1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
2 *
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016,2019 NXP
5 *
6 */
7
8 #ifndef __RTA_PROTOCOL_CMD_H__
9 #define __RTA_PROTOCOL_CMD_H__
10
11 extern enum rta_sec_era rta_sec_era;
12
13 static inline int
__rta_ssl_proto(uint16_t protoinfo)14 __rta_ssl_proto(uint16_t protoinfo)
15 {
16 switch (protoinfo) {
17 case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5:
18 case OP_PCL_TLS_RSA_WITH_RC4_128_MD5:
19 case OP_PCL_TLS_RSA_WITH_RC4_128_SHA:
20 case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
21 case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5:
22 case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA:
23 case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5:
24 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA:
25 case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5:
26 case OP_PCL_TLS_PSK_WITH_RC4_128_SHA:
27 case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA:
28 case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA:
29 case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
30 case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
31 case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA:
32 case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA:
33 case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA:
34 case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA:
35 case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:
36 case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA:
37 case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA:
38 case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
39 case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA:
40 case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
41 case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
42 case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA:
43 case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
44 case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
45 case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA:
46 case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
47 case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
48 case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA:
49 case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
50 case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
51 case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA:
52 case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
53 case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA:
54 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA:
55 case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5:
56 case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5:
57 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA:
58 case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5:
59 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA:
60 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA:
61 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA:
62 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
63 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
64 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA:
65 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA:
66 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA:
67 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA:
68 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
69 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
70 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA:
71 case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
72 case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
73 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
74 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
75 case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
76 case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
77 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
78 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
79 case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256:
80 case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256:
81 case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA:
82 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA:
83 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA:
84 case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
85 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
86 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
87 case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
88 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
89 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
90 case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256:
91 case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384:
92 case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
93 case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
94 case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
95 case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
96 case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
97 case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
98 case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
99 case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
100 case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256:
101 case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384:
102 case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256:
103 case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384:
104 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
105 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
106 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
107 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
108 case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256:
109 case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384:
110 case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
111 case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
112 case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
113 case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
114 case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
115 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
116 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
117 case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
118 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
119 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
120 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
121 case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
122 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
123 case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
124 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
125 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
126 case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
127 case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
128 case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
129 case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
130 case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
131 case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
132 case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
133 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
134 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
135 case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
136 case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
137 case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
138 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
139 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
140 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
141 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
142 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
143 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
144 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
145 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
146 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
147 case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
148 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
149 case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
150 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
151 case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
152 case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
153 case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
154 case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
155 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
156 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
157 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
158 case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
159 case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256:
160 case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256:
161 case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5:
162 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160:
163 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224:
164 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256:
165 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384:
166 case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512:
167 case OP_PCL_PVT_TLS_AES_128_CBC_SHA160:
168 case OP_PCL_PVT_TLS_AES_128_CBC_SHA224:
169 case OP_PCL_PVT_TLS_AES_128_CBC_SHA256:
170 case OP_PCL_PVT_TLS_AES_128_CBC_SHA384:
171 case OP_PCL_PVT_TLS_AES_128_CBC_SHA512:
172 case OP_PCL_PVT_TLS_AES_192_CBC_SHA160:
173 case OP_PCL_PVT_TLS_AES_192_CBC_SHA224:
174 case OP_PCL_PVT_TLS_AES_192_CBC_SHA256:
175 case OP_PCL_PVT_TLS_AES_192_CBC_SHA512:
176 case OP_PCL_PVT_TLS_AES_256_CBC_SHA160:
177 case OP_PCL_PVT_TLS_AES_256_CBC_SHA224:
178 case OP_PCL_PVT_TLS_AES_256_CBC_SHA384:
179 case OP_PCL_PVT_TLS_AES_256_CBC_SHA512:
180 case OP_PCL_PVT_TLS_AES_256_CBC_SHA256:
181 case OP_PCL_PVT_TLS_AES_192_CBC_SHA384:
182 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE:
183 case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF:
184 return 0;
185 }
186
187 return -EINVAL;
188 }
189
190 static inline int
__rta_ike_proto(uint16_t protoinfo)191 __rta_ike_proto(uint16_t protoinfo)
192 {
193 switch (protoinfo) {
194 case OP_PCL_IKE_HMAC_MD5:
195 case OP_PCL_IKE_HMAC_SHA1:
196 case OP_PCL_IKE_HMAC_AES128_CBC:
197 case OP_PCL_IKE_HMAC_SHA256:
198 case OP_PCL_IKE_HMAC_SHA384:
199 case OP_PCL_IKE_HMAC_SHA512:
200 case OP_PCL_IKE_HMAC_AES128_CMAC:
201 return 0;
202 }
203
204 return -EINVAL;
205 }
206
207 static inline int
__rta_ipsec_proto(uint16_t protoinfo)208 __rta_ipsec_proto(uint16_t protoinfo)
209 {
210 uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK;
211 uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK;
212
213 switch (proto_cls1) {
214 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
215 case OP_PCL_IPSEC_AES_CCM8:
216 case OP_PCL_IPSEC_AES_CCM12:
217 case OP_PCL_IPSEC_AES_CCM16:
218 case OP_PCL_IPSEC_AES_GCM8:
219 case OP_PCL_IPSEC_AES_GCM12:
220 case OP_PCL_IPSEC_AES_GCM16:
221 /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */
222 if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL)
223 return 0;
224 return -EINVAL;
225 case OP_PCL_IPSEC_NULL:
226 case OP_PCL_IPSEC_DES_IV64:
227 case OP_PCL_IPSEC_DES:
228 case OP_PCL_IPSEC_3DES:
229 case OP_PCL_IPSEC_AES_CBC:
230 case OP_PCL_IPSEC_AES_CTR:
231 break;
232 default:
233 return -EINVAL;
234 }
235
236 switch (proto_cls2) {
237 case OP_PCL_IPSEC_HMAC_NULL:
238 case OP_PCL_IPSEC_HMAC_MD5_96:
239 case OP_PCL_IPSEC_HMAC_SHA1_96:
240 case OP_PCL_IPSEC_AES_XCBC_MAC_96:
241 case OP_PCL_IPSEC_HMAC_MD5_128:
242 case OP_PCL_IPSEC_HMAC_SHA1_160:
243 case OP_PCL_IPSEC_AES_CMAC_96:
244 case OP_PCL_IPSEC_HMAC_SHA2_256_128:
245 case OP_PCL_IPSEC_HMAC_SHA2_384_192:
246 case OP_PCL_IPSEC_HMAC_SHA2_512_256:
247 return 0;
248 }
249
250 return -EINVAL;
251 }
252
253 static inline int
__rta_srtp_proto(uint16_t protoinfo)254 __rta_srtp_proto(uint16_t protoinfo)
255 {
256 uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK;
257 uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK;
258
259 switch (proto_cls1) {
260 case OP_PCL_SRTP_AES_CTR:
261 switch (proto_cls2) {
262 case OP_PCL_SRTP_HMAC_SHA1_160:
263 return 0;
264 }
265 /* no break */
266 }
267
268 return -EINVAL;
269 }
270
271 static inline int
__rta_macsec_proto(uint16_t protoinfo)272 __rta_macsec_proto(uint16_t protoinfo)
273 {
274 switch (protoinfo) {
275 case OP_PCL_MACSEC:
276 return 0;
277 }
278
279 return -EINVAL;
280 }
281
282 static inline int
__rta_wifi_proto(uint16_t protoinfo)283 __rta_wifi_proto(uint16_t protoinfo)
284 {
285 switch (protoinfo) {
286 case OP_PCL_WIFI:
287 return 0;
288 }
289
290 return -EINVAL;
291 }
292
293 static inline int
__rta_wimax_proto(uint16_t protoinfo)294 __rta_wimax_proto(uint16_t protoinfo)
295 {
296 switch (protoinfo) {
297 case OP_PCL_WIMAX_OFDM:
298 case OP_PCL_WIMAX_OFDMA:
299 return 0;
300 }
301
302 return -EINVAL;
303 }
304
305 /* Allowed blob proto flags for each SEC Era */
306 static const uint32_t proto_blob_flags[] = {
307 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK,
308 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
309 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
310 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
311 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK,
312 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
313 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
314 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
315 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
316 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
317 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
318 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
319 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
320 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
321 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
322 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
323 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
324 OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
325 OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
326 };
327
328 static inline int
__rta_blob_proto(uint16_t protoinfo)329 __rta_blob_proto(uint16_t protoinfo)
330 {
331 if (protoinfo & ~proto_blob_flags[rta_sec_era])
332 return -EINVAL;
333
334 switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) {
335 case OP_PCL_BLOB_FORMAT_NORMAL:
336 case OP_PCL_BLOB_FORMAT_MASTER_VER:
337 case OP_PCL_BLOB_FORMAT_TEST:
338 break;
339 default:
340 return -EINVAL;
341 }
342
343 switch (protoinfo & OP_PCL_BLOB_REG_MASK) {
344 case OP_PCL_BLOB_AFHA_SBOX:
345 case OP_PCL_BLOB_REG_MEMORY:
346 case OP_PCL_BLOB_REG_KEY1:
347 case OP_PCL_BLOB_REG_KEY2:
348 case OP_PCL_BLOB_REG_SPLIT:
349 case OP_PCL_BLOB_REG_PKE:
350 return 0;
351 }
352
353 return -EINVAL;
354 }
355
356 static inline int
__rta_dlc_proto(uint16_t protoinfo)357 __rta_dlc_proto(uint16_t protoinfo)
358 {
359 switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) {
360 case OP_PCL_PKPROT_HASH_MD5:
361 case OP_PCL_PKPROT_HASH_SHA1:
362 case OP_PCL_PKPROT_HASH_SHA224:
363 case OP_PCL_PKPROT_HASH_SHA256:
364 case OP_PCL_PKPROT_HASH_SHA384:
365 case OP_PCL_PKPROT_HASH_SHA512:
366 break;
367 default:
368 return -EINVAL;
369 }
370
371 return 0;
372 }
373
374 static inline int
__rta_rsa_enc_proto(uint16_t protoinfo)375 __rta_rsa_enc_proto(uint16_t protoinfo)
376 {
377 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
378 case OP_PCL_RSAPROT_OP_ENC_F_IN:
379 if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) !=
380 OP_PCL_RSAPROT_FFF_RED)
381 return -EINVAL;
382 break;
383 case OP_PCL_RSAPROT_OP_ENC_F_OUT:
384 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
385 case OP_PCL_RSAPROT_FFF_RED:
386 case OP_PCL_RSAPROT_FFF_ENC:
387 case OP_PCL_RSAPROT_FFF_EKT:
388 case OP_PCL_RSAPROT_FFF_TK_ENC:
389 case OP_PCL_RSAPROT_FFF_TK_EKT:
390 break;
391 default:
392 return -EINVAL;
393 }
394 break;
395 default:
396 return -EINVAL;
397 }
398
399 return 0;
400 }
401
402 static inline int
__rta_rsa_dec_proto(uint16_t protoinfo)403 __rta_rsa_dec_proto(uint16_t protoinfo)
404 {
405 switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) {
406 case OP_PCL_RSAPROT_OP_DEC_ND:
407 case OP_PCL_RSAPROT_OP_DEC_PQD:
408 case OP_PCL_RSAPROT_OP_DEC_PQDPDQC:
409 break;
410 default:
411 return -EINVAL;
412 }
413
414 switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) {
415 case OP_PCL_RSAPROT_PPP_RED:
416 case OP_PCL_RSAPROT_PPP_ENC:
417 case OP_PCL_RSAPROT_PPP_EKT:
418 case OP_PCL_RSAPROT_PPP_TK_ENC:
419 case OP_PCL_RSAPROT_PPP_TK_EKT:
420 break;
421 default:
422 return -EINVAL;
423 }
424
425 if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15)
426 switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) {
427 case OP_PCL_RSAPROT_FFF_RED:
428 case OP_PCL_RSAPROT_FFF_ENC:
429 case OP_PCL_RSAPROT_FFF_EKT:
430 case OP_PCL_RSAPROT_FFF_TK_ENC:
431 case OP_PCL_RSAPROT_FFF_TK_EKT:
432 break;
433 default:
434 return -EINVAL;
435 }
436
437 return 0;
438 }
439
440 /*
441 * DKP Protocol - Restrictions on key (SRC,DST) combinations
442 * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed
443 */
444 static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0},
445 {1, 1, 1, 1},
446 {1, 0, 1, 0},
447 {1, 0, 0, 1} };
448
449 static inline int
__rta_dkp_proto(uint16_t protoinfo)450 __rta_dkp_proto(uint16_t protoinfo)
451 {
452 int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT;
453 int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT;
454
455 if (!key_in_out[key_src][key_dst]) {
456 pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n");
457 return -EINVAL;
458 }
459
460 return 0;
461 }
462
463
464 static inline int
__rta_3g_dcrc_proto(uint16_t protoinfo)465 __rta_3g_dcrc_proto(uint16_t protoinfo)
466 {
467 switch (protoinfo) {
468 case OP_PCL_3G_DCRC_CRC7:
469 case OP_PCL_3G_DCRC_CRC11:
470 return 0;
471 }
472
473 return -EINVAL;
474 }
475
476 static inline int
__rta_3g_rlc_proto(uint16_t protoinfo)477 __rta_3g_rlc_proto(uint16_t protoinfo)
478 {
479 switch (protoinfo) {
480 case OP_PCL_3G_RLC_NULL:
481 case OP_PCL_3G_RLC_KASUMI:
482 case OP_PCL_3G_RLC_SNOW:
483 return 0;
484 }
485
486 return -EINVAL;
487 }
488
489 static inline int
__rta_lte_pdcp_proto(uint16_t protoinfo)490 __rta_lte_pdcp_proto(uint16_t protoinfo)
491 {
492 switch (protoinfo) {
493 case OP_PCL_LTE_ZUC:
494 case OP_PCL_LTE_NULL:
495 case OP_PCL_LTE_SNOW:
496 case OP_PCL_LTE_AES:
497 return 0;
498 }
499
500 return -EINVAL;
501 }
502
503 static inline int
__rta_lte_pdcp_mixed_proto(uint16_t protoinfo)504 __rta_lte_pdcp_mixed_proto(uint16_t protoinfo)
505 {
506 switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) {
507 case OP_PCL_LTE_MIXED_AUTH_NULL:
508 case OP_PCL_LTE_MIXED_AUTH_SNOW:
509 case OP_PCL_LTE_MIXED_AUTH_AES:
510 case OP_PCL_LTE_MIXED_AUTH_ZUC:
511 break;
512 default:
513 return -EINVAL;
514 }
515
516 switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) {
517 case OP_PCL_LTE_MIXED_ENC_NULL:
518 case OP_PCL_LTE_MIXED_ENC_SNOW:
519 case OP_PCL_LTE_MIXED_ENC_AES:
520 case OP_PCL_LTE_MIXED_ENC_ZUC:
521 return 0;
522 }
523
524 return -EINVAL;
525 }
526
527 struct proto_map {
528 uint32_t optype;
529 uint32_t protid;
530 int (*protoinfo_func)(uint16_t);
531 };
532
533 static const struct proto_map proto_table[] = {
534 /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto},
535 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto},
536 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto},
537 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto},
538 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS_PRF, __rta_ssl_proto},
539 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto},
540 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto},
541 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
542 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
543 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto},
544 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto},
545 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto},
546 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto},
547 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto},
548 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto},
549 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto},
550 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS, __rta_ssl_proto},
551 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto},
552 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto},
553 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto},
554 /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto},
555 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto},
556 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto},
557 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto},
558 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto},
559 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto},
560 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto},
561 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto},
562 /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto},
563 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto},
564 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto},
565 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto},
566 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto},
567 {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto},
568 /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto},
569 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
570 /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto},
571 /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED,
572 __rta_lte_pdcp_mixed_proto},
573 {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto},
574 /*40*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER_RN,
575 __rta_lte_pdcp_mixed_proto},
576 };
577
578 /*
579 * Allowed OPERATION protocols for each SEC Era.
580 * Values represent the number of entries from proto_table[] that are supported.
581 */
582 static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37,
583 40, 40, 40};
584
585 static inline int
rta_proto_operation(struct program * program,uint32_t optype,uint32_t protid,uint16_t protoinfo)586 rta_proto_operation(struct program *program, uint32_t optype,
587 uint32_t protid, uint16_t protoinfo)
588 {
589 uint32_t opcode = CMD_OPERATION;
590 unsigned int i, found = 0;
591 uint32_t optype_tmp = optype;
592 unsigned int start_pc = program->current_pc;
593 int ret = -EINVAL;
594
595 for (i = 0; i < proto_table_sz[rta_sec_era]; i++) {
596 /* clear last bit in optype to match also decap proto */
597 optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT);
598 if (optype_tmp == proto_table[i].optype) {
599 if (proto_table[i].protid == protid) {
600 /* nothing else to verify */
601 if (proto_table[i].protoinfo_func == NULL) {
602 found = 1;
603 break;
604 }
605 /* check protoinfo */
606 ret = (*proto_table[i].protoinfo_func)
607 (protoinfo);
608 if (ret < 0) {
609 pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n",
610 program->current_pc);
611 goto err;
612 }
613 found = 1;
614 break;
615 }
616 }
617 }
618 if (!found) {
619 pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n",
620 program->current_pc);
621 goto err;
622 }
623
624 __rta_out32(program, opcode | optype | protid | protoinfo);
625 program->current_instruction++;
626 return (int)start_pc;
627
628 err:
629 program->first_error_pc = start_pc;
630 program->current_instruction++;
631 return ret;
632 }
633
634 static inline int
rta_dkp_proto(struct program * program,uint32_t protid,uint16_t key_src,uint16_t key_dst,uint16_t keylen,uint64_t key,enum rta_data_type key_type)635 rta_dkp_proto(struct program *program, uint32_t protid,
636 uint16_t key_src, uint16_t key_dst,
637 uint16_t keylen, uint64_t key,
638 enum rta_data_type key_type)
639 {
640 unsigned int start_pc = program->current_pc;
641 unsigned int in_words = 0, out_words = 0;
642 int ret;
643
644 key_src &= OP_PCL_DKP_SRC_MASK;
645 key_dst &= OP_PCL_DKP_DST_MASK;
646 keylen &= OP_PCL_DKP_KEY_MASK;
647
648 ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid,
649 key_src | key_dst | keylen);
650 if (ret < 0)
651 return ret;
652
653 if ((key_src == OP_PCL_DKP_SRC_PTR) ||
654 (key_src == OP_PCL_DKP_SRC_SGF)) {
655 __rta_out64(program, program->ps, key);
656 in_words = program->ps ? 2 : 1;
657 } else if (key_src == OP_PCL_DKP_SRC_IMM) {
658 __rta_inline_data(program, key, inline_flags(key_type), keylen);
659 in_words = (unsigned int)((keylen + 3) / 4);
660 }
661
662 if ((key_dst == OP_PCL_DKP_DST_PTR) ||
663 (key_dst == OP_PCL_DKP_DST_SGF)) {
664 out_words = in_words;
665 } else if (key_dst == OP_PCL_DKP_DST_IMM) {
666 out_words = split_key_len(protid) / 4;
667 }
668
669 if (out_words < in_words) {
670 pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n");
671 program->first_error_pc = start_pc;
672 return -EINVAL;
673 }
674
675 /* If needed, reserve space in resulting descriptor for derived key */
676 program->current_pc += (out_words - in_words);
677
678 return (int)start_pc;
679 }
680
681 #endif /* __RTA_PROTOCOL_CMD_H__ */
682