1 /* 2 * CAAM Protocol Data Block (PDB) definition header file 3 * 4 * Copyright 2008-2012 Freescale Semiconductor, Inc. 5 * 6 */ 7 8 #ifndef CAAM_PDB_H 9 #define CAAM_PDB_H 10 11 /* 12 * PDB- IPSec ESP Header Modification Options 13 */ 14 #define PDBHMO_ESP_DECAP_SHIFT 12 15 #define PDBHMO_ESP_ENCAP_SHIFT 4 16 /* 17 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 18 * Options Byte IP version (IPvsn) field: 19 * if IPv4, decrement the inner IP header TTL field (byte 8); 20 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 21 */ 22 #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 23 #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 24 /* 25 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 26 * from the outer IP header to the inner IP header. 27 */ 28 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 29 /* 30 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 31 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 32 */ 33 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 34 35 /* 36 * PDB - IPSec ESP Encap/Decap Options 37 */ 38 #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 39 #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 40 #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 41 #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 42 #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 43 #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 44 #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 45 #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 46 #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 47 #define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 48 #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 49 #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 50 #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 51 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 52 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 53 54 /* 55 * General IPSec encap/decap PDB definitions 56 */ 57 struct ipsec_encap_cbc { 58 u32 iv[4]; 59 }; 60 61 struct ipsec_encap_ctr { 62 u32 ctr_nonce; 63 u32 ctr_initial; 64 u32 iv[2]; 65 }; 66 67 struct ipsec_encap_ccm { 68 u32 salt; /* lower 24 bits */ 69 u8 b0_flags; 70 u8 ctr_flags; 71 u16 ctr_initial; 72 u32 iv[2]; 73 }; 74 75 struct ipsec_encap_gcm { 76 u32 salt; /* lower 24 bits */ 77 u32 rsvd1; 78 u32 iv[2]; 79 }; 80 81 struct ipsec_encap_pdb { 82 u8 hmo_rsvd; 83 u8 ip_nh; 84 u8 ip_nh_offset; 85 u8 options; 86 u32 seq_num_ext_hi; 87 u32 seq_num; 88 union { 89 struct ipsec_encap_cbc cbc; 90 struct ipsec_encap_ctr ctr; 91 struct ipsec_encap_ccm ccm; 92 struct ipsec_encap_gcm gcm; 93 }; 94 u32 spi; 95 u16 rsvd1; 96 u16 ip_hdr_len; 97 u32 ip_hdr[0]; /* optional IP Header content */ 98 }; 99 100 struct ipsec_decap_cbc { 101 u32 rsvd[2]; 102 }; 103 104 struct ipsec_decap_ctr { 105 u32 salt; 106 u32 ctr_initial; 107 }; 108 109 struct ipsec_decap_ccm { 110 u32 salt; 111 u8 iv_flags; 112 u8 ctr_flags; 113 u16 ctr_initial; 114 }; 115 116 struct ipsec_decap_gcm { 117 u32 salt; 118 u32 resvd; 119 }; 120 121 struct ipsec_decap_pdb { 122 u16 hmo_ip_hdr_len; 123 u8 ip_nh_offset; 124 u8 options; 125 union { 126 struct ipsec_decap_cbc cbc; 127 struct ipsec_decap_ctr ctr; 128 struct ipsec_decap_ccm ccm; 129 struct ipsec_decap_gcm gcm; 130 }; 131 u32 seq_num_ext_hi; 132 u32 seq_num; 133 u32 anti_replay[2]; 134 u32 end_index[0]; 135 }; 136 137 /* 138 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 139 */ 140 struct ipsec_deco_dpovrd { 141 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 142 u8 ovrd_ecn; 143 u8 ip_hdr_len; 144 u8 nh_offset; 145 u8 next_header; /* reserved if decap */ 146 }; 147 148 /* 149 * IEEE 802.11i WiFi Protocol Data Block 150 */ 151 #define WIFI_PDBOPTS_FCS 0x01 152 #define WIFI_PDBOPTS_AR 0x40 153 154 struct wifi_encap_pdb { 155 u16 mac_hdr_len; 156 u8 rsvd; 157 u8 options; 158 u8 iv_flags; 159 u8 pri; 160 u16 pn1; 161 u32 pn2; 162 u16 frm_ctrl_mask; 163 u16 seq_ctrl_mask; 164 u8 rsvd1[2]; 165 u8 cnst; 166 u8 key_id; 167 u8 ctr_flags; 168 u8 rsvd2; 169 u16 ctr_init; 170 }; 171 172 struct wifi_decap_pdb { 173 u16 mac_hdr_len; 174 u8 rsvd; 175 u8 options; 176 u8 iv_flags; 177 u8 pri; 178 u16 pn1; 179 u32 pn2; 180 u16 frm_ctrl_mask; 181 u16 seq_ctrl_mask; 182 u8 rsvd1[4]; 183 u8 ctr_flags; 184 u8 rsvd2; 185 u16 ctr_init; 186 }; 187 188 /* 189 * IEEE 802.16 WiMAX Protocol Data Block 190 */ 191 #define WIMAX_PDBOPTS_FCS 0x01 192 #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 193 194 struct wimax_encap_pdb { 195 u8 rsvd[3]; 196 u8 options; 197 u32 nonce; 198 u8 b0_flags; 199 u8 ctr_flags; 200 u16 ctr_init; 201 /* begin DECO writeback region */ 202 u32 pn; 203 /* end DECO writeback region */ 204 }; 205 206 struct wimax_decap_pdb { 207 u8 rsvd[3]; 208 u8 options; 209 u32 nonce; 210 u8 iv_flags; 211 u8 ctr_flags; 212 u16 ctr_init; 213 /* begin DECO writeback region */ 214 u32 pn; 215 u8 rsvd1[2]; 216 u16 antireplay_len; 217 u64 antireplay_scorecard; 218 /* end DECO writeback region */ 219 }; 220 221 /* 222 * IEEE 801.AE MacSEC Protocol Data Block 223 */ 224 #define MACSEC_PDBOPTS_FCS 0x01 225 #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 226 227 struct macsec_encap_pdb { 228 u16 aad_len; 229 u8 rsvd; 230 u8 options; 231 u64 sci; 232 u16 ethertype; 233 u8 tci_an; 234 u8 rsvd1; 235 /* begin DECO writeback region */ 236 u32 pn; 237 /* end DECO writeback region */ 238 }; 239 240 struct macsec_decap_pdb { 241 u16 aad_len; 242 u8 rsvd; 243 u8 options; 244 u64 sci; 245 u8 rsvd1[3]; 246 /* begin DECO writeback region */ 247 u8 antireplay_len; 248 u32 pn; 249 u64 antireplay_scorecard; 250 /* end DECO writeback region */ 251 }; 252 253 /* 254 * SSL/TLS/DTLS Protocol Data Blocks 255 */ 256 257 #define TLS_PDBOPTS_ARS32 0x40 258 #define TLS_PDBOPTS_ARS64 0xc0 259 #define TLS_PDBOPTS_OUTFMT 0x08 260 #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 261 #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 262 263 struct tls_block_encap_pdb { 264 u8 type; 265 u8 version[2]; 266 u8 options; 267 u64 seq_num; 268 u32 iv[4]; 269 }; 270 271 struct tls_stream_encap_pdb { 272 u8 type; 273 u8 version[2]; 274 u8 options; 275 u64 seq_num; 276 u8 i; 277 u8 j; 278 u8 rsvd1[2]; 279 }; 280 281 struct dtls_block_encap_pdb { 282 u8 type; 283 u8 version[2]; 284 u8 options; 285 u16 epoch; 286 u16 seq_num[3]; 287 u32 iv[4]; 288 }; 289 290 struct tls_block_decap_pdb { 291 u8 rsvd[3]; 292 u8 options; 293 u64 seq_num; 294 u32 iv[4]; 295 }; 296 297 struct tls_stream_decap_pdb { 298 u8 rsvd[3]; 299 u8 options; 300 u64 seq_num; 301 u8 i; 302 u8 j; 303 u8 rsvd1[2]; 304 }; 305 306 struct dtls_block_decap_pdb { 307 u8 rsvd[3]; 308 u8 options; 309 u16 epoch; 310 u16 seq_num[3]; 311 u32 iv[4]; 312 u64 antireplay_scorecard; 313 }; 314 315 /* 316 * SRTP Protocol Data Blocks 317 */ 318 #define SRTP_PDBOPTS_MKI 0x08 319 #define SRTP_PDBOPTS_AR 0x40 320 321 struct srtp_encap_pdb { 322 u8 x_len; 323 u8 mki_len; 324 u8 n_tag; 325 u8 options; 326 u32 cnst0; 327 u8 rsvd[2]; 328 u16 cnst1; 329 u16 salt[7]; 330 u16 cnst2; 331 u32 rsvd1; 332 u32 roc; 333 u32 opt_mki; 334 }; 335 336 struct srtp_decap_pdb { 337 u8 x_len; 338 u8 mki_len; 339 u8 n_tag; 340 u8 options; 341 u32 cnst0; 342 u8 rsvd[2]; 343 u16 cnst1; 344 u16 salt[7]; 345 u16 cnst2; 346 u16 rsvd1; 347 u16 seq_num; 348 u32 roc; 349 u64 antireplay_scorecard; 350 }; 351 352 /* 353 * DSA/ECDSA Protocol Data Blocks 354 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 355 * except for the treatment of "w" for verify, "s" for sign, 356 * and the placement of "a,b". 357 */ 358 #define DSA_PDB_SGF_SHIFT 24 359 #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 360 #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 361 #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 362 #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 363 #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 364 #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 365 #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 366 #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 367 #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 368 #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 369 #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 370 371 #define DSA_PDB_L_SHIFT 7 372 #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 373 374 #define DSA_PDB_N_MASK 0x7f 375 376 struct dsa_sign_pdb { 377 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ 378 u8 *q; 379 u8 *r; 380 u8 *g; /* or Gx,y */ 381 u8 *s; 382 u8 *f; 383 u8 *c; 384 u8 *d; 385 u8 *ab; /* ECC only */ 386 u8 *u; 387 }; 388 389 struct dsa_verify_pdb { 390 u32 sgf_ln; 391 u8 *q; 392 u8 *r; 393 u8 *g; /* or Gx,y */ 394 u8 *w; /* or Wx,y */ 395 u8 *f; 396 u8 *c; 397 u8 *d; 398 u8 *tmp; /* temporary data block */ 399 u8 *ab; /* only used if ECC processing */ 400 }; 401 402 #endif 403