/* $Id: $ */

/*
 * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
 * Copyright (c) 2000 Theo de Raadt
 * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Effort sponsored in part by the Defense Advanced Research Projects
 * Agency (DARPA) and Air Force Research Laboratory, Air Force
 * Materiel Command, USAF, under agreement number F30602-01-2-0537.
 *
 */

/*
 * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband
 * Security "uBSec" chip.  Definitions from revision 2.8 of the product
 * datasheet.
 */

#define BS_BAR          0x10    /* DMA base address register */
#define BS_TRDY_TIMEOUT     0x40    /* TRDY timeout */
#define BS_RETRY_TIMEOUT    0x41    /* DMA retry timeout */

#define UBS_PCI_RTY_SHIFT           8
#define UBS_PCI_RTY_MASK            0xff
#define UBS_PCI_RTY(misc) \
    (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK)

#define UBS_PCI_TOUT_SHIFT          0
#define UBS_PCI_TOUT_MASK           0xff
#define UBS_PCI_TOUT(misc) \
    (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK)

/*
 * DMA Control & Status Registers (offset from BS_BAR)
 */
#define BS_MCR1     0x20    /* DMA Master Command Record 1 */
#define BS_CTRL     0x24    /* DMA Control */
#define BS_STAT     0x28    /* DMA Status */
#define BS_ERR      0x2c    /* DMA Error Address */
#define BS_DEV_ID   0x34    /* IPSec Device ID */

/* BS_CTRL - DMA Control */
#define BS_CTRL_RESET       0x80000000  /* hardware reset, 5805/5820 */
#define BS_CTRL_MCR2INT     0x40000000  /* enable intr MCR for MCR2 */
#define BS_CTRL_MCR1INT     0x20000000  /* enable intr MCR for MCR1 */
#define BS_CTRL_OFM     0x10000000  /* Output fragment mode */
#define BS_CTRL_BE32        0x08000000  /* big-endian, 32bit bytes */
#define BS_CTRL_BE64        0x04000000  /* big-endian, 64bit bytes */
#define BS_CTRL_DMAERR      0x02000000  /* enable intr DMA error */
#define BS_CTRL_RNG_M       0x01800000  /* RNG mode */
#define BS_CTRL_RNG_1       0x00000000  /* 1bit rn/one slow clock */
#define BS_CTRL_RNG_4       0x00800000  /* 1bit rn/four slow clocks */
#define BS_CTRL_RNG_8       0x01000000  /* 1bit rn/eight slow clocks */
#define BS_CTRL_RNG_16      0x01800000  /* 1bit rn/16 slow clocks */
#define BS_CTRL_SWNORM      0x00400000  /* 582[01], sw normalization */
#define BS_CTRL_FRAG_M      0x0000ffff  /* output fragment size mask */
#define BS_CTRL_LITTLE_ENDIAN   (BS_CTRL_BE32 | BS_CTRL_BE64)

/* BS_STAT - DMA Status */
#define BS_STAT_MCR1_BUSY   0x80000000  /* MCR1 is busy */
#define BS_STAT_MCR1_FULL   0x40000000  /* MCR1 is full */
#define BS_STAT_MCR1_DONE   0x20000000  /* MCR1 is done */
#define BS_STAT_DMAERR      0x10000000  /* DMA error */
#define BS_STAT_MCR2_FULL   0x08000000  /* MCR2 is full */
#define BS_STAT_MCR2_DONE   0x04000000  /* MCR2 is done */
#define BS_STAT_MCR1_ALLEMPTY   0x02000000  /* 5821, MCR1 is empty */
#define BS_STAT_MCR2_ALLEMPTY   0x01000000  /* 5821, MCR2 is empty */

/* BS_ERR - DMA Error Address */
#define BS_ERR_ADDR     0xfffffffc  /* error address mask */
#define BS_ERR_READ     0x00000002  /* fault was on read */

struct ubsec_pktctx {
    u_int32_t   pc_deskey[6];       /* 3DES key */
    u_int32_t   pc_hminner[5];      /* hmac inner state */
    u_int32_t   pc_hmouter[5];      /* hmac outer state */
    u_int32_t   pc_iv[2];       /* [3]DES iv */
    u_int16_t   pc_flags;       /* flags, below */
    u_int16_t   pc_offset;      /* crypto offset */
} __attribute__ ((packed));

#define UBS_PKTCTX_ENC_3DES 0x8000      /* use 3des */
#define UBS_PKTCTX_ENC_AES  0x8000      /* use aes */
#define UBS_PKTCTX_ENC_NONE 0x0000      /* no encryption */
#define UBS_PKTCTX_INBOUND  0x4000      /* inbound packet */
#define UBS_PKTCTX_AUTH     0x3000      /* authentication mask */
#define UBS_PKTCTX_AUTH_NONE    0x0000      /* no authentication */
#define UBS_PKTCTX_AUTH_MD5 0x1000      /* use hmac-md5 */
#define UBS_PKTCTX_AUTH_SHA1    0x2000      /* use hmac-sha1 */
#define UBS_PKTCTX_AES128   0x0         /* AES 128bit keys */
#define UBS_PKTCTX_AES192   0x100       /* AES 192bit keys */
#define UBS_PKTCTX_AES256   0x200       /* AES 256bit keys */

struct ubsec_pktctx_des {
    volatile u_int16_t  pc_len;     /* length of ctx struct */
    volatile u_int16_t  pc_type;    /* context type */
    volatile u_int16_t  pc_flags;   /* flags, same as above */
    volatile u_int16_t  pc_offset;  /* crypto/auth offset */
    volatile u_int32_t  pc_deskey[6];   /* 3DES key */
    volatile u_int32_t  pc_iv[2];   /* [3]DES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

struct ubsec_pktctx_aes128 {
    volatile u_int16_t  pc_len;         /* length of ctx struct */
    volatile u_int16_t  pc_type;        /* context type */
    volatile u_int16_t  pc_flags;       /* flags, same as above */
    volatile u_int16_t  pc_offset;      /* crypto/auth offset */
    volatile u_int32_t  pc_aeskey[4];   /* AES 128bit key */
    volatile u_int32_t  pc_iv[4];       /* AES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

struct ubsec_pktctx_aes192 {
    volatile u_int16_t  pc_len;         /* length of ctx struct */
    volatile u_int16_t  pc_type;        /* context type */
    volatile u_int16_t  pc_flags;       /* flags, same as above */
    volatile u_int16_t  pc_offset;      /* crypto/auth offset */
    volatile u_int32_t  pc_aeskey[6];   /* AES 192bit key */
    volatile u_int32_t  pc_iv[4];       /* AES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

struct ubsec_pktctx_aes256 {
    volatile u_int16_t  pc_len;         /* length of ctx struct */
    volatile u_int16_t  pc_type;        /* context type */
    volatile u_int16_t  pc_flags;       /* flags, same as above */
    volatile u_int16_t  pc_offset;      /* crypto/auth offset */
    volatile u_int32_t  pc_aeskey[8];   /* AES 256bit key */
    volatile u_int32_t  pc_iv[4];       /* AES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

#define UBS_PKTCTX_TYPE_IPSEC_DES   0x0000
#define UBS_PKTCTX_TYPE_IPSEC_AES   0x0040

struct ubsec_pktbuf {
    volatile u_int32_t  pb_addr;    /* address of buffer start */
    volatile u_int32_t  pb_next;    /* pointer to next pktbuf */
    volatile u_int32_t  pb_len;     /* packet length */
} __attribute__ ((packed));
#define UBS_PKTBUF_LEN      0x0000ffff  /* length mask */

struct ubsec_mcr {
    volatile u_int16_t  mcr_pkts;   /* #pkts in this mcr */
    volatile u_int16_t  mcr_flags;  /* mcr flags (below) */
    volatile u_int32_t  mcr_cmdctxp;    /* command ctx pointer */
    struct ubsec_pktbuf mcr_ipktbuf;    /* input chain header */
    volatile u_int16_t  mcr_reserved;
    volatile u_int16_t  mcr_pktlen;
    struct ubsec_pktbuf mcr_opktbuf;    /* output chain header */
} __attribute__ ((packed));

struct ubsec_mcr_add {
    volatile u_int32_t  mcr_cmdctxp;    /* command ctx pointer */
    struct ubsec_pktbuf mcr_ipktbuf;    /* input chain header */
    volatile u_int16_t  mcr_reserved;
    volatile u_int16_t  mcr_pktlen;
    struct ubsec_pktbuf mcr_opktbuf;    /* output chain header */
} __attribute__ ((packed));

#define UBS_MCR_DONE        0x0001      /* mcr has been processed */
#define UBS_MCR_ERROR       0x0002      /* error in processing */
#define UBS_MCR_ERRORCODE   0xff00      /* error type */

struct ubsec_ctx_keyop {
    volatile u_int16_t  ctx_len;    /* command length */
    volatile u_int16_t  ctx_op;     /* operation code */
    volatile u_int8_t   ctx_pad[60];    /* padding */
} __attribute__ ((packed));
#define UBS_CTXOP_DHPKGEN   0x01        /* dh public key generation */
#define UBS_CTXOP_DHSSGEN   0x02        /* dh shared secret gen. */
#define UBS_CTXOP_RSAPUB    0x03        /* rsa public key op */
#define UBS_CTXOP_RSAPRIV   0x04        /* rsa private key op */
#define UBS_CTXOP_DSASIGN   0x05        /* dsa signing op */
#define UBS_CTXOP_DSAVRFY   0x06        /* dsa verification */
#define UBS_CTXOP_RNGBYPASS 0x41        /* rng direct test mode */
#define UBS_CTXOP_RNGSHA1   0x42        /* rng sha1 test mode */
#define UBS_CTXOP_MODADD    0x43        /* modular addition */
#define UBS_CTXOP_MODSUB    0x44        /* modular subtraction */
#define UBS_CTXOP_MODMUL    0x45        /* modular multiplication */
#define UBS_CTXOP_MODRED    0x46        /* modular reduction */
#define UBS_CTXOP_MODEXP    0x47        /* modular exponentiation */
#define UBS_CTXOP_MODINV    0x48        /* modular inverse */

struct ubsec_ctx_rngbypass {
    volatile u_int16_t  rbp_len;    /* command length, 64 */
    volatile u_int16_t  rbp_op;     /* rng bypass, 0x41 */
    volatile u_int8_t   rbp_pad[60];    /* padding */
} __attribute__ ((packed));

/* modexp: C = (M ^ E) mod N */
struct ubsec_ctx_modexp {
    volatile u_int16_t  me_len;     /* command length */
    volatile u_int16_t  me_op;      /* modexp, 0x47 */
    volatile u_int16_t  me_E_len;   /* E (bits) */
    volatile u_int16_t  me_N_len;   /* N (bits) */
    u_int8_t        me_N[2048/8];   /* N */
} __attribute__ ((packed));

struct ubsec_ctx_rsapriv {
    volatile u_int16_t  rpr_len;    /* command length */
    volatile u_int16_t  rpr_op;     /* rsaprivate, 0x04 */
    volatile u_int16_t  rpr_q_len;  /* q (bits) */
    volatile u_int16_t  rpr_p_len;  /* p (bits) */
    u_int8_t        rpr_buf[5 * 1024 / 8];  /* parameters: */
                        /* p, q, dp, dq, pinv */
} __attribute__ ((packed));