summaryrefslogtreecommitdiff
path: root/usr/src/uts/common/crypto/api/kcf_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/uts/common/crypto/api/kcf_verify.c')
-rw-r--r--usr/src/uts/common/crypto/api/kcf_verify.c145
1 files changed, 110 insertions, 35 deletions
diff --git a/usr/src/uts/common/crypto/api/kcf_verify.c b/usr/src/uts/common/crypto/api/kcf_verify.c
index 0ca0f376e0..dee7197df2 100644
--- a/usr/src/uts/common/crypto/api/kcf_verify.c
+++ b/usr/src/uts/common/crypto/api/kcf_verify.c
@@ -20,7 +20,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -29,12 +29,16 @@
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/kmem.h>
+#include <sys/sysmacros.h>
#include <sys/crypto/common.h>
#include <sys/crypto/impl.h>
#include <sys/crypto/api.h>
#include <sys/crypto/spi.h>
#include <sys/crypto/sched_impl.h>
+#define CRYPTO_OPS_OFFSET(f) offsetof(crypto_ops_t, co_##f)
+#define CRYPTO_VERIFY_OFFSET(f) offsetof(crypto_verify_ops_t, f)
+
/*
* Verify entry points.
*/
@@ -43,30 +47,49 @@
* See comments for crypto_digest_init_prov().
*/
int
-crypto_verify_init_prov(kcf_provider_desc_t *pd, crypto_session_id_t sid,
+crypto_verify_init_prov(crypto_provider_t provider, crypto_session_id_t sid,
crypto_mechanism_t *mech, crypto_key_t *key, crypto_ctx_template_t tmpl,
crypto_context_t *ctxp, crypto_call_req_t *crq)
{
- int error;
+ int rv;
crypto_ctx_t *ctx;
kcf_req_params_t params;
+ kcf_provider_desc_t *pd = provider;
+ kcf_provider_desc_t *real_provider = pd;
+
+ ASSERT(KCF_PROV_REFHELD(pd));
+
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
+ rv = kcf_get_hardware_provider(mech->cm_type,
+ CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops),
+ CRYPTO_VERIFY_OFFSET(verify_init),
+ CHECK_RESTRICT(crq), pd, &real_provider);
- /* First, allocate and initialize the canonical context */
- if ((ctx = kcf_new_ctx(crq, pd, sid)) == NULL)
+ if (rv != CRYPTO_SUCCESS)
+ return (rv);
+ }
+
+ /* Allocate and initialize the canonical context */
+ if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) {
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
+ KCF_PROV_REFRELE(real_provider);
return (CRYPTO_HOST_MEMORY);
+ }
KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_INIT, sid, mech,
key, NULL, NULL, tmpl);
+ rv = kcf_submit_request(real_provider, ctx, crq, &params, B_FALSE);
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
+ KCF_PROV_REFRELE(real_provider);
- error = kcf_submit_request(pd, ctx, crq, &params, B_FALSE);
- if ((error == CRYPTO_SUCCESS) || (error == CRYPTO_QUEUED))
+ if ((rv == CRYPTO_SUCCESS) || (rv == CRYPTO_QUEUED))
*ctxp = (crypto_context_t)ctx;
else {
/* Release the hold done in kcf_new_ctx(). */
KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private);
}
- return (error);
+ return (rv);
}
@@ -163,8 +186,8 @@ crypto_verify_update(crypto_context_t context, crypto_data_t *data,
crypto_ctx_t *ctx = (crypto_ctx_t *)context;
kcf_context_t *kcf_ctx;
kcf_provider_desc_t *pd;
- int error;
kcf_req_params_t params;
+ int rv;
if ((ctx == NULL) ||
((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) ||
@@ -172,13 +195,14 @@ crypto_verify_update(crypto_context_t context, crypto_data_t *data,
return (CRYPTO_INVALID_CONTEXT);
}
+ ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
KCF_PROV_REFHOLD(pd);
- KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_UPDATE, 0, NULL,
- NULL, data, NULL, NULL);
- error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
+ KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_UPDATE, ctx->cc_session,
+ NULL, NULL, data, NULL, NULL);
+ rv = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
KCF_PROV_REFRELE(pd);
- return (error);
+ return (rv);
}
/*
@@ -191,8 +215,8 @@ crypto_verify_final(crypto_context_t context, crypto_data_t *signature,
crypto_ctx_t *ctx = (crypto_ctx_t *)context;
kcf_context_t *kcf_ctx;
kcf_provider_desc_t *pd;
- int error;
kcf_req_params_t params;
+ int rv;
if ((ctx == NULL) ||
((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) ||
@@ -200,30 +224,47 @@ crypto_verify_final(crypto_context_t context, crypto_data_t *signature,
return (CRYPTO_INVALID_CONTEXT);
}
+ ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
KCF_PROV_REFHOLD(pd);
- KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_FINAL, 0, NULL,
- NULL, NULL, signature, NULL);
- error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
+ KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_FINAL, ctx->cc_session,
+ NULL, NULL, NULL, signature, NULL);
+ rv = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
KCF_PROV_REFRELE(pd);
/* Release the hold done in kcf_new_ctx() during init step. */
- KCF_CONTEXT_COND_RELEASE(error, kcf_ctx);
- return (error);
+ KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx);
+ return (rv);
}
int
-crypto_verify_prov(kcf_provider_desc_t *pd,
- crypto_session_id_t sid, crypto_mechanism_t *mech, crypto_key_t *key,
- crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature,
+crypto_verify_prov(crypto_provider_t provider, crypto_session_id_t sid,
+ crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *data,
+ crypto_ctx_template_t tmpl, crypto_data_t *signature,
crypto_call_req_t *crq)
{
kcf_req_params_t params;
+ kcf_provider_desc_t *pd = provider;
+ kcf_provider_desc_t *real_provider = pd;
+ int rv;
ASSERT(KCF_PROV_REFHELD(pd));
+
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
+ rv = kcf_get_hardware_provider(mech->cm_type,
+ CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops),
+ CRYPTO_VERIFY_OFFSET(verify_atomic), CHECK_RESTRICT(crq),
+ pd, &real_provider);
+
+ if (rv != CRYPTO_SUCCESS)
+ return (rv);
+ }
KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_ATOMIC, sid, mech,
key, data, signature, tmpl);
+ rv = kcf_submit_request(real_provider, NULL, crq, &params, B_FALSE);
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
+ KCF_PROV_REFRELE(real_provider);
- return (kcf_submit_request(pd, NULL, crq, &params, B_FALSE));
+ return (rv);
}
static int
@@ -318,18 +359,33 @@ crypto_verify(crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *data,
}
int
-crypto_verify_recover_prov(kcf_provider_desc_t *pd,
- crypto_session_id_t sid, crypto_mechanism_t *mech, crypto_key_t *key,
- crypto_data_t *signature, crypto_ctx_template_t tmpl, crypto_data_t *data,
- crypto_call_req_t *crq)
+crypto_verify_recover_prov(crypto_provider_t provider, crypto_session_id_t sid,
+ crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *signature,
+ crypto_ctx_template_t tmpl, crypto_data_t *data, crypto_call_req_t *crq)
{
kcf_req_params_t params;
+ kcf_provider_desc_t *pd = provider;
+ kcf_provider_desc_t *real_provider = pd;
+ int rv;
ASSERT(KCF_PROV_REFHELD(pd));
+
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
+ rv = kcf_get_hardware_provider(mech->cm_type,
+ CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops),
+ CRYPTO_VERIFY_OFFSET(verify_recover_atomic),
+ CHECK_RESTRICT(crq), pd, &real_provider);
+
+ if (rv != CRYPTO_SUCCESS)
+ return (rv);
+ }
KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_VERIFY_RECOVER_ATOMIC,
sid, mech, key, data, signature, tmpl);
+ rv = kcf_submit_request(real_provider, NULL, crq, &params, B_FALSE);
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
+ KCF_PROV_REFRELE(real_provider);
- return (kcf_submit_request(pd, NULL, crq, &params, B_FALSE));
+ return (rv);
}
int
@@ -342,30 +398,49 @@ crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key,
}
int
-crypto_verify_recover_init_prov(kcf_provider_desc_t *pd,
+crypto_verify_recover_init_prov(crypto_provider_t provider,
crypto_session_id_t sid, crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *crq)
{
- int error;
+ int rv;
crypto_ctx_t *ctx;
kcf_req_params_t params;
+ kcf_provider_desc_t *pd = provider;
+ kcf_provider_desc_t *real_provider = pd;
+
+ ASSERT(KCF_PROV_REFHELD(pd));
+
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
+ rv = kcf_get_hardware_provider(mech->cm_type,
+ CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops),
+ CRYPTO_VERIFY_OFFSET(verify_recover_init),
+ CHECK_RESTRICT(crq), pd, &real_provider);
- /* First, allocate and initialize the canonical context */
- if ((ctx = kcf_new_ctx(crq, pd, sid)) == NULL)
+ if (rv != CRYPTO_SUCCESS)
+ return (rv);
+ }
+
+ /* Allocate and initialize the canonical context */
+ if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) {
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
+ KCF_PROV_REFRELE(real_provider);
return (CRYPTO_HOST_MEMORY);
+ }
KCF_WRAP_VERIFY_OPS_PARAMS(&params, KCF_OP_VERIFY_RECOVER_INIT,
sid, mech, key, NULL, NULL, tmpl);
+ rv = kcf_submit_request(real_provider, ctx, crq, &params, B_FALSE);
+ if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
+ KCF_PROV_REFRELE(real_provider);
- error = kcf_submit_request(pd, ctx, crq, &params, B_FALSE);
- if ((error == CRYPTO_SUCCESS) || (error == CRYPTO_QUEUED))
+ if ((rv == CRYPTO_SUCCESS) || (rv == CRYPTO_QUEUED))
*ctxp = (crypto_context_t)ctx;
else {
/* Release the hold done in kcf_new_ctx(). */
KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private);
}
- return (error);
+ return (rv);
}
int
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-31 03:18:48 +0000