/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) * * Copyright 2008-2016 Freescale Semiconductor Inc. * Copyright 2016,2019 NXP * */ #ifndef __RTA_PROTOCOL_CMD_H__ #define __RTA_PROTOCOL_CMD_H__ extern enum rta_sec_era rta_sec_era; static inline int __rta_ssl_proto(uint16_t protoinfo) { switch (protoinfo) { case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5: case OP_PCL_TLS_RSA_WITH_RC4_128_MD5: case OP_PCL_TLS_RSA_WITH_RC4_128_SHA: case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5: case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA: case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5: case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA: case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5: case OP_PCL_TLS_PSK_WITH_RC4_128_SHA: case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA: case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA: case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA: case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA: case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA: case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA: case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA: if (rta_sec_era == RTA_SEC_ERA_7) return -EINVAL; /* fall through if not Era 7 */ case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA: case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA: case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA: case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA: case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA: case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA: case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA: case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5: case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5: case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA: case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5: case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256: case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256: case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256: case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA: case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256: case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256: case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5: case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160: case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224: case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256: case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384: case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512: case OP_PCL_PVT_TLS_AES_128_CBC_SHA160: case OP_PCL_PVT_TLS_AES_128_CBC_SHA224: case OP_PCL_PVT_TLS_AES_128_CBC_SHA256: case OP_PCL_PVT_TLS_AES_128_CBC_SHA384: case OP_PCL_PVT_TLS_AES_128_CBC_SHA512: case OP_PCL_PVT_TLS_AES_192_CBC_SHA160: case OP_PCL_PVT_TLS_AES_192_CBC_SHA224: case OP_PCL_PVT_TLS_AES_192_CBC_SHA256: case OP_PCL_PVT_TLS_AES_192_CBC_SHA512: case OP_PCL_PVT_TLS_AES_256_CBC_SHA160: case OP_PCL_PVT_TLS_AES_256_CBC_SHA224: case OP_PCL_PVT_TLS_AES_256_CBC_SHA384: case OP_PCL_PVT_TLS_AES_256_CBC_SHA512: case OP_PCL_PVT_TLS_AES_256_CBC_SHA256: case OP_PCL_PVT_TLS_AES_192_CBC_SHA384: case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE: case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF: return 0; } return -EINVAL; } static inline int __rta_ike_proto(uint16_t protoinfo) { switch (protoinfo) { case OP_PCL_IKE_HMAC_MD5: case OP_PCL_IKE_HMAC_SHA1: case OP_PCL_IKE_HMAC_AES128_CBC: case OP_PCL_IKE_HMAC_SHA256: case OP_PCL_IKE_HMAC_SHA384: case OP_PCL_IKE_HMAC_SHA512: case OP_PCL_IKE_HMAC_AES128_CMAC: return 0; } return -EINVAL; } static inline int __rta_ipsec_proto(uint16_t protoinfo) { uint16_t proto_cls1 = protoinfo & OP_PCL_IPSEC_CIPHER_MASK; uint16_t proto_cls2 = protoinfo & OP_PCL_IPSEC_AUTH_MASK; switch (proto_cls1) { case OP_PCL_IPSEC_AES_NULL_WITH_GMAC: if (rta_sec_era < RTA_SEC_ERA_2) return -EINVAL; /* no break */ case OP_PCL_IPSEC_AES_CCM8: case OP_PCL_IPSEC_AES_CCM12: case OP_PCL_IPSEC_AES_CCM16: case OP_PCL_IPSEC_AES_GCM8: case OP_PCL_IPSEC_AES_GCM12: case OP_PCL_IPSEC_AES_GCM16: /* CCM, GCM, GMAC require PROTINFO[7:0] = 0 */ if (proto_cls2 == OP_PCL_IPSEC_HMAC_NULL) return 0; return -EINVAL; case OP_PCL_IPSEC_NULL: if (rta_sec_era < RTA_SEC_ERA_2) return -EINVAL; /* no break */ case OP_PCL_IPSEC_DES_IV64: case OP_PCL_IPSEC_DES: case OP_PCL_IPSEC_3DES: case OP_PCL_IPSEC_AES_CBC: case OP_PCL_IPSEC_AES_CTR: break; default: return -EINVAL; } switch (proto_cls2) { case OP_PCL_IPSEC_HMAC_NULL: case OP_PCL_IPSEC_HMAC_MD5_96: case OP_PCL_IPSEC_HMAC_SHA1_96: case OP_PCL_IPSEC_AES_XCBC_MAC_96: case OP_PCL_IPSEC_HMAC_MD5_128: case OP_PCL_IPSEC_HMAC_SHA1_160: case OP_PCL_IPSEC_AES_CMAC_96: case OP_PCL_IPSEC_HMAC_SHA2_256_128: case OP_PCL_IPSEC_HMAC_SHA2_384_192: case OP_PCL_IPSEC_HMAC_SHA2_512_256: return 0; } return -EINVAL; } static inline int __rta_srtp_proto(uint16_t protoinfo) { uint16_t proto_cls1 = protoinfo & OP_PCL_SRTP_CIPHER_MASK; uint16_t proto_cls2 = protoinfo & OP_PCL_SRTP_AUTH_MASK; switch (proto_cls1) { case OP_PCL_SRTP_AES_CTR: switch (proto_cls2) { case OP_PCL_SRTP_HMAC_SHA1_160: return 0; } /* no break */ } return -EINVAL; } static inline int __rta_macsec_proto(uint16_t protoinfo) { switch (protoinfo) { case OP_PCL_MACSEC: return 0; } return -EINVAL; } static inline int __rta_wifi_proto(uint16_t protoinfo) { switch (protoinfo) { case OP_PCL_WIFI: return 0; } return -EINVAL; } static inline int __rta_wimax_proto(uint16_t protoinfo) { switch (protoinfo) { case OP_PCL_WIMAX_OFDM: case OP_PCL_WIMAX_OFDMA: return 0; } return -EINVAL; } /* Allowed blob proto flags for each SEC Era */ static const uint32_t proto_blob_flags[] = { OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM, OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK | OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM }; static inline int __rta_blob_proto(uint16_t protoinfo) { if (protoinfo & ~proto_blob_flags[rta_sec_era]) return -EINVAL; switch (protoinfo & OP_PCL_BLOB_FORMAT_MASK) { case OP_PCL_BLOB_FORMAT_NORMAL: case OP_PCL_BLOB_FORMAT_MASTER_VER: case OP_PCL_BLOB_FORMAT_TEST: break; default: return -EINVAL; } switch (protoinfo & OP_PCL_BLOB_REG_MASK) { case OP_PCL_BLOB_AFHA_SBOX: if (rta_sec_era < RTA_SEC_ERA_3) return -EINVAL; /* no break */ case OP_PCL_BLOB_REG_MEMORY: case OP_PCL_BLOB_REG_KEY1: case OP_PCL_BLOB_REG_KEY2: case OP_PCL_BLOB_REG_SPLIT: case OP_PCL_BLOB_REG_PKE: return 0; } return -EINVAL; } static inline int __rta_dlc_proto(uint16_t protoinfo) { if ((rta_sec_era < RTA_SEC_ERA_2) && (protoinfo & (OP_PCL_PKPROT_DSA_MSG | OP_PCL_PKPROT_HASH_MASK | OP_PCL_PKPROT_EKT_Z | OP_PCL_PKPROT_DECRYPT_Z | OP_PCL_PKPROT_DECRYPT_PRI))) return -EINVAL; switch (protoinfo & OP_PCL_PKPROT_HASH_MASK) { case OP_PCL_PKPROT_HASH_MD5: case OP_PCL_PKPROT_HASH_SHA1: case OP_PCL_PKPROT_HASH_SHA224: case OP_PCL_PKPROT_HASH_SHA256: case OP_PCL_PKPROT_HASH_SHA384: case OP_PCL_PKPROT_HASH_SHA512: break; default: return -EINVAL; } return 0; } static inline int __rta_rsa_enc_proto(uint16_t protoinfo) { switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) { case OP_PCL_RSAPROT_OP_ENC_F_IN: if ((protoinfo & OP_PCL_RSAPROT_FFF_MASK) != OP_PCL_RSAPROT_FFF_RED) return -EINVAL; break; case OP_PCL_RSAPROT_OP_ENC_F_OUT: switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) { case OP_PCL_RSAPROT_FFF_RED: case OP_PCL_RSAPROT_FFF_ENC: case OP_PCL_RSAPROT_FFF_EKT: case OP_PCL_RSAPROT_FFF_TK_ENC: case OP_PCL_RSAPROT_FFF_TK_EKT: break; default: return -EINVAL; } break; default: return -EINVAL; } return 0; } static inline int __rta_rsa_dec_proto(uint16_t protoinfo) { switch (protoinfo & OP_PCL_RSAPROT_OP_MASK) { case OP_PCL_RSAPROT_OP_DEC_ND: case OP_PCL_RSAPROT_OP_DEC_PQD: case OP_PCL_RSAPROT_OP_DEC_PQDPDQC: break; default: return -EINVAL; } switch (protoinfo & OP_PCL_RSAPROT_PPP_MASK) { case OP_PCL_RSAPROT_PPP_RED: case OP_PCL_RSAPROT_PPP_ENC: case OP_PCL_RSAPROT_PPP_EKT: case OP_PCL_RSAPROT_PPP_TK_ENC: case OP_PCL_RSAPROT_PPP_TK_EKT: break; default: return -EINVAL; } if (protoinfo & OP_PCL_RSAPROT_FMT_PKCSV15) switch (protoinfo & OP_PCL_RSAPROT_FFF_MASK) { case OP_PCL_RSAPROT_FFF_RED: case OP_PCL_RSAPROT_FFF_ENC: case OP_PCL_RSAPROT_FFF_EKT: case OP_PCL_RSAPROT_FFF_TK_ENC: case OP_PCL_RSAPROT_FFF_TK_EKT: break; default: return -EINVAL; } return 0; } /* * DKP Protocol - Restrictions on key (SRC,DST) combinations * For e.g. key_in_out[0][0] = 1 means (SRC=IMM,DST=IMM) combination is allowed */ static const uint8_t key_in_out[4][4] = { {1, 0, 0, 0}, {1, 1, 1, 1}, {1, 0, 1, 0}, {1, 0, 0, 1} }; static inline int __rta_dkp_proto(uint16_t protoinfo) { int key_src = (protoinfo & OP_PCL_DKP_SRC_MASK) >> OP_PCL_DKP_SRC_SHIFT; int key_dst = (protoinfo & OP_PCL_DKP_DST_MASK) >> OP_PCL_DKP_DST_SHIFT; if (!key_in_out[key_src][key_dst]) { pr_err("PROTO_DESC: Invalid DKP key (SRC,DST)\n"); return -EINVAL; } return 0; } static inline int __rta_3g_dcrc_proto(uint16_t protoinfo) { if (rta_sec_era == RTA_SEC_ERA_7) return -EINVAL; switch (protoinfo) { case OP_PCL_3G_DCRC_CRC7: case OP_PCL_3G_DCRC_CRC11: return 0; } return -EINVAL; } static inline int __rta_3g_rlc_proto(uint16_t protoinfo) { if (rta_sec_era == RTA_SEC_ERA_7) return -EINVAL; switch (protoinfo) { case OP_PCL_3G_RLC_NULL: case OP_PCL_3G_RLC_KASUMI: case OP_PCL_3G_RLC_SNOW: return 0; } return -EINVAL; } static inline int __rta_lte_pdcp_proto(uint16_t protoinfo) { if (rta_sec_era == RTA_SEC_ERA_7) return -EINVAL; switch (protoinfo) { case OP_PCL_LTE_ZUC: if (rta_sec_era < RTA_SEC_ERA_5) break; case OP_PCL_LTE_NULL: case OP_PCL_LTE_SNOW: case OP_PCL_LTE_AES: return 0; } return -EINVAL; } static inline int __rta_lte_pdcp_mixed_proto(uint16_t protoinfo) { switch (protoinfo & OP_PCL_LTE_MIXED_AUTH_MASK) { case OP_PCL_LTE_MIXED_AUTH_NULL: case OP_PCL_LTE_MIXED_AUTH_SNOW: case OP_PCL_LTE_MIXED_AUTH_AES: case OP_PCL_LTE_MIXED_AUTH_ZUC: break; default: return -EINVAL; } switch (protoinfo & OP_PCL_LTE_MIXED_ENC_MASK) { case OP_PCL_LTE_MIXED_ENC_NULL: case OP_PCL_LTE_MIXED_ENC_SNOW: case OP_PCL_LTE_MIXED_ENC_AES: case OP_PCL_LTE_MIXED_ENC_ZUC: return 0; } return -EINVAL; } struct proto_map { uint32_t optype; uint32_t protid; int (*protoinfo_func)(uint16_t); }; static const struct proto_map proto_table[] = { /*1*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_SSL30_PRF, __rta_ssl_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS10_PRF, __rta_ssl_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS11_PRF, __rta_ssl_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_TLS12_PRF, __rta_ssl_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DTLS_PRF, __rta_ssl_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV1_PRF, __rta_ike_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_IKEV2_PRF, __rta_ike_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DSAVERIFY, __rta_dlc_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC, __rta_ipsec_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SRTP, __rta_srtp_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_SSL30, __rta_ssl_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10, __rta_ssl_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11, __rta_ssl_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12, __rta_ssl_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS, __rta_ssl_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC, __rta_macsec_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI, __rta_wifi_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX, __rta_wimax_proto}, /*21*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_BLOB, __rta_blob_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DIFFIEHELLMAN, __rta_dlc_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSAENCRYPT, __rta_rsa_enc_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_RSADECRYPT, __rta_rsa_dec_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_DCRC, __rta_3g_dcrc_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_PDU, __rta_3g_rlc_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_3G_RLC_SDU, __rta_3g_rlc_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER, __rta_lte_pdcp_proto}, /*29*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL, __rta_lte_pdcp_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_MD5, __rta_dkp_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA1, __rta_dkp_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA224, __rta_dkp_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA256, __rta_dkp_proto}, {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA384, __rta_dkp_proto}, /*35*/ {OP_TYPE_UNI_PROTOCOL, OP_PCLID_DKP_SHA512, __rta_dkp_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto}, /*37*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DSASIGN, __rta_dlc_proto}, /*38*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_CTRL_MIXED, __rta_lte_pdcp_mixed_proto}, {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_IPSEC_NEW, __rta_ipsec_proto}, /*40*/ {OP_TYPE_DECAP_PROTOCOL, OP_PCLID_LTE_PDCP_USER_RN, __rta_lte_pdcp_mixed_proto}, }; /* * Allowed OPERATION protocols for each SEC Era. * Values represent the number of entries from proto_table[] that are supported. */ static const unsigned int proto_table_sz[] = {21, 29, 29, 29, 29, 35, 37, 40, 40, 40}; static inline int rta_proto_operation(struct program *program, uint32_t optype, uint32_t protid, uint16_t protoinfo) { uint32_t opcode = CMD_OPERATION; unsigned int i, found = 0; uint32_t optype_tmp = optype; unsigned int start_pc = program->current_pc; int ret = -EINVAL; for (i = 0; i < proto_table_sz[rta_sec_era]; i++) { /* clear last bit in optype to match also decap proto */ optype_tmp &= (uint32_t)~(1 << OP_TYPE_SHIFT); if (optype_tmp == proto_table[i].optype) { if (proto_table[i].protid == protid) { /* nothing else to verify */ if (proto_table[i].protoinfo_func == NULL) { found = 1; break; } /* check protoinfo */ ret = (*proto_table[i].protoinfo_func) (protoinfo); if (ret < 0) { pr_err("PROTO_DESC: Bad PROTO Type. SEC Program Line: %d\n", program->current_pc); goto err; } found = 1; break; } } } if (!found) { pr_err("PROTO_DESC: Operation Type Mismatch. SEC Program Line: %d\n", program->current_pc); goto err; } __rta_out32(program, opcode | optype | protid | protoinfo); program->current_instruction++; return (int)start_pc; err: program->first_error_pc = start_pc; program->current_instruction++; return ret; } static inline int rta_dkp_proto(struct program *program, uint32_t protid, uint16_t key_src, uint16_t key_dst, uint16_t keylen, uint64_t key, enum rta_data_type key_type) { unsigned int start_pc = program->current_pc; unsigned int in_words = 0, out_words = 0; int ret; key_src &= OP_PCL_DKP_SRC_MASK; key_dst &= OP_PCL_DKP_DST_MASK; keylen &= OP_PCL_DKP_KEY_MASK; ret = rta_proto_operation(program, OP_TYPE_UNI_PROTOCOL, protid, key_src | key_dst | keylen); if (ret < 0) return ret; if ((key_src == OP_PCL_DKP_SRC_PTR) || (key_src == OP_PCL_DKP_SRC_SGF)) { __rta_out64(program, program->ps, key); in_words = program->ps ? 2 : 1; } else if (key_src == OP_PCL_DKP_SRC_IMM) { __rta_inline_data(program, key, inline_flags(key_type), keylen); in_words = (unsigned int)((keylen + 3) / 4); } if ((key_dst == OP_PCL_DKP_DST_PTR) || (key_dst == OP_PCL_DKP_DST_SGF)) { out_words = in_words; } else if (key_dst == OP_PCL_DKP_DST_IMM) { out_words = split_key_len(protid) / 4; } if (out_words < in_words) { pr_err("PROTO_DESC: DKP doesn't currently support a smaller descriptor\n"); program->first_error_pc = start_pc; return -EINVAL; } /* If needed, reserve space in resulting descriptor for derived key */ program->current_pc += (out_words - in_words); return (int)start_pc; } #endif /* __RTA_PROTOCOL_CMD_H__ */