Changeset 32097


Ignore:
Timestamp:
May 19, 2017, 5:21:40 AM (9 days ago)
Author:
brainslayer
Message:

update cryptodev

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/router/openssl/include/crypto/cryptodev.h

    r30490 r32097  
    1 /*      $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $   */
    2 /*      $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $     */
    3 
    4 /*-
    5  * Linux port done by David McCullough <david_mccullough@mcafee.com>
    6  * Copyright (C) 2006-2010 David McCullough
    7  * Copyright (C) 2004-2005 Intel Corporation.
    8  * The license and original author are listed below.
     1/* This is a source compatible implementation with the original API of
     2 * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
     3 * Placed under public domain */
     4
     5#ifndef L_CRYPTODEV_H
     6#define L_CRYPTODEV_H
     7
     8#include <linux/types.h>
     9#ifndef __KERNEL__
     10#define __user
     11#endif
     12
     13/* API extensions for linux */
     14#define CRYPTO_HMAC_MAX_KEY_LEN         512
     15#define CRYPTO_CIPHER_MAX_KEY_LEN       64
     16
     17/* All the supported algorithms
     18 */
     19enum cryptodev_crypto_op_t {
     20        CRYPTO_DES_CBC = 1,
     21        CRYPTO_3DES_CBC = 2,
     22        CRYPTO_BLF_CBC = 3,
     23        CRYPTO_CAST_CBC = 4,
     24        CRYPTO_SKIPJACK_CBC = 5,
     25        CRYPTO_MD5_HMAC = 6,
     26        CRYPTO_SHA1_HMAC = 7,
     27        CRYPTO_RIPEMD160_HMAC = 8,
     28        CRYPTO_MD5_KPDK = 9,
     29        CRYPTO_SHA1_KPDK = 10,
     30        CRYPTO_RIJNDAEL128_CBC = 11,
     31        CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
     32        CRYPTO_ARC4 = 12,
     33        CRYPTO_MD5 = 13,
     34        CRYPTO_SHA1 = 14,
     35        CRYPTO_DEFLATE_COMP = 15,
     36        CRYPTO_NULL = 16,
     37        CRYPTO_LZS_COMP = 17,
     38        CRYPTO_SHA2_256_HMAC = 18,
     39        CRYPTO_SHA2_384_HMAC = 19,
     40        CRYPTO_SHA2_512_HMAC = 20,
     41        CRYPTO_AES_CTR = 21,
     42        CRYPTO_AES_XTS = 22,
     43        CRYPTO_AES_ECB = 23,
     44        CRYPTO_AES_GCM = 50,
     45
     46        CRYPTO_CAMELLIA_CBC = 101,
     47        CRYPTO_RIPEMD160,
     48        CRYPTO_SHA2_224,
     49        CRYPTO_SHA2_256,
     50        CRYPTO_SHA2_384,
     51        CRYPTO_SHA2_512,
     52        CRYPTO_SHA2_224_HMAC,
     53        CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
     54};
     55
     56#define CRYPTO_ALGORITHM_MAX    (CRYPTO_ALGORITHM_ALL - 1)
     57
     58/* Values for ciphers */
     59#define DES_BLOCK_LEN           8
     60#define DES3_BLOCK_LEN          8
     61#define RIJNDAEL128_BLOCK_LEN   16
     62#define AES_BLOCK_LEN           RIJNDAEL128_BLOCK_LEN
     63#define CAMELLIA_BLOCK_LEN      16
     64#define BLOWFISH_BLOCK_LEN      8
     65#define SKIPJACK_BLOCK_LEN      8
     66#define CAST128_BLOCK_LEN       8
     67
     68/* the maximum of the above */
     69#define EALG_MAX_BLOCK_LEN      16
     70
     71/* Values for hashes/MAC */
     72#define AALG_MAX_RESULT_LEN             64
     73
     74/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
     75#define CRYPTODEV_MAX_ALG_NAME          64
     76
     77#define HASH_MAX_LEN 64
     78
     79/* input of CIOCGSESSION */
     80struct session_op {
     81        /* Specify either cipher or mac
     82         */
     83        __u32   cipher;         /* cryptodev_crypto_op_t */
     84        __u32   mac;            /* cryptodev_crypto_op_t */
     85
     86        __u32   keylen;
     87        __u8    __user *key;
     88        __u32   mackeylen;
     89        __u8    __user *mackey;
     90
     91        __u32   ses;            /* session identifier */
     92};
     93
     94struct session_info_op {
     95        __u32 ses;              /* session identifier */
     96
     97        /* verbose names for the requested ciphers */
     98        struct alg_info {
     99                char cra_name[CRYPTODEV_MAX_ALG_NAME];
     100                char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
     101        } cipher_info, hash_info;
     102
     103        __u16   alignmask;      /* alignment constraints */
     104        __u32   flags;          /* SIOP_FLAGS_* */
     105};
     106
     107/* If this flag is set then this algorithm uses
     108 * a driver only available in kernel (software drivers,
     109 * or drivers based on instruction sets do not set this flag).
    9110 *
    10  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
    11  * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
     111 * If multiple algorithms are involved (as in AEAD case), then
     112 * if one of them is kernel-driver-only this flag will be set.
     113 */
     114#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
     115
     116#define COP_ENCRYPT     0
     117#define COP_DECRYPT     1
     118
     119/* input of CIOCCRYPT */
     120struct crypt_op {
     121        __u32   ses;            /* session identifier */
     122        __u16   op;             /* COP_ENCRYPT or COP_DECRYPT */
     123        __u16   flags;          /* see COP_FLAG_* */
     124        __u32   len;            /* length of source data */
     125        __u8    __user *src;    /* source data */
     126        __u8    __user *dst;    /* pointer to output data */
     127        /* pointer to output data for hash/MAC operations */
     128        __u8    __user *mac;
     129        /* initialization vector for encryption operations */
     130        __u8    __user *iv;
     131};
     132
     133/* input of CIOCAUTHCRYPT */
     134struct crypt_auth_op {
     135        __u32   ses;            /* session identifier */
     136        __u16   op;             /* COP_ENCRYPT or COP_DECRYPT */
     137        __u16   flags;          /* see COP_FLAG_AEAD_* */
     138        __u32   len;            /* length of source data */
     139        __u32   auth_len;       /* length of auth data */
     140        __u8    __user *auth_src;       /* authenticated-only data */
     141
     142        /* The current implementation is more efficient if data are
     143         * encrypted in-place (src==dst). */
     144        __u8    __user *src;    /* data to be encrypted and authenticated */
     145        __u8    __user *dst;    /* pointer to output data. Must have
     146                                 * space for tag. For TLS this should be at least
     147                                 * len + tag_size + block_size for padding */
     148
     149        __u8    __user *tag;    /* where the tag will be copied to. TLS mode
     150                                 * doesn't use that as tag is copied to dst.
     151                                 * SRTP mode copies tag there. */
     152        __u32   tag_len;        /* the length of the tag. Use zero for digest size or max tag. */
     153
     154        /* initialization vector for encryption operations */
     155        __u8    __user *iv;
     156        __u32   iv_len;
     157};
     158
     159/* In plain AEAD mode the following are required:
     160 *  flags   : 0
     161 *  iv      : the initialization vector (12 bytes)
     162 *  auth_len: the length of the data to be authenticated
     163 *  auth_src: the data to be authenticated
     164 *  len     : length of data to be encrypted
     165 *  src     : the data to be encrypted
     166 *  dst     : space to hold encrypted data. It must have
     167 *            at least a size of len + tag_size.
     168 *  tag_size: the size of the desired authentication tag or zero to use
     169 *            the maximum tag output.
    12170 *
    13  * This code was written by Angelos D. Keromytis in Athens, Greece, in
    14  * February 2000. Network Security Technologies Inc. (NSTI) kindly
    15  * supported the development of this code.
     171 * Note tag isn't being used because the Linux AEAD interface
     172 * copies the tag just after data.
     173 */
     174
     175/* In TLS mode (used for CBC ciphers that required padding)
     176 * the following are required:
     177 *  flags   : COP_FLAG_AEAD_TLS_TYPE
     178 *  iv      : the initialization vector
     179 *  auth_len: the length of the data to be authenticated only
     180 *  len     : length of data to be encrypted
     181 *  auth_src: the data to be authenticated
     182 *  src     : the data to be encrypted
     183 *  dst     : space to hold encrypted data (preferably in-place). It must have
     184 *            at least a size of len + tag_size + blocksize.
     185 *  tag_size: the size of the desired authentication tag or zero to use
     186 *            the default mac output.
    16187 *
    17  * Copyright (c) 2000 Angelos D. Keromytis
    18  *
    19  * Permission to use, copy, and modify this software with or without fee
    20  * is hereby granted, provided that this entire notice is included in
    21  * all source code copies of any software which is or includes a copy or
    22  * modification of this software.
    23  *
    24  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
    25  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
    26  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
    27  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
    28  * PURPOSE.
    29  *
    30  * Copyright (c) 2001 Theo de Raadt
    31  *
    32  * Redistribution and use in source and binary forms, with or without
    33  * modification, are permitted provided that the following conditions
    34  * are met:
    35  *
    36  * 1. Redistributions of source code must retain the above copyright
    37  *   notice, this list of conditions and the following disclaimer.
    38  * 2. Redistributions in binary form must reproduce the above copyright
    39  *   notice, this list of conditions and the following disclaimer in the
    40  *   documentation and/or other materials provided with the distribution.
    41  * 3. The name of the author may not be used to endorse or promote products
    42  *   derived from this software without specific prior written permission.
    43  *
    44  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
    45  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
    46  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    47  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
    48  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    49  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    50  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    51  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    52  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
    53  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    54  *
    55  * Effort sponsored in part by the Defense Advanced Research Projects
    56  * Agency (DARPA) and Air Force Research Laboratory, Air Force
    57  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
    58  *
    59  */
    60 
    61 #ifndef _CRYPTO_CRYPTO_H_
    62 #define _CRYPTO_CRYPTO_H_
    63 
    64 /* Some initial values */
    65 #define CRYPTO_DRIVERS_INITIAL  4
    66 #define CRYPTO_SW_SESSIONS      32
    67 
    68 /* Hash values */
    69 #define NULL_HASH_LEN           0
    70 #define MD5_HASH_LEN            16
    71 #define SHA1_HASH_LEN           20
    72 #define RIPEMD160_HASH_LEN      20
    73 #define SHA2_256_HASH_LEN       32
    74 #define SHA2_384_HASH_LEN       48
    75 #define SHA2_512_HASH_LEN       64
    76 #define MD5_KPDK_HASH_LEN       16
    77 #define SHA1_KPDK_HASH_LEN      20
    78 /* Maximum hash algorithm result length */
    79 #define HASH_MAX_LEN            SHA2_512_HASH_LEN /* Keep this updated */
    80 
    81 /* HMAC values */
    82 #define NULL_HMAC_BLOCK_LEN                     1
    83 #define MD5_HMAC_BLOCK_LEN                      64
    84 #define SHA1_HMAC_BLOCK_LEN                     64
    85 #define RIPEMD160_HMAC_BLOCK_LEN        64
    86 #define SHA2_256_HMAC_BLOCK_LEN         64
    87 #define SHA2_384_HMAC_BLOCK_LEN         128
    88 #define SHA2_512_HMAC_BLOCK_LEN         128
    89 /* Maximum HMAC block length */
    90 #define HMAC_MAX_BLOCK_LEN              SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
    91 #define HMAC_IPAD_VAL                   0x36
    92 #define HMAC_OPAD_VAL                   0x5C
    93 
    94 /* Encryption algorithm block sizes */
    95 #define NULL_BLOCK_LEN                  1
    96 #define DES_BLOCK_LEN                   8
    97 #define DES3_BLOCK_LEN                  8
    98 #define BLOWFISH_BLOCK_LEN              8
    99 #define SKIPJACK_BLOCK_LEN              8
    100 #define CAST128_BLOCK_LEN               8
    101 #define RIJNDAEL128_BLOCK_LEN   16
    102 #define AES_BLOCK_LEN                   RIJNDAEL128_BLOCK_LEN
    103 #define CAMELLIA_BLOCK_LEN              16
    104 #define ARC4_BLOCK_LEN                  1
    105 #define EALG_MAX_BLOCK_LEN              AES_BLOCK_LEN /* Keep this updated */
    106 
    107 /* Encryption algorithm min and max key sizes */
    108 #define NULL_MIN_KEY_LEN                0
    109 #define NULL_MAX_KEY_LEN                0
    110 #define DES_MIN_KEY_LEN                 8
    111 #define DES_MAX_KEY_LEN                 8
    112 #define DES3_MIN_KEY_LEN                24
    113 #define DES3_MAX_KEY_LEN                24
    114 #define BLOWFISH_MIN_KEY_LEN    4
    115 #define BLOWFISH_MAX_KEY_LEN    56
    116 #define SKIPJACK_MIN_KEY_LEN    10
    117 #define SKIPJACK_MAX_KEY_LEN    10
    118 #define CAST128_MIN_KEY_LEN             5
    119 #define CAST128_MAX_KEY_LEN             16
    120 #define RIJNDAEL128_MIN_KEY_LEN 16
    121 #define RIJNDAEL128_MAX_KEY_LEN 32
    122 #define AES_MIN_KEY_LEN                 RIJNDAEL128_MIN_KEY_LEN
    123 #define AES_MAX_KEY_LEN                 RIJNDAEL128_MAX_KEY_LEN
    124 #define CAMELLIA_MIN_KEY_LEN    16
    125 #define CAMELLIA_MAX_KEY_LEN    32
    126 #define ARC4_MIN_KEY_LEN                1
    127 #define ARC4_MAX_KEY_LEN                256
    128 
    129 /* Max size of data that can be processed */
    130 #define CRYPTO_MAX_DATA_LEN             64*1024 - 1
    131 
    132 #define CRYPTO_ALGORITHM_MIN    1
    133 #define CRYPTO_DES_CBC                  1
    134 #define CRYPTO_3DES_CBC                 2
    135 #define CRYPTO_BLF_CBC                  3
    136 #define CRYPTO_CAST_CBC                 4
    137 #define CRYPTO_SKIPJACK_CBC             5
    138 #define CRYPTO_MD5_HMAC                 6
    139 #define CRYPTO_SHA1_HMAC                7
    140 #define CRYPTO_RIPEMD160_HMAC   8
    141 #define CRYPTO_MD5_KPDK                 9
    142 #define CRYPTO_SHA1_KPDK                10
    143 #define CRYPTO_RIJNDAEL128_CBC  11 /* 128 bit blocksize */
    144 #define CRYPTO_AES_CBC                  11 /* 128 bit blocksize -- the same as above */
    145 #define CRYPTO_ARC4                             12
    146 #define CRYPTO_MD5                              13
    147 #define CRYPTO_SHA1                             14
    148 #define CRYPTO_NULL_HMAC                15
    149 #define CRYPTO_NULL_CBC                 16
    150 #define CRYPTO_DEFLATE_COMP             17 /* Deflate compression algorithm */
    151 #define CRYPTO_SHA2_256_HMAC    18
    152 #define CRYPTO_SHA2_384_HMAC    19
    153 #define CRYPTO_SHA2_512_HMAC    20
    154 #define CRYPTO_CAMELLIA_CBC             21
    155 #define CRYPTO_SHA2_256                 22
    156 #define CRYPTO_SHA2_384                 23
    157 #define CRYPTO_SHA2_512                 24
    158 #define CRYPTO_RIPEMD160                25
    159 #define CRYPTO_LZS_COMP                 26
    160 #define CRYPTO_ALGORITHM_MAX    26 /* Keep updated - see above */
    161 
    162 /* Algorithm flags */
    163 #define CRYPTO_ALG_FLAG_SUPPORTED       0x01 /* Algorithm is supported */
    164 #define CRYPTO_ALG_FLAG_RNG_ENABLE      0x02 /* Has HW RNG for DH/DSA */
    165 #define CRYPTO_ALG_FLAG_DSA_SHA         0x04 /* Can do SHA on msg */
    166 
    167 /*
    168  * Crypto driver/device flags.  They can set in the crid
    169  * parameter when creating a session or submitting a key
    170  * op to affect the device/driver assigned.  If neither
    171  * of these are specified then the crid is assumed to hold
    172  * the driver id of an existing (and suitable) device that
    173  * must be used to satisfy the request.
    174  */
    175 #define CRYPTO_FLAG_HARDWARE    0x01000000      /* hardware accelerated */
    176 #define CRYPTO_FLAG_SOFTWARE    0x02000000      /* software implementation */
    177 
    178 /* NB: deprecated */
    179 struct session_op {
    180         u_int32_t       cipher;         /* ie. CRYPTO_DES_CBC */
    181         u_int32_t       mac;            /* ie. CRYPTO_MD5_HMAC */
    182 
    183         u_int32_t       keylen;         /* cipher key */
    184         caddr_t         key;
    185         int             mackeylen;      /* mac key */
    186         caddr_t         mackey;
    187 
    188         u_int32_t       ses;            /* returns: session # */
    189 };
    190 
    191 struct session2_op {
    192         u_int32_t       cipher;         /* ie. CRYPTO_DES_CBC */
    193         u_int32_t       mac;            /* ie. CRYPTO_MD5_HMAC */
    194 
    195         u_int32_t       keylen;         /* cipher key */
    196         caddr_t         key;
    197         int             mackeylen;      /* mac key */
    198         caddr_t         mackey;
    199 
    200         u_int32_t       ses;            /* returns: session # */
    201         int             crid;           /* driver id + flags (rw) */
    202         int             pad[4];         /* for future expansion */
    203 };
    204 
    205 struct crypt_op {
    206         u_int32_t       ses;
    207         u_int16_t       op;             /* i.e. COP_ENCRYPT */
    208 #define COP_NONE        0
    209 #define COP_ENCRYPT     1
    210 #define COP_DECRYPT     2
    211         u_int16_t       flags;
    212 #define COP_F_BATCH     0x0008          /* Batch op if possible */
    213         u_int           len;
    214         caddr_t         src, dst;       /* become iov[] inside kernel */
    215         caddr_t         mac;            /* must be big enough for chosen MAC */
    216         caddr_t         iv;
    217 };
    218 
    219 /*
    220  * Parameters for looking up a crypto driver/device by
    221  * device name or by id.  The latter are returned for
    222  * created sessions (crid) and completed key operations.
    223  */
    224 struct crypt_find_op {
    225         int             crid;           /* driver id + flags */
    226         char            name[32];       /* device/driver name */
    227 };
    228 
    229 /* bignum parameter, in packed bytes, ... */
     188 * Note that the padding used is the minimum padding.
     189 */
     190
     191/* In SRTP mode the following are required:
     192 *  flags   : COP_FLAG_AEAD_SRTP_TYPE
     193 *  iv      : the initialization vector
     194 *  auth_len: the length of the data to be authenticated. This must
     195 *            include the SRTP header + SRTP payload (data to be encrypted) + rest
     196 *           
     197 *  len     : length of data to be encrypted
     198 *  auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
     199 *  src     : pointer to the data to be encrypted.
     200 *  dst     : This is mandatory to be the same as src (in-place only).
     201 *  tag_size: the size of the desired authentication tag or zero to use
     202 *            the default mac output.
     203 *  tag     : Pointer to an address where the authentication tag will be copied.
     204 */
     205
     206
     207/* struct crypt_op flags */
     208
     209#define COP_FLAG_NONE           (0 << 0) /* totally no flag */
     210#define COP_FLAG_UPDATE         (1 << 0) /* multi-update hash mode */
     211#define COP_FLAG_FINAL          (1 << 1) /* multi-update final hash mode */
     212#define COP_FLAG_WRITE_IV       (1 << 2) /* update the IV during operation */
     213#define COP_FLAG_NO_ZC          (1 << 3) /* do not zero-copy */
     214#define COP_FLAG_AEAD_TLS_TYPE  (1 << 4) /* authenticate and encrypt using the
     215                                          * TLS protocol rules */
     216#define COP_FLAG_AEAD_SRTP_TYPE  (1 << 5) /* authenticate and encrypt using the
     217                                           * SRTP protocol rules */
     218#define COP_FLAG_RESET          (1 << 6) /* multi-update reset the state.
     219                                          * should be used in combination
     220                                          * with COP_FLAG_UPDATE */
     221
     222
     223/* Stuff for bignum arithmetic and public key
     224 * cryptography - not supported yet by linux
     225 * cryptodev.
     226 */
     227
     228#define CRYPTO_ALG_FLAG_SUPPORTED       1
     229#define CRYPTO_ALG_FLAG_RNG_ENABLE      2
     230#define CRYPTO_ALG_FLAG_DSA_SHA         4
     231
    230232struct crparam {
    231         caddr_t         crp_p;
    232         u_int           crp_nbits;
     233        __u8    *crp_p;
     234        __u32   crp_nbits;
    233235};
    234236
    235237#define CRK_MAXPARAM    8
    236238
     239/* input of CIOCKEY */
    237240struct crypt_kop {
    238         u_int           crk_op;         /* ie. CRK_MOD_EXP or other */
    239         u_int           crk_status;     /* return status */
    240         u_short         crk_iparams;    /* # of input parameters */
    241         u_short         crk_oparams;    /* # of output parameters */
    242         u_int           crk_crid;       /* NB: only used by CIOCKEY2 (rw) */
     241        __u32   crk_op;         /* cryptodev_crk_op_t */
     242        __u32   crk_status;
     243        __u16   crk_iparams;
     244        __u16   crk_oparams;
     245        __u32   crk_pad1;
    243246        struct crparam  crk_param[CRK_MAXPARAM];
    244247};
    245 #define CRK_ALGORITM_MIN        0
    246 #define CRK_MOD_EXP             0
    247 #define CRK_MOD_EXP_CRT         1
    248 #define CRK_DSA_SIGN            2
    249 #define CRK_DSA_VERIFY          3
    250 #define CRK_DH_COMPUTE_KEY      4
    251 #define CRK_ALGORITHM_MAX       4 /* Keep updated - see below */
    252 
     248
     249enum cryptodev_crk_op_t {
     250        CRK_MOD_EXP = 0,
     251        CRK_MOD_EXP_CRT = 1,
     252        CRK_DSA_SIGN = 2,
     253        CRK_DSA_VERIFY = 3,
     254        CRK_DH_COMPUTE_KEY = 4,
     255        CRK_ALGORITHM_ALL
     256};
     257
     258#define CRK_ALGORITHM_MAX       (CRK_ALGORITHM_ALL-1)
     259
     260/* features to be queried with CIOCASYMFEAT ioctl
     261 */
    253262#define CRF_MOD_EXP             (1 << CRK_MOD_EXP)
    254263#define CRF_MOD_EXP_CRT         (1 << CRK_MOD_EXP_CRT)
     
    257266#define CRF_DH_COMPUTE_KEY      (1 << CRK_DH_COMPUTE_KEY)
    258267
    259 /*
    260  * done against open of /dev/crypto, to get a cloned descriptor.
    261  * Please use F_SETFD against the cloned descriptor.
    262  */
    263 #define CRIOGET         _IOWR('c', 100, u_int32_t)
    264 #define CRIOASYMFEAT    CIOCASYMFEAT
    265 #define CRIOFINDDEV     CIOCFINDDEV
    266 
    267 /* the following are done against the cloned descriptor */
    268 #define CIOCGSESSION    _IOWR('c', 101, struct session_op)
    269 #define CIOCFSESSION    _IOW('c', 102, u_int32_t)
    270 #define CIOCCRYPT       _IOWR('c', 103, struct crypt_op)
    271 #define CIOCKEY         _IOWR('c', 104, struct crypt_kop)
    272 #define CIOCASYMFEAT    _IOR('c', 105, u_int32_t)
    273 #define CIOCGSESSION2   _IOWR('c', 106, struct session2_op)
    274 #define CIOCKEY2        _IOWR('c', 107, struct crypt_kop)
    275 #define CIOCFINDDEV     _IOWR('c', 108, struct crypt_find_op)
    276 
    277 struct cryptotstat {
    278         struct timespec acc;            /* total accumulated time */
    279         struct timespec min;            /* min time */
    280         struct timespec max;            /* max time */
    281         u_int32_t       count;          /* number of observations */
    282 };
    283 
    284 struct cryptostats {
    285         u_int32_t       cs_ops;         /* symmetric crypto ops submitted */
    286         u_int32_t       cs_errs;        /* symmetric crypto ops that failed */
    287         u_int32_t       cs_kops;        /* asymetric/key ops submitted */
    288         u_int32_t       cs_kerrs;       /* asymetric/key ops that failed */
    289         u_int32_t       cs_intrs;       /* crypto swi thread activations */
    290         u_int32_t       cs_rets;        /* crypto return thread activations */
    291         u_int32_t       cs_blocks;      /* symmetric op driver block */
    292         u_int32_t       cs_kblocks;     /* symmetric op driver block */
    293         /*
    294          * When CRYPTO_TIMING is defined at compile time and the
    295          * sysctl debug.crypto is set to 1, the crypto system will
    296          * accumulate statistics about how long it takes to process
    297          * crypto requests at various points during processing.
    298          */
    299         struct cryptotstat cs_invoke;   /* crypto_dipsatch -> crypto_invoke */
    300         struct cryptotstat cs_done;     /* crypto_invoke -> crypto_done */
    301         struct cryptotstat cs_cb;       /* crypto_done -> callback */
    302         struct cryptotstat cs_finis;    /* callback -> callback return */
    303 
    304         u_int32_t       cs_drops;               /* crypto ops dropped due to congestion */
    305 };
    306 
    307 #ifdef __KERNEL__
    308 
    309 /* Standard initialization structure beginning */
    310 struct cryptoini {
    311         int             cri_alg;        /* Algorithm to use */
    312         int             cri_klen;       /* Key length, in bits */
    313         int             cri_mlen;       /* Number of bytes we want from the
    314                                            entire hash. 0 means all. */
    315         caddr_t         cri_key;        /* key to use */
    316         u_int8_t        cri_iv[EALG_MAX_BLOCK_LEN];     /* IV to use */
    317         struct cryptoini *cri_next;
    318 };
    319 
    320 /* Describe boundaries of a single crypto operation */
    321 struct cryptodesc {
    322         int             crd_skip;       /* How many bytes to ignore from start */
    323         int             crd_len;        /* How many bytes to process */
    324         int             crd_inject;     /* Where to inject results, if applicable */
    325         int             crd_flags;
    326 
    327 #define CRD_F_ENCRYPT           0x01    /* Set when doing encryption */
    328 #define CRD_F_IV_PRESENT        0x02    /* When encrypting, IV is already in
    329                                            place, so don't copy. */
    330 #define CRD_F_IV_EXPLICIT       0x04    /* IV explicitly provided */
    331 #define CRD_F_DSA_SHA_NEEDED    0x08    /* Compute SHA-1 of buffer for DSA */
    332 #define CRD_F_KEY_EXPLICIT      0x10    /* Key explicitly provided */
    333 #define CRD_F_COMP              0x0f    /* Set when doing compression */
    334 
    335         struct cryptoini        CRD_INI; /* Initialization/context data */
    336 #define crd_iv          CRD_INI.cri_iv
    337 #define crd_key         CRD_INI.cri_key
    338 #define crd_alg         CRD_INI.cri_alg
    339 #define crd_klen        CRD_INI.cri_klen
    340 #define crd_mlen        CRD_INI.cri_mlen
    341 
    342         struct cryptodesc *crd_next;
    343 };
    344 
    345 /* Structure describing complete operation */
    346 struct cryptop {
    347         struct list_head crp_next;
    348         wait_queue_head_t crp_waitq;
    349 
    350         u_int64_t       crp_sid;        /* Session ID */
    351         int             crp_ilen;       /* Input data total length */
    352         int             crp_olen;       /* Result total length */
    353 
    354         int             crp_etype;      /*
    355                                          * Error type (zero means no error).
    356                                          * All error codes except EAGAIN
    357                                          * indicate possible data corruption (as in,
    358                                          * the data have been touched). On all
    359                                          * errors, the crp_sid may have changed
    360                                          * (reset to a new one), so the caller
    361                                          * should always check and use the new
    362                                          * value on future requests.
    363                                          */
    364         int             crp_flags;
    365 
    366 #define CRYPTO_F_SKBUF          0x0001  /* Input/output are skbuf chains */
    367 #define CRYPTO_F_IOV            0x0002  /* Input/output are uio */
    368 #define CRYPTO_F_REL            0x0004  /* Must return data in same place */
    369 #define CRYPTO_F_BATCH          0x0008  /* Batch op if possible */
    370 #define CRYPTO_F_CBIMM          0x0010  /* Do callback immediately */
    371 #define CRYPTO_F_DONE           0x0020  /* Operation completed */
    372 #define CRYPTO_F_CBIFSYNC       0x0040  /* Do CBIMM if op is synchronous */
    373 
    374         caddr_t         crp_buf;        /* Data to be processed */
    375         caddr_t         crp_opaque;     /* Opaque pointer, passed along */
    376         struct cryptodesc *crp_desc;    /* Linked list of processing descriptors */
    377 
    378         int (*crp_callback)(struct cryptop *); /* Callback function */
    379 };
    380 
    381 #define CRYPTO_BUF_CONTIG       0x0
    382 #define CRYPTO_BUF_IOV          0x1
    383 #define CRYPTO_BUF_SKBUF                0x2
    384 
    385 #define CRYPTO_OP_DECRYPT       0x0
    386 #define CRYPTO_OP_ENCRYPT       0x1
    387 
    388 /*
    389  * Hints passed to process methods.
    390  */
    391 #define CRYPTO_HINT_MORE        0x1     /* more ops coming shortly */
    392 
    393 struct cryptkop {
    394         struct list_head krp_next;
    395         wait_queue_head_t krp_waitq;
    396 
    397         int             krp_flags;
    398 #define CRYPTO_KF_DONE          0x0001  /* Operation completed */
    399 #define CRYPTO_KF_CBIMM         0x0002  /* Do callback immediately */
    400 
    401         u_int           krp_op;         /* ie. CRK_MOD_EXP or other */
    402         u_int           krp_status;     /* return status */
    403         u_short         krp_iparams;    /* # of input parameters */
    404         u_short         krp_oparams;    /* # of output parameters */
    405         u_int           krp_crid;       /* desired device, etc. */
    406         u_int32_t       krp_hid;
    407         struct crparam  krp_param[CRK_MAXPARAM];        /* kvm */
    408         int             (*krp_callback)(struct cryptkop *);
    409 };
    410 
    411 #include <ocf-compat.h>
    412 
    413 /*
    414  * Session ids are 64 bits.  The lower 32 bits contain a "local id" which
    415  * is a driver-private session identifier.  The upper 32 bits contain a
    416  * "hardware id" used by the core crypto code to identify the driver and
    417  * a copy of the driver's capabilities that can be used by client code to
    418  * optimize operation.
    419  */
    420 #define CRYPTO_SESID2HID(_sid)  (((_sid) >> 32) & 0x00ffffff)
    421 #define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000)
    422 #define CRYPTO_SESID2LID(_sid)  (((u_int32_t) (_sid)) & 0xffffffff)
    423 
    424 extern  int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
    425 extern  int crypto_freesession(u_int64_t sid);
    426 #define CRYPTOCAP_F_HARDWARE    CRYPTO_FLAG_HARDWARE
    427 #define CRYPTOCAP_F_SOFTWARE    CRYPTO_FLAG_SOFTWARE
    428 #define CRYPTOCAP_F_SYNC        0x04000000      /* operates synchronously */
    429 extern  int32_t crypto_get_driverid(device_t dev, int flags);
    430 extern  int crypto_find_driver(const char *);
    431 extern  device_t crypto_find_device_byhid(int hid);
    432 extern  int crypto_getcaps(int hid);
    433 extern  int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
    434             u_int32_t flags);
    435 extern  int crypto_kregister(u_int32_t, int, u_int32_t);
    436 extern  int crypto_unregister(u_int32_t driverid, int alg);
    437 extern  int crypto_unregister_all(u_int32_t driverid);
    438 extern  int crypto_dispatch(struct cryptop *crp);
    439 extern  int crypto_kdispatch(struct cryptkop *);
    440 #define CRYPTO_SYMQ     0x1
    441 #define CRYPTO_ASYMQ    0x2
    442 extern  int crypto_unblock(u_int32_t, int);
    443 extern  void crypto_done(struct cryptop *crp);
    444 extern  void crypto_kdone(struct cryptkop *);
    445 extern  int crypto_getfeat(int *);
    446 
    447 extern  void crypto_freereq(struct cryptop *crp);
    448 extern  struct cryptop *crypto_getreq(int num);
    449 
    450 extern  int crypto_usercrypto;      /* userland may do crypto requests */
    451 extern  int crypto_userasymcrypto;  /* userland may do asym crypto reqs */
    452 extern  int crypto_devallowsoft;    /* only use hardware crypto */
    453 
    454 /*
    455  * random number support,  crypto_unregister_all will unregister
    456  */
    457 extern int crypto_rregister(u_int32_t driverid,
    458                 int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg);
    459 extern int crypto_runregister_all(u_int32_t driverid);
    460 
    461 /*
    462  * Crypto-related utility routines used mainly by drivers.
    463  *
    464  * XXX these don't really belong here; but for now they're
    465  *     kept apart from the rest of the system.
    466  */
    467 struct uio;
    468 extern  void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
    469 extern  void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
    470 extern  struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
    471 
    472 extern  void crypto_copyback(int flags, caddr_t buf, int off, int size,
    473             caddr_t in);
    474 extern  void crypto_copydata(int flags, caddr_t buf, int off, int size,
    475             caddr_t out);
    476 extern  int crypto_apply(int flags, caddr_t buf, int off, int len,
    477             int (*f)(void *, void *, u_int), void *arg);
    478 
    479 #endif /* __KERNEL__ */
    480 #endif /* _CRYPTO_CRYPTO_H_ */
     268
     269/* ioctl's. Compatible with old linux cryptodev.h
     270 */
     271#define CRIOGET         _IOWR('c', 101, __u32)
     272#define CIOCGSESSION    _IOWR('c', 102, struct session_op)
     273#define CIOCFSESSION    _IOW('c', 103, __u32)
     274#define CIOCCRYPT       _IOWR('c', 104, struct crypt_op)
     275#define CIOCKEY         _IOWR('c', 105, struct crypt_kop)
     276#define CIOCASYMFEAT    _IOR('c', 106, __u32)
     277#define CIOCGSESSINFO   _IOWR('c', 107, struct session_info_op)
     278
     279/* to indicate that CRIOGET is not required in linux
     280 */
     281#define CRIOGET_NOT_NEEDED 1
     282
     283/* additional ioctls for AEAD */
     284#define CIOCAUTHCRYPT   _IOWR('c', 109, struct crypt_auth_op)
     285
     286/* additional ioctls for asynchronous operation.
     287 * These are conditionally enabled since version 1.6.
     288 */
     289#define CIOCASYNCCRYPT    _IOW('c', 110, struct crypt_op)
     290#define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
     291
     292#endif /* L_CRYPTODEV_H */
Note: See TracChangeset for help on using the changeset viewer.