1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/errno.h> 29 #include <sys/types.h> 30 #include <sys/kmem.h> 31 #include <sys/cmn_err.h> 32 #include <sys/sysmacros.h> 33 #include <sys/crypto/common.h> 34 #include <sys/crypto/impl.h> 35 #include <sys/crypto/api.h> 36 #include <sys/crypto/spi.h> 37 #include <sys/crypto/sched_impl.h> 38 39 #define CRYPTO_OPS_OFFSET(f) offsetof(crypto_ops_t, co_##f) 40 #define CRYPTO_DIGEST_OFFSET(f) offsetof(crypto_digest_ops_t, f) 41 42 /* 43 * Message digest routines 44 */ 45 46 /* 47 * The following are the possible returned values common to all the routines 48 * below. The applicability of some of these return values depends on the 49 * presence of the arguments. 50 * 51 * CRYPTO_SUCCESS: The operation completed successfully. 52 * CRYPTO_QUEUED: A request was submitted successfully. The callback 53 * routine will be called when the operation is done. 54 * CRYPTO_MECHANISM_INVALID or CRYPTO_INVALID_MECH_PARAM 55 * for problems with the 'mech'. 56 * CRYPTO_INVALID_DATA for bogus 'data' 57 * CRYPTO_HOST_MEMORY for failure to allocate memory to handle this work. 58 * CRYPTO_INVALID_CONTEXT: Not a valid context. 59 * CRYPTO_BUSY: Cannot process the request now. Schedule a 60 * crypto_bufcall(), or try later. 61 * CRYPTO_NOT_SUPPORTED and CRYPTO_MECH_NOT_SUPPORTED: 62 * No provider is capable of a function or a mechanism. 63 */ 64 65 66 /* 67 * crypto_digest_prov() 68 * 69 * Arguments: 70 * pd: pointer to the descriptor of the provider to use for this 71 * operation. 72 * sid: provider session id. 73 * mech: crypto_mechanism_t pointer. 74 * mech_type is a valid value previously returned by 75 * crypto_mech2id(); 76 * When the mech's parameter is not NULL, its definition depends 77 * on the standard definition of the mechanism. 78 * data: The message to be digested. 79 * digest: Storage for the digest. The length needed depends on the 80 * mechanism. 81 * cr: crypto_call_req_t calling conditions and call back info. 82 * 83 * Description: 84 * Asynchronously submits a request for, or synchronously performs the 85 * digesting operation of 'data' on the specified 86 * provider with the specified session. 87 * When complete and successful, 'digest' will contain the digest value. 88 * The caller should hold a reference on the specified provider 89 * descriptor before calling this function. 90 * 91 * Context: 92 * Process or interrupt, according to the semantics dictated by the 'cr'. 93 * 94 * Returns: 95 * See comment in the beginning of the file. 96 */ 97 int 98 crypto_digest_prov(crypto_provider_t provider, crypto_session_id_t sid, 99 crypto_mechanism_t *mech, crypto_data_t *data, crypto_data_t *digest, 100 crypto_call_req_t *crq) 101 { 102 kcf_req_params_t params; 103 kcf_provider_desc_t *pd = provider; 104 kcf_provider_desc_t *real_provider = pd; 105 int rv; 106 107 ASSERT(KCF_PROV_REFHELD(pd)); 108 109 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 110 rv = kcf_get_hardware_provider(mech->cm_type, 111 CRYPTO_MECH_INVALID, CHECK_RESTRICT(crq), 112 pd, &real_provider, CRYPTO_FG_DIGEST_ATOMIC); 113 114 if (rv != CRYPTO_SUCCESS) 115 return (rv); 116 } 117 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_ATOMIC, sid, mech, NULL, 118 data, digest); 119 120 /* no crypto context to carry between multiple parts. */ 121 rv = kcf_submit_request(real_provider, NULL, crq, ¶ms, B_FALSE); 122 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 123 KCF_PROV_REFRELE(real_provider); 124 125 return (rv); 126 } 127 128 /* 129 * Same as crypto_digest_prov(), but relies on the KCF scheduler to 130 * choose a provider. See crypto_digest_prov() comments for more information. 131 */ 132 int 133 crypto_digest(crypto_mechanism_t *mech, crypto_data_t *data, 134 crypto_data_t *digest, crypto_call_req_t *crq) 135 { 136 int error; 137 kcf_provider_desc_t *pd; 138 kcf_req_params_t params; 139 kcf_prov_tried_t *list = NULL; 140 141 retry: 142 /* The pd is returned held */ 143 if ((pd = kcf_get_mech_provider(mech->cm_type, NULL, &error, list, 144 CRYPTO_FG_DIGEST_ATOMIC, CHECK_RESTRICT(crq), 145 data->cd_length)) == NULL) { 146 if (list != NULL) 147 kcf_free_triedlist(list); 148 return (error); 149 } 150 151 /* The fast path for SW providers. */ 152 if (CHECK_FASTPATH(crq, pd)) { 153 crypto_mechanism_t lmech; 154 155 lmech = *mech; 156 KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech); 157 error = KCF_PROV_DIGEST_ATOMIC(pd, pd->pd_sid, &lmech, data, 158 digest, KCF_SWFP_RHNDL(crq)); 159 KCF_PROV_INCRSTATS(pd, error); 160 } else { 161 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_ATOMIC, pd->pd_sid, 162 mech, NULL, data, digest); 163 164 /* no crypto context to carry between multiple parts. */ 165 error = kcf_submit_request(pd, NULL, crq, ¶ms, B_FALSE); 166 } 167 168 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED && 169 IS_RECOVERABLE(error)) { 170 /* Add pd to the linked list of providers tried. */ 171 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL) 172 goto retry; 173 } 174 175 if (list != NULL) 176 kcf_free_triedlist(list); 177 178 KCF_PROV_REFRELE(pd); 179 return (error); 180 } 181 182 /* 183 * crypto_digest_init_prov() 184 * 185 * pd: pointer to the descriptor of the provider to use for this 186 * operation. 187 * sid: provider session id. 188 * mech: crypto_mechanism_t pointer. 189 * mech_type is a valid value previously returned by 190 * crypto_mech2id(); 191 * When the mech's parameter is not NULL, its definition depends 192 * on the standard definition of the mechanism. 193 * ctxp: Pointer to a crypto_context_t. 194 * cr: crypto_call_req_t calling conditions and call back info. 195 * 196 * Description: 197 * Asynchronously submits a request for, or synchronously performs the 198 * initialization of a message digest operation on the specified 199 * provider with the specified session. 200 * When complete and successful, 'ctxp' will contain a crypto_context_t 201 * valid for later calls to digest_update() and digest_final(). 202 * The caller should hold a reference on the specified provider 203 * descriptor before calling this function. 204 */ 205 int 206 crypto_digest_init_prov(crypto_provider_t provider, crypto_session_id_t sid, 207 crypto_mechanism_t *mech, crypto_context_t *ctxp, crypto_call_req_t *crq) 208 { 209 int error; 210 crypto_ctx_t *ctx; 211 kcf_req_params_t params; 212 kcf_provider_desc_t *pd = provider; 213 kcf_provider_desc_t *real_provider = pd; 214 215 ASSERT(KCF_PROV_REFHELD(pd)); 216 217 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 218 error = kcf_get_hardware_provider(mech->cm_type, 219 CRYPTO_MECH_INVALID, CHECK_RESTRICT(crq), pd, 220 &real_provider, CRYPTO_FG_DIGEST); 221 222 if (error != CRYPTO_SUCCESS) 223 return (error); 224 } 225 226 /* Allocate and initialize the canonical context */ 227 if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) { 228 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 229 KCF_PROV_REFRELE(real_provider); 230 return (CRYPTO_HOST_MEMORY); 231 } 232 233 /* The fast path for SW providers. */ 234 if (CHECK_FASTPATH(crq, pd)) { 235 crypto_mechanism_t lmech; 236 237 lmech = *mech; 238 KCF_SET_PROVIDER_MECHNUM(mech->cm_type, real_provider, &lmech); 239 error = KCF_PROV_DIGEST_INIT(real_provider, ctx, &lmech, 240 KCF_SWFP_RHNDL(crq)); 241 KCF_PROV_INCRSTATS(pd, error); 242 } else { 243 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_INIT, sid, 244 mech, NULL, NULL, NULL); 245 error = kcf_submit_request(real_provider, ctx, crq, ¶ms, 246 B_FALSE); 247 } 248 249 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 250 KCF_PROV_REFRELE(real_provider); 251 252 if ((error == CRYPTO_SUCCESS) || (error == CRYPTO_QUEUED)) 253 *ctxp = (crypto_context_t)ctx; 254 else { 255 /* Release the hold done in kcf_new_ctx(). */ 256 KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private); 257 } 258 259 return (error); 260 } 261 262 263 /* 264 * Same as crypto_digest_init_prov(), but relies on the KCF scheduler 265 * to choose a provider. See crypto_digest_init_prov() comments for 266 * more information. 267 */ 268 int 269 crypto_digest_init(crypto_mechanism_t *mech, crypto_context_t *ctxp, 270 crypto_call_req_t *crq) 271 { 272 int error; 273 kcf_provider_desc_t *pd; 274 kcf_prov_tried_t *list = NULL; 275 276 retry: 277 /* The pd is returned held */ 278 if ((pd = kcf_get_mech_provider(mech->cm_type, NULL, &error, 279 list, CRYPTO_FG_DIGEST, CHECK_RESTRICT(crq), 0)) == NULL) { 280 if (list != NULL) 281 kcf_free_triedlist(list); 282 return (error); 283 } 284 285 error = crypto_digest_init_prov(pd, pd->pd_sid, mech, ctxp, crq); 286 287 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED && 288 IS_RECOVERABLE(error)) { 289 /* Add pd to the linked list of providers tried. */ 290 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL) 291 goto retry; 292 } 293 294 if (list != NULL) 295 kcf_free_triedlist(list); 296 KCF_PROV_REFRELE(pd); 297 return (error); 298 } 299 300 /* 301 * crypto_digest_update() 302 * 303 * Arguments: 304 * context: A crypto_context_t initialized by digest_init(). 305 * data: The part of message to be digested. 306 * cr: crypto_call_req_t calling conditions and call back info. 307 * 308 * Description: 309 * Asynchronously submits a request for, or synchronously performs a 310 * part of a message digest operation. 311 * 312 * Context: 313 * Process or interrupt, according to the semantics dictated by the 'cr'. 314 * 315 * Returns: 316 * See comment in the beginning of the file. 317 */ 318 int 319 crypto_digest_update(crypto_context_t context, crypto_data_t *data, 320 crypto_call_req_t *cr) 321 { 322 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 323 kcf_context_t *kcf_ctx; 324 kcf_provider_desc_t *pd; 325 int error; 326 kcf_req_params_t params; 327 328 if ((ctx == NULL) || 329 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 330 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 331 return (CRYPTO_INVALID_CONTEXT); 332 } 333 334 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 335 KCF_PROV_REFHOLD(pd); 336 337 /* The fast path for SW providers. */ 338 if (CHECK_FASTPATH(cr, pd)) { 339 error = KCF_PROV_DIGEST_UPDATE(pd, ctx, data, NULL); 340 KCF_PROV_INCRSTATS(pd, error); 341 } else { 342 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_UPDATE, 343 ctx->cc_session, NULL, NULL, data, NULL); 344 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 345 } 346 347 KCF_PROV_REFRELE(pd); 348 return (error); 349 } 350 351 /* 352 * crypto_digest_final() 353 * 354 * Arguments: 355 * context: A crypto_context_t initialized by digest_init(). 356 * digest: The storage for the digest. 357 * cr: crypto_call_req_t calling conditions and call back info. 358 * 359 * Description: 360 * Asynchronously submits a request for, or synchronously performs the 361 * final part of a message digest operation. 362 * 363 * Context: 364 * Process or interrupt, according to the semantics dictated by the 'cr'. 365 * 366 * Returns: 367 * See comment in the beginning of the file. 368 */ 369 int 370 crypto_digest_final(crypto_context_t context, crypto_data_t *digest, 371 crypto_call_req_t *cr) 372 { 373 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 374 kcf_context_t *kcf_ctx; 375 kcf_provider_desc_t *pd; 376 int error; 377 kcf_req_params_t params; 378 379 if ((ctx == NULL) || 380 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 381 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 382 return (CRYPTO_INVALID_CONTEXT); 383 } 384 385 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 386 KCF_PROV_REFHOLD(pd); 387 388 /* The fast path for SW providers. */ 389 if (CHECK_FASTPATH(cr, pd)) { 390 error = KCF_PROV_DIGEST_FINAL(pd, ctx, digest, NULL); 391 KCF_PROV_INCRSTATS(pd, error); 392 } else { 393 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_FINAL, 394 ctx->cc_session, NULL, NULL, NULL, digest); 395 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 396 } 397 398 KCF_PROV_REFRELE(pd); 399 /* Release the hold done in kcf_new_ctx() during init step. */ 400 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx); 401 return (error); 402 } 403 404 /* 405 * Performs a digest update on the specified key. Note that there is 406 * no k-API crypto_digest_key() equivalent of this function. 407 */ 408 int 409 crypto_digest_key_prov(crypto_context_t context, crypto_key_t *key, 410 crypto_call_req_t *cr) 411 { 412 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 413 kcf_context_t *kcf_ctx; 414 kcf_provider_desc_t *pd; 415 int error; 416 kcf_req_params_t params; 417 418 if ((ctx == NULL) || 419 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 420 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 421 return (CRYPTO_INVALID_CONTEXT); 422 } 423 424 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 425 KCF_PROV_REFHOLD(pd); 426 427 /* The fast path for SW providers. */ 428 if (CHECK_FASTPATH(cr, pd)) { 429 error = KCF_PROV_DIGEST_KEY(pd, ctx, key, NULL); 430 KCF_PROV_INCRSTATS(pd, error); 431 } else { 432 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_DIGEST_KEY, 433 ctx->cc_session, NULL, key, NULL, NULL); 434 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 435 } 436 KCF_PROV_REFRELE(pd); 437 438 return (error); 439 } 440 441 /* 442 * See comments for crypto_digest_update() and crypto_digest_final(). 443 */ 444 int 445 crypto_digest_single(crypto_context_t context, crypto_data_t *data, 446 crypto_data_t *digest, crypto_call_req_t *cr) 447 { 448 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 449 kcf_context_t *kcf_ctx; 450 kcf_provider_desc_t *pd; 451 int error; 452 kcf_req_params_t params; 453 454 if ((ctx == NULL) || 455 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 456 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 457 return (CRYPTO_INVALID_CONTEXT); 458 } 459 460 KCF_PROV_REFHOLD(pd); 461 462 /* The fast path for SW providers. */ 463 if (CHECK_FASTPATH(cr, pd)) { 464 error = KCF_PROV_DIGEST(pd, ctx, data, digest, NULL); 465 KCF_PROV_INCRSTATS(pd, error); 466 } else { 467 KCF_WRAP_DIGEST_OPS_PARAMS(¶ms, KCF_OP_SINGLE, pd->pd_sid, 468 NULL, NULL, data, digest); 469 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 470 } 471 472 KCF_PROV_REFRELE(pd); 473 /* Release the hold done in kcf_new_ctx() during init step. */ 474 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx); 475 return (error); 476 } 477