1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SYS_CRYPTO_SPI_H 28 #define _SYS_CRYPTO_SPI_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 /* 33 * CSPI: Cryptographic Service Provider Interface. 34 */ 35 36 #include <sys/types.h> 37 #include <sys/dditypes.h> 38 #include <sys/ddi.h> 39 #include <sys/kmem.h> 40 #include <sys/crypto/common.h> 41 42 #ifdef __cplusplus 43 extern "C" { 44 #endif 45 46 #ifdef _KERNEL 47 48 #define CRYPTO_SPI_VERSION_1 1 49 50 /* 51 * Provider-private handle. This handle is specified by a provider 52 * when it registers by means of the pi_provider_handle field of 53 * the crypto_provider_info structure, and passed to the provider 54 * when its entry points are invoked. 55 */ 56 typedef void *crypto_provider_handle_t; 57 58 /* 59 * Context templates can be used to by software providers to pre-process 60 * keying material, such as key schedules. They are allocated by 61 * a software provider create_ctx_template(9E) entry point, and passed 62 * as argument to initialization and atomic provider entry points. 63 */ 64 typedef void *crypto_spi_ctx_template_t; 65 66 /* 67 * Request handles are used by the kernel to identify an asynchronous 68 * request being processed by a provider. It is passed by the kernel 69 * to a hardware provider when submitting a request, and must be 70 * specified by a provider when calling crypto_op_notification(9F) 71 */ 72 typedef void *crypto_req_handle_t; 73 74 /* 75 * The context structure is passed from the kernel to a provider. 76 * It contains the information needed to process a multi-part or 77 * single part operation. The context structure is not used 78 * by atomic operations. 79 * 80 * Parameters needed to perform a cryptographic operation, such 81 * as keys, mechanisms, input and output buffers, are passed 82 * as separate arguments to Provider routines. 83 */ 84 typedef struct crypto_ctx { 85 crypto_provider_handle_t cc_provider; 86 crypto_session_id_t cc_session; 87 void *cc_provider_private; /* owned by provider */ 88 void *cc_framework_private; /* owned by framework */ 89 } crypto_ctx_t; 90 91 /* 92 * Extended provider information. 93 */ 94 95 /* 96 * valid values for ei_flags field of extended info structure 97 * They match the RSA Security, Inc PKCS#11 tokenInfo flags. 98 */ 99 #define CRYPTO_EXTF_RNG 0x00000001 100 #define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002 101 #define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004 102 #define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008 103 #define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040 104 #define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100 105 #define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200 106 #define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400 107 #define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000 108 #define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000 109 #define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000 110 #define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000 111 #define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000 112 #define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000 113 #define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000 114 #define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000 115 116 #endif /* _KERNEL */ 117 118 #define CRYPTO_EXT_SIZE_LABEL 32 119 #define CRYPTO_EXT_SIZE_MANUF 32 120 #define CRYPTO_EXT_SIZE_MODEL 16 121 #define CRYPTO_EXT_SIZE_SERIAL 16 122 #define CRYPTO_EXT_SIZE_TIME 16 123 124 #ifdef _KERNEL 125 126 typedef struct crypto_provider_ext_info { 127 uchar_t ei_label[CRYPTO_EXT_SIZE_LABEL]; 128 uchar_t ei_manufacturerID[CRYPTO_EXT_SIZE_MANUF]; 129 uchar_t ei_model[CRYPTO_EXT_SIZE_MODEL]; 130 uchar_t ei_serial_number[CRYPTO_EXT_SIZE_SERIAL]; 131 ulong_t ei_flags; 132 ulong_t ei_max_session_count; 133 ulong_t ei_max_pin_len; 134 ulong_t ei_min_pin_len; 135 ulong_t ei_total_public_memory; 136 ulong_t ei_free_public_memory; 137 ulong_t ei_total_private_memory; 138 ulong_t ei_free_private_memory; 139 crypto_version_t ei_hardware_version; 140 crypto_version_t ei_firmware_version; 141 uchar_t ei_time[CRYPTO_EXT_SIZE_TIME]; 142 } crypto_provider_ext_info_t; 143 144 /* 145 * The crypto_control_ops structure contains pointers to control 146 * operations for cryptographic providers. It is passed through 147 * the crypto_ops(9S) structure when providers register with the 148 * kernel using crypto_register_provider(9F). 149 */ 150 typedef struct crypto_control_ops { 151 void (*provider_status)(crypto_provider_handle_t, uint_t *); 152 } crypto_control_ops_t; 153 154 /* 155 * The crypto_ctx_ops structure contains points to context and context 156 * templates management operations for cryptographic providers. It is 157 * passed through the crypto_ops(9S) structure when providers register 158 * with the kernel using crypto_register_provider(9F). 159 */ 160 typedef struct crypto_ctx_ops { 161 int (*create_ctx_template)(crypto_provider_handle_t, 162 crypto_mechanism_t *, crypto_key_t *, 163 crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); 164 int (*free_context)(crypto_ctx_t *); 165 } crypto_ctx_ops_t; 166 167 /* 168 * The crypto_digest_ops structure contains pointers to digest 169 * operations for cryptographic providers. It is passed through 170 * the crypto_ops(9S) structure when providers register with the 171 * kernel using crypto_register_provider(9F). 172 */ 173 typedef struct crypto_digest_ops { 174 int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *, 175 crypto_req_handle_t); 176 int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 177 crypto_req_handle_t); 178 int (*digest_update)(crypto_ctx_t *, crypto_data_t *, 179 crypto_req_handle_t); 180 int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t); 181 int (*digest_final)(crypto_ctx_t *, crypto_data_t *, 182 crypto_req_handle_t); 183 int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, 184 crypto_mechanism_t *, crypto_data_t *, 185 crypto_data_t *, crypto_req_handle_t); 186 } crypto_digest_ops_t; 187 188 /* 189 * The crypto_cipher_ops structure contains pointers to encryption 190 * and decryption operations for cryptographic providers. It is 191 * passed through the crypto_ops(9S) structure when providers register 192 * with the kernel using crypto_register_provider(9F). 193 */ 194 typedef struct crypto_cipher_ops { 195 int (*encrypt_init)(crypto_ctx_t *, 196 crypto_mechanism_t *, crypto_key_t *, 197 crypto_spi_ctx_template_t, crypto_req_handle_t); 198 int (*encrypt)(crypto_ctx_t *, 199 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 200 int (*encrypt_update)(crypto_ctx_t *, 201 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 202 int (*encrypt_final)(crypto_ctx_t *, 203 crypto_data_t *, crypto_req_handle_t); 204 int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 205 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 206 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 207 208 int (*decrypt_init)(crypto_ctx_t *, 209 crypto_mechanism_t *, crypto_key_t *, 210 crypto_spi_ctx_template_t, crypto_req_handle_t); 211 int (*decrypt)(crypto_ctx_t *, 212 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 213 int (*decrypt_update)(crypto_ctx_t *, 214 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 215 int (*decrypt_final)(crypto_ctx_t *, 216 crypto_data_t *, crypto_req_handle_t); 217 int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, 218 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 219 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 220 } crypto_cipher_ops_t; 221 222 /* 223 * The crypto_mac_ops structure contains pointers to MAC 224 * operations for cryptographic providers. It is passed through 225 * the crypto_ops(9S) structure when providers register with the 226 * kernel using crypto_register_provider(9F). 227 */ 228 typedef struct crypto_mac_ops { 229 int (*mac_init)(crypto_ctx_t *, 230 crypto_mechanism_t *, crypto_key_t *, 231 crypto_spi_ctx_template_t, crypto_req_handle_t); 232 int (*mac)(crypto_ctx_t *, 233 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 234 int (*mac_update)(crypto_ctx_t *, 235 crypto_data_t *, crypto_req_handle_t); 236 int (*mac_final)(crypto_ctx_t *, 237 crypto_data_t *, crypto_req_handle_t); 238 int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 239 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 240 crypto_data_t *, crypto_spi_ctx_template_t, 241 crypto_req_handle_t); 242 int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 243 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 244 crypto_data_t *, crypto_spi_ctx_template_t, 245 crypto_req_handle_t); 246 } crypto_mac_ops_t; 247 248 /* 249 * The crypto_sign_ops structure contains pointers to signing 250 * operations for cryptographic providers. It is passed through 251 * the crypto_ops(9S) structure when providers register with the 252 * kernel using crypto_register_provider(9F). 253 */ 254 typedef struct crypto_sign_ops { 255 int (*sign_init)(crypto_ctx_t *, 256 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 257 crypto_req_handle_t); 258 int (*sign)(crypto_ctx_t *, 259 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 260 int (*sign_update)(crypto_ctx_t *, 261 crypto_data_t *, crypto_req_handle_t); 262 int (*sign_final)(crypto_ctx_t *, 263 crypto_data_t *, crypto_req_handle_t); 264 int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t, 265 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 266 crypto_data_t *, crypto_spi_ctx_template_t, 267 crypto_req_handle_t); 268 int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 269 crypto_key_t *, crypto_spi_ctx_template_t, 270 crypto_req_handle_t); 271 int (*sign_recover)(crypto_ctx_t *, 272 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 273 int (*sign_recover_atomic)(crypto_provider_handle_t, 274 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 275 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 276 crypto_req_handle_t); 277 } crypto_sign_ops_t; 278 279 /* 280 * The crypto_verify_ops structure contains pointers to verify 281 * operations for cryptographic providers. It is passed through 282 * the crypto_ops(9S) structure when providers register with the 283 * kernel using crypto_register_provider(9F). 284 */ 285 typedef struct crypto_verify_ops { 286 int (*verify_init)(crypto_ctx_t *, 287 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, 288 crypto_req_handle_t); 289 int (*verify)(crypto_ctx_t *, 290 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 291 int (*verify_update)(crypto_ctx_t *, 292 crypto_data_t *, crypto_req_handle_t); 293 int (*verify_final)(crypto_ctx_t *, 294 crypto_data_t *, crypto_req_handle_t); 295 int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, 296 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 297 crypto_data_t *, crypto_spi_ctx_template_t, 298 crypto_req_handle_t); 299 int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, 300 crypto_key_t *, crypto_spi_ctx_template_t, 301 crypto_req_handle_t); 302 int (*verify_recover)(crypto_ctx_t *, 303 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 304 int (*verify_recover_atomic)(crypto_provider_handle_t, 305 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 306 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 307 crypto_req_handle_t); 308 } crypto_verify_ops_t; 309 310 /* 311 * The crypto_dual_ops structure contains pointers to dual 312 * cipher and sign/verify operations for cryptographic providers. 313 * It is passed through the crypto_ops(9S) structure when 314 * providers register with the kernel using 315 * crypto_register_provider(9F). 316 */ 317 typedef struct crypto_dual_ops { 318 int (*digest_encrypt_update)( 319 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 320 crypto_data_t *, crypto_req_handle_t); 321 int (*decrypt_digest_update)( 322 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 323 crypto_data_t *, crypto_req_handle_t); 324 int (*sign_encrypt_update)( 325 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 326 crypto_data_t *, crypto_req_handle_t); 327 int (*decrypt_verify_update)( 328 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, 329 crypto_data_t *, crypto_req_handle_t); 330 } crypto_dual_ops_t; 331 332 /* 333 * The crypto_dual_cipher_mac_ops structure contains pointers to dual 334 * cipher and MAC operations for cryptographic providers. 335 * It is passed through the crypto_ops(9S) structure when 336 * providers register with the kernel using 337 * crypto_register_provider(9F). 338 */ 339 typedef struct crypto_dual_cipher_mac_ops { 340 int (*encrypt_mac_init)(crypto_ctx_t *, 341 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 342 crypto_key_t *, crypto_spi_ctx_template_t, 343 crypto_spi_ctx_template_t, crypto_req_handle_t); 344 int (*encrypt_mac)(crypto_ctx_t *, 345 crypto_data_t *, crypto_dual_data_t *, crypto_data_t *, 346 crypto_req_handle_t); 347 int (*encrypt_mac_update)(crypto_ctx_t *, 348 crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t); 349 int (*encrypt_mac_final)(crypto_ctx_t *, 350 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 351 int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, 352 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 353 crypto_key_t *, crypto_data_t *, crypto_dual_data_t *, 354 crypto_data_t *, crypto_spi_ctx_template_t, 355 crypto_spi_ctx_template_t, crypto_req_handle_t); 356 357 int (*mac_decrypt_init)(crypto_ctx_t *, 358 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, 359 crypto_key_t *, crypto_spi_ctx_template_t, 360 crypto_spi_ctx_template_t, crypto_req_handle_t); 361 int (*mac_decrypt)(crypto_ctx_t *, 362 crypto_dual_data_t *, crypto_data_t *, crypto_data_t *, 363 crypto_req_handle_t); 364 int (*mac_decrypt_update)(crypto_ctx_t *, 365 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); 366 int (*mac_decrypt_final)(crypto_ctx_t *, 367 crypto_data_t *, crypto_data_t *, crypto_req_handle_t); 368 int (*mac_decrypt_atomic)(crypto_provider_handle_t, 369 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 370 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 371 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 372 crypto_spi_ctx_template_t, crypto_req_handle_t); 373 int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t, 374 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 375 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, 376 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, 377 crypto_spi_ctx_template_t, crypto_req_handle_t); 378 } crypto_dual_cipher_mac_ops_t; 379 380 /* 381 * The crypto_random_number_ops structure contains pointers to random 382 * number operations for cryptographic providers. It is passed through 383 * the crypto_ops(9S) structure when providers register with the 384 * kernel using crypto_register_provider(9F). 385 */ 386 typedef struct crypto_random_number_ops { 387 int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t, 388 uchar_t *, size_t, crypto_req_handle_t); 389 int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t, 390 uchar_t *, size_t, crypto_req_handle_t); 391 } crypto_random_number_ops_t; 392 393 /* 394 * The crypto_session_ops structure contains pointers to session 395 * operations for cryptographic providers. It is passed through 396 * the crypto_ops(9S) structure when providers register with the 397 * kernel using crypto_register_provider(9F). 398 */ 399 typedef struct crypto_session_ops { 400 int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *, 401 crypto_req_handle_t); 402 int (*session_close)(crypto_provider_handle_t, crypto_session_id_t, 403 crypto_req_handle_t); 404 int (*session_login)(crypto_provider_handle_t, crypto_session_id_t, 405 crypto_user_type_t, char *, size_t, crypto_req_handle_t); 406 int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t, 407 crypto_req_handle_t); 408 } crypto_session_ops_t; 409 410 /* 411 * The crypto_object_ops structure contains pointers to object 412 * operations for cryptographic providers. It is passed through 413 * the crypto_ops(9S) structure when providers register with the 414 * kernel using crypto_register_provider(9F). 415 */ 416 typedef struct crypto_object_ops { 417 int (*object_create)(crypto_provider_handle_t, crypto_session_id_t, 418 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 419 crypto_req_handle_t); 420 int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t, 421 crypto_object_id_t, crypto_object_attribute_t *, uint_t, 422 crypto_object_id_t *, crypto_req_handle_t); 423 int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t, 424 crypto_object_id_t, crypto_req_handle_t); 425 int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t, 426 crypto_object_id_t, size_t *, crypto_req_handle_t); 427 int (*object_get_attribute_value)(crypto_provider_handle_t, 428 crypto_session_id_t, crypto_object_id_t, 429 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 430 int (*object_set_attribute_value)(crypto_provider_handle_t, 431 crypto_session_id_t, crypto_object_id_t, 432 crypto_object_attribute_t *, uint_t, crypto_req_handle_t); 433 int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t, 434 crypto_object_attribute_t *, uint_t, void **, 435 crypto_req_handle_t); 436 int (*object_find)(crypto_provider_handle_t, void *, 437 crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t); 438 int (*object_find_final)(crypto_provider_handle_t, void *, 439 crypto_req_handle_t); 440 } crypto_object_ops_t; 441 442 /* 443 * The crypto_key_ops structure contains pointers to key 444 * operations for cryptographic providers. It is passed through 445 * the crypto_ops(9S) structure when providers register with the 446 * kernel using crypto_register_provider(9F). 447 */ 448 typedef struct crypto_key_ops { 449 int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t, 450 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 451 crypto_object_id_t *, crypto_req_handle_t); 452 int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t, 453 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 454 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 455 crypto_object_id_t *, crypto_req_handle_t); 456 int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t, 457 crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, 458 uchar_t *, size_t *, crypto_req_handle_t); 459 int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t, 460 crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *, 461 crypto_object_attribute_t *, uint_t, 462 crypto_object_id_t *, crypto_req_handle_t); 463 int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t, 464 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, 465 uint_t, crypto_object_id_t *, crypto_req_handle_t); 466 int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *, 467 crypto_key_t *); 468 } crypto_key_ops_t; 469 470 /* 471 * The crypto_provider_management_ops structure contains pointers 472 * to management operations for cryptographic providers. It is passed 473 * through the crypto_ops(9S) structure when providers register with the 474 * kernel using crypto_register_provider(9F). 475 */ 476 typedef struct crypto_provider_management_ops { 477 int (*ext_info)(crypto_provider_handle_t, 478 crypto_provider_ext_info_t *, crypto_req_handle_t); 479 int (*init_token)(crypto_provider_handle_t, char *, size_t, 480 char *, crypto_req_handle_t); 481 int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t, 482 char *, size_t, crypto_req_handle_t); 483 int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t, 484 char *, size_t, char *, size_t, crypto_req_handle_t); 485 } crypto_provider_management_ops_t; 486 487 /* 488 * The crypto_ops(9S) structure contains the structures containing 489 * the pointers to functions implemented by cryptographic providers. 490 * It is specified as part of the crypto_provider_info(9S) 491 * supplied by a provider when it registers with the kernel 492 * by calling crypto_register_provider(9F). 493 */ 494 typedef struct crypto_ops { 495 crypto_control_ops_t *control_ops; 496 crypto_digest_ops_t *digest_ops; 497 crypto_cipher_ops_t *cipher_ops; 498 crypto_mac_ops_t *mac_ops; 499 crypto_sign_ops_t *sign_ops; 500 crypto_verify_ops_t *verify_ops; 501 crypto_dual_ops_t *dual_ops; 502 crypto_dual_cipher_mac_ops_t *dual_cipher_mac_ops; 503 crypto_random_number_ops_t *random_ops; 504 crypto_session_ops_t *session_ops; 505 crypto_object_ops_t *object_ops; 506 crypto_key_ops_t *key_ops; 507 crypto_provider_management_ops_t *provider_ops; 508 crypto_ctx_ops_t *ctx_ops; 509 } crypto_ops_t; 510 511 /* 512 * Provider device specification passed during registration. 513 * 514 * Software providers set the pi_provider_type field of provider_info_t 515 * to CRYPTO_SW_PROVIDER, and set the pd_sw field of 516 * crypto_provider_dev_t to the address of their modlinkage. 517 * 518 * Hardware providers set the pi_provider_type field of provider_info_t 519 * to CRYPTO_HW_PROVIDER, and set the pd_hw field of 520 * crypto_provider_dev_t to the dev_info structure corresponding 521 * to the device instance being registered. 522 * 523 * Logical providers set the pi_provider_type field of provider_info_t 524 * to CRYPTO_LOGICAL_PROVIDER, and set the pd_hw field of 525 * crypto_provider_dev_t to the dev_info structure corresponding 526 * to the device instance being registered. 527 */ 528 529 typedef union crypto_provider_dev { 530 struct modlinkage *pd_sw; /* for CRYPTO_SW_PROVIDER */ 531 dev_info_t *pd_hw; /* for CRYPTO_HW_PROVIDER */ 532 } crypto_provider_dev_t; 533 534 /* 535 * The mechanism info structure crypto_mech_info_t contains a function group 536 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 537 * specifies the provider entry point that can be used a particular 538 * mechanism. The function group mask is a combination of the following values. 539 */ 540 541 typedef uint32_t crypto_func_group_t; 542 543 #endif /* _KERNEL */ 544 545 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ 546 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ 547 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ 548 #define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */ 549 #define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */ 550 #define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */ 551 #define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */ 552 #define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */ 553 #define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */ 554 #define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */ 555 #define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */ 556 #define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */ 557 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 558 #define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */ 559 #define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */ 560 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 561 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 562 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 563 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ 564 #define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */ 565 #define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */ 566 #define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */ 567 #define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */ 568 #define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */ 569 #define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */ 570 #define CRYPTO_FG_RESERVED 0x80000000 571 572 /* 573 * Maximum length of the pi_provider_description field of the 574 * crypto_provider_info structure. 575 */ 576 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 577 578 #ifdef _KERNEL 579 580 /* Bit mask for all the simple operations */ 581 #define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \ 582 CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \ 583 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \ 584 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \ 585 CRYPTO_FG_VERIFY_ATOMIC) 586 587 /* Bit mask for all the dual operations */ 588 #define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \ 589 CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \ 590 CRYPTO_FG_MAC_DECRYPT_ATOMIC) 591 592 /* Add other combos to CRYPTO_FG_DUAL_MASK */ 593 #define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK 594 595 /* 596 * The crypto_mech_info structure specifies one of the mechanisms 597 * supported by a cryptographic provider. The pi_mechanisms field of 598 * the crypto_provider_info structure contains a pointer to an array 599 * of crypto_mech_info's. 600 */ 601 typedef struct crypto_mech_info { 602 crypto_mech_name_t cm_mech_name; 603 crypto_mech_type_t cm_mech_number; 604 crypto_func_group_t cm_func_group_mask; 605 ssize_t cm_min_key_length; 606 ssize_t cm_max_key_length; 607 crypto_keysize_unit_t cm_keysize_unit; /* for cm_xxx_key_length */ 608 } crypto_mech_info_t; 609 610 /* 611 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 612 * It is returned after the provider registers with 613 * crypto_register_provider(), and must be specified by the provider 614 * when calling crypto_unregister_provider(), and 615 * crypto_provider_notification(). 616 */ 617 typedef uint_t crypto_kcf_provider_handle_t; 618 619 /* 620 * Provider information. Passed as argument to crypto_register_provider(9F). 621 * Describes the provider and its capabilities. Multiple providers can 622 * register for the same device instance. In this case, the same 623 * pi_provider_dev must be specified with a different pi_provider_handle. 624 */ 625 typedef struct crypto_provider_info { 626 uint_t pi_interface_version; 627 char *pi_provider_description; 628 crypto_provider_type_t pi_provider_type; 629 crypto_provider_dev_t pi_provider_dev; 630 crypto_provider_handle_t pi_provider_handle; 631 crypto_ops_t *pi_ops_vector; 632 uint_t pi_mech_list_count; 633 crypto_mech_info_t *pi_mechanisms; 634 uint_t pi_logical_provider_count; 635 crypto_kcf_provider_handle_t *pi_logical_providers; 636 } crypto_provider_info_t; 637 638 /* 639 * Provider status passed by a provider to crypto_provider_notification(9F) 640 * and returned by the provider_stauts(9E) entry point. 641 */ 642 #define CRYPTO_PROVIDER_READY 0 643 #define CRYPTO_PROVIDER_BUSY 1 644 #define CRYPTO_PROVIDER_FAILED 2 645 646 /* 647 * Functions exported by Solaris to cryptographic providers. Providers 648 * call these functions to register and unregister, notify the kernel 649 * of state changes, and notify the kernel when a asynchronous request 650 * completed. 651 */ 652 extern int crypto_register_provider(crypto_provider_info_t *, 653 crypto_kcf_provider_handle_t *); 654 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 655 extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t); 656 extern void crypto_op_notification(crypto_req_handle_t, int); 657 extern int crypto_kmflag(crypto_req_handle_t); 658 659 #endif /* _KERNEL */ 660 661 #ifdef __cplusplus 662 } 663 #endif 664 665 #endif /* _SYS_CRYPTO_SPI_H */ 666