1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SYS_CRYPTO_SPI_H 28 #define _SYS_CRYPTO_SPI_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 /* 33 * CSPI: Cryptographic Service Provider Interface. 34 */ 35 36 #include <sys/types.h> 37 #include <sys/dditypes.h> 38 #include <sys/ddi.h> 39 #include <sys/kmem.h> 40 #include <sys/crypto/common.h> 41 42 #ifdef __cplusplus 43 extern "C" { 44 #endif 45 46 #ifdef _KERNEL 47 48 #define CRYPTO_SPI_VERSION_1 1 49 #define CRYPTO_SPI_VERSION_2 2 50 51 /* 52 * Provider-private handle. This handle is specified by a provider 53 * when it registers by means of the pi_provider_handle field of 54 * the crypto_provider_info structure, and passed to the provider 55 * when its entry points are invoked. 56 */ 57 typedef void *crypto_provider_handle_t; 58 59 /* 60 * Context templates can be used to by software providers to pre-process 61 * keying material, such as key schedules. They are allocated by 62 * a software provider create_ctx_template(9E) entry point, and passed 63 * as argument to initialization and atomic provider entry points. 64 */ 65 typedef void *crypto_spi_ctx_template_t; 66 67 /* 68 * Request handles are used by the kernel to identify an asynchronous 69 * request being processed by a provider. It is passed by the kernel 70 * to a hardware provider when submitting a request, and must be 71 * specified by a provider when calling crypto_op_notification(9F) 72 */ 73 typedef void *crypto_req_handle_t; 74 75 /* 76 * The context structure is passed from the kernel to a provider. 77 * It contains the information needed to process a multi-part or 78 * single part operation. The context structure is not used 79 * by atomic operations. 80 * 81 * Parameters needed to perform a cryptographic operation, such 82 * as keys, mechanisms, input and output buffers, are passed 83 * as separate arguments to Provider routines. 84 */ 85 typedef struct crypto_ctx { 86 crypto_provider_handle_t cc_provider; 87 crypto_session_id_t cc_session; 88 void *cc_provider_private; /* owned by provider */ 89 void *cc_framework_private; /* owned by framework */ 90 } crypto_ctx_t; 91 92 /* 93 * Extended provider information. 94 */ 95 96 /* 97 * valid values for ei_flags field of extended info structure 98 * They match the RSA Security, Inc PKCS#11 tokenInfo flags. 99 */ 100 #define CRYPTO_EXTF_RNG 0x00000001 101 #define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002 102 #define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004 103 #define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008 104 #define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040 105 #define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100 106 #define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200 107 #define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400 108 #define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000 109 #define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000 110 #define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000 111 #define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000 112 #define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000 113 #define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000 114 #define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000 115 #define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000 116 117 #endif /* _KERNEL */ 118 119 #define CRYPTO_EXT_SIZE_LABEL 32 120 #define CRYPTO_EXT_SIZE_MANUF 32 121 #define CRYPTO_EXT_SIZE_MODEL 16 122 #define CRYPTO_EXT_SIZE_SERIAL 16 123 #define CRYPTO_EXT_SIZE_TIME 16 124 125 #ifdef _KERNEL 126 127 typedef struct crypto_provider_ext_info { 128 uchar_t ei_label[CRYPTO_EXT_SIZE_LABEL]; 129 uchar_t ei_manufacturerID[CRYPTO_EXT_SIZE_MANUF]; 130 uchar_t ei_model[CRYPTO_EXT_SIZE_MODEL]; 131 uchar_t ei_serial_number[CRYPTO_EXT_SIZE_SERIAL]; 132 ulong_t ei_flags; 133 ulong_t ei_max_session_count; 134 ulong_t ei_max_pin_len; 135 ulong_t ei_min_pin_len; 136 ulong_t ei_total_public_memory; 137 ulong_t ei_free_public_memory; 138 ulong_t ei_total_private_memory; 139 ulong_t ei_free_private_memory; 140 crypto_version_t ei_hardware_version; 141 crypto_version_t ei_firmware_version; 142 uchar_t ei_time[CRYPTO_EXT_SIZE_TIME]; 143 } crypto_provider_ext_info_t; 144 145 /* 146 * The crypto_control_ops structure contains pointers to control 147 * operations for cryptographic providers. It is passed through 148 * the crypto_ops(9S) structure when providers register with the 149 * kernel using crypto_register_provider(9F). 150 */ 151 typedef struct crypto_control_ops { 152 void (*provider_status)(crypto_provider_handle_t, uint_t *); 153 } crypto_control_ops_t; 154 155 /* 156 * The crypto_ctx_ops structure contains points to context and context 157 * templates management operations for cryptographic providers. It is 158 * passed through the crypto_ops(9S) structure when providers register 159 * with the kernel using crypto_register_provider(9F). 160 */ 161 typedef struct crypto_ctx_ops { 162 int (*create_ctx_template)(crypto_provider_handle_t, 163 crypto_mechanism_t *, crypto_key_t *, 164 crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); 165 int (*free_context)(crypto_ctx_t *); 166 } crypto_ctx_ops_t; 167 168 /* 169 * The crypto_digest_ops structure contains pointers to digest 170 * operations for cryptographic providers. It is passed through 171 * the crypto_ops(9S) structure when providers register with the 172 * kernel using crypto_register_provider(9F). 173 */ 174 typedef struct crypto_digest_ops { 175 int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *, 176 crypto_req_handle_t); 177 int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 178 crypto_req_handle_t); 179 int (*digest_update)(crypto_ctx_t *, crypto_data_t *, 180 crypto_req_handle_t); 181 int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t); 182 int (*digest_final)(crypto_ctx_t *, crypto_data_t *, 183 crypto_req_handle_t); 184 int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, 185 crypto_mechanism_t *, crypto_data_t *, 186 crypto_data_t *, crypto_req_handle_t); 187 } crypto_digest_ops_t; 188 189 /* 190 * The crypto_cipher_ops structure contains pointers to encryption 191 * and decryption operations for cryptographic providers. It is 192 * passed through the crypto_ops(9S) structure when providers register 193 * with the kernel using crypto_register_provider(9F). 194 */ 195 typedef struct crypto_cipher_ops { 196 int (*encrypt_init)(crypto_ctx_t *, 197 crypto_mechanism_t *, crypto_key_t *, 198 crypto_spi_ctx_template_t, crypto_req_handle_t); 199 int (*encrypt)(crypto_ctx_t *, 200 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 201 int (*encrypt_update)(crypto_ctx_t *, 202 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 203 int (*encrypt_final)(crypto_ctx_t *, 204 crypto_data_t *, crypto_req_handle_t); 205 int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 206 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 207 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 208 209 int (*decrypt_init)(crypto_ctx_t *, 210 crypto_mechanism_t *, crypto_key_t *, 211 crypto_spi_ctx_template_t, crypto_req_handle_t); 212 int (*decrypt)(crypto_ctx_t *, 213 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 214 int (*decrypt_update)(crypto_ctx_t *, 215 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 216 int (*decrypt_final)(crypto_ctx_t *, 217 crypto_data_t *, crypto_req_handle_t); 218 int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 219 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 220 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 221 } crypto_cipher_ops_t; 222 223 /* 224 * The crypto_mac_ops structure contains pointers to MAC 225 * operations for cryptographic providers. It is passed through 226 * the crypto_ops(9S) structure when providers register with the 227 * kernel using crypto_register_provider(9F). 228 */ 229 typedef struct crypto_mac_ops { 230 int (*mac_init)(crypto_ctx_t *, 231 crypto_mechanism_t *, crypto_key_t *, 232 crypto_spi_ctx_template_t, crypto_req_handle_t); 233 int (*mac)(crypto_ctx_t *, 234 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 235 int (*mac_update)(crypto_ctx_t *, 236 crypto_data_t *, crypto_req_handle_t); 237 int (*mac_final)(crypto_ctx_t *, 238 crypto_data_t *, crypto_req_handle_t); 239 int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 240 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 241 crypto_data_t *, crypto_spi_ctx_template_t, 242 crypto_req_handle_t); 243 int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 244 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 245 crypto_data_t *, crypto_spi_ctx_template_t, 246 crypto_req_handle_t); 247 } crypto_mac_ops_t; 248 249 /* 250 * The crypto_sign_ops structure contains pointers to signing 251 * operations for cryptographic providers. It is passed through 252 * the crypto_ops(9S) structure when providers register with the 253 * kernel using crypto_register_provider(9F). 254 */ 255 typedef struct crypto_sign_ops { 256 int (*sign_init)(crypto_ctx_t *, 257 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 258 crypto_req_handle_t); 259 int (*sign)(crypto_ctx_t *, 260 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 261 int (*sign_update)(crypto_ctx_t *, 262 crypto_data_t *, crypto_req_handle_t); 263 int (*sign_final)(crypto_ctx_t *, 264 crypto_data_t *, crypto_req_handle_t); 265 int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t, 266 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 267 crypto_data_t *, crypto_spi_ctx_template_t, 268 crypto_req_handle_t); 269 int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 270 crypto_key_t *, crypto_spi_ctx_template_t, 271 crypto_req_handle_t); 272 int (*sign_recover)(crypto_ctx_t *, 273 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 274 int (*sign_recover_atomic)(crypto_provider_handle_t, 275 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 276 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 277 crypto_req_handle_t); 278 } crypto_sign_ops_t; 279 280 /* 281 * The crypto_verify_ops structure contains pointers to verify 282 * operations for cryptographic providers. It is passed through 283 * the crypto_ops(9S) structure when providers register with the 284 * kernel using crypto_register_provider(9F). 285 */ 286 typedef struct crypto_verify_ops { 287 int (*verify_init)(crypto_ctx_t *, 288 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 289 crypto_req_handle_t); 290 int (*verify)(crypto_ctx_t *, 291 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 292 int (*verify_update)(crypto_ctx_t *, 293 crypto_data_t *, crypto_req_handle_t); 294 int (*verify_final)(crypto_ctx_t *, 295 crypto_data_t *, crypto_req_handle_t); 296 int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 297 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 298 crypto_data_t *, crypto_spi_ctx_template_t, 299 crypto_req_handle_t); 300 int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 301 crypto_key_t *, crypto_spi_ctx_template_t, 302 crypto_req_handle_t); 303 int (*verify_recover)(crypto_ctx_t *, 304 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 305 int (*verify_recover_atomic)(crypto_provider_handle_t, 306 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 307 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 308 crypto_req_handle_t); 309 } crypto_verify_ops_t; 310 311 /* 312 * The crypto_dual_ops structure contains pointers to dual 313 * cipher and sign/verify operations for cryptographic providers. 314 * It is passed through the crypto_ops(9S) structure when 315 * providers register with the kernel using 316 * crypto_register_provider(9F). 317 */ 318 typedef struct crypto_dual_ops { 319 int (*digest_encrypt_update)( 320 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 321 crypto_data_t *, crypto_req_handle_t); 322 int (*decrypt_digest_update)( 323 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 324 crypto_data_t *, crypto_req_handle_t); 325 int (*sign_encrypt_update)( 326 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 327 crypto_data_t *, crypto_req_handle_t); 328 int (*decrypt_verify_update)( 329 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 330 crypto_data_t *, crypto_req_handle_t); 331 } crypto_dual_ops_t; 332 333 /* 334 * The crypto_dual_cipher_mac_ops structure contains pointers to dual 335 * cipher and MAC operations for cryptographic providers. 336 * It is passed through the crypto_ops(9S) structure when 337 * providers register with the kernel using 338 * crypto_register_provider(9F). 339 */ 340 typedef struct crypto_dual_cipher_mac_ops { 341 int (*encrypt_mac_init)(crypto_ctx_t *, 342 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 343 crypto_key_t *, crypto_spi_ctx_template_t, 344 crypto_spi_ctx_template_t, crypto_req_handle_t); 345 int (*encrypt_mac)(crypto_ctx_t *, 346 crypto_data_t *, crypto_dual_data_t *, crypto_data_t *, 347 crypto_req_handle_t); 348 int (*encrypt_mac_update)(crypto_ctx_t *, 349 crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t); 350 int (*encrypt_mac_final)(crypto_ctx_t *, 351 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 352 int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 353 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 354 crypto_key_t *, crypto_data_t *, crypto_dual_data_t *, 355 crypto_data_t *, crypto_spi_ctx_template_t, 356 crypto_spi_ctx_template_t, crypto_req_handle_t); 357 358 int (*mac_decrypt_init)(crypto_ctx_t *, 359 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 360 crypto_key_t *, crypto_spi_ctx_template_t, 361 crypto_spi_ctx_template_t, crypto_req_handle_t); 362 int (*mac_decrypt)(crypto_ctx_t *, 363 crypto_dual_data_t *, crypto_data_t *, crypto_data_t *, 364 crypto_req_handle_t); 365 int (*mac_decrypt_update)(crypto_ctx_t *, 366 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 367 int (*mac_decrypt_final)(crypto_ctx_t *, 368 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 369 int (*mac_decrypt_atomic)(crypto_provider_handle_t, 370 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 371 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 372 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 373 crypto_spi_ctx_template_t, crypto_req_handle_t); 374 int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t, 375 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 376 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 377 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 378 crypto_spi_ctx_template_t, crypto_req_handle_t); 379 } crypto_dual_cipher_mac_ops_t; 380 381 /* 382 * The crypto_random_number_ops structure contains pointers to random 383 * number operations for cryptographic providers. It is passed through 384 * the crypto_ops(9S) structure when providers register with the 385 * kernel using crypto_register_provider(9F). 386 */ 387 typedef struct crypto_random_number_ops { 388 int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t, 389 uchar_t *, size_t, crypto_req_handle_t); 390 int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t, 391 uchar_t *, size_t, crypto_req_handle_t); 392 } crypto_random_number_ops_t; 393 394 /* 395 * The crypto_session_ops structure contains pointers to session 396 * operations for cryptographic providers. It is passed through 397 * the crypto_ops(9S) structure when providers register with the 398 * kernel using crypto_register_provider(9F). 399 */ 400 typedef struct crypto_session_ops { 401 int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *, 402 crypto_req_handle_t); 403 int (*session_close)(crypto_provider_handle_t, crypto_session_id_t, 404 crypto_req_handle_t); 405 int (*session_login)(crypto_provider_handle_t, crypto_session_id_t, 406 crypto_user_type_t, char *, size_t, crypto_req_handle_t); 407 int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t, 408 crypto_req_handle_t); 409 } crypto_session_ops_t; 410 411 /* 412 * The crypto_object_ops structure contains pointers to object 413 * operations for cryptographic providers. It is passed through 414 * the crypto_ops(9S) structure when providers register with the 415 * kernel using crypto_register_provider(9F). 416 */ 417 typedef struct crypto_object_ops { 418 int (*object_create)(crypto_provider_handle_t, crypto_session_id_t, 419 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 420 crypto_req_handle_t); 421 int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t, 422 crypto_object_id_t, crypto_object_attribute_t *, uint_t, 423 crypto_object_id_t *, crypto_req_handle_t); 424 int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t, 425 crypto_object_id_t, crypto_req_handle_t); 426 int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t, 427 crypto_object_id_t, size_t *, crypto_req_handle_t); 428 int (*object_get_attribute_value)(crypto_provider_handle_t, 429 crypto_session_id_t, crypto_object_id_t, 430 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 431 int (*object_set_attribute_value)(crypto_provider_handle_t, 432 crypto_session_id_t, crypto_object_id_t, 433 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 434 int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t, 435 crypto_object_attribute_t *, uint_t, void **, 436 crypto_req_handle_t); 437 int (*object_find)(crypto_provider_handle_t, void *, 438 crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t); 439 int (*object_find_final)(crypto_provider_handle_t, void *, 440 crypto_req_handle_t); 441 } crypto_object_ops_t; 442 443 /* 444 * The crypto_key_ops structure contains pointers to key 445 * operations for cryptographic providers. It is passed through 446 * the crypto_ops(9S) structure when providers register with the 447 * kernel using crypto_register_provider(9F). 448 */ 449 typedef struct crypto_key_ops { 450 int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t, 451 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 452 crypto_object_id_t *, crypto_req_handle_t); 453 int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t, 454 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 455 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 456 crypto_object_id_t *, crypto_req_handle_t); 457 int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t, 458 crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, 459 uchar_t *, size_t *, crypto_req_handle_t); 460 int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t, 461 crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *, 462 crypto_object_attribute_t *, uint_t, 463 crypto_object_id_t *, crypto_req_handle_t); 464 int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t, 465 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, 466 uint_t, crypto_object_id_t *, crypto_req_handle_t); 467 int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *, 468 crypto_key_t *); 469 } crypto_key_ops_t; 470 471 /* 472 * The crypto_provider_management_ops structure contains pointers 473 * to management operations for cryptographic providers. It is passed 474 * through the crypto_ops(9S) structure when providers register with the 475 * kernel using crypto_register_provider(9F). 476 */ 477 typedef struct crypto_provider_management_ops { 478 int (*ext_info)(crypto_provider_handle_t, 479 crypto_provider_ext_info_t *, crypto_req_handle_t); 480 int (*init_token)(crypto_provider_handle_t, char *, size_t, 481 char *, crypto_req_handle_t); 482 int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t, 483 char *, size_t, crypto_req_handle_t); 484 int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t, 485 char *, size_t, char *, size_t, crypto_req_handle_t); 486 } crypto_provider_management_ops_t; 487 488 typedef struct crypto_mech_ops { 489 int (*copyin_mechanism)(crypto_provider_handle_t, 490 crypto_mechanism_t *, crypto_mechanism_t *, int *, int); 491 int (*copyout_mechanism)(crypto_provider_handle_t, 492 crypto_mechanism_t *, crypto_mechanism_t *, int *, int); 493 int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *); 494 } crypto_mech_ops_t; 495 496 /* 497 * The crypto_ops(9S) structure contains the structures containing 498 * the pointers to functions implemented by cryptographic providers. 499 * It is specified as part of the crypto_provider_info(9S) 500 * supplied by a provider when it registers with the kernel 501 * by calling crypto_register_provider(9F). 502 */ 503 typedef struct crypto_ops_v1 { 504 crypto_control_ops_t *co_control_ops; 505 crypto_digest_ops_t *co_digest_ops; 506 crypto_cipher_ops_t *co_cipher_ops; 507 crypto_mac_ops_t *co_mac_ops; 508 crypto_sign_ops_t *co_sign_ops; 509 crypto_verify_ops_t *co_verify_ops; 510 crypto_dual_ops_t *co_dual_ops; 511 crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops; 512 crypto_random_number_ops_t *co_random_ops; 513 crypto_session_ops_t *co_session_ops; 514 crypto_object_ops_t *co_object_ops; 515 crypto_key_ops_t *co_key_ops; 516 crypto_provider_management_ops_t *co_provider_ops; 517 crypto_ctx_ops_t *co_ctx_ops; 518 } crypto_ops_v1_t; 519 520 typedef struct crypto_ops_v2 { 521 crypto_ops_v1_t v1_ops; 522 crypto_mech_ops_t *co_mech_ops; 523 } crypto_ops_v2_t; 524 525 typedef struct crypto_ops { 526 union { 527 crypto_ops_v2_t cou_v2; 528 crypto_ops_v1_t cou_v1; 529 } cou; 530 } crypto_ops_t; 531 532 #define co_control_ops cou.cou_v1.co_control_ops 533 #define co_digest_ops cou.cou_v1.co_digest_ops 534 #define co_cipher_ops cou.cou_v1.co_cipher_ops 535 #define co_mac_ops cou.cou_v1.co_mac_ops 536 #define co_sign_ops cou.cou_v1.co_sign_ops 537 #define co_verify_ops cou.cou_v1.co_verify_ops 538 #define co_dual_ops cou.cou_v1.co_dual_ops 539 #define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops 540 #define co_random_ops cou.cou_v1.co_random_ops 541 #define co_session_ops cou.cou_v1.co_session_ops 542 #define co_object_ops cou.cou_v1.co_object_ops 543 #define co_key_ops cou.cou_v1.co_key_ops 544 #define co_provider_ops cou.cou_v1.co_provider_ops 545 #define co_ctx_ops cou.cou_v1.co_ctx_ops 546 #define co_mech_ops cou.cou_v2.co_mech_ops 547 548 /* 549 * Provider device specification passed during registration. 550 * 551 * Software providers set the pi_provider_type field of provider_info_t 552 * to CRYPTO_SW_PROVIDER, and set the pd_sw field of 553 * crypto_provider_dev_t to the address of their modlinkage. 554 * 555 * Hardware providers set the pi_provider_type field of provider_info_t 556 * to CRYPTO_HW_PROVIDER, and set the pd_hw field of 557 * crypto_provider_dev_t to the dev_info structure corresponding 558 * to the device instance being registered. 559 * 560 * Logical providers set the pi_provider_type field of provider_info_t 561 * to CRYPTO_LOGICAL_PROVIDER, and set the pd_hw field of 562 * crypto_provider_dev_t to the dev_info structure corresponding 563 * to the device instance being registered. 564 */ 565 566 typedef union crypto_provider_dev { 567 struct modlinkage *pd_sw; /* for CRYPTO_SW_PROVIDER */ 568 dev_info_t *pd_hw; /* for CRYPTO_HW_PROVIDER */ 569 } crypto_provider_dev_t; 570 571 /* 572 * The mechanism info structure crypto_mech_info_t contains a function group 573 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 574 * specifies the provider entry point that can be used a particular 575 * mechanism. The function group mask is a combination of the following values. 576 */ 577 578 typedef uint32_t crypto_func_group_t; 579 580 #endif /* _KERNEL */ 581 582 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ 583 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ 584 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ 585 #define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */ 586 #define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */ 587 #define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */ 588 #define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */ 589 #define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */ 590 #define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */ 591 #define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */ 592 #define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */ 593 #define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */ 594 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 595 #define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */ 596 #define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */ 597 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 598 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 599 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 600 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ 601 #define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */ 602 #define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */ 603 #define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */ 604 #define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */ 605 #define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */ 606 #define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */ 607 #define CRYPTO_FG_RESERVED 0x80000000 608 609 /* 610 * Maximum length of the pi_provider_description field of the 611 * crypto_provider_info structure. 612 */ 613 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 614 615 #ifdef _KERNEL 616 617 /* Bit mask for all the simple operations */ 618 #define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \ 619 CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \ 620 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \ 621 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \ 622 CRYPTO_FG_VERIFY_ATOMIC) 623 624 /* Bit mask for all the dual operations */ 625 #define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \ 626 CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \ 627 CRYPTO_FG_MAC_DECRYPT_ATOMIC) 628 629 /* Add other combos to CRYPTO_FG_DUAL_MASK */ 630 #define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK 631 632 /* 633 * The crypto_mech_info structure specifies one of the mechanisms 634 * supported by a cryptographic provider. The pi_mechanisms field of 635 * the crypto_provider_info structure contains a pointer to an array 636 * of crypto_mech_info's. 637 */ 638 typedef struct crypto_mech_info { 639 crypto_mech_name_t cm_mech_name; 640 crypto_mech_type_t cm_mech_number; 641 crypto_func_group_t cm_func_group_mask; 642 ssize_t cm_min_key_length; 643 ssize_t cm_max_key_length; 644 crypto_keysize_unit_t cm_keysize_unit; /* for cm_xxx_key_length */ 645 } crypto_mech_info_t; 646 647 /* 648 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 649 * It is returned after the provider registers with 650 * crypto_register_provider(), and must be specified by the provider 651 * when calling crypto_unregister_provider(), and 652 * crypto_provider_notification(). 653 */ 654 typedef uint_t crypto_kcf_provider_handle_t; 655 656 /* 657 * Provider information. Passed as argument to crypto_register_provider(9F). 658 * Describes the provider and its capabilities. Multiple providers can 659 * register for the same device instance. In this case, the same 660 * pi_provider_dev must be specified with a different pi_provider_handle. 661 */ 662 typedef struct crypto_provider_info_v1 { 663 uint_t pi_interface_version; 664 char *pi_provider_description; 665 crypto_provider_type_t pi_provider_type; 666 crypto_provider_dev_t pi_provider_dev; 667 crypto_provider_handle_t pi_provider_handle; 668 crypto_ops_t *pi_ops_vector; 669 uint_t pi_mech_list_count; 670 crypto_mech_info_t *pi_mechanisms; 671 uint_t pi_logical_provider_count; 672 crypto_kcf_provider_handle_t *pi_logical_providers; 673 } crypto_provider_info_v1_t; 674 675 typedef struct crypto_provider_info_v2 { 676 crypto_provider_info_v1_t v1_info; 677 uint_t pi_flags; 678 } crypto_provider_info_v2_t; 679 680 typedef struct crypto_provider_info { 681 union { 682 crypto_provider_info_v2_t piu_v2; 683 crypto_provider_info_v1_t piu_v1; 684 } piu; 685 } crypto_provider_info_t; 686 687 #define pi_interface_version piu.piu_v1.pi_interface_version 688 #define pi_provider_description piu.piu_v1.pi_provider_description 689 #define pi_provider_type piu.piu_v1.pi_provider_type 690 #define pi_provider_dev piu.piu_v1.pi_provider_dev 691 #define pi_provider_handle piu.piu_v1.pi_provider_handle 692 #define pi_ops_vector piu.piu_v1.pi_ops_vector 693 #define pi_mech_list_count piu.piu_v1.pi_mech_list_count 694 #define pi_mechanisms piu.piu_v1.pi_mechanisms 695 #define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count 696 #define pi_logical_providers piu.piu_v1.pi_logical_providers 697 #define pi_flags piu.piu_v2.pi_flags 698 699 /* hidden providers can only be accessed via a logical provider */ 700 #define CRYPTO_HIDE_PROVIDER 1 701 702 /* 703 * Provider status passed by a provider to crypto_provider_notification(9F) 704 * and returned by the provider_stauts(9E) entry point. 705 */ 706 #define CRYPTO_PROVIDER_READY 0 707 #define CRYPTO_PROVIDER_BUSY 1 708 #define CRYPTO_PROVIDER_FAILED 2 709 710 /* 711 * Functions exported by Solaris to cryptographic providers. Providers 712 * call these functions to register and unregister, notify the kernel 713 * of state changes, and notify the kernel when a asynchronous request 714 * completed. 715 */ 716 extern int crypto_register_provider(crypto_provider_info_t *, 717 crypto_kcf_provider_handle_t *); 718 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 719 extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t); 720 extern void crypto_op_notification(crypto_req_handle_t, int); 721 extern int crypto_kmflag(crypto_req_handle_t); 722 723 #endif /* _KERNEL */ 724 725 #ifdef __cplusplus 726 } 727 #endif 728 729 #endif /* _SYS_CRYPTO_SPI_H */ 730