package/ubsec_ssb/src/ubsecreg.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233


/*
 * Copyright (c) 2008 Daniel Mueller (daniel@danm.de)
 * Copyright (c) 2000 Theo de Raadt
 * Copyright (c) 2001 Patrik Lindergren (patrik@ipunplugged.com)
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Effort sponsored in part by the Defense Advanced Research Projects
 * Agency (DARPA) and Air Force Research Laboratory, Air Force
 * Materiel Command, USAF, under agreement number F30602-01-2-0537.
 *
 */

/*
 * Register definitions for 5601 BlueSteel Networks Ubiquitous Broadband
 * Security "uBSec" chip.  Definitions from revision 2.8 of the product
 * datasheet.
 */

#define BS_BAR          0x10    /* DMA base address register */
#define BS_TRDY_TIMEOUT     0x40    /* TRDY timeout */
#define BS_RETRY_TIMEOUT    0x41    /* DMA retry timeout */

#define UBS_PCI_RTY_SHIFT           8
#define UBS_PCI_RTY_MASK            0xff
#define UBS_PCI_RTY(misc) \
    (((misc) >> UBS_PCI_RTY_SHIFT) & UBS_PCI_RTY_MASK)

#define UBS_PCI_TOUT_SHIFT          0
#define UBS_PCI_TOUT_MASK           0xff
#define UBS_PCI_TOUT(misc) \
    (((misc) >> PCI_TOUT_SHIFT) & PCI_TOUT_MASK)

/*
 * DMA Control & Status Registers (offset from BS_BAR)
 */
#define BS_MCR1     0x20    /* DMA Master Command Record 1 */
#define BS_CTRL     0x24    /* DMA Control */
#define BS_STAT     0x28    /* DMA Status */
#define BS_ERR      0x2c    /* DMA Error Address */
#define BS_DEV_ID   0x34    /* IPSec Device ID */

/* BS_CTRL - DMA Control */
#define BS_CTRL_RESET       0x80000000  /* hardware reset, 5805/5820 */
#define BS_CTRL_MCR2INT     0x40000000  /* enable intr MCR for MCR2 */
#define BS_CTRL_MCR1INT     0x20000000  /* enable intr MCR for MCR1 */
#define BS_CTRL_OFM     0x10000000  /* Output fragment mode */
#define BS_CTRL_BE32        0x08000000  /* big-endian, 32bit bytes */
#define BS_CTRL_BE64        0x04000000  /* big-endian, 64bit bytes */
#define BS_CTRL_DMAERR      0x02000000  /* enable intr DMA error */
#define BS_CTRL_RNG_M       0x01800000  /* RNG mode */
#define BS_CTRL_RNG_1       0x00000000  /* 1bit rn/one slow clock */
#define BS_CTRL_RNG_4       0x00800000  /* 1bit rn/four slow clocks */
#define BS_CTRL_RNG_8       0x01000000  /* 1bit rn/eight slow clocks */
#define BS_CTRL_RNG_16      0x01800000  /* 1bit rn/16 slow clocks */
#define BS_CTRL_SWNORM      0x00400000  /* 582[01], sw normalization */
#define BS_CTRL_FRAG_M      0x0000ffff  /* output fragment size mask */
#define BS_CTRL_LITTLE_ENDIAN   (BS_CTRL_BE32 | BS_CTRL_BE64)

/* BS_STAT - DMA Status */
#define BS_STAT_MCR1_BUSY   0x80000000  /* MCR1 is busy */
#define BS_STAT_MCR1_FULL   0x40000000  /* MCR1 is full */
#define BS_STAT_MCR1_DONE   0x20000000  /* MCR1 is done */
#define BS_STAT_DMAERR      0x10000000  /* DMA error */
#define BS_STAT_MCR2_FULL   0x08000000  /* MCR2 is full */
#define BS_STAT_MCR2_DONE   0x04000000  /* MCR2 is done */
#define BS_STAT_MCR1_ALLEMPTY   0x02000000  /* 5821, MCR1 is empty */
#define BS_STAT_MCR2_ALLEMPTY   0x01000000  /* 5821, MCR2 is empty */

/* BS_ERR - DMA Error Address */
#define BS_ERR_ADDR     0xfffffffc  /* error address mask */
#define BS_ERR_READ     0x00000002  /* fault was on read */

struct ubsec_pktctx {
    u_int32_t   pc_deskey[6];       /* 3DES key */
    u_int32_t   pc_hminner[5];      /* hmac inner state */
    u_int32_t   pc_hmouter[5];      /* hmac outer state */
    u_int32_t   pc_iv[2];       /* [3]DES iv */
    u_int16_t   pc_flags;       /* flags, below */
    u_int16_t   pc_offset;      /* crypto offset */
} __attribute__ ((packed));

#define UBS_PKTCTX_ENC_3DES 0x8000      /* use 3des */
#define UBS_PKTCTX_ENC_AES  0x8000      /* use aes */
#define UBS_PKTCTX_ENC_NONE 0x0000      /* no encryption */
#define UBS_PKTCTX_INBOUND  0x4000      /* inbound packet */
#define UBS_PKTCTX_AUTH     0x3000      /* authentication mask */
#define UBS_PKTCTX_AUTH_NONE    0x0000      /* no authentication */
#define UBS_PKTCTX_AUTH_MD5 0x1000      /* use hmac-md5 */
#define UBS_PKTCTX_AUTH_SHA1    0x2000      /* use hmac-sha1 */
#define UBS_PKTCTX_AES128   0x0         /* AES 128bit keys */
#define UBS_PKTCTX_AES192   0x100       /* AES 192bit keys */
#define UBS_PKTCTX_AES256   0x200       /* AES 256bit keys */

struct ubsec_pktctx_des {
    volatile u_int16_t  pc_len;     /* length of ctx struct */
    volatile u_int16_t  pc_type;    /* context type */
    volatile u_int16_t  pc_flags;   /* flags, same as above */
    volatile u_int16_t  pc_offset;  /* crypto/auth offset */
    volatile u_int32_t  pc_deskey[6];   /* 3DES key */
    volatile u_int32_t  pc_iv[2];   /* [3]DES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

struct ubsec_pktctx_aes128 {
    volatile u_int16_t  pc_len;         /* length of ctx struct */
    volatile u_int16_t  pc_type;        /* context type */
    volatile u_int16_t  pc_flags;       /* flags, same as above */
    volatile u_int16_t  pc_offset;      /* crypto/auth offset */
    volatile u_int32_t  pc_aeskey[4];   /* AES 128bit key */
    volatile u_int32_t  pc_iv[4];       /* AES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

struct ubsec_pktctx_aes192 {
    volatile u_int16_t  pc_len;         /* length of ctx struct */
    volatile u_int16_t  pc_type;        /* context type */
    volatile u_int16_t  pc_flags;       /* flags, same as above */
    volatile u_int16_t  pc_offset;      /* crypto/auth offset */
    volatile u_int32_t  pc_aeskey[6];   /* AES 192bit key */
    volatile u_int32_t  pc_iv[4];       /* AES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

struct ubsec_pktctx_aes256 {
    volatile u_int16_t  pc_len;         /* length of ctx struct */
    volatile u_int16_t  pc_type;        /* context type */
    volatile u_int16_t  pc_flags;       /* flags, same as above */
    volatile u_int16_t  pc_offset;      /* crypto/auth offset */
    volatile u_int32_t  pc_aeskey[8];   /* AES 256bit key */
    volatile u_int32_t  pc_iv[4];       /* AES iv */
    volatile u_int32_t  pc_hminner[5];  /* hmac inner state */
    volatile u_int32_t  pc_hmouter[5];  /* hmac outer state */
} __attribute__ ((packed));

#define UBS_PKTCTX_TYPE_IPSEC_DES   0x0000
#define UBS_PKTCTX_TYPE_IPSEC_AES   0x0040

struct ubsec_pktbuf {
    volatile u_int32_t  pb_addr;    /* address of buffer start */
    volatile u_int32_t  pb_next;    /* pointer to next pktbuf */
    volatile u_int32_t  pb_len;     /* packet length */
} __attribute__ ((packed));
#define UBS_PKTBUF_LEN      0x0000ffff  /* length mask */

struct ubsec_mcr {
    volatile u_int16_t  mcr_pkts;   /* #pkts in this mcr */
    volatile u_int16_t  mcr_flags;  /* mcr flags (below) */
    volatile u_int32_t  mcr_cmdctxp;    /* command ctx pointer */
    struct ubsec_pktbuf mcr_ipktbuf;    /* input chain header */
    volatile u_int16_t  mcr_reserved;
    volatile u_int16_t  mcr_pktlen;
    struct ubsec_pktbuf mcr_opktbuf;    /* output chain header */
} __attribute__ ((packed));

struct ubsec_mcr_add {
    volatile u_int32_t  mcr_cmdctxp;    /* command ctx pointer */
    struct ubsec_pktbuf mcr_ipktbuf;    /* input chain header */
    volatile u_int16_t  mcr_reserved;
    volatile u_int16_t  mcr_pktlen;
    struct ubsec_pktbuf mcr_opktbuf;    /* output chain header */
} __attribute__ ((packed));

#define UBS_MCR_DONE        0x0001      /* mcr has been processed */
#define UBS_MCR_ERROR       0x0002      /* error in processing */
#define UBS_MCR_ERRORCODE   0xff00      /* error type */

struct ubsec_ctx_keyop {
    volatile u_int16_t  ctx_len;    /* command length */
    volatile u_int16_t  ctx_op;     /* operation code */
    volatile u_int8_t   ctx_pad[60];    /* padding */
} __attribute__ ((packed));
#define UBS_CTXOP_DHPKGEN   0x01        /* dh public key generation */
#define UBS_CTXOP_DHSSGEN   0x02        /* dh shared secret gen. */
#define UBS_CTXOP_RSAPUB    0x03        /* rsa public key op */
#define UBS_CTXOP_RSAPRIV   0x04        /* rsa private key op */
#define UBS_CTXOP_DSASIGN   0x05        /* dsa signing op */
#define UBS_CTXOP_DSAVRFY   0x06        /* dsa verification */
#define UBS_CTXOP_RNGBYPASS 0x41        /* rng direct test mode */
#define UBS_CTXOP_RNGSHA1   0x42        /* rng sha1 test mode */
#define UBS_CTXOP_MODADD    0x43        /* modular addition */
#define UBS_CTXOP_MODSUB    0x44        /* modular subtraction */
#define UBS_CTXOP_MODMUL    0x45        /* modular multiplication */
#define UBS_CTXOP_MODRED    0x46        /* modular reduction */
#define UBS_CTXOP_MODEXP    0x47        /* modular exponentiation */
#define UBS_CTXOP_MODINV    0x48        /* modular inverse */

struct ubsec_ctx_rngbypass {
    volatile u_int16_t  rbp_len;    /* command length, 64 */
    volatile u_int16_t  rbp_op;     /* rng bypass, 0x41 */
    volatile u_int8_t   rbp_pad[60];    /* padding */
} __attribute__ ((packed));

/* modexp: C = (M ^ E) mod N */
struct ubsec_ctx_modexp {
    volatile u_int16_t  me_len;     /* command length */
    volatile u_int16_t  me_op;      /* modexp, 0x47 */
    volatile u_int16_t  me_E_len;   /* E (bits) */
    volatile u_int16_t  me_N_len;   /* N (bits) */
    u_int8_t        me_N[2048/8];   /* N */
} __attribute__ ((packed));

struct ubsec_ctx_rsapriv {
    volatile u_int16_t  rpr_len;    /* command length */
    volatile u_int16_t  rpr_op;     /* rsaprivate, 0x04 */
    volatile u_int16_t  rpr_q_len;  /* q (bits) */
    volatile u_int16_t  rpr_p_len;  /* p (bits) */
    u_int8_t        rpr_buf[5 * 1024 / 8];  /* parameters: */
                        /* p, q, dp, dq, pinv */
} __attribute__ ((packed));