4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 * STREAMS based crypto module definitions.
29 * This is a Sun-private and undocumented interface.
32 #ifndef _SYS_CRYPTMOD_H
33 #define _SYS_CRYPTMOD_H
35 #pragma ident "%Z%%M% %I% %E% SMI"
37 #include <sys/types.h>
38 #include <sys/types32.h>
40 #include <sys/crypto/api.h>
51 #define CRYPTIOC (('C' << 24) | ('R' << 16) | ('Y' << 8) | 0x00)
53 #define CRYPTIOCSETUP (CRYPTIOC | 0x01)
54 #define CRYPTIOCSTOP (CRYPTIOC | 0x02)
55 #define CRYPTIOCSTARTENC (CRYPTIOC | 0x03)
56 #define CRYPTIOCSTARTDEC (CRYPTIOC | 0x04)
58 #define CRYPTPASSTHRU (CRYPTIOC | 0x80)
61 * Crypto method definitions, to be used with the CRIOCSETUP ioctl.
63 #define CRYPT_METHOD_NONE 0
64 #define CRYPT_METHOD_DES_CFB 101
65 #define CRYPT_METHOD_DES_CBC_NULL 102
66 #define CRYPT_METHOD_DES_CBC_MD5 103
67 #define CRYPT_METHOD_DES_CBC_CRC 104
68 #define CRYPT_METHOD_DES3_CBC_SHA1 105
69 #define CRYPT_METHOD_ARCFOUR_HMAC_MD5 106
70 #define CRYPT_METHOD_ARCFOUR_HMAC_MD5_EXP 107
71 #define CRYPT_METHOD_AES128 108
72 #define CRYPT_METHOD_AES256 109
74 #define CR_METHOD_OK(m) ((m) == CRYPT_METHOD_NONE || \
75 ((m) >= CRYPT_METHOD_DES_CFB && \
76 (m) <= CRYPT_METHOD_AES256))
78 #define IS_RC4_METHOD(m) ((m) == CRYPT_METHOD_ARCFOUR_HMAC_MD5 || \
79 (m) == CRYPT_METHOD_ARCFOUR_HMAC_MD5_EXP)
81 #define IS_AES_METHOD(m) ((m) == CRYPT_METHOD_AES128 || \
82 (m) == CRYPT_METHOD_AES256)
85 * Direction mask values, also to be used with the CRIOCSETUP ioctl.
87 #define CRYPT_ENCRYPT 0x01
88 #define CRYPT_DECRYPT 0x02
90 #define CR_DIRECTION_OK(d) ((d) & (CRYPT_ENCRYPT | CRYPT_DECRYPT))
93 * Define constants for the 'ivec_usage' fields.
95 #define IVEC_NEVER 0x00
96 #define IVEC_REUSE 0x01
97 #define IVEC_ONETIME 0x02
99 #define CR_IVUSAGE_OK(iv) \
100 ((iv) == IVEC_NEVER || (iv) == IVEC_REUSE || (iv) == IVEC_ONETIME)
102 #define CRYPT_SHA1_BLOCKSIZE 64
103 #define CRYPT_SHA1_HASHSIZE 20
104 #define CRYPT_DES3_KEYBYTES 21
105 #define CRYPT_DES3_KEYLENGTH 24
106 #define CRYPT_ARCFOUR_KEYBYTES 16
107 #define CRYPT_ARCFOUR_KEYLENGTH 16
108 #define CRYPT_AES128_KEYBYTES 16
109 #define CRYPT_AES128_KEYLENGTH 16
110 #define CRYPT_AES256_KEYBYTES 32
111 #define CRYPT_AES256_KEYLENGTH 32
113 #define AES_TRUNCATED_HMAC_LEN 12
116 * Max size of initialization vector and key.
117 * 256 bytes = 2048 bits.
119 #define CRYPT_MAX_KEYLEN 256
120 #define CRYPT_MAX_IVLEN 256
122 typedef uint8_t crkeylen_t
;
123 typedef uint8_t crivlen_t
;
125 typedef uchar_t crmeth_t
;
126 typedef uchar_t cropt_t
;
127 typedef uchar_t crdir_t
;
128 typedef uchar_t crivuse_t
;
131 * Define values for the option mask field.
132 * These can be extended to alter the behavior
133 * of the module. For example, when used by kerberized
134 * Unix r commands (rlogind, rshd), all msgs must be
135 * prepended with 4 bytes of clear text data that represent
136 * the 'length' of the cipher text that follows.
138 #define CRYPTOPT_NONE 0x00
139 #define CRYPTOPT_RCMD_MODE_V1 0x01
140 #define CRYPTOPT_RCMD_MODE_V2 0x02
142 #define ANY_RCMD_MODE(m) ((m) & (CRYPTOPT_RCMD_MODE_V1 |\
143 CRYPTOPT_RCMD_MODE_V2))
145 /* Define the size of the length field used in 'rcmd' mode */
146 #define RCMD_LEN_SZ sizeof (uint32_t)
148 #define CR_OPTIONS_OK(opt) ((opt) == CRYPTOPT_NONE || \
151 * Structure used by userland apps to pass data into crypto module
152 * with the CRIOCSETUP iotcl.
155 uchar_t key
[CRYPT_MAX_KEYLEN
];
156 uchar_t ivec
[CRYPT_MAX_IVLEN
];
159 crivuse_t ivec_usage
;
160 crdir_t direction_mask
;
161 crmeth_t crypto_method
;
167 #define RCMDV1_USAGE 1026
168 #define ARCFOUR_DECRYPT_USAGE 1032
169 #define ARCFOUR_ENCRYPT_USAGE 1028
170 #define AES_ENCRYPT_USAGE 1028
171 #define AES_DECRYPT_USAGE 1032
173 #define DEFAULT_DES_BLOCKLEN 8
174 #define DEFAULT_AES_BLOCKLEN 16
175 #define ARCFOUR_EXP_SALT "fortybits"
177 struct cipher_data_t
{
182 crypto_mech_type_t mech_type
;
183 crypto_key_t
*ckey
; /* initial encryption key */
184 crypto_key_t d_encr_key
; /* derived encr key */
185 crypto_key_t d_hmac_key
; /* derived hmac key */
186 crypto_ctx_template_t enc_tmpl
;
187 crypto_ctx_template_t hmac_tmpl
;
188 crypto_context_t ctx
;
193 crivuse_t ivec_usage
;
198 struct rcmd_state_t
{
199 size_t pt_len
; /* Plain text length */
200 size_t cd_len
; /* Cipher Data length */
201 size_t cd_rcvd
; /* Cipher Data bytes received so far */
203 mblk_t
*c_msg
; /* mblk that will contain the new data */
206 /* Values for "ready" mask. */
207 #define CRYPT_WRITE_READY 0x01
208 #define CRYPT_READ_READY 0x02
211 * State information for the streams module.
214 struct cipher_data_t enc_data
;
215 struct cipher_data_t dec_data
;
216 struct rcmd_state_t rcmd_state
;
226 #endif /* _SYS_CRYPTMOD_H */