Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
pdb.h
Go to the documentation of this file.
1 /*
2  * CAAM Protocol Data Block (PDB) definition header file
3  *
4  * Copyright 2008-2012 Freescale Semiconductor, Inc.
5  *
6  */
7 
8 #ifndef CAAM_PDB_H
9 #define CAAM_PDB_H
10 
11 /*
12  * PDB- IPSec ESP Header Modification Options
13  */
14 #define PDBHMO_ESP_DECAP_SHIFT 12
15 #define PDBHMO_ESP_ENCAP_SHIFT 4
16 /*
17  * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the
18  * Options Byte IP version (IPvsn) field:
19  * if IPv4, decrement the inner IP header TTL field (byte 8);
20  * if IPv6 decrement the inner IP header Hop Limit field (byte 7).
21 */
22 #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT)
23 #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT)
24 /*
25  * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte
26  * from the outer IP header to the inner IP header.
27  */
28 #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT)
29 /*
30  * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from
31  * the PDB, copy the DF bit from the inner IP header to the outer IP header.
32  */
33 #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT)
34 
35 /*
36  * PDB - IPSec ESP Encap/Decap Options
37  */
38 #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */
39 #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */
40 #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */
41 #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */
42 #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */
43 #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */
44 #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */
45 #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */
46 #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */
47 #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */
48 #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */
49 #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */
50 #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */
51 #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */
52 
53 /*
54  * General IPSec encap/decap PDB definitions
55  */
56 struct ipsec_encap_cbc {
57  u32 iv[4];
58 };
59 
60 struct ipsec_encap_ctr {
61  u32 ctr_nonce;
62  u32 ctr_initial;
63  u32 iv[2];
64 };
65 
66 struct ipsec_encap_ccm {
67  u32 salt; /* lower 24 bits */
68  u8 b0_flags;
69  u8 ctr_flags;
70  u16 ctr_initial;
71  u32 iv[2];
72 };
73 
74 struct ipsec_encap_gcm {
75  u32 salt; /* lower 24 bits */
76  u32 rsvd1;
77  u32 iv[2];
78 };
79 
80 struct ipsec_encap_pdb {
81  u8 hmo_rsvd;
82  u8 ip_nh;
83  u8 ip_nh_offset;
84  u8 options;
85  u32 seq_num_ext_hi;
86  u32 seq_num;
87  union {
88  struct ipsec_encap_cbc cbc;
89  struct ipsec_encap_ctr ctr;
90  struct ipsec_encap_ccm ccm;
91  struct ipsec_encap_gcm gcm;
92  };
93  u32 spi;
94  u16 rsvd1;
95  u16 ip_hdr_len;
96  u32 ip_hdr[0]; /* optional IP Header content */
97 };
98 
99 struct ipsec_decap_cbc {
100  u32 rsvd[2];
101 };
102 
103 struct ipsec_decap_ctr {
104  u32 salt;
105  u32 ctr_initial;
106 };
107 
108 struct ipsec_decap_ccm {
109  u32 salt;
110  u8 iv_flags;
111  u8 ctr_flags;
112  u16 ctr_initial;
113 };
114 
115 struct ipsec_decap_gcm {
116  u32 salt;
117  u32 resvd;
118 };
119 
120 struct ipsec_decap_pdb {
121  u16 hmo_ip_hdr_len;
122  u8 ip_nh_offset;
123  u8 options;
124  union {
125  struct ipsec_decap_cbc cbc;
126  struct ipsec_decap_ctr ctr;
127  struct ipsec_decap_ccm ccm;
128  struct ipsec_decap_gcm gcm;
129  };
130  u32 seq_num_ext_hi;
131  u32 seq_num;
132  u32 anti_replay[2];
133  u32 end_index[0];
134 };
135 
136 /*
137  * IPSec ESP Datapath Protocol Override Register (DPOVRD)
138  */
139 struct ipsec_deco_dpovrd {
140 #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80
141  u8 ovrd_ecn;
142  u8 ip_hdr_len;
143  u8 nh_offset;
144  u8 next_header; /* reserved if decap */
145 };
146 
147 /*
148  * IEEE 802.11i WiFi Protocol Data Block
149  */
150 #define WIFI_PDBOPTS_FCS 0x01
151 #define WIFI_PDBOPTS_AR 0x40
152 
153 struct wifi_encap_pdb {
154  u16 mac_hdr_len;
155  u8 rsvd;
156  u8 options;
157  u8 iv_flags;
158  u8 pri;
159  u16 pn1;
160  u32 pn2;
161  u16 frm_ctrl_mask;
162  u16 seq_ctrl_mask;
163  u8 rsvd1[2];
164  u8 cnst;
165  u8 key_id;
166  u8 ctr_flags;
167  u8 rsvd2;
168  u16 ctr_init;
169 };
170 
171 struct wifi_decap_pdb {
172  u16 mac_hdr_len;
173  u8 rsvd;
174  u8 options;
175  u8 iv_flags;
176  u8 pri;
177  u16 pn1;
178  u32 pn2;
179  u16 frm_ctrl_mask;
180  u16 seq_ctrl_mask;
181  u8 rsvd1[4];
182  u8 ctr_flags;
183  u8 rsvd2;
184  u16 ctr_init;
185 };
186 
187 /*
188  * IEEE 802.16 WiMAX Protocol Data Block
189  */
190 #define WIMAX_PDBOPTS_FCS 0x01
191 #define WIMAX_PDBOPTS_AR 0x40 /* decap only */
192 
193 struct wimax_encap_pdb {
194  u8 rsvd[3];
195  u8 options;
196  u32 nonce;
197  u8 b0_flags;
198  u8 ctr_flags;
199  u16 ctr_init;
200  /* begin DECO writeback region */
201  u32 pn;
202  /* end DECO writeback region */
203 };
204 
205 struct wimax_decap_pdb {
206  u8 rsvd[3];
207  u8 options;
208  u32 nonce;
209  u8 iv_flags;
210  u8 ctr_flags;
211  u16 ctr_init;
212  /* begin DECO writeback region */
213  u32 pn;
214  u8 rsvd1[2];
215  u16 antireplay_len;
216  u64 antireplay_scorecard;
217  /* end DECO writeback region */
218 };
219 
220 /*
221  * IEEE 801.AE MacSEC Protocol Data Block
222  */
223 #define MACSEC_PDBOPTS_FCS 0x01
224 #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */
225 
226 struct macsec_encap_pdb {
227  u16 aad_len;
228  u8 rsvd;
229  u8 options;
230  u64 sci;
231  u16 ethertype;
232  u8 tci_an;
233  u8 rsvd1;
234  /* begin DECO writeback region */
235  u32 pn;
236  /* end DECO writeback region */
237 };
238 
239 struct macsec_decap_pdb {
240  u16 aad_len;
241  u8 rsvd;
242  u8 options;
243  u64 sci;
244  u8 rsvd1[3];
245  /* begin DECO writeback region */
246  u8 antireplay_len;
247  u32 pn;
248  u64 antireplay_scorecard;
249  /* end DECO writeback region */
250 };
251 
252 /*
253  * SSL/TLS/DTLS Protocol Data Blocks
254  */
255 
256 #define TLS_PDBOPTS_ARS32 0x40
257 #define TLS_PDBOPTS_ARS64 0xc0
258 #define TLS_PDBOPTS_OUTFMT 0x08
259 #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */
260 #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */
261 
262 struct tls_block_encap_pdb {
263  u8 type;
264  u8 version[2];
265  u8 options;
266  u64 seq_num;
267  u32 iv[4];
268 };
269 
270 struct tls_stream_encap_pdb {
271  u8 type;
272  u8 version[2];
273  u8 options;
274  u64 seq_num;
275  u8 i;
276  u8 j;
277  u8 rsvd1[2];
278 };
279 
280 struct dtls_block_encap_pdb {
281  u8 type;
282  u8 version[2];
283  u8 options;
284  u16 epoch;
285  u16 seq_num[3];
286  u32 iv[4];
287 };
288 
289 struct tls_block_decap_pdb {
290  u8 rsvd[3];
291  u8 options;
292  u64 seq_num;
293  u32 iv[4];
294 };
295 
296 struct tls_stream_decap_pdb {
297  u8 rsvd[3];
298  u8 options;
299  u64 seq_num;
300  u8 i;
301  u8 j;
302  u8 rsvd1[2];
303 };
304 
305 struct dtls_block_decap_pdb {
306  u8 rsvd[3];
307  u8 options;
308  u16 epoch;
309  u16 seq_num[3];
310  u32 iv[4];
311  u64 antireplay_scorecard;
312 };
313 
314 /*
315  * SRTP Protocol Data Blocks
316  */
317 #define SRTP_PDBOPTS_MKI 0x08
318 #define SRTP_PDBOPTS_AR 0x40
319 
320 struct srtp_encap_pdb {
321  u8 x_len;
322  u8 mki_len;
323  u8 n_tag;
324  u8 options;
325  u32 cnst0;
326  u8 rsvd[2];
327  u16 cnst1;
328  u16 salt[7];
329  u16 cnst2;
330  u32 rsvd1;
331  u32 roc;
332  u32 opt_mki;
333 };
334 
335 struct srtp_decap_pdb {
336  u8 x_len;
337  u8 mki_len;
338  u8 n_tag;
339  u8 options;
340  u32 cnst0;
341  u8 rsvd[2];
342  u16 cnst1;
343  u16 salt[7];
344  u16 cnst2;
345  u16 rsvd1;
346  u16 seq_num;
347  u32 roc;
348  u64 antireplay_scorecard;
349 };
350 
351 /*
352  * DSA/ECDSA Protocol Data Blocks
353  * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar
354  * except for the treatment of "w" for verify, "s" for sign,
355  * and the placement of "a,b".
356  */
357 #define DSA_PDB_SGF_SHIFT 24
358 #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT)
359 #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT)
360 #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT)
361 #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT)
362 #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT)
363 #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT)
364 #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT)
365 #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT)
366 #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT)
367 #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT)
368 #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT)
369 
370 #define DSA_PDB_L_SHIFT 7
371 #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT)
372 
373 #define DSA_PDB_N_MASK 0x7f
374 
375 struct dsa_sign_pdb {
376  u32 sgf_ln; /* Use DSA_PDB_ defintions per above */
377  u8 *q;
378  u8 *r;
379  u8 *g; /* or Gx,y */
380  u8 *s;
381  u8 *f;
382  u8 *c;
383  u8 *d;
384  u8 *ab; /* ECC only */
385  u8 *u;
386 };
387 
388 struct dsa_verify_pdb {
389  u32 sgf_ln;
390  u8 *q;
391  u8 *r;
392  u8 *g; /* or Gx,y */
393  u8 *w; /* or Wx,y */
394  u8 *f;
395  u8 *c;
396  u8 *d;
397  u8 *tmp; /* temporary data block */
398  u8 *ab; /* only used if ECC processing */
399 };
400 
401 #endif
Generated on Thu Jan 10 2013 13:28:50 for Linux Kernel by   doxygen 1.8.2