2008-05-02 22:11:04 +04:00
|
|
|
.\" $NetBSD: crypto.4,v 1.14 2008/05/02 18:11:05 martin Exp $
|
2008-04-11 02:48:42 +04:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
.\" by Coyote Point Systems, Inc.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.\"
|
2004-04-28 01:34:10 +04:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2004
|
|
|
|
.\" Jonathan Stone <jonathan@dsg.stanford.edu>. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY Jonathan Stone AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL Jonathan Stone OR THE VOICES IN HIS HEAD
|
|
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
|
|
|
.\" THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
2008-04-11 02:48:42 +04:00
|
|
|
.Dd March 29, 2008
|
2004-04-28 01:34:10 +04:00
|
|
|
.Dt CRYPTO 4
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
2006-03-29 00:50:57 +04:00
|
|
|
.Nm crypto ,
|
|
|
|
.Nm swcrypto
|
2004-04-28 01:34:10 +04:00
|
|
|
.Nd user-mode access to hardware-accelerated cryptography
|
|
|
|
.Sh SYNOPSIS
|
2004-04-28 19:21:43 +04:00
|
|
|
.Cd "hifn* at pci? dev ? function ?"
|
|
|
|
.Cd "ubsec* at pci? dev ? function ?"
|
2004-04-28 01:34:10 +04:00
|
|
|
.Pp
|
2004-04-28 19:21:43 +04:00
|
|
|
.Cd pseudo-device crypto
|
2006-03-29 00:50:57 +04:00
|
|
|
.Cd pseudo-device swcrypto
|
2004-04-28 01:34:10 +04:00
|
|
|
.Pp
|
|
|
|
.In sys/ioctl.h
|
2004-04-28 03:42:59 +04:00
|
|
|
.In sys/time.h
|
|
|
|
.In crypto/cryptodev.h
|
2004-04-28 01:34:10 +04:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
driver gives user-mode applications access to hardware-accelerated
|
2004-04-28 19:19:20 +04:00
|
|
|
cryptographic transforms, as implemented by the
|
2004-04-28 01:34:10 +04:00
|
|
|
.Xr opencrypto 9
|
|
|
|
in-kernel interface.
|
|
|
|
The
|
2006-03-29 00:50:57 +04:00
|
|
|
.Cm swcrypto
|
|
|
|
driver is a software-only implementation of the
|
|
|
|
.Xr opencrypto 9
|
|
|
|
interface, and must be included to use the interface without hardware
|
|
|
|
acceleration.
|
|
|
|
The
|
2004-04-28 01:34:10 +04:00
|
|
|
.Pa /dev/crypto
|
2004-04-28 19:19:20 +04:00
|
|
|
special device provides an
|
2004-04-28 01:34:10 +04:00
|
|
|
.Xr ioctl 2
|
2004-04-28 19:21:43 +04:00
|
|
|
based interface.
|
|
|
|
User-mode applications should open the special device,
|
2004-04-28 19:19:20 +04:00
|
|
|
then issue
|
|
|
|
.Xr ioctl 2
|
2004-04-28 19:21:43 +04:00
|
|
|
calls on the descriptor.
|
|
|
|
The
|
2004-04-28 01:34:10 +04:00
|
|
|
.Nm
|
|
|
|
device provides two distinct modes of operation: one mode for
|
|
|
|
symmetric-keyed cryptographic requests, and a second mode for
|
|
|
|
both asymmetric-key (public-key/private-key) requests, and for
|
2008-04-11 02:48:42 +04:00
|
|
|
modular arithmetic (for Diffie-Hellman key exchange and other
|
|
|
|
cryptographic protocols).
|
2004-04-28 01:34:10 +04:00
|
|
|
The two modes are described separately below.
|
2008-04-11 02:48:42 +04:00
|
|
|
.Sh THEORY OF OPERATION
|
|
|
|
Regardless of whether symmetric-key or asymmetric-key operations are
|
|
|
|
to be performed, use of the device requires a basic series of steps:
|
|
|
|
.Pp
|
|
|
|
.Bl -enum
|
|
|
|
.It
|
|
|
|
Open a file descriptor for the device. See
|
|
|
|
.Xr open 2 .
|
|
|
|
.It
|
|
|
|
If any symmetric operation will be performed,
|
|
|
|
create one session, with
|
|
|
|
.Dv CIOCGSESSION ,
|
|
|
|
or multiple sessions, with
|
|
|
|
.Dv CIOCNGSESSION .
|
|
|
|
Most applications will require at least one symmetric session.
|
|
|
|
Since cipher and MAC keys are tied to sessions, many
|
|
|
|
applications will require more. Asymmetric operations do not use sessions.
|
|
|
|
.It
|
|
|
|
Submit requests, synchronously with
|
|
|
|
.Dv CIOCCRYPT
|
|
|
|
(symmetric)
|
|
|
|
or
|
|
|
|
.Dv CIOCFKEY
|
|
|
|
(asymmetric)
|
|
|
|
or asynchronously with
|
|
|
|
.Dv CIOCNCRYPTM
|
|
|
|
(symmetric)
|
|
|
|
or
|
|
|
|
.Dv CIOCNFKEYM
|
|
|
|
(asymmetric).
|
|
|
|
The asynchronous interface allows multiple requests to be submitted in one
|
|
|
|
call if the user so desires.
|
|
|
|
.It
|
|
|
|
If the asynchronous interface is used, wait for results with
|
|
|
|
.Xr select 2
|
|
|
|
or
|
|
|
|
.Xr poll 2 ,
|
|
|
|
then collect them with
|
|
|
|
.Dv CIOCNCRYPTRET
|
|
|
|
(a particular request)
|
|
|
|
or
|
|
|
|
.Dv CIOCNCRYPTRETM
|
|
|
|
(multiple requests).
|
|
|
|
.It
|
|
|
|
Destroy one session with
|
|
|
|
.Dv CIOCFSESSION
|
|
|
|
or many at once with
|
|
|
|
.Dv CIOCNFSESSION .
|
|
|
|
.It
|
|
|
|
Close the device with
|
|
|
|
.Xr close 2 .
|
|
|
|
.El
|
2004-04-28 01:34:10 +04:00
|
|
|
.Sh SYMMETRIC-KEY OPERATION
|
|
|
|
The symmetric-key operation mode provides a context-based API
|
|
|
|
to traditional symmetric-key encryption (or privacy) algorithms,
|
|
|
|
or to keyed and unkeyed one-way hash (HMAC and MAC) algorithms.
|
|
|
|
The symmetric-key mode also permits fused operation,
|
|
|
|
where the hardware performs both a privacy algorithm and an integrity-check
|
2004-04-28 19:21:43 +04:00
|
|
|
algorithm in a single pass over the data: either a fused
|
2004-04-28 01:34:10 +04:00
|
|
|
encrypt/HMAC-generate operation, or a fused HMAC-verify/decrypt operation.
|
|
|
|
.Pp
|
|
|
|
To use symmetric mode, you must first create a session specifying
|
|
|
|
the algorithm(s) and key(s) to use; then issue encrypt or decrypt
|
2004-04-28 19:19:20 +04:00
|
|
|
requests against the session.
|
2004-04-28 01:34:10 +04:00
|
|
|
.Ss Symmetric-key privacy algorithms
|
|
|
|
Contingent upon device drivers for installed cryptographic hardware
|
|
|
|
registering with
|
|
|
|
.Xr opencrypto 9 ,
|
|
|
|
as providers of a given algorithm, some or all of the following
|
|
|
|
symmetric-key privacy algorithms may be available:
|
|
|
|
.Bl -tag -compact -width CRYPTO_RIPEMD160_HMAC -offset indent
|
|
|
|
.It CRYPTO_DES_CBC
|
|
|
|
.It CRYPTO_3DES_CBC
|
|
|
|
.It CRYPTO_BLF_CBC
|
|
|
|
.It CRYPTO_CAST_CBC
|
|
|
|
.It CRYPTO_SKIPJACK_CBC
|
|
|
|
.It CRYPTO_AES_CBC
|
|
|
|
.It CRYPTO_ARC4
|
|
|
|
.El
|
|
|
|
.Ss Integrity-check operations
|
|
|
|
Contingent upon hardware support, some or all of the following
|
|
|
|
keyed one-way hash algorithms may be available:
|
|
|
|
.Bl -tag -compact -width CRYPTO_RIPEMD160_HMAC -offset indent
|
|
|
|
.It CRYPTO_RIPEMD160_HMAC
|
|
|
|
.It CRYPTO_MD5_KPDK
|
|
|
|
.It CRYPTO_SHA1_KPDK
|
|
|
|
.It CRYPTO_MD5_HMAC
|
|
|
|
.It CRYPTO_SHA1_HMAC
|
|
|
|
.It CRYPTO_SHA2_HMAC
|
|
|
|
.It CRYPTO_MD5
|
|
|
|
.It CRYPTO_SHA1
|
|
|
|
.El
|
2004-04-28 19:19:20 +04:00
|
|
|
The
|
2004-04-28 01:34:10 +04:00
|
|
|
.Em CRYPTO_MD5
|
|
|
|
and
|
|
|
|
.Em CRYPTO_SHA1
|
|
|
|
algorithms are actually unkeyed, but should be requested
|
|
|
|
as symmetric-key hash algorithms with a zero-length key.
|
|
|
|
.Ss IOCTL Request Descriptions
|
|
|
|
.\"
|
|
|
|
.Bl -tag -width CIOCFKEY
|
|
|
|
.\"
|
2006-09-24 00:38:51 +04:00
|
|
|
.It Dv CRIOGET Fa int *fd
|
2008-01-26 03:04:27 +03:00
|
|
|
This operation is deprecated and will be removed after
|
|
|
|
.Nx 5.0.
|
|
|
|
It clones the fd argument to
|
2004-04-28 01:34:10 +04:00
|
|
|
.Xr ioctl 4 ,
|
2008-01-26 03:04:27 +03:00
|
|
|
yielding a new file descriptor for the creation of sessions. Because the
|
|
|
|
device now clones on open, this operation is unnecessary.
|
2004-04-28 01:34:10 +04:00
|
|
|
.\"
|
2005-04-14 22:52:23 +04:00
|
|
|
.It Dv CIOCGSESSION Fa struct session_op *sessp
|
2008-04-11 02:48:42 +04:00
|
|
|
.Bd -literal
|
|
|
|
struct session_op {
|
|
|
|
u_int32_t cipher; /* e.g. CRYPTO_DES_CBC */
|
|
|
|
u_int32_t mac; /* e.g. CRYPTO_MD5_HMAC */
|
|
|
|
|
|
|
|
u_int32_t keylen; /* cipher key */
|
|
|
|
void * key;
|
|
|
|
int mackeylen; /* mac key */
|
|
|
|
void * mackey;
|
|
|
|
|
|
|
|
u_int32_t ses; /* returns: ses # */
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
2008-01-26 03:04:27 +03:00
|
|
|
Create a new cryptographic session on a file descriptor for the device;
|
|
|
|
that is, a persistent object specific to the chosen
|
2008-01-25 10:09:56 +03:00
|
|
|
privacy algorithm, integrity algorithm, and keys specified in
|
2004-04-28 01:34:10 +04:00
|
|
|
.Fa sessp .
|
2004-04-28 19:19:20 +04:00
|
|
|
The special value 0 for either privacy or integrity
|
|
|
|
is reserved to indicate that the indicated operation (privacy or integrity)
|
|
|
|
is not desired for this session.
|
2004-04-28 01:34:10 +04:00
|
|
|
.Pp
|
2008-01-25 10:09:56 +03:00
|
|
|
Multiple sessions may be bound to a single file descriptor. The session
|
|
|
|
ID returned in
|
2008-04-11 02:48:42 +04:00
|
|
|
.Fa sessp-\*[Gt]ses
|
2008-01-25 10:09:56 +03:00
|
|
|
is supplied as a required field in the symmetric-operation structure
|
|
|
|
.Fa crypt_op
|
|
|
|
for future encryption or hashing requests.
|
|
|
|
.Pp
|
|
|
|
This implementation will never return a session ID of 0 for a successful
|
|
|
|
creation of a session, which is a
|
|
|
|
.Nx
|
|
|
|
extension.
|
|
|
|
.Pp
|
2004-04-28 19:19:20 +04:00
|
|
|
For non-zero symmetric-key privacy algorithms, the privacy algorithm
|
2004-04-28 01:34:10 +04:00
|
|
|
must be specified in
|
2008-01-25 10:09:56 +03:00
|
|
|
.Fa sessp-\*[Gt]cipher ,
|
2004-04-28 01:34:10 +04:00
|
|
|
the key length in
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa sessp-\*[Gt]keylen ,
|
2004-04-28 19:19:20 +04:00
|
|
|
and the key value in the octets addressed by
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa sessp-\*[Gt]key .
|
2004-04-28 01:34:10 +04:00
|
|
|
.Pp
|
|
|
|
For keyed one-way hash algorithms, the one-way hash must be specified
|
|
|
|
in
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa sessp-\*[Gt]mac ,
|
2004-04-28 01:34:10 +04:00
|
|
|
the key length in
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa sessp-\*[Gt]mackey ,
|
2004-04-28 19:19:20 +04:00
|
|
|
and the key value in the octets addressed by
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa sessp-\*[Gt]mackeylen .
|
2004-04-28 01:34:10 +04:00
|
|
|
.\"
|
|
|
|
.Pp
|
|
|
|
Support for a specific combination of fused privacy and
|
|
|
|
integrity-check algorithms depends on whether the underlying
|
2004-04-28 19:21:43 +04:00
|
|
|
hardware supports that combination.
|
|
|
|
Not all combinations are supported
|
2004-04-28 19:19:20 +04:00
|
|
|
by all hardware, even if the hardware supports each operation as a
|
2004-04-28 01:34:10 +04:00
|
|
|
stand-alone non-fused operation.
|
2008-04-11 02:48:42 +04:00
|
|
|
.It Dv CIOCNGSESSION Fa struct crypt_sgop *sgop
|
|
|
|
.Bd -literal
|
|
|
|
struct crypt_sgop {
|
|
|
|
size_t count; /* how many */
|
|
|
|
struct session_n_op * sessions; /* where to get them */
|
|
|
|
};
|
|
|
|
|
|
|
|
struct session_n_op {
|
|
|
|
u_int32_t cipher; /* e.g. CRYPTO_DES_CBC */
|
|
|
|
u_int32_t mac; /* e.g. CRYPTO_MD5_HMAC */
|
|
|
|
|
|
|
|
u_int32_t keylen; /* cipher key */
|
|
|
|
void * key;
|
|
|
|
u_int32_t mackeylen; /* mac key */
|
|
|
|
void * mackey;
|
|
|
|
|
|
|
|
u_int32_t ses; /* returns: session # */
|
|
|
|
int status;
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
Create one or more sessions. Takes a counted array of
|
|
|
|
.Fa session_n_op
|
|
|
|
structures
|
|
|
|
in
|
|
|
|
.Fa sgop .
|
|
|
|
For each requested session (array element n), the session number is returned in
|
|
|
|
.Fa sgop-\*[Gt]sessions[n].ses
|
|
|
|
and the status for that session creation in
|
|
|
|
.Fa sgop-\*[Gt]sessions[n].status .
|
|
|
|
.\"
|
2005-04-13 20:28:06 +04:00
|
|
|
.It Dv CIOCCRYPT Fa struct crypt_op *cr_op
|
2008-04-11 02:48:42 +04:00
|
|
|
.Bd -literal
|
|
|
|
struct crypt_op {
|
|
|
|
u_int32_t ses;
|
|
|
|
u_int16_t op; /* e.g. COP_ENCRYPT */
|
|
|
|
u_int16_t flags;
|
|
|
|
u_int len;
|
|
|
|
void * src, *dst;
|
|
|
|
void * mac; /* must be large enough for result */
|
|
|
|
void * iv;
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
Request a symmetric-key (or hash) operation.
|
2004-04-28 01:34:10 +04:00
|
|
|
The file descriptor argument to
|
2004-04-28 19:19:20 +04:00
|
|
|
.Xr ioctl 4
|
2004-04-28 01:34:10 +04:00
|
|
|
must have been bound to a valid session.
|
|
|
|
To encrypt, set
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa cr_op-\*[Gt]op
|
|
|
|
to
|
|
|
|
.Dv COP_ENCRYPT .
|
|
|
|
To decrypt, set
|
|
|
|
.Fa cr_op-\*[Gt]op
|
|
|
|
to
|
|
|
|
.Dv COP_DECRYPT .
|
2004-04-28 01:34:10 +04:00
|
|
|
The field
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa cr_op-\*[Gt]len
|
2004-04-28 01:34:10 +04:00
|
|
|
supplies the length of the input buffer; the fields
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa cr_op-\*[Gt]src ,
|
|
|
|
.Fa cr_op-\*[Gt]dst ,
|
|
|
|
.Fa cr_op-\*[Gt]mac ,
|
|
|
|
.Fa cr_op-\*[Gt]iv
|
2004-04-28 19:19:20 +04:00
|
|
|
supply the addresses of the input buffer, output buffer,
|
2004-04-28 01:34:10 +04:00
|
|
|
one-way hash, and initialization vector, respectively.
|
2008-04-11 02:48:42 +04:00
|
|
|
.It Dv CIOCNCRYPTM Fa struct crypt_mop *cr_mop
|
|
|
|
.Bd -literal
|
|
|
|
struct crypt_mop {
|
|
|
|
size_t count; /* how many */
|
|
|
|
struct crypt_n_op * reqs; /* where to get them */
|
|
|
|
};
|
|
|
|
|
|
|
|
struct crypt_n_op {
|
|
|
|
u_int32_t ses;
|
|
|
|
u_int16_t op; /* e.g. COP_ENCRYPT */
|
|
|
|
u_int16_t flags;
|
|
|
|
u_int len;
|
|
|
|
|
|
|
|
u_int32_t reqid; /* request id */
|
|
|
|
int status; /* accepted or not */
|
|
|
|
|
|
|
|
void *opaque; /* opaque pointer ret to user */
|
|
|
|
u_int32_t keylen; /* cipher key - optional */
|
|
|
|
void * key;
|
|
|
|
u_int32_t mackeylen; /* mac key - optional */
|
|
|
|
void * mackey;
|
|
|
|
|
|
|
|
void * src, * dst;
|
|
|
|
void * mac;
|
|
|
|
void * iv;
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
This is the asynchronous version of CIOCCRYPT, which allows multiple
|
|
|
|
symmetric-key (or hash) operations to be started (see CIOCRYPT
|
|
|
|
above for the details for each operation).
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fa cr_mop-\*[Gt]count
|
|
|
|
field specifies the number of operations provided in the cr_mop->reqs array.
|
|
|
|
.Pp
|
|
|
|
Each operation is assigned a unique request id returned in the
|
|
|
|
.Fa cr_mop-\*[Gt]reqs[n].reqid
|
|
|
|
field.
|
|
|
|
.Pp
|
|
|
|
Each operation can accept an opaque value from the user to be passed back
|
|
|
|
to the user when the operation completes ((e.g. to track context for the
|
|
|
|
request). The opaque field is
|
|
|
|
.Fa cr_mop-\*[Gt]reqs[n].opaque.
|
|
|
|
.Pp
|
|
|
|
If a problem occurs with starting any of the operations then that
|
|
|
|
operation's
|
|
|
|
.Fa cr_mop-\*[Gt]reqs[n].status
|
|
|
|
field is filled with the error code. The failure of an operation does not
|
|
|
|
prevent the other operations from being started.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Xr select 2
|
|
|
|
or
|
|
|
|
.Xr poll 2
|
|
|
|
functions must be used on the device file descriptor to detect that
|
|
|
|
some operation has completed; results are then retrieved with
|
|
|
|
.Dv CIOCNCRYPTRETM .
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fa key
|
|
|
|
and
|
|
|
|
.Fa mackey
|
|
|
|
fields of the
|
|
|
|
operation structure are currently unused. They are intended for use to
|
|
|
|
immediately rekey an existing session before processing a new request.
|
2004-04-28 01:34:10 +04:00
|
|
|
.It Dv CIOCFSESSION Fa void
|
|
|
|
Destroys the /dev/crypto session associated with the file-descriptor
|
|
|
|
argument.
|
2008-04-11 02:48:42 +04:00
|
|
|
.It Dv CIOCNFSESSION Fa struct crypt_sfop *sfop;
|
|
|
|
.Bd -literal
|
|
|
|
struct crypt_sfop {
|
|
|
|
size_t count;
|
|
|
|
u_int32_t *sesid;
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
Destroys the
|
|
|
|
.Fa sfop-\*[Gt]count
|
|
|
|
sessions specified by the
|
|
|
|
.Fa sfop
|
|
|
|
array of session identifiers.
|
2004-04-28 01:34:10 +04:00
|
|
|
.El
|
|
|
|
.\"
|
|
|
|
.Sh ASYMMETRIC-KEY OPERATION
|
|
|
|
.Ss Asymmetric-key algorithms
|
|
|
|
Contingent upon hardware support, the following asymmetric
|
|
|
|
(public-key/private-key; or key-exchange subroutine) operations may
|
|
|
|
also be available:
|
|
|
|
.Bl -column "CRK_DH_COMPUTE_KEY" "Input parameter" "Output parameter" -offset indent -compact
|
|
|
|
.It Em "Algorithm" Ta "Input parameter" Ta "Output parameter"
|
|
|
|
.It Em " " Ta "Count" Ta "Count"
|
|
|
|
.It Dv CRK_MOD_EXP Ta 3 Ta 1
|
|
|
|
.It Dv CRK_MOD_EXP_CRT Ta 6 Ta 1
|
2008-04-11 02:48:42 +04:00
|
|
|
.It Dv CRK_MOD_ADD Ta 3 Ta 1
|
|
|
|
.It Dv CRK_MOD_ADDINV Ta 2 Ta 1
|
|
|
|
.It Dv CRK_MOD_SUB Ta 3 Ta 1
|
|
|
|
.It Dv CRK_MOD_MULT Ta 3 Ta 1
|
|
|
|
.It Dv CRK_MOD_MULTINV Ta 2 Ta 1
|
|
|
|
.It Dv CRK_MOD Ta 2 Ta 1
|
2004-04-28 01:34:10 +04:00
|
|
|
.It Dv CRK_DSA_SIGN Ta 5 Ta 2
|
|
|
|
.It Dv CRK_DSA_VERIFY Ta 7 Ta 0
|
|
|
|
.It Dv CRK_DH_COMPUTE_KEY Ta 3 Ta 1
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
See below for discussion of the input and output parameter counts.
|
|
|
|
.Ss Asymmetric-key commands
|
|
|
|
.Bl -tag -width CIOCFKEY
|
|
|
|
.It Dv CIOCASSYMFEAT Fa int *feature_mask
|
|
|
|
Returns a bitmask of supported asymmetric-key operations.
|
|
|
|
Each of the above-listed asymmetric operations is present
|
2004-04-28 19:21:43 +04:00
|
|
|
if and only if the bit position numbered by the code for that operation
|
2004-04-28 01:34:10 +04:00
|
|
|
is set.
|
2004-04-28 19:19:20 +04:00
|
|
|
For example,
|
2004-04-28 01:34:10 +04:00
|
|
|
.Dv CRK_MOD_EXP
|
|
|
|
is available if and only if the bit
|
2004-04-28 19:21:43 +04:00
|
|
|
.Pq 1 \*[Lt]\*[Lt] Dv CRK_MOD_EX
|
2004-04-28 01:34:10 +04:00
|
|
|
is set.
|
|
|
|
.It Dv CIOCFKEY Fa struct crypt_kop *kop
|
2008-04-11 02:48:42 +04:00
|
|
|
.Bd -literal
|
|
|
|
struct crypt_kop {
|
|
|
|
u_int crk_op; /* e.g. CRK_MOD_EXP */
|
|
|
|
u_int crk_status; /* return status */
|
|
|
|
u_short crk_iparams; /* # of input params */
|
|
|
|
u_short crk_oparams; /* # of output params */
|
|
|
|
u_int crk_pad1;
|
|
|
|
struct crparam crk_param[CRK_MAXPARAM];
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Bignum parameter, in packed bytes. */
|
|
|
|
struct crparam {
|
|
|
|
void * crp_p;
|
|
|
|
u_int crp_nbits;
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
2004-04-28 01:34:10 +04:00
|
|
|
Performs an asymmetric-key operation from the list above.
|
2004-04-28 19:21:43 +04:00
|
|
|
The specific operation is supplied in
|
|
|
|
.Fa kop-\*[Gt]crk_op ;
|
2004-04-28 01:34:10 +04:00
|
|
|
final status for the operation is returned in
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa kop-\*[Gt]crk_status .
|
2004-04-28 01:34:10 +04:00
|
|
|
The number of input arguments and the number of output arguments
|
2004-04-28 19:19:20 +04:00
|
|
|
is specified in
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa kop-\*[Gt]crk_iparams
|
2004-04-28 01:34:10 +04:00
|
|
|
and
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa kop-\*[Gt]crk_iparams ,
|
|
|
|
respectively.
|
|
|
|
The field
|
2004-04-28 01:34:10 +04:00
|
|
|
.Fa crk_param[]
|
|
|
|
must be filled in with exactly
|
2004-04-28 19:21:43 +04:00
|
|
|
.Fa kop-\*[Gt]crk_iparams + kop-\*[Gt]crk_oparams
|
2004-04-28 01:34:10 +04:00
|
|
|
arguments, each encoded as a
|
|
|
|
.Fa struct crparam
|
|
|
|
(address, bitlength) pair.
|
|
|
|
.Pp
|
2004-04-28 19:21:43 +04:00
|
|
|
The semantics of these arguments are currently undocumented.
|
2008-04-11 02:48:42 +04:00
|
|
|
.It Dv CIOCNFKEYM Fa struct crypt_mkop *mkop
|
|
|
|
.Bd -literal
|
|
|
|
struct crypt_mkop {
|
|
|
|
size_t count; /* how many */
|
|
|
|
struct crypt_n_op * reqs; /* where to get them */
|
|
|
|
};
|
|
|
|
|
|
|
|
struct crypt_n_kop {
|
|
|
|
u_int crk_op; /* e.g. CRK_MOD_EXP */
|
|
|
|
u_int crk_status; /* accepted or not */
|
|
|
|
u_short crk_iparams; /* # of input params */
|
|
|
|
u_short crk_oparams; /* # of output params */
|
|
|
|
u_int32_t crk_reqid; /* request id */
|
|
|
|
struct crparam crk_param[CRK_MAXPARAM];
|
|
|
|
void *crk_opaque; /* opaque pointer ret to user */
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
This is the asynchronous version of
|
|
|
|
.Dv CIOCFKEY,
|
|
|
|
which starts one or more key operations. See
|
|
|
|
.Dv CIOCNCRYPTM
|
|
|
|
above and
|
|
|
|
.Dv CIOCNCRYPTRETM
|
|
|
|
below
|
|
|
|
for descriptions of the
|
|
|
|
.Fa mkop\*[Gt]count ,
|
|
|
|
.Fa mkop\*[Gt]reqs ,
|
|
|
|
.Fa mkop\*[Gt]reqs[n].crk_reqid ,
|
|
|
|
.Fa mkop\*[Gt]reqs[n].crk_status ,
|
|
|
|
and
|
|
|
|
.Fa mkop\*[Gt]reqs[n].crk_opaque
|
|
|
|
fields of the argument structure, and result retrieval.
|
|
|
|
.El
|
|
|
|
.Ss Asynchronous status commands
|
|
|
|
When requests are submitted with the
|
|
|
|
.Dv CIOCNCRYPTM
|
|
|
|
or
|
|
|
|
.Dv CIOCNFKEYM
|
|
|
|
commands, result retrieval is asynchronous (the submit ioctls return
|
|
|
|
immediately). Use the
|
|
|
|
.Xr select 2
|
|
|
|
or
|
|
|
|
.Xr poll 2
|
|
|
|
functions to determine when the file descriptor has completed operations ready
|
|
|
|
to be retrieved.
|
|
|
|
.Bl -tag -width CIOCFKEY
|
|
|
|
.It Dv CIOCNCRYPTRET Fa struct crypt_result *cres
|
|
|
|
.Bd -literal
|
|
|
|
struct crypt_result {
|
|
|
|
u_int32_t reqid; /* request ID */
|
|
|
|
u_int32_t status; /* 0 if successful */
|
|
|
|
void * opaque; /* pointer from user */
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
Check for the status of the request specified by
|
|
|
|
.Fa cres-\*[Gt]reqid .
|
|
|
|
This requires a linear search through all completed requests and should
|
|
|
|
be used with extreme care if the number of requests pending on this
|
|
|
|
file descriptor may be large.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fa cres-\*[Gt]status field is set as follows:
|
|
|
|
.Bl -tag -width EINPROGRESS
|
|
|
|
.It 0
|
|
|
|
The request has completed, and its results have been copied out to
|
|
|
|
the original
|
|
|
|
.Fa crypt_n_op or
|
|
|
|
.Fa crypt_n_kop
|
|
|
|
structure used to start the request. The copyout occurs during this
|
|
|
|
ioctl, so the calling process must be the process that started the request.
|
|
|
|
.It EINPROGRESS
|
|
|
|
The request has not yet completed.
|
|
|
|
.It EINVAL
|
|
|
|
The request was not found.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
Other values indicate a problem during the processing of the request.
|
|
|
|
.It Dv CIOCNCRYPTRETM Fa struct cryptret_t *cret
|
|
|
|
.Bd -literal
|
|
|
|
struct cryptret {
|
|
|
|
size_t count; /* space for how many */
|
|
|
|
struct crypt_result * results; /* where to put them */
|
|
|
|
};
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
Retrieve a number of completed requests. This ioctl accepts a count and
|
|
|
|
an array (each array element is a
|
|
|
|
.Fa crypt_result_t
|
|
|
|
structure as used by
|
|
|
|
.Dv CIOCNCRYPTRET
|
|
|
|
above) and fills the array with up to
|
|
|
|
.Fa cret-\*[Gt]count
|
|
|
|
results of completed requests.
|
|
|
|
.Pp
|
|
|
|
This ioctl fills in the
|
|
|
|
.Fa cret-\*[Gt]results[n].reqid field ,
|
|
|
|
so that the request which has completed
|
|
|
|
may be identified by the application. Note that the results may include
|
|
|
|
requests submitted both as symmetric and asymmetric operations.
|
|
|
|
.El
|
|
|
|
.Pp
|
2004-04-28 01:34:10 +04:00
|
|
|
.Sh SEE ALSO
|
2004-04-29 23:42:29 +04:00
|
|
|
.Xr hifn 4 ,
|
|
|
|
.Xr ubsec 4 ,
|
2004-04-28 19:21:43 +04:00
|
|
|
.Xr opencrypto 9
|
|
|
|
.Sh HISTORY
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
driver is derived from a version which appeared in
|
|
|
|
.Fx 4.8 ,
|
|
|
|
which in turn is based on code which appeared in
|
|
|
|
.Ox 3.2 .
|
2008-04-11 02:48:42 +04:00
|
|
|
.Pp
|
|
|
|
The "new API" for asynchronous operation with multiple basic operations
|
|
|
|
per system call (the "N" ioctl variants) was contributed by Coyote Point
|
|
|
|
Systems, Inc. and first appeared in
|
|
|
|
.Nx 5.0 .
|
2004-04-28 01:34:10 +04:00
|
|
|
.Sh BUGS
|
2004-04-28 19:21:43 +04:00
|
|
|
Error checking and reporting is weak.
|
2008-01-25 10:09:56 +03:00
|
|
|
.Pp
|
2004-04-28 19:21:43 +04:00
|
|
|
The values specified for symmetric-key key sizes to
|
2006-09-24 00:38:51 +04:00
|
|
|
.Dv CIOCGSESSION
|
2004-04-28 01:34:10 +04:00
|
|
|
must exactly match the values expected by
|
2005-03-29 02:07:22 +04:00
|
|
|
.Xr opencrypto 9 .
|
2004-04-28 19:19:20 +04:00
|
|
|
The output buffer and MAC buffers supplied to
|
2006-09-24 00:38:51 +04:00
|
|
|
.Dv CIOCCRYPT
|
2004-04-28 01:34:10 +04:00
|
|
|
must follow whether privacy or integrity algorithms were specified for
|
2004-04-28 19:21:43 +04:00
|
|
|
session: if you request a
|
|
|
|
.No non- Ns Dv NULL
|
|
|
|
algorithm, you must supply a suitably-sized buffer.
|
2004-04-28 01:34:10 +04:00
|
|
|
.Pp
|
|
|
|
The scheme for passing arguments for asymmetric requests is Baroque.
|
2006-09-24 00:38:51 +04:00
|
|
|
.Pp
|
|
|
|
The naming inconsistency between
|
|
|
|
.Dv CRIOGET
|
|
|
|
and the various
|
|
|
|
.Dv CIOC Ns \&*
|
|
|
|
names is an unfortunate historical artifact.
|