xref: /openbsd/sys/crypto/cryptodev.h (revision 91f110e0) 
1 /*	$OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $	*/
2 
3 /*
4  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
5  *
6  * This code was written by Angelos D. Keromytis in Athens, Greece, in
7  * February 2000. Network Security Technologies Inc. (NSTI) kindly
8  * supported the development of this code.
9  *
10  * Copyright (c) 2000 Angelos D. Keromytis
11  *
12  * Permission to use, copy, and modify this software with or without fee
13  * is hereby granted, provided that this entire notice is included in
14  * all source code copies of any software which is or includes a copy or
15  * modification of this software.
16  *
17  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
18  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
19  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
20  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
21  * PURPOSE.
22  *
23  * Copyright (c) 2001 Theo de Raadt
24  *
25  * Redistribution and use in source and binary forms, with or without
26  * modification, are permitted provided that the following conditions
27  * are met:
28  *
29  * 1. Redistributions of source code must retain the above copyright
30  *    notice, this list of conditions and the following disclaimer.
31  * 2. Redistributions in binary form must reproduce the above copyright
32  *    notice, this list of conditions and the following disclaimer in the
33  *    documentation and/or other materials provided with the distribution.
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
36  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
38  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
39  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
40  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
41  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
42  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
43  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
44  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
45  *
46  * Effort sponsored in part by the Defense Advanced Research Projects
47  * Agency (DARPA) and Air Force Research Laboratory, Air Force
48  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
49  *
50  */
51 
52 #ifndef _CRYPTO_CRYPTO_H_
53 #define _CRYPTO_CRYPTO_H_
54 
55 #include <sys/ioccom.h>
56 #include <sys/task.h>
57 
58 /* Some initial values */
59 #define CRYPTO_DRIVERS_INITIAL	4
60 #define CRYPTO_DRIVERS_MAX	128
61 #define CRYPTO_SW_SESSIONS	32
62 
63 /* HMAC values */
64 #define HMAC_MD5_BLOCK_LEN	64
65 #define HMAC_SHA1_BLOCK_LEN	64
66 #define HMAC_RIPEMD160_BLOCK_LEN 64
67 #define HMAC_SHA2_256_BLOCK_LEN	64
68 #define HMAC_SHA2_384_BLOCK_LEN	128
69 #define HMAC_SHA2_512_BLOCK_LEN	128
70 #define HMAC_MAX_BLOCK_LEN	HMAC_SHA2_512_BLOCK_LEN	/* keep in sync */
71 #define HMAC_IPAD_VAL		0x36
72 #define HMAC_OPAD_VAL		0x5C
73 
74 /* Encryption algorithm block sizes */
75 #define DES_BLOCK_LEN		8
76 #define DES3_BLOCK_LEN		8
77 #define BLOWFISH_BLOCK_LEN	8
78 #define CAST128_BLOCK_LEN	8
79 #define RIJNDAEL128_BLOCK_LEN	16
80 #define EALG_MAX_BLOCK_LEN	16 /* Keep this updated */
81 
82 /* Maximum hash algorithm result length */
83 #define AALG_MAX_RESULT_LEN	64 /* Keep this updated */
84 
85 #define CRYPTO_DES_CBC		1
86 #define CRYPTO_3DES_CBC		2
87 #define CRYPTO_BLF_CBC		3
88 #define CRYPTO_CAST_CBC		4
89 #define CRYPTO_MD5_HMAC		6
90 #define CRYPTO_SHA1_HMAC	7
91 #define CRYPTO_RIPEMD160_HMAC	8
92 #define CRYPTO_MD5_KPDK		9
93 #define CRYPTO_SHA1_KPDK	10
94 #define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
95 #define CRYPTO_AES_CBC		11 /* 128 bit blocksize -- the same as above */
96 #define CRYPTO_ARC4		12
97 #define CRYPTO_MD5		13
98 #define CRYPTO_SHA1		14
99 #define CRYPTO_DEFLATE_COMP	15 /* Deflate compression algorithm */
100 #define CRYPTO_NULL		16
101 #define CRYPTO_LZS_COMP		17 /* LZS compression algorithm */
102 #define CRYPTO_SHA2_256_HMAC	18
103 #define CRYPTO_SHA2_384_HMAC	19
104 #define CRYPTO_SHA2_512_HMAC	20
105 #define CRYPTO_AES_CTR		21
106 #define CRYPTO_AES_XTS		22
107 #define CRYPTO_AES_GCM_16	23
108 #define CRYPTO_AES_128_GMAC	24
109 #define CRYPTO_AES_192_GMAC	25
110 #define CRYPTO_AES_256_GMAC	26
111 #define CRYPTO_AES_GMAC		27
112 #define CRYPTO_ESN		28 /* Support for Extended Sequence Numbers */
113 #define CRYPTO_ALGORITHM_MAX	28 /* Keep updated */
114 
115 /* Algorithm flags */
116 #define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
117 #define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
118 #define	CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
119 
120 /* Standard initialization structure beginning */
121 struct cryptoini {
122 	int		cri_alg;	/* Algorithm to use */
123 	int		cri_klen;	/* Key length, in bits */
124 	int		cri_rnd;	/* Algorithm rounds, where relevant */
125 	caddr_t		cri_key;	/* key to use */
126 	union {
127 		u_int8_t	iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
128 		u_int8_t	esn[4];			/* high-order ESN */
129 	} u;
130 #define cri_iv		u.iv
131 #define cri_esn		u.esn
132 	struct cryptoini *cri_next;
133 };
134 
135 /* Describe boundaries of a single crypto operation */
136 struct cryptodesc {
137 	int		crd_skip;	/* How many bytes to ignore from start */
138 	int		crd_len;	/* How many bytes to process */
139 	int		crd_inject;	/* Where to inject results, if applicable */
140 	int		crd_flags;
141 
142 #define	CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
143 #define	CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
144 					   place, so don't copy. */
145 #define	CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
146 #define	CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
147 #define CRD_F_COMP		0x10    /* Set when doing compression */
148 #define CRD_F_ESN		0x20	/* Set when ESN field is provided */
149 
150 	struct cryptoini	CRD_INI; /* Initialization/context data */
151 #define crd_esn		CRD_INI.cri_esn
152 #define crd_iv		CRD_INI.cri_iv
153 #define crd_key		CRD_INI.cri_key
154 #define crd_rnd		CRD_INI.cri_rnd
155 #define crd_alg		CRD_INI.cri_alg
156 #define crd_klen	CRD_INI.cri_klen
157 
158 	struct cryptodesc *crd_next;
159 };
160 
161 /* Structure describing complete operation */
162 struct cryptop {
163 	struct task	crp_task;
164 
165 	u_int64_t	crp_sid;	/* Session ID */
166 	int		crp_ilen;	/* Input data total length */
167 	int		crp_olen;	/* Result total length */
168 	int		crp_alloctype;	/* Type of buf to allocate if needed */
169 
170 	int		crp_etype;	/*
171 					 * Error type (zero means no error).
172 					 * All error codes except EAGAIN
173 					 * indicate possible data corruption (as in,
174 					 * the data have been touched). On all
175 					 * errors, the crp_sid may have changed
176 					 * (reset to a new one), so the caller
177 					 * should always check and use the new
178 					 * value on future requests.
179 					 */
180 	int		crp_flags;
181 
182 #define CRYPTO_F_IMBUF	0x0001	/* Input/output are mbuf chains, otherwise contig */
183 #define CRYPTO_F_IOV	0x0002	/* Input/output are uio */
184 #define CRYPTO_F_REL	0x0004	/* Must return data in same place */
185 #define CRYPTO_F_NOQUEUE	0x0008	/* Don't use crypto queue/thread */
186 #define CRYPTO_F_DONE	0x0010	/* request completed */
187 
188 	void 		*crp_buf;	/* Data to be processed */
189 	void 		*crp_opaque;	/* Opaque pointer, passed along */
190 	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
191 
192 	int (*crp_callback)(struct cryptop *); /* Callback function */
193 
194 	caddr_t		crp_mac;
195 };
196 
197 #define CRYPTO_BUF_IOV		0x1
198 #define CRYPTO_BUF_MBUF		0x2
199 
200 #define CRYPTO_OP_DECRYPT	0x0
201 #define CRYPTO_OP_ENCRYPT	0x1
202 
203 /* bignum parameter, in packed bytes, ... */
204 struct crparam {
205 	caddr_t		crp_p;
206 	u_int		crp_nbits;
207 };
208 
209 #define CRK_MAXPARAM	8
210 
211 struct crypt_kop {
212 	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
213 	u_int		crk_status;	/* return status */
214 	u_short		crk_iparams;	/* # of input parameters */
215 	u_short		crk_oparams;	/* # of output parameters */
216 	u_int		crk_pad1;
217 	struct crparam	crk_param[CRK_MAXPARAM];
218 };
219 #define CRK_MOD_EXP		0
220 #define CRK_MOD_EXP_CRT		1
221 #define CRK_DSA_SIGN		2
222 #define CRK_DSA_VERIFY		3
223 #define CRK_DH_COMPUTE_KEY	4
224 #define CRK_ALGORITHM_MAX	4 /* Keep updated */
225 
226 #define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
227 #define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
228 #define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
229 #define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
230 #define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
231 
232 struct cryptkop {
233 	struct task	krp_task;
234 
235 	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
236 	u_int		krp_status;	/* return status */
237 	u_short		krp_iparams;	/* # of input parameters */
238 	u_short		krp_oparams;	/* # of output parameters */
239 	u_int32_t	krp_hid;
240 	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
241 	int		(*krp_callback)(struct cryptkop *);
242 };
243 
244 /* Crypto capabilities structure */
245 struct cryptocap {
246 	u_int64_t	cc_operations;	/* Counter of how many ops done */
247 	u_int64_t	cc_bytes;	/* Counter of how many bytes done */
248 	u_int64_t	cc_koperations;	/* How many PK ops done */
249 
250 	u_int32_t	cc_sessions;	/* How many sessions allocated */
251 
252 	/* Symmetric/hash algorithms supported */
253 	int		cc_alg[CRYPTO_ALGORITHM_MAX + 1];
254 
255 	/* Asymmetric algorithms supported */
256 	int		cc_kalg[CRK_ALGORITHM_MAX + 1];
257 
258 	int		cc_queued;	/* Operations queued */
259 
260 	u_int8_t	cc_flags;
261 #define CRYPTOCAP_F_CLEANUP     0x01
262 #define CRYPTOCAP_F_SOFTWARE    0x02
263 #define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
264 #define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
265 
266 	int		(*cc_newsession) (u_int32_t *, struct cryptoini *);
267 	int		(*cc_process) (struct cryptop *);
268 	int		(*cc_freesession) (u_int64_t);
269 	int		(*cc_kprocess) (struct cryptkop *);
270 };
271 
272 /*
273  * ioctl parameter to request creation of a session.
274  */
275 struct session_op {
276 	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
277 	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
278 
279 	u_int32_t	keylen;		/* cipher key */
280 	caddr_t		key;
281 	int		mackeylen;	/* mac key */
282 	caddr_t		mackey;
283 
284 	u_int32_t	ses;		/* returns: session # */
285 };
286 
287 /*
288  * ioctl parameter to request a crypt/decrypt operation against a session.
289  */
290 struct crypt_op {
291 	u_int32_t	ses;
292 	u_int16_t	op;		/* ie. COP_ENCRYPT */
293 #define COP_ENCRYPT	1
294 #define COP_DECRYPT	2
295 	u_int16_t	flags;		/* always 0 */
296 
297 	u_int		len;
298 	caddr_t		src, dst;	/* become iov[] inside kernel */
299 	caddr_t		mac;		/* must be big enough for chosen MAC */
300 	caddr_t		iv;
301 };
302 
303 #define CRYPTO_MAX_MAC_LEN	20
304 
305 /*
306  * done against open of /dev/crypto, to get a cloned descriptor.
307  * Please use F_SETFD against the cloned descriptor.
308  */
309 #define	CRIOGET		_IOWR('c', 100, u_int32_t)
310 
311 /* the following are done against the cloned descriptor */
312 #define	CIOCGSESSION	_IOWR('c', 101, struct session_op)
313 #define	CIOCFSESSION	_IOW('c', 102, u_int32_t)
314 #define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
315 #define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
316 
317 #define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
318 
319 #ifdef _KERNEL
320 int	crypto_newsession(u_int64_t *, struct cryptoini *, int);
321 int	crypto_freesession(u_int64_t);
322 int	crypto_dispatch(struct cryptop *);
323 int	crypto_kdispatch(struct cryptkop *);
324 int	crypto_register(u_int32_t, int *,
325 	    int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
326 	    int (*)(struct cryptop *));
327 int	crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
328 int	crypto_unregister(u_int32_t, int);
329 int32_t	crypto_get_driverid(u_int8_t);
330 int	crypto_invoke(struct cryptop *);
331 int	crypto_kinvoke(struct cryptkop *);
332 void	crypto_done(struct cryptop *);
333 void	crypto_kdone(struct cryptkop *);
334 int	crypto_getfeat(int *);
335 
336 void	cuio_copydata(struct uio *, int, int, caddr_t);
337 void	cuio_copyback(struct uio *, int, int, const void *);
338 int	cuio_getptr(struct uio *, int, int *);
339 int	cuio_apply(struct uio *, int, int,
340 	    int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
341 
342 struct	cryptop *crypto_getreq(int);
343 void	crypto_freereq(struct cryptop *);
344 #endif /* _KERNEL */
345 #endif /* _CRYPTO_CRYPTO_H_ */
346