1/* 2 * CAAM Protocol Data Block (PDB) definition header file 3 * 4 * Copyright 2008-2016 Freescale Semiconductor, Inc. 5 * 6 */ 7 8#ifndef CAAM_PDB_H 9#define CAAM_PDB_H 10#include "compat.h" 11 12/* 13 * PDB- IPSec ESP Header Modification Options 14 */ 15#define PDBHMO_ESP_DECAP_SHIFT 28 16#define PDBHMO_ESP_ENCAP_SHIFT 28 17/* 18 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 19 * Options Byte IP version (IPvsn) field: 20 * if IPv4, decrement the inner IP header TTL field (byte 8); 21 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 22*/ 23#define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 24#define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 25/* 26 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 27 * from the outer IP header to the inner IP header. 28 */ 29#define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 30/* 31 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 32 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 33 */ 34#define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 35 36#define PDBNH_ESP_ENCAP_SHIFT 16 37#define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT) 38 39#define PDBHDRLEN_ESP_DECAP_SHIFT 16 40#define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT) 41 42#define PDB_NH_OFFSET_SHIFT 8 43#define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT) 44 45/* 46 * PDB - IPSec ESP Encap/Decap Options 47 */ 48#define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 49#define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 50#define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */ 51#define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 52#define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */ 53#define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 54#define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 55#define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 56#define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 57#define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 58#define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 59#define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 60#define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 61#define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 62#define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 63#define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 64#define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 65 66/* 67 * General IPSec encap/decap PDB definitions 68 */ 69 70/** 71 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation 72 * @iv: 16-byte array initialization vector 73 */ 74struct ipsec_encap_cbc { 75 u8 iv[16]; 76}; 77 78/** 79 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation 80 * @ctr_nonce: 4-byte array nonce 81 * @ctr_initial: initial count constant 82 * @iv: initialization vector 83 */ 84struct ipsec_encap_ctr { 85 u8 ctr_nonce[4]; 86 u32 ctr_initial; 87 u64 iv; 88}; 89 90/** 91 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation 92 * @salt: 3-byte array salt (lower 24 bits) 93 * @ccm_opt: CCM algorithm options - MSB-LSB description: 94 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 95 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 96 * ctr_flags (8b) - counter flags; constant equal to 0x3 97 * ctr_initial (16b) - initial count constant 98 * @iv: initialization vector 99 */ 100struct ipsec_encap_ccm { 101 u8 salt[4]; 102 u32 ccm_opt; 103 u64 iv; 104}; 105 106/** 107 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation 108 * @salt: 3-byte array salt (lower 24 bits) 109 * @rsvd: reserved, do not use 110 * @iv: initialization vector 111 */ 112struct ipsec_encap_gcm { 113 u8 salt[4]; 114 u32 rsvd1; 115 u64 iv; 116}; 117 118/** 119 * ipsec_encap_pdb - PDB for IPsec encapsulation 120 * @options: MSB-LSB description 121 * hmo (header manipulation options) - 4b 122 * reserved - 4b 123 * next header - 8b 124 * next header offset - 8b 125 * option flags (depend on selected algorithm) - 8b 126 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 127 * @seq_num: IPsec sequence number 128 * @spi: IPsec SPI (Security Parameters Index) 129 * @ip_hdr_len: optional IP Header length (in bytes) 130 * reserved - 16b 131 * Opt. IP Hdr Len - 16b 132 * @ip_hdr: optional IP Header content 133 */ 134struct ipsec_encap_pdb { 135 u32 options; 136 u32 seq_num_ext_hi; 137 u32 seq_num; 138 union { 139 struct ipsec_encap_cbc cbc; 140 struct ipsec_encap_ctr ctr; 141 struct ipsec_encap_ccm ccm; 142 struct ipsec_encap_gcm gcm; 143 }; 144 u32 spi; 145 u32 ip_hdr_len; 146 u32 ip_hdr[0]; 147}; 148 149/** 150 * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation 151 * @rsvd: reserved, do not use 152 */ 153struct ipsec_decap_cbc { 154 u32 rsvd[2]; 155}; 156 157/** 158 * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation 159 * @ctr_nonce: 4-byte array nonce 160 * @ctr_initial: initial count constant 161 */ 162struct ipsec_decap_ctr { 163 u8 ctr_nonce[4]; 164 u32 ctr_initial; 165}; 166 167/** 168 * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation 169 * @salt: 3-byte salt (lower 24 bits) 170 * @ccm_opt: CCM algorithm options - MSB-LSB description: 171 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 172 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 173 * ctr_flags (8b) - counter flags; constant equal to 0x3 174 * ctr_initial (16b) - initial count constant 175 */ 176struct ipsec_decap_ccm { 177 u8 salt[4]; 178 u32 ccm_opt; 179}; 180 181/** 182 * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation 183 * @salt: 4-byte salt 184 * @rsvd: reserved, do not use 185 */ 186struct ipsec_decap_gcm { 187 u8 salt[4]; 188 u32 resvd; 189}; 190 191/** 192 * ipsec_decap_pdb - PDB for IPsec decapsulation 193 * @options: MSB-LSB description 194 * hmo (header manipulation options) - 4b 195 * IP header length - 12b 196 * next header offset - 8b 197 * option flags (depend on selected algorithm) - 8b 198 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 199 * @seq_num: IPsec sequence number 200 * @anti_replay: Anti-replay window; size depends on ARS (option flags) 201 */ 202struct ipsec_decap_pdb { 203 u32 options; 204 union { 205 struct ipsec_decap_cbc cbc; 206 struct ipsec_decap_ctr ctr; 207 struct ipsec_decap_ccm ccm; 208 struct ipsec_decap_gcm gcm; 209 }; 210 u32 seq_num_ext_hi; 211 u32 seq_num; 212 __be32 anti_replay[4]; 213}; 214 215/* 216 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 217 */ 218struct ipsec_deco_dpovrd { 219#define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 220 u8 ovrd_ecn; 221 u8 ip_hdr_len; 222 u8 nh_offset; 223 u8 next_header; /* reserved if decap */ 224}; 225 226/* 227 * IEEE 802.11i WiFi Protocol Data Block 228 */ 229#define WIFI_PDBOPTS_FCS 0x01 230#define WIFI_PDBOPTS_AR 0x40 231 232struct wifi_encap_pdb { 233 u16 mac_hdr_len; 234 u8 rsvd; 235 u8 options; 236 u8 iv_flags; 237 u8 pri; 238 u16 pn1; 239 u32 pn2; 240 u16 frm_ctrl_mask; 241 u16 seq_ctrl_mask; 242 u8 rsvd1[2]; 243 u8 cnst; 244 u8 key_id; 245 u8 ctr_flags; 246 u8 rsvd2; 247 u16 ctr_init; 248}; 249 250struct wifi_decap_pdb { 251 u16 mac_hdr_len; 252 u8 rsvd; 253 u8 options; 254 u8 iv_flags; 255 u8 pri; 256 u16 pn1; 257 u32 pn2; 258 u16 frm_ctrl_mask; 259 u16 seq_ctrl_mask; 260 u8 rsvd1[4]; 261 u8 ctr_flags; 262 u8 rsvd2; 263 u16 ctr_init; 264}; 265 266/* 267 * IEEE 802.16 WiMAX Protocol Data Block 268 */ 269#define WIMAX_PDBOPTS_FCS 0x01 270#define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 271 272struct wimax_encap_pdb { 273 u8 rsvd[3]; 274 u8 options; 275 u32 nonce; 276 u8 b0_flags; 277 u8 ctr_flags; 278 u16 ctr_init; 279 /* begin DECO writeback region */ 280 u32 pn; 281 /* end DECO writeback region */ 282}; 283 284struct wimax_decap_pdb { 285 u8 rsvd[3]; 286 u8 options; 287 u32 nonce; 288 u8 iv_flags; 289 u8 ctr_flags; 290 u16 ctr_init; 291 /* begin DECO writeback region */ 292 u32 pn; 293 u8 rsvd1[2]; 294 u16 antireplay_len; 295 u64 antireplay_scorecard; 296 /* end DECO writeback region */ 297}; 298 299/* 300 * IEEE 801.AE MacSEC Protocol Data Block 301 */ 302#define MACSEC_PDBOPTS_FCS 0x01 303#define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 304 305struct macsec_encap_pdb { 306 u16 aad_len; 307 u8 rsvd; 308 u8 options; 309 u64 sci; 310 u16 ethertype; 311 u8 tci_an; 312 u8 rsvd1; 313 /* begin DECO writeback region */ 314 u32 pn; 315 /* end DECO writeback region */ 316}; 317 318struct macsec_decap_pdb { 319 u16 aad_len; 320 u8 rsvd; 321 u8 options; 322 u64 sci; 323 u8 rsvd1[3]; 324 /* begin DECO writeback region */ 325 u8 antireplay_len; 326 u32 pn; 327 u64 antireplay_scorecard; 328 /* end DECO writeback region */ 329}; 330 331/* 332 * SSL/TLS/DTLS Protocol Data Blocks 333 */ 334 335#define TLS_PDBOPTS_ARS32 0x40 336#define TLS_PDBOPTS_ARS64 0xc0 337#define TLS_PDBOPTS_OUTFMT 0x08 338#define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 339#define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 340 341struct tls_block_encap_pdb { 342 u8 type; 343 u8 version[2]; 344 u8 options; 345 u64 seq_num; 346 u32 iv[4]; 347}; 348 349struct tls_stream_encap_pdb { 350 u8 type; 351 u8 version[2]; 352 u8 options; 353 u64 seq_num; 354 u8 i; 355 u8 j; 356 u8 rsvd1[2]; 357}; 358 359struct dtls_block_encap_pdb { 360 u8 type; 361 u8 version[2]; 362 u8 options; 363 u16 epoch; 364 u16 seq_num[3]; 365 u32 iv[4]; 366}; 367 368struct tls_block_decap_pdb { 369 u8 rsvd[3]; 370 u8 options; 371 u64 seq_num; 372 u32 iv[4]; 373}; 374 375struct tls_stream_decap_pdb { 376 u8 rsvd[3]; 377 u8 options; 378 u64 seq_num; 379 u8 i; 380 u8 j; 381 u8 rsvd1[2]; 382}; 383 384struct dtls_block_decap_pdb { 385 u8 rsvd[3]; 386 u8 options; 387 u16 epoch; 388 u16 seq_num[3]; 389 u32 iv[4]; 390 u64 antireplay_scorecard; 391}; 392 393/* 394 * SRTP Protocol Data Blocks 395 */ 396#define SRTP_PDBOPTS_MKI 0x08 397#define SRTP_PDBOPTS_AR 0x40 398 399struct srtp_encap_pdb { 400 u8 x_len; 401 u8 mki_len; 402 u8 n_tag; 403 u8 options; 404 u32 cnst0; 405 u8 rsvd[2]; 406 u16 cnst1; 407 u16 salt[7]; 408 u16 cnst2; 409 u32 rsvd1; 410 u32 roc; 411 u32 opt_mki; 412}; 413 414struct srtp_decap_pdb { 415 u8 x_len; 416 u8 mki_len; 417 u8 n_tag; 418 u8 options; 419 u32 cnst0; 420 u8 rsvd[2]; 421 u16 cnst1; 422 u16 salt[7]; 423 u16 cnst2; 424 u16 rsvd1; 425 u16 seq_num; 426 u32 roc; 427 u64 antireplay_scorecard; 428}; 429 430/* 431 * DSA/ECDSA Protocol Data Blocks 432 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 433 * except for the treatment of "w" for verify, "s" for sign, 434 * and the placement of "a,b". 435 */ 436#define DSA_PDB_SGF_SHIFT 24 437#define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 438#define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 439#define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 440#define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 441#define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 442#define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 443#define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 444#define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 445#define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 446#define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 447#define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 448 449#define DSA_PDB_L_SHIFT 7 450#define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 451 452#define DSA_PDB_N_MASK 0x7f 453 454struct dsa_sign_pdb { 455 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ 456 u8 *q; 457 u8 *r; 458 u8 *g; /* or Gx,y */ 459 u8 *s; 460 u8 *f; 461 u8 *c; 462 u8 *d; 463 u8 *ab; /* ECC only */ 464 u8 *u; 465}; 466 467struct dsa_verify_pdb { 468 u32 sgf_ln; 469 u8 *q; 470 u8 *r; 471 u8 *g; /* or Gx,y */ 472 u8 *w; /* or Wx,y */ 473 u8 *f; 474 u8 *c; 475 u8 *d; 476 u8 *tmp; /* temporary data block */ 477 u8 *ab; /* only used if ECC processing */ 478}; 479 480/* RSA Protocol Data Block */ 481#define RSA_PDB_SGF_SHIFT 28 482#define RSA_PDB_E_SHIFT 12 483#define RSA_PDB_E_MASK (0xFFF << RSA_PDB_E_SHIFT) 484#define RSA_PDB_D_SHIFT 12 485#define RSA_PDB_D_MASK (0xFFF << RSA_PDB_D_SHIFT) 486 487#define RSA_PDB_SGF_F (0x8 << RSA_PDB_SGF_SHIFT) 488#define RSA_PDB_SGF_G (0x4 << RSA_PDB_SGF_SHIFT) 489#define RSA_PRIV_PDB_SGF_F (0x4 << RSA_PDB_SGF_SHIFT) 490#define RSA_PRIV_PDB_SGF_G (0x8 << RSA_PDB_SGF_SHIFT) 491 492#define RSA_PRIV_KEY_FRM_1 0 493 494/** 495 * RSA Encrypt Protocol Data Block 496 * @sgf: scatter-gather field 497 * @f_dma: dma address of input data 498 * @g_dma: dma address of encrypted output data 499 * @n_dma: dma address of RSA modulus 500 * @e_dma: dma address of RSA public exponent 501 * @f_len: length in octets of the input data 502 */ 503struct rsa_pub_pdb { 504 u32 sgf; 505 dma_addr_t f_dma; 506 dma_addr_t g_dma; 507 dma_addr_t n_dma; 508 dma_addr_t e_dma; 509 u32 f_len; 510} __packed; 511 512/** 513 * RSA Decrypt PDB - Private Key Form #1 514 * @sgf: scatter-gather field 515 * @g_dma: dma address of encrypted input data 516 * @f_dma: dma address of output data 517 * @n_dma: dma address of RSA modulus 518 * @d_dma: dma address of RSA private exponent 519 */ 520struct rsa_priv_f1_pdb { 521 u32 sgf; 522 dma_addr_t g_dma; 523 dma_addr_t f_dma; 524 dma_addr_t n_dma; 525 dma_addr_t d_dma; 526} __packed; 527 528#endif 529