initial cut at crypto_sop definitions for symmetric crypto

1 files changed, 33 insertions, 122 deletions

diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h
index 9c108f1f399..bef8a588a8f 100644
--- a/sys/crypto/cryptodev.h
+++ b/sys/crypto/cryptodev.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cryptodev.h,v 1.19 2002/03/01 02:50:02 provos Exp $	*/
+/*	$OpenBSD: cryptodev.h,v 1.20 2002/03/02 19:15:11 deraadt Exp $	*/
 
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -106,123 +106,8 @@
 #define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x00000002 /* Has HW RNG for DH/DSA */
 #define	CRYPTO_ALG_FLAG_DSA_SHA		0x00000004 /* Can do SHA on msg */
 
-#define SYMMETRIC		0
-#define PUBLIC_KEY		1
-
-/* 
- * Diffie-Hellman structure which defines fields needed to operate on the
- * input. Should be passed in the cryptoini->cri_key field.
- */
-struct DH_key {
-	/* 
-	 * CRYPTO_DH_SEND - Enable or disable the random number generator.
-	 * If disabled, private key and length should be stored in
-	 * DH_buf; otherwise only the length is needed and the generated
-	 * private key is stored in DH_buf->priv_key.
-	 */
-    
-	/* Length of key-related variables */
-	u_int16_t	dhk_gen_length;	/* SEND - generator length */
-	u_int16_t	dhk_mod_length;	/* SEND/RECEIVE - modulus length */
- 
-	/* Input/output buffers for key generation */
-	caddr_t		dhk_generator;	/* SEND - generator to use */
-	caddr_t		dhk_modulus;	/* SEND/RECEIVE - modulus to use */   
-};  
-
-/*
- * These are inputs for DH processing - the private keys and public
- * keys are stored here because For DH-Send, if RNG_ENABLE, the
- * private key does not have to be provided.  Should be passed to the
- * cryptop->crp_buf.
- */
-struct DH_buf {
-	/* Length of variables */
-	u_int16_t dh_public_key_length;	/* SEND/RECEIVE - public value len */
-	u_int16_t dh_ss_key_length;	/* RECEIVE - shared secret key len */
-	u_int16_t dh_priv_key_length;	/* SEND/RECEIVE - Private key length */
-    
-	/* Input/output buffers */
-	caddr_t	dh_priv_key; /* 
-			      * Buffer for private key the private key
-			      * buffer is placed here because it can
-			      * be both an input and an output. If this
-			      * is left empty, the crypto framework or
-			      * the underlying hardware will provide it for
-			      * SEND. Must be present on RECEIVE.
-			      */
-	caddr_t	dh_pub_key; /* SEND/RECEIVE - I/O buffer for public key */
-	caddr_t	dh_ss_key;  /* RECEIVE - output buffer for shared secret key */
-};
-
-/* 
- * RSA structure which defines fields needed to operate on the input.
- * Should be passed to the cryptoini->cri_key field.
- */
-struct RSA_key {
-	/* Length of variables (in bits) */
-	u_int16_t 	rsak_exponent_length;  	/* Length of exponent (e) */
-	u_int16_t	rsak_mod_length;	/* Length of modulus */
-	u_int16_t	rsak_p_length;		/* Length of p */
-	u_int16_t	rsak_q_length;		/* Length of q */
-	u_int16_t 	rsak_dp_length;		/* Length of CRT dp */
-	u_int16_t	rsak_dq_length;		/* Length of CRT dq */
-	u_int16_t	rsak_qinv_length;	/* Length of CRT qinv */
-
-	/* Input/output buffers */
-	caddr_t		rsak_exponent;
-	caddr_t		rsak_modulus;
-	caddr_t		rsak_p;
-	caddr_t		rsak_q;
-	caddr_t		rsak_dp;
-	caddr_t		rsak_dq;
-	caddr_t		rsak_qinv;
-};
-  
-/*
- * These are inputs for RSA processing - they are the data buffers for
- * the input and output message. Should be passed through cryptop->crp_buf.
- */
-struct RSA_buf {
-	u_int16_t	rsa_in_buf_length;	/* Length of input buffer */
-	u_int16_t	rsa_out_buf_length;	/* Length of output buffer */
-
-	caddr_t		rsa_in_buf;		/* Input message buffer */
-	caddr_t		rsa_out_buf;		/* Output message buffer */
-};
-
-/*
- * DSA structure which defines fields needed to operate on the input.
- * Should be passed to the cyprtonini->cri_key field.
- */    
-struct DSA_key {
-	u_int16_t	dsak_p_length;	/* Length of modulus p */
-
-	caddr_t		dsak_generator;	/* Generator to use, dsak_p_length */
-	caddr_t		dsak_mod_q;	/* Modulus q to use, 160 bits */
-	caddr_t		dsak_mod_p;	/* Modulus p to use, dsak_p_length */
-	caddr_t		dsak_pub_key;	/* VERIFY - public key, dsak_p_length */
-	caddr_t		dsak_priv_key;	/* SIGN - private key, 160 bits */
-};
-
-/*
- * DSA structure which defines the input and output buffers.
- * Should be passed to the cryptop->crp_buf field.
- */
-struct DSA_buf {
-	u_int16_t	dsa_msg_len;	/* Message length */
-
-	/* r,s,v are all 160 bits */
-	caddr_t		dsa_r_param;	/* Input for VERIFY; output for SIGN */
-	caddr_t		dsa_s_param;	/* Input for VERIFY; output for SIGN */
-	caddr_t		dsa_v_param;	/* Output for VERIFY; should be
-					 * compared against r_param. */
-	caddr_t		dsa_msg_buf;	/* Message buffer (hash or message) */
-	caddr_t		dsa_rnd_num;	/* Random value from SW, 160 bits;
-					 * if not provided, framework will
-					 * provide one.
-					 */
-};
+#define	SYMMETRIC		0
+#define	PUBLIC_KEY		1
 
 /* Standard initialization structure beginning */
 struct cryptoini {
@@ -344,16 +229,42 @@ struct crypt_op {
 
 #define CRYPTO_MAX_MAC_LEN	20
 
-#define COP_ENCRYPT	1
-#define COP_DECRYPT	2
-/* #define COP_SETKEY	3 */
-/* #define COP_GETKEY	4 */
+/* bignum parameter, in packed bytes, ... */
+struct crparam {
+	caddr_t		crp_p;
+	u_int		crp_nbits;
+};
+
+#define CRS_MAXPARAM	8
+struct crypt_sop {
+	u_int		crs_op;		/* ie. CRS_RSA_MOD_EXP or other */
+	u_int		crs_iparams;	/* # of input parameters */
+	u_int		crs_oparams;	/* # of output parameters */
+	u_int		crs_status;
+	struct crparam	crs_param[CRS_MAXPARAM];
+};
+#define CRS_RSA_MOD_EXP		0
+#define CRS_MOD_EXP		1
+#define CRS_RSA_MOD_EXP_CRT	2
+#define CRS_DSA_SIGN		3
+#define CRS_DSA_VERIFY		4
+#define CRS_DH_COMPUTE_KEY	5
 
 #define	CRIOGET		_IOWR('c', 100, u_int32_t)
 
 #define	CIOCGSESSION	_IOWR('c', 101, struct session_op)
 #define	CIOCFSESSION	_IOW('c', 102, u_int32_t)
+
 #define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
+#define COP_ENCRYPT	1
+#define COP_DECRYPT	2
+
+#define CIOCSYMMETRIC	_IOWR('c', 104, struct crypt_sop)
+
+#define CIOCSYMFEAT	_IOR('c', 105, u_int32_t)
+#define CRSFEAT_RSA	0x00000001	/* supports all basic RSA ops */
+#define CRSFEAT_DSA	0x00000002	/* supports all basic DSA ops */
+#define CRSFEAT_DH	0x00000004	/* supports all basic DH ops */
 
 #ifdef _KERNEL
 int	crypto_check_alg(struct cryptoini *);