Merge branch 'standalone-rename' into integrate-cryptodev

Conflicts:
	.gitignore

2 files changed, 472 insertions, 0 deletions

diff --git a/include/linux/cryptodev.h b/include/linux/cryptodev.h
new file mode 100644
index 00000000000..4d6b712e506
--- /dev/null
+++ b/include/linux/cryptodev.h
@@ -0,0 +1,155 @@
+/* This is a source compatible implementation with the original API of 
+ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
+ * Placed under public domain */
+
+#ifndef L_CRYPTODEV_H
+#define L_CRYPTODEV_H
+
+#ifndef __KERNEL__
+#include <inttypes.h>
+#define __user
+#else
+#endif
+
+/* API extensions for linux */
+#define CRYPTO_HMAC_MAX_KEY_LEN		512
+#define CRYPTO_CIPHER_MAX_KEY_LEN	64
+
+/* All the supported algorithms
+ */
+typedef enum {
+	CRYPTO_DES_CBC=1,
+	CRYPTO_3DES_CBC=2,
+	CRYPTO_BLF_CBC=3,
+	CRYPTO_CAST_CBC=4,
+	CRYPTO_SKIPJACK_CBC=5,
+	CRYPTO_MD5_HMAC=6,
+	CRYPTO_SHA1_HMAC=7,
+	CRYPTO_RIPEMD160_HMAC=8,
+	CRYPTO_MD5_KPDK=9,
+	CRYPTO_SHA1_KPDK=10,
+	CRYPTO_RIJNDAEL128_CBC=11,
+	CRYPTO_AES_CBC=CRYPTO_RIJNDAEL128_CBC,
+	CRYPTO_ARC4=12,
+	CRYPTO_MD5=13,
+	CRYPTO_SHA1=14,
+	CRYPTO_DEFLATE_COMP=15,
+	CRYPTO_NULL=16,
+	CRYPTO_LZS_COMP=17,
+	CRYPTO_SHA2_256_HMAC=18,
+	CRYPTO_SHA2_384_HMAC=19,
+	CRYPTO_SHA2_512_HMAC=20,
+	CRYPTO_AES_CTR=21,
+	CRYPTO_AES_XTS=22,
+
+	CRYPTO_CAMELLIA_CBC=101,
+	CRYPTO_RIPEMD160,
+	CRYPTO_SHA2_256,
+	CRYPTO_SHA2_384,
+	CRYPTO_SHA2_512,
+	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+} cryptodev_crypto_op_t;
+#define	CRYPTO_ALGORITHM_MAX	(CRYPTO_ALGORITHM_ALL - 1)
+
+/* Values for ciphers */
+#define DES_BLOCK_LEN		8
+#define DES3_BLOCK_LEN		8
+#define RIJNDAEL128_BLOCK_LEN	16
+#define AES_BLOCK_LEN		RIJNDAEL128_BLOCK_LEN
+#define CAMELLIA_BLOCK_LEN
+#define BLOWFISH_BLOCK_LEN	8
+#define SKIPJACK_BLOCK_LEN	8
+#define CAST128_BLOCK_LEN	8
+
+/* the maximum of the above */
+#define EALG_MAX_BLOCK_LEN	16
+
+/* Values for hashes/MAC */
+#define AALG_MAX_RESULT_LEN		64
+
+/* input of CIOCGSESSION */
+struct session_op {
+	/* Specify either cipher or mac
+	 */
+	uint32_t	cipher;		/* cryptodev_crypto_op_t */
+	uint32_t	mac;		/* cryptodev_crypto_op_t */
+
+	uint32_t	keylen;
+	uint8_t	__user *key;
+	uint32_t	mackeylen;
+	uint8_t	__user *mackey;
+
+	uint32_t	ses;		/* session identifier */
+};
+
+#define	COP_ENCRYPT	0
+#define COP_DECRYPT	1
+
+/* input of CIOCCRYPT */
+ struct crypt_op {
+	uint32_t	ses;		/* session identifier */
+	uint16_t	op;		/* COP_ENCRYPT or COP_DECRYPT */
+	uint16_t	flags;		/* no usage so far, use 0 */
+	uint32_t	len;		/* length of source data */
+	uint8_t __user *src;		/* source data */
+	uint8_t __user *dst;		/* pointer to output data */
+	uint8_t	__user *mac;		/* pointer to output data for hash/MAC operations */
+	uint8_t	__user *iv;		/* initialization vector for encryption operations */
+};
+
+/* Stuff for bignum arithmetic and public key
+ * cryptography - not supported yet by linux
+ * cryptodev.
+ */
+
+#define	CRYPTO_ALG_FLAG_SUPPORTED	1
+#define	CRYPTO_ALG_FLAG_RNG_ENABLE	2
+#define	CRYPTO_ALG_FLAG_DSA_SHA		4
+
+struct crparam {
+	uint8_t*	crp_p;
+	uint32_t	crp_nbits;
+};
+
+#define CRK_MAXPARAM	8
+
+/* input of CIOCKEY */
+struct crypt_kop {
+	uint32_t	crk_op;		/* cryptodev_crk_ot_t */
+	uint32_t	crk_status;
+	uint16_t	crk_iparams;
+	uint16_t	crk_oparams;
+	uint32_t	crk_pad1;
+	struct crparam	crk_param[CRK_MAXPARAM];
+};
+
+typedef enum {
+	CRK_MOD_EXP=0,
+	CRK_MOD_EXP_CRT=1,
+	CRK_DSA_SIGN=2,
+	CRK_DSA_VERIFY=3,
+	CRK_DH_COMPUTE_KEY=4,
+	CRK_ALGORITHM_ALL
+} cryptodev_crk_op_t;
+
+#define CRK_ALGORITHM_MAX	CRK_ALGORITHM_ALL-1
+
+/* features to be queried with CIOCASYMFEAT ioctl
+ */
+#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
+#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
+#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
+#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
+#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
+
+
+/* ioctl's. Compatible with old linux cryptodev.h
+ */
+#define CRIOGET         _IOWR('c', 101, uint32_t)
+#define CIOCGSESSION    _IOWR('c', 102, struct session_op)
+#define CIOCFSESSION    _IOW('c', 103, uint32_t)
+#define CIOCCRYPT       _IOWR('c', 104, struct crypt_op)
+#define CIOCKEY         _IOWR('c', 105, struct crypt_kop)
+#define CIOCASYMFEAT    _IOR('c', 106, uint32_t)
+
+#endif /* L_CRYPTODEV_H */
diff --git a/include/linux/ncr.h b/include/linux/ncr.h
new file mode 100644
index 00000000000..30158897fb3
--- /dev/null
+++ b/include/linux/ncr.h
@@ -0,0 +1,317 @@
+#ifndef L_NCR_H
+#define L_NCR_H
+
+#ifndef __KERNEL__
+#include <inttypes.h>
+#define __user
+#endif
+
+#define NCR_CIPHER_MAX_BLOCK_LEN 32
+#define NCR_CIPHER_MAX_KEY_LEN 64
+#define NCR_HASH_MAX_OUTPUT_SIZE  64
+#define NCR_PK_MAX_OBJECT 640
+
+typedef enum {
+	NCR_ALG_NONE,
+	NCR_ALG_NULL,
+	NCR_ALG_3DES_CBC,
+	NCR_ALG_AES_CBC,
+	NCR_ALG_CAMELLIA_CBC,
+	NCR_ALG_ARCFOUR,
+	NCR_ALG_AES_ECB,
+	NCR_ALG_CAMELLIA_ECB,
+	NCR_ALG_AES_CTR,
+	NCR_ALG_CAMELLIA_CTR,
+
+	NCR_ALG_SHA1=40,
+	NCR_ALG_MD5,
+	NCR_ALG_SHA2_224,
+	NCR_ALG_SHA2_256,
+	NCR_ALG_SHA2_384,
+	NCR_ALG_SHA2_512,
+
+	NCR_ALG_HMAC_SHA1=80,
+	NCR_ALG_HMAC_MD5,
+	NCR_ALG_HMAC_SHA2_224,
+	NCR_ALG_HMAC_SHA2_256,
+	NCR_ALG_HMAC_SHA2_384,
+	NCR_ALG_HMAC_SHA2_512,
+
+	NCR_ALG_RSA=140,
+	NCR_ALG_DSA,
+} ncr_algorithm_t;
+
+
+
+typedef enum {
+	NCR_WALG_AES_RFC3394, /* for secret keys only */
+	NCR_WALG_AES_RFC5649, /* can wrap arbitrary key */
+} ncr_wrap_algorithm_t;
+
+typedef enum {
+	NCR_KEY_TYPE_INVALID,
+	NCR_KEY_TYPE_SECRET=1,
+	NCR_KEY_TYPE_PUBLIC=2,
+	NCR_KEY_TYPE_PRIVATE=3,
+} ncr_key_type_t;
+
+/* Data Handling
+ */
+#define NCR_DATA_FLAG_EXPORTABLE 1
+#define NCR_DATA_FLAG_SIGN_ONLY 2 /* this object can only be used with hash/sign operations */
+
+typedef int ncr_data_t;
+#define NCR_DATA_INVALID (ncr_data_t)(0)
+
+/* When initializing a data_t we can initialize it as a kernel data object
+ * or as an object that points to userspace data.
+ */
+struct ncr_data_init_st {
+	ncr_data_t desc;
+	size_t max_object_size;
+	unsigned int flags;
+	void __user *initial_data; /* can be null */
+	size_t initial_data_size;
+};
+
+struct ncr_data_init_user_st {
+	ncr_data_t desc;
+	unsigned int flags;
+	void __user *data; /* can be null */
+	size_t __user* data_size_ptr;
+};
+
+struct ncr_data_st {
+	ncr_data_t desc;
+	void __user* data;
+	size_t data_size; /* rw in get */
+};
+
+#define NCRIO_DATA_INIT       _IOWR('c', 200, struct ncr_data_init_st)
+#define NCRIO_DATA_INIT_USER         _IOWR('c', 200, struct ncr_data_init_user_st)
+#define NCRIO_DATA_GET         _IOWR('c', 201, struct ncr_data_st)
+#define NCRIO_DATA_SET         _IOR('c', 202, struct ncr_data_st)
+#define NCRIO_DATA_DEINIT         _IOR('c', 203, ncr_data_t)
+
+/* Key handling
+ */
+
+typedef int ncr_key_t;
+
+#define NCR_KEY_INVALID (ncr_key_t)(0)
+
+#define NCR_KEY_FLAG_EXPORTABLE 1
+#define NCR_KEY_FLAG_WRAPPABLE (1<<1)
+/* when generating a pair the flags correspond to private
+ * and public key usage is implicit. For example when private
+ * key can decrypt then public key can encrypt. If private key
+ * can sign then public key can verify.
+ */
+#define NCR_KEY_FLAG_DECRYPT (1<<2)
+#define NCR_KEY_FLAG_SIGN (1<<3)
+
+struct ncr_key_generate_params_st {
+	ncr_algorithm_t algorithm; /* just a cipher algorithm when
+	* generating secret keys
+	*/
+	unsigned int keyflags;
+	union {
+		struct {
+			unsigned int bits;
+		} secret;
+		struct {
+			unsigned int bits;
+			unsigned long e;
+		} rsa;		
+		struct {
+			unsigned int q_bits;
+			unsigned int p_bits;
+		} dsa;
+		struct {
+			unsigned int bits;
+		} dh;
+	} params;
+};
+
+/* used in generation
+ */
+struct ncr_key_generate_st {
+	ncr_key_t desc;
+	ncr_key_t desc2; /* public key when called with GENERATE_PAIR */
+	struct ncr_key_generate_params_st params;
+};
+
+typedef enum {
+	RSA_PKCS1_V1_5, /* both signatures and encryption */
+	RSA_PKCS1_OAEP, /* for encryption only */
+	RSA_PKCS1_PSS, /* for signatures only */
+} ncr_rsa_type_t;
+
+/* used in derivation/encryption
+ */
+struct ncr_key_params_st {
+	ncr_key_t key;
+
+	union {
+		struct {
+			uint8_t iv[NCR_CIPHER_MAX_BLOCK_LEN];
+			size_t iv_size;
+		} cipher;
+		struct {
+			uint8_t peer_public[NCR_PK_MAX_OBJECT];
+			size_t peer_public_size;
+		} dh;
+		struct {
+			ncr_rsa_type_t type;
+			ncr_algorithm_t oaep_hash; /* for OAEP */
+			ncr_algorithm_t sign_hash; /* for signatures */
+			unsigned int pss_salt; /* PSS signatures */
+		} pk;
+	} params;
+};
+
+struct ncr_key_derivation_params_st {
+	ncr_key_t newkey;
+	unsigned int keyflags; /* for new key */
+	
+	struct ncr_key_params_st key;
+};
+
+#define MAX_KEY_ID_SIZE 20
+
+struct ncr_key_info_st {
+	ncr_key_t key; /* input */
+
+	unsigned int flags;
+	ncr_key_type_t type;
+	ncr_algorithm_t algorithm; /* valid for public/private keys */
+
+	uint8_t key_id[MAX_KEY_ID_SIZE];
+	size_t key_id_size;
+};
+
+struct ncr_key_data_st {
+	ncr_key_t key;
+	ncr_data_t data;
+		
+	/* in case of import this will be used as key id */
+	uint8_t key_id[MAX_KEY_ID_SIZE];
+	size_t key_id_size;
+	ncr_key_type_t type;
+	unsigned int flags;
+	ncr_algorithm_t algorithm; /* valid for public/private keys */
+};
+
+#define NCRIO_KEY_INIT			_IOW ('c', 204, ncr_key_t)
+/* generate a secret key */
+#define NCRIO_KEY_GENERATE     	_IOR ('c', 205, struct ncr_key_generate_st)
+/* generate a public key pair */
+#define NCRIO_KEY_GENERATE_PAIR _IOR ('c', 206, struct ncr_key_generate_st)
+/* derive a new key from an old one */
+#define NCRIO_KEY_DERIVE        _IOR ('c', 207, struct ncr_key_derivation_params_st)
+/* return information on a key */
+#define NCRIO_KEY_GET_INFO      _IOWR('c', 208, struct ncr_key_info_st)
+/* export a secret key */
+#define NCRIO_KEY_EXPORT       	_IOWR('c', 209, struct ncr_key_data_st)
+/* import a secret key */
+#define NCRIO_KEY_IMPORT       	_IOWR('c', 210, struct ncr_key_data_st)
+
+#define NCRIO_KEY_DEINIT       _IOR ('c', 215, ncr_key_t)
+
+/* Key wrap ioctls
+ */
+struct ncr_key_wrap_st {
+	ncr_wrap_algorithm_t algorithm;
+	ncr_key_t keytowrap;
+	struct ncr_key_params_st key;
+	ncr_data_t data; /* encrypted keytowrap */
+};
+
+#define NCRIO_KEY_WRAP        _IOR ('c', 250, struct ncr_key_wrap_st)
+#define NCRIO_KEY_UNWRAP        _IOR ('c', 251, struct ncr_key_wrap_st)
+
+/* Internal ops  */
+struct ncr_master_key_st {
+	uint8_t key[NCR_CIPHER_MAX_KEY_LEN];
+	uint16_t key_size;
+};
+
+#define NCRIO_MASTER_KEY_SET        _IOR ('c', 260, struct ncr_master_key_st)
+
+/* These are similar to key_wrap and unwrap except that will store some extra
+ * fields to be able to recover a key */
+struct ncr_key_storage_wrap_st {
+	ncr_key_t keytowrap;
+	ncr_data_t data; /* encrypted keytowrap */
+};
+
+#define NCRIO_KEY_STORAGE_WRAP        _IOR ('c', 261, struct ncr_key_storage_wrap_st)
+#define NCRIO_KEY_STORAGE_UNWRAP        _IOR ('c', 262, struct ncr_key_storage_wrap_st)
+
+/* Crypto Operations ioctls
+ */
+
+typedef enum {
+	NCR_OP_ENCRYPT=1,
+	NCR_OP_DECRYPT,
+	NCR_OP_DIGEST,
+	NCR_OP_SIGN,
+	NCR_OP_VERIFY,
+} ncr_crypto_op_t;
+
+typedef int ncr_session_t;
+#define NCR_SESSION_INVALID (ncr_session_t)0
+
+/* input of CIOCGSESSION */
+struct ncr_session_st {
+	/* input */
+	ncr_algorithm_t algorithm;
+	struct ncr_key_params_st params;
+	ncr_crypto_op_t op;
+
+	/* output */
+	ncr_session_t	ses;		/* session identifier */
+};
+
+typedef enum {
+	NCR_SUCCESS = 0,
+	NCR_ERROR_GENERIC = -1,
+	NCR_VERIFICATION_FAILED = -2,
+} ncr_error_t;
+
+struct ncr_session_op_st {
+	/* input */
+	ncr_session_t ses;
+
+	union {
+		struct {
+			ncr_data_t plaintext;
+			ncr_data_t ciphertext;
+		} cipher;
+		struct {
+			ncr_data_t text;
+			ncr_data_t output;
+		} sign; /* mac/hash/sign */
+		struct {
+			ncr_data_t text;
+			ncr_data_t signature;
+		} verify; /* mac/sign */
+	} data;
+
+	/* output of verification */
+	ncr_error_t err;
+};
+
+struct ncr_session_once_op_st {
+	struct ncr_session_st init;
+	struct ncr_session_op_st op;
+};
+
+#define NCRIO_SESSION_INIT        _IOR ('c', 300, struct ncr_session_st)
+#define NCRIO_SESSION_UPDATE        _IOWR ('c', 301, struct ncr_session_op_st)
+#define NCRIO_SESSION_FINAL        _IOR ('c', 302, struct ncr_session_op_st)
+
+/* everything in one call */
+#define NCRIO_SESSION_ONCE        _IOWR ('c', 303, struct ncr_session_once_op_st)
+
+#endif