sys/dev/pci/n8/include_public/n8_pub_packet.h

   1 /*-
   2  * Copyright (C) 2001-2003 by NBMK Encryption Technologies.
   3  * All rights reserved.
   4  *
   5  * NBMK Encryption Technologies provides no support of any kind for
   6  * this software.  Questions or concerns about it may be addressed to
   7  * the members of the relevant open-source community at
   8  * <tech-crypto@netbsd.org>.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions are
  12  * met:
  13  *
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice, this list of conditions and the following disclaimer.
  16  *
  17  * 2. Redistributions in binary form must reproduce the above
  18  *    copyright notice, this list of conditions and the following
  19  *    disclaimer in the documentation and/or other materials provided
  20  *    with the distribution.
  21  *
  22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  25  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  26  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  27  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  28  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  29  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  30  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  31  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  32  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33  */
  34
  35 /*****************************************************************************
  36  * @(#) n8_pub_packet.h 1.21@(#)
  37  *****************************************************************************/
  38
  39 /*****************************************************************************/
  40 /** @file n8_pub_packet
  41  *  @brief Public declarations for packet operations.
  42  *
  43  * Public header file for packet) operations.
  44  *
  45  *****************************************************************************/
  46
  47 /*****************************************************************************
  48  * Revision history:
  49  * 08/18/03 brr   Combine Encrypt/Decrypt command block generators for SSL,
  50  *                TLS, & IPsec.
  51  * 06/06/03 brr   Brought useful IPSEC defines to this public include file.
  52  * 05/20/03 brr   Modified N8_PacketInitialize to setup function pointers &
  53  *                lengths used in the Encrypt/Decrypt operations. Eliminated
  54  *                several switch statements from Encrypt/Decrypt operations.
  55  * 04/17/03 brr   Moved key size constants to this public include file.
  56  * 08/06/02 bac   Made cipher infos const.
  57  * 07/16/02 bac   Removed trailing comma from last enum entry in
  58  *                N8_PacketMemoryMode.
  59  * 06/14/02 hml   Deleted request field and other unused fields from the
  60  *                packet object.  Also added the N8_PacketMemoryMode_t enum
  61  *                and protos for the N8_SSLTLS*Memory API calls.
  62  * 06/10/02 hml   Added request field to packet object.
  63  * 03/18/02 hml   Added include of n8_pub_buffer.h.
  64  * 02/12/02 hml   Added proto for N8_PacketBuffersSet.
  65  * 02/07/02 hml   Added some fields for kernel buffers allocated by user.
  66  * 01/22/02 bac   Added a boolean to N8_Packet_t to control deferred loading of
  67  *                context memory.
  68  * 11/28/01 mel   Fixed bug #365 : ARC4 key type N8_RC4_t incorrectly declared
  69  * 11/12/01 hml   Added structureID to N8_Packet_t (Bug 261) and changed
  70  *                PI_PROTOCOL_* to N8_PROTOCOL_*.
  71  * 10/25/01 dkm   Changed PI_KeyInfo_t to use N8_RC4_t to remove OpenSSL
  72  *                dependency.
  73  * 10/12/01 dkm   Original version.
  74  ****************************************************************************/
  75 #ifndef N8_PUB_PACKET_H
  76 #define N8_PUB_PACKET_H
  77
  78 #ifdef __cplusplus
  79 extern "C"
  80 {
  81 #endif
  82
  83 #include "n8_pub_common.h"
  84 #include "n8_pub_buffer.h"
  85 #include "n8_pub_request.h"
  86
  87 /*****************************************************************************
  88  * #defines
  89  *****************************************************************************/
  90 /* Maximum length for mac key */
  91 #define N8_MAC_SECRET_LENGTH 20
  92
  93 #define N8_PRECOMPUTE_SIZE   5
  94
  95 /* definitions for key size */
  96 #define    ARC4_KEY_SIZE_BYTES_MAX   256
  97 #define    DES_KEY_SIZE_BYTES        24
  98
  99 #define N8_SSL_VERSION          0x0300
 100 #define N8_TLS_VERSION          0x0301
 101
 102 #define N8_SSLTLS_MAX_DATA_SIZE_DECRYPT    (18 * 1024)
 103 #define N8_SSLTLS_MAX_DATA_SIZE_ENCRYPT    (17 * 1024)
 104
 105 /* definitions for IPsec packets */
 106 #define IPSEC_DATA_LENGTH_MAX      18*1024
 107 #define IPSEC_DATA_LENGTH_MIN      24
 108 #define HMAC_LENGTH                12
 109 #define IPSEC_PACKET_HEADER_LENGTH 16
 110 #define IPSEC_IV_OFFSET            8
 111 #define IPSEC_DATA_OFFSET          16
 112 /*****************************************************************************
 113  * Structures/type definitions
 114  *****************************************************************************/
 115
 116 /*
 117  * SSL/TLS packet structure as defined by the protocol.
 118  */
 119 typedef unsigned char N8_SSLTLSPacket_t;
 120
 121 /*
 122  * IPSec packet structure as defined by the protocol.
 123  */
 124 typedef unsigned char N8_IPSecPacket_t;
 125
 126 /* Specifies the DES keys and IV  to use with IPSec */
 127 typedef struct
 128 {
 129    uint32_t ipad[N8_PRECOMPUTE_SIZE];
 130    uint32_t opad[N8_PRECOMPUTE_SIZE];
 131    uint32_t SPI;
 132    uint32_t sequence_number;
 133 } N8_IPsecKeyDES_t;
 134
 135 /* The three permissible values for Protocol are SSL, TLS, and IPSec */
 136 typedef enum
 137 {
 138    N8_PROTOCOL_SSL    = 1,
 139    N8_PROTOCOL_TLS,
 140    N8_PROTOCOL_IPSEC
 141 } N8_Protocol_t;
 142
 143 /* The memory modes for the packet ops */
 144 typedef enum
 145 {
 146    N8_PACKETMEMORY_NONE    = 1,
 147    N8_PACKETMEMORY_REQUEST
 148 } N8_PacketMemoryMode_t;
 149
 150
 151 /* cipher info */
 152 typedef union
 153 {
 154    unsigned char     keyARC4[32]; /* specifies ARC4 key to use */
 155    N8_IPsecKeyDES_t  IPsecKeyDES; /* specifies data to use with IPSec */
 156 } N8_KeyInfo_t;
 157
 158 /* N8_CipherInfo_t
 159    This is the structure for passing key information during packet
 160    initialization.
 161    precompute1/2 - For internal use in calculations
 162    macSecret - Secret for mac calculation in SSL
 163    sequence_number - Initial sequence number for packet
 164    IV - Initialization vector
 165    key1/2/3 - DES key for initialization (SSL/TLS)
 166    keySize - length of key
 167    key - Union for initializing RC4 and IPsec DES key
 168    hmac_key/_length - Secret and length for HMAC
 169    */
 170 typedef struct
 171 {
 172    uint32_t           precompute1[N8_PRECOMPUTE_SIZE];
 173    uint32_t           precompute2[N8_PRECOMPUTE_SIZE];
 174    char               macSecret[N8_MAC_SECRET_LENGTH];
 175    uint32_t           sequence_number[2];
 176    char               IV[N8_DES_KEY_LENGTH];
 177    char               key1[N8_DES_KEY_LENGTH];
 178    char               key2[N8_DES_KEY_LENGTH];
 179    char               key3[N8_DES_KEY_LENGTH];
 180    int                keySize;              /* keys size for verification */
 181    N8_KeyInfo_t       key;                  /* specific protocol data */
 182    N8_Buffer_t       *hmac_key;
 183    uint32_t           hmacKeyLength;
 184    N8_Unit_t      unitID;       /* execution unit */
 185 } N8_CipherInfo_t;
 186
 187 /* packet object */
 188 typedef struct
 189 {
 190    N8_Protocol_t      packetProtocol; /* packet protocol to use: SSL, TLS, IPSec */
 191    N8_Cipher_t        packetCipher;   /* cipher: ARC4, DES*/
 192    N8_HashAlgorithm_t packetHashAlgorithm;
 193    /* hash algorithm: MD5, SHA-1, HMAC-MD5, HMAC-SHA-1,
 194     * HMAC-MD5-96, HMAC-SHA-1-96 */
 195    N8_ContextHandle_t contextHandle;
 196    N8_CipherInfo_t    cipherInfo;   /* keys to use */
 197    N8_HashObject_t    hashPacket;   /* hash value and information */
 198    N8_Unit_t          unitID;       /* execution unit */
 199    unsigned int       structureID;
 200    N8_Boolean_t       contextLoadNeeded; /* does the context need to be loaded?
 201                                           * if so, this is done on the first use
 202                                           * of the packet post-initialization.*/
 203    N8_PacketMemoryMode_t  mode;       /* Memory type for this packet */
 204    unsigned int       encCommands;    /* Number of cmds needed for encrypt */
 205    unsigned int       decCommands;    /* Number of cmds needed for decrypt */
 206    int                minLength;      /* Minimum packet length             */
 207    int                macLength;      /* Hash result length                */
 208    void              *ctxLoadFcn;     /* Context load cmd block generator  */
 209    int                ctxLoadCmds;    /* Number of cmds needed to load ctx */
 210    void              *SSLTLScmdFcn;   /* cmd block generator function      */
 211    unsigned int       encOpCode;      /* Op Code for encryption operation  */
 212    unsigned int       decOpCode;      /* Op Code for decryption operation  */
 213 } N8_Packet_t;
 214
 215 /*****************************************************************************
 216  * Function prototypes
 217  *****************************************************************************/
 218 N8_Status_t N8_PacketInitializeMemory(N8_Packet_t              *packetObject_p,
 219                                       const N8_ContextHandle_t *contextHandle_p,
 220                                       const N8_Protocol_t       protocol,
 221                                       const N8_Cipher_t         cipher,
 222                                       const N8_CipherInfo_t          *cipherInfo_p,
 223                                       const N8_HashAlgorithm_t  hashAlgorithm,
 224                                       const N8_PacketMemoryMode_t mode,
 225                                       N8_Event_t               *event_p);
 226
 227 N8_Status_t N8_PacketInitialize(N8_Packet_t              *packetObject_p,
 228                                 const N8_ContextHandle_t    *contextHandle_p,
 229                                 const N8_Protocol_t         protocol,
 230                                 const N8_Cipher_t           cipher,
 231                                 const N8_CipherInfo_t             *cipherInfo_p,
 232                                 const N8_HashAlgorithm_t    hashAlgorithm,
 233                                 N8_Event_t                  *event_p);
 234
 235 N8_Status_t
 236 N8_SSLTLSEncryptAuthenticateMemory(N8_Packet_t             *packetObj_p,
 237                                    const N8_SSLTLSPacket_t *packet_p,
 238                                    N8_SSLTLSPacket_t       *result_p,
 239                                    N8_RequestHandle_t       request,
 240                                    N8_Event_t              *event_p);
 241
 242 N8_Status_t
 243 N8_SSLTLSDecryptVerifyMemory(N8_Packet_t             *packetObj_p,
 244                              const N8_SSLTLSPacket_t *packet_p,
 245                              N8_Buffer_t             *computedMAC_p,
 246                              N8_Boolean_t            *verify_p,
 247                              N8_SSLTLSPacket_t       *result_p,
 248                              N8_RequestHandle_t       request,
 249                              N8_Event_t              *event_p);
 250
 251 N8_Status_t N8_SSLTLSEncryptAuthenticate(N8_Packet_t *packetObj_p,
 252                                          const N8_SSLTLSPacket_t *packet_p,
 253                                          N8_SSLTLSPacket_t *result_p,
 254                                          N8_Event_t *event_p);
 255
 256 N8_Status_t N8_SSLTLSDecryptVerify(N8_Packet_t             *packetObj_p,
 257                                    const N8_SSLTLSPacket_t *packet_p,
 258                                    N8_Buffer_t             *computedMAC_p,
 259                                    N8_Boolean_t               *verify_p,
 260                                    N8_SSLTLSPacket_t       *result_p,
 261                                    N8_Event_t              *event_p);
 262
 263 N8_Status_t N8_IPSecEncryptAuthenticate(N8_Packet_t     *packetObject_p,
 264                                         N8_IPSecPacket_t   *packet_p,
 265                                         int                 packetLength,
 266                                         N8_IPSecPacket_t   *result_p,
 267                                         N8_Event_t         *event_p );
 268
 269 N8_Status_t N8_IPSecDecryptVerify(N8_Packet_t     *packetObject_p,
 270                                   N8_IPSecPacket_t   *encryptedPacket_p,
 271                                   int                 encryptedPacketLength,
 272                                   N8_Buffer_t        *computedHMAC_p,
 273                                   N8_Boolean_t          *verify,
 274                                   N8_IPSecPacket_t   *result_p,
 275                                   N8_Event_t         *event_p );
 276
 277 #ifdef __cplusplus
 278 }
 279 #endif
 280
 281 #endif
 282
 283