crypto: caam - add PDB (Protocol Descriptor Block) definitions

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add a PDB header file to support building protocol descriptors.

Signed-off-by: Steve Cornelius <sec@pobox.com>
Signed-off-by: Hemant Agrawal <hemant@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Hemant Agrawal and committed by

Herbert Xu 13 years ago a23d80e0 991c569c

+401 -16

2 changed files

expand all

drivers

crypto

caam

desc.h

pdb.h

-16

drivers/crypto/caam/desc.h

··· 1585 1585 #define NFIFOENTRY_PLEN_SHIFT 0 1586 1586 #define NFIFOENTRY_PLEN_MASK (0xFF << NFIFOENTRY_PLEN_SHIFT) 1587 1587 1588 - /* 1589 - * PDB internal definitions 1590 - */ 1591 - 1592 - /* IPSec ESP CBC Encap/Decap Options */ 1593 - #define PDBOPTS_ESPCBC_ARSNONE 0x00 /* no antireplay window */ 1594 - #define PDBOPTS_ESPCBC_ARS32 0x40 /* 32-entry antireplay window */ 1595 - #define PDBOPTS_ESPCBC_ARS64 0xc0 /* 64-entry antireplay window */ 1596 - #define PDBOPTS_ESPCBC_IVSRC 0x20 /* IV comes from internal random gen */ 1597 - #define PDBOPTS_ESPCBC_ESN 0x10 /* extended sequence included */ 1598 - #define PDBOPTS_ESPCBC_OUTFMT 0x08 /* output only decapsulation (decap) */ 1599 - #define PDBOPTS_ESPCBC_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 1600 - #define PDBOPTS_ESPCBC_INCIPHDR 0x04 /* Prepend IP header to output frame */ 1601 - #define PDBOPTS_ESPCBC_IPVSN 0x02 /* process IPv6 header */ 1602 - #define PDBOPTS_ESPCBC_TUNNEL 0x01 /* tunnel mode next-header byte */ 1603 - 1604 1588 #endif /* DESC_H */

+401

drivers/crypto/caam/pdb.h

··· 1 + /* 2 + * CAAM Protocol Data Block (PDB) definition header file 3 + * 4 + * Copyright 2008-2012 Freescale Semiconductor, Inc. 5 + * 6 + */ 7 + 8 + #ifndef CAAM_PDB_H 9 + #define CAAM_PDB_H 10 + 11 + /* 12 + * PDB- IPSec ESP Header Modification Options 13 + */ 14 + #define PDBHMO_ESP_DECAP_SHIFT 12 15 + #define PDBHMO_ESP_ENCAP_SHIFT 4 16 + /* 17 + * Encap and Decap - Decrement TTL (Hop Limit) - Based on the value of the 18 + * Options Byte IP version (IPvsn) field: 19 + * if IPv4, decrement the inner IP header TTL field (byte 8); 20 + * if IPv6 decrement the inner IP header Hop Limit field (byte 7). 21 + */ 22 + #define PDBHMO_ESP_DECAP_DEC_TTL (0x02 << PDBHMO_ESP_DECAP_SHIFT) 23 + #define PDBHMO_ESP_ENCAP_DEC_TTL (0x02 << PDBHMO_ESP_ENCAP_SHIFT) 24 + /* 25 + * Decap - DiffServ Copy - Copy the IPv4 TOS or IPv6 Traffic Class byte 26 + * from the outer IP header to the inner IP header. 27 + */ 28 + #define PDBHMO_ESP_DIFFSERV (0x01 << PDBHMO_ESP_DECAP_SHIFT) 29 + /* 30 + * Encap- Copy DF bit -if an IPv4 tunnel mode outer IP header is coming from 31 + * the PDB, copy the DF bit from the inner IP header to the outer IP header. 32 + */ 33 + #define PDBHMO_ESP_DFBIT (0x04 << PDBHMO_ESP_ENCAP_SHIFT) 34 + 35 + /* 36 + * PDB - IPSec ESP Encap/Decap Options 37 + */ 38 + #define PDBOPTS_ESP_ARSNONE 0x00 /* no antireplay window */ 39 + #define PDBOPTS_ESP_ARS32 0x40 /* 32-entry antireplay window */ 40 + #define PDBOPTS_ESP_ARS64 0xc0 /* 64-entry antireplay window */ 41 + #define PDBOPTS_ESP_IVSRC 0x20 /* IV comes from internal random gen */ 42 + #define PDBOPTS_ESP_ESN 0x10 /* extended sequence included */ 43 + #define PDBOPTS_ESP_OUTFMT 0x08 /* output only decapsulation (decap) */ 44 + #define PDBOPTS_ESP_IPHDRSRC 0x08 /* IP header comes from PDB (encap) */ 45 + #define PDBOPTS_ESP_INCIPHDR 0x04 /* Prepend IP header to output frame */ 46 + #define PDBOPTS_ESP_IPVSN 0x02 /* process IPv6 header */ 47 + #define PDBOPTS_ESP_TUNNEL 0x01 /* tunnel mode next-header byte */ 48 + #define PDBOPTS_ESP_IPV6 0x02 /* ip header version is V6 */ 49 + #define PDBOPTS_ESP_DIFFSERV 0x40 /* copy TOS/TC from inner iphdr */ 50 + #define PDBOPTS_ESP_UPDATE_CSUM 0x80 /* encap-update ip header checksum */ 51 + #define PDBOPTS_ESP_VERIFY_CSUM 0x20 /* decap-validate ip header checksum */ 52 + 53 + /* 54 + * General IPSec encap/decap PDB definitions 55 + */ 56 + struct ipsec_encap_cbc { 57 + u32 iv[4]; 58 + }; 59 + 60 + struct ipsec_encap_ctr { 61 + u32 ctr_nonce; 62 + u32 ctr_initial; 63 + u32 iv[2]; 64 + }; 65 + 66 + struct ipsec_encap_ccm { 67 + u32 salt; /* lower 24 bits */ 68 + u8 b0_flags; 69 + u8 ctr_flags; 70 + u16 ctr_initial; 71 + u32 iv[2]; 72 + }; 73 + 74 + struct ipsec_encap_gcm { 75 + u32 salt; /* lower 24 bits */ 76 + u32 rsvd1; 77 + u32 iv[2]; 78 + }; 79 + 80 + struct ipsec_encap_pdb { 81 + u8 hmo_rsvd; 82 + u8 ip_nh; 83 + u8 ip_nh_offset; 84 + u8 options; 85 + u32 seq_num_ext_hi; 86 + u32 seq_num; 87 + union { 88 + struct ipsec_encap_cbc cbc; 89 + struct ipsec_encap_ctr ctr; 90 + struct ipsec_encap_ccm ccm; 91 + struct ipsec_encap_gcm gcm; 92 + }; 93 + u32 spi; 94 + u16 rsvd1; 95 + u16 ip_hdr_len; 96 + u32 ip_hdr[0]; /* optional IP Header content */ 97 + }; 98 + 99 + struct ipsec_decap_cbc { 100 + u32 rsvd[2]; 101 + }; 102 + 103 + struct ipsec_decap_ctr { 104 + u32 salt; 105 + u32 ctr_initial; 106 + }; 107 + 108 + struct ipsec_decap_ccm { 109 + u32 salt; 110 + u8 iv_flags; 111 + u8 ctr_flags; 112 + u16 ctr_initial; 113 + }; 114 + 115 + struct ipsec_decap_gcm { 116 + u32 salt; 117 + u32 resvd; 118 + }; 119 + 120 + struct ipsec_decap_pdb { 121 + u16 hmo_ip_hdr_len; 122 + u8 ip_nh_offset; 123 + u8 options; 124 + union { 125 + struct ipsec_decap_cbc cbc; 126 + struct ipsec_decap_ctr ctr; 127 + struct ipsec_decap_ccm ccm; 128 + struct ipsec_decap_gcm gcm; 129 + }; 130 + u32 seq_num_ext_hi; 131 + u32 seq_num; 132 + u32 anti_replay[2]; 133 + u32 end_index[0]; 134 + }; 135 + 136 + /* 137 + * IPSec ESP Datapath Protocol Override Register (DPOVRD) 138 + */ 139 + struct ipsec_deco_dpovrd { 140 + #define IPSEC_ENCAP_DECO_DPOVRD_USE 0x80 141 + u8 ovrd_ecn; 142 + u8 ip_hdr_len; 143 + u8 nh_offset; 144 + u8 next_header; /* reserved if decap */ 145 + }; 146 + 147 + /* 148 + * IEEE 802.11i WiFi Protocol Data Block 149 + */ 150 + #define WIFI_PDBOPTS_FCS 0x01 151 + #define WIFI_PDBOPTS_AR 0x40 152 + 153 + struct wifi_encap_pdb { 154 + u16 mac_hdr_len; 155 + u8 rsvd; 156 + u8 options; 157 + u8 iv_flags; 158 + u8 pri; 159 + u16 pn1; 160 + u32 pn2; 161 + u16 frm_ctrl_mask; 162 + u16 seq_ctrl_mask; 163 + u8 rsvd1[2]; 164 + u8 cnst; 165 + u8 key_id; 166 + u8 ctr_flags; 167 + u8 rsvd2; 168 + u16 ctr_init; 169 + }; 170 + 171 + struct wifi_decap_pdb { 172 + u16 mac_hdr_len; 173 + u8 rsvd; 174 + u8 options; 175 + u8 iv_flags; 176 + u8 pri; 177 + u16 pn1; 178 + u32 pn2; 179 + u16 frm_ctrl_mask; 180 + u16 seq_ctrl_mask; 181 + u8 rsvd1[4]; 182 + u8 ctr_flags; 183 + u8 rsvd2; 184 + u16 ctr_init; 185 + }; 186 + 187 + /* 188 + * IEEE 802.16 WiMAX Protocol Data Block 189 + */ 190 + #define WIMAX_PDBOPTS_FCS 0x01 191 + #define WIMAX_PDBOPTS_AR 0x40 /* decap only */ 192 + 193 + struct wimax_encap_pdb { 194 + u8 rsvd[3]; 195 + u8 options; 196 + u32 nonce; 197 + u8 b0_flags; 198 + u8 ctr_flags; 199 + u16 ctr_init; 200 + /* begin DECO writeback region */ 201 + u32 pn; 202 + /* end DECO writeback region */ 203 + }; 204 + 205 + struct wimax_decap_pdb { 206 + u8 rsvd[3]; 207 + u8 options; 208 + u32 nonce; 209 + u8 iv_flags; 210 + u8 ctr_flags; 211 + u16 ctr_init; 212 + /* begin DECO writeback region */ 213 + u32 pn; 214 + u8 rsvd1[2]; 215 + u16 antireplay_len; 216 + u64 antireplay_scorecard; 217 + /* end DECO writeback region */ 218 + }; 219 + 220 + /* 221 + * IEEE 801.AE MacSEC Protocol Data Block 222 + */ 223 + #define MACSEC_PDBOPTS_FCS 0x01 224 + #define MACSEC_PDBOPTS_AR 0x40 /* used in decap only */ 225 + 226 + struct macsec_encap_pdb { 227 + u16 aad_len; 228 + u8 rsvd; 229 + u8 options; 230 + u64 sci; 231 + u16 ethertype; 232 + u8 tci_an; 233 + u8 rsvd1; 234 + /* begin DECO writeback region */ 235 + u32 pn; 236 + /* end DECO writeback region */ 237 + }; 238 + 239 + struct macsec_decap_pdb { 240 + u16 aad_len; 241 + u8 rsvd; 242 + u8 options; 243 + u64 sci; 244 + u8 rsvd1[3]; 245 + /* begin DECO writeback region */ 246 + u8 antireplay_len; 247 + u32 pn; 248 + u64 antireplay_scorecard; 249 + /* end DECO writeback region */ 250 + }; 251 + 252 + /* 253 + * SSL/TLS/DTLS Protocol Data Blocks 254 + */ 255 + 256 + #define TLS_PDBOPTS_ARS32 0x40 257 + #define TLS_PDBOPTS_ARS64 0xc0 258 + #define TLS_PDBOPTS_OUTFMT 0x08 259 + #define TLS_PDBOPTS_IV_WRTBK 0x02 /* 1.1/1.2/DTLS only */ 260 + #define TLS_PDBOPTS_EXP_RND_IV 0x01 /* 1.1/1.2/DTLS only */ 261 + 262 + struct tls_block_encap_pdb { 263 + u8 type; 264 + u8 version[2]; 265 + u8 options; 266 + u64 seq_num; 267 + u32 iv[4]; 268 + }; 269 + 270 + struct tls_stream_encap_pdb { 271 + u8 type; 272 + u8 version[2]; 273 + u8 options; 274 + u64 seq_num; 275 + u8 i; 276 + u8 j; 277 + u8 rsvd1[2]; 278 + }; 279 + 280 + struct dtls_block_encap_pdb { 281 + u8 type; 282 + u8 version[2]; 283 + u8 options; 284 + u16 epoch; 285 + u16 seq_num[3]; 286 + u32 iv[4]; 287 + }; 288 + 289 + struct tls_block_decap_pdb { 290 + u8 rsvd[3]; 291 + u8 options; 292 + u64 seq_num; 293 + u32 iv[4]; 294 + }; 295 + 296 + struct tls_stream_decap_pdb { 297 + u8 rsvd[3]; 298 + u8 options; 299 + u64 seq_num; 300 + u8 i; 301 + u8 j; 302 + u8 rsvd1[2]; 303 + }; 304 + 305 + struct dtls_block_decap_pdb { 306 + u8 rsvd[3]; 307 + u8 options; 308 + u16 epoch; 309 + u16 seq_num[3]; 310 + u32 iv[4]; 311 + u64 antireplay_scorecard; 312 + }; 313 + 314 + /* 315 + * SRTP Protocol Data Blocks 316 + */ 317 + #define SRTP_PDBOPTS_MKI 0x08 318 + #define SRTP_PDBOPTS_AR 0x40 319 + 320 + struct srtp_encap_pdb { 321 + u8 x_len; 322 + u8 mki_len; 323 + u8 n_tag; 324 + u8 options; 325 + u32 cnst0; 326 + u8 rsvd[2]; 327 + u16 cnst1; 328 + u16 salt[7]; 329 + u16 cnst2; 330 + u32 rsvd1; 331 + u32 roc; 332 + u32 opt_mki; 333 + }; 334 + 335 + struct srtp_decap_pdb { 336 + u8 x_len; 337 + u8 mki_len; 338 + u8 n_tag; 339 + u8 options; 340 + u32 cnst0; 341 + u8 rsvd[2]; 342 + u16 cnst1; 343 + u16 salt[7]; 344 + u16 cnst2; 345 + u16 rsvd1; 346 + u16 seq_num; 347 + u32 roc; 348 + u64 antireplay_scorecard; 349 + }; 350 + 351 + /* 352 + * DSA/ECDSA Protocol Data Blocks 353 + * Two of these exist: DSA-SIGN, and DSA-VERIFY. They are similar 354 + * except for the treatment of "w" for verify, "s" for sign, 355 + * and the placement of "a,b". 356 + */ 357 + #define DSA_PDB_SGF_SHIFT 24 358 + #define DSA_PDB_SGF_MASK (0xff << DSA_PDB_SGF_SHIFT) 359 + #define DSA_PDB_SGF_Q (0x80 << DSA_PDB_SGF_SHIFT) 360 + #define DSA_PDB_SGF_R (0x40 << DSA_PDB_SGF_SHIFT) 361 + #define DSA_PDB_SGF_G (0x20 << DSA_PDB_SGF_SHIFT) 362 + #define DSA_PDB_SGF_W (0x10 << DSA_PDB_SGF_SHIFT) 363 + #define DSA_PDB_SGF_S (0x10 << DSA_PDB_SGF_SHIFT) 364 + #define DSA_PDB_SGF_F (0x08 << DSA_PDB_SGF_SHIFT) 365 + #define DSA_PDB_SGF_C (0x04 << DSA_PDB_SGF_SHIFT) 366 + #define DSA_PDB_SGF_D (0x02 << DSA_PDB_SGF_SHIFT) 367 + #define DSA_PDB_SGF_AB_SIGN (0x02 << DSA_PDB_SGF_SHIFT) 368 + #define DSA_PDB_SGF_AB_VERIFY (0x01 << DSA_PDB_SGF_SHIFT) 369 + 370 + #define DSA_PDB_L_SHIFT 7 371 + #define DSA_PDB_L_MASK (0x3ff << DSA_PDB_L_SHIFT) 372 + 373 + #define DSA_PDB_N_MASK 0x7f 374 + 375 + struct dsa_sign_pdb { 376 + u32 sgf_ln; /* Use DSA_PDB_ defintions per above */ 377 + u8 *q; 378 + u8 *r; 379 + u8 *g; /* or Gx,y */ 380 + u8 *s; 381 + u8 *f; 382 + u8 *c; 383 + u8 *d; 384 + u8 *ab; /* ECC only */ 385 + u8 *u; 386 + }; 387 + 388 + struct dsa_verify_pdb { 389 + u32 sgf_ln; 390 + u8 *q; 391 + u8 *r; 392 + u8 *g; /* or Gx,y */ 393 + u8 *w; /* or Wx,y */ 394 + u8 *f; 395 + u8 *c; 396 + u8 *d; 397 + u8 *tmp; /* temporary data block */ 398 + u8 *ab; /* only used if ECC processing */ 399 + }; 400 + 401 + #endif