2 * Copyright (c) 2003-2009 RMI Corporation
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of RMI Corporation, nor the names of its contributors,
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #define ONE_BIT 0x0000000000000001ULL
36 #define TWO_BITS 0x0000000000000003ULL
37 #define THREE_BITS 0x0000000000000007ULL
38 #define FOUR_BITS 0x000000000000000fULL
39 #define FIVE_BITS 0x000000000000001fULL
40 #define SIX_BITS 0x000000000000003fULL
41 #define SEVEN_BITS 0x000000000000007fULL
42 #define EIGHT_BITS 0x00000000000000ffULL
43 #define NINE_BITS 0x00000000000001ffULL
44 #define ELEVEN_BITS 0x00000000000007ffULL
45 #define TWELVE_BITS 0x0000000000000fffULL
46 #define FOURTEEN_BITS 0x0000000000003fffULL
47 #define TWENTYFOUR_BITS 0x0000000000ffffffULL
48 #define THIRTY_TWO_BITS 0x00000000ffffffffULL
49 #define THIRTY_FIVE_BITS 0x00000007ffffffffULL
50 #define FOURTY_BITS 0x000000ffffffffffULL
52 #define MSG_IN_CTL_LEN_BASE 40
53 #define MSG_IN_CTL_ADDR_BASE 0
55 #define GET_FIELD(word,field) \
56 ((word) & (field ## _MASK)) >> (field ## _LSB)
58 #define FIELD_VALUE(field,value) (((value) & (field ## _BITS)) << (field ## _LSB))
61 * NOTE: this macro expects 'word' to be uninitialized (i.e. zeroed)
63 #define SET_FIELD(word,field,value) \
64 { (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); }
67 * This macro clears 'word', then sets the value
69 #define CLEAR_SET_FIELD(word,field,value) \
70 { (word) &= ~((field ## _BITS) << (field ## _LSB)); \
71 (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); }
74 * NOTE: May be used to build value specific mask
75 * (e.g. GEN_MASK(CTL_DSC_CPHR_3DES,CTL_DSC_CPHR_LSB)
77 #define GEN_MASK(bits,lsb) ((bits) << (lsb))
83 * Security block data and control exchange
85 * A 2-word message ring descriptor is used to pass a pointer to the control descriptor data structure
86 * and a pointer to the packet descriptor data structure:
88 * 63 61 60 54 53 52 49 48 45 44 40
90 * ---------------------------------------------------------------------------------------------------------------------------------------------------------
91 * | Ctrl | Resp Dest Id Entry0 | IF_L2ALLOC | UNUSED | Control Length | UNUSED
92 * | 35 MSB of address of control descriptor data structure | Software Scratch0
94 * ---------------------------------------------------------------------------------------------------------------------------------------------------------
98 * 63 61 60 54 53 52 51 50 46 45 44 40 39 5 4 0
99 * ---------------------------------------------------------------------------------------------------------------------------------------------------------
100 * | Ctrl | UNUSED | WRB_COH | WRB_L2ALLOC | DF_PTR_L2ALLOC | UNUSED | Data Length | UNUSED | 35 MSB of address of packet descriptor data structure | UNUSED |
101 * ---------------------------------------------------------------------------------------------------------------------------------------------------------
102 * 3 7 1 1 1 5 1 5 35 5
104 * Addresses assumed to be cache-line aligned, i.e., Address[4:0] ignored (using 5'h00 instead)
106 * Control length is the number of control cachelines to be read so user needs
108 * the control length to closest integer multiple of 32 bytes. Note that at
110 * the longest (sensical) ctrl structure is <= 416 bytes, i.e., 13 cachelines.
112 * The packet descriptor data structure size is fixed at 1 cacheline (32 bytes).
113 * This effectively makes "Data Length" a Load/NoLoad bit. NoLoad causes an abort.
116 * Upon completion of operation, the security block returns a 2-word free descriptor
117 * in the following format:
119 * 63 61 60 54 53 52 51 49 48 47 40 39 0
120 * ----------------------------------------------------------------------------------------------------------------------------
121 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Instruction Error | Address of control descriptor data structure |
122 * ----------------------------------------------------------------------------------------------------------------------------
123 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Data Error | Address of packet descriptor data structure |
124 * ----------------------------------------------------------------------------------------------------------------------------
126 * The Instruction and Data Error codes are enumerated in the
127 * ControlDescriptor and PacketDescriptor sections below
133 * Operating assumptions
134 * =====================
137 * -> For all IpSec ops, I assume that all the IP/IPSec/TCP headers
138 * and the data are present at the specified source addresses.
139 * I also assume that all necessary header data already exists
140 * at the destination. Additionally, in AH I assume that all
141 * mutable fields (IP.{TOS, Flags, Offset, TTL, Header_Checksum})
142 * and the AH.Authentication_Data have been zeroed by the client.
145 * -> In principle, the HW can calculate TCP checksums on both
146 * incoming and outgoing data; however, since the TCP header
147 * contains the TCP checksum of the plain payload and the header
148 * is encrypted, two passes would be necessary to do checksum + encryption
149 * for outgoing messages;
150 * therefore the checksum engine will likely only be used during decryption
154 * -> For all operations involving TCP checksum, I assume the client has filled
155 * the TCP checksum field with the appropriate value:
157 * - 0 for generation phase
158 * - actual value for verification phase (expecting 0 result)
161 * -> For ESP tunnel, the original IP header exists between the end of the
162 * ESP header and the beginning of the TCP header; it is assumed that the
163 * maximum length of this header is 16 k(32bit)words (used in CkSum_Offset).
166 * -> The authentication data is merely written to the destination address;
167 * the client is left with the task of comparing to the data in packet
170 * -> PacketDescriptor_t.dstLLWMask relevant to AES CTR mode only but it will
171 * affect all AES-related operations. It will not affect DES/3DES/bypass ops.
172 * The mask is applied to data as it emerges from the AES engine for the sole
173 * purpose of providing the authenticator and cksum engines with correct data.
174 * CAVEAT: the HW does not mask the incoming data. It is the user's responsibility
175 * to set to 0 the corresponding data in memory. If the surplus data is not masked
176 * in memory, cksum/auth results will be incorrect if those engines receive data
177 * straight from memory (i.e., not from cipher, as it happens while decoding)
181 * Fragmentation and offset related notes
182 * ======================================
185 * A) Rebuilding packets from fragments on dword boundaries. The discussion
186 * below is exemplified by tests memcpy_all_off_frags and memcpy_same_off_frags
188 * 1) The Offset before data/iv on first fragment is ALWAYS written back
189 * Non-zero dst dword or global offsets may cause more data to be
190 * written than the user-specified length.
196 * Below is a source (first fragment) packet (@ ADD0 cache-aligned address).
197 * Assume we just copy it and relevant data starts on
198 * dword 3 so Cipher_Offset = IV_Offset = 3 (dwords).
199 * D0X denotes relevant data and G denotes dont care data.
200 * Offset data is also copied so Packet_Legth = 9 (dwords) * 8 = 72 (bytes)
201 * Segment_src_address = ADD0
203 * If we want to, e.g., copy so that the relevant (i.e., D0X) data
204 * starts at (cache-aligned address) ADD1, we need to specify
205 * Dst_dword_offset = 1 so D00 is moved from dword position 3 to 0 on next cache-line
206 * Cipher_dst_address = ADD1 - 0x20 so D00 is written to ADD1
208 * Note that the security engine always writes full cachelines
209 * therefore, data written to dword0 0 of ADD1 (denoted w/ ?) is what the sec pipe
210 * write back buffer contained from previous op.
213 * SOURCE: DESTINATION:
214 * ------- ------------
216 * Segment_src_address = ADD0 Cipher_dst_address = ADD1 - 0x20
217 * Packet_Legth = 72 Dst_dword_offset = 1
225 * ----------------------- -----------------------
226 * | D00 | G | G | G | <- ADD0 | G | G | G | ? | <- ADD1 - 0x20
227 * ----------------------- -----------------------
228 * | D04 | D03 | D02 | D01 | | D03 | D02 | D01 | D00 | <- ADD1
229 * ----------------------- -----------------------
230 * | | | | D05 | | | | D05 | D04 |
231 * ----------------------- -----------------------
233 * 2) On fragments following the first, IV_Offset is overloaded to mean data offset
234 * (number of dwords to skip from beginning of cacheline before starting processing)
235 * and Use_IV is overloaded to mean do writeback the offset (in the clear).
236 * These fields in combination with Dst_dword_offset allow packet fragments with
237 * arbitrary boundaries/lengthd to be reasembled.
243 * Assume data above was first fragment of a packet we'd like to merge to
244 * (second) fragment below located at ADD2. The written data should follow
245 * the previous data without gaps or overwrites. To achieve this, one should
246 * assert the "Next" field on the previous fragment and use self-explanatory
247 * set of parameters below
250 * SOURCE: DESTINATION:
251 * ------- ------------
253 * Segment_src_address = ADD2 Cipher_dst_address = ADD1 + 0x20
254 * Packet_Legth = 104 Dst_dword_offset = 1
261 * ----------------------- -----------------------
262 * | D12 | D11 | D10 | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20
263 * ----------------------- -----------------------
264 * | D16 | D15 | D14 | D13 | | D03 | D02 | D01 | D00 | <- ADD1
265 * ----------------------- -----------------------
266 * | D1a | D19 | D18 | D17 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20
267 * ----------------------- -----------------------
268 * | | | | D1b | | D15 | D14 | D13 | D12 |
269 * ----------------------- -----------------------
270 * | D19 | D18 | D17 | D16 |
271 * -----------------------
273 * -----------------------
275 * It is note-worthy that the merging can only be achieved if Use_IV is 0. Indeed, the security
276 * engine always writes full lines, therefore ADD1 + 0x20 will be re-written. Setting Use_IV to 0
277 * will allow the sec pipe write back buffer to preserve D04, D05 from previous frag and only
278 * receive D10, D11 thereby preserving the integrity of the previous data.
280 * 3) On fragments following the first, !UseIV in combination w/ Dst_dword_offset >= (4 - IV_Offset)
281 * will cause a wraparound of the write thus achieving all 16 possible (Initial_Location, Final_Location)
282 * combinations for the data.
288 * Contiguously merging 2 data sets above with a third located at ADD3. If this is the last fragment,
289 * reset its Next bit.
292 * SOURCE: DESTINATION:
293 * ------- ------------
295 * Segment_src_address = ADD3 Cipher_dst_address = ADD1 + 0x80
296 * Packet_Legth = 152 Dst_dword_offset = 3
303 * ----------------------- -----------------------
304 * | D20 | G | G | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20
305 * ----------------------- -----------------------
306 * | D24 | D23 | D22 | D21 | | D03 | D02 | D01 | D00 | <- ADD1
307 * ----------------------- -----------------------
308 * | D28 | D27 | D26 | D25 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20
309 * ----------------------- -----------------------
310 * | D2c | D2b | D2a | D29 | | D15 | D14 | D13 | D12 |
311 * ----------------------- -----------------------
312 * | | D2f | D2e | D2d | | D19 | D18 | D17 | D16 |
313 * ----------------------- -----------------------
314 * | D21 | D20 | D1b | D1a | <- ADD1 + 0x80
315 * -----------------------
316 * | D25 | D24 | D23 | D22 |
317 * -----------------------
318 * | D29 | D28 | D27 | D26 |
319 * -----------------------
320 * | D2d | D2c | D2b | D2a |
321 * -----------------------
322 * |(D2d)|(D2c)| D2f | D2e |
323 * -----------------------
325 * It is worth noticing that always writing full-lines causes the last 2 dwords in the reconstituted
326 * packet to be unnecessarily written: (D2d) and (D2c)
330 * B) Implications of fragmentation on AES
332 * 1) AES is a 128 bit block cipher; therefore it requires an even dword total data length
333 * Data fragments (provided there are more than 1) are allowed to have odd dword
334 * data lengths provided the total length (cumulated over fragments) is an even dword
335 * count; an error will be generated otherwise, upon receiving the last fragment descriptor
336 * (see error conditions below).
338 * 2) While using fragments with AES, a fragment (other than first) starting with a != 0 (IV) offset
339 * while the subsequent total dword count given to AES is odd may not be required to write
340 * its offset (UseIV). Doing so will cause an error (see error conditions below).
346 * Suppose the first fragment has an odd DATA dword count and USES AES (as seen below)
348 * SOURCE: DESTINATION:
349 * ------- ------------
351 * Segment_src_address = ADD0 Cipher_dst_address = ADD1
352 * Packet_Legth = 64 Dst_dword_offset = 1
363 * ----------------------- -----------------------
364 * | D00 | IV1 | IV0 | G | <- ADD0 | E00 | IV1 | IV0 | G | <- ADD1
365 * ----------------------- -----------------------
366 * | D04 | D03 | D02 | D01 | | X | E03 | E02 | E01 |
367 * ----------------------- -----------------------
369 * At the end of processing of the previous fragment, the AES engine input buffer has D04
370 * and waits for next dword, therefore the writeback buffer cannot finish writing the fragment
371 * to destination (X instead of E04).
373 * If a second fragment now arrives with a non-0 offset and requires the offset data to be
374 * written to destination, the previous write (still needing the arrival of the last dword
375 * required by the AES to complete the previous operation) cannot complete before the present
376 * should start causing a deadlock.
380 * Command Control Word for Message Ring Descriptor
383 /* #define MSG_CMD_CTL_CTL */
384 #define MSG_CMD_CTL_CTL_LSB 61
385 #define MSG_CMD_CTL_CTL_BITS THREE_BITS
386 #define MSG_CMD_CTL_CTL_MASK (MSG_CMD_CTL_CTL_BITS << MSG_CMD_CTL_CTL_LSB)
388 /* #define MSG_CMD_CTL_ID */
389 #define MSG_CMD_CTL_ID_LSB 54
390 #define MSG_CMD_CTL_ID_BITS SEVEN_BITS
391 #define MSG_CMD_CTL_ID_MASK (MSG_CMD_CTL_ID_BITS << MSG_CMD_CTL_ID_LSB)
393 /* #define MSG_CMD_CTL_LEN */
394 #define MSG_CMD_CTL_LEN_LSB 45
395 #define MSG_CMD_CTL_LEN_BITS FOUR_BITS
396 #define MSG_CMD_CTL_LEN_MASK (MSG_CMD_CTL_LEN_BITS << MSG_CMD_CTL_LEN_LSB)
399 /* #define MSG_CMD_CTL_ADDR */
400 #define MSG_CMD_CTL_ADDR_LSB 0
401 #define MSG_CMD_CTL_ADDR_BITS FOURTY_BITS
402 #define MSG_CMD_CTL_ADDR_MASK (MSG_CMD_CTL_ADDR_BITS << MSG_CMD_CTL_ADDR_LSB)
404 #define MSG_CMD_CTL_MASK (MSG_CMD_CTL_CTL_MASK | \
405 MSG_CMD_CTL_LEN_MASK | MSG_CMD_CTL_ADDR_MASK)
408 * Command Data Word for Message Ring Descriptor
411 /* #define MSG_IN_DATA_CTL */
412 #define MSG_CMD_DATA_CTL_LSB 61
413 #define MSG_CMD_DATA_CTL_BITS THREE_BITS
414 #define MSG_CMD_DATA_CTL_MASK (MSG_CMD_DATA_CTL_BITS << MSG_CMD_DATA_CTL_LSB)
416 /* #define MSG_CMD_DATA_LEN */
417 #define MSG_CMD_DATA_LEN_LOAD 1
418 #define MSG_CMD_DATA_LEN_LSB 45
419 #define MSG_CMD_DATA_LEN_BITS ONE_BIT
420 #define MSG_CMD_DATA_LEN_MASK (MSG_CMD_DATA_LEN_BITS << MSG_CMD_DATA_LEN_LSB)
422 /* #define MSG_CMD_DATA_ADDR */
423 #define MSG_CMD_DATA_ADDR_LSB 0
424 #define MSG_CMD_DATA_ADDR_BITS FOURTY_BITS
425 #define MSG_CMD_DATA_ADDR_MASK (MSG_CMD_DATA_ADDR_BITS << MSG_CMD_DATA_ADDR_LSB)
427 #define MSG_CMD_DATA_MASK (MSG_CMD_DATA_CTL_MASK | \
428 MSG_CMD_DATA_LEN_MASK | MSG_CMD_DATA_ADDR_MASK)
432 * Upon completion of operation, the Sec block returns a 2-word free descriptor
433 * in the following format:
435 * 63 61 60 54 53 52 51 49 48 40 39 0
436 * ----------------------------------------------------------------------------
437 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address |
438 * ----------------------------------------------------------------------------
439 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address |
440 * ----------------------------------------------------------------------------
442 * The Control and Data Error codes are enumerated below
447 * Control Error Code Control Error Condition
448 * ------------------ ---------------------------
450 * 9'h001 Unknown Cipher Op ( Cipher == 3'h{6,7})
451 * 9'h002 Unknown or Illegal Mode ((Mode == 3'h{2,3,4} & !AES) | (Mode == 3'h{5,6,7}))
452 * 9'h004 Unsupported CkSum Src (CkSum_Src == 2'h{2,3} & CKSUM)
453 * 9'h008 Forbidden CFB Mask (AES & CFBMode & UseNewKeysCFBMask & CFBMask[7] & (| CFBMask[6:0]))
454 * 9'h010 Unknown Ctrl Op ((| Ctrl[63:37]) | (| Ctrl[15:14]))
457 * 9'h080 Data Read Error
458 * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP)
460 * Data Error Code Data Error Condition
461 * --------------- --------------------
463 * 9'h001 Insufficient Data To Cipher (Packet_Length <= (Cipher_Offset or IV_Offset))
464 * 9'h002 Illegal IV Location ((Cipher_Offset < IV_Offset) | (Cipher_Offset <= IV_Offset & AES & ~CTR))
465 * 9'h004 Illegal Wordcount To AES (Packet_Length[3] != Cipher_Offset[0] & AES)
466 * 9'h008 Illegal Pad And ByteCount Spec (Hash_Byte_Count != 0 & !Pad_Hash)
467 * 9'h010 Insufficient Data To CkSum ({Packet_Length, 1'b0} <= CkSum_Offset)
468 * 9'h020 Unknown Data Op ((| dstLLWMask[63:60]) | (| dstLLWMask[57:40]) | (| authDst[63:40]) | (| ckSumDst[63:40]))
469 * 9'h040 Insufficient Data To Auth ({Packet_Length} <= Auth_Offset)
470 * 9'h080 Data Read Error
475 * Result Control Word for Message Ring Descriptor
478 /* #define MSG_RSLT_CTL_CTL */
479 #define MSG_RSLT_CTL_CTL_LSB 61
480 #define MSG_RSLT_CTL_CTL_BITS THREE_BITS
481 #define MSG_RSLT_CTL_CTL_MASK \
482 (MSG_RSLT_CTL_CTL_BITS << MSG_RSLT_CTL_CTL_LSB)
484 /* #define MSG_RSLT_CTL_DST_ID */
485 #define MSG_RSLT_CTL_DST_ID_LSB 54
486 #define MSG_RSLT_CTL_DST_ID_BITS SEVEN_BITS
487 #define MSG_RSLT_CTL_DST_ID_MASK \
488 (MSG_RSLT_CTL_DST_ID_BITS << MSG_RSLT_CTL_DST_ID_LSB)
490 /* #define MSG_RSLT_CTL_DSC_CTL */
491 #define MSG_RSLT_CTL_DSC_CTL_LSB 49
492 #define MSG_RSLT_CTL_DSC_CTL_BITS THREE_BITS
493 #define MSG_RSLT_CTL_DSC_CTL_MASK \
494 (MSG_RSLT_CTL_DSC_CTL_BITS << MSG_RSLT_CTL_DSC_CTL_LSB)
496 /* #define MSG_RSLT_CTL_INST_ERR */
497 #define MSG_RSLT_CTL_INST_ERR_LSB 40
498 #define MSG_RSLT_CTL_INST_ERR_BITS NINE_BITS
499 #define MSG_RSLT_CTL_INST_ERR_MASK \
500 (MSG_RSLT_CTL_INST_ERR_BITS << MSG_RSLT_CTL_INST_ERR_LSB)
502 /* #define MSG_RSLT_CTL_DSC_ADDR */
503 #define MSG_RSLT_CTL_DSC_ADDR_LSB 0
504 #define MSG_RSLT_CTL_DSC_ADDR_BITS FOURTY_BITS
505 #define MSG_RSLT_CTL_DSC_ADDR_MASK \
506 (MSG_RSLT_CTL_DSC_ADDR_BITS << MSG_RSLT_CTL_DSC_ADDR_LSB)
508 /* #define MSG_RSLT_CTL_MASK */
509 #define MSG_RSLT_CTL_MASK \
510 (MSG_RSLT_CTL_CTRL_MASK | MSG_RSLT_CTL_DST_ID_MASK | \
511 MSG_RSLT_CTL_DSC_CTL_MASK | MSG_RSLT_CTL_INST_ERR_MASK | \
512 MSG_RSLT_CTL_DSC_ADDR_MASK)
515 * Result Data Word for Message Ring Descriptor
517 /* #define MSG_RSLT_DATA_CTL */
518 #define MSG_RSLT_DATA_CTL_LSB 61
519 #define MSG_RSLT_DATA_CTL_BITS THREE_BITS
520 #define MSG_RSLT_DATA_CTL_MASK \
521 (MSG_RSLT_DATA_CTL_BITS << MSG_RSLT_DATA_CTL_LSB)
523 /* #define MSG_RSLT_DATA_DST_ID */
524 #define MSG_RSLT_DATA_DST_ID_LSB 54
525 #define MSG_RSLT_DATA_DST_ID_BITS SEVEN_BITS
526 #define MSG_RSLT_DATA_DST_ID_MASK \
527 (MSG_RSLT_DATA_DST_ID_BITS << MSG_RSLT_DATA_DST_ID_LSB)
529 /* #define MSG_RSLT_DATA_DSC_CTL */
530 #define MSG_RSLT_DATA_DSC_CTL_LSB 49
531 #define MSG_RSLT_DATA_DSC_CTL_BITS THREE_BITS
532 #define MSG_RSLT_DATA_DSC_CTL_MASK \
533 (MSG_RSLT_DATA_DSC_CTL_BITS << MSG_RSLT_DATA_DSC_CTL_LSB)
535 /* #define MSG_RSLT_DATA_INST_ERR */
536 #define MSG_RSLT_DATA_INST_ERR_LSB 40
537 #define MSG_RSLT_DATA_INST_ERR_BITS NINE_BITS
538 #define MSG_RSLT_DATA_INST_ERR_MASK \
539 (MSG_RSLT_DATA_INST_ERR_BITS << MSG_RSLT_DATA_INST_ERR_LSB)
541 /* #define MSG_RSLT_DATA_DSC_ADDR */
542 #define MSG_RSLT_DATA_DSC_ADDR_LSB 0
543 #define MSG_RSLT_DATA_DSC_ADDR_BITS FOURTY_BITS
544 #define MSG_RSLT_DATA_DSC_ADDR_MASK \
545 (MSG_RSLT_DATA_DSC_ADDR_BITS << MSG_RSLT_DATA_DSC_ADDR_LSB)
547 #define MSG_RSLT_DATA_MASK \
548 (MSG_RSLT_DATA_CTRL_MASK | MSG_RSLT_DATA_DST_ID_MASK | \
549 MSG_RSLT_DATA_DSC_CTL_MASK | MSG_RSLT_DATA_INST_ERR_MASK | \
550 MSG_RSLT_DATA_DSC_ADDR_MASK)
554 * Common Message Definitions
558 /* #define MSG_CTL_OP_ADDR */
559 #define MSG_CTL_OP_ADDR_LSB 0
560 #define MSG_CTL_OP_ADDR_BITS FOURTY_BITS
561 #define MSG_CTL_OP_ADDR_MASK (MSG_CTL_OP_ADDR_BITS << MSG_CTL_OP_ADDR_LSB)
563 #define MSG_CTL_OP_TYPE
564 #define MSG_CTL_OP_TYPE_LSB 3
565 #define MSG_CTL_OP_TYPE_BITS TWO_BITS
566 #define MSG_CTL_OP_TYPE_MASK \
567 (MSG_CTL_OP_TYPE_BITS << MSG_CTL_OP_TYPE_LSB)
569 #define MSG0_CTL_OP_ENGINE_SYMKEY 0x01
570 #define MSG0_CTL_OP_ENGINE_PUBKEY 0x02
572 #define MSG1_CTL_OP_SYMKEY_PIPE0 0x00
573 #define MSG1_CTL_OP_SYMKEY_PIPE1 0x01
574 #define MSG1_CTL_OP_SYMKEY_PIPE2 0x02
575 #define MSG1_CTL_OP_SYMKEY_PIPE3 0x03
577 #define MSG1_CTL_OP_PUBKEY_PIPE0 0x00
578 #define MSG1_CTL_OP_PUBKEY_PIPE1 0x01
579 #define MSG1_CTL_OP_PUBKEY_PIPE2 0x02
580 #define MSG1_CTL_OP_PUBKEY_PIPE3 0x03
583 /* /----------------------------------------\
585 * | ControlDescriptor_s datastructure |
587 * \----------------------------------------/
590 * ControlDescriptor_t.Instruction
591 * -------------------------------
593 * 63 44 43 42 41 40 39 35 34 32 31 29 28
594 * --------------------------------------------------------------------------------------------------------------------
595 * || UNUSED || OverrideCipher | Arc4Wait4Save | SaveArc4State | LoadArc4State | Arc4KeyLen | Cipher | Mode | InCp_Key || ... CONT ...
596 * --------------------------------------------------------------------------------------------------------------------
598 * <-----------------------------------------------CIPHER--------------------------------------------------->
600 * 27 25 24 23 22 21 20 19 17 16 15 0
601 * -----------------------------------------------------------------------------
602 * || UNUSED | Hash_Hi | HMAC | Hash_Lo | InHs_Key || UNUSED || CkSum || UNUSED ||
603 * -----------------------------------------------------------------------------
605 * <---------------------HASH---------------------><-----------CKSUM----------->
607 * X0 CIPHER.Arc4Wait4Save = If op is Arc4 and it requires state saving, then
608 * setting this bit will cause the current op to
609 * delay subsequent op loading until saved state data
611 * CIPHER.OverrideCipher = Override encryption if PacketDescriptor_t.dstDataSettings.CipherPrefix
612 * is set; data will be copied out (and optionally auth/cksum)
613 * in the clear. This is used in GCM mode if auth only as we
614 * still need E(K, 0) calculated by cipher. Engine behavior is
615 * undefined if this bit is set and CipherPrefix is not.
616 * X0 SaveArc4State = Save Arc4 state at the end of Arc4 operation
617 * X0 LoadArc4State = Load Arc4 state at the beginning of an Arc4 operation
618 * This overriden by the InCp_Key setting for Arc4
619 * Arc4KeyLen = Length in bytes of Arc4 key (0 is interpreted as 32)
620 * Ignored for other ciphers
621 * For ARC4, IFetch/IDecode will always read exactly 4
622 * consecutive dwords into its CipherKey{0,3} regardless
623 * of this quantity; it will however only use the specified
625 * Cipher = 3'b000 Bypass
628 * 3'b011 AES 128-bit key
629 * 3'b100 AES 192-bit key
630 * 3'b101 AES 256-bit key
633 * Remainder UNDEFINED
636 * 3'b010 CFB (AES only, otherwise undefined)
637 * 3'b011 OFB (AES only, otherwise undefined)
638 * 3'b100 CTR (AES only, otherwise undefined)
639 * 3'b101 F8 (AES only, otherwise undefined)
640 * Remainder UNDEFINED
641 * InCp_Key = 1'b0 Preserve old Cipher Keys
642 * 1'b1 Load new Cipher Keys from memory to local registers
643 * and recalculate the Arc4 Sbox if Arc4 Cipher chosen;
644 * This overrides LoadArc4State setting.
645 * HASH.HMAC = 1'b0 Hash without HMAC
646 * 1'b1 Hash with HMAC
647 * Needs to be set to 0 for GCM and Kasumi F9 authenticators
648 * otherwise unpredictable results will be generated
649 * Hash = 2'b00 Hash NOP
657 * InHs_Key = 1'b0 Preserve old HMAC Keys
658 * If GCM is selected as authenticator, leaving this bit
659 * at 0 will cause the engine to use the old H value.
660 * It will use the old SCI inside the decoder if
661 * CFBMask[1:0] == 2'b11.
662 * If Kasumi F9 authenticator, using 0 preserves
663 * old keys (IK) in decoder.
664 * 1'b1 Load new HMAC Keys from memory to local registers
665 * Setting this bit while Cipher=Arc4 and LoadArc4State=1
666 * causes the decoder to load the Arc4 state from the
667 * cacheline following the HMAC keys (Whether HASH.HMAC
669 * If GCM is selected as authenticator, setting this bit
670 * causes both H (16 bytes) and SCI (8 bytes) to be loaded
671 * from memory to the decoder. H will be loaded to the engine
672 * but SCI is only loaded to the engine if CFBMask[1:0] == 2'b11.
673 * If Kasumi F9 authenticator, using 1 loads new keys (IK)
674 * from memory to decoder.
675 * CHECKSUM.CkSum = 1'b0 CkSum NOP
676 * 1'b1 INTERNET_CHECKSUM
682 /* #define CTRL_DSC_OVERRIDECIPHER */
683 #define CTL_DSC_OVERRIDECIPHER_OFF 0
684 #define CTL_DSC_OVERRIDECIPHER_ON 1
685 #define CTL_DSC_OVERRIDECIPHER_LSB 43
686 #define CTL_DSC_OVERRIDECIPHER_BITS ONE_BIT
687 #define CTL_DSC_OVERRIDECIPHER_MASK (CTL_DSC_OVERRIDECIPHER_BITS << CTL_DSC_OVERRIDECIPHER_LSB)
689 /* #define CTRL_DSC_ARC4_WAIT4SAVE */
690 #define CTL_DSC_ARC4_WAIT4SAVE_OFF 0
691 #define CTL_DSC_ARC4_WAIT4SAVE_ON 1
692 #define CTL_DSC_ARC4_WAIT4SAVE_LSB 42
693 #define CTL_DSC_ARC4_WAIT4SAVE_BITS ONE_BIT
694 #define CTL_DSC_ARC4_WAIT4SAVE_MASK (CTL_DSC_ARC4_WAIT4SAVE_BITS << CTL_DSC_ARC4_WAIT4SAVE_LSB)
696 /* #define CTRL_DSC_ARC4_SAVESTATE */
697 #define CTL_DSC_ARC4_SAVESTATE_OFF 0
698 #define CTL_DSC_ARC4_SAVESTATE_ON 1
699 #define CTL_DSC_ARC4_SAVESTATE_LSB 41
700 #define CTL_DSC_ARC4_SAVESTATE_BITS ONE_BIT
701 #define CTL_DSC_ARC4_SAVESTATE_MASK (CTL_DSC_ARC4_SAVESTATE_BITS << CTL_DSC_ARC4_SAVESTATE_LSB)
703 /* #define CTRL_DSC_ARC4_LOADSTATE */
704 #define CTL_DSC_ARC4_LOADSTATE_OFF 0
705 #define CTL_DSC_ARC4_LOADSTATE_ON 1
706 #define CTL_DSC_ARC4_LOADSTATE_LSB 40
707 #define CTL_DSC_ARC4_LOADSTATE_BITS ONE_BIT
708 #define CTL_DSC_ARC4_LOADSTATE_MASK (CTL_DSC_ARC4_LOADSTATE_BITS << CTL_DSC_ARC4_LOADSTATE_LSB)
710 /* #define CTRL_DSC_ARC4_KEYLEN */
711 #define CTL_DSC_ARC4_KEYLEN_LSB 35
712 #define CTL_DSC_ARC4_KEYLEN_BITS FIVE_BITS
713 #define CTL_DSC_ARC4_KEYLEN_MASK (CTL_DSC_ARC4_KEYLEN_BITS << CTL_DSC_ARC4_KEYLEN_LSB)
715 /* #define CTL_DSC_CPHR (cipher) */
716 #define CTL_DSC_CPHR_BYPASS 0 /* undefined */
717 #define CTL_DSC_CPHR_DES 1
718 #define CTL_DSC_CPHR_3DES 2
719 #define CTL_DSC_CPHR_AES128 3
720 #define CTL_DSC_CPHR_AES192 4
721 #define CTL_DSC_CPHR_AES256 5
722 #define CTL_DSC_CPHR_ARC4 6
723 #define CTL_DSC_CPHR_KASUMI_F8 7
724 #define CTL_DSC_CPHR_LSB 32
725 #define CTL_DSC_CPHR_BITS THREE_BITS
726 #define CTL_DSC_CPHR_MASK (CTL_DSC_CPHR_BITS << CTL_DSC_CPHR_LSB)
728 /* #define CTL_DSC_MODE */
729 #define CTL_DSC_MODE_ECB 0
730 #define CTL_DSC_MODE_CBC 1
731 #define CTL_DSC_MODE_CFB 2
732 #define CTL_DSC_MODE_OFB 3
733 #define CTL_DSC_MODE_CTR 4
734 #define CTL_DSC_MODE_F8 5
735 #define CTL_DSC_MODE_LSB 29
736 #define CTL_DSC_MODE_BITS THREE_BITS
737 #define CTL_DSC_MODE_MASK (CTL_DSC_MODE_BITS << CTL_DSC_MODE_LSB)
739 /* #define CTL_DSC_ICPHR */
740 #define CTL_DSC_ICPHR_OKY 0 /* Old Keys */
741 #define CTL_DSC_ICPHR_NKY 1 /* New Keys */
742 #define CTL_DSC_ICPHR_LSB 28
743 #define CTL_DSC_ICPHR_BITS ONE_BIT
744 #define CTL_DSC_ICPHR_MASK (CTL_DSC_ICPHR_BITS << CTL_DSC_ICPHR_LSB)
746 /* #define CTL_DSC_HASHHI */
747 #define CTL_DSC_HASHHI_LSB 24
748 #define CTL_DSC_HASHHI_BITS ONE_BIT
749 #define CTL_DSC_HASHHI_MASK (CTL_DSC_HASHHI_BITS << CTL_DSC_HASHHI_LSB)
751 /* #define CTL_DSC_HMAC */
752 #define CTL_DSC_HMAC_OFF 0
753 #define CTL_DSC_HMAC_ON 1
754 #define CTL_DSC_HMAC_LSB 23
755 #define CTL_DSC_HMAC_BITS ONE_BIT
756 #define CTL_DSC_HMAC_MASK (CTL_DSC_HMAC_BITS << CTL_DSC_HMAC_LSB)
758 /* #define CTL_DSC_HASH */
759 #define CTL_DSC_HASH_NOP 0
760 #define CTL_DSC_HASH_MD5 1
761 #define CTL_DSC_HASH_SHA1 2
762 #define CTL_DSC_HASH_SHA256 3
763 #define CTL_DSC_HASH_SHA384 4
764 #define CTL_DSC_HASH_SHA512 5
765 #define CTL_DSC_HASH_GCM 6
766 #define CTL_DSC_HASH_KASUMI_F9 7
767 #define CTL_DSC_HASH_LSB 21
768 #define CTL_DSC_HASH_BITS TWO_BITS
769 #define CTL_DSC_HASH_MASK (CTL_DSC_HASH_BITS << CTL_DSC_HASH_LSB)
771 /* #define CTL_DSC_IHASH */
772 #define CTL_DSC_IHASH_OLD 0
773 #define CTL_DSC_IHASH_NEW 1
774 #define CTL_DSC_IHASH_LSB 20
775 #define CTL_DSC_IHASH_BITS ONE_BIT
776 #define CTL_DSC_IHASH_MASK (CTL_DSC_IHASH_BITS << CTL_DSC_IHASH_LSB)
778 /* #define CTL_DSC_CKSUM */
779 #define CTL_DSC_CKSUM_NOP 0
780 #define CTL_DSC_CKSUM_IP 1
781 #define CTL_DSC_CKSUM_LSB 16
782 #define CTL_DSC_CKSUM_BITS ONE_BIT
783 #define CTL_DSC_CKSUM_MASK (CTL_DSC_CKSUM_BITS << CTL_DSC_CKSUM_LSB)
787 * Component strcts and unions defining CipherHashInfo_u
790 /* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */
791 typedef struct AES256HMAC_s {
804 } AES256HMAC_t, *AES256HMAC_pt;
806 /* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 160 bytes */
807 typedef struct AES256HMAC2_s {
828 } AES256HMAC2_t, *AES256HMAC2_pt;
830 /* AES256, (ECB, CBC, OFB, CTR, CFB), GCM - 56 bytes */
831 typedef struct AES256GCM_s {
839 } AES256GCM_t, *AES256GCM_pt;
841 /* AES256, (ECB, CBC, OFB, CTR, CFB), F9 - 56 bytes */
842 typedef struct AES256F9_s {
849 } AES256F9_t, *AES256F9_pt;
851 /* AES256, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */
852 typedef struct AES256_s {
857 } AES256_t, *AES256_pt;
860 /* All AES192 possibilities */
862 /* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-192) - 88 bytes */
863 typedef struct AES192HMAC_s {
875 } AES192HMAC_t, *AES192HMAC_pt;
877 /* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 152 bytes */
878 typedef struct AES192HMAC2_s {
898 } AES192HMAC2_t, *AES192HMAC2_pt;
900 /* AES192, (ECB, CBC, OFB, CTR, CFB), GCM - 48 bytes */
901 typedef struct AES192GCM_s {
908 } AES192GCM_t, *AES192GCM_pt;
910 /* AES192, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */
911 typedef struct AES192F9_s {
917 } AES192F9_t, *AES192F9_pt;
919 /* AES192, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-192) - 24 bytes */
920 typedef struct AES192_s {
924 } AES192_t, *AES192_pt;
927 /* All AES128 possibilities */
929 /* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-128) - 80 bytes */
930 typedef struct AES128HMAC_s {
941 } AES128HMAC_t, *AES128HMAC_pt;
943 /* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-612) - 144 bytes */
944 typedef struct AES128HMAC2_s {
963 } AES128HMAC2_t, *AES128HMAC2_pt;
965 /* AES128, (ECB, CBC, OFB, CTR, CFB), GCM - 40 bytes */
966 typedef struct AES128GCM_s {
972 } AES128GCM_t, *AES128GCM_pt;
974 /* AES128, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */
975 typedef struct AES128F9_s {
980 } AES128F9_t, *AES128F9_pt;
982 /* AES128, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-128) - 16 bytes */
983 typedef struct AES128_s {
986 } AES128_t, *AES128_pt;
988 /* AES128, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */
989 typedef struct AES128F8_s {
992 uint64_t cipherKeyMask0;
993 uint64_t cipherKeyMask1;
994 } AES128F8_t, *AES128F8_pt;
996 /* AES128, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */
997 typedef struct AES128F8HMAC_s {
1000 uint64_t cipherKeyMask0;
1001 uint64_t cipherKeyMask1;
1010 } AES128F8HMAC_t, *AES128F8HMAC_pt;
1012 /* AES128, (OFB F8), HMAC (SHA-384, SHA-512) - 160 bytes */
1013 typedef struct AES128F8HMAC2_s {
1014 uint64_t cipherKey0;
1015 uint64_t cipherKey1;
1016 uint64_t cipherKeyMask0;
1017 uint64_t cipherKeyMask1;
1034 } AES128F8HMAC2_t, *AES128F8HMAC2_pt;
1036 /* AES192, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 48 bytes */
1037 typedef struct AES192F8_s {
1038 uint64_t cipherKey0;
1039 uint64_t cipherKey1;
1040 uint64_t cipherKey2;
1041 uint64_t cipherKeyMask0;
1042 uint64_t cipherKeyMask1;
1043 uint64_t cipherKeyMask2;
1044 } AES192F8_t, *AES192F8_pt;
1046 /* AES192, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 112 bytes */
1047 typedef struct AES192F8HMAC_s {
1048 uint64_t cipherKey0;
1049 uint64_t cipherKey1;
1050 uint64_t cipherKey2;
1051 uint64_t cipherKeyMask0;
1052 uint64_t cipherKeyMask1;
1053 uint64_t cipherKeyMask2;
1062 } AES192F8HMAC_t, *AES192F8HMAC_pt;
1064 /* AES192, (OFB F8), HMAC (SHA-384, SHA-512) - 176 bytes */
1065 typedef struct AES192F8HMAC2_s {
1066 uint64_t cipherKey0;
1067 uint64_t cipherKey1;
1068 uint64_t cipherKey2;
1069 uint64_t cipherKeyMask0;
1070 uint64_t cipherKeyMask1;
1071 uint64_t cipherKeyMask2;
1088 } AES192F8HMAC2_t, *AES192F8HMAC2_pt;
1090 /* AES256, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 64 bytes */
1091 typedef struct AES256F8_s {
1092 uint64_t cipherKey0;
1093 uint64_t cipherKey1;
1094 uint64_t cipherKey2;
1095 uint64_t cipherKey3;
1096 uint64_t cipherKeyMask0;
1097 uint64_t cipherKeyMask1;
1098 uint64_t cipherKeyMask2;
1099 uint64_t cipherKeyMask3;
1100 } AES256F8_t, *AES256F8_pt;
1102 /* AES256, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 128 bytes */
1103 typedef struct AES256F8HMAC_s {
1104 uint64_t cipherKey0;
1105 uint64_t cipherKey1;
1106 uint64_t cipherKey2;
1107 uint64_t cipherKey3;
1108 uint64_t cipherKeyMask0;
1109 uint64_t cipherKeyMask1;
1110 uint64_t cipherKeyMask2;
1111 uint64_t cipherKeyMask3;
1120 } AES256F8HMAC_t, *AES256F8HMAC_pt;
1122 /* AES256, (OFB F8), HMAC (SHA-384, SHA-512) - 192 bytes */
1123 typedef struct AES256F8HMAC2_s {
1124 uint64_t cipherKey0;
1125 uint64_t cipherKey1;
1126 uint64_t cipherKey2;
1127 uint64_t cipherKey3;
1128 uint64_t cipherKeyMask0;
1129 uint64_t cipherKeyMask1;
1130 uint64_t cipherKeyMask2;
1131 uint64_t cipherKeyMask3;
1148 } AES256F8HMAC2_t, *AES256F8HMAC2_pt;
1150 /* AES256, (F8), GCM - 40 bytes */
1151 typedef struct AES128F8GCM_s {
1152 uint64_t cipherKey0;
1153 uint64_t cipherKey2;
1157 } AES128F8GCM_t, *AES128F8GCM_pt;
1159 /* AES256, (F8), GCM - 48 bytes */
1160 typedef struct AES192F8GCM_s {
1161 uint64_t cipherKey0;
1162 uint64_t cipherKey1;
1163 uint64_t cipherKey2;
1167 } AES192F8GCM_t, *AES192F8GCM_pt;
1169 /* AES256, (F8), GCM - 56 bytes */
1170 typedef struct AES256F8GCM_s {
1171 uint64_t cipherKey0;
1172 uint64_t cipherKey1;
1173 uint64_t cipherKey2;
1174 uint64_t cipherKey3;
1178 } AES256F8GCM_t, *AES256F8GCM_pt;
1180 /* AES256, (F8), F9 - 40 bytes */
1181 typedef struct AES128F8F9_s {
1182 uint64_t cipherKey0;
1183 uint64_t cipherKey2;
1186 } AES128F8F9_t, *AES128F8F9_pt;
1188 /* AES256, (F8), F9 - 48 bytes */
1189 typedef struct AES192F8F9_s {
1190 uint64_t cipherKey0;
1191 uint64_t cipherKey1;
1192 uint64_t cipherKey2;
1195 } AES192F8F9_t, *AES192F8F9_pt;
1197 /* AES256F8, (F8), F9 - 56 bytes */
1198 typedef struct AES256F8F9_s {
1199 uint64_t cipherKey0;
1200 uint64_t cipherKey1;
1201 uint64_t cipherKey2;
1202 uint64_t cipherKey3;
1205 } AES256F8F9_t, *AES256F8F9_pt;
1207 /* All DES possibilities */
1209 /* DES, (ECB, CBC), HMAC (MD5, SHA-1, SHA-128) - 72 bytes */
1210 typedef struct DESHMAC_s {
1211 uint64_t cipherKey0;
1220 } DESHMAC_t, *DESHMAC_pt;
1222 /* DES, (ECB, CBC), HMAC (SHA-384, SHA-512) - 136 bytes */
1223 typedef struct DESHMAC2_s {
1224 uint64_t cipherKey0;
1241 } DESHMAC2_t, *DESHMAC2_pt;
1243 /* DES, (ECB, CBC), GCM - 32 bytes */
1244 typedef struct DESGCM_s {
1245 uint64_t cipherKey0;
1249 } DESGCM_t, *DESGCM_pt;
1251 /* DES, (ECB, CBC), F9 - 32 bytes */
1252 typedef struct DESF9_s {
1253 uint64_t cipherKey0;
1256 } DESF9_t, *DESF9_pt;
1258 /* DES, (ECB, CBC), Non-HMAC (MD5, SHA-1, SHA-128) - 9 bytes */
1259 typedef struct DES_s {
1260 uint64_t cipherKey0;
1264 /* All 3DES possibilities */
1266 /* 3DES, (ECB, CBC), HMAC (MD5, SHA-1, SHA-128) - 88 bytes */
1267 typedef struct DES3HMAC_s {
1268 uint64_t cipherKey0;
1269 uint64_t cipherKey1;
1270 uint64_t cipherKey2;
1279 } DES3HMAC_t, *DES3HMAC_pt;
1281 /* 3DES, (ECB, CBC), HMAC (SHA-384, SHA-512) - 152 bytes */
1282 typedef struct DES3HMAC2_s {
1283 uint64_t cipherKey0;
1284 uint64_t cipherKey1;
1285 uint64_t cipherKey2;
1302 } DES3HMAC2_t, *DES3HMAC2_pt;
1304 /* 3DES, (ECB, CBC), GCM - 48 bytes */
1305 typedef struct DES3GCM_s {
1306 uint64_t cipherKey0;
1307 uint64_t cipherKey1;
1308 uint64_t cipherKey2;
1312 } DES3GCM_t, *DES3GCM_pt;
1314 /* 3DES, (ECB, CBC), GCM - 48 bytes */
1315 typedef struct DES3F9_s {
1316 uint64_t cipherKey0;
1317 uint64_t cipherKey1;
1318 uint64_t cipherKey2;
1321 } DES3F9_t, *DES3F9_pt;
1323 /* 3DES, (ECB, CBC), Non-HMAC (MD5, SHA-1, SHA-128) - 24 bytes */
1324 typedef struct DES3_s {
1325 uint64_t cipherKey0;
1326 uint64_t cipherKey1;
1327 uint64_t cipherKey2;
1331 /* HMAC only - no cipher */
1333 /* HMAC (MD5, SHA-1, SHA-128) - 64 bytes */
1334 typedef struct HMAC_s {
1345 /* HMAC (SHA-384, SHA-512) - 128 bytes */
1346 typedef struct HMAC2_s {
1363 } HMAC2_t, *HMAC2_pt;
1365 /* GCM - 24 bytes */
1366 typedef struct GCM_s {
1373 typedef struct F9_s {
1378 /* All ARC4 possibilities */
1379 /* ARC4, HMAC (MD5, SHA-1, SHA-256) - 96 bytes */
1380 typedef struct ARC4HMAC_s {
1381 uint64_t cipherKey0;
1382 uint64_t cipherKey1;
1383 uint64_t cipherKey2;
1384 uint64_t cipherKey3;
1393 } ARC4HMAC_t, *ARC4HMAC_pt;
1395 /* ARC4, HMAC (SHA-384, SHA-512) - 160 bytes */
1396 typedef struct ARC4HMAC2_s {
1397 uint64_t cipherKey0;
1398 uint64_t cipherKey1;
1399 uint64_t cipherKey2;
1400 uint64_t cipherKey3;
1417 } ARC4HMAC2_t, *ARC4HMAC2_pt;
1419 /* ARC4, GCM - 56 bytes */
1420 typedef struct ARC4GCM_s {
1421 uint64_t cipherKey0;
1422 uint64_t cipherKey1;
1423 uint64_t cipherKey2;
1424 uint64_t cipherKey3;
1428 } ARC4GCM_t, *ARC4GCM_pt;
1430 /* ARC4, F9 - 56 bytes */
1431 typedef struct ARC4F9_s {
1432 uint64_t cipherKey0;
1433 uint64_t cipherKey1;
1434 uint64_t cipherKey2;
1435 uint64_t cipherKey3;
1438 } ARC4F9_t, *ARC4F9_pt;
1440 /* ARC4, HMAC (MD5, SHA-1, SHA-256) - 408 bytes (not including 8 bytes from instruction) */
1441 typedef struct ARC4StateHMAC_s {
1442 uint64_t cipherKey0;
1443 uint64_t cipherKey1;
1444 uint64_t cipherKey2;
1445 uint64_t cipherKey3;
1457 uint64_t Arc4SboxData0;
1458 uint64_t Arc4SboxData1;
1459 uint64_t Arc4SboxData2;
1460 uint64_t Arc4SboxData3;
1461 uint64_t Arc4SboxData4;
1462 uint64_t Arc4SboxData5;
1463 uint64_t Arc4SboxData6;
1464 uint64_t Arc4SboxData7;
1465 uint64_t Arc4SboxData8;
1466 uint64_t Arc4SboxData9;
1467 uint64_t Arc4SboxData10;
1468 uint64_t Arc4SboxData11;
1469 uint64_t Arc4SboxData12;
1470 uint64_t Arc4SboxData13;
1471 uint64_t Arc4SboxData14;
1472 uint64_t Arc4SboxData15;
1473 uint64_t Arc4SboxData16;
1474 uint64_t Arc4SboxData17;
1475 uint64_t Arc4SboxData18;
1476 uint64_t Arc4SboxData19;
1477 uint64_t Arc4SboxData20;
1478 uint64_t Arc4SboxData21;
1479 uint64_t Arc4SboxData22;
1480 uint64_t Arc4SboxData23;
1481 uint64_t Arc4SboxData24;
1482 uint64_t Arc4SboxData25;
1483 uint64_t Arc4SboxData26;
1484 uint64_t Arc4SboxData27;
1485 uint64_t Arc4SboxData28;
1486 uint64_t Arc4SboxData29;
1487 uint64_t Arc4SboxData30;
1488 uint64_t Arc4SboxData31;
1489 uint64_t Arc4IJData;
1493 } ARC4StateHMAC_t, *ARC4StateHMAC_pt;
1495 /* ARC4, HMAC (SHA-384, SHA-512) - 480 bytes (not including 8 bytes from instruction) */
1496 typedef struct ARC4StateHMAC2_s {
1497 uint64_t cipherKey0;
1498 uint64_t cipherKey1;
1499 uint64_t cipherKey2;
1500 uint64_t cipherKey3;
1520 uint64_t Arc4SboxData0;
1521 uint64_t Arc4SboxData1;
1522 uint64_t Arc4SboxData2;
1523 uint64_t Arc4SboxData3;
1524 uint64_t Arc4SboxData4;
1525 uint64_t Arc4SboxData5;
1526 uint64_t Arc4SboxData6;
1527 uint64_t Arc4SboxData7;
1528 uint64_t Arc4SboxData8;
1529 uint64_t Arc4SboxData9;
1530 uint64_t Arc4SboxData10;
1531 uint64_t Arc4SboxData11;
1532 uint64_t Arc4SboxData12;
1533 uint64_t Arc4SboxData13;
1534 uint64_t Arc4SboxData14;
1535 uint64_t Arc4SboxData15;
1536 uint64_t Arc4SboxData16;
1537 uint64_t Arc4SboxData17;
1538 uint64_t Arc4SboxData18;
1539 uint64_t Arc4SboxData19;
1540 uint64_t Arc4SboxData20;
1541 uint64_t Arc4SboxData21;
1542 uint64_t Arc4SboxData22;
1543 uint64_t Arc4SboxData23;
1544 uint64_t Arc4SboxData24;
1545 uint64_t Arc4SboxData25;
1546 uint64_t Arc4SboxData26;
1547 uint64_t Arc4SboxData27;
1548 uint64_t Arc4SboxData28;
1549 uint64_t Arc4SboxData29;
1550 uint64_t Arc4SboxData30;
1551 uint64_t Arc4SboxData31;
1552 uint64_t Arc4IJData;
1556 } ARC4StateHMAC2_t, *ARC4StateHMAC2_pt;
1558 /* ARC4, GCM - 408 bytes (not including 8 bytes from instruction) */
1559 typedef struct ARC4StateGCM_s {
1560 uint64_t cipherKey0;
1561 uint64_t cipherKey1;
1562 uint64_t cipherKey2;
1563 uint64_t cipherKey3;
1575 uint64_t Arc4SboxData0;
1576 uint64_t Arc4SboxData1;
1577 uint64_t Arc4SboxData2;
1578 uint64_t Arc4SboxData3;
1579 uint64_t Arc4SboxData4;
1580 uint64_t Arc4SboxData5;
1581 uint64_t Arc4SboxData6;
1582 uint64_t Arc4SboxData7;
1583 uint64_t Arc4SboxData8;
1584 uint64_t Arc4SboxData9;
1585 uint64_t Arc4SboxData10;
1586 uint64_t Arc4SboxData11;
1587 uint64_t Arc4SboxData12;
1588 uint64_t Arc4SboxData13;
1589 uint64_t Arc4SboxData14;
1590 uint64_t Arc4SboxData15;
1591 uint64_t Arc4SboxData16;
1592 uint64_t Arc4SboxData17;
1593 uint64_t Arc4SboxData18;
1594 uint64_t Arc4SboxData19;
1595 uint64_t Arc4SboxData20;
1596 uint64_t Arc4SboxData21;
1597 uint64_t Arc4SboxData22;
1598 uint64_t Arc4SboxData23;
1599 uint64_t Arc4SboxData24;
1600 uint64_t Arc4SboxData25;
1601 uint64_t Arc4SboxData26;
1602 uint64_t Arc4SboxData27;
1603 uint64_t Arc4SboxData28;
1604 uint64_t Arc4SboxData29;
1605 uint64_t Arc4SboxData30;
1606 uint64_t Arc4SboxData31;
1607 uint64_t Arc4IJData;
1611 } ARC4StateGCM_t, *ARC4StateGCM_pt;
1613 /* ARC4, F9 - 408 bytes (not including 8 bytes from instruction) */
1614 typedef struct ARC4StateF9_s {
1615 uint64_t cipherKey0;
1616 uint64_t cipherKey1;
1617 uint64_t cipherKey2;
1618 uint64_t cipherKey3;
1630 uint64_t Arc4SboxData0;
1631 uint64_t Arc4SboxData1;
1632 uint64_t Arc4SboxData2;
1633 uint64_t Arc4SboxData3;
1634 uint64_t Arc4SboxData4;
1635 uint64_t Arc4SboxData5;
1636 uint64_t Arc4SboxData6;
1637 uint64_t Arc4SboxData7;
1638 uint64_t Arc4SboxData8;
1639 uint64_t Arc4SboxData9;
1640 uint64_t Arc4SboxData10;
1641 uint64_t Arc4SboxData11;
1642 uint64_t Arc4SboxData12;
1643 uint64_t Arc4SboxData13;
1644 uint64_t Arc4SboxData14;
1645 uint64_t Arc4SboxData15;
1646 uint64_t Arc4SboxData16;
1647 uint64_t Arc4SboxData17;
1648 uint64_t Arc4SboxData18;
1649 uint64_t Arc4SboxData19;
1650 uint64_t Arc4SboxData20;
1651 uint64_t Arc4SboxData21;
1652 uint64_t Arc4SboxData22;
1653 uint64_t Arc4SboxData23;
1654 uint64_t Arc4SboxData24;
1655 uint64_t Arc4SboxData25;
1656 uint64_t Arc4SboxData26;
1657 uint64_t Arc4SboxData27;
1658 uint64_t Arc4SboxData28;
1659 uint64_t Arc4SboxData29;
1660 uint64_t Arc4SboxData30;
1661 uint64_t Arc4SboxData31;
1662 uint64_t Arc4IJData;
1666 } ARC4StateF9_t, *ARC4StateF9_pt;
1668 /* ARC4, Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */
1669 typedef struct ARC4_s {
1670 uint64_t cipherKey0;
1671 uint64_t cipherKey1;
1672 uint64_t cipherKey2;
1673 uint64_t cipherKey3;
1676 /* ARC4, Non-HMAC (MD5, SHA-1, SHA-256) - 344 bytes (not including 8 bytes from instruction) */
1677 typedef struct ARC4State_s {
1678 uint64_t cipherKey0;
1679 uint64_t cipherKey1;
1680 uint64_t cipherKey2;
1681 uint64_t cipherKey3;
1685 uint64_t Arc4SboxData0;
1686 uint64_t Arc4SboxData1;
1687 uint64_t Arc4SboxData2;
1688 uint64_t Arc4SboxData3;
1689 uint64_t Arc4SboxData4;
1690 uint64_t Arc4SboxData5;
1691 uint64_t Arc4SboxData6;
1692 uint64_t Arc4SboxData7;
1693 uint64_t Arc4SboxData8;
1694 uint64_t Arc4SboxData9;
1695 uint64_t Arc4SboxData10;
1696 uint64_t Arc4SboxData11;
1697 uint64_t Arc4SboxData12;
1698 uint64_t Arc4SboxData13;
1699 uint64_t Arc4SboxData14;
1700 uint64_t Arc4SboxData15;
1701 uint64_t Arc4SboxData16;
1702 uint64_t Arc4SboxData17;
1703 uint64_t Arc4SboxData18;
1704 uint64_t Arc4SboxData19;
1705 uint64_t Arc4SboxData20;
1706 uint64_t Arc4SboxData21;
1707 uint64_t Arc4SboxData22;
1708 uint64_t Arc4SboxData23;
1709 uint64_t Arc4SboxData24;
1710 uint64_t Arc4SboxData25;
1711 uint64_t Arc4SboxData26;
1712 uint64_t Arc4SboxData27;
1713 uint64_t Arc4SboxData28;
1714 uint64_t Arc4SboxData29;
1715 uint64_t Arc4SboxData30;
1716 uint64_t Arc4SboxData31;
1717 uint64_t Arc4IJData;
1721 } ARC4State_t, *ARC4State_pt;
1723 /* Kasumi f8 - 32 bytes */
1724 typedef struct KASUMIF8_s {
1725 uint64_t cipherKey0;
1726 uint64_t cipherKey1;
1727 } KASUMIF8_t, *KASUMIF8_pt;
1729 /* Kasumi f8 + HMAC (MD5, SHA-1, SHA-256) - 80 bytes */
1730 typedef struct KASUMIF8HMAC_s {
1731 uint64_t cipherKey0;
1732 uint64_t cipherKey1;
1741 } KASUMIF8HMAC_t, *KASUMIF8HMAC_pt;
1743 /* Kasumi f8 + HMAC (SHA-384, SHA-512) - 144 bytes */
1744 typedef struct KASUMIF8HMAC2_s {
1745 uint64_t cipherKey0;
1746 uint64_t cipherKey1;
1763 } KASUMIF8HMAC2_t, *KASUMIF8HMAC2_pt;
1765 /* Kasumi f8 + GCM - 144 bytes */
1766 typedef struct KASUMIF8GCM_s {
1767 uint64_t cipherKey0;
1768 uint64_t cipherKey1;
1772 } KASUMIF8GCM_t, *KASUMIF8GCM_pt;
1774 /* Kasumi f8 + f9 - 32 bytes */
1775 typedef struct KASUMIF8F9_s {
1776 uint64_t cipherKey0;
1777 uint64_t cipherKey1;
1780 } KASUMIF8F9_t, *KASUMIF8F9_pt;
1782 typedef union CipherHashInfo_u {
1783 AES256HMAC_t infoAES256HMAC;
1784 AES256_t infoAES256;
1785 AES192HMAC_t infoAES192HMAC;
1786 AES192_t infoAES192;
1787 AES128HMAC_t infoAES128HMAC;
1788 AES128_t infoAES128;
1789 DESHMAC_t infoDESHMAC;
1791 DES3HMAC_t info3DESHMAC;
1795 ARC4HMAC_t infoARC4HMAC;
1796 ARC4StateHMAC_t infoARC4StateHMAC;
1798 ARC4State_t infoARC4State;
1800 AES256F8HMAC_t infoAES256F8HMAC;
1801 AES256F8_t infoAES256F8;
1802 AES192F8HMAC_t infoAES192F8HMAC;
1803 AES192F8_t infoAES192F8;
1804 AES128F8HMAC_t infoAES128F8HMAC;
1805 AES128F8_t infoAES128F8;
1807 KASUMIF8HMAC_t infoKASUMIF8HMAC;
1808 KASUMIF8_t infoKASUMIF8;
1811 AES256F8GCM_t infoAES256F8GCM;
1812 AES192F8GCM_t infoAES192F8GCM;
1813 AES128F8GCM_t infoAES128F8GCM;
1814 AES256GCM_t infoAES256GCM;
1815 AES192GCM_t infoAES192GCM;
1816 AES128GCM_t infoAES128GCM;
1817 DESGCM_t infoDESGCM;
1818 DES3GCM_t info3DESGCM;
1819 ARC4GCM_t infoARC4GCM;
1820 ARC4StateGCM_t infoARC4StateGCM;
1821 KASUMIF8GCM_t infoKASUMIF8GCM;
1824 AES256F8HMAC2_t infoAES256F8HMAC2;
1825 AES192F8HMAC2_t infoAES192F8HMAC2;
1826 AES128F8HMAC2_t infoAES128F8HMAC2;
1827 AES256HMAC2_t infoAES256HMAC2;
1828 AES192HMAC2_t infoAES192HMAC2;
1829 AES128HMAC2_t infoAES128HMAC2;
1830 DESHMAC2_t infoDESHMAC2;
1831 DES3HMAC2_t info3DESHMAC2;
1832 ARC4HMAC2_t infoARC4HMAC2;
1833 ARC4StateHMAC2_t infoARC4StateHMAC2;
1834 KASUMIF8HMAC2_t infoKASUMIF8HMAC2;
1837 AES256F8F9_t infoAES256F8F9;
1838 AES192F8F9_t infoAES192F8F9;
1839 AES128F8F9_t infoAES128F8F9;
1840 AES256F9_t infoAES256F9;
1841 AES192F9_t infoAES192F9;
1842 AES128F9_t infoAES128F9;
1844 DES3F9_t info3DESF9;
1845 ARC4F9_t infoARC4F9;
1846 ARC4StateF9_t infoARC4StateF9;
1847 KASUMIF8F9_t infoKASUMIF8F9;
1848 } CipherHashInfo_t, *CipherHashInfo_pt;
1853 * ControlDescriptor_s datastructure
1857 typedef struct ControlDescriptor_s {
1858 uint64_t instruction;
1859 CipherHashInfo_t cipherHashInfo;
1860 } ControlDescriptor_t, *ControlDescriptor_pt;
1865 /* **********************************************************************
1866 * PacketDescriptor_t
1867 * **********************************************************************
1870 /* /--------------------------------------------\
1872 * | New PacketDescriptor_s datastructure |
1874 * \--------------------------------------------/
1878 * PacketDescriptor_t.srcLengthIVOffUseIVNext
1879 * ------------------------------------------
1881 * 63 62 61 59 58 57 56 54 53 43
1882 * ------------------------------------------------------------------------------------------------
1883 * || Load HMAC key || Pad Hash || Hash Byte Count || Next || Use IV || IV Offset || Packet length || ... CONT ...
1884 * ------------------------------------------------------------------------------------------------
1888 * 42 41 40 39 5 4 3 2
1890 * ----------------------------------------------------------------------------------------------------
1891 * || NLHMAC || Break || Wait || Segment src address || SRTCP || Reserved || Global src data offset ||
1892 * ----------------------------------------------------------------------------------------------------
1897 * Load HMAC key = 1'b0 Preserve old HMAC key stored in Auth engine (moot if HASH.HMAC == 0)
1898 * 1'b1 Load HMAC key from ID registers at beginning of op
1899 * If GCM is selected as authenticator, setting this bit
1900 * will cause the H value from ID to be loaded to the engine
1901 * If Kasumi F9 is selected as authenticator, setting this bit
1902 * will cause the IK value from ID to be loaded to the engine.
1903 * Pad Hash = 1'b0 HASH will assume the data was padded to be a multiple
1904 * of 512 bits in length and that the last 64 bit word
1905 * expresses the total datalength in bits seen by HASH engine
1906 * 1'b1 The data was not padded to be a multiple of 512 bits in length;
1907 * The Hash engine will do its own padding to generate the correct digest.
1908 * Ignored by GCM (always does its own padding)
1909 * Hash Byte Count Number of BYTES on last 64-bit data word to use in digest calculation RELEVANT ONLY IF Pad Hash IS SET
1911 * 3'b001 Use first (MS) byte only (0-out rest), i.e., 0xddXXXXXXXXXXXXXX
1912 * 3'b010 Use first 2 bytes only (0-out rest), i.e., 0xddddXXXXXXXXXXXX ... etc
1913 * Next = 1'b0 Finish (return msg descriptor) at end of operation
1914 * 1'b1 Grab the next PacketDescriptor (i.e. next cache-line) when the current is complete.
1915 * This allows for fragmentation/defragmentation and processing of large (>16kB) packets.
1916 * The sequence of adjacent PacketDescriptor acts as a contiguous linked list of
1917 * pointers to the actual packets with Next==0 on the last PacketDescriptor to end processing.
1918 * Use IV = 1'b0 On first frag: Use old IV
1919 * On subsequent frags: Do not write out to DST the (dword) offset data
1920 * 1'b1 On first frag: Use data @ Segment_address + IV_Offset as IV
1921 * On subsequent frags: Do write out to DST the (dword) offset data
1922 * IV Offset = On first frag: Offset IN NB OF 8 BYTE WORDS (dwords) from beginning of packet
1923 * (i.e. (Potentially byte-shifted) Segment address) to cipher IV
1924 * On subsequent frags: Offset to beginning of data to process; data to offset won't
1925 * be given to engines and will be written out to dst in the clear.
1926 * ON SUBSEQUENT FRAGS, IV_Offset MAY NOT EXCEED 3; LARGER VALUES WILL CAUSE AN ERROR
1927 * SEE ERROR CONDITIONS BELOW
1928 * Packet length = Nb double words to stream in (Including Segment address->CP/IV/Auth/CkSum offsets)
1929 * This is the total amount of data (x8 in bytes) read (+1 dword if "Global src data offset" != 0)
1930 * This is the total amount of data (x8 in bytes) written (+1 dword if "Global dst data offset" != 0, if Dst dword offset == 0)
1931 * If Packet length == 11'h7ff and (Global src data offset != 0 or Global dst data offset != 0)
1932 * the operation is aborted (no mem writes occur)
1933 * and the "Insufficient Data To Cipher" error flag is raised
1934 * NLHMAC = No last to hmac. Setting this to 1 will prevent the transmission of the last DWORD
1935 * to the authenticator, i.e., the DWORD before last will be designated as last for the purposes of authentication.
1936 * Break = Break a wait (see below) state - causes the operation to be flushed and free descriptor to be returned.
1937 * Activated if DFetch blocked by Wait and Wait still active.
1938 * AS OF 02/10/2005 THIS FEATURE IS EXPERIMENTAL
1939 * Wait = Setting that bit causes the operation to block in DFetch stage.
1940 * DFetch will keep polling the memory location until the bit is reset at which time
1941 * the pipe resumes normal operation. This feature is convenient for software dealing with fragmented packets.
1942 * AS OF 02/10/2005 THIS FEATURE IS EXPERIMENTAL
1943 * Segment src address = 35 MSB of pointer to src data (i.e., cache-line aligned)
1944 * SRTCP = Bypass the cipher for the last 4 bytes of data, i.e. the last 4 bytes will be sent to memory
1945 * and the authenticator in the clear. Applicable to last packet descriptor andlast frag only.
1946 * This accommodates a requirement of SRTCP.
1947 * Global src data offset = Nb BYTES to right-shift data by before presenting it to engines
1948 * (0-7); allows realignment of byte-aligned, non-double-word aligned data
1950 * PacketDescriptor_t.dstDataSettings
1951 * ----------------------------------
1954 * 63 62 60 59 58 56 55 54 53 52 41 40
1955 * ------------------------------------------------------------------------------------------------------------
1956 * || CipherPrefix | Arc4ByteCount | E/D | Cipher_Offset || Hash_Offset | Hash_Src || CkSum_Offset | CkSum_Src || ... CONT ...
1957 * ------------------------------------------------------------------------------------------------------------
1959 * <-----------------------CIPHER-----------------------><---------HASH-----------><-------CHECKSUM----------->
1962 * CipherPrefix = 128'b0 will be sent to the selected cipher
1963 * KEEP VALUE ON ALL FRAGS after the IV is loaded, before the actual data goes in.
1964 * The result of that encryption (aka E(K, 0))will be stored
1965 * locally and XOR-ed with the auth digest to create the final
1966 * digest at the end of the auth OP:
1967 * This is covered by the GCM spec
1968 * AesPrefix = 1'b1 -> Force E=Cipher(K,0) before start of data encr.
1970 * AesPrefix = 1'b0 -> Regular digest
1971 * This flag is ignored if no cipher is chosen (Bypass condition)
1972 * X0 Arc4ByteCount = Number of BYTES on last 64-bit data word to encrypt
1973 * 3'b000 Encrypt all 8
1974 * 3'b001 Encrypt first (MS) byte only i.e., 0xddXXXXXXXXXXXXXX
1975 * 3'b010 Encrypt first 2 bytes only i.e., 0xddddXXXXXXXXXXXX ... etc
1976 * In reality, all are encrypted, however, the SBOX
1977 * is not written past the last byte to encrypt
1978 * E/D = 1'b0 Decrypt
1980 * Overloaded to also mean IV byte offset for first frag
1981 * Cipher_Offset = Nb of words between the first data segment
1982 * and word on which to start cipher operation
1983 * (64 BIT WORDS !!!)
1984 * Hash_Offset = Nb of words between the first data segment
1985 * and word on which to start hashing
1987 * Hash_Src = 1'b0 DMA channel
1988 * 1'b1 Cipher if word count exceeded Cipher_Offset;
1989 * DMA channel otherwise
1990 * CkSum_Offset = Nb of words between the first data segment
1991 * and word on which to start
1992 * checksum calculation (32 BIT WORDS !!!)
1993 * CkSum_Src = 1'b0 DMA channel
1994 * 1'b1 Cipher if word count exceeded Cipher_Offset
1995 * DMA channel otherwise
1996 * Cipher dst address = 35 MSB of pointer to dst location (i.e., cache-line aligned)
1997 * Dst dword offset = Nb of double-words to left-shift data from spec'ed Cipher dst address before writing it to memory
1998 * Global dst data offset = Nb BYTES to left-shift (double-word boundary aligned) data by before writing it to memory
2001 * PacketDescriptor_t.authDstNonceLow
2002 * ----------------------------------
2005 * -----------------------------------------------------
2006 * || Nonce_Low || Auth_dst_address || Cipher_Offset_Hi ||
2007 * -----------------------------------------------------
2012 * Nonce_Low = Nonce[23:0] 24 least significant bits of 32-bit long nonce
2013 * Used by AES in counter mode
2014 * Auth_dst_address = 35 MSB of pointer to authentication dst location (i.e., cache-line aligned)
2015 * X0 Cipher_Offset_Hi = On first frag: 5 MSB of 8-bit Cipher_offset; will be concatenated to
2016 * the top of PacketDescriptor_t.dstDataSettings.Cipher_Offset
2017 * On subsequent frags: Ignored
2020 * PacketDescriptor_t.ckSumDstNonceHiCFBMaskLLWMask
2021 * ------------------------------------------------
2024 * 63 61 60 58 57 56 55 48 47 40 39 5 4 0
2025 * -------------------------------------------------------------------------------------------------------------------
2026 * || Hash_Byte_Offset || Packet length bytes || LLWMask || CFB_Mask || Nonce_Hi || CkSum_dst_address || IV_Offset_Hi ||
2027 * -------------------------------------------------------------------------------------------------------------------
2031 * Hash_Byte_Offset = On first frag: Additional offset in bytes to be added to Hash_Offset
2032 * to obtain the full offset applied to the data before
2033 * submitting it to authenticator
2034 * On subsequent frags: Same
2035 * Packet length bytes = On one fragment payloads: Ignored (i.e. assumed to be 0, last dword used in its entirety)
2036 * On fragments before last: Number of bytes on last fragment dword
2037 * On last fragment: Ignored (i.e. assumed to be 0, last dword used in its entirety)
2038 * LLWMask, aka, Last_long_word_mask = 2'b00 Give last 128 bit word from AES engine to auth/cksum/wrbbufer as is - applicable in AES CTR only
2039 * 2'b11 Mask (zero-out) 32 least significant bits
2040 * 2'b10 Mask 64 LSBs
2041 * 2'b01 Mask 96 LSBs
2042 * If the GCM authenticator is used, setting LLWMask to 2'b10 or 2'b01
2043 * will also prevent the transmission of the last DWORD
2044 * to the authenticator, i.e., the DWORD before last will
2045 * be designated as last for the purposes of authentication.
2046 * CFB_Mask = 8 bit mask used by AES in CFB mode
2048 * CFB_Mask[1:0] = 2'b00 -> Counter[127:0] = {Nonce[31:0], IV0[63:0], 4'h00000001} (only 1 IV exp
2050 * 2'b01 -> Counter[127:0] = {Nonce[31:0], IV0[63:0], IV1[31:0]} (2 IV expected
2052 * 2'b10 -> Counter[127:0] = {IV1[63:0], IV0[31:0], Nonce[31:0]} (2 IV expected
2054 * 2'b11 -> Counter[127:0] = {IDecode.SCI[63:0], IV0[31:0], Nonce[31:0]} (1 IV expected
2056 * Nonce_Hi = Nonce[31:24] 8 most significant bits of 32-bit long nonce
2057 * Used by AES in counter mode
2058 * CkSum_dst_address = 35 MSB of pointer to cksum dst location (i.e., cache-line aligned)
2059 * X0 IV_Offset_Hi = On first frag: 5 MSB of 8-bit IV offset; will be concatenated to
2060 * the top of PacketDescriptor_t.srcLengthIVOffUseIVNext.IV_Offset
2061 * On subsequent frags: Ignored
2064 /* #define PKT_DSC_LOADHMACKEY */
2065 #define PKT_DSC_LOADHMACKEY_OLD 0
2066 #define PKT_DSC_LOADHMACKEY_LOAD 1
2067 #define PKT_DSC_LOADHMACKEY_LSB 63
2068 #define PKT_DSC_LOADHMACKEY_BITS ONE_BIT
2069 #define PKT_DSC_LOADHMACKEY_MASK \
2070 (PKT_DSC_LOADHMACKEY_BITS << PKT_DSC_LOADHMACKEY_LSB)
2072 /* #define PKT_DSC_PADHASH */
2073 #define PKT_DSC_PADHASH_PADDED 0
2074 #define PKT_DSC_PADHASH_PAD 1 /* requires padding */
2075 #define PKT_DSC_PADHASH_LSB 62
2076 #define PKT_DSC_PADHASH_BITS ONE_BIT
2077 #define PKT_DSC_PADHASH_MASK (PKT_DSC_PADHASH_BITS << PKT_DSC_PADHASH_LSB)
2079 /* #define PKT_DSC_HASHBYTES */
2080 #define PKT_DSC_HASHBYTES_ALL8 0
2081 #define PKT_DSC_HASHBYTES_MSB 1
2082 #define PKT_DSC_HASHBYTES_MSW 2
2083 #define PKT_DSC_HASHBYTES_LSB 59
2084 #define PKT_DSC_HASHBYTES_BITS THREE_BITS
2085 #define PKT_DSC_HASHBYTES_MASK \
2086 (PKT_DSC_HASHBYTES_BITS << PKT_DSC_HASHBYTES_LSB)
2088 /* #define PKT_DSC_NEXT */
2089 #define PKT_DSC_NEXT_FINISH 0
2090 #define PKT_DSC_NEXT_DO 1
2091 #define PKT_DSC_NEXT_LSB 58
2092 #define PKT_DSC_NEXT_BITS ONE_BIT
2093 #define PKT_DSC_NEXT_MASK (PKT_DSC_NEXT_BITS << PKT_DSC_NEXT_LSB)
2095 /* #define PKT_DSC_IV */
2096 #define PKT_DSC_IV_OLD 0
2097 #define PKT_DSC_IV_NEW 1
2098 #define PKT_DSC_IV_LSB 57
2099 #define PKT_DSC_IV_BITS ONE_BIT
2100 #define PKT_DSC_IV_MASK (PKT_DSC_IV_BITS << PKT_DSC_IV_LSB)
2102 /* #define PKT_DSC_IVOFF */
2103 #define PKT_DSC_IVOFF_LSB 54
2104 #define PKT_DSC_IVOFF_BITS THREE_BITS
2105 #define PKT_DSC_IVOFF_MASK (PKT_DSC_IVOFF_BITS << PKT_DSC_IVOFF_LSB)
2107 /* #define PKT_DSC_PKTLEN */
2108 #define PKT_DSC_PKTLEN_LSB 43
2109 #define PKT_DSC_PKTLEN_BITS ELEVEN_BITS
2110 #define PKT_DSC_PKTLEN_MASK (PKT_DSC_PKTLEN_BITS << PKT_DSC_PKTLEN_LSB)
2112 /* #define PKT_DSC_NLHMAC */
2113 #define PKT_DSC_NLHMAC_LSB 42
2114 #define PKT_DSC_NLHMAC_BITS ONE_BIT
2115 #define PKT_DSC_NLHMAC_MASK (PKT_DSC_NLHMAC_BITS << PKT_DSC_NLHMAC_LSB)
2117 /* #define PKT_DSC_BREAK */
2118 #define PKT_DSC_BREAK_OLD 0
2119 #define PKT_DSC_BREAK_NEW 1
2120 #define PKT_DSC_BREAK_LSB 41
2121 #define PKT_DSC_BREAK_BITS ONE_BIT
2122 #define PKT_DSC_BREAK_MASK (PKT_DSC_BREAK_BITS << PKT_DSC_BREAK_LSB)
2124 /* #define PKT_DSC_WAIT */
2125 #define PKT_DSC_WAIT_OLD 0
2126 #define PKT_DSC_WAIT_NEW 1
2127 #define PKT_DSC_WAIT_LSB 40
2128 #define PKT_DSC_WAIT_BITS ONE_BIT
2129 #define PKT_DSC_WAIT_MASK (PKT_DSC_WAIT_BITS << PKT_DSC_WAIT_LSB)
2131 /* #define PKT_DSC_SEGADDR */
2132 #define PKT_DSC_SEGADDR_LSB 5
2133 #define PKT_DSC_SEGADDR_BITS FOURTY_BITS
2134 #define PKT_DSC_SEGADDR_MASK \
2135 (PKT_DSC_SEGADDR_BITS << PKT_DSC_SEGADDR_LSB)
2137 /* #define PKT_DSC_SRTCP */
2138 #define PKT_DSC_SRTCP_OFF 0
2139 #define PKT_DSC_SRTCP_ON 1
2140 #define PKT_DSC_SRTCP_LSB 4
2141 #define PKT_DSC_SRTCP_BITS ONE_BIT
2142 #define PKT_DSC_SRTCP_MASK (PKT_DSC_SRTCP_BITS << PKT_DSC_SRTCP_LSB)
2144 #define PKT_DSC_SEGOFFSET_LSB 0
2145 #define PKT_DSC_SEGOFFSET_BITS THREE_BITS
2146 #define PKT_DSC_SEGOFFSET_MASK \
2147 (PKT_DSC_SEGOFFSET_BITS << PKT_DSC_SEGOFFSET_LSB)
2149 /* **********************************************************************
2150 * PacketDescriptor_t.dstDataSettings
2151 * **********************************************************************
2153 /* #define PKT_DSC_ARC4BYTECOUNT */
2154 #define PKT_DSC_ARC4BYTECOUNT_ALL8 0
2155 #define PKT_DSC_ARC4BYTECOUNT_MSB 1
2156 #define PKT_DSC_ARC4BYTECOUNT_MSW 2
2157 #define PKT_DSC_ARC4BYTECOUNT_LSB 60
2158 #define PKT_DSC_ARC4BYTECOUNT_BITS THREE_BITS
2159 #define PKT_DSC_ARC4BYTECOUNT_MASK (PKT_DSC_ARC4BYTECOUNT_BITS << PKT_DSC_ARC4BYTECOUNT_LSB)
2161 /* #define PKT_DSC_SYM_OP (symmetric key operation) */
2162 #define PKT_DSC_SYM_OP_DECRYPT 0
2163 #define PKT_DSC_SYM_OP_ENCRYPT 1
2164 #define PKT_DSC_SYM_OP_LSB 59
2165 #define PKT_DSC_SYM_OP_BITS ONE_BIT
2166 #define PKT_DSC_SYM_OP_MASK (PKT_DSC_SYM_OP_BITS << PKT_DSC_SYM_OP_LSB)
2168 /* #define PKT_DSC_CPHROFF */
2169 #define PKT_DSC_CPHROFF_LSB 56
2170 #define PKT_DSC_CPHROFF_BITS THREE_BITS
2171 #define PKT_DSC_CPHROFF_MASK (PKT_DSC_CPHROFF_BITS << PKT_DSC_CPHROFF_LSB)
2173 /* #define PKT_DSC_HASHOFF */
2174 #define PKT_DSC_HASHOFF_LSB 54
2175 #define PKT_DSC_HASHOFF_BITS TWO_BITS
2176 #define PKT_DSC_HASHOFF_MASK (PKT_DSC_HASHOFF_BITS << PKT_DSC_HASHOFF_LSB)
2178 /* #define PKT_DSC_HASHSRC */
2179 #define PKT_DSC_HASHSRC_DMA 0
2180 #define PKT_DSC_HASHSRC_CIPHER 1
2181 #define PKT_DSC_HASHSRC_LSB 53
2182 #define PKT_DSC_HASHSRC_BITS ONE_BIT
2183 #define PKT_DSC_HASHSRC_MASK (PKT_DSC_HASHSRC_BITS << PKT_DSC_HASHSRC_LSB)
2185 /* #define PKT_DSC_CKSUMOFF */
2186 #define PKT_DSC_CKSUMOFF_LSB 41
2187 #define PKT_DSC_CKSUMOFF_BITS TWELVE_BITS
2188 #define PKT_DSC_CKSUMOFF_MASK (PKT_DSC_CKSUMOFF_BITS << PKT_DSC_CKSUMOFF_LSB)
2190 /* #define PKT_DSC_CKSUMSRC */
2191 #define PKT_DSC_CKSUMSRC_DMA 0
2192 #define PKT_DSC_CKSUMSRC_CIPHER 1
2193 #define PKT_DSC_CKSUMSRC_LSB 40
2194 #define PKT_DSC_CKSUMSRC_BITS ONE_BIT
2195 #define PKT_DSC_CKSUMSRC_MASK (PKT_DSC_CKSUMSRC_BITS << PKT_DSC_CKSUMSRC_LSB)
2197 /* #define PKT_DSC_CPHR_DST_ADDR */
2198 #define PKT_DSC_CPHR_DST_ADDR_LSB 0
2199 #define PKT_DSC_CPHR_DST_ADDR_BITS FOURTY_BITS
2200 #define PKT_DSC_CPHR_DST_ADDR_MASK \
2201 (PKT_DSC_CPHR_DST_ADDR_BITS << PKT_DSC_CPHR_DST_ADDR_LSB)
2203 /* #define PKT_DSC_CPHR_DST_DWOFFSET */
2204 #define PKT_DSC_CPHR_DST_DWOFFSET_LSB 3
2205 #define PKT_DSC_CPHR_DST_DWOFFSET_BITS TWO_BITS
2206 #define PKT_DSC_CPHR_DST_DWOFFSET_MASK \
2207 (PKT_DSC_CPHR_DST_DWOFFSET_BITS << PKT_DSC_CPHR_DST_DWOFFSET_LSB)
2209 /* #define PKT_DSC_CPHR_DST_OFFSET */
2210 #define PKT_DSC_CPHR_DST_OFFSET_LSB 0
2211 #define PKT_DSC_CPHR_DST_OFFSET_BITS THREE_BITS
2212 #define PKT_DSC_CPHR_DST_OFFSET_MASK \
2213 (PKT_DSC_CPHR_DST_OFFSET_BITS << PKT_DSC_CPHR_DST_OFFSET_LSB)
2215 /* **********************************************************************
2216 * PacketDescriptor_t.authDstNonceLow
2217 * **********************************************************************
2219 /* #define PKT_DSC_NONCE_LOW */
2220 #define PKT_DSC_NONCE_LOW_LSB 40
2221 #define PKT_DSC_NONCE_LOW_BITS TWENTYFOUR_BITS
2222 #define PKT_DSC_NONCE_LOW_MASK \
2223 (PKT_DSC_NONCE_LOW_BITS << PKT_DSC_NONCE_LOW_LSB)
2225 /* #define PKT_DSC_AUTH_DST_ADDR */
2226 #define PKT_DSC_AUTH_DST_ADDR_LSB 0
2227 #define PKT_DSC_AUTH_DST_ADDR_BITS FOURTY_BITS
2228 #define PKT_DSC_AUTH_DST_ADDR_MASK \
2229 (PKT_DSC_AUTH_DST_ADDR_BITS << PKT_DSC_AUTH_DST_ADDR_LSB)
2231 /* #define PKT_DSC_CIPH_OFF_HI */
2232 #define PKT_DSC_CIPH_OFF_HI_LSB 0
2233 #define PKT_DSC_CIPH_OFF_HI_BITS FIVE_BITS
2234 #define PKT_DSC_CIPH_OFF_HI_MASK (PKT_DSC_CIPH_OFF_HI_BITS << PKT_DSC_CIPH_OFF_HI_LSB)
2236 /* **********************************************************************
2237 * PacketDescriptor_t.ckSumDstNonceHiCFBMaskLLWMask
2238 * **********************************************************************
2240 /* #define PKT_DSC_HASH_BYTE_OFF */
2241 #define PKT_DSC_HASH_BYTE_OFF_LSB 61
2242 #define PKT_DSC_HASH_BYTE_OFF_BITS THREE_BITS
2243 #define PKT_DSC_HASH_BYTE_OFF_MASK (PKT_DSC_HASH_BYTE_OFF_BITS << PKT_DSC_HASH_BYTE_OFF_LSB)
2245 /* #define PKT_DSC_PKTLEN_BYTES */
2246 #define PKT_DSC_PKTLEN_BYTES_LSB 58
2247 #define PKT_DSC_PKTLEN_BYTES_BITS THREE_BITS
2248 #define PKT_DSC_PKTLEN_BYTES_MASK (PKT_DSC_PKTLEN_BYTES_BITS << PKT_DSC_PKTLEN_BYTES_LSB)
2250 /* #define PKT_DSC_LASTWORD */
2251 #define PKT_DSC_LASTWORD_128 0
2252 #define PKT_DSC_LASTWORD_96MASK 1
2253 #define PKT_DSC_LASTWORD_64MASK 2
2254 #define PKT_DSC_LASTWORD_32MASK 3
2255 #define PKT_DSC_LASTWORD_LSB 56
2256 #define PKT_DSC_LASTWORD_BITS TWO_BITS
2257 #define PKT_DSC_LASTWORD_MASK (PKT_DSC_LASTWORD_BITS << PKT_DSC_LASTWORD_LSB)
2259 /* #define PKT_DSC_CFB_MASK */
2260 #define PKT_DSC_CFB_MASK_LSB 48
2261 #define PKT_DSC_CFB_MASK_BITS EIGHT_BITS
2262 #define PKT_DSC_CFB_MASK_MASK (PKT_DSC_CFB_MASK_BITS << PKT_DSC_CFB_MASK_LSB)
2264 /* #define PKT_DSC_NONCE_HI */
2265 #define PKT_DSC_NONCE_HI_LSB 40
2266 #define PKT_DSC_NONCE_HI_BITS EIGHT_BITS
2267 #define PKT_DSC_NONCE_HI_MASK (PKT_DSC_NONCE_HI_BITS << PKT_DSC_NONCE_HI_LSB)
2269 /* #define PKT_DSC_CKSUM_DST_ADDR */
2270 #define PKT_DSC_CKSUM_DST_ADDR_LSB 5
2271 #define PKT_DSC_CKSUM_DST_ADDR_BITS THIRTY_FIVE_BITS
2272 #define PKT_DSC_CKSUM_DST_ADDR_MASK (PKT_DSC_CKSUM_DST_ADDR_BITS << PKT_DSC_CKSUM_DST_ADDR_LSB)
2274 /* #define PKT_DSC_IV_OFF_HI */
2275 #define PKT_DSC_IV_OFF_HI_LSB 0
2276 #define PKT_DSC_IV_OFF_HI_BITS FIVE_BITS
2277 #define PKT_DSC_IV_OFF_HI_MASK (PKT_DSC_IV_OFF_HI_BITS << PKT_DSC_IV_OFF_HI_LSB)
2280 /* ******************************************************************
2281 * Control Error Code and Conditions
2282 * ******************************************************************
2284 #define CTL_ERR_NONE 0x0000 /* No Error */
2285 #define CTL_ERR_CIPHER_OP 0x0001 /* Unknown Cipher Op */
2286 #define CTL_ERR_MODE 0x0002 /* Unknown or Not Allowed Mode */
2287 #define CTL_ERR_CHKSUM_SRC 0x0004 /* Unknown CkSum Src - UNUSED */
2288 #define CTL_ERR_CFB_MASK 0x0008 /* Forbidden CFB Mask - UNUSED */
2289 #define CTL_ERR_OP 0x0010 /* Unknown Ctrl Op - UNUSED */
2290 #define CTL_ERR_UNDEF1 0x0020 /* UNUSED */
2291 #define CTL_ERR_UNDEF2 0x0040 /* UNUSED */
2292 #define CTL_ERR_DATA_READ 0x0080 /* Data Read Error */
2293 #define CTL_ERR_DESC_CTRL 0x0100 /* Descriptor Ctrl Field Error */
2295 #define CTL_ERR_TIMEOUT 0x1000 /* Message Response Timeout */
2297 /* ******************************************************************
2298 * Data Error Code and Conditions
2299 * ******************************************************************
2301 #define DATA_ERR_NONE 0x0000 /* No Error */
2302 #define DATA_ERR_LEN_CIPHER 0x0001 /* Not Enough Data To Cipher */
2303 #define DATA_ERR_IV_ADDR 0x0002 /* Illegal IV Loacation */
2304 #define DATA_ERR_WD_LEN_AES 0x0004 /* Illegal Nb Words To AES */
2305 #define DATA_ERR_BYTE_COUNT 0x0008 /* Illegal Pad And ByteCount Spec */
2306 #define DATA_ERR_LEN_CKSUM 0x0010 /* Not Enough Data To CkSum */
2307 #define DATA_ERR_OP 0x0020 /* Unknown Data Op */
2308 #define DATA_ERR_UNDEF1 0x0040 /* UNUSED */
2309 #define DATA_ERR_READ 0x0080 /* Data Read Error */
2310 #define DATA_ERR_WRITE 0x0100 /* Data Write Error */
2315 * NOTE: Size of struct is size of cacheline.
2318 typedef struct OperationDescriptor_s {
2325 } OperationDescriptor_t, *OperationDescriptor_pt;
2329 * This defines the security data descriptor format
2331 typedef struct PacketDescriptor_s {
2332 uint64_t srcLengthIVOffUseIVNext;
2333 uint64_t dstDataSettings;
2334 uint64_t authDstNonceLow;
2335 uint64_t ckSumDstNonceHiCFBMaskLLWMask;
2336 } PacketDescriptor_t, *PacketDescriptor_pt;
2342 uint8_t *user_state;
2346 uint8_t *kern_state;
2347 uint8_t *aligned_auth;
2348 uint8_t *aligned_src;
2349 uint8_t *aligned_dest;
2350 uint8_t *aligned_state;
2351 } xlr_sec_drv_user_t, *xlr_sec_drv_user_pt;
2353 typedef struct symkey_desc {
2354 OperationDescriptor_t op_ctl; /* size is cacheline */
2355 PacketDescriptor_t pkt_desc[2]; /* size is cacheline */
2356 ControlDescriptor_t ctl_desc; /* makes this aligned */
2357 uint64_t control; /* message word0 */
2358 uint64_t data; /* message word1 */
2359 uint64_t ctl_result;
2360 uint64_t data_result;
2361 struct symkey_desc *alloc; /* real allocated addr */
2362 xlr_sec_drv_user_t user;
2363 //volatile atomic_t flag_complete;
2364 //struct semaphore sem_complete;
2365 //wait_queue_t submit_wait;
2367 uint8_t *next_src_buf;
2368 uint32_t next_src_len;
2370 uint8_t *next_dest_buf;
2371 uint32_t next_dest_len;
2373 uint8_t *next_auth_dest;
2374 uint8_t *next_cksum_dest;
2377 } symkey_desc_t, *symkey_desc_pt;
2381 * **************************************************************************
2383 * **************************************************************************
2390 * A 2-word message ring descriptor is used to pass all information
2391 * pertaining to the RSA or ECC operation:
2393 * 63 61 60 54 53 52 40 39 5 4 3 2 0
2394 * -----------------------------------------------------------------------------------------------------
2395 * | Ctrl | Op Class | Valid Op | Op Ctrl0 | Source Addr | Software Scratch0 | Global src data offset |
2396 * -----------------------------------------------------------------------------------------------------
2400 * 63 61 60 54 53 52 51 50 40 39 5 4 3 2 0
2401 * --------------------------------------------------------------------------------------------------------------------------------
2402 * | Ctrl | Destination Id | WRB_COH | WRB_L2ALLOC | DF_L2ALLOC | Op Ctrl1 | Dest Addr | Software Scratch1 | Global dst data offset |
2403 * --------------------------------------------------------------------------------------------------------------------------------
2404 * 3 7 1 1 1 11 35 2 3
2407 * Op Class = 7'h0_0 Modular exponentiation
2408 * 7'h0_1 ECC (including prime modular ops and binary GF ops)
2411 * Valid Op = 1'b1 Will cause operation to start; descriptors sent back at end of operation
2412 * 1'b0 No operation performed; descriptors sent back right away
2416 * Op Ctrl0 = BlockWidth[1] {TYPE[6:0], FUNCTION[5:0]}
2418 * ExponentWidth[10:0]
2421 * Block Width = 1'b1 1024 bit op
2423 * Load Constant = 1'b1 Load constant from data structure
2424 * 1'b0 Preserve old constant (this assumes
2425 * Source Addr points to RSAData_pt->Exponent
2426 * or that the length of Constant is 0)
2427 * Exponent Width = 11-bit expression of exponent width EXPRESSED IN NUMBER OF BITS
2432 * TYPE = 7'h0_0 ECC prime 160
2433 * 7'h0_1 ECC prime 192
2434 * 7'h0_2 ECC prime 224
2435 * 7'h0_3 ECC prime 256
2436 * 7'h0_4 ECC prime 384
2437 * 7'h0_5 ECC prime 512
2439 * 7'h0_6 through 7'h1_f UNDEF
2441 * 7'h2_0 ECC bin 163
2442 * 7'h2_1 ECC bin 191
2443 * 7'h2_2 ECC bin 233
2445 * 7'h2_3 through 7'h6_f UNDEF
2447 * 7'h7_0 ECC UC load
2449 * 7'b7_1 through 7'b7_f UNDEF
2451 * Prime field Binary field
2452 * =========== ============
2453 * FUNCTION = 6'h0_0 Point multiplication R = k.P Point multiplication R = k.P
2454 * 6'h0_1 Point addition R = P + Q Binary GF inversion C(x) = 1 / A(x) mod F(x)
2455 * 6'h0_2 Point double R = 2 x P Binary GF multiplication C(x) = B(x) * A(x) mod F(x)
2456 * 6'h0_3 Point verification R ? Binary GF addition C(x) = B(x) + A(x) mod F(x)
2457 * 6'h0_4 Modular addition c = x + y mod m UNDEF
2458 * 6'h0_5 Modular substraction c = x - y mod m UNDEF
2459 * 6'h0_6 Modular multiplication c = x * y mod m UNDEF
2460 * 6'h0_7 Modular division c = x / y mod m UNDEF
2461 * 6'h0_8 Modular inversion c = 1 / y mod m UNDEF
2462 * 6'h0_9 Modular reduction c = x mod m UNDEF
2465 * through UNDEF UNDEF
2468 * Source Addr = 35 MSB of pointer to source address (i.e., cache-line aligned)
2470 * Software Scratch0 = Two bit field ignored by engine and returned as is in free descriptor
2472 * Global src data offset = Nb BYTES to right-shift data by before presenting it to engines
2473 * (0-7); allows realignment of byte-aligned, non-double-word aligned data
2477 * OpCtrl1 = ModulusWidth[10:0] Not used
2480 * Modulus Width = 11-bit expression of modulus width EXPRESSED IN NUMBER OF BITS
2482 * Dest Addr = 35 MSB of pointer to destination address (i.e., cache-line aligned)
2484 * Software Scratch1 = Two bit field ignored by engine and returned as is in free descriptor
2486 * Global dst data offset = Nb BYTES to left-shift (double-word boundary aligned) data by before writing it to memory
2495 /**********************************************************
2497 * ECC prime data formats *
2499 **********************************************************
2502 * The size of all quantities below is that of the precision
2503 * of the chosen op (160, 192, ...) ROUNDED UP to a multiple
2504 * of 8 bytes, i.e., 3 dwords (160, 192), 4 dwords (224, 256)
2505 * 6 dwords (384) and 8 dwords (512) and padded with zeroes
2508 * The only exception to this is the key quantity (k) which
2509 * needs to be rounded up to 32 bytes in all cases and padded
2510 * with zeroes; therefore the key needs to be 4 dwords (160, 192,
2511 * 224, 256) or 8 dwords (384, 512)
2513 * The total lengths in dwords that are read and in
2514 * bytes that are written, for each operation and
2515 * length group, are specified at the bottom of each
2518 * In all that follows, m is the modulus and cst is the constant,
2519 * cst = 2 ^ (2*length + 4) mod m . a and b are the curve
2526 * src+glb_off-> Dword_0 N/A
2533 * 1) Point multiplication R(x_r, y_r) = k . P(x_p, y_p)
2537 * src+glb_off-> x_p dst+glb_off-> x_r
2545 * 7x(3/4/6/8)+(4/4/8/8)=
2548 * 2) Point addition R(x_r, y_r) = P(x_p, y_p) + Q(x_q, y_q)
2552 * src+glb_off-> x_p dst+glb_off-> x_r
2562 * 3) Point double R(x_r, y_r) = 2 . P(x_p, y_p)
2566 * src+glb_off-> x_p dst+glb_off-> x_r
2574 * 4) Point verification Is_On_Curve = P(x_p, y_p) on curve ? 1 : 0
2578 * src+glb_off-> x_p dst+glb_off-> Is_On_Curve
2587 * 5) Modular addition c = x + y mod m
2591 * src+glb_off-> x dst+glb_off-> c
2597 * 6) Modular substraction c = x - y mod m
2601 * src+glb_off-> x dst+glb_off-> c
2607 * 7) Modular multiplication c = x * y mod m
2611 * src+glb_off-> x dst+glb_off-> c
2618 * 8) Modular division c = x / y mod m
2622 * src+glb_off-> y dst+glb_off-> c
2628 * 9) Modular inversion c = 1 / y mod m
2632 * src+glb_off-> y dst+glb_off-> c
2637 * 10) Modular reduction c = x mod m
2641 * src+glb_off-> x dst+glb_off-> c
2648 /**********************************************************
2650 * ECC binary data formats *
2652 **********************************************************
2655 * The size of all quantities below is that of the precision
2656 * of the chosen op (163, 191, 233) ROUNDED UP to a multiple
2657 * of 8 bytes, i.e. 3 dwords for (163, 191) and 4 dwords for
2658 * (233), padded with zeroes as necessary.
2660 * The total lengths in dwords that are read and written,
2661 * for each operation and length group, are specified
2662 * at the bottom of each datastructure.
2663 * In all that follows, b is the curve parameter.
2665 * 1) Point multiplication R(x_r, y_r) = k . P(x_p, y_p)
2669 * src+glb_off-> b dst+glb_off-> x_r
2676 * 2) Binary GF inversion C(x) = 1 / A(x) mod F(x)
2680 * src+glb_off-> A dst+glb_off-> C
2684 * 3) Binary GF multiplication C(x) = B(x) * A(x) mod F(x)
2688 * src+glb_off-> A dst+glb_off-> C
2693 * 4) Binary GF addition C(x) = B(x) + A(x) mod F(x)
2697 * src+glb_off-> A dst+glb_off-> C
2711 * As specified in the datastructures below,
2712 * the engine assumes all data (including
2713 * exponent and modulus) to be adjacent on
2714 * dword boundaries, e.g.,
2716 * Operation length = 512 bits
2717 * Exponent length = 16 bits
2718 * Modulus length = 512 bits
2720 * The engine expects to read:
2723 * -----------------------
2725 * -----------------------
2727 * -----------------------
2729 * -----------------------
2731 * -----------------------
2733 * -----------------------
2735 * -----------------------
2737 * -----------------------
2739 * -----------------------
2740 * | IGNORED |B1|B0| Exponent0 (Exponent length = 16 bits = 2 bytes, so only 2 least significant bytes of exponent used)
2741 * -----------------------
2743 * -----------------------
2745 * -----------------------
2747 * -----------------------
2749 * -----------------------
2751 * -----------------------
2753 * -----------------------
2755 * -----------------------
2757 * -----------------------
2759 * -----------------------
2761 * -----------------------
2763 * -----------------------
2765 * -----------------------
2767 * -----------------------
2769 * -----------------------
2771 * -----------------------
2773 * -----------------------
2777 /* #define PUBKEY_CTL_CTL */
2778 #define PUBKEY_CTL_CTL_LSB 61
2779 #define PUBKEY_CTL_CTL_BITS THREE_BITS
2780 #define PUBKEY_CTL_CTL_MASK (PUBKEY_CTL_CTL_BITS << PUBKEY_CTL_CTL_LSB)
2782 /* #define PUBKEY_CTL_OP_CLASS */
2783 #define PUBKEY_CTL_OP_CLASS_RSA 0
2784 #define PUBKEY_CTL_OP_CLASS_ECC 1
2785 #define PUBKEY_CTL_OP_CLASS_LSB 54
2786 #define PUBKEY_CTL_OP_CLASS_BITS SEVEN_BITS
2787 #define PUBKEY_CTL_OP_CLASS_MASK (PUBKEY_CTL_OP_CLASS_BITS << PUBKEY_CTL_OP_CLASS_LSB)
2789 /* #define PUBKEY_CTL_VALID */
2790 #define PUBKEY_CTL_VALID_FALSE 0
2791 #define PUBKEY_CTL_VALID_TRUE 1
2792 #define PUBKEY_CTL_VALID_LSB 53
2793 #define PUBKEY_CTL_VALID_BITS ONE_BIT
2794 #define PUBKEY_CTL_VALID_MASK \
2795 (PUBKEY_CTL_VALID_BITS << PUBKEY_CTL_VALID_LSB)
2797 /* #define PUBKEY_CTL_ECC_TYPE */
2798 #define PUBKEY_CTL_ECC_TYPE_PRIME_160 0
2799 #define PUBKEY_CTL_ECC_TYPE_PRIME_192 1
2800 #define PUBKEY_CTL_ECC_TYPE_PRIME_224 2
2801 #define PUBKEY_CTL_ECC_TYPE_PRIME_256 3
2802 #define PUBKEY_CTL_ECC_TYPE_PRIME_384 4
2803 #define PUBKEY_CTL_ECC_TYPE_PRIME_512 5
2804 #define PUBKEY_CTL_ECC_TYPE_BIN_163 0x20
2805 #define PUBKEY_CTL_ECC_TYPE_BIN_191 0x21
2806 #define PUBKEY_CTL_ECC_TYPE_BIN_233 0x22
2807 #define PUBKEY_CTL_ECC_TYPE_UC_LOAD 0x70
2808 #define PUBKEY_CTL_ECC_TYPE_LSB 46
2809 #define PUBKEY_CTL_ECC_TYPE_BITS SEVEN_BITS
2810 #define PUBKEY_CTL_ECC_TYPE_MASK (PUBKEY_CTL_ECC_TYPE_BITS << PUBKEY_CTL_ECC_TYPE_LSB)
2812 /* #define PUBKEY_CTL_ECC_FUNCTION */
2813 #define PUBKEY_CTL_ECC_FUNCTION_NOP 0
2814 #define PUBKEY_CTL_ECC_FUNCTION_POINT_MUL 0
2815 #define PUBKEY_CTL_ECC_FUNCTION_POINT_ADD 1
2816 #define PUBKEY_CTL_ECC_FUNCTION_POINT_DBL 2
2817 #define PUBKEY_CTL_ECC_FUNCTION_POINT_VFY 3
2818 #define PUBKEY_CTL_ECC_FUNCTION_MODULAR_ADD 4
2819 #define PUBKEY_CTL_ECC_FUNCTION_MODULAR_SUB 5
2820 #define PUBKEY_CTL_ECC_FUNCTION_MODULAR_MUL 6
2821 #define PUBKEY_CTL_ECC_FUNCTION_MODULAR_DIV 7
2822 #define PUBKEY_CTL_ECC_FUNCTION_MODULAR_INV 8
2823 #define PUBKEY_CTL_ECC_FUNCTION_MODULAR_RED 9
2824 #define PUBKEY_CTL_ECC_FUNCTION_LSB 40
2825 #define PUBKEY_CTL_ECC_FUNCTION_BITS SIX_BITS
2826 #define PUBKEY_CTL_ECC_FUNCTION_MASK (PUBKEY_CTL_ECC_FUNCTION_BITS << PUBKEY_CTL_ECC_FUNCTION_LSB)
2828 /* #define PUBKEY_CTL_BLKWIDTH */
2829 #define PUBKEY_CTL_BLKWIDTH_512 0
2830 #define PUBKEY_CTL_BLKWIDTH_1024 1
2831 #define PUBKEY_CTL_BLKWIDTH_LSB 52
2832 #define PUBKEY_CTL_BLKWIDTH_BITS ONE_BIT
2833 #define PUBKEY_CTL_BLKWIDTH_MASK \
2834 (PUBKEY_CTL_BLKWIDTH_BITS << PUBKEY_CTL_BLKWIDTH_LSB)
2836 /* #define PUBKEY_CTL_LD_CONST */
2837 #define PUBKEY_CTL_LD_CONST_OLD 0
2838 #define PUBKEY_CTL_LD_CONST_NEW 1
2839 #define PUBKEY_CTL_LD_CONST_LSB 51
2840 #define PUBKEY_CTL_LD_CONST_BITS ONE_BIT
2841 #define PUBKEY_CTL_LD_CONST_MASK \
2842 (PUBKEY_CTL_LD_CONST_BITS << PUBKEY_CTL_LD_CONST_LSB)
2844 /* #define PUBKEY_CTL_EXPWIDTH */
2845 #define PUBKEY_CTL_EXPWIDTH_LSB 40
2846 #define PUBKEY_CTL_EXPWIDTH_BITS ELEVEN_BITS
2847 #define PUBKEY_CTL_EXPWIDTH_MASK \
2848 (PUBKEY_CTL_EXPWIDTH_BITS << PUBKEY_CTL_EXPWIDTH_LSB)
2850 /* #define PUBKEY_CTL_SRCADDR */
2851 #define PUBKEY_CTL_SRCADDR_LSB 0
2852 #define PUBKEY_CTL_SRCADDR_BITS FOURTY_BITS
2853 #define PUBKEY_CTL_SRCADDR_MASK \
2854 (PUBKEY_CTL_SRCADDR_BITS << PUBKEY_CTL_SRCADDR_LSB)
2856 /* #define PUBKEY_CTL_SRC_OFFSET */
2857 #define PUBKEY_CTL_SRC_OFFSET_LSB 0
2858 #define PUBKEY_CTL_SRC_OFFSET_BITS THREE_BITS
2859 #define PUBKEY_CTL_SRC_OFFSET_MASK \
2860 (PUBKEY_CTL_SRC_OFFSET_BITS << PUBKEY_CTL_SRC_OFFSET_LSB)
2863 /* #define PUBKEY_CTL1_CTL */
2864 #define PUBKEY_CTL1_CTL_LSB 61
2865 #define PUBKEY_CTL1_CTL_BITS THREE_BITS
2866 #define PUBKEY_CTL1_CTL_MASK (PUBKEY_CTL_CTL_BITS << PUBKEY_CTL_CTL_LSB)
2868 /* #define PUBKEY_CTL1_MODWIDTH */
2869 #define PUBKEY_CTL1_MODWIDTH_LSB 40
2870 #define PUBKEY_CTL1_MODWIDTH_BITS ELEVEN_BITS
2871 #define PUBKEY_CTL1_MODWIDTH_MASK \
2872 (PUBKEY_CTL1_MODWIDTH_BITS << PUBKEY_CTL1_MODWIDTH_LSB)
2874 /* #define PUBKEY_CTL1_DSTADDR */
2875 #define PUBKEY_CTL1_DSTADDR_LSB 0
2876 #define PUBKEY_CTL1_DSTADDR_BITS FOURTY_BITS
2877 #define PUBKEY_CTL1_DSTADDR_MASK \
2878 (PUBKEY_CTL1_DSTADDR_BITS << PUBKEY_CTL1_DSTADDR_LSB)
2880 /* #define PUBKEY_CTL1_DST_OFFSET */
2881 #define PUBKEY_CTL1_DST_OFFSET_LSB 0
2882 #define PUBKEY_CTL1_DST_OFFSET_BITS THREE_BITS
2883 #define PUBKEY_CTL1_DST_OFFSET_MASK \
2884 (PUBKEY_CTL1_DST_OFFSET_BITS << PUBKEY_CTL1_DST_OFFSET_LSB)
2887 * Upon completion of operation, the RSA block returns a 2-word free descriptor
2888 * in the following format:
2890 * 63 61 60 54 53 52 51 49 48 40 39 5 4 3 2 0
2891 * -------------------------------------------------------------------------------------------------------------------------
2892 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address | Software Scratch0 | Global src data offset |
2893 * -------------------------------------------------------------------------------------------------------------------------
2894 * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address | Software Scratch1 | Global dst data offset |
2895 * -------------------------------------------------------------------------------------------------------------------------
2897 * The Control and Data Error codes are enumerated below
2902 * Control Error Code Control Error Condition
2903 * ------------------ -----------------------
2905 * 9'h001 Undefined Op Class
2906 * 9'h002 Undefined ECC TYPE (ECC only)
2907 * 9'h004 Undefined ECC FUNCTION (ECC only)
2908 * 9'h008 ECC timeout (ECC only)
2912 * 9'h080 Data Read Error
2913 * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP)
2915 * Data Error Code Data Error Condition
2916 * --------------- --------------------
2918 * 9'h001 Exponent Width > Block Width (RSA Only)
2919 * 9'h002 Modulus Width > Block Width (RSA Only)
2925 * 9'h080 Data Read Error
2930 * Result Data Word for Message Ring Descriptor
2933 /* #define PUBKEY_RSLT_CTL_CTL */
2934 #define PUBKEY_RSLT_CTL_CTL_LSB 61
2935 #define PUBKEY_RSLT_CTL_CTL_BITS THREE_BITS
2936 #define PUBKEY_RSLT_CTL_CTL_MASK \
2937 (PUBKEY_RSLT_CTL_CTL_BITS << PUBKEY_RSLT_CTL_CTL_LSB)
2939 /* #define PUBKEY_RSLT_CTL_DST_ID */
2940 #define PUBKEY_RSLT_CTL_DST_ID_LSB 54
2941 #define PUBKEY_RSLT_CTL_DST_ID_BITS SEVEN_BITS
2942 #define PUBKEY_RSLT_CTL_DST_ID_MASK \
2943 (PUBKEY_RSLT_CTL_DST_ID_BITS << PUBKEY_RSLT_CTL_DST_ID_LSB)
2945 /* #define PUBKEY_RSLT_CTL_DESC_CTL */
2946 #define PUBKEY_RSLT_CTL_DESC_CTL_LSB 49
2947 #define PUBKEY_RSLT_CTL_DESC_CTL_BITS THREE_BITS
2948 #define PUBKEY_RSLT_CTL_DESC_CTL_MASK \
2949 (PUBKEY_RSLT_CTL_DESC_CTL_BITS << PUBKEY_RSLT_CTL_DESC_CTL_LSB)
2952 /* #define PUBKEY_RSLT_CTL_ERROR */
2953 #define PUBKEY_RSLT_CTL_ERROR_LSB 40
2954 #define PUBKEY_RSLT_CTL_ERROR_BITS NINE_BITS
2955 #define PUBKEY_RSLT_CTL_ERROR_MASK \
2956 (PUBKEY_RSLT_CTL_ERROR_BITS << PUBKEY_RSLT_CTL_ERROR_LSB)
2958 /* #define PUBKEY_RSLT_CTL_SRCADDR */
2959 #define PUBKEY_RSLT_CTL_SRCADDR_LSB 0
2960 #define PUBKEY_RSLT_CTL_SRCADDR_BITS FOURTY_BITS
2961 #define PUBKEY_RSLT_CTL_SRCADDR_MASK \
2962 (PUBKEY_RSLT_CTL_SRCADDR_BITS << PUBKEY_RSLT_CTL_SRCADDR_LSB)
2965 /* #define PUBKEY_RSLT_DATA_CTL */
2966 #define PUBKEY_RSLT_DATA_CTL_LSB 61
2967 #define PUBKEY_RSLT_DATA_CTL_BITS THREE_BITS
2968 #define PUBKEY_RSLT_DATA_CTL_MASK \
2969 (PUBKEY_RSLT_DATA_CTL_BITS << PUBKEY_RSLT_DATA_CTL_LSB)
2971 /* #define PUBKEY_RSLT_DATA_DST_ID */
2972 #define PUBKEY_RSLT_DATA_DST_ID_LSB 54
2973 #define PUBKEY_RSLT_DATA_DST_ID_BITS SEVEN_BITS
2974 #define PUBKEY_RSLT_DATA_DST_ID_MASK \
2975 (PUBKEY_RSLT_DATA_DST_ID_BITS << PUBKEY_RSLT_DATA_DST_ID_LSB)
2977 /* #define PUBKEY_RSLT_DATA_DESC_CTL */
2978 #define PUBKEY_RSLT_DATA_DESC_CTL_LSB 49
2979 #define PUBKEY_RSLT_DATA_DESC_CTL_BITS THREE_BITS
2980 #define PUBKEY_RSLT_DATA_DESC_CTL_MASK \
2981 (PUBKEY_RSLT_DATA_DESC_CTL_BITS << PUBKEY_RSLT_DATA_DESC_CTL_LSB)
2983 /* #define PUBKEY_RSLT_DATA_ERROR */
2984 #define PUBKEY_RSLT_DATA_ERROR_LSB 40
2985 #define PUBKEY_RSLT_DATA_ERROR_BITS NINE_BITS
2986 #define PUBKEY_RSLT_DATA_ERROR_MASK \
2987 (PUBKEY_RSLT_DATA_ERROR_BITS << PUBKEY_RSLT_DATA_ERROR_LSB)
2989 /* #define PUBKEY_RSLT_DATA_DSTADDR */
2990 #define PUBKEY_RSLT_DATA_DSTADDR_LSB 40
2991 #define PUBKEY_RSLT_DATA_DSTADDR_BITS FOURTY_BITS
2992 #define PUBKEY_RSLT_DATA_DSTADDR_MASK \
2993 (PUBKEY_RSLT_DATA_DSTADDR_BITS << PUBKEY_RSLT_DATA_DSTADDR_LSB)
2996 * ******************************************************************
2997 * RSA Block - Data Error Code and Conditions
2998 * ******************************************************************
3001 #define PK_CTL_ERR_NONE 0x0000 /* No Error */
3002 #define PK_CTL_ERR_OP_CLASS 0x0001 /* Undefined Op Class */
3003 #define PK_CTL_ERR_ECC_TYPE 0x0002 /* Undefined ECC TYPE (ECC only) */
3004 #define PK_CTL_ERR_ECC_FUNCT 0x0004 /* Undefined ECC FUNCTION (ECC only) */
3005 #define PK_CTL_ERR_ECC_TIMEOUT 0x0008 /* ECC timeout (ECC only) */
3006 #define PK_CTL_ERR_READ 0x0080 /* Data Read Error */
3007 #define PK_CTL_ERR_DESC 0x0100 /* Descriptor Ctrl Field Error
3008 * (D0.Ctrl != SOP || D1.Ctrl != EOP) */
3009 #define PK_CTL_ERR_TIMEOUT 0x1000 /* Message Responce Timeout */
3011 #define PK_DATA_ERR_NONE 0x0000 /* No Error */
3012 #define PK_DATA_ERR_EXP_WIDTH 0x0001 /* Exponent Width > Block Width */
3013 #define PK_DATA_ERR_MOD_WIDTH 0x0002 /* Modulus Width > Block Width */
3014 #define PK_DATA_ERR_READ 0x0080 /* Data Read Error */
3018 * This defines the RSA data format
3021 * typedef struct RSAData_s {
3022 * uint64_t Constant;
3023 * uint64_t Exponent;
3026 *} RSAData_t, *RSAData_pt;
3028 * typedef RSAData_t DHData_t;
3029 * typedef RSAData_pt DHData_pt;
3032 typedef struct UserPubData_s {
3034 uint8_t *user_result;
3035 uint32_t result_length;
3036 } UserPubData_t, *UserPubData_pt;
3038 typedef struct pubkey_desc {
3039 OperationDescriptor_t op_ctl; /* size is cacheline */
3040 uint8_t source[1024];
3041 uint8_t dest[256]; /* 1024 makes cacheline-aligned */
3044 uint64_t ctl_result;
3045 uint64_t data_result;
3046 struct pubkey_desc *alloc;
3047 UserPubData_t kern; /* ptrs for temp buffers */
3048 //volatile atomic_t flag_complete;
3049 //struct semaphore sem_complete;
3050 //wait_queue_t submit_wait;
3051 } pubkey_desc_t, *pubkey_desc_pt;
3054 * KASUMI F8 and F9 use the IV0/IV1 fields :
3056 * 63 41 40 39 37 36 32 31 0
3057 * ----------------------------------------------------------------------------
3058 * | |FX/DIRECTION| | F8/BEARER | F8/COUNT | IV0
3059 * ----------------------------------------------------------------------------
3063 * ----------------------------------------------------------------------------
3064 * | F9/FRESH | F9/COUNT | IV1
3065 * ----------------------------------------------------------------------------
3068 #endif /* _XLR_SEC_DESC_H_ */
projects / FreeBSD / releng / 10.0.git / blob