1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2015 by Saso Kiselkov. All rights reserved.
24 */
25
26 #ifndef _SYS_CRYPTO_IMPL_H
27 #define _SYS_CRYPTO_IMPL_H
28
29 /*
30 * Kernel Cryptographic Framework private implementation definitions.
31 */
32
33 #include <sys/types.h>
34 #include <sys/param.h>
35
36 #ifdef _KERNEL
37 #include <sys/crypto/common.h>
38 #include <sys/crypto/api.h>
39 #include <sys/crypto/spi.h>
40 #include <sys/crypto/ioctl.h>
41 #include <sys/tnf_probe.h>
42 #include <sys/atomic.h>
43 #include <sys/project.h>
44 #include <sys/taskq.h>
45 #include <sys/rctl.h>
46 #include <sys/cpuvar.h>
47 #endif /* _KERNEL */
48
49 #ifdef __cplusplus
50 extern "C" {
51 #endif
52
53 #ifdef _KERNEL
54
55 /*
56 * Prefixes convention: structures internal to the kernel cryptographic
57 * framework start with 'kcf_'. Exposed structure start with 'crypto_'.
58 */
59
60 /* Provider stats. Not protected. */
61 typedef struct kcf_prov_stats {
62 kstat_named_t ps_ops_total;
63 kstat_named_t ps_ops_passed;
64 kstat_named_t ps_ops_failed;
65 kstat_named_t ps_ops_busy_rval;
66 } kcf_prov_stats_t;
67
68 /* Various kcf stats. Not protected. */
69 typedef struct kcf_stats {
70 kstat_named_t ks_thrs_in_pool;
71 kstat_named_t ks_idle_thrs;
72 kstat_named_t ks_minthrs;
73 kstat_named_t ks_maxthrs;
74 kstat_named_t ks_swq_njobs;
75 kstat_named_t ks_swq_maxjobs;
76 kstat_named_t ks_taskq_threads;
77 kstat_named_t ks_taskq_minalloc;
78 kstat_named_t ks_taskq_maxalloc;
79 } kcf_stats_t;
80
81 #define CPU_SEQID (CPU->cpu_seqid)
82
83 typedef struct kcf_lock_withpad {
84 kmutex_t kl_lock;
85 uint8_t kl_pad[64 - sizeof (kmutex_t)];
86 } kcf_lock_withpad_t;
87
88 /*
89 * Per-CPU structure used by a provider to keep track of
90 * various counters.
91 */
92 typedef struct kcf_prov_cpu {
93 kmutex_t kp_lock;
94 int kp_holdcnt; /* can go negative! */
95 uint_t kp_jobcnt;
96
97 uint64_t kp_ndispatches;
98 uint64_t kp_nfails;
99 uint64_t kp_nbusy_rval;
100 kcondvar_t kp_cv;
101
102 uint8_t kp_pad[64 - sizeof (kmutex_t) - 2 * sizeof (int) -
103 3 * sizeof (uint64_t) - sizeof (kcondvar_t)];
104 } kcf_prov_cpu_t;
105
106 /*
107 * kcf_get_refcnt(pd) is the number of inflight requests to the
108 * provider. So, it is a good measure of the load on a provider when
109 * it is not in a busy state. Once a provider notifies it is busy, requests
110 * backup in the taskq. So, we use tq_nalloc in that case which gives
111 * the number of task entries in the task queue. Note that we do not
112 * acquire any locks here as it is not critical to get the exact number
113 * and the lock contention is too costly for this code path.
114 */
115 #define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \
116 kcf_get_refcnt(pd, B_FALSE) : (pd)->pd_taskq->tq_nalloc)
117
118
119 /*
120 * The following two macros should be
121 * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2)
122 * #define KCF_MAXMECHTAB KCF_MAXCIPHER
123 *
124 * However, doing that would involve reorganizing the header file a bit.
125 * When impl.h is broken up (bug# 4703218), this will be done. For now,
126 * we hardcode these values.
127 */
128 #define KCF_OPS_CLASSSIZE 8
129 #define KCF_MAXMECHTAB 32
130
131 /*
132 * Valid values for the state of a provider. The order of
133 * the elements is important.
134 *
135 * Routines which get a provider or the list of providers
136 * should pick only those that are either in KCF_PROV_READY state
137 * or in KCF_PROV_BUSY state.
138 */
139 typedef enum {
140 KCF_PROV_ALLOCATED = 1,
141 KCF_PROV_UNVERIFIED,
142 KCF_PROV_UNVERIFIED_FIPS140,
143 KCF_PROV_VERIFICATION_FAILED,
144 /*
145 * state < KCF_PROV_READY means the provider can not
146 * be used at all.
147 */
148 KCF_PROV_READY,
149 KCF_PROV_BUSY,
150 /*
151 * state > KCF_PROV_BUSY means the provider can not
152 * be used for new requests.
153 */
154 KCF_PROV_FAILED,
155 /*
156 * Threads setting the following two states should do so only
157 * if the current state < KCF_PROV_DISABLED.
158 */
159 KCF_PROV_DISABLED,
160 KCF_PROV_UNREGISTERING,
161 KCF_PROV_UNREGISTERED
162 } kcf_prov_state_t;
163
164 #define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED)
165 #define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \
166 (pd)->pd_state == KCF_PROV_BUSY)
167 #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_UNREGISTERING)
168
169 /* Internal flags valid for pd_flags field */
170 #define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */
171
172 /*
173 * A provider descriptor structure. There is one such structure per
174 * provider. It is allocated and initialized at registration time and
175 * freed when the provider unregisters.
176 *
177 * pd_prov_type: Provider type, hardware or software
178 * pd_sid: Session ID of the provider used by kernel clients.
179 * This is valid only for session-oriented providers.
180 * pd_taskq: taskq used to dispatch crypto requests
181 * pd_nbins: number of bins in pd_percpu_bins
182 * pd_percpu_bins: Pointer to an array of per-CPU structures
183 * containing a lock, a cv and various counters.
184 * pd_lock: lock protects pd_state and pd_provider_list
185 * pd_state: State value of the provider
186 * pd_provider_list: Used to cross-reference logical providers and their
187 * members. Not used for software providers.
188 * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY
189 * pd_prov_handle: Provider handle specified by provider
190 * pd_ops_vector: The ops vector specified by Provider
191 * pd_mech_indx: Lookup table which maps a core framework mechanism
192 * number to an index in pd_mechanisms array
193 * pd_mechanisms: Array of mechanisms supported by the provider, specified
194 * by the provider during registration
195 * pd_mech_list_count: The number of entries in pi_mechanisms, specified
196 * by the provider during registration
197 * pd_name: Device name or module name
198 * pd_instance: Device instance
199 * pd_module_id: Module ID returned by modload
200 * pd_mctlp: Pointer to modctl structure for this provider
201 * pd_description: Provider description string
202 * pd_flags: bitwise OR of pi_flags from crypto_provider_info_t
203 * and other internal flags defined above.
204 * pd_hash_limit: Maximum data size that hash mechanisms of this provider
205 * can support.
206 * pd_hmac_limit: Maximum data size that HMAC mechanisms of this provider
207 * can support.
208 * pd_kcf_prov_handle: KCF-private handle assigned by KCF
209 * pd_prov_id: Identification # assigned by KCF to provider
210 * pd_kstat: kstat associated with the provider
211 * pd_ks_data: kstat data
212 */
213 typedef struct kcf_provider_desc {
214 crypto_provider_type_t pd_prov_type;
215 crypto_session_id_t pd_sid;
216 taskq_t *pd_taskq;
217 uint_t pd_nbins;
218 kcf_prov_cpu_t *pd_percpu_bins;
219 kmutex_t pd_lock;
220 kcf_prov_state_t pd_state;
221 struct kcf_provider_list *pd_provider_list;
222 kcondvar_t pd_resume_cv;
223 crypto_provider_handle_t pd_prov_handle;
224 crypto_ops_t *pd_ops_vector;
225 ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\
226 [KCF_MAXMECHTAB];
227 crypto_mech_info_t *pd_mechanisms;
228 uint_t pd_mech_list_count;
229 char *pd_name;
230 uint_t pd_instance;
231 int pd_module_id;
232 struct modctl *pd_mctlp;
233 char *pd_description;
234 uint_t pd_flags;
235 uint_t pd_hash_limit;
236 uint_t pd_hmac_limit;
237 crypto_kcf_provider_handle_t pd_kcf_prov_handle;
238 crypto_provider_id_t pd_prov_id;
239 kstat_t *pd_kstat;
240 kcf_prov_stats_t pd_ks_data;
241 } kcf_provider_desc_t;
242
243 /* useful for making a list of providers */
244 typedef struct kcf_provider_list {
245 struct kcf_provider_list *pl_next;
246 struct kcf_provider_desc *pl_provider;
247 } kcf_provider_list_t;
248
249 /*
250 * If a component has a reference to a kcf_provider_desc_t,
251 * it REFHOLD()s. A new provider descriptor which is referenced only
252 * by the providers table has a reference counter of one.
253 */
254 #define KCF_PROV_REFHOLD(desc) { \
255 kcf_prov_cpu_t *mp; \
256 \
257 mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \
258 mutex_enter(&mp->kp_lock); \
259 mp->kp_holdcnt++; \
260 mutex_exit(&mp->kp_lock); \
261 }
262
263 #define KCF_PROV_REFRELE(desc) { \
264 kcf_prov_cpu_t *mp; \
265 \
266 mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \
267 mutex_enter(&mp->kp_lock); \
268 mp->kp_holdcnt--; \
269 mutex_exit(&mp->kp_lock); \
270 }
271
272 #define KCF_PROV_REFHELD(desc) (kcf_get_refcnt(desc, B_TRUE) >= 1)
273
274 /*
275 * The JOB macros are used only for a hardware provider.
276 * Hardware providers can have holds that stay forever.
277 * So, the job counter is used to check if it is safe to
278 * unregister a provider.
279 */
280 #define KCF_PROV_JOB_HOLD(mp) { \
281 mutex_enter(&(mp)->kp_lock); \
282 (mp)->kp_jobcnt++; \
283 mutex_exit(&(mp)->kp_lock); \
284 }
285
286 #define KCF_PROV_JOB_RELE(mp) { \
287 mutex_enter(&(mp)->kp_lock); \
288 (mp)->kp_jobcnt--; \
289 if ((mp)->kp_jobcnt == 0) \
290 cv_signal(&(mp)->kp_cv); \
291 mutex_exit(&(mp)->kp_lock); \
292 }
293
294 #define KCF_PROV_JOB_RELE_STAT(mp, doincr) { \
295 if (doincr) \
296 (mp)->kp_nfails++; \
297 KCF_PROV_JOB_RELE(mp); \
298 }
299
300 #define KCF_PROV_INCRSTATS(pd, error) { \
301 kcf_prov_cpu_t *mp; \
302 \
303 mp = &((pd)->pd_percpu_bins[CPU_SEQID]); \
304 mp->kp_ndispatches++; \
305 if ((error) == CRYPTO_BUSY) \
306 mp->kp_nbusy_rval++; \
307 else if ((error) != CRYPTO_SUCCESS && (error) != CRYPTO_QUEUED) \
308 mp->kp_nfails++; \
309 }
310
311 /* list of crypto_mech_info_t valid as the second mech in a dual operation */
312
313 typedef struct crypto_mech_info_list {
314 struct crypto_mech_info_list *ml_next;
315 crypto_mech_type_t ml_kcf_mechid; /* KCF's id */
316 crypto_mech_info_t ml_mech_info;
317 } crypto_mech_info_list_t;
318
319 /*
320 * An element in a mechanism provider descriptors chain.
321 * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs
322 * to. This is a small tradeoff memory vs mutex spinning time to access the
323 * common provider field.
324 */
325
326 typedef struct kcf_prov_mech_desc {
327 struct kcf_mech_entry *pm_me; /* Back to the head */
328 struct kcf_prov_mech_desc *pm_next; /* Next in the chain */
329 crypto_mech_info_t pm_mech_info; /* Provider mech info */
330 crypto_mech_info_list_t *pm_mi_list; /* list for duals */
331 kcf_provider_desc_t *pm_prov_desc; /* Common desc. */
332 } kcf_prov_mech_desc_t;
333
334 /* and the notation shortcuts ... */
335 #define pm_provider_type pm_prov_desc.pd_provider_type
336 #define pm_provider_handle pm_prov_desc.pd_provider_handle
337 #define pm_ops_vector pm_prov_desc.pd_ops_vector
338
339 extern kcf_lock_withpad_t *me_mutexes;
340
341 #define KCF_CPU_PAD (128 - sizeof (crypto_mech_name_t) - \
342 sizeof (crypto_mech_type_t) - \
343 2 * sizeof (kcf_prov_mech_desc_t *) - \
344 sizeof (int) - sizeof (uint32_t) - sizeof (size_t))
345
346 /*
347 * A mechanism entry in an xxx_mech_tab[]. KCF_CPU_PAD needs
348 * to be adjusted if this structure is changed.
349 */
350 typedef struct kcf_mech_entry {
351 crypto_mech_name_t me_name; /* mechanism name */
352 crypto_mech_type_t me_mechid; /* Internal id for mechanism */
353 kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */
354 kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */
355 /*
356 * Number of HW providers in the chain. There is only one
357 * SW provider. So, we need only a count of HW providers.
358 */
359 int me_num_hwprov;
360 /*
361 * When a SW provider is present, this is the generation number that
362 * ensures no objects from old SW providers are used in the new one
363 */
364 uint32_t me_gen_swprov;
365 /*
366 * threshold for using hardware providers for this mech
367 */
368 size_t me_threshold;
369 uint8_t me_pad[KCF_CPU_PAD];
370 } kcf_mech_entry_t;
371
372 /*
373 * A policy descriptor structure. It is allocated and initialized
374 * when administrative ioctls load disabled mechanisms.
375 *
376 * pd_prov_type: Provider type, hardware or software
377 * pd_name: Device name or module name.
378 * pd_instance: Device instance.
379 * pd_refcnt: Reference counter for this policy descriptor
380 * pd_mutex: Protects array and count of disabled mechanisms.
381 * pd_disabled_count: Count of disabled mechanisms.
382 * pd_disabled_mechs: Array of disabled mechanisms.
383 */
384 typedef struct kcf_policy_desc {
385 crypto_provider_type_t pd_prov_type;
386 char *pd_name;
387 uint_t pd_instance;
388 uint_t pd_refcnt;
389 kmutex_t pd_mutex;
390 uint_t pd_disabled_count;
391 crypto_mech_name_t *pd_disabled_mechs;
392 } kcf_policy_desc_t;
393
394 /*
395 * If a component has a reference to a kcf_policy_desc_t,
396 * it REFHOLD()s. A new policy descriptor which is referenced only
397 * by the policy table has a reference count of one.
398 */
399 #define KCF_POLICY_REFHOLD(desc) { \
400 atomic_inc_32(&(desc)->pd_refcnt); \
401 ASSERT((desc)->pd_refcnt != 0); \
402 }
403
404 /*
405 * Releases a reference to a policy descriptor. When the last
406 * reference is released, the descriptor is freed.
407 */
408 #define KCF_POLICY_REFRELE(desc) { \
409 ASSERT((desc)->pd_refcnt != 0); \
410 membar_exit(); \
411 if (atomic_dec_32_nv(&(desc)->pd_refcnt) == 0) \
412 kcf_policy_free_desc(desc); \
413 }
414
415 /*
416 * This entry stores the name of a software module and its
417 * mechanisms. The mechanisms are 'hints' that are used to
418 * trigger loading of the module.
419 */
420 typedef struct kcf_soft_conf_entry {
421 struct kcf_soft_conf_entry *ce_next;
422 char *ce_name;
423 crypto_mech_name_t *ce_mechs;
424 uint_t ce_count;
425 } kcf_soft_conf_entry_t;
426
427 extern kmutex_t soft_config_mutex;
428 extern kcf_soft_conf_entry_t *soft_config_list;
429
430 /*
431 * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms,
432 * with a margin of few extra empty entry points
433 */
434
435 #define KCF_MAXDIGEST 16 /* Digests */
436 #define KCF_MAXCIPHER 64 /* Ciphers */
437 #define KCF_MAXMAC 40 /* Message authentication codes */
438 #define KCF_MAXSIGN 24 /* Sign/Verify */
439 #define KCF_MAXKEYOPS 116 /* Key generation and derivation */
440 #define KCF_MAXMISC 16 /* Others ... */
441
442 #define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \
443 KCF_MAXSIGN + KCF_MAXKEYOPS + \
444 KCF_MAXMISC
445
446 extern kcf_mech_entry_t kcf_digest_mechs_tab[];
447 extern kcf_mech_entry_t kcf_cipher_mechs_tab[];
448 extern kcf_mech_entry_t kcf_mac_mechs_tab[];
449 extern kcf_mech_entry_t kcf_sign_mechs_tab[];
450 extern kcf_mech_entry_t kcf_keyops_mechs_tab[];
451 extern kcf_mech_entry_t kcf_misc_mechs_tab[];
452
453 extern kmutex_t kcf_mech_tabs_lock;
454
455 typedef enum {
456 KCF_DIGEST_CLASS = 1,
457 KCF_CIPHER_CLASS,
458 KCF_MAC_CLASS,
459 KCF_SIGN_CLASS,
460 KCF_KEYOPS_CLASS,
461 KCF_MISC_CLASS
462 } kcf_ops_class_t;
463
464 #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS
465 #define KCF_LAST_OPSCLASS KCF_MISC_CLASS
466
467 /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */
468
469 typedef struct kcf_mech_entry_tab {
470 int met_size; /* Size of the met_tab[] */
471 kcf_mech_entry_t *met_tab; /* the table */
472 } kcf_mech_entry_tab_t;
473
474 extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
475
476 #define KCF_MECHID(class, index) \
477 (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index))
478
479 #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32))
480
481 #define KCF_MECH2INDEX(mech_type) ((int)(mech_type))
482
483 #define KCF_TO_PROV_MECH_INDX(pd, mech_type) \
484 ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \
485 [KCF_MECH2INDEX(mech_type)])
486
487 #define KCF_TO_PROV_MECHINFO(pd, mech_type) \
488 ((pd)->pd_mechanisms[KCF_TO_PROV_MECH_INDX(pd, mech_type)])
489
490 #define KCF_TO_PROV_MECHNUM(pd, mech_type) \
491 (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number)
492
493 #define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \
494 ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \
495 CRYPTO_CAN_SHARE_OPSTATE)
496
497 /* ps_refcnt is protected by cm_lock in the crypto_minor structure */
498 typedef struct crypto_provider_session {
499 struct crypto_provider_session *ps_next;
500 crypto_session_id_t ps_session;
501 kcf_provider_desc_t *ps_provider;
502 kcf_provider_desc_t *ps_real_provider;
503 uint_t ps_refcnt;
504 } crypto_provider_session_t;
505
506 typedef struct crypto_session_data {
507 kmutex_t sd_lock;
508 kcondvar_t sd_cv;
509 uint32_t sd_flags;
510 int sd_pre_approved_amount;
511 crypto_ctx_t *sd_digest_ctx;
512 crypto_ctx_t *sd_encr_ctx;
513 crypto_ctx_t *sd_decr_ctx;
514 crypto_ctx_t *sd_sign_ctx;
515 crypto_ctx_t *sd_verify_ctx;
516 crypto_ctx_t *sd_sign_recover_ctx;
517 crypto_ctx_t *sd_verify_recover_ctx;
518 kcf_provider_desc_t *sd_provider;
519 void *sd_find_init_cookie;
520 crypto_provider_session_t *sd_provider_session;
521 } crypto_session_data_t;
522
523 #define CRYPTO_SESSION_IN_USE 0x00000001
524 #define CRYPTO_SESSION_IS_BUSY 0x00000002
525 #define CRYPTO_SESSION_IS_CLOSED 0x00000004
526
527 #define KCF_MAX_PIN_LEN 1024
528
529 /*
530 * Per-minor info.
531 *
532 * cm_lock protects everything in this structure except for cm_refcnt.
533 */
534 typedef struct crypto_minor {
535 uint_t cm_refcnt;
536 kmutex_t cm_lock;
537 kcondvar_t cm_cv;
538 crypto_session_data_t **cm_session_table;
539 uint_t cm_session_table_count;
540 kcf_provider_desc_t **cm_provider_array;
541 uint_t cm_provider_count;
542 crypto_provider_session_t *cm_provider_session;
543 } crypto_minor_t;
544
545 /* resource control framework handle used by /dev/crypto */
546 extern rctl_hndl_t rc_project_crypto_mem;
547 /*
548 * Return codes for internal functions
549 */
550 #define KCF_SUCCESS 0x0 /* Successful call */
551 #define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */
552 #define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */
553 #define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */
554 #define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */
555 #define KCF_INVALID_INDX ((ushort_t)-1)
556
557 /*
558 * kCF internal mechanism and function group for tracking RNG providers.
559 */
560 #define SUN_RANDOM "random"
561 #define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */
562
563 /*
564 * Wrappers for ops vectors. In the wrapper definitions below, the pd
565 * argument always corresponds to a pointer to a provider descriptor
566 * of type kcf_prov_desc_t.
567 */
568
569 #define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops)
570 #define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops)
571 #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops)
572 #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops)
573 #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops)
574 #define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops)
575 #define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops)
576 #define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops)
577 #define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \
578 ((pd)->pd_ops_vector->co_dual_cipher_mac_ops)
579 #define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops)
580 #define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops)
581 #define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops)
582 #define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops)
583 #define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
584 #define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops)
585 #define KCF_PROV_NOSTORE_KEY_OPS(pd) \
586 ((pd)->pd_ops_vector->co_nostore_key_ops)
587 #define KCF_PROV_FIPS140_OPS(pd) ((pd)->pd_ops_vector->co_fips140_ops)
588 #define KCF_PROV_PROVMGMT_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
589
590 /*
591 * Wrappers for crypto_control_ops(9S) entry points.
592 */
593
594 #define KCF_PROV_STATUS(pd, status) ( \
595 (KCF_PROV_CONTROL_OPS(pd) && \
596 KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \
597 KCF_PROV_CONTROL_OPS(pd)->provider_status( \
598 (pd)->pd_prov_handle, status) : \
599 CRYPTO_NOT_SUPPORTED)
600
601 /*
602 * Wrappers for crypto_ctx_ops(9S) entry points.
603 */
604
605 #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \
606 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \
607 KCF_PROV_CTX_OPS(pd)->create_ctx_template( \
608 (pd)->pd_prov_handle, mech, key, template, size, req) : \
609 CRYPTO_NOT_SUPPORTED)
610
611 #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \
612 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \
613 KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED)
614
615 #define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \
616 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \
617 KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \
618 (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \
619 CRYPTO_NOT_SUPPORTED)
620
621 #define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \
622 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \
623 KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \
624 (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \
625 CRYPTO_NOT_SUPPORTED)
626
627 #define KCF_PROV_FREE_MECH(pd, prov_mech) ( \
628 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \
629 KCF_PROV_MECH_OPS(pd)->free_mechanism( \
630 (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED)
631
632 /*
633 * Wrappers for crypto_digest_ops(9S) entry points.
634 */
635
636 #define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \
637 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \
638 KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \
639 CRYPTO_NOT_SUPPORTED)
640
641 /*
642 * The _ (underscore) in _digest is needed to avoid replacing the
643 * function digest().
644 */
645 #define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \
646 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \
647 KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \
648 CRYPTO_NOT_SUPPORTED)
649
650 #define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \
651 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \
652 KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \
653 CRYPTO_NOT_SUPPORTED)
654
655 #define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \
656 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \
657 KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \
658 CRYPTO_NOT_SUPPORTED)
659
660 #define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \
661 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \
662 KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \
663 CRYPTO_NOT_SUPPORTED)
664
665 #define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \
666 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \
667 KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \
668 (pd)->pd_prov_handle, session, mech, data, digest, req) : \
669 CRYPTO_NOT_SUPPORTED)
670
671 /*
672 * Wrappers for crypto_cipher_ops(9S) entry points.
673 */
674
675 #define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \
676 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \
677 KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \
678 req) : \
679 CRYPTO_NOT_SUPPORTED)
680
681 #define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \
682 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \
683 KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \
684 CRYPTO_NOT_SUPPORTED)
685
686 #define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
687 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \
688 KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \
689 ciphertext, req) : \
690 CRYPTO_NOT_SUPPORTED)
691
692 #define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \
693 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \
694 KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \
695 CRYPTO_NOT_SUPPORTED)
696
697 #define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \
698 template, req) ( \
699 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \
700 KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \
701 (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \
702 template, req) : \
703 CRYPTO_NOT_SUPPORTED)
704
705 #define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \
706 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \
707 KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \
708 req) : \
709 CRYPTO_NOT_SUPPORTED)
710
711 #define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \
712 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \
713 KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \
714 CRYPTO_NOT_SUPPORTED)
715
716 #define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
717 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \
718 KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \
719 plaintext, req) : \
720 CRYPTO_NOT_SUPPORTED)
721
722 #define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \
723 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \
724 KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \
725 CRYPTO_NOT_SUPPORTED)
726
727 #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \
728 template, req) ( \
729 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \
730 KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \
731 (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \
732 template, req) : \
733 CRYPTO_NOT_SUPPORTED)
734
735 /*
736 * Wrappers for crypto_mac_ops(9S) entry points.
737 */
738
739 #define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \
740 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \
741 KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \
742 : CRYPTO_NOT_SUPPORTED)
743
744 /*
745 * The _ (underscore) in _mac is needed to avoid replacing the
746 * function mac().
747 */
748 #define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \
749 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \
750 KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \
751 CRYPTO_NOT_SUPPORTED)
752
753 #define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \
754 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \
755 KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \
756 CRYPTO_NOT_SUPPORTED)
757
758 #define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \
759 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \
760 KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \
761 CRYPTO_NOT_SUPPORTED)
762
763 #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \
764 req) ( \
765 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \
766 KCF_PROV_MAC_OPS(pd)->mac_atomic( \
767 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \
768 req) : \
769 CRYPTO_NOT_SUPPORTED)
770
771 #define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \
772 template, req) ( \
773 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \
774 KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \
775 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \
776 req) : \
777 CRYPTO_NOT_SUPPORTED)
778
779 /*
780 * Wrappers for crypto_sign_ops(9S) entry points.
781 */
782
783 #define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \
784 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \
785 KCF_PROV_SIGN_OPS(pd)->sign_init( \
786 ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED)
787
788 #define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \
789 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \
790 KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \
791 CRYPTO_NOT_SUPPORTED)
792
793 #define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \
794 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \
795 KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \
796 CRYPTO_NOT_SUPPORTED)
797
798 #define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \
799 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \
800 KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \
801 CRYPTO_NOT_SUPPORTED)
802
803 #define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \
804 sig, req) ( \
805 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \
806 KCF_PROV_SIGN_OPS(pd)->sign_atomic( \
807 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
808 req) : CRYPTO_NOT_SUPPORTED)
809
810 #define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \
811 req) ( \
812 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \
813 KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \
814 req) : CRYPTO_NOT_SUPPORTED)
815
816 #define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \
817 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \
818 KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \
819 CRYPTO_NOT_SUPPORTED)
820
821 #define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \
822 sig, req) ( \
823 (KCF_PROV_SIGN_OPS(pd) && \
824 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \
825 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \
826 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
827 req) : CRYPTO_NOT_SUPPORTED)
828
829 /*
830 * Wrappers for crypto_verify_ops(9S) entry points.
831 */
832
833 #define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \
834 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \
835 KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \
836 req) : CRYPTO_NOT_SUPPORTED)
837
838 #define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \
839 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify) ? \
840 KCF_PROV_VERIFY_OPS(pd)->verify(ctx, data, sig, req) : \
841 CRYPTO_NOT_SUPPORTED)
842
843 #define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \
844 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \
845 KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \
846 CRYPTO_NOT_SUPPORTED)
847
848 #define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \
849 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \
850 KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \
851 CRYPTO_NOT_SUPPORTED)
852
853 #define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \
854 req) ( \
855 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \
856 KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \
857 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
858 req) : CRYPTO_NOT_SUPPORTED)
859
860 #define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \
861 req) ( \
862 (KCF_PROV_VERIFY_OPS(pd) && \
863 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \
864 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \
865 template, req) : CRYPTO_NOT_SUPPORTED)
866
867 /* verify_recover() CSPI routine has different argument order than verify() */
868 #define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \
869 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \
870 KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \
871 CRYPTO_NOT_SUPPORTED)
872
873 /*
874 * verify_recover_atomic() CSPI routine has different argument order
875 * than verify_atomic().
876 */
877 #define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \
878 template, data, req) ( \
879 (KCF_PROV_VERIFY_OPS(pd) && \
880 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \
881 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \
882 (pd)->pd_prov_handle, session, mech, key, sig, data, template, \
883 req) : CRYPTO_NOT_SUPPORTED)
884
885 /*
886 * Wrappers for crypto_dual_ops(9S) entry points.
887 */
888
889 #define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \
890 ciphertext, req) ( \
891 (KCF_PROV_DUAL_OPS(pd) && \
892 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \
893 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \
894 digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
895 CRYPTO_NOT_SUPPORTED)
896
897 #define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \
898 plaintext, req) ( \
899 (KCF_PROV_DUAL_OPS(pd) && \
900 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \
901 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \
902 decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \
903 CRYPTO_NOT_SUPPORTED)
904
905 #define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \
906 ciphertext, req) ( \
907 (KCF_PROV_DUAL_OPS(pd) && \
908 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \
909 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \
910 sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
911 CRYPTO_NOT_SUPPORTED)
912
913 #define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \
914 plaintext, req) ( \
915 (KCF_PROV_DUAL_OPS(pd) && \
916 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \
917 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \
918 decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \
919 CRYPTO_NOT_SUPPORTED)
920
921 /*
922 * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points.
923 */
924
925 #define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \
926 mac_key, encr_ctx_template, mac_ctx_template, req) ( \
927 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
928 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \
929 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \
930 ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \
931 mac_ctx_template, req) : \
932 CRYPTO_NOT_SUPPORTED)
933
934 #define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \
935 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
936 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \
937 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \
938 ctx, plaintext, ciphertext, mac, req) : \
939 CRYPTO_NOT_SUPPORTED)
940
941 #define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
942 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
943 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \
944 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \
945 ctx, plaintext, ciphertext, req) : \
946 CRYPTO_NOT_SUPPORTED)
947
948 #define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \
949 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
950 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \
951 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \
952 ctx, ciphertext, mac, req) : \
953 CRYPTO_NOT_SUPPORTED)
954
955 #define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \
956 mac_mech, mac_key, plaintext, ciphertext, mac, \
957 encr_ctx_template, mac_ctx_template, req) ( \
958 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
959 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \
960 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \
961 (pd)->pd_prov_handle, session, encr_mech, encr_key, \
962 mac_mech, mac_key, plaintext, ciphertext, mac, \
963 encr_ctx_template, mac_ctx_template, req) : \
964 CRYPTO_NOT_SUPPORTED)
965
966 #define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \
967 decr_key, mac_ctx_template, decr_ctx_template, req) ( \
968 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
969 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \
970 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \
971 ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \
972 decr_ctx_template, req) : \
973 CRYPTO_NOT_SUPPORTED)
974
975 #define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \
976 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
977 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \
978 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \
979 ctx, ciphertext, mac, plaintext, req) : \
980 CRYPTO_NOT_SUPPORTED)
981
982 #define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
983 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
984 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \
985 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \
986 ctx, ciphertext, plaintext, req) : \
987 CRYPTO_NOT_SUPPORTED)
988
989 #define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \
990 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
991 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \
992 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \
993 ctx, mac, plaintext, req) : \
994 CRYPTO_NOT_SUPPORTED)
995
996 #define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
997 decr_mech, decr_key, ciphertext, mac, plaintext, \
998 mac_ctx_template, decr_ctx_template, req) ( \
999 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
1000 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \
1001 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \
1002 (pd)->pd_prov_handle, session, mac_mech, mac_key, \
1003 decr_mech, decr_key, ciphertext, mac, plaintext, \
1004 mac_ctx_template, decr_ctx_template, req) : \
1005 CRYPTO_NOT_SUPPORTED)
1006
1007 #define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
1008 decr_mech, decr_key, ciphertext, mac, plaintext, \
1009 mac_ctx_template, decr_ctx_template, req) ( \
1010 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
1011 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \
1012 != NULL) ? \
1013 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \
1014 (pd)->pd_prov_handle, session, mac_mech, mac_key, \
1015 decr_mech, decr_key, ciphertext, mac, plaintext, \
1016 mac_ctx_template, decr_ctx_template, req) : \
1017 CRYPTO_NOT_SUPPORTED)
1018
1019 /*
1020 * Wrappers for crypto_random_number_ops(9S) entry points.
1021 */
1022
1023 #define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \
1024 (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \
1025 KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \
1026 session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED)
1027
1028 #define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \
1029 (KCF_PROV_RANDOM_OPS(pd) && \
1030 KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \
1031 KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \
1032 session, buf, len, req) : CRYPTO_NOT_SUPPORTED)
1033
1034 /*
1035 * Wrappers for crypto_session_ops(9S) entry points.
1036 *
1037 * ops_pd is the provider descriptor that supplies the ops_vector.
1038 * pd is the descriptor that supplies the provider handle.
1039 * Only session open/close needs two handles.
1040 */
1041
1042 #define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \
1043 (KCF_PROV_SESSION_OPS(ops_pd) && \
1044 KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \
1045 KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \
1046 session, req) : CRYPTO_NOT_SUPPORTED)
1047
1048 #define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \
1049 (KCF_PROV_SESSION_OPS(ops_pd) && \
1050 KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \
1051 KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \
1052 session, req) : CRYPTO_NOT_SUPPORTED)
1053
1054 #define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \
1055 (KCF_PROV_SESSION_OPS(pd) && \
1056 KCF_PROV_SESSION_OPS(pd)->session_login) ? \
1057 KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \
1058 session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED)
1059
1060 #define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \
1061 (KCF_PROV_SESSION_OPS(pd) && \
1062 KCF_PROV_SESSION_OPS(pd)->session_logout) ? \
1063 KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \
1064 session, req) : CRYPTO_NOT_SUPPORTED)
1065
1066 /*
1067 * Wrappers for crypto_object_ops(9S) entry points.
1068 */
1069
1070 #define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \
1071 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \
1072 KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \
1073 session, template, count, object, req) : CRYPTO_NOT_SUPPORTED)
1074
1075 #define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \
1076 new_object, req) ( \
1077 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \
1078 KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \
1079 session, object, template, count, new_object, req) : \
1080 CRYPTO_NOT_SUPPORTED)
1081
1082 #define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \
1083 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \
1084 KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \
1085 session, object, req) : CRYPTO_NOT_SUPPORTED)
1086
1087 #define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \
1088 (KCF_PROV_OBJECT_OPS(pd) && \
1089 KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \
1090 KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \
1091 session, object, size, req) : CRYPTO_NOT_SUPPORTED)
1092
1093 #define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \
1094 count, req) ( \
1095 (KCF_PROV_OBJECT_OPS(pd) && \
1096 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \
1097 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \
1098 (pd)->pd_prov_handle, session, object, template, count, req) : \
1099 CRYPTO_NOT_SUPPORTED)
1100
1101 #define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \
1102 count, req) ( \
1103 (KCF_PROV_OBJECT_OPS(pd) && \
1104 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \
1105 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \
1106 (pd)->pd_prov_handle, session, object, template, count, req) : \
1107 CRYPTO_NOT_SUPPORTED)
1108
1109 #define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \
1110 req) ( \
1111 (KCF_PROV_OBJECT_OPS(pd) && \
1112 KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \
1113 KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \
1114 session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED)
1115
1116 #define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \
1117 req) ( \
1118 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \
1119 KCF_PROV_OBJECT_OPS(pd)->object_find( \
1120 (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \
1121 req) : CRYPTO_NOT_SUPPORTED)
1122
1123 #define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \
1124 (KCF_PROV_OBJECT_OPS(pd) && \
1125 KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \
1126 KCF_PROV_OBJECT_OPS(pd)->object_find_final( \
1127 (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED)
1128
1129 /*
1130 * Wrappers for crypto_key_ops(9S) entry points.
1131 */
1132
1133 #define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \
1134 req) ( \
1135 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \
1136 KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \
1137 session, mech, template, count, object, req) : \
1138 CRYPTO_NOT_SUPPORTED)
1139
1140 #define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
1141 pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \
1142 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \
1143 KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \
1144 session, mech, pub_template, pub_count, priv_template, \
1145 priv_count, pub_key, priv_key, req) : \
1146 CRYPTO_NOT_SUPPORTED)
1147
1148 #define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \
1149 wrapped_key_len, req) ( \
1150 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \
1151 KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \
1152 session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \
1153 req) : \
1154 CRYPTO_NOT_SUPPORTED)
1155
1156 #define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \
1157 wrapped_key_len, template, count, key, req) ( \
1158 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \
1159 KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \
1160 session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \
1161 template, count, key, req) : \
1162 CRYPTO_NOT_SUPPORTED)
1163
1164 #define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \
1165 key, req) ( \
1166 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \
1167 KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \
1168 session, mech, base_key, template, count, key, req) : \
1169 CRYPTO_NOT_SUPPORTED)
1170
1171 #define KCF_PROV_KEY_CHECK(pd, mech, key) ( \
1172 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \
1173 KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \
1174 CRYPTO_NOT_SUPPORTED)
1175
1176 /*
1177 * Wrappers for crypto_provider_management_ops(9S) entry points.
1178 *
1179 * ops_pd is the provider descriptor that supplies the ops_vector.
1180 * pd is the descriptor that supplies the provider handle.
1181 * Only ext_info needs two handles.
1182 */
1183
1184 #define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \
1185 (KCF_PROV_PROVIDER_OPS(ops_pd) && \
1186 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \
1187 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \
1188 provext_info, req) : CRYPTO_NOT_SUPPORTED)
1189
1190 #define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \
1191 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \
1192 KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \
1193 pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED)
1194
1195 #define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \
1196 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \
1197 KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \
1198 session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED)
1199
1200 #define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \
1201 req) ( \
1202 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \
1203 KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \
1204 session, old_pin, old_len, new_pin, new_len, req) : \
1205 CRYPTO_NOT_SUPPORTED)
1206
1207 /*
1208 * Wrappers for crypto_nostore_key_ops(9S) entry points.
1209 */
1210
1211 #define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \
1212 out_template, out_count, req) ( \
1213 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1214 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \
1215 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \
1216 (pd)->pd_prov_handle, session, mech, template, count, \
1217 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
1218
1219 #define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
1220 pub_count, priv_template, priv_count, out_pub_template, \
1221 out_pub_count, out_priv_template, out_priv_count, req) ( \
1222 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1223 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \
1224 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \
1225 (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \
1226 priv_template, priv_count, out_pub_template, out_pub_count, \
1227 out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED)
1228
1229 #define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \
1230 count, out_template, out_count, req) ( \
1231 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1232 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \
1233 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \
1234 (pd)->pd_prov_handle, session, mech, base_key, template, count, \
1235 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
1236
1237 /*
1238 * The following routines are exported by the kcf module (/kernel/misc/kcf)
1239 * to the crypto and cryptoadmin modules.
1240 */
1241
1242 /* Digest/mac/cipher entry points that take a provider descriptor and session */
1243 extern int crypto_digest_single(crypto_context_t, crypto_data_t *,
1244 crypto_data_t *, crypto_call_req_t *);
1245
1246 extern int crypto_mac_single(crypto_context_t, crypto_data_t *,
1247 crypto_data_t *, crypto_call_req_t *);
1248
1249 extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *,
1250 crypto_data_t *, crypto_call_req_t *);
1251
1252 extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *,
1253 crypto_data_t *, crypto_call_req_t *);
1254
1255
1256 /* Other private digest/mac/cipher entry points not exported through k-API */
1257 extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *,
1258 crypto_call_req_t *);
1259
1260 /* Private sign entry points exported by KCF */
1261 extern int crypto_sign_single(crypto_context_t, crypto_data_t *,
1262 crypto_data_t *, crypto_call_req_t *);
1263
1264 extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *,
1265 crypto_data_t *, crypto_call_req_t *);
1266
1267 /* Private verify entry points exported by KCF */
1268 extern int crypto_verify_single(crypto_context_t, crypto_data_t *,
1269 crypto_data_t *, crypto_call_req_t *);
1270
1271 extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *,
1272 crypto_data_t *, crypto_call_req_t *);
1273
1274 /* Private dual operations entry points exported by KCF */
1275 extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t,
1276 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1277 extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t,
1278 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1279 extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t,
1280 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1281 extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t,
1282 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1283
1284 /* Random Number Generation */
1285 int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf,
1286 size_t len, crypto_call_req_t *req);
1287 int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf,
1288 size_t len, crypto_call_req_t *req);
1289
1290 /* Provider Management */
1291 int crypto_get_provider_info(crypto_provider_id_t id,
1292 crypto_provider_info_t **info, crypto_call_req_t *req);
1293 int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id,
1294 uint_t *count, crypto_mech_name_t **list);
1295 int crypto_init_token(crypto_provider_handle_t provider, char *pin,
1296 size_t pin_len, char *label, crypto_call_req_t *);
1297 int crypto_init_pin(crypto_provider_handle_t provider, char *pin,
1298 size_t pin_len, crypto_call_req_t *req);
1299 int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin,
1300 size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req);
1301 void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count);
1302 void crypto_free_provider_info(crypto_provider_info_t *info);
1303
1304 /* Administrative */
1305 int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list);
1306 int crypto_get_soft_list(uint_t *count, char **list, size_t *len);
1307 int crypto_get_dev_info(char *name, uint_t instance, uint_t *count,
1308 crypto_mech_name_t **list);
1309 int crypto_get_soft_info(caddr_t name, uint_t *count,
1310 crypto_mech_name_t **list);
1311 int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count,
1312 crypto_mech_name_t *list);
1313 int crypto_load_soft_disabled(caddr_t name, uint_t count,
1314 crypto_mech_name_t *list);
1315 int crypto_unload_soft_module(caddr_t path);
1316 int crypto_load_soft_config(caddr_t name, uint_t count,
1317 crypto_mech_name_t *list);
1318 int crypto_load_door(uint_t did);
1319 void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count);
1320 void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count);
1321 extern void kcf_activate();
1322
1323 /* Miscellaneous */
1324 int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number);
1325 int crypto_get_function_list(crypto_provider_id_t id,
1326 crypto_function_list_t **list, int kmflag);
1327 void crypto_free_function_list(crypto_function_list_t *list);
1328 int crypto_build_permitted_mech_names(kcf_provider_desc_t *,
1329 crypto_mech_name_t **, uint_t *, int);
1330 extern void kcf_init_mech_tabs(void);
1331 extern int kcf_add_mech_provider(short, kcf_provider_desc_t *,
1332 kcf_prov_mech_desc_t **);
1333 extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *);
1334 extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **);
1335 extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *);
1336 extern void kcf_free_provider_desc(kcf_provider_desc_t *);
1337 extern void kcf_soft_config_init(void);
1338 extern int get_sw_provider_for_mech(crypto_mech_name_t, char **);
1339 extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t);
1340 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
1341 extern void redo_register_provider(kcf_provider_desc_t *);
1342 extern void kcf_rnd_init();
1343 extern boolean_t kcf_rngprov_check(void);
1344 extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t);
1345 extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t);
1346 extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t);
1347 extern void kcf_rnd_chpoll(short, int, short *, struct pollhead **);
1348 extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
1349 void *, void (*update)());
1350 extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
1351 void *, void (*update)());
1352 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
1353 extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *);
1354 extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *,
1355 int kmflag);
1356 extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *,
1357 void (*update)(), void (*final)(), uchar_t);
1358 extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
1359 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1360 void (*copy_block)(const uint8_t *, uint64_t *));
1361 extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *,
1362 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1363 void (*copy_block)(const uint8_t *, uint64_t *));
1364 extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *,
1365 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1366 void (*copy_block)(const uint8_t *, uint64_t *));
1367 extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **,
1368 ssize_t *);
1369
1370 /* Access to the provider's table */
1371 extern void kcf_prov_tab_init(void);
1372 extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *);
1373 extern int kcf_prov_tab_rem_provider(crypto_provider_id_t);
1374 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *);
1375 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t);
1376 extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int,
1377 char *, uint_t, boolean_t);
1378 extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t);
1379 extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **);
1380 extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t);
1381 extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **,
1382 kcf_mech_entry_t **, boolean_t);
1383
1384 extern kmutex_t prov_tab_mutex;
1385 extern boolean_t kcf_need_provtab_walk;
1386 extern int kcf_get_refcnt(kcf_provider_desc_t *, boolean_t);
1387
1388 /* Access to the policy table */
1389 extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t);
1390 extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *,
1391 uint_t, crypto_mech_name_t);
1392 extern void kcf_policy_tab_init(void);
1393 extern void kcf_policy_free_desc(kcf_policy_desc_t *);
1394 extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **);
1395 extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *,
1396 crypto_mech_name_t **);
1397 extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *);
1398 extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t);
1399 extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *,
1400 uint_t *, crypto_mech_name_t **);
1401 extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t,
1402 crypto_mech_name_t *, uint_t *, crypto_mech_name_t **);
1403 extern void remove_soft_config(char *);
1404
1405 #endif /* _KERNEL */
1406
1407 #ifdef __cplusplus
1408 }
1409 #endif
1410
1411 #endif /* _SYS_CRYPTO_IMPL_H */