1 /* $OpenBSD: cryptodev.h,v 1.47 2008/06/09 16:07:00 djm Exp $ */ 2 3 /* 4 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) 5 * 6 * This code was written by Angelos D. Keromytis in Athens, Greece, in 7 * February 2000. Network Security Technologies Inc. (NSTI) kindly 8 * supported the development of this code. 9 * 10 * Copyright (c) 2000 Angelos D. Keromytis 11 * 12 * Permission to use, copy, and modify this software with or without fee 13 * is hereby granted, provided that this entire notice is included in 14 * all source code copies of any software which is or includes a copy or 15 * modification of this software. 16 * 17 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 18 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 19 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 20 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 21 * PURPOSE. 22 * 23 * Copyright (c) 2001 Theo de Raadt 24 * 25 * Redistribution and use in source and binary forms, with or without 26 * modification, are permitted provided that the following conditions 27 * are met: 28 * 29 * 1. Redistributions of source code must retain the above copyright 30 * notice, this list of conditions and the following disclaimer. 31 * 2. Redistributions in binary form must reproduce the above copyright 32 * notice, this list of conditions and the following disclaimer in the 33 * documentation and/or other materials provided with the distribution. 34 * 35 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 36 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 38 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 39 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 40 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 41 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 42 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 43 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 44 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 45 * 46 * Effort sponsored in part by the Defense Advanced Research Projects 47 * Agency (DARPA) and Air Force Research Laboratory, Air Force 48 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 49 * 50 */ 51 52 #ifndef _CRYPTO_CRYPTO_H_ 53 #define _CRYPTO_CRYPTO_H_ 54 55 #include <sys/ioccom.h> 56 57 /* Some initial values */ 58 #define CRYPTO_DRIVERS_INITIAL 4 59 #define CRYPTO_SW_SESSIONS 32 60 61 /* HMAC values */ 62 #define HMAC_BLOCK_LEN 64 63 #define HMAC_IPAD_VAL 0x36 64 #define HMAC_OPAD_VAL 0x5C 65 66 /* Encryption algorithm block sizes */ 67 #define DES_BLOCK_LEN 8 68 #define DES3_BLOCK_LEN 8 69 #define BLOWFISH_BLOCK_LEN 8 70 #define SKIPJACK_BLOCK_LEN 8 71 #define CAST128_BLOCK_LEN 8 72 #define RIJNDAEL128_BLOCK_LEN 16 73 #define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */ 74 75 /* Maximum hash algorithm result length */ 76 #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */ 77 78 #define CRYPTO_DES_CBC 1 79 #define CRYPTO_3DES_CBC 2 80 #define CRYPTO_BLF_CBC 3 81 #define CRYPTO_CAST_CBC 4 82 #define CRYPTO_SKIPJACK_CBC 5 83 #define CRYPTO_MD5_HMAC 6 84 #define CRYPTO_SHA1_HMAC 7 85 #define CRYPTO_RIPEMD160_HMAC 8 86 #define CRYPTO_MD5_KPDK 9 87 #define CRYPTO_SHA1_KPDK 10 88 #define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ 89 #define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ 90 #define CRYPTO_ARC4 12 91 #define CRYPTO_MD5 13 92 #define CRYPTO_SHA1 14 93 #define CRYPTO_DEFLATE_COMP 15 /* Deflate compression algorithm */ 94 #define CRYPTO_NULL 16 95 #define CRYPTO_LZS_COMP 17 /* LZS compression algorithm */ 96 #define CRYPTO_SHA2_256_HMAC 18 97 #define CRYPTO_SHA2_384_HMAC 19 98 #define CRYPTO_SHA2_512_HMAC 20 99 #define CRYPTO_AES_CTR 21 100 #define CRYPTO_AES_XTS 22 101 #define CRYPTO_ALGORITHM_MAX 22 /* Keep updated - see below */ 102 103 #define CRYPTO_ALGORITHM_ALL (CRYPTO_ALGORITHM_MAX + 1) 104 105 /* Algorithm flags */ 106 #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ 107 #define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ 108 #define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ 109 110 /* Standard initialization structure beginning */ 111 struct cryptoini { 112 int cri_alg; /* Algorithm to use */ 113 int cri_klen; /* Key length, in bits */ 114 int cri_rnd; /* Algorithm rounds, where relevant */ 115 caddr_t cri_key; /* key to use */ 116 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ 117 struct cryptoini *cri_next; 118 }; 119 120 /* Describe boundaries of a single crypto operation */ 121 struct cryptodesc { 122 int crd_skip; /* How many bytes to ignore from start */ 123 int crd_len; /* How many bytes to process */ 124 int crd_inject; /* Where to inject results, if applicable */ 125 int crd_flags; 126 127 #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */ 128 #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in 129 place, so don't copy. */ 130 #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */ 131 #define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */ 132 #define CRD_F_COMP 0x10 /* Set when doing compression */ 133 134 struct cryptoini CRD_INI; /* Initialization/context data */ 135 #define crd_iv CRD_INI.cri_iv 136 #define crd_key CRD_INI.cri_key 137 #define crd_rnd CRD_INI.cri_rnd 138 #define crd_alg CRD_INI.cri_alg 139 #define crd_klen CRD_INI.cri_klen 140 141 struct cryptodesc *crd_next; 142 }; 143 144 /* Structure describing complete operation */ 145 struct cryptop { 146 u_int64_t crp_sid; /* Session ID */ 147 int crp_ilen; /* Input data total length */ 148 int crp_olen; /* Result total length */ 149 int crp_alloctype; /* Type of buf to allocate if needed */ 150 151 int crp_etype; /* 152 * Error type (zero means no error). 153 * All error codes except EAGAIN 154 * indicate possible data corruption (as in, 155 * the data have been touched). On all 156 * errors, the crp_sid may have changed 157 * (reset to a new one), so the caller 158 * should always check and use the new 159 * value on future requests. 160 */ 161 int crp_flags; 162 163 #define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */ 164 #define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ 165 #define CRYPTO_F_REL 0x0004 /* Must return data in same place */ 166 #define CRYPTO_F_NOQUEUE 0x0008 /* Don't use crypto queue/thread */ 167 #define CRYPTO_F_DONE 0x0010 /* request completed */ 168 169 void *crp_buf; /* Data to be processed */ 170 void *crp_opaque; /* Opaque pointer, passed along */ 171 struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ 172 173 int (*crp_callback)(struct cryptop *); /* Callback function */ 174 175 caddr_t crp_mac; 176 }; 177 178 #define CRYPTO_BUF_IOV 0x1 179 #define CRYPTO_BUF_MBUF 0x2 180 181 #define CRYPTO_OP_DECRYPT 0x0 182 #define CRYPTO_OP_ENCRYPT 0x1 183 184 /* bignum parameter, in packed bytes, ... */ 185 struct crparam { 186 caddr_t crp_p; 187 u_int crp_nbits; 188 }; 189 190 #define CRK_MAXPARAM 8 191 192 struct crypt_kop { 193 u_int crk_op; /* ie. CRK_MOD_EXP or other */ 194 u_int crk_status; /* return status */ 195 u_short crk_iparams; /* # of input parameters */ 196 u_short crk_oparams; /* # of output parameters */ 197 u_int crk_pad1; 198 struct crparam crk_param[CRK_MAXPARAM]; 199 }; 200 #define CRK_MOD_EXP 0 201 #define CRK_MOD_EXP_CRT 1 202 #define CRK_DSA_SIGN 2 203 #define CRK_DSA_VERIFY 3 204 #define CRK_DH_COMPUTE_KEY 4 205 #define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */ 206 207 #define CRF_MOD_EXP (1 << CRK_MOD_EXP) 208 #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) 209 #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) 210 #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) 211 #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) 212 213 struct cryptkop { 214 u_int krp_op; /* ie. CRK_MOD_EXP or other */ 215 u_int krp_status; /* return status */ 216 u_short krp_iparams; /* # of input parameters */ 217 u_short krp_oparams; /* # of output parameters */ 218 u_int32_t krp_hid; 219 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ 220 int (*krp_callback)(struct cryptkop *); 221 }; 222 223 /* Crypto capabilities structure */ 224 struct cryptocap { 225 u_int64_t cc_operations; /* Counter of how many ops done */ 226 u_int64_t cc_bytes; /* Counter of how many bytes done */ 227 u_int64_t cc_koperations; /* How many PK ops done */ 228 229 u_int32_t cc_sessions; /* How many sessions allocated */ 230 231 /* Symmetric/hash algorithms supported */ 232 int cc_alg[CRYPTO_ALGORITHM_MAX + 1]; 233 234 /* Asymmetric algorithms supported */ 235 int cc_kalg[CRK_ALGORITHM_MAX + 1]; 236 237 int cc_queued; /* Operations queued */ 238 239 u_int8_t cc_flags; 240 #define CRYPTOCAP_F_CLEANUP 0x01 241 #define CRYPTOCAP_F_SOFTWARE 0x02 242 #define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */ 243 #define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */ 244 245 int (*cc_newsession) (u_int32_t *, struct cryptoini *); 246 int (*cc_process) (struct cryptop *); 247 int (*cc_freesession) (u_int64_t); 248 int (*cc_kprocess) (struct cryptkop *); 249 }; 250 251 /* 252 * ioctl parameter to request creation of a session. 253 */ 254 struct session_op { 255 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ 256 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ 257 258 u_int32_t keylen; /* cipher key */ 259 caddr_t key; 260 int mackeylen; /* mac key */ 261 caddr_t mackey; 262 263 u_int32_t ses; /* returns: session # */ 264 }; 265 266 /* 267 * ioctl parameter to request a crypt/decrypt operation against a session. 268 */ 269 struct crypt_op { 270 u_int32_t ses; 271 u_int16_t op; /* ie. COP_ENCRYPT */ 272 #define COP_ENCRYPT 1 273 #define COP_DECRYPT 2 274 u_int16_t flags; /* always 0 */ 275 276 u_int len; 277 caddr_t src, dst; /* become iov[] inside kernel */ 278 caddr_t mac; /* must be big enough for chosen MAC */ 279 caddr_t iv; 280 }; 281 282 #define CRYPTO_MAX_MAC_LEN 20 283 284 /* 285 * done against open of /dev/crypto, to get a cloned descriptor. 286 * Please use F_SETFD against the cloned descriptor. 287 */ 288 #define CRIOGET _IOWR('c', 100, u_int32_t) 289 290 /* the following are done against the cloned descriptor */ 291 #define CIOCGSESSION _IOWR('c', 101, struct session_op) 292 #define CIOCFSESSION _IOW('c', 102, u_int32_t) 293 #define CIOCCRYPT _IOWR('c', 103, struct crypt_op) 294 #define CIOCKEY _IOWR('c', 104, struct crypt_kop) 295 296 #define CIOCASYMFEAT _IOR('c', 105, u_int32_t) 297 298 #ifdef _KERNEL 299 int crypto_newsession(u_int64_t *, struct cryptoini *, int); 300 int crypto_freesession(u_int64_t); 301 int crypto_dispatch(struct cryptop *); 302 int crypto_kdispatch(struct cryptkop *); 303 int crypto_register(u_int32_t, int *, 304 int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t), 305 int (*)(struct cryptop *)); 306 int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *)); 307 int crypto_unregister(u_int32_t, int); 308 int32_t crypto_get_driverid(u_int8_t); 309 void crypto_thread(void); 310 int crypto_invoke(struct cryptop *); 311 int crypto_kinvoke(struct cryptkop *); 312 void crypto_done(struct cryptop *); 313 void crypto_kdone(struct cryptkop *); 314 int crypto_getfeat(int *); 315 316 void cuio_copydata(struct uio *, int, int, caddr_t); 317 void cuio_copyback(struct uio *, int, int, const void *); 318 int cuio_getptr(struct uio *, int, int *); 319 int cuio_apply(struct uio *, int, int, 320 int (*f)(caddr_t, caddr_t, unsigned int), caddr_t); 321 322 struct cryptop *crypto_getreq(int); 323 void crypto_freereq(struct cryptop *); 324 #endif /* _KERNEL */ 325 #endif /* _CRYPTO_CRYPTO_H_ */ 326