Date: Thu, 15 Oct 2009 21:08:06 +0000 (UTC) From: Randall Stewart <rrs@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r198157 - in projects/mips/sys/dev/rmi: sec xlr Message-ID: <200910152108.n9FL86Zx084803@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rrs Date: Thu Oct 15 21:08:06 2009 New Revision: 198157 URL: http://svn.freebsd.org/changeset/base/198157 Log: Adds the untouched code from the RMI 6.4 stuff. This has a security device and the gig ethernet device. Note the 10gig device driver is yet missing. Added: projects/mips/sys/dev/rmi/sec/desc.h (contents, props changed) projects/mips/sys/dev/rmi/sec/rmilib.c projects/mips/sys/dev/rmi/sec/rmilib.h projects/mips/sys/dev/rmi/sec/rmisec.c projects/mips/sys/dev/rmi/sec/stats.h projects/mips/sys/dev/rmi/xlr/atx_cpld.h projects/mips/sys/dev/rmi/xlr/rge.c projects/mips/sys/dev/rmi/xlr/rge.h projects/mips/sys/dev/rmi/xlr/xgmac_mdio.h Added: projects/mips/sys/dev/rmi/sec/desc.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/mips/sys/dev/rmi/sec/desc.h Thu Oct 15 21:08:06 2009 (r198157) @@ -0,0 +1,3066 @@ +/*- + * Copyright (c) 2003-2009 RMI Corporation + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of RMI Corporation, nor the names of its contributors, + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * RMI_BSD */ +#ifndef _DESC_H_ +#define _DESC_H_ + + +#define ONE_BIT 0x0000000000000001ULL +#define TWO_BITS 0x0000000000000003ULL +#define THREE_BITS 0x0000000000000007ULL +#define FOUR_BITS 0x000000000000000fULL +#define FIVE_BITS 0x000000000000001fULL +#define SIX_BITS 0x000000000000003fULL +#define SEVEN_BITS 0x000000000000007fULL +#define EIGHT_BITS 0x00000000000000ffULL +#define NINE_BITS 0x00000000000001ffULL +#define ELEVEN_BITS 0x00000000000007ffULL +#define TWELVE_BITS 0x0000000000000fffULL +#define FOURTEEN_BITS 0x0000000000003fffULL +#define TWENTYFOUR_BITS 0x0000000000ffffffULL +#define THIRTY_TWO_BITS 0x00000000ffffffffULL +#define THIRTY_FIVE_BITS 0x00000007ffffffffULL +#define FOURTY_BITS 0x000000ffffffffffULL + +#define MSG_IN_CTL_LEN_BASE 40 +#define MSG_IN_CTL_ADDR_BASE 0 + +#define GET_FIELD(word,field) \ + ((word) & (field ## _MASK)) >> (field ## _LSB) + +#define FIELD_VALUE(field,value) (((value) & (field ## _BITS)) << (field ## _LSB)) + +/* + * NOTE: this macro expects 'word' to be uninitialized (i.e. zeroed) + */ +#define SET_FIELD(word,field,value) \ + { (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); } + +/* + * This macro clears 'word', then sets the value + */ +#define CLEAR_SET_FIELD(word,field,value) \ + { (word) &= ~((field ## _BITS) << (field ## _LSB)); \ + (word) |= (((value) & (field ## _BITS)) << (field ## _LSB)); } + +/* + * NOTE: May be used to build value specific mask + * (e.g. GEN_MASK(CTL_DSC_CPHR_3DES,CTL_DSC_CPHR_LSB) + */ +#define GEN_MASK(bits,lsb) ((bits) << (lsb)) + + + + +/* + * Security block data and control exchange + * + * A 2-word message ring descriptor is used to pass a pointer to the control descriptor data structure + * and a pointer to the packet descriptor data structure: + * + * 63 61 60 54 53 52 49 48 45 44 40 + * 39 5 4 0 + * --------------------------------------------------------------------------------------------------------------------------------------------------------- + * | Ctrl | Resp Dest Id Entry0 | IF_L2ALLOC | UNUSED | Control Length | UNUSED + * | 35 MSB of address of control descriptor data structure | Software Scratch0 + * | + * --------------------------------------------------------------------------------------------------------------------------------------------------------- + * 3 7 1 4 4 5 + * 35 5 + * + * 63 61 60 54 53 52 51 50 46 45 44 40 39 5 4 0 + * --------------------------------------------------------------------------------------------------------------------------------------------------------- + * | Ctrl | UNUSED | WRB_COH | WRB_L2ALLOC | DF_PTR_L2ALLOC | UNUSED | Data Length | UNUSED | 35 MSB of address of packet descriptor data structure | UNUSED | + * --------------------------------------------------------------------------------------------------------------------------------------------------------- + * 3 7 1 1 1 5 1 5 35 5 + * + * Addresses assumed to be cache-line aligned, i.e., Address[4:0] ignored (using 5'h00 instead) + * + * Control length is the number of control cachelines to be read so user needs + * to round up + * the control length to closest integer multiple of 32 bytes. Note that at + * present (08/12/04) + * the longest (sensical) ctrl structure is <= 416 bytes, i.e., 13 cachelines. + * + * The packet descriptor data structure size is fixed at 1 cacheline (32 bytes). + * This effectively makes "Data Length" a Load/NoLoad bit. NoLoad causes an abort. + * + * + * Upon completion of operation, the security block returns a 2-word free descriptor + * in the following format: + * + * 63 61 60 54 53 52 51 49 48 47 40 39 0 + * ---------------------------------------------------------------------------------------------------------------------------- + * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Instruction Error | Address of control descriptor data structure | + * ---------------------------------------------------------------------------------------------------------------------------- + * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | 1'b0 | Data Error | Address of packet descriptor data structure | + * ---------------------------------------------------------------------------------------------------------------------------- + * + * The Instruction and Data Error codes are enumerated in the + * ControlDescriptor and PacketDescriptor sections below + * + */ + + +/* + * Operating assumptions + * ===================== + * + * + * -> For all IpSec ops, I assume that all the IP/IPSec/TCP headers + * and the data are present at the specified source addresses. + * I also assume that all necessary header data already exists + * at the destination. Additionally, in AH I assume that all + * mutable fields (IP.{TOS, Flags, Offset, TTL, Header_Checksum}) + * and the AH.Authentication_Data have been zeroed by the client. + * + * + * -> In principle, the HW can calculate TCP checksums on both + * incoming and outgoing data; however, since the TCP header + * contains the TCP checksum of the plain payload and the header + * is encrypted, two passes would be necessary to do checksum + encryption + * for outgoing messages; + * therefore the checksum engine will likely only be used during decryption + * (incoming). + * + * + * -> For all operations involving TCP checksum, I assume the client has filled + * the TCP checksum field with the appropriate value: + * + * - 0 for generation phase + * - actual value for verification phase (expecting 0 result) + * + * + * -> For ESP tunnel, the original IP header exists between the end of the + * ESP header and the beginning of the TCP header; it is assumed that the + * maximum length of this header is 16 k(32bit)words (used in CkSum_Offset). + * + * + * -> The authentication data is merely written to the destination address; + * the client is left with the task of comparing to the data in packet + * in decrypt. + * + * -> PacketDescriptor_t.dstLLWMask relevant to AES CTR mode only but it will + * affect all AES-related operations. It will not affect DES/3DES/bypass ops. + * The mask is applied to data as it emerges from the AES engine for the sole + * purpose of providing the authenticator and cksum engines with correct data. + * CAVEAT: the HW does not mask the incoming data. It is the user's responsibility + * to set to 0 the corresponding data in memory. If the surplus data is not masked + * in memory, cksum/auth results will be incorrect if those engines receive data + * straight from memory (i.e., not from cipher, as it happens while decoding) + */ + +/* + * Fragmentation and offset related notes + * ====================================== + * + * + * A) Rebuilding packets from fragments on dword boundaries. The discussion + * below is exemplified by tests memcpy_all_off_frags and memcpy_same_off_frags + * + * 1) The Offset before data/iv on first fragment is ALWAYS written back + * Non-zero dst dword or global offsets may cause more data to be + * written than the user-specified length. + * + * + * Example: + * -------- + * + * Below is a source (first fragment) packet (@ ADD0 cache-aligned address). + * Assume we just copy it and relevant data starts on + * dword 3 so Cipher_Offset = IV_Offset = 3 (dwords). + * D0X denotes relevant data and G denotes dont care data. + * Offset data is also copied so Packet_Legth = 9 (dwords) * 8 = 72 (bytes) + * Segment_src_address = ADD0 + * + * If we want to, e.g., copy so that the relevant (i.e., D0X) data + * starts at (cache-aligned address) ADD1, we need to specify + * Dst_dword_offset = 1 so D00 is moved from dword position 3 to 0 on next cache-line + * Cipher_dst_address = ADD1 - 0x20 so D00 is written to ADD1 + * + * Note that the security engine always writes full cachelines + * therefore, data written to dword0 0 of ADD1 (denoted w/ ?) is what the sec pipe + * write back buffer contained from previous op. + * + * + * SOURCE: DESTINATION: + * ------- ------------ + * + * Segment_src_address = ADD0 Cipher_dst_address = ADD1 - 0x20 + * Packet_Legth = 72 Dst_dword_offset = 1 + * Cipher_Offset = 3 + * IV_Offset = 3 + * Use_IV = ANY + * + * + * + * 3 2 1 0 3 2 1 0 + * ----------------------- ----------------------- + * | D00 | G | G | G | <- ADD0 | G | G | G | ? | <- ADD1 - 0x20 + * ----------------------- ----------------------- + * | D04 | D03 | D02 | D01 | | D03 | D02 | D01 | D00 | <- ADD1 + * ----------------------- ----------------------- + * | | | | D05 | | | | D05 | D04 | + * ----------------------- ----------------------- + * + * 2) On fragments following the first, IV_Offset is overloaded to mean data offset + * (number of dwords to skip from beginning of cacheline before starting processing) + * and Use_IV is overloaded to mean do writeback the offset (in the clear). + * These fields in combination with Dst_dword_offset allow packet fragments with + * arbitrary boundaries/lengthd to be reasembled. + * + * + * Example: + * -------- + * + * Assume data above was first fragment of a packet we'd like to merge to + * (second) fragment below located at ADD2. The written data should follow + * the previous data without gaps or overwrites. To achieve this, one should + * assert the "Next" field on the previous fragment and use self-explanatory + * set of parameters below + * + * + * SOURCE: DESTINATION: + * ------- ------------ + * + * Segment_src_address = ADD2 Cipher_dst_address = ADD1 + 0x20 + * Packet_Legth = 104 Dst_dword_offset = 1 + * IV_Offset = 1 + * Use_IV = 0 + * + * + * + * 3 2 1 0 3 2 1 0 + * ----------------------- ----------------------- + * | D12 | D11 | D10 | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20 + * ----------------------- ----------------------- + * | D16 | D15 | D14 | D13 | | D03 | D02 | D01 | D00 | <- ADD1 + * ----------------------- ----------------------- + * | D1a | D19 | D18 | D17 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20 + * ----------------------- ----------------------- + * | | | | D1b | | D15 | D14 | D13 | D12 | + * ----------------------- ----------------------- + * | D19 | D18 | D17 | D16 | + * ----------------------- + * | | | D1b | D1a | + * ----------------------- + * + * It is note-worthy that the merging can only be achieved if Use_IV is 0. Indeed, the security + * engine always writes full lines, therefore ADD1 + 0x20 will be re-written. Setting Use_IV to 0 + * will allow the sec pipe write back buffer to preserve D04, D05 from previous frag and only + * receive D10, D11 thereby preserving the integrity of the previous data. + * + * 3) On fragments following the first, !UseIV in combination w/ Dst_dword_offset >= (4 - IV_Offset) + * will cause a wraparound of the write thus achieving all 16 possible (Initial_Location, Final_Location) + * combinations for the data. + * + * + * Example: + * -------- + * + * Contiguously merging 2 data sets above with a third located at ADD3. If this is the last fragment, + * reset its Next bit. + * + * + * SOURCE: DESTINATION: + * ------- ------------ + * + * Segment_src_address = ADD3 Cipher_dst_address = ADD1 + 0x80 + * Packet_Legth = 152 Dst_dword_offset = 3 + * IV_Offset = 3 + * Use_IV = 0 + * + * + * + * 3 2 1 0 3 2 1 0 + * ----------------------- ----------------------- + * | D20 | G | G | G | <- ADD2 | G | G | G | ? | <- ADD1 - 0x20 + * ----------------------- ----------------------- + * | D24 | D23 | D22 | D21 | | D03 | D02 | D01 | D00 | <- ADD1 + * ----------------------- ----------------------- + * | D28 | D27 | D26 | D25 | | D11 | D10 | D05 | D04 | <- ADD1 + 0x20 + * ----------------------- ----------------------- + * | D2c | D2b | D2a | D29 | | D15 | D14 | D13 | D12 | + * ----------------------- ----------------------- + * | | D2f | D2e | D2d | | D19 | D18 | D17 | D16 | + * ----------------------- ----------------------- + * | D21 | D20 | D1b | D1a | <- ADD1 + 0x80 + * ----------------------- + * | D25 | D24 | D23 | D22 | + * ----------------------- + * | D29 | D28 | D27 | D26 | + * ----------------------- + * | D2d | D2c | D2b | D2a | + * ----------------------- + * |(D2d)|(D2c)| D2f | D2e | + * ----------------------- + * + * It is worth noticing that always writing full-lines causes the last 2 dwords in the reconstituted + * packet to be unnecessarily written: (D2d) and (D2c) + * + * + * + * B) Implications of fragmentation on AES + * + * 1) AES is a 128 bit block cipher; therefore it requires an even dword total data length + * Data fragments (provided there are more than 1) are allowed to have odd dword + * data lengths provided the total length (cumulated over fragments) is an even dword + * count; an error will be generated otherwise, upon receiving the last fragment descriptor + * (see error conditions below). + * + * 2) While using fragments with AES, a fragment (other than first) starting with a != 0 (IV) offset + * while the subsequent total dword count given to AES is odd may not be required to write + * its offset (UseIV). Doing so will cause an error (see error conditions below). + * + * + * Example: + * -------- + * + * Suppose the first fragment has an odd DATA dword count and USES AES (as seen below) + * + * SOURCE: DESTINATION: + * ------- ------------ + * + * Segment_src_address = ADD0 Cipher_dst_address = ADD1 + * Packet_Legth = 64 Dst_dword_offset = 1 + * Cipher_Offset = 3 + * IV_Offset = 1 + * Use_IV = 1 + * Cipher = Any AES + * Next = 1 + * + * + * + * + * 3 2 1 0 3 2 1 0 + * ----------------------- ----------------------- + * | D00 | IV1 | IV0 | G | <- ADD0 | E00 | IV1 | IV0 | G | <- ADD1 + * ----------------------- ----------------------- + * | D04 | D03 | D02 | D01 | | X | E03 | E02 | E01 | + * ----------------------- ----------------------- + * + * At the end of processing of the previous fragment, the AES engine input buffer has D04 + * and waits for next dword, therefore the writeback buffer cannot finish writing the fragment + * to destination (X instead of E04). + * + * If a second fragment now arrives with a non-0 offset and requires the offset data to be + * written to destination, the previous write (still needing the arrival of the last dword + * required by the AES to complete the previous operation) cannot complete before the present + * should start causing a deadlock. + */ + +/* + * Command Control Word for Message Ring Descriptor + */ + +/* #define MSG_CMD_CTL_CTL */ +#define MSG_CMD_CTL_CTL_LSB 61 +#define MSG_CMD_CTL_CTL_BITS THREE_BITS +#define MSG_CMD_CTL_CTL_MASK (MSG_CMD_CTL_CTL_BITS << MSG_CMD_CTL_CTL_LSB) + +/* #define MSG_CMD_CTL_ID */ +#define MSG_CMD_CTL_ID_LSB 54 +#define MSG_CMD_CTL_ID_BITS SEVEN_BITS +#define MSG_CMD_CTL_ID_MASK (MSG_CMD_CTL_ID_BITS << MSG_CMD_CTL_ID_LSB) + +/* #define MSG_CMD_CTL_LEN */ +#define MSG_CMD_CTL_LEN_LSB 45 +#define MSG_CMD_CTL_LEN_BITS FOUR_BITS +#define MSG_CMD_CTL_LEN_MASK (MSG_CMD_CTL_LEN_BITS << MSG_CMD_CTL_LEN_LSB) + + +/* #define MSG_CMD_CTL_ADDR */ +#define MSG_CMD_CTL_ADDR_LSB 0 +#define MSG_CMD_CTL_ADDR_BITS FOURTY_BITS +#define MSG_CMD_CTL_ADDR_MASK (MSG_CMD_CTL_ADDR_BITS << MSG_CMD_CTL_ADDR_LSB) + +#define MSG_CMD_CTL_MASK (MSG_CMD_CTL_CTL_MASK | \ + MSG_CMD_CTL_LEN_MASK | MSG_CMD_CTL_ADDR_MASK) + +/* + * Command Data Word for Message Ring Descriptor + */ + +/* #define MSG_IN_DATA_CTL */ +#define MSG_CMD_DATA_CTL_LSB 61 +#define MSG_CMD_DATA_CTL_BITS THREE_BITS +#define MSG_CMD_DATA_CTL_MASK (MSG_CMD_DATA_CTL_BITS << MSG_CMD_DATA_CTL_LSB) + +/* #define MSG_CMD_DATA_LEN */ +#define MSG_CMD_DATA_LEN_LOAD 1 +#define MSG_CMD_DATA_LEN_LSB 45 +#define MSG_CMD_DATA_LEN_BITS ONE_BIT +#define MSG_CMD_DATA_LEN_MASK (MSG_CMD_DATA_LEN_BITS << MSG_CMD_DATA_LEN_LSB) + +/* #define MSG_CMD_DATA_ADDR */ +#define MSG_CMD_DATA_ADDR_LSB 0 +#define MSG_CMD_DATA_ADDR_BITS FOURTY_BITS +#define MSG_CMD_DATA_ADDR_MASK (MSG_CMD_DATA_ADDR_BITS << MSG_CMD_DATA_ADDR_LSB) + +#define MSG_CMD_DATA_MASK (MSG_CMD_DATA_CTL_MASK | \ + MSG_CMD_DATA_LEN_MASK | MSG_CMD_DATA_ADDR_MASK) + + +/* + * Upon completion of operation, the Sec block returns a 2-word free descriptor + * in the following format: + * + * 63 61 60 54 53 52 51 49 48 40 39 0 + * ---------------------------------------------------------------------------- + * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Control Error | Source Address | + * ---------------------------------------------------------------------------- + * | Ctrl | Destination Id | 2'b00 | Desc Ctrl | Data Error | Dest Address | + * ---------------------------------------------------------------------------- + * + * The Control and Data Error codes are enumerated below + * + * Error conditions + * ================ + * + * Control Error Code Control Error Condition + * ------------------ --------------------------- + * 9'h000 No Error + * 9'h001 Unknown Cipher Op ( Cipher == 3'h{6,7}) + * 9'h002 Unknown or Illegal Mode ((Mode == 3'h{2,3,4} & !AES) | (Mode == 3'h{5,6,7})) + * 9'h004 Unsupported CkSum Src (CkSum_Src == 2'h{2,3} & CKSUM) + * 9'h008 Forbidden CFB Mask (AES & CFBMode & UseNewKeysCFBMask & CFBMask[7] & (| CFBMask[6:0])) + * 9'h010 Unknown Ctrl Op ((| Ctrl[63:37]) | (| Ctrl[15:14])) + * 9'h020 UNUSED + * 9'h040 UNUSED + * 9'h080 Data Read Error + * 9'h100 Descriptor Ctrl Field Error (D0.Ctrl != SOP || D1.Ctrl != EOP) + * + * Data Error Code Data Error Condition + * --------------- -------------------- + * 9'h000 No Error + * 9'h001 Insufficient Data To Cipher (Packet_Length <= (Cipher_Offset or IV_Offset)) + * 9'h002 Illegal IV Location ((Cipher_Offset < IV_Offset) | (Cipher_Offset <= IV_Offset & AES & ~CTR)) + * 9'h004 Illegal Wordcount To AES (Packet_Length[3] != Cipher_Offset[0] & AES) + * 9'h008 Illegal Pad And ByteCount Spec (Hash_Byte_Count != 0 & !Pad_Hash) + * 9'h010 Insufficient Data To CkSum ({Packet_Length, 1'b0} <= CkSum_Offset) + * 9'h020 Unknown Data Op ((| dstLLWMask[63:60]) | (| dstLLWMask[57:40]) | (| authDst[63:40]) | (| ckSumDst[63:40])) + * 9'h040 Insufficient Data To Auth ({Packet_Length} <= Auth_Offset) + * 9'h080 Data Read Error + * 9'h100 UNUSED + */ + +/* + * Result Control Word for Message Ring Descriptor + */ + +/* #define MSG_RSLT_CTL_CTL */ +#define MSG_RSLT_CTL_CTL_LSB 61 +#define MSG_RSLT_CTL_CTL_BITS THREE_BITS +#define MSG_RSLT_CTL_CTL_MASK \ + (MSG_RSLT_CTL_CTL_BITS << MSG_RSLT_CTL_CTL_LSB) + +/* #define MSG_RSLT_CTL_DST_ID */ +#define MSG_RSLT_CTL_DST_ID_LSB 54 +#define MSG_RSLT_CTL_DST_ID_BITS SEVEN_BITS +#define MSG_RSLT_CTL_DST_ID_MASK \ + (MSG_RSLT_CTL_DST_ID_BITS << MSG_RSLT_CTL_DST_ID_LSB) + +/* #define MSG_RSLT_CTL_DSC_CTL */ +#define MSG_RSLT_CTL_DSC_CTL_LSB 49 +#define MSG_RSLT_CTL_DSC_CTL_BITS THREE_BITS +#define MSG_RSLT_CTL_DSC_CTL_MASK \ + (MSG_RSLT_CTL_DSC_CTL_BITS << MSG_RSLT_CTL_DSC_CTL_LSB) + +/* #define MSG_RSLT_CTL_INST_ERR */ +#define MSG_RSLT_CTL_INST_ERR_LSB 40 +#define MSG_RSLT_CTL_INST_ERR_BITS NINE_BITS +#define MSG_RSLT_CTL_INST_ERR_MASK \ + (MSG_RSLT_CTL_INST_ERR_BITS << MSG_RSLT_CTL_INST_ERR_LSB) + +/* #define MSG_RSLT_CTL_DSC_ADDR */ +#define MSG_RSLT_CTL_DSC_ADDR_LSB 0 +#define MSG_RSLT_CTL_DSC_ADDR_BITS FOURTY_BITS +#define MSG_RSLT_CTL_DSC_ADDR_MASK \ + (MSG_RSLT_CTL_DSC_ADDR_BITS << MSG_RSLT_CTL_DSC_ADDR_LSB) + +/* #define MSG_RSLT_CTL_MASK */ +#define MSG_RSLT_CTL_MASK \ + (MSG_RSLT_CTL_CTRL_MASK | MSG_RSLT_CTL_DST_ID_MASK | \ + MSG_RSLT_CTL_DSC_CTL_MASK | MSG_RSLT_CTL_INST_ERR_MASK | \ + MSG_RSLT_CTL_DSC_ADDR_MASK) + +/* + * Result Data Word for Message Ring Descriptor + */ +/* #define MSG_RSLT_DATA_CTL */ +#define MSG_RSLT_DATA_CTL_LSB 61 +#define MSG_RSLT_DATA_CTL_BITS THREE_BITS +#define MSG_RSLT_DATA_CTL_MASK \ + (MSG_RSLT_DATA_CTL_BITS << MSG_RSLT_DATA_CTL_LSB) + +/* #define MSG_RSLT_DATA_DST_ID */ +#define MSG_RSLT_DATA_DST_ID_LSB 54 +#define MSG_RSLT_DATA_DST_ID_BITS SEVEN_BITS +#define MSG_RSLT_DATA_DST_ID_MASK \ + (MSG_RSLT_DATA_DST_ID_BITS << MSG_RSLT_DATA_DST_ID_LSB) + +/* #define MSG_RSLT_DATA_DSC_CTL */ +#define MSG_RSLT_DATA_DSC_CTL_LSB 49 +#define MSG_RSLT_DATA_DSC_CTL_BITS THREE_BITS +#define MSG_RSLT_DATA_DSC_CTL_MASK \ + (MSG_RSLT_DATA_DSC_CTL_BITS << MSG_RSLT_DATA_DSC_CTL_LSB) + +/* #define MSG_RSLT_DATA_INST_ERR */ +#define MSG_RSLT_DATA_INST_ERR_LSB 40 +#define MSG_RSLT_DATA_INST_ERR_BITS NINE_BITS +#define MSG_RSLT_DATA_INST_ERR_MASK \ + (MSG_RSLT_DATA_INST_ERR_BITS << MSG_RSLT_DATA_INST_ERR_LSB) + +/* #define MSG_RSLT_DATA_DSC_ADDR */ +#define MSG_RSLT_DATA_DSC_ADDR_LSB 0 +#define MSG_RSLT_DATA_DSC_ADDR_BITS FOURTY_BITS +#define MSG_RSLT_DATA_DSC_ADDR_MASK \ + (MSG_RSLT_DATA_DSC_ADDR_BITS << MSG_RSLT_DATA_DSC_ADDR_LSB) + +#define MSG_RSLT_DATA_MASK \ + (MSG_RSLT_DATA_CTRL_MASK | MSG_RSLT_DATA_DST_ID_MASK | \ + MSG_RSLT_DATA_DSC_CTL_MASK | MSG_RSLT_DATA_INST_ERR_MASK | \ + MSG_RSLT_DATA_DSC_ADDR_MASK) + + +/* + * Common Message Definitions + * + */ + +/* #define MSG_CTL_OP_ADDR */ +#define MSG_CTL_OP_ADDR_LSB 0 +#define MSG_CTL_OP_ADDR_BITS FOURTY_BITS +#define MSG_CTL_OP_ADDR_MASK (MSG_CTL_OP_ADDR_BITS << MSG_CTL_OP_ADDR_LSB) + +#define MSG_CTL_OP_TYPE +#define MSG_CTL_OP_TYPE_LSB 3 +#define MSG_CTL_OP_TYPE_BITS TWO_BITS +#define MSG_CTL_OP_TYPE_MASK \ + (MSG_CTL_OP_TYPE_BITS << MSG_CTL_OP_TYPE_LSB) + +#define MSG0_CTL_OP_ENGINE_SYMKEY 0x01 +#define MSG0_CTL_OP_ENGINE_PUBKEY 0x02 + +#define MSG1_CTL_OP_SYMKEY_PIPE0 0x00 +#define MSG1_CTL_OP_SYMKEY_PIPE1 0x01 +#define MSG1_CTL_OP_SYMKEY_PIPE2 0x02 +#define MSG1_CTL_OP_SYMKEY_PIPE3 0x03 + +#define MSG1_CTL_OP_PUBKEY_PIPE0 0x00 +#define MSG1_CTL_OP_PUBKEY_PIPE1 0x01 +#define MSG1_CTL_OP_PUBKEY_PIPE2 0x02 +#define MSG1_CTL_OP_PUBKEY_PIPE3 0x03 + + +/* /----------------------------------------\ + * | | + * | ControlDescriptor_s datastructure | + * | | + * \----------------------------------------/ + * + * + * ControlDescriptor_t.Instruction + * ------------------------------- + * + * 63 44 43 42 41 40 39 35 34 32 31 29 28 + * -------------------------------------------------------------------------------------------------------------------- + * || UNUSED || OverrideCipher | Arc4Wait4Save | SaveArc4State | LoadArc4State | Arc4KeyLen | Cipher | Mode | InCp_Key || ... CONT ... + * -------------------------------------------------------------------------------------------------------------------- + * 20 1 1 1 1 5 3 3 1 + * <-----------------------------------------------CIPHER---------------------------------------------------> + * + * 27 25 24 23 22 21 20 19 17 16 15 0 + * ----------------------------------------------------------------------------- + * || UNUSED | Hash_Hi | HMAC | Hash_Lo | InHs_Key || UNUSED || CkSum || UNUSED || + * ----------------------------------------------------------------------------- + * 3 1 1 2 1 3 1 16 + * <---------------------HASH---------------------><-----------CKSUM-----------> + * + * X0 CIPHER.Arc4Wait4Save = If op is Arc4 and it requires state saving, then + * setting this bit will cause the current op to + * delay subsequent op loading until saved state data + * becomes visible. + * CIPHER.OverrideCipher = Override encryption if PacketDescriptor_t.dstDataSettings.CipherPrefix + * is set; data will be copied out (and optionally auth/cksum) + * in the clear. This is used in GCM mode if auth only as we + * still need E(K, 0) calculated by cipher. Engine behavior is + * undefined if this bit is set and CipherPrefix is not. + * X0 SaveArc4State = Save Arc4 state at the end of Arc4 operation + * X0 LoadArc4State = Load Arc4 state at the beginning of an Arc4 operation + * This overriden by the InCp_Key setting for Arc4 + * Arc4KeyLen = Length in bytes of Arc4 key (0 is interpreted as 32) + * Ignored for other ciphers + * For ARC4, IFetch/IDecode will always read exactly 4 + * consecutive dwords into its CipherKey{0,3} regardless + * of this quantity; it will however only use the specified + * number of bytes. + * Cipher = 3'b000 Bypass + * 3'b001 DES + * 3'b010 3DES + * 3'b011 AES 128-bit key + * 3'b100 AES 192-bit key + * 3'b101 AES 256-bit key + * 3'b110 ARC4 + * 3'b111 Kasumi f8 + * Remainder UNDEFINED + * Mode = 3'b000 ECB + * 3'b001 CBC + * 3'b010 CFB (AES only, otherwise undefined) + * 3'b011 OFB (AES only, otherwise undefined) + * 3'b100 CTR (AES only, otherwise undefined) + * 3'b101 F8 (AES only, otherwise undefined) + * Remainder UNDEFINED + * InCp_Key = 1'b0 Preserve old Cipher Keys + * 1'b1 Load new Cipher Keys from memory to local registers + * and recalculate the Arc4 Sbox if Arc4 Cipher chosen; + * This overrides LoadArc4State setting. + * HASH.HMAC = 1'b0 Hash without HMAC + * 1'b1 Hash with HMAC + * Needs to be set to 0 for GCM and Kasumi F9 authenticators + * otherwise unpredictable results will be generated + * Hash = 2'b00 Hash NOP + * 2'b01 MD5 + * 2'b10 SHA-1 + * 2'b11 SHA-256 + * 3'b100 SHA-384 + * 3'b101 SHA-512 + * 3'b110 GCM + * 3'b111 Kasumi f9 + * InHs_Key = 1'b0 Preserve old HMAC Keys + * If GCM is selected as authenticator, leaving this bit + * at 0 will cause the engine to use the old H value. + * It will use the old SCI inside the decoder if + * CFBMask[1:0] == 2'b11. + * If Kasumi F9 authenticator, using 0 preserves + * old keys (IK) in decoder. + * 1'b1 Load new HMAC Keys from memory to local registers + * Setting this bit while Cipher=Arc4 and LoadArc4State=1 + * causes the decoder to load the Arc4 state from the + * cacheline following the HMAC keys (Whether HASH.HMAC + * is set or not). + * If GCM is selected as authenticator, setting this bit + * causes both H (16 bytes) and SCI (8 bytes) to be loaded + * from memory to the decoder. H will be loaded to the engine + * but SCI is only loaded to the engine if CFBMask[1:0] == 2'b11. + * If Kasumi F9 authenticator, using 1 loads new keys (IK) + * from memory to decoder. + * CHECKSUM.CkSum = 1'b0 CkSum NOP + * 1'b1 INTERNET_CHECKSUM + * + * + * + */ + + /* #define CTRL_DSC_OVERRIDECIPHER */ +#define CTL_DSC_OVERRIDECIPHER_OFF 0 +#define CTL_DSC_OVERRIDECIPHER_ON 1 +#define CTL_DSC_OVERRIDECIPHER_LSB 43 +#define CTL_DSC_OVERRIDECIPHER_BITS ONE_BIT +#define CTL_DSC_OVERRIDECIPHER_MASK (CTL_DSC_OVERRIDECIPHER_BITS << CTL_DSC_OVERRIDECIPHER_LSB) + +/* #define CTRL_DSC_ARC4_WAIT4SAVE */ +#define CTL_DSC_ARC4_WAIT4SAVE_OFF 0 +#define CTL_DSC_ARC4_WAIT4SAVE_ON 1 +#define CTL_DSC_ARC4_WAIT4SAVE_LSB 42 +#define CTL_DSC_ARC4_WAIT4SAVE_BITS ONE_BIT +#define CTL_DSC_ARC4_WAIT4SAVE_MASK (CTL_DSC_ARC4_WAIT4SAVE_BITS << CTL_DSC_ARC4_WAIT4SAVE_LSB) + +/* #define CTRL_DSC_ARC4_SAVESTATE */ +#define CTL_DSC_ARC4_SAVESTATE_OFF 0 +#define CTL_DSC_ARC4_SAVESTATE_ON 1 +#define CTL_DSC_ARC4_SAVESTATE_LSB 41 +#define CTL_DSC_ARC4_SAVESTATE_BITS ONE_BIT +#define CTL_DSC_ARC4_SAVESTATE_MASK (CTL_DSC_ARC4_SAVESTATE_BITS << CTL_DSC_ARC4_SAVESTATE_LSB) + +/* #define CTRL_DSC_ARC4_LOADSTATE */ +#define CTL_DSC_ARC4_LOADSTATE_OFF 0 +#define CTL_DSC_ARC4_LOADSTATE_ON 1 +#define CTL_DSC_ARC4_LOADSTATE_LSB 40 +#define CTL_DSC_ARC4_LOADSTATE_BITS ONE_BIT +#define CTL_DSC_ARC4_LOADSTATE_MASK (CTL_DSC_ARC4_LOADSTATE_BITS << CTL_DSC_ARC4_LOADSTATE_LSB) + +/* #define CTRL_DSC_ARC4_KEYLEN */ +#define CTL_DSC_ARC4_KEYLEN_LSB 35 +#define CTL_DSC_ARC4_KEYLEN_BITS FIVE_BITS +#define CTL_DSC_ARC4_KEYLEN_MASK (CTL_DSC_ARC4_KEYLEN_BITS << CTL_DSC_ARC4_KEYLEN_LSB) + +/* #define CTL_DSC_CPHR (cipher) */ +#define CTL_DSC_CPHR_BYPASS 0 /* undefined */ +#define CTL_DSC_CPHR_DES 1 +#define CTL_DSC_CPHR_3DES 2 +#define CTL_DSC_CPHR_AES128 3 +#define CTL_DSC_CPHR_AES192 4 +#define CTL_DSC_CPHR_AES256 5 +#define CTL_DSC_CPHR_ARC4 6 +#define CTL_DSC_CPHR_KASUMI_F8 7 +#define CTL_DSC_CPHR_LSB 32 +#define CTL_DSC_CPHR_BITS THREE_BITS +#define CTL_DSC_CPHR_MASK (CTL_DSC_CPHR_BITS << CTL_DSC_CPHR_LSB) + +/* #define CTL_DSC_MODE */ +#define CTL_DSC_MODE_ECB 0 +#define CTL_DSC_MODE_CBC 1 +#define CTL_DSC_MODE_CFB 2 +#define CTL_DSC_MODE_OFB 3 +#define CTL_DSC_MODE_CTR 4 +#define CTL_DSC_MODE_F8 5 +#define CTL_DSC_MODE_LSB 29 +#define CTL_DSC_MODE_BITS THREE_BITS +#define CTL_DSC_MODE_MASK (CTL_DSC_MODE_BITS << CTL_DSC_MODE_LSB) + +/* #define CTL_DSC_ICPHR */ +#define CTL_DSC_ICPHR_OKY 0 /* Old Keys */ +#define CTL_DSC_ICPHR_NKY 1 /* New Keys */ +#define CTL_DSC_ICPHR_LSB 28 +#define CTL_DSC_ICPHR_BITS ONE_BIT +#define CTL_DSC_ICPHR_MASK (CTL_DSC_ICPHR_BITS << CTL_DSC_ICPHR_LSB) + +/* #define CTL_DSC_HASHHI */ +#define CTL_DSC_HASHHI_LSB 24 +#define CTL_DSC_HASHHI_BITS ONE_BIT +#define CTL_DSC_HASHHI_MASK (CTL_DSC_HASHHI_BITS << CTL_DSC_HASHHI_LSB) + +/* #define CTL_DSC_HMAC */ +#define CTL_DSC_HMAC_OFF 0 +#define CTL_DSC_HMAC_ON 1 +#define CTL_DSC_HMAC_LSB 23 +#define CTL_DSC_HMAC_BITS ONE_BIT +#define CTL_DSC_HMAC_MASK (CTL_DSC_HMAC_BITS << CTL_DSC_HMAC_LSB) + +/* #define CTL_DSC_HASH */ +#define CTL_DSC_HASH_NOP 0 +#define CTL_DSC_HASH_MD5 1 +#define CTL_DSC_HASH_SHA1 2 +#define CTL_DSC_HASH_SHA256 3 +#define CTL_DSC_HASH_SHA384 4 +#define CTL_DSC_HASH_SHA512 5 +#define CTL_DSC_HASH_GCM 6 +#define CTL_DSC_HASH_KASUMI_F9 7 +#define CTL_DSC_HASH_LSB 21 +#define CTL_DSC_HASH_BITS TWO_BITS +#define CTL_DSC_HASH_MASK (CTL_DSC_HASH_BITS << CTL_DSC_HASH_LSB) + +/* #define CTL_DSC_IHASH */ +#define CTL_DSC_IHASH_OLD 0 +#define CTL_DSC_IHASH_NEW 1 +#define CTL_DSC_IHASH_LSB 20 +#define CTL_DSC_IHASH_BITS ONE_BIT +#define CTL_DSC_IHASH_MASK (CTL_DSC_IHASH_BITS << CTL_DSC_IHASH_LSB) + +/* #define CTL_DSC_CKSUM */ +#define CTL_DSC_CKSUM_NOP 0 +#define CTL_DSC_CKSUM_IP 1 +#define CTL_DSC_CKSUM_LSB 16 +#define CTL_DSC_CKSUM_BITS ONE_BIT +#define CTL_DSC_CKSUM_MASK (CTL_DSC_CKSUM_BITS << CTL_DSC_CKSUM_LSB) + + +/* + * Component strcts and unions defining CipherHashInfo_u + */ + +/* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ +typedef struct AES256HMAC_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t cipherKey3; + uint64_t hmacKey0; + uint64_t hmacKey1; + uint64_t hmacKey2; + uint64_t hmacKey3; + uint64_t hmacKey4; + uint64_t hmacKey5; + uint64_t hmacKey6; + uint64_t hmacKey7; +} AES256HMAC_t, *AES256HMAC_pt; + +/* AES256, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 160 bytes */ +typedef struct AES256HMAC2_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t cipherKey3; + uint64_t hmacKey0; + uint64_t hmacKey1; + uint64_t hmacKey2; + uint64_t hmacKey3; + uint64_t hmacKey4; + uint64_t hmacKey5; + uint64_t hmacKey6; + uint64_t hmacKey7; + uint64_t hmacKey8; + uint64_t hmacKey9; + uint64_t hmacKey10; + uint64_t hmacKey11; + uint64_t hmacKey12; + uint64_t hmacKey13; + uint64_t hmacKey14; + uint64_t hmacKey15; +} AES256HMAC2_t, *AES256HMAC2_pt; + +/* AES256, (ECB, CBC, OFB, CTR, CFB), GCM - 56 bytes */ +typedef struct AES256GCM_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t cipherKey3; + uint64_t GCMH0; + uint64_t GCMH1; + uint64_t GCMSCI; +} AES256GCM_t, *AES256GCM_pt; + +/* AES256, (ECB, CBC, OFB, CTR, CFB), F9 - 56 bytes */ +typedef struct AES256F9_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t cipherKey3; + uint64_t authKey0; + uint64_t authKey1; +} AES256F9_t, *AES256F9_pt; + +/* AES256, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ +typedef struct AES256_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t cipherKey3; +} AES256_t, *AES256_pt; + + +/* All AES192 possibilities */ + +/* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-192) - 88 bytes */ +typedef struct AES192HMAC_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t hmacKey0; + uint64_t hmacKey1; + uint64_t hmacKey2; + uint64_t hmacKey3; + uint64_t hmacKey4; + uint64_t hmacKey5; + uint64_t hmacKey6; + uint64_t hmacKey7; +} AES192HMAC_t, *AES192HMAC_pt; + +/* AES192, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-512) - 152 bytes */ +typedef struct AES192HMAC2_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t hmacKey0; + uint64_t hmacKey1; + uint64_t hmacKey2; + uint64_t hmacKey3; + uint64_t hmacKey4; + uint64_t hmacKey5; + uint64_t hmacKey6; + uint64_t hmacKey7; + uint64_t hmacKey8; + uint64_t hmacKey9; + uint64_t hmacKey10; + uint64_t hmacKey11; + uint64_t hmacKey12; + uint64_t hmacKey13; + uint64_t hmacKey14; + uint64_t hmacKey15; +} AES192HMAC2_t, *AES192HMAC2_pt; + +/* AES192, (ECB, CBC, OFB, CTR, CFB), GCM - 48 bytes */ +typedef struct AES192GCM_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t GCMH0; + uint64_t GCMH1; + uint64_t GCMSCI; +} AES192GCM_t, *AES192GCM_pt; + +/* AES192, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */ +typedef struct AES192F9_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; + uint64_t authKey0; + uint64_t authKey1; +} AES192F9_t, *AES192F9_pt; + +/* AES192, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-192) - 24 bytes */ +typedef struct AES192_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKey2; +} AES192_t, *AES192_pt; + + +/* All AES128 possibilities */ + +/* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (MD5, SHA-1, SHA-128) - 80 bytes */ +typedef struct AES128HMAC_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t hmacKey0; + uint64_t hmacKey1; + uint64_t hmacKey2; + uint64_t hmacKey3; + uint64_t hmacKey4; + uint64_t hmacKey5; + uint64_t hmacKey6; + uint64_t hmacKey7; +} AES128HMAC_t, *AES128HMAC_pt; + +/* AES128, (ECB, CBC, OFB, CTR, CFB), HMAC (SHA-384, SHA-612) - 144 bytes */ +typedef struct AES128HMAC2_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t hmacKey0; + uint64_t hmacKey1; + uint64_t hmacKey2; + uint64_t hmacKey3; + uint64_t hmacKey4; + uint64_t hmacKey5; + uint64_t hmacKey6; + uint64_t hmacKey7; + uint64_t hmacKey8; + uint64_t hmacKey9; + uint64_t hmacKey10; + uint64_t hmacKey11; + uint64_t hmacKey12; + uint64_t hmacKey13; + uint64_t hmacKey14; + uint64_t hmacKey15; +} AES128HMAC2_t, *AES128HMAC2_pt; + +/* AES128, (ECB, CBC, OFB, CTR, CFB), GCM - 40 bytes */ +typedef struct AES128GCM_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t GCMH0; + uint64_t GCMH1; + uint64_t GCMSCI; +} AES128GCM_t, *AES128GCM_pt; + +/* AES128, (ECB, CBC, OFB, CTR, CFB), F9 - 48 bytes */ +typedef struct AES128F9_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t authKey0; + uint64_t authKey1; +} AES128F9_t, *AES128F9_pt; + +/* AES128, (ECB, CBC, OFB, CTR, CFB), Non-HMAC (MD5, SHA-1, SHA-128) - 16 bytes */ +typedef struct AES128_s { + uint64_t cipherKey0; + uint64_t cipherKey1; +} AES128_t, *AES128_pt; + +/* AES128, (OFB F8), Non-HMAC (MD5, SHA-1, SHA-256) - 32 bytes */ +typedef struct AES128F8_s { + uint64_t cipherKey0; + uint64_t cipherKey1; + uint64_t cipherKeyMask0; + uint64_t cipherKeyMask1; +} AES128F8_t, *AES128F8_pt; + +/* AES128, (OFB F8), HMAC (MD5, SHA-1, SHA-256) - 96 bytes */ +typedef struct AES128F8HMAC_s { + uint64_t cipherKey0; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910152108.n9FL86Zx084803>