cryptodev.h (159241) | cryptodev.h (167755) |
---|---|
1/* $FreeBSD: head/sys/opencrypto/cryptodev.h 159241 2006-06-04 22:15:13Z pjd $ */ | 1/* $FreeBSD: head/sys/opencrypto/cryptodev.h 167755 2007-03-21 03:42:51Z sam $ */ |
2/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ 3 4/*- 5 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) | 2/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ 3 4/*- 5 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) |
6 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting |
|
6 * 7 * This code was written by Angelos D. Keromytis in Athens, Greece, in 8 * February 2000. Network Security Technologies Inc. (NSTI) kindly 9 * supported the development of this code. 10 * 11 * Copyright (c) 2000 Angelos D. Keromytis 12 * 13 * Permission to use, copy, and modify this software with or without fee --- 108 unchanged lines hidden (view full) --- 122#define CRYPTO_SHA2_512_HMAC 20 123#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */ 124 125/* Algorithm flags */ 126#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ 127#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ 128#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ 129 | 7 * 8 * This code was written by Angelos D. Keromytis in Athens, Greece, in 9 * February 2000. Network Security Technologies Inc. (NSTI) kindly 10 * supported the development of this code. 11 * 12 * Copyright (c) 2000 Angelos D. Keromytis 13 * 14 * Permission to use, copy, and modify this software with or without fee --- 108 unchanged lines hidden (view full) --- 123#define CRYPTO_SHA2_512_HMAC 20 124#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */ 125 126/* Algorithm flags */ 127#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ 128#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ 129#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ 130 |
131/* 132 * Crypto driver/device flags. They can set in the crid 133 * parameter when creating a session or submitting a key 134 * op to affect the device/driver assigned. If neither 135 * of these are specified then the crid is assumed to hold 136 * the driver id of an existing (and suitable) device that 137 * must be used to satisfy the request. 138 */ 139#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */ 140#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */ 141 142/* NB: deprecated */ |
|
130struct session_op { 131 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ 132 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ 133 134 u_int32_t keylen; /* cipher key */ 135 caddr_t key; 136 int mackeylen; /* mac key */ 137 caddr_t mackey; 138 139 u_int32_t ses; /* returns: session # */ 140}; 141 | 143struct session_op { 144 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ 145 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ 146 147 u_int32_t keylen; /* cipher key */ 148 caddr_t key; 149 int mackeylen; /* mac key */ 150 caddr_t mackey; 151 152 u_int32_t ses; /* returns: session # */ 153}; 154 |
155struct session2_op { 156 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ 157 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ 158 159 u_int32_t keylen; /* cipher key */ 160 caddr_t key; 161 int mackeylen; /* mac key */ 162 caddr_t mackey; 163 164 u_int32_t ses; /* returns: session # */ 165 int crid; /* driver id + flags (rw) */ 166 int pad[4]; /* for future expansion */ 167}; 168 |
|
142struct crypt_op { 143 u_int32_t ses; 144 u_int16_t op; /* i.e. COP_ENCRYPT */ 145#define COP_ENCRYPT 1 146#define COP_DECRYPT 2 147 u_int16_t flags; 148#define COP_F_BATCH 0x0008 /* Batch op if possible */ 149 u_int len; 150 caddr_t src, dst; /* become iov[] inside kernel */ 151 caddr_t mac; /* must be big enough for chosen MAC */ 152 caddr_t iv; 153}; 154 | 169struct crypt_op { 170 u_int32_t ses; 171 u_int16_t op; /* i.e. COP_ENCRYPT */ 172#define COP_ENCRYPT 1 173#define COP_DECRYPT 2 174 u_int16_t flags; 175#define COP_F_BATCH 0x0008 /* Batch op if possible */ 176 u_int len; 177 caddr_t src, dst; /* become iov[] inside kernel */ 178 caddr_t mac; /* must be big enough for chosen MAC */ 179 caddr_t iv; 180}; 181 |
182/* 183 * Parameters for looking up a crypto driver/device by 184 * device name or by id. The latter are returned for 185 * created sessions (crid) and completed key operations. 186 */ 187struct crypt_find_op { 188 int crid; /* driver id + flags */ 189 char name[32]; /* device/driver name */ 190}; 191 |
|
155/* bignum parameter, in packed bytes, ... */ 156struct crparam { 157 caddr_t crp_p; 158 u_int crp_nbits; 159}; 160 161#define CRK_MAXPARAM 8 162 163struct crypt_kop { 164 u_int crk_op; /* ie. CRK_MOD_EXP or other */ 165 u_int crk_status; /* return status */ 166 u_short crk_iparams; /* # of input parameters */ 167 u_short crk_oparams; /* # of output parameters */ | 192/* bignum parameter, in packed bytes, ... */ 193struct crparam { 194 caddr_t crp_p; 195 u_int crp_nbits; 196}; 197 198#define CRK_MAXPARAM 8 199 200struct crypt_kop { 201 u_int crk_op; /* ie. CRK_MOD_EXP or other */ 202 u_int crk_status; /* return status */ 203 u_short crk_iparams; /* # of input parameters */ 204 u_short crk_oparams; /* # of output parameters */ |
168 u_int crk_pad1; | 205 u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */ |
169 struct crparam crk_param[CRK_MAXPARAM]; 170}; 171#define CRK_ALGORITM_MIN 0 172#define CRK_MOD_EXP 0 173#define CRK_MOD_EXP_CRT 1 174#define CRK_DSA_SIGN 2 175#define CRK_DSA_VERIFY 3 176#define CRK_DH_COMPUTE_KEY 4 --- 5 unchanged lines hidden (view full) --- 182#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) 183#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) 184 185/* 186 * done against open of /dev/crypto, to get a cloned descriptor. 187 * Please use F_SETFD against the cloned descriptor. 188 */ 189#define CRIOGET _IOWR('c', 100, u_int32_t) | 206 struct crparam crk_param[CRK_MAXPARAM]; 207}; 208#define CRK_ALGORITM_MIN 0 209#define CRK_MOD_EXP 0 210#define CRK_MOD_EXP_CRT 1 211#define CRK_DSA_SIGN 2 212#define CRK_DSA_VERIFY 3 213#define CRK_DH_COMPUTE_KEY 4 --- 5 unchanged lines hidden (view full) --- 219#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) 220#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) 221 222/* 223 * done against open of /dev/crypto, to get a cloned descriptor. 224 * Please use F_SETFD against the cloned descriptor. 225 */ 226#define CRIOGET _IOWR('c', 100, u_int32_t) |
227#define CRIOASYMFEAT CIOCASYMFEAT 228#define CRIOFINDDEV CIOCFINDDEV |
|
190 191/* the following are done against the cloned descriptor */ 192#define CIOCGSESSION _IOWR('c', 101, struct session_op) 193#define CIOCFSESSION _IOW('c', 102, u_int32_t) 194#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) 195#define CIOCKEY _IOWR('c', 104, struct crypt_kop) | 229 230/* the following are done against the cloned descriptor */ 231#define CIOCGSESSION _IOWR('c', 101, struct session_op) 232#define CIOCFSESSION _IOW('c', 102, u_int32_t) 233#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) 234#define CIOCKEY _IOWR('c', 104, struct crypt_kop) |
196 | |
197#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) | 235#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) |
236#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op) 237#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop) 238#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op) |
|
198 199struct cryptotstat { 200 struct timespec acc; /* total accumulated time */ 201 struct timespec min; /* min time */ 202 struct timespec max; /* max time */ 203 u_int32_t count; /* number of observations */ 204}; 205 --- 105 unchanged lines hidden (view full) --- 311 312struct cryptkop { 313 TAILQ_ENTRY(cryptkop) krp_next; 314 315 u_int krp_op; /* ie. CRK_MOD_EXP or other */ 316 u_int krp_status; /* return status */ 317 u_short krp_iparams; /* # of input parameters */ 318 u_short krp_oparams; /* # of output parameters */ | 239 240struct cryptotstat { 241 struct timespec acc; /* total accumulated time */ 242 struct timespec min; /* min time */ 243 struct timespec max; /* max time */ 244 u_int32_t count; /* number of observations */ 245}; 246 --- 105 unchanged lines hidden (view full) --- 352 353struct cryptkop { 354 TAILQ_ENTRY(cryptkop) krp_next; 355 356 u_int krp_op; /* ie. CRK_MOD_EXP or other */ 357 u_int krp_status; /* return status */ 358 u_short krp_iparams; /* # of input parameters */ 359 u_short krp_oparams; /* # of output parameters */ |
360 u_int krp_crid; /* desired device, etc. */ |
|
319 u_int32_t krp_hid; 320 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ 321 int (*krp_callback)(struct cryptkop *); 322}; 323 324/* | 361 u_int32_t krp_hid; 362 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ 363 int (*krp_callback)(struct cryptkop *); 364}; 365 366/* |
325 * Crypto capabilities structure. 326 * 327 * Synchronization: 328 * (d) - protected by CRYPTO_DRIVER_LOCK() 329 * (q) - protected by CRYPTO_Q_LOCK() 330 * Not tagged fields are read-only. 331 */ 332struct cryptocap { 333 u_int32_t cc_sessions; /* (d) number of sessions */ 334 u_int32_t cc_koperations; /* (d) number os asym operations */ 335 336 /* 337 * Largest possible operator length (in bits) for each type of 338 * encryption algorithm. 339 */ 340 u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1]; 341 342 u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; 343 344 u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1]; 345 346 u_int8_t cc_flags; /* (d) flags */ 347#define CRYPTOCAP_F_CLEANUP 0x01 /* needs resource cleanup */ 348#define CRYPTOCAP_F_SOFTWARE 0x02 /* software implementation */ 349#define CRYPTOCAP_F_SYNC 0x04 /* operates synchronously */ 350 u_int8_t cc_qblocked; /* (q) symmetric q blocked */ 351 u_int8_t cc_kqblocked; /* (q) asymmetric q blocked */ 352 353 void *cc_arg; /* callback argument */ 354 int (*cc_newsession)(void*, u_int32_t*, struct cryptoini*); 355 int (*cc_process)(void*, struct cryptop *, int); 356 int (*cc_freesession)(void*, u_int64_t); 357 void *cc_karg; /* callback argument */ 358 int (*cc_kprocess) (void*, struct cryptkop *, int); 359}; 360 361/* | |
362 * Session ids are 64 bits. The lower 32 bits contain a "local id" which 363 * is a driver-private session identifier. The upper 32 bits contain a 364 * "hardware id" used by the core crypto code to identify the driver and 365 * a copy of the driver's capabilities that can be used by client code to 366 * optimize operation. 367 */ | 367 * Session ids are 64 bits. The lower 32 bits contain a "local id" which 368 * is a driver-private session identifier. The upper 32 bits contain a 369 * "hardware id" used by the core crypto code to identify the driver and 370 * a copy of the driver's capabilities that can be used by client code to 371 * optimize operation. 372 */ |
368#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0xffffff) 369#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 56) & 0xff) | 373#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff) 374#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000) |
370#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff) 371 372MALLOC_DECLARE(M_CRYPTO_DATA); 373 374extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); 375extern int crypto_freesession(u_int64_t sid); | 375#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff) 376 377MALLOC_DECLARE(M_CRYPTO_DATA); 378 379extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); 380extern int crypto_freesession(u_int64_t sid); |
376extern int32_t crypto_get_driverid(u_int32_t flags); | 381#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE 382#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE 383#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */ 384extern int32_t crypto_get_driverid(device_t dev, int flags); 385extern int crypto_find_driver(const char *); 386extern device_t crypto_find_device_byhid(int hid); 387extern int crypto_getcaps(int hid); |
377extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, | 388extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, |
378 u_int32_t flags, 379 int (*newses)(void*, u_int32_t*, struct cryptoini*), 380 int (*freeses)(void*, u_int64_t), 381 int (*process)(void*, struct cryptop *, int), 382 void *arg); 383extern int crypto_kregister(u_int32_t, int, u_int32_t, 384 int (*)(void*, struct cryptkop *, int), 385 void *arg); | 389 u_int32_t flags); 390extern int crypto_kregister(u_int32_t, int, u_int32_t); |
386extern int crypto_unregister(u_int32_t driverid, int alg); 387extern int crypto_unregister_all(u_int32_t driverid); 388extern int crypto_dispatch(struct cryptop *crp); 389extern int crypto_kdispatch(struct cryptkop *); 390#define CRYPTO_SYMQ 0x1 391#define CRYPTO_ASYMQ 0x2 392extern int crypto_unblock(u_int32_t, int); 393extern void crypto_done(struct cryptop *crp); --- 31 unchanged lines hidden --- | 391extern int crypto_unregister(u_int32_t driverid, int alg); 392extern int crypto_unregister_all(u_int32_t driverid); 393extern int crypto_dispatch(struct cryptop *crp); 394extern int crypto_kdispatch(struct cryptkop *); 395#define CRYPTO_SYMQ 0x1 396#define CRYPTO_ASYMQ 0x2 397extern int crypto_unblock(u_int32_t, int); 398extern void crypto_done(struct cryptop *crp); --- 31 unchanged lines hidden --- |