1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_SPI_H 27 #define _SYS_CRYPTO_SPI_H 28 29 /* 30 * CSPI: Cryptographic Service Provider Interface. 31 */ 32 33 #include <sys/types.h> 34 #include <sys/dditypes.h> 35 #include <sys/ddi.h> 36 #include <sys/kmem.h> 37 #include <sys/crypto/common.h> 38 39 #ifdef __cplusplus 40 extern "C" { 41 #endif 42 43 #ifdef _KERNEL 44 45 #define CRYPTO_SPI_VERSION_1 1 46 #define CRYPTO_SPI_VERSION_2 2 47 #define CRYPTO_SPI_VERSION_3 3 48 49 /* 50 * Provider-private handle. This handle is specified by a provider 51 * when it registers by means of the pi_provider_handle field of 52 * the crypto_provider_info structure, and passed to the provider 53 * when its entry points are invoked. 54 */ 55 typedef void *crypto_provider_handle_t; 56 57 /* 58 * Context templates can be used to by software providers to pre-process 59 * keying material, such as key schedules. They are allocated by 60 * a software provider create_ctx_template(9E) entry point, and passed 61 * as argument to initialization and atomic provider entry points. 62 */ 63 typedef void *crypto_spi_ctx_template_t; 64 65 /* 66 * Request handles are used by the kernel to identify an asynchronous 67 * request being processed by a provider. It is passed by the kernel 68 * to a hardware provider when submitting a request, and must be 69 * specified by a provider when calling crypto_op_notification(9F) 70 */ 71 typedef void *crypto_req_handle_t; 72 73 /* Values for cc_flags field */ 74 #define CRYPTO_INIT_OPSTATE 0x00000001 /* allocate and init cc_opstate */ 75 #define CRYPTO_USE_OPSTATE 0x00000002 /* .. start using it as context */ 76 77 /* 78 * The context structure is passed from the kernel to a provider. 79 * It contains the information needed to process a multi-part or 80 * single part operation. The context structure is not used 81 * by atomic operations. 82 * 83 * Parameters needed to perform a cryptographic operation, such 84 * as keys, mechanisms, input and output buffers, are passed 85 * as separate arguments to Provider routines. 86 */ 87 typedef struct crypto_ctx { 88 crypto_provider_handle_t cc_provider; 89 crypto_session_id_t cc_session; 90 void *cc_provider_private; /* owned by provider */ 91 void *cc_framework_private; /* owned by framework */ 92 uint32_t cc_flags; /* flags */ 93 void *cc_opstate; /* state */ 94 } crypto_ctx_t; 95 96 /* 97 * Extended provider information. 98 */ 99 100 /* 101 * valid values for ei_flags field of extended info structure 102 * They match the RSA Security, Inc PKCS#11 tokenInfo flags. 103 */ 104 #define CRYPTO_EXTF_RNG 0x00000001 105 #define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002 106 #define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004 107 #define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008 108 #define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040 109 #define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100 110 #define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200 111 #define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400 112 #define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000 113 #define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000 114 #define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000 115 #define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000 116 #define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000 117 #define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000 118 #define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000 119 #define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000 120 121 /* 122 * The crypto_control_ops structure contains pointers to control 123 * operations for cryptographic providers. It is passed through 124 * the crypto_ops(9S) structure when providers register with the 125 * kernel using crypto_register_provider(9F). 126 */ 127 typedef struct crypto_control_ops { 128 void (*provider_status)(crypto_provider_handle_t, uint_t *); 129 } crypto_control_ops_t; 130 131 /* 132 * The crypto_ctx_ops structure contains points to context and context 133 * templates management operations for cryptographic providers. It is 134 * passed through the crypto_ops(9S) structure when providers register 135 * with the kernel using crypto_register_provider(9F). 136 */ 137 typedef struct crypto_ctx_ops { 138 int (*create_ctx_template)(crypto_provider_handle_t, 139 crypto_mechanism_t *, crypto_key_t *, 140 crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); 141 int (*free_context)(crypto_ctx_t *); 142 } crypto_ctx_ops_t; 143 144 /* 145 * The crypto_digest_ops structure contains pointers to digest 146 * operations for cryptographic providers. It is passed through 147 * the crypto_ops(9S) structure when providers register with the 148 * kernel using crypto_register_provider(9F). 149 */ 150 typedef struct crypto_digest_ops { 151 int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *, 152 crypto_req_handle_t); 153 int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 154 crypto_req_handle_t); 155 int (*digest_update)(crypto_ctx_t *, crypto_data_t *, 156 crypto_req_handle_t); 157 int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t); 158 int (*digest_final)(crypto_ctx_t *, crypto_data_t *, 159 crypto_req_handle_t); 160 int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, 161 crypto_mechanism_t *, crypto_data_t *, 162 crypto_data_t *, crypto_req_handle_t); 163 } crypto_digest_ops_t; 164 165 /* 166 * The crypto_cipher_ops structure contains pointers to encryption 167 * and decryption operations for cryptographic providers. It is 168 * passed through the crypto_ops(9S) structure when providers register 169 * with the kernel using crypto_register_provider(9F). 170 */ 171 typedef struct crypto_cipher_ops { 172 int (*encrypt_init)(crypto_ctx_t *, 173 crypto_mechanism_t *, crypto_key_t *, 174 crypto_spi_ctx_template_t, crypto_req_handle_t); 175 int (*encrypt)(crypto_ctx_t *, 176 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 177 int (*encrypt_update)(crypto_ctx_t *, 178 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 179 int (*encrypt_final)(crypto_ctx_t *, 180 crypto_data_t *, crypto_req_handle_t); 181 int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 182 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 183 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 184 185 int (*decrypt_init)(crypto_ctx_t *, 186 crypto_mechanism_t *, crypto_key_t *, 187 crypto_spi_ctx_template_t, crypto_req_handle_t); 188 int (*decrypt)(crypto_ctx_t *, 189 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 190 int (*decrypt_update)(crypto_ctx_t *, 191 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 192 int (*decrypt_final)(crypto_ctx_t *, 193 crypto_data_t *, crypto_req_handle_t); 194 int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 195 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 196 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 197 } crypto_cipher_ops_t; 198 199 /* 200 * The crypto_mac_ops structure contains pointers to MAC 201 * operations for cryptographic providers. It is passed through 202 * the crypto_ops(9S) structure when providers register with the 203 * kernel using crypto_register_provider(9F). 204 */ 205 typedef struct crypto_mac_ops { 206 int (*mac_init)(crypto_ctx_t *, 207 crypto_mechanism_t *, crypto_key_t *, 208 crypto_spi_ctx_template_t, crypto_req_handle_t); 209 int (*mac)(crypto_ctx_t *, 210 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 211 int (*mac_update)(crypto_ctx_t *, 212 crypto_data_t *, crypto_req_handle_t); 213 int (*mac_final)(crypto_ctx_t *, 214 crypto_data_t *, crypto_req_handle_t); 215 int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 216 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 217 crypto_data_t *, crypto_spi_ctx_template_t, 218 crypto_req_handle_t); 219 int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 220 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 221 crypto_data_t *, crypto_spi_ctx_template_t, 222 crypto_req_handle_t); 223 } crypto_mac_ops_t; 224 225 /* 226 * The crypto_sign_ops structure contains pointers to signing 227 * operations for cryptographic providers. It is passed through 228 * the crypto_ops(9S) structure when providers register with the 229 * kernel using crypto_register_provider(9F). 230 */ 231 typedef struct crypto_sign_ops { 232 int (*sign_init)(crypto_ctx_t *, 233 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 234 crypto_req_handle_t); 235 int (*sign)(crypto_ctx_t *, 236 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 237 int (*sign_update)(crypto_ctx_t *, 238 crypto_data_t *, crypto_req_handle_t); 239 int (*sign_final)(crypto_ctx_t *, 240 crypto_data_t *, crypto_req_handle_t); 241 int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t, 242 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 243 crypto_data_t *, crypto_spi_ctx_template_t, 244 crypto_req_handle_t); 245 int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 246 crypto_key_t *, crypto_spi_ctx_template_t, 247 crypto_req_handle_t); 248 int (*sign_recover)(crypto_ctx_t *, 249 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 250 int (*sign_recover_atomic)(crypto_provider_handle_t, 251 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 252 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 253 crypto_req_handle_t); 254 } crypto_sign_ops_t; 255 256 /* 257 * The crypto_verify_ops structure contains pointers to verify 258 * operations for cryptographic providers. It is passed through 259 * the crypto_ops(9S) structure when providers register with the 260 * kernel using crypto_register_provider(9F). 261 */ 262 typedef struct crypto_verify_ops { 263 int (*verify_init)(crypto_ctx_t *, 264 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 265 crypto_req_handle_t); 266 int (*verify)(crypto_ctx_t *, 267 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 268 int (*verify_update)(crypto_ctx_t *, 269 crypto_data_t *, crypto_req_handle_t); 270 int (*verify_final)(crypto_ctx_t *, 271 crypto_data_t *, crypto_req_handle_t); 272 int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 273 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 274 crypto_data_t *, crypto_spi_ctx_template_t, 275 crypto_req_handle_t); 276 int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 277 crypto_key_t *, crypto_spi_ctx_template_t, 278 crypto_req_handle_t); 279 int (*verify_recover)(crypto_ctx_t *, 280 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 281 int (*verify_recover_atomic)(crypto_provider_handle_t, 282 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 283 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 284 crypto_req_handle_t); 285 } crypto_verify_ops_t; 286 287 /* 288 * The crypto_dual_ops structure contains pointers to dual 289 * cipher and sign/verify operations for cryptographic providers. 290 * It is passed through the crypto_ops(9S) structure when 291 * providers register with the kernel using 292 * crypto_register_provider(9F). 293 */ 294 typedef struct crypto_dual_ops { 295 int (*digest_encrypt_update)( 296 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 297 crypto_data_t *, crypto_req_handle_t); 298 int (*decrypt_digest_update)( 299 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 300 crypto_data_t *, crypto_req_handle_t); 301 int (*sign_encrypt_update)( 302 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 303 crypto_data_t *, crypto_req_handle_t); 304 int (*decrypt_verify_update)( 305 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 306 crypto_data_t *, crypto_req_handle_t); 307 } crypto_dual_ops_t; 308 309 /* 310 * The crypto_dual_cipher_mac_ops structure contains pointers to dual 311 * cipher and MAC operations for cryptographic providers. 312 * It is passed through the crypto_ops(9S) structure when 313 * providers register with the kernel using 314 * crypto_register_provider(9F). 315 */ 316 typedef struct crypto_dual_cipher_mac_ops { 317 int (*encrypt_mac_init)(crypto_ctx_t *, 318 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 319 crypto_key_t *, crypto_spi_ctx_template_t, 320 crypto_spi_ctx_template_t, crypto_req_handle_t); 321 int (*encrypt_mac)(crypto_ctx_t *, 322 crypto_data_t *, crypto_dual_data_t *, crypto_data_t *, 323 crypto_req_handle_t); 324 int (*encrypt_mac_update)(crypto_ctx_t *, 325 crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t); 326 int (*encrypt_mac_final)(crypto_ctx_t *, 327 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 328 int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 329 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 330 crypto_key_t *, crypto_data_t *, crypto_dual_data_t *, 331 crypto_data_t *, crypto_spi_ctx_template_t, 332 crypto_spi_ctx_template_t, crypto_req_handle_t); 333 334 int (*mac_decrypt_init)(crypto_ctx_t *, 335 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 336 crypto_key_t *, crypto_spi_ctx_template_t, 337 crypto_spi_ctx_template_t, crypto_req_handle_t); 338 int (*mac_decrypt)(crypto_ctx_t *, 339 crypto_dual_data_t *, crypto_data_t *, crypto_data_t *, 340 crypto_req_handle_t); 341 int (*mac_decrypt_update)(crypto_ctx_t *, 342 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 343 int (*mac_decrypt_final)(crypto_ctx_t *, 344 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 345 int (*mac_decrypt_atomic)(crypto_provider_handle_t, 346 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 347 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 348 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 349 crypto_spi_ctx_template_t, crypto_req_handle_t); 350 int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t, 351 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 352 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 353 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 354 crypto_spi_ctx_template_t, crypto_req_handle_t); 355 } crypto_dual_cipher_mac_ops_t; 356 357 /* 358 * The crypto_random_number_ops structure contains pointers to random 359 * number operations for cryptographic providers. It is passed through 360 * the crypto_ops(9S) structure when providers register with the 361 * kernel using crypto_register_provider(9F). 362 */ 363 typedef struct crypto_random_number_ops { 364 int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t, 365 uchar_t *, size_t, uint_t, uint32_t, crypto_req_handle_t); 366 int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t, 367 uchar_t *, size_t, crypto_req_handle_t); 368 } crypto_random_number_ops_t; 369 370 /* 371 * Flag values for seed_random. 372 */ 373 #define CRYPTO_SEED_NOW 0x00000001 374 375 /* 376 * The crypto_session_ops structure contains pointers to session 377 * operations for cryptographic providers. It is passed through 378 * the crypto_ops(9S) structure when providers register with the 379 * kernel using crypto_register_provider(9F). 380 */ 381 typedef struct crypto_session_ops { 382 int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *, 383 crypto_req_handle_t); 384 int (*session_close)(crypto_provider_handle_t, crypto_session_id_t, 385 crypto_req_handle_t); 386 int (*session_login)(crypto_provider_handle_t, crypto_session_id_t, 387 crypto_user_type_t, char *, size_t, crypto_req_handle_t); 388 int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t, 389 crypto_req_handle_t); 390 } crypto_session_ops_t; 391 392 /* 393 * The crypto_object_ops structure contains pointers to object 394 * operations for cryptographic providers. It is passed through 395 * the crypto_ops(9S) structure when providers register with the 396 * kernel using crypto_register_provider(9F). 397 */ 398 typedef struct crypto_object_ops { 399 int (*object_create)(crypto_provider_handle_t, crypto_session_id_t, 400 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 401 crypto_req_handle_t); 402 int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t, 403 crypto_object_id_t, crypto_object_attribute_t *, uint_t, 404 crypto_object_id_t *, crypto_req_handle_t); 405 int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t, 406 crypto_object_id_t, crypto_req_handle_t); 407 int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t, 408 crypto_object_id_t, size_t *, crypto_req_handle_t); 409 int (*object_get_attribute_value)(crypto_provider_handle_t, 410 crypto_session_id_t, crypto_object_id_t, 411 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 412 int (*object_set_attribute_value)(crypto_provider_handle_t, 413 crypto_session_id_t, crypto_object_id_t, 414 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 415 int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t, 416 crypto_object_attribute_t *, uint_t, void **, 417 crypto_req_handle_t); 418 int (*object_find)(crypto_provider_handle_t, void *, 419 crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t); 420 int (*object_find_final)(crypto_provider_handle_t, void *, 421 crypto_req_handle_t); 422 } crypto_object_ops_t; 423 424 /* 425 * The crypto_key_ops structure contains pointers to key 426 * operations for cryptographic providers. It is passed through 427 * the crypto_ops(9S) structure when providers register with the 428 * kernel using crypto_register_provider(9F). 429 */ 430 typedef struct crypto_key_ops { 431 int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t, 432 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 433 crypto_object_id_t *, crypto_req_handle_t); 434 int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t, 435 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 436 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 437 crypto_object_id_t *, crypto_req_handle_t); 438 int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t, 439 crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, 440 uchar_t *, size_t *, crypto_req_handle_t); 441 int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t, 442 crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *, 443 crypto_object_attribute_t *, uint_t, 444 crypto_object_id_t *, crypto_req_handle_t); 445 int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t, 446 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, 447 uint_t, crypto_object_id_t *, crypto_req_handle_t); 448 int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *, 449 crypto_key_t *); 450 } crypto_key_ops_t; 451 452 /* 453 * The crypto_provider_management_ops structure contains pointers 454 * to management operations for cryptographic providers. It is passed 455 * through the crypto_ops(9S) structure when providers register with the 456 * kernel using crypto_register_provider(9F). 457 */ 458 typedef struct crypto_provider_management_ops { 459 int (*ext_info)(crypto_provider_handle_t, 460 crypto_provider_ext_info_t *, crypto_req_handle_t); 461 int (*init_token)(crypto_provider_handle_t, char *, size_t, 462 char *, crypto_req_handle_t); 463 int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t, 464 char *, size_t, crypto_req_handle_t); 465 int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t, 466 char *, size_t, char *, size_t, crypto_req_handle_t); 467 } crypto_provider_management_ops_t; 468 469 typedef struct crypto_mech_ops { 470 int (*copyin_mechanism)(crypto_provider_handle_t, 471 crypto_mechanism_t *, crypto_mechanism_t *, int *, int); 472 int (*copyout_mechanism)(crypto_provider_handle_t, 473 crypto_mechanism_t *, crypto_mechanism_t *, int *, int); 474 int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *); 475 } crypto_mech_ops_t; 476 477 typedef struct crypto_nostore_key_ops { 478 int (*nostore_key_generate)(crypto_provider_handle_t, 479 crypto_session_id_t, crypto_mechanism_t *, 480 crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *, 481 uint_t, crypto_req_handle_t); 482 int (*nostore_key_generate_pair)(crypto_provider_handle_t, 483 crypto_session_id_t, crypto_mechanism_t *, 484 crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *, 485 uint_t, crypto_object_attribute_t *, uint_t, 486 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 487 int (*nostore_key_derive)(crypto_provider_handle_t, crypto_session_id_t, 488 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, 489 uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 490 } crypto_nostore_key_ops_t; 491 492 /* 493 * The crypto_ops(9S) structure contains the structures containing 494 * the pointers to functions implemented by cryptographic providers. 495 * It is specified as part of the crypto_provider_info(9S) 496 * supplied by a provider when it registers with the kernel 497 * by calling crypto_register_provider(9F). 498 */ 499 typedef struct crypto_ops_v1 { 500 crypto_control_ops_t *co_control_ops; 501 crypto_digest_ops_t *co_digest_ops; 502 crypto_cipher_ops_t *co_cipher_ops; 503 crypto_mac_ops_t *co_mac_ops; 504 crypto_sign_ops_t *co_sign_ops; 505 crypto_verify_ops_t *co_verify_ops; 506 crypto_dual_ops_t *co_dual_ops; 507 crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops; 508 crypto_random_number_ops_t *co_random_ops; 509 crypto_session_ops_t *co_session_ops; 510 crypto_object_ops_t *co_object_ops; 511 crypto_key_ops_t *co_key_ops; 512 crypto_provider_management_ops_t *co_provider_ops; 513 crypto_ctx_ops_t *co_ctx_ops; 514 } crypto_ops_v1_t; 515 516 typedef struct crypto_ops_v2 { 517 crypto_ops_v1_t v1_ops; 518 crypto_mech_ops_t *co_mech_ops; 519 } crypto_ops_v2_t; 520 521 typedef struct crypto_ops_v3 { 522 crypto_ops_v2_t v2_ops; 523 crypto_nostore_key_ops_t *co_nostore_key_ops; 524 } crypto_ops_v3_t; 525 526 typedef struct crypto_ops { 527 union { 528 crypto_ops_v3_t cou_v3; 529 crypto_ops_v2_t cou_v2; 530 crypto_ops_v1_t cou_v1; 531 } cou; 532 } crypto_ops_t; 533 534 #define co_control_ops cou.cou_v1.co_control_ops 535 #define co_digest_ops cou.cou_v1.co_digest_ops 536 #define co_cipher_ops cou.cou_v1.co_cipher_ops 537 #define co_mac_ops cou.cou_v1.co_mac_ops 538 #define co_sign_ops cou.cou_v1.co_sign_ops 539 #define co_verify_ops cou.cou_v1.co_verify_ops 540 #define co_dual_ops cou.cou_v1.co_dual_ops 541 #define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops 542 #define co_random_ops cou.cou_v1.co_random_ops 543 #define co_session_ops cou.cou_v1.co_session_ops 544 #define co_object_ops cou.cou_v1.co_object_ops 545 #define co_key_ops cou.cou_v1.co_key_ops 546 #define co_provider_ops cou.cou_v1.co_provider_ops 547 #define co_ctx_ops cou.cou_v1.co_ctx_ops 548 #define co_mech_ops cou.cou_v2.co_mech_ops 549 #define co_nostore_key_ops cou.cou_v3.co_nostore_key_ops 550 551 /* 552 * Provider device specification passed during registration. 553 * 554 * Software providers set the pi_provider_type field of provider_info_t 555 * to CRYPTO_SW_PROVIDER, and set the pd_sw field of 556 * crypto_provider_dev_t to the address of their modlinkage. 557 * 558 * Hardware providers set the pi_provider_type field of provider_info_t 559 * to CRYPTO_HW_PROVIDER, and set the pd_hw field of 560 * crypto_provider_dev_t to the dev_info structure corresponding 561 * to the device instance being registered. 562 * 563 * Logical providers set the pi_provider_type field of provider_info_t 564 * to CRYPTO_LOGICAL_PROVIDER, and set the pd_hw field of 565 * crypto_provider_dev_t to the dev_info structure corresponding 566 * to the device instance being registered. 567 */ 568 569 typedef union crypto_provider_dev { 570 struct modlinkage *pd_sw; /* for CRYPTO_SW_PROVIDER */ 571 dev_info_t *pd_hw; /* for CRYPTO_HW_PROVIDER */ 572 } crypto_provider_dev_t; 573 574 /* 575 * The mechanism info structure crypto_mech_info_t contains a function group 576 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 577 * specifies the provider entry point that can be used a particular 578 * mechanism. The function group mask is a combination of the following values. 579 */ 580 581 typedef uint32_t crypto_func_group_t; 582 583 #endif /* _KERNEL */ 584 585 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ 586 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ 587 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ 588 #define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */ 589 #define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */ 590 #define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */ 591 #define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */ 592 #define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */ 593 #define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */ 594 #define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */ 595 #define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */ 596 #define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */ 597 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 598 #define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */ 599 #define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */ 600 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 601 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 602 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 603 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ 604 #define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */ 605 #define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */ 606 #define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */ 607 #define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */ 608 #define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */ 609 #define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */ 610 #define CRYPTO_FG_RESERVED 0x80000000 611 612 /* 613 * Maximum length of the pi_provider_description field of the 614 * crypto_provider_info structure. 615 */ 616 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 617 618 #ifdef _KERNEL 619 620 /* Bit mask for all the simple operations */ 621 #define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \ 622 CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \ 623 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \ 624 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \ 625 CRYPTO_FG_VERIFY_ATOMIC) 626 627 /* Bit mask for all the dual operations */ 628 #define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \ 629 CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \ 630 CRYPTO_FG_MAC_DECRYPT_ATOMIC) 631 632 /* Add other combos to CRYPTO_FG_DUAL_MASK */ 633 #define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK 634 635 /* 636 * The crypto_mech_info structure specifies one of the mechanisms 637 * supported by a cryptographic provider. The pi_mechanisms field of 638 * the crypto_provider_info structure contains a pointer to an array 639 * of crypto_mech_info's. 640 */ 641 typedef struct crypto_mech_info { 642 crypto_mech_name_t cm_mech_name; 643 crypto_mech_type_t cm_mech_number; 644 crypto_func_group_t cm_func_group_mask; 645 ssize_t cm_min_key_length; 646 ssize_t cm_max_key_length; 647 uint32_t cm_mech_flags; 648 } crypto_mech_info_t; 649 650 /* Alias the old name to the new name for compatibility. */ 651 #define cm_keysize_unit cm_mech_flags 652 653 /* 654 * The following is used by a provider that sets 655 * CRYPTO_HASH_NO_UPDATE. It needs to specify the maximum 656 * input data size it can digest in this field. 657 */ 658 #define cm_max_input_length cm_max_key_length 659 660 /* 661 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 662 * It is returned after the provider registers with 663 * crypto_register_provider(), and must be specified by the provider 664 * when calling crypto_unregister_provider(), and 665 * crypto_provider_notification(). 666 */ 667 typedef uint_t crypto_kcf_provider_handle_t; 668 669 /* 670 * Provider information. Passed as argument to crypto_register_provider(9F). 671 * Describes the provider and its capabilities. Multiple providers can 672 * register for the same device instance. In this case, the same 673 * pi_provider_dev must be specified with a different pi_provider_handle. 674 */ 675 typedef struct crypto_provider_info_v1 { 676 uint_t pi_interface_version; 677 char *pi_provider_description; 678 crypto_provider_type_t pi_provider_type; 679 crypto_provider_dev_t pi_provider_dev; 680 crypto_provider_handle_t pi_provider_handle; 681 crypto_ops_t *pi_ops_vector; 682 uint_t pi_mech_list_count; 683 crypto_mech_info_t *pi_mechanisms; 684 uint_t pi_logical_provider_count; 685 crypto_kcf_provider_handle_t *pi_logical_providers; 686 } crypto_provider_info_v1_t; 687 688 typedef struct crypto_provider_info_v2 { 689 crypto_provider_info_v1_t v1_info; 690 uint_t pi_flags; 691 } crypto_provider_info_v2_t; 692 693 typedef struct crypto_provider_info { 694 union { 695 crypto_provider_info_v2_t piu_v2; 696 crypto_provider_info_v1_t piu_v1; 697 } piu; 698 } crypto_provider_info_t; 699 700 #define pi_interface_version piu.piu_v1.pi_interface_version 701 #define pi_provider_description piu.piu_v1.pi_provider_description 702 #define pi_provider_type piu.piu_v1.pi_provider_type 703 #define pi_provider_dev piu.piu_v1.pi_provider_dev 704 #define pi_provider_handle piu.piu_v1.pi_provider_handle 705 #define pi_ops_vector piu.piu_v1.pi_ops_vector 706 #define pi_mech_list_count piu.piu_v1.pi_mech_list_count 707 #define pi_mechanisms piu.piu_v1.pi_mechanisms 708 #define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count 709 #define pi_logical_providers piu.piu_v1.pi_logical_providers 710 #define pi_flags piu.piu_v2.pi_flags 711 712 /* hidden providers can only be accessed via a logical provider */ 713 #define CRYPTO_HIDE_PROVIDER 0x00000001 714 /* 715 * provider can not do multi-part digest (updates) and has a limit 716 * on maximum input data that it can digest. 717 */ 718 #define CRYPTO_HASH_NO_UPDATE 0x00000002 719 720 /* provider can handle the request without returning a CRYPTO_QUEUED */ 721 #define CRYPTO_SYNCHRONOUS 0x00000004 722 723 #define CRYPTO_PIFLAGS_RESERVED2 0x40000000 724 #define CRYPTO_PIFLAGS_RESERVED1 0x80000000 725 726 /* 727 * Provider status passed by a provider to crypto_provider_notification(9F) 728 * and returned by the provider_stauts(9E) entry point. 729 */ 730 #define CRYPTO_PROVIDER_READY 0 731 #define CRYPTO_PROVIDER_BUSY 1 732 #define CRYPTO_PROVIDER_FAILED 2 733 734 /* 735 * Functions exported by Solaris to cryptographic providers. Providers 736 * call these functions to register and unregister, notify the kernel 737 * of state changes, and notify the kernel when a asynchronous request 738 * completed. 739 */ 740 extern int crypto_register_provider(crypto_provider_info_t *, 741 crypto_kcf_provider_handle_t *); 742 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 743 extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t); 744 extern void crypto_op_notification(crypto_req_handle_t, int); 745 extern int crypto_kmflag(crypto_req_handle_t); 746 747 #endif /* _KERNEL */ 748 749 #ifdef __cplusplus 750 } 751 #endif 752 753 #endif /* _SYS_CRYPTO_SPI_H */ 754