1 /* SPDX-License-Identifier: GPL-2.0 */
3 * CAAM Protocol Data Block (PDB) definition header file
5 * Copyright 2008-2016 Freescale Semiconductor, Inc.
14 * PDB- IPSec ESP Header Modification Options
16 #define PDBHMO_ESP_DECAP_SHIFT 28
17 #define PDBHMO_ESP_ENCAP_SHIFT 28
19 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the
20 * Options Byte IP version (IPvsn) field:
21 * if IPv4, decrement the inner IP header TTL field (byte 8);
22 * if IPv6 decrement the inner IP header Hop Limit field (byte 7).
24 #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT)
25 #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT)
27 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte
28 * from the outer IP header to the inner IP header.
30 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT)
32 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from
33 * the PDB, copy the DF bit from the inner IP header to the outer IP header.
35 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT)
37 #define PDBNH_ESP_ENCAP_SHIFT 16
38 #define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT)
40 #define PDBHDRLEN_ESP_DECAP_SHIFT 16
41 #define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT)
43 #define PDB_NH_OFFSET_SHIFT 8
44 #define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT)
47 * PDB - IPSec ESP Encap/Decap Options
49 #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */
50 #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */
51 #define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */
52 #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */
53 #define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */
54 #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */
55 #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */
56 #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */
57 #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */
58 #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */
59 #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */
60 #define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/
61 #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */
62 #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */
63 #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */
64 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */
65 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */
68 * General IPSec encap/decap PDB definitions
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
73 * @iv: 16-byte array initialization vector
75 struct ipsec_encap_cbc {
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
81 * @ctr_nonce: 4-byte array nonce
82 * @ctr_initial: initial count constant
83 * @iv: initialization vector
85 struct ipsec_encap_ctr {
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
93 * @salt: 3-byte array salt (lower 24 bits)
94 * @ccm_opt: CCM algorithm options - MSB-LSB description:
95 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
96 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
97 * ctr_flags (8b) - counter flags; constant equal to 0x3
98 * ctr_initial (16b) - initial count constant
99 * @iv: initialization vector
101 struct ipsec_encap_ccm {
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
109 * @salt: 3-byte array salt (lower 24 bits)
110 * @rsvd: reserved, do not use
111 * @iv: initialization vector
113 struct ipsec_encap_gcm {
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
121 * @options: MSB-LSB description
122 * hmo (header manipulation options) - 4b
125 * next header offset - 8b
126 * option flags (depend on selected algorithm) - 8b
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
129 * @spi: IPsec SPI (Security Parameters Index)
130 * @ip_hdr_len: optional IP Header length (in bytes)
132 * Opt. IP Hdr Len - 16b
133 * @ip_hdr: optional IP Header content
135 struct ipsec_encap_pdb {
140 struct ipsec_encap_cbc cbc;
141 struct ipsec_encap_ctr ctr;
142 struct ipsec_encap_ccm ccm;
143 struct ipsec_encap_gcm gcm;
151 * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation
152 * @rsvd: reserved, do not use
154 struct ipsec_decap_cbc {
159 * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
160 * @ctr_nonce: 4-byte array nonce
161 * @ctr_initial: initial count constant
163 struct ipsec_decap_ctr {
169 * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation
170 * @salt: 3-byte salt (lower 24 bits)
171 * @ccm_opt: CCM algorithm options - MSB-LSB description:
172 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
173 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
174 * ctr_flags (8b) - counter flags; constant equal to 0x3
175 * ctr_initial (16b) - initial count constant
177 struct ipsec_decap_ccm {
183 * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation
185 * @rsvd: reserved, do not use
187 struct ipsec_decap_gcm {
193 * ipsec_decap_pdb - PDB for IPsec decapsulation
194 * @options: MSB-LSB description
195 * hmo (header manipulation options) - 4b
196 * IP header length - 12b
197 * next header offset - 8b
198 * option flags (depend on selected algorithm) - 8b
199 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
200 * @seq_num: IPsec sequence number
201 * @anti_replay: Anti-replay window; size depends on ARS (option flags)
203 struct ipsec_decap_pdb {
206 struct ipsec_decap_cbc cbc;
207 struct ipsec_decap_ctr ctr;
208 struct ipsec_decap_ccm ccm;
209 struct ipsec_decap_gcm gcm;
213 __be32 anti_replay[4];
217 * IPSec ESP Datapath Protocol Override Register (DPOVRD)
219 struct ipsec_deco_dpovrd {
220 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80
224 u8 next_header; /* reserved if decap */
228 * IEEE 802.11i WiFi Protocol Data Block
230 #define WIFI_PDBOPTS_FCS 0x01
231 #define WIFI_PDBOPTS_AR 0x40
233 struct wifi_encap_pdb {
251 struct wifi_decap_pdb {
268 * IEEE 802.16 WiMAX Protocol Data Block
270 #define WIMAX_PDBOPTS_FCS 0x01
271 #define WIMAX_PDBOPTS_AR 0x40 /* decap only */
273 struct wimax_encap_pdb {
280 /* begin DECO writeback region */
282 /* end DECO writeback region */
285 struct wimax_decap_pdb {
292 /* begin DECO writeback region */
296 u64 antireplay_scorecard;
297 /* end DECO writeback region */
301 * IEEE 801.AE MacSEC Protocol Data Block
303 #define MACSEC_PDBOPTS_FCS 0x01
304 #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */
306 struct macsec_encap_pdb {
314 /* begin DECO writeback region */
316 /* end DECO writeback region */
319 struct macsec_decap_pdb {
325 /* begin DECO writeback region */
328 u64 antireplay_scorecard;
329 /* end DECO writeback region */
333 * SSL/TLS/DTLS Protocol Data Blocks
336 #define TLS_PDBOPTS_ARS32 0x40
337 #define TLS_PDBOPTS_ARS64 0xc0
338 #define TLS_PDBOPTS_OUTFMT 0x08
339 #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */
340 #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */
342 struct tls_block_encap_pdb {
350 struct tls_stream_encap_pdb {
360 struct dtls_block_encap_pdb {
369 struct tls_block_decap_pdb {
376 struct tls_stream_decap_pdb {
385 struct dtls_block_decap_pdb {
391 u64 antireplay_scorecard;
395 * SRTP Protocol Data Blocks
397 #define SRTP_PDBOPTS_MKI 0x08
398 #define SRTP_PDBOPTS_AR 0x40
400 struct srtp_encap_pdb {
415 struct srtp_decap_pdb {
428 u64 antireplay_scorecard;
432 * DSA/ECDSA Protocol Data Blocks
433 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar
434 * except for the treatment of "w" for verify, "s" for sign,
435 * and the placement of "a,b".
437 #define DSA_PDB_SGF_SHIFT 24
438 #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT)
439 #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT)
440 #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT)
441 #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT)
442 #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT)
443 #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT)
444 #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT)
445 #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT)
446 #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT)
447 #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT)
448 #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT)
450 #define DSA_PDB_L_SHIFT 7
451 #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT)
453 #define DSA_PDB_N_MASK 0x7f
455 struct dsa_sign_pdb {
456 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */
464 u8 *ab; /* ECC only */
468 struct dsa_verify_pdb {
477 u8 *tmp; /* temporary data block */
478 u8 *ab; /* only used if ECC processing */
481 /* RSA Protocol Data Block */
482 #define RSA_PDB_SGF_SHIFT 28
483 #define RSA_PDB_E_SHIFT 12
484 #define RSA_PDB_E_MASK (0xFFF << RSA_PDB_E_SHIFT)
485 #define RSA_PDB_D_SHIFT 12
486 #define RSA_PDB_D_MASK (0xFFF << RSA_PDB_D_SHIFT)
487 #define RSA_PDB_Q_SHIFT 12
488 #define RSA_PDB_Q_MASK (0xFFF << RSA_PDB_Q_SHIFT)
490 #define RSA_PDB_SGF_F (0x8 << RSA_PDB_SGF_SHIFT)
491 #define RSA_PDB_SGF_G (0x4 << RSA_PDB_SGF_SHIFT)
492 #define RSA_PRIV_PDB_SGF_F (0x4 << RSA_PDB_SGF_SHIFT)
493 #define RSA_PRIV_PDB_SGF_G (0x8 << RSA_PDB_SGF_SHIFT)
495 #define RSA_PRIV_KEY_FRM_1 0
496 #define RSA_PRIV_KEY_FRM_2 1
497 #define RSA_PRIV_KEY_FRM_3 2
500 * RSA Encrypt Protocol Data Block
501 * @sgf: scatter-gather field
502 * @f_dma: dma address of input data
503 * @g_dma: dma address of encrypted output data
504 * @n_dma: dma address of RSA modulus
505 * @e_dma: dma address of RSA public exponent
506 * @f_len: length in octets of the input data
518 * RSA Decrypt PDB - Private Key Form #1
519 * @sgf: scatter-gather field
520 * @g_dma: dma address of encrypted input data
521 * @f_dma: dma address of output data
522 * @n_dma: dma address of RSA modulus
523 * @d_dma: dma address of RSA private exponent
525 struct rsa_priv_f1_pdb {
534 * RSA Decrypt PDB - Private Key Form #2
535 * @sgf : scatter-gather field
536 * @g_dma : dma address of encrypted input data
537 * @f_dma : dma address of output data
538 * @d_dma : dma address of RSA private exponent
539 * @p_dma : dma address of RSA prime factor p of RSA modulus n
540 * @q_dma : dma address of RSA prime factor q of RSA modulus n
541 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer
542 * as internal state buffer. It is assumed to be as long as p.
543 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer
544 * as internal state buffer. It is assumed to be as long as q.
545 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n
547 struct rsa_priv_f2_pdb {
560 * RSA Decrypt PDB - Private Key Form #3
561 * This is the RSA Chinese Reminder Theorem (CRT) form for two prime factors of
563 * @sgf : scatter-gather field
564 * @g_dma : dma address of encrypted input data
565 * @f_dma : dma address of output data
566 * @c_dma : dma address of RSA CRT coefficient
567 * @p_dma : dma address of RSA prime factor p of RSA modulus n
568 * @q_dma : dma address of RSA prime factor q of RSA modulus n
569 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor p
570 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor q
571 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer
572 * as internal state buffer. It is assumed to be as long as p.
573 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer
574 * as internal state buffer. It is assumed to be as long as q.
575 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n
577 struct rsa_priv_f3_pdb {
projects / releases.git / blob