Gitiles
Code Review Sign In
192.168.1.100 / T800 / 4df0b51fe88b5a322114304ccc36f1b5d6f3df06 / . / src / kernel / linux / v4.19 / drivers / crypto / caam / pdb.h
blob: 810f0bef0652b38c299d2c5888c1e90265090a73 [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * CAAM Protocol Data Block (PDB) definition header file
4 *
5 * Copyright 2008-2016 Freescale Semiconductor, Inc.
6 *
7 */
8
9#ifndef CAAM_PDB_H
10#define CAAM_PDB_H
11#include "compat.h"
12
13/*
14 * PDB- IPSec ESP Header Modification Options
15 */
16#define PDBHMO_ESP_DECAP_SHIFT 28
17#define PDBHMO_ESP_ENCAP_SHIFT 28
18/*
19 * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the
20 * Options Byte IP version (IPvsn) field:
21 * if IPv4, decrement the inner IP header TTL field (byte 8);
22 * if IPv6 decrement the inner IP header Hop Limit field (byte 7).
23*/
24#define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT)
25#define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT)
26/*
27 * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte
28 * from the outer IP header to the inner IP header.
29 */
30#define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT)
31/*
32 * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from
33 * the PDB, copy the DF bit from the inner IP header to the outer IP header.
34 */
35#define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT)
36
37#define PDBNH_ESP_ENCAP_SHIFT 16
38#define PDBNH_ESP_ENCAP_MASK (0xff << PDBNH_ESP_ENCAP_SHIFT)
39
40#define PDBHDRLEN_ESP_DECAP_SHIFT 16
41#define PDBHDRLEN_MASK (0x0fff << PDBHDRLEN_ESP_DECAP_SHIFT)
42
43#define PDB_NH_OFFSET_SHIFT 8
44#define PDB_NH_OFFSET_MASK (0xff << PDB_NH_OFFSET_SHIFT)
45
46/*
47 * PDB - IPSec ESP Encap/Decap Options
48 */
49#define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */
50#define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */
51#define PDBOPTS_ESP_ARS128 0x80 /* 128-entry antireplay window */
52#define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */
53#define PDBOPTS_ESP_ARS_MASK 0xc0 /* antireplay window mask */
54#define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */
55#define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */
56#define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */
57#define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */
58#define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */
59#define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */
60#define PDBOPTS_ESP_AOFL 0x04 /* adjust out frame len (decap, SEC>=5.3)*/
61#define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */
62#define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */
63#define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */
64#define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */
65#define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */
66
67/*
68 * General IPSec encap/decap PDB definitions
69 */
70
71/**
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
73 * @iv: 16-byte array initialization vector
74 */
75struct ipsec_encap_cbc {
76 u8 iv[16];
77};
78
79/**
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
81 * @ctr_nonce: 4-byte array nonce
82 * @ctr_initial: initial count constant
83 * @iv: initialization vector
84 */
85struct ipsec_encap_ctr {
86 u8 ctr_nonce[4];
87 u32 ctr_initial;
88 u64 iv;
89};
90
91/**
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
93 * @salt: 3-byte array salt (lower 24 bits)
94 * @ccm_opt: CCM algorithm options - MSB-LSB description:
95 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
96 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
97 * ctr_flags (8b) - counter flags; constant equal to 0x3
98 * ctr_initial (16b) - initial count constant
99 * @iv: initialization vector
100 */
101struct ipsec_encap_ccm {
102 u8 salt[4];
103 u32 ccm_opt;
104 u64 iv;
105};
106
107/**
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
109 * @salt: 3-byte array salt (lower 24 bits)
110 * @rsvd: reserved, do not use
111 * @iv: initialization vector
112 */
113struct ipsec_encap_gcm {
114 u8 salt[4];
115 u32 rsvd1;
116 u64 iv;
117};
118
119/**
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
121 * @options: MSB-LSB description
122 * hmo (header manipulation options) - 4b
123 * reserved - 4b
124 * next header - 8b
125 * next header offset - 8b
126 * option flags (depend on selected algorithm) - 8b
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
129 * @spi: IPsec SPI (Security Parameters Index)
130 * @ip_hdr_len: optional IP Header length (in bytes)
131 * reserved - 16b
132 * Opt. IP Hdr Len - 16b
133 * @ip_hdr: optional IP Header content
134 */
135struct ipsec_encap_pdb {
136 u32 options;
137 u32 seq_num_ext_hi;
138 u32 seq_num;
139 union {
140 struct ipsec_encap_cbc cbc;
141 struct ipsec_encap_ctr ctr;
142 struct ipsec_encap_ccm ccm;
143 struct ipsec_encap_gcm gcm;
144 };
145 u32 spi;
146 u32 ip_hdr_len;
147 u32 ip_hdr[0];
148};
149
150/**
151 * ipsec_decap_cbc - PDB part for IPsec CBC decapsulation
152 * @rsvd: reserved, do not use
153 */
154struct ipsec_decap_cbc {
155 u32 rsvd[2];
156};
157
158/**
159 * ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
160 * @ctr_nonce: 4-byte array nonce
161 * @ctr_initial: initial count constant
162 */
163struct ipsec_decap_ctr {
164 u8 ctr_nonce[4];
165 u32 ctr_initial;
166};
167
168/**
169 * ipsec_decap_ccm - PDB part for IPsec CCM decapsulation
170 * @salt: 3-byte salt (lower 24 bits)
171 * @ccm_opt: CCM algorithm options - MSB-LSB description:
172 * b0_flags (8b) - CCM B0; use 0x5B for 8-byte ICV, 0x6B for 12-byte ICV,
173 * 0x7B for 16-byte ICV (cf. RFC4309, RFC3610)
174 * ctr_flags (8b) - counter flags; constant equal to 0x3
175 * ctr_initial (16b) - initial count constant
176 */
177struct ipsec_decap_ccm {
178 u8 salt[4];
179 u32 ccm_opt;
180};
181
182/**
183 * ipsec_decap_gcm - PDB part for IPsec GCN decapsulation
184 * @salt: 4-byte salt
185 * @rsvd: reserved, do not use
186 */
187struct ipsec_decap_gcm {
188 u8 salt[4];
189 u32 resvd;
190};
191
192/**
193 * ipsec_decap_pdb - PDB for IPsec decapsulation
194 * @options: MSB-LSB description
195 * hmo (header manipulation options) - 4b
196 * IP header length - 12b
197 * next header offset - 8b
198 * option flags (depend on selected algorithm) - 8b
199 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
200 * @seq_num: IPsec sequence number
201 * @anti_replay: Anti-replay window; size depends on ARS (option flags)
202 */
203struct ipsec_decap_pdb {
204 u32 options;
205 union {
206 struct ipsec_decap_cbc cbc;
207 struct ipsec_decap_ctr ctr;
208 struct ipsec_decap_ccm ccm;
209 struct ipsec_decap_gcm gcm;
210 };
211 u32 seq_num_ext_hi;
212 u32 seq_num;
213 __be32 anti_replay[4];
214};
215
216/*
217 * IPSec ESP Datapath Protocol Override Register (DPOVRD)
218 */
219struct ipsec_deco_dpovrd {
220#define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80
221 u8 ovrd_ecn;
222 u8 ip_hdr_len;
223 u8 nh_offset;
224 u8 next_header; /* reserved if decap */
225};
226
227/*
228 * IEEE 802.11i WiFi Protocol Data Block
229 */
230#define WIFI_PDBOPTS_FCS 0x01
231#define WIFI_PDBOPTS_AR 0x40
232
233struct wifi_encap_pdb {
234 u16 mac_hdr_len;
235 u8 rsvd;
236 u8 options;
237 u8 iv_flags;
238 u8 pri;
239 u16 pn1;
240 u32 pn2;
241 u16 frm_ctrl_mask;
242 u16 seq_ctrl_mask;
243 u8 rsvd1[2];
244 u8 cnst;
245 u8 key_id;
246 u8 ctr_flags;
247 u8 rsvd2;
248 u16 ctr_init;
249};
250
251struct wifi_decap_pdb {
252 u16 mac_hdr_len;
253 u8 rsvd;
254 u8 options;
255 u8 iv_flags;
256 u8 pri;
257 u16 pn1;
258 u32 pn2;
259 u16 frm_ctrl_mask;
260 u16 seq_ctrl_mask;
261 u8 rsvd1[4];
262 u8 ctr_flags;
263 u8 rsvd2;
264 u16 ctr_init;
265};
266
267/*
268 * IEEE 802.16 WiMAX Protocol Data Block
269 */
270#define WIMAX_PDBOPTS_FCS 0x01
271#define WIMAX_PDBOPTS_AR 0x40 /* decap only */
272
273struct wimax_encap_pdb {
274 u8 rsvd[3];
275 u8 options;
276 u32 nonce;
277 u8 b0_flags;
278 u8 ctr_flags;
279 u16 ctr_init;
280 /* begin DECO writeback region */
281 u32 pn;
282 /* end DECO writeback region */
283};
284
285struct wimax_decap_pdb {
286 u8 rsvd[3];
287 u8 options;
288 u32 nonce;
289 u8 iv_flags;
290 u8 ctr_flags;
291 u16 ctr_init;
292 /* begin DECO writeback region */
293 u32 pn;
294 u8 rsvd1[2];
295 u16 antireplay_len;
296 u64 antireplay_scorecard;
297 /* end DECO writeback region */
298};
299
300/*
301 * IEEE 801.AE MacSEC Protocol Data Block
302 */
303#define MACSEC_PDBOPTS_FCS 0x01
304#define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */
305
306struct macsec_encap_pdb {
307 u16 aad_len;
308 u8 rsvd;
309 u8 options;
310 u64 sci;
311 u16 ethertype;
312 u8 tci_an;
313 u8 rsvd1;
314 /* begin DECO writeback region */
315 u32 pn;
316 /* end DECO writeback region */
317};
318
319struct macsec_decap_pdb {
320 u16 aad_len;
321 u8 rsvd;
322 u8 options;
323 u64 sci;
324 u8 rsvd1[3];
325 /* begin DECO writeback region */
326 u8 antireplay_len;
327 u32 pn;
328 u64 antireplay_scorecard;
329 /* end DECO writeback region */
330};
331
332/*
333 * SSL/TLS/DTLS Protocol Data Blocks
334 */
335
336#define TLS_PDBOPTS_ARS32 0x40
337#define TLS_PDBOPTS_ARS64 0xc0
338#define TLS_PDBOPTS_OUTFMT 0x08
339#define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */
340#define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */
341
342struct tls_block_encap_pdb {
343 u8 type;
344 u8 version[2];
345 u8 options;
346 u64 seq_num;
347 u32 iv[4];
348};
349
350struct tls_stream_encap_pdb {
351 u8 type;
352 u8 version[2];
353 u8 options;
354 u64 seq_num;
355 u8 i;
356 u8 j;
357 u8 rsvd1[2];
358};
359
360struct dtls_block_encap_pdb {
361 u8 type;
362 u8 version[2];
363 u8 options;
364 u16 epoch;
365 u16 seq_num[3];
366 u32 iv[4];
367};
368
369struct tls_block_decap_pdb {
370 u8 rsvd[3];
371 u8 options;
372 u64 seq_num;
373 u32 iv[4];
374};
375
376struct tls_stream_decap_pdb {
377 u8 rsvd[3];
378 u8 options;
379 u64 seq_num;
380 u8 i;
381 u8 j;
382 u8 rsvd1[2];
383};
384
385struct dtls_block_decap_pdb {
386 u8 rsvd[3];
387 u8 options;
388 u16 epoch;
389 u16 seq_num[3];
390 u32 iv[4];
391 u64 antireplay_scorecard;
392};
393
394/*
395 * SRTP Protocol Data Blocks
396 */
397#define SRTP_PDBOPTS_MKI 0x08
398#define SRTP_PDBOPTS_AR 0x40
399
400struct srtp_encap_pdb {
401 u8 x_len;
402 u8 mki_len;
403 u8 n_tag;
404 u8 options;
405 u32 cnst0;
406 u8 rsvd[2];
407 u16 cnst1;
408 u16 salt[7];
409 u16 cnst2;
410 u32 rsvd1;
411 u32 roc;
412 u32 opt_mki;
413};
414
415struct srtp_decap_pdb {
416 u8 x_len;
417 u8 mki_len;
418 u8 n_tag;
419 u8 options;
420 u32 cnst0;
421 u8 rsvd[2];
422 u16 cnst1;
423 u16 salt[7];
424 u16 cnst2;
425 u16 rsvd1;
426 u16 seq_num;
427 u32 roc;
428 u64 antireplay_scorecard;
429};
430
431/*
432 * DSA/ECDSA Protocol Data Blocks
433 * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar
434 * except for the treatment of "w" for verify, "s" for sign,
435 * and the placement of "a,b".
436 */
437#define DSA_PDB_SGF_SHIFT 24
438#define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT)
439#define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT)
440#define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT)
441#define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT)
442#define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT)
443#define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT)
444#define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT)
445#define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT)
446#define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT)
447#define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT)
448#define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT)
449
450#define DSA_PDB_L_SHIFT 7
451#define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT)
452
453#define DSA_PDB_N_MASK 0x7f
454
455struct dsa_sign_pdb {
456 u32 sgf_ln; /* Use DSA_PDB_ defintions per above */
457 u8 *q;
458 u8 *r;
459 u8 *g; /* or Gx,y */
460 u8 *s;
461 u8 *f;
462 u8 *c;
463 u8 *d;
464 u8 *ab; /* ECC only */
465 u8 *u;
466};
467
468struct dsa_verify_pdb {
469 u32 sgf_ln;
470 u8 *q;
471 u8 *r;
472 u8 *g; /* or Gx,y */
473 u8 *w; /* or Wx,y */
474 u8 *f;
475 u8 *c;
476 u8 *d;
477 u8 *tmp; /* temporary data block */
478 u8 *ab; /* only used if ECC processing */
479};
480
481/* RSA Protocol Data Block */
482#define RSA_PDB_SGF_SHIFT 28
483#define RSA_PDB_E_SHIFT 12
484#define RSA_PDB_E_MASK (0xFFF << RSA_PDB_E_SHIFT)
485#define RSA_PDB_D_SHIFT 12
486#define RSA_PDB_D_MASK (0xFFF << RSA_PDB_D_SHIFT)
487#define RSA_PDB_Q_SHIFT 12
488#define RSA_PDB_Q_MASK (0xFFF << RSA_PDB_Q_SHIFT)
489
490#define RSA_PDB_SGF_F (0x8 << RSA_PDB_SGF_SHIFT)
491#define RSA_PDB_SGF_G (0x4 << RSA_PDB_SGF_SHIFT)
492#define RSA_PRIV_PDB_SGF_F (0x4 << RSA_PDB_SGF_SHIFT)
493#define RSA_PRIV_PDB_SGF_G (0x8 << RSA_PDB_SGF_SHIFT)
494
495#define RSA_PRIV_KEY_FRM_1 0
496#define RSA_PRIV_KEY_FRM_2 1
497#define RSA_PRIV_KEY_FRM_3 2
498
499/**
500 * RSA Encrypt Protocol Data Block
501 * @sgf: scatter-gather field
502 * @f_dma: dma address of input data
503 * @g_dma: dma address of encrypted output data
504 * @n_dma: dma address of RSA modulus
505 * @e_dma: dma address of RSA public exponent
506 * @f_len: length in octets of the input data
507 */
508struct rsa_pub_pdb {
509 u32 sgf;
510 dma_addr_t f_dma;
511 dma_addr_t g_dma;
512 dma_addr_t n_dma;
513 dma_addr_t e_dma;
514 u32 f_len;
515} __packed;
516
517/**
518 * RSA Decrypt PDB - Private Key Form #1
519 * @sgf: scatter-gather field
520 * @g_dma: dma address of encrypted input data
521 * @f_dma: dma address of output data
522 * @n_dma: dma address of RSA modulus
523 * @d_dma: dma address of RSA private exponent
524 */
525struct rsa_priv_f1_pdb {
526 u32 sgf;
527 dma_addr_t g_dma;
528 dma_addr_t f_dma;
529 dma_addr_t n_dma;
530 dma_addr_t d_dma;
531} __packed;
532
533/**
534 * RSA Decrypt PDB - Private Key Form #2
535 * @sgf : scatter-gather field
536 * @g_dma : dma address of encrypted input data
537 * @f_dma : dma address of output data
538 * @d_dma : dma address of RSA private exponent
539 * @p_dma : dma address of RSA prime factor p of RSA modulus n
540 * @q_dma : dma address of RSA prime factor q of RSA modulus n
541 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer
542 * as internal state buffer. It is assumed to be as long as p.
543 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer
544 * as internal state buffer. It is assumed to be as long as q.
545 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n
546 */
547struct rsa_priv_f2_pdb {
548 u32 sgf;
549 dma_addr_t g_dma;
550 dma_addr_t f_dma;
551 dma_addr_t d_dma;
552 dma_addr_t p_dma;
553 dma_addr_t q_dma;
554 dma_addr_t tmp1_dma;
555 dma_addr_t tmp2_dma;
556 u32 p_q_len;
557} __packed;
558
559/**
560 * RSA Decrypt PDB - Private Key Form #3
561 * This is the RSA Chinese Reminder Theorem (CRT) form for two prime factors of
562 * the RSA modulus.
563 * @sgf : scatter-gather field
564 * @g_dma : dma address of encrypted input data
565 * @f_dma : dma address of output data
566 * @c_dma : dma address of RSA CRT coefficient
567 * @p_dma : dma address of RSA prime factor p of RSA modulus n
568 * @q_dma : dma address of RSA prime factor q of RSA modulus n
569 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor p
570 * @dp_dma : dma address of RSA CRT exponent of RSA prime factor q
571 * @tmp1_dma: dma address of temporary buffer. CAAM uses this temporary buffer
572 * as internal state buffer. It is assumed to be as long as p.
573 * @tmp2_dma: dma address of temporary buffer. CAAM uses this temporary buffer
574 * as internal state buffer. It is assumed to be as long as q.
575 * @p_q_len : length in bytes of first two prime factors of the RSA modulus n
576 */
577struct rsa_priv_f3_pdb {
578 u32 sgf;
579 dma_addr_t g_dma;
580 dma_addr_t f_dma;
581 dma_addr_t c_dma;
582 dma_addr_t p_dma;
583 dma_addr_t q_dma;
584 dma_addr_t dp_dma;
585 dma_addr_t dq_dma;
586 dma_addr_t tmp1_dma;
587 dma_addr_t tmp2_dma;
588 u32 p_q_len;
589} __packed;
590
591#endif