diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/cryptodev.h | 155 | ||||
-rw-r--r-- | include/linux/ncr.h | 300 |
2 files changed, 455 insertions, 0 deletions
diff --git a/include/linux/cryptodev.h b/include/linux/cryptodev.h new file mode 100644 index 00000000000..4d6b712e506 --- /dev/null +++ b/include/linux/cryptodev.h @@ -0,0 +1,155 @@ +/* This is a source compatible implementation with the original API of + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. + * Placed under public domain */ + +#ifndef L_CRYPTODEV_H +#define L_CRYPTODEV_H + +#ifndef __KERNEL__ +#include <inttypes.h> +#define __user +#else +#endif + +/* API extensions for linux */ +#define CRYPTO_HMAC_MAX_KEY_LEN 512 +#define CRYPTO_CIPHER_MAX_KEY_LEN 64 + +/* All the supported algorithms + */ +typedef enum { + CRYPTO_DES_CBC=1, + CRYPTO_3DES_CBC=2, + CRYPTO_BLF_CBC=3, + CRYPTO_CAST_CBC=4, + CRYPTO_SKIPJACK_CBC=5, + CRYPTO_MD5_HMAC=6, + CRYPTO_SHA1_HMAC=7, + CRYPTO_RIPEMD160_HMAC=8, + CRYPTO_MD5_KPDK=9, + CRYPTO_SHA1_KPDK=10, + CRYPTO_RIJNDAEL128_CBC=11, + CRYPTO_AES_CBC=CRYPTO_RIJNDAEL128_CBC, + CRYPTO_ARC4=12, + CRYPTO_MD5=13, + CRYPTO_SHA1=14, + CRYPTO_DEFLATE_COMP=15, + CRYPTO_NULL=16, + CRYPTO_LZS_COMP=17, + CRYPTO_SHA2_256_HMAC=18, + CRYPTO_SHA2_384_HMAC=19, + CRYPTO_SHA2_512_HMAC=20, + CRYPTO_AES_CTR=21, + CRYPTO_AES_XTS=22, + + CRYPTO_CAMELLIA_CBC=101, + CRYPTO_RIPEMD160, + CRYPTO_SHA2_256, + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ +} cryptodev_crypto_op_t; +#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) + +/* Values for ciphers */ +#define DES_BLOCK_LEN 8 +#define DES3_BLOCK_LEN 8 +#define RIJNDAEL128_BLOCK_LEN 16 +#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN +#define CAMELLIA_BLOCK_LEN +#define BLOWFISH_BLOCK_LEN 8 +#define SKIPJACK_BLOCK_LEN 8 +#define CAST128_BLOCK_LEN 8 + +/* the maximum of the above */ +#define EALG_MAX_BLOCK_LEN 16 + +/* Values for hashes/MAC */ +#define AALG_MAX_RESULT_LEN 64 + +/* input of CIOCGSESSION */ +struct session_op { + /* Specify either cipher or mac + */ + uint32_t cipher; /* cryptodev_crypto_op_t */ + uint32_t mac; /* cryptodev_crypto_op_t */ + + uint32_t keylen; + uint8_t __user *key; + uint32_t mackeylen; + uint8_t __user *mackey; + + uint32_t ses; /* session identifier */ +}; + +#define COP_ENCRYPT 0 +#define COP_DECRYPT 1 + +/* input of CIOCCRYPT */ + struct crypt_op { + uint32_t ses; /* session identifier */ + uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ + uint16_t flags; /* no usage so far, use 0 */ + uint32_t len; /* length of source data */ + uint8_t __user *src; /* source data */ + uint8_t __user *dst; /* pointer to output data */ + uint8_t __user *mac; /* pointer to output data for hash/MAC operations */ + uint8_t __user *iv; /* initialization vector for encryption operations */ +}; + +/* Stuff for bignum arithmetic and public key + * cryptography - not supported yet by linux + * cryptodev. + */ + +#define CRYPTO_ALG_FLAG_SUPPORTED 1 +#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 +#define CRYPTO_ALG_FLAG_DSA_SHA 4 + +struct crparam { + uint8_t* crp_p; + uint32_t crp_nbits; +}; + +#define CRK_MAXPARAM 8 + +/* input of CIOCKEY */ +struct crypt_kop { + uint32_t crk_op; /* cryptodev_crk_ot_t */ + uint32_t crk_status; + uint16_t crk_iparams; + uint16_t crk_oparams; + uint32_t crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; +}; + +typedef enum { + CRK_MOD_EXP=0, + CRK_MOD_EXP_CRT=1, + CRK_DSA_SIGN=2, + CRK_DSA_VERIFY=3, + CRK_DH_COMPUTE_KEY=4, + CRK_ALGORITHM_ALL +} cryptodev_crk_op_t; + +#define CRK_ALGORITHM_MAX CRK_ALGORITHM_ALL-1 + +/* features to be queried with CIOCASYMFEAT ioctl + */ +#define CRF_MOD_EXP (1 << CRK_MOD_EXP) +#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) +#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) +#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) +#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) + + +/* ioctl's. Compatible with old linux cryptodev.h + */ +#define CRIOGET _IOWR('c', 101, uint32_t) +#define CIOCGSESSION _IOWR('c', 102, struct session_op) +#define CIOCFSESSION _IOW('c', 103, uint32_t) +#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) +#define CIOCKEY _IOWR('c', 105, struct crypt_kop) +#define CIOCASYMFEAT _IOR('c', 106, uint32_t) + +#endif /* L_CRYPTODEV_H */ diff --git a/include/linux/ncr.h b/include/linux/ncr.h new file mode 100644 index 00000000000..ee6d50244f7 --- /dev/null +++ b/include/linux/ncr.h @@ -0,0 +1,300 @@ +#ifndef L_NCR_H +#define L_NCR_H + +#ifndef __KERNEL__ +#include <inttypes.h> +#define __user +#endif + +#define NCR_CIPHER_MAX_BLOCK_LEN 32 +#define NCR_CIPHER_MAX_KEY_LEN 64 +#define NCR_HASH_MAX_OUTPUT_SIZE 64 +#define NCR_PK_MAX_OBJECT 640 + +typedef enum { + NCR_ALG_NONE, + NCR_ALG_NULL, + NCR_ALG_3DES_CBC, + NCR_ALG_AES_CBC, + NCR_ALG_CAMELLIA_CBC, + NCR_ALG_ARCFOUR, + NCR_ALG_AES_ECB, + NCR_ALG_CAMELLIA_ECB, + NCR_ALG_AES_CTR, + NCR_ALG_CAMELLIA_CTR, + + NCR_ALG_SHA1=40, + NCR_ALG_MD5, + NCR_ALG_SHA2_224, + NCR_ALG_SHA2_256, + NCR_ALG_SHA2_384, + NCR_ALG_SHA2_512, + + NCR_ALG_HMAC_SHA1=80, + NCR_ALG_HMAC_MD5, + NCR_ALG_HMAC_SHA2_224, + NCR_ALG_HMAC_SHA2_256, + NCR_ALG_HMAC_SHA2_384, + NCR_ALG_HMAC_SHA2_512, + + NCR_ALG_RSA=140, + NCR_ALG_DSA, +} ncr_algorithm_t; + + + +typedef enum { + NCR_WALG_AES_RFC3394, /* for secret keys only */ + NCR_WALG_AES_RFC5649, /* can wrap arbitrary key */ +} ncr_wrap_algorithm_t; + +typedef enum { + NCR_KEY_TYPE_INVALID, + NCR_KEY_TYPE_SECRET=1, + NCR_KEY_TYPE_PUBLIC=2, + NCR_KEY_TYPE_PRIVATE=3, +} ncr_key_type_t; + +/* Key handling + */ + +typedef int ncr_key_t; + +#define NCR_KEY_INVALID (ncr_key_t)(0) + +#define NCR_KEY_FLAG_EXPORTABLE 1 +#define NCR_KEY_FLAG_WRAPPABLE (1<<1) +/* when generating a pair the flags correspond to private + * and public key usage is implicit. For example when private + * key can decrypt then public key can encrypt. If private key + * can sign then public key can verify. + */ +#define NCR_KEY_FLAG_DECRYPT (1<<2) +#define NCR_KEY_FLAG_SIGN (1<<3) + +struct ncr_key_generate_params_st { + ncr_algorithm_t algorithm; /* just a cipher algorithm when + * generating secret keys + */ + unsigned int keyflags; + union { + struct { + unsigned int bits; + } secret; + struct { + unsigned int bits; + unsigned long e; + } rsa; + struct { + unsigned int q_bits; + unsigned int p_bits; + } dsa; + struct { + unsigned int bits; + } dh; + } params; +}; + +/* used in generation + */ +struct ncr_key_generate_st { + ncr_key_t desc; + ncr_key_t desc2; /* public key when called with GENERATE_PAIR */ + struct ncr_key_generate_params_st params; +}; + +typedef enum { + RSA_PKCS1_V1_5, /* both signatures and encryption */ + RSA_PKCS1_OAEP, /* for encryption only */ + RSA_PKCS1_PSS, /* for signatures only */ +} ncr_rsa_type_t; + +/* used in derivation/encryption + */ +struct ncr_key_params_st { + /* this structure always corresponds to a key. Hence the + * parameters of the union selected are based on the corresponding + * key */ + union { + struct { + uint8_t iv[NCR_CIPHER_MAX_BLOCK_LEN]; + size_t iv_size; + } cipher; + struct { + uint8_t peer_public[NCR_PK_MAX_OBJECT]; + size_t peer_public_size; + } dh; + struct { + ncr_rsa_type_t type; + ncr_algorithm_t oaep_hash; /* for OAEP */ + ncr_algorithm_t sign_hash; /* for signatures */ + unsigned int pss_salt; /* PSS signatures */ + } rsa; + struct { + ncr_algorithm_t sign_hash; /* for signatures */ + } dsa; + } params; +}; + +struct ncr_key_derivation_params_st { + ncr_key_t newkey; + unsigned int keyflags; /* for new key */ + + ncr_key_t key; + struct ncr_key_params_st params; +}; + +#define MAX_KEY_ID_SIZE 20 + +struct ncr_key_info_st { + ncr_key_t key; /* input */ + + unsigned int flags; + ncr_key_type_t type; + ncr_algorithm_t algorithm; /* valid for public/private keys */ + + uint8_t key_id[MAX_KEY_ID_SIZE]; + size_t key_id_size; +}; + +struct ncr_key_data_st { + ncr_key_t key; + + void __user *idata; + size_t idata_size; /* rw in get */ + + /* in case of import this will be used as key id */ + uint8_t key_id[MAX_KEY_ID_SIZE]; + size_t key_id_size; + ncr_key_type_t type; + unsigned int flags; + ncr_algorithm_t algorithm; /* valid for public/private keys */ +}; + +#define NCRIO_KEY_INIT _IOW ('c', 204, ncr_key_t) +/* generate a secret key */ +#define NCRIO_KEY_GENERATE _IOR ('c', 205, struct ncr_key_generate_st) +/* generate a public key pair */ +#define NCRIO_KEY_GENERATE_PAIR _IOR ('c', 206, struct ncr_key_generate_st) +/* derive a new key from an old one */ +#define NCRIO_KEY_DERIVE _IOR ('c', 207, struct ncr_key_derivation_params_st) +/* return information on a key */ +#define NCRIO_KEY_GET_INFO _IOWR('c', 208, struct ncr_key_info_st) +/* export a secret key */ +#define NCRIO_KEY_EXPORT _IOWR('c', 209, struct ncr_key_data_st) +/* import a secret key */ +#define NCRIO_KEY_IMPORT _IOWR('c', 210, struct ncr_key_data_st) + +#define NCRIO_KEY_DEINIT _IOR ('c', 215, ncr_key_t) + +/* Key wrap ioctls + */ +struct ncr_key_wrap_st { + ncr_wrap_algorithm_t algorithm; + ncr_key_t keytowrap; + + ncr_key_t key; + struct ncr_key_params_st params; + + void __user * io; /* encrypted keytowrap */ + size_t io_size; /* this will be updated by the actual size on wrap */ +}; + +#define NCRIO_KEY_WRAP _IOWR ('c', 250, struct ncr_key_wrap_st) +#define NCRIO_KEY_UNWRAP _IOR ('c', 251, struct ncr_key_wrap_st) + +/* Internal ops */ +struct ncr_master_key_st { + uint8_t key[NCR_CIPHER_MAX_KEY_LEN]; + uint16_t key_size; +}; + +#define NCRIO_MASTER_KEY_SET _IOR ('c', 260, struct ncr_master_key_st) + +/* These are similar to key_wrap and unwrap except that will store some extra + * fields to be able to recover a key */ +struct ncr_key_storage_wrap_st { + ncr_key_t keytowrap; + + void __user * io; /* encrypted keytowrap */ + size_t io_size; /* this will be updated by the actual size on wrap */ +}; + +#define NCRIO_KEY_STORAGE_WRAP _IOWR ('c', 261, struct ncr_key_storage_wrap_st) +#define NCRIO_KEY_STORAGE_UNWRAP _IOR ('c', 262, struct ncr_key_storage_wrap_st) + +/* Crypto Operations ioctls + */ + +typedef enum { + NCR_OP_ENCRYPT=1, + NCR_OP_DECRYPT, + NCR_OP_SIGN, + NCR_OP_VERIFY, +} ncr_crypto_op_t; + +typedef int ncr_session_t; +#define NCR_SESSION_INVALID (ncr_session_t)0 + +/* input of CIOCGSESSION */ +struct ncr_session_st { + /* input */ + ncr_algorithm_t algorithm; + + ncr_key_t key; + struct ncr_key_params_st params; + ncr_crypto_op_t op; + + /* output */ + ncr_session_t ses; /* session identifier */ +}; + +typedef enum { + NCR_SUCCESS = 0, + NCR_ERROR_GENERIC = -1, + NCR_VERIFICATION_FAILED = -2, +} ncr_error_t; + +typedef enum { + NCR_KEY_DATA, + NCR_DIRECT_DATA, +} ncr_data_type_t; + +struct ncr_session_op_st { + /* input */ + ncr_session_t ses; + + union { + struct { + ncr_key_t input; + void __user * output; /* when verifying signature this is + * the place of the signature. + */ + size_t output_size; + } kdata; /* NCR_KEY_DATA */ + struct { + void __user * input; + size_t input_size; + void __user * output; + size_t output_size; + } udata; /* NCR_DIRECT_DATA */ + } data; + ncr_data_type_t type; + + /* output of verification */ + ncr_error_t err; +}; + +struct ncr_session_once_op_st { + struct ncr_session_st init; + struct ncr_session_op_st op; +}; + +#define NCRIO_SESSION_INIT _IOR ('c', 300, struct ncr_session_st) +#define NCRIO_SESSION_UPDATE _IOWR ('c', 301, struct ncr_session_op_st) +#define NCRIO_SESSION_FINAL _IOWR ('c', 302, struct ncr_session_op_st) + +/* everything in one call */ +#define NCRIO_SESSION_ONCE _IOWR ('c', 303, struct ncr_session_once_op_st) + +#endif |