Deleted Added
full compact
cryptodev.h (159241) cryptodev.h (167755)
1/* $FreeBSD: head/sys/opencrypto/cryptodev.h 159241 2006-06-04 22:15:13Z pjd $ */
1/* $FreeBSD: head/sys/opencrypto/cryptodev.h 167755 2007-03-21 03:42:51Z sam $ */
2/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
3
4/*-
5 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
2/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
3
4/*-
5 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
6 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
6 *
7 * This code was written by Angelos D. Keromytis in Athens, Greece, in
8 * February 2000. Network Security Technologies Inc. (NSTI) kindly
9 * supported the development of this code.
10 *
11 * Copyright (c) 2000 Angelos D. Keromytis
12 *
13 * Permission to use, copy, and modify this software with or without fee

--- 108 unchanged lines hidden (view full) ---

122#define CRYPTO_SHA2_512_HMAC 20
123#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */
124
125/* Algorithm flags */
126#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
127#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
128#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
129
7 *
8 * This code was written by Angelos D. Keromytis in Athens, Greece, in
9 * February 2000. Network Security Technologies Inc. (NSTI) kindly
10 * supported the development of this code.
11 *
12 * Copyright (c) 2000 Angelos D. Keromytis
13 *
14 * Permission to use, copy, and modify this software with or without fee

--- 108 unchanged lines hidden (view full) ---

123#define CRYPTO_SHA2_512_HMAC 20
124#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */
125
126/* Algorithm flags */
127#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
128#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
129#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
130
131/*
132 * Crypto driver/device flags. They can set in the crid
133 * parameter when creating a session or submitting a key
134 * op to affect the device/driver assigned. If neither
135 * of these are specified then the crid is assumed to hold
136 * the driver id of an existing (and suitable) device that
137 * must be used to satisfy the request.
138 */
139#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */
140#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */
141
142/* NB: deprecated */
130struct session_op {
131 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
132 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
133
134 u_int32_t keylen; /* cipher key */
135 caddr_t key;
136 int mackeylen; /* mac key */
137 caddr_t mackey;
138
139 u_int32_t ses; /* returns: session # */
140};
141
143struct session_op {
144 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
145 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
146
147 u_int32_t keylen; /* cipher key */
148 caddr_t key;
149 int mackeylen; /* mac key */
150 caddr_t mackey;
151
152 u_int32_t ses; /* returns: session # */
153};
154
155struct session2_op {
156 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
157 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
158
159 u_int32_t keylen; /* cipher key */
160 caddr_t key;
161 int mackeylen; /* mac key */
162 caddr_t mackey;
163
164 u_int32_t ses; /* returns: session # */
165 int crid; /* driver id + flags (rw) */
166 int pad[4]; /* for future expansion */
167};
168
142struct crypt_op {
143 u_int32_t ses;
144 u_int16_t op; /* i.e. COP_ENCRYPT */
145#define COP_ENCRYPT 1
146#define COP_DECRYPT 2
147 u_int16_t flags;
148#define COP_F_BATCH 0x0008 /* Batch op if possible */
149 u_int len;
150 caddr_t src, dst; /* become iov[] inside kernel */
151 caddr_t mac; /* must be big enough for chosen MAC */
152 caddr_t iv;
153};
154
169struct crypt_op {
170 u_int32_t ses;
171 u_int16_t op; /* i.e. COP_ENCRYPT */
172#define COP_ENCRYPT 1
173#define COP_DECRYPT 2
174 u_int16_t flags;
175#define COP_F_BATCH 0x0008 /* Batch op if possible */
176 u_int len;
177 caddr_t src, dst; /* become iov[] inside kernel */
178 caddr_t mac; /* must be big enough for chosen MAC */
179 caddr_t iv;
180};
181
182/*
183 * Parameters for looking up a crypto driver/device by
184 * device name or by id. The latter are returned for
185 * created sessions (crid) and completed key operations.
186 */
187struct crypt_find_op {
188 int crid; /* driver id + flags */
189 char name[32]; /* device/driver name */
190};
191
155/* bignum parameter, in packed bytes, ... */
156struct crparam {
157 caddr_t crp_p;
158 u_int crp_nbits;
159};
160
161#define CRK_MAXPARAM 8
162
163struct crypt_kop {
164 u_int crk_op; /* ie. CRK_MOD_EXP or other */
165 u_int crk_status; /* return status */
166 u_short crk_iparams; /* # of input parameters */
167 u_short crk_oparams; /* # of output parameters */
192/* bignum parameter, in packed bytes, ... */
193struct crparam {
194 caddr_t crp_p;
195 u_int crp_nbits;
196};
197
198#define CRK_MAXPARAM 8
199
200struct crypt_kop {
201 u_int crk_op; /* ie. CRK_MOD_EXP or other */
202 u_int crk_status; /* return status */
203 u_short crk_iparams; /* # of input parameters */
204 u_short crk_oparams; /* # of output parameters */
168 u_int crk_pad1;
205 u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */
169 struct crparam crk_param[CRK_MAXPARAM];
170};
171#define CRK_ALGORITM_MIN 0
172#define CRK_MOD_EXP 0
173#define CRK_MOD_EXP_CRT 1
174#define CRK_DSA_SIGN 2
175#define CRK_DSA_VERIFY 3
176#define CRK_DH_COMPUTE_KEY 4

--- 5 unchanged lines hidden (view full) ---

182#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
183#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
184
185/*
186 * done against open of /dev/crypto, to get a cloned descriptor.
187 * Please use F_SETFD against the cloned descriptor.
188 */
189#define CRIOGET _IOWR('c', 100, u_int32_t)
206 struct crparam crk_param[CRK_MAXPARAM];
207};
208#define CRK_ALGORITM_MIN 0
209#define CRK_MOD_EXP 0
210#define CRK_MOD_EXP_CRT 1
211#define CRK_DSA_SIGN 2
212#define CRK_DSA_VERIFY 3
213#define CRK_DH_COMPUTE_KEY 4

--- 5 unchanged lines hidden (view full) ---

219#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
220#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
221
222/*
223 * done against open of /dev/crypto, to get a cloned descriptor.
224 * Please use F_SETFD against the cloned descriptor.
225 */
226#define CRIOGET _IOWR('c', 100, u_int32_t)
227#define CRIOASYMFEAT CIOCASYMFEAT
228#define CRIOFINDDEV CIOCFINDDEV
190
191/* the following are done against the cloned descriptor */
192#define CIOCGSESSION _IOWR('c', 101, struct session_op)
193#define CIOCFSESSION _IOW('c', 102, u_int32_t)
194#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
195#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
229
230/* the following are done against the cloned descriptor */
231#define CIOCGSESSION _IOWR('c', 101, struct session_op)
232#define CIOCFSESSION _IOW('c', 102, u_int32_t)
233#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
234#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
196
197#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
235#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
236#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op)
237#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop)
238#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op)
198
199struct cryptotstat {
200 struct timespec acc; /* total accumulated time */
201 struct timespec min; /* min time */
202 struct timespec max; /* max time */
203 u_int32_t count; /* number of observations */
204};
205

--- 105 unchanged lines hidden (view full) ---

311
312struct cryptkop {
313 TAILQ_ENTRY(cryptkop) krp_next;
314
315 u_int krp_op; /* ie. CRK_MOD_EXP or other */
316 u_int krp_status; /* return status */
317 u_short krp_iparams; /* # of input parameters */
318 u_short krp_oparams; /* # of output parameters */
239
240struct cryptotstat {
241 struct timespec acc; /* total accumulated time */
242 struct timespec min; /* min time */
243 struct timespec max; /* max time */
244 u_int32_t count; /* number of observations */
245};
246

--- 105 unchanged lines hidden (view full) ---

352
353struct cryptkop {
354 TAILQ_ENTRY(cryptkop) krp_next;
355
356 u_int krp_op; /* ie. CRK_MOD_EXP or other */
357 u_int krp_status; /* return status */
358 u_short krp_iparams; /* # of input parameters */
359 u_short krp_oparams; /* # of output parameters */
360 u_int krp_crid; /* desired device, etc. */
319 u_int32_t krp_hid;
320 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
321 int (*krp_callback)(struct cryptkop *);
322};
323
324/*
361 u_int32_t krp_hid;
362 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
363 int (*krp_callback)(struct cryptkop *);
364};
365
366/*
325 * Crypto capabilities structure.
326 *
327 * Synchronization:
328 * (d) - protected by CRYPTO_DRIVER_LOCK()
329 * (q) - protected by CRYPTO_Q_LOCK()
330 * Not tagged fields are read-only.
331 */
332struct cryptocap {
333 u_int32_t cc_sessions; /* (d) number of sessions */
334 u_int32_t cc_koperations; /* (d) number os asym operations */
335
336 /*
337 * Largest possible operator length (in bits) for each type of
338 * encryption algorithm.
339 */
340 u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
341
342 u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1];
343
344 u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1];
345
346 u_int8_t cc_flags; /* (d) flags */
347#define CRYPTOCAP_F_CLEANUP 0x01 /* needs resource cleanup */
348#define CRYPTOCAP_F_SOFTWARE 0x02 /* software implementation */
349#define CRYPTOCAP_F_SYNC 0x04 /* operates synchronously */
350 u_int8_t cc_qblocked; /* (q) symmetric q blocked */
351 u_int8_t cc_kqblocked; /* (q) asymmetric q blocked */
352
353 void *cc_arg; /* callback argument */
354 int (*cc_newsession)(void*, u_int32_t*, struct cryptoini*);
355 int (*cc_process)(void*, struct cryptop *, int);
356 int (*cc_freesession)(void*, u_int64_t);
357 void *cc_karg; /* callback argument */
358 int (*cc_kprocess) (void*, struct cryptkop *, int);
359};
360
361/*
362 * Session ids are 64 bits. The lower 32 bits contain a "local id" which
363 * is a driver-private session identifier. The upper 32 bits contain a
364 * "hardware id" used by the core crypto code to identify the driver and
365 * a copy of the driver's capabilities that can be used by client code to
366 * optimize operation.
367 */
367 * Session ids are 64 bits. The lower 32 bits contain a "local id" which
368 * is a driver-private session identifier. The upper 32 bits contain a
369 * "hardware id" used by the core crypto code to identify the driver and
370 * a copy of the driver's capabilities that can be used by client code to
371 * optimize operation.
372 */
368#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0xffffff)
369#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 56) & 0xff)
373#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff)
374#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000)
370#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
371
372MALLOC_DECLARE(M_CRYPTO_DATA);
373
374extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
375extern int crypto_freesession(u_int64_t sid);
375#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
376
377MALLOC_DECLARE(M_CRYPTO_DATA);
378
379extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
380extern int crypto_freesession(u_int64_t sid);
376extern int32_t crypto_get_driverid(u_int32_t flags);
381#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE
382#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE
383#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */
384extern int32_t crypto_get_driverid(device_t dev, int flags);
385extern int crypto_find_driver(const char *);
386extern device_t crypto_find_device_byhid(int hid);
387extern int crypto_getcaps(int hid);
377extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
388extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
378 u_int32_t flags,
379 int (*newses)(void*, u_int32_t*, struct cryptoini*),
380 int (*freeses)(void*, u_int64_t),
381 int (*process)(void*, struct cryptop *, int),
382 void *arg);
383extern int crypto_kregister(u_int32_t, int, u_int32_t,
384 int (*)(void*, struct cryptkop *, int),
385 void *arg);
389 u_int32_t flags);
390extern int crypto_kregister(u_int32_t, int, u_int32_t);
386extern int crypto_unregister(u_int32_t driverid, int alg);
387extern int crypto_unregister_all(u_int32_t driverid);
388extern int crypto_dispatch(struct cryptop *crp);
389extern int crypto_kdispatch(struct cryptkop *);
390#define CRYPTO_SYMQ 0x1
391#define CRYPTO_ASYMQ 0x2
392extern int crypto_unblock(u_int32_t, int);
393extern void crypto_done(struct cryptop *crp);

--- 31 unchanged lines hidden ---
391extern int crypto_unregister(u_int32_t driverid, int alg);
392extern int crypto_unregister_all(u_int32_t driverid);
393extern int crypto_dispatch(struct cryptop *crp);
394extern int crypto_kdispatch(struct cryptkop *);
395#define CRYPTO_SYMQ 0x1
396#define CRYPTO_ASYMQ 0x2
397extern int crypto_unblock(u_int32_t, int);
398extern void crypto_done(struct cryptop *crp);

--- 31 unchanged lines hidden ---