1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_COMMON_H 27 #define _SYS_CRYPTO_COMMON_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 /* 32 * Header file for the common data structures of the cryptographic framework 33 */ 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #include <sys/types.h> 40 #include <sys/uio.h> 41 #include <sys/stream.h> 42 #include <sys/mutex.h> 43 #include <sys/condvar.h> 44 45 46 /* Cryptographic Mechanisms */ 47 48 #define CRYPTO_MAX_MECH_NAME 32 49 typedef char crypto_mech_name_t[CRYPTO_MAX_MECH_NAME]; 50 51 typedef uint64_t crypto_mech_type_t; 52 53 typedef struct crypto_mechanism { 54 crypto_mech_type_t cm_type; /* mechanism type */ 55 caddr_t cm_param; /* mech. parameter */ 56 size_t cm_param_len; /* mech. parameter len */ 57 } crypto_mechanism_t; 58 59 /* 60 * The measurement unit flag for a mechanism's minimum or maximum key size. 61 * The unit are mechanism dependant. It can be in bits or in bytes. 62 */ 63 typedef uint32_t crypto_keysize_unit_t; 64 65 #define CRYPTO_KEYSIZE_UNIT_IN_BITS 0x00000001 66 #define CRYPTO_KEYSIZE_UNIT_IN_BYTES 0x00000002 67 68 69 /* Mechanisms supported out-of-the-box */ 70 #define SUN_CKM_MD5 "CKM_MD5" 71 #define SUN_CKM_MD5_HMAC "CKM_MD5_HMAC" 72 #define SUN_CKM_MD5_HMAC_GENERAL "CKM_MD5_HMAC_GENERAL" 73 #define SUN_CKM_SHA1 "CKM_SHA_1" 74 #define SUN_CKM_SHA1_HMAC "CKM_SHA_1_HMAC" 75 #define SUN_CKM_SHA1_HMAC_GENERAL "CKM_SHA_1_HMAC_GENERAL" 76 #define SUN_CKM_SHA256 "CKM_SHA256" 77 #define SUN_CKM_SHA256_HMAC "CKM_SHA256_HMAC" 78 #define SUN_CKM_SHA256_HMAC_GENERAL "CKM_SHA256_HMAC_GENERAL" 79 #define SUN_CKM_SHA384 "CKM_SHA384" 80 #define SUN_CKM_SHA384_HMAC "CKM_SHA384_HMAC" 81 #define SUN_CKM_SHA384_HMAC_GENERAL "CKM_SHA384_HMAC_GENERAL" 82 #define SUN_CKM_SHA512 "CKM_SHA512" 83 #define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC" 84 #define SUN_CKM_SHA512_HMAC_GENERAL "CKM_SHA512_HMAC_GENERAL" 85 #define SUN_CKM_DES_CBC "CKM_DES_CBC" 86 #define SUN_CKM_DES3_CBC "CKM_DES3_CBC" 87 #define SUN_CKM_DES_ECB "CKM_DES_ECB" 88 #define SUN_CKM_DES3_ECB "CKM_DES3_ECB" 89 #define SUN_CKM_BLOWFISH_CBC "CKM_BLOWFISH_CBC" 90 #define SUN_CKM_BLOWFISH_ECB "CKM_BLOWFISH_ECB" 91 #define SUN_CKM_AES_CBC "CKM_AES_CBC" 92 #define SUN_CKM_AES_ECB "CKM_AES_ECB" 93 #define SUN_CKM_AES_CTR "CKM_AES_CTR" 94 #define SUN_CKM_RC4 "CKM_RC4" 95 #define SUN_CKM_RSA_PKCS "CKM_RSA_PKCS" 96 #define SUN_CKM_RSA_X_509 "CKM_RSA_X_509" 97 #define SUN_CKM_MD5_RSA_PKCS "CKM_MD5_RSA_PKCS" 98 #define SUN_CKM_SHA1_RSA_PKCS "CKM_SHA1_RSA_PKCS" 99 #define SUN_CKM_SHA256_RSA_PKCS "CKM_SHA256_RSA_PKCS" 100 #define SUN_CKM_SHA384_RSA_PKCS "CKM_SHA384_RSA_PKCS" 101 #define SUN_CKM_SHA512_RSA_PKCS "CKM_SHA512_RSA_PKCS" 102 103 104 /* Data arguments of cryptographic operations */ 105 106 typedef enum crypto_data_format { 107 CRYPTO_DATA_RAW = 1, 108 CRYPTO_DATA_UIO, 109 CRYPTO_DATA_MBLK 110 } crypto_data_format_t; 111 112 typedef struct crypto_data { 113 crypto_data_format_t cd_format; /* Format identifier */ 114 off_t cd_offset; /* Offset from the beginning */ 115 size_t cd_length; /* # of bytes in use */ 116 caddr_t cd_miscdata; /* ancillary data */ 117 union { 118 /* Raw format */ 119 iovec_t cdu_raw; /* Pointer and length */ 120 121 /* uio scatter-gather format */ 122 uio_t *cdu_uio; 123 124 /* mblk scatter-gather format */ 125 mblk_t *cdu_mp; /* The mblk chain */ 126 127 } cdu; /* Crypto Data Union */ 128 } crypto_data_t; 129 130 #define cd_raw cdu.cdu_raw 131 #define cd_uio cdu.cdu_uio 132 #define cd_mp cdu.cdu_mp 133 134 typedef struct crypto_dual_data { 135 crypto_data_t dd_data; /* The data */ 136 off_t dd_offset2; /* Used by dual operation */ 137 size_t dd_len2; /* # of bytes to take */ 138 } crypto_dual_data_t; 139 140 #define dd_format dd_data.cd_format 141 #define dd_offset1 dd_data.cd_offset 142 #define dd_len1 dd_data.cd_length 143 #define dd_miscdata dd_data.cd_miscdata 144 #define dd_raw dd_data.cd_raw 145 #define dd_uio dd_data.cd_uio 146 #define dd_mp dd_data.cd_mp 147 148 /* The keys, and their contents */ 149 150 typedef enum { 151 CRYPTO_KEY_RAW = 1, /* ck_data is a cleartext key */ 152 CRYPTO_KEY_REFERENCE, /* ck_obj_id is an opaque reference */ 153 CRYPTO_KEY_ATTR_LIST /* ck_attrs is a list of object attributes */ 154 } crypto_key_format_t; 155 156 typedef uint64_t crypto_attr_type_t; 157 158 /* Attribute types to use for passing a RSA public key or a private key. */ 159 #define SUN_CKA_MODULUS 0x00000120 160 #define SUN_CKA_MODULUS_BITS 0x00000121 161 #define SUN_CKA_PUBLIC_EXPONENT 0x00000122 162 #define SUN_CKA_PRIVATE_EXPONENT 0x00000123 163 #define SUN_CKA_PRIME_1 0x00000124 164 #define SUN_CKA_PRIME_2 0x00000125 165 #define SUN_CKA_EXPONENT_1 0x00000126 166 #define SUN_CKA_EXPONENT_2 0x00000127 167 #define SUN_CKA_COEFFICIENT 0x00000128 168 #define SUN_CKA_PRIME 0x00000130 169 #define SUN_CKA_SUBPRIME 0x00000131 170 #define SUN_CKA_BASE 0x00000132 171 172 typedef uint32_t crypto_object_id_t; 173 174 typedef struct crypto_object_attribute { 175 crypto_attr_type_t oa_type; /* attribute type */ 176 caddr_t oa_value; /* attribute value */ 177 ssize_t oa_value_len; /* length of attribute value */ 178 } crypto_object_attribute_t; 179 180 typedef struct crypto_key { 181 crypto_key_format_t ck_format; /* format identifier */ 182 union { 183 /* for CRYPTO_KEY_RAW ck_format */ 184 struct { 185 uint_t cku_v_length; /* # of bits in ck_data */ 186 void *cku_v_data; /* ptr to key value */ 187 } cku_key_value; 188 189 /* for CRYPTO_KEY_REFERENCE ck_format */ 190 crypto_object_id_t cku_key_id; /* reference to object key */ 191 192 /* for CRYPTO_KEY_ATTR_LIST ck_format */ 193 struct { 194 uint_t cku_a_count; /* number of attributes */ 195 crypto_object_attribute_t *cku_a_oattr; 196 } cku_key_attrs; 197 } cku_data; /* Crypto Key union */ 198 } crypto_key_t; 199 200 #define ck_data cku_data.cku_key_value.cku_v_data 201 #define ck_length cku_data.cku_key_value.cku_v_length 202 #define ck_obj_id cku_data.cku_key_id 203 #define ck_count cku_data.cku_key_attrs.cku_a_count 204 #define ck_attrs cku_data.cku_key_attrs.cku_a_oattr 205 206 /* 207 * Raw key lengths are expressed in number of bits. 208 * The following macro returns the minimum number of 209 * bytes that can contain the specified number of bits. 210 */ 211 #define CRYPTO_BITS2BYTES(n) (((n) + 7) >> 3) 212 213 /* Providers */ 214 215 typedef enum { 216 CRYPTO_HW_PROVIDER = 0, 217 CRYPTO_SW_PROVIDER, 218 CRYPTO_LOGICAL_PROVIDER 219 } crypto_provider_type_t; 220 221 typedef uint32_t crypto_provider_id_t; 222 #define KCF_PROVID_INVALID ((uint32_t)-1) 223 224 typedef struct crypto_provider_entry { 225 crypto_provider_id_t pe_provider_id; 226 uint_t pe_mechanism_count; 227 } crypto_provider_entry_t; 228 229 typedef struct crypto_dev_list_entry { 230 char le_dev_name[MAXNAMELEN]; 231 uint_t le_dev_instance; 232 uint_t le_mechanism_count; 233 } crypto_dev_list_entry_t; 234 235 /* User type for authentication ioctls and SPI entry points */ 236 237 typedef enum crypto_user_type { 238 CRYPTO_SO = 0, 239 CRYPTO_USER 240 } crypto_user_type_t; 241 242 /* Version for provider management ioctls and SPI entry points */ 243 244 typedef struct crypto_version { 245 uchar_t cv_major; 246 uchar_t cv_minor; 247 } crypto_version_t; 248 249 /* session data structure opaque to the consumer */ 250 typedef void *crypto_session_t; 251 252 /* provider data structure opaque to the consumer */ 253 typedef void *crypto_provider_t; 254 255 /* Limits used by both consumers and providers */ 256 #define CRYPTO_EXT_SIZE_LABEL 32 257 #define CRYPTO_EXT_SIZE_MANUF 32 258 #define CRYPTO_EXT_SIZE_MODEL 16 259 #define CRYPTO_EXT_SIZE_SERIAL 16 260 #define CRYPTO_EXT_SIZE_TIME 16 261 262 typedef struct crypto_provider_ext_info { 263 uchar_t ei_label[CRYPTO_EXT_SIZE_LABEL]; 264 uchar_t ei_manufacturerID[CRYPTO_EXT_SIZE_MANUF]; 265 uchar_t ei_model[CRYPTO_EXT_SIZE_MODEL]; 266 uchar_t ei_serial_number[CRYPTO_EXT_SIZE_SERIAL]; 267 ulong_t ei_flags; 268 ulong_t ei_max_session_count; 269 ulong_t ei_max_pin_len; 270 ulong_t ei_min_pin_len; 271 ulong_t ei_total_public_memory; 272 ulong_t ei_free_public_memory; 273 ulong_t ei_total_private_memory; 274 ulong_t ei_free_private_memory; 275 crypto_version_t ei_hardware_version; 276 crypto_version_t ei_firmware_version; 277 uchar_t ei_time[CRYPTO_EXT_SIZE_TIME]; 278 } crypto_provider_ext_info_t; 279 280 typedef uint_t crypto_session_id_t; 281 282 /* 283 * Common cryptographic status and error codes. 284 */ 285 #define CRYPTO_SUCCESS 0x00000000 286 #define CRYPTO_CANCEL 0x00000001 287 #define CRYPTO_HOST_MEMORY 0x00000002 288 #define CRYPTO_GENERAL_ERROR 0x00000003 289 #define CRYPTO_FAILED 0x00000004 290 #define CRYPTO_ARGUMENTS_BAD 0x00000005 291 #define CRYPTO_ATTRIBUTE_READ_ONLY 0x00000006 292 #define CRYPTO_ATTRIBUTE_SENSITIVE 0x00000007 293 #define CRYPTO_ATTRIBUTE_TYPE_INVALID 0x00000008 294 #define CRYPTO_ATTRIBUTE_VALUE_INVALID 0x00000009 295 #define CRYPTO_CANCELED 0x0000000A 296 #define CRYPTO_DATA_INVALID 0x0000000B 297 #define CRYPTO_DATA_LEN_RANGE 0x0000000C 298 #define CRYPTO_DEVICE_ERROR 0x0000000D 299 #define CRYPTO_DEVICE_MEMORY 0x0000000E 300 #define CRYPTO_DEVICE_REMOVED 0x0000000F 301 #define CRYPTO_ENCRYPTED_DATA_INVALID 0x00000010 302 #define CRYPTO_ENCRYPTED_DATA_LEN_RANGE 0x00000011 303 #define CRYPTO_KEY_HANDLE_INVALID 0x00000012 304 #define CRYPTO_KEY_SIZE_RANGE 0x00000013 305 #define CRYPTO_KEY_TYPE_INCONSISTENT 0x00000014 306 #define CRYPTO_KEY_NOT_NEEDED 0x00000015 307 #define CRYPTO_KEY_CHANGED 0x00000016 308 #define CRYPTO_KEY_NEEDED 0x00000017 309 #define CRYPTO_KEY_INDIGESTIBLE 0x00000018 310 #define CRYPTO_KEY_FUNCTION_NOT_PERMITTED 0x00000019 311 #define CRYPTO_KEY_NOT_WRAPPABLE 0x0000001A 312 #define CRYPTO_KEY_UNEXTRACTABLE 0x0000001B 313 #define CRYPTO_MECHANISM_INVALID 0x0000001C 314 #define CRYPTO_MECHANISM_PARAM_INVALID 0x0000001D 315 #define CRYPTO_OBJECT_HANDLE_INVALID 0x0000001E 316 #define CRYPTO_OPERATION_IS_ACTIVE 0x0000001F 317 #define CRYPTO_OPERATION_NOT_INITIALIZED 0x00000020 318 #define CRYPTO_PIN_INCORRECT 0x00000021 319 #define CRYPTO_PIN_INVALID 0x00000022 320 #define CRYPTO_PIN_LEN_RANGE 0x00000023 321 #define CRYPTO_PIN_EXPIRED 0x00000024 322 #define CRYPTO_PIN_LOCKED 0x00000025 323 #define CRYPTO_SESSION_CLOSED 0x00000026 324 #define CRYPTO_SESSION_COUNT 0x00000027 325 #define CRYPTO_SESSION_HANDLE_INVALID 0x00000028 326 #define CRYPTO_SESSION_READ_ONLY 0x00000029 327 #define CRYPTO_SESSION_EXISTS 0x0000002A 328 #define CRYPTO_SESSION_READ_ONLY_EXISTS 0x0000002B 329 #define CRYPTO_SESSION_READ_WRITE_SO_EXISTS 0x0000002C 330 #define CRYPTO_SIGNATURE_INVALID 0x0000002D 331 #define CRYPTO_SIGNATURE_LEN_RANGE 0x0000002E 332 #define CRYPTO_TEMPLATE_INCOMPLETE 0x0000002F 333 #define CRYPTO_TEMPLATE_INCONSISTENT 0x00000030 334 #define CRYPTO_UNWRAPPING_KEY_HANDLE_INVALID 0x00000031 335 #define CRYPTO_UNWRAPPING_KEY_SIZE_RANGE 0x00000032 336 #define CRYPTO_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x00000033 337 #define CRYPTO_USER_ALREADY_LOGGED_IN 0x00000034 338 #define CRYPTO_USER_NOT_LOGGED_IN 0x00000035 339 #define CRYPTO_USER_PIN_NOT_INITIALIZED 0x00000036 340 #define CRYPTO_USER_TYPE_INVALID 0x00000037 341 #define CRYPTO_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000038 342 #define CRYPTO_USER_TOO_MANY_TYPES 0x00000039 343 #define CRYPTO_WRAPPED_KEY_INVALID 0x0000003A 344 #define CRYPTO_WRAPPED_KEY_LEN_RANGE 0x0000003B 345 #define CRYPTO_WRAPPING_KEY_HANDLE_INVALID 0x0000003C 346 #define CRYPTO_WRAPPING_KEY_SIZE_RANGE 0x0000003D 347 #define CRYPTO_WRAPPING_KEY_TYPE_INCONSISTENT 0x0000003E 348 #define CRYPTO_RANDOM_SEED_NOT_SUPPORTED 0x0000003F 349 #define CRYPTO_RANDOM_NO_RNG 0x00000040 350 #define CRYPTO_DOMAIN_PARAMS_INVALID 0x00000041 351 #define CRYPTO_BUFFER_TOO_SMALL 0x00000042 352 #define CRYPTO_INFORMATION_SENSITIVE 0x00000043 353 #define CRYPTO_NOT_SUPPORTED 0x00000044 354 355 #define CRYPTO_QUEUED 0x00000045 356 #define CRYPTO_BUFFER_TOO_BIG 0x00000046 357 #define CRYPTO_INVALID_CONTEXT 0x00000047 358 #define CRYPTO_INVALID_MAC 0x00000048 359 #define CRYPTO_MECH_NOT_SUPPORTED 0x00000049 360 #define CRYPTO_INCONSISTENT_ATTRIBUTE 0x0000004A 361 #define CRYPTO_NO_PERMISSION 0x0000004B 362 #define CRYPTO_INVALID_PROVIDER_ID 0x0000004C 363 #define CRYPTO_VERSION_MISMATCH 0x0000004D 364 #define CRYPTO_BUSY 0x0000004E 365 #define CRYPTO_UNKNOWN_PROVIDER 0x0000004F 366 #define CRYPTO_MODVERIFICATION_FAILED 0x00000050 367 #define CRYPTO_OLD_CTX_TEMPLATE 0x00000051 368 #define CRYPTO_WEAK_KEY 0x00000052 369 370 /* 371 * Special values that can be used to indicate that information is unavailable 372 * or that there is not practical limit. These values can be used 373 * by fields of the SPI crypto_provider_ext_info(9S) structure. 374 * The value of CRYPTO_UNAVAILABLE_INFO should be the same as 375 * CK_UNAVAILABLE_INFO in the PKCS#11 spec. 376 */ 377 #define CRYPTO_UNAVAILABLE_INFO ((ulong_t)(-1)) 378 #define CRYPTO_EFFECTIVELY_INFINITE 0x0 379 380 #ifdef __cplusplus 381 } 382 #endif 383 384 #endif /* _SYS_CRYPTO_COMMON_H */ 385