cryptodev.h revision 111297
1176349Smarcel/*	$FreeBSD: head/sys/opencrypto/cryptodev.h 111297 2003-02-23 07:25:48Z sam $	*/
2176349Smarcel/*	$OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $	*/
3209125Sraj
4209125Sraj/*
5176490Smarcel * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
6176349Smarcel *
7176349Smarcel * This code was written by Angelos D. Keromytis in Athens, Greece, in
8176349Smarcel * February 2000. Network Security Technologies Inc. (NSTI) kindly
9176490Smarcel * supported the development of this code.
10176349Smarcel *
11176349Smarcel * Copyright (c) 2000 Angelos D. Keromytis
12182724Sraj *
13209920Snwhitehorn * Permission to use, copy, and modify this software with or without fee
14176349Smarcel * is hereby granted, provided that this entire notice is included in
15240277Sae * all source code copies of any software which is or includes a copy or
16204315Sraj * modification of this software.
17240277Sae *
18240277Sae * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
19240277Sae * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
20204315Sraj * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
21176349Smarcel * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
22176349Smarcel * PURPOSE.
23176349Smarcel *
24176349Smarcel * Copyright (c) 2001 Theo de Raadt
25176349Smarcel *
26176349Smarcel * Redistribution and use in source and binary forms, with or without
27176349Smarcel * modification, are permitted provided that the following conditions
28209125Sraj * are met:
29208538Sraj *
30208538Sraj * 1. Redistributions of source code must retain the above copyright
31208538Sraj *   notice, this list of conditions and the following disclaimer.
32208538Sraj * 2. Redistributions in binary form must reproduce the above copyright
33176349Smarcel *   notice, this list of conditions and the following disclaimer in the
34176349Smarcel *   documentation and/or other materials provided with the distribution.
35176349Smarcel * 3. The name of the author may not be used to endorse or promote products
36176349Smarcel *   derived from this software without specific prior written permission.
37176349Smarcel *
38176349Smarcel * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
39176349Smarcel * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
40176349Smarcel * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
41176349Smarcel * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
42176349Smarcel * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43176349Smarcel * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
44176349Smarcel * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
45176349Smarcel * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46176349Smarcel * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
47176349Smarcel * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48176349Smarcel *
49176349Smarcel * Effort sponsored in part by the Defense Advanced Research Projects
50176349Smarcel * Agency (DARPA) and Air Force Research Laboratory, Air Force
51176349Smarcel * Materiel Command, USAF, under agreement number F30602-01-2-0537.
52176349Smarcel *
53176349Smarcel */
54176349Smarcel
55176349Smarcel#ifndef _CRYPTO_CRYPTO_H_
56176349Smarcel#define _CRYPTO_CRYPTO_H_
57176349Smarcel
58176349Smarcel#include <sys/ioccom.h>
59176349Smarcel
60176349Smarcel/* Some initial values */
61208538Sraj#define CRYPTO_DRIVERS_INITIAL	4
62208538Sraj#define CRYPTO_SW_SESSIONS	32
63208538Sraj
64208538Sraj/* HMAC values */
65208538Sraj#define HMAC_BLOCK_LEN		64
66208538Sraj#define HMAC_IPAD_VAL		0x36
67176349Smarcel#define HMAC_OPAD_VAL		0x5C
68176349Smarcel
69176349Smarcel/* Encryption algorithm block sizes */
70176349Smarcel#define DES_BLOCK_LEN		8
71176349Smarcel#define DES3_BLOCK_LEN		8
72176349Smarcel#define BLOWFISH_BLOCK_LEN	8
73176349Smarcel#define SKIPJACK_BLOCK_LEN	8
74176349Smarcel#define CAST128_BLOCK_LEN	8
75176349Smarcel#define RIJNDAEL128_BLOCK_LEN	16
76209920Snwhitehorn#define EALG_MAX_BLOCK_LEN	16 /* Keep this updated */
77176349Smarcel
78209920Snwhitehorn/* Maximum hash algorithm result length */
79176349Smarcel#define AALG_MAX_RESULT_LEN	64 /* Keep this updated */
80176349Smarcel
81176490Smarcel#define	CRYPTO_ALGORITHM_MIN	1
82176349Smarcel#define CRYPTO_DES_CBC		1
83176349Smarcel#define CRYPTO_3DES_CBC		2
84176349Smarcel#define CRYPTO_BLF_CBC		3
85176349Smarcel#define CRYPTO_CAST_CBC		4
86176349Smarcel#define CRYPTO_SKIPJACK_CBC	5
87176349Smarcel#define CRYPTO_MD5_HMAC		6
88176349Smarcel#define CRYPTO_SHA1_HMAC	7
89176349Smarcel#define CRYPTO_RIPEMD160_HMAC	8
90176349Smarcel#define CRYPTO_MD5_KPDK		9
91176349Smarcel#define CRYPTO_SHA1_KPDK	10
92176349Smarcel#define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
93176349Smarcel#define CRYPTO_AES_CBC		11 /* 128 bit blocksize -- the same as above */
94176349Smarcel#define CRYPTO_ARC4		12
95176349Smarcel#define	CRYPTO_MD5		13
96176349Smarcel#define	CRYPTO_SHA1		14
97176349Smarcel#define	CRYPTO_SHA2_HMAC	15
98271130Semaste#define CRYPTO_NULL_HMAC	16
99176349Smarcel#define CRYPTO_NULL_CBC		17
100176349Smarcel#define CRYPTO_DEFLATE_COMP	18 /* Deflate compression algorithm */
101208538Sraj#define CRYPTO_ALGORITHM_MAX	18 /* Keep updated - see below */
102271130Semaste
103176349Smarcel/* Algorithm flags */
104176349Smarcel#define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
105176349Smarcel#define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
106176349Smarcel#define	CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
107246647Skientzle
108176349Smarcelstruct session_op {
109176349Smarcel	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
110176349Smarcel	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
111176349Smarcel
112204315Sraj	u_int32_t	keylen;		/* cipher key */
113176349Smarcel	caddr_t		key;
114176349Smarcel	int		mackeylen;	/* mac key */
115	caddr_t		mackey;
116
117  	u_int32_t	ses;		/* returns: session # */
118};
119
120struct crypt_op {
121	u_int32_t	ses;
122	u_int16_t	op;		/* i.e. COP_ENCRYPT */
123#define COP_ENCRYPT	1
124#define COP_DECRYPT	2
125	u_int16_t	flags;
126#define	COP_F_BATCH	0x0008		/* Batch op if possible */
127	u_int		len;
128	caddr_t		src, dst;	/* become iov[] inside kernel */
129	caddr_t		mac;		/* must be big enough for chosen MAC */
130	caddr_t		iv;
131};
132
133#define CRYPTO_MAX_MAC_LEN	20
134
135/* bignum parameter, in packed bytes, ... */
136struct crparam {
137	caddr_t		crp_p;
138	u_int		crp_nbits;
139};
140
141#define CRK_MAXPARAM	8
142
143struct crypt_kop {
144	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
145	u_int		crk_status;	/* return status */
146	u_short		crk_iparams;	/* # of input parameters */
147	u_short		crk_oparams;	/* # of output parameters */
148	u_int		crk_pad1;
149	struct crparam	crk_param[CRK_MAXPARAM];
150};
151#define	CRK_ALGORITM_MIN	0
152#define CRK_MOD_EXP		0
153#define CRK_MOD_EXP_CRT		1
154#define CRK_DSA_SIGN		2
155#define CRK_DSA_VERIFY		3
156#define CRK_DH_COMPUTE_KEY	4
157#define CRK_ALGORITHM_MAX	4 /* Keep updated - see below */
158
159#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
160#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
161#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
162#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
163#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
164
165/*
166 * done against open of /dev/crypto, to get a cloned descriptor.
167 * Please use F_SETFD against the cloned descriptor.
168 */
169#define	CRIOGET		_IOWR('c', 100, u_int32_t)
170
171/* the following are done against the cloned descriptor */
172#define	CIOCGSESSION	_IOWR('c', 101, struct session_op)
173#define	CIOCFSESSION	_IOW('c', 102, u_int32_t)
174#define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
175#define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
176
177#define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
178
179struct cryptotstat {
180	struct timespec	acc;		/* total accumulated time */
181	struct timespec	min;		/* min time */
182	struct timespec	max;		/* max time */
183	u_int32_t	count;		/* number of observations */
184};
185
186struct cryptostats {
187	u_int32_t	cs_ops;		/* symmetric crypto ops submitted */
188	u_int32_t	cs_errs;	/* symmetric crypto ops that failed */
189	u_int32_t	cs_kops;	/* asymetric/key ops submitted */
190	u_int32_t	cs_kerrs;	/* asymetric/key ops that failed */
191	u_int32_t	cs_intrs;	/* crypto swi thread activations */
192	u_int32_t	cs_rets;	/* crypto return thread activations */
193	u_int32_t	cs_blocks;	/* symmetric op driver block */
194	u_int32_t	cs_kblocks;	/* symmetric op driver block */
195	/*
196	 * When CRYPTO_TIMING is defined at compile time and the
197	 * sysctl debug.crypto is set to 1, the crypto system will
198	 * accumulate statistics about how long it takes to process
199	 * crypto requests at various points during processing.
200	 */
201	struct cryptotstat cs_invoke;	/* crypto_dipsatch -> crypto_invoke */
202	struct cryptotstat cs_done;	/* crypto_invoke -> crypto_done */
203	struct cryptotstat cs_cb;	/* crypto_done -> callback */
204	struct cryptotstat cs_finis;	/* callback -> callback return */
205};
206
207#ifdef _KERNEL
208/* Standard initialization structure beginning */
209struct cryptoini {
210	int		cri_alg;	/* Algorithm to use */
211	int		cri_klen;	/* Key length, in bits */
212	int		cri_rnd;	/* Algorithm rounds, where relevant */
213	caddr_t		cri_key;	/* key to use */
214	u_int8_t	cri_iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
215	struct cryptoini *cri_next;
216};
217
218/* Describe boundaries of a single crypto operation */
219struct cryptodesc {
220	int		crd_skip;	/* How many bytes to ignore from start */
221	int		crd_len;	/* How many bytes to process */
222	int		crd_inject;	/* Where to inject results, if applicable */
223	int		crd_flags;
224
225#define	CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
226#define	CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
227					   place, so don't copy. */
228#define	CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
229#define	CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
230#define CRD_F_COMP		0x0f    /* Set when doing compression */
231
232	struct cryptoini	CRD_INI; /* Initialization/context data */
233#define crd_iv		CRD_INI.cri_iv
234#define crd_key		CRD_INI.cri_key
235#define crd_rnd		CRD_INI.cri_rnd
236#define crd_alg		CRD_INI.cri_alg
237#define crd_klen	CRD_INI.cri_klen
238
239	struct cryptodesc *crd_next;
240};
241
242/* Structure describing complete operation */
243struct cryptop {
244	TAILQ_ENTRY(cryptop) crp_next;
245
246	u_int64_t	crp_sid;	/* Session ID */
247	int		crp_ilen;	/* Input data total length */
248	int		crp_olen;	/* Result total length */
249
250	int		crp_etype;	/*
251					 * Error type (zero means no error).
252					 * All error codes except EAGAIN
253					 * indicate possible data corruption (as in,
254					 * the data have been touched). On all
255					 * errors, the crp_sid may have changed
256					 * (reset to a new one), so the caller
257					 * should always check and use the new
258					 * value on future requests.
259					 */
260	int		crp_flags;
261
262#define CRYPTO_F_IMBUF	0x0001	/* Input/output are mbuf chains, otherwise contig */
263#define CRYPTO_F_IOV	0x0002	/* Input/output are uio */
264#define CRYPTO_F_REL	0x0004	/* Must return data in same place */
265#define	CRYPTO_F_BATCH	0x0008	/* Batch op if possible */
266#define	CRYPTO_F_CBIMM	0x0010	/* Do callback immediately */
267
268	caddr_t		crp_buf;	/* Data to be processed */
269	caddr_t		crp_opaque;	/* Opaque pointer, passed along */
270	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
271
272	int (*crp_callback)(struct cryptop *); /* Callback function */
273
274	caddr_t		crp_mac;
275	struct bintime	crp_tstamp;	/* performance time stamp */
276};
277
278#define CRYPTO_BUF_CONTIG	0x0
279#define CRYPTO_BUF_IOV		0x1
280#define CRYPTO_BUF_MBUF		0x2
281
282#define CRYPTO_OP_DECRYPT	0x0
283#define CRYPTO_OP_ENCRYPT	0x1
284
285/*
286 * Hints passed to process methods.
287 */
288#define	CRYPTO_HINT_MORE	0x1	/* more ops coming shortly */
289
290struct cryptkop {
291	TAILQ_ENTRY(cryptkop) krp_next;
292
293	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
294	u_int		krp_status;	/* return status */
295	u_short		krp_iparams;	/* # of input parameters */
296	u_short		krp_oparams;	/* # of output parameters */
297	u_int32_t	krp_hid;
298	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
299	int		(*krp_callback)(struct cryptkop *);
300};
301
302/* Crypto capabilities structure */
303struct cryptocap {
304	u_int32_t	cc_sessions;
305
306	/*
307	 * Largest possible operator length (in bits) for each type of
308	 * encryption algorithm.
309	 */
310	u_int16_t	cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
311
312	u_int8_t	cc_alg[CRYPTO_ALGORITHM_MAX + 1];
313
314	u_int8_t	cc_kalg[CRK_ALGORITHM_MAX + 1];
315
316	u_int8_t	cc_flags;
317	u_int8_t	cc_qblocked;		/* symmetric q blocked */
318	u_int8_t	cc_kqblocked;		/* asymmetric q blocked */
319#define CRYPTOCAP_F_CLEANUP   0x1
320#define CRYPTOCAP_F_SOFTWARE  0x02
321
322	void		*cc_arg;		/* callback argument */
323	int		(*cc_newsession)(void*, u_int32_t*, struct cryptoini*);
324	int		(*cc_process)(void*, struct cryptop *, int);
325	int		(*cc_freesession)(void*, u_int64_t);
326	void		*cc_karg;		/* callback argument */
327	int		(*cc_kprocess) (void*, struct cryptkop *, int);
328};
329
330MALLOC_DECLARE(M_CRYPTO_DATA);
331
332extern	int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
333extern	int crypto_freesession(u_int64_t sid);
334extern	int32_t crypto_get_driverid(u_int32_t flags);
335extern	int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
336	    u_int32_t flags,
337	    int (*newses)(void*, u_int32_t*, struct cryptoini*),
338	    int (*freeses)(void*, u_int64_t),
339	    int (*process)(void*, struct cryptop *, int),
340	    void *arg);
341extern	int crypto_kregister(u_int32_t, int, u_int32_t,
342	    int (*)(void*, struct cryptkop *, int),
343	    void *arg);
344extern	int crypto_unregister(u_int32_t driverid, int alg);
345extern	int crypto_unregister_all(u_int32_t driverid);
346extern	int crypto_dispatch(struct cryptop *crp);
347extern	int crypto_kdispatch(struct cryptkop *);
348#define	CRYPTO_SYMQ	0x1
349#define	CRYPTO_ASYMQ	0x2
350extern	int crypto_unblock(u_int32_t, int);
351extern	void crypto_done(struct cryptop *crp);
352extern	void crypto_kdone(struct cryptkop *);
353extern	int crypto_getfeat(int *);
354
355extern	void crypto_freereq(struct cryptop *crp);
356extern	struct cryptop *crypto_getreq(int num);
357
358extern	int crypto_usercrypto;		/* userland may do crypto requests */
359extern	int crypto_userasymcrypto;	/* userland may do asym crypto reqs */
360extern	int crypto_devallowsoft;	/* only use hardware crypto */
361
362/*
363 * Crypto-related utility routines used mainly by drivers.
364 *
365 * XXX these don't really belong here; but for now they're
366 *     kept apart from the rest of the system.
367 */
368struct mbuf;
369struct	mbuf	*m_getptr(struct mbuf *, int, int *);
370
371struct uio;
372extern	void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
373extern	void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
374extern	struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
375#endif /* _KERNEL */
376#endif /* _CRYPTO_CRYPTO_H_ */
377