1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SYS_CRYPTO_SPI_H 28 #define _SYS_CRYPTO_SPI_H 29 30 /* 31 * CSPI: Cryptographic Service Provider Interface. 32 */ 33 34 #include <sys/zfs_context.h> 35 #include <sys/crypto/common.h> 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 #ifdef CONSTIFY_PLUGIN 42 #define __no_const __attribute__((no_const)) 43 #else 44 #define __no_const 45 #endif /* CONSTIFY_PLUGIN */ 46 47 /* 48 * Context templates can be used to by providers to pre-process 49 * keying material, such as key schedules. They are allocated by 50 * a provider create_ctx_template(9E) entry point, and passed 51 * as argument to initialization and atomic provider entry points. 52 */ 53 typedef void *crypto_spi_ctx_template_t; 54 55 /* 56 * The context structure is passed from the kernel to a provider. 57 * It contains the information needed to process a multi-part or 58 * single part operation. The context structure is not used 59 * by atomic operations. 60 * 61 * Parameters needed to perform a cryptographic operation, such 62 * as keys, mechanisms, input and output buffers, are passed 63 * as separate arguments to Provider routines. 64 */ 65 typedef struct crypto_ctx { 66 void *cc_provider_private; /* owned by provider */ 67 void *cc_framework_private; /* owned by framework */ 68 } crypto_ctx_t; 69 70 /* 71 * The crypto_cipher_ops structure contains pointers to encryption 72 * and decryption operations for cryptographic providers. It is 73 * passed through the crypto_ops(9S) structure when providers register 74 * with the kernel using crypto_register_provider(9F). 75 */ 76 typedef struct crypto_cipher_ops { 77 int (*encrypt_atomic)(crypto_mechanism_t *, crypto_key_t *, 78 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 79 int (*decrypt_atomic)(crypto_mechanism_t *, crypto_key_t *, 80 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 81 } __no_const crypto_cipher_ops_t; 82 83 /* 84 * The crypto_mac_ops structure contains pointers to MAC 85 * operations for cryptographic providers. It is passed through 86 * the crypto_ops(9S) structure when providers register with the 87 * kernel using crypto_register_provider(9F). 88 */ 89 typedef struct crypto_mac_ops { 90 int (*mac_init)(crypto_ctx_t *, 91 crypto_mechanism_t *, crypto_key_t *, 92 crypto_spi_ctx_template_t); 93 int (*mac)(crypto_ctx_t *, 94 crypto_data_t *, crypto_data_t *); 95 int (*mac_update)(crypto_ctx_t *, 96 crypto_data_t *); 97 int (*mac_final)(crypto_ctx_t *, 98 crypto_data_t *); 99 int (*mac_atomic)(crypto_mechanism_t *, crypto_key_t *, 100 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 101 int (*mac_verify_atomic)(crypto_mechanism_t *, crypto_key_t *, 102 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 103 } __no_const crypto_mac_ops_t; 104 105 /* 106 * The crypto_ctx_ops structure contains points to context and context 107 * templates management operations for cryptographic providers. It is 108 * passed through the crypto_ops(9S) structure when providers register 109 * with the kernel using crypto_register_provider(9F). 110 */ 111 typedef struct crypto_ctx_ops { 112 int (*create_ctx_template)(crypto_mechanism_t *, crypto_key_t *, 113 crypto_spi_ctx_template_t *, size_t *); 114 int (*free_context)(crypto_ctx_t *); 115 } __no_const crypto_ctx_ops_t; 116 117 /* 118 * The crypto_ops(9S) structure contains the structures containing 119 * the pointers to functions implemented by cryptographic providers. 120 * It is specified as part of the crypto_provider_info(9S) 121 * supplied by a provider when it registers with the kernel 122 * by calling crypto_register_provider(9F). 123 */ 124 typedef struct crypto_ops { 125 const crypto_cipher_ops_t *co_cipher_ops; 126 const crypto_mac_ops_t *co_mac_ops; 127 const crypto_ctx_ops_t *co_ctx_ops; 128 } crypto_ops_t; 129 130 /* 131 * The mechanism info structure crypto_mech_info_t contains a function group 132 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 133 * specifies the provider entry point that can be used a particular 134 * mechanism. The function group mask is a combination of the following values. 135 */ 136 137 typedef uint32_t crypto_func_group_t; 138 139 140 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 141 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 142 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 143 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 144 145 /* 146 * Maximum length of the pi_provider_description field of the 147 * crypto_provider_info structure. 148 */ 149 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 150 151 152 /* 153 * The crypto_mech_info structure specifies one of the mechanisms 154 * supported by a cryptographic provider. The pi_mechanisms field of 155 * the crypto_provider_info structure contains a pointer to an array 156 * of crypto_mech_info's. 157 */ 158 typedef struct crypto_mech_info { 159 crypto_mech_name_t cm_mech_name; 160 crypto_mech_type_t cm_mech_number; 161 crypto_func_group_t cm_func_group_mask; 162 } crypto_mech_info_t; 163 164 /* 165 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 166 * It is returned after the provider registers with 167 * crypto_register_provider(), and must be specified by the provider 168 * when calling crypto_unregister_provider(), and 169 * crypto_provider_notification(). 170 */ 171 typedef uint_t crypto_kcf_provider_handle_t; 172 173 /* 174 * Provider information. Passed as argument to crypto_register_provider(9F). 175 * Describes the provider and its capabilities. 176 */ 177 typedef struct crypto_provider_info { 178 const char *pi_provider_description; 179 const crypto_ops_t *pi_ops_vector; 180 uint_t pi_mech_list_count; 181 const crypto_mech_info_t *pi_mechanisms; 182 } crypto_provider_info_t; 183 184 /* 185 * Functions exported by Solaris to cryptographic providers. Providers 186 * call these functions to register and unregister, notify the kernel 187 * of state changes, and notify the kernel when a asynchronous request 188 * completed. 189 */ 190 extern int crypto_register_provider(const crypto_provider_info_t *, 191 crypto_kcf_provider_handle_t *); 192 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 193 194 195 #ifdef __cplusplus 196 } 197 #endif 198 199 #endif /* _SYS_CRYPTO_SPI_H */ 200