Lines Matching defs:cipher
120 * A cipher without an iv requirement would look like this:
128 /* Preferred cipher, if one isn't specified on command line. */
421 mech_alias_t *cipher, const char *rkey, size_t rksz, boolean_t rdonly,
431 if (cipher != NULL) {
434 (void) strlcpy(li.li_cipher, cipher->name,
442 li.li_iv_type = cipher->iv_type;
443 li.li_iv_len = cipher->iv_len; /* 0 when no iv needed */
444 switch (cipher->iv_type) {
446 (void) strlcpy(li.li_iv_cipher, cipher->iv_name,
623 * Verify the cipher selected by user.
638 * Verify user selected cipher is also available in kernel.
640 * While traversing kernel list of mechs, if the cipher is supported in the
645 kernel_cipher_check(mech_alias_t *cipher)
657 /* if cipher doesn't need iv generating mech, bypass that check now */
658 if (cipher->iv_name == NULL)
708 * it needs an iv generated using another cipher, also look for that
709 * additional cipher to be used for generating the iv
714 strcasecmp(cipher->name, kciphers->ml_list[i]) == 0)
717 strcasecmp(cipher->iv_name, kciphers->ml_list[i]) == 0)
725 cipher->name);
728 cipher->iv_name);
731 /* Get the details about the user selected cipher */
741 (void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
762 (void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
791 cipher->min_keysize = keymin;
792 cipher->max_keysize = keymax;
803 cipher->name);
807 /* Note: key min/max, unit size, usage for iv cipher are not checked. */
901 getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
913 /* did init_crypto find a slot that supports this cipher? */
914 if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
919 rv = pkcs11_mech2keytype(cipher->type, &ktype);
927 rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
944 klen = cipher->max_keysize;
946 cipher->max_keysize, &kvalue, &klen);
954 /* assert(klen == cipher->max_keysize); */
961 cipher->alias, pkcs11_strerror(rv));
968 getkeyfromfile(const char *pathname, mech_alias_t *cipher, char **key,
979 *ksz = cipher->max_keysize;
993 * permissions and whether the key is within cipher min and max lengths,
1011 if (*ksz < cipher->min_keysize || cipher->max_keysize < *ksz) {
1015 cipher->min_keysize, cipher->max_keysize);
1018 *ksz = cipher->max_keysize;
1032 * get the maximum keysize of data possible for this cipher.
1038 if (nread == 0 && notplain && cursz >= cipher->min_keysize) {
1039 *ksz = (cursz / cipher->min_keysize) *
1040 cipher->min_keysize;
1054 token_spec_t *token, const char *keyfile, mech_alias_t *cipher,
1060 CK_KEY_TYPE ktype; /* from selected cipher or CKK_RSA */
1061 CK_KEY_TYPE raw_ktype; /* from selected cipher */
1082 /* did init_crypto find a slot that supports this cipher? */
1083 if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
1101 rv = pkcs11_mech2keytype(cipher->type, &raw_ktype);
1103 die(gettext("failed to get key type for cipher %s: %s\n"),
1104 cipher->name, pkcs11_strerror(rv));
1177 getkeyfromfile(keyfile, cipher, &rkey, &rksz);
1205 if (rksz < cipher->min_keysize || cipher->max_keysize < rksz) {
1207 die(gettext("\t%d <= keysize <= %d\n"), cipher->min_keysize,
1208 cipher->max_keysize);
1216 * Set up cipher key limits and verify PKCS#11 can be done
1224 mech_alias_t *cipher;
1232 * - if the slot supports the PKCS#5 PBKD2 cipher
1236 * -c cipher -T tok:mfr:ser:lab -k keyfile
1237 * the given cipher or the default cipher apply to keyfile,
1240 * -c cipher -T tok:mfr:ser:lab
1242 * cipher or the default cipher. In those cases, cipher will
1243 * be overridden with the actual cipher type of the key "lab".
1251 cipher = (mech_alias_t *)args;
1252 token = cipher->token;
1254 if (C_GetMechanismInfo(slot_id, cipher->type, &mechinfo) != CKR_OK) {
1289 cipher->slot = slot_id;
1304 * Set up crypto, opening session on slot that matches token and cipher
1307 init_crypto(token_spec_t *token, mech_alias_t *cipher,
1312 cipher->token = token;
1319 rv = pkcs11_GetCriteriaSession(match_token_cipher, (void *)cipher,
1888 mech_alias_t *cipher = NULL;
1921 /* is the chosen cipher allowed? */
1922 if ((cipher = ciph2mech(optarg)) == NULL) {
1924 warn(gettext("cipher %s not allowed\n"),
2071 * 1. cipher with no ephemeral key, key file, or token,
2073 * 2. token with an optional cipher or optional key file,
2075 * If only the cipher is specified, reconfirm the passphrase
2082 /* pick a cipher if none specified */
2083 if (cipher == NULL)
2084 cipher = DEFAULT_CIPHER;
2086 if (!kernel_cipher_check(cipher))
2091 init_crypto(token, cipher, &sess);
2094 getkeyfromuser(cipher, &rkey, &rksz);
2096 getkeyfromtoken(sess, token, keyfile, cipher,
2100 getkeyfromfile(keyfile, cipher, &rkey, &rksz);
2110 add_mapping(lfd, devicename, filename, cipher, rkey, rksz,