xref: /titanic_51/usr/src/uts/common/sys/cryptmod.h (revision 7c478bd95313f5f23a4c958a745db2134aa03244)
1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate  * CDDL HEADER START
3*7c478bd9Sstevel@tonic-gate  *
4*7c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5*7c478bd9Sstevel@tonic-gate  * Common Development and Distribution License, Version 1.0 only
6*7c478bd9Sstevel@tonic-gate  * (the "License").  You may not use this file except in compliance
7*7c478bd9Sstevel@tonic-gate  * with the License.
8*7c478bd9Sstevel@tonic-gate  *
9*7c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*7c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
11*7c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
12*7c478bd9Sstevel@tonic-gate  * and limitations under the License.
13*7c478bd9Sstevel@tonic-gate  *
14*7c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
15*7c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*7c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
17*7c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
18*7c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
19*7c478bd9Sstevel@tonic-gate  *
20*7c478bd9Sstevel@tonic-gate  * CDDL HEADER END
21*7c478bd9Sstevel@tonic-gate  */
22*7c478bd9Sstevel@tonic-gate /*
23*7c478bd9Sstevel@tonic-gate  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24*7c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
25*7c478bd9Sstevel@tonic-gate  *
26*7c478bd9Sstevel@tonic-gate  * cryptmod.h
27*7c478bd9Sstevel@tonic-gate  * STREAMS based crypto module definitions.
28*7c478bd9Sstevel@tonic-gate  *
29*7c478bd9Sstevel@tonic-gate  * This is a Sun-private and undocumented interface.
30*7c478bd9Sstevel@tonic-gate  */
31*7c478bd9Sstevel@tonic-gate 
32*7c478bd9Sstevel@tonic-gate #ifndef _SYS_CRYPTMOD_H
33*7c478bd9Sstevel@tonic-gate #define	_SYS_CRYPTMOD_H
34*7c478bd9Sstevel@tonic-gate 
35*7c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
36*7c478bd9Sstevel@tonic-gate 
37*7c478bd9Sstevel@tonic-gate #include <sys/types.h>
38*7c478bd9Sstevel@tonic-gate #include <sys/types32.h>
39*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL
40*7c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
41*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
42*7c478bd9Sstevel@tonic-gate 
43*7c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
44*7c478bd9Sstevel@tonic-gate extern "C" {
45*7c478bd9Sstevel@tonic-gate #endif
46*7c478bd9Sstevel@tonic-gate 
47*7c478bd9Sstevel@tonic-gate 
48*7c478bd9Sstevel@tonic-gate /*
49*7c478bd9Sstevel@tonic-gate  * IOCTLs.
50*7c478bd9Sstevel@tonic-gate  */
51*7c478bd9Sstevel@tonic-gate #define	CRYPTIOC (('C' << 24) | ('R' << 16) | ('Y' << 8) | 0x00)
52*7c478bd9Sstevel@tonic-gate 
53*7c478bd9Sstevel@tonic-gate #define	CRYPTIOCSETUP		(CRYPTIOC | 0x01)
54*7c478bd9Sstevel@tonic-gate #define	CRYPTIOCSTOP		(CRYPTIOC | 0x02)
55*7c478bd9Sstevel@tonic-gate #define	CRYPTIOCSTARTENC	(CRYPTIOC | 0x03)
56*7c478bd9Sstevel@tonic-gate #define	CRYPTIOCSTARTDEC	(CRYPTIOC | 0x04)
57*7c478bd9Sstevel@tonic-gate 
58*7c478bd9Sstevel@tonic-gate #define	CRYPTPASSTHRU		(CRYPTIOC | 0x80)
59*7c478bd9Sstevel@tonic-gate 
60*7c478bd9Sstevel@tonic-gate /*
61*7c478bd9Sstevel@tonic-gate  * Crypto method definitions, to be used with the CRIOCSETUP ioctl.
62*7c478bd9Sstevel@tonic-gate  */
63*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_NONE		0
64*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_DES_CFB		101
65*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_DES_CBC_NULL	102
66*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_DES_CBC_MD5	103
67*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_DES_CBC_CRC	104
68*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_DES3_CBC_SHA1	105
69*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_ARCFOUR_HMAC_MD5	106
70*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_ARCFOUR_HMAC_MD5_EXP	107
71*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_AES128		108
72*7c478bd9Sstevel@tonic-gate #define	CRYPT_METHOD_AES256		109
73*7c478bd9Sstevel@tonic-gate 
74*7c478bd9Sstevel@tonic-gate #define	CR_METHOD_OK(m) ((m) == CRYPT_METHOD_NONE || \
75*7c478bd9Sstevel@tonic-gate 			((m) >= CRYPT_METHOD_DES_CFB && \
76*7c478bd9Sstevel@tonic-gate 			(m) <= CRYPT_METHOD_AES256))
77*7c478bd9Sstevel@tonic-gate 
78*7c478bd9Sstevel@tonic-gate #define	IS_RC4_METHOD(m) ((m) == CRYPT_METHOD_ARCFOUR_HMAC_MD5 || \
79*7c478bd9Sstevel@tonic-gate 			(m) == CRYPT_METHOD_ARCFOUR_HMAC_MD5_EXP)
80*7c478bd9Sstevel@tonic-gate 
81*7c478bd9Sstevel@tonic-gate #define	IS_AES_METHOD(m) ((m) == CRYPT_METHOD_AES128 || \
82*7c478bd9Sstevel@tonic-gate 			(m) == CRYPT_METHOD_AES256)
83*7c478bd9Sstevel@tonic-gate 
84*7c478bd9Sstevel@tonic-gate /*
85*7c478bd9Sstevel@tonic-gate  * Direction mask values, also to be used with the CRIOCSETUP ioctl.
86*7c478bd9Sstevel@tonic-gate  */
87*7c478bd9Sstevel@tonic-gate #define	CRYPT_ENCRYPT  0x01
88*7c478bd9Sstevel@tonic-gate #define	CRYPT_DECRYPT  0x02
89*7c478bd9Sstevel@tonic-gate 
90*7c478bd9Sstevel@tonic-gate #define	CR_DIRECTION_OK(d) ((d) & (CRYPT_ENCRYPT | CRYPT_DECRYPT))
91*7c478bd9Sstevel@tonic-gate 
92*7c478bd9Sstevel@tonic-gate /*
93*7c478bd9Sstevel@tonic-gate  * Define constants for the 'ivec_usage' fields.
94*7c478bd9Sstevel@tonic-gate  */
95*7c478bd9Sstevel@tonic-gate #define	IVEC_NEVER 0x00
96*7c478bd9Sstevel@tonic-gate #define	IVEC_REUSE 0x01
97*7c478bd9Sstevel@tonic-gate #define	IVEC_ONETIME 0x02
98*7c478bd9Sstevel@tonic-gate 
99*7c478bd9Sstevel@tonic-gate #define	CR_IVUSAGE_OK(iv)	\
100*7c478bd9Sstevel@tonic-gate 	((iv) == IVEC_NEVER || (iv) == IVEC_REUSE || (iv) == IVEC_ONETIME)
101*7c478bd9Sstevel@tonic-gate 
102*7c478bd9Sstevel@tonic-gate #define	CRYPT_SHA1_BLOCKSIZE 64
103*7c478bd9Sstevel@tonic-gate #define	CRYPT_SHA1_HASHSIZE 20
104*7c478bd9Sstevel@tonic-gate #define	CRYPT_DES3_KEYBYTES 21
105*7c478bd9Sstevel@tonic-gate #define	CRYPT_DES3_KEYLENGTH 24
106*7c478bd9Sstevel@tonic-gate #define	CRYPT_ARCFOUR_KEYBYTES 16
107*7c478bd9Sstevel@tonic-gate #define	CRYPT_ARCFOUR_KEYLENGTH 16
108*7c478bd9Sstevel@tonic-gate #define	CRYPT_AES128_KEYBYTES 16
109*7c478bd9Sstevel@tonic-gate #define	CRYPT_AES128_KEYLENGTH 16
110*7c478bd9Sstevel@tonic-gate #define	CRYPT_AES256_KEYBYTES 32
111*7c478bd9Sstevel@tonic-gate #define	CRYPT_AES256_KEYLENGTH 32
112*7c478bd9Sstevel@tonic-gate 
113*7c478bd9Sstevel@tonic-gate #define	AES_TRUNCATED_HMAC_LEN 12
114*7c478bd9Sstevel@tonic-gate 
115*7c478bd9Sstevel@tonic-gate /*
116*7c478bd9Sstevel@tonic-gate  * Max size of initialization vector and key.
117*7c478bd9Sstevel@tonic-gate  * 256 bytes = 2048 bits.
118*7c478bd9Sstevel@tonic-gate  */
119*7c478bd9Sstevel@tonic-gate #define	CRYPT_MAX_KEYLEN 256
120*7c478bd9Sstevel@tonic-gate #define	CRYPT_MAX_IVLEN  256
121*7c478bd9Sstevel@tonic-gate 
122*7c478bd9Sstevel@tonic-gate typedef uint8_t	crkeylen_t;
123*7c478bd9Sstevel@tonic-gate typedef uint8_t	crivlen_t;
124*7c478bd9Sstevel@tonic-gate 
125*7c478bd9Sstevel@tonic-gate typedef uchar_t crmeth_t;
126*7c478bd9Sstevel@tonic-gate typedef uchar_t cropt_t;
127*7c478bd9Sstevel@tonic-gate typedef uchar_t crdir_t;
128*7c478bd9Sstevel@tonic-gate typedef uchar_t crivuse_t;
129*7c478bd9Sstevel@tonic-gate 
130*7c478bd9Sstevel@tonic-gate /*
131*7c478bd9Sstevel@tonic-gate  * Define values for the option mask field.
132*7c478bd9Sstevel@tonic-gate  * These can be extended to alter the behavior
133*7c478bd9Sstevel@tonic-gate  * of the module.  For example, when used by kerberized
134*7c478bd9Sstevel@tonic-gate  * Unix r commands (rlogind, rshd), all msgs must be
135*7c478bd9Sstevel@tonic-gate  * prepended with 4 bytes of clear text data that represent
136*7c478bd9Sstevel@tonic-gate  * the 'length' of the cipher text that follows.
137*7c478bd9Sstevel@tonic-gate  */
138*7c478bd9Sstevel@tonic-gate #define	CRYPTOPT_NONE		0x00
139*7c478bd9Sstevel@tonic-gate #define	CRYPTOPT_RCMD_MODE_V1	0x01
140*7c478bd9Sstevel@tonic-gate #define	CRYPTOPT_RCMD_MODE_V2	0x02
141*7c478bd9Sstevel@tonic-gate 
142*7c478bd9Sstevel@tonic-gate #define	ANY_RCMD_MODE(m) ((m) & (CRYPTOPT_RCMD_MODE_V1 |\
143*7c478bd9Sstevel@tonic-gate 			CRYPTOPT_RCMD_MODE_V2))
144*7c478bd9Sstevel@tonic-gate 
145*7c478bd9Sstevel@tonic-gate /* Define the size of the length field used in 'rcmd' mode */
146*7c478bd9Sstevel@tonic-gate #define	RCMD_LEN_SZ	sizeof (uint32_t)
147*7c478bd9Sstevel@tonic-gate 
148*7c478bd9Sstevel@tonic-gate #define	CR_OPTIONS_OK(opt) ((opt) == CRYPTOPT_NONE || \
149*7c478bd9Sstevel@tonic-gate 			ANY_RCMD_MODE(opt))
150*7c478bd9Sstevel@tonic-gate /*
151*7c478bd9Sstevel@tonic-gate  * Structure used by userland apps to pass data into crypto module
152*7c478bd9Sstevel@tonic-gate  * with the CRIOCSETUP iotcl.
153*7c478bd9Sstevel@tonic-gate  */
154*7c478bd9Sstevel@tonic-gate struct cr_info_t {
155*7c478bd9Sstevel@tonic-gate 	uchar_t		key[CRYPT_MAX_KEYLEN];
156*7c478bd9Sstevel@tonic-gate 	uchar_t		ivec[CRYPT_MAX_IVLEN];
157*7c478bd9Sstevel@tonic-gate 	crkeylen_t	keylen;
158*7c478bd9Sstevel@tonic-gate 	crivlen_t	iveclen;
159*7c478bd9Sstevel@tonic-gate 	crivuse_t	ivec_usage;
160*7c478bd9Sstevel@tonic-gate 	crdir_t		direction_mask;
161*7c478bd9Sstevel@tonic-gate 	crmeth_t	crypto_method;
162*7c478bd9Sstevel@tonic-gate 	cropt_t		option_mask;
163*7c478bd9Sstevel@tonic-gate };
164*7c478bd9Sstevel@tonic-gate 
165*7c478bd9Sstevel@tonic-gate #if defined(_KERNEL)
166*7c478bd9Sstevel@tonic-gate 
167*7c478bd9Sstevel@tonic-gate #define	RCMDV1_USAGE	1026
168*7c478bd9Sstevel@tonic-gate #define	ARCFOUR_DECRYPT_USAGE 1032
169*7c478bd9Sstevel@tonic-gate #define	ARCFOUR_ENCRYPT_USAGE 1028
170*7c478bd9Sstevel@tonic-gate #define	AES_ENCRYPT_USAGE 1028
171*7c478bd9Sstevel@tonic-gate #define	AES_DECRYPT_USAGE 1032
172*7c478bd9Sstevel@tonic-gate 
173*7c478bd9Sstevel@tonic-gate #define	DEFAULT_DES_BLOCKLEN 8
174*7c478bd9Sstevel@tonic-gate #define	DEFAULT_AES_BLOCKLEN 16
175*7c478bd9Sstevel@tonic-gate #define	ARCFOUR_EXP_SALT "fortybits"
176*7c478bd9Sstevel@tonic-gate 
177*7c478bd9Sstevel@tonic-gate struct cipher_data_t {
178*7c478bd9Sstevel@tonic-gate 	char		*key;
179*7c478bd9Sstevel@tonic-gate 	char		*block;
180*7c478bd9Sstevel@tonic-gate 	char		*ivec;
181*7c478bd9Sstevel@tonic-gate 	char		*saveblock;
182*7c478bd9Sstevel@tonic-gate 	crypto_mech_type_t mech_type;
183*7c478bd9Sstevel@tonic-gate 	crypto_key_t    *ckey;		/* initial encryption key */
184*7c478bd9Sstevel@tonic-gate 	crypto_key_t    d_encr_key;	/* derived encr key */
185*7c478bd9Sstevel@tonic-gate 	crypto_key_t    d_hmac_key;	/* derived hmac key */
186*7c478bd9Sstevel@tonic-gate 	crypto_ctx_template_t enc_tmpl;
187*7c478bd9Sstevel@tonic-gate 	crypto_ctx_template_t hmac_tmpl;
188*7c478bd9Sstevel@tonic-gate 	crypto_context_t ctx;
189*7c478bd9Sstevel@tonic-gate 	size_t		bytes;
190*7c478bd9Sstevel@tonic-gate 	crkeylen_t	blocklen;
191*7c478bd9Sstevel@tonic-gate 	crkeylen_t	keylen;
192*7c478bd9Sstevel@tonic-gate 	crkeylen_t	ivlen;
193*7c478bd9Sstevel@tonic-gate 	crivuse_t	ivec_usage;
194*7c478bd9Sstevel@tonic-gate 	crmeth_t	method;
195*7c478bd9Sstevel@tonic-gate 	cropt_t		option_mask;
196*7c478bd9Sstevel@tonic-gate };
197*7c478bd9Sstevel@tonic-gate 
198*7c478bd9Sstevel@tonic-gate struct rcmd_state_t {
199*7c478bd9Sstevel@tonic-gate 	size_t	pt_len;    /* Plain text length */
200*7c478bd9Sstevel@tonic-gate 	size_t	cd_len;    /* Cipher Data length */
201*7c478bd9Sstevel@tonic-gate 	size_t	cd_rcvd;   /* Cipher Data bytes received so far */
202*7c478bd9Sstevel@tonic-gate 	uint32_t next_len;
203*7c478bd9Sstevel@tonic-gate 	mblk_t  *c_msg;	/* mblk that will contain the new data */
204*7c478bd9Sstevel@tonic-gate };
205*7c478bd9Sstevel@tonic-gate 
206*7c478bd9Sstevel@tonic-gate /* Values for "ready" mask. */
207*7c478bd9Sstevel@tonic-gate #define	CRYPT_WRITE_READY 0x01
208*7c478bd9Sstevel@tonic-gate #define	CRYPT_READ_READY  0x02
209*7c478bd9Sstevel@tonic-gate 
210*7c478bd9Sstevel@tonic-gate /*
211*7c478bd9Sstevel@tonic-gate  * State information for the streams module.
212*7c478bd9Sstevel@tonic-gate  */
213*7c478bd9Sstevel@tonic-gate struct tmodinfo {
214*7c478bd9Sstevel@tonic-gate 	struct cipher_data_t	enc_data;
215*7c478bd9Sstevel@tonic-gate 	struct cipher_data_t	dec_data;
216*7c478bd9Sstevel@tonic-gate 	struct rcmd_state_t	rcmd_state;
217*7c478bd9Sstevel@tonic-gate 	uchar_t			ready;
218*7c478bd9Sstevel@tonic-gate };
219*7c478bd9Sstevel@tonic-gate 
220*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
221*7c478bd9Sstevel@tonic-gate 
222*7c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
223*7c478bd9Sstevel@tonic-gate }
224*7c478bd9Sstevel@tonic-gate #endif
225*7c478bd9Sstevel@tonic-gate 
226*7c478bd9Sstevel@tonic-gate #endif	/* _SYS_CRYPTMOD_H */
227