1 /* $NetBSD: cryptodev.h,v 1.14.10.2 2009/05/03 17:24:45 snj Exp $ */
2 /* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $ */
3 /* $OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $ */
4
5 /*-
6 * Copyright (c) 2008 The NetBSD Foundation, Inc.
7 * All rights reserved.
8 *
9 * This code is derived from software contributed to The NetBSD Foundation
10 * by Coyote Point Systems, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /*
35 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
36 *
37 * This code was written by Angelos D. Keromytis in Athens, Greece, in
38 * February 2000. Network Security Technologies Inc. (NSTI) kindly
39 * supported the development of this code.
40 *
41 * Copyright (c) 2000 Angelos D. Keromytis
42 *
43 * Permission to use, copy, and modify this software with or without fee
44 * is hereby granted, provided that this entire notice is included in
45 * all source code copies of any software which is or includes a copy or
46 * modification of this software.
47 *
48 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
49 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
50 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
51 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
52 * PURPOSE.
53 *
54 * Copyright (c) 2001 Theo de Raadt
55 *
56 * Redistribution and use in source and binary forms, with or without
57 * modification, are permitted provided that the following conditions
58 * are met:
59 *
60 * 1. Redistributions of source code must retain the above copyright
61 * notice, this list of conditions and the following disclaimer.
62 * 2. Redistributions in binary form must reproduce the above copyright
63 * notice, this list of conditions and the following disclaimer in the
64 * documentation and/or other materials provided with the distribution.
65 * 3. The name of the author may not be used to endorse or promote products
66 * derived from this software without specific prior written permission.
67 *
68 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
69 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
70 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
71 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
72 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
73 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
74 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
75 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
76 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
77 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
78 *
79 * Effort sponsored in part by the Defense Advanced Research Projects
80 * Agency (DARPA) and Air Force Research Laboratory, Air Force
81 * Materiel Command, USAF, under agreement number F30602-01-2-0537.
82 *
83 */
84
85 #ifndef _CRYPTO_CRYPTO_H_
86 #define _CRYPTO_CRYPTO_H_
87
88 #include <sys/ioccom.h>
89
90 /* Some initial values */
91 #define CRYPTO_DRIVERS_INITIAL 4
92 #define CRYPTO_SW_SESSIONS 32
93
94 /* HMAC values */
95 #define HMAC_BLOCK_LEN 64
96 #define HMAC_IPAD_VAL 0x36
97 #define HMAC_OPAD_VAL 0x5C
98
99 /* Encryption algorithm block sizes */
100 #define DES_BLOCK_LEN 8
101 #define DES3_BLOCK_LEN 8
102 #define BLOWFISH_BLOCK_LEN 8
103 #define SKIPJACK_BLOCK_LEN 8
104 #define CAST128_BLOCK_LEN 8
105 #define RIJNDAEL128_BLOCK_LEN 16
106 #define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
107
108 /* Maximum hash algorithm result length */
109 #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
110
111 #define CRYPTO_ALGORITHM_MIN 1
112 #define CRYPTO_DES_CBC 1
113 #define CRYPTO_3DES_CBC 2
114 #define CRYPTO_BLF_CBC 3
115 #define CRYPTO_CAST_CBC 4
116 #define CRYPTO_SKIPJACK_CBC 5
117 #define CRYPTO_MD5_HMAC 6
118 #define CRYPTO_SHA1_HMAC 7
119 #define CRYPTO_RIPEMD160_HMAC 8
120 #define CRYPTO_MD5_KPDK 9
121 #define CRYPTO_SHA1_KPDK 10
122 #define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
123 #define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
124 #define CRYPTO_ARC4 12
125 #define CRYPTO_MD5 13
126 #define CRYPTO_SHA1 14
127 #define CRYPTO_SHA2_HMAC 15
128 #define CRYPTO_NULL_HMAC 16
129 #define CRYPTO_NULL_CBC 17
130 #define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */
131 #define CRYPTO_MD5_HMAC_96 19
132 #define CRYPTO_SHA1_HMAC_96 20
133 #define CRYPTO_RIPEMD160_HMAC_96 21
134 #define CRYPTO_GZIP_COMP 22 /* Deflate compression algorithm */
135 #define CRYPTO_ALGORITHM_MAX 23 /* Keep updated - see below */
136
137 /* Algorithm flags */
138 #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
139 #define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
140 #define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
141
142 struct session_op {
143 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
144 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
145 u_int32_t comp_alg; /* ie. CRYPTO_GZIP_COMP */
146
147 u_int32_t keylen; /* cipher key */
148 void * key;
149 int mackeylen; /* mac key */
150 void * mackey;
151
152 u_int32_t ses; /* returns: session # */
153 };
154
155 /* to support multiple session creation */
156
157 struct session_n_op {
158 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
159 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
160 u_int32_t comp_alg; /* ie. CRYPTO_GZIP_COMP */
161
162 u_int32_t keylen; /* cipher key */
163 void * key;
164 int mackeylen; /* mac key */
165 void * mackey;
166
167 u_int32_t ses; /* returns: session # */
168 int status;
169 };
170
171 struct crypt_op {
172 u_int32_t ses;
173 u_int16_t op; /* i.e. COP_ENCRYPT */
174 #define COP_ENCRYPT 1
175 #define COP_DECRYPT 2
176 #define COP_COMP 3
177 #define COP_DECOMP 4
178 u_int16_t flags;
179 #define COP_F_BATCH 0x0008 /* Dispatch as quickly as possible */
180 u_int len; /* src len */
181 void * src, *dst; /* become iov[] inside kernel */
182 void * mac; /* must be big enough for chosen MAC */
183 void * iv;
184 u_int dst_len; /* dst len if not 0 */
185 };
186
187 /* to support multiple session creation */
188 /*
189 *
190 * The reqid field is filled when the operation has
191 * been accepted and started, and can be used to later retrieve
192 * the operation results via CIOCNCRYPTRET or identify the
193 * request in the completion list returned by CIOCNCRYPTRETM.
194 *
195 * The opaque pointer can be set arbitrarily by the user
196 * and it is passed back in the crypt_result structure
197 * when the request completes. This field can be used for example
198 * to track context for the request and avoid lookups in the
199 * user application.
200 */
201
202 struct crypt_n_op {
203 u_int32_t ses;
204 u_int16_t op; /* i.e. COP_ENCRYPT */
205 #define COP_ENCRYPT 1
206 #define COP_DECRYPT 2
207 u_int16_t flags;
208 #define COP_F_BATCH 0x0008 /* Dispatch as quickly as possible */
209 #define COP_F_MORE 0x0010 /* more data to follow */
210 u_int len; /* src len */
211
212 u_int32_t reqid; /* request id */
213 int status; /* status of request -accepted or not */
214 void *opaque; /* opaque pointer returned to user */
215 u_int32_t keylen; /* cipher key - optional */
216 void * key;
217 u_int32_t mackeylen; /* also optional */
218 void * mackey;
219
220 void * src, *dst; /* become iov[] inside kernel */
221 void * mac; /* must be big enough for chosen MAC */
222 void * iv;
223 u_int dst_len; /* dst len if not 0 */
224 };
225
226 /* CIOCNCRYPTM ioctl argument, supporting one or more asynchronous
227 * crypt_n_op operations.
228 * Each crypt_n_op will receive a request id which can be used to check its
229 * status via CIOCNCRYPTRET, or to watch for its completion in the list
230 * obtained via CIOCNCRYPTRETM.
231 */
232 struct crypt_mop {
233 size_t count; /* how many */
234 struct crypt_n_op * reqs; /* where to get them */
235 };
236
237 struct crypt_sfop {
238 size_t count;
239 u_int32_t *sesid;
240 };
241
242 struct crypt_sgop {
243 size_t count;
244 struct session_n_op * sessions;
245 };
246
247 #define CRYPTO_MAX_MAC_LEN 20
248
249 /* bignum parameter, in packed bytes, ... */
250 struct crparam {
251 void * crp_p;
252 u_int crp_nbits;
253 };
254
255 #define CRK_MAXPARAM 8
256
257 struct crypt_kop {
258 u_int crk_op; /* ie. CRK_MOD_EXP or other */
259 u_int crk_status; /* return status */
260 u_short crk_iparams; /* # of input parameters */
261 u_short crk_oparams; /* # of output parameters */
262 u_int crk_pad1;
263 struct crparam crk_param[CRK_MAXPARAM];
264 };
265
266 /*
267 * Used with the CIOCNFKEYM ioctl.
268 *
269 * This structure allows the OCF to return a request id
270 * for each of the kop operations specified in the CIOCNFKEYM call.
271 *
272 * The crk_opaque pointer can be arbitrarily set by the user
273 * and it is passed back in the crypt_result structure
274 * when the request completes. This field can be used for example
275 * to track context for the request and avoid lookups in the
276 * user application.
277 */
278 struct crypt_n_kop {
279 u_int crk_op; /* ie. CRK_MOD_EXP or other */
280 u_int crk_status; /* return status */
281 u_short crk_iparams; /* # of input parameters */
282 u_short crk_oparams; /* # of output parameters */
283 u_int32_t crk_reqid; /* request id */
284 struct crparam crk_param[CRK_MAXPARAM];
285 void *crk_opaque; /* opaque pointer returned to user */
286 };
287
288 struct crypt_mkop {
289 size_t count; /* how many */
290 struct crypt_n_kop * reqs; /* where to get them */
291 };
292
293 /* Asynchronous key or crypto result.
294 * Note that the status will be set in the crypt_result structure,
295 * not in the original crypt_kop structure (crk_status).
296 */
297 struct crypt_result {
298 u_int32_t reqid; /* request id */
299 u_int32_t status; /* status of request: 0 if successful */
300 void * opaque; /* Opaque pointer from the user, passed along */
301 };
302
303 struct cryptret {
304 size_t count; /* space for how many */
305 struct crypt_result * results; /* where to put them */
306 };
307
308
309 /* Assymetric key operations */
310 #define CRK_ALGORITM_MIN 0
311 #define CRK_MOD_EXP 0
312 #define CRK_MOD_EXP_CRT 1
313 #define CRK_DSA_SIGN 2
314 #define CRK_DSA_VERIFY 3
315 #define CRK_DH_COMPUTE_KEY 4
316 #define CRK_MOD_ADD 5
317 #define CRK_MOD_ADDINV 6
318 #define CRK_MOD_SUB 7
319 #define CRK_MOD_MULT 8
320 #define CRK_MOD_MULTINV 9
321 #define CRK_MOD 10
322 #define CRK_ALGORITHM_MAX 10 /* Keep updated - see below */
323
324 #define CRF_MOD_EXP (1 << CRK_MOD_EXP)
325 #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
326 #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
327 #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
328 #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
329 #define CRF_MOD_ADD (1 << CRK_MOD_ADD)
330 #define CRF_MOD_ADDINV (1 << CRK_MOD_ADDINV)
331 #define CRF_MOD_SUB (1 << CRK_MOD_SUB)
332 #define CRF_MOD_MULT (1 << CRK_MOD_MULT)
333 #define CRF_MOD_MULTINV (1 << CRK_MOD_MULTINV)
334 #define CRF_MOD (1 << CRK_MOD)
335
336 /*
337 * A large comment here once held descriptions of the ioctl
338 * requests implemented by the device. This text has been moved
339 * to the crypto(4) manual page and, later, removed from this file
340 * as it was always a step behind the times.
341 */
342
343 /*
344 * done against open of /dev/crypto, to get a cloned descriptor.
345 * Please use F_SETFD against the cloned descriptor. But this ioctl
346 * is obsolete (the device now clones): please, just don't use it.
347 */
348 #define CRIOGET _IOWR('c', 100, u_int32_t)
349
350 /* the following are done against the cloned descriptor */
351 #define CIOCFSESSION _IOW('c', 102, u_int32_t)
352 #define CIOCKEY _IOWR('c', 104, struct crypt_kop)
353 #define CIOCNFKEYM _IOWR('c', 108, struct crypt_mkop)
354 #define CIOCNFSESSION _IOW('c', 109, struct crypt_sfop)
355 #define CIOCNCRYPTRETM _IOWR('c', 110, struct cryptret)
356 #define CIOCNCRYPTRET _IOWR('c', 111, struct crypt_result)
357
358 #define CIOCGSESSION _IOWR('c', 112, struct session_op)
359 #define CIOCNGSESSION _IOWR('c', 113, struct crypt_sgop)
360 #define CIOCCRYPT _IOWR('c', 114, struct crypt_op)
361 #define CIOCNCRYPTM _IOWR('c', 115, struct crypt_mop)
362
363 #define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
364
365 struct cryptotstat {
366 struct timespec acc; /* total accumulated time */
367 struct timespec min; /* max time */
368 struct timespec max; /* max time */
369 u_int32_t count; /* number of observations */
370 };
371
372 struct cryptostats {
373 u_int32_t cs_ops; /* symmetric crypto ops submitted */
374 u_int32_t cs_errs; /* symmetric crypto ops that failed */
375 u_int32_t cs_kops; /* asymetric/key ops submitted */
376 u_int32_t cs_kerrs; /* asymetric/key ops that failed */
377 u_int32_t cs_intrs; /* crypto swi thread activations */
378 u_int32_t cs_rets; /* crypto return thread activations */
379 u_int32_t cs_blocks; /* symmetric op driver block */
380 u_int32_t cs_kblocks; /* symmetric op driver block */
381 /*
382 * When CRYPTO_TIMING is defined at compile time and the
383 * sysctl debug.crypto is set to 1, the crypto system will
384 * accumulate statistics about how long it takes to process
385 * crypto requests at various points during processing.
386 */
387 struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */
388 struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */
389 struct cryptotstat cs_cb; /* crypto_done -> callback */
390 struct cryptotstat cs_finis; /* callback -> callback return */
391 };
392
393 #ifdef _KERNEL
394 /* Standard initialization structure beginning */
395 struct cryptoini {
396 int cri_alg; /* Algorithm to use */
397 int cri_klen; /* Key length, in bits */
398 int cri_rnd; /* Algorithm rounds, where relevant */
399 char *cri_key; /* key to use */
400 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
401 struct cryptoini *cri_next;
402 };
403
404 /* Describe boundaries of a single crypto operation */
405 struct cryptodesc {
406 int crd_skip; /* How many bytes to ignore from start */
407 int crd_len; /* How many bytes to process */
408 int crd_inject; /* Where to inject results, if applicable */
409 int crd_flags;
410
411 #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
412 #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
413 place, so don't copy. */
414 #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
415 #define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
416 #define CRD_F_COMP 0x10 /* Set when doing compression */
417
418 struct cryptoini CRD_INI; /* Initialization/context data */
419 #define crd_iv CRD_INI.cri_iv
420 #define crd_key CRD_INI.cri_key
421 #define crd_rnd CRD_INI.cri_rnd
422 #define crd_alg CRD_INI.cri_alg
423 #define crd_klen CRD_INI.cri_klen
424
425 struct cryptodesc *crd_next;
426 };
427
428 /* Structure describing complete operation */
429 struct cryptop {
430 TAILQ_ENTRY(cryptop) crp_next;
431 u_int64_t crp_sid; /* Session ID */
432
433 u_int32_t crp_reqid; /* request id */
434 void * crp_usropaque; /* Opaque pointer from user, passed along */
435
436 int crp_ilen; /* Input data total length */
437 int crp_olen; /* Result total length */
438
439 int crp_etype; /*
440 * Error type (zero means no error).
441 * All error codes except EAGAIN
442 * indicate possible data corruption (as in,
443 * the data have been touched). On all
444 * errors, the crp_sid may have changed
445 * (reset to a new one), so the caller
446 * should always check and use the new
447 * value on future requests.
448 */
449 int crp_flags; /* Note: must hold mutext to modify */
450
451 #define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains */
452 #define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
453 #define CRYPTO_F_REL 0x0004 /* Must return data in same place */
454 #define CRYPTO_F_BATCH 0x0008 /* Batch op if possible possible */
455 #define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */
456 #define CRYPTO_F_DONE 0x0020 /* Operation completed */
457 #define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */
458 #define CRYPTO_F_ONRETQ 0x0080 /* Request is on return queue */
459 #define CRYPTO_F_USER 0x0100 /* Request is in user context */
460 #define CRYPTO_F_MORE 0x0200 /* more data to follow */
461
462 void * crp_buf; /* Data to be processed */
463 void * crp_opaque; /* Opaque pointer, passed along */
464 struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
465
466 int (*crp_callback)(struct cryptop *); /* Callback function */
467
468 void * crp_mac;
469 struct timespec crp_tstamp; /* performance time stamp */
470 kcondvar_t crp_cv;
471 struct fcrypt *fcrp;
472 void * dst;
473 void * mac;
474 u_int len;
475 u_char tmp_iv[EALG_MAX_BLOCK_LEN];
476 u_char tmp_mac[CRYPTO_MAX_MAC_LEN];
477
478 struct iovec iovec[1];
479 struct uio uio;
480 uint32_t magic;
481 };
482
483 #define CRYPTO_BUF_CONTIG 0x0
484 #define CRYPTO_BUF_IOV 0x1
485 #define CRYPTO_BUF_MBUF 0x2
486
487 #define CRYPTO_OP_DECRYPT 0x0
488 #define CRYPTO_OP_ENCRYPT 0x1
489
490 /*
491 * Hints passed to process methods.
492 */
493 #define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */
494
495 struct cryptkop {
496 TAILQ_ENTRY(cryptkop) krp_next;
497
498 u_int32_t krp_reqid; /* request id */
499 void * krp_usropaque; /* Opaque pointer from user, passed along */
500
501 u_int krp_op; /* ie. CRK_MOD_EXP or other */
502 u_int krp_status; /* return status */
503 u_short krp_iparams; /* # of input parameters */
504 u_short krp_oparams; /* # of output parameters */
505 u_int32_t krp_hid;
506 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
507 int (*krp_callback)(struct cryptkop *);
508 int krp_flags; /* same values as crp_flags */
509 kcondvar_t krp_cv;
510 struct fcrypt *fcrp;
511 struct crparam crk_param[CRK_MAXPARAM];
512 };
513
514 /* Crypto capabilities structure */
515 struct cryptocap {
516 u_int32_t cc_sessions;
517
518 /*
519 * Largest possible operator length (in bits) for each type of
520 * encryption algorithm.
521 */
522 u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
523
524 u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1];
525
526 u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1];
527
528 u_int8_t cc_flags;
529 u_int8_t cc_qblocked; /* symmetric q blocked */
530 u_int8_t cc_kqblocked; /* asymmetric q blocked */
531 #define CRYPTOCAP_F_CLEANUP 0x01 /* needs resource cleanup */
532 #define CRYPTOCAP_F_SOFTWARE 0x02 /* software implementation */
533 #define CRYPTOCAP_F_SYNC 0x04 /* operates synchronously */
534
535 void *cc_arg; /* callback argument */
536 int (*cc_newsession)(void*, u_int32_t*, struct cryptoini*);
537 int (*cc_process) (void*, struct cryptop *, int);
538 int (*cc_freesession) (void*, u_int64_t);
539 void *cc_karg; /* callback argument */
540 int (*cc_kprocess) (void*, struct cryptkop *, int);
541 };
542
543 /*
544 * Session ids are 64 bits. The lower 32 bits contain a "local id" which
545 * is a driver-private session identifier. The upper 32 bits contain a
546 * "hardware id" used by the core crypto code to identify the driver and
547 * a copy of the driver's capabilities that can be used by client code to
548 * optimize operation.
549 */
550 #define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0xffffff)
551 #define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 56) & 0xff)
552 #define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
553
554 MALLOC_DECLARE(M_CRYPTO_DATA);
555
556 extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
557 extern int crypto_freesession(u_int64_t sid);
558 extern int32_t crypto_get_driverid(u_int32_t flags);
559 extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
560 u_int32_t flags,
561 int (*newses)(void*, u_int32_t*, struct cryptoini*),
562 int (*freeses)(void*, u_int64_t),
563 int (*process)(void*, struct cryptop *, int),
564 void *arg);
565 extern int crypto_kregister(u_int32_t, int, u_int32_t,
566 int (*)(void*, struct cryptkop *, int),
567 void *arg);
568 extern int crypto_unregister(u_int32_t driverid, int alg);
569 extern int crypto_unregister_all(u_int32_t driverid);
570 extern int crypto_dispatch(struct cryptop *crp);
571 extern int crypto_kdispatch(struct cryptkop *);
572 #define CRYPTO_SYMQ 0x1
573 #define CRYPTO_ASYMQ 0x2
574 extern int crypto_unblock(u_int32_t, int);
575 extern void crypto_done(struct cryptop *crp);
576 extern void crypto_kdone(struct cryptkop *);
577 extern int crypto_getfeat(int *);
578
579 void cuio_copydata(struct uio *, int, int, void *);
580 void cuio_copyback(struct uio *, int, int, void *);
581 int cuio_apply(struct uio *, int, int,
582 int (*f)(void *, void *, unsigned int), void *);
583
584 extern int crypto_ret_q_remove(struct cryptop *);
585 extern int crypto_ret_kq_remove(struct cryptkop *);
586 extern void crypto_freereq(struct cryptop *crp);
587 extern struct cryptop *crypto_getreq(int num);
588
589 extern int crypto_usercrypto; /* userland may do crypto requests */
590 extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */
591 extern int crypto_devallowsoft; /* only use hardware crypto */
592
593 /*
594 * Asymmetric operations are allocated in cryptodev.c but can be
595 * freed in crypto.c.
596 */
597 extern struct pool cryptkop_pool;
598
599 /*
600 * Mutual exclusion and its unwelcome friends.
601 */
602
603 extern kmutex_t crypto_mtx;
604
605 /*
606 * initialize the crypto framework subsystem (not the pseudo-device).
607 * This must be called very early in boot, so the framework is ready
608 * to handle registration requests when crpto hardware is autoconfigured.
609 * (This declaration doesnt really belong here but there's no header
610 * for the raw framework.)
611 */
612 void crypto_init(void);
613
614 /*
615 * Crypto-related utility routines used mainly by drivers.
616 *
617 * XXX these don't really belong here; but for now they're
618 * kept apart from the rest of the system.
619 */
620 struct mbuf;
621 struct mbuf *m_getptr(struct mbuf *, int, int *);
622
623 struct uio;
624 extern void cuio_copydata(struct uio* uio, int off, int len, void *cp);
625 extern void cuio_copyback(struct uio* uio, int off, int len, void *cp);
626 extern int cuio_getptr(struct uio *, int loc, int *off);
627
628 #ifdef CRYPTO_DEBUG /* yuck, netipsec defines these differently */
629 #ifndef DPRINTF
630 #define DPRINTF(a) uprintf a
631 #endif
632 #ifndef DCPRINTF
633 #define DCPRINTF(a) printf a
634 #endif
635 #else
636 #ifndef DPRINTF
637 #define DPRINTF(a)
638 #endif
639 #ifndef DCPRINTF
640 #define DCPRINTF(a)
641 #endif
642 #endif
643
644 #endif /* _KERNEL */
645 #endif /* _CRYPTO_CRYPTO_H_ */
Cache object: ae2a060e41c09a1447cacd2b87a6eefb
|