4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
26 #ifndef _SYS_CRYPTO_SPI_H
27 #define _SYS_CRYPTO_SPI_H
30 * CSPI: Cryptographic Service Provider Interface.
33 #include <sys/zfs_context.h>
34 #include <sys/crypto/common.h>
40 #ifdef CONSTIFY_PLUGIN
41 #define __no_const __attribute__((no_const))
44 #endif /* CONSTIFY_PLUGIN */
46 #define CRYPTO_SPI_VERSION_1 1
47 #define CRYPTO_SPI_VERSION_2 2
48 #define CRYPTO_SPI_VERSION_3 3
51 * Provider-private handle. This handle is specified by a provider
52 * when it registers by means of the pi_provider_handle field of
53 * the crypto_provider_info structure, and passed to the provider
54 * when its entry points are invoked.
56 typedef void *crypto_provider_handle_t
;
59 * Context templates can be used to by software providers to pre-process
60 * keying material, such as key schedules. They are allocated by
61 * a software provider create_ctx_template(9E) entry point, and passed
62 * as argument to initialization and atomic provider entry points.
64 typedef void *crypto_spi_ctx_template_t
;
67 * Request handles are used by the kernel to identify an asynchronous
68 * request being processed by a provider. It is passed by the kernel
69 * to a hardware provider when submitting a request, and must be
70 * specified by a provider when calling crypto_op_notification(9F)
72 typedef void *crypto_req_handle_t
;
74 /* Values for cc_flags field */
75 #define CRYPTO_INIT_OPSTATE 0x00000001 /* allocate and init cc_opstate */
76 #define CRYPTO_USE_OPSTATE 0x00000002 /* .. start using it as context */
79 * The context structure is passed from the kernel to a provider.
80 * It contains the information needed to process a multi-part or
81 * single part operation. The context structure is not used
82 * by atomic operations.
84 * Parameters needed to perform a cryptographic operation, such
85 * as keys, mechanisms, input and output buffers, are passed
86 * as separate arguments to Provider routines.
88 typedef struct crypto_ctx
{
89 crypto_provider_handle_t cc_provider
;
90 crypto_session_id_t cc_session
;
91 void *cc_provider_private
; /* owned by provider */
92 void *cc_framework_private
; /* owned by framework */
93 uint32_t cc_flags
; /* flags */
94 void *cc_opstate
; /* state */
98 * Extended provider information.
102 * valid values for ei_flags field of extended info structure
103 * They match the RSA Security, Inc PKCS#11 tokenInfo flags.
105 #define CRYPTO_EXTF_RNG 0x00000001
106 #define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002
107 #define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004
108 #define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008
109 #define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040
110 #define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100
111 #define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200
112 #define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400
113 #define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000
114 #define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000
115 #define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000
116 #define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000
117 #define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000
118 #define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000
119 #define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000
120 #define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000
123 * The crypto_control_ops structure contains pointers to control
124 * operations for cryptographic providers. It is passed through
125 * the crypto_ops(9S) structure when providers register with the
126 * kernel using crypto_register_provider(9F).
128 typedef struct crypto_control_ops
{
129 void (*provider_status
)(crypto_provider_handle_t
, uint_t
*);
130 } __no_const crypto_control_ops_t
;
133 * The crypto_ctx_ops structure contains points to context and context
134 * templates management operations for cryptographic providers. It is
135 * passed through the crypto_ops(9S) structure when providers register
136 * with the kernel using crypto_register_provider(9F).
138 typedef struct crypto_ctx_ops
{
139 int (*create_ctx_template
)(crypto_provider_handle_t
,
140 crypto_mechanism_t
*, crypto_key_t
*,
141 crypto_spi_ctx_template_t
*, size_t *, crypto_req_handle_t
);
142 int (*free_context
)(crypto_ctx_t
*);
143 } __no_const crypto_ctx_ops_t
;
146 * The crypto_digest_ops structure contains pointers to digest
147 * operations for cryptographic providers. It is passed through
148 * the crypto_ops(9S) structure when providers register with the
149 * kernel using crypto_register_provider(9F).
151 typedef struct crypto_digest_ops
{
152 int (*digest_init
)(crypto_ctx_t
*, crypto_mechanism_t
*,
153 crypto_req_handle_t
);
154 int (*digest
)(crypto_ctx_t
*, crypto_data_t
*, crypto_data_t
*,
155 crypto_req_handle_t
);
156 int (*digest_update
)(crypto_ctx_t
*, crypto_data_t
*,
157 crypto_req_handle_t
);
158 int (*digest_key
)(crypto_ctx_t
*, crypto_key_t
*, crypto_req_handle_t
);
159 int (*digest_final
)(crypto_ctx_t
*, crypto_data_t
*,
160 crypto_req_handle_t
);
161 int (*digest_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
162 crypto_mechanism_t
*, crypto_data_t
*,
163 crypto_data_t
*, crypto_req_handle_t
);
164 } __no_const crypto_digest_ops_t
;
167 * The crypto_cipher_ops structure contains pointers to encryption
168 * and decryption operations for cryptographic providers. It is
169 * passed through the crypto_ops(9S) structure when providers register
170 * with the kernel using crypto_register_provider(9F).
172 typedef struct crypto_cipher_ops
{
173 int (*encrypt_init
)(crypto_ctx_t
*,
174 crypto_mechanism_t
*, crypto_key_t
*,
175 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
176 int (*encrypt
)(crypto_ctx_t
*,
177 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
178 int (*encrypt_update
)(crypto_ctx_t
*,
179 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
180 int (*encrypt_final
)(crypto_ctx_t
*,
181 crypto_data_t
*, crypto_req_handle_t
);
182 int (*encrypt_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
183 crypto_mechanism_t
*, crypto_key_t
*, crypto_data_t
*,
184 crypto_data_t
*, crypto_spi_ctx_template_t
, crypto_req_handle_t
);
186 int (*decrypt_init
)(crypto_ctx_t
*,
187 crypto_mechanism_t
*, crypto_key_t
*,
188 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
189 int (*decrypt
)(crypto_ctx_t
*,
190 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
191 int (*decrypt_update
)(crypto_ctx_t
*,
192 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
193 int (*decrypt_final
)(crypto_ctx_t
*,
194 crypto_data_t
*, crypto_req_handle_t
);
195 int (*decrypt_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
196 crypto_mechanism_t
*, crypto_key_t
*, crypto_data_t
*,
197 crypto_data_t
*, crypto_spi_ctx_template_t
, crypto_req_handle_t
);
198 } __no_const crypto_cipher_ops_t
;
201 * The crypto_mac_ops structure contains pointers to MAC
202 * operations for cryptographic providers. It is passed through
203 * the crypto_ops(9S) structure when providers register with the
204 * kernel using crypto_register_provider(9F).
206 typedef struct crypto_mac_ops
{
207 int (*mac_init
)(crypto_ctx_t
*,
208 crypto_mechanism_t
*, crypto_key_t
*,
209 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
210 int (*mac
)(crypto_ctx_t
*,
211 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
212 int (*mac_update
)(crypto_ctx_t
*,
213 crypto_data_t
*, crypto_req_handle_t
);
214 int (*mac_final
)(crypto_ctx_t
*,
215 crypto_data_t
*, crypto_req_handle_t
);
216 int (*mac_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
217 crypto_mechanism_t
*, crypto_key_t
*, crypto_data_t
*,
218 crypto_data_t
*, crypto_spi_ctx_template_t
,
219 crypto_req_handle_t
);
220 int (*mac_verify_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
221 crypto_mechanism_t
*, crypto_key_t
*, crypto_data_t
*,
222 crypto_data_t
*, crypto_spi_ctx_template_t
,
223 crypto_req_handle_t
);
224 } __no_const crypto_mac_ops_t
;
227 * The crypto_sign_ops structure contains pointers to signing
228 * operations for cryptographic providers. It is passed through
229 * the crypto_ops(9S) structure when providers register with the
230 * kernel using crypto_register_provider(9F).
232 typedef struct crypto_sign_ops
{
233 int (*sign_init
)(crypto_ctx_t
*,
234 crypto_mechanism_t
*, crypto_key_t
*, crypto_spi_ctx_template_t
,
235 crypto_req_handle_t
);
236 int (*sign
)(crypto_ctx_t
*,
237 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
238 int (*sign_update
)(crypto_ctx_t
*,
239 crypto_data_t
*, crypto_req_handle_t
);
240 int (*sign_final
)(crypto_ctx_t
*,
241 crypto_data_t
*, crypto_req_handle_t
);
242 int (*sign_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
243 crypto_mechanism_t
*, crypto_key_t
*, crypto_data_t
*,
244 crypto_data_t
*, crypto_spi_ctx_template_t
,
245 crypto_req_handle_t
);
246 int (*sign_recover_init
)(crypto_ctx_t
*, crypto_mechanism_t
*,
247 crypto_key_t
*, crypto_spi_ctx_template_t
,
248 crypto_req_handle_t
);
249 int (*sign_recover
)(crypto_ctx_t
*,
250 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
251 int (*sign_recover_atomic
)(crypto_provider_handle_t
,
252 crypto_session_id_t
, crypto_mechanism_t
*, crypto_key_t
*,
253 crypto_data_t
*, crypto_data_t
*, crypto_spi_ctx_template_t
,
254 crypto_req_handle_t
);
255 } __no_const crypto_sign_ops_t
;
258 * The crypto_verify_ops structure contains pointers to verify
259 * operations for cryptographic providers. It is passed through
260 * the crypto_ops(9S) structure when providers register with the
261 * kernel using crypto_register_provider(9F).
263 typedef struct crypto_verify_ops
{
264 int (*verify_init
)(crypto_ctx_t
*,
265 crypto_mechanism_t
*, crypto_key_t
*, crypto_spi_ctx_template_t
,
266 crypto_req_handle_t
);
267 int (*do_verify
)(crypto_ctx_t
*,
268 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
269 int (*verify_update
)(crypto_ctx_t
*,
270 crypto_data_t
*, crypto_req_handle_t
);
271 int (*verify_final
)(crypto_ctx_t
*,
272 crypto_data_t
*, crypto_req_handle_t
);
273 int (*verify_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
274 crypto_mechanism_t
*, crypto_key_t
*, crypto_data_t
*,
275 crypto_data_t
*, crypto_spi_ctx_template_t
,
276 crypto_req_handle_t
);
277 int (*verify_recover_init
)(crypto_ctx_t
*, crypto_mechanism_t
*,
278 crypto_key_t
*, crypto_spi_ctx_template_t
,
279 crypto_req_handle_t
);
280 int (*verify_recover
)(crypto_ctx_t
*,
281 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
282 int (*verify_recover_atomic
)(crypto_provider_handle_t
,
283 crypto_session_id_t
, crypto_mechanism_t
*, crypto_key_t
*,
284 crypto_data_t
*, crypto_data_t
*, crypto_spi_ctx_template_t
,
285 crypto_req_handle_t
);
286 } __no_const crypto_verify_ops_t
;
289 * The crypto_dual_ops structure contains pointers to dual
290 * cipher and sign/verify operations for cryptographic providers.
291 * It is passed through the crypto_ops(9S) structure when
292 * providers register with the kernel using
293 * crypto_register_provider(9F).
295 typedef struct crypto_dual_ops
{
296 int (*digest_encrypt_update
)(
297 crypto_ctx_t
*, crypto_ctx_t
*, crypto_data_t
*,
298 crypto_data_t
*, crypto_req_handle_t
);
299 int (*decrypt_digest_update
)(
300 crypto_ctx_t
*, crypto_ctx_t
*, crypto_data_t
*,
301 crypto_data_t
*, crypto_req_handle_t
);
302 int (*sign_encrypt_update
)(
303 crypto_ctx_t
*, crypto_ctx_t
*, crypto_data_t
*,
304 crypto_data_t
*, crypto_req_handle_t
);
305 int (*decrypt_verify_update
)(
306 crypto_ctx_t
*, crypto_ctx_t
*, crypto_data_t
*,
307 crypto_data_t
*, crypto_req_handle_t
);
308 } __no_const crypto_dual_ops_t
;
311 * The crypto_dual_cipher_mac_ops structure contains pointers to dual
312 * cipher and MAC operations for cryptographic providers.
313 * It is passed through the crypto_ops(9S) structure when
314 * providers register with the kernel using
315 * crypto_register_provider(9F).
317 typedef struct crypto_dual_cipher_mac_ops
{
318 int (*encrypt_mac_init
)(crypto_ctx_t
*,
319 crypto_mechanism_t
*, crypto_key_t
*, crypto_mechanism_t
*,
320 crypto_key_t
*, crypto_spi_ctx_template_t
,
321 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
322 int (*encrypt_mac
)(crypto_ctx_t
*,
323 crypto_data_t
*, crypto_dual_data_t
*, crypto_data_t
*,
324 crypto_req_handle_t
);
325 int (*encrypt_mac_update
)(crypto_ctx_t
*,
326 crypto_data_t
*, crypto_dual_data_t
*, crypto_req_handle_t
);
327 int (*encrypt_mac_final
)(crypto_ctx_t
*,
328 crypto_dual_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
329 int (*encrypt_mac_atomic
)(crypto_provider_handle_t
, crypto_session_id_t
,
330 crypto_mechanism_t
*, crypto_key_t
*, crypto_mechanism_t
*,
331 crypto_key_t
*, crypto_data_t
*, crypto_dual_data_t
*,
332 crypto_data_t
*, crypto_spi_ctx_template_t
,
333 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
335 int (*mac_decrypt_init
)(crypto_ctx_t
*,
336 crypto_mechanism_t
*, crypto_key_t
*, crypto_mechanism_t
*,
337 crypto_key_t
*, crypto_spi_ctx_template_t
,
338 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
339 int (*mac_decrypt
)(crypto_ctx_t
*,
340 crypto_dual_data_t
*, crypto_data_t
*, crypto_data_t
*,
341 crypto_req_handle_t
);
342 int (*mac_decrypt_update
)(crypto_ctx_t
*,
343 crypto_dual_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
344 int (*mac_decrypt_final
)(crypto_ctx_t
*,
345 crypto_data_t
*, crypto_data_t
*, crypto_req_handle_t
);
346 int (*mac_decrypt_atomic
)(crypto_provider_handle_t
,
347 crypto_session_id_t
, crypto_mechanism_t
*, crypto_key_t
*,
348 crypto_mechanism_t
*, crypto_key_t
*, crypto_dual_data_t
*,
349 crypto_data_t
*, crypto_data_t
*, crypto_spi_ctx_template_t
,
350 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
351 int (*mac_verify_decrypt_atomic
)(crypto_provider_handle_t
,
352 crypto_session_id_t
, crypto_mechanism_t
*, crypto_key_t
*,
353 crypto_mechanism_t
*, crypto_key_t
*, crypto_dual_data_t
*,
354 crypto_data_t
*, crypto_data_t
*, crypto_spi_ctx_template_t
,
355 crypto_spi_ctx_template_t
, crypto_req_handle_t
);
356 } __no_const crypto_dual_cipher_mac_ops_t
;
359 * The crypto_random_number_ops structure contains pointers to random
360 * number operations for cryptographic providers. It is passed through
361 * the crypto_ops(9S) structure when providers register with the
362 * kernel using crypto_register_provider(9F).
364 typedef struct crypto_random_number_ops
{
365 int (*seed_random
)(crypto_provider_handle_t
, crypto_session_id_t
,
366 uchar_t
*, size_t, uint_t
, uint32_t, crypto_req_handle_t
);
367 int (*generate_random
)(crypto_provider_handle_t
, crypto_session_id_t
,
368 uchar_t
*, size_t, crypto_req_handle_t
);
369 } __no_const crypto_random_number_ops_t
;
372 * Flag values for seed_random.
374 #define CRYPTO_SEED_NOW 0x00000001
377 * The crypto_session_ops structure contains pointers to session
378 * operations for cryptographic providers. It is passed through
379 * the crypto_ops(9S) structure when providers register with the
380 * kernel using crypto_register_provider(9F).
382 typedef struct crypto_session_ops
{
383 int (*session_open
)(crypto_provider_handle_t
, crypto_session_id_t
*,
384 crypto_req_handle_t
);
385 int (*session_close
)(crypto_provider_handle_t
, crypto_session_id_t
,
386 crypto_req_handle_t
);
387 int (*session_login
)(crypto_provider_handle_t
, crypto_session_id_t
,
388 crypto_user_type_t
, char *, size_t, crypto_req_handle_t
);
389 int (*session_logout
)(crypto_provider_handle_t
, crypto_session_id_t
,
390 crypto_req_handle_t
);
391 } __no_const crypto_session_ops_t
;
394 * The crypto_object_ops structure contains pointers to object
395 * operations for cryptographic providers. It is passed through
396 * the crypto_ops(9S) structure when providers register with the
397 * kernel using crypto_register_provider(9F).
399 typedef struct crypto_object_ops
{
400 int (*object_create
)(crypto_provider_handle_t
, crypto_session_id_t
,
401 crypto_object_attribute_t
*, uint_t
, crypto_object_id_t
*,
402 crypto_req_handle_t
);
403 int (*object_copy
)(crypto_provider_handle_t
, crypto_session_id_t
,
404 crypto_object_id_t
, crypto_object_attribute_t
*, uint_t
,
405 crypto_object_id_t
*, crypto_req_handle_t
);
406 int (*object_destroy
)(crypto_provider_handle_t
, crypto_session_id_t
,
407 crypto_object_id_t
, crypto_req_handle_t
);
408 int (*object_get_size
)(crypto_provider_handle_t
, crypto_session_id_t
,
409 crypto_object_id_t
, size_t *, crypto_req_handle_t
);
410 int (*object_get_attribute_value
)(crypto_provider_handle_t
,
411 crypto_session_id_t
, crypto_object_id_t
,
412 crypto_object_attribute_t
*, uint_t
, crypto_req_handle_t
);
413 int (*object_set_attribute_value
)(crypto_provider_handle_t
,
414 crypto_session_id_t
, crypto_object_id_t
,
415 crypto_object_attribute_t
*, uint_t
, crypto_req_handle_t
);
416 int (*object_find_init
)(crypto_provider_handle_t
, crypto_session_id_t
,
417 crypto_object_attribute_t
*, uint_t
, void **,
418 crypto_req_handle_t
);
419 int (*object_find
)(crypto_provider_handle_t
, void *,
420 crypto_object_id_t
*, uint_t
, uint_t
*, crypto_req_handle_t
);
421 int (*object_find_final
)(crypto_provider_handle_t
, void *,
422 crypto_req_handle_t
);
423 } __no_const crypto_object_ops_t
;
426 * The crypto_key_ops structure contains pointers to key
427 * operations for cryptographic providers. It is passed through
428 * the crypto_ops(9S) structure when providers register with the
429 * kernel using crypto_register_provider(9F).
431 typedef struct crypto_key_ops
{
432 int (*key_generate
)(crypto_provider_handle_t
, crypto_session_id_t
,
433 crypto_mechanism_t
*, crypto_object_attribute_t
*, uint_t
,
434 crypto_object_id_t
*, crypto_req_handle_t
);
435 int (*key_generate_pair
)(crypto_provider_handle_t
, crypto_session_id_t
,
436 crypto_mechanism_t
*, crypto_object_attribute_t
*, uint_t
,
437 crypto_object_attribute_t
*, uint_t
, crypto_object_id_t
*,
438 crypto_object_id_t
*, crypto_req_handle_t
);
439 int (*key_wrap
)(crypto_provider_handle_t
, crypto_session_id_t
,
440 crypto_mechanism_t
*, crypto_key_t
*, crypto_object_id_t
*,
441 uchar_t
*, size_t *, crypto_req_handle_t
);
442 int (*key_unwrap
)(crypto_provider_handle_t
, crypto_session_id_t
,
443 crypto_mechanism_t
*, crypto_key_t
*, uchar_t
*, size_t *,
444 crypto_object_attribute_t
*, uint_t
,
445 crypto_object_id_t
*, crypto_req_handle_t
);
446 int (*key_derive
)(crypto_provider_handle_t
, crypto_session_id_t
,
447 crypto_mechanism_t
*, crypto_key_t
*, crypto_object_attribute_t
*,
448 uint_t
, crypto_object_id_t
*, crypto_req_handle_t
);
449 int (*key_check
)(crypto_provider_handle_t
, crypto_mechanism_t
*,
451 } __no_const crypto_key_ops_t
;
454 * The crypto_provider_management_ops structure contains pointers
455 * to management operations for cryptographic providers. It is passed
456 * through the crypto_ops(9S) structure when providers register with the
457 * kernel using crypto_register_provider(9F).
459 typedef struct crypto_provider_management_ops
{
460 int (*ext_info
)(crypto_provider_handle_t
,
461 crypto_provider_ext_info_t
*, crypto_req_handle_t
);
462 int (*init_token
)(crypto_provider_handle_t
, char *, size_t,
463 char *, crypto_req_handle_t
);
464 int (*init_pin
)(crypto_provider_handle_t
, crypto_session_id_t
,
465 char *, size_t, crypto_req_handle_t
);
466 int (*set_pin
)(crypto_provider_handle_t
, crypto_session_id_t
,
467 char *, size_t, char *, size_t, crypto_req_handle_t
);
468 } __no_const crypto_provider_management_ops_t
;
470 typedef struct crypto_mech_ops
{
471 int (*copyin_mechanism
)(crypto_provider_handle_t
,
472 crypto_mechanism_t
*, crypto_mechanism_t
*, int *, int);
473 int (*copyout_mechanism
)(crypto_provider_handle_t
,
474 crypto_mechanism_t
*, crypto_mechanism_t
*, int *, int);
475 int (*free_mechanism
)(crypto_provider_handle_t
, crypto_mechanism_t
*);
476 } __no_const crypto_mech_ops_t
;
478 typedef struct crypto_nostore_key_ops
{
479 int (*nostore_key_generate
)(crypto_provider_handle_t
,
480 crypto_session_id_t
, crypto_mechanism_t
*,
481 crypto_object_attribute_t
*, uint_t
, crypto_object_attribute_t
*,
482 uint_t
, crypto_req_handle_t
);
483 int (*nostore_key_generate_pair
)(crypto_provider_handle_t
,
484 crypto_session_id_t
, crypto_mechanism_t
*,
485 crypto_object_attribute_t
*, uint_t
, crypto_object_attribute_t
*,
486 uint_t
, crypto_object_attribute_t
*, uint_t
,
487 crypto_object_attribute_t
*, uint_t
, crypto_req_handle_t
);
488 int (*nostore_key_derive
)(crypto_provider_handle_t
, crypto_session_id_t
,
489 crypto_mechanism_t
*, crypto_key_t
*, crypto_object_attribute_t
*,
490 uint_t
, crypto_object_attribute_t
*, uint_t
, crypto_req_handle_t
);
491 } __no_const crypto_nostore_key_ops_t
;
494 * The crypto_ops(9S) structure contains the structures containing
495 * the pointers to functions implemented by cryptographic providers.
496 * It is specified as part of the crypto_provider_info(9S)
497 * supplied by a provider when it registers with the kernel
498 * by calling crypto_register_provider(9F).
500 typedef struct crypto_ops_v1
{
501 crypto_control_ops_t
*co_control_ops
;
502 crypto_digest_ops_t
*co_digest_ops
;
503 crypto_cipher_ops_t
*co_cipher_ops
;
504 crypto_mac_ops_t
*co_mac_ops
;
505 crypto_sign_ops_t
*co_sign_ops
;
506 crypto_verify_ops_t
*co_verify_ops
;
507 crypto_dual_ops_t
*co_dual_ops
;
508 crypto_dual_cipher_mac_ops_t
*co_dual_cipher_mac_ops
;
509 crypto_random_number_ops_t
*co_random_ops
;
510 crypto_session_ops_t
*co_session_ops
;
511 crypto_object_ops_t
*co_object_ops
;
512 crypto_key_ops_t
*co_key_ops
;
513 crypto_provider_management_ops_t
*co_provider_ops
;
514 crypto_ctx_ops_t
*co_ctx_ops
;
517 typedef struct crypto_ops_v2
{
518 crypto_ops_v1_t v1_ops
;
519 crypto_mech_ops_t
*co_mech_ops
;
522 typedef struct crypto_ops_v3
{
523 crypto_ops_v2_t v2_ops
;
524 crypto_nostore_key_ops_t
*co_nostore_key_ops
;
527 typedef struct crypto_ops
{
529 crypto_ops_v3_t cou_v3
;
530 crypto_ops_v2_t cou_v2
;
531 crypto_ops_v1_t cou_v1
;
535 #define co_control_ops cou.cou_v1.co_control_ops
536 #define co_digest_ops cou.cou_v1.co_digest_ops
537 #define co_cipher_ops cou.cou_v1.co_cipher_ops
538 #define co_mac_ops cou.cou_v1.co_mac_ops
539 #define co_sign_ops cou.cou_v1.co_sign_ops
540 #define co_verify_ops cou.cou_v1.co_verify_ops
541 #define co_dual_ops cou.cou_v1.co_dual_ops
542 #define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops
543 #define co_random_ops cou.cou_v1.co_random_ops
544 #define co_session_ops cou.cou_v1.co_session_ops
545 #define co_object_ops cou.cou_v1.co_object_ops
546 #define co_key_ops cou.cou_v1.co_key_ops
547 #define co_provider_ops cou.cou_v1.co_provider_ops
548 #define co_ctx_ops cou.cou_v1.co_ctx_ops
549 #define co_mech_ops cou.cou_v2.co_mech_ops
550 #define co_nostore_key_ops cou.cou_v3.co_nostore_key_ops
553 * The mechanism info structure crypto_mech_info_t contains a function group
554 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t,
555 * specifies the provider entry point that can be used a particular
556 * mechanism. The function group mask is a combination of the following values.
559 typedef uint32_t crypto_func_group_t
;
562 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */
563 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */
564 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */
565 #define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */
566 #define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */
567 #define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */
568 #define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */
569 #define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */
570 #define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */
571 #define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */
572 #define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */
573 #define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */
574 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */
575 #define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */
576 #define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */
577 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */
578 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */
579 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */
580 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */
581 #define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */
582 #define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */
583 #define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */
584 #define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */
585 #define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */
586 #define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */
587 #define CRYPTO_FG_RESERVED 0x80000000
590 * Maximum length of the pi_provider_description field of the
591 * crypto_provider_info structure.
593 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64
596 /* Bit mask for all the simple operations */
597 #define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \
598 CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \
599 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \
600 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \
601 CRYPTO_FG_VERIFY_ATOMIC)
603 /* Bit mask for all the dual operations */
604 #define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \
605 CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \
606 CRYPTO_FG_MAC_DECRYPT_ATOMIC)
608 /* Add other combos to CRYPTO_FG_DUAL_MASK */
609 #define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK
612 * The crypto_mech_info structure specifies one of the mechanisms
613 * supported by a cryptographic provider. The pi_mechanisms field of
614 * the crypto_provider_info structure contains a pointer to an array
615 * of crypto_mech_info's.
617 typedef struct crypto_mech_info
{
618 crypto_mech_name_t cm_mech_name
;
619 crypto_mech_type_t cm_mech_number
;
620 crypto_func_group_t cm_func_group_mask
;
621 ssize_t cm_min_key_length
;
622 ssize_t cm_max_key_length
;
623 uint32_t cm_mech_flags
;
624 } crypto_mech_info_t
;
626 /* Alias the old name to the new name for compatibility. */
627 #define cm_keysize_unit cm_mech_flags
630 * The following is used by a provider that sets
631 * CRYPTO_HASH_NO_UPDATE. It needs to specify the maximum
632 * input data size it can digest in this field.
634 #define cm_max_input_length cm_max_key_length
637 * crypto_kcf_provider_handle_t is a handle allocated by the kernel.
638 * It is returned after the provider registers with
639 * crypto_register_provider(), and must be specified by the provider
640 * when calling crypto_unregister_provider(), and
641 * crypto_provider_notification().
643 typedef uint_t crypto_kcf_provider_handle_t
;
646 * Provider information. Passed as argument to crypto_register_provider(9F).
647 * Describes the provider and its capabilities. Multiple providers can
648 * register for the same device instance. In this case, the same
649 * pi_provider_dev must be specified with a different pi_provider_handle.
651 typedef struct crypto_provider_info_v1
{
652 uint_t pi_interface_version
;
653 char *pi_provider_description
;
654 crypto_provider_type_t pi_provider_type
;
655 crypto_provider_handle_t pi_provider_handle
;
656 crypto_ops_t
*pi_ops_vector
;
657 uint_t pi_mech_list_count
;
658 crypto_mech_info_t
*pi_mechanisms
;
659 uint_t pi_logical_provider_count
;
660 crypto_kcf_provider_handle_t
*pi_logical_providers
;
661 } crypto_provider_info_v1_t
;
663 typedef struct crypto_provider_info_v2
{
664 crypto_provider_info_v1_t v1_info
;
666 } crypto_provider_info_v2_t
;
668 typedef struct crypto_provider_info
{
670 crypto_provider_info_v2_t piu_v2
;
671 crypto_provider_info_v1_t piu_v1
;
673 } crypto_provider_info_t
;
675 #define pi_interface_version piu.piu_v1.pi_interface_version
676 #define pi_provider_description piu.piu_v1.pi_provider_description
677 #define pi_provider_type piu.piu_v1.pi_provider_type
678 #define pi_provider_handle piu.piu_v1.pi_provider_handle
679 #define pi_ops_vector piu.piu_v1.pi_ops_vector
680 #define pi_mech_list_count piu.piu_v1.pi_mech_list_count
681 #define pi_mechanisms piu.piu_v1.pi_mechanisms
682 #define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count
683 #define pi_logical_providers piu.piu_v1.pi_logical_providers
684 #define pi_flags piu.piu_v2.pi_flags
686 /* hidden providers can only be accessed via a logical provider */
687 #define CRYPTO_HIDE_PROVIDER 0x00000001
689 * provider can not do multi-part digest (updates) and has a limit
690 * on maximum input data that it can digest.
692 #define CRYPTO_HASH_NO_UPDATE 0x00000002
694 /* provider can handle the request without returning a CRYPTO_QUEUED */
695 #define CRYPTO_SYNCHRONOUS 0x00000004
697 #define CRYPTO_PIFLAGS_RESERVED2 0x40000000
698 #define CRYPTO_PIFLAGS_RESERVED1 0x80000000
701 * Provider status passed by a provider to crypto_provider_notification(9F)
702 * and returned by the provider_stauts(9E) entry point.
704 #define CRYPTO_PROVIDER_READY 0
705 #define CRYPTO_PROVIDER_BUSY 1
706 #define CRYPTO_PROVIDER_FAILED 2
709 * Functions exported by Solaris to cryptographic providers. Providers
710 * call these functions to register and unregister, notify the kernel
711 * of state changes, and notify the kernel when a asynchronous request
714 extern int crypto_register_provider(crypto_provider_info_t
*,
715 crypto_kcf_provider_handle_t
*);
716 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t
);
717 extern void crypto_provider_notification(crypto_kcf_provider_handle_t
, uint_t
);
718 extern void crypto_op_notification(crypto_req_handle_t
, int);
719 extern int crypto_kmflag(crypto_req_handle_t
);
726 #endif /* _SYS_CRYPTO_SPI_H */