hifn7751var.h revision 1.2
1 /* $NetBSD: hifn7751var.h,v 1.2 2003/05/13 22:43:20 wiz Exp $ */ 2 /* $OpenBSD: hifn7751var.h,v 1.18 2000/06/02 22:36:45 deraadt Exp $ */ 3 4 /* 5 * Invertex AEON / Hi/fn 7751 driver 6 * Copyright (c) 1999 Invertex Inc. All rights reserved. 7 * Copyright (c) 1999 Theo de Raadt 8 * Copyright (c) 2000 Network Security Technologies, Inc. 9 * http://www.netsec.net 10 * 11 * Please send any comments, feedback, bug-fixes, or feature requests to 12 * software (at) invertex.com. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. The name of the author may not be used to endorse or promote products 24 * derived from this software without specific prior written permission. 25 * 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37 * 38 */ 39 40 #ifndef __DEV_PCI_HIFN7751VAR_H__ 41 #define __DEV_PCI_HIFN7751VAR_H__ 42 43 /* 44 * Length values for cryptography 45 */ 46 #define HIFN_DES_KEY_LENGTH 8 47 #define HIFN_3DES_KEY_LENGTH 24 48 #define HIFN_MAX_CRYPT_KEY_LENGTH HIFN_3DES_KEY_LENGTH 49 #define HIFN_IV_LENGTH 8 50 51 /* 52 * Length values for authentication 53 */ 54 #define HIFN_MAC_KEY_LENGTH 64 55 #define HIFN_MD5_LENGTH 16 56 #define HIFN_SHA1_LENGTH 20 57 #define HIFN_MAC_TRUNC_LENGTH 12 58 59 #define MAX_SCATTER 64 60 61 /* 62 * hifn_command_t 63 * 64 * This is the control structure used to pass commands to hifn_encrypt(). 65 * 66 * flags 67 * ----- 68 * Flags is the bitwise "or" values for command configuration. A single 69 * encrypt direction needs to be set: 70 * 71 * HIFN_ENCODE or HIFN_DECODE 72 * 73 * To use cryptography, a single crypto algorithm must be included: 74 * 75 * HIFN_CRYPT_3DES or HIFN_CRYPT_DES 76 * 77 * To use authentication, a single MAC algorithm must be included: 78 * 79 * HIFN_MAC_MD5 or HIFN_MAC_SHA1 80 * 81 * By default MD5 uses a 16 byte hash and SHA-1 uses a 20 byte hash. 82 * If the value below is set, hash values are truncated or assumed 83 * truncated to 12 bytes: 84 * 85 * HIFN_MAC_TRUNC 86 * 87 * Keys for encryption and authentication can be sent as part of a command, 88 * or the last key value used with a particular session can be retrieved 89 * and used again if either of these flags are not specified. 90 * 91 * HIFN_CRYPT_NEW_KEY, HIFN_MAC_NEW_KEY 92 * 93 * result_flags 94 * ------------ 95 * result_flags is a bitwise "or" of result values. The result_flags 96 * values should not be considered valid until: 97 * 98 * callback routine NULL: hifn_crypto() returns 99 * callback routine set: callback routine called 100 * 101 * Right now there is only one result flag: HIFN_MAC_BAD 102 * It's bit is set on decode operations using authentication when a 103 * hash result does not match the input hash value. 104 * The HIFN_MAC_OK(r) macro can be used to help inspect this flag. 105 * 106 * session_num 107 * ----------- 108 * A number between 0 and 2048 (for DRAM models) or a number between 109 * 0 and 768 (for SRAM models). Those who don't want to use session 110 * numbers should leave value at zero and send a new crypt key and/or 111 * new MAC key on every command. If you use session numbers and 112 * don't send a key with a command, the last key sent for that same 113 * session number will be used. 114 * 115 * Warning: Using session numbers and multiboard at the same time 116 * is currently broken. 117 * 118 * mbuf 119 * ---- 120 * Either fill in the mbuf pointer and npa=0 or 121 * fill packp[] and packl[] and set npa to > 0 122 * 123 * mac_header_skip 124 * --------------- 125 * The number of bytes of the source_buf that are skipped over before 126 * authentication begins. This must be a number between 0 and 2^16-1 127 * and can be used by IPSec implementers to skip over IP headers. 128 * *** Value ignored if authentication not used *** 129 * 130 * crypt_header_skip 131 * ----------------- 132 * The number of bytes of the source_buf that are skipped over before 133 * the cryptographic operation begins. This must be a number between 0 134 * and 2^16-1. For IPSec, this number will always be 8 bytes larger 135 * than the auth_header_skip (to skip over the ESP header). 136 * *** Value ignored if cryptography not used *** 137 * 138 * source_length 139 * ------------- 140 * Length of input data including all skipped headers. On decode 141 * operations using authentication, the length must also include the 142 * the appended MAC hash (12, 16, or 20 bytes depending on algorithm 143 * and truncation settings). 144 * 145 * If encryption is used, the encryption payload must be a non-zero 146 * multiple of 8. On encode operations, the encryption payload size 147 * is (source_length - crypt_header_skip - (MAC hash size)). On 148 * decode operations, the encryption payload is 149 * (source_length - crypt_header_skip). 150 * 151 * dest_length 152 * ----------- 153 * Length of the dest buffer. It must be at least as large as the 154 * source buffer when authentication is not used. When authentication 155 * is used on an encode operation, it must be at least as long as the 156 * source length plus an extra 12, 16, or 20 bytes to hold the MAC 157 * value (length of mac value varies with algorithm used). When 158 * authentication is used on decode operations, it must be at least 159 * as long as the source buffer minus 12, 16, or 20 bytes for the MAC 160 * value which is not included in the dest data. Unlike source_length, 161 * the dest_length does not have to be exact, values larger than required 162 * are fine. 163 * 164 * private_data 165 * ------------ 166 * An unsigned long quantity (i.e. large enough to hold a pointer), that 167 * can be used by the callback routine if desired. 168 */ 169 struct hifn_softc; 170 171 typedef struct hifn_command { 172 volatile u_int result_flags; 173 174 u_short session_num; 175 u_int16_t base_masks, cry_masks, mac_masks; 176 177 u_char iv[HIFN_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH]; 178 179 struct mbuf *src_m; 180 long src_packp[MAX_SCATTER]; 181 int src_packl[MAX_SCATTER]; 182 int src_npa; 183 int src_l; 184 185 struct mbuf *dst_m; 186 long dst_packp[MAX_SCATTER]; 187 int dst_packl[MAX_SCATTER]; 188 int dst_npa; 189 int dst_l; 190 191 u_short mac_header_skip, mac_process_len; 192 u_short crypt_header_skip, crypt_process_len; 193 194 u_long private_data; 195 struct hifn_softc *softc; 196 } hifn_command_t; 197 198 /* 199 * Return values for hifn_crypto() 200 */ 201 #define HIFN_CRYPTO_SUCCESS 0 202 #define HIFN_CRYPTO_BAD_INPUT (-1) 203 #define HIFN_CRYPTO_RINGS_FULL (-2) 204 205 /* 206 * Defines for the "result_flags" parameter of hifn_command_t. 207 */ 208 #define HIFN_MAC_BAD 1 209 #define HIFN_MAC_OK(r) (!((r) & HIFN_MAC_BAD)) 210 211 #ifdef _KERNEL 212 213 /************************************************************************** 214 * 215 * Function: hifn_crypto 216 * 217 * Purpose: Called by external drivers to begin an encryption on the 218 * HIFN board. 219 * 220 * Blocking/Non-blocking Issues 221 * ============================ 222 * The driver cannot block in hifn_crypto (no calls to tsleep) currently. 223 * hifn_crypto() returns HIFN_CRYPTO_RINGS_FULL if there is not enough 224 * room in any of the rings for the request to proceed. 225 * 226 * Return Values 227 * ============= 228 * 0 for success, negative values on error 229 * 230 * Defines for negative error codes are: 231 * 232 * HIFN_CRYPTO_BAD_INPUT : The passed in command had invalid settings. 233 * HIFN_CRYPTO_RINGS_FULL : All DMA rings were full and non-blocking 234 * behaviour was requested. 235 * 236 *************************************************************************/ 237 238 /* 239 * Convert back and forth from 'sid' to 'card' and 'session' 240 */ 241 #define HIFN_CARD(sid) (((sid) & 0xf0000000) >> 28) 242 #define HIFN_SESSION(sid) ((sid) & 0x000007ff) 243 #define HIFN_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff)) 244 245 #endif /* _KERNEL */ 246 247 #endif /* __DEV_PCI_HIFN7751VAR_H__ */ 248
Indexes created Sat Sep 27 22:09:54 GMT 2025