1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2015 by Saso Kiselkov. All rights reserved. 24 */ 25 26 #ifndef _SYS_CRYPTO_IMPL_H 27 #define _SYS_CRYPTO_IMPL_H 28 29 /* 30 * Kernel Cryptographic Framework private implementation definitions. 31 */ 32 33 #include <sys/types.h> 34 #include <sys/param.h> 35 36 #ifdef _KERNEL 37 #include <sys/crypto/common.h> 38 #include <sys/crypto/api.h> 39 #include <sys/crypto/spi.h> 40 #include <sys/crypto/ioctl.h> 41 #include <sys/tnf_probe.h> 42 #include <sys/atomic.h> 43 #include <sys/project.h> 44 #include <sys/taskq.h> 45 #include <sys/rctl.h> 46 #include <sys/cpuvar.h> 47 #endif /* _KERNEL */ 48 49 #ifdef __cplusplus 50 extern "C" { 51 #endif 52 53 #ifdef _KERNEL 54 55 /* 56 * Prefixes convention: structures internal to the kernel cryptographic 57 * framework start with 'kcf_'. Exposed structure start with 'crypto_'. 58 */ 59 60 /* Provider stats. Not protected. */ 61 typedef struct kcf_prov_stats { 62 kstat_named_t ps_ops_total; 63 kstat_named_t ps_ops_passed; 64 kstat_named_t ps_ops_failed; 65 kstat_named_t ps_ops_busy_rval; 66 } kcf_prov_stats_t; 67 68 /* Various kcf stats. Not protected. */ 69 typedef struct kcf_stats { 70 kstat_named_t ks_thrs_in_pool; 71 kstat_named_t ks_idle_thrs; 72 kstat_named_t ks_minthrs; 73 kstat_named_t ks_maxthrs; 74 kstat_named_t ks_swq_njobs; 75 kstat_named_t ks_swq_maxjobs; 76 kstat_named_t ks_taskq_threads; 77 kstat_named_t ks_taskq_minalloc; 78 kstat_named_t ks_taskq_maxalloc; 79 } kcf_stats_t; 80 81 #define CPU_SEQID (CPU->cpu_seqid) 82 83 typedef struct kcf_lock_withpad { 84 kmutex_t kl_lock; 85 uint8_t kl_pad[64 - sizeof (kmutex_t)]; 86 } kcf_lock_withpad_t; 87 88 /* 89 * Per-CPU structure used by a provider to keep track of 90 * various counters. 91 */ 92 typedef struct kcf_prov_cpu { 93 kmutex_t kp_lock; 94 int kp_holdcnt; /* can go negative! */ 95 uint_t kp_jobcnt; 96 97 uint64_t kp_ndispatches; 98 uint64_t kp_nfails; 99 uint64_t kp_nbusy_rval; 100 kcondvar_t kp_cv; 101 102 uint8_t kp_pad[64 - sizeof (kmutex_t) - 2 * sizeof (int) - 103 3 * sizeof (uint64_t) - sizeof (kcondvar_t)]; 104 } kcf_prov_cpu_t; 105 106 /* 107 * kcf_get_refcnt(pd) is the number of inflight requests to the 108 * provider. So, it is a good measure of the load on a provider when 109 * it is not in a busy state. Once a provider notifies it is busy, requests 110 * backup in the taskq. So, we use tq_nalloc in that case which gives 111 * the number of task entries in the task queue. Note that we do not 112 * acquire any locks here as it is not critical to get the exact number 113 * and the lock contention is too costly for this code path. 114 */ 115 #define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \ 116 kcf_get_refcnt(pd, B_FALSE) : (pd)->pd_taskq->tq_nalloc) 117 118 119 /* 120 * The following two macros should be 121 * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2) 122 * #define KCF_MAXMECHTAB KCF_MAXCIPHER 123 * 124 * However, doing that would involve reorganizing the header file a bit. 125 * When impl.h is broken up (bug# 4703218), this will be done. For now, 126 * we hardcode these values. 127 */ 128 #define KCF_OPS_CLASSSIZE 8 129 #define KCF_MAXMECHTAB 32 130 131 /* 132 * Valid values for the state of a provider. The order of 133 * the elements is important. 134 * 135 * Routines which get a provider or the list of providers 136 * should pick only those that are either in KCF_PROV_READY state 137 * or in KCF_PROV_BUSY state. 138 */ 139 typedef enum { 140 KCF_PROV_ALLOCATED = 1, 141 KCF_PROV_UNVERIFIED, 142 KCF_PROV_UNVERIFIED_FIPS140, 143 KCF_PROV_VERIFICATION_FAILED, 144 /* 145 * state < KCF_PROV_READY means the provider can not 146 * be used at all. 147 */ 148 KCF_PROV_READY, 149 KCF_PROV_BUSY, 150 /* 151 * state > KCF_PROV_BUSY means the provider can not 152 * be used for new requests. 153 */ 154 KCF_PROV_FAILED, 155 /* 156 * Threads setting the following two states should do so only 157 * if the current state < KCF_PROV_DISABLED. 158 */ 159 KCF_PROV_DISABLED, 160 KCF_PROV_UNREGISTERING, 161 KCF_PROV_UNREGISTERED 162 } kcf_prov_state_t; 163 164 #define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED) 165 #define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \ 166 (pd)->pd_state == KCF_PROV_BUSY) 167 #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_UNREGISTERING) 168 169 /* Internal flags valid for pd_flags field */ 170 #define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */ 171 172 /* 173 * A provider descriptor structure. There is one such structure per 174 * provider. It is allocated and initialized at registration time and 175 * freed when the provider unregisters. 176 * 177 * pd_prov_type: Provider type, hardware or software 178 * pd_sid: Session ID of the provider used by kernel clients. 179 * This is valid only for session-oriented providers. 180 * pd_taskq: taskq used to dispatch crypto requests 181 * pd_nbins: number of bins in pd_percpu_bins 182 * pd_percpu_bins: Pointer to an array of per-CPU structures 183 * containing a lock, a cv and various counters. 184 * pd_lock: lock protects pd_state and pd_provider_list 185 * pd_state: State value of the provider 186 * pd_provider_list: Used to cross-reference logical providers and their 187 * members. Not used for software providers. 188 * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY 189 * pd_prov_handle: Provider handle specified by provider 190 * pd_ops_vector: The ops vector specified by Provider 191 * pd_mech_indx: Lookup table which maps a core framework mechanism 192 * number to an index in pd_mechanisms array 193 * pd_mechanisms: Array of mechanisms supported by the provider, specified 194 * by the provider during registration 195 * pd_mech_list_count: The number of entries in pi_mechanisms, specified 196 * by the provider during registration 197 * pd_name: Device name or module name 198 * pd_instance: Device instance 199 * pd_module_id: Module ID returned by modload 200 * pd_mctlp: Pointer to modctl structure for this provider 201 * pd_description: Provider description string 202 * pd_flags: bitwise OR of pi_flags from crypto_provider_info_t 203 * and other internal flags defined above. 204 * pd_hash_limit: Maximum data size that hash mechanisms of this provider 205 * can support. 206 * pd_hmac_limit: Maximum data size that HMAC mechanisms of this provider 207 * can support. 208 * pd_kcf_prov_handle: KCF-private handle assigned by KCF 209 * pd_prov_id: Identification # assigned by KCF to provider 210 * pd_kstat: kstat associated with the provider 211 * pd_ks_data: kstat data 212 */ 213 typedef struct kcf_provider_desc { 214 crypto_provider_type_t pd_prov_type; 215 crypto_session_id_t pd_sid; 216 taskq_t *pd_taskq; 217 uint_t pd_nbins; 218 kcf_prov_cpu_t *pd_percpu_bins; 219 kmutex_t pd_lock; 220 kcf_prov_state_t pd_state; 221 struct kcf_provider_list *pd_provider_list; 222 kcondvar_t pd_resume_cv; 223 crypto_provider_handle_t pd_prov_handle; 224 crypto_ops_t *pd_ops_vector; 225 ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\ 226 [KCF_MAXMECHTAB]; 227 crypto_mech_info_t *pd_mechanisms; 228 uint_t pd_mech_list_count; 229 char *pd_name; 230 uint_t pd_instance; 231 int pd_module_id; 232 struct modctl *pd_mctlp; 233 char *pd_description; 234 uint_t pd_flags; 235 uint_t pd_hash_limit; 236 uint_t pd_hmac_limit; 237 crypto_kcf_provider_handle_t pd_kcf_prov_handle; 238 crypto_provider_id_t pd_prov_id; 239 kstat_t *pd_kstat; 240 kcf_prov_stats_t pd_ks_data; 241 } kcf_provider_desc_t; 242 243 /* useful for making a list of providers */ 244 typedef struct kcf_provider_list { 245 struct kcf_provider_list *pl_next; 246 struct kcf_provider_desc *pl_provider; 247 } kcf_provider_list_t; 248 249 /* 250 * If a component has a reference to a kcf_provider_desc_t, 251 * it REFHOLD()s. A new provider descriptor which is referenced only 252 * by the providers table has a reference counter of one. 253 */ 254 #define KCF_PROV_REFHOLD(desc) { \ 255 kcf_prov_cpu_t *mp; \ 256 \ 257 mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \ 258 mutex_enter(&mp->kp_lock); \ 259 mp->kp_holdcnt++; \ 260 mutex_exit(&mp->kp_lock); \ 261 } 262 263 #define KCF_PROV_REFRELE(desc) { \ 264 kcf_prov_cpu_t *mp; \ 265 \ 266 mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \ 267 mutex_enter(&mp->kp_lock); \ 268 mp->kp_holdcnt--; \ 269 mutex_exit(&mp->kp_lock); \ 270 } 271 272 #define KCF_PROV_REFHELD(desc) (kcf_get_refcnt(desc, B_TRUE) >= 1) 273 274 /* 275 * The JOB macros are used only for a hardware provider. 276 * Hardware providers can have holds that stay forever. 277 * So, the job counter is used to check if it is safe to 278 * unregister a provider. 279 */ 280 #define KCF_PROV_JOB_HOLD(mp) { \ 281 mutex_enter(&(mp)->kp_lock); \ 282 (mp)->kp_jobcnt++; \ 283 mutex_exit(&(mp)->kp_lock); \ 284 } 285 286 #define KCF_PROV_JOB_RELE(mp) { \ 287 mutex_enter(&(mp)->kp_lock); \ 288 (mp)->kp_jobcnt--; \ 289 if ((mp)->kp_jobcnt == 0) \ 290 cv_signal(&(mp)->kp_cv); \ 291 mutex_exit(&(mp)->kp_lock); \ 292 } 293 294 #define KCF_PROV_JOB_RELE_STAT(mp, doincr) { \ 295 if (doincr) \ 296 (mp)->kp_nfails++; \ 297 KCF_PROV_JOB_RELE(mp); \ 298 } 299 300 #define KCF_PROV_INCRSTATS(pd, error) { \ 301 kcf_prov_cpu_t *mp; \ 302 \ 303 mp = &((pd)->pd_percpu_bins[CPU_SEQID]); \ 304 mp->kp_ndispatches++; \ 305 if ((error) == CRYPTO_BUSY) \ 306 mp->kp_nbusy_rval++; \ 307 else if ((error) != CRYPTO_SUCCESS && (error) != CRYPTO_QUEUED) \ 308 mp->kp_nfails++; \ 309 } 310 311 /* list of crypto_mech_info_t valid as the second mech in a dual operation */ 312 313 typedef struct crypto_mech_info_list { 314 struct crypto_mech_info_list *ml_next; 315 crypto_mech_type_t ml_kcf_mechid; /* KCF's id */ 316 crypto_mech_info_t ml_mech_info; 317 } crypto_mech_info_list_t; 318 319 /* 320 * An element in a mechanism provider descriptors chain. 321 * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs 322 * to. This is a small tradeoff memory vs mutex spinning time to access the 323 * common provider field. 324 */ 325 326 typedef struct kcf_prov_mech_desc { 327 struct kcf_mech_entry *pm_me; /* Back to the head */ 328 struct kcf_prov_mech_desc *pm_next; /* Next in the chain */ 329 crypto_mech_info_t pm_mech_info; /* Provider mech info */ 330 crypto_mech_info_list_t *pm_mi_list; /* list for duals */ 331 kcf_provider_desc_t *pm_prov_desc; /* Common desc. */ 332 } kcf_prov_mech_desc_t; 333 334 /* and the notation shortcuts ... */ 335 #define pm_provider_type pm_prov_desc.pd_provider_type 336 #define pm_provider_handle pm_prov_desc.pd_provider_handle 337 #define pm_ops_vector pm_prov_desc.pd_ops_vector 338 339 extern kcf_lock_withpad_t *me_mutexes; 340 341 #define KCF_CPU_PAD (128 - sizeof (crypto_mech_name_t) - \ 342 sizeof (crypto_mech_type_t) - \ 343 2 * sizeof (kcf_prov_mech_desc_t *) - \ 344 sizeof (int) - sizeof (uint32_t) - sizeof (size_t)) 345 346 /* 347 * A mechanism entry in an xxx_mech_tab[]. KCF_CPU_PAD needs 348 * to be adjusted if this structure is changed. 349 */ 350 typedef struct kcf_mech_entry { 351 crypto_mech_name_t me_name; /* mechanism name */ 352 crypto_mech_type_t me_mechid; /* Internal id for mechanism */ 353 kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */ 354 kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */ 355 /* 356 * Number of HW providers in the chain. There is only one 357 * SW provider. So, we need only a count of HW providers. 358 */ 359 int me_num_hwprov; 360 /* 361 * When a SW provider is present, this is the generation number that 362 * ensures no objects from old SW providers are used in the new one 363 */ 364 uint32_t me_gen_swprov; 365 /* 366 * threshold for using hardware providers for this mech 367 */ 368 size_t me_threshold; 369 uint8_t me_pad[KCF_CPU_PAD]; 370 } kcf_mech_entry_t; 371 372 /* 373 * A policy descriptor structure. It is allocated and initialized 374 * when administrative ioctls load disabled mechanisms. 375 * 376 * pd_prov_type: Provider type, hardware or software 377 * pd_name: Device name or module name. 378 * pd_instance: Device instance. 379 * pd_refcnt: Reference counter for this policy descriptor 380 * pd_mutex: Protects array and count of disabled mechanisms. 381 * pd_disabled_count: Count of disabled mechanisms. 382 * pd_disabled_mechs: Array of disabled mechanisms. 383 */ 384 typedef struct kcf_policy_desc { 385 crypto_provider_type_t pd_prov_type; 386 char *pd_name; 387 uint_t pd_instance; 388 uint_t pd_refcnt; 389 kmutex_t pd_mutex; 390 uint_t pd_disabled_count; 391 crypto_mech_name_t *pd_disabled_mechs; 392 } kcf_policy_desc_t; 393 394 /* 395 * If a component has a reference to a kcf_policy_desc_t, 396 * it REFHOLD()s. A new policy descriptor which is referenced only 397 * by the policy table has a reference count of one. 398 */ 399 #define KCF_POLICY_REFHOLD(desc) { \ 400 atomic_inc_32(&(desc)->pd_refcnt); \ 401 ASSERT((desc)->pd_refcnt != 0); \ 402 } 403 404 /* 405 * Releases a reference to a policy descriptor. When the last 406 * reference is released, the descriptor is freed. 407 */ 408 #define KCF_POLICY_REFRELE(desc) { \ 409 ASSERT((desc)->pd_refcnt != 0); \ 410 membar_exit(); \ 411 if (atomic_dec_32_nv(&(desc)->pd_refcnt) == 0) \ 412 kcf_policy_free_desc(desc); \ 413 } 414 415 /* 416 * This entry stores the name of a software module and its 417 * mechanisms. The mechanisms are 'hints' that are used to 418 * trigger loading of the module. 419 */ 420 typedef struct kcf_soft_conf_entry { 421 struct kcf_soft_conf_entry *ce_next; 422 char *ce_name; 423 crypto_mech_name_t *ce_mechs; 424 uint_t ce_count; 425 } kcf_soft_conf_entry_t; 426 427 extern kmutex_t soft_config_mutex; 428 extern kcf_soft_conf_entry_t *soft_config_list; 429 430 /* 431 * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms, 432 * with a margin of few extra empty entry points 433 */ 434 435 #define KCF_MAXDIGEST 16 /* Digests */ 436 #define KCF_MAXCIPHER 64 /* Ciphers */ 437 #define KCF_MAXMAC 40 /* Message authentication codes */ 438 #define KCF_MAXSIGN 24 /* Sign/Verify */ 439 #define KCF_MAXKEYOPS 116 /* Key generation and derivation */ 440 #define KCF_MAXMISC 16 /* Others ... */ 441 442 #define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \ 443 KCF_MAXSIGN + KCF_MAXKEYOPS + \ 444 KCF_MAXMISC 445 446 extern kcf_mech_entry_t kcf_digest_mechs_tab[]; 447 extern kcf_mech_entry_t kcf_cipher_mechs_tab[]; 448 extern kcf_mech_entry_t kcf_mac_mechs_tab[]; 449 extern kcf_mech_entry_t kcf_sign_mechs_tab[]; 450 extern kcf_mech_entry_t kcf_keyops_mechs_tab[]; 451 extern kcf_mech_entry_t kcf_misc_mechs_tab[]; 452 453 extern kmutex_t kcf_mech_tabs_lock; 454 455 typedef enum { 456 KCF_DIGEST_CLASS = 1, 457 KCF_CIPHER_CLASS, 458 KCF_MAC_CLASS, 459 KCF_SIGN_CLASS, 460 KCF_KEYOPS_CLASS, 461 KCF_MISC_CLASS 462 } kcf_ops_class_t; 463 464 #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS 465 #define KCF_LAST_OPSCLASS KCF_MISC_CLASS 466 467 /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */ 468 469 typedef struct kcf_mech_entry_tab { 470 int met_size; /* Size of the met_tab[] */ 471 kcf_mech_entry_t *met_tab; /* the table */ 472 } kcf_mech_entry_tab_t; 473 474 extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; 475 476 #define KCF_MECHID(class, index) \ 477 (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index)) 478 479 #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32)) 480 481 #define KCF_MECH2INDEX(mech_type) ((int)(mech_type)) 482 483 #define KCF_TO_PROV_MECH_INDX(pd, mech_type) \ 484 ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \ 485 [KCF_MECH2INDEX(mech_type)]) 486 487 #define KCF_TO_PROV_MECHINFO(pd, mech_type) \ 488 ((pd)->pd_mechanisms[KCF_TO_PROV_MECH_INDX(pd, mech_type)]) 489 490 #define KCF_TO_PROV_MECHNUM(pd, mech_type) \ 491 (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number) 492 493 #define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \ 494 ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \ 495 CRYPTO_CAN_SHARE_OPSTATE) 496 497 /* ps_refcnt is protected by cm_lock in the crypto_minor structure */ 498 typedef struct crypto_provider_session { 499 struct crypto_provider_session *ps_next; 500 crypto_session_id_t ps_session; 501 kcf_provider_desc_t *ps_provider; 502 kcf_provider_desc_t *ps_real_provider; 503 uint_t ps_refcnt; 504 } crypto_provider_session_t; 505 506 typedef struct crypto_session_data { 507 kmutex_t sd_lock; 508 kcondvar_t sd_cv; 509 uint32_t sd_flags; 510 int sd_pre_approved_amount; 511 crypto_ctx_t *sd_digest_ctx; 512 crypto_ctx_t *sd_encr_ctx; 513 crypto_ctx_t *sd_decr_ctx; 514 crypto_ctx_t *sd_sign_ctx; 515 crypto_ctx_t *sd_verify_ctx; 516 crypto_ctx_t *sd_sign_recover_ctx; 517 crypto_ctx_t *sd_verify_recover_ctx; 518 kcf_provider_desc_t *sd_provider; 519 void *sd_find_init_cookie; 520 crypto_provider_session_t *sd_provider_session; 521 } crypto_session_data_t; 522 523 #define CRYPTO_SESSION_IN_USE 0x00000001 524 #define CRYPTO_SESSION_IS_BUSY 0x00000002 525 #define CRYPTO_SESSION_IS_CLOSED 0x00000004 526 527 #define KCF_MAX_PIN_LEN 1024 528 529 /* 530 * Per-minor info. 531 * 532 * cm_lock protects everything in this structure except for cm_refcnt. 533 */ 534 typedef struct crypto_minor { 535 uint_t cm_refcnt; 536 kmutex_t cm_lock; 537 kcondvar_t cm_cv; 538 crypto_session_data_t **cm_session_table; 539 uint_t cm_session_table_count; 540 kcf_provider_desc_t **cm_provider_array; 541 uint_t cm_provider_count; 542 crypto_provider_session_t *cm_provider_session; 543 } crypto_minor_t; 544 545 /* resource control framework handle used by /dev/crypto */ 546 extern rctl_hndl_t rc_project_crypto_mem; 547 /* 548 * Return codes for internal functions 549 */ 550 #define KCF_SUCCESS 0x0 /* Successful call */ 551 #define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */ 552 #define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */ 553 #define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */ 554 #define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */ 555 #define KCF_INVALID_INDX ((ushort_t)-1) 556 557 /* 558 * kCF internal mechanism and function group for tracking RNG providers. 559 */ 560 #define SUN_RANDOM "random" 561 #define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */ 562 563 /* 564 * Wrappers for ops vectors. In the wrapper definitions below, the pd 565 * argument always corresponds to a pointer to a provider descriptor 566 * of type kcf_prov_desc_t. 567 */ 568 569 #define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops) 570 #define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops) 571 #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops) 572 #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops) 573 #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops) 574 #define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops) 575 #define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops) 576 #define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops) 577 #define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \ 578 ((pd)->pd_ops_vector->co_dual_cipher_mac_ops) 579 #define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops) 580 #define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops) 581 #define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops) 582 #define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops) 583 #define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) 584 #define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops) 585 #define KCF_PROV_NOSTORE_KEY_OPS(pd) \ 586 ((pd)->pd_ops_vector->co_nostore_key_ops) 587 #define KCF_PROV_FIPS140_OPS(pd) ((pd)->pd_ops_vector->co_fips140_ops) 588 #define KCF_PROV_PROVMGMT_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) 589 590 /* 591 * Wrappers for crypto_control_ops(9S) entry points. 592 */ 593 594 #define KCF_PROV_STATUS(pd, status) ( \ 595 (KCF_PROV_CONTROL_OPS(pd) && \ 596 KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \ 597 KCF_PROV_CONTROL_OPS(pd)->provider_status( \ 598 (pd)->pd_prov_handle, status) : \ 599 CRYPTO_NOT_SUPPORTED) 600 601 /* 602 * Wrappers for crypto_ctx_ops(9S) entry points. 603 */ 604 605 #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \ 606 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ 607 KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ 608 (pd)->pd_prov_handle, mech, key, template, size, req) : \ 609 CRYPTO_NOT_SUPPORTED) 610 611 #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ 612 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \ 613 KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED) 614 615 #define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \ 616 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \ 617 KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \ 618 (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \ 619 CRYPTO_NOT_SUPPORTED) 620 621 #define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \ 622 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \ 623 KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \ 624 (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \ 625 CRYPTO_NOT_SUPPORTED) 626 627 #define KCF_PROV_FREE_MECH(pd, prov_mech) ( \ 628 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \ 629 KCF_PROV_MECH_OPS(pd)->free_mechanism( \ 630 (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED) 631 632 /* 633 * Wrappers for crypto_digest_ops(9S) entry points. 634 */ 635 636 #define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \ 637 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \ 638 KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \ 639 CRYPTO_NOT_SUPPORTED) 640 641 /* 642 * The _ (underscore) in _digest is needed to avoid replacing the 643 * function digest(). 644 */ 645 #define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \ 646 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \ 647 KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \ 648 CRYPTO_NOT_SUPPORTED) 649 650 #define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \ 651 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \ 652 KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \ 653 CRYPTO_NOT_SUPPORTED) 654 655 #define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \ 656 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \ 657 KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \ 658 CRYPTO_NOT_SUPPORTED) 659 660 #define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \ 661 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \ 662 KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \ 663 CRYPTO_NOT_SUPPORTED) 664 665 #define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \ 666 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \ 667 KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \ 668 (pd)->pd_prov_handle, session, mech, data, digest, req) : \ 669 CRYPTO_NOT_SUPPORTED) 670 671 /* 672 * Wrappers for crypto_cipher_ops(9S) entry points. 673 */ 674 675 #define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 676 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \ 677 KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \ 678 req) : \ 679 CRYPTO_NOT_SUPPORTED) 680 681 #define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \ 682 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \ 683 KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \ 684 CRYPTO_NOT_SUPPORTED) 685 686 #define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 687 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \ 688 KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \ 689 ciphertext, req) : \ 690 CRYPTO_NOT_SUPPORTED) 691 692 #define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \ 693 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \ 694 KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \ 695 CRYPTO_NOT_SUPPORTED) 696 697 #define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \ 698 template, req) ( \ 699 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \ 700 KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \ 701 (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \ 702 template, req) : \ 703 CRYPTO_NOT_SUPPORTED) 704 705 #define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 706 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \ 707 KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \ 708 req) : \ 709 CRYPTO_NOT_SUPPORTED) 710 711 #define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \ 712 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \ 713 KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \ 714 CRYPTO_NOT_SUPPORTED) 715 716 #define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 717 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \ 718 KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \ 719 plaintext, req) : \ 720 CRYPTO_NOT_SUPPORTED) 721 722 #define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \ 723 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \ 724 KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \ 725 CRYPTO_NOT_SUPPORTED) 726 727 #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \ 728 template, req) ( \ 729 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \ 730 KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \ 731 (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \ 732 template, req) : \ 733 CRYPTO_NOT_SUPPORTED) 734 735 /* 736 * Wrappers for crypto_mac_ops(9S) entry points. 737 */ 738 739 #define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \ 740 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \ 741 KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \ 742 : CRYPTO_NOT_SUPPORTED) 743 744 /* 745 * The _ (underscore) in _mac is needed to avoid replacing the 746 * function mac(). 747 */ 748 #define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \ 749 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \ 750 KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \ 751 CRYPTO_NOT_SUPPORTED) 752 753 #define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \ 754 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \ 755 KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \ 756 CRYPTO_NOT_SUPPORTED) 757 758 #define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \ 759 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \ 760 KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \ 761 CRYPTO_NOT_SUPPORTED) 762 763 #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \ 764 req) ( \ 765 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \ 766 KCF_PROV_MAC_OPS(pd)->mac_atomic( \ 767 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 768 req) : \ 769 CRYPTO_NOT_SUPPORTED) 770 771 #define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \ 772 template, req) ( \ 773 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \ 774 KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \ 775 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 776 req) : \ 777 CRYPTO_NOT_SUPPORTED) 778 779 /* 780 * Wrappers for crypto_sign_ops(9S) entry points. 781 */ 782 783 #define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \ 784 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \ 785 KCF_PROV_SIGN_OPS(pd)->sign_init( \ 786 ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED) 787 788 #define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \ 789 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \ 790 KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \ 791 CRYPTO_NOT_SUPPORTED) 792 793 #define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \ 794 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \ 795 KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \ 796 CRYPTO_NOT_SUPPORTED) 797 798 #define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \ 799 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \ 800 KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \ 801 CRYPTO_NOT_SUPPORTED) 802 803 #define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \ 804 sig, req) ( \ 805 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \ 806 KCF_PROV_SIGN_OPS(pd)->sign_atomic( \ 807 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 808 req) : CRYPTO_NOT_SUPPORTED) 809 810 #define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \ 811 req) ( \ 812 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \ 813 KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \ 814 req) : CRYPTO_NOT_SUPPORTED) 815 816 #define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \ 817 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \ 818 KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \ 819 CRYPTO_NOT_SUPPORTED) 820 821 #define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \ 822 sig, req) ( \ 823 (KCF_PROV_SIGN_OPS(pd) && \ 824 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \ 825 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \ 826 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 827 req) : CRYPTO_NOT_SUPPORTED) 828 829 /* 830 * Wrappers for crypto_verify_ops(9S) entry points. 831 */ 832 833 #define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \ 834 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \ 835 KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \ 836 req) : CRYPTO_NOT_SUPPORTED) 837 838 #define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \ 839 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify) ? \ 840 KCF_PROV_VERIFY_OPS(pd)->verify(ctx, data, sig, req) : \ 841 CRYPTO_NOT_SUPPORTED) 842 843 #define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \ 844 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \ 845 KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \ 846 CRYPTO_NOT_SUPPORTED) 847 848 #define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \ 849 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \ 850 KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \ 851 CRYPTO_NOT_SUPPORTED) 852 853 #define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \ 854 req) ( \ 855 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \ 856 KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \ 857 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 858 req) : CRYPTO_NOT_SUPPORTED) 859 860 #define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \ 861 req) ( \ 862 (KCF_PROV_VERIFY_OPS(pd) && \ 863 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \ 864 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \ 865 template, req) : CRYPTO_NOT_SUPPORTED) 866 867 /* verify_recover() CSPI routine has different argument order than verify() */ 868 #define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \ 869 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \ 870 KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \ 871 CRYPTO_NOT_SUPPORTED) 872 873 /* 874 * verify_recover_atomic() CSPI routine has different argument order 875 * than verify_atomic(). 876 */ 877 #define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \ 878 template, data, req) ( \ 879 (KCF_PROV_VERIFY_OPS(pd) && \ 880 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \ 881 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \ 882 (pd)->pd_prov_handle, session, mech, key, sig, data, template, \ 883 req) : CRYPTO_NOT_SUPPORTED) 884 885 /* 886 * Wrappers for crypto_dual_ops(9S) entry points. 887 */ 888 889 #define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \ 890 ciphertext, req) ( \ 891 (KCF_PROV_DUAL_OPS(pd) && \ 892 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \ 893 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \ 894 digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 895 CRYPTO_NOT_SUPPORTED) 896 897 #define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \ 898 plaintext, req) ( \ 899 (KCF_PROV_DUAL_OPS(pd) && \ 900 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \ 901 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \ 902 decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \ 903 CRYPTO_NOT_SUPPORTED) 904 905 #define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \ 906 ciphertext, req) ( \ 907 (KCF_PROV_DUAL_OPS(pd) && \ 908 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \ 909 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \ 910 sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 911 CRYPTO_NOT_SUPPORTED) 912 913 #define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \ 914 plaintext, req) ( \ 915 (KCF_PROV_DUAL_OPS(pd) && \ 916 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \ 917 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \ 918 decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \ 919 CRYPTO_NOT_SUPPORTED) 920 921 /* 922 * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points. 923 */ 924 925 #define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \ 926 mac_key, encr_ctx_template, mac_ctx_template, req) ( \ 927 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 928 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \ 929 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \ 930 ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \ 931 mac_ctx_template, req) : \ 932 CRYPTO_NOT_SUPPORTED) 933 934 #define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \ 935 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 936 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \ 937 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \ 938 ctx, plaintext, ciphertext, mac, req) : \ 939 CRYPTO_NOT_SUPPORTED) 940 941 #define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 942 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 943 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \ 944 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \ 945 ctx, plaintext, ciphertext, req) : \ 946 CRYPTO_NOT_SUPPORTED) 947 948 #define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \ 949 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 950 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \ 951 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \ 952 ctx, ciphertext, mac, req) : \ 953 CRYPTO_NOT_SUPPORTED) 954 955 #define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \ 956 mac_mech, mac_key, plaintext, ciphertext, mac, \ 957 encr_ctx_template, mac_ctx_template, req) ( \ 958 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 959 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \ 960 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \ 961 (pd)->pd_prov_handle, session, encr_mech, encr_key, \ 962 mac_mech, mac_key, plaintext, ciphertext, mac, \ 963 encr_ctx_template, mac_ctx_template, req) : \ 964 CRYPTO_NOT_SUPPORTED) 965 966 #define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \ 967 decr_key, mac_ctx_template, decr_ctx_template, req) ( \ 968 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 969 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \ 970 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \ 971 ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \ 972 decr_ctx_template, req) : \ 973 CRYPTO_NOT_SUPPORTED) 974 975 #define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \ 976 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 977 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \ 978 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \ 979 ctx, ciphertext, mac, plaintext, req) : \ 980 CRYPTO_NOT_SUPPORTED) 981 982 #define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 983 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 984 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \ 985 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \ 986 ctx, ciphertext, plaintext, req) : \ 987 CRYPTO_NOT_SUPPORTED) 988 989 #define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \ 990 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 991 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \ 992 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \ 993 ctx, mac, plaintext, req) : \ 994 CRYPTO_NOT_SUPPORTED) 995 996 #define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 997 decr_mech, decr_key, ciphertext, mac, plaintext, \ 998 mac_ctx_template, decr_ctx_template, req) ( \ 999 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 1000 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \ 1001 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \ 1002 (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 1003 decr_mech, decr_key, ciphertext, mac, plaintext, \ 1004 mac_ctx_template, decr_ctx_template, req) : \ 1005 CRYPTO_NOT_SUPPORTED) 1006 1007 #define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 1008 decr_mech, decr_key, ciphertext, mac, plaintext, \ 1009 mac_ctx_template, decr_ctx_template, req) ( \ 1010 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 1011 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \ 1012 != NULL) ? \ 1013 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \ 1014 (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 1015 decr_mech, decr_key, ciphertext, mac, plaintext, \ 1016 mac_ctx_template, decr_ctx_template, req) : \ 1017 CRYPTO_NOT_SUPPORTED) 1018 1019 /* 1020 * Wrappers for crypto_random_number_ops(9S) entry points. 1021 */ 1022 1023 #define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \ 1024 (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \ 1025 KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \ 1026 session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED) 1027 1028 #define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \ 1029 (KCF_PROV_RANDOM_OPS(pd) && \ 1030 KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \ 1031 KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \ 1032 session, buf, len, req) : CRYPTO_NOT_SUPPORTED) 1033 1034 /* 1035 * Wrappers for crypto_session_ops(9S) entry points. 1036 * 1037 * ops_pd is the provider descriptor that supplies the ops_vector. 1038 * pd is the descriptor that supplies the provider handle. 1039 * Only session open/close needs two handles. 1040 */ 1041 1042 #define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \ 1043 (KCF_PROV_SESSION_OPS(ops_pd) && \ 1044 KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \ 1045 KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \ 1046 session, req) : CRYPTO_NOT_SUPPORTED) 1047 1048 #define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \ 1049 (KCF_PROV_SESSION_OPS(ops_pd) && \ 1050 KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \ 1051 KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \ 1052 session, req) : CRYPTO_NOT_SUPPORTED) 1053 1054 #define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \ 1055 (KCF_PROV_SESSION_OPS(pd) && \ 1056 KCF_PROV_SESSION_OPS(pd)->session_login) ? \ 1057 KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \ 1058 session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED) 1059 1060 #define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \ 1061 (KCF_PROV_SESSION_OPS(pd) && \ 1062 KCF_PROV_SESSION_OPS(pd)->session_logout) ? \ 1063 KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \ 1064 session, req) : CRYPTO_NOT_SUPPORTED) 1065 1066 /* 1067 * Wrappers for crypto_object_ops(9S) entry points. 1068 */ 1069 1070 #define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \ 1071 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \ 1072 KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \ 1073 session, template, count, object, req) : CRYPTO_NOT_SUPPORTED) 1074 1075 #define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \ 1076 new_object, req) ( \ 1077 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \ 1078 KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \ 1079 session, object, template, count, new_object, req) : \ 1080 CRYPTO_NOT_SUPPORTED) 1081 1082 #define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \ 1083 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \ 1084 KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \ 1085 session, object, req) : CRYPTO_NOT_SUPPORTED) 1086 1087 #define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \ 1088 (KCF_PROV_OBJECT_OPS(pd) && \ 1089 KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \ 1090 KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \ 1091 session, object, size, req) : CRYPTO_NOT_SUPPORTED) 1092 1093 #define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \ 1094 count, req) ( \ 1095 (KCF_PROV_OBJECT_OPS(pd) && \ 1096 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \ 1097 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \ 1098 (pd)->pd_prov_handle, session, object, template, count, req) : \ 1099 CRYPTO_NOT_SUPPORTED) 1100 1101 #define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \ 1102 count, req) ( \ 1103 (KCF_PROV_OBJECT_OPS(pd) && \ 1104 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \ 1105 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \ 1106 (pd)->pd_prov_handle, session, object, template, count, req) : \ 1107 CRYPTO_NOT_SUPPORTED) 1108 1109 #define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \ 1110 req) ( \ 1111 (KCF_PROV_OBJECT_OPS(pd) && \ 1112 KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \ 1113 KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \ 1114 session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED) 1115 1116 #define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \ 1117 req) ( \ 1118 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \ 1119 KCF_PROV_OBJECT_OPS(pd)->object_find( \ 1120 (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \ 1121 req) : CRYPTO_NOT_SUPPORTED) 1122 1123 #define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \ 1124 (KCF_PROV_OBJECT_OPS(pd) && \ 1125 KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \ 1126 KCF_PROV_OBJECT_OPS(pd)->object_find_final( \ 1127 (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED) 1128 1129 /* 1130 * Wrappers for crypto_key_ops(9S) entry points. 1131 */ 1132 1133 #define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \ 1134 req) ( \ 1135 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \ 1136 KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \ 1137 session, mech, template, count, object, req) : \ 1138 CRYPTO_NOT_SUPPORTED) 1139 1140 #define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 1141 pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \ 1142 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \ 1143 KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \ 1144 session, mech, pub_template, pub_count, priv_template, \ 1145 priv_count, pub_key, priv_key, req) : \ 1146 CRYPTO_NOT_SUPPORTED) 1147 1148 #define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \ 1149 wrapped_key_len, req) ( \ 1150 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \ 1151 KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \ 1152 session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \ 1153 req) : \ 1154 CRYPTO_NOT_SUPPORTED) 1155 1156 #define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \ 1157 wrapped_key_len, template, count, key, req) ( \ 1158 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \ 1159 KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \ 1160 session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \ 1161 template, count, key, req) : \ 1162 CRYPTO_NOT_SUPPORTED) 1163 1164 #define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \ 1165 key, req) ( \ 1166 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \ 1167 KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \ 1168 session, mech, base_key, template, count, key, req) : \ 1169 CRYPTO_NOT_SUPPORTED) 1170 1171 #define KCF_PROV_KEY_CHECK(pd, mech, key) ( \ 1172 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \ 1173 KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \ 1174 CRYPTO_NOT_SUPPORTED) 1175 1176 /* 1177 * Wrappers for crypto_provider_management_ops(9S) entry points. 1178 * 1179 * ops_pd is the provider descriptor that supplies the ops_vector. 1180 * pd is the descriptor that supplies the provider handle. 1181 * Only ext_info needs two handles. 1182 */ 1183 1184 #define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \ 1185 (KCF_PROV_PROVIDER_OPS(ops_pd) && \ 1186 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \ 1187 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \ 1188 provext_info, req) : CRYPTO_NOT_SUPPORTED) 1189 1190 #define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \ 1191 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \ 1192 KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \ 1193 pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED) 1194 1195 #define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \ 1196 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \ 1197 KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \ 1198 session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED) 1199 1200 #define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \ 1201 req) ( \ 1202 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \ 1203 KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \ 1204 session, old_pin, old_len, new_pin, new_len, req) : \ 1205 CRYPTO_NOT_SUPPORTED) 1206 1207 /* 1208 * Wrappers for crypto_nostore_key_ops(9S) entry points. 1209 */ 1210 1211 #define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \ 1212 out_template, out_count, req) ( \ 1213 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 1214 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \ 1215 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \ 1216 (pd)->pd_prov_handle, session, mech, template, count, \ 1217 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) 1218 1219 #define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 1220 pub_count, priv_template, priv_count, out_pub_template, \ 1221 out_pub_count, out_priv_template, out_priv_count, req) ( \ 1222 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 1223 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \ 1224 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \ 1225 (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \ 1226 priv_template, priv_count, out_pub_template, out_pub_count, \ 1227 out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED) 1228 1229 #define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \ 1230 count, out_template, out_count, req) ( \ 1231 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 1232 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \ 1233 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \ 1234 (pd)->pd_prov_handle, session, mech, base_key, template, count, \ 1235 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) 1236 1237 /* 1238 * The following routines are exported by the kcf module (/kernel/misc/kcf) 1239 * to the crypto and cryptoadmin modules. 1240 */ 1241 1242 /* Digest/mac/cipher entry points that take a provider descriptor and session */ 1243 extern int crypto_digest_single(crypto_context_t, crypto_data_t *, 1244 crypto_data_t *, crypto_call_req_t *); 1245 1246 extern int crypto_mac_single(crypto_context_t, crypto_data_t *, 1247 crypto_data_t *, crypto_call_req_t *); 1248 1249 extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *, 1250 crypto_data_t *, crypto_call_req_t *); 1251 1252 extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *, 1253 crypto_data_t *, crypto_call_req_t *); 1254 1255 1256 /* Other private digest/mac/cipher entry points not exported through k-API */ 1257 extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *, 1258 crypto_call_req_t *); 1259 1260 /* Private sign entry points exported by KCF */ 1261 extern int crypto_sign_single(crypto_context_t, crypto_data_t *, 1262 crypto_data_t *, crypto_call_req_t *); 1263 1264 extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *, 1265 crypto_data_t *, crypto_call_req_t *); 1266 1267 /* Private verify entry points exported by KCF */ 1268 extern int crypto_verify_single(crypto_context_t, crypto_data_t *, 1269 crypto_data_t *, crypto_call_req_t *); 1270 1271 extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *, 1272 crypto_data_t *, crypto_call_req_t *); 1273 1274 /* Private dual operations entry points exported by KCF */ 1275 extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t, 1276 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1277 extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t, 1278 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1279 extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t, 1280 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1281 extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t, 1282 crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 1283 1284 /* Random Number Generation */ 1285 int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf, 1286 size_t len, crypto_call_req_t *req); 1287 int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf, 1288 size_t len, crypto_call_req_t *req); 1289 1290 /* Provider Management */ 1291 int crypto_get_provider_info(crypto_provider_id_t id, 1292 crypto_provider_info_t **info, crypto_call_req_t *req); 1293 int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id, 1294 uint_t *count, crypto_mech_name_t **list); 1295 int crypto_init_token(crypto_provider_handle_t provider, char *pin, 1296 size_t pin_len, char *label, crypto_call_req_t *); 1297 int crypto_init_pin(crypto_provider_handle_t provider, char *pin, 1298 size_t pin_len, crypto_call_req_t *req); 1299 int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin, 1300 size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req); 1301 void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count); 1302 void crypto_free_provider_info(crypto_provider_info_t *info); 1303 1304 /* Administrative */ 1305 int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list); 1306 int crypto_get_soft_list(uint_t *count, char **list, size_t *len); 1307 int crypto_get_dev_info(char *name, uint_t instance, uint_t *count, 1308 crypto_mech_name_t **list); 1309 int crypto_get_soft_info(caddr_t name, uint_t *count, 1310 crypto_mech_name_t **list); 1311 int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count, 1312 crypto_mech_name_t *list); 1313 int crypto_load_soft_disabled(caddr_t name, uint_t count, 1314 crypto_mech_name_t *list); 1315 int crypto_unload_soft_module(caddr_t path); 1316 int crypto_load_soft_config(caddr_t name, uint_t count, 1317 crypto_mech_name_t *list); 1318 int crypto_load_door(uint_t did); 1319 void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count); 1320 void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count); 1321 extern void kcf_activate(); 1322 1323 /* Miscellaneous */ 1324 int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number); 1325 int crypto_get_function_list(crypto_provider_id_t id, 1326 crypto_function_list_t **list, int kmflag); 1327 void crypto_free_function_list(crypto_function_list_t *list); 1328 int crypto_build_permitted_mech_names(kcf_provider_desc_t *, 1329 crypto_mech_name_t **, uint_t *, int); 1330 extern void kcf_init_mech_tabs(void); 1331 extern int kcf_add_mech_provider(short, kcf_provider_desc_t *, 1332 kcf_prov_mech_desc_t **); 1333 extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *); 1334 extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **); 1335 extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *); 1336 extern void kcf_free_provider_desc(kcf_provider_desc_t *); 1337 extern void kcf_soft_config_init(void); 1338 extern int get_sw_provider_for_mech(crypto_mech_name_t, char **); 1339 extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t); 1340 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); 1341 extern void redo_register_provider(kcf_provider_desc_t *); 1342 extern void kcf_rnd_init(); 1343 extern boolean_t kcf_rngprov_check(void); 1344 extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t); 1345 extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t); 1346 extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t); 1347 extern void kcf_rnd_chpoll(short, int, short *, struct pollhead **); 1348 extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t, 1349 void *, void (*update)()); 1350 extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t, 1351 void *, void (*update)()); 1352 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); 1353 extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *); 1354 extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *, 1355 int kmflag); 1356 extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *, 1357 void (*update)(), void (*final)(), uchar_t); 1358 extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, 1359 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 1360 void (*copy_block)(const uint8_t *, uint64_t *)); 1361 extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *, 1362 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 1363 void (*copy_block)(const uint8_t *, uint64_t *)); 1364 extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *, 1365 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 1366 void (*copy_block)(const uint8_t *, uint64_t *)); 1367 extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **, 1368 ssize_t *); 1369 1370 /* Access to the provider's table */ 1371 extern void kcf_prov_tab_init(void); 1372 extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *); 1373 extern int kcf_prov_tab_rem_provider(crypto_provider_id_t); 1374 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *); 1375 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t); 1376 extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int, 1377 char *, uint_t, boolean_t); 1378 extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t); 1379 extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **); 1380 extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t); 1381 extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **, 1382 kcf_mech_entry_t **, boolean_t); 1383 1384 extern kmutex_t prov_tab_mutex; 1385 extern boolean_t kcf_need_provtab_walk; 1386 extern int kcf_get_refcnt(kcf_provider_desc_t *, boolean_t); 1387 1388 /* Access to the policy table */ 1389 extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t); 1390 extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *, 1391 uint_t, crypto_mech_name_t); 1392 extern void kcf_policy_tab_init(void); 1393 extern void kcf_policy_free_desc(kcf_policy_desc_t *); 1394 extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **); 1395 extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *, 1396 crypto_mech_name_t **); 1397 extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *); 1398 extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t); 1399 extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *, 1400 uint_t *, crypto_mech_name_t **); 1401 extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t, 1402 crypto_mech_name_t *, uint_t *, crypto_mech_name_t **); 1403 extern void remove_soft_config(char *); 1404 1405 #endif /* _KERNEL */ 1406 1407 #ifdef __cplusplus 1408 } 1409 #endif 1410 1411 #endif /* _SYS_CRYPTO_IMPL_H */