1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) 2 * 3 * Copyright 2008-2016 Freescale Semiconductor Inc. 4 * Copyright 2016,2019,2023 NXP 5 * 6 */ 7 8 #ifndef __RTA_PROTOCOL_CMD_H__ 9 #define __RTA_PROTOCOL_CMD_H__ 10 11 extern enum rta_sec_era rta_sec_era; 12 13 static inline int 14 __rta_ssl_proto(uint16_t protoinfo) 15 { 16 switch (protoinfo) { 17 case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5: 18 case OP_PCL_TLS_RSA_WITH_RC4_128_MD5: 19 case OP_PCL_TLS_RSA_WITH_RC4_128_SHA: 20 case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: 21 case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5: 22 case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA: 23 case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5: 24 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA: 25 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5: 26 case OP_PCL_TLS_PSK_WITH_RC4_128_SHA: 27 case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA: 28 case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA: 29 case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA: 30 case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: 31 case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA: 32 case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA: 33 case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA: 34 case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA: 35 case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: 36 case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA: 37 case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA: 38 case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: 39 case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA: 40 case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: 41 case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: 42 case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA: 43 case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: 44 case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: 45 case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA: 46 case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 47 case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: 48 case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA: 49 case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 50 case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: 51 case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA: 52 case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: 53 case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA: 54 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA: 55 case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5: 56 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5: 57 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA: 58 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5: 59 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA: 60 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA: 61 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA: 62 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 63 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 64 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA: 65 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA: 66 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA: 67 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA: 68 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 69 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 70 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA: 71 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256: 72 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256: 73 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: 74 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 75 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256: 76 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256: 77 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: 78 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 79 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256: 80 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256: 81 case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA: 82 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA: 83 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA: 84 case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: 85 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: 86 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: 87 case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: 88 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: 89 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: 90 case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256: 91 case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384: 92 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 93 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 94 case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256: 95 case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384: 96 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: 97 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: 98 case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256: 99 case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384: 100 case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256: 101 case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384: 102 case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256: 103 case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384: 104 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: 105 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: 106 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: 107 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: 108 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256: 109 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384: 110 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: 111 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: 112 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: 113 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: 114 case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: 115 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: 116 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: 117 case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: 118 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 119 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 120 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: 121 case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: 122 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: 123 case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: 124 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 125 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 126 case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: 127 case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA: 128 case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA: 129 case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA: 130 case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA: 131 case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA: 132 case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA: 133 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA: 134 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA: 135 case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA: 136 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA: 137 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA: 138 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 139 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 140 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: 141 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: 142 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 143 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 144 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: 145 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: 146 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 147 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 148 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: 149 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: 150 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 151 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 152 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: 153 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: 154 case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA: 155 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: 156 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: 157 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: 158 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: 159 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256: 160 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256: 161 case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5: 162 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160: 163 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224: 164 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256: 165 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384: 166 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512: 167 case OP_PCL_PVT_TLS_AES_128_CBC_SHA160: 168 case OP_PCL_PVT_TLS_AES_128_CBC_SHA224: 169 case OP_PCL_PVT_TLS_AES_128_CBC_SHA256: 170 case OP_PCL_PVT_TLS_AES_128_CBC_SHA384: 171 case OP_PCL_PVT_TLS_AES_128_CBC_SHA512: 172 case OP_PCL_PVT_TLS_AES_192_CBC_SHA160: 173 case OP_PCL_PVT_TLS_AES_192_CBC_SHA224: 174 case OP_PCL_PVT_TLS_AES_192_CBC_SHA256: 175 case OP_PCL_PVT_TLS_AES_192_CBC_SHA512: 176 case OP_PCL_PVT_TLS_AES_256_CBC_SHA160: 177 case OP_PCL_PVT_TLS_AES_256_CBC_SHA224: 178 case OP_PCL_PVT_TLS_AES_256_CBC_SHA384: 179 case OP_PCL_PVT_TLS_AES_256_CBC_SHA512: 180 case OP_PCL_PVT_TLS_AES_256_CBC_SHA256: 181 case OP_PCL_PVT_TLS_AES_192_CBC_SHA384: 182 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE: 183 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF: 184 return 0; 185 } 186 187 return -EINVAL; 188 } 189 190 static inline int 191 __rta_ike_proto(uint16_t protoinfo) 192 { 193 switch (protoinfo) { 194 case OP_PCL_IKE_HMAC_MD5: 195 case OP_PCL_IKE_HMAC_SHA1: 196 case OP_PCL_IKE_HMAC_AES128_CBC: 197 case OP_PCL_IKE_HMAC_SHA256: 198 case OP_PCL_IKE_HMAC_SHA384: 199 case OP_PCL_IKE_HMAC_SHA512: 200 case OP_PCL_IKE_HMAC_AES128_CMAC: 201 return 0; 202 } 203 204 return -EINVAL; 205 } 206 207 static inline int 208 __rta_ipsec_proto(uint16_t protoinfo) 209 { 210 uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK; 211 uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK; 212 213 switch (proto_cls1) { 214 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC: 215 case OP_PCL_IPSEC_AES_CCM8: 216 case OP_PCL_IPSEC_AES_CCM12: 217 case OP_PCL_IPSEC_AES_CCM16: 218 case OP_PCL_IPSEC_AES_GCM8: 219 case OP_PCL_IPSEC_AES_GCM12: 220 case OP_PCL_IPSEC_AES_GCM16: 221 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */ 222 if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL) 223 return 0; 224 return -EINVAL; 225 case OP_PCL_IPSEC_NULL: 226 case OP_PCL_IPSEC_DES_IV64: 227 case OP_PCL_IPSEC_DES: 228 case OP_PCL_IPSEC_3DES: 229 case OP_PCL_IPSEC_AES_CBC: 230 case OP_PCL_IPSEC_AES_CTR: 231 break; 232 default: 233 return -EINVAL; 234 } 235 236 switch (proto_cls2) { 237 case OP_PCL_IPSEC_HMAC_NULL: 238 case OP_PCL_IPSEC_HMAC_MD5_96: 239 case OP_PCL_IPSEC_HMAC_SHA1_96: 240 case OP_PCL_IPSEC_AES_XCBC_MAC_96: 241 case OP_PCL_IPSEC_HMAC_MD5_128: 242 case OP_PCL_IPSEC_HMAC_SHA1_160: 243 case OP_PCL_IPSEC_AES_CMAC_96: 244 case OP_PCL_IPSEC_HMAC_SHA2_224_96: 245 case OP_PCL_IPSEC_HMAC_SHA2_224_112: 246 case OP_PCL_IPSEC_HMAC_SHA2_224_224: 247 case OP_PCL_IPSEC_HMAC_SHA2_256_128: 248 case OP_PCL_IPSEC_HMAC_SHA2_384_192: 249 case OP_PCL_IPSEC_HMAC_SHA2_512_256: 250 return 0; 251 } 252 253 return -EINVAL; 254 } 255 256 static inline int 257 __rta_srtp_proto(uint16_t protoinfo) 258 { 259 uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK; 260 uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK; 261 262 switch (proto_cls1) { 263 case OP_PCL_SRTP_AES_CTR: 264 switch (proto_cls2) { 265 case OP_PCL_SRTP_HMAC_SHA1_160: 266 return 0; 267 } 268 /* no break */ 269 } 270 271 return -EINVAL; 272 } 273 274 static inline int 275 __rta_macsec_proto(uint16_t protoinfo) 276 { 277 switch (protoinfo) { 278 case OP_PCL_MACSEC: 279 return 0; 280 } 281 282 return -EINVAL; 283 } 284 285 static inline int 286 __rta_wifi_proto(uint16_t protoinfo) 287 { 288 switch (protoinfo) { 289 case OP_PCL_WIFI: 290 return 0; 291 } 292 293 return -EINVAL; 294 } 295 296 static inline int 297 __rta_wimax_proto(uint16_t protoinfo) 298 { 299 switch (protoinfo) { 300 case OP_PCL_WIMAX_OFDM: 301 case OP_PCL_WIMAX_OFDMA: 302 return 0; 303 } 304 305 return -EINVAL; 306 } 307 308 /* Allowed blob proto flags for each SEC Era */ 309 static const uint32_t proto_blob_flags[] = { 310 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK, 311 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 312 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK, 313 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 314 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK, 315 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 316 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, 317 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 318 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, 319 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 320 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, 321 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 322 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, 323 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 324 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, 325 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 326 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, 327 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | 328 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM 329 }; 330 331 static inline int 332 __rta_blob_proto(uint16_t protoinfo) 333 { 334 if (protoinfo & ~proto_blob_flags[rta_sec_era]) 335 return -EINVAL; 336 337 switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) { 338 case OP_PCL_BLOB_FORMAT_NORMAL: 339 case OP_PCL_BLOB_FORMAT_MASTER_VER: 340 case OP_PCL_BLOB_FORMAT_TEST: 341 break; 342 default: 343 return -EINVAL; 344 } 345 346 switch (protoinfo & OP_PCL_BLOB_REG_MASK) { 347 case OP_PCL_BLOB_AFHA_SBOX: 348 case OP_PCL_BLOB_REG_MEMORY: 349 case OP_PCL_BLOB_REG_KEY1: 350 case OP_PCL_BLOB_REG_KEY2: 351 case OP_PCL_BLOB_REG_SPLIT: 352 case OP_PCL_BLOB_REG_PKE: 353 return 0; 354 } 355 356 return -EINVAL; 357 } 358 359 static inline int 360 __rta_dlc_proto(uint16_t protoinfo) 361 { 362 switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) { 363 case OP_PCL_PKPROT_HASH_MD5: 364 case OP_PCL_PKPROT_HASH_SHA1: 365 case OP_PCL_PKPROT_HASH_SHA224: 366 case OP_PCL_PKPROT_HASH_SHA256: 367 case OP_PCL_PKPROT_HASH_SHA384: 368 case OP_PCL_PKPROT_HASH_SHA512: 369 break; 370 default: 371 return -EINVAL; 372 } 373 374 return 0; 375 } 376 377 static inline int 378 __rta_rsa_enc_proto(uint16_t protoinfo) 379 { 380 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) { 381 case OP_PCL_RSAPROT_OP_ENC_F_IN: 382 if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) != 383 OP_PCL_RSAPROT_FFF_RED) 384 return -EINVAL; 385 break; 386 case OP_PCL_RSAPROT_OP_ENC_F_OUT: 387 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) { 388 case OP_PCL_RSAPROT_FFF_RED: 389 case OP_PCL_RSAPROT_FFF_ENC: 390 case OP_PCL_RSAPROT_FFF_EKT: 391 case OP_PCL_RSAPROT_FFF_TK_ENC: 392 case OP_PCL_RSAPROT_FFF_TK_EKT: 393 break; 394 default: 395 return -EINVAL; 396 } 397 break; 398 default: 399 return -EINVAL; 400 } 401 402 return 0; 403 } 404 405 static inline int 406 __rta_rsa_dec_proto(uint16_t protoinfo) 407 { 408 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) { 409 case OP_PCL_RSAPROT_OP_DEC_ND: 410 case OP_PCL_RSAPROT_OP_DEC_PQD: 411 case OP_PCL_RSAPROT_OP_DEC_PQDPDQC: 412 break; 413 default: 414 return -EINVAL; 415 } 416 417 switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) { 418 case OP_PCL_RSAPROT_PPP_RED: 419 case OP_PCL_RSAPROT_PPP_ENC: 420 case OP_PCL_RSAPROT_PPP_EKT: 421 case OP_PCL_RSAPROT_PPP_TK_ENC: 422 case OP_PCL_RSAPROT_PPP_TK_EKT: 423 break; 424 default: 425 return -EINVAL; 426 } 427 428 if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15) 429 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) { 430 case OP_PCL_RSAPROT_FFF_RED: 431 case OP_PCL_RSAPROT_FFF_ENC: 432 case OP_PCL_RSAPROT_FFF_EKT: 433 case OP_PCL_RSAPROT_FFF_TK_ENC: 434 case OP_PCL_RSAPROT_FFF_TK_EKT: 435 break; 436 default: 437 return -EINVAL; 438 } 439 440 return 0; 441 } 442 443 /* 444 * DKP Protocol - Restrictions on key (SRC,DST) combinations 445 * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed 446 */ 447 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0}, 448 {1, 1, 1, 1}, 449 {1, 0, 1, 0}, 450 {1, 0, 0, 1} }; 451 452 static inline int 453 __rta_dkp_proto(uint16_t protoinfo) 454 { 455 int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT; 456 int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT; 457 458 if (!key_in_out[key_src][key_dst]) { 459 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n"); 460 return -EINVAL; 461 } 462 463 return 0; 464 } 465 466 467 static inline int 468 __rta_3g_dcrc_proto(uint16_t protoinfo) 469 { 470 switch (protoinfo) { 471 case OP_PCL_3G_DCRC_CRC7: 472 case OP_PCL_3G_DCRC_CRC11: 473 return 0; 474 } 475 476 return -EINVAL; 477 } 478 479 static inline int 480 __rta_3g_rlc_proto(uint16_t protoinfo) 481 { 482 switch (protoinfo) { 483 case OP_PCL_3G_RLC_NULL: 484 case OP_PCL_3G_RLC_KASUMI: 485 case OP_PCL_3G_RLC_SNOW: 486 return 0; 487 } 488 489 return -EINVAL; 490 } 491 492 static inline int 493 __rta_lte_pdcp_proto(uint16_t protoinfo) 494 { 495 switch (protoinfo) { 496 case OP_PCL_LTE_ZUC: 497 case OP_PCL_LTE_NULL: 498 case OP_PCL_LTE_SNOW: 499 case OP_PCL_LTE_AES: 500 return 0; 501 } 502 503 return -EINVAL; 504 } 505 506 static inline int 507 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo) 508 { 509 switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) { 510 case OP_PCL_LTE_MIXED_AUTH_NULL: 511 case OP_PCL_LTE_MIXED_AUTH_SNOW: 512 case OP_PCL_LTE_MIXED_AUTH_AES: 513 case OP_PCL_LTE_MIXED_AUTH_ZUC: 514 break; 515 default: 516 return -EINVAL; 517 } 518 519 switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) { 520 case OP_PCL_LTE_MIXED_ENC_NULL: 521 case OP_PCL_LTE_MIXED_ENC_SNOW: 522 case OP_PCL_LTE_MIXED_ENC_AES: 523 case OP_PCL_LTE_MIXED_ENC_ZUC: 524 return 0; 525 } 526 527 return -EINVAL; 528 } 529 530 struct proto_map { 531 uint32_t optype; 532 uint32_t protid; 533 int (*protoinfo_func)(uint16_t); 534 }; 535 536 static const struct proto_map proto_table[] = { 537 /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto}, 538 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto}, 539 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto}, 540 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto}, 541 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS_PRF, __rta_ssl_proto}, 542 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto}, 543 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto}, 544 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto}, 545 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto}, 546 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto}, 547 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto}, 548 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto}, 549 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto}, 550 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto}, 551 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto}, 552 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto}, 553 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS, __rta_ssl_proto}, 554 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto}, 555 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto}, 556 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto}, 557 /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto}, 558 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto}, 559 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto}, 560 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto}, 561 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto}, 562 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto}, 563 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto}, 564 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto}, 565 /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto}, 566 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto}, 567 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto}, 568 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto}, 569 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto}, 570 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto}, 571 /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto}, 572 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto}, 573 /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto}, 574 /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED, 575 __rta_lte_pdcp_mixed_proto}, 576 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto}, 577 /*40*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER_RN, 578 __rta_lte_pdcp_mixed_proto}, 579 }; 580 581 /* 582 * Allowed OPERATION protocols for each SEC Era. 583 * Values represent the number of entries from proto_table[] that are supported. 584 */ 585 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37, 586 40, 40, 40}; 587 588 static inline int 589 rta_proto_operation(struct program *program, uint32_t optype, 590 uint32_t protid, uint16_t protoinfo) 591 { 592 uint32_t opcode = CMD_OPERATION; 593 unsigned int i, found = 0; 594 uint32_t optype_tmp = optype; 595 unsigned int start_pc = program->current_pc; 596 int ret = -EINVAL; 597 598 for (i = 0; i < proto_table_sz[rta_sec_era]; i++) { 599 /* clear last bit in optype to match also decap proto */ 600 optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT); 601 if (optype_tmp == proto_table[i].optype) { 602 if (proto_table[i].protid == protid) { 603 /* nothing else to verify */ 604 if (proto_table[i].protoinfo_func == NULL) { 605 found = 1; 606 break; 607 } 608 /* check protoinfo */ 609 ret = (*proto_table[i].protoinfo_func) 610 (protoinfo); 611 if (ret < 0) { 612 pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n", 613 program->current_pc); 614 goto err; 615 } 616 found = 1; 617 break; 618 } 619 } 620 } 621 if (!found) { 622 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n", 623 program->current_pc); 624 goto err; 625 } 626 627 __rta_out32(program, opcode | optype | protid | protoinfo); 628 program->current_instruction++; 629 return (int)start_pc; 630 631 err: 632 program->first_error_pc = start_pc; 633 program->current_instruction++; 634 return ret; 635 } 636 637 static inline int 638 rta_dkp_proto(struct program *program, uint32_t protid, 639 uint16_t key_src, uint16_t key_dst, 640 uint16_t keylen, uint64_t key, 641 enum rta_data_type key_type) 642 { 643 unsigned int start_pc = program->current_pc; 644 unsigned int in_words = 0, out_words = 0; 645 int ret; 646 647 key_src &= OP_PCL_DKP_SRC_MASK; 648 key_dst &= OP_PCL_DKP_DST_MASK; 649 keylen &= OP_PCL_DKP_KEY_MASK; 650 651 ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid, 652 key_src | key_dst | keylen); 653 if (ret < 0) 654 return ret; 655 656 if ((key_src == OP_PCL_DKP_SRC_PTR) || 657 (key_src == OP_PCL_DKP_SRC_SGF)) { 658 __rta_out64(program, program->ps, key); 659 in_words = program->ps ? 2 : 1; 660 } else if (key_src == OP_PCL_DKP_SRC_IMM) { 661 __rta_inline_data(program, key, inline_flags(key_type), keylen); 662 in_words = (unsigned int)((keylen + 3) / 4); 663 } 664 665 if ((key_dst == OP_PCL_DKP_DST_PTR) || 666 (key_dst == OP_PCL_DKP_DST_SGF)) { 667 out_words = in_words; 668 } else if (key_dst == OP_PCL_DKP_DST_IMM) { 669 out_words = split_key_len(protid) / 4; 670 } 671 672 if (out_words < in_words) { 673 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n"); 674 program->first_error_pc = start_pc; 675 return -EINVAL; 676 } 677 678 /* If needed, reserve space in resulting descriptor for derived key */ 679 program->current_pc += (out_words - in_words); 680 681 return (int)start_pc; 682 } 683 684 #endif /* __RTA_PROTOCOL_CMD_H__ */ 685