xref: /titanic_50/usr/src/uts/common/sys/cryptmod.h (revision c77a61a72b5ecdc507d6cf104142edd371a16c84)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * cryptmod.h
27  * STREAMS based crypto module definitions.
28  *
29  * This is a Sun-private and undocumented interface.
30  */
31 
32 #ifndef _SYS_CRYPTMOD_H
33 #define	_SYS_CRYPTMOD_H
34 
35 #pragma ident	"%Z%%M%	%I%	%E% SMI"
36 
37 #include <sys/types.h>
38 #include <sys/types32.h>
39 #ifdef _KERNEL
40 #include <sys/crypto/api.h>
41 #endif /* _KERNEL */
42 
43 #ifdef	__cplusplus
44 extern "C" {
45 #endif
46 
47 
48 /*
49  * IOCTLs.
50  */
51 #define	CRYPTIOC (('C' << 24) | ('R' << 16) | ('Y' << 8) | 0x00)
52 
53 #define	CRYPTIOCSETUP		(CRYPTIOC | 0x01)
54 #define	CRYPTIOCSTOP		(CRYPTIOC | 0x02)
55 #define	CRYPTIOCSTARTENC	(CRYPTIOC | 0x03)
56 #define	CRYPTIOCSTARTDEC	(CRYPTIOC | 0x04)
57 
58 #define	CRYPTPASSTHRU		(CRYPTIOC | 0x80)
59 
60 /*
61  * Crypto method definitions, to be used with the CRIOCSETUP ioctl.
62  */
63 #define	CRYPT_METHOD_NONE		0
64 #define	CRYPT_METHOD_DES_CFB		101
65 #define	CRYPT_METHOD_DES_CBC_NULL	102
66 #define	CRYPT_METHOD_DES_CBC_MD5	103
67 #define	CRYPT_METHOD_DES_CBC_CRC	104
68 #define	CRYPT_METHOD_DES3_CBC_SHA1	105
69 #define	CRYPT_METHOD_ARCFOUR_HMAC_MD5	106
70 #define	CRYPT_METHOD_ARCFOUR_HMAC_MD5_EXP	107
71 #define	CRYPT_METHOD_AES128		108
72 #define	CRYPT_METHOD_AES256		109
73 
74 #define	CR_METHOD_OK(m) ((m) == CRYPT_METHOD_NONE || \
75 			((m) >= CRYPT_METHOD_DES_CFB && \
76 			(m) <= CRYPT_METHOD_AES256))
77 
78 #define	IS_RC4_METHOD(m) ((m) == CRYPT_METHOD_ARCFOUR_HMAC_MD5 || \
79 			(m) == CRYPT_METHOD_ARCFOUR_HMAC_MD5_EXP)
80 
81 #define	IS_AES_METHOD(m) ((m) == CRYPT_METHOD_AES128 || \
82 			(m) == CRYPT_METHOD_AES256)
83 
84 /*
85  * Direction mask values, also to be used with the CRIOCSETUP ioctl.
86  */
87 #define	CRYPT_ENCRYPT  0x01
88 #define	CRYPT_DECRYPT  0x02
89 
90 #define	CR_DIRECTION_OK(d) ((d) & (CRYPT_ENCRYPT | CRYPT_DECRYPT))
91 
92 /*
93  * Define constants for the 'ivec_usage' fields.
94  */
95 #define	IVEC_NEVER 0x00
96 #define	IVEC_REUSE 0x01
97 #define	IVEC_ONETIME 0x02
98 
99 #define	CR_IVUSAGE_OK(iv)	\
100 	((iv) == IVEC_NEVER || (iv) == IVEC_REUSE || (iv) == IVEC_ONETIME)
101 
102 #define	CRYPT_SHA1_BLOCKSIZE 64
103 #define	CRYPT_SHA1_HASHSIZE 20
104 #define	CRYPT_DES3_KEYBYTES 21
105 #define	CRYPT_DES3_KEYLENGTH 24
106 #define	CRYPT_ARCFOUR_KEYBYTES 16
107 #define	CRYPT_ARCFOUR_KEYLENGTH 16
108 #define	CRYPT_AES128_KEYBYTES 16
109 #define	CRYPT_AES128_KEYLENGTH 16
110 #define	CRYPT_AES256_KEYBYTES 32
111 #define	CRYPT_AES256_KEYLENGTH 32
112 
113 #define	AES_TRUNCATED_HMAC_LEN 12
114 
115 /*
116  * Max size of initialization vector and key.
117  * 256 bytes = 2048 bits.
118  */
119 #define	CRYPT_MAX_KEYLEN 256
120 #define	CRYPT_MAX_IVLEN  256
121 
122 typedef uint8_t	crkeylen_t;
123 typedef uint8_t	crivlen_t;
124 
125 typedef uchar_t crmeth_t;
126 typedef uchar_t cropt_t;
127 typedef uchar_t crdir_t;
128 typedef uchar_t crivuse_t;
129 
130 /*
131  * Define values for the option mask field.
132  * These can be extended to alter the behavior
133  * of the module.  For example, when used by kerberized
134  * Unix r commands (rlogind, rshd), all msgs must be
135  * prepended with 4 bytes of clear text data that represent
136  * the 'length' of the cipher text that follows.
137  */
138 #define	CRYPTOPT_NONE		0x00
139 #define	CRYPTOPT_RCMD_MODE_V1	0x01
140 #define	CRYPTOPT_RCMD_MODE_V2	0x02
141 
142 #define	ANY_RCMD_MODE(m) ((m) & (CRYPTOPT_RCMD_MODE_V1 |\
143 			CRYPTOPT_RCMD_MODE_V2))
144 
145 /* Define the size of the length field used in 'rcmd' mode */
146 #define	RCMD_LEN_SZ	sizeof (uint32_t)
147 
148 #define	CR_OPTIONS_OK(opt) ((opt) == CRYPTOPT_NONE || \
149 			ANY_RCMD_MODE(opt))
150 /*
151  * Structure used by userland apps to pass data into crypto module
152  * with the CRIOCSETUP iotcl.
153  */
154 struct cr_info_t {
155 	uchar_t		key[CRYPT_MAX_KEYLEN];
156 	uchar_t		ivec[CRYPT_MAX_IVLEN];
157 	crkeylen_t	keylen;
158 	crivlen_t	iveclen;
159 	crivuse_t	ivec_usage;
160 	crdir_t		direction_mask;
161 	crmeth_t	crypto_method;
162 	cropt_t		option_mask;
163 };
164 
165 #if defined(_KERNEL)
166 
167 #define	RCMDV1_USAGE	1026
168 #define	ARCFOUR_DECRYPT_USAGE 1032
169 #define	ARCFOUR_ENCRYPT_USAGE 1028
170 #define	AES_ENCRYPT_USAGE 1028
171 #define	AES_DECRYPT_USAGE 1032
172 
173 #define	DEFAULT_DES_BLOCKLEN 8
174 #define	DEFAULT_AES_BLOCKLEN 16
175 #define	ARCFOUR_EXP_SALT "fortybits"
176 
177 struct cipher_data_t {
178 	char		*key;
179 	char		*block;
180 	char		*ivec;
181 	char		*saveblock;
182 	crypto_mech_type_t mech_type;
183 	crypto_key_t    *ckey;		/* initial encryption key */
184 	crypto_key_t    d_encr_key;	/* derived encr key */
185 	crypto_key_t    d_hmac_key;	/* derived hmac key */
186 	crypto_ctx_template_t enc_tmpl;
187 	crypto_ctx_template_t hmac_tmpl;
188 	crypto_context_t ctx;
189 	size_t		bytes;
190 	crkeylen_t	blocklen;
191 	crkeylen_t	keylen;
192 	crkeylen_t	ivlen;
193 	crivuse_t	ivec_usage;
194 	crmeth_t	method;
195 	cropt_t		option_mask;
196 };
197 
198 struct rcmd_state_t {
199 	size_t	pt_len;    /* Plain text length */
200 	size_t	cd_len;    /* Cipher Data length */
201 	size_t	cd_rcvd;   /* Cipher Data bytes received so far */
202 	uint32_t next_len;
203 	mblk_t  *c_msg;	/* mblk that will contain the new data */
204 };
205 
206 /* Values for "ready" mask. */
207 #define	CRYPT_WRITE_READY 0x01
208 #define	CRYPT_READ_READY  0x02
209 
210 /*
211  * State information for the streams module.
212  */
213 struct tmodinfo {
214 	struct cipher_data_t	enc_data;
215 	struct cipher_data_t	dec_data;
216 	struct rcmd_state_t	rcmd_state;
217 	uchar_t			ready;
218 };
219 
220 #endif /* _KERNEL */
221 
222 #ifdef	__cplusplus
223 }
224 #endif
225 
226 #endif	/* _SYS_CRYPTMOD_H */
227