1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
|
/*-
* Copyright (c) 2003 Sam Leffler, Errno Consulting
* Copyright (c) 2003 Global Technology Associates, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD: src/sys/dev/safe/safereg.h,v 1.1 2003/07/21 21:46:07 sam Exp $
*/
#ifndef _SAFE_SAFEREG_H_
#define _SAFE_SAFEREG_H_
/*
* Register definitions for SafeNet SafeXcel-1141 crypto device.
* Definitions from revision 1.3 (Nov 6 2002) of the User's Manual.
*/
#define BS_BAR 0x10 /* DMA base address register */
#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */
#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */
#define PCI_VENDOR_SAFENET 0x16ae /* SafeNet, Inc. */
/* SafeNet */
#define PCI_PRODUCT_SAFEXCEL 0x1141 /* 1141 */
#define SAFE_PE_CSR 0x0000 /* Packet Enginge Ctrl/Status */
#define SAFE_PE_SRC 0x0004 /* Packet Engine Source */
#define SAFE_PE_DST 0x0008 /* Packet Engine Destination */
#define SAFE_PE_SA 0x000c /* Packet Engine SA */
#define SAFE_PE_LEN 0x0010 /* Packet Engine Length */
#define SAFE_PE_DMACFG 0x0040 /* Packet Engine DMA Configuration */
#define SAFE_PE_DMASTAT 0x0044 /* Packet Engine DMA Status */
#define SAFE_PE_PDRBASE 0x0048 /* Packet Engine Descriptor Ring Base */
#define SAFE_PE_RDRBASE 0x004c /* Packet Engine Result Ring Base */
#define SAFE_PE_RINGCFG 0x0050 /* Packet Engine Ring Configuration */
#define SAFE_PE_RINGPOLL 0x0054 /* Packet Engine Ring Poll */
#define SAFE_PE_IRNGSTAT 0x0058 /* Packet Engine Internal Ring Status */
#define SAFE_PE_ERNGSTAT 0x005c /* Packet Engine External Ring Status */
#define SAFE_PE_IOTHRESH 0x0060 /* Packet Engine I/O Threshold */
#define SAFE_PE_GRNGBASE 0x0064 /* Packet Engine Gather Ring Base */
#define SAFE_PE_SRNGBASE 0x0068 /* Packet Engine Scatter Ring Base */
#define SAFE_PE_PARTSIZE 0x006c /* Packet Engine Particlar Ring Size */
#define SAFE_PE_PARTCFG 0x0070 /* Packet Engine Particle Ring Config */
#define SAFE_CRYPTO_CTRL 0x0080 /* Crypto Control */
#define SAFE_DEVID 0x0084 /* Device ID */
#define SAFE_DEVINFO 0x0088 /* Device Info */
#define SAFE_HU_STAT 0x00a0 /* Host Unmasked Status */
#define SAFE_HM_STAT 0x00a4 /* Host Masked Status (read-only) */
#define SAFE_HI_CLR 0x00a4 /* Host Clear Interrupt (write-only) */
#define SAFE_HI_MASK 0x00a8 /* Host Mask Control */
#define SAFE_HI_CFG 0x00ac /* Interrupt Configuration */
#define SAFE_HI_RD_DESCR 0x00b4 /* Force Descriptor Read */
#define SAFE_HI_DESC_CNT 0x00b8 /* Host Descriptor Done Count */
#define SAFE_DMA_ENDIAN 0x00c0 /* Master Endian Status */
#define SAFE_DMA_SRCADDR 0x00c4 /* DMA Source Address Status */
#define SAFE_DMA_DSTADDR 0x00c8 /* DMA Destination Address Status */
#define SAFE_DMA_STAT 0x00cc /* DMA Current Status */
#define SAFE_DMA_CFG 0x00d4 /* DMA Configuration/Status */
#define SAFE_ENDIAN 0x00e0 /* Endian Configuration */
#define SAFE_PK_A_ADDR 0x0800 /* Public Key A Address */
#define SAFE_PK_B_ADDR 0x0804 /* Public Key B Address */
#define SAFE_PK_C_ADDR 0x0808 /* Public Key C Address */
#define SAFE_PK_D_ADDR 0x080c /* Public Key D Address */
#define SAFE_PK_A_LEN 0x0810 /* Public Key A Length */
#define SAFE_PK_B_LEN 0x0814 /* Public Key B Length */
#define SAFE_PK_SHIFT 0x0818 /* Public Key Shift */
#define SAFE_PK_FUNC 0x081c /* Public Key Function */
#define SAFE_PK_RAM_START 0x1000 /* Public Key RAM start address */
#define SAFE_PK_RAM_END 0x1fff /* Public Key RAM end address */
#define SAFE_RNG_OUT 0x0100 /* RNG Output */
#define SAFE_RNG_STAT 0x0104 /* RNG Status */
#define SAFE_RNG_CTRL 0x0108 /* RNG Control */
#define SAFE_RNG_A 0x010c /* RNG A */
#define SAFE_RNG_B 0x0110 /* RNG B */
#define SAFE_RNG_X_LO 0x0114 /* RNG X [31:0] */
#define SAFE_RNG_X_MID 0x0118 /* RNG X [63:32] */
#define SAFE_RNG_X_HI 0x011c /* RNG X [80:64] */
#define SAFE_RNG_X_CNTR 0x0120 /* RNG Counter */
#define SAFE_RNG_ALM_CNT 0x0124 /* RNG Alarm Count */
#define SAFE_RNG_CNFG 0x0128 /* RNG Configuration */
#define SAFE_RNG_LFSR1_LO 0x012c /* RNG LFSR1 [31:0] */
#define SAFE_RNG_LFSR1_HI 0x0130 /* RNG LFSR1 [47:32] */
#define SAFE_RNG_LFSR2_LO 0x0134 /* RNG LFSR1 [31:0] */
#define SAFE_RNG_LFSR2_HI 0x0138 /* RNG LFSR1 [47:32] */
#define SAFE_PE_CSR_READY 0x00000001 /* ready for processing */
#define SAFE_PE_CSR_DONE 0x00000002 /* h/w completed processing */
#define SAFE_PE_CSR_LOADSA 0x00000004 /* load SA digests */
#define SAFE_PE_CSR_HASHFINAL 0x00000010 /* do hash pad & write result */
#define SAFE_PE_CSR_SABUSID 0x000000c0 /* bus id for SA */
#define SAFE_PE_CSR_SAPCI 0x00000040 /* PCI bus id for SA */
#define SAFE_PE_CSR_NXTHDR 0x0000ff00 /* next hdr value for IPsec */
#define SAFE_PE_CSR_FPAD 0x0000ff00 /* fixed pad for basic ops */
#define SAFE_PE_CSR_STATUS 0x00ff0000 /* operation result status */
#define SAFE_PE_CSR_AUTH_FAIL 0x00010000 /* ICV mismatch (inbound) */
#define SAFE_PE_CSR_PAD_FAIL 0x00020000 /* pad verify fail (inbound) */
#define SAFE_PE_CSR_SEQ_FAIL 0x00040000 /* sequence number (inbound) */
#define SAFE_PE_CSR_XERROR 0x00080000 /* extended error follows */
#define SAFE_PE_CSR_XECODE 0x00f00000 /* extended error code */
#define SAFE_PE_CSR_XECODE_S 20
#define SAFE_PE_CSR_XECODE_BADCMD 0 /* invalid command */
#define SAFE_PE_CSR_XECODE_BADALG 1 /* invalid algorithm */
#define SAFE_PE_CSR_XECODE_ALGDIS 2 /* algorithm disabled */
#define SAFE_PE_CSR_XECODE_ZEROLEN 3 /* zero packet length */
#define SAFE_PE_CSR_XECODE_DMAERR 4 /* bus DMA error */
#define SAFE_PE_CSR_XECODE_PIPEABORT 5 /* secondary bus DMA error */
#define SAFE_PE_CSR_XECODE_BADSPI 6 /* IPsec SPI mismatch */
#define SAFE_PE_CSR_XECODE_TIMEOUT 10 /* failsafe timeout */
#define SAFE_PE_CSR_PAD 0xff000000 /* ESP padding control/status */
#define SAFE_PE_CSR_PAD_MIN 0x00000000 /* minimum IPsec padding */
#define SAFE_PE_CSR_PAD_16 0x08000000 /* pad to 16-byte boundary */
#define SAFE_PE_CSR_PAD_32 0x10000000 /* pad to 32-byte boundary */
#define SAFE_PE_CSR_PAD_64 0x20000000 /* pad to 64-byte boundary */
#define SAFE_PE_CSR_PAD_128 0x40000000 /* pad to 128-byte boundary */
#define SAFE_PE_CSR_PAD_256 0x80000000 /* pad to 256-byte boundary */
/*
* Check the CSR to see if the PE has returned ownership to
* the host. Note that before processing a descriptor this
* must be done followed by a check of the SAFE_PE_LEN register
* status bits to avoid premature processing of a descriptor
* on its way back to the host.
*/
#define SAFE_PE_CSR_IS_DONE(_csr) \
(((_csr) & (SAFE_PE_CSR_READY | SAFE_PE_CSR_DONE)) == SAFE_PE_CSR_DONE)
#define SAFE_PE_LEN_LENGTH 0x000fffff /* total length (bytes) */
#define SAFE_PE_LEN_READY 0x00400000 /* ready for processing */
#define SAFE_PE_LEN_DONE 0x00800000 /* h/w completed processing */
#define SAFE_PE_LEN_BYPASS 0xff000000 /* bypass offset (bytes) */
#define SAFE_PE_LEN_BYPASS_S 24
#define SAFE_PE_LEN_IS_DONE(_len) \
(((_len) & (SAFE_PE_LEN_READY | SAFE_PE_LEN_DONE)) == SAFE_PE_LEN_DONE)
/* NB: these apply to HU_STAT, HM_STAT, HI_CLR, and HI_MASK */
#define SAFE_INT_PE_CDONE 0x00000002 /* PE context done */
#define SAFE_INT_PE_DDONE 0x00000008 /* PE descriptor done */
#define SAFE_INT_PE_ERROR 0x00000010 /* PE error */
#define SAFE_INT_PE_ODONE 0x00000020 /* PE operation done */
#define SAFE_HI_CFG_PULSE 0x00000001 /* use pulse interrupt */
#define SAFE_HI_CFG_LEVEL 0x00000000 /* use level interrupt */
#define SAFE_HI_CFG_AUTOCLR 0x00000002 /* auto-clear pulse interrupt */
#define SAFE_ENDIAN_PASS 0x000000e4 /* straight pass-thru */
#define SAFE_ENDIAN_SWAB 0x0000001b /* swap bytes in 32-bit word */
#define SAFE_PE_DMACFG_PERESET 0x00000001 /* reset packet engine */
#define SAFE_PE_DMACFG_PDRRESET 0x00000002 /* reset PDR counters/ptrs */
#define SAFE_PE_DMACFG_SGRESET 0x00000004 /* reset scatter/gather cache */
#define SAFE_PE_DMACFG_FSENA 0x00000008 /* enable failsafe reset */
#define SAFE_PE_DMACFG_PEMODE 0x00000100 /* packet engine mode */
#define SAFE_PE_DMACFG_SAPREC 0x00000200 /* SA precedes packet */
#define SAFE_PE_DMACFG_PKFOLL 0x00000400 /* packet follows descriptor */
#define SAFE_PE_DMACFG_GPRBID 0x00003000 /* gather particle ring busid */
#define SAFE_PE_DMACFG_GPRPCI 0x00001000 /* PCI gather particle ring */
#define SAFE_PE_DMACFG_SPRBID 0x0000c000 /* scatter part. ring busid */
#define SAFE_PE_DMACFG_SPRPCI 0x00004000 /* PCI scatter part. ring */
#define SAFE_PE_DMACFG_ESDESC 0x00010000 /* endian swap descriptors */
#define SAFE_PE_DMACFG_ESSA 0x00020000 /* endian swap SA data */
#define SAFE_PE_DMACFG_ESPACKET 0x00040000 /* endian swap packet data */
#define SAFE_PE_DMACFG_ESPDESC 0x00080000 /* endian swap particle desc. */
#define SAFE_PE_DMACFG_NOPDRUP 0x00100000 /* supp. PDR ownership update */
#define SAFE_PD_EDMACFG_PCIMODE 0x01000000 /* PCI target mode */
#define SAFE_PE_DMASTAT_PEIDONE 0x00000001 /* PE core input done */
#define SAFE_PE_DMASTAT_PEODONE 0x00000002 /* PE core output done */
#define SAFE_PE_DMASTAT_ENCDONE 0x00000004 /* encryption done */
#define SAFE_PE_DMASTAT_IHDONE 0x00000008 /* inner hash done */
#define SAFE_PE_DMASTAT_OHDONE 0x00000010 /* outer hash (HMAC) done */
#define SAFE_PE_DMASTAT_PADFLT 0x00000020 /* crypto pad fault */
#define SAFE_PE_DMASTAT_ICVFLT 0x00000040 /* ICV fault */
#define SAFE_PE_DMASTAT_SPIMIS 0x00000080 /* SPI mismatch */
#define SAFE_PE_DMASTAT_CRYPTO 0x00000100 /* crypto engine timeout */
#define SAFE_PE_DMASTAT_CQACT 0x00000200 /* command queue active */
#define SAFE_PE_DMASTAT_IRACT 0x00000400 /* input request active */
#define SAFE_PE_DMASTAT_ORACT 0x00000800 /* output request active */
#define SAFE_PE_DMASTAT_PEISIZE 0x003ff000 /* PE input size:32-bit words */
#define SAFE_PE_DMASTAT_PEOSIZE 0xffc00000 /* PE out. size:32-bit words */
#define SAFE_PE_RINGCFG_SIZE 0x000003ff /* ring size (descriptors) */
#define SAFE_PE_RINGCFG_OFFSET 0xffff0000 /* offset btw desc's (dwords) */
#define SAFE_PE_RINGCFG_OFFSET_S 16
#define SAFE_PE_RINGPOLL_POLL 0x00000fff /* polling frequency/divisor */
#define SAFE_PE_RINGPOLL_RETRY 0x03ff0000 /* polling frequency/divisor */
#define SAFE_PE_RINGPOLL_CONT 0x80000000 /* continuously poll */
#define SAFE_PE_IRNGSTAT_CQAVAIL 0x00000001 /* command queue available */
#define SAFE_PE_ERNGSTAT_NEXT 0x03ff0000 /* index of next packet desc. */
#define SAFE_PE_ERNGSTAT_NEXT_S 16
#define SAFE_PE_IOTHRESH_INPUT 0x000003ff /* input threshold (dwords) */
#define SAFE_PE_IOTHRESH_OUTPUT 0x03ff0000 /* output threshold (dwords) */
#define SAFE_PE_PARTCFG_SIZE 0x0000ffff /* scatter particle size */
#define SAFE_PE_PARTCFG_GBURST 0x00030000 /* gather particle burst */
#define SAFE_PE_PARTCFG_GBURST_2 0x00000000
#define SAFE_PE_PARTCFG_GBURST_4 0x00010000
#define SAFE_PE_PARTCFG_GBURST_8 0x00020000
#define SAFE_PE_PARTCFG_GBURST_16 0x00030000
#define SAFE_PE_PARTCFG_SBURST 0x000c0000 /* scatter particle burst */
#define SAFE_PE_PARTCFG_SBURST_2 0x00000000
#define SAFE_PE_PARTCFG_SBURST_4 0x00040000
#define SAFE_PE_PARTCFG_SBURST_8 0x00080000
#define SAFE_PE_PARTCFG_SBURST_16 0x000c0000
#define SAFE_PE_PARTSIZE_SCAT 0xffff0000 /* scatter particle ring size */
#define SAFE_PE_PARTSIZE_GATH 0x0000ffff /* gather particle ring size */
#define SAFE_CRYPTO_CTRL_3DES 0x00000001 /* enable 3DES support */
#define SAFE_CRYPTO_CTRL_PKEY 0x00010000 /* enable public key support */
#define SAFE_CRYPTO_CTRL_RNG 0x00020000 /* enable RNG support */
#define SAFE_DEVINFO_REV_MIN 0x0000000f /* minor rev for chip */
#define SAFE_DEVINFO_REV_MAJ 0x000000f0 /* major rev for chip */
#define SAFE_DEVINFO_REV_MAJ_S 4
#define SAFE_DEVINFO_DES 0x00000100 /* DES/3DES support present */
#define SAFE_DEVINFO_ARC4 0x00000200 /* ARC4 support present */
#define SAFE_DEVINFO_AES 0x00000400 /* AES support present */
#define SAFE_DEVINFO_MD5 0x00001000 /* MD5 support present */
#define SAFE_DEVINFO_SHA1 0x00002000 /* SHA-1 support present */
#define SAFE_DEVINFO_RIPEMD 0x00004000 /* RIPEMD support present */
#define SAFE_DEVINFO_DEFLATE 0x00010000 /* Deflate support present */
#define SAFE_DEVINFO_SARAM 0x00100000 /* on-chip SA RAM present */
#define SAFE_DEVINFO_EMIBUS 0x00200000 /* EMI bus present */
#define SAFE_DEVINFO_PKEY 0x00400000 /* public key support present */
#define SAFE_DEVINFO_RNG 0x00800000 /* RNG present */
#define SAFE_REV(_maj, _min) (((_maj) << SAFE_DEVINFO_REV_MAJ_S) | (_min))
#define SAFE_REV_MAJ(_chiprev) \
(((_chiprev) & SAFE_DEVINFO_REV_MAJ) >> SAFE_DEVINFO_REV_MAJ_S)
#define SAFE_REV_MIN(_chiprev) ((_chiprev) & SAFE_DEVINFO_REV_MIN)
#define SAFE_PK_FUNC_MULT 0x00000001 /* Multiply function */
#define SAFE_PK_FUNC_SQUARE 0x00000004 /* Square function */
#define SAFE_PK_FUNC_ADD 0x00000010 /* Add function */
#define SAFE_PK_FUNC_SUB 0x00000020 /* Subtract function */
#define SAFE_PK_FUNC_LSHIFT 0x00000040 /* Left-shift function */
#define SAFE_PK_FUNC_RSHIFT 0x00000080 /* Right-shift function */
#define SAFE_PK_FUNC_DIV 0x00000100 /* Divide function */
#define SAFE_PK_FUNC_CMP 0x00000400 /* Compare function */
#define SAFE_PK_FUNC_COPY 0x00000800 /* Copy function */
#define SAFE_PK_FUNC_EXP16 0x00002000 /* Exponentiate (4-bit ACT) */
#define SAFE_PK_FUNC_EXP4 0x00004000 /* Exponentiate (2-bit ACT) */
#define SAFE_PK_FUNC_RUN 0x00008000 /* start/status */
#define SAFE_RNG_STAT_BUSY 0x00000001 /* busy, data not valid */
#define SAFE_RNG_CTRL_PRE_LFSR 0x00000001 /* enable output pre-LFSR */
#define SAFE_RNG_CTRL_TST_MODE 0x00000002 /* enable test mode */
#define SAFE_RNG_CTRL_TST_RUN 0x00000004 /* start test state machine */
#define SAFE_RNG_CTRL_ENA_RING1 0x00000008 /* test entropy oscillator #1 */
#define SAFE_RNG_CTRL_ENA_RING2 0x00000010 /* test entropy oscillator #2 */
#define SAFE_RNG_CTRL_DIS_ALARM 0x00000020 /* disable RNG alarm reports */
#define SAFE_RNG_CTRL_TST_CLOCK 0x00000040 /* enable test clock */
#define SAFE_RNG_CTRL_SHORTEN 0x00000080 /* shorten state timers */
#define SAFE_RNG_CTRL_TST_ALARM 0x00000100 /* simulate alarm state */
#define SAFE_RNG_CTRL_RST_LFSR 0x00000200 /* reset LFSR */
/*
* Packet engine descriptor. Note that d_csr is a copy of the
* SAFE_PE_CSR register and all definitions apply, and d_len
* is a copy of the SAFE_PE_LEN register and all definitions apply.
* d_src and d_len may point directly to contiguous data or to a
* list of ``particle descriptors'' when using scatter/gather i/o.
*/
struct safe_desc {
u_int32_t d_csr; /* per-packet control/status */
u_int32_t d_src; /* source address */
u_int32_t d_dst; /* destination address */
u_int32_t d_sa; /* SA address */
u_int32_t d_len; /* length, bypass, status */
};
/*
* Scatter/Gather particle descriptor.
*
* NB: scatter descriptors do not specify a size; this is fixed
* by the setting of the SAFE_PE_PARTCFG register.
*/
struct safe_pdesc {
u_int32_t pd_addr; /* particle address */
#ifdef __BIG_ENDIAN
u_int16_t pd_flags; /* control word */
u_int16_t pd_size; /* particle size (bytes) */
#else
u_int16_t pd_flags; /* control word */
u_int16_t pd_size; /* particle size (bytes) */
#endif
};
#define SAFE_PD_READY 0x0001 /* ready for processing */
#define SAFE_PD_DONE 0x0002 /* h/w completed processing */
/*
* Security Association (SA) Record (Rev 1). One of these is
* required for each operation processed by the packet engine.
*/
struct safe_sarec {
u_int32_t sa_cmd0;
u_int32_t sa_cmd1;
u_int32_t sa_resv0;
u_int32_t sa_resv1;
u_int32_t sa_key[8]; /* DES/3DES/AES key */
u_int32_t sa_indigest[5]; /* inner digest */
u_int32_t sa_outdigest[5]; /* outer digest */
u_int32_t sa_spi; /* SPI */
u_int32_t sa_seqnum; /* sequence number */
u_int32_t sa_seqmask[2]; /* sequence number mask */
u_int32_t sa_resv2;
u_int32_t sa_staterec; /* address of state record */
u_int32_t sa_resv3[2];
u_int32_t sa_samgmt0; /* SA management field 0 */
u_int32_t sa_samgmt1; /* SA management field 0 */
};
#define SAFE_SA_CMD0_OP 0x00000007 /* operation code */
#define SAFE_SA_CMD0_OP_CRYPT 0x00000000 /* encrypt/decrypt (basic) */
#define SAFE_SA_CMD0_OP_BOTH 0x00000001 /* encrypt-hash/hash-decrypto */
#define SAFE_SA_CMD0_OP_HASH 0x00000003 /* hash (outbound-only) */
#define SAFE_SA_CMD0_OP_ESP 0x00000000 /* ESP in/out (proto) */
#define SAFE_SA_CMD0_OP_AH 0x00000001 /* AH in/out (proto) */
#define SAFE_SA_CMD0_INBOUND 0x00000008 /* inbound operation */
#define SAFE_SA_CMD0_OUTBOUND 0x00000000 /* outbound operation */
#define SAFE_SA_CMD0_GROUP 0x00000030 /* operation group */
#define SAFE_SA_CMD0_BASIC 0x00000000 /* basic operation */
#define SAFE_SA_CMD0_PROTO 0x00000010 /* protocol/packet operation */
#define SAFE_SA_CMD0_BUNDLE 0x00000020 /* bundled operation (resvd) */
#define SAFE_SA_CMD0_PAD 0x000000c0 /* crypto pad method */
#define SAFE_SA_CMD0_PAD_IPSEC 0x00000000 /* IPsec padding */
#define SAFE_SA_CMD0_PAD_PKCS7 0x00000040 /* PKCS#7 padding */
#define SAFE_SA_CMD0_PAD_CONS 0x00000080 /* constant padding */
#define SAFE_SA_CMD0_PAD_ZERO 0x000000c0 /* zero padding */
#define SAFE_SA_CMD0_CRYPT_ALG 0x00000f00 /* symmetric crypto algorithm */
#define SAFE_SA_CMD0_DES 0x00000000 /* DES crypto algorithm */
#define SAFE_SA_CMD0_3DES 0x00000100 /* 3DES crypto algorithm */
#define SAFE_SA_CMD0_AES 0x00000300 /* AES crypto algorithm */
#define SAFE_SA_CMD0_CRYPT_NULL 0x00000f00 /* null crypto algorithm */
#define SAFE_SA_CMD0_HASH_ALG 0x0000f000 /* hash algorithm */
#define SAFE_SA_CMD0_MD5 0x00000000 /* MD5 hash algorithm */
#define SAFE_SA_CMD0_SHA1 0x00001000 /* SHA-1 hash algorithm */
#define SAFE_SA_CMD0_HASH_NULL 0x0000f000 /* null hash algorithm */
#define SAFE_SA_CMD0_HDR_PROC 0x00080000 /* header processing */
#define SAFE_SA_CMD0_IBUSID 0x00300000 /* input bus id */
#define SAFE_SA_CMD0_IPCI 0x00100000 /* PCI input bus id */
#define SAFE_SA_CMD0_OBUSID 0x00c00000 /* output bus id */
#define SAFE_SA_CMD0_OPCI 0x00400000 /* PCI output bus id */
#define SAFE_SA_CMD0_IVLD 0x03000000 /* IV loading */
#define SAFE_SA_CMD0_IVLD_NONE 0x00000000 /* IV no load (reuse) */
#define SAFE_SA_CMD0_IVLD_IBUF 0x01000000 /* IV load from input buffer */
#define SAFE_SA_CMD0_IVLD_STATE 0x02000000 /* IV load from state */
#define SAFE_SA_CMD0_HSLD 0x0c000000 /* hash state loading */
#define SAFE_SA_CMD0_HSLD_SA 0x00000000 /* hash state load from SA */
#define SAFE_SA_CMD0_HSLD_STATE 0x08000000 /* hash state load from state */
#define SAFE_SA_CMD0_HSLD_NONE 0x0c000000 /* hash state no load */
#define SAFE_SA_CMD0_SAVEIV 0x10000000 /* save IV */
#define SAFE_SA_CMD0_SAVEHASH 0x20000000 /* save hash state */
#define SAFE_SA_CMD0_IGATHER 0x40000000 /* input gather */
#define SAFE_SA_CMD0_OSCATTER 0x80000000 /* output scatter */
#define SAFE_SA_CMD1_HDRCOPY 0x00000002 /* copy header to output */
#define SAFE_SA_CMD1_PAYCOPY 0x00000004 /* copy payload to output */
#define SAFE_SA_CMD1_PADCOPY 0x00000008 /* copy pad to output */
#define SAFE_SA_CMD1_IPV4 0x00000000 /* IPv4 protocol */
#define SAFE_SA_CMD1_IPV6 0x00000010 /* IPv6 protocol */
#define SAFE_SA_CMD1_MUTABLE 0x00000020 /* mutable bit processing */
#define SAFE_SA_CMD1_SRBUSID 0x000000c0 /* state record bus id */
#define SAFE_SA_CMD1_SRPCI 0x00000040 /* state record from PCI */
#define SAFE_SA_CMD1_CRMODE 0x00000300 /* crypto mode */
#define SAFE_SA_CMD1_ECB 0x00000000 /* ECB crypto mode */
#define SAFE_SA_CMD1_CBC 0x00000100 /* CBC crypto mode */
#define SAFE_SA_CMD1_OFB 0x00000200 /* OFB crypto mode */
#define SAFE_SA_CMD1_CFB 0x00000300 /* CFB crypto mode */
#define SAFE_SA_CMD1_CRFEEDBACK 0x00000c00 /* crypto feedback mode */
#define SAFE_SA_CMD1_64BIT 0x00000000 /* 64-bit crypto feedback */
#define SAFE_SA_CMD1_8BIT 0x00000400 /* 8-bit crypto feedback */
#define SAFE_SA_CMD1_1BIT 0x00000800 /* 1-bit crypto feedback */
#define SAFE_SA_CMD1_128BIT 0x00000c00 /* 128-bit crypto feedback */
#define SAFE_SA_CMD1_OPTIONS 0x00001000 /* HMAC/options mutable bit */
#define SAFE_SA_CMD1_HMAC SAFE_SA_CMD1_OPTIONS
#define SAFE_SA_CMD1_SAREV1 0x00008000 /* SA Revision 1 */
#define SAFE_SA_CMD1_OFFSET 0x00ff0000 /* hash/crypto offset(dwords) */
#define SAFE_SA_CMD1_OFFSET_S 16
#define SAFE_SA_CMD1_AESKEYLEN 0x0f000000 /* AES key length */
#define SAFE_SA_CMD1_AES128 0x02000000 /* 128-bit AES key */
#define SAFE_SA_CMD1_AES192 0x03000000 /* 192-bit AES key */
#define SAFE_SA_CMD1_AES256 0x04000000 /* 256-bit AES key */
/*
* Security Associate State Record (Rev 1).
*/
struct safe_sastate {
u_int32_t sa_saved_iv[4]; /* saved IV (DES/3DES/AES) */
u_int32_t sa_saved_hashbc; /* saved hash byte count */
u_int32_t sa_saved_indigest[5]; /* saved inner digest */
};
#endif /* _SAFE_SAFEREG_H_ */
|