1/* $NetBSD: cryptodev.h,v 1.28 2016/07/07 06:55:43 msaitoh Exp $ */
2/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $ */
3/* $OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $ */
4
5/*-
6 * Copyright (c) 2008 The NetBSD Foundation, Inc.
7 * All rights reserved.
8 *
9 * This code is derived from software contributed to The NetBSD Foundation
10 * by Coyote Point Systems, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
36 *
37 * This code was written by Angelos D. Keromytis in Athens, Greece, in
38 * February 2000. Network Security Technologies Inc. (NSTI) kindly
39 * supported the development of this code.
40 *
41 * Copyright (c) 2000 Angelos D. Keromytis
42 *
43 * Permission to use, copy, and modify this software with or without fee
44 * is hereby granted, provided that this entire notice is included in
45 * all source code copies of any software which is or includes a copy or
46 * modification of this software.
47 *
48 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
49 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
50 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
51 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
52 * PURPOSE.
53 *
54 * Copyright (c) 2001 Theo de Raadt
55 *
56 * Redistribution and use in source and binary forms, with or without
57 * modification, are permitted provided that the following conditions
58 * are met:
59 *
60 * 1. Redistributions of source code must retain the above copyright
61 * notice, this list of conditions and the following disclaimer.
62 * 2. Redistributions in binary form must reproduce the above copyright
63 * notice, this list of conditions and the following disclaimer in the
64 * documentation and/or other materials provided with the distribution.
65 * 3. The name of the author may not be used to endorse or promote products
66 * derived from this software without specific prior written permission.
67 *
68 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
69 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
70 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
71 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
72 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
73 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
74 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
75 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
76 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
77 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
78 *
79 * Effort sponsored in part by the Defense Advanced Research Projects
80 * Agency (DARPA) and Air Force Research Laboratory, Air Force
81 * Materiel Command, USAF, under agreement number F30602-01-2-0537.
82 *
83 */
84
85#ifndef _CRYPTO_CRYPTO_H_
86#define _CRYPTO_CRYPTO_H_
87
88#include <sys/ioccom.h>
89#include <sys/condvar.h>
90#include <sys/time.h>
91
92/* Some initial values */
93#define CRYPTO_DRIVERS_INITIAL 4
94#define CRYPTO_SW_SESSIONS 32
95
96/* HMAC values */
97#define HMAC_BLOCK_LEN 64 /* for compatibility */
98#define HMAC_IPAD_VAL 0x36
99#define HMAC_OPAD_VAL 0x5C
100
101/* Encryption algorithm block sizes */
102#define DES_BLOCK_LEN 8
103#define DES3_BLOCK_LEN 8
104#define BLOWFISH_BLOCK_LEN 8
105#define SKIPJACK_BLOCK_LEN 8
106#define CAST128_BLOCK_LEN 8
107#define RIJNDAEL128_BLOCK_LEN 16
108#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
109
110/* Maximum hash algorithm result length */
111#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
112
113#define CRYPTO_ALGORITHM_MIN 1
114#define CRYPTO_DES_CBC 1
115#define CRYPTO_3DES_CBC 2
116#define CRYPTO_BLF_CBC 3
117#define CRYPTO_CAST_CBC 4
118#define CRYPTO_SKIPJACK_CBC 5
119#define CRYPTO_MD5_HMAC 6
120#define CRYPTO_SHA1_HMAC 7
121#define CRYPTO_RIPEMD160_HMAC 8
122#define CRYPTO_MD5_KPDK 9
123#define CRYPTO_SHA1_KPDK 10
124#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
125#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
126#define CRYPTO_ARC4 12
127#define CRYPTO_MD5 13
128#define CRYPTO_SHA1 14
129#define CRYPTO_SHA2_256_HMAC 15
130#define CRYPTO_SHA2_HMAC CRYPTO_SHA2_256_HMAC /* for compatibility */
131#define CRYPTO_NULL_HMAC 16
132#define CRYPTO_NULL_CBC 17
133#define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */
134#define CRYPTO_MD5_HMAC_96 19
135#define CRYPTO_SHA1_HMAC_96 20
136#define CRYPTO_RIPEMD160_HMAC_96 21
137#define CRYPTO_GZIP_COMP 22 /* gzip compression algorithm */
138#define CRYPTO_DEFLATE_COMP_NOGROW 23 /* Deflate, fail if not compressible */
139#define CRYPTO_SHA2_384_HMAC 24
140#define CRYPTO_SHA2_512_HMAC 25
141#define CRYPTO_CAMELLIA_CBC 26
142#define CRYPTO_AES_CTR 27
143#define CRYPTO_AES_XCBC_MAC_96 28
144#define CRYPTO_AES_GCM_16 29
145#define CRYPTO_AES_128_GMAC 30
146#define CRYPTO_AES_192_GMAC 31
147#define CRYPTO_AES_256_GMAC 32
148#define CRYPTO_AES_GMAC 33
149#define CRYPTO_ALGORITHM_MAX 33 /* Keep updated - see below */
150
151/* Algorithm flags */
152#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
153#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
154#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
155
156struct session_op {
157 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
158 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
159 u_int32_t comp_alg; /* ie. CRYPTO_GZIP_COMP */
160
161 u_int32_t keylen; /* cipher key */
162 void * key;
163 int mackeylen; /* mac key */
164 void * mackey;
165
166 u_int32_t ses; /* returns: session # */
167};
168
169/* to support multiple session creation */
170
171struct session_n_op {
172 u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
173 u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
174 u_int32_t comp_alg; /* ie. CRYPTO_GZIP_COMP */
175
176 u_int32_t keylen; /* cipher key */
177 void * key;
178 int mackeylen; /* mac key */
179 void * mackey;
180
181 u_int32_t ses; /* returns: session # */
182 int status;
183};
184
185struct crypt_op {
186 u_int32_t ses;
187 u_int16_t op; /* i.e. COP_ENCRYPT */
188#define COP_ENCRYPT 1
189#define COP_DECRYPT 2
190#define COP_COMP 3
191#define COP_DECOMP 4
192 u_int16_t flags;
193#define COP_F_BATCH 0x0008 /* Dispatch as quickly as possible */
194 u_int len; /* src len */
195 void * src, *dst; /* become iov[] inside kernel */
196 void * mac; /* must be big enough for chosen MAC */
197 void * iv;
198 u_int dst_len; /* dst len if not 0 */
199};
200
201/* to support multiple session creation */
202/*
203 *
204 * The reqid field is filled when the operation has
205 * been accepted and started, and can be used to later retrieve
206 * the operation results via CIOCNCRYPTRET or identify the
207 * request in the completion list returned by CIOCNCRYPTRETM.
208 *
209 * The opaque pointer can be set arbitrarily by the user
210 * and it is passed back in the crypt_result structure
211 * when the request completes. This field can be used for example
212 * to track context for the request and avoid lookups in the
213 * user application.
214 */
215
216struct crypt_n_op {
217 u_int32_t ses;
218 u_int16_t op; /* i.e. COP_ENCRYPT */
219#define COP_ENCRYPT 1
220#define COP_DECRYPT 2
221 u_int16_t flags;
222#define COP_F_BATCH 0x0008 /* Dispatch as quickly as possible */
223#define COP_F_MORE 0x0010 /* more data to follow */
224 u_int len; /* src len */
225
226 u_int32_t reqid; /* request id */
227 int status; /* status of request -accepted or not */
228 void *opaque; /* opaque pointer returned to user */
229 u_int32_t keylen; /* cipher key - optional */
230 void * key;
231 u_int32_t mackeylen; /* also optional */
232 void * mackey;
233
234 void * src, *dst; /* become iov[] inside kernel */
235 void * mac; /* must be big enough for chosen MAC */
236 void * iv;
237 u_int dst_len; /* dst len if not 0 */
238};
239
240/* CIOCNCRYPTM ioctl argument, supporting one or more asynchronous
241 * crypt_n_op operations.
242 * Each crypt_n_op will receive a request id which can be used to check its
243 * status via CIOCNCRYPTRET, or to watch for its completion in the list
244 * obtained via CIOCNCRYPTRETM.
245 */
246struct crypt_mop {
247 size_t count; /* how many */
248 struct crypt_n_op * reqs; /* where to get them */
249};
250
251struct crypt_sfop {
252 size_t count;
253 u_int32_t *sesid;
254};
255
256struct crypt_sgop {
257 size_t count;
258 struct session_n_op * sessions;
259};
260
261#define CRYPTO_MAX_MAC_LEN 20
262
263/* bignum parameter, in packed bytes, ... */
264struct crparam {
265 void * crp_p;
266 u_int crp_nbits;
267};
268
269#define CRK_MAXPARAM 8
270
271struct crypt_kop {
272 u_int crk_op; /* ie. CRK_MOD_EXP or other */
273 u_int crk_status; /* return status */
274 u_short crk_iparams; /* # of input parameters */
275 u_short crk_oparams; /* # of output parameters */
276 u_int crk_pad1;
277 struct crparam crk_param[CRK_MAXPARAM];
278};
279
280/*
281 * Used with the CIOCNFKEYM ioctl.
282 *
283 * This structure allows the OCF to return a request id
284 * for each of the kop operations specified in the CIOCNFKEYM call.
285 *
286 * The crk_opaque pointer can be arbitrarily set by the user
287 * and it is passed back in the crypt_result structure
288 * when the request completes. This field can be used for example
289 * to track context for the request and avoid lookups in the
290 * user application.
291 */
292struct crypt_n_kop {
293 u_int crk_op; /* ie. CRK_MOD_EXP or other */
294 u_int crk_status; /* return status */
295 u_short crk_iparams; /* # of input parameters */
296 u_short crk_oparams; /* # of output parameters */
297 u_int32_t crk_reqid; /* request id */
298 struct crparam crk_param[CRK_MAXPARAM];
299 void *crk_opaque; /* opaque pointer returned to user */
300};
301
302struct crypt_mkop {
303 size_t count; /* how many */
304 struct crypt_n_kop * reqs; /* where to get them */
305};
306
307/* Asynchronous key or crypto result.
308 * Note that the status will be set in the crypt_result structure,
309 * not in the original crypt_kop structure (crk_status).
310 */
311struct crypt_result {
312 u_int32_t reqid; /* request id */
313 u_int32_t status; /* status of request: 0 if successful */
314 void * opaque; /* Opaque pointer from the user, passed along */
315};
316
317struct cryptret {
318 size_t count; /* space for how many */
319 struct crypt_result * results; /* where to put them */
320};
321
322
323/* Assymetric key operations */
324#define CRK_ALGORITM_MIN 0
325#define CRK_MOD_EXP 0
326#define CRK_MOD_EXP_CRT 1
327#define CRK_DSA_SIGN 2
328#define CRK_DSA_VERIFY 3
329#define CRK_DH_COMPUTE_KEY 4
330#define CRK_MOD_ADD 5
331#define CRK_MOD_ADDINV 6
332#define CRK_MOD_SUB 7
333#define CRK_MOD_MULT 8
334#define CRK_MOD_MULTINV 9
335#define CRK_MOD 10
336#define CRK_ALGORITHM_MAX 10 /* Keep updated - see below */
337
338#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
339#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
340#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
341#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
342#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
343#define CRF_MOD_ADD (1 << CRK_MOD_ADD)
344#define CRF_MOD_ADDINV (1 << CRK_MOD_ADDINV)
345#define CRF_MOD_SUB (1 << CRK_MOD_SUB)
346#define CRF_MOD_MULT (1 << CRK_MOD_MULT)
347#define CRF_MOD_MULTINV (1 << CRK_MOD_MULTINV)
348#define CRF_MOD (1 << CRK_MOD)
349
350/*
351 * A large comment here once held descriptions of the ioctl
352 * requests implemented by the device. This text has been moved
353 * to the crypto(4) manual page and, later, removed from this file
354 * as it was always a step behind the times.
355 */
356
357/*
358 * done against open of /dev/crypto, to get a cloned descriptor.
359 * Please use F_SETFD against the cloned descriptor. But this ioctl
360 * is obsolete (the device now clones): please, just don't use it.
361 */
362#define CRIOGET _IOWR('c', 100, u_int32_t)
363
364/* the following are done against the cloned descriptor */
365#define CIOCFSESSION _IOW('c', 102, u_int32_t)
366#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
367#define CIOCNFKEYM _IOWR('c', 108, struct crypt_mkop)
368#define CIOCNFSESSION _IOW('c', 109, struct crypt_sfop)
369#define CIOCNCRYPTRETM _IOWR('c', 110, struct cryptret)
370#define CIOCNCRYPTRET _IOWR('c', 111, struct crypt_result)
371
372#define CIOCGSESSION _IOWR('c', 112, struct session_op)
373#define CIOCNGSESSION _IOWR('c', 113, struct crypt_sgop)
374#define CIOCCRYPT _IOWR('c', 114, struct crypt_op)
375#define CIOCNCRYPTM _IOWR('c', 115, struct crypt_mop)
376
377#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
378
379struct cryptotstat {
380 struct timespec acc; /* total accumulated time */
381 struct timespec min; /* max time */
382 struct timespec max; /* max time */
383 u_int32_t count; /* number of observations */
384};
385
386struct cryptostats {
387 u_int32_t cs_ops; /* symmetric crypto ops submitted */
388 u_int32_t cs_errs; /* symmetric crypto ops that failed */
389 u_int32_t cs_kops; /* asymetric/key ops submitted */
390 u_int32_t cs_kerrs; /* asymetric/key ops that failed */
391 u_int32_t cs_intrs; /* crypto swi thread activations */
392 u_int32_t cs_rets; /* crypto return thread activations */
393 u_int32_t cs_blocks; /* symmetric op driver block */
394 u_int32_t cs_kblocks; /* symmetric op driver block */
395 /*
396 * When CRYPTO_TIMING is defined at compile time and the
397 * sysctl debug.crypto is set to 1, the crypto system will
398 * accumulate statistics about how long it takes to process
399 * crypto requests at various points during processing.
400 */
401 struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */
402 struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */
403 struct cryptotstat cs_cb; /* crypto_done -> callback */
404 struct cryptotstat cs_finis; /* callback -> callback return */
405};
406
407#ifdef _KERNEL
408/* Standard initialization structure beginning */
409struct cryptoini {
410 int cri_alg; /* Algorithm to use */
411 int cri_klen; /* Key length, in bits */
412 int cri_rnd; /* Algorithm rounds, where relevant */
413 char *cri_key; /* key to use */
414 u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
415 struct cryptoini *cri_next;
416};
417
418/* Describe boundaries of a single crypto operation */
419struct cryptodesc {
420 int crd_skip; /* How many bytes to ignore from start */
421 int crd_len; /* How many bytes to process */
422 int crd_inject; /* Where to inject results, if applicable */
423 int crd_flags;
424
425#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
426#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
427 place, so don't copy. */
428#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
429#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
430#define CRD_F_COMP 0x10 /* Set when doing compression */
431
432 struct cryptoini CRD_INI; /* Initialization/context data */
433#define crd_iv CRD_INI.cri_iv
434#define crd_key CRD_INI.cri_key
435#define crd_rnd CRD_INI.cri_rnd
436#define crd_alg CRD_INI.cri_alg
437#define crd_klen CRD_INI.cri_klen
438
439 struct cryptodesc *crd_next;
440};
441
442/* Structure describing complete operation */
443struct cryptop {
444 TAILQ_ENTRY(cryptop) crp_next;
445 u_int64_t crp_sid; /* Session ID */
446
447 int crp_ilen; /* Input data total length */
448 int crp_olen; /* Result total length */
449
450 int crp_etype; /*
451 * Error type (zero means no error).
452 * All error codes except EAGAIN
453 * indicate possible data corruption (as in,
454 * the data have been touched). On all
455 * errors, the crp_sid may have changed
456 * (reset to a new one), so the caller
457 * should always check and use the new
458 * value on future requests.
459 */
460 int crp_flags; /* Note: must hold mutext to modify */
461
462#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains */
463#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
464#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
465#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible possible */
466#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */
467#define CRYPTO_F_DONE 0x0020 /* Operation completed */
468#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */
469#define CRYPTO_F_ONRETQ 0x0080 /* Request is on return queue */
470#define CRYPTO_F_USER 0x0100 /* Request is in user context */
471#define CRYPTO_F_MORE 0x0200 /* more data to follow */
472
473 void * crp_buf; /* Data to be processed */
474 void * crp_opaque; /* Opaque pointer, passed along */
475 struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
476
477 int (*crp_callback)(struct cryptop *); /* Callback function */
478
479 void * crp_mac;
480
481 /*
482 * everything below is private to crypto(4)
483 */
484 u_int32_t crp_reqid; /* request id */
485 void * crp_usropaque; /* Opaque pointer from user, passed along */
486 struct timespec crp_tstamp; /* performance time stamp */
487 kcondvar_t crp_cv;
488 struct fcrypt *fcrp;
489 void * dst;
490 void * mac;
491 u_int len;
492 u_char tmp_iv[EALG_MAX_BLOCK_LEN];
493 u_char tmp_mac[CRYPTO_MAX_MAC_LEN];
494
495 struct iovec iovec[1];
496 struct uio uio;
497 uint32_t magic;
498};
499
500#define CRYPTO_BUF_CONTIG 0x0
501#define CRYPTO_BUF_IOV 0x1
502#define CRYPTO_BUF_MBUF 0x2
503
504#define CRYPTO_OP_DECRYPT 0x0
505#define CRYPTO_OP_ENCRYPT 0x1
506
507/*
508 * Hints passed to process methods.
509 */
510#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */
511
512struct cryptkop {
513 TAILQ_ENTRY(cryptkop) krp_next;
514
515 u_int32_t krp_reqid; /* request id */
516 void * krp_usropaque; /* Opaque pointer from user, passed along */
517
518 u_int krp_op; /* ie. CRK_MOD_EXP or other */
519 u_int krp_status; /* return status */
520 u_short krp_iparams; /* # of input parameters */
521 u_short krp_oparams; /* # of output parameters */
522 u_int32_t krp_hid;
523 struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
524 int (*krp_callback)(struct cryptkop *);
525 int krp_flags; /* same values as crp_flags */
526 kcondvar_t krp_cv;
527 struct fcrypt *fcrp;
528 struct crparam crk_param[CRK_MAXPARAM];
529};
530
531/* Crypto capabilities structure */
532struct cryptocap {
533 u_int32_t cc_sessions;
534
535 /*
536 * Largest possible operator length (in bits) for each type of
537 * encryption algorithm.
538 */
539 u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
540
541 u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1];
542
543 u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1];
544
545 u_int8_t cc_flags;
546 u_int8_t cc_qblocked; /* symmetric q blocked */
547 u_int8_t cc_kqblocked; /* asymmetric q blocked */
548#define CRYPTOCAP_F_CLEANUP 0x01 /* needs resource cleanup */
549#define CRYPTOCAP_F_SOFTWARE 0x02 /* software implementation */
550#define CRYPTOCAP_F_SYNC 0x04 /* operates synchronously */
551
552 void *cc_arg; /* callback argument */
553 int (*cc_newsession)(void*, u_int32_t*, struct cryptoini*);
554 int (*cc_process) (void*, struct cryptop *, int);
555 int (*cc_freesession) (void*, u_int64_t);
556 void *cc_karg; /* callback argument */
557 int (*cc_kprocess) (void*, struct cryptkop *, int);
558};
559
560/*
561 * Session ids are 64 bits. The lower 32 bits contain a "local id" which
562 * is a driver-private session identifier. The upper 32 bits contain a
563 * "hardware id" used by the core crypto code to identify the driver and
564 * a copy of the driver's capabilities that can be used by client code to
565 * optimize operation.
566 */
567#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0xffffff)
568#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 56) & 0xff)
569#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
570
571MALLOC_DECLARE(M_CRYPTO_DATA);
572
573extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
574extern int crypto_freesession(u_int64_t sid);
575extern int32_t crypto_get_driverid(u_int32_t flags);
576extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
577 u_int32_t flags,
578 int (*newses)(void*, u_int32_t*, struct cryptoini*),
579 int (*freeses)(void*, u_int64_t),
580 int (*process)(void*, struct cryptop *, int),
581 void *arg);
582extern int crypto_kregister(u_int32_t, int, u_int32_t,
583 int (*)(void*, struct cryptkop *, int),
584 void *arg);
585extern int crypto_unregister(u_int32_t driverid, int alg);
586extern int crypto_unregister_all(u_int32_t driverid);
587extern int crypto_dispatch(struct cryptop *crp);
588extern int crypto_kdispatch(struct cryptkop *);
589#define CRYPTO_SYMQ 0x1
590#define CRYPTO_ASYMQ 0x2
591extern int crypto_unblock(u_int32_t, int);
592extern void crypto_done(struct cryptop *crp);
593extern void crypto_kdone(struct cryptkop *);
594extern int crypto_getfeat(int *);
595
596void cuio_copydata(struct uio *, int, int, void *);
597void cuio_copyback(struct uio *, int, int, void *);
598int cuio_apply(struct uio *, int, int,
599 int (*f)(void *, void *, unsigned int), void *);
600
601extern int crypto_ret_q_remove(struct cryptop *);
602extern int crypto_ret_kq_remove(struct cryptkop *);
603extern void crypto_freereq(struct cryptop *crp);
604extern struct cryptop *crypto_getreq(int num);
605
606extern int crypto_usercrypto; /* userland may do crypto requests */
607extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */
608extern int crypto_devallowsoft; /* only use hardware crypto */
609
610/*
611 * Asymmetric operations are allocated in cryptodev.c but can be
612 * freed in crypto.c.
613 */
614extern struct pool cryptkop_pool;
615
616/*
617 * Mutual exclusion and its unwelcome friends.
618 */
619
620extern kmutex_t crypto_mtx;
621
622/*
623 * initialize the crypto framework subsystem (not the pseudo-device).
624 * This must be called very early in boot, so the framework is ready
625 * to handle registration requests when crpto hardware is autoconfigured.
626 * (This declaration doesnt really belong here but there's no header
627 * for the raw framework.)
628 */
629int crypto_init(void);
630
631/*
632 * Crypto-related utility routines used mainly by drivers.
633 *
634 * XXX these don't really belong here; but for now they're
635 * kept apart from the rest of the system.
636 */
637struct uio;
638extern void cuio_copydata(struct uio* uio, int off, int len, void *cp);
639extern void cuio_copyback(struct uio* uio, int off, int len, void *cp);
640extern int cuio_getptr(struct uio *, int loc, int *off);
641
642#ifdef CRYPTO_DEBUG /* yuck, netipsec defines these differently */
643#ifndef DPRINTF
644#define DPRINTF(a) uprintf a
645#endif
646#ifndef DCPRINTF
647#define DCPRINTF(a) printf a
648#endif
649#else
650#ifndef DPRINTF
651#define DPRINTF(a)
652#endif
653#ifndef DCPRINTF
654#define DCPRINTF(a)
655#endif
656#endif
657
658#endif /* _KERNEL */
659#endif /* _CRYPTO_CRYPTO_H_ */
660