1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * CAAM Protocol Data Block (PDB) definition header file 4*4882a593Smuzhiyun * 5*4882a593Smuzhiyun * Copyright 2008-2016 Freescale Semiconductor, Inc. 6*4882a593Smuzhiyun * 7*4882a593Smuzhiyun */ 8*4882a593Smuzhiyun 9*4882a593Smuzhiyun #ifndef CAAM_PDB_H 10*4882a593Smuzhiyun #define CAAM_PDB_H 11*4882a593Smuzhiyun #include "compat.h" 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun /* 14*4882a593Smuzhiyun * PDB- IPSec ESP Header Modification Options 15*4882a593Smuzhiyun */ 16*4882a593Smuzhiyun #define PDBHMO_ESP_DECAP_SHIFT 28 17*4882a593Smuzhiyun #define PDBHMO_ESP_ENCAP_SHIFT 28 18*4882a593Smuzhiyun /* 19*4882a593Smuzhiyun * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 20*4882a593Smuzhiyun * Options Byte IP version (IPvsn) field: 21*4882a593Smuzhiyun * if IPv4, decrement the inner IP header TTL field (byte 8); 22*4882a593Smuzhiyun * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 23*4882a593Smuzhiyun */ 24*4882a593Smuzhiyun #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 25*4882a593Smuzhiyun #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 26*4882a593Smuzhiyun /* 27*4882a593Smuzhiyun * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 28*4882a593Smuzhiyun * from the outer IP header to the inner IP header. 29*4882a593Smuzhiyun */ 30*4882a593Smuzhiyun #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 31*4882a593Smuzhiyun /* 32*4882a593Smuzhiyun * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 33*4882a593Smuzhiyun * the PDB, copy the DF bit from the inner IP header to the outer IP header. 34*4882a593Smuzhiyun */ 35*4882a593Smuzhiyun #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 36*4882a593Smuzhiyun 37*4882a593Smuzhiyun #define PDBNH_ESP_ENCAP_SHIFT 16 38*4882a593Smuzhiyun #define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT) 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun #define PDBHDRLEN_ESP_DECAP_SHIFT 16 41*4882a593Smuzhiyun #define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT) 42*4882a593Smuzhiyun 43*4882a593Smuzhiyun #define PDB_NH_OFFSET_SHIFT 8 44*4882a593Smuzhiyun #define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT) 45*4882a593Smuzhiyun 46*4882a593Smuzhiyun /* 47*4882a593Smuzhiyun * PDB - IPSec ESP Encap/Decap Options 48*4882a593Smuzhiyun */ 49*4882a593Smuzhiyun #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 50*4882a593Smuzhiyun #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 51*4882a593Smuzhiyun #define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */ 52*4882a593Smuzhiyun #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 53*4882a593Smuzhiyun #define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */ 54*4882a593Smuzhiyun #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 55*4882a593Smuzhiyun #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 56*4882a593Smuzhiyun #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 57*4882a593Smuzhiyun #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 58*4882a593Smuzhiyun #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 59*4882a593Smuzhiyun #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 60*4882a593Smuzhiyun #define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/ 61*4882a593Smuzhiyun #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 62*4882a593Smuzhiyun #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 63*4882a593Smuzhiyun #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 64*4882a593Smuzhiyun #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 65*4882a593Smuzhiyun #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun /* 68*4882a593Smuzhiyun * General IPSec encap/decap PDB definitions 69*4882a593Smuzhiyun */ 70*4882a593Smuzhiyun 71*4882a593Smuzhiyun /** 72*4882a593Smuzhiyun * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation 73*4882a593Smuzhiyun * @iv: 16-byte array initialization vector 74*4882a593Smuzhiyun */ 75*4882a593Smuzhiyun struct ipsec_encap_cbc { 76*4882a593Smuzhiyun u8 iv[16]; 77*4882a593Smuzhiyun }; 78*4882a593Smuzhiyun 79*4882a593Smuzhiyun /** 80*4882a593Smuzhiyun * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation 81*4882a593Smuzhiyun * @ctr_nonce: 4-byte array nonce 82*4882a593Smuzhiyun * @ctr_initial: initial count constant 83*4882a593Smuzhiyun * @iv: initialization vector 84*4882a593Smuzhiyun */ 85*4882a593Smuzhiyun struct ipsec_encap_ctr { 86*4882a593Smuzhiyun u8 ctr_nonce[4]; 87*4882a593Smuzhiyun u32 ctr_initial; 88*4882a593Smuzhiyun u64 iv; 89*4882a593Smuzhiyun }; 90*4882a593Smuzhiyun 91*4882a593Smuzhiyun /** 92*4882a593Smuzhiyun * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation 93*4882a593Smuzhiyun * @salt: 3-byte array salt (lower 24 bits) 94*4882a593Smuzhiyun * @ccm_opt: CCM algorithm options - MSB-LSB description: 95*4882a593Smuzhiyun * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 96*4882a593Smuzhiyun * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 97*4882a593Smuzhiyun * ctr_flags (8b) - counter flags; constant equal to 0x3 98*4882a593Smuzhiyun * ctr_initial (16b) - initial count constant 99*4882a593Smuzhiyun * @iv: initialization vector 100*4882a593Smuzhiyun */ 101*4882a593Smuzhiyun struct ipsec_encap_ccm { 102*4882a593Smuzhiyun u8 salt[4]; 103*4882a593Smuzhiyun u32 ccm_opt; 104*4882a593Smuzhiyun u64 iv; 105*4882a593Smuzhiyun }; 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun /** 108*4882a593Smuzhiyun * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation 109*4882a593Smuzhiyun * @salt: 3-byte array salt (lower 24 bits) 110*4882a593Smuzhiyun * @rsvd: reserved, do not use 111*4882a593Smuzhiyun * @iv: initialization vector 112*4882a593Smuzhiyun */ 113*4882a593Smuzhiyun struct ipsec_encap_gcm { 114*4882a593Smuzhiyun u8 salt[4]; 115*4882a593Smuzhiyun u32 rsvd1; 116*4882a593Smuzhiyun u64 iv; 117*4882a593Smuzhiyun }; 118*4882a593Smuzhiyun 119*4882a593Smuzhiyun /** 120*4882a593Smuzhiyun * ipsec_encap_pdb - PDB for IPsec encapsulation 121*4882a593Smuzhiyun * @options: MSB-LSB description 122*4882a593Smuzhiyun * hmo (header manipulation options) - 4b 123*4882a593Smuzhiyun * reserved - 4b 124*4882a593Smuzhiyun * next header - 8b 125*4882a593Smuzhiyun * next header offset - 8b 126*4882a593Smuzhiyun * option flags (depend on selected algorithm) - 8b 127*4882a593Smuzhiyun * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 128*4882a593Smuzhiyun * @seq_num: IPsec sequence number 129*4882a593Smuzhiyun * @spi: IPsec SPI (Security Parameters Index) 130*4882a593Smuzhiyun * @ip_hdr_len: optional IP Header length (in bytes) 131*4882a593Smuzhiyun * reserved - 16b 132*4882a593Smuzhiyun * Opt. IP Hdr Len - 16b 133*4882a593Smuzhiyun * @ip_hdr: optional IP Header content 134*4882a593Smuzhiyun */ 135*4882a593Smuzhiyun struct ipsec_encap_pdb { 136*4882a593Smuzhiyun u32 options; 137*4882a593Smuzhiyun u32 seq_num_ext_hi; 138*4882a593Smuzhiyun u32 seq_num; 139*4882a593Smuzhiyun union { 140*4882a593Smuzhiyun struct ipsec_encap_cbc cbc; 141*4882a593Smuzhiyun struct ipsec_encap_ctr ctr; 142*4882a593Smuzhiyun struct ipsec_encap_ccm ccm; 143*4882a593Smuzhiyun struct ipsec_encap_gcm gcm; 144*4882a593Smuzhiyun }; 145*4882a593Smuzhiyun u32 spi; 146*4882a593Smuzhiyun u32 ip_hdr_len; 147*4882a593Smuzhiyun u32 ip_hdr[0]; 148*4882a593Smuzhiyun }; 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun /** 151*4882a593Smuzhiyun * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation 152*4882a593Smuzhiyun * @rsvd: reserved, do not use 153*4882a593Smuzhiyun */ 154*4882a593Smuzhiyun struct ipsec_decap_cbc { 155*4882a593Smuzhiyun u32 rsvd[2]; 156*4882a593Smuzhiyun }; 157*4882a593Smuzhiyun 158*4882a593Smuzhiyun /** 159*4882a593Smuzhiyun * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation 160*4882a593Smuzhiyun * @ctr_nonce: 4-byte array nonce 161*4882a593Smuzhiyun * @ctr_initial: initial count constant 162*4882a593Smuzhiyun */ 163*4882a593Smuzhiyun struct ipsec_decap_ctr { 164*4882a593Smuzhiyun u8 ctr_nonce[4]; 165*4882a593Smuzhiyun u32 ctr_initial; 166*4882a593Smuzhiyun }; 167*4882a593Smuzhiyun 168*4882a593Smuzhiyun /** 169*4882a593Smuzhiyun * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation 170*4882a593Smuzhiyun * @salt: 3-byte salt (lower 24 bits) 171*4882a593Smuzhiyun * @ccm_opt: CCM algorithm options - MSB-LSB description: 172*4882a593Smuzhiyun * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV, 173*4882a593Smuzhiyun * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610) 174*4882a593Smuzhiyun * ctr_flags (8b) - counter flags; constant equal to 0x3 175*4882a593Smuzhiyun * ctr_initial (16b) - initial count constant 176*4882a593Smuzhiyun */ 177*4882a593Smuzhiyun struct ipsec_decap_ccm { 178*4882a593Smuzhiyun u8 salt[4]; 179*4882a593Smuzhiyun u32 ccm_opt; 180*4882a593Smuzhiyun }; 181*4882a593Smuzhiyun 182*4882a593Smuzhiyun /** 183*4882a593Smuzhiyun * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation 184*4882a593Smuzhiyun * @salt: 4-byte salt 185*4882a593Smuzhiyun * @rsvd: reserved, do not use 186*4882a593Smuzhiyun */ 187*4882a593Smuzhiyun struct ipsec_decap_gcm { 188*4882a593Smuzhiyun u8 salt[4]; 189*4882a593Smuzhiyun u32 resvd; 190*4882a593Smuzhiyun }; 191*4882a593Smuzhiyun 192*4882a593Smuzhiyun /** 193*4882a593Smuzhiyun * ipsec_decap_pdb - PDB for IPsec decapsulation 194*4882a593Smuzhiyun * @options: MSB-LSB description 195*4882a593Smuzhiyun * hmo (header manipulation options) - 4b 196*4882a593Smuzhiyun * IP header length - 12b 197*4882a593Smuzhiyun * next header offset - 8b 198*4882a593Smuzhiyun * option flags (depend on selected algorithm) - 8b 199*4882a593Smuzhiyun * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN) 200*4882a593Smuzhiyun * @seq_num: IPsec sequence number 201*4882a593Smuzhiyun * @anti_replay: Anti-replay window; size depends on ARS (option flags) 202*4882a593Smuzhiyun */ 203*4882a593Smuzhiyun struct ipsec_decap_pdb { 204*4882a593Smuzhiyun u32 options; 205*4882a593Smuzhiyun union { 206*4882a593Smuzhiyun struct ipsec_decap_cbc cbc; 207*4882a593Smuzhiyun struct ipsec_decap_ctr ctr; 208*4882a593Smuzhiyun struct ipsec_decap_ccm ccm; 209*4882a593Smuzhiyun struct ipsec_decap_gcm gcm; 210*4882a593Smuzhiyun }; 211*4882a593Smuzhiyun u32 seq_num_ext_hi; 212*4882a593Smuzhiyun u32 seq_num; 213*4882a593Smuzhiyun __be32 anti_replay[4]; 214*4882a593Smuzhiyun }; 215*4882a593Smuzhiyun 216*4882a593Smuzhiyun /* 217*4882a593Smuzhiyun * IPSec ESP Datapath Protocol Override Register (DPOVRD) 218*4882a593Smuzhiyun */ 219*4882a593Smuzhiyun struct ipsec_deco_dpovrd { 220*4882a593Smuzhiyun #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 221*4882a593Smuzhiyun u8 ovrd_ecn; 222*4882a593Smuzhiyun u8 ip_hdr_len; 223*4882a593Smuzhiyun u8 nh_offset; 224*4882a593Smuzhiyun u8 next_header; /* reserved if decap */ 225*4882a593Smuzhiyun }; 226*4882a593Smuzhiyun 227*4882a593Smuzhiyun /* 228*4882a593Smuzhiyun * IEEE 802.11i WiFi Protocol Data Block 229*4882a593Smuzhiyun */ 230*4882a593Smuzhiyun #define WIFI_PDBOPTS_FCS 0x01 231*4882a593Smuzhiyun #define WIFI_PDBOPTS_AR 0x40 232*4882a593Smuzhiyun 233*4882a593Smuzhiyun struct wifi_encap_pdb { 234*4882a593Smuzhiyun u16 mac_hdr_len; 235*4882a593Smuzhiyun u8 rsvd; 236*4882a593Smuzhiyun u8 options; 237*4882a593Smuzhiyun u8 iv_flags; 238*4882a593Smuzhiyun u8 pri; 239*4882a593Smuzhiyun u16 pn1; 240*4882a593Smuzhiyun u32 pn2; 241*4882a593Smuzhiyun u16 frm_ctrl_mask; 242*4882a593Smuzhiyun u16 seq_ctrl_mask; 243*4882a593Smuzhiyun u8 rsvd1[2]; 244*4882a593Smuzhiyun u8 cnst; 245*4882a593Smuzhiyun u8 key_id; 246*4882a593Smuzhiyun u8 ctr_flags; 247*4882a593Smuzhiyun u8 rsvd2; 248*4882a593Smuzhiyun u16 ctr_init; 249*4882a593Smuzhiyun }; 250*4882a593Smuzhiyun 251*4882a593Smuzhiyun struct wifi_decap_pdb { 252*4882a593Smuzhiyun u16 mac_hdr_len; 253*4882a593Smuzhiyun u8 rsvd; 254*4882a593Smuzhiyun u8 options; 255*4882a593Smuzhiyun u8 iv_flags; 256*4882a593Smuzhiyun u8 pri; 257*4882a593Smuzhiyun u16 pn1; 258*4882a593Smuzhiyun u32 pn2; 259*4882a593Smuzhiyun u16 frm_ctrl_mask; 260*4882a593Smuzhiyun u16 seq_ctrl_mask; 261*4882a593Smuzhiyun u8 rsvd1[4]; 262*4882a593Smuzhiyun u8 ctr_flags; 263*4882a593Smuzhiyun u8 rsvd2; 264*4882a593Smuzhiyun u16 ctr_init; 265*4882a593Smuzhiyun }; 266*4882a593Smuzhiyun 267*4882a593Smuzhiyun /* 268*4882a593Smuzhiyun * IEEE 802.16 WiMAX Protocol Data Block 269*4882a593Smuzhiyun */ 270*4882a593Smuzhiyun #define WIMAX_PDBOPTS_FCS 0x01 271*4882a593Smuzhiyun #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 272*4882a593Smuzhiyun 273*4882a593Smuzhiyun struct wimax_encap_pdb { 274*4882a593Smuzhiyun u8 rsvd[3]; 275*4882a593Smuzhiyun u8 options; 276*4882a593Smuzhiyun u32 nonce; 277*4882a593Smuzhiyun u8 b0_flags; 278*4882a593Smuzhiyun u8 ctr_flags; 279*4882a593Smuzhiyun u16 ctr_init; 280*4882a593Smuzhiyun /* begin DECO writeback region */ 281*4882a593Smuzhiyun u32 pn; 282*4882a593Smuzhiyun /* end DECO writeback region */ 283*4882a593Smuzhiyun }; 284*4882a593Smuzhiyun 285*4882a593Smuzhiyun struct wimax_decap_pdb { 286*4882a593Smuzhiyun u8 rsvd[3]; 287*4882a593Smuzhiyun u8 options; 288*4882a593Smuzhiyun u32 nonce; 289*4882a593Smuzhiyun u8 iv_flags; 290*4882a593Smuzhiyun u8 ctr_flags; 291*4882a593Smuzhiyun u16 ctr_init; 292*4882a593Smuzhiyun /* begin DECO writeback region */ 293*4882a593Smuzhiyun u32 pn; 294*4882a593Smuzhiyun u8 rsvd1[2]; 295*4882a593Smuzhiyun u16 antireplay_len; 296*4882a593Smuzhiyun u64 antireplay_scorecard; 297*4882a593Smuzhiyun /* end DECO writeback region */ 298*4882a593Smuzhiyun }; 299*4882a593Smuzhiyun 300*4882a593Smuzhiyun /* 301*4882a593Smuzhiyun * IEEE 801.AE MacSEC Protocol Data Block 302*4882a593Smuzhiyun */ 303*4882a593Smuzhiyun #define MACSEC_PDBOPTS_FCS 0x01 304*4882a593Smuzhiyun #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 305*4882a593Smuzhiyun 306*4882a593Smuzhiyun struct macsec_encap_pdb { 307*4882a593Smuzhiyun u16 aad_len; 308*4882a593Smuzhiyun u8 rsvd; 309*4882a593Smuzhiyun u8 options; 310*4882a593Smuzhiyun u64 sci; 311*4882a593Smuzhiyun u16 ethertype; 312*4882a593Smuzhiyun u8 tci_an; 313*4882a593Smuzhiyun u8 rsvd1; 314*4882a593Smuzhiyun /* begin DECO writeback region */ 315*4882a593Smuzhiyun u32 pn; 316*4882a593Smuzhiyun /* end DECO writeback region */ 317*4882a593Smuzhiyun }; 318*4882a593Smuzhiyun 319*4882a593Smuzhiyun struct macsec_decap_pdb { 320*4882a593Smuzhiyun u16 aad_len; 321*4882a593Smuzhiyun u8 rsvd; 322*4882a593Smuzhiyun u8 options; 323*4882a593Smuzhiyun u64 sci; 324*4882a593Smuzhiyun u8 rsvd1[3]; 325*4882a593Smuzhiyun /* begin DECO writeback region */ 326*4882a593Smuzhiyun u8 antireplay_len; 327*4882a593Smuzhiyun u32 pn; 328*4882a593Smuzhiyun u64 antireplay_scorecard; 329*4882a593Smuzhiyun /* end DECO writeback region */ 330*4882a593Smuzhiyun }; 331*4882a593Smuzhiyun 332*4882a593Smuzhiyun /* 333*4882a593Smuzhiyun * SSL/TLS/DTLS Protocol Data Blocks 334*4882a593Smuzhiyun */ 335*4882a593Smuzhiyun 336*4882a593Smuzhiyun #define TLS_PDBOPTS_ARS32 0x40 337*4882a593Smuzhiyun #define TLS_PDBOPTS_ARS64 0xc0 338*4882a593Smuzhiyun #define TLS_PDBOPTS_OUTFMT 0x08 339*4882a593Smuzhiyun #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 340*4882a593Smuzhiyun #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 341*4882a593Smuzhiyun 342*4882a593Smuzhiyun struct tls_block_encap_pdb { 343*4882a593Smuzhiyun u8 type; 344*4882a593Smuzhiyun u8 version[2]; 345*4882a593Smuzhiyun u8 options; 346*4882a593Smuzhiyun u64 seq_num; 347*4882a593Smuzhiyun u32 iv[4]; 348*4882a593Smuzhiyun }; 349*4882a593Smuzhiyun 350*4882a593Smuzhiyun struct tls_stream_encap_pdb { 351*4882a593Smuzhiyun u8 type; 352*4882a593Smuzhiyun u8 version[2]; 353*4882a593Smuzhiyun u8 options; 354*4882a593Smuzhiyun u64 seq_num; 355*4882a593Smuzhiyun u8 i; 356*4882a593Smuzhiyun u8 j; 357*4882a593Smuzhiyun u8 rsvd1[2]; 358*4882a593Smuzhiyun }; 359*4882a593Smuzhiyun 360*4882a593Smuzhiyun struct dtls_block_encap_pdb { 361*4882a593Smuzhiyun u8 type; 362*4882a593Smuzhiyun u8 version[2]; 363*4882a593Smuzhiyun u8 options; 364*4882a593Smuzhiyun u16 epoch; 365*4882a593Smuzhiyun u16 seq_num[3]; 366*4882a593Smuzhiyun u32 iv[4]; 367*4882a593Smuzhiyun }; 368*4882a593Smuzhiyun 369*4882a593Smuzhiyun struct tls_block_decap_pdb { 370*4882a593Smuzhiyun u8 rsvd[3]; 371*4882a593Smuzhiyun u8 options; 372*4882a593Smuzhiyun u64 seq_num; 373*4882a593Smuzhiyun u32 iv[4]; 374*4882a593Smuzhiyun }; 375*4882a593Smuzhiyun 376*4882a593Smuzhiyun struct tls_stream_decap_pdb { 377*4882a593Smuzhiyun u8 rsvd[3]; 378*4882a593Smuzhiyun u8 options; 379*4882a593Smuzhiyun u64 seq_num; 380*4882a593Smuzhiyun u8 i; 381*4882a593Smuzhiyun u8 j; 382*4882a593Smuzhiyun u8 rsvd1[2]; 383*4882a593Smuzhiyun }; 384*4882a593Smuzhiyun 385*4882a593Smuzhiyun struct dtls_block_decap_pdb { 386*4882a593Smuzhiyun u8 rsvd[3]; 387*4882a593Smuzhiyun u8 options; 388*4882a593Smuzhiyun u16 epoch; 389*4882a593Smuzhiyun u16 seq_num[3]; 390*4882a593Smuzhiyun u32 iv[4]; 391*4882a593Smuzhiyun u64 antireplay_scorecard; 392*4882a593Smuzhiyun }; 393*4882a593Smuzhiyun 394*4882a593Smuzhiyun /* 395*4882a593Smuzhiyun * SRTP Protocol Data Blocks 396*4882a593Smuzhiyun */ 397*4882a593Smuzhiyun #define SRTP_PDBOPTS_MKI 0x08 398*4882a593Smuzhiyun #define SRTP_PDBOPTS_AR 0x40 399*4882a593Smuzhiyun 400*4882a593Smuzhiyun struct srtp_encap_pdb { 401*4882a593Smuzhiyun u8 x_len; 402*4882a593Smuzhiyun u8 mki_len; 403*4882a593Smuzhiyun u8 n_tag; 404*4882a593Smuzhiyun u8 options; 405*4882a593Smuzhiyun u32 cnst0; 406*4882a593Smuzhiyun u8 rsvd[2]; 407*4882a593Smuzhiyun u16 cnst1; 408*4882a593Smuzhiyun u16 salt[7]; 409*4882a593Smuzhiyun u16 cnst2; 410*4882a593Smuzhiyun u32 rsvd1; 411*4882a593Smuzhiyun u32 roc; 412*4882a593Smuzhiyun u32 opt_mki; 413*4882a593Smuzhiyun }; 414*4882a593Smuzhiyun 415*4882a593Smuzhiyun struct srtp_decap_pdb { 416*4882a593Smuzhiyun u8 x_len; 417*4882a593Smuzhiyun u8 mki_len; 418*4882a593Smuzhiyun u8 n_tag; 419*4882a593Smuzhiyun u8 options; 420*4882a593Smuzhiyun u32 cnst0; 421*4882a593Smuzhiyun u8 rsvd[2]; 422*4882a593Smuzhiyun u16 cnst1; 423*4882a593Smuzhiyun u16 salt[7]; 424*4882a593Smuzhiyun u16 cnst2; 425*4882a593Smuzhiyun u16 rsvd1; 426*4882a593Smuzhiyun u16 seq_num; 427*4882a593Smuzhiyun u32 roc; 428*4882a593Smuzhiyun u64 antireplay_scorecard; 429*4882a593Smuzhiyun }; 430*4882a593Smuzhiyun 431*4882a593Smuzhiyun /* 432*4882a593Smuzhiyun * DSA/ECDSA Protocol Data Blocks 433*4882a593Smuzhiyun * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 434*4882a593Smuzhiyun * except for the treatment of "w" for verify, "s" for sign, 435*4882a593Smuzhiyun * and the placement of "a,b". 436*4882a593Smuzhiyun */ 437*4882a593Smuzhiyun #define DSA_PDB_SGF_SHIFT 24 438*4882a593Smuzhiyun #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 439*4882a593Smuzhiyun #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 440*4882a593Smuzhiyun #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 441*4882a593Smuzhiyun #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 442*4882a593Smuzhiyun #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 443*4882a593Smuzhiyun #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 444*4882a593Smuzhiyun #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 445*4882a593Smuzhiyun #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 446*4882a593Smuzhiyun #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 447*4882a593Smuzhiyun #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 448*4882a593Smuzhiyun #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 449*4882a593Smuzhiyun 450*4882a593Smuzhiyun #define DSA_PDB_L_SHIFT 7 451*4882a593Smuzhiyun #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 452*4882a593Smuzhiyun 453*4882a593Smuzhiyun #define DSA_PDB_N_MASK 0x7f 454*4882a593Smuzhiyun 455*4882a593Smuzhiyun struct dsa_sign_pdb { 456*4882a593Smuzhiyun u32 sgf_ln; /* Use DSA_PDB_ definitions per above */ 457*4882a593Smuzhiyun u8 *q; 458*4882a593Smuzhiyun u8 *r; 459*4882a593Smuzhiyun u8 *g; /* or Gx,y */ 460*4882a593Smuzhiyun u8 *s; 461*4882a593Smuzhiyun u8 *f; 462*4882a593Smuzhiyun u8 *c; 463*4882a593Smuzhiyun u8 *d; 464*4882a593Smuzhiyun u8 *ab; /* ECC only */ 465*4882a593Smuzhiyun u8 *u; 466*4882a593Smuzhiyun }; 467*4882a593Smuzhiyun 468*4882a593Smuzhiyun struct dsa_verify_pdb { 469*4882a593Smuzhiyun u32 sgf_ln; 470*4882a593Smuzhiyun u8 *q; 471*4882a593Smuzhiyun u8 *r; 472*4882a593Smuzhiyun u8 *g; /* or Gx,y */ 473*4882a593Smuzhiyun u8 *w; /* or Wx,y */ 474*4882a593Smuzhiyun u8 *f; 475*4882a593Smuzhiyun u8 *c; 476*4882a593Smuzhiyun u8 *d; 477*4882a593Smuzhiyun u8 *tmp; /* temporary data block */ 478*4882a593Smuzhiyun u8 *ab; /* only used if ECC processing */ 479*4882a593Smuzhiyun }; 480*4882a593Smuzhiyun 481*4882a593Smuzhiyun /* RSA Protocol Data Block */ 482*4882a593Smuzhiyun #define RSA_PDB_SGF_SHIFT 28 483*4882a593Smuzhiyun #define RSA_PDB_E_SHIFT 12 484*4882a593Smuzhiyun #define RSA_PDB_E_MASK (0xFFF << RSA_PDB_E_SHIFT) 485*4882a593Smuzhiyun #define RSA_PDB_D_SHIFT 12 486*4882a593Smuzhiyun #define RSA_PDB_D_MASK (0xFFF << RSA_PDB_D_SHIFT) 487*4882a593Smuzhiyun #define RSA_PDB_Q_SHIFT 12 488*4882a593Smuzhiyun #define RSA_PDB_Q_MASK (0xFFF << RSA_PDB_Q_SHIFT) 489*4882a593Smuzhiyun 490*4882a593Smuzhiyun #define RSA_PDB_SGF_F (0x8 << RSA_PDB_SGF_SHIFT) 491*4882a593Smuzhiyun #define RSA_PDB_SGF_G (0x4 << RSA_PDB_SGF_SHIFT) 492*4882a593Smuzhiyun #define RSA_PRIV_PDB_SGF_F (0x4 << RSA_PDB_SGF_SHIFT) 493*4882a593Smuzhiyun #define RSA_PRIV_PDB_SGF_G (0x8 << RSA_PDB_SGF_SHIFT) 494*4882a593Smuzhiyun 495*4882a593Smuzhiyun #define RSA_PRIV_KEY_FRM_1 0 496*4882a593Smuzhiyun #define RSA_PRIV_KEY_FRM_2 1 497*4882a593Smuzhiyun #define RSA_PRIV_KEY_FRM_3 2 498*4882a593Smuzhiyun 499*4882a593Smuzhiyun /** 500*4882a593Smuzhiyun * RSA Encrypt Protocol Data Block 501*4882a593Smuzhiyun * @sgf: scatter-gather field 502*4882a593Smuzhiyun * @f_dma: dma address of input data 503*4882a593Smuzhiyun * @g_dma: dma address of encrypted output data 504*4882a593Smuzhiyun * @n_dma: dma address of RSA modulus 505*4882a593Smuzhiyun * @e_dma: dma address of RSA public exponent 506*4882a593Smuzhiyun * @f_len: length in octets of the input data 507*4882a593Smuzhiyun */ 508*4882a593Smuzhiyun struct rsa_pub_pdb { 509*4882a593Smuzhiyun u32 sgf; 510*4882a593Smuzhiyun dma_addr_t f_dma; 511*4882a593Smuzhiyun dma_addr_t g_dma; 512*4882a593Smuzhiyun dma_addr_t n_dma; 513*4882a593Smuzhiyun dma_addr_t e_dma; 514*4882a593Smuzhiyun u32 f_len; 515*4882a593Smuzhiyun }; 516*4882a593Smuzhiyun 517*4882a593Smuzhiyun #define SIZEOF_RSA_PUB_PDB (2 * sizeof(u32) + 4 * caam_ptr_sz) 518*4882a593Smuzhiyun 519*4882a593Smuzhiyun /** 520*4882a593Smuzhiyun * RSA Decrypt PDB - Private Key Form #1 521*4882a593Smuzhiyun * @sgf: scatter-gather field 522*4882a593Smuzhiyun * @g_dma: dma address of encrypted input data 523*4882a593Smuzhiyun * @f_dma: dma address of output data 524*4882a593Smuzhiyun * @n_dma: dma address of RSA modulus 525*4882a593Smuzhiyun * @d_dma: dma address of RSA private exponent 526*4882a593Smuzhiyun */ 527*4882a593Smuzhiyun struct rsa_priv_f1_pdb { 528*4882a593Smuzhiyun u32 sgf; 529*4882a593Smuzhiyun dma_addr_t g_dma; 530*4882a593Smuzhiyun dma_addr_t f_dma; 531*4882a593Smuzhiyun dma_addr_t n_dma; 532*4882a593Smuzhiyun dma_addr_t d_dma; 533*4882a593Smuzhiyun }; 534*4882a593Smuzhiyun 535*4882a593Smuzhiyun #define SIZEOF_RSA_PRIV_F1_PDB (sizeof(u32) + 4 * caam_ptr_sz) 536*4882a593Smuzhiyun 537*4882a593Smuzhiyun /** 538*4882a593Smuzhiyun * RSA Decrypt PDB - Private Key Form #2 539*4882a593Smuzhiyun * @sgf : scatter-gather field 540*4882a593Smuzhiyun * @g_dma : dma address of encrypted input data 541*4882a593Smuzhiyun * @f_dma : dma address of output data 542*4882a593Smuzhiyun * @d_dma : dma address of RSA private exponent 543*4882a593Smuzhiyun * @p_dma : dma address of RSA prime factor p of RSA modulus n 544*4882a593Smuzhiyun * @q_dma : dma address of RSA prime factor q of RSA modulus n 545*4882a593Smuzhiyun * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer 546*4882a593Smuzhiyun * as internal state buffer. It is assumed to be as long as p. 547*4882a593Smuzhiyun * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer 548*4882a593Smuzhiyun * as internal state buffer. It is assumed to be as long as q. 549*4882a593Smuzhiyun * @p_q_len : length in bytes of first two prime factors of the RSA modulus n 550*4882a593Smuzhiyun */ 551*4882a593Smuzhiyun struct rsa_priv_f2_pdb { 552*4882a593Smuzhiyun u32 sgf; 553*4882a593Smuzhiyun dma_addr_t g_dma; 554*4882a593Smuzhiyun dma_addr_t f_dma; 555*4882a593Smuzhiyun dma_addr_t d_dma; 556*4882a593Smuzhiyun dma_addr_t p_dma; 557*4882a593Smuzhiyun dma_addr_t q_dma; 558*4882a593Smuzhiyun dma_addr_t tmp1_dma; 559*4882a593Smuzhiyun dma_addr_t tmp2_dma; 560*4882a593Smuzhiyun u32 p_q_len; 561*4882a593Smuzhiyun }; 562*4882a593Smuzhiyun 563*4882a593Smuzhiyun #define SIZEOF_RSA_PRIV_F2_PDB (2 * sizeof(u32) + 7 * caam_ptr_sz) 564*4882a593Smuzhiyun 565*4882a593Smuzhiyun /** 566*4882a593Smuzhiyun * RSA Decrypt PDB - Private Key Form #3 567*4882a593Smuzhiyun * This is the RSA Chinese Reminder Theorem (CRT) form for two prime factors of 568*4882a593Smuzhiyun * the RSA modulus. 569*4882a593Smuzhiyun * @sgf : scatter-gather field 570*4882a593Smuzhiyun * @g_dma : dma address of encrypted input data 571*4882a593Smuzhiyun * @f_dma : dma address of output data 572*4882a593Smuzhiyun * @c_dma : dma address of RSA CRT coefficient 573*4882a593Smuzhiyun * @p_dma : dma address of RSA prime factor p of RSA modulus n 574*4882a593Smuzhiyun * @q_dma : dma address of RSA prime factor q of RSA modulus n 575*4882a593Smuzhiyun * @dp_dma : dma address of RSA CRT exponent of RSA prime factor p 576*4882a593Smuzhiyun * @dp_dma : dma address of RSA CRT exponent of RSA prime factor q 577*4882a593Smuzhiyun * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer 578*4882a593Smuzhiyun * as internal state buffer. It is assumed to be as long as p. 579*4882a593Smuzhiyun * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer 580*4882a593Smuzhiyun * as internal state buffer. It is assumed to be as long as q. 581*4882a593Smuzhiyun * @p_q_len : length in bytes of first two prime factors of the RSA modulus n 582*4882a593Smuzhiyun */ 583*4882a593Smuzhiyun struct rsa_priv_f3_pdb { 584*4882a593Smuzhiyun u32 sgf; 585*4882a593Smuzhiyun dma_addr_t g_dma; 586*4882a593Smuzhiyun dma_addr_t f_dma; 587*4882a593Smuzhiyun dma_addr_t c_dma; 588*4882a593Smuzhiyun dma_addr_t p_dma; 589*4882a593Smuzhiyun dma_addr_t q_dma; 590*4882a593Smuzhiyun dma_addr_t dp_dma; 591*4882a593Smuzhiyun dma_addr_t dq_dma; 592*4882a593Smuzhiyun dma_addr_t tmp1_dma; 593*4882a593Smuzhiyun dma_addr_t tmp2_dma; 594*4882a593Smuzhiyun u32 p_q_len; 595*4882a593Smuzhiyun }; 596*4882a593Smuzhiyun 597*4882a593Smuzhiyun #define SIZEOF_RSA_PRIV_F3_PDB (2 * sizeof(u32) + 9 * caam_ptr_sz) 598*4882a593Smuzhiyun 599*4882a593Smuzhiyun #endif 600