xref: /titanic_52/usr/src/uts/common/sys/crypto/common.h (revision 84ab085a13f931bc78e7415e7ce921dbaa14fcb3) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _SYS_CRYPTO_COMMON_H
28 #define	_SYS_CRYPTO_COMMON_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 /*
33  * Header file for the common data structures of the cryptographic framework
34  */
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/uio.h>
42 #include <sys/stream.h>
43 #include <sys/mutex.h>
44 #include <sys/condvar.h>
45 
46 
47 /* Cryptographic Mechanisms */
48 
49 #define	CRYPTO_MAX_MECH_NAME 32
50 typedef char crypto_mech_name_t[CRYPTO_MAX_MECH_NAME];
51 
52 typedef uint64_t crypto_mech_type_t;
53 
54 typedef struct crypto_mechanism {
55 	crypto_mech_type_t	cm_type;	/* mechanism type */
56 	caddr_t			cm_param;	/* mech. parameter */
57 	size_t			cm_param_len;	/* mech. parameter len */
58 } crypto_mechanism_t;
59 
60 /*
61  * The measurement unit flag for a mechanism's minimum or maximum key size.
62  * The unit are mechanism dependant.  It can be in bits or in bytes.
63  */
64 typedef uint32_t crypto_keysize_unit_t;
65 
66 #define	CRYPTO_KEYSIZE_UNIT_IN_BITS	0x00000001
67 #define	CRYPTO_KEYSIZE_UNIT_IN_BYTES	0x00000002
68 
69 
70 /* Mechanisms supported out-of-the-box */
71 #define	SUN_CKM_MD5			"CKM_MD5"
72 #define	SUN_CKM_MD5_HMAC		"CKM_MD5_HMAC"
73 #define	SUN_CKM_MD5_HMAC_GENERAL	"CKM_MD5_HMAC_GENERAL"
74 #define	SUN_CKM_SHA1			"CKM_SHA_1"
75 #define	SUN_CKM_SHA1_HMAC		"CKM_SHA_1_HMAC"
76 #define	SUN_CKM_SHA1_HMAC_GENERAL	"CKM_SHA_1_HMAC_GENERAL"
77 #define	SUN_CKM_SHA256			"CKM_SHA256"
78 #define	SUN_CKM_SHA256_HMAC		"CKM_SHA256_HMAC"
79 #define	SUN_CKM_SHA256_HMAC_GENERAL	"CKM_SHA256_HMAC_GENERAL"
80 #define	SUN_CKM_SHA384			"CKM_SHA384"
81 #define	SUN_CKM_SHA384_HMAC		"CKM_SHA384_HMAC"
82 #define	SUN_CKM_SHA384_HMAC_GENERAL	"CKM_SHA384_HMAC_GENERAL"
83 #define	SUN_CKM_SHA512			"CKM_SHA512"
84 #define	SUN_CKM_SHA512_HMAC		"CKM_SHA512_HMAC"
85 #define	SUN_CKM_SHA512_HMAC_GENERAL	"CKM_SHA512_HMAC_GENERAL"
86 #define	SUN_CKM_DES_CBC			"CKM_DES_CBC"
87 #define	SUN_CKM_DES3_CBC		"CKM_DES3_CBC"
88 #define	SUN_CKM_DES_ECB			"CKM_DES_ECB"
89 #define	SUN_CKM_DES3_ECB		"CKM_DES3_ECB"
90 #define	SUN_CKM_BF_CBC			"CKM_BF_CBC"
91 #define	SUN_CKM_BF_ECB			"CKM_BF_ECB"
92 #define	SUN_CKM_AES_CBC			"CKM_AES_CBC"
93 #define	SUN_CKM_AES_ECB			"CKM_AES_ECB"
94 #define	SUN_CKM_RC4			"CKM_RC4"
95 #define	SUN_CKM_RSA_PKCS		"CKM_RSA_PKCS"
96 #define	SUN_CKM_RSA_X_509		"CKM_RSA_X_509"
97 #define	SUN_CKM_MD5_RSA_PKCS		"CKM_MD5_RSA_PKCS"
98 #define	SUN_CKM_SHA1_RSA_PKCS		"CKM_SHA1_RSA_PKCS"
99 
100 
101 /* Data arguments of cryptographic operations */
102 
103 typedef enum crypto_data_format {
104 	CRYPTO_DATA_RAW = 1,
105 	CRYPTO_DATA_UIO,
106 	CRYPTO_DATA_MBLK
107 } crypto_data_format_t;
108 
109 typedef struct crypto_data {
110 	crypto_data_format_t	cd_format;	/* Format identifier	*/
111 	off_t			cd_offset;	/* Offset from the beginning */
112 	size_t			cd_length;	/* # of bytes in use */
113 	caddr_t			cd_miscdata;	/* ancillary data */
114 	union {
115 		/* Raw format */
116 		iovec_t cdu_raw;		/* Pointer and length	    */
117 
118 		/* uio scatter-gather format */
119 		uio_t	*cdu_uio;
120 
121 		/* mblk scatter-gather format */
122 		mblk_t	*cdu_mp;		/* The mblk chain */
123 
124 	} cdu;	/* Crypto Data Union */
125 } crypto_data_t;
126 
127 #define	cd_raw		cdu.cdu_raw
128 #define	cd_uio		cdu.cdu_uio
129 #define	cd_mp		cdu.cdu_mp
130 
131 typedef struct crypto_dual_data {
132 	crypto_data_t		dd_data;	/* The data */
133 	off_t			dd_offset2;	/* Used by dual operation */
134 	size_t			dd_len2;	/* # of bytes to take	*/
135 } crypto_dual_data_t;
136 
137 #define	dd_format	dd_data.cd_format
138 #define	dd_offset1	dd_data.cd_offset
139 #define	dd_len1		dd_data.cd_length
140 #define	dd_miscdata	dd_data.cd_miscdata
141 #define	dd_raw		dd_data.cd_raw
142 #define	dd_uio		dd_data.cd_uio
143 #define	dd_mp		dd_data.cd_mp
144 
145 /* The keys, and their contents */
146 
147 typedef enum {
148 	CRYPTO_KEY_RAW = 1,	/* ck_data is a cleartext key */
149 	CRYPTO_KEY_REFERENCE,	/* ck_obj_id is an opaque reference */
150 	CRYPTO_KEY_ATTR_LIST	/* ck_attrs is a list of object attributes */
151 } crypto_key_format_t;
152 
153 typedef uint64_t crypto_attr_type_t;
154 
155 /* Attribute types to use for passing a RSA public key or a private key. */
156 #define	SUN_CKA_MODULUS			0x00000120
157 #define	SUN_CKA_MODULUS_BITS		0x00000121
158 #define	SUN_CKA_PUBLIC_EXPONENT		0x00000122
159 #define	SUN_CKA_PRIVATE_EXPONENT	0x00000123
160 #define	SUN_CKA_PRIME_1			0x00000124
161 #define	SUN_CKA_PRIME_2			0x00000125
162 #define	SUN_CKA_EXPONENT_1		0x00000126
163 #define	SUN_CKA_EXPONENT_2		0x00000127
164 #define	SUN_CKA_COEFFICIENT		0x00000128
165 #define	SUN_CKA_PRIME			0x00000130
166 #define	SUN_CKA_SUBPRIME		0x00000131
167 #define	SUN_CKA_BASE			0x00000132
168 
169 typedef uint32_t	crypto_object_id_t;
170 
171 typedef struct crypto_object_attribute {
172 	crypto_attr_type_t	oa_type;	/* attribute type */
173 	caddr_t			oa_value;	/* attribute value */
174 	ssize_t			oa_value_len;	/* length of attribute value */
175 } crypto_object_attribute_t;
176 
177 typedef struct crypto_key {
178 	crypto_key_format_t	ck_format;	/* format identifier */
179 	union {
180 		/* for CRYPTO_KEY_RAW ck_format */
181 		struct {
182 			uint_t	cku_v_length;	/* # of bits in ck_data   */
183 			void	*cku_v_data;	/* ptr to key value */
184 		} cku_key_value;
185 
186 		/* for CRYPTO_KEY_REFERENCE ck_format */
187 		crypto_object_id_t cku_key_id;	/* reference to object key */
188 
189 		/* for CRYPTO_KEY_ATTR_LIST ck_format */
190 		struct {
191 			uint_t cku_a_count;	/* number of attributes */
192 			crypto_object_attribute_t *cku_a_oattr;
193 		} cku_key_attrs;
194 	} cku_data;				/* Crypto Key union */
195 } crypto_key_t;
196 
197 #define	ck_data		cku_data.cku_key_value.cku_v_data
198 #define	ck_length	cku_data.cku_key_value.cku_v_length
199 #define	ck_obj_id	cku_data.cku_key_id
200 #define	ck_count	cku_data.cku_key_attrs.cku_a_count
201 #define	ck_attrs	cku_data.cku_key_attrs.cku_a_oattr
202 
203 /*
204  * Raw key lengths are expressed in number of bits.
205  * The following macro returns the minimum number of
206  * bytes that can contain the specified number of bits.
207  */
208 #define	CRYPTO_BITS2BYTES(n) (((n) + 7) >> 3)
209 
210 /* Providers */
211 
212 typedef enum {
213 	CRYPTO_HW_PROVIDER = 0,
214 	CRYPTO_SW_PROVIDER,
215 	CRYPTO_LOGICAL_PROVIDER
216 } crypto_provider_type_t;
217 
218 typedef uint32_t 	crypto_provider_id_t;
219 #define	KCF_PROVID_INVALID	((uint32_t)-1)
220 
221 typedef struct crypto_provider_entry {
222 	crypto_provider_id_t	pe_provider_id;
223 	uint_t			pe_mechanism_count;
224 } crypto_provider_entry_t;
225 
226 typedef struct crypto_dev_list_entry {
227 	char			le_dev_name[MAXNAMELEN];
228 	uint_t			le_dev_instance;
229 	uint_t			le_mechanism_count;
230 } crypto_dev_list_entry_t;
231 
232 /* User type for authentication ioctls and SPI entry points */
233 
234 typedef enum crypto_user_type {
235 	CRYPTO_SO = 0,
236 	CRYPTO_USER
237 } crypto_user_type_t;
238 
239 /* Version for provider management ioctls and SPI entry points */
240 
241 typedef struct crypto_version {
242 	uchar_t	cv_major;
243 	uchar_t	cv_minor;
244 } crypto_version_t;
245 
246 /* session data structure opaque to the consumer */
247 typedef void *crypto_session_t;
248 
249 typedef uint_t		crypto_session_id_t;
250 
251 /*
252  * Common cryptographic status and error codes.
253  */
254 #define	CRYPTO_SUCCESS				0x00000000
255 #define	CRYPTO_CANCEL				0x00000001
256 #define	CRYPTO_HOST_MEMORY			0x00000002
257 #define	CRYPTO_GENERAL_ERROR			0x00000003
258 #define	CRYPTO_FAILED				0x00000004
259 #define	CRYPTO_ARGUMENTS_BAD			0x00000005
260 #define	CRYPTO_ATTRIBUTE_READ_ONLY		0x00000006
261 #define	CRYPTO_ATTRIBUTE_SENSITIVE		0x00000007
262 #define	CRYPTO_ATTRIBUTE_TYPE_INVALID		0x00000008
263 #define	CRYPTO_ATTRIBUTE_VALUE_INVALID		0x00000009
264 #define	CRYPTO_CANCELED				0x0000000A
265 #define	CRYPTO_DATA_INVALID			0x0000000B
266 #define	CRYPTO_DATA_LEN_RANGE			0x0000000C
267 #define	CRYPTO_DEVICE_ERROR			0x0000000D
268 #define	CRYPTO_DEVICE_MEMORY			0x0000000E
269 #define	CRYPTO_DEVICE_REMOVED			0x0000000F
270 #define	CRYPTO_ENCRYPTED_DATA_INVALID		0x00000010
271 #define	CRYPTO_ENCRYPTED_DATA_LEN_RANGE		0x00000011
272 #define	CRYPTO_KEY_HANDLE_INVALID		0x00000012
273 #define	CRYPTO_KEY_SIZE_RANGE			0x00000013
274 #define	CRYPTO_KEY_TYPE_INCONSISTENT		0x00000014
275 #define	CRYPTO_KEY_NOT_NEEDED			0x00000015
276 #define	CRYPTO_KEY_CHANGED			0x00000016
277 #define	CRYPTO_KEY_NEEDED			0x00000017
278 #define	CRYPTO_KEY_INDIGESTIBLE			0x00000018
279 #define	CRYPTO_KEY_FUNCTION_NOT_PERMITTED	0x00000019
280 #define	CRYPTO_KEY_NOT_WRAPPABLE		0x0000001A
281 #define	CRYPTO_KEY_UNEXTRACTABLE		0x0000001B
282 #define	CRYPTO_MECHANISM_INVALID		0x0000001C
283 #define	CRYPTO_MECHANISM_PARAM_INVALID		0x0000001D
284 #define	CRYPTO_OBJECT_HANDLE_INVALID		0x0000001E
285 #define	CRYPTO_OPERATION_IS_ACTIVE		0x0000001F
286 #define	CRYPTO_OPERATION_NOT_INITIALIZED	0x00000020
287 #define	CRYPTO_PIN_INCORRECT			0x00000021
288 #define	CRYPTO_PIN_INVALID			0x00000022
289 #define	CRYPTO_PIN_LEN_RANGE			0x00000023
290 #define	CRYPTO_PIN_EXPIRED			0x00000024
291 #define	CRYPTO_PIN_LOCKED			0x00000025
292 #define	CRYPTO_SESSION_CLOSED			0x00000026
293 #define	CRYPTO_SESSION_COUNT			0x00000027
294 #define	CRYPTO_SESSION_HANDLE_INVALID		0x00000028
295 #define	CRYPTO_SESSION_READ_ONLY		0x00000029
296 #define	CRYPTO_SESSION_EXISTS			0x0000002A
297 #define	CRYPTO_SESSION_READ_ONLY_EXISTS		0x0000002B
298 #define	CRYPTO_SESSION_READ_WRITE_SO_EXISTS	0x0000002C
299 #define	CRYPTO_SIGNATURE_INVALID		0x0000002D
300 #define	CRYPTO_SIGNATURE_LEN_RANGE		0x0000002E
301 #define	CRYPTO_TEMPLATE_INCOMPLETE		0x0000002F
302 #define	CRYPTO_TEMPLATE_INCONSISTENT		0x00000030
303 #define	CRYPTO_UNWRAPPING_KEY_HANDLE_INVALID	0x00000031
304 #define	CRYPTO_UNWRAPPING_KEY_SIZE_RANGE	0x00000032
305 #define	CRYPTO_UNWRAPPING_KEY_TYPE_INCONSISTENT	0x00000033
306 #define	CRYPTO_USER_ALREADY_LOGGED_IN		0x00000034
307 #define	CRYPTO_USER_NOT_LOGGED_IN		0x00000035
308 #define	CRYPTO_USER_PIN_NOT_INITIALIZED		0x00000036
309 #define	CRYPTO_USER_TYPE_INVALID		0x00000037
310 #define	CRYPTO_USER_ANOTHER_ALREADY_LOGGED_IN	0x00000038
311 #define	CRYPTO_USER_TOO_MANY_TYPES		0x00000039
312 #define	CRYPTO_WRAPPED_KEY_INVALID		0x0000003A
313 #define	CRYPTO_WRAPPED_KEY_LEN_RANGE		0x0000003B
314 #define	CRYPTO_WRAPPING_KEY_HANDLE_INVALID	0x0000003C
315 #define	CRYPTO_WRAPPING_KEY_SIZE_RANGE		0x0000003D
316 #define	CRYPTO_WRAPPING_KEY_TYPE_INCONSISTENT	0x0000003E
317 #define	CRYPTO_RANDOM_SEED_NOT_SUPPORTED	0x0000003F
318 #define	CRYPTO_RANDOM_NO_RNG			0x00000040
319 #define	CRYPTO_DOMAIN_PARAMS_INVALID		0x00000041
320 #define	CRYPTO_BUFFER_TOO_SMALL			0x00000042
321 #define	CRYPTO_INFORMATION_SENSITIVE		0x00000043
322 #define	CRYPTO_NOT_SUPPORTED			0x00000044
323 
324 #define	CRYPTO_QUEUED				0x00000045
325 #define	CRYPTO_BUFFER_TOO_BIG			0x00000046
326 #define	CRYPTO_INVALID_CONTEXT			0x00000047
327 #define	CRYPTO_INVALID_MAC			0x00000048
328 #define	CRYPTO_MECH_NOT_SUPPORTED		0x00000049
329 #define	CRYPTO_INCONSISTENT_ATTRIBUTE		0x0000004A
330 #define	CRYPTO_NO_PERMISSION			0x0000004B
331 #define	CRYPTO_INVALID_PROVIDER_ID		0x0000004C
332 #define	CRYPTO_VERSION_MISMATCH			0x0000004D
333 #define	CRYPTO_BUSY				0x0000004E
334 #define	CRYPTO_UNKNOWN_PROVIDER			0x0000004F
335 #define	CRYPTO_MODVERIFICATION_FAILED		0x00000050
336 #define	CRYPTO_OLD_CTX_TEMPLATE			0x00000051
337 #define	CRYPTO_WEAK_KEY				0x00000052
338 
339 /*
340  * Special values that can be used to indicate that information is unavailable
341  * or that there is not practical limit. These values can be used
342  * by fields of the SPI crypto_provider_ext_info(9S) structure.
343  * The value of CRYPTO_UNAVAILABLE_INFO should be the same as
344  * CK_UNAVAILABLE_INFO in the PKCS#11 spec.
345  */
346 #define	CRYPTO_UNAVAILABLE_INFO		((ulong_t)(-1))
347 #define	CRYPTO_EFFECTIVELY_INFINITE	0x0
348 
349 #ifdef __cplusplus
350 }
351 #endif
352 
353 #endif /* _SYS_CRYPTO_COMMON_H */
354