1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * CAAM Protocol Data Block (PDB) definition header file 4 * 5 * Copyright 2008-2016 Freescale Semiconductor, Inc. 6 * 7 */ 8 9#ifndef CAAM_PDB_H 10#define CAAM_PDB_H 11#include "compat.h" 12 13/* 14 * PDB- IPSec ESP Header Modification Options 15 */ 16#define PDBHMO_ESP_DECAP_SHIFT 28 17#define PDBHMO_ESP_ENCAP_SHIFT 28 18/* 19 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 20 * Options Byte IP version (IPvsn) field: 21 * if IPv4, decrement the inner IP header TTL field (byte 8); 22 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 23*/ 24#define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 25#define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 26/* 27 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 28 * from the outer IP header to the inner IP header. 29 */ 30#define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 31/* 32 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 33 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 34 */ 35#define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 36 37#define PDBNH_ESP_ENCAP_SHIFT 16 38#define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT) 39 40#define PDBHDRLEN_ESP_DECAP_SHIFT 16 41#define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT) 42 43#define PDB_NH_OFFSET_SHIFT 8 44#define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT) 45 46/* 47 * PDB - IPSec ESP Encap/Decap Options 48 */ 49#define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 50#define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 51#define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */ 52#define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 53#define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */ 54#define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 55#define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 56#define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 57#define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 58#define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 59#define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 60#define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 61#define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 62#define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 63#define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 64#define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 65#define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 66 67/* 68 * General IPSec encap/decap PDB definitions 69 */ 70 71/** 72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation 73 * @iv: 16-byte array initialization vector 74 */ 75struct ipsec_encap_cbc { 76 u8 iv[16]; 77}; 78 79/** 80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation 81 * @ctr_nonce: 4-byte array nonce 82 * @ctr_initial: initial count constant 83 * @iv: initialization vector 84 */ 85struct ipsec_encap_ctr { 86 u8 ctr_nonce[4]; 87 u32 ctr_initial; 88 u64 iv; 89}; 90 91/** 92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation 93 * @salt: 3-byte array salt (lower 24 bits) 94 * @ccm_opt: CCM algorithm options - MSB-LSB description: 95 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 96 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 97 * ctr_flags (8b) - counter flags; constant equal to 0x3 98 * ctr_initial (16b) - initial count constant 99 * @iv: initialization vector 100 */ 101struct ipsec_encap_ccm { 102 u8 salt[4]; 103 u32 ccm_opt; 104 u64 iv; 105}; 106 107/** 108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation 109 * @salt: 3-byte array salt (lower 24 bits) 110 * @rsvd: reserved, do not use 111 * @iv: initialization vector 112 */ 113struct ipsec_encap_gcm { 114 u8 salt[4]; 115 u32 rsvd1; 116 u64 iv; 117}; 118 119/** 120 * ipsec_encap_pdb - PDB for IPsec encapsulation 121 * @options: MSB-LSB description 122 * hmo (header manipulation options) - 4b 123 * reserved - 4b 124 * next header - 8b 125 * next header offset - 8b 126 * option flags (depend on selected algorithm) - 8b 127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 128 * @seq_num: IPsec sequence number 129 * @spi: IPsec SPI (Security Parameters Index) 130 * @ip_hdr_len: optional IP Header length (in bytes) 131 * reserved - 16b 132 * Opt. IP Hdr Len - 16b 133 * @ip_hdr: optional IP Header content 134 */ 135struct ipsec_encap_pdb { 136 u32 options; 137 u32 seq_num_ext_hi; 138 u32 seq_num; 139 union { 140 struct ipsec_encap_cbc cbc; 141 struct ipsec_encap_ctr ctr; 142 struct ipsec_encap_ccm ccm; 143 struct ipsec_encap_gcm gcm; 144 }; 145 u32 spi; 146 u32 ip_hdr_len; 147 u32 ip_hdr[0]; 148}; 149 150/** 151 * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation 152 * @rsvd: reserved, do not use 153 */ 154struct ipsec_decap_cbc { 155 u32 rsvd[2]; 156}; 157 158/** 159 * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation 160 * @ctr_nonce: 4-byte array nonce 161 * @ctr_initial: initial count constant 162 */ 163struct ipsec_decap_ctr { 164 u8 ctr_nonce[4]; 165 u32 ctr_initial; 166}; 167 168/** 169 * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation 170 * @salt: 3-byte salt (lower 24 bits) 171 * @ccm_opt: CCM algorithm options - MSB-LSB description: 172 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 173 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 174 * ctr_flags (8b) - counter flags; constant equal to 0x3 175 * ctr_initial (16b) - initial count constant 176 */ 177struct ipsec_decap_ccm { 178 u8 salt[4]; 179 u32 ccm_opt; 180}; 181 182/** 183 * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation 184 * @salt: 4-byte salt 185 * @rsvd: reserved, do not use 186 */ 187struct ipsec_decap_gcm { 188 u8 salt[4]; 189 u32 resvd; 190}; 191 192/** 193 * ipsec_decap_pdb - PDB for IPsec decapsulation 194 * @options: MSB-LSB description 195 * hmo (header manipulation options) - 4b 196 * IP header length - 12b 197 * next header offset - 8b 198 * option flags (depend on selected algorithm) - 8b 199 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 200 * @seq_num: IPsec sequence number 201 * @anti_replay: Anti-replay window; size depends on ARS (option flags) 202 */ 203struct ipsec_decap_pdb { 204 u32 options; 205 union { 206 struct ipsec_decap_cbc cbc; 207 struct ipsec_decap_ctr ctr; 208 struct ipsec_decap_ccm ccm; 209 struct ipsec_decap_gcm gcm; 210 }; 211 u32 seq_num_ext_hi; 212 u32 seq_num; 213 __be32 anti_replay[4]; 214}; 215 216/* 217 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 218 */ 219struct ipsec_deco_dpovrd { 220#define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 221 u8 ovrd_ecn; 222 u8 ip_hdr_len; 223 u8 nh_offset; 224 u8 next_header; /* reserved if decap */ 225}; 226 227/* 228 * IEEE 802.11i WiFi Protocol Data Block 229 */ 230#define WIFI_PDBOPTS_FCS 0x01 231#define WIFI_PDBOPTS_AR 0x40 232 233struct wifi_encap_pdb { 234 u16 mac_hdr_len; 235 u8 rsvd; 236 u8 options; 237 u8 iv_flags; 238 u8 pri; 239 u16 pn1; 240 u32 pn2; 241 u16 frm_ctrl_mask; 242 u16 seq_ctrl_mask; 243 u8 rsvd1[2]; 244 u8 cnst; 245 u8 key_id; 246 u8 ctr_flags; 247 u8 rsvd2; 248 u16 ctr_init; 249}; 250 251struct wifi_decap_pdb { 252 u16 mac_hdr_len; 253 u8 rsvd; 254 u8 options; 255 u8 iv_flags; 256 u8 pri; 257 u16 pn1; 258 u32 pn2; 259 u16 frm_ctrl_mask; 260 u16 seq_ctrl_mask; 261 u8 rsvd1[4]; 262 u8 ctr_flags; 263 u8 rsvd2; 264 u16 ctr_init; 265}; 266 267/* 268 * IEEE 802.16 WiMAX Protocol Data Block 269 */ 270#define WIMAX_PDBOPTS_FCS 0x01 271#define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 272 273struct wimax_encap_pdb { 274 u8 rsvd[3]; 275 u8 options; 276 u32 nonce; 277 u8 b0_flags; 278 u8 ctr_flags; 279 u16 ctr_init; 280 /* begin DECO writeback region */ 281 u32 pn; 282 /* end DECO writeback region */ 283}; 284 285struct wimax_decap_pdb { 286 u8 rsvd[3]; 287 u8 options; 288 u32 nonce; 289 u8 iv_flags; 290 u8 ctr_flags; 291 u16 ctr_init; 292 /* begin DECO writeback region */ 293 u32 pn; 294 u8 rsvd1[2]; 295 u16 antireplay_len; 296 u64 antireplay_scorecard; 297 /* end DECO writeback region */ 298}; 299 300/* 301 * IEEE 801.AE MacSEC Protocol Data Block 302 */ 303#define MACSEC_PDBOPTS_FCS 0x01 304#define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 305 306struct macsec_encap_pdb { 307 u16 aad_len; 308 u8 rsvd; 309 u8 options; 310 u64 sci; 311 u16 ethertype; 312 u8 tci_an; 313 u8 rsvd1; 314 /* begin DECO writeback region */ 315 u32 pn; 316 /* end DECO writeback region */ 317}; 318 319struct macsec_decap_pdb { 320 u16 aad_len; 321 u8 rsvd; 322 u8 options; 323 u64 sci; 324 u8 rsvd1[3]; 325 /* begin DECO writeback region */ 326 u8 antireplay_len; 327 u32 pn; 328 u64 antireplay_scorecard; 329 /* end DECO writeback region */ 330}; 331 332/* 333 * SSL/TLS/DTLS Protocol Data Blocks 334 */ 335 336#define TLS_PDBOPTS_ARS32 0x40 337#define TLS_PDBOPTS_ARS64 0xc0 338#define TLS_PDBOPTS_OUTFMT 0x08 339#define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 340#define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 341 342struct tls_block_encap_pdb { 343 u8 type; 344 u8 version[2]; 345 u8 options; 346 u64 seq_num; 347 u32 iv[4]; 348}; 349 350struct tls_stream_encap_pdb { 351 u8 type; 352 u8 version[2]; 353 u8 options; 354 u64 seq_num; 355 u8 i; 356 u8 j; 357 u8 rsvd1[2]; 358}; 359 360struct dtls_block_encap_pdb { 361 u8 type; 362 u8 version[2]; 363 u8 options; 364 u16 epoch; 365 u16 seq_num[3]; 366 u32 iv[4]; 367}; 368 369struct tls_block_decap_pdb { 370 u8 rsvd[3]; 371 u8 options; 372 u64 seq_num; 373 u32 iv[4]; 374}; 375 376struct tls_stream_decap_pdb { 377 u8 rsvd[3]; 378 u8 options; 379 u64 seq_num; 380 u8 i; 381 u8 j; 382 u8 rsvd1[2]; 383}; 384 385struct dtls_block_decap_pdb { 386 u8 rsvd[3]; 387 u8 options; 388 u16 epoch; 389 u16 seq_num[3]; 390 u32 iv[4]; 391 u64 antireplay_scorecard; 392}; 393 394/* 395 * SRTP Protocol Data Blocks 396 */ 397#define SRTP_PDBOPTS_MKI 0x08 398#define SRTP_PDBOPTS_AR 0x40 399 400struct srtp_encap_pdb { 401 u8 x_len; 402 u8 mki_len; 403 u8 n_tag; 404 u8 options; 405 u32 cnst0; 406 u8 rsvd[2]; 407 u16 cnst1; 408 u16 salt[7]; 409 u16 cnst2; 410 u32 rsvd1; 411 u32 roc; 412 u32 opt_mki; 413}; 414 415struct srtp_decap_pdb { 416 u8 x_len; 417 u8 mki_len; 418 u8 n_tag; 419 u8 options; 420 u32 cnst0; 421 u8 rsvd[2]; 422 u16 cnst1; 423 u16 salt[7]; 424 u16 cnst2; 425 u16 rsvd1; 426 u16 seq_num; 427 u32 roc; 428 u64 antireplay_scorecard; 429}; 430 431/* 432 * DSA/ECDSA Protocol Data Blocks 433 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 434 * except for the treatment of "w" for verify, "s" for sign, 435 * and the placement of "a,b". 436 */ 437#define DSA_PDB_SGF_SHIFT 24 438#define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 439#define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 440#define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 441#define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 442#define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 443#define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 444#define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 445#define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 446#define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 447#define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 448#define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 449 450#define DSA_PDB_L_SHIFT 7 451#define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 452 453#define DSA_PDB_N_MASK 0x7f 454 455struct dsa_sign_pdb { 456 u32 sgf_ln; /* Use DSA_PDB_ definitions per above */ 457 u8 *q; 458 u8 *r; 459 u8 *g; /* or Gx,y */ 460 u8 *s; 461 u8 *f; 462 u8 *c; 463 u8 *d; 464 u8 *ab; /* ECC only */ 465 u8 *u; 466}; 467 468struct dsa_verify_pdb { 469 u32 sgf_ln; 470 u8 *q; 471 u8 *r; 472 u8 *g; /* or Gx,y */ 473 u8 *w; /* or Wx,y */ 474 u8 *f; 475 u8 *c; 476 u8 *d; 477 u8 *tmp; /* temporary data block */ 478 u8 *ab; /* only used if ECC processing */ 479}; 480 481/* RSA Protocol Data Block */ 482#define RSA_PDB_SGF_SHIFT 28 483#define RSA_PDB_E_SHIFT 12 484#define RSA_PDB_E_MASK (0xFFF << RSA_PDB_E_SHIFT) 485#define RSA_PDB_D_SHIFT 12 486#define RSA_PDB_D_MASK (0xFFF << RSA_PDB_D_SHIFT) 487#define RSA_PDB_Q_SHIFT 12 488#define RSA_PDB_Q_MASK (0xFFF << RSA_PDB_Q_SHIFT) 489 490#define RSA_PDB_SGF_F (0x8 << RSA_PDB_SGF_SHIFT) 491#define RSA_PDB_SGF_G (0x4 << RSA_PDB_SGF_SHIFT) 492#define RSA_PRIV_PDB_SGF_F (0x4 << RSA_PDB_SGF_SHIFT) 493#define RSA_PRIV_PDB_SGF_G (0x8 << RSA_PDB_SGF_SHIFT) 494 495#define RSA_PRIV_KEY_FRM_1 0 496#define RSA_PRIV_KEY_FRM_2 1 497#define RSA_PRIV_KEY_FRM_3 2 498 499/** 500 * RSA Encrypt Protocol Data Block 501 * @sgf: scatter-gather field 502 * @f_dma: dma address of input data 503 * @g_dma: dma address of encrypted output data 504 * @n_dma: dma address of RSA modulus 505 * @e_dma: dma address of RSA public exponent 506 * @f_len: length in octets of the input data 507 */ 508struct rsa_pub_pdb { 509 u32 sgf; 510 dma_addr_t f_dma; 511 dma_addr_t g_dma; 512 dma_addr_t n_dma; 513 dma_addr_t e_dma; 514 u32 f_len; 515}; 516 517#define SIZEOF_RSA_PUB_PDB (2 * sizeof(u32) + 4 * caam_ptr_sz) 518 519/** 520 * RSA Decrypt PDB - Private Key Form #1 521 * @sgf: scatter-gather field 522 * @g_dma: dma address of encrypted input data 523 * @f_dma: dma address of output data 524 * @n_dma: dma address of RSA modulus 525 * @d_dma: dma address of RSA private exponent 526 */ 527struct rsa_priv_f1_pdb { 528 u32 sgf; 529 dma_addr_t g_dma; 530 dma_addr_t f_dma; 531 dma_addr_t n_dma; 532 dma_addr_t d_dma; 533}; 534 535#define SIZEOF_RSA_PRIV_F1_PDB (sizeof(u32) + 4 * caam_ptr_sz) 536 537/** 538 * RSA Decrypt PDB - Private Key Form #2 539 * @sgf : scatter-gather field 540 * @g_dma : dma address of encrypted input data 541 * @f_dma : dma address of output data 542 * @d_dma : dma address of RSA private exponent 543 * @p_dma : dma address of RSA prime factor p of RSA modulus n 544 * @q_dma : dma address of RSA prime factor q of RSA modulus n 545 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer 546 * as internal state buffer. It is assumed to be as long as p. 547 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer 548 * as internal state buffer. It is assumed to be as long as q. 549 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n 550 */ 551struct rsa_priv_f2_pdb { 552 u32 sgf; 553 dma_addr_t g_dma; 554 dma_addr_t f_dma; 555 dma_addr_t d_dma; 556 dma_addr_t p_dma; 557 dma_addr_t q_dma; 558 dma_addr_t tmp1_dma; 559 dma_addr_t tmp2_dma; 560 u32 p_q_len; 561}; 562 563#define SIZEOF_RSA_PRIV_F2_PDB (2 * sizeof(u32) + 7 * caam_ptr_sz) 564 565/** 566 * RSA Decrypt PDB - Private Key Form #3 567 * This is the RSA Chinese Reminder Theorem (CRT) form for two prime factors of 568 * the RSA modulus. 569 * @sgf : scatter-gather field 570 * @g_dma : dma address of encrypted input data 571 * @f_dma : dma address of output data 572 * @c_dma : dma address of RSA CRT coefficient 573 * @p_dma : dma address of RSA prime factor p of RSA modulus n 574 * @q_dma : dma address of RSA prime factor q of RSA modulus n 575 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor p 576 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor q 577 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer 578 * as internal state buffer. It is assumed to be as long as p. 579 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer 580 * as internal state buffer. It is assumed to be as long as q. 581 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n 582 */ 583struct rsa_priv_f3_pdb { 584 u32 sgf; 585 dma_addr_t g_dma; 586 dma_addr_t f_dma; 587 dma_addr_t c_dma; 588 dma_addr_t p_dma; 589 dma_addr_t q_dma; 590 dma_addr_t dp_dma; 591 dma_addr_t dq_dma; 592 dma_addr_t tmp1_dma; 593 dma_addr_t tmp2_dma; 594 u32 p_q_len; 595}; 596 597#define SIZEOF_RSA_PRIV_F3_PDB (2 * sizeof(u32) + 9 * caam_ptr_sz) 598 599#endif 600