xref: /titanic_41/usr/src/uts/common/sys/crypto/common.h (revision 2449e17f82f6097fd2c665b64723e31ceecbeca6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _SYS_CRYPTO_COMMON_H
27 #define	_SYS_CRYPTO_COMMON_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 /*
32  * Header file for the common data structures of the cryptographic framework
33  */
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #include <sys/types.h>
40 #include <sys/uio.h>
41 #include <sys/stream.h>
42 #include <sys/mutex.h>
43 #include <sys/condvar.h>
44 
45 
46 /* Cryptographic Mechanisms */
47 
48 #define	CRYPTO_MAX_MECH_NAME 32
49 typedef char crypto_mech_name_t[CRYPTO_MAX_MECH_NAME];
50 
51 typedef uint64_t crypto_mech_type_t;
52 
53 typedef struct crypto_mechanism {
54 	crypto_mech_type_t	cm_type;	/* mechanism type */
55 	caddr_t			cm_param;	/* mech. parameter */
56 	size_t			cm_param_len;	/* mech. parameter len */
57 } crypto_mechanism_t;
58 
59 #ifdef  _SYSCALL32
60 
61 typedef struct crypto_mechanism32 {
62 	crypto_mech_type_t	cm_type;	/* mechanism type */
63 	caddr32_t		cm_param;	/* mech. parameter */
64 	size32_t		cm_param_len;   /* mech. parameter len */
65 } crypto_mechanism32_t;
66 
67 #endif  /* _SYSCALL32 */
68 
69 /*
70  * The measurement unit bit flag for a mechanism's minimum or maximum key size.
71  * The unit are mechanism dependant.  It can be in bits or in bytes.
72  */
73 typedef uint32_t crypto_keysize_unit_t;
74 
75 /*
76  * The following bit flags are valid in cm_mech_flags field in
77  * the crypto_mech_info_t structure of the SPI.
78  *
79  * Only the first two bit flags are valid in mi_keysize_unit
80  * field in the crypto_mechanism_info_t structure of the API.
81  */
82 #define	CRYPTO_KEYSIZE_UNIT_IN_BITS	0x00000001
83 #define	CRYPTO_KEYSIZE_UNIT_IN_BYTES	0x00000002
84 #define	CRYPTO_CAN_SHARE_OPSTATE	0x00000004 /* supports sharing */
85 
86 
87 /* Mechanisms supported out-of-the-box */
88 #define	SUN_CKM_MD4			"CKM_MD4"
89 #define	SUN_CKM_MD5			"CKM_MD5"
90 #define	SUN_CKM_MD5_HMAC		"CKM_MD5_HMAC"
91 #define	SUN_CKM_MD5_HMAC_GENERAL	"CKM_MD5_HMAC_GENERAL"
92 #define	SUN_CKM_SHA1			"CKM_SHA_1"
93 #define	SUN_CKM_SHA1_HMAC		"CKM_SHA_1_HMAC"
94 #define	SUN_CKM_SHA1_HMAC_GENERAL	"CKM_SHA_1_HMAC_GENERAL"
95 #define	SUN_CKM_SHA256			"CKM_SHA256"
96 #define	SUN_CKM_SHA256_HMAC		"CKM_SHA256_HMAC"
97 #define	SUN_CKM_SHA256_HMAC_GENERAL	"CKM_SHA256_HMAC_GENERAL"
98 #define	SUN_CKM_SHA384			"CKM_SHA384"
99 #define	SUN_CKM_SHA384_HMAC		"CKM_SHA384_HMAC"
100 #define	SUN_CKM_SHA384_HMAC_GENERAL	"CKM_SHA384_HMAC_GENERAL"
101 #define	SUN_CKM_SHA512			"CKM_SHA512"
102 #define	SUN_CKM_SHA512_HMAC		"CKM_SHA512_HMAC"
103 #define	SUN_CKM_SHA512_HMAC_GENERAL	"CKM_SHA512_HMAC_GENERAL"
104 #define	SUN_CKM_DES_CBC			"CKM_DES_CBC"
105 #define	SUN_CKM_DES3_CBC		"CKM_DES3_CBC"
106 #define	SUN_CKM_DES_ECB			"CKM_DES_ECB"
107 #define	SUN_CKM_DES3_ECB		"CKM_DES3_ECB"
108 #define	SUN_CKM_BLOWFISH_CBC		"CKM_BLOWFISH_CBC"
109 #define	SUN_CKM_BLOWFISH_ECB		"CKM_BLOWFISH_ECB"
110 #define	SUN_CKM_AES_CBC			"CKM_AES_CBC"
111 #define	SUN_CKM_AES_ECB			"CKM_AES_ECB"
112 #define	SUN_CKM_AES_CTR			"CKM_AES_CTR"
113 #define	SUN_CKM_AES_CCM			"CKM_AES_CCM"
114 #define	SUN_CKM_RC4			"CKM_RC4"
115 #define	SUN_CKM_RSA_PKCS		"CKM_RSA_PKCS"
116 #define	SUN_CKM_RSA_X_509		"CKM_RSA_X_509"
117 #define	SUN_CKM_MD5_RSA_PKCS		"CKM_MD5_RSA_PKCS"
118 #define	SUN_CKM_SHA1_RSA_PKCS		"CKM_SHA1_RSA_PKCS"
119 #define	SUN_CKM_SHA256_RSA_PKCS		"CKM_SHA256_RSA_PKCS"
120 #define	SUN_CKM_SHA384_RSA_PKCS		"CKM_SHA384_RSA_PKCS"
121 #define	SUN_CKM_SHA512_RSA_PKCS		"CKM_SHA512_RSA_PKCS"
122 
123 /* Shared operation context format for CKM_RC4 */
124 typedef struct {
125 	uchar_t arr[256];
126 	uchar_t i, j;
127 	uint64_t pad;		/* For 64-bit alignment */
128 } arcfour_state_t;
129 
130 
131 /* Data arguments of cryptographic operations */
132 
133 typedef enum crypto_data_format {
134 	CRYPTO_DATA_RAW = 1,
135 	CRYPTO_DATA_UIO,
136 	CRYPTO_DATA_MBLK
137 } crypto_data_format_t;
138 
139 typedef struct crypto_data {
140 	crypto_data_format_t	cd_format;	/* Format identifier	*/
141 	off_t			cd_offset;	/* Offset from the beginning */
142 	size_t			cd_length;	/* # of bytes in use */
143 	caddr_t			cd_miscdata;	/* ancillary data */
144 	union {
145 		/* Raw format */
146 		iovec_t cdu_raw;		/* Pointer and length	    */
147 
148 		/* uio scatter-gather format */
149 		uio_t	*cdu_uio;
150 
151 		/* mblk scatter-gather format */
152 		mblk_t	*cdu_mp;		/* The mblk chain */
153 
154 	} cdu;	/* Crypto Data Union */
155 } crypto_data_t;
156 
157 #define	cd_raw		cdu.cdu_raw
158 #define	cd_uio		cdu.cdu_uio
159 #define	cd_mp		cdu.cdu_mp
160 
161 typedef struct crypto_dual_data {
162 	crypto_data_t		dd_data;	/* The data */
163 	off_t			dd_offset2;	/* Used by dual operation */
164 	size_t			dd_len2;	/* # of bytes to take	*/
165 } crypto_dual_data_t;
166 
167 #define	dd_format	dd_data.cd_format
168 #define	dd_offset1	dd_data.cd_offset
169 #define	dd_len1		dd_data.cd_length
170 #define	dd_miscdata	dd_data.cd_miscdata
171 #define	dd_raw		dd_data.cd_raw
172 #define	dd_uio		dd_data.cd_uio
173 #define	dd_mp		dd_data.cd_mp
174 
175 /* The keys, and their contents */
176 
177 typedef enum {
178 	CRYPTO_KEY_RAW = 1,	/* ck_data is a cleartext key */
179 	CRYPTO_KEY_REFERENCE,	/* ck_obj_id is an opaque reference */
180 	CRYPTO_KEY_ATTR_LIST	/* ck_attrs is a list of object attributes */
181 } crypto_key_format_t;
182 
183 typedef uint64_t crypto_attr_type_t;
184 
185 /* Attribute types to use for passing a RSA public key or a private key. */
186 #define	SUN_CKA_MODULUS			0x00000120
187 #define	SUN_CKA_MODULUS_BITS		0x00000121
188 #define	SUN_CKA_PUBLIC_EXPONENT		0x00000122
189 #define	SUN_CKA_PRIVATE_EXPONENT	0x00000123
190 #define	SUN_CKA_PRIME_1			0x00000124
191 #define	SUN_CKA_PRIME_2			0x00000125
192 #define	SUN_CKA_EXPONENT_1		0x00000126
193 #define	SUN_CKA_EXPONENT_2		0x00000127
194 #define	SUN_CKA_COEFFICIENT		0x00000128
195 #define	SUN_CKA_PRIME			0x00000130
196 #define	SUN_CKA_SUBPRIME		0x00000131
197 #define	SUN_CKA_BASE			0x00000132
198 
199 typedef uint32_t	crypto_object_id_t;
200 
201 typedef struct crypto_object_attribute {
202 	crypto_attr_type_t	oa_type;	/* attribute type */
203 	caddr_t			oa_value;	/* attribute value */
204 	ssize_t			oa_value_len;	/* length of attribute value */
205 } crypto_object_attribute_t;
206 
207 typedef struct crypto_key {
208 	crypto_key_format_t	ck_format;	/* format identifier */
209 	union {
210 		/* for CRYPTO_KEY_RAW ck_format */
211 		struct {
212 			uint_t	cku_v_length;	/* # of bits in ck_data   */
213 			void	*cku_v_data;	/* ptr to key value */
214 		} cku_key_value;
215 
216 		/* for CRYPTO_KEY_REFERENCE ck_format */
217 		crypto_object_id_t cku_key_id;	/* reference to object key */
218 
219 		/* for CRYPTO_KEY_ATTR_LIST ck_format */
220 		struct {
221 			uint_t cku_a_count;	/* number of attributes */
222 			crypto_object_attribute_t *cku_a_oattr;
223 		} cku_key_attrs;
224 	} cku_data;				/* Crypto Key union */
225 } crypto_key_t;
226 
227 #ifdef  _SYSCALL32
228 
229 typedef struct crypto_object_attribute32 {
230 	uint64_t	oa_type;	/* attribute type */
231 	caddr32_t	oa_value;	/* attribute value */
232 	ssize32_t	oa_value_len;	/* length of attribute value */
233 } crypto_object_attribute32_t;
234 
235 typedef struct crypto_key32 {
236 	crypto_key_format_t	ck_format;	/* format identifier */
237 	union {
238 		/* for CRYPTO_KEY_RAW ck_format */
239 		struct {
240 			uint32_t cku_v_length;	/* # of bytes in ck_data */
241 			caddr32_t cku_v_data;	/* ptr to key value */
242 		} cku_key_value;
243 
244 		/* for CRYPTO_KEY_REFERENCE ck_format */
245 		crypto_object_id_t cku_key_id; /* reference to object key */
246 
247 		/* for CRYPTO_KEY_ATTR_LIST ck_format */
248 		struct {
249 			uint32_t cku_a_count;	/* number of attributes */
250 			caddr32_t cku_a_oattr;
251 		} cku_key_attrs;
252 	} cku_data;				/* Crypto Key union */
253 } crypto_key32_t;
254 
255 #endif  /* _SYSCALL32 */
256 
257 #define	ck_data		cku_data.cku_key_value.cku_v_data
258 #define	ck_length	cku_data.cku_key_value.cku_v_length
259 #define	ck_obj_id	cku_data.cku_key_id
260 #define	ck_count	cku_data.cku_key_attrs.cku_a_count
261 #define	ck_attrs	cku_data.cku_key_attrs.cku_a_oattr
262 
263 /*
264  * Raw key lengths are expressed in number of bits.
265  * The following macro returns the minimum number of
266  * bytes that can contain the specified number of bits.
267  */
268 #define	CRYPTO_BITS2BYTES(n) (((n) + 7) >> 3)
269 
270 /* Providers */
271 
272 typedef enum {
273 	CRYPTO_HW_PROVIDER = 0,
274 	CRYPTO_SW_PROVIDER,
275 	CRYPTO_LOGICAL_PROVIDER
276 } crypto_provider_type_t;
277 
278 typedef uint32_t 	crypto_provider_id_t;
279 #define	KCF_PROVID_INVALID	((uint32_t)-1)
280 
281 typedef struct crypto_provider_entry {
282 	crypto_provider_id_t	pe_provider_id;
283 	uint_t			pe_mechanism_count;
284 } crypto_provider_entry_t;
285 
286 typedef struct crypto_dev_list_entry {
287 	char			le_dev_name[MAXNAMELEN];
288 	uint_t			le_dev_instance;
289 	uint_t			le_mechanism_count;
290 } crypto_dev_list_entry_t;
291 
292 /* User type for authentication ioctls and SPI entry points */
293 
294 typedef enum crypto_user_type {
295 	CRYPTO_SO = 0,
296 	CRYPTO_USER
297 } crypto_user_type_t;
298 
299 /* Version for provider management ioctls and SPI entry points */
300 
301 typedef struct crypto_version {
302 	uchar_t	cv_major;
303 	uchar_t	cv_minor;
304 } crypto_version_t;
305 
306 /* session data structure opaque to the consumer */
307 typedef void *crypto_session_t;
308 
309 /* provider data structure opaque to the consumer */
310 typedef void *crypto_provider_t;
311 
312 /* Limits used by both consumers and providers */
313 #define	CRYPTO_EXT_SIZE_LABEL		32
314 #define	CRYPTO_EXT_SIZE_MANUF		32
315 #define	CRYPTO_EXT_SIZE_MODEL		16
316 #define	CRYPTO_EXT_SIZE_SERIAL		16
317 #define	CRYPTO_EXT_SIZE_TIME		16
318 
319 typedef struct crypto_provider_ext_info {
320 	uchar_t			ei_label[CRYPTO_EXT_SIZE_LABEL];
321 	uchar_t			ei_manufacturerID[CRYPTO_EXT_SIZE_MANUF];
322 	uchar_t			ei_model[CRYPTO_EXT_SIZE_MODEL];
323 	uchar_t			ei_serial_number[CRYPTO_EXT_SIZE_SERIAL];
324 	ulong_t			ei_flags;
325 	ulong_t			ei_max_session_count;
326 	ulong_t			ei_max_pin_len;
327 	ulong_t			ei_min_pin_len;
328 	ulong_t			ei_total_public_memory;
329 	ulong_t			ei_free_public_memory;
330 	ulong_t			ei_total_private_memory;
331 	ulong_t			ei_free_private_memory;
332 	crypto_version_t	ei_hardware_version;
333 	crypto_version_t	ei_firmware_version;
334 	uchar_t			ei_time[CRYPTO_EXT_SIZE_TIME];
335 } crypto_provider_ext_info_t;
336 
337 typedef uint_t		crypto_session_id_t;
338 
339 /*
340  * Common cryptographic status and error codes.
341  */
342 #define	CRYPTO_SUCCESS				0x00000000
343 #define	CRYPTO_CANCEL				0x00000001
344 #define	CRYPTO_HOST_MEMORY			0x00000002
345 #define	CRYPTO_GENERAL_ERROR			0x00000003
346 #define	CRYPTO_FAILED				0x00000004
347 #define	CRYPTO_ARGUMENTS_BAD			0x00000005
348 #define	CRYPTO_ATTRIBUTE_READ_ONLY		0x00000006
349 #define	CRYPTO_ATTRIBUTE_SENSITIVE		0x00000007
350 #define	CRYPTO_ATTRIBUTE_TYPE_INVALID		0x00000008
351 #define	CRYPTO_ATTRIBUTE_VALUE_INVALID		0x00000009
352 #define	CRYPTO_CANCELED				0x0000000A
353 #define	CRYPTO_DATA_INVALID			0x0000000B
354 #define	CRYPTO_DATA_LEN_RANGE			0x0000000C
355 #define	CRYPTO_DEVICE_ERROR			0x0000000D
356 #define	CRYPTO_DEVICE_MEMORY			0x0000000E
357 #define	CRYPTO_DEVICE_REMOVED			0x0000000F
358 #define	CRYPTO_ENCRYPTED_DATA_INVALID		0x00000010
359 #define	CRYPTO_ENCRYPTED_DATA_LEN_RANGE		0x00000011
360 #define	CRYPTO_KEY_HANDLE_INVALID		0x00000012
361 #define	CRYPTO_KEY_SIZE_RANGE			0x00000013
362 #define	CRYPTO_KEY_TYPE_INCONSISTENT		0x00000014
363 #define	CRYPTO_KEY_NOT_NEEDED			0x00000015
364 #define	CRYPTO_KEY_CHANGED			0x00000016
365 #define	CRYPTO_KEY_NEEDED			0x00000017
366 #define	CRYPTO_KEY_INDIGESTIBLE			0x00000018
367 #define	CRYPTO_KEY_FUNCTION_NOT_PERMITTED	0x00000019
368 #define	CRYPTO_KEY_NOT_WRAPPABLE		0x0000001A
369 #define	CRYPTO_KEY_UNEXTRACTABLE		0x0000001B
370 #define	CRYPTO_MECHANISM_INVALID		0x0000001C
371 #define	CRYPTO_MECHANISM_PARAM_INVALID		0x0000001D
372 #define	CRYPTO_OBJECT_HANDLE_INVALID		0x0000001E
373 #define	CRYPTO_OPERATION_IS_ACTIVE		0x0000001F
374 #define	CRYPTO_OPERATION_NOT_INITIALIZED	0x00000020
375 #define	CRYPTO_PIN_INCORRECT			0x00000021
376 #define	CRYPTO_PIN_INVALID			0x00000022
377 #define	CRYPTO_PIN_LEN_RANGE			0x00000023
378 #define	CRYPTO_PIN_EXPIRED			0x00000024
379 #define	CRYPTO_PIN_LOCKED			0x00000025
380 #define	CRYPTO_SESSION_CLOSED			0x00000026
381 #define	CRYPTO_SESSION_COUNT			0x00000027
382 #define	CRYPTO_SESSION_HANDLE_INVALID		0x00000028
383 #define	CRYPTO_SESSION_READ_ONLY		0x00000029
384 #define	CRYPTO_SESSION_EXISTS			0x0000002A
385 #define	CRYPTO_SESSION_READ_ONLY_EXISTS		0x0000002B
386 #define	CRYPTO_SESSION_READ_WRITE_SO_EXISTS	0x0000002C
387 #define	CRYPTO_SIGNATURE_INVALID		0x0000002D
388 #define	CRYPTO_SIGNATURE_LEN_RANGE		0x0000002E
389 #define	CRYPTO_TEMPLATE_INCOMPLETE		0x0000002F
390 #define	CRYPTO_TEMPLATE_INCONSISTENT		0x00000030
391 #define	CRYPTO_UNWRAPPING_KEY_HANDLE_INVALID	0x00000031
392 #define	CRYPTO_UNWRAPPING_KEY_SIZE_RANGE	0x00000032
393 #define	CRYPTO_UNWRAPPING_KEY_TYPE_INCONSISTENT	0x00000033
394 #define	CRYPTO_USER_ALREADY_LOGGED_IN		0x00000034
395 #define	CRYPTO_USER_NOT_LOGGED_IN		0x00000035
396 #define	CRYPTO_USER_PIN_NOT_INITIALIZED		0x00000036
397 #define	CRYPTO_USER_TYPE_INVALID		0x00000037
398 #define	CRYPTO_USER_ANOTHER_ALREADY_LOGGED_IN	0x00000038
399 #define	CRYPTO_USER_TOO_MANY_TYPES		0x00000039
400 #define	CRYPTO_WRAPPED_KEY_INVALID		0x0000003A
401 #define	CRYPTO_WRAPPED_KEY_LEN_RANGE		0x0000003B
402 #define	CRYPTO_WRAPPING_KEY_HANDLE_INVALID	0x0000003C
403 #define	CRYPTO_WRAPPING_KEY_SIZE_RANGE		0x0000003D
404 #define	CRYPTO_WRAPPING_KEY_TYPE_INCONSISTENT	0x0000003E
405 #define	CRYPTO_RANDOM_SEED_NOT_SUPPORTED	0x0000003F
406 #define	CRYPTO_RANDOM_NO_RNG			0x00000040
407 #define	CRYPTO_DOMAIN_PARAMS_INVALID		0x00000041
408 #define	CRYPTO_BUFFER_TOO_SMALL			0x00000042
409 #define	CRYPTO_INFORMATION_SENSITIVE		0x00000043
410 #define	CRYPTO_NOT_SUPPORTED			0x00000044
411 
412 #define	CRYPTO_QUEUED				0x00000045
413 #define	CRYPTO_BUFFER_TOO_BIG			0x00000046
414 #define	CRYPTO_INVALID_CONTEXT			0x00000047
415 #define	CRYPTO_INVALID_MAC			0x00000048
416 #define	CRYPTO_MECH_NOT_SUPPORTED		0x00000049
417 #define	CRYPTO_INCONSISTENT_ATTRIBUTE		0x0000004A
418 #define	CRYPTO_NO_PERMISSION			0x0000004B
419 #define	CRYPTO_INVALID_PROVIDER_ID		0x0000004C
420 #define	CRYPTO_VERSION_MISMATCH			0x0000004D
421 #define	CRYPTO_BUSY				0x0000004E
422 #define	CRYPTO_UNKNOWN_PROVIDER			0x0000004F
423 #define	CRYPTO_MODVERIFICATION_FAILED		0x00000050
424 #define	CRYPTO_OLD_CTX_TEMPLATE			0x00000051
425 #define	CRYPTO_WEAK_KEY				0x00000052
426 
427 /*
428  * Special values that can be used to indicate that information is unavailable
429  * or that there is not practical limit. These values can be used
430  * by fields of the SPI crypto_provider_ext_info(9S) structure.
431  * The value of CRYPTO_UNAVAILABLE_INFO should be the same as
432  * CK_UNAVAILABLE_INFO in the PKCS#11 spec.
433  */
434 #define	CRYPTO_UNAVAILABLE_INFO		((ulong_t)(-1))
435 #define	CRYPTO_EFFECTIVELY_INFINITE	0x0
436 
437 #ifdef __cplusplus
438 }
439 #endif
440 
441 #endif /* _SYS_CRYPTO_COMMON_H */
442