1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_IMPL_H 27 #define _SYS_CRYPTO_IMPL_H 28 29 /* 30 * Kernel Cryptographic Framework private implementation definitions. 31 */ 32 33 #include <sys/types.h> 34 #include <sys/param.h> 35 36 #ifdef _KERNEL 37 #include <sys/crypto/common.h> 38 #include <sys/crypto/api.h> 39 #include <sys/crypto/spi.h> 40 #include <sys/crypto/ioctl.h> 41 #include <sys/tnf_probe.h> 42 #include <sys/atomic.h> 43 #include <sys/project.h> 44 #include <sys/taskq.h> 45 #include <sys/rctl.h> 46 #endif /* _KERNEL */ 47 48 #ifdef __cplusplus 49 extern "C" { 50 #endif 51 52 #ifdef _KERNEL 53 54 #define KCF_MODULE "kcf" 55 56 /* 57 * Prefixes convention: structures internal to the kernel cryptographic 58 * framework start with 'kcf_'. Exposed structure start with 'crypto_'. 59 */ 60 61 /* Provider stats. Not protected. */ 62 typedef struct kcf_prov_stats { 63 kstat_named_t ps_ops_total; 64 kstat_named_t ps_ops_passed; 65 kstat_named_t ps_ops_failed; 66 kstat_named_t ps_ops_busy_rval; 67 } kcf_prov_stats_t; 68 69 /* Various kcf stats. Not protected. */ 70 typedef struct kcf_stats { 71 kstat_named_t ks_thrs_in_pool; 72 kstat_named_t ks_idle_thrs; 73 kstat_named_t ks_minthrs; 74 kstat_named_t ks_maxthrs; 75 kstat_named_t ks_swq_njobs; 76 kstat_named_t ks_swq_maxjobs; 77 kstat_named_t ks_taskq_threads; 78 kstat_named_t ks_taskq_minalloc; 79 kstat_named_t ks_taskq_maxalloc; 80 } kcf_stats_t; 81 82 /* 83 * Keep all the information needed by the scheduler from 84 * this provider. 85 */ 86 typedef struct kcf_sched_info { 87 /* The number of operations dispatched. */ 88 uint64_t ks_ndispatches; 89 90 /* The number of operations that failed. */ 91 uint64_t ks_nfails; 92 93 /* The number of operations that returned CRYPTO_BUSY. */ 94 uint64_t ks_nbusy_rval; 95 96 /* taskq used to dispatch crypto requests */ 97 taskq_t *ks_taskq; 98 } kcf_sched_info_t; 99 100 /* 101 * pd_irefcnt approximates the number of inflight requests to the 102 * provider. Though we increment this counter during registration for 103 * other purposes, that base value is mostly same across all providers. 104 * So, it is a good measure of the load on a provider when it is not 105 * in a busy state. Once a provider notifies it is busy, requests 106 * backup in the taskq. So, we use tq_nalloc in that case which gives 107 * the number of task entries in the task queue. Note that we do not 108 * acquire any locks here as it is not critical to get the exact number 109 * and the lock contention may be too costly for this code path. 110 */ 111 #define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \ 112 (pd)->pd_irefcnt : (pd)->pd_sched_info.ks_taskq->tq_nalloc) 113 114 #define KCF_PROV_INCRSTATS(pd, error) { \ 115 (pd)->pd_sched_info.ks_ndispatches++; \ 116 if (error == CRYPTO_BUSY) \ 117 (pd)->pd_sched_info.ks_nbusy_rval++; \ 118 else if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) \ 119 (pd)->pd_sched_info.ks_nfails++; \ 120 } 121 122 123 /* 124 * The following two macros should be 125 * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2) 126 * #define KCF_MAXMECHTAB KCF_MAXCIPHER 127 * 128 * However, doing that would involve reorganizing the header file a bit. 129 * When impl.h is broken up (bug# 4703218), this will be done. For now, 130 * we hardcode these values. 131 */ 132 #define KCF_OPS_CLASSSIZE 8 133 #define KCF_MAXMECHTAB 32 134 135 /* 136 * Valid values for the state of a provider. The order of 137 * the elements is important. 138 * 139 * Routines which get a provider or the list of providers 140 * should pick only those that are either in KCF_PROV_READY state 141 * or in KCF_PROV_BUSY state. 142 */ 143 typedef enum { 144 KCF_PROV_ALLOCATED = 1, 145 KCF_PROV_UNVERIFIED, 146 KCF_PROV_VERIFICATION_FAILED, 147 /* 148 * state < KCF_PROV_READY means the provider can not 149 * be used at all. 150 */ 151 KCF_PROV_READY, 152 KCF_PROV_BUSY, 153 /* 154 * state > KCF_PROV_BUSY means the provider can not 155 * be used for new requests. 156 */ 157 KCF_PROV_FAILED, 158 /* 159 * Threads setting the following two states should do so only 160 * if the current state < KCF_PROV_DISABLED. 161 */ 162 KCF_PROV_DISABLED, 163 KCF_PROV_REMOVED, 164 KCF_PROV_FREED 165 } kcf_prov_state_t; 166 167 #define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED) 168 #define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \ 169 (pd)->pd_state == KCF_PROV_BUSY) 170 #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_REMOVED) 171 172 /* Internal flags valid for pd_flags field */ 173 #define KCF_PROV_RESTRICTED 0x40000000 174 #define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */ 175 176 /* 177 * A provider descriptor structure. There is one such structure per 178 * provider. It is allocated and initialized at registration time and 179 * freed when the provider unregisters. 180 * 181 * pd_prov_type: Provider type, hardware or software 182 * pd_sid: Session ID of the provider used by kernel clients. 183 * This is valid only for session-oriented providers. 184 * pd_refcnt: Reference counter to this provider descriptor 185 * pd_irefcnt: References held by the framework internal structs 186 * pd_lock: lock protects pd_state and pd_provider_list 187 * pd_state: State value of the provider 188 * pd_provider_list: Used to cross-reference logical providers and their 189 * members. Not used for software providers. 190 * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY 191 * pd_prov_handle: Provider handle specified by provider 192 * pd_ops_vector: The ops vector specified by Provider 193 * pd_mech_indx: Lookup table which maps a core framework mechanism 194 * number to an index in pd_mechanisms array 195 * pd_mechanisms: Array of mechanisms supported by the provider, specified 196 * by the provider during registration 197 * pd_sched_info: Scheduling information associated with the provider 198 * pd_mech_list_count: The number of entries in pi_mechanisms, specified 199 * by the provider during registration 200 * pd_name: Device name or module name 201 * pd_instance: Device instance 202 * pd_module_id: Module ID returned by modload 203 * pd_mctlp: Pointer to modctl structure for this provider 204 * pd_remove_cv: cv to wait on while the provider queue drains 205 * pd_description: Provider description string 206 * pd_flags bitwise OR of pi_flags from crypto_provider_info_t 207 * and other internal flags defined above. 208 * pd_hash_limit Maximum data size that hash mechanisms of this provider 209 * can support. 210 * pd_kcf_prov_handle: KCF-private handle assigned by KCF 211 * pd_prov_id: Identification # assigned by KCF to provider 212 * pd_kstat: kstat associated with the provider 213 * pd_ks_data: kstat data 214 */ 215 typedef struct kcf_provider_desc { 216 crypto_provider_type_t pd_prov_type; 217 crypto_session_id_t pd_sid; 218 uint_t pd_refcnt; 219 uint_t pd_irefcnt; 220 kmutex_t pd_lock; 221 kcf_prov_state_t pd_state; 222 struct kcf_provider_list *pd_provider_list; 223 kcondvar_t pd_resume_cv; 224 crypto_provider_handle_t pd_prov_handle; 225 crypto_ops_t *pd_ops_vector; 226 ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\ 227 [KCF_MAXMECHTAB]; 228 crypto_mech_info_t *pd_mechanisms; 229 kcf_sched_info_t pd_sched_info; 230 uint_t pd_mech_list_count; 231 char *pd_name; 232 uint_t pd_instance; 233 int pd_module_id; 234 struct modctl *pd_mctlp; 235 kcondvar_t pd_remove_cv; 236 char *pd_description; 237 uint_t pd_flags; 238 uint_t pd_hash_limit; 239 crypto_kcf_provider_handle_t pd_kcf_prov_handle; 240 crypto_provider_id_t pd_prov_id; 241 kstat_t *pd_kstat; 242 kcf_prov_stats_t pd_ks_data; 243 } kcf_provider_desc_t; 244 245 /* useful for making a list of providers */ 246 typedef struct kcf_provider_list { 247 struct kcf_provider_list *pl_next; 248 struct kcf_provider_desc *pl_provider; 249 } kcf_provider_list_t; 250 251 /* 252 * If a component has a reference to a kcf_provider_desc_t, 253 * it REFHOLD()s. A new provider descriptor which is referenced only 254 * by the providers table has a reference counter of one. 255 */ 256 #define KCF_PROV_REFHOLD(desc) { \ 257 atomic_add_32(&(desc)->pd_refcnt, 1); \ 258 ASSERT((desc)->pd_refcnt != 0); \ 259 } 260 261 #define KCF_PROV_IREFHOLD(desc) { \ 262 atomic_add_32(&(desc)->pd_irefcnt, 1); \ 263 ASSERT((desc)->pd_irefcnt != 0); \ 264 } 265 266 #define KCF_PROV_IREFRELE(desc) { \ 267 ASSERT((desc)->pd_irefcnt != 0); \ 268 membar_exit(); \ 269 if (atomic_add_32_nv(&(desc)->pd_irefcnt, -1) == 0) { \ 270 cv_broadcast(&(desc)->pd_remove_cv); \ 271 } \ 272 } 273 274 #define KCF_PROV_REFHELD(desc) ((desc)->pd_refcnt >= 1) 275 276 #define KCF_PROV_REFRELE(desc) { \ 277 ASSERT((desc)->pd_refcnt != 0); \ 278 membar_exit(); \ 279 if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) { \ 280 kcf_provider_zero_refcnt((desc)); \ 281 } \ 282 } 283 284 285 /* list of crypto_mech_info_t valid as the second mech in a dual operation */ 286 287 typedef struct crypto_mech_info_list { 288 struct crypto_mech_info_list *ml_next; 289 crypto_mech_type_t ml_kcf_mechid; /* KCF's id */ 290 crypto_mech_info_t ml_mech_info; 291 } crypto_mech_info_list_t; 292 293 /* 294 * An element in a mechanism provider descriptors chain. 295 * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs 296 * to. This is a small tradeoff memory vs mutex spinning time to access the 297 * common provider field. 298 */ 299 300 typedef struct kcf_prov_mech_desc { 301 struct kcf_mech_entry *pm_me; /* Back to the head */ 302 struct kcf_prov_mech_desc *pm_next; /* Next in the chain */ 303 crypto_mech_info_t pm_mech_info; /* Provider mech info */ 304 crypto_mech_info_list_t *pm_mi_list; /* list for duals */ 305 kcf_provider_desc_t *pm_prov_desc; /* Common desc. */ 306 } kcf_prov_mech_desc_t; 307 308 /* and the notation shortcuts ... */ 309 #define pm_provider_type pm_prov_desc.pd_provider_type 310 #define pm_provider_handle pm_prov_desc.pd_provider_handle 311 #define pm_ops_vector pm_prov_desc.pd_ops_vector 312 313 314 #define KCF_CPU_PAD (128 - sizeof (crypto_mech_name_t) - \ 315 sizeof (crypto_mech_type_t) - \ 316 sizeof (kmutex_t) - 2 * sizeof (kcf_prov_mech_desc_t *) - \ 317 sizeof (int) - sizeof (uint32_t) - sizeof (size_t)) 318 319 /* 320 * A mechanism entry in an xxx_mech_tab[]. KCF_CPU_PAD needs 321 * to be adjusted if this structure is changed. 322 */ 323 typedef struct kcf_mech_entry { 324 crypto_mech_name_t me_name; /* mechanism name */ 325 crypto_mech_type_t me_mechid; /* Internal id for mechanism */ 326 kmutex_t me_mutex; /* access protection */ 327 kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */ 328 kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */ 329 /* 330 * Number of HW providers in the chain. There is only one 331 * SW provider. So, we need only a count of HW providers. 332 */ 333 int me_num_hwprov; 334 /* 335 * When a SW provider is present, this is the generation number that 336 * ensures no objects from old SW providers are used in the new one 337 */ 338 uint32_t me_gen_swprov; 339 /* 340 * threshold for using hardware providers for this mech 341 */ 342 size_t me_threshold; 343 uint8_t me_pad[KCF_CPU_PAD]; 344 } kcf_mech_entry_t; 345 346 /* 347 * A policy descriptor structure. It is allocated and initialized 348 * when administrative ioctls load disabled mechanisms. 349 * 350 * pd_prov_type: Provider type, hardware or software 351 * pd_name: Device name or module name. 352 * pd_instance: Device instance. 353 * pd_refcnt: Reference counter for this policy descriptor 354 * pd_mutex: Protects array and count of disabled mechanisms. 355 * pd_disabled_count: Count of disabled mechanisms. 356 * pd_disabled_mechs: Array of disabled mechanisms. 357 */ 358 typedef struct kcf_policy_desc { 359 crypto_provider_type_t pd_prov_type; 360 char *pd_name; 361 uint_t pd_instance; 362 uint_t pd_refcnt; 363 kmutex_t pd_mutex; 364 uint_t pd_disabled_count; 365 crypto_mech_name_t *pd_disabled_mechs; 366 } kcf_policy_desc_t; 367 368 /* 369 * If a component has a reference to a kcf_policy_desc_t, 370 * it REFHOLD()s. A new policy descriptor which is referenced only 371 * by the policy table has a reference count of one. 372 */ 373 #define KCF_POLICY_REFHOLD(desc) { \ 374 atomic_add_32(&(desc)->pd_refcnt, 1); \ 375 ASSERT((desc)->pd_refcnt != 0); \ 376 } 377 378 /* 379 * Releases a reference to a policy descriptor. When the last 380 * reference is released, the descriptor is freed. 381 */ 382 #define KCF_POLICY_REFRELE(desc) { \ 383 ASSERT((desc)->pd_refcnt != 0); \ 384 membar_exit(); \ 385 if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) \ 386 kcf_policy_free_desc(desc); \ 387 } 388 389 /* 390 * This entry stores the name of a software module and its 391 * mechanisms. The mechanisms are 'hints' that are used to 392 * trigger loading of the module. 393 */ 394 typedef struct kcf_soft_conf_entry { 395 struct kcf_soft_conf_entry *ce_next; 396 char *ce_name; 397 crypto_mech_name_t *ce_mechs; 398 uint_t ce_count; 399 } kcf_soft_conf_entry_t; 400 401 extern kmutex_t soft_config_mutex; 402 extern kcf_soft_conf_entry_t *soft_config_list; 403 404 /* 405 * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms, 406 * with a margin of few extra empty entry points 407 */ 408 409 #define KCF_MAXDIGEST 16 /* Digests */ 410 #define KCF_MAXCIPHER 64 /* Ciphers */ 411 #define KCF_MAXMAC 40 /* Message authentication codes */ 412 #define KCF_MAXSIGN 24 /* Sign/Verify */ 413 #define KCF_MAXKEYOPS 116 /* Key generation and derivation */ 414 #define KCF_MAXMISC 16 /* Others ... */ 415 416 #define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \ 417 KCF_MAXSIGN + KCF_MAXKEYOPS + \ 418 KCF_MAXMISC 419 420 extern kcf_mech_entry_t kcf_digest_mechs_tab[]; 421 extern kcf_mech_entry_t kcf_cipher_mechs_tab[]; 422 extern kcf_mech_entry_t kcf_mac_mechs_tab[]; 423 extern kcf_mech_entry_t kcf_sign_mechs_tab[]; 424 extern kcf_mech_entry_t kcf_keyops_mechs_tab[]; 425 extern kcf_mech_entry_t kcf_misc_mechs_tab[]; 426 427 extern kmutex_t kcf_mech_tabs_lock; 428 429 typedef enum { 430 KCF_DIGEST_CLASS = 1, 431 KCF_CIPHER_CLASS, 432 KCF_MAC_CLASS, 433 KCF_SIGN_CLASS, 434 KCF_KEYOPS_CLASS, 435 KCF_MISC_CLASS 436 } kcf_ops_class_t; 437 438 #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS 439 #define KCF_LAST_OPSCLASS KCF_MISC_CLASS 440 441 /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */ 442 443 typedef struct kcf_mech_entry_tab { 444 int met_size; /* Size of the met_tab[] */ 445 kcf_mech_entry_t *met_tab; /* the table */ 446 } kcf_mech_entry_tab_t; 447 448 extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; 449 450 #define KCF_MECHID(class, index) \ 451 (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index)) 452 453 #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32)) 454 455 #define KCF_MECH2INDEX(mech_type) ((int)(mech_type)) 456 457 #define KCF_TO_PROV_MECH_INDX(pd, mech_type) \ 458 ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \ 459 [KCF_MECH2INDEX(mech_type)]) 460 461 #define KCF_TO_PROV_MECHINFO(pd, mech_type) \ 462 ((pd)->pd_mechanisms[KCF_TO_PROV_MECH_INDX(pd, mech_type)]) 463 464 #define KCF_TO_PROV_MECHNUM(pd, mech_type) \ 465 (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number) 466 467 #define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \ 468 ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \ 469 CRYPTO_CAN_SHARE_OPSTATE) 470 471 /* ps_refcnt is protected by cm_lock in the crypto_minor structure */ 472 typedef struct crypto_provider_session { 473 struct crypto_provider_session *ps_next; 474 crypto_session_id_t ps_session; 475 kcf_provider_desc_t *ps_provider; 476 kcf_provider_desc_t *ps_real_provider; 477 uint_t ps_refcnt; 478 } crypto_provider_session_t; 479 480 typedef struct crypto_session_data { 481 kmutex_t sd_lock; 482 kcondvar_t sd_cv; 483 uint32_t sd_flags; 484 int sd_pre_approved_amount; 485 crypto_ctx_t *sd_digest_ctx; 486 crypto_ctx_t *sd_encr_ctx; 487 crypto_ctx_t *sd_decr_ctx; 488 crypto_ctx_t *sd_sign_ctx; 489 crypto_ctx_t *sd_verify_ctx; 490 crypto_ctx_t *sd_sign_recover_ctx; 491 crypto_ctx_t *sd_verify_recover_ctx; 492 kcf_provider_desc_t *sd_provider; 493 void *sd_find_init_cookie; 494 crypto_provider_session_t *sd_provider_session; 495 } crypto_session_data_t; 496 497 #define CRYPTO_SESSION_IN_USE 0x00000001 498 #define CRYPTO_SESSION_IS_BUSY 0x00000002 499 #define CRYPTO_SESSION_IS_CLOSED 0x00000004 500 501 #define KCF_MAX_PIN_LEN 1024 502 503 /* 504 * Per-minor info. 505 * 506 * cm_lock protects everything in this structure except for cm_refcnt. 507 */ 508 typedef struct crypto_minor { 509 uint_t cm_refcnt; 510 kmutex_t cm_lock; 511 kcondvar_t cm_cv; 512 crypto_session_data_t **cm_session_table; 513 uint_t cm_session_table_count; 514 kcf_provider_desc_t **cm_provider_array; 515 uint_t cm_provider_count; 516 crypto_provider_session_t *cm_provider_session; 517 } crypto_minor_t; 518 519 /* resource control framework handle used by /dev/crypto */ 520 extern rctl_hndl_t rc_project_crypto_mem; 521 /* 522 * Return codes for internal functions 523 */ 524 #define KCF_SUCCESS 0x0 /* Successful call */ 525 #define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */ 526 #define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */ 527 #define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */ 528 #define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */ 529 #define KCF_INVALID_INDX ((ushort_t)-1) 530 531 /* 532 * kCF internal mechanism and function group for tracking RNG providers. 533 */ 534 #define SUN_RANDOM "random" 535 #define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */ 536 537 /* 538 * Wrappers for ops vectors. In the wrapper definitions below, the pd 539 * argument always corresponds to a pointer to a provider descriptor 540 * of type kcf_prov_desc_t. 541 */ 542 543 #define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops) 544 #define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops) 545 #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops) 546 #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops) 547 #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops) 548 #define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops) 549 #define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops) 550 #define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops) 551 #define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \ 552 ((pd)->pd_ops_vector->co_dual_cipher_mac_ops) 553 #define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops) 554 #define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops) 555 #define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops) 556 #define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops) 557 #define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) 558 #define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops) 559 #define KCF_PROV_NOSTORE_KEY_OPS(pd) \ 560 ((pd)->pd_ops_vector->co_nostore_key_ops) 561 562 /* 563 * Wrappers for crypto_control_ops(9S) entry points. 564 */ 565 566 #define KCF_PROV_STATUS(pd, status) ( \ 567 (KCF_PROV_CONTROL_OPS(pd) && \ 568 KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \ 569 KCF_PROV_CONTROL_OPS(pd)->provider_status( \ 570 (pd)->pd_prov_handle, status) : \ 571 CRYPTO_NOT_SUPPORTED) 572 573 /* 574 * Wrappers for crypto_ctx_ops(9S) entry points. 575 */ 576 577 #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \ 578 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ 579 KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ 580 (pd)->pd_prov_handle, mech, key, template, size, req) : \ 581 CRYPTO_NOT_SUPPORTED) 582 583 #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ 584 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \ 585 KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED) 586 587 #define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \ 588 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \ 589 KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \ 590 (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \ 591 CRYPTO_NOT_SUPPORTED) 592 593 #define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \ 594 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \ 595 KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \ 596 (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \ 597 CRYPTO_NOT_SUPPORTED) 598 599 #define KCF_PROV_FREE_MECH(pd, prov_mech) ( \ 600 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \ 601 KCF_PROV_MECH_OPS(pd)->free_mechanism( \ 602 (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED) 603 604 /* 605 * Wrappers for crypto_digest_ops(9S) entry points. 606 */ 607 608 #define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \ 609 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \ 610 KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \ 611 CRYPTO_NOT_SUPPORTED) 612 613 /* 614 * The _ (underscore) in _digest is needed to avoid replacing the 615 * function digest(). 616 */ 617 #define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \ 618 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \ 619 KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \ 620 CRYPTO_NOT_SUPPORTED) 621 622 #define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \ 623 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \ 624 KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \ 625 CRYPTO_NOT_SUPPORTED) 626 627 #define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \ 628 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \ 629 KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \ 630 CRYPTO_NOT_SUPPORTED) 631 632 #define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \ 633 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \ 634 KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \ 635 CRYPTO_NOT_SUPPORTED) 636 637 #define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \ 638 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \ 639 KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \ 640 (pd)->pd_prov_handle, session, mech, data, digest, req) : \ 641 CRYPTO_NOT_SUPPORTED) 642 643 /* 644 * Wrappers for crypto_cipher_ops(9S) entry points. 645 */ 646 647 #define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 648 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \ 649 KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \ 650 req) : \ 651 CRYPTO_NOT_SUPPORTED) 652 653 #define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \ 654 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \ 655 KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \ 656 CRYPTO_NOT_SUPPORTED) 657 658 #define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 659 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \ 660 KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \ 661 ciphertext, req) : \ 662 CRYPTO_NOT_SUPPORTED) 663 664 #define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \ 665 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \ 666 KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \ 667 CRYPTO_NOT_SUPPORTED) 668 669 #define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \ 670 template, req) ( \ 671 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \ 672 KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \ 673 (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \ 674 template, req) : \ 675 CRYPTO_NOT_SUPPORTED) 676 677 #define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 678 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \ 679 KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \ 680 req) : \ 681 CRYPTO_NOT_SUPPORTED) 682 683 #define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \ 684 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \ 685 KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \ 686 CRYPTO_NOT_SUPPORTED) 687 688 #define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 689 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \ 690 KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \ 691 plaintext, req) : \ 692 CRYPTO_NOT_SUPPORTED) 693 694 #define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \ 695 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \ 696 KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \ 697 CRYPTO_NOT_SUPPORTED) 698 699 #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \ 700 template, req) ( \ 701 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \ 702 KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \ 703 (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \ 704 template, req) : \ 705 CRYPTO_NOT_SUPPORTED) 706 707 /* 708 * Wrappers for crypto_mac_ops(9S) entry points. 709 */ 710 711 #define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \ 712 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \ 713 KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \ 714 : CRYPTO_NOT_SUPPORTED) 715 716 /* 717 * The _ (underscore) in _mac is needed to avoid replacing the 718 * function mac(). 719 */ 720 #define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \ 721 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \ 722 KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \ 723 CRYPTO_NOT_SUPPORTED) 724 725 #define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \ 726 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \ 727 KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \ 728 CRYPTO_NOT_SUPPORTED) 729 730 #define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \ 731 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \ 732 KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \ 733 CRYPTO_NOT_SUPPORTED) 734 735 #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \ 736 req) ( \ 737 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \ 738 KCF_PROV_MAC_OPS(pd)->mac_atomic( \ 739 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 740 req) : \ 741 CRYPTO_NOT_SUPPORTED) 742 743 #define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \ 744 template, req) ( \ 745 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \ 746 KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \ 747 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 748 req) : \ 749 CRYPTO_NOT_SUPPORTED) 750 751 /* 752 * Wrappers for crypto_sign_ops(9S) entry points. 753 */ 754 755 #define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \ 756 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \ 757 KCF_PROV_SIGN_OPS(pd)->sign_init( \ 758 ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED) 759 760 #define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \ 761 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \ 762 KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \ 763 CRYPTO_NOT_SUPPORTED) 764 765 #define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \ 766 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \ 767 KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \ 768 CRYPTO_NOT_SUPPORTED) 769 770 #define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \ 771 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \ 772 KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \ 773 CRYPTO_NOT_SUPPORTED) 774 775 #define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \ 776 sig, req) ( \ 777 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \ 778 KCF_PROV_SIGN_OPS(pd)->sign_atomic( \ 779 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 780 req) : CRYPTO_NOT_SUPPORTED) 781 782 #define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \ 783 req) ( \ 784 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \ 785 KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \ 786 req) : CRYPTO_NOT_SUPPORTED) 787 788 #define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \ 789 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \ 790 KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \ 791 CRYPTO_NOT_SUPPORTED) 792 793 #define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \ 794 sig, req) ( \ 795 (KCF_PROV_SIGN_OPS(pd) && \ 796 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \ 797 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \ 798 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 799 req) : CRYPTO_NOT_SUPPORTED) 800 801 /* 802 * Wrappers for crypto_verify_ops(9S) entry points. 803 */ 804 805 #define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \ 806 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \ 807 KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \ 808 req) : CRYPTO_NOT_SUPPORTED) 809 810 #define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \ 811 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify) ? \ 812 KCF_PROV_VERIFY_OPS(pd)->verify(ctx, data, sig, req) : \ 813 CRYPTO_NOT_SUPPORTED) 814 815 #define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \ 816 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \ 817 KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \ 818 CRYPTO_NOT_SUPPORTED) 819 820 #define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \ 821 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \ 822 KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \ 823 CRYPTO_NOT_SUPPORTED) 824 825 #define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \ 826 req) ( \ 827 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \ 828 KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \ 829 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 830 req) : CRYPTO_NOT_SUPPORTED) 831 832 #define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \ 833 req) ( \ 834 (KCF_PROV_VERIFY_OPS(pd) && \ 835 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \ 836 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \ 837 template, req) : CRYPTO_NOT_SUPPORTED) 838 839 /* verify_recover() CSPI routine has different argument order than verify() */ 840 #define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \ 841 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \ 842 KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \ 843 CRYPTO_NOT_SUPPORTED) 844 845 /* 846 * verify_recover_atomic() CSPI routine has different argument order 847 * than verify_atomic(). 848 */ 849 #define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \ 850 template, data, req) ( \ 851 (KCF_PROV_VERIFY_OPS(pd) && \ 852 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \ 853 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \ 854 (pd)->pd_prov_handle, session, mech, key, sig, data, template, \ 855 req) : CRYPTO_NOT_SUPPORTED) 856 857 /* 858 * Wrappers for crypto_dual_ops(9S) entry points. 859 */ 860 861 #define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \ 862 ciphertext, req) ( \ 863 (KCF_PROV_DUAL_OPS(pd) && \ 864 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \ 865 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \ 866 digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 867 CRYPTO_NOT_SUPPORTED) 868 869 #define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \ 870 plaintext, req) ( \ 871 (KCF_PROV_DUAL_OPS(pd) && \ 872 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \ 873 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \ 874 decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \ 875 CRYPTO_NOT_SUPPORTED) 876 877 #define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \ 878 ciphertext, req) ( \ 879 (KCF_PROV_DUAL_OPS(pd) && \ 880 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \ 881 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \ 882 sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 883 CRYPTO_NOT_SUPPORTED) 884 885 #define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \ 886 plaintext, req) ( \ 887 (KCF_PROV_DUAL_OPS(pd) && \ 888 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \ 889 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \ 890 decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \ 891 CRYPTO_NOT_SUPPORTED) 892 893 /* 894 * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points. 895 */ 896 897 #define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \ 898 mac_key, encr_ctx_template, mac_ctx_template, req) ( \ 899 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 900 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \ 901 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \ 902 ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \ 903 mac_ctx_template, req) : \ 904 CRYPTO_NOT_SUPPORTED) 905 906 #define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \ 907 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 908 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \ 909 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \ 910 ctx, plaintext, ciphertext, mac, req) : \ 911 CRYPTO_NOT_SUPPORTED) 912 913 #define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 914 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 915 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \ 916 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \ 917 ctx, plaintext, ciphertext, req) : \ 918 CRYPTO_NOT_SUPPORTED) 919 920 #define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \ 921 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 922 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \ 923 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \ 924 ctx, ciphertext, mac, req) : \ 925 CRYPTO_NOT_SUPPORTED) 926 927 #define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \ 928 mac_mech, mac_key, plaintext, ciphertext, mac, \ 929 encr_ctx_template, mac_ctx_template, req) ( \ 930 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 931 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \ 932 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \ 933 (pd)->pd_prov_handle, session, encr_mech, encr_key, \ 934 mac_mech, mac_key, plaintext, ciphertext, mac, \ 935 encr_ctx_template, mac_ctx_template, req) : \ 936 CRYPTO_NOT_SUPPORTED) 937 938 #define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \ 939 decr_key, mac_ctx_template, decr_ctx_template, req) ( \ 940 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 941 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \ 942 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \ 943 ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \ 944 decr_ctx_template, req) : \ 945 CRYPTO_NOT_SUPPORTED) 946 947 #define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \ 948 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 949 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \ 950 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \ 951 ctx, ciphertext, mac, plaintext, req) : \ 952 CRYPTO_NOT_SUPPORTED) 953 954 #define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 955 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 956 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \ 957 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \ 958 ctx, ciphertext, plaintext, req) : \ 959 CRYPTO_NOT_SUPPORTED) 960 961 #define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \ 962 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 963 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \ 964 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \ 965 ctx, mac, plaintext, req) : \ 966 CRYPTO_NOT_SUPPORTED) 967 968 #define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 969 decr_mech, decr_key, ciphertext, mac, plaintext, \ 970 mac_ctx_template, decr_ctx_template, req) ( \ 971 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 972 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \ 973 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \ 974 (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 975 decr_mech, decr_key, ciphertext, mac, plaintext, \ 976 mac_ctx_template, decr_ctx_template, req) : \ 977 CRYPTO_NOT_SUPPORTED) 978 979 #define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 980 decr_mech, decr_key, ciphertext, mac, plaintext, \ 981 mac_ctx_template, decr_ctx_template, req) ( \ 982 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 983 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \ 984 != NULL) ? \ 985 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \ 986 (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 987 decr_mech, decr_key, ciphertext, mac, plaintext, \ 988 mac_ctx_template, decr_ctx_template, req) : \ 989 CRYPTO_NOT_SUPPORTED) 990 991 /* 992 * Wrappers for crypto_random_number_ops(9S) entry points. 993 */ 994 995 #define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \ 996 (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \ 997 KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \ 998 session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED) 999 1000 #define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \ 1001 (KCF_PROV_RANDOM_OPS(pd) && \ 1002 KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \ 1003 KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \ 1004 session, buf, len, req) : CRYPTO_NOT_SUPPORTED) 1005 1006 /* 1007 * Wrappers for crypto_session_ops(9S) entry points. 1008 * 1009 * ops_pd is the provider descriptor that supplies the ops_vector. 1010 * pd is the descriptor that supplies the provider handle. 1011 * Only session open/close needs two handles. 1012 */ 1013 1014 #define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \ 1015 (KCF_PROV_SESSION_OPS(ops_pd) && \ 1016 KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \ 1017 KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \ 1018 session, req) : CRYPTO_NOT_SUPPORTED) 1019 1020 #define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \ 1021 (KCF_PROV_SESSION_OPS(ops_pd) && \ 1022 KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \ 1023 KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \ 1024 session, req) : CRYPTO_NOT_SUPPORTED) 1025 1026 #define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \ 1027 (KCF_PROV_SESSION_OPS(pd) && \ 1028 KCF_PROV_SESSION_OPS(pd)->session_login) ? \ 1029 KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \ 1030 session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED) 1031 1032 #define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \ 1033 (KCF_PROV_SESSION_OPS(pd) && \ 1034 KCF_PROV_SESSION_OPS(pd)->session_logout) ? \ 1035 KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \ 1036 session, req) : CRYPTO_NOT_SUPPORTED) 1037 1038 /* 1039 * Wrappers for crypto_object_ops(9S) entry points. 1040 */ 1041 1042 #define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \ 1043 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \ 1044 KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \ 1045 session, template, count, object, req) : CRYPTO_NOT_SUPPORTED) 1046 1047 #define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \ 1048 new_object, req) ( \ 1049 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \ 1050 KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \ 1051 session, object, template, count, new_object, req) : \ 1052 CRYPTO_NOT_SUPPORTED) 1053 1054 #define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \ 1055 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \ 1056 KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \ 1057 session, object, req) : CRYPTO_NOT_SUPPORTED) 1058 1059 #define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \ 1060 (KCF_PROV_OBJECT_OPS(pd) && \ 1061 KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \ 1062 KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \ 1063 session, object, size, req) : CRYPTO_NOT_SUPPORTED) 1064 1065 #define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \ 1066 count, req) ( \ 1067 (KCF_PROV_OBJECT_OPS(pd) && \ 1068 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \ 1069 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \ 1070 (pd)->pd_prov_handle, session, object, template, count, req) : \ 1071 CRYPTO_NOT_SUPPORTED) 1072 1073 #define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \ 1074 count, req) ( \ 1075 (KCF_PROV_OBJECT_OPS(pd) && \ 1076 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \ 1077 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \ 1078 (pd)->pd_prov_handle, session, object, template, count, req) : \ 1079 CRYPTO_NOT_SUPPORTED) 1080 1081 #define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \ 1082 req) ( \ 1083 (KCF_PROV_OBJECT_OPS(pd) && \ 1084 KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \ 1085 KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \ 1086 session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED) 1087 1088 #define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \ 1089 req) ( \ 1090 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \ 1091 KCF_PROV_OBJECT_OPS(pd)->object_find( \ 1092 (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \ 1093 req) : CRYPTO_NOT_SUPPORTED) 1094 1095 #define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \ 1096 (KCF_PROV_OBJECT_OPS(pd) && \ 1097 KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \ 1098 KCF_PROV_OBJECT_OPS(pd)->object_find_final( \ 1099 (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED) 1100 1101 /* 1102 * Wrappers for crypto_key_ops(9S) entry points. 1103 */ 1104 1105 #define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \ 1106 req) ( \ 1107 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \ 1108 KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \ 1109 session, mech, template, count, object, req) : \ 1110 CRYPTO_NOT_SUPPORTED) 1111 1112 #define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 1113 pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \ 1114 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \ 1115 KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \ 1116 session, mech, pub_template, pub_count, priv_template, \ 1117 priv_count, pub_key, priv_key, req) : \ 1118 CRYPTO_NOT_SUPPORTED) 1119 1120 #define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \ 1121 wrapped_key_len, req) ( \ 1122 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \ 1123 KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \ 1124 session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \ 1125 req) : \ 1126 CRYPTO_NOT_SUPPORTED) 1127 1128 #define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \ 1129 wrapped_key_len, template, count, key, req) ( \ 1130 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \ 1131 KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \ 1132 session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \ 1133 template, count, key, req) : \ 1134 CRYPTO_NOT_SUPPORTED) 1135 1136 #define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \ 1137 key, req) ( \ 1138 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \ 1139 KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \ 1140 session, mech, base_key, template, count, key, req) : \ 1141 CRYPTO_NOT_SUPPORTED) 1142 1143 #define KCF_PROV_KEY_CHECK(pd, mech, key) ( \ 1144 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \ 1145 KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \ 1146 CRYPTO_NOT_SUPPORTED) 1147 1148 /* 1149 * Wrappers for crypto_provider_management_ops(9S) entry points. 1150 * 1151 * ops_pd is the provider descriptor that supplies the ops_vector. 1152 * pd is the descriptor that supplies the provider handle. 1153 * Only ext_info needs two handles. 1154 */ 1155 1156 #define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \ 1157 (KCF_PROV_PROVIDER_OPS(ops_pd) && \ 1158 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \ 1159 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \ 1160 provext_info, req) : CRYPTO_NOT_SUPPORTED) 1161 1162 #define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \ 1163 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \ 1164 KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \ 1165 pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED) 1166 1167 #define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \ 1168 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \ 1169 KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \ 1170 session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED) 1171 1172 #define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \ 1173 req) ( \ 1174 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \ 1175 KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \ 1176 session, old_pin, old_len, new_pin, new_len, req) : \ 1177 CRYPTO_NOT_SUPPORTED) 1178 1179 /* 1180 * Wrappers for crypto_nostore_key_ops(9S) entry points. 1181 */ 1182 1183 #define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \ 1184 out_template, out_count, req) ( \ 1185 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 1186 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \ 1187 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \ 1188 (pd)->pd_prov_handle, session, mech, template, count, \ 1189 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) 1190 1191 #define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 1192 pub_count, priv_template, priv_count, out_pub_template, \ 1193 out_pub_count, out_priv_template, out_priv_count, req) ( \ 1194 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 1195 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \ 1196 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \ 1197 (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \ 1198 priv_template, priv_count, out_pub_template, out_pub_count, \ 1199 out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED) 1200 1201 #define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \ 1202 count, out_template, out_count, req) ( \ 1203 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 1204 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \ 1205 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \ 1206 (pd)->pd_prov_handle, session, mech, base_key, template, count, \ 1207 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) 1208 1209 /* 1210 * The following routines are exported by the kcf module (/kernel/misc/kcf) 1211 * to the crypto and cryptoadmin modules. 1212 */ 1213 1214 /* Digest/mac/cipher entry points that take a provider descriptor and session */ 1215 extern int crypto_digest_single(crypto_context_t, crypto_data_t *, 1216 crypto_data_t *, crypto_call_req_t *); 1217 1218 extern int crypto_mac_single(crypto_context_t, crypto_data_t *, 1219 crypto_data_t *, crypto_call_req_t *); 1220 1221 extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *, 1222 crypto_data_t *, crypto_call_req_t *); 1223 1224 extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *, 1225 crypto_data_t *, crypto_call_req_t *); 1226 1227 1228 /* Other private digest/mac/cipher entry points not exported through k-API */ 1229 extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *, 1230 crypto_call_req_t *); 1231 1232 /* Private sign entry points exported by KCF */ 1233 extern int crypto_sign_single(crypto_context_t, crypto_data_t *, 1234 crypto_data_t *, crypto_call_req_t *); 1235 1236 extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *, 1237 crypto_data_t *, crypto_call_req_t *); 1238 1239 /* Private verify entry points exported by KCF */ 1240 extern int crypto_verify_single(crypto_context_t, crypto_data_t *, 1241 crypto_data_t *, crypto_call_req_t *); 1242 1243 extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *, 1244 crypto_data_t *, crypto_call_req_t *); 1245 1246 /* Private dual operations entry points exported by KCF */ 1247 extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t, 1248 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1249 extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t, 1250 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1251 extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t, 1252 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1253 extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t, 1254 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1255 1256 /* Random Number Generation */ 1257 int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf, 1258 size_t len, crypto_call_req_t *req); 1259 int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf, 1260 size_t len, crypto_call_req_t *req); 1261 1262 /* Provider Management */ 1263 int crypto_get_provider_info(crypto_provider_id_t id, 1264 crypto_provider_info_t **info, crypto_call_req_t *req); 1265 int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id, 1266 uint_t *count, crypto_mech_name_t **list); 1267 int crypto_init_token(crypto_provider_handle_t provider, char *pin, 1268 size_t pin_len, char *label, crypto_call_req_t *); 1269 int crypto_init_pin(crypto_provider_handle_t provider, char *pin, 1270 size_t pin_len, crypto_call_req_t *req); 1271 int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin, 1272 size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req); 1273 void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count); 1274 void crypto_free_provider_info(crypto_provider_info_t *info); 1275 1276 /* Administrative */ 1277 int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list); 1278 int crypto_get_soft_list(uint_t *count, char **list, size_t *len); 1279 int crypto_get_dev_info(char *name, uint_t instance, uint_t *count, 1280 crypto_mech_name_t **list); 1281 int crypto_get_soft_info(caddr_t name, uint_t *count, 1282 crypto_mech_name_t **list); 1283 int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count, 1284 crypto_mech_name_t *list); 1285 int crypto_load_soft_disabled(caddr_t name, uint_t count, 1286 crypto_mech_name_t *list); 1287 int crypto_unload_soft_module(caddr_t path); 1288 int crypto_load_soft_config(caddr_t name, uint_t count, 1289 crypto_mech_name_t *list); 1290 int crypto_load_door(uint_t did); 1291 void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count); 1292 void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count); 1293 1294 /* Miscellaneous */ 1295 int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number); 1296 int crypto_get_function_list(crypto_provider_id_t id, 1297 crypto_function_list_t **list, int kmflag); 1298 void crypto_free_function_list(crypto_function_list_t *list); 1299 int crypto_build_permitted_mech_names(kcf_provider_desc_t *, 1300 crypto_mech_name_t **, uint_t *, int); 1301 extern void kcf_init_mech_tabs(void); 1302 extern int kcf_add_mech_provider(short, kcf_provider_desc_t *, 1303 kcf_prov_mech_desc_t **); 1304 extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *); 1305 extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **); 1306 extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *); 1307 extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *); 1308 extern void kcf_free_provider_desc(kcf_provider_desc_t *); 1309 extern void kcf_soft_config_init(void); 1310 extern int get_sw_provider_for_mech(crypto_mech_name_t, char **); 1311 extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t); 1312 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); 1313 extern void redo_register_provider(kcf_provider_desc_t *); 1314 extern void kcf_rnd_init(); 1315 extern boolean_t kcf_rngprov_check(void); 1316 extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t); 1317 extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t, boolean_t); 1318 extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t); 1319 extern void kcf_rnd_chpoll(short, int, short *, struct pollhead **); 1320 extern void kcf_rnd_schedule_timeout(boolean_t); 1321 extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t, 1322 void *, void (*update)()); 1323 extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t, 1324 void *, void (*update)()); 1325 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); 1326 extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *); 1327 extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *, 1328 int kmflag); 1329 extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *, 1330 void (*update)(), void (*final)(), uchar_t); 1331 extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, 1332 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 1333 void (*copy_block)(uint8_t *, uint64_t *)); 1334 extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *, 1335 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 1336 void (*copy_block)(uint8_t *, uint64_t *)); 1337 extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *, 1338 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 1339 void (*copy_block)(uint8_t *, uint64_t *)); 1340 extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **, 1341 ssize_t *); 1342 1343 /* Access to the provider's table */ 1344 extern void kcf_prov_tab_init(void); 1345 extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *); 1346 extern int kcf_prov_tab_rem_provider(crypto_provider_id_t); 1347 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *); 1348 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t); 1349 extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int, 1350 char *, uint_t, boolean_t); 1351 extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t); 1352 extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **); 1353 extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t); 1354 extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **, 1355 kcf_mech_entry_t **, boolean_t); 1356 1357 /* Access to the policy table */ 1358 extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t); 1359 extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *, 1360 uint_t, crypto_mech_name_t); 1361 extern void kcf_policy_tab_init(void); 1362 extern void kcf_policy_free_desc(kcf_policy_desc_t *); 1363 extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **); 1364 extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *, 1365 crypto_mech_name_t **); 1366 extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *); 1367 extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t); 1368 extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *, 1369 uint_t *, crypto_mech_name_t **); 1370 extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t, 1371 crypto_mech_name_t *, uint_t *, crypto_mech_name_t **); 1372 extern boolean_t in_soft_config_list(char *); 1373 1374 #endif /* _KERNEL */ 1375 1376 #ifdef __cplusplus 1377 } 1378 #endif 1379 1380 #endif /* _SYS_CRYPTO_IMPL_H */ 1381