summaryrefslogtreecommitdiff
path: root/usr/src/uts/common/sys
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/uts/common/sys')
-rw-r--r--usr/src/uts/common/sys/crypto/api.h140
-rw-r--r--usr/src/uts/common/sys/crypto/common.h3
-rw-r--r--usr/src/uts/common/sys/crypto/impl.h166
-rw-r--r--usr/src/uts/common/sys/crypto/sched_impl.h9
-rw-r--r--usr/src/uts/common/sys/crypto/spi.h96
5 files changed, 260 insertions, 154 deletions
diff --git a/usr/src/uts/common/sys/crypto/api.h b/usr/src/uts/common/sys/crypto/api.h
index 7d95f45ed9..f73d5ad992 100644
--- a/usr/src/uts/common/sys/crypto/api.h
+++ b/usr/src/uts/common/sys/crypto/api.h
@@ -20,7 +20,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -78,8 +78,13 @@ extern void crypto_destroy_ctx_template(crypto_ctx_template_t tmpl);
*/
extern int crypto_digest(crypto_mechanism_t *mech, crypto_data_t *data,
crypto_data_t *digest, crypto_call_req_t *cr);
+extern int crypto_digest_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
+ crypto_call_req_t *);
extern int crypto_digest_init(crypto_mechanism_t *mech, crypto_context_t *ctxp,
crypto_call_req_t *cr);
+extern int crypto_digest_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_context_t *, crypto_call_req_t *);
extern int crypto_digest_update(crypto_context_t ctx, crypto_data_t *data,
crypto_call_req_t *cr);
extern int crypto_digest_final(crypto_context_t ctx, crypto_data_t *digest,
@@ -91,11 +96,20 @@ extern int crypto_digest_final(crypto_context_t ctx, crypto_data_t *digest,
extern int crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac,
crypto_call_req_t *cr);
+extern int crypto_mac_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
extern int crypto_mac_verify(crypto_mechanism_t *mech, crypto_data_t *data,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac,
crypto_call_req_t *cr);
+extern int crypto_mac_verify_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
extern int crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
+extern int crypto_mac_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
+ crypto_context_t *, crypto_call_req_t *);
extern int crypto_mac_update(crypto_context_t ctx, crypto_data_t *data,
crypto_call_req_t *cr);
extern int crypto_mac_final(crypto_context_t ctx, crypto_data_t *data,
@@ -107,15 +121,27 @@ extern int crypto_mac_final(crypto_context_t ctx, crypto_data_t *data,
extern int crypto_sign(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_data_t *data, crypto_ctx_template_t tmpl,
crypto_data_t *signature, crypto_call_req_t *cr);
+extern int crypto_sign_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
extern int crypto_sign_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
+extern int crypto_sign_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
+ crypto_context_t *, crypto_call_req_t *);
extern int crypto_sign_update(crypto_context_t ctx, crypto_data_t *data,
crypto_call_req_t *cr);
extern int crypto_sign_final(crypto_context_t ctx, crypto_data_t *signature,
crypto_call_req_t *cr);
+extern int crypto_sign_recover_init_prov(crypto_provider_t,
+ crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
+ crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *);
extern int crypto_sign_recover(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature,
crypto_call_req_t *cr);
+extern int crypto_sign_recover_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
/*
* Single and multi-part verify with public key operations.
@@ -123,15 +149,27 @@ extern int crypto_sign_recover(crypto_mechanism_t *mech, crypto_key_t *key,
extern int crypto_verify(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature,
crypto_call_req_t *cr);
+extern int crypto_verify_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
extern int crypto_verify_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
+extern int crypto_verify_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
+ crypto_context_t *, crypto_call_req_t *);
extern int crypto_verify_update(crypto_context_t ctx, crypto_data_t *data,
crypto_call_req_t *cr);
extern int crypto_verify_final(crypto_context_t ctx, crypto_data_t *signature,
crypto_call_req_t *cr);
+extern int crypto_verify_recover_init_prov(crypto_provider_t,
+ crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
+ crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *);
extern int crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_data_t *signature, crypto_ctx_template_t tmpl, crypto_data_t *data,
crypto_call_req_t *cr);
+extern int crypto_verify_recover_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
/*
* Single and multi-part encryption operations.
@@ -139,8 +177,14 @@ extern int crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key,
extern int crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext,
crypto_call_req_t *cr);
+extern int crypto_encrypt_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
extern int crypto_encrypt_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
+extern int crypto_encrypt_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
+ crypto_context_t *, crypto_call_req_t *);
extern int crypto_encrypt_update(crypto_context_t ctx,
crypto_data_t *plaintext, crypto_data_t *ciphertext,
crypto_call_req_t *cr);
@@ -153,9 +197,15 @@ extern int crypto_encrypt_final(crypto_context_t ctx,
extern int crypto_decrypt(crypto_mechanism_t *mech, crypto_data_t *ciphertext,
crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext,
crypto_call_req_t *cr);
+extern int crypto_decrypt_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
+ crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
extern int crypto_decrypt_init(crypto_mechanism_t *mech, crypto_key_t *key,
crypto_ctx_template_t tmpl, crypto_context_t *ctxp,
crypto_call_req_t *cr);
+extern int crypto_decrypt_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
+ crypto_context_t *, crypto_call_req_t *);
extern int crypto_decrypt_update(crypto_context_t ctx,
crypto_data_t *ciphertext, crypto_data_t *plaintext,
crypto_call_req_t *cr);
@@ -170,11 +220,20 @@ extern int crypto_encrypt_mac(crypto_mechanism_t *encr_mech,
crypto_key_t *encr_key, crypto_key_t *mac_key,
crypto_ctx_template_t encr_tmpl, crypto_ctx_template_t mac_tmpl,
crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *cr);
+extern int crypto_encrypt_mac_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_mechanism_t *, crypto_data_t *,
+ crypto_key_t *, crypto_key_t *, crypto_ctx_template_t,
+ crypto_ctx_template_t, crypto_dual_data_t *, crypto_data_t *,
+ crypto_call_req_t *);
extern int crypto_encrypt_mac_init(crypto_mechanism_t *encr_mech,
crypto_mechanism_t *mac_mech, crypto_key_t *encr_key,
crypto_key_t *mac_key, crypto_ctx_template_t encr_tmpl,
crypto_ctx_template_t mac_tmpl, crypto_context_t *ctxp,
crypto_call_req_t *cr);
+extern int crypto_encrypt_mac_init_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_mechanism_t *, crypto_key_t *, crypto_key_t *,
+ crypto_ctx_template_t, crypto_ctx_template_t, crypto_context_t *,
+ crypto_call_req_t *);
extern int crypto_encrypt_mac_update(crypto_context_t ctx,
crypto_data_t *pt, crypto_dual_data_t *ct, crypto_call_req_t *cr);
extern int crypto_encrypt_mac_final(crypto_context_t ctx,
@@ -188,21 +247,95 @@ extern int crypto_mac_decrypt(crypto_mechanism_t *mac_mech,
crypto_key_t *mac_key, crypto_key_t *decr_key,
crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
+extern int crypto_mac_decrypt_prov(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *mac_mech, crypto_mechanism_t *decr_mech,
+ crypto_dual_data_t *ct, crypto_key_t *mac_key, crypto_key_t *decr_key,
+ crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
+ crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
extern int crypto_mac_verify_decrypt(crypto_mechanism_t *mac_mech,
crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
crypto_key_t *mac_key, crypto_key_t *decr_key,
crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
+extern int crypto_mac_verify_decrypt_prov(crypto_provider_t,
+ crypto_session_id_t, crypto_mechanism_t *mac_mech,
+ crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
+ crypto_key_t *mac_key, crypto_key_t *decr_key,
+ crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
+ crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
extern int crypto_mac_decrypt_init(crypto_mechanism_t *mac_mech,
crypto_mechanism_t *decr_mech, crypto_key_t *mac_key,
crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl,
crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp,
crypto_call_req_t *cr);
+extern int crypto_mac_decrypt_init_prov(crypto_provider_t,
+ crypto_session_id_t, crypto_mechanism_t *mac_mech,
+ crypto_mechanism_t *decr_mech, crypto_key_t *mac_key,
+ crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl,
+ crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp,
+ crypto_call_req_t *cr);
extern int crypto_mac_decrypt_update(crypto_context_t ctx,
crypto_dual_data_t *ct, crypto_data_t *pt, crypto_call_req_t *cr);
extern int crypto_mac_decrypt_final(crypto_context_t ctx, crypto_data_t *mac,
crypto_data_t *pt, crypto_call_req_t *cr);
+/* Session Management */
+extern int crypto_session_open(crypto_provider_t, crypto_session_id_t *,
+ crypto_call_req_t *);
+extern int crypto_session_close(crypto_provider_t, crypto_session_id_t,
+ crypto_call_req_t *);
+extern int crypto_session_login(crypto_provider_t, crypto_session_id_t,
+ crypto_user_type_t, char *, size_t, crypto_call_req_t *);
+extern int crypto_session_logout(crypto_provider_t, crypto_session_id_t,
+ crypto_call_req_t *);
+
+/* Object Management */
+extern int crypto_object_copy(crypto_provider_t, crypto_session_id_t,
+ crypto_object_id_t, crypto_object_attribute_t *, uint_t,
+ crypto_object_id_t *, crypto_call_req_t *);
+extern int crypto_object_create(crypto_provider_t, crypto_session_id_t,
+ crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
+ crypto_call_req_t *);
+extern int crypto_object_destroy(crypto_provider_t, crypto_session_id_t,
+ crypto_object_id_t, crypto_call_req_t *);
+extern int crypto_object_get_attribute_value(crypto_provider_t,
+ crypto_session_id_t, crypto_object_id_t, crypto_object_attribute_t *,
+ uint_t, crypto_call_req_t *);
+extern int crypto_object_get_size(crypto_provider_t, crypto_session_id_t,
+ crypto_object_id_t, size_t *, crypto_call_req_t *);
+extern int crypto_object_find_final(crypto_provider_t, void *,
+ crypto_call_req_t *);
+extern int crypto_object_find_init(crypto_provider_t, crypto_session_id_t,
+ crypto_object_attribute_t *, uint_t, void **, crypto_call_req_t *);
+extern int crypto_object_find(crypto_provider_t, void *, crypto_object_id_t *,
+ uint_t *, uint_t, crypto_call_req_t *);
+extern int crypto_object_set_attribute_value(crypto_provider_t,
+ crypto_session_id_t, crypto_object_id_t, crypto_object_attribute_t *,
+ uint_t, crypto_call_req_t *);
+
+/* Key Management */
+extern int crypto_key_derive(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
+ uint_t, crypto_object_id_t *, crypto_call_req_t *);
+extern int crypto_key_generate(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
+ crypto_object_id_t *, crypto_call_req_t *);
+extern int crypto_key_generate_pair(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
+ crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
+ crypto_object_id_t *, crypto_call_req_t *);
+extern int crypto_key_unwrap(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *,
+ crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
+ crypto_call_req_t *);
+extern int crypto_key_wrap(crypto_provider_t, crypto_session_id_t,
+ crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, uchar_t *,
+ size_t *, crypto_call_req_t *);
+extern int crypto_key_check_prov(crypto_provider_t, crypto_mechanism_t *mech,
+ crypto_key_t *key);
+extern int crypto_key_check(crypto_mechanism_t *mech, crypto_key_t *key);
+
+
/*
* Routines to cancel a single asynchronous request or all asynchronous
* requests associated with a particular context.
@@ -218,6 +351,9 @@ extern crypto_mech_name_t *crypto_get_mech_list(uint_t *count, int kmflag);
extern void crypto_free_mech_list(crypto_mech_name_t *mech_names,
uint_t count);
+extern crypto_provider_t crypto_get_provider(char *, char *, char *);
+extern void crypto_release_provider(crypto_provider_t);
+
/*
* A kernel consumer can request to be notified when some particular event
* occurs. The valid events, callback function type, and functions to
@@ -253,8 +389,6 @@ extern int crypto_bufcall_free(crypto_bc_t bc);
extern int crypto_bufcall(crypto_bc_t bc, void (*func)(void *arg), void *arg);
extern int crypto_unbufcall(crypto_bc_t bc);
-extern int crypto_key_check(crypto_mechanism_t *mech, crypto_key_t *key);
-
/*
* To obtain the list of key size ranges supported by a mechanism.
*/
diff --git a/usr/src/uts/common/sys/crypto/common.h b/usr/src/uts/common/sys/crypto/common.h
index c6ba225697..142f6b7b80 100644
--- a/usr/src/uts/common/sys/crypto/common.h
+++ b/usr/src/uts/common/sys/crypto/common.h
@@ -91,6 +91,7 @@ typedef uint32_t crypto_keysize_unit_t;
#define SUN_CKM_BLOWFISH_ECB "CKM_BLOWFISH_ECB"
#define SUN_CKM_AES_CBC "CKM_AES_CBC"
#define SUN_CKM_AES_ECB "CKM_AES_ECB"
+#define SUN_CKM_AES_CTR "CKM_AES_CTR"
#define SUN_CKM_RC4 "CKM_RC4"
#define SUN_CKM_RSA_PKCS "CKM_RSA_PKCS"
#define SUN_CKM_RSA_X_509 "CKM_RSA_X_509"
@@ -249,6 +250,8 @@ typedef struct crypto_version {
/* session data structure opaque to the consumer */
typedef void *crypto_session_t;
+typedef void *crypto_provider_t;
+
typedef uint_t crypto_session_id_t;
/*
diff --git a/usr/src/uts/common/sys/crypto/impl.h b/usr/src/uts/common/sys/crypto/impl.h
index 26e4900d45..b240dc0a5a 100644
--- a/usr/src/uts/common/sys/crypto/impl.h
+++ b/usr/src/uts/common/sys/crypto/impl.h
@@ -220,6 +220,7 @@ typedef struct kcf_provider_desc {
kcondvar_t pd_remove_cv;
boolean_t pd_restricted;
struct kcf_provider_list *pd_provider_list;
+ uint_t pd_flags;
} kcf_provider_desc_t;
/* useful for making a list of providers */
@@ -503,21 +504,22 @@ extern rctl_hndl_t rc_project_crypto_mem;
* of type kcf_prov_desc_t.
*/
-#define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->control_ops)
-#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->ctx_ops)
-#define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->digest_ops)
-#define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->cipher_ops)
-#define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->mac_ops)
-#define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->sign_ops)
-#define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->verify_ops)
-#define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->dual_ops)
+#define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops)
+#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops)
+#define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops)
+#define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops)
+#define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops)
+#define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops)
+#define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops)
+#define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops)
#define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \
- ((pd)->pd_ops_vector->dual_cipher_mac_ops)
-#define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->random_ops)
-#define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->session_ops)
-#define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->object_ops)
-#define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->key_ops)
-#define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->provider_ops)
+ ((pd)->pd_ops_vector->co_dual_cipher_mac_ops)
+#define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops)
+#define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops)
+#define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops)
+#define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops)
+#define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
+#define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops)
/*
* Wrappers for crypto_control_ops(9S) entry points.
@@ -544,6 +546,23 @@ extern rctl_hndl_t rc_project_crypto_mem;
(KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \
KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED)
+#define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \
+ (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \
+ KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \
+ (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \
+ CRYPTO_NOT_SUPPORTED)
+
+#define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \
+ (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \
+ KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \
+ (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \
+ CRYPTO_NOT_SUPPORTED)
+
+#define KCF_PROV_FREE_MECH(pd, prov_mech) ( \
+ (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \
+ KCF_PROV_MECH_OPS(pd)->free_mechanism( \
+ (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED)
+
/*
* Wrappers for crypto_digest_ops(9S) entry points.
*/
@@ -1125,41 +1144,15 @@ extern rctl_hndl_t rc_project_crypto_mem;
*/
/* Digest/mac/cipher entry points that take a provider descriptor and session */
-extern int crypto_digest_prov(crypto_mechanism_t *, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *, kcf_provider_desc_t *,
- crypto_session_id_t);
-extern int crypto_digest_init_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_context_t *, crypto_call_req_t *);
extern int crypto_digest_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_mac_prov(crypto_mechanism_t *, crypto_data_t *,
- crypto_key_t *, crypto_ctx_template_t, crypto_data_t *,
- crypto_call_req_t *, kcf_provider_desc_t *, crypto_session_id_t);
-extern int crypto_mac_verify_prov(crypto_mechanism_t *, crypto_data_t *,
- crypto_key_t *, crypto_ctx_template_t, crypto_data_t *,
- crypto_call_req_t *, kcf_provider_desc_t *, crypto_session_id_t);
-extern int crypto_mac_init_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
- crypto_context_t *, crypto_call_req_t *);
extern int crypto_mac_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_encrypt_prov(crypto_mechanism_t *, crypto_data_t *,
- crypto_key_t *, crypto_ctx_template_t, crypto_data_t *,
- crypto_call_req_t *, kcf_provider_desc_t *, crypto_session_id_t);
-extern int crypto_encrypt_init_prov(kcf_provider_desc_t *,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_ctx_template_t, crypto_context_t *, crypto_call_req_t *);
extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_decrypt_prov(crypto_mechanism_t *, crypto_data_t *,
- crypto_key_t *, crypto_ctx_template_t, crypto_data_t *,
- crypto_call_req_t *, kcf_provider_desc_t *, crypto_session_id_t);
-extern int crypto_decrypt_init_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
- crypto_context_t *, crypto_call_req_t *);
extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
@@ -1169,44 +1162,18 @@ extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *,
crypto_call_req_t *);
/* Private sign entry points exported by KCF */
-extern int crypto_sign_init_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
- crypto_context_t *, crypto_call_req_t *);
extern int crypto_sign_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_sign_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
- crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
-extern int crypto_sign_recover_init_prov(kcf_provider_desc_t *,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *);
extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_sign_recover_prov(kcf_provider_desc_t *,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_data_t *, crypto_ctx_template_t, crypto_data_t *,
- crypto_call_req_t *);
/* Private verify entry points exported by KCF */
-extern int crypto_verify_init_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
- crypto_context_t *, crypto_call_req_t *);
extern int crypto_verify_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_verify_prov(kcf_provider_desc_t *, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
- crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
-extern int crypto_verify_recover_init_prov(kcf_provider_desc_t *,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *);
extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *,
crypto_data_t *, crypto_call_req_t *);
-extern int crypto_verify_recover_prov(kcf_provider_desc_t *,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_data_t *, crypto_ctx_template_t, crypto_data_t *,
- crypto_call_req_t *);
/* Private dual operations entry points exported by KCF */
extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t,
@@ -1224,72 +1191,6 @@ int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf,
int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf,
size_t len, crypto_call_req_t *req);
-/* Session Management */
-int crypto_session_open(crypto_provider_handle_t provider,
- crypto_session_id_t *session_id, crypto_call_req_t *req);
-int crypto_session_close(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_call_req_t *req);
-int crypto_session_login(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_user_type_t user_type, char *pin,
- size_t pin_len, crypto_call_req_t *req);
-int crypto_session_logout(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_call_req_t *req);
-
-/* Object Management */
-int crypto_object_create(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_attribute_t *template,
- uint_t attribute_count, crypto_object_id_t *object_handle,
- crypto_call_req_t *req);
-int crypto_object_copy(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_id_t object_handle,
- crypto_object_attribute_t *template, uint_t attribute_count,
- crypto_object_id_t *new_object_handle, crypto_call_req_t *req);
-int crypto_object_destroy(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_id_t object_handle,
- crypto_call_req_t *req);
-int crypto_object_get_size(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_id_t object_handle,
- size_t *size, crypto_call_req_t *req);
-int crypto_object_get_attribute_value(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_id_t object_handle,
- crypto_object_attribute_t *template, uint_t attribute_count,
- crypto_call_req_t *req);
-int crypto_object_set_attribute_value(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_id_t object_handle,
- crypto_object_attribute_t *template, uint_t count, crypto_call_req_t *req);
-int crypto_object_find_init(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_object_attribute_t *template,
- uint_t attribute_count, void **provider_private, crypto_call_req_t *req);
-int crypto_object_find(crypto_provider_handle_t provider,
- void *provider_private, crypto_object_id_t *objects,
- uint_t max_object_count, uint_t *object_count, crypto_call_req_t *req);
-int crypto_object_find_final(crypto_provider_handle_t provider,
- void *provider_private, crypto_call_req_t *req);
-
-/* Key Generation */
-int crypto_generate_key(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_mechanism_t *mech,
- crypto_object_attribute_t *key_attributes, uint_t attributes_count,
- crypto_object_id_t *key_handle, crypto_call_req_t *req);
-int crypto_generate_key_pair(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_mechanism_t *mech,
- crypto_object_attribute_t *public_attributes, uint_t public_count,
- crypto_object_attribute_t *private_attributes, uint_t private_count,
- crypto_object_id_t *public_handle, crypto_object_id_t *private_handle,
- crypto_call_req_t *req);
-int crypto_wrap_key(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_mechanism_t *mech,
- crypto_key_t *wrapping_key, crypto_object_id_t *key_handle,
- uchar_t *wrapped_key, size_t wrapped_key_len, crypto_call_req_t *req);
-int crypto_unwrap_key(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_mechanism_t *mech, crypto_key_t *key,
- uchar_t *wrapped_key, size_t wrapped_key_len,
- crypto_object_id_t *key_handle, crypto_call_req_t *req);
-int crypto_derive_key(crypto_provider_handle_t provider,
- crypto_session_id_t session_id, crypto_mechanism_t *mech, crypto_key_t *key,
- crypto_object_attribute_t *attributes, uint_t attribute_count,
- crypto_object_id_t *object_handle, crypto_call_req_t *req);
-
/* Provider Management */
int crypto_get_provider_info(crypto_provider_id_t id,
crypto_provider_info_t **info, crypto_call_req_t *req);
@@ -1380,6 +1281,7 @@ extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *,
uint_t *, crypto_mech_name_t **);
extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t,
crypto_mech_name_t *, uint_t *, crypto_mech_name_t **);
+extern boolean_t in_soft_config_list(char *);
#endif /* _KERNEL */
diff --git a/usr/src/uts/common/sys/crypto/sched_impl.h b/usr/src/uts/common/sys/crypto/sched_impl.h
index b4a83ebe50..ebd40bedd5 100644
--- a/usr/src/uts/common/sys/crypto/sched_impl.h
+++ b/usr/src/uts/common/sys/crypto/sched_impl.h
@@ -65,6 +65,8 @@ typedef enum kcf_call_type {
#define CHECK_RESTRICT(crq) (crq != NULL && \
((crq)->cr_flag & CRYPTO_RESTRICTED))
+#define CHECK_RESTRICT_FALSE B_FALSE
+
#define CHECK_FASTPATH(crq, pd) ((crq) == NULL || \
!((crq)->cr_flag & CRYPTO_ALWAYS_QUEUE)) && \
(pd)->pd_prov_type == CRYPTO_SW_PROVIDER
@@ -484,10 +486,11 @@ extern kcondvar_t ntfy_list_cv;
boolean_t kcf_get_next_logical_provider_member(kcf_provider_desc_t *,
kcf_provider_desc_t *, kcf_provider_desc_t **);
-extern int kcf_get_hardware_provider(crypto_mech_type_t, offset_t, offset_t,
- kcf_provider_desc_t *, kcf_provider_desc_t **);
+extern int kcf_get_hardware_provider(crypto_mech_type_t, crypto_mech_type_t,
+ offset_t, offset_t, boolean_t, kcf_provider_desc_t *,
+ kcf_provider_desc_t **);
extern int kcf_get_hardware_provider_nomech(offset_t, offset_t,
- kcf_provider_desc_t *, kcf_provider_desc_t **);
+ boolean_t, kcf_provider_desc_t *, kcf_provider_desc_t **);
extern void kcf_free_triedlist(kcf_prov_tried_t *);
extern kcf_prov_tried_t *kcf_insert_triedlist(kcf_prov_tried_t **,
kcf_provider_desc_t *, int);
diff --git a/usr/src/uts/common/sys/crypto/spi.h b/usr/src/uts/common/sys/crypto/spi.h
index 2d40ada66f..e06f260d02 100644
--- a/usr/src/uts/common/sys/crypto/spi.h
+++ b/usr/src/uts/common/sys/crypto/spi.h
@@ -20,7 +20,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -46,6 +46,7 @@ extern "C" {
#ifdef _KERNEL
#define CRYPTO_SPI_VERSION_1 1
+#define CRYPTO_SPI_VERSION_2 2
/*
* Provider-private handle. This handle is specified by a provider
@@ -484,6 +485,14 @@ typedef struct crypto_provider_management_ops {
char *, size_t, char *, size_t, crypto_req_handle_t);
} crypto_provider_management_ops_t;
+typedef struct crypto_mech_ops {
+ int (*copyin_mechanism)(crypto_provider_handle_t,
+ crypto_mechanism_t *, crypto_mechanism_t *, int *, int);
+ int (*copyout_mechanism)(crypto_provider_handle_t,
+ crypto_mechanism_t *, crypto_mechanism_t *, int *, int);
+ int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *);
+} crypto_mech_ops_t;
+
/*
* The crypto_ops(9S) structure contains the structures containing
* the pointers to functions implemented by cryptographic providers.
@@ -491,23 +500,51 @@ typedef struct crypto_provider_management_ops {
* supplied by a provider when it registers with the kernel
* by calling crypto_register_provider(9F).
*/
+typedef struct crypto_ops_v1 {
+ crypto_control_ops_t *co_control_ops;
+ crypto_digest_ops_t *co_digest_ops;
+ crypto_cipher_ops_t *co_cipher_ops;
+ crypto_mac_ops_t *co_mac_ops;
+ crypto_sign_ops_t *co_sign_ops;
+ crypto_verify_ops_t *co_verify_ops;
+ crypto_dual_ops_t *co_dual_ops;
+ crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops;
+ crypto_random_number_ops_t *co_random_ops;
+ crypto_session_ops_t *co_session_ops;
+ crypto_object_ops_t *co_object_ops;
+ crypto_key_ops_t *co_key_ops;
+ crypto_provider_management_ops_t *co_provider_ops;
+ crypto_ctx_ops_t *co_ctx_ops;
+} crypto_ops_v1_t;
+
+typedef struct crypto_ops_v2 {
+ crypto_ops_v1_t v1_ops;
+ crypto_mech_ops_t *co_mech_ops;
+} crypto_ops_v2_t;
+
typedef struct crypto_ops {
- crypto_control_ops_t *control_ops;
- crypto_digest_ops_t *digest_ops;
- crypto_cipher_ops_t *cipher_ops;
- crypto_mac_ops_t *mac_ops;
- crypto_sign_ops_t *sign_ops;
- crypto_verify_ops_t *verify_ops;
- crypto_dual_ops_t *dual_ops;
- crypto_dual_cipher_mac_ops_t *dual_cipher_mac_ops;
- crypto_random_number_ops_t *random_ops;
- crypto_session_ops_t *session_ops;
- crypto_object_ops_t *object_ops;
- crypto_key_ops_t *key_ops;
- crypto_provider_management_ops_t *provider_ops;
- crypto_ctx_ops_t *ctx_ops;
+ union {
+ crypto_ops_v2_t cou_v2;
+ crypto_ops_v1_t cou_v1;
+ } cou;
} crypto_ops_t;
+#define co_control_ops cou.cou_v1.co_control_ops
+#define co_digest_ops cou.cou_v1.co_digest_ops
+#define co_cipher_ops cou.cou_v1.co_cipher_ops
+#define co_mac_ops cou.cou_v1.co_mac_ops
+#define co_sign_ops cou.cou_v1.co_sign_ops
+#define co_verify_ops cou.cou_v1.co_verify_ops
+#define co_dual_ops cou.cou_v1.co_dual_ops
+#define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops
+#define co_random_ops cou.cou_v1.co_random_ops
+#define co_session_ops cou.cou_v1.co_session_ops
+#define co_object_ops cou.cou_v1.co_object_ops
+#define co_key_ops cou.cou_v1.co_key_ops
+#define co_provider_ops cou.cou_v1.co_provider_ops
+#define co_ctx_ops cou.cou_v1.co_ctx_ops
+#define co_mech_ops cou.cou_v2.co_mech_ops
+
/*
* Provider device specification passed during registration.
*
@@ -622,7 +659,7 @@ typedef uint_t crypto_kcf_provider_handle_t;
* register for the same device instance. In this case, the same
* pi_provider_dev must be specified with a different pi_provider_handle.
*/
-typedef struct crypto_provider_info {
+typedef struct crypto_provider_info_v1 {
uint_t pi_interface_version;
char *pi_provider_description;
crypto_provider_type_t pi_provider_type;
@@ -633,8 +670,35 @@ typedef struct crypto_provider_info {
crypto_mech_info_t *pi_mechanisms;
uint_t pi_logical_provider_count;
crypto_kcf_provider_handle_t *pi_logical_providers;
+} crypto_provider_info_v1_t;
+
+typedef struct crypto_provider_info_v2 {
+ crypto_provider_info_v1_t v1_info;
+ uint_t pi_flags;
+} crypto_provider_info_v2_t;
+
+typedef struct crypto_provider_info {
+ union {
+ crypto_provider_info_v2_t piu_v2;
+ crypto_provider_info_v1_t piu_v1;
+ } piu;
} crypto_provider_info_t;
+#define pi_interface_version piu.piu_v1.pi_interface_version
+#define pi_provider_description piu.piu_v1.pi_provider_description
+#define pi_provider_type piu.piu_v1.pi_provider_type
+#define pi_provider_dev piu.piu_v1.pi_provider_dev
+#define pi_provider_handle piu.piu_v1.pi_provider_handle
+#define pi_ops_vector piu.piu_v1.pi_ops_vector
+#define pi_mech_list_count piu.piu_v1.pi_mech_list_count
+#define pi_mechanisms piu.piu_v1.pi_mechanisms
+#define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count
+#define pi_logical_providers piu.piu_v1.pi_logical_providers
+#define pi_flags piu.piu_v2.pi_flags
+
+/* hidden providers can only be accessed via a logical provider */
+#define CRYPTO_HIDE_PROVIDER 1
+
/*
* Provider status passed by a provider to crypto_provider_notification(9F)
* and returned by the provider_stauts(9E) entry point.
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-28 02:21:28 +0000