Annotation of sys/crypto/cryptodev.h, Revision 1.1
1.1 ! nbrk 1: /* $OpenBSD: cryptodev.h,v 1.45 2007/05/27 05:33:47 tedu Exp $ */
! 2:
! 3: /*
! 4: * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
! 5: *
! 6: * This code was written by Angelos D. Keromytis in Athens, Greece, in
! 7: * February 2000. Network Security Technologies Inc. (NSTI) kindly
! 8: * supported the development of this code.
! 9: *
! 10: * Copyright (c) 2000 Angelos D. Keromytis
! 11: *
! 12: * Permission to use, copy, and modify this software with or without fee
! 13: * is hereby granted, provided that this entire notice is included in
! 14: * all source code copies of any software which is or includes a copy or
! 15: * modification of this software.
! 16: *
! 17: * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
! 18: * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
! 19: * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
! 20: * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
! 21: * PURPOSE.
! 22: *
! 23: * Copyright (c) 2001 Theo de Raadt
! 24: *
! 25: * Redistribution and use in source and binary forms, with or without
! 26: * modification, are permitted provided that the following conditions
! 27: * are met:
! 28: *
! 29: * 1. Redistributions of source code must retain the above copyright
! 30: * notice, this list of conditions and the following disclaimer.
! 31: * 2. Redistributions in binary form must reproduce the above copyright
! 32: * notice, this list of conditions and the following disclaimer in the
! 33: * documentation and/or other materials provided with the distribution.
! 34: *
! 35: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
! 36: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
! 37: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
! 38: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
! 39: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
! 40: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
! 41: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
! 42: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
! 43: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
! 44: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 45: *
! 46: * Effort sponsored in part by the Defense Advanced Research Projects
! 47: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 48: * Materiel Command, USAF, under agreement number F30602-01-2-0537.
! 49: *
! 50: */
! 51:
! 52: #ifndef _CRYPTO_CRYPTO_H_
! 53: #define _CRYPTO_CRYPTO_H_
! 54:
! 55: #include <sys/ioccom.h>
! 56:
! 57: /* Some initial values */
! 58: #define CRYPTO_DRIVERS_INITIAL 4
! 59: #define CRYPTO_SW_SESSIONS 32
! 60:
! 61: /* HMAC values */
! 62: #define HMAC_BLOCK_LEN 64
! 63: #define HMAC_IPAD_VAL 0x36
! 64: #define HMAC_OPAD_VAL 0x5C
! 65:
! 66: /* Encryption algorithm block sizes */
! 67: #define DES_BLOCK_LEN 8
! 68: #define DES3_BLOCK_LEN 8
! 69: #define BLOWFISH_BLOCK_LEN 8
! 70: #define SKIPJACK_BLOCK_LEN 8
! 71: #define CAST128_BLOCK_LEN 8
! 72: #define RIJNDAEL128_BLOCK_LEN 16
! 73: #define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
! 74:
! 75: /* Maximum hash algorithm result length */
! 76: #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
! 77:
! 78: #define CRYPTO_DES_CBC 1
! 79: #define CRYPTO_3DES_CBC 2
! 80: #define CRYPTO_BLF_CBC 3
! 81: #define CRYPTO_CAST_CBC 4
! 82: #define CRYPTO_SKIPJACK_CBC 5
! 83: #define CRYPTO_MD5_HMAC 6
! 84: #define CRYPTO_SHA1_HMAC 7
! 85: #define CRYPTO_RIPEMD160_HMAC 8
! 86: #define CRYPTO_MD5_KPDK 9
! 87: #define CRYPTO_SHA1_KPDK 10
! 88: #define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
! 89: #define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
! 90: #define CRYPTO_ARC4 12
! 91: #define CRYPTO_MD5 13
! 92: #define CRYPTO_SHA1 14
! 93: #define CRYPTO_DEFLATE_COMP 15 /* Deflate compression algorithm */
! 94: #define CRYPTO_NULL 16
! 95: #define CRYPTO_LZS_COMP 17 /* LZS compression algorithm */
! 96: #define CRYPTO_SHA2_256_HMAC 18
! 97: #define CRYPTO_SHA2_384_HMAC 19
! 98: #define CRYPTO_SHA2_512_HMAC 20
! 99: #define CRYPTO_AES_CTR 21
! 100: #define CRYPTO_ALGORITHM_MAX 21 /* Keep updated - see below */
! 101:
! 102: #define CRYPTO_ALGORITHM_ALL (CRYPTO_ALGORITHM_MAX + 1)
! 103:
! 104: /* Algorithm flags */
! 105: #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
! 106: #define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
! 107: #define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
! 108:
! 109: /* Standard initialization structure beginning */
! 110: struct cryptoini {
! 111: int cri_alg; /* Algorithm to use */
! 112: int cri_klen; /* Key length, in bits */
! 113: int cri_rnd; /* Algorithm rounds, where relevant */
! 114: caddr_t cri_key; /* key to use */
! 115: u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
! 116: struct cryptoini *cri_next;
! 117: };
! 118:
! 119: /* Describe boundaries of a single crypto operation */
! 120: struct cryptodesc {
! 121: int crd_skip; /* How many bytes to ignore from start */
! 122: int crd_len; /* How many bytes to process */
! 123: int crd_inject; /* Where to inject results, if applicable */
! 124: int crd_flags;
! 125:
! 126: #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
! 127: #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
! 128: place, so don't copy. */
! 129: #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
! 130: #define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
! 131: #define CRD_F_COMP 0x10 /* Set when doing compression */
! 132:
! 133: struct cryptoini CRD_INI; /* Initialization/context data */
! 134: #define crd_iv CRD_INI.cri_iv
! 135: #define crd_key CRD_INI.cri_key
! 136: #define crd_rnd CRD_INI.cri_rnd
! 137: #define crd_alg CRD_INI.cri_alg
! 138: #define crd_klen CRD_INI.cri_klen
! 139:
! 140: struct cryptodesc *crd_next;
! 141: };
! 142:
! 143: /* Structure describing complete operation */
! 144: struct cryptop {
! 145: u_int64_t crp_sid; /* Session ID */
! 146: int crp_ilen; /* Input data total length */
! 147: int crp_olen; /* Result total length */
! 148: int crp_alloctype; /* Type of buf to allocate if needed */
! 149:
! 150: int crp_etype; /*
! 151: * Error type (zero means no error).
! 152: * All error codes except EAGAIN
! 153: * indicate possible data corruption (as in,
! 154: * the data have been touched). On all
! 155: * errors, the crp_sid may have changed
! 156: * (reset to a new one), so the caller
! 157: * should always check and use the new
! 158: * value on future requests.
! 159: */
! 160: int crp_flags;
! 161:
! 162: #define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
! 163: #define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
! 164: #define CRYPTO_F_REL 0x0004 /* Must return data in same place */
! 165: #define CRYPTO_F_NOQUEUE 0x0008 /* Don't use crypto queue/thread */
! 166: #define CRYPTO_F_DONE 0x0010 /* request completed */
! 167:
! 168: void *crp_buf; /* Data to be processed */
! 169: void *crp_opaque; /* Opaque pointer, passed along */
! 170: struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
! 171:
! 172: int (*crp_callback)(struct cryptop *); /* Callback function */
! 173:
! 174: struct cryptop *crp_next;
! 175: caddr_t crp_mac;
! 176: };
! 177:
! 178: #define CRYPTO_BUF_IOV 0x1
! 179: #define CRYPTO_BUF_MBUF 0x2
! 180:
! 181: #define CRYPTO_OP_DECRYPT 0x0
! 182: #define CRYPTO_OP_ENCRYPT 0x1
! 183:
! 184: /* bignum parameter, in packed bytes, ... */
! 185: struct crparam {
! 186: caddr_t crp_p;
! 187: u_int crp_nbits;
! 188: };
! 189:
! 190: #define CRK_MAXPARAM 8
! 191:
! 192: struct crypt_kop {
! 193: u_int crk_op; /* ie. CRK_MOD_EXP or other */
! 194: u_int crk_status; /* return status */
! 195: u_short crk_iparams; /* # of input parameters */
! 196: u_short crk_oparams; /* # of output parameters */
! 197: u_int crk_pad1;
! 198: struct crparam crk_param[CRK_MAXPARAM];
! 199: };
! 200: #define CRK_MOD_EXP 0
! 201: #define CRK_MOD_EXP_CRT 1
! 202: #define CRK_DSA_SIGN 2
! 203: #define CRK_DSA_VERIFY 3
! 204: #define CRK_DH_COMPUTE_KEY 4
! 205: #define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */
! 206:
! 207: #define CRF_MOD_EXP (1 << CRK_MOD_EXP)
! 208: #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
! 209: #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
! 210: #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
! 211: #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
! 212:
! 213: struct cryptkop {
! 214: u_int krp_op; /* ie. CRK_MOD_EXP or other */
! 215: u_int krp_status; /* return status */
! 216: u_short krp_iparams; /* # of input parameters */
! 217: u_short krp_oparams; /* # of output parameters */
! 218: u_int32_t krp_hid;
! 219: struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
! 220: int (*krp_callback)(struct cryptkop *);
! 221: struct cryptkop *krp_next;
! 222: };
! 223:
! 224: /* Crypto capabilities structure */
! 225: struct cryptocap {
! 226: u_int64_t cc_operations; /* Counter of how many ops done */
! 227: u_int64_t cc_bytes; /* Counter of how many bytes done */
! 228: u_int64_t cc_koperations; /* How many PK ops done */
! 229:
! 230: u_int32_t cc_sessions; /* How many sessions allocated */
! 231:
! 232: /* Symmetric/hash algorithms supported */
! 233: int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
! 234:
! 235: /* Asymmetric algorithms supported */
! 236: int cc_kalg[CRK_ALGORITHM_MAX + 1];
! 237:
! 238: int cc_queued; /* Operations queued */
! 239:
! 240: u_int8_t cc_flags;
! 241: #define CRYPTOCAP_F_CLEANUP 0x01
! 242: #define CRYPTOCAP_F_SOFTWARE 0x02
! 243: #define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
! 244: #define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
! 245:
! 246: int (*cc_newsession) (u_int32_t *, struct cryptoini *);
! 247: int (*cc_process) (struct cryptop *);
! 248: int (*cc_freesession) (u_int64_t);
! 249: int (*cc_kprocess) (struct cryptkop *);
! 250: };
! 251:
! 252: /*
! 253: * ioctl parameter to request creation of a session.
! 254: */
! 255: struct session_op {
! 256: u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
! 257: u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
! 258:
! 259: u_int32_t keylen; /* cipher key */
! 260: caddr_t key;
! 261: int mackeylen; /* mac key */
! 262: caddr_t mackey;
! 263:
! 264: u_int32_t ses; /* returns: session # */
! 265: };
! 266:
! 267: /*
! 268: * ioctl parameter to request a crypt/decrypt operation against a session.
! 269: */
! 270: struct crypt_op {
! 271: u_int32_t ses;
! 272: u_int16_t op; /* ie. COP_ENCRYPT */
! 273: #define COP_ENCRYPT 1
! 274: #define COP_DECRYPT 2
! 275: u_int16_t flags; /* always 0 */
! 276:
! 277: u_int len;
! 278: caddr_t src, dst; /* become iov[] inside kernel */
! 279: caddr_t mac; /* must be big enough for chosen MAC */
! 280: caddr_t iv;
! 281: };
! 282:
! 283: #define CRYPTO_MAX_MAC_LEN 20
! 284:
! 285: /*
! 286: * done against open of /dev/crypto, to get a cloned descriptor.
! 287: * Please use F_SETFD against the cloned descriptor.
! 288: */
! 289: #define CRIOGET _IOWR('c', 100, u_int32_t)
! 290:
! 291: /* the following are done against the cloned descriptor */
! 292: #define CIOCGSESSION _IOWR('c', 101, struct session_op)
! 293: #define CIOCFSESSION _IOW('c', 102, u_int32_t)
! 294: #define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
! 295: #define CIOCKEY _IOWR('c', 104, struct crypt_kop)
! 296:
! 297: #define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
! 298:
! 299: #ifdef _KERNEL
! 300: int crypto_newsession(u_int64_t *, struct cryptoini *, int);
! 301: int crypto_freesession(u_int64_t);
! 302: int crypto_dispatch(struct cryptop *);
! 303: int crypto_kdispatch(struct cryptkop *);
! 304: int crypto_register(u_int32_t, int *,
! 305: int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
! 306: int (*)(struct cryptop *));
! 307: int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
! 308: int crypto_unregister(u_int32_t, int);
! 309: int32_t crypto_get_driverid(u_int8_t);
! 310: void crypto_thread(void);
! 311: int crypto_invoke(struct cryptop *);
! 312: int crypto_kinvoke(struct cryptkop *);
! 313: void crypto_done(struct cryptop *);
! 314: void crypto_kdone(struct cryptkop *);
! 315: int crypto_getfeat(int *);
! 316:
! 317: void cuio_copydata(struct uio *, int, int, caddr_t);
! 318: void cuio_copyback(struct uio *, int, int, const void *);
! 319: int cuio_getptr(struct uio *, int, int *);
! 320: int cuio_apply(struct uio *, int, int,
! 321: int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
! 322:
! 323: struct cryptop *crypto_getreq(int);
! 324: void crypto_freereq(struct cryptop *);
! 325: #endif /* _KERNEL */
! 326: #endif /* _CRYPTO_CRYPTO_H_ */
CVSweb