From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Subject: =?UTF-8?q?=5BPATCH=2001/19=5D=20User-space=20API=20definition?= Date: Fri, 20 Aug 2010 10:45:44 +0200 Message-ID: <1282293963-27807-2-git-send-email-mitr@redhat.com> References: <1282293963-27807-1-git-send-email-mitr@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: linux-crypto@vger.kernel.org, Nikos Mavrogiannopoulos , Neil Horman , linux-kernel@vger.kernel.org, =?UTF-8?q?Miloslav=20Trma=C4=8D?= To: Herbert Xu Return-path: Received: from mx1.redhat.com ([209.132.183.28]:20455 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751687Ab0HTIq3 (ORCPT ); Fri, 20 Aug 2010 04:46:29 -0400 In-Reply-To: <1282293963-27807-1-git-send-email-mitr@redhat.com> Sender: linux-crypto-owner@vger.kernel.org List-ID: This patch introduces the new user-space API, . Quick overview: * open("/dev/crypto") to get a FD, which acts as a namespace for key an= d session identifiers. * ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key material inside the kernel, load a plaintext key, unwrap a key, or derive a key. Similarly the key material can be copied out of the kernel or wrapped. * ioctl(NCRIO_SESSION_INIT) to allocate a crypto session (to encrypt, decrypt, hash, sign, or verify signature), then ioctl(NCRIO_SESSION_UPDATE) to act on chunks of data. Deallocate the session, and optionally retrieve session results (e.g. hash or signature), using ioctl(NCRIO_SESSION_FINAL). There is also NCRIO_SESSION_ONCE for an one-shot crypto operation using a single user->kernel context switch. =46ull documentation of the interface is in Documentation/crypto/userspace.txt . --- Documentation/crypto/userspace.txt | 510 ++++++++++++++++++++++++++++= ++++++++ include/linux/Kbuild | 1 + include/linux/ncr.h | 273 +++++++++++++++++++ 3 files changed, 784 insertions(+), 0 deletions(-) create mode 100644 Documentation/crypto/userspace.txt create mode 100644 include/linux/ncr.h diff --git a/Documentation/crypto/userspace.txt b/Documentation/crypto/= userspace.txt new file mode 100644 index 0000000..5839fda --- /dev/null +++ b/Documentation/crypto/userspace.txt @@ -0,0 +1,510 @@ +CRYPTO(4) Linux Programmer=E2=80=99s Manual = CRYPTO(4) + +NAME + /dev/crypto - kernel cryptographic module interface + +SYNOPSIS + #include + int fd =3D open("/dev/crypto", O_RDWR); + int res =3D ioctl(fd, NCRIO..., &data); + +DESCRIPTION + The /dev/crypto device file provides an ioctl(2) interface to = the ker- + nel-space crypto implementation. + + Each open(2) of the /dev/crypto file establishes a separate n= amespace + within which crypto operations work. The namespace can b= e shared + across threads and processes by sharing the open file desc= ription. + Last close of the open file description automatically dest= roys all + objects allocated within the namespace. + + All ioctl(2)s have the same form: The user sets up a data s= tructure + with input data, and passes a pointer to the data structur= e as the + third parameter to ioctl(2). On success, output data is avail= able in + the same structure. + +OPERATION ATTRIBUTES + In addition to the fixed members of data structures, a process = can pass + additional attributes on input of most operations, and receiv= e addi- + tional attributes back from the kernel. If this is supported b= y a spe- + cific operation, the fixed data structure members for this o= peration + include input_size and output_size. + + The input attributes immediately follow the fixed data struct= ure as a + sequence of correctly aligned (struct nlattr, attribute data)= pairs, + using the same data layout and formatting rules as netlink(7) m= essages. + The input_size member must be initialized to the total length o= f input + (including both the fixed data structure and the attributes). + + There is an (unspecified) upper limit on the total siz= e of all + attributes, which should be large enough to accommodate any re= asonable + application. If a larger input is provided nevertheless, the o= peration + will fail with EOVERFLOW. + + Output attributes, if any, are written by the kernel in the sam= e format + following the fixed data structure (overwriting input attrib= utes, if + any). The output_size member must be initialized to the tota= l space + available for output (including the fixed data structure and s= pace for + attributes), and is updated by the kernel with the total space = actually + used for attributes. + + If the space available for output attributes is too small, th= e opera- + tion will fail with ERANGE. + + As a special case, input_size may be zero to indicate n= o input + attributes are supplied. Similarly, output_size may be zero = to indi- + cate no space for output attributes is provided; in such ca= se out- + put_size is not overwritten by the kernel with the total space = actually + used (which is equal to size of the fixed data structure) and = remains + zero when the operation finishes. + + The kernel accepts and silently ignores unknown attributes. + + The kernel will not add new output attributes to existing opera= tions in + future releases unless the new output attribute was ex= plicitly + requested by the application. (Therefore, the application = does not + have to allocate any extra space for output attributes it d= oes not + expect.) + + The following attributes are used in more than one operation: + + NCR_ATTR_ALGORITHM + A NUL-terminated string specifying an algorithm (to be= used in + an operation, or as a property of a key), using the Linu= x crypto + API algorithm names. + + Three additional algorithm names are recognized: rsa, ds= a, dh. + + NCR_ATTR_IV + Unformatted binary data specifying an initialization vec= tor, + + NCR_ATTR_KEY_FLAGS + An 32-bit unsigned integer in native byte order specif= ying key + flags, a combination of NCR_KEY_FLAG_EXPORTABLE (the ke= y mate- + rial can be exported in plaintext to user spa= ce) and + NCR_KEY_FLAG_WRAPPABLE (the key material can be wrapped = and the + result made available to user space). + + NCR_ATTR_KEY_ID + Arbitrary binary data which can be used by the applica= tion for + key identification. + + NCR_ATTR_KEY_TYPE + An 32-bit unsigned integer in native byte order specify= ing key + type, one of NCR_KEY_TYPE_SECRET, NCR_KEY_TYPE_PUB= LIC and + NCR_KEY_TYPE_PRIVATE. + + NCR_ATTR_WRAPPING_ALGORITHM + A NUL-terminated string specifying a key wrapping al= gorithm. + The values walg-aes-rfc3394 and walg-aes-rfc5649 are c= urrently + supported. + +OPERATIONS + The following operations are defined: + + NCRIO_KEY_INIT + Allocate a kernel-space key object. The third ioctl(s) = parame- + ter is ignored (key attributes are set later, when the k= ey mate- + rial is initialized). Returns an ncr_key_t descriptor = for the + key object (valid within the current /dev/crypto names= pace) on + success. + + There is a per-process and per-user (not per-namespace) = limit on + the number key objects that can be allocated. + + NCRIO_KEY_DEINIT + Deallocate a kernel-space key object. The parameter poi= nts to a + ncr_key_t descriptor of the key object. After all other= opera- + tions using this key object (if any) terminate, the key = material + will be cleared and the object will be freed. Note th= at this + may happen both before this operation returns, and = after it + returns, depending on other references to this key objec= t. + + NCRIO_KEY_GENERATE + Clear existing key material in the specified key obje= ct, and + generate new key material. + + The parameter points to struct ncr_key_generate, which s= pecifies + the destination key object in its key member. + + The following input attributes are recognized: + + NCR_ATTR_ALGORITHM + Mandatory. + + NCR_ATTR_KEY_FLAGS + Optional, flags are unchanged if not present. + + NCR_ATTR_SECRET_KEY_BITS + Mandatory for symmetric keys. An 32-bit unsigned= integer + in native byte order specifying key length in bit= s. + + Only symmetric keys can be currently generated using thi= s opera- + tion. + + In addition to generating the key material, the "persist= ent" key + ID is reset to a random value. + + NCRIO_KEY_GENERATE_PAIR + Similar to NCRIO_KEY_GENERATE, except that a pair of pub= lic/pri- + vate keys is generated. + + The parameter points to struct ncr_key_generate_pair= , which + specifies the destination key objects in its private= _key and + public_key members. + + The following input attributes are recognized: + + NCR_ATTR_KEY_FLAGS + Optional, flags are unchanged if not present. + + NCR_ATTR_RSA_E + For RSA keys, the public exponent as a big-endian= multi- + ple-precision integer. Optional, defaults to 655= 37. + + NCR_ATTR_RSA_MODULUS_BITS + Mandatory for RSA keys. An 32-bit unsigned in= teger in + native byte order specifying modulus length in bi= ts. + + NCR_ATTR_DSA_P_BITS + For DSA keys, length of the "p" key parameter in = bits as + an 32-bit unsigned integer in native byte= order. + Optional, defaults to 1024. + + NCR_ATTR_DSA_Q_BITS + For DSA keys, length of the "q" key parameter in = bits as + an 32-bit unsigned integer in native byte= order. + Optional, defaults to 160. + + NCR_ATTR_DH_BASE + Mandatory for D-H keys. The prime modulus of a D= -H group + as a big-endian multiple-precision integer. + + NCR_ATTR_DH_PRIME + Mandatory for D-H keys. The generator of a D-H = group as + a big-endian multiple-precision integer. + + The NCR_KEY_FLAG_EXPORTABLE and NCR_KEY_FLAG_WRAPPABLE f= lags are + automatically set on the public key. + + In addition to generating the key material, the "persist= ent" key + ID of both keys is set to a same value derived from the= public + key. + + NCRIO_KEY_DERIVE + Derive a new key using one key and additional data. + + The parameter points to struct ncr_key_derive, which s= pecifies + the source and destination keys in the input_key and = new_key + members. + + The following input attributes are recognized: + + NCR_ATTR_KEY_FLAGS + Optional, flags are unchanged if not present. + + NCR_ATTR_DERIVATION_ALGORITHM + Mandatory. A NUL-terminated string specifyin= g a key + derivation algorithm. Only dh is currently suppo= rted. + + NCR_ATTR_DH_PUBLIC + Mandatory for D-H derivation. The peer=E2=80=99= s public D-H + value as a big-endian multiple-precision integer. + + NCRIO_KEY_EXPORT + Export key material in the specified key object to use= r space. + Only keys with the NCR_KEY_FLAG_EXPORTABLE flag can be = exported + using this operation. + + The parameter points to struct ncr_key_export, which s= pecifies + the key to export in the key member, and a buffer = for the + exported data in the buffer and buffer_size members. + + On success, size of the exported key is returned. + + Symmetric keys are written directly into the destination= buffer. + Public and private keys are formatted using ASN.1, excep= t for DH + public keys, which are written a raw binary number. + + NCRIO_KEY_IMPORT + Clear existing key material in the specified key obj= ect, and + import key material from user space. + + The parameter points to struct ncr_key_import, which s= pecifies + the destination key in the key member, and the input dat= a in the + data and data_size members. + + The following input attributes are recognized: + + NCR_ATTR_ALGORITHM + Mandatory. + + NCR_ATTR_KEY_FLAGS + Optional, flags are unchanged if not present. + + NCR_ATTR_KEY_ID + Optional, the "persistent" key ID is unchanged = if not + present. + + NCR_ATTR_KEY_TYPE + Mandatory. + + The data format is the same as in the NCRIO_KEY_EXPOR= T opera- + tion. + + NCRIO_KEY_GET_INFO + Get metadata of an existing key. + + The parameter points to struct ncr_key_get_info, which s= pecifies + key, the key descriptor. + + The following input attributes are recognized: + + NCR_ATTR_WANTED_ATTRS + An array of unsigned 16-bit integers in nat= ive byte + order, specifying the set of output attribut= es that + should be returned. NCR_ATTR_AL= GORITHM, + NCR_ATTR_KEY_FLAGS and NCR_ATTR_KEY_TYPE are c= urrently + supported. Unsupported attribute requests are = silently + ignored + + The output attributes explicitly requeste= d in + NCR_ATTR_WANTED_ATTRS, and no other output attribut= es, are + returned. + + NCRIO_KEY_WRAP + Wrap one key using another, and write the result to user= space. + Only keys with the NCR_KEY_FLAG_WRAPPABLE flag can be= wrapped + using this operation. + + The parameter points to struct ncr_key_wrap, which speci= fies the + key to wrap in the source_key member, the wrapping ke= y in the + wrapping_key member, and a buffer for the wrapped data = in the + buffer and buffer_size members. + + The following input attributes are recognized: + + NCR_ATTR_IV + Optional, an empty IV is used if not present. + + NCR_ATTR_WRAPPING_ALGORITHM + Mandatory. + + Only secret keys can be currently wrapped. + + On success, size of the wrapped key is returned. + + NCRIO_KEY_UNWRAP + Unwrap user-space data into a kernel-space key using= another + key. + + The parameter points to struct ncr_key_unwrap, which s= pecifies + the destination key in the dest_key member, the wrappin= g key in + the wrapping_key member, and the wrapped data in the d= ata and + data_size members. + + The following input attributes are recognized: + + NCR_ATTR_IV + Optional, an empty IV is used if not present. + + NCR_ATTR_WRAPPING_ALGORITHM + Mandatory. + + The unwrapped key will have the NCR_KEY_FLAG_WRAPPABLE f= lag set, + and the NCR_KEY_FLAG_EXPORTABLE flag clear. + + NCRIO_KEY_STORAGE_WRAP + Wrap a key object and associated metadata using the sys= tem-wide + storage master key, and write the result to user space. + + Only keys with the NCR_KEY_FLAG_WRAPPABLE flag can be= wrapped + using this operation. + + The parameter points to struct ncr_key_storage_wrap, whi= ch spec- + ifies the key to wrap in the key member, and a buffer= for the + wrapped data in the buffer and buffer_size members. + + On success, size of the wrapped key is returned. + + Both symmetric and asymmetric keys can be wrapped usi= ng this + operation. The wrapped data includes data correspon= ding the + NCR_ATTR_ALGORITHM, NCR_ATTR_KEY_FLAGS, NCR_ATTR_KEY_T= YPE and + NCR_ATTR_KEY_ID attributes in addition to the raw key ma= terial: + + NCRIO_KEY_STORAGE_UNWRAP + Unwrap key and associated metadata created using NCRIO_K= EY_STOR- + AGE_WRAP, and restore the information into a specif= ied key + object. + + The parameter points to struct ncr_key_storage_unwra= p, which + specifies the destination key in the key member and the = wrapped + data in the data and data_size members. + + See NCRIO_KEY_STORAGE_WRAP above for the list of attribu= tes that + will be restored. + + NCRIO_SESSION_INIT + Allocate a session for performing crypto operations. + + The parameter points to struct ncr_session_init, which s= pecifies + the operation to perform, one of NCR_OP_ENCRYPT, NCR_OP_= DECRYPT, + NCR_OP_SIGN and NCR_OP_VERIFY, in the op member= =2E Use + NCR_OP_SIGN for computing an unkeyed hash as well = as keyed + hashes and signatures. + + The following input attributes are recognized: + + NCR_ATTR_ALGORITHM + Mandatory. + + NCR_ATTR_IV + Mandatory for some operations and algorithms. + + NCR_ATTR_KEY + Mandatory for some operations and algorithms. An= 32-bit + unsigned integer in native byte order specifying= the key + to use for the operation. + + NCR_ATTR_RSA_ENCODING_METHOD + Mandatory for RSA. An 32-bit unsigned integer in= native + byte order specifying a RSA encoding method= , one of + RSA_PKCS1_V1_5, RSA_PKCS1_OAEP and RSA_PKCS1_PSS. + + NCR_ATTR_RSA_OAEP_HASH_ALGORITHM + Mandatory for RSA with RSA_PKCS1_OAEP. A NUL-te= rminated + string specifying a hash algorithm used in = the OAEP + encoding method. + + NCR_ATTR_RSA_PSS_SALT_LENGTH + For RSA with RSA_PKCS1_PSS. An 32-bit unsigned = integer + in native byte order specifying the PSS salt= length. + Optional, defaults to 0. + + NCR_ATTR_SIGNATURE_HASH_ALGORITHM + Mandatory for some operations and algorithms. A = NUL-ter- + minated string specifying a hash algorithm unde= rlying a + signature, using the same formats as NCR_ATTR_AL= GORITHM. + + On success, an integer descriptor for the created sessio= n (valid + within the current /dev/crypto namespace) is returned. + + NCRIO_SESSION_UPDATE + Update an existing crypto session with new data (for ope= rations, + such as hashing, for which data can be supplied in pie= ces), or + perform a single operation using the session context (fo= r opera- + tions, such as public key encryption, that work on = separate + units of data). + + The parameter points to struct ncr_session_update, which= speci- + fies the descriptor of the session in the ses member. + + The following input attributes are recognized: + + NCR_ATTR_UPDATE_INPUT_DATA + A struct ncr_session_input_data specifying input= for the + operation in its data and data_size members. + + NCR_ATTR_UPDATE_INPUT_KEY_AS_DATA + An 32-bit unsigned integer in native byte order = specify- + ing the key descriptor serving as input for th= e opera- + tion. This can be currently used only to compute= or ver- + ify a signature or hash of a symmetric key: th= e keying + material is directly used as input data for the = underly- + ing hash. + + NCR_ATTR_UPDATE_OUTPUT_BUFFER + Mandatory for some operations and algorithms. = A struct + ncr_session_output_buffer specifying buffer for o= peration + output in its buffer and buffer_size members. On= success + the size of output is written to the variable poi= nted to + by the result_size_ptr member. + + It is mandatory to include one of the NCR_ATTR_UPDATE_IN= PUT_DATA + and NCR_ATTR_UPDATE_INPUT_KEY_AS_DATA attributes. + + For the NCR_OP_ENCRYPT and NCR_OP_DECRYPT operations usi= ng sym- + metric ciphers, the operation is performed on the inp= ut data, + resulting in an output data block of the same size; for= opera- + tions using public-key cryptography, a single operation= is per- + formed on the input data, resulting in output data. + + For the NCR_OP_SIGN and NCR_OP_VERIFY operations, the in= put data + is supplied to the underlying hash function; no output= data is + produced. + + NCRIO_SESSION_FINAL + Finalize an existing crypto session and deallocate it. + + The parameter points to struct ncr_session_final, which= speci- + fies the descriptor of the session in the ses member. + + If one of the NCR_ATTR_UPDATE_INPUT_DATA= and + NCR_ATTR_UPDATE_INPUT_KEY_AS_DATA attributes is prese= nt, all + attributes are first processed as if using NCRIO_SESSION= _UPDATE; + thus, the last update operation can be performed togeth= er with + the finalization in one step. + + The following input attributes are recognized: + + NCR_ATTR_FINAL_INPUT_DATA + Mandatory for some operations and algorithms. = A struct + ncr_session_input_data as described above, sp= ecifying + input for the operation. + + NCR_ATTR_FINAL_OUTPUT_BUFFER + Mandatory for some operations and algorithms. = A struct + ncr_session_output_buffer as described above, sp= ecifying + buffer for operation output. + + There is no specific finalization operation perfor= med for + NCR_OP_ENCRYPT and NCR_OP_DECRYPT. + + For the NCR_OP_SIGN operation, the signature is crea= ted and + written as output data. + + For the NCR_OP_VERIFY operation, a signature specified = as input + is verified and the result of this operation is returne= d: non- + zero for a valid signature, zero for an invalid signatur= e. Note + that the ioctl(2) operation return value will be non-n= egative, + i.e. "success", even if the signature verification f= ails, as + long all inputs were specified correctly. + + The session will be deallocated even if the NCRIO_SESSI= ON_FINAL + operation reports an error, as long as a valid session = descrip- + tor was specified. + + NCRIO_SESSION_ONCE + Perform an one-shot crypto operation, allocating a t= emporary + session, supplying a single instance of data, and finali= zing the + session in one operation. + + The parameter points to struct ncr_session_once, which s= pecifies + the operation to perform in the op member. + + The attributes handled as if by passing to a NCRIO_SESS= ION_INIT + operation followed by a NCRIO_SESSION_FINAL operation, = and the + return value of the NCRIO_SESSION_FINAL is returned on = success. + + NCRIO_MASTER_KEY_SET + Set the system-wide storage master key. Only a proce= ss with + EUID 0 and the CAP_SYS_ADMIN capability is allowed to= perform + this operation. Once a master key is set, it can be = changed + only by rebooting the system and setting a different key= =2E + + The parameter points to struct ncr_master_key_set, whic= h speci- + fies the key material in user space using the key and = key_size + members. + + Only an AES key with size 16, 24, or 32 bytes is c= urrently + acceptable. + +CONFIGURATION + The NCRIO_KEY_STORAGE_WRAP and NCRIO_KEY_STORAGE_UNWRAP ioctl(= )s work + only after a storage master key is configured by the system adm= inistra- + tor. See NCRIO_MASTER_KEY_SET above. + +FILES + /dev/crypto + +Linux 2010-08-20 C= RYPTO(4) diff --git a/include/linux/Kbuild b/include/linux/Kbuild index 756f831..41790cd 100644 --- a/include/linux/Kbuild +++ b/include/linux/Kbuild @@ -116,6 +116,7 @@ header-y +=3D mmtimer.h header-y +=3D mqueue.h header-y +=3D mtio.h header-y +=3D ncp_no.h +header-y +=3D ncr.h header-y +=3D neighbour.h header-y +=3D net_dropmon.h header-y +=3D net_tstamp.h diff --git a/include/linux/ncr.h b/include/linux/ncr.h new file mode 100644 index 0000000..c288cb8 --- /dev/null +++ b/include/linux/ncr.h @@ -0,0 +1,273 @@ +#ifndef _LINUX_NCR_H +#define _LINUX_NCR_H + +#include + +/* Serves to make sure the structure is suitably aligned to continue w= ith + a struct nlattr without external padding. + + 4 is NLA_ALIGNTO from , but if we + included , the user would have to include + as well for no obvious reason. "4" is fixed by ABI. */ +#define __NL_ATTRIBUTES char __align[] __attribute__((aligned(4))) + +/* In all ioctls, input_size specifies size of the ncr_* structure and= the + following attributes. + + output_size specifies space available for returning output, includi= ng the + initial ncr_* structure, and is updated by the ioctl() with the spa= ce + actually used. + + There are two special cases: input_size 0 means not attributes are = supplied, + and is treated equivalent to sizeof(struct ncr_*). output_size 0 m= eans no + space for output attributes is available, and is not updated. */ + +/* FIXME: better names for algorithm parameters? */ +/* FIXME: Split key generation/derivation attributes to decrease the n= umber + of attributes used for the frequent operations? */ +enum { + NCR_ATTR_UNSPEC, /* 0 is special in lib/nlattr.c. */ + NCR_ATTR_ALGORITHM, /* NLA_NUL_STRING */ + NCR_ATTR_DERIVATION_ALGORITHM, /* NLA_NUL_STRING - NCR_DERIVE_* */ + NCR_ATTR_SIGNATURE_HASH_ALGORITHM, /* NLA_NUL_STRING */ + NCR_ATTR_WRAPPING_ALGORITHM, /* NLA_NUL_STRING - NCR_WALG_* */ + NCR_ATTR_UPDATE_INPUT_DATA, /* NLA_BINARY - ncr_session_input_data = */ + /* NLA_BINARY - ncr_session_output_buffer */ + NCR_ATTR_UPDATE_OUTPUT_BUFFER, + NCR_ATTR_UPDATE_INPUT_KEY_AS_DATA, /* NLA_U32 - ncr_key_t */ + NCR_ATTR_FINAL_INPUT_DATA, /* NLA_BINARY - ncr_session_input_data = */ + /* NLA_BINARY - ncr_session_output_buffer */ + NCR_ATTR_FINAL_OUTPUT_BUFFER, + NCR_ATTR_KEY, /* NLA_U32 - ncr_key_t */ + NCR_ATTR_KEY_FLAGS, /* NLA_U32 - NCR_KEY_FLAG_* */ + NCR_ATTR_KEY_ID, /* NLA_BINARY */ + NCR_ATTR_KEY_TYPE, /* NLA_U32 - ncr_key_type_t */ + NCR_ATTR_IV, /* NLA_BINARY */ + NCR_ATTR_SECRET_KEY_BITS, /* NLA_U32 */ + NCR_ATTR_RSA_MODULUS_BITS, /* NLA_U32 */ + NCR_ATTR_RSA_E, /* NLA_BINARY */ + NCR_ATTR_RSA_ENCODING_METHOD, /* NLA_U32 - ncr_rsa_type_t */ + NCR_ATTR_RSA_OAEP_HASH_ALGORITHM, /* NLA_NUL_STRING */ + NCR_ATTR_RSA_PSS_SALT_LENGTH, /* NLA_U32 */ + NCR_ATTR_DSA_P_BITS, /* NLA_U32 */ + NCR_ATTR_DSA_Q_BITS, /* NLA_U32 */ + NCR_ATTR_DH_PRIME, /* NLA_BINARY */ + NCR_ATTR_DH_BASE, /* NLA_BINARY */ + NCR_ATTR_DH_PUBLIC, /* NLA_BINARY */ + NCR_ATTR_WANTED_ATTRS, /* NLA_BINARY - array of u16 IDs */ + + /* Add new attributes here */ + + NCR_ATTR_END__, + NCR_ATTR_MAX =3D NCR_ATTR_END__ - 1 +}; + +#define NCR_CIPHER_MAX_BLOCK_LEN 32 +#define NCR_HASH_MAX_OUTPUT_SIZE 64 + +#define NCR_WALG_AES_RFC3394 "walg-aes-rfc3394" /* for secret keys onl= y */ +#define NCR_WALG_AES_RFC5649 "walg-aes-rfc5649" /* can wrap arbitrary = key */ + +typedef enum { + NCR_KEY_TYPE_INVALID, + NCR_KEY_TYPE_SECRET=3D1, + NCR_KEY_TYPE_PUBLIC=3D2, + NCR_KEY_TYPE_PRIVATE=3D3, +} ncr_key_type_t; + +/* Key handling + */ + +typedef __s32 ncr_key_t; + +#define NCR_KEY_INVALID ((ncr_key_t)-1) + +#define NCR_KEY_FLAG_EXPORTABLE 1 +#define NCR_KEY_FLAG_WRAPPABLE (1<<1) +/* when generating a pair the flags correspond to private + * and public key usage is implicit. For example when private + * key can decrypt then public key can encrypt. If private key + * can sign then public key can verify. + */ +#define NCR_KEY_FLAG_DECRYPT (1<<2) +#define NCR_KEY_FLAG_SIGN (1<<3) + +struct ncr_key_generate { + __u32 input_size, output_size; + ncr_key_t key; + __NL_ATTRIBUTES; +}; + +struct ncr_key_generate_pair { + __u32 input_size, output_size; + ncr_key_t private_key; + ncr_key_t public_key; + __NL_ATTRIBUTES; +}; + +typedef enum { + RSA_PKCS1_V1_5, /* both signatures and encryption */ + RSA_PKCS1_OAEP, /* for encryption only */ + RSA_PKCS1_PSS, /* for signatures only */ +} ncr_rsa_type_t; + +#define NCR_DERIVE_DH "dh" + + +struct ncr_key_derive { + __u32 input_size, output_size; + ncr_key_t input_key; + ncr_key_t new_key; + __NL_ATTRIBUTES; +}; + +#define MAX_KEY_ID_SIZE 20 + +struct ncr_key_get_info { + __u32 input_size, output_size; + ncr_key_t key; + __NL_ATTRIBUTES; +}; + +struct ncr_key_import { + __u32 input_size, output_size; + ncr_key_t key; + const void __user *data; + __u32 data_size; + __NL_ATTRIBUTES; +}; + +struct ncr_key_export { + __u32 input_size, output_size; + ncr_key_t key; + void __user *buffer; + int buffer_size; + __NL_ATTRIBUTES; +}; + +#define NCRIO_KEY_INIT _IO('c', 204) +/* generate a secret key */ +#define NCRIO_KEY_GENERATE _IOWR('c', 205, struct ncr_key_generat= e) +/* generate a public key pair */ +#define NCRIO_KEY_GENERATE_PAIR _IOWR('c', 206, struct ncr_key_generat= e_pair) +/* derive a new key from an old one */ +#define NCRIO_KEY_DERIVE _IOWR('c', 207, struct ncr_key_derive) +/* return information on a key */ +#define NCRIO_KEY_GET_INFO _IOWR('c', 208, struct ncr_key_get_inf= o) +/* export a secret key */ +#define NCRIO_KEY_EXPORT _IOWR('c', 209, struct ncr_key_export) +/* import a secret key */ +#define NCRIO_KEY_IMPORT _IOWR('c', 210, struct ncr_key_import) + +#define NCRIO_KEY_DEINIT _IOR ('c', 215, ncr_key_t) + +/* Key wrap ioctls + */ +struct ncr_key_wrap { + __u32 input_size, output_size; + ncr_key_t wrapping_key; + ncr_key_t source_key; + void __user *buffer; + int buffer_size; + __NL_ATTRIBUTES; +}; + +struct ncr_key_unwrap { + __u32 input_size, output_size; + ncr_key_t wrapping_key; + ncr_key_t dest_key; + const void __user *data; + __u32 data_size; + __NL_ATTRIBUTES; +}; + +#define NCRIO_KEY_WRAP _IOWR('c', 250, struct ncr_key_wrap) +#define NCRIO_KEY_UNWRAP _IOWR('c', 251, struct ncr_key_unwrap) + +/* Internal ops */ +struct ncr_master_key_set { + __u32 input_size, output_size; + const void __user *key; + __u32 key_size; + __NL_ATTRIBUTES; +}; + +#define NCRIO_MASTER_KEY_SET _IOWR('c', 260, struct ncr_master_= key_set) + +/* These are similar to key_wrap and unwrap except that will store som= e extra + * fields to be able to recover a key */ +struct ncr_key_storage_wrap { + __u32 input_size, output_size; + ncr_key_t key; + void __user *buffer; + int buffer_size; + __NL_ATTRIBUTES; +}; + +struct ncr_key_storage_unwrap { + __u32 input_size, output_size; + ncr_key_t key; + const void __user *data; + __u32 data_size; + __NL_ATTRIBUTES; +}; + +#define NCRIO_KEY_STORAGE_WRAP _IOWR('c', 261, struct ncr_key_s= torage_wrap) +#define NCRIO_KEY_STORAGE_UNWRAP _IOWR('c', 262, struct ncr_key= _storage_wrap) + +/* Crypto Operations ioctls + */ + +typedef enum { + NCR_OP_ENCRYPT=3D1, + NCR_OP_DECRYPT, + NCR_OP_SIGN, + NCR_OP_VERIFY, +} ncr_crypto_op_t; + +typedef __s32 ncr_session_t; +#define NCR_SESSION_INVALID ((ncr_session_t)-1) + +struct ncr_session_input_data { + const void __user *data; + __kernel_size_t data_size; +}; + +struct ncr_session_output_buffer { + void __user *buffer; + __kernel_size_t buffer_size; + __kernel_size_t __user *result_size_ptr; +}; + +struct ncr_session_init { + __u32 input_size, output_size; + __u32 op; /* ncr_crypto_op_t */ + __NL_ATTRIBUTES; +}; + +struct ncr_session_update { + __u32 input_size, output_size; + ncr_session_t ses; + __NL_ATTRIBUTES; +}; + +struct ncr_session_final { + __u32 input_size, output_size; + ncr_session_t ses; + __NL_ATTRIBUTES; +}; + +struct ncr_session_once { + __u32 input_size, output_size; + ncr_crypto_op_t op; + __NL_ATTRIBUTES; +}; + +#define NCRIO_SESSION_INIT _IOWR('c', 300, struct ncr_session_i= nit) +#define NCRIO_SESSION_UPDATE _IOWR('c', 301, struct ncr_session= _update) +#define NCRIO_SESSION_FINAL _IOWR('c', 302, struct ncr_session_= final) + +/* everything in one call */ +#define NCRIO_SESSION_ONCE _IOWR('c', 303, struct ncr_session_o= nce) + +#endif --=20 1.7.2.1