1 /* 2 * CAAM Protocol Data Block (PDB) definition header file 3 * 4 * Copyright 2008-2012 Freescale Semiconductor, Inc. 5 * 6 */ 7 8 #ifndef CAAM_PDB_H 9 #define CAAM_PDB_H 10 11 /* 12 * PDB- IPSec ESP Header Modification Options 13 */ 14 #define PDBHMO_ESP_DECAP_SHIFT 12 15 #define PDBHMO_ESP_ENCAP_SHIFT 4 16 /* 17 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 18 * Options Byte IP version (IPvsn) field: 19 * if IPv4, decrement the inner IP header TTL field (byte 8); 20 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 21 */ 22 #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 23 #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 24 /* 25 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 26 * from the outer IP header to the inner IP header. 27 */ 28 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 29 /* 30 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 31 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 32 */ 33 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 34 35 /* 36 * PDB - IPSec ESP Encap/Decap Options 37 */ 38 #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 39 #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 40 #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 41 #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 42 #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 43 #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 44 #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 45 #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 46 #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 47 #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 48 #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 49 #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 50 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 51 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 52 53 /* 54 * General IPSec encap/decap PDB definitions 55 */ 56 struct ipsec_encap_cbc { 57 u32 iv[4]; 58 }; 59 60 struct ipsec_encap_ctr { 61 u32 ctr_nonce; 62 u32 ctr_initial; 63 u32 iv[2]; 64 }; 65 66 struct ipsec_encap_ccm { 67 u32 salt; /* lower 24 bits */ 68 u8 b0_flags; 69 u8 ctr_flags; 70 u16 ctr_initial; 71 u32 iv[2]; 72 }; 73 74 struct ipsec_encap_gcm { 75 u32 salt; /* lower 24 bits */ 76 u32 rsvd1; 77 u32 iv[2]; 78 }; 79 80 struct ipsec_encap_pdb { 81 u8 hmo_rsvd; 82 u8 ip_nh; 83 u8 ip_nh_offset; 84 u8 options; 85 u32 seq_num_ext_hi; 86 u32 seq_num; 87 union { 88 struct ipsec_encap_cbc cbc; 89 struct ipsec_encap_ctr ctr; 90 struct ipsec_encap_ccm ccm; 91 struct ipsec_encap_gcm gcm; 92 }; 93 u32 spi; 94 u16 rsvd1; 95 u16 ip_hdr_len; 96 u32 ip_hdr[0]; /* optional IP Header content */ 97 }; 98 99 struct ipsec_decap_cbc { 100 u32 rsvd[2]; 101 }; 102 103 struct ipsec_decap_ctr { 104 u32 salt; 105 u32 ctr_initial; 106 }; 107 108 struct ipsec_decap_ccm { 109 u32 salt; 110 u8 iv_flags; 111 u8 ctr_flags; 112 u16 ctr_initial; 113 }; 114 115 struct ipsec_decap_gcm { 116 u32 salt; 117 u32 resvd; 118 }; 119 120 struct ipsec_decap_pdb { 121 u16 hmo_ip_hdr_len; 122 u8 ip_nh_offset; 123 u8 options; 124 union { 125 struct ipsec_decap_cbc cbc; 126 struct ipsec_decap_ctr ctr; 127 struct ipsec_decap_ccm ccm; 128 struct ipsec_decap_gcm gcm; 129 }; 130 u32 seq_num_ext_hi; 131 u32 seq_num; 132 u32 anti_replay[2]; 133 u32 end_index[0]; 134 }; 135 136 /* 137 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 138 */ 139 struct ipsec_deco_dpovrd { 140 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 141 u8 ovrd_ecn; 142 u8 ip_hdr_len; 143 u8 nh_offset; 144 u8 next_header; /* reserved if decap */ 145 }; 146 147 /* 148 * IEEE 802.11i WiFi Protocol Data Block 149 */ 150 #define WIFI_PDBOPTS_FCS 0x01 151 #define WIFI_PDBOPTS_AR 0x40 152 153 struct wifi_encap_pdb { 154 u16 mac_hdr_len; 155 u8 rsvd; 156 u8 options; 157 u8 iv_flags; 158 u8 pri; 159 u16 pn1; 160 u32 pn2; 161 u16 frm_ctrl_mask; 162 u16 seq_ctrl_mask; 163 u8 rsvd1[2]; 164 u8 cnst; 165 u8 key_id; 166 u8 ctr_flags; 167 u8 rsvd2; 168 u16 ctr_init; 169 }; 170 171 struct wifi_decap_pdb { 172 u16 mac_hdr_len; 173 u8 rsvd; 174 u8 options; 175 u8 iv_flags; 176 u8 pri; 177 u16 pn1; 178 u32 pn2; 179 u16 frm_ctrl_mask; 180 u16 seq_ctrl_mask; 181 u8 rsvd1[4]; 182 u8 ctr_flags; 183 u8 rsvd2; 184 u16 ctr_init; 185 }; 186 187 /* 188 * IEEE 802.16 WiMAX Protocol Data Block 189 */ 190 #define WIMAX_PDBOPTS_FCS 0x01 191 #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 192 193 struct wimax_encap_pdb { 194 u8 rsvd[3]; 195 u8 options; 196 u32 nonce; 197 u8 b0_flags; 198 u8 ctr_flags; 199 u16 ctr_init; 200 /* begin DECO writeback region */ 201 u32 pn; 202 /* end DECO writeback region */ 203 }; 204 205 struct wimax_decap_pdb { 206 u8 rsvd[3]; 207 u8 options; 208 u32 nonce; 209 u8 iv_flags; 210 u8 ctr_flags; 211 u16 ctr_init; 212 /* begin DECO writeback region */ 213 u32 pn; 214 u8 rsvd1[2]; 215 u16 antireplay_len; 216 u64 antireplay_scorecard; 217 /* end DECO writeback region */ 218 }; 219 220 /* 221 * IEEE 801.AE MacSEC Protocol Data Block 222 */ 223 #define MACSEC_PDBOPTS_FCS 0x01 224 #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 225 226 struct macsec_encap_pdb { 227 u16 aad_len; 228 u8 rsvd; 229 u8 options; 230 u64 sci; 231 u16 ethertype; 232 u8 tci_an; 233 u8 rsvd1; 234 /* begin DECO writeback region */ 235 u32 pn; 236 /* end DECO writeback region */ 237 }; 238 239 struct macsec_decap_pdb { 240 u16 aad_len; 241 u8 rsvd; 242 u8 options; 243 u64 sci; 244 u8 rsvd1[3]; 245 /* begin DECO writeback region */ 246 u8 antireplay_len; 247 u32 pn; 248 u64 antireplay_scorecard; 249 /* end DECO writeback region */ 250 }; 251 252 /* 253 * SSL/TLS/DTLS Protocol Data Blocks 254 */ 255 256 #define TLS_PDBOPTS_ARS32 0x40 257 #define TLS_PDBOPTS_ARS64 0xc0 258 #define TLS_PDBOPTS_OUTFMT 0x08 259 #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 260 #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 261 262 struct tls_block_encap_pdb { 263 u8 type; 264 u8 version[2]; 265 u8 options; 266 u64 seq_num; 267 u32 iv[4]; 268 }; 269 270 struct tls_stream_encap_pdb { 271 u8 type; 272 u8 version[2]; 273 u8 options; 274 u64 seq_num; 275 u8 i; 276 u8 j; 277 u8 rsvd1[2]; 278 }; 279 280 struct dtls_block_encap_pdb { 281 u8 type; 282 u8 version[2]; 283 u8 options; 284 u16 epoch; 285 u16 seq_num[3]; 286 u32 iv[4]; 287 }; 288 289 struct tls_block_decap_pdb { 290 u8 rsvd[3]; 291 u8 options; 292 u64 seq_num; 293 u32 iv[4]; 294 }; 295 296 struct tls_stream_decap_pdb { 297 u8 rsvd[3]; 298 u8 options; 299 u64 seq_num; 300 u8 i; 301 u8 j; 302 u8 rsvd1[2]; 303 }; 304 305 struct dtls_block_decap_pdb { 306 u8 rsvd[3]; 307 u8 options; 308 u16 epoch; 309 u16 seq_num[3]; 310 u32 iv[4]; 311 u64 antireplay_scorecard; 312 }; 313 314 /* 315 * SRTP Protocol Data Blocks 316 */ 317 #define SRTP_PDBOPTS_MKI 0x08 318 #define SRTP_PDBOPTS_AR 0x40 319 320 struct srtp_encap_pdb { 321 u8 x_len; 322 u8 mki_len; 323 u8 n_tag; 324 u8 options; 325 u32 cnst0; 326 u8 rsvd[2]; 327 u16 cnst1; 328 u16 salt[7]; 329 u16 cnst2; 330 u32 rsvd1; 331 u32 roc; 332 u32 opt_mki; 333 }; 334 335 struct srtp_decap_pdb { 336 u8 x_len; 337 u8 mki_len; 338 u8 n_tag; 339 u8 options; 340 u32 cnst0; 341 u8 rsvd[2]; 342 u16 cnst1; 343 u16 salt[7]; 344 u16 cnst2; 345 u16 rsvd1; 346 u16 seq_num; 347 u32 roc; 348 u64 antireplay_scorecard; 349 }; 350 351 /* 352 * DSA/ECDSA Protocol Data Blocks 353 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 354 * except for the treatment of "w" for verify, "s" for sign, 355 * and the placement of "a,b". 356 */ 357 #define DSA_PDB_SGF_SHIFT 24 358 #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 359 #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 360 #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 361 #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 362 #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 363 #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 364 #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 365 #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 366 #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 367 #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 368 #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 369 370 #define DSA_PDB_L_SHIFT 7 371 #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 372 373 #define DSA_PDB_N_MASK 0x7f 374 375 struct dsa_sign_pdb { 376 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ 377 u8 *q; 378 u8 *r; 379 u8 *g; /* or Gx,y */ 380 u8 *s; 381 u8 *f; 382 u8 *c; 383 u8 *d; 384 u8 *ab; /* ECC only */ 385 u8 *u; 386 }; 387 388 struct dsa_verify_pdb { 389 u32 sgf_ln; 390 u8 *q; 391 u8 *r; 392 u8 *g; /* or Gx,y */ 393 u8 *w; /* or Wx,y */ 394 u8 *f; 395 u8 *c; 396 u8 *d; 397 u8 *tmp; /* temporary data block */ 398 u8 *ab; /* only used if ECC processing */ 399 }; 400 401 #endif 402