search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
5869 Need AES CMAC support in KCF+PKCS11
[unleashed.git] / usr / src / uts / common / sys / crypto / spi.h
blob42294e8dde1398f6863aba3a5106b27c026d3bd7
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _SYS_CRYPTO_SPI_H
27 #define _SYS_CRYPTO_SPI_H
28
29 /*
30 * CSPI: Cryptographic Service Provider Interface.
31 */
32
33 #include <sys/types.h>
34 #include <sys/dditypes.h>
35 #include <sys/ddi.h>
36 #include <sys/kmem.h>
37 #include <sys/crypto/common.h>
38
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42
43 #ifdef _KERNEL
44
45 #define CRYPTO_SPI_VERSION_1 1
46 #define CRYPTO_SPI_VERSION_2 2
47 #define CRYPTO_SPI_VERSION_3 3
48 #define CRYPTO_SPI_VERSION_4 4
49
50 /*
51 * Provider-private handle. This handle is specified by a provider
52 * when it registers by means of the pi_provider_handle field of
53 * the crypto_provider_info structure, and passed to the provider
54 * when its entry points are invoked.
55 */
56 typedef void *crypto_provider_handle_t;
57
58 /*
59 * Context templates can be used to by software providers to pre-process
60 * keying material, such as key schedules. They are allocated by
61 * a software provider create_ctx_template(9E) entry point, and passed
62 * as argument to initialization and atomic provider entry points.
63 */
64 typedef void *crypto_spi_ctx_template_t;
65
66 /*
67 * Request handles are used by the kernel to identify an asynchronous
68 * request being processed by a provider. It is passed by the kernel
69 * to a hardware provider when submitting a request, and must be
70 * specified by a provider when calling crypto_op_notification(9F)
71 */
72 typedef void *crypto_req_handle_t;
73
74 /* Values for cc_flags field */
75 #define CRYPTO_INIT_OPSTATE 0x00000001 /* allocate and init cc_opstate */
76 #define CRYPTO_USE_OPSTATE 0x00000002 /* .. start using it as context */
77
78 /*
79 * The context structure is passed from the kernel to a provider.
80 * It contains the information needed to process a multi-part or
81 * single part operation. The context structure is not used
82 * by atomic operations.
83 *
84 * Parameters needed to perform a cryptographic operation, such
85 * as keys, mechanisms, input and output buffers, are passed
86 * as separate arguments to Provider routines.
87 */
88 typedef struct crypto_ctx {
89 crypto_provider_handle_t cc_provider;
90 crypto_session_id_t cc_session;
91 void *cc_provider_private; /* owned by provider */
92 void *cc_framework_private; /* owned by framework */
93 uint32_t cc_flags; /* flags */
94 void *cc_opstate; /* state */
95 } crypto_ctx_t;
96
97 /*
98 * Extended provider information.
99 */
100
101 /*
102 * valid values for ei_flags field of extended info structure
103 * They match the RSA Security, Inc PKCS#11 tokenInfo flags.
104 */
105 #define CRYPTO_EXTF_RNG 0x00000001
106 #define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002
107 #define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004
108 #define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008
109 #define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040
110 #define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100
111 #define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200
112 #define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400
113 #define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000
114 #define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000
115 #define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000
116 #define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000
117 #define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000
118 #define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000
119 #define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000
120 #define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000
121
122 /*
123 * The crypto_control_ops structure contains pointers to control
124 * operations for cryptographic providers. It is passed through
125 * the crypto_ops(9S) structure when providers register with the
126 * kernel using crypto_register_provider(9F).
127 */
128 typedef struct crypto_control_ops {
129 void (*provider_status)(crypto_provider_handle_t, uint_t *);
130 } crypto_control_ops_t;
131
132 /*
133 * The crypto_ctx_ops structure contains points to context and context
134 * templates management operations for cryptographic providers. It is
135 * passed through the crypto_ops(9S) structure when providers register
136 * with the kernel using crypto_register_provider(9F).
137 */
138 typedef struct crypto_ctx_ops {
139 int (*create_ctx_template)(crypto_provider_handle_t,
140 crypto_mechanism_t *, crypto_key_t *,
141 crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t);
142 int (*free_context)(crypto_ctx_t *);
143 } crypto_ctx_ops_t;
144
145 /*
146 * The crypto_digest_ops structure contains pointers to digest
147 * operations for cryptographic providers. It is passed through
148 * the crypto_ops(9S) structure when providers register with the
149 * kernel using crypto_register_provider(9F).
150 */
151 typedef struct crypto_digest_ops {
152 int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *,
153 crypto_req_handle_t);
154 int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
155 crypto_req_handle_t);
156 int (*digest_update)(crypto_ctx_t *, crypto_data_t *,
157 crypto_req_handle_t);
158 int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t);
159 int (*digest_final)(crypto_ctx_t *, crypto_data_t *,
160 crypto_req_handle_t);
161 int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t,
162 crypto_mechanism_t *, crypto_data_t *,
163 crypto_data_t *, crypto_req_handle_t);
164 } crypto_digest_ops_t;
165
166 /*
167 * The crypto_cipher_ops structure contains pointers to encryption
168 * and decryption operations for cryptographic providers. It is
169 * passed through the crypto_ops(9S) structure when providers register
170 * with the kernel using crypto_register_provider(9F).
171 */
172 typedef struct crypto_cipher_ops {
173 int (*encrypt_init)(crypto_ctx_t *,
174 crypto_mechanism_t *, crypto_key_t *,
175 crypto_spi_ctx_template_t, crypto_req_handle_t);
176 int (*encrypt)(crypto_ctx_t *,
177 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
178 int (*encrypt_update)(crypto_ctx_t *,
179 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
180 int (*encrypt_final)(crypto_ctx_t *,
181 crypto_data_t *, crypto_req_handle_t);
182 int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t,
183 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
184 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
185
186 int (*decrypt_init)(crypto_ctx_t *,
187 crypto_mechanism_t *, crypto_key_t *,
188 crypto_spi_ctx_template_t, crypto_req_handle_t);
189 int (*decrypt)(crypto_ctx_t *,
190 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
191 int (*decrypt_update)(crypto_ctx_t *,
192 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
193 int (*decrypt_final)(crypto_ctx_t *,
194 crypto_data_t *, crypto_req_handle_t);
195 int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t,
196 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
197 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
198 } crypto_cipher_ops_t;
199
200 /*
201 * The crypto_mac_ops structure contains pointers to MAC
202 * operations for cryptographic providers. It is passed through
203 * the crypto_ops(9S) structure when providers register with the
204 * kernel using crypto_register_provider(9F).
205 */
206 typedef struct crypto_mac_ops {
207 int (*mac_init)(crypto_ctx_t *,
208 crypto_mechanism_t *, crypto_key_t *,
209 crypto_spi_ctx_template_t, crypto_req_handle_t);
210 int (*mac)(crypto_ctx_t *,
211 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
212 int (*mac_update)(crypto_ctx_t *,
213 crypto_data_t *, crypto_req_handle_t);
214 int (*mac_final)(crypto_ctx_t *,
215 crypto_data_t *, crypto_req_handle_t);
216 int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t,
217 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
218 crypto_data_t *, crypto_spi_ctx_template_t,
219 crypto_req_handle_t);
220 int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t,
221 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
222 crypto_data_t *, crypto_spi_ctx_template_t,
223 crypto_req_handle_t);
224 } crypto_mac_ops_t;
225
226 /*
227 * The crypto_sign_ops structure contains pointers to signing
228 * operations for cryptographic providers. It is passed through
229 * the crypto_ops(9S) structure when providers register with the
230 * kernel using crypto_register_provider(9F).
231 */
232 typedef struct crypto_sign_ops {
233 int (*sign_init)(crypto_ctx_t *,
234 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t,
235 crypto_req_handle_t);
236 int (*sign)(crypto_ctx_t *,
237 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
238 int (*sign_update)(crypto_ctx_t *,
239 crypto_data_t *, crypto_req_handle_t);
240 int (*sign_final)(crypto_ctx_t *,
241 crypto_data_t *, crypto_req_handle_t);
242 int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t,
243 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
244 crypto_data_t *, crypto_spi_ctx_template_t,
245 crypto_req_handle_t);
246 int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *,
247 crypto_key_t *, crypto_spi_ctx_template_t,
248 crypto_req_handle_t);
249 int (*sign_recover)(crypto_ctx_t *,
250 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
251 int (*sign_recover_atomic)(crypto_provider_handle_t,
252 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
253 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
254 crypto_req_handle_t);
255 } crypto_sign_ops_t;
256
257 /*
258 * The crypto_verify_ops structure contains pointers to verify
259 * operations for cryptographic providers. It is passed through
260 * the crypto_ops(9S) structure when providers register with the
261 * kernel using crypto_register_provider(9F).
262 */
263 typedef struct crypto_verify_ops {
264 int (*verify_init)(crypto_ctx_t *,
265 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t,
266 crypto_req_handle_t);
267 int (*verify)(crypto_ctx_t *,
268 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
269 int (*verify_update)(crypto_ctx_t *,
270 crypto_data_t *, crypto_req_handle_t);
271 int (*verify_final)(crypto_ctx_t *,
272 crypto_data_t *, crypto_req_handle_t);
273 int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t,
274 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
275 crypto_data_t *, crypto_spi_ctx_template_t,
276 crypto_req_handle_t);
277 int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *,
278 crypto_key_t *, crypto_spi_ctx_template_t,
279 crypto_req_handle_t);
280 int (*verify_recover)(crypto_ctx_t *,
281 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
282 int (*verify_recover_atomic)(crypto_provider_handle_t,
283 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
284 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
285 crypto_req_handle_t);
286 } crypto_verify_ops_t;
287
288 /*
289 * The crypto_dual_ops structure contains pointers to dual
290 * cipher and sign/verify operations for cryptographic providers.
291 * It is passed through the crypto_ops(9S) structure when
292 * providers register with the kernel using
293 * crypto_register_provider(9F).
294 */
295 typedef struct crypto_dual_ops {
296 int (*digest_encrypt_update)(
297 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
298 crypto_data_t *, crypto_req_handle_t);
299 int (*decrypt_digest_update)(
300 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
301 crypto_data_t *, crypto_req_handle_t);
302 int (*sign_encrypt_update)(
303 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
304 crypto_data_t *, crypto_req_handle_t);
305 int (*decrypt_verify_update)(
306 crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
307 crypto_data_t *, crypto_req_handle_t);
308 } crypto_dual_ops_t;
309
310 /*
311 * The crypto_dual_cipher_mac_ops structure contains pointers to dual
312 * cipher and MAC operations for cryptographic providers.
313 * It is passed through the crypto_ops(9S) structure when
314 * providers register with the kernel using
315 * crypto_register_provider(9F).
316 */
317 typedef struct crypto_dual_cipher_mac_ops {
318 int (*encrypt_mac_init)(crypto_ctx_t *,
319 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
320 crypto_key_t *, crypto_spi_ctx_template_t,
321 crypto_spi_ctx_template_t, crypto_req_handle_t);
322 int (*encrypt_mac)(crypto_ctx_t *,
323 crypto_data_t *, crypto_dual_data_t *, crypto_data_t *,
324 crypto_req_handle_t);
325 int (*encrypt_mac_update)(crypto_ctx_t *,
326 crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t);
327 int (*encrypt_mac_final)(crypto_ctx_t *,
328 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t);
329 int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t,
330 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
331 crypto_key_t *, crypto_data_t *, crypto_dual_data_t *,
332 crypto_data_t *, crypto_spi_ctx_template_t,
333 crypto_spi_ctx_template_t, crypto_req_handle_t);
334
335 int (*mac_decrypt_init)(crypto_ctx_t *,
336 crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
337 crypto_key_t *, crypto_spi_ctx_template_t,
338 crypto_spi_ctx_template_t, crypto_req_handle_t);
339 int (*mac_decrypt)(crypto_ctx_t *,
340 crypto_dual_data_t *, crypto_data_t *, crypto_data_t *,
341 crypto_req_handle_t);
342 int (*mac_decrypt_update)(crypto_ctx_t *,
343 crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t);
344 int (*mac_decrypt_final)(crypto_ctx_t *,
345 crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
346 int (*mac_decrypt_atomic)(crypto_provider_handle_t,
347 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
348 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *,
349 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
350 crypto_spi_ctx_template_t, crypto_req_handle_t);
351 int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t,
352 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
353 crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *,
354 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
355 crypto_spi_ctx_template_t, crypto_req_handle_t);
356 } crypto_dual_cipher_mac_ops_t;
357
358 /*
359 * The crypto_random_number_ops structure contains pointers to random
360 * number operations for cryptographic providers. It is passed through
361 * the crypto_ops(9S) structure when providers register with the
362 * kernel using crypto_register_provider(9F).
363 */
364 typedef struct crypto_random_number_ops {
365 int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t,
366 uchar_t *, size_t, uint_t, uint32_t, crypto_req_handle_t);
367 int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t,
368 uchar_t *, size_t, crypto_req_handle_t);
369 } crypto_random_number_ops_t;
370
371 /*
372 * Flag values for seed_random.
373 */
374 #define CRYPTO_SEED_NOW 0x00000001
375
376 /*
377 * The crypto_session_ops structure contains pointers to session
378 * operations for cryptographic providers. It is passed through
379 * the crypto_ops(9S) structure when providers register with the
380 * kernel using crypto_register_provider(9F).
381 */
382 typedef struct crypto_session_ops {
383 int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *,
384 crypto_req_handle_t);
385 int (*session_close)(crypto_provider_handle_t, crypto_session_id_t,
386 crypto_req_handle_t);
387 int (*session_login)(crypto_provider_handle_t, crypto_session_id_t,
388 crypto_user_type_t, char *, size_t, crypto_req_handle_t);
389 int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t,
390 crypto_req_handle_t);
391 } crypto_session_ops_t;
392
393 /*
394 * The crypto_object_ops structure contains pointers to object
395 * operations for cryptographic providers. It is passed through
396 * the crypto_ops(9S) structure when providers register with the
397 * kernel using crypto_register_provider(9F).
398 */
399 typedef struct crypto_object_ops {
400 int (*object_create)(crypto_provider_handle_t, crypto_session_id_t,
401 crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
402 crypto_req_handle_t);
403 int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t,
404 crypto_object_id_t, crypto_object_attribute_t *, uint_t,
405 crypto_object_id_t *, crypto_req_handle_t);
406 int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t,
407 crypto_object_id_t, crypto_req_handle_t);
408 int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t,
409 crypto_object_id_t, size_t *, crypto_req_handle_t);
410 int (*object_get_attribute_value)(crypto_provider_handle_t,
411 crypto_session_id_t, crypto_object_id_t,
412 crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
413 int (*object_set_attribute_value)(crypto_provider_handle_t,
414 crypto_session_id_t, crypto_object_id_t,
415 crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
416 int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t,
417 crypto_object_attribute_t *, uint_t, void **,
418 crypto_req_handle_t);
419 int (*object_find)(crypto_provider_handle_t, void *,
420 crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t);
421 int (*object_find_final)(crypto_provider_handle_t, void *,
422 crypto_req_handle_t);
423 } crypto_object_ops_t;
424
425 /*
426 * The crypto_key_ops structure contains pointers to key
427 * operations for cryptographic providers. It is passed through
428 * the crypto_ops(9S) structure when providers register with the
429 * kernel using crypto_register_provider(9F).
430 */
431 typedef struct crypto_key_ops {
432 int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t,
433 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
434 crypto_object_id_t *, crypto_req_handle_t);
435 int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t,
436 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
437 crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
438 crypto_object_id_t *, crypto_req_handle_t);
439 int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t,
440 crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *,
441 uchar_t *, size_t *, crypto_req_handle_t);
442 int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t,
443 crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *,
444 crypto_object_attribute_t *, uint_t,
445 crypto_object_id_t *, crypto_req_handle_t);
446 int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t,
447 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
448 uint_t, crypto_object_id_t *, crypto_req_handle_t);
449 int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *,
450 crypto_key_t *);
451 } crypto_key_ops_t;
452
453 /*
454 * The crypto_provider_management_ops structure contains pointers
455 * to management operations for cryptographic providers. It is passed
456 * through the crypto_ops(9S) structure when providers register with the
457 * kernel using crypto_register_provider(9F).
458 */
459 typedef struct crypto_provider_management_ops {
460 int (*ext_info)(crypto_provider_handle_t,
461 crypto_provider_ext_info_t *, crypto_req_handle_t);
462 int (*init_token)(crypto_provider_handle_t, char *, size_t,
463 char *, crypto_req_handle_t);
464 int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t,
465 char *, size_t, crypto_req_handle_t);
466 int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t,
467 char *, size_t, char *, size_t, crypto_req_handle_t);
468 } crypto_provider_management_ops_t;
469
470 typedef struct crypto_mech_ops {
471 int (*copyin_mechanism)(crypto_provider_handle_t,
472 crypto_mechanism_t *, crypto_mechanism_t *, int *, int);
473 int (*copyout_mechanism)(crypto_provider_handle_t,
474 crypto_mechanism_t *, crypto_mechanism_t *, int *, int);
475 int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *);
476 } crypto_mech_ops_t;
477
478 typedef struct crypto_nostore_key_ops {
479 int (*nostore_key_generate)(crypto_provider_handle_t,
480 crypto_session_id_t, crypto_mechanism_t *,
481 crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
482 uint_t, crypto_req_handle_t);
483 int (*nostore_key_generate_pair)(crypto_provider_handle_t,
484 crypto_session_id_t, crypto_mechanism_t *,
485 crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
486 uint_t, crypto_object_attribute_t *, uint_t,
487 crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
488 int (*nostore_key_derive)(crypto_provider_handle_t, crypto_session_id_t,
489 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
490 uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
491 } crypto_nostore_key_ops_t;
492
493 /*
494 * crypto_fips140_ops provides a function for FIPS 140 Power-On Self Test for
495 * those providers that are part of the Cryptographic Framework bounday. See
496 * crypto_fips140_ops(9s) for details.
497 */
498 typedef struct crypto_fips140_ops {
499 void (*fips140_post)(int *);
500 } crypto_fips140_ops_t;
501
502 /*
503 * The crypto_ops(9S) structure contains the structures containing
504 * the pointers to functions implemented by cryptographic providers.
505 * It is specified as part of the crypto_provider_info(9S)
506 * supplied by a provider when it registers with the kernel
507 * by calling crypto_register_provider(9F).
508 */
509 typedef struct crypto_ops_v1 {
510 crypto_control_ops_t *co_control_ops;
511 crypto_digest_ops_t *co_digest_ops;
512 crypto_cipher_ops_t *co_cipher_ops;
513 crypto_mac_ops_t *co_mac_ops;
514 crypto_sign_ops_t *co_sign_ops;
515 crypto_verify_ops_t *co_verify_ops;
516 crypto_dual_ops_t *co_dual_ops;
517 crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops;
518 crypto_random_number_ops_t *co_random_ops;
519 crypto_session_ops_t *co_session_ops;
520 crypto_object_ops_t *co_object_ops;
521 crypto_key_ops_t *co_key_ops;
522 crypto_provider_management_ops_t *co_provider_ops;
523 crypto_ctx_ops_t *co_ctx_ops;
524 } crypto_ops_v1_t;
525
526 typedef struct crypto_ops_v2 {
527 crypto_ops_v1_t v1_ops;
528 crypto_mech_ops_t *co_mech_ops;
529 } crypto_ops_v2_t;
530
531 typedef struct crypto_ops_v3 {
532 crypto_ops_v2_t v2_ops;
533 crypto_nostore_key_ops_t *co_nostore_key_ops;
534 } crypto_ops_v3_t;
535
536 typedef struct crypto_ops_v4 {
537 crypto_ops_v3_t v3_ops;
538 crypto_fips140_ops_t *co_fips140_ops;
539 } crypto_ops_v4_t;
540
541 typedef struct crypto_ops {
542 union {
543 crypto_ops_v4_t cou_v4;
544 crypto_ops_v3_t cou_v3;
545 crypto_ops_v2_t cou_v2;
546 crypto_ops_v1_t cou_v1;
547 } cou;
548 } crypto_ops_t;
549
550 #define co_control_ops cou.cou_v1.co_control_ops
551 #define co_digest_ops cou.cou_v1.co_digest_ops
552 #define co_cipher_ops cou.cou_v1.co_cipher_ops
553 #define co_mac_ops cou.cou_v1.co_mac_ops
554 #define co_sign_ops cou.cou_v1.co_sign_ops
555 #define co_verify_ops cou.cou_v1.co_verify_ops
556 #define co_dual_ops cou.cou_v1.co_dual_ops
557 #define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops
558 #define co_random_ops cou.cou_v1.co_random_ops
559 #define co_session_ops cou.cou_v1.co_session_ops
560 #define co_object_ops cou.cou_v1.co_object_ops
561 #define co_key_ops cou.cou_v1.co_key_ops
562 #define co_provider_ops cou.cou_v1.co_provider_ops
563 #define co_ctx_ops cou.cou_v1.co_ctx_ops
564 #define co_mech_ops cou.cou_v2.co_mech_ops
565 #define co_nostore_key_ops cou.cou_v3.co_nostore_key_ops
566 #define co_fips140_ops cou.cou_v4.co_fips140_ops
567
568 /*
569 * Provider device specification passed during registration.
570 *
571 * Software providers set the pi_provider_type field of provider_info_t
572 * to CRYPTO_SW_PROVIDER, and set the pd_sw field of
573 * crypto_provider_dev_t to the address of their modlinkage.
574 *
575 * Hardware providers set the pi_provider_type field of provider_info_t
576 * to CRYPTO_HW_PROVIDER, and set the pd_hw field of
577 * crypto_provider_dev_t to the dev_info structure corresponding
578 * to the device instance being registered.
579 *
580 * Logical providers set the pi_provider_type field of provider_info_t
581 * to CRYPTO_LOGICAL_PROVIDER, and set the pd_hw field of
582 * crypto_provider_dev_t to the dev_info structure corresponding
583 * to the device instance being registered.
584 */
585
586 typedef union crypto_provider_dev {
587 struct modlinkage *pd_sw; /* for CRYPTO_SW_PROVIDER */
588 dev_info_t *pd_hw; /* for CRYPTO_HW_PROVIDER */
589 } crypto_provider_dev_t;
590
591 #endif /* _KERNEL */
592
593 /*
594 * The mechanism info structure crypto_mech_info_t contains a function group
595 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t,
596 * specifies the provider entry point that can be used a particular
597 * mechanism. The function group mask is a combination of the following values.
598 */
599
600 typedef uint32_t crypto_func_group_t;
601
602 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */
603 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */
604 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */
605 #define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */
606 #define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */
607 #define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */
608 #define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */
609 #define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */
610 #define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */
611 #define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */
612 #define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */
613 #define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */
614 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */
615 #define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */
616 #define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */
617 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */
618 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */
619 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */
620 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */
621 #define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */
622 #define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */
623 #define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */
624 #define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */
625 #define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */
626 #define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */
627 #define CRYPTO_FG_RESERVED 0x80000000
628
629 /*
630 * Maximum length of the pi_provider_description field of the
631 * crypto_provider_info structure.
632 */
633 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64
634
635 #ifdef _KERNEL
636
637 /* Bit mask for all the simple operations */
638 #define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \
639 CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \
640 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \
641 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \
642 CRYPTO_FG_VERIFY_ATOMIC)
643
644 /* Bit mask for all the dual operations */
645 #define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \
646 CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \
647 CRYPTO_FG_MAC_DECRYPT_ATOMIC)
648
649 /* Add other combos to CRYPTO_FG_DUAL_MASK */
650 #define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK
651
652 /*
653 * The crypto_mech_info structure specifies one of the mechanisms
654 * supported by a cryptographic provider. The pi_mechanisms field of
655 * the crypto_provider_info structure contains a pointer to an array
656 * of crypto_mech_info's.
657 */
658 typedef struct crypto_mech_info {
659 crypto_mech_name_t cm_mech_name;
660 crypto_mech_type_t cm_mech_number;
661 crypto_func_group_t cm_func_group_mask;
662 ssize_t cm_min_key_length;
663 ssize_t cm_max_key_length;
664 uint32_t cm_mech_flags;
665 } crypto_mech_info_t;
666
667 /* Alias the old name to the new name for compatibility. */
668 #define cm_keysize_unit cm_mech_flags
669
670 /*
671 * crypto_kcf_provider_handle_t is a handle allocated by the kernel.
672 * It is returned after the provider registers with
673 * crypto_register_provider(), and must be specified by the provider
674 * when calling crypto_unregister_provider(), and
675 * crypto_provider_notification().
676 */
677 typedef uint_t crypto_kcf_provider_handle_t;
678
679 /*
680 * Provider information. Passed as argument to crypto_register_provider(9F).
681 * Describes the provider and its capabilities. Multiple providers can
682 * register for the same device instance. In this case, the same
683 * pi_provider_dev must be specified with a different pi_provider_handle.
684 */
685 typedef struct crypto_provider_info_v1 {
686 uint_t pi_interface_version;
687 char *pi_provider_description;
688 crypto_provider_type_t pi_provider_type;
689 crypto_provider_dev_t pi_provider_dev;
690 crypto_provider_handle_t pi_provider_handle;
691 crypto_ops_t *pi_ops_vector;
692 uint_t pi_mech_list_count;
693 crypto_mech_info_t *pi_mechanisms;
694 uint_t pi_logical_provider_count;
695 crypto_kcf_provider_handle_t *pi_logical_providers;
696 } crypto_provider_info_v1_t;
697
698 typedef struct crypto_provider_info_v2 {
699 crypto_provider_info_v1_t v1_info;
700 uint_t pi_flags;
701 } crypto_provider_info_v2_t;
702
703 typedef struct crypto_provider_info {
704 union {
705 crypto_provider_info_v2_t piu_v2;
706 crypto_provider_info_v1_t piu_v1;
707 } piu;
708 } crypto_provider_info_t;
709
710 #define pi_interface_version piu.piu_v1.pi_interface_version
711 #define pi_provider_description piu.piu_v1.pi_provider_description
712 #define pi_provider_type piu.piu_v1.pi_provider_type
713 #define pi_provider_dev piu.piu_v1.pi_provider_dev
714 #define pi_provider_handle piu.piu_v1.pi_provider_handle
715 #define pi_ops_vector piu.piu_v1.pi_ops_vector
716 #define pi_mech_list_count piu.piu_v1.pi_mech_list_count
717 #define pi_mechanisms piu.piu_v1.pi_mechanisms
718 #define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count
719 #define pi_logical_providers piu.piu_v1.pi_logical_providers
720 #define pi_flags piu.piu_v2.pi_flags
721
722 /* hidden providers can only be accessed via a logical provider */
723 #define CRYPTO_HIDE_PROVIDER 0x00000001
724 /*
725 * provider can not do multi-part digest (updates) and has a limit
726 * on maximum input data that it can digest. The provider sets
727 * this value in crypto_provider_ext_info_t by implementing
728 * the ext_info entry point in the co_provider_ops vector.
729 */
730 #define CRYPTO_HASH_NO_UPDATE 0x00000002
731 /*
732 * provider can not do multi-part HMAC (updates) and has a limit
733 * on maximum input data that it can hmac. The provider sets
734 * this value in crypto_provider_ext_info_t by implementing
735 * the ext_info entry point in the co_provider_ops vector.
736 */
737 #define CRYPTO_HMAC_NO_UPDATE 0x00000008
738
739 /* provider can handle the request without returning a CRYPTO_QUEUED */
740 #define CRYPTO_SYNCHRONOUS 0x00000004
741
742 #define CRYPTO_PIFLAGS_RESERVED2 0x40000000
743 #define CRYPTO_PIFLAGS_RESERVED1 0x80000000
744
745 /*
746 * Provider status passed by a provider to crypto_provider_notification(9F)
747 * and returned by the provider_stauts(9E) entry point.
748 */
749 #define CRYPTO_PROVIDER_READY 0
750 #define CRYPTO_PROVIDER_BUSY 1
751 #define CRYPTO_PROVIDER_FAILED 2
752
753 /*
754 * Functions exported by Solaris to cryptographic providers. Providers
755 * call these functions to register and unregister, notify the kernel
756 * of state changes, and notify the kernel when a asynchronous request
757 * completed.
758 */
759 extern int crypto_register_provider(crypto_provider_info_t *,
760 crypto_kcf_provider_handle_t *);
761 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t);
762 extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t);
763 extern void crypto_op_notification(crypto_req_handle_t, int);
764 extern int crypto_kmflag(crypto_req_handle_t);
765
766 #endif /* _KERNEL */
767
768 #ifdef __cplusplus
769 }
770 #endif
771
772 #endif /* _SYS_CRYPTO_SPI_H */
Unleashed OS