1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
2 *
3 * Copyright 2008-2016 Freescale Semiconductor Inc.
4 * Copyright 2016,2019-2020 NXP
5 *
6 */
7
8 #ifndef __DESC_IPSEC_H__
9 #define __DESC_IPSEC_H__
10
11 #include "rta.h"
12 #include "common.h"
13
14 /**
15 * DOC: IPsec Shared Descriptor Constructors
16 *
17 * Shared descriptors for IPsec protocol.
18 */
19
20 /* General IPSec ESP encap / decap PDB options */
21
22 /**
23 * PDBOPTS_ESP_ESN - Extended sequence included
24 */
25 #define PDBOPTS_ESP_ESN 0x10
26
27 /**
28 * PDBOPTS_ESP_IPVSN - Process IPv6 header
29 *
30 * Valid only for IPsec legacy mode.
31 */
32 #define PDBOPTS_ESP_IPVSN 0x02
33
34 /**
35 * PDBOPTS_ESP_TUNNEL - Tunnel mode next-header byte
36 *
37 * Valid only for IPsec legacy mode.
38 */
39 #define PDBOPTS_ESP_TUNNEL 0x01
40
41 /* IPSec ESP Encap PDB options */
42
43 /**
44 * PDBOPTS_ESP_UPDATE_CSUM - Update ip header checksum
45 *
46 * Valid only for IPsec legacy mode.
47 */
48 #define PDBOPTS_ESP_UPDATE_CSUM 0x80
49
50 /**
51 * PDBOPTS_ESP_DIFFSERV - Copy TOS/TC from inner iphdr
52 *
53 * Valid only for IPsec legacy mode.
54 */
55 #define PDBOPTS_ESP_DIFFSERV 0x40
56
57 /**
58 * PDBOPTS_ESP_IVSRC - IV comes from internal random gen
59 */
60 #define PDBOPTS_ESP_IVSRC 0x20
61
62 /**
63 * PDBOPTS_ESP_IPHDRSRC - IP header comes from PDB
64 *
65 * Valid only for IPsec legacy mode.
66 */
67 #define PDBOPTS_ESP_IPHDRSRC 0x08
68
69 /**
70 * PDBOPTS_ESP_INCIPHDR - Prepend IP header to output frame
71 *
72 * Valid only for IPsec legacy mode.
73 */
74 #define PDBOPTS_ESP_INCIPHDR 0x04
75
76 /**
77 * PDBOPTS_ESP_OIHI_MASK - Mask for Outer IP Header Included
78 *
79 * Valid only for IPsec new mode.
80 */
81 #define PDBOPTS_ESP_OIHI_MASK 0x0c
82
83 /**
84 * PDBOPTS_ESP_OIHI_PDB_INL - Prepend IP header to output frame from PDB (where
85 * it is inlined).
86 *
87 * Valid only for IPsec new mode.
88 */
89 #define PDBOPTS_ESP_OIHI_PDB_INL 0x0c
90
91 /**
92 * PDBOPTS_ESP_OIHI_PDB_REF - Prepend IP header to output frame from PDB
93 * (referenced by pointer).
94 *
95 * Vlid only for IPsec new mode.
96 */
97 #define PDBOPTS_ESP_OIHI_PDB_REF 0x08
98
99 /**
100 * PDBOPTS_ESP_OIHI_IF - Prepend IP header to output frame from input frame
101 *
102 * Valid only for IPsec new mode.
103 */
104 #define PDBOPTS_ESP_OIHI_IF 0x04
105
106 /**
107 * PDBOPTS_ESP_NAT - Enable RFC 3948 UDP-encapsulated-ESP
108 *
109 * Valid only for IPsec new mode.
110 */
111 #define PDBOPTS_ESP_NAT 0x02
112
113 /**
114 * PDBOPTS_ESP_NUC - Enable NAT UDP Checksum
115 *
116 * Valid only for IPsec new mode.
117 */
118 #define PDBOPTS_ESP_NUC 0x01
119
120 /* IPSec ESP Decap PDB options */
121
122 /**
123 * PDBOPTS_ESP_ARS_MASK_ERA10 - antireplay window mask
124 * for SEC_ERA >= 10
125 */
126 #define PDBOPTS_ESP_ARS_MASK_ERA10 0xc8
127
128 /**
129 * PDBOPTS_ESP_ARS_MASK - antireplay window mask
130 * for SEC_ERA < 10
131 */
132 #define PDBOPTS_ESP_ARS_MASK 0xc0
133
134 /**
135 * PDBOPTS_ESP_ARSNONE - No antireplay window
136 */
137 #define PDBOPTS_ESP_ARSNONE 0x00
138
139 /**
140 * PDBOPTS_ESP_ARS64 - 64-entry antireplay window
141 */
142 #define PDBOPTS_ESP_ARS64 0xc0
143
144 /**
145 * PDBOPTS_ESP_ARS128 - 128-entry antireplay window
146 *
147 * Valid only for IPsec new mode.
148 */
149 #define PDBOPTS_ESP_ARS128 0x80
150
151 /**
152 * PDBOPTS_ESP_ARS256 - 256-entry antireplay window
153 *
154 * Valid only for IPsec new mode.
155 */
156 #define PDBOPTS_ESP_ARS256 0x08
157
158 /**
159 * PDBOPTS_ESP_ARS512 - 512-entry antireplay window
160 *
161 * Valid only for IPsec new mode.
162 */
163 #define PDBOPTS_ESP_ARS512 0x48
164
165 /**
166 * PDBOPTS_ESP_ARS1024 - 1024-entry antireplay window
167 *
168 * Valid only for IPsec new mode.
169 */
170 #define PDBOPTS_ESP_ARS1024 0x88
171
172 /**
173 * PDBOPTS_ESP_ARS32 - 32-entry antireplay window
174 */
175 #define PDBOPTS_ESP_ARS32 0x40
176
177 /**
178 * PDBOPTS_ESP_VERIFY_CSUM - Validate ip header checksum
179 *
180 * Valid only for IPsec legacy mode.
181 */
182 #define PDBOPTS_ESP_VERIFY_CSUM 0x20
183
184 /**
185 * PDBOPTS_ESP_TECN - Implement RRFC6040 ECN tunneling from outer header to
186 * inner header.
187 *
188 * Valid only for IPsec new mode.
189 */
190 #define PDBOPTS_ESP_TECN 0x20
191
192 /**
193 * PDBOPTS_ESP_OUTFMT - Output only decapsulation
194 *
195 * Valid only for IPsec legacy mode.
196 */
197 #define PDBOPTS_ESP_OUTFMT 0x08
198
199 /**
200 * PDBOPTS_ESP_AOFL - Adjust out frame len
201 *
202 * Valid only for IPsec legacy mode and for SEC >= 5.3.
203 */
204 #define PDBOPTS_ESP_AOFL 0x04
205
206 /**
207 * PDBOPTS_ESP_ETU - EtherType Update
208 *
209 * Add corresponding ethertype (0x0800 for IPv4, 0x86dd for IPv6) in the output
210 * frame.
211 * Valid only for IPsec new mode.
212 */
213 #define PDBOPTS_ESP_ETU 0x01
214
215 #define PDBHMO_ESP_DECAP_SHIFT 28
216 #define PDBHMO_ESP_ENCAP_SHIFT 28
217 #define PDBNH_ESP_ENCAP_SHIFT 16
218 #define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT)
219 #define PDBHDRLEN_ESP_DECAP_SHIFT 16
220 #define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT)
221 #define PDB_NH_OFFSET_SHIFT 8
222 #define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT)
223
224 /**
225 * PDBHMO_ESP_DECAP_DTTL - IPsec ESP decrement TTL (IPv4) / Hop limit (IPv6)
226 * HMO option.
227 */
228 #define PDBHMO_ESP_DECAP_DTTL (0x02 << PDBHMO_ESP_DECAP_SHIFT)
229
230 /**
231 * PDBHMO_ESP_ENCAP_DTTL - IPsec ESP increment TTL (IPv4) / Hop limit (IPv6)
232 * HMO option.
233 */
234 #define PDBHMO_ESP_ENCAP_DTTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT)
235
236 /**
237 * PDBHMO_ESP_DIFFSERV - (Decap) DiffServ Copy - Copy the IPv4 TOS or IPv6
238 * Traffic Class byte from the outer IP header to the
239 * inner IP header.
240 */
241 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT)
242
243 /**
244 * PDBHMO_ESP_SNR - (Encap) - Sequence Number Rollover control
245 *
246 * Configures behaviour in case of SN / ESN rollover:
247 * error if SNR = 1, rollover allowed if SNR = 0.
248 * Valid only for IPsec new mode.
249 */
250 #define PDBHMO_ESP_SNR (0x01 << PDBHMO_ESP_ENCAP_SHIFT)
251
252 /**
253 * PDBHMO_ESP_DFBIT - (Encap) Copy DF bit - if an IPv4 tunnel mode outer IP
254 * header is coming from the PDB, copy the DF bit from the
255 * inner IP header to the outer IP header.
256 */
257 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT)
258
259 /**
260 * PDBHMO_ESP_DFV - (Decap) - DF bit value
261 *
262 * If ODF = 1, DF bit in output frame is replaced by DFV.
263 * Valid only from SEC Era 5 onwards.
264 */
265 #define PDBHMO_ESP_DFV (0x04 << PDBHMO_ESP_DECAP_SHIFT)
266
267 /**
268 * PDBHMO_ESP_ODF - (Decap) Override DF bit in IPv4 header of decapsulated
269 * output frame.
270 *
271 * If ODF = 1, DF is replaced with the value of DFV bit.
272 * Valid only from SEC Era 5 onwards.
273 */
274 #define PDBHMO_ESP_ODF (0x08 << PDBHMO_ESP_DECAP_SHIFT)
275
276 /**
277 * struct ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
278 * @iv: 16-byte array initialization vector
279 */
280 struct ipsec_encap_cbc {
281 uint8_t iv[16];
282 };
283
284
285 /**
286 * struct ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
287 * @ctr_nonce: 4-byte nonce
288 * @ctr_initial: initial count constant
289 * @iv: initialization vector
290 */
291 struct ipsec_encap_ctr {
292 uint32_t ctr_nonce;
293 uint32_t ctr_initial;
294 uint8_t iv[8];
295 };
296
297 /**
298 * struct ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
299 * @salt: 3-byte array salt (lower 24 bits)
300 * @ccm_opt: CCM algorithm options - MSB-LSB description:
301 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
302 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
303 * ctr_flags (8b) - counter flags; constant equal to 0x3
304 * ctr_initial (16b) - initial count constant
305 * @iv: initialization vector
306 */
307 struct ipsec_encap_ccm {
308 uint8_t salt[4];
309 uint32_t ccm_opt;
310 uint64_t iv;
311 };
312
313 /**
314 * struct ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
315 * @salt: 3-byte array salt (lower 24 bits)
316 * @rsvd: reserved, do not use
317 * @iv: initialization vector
318 */
319 struct ipsec_encap_gcm {
320 uint8_t salt[4];
321 uint32_t rsvd;
322 uint64_t iv;
323 };
324
325 /**
326 * struct ipsec_encap_pdb - PDB for IPsec encapsulation
327 * @options: MSB-LSB description (both for legacy and new modes)
328 * hmo (header manipulation options) - 4b
329 * reserved - 4b
330 * next header (legacy) / reserved (new) - 8b
331 * next header offset (legacy) / AOIPHO (actual outer IP header offset) - 8b
332 * option flags (depend on selected algorithm) - 8b
333 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
334 * @seq_num: IPsec sequence number
335 * @spi: IPsec SPI (Security Parameters Index)
336 * @ip_hdr_len: optional IP Header length (in bytes)
337 * reserved - 16b
338 * Opt. IP Hdr Len - 16b
339 * @ip_hdr: optional IP Header content (only for IPsec legacy mode)
340 */
341 struct ipsec_encap_pdb {
342 uint32_t options;
343 uint32_t seq_num_ext_hi;
344 uint32_t seq_num;
345 union {
346 struct ipsec_encap_cbc cbc;
347 struct ipsec_encap_ctr ctr;
348 struct ipsec_encap_ccm ccm;
349 struct ipsec_encap_gcm gcm;
350 };
351 uint32_t spi;
352 uint32_t ip_hdr_len;
353 uint8_t ip_hdr[0];
354 };
355
356 static inline unsigned int
__rta_copy_ipsec_encap_pdb(struct program * program,struct ipsec_encap_pdb * pdb,uint32_t algtype)357 __rta_copy_ipsec_encap_pdb(struct program *program,
358 struct ipsec_encap_pdb *pdb,
359 uint32_t algtype)
360 {
361 unsigned int start_pc = program->current_pc;
362
363 __rta_out32(program, pdb->options);
364 __rta_out32(program, pdb->seq_num_ext_hi);
365 __rta_out32(program, pdb->seq_num);
366
367 switch (algtype & OP_PCL_IPSEC_CIPHER_MASK) {
368 case OP_PCL_IPSEC_DES_IV64:
369 case OP_PCL_IPSEC_DES:
370 case OP_PCL_IPSEC_3DES:
371 case OP_PCL_IPSEC_AES_CBC:
372 case OP_PCL_IPSEC_NULL:
373 rta_copy_data(program, pdb->cbc.iv, sizeof(pdb->cbc.iv));
374 break;
375
376 case OP_PCL_IPSEC_AES_CTR:
377 rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
378 __rta_out32(program, pdb->ctr.ctr_initial);
379 rta_copy_data(program, pdb->ctr.iv, sizeof(pdb->ctr.iv));
380 break;
381
382 case OP_PCL_IPSEC_AES_CCM8:
383 case OP_PCL_IPSEC_AES_CCM12:
384 case OP_PCL_IPSEC_AES_CCM16:
385 rta_copy_data(program, pdb->ccm.salt, sizeof(pdb->ccm.salt));
386 __rta_out32(program, pdb->ccm.ccm_opt);
387 __rta_out64(program, true, pdb->ccm.iv);
388 break;
389
390 case OP_PCL_IPSEC_AES_GCM8:
391 case OP_PCL_IPSEC_AES_GCM12:
392 case OP_PCL_IPSEC_AES_GCM16:
393 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
394 rta_copy_data(program, pdb->gcm.salt, sizeof(pdb->gcm.salt));
395 __rta_out32(program, pdb->gcm.rsvd);
396 __rta_out64(program, true, pdb->gcm.iv);
397 break;
398 }
399
400 __rta_out32(program, pdb->spi);
401 __rta_out32(program, pdb->ip_hdr_len);
402
403 return start_pc;
404 }
405
406 /**
407 * struct ipsec_decap_cbc - PDB part for IPsec CBC decapsulation
408 * @rsvd: reserved, do not use
409 */
410 struct ipsec_decap_cbc {
411 uint32_t rsvd[2];
412 };
413
414 /**
415 * struct ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
416 * @ctr_nonce: 4-byte nonce
417 * @ctr_initial: initial count constant
418 */
419 struct ipsec_decap_ctr {
420 uint32_t ctr_nonce;
421 uint32_t ctr_initial;
422 };
423
424 /**
425 * struct ipsec_decap_ccm - PDB part for IPsec CCM decapsulation
426 * @salt: 3-byte salt (lower 24 bits)
427 * @ccm_opt: CCM algorithm options - MSB-LSB description:
428 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
429 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
430 * ctr_flags (8b) - counter flags; constant equal to 0x3
431 * ctr_initial (16b) - initial count constant
432 */
433 struct ipsec_decap_ccm {
434 uint8_t salt[4];
435 uint32_t ccm_opt;
436 };
437
438 /**
439 * struct ipsec_decap_gcm - PDB part for IPsec GCN decapsulation
440 * @salt: 4-byte salt
441 * @rsvd: reserved, do not use
442 */
443 struct ipsec_decap_gcm {
444 uint8_t salt[4];
445 uint32_t rsvd;
446 };
447
448 /**
449 * struct ipsec_decap_pdb - PDB for IPsec decapsulation
450 * @options: MSB-LSB description (both for legacy and new modes)
451 * hmo (header manipulation options) - 4b
452 * IP header length - 12b
453 * next header offset (legacy) / AOIPHO (actual outer IP header offset) - 8b
454 * option flags (depend on selected algorithm) - 8b
455 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
456 * @seq_num: IPsec sequence number
457 * @anti_replay: Anti-replay window; size depends on ARS (option flags);
458 * format must be Big Endian, irrespective of platform
459 */
460 struct ipsec_decap_pdb {
461 uint32_t options;
462 union {
463 struct ipsec_decap_cbc cbc;
464 struct ipsec_decap_ctr ctr;
465 struct ipsec_decap_ccm ccm;
466 struct ipsec_decap_gcm gcm;
467 };
468 uint32_t seq_num_ext_hi;
469 uint32_t seq_num;
470 uint32_t anti_replay[32];
471 };
472
473 static inline unsigned int
__rta_copy_ipsec_decap_pdb(struct program * program,struct ipsec_decap_pdb * pdb,uint32_t algtype)474 __rta_copy_ipsec_decap_pdb(struct program *program,
475 struct ipsec_decap_pdb *pdb,
476 uint32_t algtype)
477 {
478 unsigned int start_pc = program->current_pc;
479 unsigned int i, ars;
480 uint8_t mask;
481
482 __rta_out32(program, pdb->options);
483
484 switch (algtype & OP_PCL_IPSEC_CIPHER_MASK) {
485 case OP_PCL_IPSEC_DES_IV64:
486 case OP_PCL_IPSEC_DES:
487 case OP_PCL_IPSEC_3DES:
488 case OP_PCL_IPSEC_AES_CBC:
489 case OP_PCL_IPSEC_NULL:
490 __rta_out32(program, pdb->cbc.rsvd[0]);
491 __rta_out32(program, pdb->cbc.rsvd[1]);
492 break;
493
494 case OP_PCL_IPSEC_AES_CTR:
495 rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
496 __rta_out32(program, pdb->ctr.ctr_initial);
497 break;
498
499 case OP_PCL_IPSEC_AES_CCM8:
500 case OP_PCL_IPSEC_AES_CCM12:
501 case OP_PCL_IPSEC_AES_CCM16:
502 rta_copy_data(program, pdb->ccm.salt, sizeof(pdb->ccm.salt));
503 __rta_out32(program, pdb->ccm.ccm_opt);
504 break;
505
506 case OP_PCL_IPSEC_AES_GCM8:
507 case OP_PCL_IPSEC_AES_GCM12:
508 case OP_PCL_IPSEC_AES_GCM16:
509 case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
510 rta_copy_data(program, pdb->gcm.salt, sizeof(pdb->gcm.salt));
511 __rta_out32(program, pdb->gcm.rsvd);
512 break;
513 }
514
515 __rta_out32(program, pdb->seq_num_ext_hi);
516 __rta_out32(program, pdb->seq_num);
517
518 if (rta_sec_era < RTA_SEC_ERA_10)
519 mask = PDBOPTS_ESP_ARS_MASK;
520 else
521 mask = PDBOPTS_ESP_ARS_MASK_ERA10;
522 switch (pdb->options & mask) {
523 case PDBOPTS_ESP_ARS1024:
524 ars = 32;
525 break;
526 case PDBOPTS_ESP_ARS512:
527 ars = 16;
528 break;
529 case PDBOPTS_ESP_ARS256:
530 ars = 8;
531 break;
532 case PDBOPTS_ESP_ARS128:
533 ars = 4;
534 break;
535 case PDBOPTS_ESP_ARS64:
536 ars = 2;
537 break;
538 case PDBOPTS_ESP_ARS32:
539 ars = 1;
540 break;
541 case PDBOPTS_ESP_ARSNONE:
542 default:
543 ars = 0;
544 break;
545 }
546
547 for (i = 0; i < ars; i++)
548 __rta_out_be32(program, pdb->anti_replay[i]);
549
550 return start_pc;
551 }
552
553 /**
554 * enum ipsec_icv_size - Type selectors for icv size in IPsec protocol
555 * @IPSEC_ICV_MD5_SIZE: full-length MD5 ICV
556 * @IPSEC_ICV_MD5_TRUNC_SIZE: truncated MD5 ICV
557 */
558 enum ipsec_icv_size {
559 IPSEC_ICV_MD5_SIZE = 16,
560 IPSEC_ICV_MD5_TRUNC_SIZE = 12
561 };
562
563 /*
564 * IPSec ESP Datapath Protocol Override Register (DPOVRD)
565 * IPSEC_N_* defines are for IPsec new mode.
566 */
567
568 /**
569 * IPSEC_DPOVRD_USE - DPOVRD will override values specified in the PDB
570 */
571 #define IPSEC_DPOVRD_USE BIT(31)
572
573 /**
574 * IPSEC_DPOVRD_ECN_SHIFT - Explicit Congestion Notification
575 *
576 * If set, MSB of the 4 bits indicates that the 2 LSBs will replace the ECN bits
577 * in the IP header.
578 */
579 #define IPSEC_DPOVRD_ECN_SHIFT 24
580
581 /**
582 * IPSEC_DPOVRD_ECN_MASK - See IPSEC_DPOVRD_ECN_SHIFT
583 */
584 #define IPSEC_DPOVRD_ECN_MASK (0xf << IPSEC_ENCAP_DPOVRD_ECN_SHIFT)
585
586 /**
587 * IPSEC_DPOVRD_IP_HDR_LEN_SHIFT - The length (in bytes) of the portion of the
588 * IP header that is not encrypted
589 */
590 #define IPSEC_DPOVRD_IP_HDR_LEN_SHIFT 16
591
592 /**
593 * IPSEC_DPOVRD_IP_HDR_LEN_MASK - See IPSEC_DPOVRD_IP_HDR_LEN_SHIFT
594 */
595 #define IPSEC_DPOVRD_IP_HDR_LEN_MASK (0xff << IPSEC_DPOVRD_IP_HDR_LEN_SHIFT)
596
597 /**
598 * IPSEC_DPOVRD_NH_OFFSET_SHIFT - The location of the next header field within
599 * the IP header of the transport mode packet
600 *
601 * Encap:
602 * ESP_Trailer_NH <-- IP_Hdr[DPOVRD[NH_OFFSET]]
603 * IP_Hdr[DPOVRD[NH_OFFSET]] <-- DPOVRD[NH]
604 *Decap:
605 * IP_Hdr[DPOVRD[NH_OFFSET]] <-- ESP_Trailer_NH
606 */
607 #define IPSEC_DPOVRD_NH_OFFSET_SHIFT 8
608
609 /**
610 * IPSEC_DPOVRD_NH_OFFSET_MASK - See IPSEC_DPOVRD_NH_OFFSET_SHIFT
611 */
612 #define IPSEC_DPOVRD_NH_OFFSET_MASK (0xff << IPSEC_DPOVRD_NH_OFFSET_SHIFT)
613
614 /**
615 * IPSEC_DPOVRD_NH_MASK - See IPSEC_DPOVRD_NH_OFFSET_SHIFT
616 * Valid only for encapsulation.
617 */
618 #define IPSEC_DPOVRD_NH_MASK 0xff
619
620 /**
621 * IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT - Outer IP header Material length (encap)
622 * Valid only if L2_COPY is not set.
623 */
624 #define IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT 16
625
626 /**
627 * IPSEC_N_ENCAP_DPOVRD_OIM_LEN_MASK - See IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT
628 */
629 #define IPSEC_N_ENCAP_DPOVRD_OIM_LEN_MASK \
630 (0xfff << IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT)
631
632 /**
633 * IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT - L2 header length
634 * Valid only if L2_COPY is set.
635 */
636 #define IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT 16
637
638 /**
639 * IPSEC_N_ENCAP_DPOVRD_L2_LEN_MASK - See IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT
640 */
641 #define IPSEC_N_ENCAP_DPOVRD_L2_LEN_MASK \
642 (0xff << IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT)
643
644 /**
645 * IPSEC_N_ENCAP_DPOVRD_OIMIF - Outer IP header Material in Input Frame
646 */
647 #define IPSEC_N_ENCAP_DPOVRD_OIMIF BIT(15)
648
649 /**
650 * IPSEC_N_ENCAP_DPOVRD_L2_COPY - L2 header present in input frame
651 *
652 * Note: For Era <= 8, this bit is reserved (not used) by HW.
653 */
654 #define IPSEC_N_ENCAP_DPOVRD_L2_COPY BIT(14)
655
656 /**
657 * IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT - Actual Outer IP Header Offset (encap)
658 */
659 #define IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT 8
660
661 /**
662 * IPSEC_N_ENCAP_DPOVRD_AOIPHO_MASK - See IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT
663 */
664 #define IPSEC_N_ENCAP_DPOVRD_AOIPHO_MASK \
665 (0x3c << IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT)
666
667 /**
668 * IPSEC_N_ENCAP_DPOVRD_NH_MASK - Next Header
669 *
670 * Used in the Next Header field of the encapsulated payload.
671 */
672 #define IPSEC_N_ENCAP_DPOVRD_NH_MASK 0xff
673
674 /**
675 * IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT - Actual Outer IP Header Offset (decap)
676 */
677 #define IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT 12
678
679 /**
680 * IPSEC_N_DECAP_DPOVRD_AOIPHO_MASK - See IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT
681 */
682 #define IPSEC_N_DECAP_DPOVRD_AOIPHO_MASK \
683 (0xff << IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT)
684
685 /**
686 * IPSEC_N_DECAP_DPOVRD_OIM_LEN_MASK - Outer IP header Material length (decap)
687 */
688 #define IPSEC_N_DECAP_DPOVRD_OIM_LEN_MASK 0xfff
689
__gen_auth_key(struct program * program,struct alginfo * authdata)690 static inline void __gen_auth_key(struct program *program,
691 struct alginfo *authdata)
692 {
693 uint32_t dkp_protid;
694
695 switch (authdata->algtype & OP_PCL_IPSEC_AUTH_MASK) {
696 case OP_PCL_IPSEC_HMAC_MD5_96:
697 case OP_PCL_IPSEC_HMAC_MD5_128:
698 dkp_protid = OP_PCLID_DKP_MD5;
699 break;
700 case OP_PCL_IPSEC_HMAC_SHA1_96:
701 case OP_PCL_IPSEC_HMAC_SHA1_160:
702 dkp_protid = OP_PCLID_DKP_SHA1;
703 break;
704 case OP_PCL_IPSEC_HMAC_SHA2_256_128:
705 dkp_protid = OP_PCLID_DKP_SHA256;
706 break;
707 case OP_PCL_IPSEC_HMAC_SHA2_384_192:
708 dkp_protid = OP_PCLID_DKP_SHA384;
709 break;
710 case OP_PCL_IPSEC_HMAC_SHA2_512_256:
711 dkp_protid = OP_PCLID_DKP_SHA512;
712 break;
713 default:
714 KEY(program, KEY2, authdata->key_enc_flags, authdata->key,
715 authdata->keylen, INLINE_KEY(authdata));
716 return;
717 }
718
719 if (authdata->key_type == RTA_DATA_PTR)
720 DKP_PROTOCOL(program, dkp_protid, OP_PCL_DKP_SRC_PTR,
721 OP_PCL_DKP_DST_PTR, (uint16_t)authdata->keylen,
722 authdata->key, authdata->key_type);
723 else
724 DKP_PROTOCOL(program, dkp_protid, OP_PCL_DKP_SRC_IMM,
725 OP_PCL_DKP_DST_IMM, (uint16_t)authdata->keylen,
726 authdata->key, authdata->key_type);
727 }
728
729 /**
730 * cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared
731 * descriptor.
732 * @descbuf: pointer to buffer used for descriptor construction
733 * @ps: if 36/40bit addressing is desired, this parameter must be true
734 * @swap: if true, perform descriptor byte swapping on a 4-byte boundary
735 * @share: sharing type of shared descriptor
736 * @pdb: pointer to the PDB to be used with this descriptor
737 * This structure will be copied inline to the descriptor under
738 * construction. No error checking will be made. Refer to the
739 * block guide for a details of the encapsulation PDB.
740 * @cipherdata: pointer to block cipher transform definitions
741 * Valid algorithm values - one of OP_PCL_IPSEC_*
742 * @authdata: pointer to authentication transform definitions
743 * If an authentication key is required by the protocol:
744 * -For SEC Eras 1-5, an MDHA split key must be provided;
745 * Note that the size of the split key itself must be specified.
746 * -For SEC Eras 6+, a "normal" key must be provided; DKP (Derived
747 * Key Protocol) will be used to compute MDHA on the fly in HW.
748 * Valid algorithm values - one of OP_PCL_IPSEC_*
749 *
750 * Return: size of descriptor written in words or negative number on error
751 */
752 static inline int
cnstr_shdsc_ipsec_encap(uint32_t * descbuf,bool ps,bool swap,enum rta_share_type share,struct ipsec_encap_pdb * pdb,struct alginfo * cipherdata,struct alginfo * authdata)753 cnstr_shdsc_ipsec_encap(uint32_t *descbuf, bool ps, bool swap,
754 enum rta_share_type share,
755 struct ipsec_encap_pdb *pdb,
756 struct alginfo *cipherdata,
757 struct alginfo *authdata)
758 {
759 struct program prg;
760 struct program *p = &prg;
761
762 LABEL(keyjmp);
763 REFERENCE(pkeyjmp);
764 LABEL(hdr);
765 REFERENCE(phdr);
766
767 PROGRAM_CNTXT_INIT(p, descbuf, 0);
768 if (swap)
769 PROGRAM_SET_BSWAP(p);
770 if (ps)
771 PROGRAM_SET_36BIT_ADDR(p);
772 phdr = SHR_HDR(p, share, hdr, 0);
773 __rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
774 COPY_DATA(p, pdb->ip_hdr, pdb->ip_hdr_len);
775 SET_LABEL(p, hdr);
776 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, BOTH|SHRD);
777 if (authdata->keylen) {
778 if (rta_sec_era < RTA_SEC_ERA_6)
779 KEY(p, MDHA_SPLIT_KEY, authdata->key_enc_flags,
780 authdata->key, authdata->keylen,
781 INLINE_KEY(authdata));
782 else
783 __gen_auth_key(p, authdata);
784 }
785 if (cipherdata->keylen)
786 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
787 cipherdata->keylen, INLINE_KEY(cipherdata));
788 SET_LABEL(p, keyjmp);
789 PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
790 OP_PCLID_IPSEC,
791 (uint16_t)(cipherdata->algtype | authdata->algtype));
792 PATCH_JUMP(p, pkeyjmp, keyjmp);
793 PATCH_HDR(p, phdr, hdr);
794 return PROGRAM_FINALIZE(p);
795 }
796
797 /**
798 * cnstr_shdsc_ipsec_decap - IPSec ESP decapsulation protocol-level shared
799 * descriptor.
800 * @descbuf: pointer to buffer used for descriptor construction
801 * @ps: if 36/40bit addressing is desired, this parameter must be true
802 * @swap: if true, perform descriptor byte swapping on a 4-byte boundary
803 * @share: sharing type of shared descriptor
804 * @pdb: pointer to the PDB to be used with this descriptor
805 * This structure will be copied inline to the descriptor under
806 * construction. No error checking will be made. Refer to the
807 * block guide for details about the decapsulation PDB.
808 * @cipherdata: pointer to block cipher transform definitions.
809 * Valid algorithm values - one of OP_PCL_IPSEC_*
810 * @authdata: pointer to authentication transform definitions
811 * If an authentication key is required by the protocol:
812 * -For SEC Eras 1-5, an MDHA split key must be provided;
813 * Note that the size of the split key itself must be specified.
814 * -For SEC Eras 6+, a "normal" key must be provided; DKP (Derived
815 * Key Protocol) will be used to compute MDHA on the fly in HW.
816 * Valid algorithm values - one of OP_PCL_IPSEC_*
817 *
818 * Return: size of descriptor written in words or negative number on error
819 */
820 static inline int
cnstr_shdsc_ipsec_decap(uint32_t * descbuf,bool ps,bool swap,enum rta_share_type share,struct ipsec_decap_pdb * pdb,struct alginfo * cipherdata,struct alginfo * authdata)821 cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
822 enum rta_share_type share,
823 struct ipsec_decap_pdb *pdb,
824 struct alginfo *cipherdata,
825 struct alginfo *authdata)
826 {
827 struct program prg;
828 struct program *p = &prg;
829
830 LABEL(keyjmp);
831 REFERENCE(pkeyjmp);
832 LABEL(hdr);
833 REFERENCE(phdr);
834
835 PROGRAM_CNTXT_INIT(p, descbuf, 0);
836 if (swap)
837 PROGRAM_SET_BSWAP(p);
838 if (ps)
839 PROGRAM_SET_36BIT_ADDR(p);
840 phdr = SHR_HDR(p, share, hdr, 0);
841 __rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
842 SET_LABEL(p, hdr);
843 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, BOTH|SHRD);
844 if (authdata->keylen) {
845 if (rta_sec_era < RTA_SEC_ERA_6)
846 KEY(p, MDHA_SPLIT_KEY, authdata->key_enc_flags,
847 authdata->key, authdata->keylen,
848 INLINE_KEY(authdata));
849 else
850 __gen_auth_key(p, authdata);
851 }
852 if (cipherdata->keylen)
853 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
854 cipherdata->keylen, INLINE_KEY(cipherdata));
855 SET_LABEL(p, keyjmp);
856 PROTOCOL(p, OP_TYPE_DECAP_PROTOCOL,
857 OP_PCLID_IPSEC,
858 (uint16_t)(cipherdata->algtype | authdata->algtype));
859 PATCH_JUMP(p, pkeyjmp, keyjmp);
860 PATCH_HDR(p, phdr, hdr);
861 return PROGRAM_FINALIZE(p);
862 }
863
864 /**
865 * cnstr_shdsc_ipsec_encap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
866 * AES-XCBC-MAC-96 ESP encapsulation shared descriptor.
867 * @descbuf: pointer to buffer used for descriptor construction
868 * @pdb: pointer to the PDB to be used with this descriptor
869 * This structure will be copied inline to the descriptor under
870 * construction. No error checking will be made. Refer to the
871 * block guide for a details of the encapsulation PDB.
872 * @cipherdata: pointer to block cipher transform definitions
873 * Valid algorithm values - OP_PCL_IPSEC_DES, OP_PCL_IPSEC_3DES.
874 * @authdata: pointer to authentication transform definitions
875 * Valid algorithm value: OP_PCL_IPSEC_AES_XCBC_MAC_96.
876 *
877 * Supported only for platforms with 32-bit address pointers and SEC ERA 4 or
878 * higher. The tunnel/transport mode of the IPsec ESP is supported only if the
879 * Outer/Transport IP Header is present in the encapsulation output packet.
880 * The descriptor performs DES-CBC/3DES-CBC & HMAC-MD5-96 and then rereads
881 * the input packet to do the AES-XCBC-MAC-96 calculation and to overwrite
882 * the MD5 ICV.
883 * The descriptor uses all the benefits of the built-in protocol by computing
884 * the IPsec ESP with a hardware supported algorithms combination
885 * (DES-CBC/3DES-CBC & HMAC-MD5-96). The HMAC-MD5 authentication algorithm
886 * was chosen in order to speed up the computational time for this intermediate
887 * step.
888 * Warning: The user must allocate at least 32 bytes for the authentication key
889 * (in order to use it also with HMAC-MD5-96),even when using a shorter key
890 * for the AES-XCBC-MAC-96.
891 *
892 * Return: size of descriptor written in words or negative number on error
893 */
894 static inline int
cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t * descbuf,struct ipsec_encap_pdb * pdb,struct alginfo * cipherdata,struct alginfo * authdata)895 cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
896 struct ipsec_encap_pdb *pdb,
897 struct alginfo *cipherdata,
898 struct alginfo *authdata)
899 {
900 struct program prg;
901 struct program *p = &prg;
902
903 LABEL(hdr);
904 LABEL(shd_ptr);
905 LABEL(keyjump);
906 LABEL(outptr);
907 LABEL(swapped_seqin_fields);
908 LABEL(swapped_seqin_ptr);
909 REFERENCE(phdr);
910 REFERENCE(pkeyjump);
911 REFERENCE(move_outlen);
912 REFERENCE(move_seqout_ptr);
913 REFERENCE(swapped_seqin_ptr_jump);
914 REFERENCE(write_swapped_seqin_ptr);
915
916 PROGRAM_CNTXT_INIT(p, descbuf, 0);
917 phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
918 __rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
919 COPY_DATA(p, pdb->ip_hdr, pdb->ip_hdr_len);
920 SET_LABEL(p, hdr);
921 pkeyjump = JUMP(p, keyjump, LOCAL_JUMP, ALL_TRUE, SHRD | SELF);
922 /*
923 * Hard-coded KEY arguments. The descriptor uses all the benefits of
924 * the built-in protocol by computing the IPsec ESP with a hardware
925 * supported algorithms combination (DES-CBC/3DES-CBC & HMAC-MD5-96).
926 * The HMAC-MD5 authentication algorithm was chosen with
927 * the keys options from below in order to speed up the computational
928 * time for this intermediate step.
929 * Warning: The user must allocate at least 32 bytes for
930 * the authentication key (in order to use it also with HMAC-MD5-96),
931 * even when using a shorter key for the AES-XCBC-MAC-96.
932 */
933 KEY(p, MDHA_SPLIT_KEY, 0, authdata->key, 32, INLINE_KEY(authdata));
934 SET_LABEL(p, keyjump);
935 LOAD(p, LDST_SRCDST_WORD_CLRW | CLRW_CLR_C1MODE | CLRW_CLR_C1DATAS |
936 CLRW_CLR_C1CTX | CLRW_CLR_C1KEY | CLRW_RESET_CLS1_CHA, CLRW, 0, 4,
937 IMMED);
938 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
939 cipherdata->keylen, INLINE_KEY(cipherdata));
940 PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL, OP_PCLID_IPSEC,
941 (uint16_t)(cipherdata->algtype | OP_PCL_IPSEC_HMAC_MD5_96));
942 /* Swap SEQINPTR to SEQOUTPTR. */
943 move_seqout_ptr = MOVE(p, DESCBUF, 0, MATH1, 0, 16, WAITCOMP | IMMED);
944 MATHB(p, MATH1, AND, ~(CMD_SEQ_IN_PTR ^ CMD_SEQ_OUT_PTR), MATH1,
945 8, IFB | IMMED2);
946 /*
947 * TODO: RTA currently doesn't support creating a LOAD command
948 * with another command as IMM.
949 * To be changed when proper support is added in RTA.
950 */
951 LOAD(p, 0xa00000e5, MATH3, 4, 4, IMMED);
952 MATHB(p, MATH3, SHLD, MATH3, MATH3, 8, 0);
953 write_swapped_seqin_ptr = MOVE(p, MATH1, 0, DESCBUF, 0, 20, WAITCOMP |
954 IMMED);
955 swapped_seqin_ptr_jump = JUMP(p, swapped_seqin_ptr, LOCAL_JUMP,
956 ALL_TRUE, 0);
957 LOAD(p, LDST_SRCDST_WORD_CLRW | CLRW_CLR_C1MODE | CLRW_CLR_C1DATAS |
958 CLRW_CLR_C1CTX | CLRW_CLR_C1KEY | CLRW_RESET_CLS1_CHA, CLRW, 0, 4,
959 0);
960 SEQOUTPTR(p, 0, 65535, RTO);
961 move_outlen = MOVE(p, DESCBUF, 0, MATH0, 4, 8, WAITCOMP | IMMED);
962 MATHB(p, MATH0, SUB,
963 (uint64_t)(pdb->ip_hdr_len + IPSEC_ICV_MD5_TRUNC_SIZE),
964 VSEQINSZ, 4, IMMED2);
965 MATHB(p, MATH0, SUB, IPSEC_ICV_MD5_TRUNC_SIZE, VSEQOUTSZ, 4, IMMED2);
966 KEY(p, KEY1, authdata->key_enc_flags, authdata->key, authdata->keylen,
967 0);
968 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, OP_ALG_AAI_XCBC_MAC,
969 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, DIR_ENC);
970 SEQFIFOLOAD(p, SKIP, pdb->ip_hdr_len, 0);
971 SEQFIFOLOAD(p, MSG1, 0, VLF | FLUSH1 | LAST1);
972 SEQFIFOSTORE(p, SKIP, 0, 0, VLF);
973 SEQSTORE(p, CONTEXT1, 0, IPSEC_ICV_MD5_TRUNC_SIZE, 0);
974 /*
975 * TODO: RTA currently doesn't support adding labels in or after Job Descriptor.
976 * To be changed when proper support is added in RTA.
977 */
978 /* Label the Shared Descriptor Pointer */
979 SET_LABEL(p, shd_ptr);
980 shd_ptr += 1;
981 /* Label the Output Pointer */
982 SET_LABEL(p, outptr);
983 outptr += 3;
984 /* Label the first word after JD */
985 SET_LABEL(p, swapped_seqin_fields);
986 swapped_seqin_fields += 8;
987 /* Label the second word after JD */
988 SET_LABEL(p, swapped_seqin_ptr);
989 swapped_seqin_ptr += 9;
990
991 PATCH_HDR(p, phdr, hdr);
992 PATCH_JUMP(p, pkeyjump, keyjump);
993 PATCH_JUMP(p, swapped_seqin_ptr_jump, swapped_seqin_ptr);
994 PATCH_MOVE(p, move_outlen, outptr);
995 PATCH_MOVE(p, move_seqout_ptr, shd_ptr);
996 PATCH_MOVE(p, write_swapped_seqin_ptr, swapped_seqin_fields);
997 return PROGRAM_FINALIZE(p);
998 }
999
1000 /**
1001 * cnstr_shdsc_ipsec_decap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
1002 * AES-XCBC-MAC-96 ESP decapsulation shared descriptor.
1003 * @descbuf: pointer to buffer used for descriptor construction
1004 * @pdb: pointer to the PDB to be used with this descriptor
1005 * This structure will be copied inline to the descriptor under
1006 * construction. No error checking will be made. Refer to the
1007 * block guide for a details of the encapsulation PDB.
1008 * @cipherdata: pointer to block cipher transform definitions
1009 * Valid algorithm values - OP_PCL_IPSEC_DES, OP_PCL_IPSEC_3DES.
1010 * @authdata: pointer to authentication transform definitions
1011 * Valid algorithm value: OP_PCL_IPSEC_AES_XCBC_MAC_96.
1012 *
1013 * Supported only for platforms with 32-bit address pointers and SEC ERA 4 or
1014 * higher. The tunnel/transport mode of the IPsec ESP is supported only if the
1015 * Outer/Transport IP Header is present in the decapsulation input packet.
1016 * The descriptor computes the AES-XCBC-MAC-96 to check if the received ICV
1017 * is correct, rereads the input packet to compute the MD5 ICV, overwrites
1018 * the XCBC ICV, and then sends the modified input packet to the
1019 * DES-CBC/3DES-CBC & HMAC-MD5-96 IPsec.
1020 * The descriptor uses all the benefits of the built-in protocol by computing
1021 * the IPsec ESP with a hardware supported algorithms combination
1022 * (DES-CBC/3DES-CBC & HMAC-MD5-96). The HMAC-MD5 authentication algorithm
1023 * was chosen in order to speed up the computational time for this intermediate
1024 * step.
1025 * Warning: The user must allocate at least 32 bytes for the authentication key
1026 * (in order to use it also with HMAC-MD5-96),even when using a shorter key
1027 * for the AES-XCBC-MAC-96.
1028 *
1029 * Return: size of descriptor written in words or negative number on error
1030 */
1031 static inline int
cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t * descbuf,struct ipsec_decap_pdb * pdb,struct alginfo * cipherdata,struct alginfo * authdata)1032 cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
1033 struct ipsec_decap_pdb *pdb,
1034 struct alginfo *cipherdata,
1035 struct alginfo *authdata)
1036 {
1037 struct program prg;
1038 struct program *p = &prg;
1039 uint32_t ip_hdr_len = (pdb->options & PDBHDRLEN_MASK) >>
1040 PDBHDRLEN_ESP_DECAP_SHIFT;
1041
1042 LABEL(hdr);
1043 LABEL(jump_cmd);
1044 LABEL(keyjump);
1045 LABEL(outlen);
1046 LABEL(seqin_ptr);
1047 LABEL(seqout_ptr);
1048 LABEL(swapped_seqout_fields);
1049 LABEL(swapped_seqout_ptr);
1050 REFERENCE(seqout_ptr_jump);
1051 REFERENCE(phdr);
1052 REFERENCE(pkeyjump);
1053 REFERENCE(move_jump);
1054 REFERENCE(move_jump_back);
1055 REFERENCE(move_seqin_ptr);
1056 REFERENCE(swapped_seqout_ptr_jump);
1057 REFERENCE(write_swapped_seqout_ptr);
1058
1059 PROGRAM_CNTXT_INIT(p, descbuf, 0);
1060 phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
1061 __rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
1062 SET_LABEL(p, hdr);
1063 pkeyjump = JUMP(p, keyjump, LOCAL_JUMP, ALL_TRUE, SHRD | SELF);
1064 /*
1065 * Hard-coded KEY arguments. The descriptor uses all the benefits of
1066 * the built-in protocol by computing the IPsec ESP with a hardware
1067 * supported algorithms combination (DES-CBC/3DES-CBC & HMAC-MD5-96).
1068 * The HMAC-MD5 authentication algorithm was chosen with
1069 * the keys options from bellow in order to speed up the computational
1070 * time for this intermediate step.
1071 * Warning: The user must allocate at least 32 bytes for
1072 * the authentication key (in order to use it also with HMAC-MD5-96),
1073 * even when using a shorter key for the AES-XCBC-MAC-96.
1074 */
1075 KEY(p, MDHA_SPLIT_KEY, 0, authdata->key, 32, INLINE_KEY(authdata));
1076 SET_LABEL(p, keyjump);
1077 LOAD(p, LDST_SRCDST_WORD_CLRW | CLRW_CLR_C1MODE | CLRW_CLR_C1DATAS |
1078 CLRW_CLR_C1CTX | CLRW_CLR_C1KEY | CLRW_RESET_CLS1_CHA, CLRW, 0, 4,
1079 0);
1080 KEY(p, KEY1, authdata->key_enc_flags, authdata->key, authdata->keylen,
1081 INLINE_KEY(authdata));
1082 MATHB(p, SEQINSZ, SUB,
1083 (uint64_t)(ip_hdr_len + IPSEC_ICV_MD5_TRUNC_SIZE), MATH0, 4,
1084 IMMED2);
1085 MATHB(p, MATH0, SUB, ZERO, VSEQINSZ, 4, 0);
1086 ALG_OPERATION(p, OP_ALG_ALGSEL_MD5, OP_ALG_AAI_HMAC_PRECOMP,
1087 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, DIR_ENC);
1088 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, OP_ALG_AAI_XCBC_MAC,
1089 OP_ALG_AS_INITFINAL, ICV_CHECK_ENABLE, DIR_DEC);
1090 SEQFIFOLOAD(p, SKIP, ip_hdr_len, 0);
1091 SEQFIFOLOAD(p, MSG1, 0, VLF | FLUSH1);
1092 SEQFIFOLOAD(p, ICV1, IPSEC_ICV_MD5_TRUNC_SIZE, FLUSH1 | LAST1);
1093 /* Swap SEQOUTPTR to SEQINPTR. */
1094 move_seqin_ptr = MOVE(p, DESCBUF, 0, MATH1, 0, 16, WAITCOMP | IMMED);
1095 MATHB(p, MATH1, OR, CMD_SEQ_IN_PTR ^ CMD_SEQ_OUT_PTR, MATH1, 8,
1096 IFB | IMMED2);
1097 /*
1098 * TODO: RTA currently doesn't support creating a LOAD command
1099 * with another command as IMM.
1100 * To be changed when proper support is added in RTA.
1101 */
1102 LOAD(p, 0xA00000e1, MATH3, 4, 4, IMMED);
1103 MATHB(p, MATH3, SHLD, MATH3, MATH3, 8, 0);
1104 write_swapped_seqout_ptr = MOVE(p, MATH1, 0, DESCBUF, 0, 20, WAITCOMP |
1105 IMMED);
1106 swapped_seqout_ptr_jump = JUMP(p, swapped_seqout_ptr, LOCAL_JUMP,
1107 ALL_TRUE, 0);
1108 /*
1109 * TODO: To be changed when proper support is added in RTA (can't load
1110 * a command that is also written by RTA).
1111 * Change when proper RTA support is added.
1112 */
1113 SET_LABEL(p, jump_cmd);
1114 WORD(p, 0xA00000f3);
1115 SEQINPTR(p, 0, 65535, RTO);
1116 MATHB(p, MATH0, SUB, ZERO, VSEQINSZ, 4, 0);
1117 MATHB(p, MATH0, ADD, ip_hdr_len, VSEQOUTSZ, 4, IMMED2);
1118 move_jump = MOVE(p, DESCBUF, 0, OFIFO, 0, 8, WAITCOMP | IMMED);
1119 move_jump_back = MOVE(p, OFIFO, 0, DESCBUF, 0, 8, IMMED);
1120 SEQFIFOLOAD(p, SKIP, ip_hdr_len, 0);
1121 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
1122 SEQFIFOSTORE(p, SKIP, 0, 0, VLF);
1123 SEQSTORE(p, CONTEXT2, 0, IPSEC_ICV_MD5_TRUNC_SIZE, 0);
1124 seqout_ptr_jump = JUMP(p, seqout_ptr, LOCAL_JUMP, ALL_TRUE, CALM);
1125
1126 LOAD(p, LDST_SRCDST_WORD_CLRW | CLRW_CLR_C1MODE | CLRW_CLR_C1DATAS |
1127 CLRW_CLR_C1CTX | CLRW_CLR_C1KEY | CLRW_CLR_C2MODE |
1128 CLRW_CLR_C2DATAS | CLRW_CLR_C2CTX | CLRW_RESET_CLS1_CHA, CLRW, 0,
1129 4, 0);
1130 SEQINPTR(p, 0, 65535, RTO);
1131 MATHB(p, MATH0, ADD,
1132 (uint64_t)(ip_hdr_len + IPSEC_ICV_MD5_TRUNC_SIZE), SEQINSZ, 4,
1133 IMMED2);
1134 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
1135 cipherdata->keylen, INLINE_KEY(cipherdata));
1136 PROTOCOL(p, OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC,
1137 (uint16_t)(cipherdata->algtype | OP_PCL_IPSEC_HMAC_MD5_96));
1138 /*
1139 * TODO: RTA currently doesn't support adding labels in or after Job Descriptor.
1140 * To be changed when proper support is added in RTA.
1141 */
1142 /* Label the SEQ OUT PTR */
1143 SET_LABEL(p, seqout_ptr);
1144 seqout_ptr += 2;
1145 /* Label the Output Length */
1146 SET_LABEL(p, outlen);
1147 outlen += 4;
1148 /* Label the SEQ IN PTR */
1149 SET_LABEL(p, seqin_ptr);
1150 seqin_ptr += 5;
1151 /* Label the first word after JD */
1152 SET_LABEL(p, swapped_seqout_fields);
1153 swapped_seqout_fields += 8;
1154 /* Label the second word after JD */
1155 SET_LABEL(p, swapped_seqout_ptr);
1156 swapped_seqout_ptr += 9;
1157
1158 PATCH_HDR(p, phdr, hdr);
1159 PATCH_JUMP(p, pkeyjump, keyjump);
1160 PATCH_JUMP(p, seqout_ptr_jump, seqout_ptr);
1161 PATCH_JUMP(p, swapped_seqout_ptr_jump, swapped_seqout_ptr);
1162 PATCH_MOVE(p, move_jump, jump_cmd);
1163 PATCH_MOVE(p, move_jump_back, seqin_ptr);
1164 PATCH_MOVE(p, move_seqin_ptr, outlen);
1165 PATCH_MOVE(p, write_swapped_seqout_ptr, swapped_seqout_fields);
1166 return PROGRAM_FINALIZE(p);
1167 }
1168
1169 /**
1170 * IPSEC_NEW_ENC_BASE_DESC_LEN - IPsec new mode encap shared descriptor length
1171 *
1172 * Accounts only for the "base" commands and is intended to be used by upper
1173 * layers to determine whether Outer IP Header and/or keys can be inlined or
1174 * not. To be used as first parameter of rta_inline_query().
1175 */
1176 #define IPSEC_NEW_ENC_BASE_DESC_LEN (12 * CAAM_CMD_SZ + \
1177 sizeof(struct ipsec_encap_pdb))
1178
1179 /**
1180 * IPSEC_NEW_NULL_ENC_BASE_DESC_LEN - IPsec new mode encap shared descriptor
1181 * length for the case of
1182 * NULL encryption / authentication
1183 *
1184 * Accounts only for the "base" commands and is intended to be used by upper
1185 * layers to determine whether Outer IP Header and/or key can be inlined or
1186 * not. To be used as first parameter of rta_inline_query().
1187 */
1188 #define IPSEC_NEW_NULL_ENC_BASE_DESC_LEN (11 * CAAM_CMD_SZ + \
1189 sizeof(struct ipsec_encap_pdb))
1190
1191 /**
1192 * cnstr_shdsc_ipsec_new_encap - IPSec new mode ESP encapsulation
1193 * protocol-level shared descriptor.
1194 * @descbuf: pointer to buffer used for descriptor construction
1195 * @ps: if 36/40bit addressing is desired, this parameter must be true
1196 * @swap: must be true when core endianness doesn't match SEC endianness
1197 * @share: sharing type of shared descriptor
1198 * @pdb: pointer to the PDB to be used with this descriptor
1199 * This structure will be copied inline to the descriptor under
1200 * construction. No error checking will be made. Refer to the
1201 * block guide for details about the encapsulation PDB.
1202 * @opt_ip_hdr: pointer to Optional IP Header
1203 * -if OIHI = PDBOPTS_ESP_OIHI_PDB_INL, opt_ip_hdr points to the buffer to
1204 * be inlined in the PDB. Number of bytes (buffer size) copied is provided
1205 * in pdb->ip_hdr_len.
1206 * -if OIHI = PDBOPTS_ESP_OIHI_PDB_REF, opt_ip_hdr points to the address of
1207 * the Optional IP Header. The address will be inlined in the PDB verbatim.
1208 * -for other values of OIHI options field, opt_ip_hdr is not used.
1209 * @cipherdata: pointer to block cipher transform definitions
1210 * Valid algorithm values - one of OP_PCL_IPSEC_*
1211 * @authdata: pointer to authentication transform definitions.
1212 * If an authentication key is required by the protocol, a "normal"
1213 * key must be provided; DKP (Derived Key Protocol) will be used to
1214 * compute MDHA on the fly in HW.
1215 * Valid algorithm values - one of OP_PCL_IPSEC_*
1216 *
1217 * Note: L2 header copy functionality is implemented assuming that bits 14
1218 * (currently reserved) and 16-23 (part of Outer IP Header Material Length)
1219 * in DPOVRD register are not used (which is usually the case when L3 header
1220 * is provided in PDB).
1221 * When DPOVRD[14] is set, frame starts with an L2 header; in this case, the
1222 * L2 header length is found at DPOVRD[23:16]. SEC uses this length to copy
1223 * the header and then it deletes DPOVRD[23:16] (so there is no side effect
1224 * when later running IPsec protocol).
1225 *
1226 * Return: size of descriptor written in words or negative number on error
1227 */
1228 static inline int
cnstr_shdsc_ipsec_new_encap(uint32_t * descbuf,bool ps,bool swap,enum rta_share_type share,struct ipsec_encap_pdb * pdb,uint8_t * opt_ip_hdr,struct alginfo * cipherdata,struct alginfo * authdata)1229 cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
1230 bool swap,
1231 enum rta_share_type share,
1232 struct ipsec_encap_pdb *pdb,
1233 uint8_t *opt_ip_hdr,
1234 struct alginfo *cipherdata,
1235 struct alginfo *authdata)
1236 {
1237 struct program prg;
1238 struct program *p = &prg;
1239
1240 LABEL(keyjmp);
1241 REFERENCE(pkeyjmp);
1242 LABEL(hdr);
1243 REFERENCE(phdr);
1244 LABEL(l2copy);
1245 REFERENCE(pl2copy);
1246
1247 if (rta_sec_era < RTA_SEC_ERA_8) {
1248 pr_err("IPsec new mode encap: available only for Era %d or above\n",
1249 USER_SEC_ERA(RTA_SEC_ERA_8));
1250 return -ENOTSUP;
1251 }
1252
1253 PROGRAM_CNTXT_INIT(p, descbuf, 0);
1254 if (swap)
1255 PROGRAM_SET_BSWAP(p);
1256 if (ps)
1257 PROGRAM_SET_36BIT_ADDR(p);
1258 phdr = SHR_HDR(p, share, hdr, 0);
1259
1260 __rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
1261
1262 switch (pdb->options & PDBOPTS_ESP_OIHI_MASK) {
1263 case PDBOPTS_ESP_OIHI_PDB_INL:
1264 COPY_DATA(p, opt_ip_hdr, pdb->ip_hdr_len);
1265 break;
1266 case PDBOPTS_ESP_OIHI_PDB_REF:
1267 if (ps)
1268 COPY_DATA(p, opt_ip_hdr, 8);
1269 else
1270 COPY_DATA(p, opt_ip_hdr, 4);
1271 break;
1272 default:
1273 break;
1274 }
1275 SET_LABEL(p, hdr);
1276
1277 MATHB(p, DPOVRD, AND, IPSEC_N_ENCAP_DPOVRD_L2_COPY, NONE, 4, IMMED2);
1278 pl2copy = JUMP(p, l2copy, LOCAL_JUMP, ALL_TRUE, MATH_Z);
1279 MATHI(p, DPOVRD, RSHIFT, IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT, VSEQOUTSZ,
1280 1, 0);
1281 MATHB(p, DPOVRD, AND, ~IPSEC_N_ENCAP_DPOVRD_L2_LEN_MASK, DPOVRD, 4,
1282 IMMED2);
1283 /* TODO: CLASS2 corresponds to AUX=2'b10; add more intuitive defines */
1284 SEQFIFOSTORE(p, METADATA, 0, 0, CLASS2 | VLF);
1285 SET_LABEL(p, l2copy);
1286
1287 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
1288 if (authdata->keylen)
1289 __gen_auth_key(p, authdata);
1290 if (cipherdata->keylen)
1291 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
1292 cipherdata->keylen, INLINE_KEY(cipherdata));
1293 SET_LABEL(p, keyjmp);
1294 PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
1295 OP_PCLID_IPSEC_NEW,
1296 (uint16_t)(cipherdata->algtype | authdata->algtype));
1297 PATCH_JUMP(p, pl2copy, l2copy);
1298 PATCH_JUMP(p, pkeyjmp, keyjmp);
1299 PATCH_HDR(p, phdr, hdr);
1300 return PROGRAM_FINALIZE(p);
1301 }
1302
1303 /**
1304 * IPSEC_NEW_DEC_BASE_DESC_LEN - IPsec new mode decap shared descriptor length
1305 *
1306 * Accounts only for the "base" commands and is intended to be used by upper
1307 * layers to determine whether keys can be inlined or not. To be used as first
1308 * parameter of rta_inline_query().
1309 */
1310 #define IPSEC_NEW_DEC_BASE_DESC_LEN (5 * CAAM_CMD_SZ + \
1311 sizeof(struct ipsec_decap_pdb))
1312
1313 /**
1314 * IPSEC_NEW_NULL_DEC_BASE_DESC_LEN - IPsec new mode decap shared descriptor
1315 * length for the case of
1316 * NULL decryption / authentication
1317 *
1318 * Accounts only for the "base" commands and is intended to be used by upper
1319 * layers to determine whether key can be inlined or not. To be used as first
1320 * parameter of rta_inline_query().
1321 */
1322 #define IPSEC_NEW_NULL_DEC_BASE_DESC_LEN (4 * CAAM_CMD_SZ + \
1323 sizeof(struct ipsec_decap_pdb))
1324
1325 /**
1326 * cnstr_shdsc_ipsec_new_decap - IPSec new mode ESP decapsulation protocol-level
1327 * shared descriptor.
1328 * @descbuf: pointer to buffer used for descriptor construction
1329 * @ps: if 36/40bit addressing is desired, this parameter must be true
1330 * @swap: must be true when core endianness doesn't match SEC endianness
1331 * @share: sharing type of shared descriptor
1332 * @pdb: pointer to the PDB to be used with this descriptor
1333 * This structure will be copied inline to the descriptor under
1334 * construction. No error checking will be made. Refer to the
1335 * block guide for details about the decapsulation PDB.
1336 * @cipherdata: pointer to block cipher transform definitions
1337 * Valid algorithm values 0 one of OP_PCL_IPSEC_*
1338 * @authdata: pointer to authentication transform definitions.
1339 * If an authentication key is required by the protocol, a "normal"
1340 * key must be provided; DKP (Derived Key Protocol) will be used to
1341 * compute MDHA on the fly in HW.
1342 * Valid algorithm values - one of OP_PCL_IPSEC_*
1343 *
1344 * Return: size of descriptor written in words or negative number on error
1345 */
1346 static inline int
cnstr_shdsc_ipsec_new_decap(uint32_t * descbuf,bool ps,bool swap,enum rta_share_type share,struct ipsec_decap_pdb * pdb,struct alginfo * cipherdata,struct alginfo * authdata)1347 cnstr_shdsc_ipsec_new_decap(uint32_t *descbuf, bool ps,
1348 bool swap,
1349 enum rta_share_type share,
1350 struct ipsec_decap_pdb *pdb,
1351 struct alginfo *cipherdata,
1352 struct alginfo *authdata)
1353 {
1354 struct program prg;
1355 struct program *p = &prg;
1356
1357 LABEL(keyjmp);
1358 REFERENCE(pkeyjmp);
1359 LABEL(hdr);
1360 REFERENCE(phdr);
1361
1362 if (rta_sec_era < RTA_SEC_ERA_8) {
1363 pr_err("IPsec new mode decap: available only for Era %d or above\n",
1364 USER_SEC_ERA(RTA_SEC_ERA_8));
1365 return -ENOTSUP;
1366 }
1367
1368 PROGRAM_CNTXT_INIT(p, descbuf, 0);
1369 if (swap)
1370 PROGRAM_SET_BSWAP(p);
1371 if (ps)
1372 PROGRAM_SET_36BIT_ADDR(p);
1373 phdr = SHR_HDR(p, share, hdr, 0);
1374 __rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
1375 SET_LABEL(p, hdr);
1376 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
1377 if (authdata->keylen)
1378 __gen_auth_key(p, authdata);
1379 if (cipherdata->keylen)
1380 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
1381 cipherdata->keylen, INLINE_KEY(cipherdata));
1382 SET_LABEL(p, keyjmp);
1383 PROTOCOL(p, OP_TYPE_DECAP_PROTOCOL,
1384 OP_PCLID_IPSEC_NEW,
1385 (uint16_t)(cipherdata->algtype | authdata->algtype));
1386 PATCH_JUMP(p, pkeyjmp, keyjmp);
1387 PATCH_HDR(p, phdr, hdr);
1388 return PROGRAM_FINALIZE(p);
1389 }
1390
1391 /**
1392 * IPSEC_AUTH_VAR_BASE_DESC_LEN - IPsec encap/decap shared descriptor length
1393 * for the case of variable-length authentication
1394 * only data.
1395 * Note: Only for SoCs with SEC_ERA >= 3.
1396 *
1397 * Accounts only for the "base" commands and is intended to be used by upper
1398 * layers to determine whether keys can be inlined or not. To be used as first
1399 * parameter of rta_inline_query().
1400 */
1401 #define IPSEC_AUTH_VAR_BASE_DESC_LEN (27 * CAAM_CMD_SZ)
1402
1403 /**
1404 * IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN - IPsec AES decap shared descriptor
1405 * length for variable-length authentication only
1406 * data.
1407 * Note: Only for SoCs with SEC_ERA >= 3.
1408 *
1409 * Accounts only for the "base" commands and is intended to be used by upper
1410 * layers to determine whether key can be inlined or not. To be used as first
1411 * parameter of rta_inline_query().
1412 */
1413 #define IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN \
1414 (IPSEC_AUTH_VAR_BASE_DESC_LEN + CAAM_CMD_SZ)
1415
1416 /**
1417 * IPSEC_AUTH_BASE_DESC_LEN - IPsec encap/decap shared descriptor length
1418 *
1419 * Accounts only for the "base" commands and is intended to be used by upper
1420 * layers to determine whether key can be inlined or not. To be used as first
1421 * parameter of rta_inline_query().
1422 */
1423 #define IPSEC_AUTH_BASE_DESC_LEN (19 * CAAM_CMD_SZ)
1424
1425 /**
1426 * IPSEC_AUTH_AES_DEC_BASE_DESC_LEN - IPsec AES decap shared descriptor length
1427 *
1428 * Accounts only for the "base" commands and is intended to be used by upper
1429 * layers to determine whether key can be inlined or not. To be used as first
1430 * parameter of rta_inline_query().
1431 */
1432 #define IPSEC_AUTH_AES_DEC_BASE_DESC_LEN (IPSEC_AUTH_BASE_DESC_LEN + \
1433 CAAM_CMD_SZ)
1434
1435 /**
1436 * cnstr_shdsc_authenc - authenc-like descriptor
1437 * @descbuf: pointer to buffer used for descriptor construction
1438 * @ps: if 36/40bit addressing is desired, this parameter must be true
1439 * @swap: if true, perform descriptor byte swapping on a 4-byte boundary
1440 * @share: sharing type of shared descriptor
1441 * @cipherdata: pointer to block cipher transform definitions.
1442 * Valid algorithm values one of OP_ALG_ALGSEL_* {DES, 3DES, AES}
1443 * Valid modes for:
1444 * AES: OP_ALG_AAI_* {CBC, CTR}
1445 * DES, 3DES: OP_ALG_AAI_CBC
1446 * @authdata: pointer to authentication transform definitions.
1447 * Valid algorithm values - one of OP_ALG_ALGSEL_* {MD5, SHA1,
1448 * SHA224, SHA256, SHA384, SHA512}
1449 * Note: The key for authentication is supposed to be given as plain text.
1450 * Note: There's no support for keys longer than the block size of the
1451 * underlying hash function, according to the selected algorithm.
1452 *
1453 * @ivlen: length of the IV to be read from the input frame, before any data
1454 * to be processed
1455 *
1456 * @trunc_len: the length of the ICV to be written to the output frame. If 0,
1457 * then the corresponding length of the digest, according to the
1458 * selected algorithm shall be used.
1459 * @dir: Protocol direction, encapsulation or decapsulation (DIR_ENC/DIR_DEC)
1460 *
1461 * Note: Here's how the input frame needs to be formatted so that the processing
1462 * will be done correctly:
1463 * For encapsulation:
1464 * Input:
1465 * +----+----------------+-----------------------------------------------+
1466 * | IV | Auth-only head | Padded data to be auth & Enc | Auth-only tail |
1467 * +----+----------------+-----------------------------------------------+
1468 * Output:
1469 * +--------------------------------------+
1470 * | Authenticated & Encrypted data | ICV |
1471 * +--------------------------------+-----+
1472 *
1473 * For decapsulation:
1474 * Input:
1475 * +----+----------------+-----------------+----------------------+
1476 * | IV | Auth-only head | Auth & Enc data | Auth-only tail | ICV |
1477 * +----+----------------+-----------------+----------------------+
1478 * Output:
1479 * +----+---------------------------+
1480 * | Decrypted & authenticated data |
1481 * +----+---------------------------+
1482 *
1483 * Note: This descriptor can use per-packet commands, encoded as below in the
1484 * DPOVRD register:
1485 * 32 28 16 1
1486 * +------+------------------------------+
1487 * | 0x8 | auth_tail_len | auth_hdr_len |
1488 * +------+------------------------------+
1489 *
1490 * This mechanism is available only for SoCs having SEC ERA >= 3. In other
1491 * words, this will not work for P4080TO2
1492 *
1493 * Note: The descriptor does not add any kind of padding to the input data,
1494 * so the upper layer needs to ensure that the data is padded properly,
1495 * according to the selected cipher. Failure to do so will result in
1496 * the descriptor failing with a data-size error.
1497 *
1498 * Return: size of descriptor written in words or negative number on error
1499 */
1500 static inline int
cnstr_shdsc_authenc(uint32_t * descbuf,bool ps,bool swap,enum rta_share_type share,struct alginfo * cipherdata,struct alginfo * authdata,uint16_t ivlen,uint8_t trunc_len,uint8_t dir)1501 cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,
1502 enum rta_share_type share,
1503 struct alginfo *cipherdata,
1504 struct alginfo *authdata,
1505 uint16_t ivlen,
1506 uint8_t trunc_len, uint8_t dir)
1507 {
1508 struct program prg;
1509 struct program *p = &prg;
1510 const bool need_dk = (dir == DIR_DEC) &&
1511 (cipherdata->algtype == OP_ALG_ALGSEL_AES) &&
1512 (cipherdata->algmode == OP_ALG_AAI_CBC);
1513 int data_type;
1514
1515 LABEL(keyjmp);
1516 LABEL(skipkeys);
1517 LABEL(proc_icv);
1518 LABEL(no_auth_tail);
1519 REFERENCE(pkeyjmp);
1520 REFERENCE(pskipkeys);
1521 REFERENCE(p_proc_icv);
1522 REFERENCE(p_no_auth_tail);
1523
1524 PROGRAM_CNTXT_INIT(p, descbuf, 0);
1525
1526 if (swap)
1527 PROGRAM_SET_BSWAP(p);
1528 if (ps)
1529 PROGRAM_SET_36BIT_ADDR(p);
1530
1531 /*
1532 * Since we currently assume that key length is equal to hash digest
1533 * size, it's ok to truncate keylen value.
1534 */
1535 trunc_len = trunc_len && (trunc_len < authdata->keylen) ?
1536 trunc_len : (uint8_t)authdata->keylen;
1537
1538 SHR_HDR(p, share, 1, SC);
1539
1540 /* Collect the (auth_tail || auth_hdr) len from DPOVRD */
1541 MATHB(p, DPOVRD, ADD, 0x80000000, MATH2, 4, IMMED2);
1542
1543 /* Get auth_hdr len in MATH0 */
1544 MATHB(p, MATH2, AND, 0xFFFF, MATH0, 4, IMMED2);
1545
1546 /* Get auth_tail len in MATH2 */
1547 MATHB(p, MATH2, AND, 0xFFF0000, MATH2, 4, IMMED2);
1548 MATHI(p, MATH2, RSHIFT, 16, MATH2, 4, IMMED2);
1549
1550 pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
1551
1552 KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
1553 INLINE_KEY(authdata));
1554
1555 /* Insert Key */
1556 KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
1557 cipherdata->keylen, INLINE_KEY(cipherdata));
1558
1559 /* Do operation */
1560 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
1561 OP_ALG_AS_INITFINAL,
1562 dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
1563 dir);
1564
1565 if (need_dk)
1566 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, cipherdata->algmode,
1567 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
1568 pskipkeys = JUMP(p, skipkeys, LOCAL_JUMP, ALL_TRUE, 0);
1569
1570 SET_LABEL(p, keyjmp);
1571
1572 ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
1573 OP_ALG_AS_INITFINAL,
1574 dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
1575 dir);
1576
1577 if (need_dk) {
1578 ALG_OPERATION(p, OP_ALG_ALGSEL_AES, cipherdata->algmode |
1579 OP_ALG_AAI_DK, OP_ALG_AS_INITFINAL,
1580 ICV_CHECK_DISABLE, dir);
1581 SET_LABEL(p, skipkeys);
1582 } else {
1583 SET_LABEL(p, skipkeys);
1584 ALG_OPERATION(p, cipherdata->algtype, cipherdata->algmode,
1585 OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);
1586 }
1587
1588 /* Read IV */
1589 if (cipherdata->algmode == OP_ALG_AAI_CTR)
1590 SEQLOAD(p, CONTEXT1, 16, ivlen, 0);
1591 else
1592 SEQLOAD(p, CONTEXT1, 0, ivlen, 0);
1593
1594 /*
1595 * authenticate auth_hdr data
1596 */
1597 MATHB(p, MATH0, ADD, ZERO, VSEQINSZ, 4, 0);
1598 SEQFIFOLOAD(p, MSG2, 0, VLF);
1599
1600 /*
1601 * Prepare the length of the data to be both encrypted/decrypted
1602 * and authenticated/checked
1603 */
1604 MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
1605 if (dir == DIR_DEC) {
1606 MATHB(p, VSEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
1607 data_type = MSGINSNOOP;
1608 } else {
1609 data_type = MSGOUTSNOOP;
1610 }
1611
1612 MATHB(p, VSEQINSZ, ADD, ZERO, VSEQOUTSZ, 4, 0);
1613
1614 /* Prepare for writing the output frame */
1615 SEQFIFOSTORE(p, MSG, 0, 0, VLF);
1616
1617
1618 /* Check if there is no auth-tail */
1619 MATHB(p, MATH2, ADD, ZERO, MATH2, 4, 0);
1620 p_no_auth_tail = JUMP(p, no_auth_tail, LOCAL_JUMP, ALL_TRUE, MATH_Z);
1621
1622 /*
1623 * Read input plain/cipher text, encrypt/decrypt & auth & write
1624 * to output
1625 */
1626 SEQFIFOLOAD(p, data_type, 0, VLF | LAST1 | FLUSH1);
1627
1628 /* Authenticate auth tail */
1629 MATHB(p, MATH2, ADD, ZERO, VSEQINSZ, 4, 0);
1630 SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
1631
1632 /* Jump to process icv */
1633 p_proc_icv = JUMP(p, proc_icv, LOCAL_JUMP, ALL_FALSE, MATH_Z);
1634
1635 SET_LABEL(p, no_auth_tail);
1636
1637 SEQFIFOLOAD(p, data_type, 0, VLF | LAST1 | LAST2 | FLUSH1);
1638
1639 SET_LABEL(p, proc_icv);
1640
1641 if (dir == DIR_ENC)
1642 /* Finally, write the ICV */
1643 SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
1644 else
1645 /* Read the ICV to check */
1646 SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
1647
1648 PATCH_JUMP(p, pkeyjmp, keyjmp);
1649 PATCH_JUMP(p, pskipkeys, skipkeys);
1650 PATCH_JUMP(p, p_no_auth_tail, no_auth_tail);
1651 PATCH_JUMP(p, p_proc_icv, proc_icv);
1652 return PROGRAM_FINALIZE(p);
1653 }
1654
1655 #endif /* __DESC_IPSEC_H__ */
1656