Cross Reference: /freebsd-10.2-release/share/man/man9/crypto.9

Deleted Added

sdiff udiff text old ( 158850 ) new ( 159214 )

full compact

crypto.9 (158850)	crypto.9 (159214)
1.\" $OpenBSD: crypto.9,v 1.19 2002/07/16 06:31:57 angelos Exp $ 2.\" 3.\" The author of this manual page is Angelos D. Keromytis (angelos@cis.upenn.edu) 4.\" 5.\" Copyright (c) 2000, 2001 Angelos D. Keromytis 6.\" 7.\" Permission to use, copy, and modify this software with or without fee 8.\" is hereby granted, provided that this entire notice is included in 9.\" all source code copies of any software which is or includes a copy or 10.\" modification of this software. 11.\" 12.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 13.\" IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 14.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 15.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 16.\" PURPOSE. 17.\"	1.\" $OpenBSD: crypto.9,v 1.19 2002/07/16 06:31:57 angelos Exp $ 2.\" 3.\" The author of this manual page is Angelos D. Keromytis (angelos@cis.upenn.edu) 4.\" 5.\" Copyright (c) 2000, 2001 Angelos D. Keromytis 6.\" 7.\" Permission to use, copy, and modify this software with or without fee 8.\" is hereby granted, provided that this entire notice is included in 9.\" all source code copies of any software which is or includes a copy or 10.\" modification of this software. 11.\" 12.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 13.\" IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 14.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 15.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 16.\" PURPOSE. 17.\"
18.\" $FreeBSD: head/share/man/man9/crypto.9 158850 2006-05-23 08:43:28Z pjd $	18.\" $FreeBSD: head/share/man/man9/crypto.9 159214 2006-06-03 23:39:13Z pjd $
19.\"	19.\"
20.Dd May 17, 2006	20.Dd June 4, 2006
21.Dt CRYPTO 9 22.Os 23.Sh NAME 24.Nm crypto 25.Nd API for cryptographic services in the kernel 26.Sh SYNOPSIS 27.In opencrypto/cryptodev.h 28.Ft int32_t 29.Fn crypto_get_driverid u_int8_t 30.Ft int 31.Fn crypto_register u_int32_t int u_int16_t u_int32_t "int \[lp]\[rp]\[lp]void , u_int32_t , struct cryptoini \[rp]" "int \[lp]\[rp]\[lp]void , u_int64_t\[rp]" "int \[lp]\[rp]\[lp]void , struct cryptop \[rp]" "void " 32.Ft int 33.Fn crypto_kregister u_int32_t int u_int32_t "int \[lp]\[rp]\[lp]void , struct cryptkop \[rp]" "void " 34.Ft int 35.Fn crypto_unregister u_int32_t int 36.Ft int 37.Fn crypto_unregister_all u_int32_t 38.Ft void 39.Fn crypto_done "struct cryptop " 40.Ft void 41.Fn crypto_kdone "struct cryptkop " 42.Ft int 43.Fn crypto_newsession "u_int64_t " "struct cryptoini " int 44.Ft int 45.Fn crypto_freesession u_int64_t 46.Ft int 47.Fn crypto_dispatch "struct cryptop " 48.Ft int 49.Fn crypto_kdispatch "struct cryptkop " 50.Ft int 51.Fn crypto_unblock u_int32_t int 52.Ft "struct cryptop " 53.Fn crypto_getreq int 54.Ft void 55.Fn crypto_freereq void 56.Bd -literal 57#define CRYPTO_SYMQ 0x1 58#define CRYPTO_ASYMQ 0x2 59 60#define EALG_MAX_BLOCK_LEN 16 61 62struct cryptoini { 63 int cri_alg; 64 int cri_klen; 65 int cri_mlen; 66 caddr_t cri_key; 67 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; 68 struct cryptoini cri_next; 69}; 70 71struct cryptodesc { 72 int crd_skip; 73 int crd_len; 74 int crd_inject; 75 int crd_flags; 76 struct cryptoini CRD_INI;	21.Dt CRYPTO 9 22.Os 23.Sh NAME 24.Nm crypto 25.Nd API for cryptographic services in the kernel 26.Sh SYNOPSIS 27.In opencrypto/cryptodev.h 28.Ft int32_t 29.Fn crypto_get_driverid u_int8_t 30.Ft int 31.Fn crypto_register u_int32_t int u_int16_t u_int32_t "int \[lp]\[rp]\[lp]void , u_int32_t , struct cryptoini \[rp]" "int \[lp]\[rp]\[lp]void , u_int64_t\[rp]" "int \[lp]\[rp]\[lp]void , struct cryptop \[rp]" "void " 32.Ft int 33.Fn crypto_kregister u_int32_t int u_int32_t "int \[lp]\[rp]\[lp]void , struct cryptkop \[rp]" "void " 34.Ft int 35.Fn crypto_unregister u_int32_t int 36.Ft int 37.Fn crypto_unregister_all u_int32_t 38.Ft void 39.Fn crypto_done "struct cryptop " 40.Ft void 41.Fn crypto_kdone "struct cryptkop " 42.Ft int 43.Fn crypto_newsession "u_int64_t " "struct cryptoini " int 44.Ft int 45.Fn crypto_freesession u_int64_t 46.Ft int 47.Fn crypto_dispatch "struct cryptop " 48.Ft int 49.Fn crypto_kdispatch "struct cryptkop " 50.Ft int 51.Fn crypto_unblock u_int32_t int 52.Ft "struct cryptop " 53.Fn crypto_getreq int 54.Ft void 55.Fn crypto_freereq void 56.Bd -literal 57#define CRYPTO_SYMQ 0x1 58#define CRYPTO_ASYMQ 0x2 59 60#define EALG_MAX_BLOCK_LEN 16 61 62struct cryptoini { 63 int cri_alg; 64 int cri_klen; 65 int cri_mlen; 66 caddr_t cri_key; 67 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; 68 struct cryptoini cri_next; 69}; 70 71struct cryptodesc { 72 int crd_skip; 73 int crd_len; 74 int crd_inject; 75 int crd_flags; 76 struct cryptoini CRD_INI;
	77#define crd_iv CRD_INI.cri_iv 78#define crd_key CRD_INI.cri_key 79#define crd_alg CRD_INI.cri_alg 80#define crd_klen CRD_INI.cri_klen
77 struct cryptodesc crd_next; 78}; 79 80struct cryptop { 81 TAILQ_ENTRY(cryptop) crp_next; 82 u_int64_t crp_sid; 83 int crp_ilen; 84 int crp_olen; 85 int crp_etype; 86 int crp_flags; 87 caddr_t crp_buf; 88 caddr_t crp_opaque; 89 struct cryptodesc crp_desc; 90 int (crp_callback) (struct cryptop ); 91 caddr_t crp_mac; 92}; 93 94struct crparam { 95 caddr_t crp_p; 96 u_int crp_nbits; 97}; 98 99#define CRK_MAXPARAM 8 100 101struct cryptkop { 102 TAILQ_ENTRY(cryptkop) krp_next; 103 u_int krp_op; /* ie. CRK_MOD_EXP or other / 104* u_int krp_status; /* return status / 105* u_short krp_iparams; /* # of input parameters / 106* u_short krp_oparams; /* # of output parameters / 107* u_int32_t krp_hid; 108 struct crparam krp_param[CRK_MAXPARAM]; 109 int (krp_callback)(struct cryptkop ); 110}; 111.Ed 112.Sh DESCRIPTION 113.Nm 114is a framework for drivers of cryptographic hardware to register with 115the kernel so 116.Dq consumers 117(other kernel subsystems, and 118users through the 119.Pa /dev/crypto 120device) are able to make use of it. 121Drivers register with the framework the algorithms they support, 122and provide entry points (functions) the framework may call to 123establish, use, and tear down sessions. 124Sessions are used to cache cryptographic information in a particular driver 125(or associated hardware), so initialization is not needed with every request. 126Consumers of cryptographic services pass a set of 127descriptors that instruct the framework (and the drivers registered 128with it) of the operations that should be applied on the data (more 129than one cryptographic operation can be requested). 130.Pp 131Keying operations are supported as well. 132Unlike the symmetric operators described above, 133these sessionless commands perform mathematical operations using 134input and output parameters. 135.Pp 136Since the consumers may not be associated with a process, drivers may 137not 138.Xr sleep 9 . 139The same holds for the framework. 140Thus, a callback mechanism is used 141to notify a consumer that a request has been completed (the 142callback is specified by the consumer on an per-request basis). 143The callback is invoked by the framework whether the request was 144successfully completed or not. 145An error indication is provided in the latter case. 146A specific error code, 147.Er EAGAIN , 148is used to indicate that a session number has changed and that the 149request may be re-submitted immediately with the new session number. 150Errors are only returned to the invoking function if not 151enough information to call the callback is available (meaning, there 152was a fatal error in verifying the arguments). 153For session initialization and teardown there is no callback mechanism used. 154.Pp 155The 156.Fn crypto_newsession 157routine is called by consumers of cryptographic services (such as the 158.Xr ipsec 4 159stack) that wish to establish a new session with the framework. 160On success, the first argument will contain the Session Identifier (SID). 161The second argument contains all the necessary information for 162the driver to establish the session. 163The third argument indicates whether a 164hardware driver (1) should be used or not (0). 165The various fields in the 166.Vt cryptoini 167structure are: 168.Bl -tag -width ".Va cri_next" 169.It Va cri_alg 170Contains an algorithm identifier. 171Currently supported algorithms are: 172.Pp 173.Bl -tag -width ".Dv CRYPTO_RIPEMD160_HMAC" -compact 174.It Dv CRYPTO_DES_CBC 175.It Dv CRYPTO_3DES_CBC 176.It Dv CRYPTO_BLF_CBC 177.It Dv CRYPTO_CAST_CBC 178.It Dv CRYPTO_SKIPJACK_CBC 179.It Dv CRYPTO_MD5_HMAC 180.It Dv CRYPTO_SHA1_HMAC 181.It Dv CRYPTO_RIPEMD160_HMAC 182.It Dv CRYPTO_MD5_KPDK 183.It Dv CRYPTO_SHA1_KPDK 184.It Dv CRYPTO_AES_CBC 185.It Dv CRYPTO_ARC4 186.It Dv CRYPTO_MD5 187.It Dv CRYPTO_SHA1 188.It Dv CRYPTO_SHA2_256_HMAC 189.It Dv CRYPTO_SHA2_384_HMAC 190.It Dv CRYPTO_SHA2_512_HMAC 191.It Dv CRYPTO_NULL_HMAC 192.It Dv CRYPTO_NULL_CBC 193.El 194.It Va cri_klen 195Specifies the length of the key in bits, for variable-size key 196algorithms. 197.It Va cri_mlen 198Specifies how many bytes from the calculated hash should be copied back. 1990 means entire hash. 200.It Va cri_key 201Contains the key to be used with the algorithm. 202.It Va cri_iv 203Contains an explicit initialization vector (IV), if it does not prefix 204the data. 205This field is ignored during initialization. 206If no IV is explicitly passed (see below on details), a random IV is used 207by the device driver processing the request. 208.It Va cri_next 209Contains a pointer to another 210.Vt cryptoini 211structure. 212Multiple such structures may be linked to establish multi-algorithm sessions 213.Xr ( ipsec 4 214is an example consumer of such a feature). 215.El 216.Pp 217The 218.Vt cryptoini 219structure and its contents will not be modified by the framework (or 220the drivers used). 221Subsequent requests for processing that use the 222SID returned will avoid the cost of re-initializing the hardware (in 223essence, SID acts as an index in the session cache of the driver). 224.Pp 225.Fn crypto_freesession 226is called with the SID returned by 227.Fn crypto_newsession 228to disestablish the session. 229.Pp 230.Fn crypto_dispatch 231is called to process a request. 232The various fields in the 233.Vt cryptop 234structure are: 235.Bl -tag -width ".Va crp_callback" 236.It Va crp_sid 237Contains the SID. 238.It Va crp_ilen 239Indicates the total length in bytes of the buffer to be processed. 240.It Va crp_olen 241On return, contains the total length of the result. 242For symmetric crypto operations, this will be the same as the input length. 243This will be used if the framework needs to allocate a new 244buffer for the result (or for re-formatting the input). 245.It Va crp_callback 246This routine is invoked upon completion of the request, whether 247successful or not. 248It is invoked through the 249.Fn crypto_done 250routine. 251If the request was not successful, an error code is set in the 252.Va crp_etype 253field. 254It is the responsibility of the callback routine to set the appropriate 255.Xr spl 9 256level. 257.It Va crp_etype 258Contains the error type, if any errors were encountered, or zero if 259the request was successfully processed. 260If the 261.Er EAGAIN 262error code is returned, the SID has changed (and has been recorded in the 263.Va crp_sid 264field). 265The consumer should record the new SID and use it in all subsequent requests. 266In this case, the request may be re-submitted immediately. 267This mechanism is used by the framework to perform 268session migration (move a session from one driver to another, because 269of availability, performance, or other considerations). 270.Pp 271Note that this field only makes sense when examined by 272the callback routine specified in 273.Va crp_callback . 274Errors are returned to the invoker of 275.Fn crypto_process 276only when enough information is not present to call the callback 277routine (i.e., if the pointer passed is 278.Dv NULL 279or if no callback routine was specified). 280.It Va crp_flags 281Is a bitmask of flags associated with this request. 282Currently defined flags are: 283.Bl -tag -width ".Dv CRYPTO_F_CBIFSYNC" 284.It Dv CRYPTO_F_IMBUF 285The buffer pointed to by 286.Va crp_buf 287is an mbuf chain. 288.It Dv CRYPTO_F_IOV 289The buffer pointed to by 290.Va crp_buf 291is an uio structure. 292.It Dv CRYPTO_F_REL 293Must return data in the same place. 294.It Dv CRYPTO_F_BATCH 295Batch operation if possible. 296.It Dv CRYPTO_F_CBIMM 297Do callback immediatelly instead of doing it from a dedicated kernel thread. 298.It Dv CRYPTO_F_DONE 299Operation completed. 300.It Dv CRYPTO_F_CBIFSYNC 301Do callback immediatelly if operation is synchronous. 302.El 303.It Va crp_buf 304Points to the input buffer. 305On return (when the callback is invoked), 306it contains the result of the request. 307The input buffer may be an mbuf 308chain or a contiguous buffer, 309depending on 310.Va crp_flags . 311.It Va crp_opaque 312This is passed through the crypto framework untouched and is 313intended for the invoking application's use. 314.It Va crp_desc 315This is a linked list of descriptors. 316Each descriptor provides 317information about what type of cryptographic operation should be done 318on the input buffer. 319The various fields are: 320.Bl -tag -width ".Va crd_inject"	81 struct cryptodesc crd_next; 82}; 83 84struct cryptop { 85 TAILQ_ENTRY(cryptop) crp_next; 86 u_int64_t crp_sid; 87 int crp_ilen; 88 int crp_olen; 89 int crp_etype; 90 int crp_flags; 91 caddr_t crp_buf; 92 caddr_t crp_opaque; 93 struct cryptodesc crp_desc; 94 int (crp_callback) (struct cryptop ); 95 caddr_t crp_mac; 96}; 97 98struct crparam { 99 caddr_t crp_p; 100 u_int crp_nbits; 101}; 102 103#define CRK_MAXPARAM 8 104 105struct cryptkop { 106 TAILQ_ENTRY(cryptkop) krp_next; 107 u_int krp_op; /* ie. CRK_MOD_EXP or other / 108* u_int krp_status; /* return status / 109* u_short krp_iparams; /* # of input parameters / 110* u_short krp_oparams; /* # of output parameters / 111* u_int32_t krp_hid; 112 struct crparam krp_param[CRK_MAXPARAM]; 113 int (krp_callback)(struct cryptkop ); 114}; 115.Ed 116.Sh DESCRIPTION 117.Nm 118is a framework for drivers of cryptographic hardware to register with 119the kernel so 120.Dq consumers 121(other kernel subsystems, and 122users through the 123.Pa /dev/crypto 124device) are able to make use of it. 125Drivers register with the framework the algorithms they support, 126and provide entry points (functions) the framework may call to 127establish, use, and tear down sessions. 128Sessions are used to cache cryptographic information in a particular driver 129(or associated hardware), so initialization is not needed with every request. 130Consumers of cryptographic services pass a set of 131descriptors that instruct the framework (and the drivers registered 132with it) of the operations that should be applied on the data (more 133than one cryptographic operation can be requested). 134.Pp 135Keying operations are supported as well. 136Unlike the symmetric operators described above, 137these sessionless commands perform mathematical operations using 138input and output parameters. 139.Pp 140Since the consumers may not be associated with a process, drivers may 141not 142.Xr sleep 9 . 143The same holds for the framework. 144Thus, a callback mechanism is used 145to notify a consumer that a request has been completed (the 146callback is specified by the consumer on an per-request basis). 147The callback is invoked by the framework whether the request was 148successfully completed or not. 149An error indication is provided in the latter case. 150A specific error code, 151.Er EAGAIN , 152is used to indicate that a session number has changed and that the 153request may be re-submitted immediately with the new session number. 154Errors are only returned to the invoking function if not 155enough information to call the callback is available (meaning, there 156was a fatal error in verifying the arguments). 157For session initialization and teardown there is no callback mechanism used. 158.Pp 159The 160.Fn crypto_newsession 161routine is called by consumers of cryptographic services (such as the 162.Xr ipsec 4 163stack) that wish to establish a new session with the framework. 164On success, the first argument will contain the Session Identifier (SID). 165The second argument contains all the necessary information for 166the driver to establish the session. 167The third argument indicates whether a 168hardware driver (1) should be used or not (0). 169The various fields in the 170.Vt cryptoini 171structure are: 172.Bl -tag -width ".Va cri_next" 173.It Va cri_alg 174Contains an algorithm identifier. 175Currently supported algorithms are: 176.Pp 177.Bl -tag -width ".Dv CRYPTO_RIPEMD160_HMAC" -compact 178.It Dv CRYPTO_DES_CBC 179.It Dv CRYPTO_3DES_CBC 180.It Dv CRYPTO_BLF_CBC 181.It Dv CRYPTO_CAST_CBC 182.It Dv CRYPTO_SKIPJACK_CBC 183.It Dv CRYPTO_MD5_HMAC 184.It Dv CRYPTO_SHA1_HMAC 185.It Dv CRYPTO_RIPEMD160_HMAC 186.It Dv CRYPTO_MD5_KPDK 187.It Dv CRYPTO_SHA1_KPDK 188.It Dv CRYPTO_AES_CBC 189.It Dv CRYPTO_ARC4 190.It Dv CRYPTO_MD5 191.It Dv CRYPTO_SHA1 192.It Dv CRYPTO_SHA2_256_HMAC 193.It Dv CRYPTO_SHA2_384_HMAC 194.It Dv CRYPTO_SHA2_512_HMAC 195.It Dv CRYPTO_NULL_HMAC 196.It Dv CRYPTO_NULL_CBC 197.El 198.It Va cri_klen 199Specifies the length of the key in bits, for variable-size key 200algorithms. 201.It Va cri_mlen 202Specifies how many bytes from the calculated hash should be copied back. 2030 means entire hash. 204.It Va cri_key 205Contains the key to be used with the algorithm. 206.It Va cri_iv 207Contains an explicit initialization vector (IV), if it does not prefix 208the data. 209This field is ignored during initialization. 210If no IV is explicitly passed (see below on details), a random IV is used 211by the device driver processing the request. 212.It Va cri_next 213Contains a pointer to another 214.Vt cryptoini 215structure. 216Multiple such structures may be linked to establish multi-algorithm sessions 217.Xr ( ipsec 4 218is an example consumer of such a feature). 219.El 220.Pp 221The 222.Vt cryptoini 223structure and its contents will not be modified by the framework (or 224the drivers used). 225Subsequent requests for processing that use the 226SID returned will avoid the cost of re-initializing the hardware (in 227essence, SID acts as an index in the session cache of the driver). 228.Pp 229.Fn crypto_freesession 230is called with the SID returned by 231.Fn crypto_newsession 232to disestablish the session. 233.Pp 234.Fn crypto_dispatch 235is called to process a request. 236The various fields in the 237.Vt cryptop 238structure are: 239.Bl -tag -width ".Va crp_callback" 240.It Va crp_sid 241Contains the SID. 242.It Va crp_ilen 243Indicates the total length in bytes of the buffer to be processed. 244.It Va crp_olen 245On return, contains the total length of the result. 246For symmetric crypto operations, this will be the same as the input length. 247This will be used if the framework needs to allocate a new 248buffer for the result (or for re-formatting the input). 249.It Va crp_callback 250This routine is invoked upon completion of the request, whether 251successful or not. 252It is invoked through the 253.Fn crypto_done 254routine. 255If the request was not successful, an error code is set in the 256.Va crp_etype 257field. 258It is the responsibility of the callback routine to set the appropriate 259.Xr spl 9 260level. 261.It Va crp_etype 262Contains the error type, if any errors were encountered, or zero if 263the request was successfully processed. 264If the 265.Er EAGAIN 266error code is returned, the SID has changed (and has been recorded in the 267.Va crp_sid 268field). 269The consumer should record the new SID and use it in all subsequent requests. 270In this case, the request may be re-submitted immediately. 271This mechanism is used by the framework to perform 272session migration (move a session from one driver to another, because 273of availability, performance, or other considerations). 274.Pp 275Note that this field only makes sense when examined by 276the callback routine specified in 277.Va crp_callback . 278Errors are returned to the invoker of 279.Fn crypto_process 280only when enough information is not present to call the callback 281routine (i.e., if the pointer passed is 282.Dv NULL 283or if no callback routine was specified). 284.It Va crp_flags 285Is a bitmask of flags associated with this request. 286Currently defined flags are: 287.Bl -tag -width ".Dv CRYPTO_F_CBIFSYNC" 288.It Dv CRYPTO_F_IMBUF 289The buffer pointed to by 290.Va crp_buf 291is an mbuf chain. 292.It Dv CRYPTO_F_IOV 293The buffer pointed to by 294.Va crp_buf 295is an uio structure. 296.It Dv CRYPTO_F_REL 297Must return data in the same place. 298.It Dv CRYPTO_F_BATCH 299Batch operation if possible. 300.It Dv CRYPTO_F_CBIMM 301Do callback immediatelly instead of doing it from a dedicated kernel thread. 302.It Dv CRYPTO_F_DONE 303Operation completed. 304.It Dv CRYPTO_F_CBIFSYNC 305Do callback immediatelly if operation is synchronous. 306.El 307.It Va crp_buf 308Points to the input buffer. 309On return (when the callback is invoked), 310it contains the result of the request. 311The input buffer may be an mbuf 312chain or a contiguous buffer, 313depending on 314.Va crp_flags . 315.It Va crp_opaque 316This is passed through the crypto framework untouched and is 317intended for the invoking application's use. 318.It Va crp_desc 319This is a linked list of descriptors. 320Each descriptor provides 321information about what type of cryptographic operation should be done 322on the input buffer. 323The various fields are: 324.Bl -tag -width ".Va crd_inject"
	325.It Va crd_iv 326The field where IV should be provided when the 327.Dv CRD_F_IV_EXPLICIT 328flag is given. 329.It Va crd_key 330When the 331.Dv CRD_F_KEY_EXPLICIT 332flag is given, the 333.Va crd_key 334points to a buffer with encryption or authentication key. 335.It Va crd_alg 336An algorithm to use. 337Must be the same as the one given at newsession time. 338.It Va crd_klen 339The 340.Va crd_key 341key length.
321.It Va crd_skip 322The offset in the input buffer where processing should start. 323.It Va crd_len 324How many bytes, after 325.Va crd_skip , 326should be processed. 327.It Va crd_inject 328Offset from the beginning of the buffer to insert any results. 329For encryption algorithms, this is where the initialization vector 330(IV) will be inserted when encrypting or where it can be found when 331decrypting (subject to 332.Va crd_flags ) . 333For MAC algorithms, this is where the result of the keyed hash will be 334inserted. 335.It Va crd_flags 336The following flags are defined: 337.Bl -tag -width ".Dv CRD" 338.It Dv CRD_F_ENCRYPT 339For encryption algorithms, this bit is set when encryption is required 340(when not set, decryption is performed). 341.It Dv CRD_F_IV_PRESENT 342For encryption algorithms, this bit is set when the IV already 343precedes the data, so the 344.Va crd_inject 345value will be ignored and no IV will be written in the buffer. 346Otherwise, the IV used to encrypt the packet will be written 347at the location pointed to by 348.Va crd_inject . 349The IV length is assumed to be equal to the blocksize of the 350encryption algorithm. 351Some applications that do special 352.Dq "IV cooking" , 353such as the half-IV mode in 354.Xr ipsec 4 , 355can use this flag to indicate that the IV should not be written on the packet. 356This flag is typically used in conjunction with the 357.Dv CRD_F_IV_EXPLICIT 358flag. 359.It Dv CRD_F_IV_EXPLICIT 360For encryption algorithms, this bit is set when the IV is explicitly 361provided by the consumer in the	342.It Va crd_skip 343The offset in the input buffer where processing should start. 344.It Va crd_len 345How many bytes, after 346.Va crd_skip , 347should be processed. 348.It Va crd_inject 349Offset from the beginning of the buffer to insert any results. 350For encryption algorithms, this is where the initialization vector 351(IV) will be inserted when encrypting or where it can be found when 352decrypting (subject to 353.Va crd_flags ) . 354For MAC algorithms, this is where the result of the keyed hash will be 355inserted. 356.It Va crd_flags 357The following flags are defined: 358.Bl -tag -width ".Dv CRD" 359.It Dv CRD_F_ENCRYPT 360For encryption algorithms, this bit is set when encryption is required 361(when not set, decryption is performed). 362.It Dv CRD_F_IV_PRESENT 363For encryption algorithms, this bit is set when the IV already 364precedes the data, so the 365.Va crd_inject 366value will be ignored and no IV will be written in the buffer. 367Otherwise, the IV used to encrypt the packet will be written 368at the location pointed to by 369.Va crd_inject . 370The IV length is assumed to be equal to the blocksize of the 371encryption algorithm. 372Some applications that do special 373.Dq "IV cooking" , 374such as the half-IV mode in 375.Xr ipsec 4 , 376can use this flag to indicate that the IV should not be written on the packet. 377This flag is typically used in conjunction with the 378.Dv CRD_F_IV_EXPLICIT 379flag. 380.It Dv CRD_F_IV_EXPLICIT 381For encryption algorithms, this bit is set when the IV is explicitly 382provided by the consumer in the
362.Va cri_iv	383.Va crd_iv
363field. 364Otherwise, for encryption operations the IV is provided for by 365the driver used to perform the operation, whereas for decryption 366operations it is pointed to by the 367.Va crd_inject 368field. 369This flag is typically used when the IV is calculated 370.Dq "on the fly" 371by the consumer, and does not precede the data (some 372.Xr ipsec 4 373configurations, and the encrypted swap are two such examples). 374.It Dv CRD_F_KEY_EXPLICIT	384field. 385Otherwise, for encryption operations the IV is provided for by 386the driver used to perform the operation, whereas for decryption 387operations it is pointed to by the 388.Va crd_inject 389field. 390This flag is typically used when the IV is calculated 391.Dq "on the fly" 392by the consumer, and does not precede the data (some 393.Xr ipsec 4 394configurations, and the encrypted swap are two such examples). 395.It Dv CRD_F_KEY_EXPLICIT
375For encryption algorithms, this bit is set when the key is explicitly 376provided by the consumer in the 377.Va cri_key	396For encryption and authentication (MAC) algorithms, this bit is set when the key 397is explicitly provided by the consumer in the 398.Va crd_key
378field for the given operation.	399field for the given operation.
379Otherwise, the key is taken at newsession time from the same field.	400Otherwise, the key is taken at newsession time from the 401.Va cri_key 402field.
380.It Dv CRD_F_COMP 381For compression algorithms, this bit is set when compression is required (when 382not set, decompression is performed). 383.El 384.It Va CRD_INI 385This 386.Vt cryptoini 387structure will not be modified by the framework or the device drivers. 388Since this information accompanies every cryptographic 389operation request, drivers may re-initialize state on-demand 390(typically an expensive operation). 391Furthermore, the cryptographic 392framework may re-route requests as a result of full queues or hardware 393failure, as described above. 394.It Va crd_next 395Point to the next descriptor. 396Linked operations are useful in protocols such as 397.Xr ipsec 4 , 398where multiple cryptographic transforms may be applied on the same 399block of data. 400.El 401.El 402.Pp 403.Fn crypto_getreq 404allocates a 405.Vt cryptop 406structure with a linked list of as many 407.Vt cryptodesc 408structures as were specified in the argument passed to it. 409.Pp 410.Fn crypto_freereq 411deallocates a structure 412.Vt cryptop 413and any 414.Vt cryptodesc 415structures linked to it. 416Note that it is the responsibility of the 417callback routine to do the necessary cleanups associated with the 418opaque field in the 419.Vt cryptop 420structure. 421.Pp 422.Fn crypto_kdispatch 423is called to perform a keying operation. 424The various fields in the 425.Vt cryptkop 426structure are: 427.Bl -tag -width ".Va krp_callback' 428.It Va krp_op 429Operation code, such as 430.Dv CRK_MOD_EXP . 431.It Va krp_status 432Return code. 433This 434.Va errno Ns -style 435variable indicates whether lower level reasons 436for operation failure. 437.It Va krp_iparams 438Number if input parameters to the specified operation. 439Note that each operation has a (typically hardwired) number of such parameters. 440.It Va krp_oparams 441Number if output parameters from the specified operation. 442Note that each operation has a (typically hardwired) number of such parameters. 443.It Va krp_kvp 444An array of kernel memory blocks containing the parameters. 445.It Va krp_hid 446Identifier specifying which low-level driver is being used. 447.It Va krp_callback 448Callback called on completion of a keying operation. 449.El 450.Sh DRIVER-SIDE API 451The 452.Fn crypto_get_driverid , 453.Fn crypto_register , 454.Fn crypto_kregister , 455.Fn crypto_unregister , 456.Fn crypto_unblock , 457and 458.Fn crypto_done 459routines are used by drivers that provide support for cryptographic 460primitives to register and unregister with the kernel crypto services 461framework. 462Drivers must first use the 463.Fn crypto_get_driverid 464function to acquire a driver identifier, specifying the 465.Fa cc_flags 466as an argument (normally 0, but software-only drivers should specify 467.Dv CRYPTOCAP_F_SOFTWARE ) . 468For each algorithm the driver supports, it must then call 469.Fn crypto_register . 470The first two arguments are the driver and algorithm identifiers. 471The next two arguments specify the largest possible operator length (in bits, 472important for public key operations) and flags for this algorithm. 473The last four arguments must be provided in the first call to 474.Fn crypto_register 475and are ignored in all subsequent calls. 476They are pointers to three 477driver-provided functions that the framework may call to establish new 478cryptographic context with the driver, free already established 479context, and ask for a request to be processed (encrypt, decrypt, 480etc.); and an opaque parameter to pass when calling each of these routines. 481.Fn crypto_unregister 482is called by drivers that wish to withdraw support for an algorithm. 483The two arguments are the driver and algorithm identifiers, respectively. 484Typically, drivers for 485PCMCIA 486crypto cards that are being ejected will invoke this routine for all 487algorithms supported by the card. 488.Fn crypto_unregister_all 489will unregister all algorithms registered by a driver 490and the driver will be disabled (no new sessions will be allocated on 491that driver, and any existing sessions will be migrated to other 492drivers). 493The same will be done if all algorithms associated with a driver are 494unregistered one by one. 495.Pp 496The calling convention for the three driver-supplied routines is: 497.Pp 498.Bl -item -compact 499.It 500.Ft int 501.Fn \[lp]newsession\[rp] "void " "u_int32_t " "struct cryptoini " ; 502.It 503.Ft int 504.Fn \[lp]freesession\[rp] "void " "u_int64_t" ; 505.It 506.Ft int 507.Fn \[lp]process\[rp] "void " "struct cryptop " ; 508.It 509.Ft int 510.Fn \[lp]kprocess\[rp] "void " "struct cryptkop " ; 511.El 512.Pp 513On invocation, the first argument to 514all routines is an opaque data value supplied when the algorithm 515is registered with 516.Fn crypto_register . 517The second argument to 518.Fn newsession 519contains the driver identifier obtained via 520.Fn crypto_get_driverid . 521On successful return, it should contain a driver-specific session 522identifier. 523The third argument is identical to that of 524.Fn crypto_newsession . 525.Pp 526The 527.Fn freesession 528routine takes as arguments the opaque data value and the SID 529(which is the concatenation of the 530driver identifier and the driver-specific session identifier). 531It should clear any context associated with the session (clear hardware 532registers, memory, etc.). 533.Pp 534The 535.Fn process 536routine is invoked with a request to perform crypto processing. 537This routine must not block, but should queue the request and return 538immediately. 539Upon processing the request, the callback routine should be invoked. 540In case of an unrecoverable error, the error indication must be placed in the 541.Va crp_etype 542field of the 543.Vt cryptop 544structure. 545When the request is completed, or an error is detected, the 546.Fn process 547routine should invoke 548.Fn crypto_done . 549Session migration may be performed, as mentioned previously. 550.Pp 551In case of a temporary resource exhaustion, the 552.Fn process 553routine may return 554.Er ERESTART 555in which case the crypto services will requeue the request, mark the driver 556as 557.Dq blocked , 558and stop submitting requests for processing. 559The driver is then responsible for notifying the crypto services 560when it is again able to process requests through the 561.Fn crypto_unblock 562routine. 563This simple flow control mechanism should only be used for short-lived 564resource exhaustion as it causes operations to be queued in the crypto 565layer. 566Doing so is preferable to returning an error in such cases as 567it can cause network protocols to degrade performance by treating the 568failure much like a lost packet. 569.Pp 570The 571.Fn kprocess 572routine is invoked with a request to perform crypto key processing. 573This routine must not block, but should queue the request and return 574immediately. 575Upon processing the request, the callback routine should be invoked. 576In case of an unrecoverable error, the error indication must be placed in the 577.Va krp_status 578field of the 579.Vt cryptkop 580structure. 581When the request is completed, or an error is detected, the 582.Fn kprocess 583routine should invoked 584.Fn crypto_kdone . 585.Sh RETURN VALUES 586.Fn crypto_register , 587.Fn crypto_kregister , 588.Fn crypto_unregister , 589.Fn crypto_newsession , 590.Fn crypto_freesession , 591and 592.Fn crypto_unblock 593return 0 on success, or an error code on failure. 594.Fn crypto_get_driverid 595returns a non-negative value on error, and \-1 on failure. 596.Fn crypto_getreq 597returns a pointer to a 598.Vt cryptop 599structure and 600.Dv NULL 601on failure. 602.Fn crypto_dispatch 603returns 604.Er EINVAL 605if its argument or the callback function was 606.Dv NULL , 607and 0 otherwise. 608The callback is provided with an error code in case of failure, in the 609.Va crp_etype 610field. 611.Sh FILES 612.Bl -tag -width ".Pa sys/opencrypto/crypto.c" 613.It Pa sys/opencrypto/crypto.c 614most of the framework code 615.El 616.Sh SEE ALSO 617.Xr ipsec 4 , 618.Xr malloc 9 , 619.Xr sleep 9 620.Sh HISTORY 621The cryptographic framework first appeared in 622.Ox 2.7 623and was written by 624.An "Angelos D. Keromytis" Aq angelos@openbsd.org . 625.Sh BUGS 626The framework currently assumes that all the algorithms in a 627.Fn crypto_newsession 628operation must be available by the same driver. 629If that is not the case, session initialization will fail. 630.Pp 631The framework also needs a mechanism for determining which driver is 632best for a specific set of algorithms associated with a session. 633Some type of benchmarking is in order here. 634.Pp 635Multiple instances of the same algorithm in the same session are not 636supported. 637Note that 3DES is considered one algorithm (and not three 638instances of DES). 639Thus, 3DES and DES could be mixed in the same request.	403.It Dv CRD_F_COMP 404For compression algorithms, this bit is set when compression is required (when 405not set, decompression is performed). 406.El 407.It Va CRD_INI 408This 409.Vt cryptoini 410structure will not be modified by the framework or the device drivers. 411Since this information accompanies every cryptographic 412operation request, drivers may re-initialize state on-demand 413(typically an expensive operation). 414Furthermore, the cryptographic 415framework may re-route requests as a result of full queues or hardware 416failure, as described above. 417.It Va crd_next 418Point to the next descriptor. 419Linked operations are useful in protocols such as 420.Xr ipsec 4 , 421where multiple cryptographic transforms may be applied on the same 422block of data. 423.El 424.El 425.Pp 426.Fn crypto_getreq 427allocates a 428.Vt cryptop 429structure with a linked list of as many 430.Vt cryptodesc 431structures as were specified in the argument passed to it. 432.Pp 433.Fn crypto_freereq 434deallocates a structure 435.Vt cryptop 436and any 437.Vt cryptodesc 438structures linked to it. 439Note that it is the responsibility of the 440callback routine to do the necessary cleanups associated with the 441opaque field in the 442.Vt cryptop 443structure. 444.Pp 445.Fn crypto_kdispatch 446is called to perform a keying operation. 447The various fields in the 448.Vt cryptkop 449structure are: 450.Bl -tag -width ".Va krp_callback' 451.It Va krp_op 452Operation code, such as 453.Dv CRK_MOD_EXP . 454.It Va krp_status 455Return code. 456This 457.Va errno Ns -style 458variable indicates whether lower level reasons 459for operation failure. 460.It Va krp_iparams 461Number if input parameters to the specified operation. 462Note that each operation has a (typically hardwired) number of such parameters. 463.It Va krp_oparams 464Number if output parameters from the specified operation. 465Note that each operation has a (typically hardwired) number of such parameters. 466.It Va krp_kvp 467An array of kernel memory blocks containing the parameters. 468.It Va krp_hid 469Identifier specifying which low-level driver is being used. 470.It Va krp_callback 471Callback called on completion of a keying operation. 472.El 473.Sh DRIVER-SIDE API 474The 475.Fn crypto_get_driverid , 476.Fn crypto_register , 477.Fn crypto_kregister , 478.Fn crypto_unregister , 479.Fn crypto_unblock , 480and 481.Fn crypto_done 482routines are used by drivers that provide support for cryptographic 483primitives to register and unregister with the kernel crypto services 484framework. 485Drivers must first use the 486.Fn crypto_get_driverid 487function to acquire a driver identifier, specifying the 488.Fa cc_flags 489as an argument (normally 0, but software-only drivers should specify 490.Dv CRYPTOCAP_F_SOFTWARE ) . 491For each algorithm the driver supports, it must then call 492.Fn crypto_register . 493The first two arguments are the driver and algorithm identifiers. 494The next two arguments specify the largest possible operator length (in bits, 495important for public key operations) and flags for this algorithm. 496The last four arguments must be provided in the first call to 497.Fn crypto_register 498and are ignored in all subsequent calls. 499They are pointers to three 500driver-provided functions that the framework may call to establish new 501cryptographic context with the driver, free already established 502context, and ask for a request to be processed (encrypt, decrypt, 503etc.); and an opaque parameter to pass when calling each of these routines. 504.Fn crypto_unregister 505is called by drivers that wish to withdraw support for an algorithm. 506The two arguments are the driver and algorithm identifiers, respectively. 507Typically, drivers for 508PCMCIA 509crypto cards that are being ejected will invoke this routine for all 510algorithms supported by the card. 511.Fn crypto_unregister_all 512will unregister all algorithms registered by a driver 513and the driver will be disabled (no new sessions will be allocated on 514that driver, and any existing sessions will be migrated to other 515drivers). 516The same will be done if all algorithms associated with a driver are 517unregistered one by one. 518.Pp 519The calling convention for the three driver-supplied routines is: 520.Pp 521.Bl -item -compact 522.It 523.Ft int 524.Fn \[lp]newsession\[rp] "void " "u_int32_t " "struct cryptoini " ; 525.It 526.Ft int 527.Fn \[lp]freesession\[rp] "void " "u_int64_t" ; 528.It 529.Ft int 530.Fn \[lp]process\[rp] "void " "struct cryptop " ; 531.It 532.Ft int 533.Fn \[lp]kprocess\[rp] "void " "struct cryptkop " ; 534.El 535.Pp 536On invocation, the first argument to 537all routines is an opaque data value supplied when the algorithm 538is registered with 539.Fn crypto_register . 540The second argument to 541.Fn newsession 542contains the driver identifier obtained via 543.Fn crypto_get_driverid . 544On successful return, it should contain a driver-specific session 545identifier. 546The third argument is identical to that of 547.Fn crypto_newsession . 548.Pp 549The 550.Fn freesession 551routine takes as arguments the opaque data value and the SID 552(which is the concatenation of the 553driver identifier and the driver-specific session identifier). 554It should clear any context associated with the session (clear hardware 555registers, memory, etc.). 556.Pp 557The 558.Fn process 559routine is invoked with a request to perform crypto processing. 560This routine must not block, but should queue the request and return 561immediately. 562Upon processing the request, the callback routine should be invoked. 563In case of an unrecoverable error, the error indication must be placed in the 564.Va crp_etype 565field of the 566.Vt cryptop 567structure. 568When the request is completed, or an error is detected, the 569.Fn process 570routine should invoke 571.Fn crypto_done . 572Session migration may be performed, as mentioned previously. 573.Pp 574In case of a temporary resource exhaustion, the 575.Fn process 576routine may return 577.Er ERESTART 578in which case the crypto services will requeue the request, mark the driver 579as 580.Dq blocked , 581and stop submitting requests for processing. 582The driver is then responsible for notifying the crypto services 583when it is again able to process requests through the 584.Fn crypto_unblock 585routine. 586This simple flow control mechanism should only be used for short-lived 587resource exhaustion as it causes operations to be queued in the crypto 588layer. 589Doing so is preferable to returning an error in such cases as 590it can cause network protocols to degrade performance by treating the 591failure much like a lost packet. 592.Pp 593The 594.Fn kprocess 595routine is invoked with a request to perform crypto key processing. 596This routine must not block, but should queue the request and return 597immediately. 598Upon processing the request, the callback routine should be invoked. 599In case of an unrecoverable error, the error indication must be placed in the 600.Va krp_status 601field of the 602.Vt cryptkop 603structure. 604When the request is completed, or an error is detected, the 605.Fn kprocess 606routine should invoked 607.Fn crypto_kdone . 608.Sh RETURN VALUES 609.Fn crypto_register , 610.Fn crypto_kregister , 611.Fn crypto_unregister , 612.Fn crypto_newsession , 613.Fn crypto_freesession , 614and 615.Fn crypto_unblock 616return 0 on success, or an error code on failure. 617.Fn crypto_get_driverid 618returns a non-negative value on error, and \-1 on failure. 619.Fn crypto_getreq 620returns a pointer to a 621.Vt cryptop 622structure and 623.Dv NULL 624on failure. 625.Fn crypto_dispatch 626returns 627.Er EINVAL 628if its argument or the callback function was 629.Dv NULL , 630and 0 otherwise. 631The callback is provided with an error code in case of failure, in the 632.Va crp_etype 633field. 634.Sh FILES 635.Bl -tag -width ".Pa sys/opencrypto/crypto.c" 636.It Pa sys/opencrypto/crypto.c 637most of the framework code 638.El 639.Sh SEE ALSO 640.Xr ipsec 4 , 641.Xr malloc 9 , 642.Xr sleep 9 643.Sh HISTORY 644The cryptographic framework first appeared in 645.Ox 2.7 646and was written by 647.An "Angelos D. Keromytis" Aq angelos@openbsd.org . 648.Sh BUGS 649The framework currently assumes that all the algorithms in a 650.Fn crypto_newsession 651operation must be available by the same driver. 652If that is not the case, session initialization will fail. 653.Pp 654The framework also needs a mechanism for determining which driver is 655best for a specific set of algorithms associated with a session. 656Some type of benchmarking is in order here. 657.Pp 658Multiple instances of the same algorithm in the same session are not 659supported. 660Note that 3DES is considered one algorithm (and not three 661instances of DES). 662Thus, 3DES and DES could be mixed in the same request.