1 /* 2 * CAAM Protocol Data Block (PDB) definition header file 3 * 4 * Copyright 2008-2012 Freescale Semiconductor, Inc. 5 * 6 */ 7 8 #ifndef CAAM_PDB_H 9 #define CAAM_PDB_H 10 11 /* 12 * PDB- IPSec ESP Header Modification Options 13 */ 14 #define PDBHMO_ESP_DECAP_SHIFT 28 15 #define PDBHMO_ESP_ENCAP_SHIFT 28 16 /* 17 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 18 * Options Byte IP version (IPvsn) field: 19 * if IPv4, decrement the inner IP header TTL field (byte 8); 20 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 21 */ 22 #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 23 #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 24 /* 25 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 26 * from the outer IP header to the inner IP header. 27 */ 28 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 29 /* 30 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 31 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 32 */ 33 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 34 35 #define PDBNH_ESP_ENCAP_SHIFT 16 36 #define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT) 37 38 #define PDBHDRLEN_ESP_DECAP_SHIFT 16 39 #define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT) 40 41 #define PDB_NH_OFFSET_SHIFT 8 42 #define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT) 43 44 /* 45 * PDB - IPSec ESP Encap/Decap Options 46 */ 47 #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 48 #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 49 #define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */ 50 #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 51 #define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */ 52 #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 53 #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 54 #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 55 #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 56 #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 57 #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 58 #define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 59 #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 60 #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 61 #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 62 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 63 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 64 65 /* 66 * General IPSec encap/decap PDB definitions 67 */ 68 69 /** 70 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation 71 * @iv: 16-byte array initialization vector 72 */ 73 struct ipsec_encap_cbc { 74 u8 iv[16]; 75 }; 76 77 /** 78 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation 79 * @ctr_nonce: 4-byte array nonce 80 * @ctr_initial: initial count constant 81 * @iv: initialization vector 82 */ 83 struct ipsec_encap_ctr { 84 u8 ctr_nonce[4]; 85 u32 ctr_initial; 86 u64 iv; 87 }; 88 89 /** 90 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation 91 * @salt: 3-byte array salt (lower 24 bits) 92 * @ccm_opt: CCM algorithm options - MSB-LSB description: 93 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 94 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 95 * ctr_flags (8b) - counter flags; constant equal to 0x3 96 * ctr_initial (16b) - initial count constant 97 * @iv: initialization vector 98 */ 99 struct ipsec_encap_ccm { 100 u8 salt[4]; 101 u32 ccm_opt; 102 u64 iv; 103 }; 104 105 /** 106 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation 107 * @salt: 3-byte array salt (lower 24 bits) 108 * @rsvd: reserved, do not use 109 * @iv: initialization vector 110 */ 111 struct ipsec_encap_gcm { 112 u8 salt[4]; 113 u32 rsvd1; 114 u64 iv; 115 }; 116 117 /** 118 * ipsec_encap_pdb - PDB for IPsec encapsulation 119 * @options: MSB-LSB description 120 * hmo (header manipulation options) - 4b 121 * reserved - 4b 122 * next header - 8b 123 * next header offset - 8b 124 * option flags (depend on selected algorithm) - 8b 125 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 126 * @seq_num: IPsec sequence number 127 * @spi: IPsec SPI (Security Parameters Index) 128 * @ip_hdr_len: optional IP Header length (in bytes) 129 * reserved - 16b 130 * Opt. IP Hdr Len - 16b 131 * @ip_hdr: optional IP Header content 132 */ 133 struct ipsec_encap_pdb { 134 u32 options; 135 u32 seq_num_ext_hi; 136 u32 seq_num; 137 union { 138 struct ipsec_encap_cbc cbc; 139 struct ipsec_encap_ctr ctr; 140 struct ipsec_encap_ccm ccm; 141 struct ipsec_encap_gcm gcm; 142 }; 143 u32 spi; 144 u32 ip_hdr_len; 145 u32 ip_hdr[0]; 146 }; 147 148 /** 149 * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation 150 * @rsvd: reserved, do not use 151 */ 152 struct ipsec_decap_cbc { 153 u32 rsvd[2]; 154 }; 155 156 /** 157 * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation 158 * @ctr_nonce: 4-byte array nonce 159 * @ctr_initial: initial count constant 160 */ 161 struct ipsec_decap_ctr { 162 u8 ctr_nonce[4]; 163 u32 ctr_initial; 164 }; 165 166 /** 167 * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation 168 * @salt: 3-byte salt (lower 24 bits) 169 * @ccm_opt: CCM algorithm options - MSB-LSB description: 170 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 171 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 172 * ctr_flags (8b) - counter flags; constant equal to 0x3 173 * ctr_initial (16b) - initial count constant 174 */ 175 struct ipsec_decap_ccm { 176 u8 salt[4]; 177 u32 ccm_opt; 178 }; 179 180 /** 181 * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation 182 * @salt: 4-byte salt 183 * @rsvd: reserved, do not use 184 */ 185 struct ipsec_decap_gcm { 186 u8 salt[4]; 187 u32 resvd; 188 }; 189 190 /** 191 * ipsec_decap_pdb - PDB for IPsec decapsulation 192 * @options: MSB-LSB description 193 * hmo (header manipulation options) - 4b 194 * IP header length - 12b 195 * next header offset - 8b 196 * option flags (depend on selected algorithm) - 8b 197 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 198 * @seq_num: IPsec sequence number 199 * @anti_replay: Anti-replay window; size depends on ARS (option flags) 200 */ 201 struct ipsec_decap_pdb { 202 u32 options; 203 union { 204 struct ipsec_decap_cbc cbc; 205 struct ipsec_decap_ctr ctr; 206 struct ipsec_decap_ccm ccm; 207 struct ipsec_decap_gcm gcm; 208 }; 209 u32 seq_num_ext_hi; 210 u32 seq_num; 211 __be32 anti_replay[4]; 212 }; 213 214 /* 215 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 216 */ 217 struct ipsec_deco_dpovrd { 218 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 219 u8 ovrd_ecn; 220 u8 ip_hdr_len; 221 u8 nh_offset; 222 u8 next_header; /* reserved if decap */ 223 }; 224 225 /* 226 * IEEE 802.11i WiFi Protocol Data Block 227 */ 228 #define WIFI_PDBOPTS_FCS 0x01 229 #define WIFI_PDBOPTS_AR 0x40 230 231 struct wifi_encap_pdb { 232 u16 mac_hdr_len; 233 u8 rsvd; 234 u8 options; 235 u8 iv_flags; 236 u8 pri; 237 u16 pn1; 238 u32 pn2; 239 u16 frm_ctrl_mask; 240 u16 seq_ctrl_mask; 241 u8 rsvd1[2]; 242 u8 cnst; 243 u8 key_id; 244 u8 ctr_flags; 245 u8 rsvd2; 246 u16 ctr_init; 247 }; 248 249 struct wifi_decap_pdb { 250 u16 mac_hdr_len; 251 u8 rsvd; 252 u8 options; 253 u8 iv_flags; 254 u8 pri; 255 u16 pn1; 256 u32 pn2; 257 u16 frm_ctrl_mask; 258 u16 seq_ctrl_mask; 259 u8 rsvd1[4]; 260 u8 ctr_flags; 261 u8 rsvd2; 262 u16 ctr_init; 263 }; 264 265 /* 266 * IEEE 802.16 WiMAX Protocol Data Block 267 */ 268 #define WIMAX_PDBOPTS_FCS 0x01 269 #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 270 271 struct wimax_encap_pdb { 272 u8 rsvd[3]; 273 u8 options; 274 u32 nonce; 275 u8 b0_flags; 276 u8 ctr_flags; 277 u16 ctr_init; 278 /* begin DECO writeback region */ 279 u32 pn; 280 /* end DECO writeback region */ 281 }; 282 283 struct wimax_decap_pdb { 284 u8 rsvd[3]; 285 u8 options; 286 u32 nonce; 287 u8 iv_flags; 288 u8 ctr_flags; 289 u16 ctr_init; 290 /* begin DECO writeback region */ 291 u32 pn; 292 u8 rsvd1[2]; 293 u16 antireplay_len; 294 u64 antireplay_scorecard; 295 /* end DECO writeback region */ 296 }; 297 298 /* 299 * IEEE 801.AE MacSEC Protocol Data Block 300 */ 301 #define MACSEC_PDBOPTS_FCS 0x01 302 #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 303 304 struct macsec_encap_pdb { 305 u16 aad_len; 306 u8 rsvd; 307 u8 options; 308 u64 sci; 309 u16 ethertype; 310 u8 tci_an; 311 u8 rsvd1; 312 /* begin DECO writeback region */ 313 u32 pn; 314 /* end DECO writeback region */ 315 }; 316 317 struct macsec_decap_pdb { 318 u16 aad_len; 319 u8 rsvd; 320 u8 options; 321 u64 sci; 322 u8 rsvd1[3]; 323 /* begin DECO writeback region */ 324 u8 antireplay_len; 325 u32 pn; 326 u64 antireplay_scorecard; 327 /* end DECO writeback region */ 328 }; 329 330 /* 331 * SSL/TLS/DTLS Protocol Data Blocks 332 */ 333 334 #define TLS_PDBOPTS_ARS32 0x40 335 #define TLS_PDBOPTS_ARS64 0xc0 336 #define TLS_PDBOPTS_OUTFMT 0x08 337 #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 338 #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 339 340 struct tls_block_encap_pdb { 341 u8 type; 342 u8 version[2]; 343 u8 options; 344 u64 seq_num; 345 u32 iv[4]; 346 }; 347 348 struct tls_stream_encap_pdb { 349 u8 type; 350 u8 version[2]; 351 u8 options; 352 u64 seq_num; 353 u8 i; 354 u8 j; 355 u8 rsvd1[2]; 356 }; 357 358 struct dtls_block_encap_pdb { 359 u8 type; 360 u8 version[2]; 361 u8 options; 362 u16 epoch; 363 u16 seq_num[3]; 364 u32 iv[4]; 365 }; 366 367 struct tls_block_decap_pdb { 368 u8 rsvd[3]; 369 u8 options; 370 u64 seq_num; 371 u32 iv[4]; 372 }; 373 374 struct tls_stream_decap_pdb { 375 u8 rsvd[3]; 376 u8 options; 377 u64 seq_num; 378 u8 i; 379 u8 j; 380 u8 rsvd1[2]; 381 }; 382 383 struct dtls_block_decap_pdb { 384 u8 rsvd[3]; 385 u8 options; 386 u16 epoch; 387 u16 seq_num[3]; 388 u32 iv[4]; 389 u64 antireplay_scorecard; 390 }; 391 392 /* 393 * SRTP Protocol Data Blocks 394 */ 395 #define SRTP_PDBOPTS_MKI 0x08 396 #define SRTP_PDBOPTS_AR 0x40 397 398 struct srtp_encap_pdb { 399 u8 x_len; 400 u8 mki_len; 401 u8 n_tag; 402 u8 options; 403 u32 cnst0; 404 u8 rsvd[2]; 405 u16 cnst1; 406 u16 salt[7]; 407 u16 cnst2; 408 u32 rsvd1; 409 u32 roc; 410 u32 opt_mki; 411 }; 412 413 struct srtp_decap_pdb { 414 u8 x_len; 415 u8 mki_len; 416 u8 n_tag; 417 u8 options; 418 u32 cnst0; 419 u8 rsvd[2]; 420 u16 cnst1; 421 u16 salt[7]; 422 u16 cnst2; 423 u16 rsvd1; 424 u16 seq_num; 425 u32 roc; 426 u64 antireplay_scorecard; 427 }; 428 429 /* 430 * DSA/ECDSA Protocol Data Blocks 431 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 432 * except for the treatment of "w" for verify, "s" for sign, 433 * and the placement of "a,b". 434 */ 435 #define DSA_PDB_SGF_SHIFT 24 436 #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 437 #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 438 #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 439 #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 440 #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 441 #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 442 #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 443 #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 444 #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 445 #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 446 #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 447 448 #define DSA_PDB_L_SHIFT 7 449 #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 450 451 #define DSA_PDB_N_MASK 0x7f 452 453 struct dsa_sign_pdb { 454 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ 455 u8 *q; 456 u8 *r; 457 u8 *g; /* or Gx,y */ 458 u8 *s; 459 u8 *f; 460 u8 *c; 461 u8 *d; 462 u8 *ab; /* ECC only */ 463 u8 *u; 464 }; 465 466 struct dsa_verify_pdb { 467 u32 sgf_ln; 468 u8 *q; 469 u8 *r; 470 u8 *g; /* or Gx,y */ 471 u8 *w; /* or Wx,y */ 472 u8 *f; 473 u8 *c; 474 u8 *d; 475 u8 *tmp; /* temporary data block */ 476 u8 *ab; /* only used if ECC processing */ 477 }; 478 479 #endif 480