173 nodev, /* devo_reset */
174 &cbops, /* devo_cb_ops */
175 NULL, /* devo_bus_ops */
176 NULL, /* devo_power */
177 ddi_quiesce_not_needed, /* devo_quiesce */
178 };
179
180 static struct modldrv modldrv = {
181 &mod_driverops,
182 "Pseudo KCF Prov (drv)",
183 &devops
184 };
185
186 static struct modlcrypto modlcrypto = {
187 &mod_cryptoops,
188 "Pseudo KCF Prov (crypto)"
189 };
190
191 static struct modlinkage modlinkage = {
192 MODREV_1,
193 &modldrv,
194 &modlcrypto,
195 NULL
196 };
197
198 /*
199 * CSPI information (entry points, provider info, etc.)
200 */
201
202 typedef enum dprov_mech_type {
203 MD4_MECH_INFO_TYPE, /* SUN_CKM_MD4 */
204
205 MD5_MECH_INFO_TYPE, /* SUN_CKM_MD5 */
206 MD5_HMAC_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC */
207 MD5_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC_GENERAL */
208
209 SHA1_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA1_HMAC */
210 SHA1_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA1_HMAC_GENERAL */
211 SHA1_MECH_INFO_TYPE, /* SUN_CKM_SHA1 */
212
213 SHA256_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC */
214 SHA256_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC_GENERAL */
215 SHA256_MECH_INFO_TYPE, /* SUN_CKM_SHA256 */
1023 };
1024
1025 static int dprov_nostore_key_generate(crypto_provider_handle_t,
1026 crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
1027 uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
1028 static int dprov_nostore_key_generate_pair(crypto_provider_handle_t,
1029 crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
1030 uint_t, crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
1031 uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
1032 static int dprov_nostore_key_derive(crypto_provider_handle_t,
1033 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
1034 crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
1035 uint_t, crypto_req_handle_t);
1036
1037 static crypto_nostore_key_ops_t dprov_nostore_key_ops = {
1038 dprov_nostore_key_generate,
1039 dprov_nostore_key_generate_pair,
1040 dprov_nostore_key_derive
1041 };
1042
1043 static crypto_ops_t dprov_crypto_ops = {
1044 &dprov_control_ops,
1045 &dprov_digest_ops,
1046 &dprov_cipher_ops,
1047 &dprov_mac_ops,
1048 &dprov_sign_ops,
1049 &dprov_verify_ops,
1050 &dprov_dual_ops,
1051 &dprov_cipher_mac_ops,
1052 &dprov_random_number_ops,
1053 &dprov_session_ops,
1054 &dprov_object_ops,
1055 &dprov_key_ops,
1056 &dprov_management_ops,
1057 &dprov_ctx_ops,
1058 &dprov_mech_ops
1059 };
1060
1061
1062 /* maximum SO and user PIN lengths */
1063 #define DPROV_MAX_PIN_LEN 128
1064
1065 /*
1066 * Objects: each session is associated with an array of objects.
1067 * Unlike PKCS#11, the objects cannot be shared between sessions.
1068 * The ioctl driver multiplexes PKCS#11 sessions to providers
1069 * sessions in order to support this semantic. This simplifies
1070 * the CSPI greatly since the provider does not have to associate
1071 * sessions with a user space process.
1072 * There is also a per-instance array of objects, which correspond
1073 * to PKCS#11 token objects. These objects can be shared by multiple
1074 * sesions.
1075 *
1076 * Token objects are identified by having a CKA_TOKEN attribute B_TRUE.
1077 * Private objects are identified by having a CKA_PRIVATE attribute
1078 * set to B_TRUE.
1079 */
1192 * Session management: each instance is associated with an array
1193 * of sessions. KEF providers sessions are always R/W the library and
1194 * the ioctl maintain the PKCS#11 R/W attributes for the session.
1195 */
1196
1197 #define DPROV_MIN_SESSIONS 32 /* # of sessions to start with */
1198
1199 typedef enum dprov_session_state {
1200 DPROV_SESSION_STATE_PUBLIC, /* public (default) */
1201 DPROV_SESSION_STATE_SO, /* SO logged in */
1202 DPROV_SESSION_STATE_USER /* user logged in */
1203 } dprov_session_state_t;
1204
1205 /* session description */
1206 typedef struct dprov_session {
1207 dprov_session_state_t ds_state; /* session state */
1208 dprov_object_t *ds_objects[DPROV_MAX_OBJECTS]; /* session objects */
1209 } dprov_session_t;
1210
1211
1212 static crypto_provider_info_t dprov_prov_info = {
1213 CRYPTO_SPI_VERSION_2,
1214 "Dummy Pseudo HW Provider",
1215 CRYPTO_HW_PROVIDER,
1216 NULL, /* pi_provider_dev */
1217 NULL, /* pi_provider_handle */
1218 &dprov_crypto_ops,
1219 sizeof (dprov_mech_info_tab)/sizeof (crypto_mech_info_t),
1220 dprov_mech_info_tab,
1221 0, /* pi_logical_provider_count */
1222 NULL, /* pi_logical_providers */
1223 0 /* pi_flags */
1224 };
1225
1226 /*
1227 * Per-instance info.
1228 */
1229 typedef struct dprov_state {
1230 kmutex_t ds_lock; /* per-instance lock */
1231 dev_info_t *ds_dip; /* device info */
1232 crypto_kcf_provider_handle_t ds_prov_handle; /* framework handle */
1233 taskq_t *ds_taskq; /* taskq for async behavior */
1234 char ds_user_pin[DPROV_MAX_PIN_LEN]; /* normal user PIN */
1235 uint_t ds_user_pin_len;
1236 char ds_so_pin[DPROV_MAX_PIN_LEN]; /* SO PIN */
1237 uint_t ds_so_pin_len;
1238 dprov_session_t **ds_sessions; /* sessions for this instance */
1239 uint_t ds_sessions_slots; /* number of session slots */
1240 uint_t ds_sessions_count; /* number of open sessions */
1241 boolean_t ds_token_initialized; /* provider initialized? */
1242 boolean_t ds_user_pin_set; /* user pin set? */
1243 char ds_label[CRYPTO_EXT_SIZE_LABEL]; /* "token" label */
1244 dprov_object_t *ds_objects[DPROV_MAX_OBJECTS]; /* "token" objects */
|
173 nodev, /* devo_reset */
174 &cbops, /* devo_cb_ops */
175 NULL, /* devo_bus_ops */
176 NULL, /* devo_power */
177 ddi_quiesce_not_needed, /* devo_quiesce */
178 };
179
180 static struct modldrv modldrv = {
181 &mod_driverops,
182 "Pseudo KCF Prov (drv)",
183 &devops
184 };
185
186 static struct modlcrypto modlcrypto = {
187 &mod_cryptoops,
188 "Pseudo KCF Prov (crypto)"
189 };
190
191 static struct modlinkage modlinkage = {
192 MODREV_1,
193 { &modldrv,
194 &modlcrypto,
195 NULL }
196 };
197
198 /*
199 * CSPI information (entry points, provider info, etc.)
200 */
201
202 typedef enum dprov_mech_type {
203 MD4_MECH_INFO_TYPE, /* SUN_CKM_MD4 */
204
205 MD5_MECH_INFO_TYPE, /* SUN_CKM_MD5 */
206 MD5_HMAC_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC */
207 MD5_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC_GENERAL */
208
209 SHA1_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA1_HMAC */
210 SHA1_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA1_HMAC_GENERAL */
211 SHA1_MECH_INFO_TYPE, /* SUN_CKM_SHA1 */
212
213 SHA256_HMAC_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC */
214 SHA256_HMAC_GEN_MECH_INFO_TYPE, /* SUN_CKM_SHA256_HMAC_GENERAL */
215 SHA256_MECH_INFO_TYPE, /* SUN_CKM_SHA256 */
1023 };
1024
1025 static int dprov_nostore_key_generate(crypto_provider_handle_t,
1026 crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
1027 uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
1028 static int dprov_nostore_key_generate_pair(crypto_provider_handle_t,
1029 crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
1030 uint_t, crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
1031 uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
1032 static int dprov_nostore_key_derive(crypto_provider_handle_t,
1033 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
1034 crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
1035 uint_t, crypto_req_handle_t);
1036
1037 static crypto_nostore_key_ops_t dprov_nostore_key_ops = {
1038 dprov_nostore_key_generate,
1039 dprov_nostore_key_generate_pair,
1040 dprov_nostore_key_derive
1041 };
1042
1043 static crypto_ops_t dprov_crypto_ops = { .cou.cou_v2 = {
1044 { &dprov_control_ops,
1045 &dprov_digest_ops,
1046 &dprov_cipher_ops,
1047 &dprov_mac_ops,
1048 &dprov_sign_ops,
1049 &dprov_verify_ops,
1050 &dprov_dual_ops,
1051 &dprov_cipher_mac_ops,
1052 &dprov_random_number_ops,
1053 &dprov_session_ops,
1054 &dprov_object_ops,
1055 &dprov_key_ops,
1056 &dprov_management_ops,
1057 &dprov_ctx_ops },
1058 &dprov_mech_ops
1059 }};
1060
1061
1062 /* maximum SO and user PIN lengths */
1063 #define DPROV_MAX_PIN_LEN 128
1064
1065 /*
1066 * Objects: each session is associated with an array of objects.
1067 * Unlike PKCS#11, the objects cannot be shared between sessions.
1068 * The ioctl driver multiplexes PKCS#11 sessions to providers
1069 * sessions in order to support this semantic. This simplifies
1070 * the CSPI greatly since the provider does not have to associate
1071 * sessions with a user space process.
1072 * There is also a per-instance array of objects, which correspond
1073 * to PKCS#11 token objects. These objects can be shared by multiple
1074 * sesions.
1075 *
1076 * Token objects are identified by having a CKA_TOKEN attribute B_TRUE.
1077 * Private objects are identified by having a CKA_PRIVATE attribute
1078 * set to B_TRUE.
1079 */
1192 * Session management: each instance is associated with an array
1193 * of sessions. KEF providers sessions are always R/W the library and
1194 * the ioctl maintain the PKCS#11 R/W attributes for the session.
1195 */
1196
1197 #define DPROV_MIN_SESSIONS 32 /* # of sessions to start with */
1198
1199 typedef enum dprov_session_state {
1200 DPROV_SESSION_STATE_PUBLIC, /* public (default) */
1201 DPROV_SESSION_STATE_SO, /* SO logged in */
1202 DPROV_SESSION_STATE_USER /* user logged in */
1203 } dprov_session_state_t;
1204
1205 /* session description */
1206 typedef struct dprov_session {
1207 dprov_session_state_t ds_state; /* session state */
1208 dprov_object_t *ds_objects[DPROV_MAX_OBJECTS]; /* session objects */
1209 } dprov_session_t;
1210
1211
1212 static crypto_provider_info_t dprov_prov_info = {{{
1213 { CRYPTO_SPI_VERSION_2,
1214 "Dummy Pseudo HW Provider",
1215 CRYPTO_HW_PROVIDER,
1216 { NULL }, /* pi_provider_dev */
1217 NULL, /* pi_provider_handle */
1218 &dprov_crypto_ops,
1219 sizeof (dprov_mech_info_tab)/sizeof (crypto_mech_info_t),
1220 dprov_mech_info_tab,
1221 0, /* pi_logical_provider_count */
1222 NULL }, /* pi_logical_providers */
1223 0 /* pi_flags */
1224 }}};
1225
1226 /*
1227 * Per-instance info.
1228 */
1229 typedef struct dprov_state {
1230 kmutex_t ds_lock; /* per-instance lock */
1231 dev_info_t *ds_dip; /* device info */
1232 crypto_kcf_provider_handle_t ds_prov_handle; /* framework handle */
1233 taskq_t *ds_taskq; /* taskq for async behavior */
1234 char ds_user_pin[DPROV_MAX_PIN_LEN]; /* normal user PIN */
1235 uint_t ds_user_pin_len;
1236 char ds_so_pin[DPROV_MAX_PIN_LEN]; /* SO PIN */
1237 uint_t ds_so_pin_len;
1238 dprov_session_t **ds_sessions; /* sessions for this instance */
1239 uint_t ds_sessions_slots; /* number of session slots */
1240 uint_t ds_sessions_count; /* number of open sessions */
1241 boolean_t ds_token_initialized; /* provider initialized? */
1242 boolean_t ds_user_pin_set; /* user pin set? */
1243 char ds_label[CRYPTO_EXT_SIZE_LABEL]; /* "token" label */
1244 dprov_object_t *ds_objects[DPROV_MAX_OBJECTS]; /* "token" objects */
|