1 /* $OpenBSD: cryptodev.h,v 1.12 2001/08/05 09:36:38 deraadt Exp $ */ 2 3 /* 4 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) 5 * 6 * This code was written by Angelos D. Keromytis in Athens, Greece, in 7 * February 2000. Network Security Technologies Inc. (NSTI) kindly 8 * supported the development of this code. 9 * 10 * Copyright (c) 2000 Angelos D. Keromytis 11 * 12 * Permission to use, copy, and modify this software without fee 13 * is hereby granted, provided that this entire notice is included in 14 * all source code copies of any software which is or includes a copy or 15 * modification of this software. 16 * 17 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 18 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 19 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 20 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 21 * PURPOSE. 22 * 23 * Copyright (c) 2001 Theo de Raadt 24 * 25 * Redistribution and use in source and binary forms, with or without 26 * modification, are permitted provided that the following conditions 27 * are met: 28 * 29 * 1. Redistributions of source code must retain the above copyright 30 * notice, this list of conditions and the following disclaimer. 31 * 2. Redistributions in binary form must reproduce the above copyright 32 * notice, this list of conditions and the following disclaimer in the 33 * documentation and/or other materials provided with the distribution. 34 * 3. The name of the author may not be used to endorse or promote products 35 * derived from this software without specific prior written permission. 36 * 37 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 38 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 40 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 41 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 43 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 44 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 45 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 46 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 47 */ 48 49 #ifndef _CRYPTO_CRYPTO_H_ 50 #define _CRYPTO_CRYPTO_H_ 51 52 #include <sys/ioccom.h> 53 54 /* Some initial values */ 55 #define CRYPTO_DRIVERS_INITIAL 4 56 #define CRYPTO_SW_SESSIONS 32 57 58 /* HMAC values */ 59 #define HMAC_BLOCK_LEN 64 60 #define HMAC_IPAD_VAL 0x36 61 #define HMAC_OPAD_VAL 0x5C 62 63 /* Encryption algorithm block sizes */ 64 #define DES_BLOCK_LEN 8 65 #define DES3_BLOCK_LEN 8 66 #define BLOWFISH_BLOCK_LEN 8 67 #define SKIPJACK_BLOCK_LEN 8 68 #define CAST128_BLOCK_LEN 8 69 #define RIJNDAEL128_BLOCK_LEN 16 70 #define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */ 71 72 /* Maximum hash algorithm result length */ 73 #define AALG_MAX_RESULT_LEN 20 /* Keep this updated */ 74 75 #define CRYPTO_DES_CBC 1 76 #define CRYPTO_3DES_CBC 2 77 #define CRYPTO_BLF_CBC 3 78 #define CRYPTO_CAST_CBC 4 79 #define CRYPTO_SKIPJACK_CBC 5 80 #define CRYPTO_MD5_HMAC 6 81 #define CRYPTO_SHA1_HMAC 7 82 #define CRYPTO_RIPEMD160_HMAC 8 83 #define CRYPTO_MD5_KPDK 9 84 #define CRYPTO_SHA1_KPDK 10 85 #define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ 86 #define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ 87 #define CRYPTO_ARC4 19 88 89 /* Begin public key additions */ 90 #define CRYPTO_DH_SEND 12 /* Compute public value */ 91 #define CRYPTO_DH_RECEIVE 13 /* Compute DH shared secret */ 92 #define CRYPTO_RSA_ENCRYPT 14 /* RSA public key encryption */ 93 #define CRYPTO_RSA_DECRYPT 15 /* RSA public key decryption */ 94 #define CRYPTO_DSA_SIGN 16 /* DSA sign */ 95 #define CRYPTO_DSA_VERIFY 17 /* DSA verify */ 96 97 /* Compression */ 98 #define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */ 99 100 #define CRYPTO_ALGORITHM_MAX 19 /* Keep updated - see below */ 101 102 /* Algorithm flags */ 103 #define CRYPTO_ALG_FLAG_SUPPORTED 0x00000001 /* Algorithm is supported */ 104 #define CRYPTO_ALG_FLAG_RNG_ENABLE 0x00000002 /* Has HW RNG for DH/DSA */ 105 #define CRYPTO_ALG_FLAG_DSA_SHA 0x00000004 /* Can do SHA on msg */ 106 107 #define SYMMETRIC 0 108 #define PUBLIC_KEY 1 109 110 /* 111 * Diffie-Hellman structure which defines fields needed to operate on the 112 * input. Should be passed in the cryptoini->cri_key field. 113 */ 114 struct DH_key { 115 /* 116 * CRYPTO_DH_SEND - Enable or disable the random number generator. 117 * If disabled, private key and length should be stored in 118 * DH_buf; otherwise only the length is needed and the generated 119 * private key is stored in DH_buf->priv_key. 120 */ 121 122 /* Length of key-related variables */ 123 u_int16_t dhk_gen_length; /* SEND - generator length */ 124 u_int16_t dhk_mod_length; /* SEND/RECEIVE - modulus length */ 125 126 /* Input/output buffers for key generation */ 127 caddr_t dhk_generator; /* SEND - generator to use */ 128 caddr_t dhk_modulus; /* SEND/RECEIVE - modulus to use */ 129 }; 130 131 /* 132 * These are inputs for DH processing - the private keys and public 133 * keys are stored here because For DH-Send, if RNG_ENABLE, the 134 * private key does not have to be provided. Should be passed to the 135 * cryptop->crp_buf. 136 */ 137 struct DH_buf { 138 /* Length of variables */ 139 u_int16_t dh_public_key_length; /* SEND/RECEIVE - public value len */ 140 u_int16_t dh_ss_key_length; /* RECEIVE - shared secret key len */ 141 u_int16_t dh_priv_key_length; /* SEND/RECEIVE - Private key length */ 142 143 /* Input/output buffers */ 144 caddr_t dh_priv_key; /* 145 * Buffer for private key the private key 146 * buffer is placed here because it can 147 * be both an input and an output. If this 148 * is left empty, the crypto framework or 149 * the underlying hardware will provide it for 150 * SEND. Must be present on RECEIVE. 151 */ 152 caddr_t dh_pub_key; /* SEND/RECEIVE - I/O buffer for public key */ 153 caddr_t dh_ss_key; /* RECEIVE - output buffer for shared secret key */ 154 }; 155 156 /* 157 * RSA structure which defines fields needed to operate on the input. 158 * Should be passed to the cryptoini->cri_key field. 159 */ 160 struct RSA_key { 161 /* Length of variables (in bits) */ 162 u_int16_t rsak_exponent_length; /* Length of exponent (e) */ 163 u_int16_t rsak_mod_length; /* Length of modulus */ 164 u_int16_t rsak_p_length; /* Length of p */ 165 u_int16_t rsak_q_length; /* Length of q */ 166 u_int16_t rsak_dp_length; /* Length of CRT dp */ 167 u_int16_t rsak_dq_length; /* Length of CRT dq */ 168 u_int16_t rsak_qinv_length; /* Length of CRT qinv */ 169 170 /* Input/output buffers */ 171 caddr_t rsak_exponent; 172 caddr_t rsak_modulus; 173 caddr_t rsak_p; 174 caddr_t rsak_q; 175 caddr_t rsak_dp; 176 caddr_t rsak_dq; 177 caddr_t rsak_qinv; 178 }; 179 180 /* 181 * These are inputs for RSA processing - they are the data buffers for 182 * the input and output message. Should be passed through cryptop->crp_buf. 183 */ 184 struct RSA_buf { 185 u_int16_t rsa_in_buf_length; /* Length of input buffer */ 186 u_int16_t rsa_out_buf_length; /* Length of output buffer */ 187 188 caddr_t rsa_in_buf; /* Input message buffer */ 189 caddr_t rsa_out_buf; /* Output message buffer */ 190 }; 191 192 /* 193 * DSA structure which defines fields needed to operate on the input. 194 * Should be passed to the cyprtonini->cri_key field. 195 */ 196 struct DSA_key { 197 u_int16_t dsak_p_length; /* Length of modulus p */ 198 199 caddr_t dsak_generator; /* Generator to use, dsak_p_length */ 200 caddr_t dsak_mod_q; /* Modulus q to use, 160 bits */ 201 caddr_t dsak_mod_p; /* Modulus p to use, dsak_p_length */ 202 caddr_t dsak_pub_key; /* VERIFY - public key, dsak_p_length */ 203 caddr_t dsak_priv_key; /* SIGN - private key, 160 bits */ 204 }; 205 206 /* 207 * DSA structure which defines the input and output buffers. 208 * Should be passed to the cryptop->crp_buf field. 209 */ 210 struct DSA_buf { 211 u_int16_t dsa_msg_len; /* Message length */ 212 213 /* r,s,v are all 160 bits */ 214 caddr_t dsa_r_param; /* Input for VERIFY; output for SIGN */ 215 caddr_t dsa_s_param; /* Input for VERIFY; output for SIGN */ 216 caddr_t dsa_v_param; /* Output for VERIFY; should be 217 * compared against r_param. */ 218 caddr_t dsa_msg_buf; /* Message buffer (hash or message) */ 219 caddr_t dsa_rnd_num; /* Random value from SW, 160 bits; 220 * if not provided, framework will 221 * provide one. 222 */ 223 }; 224 225 /* Standard initialization structure beginning */ 226 struct cryptoini { 227 int cri_alg; /* Algorithm to use */ 228 int cri_klen; /* Key length, in bits */ 229 int cri_rnd; /* Algorithm rounds, where relevant */ 230 caddr_t cri_key; /* key to use */ 231 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ 232 struct cryptoini *cri_next; 233 }; 234 235 /* Describe boundaries of a single crypto operation */ 236 struct cryptodesc { 237 int crd_skip; /* How many bytes to ignore from start */ 238 int crd_len; /* How many bytes to process */ 239 int crd_inject; /* Where to inject results, if applicable */ 240 int crd_flags; 241 242 #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */ 243 #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in 244 place, so don't copy. */ 245 #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */ 246 #define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */ 247 #define CRD_F_COMP 0x0f /* Set when doing compression */ 248 249 struct cryptoini CRD_INI; /* Initialization/context data */ 250 #define crd_iv CRD_INI.cri_iv 251 #define crd_key CRD_INI.cri_key 252 #define crd_rnd CRD_INI.cri_rnd 253 #define crd_alg CRD_INI.cri_alg 254 #define crd_klen CRD_INI.cri_klen 255 256 struct cryptodesc *crd_next; 257 }; 258 259 /* Structure describing complete operation */ 260 struct cryptop { 261 u_int64_t crp_sid; /* Session ID */ 262 int crp_ilen; /* Input data total length */ 263 int crp_olen; /* Result total length */ 264 int crp_alloctype; /* Type of buf to allocate if needed */ 265 266 int crp_etype; /* 267 * Error type (zero means no error). 268 * All error codes except EAGAIN 269 * indicate possible data corruption (as in, 270 * the data have been touched). On all 271 * errors, the crp_sid may have changed 272 * (reset to a new one), so the caller 273 * should always check and use the new 274 * value on future requests. 275 */ 276 int crp_flags; 277 278 #define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */ 279 #define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ 280 #define CRYPTO_F_REL 0x0004 /* Must return data in same place */ 281 282 caddr_t crp_buf; /* Data to be processed */ 283 caddr_t crp_opaque; /* Opaque pointer, passed along */ 284 struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ 285 286 int (*crp_callback)(struct cryptop *); /* Callback function */ 287 288 struct cryptop *crp_next; 289 caddr_t crp_mac; 290 int crp_mac_trunc_len; 291 }; 292 293 #define CRYPTO_BUF_CONTIG 0x1 294 #define CRYPTO_BUF_MBUF 0x2 295 296 #define CRYPTO_OP_DECRYPT 0x0 297 #define CRYPTO_OP_ENCRYPT 0x1 298 299 /* Crypto capabilities structure */ 300 struct cryptocap { 301 u_int32_t cc_sessions; 302 303 /* 304 * Largest possible operator length (in bits) for each type of 305 * encryption algorithm - especially important for public key 306 * operations. 307 */ 308 u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1]; 309 310 u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; 311 312 u_int8_t cc_flags; 313 #define CRYPTOCAP_F_CLEANUP 0x1 314 #define CRYPTOCAP_F_SOFTWARE 0x02 315 316 int (*cc_newsession) (u_int32_t *, struct cryptoini *); 317 int (*cc_process) (struct cryptop *); 318 int (*cc_freesession) (u_int64_t); 319 }; 320 321 struct session_op { 322 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ 323 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ 324 325 u_int32_t keylen; /* cipher key */ 326 caddr_t key; 327 int mackeylen; /* mac key */ 328 caddr_t mackey; 329 330 u_int32_t ses; /* returns: session # */ 331 }; 332 333 struct crypt_op { 334 u_int32_t ses; 335 u_int16_t op; 336 u_int16_t flags; /* always 0 */ 337 338 u_int len; 339 caddr_t src, dst; /* become iov[] inside kernel */ 340 caddr_t mac; 341 caddr_t iv; 342 }; 343 344 #define COP_ENCRYPT 1 345 #define COP_DECRYPT 2 346 /* #define COP_SETKEY 3 */ 347 /* #define COP_GETKEY 4 */ 348 349 #define CRIOGET _IOWR('c', 100, u_int32_t) 350 351 #define CIOCGSESSION _IOWR('c', 101, struct session_op) 352 #define CIOCFSESSION _IOW('c', 102, u_int32_t) 353 #define CIOCCRYPT _IOWR('c', 103, struct crypt_op) 354 355 #ifdef _KERNEL 356 int crypto_check_alg(struct cryptoini *); 357 int crypto_newsession(u_int64_t *, struct cryptoini *, int); 358 int crypto_freesession(u_int64_t); 359 int crypto_dispatch(struct cryptop *); 360 int crypto_register(u_int32_t, int, u_int16_t, u_int32_t, 361 int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t), 362 int (*)(struct cryptop *)); 363 int crypto_unregister(u_int32_t, int); 364 int32_t crypto_get_driverid(void); 365 void crypto_thread(void); 366 int crypto_invoke(struct cryptop *); 367 void crypto_done(struct cryptop *); 368 int crypto_check_alg(struct cryptoini *); 369 370 struct mbuf; 371 int mbuf2pages __P((struct mbuf *, int *, long *, int *, int, int *)); 372 int iov2pages __P((struct uio *, int *, long *, int *, int, int *)); 373 void cuio_copydata __P((struct uio *, int, int, caddr_t)); 374 void cuio_copyback __P((struct uio *, int, int, caddr_t)); 375 376 struct cryptop *crypto_getreq(int); 377 void crypto_freereq(struct cryptop *); 378 #endif /* _KERNEL */ 379 #endif /* _CRYPTO_CRYPTO_H_ */ 380