Code Review / deb_dpdk.git / blob
? search:


2e7b2f2de1ad935faa487b26ee57d1457e3f6ce0
[deb_dpdk.git] / drivers / crypto / dpaa2_sec / hw / rta / protocol_cmd.h
1 /*-
2  * This file is provided under a dual BSD/GPLv2 license. When using or
3  * redistributing this file, you may do so under either license.
4  *
5  *   BSD LICENSE
6  *
7  * Copyright 2008-2016 Freescale Semiconductor Inc.
8  * Copyright (c) 2016 NXP.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions are met:
12  * * Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  * * Redistributions in binary form must reproduce the above copyright
15  * notice, this list of conditions and the following disclaimer in the
16  * documentation and/or other materials provided with the distribution.
17  * * Neither the name of the above-listed copyright holders nor the
18  * names of any contributors may be used to endorse or promote products
19  * derived from this software without specific prior written permission.
20  *
21  *   GPL LICENSE SUMMARY
22  *
23  * ALTERNATIVELY, this software may be distributed under the terms of the
24  * GNU General Public License ("GPL") as published by the Free Software
25  * Foundation, either version 2 of that License or (at your option) any
26  * later version.
27  *
28  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
29  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
32  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
33  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38  * POSSIBILITY OF SUCH DAMAGE.
39  */
40
41 #ifndef __RTA_PROTOCOL_CMD_H__
42 #define __RTA_PROTOCOL_CMD_H__
43
44 extern enum rta_sec_era rta_sec_era;
45
46 static inline int
47 __rta_ssl_proto(uint16_t protoinfo)
48 {
49         switch (protoinfo) {
50         case OP_PCL_SSL30_RC4_40_MD5_2:
51         case OP_PCL_SSL30_RC4_128_MD5_2:
52         case OP_PCL_SSL30_RC4_128_SHA_5:
53         case OP_PCL_SSL30_RC4_40_MD5_3:
54         case OP_PCL_SSL30_RC4_128_MD5_3:
55         case OP_PCL_SSL30_RC4_128_SHA:
56         case OP_PCL_SSL30_RC4_128_MD5:
57         case OP_PCL_SSL30_RC4_40_SHA:
58         case OP_PCL_SSL30_RC4_40_MD5:
59         case OP_PCL_SSL30_RC4_128_SHA_2:
60         case OP_PCL_SSL30_RC4_128_SHA_3:
61         case OP_PCL_SSL30_RC4_128_SHA_4:
62         case OP_PCL_SSL30_RC4_128_SHA_6:
63         case OP_PCL_SSL30_RC4_128_SHA_7:
64         case OP_PCL_SSL30_RC4_128_SHA_8:
65         case OP_PCL_SSL30_RC4_128_SHA_9:
66         case OP_PCL_SSL30_RC4_128_SHA_10:
67         case OP_PCL_TLS_ECDHE_PSK_RC4_128_SHA:
68                 if (rta_sec_era == RTA_SEC_ERA_7)
69                         return -EINVAL;
70                 /* fall through if not Era 7 */
71         case OP_PCL_SSL30_DES40_CBC_SHA:
72         case OP_PCL_SSL30_DES_CBC_SHA_2:
73         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_5:
74         case OP_PCL_SSL30_DES40_CBC_SHA_2:
75         case OP_PCL_SSL30_DES_CBC_SHA_3:
76         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_6:
77         case OP_PCL_SSL30_DES40_CBC_SHA_3:
78         case OP_PCL_SSL30_DES_CBC_SHA_4:
79         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_7:
80         case OP_PCL_SSL30_DES40_CBC_SHA_4:
81         case OP_PCL_SSL30_DES_CBC_SHA_5:
82         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_8:
83         case OP_PCL_SSL30_DES40_CBC_SHA_5:
84         case OP_PCL_SSL30_DES_CBC_SHA_6:
85         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_9:
86         case OP_PCL_SSL30_DES40_CBC_SHA_6:
87         case OP_PCL_SSL30_DES_CBC_SHA_7:
88         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_10:
89         case OP_PCL_SSL30_DES_CBC_SHA:
90         case OP_PCL_SSL30_3DES_EDE_CBC_SHA:
91         case OP_PCL_SSL30_DES_CBC_MD5:
92         case OP_PCL_SSL30_3DES_EDE_CBC_MD5:
93         case OP_PCL_SSL30_DES40_CBC_SHA_7:
94         case OP_PCL_SSL30_DES40_CBC_MD5:
95         case OP_PCL_SSL30_AES_128_CBC_SHA:
96         case OP_PCL_SSL30_AES_128_CBC_SHA_2:
97         case OP_PCL_SSL30_AES_128_CBC_SHA_3:
98         case OP_PCL_SSL30_AES_128_CBC_SHA_4:
99         case OP_PCL_SSL30_AES_128_CBC_SHA_5:
100         case OP_PCL_SSL30_AES_128_CBC_SHA_6:
101         case OP_PCL_SSL30_AES_256_CBC_SHA:
102         case OP_PCL_SSL30_AES_256_CBC_SHA_2:
103         case OP_PCL_SSL30_AES_256_CBC_SHA_3:
104         case OP_PCL_SSL30_AES_256_CBC_SHA_4:
105         case OP_PCL_SSL30_AES_256_CBC_SHA_5:
106         case OP_PCL_SSL30_AES_256_CBC_SHA_6:
107         case OP_PCL_TLS12_AES_128_CBC_SHA256_2:
108         case OP_PCL_TLS12_AES_128_CBC_SHA256_3:
109         case OP_PCL_TLS12_AES_128_CBC_SHA256_4:
110         case OP_PCL_TLS12_AES_128_CBC_SHA256_5:
111         case OP_PCL_TLS12_AES_256_CBC_SHA256_2:
112         case OP_PCL_TLS12_AES_256_CBC_SHA256_3:
113         case OP_PCL_TLS12_AES_256_CBC_SHA256_4:
114         case OP_PCL_TLS12_AES_256_CBC_SHA256_5:
115         case OP_PCL_TLS12_AES_128_CBC_SHA256_6:
116         case OP_PCL_TLS12_AES_256_CBC_SHA256_6:
117         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_2:
118         case OP_PCL_SSL30_AES_128_CBC_SHA_7:
119         case OP_PCL_SSL30_AES_256_CBC_SHA_7:
120         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_3:
121         case OP_PCL_SSL30_AES_128_CBC_SHA_8:
122         case OP_PCL_SSL30_AES_256_CBC_SHA_8:
123         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_4:
124         case OP_PCL_SSL30_AES_128_CBC_SHA_9:
125         case OP_PCL_SSL30_AES_256_CBC_SHA_9:
126         case OP_PCL_SSL30_AES_128_GCM_SHA256_1:
127         case OP_PCL_SSL30_AES_256_GCM_SHA384_1:
128         case OP_PCL_SSL30_AES_128_GCM_SHA256_2:
129         case OP_PCL_SSL30_AES_256_GCM_SHA384_2:
130         case OP_PCL_SSL30_AES_128_GCM_SHA256_3:
131         case OP_PCL_SSL30_AES_256_GCM_SHA384_3:
132         case OP_PCL_SSL30_AES_128_GCM_SHA256_4:
133         case OP_PCL_SSL30_AES_256_GCM_SHA384_4:
134         case OP_PCL_SSL30_AES_128_GCM_SHA256_5:
135         case OP_PCL_SSL30_AES_256_GCM_SHA384_5:
136         case OP_PCL_SSL30_AES_128_GCM_SHA256_6:
137         case OP_PCL_TLS_DH_ANON_AES_256_GCM_SHA384:
138         case OP_PCL_TLS_PSK_AES_128_GCM_SHA256:
139         case OP_PCL_TLS_PSK_AES_256_GCM_SHA384:
140         case OP_PCL_TLS_DHE_PSK_AES_128_GCM_SHA256:
141         case OP_PCL_TLS_DHE_PSK_AES_256_GCM_SHA384:
142         case OP_PCL_TLS_RSA_PSK_AES_128_GCM_SHA256:
143         case OP_PCL_TLS_RSA_PSK_AES_256_GCM_SHA384:
144         case OP_PCL_TLS_PSK_AES_128_CBC_SHA256:
145         case OP_PCL_TLS_PSK_AES_256_CBC_SHA384:
146         case OP_PCL_TLS_DHE_PSK_AES_128_CBC_SHA256:
147         case OP_PCL_TLS_DHE_PSK_AES_256_CBC_SHA384:
148         case OP_PCL_TLS_RSA_PSK_AES_128_CBC_SHA256:
149         case OP_PCL_TLS_RSA_PSK_AES_256_CBC_SHA384:
150         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_11:
151         case OP_PCL_SSL30_AES_128_CBC_SHA_10:
152         case OP_PCL_SSL30_AES_256_CBC_SHA_10:
153         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_12:
154         case OP_PCL_SSL30_AES_128_CBC_SHA_11:
155         case OP_PCL_SSL30_AES_256_CBC_SHA_11:
156         case OP_PCL_SSL30_AES_128_CBC_SHA_12:
157         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_13:
158         case OP_PCL_SSL30_AES_256_CBC_SHA_12:
159         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_14:
160         case OP_PCL_SSL30_AES_128_CBC_SHA_13:
161         case OP_PCL_SSL30_AES_256_CBC_SHA_13:
162         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_15:
163         case OP_PCL_SSL30_AES_128_CBC_SHA_14:
164         case OP_PCL_SSL30_AES_256_CBC_SHA_14:
165         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_16:
166         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_17:
167         case OP_PCL_SSL30_3DES_EDE_CBC_SHA_18:
168         case OP_PCL_SSL30_AES_128_CBC_SHA_15:
169         case OP_PCL_SSL30_AES_128_CBC_SHA_16:
170         case OP_PCL_SSL30_AES_128_CBC_SHA_17:
171         case OP_PCL_SSL30_AES_256_CBC_SHA_15:
172         case OP_PCL_SSL30_AES_256_CBC_SHA_16:
173         case OP_PCL_SSL30_AES_256_CBC_SHA_17:
174         case OP_PCL_TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:
175         case OP_PCL_TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:
176         case OP_PCL_TLS_ECDH_ECDSA_AES_128_CBC_SHA256:
177         case OP_PCL_TLS_ECDH_ECDSA_AES_256_CBC_SHA384:
178         case OP_PCL_TLS_ECDHE_RSA_AES_128_CBC_SHA256:
179         case OP_PCL_TLS_ECDHE_RSA_AES_256_CBC_SHA384:
180         case OP_PCL_TLS_ECDH_RSA_AES_128_CBC_SHA256:
181         case OP_PCL_TLS_ECDH_RSA_AES_256_CBC_SHA384:
182         case OP_PCL_TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:
183         case OP_PCL_TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:
184         case OP_PCL_TLS_ECDH_ECDSA_AES_128_GCM_SHA256:
185         case OP_PCL_TLS_ECDH_ECDSA_AES_256_GCM_SHA384:
186         case OP_PCL_TLS_ECDHE_RSA_AES_128_GCM_SHA256:
187         case OP_PCL_TLS_ECDHE_RSA_AES_256_GCM_SHA384:
188         case OP_PCL_TLS_ECDH_RSA_AES_128_GCM_SHA256:
189         case OP_PCL_TLS_ECDH_RSA_AES_256_GCM_SHA384:
190         case OP_PCL_TLS_ECDHE_PSK_3DES_EDE_CBC_SHA:
191         case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA:
192         case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA:
193         case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA256:
194         case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA384:
195         case OP_PCL_TLS12_3DES_EDE_CBC_MD5:
196         case OP_PCL_TLS12_3DES_EDE_CBC_SHA160:
197         case OP_PCL_TLS12_3DES_EDE_CBC_SHA224:
198         case OP_PCL_TLS12_3DES_EDE_CBC_SHA256:
199         case OP_PCL_TLS12_3DES_EDE_CBC_SHA384:
200         case OP_PCL_TLS12_3DES_EDE_CBC_SHA512:
201         case OP_PCL_TLS12_AES_128_CBC_SHA160:
202         case OP_PCL_TLS12_AES_128_CBC_SHA224:
203         case OP_PCL_TLS12_AES_128_CBC_SHA256:
204         case OP_PCL_TLS12_AES_128_CBC_SHA384:
205         case OP_PCL_TLS12_AES_128_CBC_SHA512:
206         case OP_PCL_TLS12_AES_192_CBC_SHA160:
207         case OP_PCL_TLS12_AES_192_CBC_SHA224:
208         case OP_PCL_TLS12_AES_192_CBC_SHA256:
209         case OP_PCL_TLS12_AES_192_CBC_SHA512:
210         case OP_PCL_TLS12_AES_256_CBC_SHA160:
211         case OP_PCL_TLS12_AES_256_CBC_SHA224:
212         case OP_PCL_TLS12_AES_256_CBC_SHA256:
213         case OP_PCL_TLS12_AES_256_CBC_SHA384:
214         case OP_PCL_TLS12_AES_256_CBC_SHA512:
215         case OP_PCL_TLS_PVT_AES_192_CBC_SHA160:
216         case OP_PCL_TLS_PVT_AES_192_CBC_SHA384:
217         case OP_PCL_TLS_PVT_AES_192_CBC_SHA224:
218         case OP_PCL_TLS_PVT_AES_192_CBC_SHA512:
219         case OP_PCL_TLS_PVT_AES_192_CBC_SHA256:
220         case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FE:
221         case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FF:
222                 return 0;
223         }
224
225         return -EINVAL;
226 }
227
228 static inline int
229 __rta_ike_proto(uint16_t protoinfo)
230 {
231         switch (protoinfo) {
232         case OP_PCL_IKE_HMAC_MD5:
233         case OP_PCL_IKE_HMAC_SHA1:
234         case OP_PCL_IKE_HMAC_AES128_CBC:
235         case OP_PCL_IKE_HMAC_SHA256:
236         case OP_PCL_IKE_HMAC_SHA384:
237         case OP_PCL_IKE_HMAC_SHA512:
238         case OP_PCL_IKE_HMAC_AES128_CMAC:
239                 return 0;
240         }
241
242         return -EINVAL;
243 }
244
245 static inline int
246 __rta_ipsec_proto(uint16_t protoinfo)
247 {
248         uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK;
249         uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK;
250
251         switch (proto_cls1) {
252         case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
253                 if (rta_sec_era < RTA_SEC_ERA_2)
254                         return -EINVAL;
255                 /* no break */
256         case OP_PCL_IPSEC_AES_CCM8:
257         case OP_PCL_IPSEC_AES_CCM12:
258         case OP_PCL_IPSEC_AES_CCM16:
259         case OP_PCL_IPSEC_AES_GCM8:
260         case OP_PCL_IPSEC_AES_GCM12:
261         case OP_PCL_IPSEC_AES_GCM16:
262                 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
263                 if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL)
264                         return 0;
265                 return -EINVAL;
266         case OP_PCL_IPSEC_NULL:
267                 if (rta_sec_era < RTA_SEC_ERA_2)
268                         return -EINVAL;
269                 /* no break */
270         case OP_PCL_IPSEC_DES_IV64:
271         case OP_PCL_IPSEC_DES:
272         case OP_PCL_IPSEC_3DES:
273         case OP_PCL_IPSEC_AES_CBC:
274         case OP_PCL_IPSEC_AES_CTR:
275                 break;
276         default:
277                 return -EINVAL;
278         }
279
280         switch (proto_cls2) {
281         case OP_PCL_IPSEC_HMAC_NULL:
282         case OP_PCL_IPSEC_HMAC_MD5_96:
283         case OP_PCL_IPSEC_HMAC_SHA1_96:
284         case OP_PCL_IPSEC_AES_XCBC_MAC_96:
285         case OP_PCL_IPSEC_HMAC_MD5_128:
286         case OP_PCL_IPSEC_HMAC_SHA1_160:
287         case OP_PCL_IPSEC_AES_CMAC_96:
288         case OP_PCL_IPSEC_HMAC_SHA2_256_128:
289         case OP_PCL_IPSEC_HMAC_SHA2_384_192:
290         case OP_PCL_IPSEC_HMAC_SHA2_512_256:
291                 return 0;
292         }
293
294         return -EINVAL;
295 }
296
297 static inline int
298 __rta_srtp_proto(uint16_t protoinfo)
299 {
300         uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK;
301         uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK;
302
303         switch (proto_cls1) {
304         case OP_PCL_SRTP_AES_CTR:
305                 switch (proto_cls2) {
306                 case OP_PCL_SRTP_HMAC_SHA1_160:
307                         return 0;
308                 }
309                 /* no break */
310         }
311
312         return -EINVAL;
313 }
314
315 static inline int
316 __rta_macsec_proto(uint16_t protoinfo)
317 {
318         switch (protoinfo) {
319         case OP_PCL_MACSEC:
320                 return 0;
321         }
322
323         return -EINVAL;
324 }
325
326 static inline int
327 __rta_wifi_proto(uint16_t protoinfo)
328 {
329         switch (protoinfo) {
330         case OP_PCL_WIFI:
331                 return 0;
332         }
333
334         return -EINVAL;
335 }
336
337 static inline int
338 __rta_wimax_proto(uint16_t protoinfo)
339 {
340         switch (protoinfo) {
341         case OP_PCL_WIMAX_OFDM:
342         case OP_PCL_WIMAX_OFDMA:
343                 return 0;
344         }
345
346         return -EINVAL;
347 }
348
349 /* Allowed blob proto flags for each SEC Era */
350 static const uint32_t proto_blob_flags[] = {
351         OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK,
352         OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
353                 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
354         OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
355                 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
356         OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
357                 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
358         OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
359                 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
360 };
361
362 static inline int
363 __rta_blob_proto(uint16_t protoinfo)
364 {
365         if (protoinfo & ~proto_blob_flags[rta_sec_era])
366                 return -EINVAL;
367
368         switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) {
369         case OP_PCL_BLOB_FORMAT_NORMAL:
370         case OP_PCL_BLOB_FORMAT_MASTER_VER:
371         case OP_PCL_BLOB_FORMAT_TEST:
372                 break;
373         default:
374                 return -EINVAL;
375         }
376
377         switch (protoinfo & OP_PCL_BLOB_REG_MASK) {
378         case OP_PCL_BLOB_AFHA_SBOX:
379                 if (rta_sec_era < RTA_SEC_ERA_3)
380                         return -EINVAL;
381                 /* no break */
382         case OP_PCL_BLOB_REG_MEMORY:
383         case OP_PCL_BLOB_REG_KEY1:
384         case OP_PCL_BLOB_REG_KEY2:
385         case OP_PCL_BLOB_REG_SPLIT:
386         case OP_PCL_BLOB_REG_PKE:
387                 return 0;
388         }
389
390         return -EINVAL;
391 }
392
393 static inline int
394 __rta_dlc_proto(uint16_t protoinfo)
395 {
396         if ((rta_sec_era < RTA_SEC_ERA_2) &&
397             (protoinfo & (OP_PCL_PKPROT_DSA_MSG | OP_PCL_PKPROT_HASH_MASK |
398              OP_PCL_PKPROT_EKT_Z | OP_PCL_PKPROT_DECRYPT_Z |
399              OP_PCL_PKPROT_DECRYPT_PRI)))
400                 return -EINVAL;
401
402         switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) {
403         case OP_PCL_PKPROT_HASH_MD5:
404         case OP_PCL_PKPROT_HASH_SHA1:
405         case OP_PCL_PKPROT_HASH_SHA224:
406         case OP_PCL_PKPROT_HASH_SHA256:
407         case OP_PCL_PKPROT_HASH_SHA384:
408         case OP_PCL_PKPROT_HASH_SHA512:
409                 break;
410         default:
411                 return -EINVAL;
412         }
413
414         return 0;
415 }
416
417 static inline int
418 __rta_rsa_enc_proto(uint16_t protoinfo)
419 {
420         switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
421         case OP_PCL_RSAPROT_OP_ENC_F_IN:
422                 if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) !=
423                     OP_PCL_RSAPROT_FFF_RED)
424                         return -EINVAL;
425                 break;
426         case OP_PCL_RSAPROT_OP_ENC_F_OUT:
427                 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
428                 case OP_PCL_RSAPROT_FFF_RED:
429                 case OP_PCL_RSAPROT_FFF_ENC:
430                 case OP_PCL_RSAPROT_FFF_EKT:
431                 case OP_PCL_RSAPROT_FFF_TK_ENC:
432                 case OP_PCL_RSAPROT_FFF_TK_EKT:
433                         break;
434                 default:
435                         return -EINVAL;
436                 }
437                 break;
438         default:
439                 return -EINVAL;
440         }
441
442         return 0;
443 }
444
445 static inline int
446 __rta_rsa_dec_proto(uint16_t protoinfo)
447 {
448         switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
449         case OP_PCL_RSAPROT_OP_DEC_ND:
450         case OP_PCL_RSAPROT_OP_DEC_PQD:
451         case OP_PCL_RSAPROT_OP_DEC_PQDPDQC:
452                 break;
453         default:
454                 return -EINVAL;
455         }
456
457         switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) {
458         case OP_PCL_RSAPROT_PPP_RED:
459         case OP_PCL_RSAPROT_PPP_ENC:
460         case OP_PCL_RSAPROT_PPP_EKT:
461         case OP_PCL_RSAPROT_PPP_TK_ENC:
462         case OP_PCL_RSAPROT_PPP_TK_EKT:
463                 break;
464         default:
465                 return -EINVAL;
466         }
467
468         if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15)
469                 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
470                 case OP_PCL_RSAPROT_FFF_RED:
471                 case OP_PCL_RSAPROT_FFF_ENC:
472                 case OP_PCL_RSAPROT_FFF_EKT:
473                 case OP_PCL_RSAPROT_FFF_TK_ENC:
474                 case OP_PCL_RSAPROT_FFF_TK_EKT:
475                         break;
476                 default:
477                         return -EINVAL;
478                 }
479
480         return 0;
481 }
482
483 /*
484  * DKP Protocol - Restrictions on key (SRC,DST) combinations
485  * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
486  */
487 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0},
488                                           {1, 1, 1, 1},
489                                           {1, 0, 1, 0},
490                                           {1, 0, 0, 1} };
491
492 static inline int
493 __rta_dkp_proto(uint16_t protoinfo)
494 {
495         int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT;
496         int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT;
497
498         if (!key_in_out[key_src][key_dst]) {
499                 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
500                 return -EINVAL;
501         }
502
503         return 0;
504 }
505
506
507 static inline int
508 __rta_3g_dcrc_proto(uint16_t protoinfo)
509 {
510         if (rta_sec_era == RTA_SEC_ERA_7)
511                 return -EINVAL;
512
513         switch (protoinfo) {
514         case OP_PCL_3G_DCRC_CRC7:
515         case OP_PCL_3G_DCRC_CRC11:
516                 return 0;
517         }
518
519         return -EINVAL;
520 }
521
522 static inline int
523 __rta_3g_rlc_proto(uint16_t protoinfo)
524 {
525         if (rta_sec_era == RTA_SEC_ERA_7)
526                 return -EINVAL;
527
528         switch (protoinfo) {
529         case OP_PCL_3G_RLC_NULL:
530         case OP_PCL_3G_RLC_KASUMI:
531         case OP_PCL_3G_RLC_SNOW:
532                 return 0;
533         }
534
535         return -EINVAL;
536 }
537
538 static inline int
539 __rta_lte_pdcp_proto(uint16_t protoinfo)
540 {
541         if (rta_sec_era == RTA_SEC_ERA_7)
542                 return -EINVAL;
543
544         switch (protoinfo) {
545         case OP_PCL_LTE_ZUC:
546                 if (rta_sec_era < RTA_SEC_ERA_5)
547                         break;
548         case OP_PCL_LTE_NULL:
549         case OP_PCL_LTE_SNOW:
550         case OP_PCL_LTE_AES:
551                 return 0;
552         }
553
554         return -EINVAL;
555 }
556
557 static inline int
558 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo)
559 {
560         switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) {
561         case OP_PCL_LTE_MIXED_AUTH_NULL:
562         case OP_PCL_LTE_MIXED_AUTH_SNOW:
563         case OP_PCL_LTE_MIXED_AUTH_AES:
564         case OP_PCL_LTE_MIXED_AUTH_ZUC:
565                 break;
566         default:
567                 return -EINVAL;
568         }
569
570         switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) {
571         case OP_PCL_LTE_MIXED_ENC_NULL:
572         case OP_PCL_LTE_MIXED_ENC_SNOW:
573         case OP_PCL_LTE_MIXED_ENC_AES:
574         case OP_PCL_LTE_MIXED_ENC_ZUC:
575                 return 0;
576         }
577
578         return -EINVAL;
579 }
580
581 struct proto_map {
582         uint32_t optype;
583         uint32_t protid;
584         int (*protoinfo_func)(uint16_t);
585 };
586
587 static const struct proto_map proto_table[] = {
588 /*1*/   {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_SSL30_PRF,     __rta_ssl_proto},
589         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS10_PRF,     __rta_ssl_proto},
590         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS11_PRF,     __rta_ssl_proto},
591         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS12_PRF,     __rta_ssl_proto},
592         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DTLS10_PRF,    __rta_ssl_proto},
593         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_IKEV1_PRF,     __rta_ike_proto},
594         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_IKEV2_PRF,     __rta_ike_proto},
595         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
596         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DSASIGN,       __rta_dlc_proto},
597         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DSAVERIFY,     __rta_dlc_proto},
598         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC,         __rta_ipsec_proto},
599         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP,          __rta_srtp_proto},
600         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30,         __rta_ssl_proto},
601         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10,         __rta_ssl_proto},
602         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11,         __rta_ssl_proto},
603         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12,         __rta_ssl_proto},
604         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS10,        __rta_ssl_proto},
605         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC,        __rta_macsec_proto},
606         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI,          __rta_wifi_proto},
607         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX,         __rta_wimax_proto},
608 /*21*/  {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB,          __rta_blob_proto},
609         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto},
610         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_RSAENCRYPT,    __rta_rsa_enc_proto},
611         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_RSADECRYPT,    __rta_rsa_dec_proto},
612         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC,       __rta_3g_dcrc_proto},
613         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU,    __rta_3g_rlc_proto},
614         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU,    __rta_3g_rlc_proto},
615         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto},
616 /*29*/  {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto},
617         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_MD5,       __rta_dkp_proto},
618         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA1,      __rta_dkp_proto},
619         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA224,    __rta_dkp_proto},
620         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA256,    __rta_dkp_proto},
621         {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA384,    __rta_dkp_proto},
622 /*35*/  {OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA512,    __rta_dkp_proto},
623         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
624 /*37*/  {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN,       __rta_dlc_proto},
625 /*38*/  {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED,
626          __rta_lte_pdcp_mixed_proto},
627         {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW,     __rta_ipsec_proto},
628 };
629
630 /*
631  * Allowed OPERATION protocols for each SEC Era.
632  * Values represent the number of entries from proto_table[] that are supported.
633  */
634 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37, 39};
635
636 static inline int
637 rta_proto_operation(struct program *program, uint32_t optype,
638                                       uint32_t protid, uint16_t protoinfo)
639 {
640         uint32_t opcode = CMD_OPERATION;
641         unsigned int i, found = 0;
642         uint32_t optype_tmp = optype;
643         unsigned int start_pc = program->current_pc;
644         int ret = -EINVAL;
645
646         for (i = 0; i < proto_table_sz[rta_sec_era]; i++) {
647                 /* clear last bit in optype to match also decap proto */
648                 optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT);
649                 if (optype_tmp == proto_table[i].optype) {
650                         if (proto_table[i].protid == protid) {
651                                 /* nothing else to verify */
652                                 if (proto_table[i].protoinfo_func == NULL) {
653                                         found = 1;
654                                         break;
655                                 }
656                                 /* check protoinfo */
657                                 ret = (*proto_table[i].protoinfo_func)
658                                                 (protoinfo);
659                                 if (ret < 0) {
660                                         pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
661                                                program->current_pc);
662                                         goto err;
663                                 }
664                                 found = 1;
665                                 break;
666                         }
667                 }
668         }
669         if (!found) {
670                 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
671                        program->current_pc);
672                 goto err;
673         }
674
675         __rta_out32(program, opcode | optype | protid | protoinfo);
676         program->current_instruction++;
677         return (int)start_pc;
678
679  err:
680         program->first_error_pc = start_pc;
681         program->current_instruction++;
682         return ret;
683 }
684
685 static inline int
686 rta_dkp_proto(struct program *program, uint32_t protid,
687                                 uint16_t key_src, uint16_t key_dst,
688                                 uint16_t keylen, uint64_t key,
689                                 enum rta_data_type key_type)
690 {
691         unsigned int start_pc = program->current_pc;
692         unsigned int in_words = 0, out_words = 0;
693         int ret;
694
695         key_src &= OP_PCL_DKP_SRC_MASK;
696         key_dst &= OP_PCL_DKP_DST_MASK;
697         keylen &= OP_PCL_DKP_KEY_MASK;
698
699         ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid,
700                                   key_src | key_dst | keylen);
701         if (ret < 0)
702                 return ret;
703
704         if ((key_src == OP_PCL_DKP_SRC_PTR) ||
705             (key_src == OP_PCL_DKP_SRC_SGF)) {
706                 __rta_out64(program, program->ps, key);
707                 in_words = program->ps ? 2 : 1;
708         } else if (key_src == OP_PCL_DKP_SRC_IMM) {
709                 __rta_inline_data(program, key, inline_flags(key_type), keylen);
710                 in_words = (unsigned int)((keylen + 3) / 4);
711         }
712
713         if ((key_dst == OP_PCL_DKP_DST_PTR) ||
714             (key_dst == OP_PCL_DKP_DST_SGF)) {
715                 out_words = in_words;
716         } else  if (key_dst == OP_PCL_DKP_DST_IMM) {
717                 out_words = split_key_len(protid) / 4;
718         }
719
720         if (out_words < in_words) {
721                 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
722                 program->first_error_pc = start_pc;
723                 return -EINVAL;
724         }
725
726         /* If needed, reserve space in resulting descriptor for derived key */
727         program->current_pc += (out_words - in_words);
728
729         return (int)start_pc;
730 }
731
732 #endif /* __RTA_PROTOCOL_CMD_H__ */
ARCHIVED- 2020-02-20 at the request of the project