Annotation of sys/crypto/cryptodev.h, Revision 1.1.1.1
1.1 nbrk 1: /* $OpenBSD: cryptodev.h,v 1.45 2007/05/27 05:33:47 tedu Exp $ */
2:
3: /*
4: * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
5: *
6: * This code was written by Angelos D. Keromytis in Athens, Greece, in
7: * February 2000. Network Security Technologies Inc. (NSTI) kindly
8: * supported the development of this code.
9: *
10: * Copyright (c) 2000 Angelos D. Keromytis
11: *
12: * Permission to use, copy, and modify this software with or without fee
13: * is hereby granted, provided that this entire notice is included in
14: * all source code copies of any software which is or includes a copy or
15: * modification of this software.
16: *
17: * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
18: * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
19: * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
20: * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
21: * PURPOSE.
22: *
23: * Copyright (c) 2001 Theo de Raadt
24: *
25: * Redistribution and use in source and binary forms, with or without
26: * modification, are permitted provided that the following conditions
27: * are met:
28: *
29: * 1. Redistributions of source code must retain the above copyright
30: * notice, this list of conditions and the following disclaimer.
31: * 2. Redistributions in binary form must reproduce the above copyright
32: * notice, this list of conditions and the following disclaimer in the
33: * documentation and/or other materials provided with the distribution.
34: *
35: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
36: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
38: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
39: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
40: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
41: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
42: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
43: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
44: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
45: *
46: * Effort sponsored in part by the Defense Advanced Research Projects
47: * Agency (DARPA) and Air Force Research Laboratory, Air Force
48: * Materiel Command, USAF, under agreement number F30602-01-2-0537.
49: *
50: */
51:
52: #ifndef _CRYPTO_CRYPTO_H_
53: #define _CRYPTO_CRYPTO_H_
54:
55: #include <sys/ioccom.h>
56:
57: /* Some initial values */
58: #define CRYPTO_DRIVERS_INITIAL 4
59: #define CRYPTO_SW_SESSIONS 32
60:
61: /* HMAC values */
62: #define HMAC_BLOCK_LEN 64
63: #define HMAC_IPAD_VAL 0x36
64: #define HMAC_OPAD_VAL 0x5C
65:
66: /* Encryption algorithm block sizes */
67: #define DES_BLOCK_LEN 8
68: #define DES3_BLOCK_LEN 8
69: #define BLOWFISH_BLOCK_LEN 8
70: #define SKIPJACK_BLOCK_LEN 8
71: #define CAST128_BLOCK_LEN 8
72: #define RIJNDAEL128_BLOCK_LEN 16
73: #define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
74:
75: /* Maximum hash algorithm result length */
76: #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
77:
78: #define CRYPTO_DES_CBC 1
79: #define CRYPTO_3DES_CBC 2
80: #define CRYPTO_BLF_CBC 3
81: #define CRYPTO_CAST_CBC 4
82: #define CRYPTO_SKIPJACK_CBC 5
83: #define CRYPTO_MD5_HMAC 6
84: #define CRYPTO_SHA1_HMAC 7
85: #define CRYPTO_RIPEMD160_HMAC 8
86: #define CRYPTO_MD5_KPDK 9
87: #define CRYPTO_SHA1_KPDK 10
88: #define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
89: #define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
90: #define CRYPTO_ARC4 12
91: #define CRYPTO_MD5 13
92: #define CRYPTO_SHA1 14
93: #define CRYPTO_DEFLATE_COMP 15 /* Deflate compression algorithm */
94: #define CRYPTO_NULL 16
95: #define CRYPTO_LZS_COMP 17 /* LZS compression algorithm */
96: #define CRYPTO_SHA2_256_HMAC 18
97: #define CRYPTO_SHA2_384_HMAC 19
98: #define CRYPTO_SHA2_512_HMAC 20
99: #define CRYPTO_AES_CTR 21
100: #define CRYPTO_ALGORITHM_MAX 21 /* Keep updated - see below */
101:
102: #define CRYPTO_ALGORITHM_ALL (CRYPTO_ALGORITHM_MAX + 1)
103:
104: /* Algorithm flags */
105: #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
106: #define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
107: #define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
108:
109: /* Standard initialization structure beginning */
110: struct cryptoini {
111: int cri_alg; /* Algorithm to use */
112: int cri_klen; /* Key length, in bits */
113: int cri_rnd; /* Algorithm rounds, where relevant */
114: caddr_t cri_key; /* key to use */
115: u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
116: struct cryptoini *cri_next;
117: };
118:
119: /* Describe boundaries of a single crypto operation */
120: struct cryptodesc {
121: int crd_skip; /* How many bytes to ignore from start */
122: int crd_len; /* How many bytes to process */
123: int crd_inject; /* Where to inject results, if applicable */
124: int crd_flags;
125:
126: #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
127: #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
128: place, so don't copy. */
129: #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
130: #define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
131: #define CRD_F_COMP 0x10 /* Set when doing compression */
132:
133: struct cryptoini CRD_INI; /* Initialization/context data */
134: #define crd_iv CRD_INI.cri_iv
135: #define crd_key CRD_INI.cri_key
136: #define crd_rnd CRD_INI.cri_rnd
137: #define crd_alg CRD_INI.cri_alg
138: #define crd_klen CRD_INI.cri_klen
139:
140: struct cryptodesc *crd_next;
141: };
142:
143: /* Structure describing complete operation */
144: struct cryptop {
145: u_int64_t crp_sid; /* Session ID */
146: int crp_ilen; /* Input data total length */
147: int crp_olen; /* Result total length */
148: int crp_alloctype; /* Type of buf to allocate if needed */
149:
150: int crp_etype; /*
151: * Error type (zero means no error).
152: * All error codes except EAGAIN
153: * indicate possible data corruption (as in,
154: * the data have been touched). On all
155: * errors, the crp_sid may have changed
156: * (reset to a new one), so the caller
157: * should always check and use the new
158: * value on future requests.
159: */
160: int crp_flags;
161:
162: #define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
163: #define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
164: #define CRYPTO_F_REL 0x0004 /* Must return data in same place */
165: #define CRYPTO_F_NOQUEUE 0x0008 /* Don't use crypto queue/thread */
166: #define CRYPTO_F_DONE 0x0010 /* request completed */
167:
168: void *crp_buf; /* Data to be processed */
169: void *crp_opaque; /* Opaque pointer, passed along */
170: struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
171:
172: int (*crp_callback)(struct cryptop *); /* Callback function */
173:
174: struct cryptop *crp_next;
175: caddr_t crp_mac;
176: };
177:
178: #define CRYPTO_BUF_IOV 0x1
179: #define CRYPTO_BUF_MBUF 0x2
180:
181: #define CRYPTO_OP_DECRYPT 0x0
182: #define CRYPTO_OP_ENCRYPT 0x1
183:
184: /* bignum parameter, in packed bytes, ... */
185: struct crparam {
186: caddr_t crp_p;
187: u_int crp_nbits;
188: };
189:
190: #define CRK_MAXPARAM 8
191:
192: struct crypt_kop {
193: u_int crk_op; /* ie. CRK_MOD_EXP or other */
194: u_int crk_status; /* return status */
195: u_short crk_iparams; /* # of input parameters */
196: u_short crk_oparams; /* # of output parameters */
197: u_int crk_pad1;
198: struct crparam crk_param[CRK_MAXPARAM];
199: };
200: #define CRK_MOD_EXP 0
201: #define CRK_MOD_EXP_CRT 1
202: #define CRK_DSA_SIGN 2
203: #define CRK_DSA_VERIFY 3
204: #define CRK_DH_COMPUTE_KEY 4
205: #define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */
206:
207: #define CRF_MOD_EXP (1 << CRK_MOD_EXP)
208: #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
209: #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
210: #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
211: #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
212:
213: struct cryptkop {
214: u_int krp_op; /* ie. CRK_MOD_EXP or other */
215: u_int krp_status; /* return status */
216: u_short krp_iparams; /* # of input parameters */
217: u_short krp_oparams; /* # of output parameters */
218: u_int32_t krp_hid;
219: struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
220: int (*krp_callback)(struct cryptkop *);
221: struct cryptkop *krp_next;
222: };
223:
224: /* Crypto capabilities structure */
225: struct cryptocap {
226: u_int64_t cc_operations; /* Counter of how many ops done */
227: u_int64_t cc_bytes; /* Counter of how many bytes done */
228: u_int64_t cc_koperations; /* How many PK ops done */
229:
230: u_int32_t cc_sessions; /* How many sessions allocated */
231:
232: /* Symmetric/hash algorithms supported */
233: int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
234:
235: /* Asymmetric algorithms supported */
236: int cc_kalg[CRK_ALGORITHM_MAX + 1];
237:
238: int cc_queued; /* Operations queued */
239:
240: u_int8_t cc_flags;
241: #define CRYPTOCAP_F_CLEANUP 0x01
242: #define CRYPTOCAP_F_SOFTWARE 0x02
243: #define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
244: #define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
245:
246: int (*cc_newsession) (u_int32_t *, struct cryptoini *);
247: int (*cc_process) (struct cryptop *);
248: int (*cc_freesession) (u_int64_t);
249: int (*cc_kprocess) (struct cryptkop *);
250: };
251:
252: /*
253: * ioctl parameter to request creation of a session.
254: */
255: struct session_op {
256: u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
257: u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
258:
259: u_int32_t keylen; /* cipher key */
260: caddr_t key;
261: int mackeylen; /* mac key */
262: caddr_t mackey;
263:
264: u_int32_t ses; /* returns: session # */
265: };
266:
267: /*
268: * ioctl parameter to request a crypt/decrypt operation against a session.
269: */
270: struct crypt_op {
271: u_int32_t ses;
272: u_int16_t op; /* ie. COP_ENCRYPT */
273: #define COP_ENCRYPT 1
274: #define COP_DECRYPT 2
275: u_int16_t flags; /* always 0 */
276:
277: u_int len;
278: caddr_t src, dst; /* become iov[] inside kernel */
279: caddr_t mac; /* must be big enough for chosen MAC */
280: caddr_t iv;
281: };
282:
283: #define CRYPTO_MAX_MAC_LEN 20
284:
285: /*
286: * done against open of /dev/crypto, to get a cloned descriptor.
287: * Please use F_SETFD against the cloned descriptor.
288: */
289: #define CRIOGET _IOWR('c', 100, u_int32_t)
290:
291: /* the following are done against the cloned descriptor */
292: #define CIOCGSESSION _IOWR('c', 101, struct session_op)
293: #define CIOCFSESSION _IOW('c', 102, u_int32_t)
294: #define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
295: #define CIOCKEY _IOWR('c', 104, struct crypt_kop)
296:
297: #define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
298:
299: #ifdef _KERNEL
300: int crypto_newsession(u_int64_t *, struct cryptoini *, int);
301: int crypto_freesession(u_int64_t);
302: int crypto_dispatch(struct cryptop *);
303: int crypto_kdispatch(struct cryptkop *);
304: int crypto_register(u_int32_t, int *,
305: int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
306: int (*)(struct cryptop *));
307: int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
308: int crypto_unregister(u_int32_t, int);
309: int32_t crypto_get_driverid(u_int8_t);
310: void crypto_thread(void);
311: int crypto_invoke(struct cryptop *);
312: int crypto_kinvoke(struct cryptkop *);
313: void crypto_done(struct cryptop *);
314: void crypto_kdone(struct cryptkop *);
315: int crypto_getfeat(int *);
316:
317: void cuio_copydata(struct uio *, int, int, caddr_t);
318: void cuio_copyback(struct uio *, int, int, const void *);
319: int cuio_getptr(struct uio *, int, int *);
320: int cuio_apply(struct uio *, int, int,
321: int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
322:
323: struct cryptop *crypto_getreq(int);
324: void crypto_freereq(struct cryptop *);
325: #endif /* _KERNEL */
326: #endif /* _CRYPTO_CRYPTO_H_ */
CVSweb