]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - zfs/module/icp/include/sys/crypto/impl.h
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: [Packaging] dkms -- build zfs/spl packages
[mirror_ubuntu-bionic-kernel.git] / zfs / module / icp / include / sys / crypto / impl.h
CommitLineData
86e3c28a
CIK		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef _SYS_CRYPTO_IMPL_H
27#define _SYS_CRYPTO_IMPL_H
28
29/*
30 * Kernel Cryptographic Framework private implementation definitions.
31 */
32
33#include <sys/zfs_context.h>
34#include <sys/crypto/common.h>
35#include <sys/crypto/api.h>
36#include <sys/crypto/spi.h>
37#include <sys/crypto/ioctl.h>
38
39#ifdef __cplusplus
40extern "C" {
41#endif
42
43#define KCF_MODULE "kcf"
44
45/*
46 * Prefixes convention: structures internal to the kernel cryptographic
47 * framework start with 'kcf_'. Exposed structure start with 'crypto_'.
48 */
49
50/* Provider stats. Not protected. */
51typedef struct kcf_prov_stats {
52 kstat_named_t ps_ops_total;
53 kstat_named_t ps_ops_passed;
54 kstat_named_t ps_ops_failed;
55 kstat_named_t ps_ops_busy_rval;
56} kcf_prov_stats_t;
57
58/* Various kcf stats. Not protected. */
59typedef struct kcf_stats {
60 kstat_named_t ks_thrs_in_pool;
61 kstat_named_t ks_idle_thrs;
62 kstat_named_t ks_minthrs;
63 kstat_named_t ks_maxthrs;
64 kstat_named_t ks_swq_njobs;
65 kstat_named_t ks_swq_maxjobs;
66 kstat_named_t ks_taskq_threads;
67 kstat_named_t ks_taskq_minalloc;
68 kstat_named_t ks_taskq_maxalloc;
69} kcf_stats_t;
70
71/*
72 * Keep all the information needed by the scheduler from
73 * this provider.
74 */
75typedef struct kcf_sched_info {
76 /* The number of operations dispatched. */
77 uint64_t ks_ndispatches;
78
79 /* The number of operations that failed. */
80 uint64_t ks_nfails;
81
82 /* The number of operations that returned CRYPTO_BUSY. */
83 uint64_t ks_nbusy_rval;
84
85 /* taskq used to dispatch crypto requests */
86 taskq_t *ks_taskq;
87} kcf_sched_info_t;
88
89/*
90 * pd_irefcnt approximates the number of inflight requests to the
91 * provider. Though we increment this counter during registration for
92 * other purposes, that base value is mostly same across all providers.
93 * So, it is a good measure of the load on a provider when it is not
94 * in a busy state. Once a provider notifies it is busy, requests
95 * backup in the taskq. So, we use tq_nalloc in that case which gives
96 * the number of task entries in the task queue. Note that we do not
97 * acquire any locks here as it is not critical to get the exact number
98 * and the lock contention may be too costly for this code path.
99 */
100#define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \
101 (pd)->pd_irefcnt : (pd)->pd_sched_info.ks_taskq->tq_nalloc)
102
103#define KCF_PROV_INCRSTATS(pd, error) { \
104 (pd)->pd_sched_info.ks_ndispatches++; \
105 if (error == CRYPTO_BUSY) \
106 (pd)->pd_sched_info.ks_nbusy_rval++; \
107 else if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) \
108 (pd)->pd_sched_info.ks_nfails++; \
109}
110
111
112/*
113 * The following two macros should be
114 * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2)
115 * #define KCF_MAXMECHTAB KCF_MAXCIPHER
116 *
117 * However, doing that would involve reorganizing the header file a bit.
118 * When impl.h is broken up (bug# 4703218), this will be done. For now,
119 * we hardcode these values.
120 */
121#define KCF_OPS_CLASSSIZE 8
122#define KCF_MAXMECHTAB 32
123
124/*
125 * Valid values for the state of a provider. The order of
126 * the elements is important.
127 *
128 * Routines which get a provider or the list of providers
129 * should pick only those that are either in KCF_PROV_READY state
130 * or in KCF_PROV_BUSY state.
131 */
132typedef enum {
133 KCF_PROV_ALLOCATED = 1,
134 KCF_PROV_UNVERIFIED,
135 KCF_PROV_VERIFICATION_FAILED,
136 /*
137 * state < KCF_PROV_READY means the provider can not
138 * be used at all.
139 */
140 KCF_PROV_READY,
141 KCF_PROV_BUSY,
142 /*
143 * state > KCF_PROV_BUSY means the provider can not
144 * be used for new requests.
145 */
146 KCF_PROV_FAILED,
147 /*
148 * Threads setting the following two states should do so only
149 * if the current state < KCF_PROV_DISABLED.
150 */
151 KCF_PROV_DISABLED,
152 KCF_PROV_REMOVED,
153 KCF_PROV_FREED
154} kcf_prov_state_t;
155
156#define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED)
157#define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \
158 (pd)->pd_state == KCF_PROV_BUSY)
159#define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_REMOVED)
160
161/* Internal flags valid for pd_flags field */
162#define KCF_PROV_RESTRICTED 0x40000000
163#define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */
164
165/*
166 * A provider descriptor structure. There is one such structure per
167 * provider. It is allocated and initialized at registration time and
168 * freed when the provider unregisters.
169 *
170 * pd_prov_type: Provider type, hardware or software
171 * pd_sid: Session ID of the provider used by kernel clients.
172 * This is valid only for session-oriented providers.
173 * pd_refcnt: Reference counter to this provider descriptor
174 * pd_irefcnt: References held by the framework internal structs
175 * pd_lock: lock protects pd_state and pd_provider_list
176 * pd_state: State value of the provider
177 * pd_provider_list: Used to cross-reference logical providers and their
178 * members. Not used for software providers.
179 * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY
180 * pd_prov_handle: Provider handle specified by provider
181 * pd_ops_vector: The ops vector specified by Provider
182 * pd_mech_indx: Lookup table which maps a core framework mechanism
183 * number to an index in pd_mechanisms array
184 * pd_mechanisms: Array of mechanisms supported by the provider, specified
185 * by the provider during registration
186 * pd_sched_info: Scheduling information associated with the provider
187 * pd_mech_list_count: The number of entries in pi_mechanisms, specified
188 * by the provider during registration
189 * pd_name: Device name or module name
190 * pd_instance: Device instance
191 * pd_module_id: Module ID returned by modload
192 * pd_mctlp: Pointer to modctl structure for this provider
193 * pd_remove_cv: cv to wait on while the provider queue drains
194 * pd_description: Provider description string
195 * pd_flags bitwise OR of pi_flags from crypto_provider_info_t
196 * and other internal flags defined above.
197 * pd_hash_limit Maximum data size that hash mechanisms of this provider
198 * can support.
199 * pd_kcf_prov_handle: KCF-private handle assigned by KCF
200 * pd_prov_id: Identification # assigned by KCF to provider
201 * pd_kstat: kstat associated with the provider
202 * pd_ks_data: kstat data
203 */
204typedef struct kcf_provider_desc {
205 crypto_provider_type_t pd_prov_type;
206 crypto_session_id_t pd_sid;
207 uint_t pd_refcnt;
208 uint_t pd_irefcnt;
209 kmutex_t pd_lock;
210 kcf_prov_state_t pd_state;
211 struct kcf_provider_list *pd_provider_list;
212 kcondvar_t pd_resume_cv;
213 crypto_provider_handle_t pd_prov_handle;
214 crypto_ops_t *pd_ops_vector;
215 ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\
216 [KCF_MAXMECHTAB];
217 crypto_mech_info_t *pd_mechanisms;
218 kcf_sched_info_t pd_sched_info;
219 uint_t pd_mech_list_count;
220 // char *pd_name;
221 // uint_t pd_instance;
222 // int pd_module_id;
223 // struct modctl *pd_mctlp;
224 kcondvar_t pd_remove_cv;
225 char *pd_description;
226 uint_t pd_flags;
227 uint_t pd_hash_limit;
228 crypto_kcf_provider_handle_t pd_kcf_prov_handle;
229 crypto_provider_id_t pd_prov_id;
230 kstat_t *pd_kstat;
231 kcf_prov_stats_t pd_ks_data;
232} kcf_provider_desc_t;
233
234/* useful for making a list of providers */
235typedef struct kcf_provider_list {
236 struct kcf_provider_list *pl_next;
237 struct kcf_provider_desc *pl_provider;
238} kcf_provider_list_t;
239
240/* atomic operations in linux implictly form a memory barrier */
241#define membar_exit()
242
243/*
244 * If a component has a reference to a kcf_provider_desc_t,
245 * it REFHOLD()s. A new provider descriptor which is referenced only
246 * by the providers table has a reference counter of one.
247 */
248#define KCF_PROV_REFHOLD(desc) { \
249 atomic_add_32(&(desc)->pd_refcnt, 1); \
250 ASSERT((desc)->pd_refcnt != 0); \
251}
252
253#define KCF_PROV_IREFHOLD(desc) { \
254 atomic_add_32(&(desc)->pd_irefcnt, 1); \
255 ASSERT((desc)->pd_irefcnt != 0); \
256}
257
258#define KCF_PROV_IREFRELE(desc) { \
259 ASSERT((desc)->pd_irefcnt != 0); \
260 membar_exit(); \
261 if (atomic_add_32_nv(&(desc)->pd_irefcnt, -1) == 0) { \
262 cv_broadcast(&(desc)->pd_remove_cv); \
263 } \
264}
265
266#define KCF_PROV_REFHELD(desc) ((desc)->pd_refcnt >= 1)
267
268#define KCF_PROV_REFRELE(desc) { \
269 ASSERT((desc)->pd_refcnt != 0); \
270 membar_exit(); \
271 if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) { \
272 kcf_provider_zero_refcnt((desc)); \
273 } \
274}
275
276
277/* list of crypto_mech_info_t valid as the second mech in a dual operation */
278
279typedef struct crypto_mech_info_list {
280 struct crypto_mech_info_list *ml_next;
281 crypto_mech_type_t ml_kcf_mechid; /* KCF's id */
282 crypto_mech_info_t ml_mech_info;
283} crypto_mech_info_list_t;
284
285/*
286 * An element in a mechanism provider descriptors chain.
287 * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs
288 * to. This is a small tradeoff memory vs mutex spinning time to access the
289 * common provider field.
290 */
291
292typedef struct kcf_prov_mech_desc {
293 struct kcf_mech_entry *pm_me; /* Back to the head */
294 struct kcf_prov_mech_desc *pm_next; /* Next in the chain */
295 crypto_mech_info_t pm_mech_info; /* Provider mech info */
296 crypto_mech_info_list_t *pm_mi_list; /* list for duals */
297 kcf_provider_desc_t *pm_prov_desc; /* Common desc. */
298} kcf_prov_mech_desc_t;
299
300/* and the notation shortcuts ... */
301#define pm_provider_type pm_prov_desc.pd_provider_type
302#define pm_provider_handle pm_prov_desc.pd_provider_handle
303#define pm_ops_vector pm_prov_desc.pd_ops_vector
304
305/*
306 * A mechanism entry in an xxx_mech_tab[]. me_pad was deemed
307 * to be unnecessary and removed.
308 */
309typedef struct kcf_mech_entry {
310 crypto_mech_name_t me_name; /* mechanism name */
311 crypto_mech_type_t me_mechid; /* Internal id for mechanism */
312 kmutex_t me_mutex; /* access protection */
313 kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */
314 kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */
315 /*
316 * Number of HW providers in the chain. There is only one
317 * SW provider. So, we need only a count of HW providers.
318 */
319 int me_num_hwprov;
320 /*
321 * When a SW provider is present, this is the generation number that
322 * ensures no objects from old SW providers are used in the new one
323 */
324 uint32_t me_gen_swprov;
325 /*
326 * threshold for using hardware providers for this mech
327 */
328 size_t me_threshold;
329} kcf_mech_entry_t;
330
331/*
332 * A policy descriptor structure. It is allocated and initialized
333 * when administrative ioctls load disabled mechanisms.
334 *
335 * pd_prov_type: Provider type, hardware or software
336 * pd_name: Device name or module name.
337 * pd_instance: Device instance.
338 * pd_refcnt: Reference counter for this policy descriptor
339 * pd_mutex: Protects array and count of disabled mechanisms.
340 * pd_disabled_count: Count of disabled mechanisms.
341 * pd_disabled_mechs: Array of disabled mechanisms.
342 */
343typedef struct kcf_policy_desc {
344 crypto_provider_type_t pd_prov_type;
345 char *pd_name;
346 uint_t pd_instance;
347 uint_t pd_refcnt;
348 kmutex_t pd_mutex;
349 uint_t pd_disabled_count;
350 crypto_mech_name_t *pd_disabled_mechs;
351} kcf_policy_desc_t;
352
353/*
354 * If a component has a reference to a kcf_policy_desc_t,
355 * it REFHOLD()s. A new policy descriptor which is referenced only
356 * by the policy table has a reference count of one.
357 */
358#define KCF_POLICY_REFHOLD(desc) { \
359 atomic_add_32(&(desc)->pd_refcnt, 1); \
360 ASSERT((desc)->pd_refcnt != 0); \
361}
362
363/*
364 * Releases a reference to a policy descriptor. When the last
365 * reference is released, the descriptor is freed.
366 */
367#define KCF_POLICY_REFRELE(desc) { \
368 ASSERT((desc)->pd_refcnt != 0); \
369 membar_exit(); \
370 if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) \
371 kcf_policy_free_desc(desc); \
372}
373
374/*
375 * This entry stores the name of a software module and its
376 * mechanisms. The mechanisms are 'hints' that are used to
377 * trigger loading of the module.
378 */
379typedef struct kcf_soft_conf_entry {
380 struct kcf_soft_conf_entry *ce_next;
381 char *ce_name;
382 crypto_mech_name_t *ce_mechs;
383 uint_t ce_count;
384} kcf_soft_conf_entry_t;
385
386extern kmutex_t soft_config_mutex;
387extern kcf_soft_conf_entry_t *soft_config_list;
388
389/*
390 * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms,
391 * with a margin of few extra empty entry points
392 */
393
394#define KCF_MAXDIGEST 16 /* Digests */
395#define KCF_MAXCIPHER 64 /* Ciphers */
396#define KCF_MAXMAC 40 /* Message authentication codes */
397#define KCF_MAXSIGN 24 /* Sign/Verify */
398#define KCF_MAXKEYOPS 116 /* Key generation and derivation */
399#define KCF_MAXMISC 16 /* Others ... */
400
401#define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \
402 KCF_MAXSIGN + KCF_MAXKEYOPS + \
403 KCF_MAXMISC
404
405extern kcf_mech_entry_t kcf_digest_mechs_tab[];
406extern kcf_mech_entry_t kcf_cipher_mechs_tab[];
407extern kcf_mech_entry_t kcf_mac_mechs_tab[];
408extern kcf_mech_entry_t kcf_sign_mechs_tab[];
409extern kcf_mech_entry_t kcf_keyops_mechs_tab[];
410extern kcf_mech_entry_t kcf_misc_mechs_tab[];
411
412extern kmutex_t kcf_mech_tabs_lock;
413
414typedef enum {
415 KCF_DIGEST_CLASS = 1,
416 KCF_CIPHER_CLASS,
417 KCF_MAC_CLASS,
418 KCF_SIGN_CLASS,
419 KCF_KEYOPS_CLASS,
420 KCF_MISC_CLASS
421} kcf_ops_class_t;
422
423#define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS
424#define KCF_LAST_OPSCLASS KCF_MISC_CLASS
425
426/* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */
427
428typedef struct kcf_mech_entry_tab {
429 int met_size; /* Size of the met_tab[] */
430 kcf_mech_entry_t *met_tab; /* the table */
431} kcf_mech_entry_tab_t;
432
433extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
434
435#define KCF_MECHID(class, index) \
436 (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index))
437
438#define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32))
439
440#define KCF_MECH2INDEX(mech_type) ((int)(mech_type))
441
442#define KCF_TO_PROV_MECH_INDX(pd, mech_type) \
443 ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \
444 [KCF_MECH2INDEX(mech_type)])
445
446#define KCF_TO_PROV_MECHINFO(pd, mech_type) \
447 ((pd)->pd_mechanisms[KCF_TO_PROV_MECH_INDX(pd, mech_type)])
448
449#define KCF_TO_PROV_MECHNUM(pd, mech_type) \
450 (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number)
451
452#define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \
453 ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \
454 CRYPTO_CAN_SHARE_OPSTATE)
455
456/* ps_refcnt is protected by cm_lock in the crypto_minor structure */
457typedef struct crypto_provider_session {
458 struct crypto_provider_session *ps_next;
459 crypto_session_id_t ps_session;
460 kcf_provider_desc_t *ps_provider;
461 kcf_provider_desc_t *ps_real_provider;
462 uint_t ps_refcnt;
463} crypto_provider_session_t;
464
465typedef struct crypto_session_data {
466 kmutex_t sd_lock;
467 kcondvar_t sd_cv;
468 uint32_t sd_flags;
469 int sd_pre_approved_amount;
470 crypto_ctx_t *sd_digest_ctx;
471 crypto_ctx_t *sd_encr_ctx;
472 crypto_ctx_t *sd_decr_ctx;
473 crypto_ctx_t *sd_sign_ctx;
474 crypto_ctx_t *sd_verify_ctx;
475 crypto_ctx_t *sd_sign_recover_ctx;
476 crypto_ctx_t *sd_verify_recover_ctx;
477 kcf_provider_desc_t *sd_provider;
478 void *sd_find_init_cookie;
479 crypto_provider_session_t *sd_provider_session;
480} crypto_session_data_t;
481
482#define CRYPTO_SESSION_IN_USE 0x00000001
483#define CRYPTO_SESSION_IS_BUSY 0x00000002
484#define CRYPTO_SESSION_IS_CLOSED 0x00000004
485
486#define KCF_MAX_PIN_LEN 1024
487
488/*
489 * Per-minor info.
490 *
491 * cm_lock protects everything in this structure except for cm_refcnt.
492 */
493typedef struct crypto_minor {
494 uint_t cm_refcnt;
495 kmutex_t cm_lock;
496 kcondvar_t cm_cv;
497 crypto_session_data_t **cm_session_table;
498 uint_t cm_session_table_count;
499 kcf_provider_desc_t **cm_provider_array;
500 uint_t cm_provider_count;
501 crypto_provider_session_t *cm_provider_session;
502} crypto_minor_t;
503
504/*
505 * Return codes for internal functions
506 */
507#define KCF_SUCCESS 0x0 /* Successful call */
508#define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */
509#define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */
510#define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */
511#define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */
512#define KCF_INVALID_INDX ((ushort_t)-1)
513
514/*
515 * kCF internal mechanism and function group for tracking RNG providers.
516 */
517#define SUN_RANDOM "random"
518#define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */
519
520/*
521 * Wrappers for ops vectors. In the wrapper definitions below, the pd
522 * argument always corresponds to a pointer to a provider descriptor
523 * of type kcf_prov_desc_t.
524 */
525
526#define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops)
527#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops)
528#define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops)
529#define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops)
530#define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops)
531#define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops)
532#define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops)
533#define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops)
534#define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \
535 ((pd)->pd_ops_vector->co_dual_cipher_mac_ops)
536#define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops)
537#define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops)
538#define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops)
539#define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops)
540#define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
541#define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops)
542#define KCF_PROV_NOSTORE_KEY_OPS(pd) \
543 ((pd)->pd_ops_vector->co_nostore_key_ops)
544
545/*
546 * Wrappers for crypto_control_ops(9S) entry points.
547 */
548
549#define KCF_PROV_STATUS(pd, status) ( \
550 (KCF_PROV_CONTROL_OPS(pd) && \
551 KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \
552 KCF_PROV_CONTROL_OPS(pd)->provider_status( \
553 (pd)->pd_prov_handle, status) : \
554 CRYPTO_NOT_SUPPORTED)
555
556/*
557 * Wrappers for crypto_ctx_ops(9S) entry points.
558 */
559
560#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \
561 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \
562 KCF_PROV_CTX_OPS(pd)->create_ctx_template( \
563 (pd)->pd_prov_handle, mech, key, template, size, req) : \
564 CRYPTO_NOT_SUPPORTED)
565
566#define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \
567 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \
568 KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED)
569
570#define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \
571 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \
572 KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \
573 (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \
574 CRYPTO_NOT_SUPPORTED)
575
576#define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \
577 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \
578 KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \
579 (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \
580 CRYPTO_NOT_SUPPORTED)
581
582#define KCF_PROV_FREE_MECH(pd, prov_mech) ( \
583 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \
584 KCF_PROV_MECH_OPS(pd)->free_mechanism( \
585 (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED)
586
587/*
588 * Wrappers for crypto_digest_ops(9S) entry points.
589 */
590
591#define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \
592 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \
593 KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \
594 CRYPTO_NOT_SUPPORTED)
595
596/*
597 * The _ (underscore) in _digest is needed to avoid replacing the
598 * function digest().
599 */
600#define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \
601 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \
602 KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \
603 CRYPTO_NOT_SUPPORTED)
604
605#define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \
606 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \
607 KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \
608 CRYPTO_NOT_SUPPORTED)
609
610#define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \
611 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \
612 KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \
613 CRYPTO_NOT_SUPPORTED)
614
615#define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \
616 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \
617 KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \
618 CRYPTO_NOT_SUPPORTED)
619
620#define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \
621 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \
622 KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \
623 (pd)->pd_prov_handle, session, mech, data, digest, req) : \
624 CRYPTO_NOT_SUPPORTED)
625
626/*
627 * Wrappers for crypto_cipher_ops(9S) entry points.
628 */
629
630#define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \
631 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \
632 KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \
633 req) : \
634 CRYPTO_NOT_SUPPORTED)
635
636#define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \
637 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \
638 KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \
639 CRYPTO_NOT_SUPPORTED)
640
641#define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
642 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \
643 KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \
644 ciphertext, req) : \
645 CRYPTO_NOT_SUPPORTED)
646
647#define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \
648 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \
649 KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \
650 CRYPTO_NOT_SUPPORTED)
651
652#define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \
653 template, req) ( \
654 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \
655 KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \
656 (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \
657 template, req) : \
658 CRYPTO_NOT_SUPPORTED)
659
660#define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \
661 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \
662 KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \
663 req) : \
664 CRYPTO_NOT_SUPPORTED)
665
666#define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \
667 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \
668 KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \
669 CRYPTO_NOT_SUPPORTED)
670
671#define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
672 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \
673 KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \
674 plaintext, req) : \
675 CRYPTO_NOT_SUPPORTED)
676
677#define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \
678 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \
679 KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \
680 CRYPTO_NOT_SUPPORTED)
681
682#define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \
683 template, req) ( \
684 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \
685 KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \
686 (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \
687 template, req) : \
688 CRYPTO_NOT_SUPPORTED)
689
690/*
691 * Wrappers for crypto_mac_ops(9S) entry points.
692 */
693
694#define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \
695 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \
696 KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \
697 : CRYPTO_NOT_SUPPORTED)
698
699/*
700 * The _ (underscore) in _mac is needed to avoid replacing the
701 * function mac().
702 */
703#define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \
704 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \
705 KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \
706 CRYPTO_NOT_SUPPORTED)
707
708#define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \
709 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \
710 KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \
711 CRYPTO_NOT_SUPPORTED)
712
713#define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \
714 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \
715 KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \
716 CRYPTO_NOT_SUPPORTED)
717
718#define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \
719 req) ( \
720 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \
721 KCF_PROV_MAC_OPS(pd)->mac_atomic( \
722 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \
723 req) : \
724 CRYPTO_NOT_SUPPORTED)
725
726#define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \
727 template, req) ( \
728 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \
729 KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \
730 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \
731 req) : \
732 CRYPTO_NOT_SUPPORTED)
733
734/*
735 * Wrappers for crypto_sign_ops(9S) entry points.
736 */
737
738#define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \
739 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \
740 KCF_PROV_SIGN_OPS(pd)->sign_init( \
741 ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED)
742
743#define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \
744 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \
745 KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \
746 CRYPTO_NOT_SUPPORTED)
747
748#define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \
749 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \
750 KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \
751 CRYPTO_NOT_SUPPORTED)
752
753#define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \
754 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \
755 KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \
756 CRYPTO_NOT_SUPPORTED)
757
758#define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \
759 sig, req) ( \
760 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \
761 KCF_PROV_SIGN_OPS(pd)->sign_atomic( \
762 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
763 req) : CRYPTO_NOT_SUPPORTED)
764
765#define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \
766 req) ( \
767 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \
768 KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \
769 req) : CRYPTO_NOT_SUPPORTED)
770
771#define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \
772 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \
773 KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \
774 CRYPTO_NOT_SUPPORTED)
775
776#define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \
777 sig, req) ( \
778 (KCF_PROV_SIGN_OPS(pd) && \
779 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \
780 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \
781 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
782 req) : CRYPTO_NOT_SUPPORTED)
783
784/*
785 * Wrappers for crypto_verify_ops(9S) entry points.
786 */
787
788#define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \
789 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \
790 KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \
791 req) : CRYPTO_NOT_SUPPORTED)
792
793#define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \
794 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->do_verify) ? \
795 KCF_PROV_VERIFY_OPS(pd)->do_verify(ctx, data, sig, req) : \
796 CRYPTO_NOT_SUPPORTED)
797
798#define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \
799 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \
800 KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \
801 CRYPTO_NOT_SUPPORTED)
802
803#define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \
804 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \
805 KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \
806 CRYPTO_NOT_SUPPORTED)
807
808#define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \
809 req) ( \
810 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \
811 KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \
812 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
813 req) : CRYPTO_NOT_SUPPORTED)
814
815#define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \
816 req) ( \
817 (KCF_PROV_VERIFY_OPS(pd) && \
818 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \
819 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \
820 template, req) : CRYPTO_NOT_SUPPORTED)
821
822/* verify_recover() CSPI routine has different argument order than verify() */
823#define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \
824 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \
825 KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \
826 CRYPTO_NOT_SUPPORTED)
827
828/*
829 * verify_recover_atomic() CSPI routine has different argument order
830 * than verify_atomic().
831 */
832#define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \
833 template, data, req) ( \
834 (KCF_PROV_VERIFY_OPS(pd) && \
835 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \
836 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \
837 (pd)->pd_prov_handle, session, mech, key, sig, data, template, \
838 req) : CRYPTO_NOT_SUPPORTED)
839
840/*
841 * Wrappers for crypto_dual_ops(9S) entry points.
842 */
843
844#define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \
845 ciphertext, req) ( \
846 (KCF_PROV_DUAL_OPS(pd) && \
847 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \
848 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \
849 digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
850 CRYPTO_NOT_SUPPORTED)
851
852#define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \
853 plaintext, req) ( \
854 (KCF_PROV_DUAL_OPS(pd) && \
855 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \
856 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \
857 decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \
858 CRYPTO_NOT_SUPPORTED)
859
860#define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \
861 ciphertext, req) ( \
862 (KCF_PROV_DUAL_OPS(pd) && \
863 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \
864 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \
865 sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
866 CRYPTO_NOT_SUPPORTED)
867
868#define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \
869 plaintext, req) ( \
870 (KCF_PROV_DUAL_OPS(pd) && \
871 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \
872 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \
873 decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \
874 CRYPTO_NOT_SUPPORTED)
875
876/*
877 * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points.
878 */
879
880#define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \
881 mac_key, encr_ctx_template, mac_ctx_template, req) ( \
882 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
883 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \
884 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \
885 ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \
886 mac_ctx_template, req) : \
887 CRYPTO_NOT_SUPPORTED)
888
889#define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \
890 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
891 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \
892 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \
893 ctx, plaintext, ciphertext, mac, req) : \
894 CRYPTO_NOT_SUPPORTED)
895
896#define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
897 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
898 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \
899 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \
900 ctx, plaintext, ciphertext, req) : \
901 CRYPTO_NOT_SUPPORTED)
902
903#define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \
904 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
905 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \
906 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \
907 ctx, ciphertext, mac, req) : \
908 CRYPTO_NOT_SUPPORTED)
909
910#define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \
911 mac_mech, mac_key, plaintext, ciphertext, mac, \
912 encr_ctx_template, mac_ctx_template, req) ( \
913 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
914 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \
915 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \
916 (pd)->pd_prov_handle, session, encr_mech, encr_key, \
917 mac_mech, mac_key, plaintext, ciphertext, mac, \
918 encr_ctx_template, mac_ctx_template, req) : \
919 CRYPTO_NOT_SUPPORTED)
920
921#define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \
922 decr_key, mac_ctx_template, decr_ctx_template, req) ( \
923 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
924 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \
925 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \
926 ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \
927 decr_ctx_template, req) : \
928 CRYPTO_NOT_SUPPORTED)
929
930#define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \
931 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
932 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \
933 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \
934 ctx, ciphertext, mac, plaintext, req) : \
935 CRYPTO_NOT_SUPPORTED)
936
937#define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
938 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
939 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \
940 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \
941 ctx, ciphertext, plaintext, req) : \
942 CRYPTO_NOT_SUPPORTED)
943
944#define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \
945 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
946 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \
947 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \
948 ctx, mac, plaintext, req) : \
949 CRYPTO_NOT_SUPPORTED)
950
951#define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
952 decr_mech, decr_key, ciphertext, mac, plaintext, \
953 mac_ctx_template, decr_ctx_template, req) ( \
954 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
955 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \
956 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \
957 (pd)->pd_prov_handle, session, mac_mech, mac_key, \
958 decr_mech, decr_key, ciphertext, mac, plaintext, \
959 mac_ctx_template, decr_ctx_template, req) : \
960 CRYPTO_NOT_SUPPORTED)
961
962#define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
963 decr_mech, decr_key, ciphertext, mac, plaintext, \
964 mac_ctx_template, decr_ctx_template, req) ( \
965 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
966 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \
967 != NULL) ? \
968 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \
969 (pd)->pd_prov_handle, session, mac_mech, mac_key, \
970 decr_mech, decr_key, ciphertext, mac, plaintext, \
971 mac_ctx_template, decr_ctx_template, req) : \
972 CRYPTO_NOT_SUPPORTED)
973
974/*
975 * Wrappers for crypto_random_number_ops(9S) entry points.
976 */
977
978#define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \
979 (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \
980 KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \
981 session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED)
982
983#define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \
984 (KCF_PROV_RANDOM_OPS(pd) && \
985 KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \
986 KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \
987 session, buf, len, req) : CRYPTO_NOT_SUPPORTED)
988
989/*
990 * Wrappers for crypto_session_ops(9S) entry points.
991 *
992 * ops_pd is the provider descriptor that supplies the ops_vector.
993 * pd is the descriptor that supplies the provider handle.
994 * Only session open/close needs two handles.
995 */
996
997#define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \
998 (KCF_PROV_SESSION_OPS(ops_pd) && \
999 KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \
1000 KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \
1001 session, req) : CRYPTO_NOT_SUPPORTED)
1002
1003#define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \
1004 (KCF_PROV_SESSION_OPS(ops_pd) && \
1005 KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \
1006 KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \
1007 session, req) : CRYPTO_NOT_SUPPORTED)
1008
1009#define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \
1010 (KCF_PROV_SESSION_OPS(pd) && \
1011 KCF_PROV_SESSION_OPS(pd)->session_login) ? \
1012 KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \
1013 session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED)
1014
1015#define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \
1016 (KCF_PROV_SESSION_OPS(pd) && \
1017 KCF_PROV_SESSION_OPS(pd)->session_logout) ? \
1018 KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \
1019 session, req) : CRYPTO_NOT_SUPPORTED)
1020
1021/*
1022 * Wrappers for crypto_object_ops(9S) entry points.
1023 */
1024
1025#define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \
1026 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \
1027 KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \
1028 session, template, count, object, req) : CRYPTO_NOT_SUPPORTED)
1029
1030#define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \
1031 new_object, req) ( \
1032 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \
1033 KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \
1034 session, object, template, count, new_object, req) : \
1035 CRYPTO_NOT_SUPPORTED)
1036
1037#define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \
1038 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \
1039 KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \
1040 session, object, req) : CRYPTO_NOT_SUPPORTED)
1041
1042#define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \
1043 (KCF_PROV_OBJECT_OPS(pd) && \
1044 KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \
1045 KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \
1046 session, object, size, req) : CRYPTO_NOT_SUPPORTED)
1047
1048#define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \
1049 count, req) ( \
1050 (KCF_PROV_OBJECT_OPS(pd) && \
1051 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \
1052 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \
1053 (pd)->pd_prov_handle, session, object, template, count, req) : \
1054 CRYPTO_NOT_SUPPORTED)
1055
1056#define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \
1057 count, req) ( \
1058 (KCF_PROV_OBJECT_OPS(pd) && \
1059 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \
1060 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \
1061 (pd)->pd_prov_handle, session, object, template, count, req) : \
1062 CRYPTO_NOT_SUPPORTED)
1063
1064#define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \
1065 req) ( \
1066 (KCF_PROV_OBJECT_OPS(pd) && \
1067 KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \
1068 KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \
1069 session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED)
1070
1071#define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \
1072 req) ( \
1073 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \
1074 KCF_PROV_OBJECT_OPS(pd)->object_find( \
1075 (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \
1076 req) : CRYPTO_NOT_SUPPORTED)
1077
1078#define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \
1079 (KCF_PROV_OBJECT_OPS(pd) && \
1080 KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \
1081 KCF_PROV_OBJECT_OPS(pd)->object_find_final( \
1082 (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED)
1083
1084/*
1085 * Wrappers for crypto_key_ops(9S) entry points.
1086 */
1087
1088#define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \
1089 req) ( \
1090 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \
1091 KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \
1092 session, mech, template, count, object, req) : \
1093 CRYPTO_NOT_SUPPORTED)
1094
1095#define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
1096 pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \
1097 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \
1098 KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \
1099 session, mech, pub_template, pub_count, priv_template, \
1100 priv_count, pub_key, priv_key, req) : \
1101 CRYPTO_NOT_SUPPORTED)
1102
1103#define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \
1104 wrapped_key_len, req) ( \
1105 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \
1106 KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \
1107 session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \
1108 req) : \
1109 CRYPTO_NOT_SUPPORTED)
1110
1111#define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \
1112 wrapped_key_len, template, count, key, req) ( \
1113 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \
1114 KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \
1115 session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \
1116 template, count, key, req) : \
1117 CRYPTO_NOT_SUPPORTED)
1118
1119#define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \
1120 key, req) ( \
1121 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \
1122 KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \
1123 session, mech, base_key, template, count, key, req) : \
1124 CRYPTO_NOT_SUPPORTED)
1125
1126#define KCF_PROV_KEY_CHECK(pd, mech, key) ( \
1127 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \
1128 KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \
1129 CRYPTO_NOT_SUPPORTED)
1130
1131/*
1132 * Wrappers for crypto_provider_management_ops(9S) entry points.
1133 *
1134 * ops_pd is the provider descriptor that supplies the ops_vector.
1135 * pd is the descriptor that supplies the provider handle.
1136 * Only ext_info needs two handles.
1137 */
1138
1139#define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \
1140 (KCF_PROV_PROVIDER_OPS(ops_pd) && \
1141 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \
1142 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \
1143 provext_info, req) : CRYPTO_NOT_SUPPORTED)
1144
1145#define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \
1146 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \
1147 KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \
1148 pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED)
1149
1150#define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \
1151 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \
1152 KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \
1153 session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED)
1154
1155#define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \
1156 req) ( \
1157 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \
1158 KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \
1159 session, old_pin, old_len, new_pin, new_len, req) : \
1160 CRYPTO_NOT_SUPPORTED)
1161
1162/*
1163 * Wrappers for crypto_nostore_key_ops(9S) entry points.
1164 */
1165
1166#define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \
1167 out_template, out_count, req) ( \
1168 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1169 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \
1170 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \
1171 (pd)->pd_prov_handle, session, mech, template, count, \
1172 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
1173
1174#define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
1175 pub_count, priv_template, priv_count, out_pub_template, \
1176 out_pub_count, out_priv_template, out_priv_count, req) ( \
1177 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1178 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \
1179 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \
1180 (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \
1181 priv_template, priv_count, out_pub_template, out_pub_count, \
1182 out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED)
1183
1184#define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \
1185 count, out_template, out_count, req) ( \
1186 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1187 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \
1188 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \
1189 (pd)->pd_prov_handle, session, mech, base_key, template, count, \
1190 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
1191
1192/*
1193 * The following routines are exported by the kcf module (/kernel/misc/kcf)
1194 * to the crypto and cryptoadmin modules.
1195 */
1196
1197/* Digest/mac/cipher entry points that take a provider descriptor and session */
1198extern int crypto_digest_single(crypto_context_t, crypto_data_t *,
1199 crypto_data_t *, crypto_call_req_t *);
1200
1201extern int crypto_mac_single(crypto_context_t, crypto_data_t *,
1202 crypto_data_t *, crypto_call_req_t *);
1203
1204extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *,
1205 crypto_data_t *, crypto_call_req_t *);
1206
1207extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *,
1208 crypto_data_t *, crypto_call_req_t *);
1209
1210
1211/* Other private digest/mac/cipher entry points not exported through k-API */
1212extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *,
1213 crypto_call_req_t *);
1214
1215/* Private sign entry points exported by KCF */
1216extern int crypto_sign_single(crypto_context_t, crypto_data_t *,
1217 crypto_data_t *, crypto_call_req_t *);
1218
1219extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *,
1220 crypto_data_t *, crypto_call_req_t *);
1221
1222/* Private verify entry points exported by KCF */
1223extern int crypto_verify_single(crypto_context_t, crypto_data_t *,
1224 crypto_data_t *, crypto_call_req_t *);
1225
1226extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *,
1227 crypto_data_t *, crypto_call_req_t *);
1228
1229/* Private dual operations entry points exported by KCF */
1230extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t,
1231 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1232extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t,
1233 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1234extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t,
1235 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1236extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t,
1237 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1238
1239/* Random Number Generation */
1240int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf,
1241 size_t len, crypto_call_req_t *req);
1242int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf,
1243 size_t len, crypto_call_req_t *req);
1244
1245/* Provider Management */
1246int crypto_get_provider_info(crypto_provider_id_t id,
1247 crypto_provider_info_t **info, crypto_call_req_t *req);
1248int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id,
1249 uint_t *count, crypto_mech_name_t **list);
1250int crypto_init_token(crypto_provider_handle_t provider, char *pin,
1251 size_t pin_len, char *label, crypto_call_req_t *);
1252int crypto_init_pin(crypto_provider_handle_t provider, char *pin,
1253 size_t pin_len, crypto_call_req_t *req);
1254int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin,
1255 size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req);
1256void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count);
1257void crypto_free_provider_info(crypto_provider_info_t *info);
1258
1259/* Administrative */
1260int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list);
1261int crypto_get_soft_list(uint_t *count, char **list, size_t *len);
1262int crypto_get_dev_info(char *name, uint_t instance, uint_t *count,
1263 crypto_mech_name_t **list);
1264int crypto_get_soft_info(caddr_t name, uint_t *count,
1265 crypto_mech_name_t **list);
1266int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count,
1267 crypto_mech_name_t *list);
1268int crypto_load_soft_disabled(caddr_t name, uint_t count,
1269 crypto_mech_name_t *list);
1270int crypto_unload_soft_module(caddr_t path);
1271int crypto_load_soft_config(caddr_t name, uint_t count,
1272 crypto_mech_name_t *list);
1273int crypto_load_door(uint_t did);
1274void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count);
1275void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count);
1276
1277/* Miscellaneous */
1278int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number);
1279int crypto_get_function_list(crypto_provider_id_t id,
1280 crypto_function_list_t **list, int kmflag);
1281void crypto_free_function_list(crypto_function_list_t *list);
1282int crypto_build_permitted_mech_names(kcf_provider_desc_t *,
1283 crypto_mech_name_t **, uint_t *, int);
1284extern void kcf_destroy_mech_tabs(void);
1285extern void kcf_init_mech_tabs(void);
1286extern int kcf_add_mech_provider(short, kcf_provider_desc_t *,
1287 kcf_prov_mech_desc_t **);
1288extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *);
1289extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **);
1290extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *);
1291extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
1292extern void kcf_free_provider_desc(kcf_provider_desc_t *);
1293extern void kcf_soft_config_init(void);
1294extern int get_sw_provider_for_mech(crypto_mech_name_t, char **);
1295extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t);
1296extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
1297extern void redo_register_provider(kcf_provider_desc_t *);
1298extern void kcf_rnd_init(void);
1299extern boolean_t kcf_rngprov_check(void);
1300extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t);
1301extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t, boolean_t);
1302extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t);
1303extern void kcf_rnd_schedule_timeout(boolean_t);
1304extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
1305 void *, void (*update)(void));
1306extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
1307 void *, void (*update)(void));
1308extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
1309extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *);
1310extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *,
1311 int kmflag);
1312extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *,
1313 void (*update)(void), void (*final)(void), uchar_t);
1314extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
1315 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1316 void (*copy_block)(uint8_t *, uint64_t *));
1317extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *,
1318 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1319 void (*copy_block)(uint8_t *, uint64_t *));
1320extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *,
1321 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1322 void (*copy_block)(uint8_t *, uint64_t *));
1323extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **,
1324 ssize_t *);
1325
1326/* Access to the provider's table */
1327extern void kcf_prov_tab_destroy(void);
1328extern void kcf_prov_tab_init(void);
1329extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *);
1330extern int kcf_prov_tab_rem_provider(crypto_provider_id_t);
1331extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *);
1332extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t);
1333extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int,
1334 char *, uint_t, boolean_t);
1335extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t);
1336extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **);
1337extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t);
1338extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **,
1339 kcf_mech_entry_t **, boolean_t);
1340
1341/* Access to the policy table */
1342extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t);
1343extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *,
1344 uint_t, crypto_mech_name_t);
1345extern void kcf_policy_tab_init(void);
1346extern void kcf_policy_free_desc(kcf_policy_desc_t *);
1347extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **);
1348extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *,
1349 crypto_mech_name_t **);
1350extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *);
1351extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t);
1352extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *,
1353 uint_t *, crypto_mech_name_t **);
1354extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t,
1355 crypto_mech_name_t *, uint_t *, crypto_mech_name_t **);
1356extern boolean_t in_soft_config_list(char *);
1357
1358
1359#ifdef __cplusplus
1360}
1361#endif
1362
1363#endif /* _SYS_CRYPTO_IMPL_H */
ubuntu-bionic-kernel mirror