xref: /dpdk/drivers/common/dpaax/caamflib/rta/protocol_cmd.h (revision 68a03efeed657e6e05f281479b33b51102797e15) 
1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
2  *
3  * Copyright 2008-2016 Freescale Semiconductor Inc.
4  * Copyright 2016,2019 NXP
5  *
6  */
7 
8 #ifndef __RTA_PROTOCOL_CMD_H__
9 #define __RTA_PROTOCOL_CMD_H__
10 
11 extern enum rta_sec_era rta_sec_era;
12 
13 static inline int
14 __rta_ssl_proto(uint16_t protoinfo)
15 {
16 	switch (protoinfo) {
17 	case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5:
18 	case OP_PCL_TLS_RSA_WITH_RC4_128_MD5:
19 	case OP_PCL_TLS_RSA_WITH_RC4_128_SHA:
20 	case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
21 	case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5:
22 	case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA:
23 	case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5:
24 	case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA:
25 	case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5:
26 	case OP_PCL_TLS_PSK_WITH_RC4_128_SHA:
27 	case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA:
28 	case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA:
29 	case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
30 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
31 	case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA:
32 	case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA:
33 	case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA:
34 	case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA:
35 		if (rta_sec_era == RTA_SEC_ERA_7)
36 			return -EINVAL;
37 		/* fall through if not Era 7 */
38 	case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:
39 	case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA:
40 	case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA:
41 	case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
42 	case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA:
43 	case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
44 	case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
45 	case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA:
46 	case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
47 	case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
48 	case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA:
49 	case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
50 	case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
51 	case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA:
52 	case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
53 	case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
54 	case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA:
55 	case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
56 	case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA:
57 	case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA:
58 	case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5:
59 	case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5:
60 	case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA:
61 	case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5:
62 	case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA:
63 	case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA:
64 	case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA:
65 	case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
66 	case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
67 	case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA:
68 	case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA:
69 	case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA:
70 	case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA:
71 	case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
72 	case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
73 	case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA:
74 	case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
75 	case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
76 	case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
77 	case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
78 	case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
79 	case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
80 	case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
81 	case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
82 	case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256:
83 	case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256:
84 	case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA:
85 	case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA:
86 	case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA:
87 	case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
88 	case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
89 	case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
90 	case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
91 	case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
92 	case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
93 	case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256:
94 	case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384:
95 	case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
96 	case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
97 	case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
98 	case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
99 	case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
100 	case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
101 	case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
102 	case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
103 	case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256:
104 	case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384:
105 	case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256:
106 	case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384:
107 	case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
108 	case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
109 	case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
110 	case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
111 	case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256:
112 	case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384:
113 	case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
114 	case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
115 	case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
116 	case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
117 	case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
118 	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
119 	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
120 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
121 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
122 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
123 	case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
124 	case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
125 	case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
126 	case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
127 	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
128 	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
129 	case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
130 	case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
131 	case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
132 	case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
133 	case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
134 	case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
135 	case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
136 	case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
137 	case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
138 	case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
139 	case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
140 	case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
141 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
142 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
143 	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
144 	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
145 	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
146 	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
147 	case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
148 	case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
149 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
150 	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
151 	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
152 	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
153 	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
154 	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
155 	case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
156 	case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
157 	case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
158 	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
159 	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
160 	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
161 	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
162 	case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256:
163 	case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256:
164 	case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5:
165 	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160:
166 	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224:
167 	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256:
168 	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384:
169 	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512:
170 	case OP_PCL_PVT_TLS_AES_128_CBC_SHA160:
171 	case OP_PCL_PVT_TLS_AES_128_CBC_SHA224:
172 	case OP_PCL_PVT_TLS_AES_128_CBC_SHA256:
173 	case OP_PCL_PVT_TLS_AES_128_CBC_SHA384:
174 	case OP_PCL_PVT_TLS_AES_128_CBC_SHA512:
175 	case OP_PCL_PVT_TLS_AES_192_CBC_SHA160:
176 	case OP_PCL_PVT_TLS_AES_192_CBC_SHA224:
177 	case OP_PCL_PVT_TLS_AES_192_CBC_SHA256:
178 	case OP_PCL_PVT_TLS_AES_192_CBC_SHA512:
179 	case OP_PCL_PVT_TLS_AES_256_CBC_SHA160:
180 	case OP_PCL_PVT_TLS_AES_256_CBC_SHA224:
181 	case OP_PCL_PVT_TLS_AES_256_CBC_SHA384:
182 	case OP_PCL_PVT_TLS_AES_256_CBC_SHA512:
183 	case OP_PCL_PVT_TLS_AES_256_CBC_SHA256:
184 	case OP_PCL_PVT_TLS_AES_192_CBC_SHA384:
185 	case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE:
186 	case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF:
187 		return 0;
188 	}
189 
190 	return -EINVAL;
191 }
192 
193 static inline int
194 __rta_ike_proto(uint16_t protoinfo)
195 {
196 	switch (protoinfo) {
197 	case OP_PCL_IKE_HMAC_MD5:
198 	case OP_PCL_IKE_HMAC_SHA1:
199 	case OP_PCL_IKE_HMAC_AES128_CBC:
200 	case OP_PCL_IKE_HMAC_SHA256:
201 	case OP_PCL_IKE_HMAC_SHA384:
202 	case OP_PCL_IKE_HMAC_SHA512:
203 	case OP_PCL_IKE_HMAC_AES128_CMAC:
204 		return 0;
205 	}
206 
207 	return -EINVAL;
208 }
209 
210 static inline int
211 __rta_ipsec_proto(uint16_t protoinfo)
212 {
213 	uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK;
214 	uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK;
215 
216 	switch (proto_cls1) {
217 	case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
218 		if (rta_sec_era < RTA_SEC_ERA_2)
219 			return -EINVAL;
220 		/* no break */
221 	case OP_PCL_IPSEC_AES_CCM8:
222 	case OP_PCL_IPSEC_AES_CCM12:
223 	case OP_PCL_IPSEC_AES_CCM16:
224 	case OP_PCL_IPSEC_AES_GCM8:
225 	case OP_PCL_IPSEC_AES_GCM12:
226 	case OP_PCL_IPSEC_AES_GCM16:
227 		/* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
228 		if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL)
229 			return 0;
230 		return -EINVAL;
231 	case OP_PCL_IPSEC_NULL:
232 		if (rta_sec_era < RTA_SEC_ERA_2)
233 			return -EINVAL;
234 		/* no break */
235 	case OP_PCL_IPSEC_DES_IV64:
236 	case OP_PCL_IPSEC_DES:
237 	case OP_PCL_IPSEC_3DES:
238 	case OP_PCL_IPSEC_AES_CBC:
239 	case OP_PCL_IPSEC_AES_CTR:
240 		break;
241 	default:
242 		return -EINVAL;
243 	}
244 
245 	switch (proto_cls2) {
246 	case OP_PCL_IPSEC_HMAC_NULL:
247 	case OP_PCL_IPSEC_HMAC_MD5_96:
248 	case OP_PCL_IPSEC_HMAC_SHA1_96:
249 	case OP_PCL_IPSEC_AES_XCBC_MAC_96:
250 	case OP_PCL_IPSEC_HMAC_MD5_128:
251 	case OP_PCL_IPSEC_HMAC_SHA1_160:
252 	case OP_PCL_IPSEC_AES_CMAC_96:
253 	case OP_PCL_IPSEC_HMAC_SHA2_256_128:
254 	case OP_PCL_IPSEC_HMAC_SHA2_384_192:
255 	case OP_PCL_IPSEC_HMAC_SHA2_512_256:
256 		return 0;
257 	}
258 
259 	return -EINVAL;
260 }
261 
262 static inline int
263 __rta_srtp_proto(uint16_t protoinfo)
264 {
265 	uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK;
266 	uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK;
267 
268 	switch (proto_cls1) {
269 	case OP_PCL_SRTP_AES_CTR:
270 		switch (proto_cls2) {
271 		case OP_PCL_SRTP_HMAC_SHA1_160:
272 			return 0;
273 		}
274 		/* no break */
275 	}
276 
277 	return -EINVAL;
278 }
279 
280 static inline int
281 __rta_macsec_proto(uint16_t protoinfo)
282 {
283 	switch (protoinfo) {
284 	case OP_PCL_MACSEC:
285 		return 0;
286 	}
287 
288 	return -EINVAL;
289 }
290 
291 static inline int
292 __rta_wifi_proto(uint16_t protoinfo)
293 {
294 	switch (protoinfo) {
295 	case OP_PCL_WIFI:
296 		return 0;
297 	}
298 
299 	return -EINVAL;
300 }
301 
302 static inline int
303 __rta_wimax_proto(uint16_t protoinfo)
304 {
305 	switch (protoinfo) {
306 	case OP_PCL_WIMAX_OFDM:
307 	case OP_PCL_WIMAX_OFDMA:
308 		return 0;
309 	}
310 
311 	return -EINVAL;
312 }
313 
314 /* Allowed blob proto flags for each SEC Era */
315 static const uint32_t proto_blob_flags[] = {
316 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK,
317 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
318 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
319 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
320 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
321 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
322 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
323 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
324 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
325 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
326 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
327 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
328 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
329 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
330 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
331 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
332 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
333 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
334 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
335 };
336 
337 static inline int
338 __rta_blob_proto(uint16_t protoinfo)
339 {
340 	if (protoinfo & ~proto_blob_flags[rta_sec_era])
341 		return -EINVAL;
342 
343 	switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) {
344 	case OP_PCL_BLOB_FORMAT_NORMAL:
345 	case OP_PCL_BLOB_FORMAT_MASTER_VER:
346 	case OP_PCL_BLOB_FORMAT_TEST:
347 		break;
348 	default:
349 		return -EINVAL;
350 	}
351 
352 	switch (protoinfo & OP_PCL_BLOB_REG_MASK) {
353 	case OP_PCL_BLOB_AFHA_SBOX:
354 		if (rta_sec_era < RTA_SEC_ERA_3)
355 			return -EINVAL;
356 		/* no break */
357 	case OP_PCL_BLOB_REG_MEMORY:
358 	case OP_PCL_BLOB_REG_KEY1:
359 	case OP_PCL_BLOB_REG_KEY2:
360 	case OP_PCL_BLOB_REG_SPLIT:
361 	case OP_PCL_BLOB_REG_PKE:
362 		return 0;
363 	}
364 
365 	return -EINVAL;
366 }
367 
368 static inline int
369 __rta_dlc_proto(uint16_t protoinfo)
370 {
371 	if ((rta_sec_era < RTA_SEC_ERA_2) &&
372 	    (protoinfo & (OP_PCL_PKPROT_DSA_MSG | OP_PCL_PKPROT_HASH_MASK |
373 	     OP_PCL_PKPROT_EKT_Z | OP_PCL_PKPROT_DECRYPT_Z |
374 	     OP_PCL_PKPROT_DECRYPT_PRI)))
375 		return -EINVAL;
376 
377 	switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) {
378 	case OP_PCL_PKPROT_HASH_MD5:
379 	case OP_PCL_PKPROT_HASH_SHA1:
380 	case OP_PCL_PKPROT_HASH_SHA224:
381 	case OP_PCL_PKPROT_HASH_SHA256:
382 	case OP_PCL_PKPROT_HASH_SHA384:
383 	case OP_PCL_PKPROT_HASH_SHA512:
384 		break;
385 	default:
386 		return -EINVAL;
387 	}
388 
389 	return 0;
390 }
391 
392 static inline int
393 __rta_rsa_enc_proto(uint16_t protoinfo)
394 {
395 	switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
396 	case OP_PCL_RSAPROT_OP_ENC_F_IN:
397 		if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) !=
398 		    OP_PCL_RSAPROT_FFF_RED)
399 			return -EINVAL;
400 		break;
401 	case OP_PCL_RSAPROT_OP_ENC_F_OUT:
402 		switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
403 		case OP_PCL_RSAPROT_FFF_RED:
404 		case OP_PCL_RSAPROT_FFF_ENC:
405 		case OP_PCL_RSAPROT_FFF_EKT:
406 		case OP_PCL_RSAPROT_FFF_TK_ENC:
407 		case OP_PCL_RSAPROT_FFF_TK_EKT:
408 			break;
409 		default:
410 			return -EINVAL;
411 		}
412 		break;
413 	default:
414 		return -EINVAL;
415 	}
416 
417 	return 0;
418 }
419 
420 static inline int
421 __rta_rsa_dec_proto(uint16_t protoinfo)
422 {
423 	switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
424 	case OP_PCL_RSAPROT_OP_DEC_ND:
425 	case OP_PCL_RSAPROT_OP_DEC_PQD:
426 	case OP_PCL_RSAPROT_OP_DEC_PQDPDQC:
427 		break;
428 	default:
429 		return -EINVAL;
430 	}
431 
432 	switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) {
433 	case OP_PCL_RSAPROT_PPP_RED:
434 	case OP_PCL_RSAPROT_PPP_ENC:
435 	case OP_PCL_RSAPROT_PPP_EKT:
436 	case OP_PCL_RSAPROT_PPP_TK_ENC:
437 	case OP_PCL_RSAPROT_PPP_TK_EKT:
438 		break;
439 	default:
440 		return -EINVAL;
441 	}
442 
443 	if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15)
444 		switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
445 		case OP_PCL_RSAPROT_FFF_RED:
446 		case OP_PCL_RSAPROT_FFF_ENC:
447 		case OP_PCL_RSAPROT_FFF_EKT:
448 		case OP_PCL_RSAPROT_FFF_TK_ENC:
449 		case OP_PCL_RSAPROT_FFF_TK_EKT:
450 			break;
451 		default:
452 			return -EINVAL;
453 		}
454 
455 	return 0;
456 }
457 
458 /*
459  * DKP Protocol - Restrictions on key (SRC,DST) combinations
460  * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
461  */
462 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0},
463 					  {1, 1, 1, 1},
464 					  {1, 0, 1, 0},
465 					  {1, 0, 0, 1} };
466 
467 static inline int
468 __rta_dkp_proto(uint16_t protoinfo)
469 {
470 	int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT;
471 	int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT;
472 
473 	if (!key_in_out[key_src][key_dst]) {
474 		pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
475 		return -EINVAL;
476 	}
477 
478 	return 0;
479 }
480 
481 
482 static inline int
483 __rta_3g_dcrc_proto(uint16_t protoinfo)
484 {
485 	if (rta_sec_era == RTA_SEC_ERA_7)
486 		return -EINVAL;
487 
488 	switch (protoinfo) {
489 	case OP_PCL_3G_DCRC_CRC7:
490 	case OP_PCL_3G_DCRC_CRC11:
491 		return 0;
492 	}
493 
494 	return -EINVAL;
495 }
496 
497 static inline int
498 __rta_3g_rlc_proto(uint16_t protoinfo)
499 {
500 	if (rta_sec_era == RTA_SEC_ERA_7)
501 		return -EINVAL;
502 
503 	switch (protoinfo) {
504 	case OP_PCL_3G_RLC_NULL:
505 	case OP_PCL_3G_RLC_KASUMI:
506 	case OP_PCL_3G_RLC_SNOW:
507 		return 0;
508 	}
509 
510 	return -EINVAL;
511 }
512 
513 static inline int
514 __rta_lte_pdcp_proto(uint16_t protoinfo)
515 {
516 	if (rta_sec_era == RTA_SEC_ERA_7)
517 		return -EINVAL;
518 
519 	switch (protoinfo) {
520 	case OP_PCL_LTE_ZUC:
521 		if (rta_sec_era < RTA_SEC_ERA_5)
522 			break;
523 	case OP_PCL_LTE_NULL:
524 	case OP_PCL_LTE_SNOW:
525 	case OP_PCL_LTE_AES:
526 		return 0;
527 	}
528 
529 	return -EINVAL;
530 }
531 
532 static inline int
533 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo)
534 {
535 	switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) {
536 	case OP_PCL_LTE_MIXED_AUTH_NULL:
537 	case OP_PCL_LTE_MIXED_AUTH_SNOW:
538 	case OP_PCL_LTE_MIXED_AUTH_AES:
539 	case OP_PCL_LTE_MIXED_AUTH_ZUC:
540 		break;
541 	default:
542 		return -EINVAL;
543 	}
544 
545 	switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) {
546 	case OP_PCL_LTE_MIXED_ENC_NULL:
547 	case OP_PCL_LTE_MIXED_ENC_SNOW:
548 	case OP_PCL_LTE_MIXED_ENC_AES:
549 	case OP_PCL_LTE_MIXED_ENC_ZUC:
550 		return 0;
551 	}
552 
553 	return -EINVAL;
554 }
555 
556 struct proto_map {
557 	uint32_t optype;
558 	uint32_t protid;
559 	int (*protoinfo_func)(uint16_t);
560 };
561 
562 static const struct proto_map proto_table[] = {
563 /*1*/	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_SSL30_PRF,	 __rta_ssl_proto},
564 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS10_PRF,	 __rta_ssl_proto},
565 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS11_PRF,	 __rta_ssl_proto},
566 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS12_PRF,	 __rta_ssl_proto},
567 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DTLS_PRF,	 __rta_ssl_proto},
568 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_IKEV1_PRF,	 __rta_ike_proto},
569 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_IKEV2_PRF,	 __rta_ike_proto},
570 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
571 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DSASIGN,	 __rta_dlc_proto},
572 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DSAVERIFY,	 __rta_dlc_proto},
573 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC,         __rta_ipsec_proto},
574 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP,	         __rta_srtp_proto},
575 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30,	 __rta_ssl_proto},
576 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10,	 __rta_ssl_proto},
577 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11,	 __rta_ssl_proto},
578 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12,	 __rta_ssl_proto},
579 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS,		 __rta_ssl_proto},
580 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC,        __rta_macsec_proto},
581 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI,          __rta_wifi_proto},
582 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX,         __rta_wimax_proto},
583 /*21*/	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB,          __rta_blob_proto},
584 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto},
585 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_RSAENCRYPT,	 __rta_rsa_enc_proto},
586 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_RSADECRYPT,	 __rta_rsa_dec_proto},
587 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC,       __rta_3g_dcrc_proto},
588 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU,    __rta_3g_rlc_proto},
589 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU,    __rta_3g_rlc_proto},
590 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto},
591 /*29*/	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto},
592 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_MD5,       __rta_dkp_proto},
593 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA1,      __rta_dkp_proto},
594 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA224,    __rta_dkp_proto},
595 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA256,    __rta_dkp_proto},
596 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA384,    __rta_dkp_proto},
597 /*35*/	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DKP_SHA512,    __rta_dkp_proto},
598 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
599 /*37*/	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN,	 __rta_dlc_proto},
600 /*38*/	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED,
601 	 __rta_lte_pdcp_mixed_proto},
602 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW,     __rta_ipsec_proto},
603 /*40*/	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER_RN,
604 	__rta_lte_pdcp_mixed_proto},
605 };
606 
607 /*
608  * Allowed OPERATION protocols for each SEC Era.
609  * Values represent the number of entries from proto_table[] that are supported.
610  */
611 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37,
612 						40, 40, 40};
613 
614 static inline int
615 rta_proto_operation(struct program *program, uint32_t optype,
616 				      uint32_t protid, uint16_t protoinfo)
617 {
618 	uint32_t opcode = CMD_OPERATION;
619 	unsigned int i, found = 0;
620 	uint32_t optype_tmp = optype;
621 	unsigned int start_pc = program->current_pc;
622 	int ret = -EINVAL;
623 
624 	for (i = 0; i < proto_table_sz[rta_sec_era]; i++) {
625 		/* clear last bit in optype to match also decap proto */
626 		optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT);
627 		if (optype_tmp == proto_table[i].optype) {
628 			if (proto_table[i].protid == protid) {
629 				/* nothing else to verify */
630 				if (proto_table[i].protoinfo_func == NULL) {
631 					found = 1;
632 					break;
633 				}
634 				/* check protoinfo */
635 				ret = (*proto_table[i].protoinfo_func)
636 						(protoinfo);
637 				if (ret < 0) {
638 					pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
639 					       program->current_pc);
640 					goto err;
641 				}
642 				found = 1;
643 				break;
644 			}
645 		}
646 	}
647 	if (!found) {
648 		pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
649 		       program->current_pc);
650 		goto err;
651 	}
652 
653 	__rta_out32(program, opcode | optype | protid | protoinfo);
654 	program->current_instruction++;
655 	return (int)start_pc;
656 
657  err:
658 	program->first_error_pc = start_pc;
659 	program->current_instruction++;
660 	return ret;
661 }
662 
663 static inline int
664 rta_dkp_proto(struct program *program, uint32_t protid,
665 				uint16_t key_src, uint16_t key_dst,
666 				uint16_t keylen, uint64_t key,
667 				enum rta_data_type key_type)
668 {
669 	unsigned int start_pc = program->current_pc;
670 	unsigned int in_words = 0, out_words = 0;
671 	int ret;
672 
673 	key_src &= OP_PCL_DKP_SRC_MASK;
674 	key_dst &= OP_PCL_DKP_DST_MASK;
675 	keylen &= OP_PCL_DKP_KEY_MASK;
676 
677 	ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid,
678 				  key_src | key_dst | keylen);
679 	if (ret < 0)
680 		return ret;
681 
682 	if ((key_src == OP_PCL_DKP_SRC_PTR) ||
683 	    (key_src == OP_PCL_DKP_SRC_SGF)) {
684 		__rta_out64(program, program->ps, key);
685 		in_words = program->ps ? 2 : 1;
686 	} else if (key_src == OP_PCL_DKP_SRC_IMM) {
687 		__rta_inline_data(program, key, inline_flags(key_type), keylen);
688 		in_words = (unsigned int)((keylen + 3) / 4);
689 	}
690 
691 	if ((key_dst == OP_PCL_DKP_DST_PTR) ||
692 	    (key_dst == OP_PCL_DKP_DST_SGF)) {
693 		out_words = in_words;
694 	} else  if (key_dst == OP_PCL_DKP_DST_IMM) {
695 		out_words = split_key_len(protid) / 4;
696 	}
697 
698 	if (out_words < in_words) {
699 		pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
700 		program->first_error_pc = start_pc;
701 		return -EINVAL;
702 	}
703 
704 	/* If needed, reserve space in resulting descriptor for derived key */
705 	program->current_pc += (out_words - in_words);
706 
707 	return (int)start_pc;
708 }
709 
710 #endif /* __RTA_PROTOCOL_CMD_H__ */
711