summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2002-03-02 19:15:12 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2002-03-02 19:15:12 +0000
commit1b22c817a8cfab92b48aaa68598b1c58d3b91dbd (patch)
tree3e4eb7378107ac973485752c478d61ed25fe2f30
parent06ddcd92881ed39834be90d247e41ca803db55a9 (diff)
initial cut at crypto_sop definitions for symmetric crypto
-rw-r--r--sys/crypto/cryptodev.h155
1 files changed, 33 insertions, 122 deletions
diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h
index 9c108f1f399..bef8a588a8f 100644
--- a/sys/crypto/cryptodev.h
+++ b/sys/crypto/cryptodev.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptodev.h,v 1.19 2002/03/01 02:50:02 provos Exp $ */
+/* $OpenBSD: cryptodev.h,v 1.20 2002/03/02 19:15:11 deraadt Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -106,123 +106,8 @@
#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x00000002 /* Has HW RNG for DH/DSA */
#define CRYPTO_ALG_FLAG_DSA_SHA 0x00000004 /* Can do SHA on msg */
-#define SYMMETRIC 0
-#define PUBLIC_KEY 1
-
-/*
- * Diffie-Hellman structure which defines fields needed to operate on the
- * input. Should be passed in the cryptoini->cri_key field.
- */
-struct DH_key {
- /*
- * CRYPTO_DH_SEND - Enable or disable the random number generator.
- * If disabled, private key and length should be stored in
- * DH_buf; otherwise only the length is needed and the generated
- * private key is stored in DH_buf->priv_key.
- */
-
- /* Length of key-related variables */
- u_int16_t dhk_gen_length; /* SEND - generator length */
- u_int16_t dhk_mod_length; /* SEND/RECEIVE - modulus length */
-
- /* Input/output buffers for key generation */
- caddr_t dhk_generator; /* SEND - generator to use */
- caddr_t dhk_modulus; /* SEND/RECEIVE - modulus to use */
-};
-
-/*
- * These are inputs for DH processing - the private keys and public
- * keys are stored here because For DH-Send, if RNG_ENABLE, the
- * private key does not have to be provided. Should be passed to the
- * cryptop->crp_buf.
- */
-struct DH_buf {
- /* Length of variables */
- u_int16_t dh_public_key_length; /* SEND/RECEIVE - public value len */
- u_int16_t dh_ss_key_length; /* RECEIVE - shared secret key len */
- u_int16_t dh_priv_key_length; /* SEND/RECEIVE - Private key length */
-
- /* Input/output buffers */
- caddr_t dh_priv_key; /*
- * Buffer for private key the private key
- * buffer is placed here because it can
- * be both an input and an output. If this
- * is left empty, the crypto framework or
- * the underlying hardware will provide it for
- * SEND. Must be present on RECEIVE.
- */
- caddr_t dh_pub_key; /* SEND/RECEIVE - I/O buffer for public key */
- caddr_t dh_ss_key; /* RECEIVE - output buffer for shared secret key */
-};
-
-/*
- * RSA structure which defines fields needed to operate on the input.
- * Should be passed to the cryptoini->cri_key field.
- */
-struct RSA_key {
- /* Length of variables (in bits) */
- u_int16_t rsak_exponent_length; /* Length of exponent (e) */
- u_int16_t rsak_mod_length; /* Length of modulus */
- u_int16_t rsak_p_length; /* Length of p */
- u_int16_t rsak_q_length; /* Length of q */
- u_int16_t rsak_dp_length; /* Length of CRT dp */
- u_int16_t rsak_dq_length; /* Length of CRT dq */
- u_int16_t rsak_qinv_length; /* Length of CRT qinv */
-
- /* Input/output buffers */
- caddr_t rsak_exponent;
- caddr_t rsak_modulus;
- caddr_t rsak_p;
- caddr_t rsak_q;
- caddr_t rsak_dp;
- caddr_t rsak_dq;
- caddr_t rsak_qinv;
-};
-
-/*
- * These are inputs for RSA processing - they are the data buffers for
- * the input and output message. Should be passed through cryptop->crp_buf.
- */
-struct RSA_buf {
- u_int16_t rsa_in_buf_length; /* Length of input buffer */
- u_int16_t rsa_out_buf_length; /* Length of output buffer */
-
- caddr_t rsa_in_buf; /* Input message buffer */
- caddr_t rsa_out_buf; /* Output message buffer */
-};
-
-/*
- * DSA structure which defines fields needed to operate on the input.
- * Should be passed to the cyprtonini->cri_key field.
- */
-struct DSA_key {
- u_int16_t dsak_p_length; /* Length of modulus p */
-
- caddr_t dsak_generator; /* Generator to use, dsak_p_length */
- caddr_t dsak_mod_q; /* Modulus q to use, 160 bits */
- caddr_t dsak_mod_p; /* Modulus p to use, dsak_p_length */
- caddr_t dsak_pub_key; /* VERIFY - public key, dsak_p_length */
- caddr_t dsak_priv_key; /* SIGN - private key, 160 bits */
-};
-
-/*
- * DSA structure which defines the input and output buffers.
- * Should be passed to the cryptop->crp_buf field.
- */
-struct DSA_buf {
- u_int16_t dsa_msg_len; /* Message length */
-
- /* r,s,v are all 160 bits */
- caddr_t dsa_r_param; /* Input for VERIFY; output for SIGN */
- caddr_t dsa_s_param; /* Input for VERIFY; output for SIGN */
- caddr_t dsa_v_param; /* Output for VERIFY; should be
- * compared against r_param. */
- caddr_t dsa_msg_buf; /* Message buffer (hash or message) */
- caddr_t dsa_rnd_num; /* Random value from SW, 160 bits;
- * if not provided, framework will
- * provide one.
- */
-};
+#define SYMMETRIC 0
+#define PUBLIC_KEY 1
/* Standard initialization structure beginning */
struct cryptoini {
@@ -344,16 +229,42 @@ struct crypt_op {
#define CRYPTO_MAX_MAC_LEN 20
-#define COP_ENCRYPT 1
-#define COP_DECRYPT 2
-/* #define COP_SETKEY 3 */
-/* #define COP_GETKEY 4 */
+/* bignum parameter, in packed bytes, ... */
+struct crparam {
+ caddr_t crp_p;
+ u_int crp_nbits;
+};
+
+#define CRS_MAXPARAM 8
+struct crypt_sop {
+ u_int crs_op; /* ie. CRS_RSA_MOD_EXP or other */
+ u_int crs_iparams; /* # of input parameters */
+ u_int crs_oparams; /* # of output parameters */
+ u_int crs_status;
+ struct crparam crs_param[CRS_MAXPARAM];
+};
+#define CRS_RSA_MOD_EXP 0
+#define CRS_MOD_EXP 1
+#define CRS_RSA_MOD_EXP_CRT 2
+#define CRS_DSA_SIGN 3
+#define CRS_DSA_VERIFY 4
+#define CRS_DH_COMPUTE_KEY 5
#define CRIOGET _IOWR('c', 100, u_int32_t)
#define CIOCGSESSION _IOWR('c', 101, struct session_op)
#define CIOCFSESSION _IOW('c', 102, u_int32_t)
+
#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
+#define COP_ENCRYPT 1
+#define COP_DECRYPT 2
+
+#define CIOCSYMMETRIC _IOWR('c', 104, struct crypt_sop)
+
+#define CIOCSYMFEAT _IOR('c', 105, u_int32_t)
+#define CRSFEAT_RSA 0x00000001 /* supports all basic RSA ops */
+#define CRSFEAT_DSA 0x00000002 /* supports all basic DSA ops */
+#define CRSFEAT_DH 0x00000004 /* supports all basic DH ops */
#ifdef _KERNEL
int crypto_check_alg(struct cryptoini *);