19.\"
20.Dd June 4, 2006
21.Dt CRYPTO 9
22.Os
23.Sh NAME
24.Nm crypto
25.Nd API for cryptographic services in the kernel
26.Sh SYNOPSIS
27.In opencrypto/cryptodev.h
28.Ft int32_t
29.Fn crypto_get_driverid u_int8_t
30.Ft int
31.Fn crypto_register u_int32_t int u_int16_t u_int32_t "int \*[lp]*\*[rp]\*[lp]void *, u_int32_t *, struct cryptoini *\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, u_int64_t\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, struct cryptop *\*[rp]" "void *"
32.Ft int
33.Fn crypto_kregister u_int32_t int u_int32_t "int \*[lp]*\*[rp]\*[lp]void *, struct cryptkop *\*[rp]" "void *"
34.Ft int
35.Fn crypto_unregister u_int32_t int
36.Ft int
37.Fn crypto_unregister_all u_int32_t
38.Ft void
39.Fn crypto_done "struct cryptop *"
40.Ft void
41.Fn crypto_kdone "struct cryptkop *"
42.Ft int
43.Fn crypto_newsession "u_int64_t *" "struct cryptoini *" int
44.Ft int
45.Fn crypto_freesession u_int64_t
46.Ft int
47.Fn crypto_dispatch "struct cryptop *"
48.Ft int
49.Fn crypto_kdispatch "struct cryptkop *"
50.Ft int
51.Fn crypto_unblock u_int32_t int
52.Ft "struct cryptop *"
53.Fn crypto_getreq int
54.Ft void
55.Fn crypto_freereq void
56.Bd -literal
57#define CRYPTO_SYMQ 0x1
58#define CRYPTO_ASYMQ 0x2
59
60#define EALG_MAX_BLOCK_LEN 16
61
62struct cryptoini {
63 int cri_alg;
64 int cri_klen;
65 int cri_mlen;
66 caddr_t cri_key;
67 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN];
68 struct cryptoini *cri_next;
69};
70
71struct cryptodesc {
72 int crd_skip;
73 int crd_len;
74 int crd_inject;
75 int crd_flags;
76 struct cryptoini CRD_INI;
77#define crd_iv CRD_INI.cri_iv
78#define crd_key CRD_INI.cri_key
79#define crd_alg CRD_INI.cri_alg
80#define crd_klen CRD_INI.cri_klen
81 struct cryptodesc *crd_next;
82};
83
84struct cryptop {
85 TAILQ_ENTRY(cryptop) crp_next;
86 u_int64_t crp_sid;
87 int crp_ilen;
88 int crp_olen;
89 int crp_etype;
90 int crp_flags;
91 caddr_t crp_buf;
92 caddr_t crp_opaque;
93 struct cryptodesc *crp_desc;
94 int (*crp_callback) (struct cryptop *);
95 caddr_t crp_mac;
96};
97
98struct crparam {
99 caddr_t crp_p;
100 u_int crp_nbits;
101};
102
103#define CRK_MAXPARAM 8
104
105struct cryptkop {
106 TAILQ_ENTRY(cryptkop) krp_next;
107 u_int krp_op; /* ie. CRK_MOD_EXP or other */
108 u_int krp_status; /* return status */
109 u_short krp_iparams; /* # of input parameters */
110 u_short krp_oparams; /* # of output parameters */
111 u_int32_t krp_hid;
112 struct crparam krp_param[CRK_MAXPARAM];
113 int (*krp_callback)(struct cryptkop *);
114};
115.Ed
116.Sh DESCRIPTION
117.Nm
118is a framework for drivers of cryptographic hardware to register with
119the kernel so
120.Dq consumers
121(other kernel subsystems, and
122users through the
123.Pa /dev/crypto
124device) are able to make use of it.
125Drivers register with the framework the algorithms they support,
126and provide entry points (functions) the framework may call to
127establish, use, and tear down sessions.
128Sessions are used to cache cryptographic information in a particular driver
129(or associated hardware), so initialization is not needed with every request.
130Consumers of cryptographic services pass a set of
131descriptors that instruct the framework (and the drivers registered
132with it) of the operations that should be applied on the data (more
133than one cryptographic operation can be requested).
134.Pp
135Keying operations are supported as well.
136Unlike the symmetric operators described above,
137these sessionless commands perform mathematical operations using
138input and output parameters.
139.Pp
140Since the consumers may not be associated with a process, drivers may
141not
142.Xr sleep 9 .
143The same holds for the framework.
144Thus, a callback mechanism is used
145to notify a consumer that a request has been completed (the
146callback is specified by the consumer on an per-request basis).
147The callback is invoked by the framework whether the request was
148successfully completed or not.
149An error indication is provided in the latter case.
150A specific error code,
151.Er EAGAIN ,
152is used to indicate that a session number has changed and that the
153request may be re-submitted immediately with the new session number.
154Errors are only returned to the invoking function if not
155enough information to call the callback is available (meaning, there
156was a fatal error in verifying the arguments).
157For session initialization and teardown there is no callback mechanism used.
158.Pp
159The
160.Fn crypto_newsession
161routine is called by consumers of cryptographic services (such as the
162.Xr ipsec 4
163stack) that wish to establish a new session with the framework.
164On success, the first argument will contain the Session Identifier (SID).
165The second argument contains all the necessary information for
166the driver to establish the session.
167The third argument indicates whether a
168hardware driver (1) should be used or not (0).
169The various fields in the
170.Vt cryptoini
171structure are:
172.Bl -tag -width ".Va cri_next"
173.It Va cri_alg
174Contains an algorithm identifier.
175Currently supported algorithms are:
176.Pp
177.Bl -tag -width ".Dv CRYPTO_RIPEMD160_HMAC" -compact
178.It Dv CRYPTO_DES_CBC
179.It Dv CRYPTO_3DES_CBC
180.It Dv CRYPTO_BLF_CBC
181.It Dv CRYPTO_CAST_CBC
182.It Dv CRYPTO_SKIPJACK_CBC
183.It Dv CRYPTO_MD5_HMAC
184.It Dv CRYPTO_SHA1_HMAC
185.It Dv CRYPTO_RIPEMD160_HMAC
186.It Dv CRYPTO_MD5_KPDK
187.It Dv CRYPTO_SHA1_KPDK
188.It Dv CRYPTO_AES_CBC
189.It Dv CRYPTO_ARC4
190.It Dv CRYPTO_MD5
191.It Dv CRYPTO_SHA1
192.It Dv CRYPTO_SHA2_256_HMAC
193.It Dv CRYPTO_SHA2_384_HMAC
194.It Dv CRYPTO_SHA2_512_HMAC
195.It Dv CRYPTO_NULL_HMAC
196.It Dv CRYPTO_NULL_CBC
197.El
198.It Va cri_klen
199Specifies the length of the key in bits, for variable-size key
200algorithms.
201.It Va cri_mlen
202Specifies how many bytes from the calculated hash should be copied back.
2030 means entire hash.
204.It Va cri_key
205Contains the key to be used with the algorithm.
206.It Va cri_iv
207Contains an explicit initialization vector (IV), if it does not prefix
208the data.
209This field is ignored during initialization.
210If no IV is explicitly passed (see below on details), a random IV is used
211by the device driver processing the request.
212.It Va cri_next
213Contains a pointer to another
214.Vt cryptoini
215structure.
216Multiple such structures may be linked to establish multi-algorithm sessions
217.Xr ( ipsec 4
218is an example consumer of such a feature).
219.El
220.Pp
221The
222.Vt cryptoini
223structure and its contents will not be modified by the framework (or
224the drivers used).
225Subsequent requests for processing that use the
226SID returned will avoid the cost of re-initializing the hardware (in
227essence, SID acts as an index in the session cache of the driver).
228.Pp
229.Fn crypto_freesession
230is called with the SID returned by
231.Fn crypto_newsession
232to disestablish the session.
233.Pp
234.Fn crypto_dispatch
235is called to process a request.
236The various fields in the
237.Vt cryptop
238structure are:
239.Bl -tag -width ".Va crp_callback"
240.It Va crp_sid
241Contains the SID.
242.It Va crp_ilen
243Indicates the total length in bytes of the buffer to be processed.
244.It Va crp_olen
245On return, contains the total length of the result.
246For symmetric crypto operations, this will be the same as the input length.
247This will be used if the framework needs to allocate a new
248buffer for the result (or for re-formatting the input).
249.It Va crp_callback
250This routine is invoked upon completion of the request, whether
251successful or not.
252It is invoked through the
253.Fn crypto_done
254routine.
255If the request was not successful, an error code is set in the
256.Va crp_etype
257field.
258It is the responsibility of the callback routine to set the appropriate
259.Xr spl 9
260level.
261.It Va crp_etype
262Contains the error type, if any errors were encountered, or zero if
263the request was successfully processed.
264If the
265.Er EAGAIN
266error code is returned, the SID has changed (and has been recorded in the
267.Va crp_sid
268field).
269The consumer should record the new SID and use it in all subsequent requests.
270In this case, the request may be re-submitted immediately.
271This mechanism is used by the framework to perform
272session migration (move a session from one driver to another, because
273of availability, performance, or other considerations).
274.Pp
275Note that this field only makes sense when examined by
276the callback routine specified in
277.Va crp_callback .
278Errors are returned to the invoker of
279.Fn crypto_process
280only when enough information is not present to call the callback
281routine (i.e., if the pointer passed is
282.Dv NULL
283or if no callback routine was specified).
284.It Va crp_flags
285Is a bitmask of flags associated with this request.
286Currently defined flags are:
287.Bl -tag -width ".Dv CRYPTO_F_CBIFSYNC"
288.It Dv CRYPTO_F_IMBUF
289The buffer pointed to by
290.Va crp_buf
291is an mbuf chain.
292.It Dv CRYPTO_F_IOV
293The buffer pointed to by
294.Va crp_buf
| 19.\"
20.Dd June 4, 2006
21.Dt CRYPTO 9
22.Os
23.Sh NAME
24.Nm crypto
25.Nd API for cryptographic services in the kernel
26.Sh SYNOPSIS
27.In opencrypto/cryptodev.h
28.Ft int32_t
29.Fn crypto_get_driverid u_int8_t
30.Ft int
31.Fn crypto_register u_int32_t int u_int16_t u_int32_t "int \*[lp]*\*[rp]\*[lp]void *, u_int32_t *, struct cryptoini *\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, u_int64_t\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, struct cryptop *\*[rp]" "void *"
32.Ft int
33.Fn crypto_kregister u_int32_t int u_int32_t "int \*[lp]*\*[rp]\*[lp]void *, struct cryptkop *\*[rp]" "void *"
34.Ft int
35.Fn crypto_unregister u_int32_t int
36.Ft int
37.Fn crypto_unregister_all u_int32_t
38.Ft void
39.Fn crypto_done "struct cryptop *"
40.Ft void
41.Fn crypto_kdone "struct cryptkop *"
42.Ft int
43.Fn crypto_newsession "u_int64_t *" "struct cryptoini *" int
44.Ft int
45.Fn crypto_freesession u_int64_t
46.Ft int
47.Fn crypto_dispatch "struct cryptop *"
48.Ft int
49.Fn crypto_kdispatch "struct cryptkop *"
50.Ft int
51.Fn crypto_unblock u_int32_t int
52.Ft "struct cryptop *"
53.Fn crypto_getreq int
54.Ft void
55.Fn crypto_freereq void
56.Bd -literal
57#define CRYPTO_SYMQ 0x1
58#define CRYPTO_ASYMQ 0x2
59
60#define EALG_MAX_BLOCK_LEN 16
61
62struct cryptoini {
63 int cri_alg;
64 int cri_klen;
65 int cri_mlen;
66 caddr_t cri_key;
67 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN];
68 struct cryptoini *cri_next;
69};
70
71struct cryptodesc {
72 int crd_skip;
73 int crd_len;
74 int crd_inject;
75 int crd_flags;
76 struct cryptoini CRD_INI;
77#define crd_iv CRD_INI.cri_iv
78#define crd_key CRD_INI.cri_key
79#define crd_alg CRD_INI.cri_alg
80#define crd_klen CRD_INI.cri_klen
81 struct cryptodesc *crd_next;
82};
83
84struct cryptop {
85 TAILQ_ENTRY(cryptop) crp_next;
86 u_int64_t crp_sid;
87 int crp_ilen;
88 int crp_olen;
89 int crp_etype;
90 int crp_flags;
91 caddr_t crp_buf;
92 caddr_t crp_opaque;
93 struct cryptodesc *crp_desc;
94 int (*crp_callback) (struct cryptop *);
95 caddr_t crp_mac;
96};
97
98struct crparam {
99 caddr_t crp_p;
100 u_int crp_nbits;
101};
102
103#define CRK_MAXPARAM 8
104
105struct cryptkop {
106 TAILQ_ENTRY(cryptkop) krp_next;
107 u_int krp_op; /* ie. CRK_MOD_EXP or other */
108 u_int krp_status; /* return status */
109 u_short krp_iparams; /* # of input parameters */
110 u_short krp_oparams; /* # of output parameters */
111 u_int32_t krp_hid;
112 struct crparam krp_param[CRK_MAXPARAM];
113 int (*krp_callback)(struct cryptkop *);
114};
115.Ed
116.Sh DESCRIPTION
117.Nm
118is a framework for drivers of cryptographic hardware to register with
119the kernel so
120.Dq consumers
121(other kernel subsystems, and
122users through the
123.Pa /dev/crypto
124device) are able to make use of it.
125Drivers register with the framework the algorithms they support,
126and provide entry points (functions) the framework may call to
127establish, use, and tear down sessions.
128Sessions are used to cache cryptographic information in a particular driver
129(or associated hardware), so initialization is not needed with every request.
130Consumers of cryptographic services pass a set of
131descriptors that instruct the framework (and the drivers registered
132with it) of the operations that should be applied on the data (more
133than one cryptographic operation can be requested).
134.Pp
135Keying operations are supported as well.
136Unlike the symmetric operators described above,
137these sessionless commands perform mathematical operations using
138input and output parameters.
139.Pp
140Since the consumers may not be associated with a process, drivers may
141not
142.Xr sleep 9 .
143The same holds for the framework.
144Thus, a callback mechanism is used
145to notify a consumer that a request has been completed (the
146callback is specified by the consumer on an per-request basis).
147The callback is invoked by the framework whether the request was
148successfully completed or not.
149An error indication is provided in the latter case.
150A specific error code,
151.Er EAGAIN ,
152is used to indicate that a session number has changed and that the
153request may be re-submitted immediately with the new session number.
154Errors are only returned to the invoking function if not
155enough information to call the callback is available (meaning, there
156was a fatal error in verifying the arguments).
157For session initialization and teardown there is no callback mechanism used.
158.Pp
159The
160.Fn crypto_newsession
161routine is called by consumers of cryptographic services (such as the
162.Xr ipsec 4
163stack) that wish to establish a new session with the framework.
164On success, the first argument will contain the Session Identifier (SID).
165The second argument contains all the necessary information for
166the driver to establish the session.
167The third argument indicates whether a
168hardware driver (1) should be used or not (0).
169The various fields in the
170.Vt cryptoini
171structure are:
172.Bl -tag -width ".Va cri_next"
173.It Va cri_alg
174Contains an algorithm identifier.
175Currently supported algorithms are:
176.Pp
177.Bl -tag -width ".Dv CRYPTO_RIPEMD160_HMAC" -compact
178.It Dv CRYPTO_DES_CBC
179.It Dv CRYPTO_3DES_CBC
180.It Dv CRYPTO_BLF_CBC
181.It Dv CRYPTO_CAST_CBC
182.It Dv CRYPTO_SKIPJACK_CBC
183.It Dv CRYPTO_MD5_HMAC
184.It Dv CRYPTO_SHA1_HMAC
185.It Dv CRYPTO_RIPEMD160_HMAC
186.It Dv CRYPTO_MD5_KPDK
187.It Dv CRYPTO_SHA1_KPDK
188.It Dv CRYPTO_AES_CBC
189.It Dv CRYPTO_ARC4
190.It Dv CRYPTO_MD5
191.It Dv CRYPTO_SHA1
192.It Dv CRYPTO_SHA2_256_HMAC
193.It Dv CRYPTO_SHA2_384_HMAC
194.It Dv CRYPTO_SHA2_512_HMAC
195.It Dv CRYPTO_NULL_HMAC
196.It Dv CRYPTO_NULL_CBC
197.El
198.It Va cri_klen
199Specifies the length of the key in bits, for variable-size key
200algorithms.
201.It Va cri_mlen
202Specifies how many bytes from the calculated hash should be copied back.
2030 means entire hash.
204.It Va cri_key
205Contains the key to be used with the algorithm.
206.It Va cri_iv
207Contains an explicit initialization vector (IV), if it does not prefix
208the data.
209This field is ignored during initialization.
210If no IV is explicitly passed (see below on details), a random IV is used
211by the device driver processing the request.
212.It Va cri_next
213Contains a pointer to another
214.Vt cryptoini
215structure.
216Multiple such structures may be linked to establish multi-algorithm sessions
217.Xr ( ipsec 4
218is an example consumer of such a feature).
219.El
220.Pp
221The
222.Vt cryptoini
223structure and its contents will not be modified by the framework (or
224the drivers used).
225Subsequent requests for processing that use the
226SID returned will avoid the cost of re-initializing the hardware (in
227essence, SID acts as an index in the session cache of the driver).
228.Pp
229.Fn crypto_freesession
230is called with the SID returned by
231.Fn crypto_newsession
232to disestablish the session.
233.Pp
234.Fn crypto_dispatch
235is called to process a request.
236The various fields in the
237.Vt cryptop
238structure are:
239.Bl -tag -width ".Va crp_callback"
240.It Va crp_sid
241Contains the SID.
242.It Va crp_ilen
243Indicates the total length in bytes of the buffer to be processed.
244.It Va crp_olen
245On return, contains the total length of the result.
246For symmetric crypto operations, this will be the same as the input length.
247This will be used if the framework needs to allocate a new
248buffer for the result (or for re-formatting the input).
249.It Va crp_callback
250This routine is invoked upon completion of the request, whether
251successful or not.
252It is invoked through the
253.Fn crypto_done
254routine.
255If the request was not successful, an error code is set in the
256.Va crp_etype
257field.
258It is the responsibility of the callback routine to set the appropriate
259.Xr spl 9
260level.
261.It Va crp_etype
262Contains the error type, if any errors were encountered, or zero if
263the request was successfully processed.
264If the
265.Er EAGAIN
266error code is returned, the SID has changed (and has been recorded in the
267.Va crp_sid
268field).
269The consumer should record the new SID and use it in all subsequent requests.
270In this case, the request may be re-submitted immediately.
271This mechanism is used by the framework to perform
272session migration (move a session from one driver to another, because
273of availability, performance, or other considerations).
274.Pp
275Note that this field only makes sense when examined by
276the callback routine specified in
277.Va crp_callback .
278Errors are returned to the invoker of
279.Fn crypto_process
280only when enough information is not present to call the callback
281routine (i.e., if the pointer passed is
282.Dv NULL
283or if no callback routine was specified).
284.It Va crp_flags
285Is a bitmask of flags associated with this request.
286Currently defined flags are:
287.Bl -tag -width ".Dv CRYPTO_F_CBIFSYNC"
288.It Dv CRYPTO_F_IMBUF
289The buffer pointed to by
290.Va crp_buf
291is an mbuf chain.
292.It Dv CRYPTO_F_IOV
293The buffer pointed to by
294.Va crp_buf
|
359.It Dv CRD_F_ENCRYPT
360For encryption algorithms, this bit is set when encryption is required
361(when not set, decryption is performed).
362.It Dv CRD_F_IV_PRESENT
363For encryption algorithms, this bit is set when the IV already
364precedes the data, so the
365.Va crd_inject
366value will be ignored and no IV will be written in the buffer.
367Otherwise, the IV used to encrypt the packet will be written
368at the location pointed to by
369.Va crd_inject .
370The IV length is assumed to be equal to the blocksize of the
371encryption algorithm.
372Some applications that do special
373.Dq "IV cooking" ,
374such as the half-IV mode in
375.Xr ipsec 4 ,
376can use this flag to indicate that the IV should not be written on the packet.
377This flag is typically used in conjunction with the
378.Dv CRD_F_IV_EXPLICIT
379flag.
380.It Dv CRD_F_IV_EXPLICIT
381For encryption algorithms, this bit is set when the IV is explicitly
382provided by the consumer in the
383.Va crd_iv
384field.
385Otherwise, for encryption operations the IV is provided for by
386the driver used to perform the operation, whereas for decryption
387operations it is pointed to by the
388.Va crd_inject
389field.
390This flag is typically used when the IV is calculated
391.Dq "on the fly"
392by the consumer, and does not precede the data (some
393.Xr ipsec 4
394configurations, and the encrypted swap are two such examples).
395.It Dv CRD_F_KEY_EXPLICIT
396For encryption and authentication (MAC) algorithms, this bit is set when the key
397is explicitly provided by the consumer in the
398.Va crd_key
399field for the given operation.
400Otherwise, the key is taken at newsession time from the
401.Va cri_key
402field.
403.It Dv CRD_F_COMP
404For compression algorithms, this bit is set when compression is required (when
405not set, decompression is performed).
406.El
407.It Va CRD_INI
408This
409.Vt cryptoini
410structure will not be modified by the framework or the device drivers.
411Since this information accompanies every cryptographic
412operation request, drivers may re-initialize state on-demand
413(typically an expensive operation).
414Furthermore, the cryptographic
415framework may re-route requests as a result of full queues or hardware
416failure, as described above.
417.It Va crd_next
418Point to the next descriptor.
419Linked operations are useful in protocols such as
420.Xr ipsec 4 ,
421where multiple cryptographic transforms may be applied on the same
422block of data.
423.El
424.El
425.Pp
426.Fn crypto_getreq
427allocates a
428.Vt cryptop
429structure with a linked list of as many
430.Vt cryptodesc
431structures as were specified in the argument passed to it.
432.Pp
433.Fn crypto_freereq
434deallocates a structure
435.Vt cryptop
436and any
437.Vt cryptodesc
438structures linked to it.
439Note that it is the responsibility of the
440callback routine to do the necessary cleanups associated with the
441opaque field in the
442.Vt cryptop
443structure.
444.Pp
445.Fn crypto_kdispatch
446is called to perform a keying operation.
447The various fields in the
448.Vt cryptkop
449structure are:
450.Bl -tag -width ".Va krp_callback'
451.It Va krp_op
452Operation code, such as
453.Dv CRK_MOD_EXP .
454.It Va krp_status
455Return code.
456This
457.Va errno Ns -style
458variable indicates whether lower level reasons
459for operation failure.
460.It Va krp_iparams
461Number if input parameters to the specified operation.
462Note that each operation has a (typically hardwired) number of such parameters.
463.It Va krp_oparams
464Number if output parameters from the specified operation.
465Note that each operation has a (typically hardwired) number of such parameters.
466.It Va krp_kvp
467An array of kernel memory blocks containing the parameters.
468.It Va krp_hid
469Identifier specifying which low-level driver is being used.
470.It Va krp_callback
471Callback called on completion of a keying operation.
472.El
473.Sh DRIVER-SIDE API
474The
475.Fn crypto_get_driverid ,
476.Fn crypto_register ,
477.Fn crypto_kregister ,
478.Fn crypto_unregister ,
479.Fn crypto_unblock ,
480and
481.Fn crypto_done
482routines are used by drivers that provide support for cryptographic
483primitives to register and unregister with the kernel crypto services
484framework.
485Drivers must first use the
486.Fn crypto_get_driverid
487function to acquire a driver identifier, specifying the
488.Fa cc_flags
489as an argument (normally 0, but software-only drivers should specify
490.Dv CRYPTOCAP_F_SOFTWARE ) .
491For each algorithm the driver supports, it must then call
492.Fn crypto_register .
493The first two arguments are the driver and algorithm identifiers.
494The next two arguments specify the largest possible operator length (in bits,
495important for public key operations) and flags for this algorithm.
496The last four arguments must be provided in the first call to
497.Fn crypto_register
498and are ignored in all subsequent calls.
499They are pointers to three
500driver-provided functions that the framework may call to establish new
501cryptographic context with the driver, free already established
502context, and ask for a request to be processed (encrypt, decrypt,
503etc.); and an opaque parameter to pass when calling each of these routines.
504.Fn crypto_unregister
505is called by drivers that wish to withdraw support for an algorithm.
506The two arguments are the driver and algorithm identifiers, respectively.
507Typically, drivers for
508PCMCIA
509crypto cards that are being ejected will invoke this routine for all
510algorithms supported by the card.
511.Fn crypto_unregister_all
512will unregister all algorithms registered by a driver
513and the driver will be disabled (no new sessions will be allocated on
514that driver, and any existing sessions will be migrated to other
515drivers).
516The same will be done if all algorithms associated with a driver are
517unregistered one by one.
518.Pp
519The calling convention for the three driver-supplied routines is:
520.Pp
521.Bl -item -compact
522.It
523.Ft int
524.Fn \*[lp]*newsession\*[rp] "void *" "u_int32_t *" "struct cryptoini *" ;
525.It
526.Ft int
527.Fn \*[lp]*freesession\*[rp] "void *" "u_int64_t" ;
528.It
529.Ft int
530.Fn \*[lp]*process\*[rp] "void *" "struct cryptop *" ;
531.It
532.Ft int
533.Fn \*[lp]*kprocess\*[rp] "void *" "struct cryptkop *" ;
534.El
535.Pp
536On invocation, the first argument to
537all routines is an opaque data value supplied when the algorithm
538is registered with
539.Fn crypto_register .
540The second argument to
541.Fn newsession
542contains the driver identifier obtained via
543.Fn crypto_get_driverid .
544On successful return, it should contain a driver-specific session
545identifier.
546The third argument is identical to that of
547.Fn crypto_newsession .
548.Pp
549The
550.Fn freesession
551routine takes as arguments the opaque data value and the SID
552(which is the concatenation of the
553driver identifier and the driver-specific session identifier).
554It should clear any context associated with the session (clear hardware
555registers, memory, etc.).
556.Pp
557The
558.Fn process
559routine is invoked with a request to perform crypto processing.
560This routine must not block, but should queue the request and return
561immediately.
562Upon processing the request, the callback routine should be invoked.
563In case of an unrecoverable error, the error indication must be placed in the
564.Va crp_etype
565field of the
566.Vt cryptop
567structure.
568When the request is completed, or an error is detected, the
569.Fn process
570routine should invoke
571.Fn crypto_done .
572Session migration may be performed, as mentioned previously.
573.Pp
574In case of a temporary resource exhaustion, the
575.Fn process
576routine may return
577.Er ERESTART
578in which case the crypto services will requeue the request, mark the driver
579as
580.Dq blocked ,
581and stop submitting requests for processing.
582The driver is then responsible for notifying the crypto services
583when it is again able to process requests through the
584.Fn crypto_unblock
585routine.
586This simple flow control mechanism should only be used for short-lived
587resource exhaustion as it causes operations to be queued in the crypto
588layer.
589Doing so is preferable to returning an error in such cases as
590it can cause network protocols to degrade performance by treating the
591failure much like a lost packet.
592.Pp
593The
594.Fn kprocess
595routine is invoked with a request to perform crypto key processing.
596This routine must not block, but should queue the request and return
597immediately.
598Upon processing the request, the callback routine should be invoked.
599In case of an unrecoverable error, the error indication must be placed in the
600.Va krp_status
601field of the
602.Vt cryptkop
603structure.
604When the request is completed, or an error is detected, the
605.Fn kprocess
606routine should invoked
607.Fn crypto_kdone .
608.Sh RETURN VALUES
609.Fn crypto_register ,
610.Fn crypto_kregister ,
611.Fn crypto_unregister ,
612.Fn crypto_newsession ,
613.Fn crypto_freesession ,
614and
615.Fn crypto_unblock
616return 0 on success, or an error code on failure.
617.Fn crypto_get_driverid
618returns a non-negative value on error, and \-1 on failure.
619.Fn crypto_getreq
620returns a pointer to a
621.Vt cryptop
622structure and
623.Dv NULL
624on failure.
625.Fn crypto_dispatch
626returns
627.Er EINVAL
628if its argument or the callback function was
629.Dv NULL ,
630and 0 otherwise.
631The callback is provided with an error code in case of failure, in the
632.Va crp_etype
633field.
634.Sh FILES
635.Bl -tag -width ".Pa sys/opencrypto/crypto.c"
636.It Pa sys/opencrypto/crypto.c
637most of the framework code
638.El
639.Sh SEE ALSO
640.Xr ipsec 4 ,
641.Xr malloc 9 ,
642.Xr sleep 9
643.Sh HISTORY
644The cryptographic framework first appeared in
645.Ox 2.7
646and was written by
647.An "Angelos D. Keromytis" Aq angelos@openbsd.org .
648.Sh BUGS
649The framework currently assumes that all the algorithms in a
650.Fn crypto_newsession
651operation must be available by the same driver.
652If that is not the case, session initialization will fail.
653.Pp
654The framework also needs a mechanism for determining which driver is
655best for a specific set of algorithms associated with a session.
656Some type of benchmarking is in order here.
657.Pp
658Multiple instances of the same algorithm in the same session are not
659supported.
660Note that 3DES is considered one algorithm (and not three
661instances of DES).
662Thus, 3DES and DES could be mixed in the same request.
| 361.It Dv CRD_F_ENCRYPT
362For encryption algorithms, this bit is set when encryption is required
363(when not set, decryption is performed).
364.It Dv CRD_F_IV_PRESENT
365For encryption algorithms, this bit is set when the IV already
366precedes the data, so the
367.Va crd_inject
368value will be ignored and no IV will be written in the buffer.
369Otherwise, the IV used to encrypt the packet will be written
370at the location pointed to by
371.Va crd_inject .
372The IV length is assumed to be equal to the blocksize of the
373encryption algorithm.
374Some applications that do special
375.Dq "IV cooking" ,
376such as the half-IV mode in
377.Xr ipsec 4 ,
378can use this flag to indicate that the IV should not be written on the packet.
379This flag is typically used in conjunction with the
380.Dv CRD_F_IV_EXPLICIT
381flag.
382.It Dv CRD_F_IV_EXPLICIT
383For encryption algorithms, this bit is set when the IV is explicitly
384provided by the consumer in the
385.Va crd_iv
386field.
387Otherwise, for encryption operations the IV is provided for by
388the driver used to perform the operation, whereas for decryption
389operations it is pointed to by the
390.Va crd_inject
391field.
392This flag is typically used when the IV is calculated
393.Dq "on the fly"
394by the consumer, and does not precede the data (some
395.Xr ipsec 4
396configurations, and the encrypted swap are two such examples).
397.It Dv CRD_F_KEY_EXPLICIT
398For encryption and authentication (MAC) algorithms, this bit is set when the key
399is explicitly provided by the consumer in the
400.Va crd_key
401field for the given operation.
402Otherwise, the key is taken at newsession time from the
403.Va cri_key
404field.
405.It Dv CRD_F_COMP
406For compression algorithms, this bit is set when compression is required (when
407not set, decompression is performed).
408.El
409.It Va CRD_INI
410This
411.Vt cryptoini
412structure will not be modified by the framework or the device drivers.
413Since this information accompanies every cryptographic
414operation request, drivers may re-initialize state on-demand
415(typically an expensive operation).
416Furthermore, the cryptographic
417framework may re-route requests as a result of full queues or hardware
418failure, as described above.
419.It Va crd_next
420Point to the next descriptor.
421Linked operations are useful in protocols such as
422.Xr ipsec 4 ,
423where multiple cryptographic transforms may be applied on the same
424block of data.
425.El
426.El
427.Pp
428.Fn crypto_getreq
429allocates a
430.Vt cryptop
431structure with a linked list of as many
432.Vt cryptodesc
433structures as were specified in the argument passed to it.
434.Pp
435.Fn crypto_freereq
436deallocates a structure
437.Vt cryptop
438and any
439.Vt cryptodesc
440structures linked to it.
441Note that it is the responsibility of the
442callback routine to do the necessary cleanups associated with the
443opaque field in the
444.Vt cryptop
445structure.
446.Pp
447.Fn crypto_kdispatch
448is called to perform a keying operation.
449The various fields in the
450.Vt cryptkop
451structure are:
452.Bl -tag -width ".Va krp_callback'
453.It Va krp_op
454Operation code, such as
455.Dv CRK_MOD_EXP .
456.It Va krp_status
457Return code.
458This
459.Va errno Ns -style
460variable indicates whether lower level reasons
461for operation failure.
462.It Va krp_iparams
463Number if input parameters to the specified operation.
464Note that each operation has a (typically hardwired) number of such parameters.
465.It Va krp_oparams
466Number if output parameters from the specified operation.
467Note that each operation has a (typically hardwired) number of such parameters.
468.It Va krp_kvp
469An array of kernel memory blocks containing the parameters.
470.It Va krp_hid
471Identifier specifying which low-level driver is being used.
472.It Va krp_callback
473Callback called on completion of a keying operation.
474.El
475.Sh DRIVER-SIDE API
476The
477.Fn crypto_get_driverid ,
478.Fn crypto_register ,
479.Fn crypto_kregister ,
480.Fn crypto_unregister ,
481.Fn crypto_unblock ,
482and
483.Fn crypto_done
484routines are used by drivers that provide support for cryptographic
485primitives to register and unregister with the kernel crypto services
486framework.
487Drivers must first use the
488.Fn crypto_get_driverid
489function to acquire a driver identifier, specifying the
490.Fa cc_flags
491as an argument (normally 0, but software-only drivers should specify
492.Dv CRYPTOCAP_F_SOFTWARE ) .
493For each algorithm the driver supports, it must then call
494.Fn crypto_register .
495The first two arguments are the driver and algorithm identifiers.
496The next two arguments specify the largest possible operator length (in bits,
497important for public key operations) and flags for this algorithm.
498The last four arguments must be provided in the first call to
499.Fn crypto_register
500and are ignored in all subsequent calls.
501They are pointers to three
502driver-provided functions that the framework may call to establish new
503cryptographic context with the driver, free already established
504context, and ask for a request to be processed (encrypt, decrypt,
505etc.); and an opaque parameter to pass when calling each of these routines.
506.Fn crypto_unregister
507is called by drivers that wish to withdraw support for an algorithm.
508The two arguments are the driver and algorithm identifiers, respectively.
509Typically, drivers for
510PCMCIA
511crypto cards that are being ejected will invoke this routine for all
512algorithms supported by the card.
513.Fn crypto_unregister_all
514will unregister all algorithms registered by a driver
515and the driver will be disabled (no new sessions will be allocated on
516that driver, and any existing sessions will be migrated to other
517drivers).
518The same will be done if all algorithms associated with a driver are
519unregistered one by one.
520.Pp
521The calling convention for the three driver-supplied routines is:
522.Pp
523.Bl -item -compact
524.It
525.Ft int
526.Fn \*[lp]*newsession\*[rp] "void *" "u_int32_t *" "struct cryptoini *" ;
527.It
528.Ft int
529.Fn \*[lp]*freesession\*[rp] "void *" "u_int64_t" ;
530.It
531.Ft int
532.Fn \*[lp]*process\*[rp] "void *" "struct cryptop *" ;
533.It
534.Ft int
535.Fn \*[lp]*kprocess\*[rp] "void *" "struct cryptkop *" ;
536.El
537.Pp
538On invocation, the first argument to
539all routines is an opaque data value supplied when the algorithm
540is registered with
541.Fn crypto_register .
542The second argument to
543.Fn newsession
544contains the driver identifier obtained via
545.Fn crypto_get_driverid .
546On successful return, it should contain a driver-specific session
547identifier.
548The third argument is identical to that of
549.Fn crypto_newsession .
550.Pp
551The
552.Fn freesession
553routine takes as arguments the opaque data value and the SID
554(which is the concatenation of the
555driver identifier and the driver-specific session identifier).
556It should clear any context associated with the session (clear hardware
557registers, memory, etc.).
558.Pp
559The
560.Fn process
561routine is invoked with a request to perform crypto processing.
562This routine must not block, but should queue the request and return
563immediately.
564Upon processing the request, the callback routine should be invoked.
565In case of an unrecoverable error, the error indication must be placed in the
566.Va crp_etype
567field of the
568.Vt cryptop
569structure.
570When the request is completed, or an error is detected, the
571.Fn process
572routine should invoke
573.Fn crypto_done .
574Session migration may be performed, as mentioned previously.
575.Pp
576In case of a temporary resource exhaustion, the
577.Fn process
578routine may return
579.Er ERESTART
580in which case the crypto services will requeue the request, mark the driver
581as
582.Dq blocked ,
583and stop submitting requests for processing.
584The driver is then responsible for notifying the crypto services
585when it is again able to process requests through the
586.Fn crypto_unblock
587routine.
588This simple flow control mechanism should only be used for short-lived
589resource exhaustion as it causes operations to be queued in the crypto
590layer.
591Doing so is preferable to returning an error in such cases as
592it can cause network protocols to degrade performance by treating the
593failure much like a lost packet.
594.Pp
595The
596.Fn kprocess
597routine is invoked with a request to perform crypto key processing.
598This routine must not block, but should queue the request and return
599immediately.
600Upon processing the request, the callback routine should be invoked.
601In case of an unrecoverable error, the error indication must be placed in the
602.Va krp_status
603field of the
604.Vt cryptkop
605structure.
606When the request is completed, or an error is detected, the
607.Fn kprocess
608routine should invoked
609.Fn crypto_kdone .
610.Sh RETURN VALUES
611.Fn crypto_register ,
612.Fn crypto_kregister ,
613.Fn crypto_unregister ,
614.Fn crypto_newsession ,
615.Fn crypto_freesession ,
616and
617.Fn crypto_unblock
618return 0 on success, or an error code on failure.
619.Fn crypto_get_driverid
620returns a non-negative value on error, and \-1 on failure.
621.Fn crypto_getreq
622returns a pointer to a
623.Vt cryptop
624structure and
625.Dv NULL
626on failure.
627.Fn crypto_dispatch
628returns
629.Er EINVAL
630if its argument or the callback function was
631.Dv NULL ,
632and 0 otherwise.
633The callback is provided with an error code in case of failure, in the
634.Va crp_etype
635field.
636.Sh FILES
637.Bl -tag -width ".Pa sys/opencrypto/crypto.c"
638.It Pa sys/opencrypto/crypto.c
639most of the framework code
640.El
641.Sh SEE ALSO
642.Xr ipsec 4 ,
643.Xr malloc 9 ,
644.Xr sleep 9
645.Sh HISTORY
646The cryptographic framework first appeared in
647.Ox 2.7
648and was written by
649.An "Angelos D. Keromytis" Aq angelos@openbsd.org .
650.Sh BUGS
651The framework currently assumes that all the algorithms in a
652.Fn crypto_newsession
653operation must be available by the same driver.
654If that is not the case, session initialization will fail.
655.Pp
656The framework also needs a mechanism for determining which driver is
657best for a specific set of algorithms associated with a session.
658Some type of benchmarking is in order here.
659.Pp
660Multiple instances of the same algorithm in the same session are not
661supported.
662Note that 3DES is considered one algorithm (and not three
663instances of DES).
664Thus, 3DES and DES could be mixed in the same request.
|