xref: /linux/drivers/crypto/caam/pdb.h (revision d7bf4786b5250b0e490a937d1f8a16ee3a54adbe)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * CAAM Protocol Data Block (PDB) definition header file
4  *
5  * Copyright 2008-2016 Freescale Semiconductor, Inc.
6  *
7  */
8 
9 #ifndef CAAM_PDB_H
10 #define CAAM_PDB_H
11 #include "compat.h"
12 
13 /*
14  * PDB- IPSec ESP Header Modification Options
15  */
16 #define PDBHMO_ESP_DECAP_SHIFT	28
17 #define PDBHMO_ESP_ENCAP_SHIFT	28
18 /*
19  * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the
20  * Options Byte IP version (IPvsn) field:
21  * if IPv4, decrement the inner IP header TTL field (byte 8);
22  * if IPv6 decrement the inner IP header Hop Limit field (byte 7).
23 */
24 #define PDBHMO_ESP_DECAP_DEC_TTL	(0x02 << PDBHMO_ESP_DECAP_SHIFT)
25 #define PDBHMO_ESP_ENCAP_DEC_TTL	(0x02 << PDBHMO_ESP_ENCAP_SHIFT)
26 /*
27  * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte
28  * from the outer IP header to the inner IP header.
29  */
30 #define PDBHMO_ESP_DIFFSERV		(0x01 << PDBHMO_ESP_DECAP_SHIFT)
31 /*
32  * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from
33  * the PDB, copy the DF bit from the inner IP header to the outer IP header.
34  */
35 #define PDBHMO_ESP_DFBIT		(0x04 << PDBHMO_ESP_ENCAP_SHIFT)
36 
37 #define PDBNH_ESP_ENCAP_SHIFT		16
38 #define PDBNH_ESP_ENCAP_MASK		(0xff << PDBNH_ESP_ENCAP_SHIFT)
39 
40 #define PDBHDRLEN_ESP_DECAP_SHIFT	16
41 #define PDBHDRLEN_MASK			(0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT)
42 
43 #define PDB_NH_OFFSET_SHIFT		8
44 #define PDB_NH_OFFSET_MASK		(0xff << PDB_NH_OFFSET_SHIFT)
45 
46 /*
47  * PDB - IPSec ESP Encap/Decap Options
48  */
49 #define PDBOPTS_ESP_ARSNONE	0x00 /* no antireplay window */
50 #define PDBOPTS_ESP_ARS32	0x40 /* 32-entry antireplay window */
51 #define PDBOPTS_ESP_ARS128	0x80 /* 128-entry antireplay window */
52 #define PDBOPTS_ESP_ARS64	0xc0 /* 64-entry antireplay window */
53 #define PDBOPTS_ESP_ARS_MASK	0xc0 /* antireplay window mask */
54 #define PDBOPTS_ESP_IVSRC	0x20 /* IV comes from internal random gen */
55 #define PDBOPTS_ESP_ESN		0x10 /* extended sequence included */
56 #define PDBOPTS_ESP_OUTFMT	0x08 /* output only decapsulation (decap) */
57 #define PDBOPTS_ESP_IPHDRSRC	0x08 /* IP header comes from PDB (encap) */
58 #define PDBOPTS_ESP_INCIPHDR	0x04 /* Prepend IP header to output frame */
59 #define PDBOPTS_ESP_IPVSN	0x02 /* process IPv6 header */
60 #define PDBOPTS_ESP_AOFL	0x04 /* adjust out frame len (decap, SEC>=5.3)*/
61 #define PDBOPTS_ESP_TUNNEL	0x01 /* tunnel mode next-header byte */
62 #define PDBOPTS_ESP_IPV6	0x02 /* ip header version is V6 */
63 #define PDBOPTS_ESP_DIFFSERV	0x40 /* copy TOS/TC from inner iphdr */
64 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */
65 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */
66 
67 /*
68  * General IPSec encap/decap PDB definitions
69  */
70 
71 /**
72  * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
73  * @iv: 16-byte array initialization vector
74  */
75 struct ipsec_encap_cbc {
76 	u8 iv[16];
77 };
78 
79 /**
80  * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
81  * @ctr_nonce: 4-byte array nonce
82  * @ctr_initial: initial count constant
83  * @iv: initialization vector
84  */
85 struct ipsec_encap_ctr {
86 	u8 ctr_nonce[4];
87 	u32 ctr_initial;
88 	u64 iv;
89 };
90 
91 /**
92  * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
93  * @salt: 3-byte array salt (lower 24 bits)
94  * @ccm_opt: CCM algorithm options - MSB-LSB description:
95  *  b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
96  *    0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
97  *  ctr_flags (8b) - counter flags; constant equal to 0x3
98  *  ctr_initial (16b) - initial count constant
99  * @iv: initialization vector
100  */
101 struct ipsec_encap_ccm {
102 	u8 salt[4];
103 	u32 ccm_opt;
104 	u64 iv;
105 };
106 
107 /**
108  * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
109  * @salt: 3-byte array salt (lower 24 bits)
110  * @rsvd: reserved, do not use
111  * @iv: initialization vector
112  */
113 struct ipsec_encap_gcm {
114 	u8 salt[4];
115 	u32 rsvd1;
116 	u64 iv;
117 };
118 
119 /**
120  * ipsec_encap_pdb - PDB for IPsec encapsulation
121  * @options: MSB-LSB description
122  *  hmo (header manipulation options) - 4b
123  *  reserved - 4b
124  *  next header - 8b
125  *  next header offset - 8b
126  *  option flags (depend on selected algorithm) - 8b
127  * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128  * @seq_num: IPsec sequence number
129  * @spi: IPsec SPI (Security Parameters Index)
130  * @ip_hdr_len: optional IP Header length (in bytes)
131  *  reserved - 16b
132  *  Opt. IP Hdr Len - 16b
133  * @ip_hdr: optional IP Header content
134  */
135 struct ipsec_encap_pdb {
136 	u32 options;
137 	u32 seq_num_ext_hi;
138 	u32 seq_num;
139 	union {
140 		struct ipsec_encap_cbc cbc;
141 		struct ipsec_encap_ctr ctr;
142 		struct ipsec_encap_ccm ccm;
143 		struct ipsec_encap_gcm gcm;
144 	};
145 	u32 spi;
146 	u32 ip_hdr_len;
147 	u32 ip_hdr[];
148 };
149 
150 /**
151  * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation
152  * @rsvd: reserved, do not use
153  */
154 struct ipsec_decap_cbc {
155 	u32 rsvd[2];
156 };
157 
158 /**
159  * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
160  * @ctr_nonce: 4-byte array nonce
161  * @ctr_initial: initial count constant
162  */
163 struct ipsec_decap_ctr {
164 	u8 ctr_nonce[4];
165 	u32 ctr_initial;
166 };
167 
168 /**
169  * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation
170  * @salt: 3-byte salt (lower 24 bits)
171  * @ccm_opt: CCM algorithm options - MSB-LSB description:
172  *  b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
173  *    0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
174  *  ctr_flags (8b) - counter flags; constant equal to 0x3
175  *  ctr_initial (16b) - initial count constant
176  */
177 struct ipsec_decap_ccm {
178 	u8 salt[4];
179 	u32 ccm_opt;
180 };
181 
182 /**
183  * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation
184  * @salt: 4-byte salt
185  * @rsvd: reserved, do not use
186  */
187 struct ipsec_decap_gcm {
188 	u8 salt[4];
189 	u32 resvd;
190 };
191 
192 /**
193  * ipsec_decap_pdb - PDB for IPsec decapsulation
194  * @options: MSB-LSB description
195  *  hmo (header manipulation options) - 4b
196  *  IP header length - 12b
197  *  next header offset - 8b
198  *  option flags (depend on selected algorithm) - 8b
199  * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
200  * @seq_num: IPsec sequence number
201  * @anti_replay: Anti-replay window; size depends on ARS (option flags)
202  */
203 struct ipsec_decap_pdb {
204 	u32 options;
205 	union {
206 		struct ipsec_decap_cbc cbc;
207 		struct ipsec_decap_ctr ctr;
208 		struct ipsec_decap_ccm ccm;
209 		struct ipsec_decap_gcm gcm;
210 	};
211 	u32 seq_num_ext_hi;
212 	u32 seq_num;
213 	__be32 anti_replay[4];
214 };
215 
216 /*
217  * IPSec ESP Datapath Protocol Override Register (DPOVRD)
218  */
219 struct ipsec_deco_dpovrd {
220 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80
221 	u8 ovrd_ecn;
222 	u8 ip_hdr_len;
223 	u8 nh_offset;
224 	u8 next_header; /* reserved if decap */
225 };
226 
227 /*
228  * IEEE 802.11i WiFi Protocol Data Block
229  */
230 #define WIFI_PDBOPTS_FCS	0x01
231 #define WIFI_PDBOPTS_AR		0x40
232 
233 struct wifi_encap_pdb {
234 	u16 mac_hdr_len;
235 	u8 rsvd;
236 	u8 options;
237 	u8 iv_flags;
238 	u8 pri;
239 	u16 pn1;
240 	u32 pn2;
241 	u16 frm_ctrl_mask;
242 	u16 seq_ctrl_mask;
243 	u8 rsvd1[2];
244 	u8 cnst;
245 	u8 key_id;
246 	u8 ctr_flags;
247 	u8 rsvd2;
248 	u16 ctr_init;
249 };
250 
251 struct wifi_decap_pdb {
252 	u16 mac_hdr_len;
253 	u8 rsvd;
254 	u8 options;
255 	u8 iv_flags;
256 	u8 pri;
257 	u16 pn1;
258 	u32 pn2;
259 	u16 frm_ctrl_mask;
260 	u16 seq_ctrl_mask;
261 	u8 rsvd1[4];
262 	u8 ctr_flags;
263 	u8 rsvd2;
264 	u16 ctr_init;
265 };
266 
267 /*
268  * IEEE 802.16 WiMAX Protocol Data Block
269  */
270 #define WIMAX_PDBOPTS_FCS	0x01
271 #define WIMAX_PDBOPTS_AR	0x40 /* decap only */
272 
273 struct wimax_encap_pdb {
274 	u8 rsvd[3];
275 	u8 options;
276 	u32 nonce;
277 	u8 b0_flags;
278 	u8 ctr_flags;
279 	u16 ctr_init;
280 	/* begin DECO writeback region */
281 	u32 pn;
282 	/* end DECO writeback region */
283 };
284 
285 struct wimax_decap_pdb {
286 	u8 rsvd[3];
287 	u8 options;
288 	u32 nonce;
289 	u8 iv_flags;
290 	u8 ctr_flags;
291 	u16 ctr_init;
292 	/* begin DECO writeback region */
293 	u32 pn;
294 	u8 rsvd1[2];
295 	u16 antireplay_len;
296 	u64 antireplay_scorecard;
297 	/* end DECO writeback region */
298 };
299 
300 /*
301  * IEEE 801.AE MacSEC Protocol Data Block
302  */
303 #define MACSEC_PDBOPTS_FCS	0x01
304 #define MACSEC_PDBOPTS_AR	0x40 /* used in decap only */
305 
306 struct macsec_encap_pdb {
307 	u16 aad_len;
308 	u8 rsvd;
309 	u8 options;
310 	u64 sci;
311 	u16 ethertype;
312 	u8 tci_an;
313 	u8 rsvd1;
314 	/* begin DECO writeback region */
315 	u32 pn;
316 	/* end DECO writeback region */
317 };
318 
319 struct macsec_decap_pdb {
320 	u16 aad_len;
321 	u8 rsvd;
322 	u8 options;
323 	u64 sci;
324 	u8 rsvd1[3];
325 	/* begin DECO writeback region */
326 	u8 antireplay_len;
327 	u32 pn;
328 	u64 antireplay_scorecard;
329 	/* end DECO writeback region */
330 };
331 
332 /*
333  * SSL/TLS/DTLS Protocol Data Blocks
334  */
335 
336 #define TLS_PDBOPTS_ARS32	0x40
337 #define TLS_PDBOPTS_ARS64	0xc0
338 #define TLS_PDBOPTS_OUTFMT	0x08
339 #define TLS_PDBOPTS_IV_WRTBK	0x02 /* 1.1/1.2/DTLS only */
340 #define TLS_PDBOPTS_EXP_RND_IV	0x01 /* 1.1/1.2/DTLS only */
341 
342 struct tls_block_encap_pdb {
343 	u8 type;
344 	u8 version[2];
345 	u8 options;
346 	u64 seq_num;
347 	u32 iv[4];
348 };
349 
350 struct tls_stream_encap_pdb {
351 	u8 type;
352 	u8 version[2];
353 	u8 options;
354 	u64 seq_num;
355 	u8 i;
356 	u8 j;
357 	u8 rsvd1[2];
358 };
359 
360 struct dtls_block_encap_pdb {
361 	u8 type;
362 	u8 version[2];
363 	u8 options;
364 	u16 epoch;
365 	u16 seq_num[3];
366 	u32 iv[4];
367 };
368 
369 struct tls_block_decap_pdb {
370 	u8 rsvd[3];
371 	u8 options;
372 	u64 seq_num;
373 	u32 iv[4];
374 };
375 
376 struct tls_stream_decap_pdb {
377 	u8 rsvd[3];
378 	u8 options;
379 	u64 seq_num;
380 	u8 i;
381 	u8 j;
382 	u8 rsvd1[2];
383 };
384 
385 struct dtls_block_decap_pdb {
386 	u8 rsvd[3];
387 	u8 options;
388 	u16 epoch;
389 	u16 seq_num[3];
390 	u32 iv[4];
391 	u64 antireplay_scorecard;
392 };
393 
394 /*
395  * SRTP Protocol Data Blocks
396  */
397 #define SRTP_PDBOPTS_MKI	0x08
398 #define SRTP_PDBOPTS_AR		0x40
399 
400 struct srtp_encap_pdb {
401 	u8 x_len;
402 	u8 mki_len;
403 	u8 n_tag;
404 	u8 options;
405 	u32 cnst0;
406 	u8 rsvd[2];
407 	u16 cnst1;
408 	u16 salt[7];
409 	u16 cnst2;
410 	u32 rsvd1;
411 	u32 roc;
412 	u32 opt_mki;
413 };
414 
415 struct srtp_decap_pdb {
416 	u8 x_len;
417 	u8 mki_len;
418 	u8 n_tag;
419 	u8 options;
420 	u32 cnst0;
421 	u8 rsvd[2];
422 	u16 cnst1;
423 	u16 salt[7];
424 	u16 cnst2;
425 	u16 rsvd1;
426 	u16 seq_num;
427 	u32 roc;
428 	u64 antireplay_scorecard;
429 };
430 
431 /*
432  * DSA/ECDSA Protocol Data Blocks
433  * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar
434  * except for the treatment of "w" for verify, "s" for sign,
435  * and the placement of "a,b".
436  */
437 #define DSA_PDB_SGF_SHIFT	24
438 #define DSA_PDB_SGF_MASK	(0xff << DSA_PDB_SGF_SHIFT)
439 #define DSA_PDB_SGF_Q		(0x80 << DSA_PDB_SGF_SHIFT)
440 #define DSA_PDB_SGF_R		(0x40 << DSA_PDB_SGF_SHIFT)
441 #define DSA_PDB_SGF_G		(0x20 << DSA_PDB_SGF_SHIFT)
442 #define DSA_PDB_SGF_W		(0x10 << DSA_PDB_SGF_SHIFT)
443 #define DSA_PDB_SGF_S		(0x10 << DSA_PDB_SGF_SHIFT)
444 #define DSA_PDB_SGF_F		(0x08 << DSA_PDB_SGF_SHIFT)
445 #define DSA_PDB_SGF_C		(0x04 << DSA_PDB_SGF_SHIFT)
446 #define DSA_PDB_SGF_D		(0x02 << DSA_PDB_SGF_SHIFT)
447 #define DSA_PDB_SGF_AB_SIGN	(0x02 << DSA_PDB_SGF_SHIFT)
448 #define DSA_PDB_SGF_AB_VERIFY	(0x01 << DSA_PDB_SGF_SHIFT)
449 
450 #define DSA_PDB_L_SHIFT		7
451 #define DSA_PDB_L_MASK		(0x3ff << DSA_PDB_L_SHIFT)
452 
453 #define DSA_PDB_N_MASK		0x7f
454 
455 struct dsa_sign_pdb {
456 	u32 sgf_ln; /* Use DSA_PDB_ definitions per above */
457 	u8 *q;
458 	u8 *r;
459 	u8 *g;	/* or Gx,y */
460 	u8 *s;
461 	u8 *f;
462 	u8 *c;
463 	u8 *d;
464 	u8 *ab; /* ECC only */
465 	u8 *u;
466 };
467 
468 struct dsa_verify_pdb {
469 	u32 sgf_ln;
470 	u8 *q;
471 	u8 *r;
472 	u8 *g;	/* or Gx,y */
473 	u8 *w; /* or Wx,y */
474 	u8 *f;
475 	u8 *c;
476 	u8 *d;
477 	u8 *tmp; /* temporary data block */
478 	u8 *ab; /* only used if ECC processing */
479 };
480 
481 /* RSA Protocol Data Block */
482 #define RSA_PDB_SGF_SHIFT       28
483 #define RSA_PDB_E_SHIFT         12
484 #define RSA_PDB_E_MASK          (0xFFF << RSA_PDB_E_SHIFT)
485 #define RSA_PDB_D_SHIFT         12
486 #define RSA_PDB_D_MASK          (0xFFF << RSA_PDB_D_SHIFT)
487 #define RSA_PDB_Q_SHIFT         12
488 #define RSA_PDB_Q_MASK          (0xFFF << RSA_PDB_Q_SHIFT)
489 
490 #define RSA_PDB_SGF_F           (0x8 << RSA_PDB_SGF_SHIFT)
491 #define RSA_PDB_SGF_G           (0x4 << RSA_PDB_SGF_SHIFT)
492 #define RSA_PRIV_PDB_SGF_F      (0x4 << RSA_PDB_SGF_SHIFT)
493 #define RSA_PRIV_PDB_SGF_G      (0x8 << RSA_PDB_SGF_SHIFT)
494 
495 #define RSA_PRIV_KEY_FRM_1      0
496 #define RSA_PRIV_KEY_FRM_2      1
497 #define RSA_PRIV_KEY_FRM_3      2
498 
499 /**
500  * RSA Encrypt Protocol Data Block
501  * @sgf: scatter-gather field
502  * @f_dma: dma address of input data
503  * @g_dma: dma address of encrypted output data
504  * @n_dma: dma address of RSA modulus
505  * @e_dma: dma address of RSA public exponent
506  * @f_len: length in octets of the input data
507  */
508 struct rsa_pub_pdb {
509 	u32		sgf;
510 	dma_addr_t	f_dma;
511 	dma_addr_t	g_dma;
512 	dma_addr_t	n_dma;
513 	dma_addr_t	e_dma;
514 	u32		f_len;
515 };
516 
517 #define SIZEOF_RSA_PUB_PDB	(2 * sizeof(u32) + 4 * caam_ptr_sz)
518 
519 /**
520  * RSA Decrypt PDB - Private Key Form #1
521  * @sgf: scatter-gather field
522  * @g_dma: dma address of encrypted input data
523  * @f_dma: dma address of output data
524  * @n_dma: dma address of RSA modulus
525  * @d_dma: dma address of RSA private exponent
526  */
527 struct rsa_priv_f1_pdb {
528 	u32		sgf;
529 	dma_addr_t	g_dma;
530 	dma_addr_t	f_dma;
531 	dma_addr_t	n_dma;
532 	dma_addr_t	d_dma;
533 };
534 
535 #define SIZEOF_RSA_PRIV_F1_PDB	(sizeof(u32) + 4 * caam_ptr_sz)
536 
537 /**
538  * RSA Decrypt PDB - Private Key Form #2
539  * @sgf     : scatter-gather field
540  * @g_dma   : dma address of encrypted input data
541  * @f_dma   : dma address of output data
542  * @d_dma   : dma address of RSA private exponent
543  * @p_dma   : dma address of RSA prime factor p of RSA modulus n
544  * @q_dma   : dma address of RSA prime factor q of RSA modulus n
545  * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer
546  *            as internal state buffer. It is assumed to be as long as p.
547  * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer
548  *            as internal state buffer. It is assumed to be as long as q.
549  * @p_q_len : length in bytes of first two prime factors of the RSA modulus n
550  */
551 struct rsa_priv_f2_pdb {
552 	u32		sgf;
553 	dma_addr_t	g_dma;
554 	dma_addr_t	f_dma;
555 	dma_addr_t	d_dma;
556 	dma_addr_t	p_dma;
557 	dma_addr_t	q_dma;
558 	dma_addr_t	tmp1_dma;
559 	dma_addr_t	tmp2_dma;
560 	u32		p_q_len;
561 };
562 
563 #define SIZEOF_RSA_PRIV_F2_PDB	(2 * sizeof(u32) + 7 * caam_ptr_sz)
564 
565 /**
566  * RSA Decrypt PDB - Private Key Form #3
567  * This is the RSA Chinese Reminder Theorem (CRT) form for two prime factors of
568  * the RSA modulus.
569  * @sgf     : scatter-gather field
570  * @g_dma   : dma address of encrypted input data
571  * @f_dma   : dma address of output data
572  * @c_dma   : dma address of RSA CRT coefficient
573  * @p_dma   : dma address of RSA prime factor p of RSA modulus n
574  * @q_dma   : dma address of RSA prime factor q of RSA modulus n
575  * @dp_dma  : dma address of RSA CRT exponent of RSA prime factor p
576  * @dp_dma  : dma address of RSA CRT exponent of RSA prime factor q
577  * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer
578  *            as internal state buffer. It is assumed to be as long as p.
579  * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer
580  *            as internal state buffer. It is assumed to be as long as q.
581  * @p_q_len : length in bytes of first two prime factors of the RSA modulus n
582  */
583 struct rsa_priv_f3_pdb {
584 	u32		sgf;
585 	dma_addr_t	g_dma;
586 	dma_addr_t	f_dma;
587 	dma_addr_t	c_dma;
588 	dma_addr_t	p_dma;
589 	dma_addr_t	q_dma;
590 	dma_addr_t	dp_dma;
591 	dma_addr_t	dq_dma;
592 	dma_addr_t	tmp1_dma;
593 	dma_addr_t	tmp2_dma;
594 	u32		p_q_len;
595 };
596 
597 #define SIZEOF_RSA_PRIV_F3_PDB	(2 * sizeof(u32) + 9 * caam_ptr_sz)
598 
599 #endif
600