1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_SPI_H 27 #define _SYS_CRYPTO_SPI_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 /* 32 * CSPI: Cryptographic Service Provider Interface. 33 */ 34 35 #include <sys/types.h> 36 #include <sys/dditypes.h> 37 #include <sys/ddi.h> 38 #include <sys/kmem.h> 39 #include <sys/crypto/common.h> 40 41 #ifdef __cplusplus 42 extern "C" { 43 #endif 44 45 #ifdef _KERNEL 46 47 #define CRYPTO_SPI_VERSION_1 1 48 #define CRYPTO_SPI_VERSION_2 2 49 50 /* 51 * Provider-private handle. This handle is specified by a provider 52 * when it registers by means of the pi_provider_handle field of 53 * the crypto_provider_info structure, and passed to the provider 54 * when its entry points are invoked. 55 */ 56 typedef void *crypto_provider_handle_t; 57 58 /* 59 * Context templates can be used to by software providers to pre-process 60 * keying material, such as key schedules. They are allocated by 61 * a software provider create_ctx_template(9E) entry point, and passed 62 * as argument to initialization and atomic provider entry points. 63 */ 64 typedef void *crypto_spi_ctx_template_t; 65 66 /* 67 * Request handles are used by the kernel to identify an asynchronous 68 * request being processed by a provider. It is passed by the kernel 69 * to a hardware provider when submitting a request, and must be 70 * specified by a provider when calling crypto_op_notification(9F) 71 */ 72 typedef void *crypto_req_handle_t; 73 74 /* 75 * The context structure is passed from the kernel to a provider. 76 * It contains the information needed to process a multi-part or 77 * single part operation. The context structure is not used 78 * by atomic operations. 79 * 80 * Parameters needed to perform a cryptographic operation, such 81 * as keys, mechanisms, input and output buffers, are passed 82 * as separate arguments to Provider routines. 83 */ 84 typedef struct crypto_ctx { 85 crypto_provider_handle_t cc_provider; 86 crypto_session_id_t cc_session; 87 void *cc_provider_private; /* owned by provider */ 88 void *cc_framework_private; /* owned by framework */ 89 } crypto_ctx_t; 90 91 /* 92 * Extended provider information. 93 */ 94 95 /* 96 * valid values for ei_flags field of extended info structure 97 * They match the RSA Security, Inc PKCS#11 tokenInfo flags. 98 */ 99 #define CRYPTO_EXTF_RNG 0x00000001 100 #define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002 101 #define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004 102 #define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008 103 #define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040 104 #define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100 105 #define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200 106 #define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400 107 #define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000 108 #define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000 109 #define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000 110 #define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000 111 #define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000 112 #define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000 113 #define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000 114 #define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000 115 116 /* 117 * The crypto_control_ops structure contains pointers to control 118 * operations for cryptographic providers. It is passed through 119 * the crypto_ops(9S) structure when providers register with the 120 * kernel using crypto_register_provider(9F). 121 */ 122 typedef struct crypto_control_ops { 123 void (*provider_status)(crypto_provider_handle_t, uint_t *); 124 } crypto_control_ops_t; 125 126 /* 127 * The crypto_ctx_ops structure contains points to context and context 128 * templates management operations for cryptographic providers. It is 129 * passed through the crypto_ops(9S) structure when providers register 130 * with the kernel using crypto_register_provider(9F). 131 */ 132 typedef struct crypto_ctx_ops { 133 int (*create_ctx_template)(crypto_provider_handle_t, 134 crypto_mechanism_t *, crypto_key_t *, 135 crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); 136 int (*free_context)(crypto_ctx_t *); 137 } crypto_ctx_ops_t; 138 139 /* 140 * The crypto_digest_ops structure contains pointers to digest 141 * operations for cryptographic providers. It is passed through 142 * the crypto_ops(9S) structure when providers register with the 143 * kernel using crypto_register_provider(9F). 144 */ 145 typedef struct crypto_digest_ops { 146 int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *, 147 crypto_req_handle_t); 148 int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 149 crypto_req_handle_t); 150 int (*digest_update)(crypto_ctx_t *, crypto_data_t *, 151 crypto_req_handle_t); 152 int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t); 153 int (*digest_final)(crypto_ctx_t *, crypto_data_t *, 154 crypto_req_handle_t); 155 int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, 156 crypto_mechanism_t *, crypto_data_t *, 157 crypto_data_t *, crypto_req_handle_t); 158 } crypto_digest_ops_t; 159 160 /* 161 * The crypto_cipher_ops structure contains pointers to encryption 162 * and decryption operations for cryptographic providers. It is 163 * passed through the crypto_ops(9S) structure when providers register 164 * with the kernel using crypto_register_provider(9F). 165 */ 166 typedef struct crypto_cipher_ops { 167 int (*encrypt_init)(crypto_ctx_t *, 168 crypto_mechanism_t *, crypto_key_t *, 169 crypto_spi_ctx_template_t, crypto_req_handle_t); 170 int (*encrypt)(crypto_ctx_t *, 171 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 172 int (*encrypt_update)(crypto_ctx_t *, 173 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 174 int (*encrypt_final)(crypto_ctx_t *, 175 crypto_data_t *, crypto_req_handle_t); 176 int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 177 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 178 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 179 180 int (*decrypt_init)(crypto_ctx_t *, 181 crypto_mechanism_t *, crypto_key_t *, 182 crypto_spi_ctx_template_t, crypto_req_handle_t); 183 int (*decrypt)(crypto_ctx_t *, 184 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 185 int (*decrypt_update)(crypto_ctx_t *, 186 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 187 int (*decrypt_final)(crypto_ctx_t *, 188 crypto_data_t *, crypto_req_handle_t); 189 int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 190 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 191 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 192 } crypto_cipher_ops_t; 193 194 /* 195 * The crypto_mac_ops structure contains pointers to MAC 196 * operations for cryptographic providers. It is passed through 197 * the crypto_ops(9S) structure when providers register with the 198 * kernel using crypto_register_provider(9F). 199 */ 200 typedef struct crypto_mac_ops { 201 int (*mac_init)(crypto_ctx_t *, 202 crypto_mechanism_t *, crypto_key_t *, 203 crypto_spi_ctx_template_t, crypto_req_handle_t); 204 int (*mac)(crypto_ctx_t *, 205 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 206 int (*mac_update)(crypto_ctx_t *, 207 crypto_data_t *, crypto_req_handle_t); 208 int (*mac_final)(crypto_ctx_t *, 209 crypto_data_t *, crypto_req_handle_t); 210 int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 211 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 212 crypto_data_t *, crypto_spi_ctx_template_t, 213 crypto_req_handle_t); 214 int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 215 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 216 crypto_data_t *, crypto_spi_ctx_template_t, 217 crypto_req_handle_t); 218 } crypto_mac_ops_t; 219 220 /* 221 * The crypto_sign_ops structure contains pointers to signing 222 * operations for cryptographic providers. It is passed through 223 * the crypto_ops(9S) structure when providers register with the 224 * kernel using crypto_register_provider(9F). 225 */ 226 typedef struct crypto_sign_ops { 227 int (*sign_init)(crypto_ctx_t *, 228 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 229 crypto_req_handle_t); 230 int (*sign)(crypto_ctx_t *, 231 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 232 int (*sign_update)(crypto_ctx_t *, 233 crypto_data_t *, crypto_req_handle_t); 234 int (*sign_final)(crypto_ctx_t *, 235 crypto_data_t *, crypto_req_handle_t); 236 int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t, 237 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 238 crypto_data_t *, crypto_spi_ctx_template_t, 239 crypto_req_handle_t); 240 int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 241 crypto_key_t *, crypto_spi_ctx_template_t, 242 crypto_req_handle_t); 243 int (*sign_recover)(crypto_ctx_t *, 244 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 245 int (*sign_recover_atomic)(crypto_provider_handle_t, 246 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 247 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 248 crypto_req_handle_t); 249 } crypto_sign_ops_t; 250 251 /* 252 * The crypto_verify_ops structure contains pointers to verify 253 * operations for cryptographic providers. It is passed through 254 * the crypto_ops(9S) structure when providers register with the 255 * kernel using crypto_register_provider(9F). 256 */ 257 typedef struct crypto_verify_ops { 258 int (*verify_init)(crypto_ctx_t *, 259 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 260 crypto_req_handle_t); 261 int (*verify)(crypto_ctx_t *, 262 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 263 int (*verify_update)(crypto_ctx_t *, 264 crypto_data_t *, crypto_req_handle_t); 265 int (*verify_final)(crypto_ctx_t *, 266 crypto_data_t *, crypto_req_handle_t); 267 int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 268 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 269 crypto_data_t *, crypto_spi_ctx_template_t, 270 crypto_req_handle_t); 271 int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 272 crypto_key_t *, crypto_spi_ctx_template_t, 273 crypto_req_handle_t); 274 int (*verify_recover)(crypto_ctx_t *, 275 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 276 int (*verify_recover_atomic)(crypto_provider_handle_t, 277 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 278 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 279 crypto_req_handle_t); 280 } crypto_verify_ops_t; 281 282 /* 283 * The crypto_dual_ops structure contains pointers to dual 284 * cipher and sign/verify operations for cryptographic providers. 285 * It is passed through the crypto_ops(9S) structure when 286 * providers register with the kernel using 287 * crypto_register_provider(9F). 288 */ 289 typedef struct crypto_dual_ops { 290 int (*digest_encrypt_update)( 291 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 292 crypto_data_t *, crypto_req_handle_t); 293 int (*decrypt_digest_update)( 294 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 295 crypto_data_t *, crypto_req_handle_t); 296 int (*sign_encrypt_update)( 297 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 298 crypto_data_t *, crypto_req_handle_t); 299 int (*decrypt_verify_update)( 300 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 301 crypto_data_t *, crypto_req_handle_t); 302 } crypto_dual_ops_t; 303 304 /* 305 * The crypto_dual_cipher_mac_ops structure contains pointers to dual 306 * cipher and MAC operations for cryptographic providers. 307 * It is passed through the crypto_ops(9S) structure when 308 * providers register with the kernel using 309 * crypto_register_provider(9F). 310 */ 311 typedef struct crypto_dual_cipher_mac_ops { 312 int (*encrypt_mac_init)(crypto_ctx_t *, 313 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 314 crypto_key_t *, crypto_spi_ctx_template_t, 315 crypto_spi_ctx_template_t, crypto_req_handle_t); 316 int (*encrypt_mac)(crypto_ctx_t *, 317 crypto_data_t *, crypto_dual_data_t *, crypto_data_t *, 318 crypto_req_handle_t); 319 int (*encrypt_mac_update)(crypto_ctx_t *, 320 crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t); 321 int (*encrypt_mac_final)(crypto_ctx_t *, 322 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 323 int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 324 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 325 crypto_key_t *, crypto_data_t *, crypto_dual_data_t *, 326 crypto_data_t *, crypto_spi_ctx_template_t, 327 crypto_spi_ctx_template_t, crypto_req_handle_t); 328 329 int (*mac_decrypt_init)(crypto_ctx_t *, 330 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 331 crypto_key_t *, crypto_spi_ctx_template_t, 332 crypto_spi_ctx_template_t, crypto_req_handle_t); 333 int (*mac_decrypt)(crypto_ctx_t *, 334 crypto_dual_data_t *, crypto_data_t *, crypto_data_t *, 335 crypto_req_handle_t); 336 int (*mac_decrypt_update)(crypto_ctx_t *, 337 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 338 int (*mac_decrypt_final)(crypto_ctx_t *, 339 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 340 int (*mac_decrypt_atomic)(crypto_provider_handle_t, 341 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 342 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 343 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 344 crypto_spi_ctx_template_t, crypto_req_handle_t); 345 int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t, 346 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 347 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 348 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 349 crypto_spi_ctx_template_t, crypto_req_handle_t); 350 } crypto_dual_cipher_mac_ops_t; 351 352 /* 353 * The crypto_random_number_ops structure contains pointers to random 354 * number operations for cryptographic providers. It is passed through 355 * the crypto_ops(9S) structure when providers register with the 356 * kernel using crypto_register_provider(9F). 357 */ 358 typedef struct crypto_random_number_ops { 359 int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t, 360 uchar_t *, size_t, uint_t, uint32_t, crypto_req_handle_t); 361 int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t, 362 uchar_t *, size_t, crypto_req_handle_t); 363 } crypto_random_number_ops_t; 364 365 /* 366 * Flag values for seed_random. 367 */ 368 #define CRYPTO_SEED_NOW 0x00000001 369 370 /* 371 * The crypto_session_ops structure contains pointers to session 372 * operations for cryptographic providers. It is passed through 373 * the crypto_ops(9S) structure when providers register with the 374 * kernel using crypto_register_provider(9F). 375 */ 376 typedef struct crypto_session_ops { 377 int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *, 378 crypto_req_handle_t); 379 int (*session_close)(crypto_provider_handle_t, crypto_session_id_t, 380 crypto_req_handle_t); 381 int (*session_login)(crypto_provider_handle_t, crypto_session_id_t, 382 crypto_user_type_t, char *, size_t, crypto_req_handle_t); 383 int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t, 384 crypto_req_handle_t); 385 } crypto_session_ops_t; 386 387 /* 388 * The crypto_object_ops structure contains pointers to object 389 * operations for cryptographic providers. It is passed through 390 * the crypto_ops(9S) structure when providers register with the 391 * kernel using crypto_register_provider(9F). 392 */ 393 typedef struct crypto_object_ops { 394 int (*object_create)(crypto_provider_handle_t, crypto_session_id_t, 395 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 396 crypto_req_handle_t); 397 int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t, 398 crypto_object_id_t, crypto_object_attribute_t *, uint_t, 399 crypto_object_id_t *, crypto_req_handle_t); 400 int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t, 401 crypto_object_id_t, crypto_req_handle_t); 402 int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t, 403 crypto_object_id_t, size_t *, crypto_req_handle_t); 404 int (*object_get_attribute_value)(crypto_provider_handle_t, 405 crypto_session_id_t, crypto_object_id_t, 406 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 407 int (*object_set_attribute_value)(crypto_provider_handle_t, 408 crypto_session_id_t, crypto_object_id_t, 409 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 410 int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t, 411 crypto_object_attribute_t *, uint_t, void **, 412 crypto_req_handle_t); 413 int (*object_find)(crypto_provider_handle_t, void *, 414 crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t); 415 int (*object_find_final)(crypto_provider_handle_t, void *, 416 crypto_req_handle_t); 417 } crypto_object_ops_t; 418 419 /* 420 * The crypto_key_ops structure contains pointers to key 421 * operations for cryptographic providers. It is passed through 422 * the crypto_ops(9S) structure when providers register with the 423 * kernel using crypto_register_provider(9F). 424 */ 425 typedef struct crypto_key_ops { 426 int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t, 427 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 428 crypto_object_id_t *, crypto_req_handle_t); 429 int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t, 430 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 431 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 432 crypto_object_id_t *, crypto_req_handle_t); 433 int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t, 434 crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, 435 uchar_t *, size_t *, crypto_req_handle_t); 436 int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t, 437 crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *, 438 crypto_object_attribute_t *, uint_t, 439 crypto_object_id_t *, crypto_req_handle_t); 440 int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t, 441 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, 442 uint_t, crypto_object_id_t *, crypto_req_handle_t); 443 int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *, 444 crypto_key_t *); 445 } crypto_key_ops_t; 446 447 /* 448 * The crypto_provider_management_ops structure contains pointers 449 * to management operations for cryptographic providers. It is passed 450 * through the crypto_ops(9S) structure when providers register with the 451 * kernel using crypto_register_provider(9F). 452 */ 453 typedef struct crypto_provider_management_ops { 454 int (*ext_info)(crypto_provider_handle_t, 455 crypto_provider_ext_info_t *, crypto_req_handle_t); 456 int (*init_token)(crypto_provider_handle_t, char *, size_t, 457 char *, crypto_req_handle_t); 458 int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t, 459 char *, size_t, crypto_req_handle_t); 460 int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t, 461 char *, size_t, char *, size_t, crypto_req_handle_t); 462 } crypto_provider_management_ops_t; 463 464 typedef struct crypto_mech_ops { 465 int (*copyin_mechanism)(crypto_provider_handle_t, 466 crypto_mechanism_t *, crypto_mechanism_t *, int *, int); 467 int (*copyout_mechanism)(crypto_provider_handle_t, 468 crypto_mechanism_t *, crypto_mechanism_t *, int *, int); 469 int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *); 470 } crypto_mech_ops_t; 471 472 /* 473 * The crypto_ops(9S) structure contains the structures containing 474 * the pointers to functions implemented by cryptographic providers. 475 * It is specified as part of the crypto_provider_info(9S) 476 * supplied by a provider when it registers with the kernel 477 * by calling crypto_register_provider(9F). 478 */ 479 typedef struct crypto_ops_v1 { 480 crypto_control_ops_t *co_control_ops; 481 crypto_digest_ops_t *co_digest_ops; 482 crypto_cipher_ops_t *co_cipher_ops; 483 crypto_mac_ops_t *co_mac_ops; 484 crypto_sign_ops_t *co_sign_ops; 485 crypto_verify_ops_t *co_verify_ops; 486 crypto_dual_ops_t *co_dual_ops; 487 crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops; 488 crypto_random_number_ops_t *co_random_ops; 489 crypto_session_ops_t *co_session_ops; 490 crypto_object_ops_t *co_object_ops; 491 crypto_key_ops_t *co_key_ops; 492 crypto_provider_management_ops_t *co_provider_ops; 493 crypto_ctx_ops_t *co_ctx_ops; 494 } crypto_ops_v1_t; 495 496 typedef struct crypto_ops_v2 { 497 crypto_ops_v1_t v1_ops; 498 crypto_mech_ops_t *co_mech_ops; 499 } crypto_ops_v2_t; 500 501 typedef struct crypto_ops { 502 union { 503 crypto_ops_v2_t cou_v2; 504 crypto_ops_v1_t cou_v1; 505 } cou; 506 } crypto_ops_t; 507 508 #define co_control_ops cou.cou_v1.co_control_ops 509 #define co_digest_ops cou.cou_v1.co_digest_ops 510 #define co_cipher_ops cou.cou_v1.co_cipher_ops 511 #define co_mac_ops cou.cou_v1.co_mac_ops 512 #define co_sign_ops cou.cou_v1.co_sign_ops 513 #define co_verify_ops cou.cou_v1.co_verify_ops 514 #define co_dual_ops cou.cou_v1.co_dual_ops 515 #define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops 516 #define co_random_ops cou.cou_v1.co_random_ops 517 #define co_session_ops cou.cou_v1.co_session_ops 518 #define co_object_ops cou.cou_v1.co_object_ops 519 #define co_key_ops cou.cou_v1.co_key_ops 520 #define co_provider_ops cou.cou_v1.co_provider_ops 521 #define co_ctx_ops cou.cou_v1.co_ctx_ops 522 #define co_mech_ops cou.cou_v2.co_mech_ops 523 524 /* 525 * Provider device specification passed during registration. 526 * 527 * Software providers set the pi_provider_type field of provider_info_t 528 * to CRYPTO_SW_PROVIDER, and set the pd_sw field of 529 * crypto_provider_dev_t to the address of their modlinkage. 530 * 531 * Hardware providers set the pi_provider_type field of provider_info_t 532 * to CRYPTO_HW_PROVIDER, and set the pd_hw field of 533 * crypto_provider_dev_t to the dev_info structure corresponding 534 * to the device instance being registered. 535 * 536 * Logical providers set the pi_provider_type field of provider_info_t 537 * to CRYPTO_LOGICAL_PROVIDER, and set the pd_hw field of 538 * crypto_provider_dev_t to the dev_info structure corresponding 539 * to the device instance being registered. 540 */ 541 542 typedef union crypto_provider_dev { 543 struct modlinkage *pd_sw; /* for CRYPTO_SW_PROVIDER */ 544 dev_info_t *pd_hw; /* for CRYPTO_HW_PROVIDER */ 545 } crypto_provider_dev_t; 546 547 /* 548 * The mechanism info structure crypto_mech_info_t contains a function group 549 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 550 * specifies the provider entry point that can be used a particular 551 * mechanism. The function group mask is a combination of the following values. 552 */ 553 554 typedef uint32_t crypto_func_group_t; 555 556 #endif /* _KERNEL */ 557 558 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ 559 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ 560 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ 561 #define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */ 562 #define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */ 563 #define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */ 564 #define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */ 565 #define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */ 566 #define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */ 567 #define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */ 568 #define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */ 569 #define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */ 570 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 571 #define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */ 572 #define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */ 573 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 574 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 575 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 576 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ 577 #define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */ 578 #define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */ 579 #define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */ 580 #define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */ 581 #define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */ 582 #define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */ 583 #define CRYPTO_FG_RESERVED 0x80000000 584 585 /* 586 * Maximum length of the pi_provider_description field of the 587 * crypto_provider_info structure. 588 */ 589 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 590 591 #ifdef _KERNEL 592 593 /* Bit mask for all the simple operations */ 594 #define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \ 595 CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \ 596 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \ 597 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \ 598 CRYPTO_FG_VERIFY_ATOMIC) 599 600 /* Bit mask for all the dual operations */ 601 #define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \ 602 CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \ 603 CRYPTO_FG_MAC_DECRYPT_ATOMIC) 604 605 /* Add other combos to CRYPTO_FG_DUAL_MASK */ 606 #define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK 607 608 /* 609 * The crypto_mech_info structure specifies one of the mechanisms 610 * supported by a cryptographic provider. The pi_mechanisms field of 611 * the crypto_provider_info structure contains a pointer to an array 612 * of crypto_mech_info's. 613 */ 614 typedef struct crypto_mech_info { 615 crypto_mech_name_t cm_mech_name; 616 crypto_mech_type_t cm_mech_number; 617 crypto_func_group_t cm_func_group_mask; 618 ssize_t cm_min_key_length; 619 ssize_t cm_max_key_length; 620 crypto_keysize_unit_t cm_keysize_unit; /* for cm_xxx_key_length */ 621 } crypto_mech_info_t; 622 623 /* 624 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 625 * It is returned after the provider registers with 626 * crypto_register_provider(), and must be specified by the provider 627 * when calling crypto_unregister_provider(), and 628 * crypto_provider_notification(). 629 */ 630 typedef uint_t crypto_kcf_provider_handle_t; 631 632 /* 633 * Provider information. Passed as argument to crypto_register_provider(9F). 634 * Describes the provider and its capabilities. Multiple providers can 635 * register for the same device instance. In this case, the same 636 * pi_provider_dev must be specified with a different pi_provider_handle. 637 */ 638 typedef struct crypto_provider_info_v1 { 639 uint_t pi_interface_version; 640 char *pi_provider_description; 641 crypto_provider_type_t pi_provider_type; 642 crypto_provider_dev_t pi_provider_dev; 643 crypto_provider_handle_t pi_provider_handle; 644 crypto_ops_t *pi_ops_vector; 645 uint_t pi_mech_list_count; 646 crypto_mech_info_t *pi_mechanisms; 647 uint_t pi_logical_provider_count; 648 crypto_kcf_provider_handle_t *pi_logical_providers; 649 } crypto_provider_info_v1_t; 650 651 typedef struct crypto_provider_info_v2 { 652 crypto_provider_info_v1_t v1_info; 653 uint_t pi_flags; 654 } crypto_provider_info_v2_t; 655 656 typedef struct crypto_provider_info { 657 union { 658 crypto_provider_info_v2_t piu_v2; 659 crypto_provider_info_v1_t piu_v1; 660 } piu; 661 } crypto_provider_info_t; 662 663 #define pi_interface_version piu.piu_v1.pi_interface_version 664 #define pi_provider_description piu.piu_v1.pi_provider_description 665 #define pi_provider_type piu.piu_v1.pi_provider_type 666 #define pi_provider_dev piu.piu_v1.pi_provider_dev 667 #define pi_provider_handle piu.piu_v1.pi_provider_handle 668 #define pi_ops_vector piu.piu_v1.pi_ops_vector 669 #define pi_mech_list_count piu.piu_v1.pi_mech_list_count 670 #define pi_mechanisms piu.piu_v1.pi_mechanisms 671 #define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count 672 #define pi_logical_providers piu.piu_v1.pi_logical_providers 673 #define pi_flags piu.piu_v2.pi_flags 674 675 /* hidden providers can only be accessed via a logical provider */ 676 #define CRYPTO_HIDE_PROVIDER 0x00000001 677 #define CRYPTO_PIFLAGS_UNAVAILABLE 0x80000000 678 679 /* 680 * Provider status passed by a provider to crypto_provider_notification(9F) 681 * and returned by the provider_stauts(9E) entry point. 682 */ 683 #define CRYPTO_PROVIDER_READY 0 684 #define CRYPTO_PROVIDER_BUSY 1 685 #define CRYPTO_PROVIDER_FAILED 2 686 687 /* 688 * Functions exported by Solaris to cryptographic providers. Providers 689 * call these functions to register and unregister, notify the kernel 690 * of state changes, and notify the kernel when a asynchronous request 691 * completed. 692 */ 693 extern int crypto_register_provider(crypto_provider_info_t *, 694 crypto_kcf_provider_handle_t *); 695 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 696 extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t); 697 extern void crypto_op_notification(crypto_req_handle_t, int); 698 extern int crypto_kmflag(crypto_req_handle_t); 699 700 #endif /* _KERNEL */ 701 702 #ifdef __cplusplus 703 } 704 #endif 705 706 #endif /* _SYS_CRYPTO_SPI_H */ 707