1 /*	$OpenBSD: safereg.h,v 1.4 2003/08/20 16:28:35 jason Exp $	*/
2 
3 /*-
4  * Copyright (c) 2003 Sam Leffler, Errno Consulting
5  * Copyright (c) 2003 Global Technology Associates, Inc.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $FreeBSD: /repoman/r/ncvs/src/sys/dev/safe/safereg.h,v 1.1 2003/07/21 21:46:07 sam Exp $
30  */
31 #ifndef _SAFE_SAFEREG_H_
32 #define	_SAFE_SAFEREG_H_
33 
34 /*
35  * Register definitions for SafeNet SafeXcel-1141 crypto device.
36  * Definitions from revision 1.3 (Nov 6 2002) of the User's Manual.
37  */
38 
39 #define SAFE_BAR		0x10	/* DMA base address register */
40 
41 #define	PCI_VENDOR_SAFENET	0x16ae		/* SafeNet, Inc. */
42 
43 /* SafeNet */
44 #define	PCI_PRODUCT_SAFEXCEL	0x1141		/* 1141 */
45 
46 #define	SAFE_PE_CSR		0x0000	/* Packet Enginge Ctrl/Status */
47 #define	SAFE_PE_SRC		0x0004	/* Packet Engine Source */
48 #define	SAFE_PE_DST		0x0008	/* Packet Engine Destination */
49 #define	SAFE_PE_SA		0x000c	/* Packet Engine SA */
50 #define	SAFE_PE_LEN		0x0010	/* Packet Engine Length */
51 #define	SAFE_PE_DMACFG		0x0040	/* Packet Engine DMA Configuration */
52 #define	SAFE_PE_DMASTAT		0x0044	/* Packet Engine DMA Status */
53 #define	SAFE_PE_PDRBASE		0x0048	/* Packet Engine Descriptor Ring Base */
54 #define	SAFE_PE_RDRBASE		0x004c	/* Packet Engine Result Ring Base */
55 #define	SAFE_PE_RINGCFG		0x0050	/* Packet Engine Ring Configuration */
56 #define	SAFE_PE_RINGPOLL	0x0054	/* Packet Engine Ring Poll */
57 #define	SAFE_PE_IRNGSTAT	0x0058	/* Packet Engine Internal Ring Status */
58 #define	SAFE_PE_ERNGSTAT	0x005c	/* Packet Engine External Ring Status */
59 #define	SAFE_PE_IOTHRESH	0x0060	/* Packet Engine I/O Threshold */
60 #define	SAFE_PE_GRNGBASE	0x0064	/* Packet Engine Gather Ring Base */
61 #define	SAFE_PE_SRNGBASE	0x0068	/* Packet Engine Scatter Ring Base */
62 #define	SAFE_PE_PARTSIZE	0x006c	/* Packet Engine Particlar Ring Size */
63 #define	SAFE_PE_PARTCFG		0x0070	/* Packet Engine Particle Ring Config */
64 #define	SAFE_CRYPTO_CTRL	0x0080	/* Crypto Control */
65 #define	SAFE_DEVID		0x0084	/* Device ID */
66 #define	SAFE_DEVINFO		0x0088	/* Device Info */
67 #define	SAFE_HU_STAT		0x00a0	/* Host Unmasked Status */
68 #define	SAFE_HM_STAT		0x00a4	/* Host Masked Status (read-only) */
69 #define	SAFE_HI_CLR		0x00a4	/* Host Clear Interrupt (write-only) */
70 #define	SAFE_HI_MASK		0x00a8	/* Host Mask Control */
71 #define	SAFE_HI_CFG		0x00ac	/* Interrupt Configuration */
72 #define	SAFE_HI_RD_DESCR	0x00b4	/* Force Descriptor Read */
73 #define	SAFE_HI_DESC_CNT	0x00b8	/* Host Descriptor Done Count */
74 #define	SAFE_DMA_ENDIAN		0x00c0	/* Master Endian Status */
75 #define	SAFE_DMA_SRCADDR	0x00c4	/* DMA Source Address Status */
76 #define	SAFE_DMA_DSTADDR	0x00c8	/* DMA Destination Address Status */
77 #define	SAFE_DMA_STAT		0x00cc	/* DMA Current Status */
78 #define	SAFE_DMA_CFG		0x00d4	/* DMA Configuration/Status */
79 #define	SAFE_ENDIAN		0x00e0	/* Endian Configuration */
80 #define	SAFE_RNG_OUT		0x0100	/* RNG Output */
81 #define	SAFE_RNG_STAT		0x0104	/* RNG Status */
82 #define	SAFE_RNG_CTRL		0x0108	/* RNG Control */
83 #define	SAFE_RNG_A		0x010c	/* RNG A */
84 #define	SAFE_RNG_B		0x0110	/* RNG B */
85 #define	SAFE_RNG_X_LO		0x0114	/* RNG X [31:0] */
86 #define	SAFE_RNG_X_MID		0x0118	/* RNG X [63:32] */
87 #define	SAFE_RNG_X_HI		0x011c	/* RNG X [80:64] */
88 #define	SAFE_RNG_X_CNTR		0x0120	/* RNG Counter */
89 #define	SAFE_RNG_ALM_CNT	0x0124	/* RNG Alarm Count */
90 #define	SAFE_RNG_CNFG		0x0128	/* RNG Configuration */
91 #define	SAFE_RNG_LFSR1_LO	0x012c	/* RNG LFSR1 [31:0] */
92 #define	SAFE_RNG_LFSR1_HI	0x0130	/* RNG LFSR1 [47:32] */
93 #define	SAFE_RNG_LFSR2_LO	0x0134	/* RNG LFSR1 [31:0] */
94 #define	SAFE_RNG_LFSR2_HI	0x0138	/* RNG LFSR1 [47:32] */
95 #define	SAFE_PK_A_ADDR		0x0800	/* Public Key A Address */
96 #define	SAFE_PK_B_ADDR		0x0804	/* Public Key B Address */
97 #define	SAFE_PK_C_ADDR		0x0808	/* Public Key C Address */
98 #define	SAFE_PK_D_ADDR		0x080c	/* Public Key D Address */
99 #define	SAFE_PK_A_LEN		0x0810	/* Public Key A Length */
100 #define	SAFE_PK_B_LEN		0x0814	/* Public Key B Length */
101 #define	SAFE_PK_SHIFT		0x0818	/* Public Key Shift */
102 #define	SAFE_PK_FUNC		0x081c	/* Public Key Function */
103 #define	SAFE_PK_RAM_START	0x1000	/* Public Key RAM start address */
104 #define	SAFE_PK_RAM_END		0x1fff	/* Public Key RAM end address */
105 
106 #define	SAFE_PE_CSR_READY	0x00000001	/* ready for processing */
107 #define	SAFE_PE_CSR_DONE	0x00000002	/* h/w completed processing */
108 #define	SAFE_PE_CSR_LOADSA	0x00000004	/* load SA digests */
109 #define	SAFE_PE_CSR_HASHFINAL	0x00000010	/* do hash pad & write result */
110 #define	SAFE_PE_CSR_SABUSID	0x000000c0	/* bus id for SA */
111 #define	SAFE_PE_CSR_SAPCI	0x00000040	/* PCI bus id for SA */
112 #define	SAFE_PE_CSR_NXTHDR	0x0000ff00	/* next hdr value for IPsec */
113 #define	SAFE_PE_CSR_FPAD	0x0000ff00	/* fixed pad for basic ops */
114 #define	SAFE_PE_CSR_STATUS	0x00ff0000	/* operation result status */
115 #define	SAFE_PE_CSR_AUTH_FAIL	0x00010000	/* ICV mismatch (inbound) */
116 #define	SAFE_PE_CSR_PAD_FAIL	0x00020000	/* pad verify fail (inbound) */
117 #define	SAFE_PE_CSR_SEQ_FAIL	0x00040000	/* sequence number (inbound) */
118 #define	SAFE_PE_CSR_XERROR	0x00080000	/* extended error follows */
119 #define	SAFE_PE_CSR_XECODE	0x00f00000	/* extended error code */
120 #define	SAFE_PE_CSR_XECODE_S	20
121 #define	SAFE_PE_CSR_XECODE_BADCMD	0	/* invalid command */
122 #define	SAFE_PE_CSR_XECODE_BADALG	1	/* invalid algorithm */
123 #define	SAFE_PE_CSR_XECODE_ALGDIS	2	/* algorithm disabled */
124 #define	SAFE_PE_CSR_XECODE_ZEROLEN	3	/* zero packet length */
125 #define	SAFE_PE_CSR_XECODE_DMAERR	4	/* bus DMA error */
126 #define	SAFE_PE_CSR_XECODE_PIPEABORT	5	/* secondary bus DMA error */
127 #define	SAFE_PE_CSR_XECODE_BADSPI	6	/* IPsec SPI mismatch */
128 #define	SAFE_PE_CSR_XECODE_TIMEOUT	10	/* failsafe timeout */
129 #define	SAFE_PE_CSR_PAD		0xff000000	/* ESP padding control/status */
130 #define	SAFE_PE_CSR_PAD_MIN	0x00000000	/* minimum IPsec padding */
131 #define	SAFE_PE_CSR_PAD_16	0x08000000	/* pad to 16-byte boundary */
132 #define	SAFE_PE_CSR_PAD_32	0x10000000	/* pad to 32-byte boundary */
133 #define	SAFE_PE_CSR_PAD_64	0x20000000	/* pad to 64-byte boundary */
134 #define	SAFE_PE_CSR_PAD_128	0x40000000	/* pad to 128-byte boundary */
135 #define	SAFE_PE_CSR_PAD_256	0x80000000	/* pad to 256-byte boundary */
136 
137 /*
138  * Check the CSR to see if the PE has returned ownership to
139  * the host.  Note that before processing a descriptor this
140  * must be done followed by a check of the SAFE_PE_LEN register
141  * status bits to avoid premature processing of a descriptor
142  * on its way back to the host.
143  */
144 #define	SAFE_PE_CSR_IS_DONE(_csr) \
145     (((_csr) & (SAFE_PE_CSR_READY | SAFE_PE_CSR_DONE)) == SAFE_PE_CSR_DONE)
146 
147 #define	SAFE_PE_LEN_LENGTH	0x000fffff	/* total length (bytes) */
148 #define	SAFE_PE_LEN_READY	0x00400000	/* ready for processing */
149 #define	SAFE_PE_LEN_DONE	0x00800000	/* h/w completed processing */
150 #define	SAFE_PE_LEN_BYPASS	0xff000000	/* bypass offset (bytes) */
151 #define	SAFE_PE_LEN_BYPASS_S	24
152 
153 #define	SAFE_PE_LEN_IS_DONE(_len) \
154     (((_len) & (SAFE_PE_LEN_READY | SAFE_PE_LEN_DONE)) == SAFE_PE_LEN_DONE)
155 
156 /* NB: these apply to HU_STAT, HM_STAT, HI_CLR, and HI_MASK */
157 #define	SAFE_INT_PE_CDONE	0x00000002	/* PE context done */
158 #define	SAFE_INT_PE_DDONE	0x00000008	/* PE descriptor done */
159 #define	SAFE_INT_PE_ERROR	0x00000010	/* PE error */
160 #define	SAFE_INT_PE_ODONE	0x00000020	/* PE operation done */
161 
162 #define	SAFE_HI_CFG_PULSE	0x00000001	/* use pulse interrupt */
163 #define	SAFE_HI_CFG_LEVEL	0x00000000	/* use level interrupt */
164 #define	SAFE_HI_CFG_AUTOCLR	0x00000002	/* auto-clear pulse interrupt */
165 
166 #define	SAFE_ENDIAN_TGT_PASS	0x00e40000	/* target pass-thru */
167 #define	SAFE_ENDIAN_TGT_SWAB	0x001b0000	/* target swap32 */
168 #define	SAFE_ENDIAN_DMA_PASS	0x000000e4	/* DMA pass-thru */
169 #define	SAFE_ENDIAN_DMA_SWAB	0x0000001b	/* DMA swap32 */
170 
171 #define	SAFE_PE_DMACFG_PERESET	0x00000001	/* reset packet engine */
172 #define	SAFE_PE_DMACFG_PDRRESET	0x00000002	/* reset PDR counters/ptrs */
173 #define	SAFE_PE_DMACFG_SGRESET	0x00000004	/* reset scatter/gather cache */
174 #define	SAFE_PE_DMACFG_FSENA	0x00000008	/* enable failsafe reset */
175 #define	SAFE_PE_DMACFG_PEMODE	0x00000100	/* packet engine mode */
176 #define	SAFE_PE_DMACFG_SAPREC	0x00000200	/* SA precedes packet */
177 #define	SAFE_PE_DMACFG_PKFOLL	0x00000400	/* packet follows descriptor */
178 #define	SAFE_PE_DMACFG_GPRBID	0x00003000	/* gather particle ring busid */
179 #define	SAFE_PE_DMACFG_GPRPCI	0x00001000	/* PCI gather particle ring */
180 #define	SAFE_PE_DMACFG_SPRBID	0x0000c000	/* scatter part. ring busid */
181 #define	SAFE_PE_DMACFG_SPRPCI	0x00004000	/* PCI scatter part. ring */
182 #define	SAFE_PE_DMACFG_ESDESC	0x00010000	/* endian swap descriptors */
183 #define	SAFE_PE_DMACFG_ESSA	0x00020000	/* endian swap SA data */
184 #define	SAFE_PE_DMACFG_ESPACKET	0x00040000	/* endian swap packet data */
185 #define	SAFE_PE_DMACFG_ESPDESC	0x00080000	/* endian swap particle desc. */
186 #define	SAFE_PE_DMACFG_NOPDRUP	0x00100000	/* supp. PDR ownership update */
187 #define	SAFE_PD_EDMACFG_PCIMODE	0x01000000	/* PCI target mode */
188 
189 #define	SAFE_PE_DMASTAT_PEIDONE	0x00000001	/* PE core input done */
190 #define	SAFE_PE_DMASTAT_PEODONE	0x00000002	/* PE core output done */
191 #define	SAFE_PE_DMASTAT_ENCDONE	0x00000004	/* encryption done */
192 #define	SAFE_PE_DMASTAT_IHDONE	0x00000008	/* inner hash done */
193 #define	SAFE_PE_DMASTAT_OHDONE	0x00000010	/* outer hash (HMAC) done */
194 #define	SAFE_PE_DMASTAT_PADFLT	0x00000020	/* crypto pad fault */
195 #define	SAFE_PE_DMASTAT_ICVFLT	0x00000040	/* ICV fault */
196 #define	SAFE_PE_DMASTAT_SPIMIS	0x00000080	/* SPI mismatch */
197 #define	SAFE_PE_DMASTAT_CRYPTO	0x00000100	/* crypto engine timeout */
198 #define	SAFE_PE_DMASTAT_CQACT	0x00000200	/* command queue active */
199 #define	SAFE_PE_DMASTAT_IRACT	0x00000400	/* input request active */
200 #define	SAFE_PE_DMASTAT_ORACT	0x00000800	/* output request active */
201 #define	SAFE_PE_DMASTAT_PEISIZE	0x003ff000	/* PE input size:32-bit words */
202 #define	SAFE_PE_DMASTAT_PEOSIZE	0xffc00000	/* PE out. size:32-bit words */
203 
204 #define	SAFE_PE_RINGCFG_SIZE	0x000003ff	/* ring size (descriptors) */
205 #define	SAFE_PE_RINGCFG_OFFSET	0xffff0000	/* offset btw desc's (dwords) */
206 #define	SAFE_PE_RINGCFG_OFFSET_S	16
207 
208 #define	SAFE_PE_RINGPOLL_POLL	0x00000fff	/* polling frequency/divisor */
209 #define	SAFE_PE_RINGPOLL_RETRY	0x03ff0000	/* polling frequency/divisor */
210 #define	SAFE_PE_RINGPOLL_CONT	0x80000000	/* continuously poll */
211 
212 #define	SAFE_PE_IRNGSTAT_CQAVAIL 0x00000001	/* command queue available */
213 
214 #define	SAFE_PE_ERNGSTAT_NEXT	0x03ff0000	/* index of next packet desc. */
215 #define	SAFE_PE_ERNGSTAT_NEXT_S	16
216 
217 #define	SAFE_PE_IOTHRESH_INPUT	0x000003ff	/* input threshold (dwords) */
218 #define	SAFE_PE_IOTHRESH_OUTPUT	0x03ff0000	/* output threshold (dwords) */
219 
220 #define	SAFE_PE_PARTCFG_SIZE	0x0000ffff	/* scatter particle size */
221 #define	SAFE_PE_PARTCFG_GBURST	0x00030000	/* gather particle burst */
222 #define	SAFE_PE_PARTCFG_GBURST_2	0x00000000
223 #define	SAFE_PE_PARTCFG_GBURST_4	0x00010000
224 #define	SAFE_PE_PARTCFG_GBURST_8	0x00020000
225 #define	SAFE_PE_PARTCFG_GBURST_16	0x00030000
226 #define	SAFE_PE_PARTCFG_SBURST	0x000c0000	/* scatter particle burst */
227 #define	SAFE_PE_PARTCFG_SBURST_2	0x00000000
228 #define	SAFE_PE_PARTCFG_SBURST_4	0x00040000
229 #define	SAFE_PE_PARTCFG_SBURST_8	0x00080000
230 #define	SAFE_PE_PARTCFG_SBURST_16	0x000c0000
231 
232 #define	SAFE_PE_PARTSIZE_SCAT	0xffff0000	/* scatter particle ring size */
233 #define	SAFE_PE_PARTSIZE_GATH	0x0000ffff	/* gather particle ring size */
234 
235 #define	SAFE_CRYPTO_CTRL_3DES	0x00000001	/* enable 3DES support */
236 #define	SAFE_CRYPTO_CTRL_PKEY	0x00010000	/* enable public key support */
237 #define	SAFE_CRYPTO_CTRL_RNG	0x00020000	/* enable RNG support */
238 
239 #define	SAFE_DEVINFO_REV_MIN	0x0000000f	/* minor rev for chip */
240 #define	SAFE_DEVINFO_REV_MAJ	0x000000f0	/* major rev for chip */
241 #define	SAFE_DEVINFO_REV_MAJ_S	4
242 #define	SAFE_DEVINFO_DES	0x00000100	/* DES/3DES support present */
243 #define	SAFE_DEVINFO_ARC4	0x00000200	/* ARC4 support present */
244 #define	SAFE_DEVINFO_AES	0x00000400	/* AES support present */
245 #define	SAFE_DEVINFO_MD5	0x00001000	/* MD5 support present */
246 #define	SAFE_DEVINFO_SHA1	0x00002000	/* SHA-1 support present */
247 #define	SAFE_DEVINFO_RIPEMD	0x00004000	/* RIPEMD support present */
248 #define	SAFE_DEVINFO_DEFLATE	0x00010000	/* Deflate support present */
249 #define	SAFE_DEVINFO_SARAM	0x00100000	/* on-chip SA RAM present */
250 #define	SAFE_DEVINFO_EMIBUS	0x00200000	/* EMI bus present */
251 #define	SAFE_DEVINFO_PKEY	0x00400000	/* public key support present */
252 #define	SAFE_DEVINFO_RNG	0x00800000	/* RNG present */
253 
254 #define	SAFE_REV(_maj, _min)	(((_maj) << SAFE_DEVINFO_REV_MAJ_S) | (_min))
255 #define	SAFE_REV_MAJ(_chiprev) \
256 	(((_chiprev) & SAFE_DEVINFO_REV_MAJ) >> SAFE_DEVINFO_REV_MAJ_S)
257 #define	SAFE_REV_MIN(_chiprev)	((_chiprev) & SAFE_DEVINFO_REV_MIN)
258 
259 #define	SAFE_PK_FUNC_MULT	0x00000001	/* Multiply function */
260 #define	SAFE_PK_FUNC_SQUARE	0x00000004	/* Square function */
261 #define	SAFE_PK_FUNC_ADD	0x00000010	/* Add function */
262 #define	SAFE_PK_FUNC_SUB	0x00000020	/* Subtract function */
263 #define	SAFE_PK_FUNC_LSHIFT	0x00000040	/* Left-shift function */
264 #define	SAFE_PK_FUNC_RSHIFT	0x00000080	/* Right-shift function */
265 #define	SAFE_PK_FUNC_DIV	0x00000100	/* Divide function */
266 #define	SAFE_PK_FUNC_CMP	0x00000400	/* Compare function */
267 #define	SAFE_PK_FUNC_COPY	0x00000800	/* Copy function */
268 #define	SAFE_PK_FUNC_EXP16	0x00002000	/* Exponentiate (4-bit ACT) */
269 #define	SAFE_PK_FUNC_EXP4	0x00004000	/* Exponentiate (2-bit ACT) */
270 #define	SAFE_PK_FUNC_RUN	0x00008000	/* start/status */
271 
272 #define	SAFE_RNG_STAT_BUSY	0x00000001	/* busy, data not valid */
273 
274 #define	SAFE_RNG_CTRL_PRE_LFSR	0x00000001	/* enable output pre-LFSR */
275 #define	SAFE_RNG_CTRL_TST_MODE	0x00000002	/* enable test mode */
276 #define	SAFE_RNG_CTRL_TST_RUN	0x00000004	/* start test state machine */
277 #define	SAFE_RNG_CTRL_ENA_RING1	0x00000008	/* test entropy oscillator #1 */
278 #define	SAFE_RNG_CTRL_ENA_RING2	0x00000010	/* test entropy oscillator #2 */
279 #define	SAFE_RNG_CTRL_DIS_ALARM	0x00000020	/* disable RNG alarm reports */
280 #define	SAFE_RNG_CTRL_TST_CLOCK	0x00000040	/* enable test clock */
281 #define	SAFE_RNG_CTRL_SHORTEN	0x00000080	/* shorten state timers */
282 #define	SAFE_RNG_CTRL_TST_ALARM	0x00000100	/* simulate alarm state */
283 #define	SAFE_RNG_CTRL_RST_LFSR	0x00000200	/* reset LFSR */
284 
285 /*
286  * Packet engine descriptor.  Note that d_csr is a copy of the
287  * SAFE_PE_CSR register and all definitions apply, and d_len
288  * is a copy of the SAFE_PE_LEN register and all definitions apply.
289  * d_src and d_len may point directly to contiguous data or to a
290  * list of ``particle descriptors'' when using scatter/gather i/o.
291  */
292 struct safe_desc {
293 	volatile u_int32_t	d_csr;		/* per-packet control/status */
294 	volatile u_int32_t	d_src;		/* source address */
295 	volatile u_int32_t	d_dst;		/* destination address */
296 	volatile u_int32_t	d_sa;		/* SA address */
297 	volatile u_int32_t	d_len;		/* length, bypass, status */
298 };
299 
300 /*
301  * Scatter/Gather particle descriptor.
302  *
303  * NB: scatter descriptors do not specify a size; this is fixed
304  *     by the setting of the SAFE_PE_PARTCFG register.
305  */
306 struct safe_pdesc {
307 	volatile u_int32_t	pd_addr;	/* particle address */
308 	volatile u_int32_t	pd_ctrl;	/* length/flags */
309 };
310 
311 #define	SAFE_PD_LEN_M	0xffff0000		/* length mask */
312 #define	SAFE_PD_LEN_S	16
313 #define	SAFE_PD_READY	0x00000001		/* ready for processing */
314 #define	SAFE_PD_DONE	0x00000002		/* h/w completed processing */
315 
316 /*
317  * Security Association (SA) Record (Rev 1).  One of these is
318  * required for each operation processed by the packet engine.
319  */
320 struct safe_sarec {
321 	volatile u_int32_t	sa_cmd0;
322 	volatile u_int32_t	sa_cmd1;
323 	volatile u_int32_t	sa_resv0;
324 	volatile u_int32_t	sa_resv1;
325 	volatile u_int32_t	sa_key[8];	/* DES/3DES/AES key */
326 	volatile u_int32_t	sa_indigest[5];	/* inner digest */
327 	volatile u_int32_t	sa_outdigest[5];/* outer digest */
328 	volatile u_int32_t	sa_spi;		/* SPI */
329 	volatile u_int32_t	sa_seqnum;	/* sequence number */
330 	volatile u_int32_t	sa_seqmask[2];	/* sequence number mask */
331 	volatile u_int32_t	sa_resv2;
332 	volatile u_int32_t	sa_staterec;	/* address of state record */
333 	volatile u_int32_t	sa_resv3[2];
334 	volatile u_int32_t	sa_samgmt0;	/* SA management field 0 */
335 	volatile u_int32_t	sa_samgmt1;	/* SA management field 0 */
336 };
337 
338 #define	SAFE_SA_CMD0_OP		0x00000007	/* operation code */
339 #define	SAFE_SA_CMD0_OP_CRYPT	0x00000000	/* encrypt/decrypt (basic) */
340 #define	SAFE_SA_CMD0_OP_BOTH	0x00000001	/* encrypt-hash/hash-decrypto */
341 #define	SAFE_SA_CMD0_OP_HASH	0x00000003	/* hash (outbound-only) */
342 #define	SAFE_SA_CMD0_OP_ESP	0x00000000	/* ESP in/out (proto) */
343 #define	SAFE_SA_CMD0_OP_AH	0x00000001	/* AH in/out (proto) */
344 #define	SAFE_SA_CMD0_INBOUND	0x00000008	/* inbound operation */
345 #define	SAFE_SA_CMD0_OUTBOUND	0x00000000	/* outbound operation */
346 #define	SAFE_SA_CMD0_GROUP	0x00000030	/* operation group */
347 #define	SAFE_SA_CMD0_BASIC	0x00000000	/* basic operation */
348 #define	SAFE_SA_CMD0_PROTO	0x00000010	/* protocol/packet operation */
349 #define	SAFE_SA_CMD0_BUNDLE	0x00000020	/* bundled operation (resvd) */
350 #define	SAFE_SA_CMD0_PAD	0x000000c0	/* crypto pad method */
351 #define	SAFE_SA_CMD0_PAD_IPSEC	0x00000000	/* IPsec padding */
352 #define	SAFE_SA_CMD0_PAD_PKCS7	0x00000040	/* PKCS#7 padding */
353 #define	SAFE_SA_CMD0_PAD_CONS	0x00000080	/* constant padding */
354 #define	SAFE_SA_CMD0_PAD_ZERO	0x000000c0	/* zero padding */
355 #define	SAFE_SA_CMD0_CRYPT_ALG	0x00000f00	/* symmetric crypto algorithm */
356 #define	SAFE_SA_CMD0_DES	0x00000000	/* DES crypto algorithm */
357 #define	SAFE_SA_CMD0_3DES	0x00000100	/* 3DES crypto algorithm */
358 #define	SAFE_SA_CMD0_AES	0x00000300	/* AES crypto algorithm */
359 #define	SAFE_SA_CMD0_CRYPT_NULL	0x00000f00	/* null crypto algorithm */
360 #define	SAFE_SA_CMD0_HASH_ALG	0x0000f000	/* hash algorithm */
361 #define	SAFE_SA_CMD0_MD5	0x00000000	/* MD5 hash algorithm */
362 #define	SAFE_SA_CMD0_SHA1	0x00001000	/* SHA-1 hash algorithm */
363 #define	SAFE_SA_CMD0_HASH_NULL	0x0000f000	/* null hash algorithm */
364 #define	SAFE_SA_CMD0_HDR_PROC	0x00080000	/* header processing */
365 #define	SAFE_SA_CMD0_IBUSID	0x00300000	/* input bus id */
366 #define	SAFE_SA_CMD0_IPCI	0x00100000	/* PCI input bus id */
367 #define	SAFE_SA_CMD0_OBUSID	0x00c00000	/* output bus id */
368 #define	SAFE_SA_CMD0_OPCI	0x00400000	/* PCI output bus id */
369 #define	SAFE_SA_CMD0_IVLD	0x03000000	/* IV loading */
370 #define	SAFE_SA_CMD0_IVLD_NONE	0x00000000	/* IV no load (reuse) */
371 #define	SAFE_SA_CMD0_IVLD_IBUF	0x01000000	/* IV load from input buffer */
372 #define	SAFE_SA_CMD0_IVLD_STATE	0x02000000	/* IV load from state */
373 #define	SAFE_SA_CMD0_HSLD	0x0c000000	/* hash state loading */
374 #define	SAFE_SA_CMD0_HSLD_SA	0x00000000	/* hash state load from SA */
375 #define	SAFE_SA_CMD0_HSLD_STATE	0x08000000	/* hash state load from state */
376 #define	SAFE_SA_CMD0_HSLD_NONE	0x0c000000	/* hash state no load */
377 #define	SAFE_SA_CMD0_SAVEIV	0x10000000	/* save IV */
378 #define	SAFE_SA_CMD0_SAVEHASH	0x20000000	/* save hash state */
379 #define	SAFE_SA_CMD0_IGATHER	0x40000000	/* input gather */
380 #define	SAFE_SA_CMD0_OSCATTER	0x80000000	/* output scatter */
381 
382 #define	SAFE_SA_CMD1_HDRCOPY	0x00000002	/* copy header to output */
383 #define	SAFE_SA_CMD1_PAYCOPY	0x00000004	/* copy payload to output */
384 #define	SAFE_SA_CMD1_PADCOPY	0x00000008	/* copy pad to output */
385 #define	SAFE_SA_CMD1_IPV4	0x00000000	/* IPv4 protocol */
386 #define	SAFE_SA_CMD1_IPV6	0x00000010	/* IPv6 protocol */
387 #define	SAFE_SA_CMD1_MUTABLE	0x00000020	/* mutable bit processing */
388 #define	SAFE_SA_CMD1_SRBUSID	0x000000c0	/* state record bus id */
389 #define	SAFE_SA_CMD1_SRPCI	0x00000040	/* state record from PCI */
390 #define	SAFE_SA_CMD1_CRMODE	0x00000300	/* crypto mode */
391 #define	SAFE_SA_CMD1_ECB	0x00000000	/* ECB crypto mode */
392 #define	SAFE_SA_CMD1_CBC	0x00000100	/* CBC crypto mode */
393 #define	SAFE_SA_CMD1_OFB	0x00000200	/* OFB crypto mode */
394 #define	SAFE_SA_CMD1_CFB	0x00000300	/* CFB crypto mode */
395 #define	SAFE_SA_CMD1_CRFEEDBACK	0x00000c00	/* crypto feedback mode */
396 #define	SAFE_SA_CMD1_64BIT	0x00000000	/* 64-bit crypto feedback */
397 #define	SAFE_SA_CMD1_8BIT	0x00000400	/* 8-bit crypto feedback */
398 #define	SAFE_SA_CMD1_1BIT	0x00000800	/* 1-bit crypto feedback */
399 #define	SAFE_SA_CMD1_128BIT	0x00000c00	/* 128-bit crypto feedback */
400 #define	SAFE_SA_CMD1_OPTIONS	0x00001000	/* HMAC/options mutable bit */
401 #define	SAFE_SA_CMD1_HMAC	SAFE_SA_CMD1_OPTIONS
402 #define	SAFE_SA_CMD1_SAREV1	0x00008000	/* SA Revision 1 */
403 #define	SAFE_SA_CMD1_OFFSET	0x00ff0000	/* hash/crypto offset(dwords) */
404 #define	SAFE_SA_CMD1_OFFSET_S	16
405 #define	SAFE_SA_CMD1_AESKEYLEN	0x0f000000	/* AES key length */
406 #define	SAFE_SA_CMD1_AES128	0x02000000	/* 128-bit AES key */
407 #define	SAFE_SA_CMD1_AES192	0x03000000	/* 192-bit AES key */
408 #define	SAFE_SA_CMD1_AES256	0x04000000	/* 256-bit AES key */
409 
410 /*
411  * Security Associate State Record (Rev 1).
412  */
413 struct safe_sastate {
414 	volatile u_int32_t	sa_saved_iv[4];	/* saved IV (DES/3DES/AES) */
415 	volatile u_int32_t	sa_saved_hashbc;/* saved hash byte count */
416 	volatile u_int32_t	sa_saved_indigest[5]; /* saved inner digest */
417 };
418 #endif /* _SAFE_SAFEREG_H_ */
419