1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SYS_CRYPTO_IMPL_H 28 #define _SYS_CRYPTO_IMPL_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 /* 33 * Kernel Cryptographic Framework private implementation definitions. 34 */ 35 36 #include <sys/types.h> 37 #include <sys/param.h> 38 39 #ifdef _KERNEL 40 #include <sys/crypto/common.h> 41 #include <sys/crypto/api.h> 42 #include <sys/crypto/spi.h> 43 #include <sys/crypto/ioctl.h> 44 #include <sys/tnf_probe.h> 45 #include <sys/atomic.h> 46 #include <sys/project.h> 47 #include <sys/taskq.h> 48 #include <sys/rctl.h> 49 #endif /* _KERNEL */ 50 51 #ifdef __cplusplus 52 extern "C" { 53 #endif 54 55 #ifdef _KERNEL 56 57 #define KCF_MODULE "kcf" 58 59 /* 60 * Prefixes convention: structures internal to the kernel cryptographic 61 * framework start with 'kcf_'. Exposed structure start with 'crypto_'. 62 */ 63 64 /* Provider stats. Not protected. */ 65 typedef struct kcf_prov_stats { 66 kstat_named_t ps_ops_total; 67 kstat_named_t ps_ops_passed; 68 kstat_named_t ps_ops_failed; 69 kstat_named_t ps_ops_busy_rval; 70 } kcf_prov_stats_t; 71 72 /* Various kcf stats. Not protected. */ 73 typedef struct kcf_stats { 74 kstat_named_t ks_thrs_in_pool; 75 kstat_named_t ks_idle_thrs; 76 kstat_named_t ks_minthrs; 77 kstat_named_t ks_maxthrs; 78 kstat_named_t ks_swq_njobs; 79 kstat_named_t ks_swq_maxjobs; 80 kstat_named_t ks_taskq_minalloc; 81 kstat_named_t ks_taskq_maxalloc; 82 } kcf_stats_t; 83 84 /* 85 * Keep all the information needed by the scheduler from 86 * this provider. 87 */ 88 typedef struct kcf_sched_info { 89 /* The number of operations dispatched. */ 90 uint64_t ks_ndispatches; 91 92 /* The number of operations that failed. */ 93 uint64_t ks_nfails; 94 95 /* The number of operations that returned CRYPTO_BUSY. */ 96 uint64_t ks_nbusy_rval; 97 98 /* taskq used to dispatch crypto requests */ 99 taskq_t *ks_taskq; 100 } kcf_sched_info_t; 101 102 #define KCF_PROV_INCRSTATS(pd, error) { \ 103 (pd)->pd_sched_info.ks_ndispatches++; \ 104 if (error == CRYPTO_BUSY) \ 105 (pd)->pd_sched_info.ks_nbusy_rval++; \ 106 else if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) \ 107 (pd)->pd_sched_info.ks_nfails++; \ 108 } 109 110 111 /* 112 * The following two macros should be 113 * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2) 114 * #define KCF_MAXMECHTAB KCF_MAXCIPHER 115 * 116 * However, doing that would involve reorganizing the header file a bit. 117 * When impl.h is broken up (bug# 4703218), this will be done. For now, 118 * we hardcode these values. 119 */ 120 #define KCF_OPS_CLASSSIZE 8 121 #define KCF_MAXMECHTAB 32 122 123 /* 124 * Valid values for the state of a provider. The order of 125 * the elements is important. 126 * 127 * Routines which get a provider or the list of providers 128 * should pick only those that are either in KCF_PROV_READY state 129 * or in KCF_PROV_BUSY state. 130 */ 131 typedef enum { 132 KCF_PROV_ALLOCATED = 1, 133 KCF_PROV_UNVERIFIED, 134 /* 135 * state < KCF_PROV_READY means the provider can not 136 * be used at all. 137 */ 138 KCF_PROV_READY, 139 KCF_PROV_BUSY, 140 /* 141 * state > KCF_PROV_BUSY means the provider can not 142 * be used for new requests. 143 */ 144 KCF_PROV_FAILED, 145 /* 146 * Threads setting the following two states should do so only 147 * if the current state < KCF_PROV_DISABLED. 148 */ 149 KCF_PROV_DISABLED, 150 KCF_PROV_REMOVED, 151 KCF_PROV_FREED 152 } kcf_prov_state_t; 153 154 #define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED) 155 #define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \ 156 (pd)->pd_state == KCF_PROV_BUSY) 157 #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_REMOVED) 158 159 /* 160 * A provider descriptor structure. There is one such structure per 161 * provider. It is allocated and initialized at registration time and 162 * freed when the provider unregisters. 163 * 164 * pd_prov_type: Provider type, hardware or software 165 * pd_prov_handle: Provider handle specified by provider 166 * pd_kcf_prov_handle: KCF-private handle assigned by KCF 167 * pd_prov_id: Identification # assigned by KCF to provider 168 * pd_description: Provider description string 169 * pd_ops_vector: The ops vector specified by Provider 170 * pd_mech_list_count: The number of entries in pi_mechanisms, specified 171 * by the provider during registration 172 * pd_mechanisms: Mechanisms supported by the provider, specified 173 * by the provider during registration 174 * pd_map_mechnums: Lookup table which maps a core framework mechanism 175 * number to a number understood by this provider 176 * pd_ks_data: kstat data 177 * pd_kstat: kstat associated with the provider 178 * pd_sched_info: Scheduling information associated with the provider 179 * pd_refcnt: Reference counter to this provider descriptor 180 * pd_irefcnt: References held by the framework internal structs 181 * pd_name: Device name or module name 182 * pd_instance: Device instance 183 * pd_module_id: Module ID returned by modload 184 * pd_mctlp: Pointer to modctl structure for this provider 185 * pd_sid: Session ID of the provider used by kernel clients. 186 * This is valid only for session-oriented providers. 187 * pd_lock: lock protects pd_state and pd_real_provider_list 188 * pd_state: State value of the provider 189 * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY 190 * pd_remove_cv: cv to wait on while the provider queue drains 191 * pd_restricted: true if this is an export restricted provider 192 * pd_provider_list: Used to cross-reference logical providers and their 193 * members. Not used for software providers. 194 */ 195 typedef struct kcf_provider_desc { 196 crypto_provider_type_t pd_prov_type; 197 crypto_provider_handle_t pd_prov_handle; 198 crypto_kcf_provider_handle_t pd_kcf_prov_handle; 199 crypto_provider_id_t pd_prov_id; 200 char *pd_description; 201 crypto_ops_t *pd_ops_vector; 202 uint_t pd_mech_list_count; 203 crypto_mech_info_t *pd_mechanisms; 204 crypto_mech_type_t pd_map_mechnums[KCF_OPS_CLASSSIZE]\ 205 [KCF_MAXMECHTAB]; 206 kcf_stats_t *pd_stats; 207 kcf_prov_stats_t pd_ks_data; 208 kstat_t *pd_kstat; 209 kcf_sched_info_t pd_sched_info; 210 uint_t pd_refcnt; 211 uint_t pd_irefcnt; 212 char *pd_name; 213 uint_t pd_instance; 214 int pd_module_id; 215 struct modctl *pd_mctlp; 216 crypto_session_id_t pd_sid; 217 kmutex_t pd_lock; 218 kcf_prov_state_t pd_state; 219 kcondvar_t pd_resume_cv; 220 kcondvar_t pd_remove_cv; 221 boolean_t pd_restricted; 222 struct kcf_provider_list *pd_provider_list; 223 uint_t pd_flags; 224 } kcf_provider_desc_t; 225 226 /* useful for making a list of providers */ 227 typedef struct kcf_provider_list { 228 struct kcf_provider_list *pl_next; 229 struct kcf_provider_desc *pl_provider; 230 } kcf_provider_list_t; 231 232 /* 233 * If a component has a reference to a kcf_provider_desc_t, 234 * it REFHOLD()s. A new provider descriptor which is referenced only 235 * by the providers table has a reference counter of one. 236 */ 237 #define KCF_PROV_REFHOLD(desc) { \ 238 atomic_add_32(&(desc)->pd_refcnt, 1); \ 239 ASSERT((desc)->pd_refcnt != 0); \ 240 } 241 242 #define KCF_PROV_IREFHOLD(desc) { \ 243 atomic_add_32(&(desc)->pd_irefcnt, 1); \ 244 ASSERT((desc)->pd_irefcnt != 0); \ 245 } 246 247 #define KCF_PROV_IREFRELE(desc) { \ 248 ASSERT((desc)->pd_irefcnt != 0); \ 249 membar_exit(); \ 250 if (atomic_add_32_nv(&(desc)->pd_irefcnt, -1) == 0) { \ 251 cv_broadcast(&(desc)->pd_remove_cv); \ 252 } \ 253 } 254 255 #define KCF_PROV_REFHELD(desc) ((desc)->pd_refcnt >= 1) 256 257 #define KCF_PROV_REFRELE(desc) { \ 258 ASSERT((desc)->pd_refcnt != 0); \ 259 membar_exit(); \ 260 if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) { \ 261 kcf_provider_zero_refcnt((desc)); \ 262 } \ 263 } 264 265 266 /* list of crypto_mech_info_t valid as the second mech in a dual operation */ 267 268 typedef struct crypto_mech_info_list { 269 struct crypto_mech_info_list *ml_next; 270 crypto_mech_type_t ml_kcf_mechid; /* KCF's id */ 271 crypto_mech_info_t ml_mech_info; 272 } crypto_mech_info_list_t; 273 274 /* 275 * An element in a mechanism provider descriptors chain. 276 * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs 277 * to. This is a small tradeoff memory vs mutex spinning time to access the 278 * common provider field. 279 */ 280 281 typedef struct kcf_prov_mech_desc { 282 struct kcf_mech_entry *pm_me; /* Back to the head */ 283 struct kcf_prov_mech_desc *pm_next; /* Next in the chain */ 284 crypto_mech_info_t pm_mech_info; /* Provider mech info */ 285 crypto_mech_info_list_t *pm_mi_list; /* list for duals */ 286 kcf_provider_desc_t *pm_prov_desc; /* Common desc. */ 287 } kcf_prov_mech_desc_t; 288 289 /* and the notation shortcuts ... */ 290 #define pm_provider_type pm_prov_desc.pd_provider_type 291 #define pm_provider_handle pm_prov_desc.pd_provider_handle 292 #define pm_ops_vector pm_prov_desc.pd_ops_vector 293 294 295 #define KCF_CPU_PAD (128 - sizeof (crypto_mech_name_t) - \ 296 sizeof (kmutex_t) - 2 * sizeof (kcf_prov_mech_desc_t *) - \ 297 sizeof (int) - sizeof (uint32_t) - sizeof (size_t)) 298 299 /* 300 * A mechanism entry in an xxx_mech_tab[]. KCF_CPU_PAD needs 301 * to be adjusted if this structure is changed. 302 */ 303 typedef struct kcf_mech_entry { 304 crypto_mech_name_t me_name; /* mechanism name */ 305 kmutex_t me_mutex; /* access protection */ 306 kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */ 307 kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */ 308 /* 309 * Number of HW providers in the chain. There is only one 310 * SW provider. So, we need only a count of HW providers. 311 */ 312 int me_num_hwprov; 313 /* 314 * When a SW provider is present, this is the generation number that 315 * ensures no objects from old SW providers are used in the new one 316 */ 317 uint32_t me_gen_swprov; 318 /* 319 * threshold for using hardware providers for this mech 320 */ 321 size_t me_threshold; 322 uint8_t me_pad[KCF_CPU_PAD]; 323 } kcf_mech_entry_t; 324 325 /* 326 * A policy descriptor structure. It is allocated and initialized 327 * when administrative ioctls load disabled mechanisms. 328 * 329 * pd_prov_type: Provider type, hardware or software 330 * pd_name: Device name or module name. 331 * pd_instance: Device instance. 332 * pd_refcnt: Reference counter for this policy descriptor 333 * pd_mutex: Protects array and count of disabled mechanisms. 334 * pd_disabled_count: Count of disabled mechanisms. 335 * pd_disabled_mechs: Array of disabled mechanisms. 336 */ 337 typedef struct kcf_policy_desc { 338 crypto_provider_type_t pd_prov_type; 339 char *pd_name; 340 uint_t pd_instance; 341 uint_t pd_refcnt; 342 kmutex_t pd_mutex; 343 uint_t pd_disabled_count; 344 crypto_mech_name_t *pd_disabled_mechs; 345 } kcf_policy_desc_t; 346 347 /* 348 * If a component has a reference to a kcf_policy_desc_t, 349 * it REFHOLD()s. A new policy descriptor which is referenced only 350 * by the policy table has a reference count of one. 351 */ 352 #define KCF_POLICY_REFHOLD(desc) { \ 353 atomic_add_32(&(desc)->pd_refcnt, 1); \ 354 ASSERT((desc)->pd_refcnt != 0); \ 355 } 356 357 /* 358 * Releases a reference to a policy descriptor. When the last 359 * reference is released, the descriptor is freed. 360 */ 361 #define KCF_POLICY_REFRELE(desc) { \ 362 ASSERT((desc)->pd_refcnt != 0); \ 363 membar_exit(); \ 364 if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) \ 365 kcf_policy_free_desc(desc); \ 366 } 367 368 /* 369 * This entry stores the name of a software module and its 370 * mechanisms. The mechanisms are 'hints' that are used to 371 * trigger loading of the module. 372 */ 373 typedef struct kcf_soft_conf_entry { 374 struct kcf_soft_conf_entry *ce_next; 375 char *ce_name; 376 crypto_mech_name_t *ce_mechs; 377 uint_t ce_count; 378 } kcf_soft_conf_entry_t; 379 380 extern kmutex_t soft_config_mutex; 381 extern kcf_soft_conf_entry_t *soft_config_list; 382 383 /* 384 * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms, 385 * with a margin of few extra empty entry points 386 */ 387 388 #define KCF_MAXDIGEST 16 /* Digests */ 389 #define KCF_MAXCIPHER 64 /* Ciphers */ 390 #define KCF_MAXMAC 40 /* Message authentication codes */ 391 #define KCF_MAXSIGN 24 /* Sign/Verify */ 392 #define KCF_MAXKEYOPS 116 /* Key generation and derivation */ 393 #define KCF_MAXMISC 16 /* Others ... */ 394 395 #define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \ 396 KCF_MAXSIGN + KCF_MAXKEYOPS + \ 397 KCF_MAXMISC 398 399 extern kcf_mech_entry_t kcf_digest_mechs_tab[]; 400 extern kcf_mech_entry_t kcf_cipher_mechs_tab[]; 401 extern kcf_mech_entry_t kcf_mac_mechs_tab[]; 402 extern kcf_mech_entry_t kcf_sign_mechs_tab[]; 403 extern kcf_mech_entry_t kcf_keyops_mechs_tab[]; 404 extern kcf_mech_entry_t kcf_misc_mechs_tab[]; 405 406 extern kmutex_t kcf_mech_tabs_lock; 407 408 typedef enum { 409 KCF_DIGEST_CLASS = 1, 410 KCF_CIPHER_CLASS, 411 KCF_MAC_CLASS, 412 KCF_SIGN_CLASS, 413 KCF_KEYOPS_CLASS, 414 KCF_MISC_CLASS 415 } kcf_ops_class_t; 416 417 #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS 418 #define KCF_LAST_OPSCLASS KCF_MISC_CLASS 419 420 /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */ 421 422 typedef struct kcf_mech_entry_tab { 423 int met_size; /* Size of the met_tab[] */ 424 kcf_mech_entry_t *met_tab; /* the table */ 425 } kcf_mech_entry_tab_t; 426 427 extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; 428 429 #define KCF_MECHID(class, index) \ 430 (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index)) 431 432 #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32)) 433 434 #define KCF_MECH2INDEX(mech_type) ((int)(mech_type)) 435 436 /* ps_refcnt is protected by cm_lock in the crypto_minor structure */ 437 typedef struct crypto_provider_session { 438 struct crypto_provider_session *ps_next; 439 crypto_session_id_t ps_session; 440 kcf_provider_desc_t *ps_provider; 441 kcf_provider_desc_t *ps_real_provider; 442 uint_t ps_refcnt; 443 } crypto_provider_session_t; 444 445 typedef struct crypto_session_data { 446 kmutex_t sd_lock; 447 kcondvar_t sd_cv; 448 uint32_t sd_flags; 449 crypto_ctx_t *sd_digest_ctx; 450 crypto_ctx_t *sd_encr_ctx; 451 crypto_ctx_t *sd_decr_ctx; 452 crypto_ctx_t *sd_sign_ctx; 453 crypto_ctx_t *sd_verify_ctx; 454 crypto_ctx_t *sd_sign_recover_ctx; 455 crypto_ctx_t *sd_verify_recover_ctx; 456 kcf_provider_desc_t *sd_provider; 457 void *sd_find_init_cookie; 458 crypto_provider_session_t *sd_provider_session; 459 } crypto_session_data_t; 460 461 #define CRYPTO_SESSION_IN_USE 0x00000001 462 #define CRYPTO_SESSION_IS_BUSY 0x00000002 463 #define CRYPTO_SESSION_IS_CLOSED 0x00000004 464 465 #define KCF_MAX_PIN_LEN 1024 466 467 /* 468 * Per-minor info. 469 * 470 * cm_lock protects everything in this structure except for cm_refcnt. 471 */ 472 typedef struct crypto_minor { 473 uint_t cm_refcnt; 474 kmutex_t cm_lock; 475 kcondvar_t cm_cv; 476 crypto_session_data_t **cm_session_table; 477 uint_t cm_session_table_count; 478 kcf_provider_desc_t **cm_provider_array; 479 uint_t cm_provider_count; 480 crypto_provider_session_t *cm_provider_session; 481 kproject_t *cm_projp; 482 } crypto_minor_t; 483 484 /* resource control framework handle used by /dev/crypto */ 485 extern rctl_hndl_t rc_project_crypto_mem; 486 /* 487 * Return codes for internal functions 488 */ 489 #define KCF_SUCCESS 0x0 /* Successful call */ 490 #define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */ 491 #define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */ 492 #define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */ 493 #define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */ 494 495 /* 496 * kCF internal mechanism and function group for tracking RNG providers. 497 */ 498 #define SUN_RANDOM "random" 499 #define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */ 500 501 /* 502 * Wrappers for ops vectors. In the wrapper definitions below, the pd 503 * argument always corresponds to a pointer to a provider descriptor 504 * of type kcf_prov_desc_t. 505 */ 506 507 #define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops) 508 #define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops) 509 #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops) 510 #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops) 511 #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops) 512 #define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops) 513 #define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops) 514 #define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops) 515 #define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \ 516 ((pd)->pd_ops_vector->co_dual_cipher_mac_ops) 517 #define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops) 518 #define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops) 519 #define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops) 520 #define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops) 521 #define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) 522 #define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops) 523 524 /* 525 * Wrappers for crypto_control_ops(9S) entry points. 526 */ 527 528 #define KCF_PROV_STATUS(pd, status) ( \ 529 (KCF_PROV_CONTROL_OPS(pd) && \ 530 KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \ 531 KCF_PROV_CONTROL_OPS(pd)->provider_status( \ 532 (pd)->pd_prov_handle, status) : \ 533 CRYPTO_NOT_SUPPORTED) 534 535 /* 536 * Wrappers for crypto_ctx_ops(9S) entry points. 537 */ 538 539 #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \ 540 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ 541 KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ 542 (pd)->pd_prov_handle, mech, key, template, size, req) : \ 543 CRYPTO_NOT_SUPPORTED) 544 545 #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ 546 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \ 547 KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED) 548 549 #define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \ 550 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \ 551 KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \ 552 (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \ 553 CRYPTO_NOT_SUPPORTED) 554 555 #define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \ 556 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \ 557 KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \ 558 (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \ 559 CRYPTO_NOT_SUPPORTED) 560 561 #define KCF_PROV_FREE_MECH(pd, prov_mech) ( \ 562 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \ 563 KCF_PROV_MECH_OPS(pd)->free_mechanism( \ 564 (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED) 565 566 /* 567 * Wrappers for crypto_digest_ops(9S) entry points. 568 */ 569 570 #define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \ 571 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \ 572 KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \ 573 CRYPTO_NOT_SUPPORTED) 574 575 /* 576 * The _ (underscore) in _digest is needed to avoid replacing the 577 * function digest(). 578 */ 579 #define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \ 580 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \ 581 KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \ 582 CRYPTO_NOT_SUPPORTED) 583 584 #define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \ 585 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \ 586 KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \ 587 CRYPTO_NOT_SUPPORTED) 588 589 #define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \ 590 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \ 591 KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \ 592 CRYPTO_NOT_SUPPORTED) 593 594 #define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \ 595 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \ 596 KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \ 597 CRYPTO_NOT_SUPPORTED) 598 599 #define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \ 600 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \ 601 KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \ 602 (pd)->pd_prov_handle, session, mech, data, digest, req) : \ 603 CRYPTO_NOT_SUPPORTED) 604 605 /* 606 * Wrappers for crypto_cipher_ops(9S) entry points. 607 */ 608 609 #define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 610 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \ 611 KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \ 612 req) : \ 613 CRYPTO_NOT_SUPPORTED) 614 615 #define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \ 616 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \ 617 KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \ 618 CRYPTO_NOT_SUPPORTED) 619 620 #define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 621 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \ 622 KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \ 623 ciphertext, req) : \ 624 CRYPTO_NOT_SUPPORTED) 625 626 #define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \ 627 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \ 628 KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \ 629 CRYPTO_NOT_SUPPORTED) 630 631 #define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \ 632 template, req) ( \ 633 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \ 634 KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \ 635 (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \ 636 template, req) : \ 637 CRYPTO_NOT_SUPPORTED) 638 639 #define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 640 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \ 641 KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \ 642 req) : \ 643 CRYPTO_NOT_SUPPORTED) 644 645 #define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \ 646 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \ 647 KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \ 648 CRYPTO_NOT_SUPPORTED) 649 650 #define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 651 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \ 652 KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \ 653 plaintext, req) : \ 654 CRYPTO_NOT_SUPPORTED) 655 656 #define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \ 657 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \ 658 KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \ 659 CRYPTO_NOT_SUPPORTED) 660 661 #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \ 662 template, req) ( \ 663 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \ 664 KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \ 665 (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \ 666 template, req) : \ 667 CRYPTO_NOT_SUPPORTED) 668 669 /* 670 * Wrappers for crypto_mac_ops(9S) entry points. 671 */ 672 673 #define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \ 674 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \ 675 KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \ 676 : CRYPTO_NOT_SUPPORTED) 677 678 /* 679 * The _ (underscore) in _mac is needed to avoid replacing the 680 * function mac(). 681 */ 682 #define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \ 683 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \ 684 KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \ 685 CRYPTO_NOT_SUPPORTED) 686 687 #define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \ 688 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \ 689 KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \ 690 CRYPTO_NOT_SUPPORTED) 691 692 #define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \ 693 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \ 694 KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \ 695 CRYPTO_NOT_SUPPORTED) 696 697 #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \ 698 req) ( \ 699 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \ 700 KCF_PROV_MAC_OPS(pd)->mac_atomic( \ 701 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 702 req) : \ 703 CRYPTO_NOT_SUPPORTED) 704 705 #define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \ 706 template, req) ( \ 707 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \ 708 KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \ 709 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 710 req) : \ 711 CRYPTO_NOT_SUPPORTED) 712 713 /* 714 * Wrappers for crypto_sign_ops(9S) entry points. 715 */ 716 717 #define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \ 718 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \ 719 KCF_PROV_SIGN_OPS(pd)->sign_init( \ 720 ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED) 721 722 #define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \ 723 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \ 724 KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \ 725 CRYPTO_NOT_SUPPORTED) 726 727 #define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \ 728 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \ 729 KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \ 730 CRYPTO_NOT_SUPPORTED) 731 732 #define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \ 733 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \ 734 KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \ 735 CRYPTO_NOT_SUPPORTED) 736 737 #define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \ 738 sig, req) ( \ 739 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \ 740 KCF_PROV_SIGN_OPS(pd)->sign_atomic( \ 741 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 742 req) : CRYPTO_NOT_SUPPORTED) 743 744 #define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \ 745 req) ( \ 746 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \ 747 KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \ 748 req) : CRYPTO_NOT_SUPPORTED) 749 750 #define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \ 751 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \ 752 KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \ 753 CRYPTO_NOT_SUPPORTED) 754 755 #define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \ 756 sig, req) ( \ 757 (KCF_PROV_SIGN_OPS(pd) && \ 758 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \ 759 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \ 760 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 761 req) : CRYPTO_NOT_SUPPORTED) 762 763 /* 764 * Wrappers for crypto_verify_ops(9S) entry points. 765 */ 766 767 #define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \ 768 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \ 769 KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \ 770 req) : CRYPTO_NOT_SUPPORTED) 771 772 #define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \ 773 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify) ? \ 774 KCF_PROV_VERIFY_OPS(pd)->verify(ctx, data, sig, req) : \ 775 CRYPTO_NOT_SUPPORTED) 776 777 #define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \ 778 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \ 779 KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \ 780 CRYPTO_NOT_SUPPORTED) 781 782 #define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \ 783 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \ 784 KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \ 785 CRYPTO_NOT_SUPPORTED) 786 787 #define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \ 788 req) ( \ 789 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \ 790 KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \ 791 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 792 req) : CRYPTO_NOT_SUPPORTED) 793 794 #define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \ 795 req) ( \ 796 (KCF_PROV_VERIFY_OPS(pd) && \ 797 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \ 798 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \ 799 template, req) : CRYPTO_NOT_SUPPORTED) 800 801 /* verify_recover() CSPI routine has different argument order than verify() */ 802 #define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \ 803 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \ 804 KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \ 805 CRYPTO_NOT_SUPPORTED) 806 807 /* 808 * verify_recover_atomic() CSPI routine has different argument order 809 * than verify_atomic(). 810 */ 811 #define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \ 812 template, data, req) ( \ 813 (KCF_PROV_VERIFY_OPS(pd) && \ 814 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \ 815 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \ 816 (pd)->pd_prov_handle, session, mech, key, sig, data, template, \ 817 req) : CRYPTO_NOT_SUPPORTED) 818 819 /* 820 * Wrappers for crypto_dual_ops(9S) entry points. 821 */ 822 823 #define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \ 824 ciphertext, req) ( \ 825 (KCF_PROV_DUAL_OPS(pd) && \ 826 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \ 827 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \ 828 digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 829 CRYPTO_NOT_SUPPORTED) 830 831 #define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \ 832 plaintext, req) ( \ 833 (KCF_PROV_DUAL_OPS(pd) && \ 834 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \ 835 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \ 836 decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \ 837 CRYPTO_NOT_SUPPORTED) 838 839 #define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \ 840 ciphertext, req) ( \ 841 (KCF_PROV_DUAL_OPS(pd) && \ 842 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \ 843 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \ 844 sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 845 CRYPTO_NOT_SUPPORTED) 846 847 #define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \ 848 plaintext, req) ( \ 849 (KCF_PROV_DUAL_OPS(pd) && \ 850 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \ 851 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \ 852 decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \ 853 CRYPTO_NOT_SUPPORTED) 854 855 /* 856 * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points. 857 */ 858 859 #define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \ 860 mac_key, encr_ctx_template, mac_ctx_template, req) ( \ 861 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 862 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \ 863 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \ 864 ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \ 865 mac_ctx_template, req) : \ 866 CRYPTO_NOT_SUPPORTED) 867 868 #define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \ 869 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 870 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \ 871 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \ 872 ctx, plaintext, ciphertext, mac, req) : \ 873 CRYPTO_NOT_SUPPORTED) 874 875 #define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 876 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 877 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \ 878 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \ 879 ctx, plaintext, ciphertext, req) : \ 880 CRYPTO_NOT_SUPPORTED) 881 882 #define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \ 883 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 884 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \ 885 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \ 886 ctx, ciphertext, mac, req) : \ 887 CRYPTO_NOT_SUPPORTED) 888 889 #define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \ 890 mac_mech, mac_key, plaintext, ciphertext, mac, \ 891 encr_ctx_template, mac_ctx_template, req) ( \ 892 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 893 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \ 894 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \ 895 (pd)->pd_prov_handle, session, encr_mech, encr_key, \ 896 mac_mech, mac_key, plaintext, ciphertext, mac, \ 897 encr_ctx_template, mac_ctx_template, req) : \ 898 CRYPTO_NOT_SUPPORTED) 899 900 #define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \ 901 decr_key, mac_ctx_template, decr_ctx_template, req) ( \ 902 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 903 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \ 904 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \ 905 ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \ 906 decr_ctx_template, req) : \ 907 CRYPTO_NOT_SUPPORTED) 908 909 #define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \ 910 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 911 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \ 912 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \ 913 ctx, ciphertext, mac, plaintext, req) : \ 914 CRYPTO_NOT_SUPPORTED) 915 916 #define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 917 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 918 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \ 919 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \ 920 ctx, ciphertext, plaintext, req) : \ 921 CRYPTO_NOT_SUPPORTED) 922 923 #define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \ 924 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 925 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \ 926 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \ 927 ctx, mac, plaintext, req) : \ 928 CRYPTO_NOT_SUPPORTED) 929 930 #define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 931 decr_mech, decr_key, ciphertext, mac, plaintext, \ 932 mac_ctx_template, decr_ctx_template, req) ( \ 933 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 934 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \ 935 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \ 936 (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 937 decr_mech, decr_key, ciphertext, mac, plaintext, \ 938 mac_ctx_template, decr_ctx_template, req) : \ 939 CRYPTO_NOT_SUPPORTED) 940 941 #define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 942 decr_mech, decr_key, ciphertext, mac, plaintext, \ 943 mac_ctx_template, decr_ctx_template, req) ( \ 944 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 945 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \ 946 != NULL) ? \ 947 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \ 948 (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 949 decr_mech, decr_key, ciphertext, mac, plaintext, \ 950 mac_ctx_template, decr_ctx_template, req) : \ 951 CRYPTO_NOT_SUPPORTED) 952 953 /* 954 * Wrappers for crypto_random_number_ops(9S) entry points. 955 */ 956 957 #define KCF_PROV_SEED_RANDOM(pd, session, buf, len, req) ( \ 958 (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \ 959 KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \ 960 session, buf, len, req) : CRYPTO_NOT_SUPPORTED) 961 962 #define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \ 963 (KCF_PROV_RANDOM_OPS(pd) && \ 964 KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \ 965 KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \ 966 session, buf, len, req) : CRYPTO_NOT_SUPPORTED) 967 968 /* 969 * Wrappers for crypto_session_ops(9S) entry points. 970 * 971 * ops_pd is the provider descriptor that supplies the ops_vector. 972 * pd is the descriptor that supplies the provider handle. 973 * Only session open/close needs two handles. 974 */ 975 976 #define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \ 977 (KCF_PROV_SESSION_OPS(ops_pd) && \ 978 KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \ 979 KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \ 980 session, req) : CRYPTO_NOT_SUPPORTED) 981 982 #define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \ 983 (KCF_PROV_SESSION_OPS(ops_pd) && \ 984 KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \ 985 KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \ 986 session, req) : CRYPTO_NOT_SUPPORTED) 987 988 #define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \ 989 (KCF_PROV_SESSION_OPS(pd) && \ 990 KCF_PROV_SESSION_OPS(pd)->session_login) ? \ 991 KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \ 992 session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED) 993 994 #define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \ 995 (KCF_PROV_SESSION_OPS(pd) && \ 996 KCF_PROV_SESSION_OPS(pd)->session_logout) ? \ 997 KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \ 998 session, req) : CRYPTO_NOT_SUPPORTED) 999 1000 /* 1001 * Wrappers for crypto_object_ops(9S) entry points. 1002 */ 1003 1004 #define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \ 1005 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \ 1006 KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \ 1007 session, template, count, object, req) : CRYPTO_NOT_SUPPORTED) 1008 1009 #define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \ 1010 new_object, req) ( \ 1011 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \ 1012 KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \ 1013 session, object, template, count, new_object, req) : \ 1014 CRYPTO_NOT_SUPPORTED) 1015 1016 #define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \ 1017 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \ 1018 KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \ 1019 session, object, req) : CRYPTO_NOT_SUPPORTED) 1020 1021 #define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \ 1022 (KCF_PROV_OBJECT_OPS(pd) && \ 1023 KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \ 1024 KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \ 1025 session, object, size, req) : CRYPTO_NOT_SUPPORTED) 1026 1027 #define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \ 1028 count, req) ( \ 1029 (KCF_PROV_OBJECT_OPS(pd) && \ 1030 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \ 1031 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \ 1032 (pd)->pd_prov_handle, session, object, template, count, req) : \ 1033 CRYPTO_NOT_SUPPORTED) 1034 1035 #define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \ 1036 count, req) ( \ 1037 (KCF_PROV_OBJECT_OPS(pd) && \ 1038 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \ 1039 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \ 1040 (pd)->pd_prov_handle, session, object, template, count, req) : \ 1041 CRYPTO_NOT_SUPPORTED) 1042 1043 #define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \ 1044 req) ( \ 1045 (KCF_PROV_OBJECT_OPS(pd) && \ 1046 KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \ 1047 KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \ 1048 session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED) 1049 1050 #define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \ 1051 req) ( \ 1052 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \ 1053 KCF_PROV_OBJECT_OPS(pd)->object_find( \ 1054 (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \ 1055 req) : CRYPTO_NOT_SUPPORTED) 1056 1057 #define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \ 1058 (KCF_PROV_OBJECT_OPS(pd) && \ 1059 KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \ 1060 KCF_PROV_OBJECT_OPS(pd)->object_find_final( \ 1061 (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED) 1062 1063 /* 1064 * Wrappers for crypto_key_ops(9S) entry points. 1065 */ 1066 1067 #define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \ 1068 req) ( \ 1069 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \ 1070 KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \ 1071 session, mech, template, count, object, req) : \ 1072 CRYPTO_NOT_SUPPORTED) 1073 1074 #define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 1075 pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \ 1076 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \ 1077 KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \ 1078 session, mech, pub_template, pub_count, priv_template, \ 1079 priv_count, pub_key, priv_key, req) : \ 1080 CRYPTO_NOT_SUPPORTED) 1081 1082 #define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \ 1083 wrapped_key_len, req) ( \ 1084 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \ 1085 KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \ 1086 session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \ 1087 req) : \ 1088 CRYPTO_NOT_SUPPORTED) 1089 1090 #define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \ 1091 wrapped_key_len, template, count, key, req) ( \ 1092 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \ 1093 KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \ 1094 session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \ 1095 template, count, key, req) : \ 1096 CRYPTO_NOT_SUPPORTED) 1097 1098 #define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \ 1099 key, req) ( \ 1100 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \ 1101 KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \ 1102 session, mech, base_key, template, count, key, req) : \ 1103 CRYPTO_NOT_SUPPORTED) 1104 1105 #define KCF_PROV_KEY_CHECK(pd, mech, key) ( \ 1106 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \ 1107 KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \ 1108 CRYPTO_NOT_SUPPORTED) 1109 1110 /* 1111 * Wrappers for crypto_provider_management_ops(9S) entry points. 1112 * 1113 * ops_pd is the provider descriptor that supplies the ops_vector. 1114 * pd is the descriptor that supplies the provider handle. 1115 * Only ext_info needs two handles. 1116 */ 1117 1118 #define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \ 1119 (KCF_PROV_PROVIDER_OPS(ops_pd) && \ 1120 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \ 1121 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \ 1122 provext_info, req) : CRYPTO_NOT_SUPPORTED) 1123 1124 #define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \ 1125 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \ 1126 KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \ 1127 pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED) 1128 1129 #define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \ 1130 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \ 1131 KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \ 1132 session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED) 1133 1134 #define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \ 1135 req) ( \ 1136 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \ 1137 KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \ 1138 session, old_pin, old_len, new_pin, new_len, req) : \ 1139 CRYPTO_NOT_SUPPORTED) 1140 1141 /* 1142 * The following routines are exported by the kcf module (/kernel/misc/kcf) 1143 * to the crypto and cryptoadmin modules. 1144 */ 1145 1146 /* Digest/mac/cipher entry points that take a provider descriptor and session */ 1147 extern int crypto_digest_single(crypto_context_t, crypto_data_t *, 1148 crypto_data_t *, crypto_call_req_t *); 1149 1150 extern int crypto_mac_single(crypto_context_t, crypto_data_t *, 1151 crypto_data_t *, crypto_call_req_t *); 1152 1153 extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *, 1154 crypto_data_t *, crypto_call_req_t *); 1155 1156 extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *, 1157 crypto_data_t *, crypto_call_req_t *); 1158 1159 1160 /* Other private digest/mac/cipher entry points not exported through k-API */ 1161 extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *, 1162 crypto_call_req_t *); 1163 1164 /* Private sign entry points exported by KCF */ 1165 extern int crypto_sign_single(crypto_context_t, crypto_data_t *, 1166 crypto_data_t *, crypto_call_req_t *); 1167 1168 extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *, 1169 crypto_data_t *, crypto_call_req_t *); 1170 1171 /* Private verify entry points exported by KCF */ 1172 extern int crypto_verify_single(crypto_context_t, crypto_data_t *, 1173 crypto_data_t *, crypto_call_req_t *); 1174 1175 extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *, 1176 crypto_data_t *, crypto_call_req_t *); 1177 1178 /* Private dual operations entry points exported by KCF */ 1179 extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t, 1180 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1181 extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t, 1182 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1183 extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t, 1184 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1185 extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t, 1186 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1187 1188 /* Random Number Generation */ 1189 int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf, 1190 size_t len, crypto_call_req_t *req); 1191 int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf, 1192 size_t len, crypto_call_req_t *req); 1193 1194 /* Provider Management */ 1195 int crypto_get_provider_info(crypto_provider_id_t id, 1196 crypto_provider_info_t **info, crypto_call_req_t *req); 1197 int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id, 1198 uint_t *count, crypto_mech_name_t **list); 1199 int crypto_init_token(crypto_provider_handle_t provider, char *pin, 1200 size_t pin_len, char *label, crypto_call_req_t *); 1201 int crypto_init_pin(crypto_provider_handle_t provider, char *pin, 1202 size_t pin_len, crypto_call_req_t *req); 1203 int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin, 1204 size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req); 1205 void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count); 1206 void crypto_free_provider_info(crypto_provider_info_t *info); 1207 1208 /* Administrative */ 1209 int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list); 1210 int crypto_get_soft_list(uint_t *count, char **list, size_t *len); 1211 int crypto_get_dev_info(char *name, uint_t instance, uint_t *count, 1212 crypto_mech_name_t **list); 1213 int crypto_get_soft_info(caddr_t name, uint_t *count, 1214 crypto_mech_name_t **list); 1215 int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count, 1216 crypto_mech_name_t *list); 1217 int crypto_load_soft_disabled(caddr_t name, uint_t count, 1218 crypto_mech_name_t *list); 1219 int crypto_unload_soft_module(caddr_t path); 1220 int crypto_load_soft_config(caddr_t name, uint_t count, 1221 crypto_mech_name_t *list); 1222 int crypto_load_door(uint_t did); 1223 void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count); 1224 void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count); 1225 1226 /* Miscellaneous */ 1227 int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number); 1228 int crypto_get_function_list(crypto_provider_id_t id, 1229 crypto_function_list_t **list, int kmflag); 1230 void crypto_free_function_list(crypto_function_list_t *list); 1231 int crypto_build_permitted_mech_names(kcf_provider_desc_t *, 1232 crypto_mech_name_t **, uint_t *, int); 1233 extern void kcf_init_mech_tabs(void); 1234 extern int kcf_add_mech_provider(crypto_mech_info_t *, kcf_provider_desc_t *, 1235 kcf_prov_mech_desc_t **); 1236 extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *); 1237 extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **); 1238 extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *); 1239 extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *); 1240 extern void kcf_free_provider_desc(kcf_provider_desc_t *); 1241 extern void kcf_soft_config_init(void); 1242 extern int get_sw_provider_for_mech(crypto_mech_name_t, char **); 1243 extern void kcf_dup_mech(crypto_mechanism_t *, crypto_mechanism_t *, 1244 crypto_mech_type_t *); 1245 extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t); 1246 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); 1247 extern void redo_register_provider(kcf_provider_desc_t *); 1248 extern void kcf_rnd_init(); 1249 extern boolean_t kcf_rngprov_check(void); 1250 extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t); 1251 extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t, boolean_t); 1252 extern void kcf_rnd_chpoll(int, short *, struct pollhead **); 1253 extern void kcf_rnd_schedule_timeout(boolean_t); 1254 1255 /* Access to the provider's table */ 1256 extern void kcf_prov_tab_init(void); 1257 extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *); 1258 extern int kcf_prov_tab_rem_provider(crypto_provider_id_t); 1259 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *); 1260 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t); 1261 extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int, 1262 char *, uint_t, boolean_t); 1263 extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t); 1264 extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **); 1265 extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t); 1266 extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **, 1267 boolean_t); 1268 1269 /* Access to the policy table */ 1270 extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t); 1271 extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *, 1272 uint_t, crypto_mech_name_t); 1273 extern void kcf_policy_tab_init(void); 1274 extern void kcf_policy_free_desc(kcf_policy_desc_t *); 1275 extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **); 1276 extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *, 1277 crypto_mech_name_t **); 1278 extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *); 1279 extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t); 1280 extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *, 1281 uint_t *, crypto_mech_name_t **); 1282 extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t, 1283 crypto_mech_name_t *, uint_t *, crypto_mech_name_t **); 1284 extern boolean_t in_soft_config_list(char *); 1285 1286 #endif /* _KERNEL */ 1287 1288 #ifdef __cplusplus 1289 } 1290 #endif 1291 1292 #endif /* _SYS_CRYPTO_IMPL_H */ 1293