1/*- 2 * Copyright (c) 2003-2009 RMI Corporation 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of RMI Corporation, nor the names of its contributors, 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 * RMI_BSD */ 31#ifndef _DESC_H_ 32#define _DESC_H_ 33 34 35#define ONE_BIT 0x0000000000000001ULL 36#define TWO_BITS 0x0000000000000003ULL 37#define THREE_BITS 0x0000000000000007ULL 38#define FOUR_BITS 0x000000000000000fULL 39#define FIVE_BITS 0x000000000000001fULL 40#define SIX_BITS 0x000000000000003fULL 41#define SEVEN_BITS 0x000000000000007fULL 42#define EIGHT_BITS 0x00000000000000ffULL 43#define NINE_BITS 0x00000000000001ffULL 44#define ELEVEN_BITS 0x00000000000007ffULL 45#define TWELVE_BITS 0x0000000000000fffULL 46#define FOURTEEN_BITS 0x0000000000003fffULL 47#define TWENTYFOUR_BITS 0x0000000000ffffffULL 48#define THIRTY_TWO_BITS 0x00000000ffffffffULL 49#define THIRTY_FIVE_BITS 0x00000007ffffffffULL 50#define FOURTY_BITS 0x000000ffffffffffULL 51 52#define MSG_IN_CTL_LEN_BASE 40 53#define MSG_IN_CTL_ADDR_BASE 0 54 55#define GET_FIELD(word,field) \ 56 ((word) & (field ## _MASK)) >> (field ## _LSB) 57 58#define FIELD_VALUE(field,value) (((value) & (field ## _BITS)) << (field ## _LSB)) 59 60/* 61 * NOTE: this macro expects 'word' to be uninitialized (i.e. zeroed) 62 */ 63#define SET_FIELD(word,field,value) \ 64 { (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); } 65 66/* 67 * This macro clears 'word', then sets the value 68 */ 69#define CLEAR_SET_FIELD(word,field,value) \ 70 { (word) &= ~((field ## _BITS) << (field ## _LSB)); \ 71 (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); } 72 73/* 74 * NOTE: May be used to build value specific mask 75 * (e.g. GEN_MASK(CTL_DSC_CPHR_3DES,CTL_DSC_CPHR_LSB) 76 */ 77#define GEN_MASK(bits,lsb) ((bits) << (lsb)) 78 79 80 81 82/* 83 * Security block data and control exchange 84 * 85 * A 2-word message ring descriptor is used to pass a pointer to the control descriptor data structure 86 * and a pointer to the packet descriptor data structure: 87 * 88 * 63 61 60 54 53 52 49 48 45 44 40 89 * 39 5 4 0 90 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 91 * | Ctrl | Resp Dest Id Entry0 | IF_L2ALLOC | UNUSED | Control Length | UNUSED 92 * | 35 MSB of address of control descriptor data structure | Software Scratch0 93 * | 94 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 95 * 3 7 1 4 4 5 96 * 35 5 97 * 98 * 63 61 60 54 53 52 51 50 46 45 44 40 39 5 4 0 99 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 100 * | Ctrl | UNUSED | WRB_COH | WRB_L2ALLOC | DF_PTR_L2ALLOC | UNUSED | Data Length | UNUSED | 35 MSB of address of packet descriptor data structure | UNUSED | 101 * --------------------------------------------------------------------------------------------------------------------------------------------------------- 102 * 3 7 1 1 1 5 1 5 35 5 103 * 104 * Addresses assumed to be cache-line aligned, i.e., Address[4:0] ignored (using 5'h00 instead) 105 * 106 * Control length is the number of control cachelines to be read so user needs 107 * to round up 108 * the control length to closest integer multiple of 32 bytes. Note that at 109 * present (08/12/04) 110 * the longest (sensical) ctrl structure is <= 416 bytes, i.e., 13 cachelines. 111 * 112 * The packet descriptor data structure size is fixed at 1 cacheline (32 bytes). 113 * This effectively makes "Data Length" a Load/NoLoad bit. NoLoad causes an abort. 114 * 115 * 116 * Upon completion of operation, the security block returns a 2-word free descriptor 117 * in the following format: 118 * 119 * 63 61 60 54 53 52 51 49 48 47 40 39 0 120 * ---------------------------------------------------------------------------------------------------------------------------- 121 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Instruction Error | Address of control descriptor data structure | 122 * ---------------------------------------------------------------------------------------------------------------------------- 123 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Data Error | Address of packet descriptor data structure | 124 * ---------------------------------------------------------------------------------------------------------------------------- 125 * 126 * The Instruction and Data Error codes are enumerated in the 127 * ControlDescriptor and PacketDescriptor sections below 128 * 129 */ 130 131 132/* 133 * Operating assumptions 134 * ===================== 135 * 136 * 137 * -> For all IpSec ops, I assume that all the IP/IPSec/TCP headers 138 * and the data are present at the specified source addresses. 139 * I also assume that all necessary header data already exists 140 * at the destination. Additionally, in AH I assume that all 141 * mutable fields (IP.{TOS, Flags, Offset, TTL, Header_Checksum}) 142 * and the AH.Authentication_Data have been zeroed by the client. 143 * 144 * 145 * -> In principle, the HW can calculate TCP checksums on both 146 * incoming and outgoing data; however, since the TCP header 147 * contains the TCP checksum of the plain payload and the header 148 * is encrypted, two passes would be necessary to do checksum + encryption 149 * for outgoing messages; 150 * therefore the checksum engine will likely only be used during decryption 151 * (incoming). 152 * 153 * 154 * -> For all operations involving TCP checksum, I assume the client has filled 155 * the TCP checksum field with the appropriate value: 156 * 157 * - 0 for generation phase 158 * - actual value for verification phase (expecting 0 result) 159 * 160 * 161 * -> For ESP tunnel, the original IP header exists between the end of the 162 * ESP header and the beginning of the TCP header; it is assumed that the 163 * maximum length of this header is 16 k(32bit)words (used in CkSum_Offset). 164 * 165 * 166 * -> The authentication data is merely written to the destination address; 167 * the client is left with the task of comparing to the data in packet 168 * in decrypt. 169 * 170 * -> PacketDescriptor_t.dstLLWMask relevant to AES CTR mode only but it will 171 * affect all AES-related operations. It will not affect DES/3DES/bypass ops. 172 * The mask is applied to data as it emerges from the AES engine for the sole 173 * purpose of providing the authenticator and cksum engines with correct data. 174 * CAVEAT: the HW does not mask the incoming data. It is the user's responsibility 175 * to set to 0 the corresponding data in memory. If the surplus data is not masked 176 * in memory, cksum/auth results will be incorrect if those engines receive data 177 * straight from memory (i.e., not from cipher, as it happens while decoding) 178 */ 179 180/* 181 * Fragmentation and offset related notes 182 * ====================================== 183 * 184 * 185 * A) Rebuilding packets from fragments on dword boundaries. The discussion 186 * below is exemplified by tests memcpy_all_off_frags and memcpy_same_off_frags 187 * 188 * 1) The Offset before data/iv on first fragment is ALWAYS written back 189 * Non-zero dst dword or global offsets may cause more data to be 190 * written than the user-specified length. 191 * 192 * 193 * Example: 194 * -------- 195 * 196 * Below is a source (first fragment) packet (@ ADD0 cache-aligned address). 197 * Assume we just copy it and relevant data starts on 198 * dword 3 so Cipher_Offset = IV_Offset = 3 (dwords). 199 * D0X denotes relevant data and G denotes dont care data. 200 * Offset data is also copied so Packet_Legth = 9 (dwords) * 8 = 72 (bytes) 201 * Segment_src_address = ADD0 202 * 203 * If we want to, e.g., copy so that the relevant (i.e., D0X) data 204 * starts at (cache-aligned address) ADD1, we need to specify 205 * Dst_dword_offset = 1 so D00 is moved from dword position 3 to 0 on next cache-line 206 * Cipher_dst_address = ADD1 - 0x20 so D00 is written to ADD1 207 * 208 * Note that the security engine always writes full cachelines 209 * therefore, data written to dword0 0 of ADD1 (denoted w/ ?) is what the sec pipe 210 * write back buffer contained from previous op. 211 * 212 * 213 * SOURCE: DESTINATION: 214 * ------- ------------ 215 * 216 * Segment_src_address = ADD0 Cipher_dst_address = ADD1 - 0x20 217 * Packet_Legth = 72 Dst_dword_offset = 1 218 * Cipher_Offset = 3 219 * IV_Offset = 3 220 * Use_IV = ANY 221 * 222 * 223 * 224 * 3 2 1 0 3 2 1 0 225 * ----------------------- ----------------------- 226 * | D00 | G | G | G | <- ADD0 | G | G | G | ? | <- ADD1 - 0x20 227 * ----------------------- ----------------------- 228 * | D04 | D03 | D02 | D01 | | D03 | D02 | D01 | D00 | <- ADD1 229 * ----------------------- ----------------------- 230 * | | | | D05 | | | | D05 | D04 | 231 * ----------------------- ----------------------- 232 * 233 * 2) On fragments following the first, IV_Offset is overloaded to mean data offset 234 * (number of dwords to skip from beginning of cacheline before starting processing) 235 * and Use_IV is overloaded to mean do writeback the offset (in the clear). 236 * These fields in combination with Dst_dword_offset allow packet fragments with 237 * arbitrary boundaries/lengthd to be reasembled. 238 * 239 * 240 * Example: 241 * -------- 242 * 243 * Assume data above was first fragment of a packet we'd like to merge to 244 * (second) fragment below located at ADD2. The written data should follow 245 * the previous data without gaps or overwrites. To achieve this, one should 246 * assert the "Next" field on the previous fragment and use self-explanatory 247 * set of parameters below 248 * 249 * 250 * SOURCE: DESTINATION: 251 * ------- ------------ 252 * 253 * Segment_src_address = ADD2 Cipher_dst_address = ADD1 + 0x20 254 * Packet_Legth = 104 Dst_dword_offset = 1 255 * IV_Offset = 1 256 * Use_IV = 0 257 * 258 * 259 * 260 * 3 2 1 0 3 2 1 0 261 * ----------------------- ----------------------- 262 * | D12 | D11 | D10 | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20 263 * ----------------------- ----------------------- 264 * | D16 | D15 | D14 | D13 | | D03 | D02 | D01 | D00 | <- ADD1 265 * ----------------------- ----------------------- 266 * | D1a | D19 | D18 | D17 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20 267 * ----------------------- ----------------------- 268 * | | | | D1b | | D15 | D14 | D13 | D12 | 269 * ----------------------- ----------------------- 270 * | D19 | D18 | D17 | D16 | 271 * ----------------------- 272 * | | | D1b | D1a | 273 * ----------------------- 274 * 275 * It is note-worthy that the merging can only be achieved if Use_IV is 0. Indeed, the security 276 * engine always writes full lines, therefore ADD1 + 0x20 will be re-written. Setting Use_IV to 0 277 * will allow the sec pipe write back buffer to preserve D04, D05 from previous frag and only 278 * receive D10, D11 thereby preserving the integrity of the previous data. 279 * 280 * 3) On fragments following the first, !UseIV in combination w/ Dst_dword_offset >= (4 - IV_Offset) 281 * will cause a wraparound of the write thus achieving all 16 possible (Initial_Location, Final_Location) 282 * combinations for the data. 283 * 284 * 285 * Example: 286 * -------- 287 * 288 * Contiguously merging 2 data sets above with a third located at ADD3. If this is the last fragment, 289 * reset its Next bit. 290 * 291 * 292 * SOURCE: DESTINATION: 293 * ------- ------------ 294 * 295 * Segment_src_address = ADD3 Cipher_dst_address = ADD1 + 0x80 296 * Packet_Legth = 152 Dst_dword_offset = 3 297 * IV_Offset = 3 298 * Use_IV = 0 299 * 300 * 301 * 302 * 3 2 1 0 3 2 1 0 303 * ----------------------- ----------------------- 304 * | D20 | G | G | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20 305 * ----------------------- ----------------------- 306 * | D24 | D23 | D22 | D21 | | D03 | D02 | D01 | D00 | <- ADD1 307 * ----------------------- ----------------------- 308 * | D28 | D27 | D26 | D25 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20 309 * ----------------------- ----------------------- 310 * | D2c | D2b | D2a | D29 | | D15 | D14 | D13 | D12 | 311 * ----------------------- ----------------------- 312 * | | D2f | D2e | D2d | | D19 | D18 | D17 | D16 | 313 * ----------------------- ----------------------- 314 * | D21 | D20 | D1b | D1a | <- ADD1 + 0x80 315 * ----------------------- 316 * | D25 | D24 | D23 | D22 | 317 * ----------------------- 318 * | D29 | D28 | D27 | D26 | 319 * ----------------------- 320 * | D2d | D2c | D2b | D2a | 321 * ----------------------- 322 * |(D2d)|(D2c)| D2f | D2e | 323 * ----------------------- 324 * 325 * It is worth noticing that always writing full-lines causes the last 2 dwords in the reconstituted 326 * packet to be unnecessarily written: (D2d) and (D2c) 327 * 328 * 329 * 330 * B) Implications of fragmentation on AES 331 * 332 * 1) AES is a 128 bit block cipher; therefore it requires an even dword total data length 333 * Data fragments (provided there are more than 1) are allowed to have odd dword 334 * data lengths provided the total length (cumulated over fragments) is an even dword 335 * count; an error will be generated otherwise, upon receiving the last fragment descriptor 336 * (see error conditions below). 337 * 338 * 2) While using fragments with AES, a fragment (other than first) starting with a != 0 (IV) offset 339 * while the subsequent total dword count given to AES is odd may not be required to write 340 * its offset (UseIV). Doing so will cause an error (see error conditions below). 341 * 342 * 343 * Example: 344 * -------- 345 * 346 * Suppose the first fragment has an odd DATA dword count and USES AES (as seen below) 347 * 348 * SOURCE: DESTINATION: 349 * ------- ------------ 350 * 351 * Segment_src_address = ADD0 Cipher_dst_address = ADD1 352 * Packet_Legth = 64 Dst_dword_offset = 1 353 * Cipher_Offset = 3 354 * IV_Offset = 1 355 * Use_IV = 1 356 * Cipher = Any AES 357 * Next = 1 358 * 359 * 360 * 361 * 362 * 3 2 1 0 3 2 1 0 363 * ----------------------- ----------------------- 364 * | D00 | IV1 | IV0 | G | <- ADD0 | E00 | IV1 | IV0 | G | <- ADD1 365 * ----------------------- ----------------------- 366 * | D04 | D03 | D02 | D01 | | X | E03 | E02 | E01 | 367 * ----------------------- ----------------------- 368 * 369 * At the end of processing of the previous fragment, the AES engine input buffer has D04 370 * and waits for next dword, therefore the writeback buffer cannot finish writing the fragment 371 * to destination (X instead of E04). 372 * 373 * If a second fragment now arrives with a non-0 offset and requires the offset data to be 374 * written to destination, the previous write (still needing the arrival of the last dword 375 * required by the AES to complete the previous operation) cannot complete before the present 376 * should start causing a deadlock. 377 */ 378 379/* 380 * Command Control Word for Message Ring Descriptor 381 */ 382 383/* #define MSG_CMD_CTL_CTL */ 384#define MSG_CMD_CTL_CTL_LSB 61 385#define MSG_CMD_CTL_CTL_BITS THREE_BITS 386#define MSG_CMD_CTL_CTL_MASK (MSG_CMD_CTL_CTL_BITS << MSG_CMD_CTL_CTL_LSB) 387 388/* #define MSG_CMD_CTL_ID */ 389#define MSG_CMD_CTL_ID_LSB 54 390#define MSG_CMD_CTL_ID_BITS SEVEN_BITS 391#define MSG_CMD_CTL_ID_MASK (MSG_CMD_CTL_ID_BITS << MSG_CMD_CTL_ID_LSB) 392 393/* #define MSG_CMD_CTL_LEN */ 394#define MSG_CMD_CTL_LEN_LSB 45 395#define MSG_CMD_CTL_LEN_BITS FOUR_BITS 396#define MSG_CMD_CTL_LEN_MASK (MSG_CMD_CTL_LEN_BITS << MSG_CMD_CTL_LEN_LSB) 397 398 399/* #define MSG_CMD_CTL_ADDR */ 400#define MSG_CMD_CTL_ADDR_LSB 0 401#define MSG_CMD_CTL_ADDR_BITS FOURTY_BITS 402#define MSG_CMD_CTL_ADDR_MASK (MSG_CMD_CTL_ADDR_BITS << MSG_CMD_CTL_ADDR_LSB) 403 404#define MSG_CMD_CTL_MASK (MSG_CMD_CTL_CTL_MASK | \ 405 MSG_CMD_CTL_LEN_MASK | MSG_CMD_CTL_ADDR_MASK) 406 407/* 408 * Command Data Word for Message Ring Descriptor 409 */ 410 411/* #define MSG_IN_DATA_CTL */ 412#define MSG_CMD_DATA_CTL_LSB 61 413#define MSG_CMD_DATA_CTL_BITS THREE_BITS 414#define MSG_CMD_DATA_CTL_MASK (MSG_CMD_DATA_CTL_BITS << MSG_CMD_DATA_CTL_LSB) 415 416/* #define MSG_CMD_DATA_LEN */ 417#define MSG_CMD_DATA_LEN_LOAD 1 418#define MSG_CMD_DATA_LEN_LSB 45 419#define MSG_CMD_DATA_LEN_BITS ONE_BIT 420#define MSG_CMD_DATA_LEN_MASK (MSG_CMD_DATA_LEN_BITS << MSG_CMD_DATA_LEN_LSB) 421 422/* #define MSG_CMD_DATA_ADDR */ 423#define MSG_CMD_DATA_ADDR_LSB 0 424#define MSG_CMD_DATA_ADDR_BITS FOURTY_BITS 425#define MSG_CMD_DATA_ADDR_MASK (MSG_CMD_DATA_ADDR_BITS << MSG_CMD_DATA_ADDR_LSB) 426 427#define MSG_CMD_DATA_MASK (MSG_CMD_DATA_CTL_MASK | \ 428 MSG_CMD_DATA_LEN_MASK | MSG_CMD_DATA_ADDR_MASK) 429 430 431/* 432 * Upon completion of operation, the Sec block returns a 2-word free descriptor 433 * in the following format: 434 * 435 * 63 61 60 54 53 52 51 49 48 40 39 0 436 * ---------------------------------------------------------------------------- 437 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address | 438 * ---------------------------------------------------------------------------- 439 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address | 440 * ---------------------------------------------------------------------------- 441 * 442 * The Control and Data Error codes are enumerated below 443 * 444 * Error conditions 445 * ================ 446 * 447 * Control Error Code Control Error Condition 448 * ------------------ --------------------------- 449 * 9'h000 No Error 450 * 9'h001 Unknown Cipher Op ( Cipher == 3'h{6,7}) 451 * 9'h002 Unknown or Illegal Mode ((Mode == 3'h{2,3,4} & !AES) | (Mode == 3'h{5,6,7})) 452 * 9'h004 Unsupported CkSum Src (CkSum_Src == 2'h{2,3} & CKSUM) 453 * 9'h008 Forbidden CFB Mask (AES & CFBMode & UseNewKeysCFBMask & CFBMask[7] & (| CFBMask[6:0])) 454 * 9'h010 Unknown Ctrl Op ((| Ctrl[63:37]) | (| Ctrl[15:14])) 455 * 9'h020 UNUSED 456 * 9'h040 UNUSED 457 * 9'h080 Data Read Error 458 * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP) 459 * 460 * Data Error Code Data Error Condition 461 * --------------- -------------------- 462 * 9'h000 No Error 463 * 9'h001 Insufficient Data To Cipher (Packet_Length <= (Cipher_Offset or IV_Offset)) 464 * 9'h002 Illegal IV Location ((Cipher_Offset < IV_Offset) | (Cipher_Offset <= IV_Offset & AES & ~CTR)) 465 * 9'h004 Illegal Wordcount To AES (Packet_Length[3] != Cipher_Offset[0] & AES) 466 * 9'h008 Illegal Pad And ByteCount Spec (Hash_Byte_Count != 0 & !Pad_Hash) 467 * 9'h010 Insufficient Data To CkSum ({Packet_Length, 1'b0} <= CkSum_Offset) 468 * 9'h020 Unknown Data Op ((| dstLLWMask[63:60]) | (| dstLLWMask[57:40]) | (| authDst[63:40]) | (| ckSumDst[63:40])) 469 * 9'h040 Insufficient Data To Auth ({Packet_Length} <= Auth_Offset) 470 * 9'h080 Data Read Error 471 * 9'h100 UNUSED 472 */ 473 474/* 475 * Result Control Word for Message Ring Descriptor 476 */ 477 478/* #define MSG_RSLT_CTL_CTL */ 479#define MSG_RSLT_CTL_CTL_LSB 61 480#define MSG_RSLT_CTL_CTL_BITS THREE_BITS 481#define MSG_RSLT_CTL_CTL_MASK \ 482 (MSG_RSLT_CTL_CTL_BITS << MSG_RSLT_CTL_CTL_LSB) 483 484/* #define MSG_RSLT_CTL_DST_ID */ 485#define MSG_RSLT_CTL_DST_ID_LSB 54 486#define MSG_RSLT_CTL_DST_ID_BITS SEVEN_BITS 487#define MSG_RSLT_CTL_DST_ID_MASK \ 488 (MSG_RSLT_CTL_DST_ID_BITS << MSG_RSLT_CTL_DST_ID_LSB) 489 490/* #define MSG_RSLT_CTL_DSC_CTL */ 491#define MSG_RSLT_CTL_DSC_CTL_LSB 49 492#define MSG_RSLT_CTL_DSC_CTL_BITS THREE_BITS 493#define MSG_RSLT_CTL_DSC_CTL_MASK \ 494 (MSG_RSLT_CTL_DSC_CTL_BITS << MSG_RSLT_CTL_DSC_CTL_LSB) 495 496/* #define MSG_RSLT_CTL_INST_ERR */ 497#define MSG_RSLT_CTL_INST_ERR_LSB 40 498#define MSG_RSLT_CTL_INST_ERR_BITS NINE_BITS 499#define MSG_RSLT_CTL_INST_ERR_MASK \ 500 (MSG_RSLT_CTL_INST_ERR_BITS << MSG_RSLT_CTL_INST_ERR_LSB) 501 502/* #define MSG_RSLT_CTL_DSC_ADDR */ 503#define MSG_RSLT_CTL_DSC_ADDR_LSB 0 504#define MSG_RSLT_CTL_DSC_ADDR_BITS FOURTY_BITS 505#define MSG_RSLT_CTL_DSC_ADDR_MASK \ 506 (MSG_RSLT_CTL_DSC_ADDR_BITS << MSG_RSLT_CTL_DSC_ADDR_LSB) 507 508/* #define MSG_RSLT_CTL_MASK */ 509#define MSG_RSLT_CTL_MASK \ 510 (MSG_RSLT_CTL_CTRL_MASK | MSG_RSLT_CTL_DST_ID_MASK | \ 511 MSG_RSLT_CTL_DSC_CTL_MASK | MSG_RSLT_CTL_INST_ERR_MASK | \ 512 MSG_RSLT_CTL_DSC_ADDR_MASK) 513 514/* 515 * Result Data Word for Message Ring Descriptor 516 */ 517/* #define MSG_RSLT_DATA_CTL */ 518#define MSG_RSLT_DATA_CTL_LSB 61 519#define MSG_RSLT_DATA_CTL_BITS THREE_BITS 520#define MSG_RSLT_DATA_CTL_MASK \ 521 (MSG_RSLT_DATA_CTL_BITS << MSG_RSLT_DATA_CTL_LSB) 522 523/* #define MSG_RSLT_DATA_DST_ID */ 524#define MSG_RSLT_DATA_DST_ID_LSB 54 525#define MSG_RSLT_DATA_DST_ID_BITS SEVEN_BITS 526#define MSG_RSLT_DATA_DST_ID_MASK \ 527 (MSG_RSLT_DATA_DST_ID_BITS << MSG_RSLT_DATA_DST_ID_LSB) 528 529/* #define MSG_RSLT_DATA_DSC_CTL */ 530#define MSG_RSLT_DATA_DSC_CTL_LSB 49 531#define MSG_RSLT_DATA_DSC_CTL_BITS THREE_BITS 532#define MSG_RSLT_DATA_DSC_CTL_MASK \ 533 (MSG_RSLT_DATA_DSC_CTL_BITS << MSG_RSLT_DATA_DSC_CTL_LSB) 534 535/* #define MSG_RSLT_DATA_INST_ERR */ 536#define MSG_RSLT_DATA_INST_ERR_LSB 40 537#define MSG_RSLT_DATA_INST_ERR_BITS NINE_BITS 538#define MSG_RSLT_DATA_INST_ERR_MASK \ 539 (MSG_RSLT_DATA_INST_ERR_BITS << MSG_RSLT_DATA_INST_ERR_LSB) 540 541/* #define MSG_RSLT_DATA_DSC_ADDR */ 542#define MSG_RSLT_DATA_DSC_ADDR_LSB 0 543#define MSG_RSLT_DATA_DSC_ADDR_BITS FOURTY_BITS 544#define MSG_RSLT_DATA_DSC_ADDR_MASK \ 545 (MSG_RSLT_DATA_DSC_ADDR_BITS << MSG_RSLT_DATA_DSC_ADDR_LSB) 546 547#define MSG_RSLT_DATA_MASK \ 548 (MSG_RSLT_DATA_CTRL_MASK | MSG_RSLT_DATA_DST_ID_MASK | \ 549 MSG_RSLT_DATA_DSC_CTL_MASK | MSG_RSLT_DATA_INST_ERR_MASK | \ 550 MSG_RSLT_DATA_DSC_ADDR_MASK) 551 552 553/* 554 * Common Message Definitions 555 * 556 */ 557 558/* #define MSG_CTL_OP_ADDR */ 559#define MSG_CTL_OP_ADDR_LSB 0 560#define MSG_CTL_OP_ADDR_BITS FOURTY_BITS 561#define MSG_CTL_OP_ADDR_MASK (MSG_CTL_OP_ADDR_BITS << MSG_CTL_OP_ADDR_LSB) 562 563#define MSG_CTL_OP_TYPE 564#define MSG_CTL_OP_TYPE_LSB 3 565#define MSG_CTL_OP_TYPE_BITS TWO_BITS 566#define MSG_CTL_OP_TYPE_MASK \ 567 (MSG_CTL_OP_TYPE_BITS << MSG_CTL_OP_TYPE_LSB) 568 569#define MSG0_CTL_OP_ENGINE_SYMKEY 0x01 570#define MSG0_CTL_OP_ENGINE_PUBKEY 0x02 571 572#define MSG1_CTL_OP_SYMKEY_PIPE0 0x00 573#define MSG1_CTL_OP_SYMKEY_PIPE1 0x01 574#define MSG1_CTL_OP_SYMKEY_PIPE2 0x02 575#define MSG1_CTL_OP_SYMKEY_PIPE3 0x03 576 577#define MSG1_CTL_OP_PUBKEY_PIPE0 0x00 578#define MSG1_CTL_OP_PUBKEY_PIPE1 0x01 579#define MSG1_CTL_OP_PUBKEY_PIPE2 0x02 580#define MSG1_CTL_OP_PUBKEY_PIPE3 0x03 581 582 583/* /----------------------------------------\ 584 * | | 585 * | ControlDescriptor_s datastructure | 586 * | | 587 * \----------------------------------------/ 588 * 589 * 590 * ControlDescriptor_t.Instruction 591 * ------------------------------- 592 * 593 * 63 44 43 42 41 40 39 35 34 32 31 29 28 594 * -------------------------------------------------------------------------------------------------------------------- 595 * || UNUSED || OverrideCipher | Arc4Wait4Save | SaveArc4State | LoadArc4State | Arc4KeyLen | Cipher | Mode | InCp_Key || ... CONT ... 596 * -------------------------------------------------------------------------------------------------------------------- 597 * 20 1 1 1 1 5 3 3 1 598 * <-----------------------------------------------CIPHER---------------------------------------------------> 599 * 600 * 27 25 24 23 22 21 20 19 17 16 15 0 601 * ----------------------------------------------------------------------------- 602 * || UNUSED | Hash_Hi | HMAC | Hash_Lo | InHs_Key || UNUSED || CkSum || UNUSED || 603 * ----------------------------------------------------------------------------- 604 * 3 1 1 2 1 3 1 16 605 * <---------------------HASH---------------------><-----------CKSUM-----------> 606 * 607 * X0 CIPHER.Arc4Wait4Save = If op is Arc4 and it requires state saving, then 608 * setting this bit will cause the current op to 609 * delay subsequent op loading until saved state data 610 * becomes visible. 611 * CIPHER.OverrideCipher = Override encryption if PacketDescriptor_t.dstDataSettings.CipherPrefix 612 * is set; data will be copied out (and optionally auth/cksum) 613 * in the clear. This is used in GCM mode if auth only as we 614 * still need E(K, 0) calculated by cipher. Engine behavior is 615 * undefined if this bit is set and CipherPrefix is not. 616 * X0 SaveArc4State = Save Arc4 state at the end of Arc4 operation 617 * X0 LoadArc4State = Load Arc4 state at the beginning of an Arc4 operation 618 * This overriden by the InCp_Key setting for Arc4 619 * Arc4KeyLen = Length in bytes of Arc4 key (0 is interpreted as 32) 620 * Ignored for other ciphers 621 * For ARC4, IFetch/IDecode will always read exactly 4 622 * consecutive dwords into its CipherKey{0,3} regardless 623 * of this quantity; it will however only use the specified 624 * number of bytes. 625 * Cipher = 3'b000 Bypass 626 * 3'b001 DES 627 * 3'b010 3DES 628 * 3'b011 AES 128-bit key 629 * 3'b100 AES 192-bit key 630 * 3'b101 AES 256-bit key 631 * 3'b110 ARC4 632 * 3'b111 Kasumi f8 633 * Remainder UNDEFINED 634 * Mode = 3'b000 ECB 635 * 3'b001 CBC 636 * 3'b010 CFB (AES only, otherwise undefined) 637 * 3'b011 OFB (AES only, otherwise undefined) 638 * 3'b100 CTR (AES only, otherwise undefined) 639 * 3'b101 F8 (AES only, otherwise undefined) 640 * Remainder UNDEFINED 641 * InCp_Key = 1'b0 Preserve old Cipher Keys 642 * 1'b1 Load new Cipher Keys from memory to local registers 643 * and recalculate the Arc4 Sbox if Arc4 Cipher chosen; 644 * This overrides LoadArc4State setting. 645 * HASH.HMAC = 1'b0 Hash without HMAC 646 * 1'b1 Hash with HMAC 647 * Needs to be set to 0 for GCM and Kasumi F9 authenticators 648 * otherwise unpredictable results will be generated 649 * Hash = 2'b00 Hash NOP 650 * 2'b01 MD5 651 * 2'b10 SHA-1 652 * 2'b11 SHA-256 653 * 3'b100 SHA-384 654 * 3'b101 SHA-512 655 * 3'b110 GCM 656 * 3'b111 Kasumi f9 657 * InHs_Key = 1'b0 Preserve old HMAC Keys 658 * If GCM is selected as authenticator, leaving this bit 659 * at 0 will cause the engine to use the old H value. 660 * It will use the old SCI inside the decoder if 661 * CFBMask[1:0] == 2'b11. 662 * If Kasumi F9 authenticator, using 0 preserves 663 * old keys (IK) in decoder. 664 * 1'b1 Load new HMAC Keys from memory to local registers 665 * Setting this bit while Cipher=Arc4 and LoadArc4State=1 666 * causes the decoder to load the Arc4 state from the 667 * cacheline following the HMAC keys (Whether HASH.HMAC 668 * is set or not). 669 * If GCM is selected as authenticator, setting this bit 670 * causes both H (16 bytes) and SCI (8 bytes) to be loaded 671 * from memory to the decoder. H will be loaded to the engine 672 * but SCI is only loaded to the engine if CFBMask[1:0] == 2'b11. 673 * If Kasumi F9 authenticator, using 1 loads new keys (IK) 674 * from memory to decoder. 675 * CHECKSUM.CkSum = 1'b0 CkSum NOP 676 * 1'b1 INTERNET_CHECKSUM 677 * 678 * 679 * 680 */ 681 682 /* #define CTRL_DSC_OVERRIDECIPHER */ 683#define CTL_DSC_OVERRIDECIPHER_OFF 0 684#define CTL_DSC_OVERRIDECIPHER_ON 1 685#define CTL_DSC_OVERRIDECIPHER_LSB 43 686#define CTL_DSC_OVERRIDECIPHER_BITS ONE_BIT 687#define CTL_DSC_OVERRIDECIPHER_MASK (CTL_DSC_OVERRIDECIPHER_BITS << CTL_DSC_OVERRIDECIPHER_LSB) 688 689/* #define CTRL_DSC_ARC4_WAIT4SAVE */ 690#define CTL_DSC_ARC4_WAIT4SAVE_OFF 0 691#define CTL_DSC_ARC4_WAIT4SAVE_ON 1 692#define CTL_DSC_ARC4_WAIT4SAVE_LSB 42 693#define CTL_DSC_ARC4_WAIT4SAVE_BITS ONE_BIT 694#define CTL_DSC_ARC4_WAIT4SAVE_MASK (CTL_DSC_ARC4_WAIT4SAVE_BITS << CTL_DSC_ARC4_WAIT4SAVE_LSB) 695 696/* #define CTRL_DSC_ARC4_SAVESTATE */ 697#define CTL_DSC_ARC4_SAVESTATE_OFF 0 698#define CTL_DSC_ARC4_SAVESTATE_ON 1 699#define CTL_DSC_ARC4_SAVESTATE_LSB 41 700#define CTL_DSC_ARC4_SAVESTATE_BITS ONE_BIT 701#define CTL_DSC_ARC4_SAVESTATE_MASK (CTL_DSC_ARC4_SAVESTATE_BITS << CTL_DSC_ARC4_SAVESTATE_LSB) 702 703/* #define CTRL_DSC_ARC4_LOADSTATE */ 704#define CTL_DSC_ARC4_LOADSTATE_OFF 0 705#define CTL_DSC_ARC4_LOADSTATE_ON 1 706#define CTL_DSC_ARC4_LOADSTATE_LSB 40 707#define CTL_DSC_ARC4_LOADSTATE_BITS ONE_BIT 708#define CTL_DSC_ARC4_LOADSTATE_MASK (CTL_DSC_ARC4_LOADSTATE_BITS << CTL_DSC_ARC4_LOADSTATE_LSB) 709 710/* #define CTRL_DSC_ARC4_KEYLEN */ 711#define CTL_DSC_ARC4_KEYLEN_LSB 35 712#define CTL_DSC_ARC4_KEYLEN_BITS FIVE_BITS 713#define CTL_DSC_ARC4_KEYLEN_MASK (CTL_DSC_ARC4_KEYLEN_BITS << CTL_DSC_ARC4_KEYLEN_LSB) 714 715/* #define CTL_DSC_CPHR (cipher) */ 716#define CTL_DSC_CPHR_BYPASS 0 /* undefined */ 717#define CTL_DSC_CPHR_DES 1 718#define CTL_DSC_CPHR_3DES 2 719#define CTL_DSC_CPHR_AES128 3 720#define CTL_DSC_CPHR_AES192 4 721#define CTL_DSC_CPHR_AES256 5 722#define CTL_DSC_CPHR_ARC4 6 723#define CTL_DSC_CPHR_KASUMI_F8 7 724#define CTL_DSC_CPHR_LSB 32 725#define CTL_DSC_CPHR_BITS THREE_BITS 726#define CTL_DSC_CPHR_MASK (CTL_DSC_CPHR_BITS << CTL_DSC_CPHR_LSB) 727 728/* #define CTL_DSC_MODE */ 729#define CTL_DSC_MODE_ECB 0 730#define CTL_DSC_MODE_CBC 1 731#define CTL_DSC_MODE_CFB 2 732#define CTL_DSC_MODE_OFB 3 733#define CTL_DSC_MODE_CTR 4 734#define CTL_DSC_MODE_F8 5 735#define CTL_DSC_MODE_LSB 29 736#define CTL_DSC_MODE_BITS THREE_BITS 737#define CTL_DSC_MODE_MASK (CTL_DSC_MODE_BITS << CTL_DSC_MODE_LSB) 738 739/* #define CTL_DSC_ICPHR */ 740#define CTL_DSC_ICPHR_OKY 0 /* Old Keys */ 741#define CTL_DSC_ICPHR_NKY 1 /* New Keys */ 742#define CTL_DSC_ICPHR_LSB 28 743#define CTL_DSC_ICPHR_BITS ONE_BIT 744#define CTL_DSC_ICPHR_MASK (CTL_DSC_ICPHR_BITS << CTL_DSC_ICPHR_LSB) 745 746/* #define CTL_DSC_HASHHI */ 747#define CTL_DSC_HASHHI_LSB 24 748#define CTL_DSC_HASHHI_BITS ONE_BIT 749#define CTL_DSC_HASHHI_MASK (CTL_DSC_HASHHI_BITS << CTL_DSC_HASHHI_LSB) 750 751/* #define CTL_DSC_HMAC */ 752#define CTL_DSC_HMAC_OFF 0 753#define CTL_DSC_HMAC_ON 1 754#define CTL_DSC_HMAC_LSB 23 755#define CTL_DSC_HMAC_BITS ONE_BIT 756#define CTL_DSC_HMAC_MASK (CTL_DSC_HMAC_BITS << CTL_DSC_HMAC_LSB) 757 758/* #define CTL_DSC_HASH */ 759#define CTL_DSC_HASH_NOP 0 760#define CTL_DSC_HASH_MD5 1 761#define CTL_DSC_HASH_SHA1 2 762#define CTL_DSC_HASH_SHA256 3 763#define CTL_DSC_HASH_SHA384 4 764#define CTL_DSC_HASH_SHA512 5 765#define CTL_DSC_HASH_GCM 6 766#define CTL_DSC_HASH_KASUMI_F9 7 767#define CTL_DSC_HASH_LSB 21 768#define CTL_DSC_HASH_BITS TWO_BITS 769#define CTL_DSC_HASH_MASK (CTL_DSC_HASH_BITS << CTL_DSC_HASH_LSB) 770 771/* #define CTL_DSC_IHASH */ 772#define CTL_DSC_IHASH_OLD 0 773#define CTL_DSC_IHASH_NEW 1 774#define CTL_DSC_IHASH_LSB 20 775#define CTL_DSC_IHASH_BITS ONE_BIT 776#define CTL_DSC_IHASH_MASK (CTL_DSC_IHASH_BITS << CTL_DSC_IHASH_LSB) 777 778/* #define CTL_DSC_CKSUM */ 779#define CTL_DSC_CKSUM_NOP 0 780#define CTL_DSC_CKSUM_IP 1 781#define CTL_DSC_CKSUM_LSB 16 782#define CTL_DSC_CKSUM_BITS ONE_BIT 783#define CTL_DSC_CKSUM_MASK (CTL_DSC_CKSUM_BITS << CTL_DSC_CKSUM_LSB) 784 785 786/* 787 * Component strcts and unions defining CipherHashInfo_u 788 */ 789 790/* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ 791typedef struct AES256HMAC_s { 792 uint64_t cipherKey0; 793 uint64_t cipherKey1; 794 uint64_t cipherKey2; 795 uint64_t cipherKey3; 796 uint64_t hmacKey0; 797 uint64_t hmacKey1; 798 uint64_t hmacKey2; 799 uint64_t hmacKey3; 800 uint64_t hmacKey4; 801 uint64_t hmacKey5; 802 uint64_t hmacKey6; 803 uint64_t hmacKey7; 804} AES256HMAC_t, *AES256HMAC_pt; 805 806/* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 160 bytes */ 807typedef struct AES256HMAC2_s { 808 uint64_t cipherKey0; 809 uint64_t cipherKey1; 810 uint64_t cipherKey2; 811 uint64_t cipherKey3; 812 uint64_t hmacKey0; 813 uint64_t hmacKey1; 814 uint64_t hmacKey2; 815 uint64_t hmacKey3; 816 uint64_t hmacKey4; 817 uint64_t hmacKey5; 818 uint64_t hmacKey6; 819 uint64_t hmacKey7; 820 uint64_t hmacKey8; 821 uint64_t hmacKey9; 822 uint64_t hmacKey10; 823 uint64_t hmacKey11; 824 uint64_t hmacKey12; 825 uint64_t hmacKey13; 826 uint64_t hmacKey14; 827 uint64_t hmacKey15; 828} AES256HMAC2_t, *AES256HMAC2_pt; 829 830/* AES256, (ECB, CBC, OFB, CTR, CFB), GCM - 56 bytes */ 831typedef struct AES256GCM_s { 832 uint64_t cipherKey0; 833 uint64_t cipherKey1; 834 uint64_t cipherKey2; 835 uint64_t cipherKey3; 836 uint64_t GCMH0; 837 uint64_t GCMH1; 838 uint64_t GCMSCI; 839} AES256GCM_t, *AES256GCM_pt; 840 841/* AES256, (ECB, CBC, OFB, CTR, CFB), F9 - 56 bytes */ 842typedef struct AES256F9_s { 843 uint64_t cipherKey0; 844 uint64_t cipherKey1; 845 uint64_t cipherKey2; 846 uint64_t cipherKey3; 847 uint64_t authKey0; 848 uint64_t authKey1; 849} AES256F9_t, *AES256F9_pt; 850 851/* AES256, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ 852typedef struct AES256_s { 853 uint64_t cipherKey0; 854 uint64_t cipherKey1; 855 uint64_t cipherKey2; 856 uint64_t cipherKey3; 857} AES256_t, *AES256_pt; 858 859 860/* All AES192 possibilities */ 861 862/* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-192) - 88 bytes */ 863typedef struct AES192HMAC_s { 864 uint64_t cipherKey0; 865 uint64_t cipherKey1; 866 uint64_t cipherKey2; 867 uint64_t hmacKey0; 868 uint64_t hmacKey1; 869 uint64_t hmacKey2; 870 uint64_t hmacKey3; 871 uint64_t hmacKey4; 872 uint64_t hmacKey5; 873 uint64_t hmacKey6; 874 uint64_t hmacKey7; 875} AES192HMAC_t, *AES192HMAC_pt; 876 877/* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 152 bytes */ 878typedef struct AES192HMAC2_s { 879 uint64_t cipherKey0; 880 uint64_t cipherKey1; 881 uint64_t cipherKey2; 882 uint64_t hmacKey0; 883 uint64_t hmacKey1; 884 uint64_t hmacKey2; 885 uint64_t hmacKey3; 886 uint64_t hmacKey4; 887 uint64_t hmacKey5; 888 uint64_t hmacKey6; 889 uint64_t hmacKey7; 890 uint64_t hmacKey8; 891 uint64_t hmacKey9; 892 uint64_t hmacKey10; 893 uint64_t hmacKey11; 894 uint64_t hmacKey12; 895 uint64_t hmacKey13; 896 uint64_t hmacKey14; 897 uint64_t hmacKey15; 898} AES192HMAC2_t, *AES192HMAC2_pt; 899 900/* AES192, (ECB, CBC, OFB, CTR, CFB), GCM - 48 bytes */ 901typedef struct AES192GCM_s { 902 uint64_t cipherKey0; 903 uint64_t cipherKey1; 904 uint64_t cipherKey2; 905 uint64_t GCMH0; 906 uint64_t GCMH1; 907 uint64_t GCMSCI; 908} AES192GCM_t, *AES192GCM_pt; 909 910/* AES192, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */ 911typedef struct AES192F9_s { 912 uint64_t cipherKey0; 913 uint64_t cipherKey1; 914 uint64_t cipherKey2; 915 uint64_t authKey0; 916 uint64_t authKey1; 917} AES192F9_t, *AES192F9_pt; 918 919/* AES192, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-192) - 24 bytes */ 920typedef struct AES192_s { 921 uint64_t cipherKey0; 922 uint64_t cipherKey1; 923 uint64_t cipherKey2; 924} AES192_t, *AES192_pt; 925 926 927/* All AES128 possibilities */ 928 929/* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-128) - 80 bytes */ 930typedef struct AES128HMAC_s { 931 uint64_t cipherKey0; 932 uint64_t cipherKey1; 933 uint64_t hmacKey0; 934 uint64_t hmacKey1; 935 uint64_t hmacKey2; 936 uint64_t hmacKey3; 937 uint64_t hmacKey4; 938 uint64_t hmacKey5; 939 uint64_t hmacKey6; 940 uint64_t hmacKey7; 941} AES128HMAC_t, *AES128HMAC_pt; 942 943/* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-612) - 144 bytes */ 944typedef struct AES128HMAC2_s { 945 uint64_t cipherKey0; 946 uint64_t cipherKey1; 947 uint64_t hmacKey0; 948 uint64_t hmacKey1; 949 uint64_t hmacKey2; 950 uint64_t hmacKey3; 951 uint64_t hmacKey4; 952 uint64_t hmacKey5; 953 uint64_t hmacKey6; 954 uint64_t hmacKey7; 955 uint64_t hmacKey8; 956 uint64_t hmacKey9; 957 uint64_t hmacKey10; 958 uint64_t hmacKey11; 959 uint64_t hmacKey12; 960 uint64_t hmacKey13; 961 uint64_t hmacKey14; 962 uint64_t hmacKey15; 963} AES128HMAC2_t, *AES128HMAC2_pt; 964 965/* AES128, (ECB, CBC, OFB, CTR, CFB), GCM - 40 bytes */ 966typedef struct AES128GCM_s { 967 uint64_t cipherKey0; 968 uint64_t cipherKey1; 969 uint64_t GCMH0; 970 uint64_t GCMH1; 971 uint64_t GCMSCI; 972} AES128GCM_t, *AES128GCM_pt; 973 974/* AES128, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */ 975typedef struct AES128F9_s { 976 uint64_t cipherKey0; 977 uint64_t cipherKey1; 978 uint64_t authKey0; 979 uint64_t authKey1; 980} AES128F9_t, *AES128F9_pt; 981 982/* AES128, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-128) - 16 bytes */ 983typedef struct AES128_s { 984 uint64_t cipherKey0; 985 uint64_t cipherKey1; 986} AES128_t, *AES128_pt; 987 988/* AES128, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ 989typedef struct AES128F8_s { 990 uint64_t cipherKey0; 991 uint64_t cipherKey1; 992 uint64_t cipherKeyMask0; 993 uint64_t cipherKeyMask1; 994} AES128F8_t, *AES128F8_pt; 995 996/* AES128, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ 997typedef struct AES128F8HMAC_s { 998 uint64_t cipherKey0; 999 uint64_t cipherKey1; 1000 uint64_t cipherKeyMask0; 1001 uint64_t cipherKeyMask1; 1002 uint64_t hmacKey0; 1003 uint64_t hmacKey1; 1004 uint64_t hmacKey2; 1005 uint64_t hmacKey3; 1006 uint64_t hmacKey4; 1007 uint64_t hmacKey5; 1008 uint64_t hmacKey6; 1009 uint64_t hmacKey7; 1010} AES128F8HMAC_t, *AES128F8HMAC_pt; 1011 1012/* AES128, (OFB F8), HMAC (SHA-384, SHA-512) - 160 bytes */ 1013typedef struct AES128F8HMAC2_s { 1014 uint64_t cipherKey0; 1015 uint64_t cipherKey1; 1016 uint64_t cipherKeyMask0; 1017 uint64_t cipherKeyMask1; 1018 uint64_t hmacKey0; 1019 uint64_t hmacKey1; 1020 uint64_t hmacKey2; 1021 uint64_t hmacKey3; 1022 uint64_t hmacKey4; 1023 uint64_t hmacKey5; 1024 uint64_t hmacKey6; 1025 uint64_t hmacKey7; 1026 uint64_t hmacKey8; 1027 uint64_t hmacKey9; 1028 uint64_t hmacKey10; 1029 uint64_t hmacKey11; 1030 uint64_t hmacKey12; 1031 uint64_t hmacKey13; 1032 uint64_t hmacKey14; 1033 uint64_t hmacKey15; 1034} AES128F8HMAC2_t, *AES128F8HMAC2_pt; 1035 1036/* AES192, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 48 bytes */ 1037typedef struct AES192F8_s { 1038 uint64_t cipherKey0; 1039 uint64_t cipherKey1; 1040 uint64_t cipherKey2; 1041 uint64_t cipherKeyMask0; 1042 uint64_t cipherKeyMask1; 1043 uint64_t cipherKeyMask2; 1044} AES192F8_t, *AES192F8_pt; 1045 1046/* AES192, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 112 bytes */ 1047typedef struct AES192F8HMAC_s { 1048 uint64_t cipherKey0; 1049 uint64_t cipherKey1; 1050 uint64_t cipherKey2; 1051 uint64_t cipherKeyMask0; 1052 uint64_t cipherKeyMask1; 1053 uint64_t cipherKeyMask2; 1054 uint64_t hmacKey0; 1055 uint64_t hmacKey1; 1056 uint64_t hmacKey2; 1057 uint64_t hmacKey3; 1058 uint64_t hmacKey4; 1059 uint64_t hmacKey5; 1060 uint64_t hmacKey6; 1061 uint64_t hmacKey7; 1062} AES192F8HMAC_t, *AES192F8HMAC_pt; 1063 1064/* AES192, (OFB F8), HMAC (SHA-384, SHA-512) - 176 bytes */ 1065typedef struct AES192F8HMAC2_s { 1066 uint64_t cipherKey0; 1067 uint64_t cipherKey1; 1068 uint64_t cipherKey2; 1069 uint64_t cipherKeyMask0; 1070 uint64_t cipherKeyMask1; 1071 uint64_t cipherKeyMask2; 1072 uint64_t hmacKey0; 1073 uint64_t hmacKey1; 1074 uint64_t hmacKey2; 1075 uint64_t hmacKey3; 1076 uint64_t hmacKey4; 1077 uint64_t hmacKey5; 1078 uint64_t hmacKey6; 1079 uint64_t hmacKey7; 1080 uint64_t hmacKey8; 1081 uint64_t hmacKey9; 1082 uint64_t hmacKey10; 1083 uint64_t hmacKey11; 1084 uint64_t hmacKey12; 1085 uint64_t hmacKey13; 1086 uint64_t hmacKey14; 1087 uint64_t hmacKey15; 1088} AES192F8HMAC2_t, *AES192F8HMAC2_pt; 1089 1090/* AES256, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 64 bytes */ 1091typedef struct AES256F8_s { 1092 uint64_t cipherKey0; 1093 uint64_t cipherKey1; 1094 uint64_t cipherKey2; 1095 uint64_t cipherKey3; 1096 uint64_t cipherKeyMask0; 1097 uint64_t cipherKeyMask1; 1098 uint64_t cipherKeyMask2; 1099 uint64_t cipherKeyMask3; 1100} AES256F8_t, *AES256F8_pt; 1101 1102/* AES256, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 128 bytes */ 1103typedef struct AES256F8HMAC_s { 1104 uint64_t cipherKey0; 1105 uint64_t cipherKey1; 1106 uint64_t cipherKey2; 1107 uint64_t cipherKey3; 1108 uint64_t cipherKeyMask0; 1109 uint64_t cipherKeyMask1; 1110 uint64_t cipherKeyMask2; 1111 uint64_t cipherKeyMask3; 1112 uint64_t hmacKey0; 1113 uint64_t hmacKey1; 1114 uint64_t hmacKey2; 1115 uint64_t hmacKey3; 1116 uint64_t hmacKey4; 1117 uint64_t hmacKey5; 1118 uint64_t hmacKey6; 1119 uint64_t hmacKey7; 1120} AES256F8HMAC_t, *AES256F8HMAC_pt; 1121 1122/* AES256, (OFB F8), HMAC (SHA-384, SHA-512) - 192 bytes */ 1123typedef struct AES256F8HMAC2_s { 1124 uint64_t cipherKey0; 1125 uint64_t cipherKey1; 1126 uint64_t cipherKey2; 1127 uint64_t cipherKey3; 1128 uint64_t cipherKeyMask0; 1129 uint64_t cipherKeyMask1; 1130 uint64_t cipherKeyMask2; 1131 uint64_t cipherKeyMask3; 1132 uint64_t hmacKey0; 1133 uint64_t hmacKey1; 1134 uint64_t hmacKey2; 1135 uint64_t hmacKey3; 1136 uint64_t hmacKey4; 1137 uint64_t hmacKey5; 1138 uint64_t hmacKey6; 1139 uint64_t hmacKey7; 1140 uint64_t hmacKey8; 1141 uint64_t hmacKey9; 1142 uint64_t hmacKey10; 1143 uint64_t hmacKey11; 1144 uint64_t hmacKey12; 1145 uint64_t hmacKey13; 1146 uint64_t hmacKey14; 1147 uint64_t hmacKey15; 1148} AES256F8HMAC2_t, *AES256F8HMAC2_pt; 1149 1150/* AES256, (F8), GCM - 40 bytes */ 1151typedef struct AES128F8GCM_s { 1152 uint64_t cipherKey0; 1153 uint64_t cipherKey2; 1154 uint64_t GCMH0; 1155 uint64_t GCMH1; 1156 uint64_t GCMSCI; 1157} AES128F8GCM_t, *AES128F8GCM_pt; 1158 1159/* AES256, (F8), GCM - 48 bytes */ 1160typedef struct AES192F8GCM_s { 1161 uint64_t cipherKey0; 1162 uint64_t cipherKey1; 1163 uint64_t cipherKey2; 1164 uint64_t GCMH0; 1165 uint64_t GCMH1; 1166 uint64_t GCMSCI; 1167} AES192F8GCM_t, *AES192F8GCM_pt; 1168 1169/* AES256, (F8), GCM - 56 bytes */ 1170typedef struct AES256F8GCM_s { 1171 uint64_t cipherKey0; 1172 uint64_t cipherKey1; 1173 uint64_t cipherKey2; 1174 uint64_t cipherKey3; 1175 uint64_t GCMH0; 1176 uint64_t GCMH1; 1177 uint64_t GCMSCI; 1178} AES256F8GCM_t, *AES256F8GCM_pt; 1179 1180/* AES256, (F8), F9 - 40 bytes */ 1181typedef struct AES128F8F9_s { 1182 uint64_t cipherKey0; 1183 uint64_t cipherKey2; 1184 uint64_t authKey0; 1185 uint64_t authKey1; 1186} AES128F8F9_t, *AES128F8F9_pt; 1187 1188/* AES256, (F8), F9 - 48 bytes */ 1189typedef struct AES192F8F9_s { 1190 uint64_t cipherKey0; 1191 uint64_t cipherKey1; 1192 uint64_t cipherKey2; 1193 uint64_t authKey0; 1194 uint64_t authKey1; 1195} AES192F8F9_t, *AES192F8F9_pt; 1196 1197/* AES256F8, (F8), F9 - 56 bytes */ 1198typedef struct AES256F8F9_s { 1199 uint64_t cipherKey0; 1200 uint64_t cipherKey1; 1201 uint64_t cipherKey2; 1202 uint64_t cipherKey3; 1203 uint64_t authKey0; 1204 uint64_t authKey1; 1205} AES256F8F9_t, *AES256F8F9_pt; 1206 1207/* All DES possibilities */ 1208 1209/* DES, (ECB, CBC), HMAC (MD5, SHA-1, SHA-128) - 72 bytes */ 1210typedef struct DESHMAC_s { 1211 uint64_t cipherKey0; 1212 uint64_t hmacKey0; 1213 uint64_t hmacKey1; 1214 uint64_t hmacKey2; 1215 uint64_t hmacKey3; 1216 uint64_t hmacKey4; 1217 uint64_t hmacKey5; 1218 uint64_t hmacKey6; 1219 uint64_t hmacKey7; 1220} DESHMAC_t, *DESHMAC_pt; 1221 1222/* DES, (ECB, CBC), HMAC (SHA-384, SHA-512) - 136 bytes */ 1223typedef struct DESHMAC2_s { 1224 uint64_t cipherKey0; 1225 uint64_t hmacKey0; 1226 uint64_t hmacKey1; 1227 uint64_t hmacKey2; 1228 uint64_t hmacKey3; 1229 uint64_t hmacKey4; 1230 uint64_t hmacKey5; 1231 uint64_t hmacKey6; 1232 uint64_t hmacKey7; 1233 uint64_t hmacKey8; 1234 uint64_t hmacKey9; 1235 uint64_t hmacKey10; 1236 uint64_t hmacKey11; 1237 uint64_t hmacKey12; 1238 uint64_t hmacKey13; 1239 uint64_t hmacKey14; 1240 uint64_t hmacKey15; 1241} DESHMAC2_t, *DESHMAC2_pt; 1242 1243/* DES, (ECB, CBC), GCM - 32 bytes */ 1244typedef struct DESGCM_s { 1245 uint64_t cipherKey0; 1246 uint64_t GCMH0; 1247 uint64_t GCMH1; 1248 uint64_t GCMSCI; 1249} DESGCM_t, *DESGCM_pt; 1250 1251/* DES, (ECB, CBC), F9 - 32 bytes */ 1252typedef struct DESF9_s { 1253 uint64_t cipherKey0; 1254 uint64_t authKey0; 1255 uint64_t authKey1; 1256} DESF9_t, *DESF9_pt; 1257 1258/* DES, (ECB, CBC), Non-HMAC (MD5, SHA-1, SHA-128) - 9 bytes */ 1259typedef struct DES_s { 1260 uint64_t cipherKey0; 1261} DES_t, *DES_pt; 1262 1263 1264/* All 3DES possibilities */ 1265 1266/* 3DES, (ECB, CBC), HMAC (MD5, SHA-1, SHA-128) - 88 bytes */ 1267typedef struct DES3HMAC_s { 1268 uint64_t cipherKey0; 1269 uint64_t cipherKey1; 1270 uint64_t cipherKey2; 1271 uint64_t hmacKey0; 1272 uint64_t hmacKey1; 1273 uint64_t hmacKey2; 1274 uint64_t hmacKey3; 1275 uint64_t hmacKey4; 1276 uint64_t hmacKey5; 1277 uint64_t hmacKey6; 1278 uint64_t hmacKey7; 1279} DES3HMAC_t, *DES3HMAC_pt; 1280 1281/* 3DES, (ECB, CBC), HMAC (SHA-384, SHA-512) - 152 bytes */ 1282typedef struct DES3HMAC2_s { 1283 uint64_t cipherKey0; 1284 uint64_t cipherKey1; 1285 uint64_t cipherKey2; 1286 uint64_t hmacKey0; 1287 uint64_t hmacKey1; 1288 uint64_t hmacKey2; 1289 uint64_t hmacKey3; 1290 uint64_t hmacKey4; 1291 uint64_t hmacKey5; 1292 uint64_t hmacKey6; 1293 uint64_t hmacKey7; 1294 uint64_t hmacKey8; 1295 uint64_t hmacKey9; 1296 uint64_t hmacKey10; 1297 uint64_t hmacKey11; 1298 uint64_t hmacKey12; 1299 uint64_t hmacKey13; 1300 uint64_t hmacKey14; 1301 uint64_t hmacKey15; 1302} DES3HMAC2_t, *DES3HMAC2_pt; 1303 1304/* 3DES, (ECB, CBC), GCM - 48 bytes */ 1305typedef struct DES3GCM_s { 1306 uint64_t cipherKey0; 1307 uint64_t cipherKey1; 1308 uint64_t cipherKey2; 1309 uint64_t GCMH0; 1310 uint64_t GCMH1; 1311 uint64_t GCMSCI; 1312} DES3GCM_t, *DES3GCM_pt; 1313 1314/* 3DES, (ECB, CBC), GCM - 48 bytes */ 1315typedef struct DES3F9_s { 1316 uint64_t cipherKey0; 1317 uint64_t cipherKey1; 1318 uint64_t cipherKey2; 1319 uint64_t authKey0; 1320 uint64_t authKey1; 1321} DES3F9_t, *DES3F9_pt; 1322 1323/* 3DES, (ECB, CBC), Non-HMAC (MD5, SHA-1, SHA-128) - 24 bytes */ 1324typedef struct DES3_s { 1325 uint64_t cipherKey0; 1326 uint64_t cipherKey1; 1327 uint64_t cipherKey2; 1328} DES3_t, *DES3_pt; 1329 1330 1331/* HMAC only - no cipher */ 1332 1333/* HMAC (MD5, SHA-1, SHA-128) - 64 bytes */ 1334typedef struct HMAC_s { 1335 uint64_t hmacKey0; 1336 uint64_t hmacKey1; 1337 uint64_t hmacKey2; 1338 uint64_t hmacKey3; 1339 uint64_t hmacKey4; 1340 uint64_t hmacKey5; 1341 uint64_t hmacKey6; 1342 uint64_t hmacKey7; 1343} HMAC_t, *HMAC_pt; 1344 1345/* HMAC (SHA-384, SHA-512) - 128 bytes */ 1346typedef struct HMAC2_s { 1347 uint64_t hmacKey0; 1348 uint64_t hmacKey1; 1349 uint64_t hmacKey2; 1350 uint64_t hmacKey3; 1351 uint64_t hmacKey4; 1352 uint64_t hmacKey5; 1353 uint64_t hmacKey6; 1354 uint64_t hmacKey7; 1355 uint64_t hmacKey8; 1356 uint64_t hmacKey9; 1357 uint64_t hmacKey10; 1358 uint64_t hmacKey11; 1359 uint64_t hmacKey12; 1360 uint64_t hmacKey13; 1361 uint64_t hmacKey14; 1362 uint64_t hmacKey15; 1363} HMAC2_t, *HMAC2_pt; 1364 1365/* GCM - 24 bytes */ 1366typedef struct GCM_s { 1367 uint64_t GCMH0; 1368 uint64_t GCMH1; 1369 uint64_t GCMSCI; 1370} GCM_t, *GCM_pt; 1371 1372/* F9 - 24 bytes */ 1373typedef struct F9_s { 1374 uint64_t authKey0; 1375 uint64_t authKey1; 1376} F9_t, *F9_pt; 1377 1378/* All ARC4 possibilities */ 1379/* ARC4, HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ 1380typedef struct ARC4HMAC_s { 1381 uint64_t cipherKey0; 1382 uint64_t cipherKey1; 1383 uint64_t cipherKey2; 1384 uint64_t cipherKey3; 1385 uint64_t hmacKey0; 1386 uint64_t hmacKey1; 1387 uint64_t hmacKey2; 1388 uint64_t hmacKey3; 1389 uint64_t hmacKey4; 1390 uint64_t hmacKey5; 1391 uint64_t hmacKey6; 1392 uint64_t hmacKey7; 1393} ARC4HMAC_t, *ARC4HMAC_pt; 1394 1395/* ARC4, HMAC (SHA-384, SHA-512) - 160 bytes */ 1396typedef struct ARC4HMAC2_s { 1397 uint64_t cipherKey0; 1398 uint64_t cipherKey1; 1399 uint64_t cipherKey2; 1400 uint64_t cipherKey3; 1401 uint64_t hmacKey0; 1402 uint64_t hmacKey1; 1403 uint64_t hmacKey2; 1404 uint64_t hmacKey3; 1405 uint64_t hmacKey4; 1406 uint64_t hmacKey5; 1407 uint64_t hmacKey6; 1408 uint64_t hmacKey7; 1409 uint64_t hmacKey8; 1410 uint64_t hmacKey9; 1411 uint64_t hmacKey10; 1412 uint64_t hmacKey11; 1413 uint64_t hmacKey12; 1414 uint64_t hmacKey13; 1415 uint64_t hmacKey14; 1416 uint64_t hmacKey15; 1417} ARC4HMAC2_t, *ARC4HMAC2_pt; 1418 1419/* ARC4, GCM - 56 bytes */ 1420typedef struct ARC4GCM_s { 1421 uint64_t cipherKey0; 1422 uint64_t cipherKey1; 1423 uint64_t cipherKey2; 1424 uint64_t cipherKey3; 1425 uint64_t GCMH0; 1426 uint64_t GCMH1; 1427 uint64_t GCMSCI; 1428} ARC4GCM_t, *ARC4GCM_pt; 1429 1430/* ARC4, F9 - 56 bytes */ 1431typedef struct ARC4F9_s { 1432 uint64_t cipherKey0; 1433 uint64_t cipherKey1; 1434 uint64_t cipherKey2; 1435 uint64_t cipherKey3; 1436 uint64_t authKey0; 1437 uint64_t authKey1; 1438} ARC4F9_t, *ARC4F9_pt; 1439 1440/* ARC4, HMAC (MD5, SHA-1, SHA-256) - 408 bytes (not including 8 bytes from instruction) */ 1441typedef struct ARC4StateHMAC_s { 1442 uint64_t cipherKey0; 1443 uint64_t cipherKey1; 1444 uint64_t cipherKey2; 1445 uint64_t cipherKey3; 1446 uint64_t hmacKey0; 1447 uint64_t hmacKey1; 1448 uint64_t hmacKey2; 1449 uint64_t hmacKey3; 1450 uint64_t hmacKey4; 1451 uint64_t hmacKey5; 1452 uint64_t hmacKey6; 1453 uint64_t hmacKey7; 1454 uint64_t PAD0; 1455 uint64_t PAD1; 1456 uint64_t PAD2; 1457 uint64_t Arc4SboxData0; 1458 uint64_t Arc4SboxData1; 1459 uint64_t Arc4SboxData2; 1460 uint64_t Arc4SboxData3; 1461 uint64_t Arc4SboxData4; 1462 uint64_t Arc4SboxData5; 1463 uint64_t Arc4SboxData6; 1464 uint64_t Arc4SboxData7; 1465 uint64_t Arc4SboxData8; 1466 uint64_t Arc4SboxData9; 1467 uint64_t Arc4SboxData10; 1468 uint64_t Arc4SboxData11; 1469 uint64_t Arc4SboxData12; 1470 uint64_t Arc4SboxData13; 1471 uint64_t Arc4SboxData14; 1472 uint64_t Arc4SboxData15; 1473 uint64_t Arc4SboxData16; 1474 uint64_t Arc4SboxData17; 1475 uint64_t Arc4SboxData18; 1476 uint64_t Arc4SboxData19; 1477 uint64_t Arc4SboxData20; 1478 uint64_t Arc4SboxData21; 1479 uint64_t Arc4SboxData22; 1480 uint64_t Arc4SboxData23; 1481 uint64_t Arc4SboxData24; 1482 uint64_t Arc4SboxData25; 1483 uint64_t Arc4SboxData26; 1484 uint64_t Arc4SboxData27; 1485 uint64_t Arc4SboxData28; 1486 uint64_t Arc4SboxData29; 1487 uint64_t Arc4SboxData30; 1488 uint64_t Arc4SboxData31; 1489 uint64_t Arc4IJData; 1490 uint64_t PAD3; 1491 uint64_t PAD4; 1492 uint64_t PAD5; 1493} ARC4StateHMAC_t, *ARC4StateHMAC_pt; 1494 1495/* ARC4, HMAC (SHA-384, SHA-512) - 480 bytes (not including 8 bytes from instruction) */ 1496typedef struct ARC4StateHMAC2_s { 1497 uint64_t cipherKey0; 1498 uint64_t cipherKey1; 1499 uint64_t cipherKey2; 1500 uint64_t cipherKey3; 1501 uint64_t hmacKey0; 1502 uint64_t hmacKey1; 1503 uint64_t hmacKey2; 1504 uint64_t hmacKey3; 1505 uint64_t hmacKey4; 1506 uint64_t hmacKey5; 1507 uint64_t hmacKey6; 1508 uint64_t hmacKey7; 1509 uint64_t hmacKey8; 1510 uint64_t hmacKey9; 1511 uint64_t hmacKey10; 1512 uint64_t hmacKey11; 1513 uint64_t hmacKey12; 1514 uint64_t hmacKey13; 1515 uint64_t hmacKey14; 1516 uint64_t hmacKey15; 1517 uint64_t PAD0; 1518 uint64_t PAD1; 1519 uint64_t PAD2; 1520 uint64_t Arc4SboxData0; 1521 uint64_t Arc4SboxData1; 1522 uint64_t Arc4SboxData2; 1523 uint64_t Arc4SboxData3; 1524 uint64_t Arc4SboxData4; 1525 uint64_t Arc4SboxData5; 1526 uint64_t Arc4SboxData6; 1527 uint64_t Arc4SboxData7; 1528 uint64_t Arc4SboxData8; 1529 uint64_t Arc4SboxData9; 1530 uint64_t Arc4SboxData10; 1531 uint64_t Arc4SboxData11; 1532 uint64_t Arc4SboxData12; 1533 uint64_t Arc4SboxData13; 1534 uint64_t Arc4SboxData14; 1535 uint64_t Arc4SboxData15; 1536 uint64_t Arc4SboxData16; 1537 uint64_t Arc4SboxData17; 1538 uint64_t Arc4SboxData18; 1539 uint64_t Arc4SboxData19; 1540 uint64_t Arc4SboxData20; 1541 uint64_t Arc4SboxData21; 1542 uint64_t Arc4SboxData22; 1543 uint64_t Arc4SboxData23; 1544 uint64_t Arc4SboxData24; 1545 uint64_t Arc4SboxData25; 1546 uint64_t Arc4SboxData26; 1547 uint64_t Arc4SboxData27; 1548 uint64_t Arc4SboxData28; 1549 uint64_t Arc4SboxData29; 1550 uint64_t Arc4SboxData30; 1551 uint64_t Arc4SboxData31; 1552 uint64_t Arc4IJData; 1553 uint64_t PAD3; 1554 uint64_t PAD4; 1555 uint64_t PAD5; 1556} ARC4StateHMAC2_t, *ARC4StateHMAC2_pt; 1557 1558/* ARC4, GCM - 408 bytes (not including 8 bytes from instruction) */ 1559typedef struct ARC4StateGCM_s { 1560 uint64_t cipherKey0; 1561 uint64_t cipherKey1; 1562 uint64_t cipherKey2; 1563 uint64_t cipherKey3; 1564 uint64_t GCMH0; 1565 uint64_t GCMH1; 1566 uint64_t GCMSCI; 1567 uint64_t PAD0; 1568 uint64_t PAD1; 1569 uint64_t PAD2; 1570 uint64_t PAD3; 1571 uint64_t PAD4; 1572 uint64_t PAD5; 1573 uint64_t PAD6; 1574 uint64_t PAD7; 1575 uint64_t Arc4SboxData0; 1576 uint64_t Arc4SboxData1; 1577 uint64_t Arc4SboxData2; 1578 uint64_t Arc4SboxData3; 1579 uint64_t Arc4SboxData4; 1580 uint64_t Arc4SboxData5; 1581 uint64_t Arc4SboxData6; 1582 uint64_t Arc4SboxData7; 1583 uint64_t Arc4SboxData8; 1584 uint64_t Arc4SboxData9; 1585 uint64_t Arc4SboxData10; 1586 uint64_t Arc4SboxData11; 1587 uint64_t Arc4SboxData12; 1588 uint64_t Arc4SboxData13; 1589 uint64_t Arc4SboxData14; 1590 uint64_t Arc4SboxData15; 1591 uint64_t Arc4SboxData16; 1592 uint64_t Arc4SboxData17; 1593 uint64_t Arc4SboxData18; 1594 uint64_t Arc4SboxData19; 1595 uint64_t Arc4SboxData20; 1596 uint64_t Arc4SboxData21; 1597 uint64_t Arc4SboxData22; 1598 uint64_t Arc4SboxData23; 1599 uint64_t Arc4SboxData24; 1600 uint64_t Arc4SboxData25; 1601 uint64_t Arc4SboxData26; 1602 uint64_t Arc4SboxData27; 1603 uint64_t Arc4SboxData28; 1604 uint64_t Arc4SboxData29; 1605 uint64_t Arc4SboxData30; 1606 uint64_t Arc4SboxData31; 1607 uint64_t Arc4IJData; 1608 uint64_t PAD8; 1609 uint64_t PAD9; 1610 uint64_t PAD10; 1611} ARC4StateGCM_t, *ARC4StateGCM_pt; 1612 1613/* ARC4, F9 - 408 bytes (not including 8 bytes from instruction) */ 1614typedef struct ARC4StateF9_s { 1615 uint64_t cipherKey0; 1616 uint64_t cipherKey1; 1617 uint64_t cipherKey2; 1618 uint64_t cipherKey3; 1619 uint64_t authKey0; 1620 uint64_t authKey1; 1621 uint64_t PAD0; 1622 uint64_t PAD1; 1623 uint64_t PAD2; 1624 uint64_t PAD3; 1625 uint64_t PAD4; 1626 uint64_t PAD5; 1627 uint64_t PAD6; 1628 uint64_t PAD7; 1629 uint64_t PAD8; 1630 uint64_t Arc4SboxData0; 1631 uint64_t Arc4SboxData1; 1632 uint64_t Arc4SboxData2; 1633 uint64_t Arc4SboxData3; 1634 uint64_t Arc4SboxData4; 1635 uint64_t Arc4SboxData5; 1636 uint64_t Arc4SboxData6; 1637 uint64_t Arc4SboxData7; 1638 uint64_t Arc4SboxData8; 1639 uint64_t Arc4SboxData9; 1640 uint64_t Arc4SboxData10; 1641 uint64_t Arc4SboxData11; 1642 uint64_t Arc4SboxData12; 1643 uint64_t Arc4SboxData13; 1644 uint64_t Arc4SboxData14; 1645 uint64_t Arc4SboxData15; 1646 uint64_t Arc4SboxData16; 1647 uint64_t Arc4SboxData17; 1648 uint64_t Arc4SboxData18; 1649 uint64_t Arc4SboxData19; 1650 uint64_t Arc4SboxData20; 1651 uint64_t Arc4SboxData21; 1652 uint64_t Arc4SboxData22; 1653 uint64_t Arc4SboxData23; 1654 uint64_t Arc4SboxData24; 1655 uint64_t Arc4SboxData25; 1656 uint64_t Arc4SboxData26; 1657 uint64_t Arc4SboxData27; 1658 uint64_t Arc4SboxData28; 1659 uint64_t Arc4SboxData29; 1660 uint64_t Arc4SboxData30; 1661 uint64_t Arc4SboxData31; 1662 uint64_t Arc4IJData; 1663 uint64_t PAD9; 1664 uint64_t PAD10; 1665 uint64_t PAD11; 1666} ARC4StateF9_t, *ARC4StateF9_pt; 1667 1668/* ARC4, Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ 1669typedef struct ARC4_s { 1670 uint64_t cipherKey0; 1671 uint64_t cipherKey1; 1672 uint64_t cipherKey2; 1673 uint64_t cipherKey3; 1674} ARC4_t, *ARC4_pt; 1675 1676/* ARC4, Non-HMAC (MD5, SHA-1, SHA-256) - 344 bytes (not including 8 bytes from instruction) */ 1677typedef struct ARC4State_s { 1678 uint64_t cipherKey0; 1679 uint64_t cipherKey1; 1680 uint64_t cipherKey2; 1681 uint64_t cipherKey3; 1682 uint64_t PAD0; 1683 uint64_t PAD1; 1684 uint64_t PAD2; 1685 uint64_t Arc4SboxData0; 1686 uint64_t Arc4SboxData1; 1687 uint64_t Arc4SboxData2; 1688 uint64_t Arc4SboxData3; 1689 uint64_t Arc4SboxData4; 1690 uint64_t Arc4SboxData5; 1691 uint64_t Arc4SboxData6; 1692 uint64_t Arc4SboxData7; 1693 uint64_t Arc4SboxData8; 1694 uint64_t Arc4SboxData9; 1695 uint64_t Arc4SboxData10; 1696 uint64_t Arc4SboxData11; 1697 uint64_t Arc4SboxData12; 1698 uint64_t Arc4SboxData13; 1699 uint64_t Arc4SboxData14; 1700 uint64_t Arc4SboxData15; 1701 uint64_t Arc4SboxData16; 1702 uint64_t Arc4SboxData17; 1703 uint64_t Arc4SboxData18; 1704 uint64_t Arc4SboxData19; 1705 uint64_t Arc4SboxData20; 1706 uint64_t Arc4SboxData21; 1707 uint64_t Arc4SboxData22; 1708 uint64_t Arc4SboxData23; 1709 uint64_t Arc4SboxData24; 1710 uint64_t Arc4SboxData25; 1711 uint64_t Arc4SboxData26; 1712 uint64_t Arc4SboxData27; 1713 uint64_t Arc4SboxData28; 1714 uint64_t Arc4SboxData29; 1715 uint64_t Arc4SboxData30; 1716 uint64_t Arc4SboxData31; 1717 uint64_t Arc4IJData; 1718 uint64_t PAD3; 1719 uint64_t PAD4; 1720 uint64_t PAD5; 1721} ARC4State_t, *ARC4State_pt; 1722 1723/* Kasumi f8 - 32 bytes */ 1724typedef struct KASUMIF8_s { 1725 uint64_t cipherKey0; 1726 uint64_t cipherKey1; 1727} KASUMIF8_t, *KASUMIF8_pt; 1728 1729/* Kasumi f8 + HMAC (MD5, SHA-1, SHA-256) - 80 bytes */ 1730typedef struct KASUMIF8HMAC_s { 1731 uint64_t cipherKey0; 1732 uint64_t cipherKey1; 1733 uint64_t hmacKey0; 1734 uint64_t hmacKey1; 1735 uint64_t hmacKey2; 1736 uint64_t hmacKey3; 1737 uint64_t hmacKey4; 1738 uint64_t hmacKey5; 1739 uint64_t hmacKey6; 1740 uint64_t hmacKey7; 1741} KASUMIF8HMAC_t, *KASUMIF8HMAC_pt; 1742 1743/* Kasumi f8 + HMAC (SHA-384, SHA-512) - 144 bytes */ 1744typedef struct KASUMIF8HMAC2_s { 1745 uint64_t cipherKey0; 1746 uint64_t cipherKey1; 1747 uint64_t hmacKey0; 1748 uint64_t hmacKey1; 1749 uint64_t hmacKey2; 1750 uint64_t hmacKey3; 1751 uint64_t hmacKey4; 1752 uint64_t hmacKey5; 1753 uint64_t hmacKey6; 1754 uint64_t hmacKey7; 1755 uint64_t hmacKey8; 1756 uint64_t hmacKey9; 1757 uint64_t hmacKey10; 1758 uint64_t hmacKey11; 1759 uint64_t hmacKey12; 1760 uint64_t hmacKey13; 1761 uint64_t hmacKey14; 1762 uint64_t hmacKey15; 1763} KASUMIF8HMAC2_t, *KASUMIF8HMAC2_pt; 1764 1765/* Kasumi f8 + GCM - 144 bytes */ 1766typedef struct KASUMIF8GCM_s { 1767 uint64_t cipherKey0; 1768 uint64_t cipherKey1; 1769 uint64_t GCMH0; 1770 uint64_t GCMH1; 1771 uint64_t GCMSCI; 1772} KASUMIF8GCM_t, *KASUMIF8GCM_pt; 1773 1774/* Kasumi f8 + f9 - 32 bytes */ 1775typedef struct KASUMIF8F9_s { 1776 uint64_t cipherKey0; 1777 uint64_t cipherKey1; 1778 uint64_t authKey0; 1779 uint64_t authKey1; 1780} KASUMIF8F9_t, *KASUMIF8F9_pt; 1781 1782typedef union CipherHashInfo_u { 1783 AES256HMAC_t infoAES256HMAC; 1784 AES256_t infoAES256; 1785 AES192HMAC_t infoAES192HMAC; 1786 AES192_t infoAES192; 1787 AES128HMAC_t infoAES128HMAC; 1788 AES128_t infoAES128; 1789 DESHMAC_t infoDESHMAC; 1790 DES_t infoDES; 1791 DES3HMAC_t info3DESHMAC; 1792 DES3_t info3DES; 1793 HMAC_t infoHMAC; 1794 /* ARC4 */ 1795 ARC4HMAC_t infoARC4HMAC; 1796 ARC4StateHMAC_t infoARC4StateHMAC; 1797 ARC4_t infoARC4; 1798 ARC4State_t infoARC4State; 1799 /* AES mode F8 */ 1800 AES256F8HMAC_t infoAES256F8HMAC; 1801 AES256F8_t infoAES256F8; 1802 AES192F8HMAC_t infoAES192F8HMAC; 1803 AES192F8_t infoAES192F8; 1804 AES128F8HMAC_t infoAES128F8HMAC; 1805 AES128F8_t infoAES128F8; 1806 /* KASUMI F8 */ 1807 KASUMIF8HMAC_t infoKASUMIF8HMAC; 1808 KASUMIF8_t infoKASUMIF8; 1809 /* GCM */ 1810 GCM_t infoGCM; 1811 AES256F8GCM_t infoAES256F8GCM; 1812 AES192F8GCM_t infoAES192F8GCM; 1813 AES128F8GCM_t infoAES128F8GCM; 1814 AES256GCM_t infoAES256GCM; 1815 AES192GCM_t infoAES192GCM; 1816 AES128GCM_t infoAES128GCM; 1817 DESGCM_t infoDESGCM; 1818 DES3GCM_t info3DESGCM; 1819 ARC4GCM_t infoARC4GCM; 1820 ARC4StateGCM_t infoARC4StateGCM; 1821 KASUMIF8GCM_t infoKASUMIF8GCM; 1822 /* HMAC2 */ 1823 HMAC2_t infoHMAC2; 1824 AES256F8HMAC2_t infoAES256F8HMAC2; 1825 AES192F8HMAC2_t infoAES192F8HMAC2; 1826 AES128F8HMAC2_t infoAES128F8HMAC2; 1827 AES256HMAC2_t infoAES256HMAC2; 1828 AES192HMAC2_t infoAES192HMAC2; 1829 AES128HMAC2_t infoAES128HMAC2; 1830 DESHMAC2_t infoDESHMAC2; 1831 DES3HMAC2_t info3DESHMAC2; 1832 ARC4HMAC2_t infoARC4HMAC2; 1833 ARC4StateHMAC2_t infoARC4StateHMAC2; 1834 KASUMIF8HMAC2_t infoKASUMIF8HMAC2; 1835 /* F9 */ 1836 F9_t infoF9; 1837 AES256F8F9_t infoAES256F8F9; 1838 AES192F8F9_t infoAES192F8F9; 1839 AES128F8F9_t infoAES128F8F9; 1840 AES256F9_t infoAES256F9; 1841 AES192F9_t infoAES192F9; 1842 AES128F9_t infoAES128F9; 1843 DESF9_t infoDESF9; 1844 DES3F9_t info3DESF9; 1845 ARC4F9_t infoARC4F9; 1846 ARC4StateF9_t infoARC4StateF9; 1847 KASUMIF8F9_t infoKASUMIF8F9; 1848} CipherHashInfo_t, *CipherHashInfo_pt; 1849 1850 1851/* 1852 * 1853 * ControlDescriptor_s datastructure 1854 * 1855 */ 1856 1857typedef struct ControlDescriptor_s { 1858 uint64_t instruction; 1859 CipherHashInfo_t cipherHashInfo; 1860} ControlDescriptor_t, *ControlDescriptor_pt; 1861 1862 1863 1864 1865/* ********************************************************************** 1866 * PacketDescriptor_t 1867 * ********************************************************************** 1868 */ 1869 1870/* /--------------------------------------------\ 1871 * | | 1872 * | New PacketDescriptor_s datastructure | 1873 * | | 1874 * \--------------------------------------------/ 1875 * 1876 * 1877 * 1878 * PacketDescriptor_t.srcLengthIVOffUseIVNext 1879 * ------------------------------------------ 1880 * 1881 * 63 62 61 59 58 57 56 54 53 43 1882 * ------------------------------------------------------------------------------------------------ 1883 * || Load HMAC key || Pad Hash || Hash Byte Count || Next || Use IV || IV Offset || Packet length || ... CONT ... 1884 * ------------------------------------------------------------------------------------------------ 1885 * 1 1 3 1 1 3 11 1886 * 1887 * 1888 * 42 41 40 39 5 4 3 2 1889 * 0 1890 * ---------------------------------------------------------------------------------------------------- 1891 * || NLHMAC || Break || Wait || Segment src address || SRTCP || Reserved || Global src data offset || 1892 * ---------------------------------------------------------------------------------------------------- 1893 * 1 1 1 35 1 1 3 1894 * 1895 * 1896 * 1897 * Load HMAC key = 1'b0 Preserve old HMAC key stored in Auth engine (moot if HASH.HMAC == 0) 1898 * 1'b1 Load HMAC key from ID registers at beginning of op 1899 * If GCM is selected as authenticator, setting this bit 1900 * will cause the H value from ID to be loaded to the engine 1901 * If Kasumi F9 is selected as authenticator, setting this bit 1902 * will cause the IK value from ID to be loaded to the engine. 1903 * Pad Hash = 1'b0 HASH will assume the data was padded to be a multiple 1904 * of 512 bits in length and that the last 64 bit word 1905 * expresses the total datalength in bits seen by HASH engine 1906 * 1'b1 The data was not padded to be a multiple of 512 bits in length; 1907 * The Hash engine will do its own padding to generate the correct digest. 1908 * Ignored by GCM (always does its own padding) 1909 * Hash Byte Count Number of BYTES on last 64-bit data word to use in digest calculation RELEVANT ONLY IF Pad Hash IS SET 1910 * 3'b000 Use all 8 1911 * 3'b001 Use first (MS) byte only (0-out rest), i.e., 0xddXXXXXXXXXXXXXX 1912 * 3'b010 Use first 2 bytes only (0-out rest), i.e., 0xddddXXXXXXXXXXXX ... etc 1913 * Next = 1'b0 Finish (return msg descriptor) at end of operation 1914 * 1'b1 Grab the next PacketDescriptor (i.e. next cache-line) when the current is complete. 1915 * This allows for fragmentation/defragmentation and processing of large (>16kB) packets. 1916 * The sequence of adjacent PacketDescriptor acts as a contiguous linked list of 1917 * pointers to the actual packets with Next==0 on the last PacketDescriptor to end processing. 1918 * Use IV = 1'b0 On first frag: Use old IV 1919 * On subsequent frags: Do not write out to DST the (dword) offset data 1920 * 1'b1 On first frag: Use data @ Segment_address + IV_Offset as IV 1921 * On subsequent frags: Do write out to DST the (dword) offset data 1922 * IV Offset = On first frag: Offset IN NB OF 8 BYTE WORDS (dwords) from beginning of packet 1923 * (i.e. (Potentially byte-shifted) Segment address) to cipher IV 1924 * On subsequent frags: Offset to beginning of data to process; data to offset won't 1925 * be given to engines and will be written out to dst in the clear. 1926 * ON SUBSEQUENT FRAGS, IV_Offset MAY NOT EXCEED 3; LARGER VALUES WILL CAUSE AN ERROR 1927 * SEE ERROR CONDITIONS BELOW 1928 * Packet length = Nb double words to stream in (Including Segment address->CP/IV/Auth/CkSum offsets) 1929 * This is the total amount of data (x8 in bytes) read (+1 dword if "Global src data offset" != 0) 1930 * This is the total amount of data (x8 in bytes) written (+1 dword if "Global dst data offset" != 0, if Dst dword offset == 0) 1931 * If Packet length == 11'h7ff and (Global src data offset != 0 or Global dst data offset != 0) 1932 * the operation is aborted (no mem writes occur) 1933 * and the "Insufficient Data To Cipher" error flag is raised 1934 * NLHMAC = No last to hmac. Setting this to 1 will prevent the transmission of the last DWORD 1935 * to the authenticator, i.e., the DWORD before last will be designated as last for the purposes of authentication. 1936 * Break = Break a wait (see below) state - causes the operation to be flushed and free descriptor to be returned. 1937 * Activated if DFetch blocked by Wait and Wait still active. 1938 * AS OF 02/10/2005 THIS FEATURE IS EXPERIMENTAL 1939 * Wait = Setting that bit causes the operation to block in DFetch stage. 1940 * DFetch will keep polling the memory location until the bit is reset at which time 1941 * the pipe resumes normal operation. This feature is convenient for software dealing with fragmented packets. 1942 * AS OF 02/10/2005 THIS FEATURE IS EXPERIMENTAL 1943 * Segment src address = 35 MSB of pointer to src data (i.e., cache-line aligned) 1944 * SRTCP = Bypass the cipher for the last 4 bytes of data, i.e. the last 4 bytes will be sent to memory 1945 * and the authenticator in the clear. Applicable to last packet descriptor andlast frag only. 1946 * This accommodates a requirement of SRTCP. 1947 * Global src data offset = Nb BYTES to right-shift data by before presenting it to engines 1948 * (0-7); allows realignment of byte-aligned, non-double-word aligned data 1949 * 1950 * PacketDescriptor_t.dstDataSettings 1951 * ---------------------------------- 1952 * 1953 * 1954 * 63 62 60 59 58 56 55 54 53 52 41 40 1955 * ------------------------------------------------------------------------------------------------------------ 1956 * || CipherPrefix | Arc4ByteCount | E/D | Cipher_Offset || Hash_Offset | Hash_Src || CkSum_Offset | CkSum_Src || ... CONT ... 1957 * ------------------------------------------------------------------------------------------------------------ 1958 * 1 3 1 3 2 1 12 1 1959 * <-----------------------CIPHER-----------------------><---------HASH-----------><-------CHECKSUM-----------> 1960 * 1961 * 1962 * CipherPrefix = 128'b0 will be sent to the selected cipher 1963 * KEEP VALUE ON ALL FRAGS after the IV is loaded, before the actual data goes in. 1964 * The result of that encryption (aka E(K, 0))will be stored 1965 * locally and XOR-ed with the auth digest to create the final 1966 * digest at the end of the auth OP: 1967 * This is covered by the GCM spec 1968 * AesPrefix = 1'b1 -> Force E=Cipher(K,0) before start of data encr. 1969 * -> Digest ^= E 1970 * AesPrefix = 1'b0 -> Regular digest 1971 * This flag is ignored if no cipher is chosen (Bypass condition) 1972 * X0 Arc4ByteCount = Number of BYTES on last 64-bit data word to encrypt 1973 * 3'b000 Encrypt all 8 1974 * 3'b001 Encrypt first (MS) byte only i.e., 0xddXXXXXXXXXXXXXX 1975 * 3'b010 Encrypt first 2 bytes only i.e., 0xddddXXXXXXXXXXXX ... etc 1976 * In reality, all are encrypted, however, the SBOX 1977 * is not written past the last byte to encrypt 1978 * E/D = 1'b0 Decrypt 1979 * 1'b1 Encrypt 1980 * Overloaded to also mean IV byte offset for first frag 1981 * Cipher_Offset = Nb of words between the first data segment 1982 * and word on which to start cipher operation 1983 * (64 BIT WORDS !!!) 1984 * Hash_Offset = Nb of words between the first data segment 1985 * and word on which to start hashing 1986 * (64 bit words) 1987 * Hash_Src = 1'b0 DMA channel 1988 * 1'b1 Cipher if word count exceeded Cipher_Offset; 1989 * DMA channel otherwise 1990 * CkSum_Offset = Nb of words between the first data segment 1991 * and word on which to start 1992 * checksum calculation (32 BIT WORDS !!!) 1993 * CkSum_Src = 1'b0 DMA channel 1994 * 1'b1 Cipher if word count exceeded Cipher_Offset 1995 * DMA channel otherwise 1996 * Cipher dst address = 35 MSB of pointer to dst location (i.e., cache-line aligned) 1997 * Dst dword offset = Nb of double-words to left-shift data from spec'ed Cipher dst address before writing it to memory 1998 * Global dst data offset = Nb BYTES to left-shift (double-word boundary aligned) data by before writing it to memory 1999 * 2000 * 2001 * PacketDescriptor_t.authDstNonceLow 2002 * ---------------------------------- 2003 * 2004 * 63 40 39 5 4 0 2005 * ----------------------------------------------------- 2006 * || Nonce_Low || Auth_dst_address || Cipher_Offset_Hi || 2007 * ----------------------------------------------------- 2008 * 24 35 5 2009 * 2010 * 2011 * 2012 * Nonce_Low = Nonce[23:0] 24 least significant bits of 32-bit long nonce 2013 * Used by AES in counter mode 2014 * Auth_dst_address = 35 MSB of pointer to authentication dst location (i.e., cache-line aligned) 2015 * X0 Cipher_Offset_Hi = On first frag: 5 MSB of 8-bit Cipher_offset; will be concatenated to 2016 * the top of PacketDescriptor_t.dstDataSettings.Cipher_Offset 2017 * On subsequent frags: Ignored 2018 * 2019 * 2020 * PacketDescriptor_t.ckSumDstNonceHiCFBMaskLLWMask 2021 * ------------------------------------------------ 2022 * 2023 * 2024 * 63 61 60 58 57 56 55 48 47 40 39 5 4 0 2025 * ------------------------------------------------------------------------------------------------------------------- 2026 * || Hash_Byte_Offset || Packet length bytes || LLWMask || CFB_Mask || Nonce_Hi || CkSum_dst_address || IV_Offset_Hi || 2027 * ------------------------------------------------------------------------------------------------------------------- 2028 * 3 3 2 8 8 35 5 2029 * 2030 * 2031 * Hash_Byte_Offset = On first frag: Additional offset in bytes to be added to Hash_Offset 2032 * to obtain the full offset applied to the data before 2033 * submitting it to authenticator 2034 * On subsequent frags: Same 2035 * Packet length bytes = On one fragment payloads: Ignored (i.e. assumed to be 0, last dword used in its entirety) 2036 * On fragments before last: Number of bytes on last fragment dword 2037 * On last fragment: Ignored (i.e. assumed to be 0, last dword used in its entirety) 2038 * LLWMask, aka, Last_long_word_mask = 2'b00 Give last 128 bit word from AES engine to auth/cksum/wrbbufer as is - applicable in AES CTR only 2039 * 2'b11 Mask (zero-out) 32 least significant bits 2040 * 2'b10 Mask 64 LSBs 2041 * 2'b01 Mask 96 LSBs 2042 * If the GCM authenticator is used, setting LLWMask to 2'b10 or 2'b01 2043 * will also prevent the transmission of the last DWORD 2044 * to the authenticator, i.e., the DWORD before last will 2045 * be designated as last for the purposes of authentication. 2046 * CFB_Mask = 8 bit mask used by AES in CFB mode 2047 * In CTR mode: 2048 * CFB_Mask[1:0] = 2'b00 -> Counter[127:0] = {Nonce[31:0], IV0[63:0], 4'h00000001} (only 1 IV exp 2049ected) regular CTR 2050 * 2'b01 -> Counter[127:0] = {Nonce[31:0], IV0[63:0], IV1[31:0]} (2 IV expected 2051) CCMP 2052 * 2'b10 -> Counter[127:0] = {IV1[63:0], IV0[31:0], Nonce[31:0]} (2 IV expected 2053) GCM with SCI 2054 * 2'b11 -> Counter[127:0] = {IDecode.SCI[63:0], IV0[31:0], Nonce[31:0]} (1 IV expected 2055) GCM w/o SCI 2056 * Nonce_Hi = Nonce[31:24] 8 most significant bits of 32-bit long nonce 2057 * Used by AES in counter mode 2058 * CkSum_dst_address = 35 MSB of pointer to cksum dst location (i.e., cache-line aligned) 2059 * X0 IV_Offset_Hi = On first frag: 5 MSB of 8-bit IV offset; will be concatenated to 2060 * the top of PacketDescriptor_t.srcLengthIVOffUseIVNext.IV_Offset 2061 * On subsequent frags: Ignored 2062 */ 2063 2064/* #define PKT_DSC_LOADHMACKEY */ 2065#define PKT_DSC_LOADHMACKEY_OLD 0 2066#define PKT_DSC_LOADHMACKEY_LOAD 1 2067#define PKT_DSC_LOADHMACKEY_LSB 63 2068#define PKT_DSC_LOADHMACKEY_BITS ONE_BIT 2069#define PKT_DSC_LOADHMACKEY_MASK \ 2070 (PKT_DSC_LOADHMACKEY_BITS << PKT_DSC_LOADHMACKEY_LSB) 2071 2072/* #define PKT_DSC_PADHASH */ 2073#define PKT_DSC_PADHASH_PADDED 0 2074#define PKT_DSC_PADHASH_PAD 1 /* requires padding */ 2075#define PKT_DSC_PADHASH_LSB 62 2076#define PKT_DSC_PADHASH_BITS ONE_BIT 2077#define PKT_DSC_PADHASH_MASK (PKT_DSC_PADHASH_BITS << PKT_DSC_PADHASH_LSB) 2078 2079/* #define PKT_DSC_HASHBYTES */ 2080#define PKT_DSC_HASHBYTES_ALL8 0 2081#define PKT_DSC_HASHBYTES_MSB 1 2082#define PKT_DSC_HASHBYTES_MSW 2 2083#define PKT_DSC_HASHBYTES_LSB 59 2084#define PKT_DSC_HASHBYTES_BITS THREE_BITS 2085#define PKT_DSC_HASHBYTES_MASK \ 2086 (PKT_DSC_HASHBYTES_BITS << PKT_DSC_HASHBYTES_LSB) 2087 2088/* #define PKT_DSC_NEXT */ 2089#define PKT_DSC_NEXT_FINISH 0 2090#define PKT_DSC_NEXT_DO 1 2091#define PKT_DSC_NEXT_LSB 58 2092#define PKT_DSC_NEXT_BITS ONE_BIT 2093#define PKT_DSC_NEXT_MASK (PKT_DSC_NEXT_BITS << PKT_DSC_NEXT_LSB) 2094 2095/* #define PKT_DSC_IV */ 2096#define PKT_DSC_IV_OLD 0 2097#define PKT_DSC_IV_NEW 1 2098#define PKT_DSC_IV_LSB 57 2099#define PKT_DSC_IV_BITS ONE_BIT 2100#define PKT_DSC_IV_MASK (PKT_DSC_IV_BITS << PKT_DSC_IV_LSB) 2101 2102/* #define PKT_DSC_IVOFF */ 2103#define PKT_DSC_IVOFF_LSB 54 2104#define PKT_DSC_IVOFF_BITS THREE_BITS 2105#define PKT_DSC_IVOFF_MASK (PKT_DSC_IVOFF_BITS << PKT_DSC_IVOFF_LSB) 2106 2107/* #define PKT_DSC_PKTLEN */ 2108#define PKT_DSC_PKTLEN_LSB 43 2109#define PKT_DSC_PKTLEN_BITS ELEVEN_BITS 2110#define PKT_DSC_PKTLEN_MASK (PKT_DSC_PKTLEN_BITS << PKT_DSC_PKTLEN_LSB) 2111 2112/* #define PKT_DSC_NLHMAC */ 2113#define PKT_DSC_NLHMAC_LSB 42 2114#define PKT_DSC_NLHMAC_BITS ONE_BIT 2115#define PKT_DSC_NLHMAC_MASK (PKT_DSC_NLHMAC_BITS << PKT_DSC_NLHMAC_LSB) 2116 2117/* #define PKT_DSC_BREAK */ 2118#define PKT_DSC_BREAK_OLD 0 2119#define PKT_DSC_BREAK_NEW 1 2120#define PKT_DSC_BREAK_LSB 41 2121#define PKT_DSC_BREAK_BITS ONE_BIT 2122#define PKT_DSC_BREAK_MASK (PKT_DSC_BREAK_BITS << PKT_DSC_BREAK_LSB) 2123 2124/* #define PKT_DSC_WAIT */ 2125#define PKT_DSC_WAIT_OLD 0 2126#define PKT_DSC_WAIT_NEW 1 2127#define PKT_DSC_WAIT_LSB 40 2128#define PKT_DSC_WAIT_BITS ONE_BIT 2129#define PKT_DSC_WAIT_MASK (PKT_DSC_WAIT_BITS << PKT_DSC_WAIT_LSB) 2130 2131/* #define PKT_DSC_SEGADDR */ 2132#define PKT_DSC_SEGADDR_LSB 5 2133#define PKT_DSC_SEGADDR_BITS FOURTY_BITS 2134#define PKT_DSC_SEGADDR_MASK \ 2135 (PKT_DSC_SEGADDR_BITS << PKT_DSC_SEGADDR_LSB) 2136 2137/* #define PKT_DSC_SRTCP */ 2138#define PKT_DSC_SRTCP_OFF 0 2139#define PKT_DSC_SRTCP_ON 1 2140#define PKT_DSC_SRTCP_LSB 4 2141#define PKT_DSC_SRTCP_BITS ONE_BIT 2142#define PKT_DSC_SRTCP_MASK (PKT_DSC_SRTCP_BITS << PKT_DSC_SRTCP_LSB) 2143 2144#define PKT_DSC_SEGOFFSET_LSB 0 2145#define PKT_DSC_SEGOFFSET_BITS THREE_BITS 2146#define PKT_DSC_SEGOFFSET_MASK \ 2147 (PKT_DSC_SEGOFFSET_BITS << PKT_DSC_SEGOFFSET_LSB) 2148 2149/* ********************************************************************** 2150 * PacketDescriptor_t.dstDataSettings 2151 * ********************************************************************** 2152 */ 2153/* #define PKT_DSC_ARC4BYTECOUNT */ 2154#define PKT_DSC_ARC4BYTECOUNT_ALL8 0 2155#define PKT_DSC_ARC4BYTECOUNT_MSB 1 2156#define PKT_DSC_ARC4BYTECOUNT_MSW 2 2157#define PKT_DSC_ARC4BYTECOUNT_LSB 60 2158#define PKT_DSC_ARC4BYTECOUNT_BITS THREE_BITS 2159#define PKT_DSC_ARC4BYTECOUNT_MASK (PKT_DSC_ARC4BYTECOUNT_BITS << PKT_DSC_ARC4BYTECOUNT_LSB) 2160 2161/* #define PKT_DSC_SYM_OP (symmetric key operation) */ 2162#define PKT_DSC_SYM_OP_DECRYPT 0 2163#define PKT_DSC_SYM_OP_ENCRYPT 1 2164#define PKT_DSC_SYM_OP_LSB 59 2165#define PKT_DSC_SYM_OP_BITS ONE_BIT 2166#define PKT_DSC_SYM_OP_MASK (PKT_DSC_SYM_OP_BITS << PKT_DSC_SYM_OP_LSB) 2167 2168/* #define PKT_DSC_CPHROFF */ 2169#define PKT_DSC_CPHROFF_LSB 56 2170#define PKT_DSC_CPHROFF_BITS THREE_BITS 2171#define PKT_DSC_CPHROFF_MASK (PKT_DSC_CPHROFF_BITS << PKT_DSC_CPHROFF_LSB) 2172 2173/* #define PKT_DSC_HASHOFF */ 2174#define PKT_DSC_HASHOFF_LSB 54 2175#define PKT_DSC_HASHOFF_BITS TWO_BITS 2176#define PKT_DSC_HASHOFF_MASK (PKT_DSC_HASHOFF_BITS << PKT_DSC_HASHOFF_LSB) 2177 2178/* #define PKT_DSC_HASHSRC */ 2179#define PKT_DSC_HASHSRC_DMA 0 2180#define PKT_DSC_HASHSRC_CIPHER 1 2181#define PKT_DSC_HASHSRC_LSB 53 2182#define PKT_DSC_HASHSRC_BITS ONE_BIT 2183#define PKT_DSC_HASHSRC_MASK (PKT_DSC_HASHSRC_BITS << PKT_DSC_HASHSRC_LSB) 2184 2185/* #define PKT_DSC_CKSUMOFF */ 2186#define PKT_DSC_CKSUMOFF_LSB 41 2187#define PKT_DSC_CKSUMOFF_BITS TWELVE_BITS 2188#define PKT_DSC_CKSUMOFF_MASK (PKT_DSC_CKSUMOFF_BITS << PKT_DSC_CKSUMOFF_LSB) 2189 2190/* #define PKT_DSC_CKSUMSRC */ 2191#define PKT_DSC_CKSUMSRC_DMA 0 2192#define PKT_DSC_CKSUMSRC_CIPHER 1 2193#define PKT_DSC_CKSUMSRC_LSB 40 2194#define PKT_DSC_CKSUMSRC_BITS ONE_BIT 2195#define PKT_DSC_CKSUMSRC_MASK (PKT_DSC_CKSUMSRC_BITS << PKT_DSC_CKSUMSRC_LSB) 2196 2197/* #define PKT_DSC_CPHR_DST_ADDR */ 2198#define PKT_DSC_CPHR_DST_ADDR_LSB 0 2199#define PKT_DSC_CPHR_DST_ADDR_BITS FOURTY_BITS 2200#define PKT_DSC_CPHR_DST_ADDR_MASK \ 2201 (PKT_DSC_CPHR_DST_ADDR_BITS << PKT_DSC_CPHR_DST_ADDR_LSB) 2202 2203/* #define PKT_DSC_CPHR_DST_DWOFFSET */ 2204#define PKT_DSC_CPHR_DST_DWOFFSET_LSB 3 2205#define PKT_DSC_CPHR_DST_DWOFFSET_BITS TWO_BITS 2206#define PKT_DSC_CPHR_DST_DWOFFSET_MASK \ 2207 (PKT_DSC_CPHR_DST_DWOFFSET_BITS << PKT_DSC_CPHR_DST_DWOFFSET_LSB) 2208 2209 /* #define PKT_DSC_CPHR_DST_OFFSET */ 2210#define PKT_DSC_CPHR_DST_OFFSET_LSB 0 2211#define PKT_DSC_CPHR_DST_OFFSET_BITS THREE_BITS 2212#define PKT_DSC_CPHR_DST_OFFSET_MASK \ 2213 (PKT_DSC_CPHR_DST_OFFSET_BITS << PKT_DSC_CPHR_DST_OFFSET_LSB) 2214 2215/* ********************************************************************** 2216 * PacketDescriptor_t.authDstNonceLow 2217 * ********************************************************************** 2218 */ 2219/* #define PKT_DSC_NONCE_LOW */ 2220#define PKT_DSC_NONCE_LOW_LSB 40 2221#define PKT_DSC_NONCE_LOW_BITS TWENTYFOUR_BITS 2222#define PKT_DSC_NONCE_LOW_MASK \ 2223 (PKT_DSC_NONCE_LOW_BITS << PKT_DSC_NONCE_LOW_LSB) 2224 2225/* #define PKT_DSC_AUTH_DST_ADDR */ 2226#define PKT_DSC_AUTH_DST_ADDR_LSB 0 2227#define PKT_DSC_AUTH_DST_ADDR_BITS FOURTY_BITS 2228#define PKT_DSC_AUTH_DST_ADDR_MASK \ 2229 (PKT_DSC_AUTH_DST_ADDR_BITS << PKT_DSC_AUTH_DST_ADDR_LSB) 2230 2231/* #define PKT_DSC_CIPH_OFF_HI */ 2232#define PKT_DSC_CIPH_OFF_HI_LSB 0 2233#define PKT_DSC_CIPH_OFF_HI_BITS FIVE_BITS 2234#define PKT_DSC_CIPH_OFF_HI_MASK (PKT_DSC_CIPH_OFF_HI_BITS << PKT_DSC_CIPH_OFF_HI_LSB) 2235 2236/* ********************************************************************** 2237 * PacketDescriptor_t.ckSumDstNonceHiCFBMaskLLWMask 2238 * ********************************************************************** 2239 */ 2240/* #define PKT_DSC_HASH_BYTE_OFF */ 2241#define PKT_DSC_HASH_BYTE_OFF_LSB 61 2242#define PKT_DSC_HASH_BYTE_OFF_BITS THREE_BITS 2243#define PKT_DSC_HASH_BYTE_OFF_MASK (PKT_DSC_HASH_BYTE_OFF_BITS << PKT_DSC_HASH_BYTE_OFF_LSB) 2244 2245/* #define PKT_DSC_PKTLEN_BYTES */ 2246#define PKT_DSC_PKTLEN_BYTES_LSB 58 2247#define PKT_DSC_PKTLEN_BYTES_BITS THREE_BITS 2248#define PKT_DSC_PKTLEN_BYTES_MASK (PKT_DSC_PKTLEN_BYTES_BITS << PKT_DSC_PKTLEN_BYTES_LSB) 2249 2250/* #define PKT_DSC_LASTWORD */ 2251#define PKT_DSC_LASTWORD_128 0 2252#define PKT_DSC_LASTWORD_96MASK 1 2253#define PKT_DSC_LASTWORD_64MASK 2 2254#define PKT_DSC_LASTWORD_32MASK 3 2255#define PKT_DSC_LASTWORD_LSB 56 2256#define PKT_DSC_LASTWORD_BITS TWO_BITS 2257#define PKT_DSC_LASTWORD_MASK (PKT_DSC_LASTWORD_BITS << PKT_DSC_LASTWORD_LSB) 2258 2259/* #define PKT_DSC_CFB_MASK */ 2260#define PKT_DSC_CFB_MASK_LSB 48 2261#define PKT_DSC_CFB_MASK_BITS EIGHT_BITS 2262#define PKT_DSC_CFB_MASK_MASK (PKT_DSC_CFB_MASK_BITS << PKT_DSC_CFB_MASK_LSB) 2263 2264/* #define PKT_DSC_NONCE_HI */ 2265#define PKT_DSC_NONCE_HI_LSB 40 2266#define PKT_DSC_NONCE_HI_BITS EIGHT_BITS 2267#define PKT_DSC_NONCE_HI_MASK (PKT_DSC_NONCE_HI_BITS << PKT_DSC_NONCE_HI_LSB) 2268 2269/* #define PKT_DSC_CKSUM_DST_ADDR */ 2270#define PKT_DSC_CKSUM_DST_ADDR_LSB 5 2271#define PKT_DSC_CKSUM_DST_ADDR_BITS THIRTY_FIVE_BITS 2272#define PKT_DSC_CKSUM_DST_ADDR_MASK (PKT_DSC_CKSUM_DST_ADDR_BITS << PKT_DSC_CKSUM_DST_ADDR_LSB) 2273 2274/* #define PKT_DSC_IV_OFF_HI */ 2275#define PKT_DSC_IV_OFF_HI_LSB 0 2276#define PKT_DSC_IV_OFF_HI_BITS FIVE_BITS 2277#define PKT_DSC_IV_OFF_HI_MASK (PKT_DSC_IV_OFF_HI_BITS << PKT_DSC_IV_OFF_HI_LSB) 2278 2279 2280/* ****************************************************************** 2281 * Control Error Code and Conditions 2282 * ****************************************************************** 2283 */ 2284#define CTL_ERR_NONE 0x0000 /* No Error */ 2285#define CTL_ERR_CIPHER_OP 0x0001 /* Unknown Cipher Op */ 2286#define CTL_ERR_MODE 0x0002 /* Unknown or Not Allowed Mode */ 2287#define CTL_ERR_CHKSUM_SRC 0x0004 /* Unknown CkSum Src - UNUSED */ 2288#define CTL_ERR_CFB_MASK 0x0008 /* Forbidden CFB Mask - UNUSED */ 2289#define CTL_ERR_OP 0x0010 /* Unknown Ctrl Op - UNUSED */ 2290#define CTL_ERR_UNDEF1 0x0020 /* UNUSED */ 2291#define CTL_ERR_UNDEF2 0x0040 /* UNUSED */ 2292#define CTL_ERR_DATA_READ 0x0080 /* Data Read Error */ 2293#define CTL_ERR_DESC_CTRL 0x0100 /* Descriptor Ctrl Field Error */ 2294 2295#define CTL_ERR_TIMEOUT 0x1000 /* Message Response Timeout */ 2296 2297/* ****************************************************************** 2298 * Data Error Code and Conditions 2299 * ****************************************************************** 2300 */ 2301#define DATA_ERR_NONE 0x0000 /* No Error */ 2302#define DATA_ERR_LEN_CIPHER 0x0001 /* Not Enough Data To Cipher */ 2303#define DATA_ERR_IV_ADDR 0x0002 /* Illegal IV Loacation */ 2304#define DATA_ERR_WD_LEN_AES 0x0004 /* Illegal Nb Words To AES */ 2305#define DATA_ERR_BYTE_COUNT 0x0008 /* Illegal Pad And ByteCount Spec */ 2306#define DATA_ERR_LEN_CKSUM 0x0010 /* Not Enough Data To CkSum */ 2307#define DATA_ERR_OP 0x0020 /* Unknown Data Op */ 2308#define DATA_ERR_UNDEF1 0x0040 /* UNUSED */ 2309#define DATA_ERR_READ 0x0080 /* Data Read Error */ 2310#define DATA_ERR_WRITE 0x0100 /* Data Write Error */ 2311 2312 2313/* 2314 * Common Descriptor 2315 * NOTE: Size of struct is size of cacheline. 2316 */ 2317 2318typedef struct OperationDescriptor_s { 2319 uint64_t phys_self; 2320 uint32_t stn_id; 2321 uint32_t flags; 2322 uint32_t cpu; 2323 uint32_t seq_num; 2324 uint64_t vaddr; 2325} OperationDescriptor_t, *OperationDescriptor_pt; 2326 2327 2328/* 2329 * This defines the security data descriptor format 2330 */ 2331typedef struct PacketDescriptor_s { 2332 uint64_t srcLengthIVOffUseIVNext; 2333 uint64_t dstDataSettings; 2334 uint64_t authDstNonceLow; 2335 uint64_t ckSumDstNonceHiCFBMaskLLWMask; 2336} PacketDescriptor_t, *PacketDescriptor_pt; 2337 2338typedef struct { 2339 uint8_t *user_auth; 2340 uint8_t *user_src; 2341 uint8_t *user_dest; 2342 uint8_t *user_state; 2343 uint8_t *kern_auth; 2344 uint8_t *kern_src; 2345 uint8_t *kern_dest; 2346 uint8_t *kern_state; 2347 uint8_t *aligned_auth; 2348 uint8_t *aligned_src; 2349 uint8_t *aligned_dest; 2350 uint8_t *aligned_state; 2351} xlr_sec_drv_user_t, *xlr_sec_drv_user_pt; 2352 2353typedef struct symkey_desc { 2354 OperationDescriptor_t op_ctl; /* size is cacheline */ 2355 PacketDescriptor_t pkt_desc[2]; /* size is cacheline */ 2356 ControlDescriptor_t ctl_desc; /* makes this aligned */ 2357 uint64_t control; /* message word0 */ 2358 uint64_t data; /* message word1 */ 2359 uint64_t ctl_result; 2360 uint64_t data_result; 2361 struct symkey_desc *alloc; /* real allocated addr */ 2362 xlr_sec_drv_user_t user; 2363 //volatile atomic_t flag_complete; 2364 //struct semaphore sem_complete; 2365 //wait_queue_t submit_wait; 2366 2367 uint8_t *next_src_buf; 2368 uint32_t next_src_len; 2369 2370 uint8_t *next_dest_buf; 2371 uint32_t next_dest_len; 2372 2373 uint8_t *next_auth_dest; 2374 uint8_t *next_cksum_dest; 2375 2376 void *ses; 2377} symkey_desc_t, *symkey_desc_pt; 2378 2379 2380/* 2381 * ************************************************************************** 2382 * RSA Block 2383 * ************************************************************************** 2384 */ 2385 2386/* 2387 * RSA and ECC Block 2388 * ================= 2389 * 2390 * A 2-word message ring descriptor is used to pass all information 2391 * pertaining to the RSA or ECC operation: 2392 * 2393 * 63 61 60 54 53 52 40 39 5 4 3 2 0 2394 * ----------------------------------------------------------------------------------------------------- 2395 * | Ctrl | Op Class | Valid Op | Op Ctrl0 | Source Addr | Software Scratch0 | Global src data offset | 2396 * ----------------------------------------------------------------------------------------------------- 2397 * 3 7 1 13 35 2 3 2398 * 2399 * 2400 * 63 61 60 54 53 52 51 50 40 39 5 4 3 2 0 2401 * -------------------------------------------------------------------------------------------------------------------------------- 2402 * | Ctrl | Destination Id | WRB_COH | WRB_L2ALLOC | DF_L2ALLOC | Op Ctrl1 | Dest Addr | Software Scratch1 | Global dst data offset | 2403 * -------------------------------------------------------------------------------------------------------------------------------- 2404 * 3 7 1 1 1 11 35 2 3 2405 * 2406 * 2407 * Op Class = 7'h0_0 Modular exponentiation 2408 * 7'h0_1 ECC (including prime modular ops and binary GF ops) 2409 * REMAINDER UNDEF 2410 * 2411 * Valid Op = 1'b1 Will cause operation to start; descriptors sent back at end of operation 2412 * 1'b0 No operation performed; descriptors sent back right away 2413 * 2414 * RSA ECC 2415 * === === 2416 * Op Ctrl0 = BlockWidth[1] {TYPE[6:0], FUNCTION[5:0]} 2417 * LoadConstant[1] 2418 * ExponentWidth[10:0] 2419 * RSA Only 2420 * ======== 2421 * Block Width = 1'b1 1024 bit op 2422 * = 1'b0 512 bit op 2423 * Load Constant = 1'b1 Load constant from data structure 2424 * 1'b0 Preserve old constant (this assumes 2425 * Source Addr points to RSAData_pt->Exponent 2426 * or that the length of Constant is 0) 2427 * Exponent Width = 11-bit expression of exponent width EXPRESSED IN NUMBER OF BITS 2428 * 2429 * ECC Only 2430 * ======== 2431 * 2432 * TYPE = 7'h0_0 ECC prime 160 2433 * 7'h0_1 ECC prime 192 2434 * 7'h0_2 ECC prime 224 2435 * 7'h0_3 ECC prime 256 2436 * 7'h0_4 ECC prime 384 2437 * 7'h0_5 ECC prime 512 2438 * 2439 * 7'h0_6 through 7'h1_f UNDEF 2440 * 2441 * 7'h2_0 ECC bin 163 2442 * 7'h2_1 ECC bin 191 2443 * 7'h2_2 ECC bin 233 2444 * 2445 * 7'h2_3 through 7'h6_f UNDEF 2446 * 2447 * 7'h7_0 ECC UC load 2448 * 2449 * 7'b7_1 through 7'b7_f UNDEF 2450 * 2451 * Prime field Binary field 2452 * =========== ============ 2453 * FUNCTION = 6'h0_0 Point multiplication R = k.P Point multiplication R = k.P 2454 * 6'h0_1 Point addition R = P + Q Binary GF inversion C(x) = 1 / A(x) mod F(x) 2455 * 6'h0_2 Point double R = 2 x P Binary GF multiplication C(x) = B(x) * A(x) mod F(x) 2456 * 6'h0_3 Point verification R ? Binary GF addition C(x) = B(x) + A(x) mod F(x) 2457 * 6'h0_4 Modular addition c = x + y mod m UNDEF 2458 * 6'h0_5 Modular substraction c = x - y mod m UNDEF 2459 * 6'h0_6 Modular multiplication c = x * y mod m UNDEF 2460 * 6'h0_7 Modular division c = x / y mod m UNDEF 2461 * 6'h0_8 Modular inversion c = 1 / y mod m UNDEF 2462 * 6'h0_9 Modular reduction c = x mod m UNDEF 2463 * 2464 * 6'h0_a 2465 * through UNDEF UNDEF 2466 * 6'h3_f 2467 * 2468 * Source Addr = 35 MSB of pointer to source address (i.e., cache-line aligned) 2469 * 2470 * Software Scratch0 = Two bit field ignored by engine and returned as is in free descriptor 2471 * 2472 * Global src data offset = Nb BYTES to right-shift data by before presenting it to engines 2473 * (0-7); allows realignment of byte-aligned, non-double-word aligned data 2474 * 2475 * RSA ECC 2476 * === === 2477 * OpCtrl1 = ModulusWidth[10:0] Not used 2478 * RSA Only 2479 * ======== 2480 * Modulus Width = 11-bit expression of modulus width EXPRESSED IN NUMBER OF BITS 2481 * 2482 * Dest Addr = 35 MSB of pointer to destination address (i.e., cache-line aligned) 2483 * 2484 * Software Scratch1 = Two bit field ignored by engine and returned as is in free descriptor 2485 * 2486 * Global dst data offset = Nb BYTES to left-shift (double-word boundary aligned) data by before writing it to memory 2487 * 2488 * 2489 */ 2490 2491/* 2492 * ECC data formats 2493 */ 2494 2495/********************************************************** 2496 * * 2497 * ECC prime data formats * 2498 * * 2499 ********************************************************** 2500 * 2501 * 2502 * The size of all quantities below is that of the precision 2503 * of the chosen op (160, 192, ...) ROUNDED UP to a multiple 2504 * of 8 bytes, i.e., 3 dwords (160, 192), 4 dwords (224, 256) 2505 * 6 dwords (384) and 8 dwords (512) and padded with zeroes 2506 * when necessary. 2507 * 2508 * The only exception to this is the key quantity (k) which 2509 * needs to be rounded up to 32 bytes in all cases and padded 2510 * with zeroes; therefore the key needs to be 4 dwords (160, 192, 2511 * 224, 256) or 8 dwords (384, 512) 2512 * 2513 * The total lengths in dwords that are read and in 2514 * bytes that are written, for each operation and 2515 * length group, are specified at the bottom of each 2516 * datastructure. 2517 * 2518 * In all that follows, m is the modulus and cst is the constant, 2519 * cst = 2 ^ (2*length + 4) mod m . a and b are the curve 2520 * parameters. 2521 * 2522 * 0) UC load 2523 * 2524 * DATA IN DATA OUT 2525 * ======= ======== 2526 * src+glb_off-> Dword_0 N/A 2527 * . 2528 * . 2529 * . 2530 * Dword_331 2531 * 332 dw 2532 * 2533 * 1) Point multiplication R(x_r, y_r) = k . P(x_p, y_p) 2534 * 2535 * DATA IN DATA OUT 2536 * ======= ======== 2537 * src+glb_off-> x_p dst+glb_off-> x_r 2538 * x_p y_r 2539 * y_p 2x(3/4/6/8)= 2540 * y_p 6/8/12/16 dw 2541 * a 2542 * k 2543 * m 2544 * cst 2545 * 7x(3/4/6/8)+(4/4/8/8)= 2546 * 25/32/50/64 dw 2547 * 2548 * 2) Point addition R(x_r, y_r) = P(x_p, y_p) + Q(x_q, y_q) 2549 * 2550 * DATA IN DATA OUT 2551 * ======= ======== 2552 * src+glb_off-> x_p dst+glb_off-> x_r 2553 * y_p y_r 2554 * x_q 2x(3/4/6/8)= 2555 * y_q 6/8/12/16 dw 2556 * a 2557 * m 2558 * cst 2559 * 7x(3/4/6/8)= 2560 * 21/28/42/56 dw 2561 * 2562 * 3) Point double R(x_r, y_r) = 2 . P(x_p, y_p) 2563 * 2564 * DATA IN DATA OUT 2565 * ======= ======== 2566 * src+glb_off-> x_p dst+glb_off-> x_r 2567 * y_p y_r 2568 * a 2x(3/4/6/8)= 2569 * m 6/8/12/16 dw 2570 * cst 2571 * 5x(3/4/6/8)= 2572 * 15/20/30/40 dw 2573 * 2574 * 4) Point verification Is_On_Curve = P(x_p, y_p) on curve ? 1 : 0 2575 * 2576 * DATA IN DATA OUT 2577 * ======= ======== 2578 * src+glb_off-> x_p dst+glb_off-> Is_On_Curve 2579 * y_p 1 dw 2580 * a 2581 * b 2582 * m 2583 * cst 2584 * 6x(3/4/6/8)= 2585 * 18/24/36/48 dw 2586 * 2587 * 5) Modular addition c = x + y mod m 2588 * 2589 * DATA IN DATA OUT 2590 * ======= ======== 2591 * src+glb_off-> x dst+glb_off-> c 2592 * y 3/4/6/8 dw 2593 * m 2594 * 3x(3/4/6/8)= 2595 * 9/12/18/24 dw 2596 * 2597 * 6) Modular substraction c = x - y mod m 2598 * 2599 * DATA IN DATA OUT 2600 * ======= ======== 2601 * src+glb_off-> x dst+glb_off-> c 2602 * y 3/4/6/8 dw 2603 * m 2604 * 3x(3/4/6/8)= 2605 * 9/12/18/24 dw 2606 * 2607 * 7) Modular multiplication c = x * y mod m 2608 * 2609 * DATA IN DATA OUT 2610 * ======= ======== 2611 * src+glb_off-> x dst+glb_off-> c 2612 * y 3/4/6/8 dw 2613 * m 2614 * cst 2615 * 4x(3/4/6/8)= 2616 * 12/16/24/32 dw 2617 * 2618 * 8) Modular division c = x / y mod m 2619 * 2620 * DATA IN DATA OUT 2621 * ======= ======== 2622 * src+glb_off-> y dst+glb_off-> c 2623 * x 3/4/6/8 dw 2624 * m 2625 * 3x(3/4/6/8)= 2626 * 9/12/18/24 dw 2627 * 2628 * 9) Modular inversion c = 1 / y mod m 2629 * 2630 * DATA IN DATA OUT 2631 * ======= ======== 2632 * src+glb_off-> y dst+glb_off-> c 2633 * m 3/4/6/8 dw 2634 * 2x(3/4/6/8)= 2635 * 6/8/12/16 dw 2636 * 2637 * 10) Modular reduction c = x mod m 2638 * 2639 * DATA IN DATA OUT 2640 * ======= ======== 2641 * src+glb_off-> x dst+glb_off-> c 2642 * m 3/4/6/8 dw 2643 * 2x(3/4/6/8)= 2644 * 6/8/12/16 dw 2645 * 2646 */ 2647 2648/********************************************************** 2649 * * 2650 * ECC binary data formats * 2651 * * 2652 ********************************************************** 2653 * 2654 * 2655 * The size of all quantities below is that of the precision 2656 * of the chosen op (163, 191, 233) ROUNDED UP to a multiple 2657 * of 8 bytes, i.e. 3 dwords for (163, 191) and 4 dwords for 2658 * (233), padded with zeroes as necessary. 2659 * 2660 * The total lengths in dwords that are read and written, 2661 * for each operation and length group, are specified 2662 * at the bottom of each datastructure. 2663 * In all that follows, b is the curve parameter. 2664 * 2665 * 1) Point multiplication R(x_r, y_r) = k . P(x_p, y_p) 2666 * 2667 * DATA IN DATA OUT 2668 * ======= ======== 2669 * src+glb_off-> b dst+glb_off-> x_r 2670 * k y_r 2671 * x_p 2x(3/4) 2672 * y_p 6/8 dw 2673 * 4x(3/4)= 2674 * 12/16 dw 2675 * 2676 * 2) Binary GF inversion C(x) = 1 / A(x) mod F(x) 2677 * 2678 * DATA IN DATA OUT 2679 * ======= ======== 2680 * src+glb_off-> A dst+glb_off-> C 2681 * 1x(3/4)= 1x(3/4) 2682 * 3/4 dw 3/4 dw 2683 * 2684 * 3) Binary GF multiplication C(x) = B(x) * A(x) mod F(x) 2685 * 2686 * DATA IN DATA OUT 2687 * ======= ======== 2688 * src+glb_off-> A dst+glb_off-> C 2689 * B 1x(3/4) 2690 * 2x(3/4)= 3/4 dw 2691 * 6/8 dw 2692 * 2693 * 4) Binary GF addition C(x) = B(x) + A(x) mod F(x) 2694 * 2695 * DATA IN DATA OUT 2696 * ======= ======== 2697 * src+glb_off-> A dst+glb_off-> C 2698 * B 1x(3/4) 2699 * 2x(3/4)= 3/4 dw 2700 * 6/8dw 2701 * 2702 */ 2703 2704/* 2705 * RSA data format 2706 */ 2707 2708/* 2709 * IMPORTANT NOTE: 2710 * 2711 * As specified in the datastructures below, 2712 * the engine assumes all data (including 2713 * exponent and modulus) to be adjacent on 2714 * dword boundaries, e.g., 2715 * 2716 * Operation length = 512 bits 2717 * Exponent length = 16 bits 2718 * Modulus length = 512 bits 2719 * 2720 * The engine expects to read: 2721 * 2722 * 63 0 2723 * ----------------------- 2724 * | | Constant0 2725 * ----------------------- 2726 * | | Constant1 2727 * ----------------------- 2728 * | | Constant2 2729 * ----------------------- 2730 * | | Constant3 2731 * ----------------------- 2732 * | | Constant4 2733 * ----------------------- 2734 * | | Constant5 2735 * ----------------------- 2736 * | | Constant6 2737 * ----------------------- 2738 * | | Constant7 2739 * ----------------------- 2740 * | IGNORED |B1|B0| Exponent0 (Exponent length = 16 bits = 2 bytes, so only 2 least significant bytes of exponent used) 2741 * ----------------------- 2742 * | | Modulus0 2743 * ----------------------- 2744 * | | Modulus1 2745 * ----------------------- 2746 * | | Modulus2 2747 * ----------------------- 2748 * | | Modulus3 2749 * ----------------------- 2750 * | | Modulus4 2751 * ----------------------- 2752 * | | Modulus5 2753 * ----------------------- 2754 * | | Modulus6 2755 * ----------------------- 2756 * | | Modulus7 2757 * ----------------------- 2758 * | | Message0 2759 * ----------------------- 2760 * | | Message1 2761 * ----------------------- 2762 * | | Message2 2763 * ----------------------- 2764 * | | Message3 2765 * ----------------------- 2766 * | | Message4 2767 * ----------------------- 2768 * | | Message5 2769 * ----------------------- 2770 * | | Message6 2771 * ----------------------- 2772 * | | Message7 2773 * ----------------------- 2774 * 2775 */ 2776 2777/* #define PUBKEY_CTL_CTL */ 2778#define PUBKEY_CTL_CTL_LSB 61 2779#define PUBKEY_CTL_CTL_BITS THREE_BITS 2780#define PUBKEY_CTL_CTL_MASK (PUBKEY_CTL_CTL_BITS << PUBKEY_CTL_CTL_LSB) 2781 2782/* #define PUBKEY_CTL_OP_CLASS */ 2783#define PUBKEY_CTL_OP_CLASS_RSA 0 2784#define PUBKEY_CTL_OP_CLASS_ECC 1 2785#define PUBKEY_CTL_OP_CLASS_LSB 54 2786#define PUBKEY_CTL_OP_CLASS_BITS SEVEN_BITS 2787#define PUBKEY_CTL_OP_CLASS_MASK (PUBKEY_CTL_OP_CLASS_BITS << PUBKEY_CTL_OP_CLASS_LSB) 2788 2789/* #define PUBKEY_CTL_VALID */ 2790#define PUBKEY_CTL_VALID_FALSE 0 2791#define PUBKEY_CTL_VALID_TRUE 1 2792#define PUBKEY_CTL_VALID_LSB 53 2793#define PUBKEY_CTL_VALID_BITS ONE_BIT 2794#define PUBKEY_CTL_VALID_MASK \ 2795 (PUBKEY_CTL_VALID_BITS << PUBKEY_CTL_VALID_LSB) 2796 2797/* #define PUBKEY_CTL_ECC_TYPE */ 2798#define PUBKEY_CTL_ECC_TYPE_PRIME_160 0 2799#define PUBKEY_CTL_ECC_TYPE_PRIME_192 1 2800#define PUBKEY_CTL_ECC_TYPE_PRIME_224 2 2801#define PUBKEY_CTL_ECC_TYPE_PRIME_256 3 2802#define PUBKEY_CTL_ECC_TYPE_PRIME_384 4 2803#define PUBKEY_CTL_ECC_TYPE_PRIME_512 5 2804#define PUBKEY_CTL_ECC_TYPE_BIN_163 0x20 2805#define PUBKEY_CTL_ECC_TYPE_BIN_191 0x21 2806#define PUBKEY_CTL_ECC_TYPE_BIN_233 0x22 2807#define PUBKEY_CTL_ECC_TYPE_UC_LOAD 0x70 2808#define PUBKEY_CTL_ECC_TYPE_LSB 46 2809#define PUBKEY_CTL_ECC_TYPE_BITS SEVEN_BITS 2810#define PUBKEY_CTL_ECC_TYPE_MASK (PUBKEY_CTL_ECC_TYPE_BITS << PUBKEY_CTL_ECC_TYPE_LSB) 2811 2812/* #define PUBKEY_CTL_ECC_FUNCTION */ 2813#define PUBKEY_CTL_ECC_FUNCTION_NOP 0 2814#define PUBKEY_CTL_ECC_FUNCTION_POINT_MUL 0 2815#define PUBKEY_CTL_ECC_FUNCTION_POINT_ADD 1 2816#define PUBKEY_CTL_ECC_FUNCTION_POINT_DBL 2 2817#define PUBKEY_CTL_ECC_FUNCTION_POINT_VFY 3 2818#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_ADD 4 2819#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_SUB 5 2820#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_MUL 6 2821#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_DIV 7 2822#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_INV 8 2823#define PUBKEY_CTL_ECC_FUNCTION_MODULAR_RED 9 2824#define PUBKEY_CTL_ECC_FUNCTION_LSB 40 2825#define PUBKEY_CTL_ECC_FUNCTION_BITS SIX_BITS 2826#define PUBKEY_CTL_ECC_FUNCTION_MASK (PUBKEY_CTL_ECC_FUNCTION_BITS << PUBKEY_CTL_ECC_FUNCTION_LSB) 2827 2828/* #define PUBKEY_CTL_BLKWIDTH */ 2829#define PUBKEY_CTL_BLKWIDTH_512 0 2830#define PUBKEY_CTL_BLKWIDTH_1024 1 2831#define PUBKEY_CTL_BLKWIDTH_LSB 52 2832#define PUBKEY_CTL_BLKWIDTH_BITS ONE_BIT 2833#define PUBKEY_CTL_BLKWIDTH_MASK \ 2834 (PUBKEY_CTL_BLKWIDTH_BITS << PUBKEY_CTL_BLKWIDTH_LSB) 2835 2836/* #define PUBKEY_CTL_LD_CONST */ 2837#define PUBKEY_CTL_LD_CONST_OLD 0 2838#define PUBKEY_CTL_LD_CONST_NEW 1 2839#define PUBKEY_CTL_LD_CONST_LSB 51 2840#define PUBKEY_CTL_LD_CONST_BITS ONE_BIT 2841#define PUBKEY_CTL_LD_CONST_MASK \ 2842 (PUBKEY_CTL_LD_CONST_BITS << PUBKEY_CTL_LD_CONST_LSB) 2843 2844/* #define PUBKEY_CTL_EXPWIDTH */ 2845#define PUBKEY_CTL_EXPWIDTH_LSB 40 2846#define PUBKEY_CTL_EXPWIDTH_BITS ELEVEN_BITS 2847#define PUBKEY_CTL_EXPWIDTH_MASK \ 2848 (PUBKEY_CTL_EXPWIDTH_BITS << PUBKEY_CTL_EXPWIDTH_LSB) 2849 2850/* #define PUBKEY_CTL_SRCADDR */ 2851#define PUBKEY_CTL_SRCADDR_LSB 0 2852#define PUBKEY_CTL_SRCADDR_BITS FOURTY_BITS 2853#define PUBKEY_CTL_SRCADDR_MASK \ 2854 (PUBKEY_CTL_SRCADDR_BITS << PUBKEY_CTL_SRCADDR_LSB) 2855 2856/* #define PUBKEY_CTL_SRC_OFFSET */ 2857#define PUBKEY_CTL_SRC_OFFSET_LSB 0 2858#define PUBKEY_CTL_SRC_OFFSET_BITS THREE_BITS 2859#define PUBKEY_CTL_SRC_OFFSET_MASK \ 2860 (PUBKEY_CTL_SRC_OFFSET_BITS << PUBKEY_CTL_SRC_OFFSET_LSB) 2861 2862 2863/* #define PUBKEY_CTL1_CTL */ 2864#define PUBKEY_CTL1_CTL_LSB 61 2865#define PUBKEY_CTL1_CTL_BITS THREE_BITS 2866#define PUBKEY_CTL1_CTL_MASK (PUBKEY_CTL_CTL_BITS << PUBKEY_CTL_CTL_LSB) 2867 2868/* #define PUBKEY_CTL1_MODWIDTH */ 2869#define PUBKEY_CTL1_MODWIDTH_LSB 40 2870#define PUBKEY_CTL1_MODWIDTH_BITS ELEVEN_BITS 2871#define PUBKEY_CTL1_MODWIDTH_MASK \ 2872 (PUBKEY_CTL1_MODWIDTH_BITS << PUBKEY_CTL1_MODWIDTH_LSB) 2873 2874/* #define PUBKEY_CTL1_DSTADDR */ 2875#define PUBKEY_CTL1_DSTADDR_LSB 0 2876#define PUBKEY_CTL1_DSTADDR_BITS FOURTY_BITS 2877#define PUBKEY_CTL1_DSTADDR_MASK \ 2878 (PUBKEY_CTL1_DSTADDR_BITS << PUBKEY_CTL1_DSTADDR_LSB) 2879 2880/* #define PUBKEY_CTL1_DST_OFFSET */ 2881#define PUBKEY_CTL1_DST_OFFSET_LSB 0 2882#define PUBKEY_CTL1_DST_OFFSET_BITS THREE_BITS 2883#define PUBKEY_CTL1_DST_OFFSET_MASK \ 2884 (PUBKEY_CTL1_DST_OFFSET_BITS << PUBKEY_CTL1_DST_OFFSET_LSB) 2885 2886/* 2887 * Upon completion of operation, the RSA block returns a 2-word free descriptor 2888 * in the following format: 2889 * 2890 * 63 61 60 54 53 52 51 49 48 40 39 5 4 3 2 0 2891 * ------------------------------------------------------------------------------------------------------------------------- 2892 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address | Software Scratch0 | Global src data offset | 2893 * ------------------------------------------------------------------------------------------------------------------------- 2894 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address | Software Scratch1 | Global dst data offset | 2895 * ------------------------------------------------------------------------------------------------------------------------- 2896 * 2897 * The Control and Data Error codes are enumerated below 2898 * 2899 * Error conditions 2900 * ================ 2901 * 2902 * Control Error Code Control Error Condition 2903 * ------------------ ----------------------- 2904 * 9'h000 No Error 2905 * 9'h001 Undefined Op Class 2906 * 9'h002 Undefined ECC TYPE (ECC only) 2907 * 9'h004 Undefined ECC FUNCTION (ECC only) 2908 * 9'h008 ECC timeout (ECC only) 2909 * 9'h010 UNUSED 2910 * 9'h020 UNUSED 2911 * 9'h040 UNUSED 2912 * 9'h080 Data Read Error 2913 * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP) 2914 * 2915 * Data Error Code Data Error Condition 2916 * --------------- -------------------- 2917 * 9'h000 No Error 2918 * 9'h001 Exponent Width > Block Width (RSA Only) 2919 * 9'h002 Modulus Width > Block Width (RSA Only) 2920 * 9'h004 UNUSED 2921 * 9'h008 UNUSED 2922 * 9'h010 UNUSED 2923 * 9'h020 UNUSED 2924 * 9'h040 UNUSED 2925 * 9'h080 Data Read Error 2926 * 9'h100 UNUSED 2927 */ 2928 2929/* 2930 * Result Data Word for Message Ring Descriptor 2931 */ 2932 2933/* #define PUBKEY_RSLT_CTL_CTL */ 2934#define PUBKEY_RSLT_CTL_CTL_LSB 61 2935#define PUBKEY_RSLT_CTL_CTL_BITS THREE_BITS 2936#define PUBKEY_RSLT_CTL_CTL_MASK \ 2937 (PUBKEY_RSLT_CTL_CTL_BITS << PUBKEY_RSLT_CTL_CTL_LSB) 2938 2939/* #define PUBKEY_RSLT_CTL_DST_ID */ 2940#define PUBKEY_RSLT_CTL_DST_ID_LSB 54 2941#define PUBKEY_RSLT_CTL_DST_ID_BITS SEVEN_BITS 2942#define PUBKEY_RSLT_CTL_DST_ID_MASK \ 2943 (PUBKEY_RSLT_CTL_DST_ID_BITS << PUBKEY_RSLT_CTL_DST_ID_LSB) 2944 2945/* #define PUBKEY_RSLT_CTL_DESC_CTL */ 2946#define PUBKEY_RSLT_CTL_DESC_CTL_LSB 49 2947#define PUBKEY_RSLT_CTL_DESC_CTL_BITS THREE_BITS 2948#define PUBKEY_RSLT_CTL_DESC_CTL_MASK \ 2949 (PUBKEY_RSLT_CTL_DESC_CTL_BITS << PUBKEY_RSLT_CTL_DESC_CTL_LSB) 2950 2951 2952/* #define PUBKEY_RSLT_CTL_ERROR */ 2953#define PUBKEY_RSLT_CTL_ERROR_LSB 40 2954#define PUBKEY_RSLT_CTL_ERROR_BITS NINE_BITS 2955#define PUBKEY_RSLT_CTL_ERROR_MASK \ 2956 (PUBKEY_RSLT_CTL_ERROR_BITS << PUBKEY_RSLT_CTL_ERROR_LSB) 2957 2958/* #define PUBKEY_RSLT_CTL_SRCADDR */ 2959#define PUBKEY_RSLT_CTL_SRCADDR_LSB 0 2960#define PUBKEY_RSLT_CTL_SRCADDR_BITS FOURTY_BITS 2961#define PUBKEY_RSLT_CTL_SRCADDR_MASK \ 2962 (PUBKEY_RSLT_CTL_SRCADDR_BITS << PUBKEY_RSLT_CTL_SRCADDR_LSB) 2963 2964 2965/* #define PUBKEY_RSLT_DATA_CTL */ 2966#define PUBKEY_RSLT_DATA_CTL_LSB 61 2967#define PUBKEY_RSLT_DATA_CTL_BITS THREE_BITS 2968#define PUBKEY_RSLT_DATA_CTL_MASK \ 2969 (PUBKEY_RSLT_DATA_CTL_BITS << PUBKEY_RSLT_DATA_CTL_LSB) 2970 2971/* #define PUBKEY_RSLT_DATA_DST_ID */ 2972#define PUBKEY_RSLT_DATA_DST_ID_LSB 54 2973#define PUBKEY_RSLT_DATA_DST_ID_BITS SEVEN_BITS 2974#define PUBKEY_RSLT_DATA_DST_ID_MASK \ 2975 (PUBKEY_RSLT_DATA_DST_ID_BITS << PUBKEY_RSLT_DATA_DST_ID_LSB) 2976 2977/* #define PUBKEY_RSLT_DATA_DESC_CTL */ 2978#define PUBKEY_RSLT_DATA_DESC_CTL_LSB 49 2979#define PUBKEY_RSLT_DATA_DESC_CTL_BITS THREE_BITS 2980#define PUBKEY_RSLT_DATA_DESC_CTL_MASK \ 2981 (PUBKEY_RSLT_DATA_DESC_CTL_BITS << PUBKEY_RSLT_DATA_DESC_CTL_LSB) 2982 2983/* #define PUBKEY_RSLT_DATA_ERROR */ 2984#define PUBKEY_RSLT_DATA_ERROR_LSB 40 2985#define PUBKEY_RSLT_DATA_ERROR_BITS NINE_BITS 2986#define PUBKEY_RSLT_DATA_ERROR_MASK \ 2987 (PUBKEY_RSLT_DATA_ERROR_BITS << PUBKEY_RSLT_DATA_ERROR_LSB) 2988 2989/* #define PUBKEY_RSLT_DATA_DSTADDR */ 2990#define PUBKEY_RSLT_DATA_DSTADDR_LSB 40 2991#define PUBKEY_RSLT_DATA_DSTADDR_BITS FOURTY_BITS 2992#define PUBKEY_RSLT_DATA_DSTADDR_MASK \ 2993 (PUBKEY_RSLT_DATA_DSTADDR_BITS << PUBKEY_RSLT_DATA_DSTADDR_LSB) 2994 2995/* 2996 * ****************************************************************** 2997 * RSA Block - Data Error Code and Conditions 2998 * ****************************************************************** 2999 */ 3000 3001#define PK_CTL_ERR_NONE 0x0000 /* No Error */ 3002#define PK_CTL_ERR_OP_CLASS 0x0001 /* Undefined Op Class */ 3003#define PK_CTL_ERR_ECC_TYPE 0x0002 /* Undefined ECC TYPE (ECC only) */ 3004#define PK_CTL_ERR_ECC_FUNCT 0x0004 /* Undefined ECC FUNCTION (ECC only) */ 3005#define PK_CTL_ERR_ECC_TIMEOUT 0x0008 /* ECC timeout (ECC only) */ 3006#define PK_CTL_ERR_READ 0x0080 /* Data Read Error */ 3007#define PK_CTL_ERR_DESC 0x0100 /* Descriptor Ctrl Field Error 3008 * (D0.Ctrl != SOP || D1.Ctrl != EOP) */ 3009#define PK_CTL_ERR_TIMEOUT 0x1000 /* Message Responce Timeout */ 3010 3011#define PK_DATA_ERR_NONE 0x0000 /* No Error */ 3012#define PK_DATA_ERR_EXP_WIDTH 0x0001 /* Exponent Width > Block Width */ 3013#define PK_DATA_ERR_MOD_WIDTH 0x0002 /* Modulus Width > Block Width */ 3014#define PK_DATA_ERR_READ 0x0080 /* Data Read Error */ 3015 3016 3017/* 3018 * This defines the RSA data format 3019 */ 3020/* 3021 * typedef struct RSAData_s { 3022 * uint64_t Constant; 3023 * uint64_t Exponent; 3024 * uint64_t Modulus; 3025 * uint64_t Message; 3026 *} RSAData_t, *RSAData_pt; 3027 * 3028 * typedef RSAData_t DHData_t; 3029 * typedef RSAData_pt DHData_pt; 3030 */ 3031 3032typedef struct UserPubData_s { 3033 uint8_t *source; 3034 uint8_t *user_result; 3035 uint32_t result_length; 3036} UserPubData_t, *UserPubData_pt; 3037 3038typedef struct pubkey_desc { 3039 OperationDescriptor_t op_ctl; /* size is cacheline */ 3040 uint8_t source[1024]; 3041 uint8_t dest[256]; /* 1024 makes cacheline-aligned */ 3042 uint64_t control0; 3043 uint64_t control1; 3044 uint64_t ctl_result; 3045 uint64_t data_result; 3046 struct pubkey_desc *alloc; 3047 UserPubData_t kern; /* ptrs for temp buffers */ 3048 //volatile atomic_t flag_complete; 3049 //struct semaphore sem_complete; 3050 //wait_queue_t submit_wait; 3051} pubkey_desc_t, *pubkey_desc_pt; 3052 3053/* 3054 * KASUMI F8 and F9 use the IV0/IV1 fields : 3055 * 3056 * 63 41 40 39 37 36 32 31 0 3057 * ---------------------------------------------------------------------------- 3058 * | |FX/DIRECTION| | F8/BEARER | F8/COUNT | IV0 3059 * ---------------------------------------------------------------------------- 3060 * 1 5 32 3061 * 3062 * 63 32 31 0 3063 * ---------------------------------------------------------------------------- 3064 * | F9/FRESH | F9/COUNT | IV1 3065 * ---------------------------------------------------------------------------- 3066 * 32 32 3067 */ 3068#endif /* _XLR_SEC_DESC_H_ */ 3069