1/* 2 * CAAM Protocol Data Block (PDB) definition header file 3 * 4 * Copyright 2008-2012 Freescale Semiconductor, Inc. 5 * 6 */ 7 8#ifndef CAAM_PDB_H 9#define CAAM_PDB_H 10 11/* 12 * PDB- IPSec ESP Header Modification Options 13 */ 14#define PDBHMO_ESP_DECAP_SHIFT 12 15#define PDBHMO_ESP_ENCAP_SHIFT 4 16/* 17 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 18 * Options Byte IP version (IPvsn) field: 19 * if IPv4, decrement the inner IP header TTL field (byte 8); 20 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 21*/ 22#define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 23#define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 24/* 25 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 26 * from the outer IP header to the inner IP header. 27 */ 28#define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 29/* 30 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 31 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 32 */ 33#define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 34 35/* 36 * PDB - IPSec ESP Encap/Decap Options 37 */ 38#define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 39#define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 40#define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 41#define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 42#define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 43#define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 44#define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 45#define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 46#define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 47#define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 48#define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 49#define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 50#define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 51#define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 52#define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 53 54/* 55 * General IPSec encap/decap PDB definitions 56 */ 57struct ipsec_encap_cbc { 58 u32 iv[4]; 59}; 60 61struct ipsec_encap_ctr { 62 u32 ctr_nonce; 63 u32 ctr_initial; 64 u32 iv[2]; 65}; 66 67struct ipsec_encap_ccm { 68 u32 salt; /* lower 24 bits */ 69 u8 b0_flags; 70 u8 ctr_flags; 71 u16 ctr_initial; 72 u32 iv[2]; 73}; 74 75struct ipsec_encap_gcm { 76 u32 salt; /* lower 24 bits */ 77 u32 rsvd1; 78 u32 iv[2]; 79}; 80 81struct ipsec_encap_pdb { 82 u8 hmo_rsvd; 83 u8 ip_nh; 84 u8 ip_nh_offset; 85 u8 options; 86 u32 seq_num_ext_hi; 87 u32 seq_num; 88 union { 89 struct ipsec_encap_cbc cbc; 90 struct ipsec_encap_ctr ctr; 91 struct ipsec_encap_ccm ccm; 92 struct ipsec_encap_gcm gcm; 93 }; 94 u32 spi; 95 u16 rsvd1; 96 u16 ip_hdr_len; 97 u32 ip_hdr[0]; /* optional IP Header content */ 98}; 99 100struct ipsec_decap_cbc { 101 u32 rsvd[2]; 102}; 103 104struct ipsec_decap_ctr { 105 u32 salt; 106 u32 ctr_initial; 107}; 108 109struct ipsec_decap_ccm { 110 u32 salt; 111 u8 iv_flags; 112 u8 ctr_flags; 113 u16 ctr_initial; 114}; 115 116struct ipsec_decap_gcm { 117 u32 salt; 118 u32 resvd; 119}; 120 121struct ipsec_decap_pdb { 122 u16 hmo_ip_hdr_len; 123 u8 ip_nh_offset; 124 u8 options; 125 union { 126 struct ipsec_decap_cbc cbc; 127 struct ipsec_decap_ctr ctr; 128 struct ipsec_decap_ccm ccm; 129 struct ipsec_decap_gcm gcm; 130 }; 131 u32 seq_num_ext_hi; 132 u32 seq_num; 133 u32 anti_replay[2]; 134 u32 end_index[0]; 135}; 136 137/* 138 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 139 */ 140struct ipsec_deco_dpovrd { 141#define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 142 u8 ovrd_ecn; 143 u8 ip_hdr_len; 144 u8 nh_offset; 145 u8 next_header; /* reserved if decap */ 146}; 147 148/* 149 * IEEE 802.11i WiFi Protocol Data Block 150 */ 151#define WIFI_PDBOPTS_FCS 0x01 152#define WIFI_PDBOPTS_AR 0x40 153 154struct wifi_encap_pdb { 155 u16 mac_hdr_len; 156 u8 rsvd; 157 u8 options; 158 u8 iv_flags; 159 u8 pri; 160 u16 pn1; 161 u32 pn2; 162 u16 frm_ctrl_mask; 163 u16 seq_ctrl_mask; 164 u8 rsvd1[2]; 165 u8 cnst; 166 u8 key_id; 167 u8 ctr_flags; 168 u8 rsvd2; 169 u16 ctr_init; 170}; 171 172struct wifi_decap_pdb { 173 u16 mac_hdr_len; 174 u8 rsvd; 175 u8 options; 176 u8 iv_flags; 177 u8 pri; 178 u16 pn1; 179 u32 pn2; 180 u16 frm_ctrl_mask; 181 u16 seq_ctrl_mask; 182 u8 rsvd1[4]; 183 u8 ctr_flags; 184 u8 rsvd2; 185 u16 ctr_init; 186}; 187 188/* 189 * IEEE 802.16 WiMAX Protocol Data Block 190 */ 191#define WIMAX_PDBOPTS_FCS 0x01 192#define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 193 194struct wimax_encap_pdb { 195 u8 rsvd[3]; 196 u8 options; 197 u32 nonce; 198 u8 b0_flags; 199 u8 ctr_flags; 200 u16 ctr_init; 201 /* begin DECO writeback region */ 202 u32 pn; 203 /* end DECO writeback region */ 204}; 205 206struct wimax_decap_pdb { 207 u8 rsvd[3]; 208 u8 options; 209 u32 nonce; 210 u8 iv_flags; 211 u8 ctr_flags; 212 u16 ctr_init; 213 /* begin DECO writeback region */ 214 u32 pn; 215 u8 rsvd1[2]; 216 u16 antireplay_len; 217 u64 antireplay_scorecard; 218 /* end DECO writeback region */ 219}; 220 221/* 222 * IEEE 801.AE MacSEC Protocol Data Block 223 */ 224#define MACSEC_PDBOPTS_FCS 0x01 225#define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 226 227struct macsec_encap_pdb { 228 u16 aad_len; 229 u8 rsvd; 230 u8 options; 231 u64 sci; 232 u16 ethertype; 233 u8 tci_an; 234 u8 rsvd1; 235 /* begin DECO writeback region */ 236 u32 pn; 237 /* end DECO writeback region */ 238}; 239 240struct macsec_decap_pdb { 241 u16 aad_len; 242 u8 rsvd; 243 u8 options; 244 u64 sci; 245 u8 rsvd1[3]; 246 /* begin DECO writeback region */ 247 u8 antireplay_len; 248 u32 pn; 249 u64 antireplay_scorecard; 250 /* end DECO writeback region */ 251}; 252 253/* 254 * SSL/TLS/DTLS Protocol Data Blocks 255 */ 256 257#define TLS_PDBOPTS_ARS32 0x40 258#define TLS_PDBOPTS_ARS64 0xc0 259#define TLS_PDBOPTS_OUTFMT 0x08 260#define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 261#define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 262 263struct tls_block_encap_pdb { 264 u8 type; 265 u8 version[2]; 266 u8 options; 267 u64 seq_num; 268 u32 iv[4]; 269}; 270 271struct tls_stream_encap_pdb { 272 u8 type; 273 u8 version[2]; 274 u8 options; 275 u64 seq_num; 276 u8 i; 277 u8 j; 278 u8 rsvd1[2]; 279}; 280 281struct dtls_block_encap_pdb { 282 u8 type; 283 u8 version[2]; 284 u8 options; 285 u16 epoch; 286 u16 seq_num[3]; 287 u32 iv[4]; 288}; 289 290struct tls_block_decap_pdb { 291 u8 rsvd[3]; 292 u8 options; 293 u64 seq_num; 294 u32 iv[4]; 295}; 296 297struct tls_stream_decap_pdb { 298 u8 rsvd[3]; 299 u8 options; 300 u64 seq_num; 301 u8 i; 302 u8 j; 303 u8 rsvd1[2]; 304}; 305 306struct dtls_block_decap_pdb { 307 u8 rsvd[3]; 308 u8 options; 309 u16 epoch; 310 u16 seq_num[3]; 311 u32 iv[4]; 312 u64 antireplay_scorecard; 313}; 314 315/* 316 * SRTP Protocol Data Blocks 317 */ 318#define SRTP_PDBOPTS_MKI 0x08 319#define SRTP_PDBOPTS_AR 0x40 320 321struct srtp_encap_pdb { 322 u8 x_len; 323 u8 mki_len; 324 u8 n_tag; 325 u8 options; 326 u32 cnst0; 327 u8 rsvd[2]; 328 u16 cnst1; 329 u16 salt[7]; 330 u16 cnst2; 331 u32 rsvd1; 332 u32 roc; 333 u32 opt_mki; 334}; 335 336struct srtp_decap_pdb { 337 u8 x_len; 338 u8 mki_len; 339 u8 n_tag; 340 u8 options; 341 u32 cnst0; 342 u8 rsvd[2]; 343 u16 cnst1; 344 u16 salt[7]; 345 u16 cnst2; 346 u16 rsvd1; 347 u16 seq_num; 348 u32 roc; 349 u64 antireplay_scorecard; 350}; 351 352/* 353 * DSA/ECDSA Protocol Data Blocks 354 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 355 * except for the treatment of "w" for verify, "s" for sign, 356 * and the placement of "a,b". 357 */ 358#define DSA_PDB_SGF_SHIFT 24 359#define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 360#define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 361#define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 362#define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 363#define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 364#define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 365#define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 366#define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 367#define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 368#define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 369#define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 370 371#define DSA_PDB_L_SHIFT 7 372#define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 373 374#define DSA_PDB_N_MASK 0x7f 375 376struct dsa_sign_pdb { 377 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ 378 u8 *q; 379 u8 *r; 380 u8 *g; /* or Gx,y */ 381 u8 *s; 382 u8 *f; 383 u8 *c; 384 u8 *d; 385 u8 *ab; /* ECC only */ 386 u8 *u; 387}; 388 389struct dsa_verify_pdb { 390 u32 sgf_ln; 391 u8 *q; 392 u8 *r; 393 u8 *g; /* or Gx,y */ 394 u8 *w; /* or Wx,y */ 395 u8 *f; 396 u8 *c; 397 u8 *d; 398 u8 *tmp; /* temporary data block */ 399 u8 *ab; /* only used if ECC processing */ 400}; 401 402#endif 403