1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * CAAM Protocol Data Block (PDB) definition header file 4 * 5 * Copyright 2008-2016 Freescale Semiconductor, Inc. 6 * 7 */ 8 9 #ifndef CAAM_PDB_H 10 #define CAAM_PDB_H 11 #include "compat.h" 12 13 /* 14 * PDB- IPSec ESP Header Modification Options 15 */ 16 #define PDBHMO_ESP_DECAP_SHIFT 28 17 #define PDBHMO_ESP_ENCAP_SHIFT 28 18 /* 19 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 20 * Options Byte IP version (IPvsn) field: 21 * if IPv4, decrement the inner IP header TTL field (byte 8); 22 * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 23 */ 24 #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 25 #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 26 /* 27 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 28 * from the outer IP header to the inner IP header. 29 */ 30 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 31 /* 32 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 33 * the PDB, copy the DF bit from the inner IP header to the outer IP header. 34 */ 35 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 36 37 #define PDBNH_ESP_ENCAP_SHIFT 16 38 #define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT) 39 40 #define PDBHDRLEN_ESP_DECAP_SHIFT 16 41 #define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT) 42 43 #define PDB_NH_OFFSET_SHIFT 8 44 #define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT) 45 46 /* 47 * PDB - IPSec ESP Encap/Decap Options 48 */ 49 #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 50 #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 51 #define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */ 52 #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 53 #define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */ 54 #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 55 #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 56 #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 57 #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 58 #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 59 #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 60 #define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 61 #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 62 #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 63 #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 64 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 65 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 66 67 /* 68 * General IPSec encap/decap PDB definitions 69 */ 70 71 /** 72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation 73 * @iv: 16-byte array initialization vector 74 */ 75 struct ipsec_encap_cbc { 76 u8 iv[16]; 77 }; 78 79 /** 80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation 81 * @ctr_nonce: 4-byte array nonce 82 * @ctr_initial: initial count constant 83 * @iv: initialization vector 84 */ 85 struct ipsec_encap_ctr { 86 u8 ctr_nonce[4]; 87 u32 ctr_initial; 88 u64 iv; 89 }; 90 91 /** 92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation 93 * @salt: 3-byte array salt (lower 24 bits) 94 * @ccm_opt: CCM algorithm options - MSB-LSB description: 95 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 96 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 97 * ctr_flags (8b) - counter flags; constant equal to 0x3 98 * ctr_initial (16b) - initial count constant 99 * @iv: initialization vector 100 */ 101 struct ipsec_encap_ccm { 102 u8 salt[4]; 103 u32 ccm_opt; 104 u64 iv; 105 }; 106 107 /** 108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation 109 * @salt: 3-byte array salt (lower 24 bits) 110 * @rsvd: reserved, do not use 111 * @iv: initialization vector 112 */ 113 struct ipsec_encap_gcm { 114 u8 salt[4]; 115 u32 rsvd1; 116 u64 iv; 117 }; 118 119 /** 120 * ipsec_encap_pdb - PDB for IPsec encapsulation 121 * @options: MSB-LSB description 122 * hmo (header manipulation options) - 4b 123 * reserved - 4b 124 * next header - 8b 125 * next header offset - 8b 126 * option flags (depend on selected algorithm) - 8b 127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 128 * @seq_num: IPsec sequence number 129 * @spi: IPsec SPI (Security Parameters Index) 130 * @ip_hdr_len: optional IP Header length (in bytes) 131 * reserved - 16b 132 * Opt. IP Hdr Len - 16b 133 * @ip_hdr: optional IP Header content 134 */ 135 struct ipsec_encap_pdb { 136 u32 options; 137 u32 seq_num_ext_hi; 138 u32 seq_num; 139 union { 140 struct ipsec_encap_cbc cbc; 141 struct ipsec_encap_ctr ctr; 142 struct ipsec_encap_ccm ccm; 143 struct ipsec_encap_gcm gcm; 144 }; 145 u32 spi; 146 u32 ip_hdr_len; 147 u32 ip_hdr[]; 148 }; 149 150 /** 151 * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation 152 * @rsvd: reserved, do not use 153 */ 154 struct ipsec_decap_cbc { 155 u32 rsvd[2]; 156 }; 157 158 /** 159 * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation 160 * @ctr_nonce: 4-byte array nonce 161 * @ctr_initial: initial count constant 162 */ 163 struct ipsec_decap_ctr { 164 u8 ctr_nonce[4]; 165 u32 ctr_initial; 166 }; 167 168 /** 169 * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation 170 * @salt: 3-byte salt (lower 24 bits) 171 * @ccm_opt: CCM algorithm options - MSB-LSB description: 172 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 173 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 174 * ctr_flags (8b) - counter flags; constant equal to 0x3 175 * ctr_initial (16b) - initial count constant 176 */ 177 struct ipsec_decap_ccm { 178 u8 salt[4]; 179 u32 ccm_opt; 180 }; 181 182 /** 183 * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation 184 * @salt: 4-byte salt 185 * @rsvd: reserved, do not use 186 */ 187 struct ipsec_decap_gcm { 188 u8 salt[4]; 189 u32 resvd; 190 }; 191 192 /** 193 * ipsec_decap_pdb - PDB for IPsec decapsulation 194 * @options: MSB-LSB description 195 * hmo (header manipulation options) - 4b 196 * IP header length - 12b 197 * next header offset - 8b 198 * option flags (depend on selected algorithm) - 8b 199 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 200 * @seq_num: IPsec sequence number 201 * @anti_replay: Anti-replay window; size depends on ARS (option flags) 202 */ 203 struct ipsec_decap_pdb { 204 u32 options; 205 union { 206 struct ipsec_decap_cbc cbc; 207 struct ipsec_decap_ctr ctr; 208 struct ipsec_decap_ccm ccm; 209 struct ipsec_decap_gcm gcm; 210 }; 211 u32 seq_num_ext_hi; 212 u32 seq_num; 213 __be32 anti_replay[4]; 214 }; 215 216 /* 217 * IPSec ESP Datapath Protocol Override Register (DPOVRD) 218 */ 219 struct ipsec_deco_dpovrd { 220 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 221 u8 ovrd_ecn; 222 u8 ip_hdr_len; 223 u8 nh_offset; 224 u8 next_header; /* reserved if decap */ 225 }; 226 227 /* 228 * IEEE 802.11i WiFi Protocol Data Block 229 */ 230 #define WIFI_PDBOPTS_FCS 0x01 231 #define WIFI_PDBOPTS_AR 0x40 232 233 struct wifi_encap_pdb { 234 u16 mac_hdr_len; 235 u8 rsvd; 236 u8 options; 237 u8 iv_flags; 238 u8 pri; 239 u16 pn1; 240 u32 pn2; 241 u16 frm_ctrl_mask; 242 u16 seq_ctrl_mask; 243 u8 rsvd1[2]; 244 u8 cnst; 245 u8 key_id; 246 u8 ctr_flags; 247 u8 rsvd2; 248 u16 ctr_init; 249 }; 250 251 struct wifi_decap_pdb { 252 u16 mac_hdr_len; 253 u8 rsvd; 254 u8 options; 255 u8 iv_flags; 256 u8 pri; 257 u16 pn1; 258 u32 pn2; 259 u16 frm_ctrl_mask; 260 u16 seq_ctrl_mask; 261 u8 rsvd1[4]; 262 u8 ctr_flags; 263 u8 rsvd2; 264 u16 ctr_init; 265 }; 266 267 /* 268 * IEEE 802.16 WiMAX Protocol Data Block 269 */ 270 #define WIMAX_PDBOPTS_FCS 0x01 271 #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 272 273 struct wimax_encap_pdb { 274 u8 rsvd[3]; 275 u8 options; 276 u32 nonce; 277 u8 b0_flags; 278 u8 ctr_flags; 279 u16 ctr_init; 280 /* begin DECO writeback region */ 281 u32 pn; 282 /* end DECO writeback region */ 283 }; 284 285 struct wimax_decap_pdb { 286 u8 rsvd[3]; 287 u8 options; 288 u32 nonce; 289 u8 iv_flags; 290 u8 ctr_flags; 291 u16 ctr_init; 292 /* begin DECO writeback region */ 293 u32 pn; 294 u8 rsvd1[2]; 295 u16 antireplay_len; 296 u64 antireplay_scorecard; 297 /* end DECO writeback region */ 298 }; 299 300 /* 301 * IEEE 801.AE MacSEC Protocol Data Block 302 */ 303 #define MACSEC_PDBOPTS_FCS 0x01 304 #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 305 306 struct macsec_encap_pdb { 307 u16 aad_len; 308 u8 rsvd; 309 u8 options; 310 u64 sci; 311 u16 ethertype; 312 u8 tci_an; 313 u8 rsvd1; 314 /* begin DECO writeback region */ 315 u32 pn; 316 /* end DECO writeback region */ 317 }; 318 319 struct macsec_decap_pdb { 320 u16 aad_len; 321 u8 rsvd; 322 u8 options; 323 u64 sci; 324 u8 rsvd1[3]; 325 /* begin DECO writeback region */ 326 u8 antireplay_len; 327 u32 pn; 328 u64 antireplay_scorecard; 329 /* end DECO writeback region */ 330 }; 331 332 /* 333 * SSL/TLS/DTLS Protocol Data Blocks 334 */ 335 336 #define TLS_PDBOPTS_ARS32 0x40 337 #define TLS_PDBOPTS_ARS64 0xc0 338 #define TLS_PDBOPTS_OUTFMT 0x08 339 #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 340 #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 341 342 struct tls_block_encap_pdb { 343 u8 type; 344 u8 version[2]; 345 u8 options; 346 u64 seq_num; 347 u32 iv[4]; 348 }; 349 350 struct tls_stream_encap_pdb { 351 u8 type; 352 u8 version[2]; 353 u8 options; 354 u64 seq_num; 355 u8 i; 356 u8 j; 357 u8 rsvd1[2]; 358 }; 359 360 struct dtls_block_encap_pdb { 361 u8 type; 362 u8 version[2]; 363 u8 options; 364 u16 epoch; 365 u16 seq_num[3]; 366 u32 iv[4]; 367 }; 368 369 struct tls_block_decap_pdb { 370 u8 rsvd[3]; 371 u8 options; 372 u64 seq_num; 373 u32 iv[4]; 374 }; 375 376 struct tls_stream_decap_pdb { 377 u8 rsvd[3]; 378 u8 options; 379 u64 seq_num; 380 u8 i; 381 u8 j; 382 u8 rsvd1[2]; 383 }; 384 385 struct dtls_block_decap_pdb { 386 u8 rsvd[3]; 387 u8 options; 388 u16 epoch; 389 u16 seq_num[3]; 390 u32 iv[4]; 391 u64 antireplay_scorecard; 392 }; 393 394 /* 395 * SRTP Protocol Data Blocks 396 */ 397 #define SRTP_PDBOPTS_MKI 0x08 398 #define SRTP_PDBOPTS_AR 0x40 399 400 struct srtp_encap_pdb { 401 u8 x_len; 402 u8 mki_len; 403 u8 n_tag; 404 u8 options; 405 u32 cnst0; 406 u8 rsvd[2]; 407 u16 cnst1; 408 u16 salt[7]; 409 u16 cnst2; 410 u32 rsvd1; 411 u32 roc; 412 u32 opt_mki; 413 }; 414 415 struct srtp_decap_pdb { 416 u8 x_len; 417 u8 mki_len; 418 u8 n_tag; 419 u8 options; 420 u32 cnst0; 421 u8 rsvd[2]; 422 u16 cnst1; 423 u16 salt[7]; 424 u16 cnst2; 425 u16 rsvd1; 426 u16 seq_num; 427 u32 roc; 428 u64 antireplay_scorecard; 429 }; 430 431 /* 432 * DSA/ECDSA Protocol Data Blocks 433 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 434 * except for the treatment of "w" for verify, "s" for sign, 435 * and the placement of "a,b". 436 */ 437 #define DSA_PDB_SGF_SHIFT 24 438 #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 439 #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 440 #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 441 #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 442 #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 443 #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 444 #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 445 #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 446 #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 447 #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 448 #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 449 450 #define DSA_PDB_L_SHIFT 7 451 #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 452 453 #define DSA_PDB_N_MASK 0x7f 454 455 struct dsa_sign_pdb { 456 u32 sgf_ln; /* Use DSA_PDB_ definitions per above */ 457 u8 *q; 458 u8 *r; 459 u8 *g; /* or Gx,y */ 460 u8 *s; 461 u8 *f; 462 u8 *c; 463 u8 *d; 464 u8 *ab; /* ECC only */ 465 u8 *u; 466 }; 467 468 struct dsa_verify_pdb { 469 u32 sgf_ln; 470 u8 *q; 471 u8 *r; 472 u8 *g; /* or Gx,y */ 473 u8 *w; /* or Wx,y */ 474 u8 *f; 475 u8 *c; 476 u8 *d; 477 u8 *tmp; /* temporary data block */ 478 u8 *ab; /* only used if ECC processing */ 479 }; 480 481 /* RSA Protocol Data Block */ 482 #define RSA_PDB_SGF_SHIFT 28 483 #define RSA_PDB_E_SHIFT 12 484 #define RSA_PDB_E_MASK (0xFFF << RSA_PDB_E_SHIFT) 485 #define RSA_PDB_D_SHIFT 12 486 #define RSA_PDB_D_MASK (0xFFF << RSA_PDB_D_SHIFT) 487 #define RSA_PDB_Q_SHIFT 12 488 #define RSA_PDB_Q_MASK (0xFFF << RSA_PDB_Q_SHIFT) 489 490 #define RSA_PDB_SGF_F (0x8 << RSA_PDB_SGF_SHIFT) 491 #define RSA_PDB_SGF_G (0x4 << RSA_PDB_SGF_SHIFT) 492 #define RSA_PRIV_PDB_SGF_F (0x4 << RSA_PDB_SGF_SHIFT) 493 #define RSA_PRIV_PDB_SGF_G (0x8 << RSA_PDB_SGF_SHIFT) 494 495 #define RSA_PRIV_KEY_FRM_1 0 496 #define RSA_PRIV_KEY_FRM_2 1 497 #define RSA_PRIV_KEY_FRM_3 2 498 499 /** 500 * RSA Encrypt Protocol Data Block 501 * @sgf: scatter-gather field 502 * @f_dma: dma address of input data 503 * @g_dma: dma address of encrypted output data 504 * @n_dma: dma address of RSA modulus 505 * @e_dma: dma address of RSA public exponent 506 * @f_len: length in octets of the input data 507 */ 508 struct rsa_pub_pdb { 509 u32 sgf; 510 dma_addr_t f_dma; 511 dma_addr_t g_dma; 512 dma_addr_t n_dma; 513 dma_addr_t e_dma; 514 u32 f_len; 515 }; 516 517 #define SIZEOF_RSA_PUB_PDB (2 * sizeof(u32) + 4 * caam_ptr_sz) 518 519 /** 520 * RSA Decrypt PDB - Private Key Form #1 521 * @sgf: scatter-gather field 522 * @g_dma: dma address of encrypted input data 523 * @f_dma: dma address of output data 524 * @n_dma: dma address of RSA modulus 525 * @d_dma: dma address of RSA private exponent 526 */ 527 struct rsa_priv_f1_pdb { 528 u32 sgf; 529 dma_addr_t g_dma; 530 dma_addr_t f_dma; 531 dma_addr_t n_dma; 532 dma_addr_t d_dma; 533 }; 534 535 #define SIZEOF_RSA_PRIV_F1_PDB (sizeof(u32) + 4 * caam_ptr_sz) 536 537 /** 538 * RSA Decrypt PDB - Private Key Form #2 539 * @sgf : scatter-gather field 540 * @g_dma : dma address of encrypted input data 541 * @f_dma : dma address of output data 542 * @d_dma : dma address of RSA private exponent 543 * @p_dma : dma address of RSA prime factor p of RSA modulus n 544 * @q_dma : dma address of RSA prime factor q of RSA modulus n 545 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer 546 * as internal state buffer. It is assumed to be as long as p. 547 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer 548 * as internal state buffer. It is assumed to be as long as q. 549 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n 550 */ 551 struct rsa_priv_f2_pdb { 552 u32 sgf; 553 dma_addr_t g_dma; 554 dma_addr_t f_dma; 555 dma_addr_t d_dma; 556 dma_addr_t p_dma; 557 dma_addr_t q_dma; 558 dma_addr_t tmp1_dma; 559 dma_addr_t tmp2_dma; 560 u32 p_q_len; 561 }; 562 563 #define SIZEOF_RSA_PRIV_F2_PDB (2 * sizeof(u32) + 7 * caam_ptr_sz) 564 565 /** 566 * RSA Decrypt PDB - Private Key Form #3 567 * This is the RSA Chinese Reminder Theorem (CRT) form for two prime factors of 568 * the RSA modulus. 569 * @sgf : scatter-gather field 570 * @g_dma : dma address of encrypted input data 571 * @f_dma : dma address of output data 572 * @c_dma : dma address of RSA CRT coefficient 573 * @p_dma : dma address of RSA prime factor p of RSA modulus n 574 * @q_dma : dma address of RSA prime factor q of RSA modulus n 575 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor p 576 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor q 577 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer 578 * as internal state buffer. It is assumed to be as long as p. 579 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer 580 * as internal state buffer. It is assumed to be as long as q. 581 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n 582 */ 583 struct rsa_priv_f3_pdb { 584 u32 sgf; 585 dma_addr_t g_dma; 586 dma_addr_t f_dma; 587 dma_addr_t c_dma; 588 dma_addr_t p_dma; 589 dma_addr_t q_dma; 590 dma_addr_t dp_dma; 591 dma_addr_t dq_dma; 592 dma_addr_t tmp1_dma; 593 dma_addr_t tmp2_dma; 594 u32 p_q_len; 595 }; 596 597 #define SIZEOF_RSA_PRIV_F3_PDB (2 * sizeof(u32) + 9 * caam_ptr_sz) 598 599 #endif 600