desc.h revision 202175
1/*- 2 * Copyright (c) 2003-2009 RMI Corporation 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of RMI Corporation, nor the names of its contributors, 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * RMI_BSD */ 30#ifndef _DESC_H_ 31#define _DESC_H_ 32 33 34#define ONE_BIT 0x0000000000000001ULL 35#define TWO_BITS 0x0000000000000003ULL 36#define THREE_BITS 0x0000000000000007ULL 37#define FOUR_BITS 0x000000000000000fULL 38#define FIVE_BITS 0x000000000000001fULL 39#define SIX_BITS 0x000000000000003fULL 40#define SEVEN_BITS 0x000000000000007fULL 41#define EIGHT_BITS 0x00000000000000ffULL 42#define NINE_BITS 0x00000000000001ffULL 43#define ELEVEN_BITS 0x00000000000007ffULL 44#define TWELVE_BITS 0x0000000000000fffULL 45#define FOURTEEN_BITS 0x0000000000003fffULL 46#define TWENTYFOUR_BITS 0x0000000000ffffffULL 47#define THIRTY_TWO_BITS 0x00000000ffffffffULL 48#define THIRTY_FIVE_BITS 0x00000007ffffffffULL 49#define FOURTY_BITS 0x000000ffffffffffULL 50 51#define MSG_IN_CTL_LEN_BASE 40 52#define MSG_IN_CTL_ADDR_BASE 0 53 54#define GET_FIELD(word,field) \ 55 ((word) & (field ## _MASK)) >> (field ## _LSB) 56 57#define FIELD_VALUE(field,value) (((value) & (field ## _BITS)) << (field ## _LSB)) 58 59/* 60 * NOTE: this macro expects 'word' to be uninitialized (i.e. zeroed) 61 */ 62#define SET_FIELD(word,field,value) \ 63 { (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); } 64 65/* 66 * This macro clears 'word', then sets the value 67 */ 68#define CLEAR_SET_FIELD(word,field,value) \ 69 { (word) &= ~((field ## _BITS) << (field ## _LSB)); \ 70 (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); } 71 72/* 73 * NOTE: May be used to build value specific mask 74 * (e.g. GEN_MASK(CTL_DSC_CPHR_3DES,CTL_DSC_CPHR_LSB) 75 */ 76#define GEN_MASK(bits,lsb) ((bits) << (lsb)) 77 78 79 80 81/* 82 * Security block data and control exchange 83 * 84 * A 2-word message ring descriptor is used to pass a pointer to the control descriptor data structure 85 * and a pointer to the packet descriptor data structure: 86 * 87 * 63 61 60 54 53 52 49 48 45 44 40 88 * 39 5 4 0 89 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 90 * | Ctrl | Resp Dest Id Entry0 | IF_L2ALLOC | UNUSED | Control Length | UNUSED 91 * | 35 MSB of address of control descriptor data structure | Software Scratch0 92 * | 93 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 94 * 3 7 1 4 4 5 95 * 35 5 96 * 97 * 63 61 60 54 53 52 51 50 46 45 44 40 39 5 4 0 98 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 99 * | Ctrl | UNUSED | WRB_COH | WRB_L2ALLOC | DF_PTR_L2ALLOC | UNUSED | Data Length | UNUSED | 35 MSB of address of packet descriptor data structure | UNUSED | 100 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 101 * 3 7 1 1 1 5 1 5 35 5 102 * 103 * Addresses assumed to be cache-line aligned, i.e., Address[4:0] ignored (using 5'h00 instead) 104 * 105 * Control length is the number of control cachelines to be read so user needs 106 * to round up 107 * the control length to closest integer multiple of 32 bytes. Note that at 108 * present (08/12/04) 109 * the longest (sensical) ctrl structure is <= 416 bytes, i.e., 13 cachelines. 110 * 111 * The packet descriptor data structure size is fixed at 1 cacheline (32 bytes). 112 * This effectively makes "Data Length" a Load/NoLoad bit. NoLoad causes an abort. 113 * 114 * 115 * Upon completion of operation, the security block returns a 2-word free descriptor 116 * in the following format: 117 * 118 * 63 61 60 54 53 52 51 49 48 47 40 39 0 119 * ---------------------------------------------------------------------------------------------------------------------------- 120 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Instruction Error | Address of control descriptor data structure | 121 * ---------------------------------------------------------------------------------------------------------------------------- 122 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Data Error | Address of packet descriptor data structure | 123 * ---------------------------------------------------------------------------------------------------------------------------- 124 * 125 * The Instruction and Data Error codes are enumerated in the 126 * ControlDescriptor and PacketDescriptor sections below 127 * 128 */ 129 130 131/* 132 * Operating assumptions 133 * ===================== 134 * 135 * 136 * -> For all IpSec ops, I assume that all the IP/IPSec/TCP headers 137 * and the data are present at the specified source addresses. 138 * I also assume that all necessary header data already exists 139 * at the destination. Additionally, in AH I assume that all 140 * mutable fields (IP.{TOS, Flags, Offset, TTL, Header_Checksum}) 141 * and the AH.Authentication_Data have been zeroed by the client. 142 * 143 * 144 * -> In principle, the HW can calculate TCP checksums on both 145 * incoming and outgoing data; however, since the TCP header 146 * contains the TCP checksum of the plain payload and the header 147 * is encrypted, two passes would be necessary to do checksum + encryption 148 * for outgoing messages; 149 * therefore the checksum engine will likely only be used during decryption 150 * (incoming). 151 * 152 * 153 * -> For all operations involving TCP checksum, I assume the client has filled 154 * the TCP checksum field with the appropriate value: 155 * 156 * - 0 for generation phase 157 * - actual value for verification phase (expecting 0 result) 158 * 159 * 160 * -> For ESP tunnel, the original IP header exists between the end of the 161 * ESP header and the beginning of the TCP header; it is assumed that the 162 * maximum length of this header is 16 k(32bit)words (used in CkSum_Offset). 163 * 164 * 165 * -> The authentication data is merely written to the destination address; 166 * the client is left with the task of comparing to the data in packet 167 * in decrypt. 168 * 169 * -> PacketDescriptor_t.dstLLWMask relevant to AES CTR mode only but it will 170 * affect all AES-related operations. It will not affect DES/3DES/bypass ops. 171 * The mask is applied to data as it emerges from the AES engine for the sole 172 * purpose of providing the authenticator and cksum engines with correct data. 173 * CAVEAT: the HW does not mask the incoming data. It is the user's responsibility 174 * to set to 0 the corresponding data in memory. If the surplus data is not masked 175 * in memory, cksum/auth results will be incorrect if those engines receive data 176 * straight from memory (i.e., not from cipher, as it happens while decoding) 177 */ 178 179/* 180 * Fragmentation and offset related notes 181 * ====================================== 182 * 183 * 184 * A) Rebuilding packets from fragments on dword boundaries. The discussion 185 * below is exemplified by tests memcpy_all_off_frags and memcpy_same_off_frags 186 * 187 * 1) The Offset before data/iv on first fragment is ALWAYS written back 188 * Non-zero dst dword or global offsets may cause more data to be 189 * written than the user-specified length. 190 * 191 * 192 * Example: 193 * -------- 194 * 195 * Below is a source (first fragment) packet (@ ADD0 cache-aligned address). 196 * Assume we just copy it and relevant data starts on 197 * dword 3 so Cipher_Offset = IV_Offset = 3 (dwords). 198 * D0X denotes relevant data and G denotes dont care data. 199 * Offset data is also copied so Packet_Legth = 9 (dwords) * 8 = 72 (bytes) 200 * Segment_src_address = ADD0 201 * 202 * If we want to, e.g., copy so that the relevant (i.e., D0X) data 203 * starts at (cache-aligned address) ADD1, we need to specify 204 * Dst_dword_offset = 1 so D00 is moved from dword position 3 to 0 on next cache-line 205 * Cipher_dst_address = ADD1 - 0x20 so D00 is written to ADD1 206 * 207 * Note that the security engine always writes full cachelines 208 * therefore, data written to dword0 0 of ADD1 (denoted w/ ?) is what the sec pipe 209 * write back buffer contained from previous op. 210 * 211 * 212 * SOURCE: DESTINATION: 213 * ------- ------------ 214 * 215 * Segment_src_address = ADD0 Cipher_dst_address = ADD1 - 0x20 216 * Packet_Legth = 72 Dst_dword_offset = 1 217 * Cipher_Offset = 3 218 * IV_Offset = 3 219 * Use_IV = ANY 220 * 221 * 222 * 223 * 3 2 1 0 3 2 1 0 224 * ----------------------- ----------------------- 225 * | D00 | G | G | G | <- ADD0 | G | G | G | ? | <- ADD1 - 0x20 226 * ----------------------- ----------------------- 227 * | D04 | D03 | D02 | D01 | | D03 | D02 | D01 | D00 | <- ADD1 228 * ----------------------- ----------------------- 229 * | | | | D05 | | | | D05 | D04 | 230 * ----------------------- ----------------------- 231 * 232 * 2) On fragments following the first, IV_Offset is overloaded to mean data offset 233 * (number of dwords to skip from beginning of cacheline before starting processing) 234 * and Use_IV is overloaded to mean do writeback the offset (in the clear). 235 * These fields in combination with Dst_dword_offset allow packet fragments with 236 * arbitrary boundaries/lengthd to be reasembled. 237 * 238 * 239 * Example: 240 * -------- 241 * 242 * Assume data above was first fragment of a packet we'd like to merge to 243 * (second) fragment below located at ADD2. The written data should follow 244 * the previous data without gaps or overwrites. To achieve this, one should 245 * assert the "Next" field on the previous fragment and use self-explanatory 246 * set of parameters below 247 * 248 * 249 * SOURCE: DESTINATION: 250 * ------- ------------ 251 * 252 * Segment_src_address = ADD2 Cipher_dst_address = ADD1 + 0x20 253 * Packet_Legth = 104 Dst_dword_offset = 1 254 * IV_Offset = 1 255 * Use_IV = 0 256 * 257 * 258 * 259 * 3 2 1 0 3 2 1 0 260 * ----------------------- ----------------------- 261 * | D12 | D11 | D10 | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20 262 * ----------------------- ----------------------- 263 * | D16 | D15 | D14 | D13 | | D03 | D02 | D01 | D00 | <- ADD1 264 * ----------------------- ----------------------- 265 * | D1a | D19 | D18 | D17 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20 266 * ----------------------- ----------------------- 267 * | | | | D1b | | D15 | D14 | D13 | D12 | 268 * ----------------------- ----------------------- 269 * | D19 | D18 | D17 | D16 | 270 * ----------------------- 271 * | | | D1b | D1a | 272 * ----------------------- 273 * 274 * It is note-worthy that the merging can only be achieved if Use_IV is 0. Indeed, the security 275 * engine always writes full lines, therefore ADD1 + 0x20 will be re-written. Setting Use_IV to 0 276 * will allow the sec pipe write back buffer to preserve D04, D05 from previous frag and only 277 * receive D10, D11 thereby preserving the integrity of the previous data. 278 * 279 * 3) On fragments following the first, !UseIV in combination w/ Dst_dword_offset >= (4 - IV_Offset) 280 * will cause a wraparound of the write thus achieving all 16 possible (Initial_Location, Final_Location) 281 * combinations for the data. 282 * 283 * 284 * Example: 285 * -------- 286 * 287 * Contiguously merging 2 data sets above with a third located at ADD3. If this is the last fragment, 288 * reset its Next bit. 289 * 290 * 291 * SOURCE: DESTINATION: 292 * ------- ------------ 293 * 294 * Segment_src_address = ADD3 Cipher_dst_address = ADD1 + 0x80 295 * Packet_Legth = 152 Dst_dword_offset = 3 296 * IV_Offset = 3 297 * Use_IV = 0 298 * 299 * 300 * 301 * 3 2 1 0 3 2 1 0 302 * ----------------------- ----------------------- 303 * | D20 | G | G | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20 304 * ----------------------- ----------------------- 305 * | D24 | D23 | D22 | D21 | | D03 | D02 | D01 | D00 | <- ADD1 306 * ----------------------- ----------------------- 307 * | D28 | D27 | D26 | D25 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20 308 * ----------------------- ----------------------- 309 * | D2c | D2b | D2a | D29 | | D15 | D14 | D13 | D12 | 310 * ----------------------- ----------------------- 311 * | | D2f | D2e | D2d | | D19 | D18 | D17 | D16 | 312 * ----------------------- ----------------------- 313 * | D21 | D20 | D1b | D1a | <- ADD1 + 0x80 314 * ----------------------- 315 * | D25 | D24 | D23 | D22 | 316 * ----------------------- 317 * | D29 | D28 | D27 | D26 | 318 * ----------------------- 319 * | D2d | D2c | D2b | D2a | 320 * ----------------------- 321 * |(D2d)|(D2c)| D2f | D2e | 322 * ----------------------- 323 * 324 * It is worth noticing that always writing full-lines causes the last 2 dwords in the reconstituted 325 * packet to be unnecessarily written: (D2d) and (D2c) 326 * 327 * 328 * 329 * B) Implications of fragmentation on AES 330 * 331 * 1) AES is a 128 bit block cipher; therefore it requires an even dword total data length 332 * Data fragments (provided there are more than 1) are allowed to have odd dword 333 * data lengths provided the total length (cumulated over fragments) is an even dword 334 * count; an error will be generated otherwise, upon receiving the last fragment descriptor 335 * (see error conditions below). 336 * 337 * 2) While using fragments with AES, a fragment (other than first) starting with a != 0 (IV) offset 338 * while the subsequent total dword count given to AES is odd may not be required to write 339 * its offset (UseIV). Doing so will cause an error (see error conditions below). 340 * 341 * 342 * Example: 343 * -------- 344 * 345 * Suppose the first fragment has an odd DATA dword count and USES AES (as seen below) 346 * 347 * SOURCE: DESTINATION: 348 * ------- ------------ 349 * 350 * Segment_src_address = ADD0 Cipher_dst_address = ADD1 351 * Packet_Legth = 64 Dst_dword_offset = 1 352 * Cipher_Offset = 3 353 * IV_Offset = 1 354 * Use_IV = 1 355 * Cipher = Any AES 356 * Next = 1 357 * 358 * 359 * 360 * 361 * 3 2 1 0 3 2 1 0 362 * ----------------------- ----------------------- 363 * | D00 | IV1 | IV0 | G | <- ADD0 | E00 | IV1 | IV0 | G | <- ADD1 364 * ----------------------- ----------------------- 365 * | D04 | D03 | D02 | D01 | | X | E03 | E02 | E01 | 366 * ----------------------- ----------------------- 367 * 368 * At the end of processing of the previous fragment, the AES engine input buffer has D04 369 * and waits for next dword, therefore the writeback buffer cannot finish writing the fragment 370 * to destination (X instead of E04). 371 * 372 * If a second fragment now arrives with a non-0 offset and requires the offset data to be 373 * written to destination, the previous write (still needing the arrival of the last dword 374 * required by the AES to complete the previous operation) cannot complete before the present 375 * should start causing a deadlock. 376 */ 377 378/* 379 * Command Control Word for Message Ring Descriptor 380 */ 381 382/* #define MSG_CMD_CTL_CTL */ 383#define MSG_CMD_CTL_CTL_LSB 61 384#define MSG_CMD_CTL_CTL_BITS THREE_BITS 385#define MSG_CMD_CTL_CTL_MASK (MSG_CMD_CTL_CTL_BITS << MSG_CMD_CTL_CTL_LSB) 386 387/* #define MSG_CMD_CTL_ID */ 388#define MSG_CMD_CTL_ID_LSB 54 389#define MSG_CMD_CTL_ID_BITS SEVEN_BITS 390#define MSG_CMD_CTL_ID_MASK (MSG_CMD_CTL_ID_BITS << MSG_CMD_CTL_ID_LSB) 391 392/* #define MSG_CMD_CTL_LEN */ 393#define MSG_CMD_CTL_LEN_LSB 45 394#define MSG_CMD_CTL_LEN_BITS FOUR_BITS 395#define MSG_CMD_CTL_LEN_MASK (MSG_CMD_CTL_LEN_BITS << MSG_CMD_CTL_LEN_LSB) 396 397 398/* #define MSG_CMD_CTL_ADDR */ 399#define MSG_CMD_CTL_ADDR_LSB 0 400#define MSG_CMD_CTL_ADDR_BITS FOURTY_BITS 401#define MSG_CMD_CTL_ADDR_MASK (MSG_CMD_CTL_ADDR_BITS << MSG_CMD_CTL_ADDR_LSB) 402 403#define MSG_CMD_CTL_MASK (MSG_CMD_CTL_CTL_MASK | \ 404 MSG_CMD_CTL_LEN_MASK | MSG_CMD_CTL_ADDR_MASK) 405 406/* 407 * Command Data Word for Message Ring Descriptor 408 */ 409 410/* #define MSG_IN_DATA_CTL */ 411#define MSG_CMD_DATA_CTL_LSB 61 412#define MSG_CMD_DATA_CTL_BITS THREE_BITS 413#define MSG_CMD_DATA_CTL_MASK (MSG_CMD_DATA_CTL_BITS << MSG_CMD_DATA_CTL_LSB) 414 415/* #define MSG_CMD_DATA_LEN */ 416#define MSG_CMD_DATA_LEN_LOAD 1 417#define MSG_CMD_DATA_LEN_LSB 45 418#define MSG_CMD_DATA_LEN_BITS ONE_BIT 419#define MSG_CMD_DATA_LEN_MASK (MSG_CMD_DATA_LEN_BITS << MSG_CMD_DATA_LEN_LSB) 420 421/* #define MSG_CMD_DATA_ADDR */ 422#define MSG_CMD_DATA_ADDR_LSB 0 423#define MSG_CMD_DATA_ADDR_BITS FOURTY_BITS 424#define MSG_CMD_DATA_ADDR_MASK (MSG_CMD_DATA_ADDR_BITS << MSG_CMD_DATA_ADDR_LSB) 425 426#define MSG_CMD_DATA_MASK (MSG_CMD_DATA_CTL_MASK | \ 427 MSG_CMD_DATA_LEN_MASK | MSG_CMD_DATA_ADDR_MASK) 428 429 430/* 431 * Upon completion of operation, the Sec block returns a 2-word free descriptor 432 * in the following format: 433 * 434 * 63 61 60 54 53 52 51 49 48 40 39 0 435 * ---------------------------------------------------------------------------- 436 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address | 437 * ---------------------------------------------------------------------------- 438 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address | 439 * ---------------------------------------------------------------------------- 440 * 441 * The Control and Data Error codes are enumerated below 442 * 443 * Error conditions 444 * ================ 445 * 446 * Control Error Code Control Error Condition 447 * ------------------ --------------------------- 448 * 9'h000 No Error 449 * 9'h001 Unknown Cipher Op ( Cipher == 3'h{6,7}) 450 * 9'h002 Unknown or Illegal Mode ((Mode == 3'h{2,3,4} & !AES) | (Mode == 3'h{5,6,7})) 451 * 9'h004 Unsupported CkSum Src (CkSum_Src == 2'h{2,3} & CKSUM) 452 * 9'h008 Forbidden CFB Mask (AES & CFBMode & UseNewKeysCFBMask & CFBMask[7] & (| CFBMask[6:0])) 453 * 9'h010 Unknown Ctrl Op ((| Ctrl[63:37]) | (| Ctrl[15:14])) 454 * 9'h020 UNUSED 455 * 9'h040 UNUSED 456 * 9'h080 Data Read Error 457 * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP) 458 * 459 * Data Error Code Data Error Condition 460 * --------------- -------------------- 461 * 9'h000 No Error 462 * 9'h001 Insufficient Data To Cipher (Packet_Length <= (Cipher_Offset or IV_Offset)) 463 * 9'h002 Illegal IV Location ((Cipher_Offset < IV_Offset) | (Cipher_Offset <= IV_Offset & AES & ~CTR)) 464 * 9'h004 Illegal Wordcount To AES (Packet_Length[3] != Cipher_Offset[0] & AES) 465 * 9'h008 Illegal Pad And ByteCount Spec (Hash_Byte_Count != 0 & !Pad_Hash) 466 * 9'h010 Insufficient Data To CkSum ({Packet_Length, 1'b0} <= CkSum_Offset) 467 * 9'h020 Unknown Data Op ((| dstLLWMask[63:60]) | (| dstLLWMask[57:40]) | (| authDst[63:40]) | (| ckSumDst[63:40])) 468 * 9'h040 Insufficient Data To Auth ({Packet_Length} <= Auth_Offset) 469 * 9'h080 Data Read Error 470 * 9'h100 UNUSED 471 */ 472 473/* 474 * Result Control Word for Message Ring Descriptor 475 */ 476 477/* #define MSG_RSLT_CTL_CTL */ 478#define MSG_RSLT_CTL_CTL_LSB 61 479#define MSG_RSLT_CTL_CTL_BITS THREE_BITS 480#define MSG_RSLT_CTL_CTL_MASK \ 481 (MSG_RSLT_CTL_CTL_BITS << MSG_RSLT_CTL_CTL_LSB) 482 483/* #define MSG_RSLT_CTL_DST_ID */ 484#define MSG_RSLT_CTL_DST_ID_LSB 54 485#define MSG_RSLT_CTL_DST_ID_BITS SEVEN_BITS 486#define MSG_RSLT_CTL_DST_ID_MASK \ 487 (MSG_RSLT_CTL_DST_ID_BITS << MSG_RSLT_CTL_DST_ID_LSB) 488 489/* #define MSG_RSLT_CTL_DSC_CTL */ 490#define MSG_RSLT_CTL_DSC_CTL_LSB 49 491#define MSG_RSLT_CTL_DSC_CTL_BITS THREE_BITS 492#define MSG_RSLT_CTL_DSC_CTL_MASK \ 493 (MSG_RSLT_CTL_DSC_CTL_BITS << MSG_RSLT_CTL_DSC_CTL_LSB) 494 495/* #define MSG_RSLT_CTL_INST_ERR */ 496#define MSG_RSLT_CTL_INST_ERR_LSB 40 497#define MSG_RSLT_CTL_INST_ERR_BITS NINE_BITS 498#define MSG_RSLT_CTL_INST_ERR_MASK \ 499 (MSG_RSLT_CTL_INST_ERR_BITS << MSG_RSLT_CTL_INST_ERR_LSB) 500 501/* #define MSG_RSLT_CTL_DSC_ADDR */ 502#define MSG_RSLT_CTL_DSC_ADDR_LSB 0 503#define MSG_RSLT_CTL_DSC_ADDR_BITS FOURTY_BITS 504#define MSG_RSLT_CTL_DSC_ADDR_MASK \ 505 (MSG_RSLT_CTL_DSC_ADDR_BITS << MSG_RSLT_CTL_DSC_ADDR_LSB) 506 507/* #define MSG_RSLT_CTL_MASK */ 508#define MSG_RSLT_CTL_MASK \ 509 (MSG_RSLT_CTL_CTRL_MASK | MSG_RSLT_CTL_DST_ID_MASK | \ 510 MSG_RSLT_CTL_DSC_CTL_MASK | MSG_RSLT_CTL_INST_ERR_MASK | \ 511 MSG_RSLT_CTL_DSC_ADDR_MASK) 512 513/* 514 * Result Data Word for Message Ring Descriptor 515 */ 516/* #define MSG_RSLT_DATA_CTL */ 517#define MSG_RSLT_DATA_CTL_LSB 61 518#define MSG_RSLT_DATA_CTL_BITS THREE_BITS 519#define MSG_RSLT_DATA_CTL_MASK \ 520 (MSG_RSLT_DATA_CTL_BITS << MSG_RSLT_DATA_CTL_LSB) 521 522/* #define MSG_RSLT_DATA_DST_ID */ 523#define MSG_RSLT_DATA_DST_ID_LSB 54 524#define MSG_RSLT_DATA_DST_ID_BITS SEVEN_BITS 525#define MSG_RSLT_DATA_DST_ID_MASK \ 526 (MSG_RSLT_DATA_DST_ID_BITS << MSG_RSLT_DATA_DST_ID_LSB) 527 528/* #define MSG_RSLT_DATA_DSC_CTL */ 529#define MSG_RSLT_DATA_DSC_CTL_LSB 49 530#define MSG_RSLT_DATA_DSC_CTL_BITS THREE_BITS 531#define MSG_RSLT_DATA_DSC_CTL_MASK \ 532 (MSG_RSLT_DATA_DSC_CTL_BITS << MSG_RSLT_DATA_DSC_CTL_LSB) 533 534/* #define MSG_RSLT_DATA_INST_ERR */ 535#define MSG_RSLT_DATA_INST_ERR_LSB 40 536#define MSG_RSLT_DATA_INST_ERR_BITS NINE_BITS 537#define MSG_RSLT_DATA_INST_ERR_MASK \ 538 (MSG_RSLT_DATA_INST_ERR_BITS << MSG_RSLT_DATA_INST_ERR_LSB) 539 540/* #define MSG_RSLT_DATA_DSC_ADDR */ 541#define MSG_RSLT_DATA_DSC_ADDR_LSB 0 542#define MSG_RSLT_DATA_DSC_ADDR_BITS FOURTY_BITS 543#define MSG_RSLT_DATA_DSC_ADDR_MASK \ 544 (MSG_RSLT_DATA_DSC_ADDR_BITS << MSG_RSLT_DATA_DSC_ADDR_LSB) 545 546#define MSG_RSLT_DATA_MASK \ 547 (MSG_RSLT_DATA_CTRL_MASK | MSG_RSLT_DATA_DST_ID_MASK | \ 548 MSG_RSLT_DATA_DSC_CTL_MASK | MSG_RSLT_DATA_INST_ERR_MASK | \ 549 MSG_RSLT_DATA_DSC_ADDR_MASK) 550 551 552/* 553 * Common Message Definitions 554 * 555 */ 556 557/* #define MSG_CTL_OP_ADDR */ 558#define MSG_CTL_OP_ADDR_LSB 0 559#define MSG_CTL_OP_ADDR_BITS FOURTY_BITS 560#define MSG_CTL_OP_ADDR_MASK (MSG_CTL_OP_ADDR_BITS << MSG_CTL_OP_ADDR_LSB) 561 562#define MSG_CTL_OP_TYPE 563#define MSG_CTL_OP_TYPE_LSB 3 564#define MSG_CTL_OP_TYPE_BITS TWO_BITS 565#define MSG_CTL_OP_TYPE_MASK \ 566 (MSG_CTL_OP_TYPE_BITS << MSG_CTL_OP_TYPE_LSB) 567 568#define MSG0_CTL_OP_ENGINE_SYMKEY 0x01 569#define MSG0_CTL_OP_ENGINE_PUBKEY 0x02 570 571#define MSG1_CTL_OP_SYMKEY_PIPE0 0x00 572#define MSG1_CTL_OP_SYMKEY_PIPE1 0x01 573#define MSG1_CTL_OP_SYMKEY_PIPE2 0x02 574#define MSG1_CTL_OP_SYMKEY_PIPE3 0x03 575 576#define MSG1_CTL_OP_PUBKEY_PIPE0 0x00 577#define MSG1_CTL_OP_PUBKEY_PIPE1 0x01 578#define MSG1_CTL_OP_PUBKEY_PIPE2 0x02 579#define MSG1_CTL_OP_PUBKEY_PIPE3 0x03 580 581 582/* /----------------------------------------\ 583 * | | 584 * | ControlDescriptor_s datastructure | 585 * | | 586 * \----------------------------------------/ 587 * 588 * 589 * ControlDescriptor_t.Instruction 590 * ------------------------------- 591 * 592 * 63 44 43 42 41 40 39 35 34 32 31 29 28 593 * -------------------------------------------------------------------------------------------------------------------- 594 * || UNUSED || OverrideCipher | Arc4Wait4Save | SaveArc4State | LoadArc4State | Arc4KeyLen | Cipher | Mode | InCp_Key || ... CONT ... 595 * -------------------------------------------------------------------------------------------------------------------- 596 * 20 1 1 1 1 5 3 3 1 597 * <-----------------------------------------------CIPHER---------------------------------------------------> 598 * 599 * 27 25 24 23 22 21 20 19 17 16 15 0 600 * ----------------------------------------------------------------------------- 601 * || UNUSED | Hash_Hi | HMAC | Hash_Lo | InHs_Key || UNUSED || CkSum || UNUSED || 602 * ----------------------------------------------------------------------------- 603 * 3 1 1 2 1 3 1 16 604 * <---------------------HASH---------------------><-----------CKSUM-----------> 605 * 606 * X0 CIPHER.Arc4Wait4Save = If op is Arc4 and it requires state saving, then 607 * setting this bit will cause the current op to 608 * delay subsequent op loading until saved state data 609 * becomes visible. 610 * CIPHER.OverrideCipher = Override encryption if PacketDescriptor_t.dstDataSettings.CipherPrefix 611 * is set; data will be copied out (and optionally auth/cksum) 612 * in the clear. This is used in GCM mode if auth only as we 613 * still need E(K, 0) calculated by cipher. Engine behavior is 614 * undefined if this bit is set and CipherPrefix is not. 615 * X0 SaveArc4State = Save Arc4 state at the end of Arc4 operation 616 * X0 LoadArc4State = Load Arc4 state at the beginning of an Arc4 operation 617 * This overriden by the InCp_Key setting for Arc4 618 * Arc4KeyLen = Length in bytes of Arc4 key (0 is interpreted as 32) 619 * Ignored for other ciphers 620 * For ARC4, IFetch/IDecode will always read exactly 4 621 * consecutive dwords into its CipherKey{0,3} regardless 622 * of this quantity; it will however only use the specified 623 * number of bytes. 624 * Cipher = 3'b000 Bypass 625 * 3'b001 DES 626 * 3'b010 3DES 627 * 3'b011 AES 128-bit key 628 * 3'b100 AES 192-bit key 629 * 3'b101 AES 256-bit key 630 * 3'b110 ARC4 631 * 3'b111 Kasumi f8 632 * Remainder UNDEFINED 633 * Mode = 3'b000 ECB 634 * 3'b001 CBC 635 * 3'b010 CFB (AES only, otherwise undefined) 636 * 3'b011 OFB (AES only, otherwise undefined) 637 * 3'b100 CTR (AES only, otherwise undefined) 638 * 3'b101 F8 (AES only, otherwise undefined) 639 * Remainder UNDEFINED 640 * InCp_Key = 1'b0 Preserve old Cipher Keys 641 * 1'b1 Load new Cipher Keys from memory to local registers 642 * and recalculate the Arc4 Sbox if Arc4 Cipher chosen; 643 * This overrides LoadArc4State setting. 644 * HASH.HMAC = 1'b0 Hash without HMAC 645 * 1'b1 Hash with HMAC 646 * Needs to be set to 0 for GCM and Kasumi F9 authenticators 647 * otherwise unpredictable results will be generated 648 * Hash = 2'b00 Hash NOP 649 * 2'b01 MD5 650 * 2'b10 SHA-1 651 * 2'b11 SHA-256 652 * 3'b100 SHA-384 653 * 3'b101 SHA-512 654 * 3'b110 GCM 655 * 3'b111 Kasumi f9 656 * InHs_Key = 1'b0 Preserve old HMAC Keys 657 * If GCM is selected as authenticator, leaving this bit 658 * at 0 will cause the engine to use the old H value. 659 * It will use the old SCI inside the decoder if 660 * CFBMask[1:0] == 2'b11. 661 * If Kasumi F9 authenticator, using 0 preserves 662 * old keys (IK) in decoder. 663 * 1'b1 Load new HMAC Keys from memory to local registers 664 * Setting this bit while Cipher=Arc4 and LoadArc4State=1 665 * causes the decoder to load the Arc4 state from the 666 * cacheline following the HMAC keys (Whether HASH.HMAC 667 * is set or not). 668 * If GCM is selected as authenticator, setting this bit 669 * causes both H (16 bytes) and SCI (8 bytes) to be loaded 670 * from memory to the decoder. H will be loaded to the engine 671 * but SCI is only loaded to the engine if CFBMask[1:0] == 2'b11. 672 * If Kasumi F9 authenticator, using 1 loads new keys (IK) 673 * from memory to decoder. 674 * CHECKSUM.CkSum = 1'b0 CkSum NOP 675 * 1'b1 INTERNET_CHECKSUM 676 * 677 * 678 * 679 */ 680 681 /* #define CTRL_DSC_OVERRIDECIPHER */ 682#define CTL_DSC_OVERRIDECIPHER_OFF 0 683#define CTL_DSC_OVERRIDECIPHER_ON 1 684#define CTL_DSC_OVERRIDECIPHER_LSB 43 685#define CTL_DSC_OVERRIDECIPHER_BITS ONE_BIT 686#define CTL_DSC_OVERRIDECIPHER_MASK (CTL_DSC_OVERRIDECIPHER_BITS << CTL_DSC_OVERRIDECIPHER_LSB) 687 688/* #define CTRL_DSC_ARC4_WAIT4SAVE */ 689#define CTL_DSC_ARC4_WAIT4SAVE_OFF 0 690#define CTL_DSC_ARC4_WAIT4SAVE_ON 1 691#define CTL_DSC_ARC4_WAIT4SAVE_LSB 42 692#define CTL_DSC_ARC4_WAIT4SAVE_BITS ONE_BIT 693#define CTL_DSC_ARC4_WAIT4SAVE_MASK (CTL_DSC_ARC4_WAIT4SAVE_BITS << CTL_DSC_ARC4_WAIT4SAVE_LSB) 694 695/* #define CTRL_DSC_ARC4_SAVESTATE */ 696#define CTL_DSC_ARC4_SAVESTATE_OFF 0 697#define CTL_DSC_ARC4_SAVESTATE_ON 1 698#define CTL_DSC_ARC4_SAVESTATE_LSB 41 699#define CTL_DSC_ARC4_SAVESTATE_BITS ONE_BIT 700#define CTL_DSC_ARC4_SAVESTATE_MASK (CTL_DSC_ARC4_SAVESTATE_BITS << CTL_DSC_ARC4_SAVESTATE_LSB) 701 702/* #define CTRL_DSC_ARC4_LOADSTATE */ 703#define CTL_DSC_ARC4_LOADSTATE_OFF 0 704#define CTL_DSC_ARC4_LOADSTATE_ON 1 705#define CTL_DSC_ARC4_LOADSTATE_LSB 40 706#define CTL_DSC_ARC4_LOADSTATE_BITS ONE_BIT 707#define CTL_DSC_ARC4_LOADSTATE_MASK (CTL_DSC_ARC4_LOADSTATE_BITS << CTL_DSC_ARC4_LOADSTATE_LSB) 708 709/* #define CTRL_DSC_ARC4_KEYLEN */ 710#define CTL_DSC_ARC4_KEYLEN_LSB 35 711#define CTL_DSC_ARC4_KEYLEN_BITS FIVE_BITS 712#define CTL_DSC_ARC4_KEYLEN_MASK (CTL_DSC_ARC4_KEYLEN_BITS << CTL_DSC_ARC4_KEYLEN_LSB) 713 714/* #define CTL_DSC_CPHR (cipher) */ 715#define CTL_DSC_CPHR_BYPASS 0 /* undefined */ 716#define CTL_DSC_CPHR_DES 1 717#define CTL_DSC_CPHR_3DES 2 718#define CTL_DSC_CPHR_AES128 3 719#define CTL_DSC_CPHR_AES192 4 720#define CTL_DSC_CPHR_AES256 5 721#define CTL_DSC_CPHR_ARC4 6 722#define CTL_DSC_CPHR_KASUMI_F8 7 723#define CTL_DSC_CPHR_LSB 32 724#define CTL_DSC_CPHR_BITS THREE_BITS 725#define CTL_DSC_CPHR_MASK (CTL_DSC_CPHR_BITS << CTL_DSC_CPHR_LSB) 726 727/* #define CTL_DSC_MODE */ 728#define CTL_DSC_MODE_ECB 0 729#define CTL_DSC_MODE_CBC 1 730#define CTL_DSC_MODE_CFB 2 731#define CTL_DSC_MODE_OFB 3 732#define CTL_DSC_MODE_CTR 4 733#define CTL_DSC_MODE_F8 5 734#define CTL_DSC_MODE_LSB 29 735#define CTL_DSC_MODE_BITS THREE_BITS 736#define CTL_DSC_MODE_MASK (CTL_DSC_MODE_BITS << CTL_DSC_MODE_LSB) 737 738/* #define CTL_DSC_ICPHR */ 739#define CTL_DSC_ICPHR_OKY 0 /* Old Keys */ 740#define CTL_DSC_ICPHR_NKY 1 /* New Keys */ 741#define CTL_DSC_ICPHR_LSB 28 742#define CTL_DSC_ICPHR_BITS ONE_BIT 743#define CTL_DSC_ICPHR_MASK (CTL_DSC_ICPHR_BITS << CTL_DSC_ICPHR_LSB) 744 745/* #define CTL_DSC_HASHHI */ 746#define CTL_DSC_HASHHI_LSB 24 747#define CTL_DSC_HASHHI_BITS ONE_BIT 748#define CTL_DSC_HASHHI_MASK (CTL_DSC_HASHHI_BITS << CTL_DSC_HASHHI_LSB) 749 750/* #define CTL_DSC_HMAC */ 751#define CTL_DSC_HMAC_OFF 0 752#define CTL_DSC_HMAC_ON 1 753#define CTL_DSC_HMAC_LSB 23 754#define CTL_DSC_HMAC_BITS ONE_BIT 755#define CTL_DSC_HMAC_MASK (CTL_DSC_HMAC_BITS << CTL_DSC_HMAC_LSB) 756 757/* #define CTL_DSC_HASH */ 758#define CTL_DSC_HASH_NOP 0 759#define CTL_DSC_HASH_MD5 1 760#define CTL_DSC_HASH_SHA1 2 761#define CTL_DSC_HASH_SHA256 3 762#define CTL_DSC_HASH_SHA384 4 763#define CTL_DSC_HASH_SHA512 5 764#define CTL_DSC_HASH_GCM 6 765#define CTL_DSC_HASH_KASUMI_F9 7 766#define CTL_DSC_HASH_LSB 21 767#define CTL_DSC_HASH_BITS TWO_BITS 768#define CTL_DSC_HASH_MASK (CTL_DSC_HASH_BITS << CTL_DSC_HASH_LSB) 769 770/* #define CTL_DSC_IHASH */ 771#define CTL_DSC_IHASH_OLD 0 772#define CTL_DSC_IHASH_NEW 1 773#define CTL_DSC_IHASH_LSB 20 774#define CTL_DSC_IHASH_BITS ONE_BIT 775#define CTL_DSC_IHASH_MASK (CTL_DSC_IHASH_BITS << CTL_DSC_IHASH_LSB) 776 777/* #define CTL_DSC_CKSUM */ 778#define CTL_DSC_CKSUM_NOP 0 779#define CTL_DSC_CKSUM_IP 1 780#define CTL_DSC_CKSUM_LSB 16 781#define CTL_DSC_CKSUM_BITS ONE_BIT 782#define CTL_DSC_CKSUM_MASK (CTL_DSC_CKSUM_BITS << CTL_DSC_CKSUM_LSB) 783 784 785/* 786 * Component strcts and unions defining CipherHashInfo_u 787 */ 788 789/* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ 790typedef struct AES256HMAC_s { 791 uint64_t cipherKey0; 792 uint64_t cipherKey1; 793 uint64_t cipherKey2; 794 uint64_t cipherKey3; 795 uint64_t hmacKey0; 796 uint64_t hmacKey1; 797 uint64_t hmacKey2; 798 uint64_t hmacKey3; 799 uint64_t hmacKey4; 800 uint64_t hmacKey5; 801 uint64_t hmacKey6; 802 uint64_t hmacKey7; 803} AES256HMAC_t, *AES256HMAC_pt; 804 805/* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 160 bytes */ 806typedef struct AES256HMAC2_s { 807 uint64_t cipherKey0; 808 uint64_t cipherKey1; 809 uint64_t cipherKey2; 810 uint64_t cipherKey3; 811 uint64_t hmacKey0; 812 uint64_t hmacKey1; 813 uint64_t hmacKey2; 814 uint64_t hmacKey3; 815 uint64_t hmacKey4; 816 uint64_t hmacKey5; 817 uint64_t hmacKey6; 818 uint64_t hmacKey7; 819 uint64_t hmacKey8; 820 uint64_t hmacKey9; 821 uint64_t hmacKey10; 822 uint64_t hmacKey11; 823 uint64_t hmacKey12; 824 uint64_t hmacKey13; 825 uint64_t hmacKey14; 826 uint64_t hmacKey15; 827} AES256HMAC2_t, *AES256HMAC2_pt; 828 829/* AES256, (ECB, CBC, OFB, CTR, CFB), GCM - 56 bytes */ 830typedef struct AES256GCM_s { 831 uint64_t cipherKey0; 832 uint64_t cipherKey1; 833 uint64_t cipherKey2; 834 uint64_t cipherKey3; 835 uint64_t GCMH0; 836 uint64_t GCMH1; 837 uint64_t GCMSCI; 838} AES256GCM_t, *AES256GCM_pt; 839 840/* AES256, (ECB, CBC, OFB, CTR, CFB), F9 - 56 bytes */ 841typedef struct AES256F9_s { 842 uint64_t cipherKey0; 843 uint64_t cipherKey1; 844 uint64_t cipherKey2; 845 uint64_t cipherKey3; 846 uint64_t authKey0; 847 uint64_t authKey1; 848} AES256F9_t, *AES256F9_pt; 849 850/* AES256, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ 851typedef struct AES256_s { 852 uint64_t cipherKey0; 853 uint64_t cipherKey1; 854 uint64_t cipherKey2; 855 uint64_t cipherKey3; 856} AES256_t, *AES256_pt; 857 858 859/* All AES192 possibilities */ 860 861/* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-192) - 88 bytes */ 862typedef struct AES192HMAC_s { 863 uint64_t cipherKey0; 864 uint64_t cipherKey1; 865 uint64_t cipherKey2; 866 uint64_t hmacKey0; 867 uint64_t hmacKey1; 868 uint64_t hmacKey2; 869 uint64_t hmacKey3; 870 uint64_t hmacKey4; 871 uint64_t hmacKey5; 872 uint64_t hmacKey6; 873 uint64_t hmacKey7; 874} AES192HMAC_t, *AES192HMAC_pt; 875 876/* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 152 bytes */ 877typedef struct AES192HMAC2_s { 878 uint64_t cipherKey0; 879 uint64_t cipherKey1; 880 uint64_t cipherKey2; 881 uint64_t hmacKey0; 882 uint64_t hmacKey1; 883 uint64_t hmacKey2; 884 uint64_t hmacKey3; 885 uint64_t hmacKey4; 886 uint64_t hmacKey5; 887 uint64_t hmacKey6; 888 uint64_t hmacKey7; 889 uint64_t hmacKey8; 890 uint64_t hmacKey9; 891 uint64_t hmacKey10; 892 uint64_t hmacKey11; 893 uint64_t hmacKey12; 894 uint64_t hmacKey13; 895 uint64_t hmacKey14; 896 uint64_t hmacKey15; 897} AES192HMAC2_t, *AES192HMAC2_pt; 898 899/* AES192, (ECB, CBC, OFB, CTR, CFB), GCM - 48 bytes */ 900typedef struct AES192GCM_s { 901 uint64_t cipherKey0; 902 uint64_t cipherKey1; 903 uint64_t cipherKey2; 904 uint64_t GCMH0; 905 uint64_t GCMH1; 906 uint64_t GCMSCI; 907} AES192GCM_t, *AES192GCM_pt; 908 909/* AES192, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */ 910typedef struct AES192F9_s { 911 uint64_t cipherKey0; 912 uint64_t cipherKey1; 913 uint64_t cipherKey2; 914 uint64_t authKey0; 915 uint64_t authKey1; 916} AES192F9_t, *AES192F9_pt; 917 918/* AES192, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-192) - 24 bytes */ 919typedef struct AES192_s { 920 uint64_t cipherKey0; 921 uint64_t cipherKey1; 922 uint64_t cipherKey2; 923} AES192_t, *AES192_pt; 924 925 926/* All AES128 possibilities */ 927 928/* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-128) - 80 bytes */ 929typedef struct AES128HMAC_s { 930 uint64_t cipherKey0; 931 uint64_t cipherKey1; 932 uint64_t hmacKey0; 933 uint64_t hmacKey1; 934 uint64_t hmacKey2; 935 uint64_t hmacKey3; 936 uint64_t hmacKey4; 937 uint64_t hmacKey5; 938 uint64_t hmacKey6; 939 uint64_t hmacKey7; 940} AES128HMAC_t, *AES128HMAC_pt; 941 942/* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-612) - 144 bytes */ 943typedef struct AES128HMAC2_s { 944 uint64_t cipherKey0; 945 uint64_t cipherKey1; 946 uint64_t hmacKey0; 947 uint64_t hmacKey1; 948 uint64_t hmacKey2; 949 uint64_t hmacKey3; 950 uint64_t hmacKey4; 951 uint64_t hmacKey5; 952 uint64_t hmacKey6; 953 uint64_t hmacKey7; 954 uint64_t hmacKey8; 955 uint64_t hmacKey9; 956 uint64_t hmacKey10; 957 uint64_t hmacKey11; 958 uint64_t hmacKey12; 959 uint64_t hmacKey13; 960 uint64_t hmacKey14; 961 uint64_t hmacKey15; 962} AES128HMAC2_t, *AES128HMAC2_pt; 963 964/* AES128, (ECB, CBC, OFB, CTR, CFB), GCM - 40 bytes */ 965typedef struct AES128GCM_s { 966 uint64_t cipherKey0; 967 uint64_t cipherKey1; 968 uint64_t GCMH0; 969 uint64_t GCMH1; 970 uint64_t GCMSCI; 971} AES128GCM_t, *AES128GCM_pt; 972 973/* AES128, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */ 974typedef struct AES128F9_s { 975 uint64_t cipherKey0; 976 uint64_t cipherKey1; 977 uint64_t authKey0; 978 uint64_t authKey1; 979} AES128F9_t, *AES128F9_pt; 980 981/* AES128, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-128) - 16 bytes */ 982typedef struct AES128_s { 983 uint64_t cipherKey0; 984 uint64_t cipherKey1; 985} AES128_t, *AES128_pt; 986 987/* AES128, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ 988typedef struct AES128F8_s { 989 uint64_t cipherKey0; 990 uint64_t cipherKey1; 991 uint64_t cipherKeyMask0; 992 uint64_t cipherKeyMask1; 993} AES128F8_t, *AES128F8_pt; 994 995/* AES128, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ 996typedef struct AES128F8HMAC_s { 997 uint64_t cipherKey0; 998 uint64_t cipherKey1; 999 uint64_t cipherKeyMask0; 1000 uint64_t cipherKeyMask1; 1001 uint64_t hmacKey0; 1002 uint64_t hmacKey1; 1003 uint64_t hmacKey2; 1004 uint64_t hmacKey3; 1005 uint64_t hmacKey4; 1006 uint64_t hmacKey5; 1007 uint64_t hmacKey6; 1008 uint64_t hmacKey7; 1009} AES128F8HMAC_t, *AES128F8HMAC_pt; 1010 1011/* AES128, (OFB F8), HMAC (SHA-384, SHA-512) - 160 bytes */ 1012typedef struct AES128F8HMAC2_s { 1013 uint64_t cipherKey0; 1014 uint64_t cipherKey1; 1015 uint64_t cipherKeyMask0; 1016 uint64_t cipherKeyMask1; 1017 uint64_t hmacKey0; 1018 uint64_t hmacKey1; 1019 uint64_t hmacKey2; 1020 uint64_t hmacKey3; 1021 uint64_t hmacKey4; 1022 uint64_t hmacKey5; 1023 uint64_t hmacKey6; 1024 uint64_t hmacKey7; 1025 uint64_t hmacKey8; 1026 uint64_t hmacKey9; 1027 uint64_t hmacKey10; 1028 uint64_t hmacKey11; 1029 uint64_t hmacKey12; 1030 uint64_t hmacKey13; 1031 uint64_t hmacKey14; 1032 uint64_t hmacKey15; 1033} AES128F8HMAC2_t, *AES128F8HMAC2_pt; 1034 1035/* AES192, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 48 bytes */ 1036typedef struct AES192F8_s { 1037 uint64_t cipherKey0; 1038 uint64_t cipherKey1; 1039 uint64_t cipherKey2; 1040 uint64_t cipherKeyMask0; 1041 uint64_t cipherKeyMask1; 1042 uint64_t cipherKeyMask2; 1043} AES192F8_t, *AES192F8_pt; 1044 1045/* AES192, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 112 bytes */ 1046typedef struct AES192F8HMAC_s { 1047 uint64_t cipherKey0; 1048 uint64_t cipherKey1; 1049 uint64_t cipherKey2; 1050 uint64_t cipherKeyMask0; 1051 uint64_t cipherKeyMask1; 1052 uint64_t cipherKeyMask2; 1053 uint64_t hmacKey0; 1054 uint64_t hmacKey1; 1055 uint64_t hmacKey2; 1056 uint64_t hmacKey3; 1057 uint64_t hmacKey4; 1058 uint64_t hmacKey5; 1059 uint64_t hmacKey6; 1060 uint64_t hmacKey7; 1061} AES192F8HMAC_t, *AES192F8HMAC_pt; 1062 1063/* AES192, (OFB F8), HMAC (SHA-384, SHA-512) - 176 bytes */ 1064typedef struct AES192F8HMAC2_s { 1065 uint64_t cipherKey0; 1066 uint64_t cipherKey1; 1067 uint64_t cipherKey2; 1068 uint64_t cipherKeyMask0; 1069 uint64_t cipherKeyMask1; 1070 uint64_t cipherKeyMask2; 1071 uint64_t hmacKey0; 1072 uint64_t hmacKey1; 1073 uint64_t hmacKey2; 1074 uint64_t hmacKey3; 1075 uint64_t hmacKey4; 1076 uint64_t hmacKey5; 1077 uint64_t hmacKey6; 1078 uint64_t hmacKey7; 1079 uint64_t hmacKey8; 1080 uint64_t hmacKey9; 1081 uint64_t hmacKey10; 1082 uint64_t hmacKey11; 1083 uint64_t hmacKey12; 1084 uint64_t hmacKey13; 1085 uint64_t hmacKey14; 1086 uint64_t hmacKey15; 1087} AES192F8HMAC2_t, *AES192F8HMAC2_pt; 1088 1089/* AES256, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 64 bytes */ 1090typedef struct AES256F8_s { 1091 uint64_t cipherKey0; 1092 uint64_t cipherKey1; 1093 uint64_t cipherKey2; 1094 uint64_t cipherKey3; 1095 uint64_t cipherKeyMask0; 1096 uint64_t cipherKeyMask1; 1097 uint64_t cipherKeyMask2; 1098 uint64_t cipherKeyMask3; 1099} AES256F8_t, *AES256F8_pt; 1100 1101/* AES256, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 128 bytes */ 1102typedef struct AES256F8HMAC_s { 1103 uint64_t cipherKey0; 1104 uint64_t cipherKey1; 1105 uint64_t cipherKey2; 1106 uint64_t cipherKey3; 1107 uint64_t cipherKeyMask0; 1108 uint64_t cipherKeyMask1; 1109 uint64_t cipherKeyMask2; 1110 uint64_t cipherKeyMask3; 1111 uint64_t hmacKey0; 1112 uint64_t hmacKey1; 1113 uint64_t hmacKey2; 1114 uint64_t hmacKey3; 1115 uint64_t hmacKey4; 1116 uint64_t hmacKey5; 1117 uint64_t hmacKey6; 1118 uint64_t hmacKey7; 1119} AES256F8HMAC_t, *AES256F8HMAC_pt; 1120 1121/* AES256, (OFB F8), HMAC (SHA-384, SHA-512) - 192 bytes */ 1122typedef struct AES256F8HMAC2_s { 1123 uint64_t cipherKey0; 1124 uint64_t cipherKey1; 1125 uint64_t cipherKey2; 1126 uint64_t cipherKey3; 1127 uint64_t cipherKeyMask0; 1128 uint64_t cipherKeyMask1; 1129 uint64_t cipherKeyMask2; 1130 uint64_t cipherKeyMask3; 1131 uint64_t hmacKey0; 1132 uint64_t hmacKey1; 1133 uint64_t hmacKey2; 1134 uint64_t hmacKey3; 1135 uint64_t hmacKey4; 1136 uint64_t hmacKey5; 1137 uint64_t hmacKey6; 1138 uint64_t hmacKey7; 1139 uint64_t hmacKey8; 1140 uint64_t hmacKey9; 1141 uint64_t hmacKey10; 1142 uint64_t hmacKey11; 1143 uint64_t hmacKey12; 1144 uint64_t hmacKey13; 1145 uint64_t hmacKey14; 1146 uint64_t hmacKey15; 1147} AES256F8HMAC2_t, *AES256F8HMAC2_pt; 1148 1149/* AES256, (F8), GCM - 40 bytes */ 1150typedef struct AES128F8GCM_s { 1151 uint64_t cipherKey0; 1152 uint64_t cipherKey2; 1153 uint64_t GCMH0; 1154 uint64_t GCMH1; 1155 uint64_t GCMSCI; 1156} AES128F8GCM_t, *AES128F8GCM_pt; 1157 1158/* AES256, (F8), GCM - 48 bytes */ 1159typedef struct AES192F8GCM_s { 1160 uint64_t cipherKey0; 1161 uint64_t cipherKey1; 1162 uint64_t cipherKey2; 1163 uint64_t GCMH0; 1164 uint64_t GCMH1; 1165 uint64_t GCMSCI; 1166} AES192F8GCM_t, *AES192F8GCM_pt; 1167 1168/* AES256, (F8), GCM - 56 bytes */ 1169typedef struct AES256F8GCM_s { 1170 uint64_t cipherKey0; 1171 uint64_t cipherKey1; 1172 uint64_t cipherKey2; 1173 uint64_t cipherKey3; 1174 uint64_t GCMH0; 1175 uint64_t GCMH1; 1176 uint64_t GCMSCI; 1177} AES256F8GCM_t, *AES256F8GCM_pt; 1178 1179/* AES256, (F8), F9 - 40 bytes */ 1180typedef struct AES128F8F9_s { 1181 uint64_t cipherKey0; 1182 uint64_t cipherKey2; 1183 uint64_t authKey0; 1184 uint64_t authKey1; 1185} AES128F8F9_t, *AES128F8F9_pt; 1186 1187/* AES256, (F8), F9 - 48 bytes */ 1188typedef struct AES192F8F9_s { 1189 uint64_t cipherKey0; 1190 uint64_t cipherKey1; 1191 uint64_t cipherKey2; 1192 uint64_t authKey0; 1193 uint64_t authKey1; 1194} AES192F8F9_t, *AES192F8F9_pt; 1195 1196/* AES256F8, (F8), F9 - 56 bytes */ 1197typedef struct AES256F8F9_s { 1198 uint64_t cipherKey0; 1199 uint64_t cipherKey1; 1200 uint64_t cipherKey2; 1201 uint64_t cipherKey3; 1202 uint64_t authKey0; 1203 uint64_t authKey1; 1204} AES256F8F9_t, *AES256F8F9_pt; 1205 1206/* All DES possibilities */ 1207 1208/* DES, (ECB, CBC), HMAC (MD5, SHA-1, SHA-128) - 72 bytes */ 1209typedef struct DESHMAC_s { 1210 uint64_t cipherKey0; 1211 uint64_t hmacKey0; 1212 uint64_t hmacKey1; 1213 uint64_t hmacKey2; 1214 uint64_t hmacKey3; 1215 uint64_t hmacKey4; 1216 uint64_t hmacKey5; 1217 uint64_t hmacKey6; 1218 uint64_t hmacKey7; 1219} DESHMAC_t, *DESHMAC_pt; 1220 1221/* DES, (ECB, CBC), HMAC (SHA-384, SHA-512) - 136 bytes */ 1222typedef struct DESHMAC2_s { 1223 uint64_t cipherKey0; 1224 uint64_t hmacKey0; 1225 uint64_t hmacKey1; 1226 uint64_t hmacKey2; 1227 uint64_t hmacKey3; 1228 uint64_t hmacKey4; 1229 uint64_t hmacKey5; 1230 uint64_t hmacKey6; 1231 uint64_t hmacKey7; 1232 uint64_t hmacKey8; 1233 uint64_t hmacKey9; 1234 uint64_t hmacKey10; 1235 uint64_t hmacKey11; 1236 uint64_t hmacKey12; 1237 uint64_t hmacKey13; 1238 uint64_t hmacKey14; 1239 uint64_t hmacKey15; 1240} DESHMAC2_t, *DESHMAC2_pt; 1241 1242/* DES, (ECB, CBC), GCM - 32 bytes */ 1243typedef struct DESGCM_s { 1244 uint64_t cipherKey0; 1245 uint64_t GCMH0; 1246 uint64_t GCMH1; 1247 uint64_t GCMSCI; 1248} DESGCM_t, *DESGCM_pt; 1249 1250/* DES, (ECB, CBC), F9 - 32 bytes */ 1251typedef struct DESF9_s { 1252 uint64_t cipherKey0; 1253 uint64_t authKey0; 1254 uint64_t authKey1; 1255} DESF9_t, *DESF9_pt; 1256 1257/* DES, (ECB, CBC), Non-HMAC (MD5, SHA-1, SHA-128) - 9 bytes */ 1258typedef struct DES_s { 1259 uint64_t cipherKey0; 1260} DES_t, *DES_pt; 1261 1262 1263/* All 3DES possibilities */ 1264 1265/* 3DES, (ECB, CBC), HMAC (MD5, SHA-1, SHA-128) - 88 bytes */ 1266typedef struct DES3HMAC_s { 1267 uint64_t cipherKey0; 1268 uint64_t cipherKey1; 1269 uint64_t cipherKey2; 1270 uint64_t hmacKey0; 1271 uint64_t hmacKey1; 1272 uint64_t hmacKey2; 1273 uint64_t hmacKey3; 1274 uint64_t hmacKey4; 1275 uint64_t hmacKey5; 1276 uint64_t hmacKey6; 1277 uint64_t hmacKey7; 1278} DES3HMAC_t, *DES3HMAC_pt; 1279 1280/* 3DES, (ECB, CBC), HMAC (SHA-384, SHA-512) - 152 bytes */ 1281typedef struct DES3HMAC2_s { 1282 uint64_t cipherKey0; 1283 uint64_t cipherKey1; 1284 uint64_t cipherKey2; 1285 uint64_t hmacKey0; 1286 uint64_t hmacKey1; 1287 uint64_t hmacKey2; 1288 uint64_t hmacKey3; 1289 uint64_t hmacKey4; 1290 uint64_t hmacKey5; 1291 uint64_t hmacKey6; 1292 uint64_t hmacKey7; 1293 uint64_t hmacKey8; 1294 uint64_t hmacKey9; 1295 uint64_t hmacKey10; 1296 uint64_t hmacKey11; 1297 uint64_t hmacKey12; 1298 uint64_t hmacKey13; 1299 uint64_t hmacKey14; 1300 uint64_t hmacKey15; 1301} DES3HMAC2_t, *DES3HMAC2_pt; 1302 1303/* 3DES, (ECB, CBC), GCM - 48 bytes */ 1304typedef struct DES3GCM_s { 1305 uint64_t cipherKey0; 1306 uint64_t cipherKey1; 1307 uint64_t cipherKey2; 1308 uint64_t GCMH0; 1309 uint64_t GCMH1; 1310 uint64_t GCMSCI; 1311} DES3GCM_t, *DES3GCM_pt; 1312 1313/* 3DES, (ECB, CBC), GCM - 48 bytes */ 1314typedef struct DES3F9_s { 1315 uint64_t cipherKey0; 1316 uint64_t cipherKey1; 1317 uint64_t cipherKey2; 1318 uint64_t authKey0; 1319 uint64_t authKey1; 1320} DES3F9_t, *DES3F9_pt; 1321 1322/* 3DES, (ECB, CBC), Non-HMAC (MD5, SHA-1, SHA-128) - 24 bytes */ 1323typedef struct DES3_s { 1324 uint64_t cipherKey0; 1325 uint64_t cipherKey1; 1326 uint64_t cipherKey2; 1327} DES3_t, *DES3_pt; 1328 1329 1330/* HMAC only - no cipher */ 1331 1332/* HMAC (MD5, SHA-1, SHA-128) - 64 bytes */ 1333typedef struct HMAC_s { 1334 uint64_t hmacKey0; 1335 uint64_t hmacKey1; 1336 uint64_t hmacKey2; 1337 uint64_t hmacKey3; 1338 uint64_t hmacKey4; 1339 uint64_t hmacKey5; 1340 uint64_t hmacKey6; 1341 uint64_t hmacKey7; 1342} HMAC_t, *HMAC_pt; 1343 1344/* HMAC (SHA-384, SHA-512) - 128 bytes */ 1345typedef struct HMAC2_s { 1346 uint64_t hmacKey0; 1347 uint64_t hmacKey1; 1348 uint64_t hmacKey2; 1349 uint64_t hmacKey3; 1350 uint64_t hmacKey4; 1351 uint64_t hmacKey5; 1352 uint64_t hmacKey6; 1353 uint64_t hmacKey7; 1354 uint64_t hmacKey8; 1355 uint64_t hmacKey9; 1356 uint64_t hmacKey10; 1357 uint64_t hmacKey11; 1358 uint64_t hmacKey12; 1359 uint64_t hmacKey13; 1360 uint64_t hmacKey14; 1361 uint64_t hmacKey15; 1362} HMAC2_t, *HMAC2_pt; 1363 1364/* GCM - 24 bytes */ 1365typedef struct GCM_s { 1366 uint64_t GCMH0; 1367 uint64_t GCMH1; 1368 uint64_t GCMSCI; 1369} GCM_t, *GCM_pt; 1370 1371/* F9 - 24 bytes */ 1372typedef struct F9_s { 1373 uint64_t authKey0; 1374 uint64_t authKey1; 1375} F9_t, *F9_pt; 1376 1377/* All ARC4 possibilities */ 1378/* ARC4, HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ 1379typedef struct ARC4HMAC_s { 1380 uint64_t cipherKey0; 1381 uint64_t cipherKey1; 1382 uint64_t cipherKey2; 1383 uint64_t cipherKey3; 1384 uint64_t hmacKey0; 1385 uint64_t hmacKey1; 1386 uint64_t hmacKey2; 1387 uint64_t hmacKey3; 1388 uint64_t hmacKey4; 1389 uint64_t hmacKey5; 1390 uint64_t hmacKey6; 1391 uint64_t hmacKey7; 1392} ARC4HMAC_t, *ARC4HMAC_pt; 1393 1394/* ARC4, HMAC (SHA-384, SHA-512) - 160 bytes */ 1395typedef struct ARC4HMAC2_s { 1396 uint64_t cipherKey0; 1397 uint64_t cipherKey1; 1398 uint64_t cipherKey2; 1399 uint64_t cipherKey3; 1400 uint64_t hmacKey0; 1401 uint64_t hmacKey1; 1402 uint64_t hmacKey2; 1403 uint64_t hmacKey3; 1404 uint64_t hmacKey4; 1405 uint64_t hmacKey5; 1406 uint64_t hmacKey6; 1407 uint64_t hmacKey7; 1408 uint64_t hmacKey8; 1409 uint64_t hmacKey9; 1410 uint64_t hmacKey10; 1411 uint64_t hmacKey11; 1412 uint64_t hmacKey12; 1413 uint64_t hmacKey13; 1414 uint64_t hmacKey14; 1415 uint64_t hmacKey15; 1416} ARC4HMAC2_t, *ARC4HMAC2_pt; 1417 1418/* ARC4, GCM - 56 bytes */ 1419typedef struct ARC4GCM_s { 1420 uint64_t cipherKey0; 1421 uint64_t cipherKey1; 1422 uint64_t cipherKey2; 1423 uint64_t cipherKey3; 1424 uint64_t GCMH0; 1425 uint64_t GCMH1; 1426 uint64_t GCMSCI; 1427} ARC4GCM_t, *ARC4GCM_pt; 1428 1429/* ARC4, F9 - 56 bytes */ 1430typedef struct ARC4F9_s { 1431 uint64_t cipherKey0; 1432 uint64_t cipherKey1; 1433 uint64_t cipherKey2; 1434 uint64_t cipherKey3; 1435 uint64_t authKey0; 1436 uint64_t authKey1; 1437} ARC4F9_t, *ARC4F9_pt; 1438 1439/* ARC4, HMAC (MD5, SHA-1, SHA-256) - 408 bytes (not including 8 bytes from instruction) */ 1440typedef struct ARC4StateHMAC_s { 1441 uint64_t cipherKey0; 1442 uint64_t cipherKey1; 1443 uint64_t cipherKey2; 1444 uint64_t cipherKey3; 1445 uint64_t hmacKey0; 1446 uint64_t hmacKey1; 1447 uint64_t hmacKey2; 1448 uint64_t hmacKey3; 1449 uint64_t hmacKey4; 1450 uint64_t hmacKey5; 1451 uint64_t hmacKey6; 1452 uint64_t hmacKey7; 1453 uint64_t PAD0; 1454 uint64_t PAD1; 1455 uint64_t PAD2; 1456 uint64_t Arc4SboxData0; 1457 uint64_t Arc4SboxData1; 1458 uint64_t Arc4SboxData2; 1459 uint64_t Arc4SboxData3; 1460 uint64_t Arc4SboxData4; 1461 uint64_t Arc4SboxData5; 1462 uint64_t Arc4SboxData6; 1463 uint64_t Arc4SboxData7; 1464 uint64_t Arc4SboxData8; 1465 uint64_t Arc4SboxData9; 1466 uint64_t Arc4SboxData10; 1467 uint64_t Arc4SboxData11; 1468 uint64_t Arc4SboxData12; 1469 uint64_t Arc4SboxData13; 1470 uint64_t Arc4SboxData14; 1471 uint64_t Arc4SboxData15; 1472 uint64_t Arc4SboxData16; 1473 uint64_t Arc4SboxData17; 1474 uint64_t Arc4SboxData18; 1475 uint64_t Arc4SboxData19; 1476 uint64_t Arc4SboxData20; 1477 uint64_t Arc4SboxData21; 1478 uint64_t Arc4SboxData22; 1479 uint64_t Arc4SboxData23; 1480 uint64_t Arc4SboxData24; 1481 uint64_t Arc4SboxData25; 1482 uint64_t Arc4SboxData26; 1483 uint64_t Arc4SboxData27; 1484 uint64_t Arc4SboxData28; 1485 uint64_t Arc4SboxData29; 1486 uint64_t Arc4SboxData30; 1487 uint64_t Arc4SboxData31; 1488 uint64_t Arc4IJData; 1489 uint64_t PAD3; 1490 uint64_t PAD4; 1491 uint64_t PAD5; 1492} ARC4StateHMAC_t, *ARC4StateHMAC_pt; 1493 1494/* ARC4, HMAC (SHA-384, SHA-512) - 480 bytes (not including 8 bytes from instruction) */ 1495typedef struct ARC4StateHMAC2_s { 1496 uint64_t cipherKey0; 1497 uint64_t cipherKey1; 1498 uint64_t cipherKey2; 1499 uint64_t cipherKey3; 1500 uint64_t hmacKey0; 1501 uint64_t hmacKey1; 1502 uint64_t hmacKey2; 1503 uint64_t hmacKey3; 1504 uint64_t hmacKey4; 1505 uint64_t hmacKey5; 1506 uint64_t hmacKey6; 1507 uint64_t hmacKey7; 1508 uint64_t hmacKey8; 1509 uint64_t hmacKey9; 1510 uint64_t hmacKey10; 1511 uint64_t hmacKey11; 1512 uint64_t hmacKey12; 1513 uint64_t hmacKey13; 1514 uint64_t hmacKey14; 1515 uint64_t hmacKey15; 1516 uint64_t PAD0; 1517 uint64_t PAD1; 1518 uint64_t PAD2; 1519 uint64_t Arc4SboxData0; 1520 uint64_t Arc4SboxData1; 1521 uint64_t Arc4SboxData2; 1522 uint64_t Arc4SboxData3; 1523 uint64_t Arc4SboxData4; 1524 uint64_t Arc4SboxData5; 1525 uint64_t Arc4SboxData6; 1526 uint64_t Arc4SboxData7; 1527 uint64_t Arc4SboxData8; 1528 uint64_t Arc4SboxData9; 1529 uint64_t Arc4SboxData10; 1530 uint64_t Arc4SboxData11; 1531 uint64_t Arc4SboxData12; 1532 uint64_t Arc4SboxData13; 1533 uint64_t Arc4SboxData14; 1534 uint64_t Arc4SboxData15; 1535 uint64_t Arc4SboxData16; 1536 uint64_t Arc4SboxData17; 1537 uint64_t Arc4SboxData18; 1538 uint64_t Arc4SboxData19; 1539 uint64_t Arc4SboxData20; 1540 uint64_t Arc4SboxData21; 1541 uint64_t Arc4SboxData22; 1542 uint64_t Arc4SboxData23; 1543 uint64_t Arc4SboxData24; 1544 uint64_t Arc4SboxData25; 1545 uint64_t Arc4SboxData26; 1546 uint64_t Arc4SboxData27; 1547 uint64_t Arc4SboxData28; 1548 uint64_t Arc4SboxData29; 1549 uint64_t Arc4SboxData30; 1550 uint64_t Arc4SboxData31; 1551 uint64_t Arc4IJData; 1552 uint64_t PAD3; 1553 uint64_t PAD4; 1554 uint64_t PAD5; 1555} ARC4StateHMAC2_t, *ARC4StateHMAC2_pt; 1556 1557/* ARC4, GCM - 408 bytes (not including 8 bytes from instruction) */ 1558typedef struct ARC4StateGCM_s { 1559 uint64_t cipherKey0; 1560 uint64_t cipherKey1; 1561 uint64_t cipherKey2; 1562 uint64_t cipherKey3; 1563 uint64_t GCMH0; 1564 uint64_t GCMH1; 1565 uint64_t GCMSCI; 1566 uint64_t PAD0; 1567 uint64_t PAD1; 1568 uint64_t PAD2; 1569 uint64_t PAD3; 1570 uint64_t PAD4; 1571 uint64_t PAD5; 1572 uint64_t PAD6; 1573 uint64_t PAD7; 1574 uint64_t Arc4SboxData0; 1575 uint64_t Arc4SboxData1; 1576 uint64_t Arc4SboxData2; 1577 uint64_t Arc4SboxData3; 1578 uint64_t Arc4SboxData4; 1579 uint64_t Arc4SboxData5; 1580 uint64_t Arc4SboxData6; 1581 uint64_t Arc4SboxData7; 1582 uint64_t Arc4SboxData8; 1583 uint64_t Arc4SboxData9; 1584 uint64_t Arc4SboxData10; 1585 uint64_t Arc4SboxData11; 1586 uint64_t Arc4SboxData12; 1587 uint64_t Arc4SboxData13; 1588 uint64_t Arc4SboxData14; 1589 uint64_t Arc4SboxData15; 1590 uint64_t Arc4SboxData16; 1591 uint64_t Arc4SboxData17; 1592 uint64_t Arc4SboxData18; 1593 uint64_t Arc4SboxData19; 1594 uint64_t Arc4SboxData20; 1595 uint64_t Arc4SboxData21; 1596 uint64_t Arc4SboxData22; 1597 uint64_t Arc4SboxData23; 1598 uint64_t Arc4SboxData24; 1599 uint64_t Arc4SboxData25; 1600 uint64_t Arc4SboxData26; 1601 uint64_t Arc4SboxData27; 1602 uint64_t Arc4SboxData28; 1603 uint64_t Arc4SboxData29; 1604 uint64_t Arc4SboxData30; 1605 uint64_t Arc4SboxData31; 1606 uint64_t Arc4IJData; 1607 uint64_t PAD8; 1608 uint64_t PAD9; 1609 uint64_t PAD10; 1610} ARC4StateGCM_t, *ARC4StateGCM_pt; 1611 1612/* ARC4, F9 - 408 bytes (not including 8 bytes from instruction) */ 1613typedef struct ARC4StateF9_s { 1614 uint64_t cipherKey0; 1615 uint64_t cipherKey1; 1616 uint64_t cipherKey2; 1617 uint64_t cipherKey3; 1618 uint64_t authKey0; 1619 uint64_t authKey1; 1620 uint64_t PAD0; 1621 uint64_t PAD1; 1622 uint64_t PAD2; 1623 uint64_t PAD3; 1624 uint64_t PAD4; 1625 uint64_t PAD5; 1626 uint64_t PAD6; 1627 uint64_t PAD7; 1628 uint64_t PAD8; 1629 uint64_t Arc4SboxData0; 1630 uint64_t Arc4SboxData1; 1631 uint64_t Arc4SboxData2; 1632 uint64_t Arc4SboxData3; 1633 uint64_t Arc4SboxData4; 1634 uint64_t Arc4SboxData5; 1635 uint64_t Arc4SboxData6; 1636 uint64_t Arc4SboxData7; 1637 uint64_t Arc4SboxData8; 1638 uint64_t Arc4SboxData9; 1639 uint64_t Arc4SboxData10; 1640 uint64_t Arc4SboxData11; 1641 uint64_t Arc4SboxData12; 1642 uint64_t Arc4SboxData13; 1643 uint64_t Arc4SboxData14; 1644 uint64_t Arc4SboxData15; 1645 uint64_t Arc4SboxData16; 1646 uint64_t Arc4SboxData17; 1647 uint64_t Arc4SboxData18; 1648 uint64_t Arc4SboxData19; 1649 uint64_t Arc4SboxData20; 1650 uint64_t Arc4SboxData21; 1651 uint64_t Arc4SboxData22; 1652 uint64_t Arc4SboxData23; 1653 uint64_t Arc4SboxData24; 1654 uint64_t Arc4SboxData25; 1655 uint64_t Arc4SboxData26; 1656 uint64_t Arc4SboxData27; 1657 uint64_t Arc4SboxData28; 1658 uint64_t Arc4SboxData29; 1659 uint64_t Arc4SboxData30; 1660 uint64_t Arc4SboxData31; 1661 uint64_t Arc4IJData; 1662 uint64_t PAD9; 1663 uint64_t PAD10; 1664 uint64_t PAD11; 1665} ARC4StateF9_t, *ARC4StateF9_pt; 1666 1667/* ARC4, Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ 1668typedef struct ARC4_s { 1669 uint64_t cipherKey0; 1670 uint64_t cipherKey1; 1671 uint64_t cipherKey2; 1672 uint64_t cipherKey3; 1673} ARC4_t, *ARC4_pt; 1674 1675/* ARC4, Non-HMAC (MD5, SHA-1, SHA-256) - 344 bytes (not including 8 bytes from instruction) */ 1676typedef struct ARC4State_s { 1677 uint64_t cipherKey0; 1678 uint64_t cipherKey1; 1679 uint64_t cipherKey2; 1680 uint64_t cipherKey3; 1681 uint64_t PAD0; 1682 uint64_t PAD1; 1683 uint64_t PAD2; 1684 uint64_t Arc4SboxData0; 1685 uint64_t Arc4SboxData1; 1686 uint64_t Arc4SboxData2; 1687 uint64_t Arc4SboxData3; 1688 uint64_t Arc4SboxData4; 1689 uint64_t Arc4SboxData5; 1690 uint64_t Arc4SboxData6; 1691 uint64_t Arc4SboxData7; 1692 uint64_t Arc4SboxData8; 1693 uint64_t Arc4SboxData9; 1694 uint64_t Arc4SboxData10; 1695 uint64_t Arc4SboxData11; 1696 uint64_t Arc4SboxData12; 1697 uint64_t Arc4SboxData13; 1698 uint64_t Arc4SboxData14; 1699 uint64_t Arc4SboxData15; 1700 uint64_t Arc4SboxData16; 1701 uint64_t Arc4SboxData17; 1702 uint64_t Arc4SboxData18; 1703 uint64_t Arc4SboxData19; 1704 uint64_t Arc4SboxData20; 1705 uint64_t Arc4SboxData21; 1706 uint64_t Arc4SboxData22; 1707 uint64_t Arc4SboxData23; 1708 uint64_t Arc4SboxData24; 1709 uint64_t Arc4SboxData25; 1710 uint64_t Arc4SboxData26; 1711 uint64_t Arc4SboxData27; 1712 uint64_t Arc4SboxData28; 1713 uint64_t Arc4SboxData29; 1714 uint64_t Arc4SboxData30; 1715 uint64_t Arc4SboxData31; 1716 uint64_t Arc4IJData; 1717 uint64_t PAD3; 1718 uint64_t PAD4; 1719 uint64_t PAD5; 1720} ARC4State_t, *ARC4State_pt; 1721 1722/* Kasumi f8 - 32 bytes */ 1723typedef struct KASUMIF8_s { 1724 uint64_t cipherKey0; 1725 uint64_t cipherKey1; 1726} KASUMIF8_t, *KASUMIF8_pt; 1727 1728/* Kasumi f8 + HMAC (MD5, SHA-1, SHA-256) - 80 bytes */ 1729typedef struct KASUMIF8HMAC_s { 1730 uint64_t cipherKey0; 1731 uint64_t cipherKey1; 1732 uint64_t hmacKey0; 1733 uint64_t hmacKey1; 1734 uint64_t hmacKey2; 1735 uint64_t hmacKey3; 1736 uint64_t hmacKey4; 1737 uint64_t hmacKey5; 1738 uint64_t hmacKey6; 1739 uint64_t hmacKey7; 1740} KASUMIF8HMAC_t, *KASUMIF8HMAC_pt; 1741 1742/* Kasumi f8 + HMAC (SHA-384, SHA-512) - 144 bytes */ 1743typedef struct KASUMIF8HMAC2_s { 1744 uint64_t cipherKey0; 1745 uint64_t cipherKey1; 1746 uint64_t hmacKey0; 1747 uint64_t hmacKey1; 1748 uint64_t hmacKey2; 1749 uint64_t hmacKey3; 1750 uint64_t hmacKey4; 1751 uint64_t hmacKey5; 1752 uint64_t hmacKey6; 1753 uint64_t hmacKey7; 1754 uint64_t hmacKey8; 1755 uint64_t hmacKey9; 1756 uint64_t hmacKey10; 1757 uint64_t hmacKey11; 1758 uint64_t hmacKey12; 1759 uint64_t hmacKey13; 1760 uint64_t hmacKey14; 1761 uint64_t hmacKey15; 1762} KASUMIF8HMAC2_t, *KASUMIF8HMAC2_pt; 1763 1764/* Kasumi f8 + GCM - 144 bytes */ 1765typedef struct KASUMIF8GCM_s { 1766 uint64_t cipherKey0; 1767 uint64_t cipherKey1; 1768 uint64_t GCMH0; 1769 uint64_t GCMH1; 1770 uint64_t GCMSCI; 1771} KASUMIF8GCM_t, *KASUMIF8GCM_pt; 1772 1773/* Kasumi f8 + f9 - 32 bytes */ 1774typedef struct KASUMIF8F9_s { 1775 uint64_t cipherKey0; 1776 uint64_t cipherKey1; 1777 uint64_t authKey0; 1778 uint64_t authKey1; 1779} KASUMIF8F9_t, *KASUMIF8F9_pt; 1780 1781typedef union CipherHashInfo_u { 1782 AES256HMAC_t infoAES256HMAC; 1783 AES256_t infoAES256; 1784 AES192HMAC_t infoAES192HMAC; 1785 AES192_t infoAES192; 1786 AES128HMAC_t infoAES128HMAC; 1787 AES128_t infoAES128; 1788 DESHMAC_t infoDESHMAC; 1789 DES_t infoDES; 1790 DES3HMAC_t info3DESHMAC; 1791 DES3_t info3DES; 1792 HMAC_t infoHMAC; 1793 /* ARC4 */ 1794 ARC4HMAC_t infoARC4HMAC; 1795 ARC4StateHMAC_t infoARC4StateHMAC; 1796 ARC4_t infoARC4; 1797 ARC4State_t infoARC4State; 1798 /* AES mode F8 */ 1799 AES256F8HMAC_t infoAES256F8HMAC; 1800 AES256F8_t infoAES256F8; 1801 AES192F8HMAC_t infoAES192F8HMAC; 1802 AES192F8_t infoAES192F8; 1803 AES128F8HMAC_t infoAES128F8HMAC; 1804 AES128F8_t infoAES128F8; 1805 /* KASUMI F8 */ 1806 KASUMIF8HMAC_t infoKASUMIF8HMAC; 1807 KASUMIF8_t infoKASUMIF8; 1808 /* GCM */ 1809 GCM_t infoGCM; 1810 AES256F8GCM_t infoAES256F8GCM; 1811 AES192F8GCM_t infoAES192F8GCM; 1812 AES128F8GCM_t infoAES128F8GCM; 1813 AES256GCM_t infoAES256GCM; 1814 AES192GCM_t infoAES192GCM; 1815 AES128GCM_t infoAES128GCM; 1816 DESGCM_t infoDESGCM; 1817 DES3GCM_t info3DESGCM; 1818 ARC4GCM_t infoARC4GCM; 1819 ARC4StateGCM_t infoARC4StateGCM; 1820 KASUMIF8GCM_t infoKASUMIF8GCM; 1821 /* HMAC2 */ 1822 HMAC2_t infoHMAC2; 1823 AES256F8HMAC2_t infoAES256F8HMAC2; 1824 AES192F8HMAC2_t infoAES192F8HMAC2; 1825 AES128F8HMAC2_t infoAES128F8HMAC2; 1826 AES256HMAC2_t infoAES256HMAC2; 1827 AES192HMAC2_t infoAES192HMAC2; 1828 AES128HMAC2_t infoAES128HMAC2; 1829 DESHMAC2_t infoDESHMAC2; 1830 DES3HMAC2_t info3DESHMAC2; 1831 ARC4HMAC2_t infoARC4HMAC2; 1832 ARC4StateHMAC2_t infoARC4StateHMAC2; 1833 KASUMIF8HMAC2_t infoKASUMIF8HMAC2; 1834 /* F9 */ 1835 F9_t infoF9; 1836 AES256F8F9_t infoAES256F8F9; 1837 AES192F8F9_t infoAES192F8F9; 1838 AES128F8F9_t infoAES128F8F9; 1839 AES256F9_t infoAES256F9; 1840 AES192F9_t infoAES192F9; 1841 AES128F9_t infoAES128F9; 1842 DESF9_t infoDESF9; 1843 DES3F9_t info3DESF9; 1844 ARC4F9_t infoARC4F9; 1845 ARC4StateF9_t infoARC4StateF9; 1846 KASUMIF8F9_t infoKASUMIF8F9; 1847} CipherHashInfo_t, *CipherHashInfo_pt; 1848 1849 1850/* 1851 * 1852 * ControlDescriptor_s datastructure 1853 * 1854 */ 1855 1856typedef struct ControlDescriptor_s { 1857 uint64_t instruction; 1858 CipherHashInfo_t cipherHashInfo; 1859} ControlDescriptor_t, *ControlDescriptor_pt; 1860 1861 1862 1863 1864/* ********************************************************************** 1865 * PacketDescriptor_t 1866 * ********************************************************************** 1867 */ 1868 1869/* /--------------------------------------------\ 1870 * | | 1871 * | New PacketDescriptor_s datastructure | 1872 * | | 1873 * \--------------------------------------------/ 1874 * 1875 * 1876 * 1877 * PacketDescriptor_t.srcLengthIVOffUseIVNext 1878 * ------------------------------------------ 1879 * 1880 * 63 62 61 59 58 57 56 54 53 43 1881 * ------------------------------------------------------------------------------------------------ 1882 * || Load HMAC key || Pad Hash || Hash Byte Count || Next || Use IV || IV Offset || Packet length || ... CONT ... 1883 * ------------------------------------------------------------------------------------------------ 1884 * 1 1 3 1 1 3 11 1885 * 1886 * 1887 * 42 41 40 39 5 4 3 2 1888 * 0 1889 * ---------------------------------------------------------------------------------------------------- 1890 * || NLHMAC || Break || Wait || Segment src address || SRTCP || Reserved || Global src data offset || 1891 * ---------------------------------------------------------------------------------------------------- 1892 * 1 1 1 35 1 1 3 1893 * 1894 * 1895 * 1896 * Load HMAC key = 1'b0 Preserve old HMAC key stored in Auth engine (moot if HASH.HMAC == 0) 1897 * 1'b1 Load HMAC key from ID registers at beginning of op 1898 * If GCM is selected as authenticator, setting this bit 1899 * will cause the H value from ID to be loaded to the engine 1900 * If Kasumi F9 is selected as authenticator, setting this bit 1901 * will cause the IK value from ID to be loaded to the engine. 1902 * Pad Hash = 1'b0 HASH will assume the data was padded to be a multiple 1903 * of 512 bits in length and that the last 64 bit word 1904 * expresses the total datalength in bits seen by HASH engine 1905 * 1'b1 The data was not padded to be a multiple of 512 bits in length; 1906 * The Hash engine will do its own padding to generate the correct digest. 1907 * Ignored by GCM (always does its own padding) 1908 * Hash Byte Count Number of BYTES on last 64-bit data word to use in digest calculation RELEVANT ONLY IF Pad Hash IS SET 1909 * 3'b000 Use all 8 1910 * 3'b001 Use first (MS) byte only (0-out rest), i.e., 0xddXXXXXXXXXXXXXX 1911 * 3'b010 Use first 2 bytes only (0-out rest), i.e., 0xddddXXXXXXXXXXXX ... etc 1912 * Next = 1'b0 Finish (return msg descriptor) at end of operation 1913 * 1'b1 Grab the next PacketDescriptor (i.e. next cache-line) when the current is complete. 1914 * This allows for fragmentation/defragmentation and processing of large (>16kB) packets. 1915 * The sequence of adjacent PacketDescriptor acts as a contiguous linked list of 1916 * pointers to the actual packets with Next==0 on the last PacketDescriptor to end processing. 1917 * Use IV = 1'b0 On first frag: Use old IV 1918 * On subsequent frags: Do not write out to DST the (dword) offset data 1919 * 1'b1 On first frag: Use data @ Segment_address + IV_Offset as IV 1920 * On subsequent frags: Do write out to DST the (dword) offset data 1921 * IV Offset = On first frag: Offset IN NB OF 8 BYTE WORDS (dwords) from beginning of packet 1922 * (i.e. (Potentially byte-shifted) Segment address) to cipher IV 1923 * On subsequent frags: Offset to beginning of data to process; data to offset won't 1924 * be given to engines and will be written out to dst in the clear. 1925 * ON SUBSEQUENT FRAGS, IV_Offset MAY NOT EXCEED 3; LARGER VALUES WILL CAUSE AN ERROR 1926 * SEE ERROR CONDITIONS BELOW 1927 * Packet length = Nb double words to stream in (Including Segment address->CP/IV/Auth/CkSum offsets) 1928 * This is the total amount of data (x8 in bytes) read (+1 dword if "Global src data offset" != 0) 1929 * This is the total amount of data (x8 in bytes) written (+1 dword if "Global dst data offset" != 0, if Dst dword offset == 0) 1930 * If Packet length == 11'h7ff and (Global src data offset != 0 or Global dst data offset != 0) 1931 * the operation is aborted (no mem writes occur) 1932 * and the "Insufficient Data To Cipher" error flag is raised 1933 * NLHMAC = No last to hmac. Setting this to 1 will prevent the transmission of the last DWORD 1934 * to the authenticator, i.e., the DWORD before last will be designated as last for the purposes of authentication. 1935 * Break = Break a wait (see below) state - causes the operation to be flushed and free descriptor to be returned. 1936 * Activated if DFetch blocked by Wait and Wait still active. 1937 * AS OF 02/10/2005 THIS FEATURE IS EXPERIMENTAL 1938 * Wait = Setting that bit causes the operation to block in DFetch stage. 1939 * DFetch will keep polling the memory location until the bit is reset at which time 1940 * the pipe resumes normal operation. This feature is convenient for software dealing with fragmented packets. 1941 * AS OF 02/10/2005 THIS FEATURE IS EXPERIMENTAL 1942 * Segment src address = 35 MSB of pointer to src data (i.e., cache-line aligned) 1943 * SRTCP = Bypass the cipher for the last 4 bytes of data, i.e. the last 4 bytes will be sent to memory 1944 * and the authenticator in the clear. Applicable to last packet descriptor andlast frag only. 1945 * This accommodates a requirement of SRTCP. 1946 * Global src data offset = Nb BYTES to right-shift data by before presenting it to engines 1947 * (0-7); allows realignment of byte-aligned, non-double-word aligned data 1948 * 1949 * PacketDescriptor_t.dstDataSettings 1950 * ---------------------------------- 1951 * 1952 * 1953 * 63 62 60 59 58 56 55 54 53 52 41 40 1954 * ------------------------------------------------------------------------------------------------------------ 1955 * || CipherPrefix | Arc4ByteCount | E/D | Cipher_Offset || Hash_Offset | Hash_Src || CkSum_Offset | CkSum_Src || ... CONT ... 1956 * ------------------------------------------------------------------------------------------------------------ 1957 * 1 3 1 3 2 1 12 1 1958 * <-----------------------CIPHER-----------------------><---------HASH-----------><-------CHECKSUM-----------> 1959 * 1960 * 1961 * CipherPrefix = 128'b0 will be sent to the selected cipher 1962 * KEEP VALUE ON ALL FRAGS after the IV is loaded, before the actual data goes in. 1963 * The result of that encryption (aka E(K, 0))will be stored 1964 * locally and XOR-ed with the auth digest to create the final 1965 * digest at the end of the auth OP: 1966 * This is covered by the GCM spec 1967 * AesPrefix = 1'b1 -> Force E=Cipher(K,0) before start of data encr. 1968 * -> Digest ^= E 1969 * AesPrefix = 1'b0 -> Regular digest 1970 * This flag is ignored if no cipher is chosen (Bypass condition) 1971 * X0 Arc4ByteCount = Number of BYTES on last 64-bit data word to encrypt 1972 * 3'b000 Encrypt all 8 1973 * 3'b001 Encrypt first (MS) byte only i.e., 0xddXXXXXXXXXXXXXX 1974 * 3'b010 Encrypt first 2 bytes only i.e., 0xddddXXXXXXXXXXXX ... etc 1975 * In reality, all are encrypted, however, the SBOX 1976 * is not written past the last byte to encrypt 1977 * E/D = 1'b0 Decrypt 1978 * 1'b1 Encrypt 1979 * Overloaded to also mean IV byte offset for first frag 1980 * Cipher_Offset = Nb of words between the first data segment 1981 * and word on which to start cipher operation 1982 * (64 BIT WORDS !!!) 1983 * Hash_Offset = Nb of words between the first data segment 1984 * and word on which to start hashing 1985 * (64 bit words) 1986 * Hash_Src = 1'b0 DMA channel 1987 * 1'b1 Cipher if word count exceeded Cipher_Offset; 1988 * DMA channel otherwise 1989 * CkSum_Offset = Nb of words between the first data segment 1990 * and word on which to start 1991 * checksum calculation (32 BIT WORDS !!!) 1992 * CkSum_Src = 1'b0 DMA channel 1993 * 1'b1 Cipher if word count exceeded Cipher_Offset 1994 * DMA channel otherwise 1995 * Cipher dst address = 35 MSB of pointer to dst location (i.e., cache-line aligned) 1996 * Dst dword offset = Nb of double-words to left-shift data from spec'ed Cipher dst address before writing it to memory 1997 * Global dst data offset = Nb BYTES to left-shift (double-word boundary aligned) data by before writing it to memory 1998 * 1999 * 2000 * PacketDescriptor_t.authDstNonceLow 2001 * ---------------------------------- 2002 * 2003 * 63 40 39 5 4 0 2004 * ----------------------------------------------------- 2005 * || Nonce_Low || Auth_dst_address || Cipher_Offset_Hi || 2006 * ----------------------------------------------------- 2007 * 24 35 5 2008 * 2009 * 2010 * 2011 * Nonce_Low = Nonce[23:0] 24 least significant bits of 32-bit long nonce 2012 * Used by AES in counter mode 2013 * Auth_dst_address = 35 MSB of pointer to authentication dst location (i.e., cache-line aligned) 2014 * X0 Cipher_Offset_Hi = On first frag: 5 MSB of 8-bit Cipher_offset; will be concatenated to 2015 * the top of PacketDescriptor_t.dstDataSettings.Cipher_Offset 2016 * On subsequent frags: Ignored 2017 * 2018 * 2019 * PacketDescriptor_t.ckSumDstNonceHiCFBMaskLLWMask 2020 * ------------------------------------------------ 2021 * 2022 * 2023 * 63 61 60 58 57 56 55 48 47 40 39 5 4 0 2024 * ------------------------------------------------------------------------------------------------------------------- 2025 * || Hash_Byte_Offset || Packet length bytes || LLWMask || CFB_Mask || Nonce_Hi || CkSum_dst_address || IV_Offset_Hi || 2026 * ------------------------------------------------------------------------------------------------------------------- 2027 * 3 3 2 8 8 35 5 2028 * 2029 * 2030 * Hash_Byte_Offset = On first frag: Additional offset in bytes to be added to Hash_Offset 2031 * to obtain the full offset applied to the data before 2032 * submitting it to authenticator 2033 * On subsequent frags: Same 2034 * Packet length bytes = On one fragment payloads: Ignored (i.e. assumed to be 0, last dword used in its entirety) 2035 * On fragments before last: Number of bytes on last fragment dword 2036 * On last fragment: Ignored (i.e. assumed to be 0, last dword used in its entirety) 2037 * LLWMask, aka, Last_long_word_mask = 2'b00 Give last 128 bit word from AES engine to auth/cksum/wrbbufer as is - applicable in AES CTR only 2038 * 2'b11 Mask (zero-out) 32 least significant bits 2039 * 2'b10 Mask 64 LSBs 2040 * 2'b01 Mask 96 LSBs 2041 * If the GCM authenticator is used, setting LLWMask to 2'b10 or 2'b01 2042 * will also prevent the transmission of the last DWORD 2043 * to the authenticator, i.e., the DWORD before last will 2044 * be designated as last for the purposes of authentication. 2045 * CFB_Mask = 8 bit mask used by AES in CFB mode 2046 * In CTR mode: 2047 * CFB_Mask[1:0] = 2'b00 -> Counter[127:0] = {Nonce[31:0], IV0[63:0], 4'h00000001} (only 1 IV exp 2048ected) regular CTR 2049 * 2'b01 -> Counter[127:0] = {Nonce[31:0], IV0[63:0], IV1[31:0]} (2 IV expected 2050) CCMP 2051 * 2'b10 -> Counter[127:0] = {IV1[63:0], IV0[31:0], Nonce[31:0]} (2 IV expected 2052) GCM with SCI 2053 * 2'b11 -> Counter[127:0] = {IDecode.SCI[63:0], IV0[31:0], Nonce[31:0]} (1 IV expected 2054) GCM w/o SCI 2055 * Nonce_Hi = Nonce[31:24] 8 most significant bits of 32-bit long nonce 2056 * Used by AES in counter mode 2057 * CkSum_dst_address = 35 MSB of pointer to cksum dst location (i.e., cache-line aligned) 2058 * X0 IV_Offset_Hi = On first frag: 5 MSB of 8-bit IV offset; will be concatenated to 2059 * the top of PacketDescriptor_t.srcLengthIVOffUseIVNext.IV_Offset 2060 * On subsequent frags: Ignored 2061 */ 2062 2063/* #define PKT_DSC_LOADHMACKEY */ 2064#define PKT_DSC_LOADHMACKEY_OLD 0 2065#define PKT_DSC_LOADHMACKEY_LOAD 1 2066#define PKT_DSC_LOADHMACKEY_LSB 63 2067#define PKT_DSC_LOADHMACKEY_BITS ONE_BIT 2068#define PKT_DSC_LOADHMACKEY_MASK \ 2069 (PKT_DSC_LOADHMACKEY_BITS << PKT_DSC_LOADHMACKEY_LSB) 2070 2071/* #define PKT_DSC_PADHASH */ 2072#define PKT_DSC_PADHASH_PADDED 0 2073#define PKT_DSC_PADHASH_PAD 1 /* requires padding */ 2074#define PKT_DSC_PADHASH_LSB 62 2075#define PKT_DSC_PADHASH_BITS ONE_BIT 2076#define PKT_DSC_PADHASH_MASK (PKT_DSC_PADHASH_BITS << PKT_DSC_PADHASH_LSB) 2077 2078/* #define PKT_DSC_HASHBYTES */ 2079#define PKT_DSC_HASHBYTES_ALL8 0 2080#define PKT_DSC_HASHBYTES_MSB 1 2081#define PKT_DSC_HASHBYTES_MSW 2 2082#define PKT_DSC_HASHBYTES_LSB 59 2083#define PKT_DSC_HASHBYTES_BITS THREE_BITS 2084#define PKT_DSC_HASHBYTES_MASK \ 2085 (PKT_DSC_HASHBYTES_BITS << PKT_DSC_HASHBYTES_LSB) 2086 2087/* #define PKT_DSC_NEXT */ 2088#define PKT_DSC_NEXT_FINISH 0 2089#define PKT_DSC_NEXT_DO 1 2090#define PKT_DSC_NEXT_LSB 58 2091#define PKT_DSC_NEXT_BITS ONE_BIT 2092#define PKT_DSC_NEXT_MASK (PKT_DSC_NEXT_BITS << PKT_DSC_NEXT_LSB) 2093 2094/* #define PKT_DSC_IV */ 2095#define PKT_DSC_IV_OLD 0 2096#define PKT_DSC_IV_NEW 1 2097#define PKT_DSC_IV_LSB 57 2098#define PKT_DSC_IV_BITS ONE_BIT 2099#define PKT_DSC_IV_MASK (PKT_DSC_IV_BITS << PKT_DSC_IV_LSB) 2100 2101/* #define PKT_DSC_IVOFF */ 2102#define PKT_DSC_IVOFF_LSB 54 2103#define PKT_DSC_IVOFF_BITS THREE_BITS 2104#define PKT_DSC_IVOFF_MASK (PKT_DSC_IVOFF_BITS << PKT_DSC_IVOFF_LSB) 2105 2106/* #define PKT_DSC_PKTLEN */ 2107#define PKT_DSC_PKTLEN_LSB 43 2108#define PKT_DSC_PKTLEN_BITS ELEVEN_BITS 2109#define PKT_DSC_PKTLEN_MASK (PKT_DSC_PKTLEN_BITS << PKT_DSC_PKTLEN_LSB) 2110 2111/* #define PKT_DSC_NLHMAC */ 2112#define PKT_DSC_NLHMAC_LSB 42 2113#define PKT_DSC_NLHMAC_BITS ONE_BIT 2114#define PKT_DSC_NLHMAC_MASK (PKT_DSC_NLHMAC_BITS << PKT_DSC_NLHMAC_LSB) 2115 2116/* #define PKT_DSC_BREAK */ 2117#define PKT_DSC_BREAK_OLD 0 2118#define PKT_DSC_BREAK_NEW 1 2119#define PKT_DSC_BREAK_LSB 41 2120#define PKT_DSC_BREAK_BITS ONE_BIT 2121#define PKT_DSC_BREAK_MASK (PKT_DSC_BREAK_BITS << PKT_DSC_BREAK_LSB) 2122 2123/* #define PKT_DSC_WAIT */ 2124#define PKT_DSC_WAIT_OLD 0 2125#define PKT_DSC_WAIT_NEW 1 2126#define PKT_DSC_WAIT_LSB 40 2127#define PKT_DSC_WAIT_BITS ONE_BIT 2128#define PKT_DSC_WAIT_MASK (PKT_DSC_WAIT_BITS << PKT_DSC_WAIT_LSB) 2129 2130/* #define PKT_DSC_SEGADDR */ 2131#define PKT_DSC_SEGADDR_LSB 5 2132#define PKT_DSC_SEGADDR_BITS FOURTY_BITS 2133#define PKT_DSC_SEGADDR_MASK \ 2134 (PKT_DSC_SEGADDR_BITS << PKT_DSC_SEGADDR_LSB) 2135 2136/* #define PKT_DSC_SRTCP */ 2137#define PKT_DSC_SRTCP_OFF 0 2138#define PKT_DSC_SRTCP_ON 1 2139#define PKT_DSC_SRTCP_LSB 4 2140#define PKT_DSC_SRTCP_BITS ONE_BIT 2141#define PKT_DSC_SRTCP_MASK (PKT_DSC_SRTCP_BITS << PKT_DSC_SRTCP_LSB) 2142 2143#define PKT_DSC_SEGOFFSET_LSB 0 2144#define PKT_DSC_SEGOFFSET_BITS THREE_BITS 2145#define PKT_DSC_SEGOFFSET_MASK \ 2146 (PKT_DSC_SEGOFFSET_BITS << PKT_DSC_SEGOFFSET_LSB) 2147 2148/* ********************************************************************** 2149 * PacketDescriptor_t.dstDataSettings 2150 * ********************************************************************** 2151 */ 2152/* #define PKT_DSC_ARC4BYTECOUNT */ 2153#define PKT_DSC_ARC4BYTECOUNT_ALL8 0 2154#define PKT_DSC_ARC4BYTECOUNT_MSB 1 2155#define PKT_DSC_ARC4BYTECOUNT_MSW 2 2156#define PKT_DSC_ARC4BYTECOUNT_LSB 60 2157#define PKT_DSC_ARC4BYTECOUNT_BITS THREE_BITS 2158#define PKT_DSC_ARC4BYTECOUNT_MASK (PKT_DSC_ARC4BYTECOUNT_BITS << PKT_DSC_ARC4BYTECOUNT_LSB) 2159 2160/* #define PKT_DSC_SYM_OP (symmetric key operation) */ 2161#define PKT_DSC_SYM_OP_DECRYPT 0 2162#define PKT_DSC_SYM_OP_ENCRYPT 1 2163#define PKT_DSC_SYM_OP_LSB 59 2164#define PKT_DSC_SYM_OP_BITS ONE_BIT 2165#define PKT_DSC_SYM_OP_MASK (PKT_DSC_SYM_OP_BITS << PKT_DSC_SYM_OP_LSB) 2166 2167/* #define PKT_DSC_CPHROFF */ 2168#define PKT_DSC_CPHROFF_LSB 56 2169#define PKT_DSC_CPHROFF_BITS THREE_BITS 2170#define PKT_DSC_CPHROFF_MASK (PKT_DSC_CPHROFF_BITS << PKT_DSC_CPHROFF_LSB) 2171 2172/* #define PKT_DSC_HASHOFF */ 2173#define PKT_DSC_HASHOFF_LSB 54 2174#define PKT_DSC_HASHOFF_BITS TWO_BITS 2175#define PKT_DSC_HASHOFF_MASK (PKT_DSC_HASHOFF_BITS << PKT_DSC_HASHOFF_LSB) 2176 2177/* #define PKT_DSC_HASHSRC */ 2178#define PKT_DSC_HASHSRC_DMA 0 2179#define PKT_DSC_HASHSRC_CIPHER 1 2180#define PKT_DSC_HASHSRC_LSB 53 2181#define PKT_DSC_HASHSRC_BITS ONE_BIT 2182#define PKT_DSC_HASHSRC_MASK (PKT_DSC_HASHSRC_BITS << PKT_DSC_HASHSRC_LSB) 2183 2184/* #define PKT_DSC_CKSUMOFF */ 2185#define PKT_DSC_CKSUMOFF_LSB 41 2186#define PKT_DSC_CKSUMOFF_BITS TWELVE_BITS 2187#define PKT_DSC_CKSUMOFF_MASK (PKT_DSC_CKSUMOFF_BITS << PKT_DSC_CKSUMOFF_LSB) 2188 2189/* #define PKT_DSC_CKSUMSRC */ 2190#define PKT_DSC_CKSUMSRC_DMA 0 2191#define PKT_DSC_CKSUMSRC_CIPHER 1 2192#define PKT_DSC_CKSUMSRC_LSB 40 2193#define PKT_DSC_CKSUMSRC_BITS ONE_BIT 2194#define PKT_DSC_CKSUMSRC_MASK (PKT_DSC_CKSUMSRC_BITS << PKT_DSC_CKSUMSRC_LSB) 2195 2196/* #define PKT_DSC_CPHR_DST_ADDR */ 2197#define PKT_DSC_CPHR_DST_ADDR_LSB 0 2198#define PKT_DSC_CPHR_DST_ADDR_BITS FOURTY_BITS 2199#define PKT_DSC_CPHR_DST_ADDR_MASK \ 2200 (PKT_DSC_CPHR_DST_ADDR_BITS << PKT_DSC_CPHR_DST_ADDR_LSB) 2201 2202/* #define PKT_DSC_CPHR_DST_DWOFFSET */ 2203#define PKT_DSC_CPHR_DST_DWOFFSET_LSB 3 2204#define PKT_DSC_CPHR_DST_DWOFFSET_BITS TWO_BITS 2205#define PKT_DSC_CPHR_DST_DWOFFSET_MASK \ 2206 (PKT_DSC_CPHR_DST_DWOFFSET_BITS << PKT_DSC_CPHR_DST_DWOFFSET_LSB) 2207 2208 /* #define PKT_DSC_CPHR_DST_OFFSET */ 2209#define PKT_DSC_CPHR_DST_OFFSET_LSB 0 2210#define PKT_DSC_CPHR_DST_OFFSET_BITS THREE_BITS 2211#define PKT_DSC_CPHR_DST_OFFSET_MASK \ 2212 (PKT_DSC_CPHR_DST_OFFSET_BITS << PKT_DSC_CPHR_DST_OFFSET_LSB) 2213 2214/* ********************************************************************** 2215 * PacketDescriptor_t.authDstNonceLow 2216 * ********************************************************************** 2217 */ 2218/* #define PKT_DSC_NONCE_LOW */ 2219#define PKT_DSC_NONCE_LOW_LSB 40 2220#define PKT_DSC_NONCE_LOW_BITS TWENTYFOUR_BITS 2221#define PKT_DSC_NONCE_LOW_MASK \ 2222 (PKT_DSC_NONCE_LOW_BITS << PKT_DSC_NONCE_LOW_LSB) 2223 2224/* #define PKT_DSC_AUTH_DST_ADDR */ 2225#define PKT_DSC_AUTH_DST_ADDR_LSB 0 2226#define PKT_DSC_AUTH_DST_ADDR_BITS FOURTY_BITS 2227#define PKT_DSC_AUTH_DST_ADDR_MASK \ 2228 (PKT_DSC_AUTH_DST_ADDR_BITS << PKT_DSC_AUTH_DST_ADDR_LSB) 2229 2230/* #define PKT_DSC_CIPH_OFF_HI */ 2231#define PKT_DSC_CIPH_OFF_HI_LSB 0 2232#define PKT_DSC_CIPH_OFF_HI_BITS FIVE_BITS 2233#define PKT_DSC_CIPH_OFF_HI_MASK (PKT_DSC_CIPH_OFF_HI_BITS << PKT_DSC_CIPH_OFF_HI_LSB) 2234 2235/* ********************************************************************** 2236 * PacketDescriptor_t.ckSumDstNonceHiCFBMaskLLWMask 2237 * ********************************************************************** 2238 */ 2239/* #define PKT_DSC_HASH_BYTE_OFF */ 2240#define PKT_DSC_HASH_BYTE_OFF_LSB 61 2241#define PKT_DSC_HASH_BYTE_OFF_BITS THREE_BITS 2242#define PKT_DSC_HASH_BYTE_OFF_MASK (PKT_DSC_HASH_BYTE_OFF_BITS << PKT_DSC_HASH_BYTE_OFF_LSB) 2243 2244/* #define PKT_DSC_PKTLEN_BYTES */ 2245#define PKT_DSC_PKTLEN_BYTES_LSB 58 2246#define PKT_DSC_PKTLEN_BYTES_BITS THREE_BITS 2247#define PKT_DSC_PKTLEN_BYTES_MASK (PKT_DSC_PKTLEN_BYTES_BITS << PKT_DSC_PKTLEN_BYTES_LSB) 2248 2249/* #define PKT_DSC_LASTWORD */ 2250#define PKT_DSC_LASTWORD_128 0 2251#define PKT_DSC_LASTWORD_96MASK 1 2252#define PKT_DSC_LASTWORD_64MASK 2 2253#define PKT_DSC_LASTWORD_32MASK 3 2254#define PKT_DSC_LASTWORD_LSB 56 2255#define PKT_DSC_LASTWORD_BITS TWO_BITS 2256#define PKT_DSC_LASTWORD_MASK (PKT_DSC_LASTWORD_BITS << PKT_DSC_LASTWORD_LSB) 2257 2258/* #define PKT_DSC_CFB_MASK */ 2259#define PKT_DSC_CFB_MASK_LSB 48 2260#define PKT_DSC_CFB_MASK_BITS EIGHT_BITS 2261#define PKT_DSC_CFB_MASK_MASK (PKT_DSC_CFB_MASK_BITS << PKT_DSC_CFB_MASK_LSB) 2262 2263/* #define PKT_DSC_NONCE_HI */ 2264#define PKT_DSC_NONCE_HI_LSB 40 2265#define PKT_DSC_NONCE_HI_BITS EIGHT_BITS 2266#define PKT_DSC_NONCE_HI_MASK (PKT_DSC_NONCE_HI_BITS << PKT_DSC_NONCE_HI_LSB) 2267 2268/* #define PKT_DSC_CKSUM_DST_ADDR */ 2269#define PKT_DSC_CKSUM_DST_ADDR_LSB 5 2270#define PKT_DSC_CKSUM_DST_ADDR_BITS THIRTY_FIVE_BITS 2271#define PKT_DSC_CKSUM_DST_ADDR_MASK (PKT_DSC_CKSUM_DST_ADDR_BITS << PKT_DSC_CKSUM_DST_ADDR_LSB) 2272 2273/* #define PKT_DSC_IV_OFF_HI */ 2274#define PKT_DSC_IV_OFF_HI_LSB 0 2275#define PKT_DSC_IV_OFF_HI_BITS FIVE_BITS 2276#define PKT_DSC_IV_OFF_HI_MASK (PKT_DSC_IV_OFF_HI_BITS << PKT_DSC_IV_OFF_HI_LSB) 2277 2278 2279/* ****************************************************************** 2280 * Control Error Code and Conditions 2281 * ****************************************************************** 2282 */ 2283#define CTL_ERR_NONE 0x0000 /* No Error */ 2284#define CTL_ERR_CIPHER_OP 0x0001 /* Unknown Cipher Op */ 2285#define CTL_ERR_MODE 0x0002 /* Unknown or Not Allowed Mode */ 2286#define CTL_ERR_CHKSUM_SRC 0x0004 /* Unknown CkSum Src - UNUSED */ 2287#define CTL_ERR_CFB_MASK 0x0008 /* Forbidden CFB Mask - UNUSED */ 2288#define CTL_ERR_OP 0x0010 /* Unknown Ctrl Op - UNUSED */ 2289#define CTL_ERR_UNDEF1 0x0020 /* UNUSED */ 2290#define CTL_ERR_UNDEF2 0x0040 /* UNUSED */ 2291#define CTL_ERR_DATA_READ 0x0080 /* Data Read Error */ 2292#define CTL_ERR_DESC_CTRL 0x0100 /* Descriptor Ctrl Field Error */ 2293 2294#define CTL_ERR_TIMEOUT 0x1000 /* Message Response Timeout */ 2295 2296/* ****************************************************************** 2297 * Data Error Code and Conditions 2298 * ****************************************************************** 2299 */ 2300#define DATA_ERR_NONE 0x0000 /* No Error */ 2301#define DATA_ERR_LEN_CIPHER 0x0001 /* Not Enough Data To Cipher */ 2302#define DATA_ERR_IV_ADDR 0x0002 /* Illegal IV Loacation */ 2303#define DATA_ERR_WD_LEN_AES 0x0004 /* Illegal Nb Words To AES */ 2304#define DATA_ERR_BYTE_COUNT 0x0008 /* Illegal Pad And ByteCount Spec */ 2305#define DATA_ERR_LEN_CKSUM 0x0010 /* Not Enough Data To CkSum */ 2306#define DATA_ERR_OP 0x0020 /* Unknown Data Op */ 2307#define DATA_ERR_UNDEF1 0x0040 /* UNUSED */ 2308#define DATA_ERR_READ 0x0080 /* Data Read Error */ 2309#define DATA_ERR_WRITE 0x0100 /* Data Write Error */ 2310 2311 2312/* 2313 * Common Descriptor 2314 * NOTE: Size of struct is size of cacheline. 2315 */ 2316 2317typedef struct OperationDescriptor_s { 2318 uint64_t phys_self; 2319 uint32_t stn_id; 2320 uint32_t flags; 2321 uint32_t cpu; 2322 uint32_t seq_num; 2323 uint64_t reserved; 2324} OperationDescriptor_t, *OperationDescriptor_pt; 2325 2326 2327/* 2328 * This defines the security data descriptor format 2329 */ 2330typedef struct PacketDescriptor_s { 2331 uint64_t srcLengthIVOffUseIVNext; 2332 uint64_t dstDataSettings; 2333 uint64_t authDstNonceLow; 2334 uint64_t ckSumDstNonceHiCFBMaskLLWMask; 2335} PacketDescriptor_t, *PacketDescriptor_pt; 2336 2337typedef struct { 2338 uint8_t *user_auth; 2339 uint8_t *user_src; 2340 uint8_t *user_dest; 2341 uint8_t *user_state; 2342 uint8_t *kern_auth; 2343 uint8_t *kern_src; 2344 uint8_t *kern_dest; 2345 uint8_t *kern_state; 2346 uint8_t *aligned_auth; 2347 uint8_t *aligned_src; 2348 uint8_t *aligned_dest; 2349 uint8_t *aligned_state; 2350} xlr_sec_drv_user_t, *xlr_sec_drv_user_pt; 2351 2352typedef struct symkey_desc { 2353 OperationDescriptor_t op_ctl; /* size is cacheline */ 2354 PacketDescriptor_t pkt_desc[2]; /* size is cacheline */ 2355 ControlDescriptor_t ctl_desc; /* makes this aligned */ 2356 uint64_t control; /* message word0 */ 2357 uint64_t data; /* message word1 */ 2358 uint64_t ctl_result; 2359 uint64_t data_result; 2360 struct symkey_desc *alloc; /* real allocated addr */ 2361 xlr_sec_drv_user_t user; 2362 //volatile atomic_t flag_complete; 2363 //struct semaphore sem_complete; 2364 //wait_queue_t submit_wait; 2365 2366 uint8_t *next_src_buf; 2367 uint32_t next_src_len; 2368 2369 uint8_t *next_dest_buf; 2370 uint32_t next_dest_len; 2371 2372 uint8_t *next_auth_dest; 2373 uint8_t *next_cksum_dest; 2374 2375 void *ses; 2376} symkey_desc_t, *symkey_desc_pt; 2377 2378 2379/* 2380 * ************************************************************************** 2381 * RSA Block 2382 * ************************************************************************** 2383 */ 2384 2385/* 2386 * RSA and ECC Block 2387 * ================= 2388 * 2389 * A 2-word message ring descriptor is used to pass all information 2390 * pertaining to the RSA or ECC operation: 2391 * 2392 * 63 61 60 54 53 52 40 39 5 4 3 2 0 2393 * ----------------------------------------------------------------------------------------------------- 2394 * | Ctrl | Op Class | Valid Op | Op Ctrl0 | Source Addr | Software Scratch0 | Global src data offset | 2395 * ----------------------------------------------------------------------------------------------------- 2396 * 3 7 1 13 35 2 3 2397 * 2398 * 2399 * 63 61 60 54 53 52 51 50 40 39 5 4 3 2 0 2400 * -------------------------------------------------------------------------------------------------------------------------------- 2401 * | Ctrl | Destination Id | WRB_COH | WRB_L2ALLOC | DF_L2ALLOC | Op Ctrl1 | Dest Addr | Software Scratch1 | Global dst data offset | 2402 * -------------------------------------------------------------------------------------------------------------------------------- 2403 * 3 7 1 1 1 11 35 2 3 2404 * 2405 * 2406 * Op Class = 7'h0_0 Modular exponentiation 2407 * 7'h0_1 ECC (including prime modular ops and binary GF ops) 2408 * REMAINDER UNDEF 2409 * 2410 * Valid Op = 1'b1 Will cause operation to start; descriptors sent back at end of operation 2411 * 1'b0 No operation performed; descriptors sent back right away 2412 * 2413 * RSA ECC 2414 * === === 2415 * Op Ctrl0 = BlockWidth[1] {TYPE[6:0], FUNCTION[5:0]} 2416 * LoadConstant[1] 2417 * ExponentWidth[10:0] 2418 * RSA Only 2419 * ======== 2420 * Block Width = 1'b1 1024 bit op 2421 * = 1'b0 512 bit op 2422 * Load Constant = 1'b1 Load constant from data structure 2423 * 1'b0 Preserve old constant (this assumes 2424 * Source Addr points to RSAData_pt->Exponent 2425 * or that the length of Constant is 0) 2426 * Exponent Width = 11-bit expression of exponent width EXPRESSED IN NUMBER OF BITS 2427 * 2428 * ECC Only 2429 * ======== 2430 * 2431 * TYPE = 7'h0_0 ECC prime 160 2432 * 7'h0_1 ECC prime 192 2433 * 7'h0_2 ECC prime 224 2434 * 7'h0_3 ECC prime 256 2435 * 7'h0_4 ECC prime 384 2436 * 7'h0_5 ECC prime 512 2437 * 2438 * 7'h0_6 through 7'h1_f UNDEF 2439 * 2440 * 7'h2_0 ECC bin 163 2441 * 7'h2_1 ECC bin 191 2442 * 7'h2_2 ECC bin 233 2443 * 2444 * 7'h2_3 through 7'h6_f UNDEF 2445 * 2446 * 7'h7_0 ECC UC load 2447 * 2448 * 7'b7_1 through 7'b7_f UNDEF 2449 * 2450 * Prime field Binary field 2451 * =========== ============ 2452 * FUNCTION = 6'h0_0 Point multiplication R = k.P Point multiplication R = k.P 2453 * 6'h0_1 Point addition R = P + Q Binary GF inversion C(x) = 1 / A(x) mod F(x) 2454 * 6'h0_2 Point double R = 2 x P Binary GF multiplication C(x) = B(x) * A(x) mod F(x) 2455 * 6'h0_3 Point verification R ? Binary GF addition C(x) = B(x) + A(x) mod F(x) 2456 * 6'h0_4 Modular addition c = x + y mod m UNDEF 2457 * 6'h0_5 Modular substraction c = x - y mod m UNDEF 2458 * 6'h0_6 Modular multiplication c = x * y mod m UNDEF 2459 * 6'h0_7 Modular division c = x / y mod m UNDEF 2460 * 6'h0_8 Modular inversion c = 1 / y mod m UNDEF 2461 * 6'h0_9 Modular reduction c = x mod m UNDEF 2462 * 2463 * 6'h0_a 2464 * through UNDEF UNDEF 2465 * 6'h3_f 2466 * 2467 * Source Addr = 35 MSB of pointer to source address (i.e., cache-line aligned) 2468 * 2469 * Software Scratch0 = Two bit field ignored by engine and returned as is in free descriptor 2470 * 2471 * Global src data offset = Nb BYTES to right-shift data by before presenting it to engines 2472 * (0-7); allows realignment of byte-aligned, non-double-word aligned data 2473 * 2474 * RSA ECC 2475 * === === 2476 * OpCtrl1 = ModulusWidth[10:0] Not used 2477 * RSA Only 2478 * ======== 2479 * Modulus Width = 11-bit expression of modulus width EXPRESSED IN NUMBER OF BITS 2480 * 2481 * Dest Addr = 35 MSB of pointer to destination address (i.e., cache-line aligned) 2482 * 2483 * Software Scratch1 = Two bit field ignored by engine and returned as is in free descriptor 2484 * 2485 * Global dst data offset = Nb BYTES to left-shift (double-word boundary aligned) data by before writing it to memory 2486 * 2487 * 2488 */ 2489 2490/* 2491 * ECC data formats 2492 */ 2493 2494/********************************************************** 2495 * * 2496 * ECC prime data formats * 2497 * * 2498 ********************************************************** 2499 * 2500 * 2501 * The size of all quantities below is that of the precision 2502 * of the chosen op (160, 192, ...) ROUNDED UP to a multiple 2503 * of 8 bytes, i.e., 3 dwords (160, 192), 4 dwords (224, 256) 2504 * 6 dwords (384) and 8 dwords (512) and padded with zeroes 2505 * when necessary. 2506 * 2507 * The only exception to this is the key quantity (k) which 2508 * needs to be rounded up to 32 bytes in all cases and padded 2509 * with zeroes; therefore the key needs to be 4 dwords (160, 192, 2510 * 224, 256) or 8 dwords (384, 512) 2511 * 2512 * The total lengths in dwords that are read and in 2513 * bytes that are written, for each operation and 2514 * length group, are specified at the bottom of each 2515 * datastructure. 2516 * 2517 * In all that follows, m is the modulus and cst is the constant, 2518 * cst = 2 ^ (2*length + 4) mod m . a and b are the curve 2519 * parameters. 2520 * 2521 * 0) UC load 2522 * 2523 * DATA IN DATA OUT 2524 * ======= ======== 2525 * src+glb_off-> Dword_0 N/A 2526 * . 2527 * . 2528 * . 2529 * Dword_331 2530 * 332 dw 2531 * 2532 * 1) Point multiplication R(x_r, y_r) = k . P(x_p, y_p) 2533 * 2534 * DATA IN DATA OUT 2535 * ======= ======== 2536 * src+glb_off-> x_p dst+glb_off-> x_r 2537 * x_p y_r 2538 * y_p 2x(3/4/6/8)= 2539 * y_p 6/8/12/16 dw 2540 * a 2541 * k 2542 * m 2543 * cst 2544 * 7x(3/4/6/8)+(4/4/8/8)= 2545 * 25/32/50/64 dw 2546 * 2547 * 2) Point addition R(x_r, y_r) = P(x_p, y_p) + Q(x_q, y_q) 2548 * 2549 * DATA IN DATA OUT 2550 * ======= ======== 2551 * src+glb_off-> x_p dst+glb_off-> x_r 2552 * y_p y_r 2553 * x_q 2x(3/4/6/8)= 2554 * y_q 6/8/12/16 dw 2555 * a 2556 * m 2557 * cst 2558 * 7x(3/4/6/8)= 2559 * 21/28/42/56 dw 2560 * 2561 * 3) Point double R(x_r, y_r) = 2 . P(x_p, y_p) 2562 * 2563 * DATA IN DATA OUT 2564 * ======= ======== 2565 * src+glb_off-> x_p dst+glb_off-> x_r 2566 * y_p y_r 2567 * a 2x(3/4/6/8)= 2568 * m 6/8/12/16 dw 2569 * cst 2570 * 5x(3/4/6/8)= 2571 * 15/20/30/40 dw 2572 * 2573 * 4) Point verification Is_On_Curve = P(x_p, y_p) on curve ? 1 : 0 2574 * 2575 * DATA IN DATA OUT 2576 * ======= ======== 2577 * src+glb_off-> x_p dst+glb_off-> Is_On_Curve 2578 * y_p 1 dw 2579 * a 2580 * b 2581 * m 2582 * cst 2583 * 6x(3/4/6/8)= 2584 * 18/24/36/48 dw 2585 * 2586 * 5) Modular addition c = x + y mod m 2587 * 2588 * DATA IN DATA OUT 2589 * ======= ======== 2590 * src+glb_off-> x dst+glb_off-> c 2591 * y 3/4/6/8 dw 2592 * m 2593 * 3x(3/4/6/8)= 2594 * 9/12/18/24 dw 2595 * 2596 * 6) Modular substraction c = x - y mod m 2597 * 2598 * DATA IN DATA OUT 2599 * ======= ======== 2600 * src+glb_off-> x dst+glb_off-> c 2601 * y 3/4/6/8 dw 2602 * m 2603 * 3x(3/4/6/8)= 2604 * 9/12/18/24 dw 2605 * 2606 * 7) Modular multiplication c = x * y mod m 2607 * 2608 * DATA IN DATA OUT 2609 * ======= ======== 2610 * src+glb_off-> x dst+glb_off-> c 2611 * y 3/4/6/8 dw 2612 * m 2613 * cst 2614 * 4x(3/4/6/8)= 2615 * 12/16/24/32 dw 2616 * 2617 * 8) Modular division c = x / y mod m 2618 * 2619 * DATA IN DATA OUT 2620 * ======= ======== 2621 * src+glb_off-> y dst+glb_off-> c 2622 * x 3/4/6/8 dw 2623 * m 2624 * 3x(3/4/6/8)= 2625 * 9/12/18/24 dw 2626 * 2627 * 9) Modular inversion c = 1 / y mod m 2628 * 2629 * DATA IN DATA OUT 2630 * ======= ======== 2631 * src+glb_off-> y dst+glb_off-> c 2632 * m 3/4/6/8 dw 2633 * 2x(3/4/6/8)= 2634 * 6/8/12/16 dw 2635 * 2636 * 10) Modular reduction c = x mod m 2637 * 2638 * DATA IN DATA OUT 2639 * ======= ======== 2640 * src+glb_off-> x dst+glb_off-> c 2641 * m 3/4/6/8 dw 2642 * 2x(3/4/6/8)= 2643 * 6/8/12/16 dw 2644 * 2645 */ 2646 2647/********************************************************** 2648 * * 2649 * ECC binary data formats * 2650 * * 2651 ********************************************************** 2652 * 2653 * 2654 * The size of all quantities below is that of the precision 2655 * of the chosen op (163, 191, 233) ROUNDED UP to a multiple 2656 * of 8 bytes, i.e. 3 dwords for (163, 191) and 4 dwords for 2657 * (233), padded with zeroes as necessary. 2658 * 2659 * The total lengths in dwords that are read and written, 2660 * for each operation and length group, are specified 2661 * at the bottom of each datastructure. 2662 * In all that follows, b is the curve parameter. 2663 * 2664 * 1) Point multiplication R(x_r, y_r) = k . P(x_p, y_p) 2665 * 2666 * DATA IN DATA OUT 2667 * ======= ======== 2668 * src+glb_off-> b dst+glb_off-> x_r 2669 * k y_r 2670 * x_p 2x(3/4) 2671 * y_p 6/8 dw 2672 * 4x(3/4)= 2673 * 12/16 dw 2674 * 2675 * 2) Binary GF inversion C(x) = 1 / A(x) mod F(x) 2676 * 2677 * DATA IN DATA OUT 2678 * ======= ======== 2679 * src+glb_off-> A dst+glb_off-> C 2680 * 1x(3/4)= 1x(3/4) 2681 * 3/4 dw 3/4 dw 2682 * 2683 * 3) Binary GF multiplication C(x) = B(x) * A(x) mod F(x) 2684 * 2685 * DATA IN DATA OUT 2686 * ======= ======== 2687 * src+glb_off-> A dst+glb_off-> C 2688 * B 1x(3/4) 2689 * 2x(3/4)= 3/4 dw 2690 * 6/8 dw 2691 * 2692 * 4) Binary GF addition C(x) = B(x) + A(x) mod F(x) 2693 * 2694 * DATA IN DATA OUT 2695 * ======= ======== 2696 * src+glb_off-> A dst+glb_off-> C 2697 * B 1x(3/4) 2698 * 2x(3/4)= 3/4 dw 2699 * 6/8dw 2700 * 2701 */ 2702 2703/* 2704 * RSA data format 2705 */ 2706 2707/* 2708 * IMPORTANT NOTE: 2709 * 2710 * As specified in the datastructures below, 2711 * the engine assumes all data (including 2712 * exponent and modulus) to be adjacent on 2713 * dword boundaries, e.g., 2714 * 2715 * Operation length = 512 bits 2716 * Exponent length = 16 bits 2717 * Modulus length = 512 bits 2718 * 2719 * The engine expects to read: 2720 * 2721 * 63 0 2722 * ----------------------- 2723 * | | Constant0 2724 * ----------------------- 2725 * | | Constant1 2726 * ----------------------- 2727 * | | Constant2 2728 * ----------------------- 2729 * | | Constant3 2730 * ----------------------- 2731 * | | Constant4 2732 * ----------------------- 2733 * | | Constant5 2734 * ----------------------- 2735 * | | Constant6 2736 * ----------------------- 2737 * | | Constant7 2738 * ----------------------- 2739 * | IGNORED |B1|B0| Exponent0 (Exponent length = 16 bits = 2 bytes, so only 2 least significant bytes of exponent used) 2740 * ----------------------- 2741 * | | Modulus0 2742 * ----------------------- 2743 * | | Modulus1 2744 * ----------------------- 2745 * | | Modulus2 2746 * ----------------------- 2747 * | | Modulus3 2748 * ----------------------- 2749 * | | Modulus4 2750 * ----------------------- 2751 * | | Modulus5 2752 * ----------------------- 2753 * | | Modulus6 2754 * ----------------------- 2755 * | | Modulus7 2756 * ----------------------- 2757 * | | Message0 2758 * ----------------------- 2759 * | | Message1 2760 * ----------------------- 2761 * | | Message2 2762 * ----------------------- 2763 * | | Message3 2764 * ----------------------- 2765 * | | Message4 2766 * ----------------------- 2767 * | | Message5 2768 * ----------------------- 2769 * | | Message6 2770 * ----------------------- 2771 * | | Message7 2772 * ----------------------- 2773 * 2774 */ 2775 2776/* #define PUBKEY_CTL_CTL */ 2777#define PUBKEY_CTL_CTL_LSB 61 2778#define PUBKEY_CTL_CTL_BITS THREE_BITS 2779#define PUBKEY_CTL_CTL_MASK (PUBKEY_CTL_CTL_BITS << PUBKEY_CTL_CTL_LSB) 2780 2781/* #define PUBKEY_CTL_OP_CLASS */ 2782#define PUBKEY_CTL_OP_CLASS_RSA 0 2783#define PUBKEY_CTL_OP_CLASS_ECC 1 2784#define PUBKEY_CTL_OP_CLASS_LSB 54 2785#define PUBKEY_CTL_OP_CLASS_BITS SEVEN_BITS 2786#define PUBKEY_CTL_OP_CLASS_MASK (PUBKEY_CTL_OP_CLASS_BITS << PUBKEY_CTL_OP_CLASS_LSB) 2787 2788/* #define PUBKEY_CTL_VALID */ 2789#define PUBKEY_CTL_VALID_FALSE 0 2790#define PUBKEY_CTL_VALID_TRUE 1 2791#define PUBKEY_CTL_VALID_LSB 53 2792#define PUBKEY_CTL_VALID_BITS ONE_BIT 2793#define PUBKEY_CTL_VALID_MASK \ 2794 (PUBKEY_CTL_VALID_BITS << PUBKEY_CTL_VALID_LSB) 2795 2796/* #define PUBKEY_CTL_ECC_TYPE */ 2797#define PUBKEY_CTL_ECC_TYPE_PRIME_160 0 2798#define PUBKEY_CTL_ECC_TYPE_PRIME_192 1 2799#define PUBKEY_CTL_ECC_TYPE_PRIME_224 2 2800#define PUBKEY_CTL_ECC_TYPE_PRIME_256 3 2801#define PUBKEY_CTL_ECC_TYPE_PRIME_384 4 2802#define PUBKEY_CTL_ECC_TYPE_PRIME_512 5 2803#define PUBKEY_CTL_ECC_TYPE_BIN_163 0x20 2804#define PUBKEY_CTL_ECC_TYPE_BIN_191 0x21 2805#define PUBKEY_CTL_ECC_TYPE_BIN_233 0x22 2806#define PUBKEY_CTL_ECC_TYPE_UC_LOAD 0x70 2807#define PUBKEY_CTL_ECC_TYPE_LSB 46 2808#define PUBKEY_CTL_ECC_TYPE_BITS SEVEN_BITS 2809#define PUBKEY_CTL_ECC_TYPE_MASK (PUBKEY_CTL_ECC_TYPE_BITS << PUBKEY_CTL_ECC_TYPE_LSB) 2810 2811/* #define PUBKEY_CTL_ECC_FUNCTION */ 2812#define PUBKEY_CTL_ECC_FUNCTION_NOP 0 2813#define PUBKEY_CTL_ECC_FUNCTION_POINT_MUL 0 2814#define PUBKEY_CTL_ECC_FUNCTION_POINT_ADD 1 2815#define PUBKEY_CTL_ECC_FUNCTION_POINT_DBL 2 2816#define PUBKEY_CTL_ECC_FUNCTION_POINT_VFY 3 2817#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_ADD 4 2818#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_SUB 5 2819#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_MUL 6 2820#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_DIV 7 2821#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_INV 8 2822#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_RED 9 2823#define PUBKEY_CTL_ECC_FUNCTION_LSB 40 2824#define PUBKEY_CTL_ECC_FUNCTION_BITS SIX_BITS 2825#define PUBKEY_CTL_ECC_FUNCTION_MASK (PUBKEY_CTL_ECC_FUNCTION_BITS << PUBKEY_CTL_ECC_FUNCTION_LSB) 2826 2827/* #define PUBKEY_CTL_BLKWIDTH */ 2828#define PUBKEY_CTL_BLKWIDTH_512 0 2829#define PUBKEY_CTL_BLKWIDTH_1024 1 2830#define PUBKEY_CTL_BLKWIDTH_LSB 52 2831#define PUBKEY_CTL_BLKWIDTH_BITS ONE_BIT 2832#define PUBKEY_CTL_BLKWIDTH_MASK \ 2833 (PUBKEY_CTL_BLKWIDTH_BITS << PUBKEY_CTL_BLKWIDTH_LSB) 2834 2835/* #define PUBKEY_CTL_LD_CONST */ 2836#define PUBKEY_CTL_LD_CONST_OLD 0 2837#define PUBKEY_CTL_LD_CONST_NEW 1 2838#define PUBKEY_CTL_LD_CONST_LSB 51 2839#define PUBKEY_CTL_LD_CONST_BITS ONE_BIT 2840#define PUBKEY_CTL_LD_CONST_MASK \ 2841 (PUBKEY_CTL_LD_CONST_BITS << PUBKEY_CTL_LD_CONST_LSB) 2842 2843/* #define PUBKEY_CTL_EXPWIDTH */ 2844#define PUBKEY_CTL_EXPWIDTH_LSB 40 2845#define PUBKEY_CTL_EXPWIDTH_BITS ELEVEN_BITS 2846#define PUBKEY_CTL_EXPWIDTH_MASK \ 2847 (PUBKEY_CTL_EXPWIDTH_BITS << PUBKEY_CTL_EXPWIDTH_LSB) 2848 2849/* #define PUBKEY_CTL_SRCADDR */ 2850#define PUBKEY_CTL_SRCADDR_LSB 0 2851#define PUBKEY_CTL_SRCADDR_BITS FOURTY_BITS 2852#define PUBKEY_CTL_SRCADDR_MASK \ 2853 (PUBKEY_CTL_SRCADDR_BITS << PUBKEY_CTL_SRCADDR_LSB) 2854 2855/* #define PUBKEY_CTL_SRC_OFFSET */ 2856#define PUBKEY_CTL_SRC_OFFSET_LSB 0 2857#define PUBKEY_CTL_SRC_OFFSET_BITS THREE_BITS 2858#define PUBKEY_CTL_SRC_OFFSET_MASK \ 2859 (PUBKEY_CTL_SRC_OFFSET_BITS << PUBKEY_CTL_SRC_OFFSET_LSB) 2860 2861 2862/* #define PUBKEY_CTL1_CTL */ 2863#define PUBKEY_CTL1_CTL_LSB 61 2864#define PUBKEY_CTL1_CTL_BITS THREE_BITS 2865#define PUBKEY_CTL1_CTL_MASK (PUBKEY_CTL_CTL_BITS << PUBKEY_CTL_CTL_LSB) 2866 2867/* #define PUBKEY_CTL1_MODWIDTH */ 2868#define PUBKEY_CTL1_MODWIDTH_LSB 40 2869#define PUBKEY_CTL1_MODWIDTH_BITS ELEVEN_BITS 2870#define PUBKEY_CTL1_MODWIDTH_MASK \ 2871 (PUBKEY_CTL1_MODWIDTH_BITS << PUBKEY_CTL1_MODWIDTH_LSB) 2872 2873/* #define PUBKEY_CTL1_DSTADDR */ 2874#define PUBKEY_CTL1_DSTADDR_LSB 0 2875#define PUBKEY_CTL1_DSTADDR_BITS FOURTY_BITS 2876#define PUBKEY_CTL1_DSTADDR_MASK \ 2877 (PUBKEY_CTL1_DSTADDR_BITS << PUBKEY_CTL1_DSTADDR_LSB) 2878 2879/* #define PUBKEY_CTL1_DST_OFFSET */ 2880#define PUBKEY_CTL1_DST_OFFSET_LSB 0 2881#define PUBKEY_CTL1_DST_OFFSET_BITS THREE_BITS 2882#define PUBKEY_CTL1_DST_OFFSET_MASK \ 2883 (PUBKEY_CTL1_DST_OFFSET_BITS << PUBKEY_CTL1_DST_OFFSET_LSB) 2884 2885/* 2886 * Upon completion of operation, the RSA block returns a 2-word free descriptor 2887 * in the following format: 2888 * 2889 * 63 61 60 54 53 52 51 49 48 40 39 5 4 3 2 0 2890 * ------------------------------------------------------------------------------------------------------------------------- 2891 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address | Software Scratch0 | Global src data offset | 2892 * ------------------------------------------------------------------------------------------------------------------------- 2893 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address | Software Scratch1 | Global dst data offset | 2894 * ------------------------------------------------------------------------------------------------------------------------- 2895 * 2896 * The Control and Data Error codes are enumerated below 2897 * 2898 * Error conditions 2899 * ================ 2900 * 2901 * Control Error Code Control Error Condition 2902 * ------------------ ----------------------- 2903 * 9'h000 No Error 2904 * 9'h001 Undefined Op Class 2905 * 9'h002 Undefined ECC TYPE (ECC only) 2906 * 9'h004 Undefined ECC FUNCTION (ECC only) 2907 * 9'h008 ECC timeout (ECC only) 2908 * 9'h010 UNUSED 2909 * 9'h020 UNUSED 2910 * 9'h040 UNUSED 2911 * 9'h080 Data Read Error 2912 * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP) 2913 * 2914 * Data Error Code Data Error Condition 2915 * --------------- -------------------- 2916 * 9'h000 No Error 2917 * 9'h001 Exponent Width > Block Width (RSA Only) 2918 * 9'h002 Modulus Width > Block Width (RSA Only) 2919 * 9'h004 UNUSED 2920 * 9'h008 UNUSED 2921 * 9'h010 UNUSED 2922 * 9'h020 UNUSED 2923 * 9'h040 UNUSED 2924 * 9'h080 Data Read Error 2925 * 9'h100 UNUSED 2926 */ 2927 2928/* 2929 * Result Data Word for Message Ring Descriptor 2930 */ 2931 2932/* #define PUBKEY_RSLT_CTL_CTL */ 2933#define PUBKEY_RSLT_CTL_CTL_LSB 61 2934#define PUBKEY_RSLT_CTL_CTL_BITS THREE_BITS 2935#define PUBKEY_RSLT_CTL_CTL_MASK \ 2936 (PUBKEY_RSLT_CTL_CTL_BITS << PUBKEY_RSLT_CTL_CTL_LSB) 2937 2938/* #define PUBKEY_RSLT_CTL_DST_ID */ 2939#define PUBKEY_RSLT_CTL_DST_ID_LSB 54 2940#define PUBKEY_RSLT_CTL_DST_ID_BITS SEVEN_BITS 2941#define PUBKEY_RSLT_CTL_DST_ID_MASK \ 2942 (PUBKEY_RSLT_CTL_DST_ID_BITS << PUBKEY_RSLT_CTL_DST_ID_LSB) 2943 2944/* #define PUBKEY_RSLT_CTL_DESC_CTL */ 2945#define PUBKEY_RSLT_CTL_DESC_CTL_LSB 49 2946#define PUBKEY_RSLT_CTL_DESC_CTL_BITS THREE_BITS 2947#define PUBKEY_RSLT_CTL_DESC_CTL_MASK \ 2948 (PUBKEY_RSLT_CTL_DESC_CTL_BITS << PUBKEY_RSLT_CTL_DESC_CTL_LSB) 2949 2950 2951/* #define PUBKEY_RSLT_CTL_ERROR */ 2952#define PUBKEY_RSLT_CTL_ERROR_LSB 40 2953#define PUBKEY_RSLT_CTL_ERROR_BITS NINE_BITS 2954#define PUBKEY_RSLT_CTL_ERROR_MASK \ 2955 (PUBKEY_RSLT_CTL_ERROR_BITS << PUBKEY_RSLT_CTL_ERROR_LSB) 2956 2957/* #define PUBKEY_RSLT_CTL_SRCADDR */ 2958#define PUBKEY_RSLT_CTL_SRCADDR_LSB 0 2959#define PUBKEY_RSLT_CTL_SRCADDR_BITS FOURTY_BITS 2960#define PUBKEY_RSLT_CTL_SRCADDR_MASK \ 2961 (PUBKEY_RSLT_CTL_SRCADDR_BITS << PUBKEY_RSLT_CTL_SRCADDR_LSB) 2962 2963 2964/* #define PUBKEY_RSLT_DATA_CTL */ 2965#define PUBKEY_RSLT_DATA_CTL_LSB 61 2966#define PUBKEY_RSLT_DATA_CTL_BITS THREE_BITS 2967#define PUBKEY_RSLT_DATA_CTL_MASK \ 2968 (PUBKEY_RSLT_DATA_CTL_BITS << PUBKEY_RSLT_DATA_CTL_LSB) 2969 2970/* #define PUBKEY_RSLT_DATA_DST_ID */ 2971#define PUBKEY_RSLT_DATA_DST_ID_LSB 54 2972#define PUBKEY_RSLT_DATA_DST_ID_BITS SEVEN_BITS 2973#define PUBKEY_RSLT_DATA_DST_ID_MASK \ 2974 (PUBKEY_RSLT_DATA_DST_ID_BITS << PUBKEY_RSLT_DATA_DST_ID_LSB) 2975 2976/* #define PUBKEY_RSLT_DATA_DESC_CTL */ 2977#define PUBKEY_RSLT_DATA_DESC_CTL_LSB 49 2978#define PUBKEY_RSLT_DATA_DESC_CTL_BITS THREE_BITS 2979#define PUBKEY_RSLT_DATA_DESC_CTL_MASK \ 2980 (PUBKEY_RSLT_DATA_DESC_CTL_BITS << PUBKEY_RSLT_DATA_DESC_CTL_LSB) 2981 2982/* #define PUBKEY_RSLT_DATA_ERROR */ 2983#define PUBKEY_RSLT_DATA_ERROR_LSB 40 2984#define PUBKEY_RSLT_DATA_ERROR_BITS NINE_BITS 2985#define PUBKEY_RSLT_DATA_ERROR_MASK \ 2986 (PUBKEY_RSLT_DATA_ERROR_BITS << PUBKEY_RSLT_DATA_ERROR_LSB) 2987 2988/* #define PUBKEY_RSLT_DATA_DSTADDR */ 2989#define PUBKEY_RSLT_DATA_DSTADDR_LSB 40 2990#define PUBKEY_RSLT_DATA_DSTADDR_BITS FOURTY_BITS 2991#define PUBKEY_RSLT_DATA_DSTADDR_MASK \ 2992 (PUBKEY_RSLT_DATA_DSTADDR_BITS << PUBKEY_RSLT_DATA_DSTADDR_LSB) 2993 2994/* 2995 * ****************************************************************** 2996 * RSA Block - Data Error Code and Conditions 2997 * ****************************************************************** 2998 */ 2999 3000#define PK_CTL_ERR_NONE 0x0000 /* No Error */ 3001#define PK_CTL_ERR_OP_CLASS 0x0001 /* Undefined Op Class */ 3002#define PK_CTL_ERR_ECC_TYPE 0x0002 /* Undefined ECC TYPE (ECC only) */ 3003#define PK_CTL_ERR_ECC_FUNCT 0x0004 /* Undefined ECC FUNCTION (ECC only) */ 3004#define PK_CTL_ERR_ECC_TIMEOUT 0x0008 /* ECC timeout (ECC only) */ 3005#define PK_CTL_ERR_READ 0x0080 /* Data Read Error */ 3006#define PK_CTL_ERR_DESC 0x0100 /* Descriptor Ctrl Field Error 3007 * (D0.Ctrl != SOP || D1.Ctrl != EOP) */ 3008#define PK_CTL_ERR_TIMEOUT 0x1000 /* Message Responce Timeout */ 3009 3010#define PK_DATA_ERR_NONE 0x0000 /* No Error */ 3011#define PK_DATA_ERR_EXP_WIDTH 0x0001 /* Exponent Width > Block Width */ 3012#define PK_DATA_ERR_MOD_WIDTH 0x0002 /* Modulus Width > Block Width */ 3013#define PK_DATA_ERR_READ 0x0080 /* Data Read Error */ 3014 3015 3016/* 3017 * This defines the RSA data format 3018 */ 3019/* 3020 * typedef struct RSAData_s { 3021 * uint64_t Constant; 3022 * uint64_t Exponent; 3023 * uint64_t Modulus; 3024 * uint64_t Message; 3025 *} RSAData_t, *RSAData_pt; 3026 * 3027 * typedef RSAData_t DHData_t; 3028 * typedef RSAData_pt DHData_pt; 3029 */ 3030 3031typedef struct UserPubData_s { 3032 uint8_t *source; 3033 uint8_t *user_result; 3034 uint32_t result_length; 3035} UserPubData_t, *UserPubData_pt; 3036 3037typedef struct pubkey_desc { 3038 OperationDescriptor_t op_ctl; /* size is cacheline */ 3039 uint8_t source[1024]; 3040 uint8_t dest[256]; /* 1024 makes cacheline-aligned */ 3041 uint64_t control0; 3042 uint64_t control1; 3043 uint64_t ctl_result; 3044 uint64_t data_result; 3045 struct pubkey_desc *alloc; 3046 UserPubData_t kern; /* ptrs for temp buffers */ 3047 //volatile atomic_t flag_complete; 3048 //struct semaphore sem_complete; 3049 //wait_queue_t submit_wait; 3050} pubkey_desc_t, *pubkey_desc_pt; 3051 3052/* 3053 * KASUMI F8 and F9 use the IV0/IV1 fields : 3054 * 3055 * 63 41 40 39 37 36 32 31 0 3056 * ---------------------------------------------------------------------------- 3057 * | |FX/DIRECTION| | F8/BEARER | F8/COUNT | IV0 3058 * ---------------------------------------------------------------------------- 3059 * 1 5 32 3060 * 3061 * 63 32 31 0 3062 * ---------------------------------------------------------------------------- 3063 * | F9/FRESH | F9/COUNT | IV1 3064 * ---------------------------------------------------------------------------- 3065 * 32 32 3066 */ 3067#endif /* _XLR_SEC_DESC_H_ */ 3068