[go: nahoru, domu]
1/*
2 * CAAM Protocol Data Block (PDB) definition header file
3 *
4 * Copyright 2008-2012 Freescale Semiconductor, Inc.
5 *
6 */
7
8#ifndef CAAM_PDB_H
9#define CAAM_PDB_H
10
11/*
12 * PDB- IPSec ESP Header Modification Options
13 */
14#define PDBHMO_ESP_DECAP_SHIFT	12
15#define PDBHMO_ESP_ENCAP_SHIFT	4
16/*
17 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the
18 * Options Byte IP version (IPvsn) field:
19 * if IPv4, decrement the inner IP header TTL field (byte 8);
20 * if IPv6 decrement the inner IP header Hop Limit field (byte 7).
21*/
22#define PDBHMO_ESP_DECAP_DEC_TTL	(0x02 << PDBHMO_ESP_DECAP_SHIFT)
23#define PDBHMO_ESP_ENCAP_DEC_TTL	(0x02 << PDBHMO_ESP_ENCAP_SHIFT)
24/*
25 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte
26 * from the outer IP header to the inner IP header.
27 */
28#define PDBHMO_ESP_DIFFSERV		(0x01 << PDBHMO_ESP_DECAP_SHIFT)
29/*
30 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from
31 * the PDB, copy the DF bit from the inner IP header to the outer IP header.
32 */
33#define PDBHMO_ESP_DFBIT		(0x04 << PDBHMO_ESP_ENCAP_SHIFT)
34
35/*
36 * PDB - IPSec ESP Encap/Decap Options
37 */
38#define PDBOPTS_ESP_ARSNONE	0x00 /* no antireplay window */
39#define PDBOPTS_ESP_ARS32	0x40 /* 32-entry antireplay window */
40#define PDBOPTS_ESP_ARS64	0xc0 /* 64-entry antireplay window */
41#define PDBOPTS_ESP_IVSRC	0x20 /* IV comes from internal random gen */
42#define PDBOPTS_ESP_ESN		0x10 /* extended sequence included */
43#define PDBOPTS_ESP_OUTFMT	0x08 /* output only decapsulation (decap) */
44#define PDBOPTS_ESP_IPHDRSRC	0x08 /* IP header comes from PDB (encap) */
45#define PDBOPTS_ESP_INCIPHDR	0x04 /* Prepend IP header to output frame */
46#define PDBOPTS_ESP_IPVSN	0x02 /* process IPv6 header */
47#define PDBOPTS_ESP_AOFL	0x04 /* adjust out frame len (decap, SEC>=5.3)*/
48#define PDBOPTS_ESP_TUNNEL	0x01 /* tunnel mode next-header byte */
49#define PDBOPTS_ESP_IPV6	0x02 /* ip header version is V6 */
50#define PDBOPTS_ESP_DIFFSERV	0x40 /* copy TOS/TC from inner iphdr */
51#define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */
52#define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */
53
54/*
55 * General IPSec encap/decap PDB definitions
56 */
57struct ipsec_encap_cbc {
58	u32 iv[4];
59};
60
61struct ipsec_encap_ctr {
62	u32 ctr_nonce;
63	u32 ctr_initial;
64	u32 iv[2];
65};
66
67struct ipsec_encap_ccm {
68	u32 salt; /* lower 24 bits */
69	u8 b0_flags;
70	u8 ctr_flags;
71	u16 ctr_initial;
72	u32 iv[2];
73};
74
75struct ipsec_encap_gcm {
76	u32 salt; /* lower 24 bits */
77	u32 rsvd1;
78	u32 iv[2];
79};
80
81struct ipsec_encap_pdb {
82	u8 hmo_rsvd;
83	u8 ip_nh;
84	u8 ip_nh_offset;
85	u8 options;
86	u32 seq_num_ext_hi;
87	u32 seq_num;
88	union {
89		struct ipsec_encap_cbc cbc;
90		struct ipsec_encap_ctr ctr;
91		struct ipsec_encap_ccm ccm;
92		struct ipsec_encap_gcm gcm;
93	};
94	u32 spi;
95	u16 rsvd1;
96	u16 ip_hdr_len;
97	u32 ip_hdr[0]; /* optional IP Header content */
98};
99
100struct ipsec_decap_cbc {
101	u32 rsvd[2];
102};
103
104struct ipsec_decap_ctr {
105	u32 salt;
106	u32 ctr_initial;
107};
108
109struct ipsec_decap_ccm {
110	u32 salt;
111	u8 iv_flags;
112	u8 ctr_flags;
113	u16 ctr_initial;
114};
115
116struct ipsec_decap_gcm {
117	u32 salt;
118	u32 resvd;
119};
120
121struct ipsec_decap_pdb {
122	u16 hmo_ip_hdr_len;
123	u8 ip_nh_offset;
124	u8 options;
125	union {
126		struct ipsec_decap_cbc cbc;
127		struct ipsec_decap_ctr ctr;
128		struct ipsec_decap_ccm ccm;
129		struct ipsec_decap_gcm gcm;
130	};
131	u32 seq_num_ext_hi;
132	u32 seq_num;
133	u32 anti_replay[2];
134	u32 end_index[0];
135};
136
137/*
138 * IPSec ESP Datapath Protocol Override Register (DPOVRD)
139 */
140struct ipsec_deco_dpovrd {
141#define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80
142	u8 ovrd_ecn;
143	u8 ip_hdr_len;
144	u8 nh_offset;
145	u8 next_header; /* reserved if decap */
146};
147
148/*
149 * IEEE 802.11i WiFi Protocol Data Block
150 */
151#define WIFI_PDBOPTS_FCS	0x01
152#define WIFI_PDBOPTS_AR		0x40
153
154struct wifi_encap_pdb {
155	u16 mac_hdr_len;
156	u8 rsvd;
157	u8 options;
158	u8 iv_flags;
159	u8 pri;
160	u16 pn1;
161	u32 pn2;
162	u16 frm_ctrl_mask;
163	u16 seq_ctrl_mask;
164	u8 rsvd1[2];
165	u8 cnst;
166	u8 key_id;
167	u8 ctr_flags;
168	u8 rsvd2;
169	u16 ctr_init;
170};
171
172struct wifi_decap_pdb {
173	u16 mac_hdr_len;
174	u8 rsvd;
175	u8 options;
176	u8 iv_flags;
177	u8 pri;
178	u16 pn1;
179	u32 pn2;
180	u16 frm_ctrl_mask;
181	u16 seq_ctrl_mask;
182	u8 rsvd1[4];
183	u8 ctr_flags;
184	u8 rsvd2;
185	u16 ctr_init;
186};
187
188/*
189 * IEEE 802.16 WiMAX Protocol Data Block
190 */
191#define WIMAX_PDBOPTS_FCS	0x01
192#define WIMAX_PDBOPTS_AR	0x40 /* decap only */
193
194struct wimax_encap_pdb {
195	u8 rsvd[3];
196	u8 options;
197	u32 nonce;
198	u8 b0_flags;
199	u8 ctr_flags;
200	u16 ctr_init;
201	/* begin DECO writeback region */
202	u32 pn;
203	/* end DECO writeback region */
204};
205
206struct wimax_decap_pdb {
207	u8 rsvd[3];
208	u8 options;
209	u32 nonce;
210	u8 iv_flags;
211	u8 ctr_flags;
212	u16 ctr_init;
213	/* begin DECO writeback region */
214	u32 pn;
215	u8 rsvd1[2];
216	u16 antireplay_len;
217	u64 antireplay_scorecard;
218	/* end DECO writeback region */
219};
220
221/*
222 * IEEE 801.AE MacSEC Protocol Data Block
223 */
224#define MACSEC_PDBOPTS_FCS	0x01
225#define MACSEC_PDBOPTS_AR	0x40 /* used in decap only */
226
227struct macsec_encap_pdb {
228	u16 aad_len;
229	u8 rsvd;
230	u8 options;
231	u64 sci;
232	u16 ethertype;
233	u8 tci_an;
234	u8 rsvd1;
235	/* begin DECO writeback region */
236	u32 pn;
237	/* end DECO writeback region */
238};
239
240struct macsec_decap_pdb {
241	u16 aad_len;
242	u8 rsvd;
243	u8 options;
244	u64 sci;
245	u8 rsvd1[3];
246	/* begin DECO writeback region */
247	u8 antireplay_len;
248	u32 pn;
249	u64 antireplay_scorecard;
250	/* end DECO writeback region */
251};
252
253/*
254 * SSL/TLS/DTLS Protocol Data Blocks
255 */
256
257#define TLS_PDBOPTS_ARS32	0x40
258#define TLS_PDBOPTS_ARS64	0xc0
259#define TLS_PDBOPTS_OUTFMT	0x08
260#define TLS_PDBOPTS_IV_WRTBK	0x02 /* 1.1/1.2/DTLS only */
261#define TLS_PDBOPTS_EXP_RND_IV	0x01 /* 1.1/1.2/DTLS only */
262
263struct tls_block_encap_pdb {
264	u8 type;
265	u8 version[2];
266	u8 options;
267	u64 seq_num;
268	u32 iv[4];
269};
270
271struct tls_stream_encap_pdb {
272	u8 type;
273	u8 version[2];
274	u8 options;
275	u64 seq_num;
276	u8 i;
277	u8 j;
278	u8 rsvd1[2];
279};
280
281struct dtls_block_encap_pdb {
282	u8 type;
283	u8 version[2];
284	u8 options;
285	u16 epoch;
286	u16 seq_num[3];
287	u32 iv[4];
288};
289
290struct tls_block_decap_pdb {
291	u8 rsvd[3];
292	u8 options;
293	u64 seq_num;
294	u32 iv[4];
295};
296
297struct tls_stream_decap_pdb {
298	u8 rsvd[3];
299	u8 options;
300	u64 seq_num;
301	u8 i;
302	u8 j;
303	u8 rsvd1[2];
304};
305
306struct dtls_block_decap_pdb {
307	u8 rsvd[3];
308	u8 options;
309	u16 epoch;
310	u16 seq_num[3];
311	u32 iv[4];
312	u64 antireplay_scorecard;
313};
314
315/*
316 * SRTP Protocol Data Blocks
317 */
318#define SRTP_PDBOPTS_MKI	0x08
319#define SRTP_PDBOPTS_AR		0x40
320
321struct srtp_encap_pdb {
322	u8 x_len;
323	u8 mki_len;
324	u8 n_tag;
325	u8 options;
326	u32 cnst0;
327	u8 rsvd[2];
328	u16 cnst1;
329	u16 salt[7];
330	u16 cnst2;
331	u32 rsvd1;
332	u32 roc;
333	u32 opt_mki;
334};
335
336struct srtp_decap_pdb {
337	u8 x_len;
338	u8 mki_len;
339	u8 n_tag;
340	u8 options;
341	u32 cnst0;
342	u8 rsvd[2];
343	u16 cnst1;
344	u16 salt[7];
345	u16 cnst2;
346	u16 rsvd1;
347	u16 seq_num;
348	u32 roc;
349	u64 antireplay_scorecard;
350};
351
352/*
353 * DSA/ECDSA Protocol Data Blocks
354 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar
355 * except for the treatment of "w" for verify, "s" for sign,
356 * and the placement of "a,b".
357 */
358#define DSA_PDB_SGF_SHIFT	24
359#define DSA_PDB_SGF_MASK	(0xff << DSA_PDB_SGF_SHIFT)
360#define DSA_PDB_SGF_Q		(0x80 << DSA_PDB_SGF_SHIFT)
361#define DSA_PDB_SGF_R		(0x40 << DSA_PDB_SGF_SHIFT)
362#define DSA_PDB_SGF_G		(0x20 << DSA_PDB_SGF_SHIFT)
363#define DSA_PDB_SGF_W		(0x10 << DSA_PDB_SGF_SHIFT)
364#define DSA_PDB_SGF_S		(0x10 << DSA_PDB_SGF_SHIFT)
365#define DSA_PDB_SGF_F		(0x08 << DSA_PDB_SGF_SHIFT)
366#define DSA_PDB_SGF_C		(0x04 << DSA_PDB_SGF_SHIFT)
367#define DSA_PDB_SGF_D		(0x02 << DSA_PDB_SGF_SHIFT)
368#define DSA_PDB_SGF_AB_SIGN	(0x02 << DSA_PDB_SGF_SHIFT)
369#define DSA_PDB_SGF_AB_VERIFY	(0x01 << DSA_PDB_SGF_SHIFT)
370
371#define DSA_PDB_L_SHIFT		7
372#define DSA_PDB_L_MASK		(0x3ff << DSA_PDB_L_SHIFT)
373
374#define DSA_PDB_N_MASK		0x7f
375
376struct dsa_sign_pdb {
377	u32 sgf_ln; /* Use DSA_PDB_ defintions per above */
378	u8 *q;
379	u8 *r;
380	u8 *g;	/* or Gx,y */
381	u8 *s;
382	u8 *f;
383	u8 *c;
384	u8 *d;
385	u8 *ab; /* ECC only */
386	u8 *u;
387};
388
389struct dsa_verify_pdb {
390	u32 sgf_ln;
391	u8 *q;
392	u8 *r;
393	u8 *g;	/* or Gx,y */
394	u8 *w; /* or Wx,y */
395	u8 *f;
396	u8 *c;
397	u8 *d;
398	u8 *tmp; /* temporary data block */
399	u8 *ab; /* only used if ECC processing */
400};
401
402#endif
403