Hemant Agrawal | a23d80e | 2012-06-22 19:42:39 -0500 | [diff] [blame^] | 1 | /* |
| 2 | * CAAM Protocol Data Block (PDB) definition header file |
| 3 | * |
| 4 | * Copyright 2008-2012 Freescale Semiconductor, Inc. |
| 5 | * |
| 6 | */ |
| 7 | |
| 8 | #ifndef CAAM_PDB_H |
| 9 | #define CAAM_PDB_H |
| 10 | |
| 11 | /* |
| 12 | * PDB- IPSec ESP Header Modification Options |
| 13 | */ |
| 14 | #define PDBHMO_ESP_DECAP_SHIFT 12 |
| 15 | #define PDBHMO_ESP_ENCAP_SHIFT 4 |
| 16 | /* |
| 17 | * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the |
| 18 | * Options Byte IP version (IPvsn) field: |
| 19 | * if IPv4, decrement the inner IP header TTL field (byte 8); |
| 20 | * if IPv6 decrement the inner IP header Hop Limit field (byte 7). |
| 21 | */ |
| 22 | #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) |
| 23 | #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) |
| 24 | /* |
| 25 | * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte |
| 26 | * from the outer IP header to the inner IP header. |
| 27 | */ |
| 28 | #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) |
| 29 | /* |
| 30 | * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from |
| 31 | * the PDB, copy the DF bit from the inner IP header to the outer IP header. |
| 32 | */ |
| 33 | #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) |
| 34 | |
| 35 | /* |
| 36 | * PDB - IPSec ESP Encap/Decap Options |
| 37 | */ |
| 38 | #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ |
| 39 | #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ |
| 40 | #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ |
| 41 | #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ |
| 42 | #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ |
| 43 | #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ |
| 44 | #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ |
| 45 | #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ |
| 46 | #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ |
| 47 | #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ |
| 48 | #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ |
| 49 | #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ |
| 50 | #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ |
| 51 | #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ |
| 52 | |
| 53 | /* |
| 54 | * General IPSec encap/decap PDB definitions |
| 55 | */ |
| 56 | struct ipsec_encap_cbc { |
| 57 | u32 iv[4]; |
| 58 | }; |
| 59 | |
| 60 | struct ipsec_encap_ctr { |
| 61 | u32 ctr_nonce; |
| 62 | u32 ctr_initial; |
| 63 | u32 iv[2]; |
| 64 | }; |
| 65 | |
| 66 | struct ipsec_encap_ccm { |
| 67 | u32 salt; /* lower 24 bits */ |
| 68 | u8 b0_flags; |
| 69 | u8 ctr_flags; |
| 70 | u16 ctr_initial; |
| 71 | u32 iv[2]; |
| 72 | }; |
| 73 | |
| 74 | struct ipsec_encap_gcm { |
| 75 | u32 salt; /* lower 24 bits */ |
| 76 | u32 rsvd1; |
| 77 | u32 iv[2]; |
| 78 | }; |
| 79 | |
| 80 | struct ipsec_encap_pdb { |
| 81 | u8 hmo_rsvd; |
| 82 | u8 ip_nh; |
| 83 | u8 ip_nh_offset; |
| 84 | u8 options; |
| 85 | u32 seq_num_ext_hi; |
| 86 | u32 seq_num; |
| 87 | union { |
| 88 | struct ipsec_encap_cbc cbc; |
| 89 | struct ipsec_encap_ctr ctr; |
| 90 | struct ipsec_encap_ccm ccm; |
| 91 | struct ipsec_encap_gcm gcm; |
| 92 | }; |
| 93 | u32 spi; |
| 94 | u16 rsvd1; |
| 95 | u16 ip_hdr_len; |
| 96 | u32 ip_hdr[0]; /* optional IP Header content */ |
| 97 | }; |
| 98 | |
| 99 | struct ipsec_decap_cbc { |
| 100 | u32 rsvd[2]; |
| 101 | }; |
| 102 | |
| 103 | struct ipsec_decap_ctr { |
| 104 | u32 salt; |
| 105 | u32 ctr_initial; |
| 106 | }; |
| 107 | |
| 108 | struct ipsec_decap_ccm { |
| 109 | u32 salt; |
| 110 | u8 iv_flags; |
| 111 | u8 ctr_flags; |
| 112 | u16 ctr_initial; |
| 113 | }; |
| 114 | |
| 115 | struct ipsec_decap_gcm { |
| 116 | u32 salt; |
| 117 | u32 resvd; |
| 118 | }; |
| 119 | |
| 120 | struct ipsec_decap_pdb { |
| 121 | u16 hmo_ip_hdr_len; |
| 122 | u8 ip_nh_offset; |
| 123 | u8 options; |
| 124 | union { |
| 125 | struct ipsec_decap_cbc cbc; |
| 126 | struct ipsec_decap_ctr ctr; |
| 127 | struct ipsec_decap_ccm ccm; |
| 128 | struct ipsec_decap_gcm gcm; |
| 129 | }; |
| 130 | u32 seq_num_ext_hi; |
| 131 | u32 seq_num; |
| 132 | u32 anti_replay[2]; |
| 133 | u32 end_index[0]; |
| 134 | }; |
| 135 | |
| 136 | /* |
| 137 | * IPSec ESP Datapath Protocol Override Register (DPOVRD) |
| 138 | */ |
| 139 | struct ipsec_deco_dpovrd { |
| 140 | #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 |
| 141 | u8 ovrd_ecn; |
| 142 | u8 ip_hdr_len; |
| 143 | u8 nh_offset; |
| 144 | u8 next_header; /* reserved if decap */ |
| 145 | }; |
| 146 | |
| 147 | /* |
| 148 | * IEEE 802.11i WiFi Protocol Data Block |
| 149 | */ |
| 150 | #define WIFI_PDBOPTS_FCS 0x01 |
| 151 | #define WIFI_PDBOPTS_AR 0x40 |
| 152 | |
| 153 | struct wifi_encap_pdb { |
| 154 | u16 mac_hdr_len; |
| 155 | u8 rsvd; |
| 156 | u8 options; |
| 157 | u8 iv_flags; |
| 158 | u8 pri; |
| 159 | u16 pn1; |
| 160 | u32 pn2; |
| 161 | u16 frm_ctrl_mask; |
| 162 | u16 seq_ctrl_mask; |
| 163 | u8 rsvd1[2]; |
| 164 | u8 cnst; |
| 165 | u8 key_id; |
| 166 | u8 ctr_flags; |
| 167 | u8 rsvd2; |
| 168 | u16 ctr_init; |
| 169 | }; |
| 170 | |
| 171 | struct wifi_decap_pdb { |
| 172 | u16 mac_hdr_len; |
| 173 | u8 rsvd; |
| 174 | u8 options; |
| 175 | u8 iv_flags; |
| 176 | u8 pri; |
| 177 | u16 pn1; |
| 178 | u32 pn2; |
| 179 | u16 frm_ctrl_mask; |
| 180 | u16 seq_ctrl_mask; |
| 181 | u8 rsvd1[4]; |
| 182 | u8 ctr_flags; |
| 183 | u8 rsvd2; |
| 184 | u16 ctr_init; |
| 185 | }; |
| 186 | |
| 187 | /* |
| 188 | * IEEE 802.16 WiMAX Protocol Data Block |
| 189 | */ |
| 190 | #define WIMAX_PDBOPTS_FCS 0x01 |
| 191 | #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ |
| 192 | |
| 193 | struct wimax_encap_pdb { |
| 194 | u8 rsvd[3]; |
| 195 | u8 options; |
| 196 | u32 nonce; |
| 197 | u8 b0_flags; |
| 198 | u8 ctr_flags; |
| 199 | u16 ctr_init; |
| 200 | /* begin DECO writeback region */ |
| 201 | u32 pn; |
| 202 | /* end DECO writeback region */ |
| 203 | }; |
| 204 | |
| 205 | struct wimax_decap_pdb { |
| 206 | u8 rsvd[3]; |
| 207 | u8 options; |
| 208 | u32 nonce; |
| 209 | u8 iv_flags; |
| 210 | u8 ctr_flags; |
| 211 | u16 ctr_init; |
| 212 | /* begin DECO writeback region */ |
| 213 | u32 pn; |
| 214 | u8 rsvd1[2]; |
| 215 | u16 antireplay_len; |
| 216 | u64 antireplay_scorecard; |
| 217 | /* end DECO writeback region */ |
| 218 | }; |
| 219 | |
| 220 | /* |
| 221 | * IEEE 801.AE MacSEC Protocol Data Block |
| 222 | */ |
| 223 | #define MACSEC_PDBOPTS_FCS 0x01 |
| 224 | #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ |
| 225 | |
| 226 | struct macsec_encap_pdb { |
| 227 | u16 aad_len; |
| 228 | u8 rsvd; |
| 229 | u8 options; |
| 230 | u64 sci; |
| 231 | u16 ethertype; |
| 232 | u8 tci_an; |
| 233 | u8 rsvd1; |
| 234 | /* begin DECO writeback region */ |
| 235 | u32 pn; |
| 236 | /* end DECO writeback region */ |
| 237 | }; |
| 238 | |
| 239 | struct macsec_decap_pdb { |
| 240 | u16 aad_len; |
| 241 | u8 rsvd; |
| 242 | u8 options; |
| 243 | u64 sci; |
| 244 | u8 rsvd1[3]; |
| 245 | /* begin DECO writeback region */ |
| 246 | u8 antireplay_len; |
| 247 | u32 pn; |
| 248 | u64 antireplay_scorecard; |
| 249 | /* end DECO writeback region */ |
| 250 | }; |
| 251 | |
| 252 | /* |
| 253 | * SSL/TLS/DTLS Protocol Data Blocks |
| 254 | */ |
| 255 | |
| 256 | #define TLS_PDBOPTS_ARS32 0x40 |
| 257 | #define TLS_PDBOPTS_ARS64 0xc0 |
| 258 | #define TLS_PDBOPTS_OUTFMT 0x08 |
| 259 | #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ |
| 260 | #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ |
| 261 | |
| 262 | struct tls_block_encap_pdb { |
| 263 | u8 type; |
| 264 | u8 version[2]; |
| 265 | u8 options; |
| 266 | u64 seq_num; |
| 267 | u32 iv[4]; |
| 268 | }; |
| 269 | |
| 270 | struct tls_stream_encap_pdb { |
| 271 | u8 type; |
| 272 | u8 version[2]; |
| 273 | u8 options; |
| 274 | u64 seq_num; |
| 275 | u8 i; |
| 276 | u8 j; |
| 277 | u8 rsvd1[2]; |
| 278 | }; |
| 279 | |
| 280 | struct dtls_block_encap_pdb { |
| 281 | u8 type; |
| 282 | u8 version[2]; |
| 283 | u8 options; |
| 284 | u16 epoch; |
| 285 | u16 seq_num[3]; |
| 286 | u32 iv[4]; |
| 287 | }; |
| 288 | |
| 289 | struct tls_block_decap_pdb { |
| 290 | u8 rsvd[3]; |
| 291 | u8 options; |
| 292 | u64 seq_num; |
| 293 | u32 iv[4]; |
| 294 | }; |
| 295 | |
| 296 | struct tls_stream_decap_pdb { |
| 297 | u8 rsvd[3]; |
| 298 | u8 options; |
| 299 | u64 seq_num; |
| 300 | u8 i; |
| 301 | u8 j; |
| 302 | u8 rsvd1[2]; |
| 303 | }; |
| 304 | |
| 305 | struct dtls_block_decap_pdb { |
| 306 | u8 rsvd[3]; |
| 307 | u8 options; |
| 308 | u16 epoch; |
| 309 | u16 seq_num[3]; |
| 310 | u32 iv[4]; |
| 311 | u64 antireplay_scorecard; |
| 312 | }; |
| 313 | |
| 314 | /* |
| 315 | * SRTP Protocol Data Blocks |
| 316 | */ |
| 317 | #define SRTP_PDBOPTS_MKI 0x08 |
| 318 | #define SRTP_PDBOPTS_AR 0x40 |
| 319 | |
| 320 | struct srtp_encap_pdb { |
| 321 | u8 x_len; |
| 322 | u8 mki_len; |
| 323 | u8 n_tag; |
| 324 | u8 options; |
| 325 | u32 cnst0; |
| 326 | u8 rsvd[2]; |
| 327 | u16 cnst1; |
| 328 | u16 salt[7]; |
| 329 | u16 cnst2; |
| 330 | u32 rsvd1; |
| 331 | u32 roc; |
| 332 | u32 opt_mki; |
| 333 | }; |
| 334 | |
| 335 | struct srtp_decap_pdb { |
| 336 | u8 x_len; |
| 337 | u8 mki_len; |
| 338 | u8 n_tag; |
| 339 | u8 options; |
| 340 | u32 cnst0; |
| 341 | u8 rsvd[2]; |
| 342 | u16 cnst1; |
| 343 | u16 salt[7]; |
| 344 | u16 cnst2; |
| 345 | u16 rsvd1; |
| 346 | u16 seq_num; |
| 347 | u32 roc; |
| 348 | u64 antireplay_scorecard; |
| 349 | }; |
| 350 | |
| 351 | /* |
| 352 | * DSA/ECDSA Protocol Data Blocks |
| 353 | * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar |
| 354 | * except for the treatment of "w" for verify, "s" for sign, |
| 355 | * and the placement of "a,b". |
| 356 | */ |
| 357 | #define DSA_PDB_SGF_SHIFT 24 |
| 358 | #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) |
| 359 | #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) |
| 360 | #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) |
| 361 | #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) |
| 362 | #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) |
| 363 | #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) |
| 364 | #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) |
| 365 | #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) |
| 366 | #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) |
| 367 | #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) |
| 368 | #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) |
| 369 | |
| 370 | #define DSA_PDB_L_SHIFT 7 |
| 371 | #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) |
| 372 | |
| 373 | #define DSA_PDB_N_MASK 0x7f |
| 374 | |
| 375 | struct dsa_sign_pdb { |
| 376 | u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ |
| 377 | u8 *q; |
| 378 | u8 *r; |
| 379 | u8 *g; /* or Gx,y */ |
| 380 | u8 *s; |
| 381 | u8 *f; |
| 382 | u8 *c; |
| 383 | u8 *d; |
| 384 | u8 *ab; /* ECC only */ |
| 385 | u8 *u; |
| 386 | }; |
| 387 | |
| 388 | struct dsa_verify_pdb { |
| 389 | u32 sgf_ln; |
| 390 | u8 *q; |
| 391 | u8 *r; |
| 392 | u8 *g; /* or Gx,y */ |
| 393 | u8 *w; /* or Wx,y */ |
| 394 | u8 *f; |
| 395 | u8 *c; |
| 396 | u8 *d; |
| 397 | u8 *tmp; /* temporary data block */ |
| 398 | u8 *ab; /* only used if ECC processing */ |
| 399 | }; |
| 400 | |
| 401 | #endif |