA_7:
31 case OP_PCL_SSL30_RC4_128_SHA_8:
32 case OP_PCL_SSL30_RC4_128_SHA_9:
33 case OP_PCL_SSL30_RC4_128_SHA_10:
34 case OP_PCL_TLS_ECDHE_PSK_RC4_128_SHA:
35 if (rta_sec_era == RTA_SEC_ERA_7)
36 return -EINVAL;
37 /* fall through if not Era 7 */
38 case OP_PCL_SSL30_DES40_CBC_SHA:
39 case OP_PCL_SSL30_DES_CBC_SHA_2:
40 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_5:
41 case OP_PCL_SSL30_DES40_CBC_SHA_2:
42 case OP_PCL_SSL30_DES_CBC_SHA_3:
43 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_6:
44 case OP_PCL_SSL30_DES40_CBC_SHA_3:
45 case OP_PCL_SSL30_DES_CBC_SHA_4:
46 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_7:
47 case OP_PCL_SSL30_DES40_CBC_SHA_4:
48 case OP_PCL_SSL30_DES_CBC_SHA_5:
49 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_8:
50 case OP_PCL_SSL30_DES40_CBC_SHA_5:
51 case OP_PCL_SSL30_DES_CBC_SHA_6:
52 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_9:
53 case OP_PCL_SSL30_DES40_CBC_SHA_6:
54 case OP_PCL_SSL30_DES_CBC_SHA_7:
55 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_10:
56 case OP_PCL_SSL30_DES_CBC_SHA:
57 case OP_PCL_SSL30_3DES_EDE_CBC_SHA:
58 case OP_PCL_SSL30_DES_CBC_MD5:
59 case OP_PCL_SSL30_3DES_EDE_CBC_MD5:
60 case OP_PCL_SSL30_DES40_CBC_SHA_7:
61 case OP_PCL_SSL30_DES40_CBC_MD5:
62 case OP_PCL_SSL30_AES_128_CBC_SHA:
63 case OP_PCL_SSL30_AES_128_CBC_SHA_2:
64 case OP_PCL_SSL30_AES_128_CBC_SHA_3:
65 case OP_PCL_SSL30_AES_128_CBC_SHA_4:
66 case OP_PCL_SSL30_AES_128_CBC_SHA_5:
67 case OP_PCL_SSL30_AES_128_CBC_SHA_6:
68 case OP_PCL_SSL30_AES_256_CBC_SHA:
69 case OP_PCL_SSL30_AES_256_CBC_SHA_2:
70 case OP_PCL_SSL30_AES_256_CBC_SHA_3:
71 case OP_PCL_SSL30_AES_256_CBC_SHA_4:
72 case OP_PCL_SSL30_AES_256_CBC_SHA_5:
73 case OP_PCL_SSL30_AES_256_CBC_SHA_6:
74 case OP_PCL_TLS12_AES_128_CBC_SHA256_2:
75 case OP_PCL_TLS12_AES_128_CBC_SHA256_3:
76 case OP_PCL_TLS12_AES_128_CBC_SHA256_4:
77 case OP_PCL_TLS12_AES_128_CBC_SHA256_5:
78 case OP_PCL_TLS12_AES_256_CBC_SHA256_2:
79 case OP_PCL_TLS12_AES_256_CBC_SHA256_3:
80 case OP_PCL_TLS12_AES_256_CBC_SHA256_4:
81 case OP_PCL_TLS12_AES_256_CBC_SHA256_5:
82 case OP_PCL_TLS12_AES_128_CBC_SHA256_6:
83 case OP_PCL_TLS12_AES_256_CBC_SHA256_6:
84 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_2:
85 case OP_PCL_SSL30_AES_128_CBC_SHA_7:
86 case OP_PCL_SSL30_AES_256_CBC_SHA_7:
87 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_3:
88 case OP_PCL_SSL30_AES_128_CBC_SHA_8:
89 case OP_PCL_SSL30_AES_256_CBC_SHA_8:
90 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_4:
91 case OP_PCL_SSL30_AES_128_CBC_SHA_9:
92 case OP_PCL_SSL30_AES_256_CBC_SHA_9:
93 case OP_PCL_SSL30_AES_128_GCM_SHA256_1:
94 case OP_PCL_SSL30_AES_256_GCM_SHA384_1:
95 case OP_PCL_SSL30_AES_128_GCM_SHA256_2:
96 case OP_PCL_SSL30_AES_256_GCM_SHA384_2:
97 case OP_PCL_SSL30_AES_128_GCM_SHA256_3:
98 case OP_PCL_SSL30_AES_256_GCM_SHA384_3:
99 case OP_PCL_SSL30_AES_128_GCM_SHA256_4:
100 case OP_PCL_SSL30_AES_256_GCM_SHA384_4:
101 case OP_PCL_SSL30_AES_128_GCM_SHA256_5:
102 case OP_PCL_SSL30_AES_256_GCM_SHA384_5:
103 case OP_PCL_SSL30_AES_128_GCM_SHA256_6:
104 case OP_PCL_TLS_DH_ANON_AES_256_GCM_SHA384:
105 case OP_PCL_TLS_PSK_AES_128_GCM_SHA256:
106 case OP_PCL_TLS_PSK_AES_256_GCM_SHA384:
107 case OP_PCL_TLS_DHE_PSK_AES_128_GCM_SHA256:
108 case OP_PCL_TLS_DHE_PSK_AES_256_GCM_SHA384:
109 case OP_PCL_TLS_RSA_PSK_AES_128_GCM_SHA256:
110 case OP_PCL_TLS_RSA_PSK_AES_256_GCM_SHA384:
111 case OP_PCL_TLS_PSK_AES_128_CBC_SHA256:
112 case OP_PCL_TLS_PSK_AES_256_CBC_SHA384:
113 case OP_PCL_TLS_DHE_PSK_AES_128_CBC_SHA256:
114 case OP_PCL_TLS_DHE_PSK_AES_256_CBC_SHA384:
115 case OP_PCL_TLS_RSA_PSK_AES_128_CBC_SHA256:
116 case OP_PCL_TLS_RSA_PSK_AES_256_CBC_SHA384:
117 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_11:
118 case OP_PCL_SSL30_AES_128_CBC_SHA_10:
119 case OP_PCL_SSL30_AES_256_CBC_SHA_10:
120 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_12:
121 case OP_PCL_SSL30_AES_128_CBC_SHA_11:
122 case OP_PCL_SSL30_AES_256_CBC_SHA_11:
123 case OP_PCL_SSL30_AES_128_CBC_SHA_12:
124 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_13:
125 case OP_PCL_SSL30_AES_256_CBC_SHA_12:
126 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_14:
127 case OP_PCL_SSL30_AES_128_CBC_SHA_13:
128 case OP_PCL_SSL30_AES_256_CBC_SHA_13:
129 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_15:
130 case OP_PCL_SSL30_AES_128_CBC_SHA_14:
131 case OP_PCL_SSL30_AES_256_CBC_SHA_14:
132 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_16:
133 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_17:
134 case OP_PCL_SSL30_3DES_EDE_CBC_SHA_18:
135 case OP_PCL_SSL30_AES_128_CBC_SHA_15:
136 case OP_PCL_SSL30_AES_128_CBC_SHA_16:
137 case OP_PCL_SSL30_AES_128_CBC_SHA_17:
138 case OP_PCL_SSL30_AES_256_CBC_SHA_15:
139 case OP_PCL_SSL30_AES_256_CBC_SHA_16:
140 case OP_PCL_SSL30_AES_256_CBC_SHA_17:
141 case OP_PCL_TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:
142 case OP_PCL_TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:
143 case OP_PCL_TLS_ECDH_ECDSA_AES_128_CBC_SHA256:
144 case OP_PCL_TLS_ECDH_ECDSA_AES_256_CBC_SHA384:
145 case OP_PCL_TLS_ECDHE_RSA_AES_128_CBC_SHA256:
146 case OP_PCL_TLS_ECDHE_RSA_AES_256_CBC_SHA384:
147 case OP_PCL_TLS_ECDH_RSA_AES_128_CBC_SHA256:
148 case OP_PCL_TLS_ECDH_RSA_AES_256_CBC_SHA384:
149 case OP_PCL_TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:
150 case OP_PCL_TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:
151 case OP_PCL_TLS_ECDH_ECDSA_AES_128_GCM_SHA256:
152 case OP_PCL_TLS_ECDH_ECDSA_AES_256_GCM_SHA384:
153 case OP_PCL_TLS_ECDHE_RSA_AES_128_GCM_SHA256:
154 case OP_PCL_TLS_ECDHE_RSA_AES_256_GCM_SHA384:
155 case OP_PCL_TLS_ECDH_RSA_AES_128_GCM_SHA256:
156 case OP_PCL_TLS_ECDH_RSA_AES_256_GCM_SHA384:
157 case OP_PCL_TLS_ECDHE_PSK_3DES_EDE_CBC_SHA:
158 case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA:
159 case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA:
160 case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA256:
161 case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA384:
162 case OP_PCL_TLS12_3DES_EDE_CBC_MD5:
163 case OP_PCL_TLS12_3DES_EDE_CBC_SHA160:
164 case OP_PCL_TLS12_3DES_EDE_CBC_SHA224:
165 case OP_PCL_TLS12_3DES_EDE_CBC_SHA256:
166 case OP_PCL_TLS12_3DES_EDE_CBC_SHA384:
167 case OP_PCL_TLS12_3DES_EDE_CBC_SHA512:
168 case OP_PCL_TLS12_AES_128_CBC_SHA160:
169 case OP_PCL_TLS12_AES_128_CBC_SHA224:
170 case OP_PCL_TLS12_AES_128_CBC_SHA256:
171 case OP_PCL_TLS12_AES_128_CBC_SHA384:
172 case OP_PCL_TLS12_AES_128_CBC_SHA512:
173 case OP_PCL_TLS12_AES_192_CBC_SHA160:
174 case OP_PCL_TLS12_AES_192_CBC_SHA224:
175 case OP_PCL_TLS12_AES_192_CBC_SHA256:
176 case OP_PCL_TLS12_AES_192_CBC_SHA512:
177 case OP_PCL_TLS12_AES_256_CBC_SHA160:
178 case OP_PCL_TLS12_AES_256_CBC_SHA224:
179 case OP_PCL_TLS12_AES_256_CBC_SHA256:
180 case OP_PCL_TLS12_AES_256_CBC_SHA384:
181 case OP_PCL_TLS12_AES_256_CBC_SHA512:
182 case OP_PCL_TLS_PVT_AES_192_CBC_SHA160:
183 case OP_PCL_TLS_PVT_AES_192_CBC_SHA384:
184 case OP_PCL_TLS_PVT_AES_192_CBC_SHA224:
185 case OP_PCL_TLS_PVT_AES_192_CBC_SHA512:
186 case OP_PCL_TLS_PVT_AES_192_CBC_SHA256:
187 case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FE:
188 case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FF:
189 return 0;
190 }
191
192 return -EINVAL;
193 }
194
195 static inline int
196 __rta_ike_proto(uint16_t protoinfo)
197 {
198 switch (protoinfo) {
199 case OP_PCL_IKE_HMAC_MD5:
200 case OP_PCL_IKE_HMAC_SHA1:
201 case OP_PCL_IKE_HMAC_AES128_CBC:
202 case OP_PCL_IKE_HMAC_SHA256:
203 case OP_PCL_IKE_HMAC_SHA384:
204 case OP_PCL_IKE_HMAC_SHA512:
205 case OP_PCL_IKE_HMAC_AES128_CMAC:
206 return 0;
207 }
208
209 return -EINVAL;
210 }
211
212 static inline int
213 __rta_ipsec_proto(uint16_t protoinfo)
214 {
215 uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK;
216 uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK;
217
218 switch (proto_cls1) {
219 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
220 if (rta_sec_era < RTA_SEC_ERA_2)
221 return -EINVAL;
222 /* no break */
223 case OP_PCL_IPSEC_AES_CCM8:
224 case OP_PCL_IPSEC_AES_CCM12:
225 case OP_PCL_IPSEC_AES_CCM16:
226 case OP_PCL_IPSEC_AES_GCM8:
227 case OP_PCL_IPSEC_AES_GCM12:
228 case OP_PCL_IPSEC_AES_GCM16:
229 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
230 if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL)
231 return 0;
232 return -EINVAL;
233 case OP_PCL_IPSEC_NULL:
234 if (rta_sec_era < RTA_SEC_ERA_2)
235 return -EINVAL;
236 /* no break */
237 case OP_PCL_IPSEC_DES_IV64:
238 case OP_PCL_IPSEC_DES:
239 case OP_PCL_IPSEC_3DES:
240 case OP_PCL_IPSEC_AES_CBC:
241 case OP_PCL_IPSEC_AES_CTR:
242 break;
243 default:
244 return -EINVAL;
245 }
246
247 switch (proto_cls2) {
248 case OP_PCL_IPSEC_HMAC_NULL:
249 case OP_PCL_IPSEC_HMAC_MD5_96:
250 case OP_PCL_IPSEC_HMAC_SHA1_96:
251 case OP_PCL_IPSEC_AES_XCBC_MAC_96:
252 case OP_PCL_IPSEC_HMAC_MD5_128:
253 case OP_PCL_IPSEC_HMAC_SHA1_160:
254 case OP_PCL_IPSEC_AES_CMAC_96:
255 case OP_PCL_IPSEC_HMAC_SHA2_256_128:
256 case OP_PCL_IPSEC_HMAC_SHA2_384_192:
257 case OP_PCL_IPSEC_HMAC_SHA2_512_256:
258 return 0;
259 }
260
261 return -EINVAL;
262 }
263
264 static inline int
265 __rta_srtp_proto(uint16_t protoinfo)
266 {
267 uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK;
268 uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK;
269
270 switch (proto_cls1) {
271 case OP_PCL_SRTP_AES_CTR:
272 switch (proto_cls2) {
273 case OP_PCL_SRTP_HMAC_SHA1_160:
274 return 0;
275 }
276 /* no break */
277 }
278
279 return -EINVAL;
280 }
281
282 static inline int
283 __rta_macsec_proto(uint16_t protoinfo)
284 {
285 switch (protoinfo) {
286 case OP_PCL_MACSEC:
287 return 0;
288 }
289
290 return -EINVAL;
291 }
292
293 static inline int
294 __rta_wifi_proto(uint16_t protoinfo)
295 {
296 switch (protoinfo) {
297 case OP_PCL_WIFI:
298 return 0;
299 }
300
301 return -EINVAL;
302 }
303
304 static inline int
305 __rta_wimax_proto(uint16_t protoinfo)
306 {
307 switch (protoinfo) {
308 case OP_PCL_WIMAX_OFDM:
309 case OP_PCL_WIMAX_OFDMA:
310 return 0;
311 }
312
313 return -EINVAL;
314 }
315
316 /* Allowed blob proto flags for each SEC Era */
317 static const uint32_t proto_blob_flags[] = {
318 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK,
319 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
320 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
321 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
322 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
323 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
324 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
325 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
326 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
327 };
328
329 static inline int
330 __rta_blob_proto(uint16_t protoinfo)
331 {
332 if (protoinfo & ~proto_blob_flags[rta_sec_era])
333 return -EINVAL;
334
335 switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) {
336 case OP_PCL_BLOB_FORMAT_NORMAL:
337 case OP_PCL_BLOB_FORMAT_MASTER_VER:
338 case OP_PCL_BLOB_FORMAT_TEST:
339 break;
340 default:
341 return -EINVAL;
342 }
343
344 switch (protoinfo & OP_PCL_BLOB_REG_MASK) {
345 case OP_PCL_BLOB_AFHA_SBOX:
346 if (rta_sec_era < RTA_SEC_ERA_3)
347 return -EINVAL;
348 /* no break */
349 case OP_PCL_BLOB_REG_MEMORY:
350 case OP_PCL_BLOB_REG_KEY1:
351 case OP_PCL_BLOB_REG_KEY2:
352 case OP_PCL_BLOB_REG_SPLIT:
353 case OP_PCL_BLOB_REG_PKE:
354 return 0;
355 }
356
357 return -EINVAL;
358 }
359
360 static inline int
361 __rta_dlc_proto(uint16_t protoinfo)
362 {
363 if ((rta_sec_era < RTA_SEC_ERA_2) &&
364 (protoinfo & (OP_PCL_PKPROT_DSA_MSG | OP_PCL_PKPROT_HASH_MASK |
365 OP_PCL_PKPROT_EKT_Z | OP_PCL_PKPROT_DECRYPT_Z |
366 OP_PCL_PKPROT_DECRYPT_PRI)))
367 return -EINVAL;
368
369 switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) {
370 case OP_PCL_PKPROT_HASH_MD5:
371 case OP_PCL_PKPROT_HASH_SHA1:
372 case OP_PCL_PKPROT_HASH_SHA224:
373 case OP_PCL_PKPROT_HASH_SHA256:
374 case OP_PCL_PKPROT_HASH_SHA384:
375 case OP_PCL_PKPROT_HASH_SHA512:
376 break;
377 default:
378 return -EINVAL;
379 }
380
381 return 0;
382 }
383
384 static inline int
385 __rta_rsa_enc_proto(uint16_t protoinfo)
386 {
387 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
388 case OP_PCL_RSAPROT_OP_ENC_F_IN:
389 if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) !=
390 OP_PCL_RSAPROT_FFF_RED)
391 return -EINVAL;
392 break;
393 case OP_PCL_RSAPROT_OP_ENC_F_OUT:
394 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
395 case OP_PCL_RSAPROT_FFF_RED:
396 case OP_PCL_RSAPROT_FFF_ENC:
397 case OP_PCL_RSAPROT_FFF_EKT:
398 case OP_PCL_RSAPROT_FFF_TK_ENC:
399 case OP_PCL_RSAPROT_FFF_TK_EKT:
400 break;
401 default:
402 return -EINVAL;
403 }
404 break;
405 default:
406 return -EINVAL;
407 }
408
409 return 0;
410 }
411
412 static inline int
413 __rta_rsa_dec_proto(uint16_t protoinfo)
414 {
415 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
416 case OP_PCL_RSAPROT_OP_DEC_ND:
417 case OP_PCL_RSAPROT_OP_DEC_PQD:
418 case OP_PCL_RSAPROT_OP_DEC_PQDPDQC:
419 break;
420 default:
421 return -EINVAL;
422 }
423
424 switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) {
425 case OP_PCL_RSAPROT_PPP_RED:
426 case OP_PCL_RSAPROT_PPP_ENC:
427 case OP_PCL_RSAPROT_PPP_EKT:
428 case OP_PCL_RSAPROT_PPP_TK_ENC:
429 case OP_PCL_RSAPROT_PPP_TK_EKT:
430 break;
431 default:
432 return -EINVAL;
433 }
434
435 if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15)
436 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
437 case OP_PCL_RSAPROT_FFF_RED:
438 case OP_PCL_RSAPROT_FFF_ENC:
439 case OP_PCL_RSAPROT_FFF_EKT:
440 case OP_PCL_RSAPROT_FFF_TK_ENC:
441 case OP_PCL_RSAPROT_FFF_TK_EKT:
442 break;
443 default:
444 return -EINVAL;
445 }
446
447 return 0;
448 }
449
450 /*
451 * DKP Protocol - Restrictions on key (SRC,DST) combinations
452 * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
453 */
454 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0},
455 {1, 1, 1, 1},
456 {1, 0, 1, 0},
457 {1, 0, 0, 1} };
458
459 static inline int
460 __rta_dkp_proto(uint16_t protoinfo)
461 {
462 int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT;
463 int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT;
464
465 if (!key_in_out[key_src][key_dst]) {
466 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
467 return -EINVAL;
468 }
469
470 return 0;
471 }
472
473
474 static inline int
475 __rta_3g_dcrc_proto(uint16_t protoinfo)
476 {
477 if (rta_sec_era == RTA_SEC_ERA_7)
478 return -EINVAL;
479
480 switch (protoinfo) {
481 case OP_PCL_3G_DCRC_CRC7:
482 case OP_PCL_3G_DCRC_CRC11:
483 return 0;
484 }
485
486 return -EINVAL;
487 }
488
489 static inline int
490 __rta_3g_rlc_proto(uint16_t protoinfo)
491 {
492 if (rta_sec_era == RTA_SEC_ERA_7)
493 return -EINVAL;
494
495 switch (protoinfo) {
496 case OP_PCL_3G_RLC_NULL:
497 case OP_PCL_3G_RLC_KASUMI:
498 case OP_PCL_3G_RLC_SNOW:
499 return 0;
500 }
501
502 return -EINVAL;
503 }
504
505 static inline int
506 __rta_lte_pdcp_proto(uint16_t protoinfo)
507 {
508 if (rta_sec_era == RTA_SEC_ERA_7)
509 return -EINVAL;
510
511 switch (protoinfo) {
512 case OP_PCL_LTE_ZUC:
513 if (rta_sec_era < RTA_SEC_ERA_5)
514 break;
515 case OP_PCL_LTE_NULL:
516 case OP_PCL_LTE_SNOW:
517 case OP_PCL_LTE_AES:
518 return 0;
519 }
520
521 return -EINVAL;
522 }
523
524 static inline int
525 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo)
526 {
527 switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) {
528 case OP_PCL_LTE_MIXED_AUTH_NULL:
529 case OP_PCL_LTE_MIXED_AUTH_SNOW:
530 case OP_PCL_LTE_MIXED_AUTH_AES:
531 case OP_PCL_LTE_MIXED_AUTH_ZUC:
532 break;
533 default:
534 return -EINVAL;
535 }
536
537 switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) {
538 case OP_PCL_LTE_MIXED_ENC_NULL:
539 case OP_PCL_LTE_MIXED_ENC_SNOW:
540 case OP_PCL_LTE_MIXED_ENC_AES:
541 case OP_PCL_LTE_MIXED_ENC_ZUC:
542 return 0;
543 }
544
545 return -EINVAL;
546 }
547
548 struct proto_map {
549 uint32_t optype;
550 uint32_t protid;
551 int (*protoinfo_func)(uint16_t);
552 };
553
554 static const struct proto_map proto_table[] = {
555 /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto},
556 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto},
557 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto},
558 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto},
559 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS10_PRF, __rta_ssl_proto},
560 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto},
561 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto},
562 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
563 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
564 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto},
565 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto},
566 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto},
567 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto},
568 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto},
569 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto},
570 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto},
571 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS10, __rta_ssl_proto},
572 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto},
573 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto},
574 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto},
575 /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto},
576 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto},
577 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto},
578 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto},
579 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto},
580 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto},
581 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto},
582 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto},
583 /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto},
584 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto},
585 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto},
586 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto},
587 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto},
588 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto},
589 /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto},
590 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
591 /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
592 /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED,
593 __rta_lte_pdcp_mixed_proto},
594 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto},
595 };
596
597 /*
598 * Allowed OPERATION protocols for each SEC Era.
599 * Values represent the number of entries from proto_table[] that are supported.
600 */
601 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37, 39};
602
603 static inline int
604 rta_proto_operation(struct program *program, uint32_t optype,
605 uint32_t protid, uint16_t protoinfo)
606 {
607 uint32_t opcode = CMD_OPERATION;
608 unsigned int i, found = 0;
609 uint32_t optype_tmp = optype;
610 unsigned int start_pc = program->current_pc;
611 int ret = -EINVAL;
612
613 for (i = 0; i < proto_table_sz[rta_sec_era]; i++) {
614 /* clear last bit in optype to match also decap proto */
615 optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT);
616 if (optype_tmp == proto_table[i].optype) {
617 if (proto_table[i].protid == protid) {
618 /* nothing else to verify */
619 if (proto_table[i].protoinfo_func == NULL) {
620 found = 1;
621 break;
622 }
623 /* check protoinfo */
624 ret = (*proto_table[i].protoinfo_func)
625 (protoinfo);
626 if (ret < 0) {
627 pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
628 program->current_pc);
629 goto err;
630 }
631 found = 1;
632 break;
633 }
634 }
635 }
636 if (!found) {
637 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
638 program->current_pc);
639 goto err;
640 }
641
642 __rta_out32(program, opcode | optype | protid | protoinfo);
643 program->current_instruction++;
644 return (int)start_pc;
645
646 err:
647 program->first_error_pc = start_pc;
648 program->current_instruction++;
649 return ret;
650 }
651
652 static inline int
653 rta_dkp_proto(struct program *program, uint32_t protid,
654 uint16_t key_src, uint16_t key_dst,
655 uint16_t keylen, uint64_t key,
656 enum rta_data_type key_type)
657 {
658 unsigned int start_pc = program->current_pc;
659 unsigned int in_words = 0, out_words = 0;
660 int ret;
661
662 key_src &= OP_PCL_DKP_SRC_MASK;
663 key_dst &= OP_PCL_DKP_DST_MASK;
664 keylen &= OP_PCL_DKP_KEY_MASK;
665
666 ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid,
667 key_src | key_dst | keylen);
668 if (ret < 0)
669 return ret;
670
671 if ((key_src == OP_PCL_DKP_SRC_PTR) ||
672 (key_src == OP_PCL_DKP_SRC_SGF)) {
673 __rta_out64(program, program->ps, key);
674 in_words = program->ps ? 2 : 1;
675 } else if (key_src == OP_PCL_DKP_SRC_IMM) {
676 __rta_inline_data(program, key, inline_flags(key_type), keylen);
677 in_words = (unsigned int)((keylen + 3) / 4);
678 }
679
680 if ((key_dst == OP_PCL_DKP_DST_PTR) ||
681 (key_dst == OP_PCL_DKP_DST_SGF)) {
682 out_words = in_words;
683 } else if (key_dst == OP_PCL_DKP_DST_IMM) {
684 out_words = split_key_len(protid) / 4;
685 }
686
687 if (out_words < in_words) {
688 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
689 program->first_error_pc = start_pc;
690 return -EINVAL;
691 }
692
693 /* If needed, reserve space in resulting descriptor for derived key */
694 program->current_pc += (out_words - in_words);
695
696 return (int)start_pc;
697 }
698
699 #endif /* __RTA_PROTOCOL_CMD_H__ */
Ceph