1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
2 *
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016,2019,2023 NXP
5 *
6 */
7
8 #ifndef __RTA_PROTOCOL_CMD_H__
9 #define __RTA_PROTOCOL_CMD_H__
10
11 extern enum rta_sec_era rta_sec_era;
12
13 static inline int
__rta_ssl_proto(uint16_t protoinfo)14 __rta_ssl_proto(uint16_t protoinfo)
15 {
16 switch (protoinfo) {
17 case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5:
18 case OP_PCL_TLS_RSA_WITH_RC4_128_MD5:
19 case OP_PCL_TLS_RSA_WITH_RC4_128_SHA:
20 case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
21 case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5:
22 case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA:
23 case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5:
24 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA:
25 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5:
26 case OP_PCL_TLS_PSK_WITH_RC4_128_SHA:
27 case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA:
28 case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA:
29 case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
30 case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
31 case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA:
32 case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA:
33 case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA:
34 case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA:
35 case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:
36 case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA:
37 case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA:
38 case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
39 case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA:
40 case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
41 case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
42 case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA:
43 case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
44 case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
45 case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA:
46 case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
47 case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
48 case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA:
49 case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
50 case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
51 case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA:
52 case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
53 case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA:
54 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA:
55 case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5:
56 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5:
57 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA:
58 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5:
59 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA:
60 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA:
61 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA:
62 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
63 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
64 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA:
65 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA:
66 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA:
67 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA:
68 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
69 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
70 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA:
71 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
72 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
73 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
74 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
75 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
76 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
77 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
78 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
79 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256:
80 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256:
81 case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA:
82 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA:
83 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA:
84 case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
85 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
86 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
87 case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
88 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
89 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
90 case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256:
91 case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384:
92 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
93 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
94 case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
95 case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
96 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
97 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
98 case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
99 case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
100 case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256:
101 case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384:
102 case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256:
103 case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384:
104 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
105 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
106 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
107 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
108 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256:
109 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384:
110 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
111 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
112 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
113 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
114 case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
115 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
116 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
117 case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
118 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
119 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
120 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
121 case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
122 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
123 case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
124 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
125 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
126 case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
127 case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
128 case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
129 case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
130 case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
131 case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
132 case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
133 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
134 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
135 case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
136 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
137 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
138 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
139 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
140 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
141 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
142 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
143 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
144 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
145 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
146 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
147 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
148 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
149 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
150 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
151 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
152 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
153 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
154 case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
155 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
156 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
157 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
158 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
159 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256:
160 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256:
161 case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5:
162 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160:
163 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224:
164 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256:
165 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384:
166 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512:
167 case OP_PCL_PVT_TLS_AES_128_CBC_SHA160:
168 case OP_PCL_PVT_TLS_AES_128_CBC_SHA224:
169 case OP_PCL_PVT_TLS_AES_128_CBC_SHA256:
170 case OP_PCL_PVT_TLS_AES_128_CBC_SHA384:
171 case OP_PCL_PVT_TLS_AES_128_CBC_SHA512:
172 case OP_PCL_PVT_TLS_AES_192_CBC_SHA160:
173 case OP_PCL_PVT_TLS_AES_192_CBC_SHA224:
174 case OP_PCL_PVT_TLS_AES_192_CBC_SHA256:
175 case OP_PCL_PVT_TLS_AES_192_CBC_SHA512:
176 case OP_PCL_PVT_TLS_AES_256_CBC_SHA160:
177 case OP_PCL_PVT_TLS_AES_256_CBC_SHA224:
178 case OP_PCL_PVT_TLS_AES_256_CBC_SHA384:
179 case OP_PCL_PVT_TLS_AES_256_CBC_SHA512:
180 case OP_PCL_PVT_TLS_AES_256_CBC_SHA256:
181 case OP_PCL_PVT_TLS_AES_192_CBC_SHA384:
182 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE:
183 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF:
184 return 0;
185 }
186
187 return -EINVAL;
188 }
189
190 static inline int
__rta_ike_proto(uint16_t protoinfo)191 __rta_ike_proto(uint16_t protoinfo)
192 {
193 switch (protoinfo) {
194 case OP_PCL_IKE_HMAC_MD5:
195 case OP_PCL_IKE_HMAC_SHA1:
196 case OP_PCL_IKE_HMAC_AES128_CBC:
197 case OP_PCL_IKE_HMAC_SHA256:
198 case OP_PCL_IKE_HMAC_SHA384:
199 case OP_PCL_IKE_HMAC_SHA512:
200 case OP_PCL_IKE_HMAC_AES128_CMAC:
201 return 0;
202 }
203
204 return -EINVAL;
205 }
206
207 static inline int
__rta_ipsec_proto(uint16_t protoinfo)208 __rta_ipsec_proto(uint16_t protoinfo)
209 {
210 uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK;
211 uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK;
212
213 switch (proto_cls1) {
214 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
215 case OP_PCL_IPSEC_AES_CCM8:
216 case OP_PCL_IPSEC_AES_CCM12:
217 case OP_PCL_IPSEC_AES_CCM16:
218 case OP_PCL_IPSEC_AES_GCM8:
219 case OP_PCL_IPSEC_AES_GCM12:
220 case OP_PCL_IPSEC_AES_GCM16:
221 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
222 if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL)
223 return 0;
224 return -EINVAL;
225 case OP_PCL_IPSEC_NULL:
226 case OP_PCL_IPSEC_DES_IV64:
227 case OP_PCL_IPSEC_DES:
228 case OP_PCL_IPSEC_3DES:
229 case OP_PCL_IPSEC_AES_CBC:
230 case OP_PCL_IPSEC_AES_CTR:
231 break;
232 default:
233 return -EINVAL;
234 }
235
236 switch (proto_cls2) {
237 case OP_PCL_IPSEC_HMAC_NULL:
238 case OP_PCL_IPSEC_HMAC_MD5_96:
239 case OP_PCL_IPSEC_HMAC_SHA1_96:
240 case OP_PCL_IPSEC_AES_XCBC_MAC_96:
241 case OP_PCL_IPSEC_HMAC_MD5_128:
242 case OP_PCL_IPSEC_HMAC_SHA1_160:
243 case OP_PCL_IPSEC_AES_CMAC_96:
244 case OP_PCL_IPSEC_HMAC_SHA2_224_96:
245 case OP_PCL_IPSEC_HMAC_SHA2_224_112:
246 case OP_PCL_IPSEC_HMAC_SHA2_224_224:
247 case OP_PCL_IPSEC_HMAC_SHA2_256_128:
248 case OP_PCL_IPSEC_HMAC_SHA2_384_192:
249 case OP_PCL_IPSEC_HMAC_SHA2_512_256:
250 return 0;
251 }
252
253 return -EINVAL;
254 }
255
256 static inline int
__rta_srtp_proto(uint16_t protoinfo)257 __rta_srtp_proto(uint16_t protoinfo)
258 {
259 uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK;
260 uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK;
261
262 switch (proto_cls1) {
263 case OP_PCL_SRTP_AES_CTR:
264 switch (proto_cls2) {
265 case OP_PCL_SRTP_HMAC_SHA1_160:
266 return 0;
267 }
268 /* no break */
269 }
270
271 return -EINVAL;
272 }
273
274 static inline int
__rta_macsec_proto(uint16_t protoinfo)275 __rta_macsec_proto(uint16_t protoinfo)
276 {
277 switch (protoinfo) {
278 case OP_PCL_MACSEC:
279 return 0;
280 }
281
282 return -EINVAL;
283 }
284
285 static inline int
__rta_wifi_proto(uint16_t protoinfo)286 __rta_wifi_proto(uint16_t protoinfo)
287 {
288 switch (protoinfo) {
289 case OP_PCL_WIFI:
290 return 0;
291 }
292
293 return -EINVAL;
294 }
295
296 static inline int
__rta_wimax_proto(uint16_t protoinfo)297 __rta_wimax_proto(uint16_t protoinfo)
298 {
299 switch (protoinfo) {
300 case OP_PCL_WIMAX_OFDM:
301 case OP_PCL_WIMAX_OFDMA:
302 return 0;
303 }
304
305 return -EINVAL;
306 }
307
308 /* Allowed blob proto flags for each SEC Era */
309 static const uint32_t proto_blob_flags[] = {
310 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK,
311 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
312 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
313 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
314 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
315 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
316 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
317 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
318 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
319 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
320 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
321 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
322 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
323 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
324 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
325 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
326 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
327 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
328 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
329 };
330
331 static inline int
__rta_blob_proto(uint16_t protoinfo)332 __rta_blob_proto(uint16_t protoinfo)
333 {
334 if (protoinfo & ~proto_blob_flags[rta_sec_era])
335 return -EINVAL;
336
337 switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) {
338 case OP_PCL_BLOB_FORMAT_NORMAL:
339 case OP_PCL_BLOB_FORMAT_MASTER_VER:
340 case OP_PCL_BLOB_FORMAT_TEST:
341 break;
342 default:
343 return -EINVAL;
344 }
345
346 switch (protoinfo & OP_PCL_BLOB_REG_MASK) {
347 case OP_PCL_BLOB_AFHA_SBOX:
348 case OP_PCL_BLOB_REG_MEMORY:
349 case OP_PCL_BLOB_REG_KEY1:
350 case OP_PCL_BLOB_REG_KEY2:
351 case OP_PCL_BLOB_REG_SPLIT:
352 case OP_PCL_BLOB_REG_PKE:
353 return 0;
354 }
355
356 return -EINVAL;
357 }
358
359 static inline int
__rta_dlc_proto(uint16_t protoinfo)360 __rta_dlc_proto(uint16_t protoinfo)
361 {
362 switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) {
363 case OP_PCL_PKPROT_HASH_MD5:
364 case OP_PCL_PKPROT_HASH_SHA1:
365 case OP_PCL_PKPROT_HASH_SHA224:
366 case OP_PCL_PKPROT_HASH_SHA256:
367 case OP_PCL_PKPROT_HASH_SHA384:
368 case OP_PCL_PKPROT_HASH_SHA512:
369 break;
370 default:
371 return -EINVAL;
372 }
373
374 return 0;
375 }
376
377 static inline int
__rta_rsa_enc_proto(uint16_t protoinfo)378 __rta_rsa_enc_proto(uint16_t protoinfo)
379 {
380 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
381 case OP_PCL_RSAPROT_OP_ENC_F_IN:
382 if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) !=
383 OP_PCL_RSAPROT_FFF_RED)
384 return -EINVAL;
385 break;
386 case OP_PCL_RSAPROT_OP_ENC_F_OUT:
387 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
388 case OP_PCL_RSAPROT_FFF_RED:
389 case OP_PCL_RSAPROT_FFF_ENC:
390 case OP_PCL_RSAPROT_FFF_EKT:
391 case OP_PCL_RSAPROT_FFF_TK_ENC:
392 case OP_PCL_RSAPROT_FFF_TK_EKT:
393 break;
394 default:
395 return -EINVAL;
396 }
397 break;
398 default:
399 return -EINVAL;
400 }
401
402 return 0;
403 }
404
405 static inline int
__rta_rsa_dec_proto(uint16_t protoinfo)406 __rta_rsa_dec_proto(uint16_t protoinfo)
407 {
408 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
409 case OP_PCL_RSAPROT_OP_DEC_ND:
410 case OP_PCL_RSAPROT_OP_DEC_PQD:
411 case OP_PCL_RSAPROT_OP_DEC_PQDPDQC:
412 break;
413 default:
414 return -EINVAL;
415 }
416
417 switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) {
418 case OP_PCL_RSAPROT_PPP_RED:
419 case OP_PCL_RSAPROT_PPP_ENC:
420 case OP_PCL_RSAPROT_PPP_EKT:
421 case OP_PCL_RSAPROT_PPP_TK_ENC:
422 case OP_PCL_RSAPROT_PPP_TK_EKT:
423 break;
424 default:
425 return -EINVAL;
426 }
427
428 if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15)
429 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
430 case OP_PCL_RSAPROT_FFF_RED:
431 case OP_PCL_RSAPROT_FFF_ENC:
432 case OP_PCL_RSAPROT_FFF_EKT:
433 case OP_PCL_RSAPROT_FFF_TK_ENC:
434 case OP_PCL_RSAPROT_FFF_TK_EKT:
435 break;
436 default:
437 return -EINVAL;
438 }
439
440 return 0;
441 }
442
443 /*
444 * DKP Protocol - Restrictions on key (SRC,DST) combinations
445 * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
446 */
447 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0},
448 {1, 1, 1, 1},
449 {1, 0, 1, 0},
450 {1, 0, 0, 1} };
451
452 static inline int
__rta_dkp_proto(uint16_t protoinfo)453 __rta_dkp_proto(uint16_t protoinfo)
454 {
455 int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT;
456 int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT;
457
458 if (!key_in_out[key_src][key_dst]) {
459 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
460 return -EINVAL;
461 }
462
463 return 0;
464 }
465
466
467 static inline int
__rta_3g_dcrc_proto(uint16_t protoinfo)468 __rta_3g_dcrc_proto(uint16_t protoinfo)
469 {
470 switch (protoinfo) {
471 case OP_PCL_3G_DCRC_CRC7:
472 case OP_PCL_3G_DCRC_CRC11:
473 return 0;
474 }
475
476 return -EINVAL;
477 }
478
479 static inline int
__rta_3g_rlc_proto(uint16_t protoinfo)480 __rta_3g_rlc_proto(uint16_t protoinfo)
481 {
482 switch (protoinfo) {
483 case OP_PCL_3G_RLC_NULL:
484 case OP_PCL_3G_RLC_KASUMI:
485 case OP_PCL_3G_RLC_SNOW:
486 return 0;
487 }
488
489 return -EINVAL;
490 }
491
492 static inline int
__rta_lte_pdcp_proto(uint16_t protoinfo)493 __rta_lte_pdcp_proto(uint16_t protoinfo)
494 {
495 switch (protoinfo) {
496 case OP_PCL_LTE_ZUC:
497 case OP_PCL_LTE_NULL:
498 case OP_PCL_LTE_SNOW:
499 case OP_PCL_LTE_AES:
500 return 0;
501 }
502
503 return -EINVAL;
504 }
505
506 static inline int
__rta_lte_pdcp_mixed_proto(uint16_t protoinfo)507 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo)
508 {
509 switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) {
510 case OP_PCL_LTE_MIXED_AUTH_NULL:
511 case OP_PCL_LTE_MIXED_AUTH_SNOW:
512 case OP_PCL_LTE_MIXED_AUTH_AES:
513 case OP_PCL_LTE_MIXED_AUTH_ZUC:
514 break;
515 default:
516 return -EINVAL;
517 }
518
519 switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) {
520 case OP_PCL_LTE_MIXED_ENC_NULL:
521 case OP_PCL_LTE_MIXED_ENC_SNOW:
522 case OP_PCL_LTE_MIXED_ENC_AES:
523 case OP_PCL_LTE_MIXED_ENC_ZUC:
524 return 0;
525 }
526
527 return -EINVAL;
528 }
529
530 struct proto_map {
531 uint32_t optype;
532 uint32_t protid;
533 int (*protoinfo_func)(uint16_t);
534 };
535
536 static const struct proto_map proto_table[] = {
537 /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto},
538 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto},
539 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto},
540 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto},
541 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS_PRF, __rta_ssl_proto},
542 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto},
543 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto},
544 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
545 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
546 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto},
547 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto},
548 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto},
549 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto},
550 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto},
551 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto},
552 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto},
553 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS, __rta_ssl_proto},
554 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto},
555 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto},
556 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto},
557 /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto},
558 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto},
559 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto},
560 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto},
561 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto},
562 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto},
563 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto},
564 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto},
565 /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto},
566 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto},
567 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto},
568 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto},
569 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto},
570 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto},
571 /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto},
572 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
573 /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
574 /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED,
575 __rta_lte_pdcp_mixed_proto},
576 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto},
577 /*40*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER_RN,
578 __rta_lte_pdcp_mixed_proto},
579 };
580
581 /*
582 * Allowed OPERATION protocols for each SEC Era.
583 * Values represent the number of entries from proto_table[] that are supported.
584 */
585 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37,
586 40, 40, 40};
587
588 static inline int
rta_proto_operation(struct program * program,uint32_t optype,uint32_t protid,uint16_t protoinfo)589 rta_proto_operation(struct program *program, uint32_t optype,
590 uint32_t protid, uint16_t protoinfo)
591 {
592 uint32_t opcode = CMD_OPERATION;
593 unsigned int i, found = 0;
594 uint32_t optype_tmp = optype;
595 unsigned int start_pc = program->current_pc;
596 int ret = -EINVAL;
597
598 for (i = 0; i < proto_table_sz[rta_sec_era]; i++) {
599 /* clear last bit in optype to match also decap proto */
600 optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT);
601 if (optype_tmp == proto_table[i].optype) {
602 if (proto_table[i].protid == protid) {
603 /* nothing else to verify */
604 if (proto_table[i].protoinfo_func == NULL) {
605 found = 1;
606 break;
607 }
608 /* check protoinfo */
609 ret = (*proto_table[i].protoinfo_func)
610 (protoinfo);
611 if (ret < 0) {
612 pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
613 program->current_pc);
614 goto err;
615 }
616 found = 1;
617 break;
618 }
619 }
620 }
621 if (!found) {
622 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
623 program->current_pc);
624 goto err;
625 }
626
627 __rta_out32(program, opcode | optype | protid | protoinfo);
628 program->current_instruction++;
629 return (int)start_pc;
630
631 err:
632 program->first_error_pc = start_pc;
633 program->current_instruction++;
634 return ret;
635 }
636
637 static inline int
rta_dkp_proto(struct program * program,uint32_t protid,uint16_t key_src,uint16_t key_dst,uint16_t keylen,uint64_t key,enum rta_data_type key_type)638 rta_dkp_proto(struct program *program, uint32_t protid,
639 uint16_t key_src, uint16_t key_dst,
640 uint16_t keylen, uint64_t key,
641 enum rta_data_type key_type)
642 {
643 unsigned int start_pc = program->current_pc;
644 unsigned int in_words = 0, out_words = 0;
645 int ret;
646
647 key_src &= OP_PCL_DKP_SRC_MASK;
648 key_dst &= OP_PCL_DKP_DST_MASK;
649 keylen &= OP_PCL_DKP_KEY_MASK;
650
651 ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid,
652 key_src | key_dst | keylen);
653 if (ret < 0)
654 return ret;
655
656 if ((key_src == OP_PCL_DKP_SRC_PTR) ||
657 (key_src == OP_PCL_DKP_SRC_SGF)) {
658 __rta_out64(program, program->ps, key);
659 in_words = program->ps ? 2 : 1;
660 } else if (key_src == OP_PCL_DKP_SRC_IMM) {
661 __rta_inline_data(program, key, inline_flags(key_type), keylen);
662 in_words = (unsigned int)((keylen + 3) / 4);
663 }
664
665 if ((key_dst == OP_PCL_DKP_DST_PTR) ||
666 (key_dst == OP_PCL_DKP_DST_SGF)) {
667 out_words = in_words;
668 } else if (key_dst == OP_PCL_DKP_DST_IMM) {
669 out_words = split_key_len(protid) / 4;
670 }
671
672 if (out_words < in_words) {
673 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
674 program->first_error_pc = start_pc;
675 return -EINVAL;
676 }
677
678 /* If needed, reserve space in resulting descriptor for derived key */
679 program->current_pc += (out_words - in_words);
680
681 return (int)start_pc;
682 }
683
684 #endif /* __RTA_PROTOCOL_CMD_H__ */
685