Print this page
4896 Performance improvements for KCF AES modes
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/sys/crypto/impl.h
+++ new/usr/src/uts/common/sys/crypto/impl.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 + * Copyright 2015 by Saso Kiselkov. All rights reserved.
23 24 */
24 25
25 26 #ifndef _SYS_CRYPTO_IMPL_H
26 27 #define _SYS_CRYPTO_IMPL_H
27 28
28 29 /*
29 30 * Kernel Cryptographic Framework private implementation definitions.
30 31 */
31 32
32 33 #include <sys/types.h>
33 34 #include <sys/param.h>
34 35
35 36 #ifdef _KERNEL
36 37 #include <sys/crypto/common.h>
37 38 #include <sys/crypto/api.h>
38 39 #include <sys/crypto/spi.h>
39 40 #include <sys/crypto/ioctl.h>
40 41 #include <sys/tnf_probe.h>
41 42 #include <sys/atomic.h>
42 43 #include <sys/project.h>
43 44 #include <sys/taskq.h>
44 45 #include <sys/rctl.h>
45 46 #include <sys/cpuvar.h>
46 47 #endif /* _KERNEL */
47 48
48 49 #ifdef __cplusplus
49 50 extern "C" {
50 51 #endif
51 52
52 53 #ifdef _KERNEL
53 54
54 55 /*
55 56 * Prefixes convention: structures internal to the kernel cryptographic
56 57 * framework start with 'kcf_'. Exposed structure start with 'crypto_'.
57 58 */
58 59
59 60 /* Provider stats. Not protected. */
60 61 typedef struct kcf_prov_stats {
61 62 kstat_named_t ps_ops_total;
62 63 kstat_named_t ps_ops_passed;
63 64 kstat_named_t ps_ops_failed;
64 65 kstat_named_t ps_ops_busy_rval;
65 66 } kcf_prov_stats_t;
66 67
67 68 /* Various kcf stats. Not protected. */
68 69 typedef struct kcf_stats {
69 70 kstat_named_t ks_thrs_in_pool;
70 71 kstat_named_t ks_idle_thrs;
71 72 kstat_named_t ks_minthrs;
72 73 kstat_named_t ks_maxthrs;
73 74 kstat_named_t ks_swq_njobs;
74 75 kstat_named_t ks_swq_maxjobs;
75 76 kstat_named_t ks_taskq_threads;
76 77 kstat_named_t ks_taskq_minalloc;
77 78 kstat_named_t ks_taskq_maxalloc;
78 79 } kcf_stats_t;
79 80
80 81 #define CPU_SEQID (CPU->cpu_seqid)
81 82
82 83 typedef struct kcf_lock_withpad {
83 84 kmutex_t kl_lock;
84 85 uint8_t kl_pad[64 - sizeof (kmutex_t)];
85 86 } kcf_lock_withpad_t;
86 87
87 88 /*
88 89 * Per-CPU structure used by a provider to keep track of
89 90 * various counters.
90 91 */
91 92 typedef struct kcf_prov_cpu {
92 93 kmutex_t kp_lock;
93 94 int kp_holdcnt; /* can go negative! */
94 95 uint_t kp_jobcnt;
95 96
96 97 uint64_t kp_ndispatches;
97 98 uint64_t kp_nfails;
98 99 uint64_t kp_nbusy_rval;
99 100 kcondvar_t kp_cv;
100 101
101 102 uint8_t kp_pad[64 - sizeof (kmutex_t) - 2 * sizeof (int) -
102 103 3 * sizeof (uint64_t) - sizeof (kcondvar_t)];
103 104 } kcf_prov_cpu_t;
104 105
105 106 /*
106 107 * kcf_get_refcnt(pd) is the number of inflight requests to the
107 108 * provider. So, it is a good measure of the load on a provider when
108 109 * it is not in a busy state. Once a provider notifies it is busy, requests
109 110 * backup in the taskq. So, we use tq_nalloc in that case which gives
110 111 * the number of task entries in the task queue. Note that we do not
111 112 * acquire any locks here as it is not critical to get the exact number
112 113 * and the lock contention is too costly for this code path.
113 114 */
114 115 #define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \
115 116 kcf_get_refcnt(pd, B_FALSE) : (pd)->pd_taskq->tq_nalloc)
116 117
117 118
118 119 /*
119 120 * The following two macros should be
120 121 * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2)
121 122 * #define KCF_MAXMECHTAB KCF_MAXCIPHER
122 123 *
123 124 * However, doing that would involve reorganizing the header file a bit.
124 125 * When impl.h is broken up (bug# 4703218), this will be done. For now,
125 126 * we hardcode these values.
126 127 */
127 128 #define KCF_OPS_CLASSSIZE 8
128 129 #define KCF_MAXMECHTAB 32
129 130
130 131 /*
131 132 * Valid values for the state of a provider. The order of
132 133 * the elements is important.
133 134 *
134 135 * Routines which get a provider or the list of providers
135 136 * should pick only those that are either in KCF_PROV_READY state
136 137 * or in KCF_PROV_BUSY state.
137 138 */
138 139 typedef enum {
139 140 KCF_PROV_ALLOCATED = 1,
140 141 KCF_PROV_UNVERIFIED,
141 142 KCF_PROV_UNVERIFIED_FIPS140,
142 143 KCF_PROV_VERIFICATION_FAILED,
143 144 /*
144 145 * state < KCF_PROV_READY means the provider can not
145 146 * be used at all.
146 147 */
147 148 KCF_PROV_READY,
148 149 KCF_PROV_BUSY,
149 150 /*
150 151 * state > KCF_PROV_BUSY means the provider can not
151 152 * be used for new requests.
152 153 */
153 154 KCF_PROV_FAILED,
154 155 /*
155 156 * Threads setting the following two states should do so only
156 157 * if the current state < KCF_PROV_DISABLED.
157 158 */
158 159 KCF_PROV_DISABLED,
159 160 KCF_PROV_UNREGISTERING,
160 161 KCF_PROV_UNREGISTERED
161 162 } kcf_prov_state_t;
162 163
163 164 #define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED)
164 165 #define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \
165 166 (pd)->pd_state == KCF_PROV_BUSY)
166 167 #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_UNREGISTERING)
167 168
168 169 /* Internal flags valid for pd_flags field */
169 170 #define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */
170 171
171 172 /*
172 173 * A provider descriptor structure. There is one such structure per
173 174 * provider. It is allocated and initialized at registration time and
174 175 * freed when the provider unregisters.
175 176 *
176 177 * pd_prov_type: Provider type, hardware or software
177 178 * pd_sid: Session ID of the provider used by kernel clients.
178 179 * This is valid only for session-oriented providers.
179 180 * pd_taskq: taskq used to dispatch crypto requests
180 181 * pd_nbins: number of bins in pd_percpu_bins
181 182 * pd_percpu_bins: Pointer to an array of per-CPU structures
182 183 * containing a lock, a cv and various counters.
183 184 * pd_lock: lock protects pd_state and pd_provider_list
184 185 * pd_state: State value of the provider
185 186 * pd_provider_list: Used to cross-reference logical providers and their
186 187 * members. Not used for software providers.
187 188 * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY
188 189 * pd_prov_handle: Provider handle specified by provider
189 190 * pd_ops_vector: The ops vector specified by Provider
190 191 * pd_mech_indx: Lookup table which maps a core framework mechanism
191 192 * number to an index in pd_mechanisms array
192 193 * pd_mechanisms: Array of mechanisms supported by the provider, specified
193 194 * by the provider during registration
194 195 * pd_mech_list_count: The number of entries in pi_mechanisms, specified
195 196 * by the provider during registration
196 197 * pd_name: Device name or module name
197 198 * pd_instance: Device instance
198 199 * pd_module_id: Module ID returned by modload
199 200 * pd_mctlp: Pointer to modctl structure for this provider
200 201 * pd_description: Provider description string
201 202 * pd_flags: bitwise OR of pi_flags from crypto_provider_info_t
202 203 * and other internal flags defined above.
203 204 * pd_hash_limit: Maximum data size that hash mechanisms of this provider
204 205 * can support.
205 206 * pd_hmac_limit: Maximum data size that HMAC mechanisms of this provider
206 207 * can support.
207 208 * pd_kcf_prov_handle: KCF-private handle assigned by KCF
208 209 * pd_prov_id: Identification # assigned by KCF to provider
209 210 * pd_kstat: kstat associated with the provider
210 211 * pd_ks_data: kstat data
211 212 */
212 213 typedef struct kcf_provider_desc {
213 214 crypto_provider_type_t pd_prov_type;
214 215 crypto_session_id_t pd_sid;
215 216 taskq_t *pd_taskq;
216 217 uint_t pd_nbins;
217 218 kcf_prov_cpu_t *pd_percpu_bins;
218 219 kmutex_t pd_lock;
219 220 kcf_prov_state_t pd_state;
220 221 struct kcf_provider_list *pd_provider_list;
221 222 kcondvar_t pd_resume_cv;
222 223 crypto_provider_handle_t pd_prov_handle;
223 224 crypto_ops_t *pd_ops_vector;
224 225 ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\
225 226 [KCF_MAXMECHTAB];
226 227 crypto_mech_info_t *pd_mechanisms;
227 228 uint_t pd_mech_list_count;
228 229 char *pd_name;
229 230 uint_t pd_instance;
230 231 int pd_module_id;
231 232 struct modctl *pd_mctlp;
232 233 char *pd_description;
233 234 uint_t pd_flags;
234 235 uint_t pd_hash_limit;
235 236 uint_t pd_hmac_limit;
236 237 crypto_kcf_provider_handle_t pd_kcf_prov_handle;
237 238 crypto_provider_id_t pd_prov_id;
238 239 kstat_t *pd_kstat;
239 240 kcf_prov_stats_t pd_ks_data;
240 241 } kcf_provider_desc_t;
241 242
242 243 /* useful for making a list of providers */
243 244 typedef struct kcf_provider_list {
244 245 struct kcf_provider_list *pl_next;
245 246 struct kcf_provider_desc *pl_provider;
246 247 } kcf_provider_list_t;
247 248
248 249 /*
249 250 * If a component has a reference to a kcf_provider_desc_t,
250 251 * it REFHOLD()s. A new provider descriptor which is referenced only
251 252 * by the providers table has a reference counter of one.
252 253 */
253 254 #define KCF_PROV_REFHOLD(desc) { \
254 255 kcf_prov_cpu_t *mp; \
255 256 \
256 257 mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \
257 258 mutex_enter(&mp->kp_lock); \
258 259 mp->kp_holdcnt++; \
259 260 mutex_exit(&mp->kp_lock); \
260 261 }
261 262
262 263 #define KCF_PROV_REFRELE(desc) { \
263 264 kcf_prov_cpu_t *mp; \
264 265 \
265 266 mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \
266 267 mutex_enter(&mp->kp_lock); \
267 268 mp->kp_holdcnt--; \
268 269 mutex_exit(&mp->kp_lock); \
269 270 }
270 271
271 272 #define KCF_PROV_REFHELD(desc) (kcf_get_refcnt(desc, B_TRUE) >= 1)
272 273
273 274 /*
274 275 * The JOB macros are used only for a hardware provider.
275 276 * Hardware providers can have holds that stay forever.
276 277 * So, the job counter is used to check if it is safe to
277 278 * unregister a provider.
278 279 */
279 280 #define KCF_PROV_JOB_HOLD(mp) { \
280 281 mutex_enter(&(mp)->kp_lock); \
281 282 (mp)->kp_jobcnt++; \
282 283 mutex_exit(&(mp)->kp_lock); \
283 284 }
284 285
285 286 #define KCF_PROV_JOB_RELE(mp) { \
286 287 mutex_enter(&(mp)->kp_lock); \
287 288 (mp)->kp_jobcnt--; \
288 289 if ((mp)->kp_jobcnt == 0) \
289 290 cv_signal(&(mp)->kp_cv); \
290 291 mutex_exit(&(mp)->kp_lock); \
291 292 }
292 293
293 294 #define KCF_PROV_JOB_RELE_STAT(mp, doincr) { \
294 295 if (doincr) \
295 296 (mp)->kp_nfails++; \
296 297 KCF_PROV_JOB_RELE(mp); \
297 298 }
298 299
299 300 #define KCF_PROV_INCRSTATS(pd, error) { \
300 301 kcf_prov_cpu_t *mp; \
301 302 \
302 303 mp = &((pd)->pd_percpu_bins[CPU_SEQID]); \
303 304 mp->kp_ndispatches++; \
304 305 if ((error) == CRYPTO_BUSY) \
305 306 mp->kp_nbusy_rval++; \
306 307 else if ((error) != CRYPTO_SUCCESS && (error) != CRYPTO_QUEUED) \
307 308 mp->kp_nfails++; \
308 309 }
309 310
310 311 /* list of crypto_mech_info_t valid as the second mech in a dual operation */
311 312
312 313 typedef struct crypto_mech_info_list {
313 314 struct crypto_mech_info_list *ml_next;
314 315 crypto_mech_type_t ml_kcf_mechid; /* KCF's id */
315 316 crypto_mech_info_t ml_mech_info;
316 317 } crypto_mech_info_list_t;
317 318
318 319 /*
319 320 * An element in a mechanism provider descriptors chain.
320 321 * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs
321 322 * to. This is a small tradeoff memory vs mutex spinning time to access the
322 323 * common provider field.
323 324 */
324 325
325 326 typedef struct kcf_prov_mech_desc {
326 327 struct kcf_mech_entry *pm_me; /* Back to the head */
327 328 struct kcf_prov_mech_desc *pm_next; /* Next in the chain */
328 329 crypto_mech_info_t pm_mech_info; /* Provider mech info */
329 330 crypto_mech_info_list_t *pm_mi_list; /* list for duals */
330 331 kcf_provider_desc_t *pm_prov_desc; /* Common desc. */
331 332 } kcf_prov_mech_desc_t;
332 333
333 334 /* and the notation shortcuts ... */
334 335 #define pm_provider_type pm_prov_desc.pd_provider_type
335 336 #define pm_provider_handle pm_prov_desc.pd_provider_handle
336 337 #define pm_ops_vector pm_prov_desc.pd_ops_vector
337 338
338 339 extern kcf_lock_withpad_t *me_mutexes;
339 340
340 341 #define KCF_CPU_PAD (128 - sizeof (crypto_mech_name_t) - \
341 342 sizeof (crypto_mech_type_t) - \
342 343 2 * sizeof (kcf_prov_mech_desc_t *) - \
343 344 sizeof (int) - sizeof (uint32_t) - sizeof (size_t))
344 345
345 346 /*
346 347 * A mechanism entry in an xxx_mech_tab[]. KCF_CPU_PAD needs
347 348 * to be adjusted if this structure is changed.
348 349 */
349 350 typedef struct kcf_mech_entry {
350 351 crypto_mech_name_t me_name; /* mechanism name */
351 352 crypto_mech_type_t me_mechid; /* Internal id for mechanism */
352 353 kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */
353 354 kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */
354 355 /*
355 356 * Number of HW providers in the chain. There is only one
356 357 * SW provider. So, we need only a count of HW providers.
357 358 */
358 359 int me_num_hwprov;
359 360 /*
360 361 * When a SW provider is present, this is the generation number that
361 362 * ensures no objects from old SW providers are used in the new one
362 363 */
363 364 uint32_t me_gen_swprov;
364 365 /*
365 366 * threshold for using hardware providers for this mech
366 367 */
367 368 size_t me_threshold;
368 369 uint8_t me_pad[KCF_CPU_PAD];
369 370 } kcf_mech_entry_t;
370 371
371 372 /*
372 373 * A policy descriptor structure. It is allocated and initialized
373 374 * when administrative ioctls load disabled mechanisms.
374 375 *
375 376 * pd_prov_type: Provider type, hardware or software
376 377 * pd_name: Device name or module name.
377 378 * pd_instance: Device instance.
378 379 * pd_refcnt: Reference counter for this policy descriptor
379 380 * pd_mutex: Protects array and count of disabled mechanisms.
380 381 * pd_disabled_count: Count of disabled mechanisms.
381 382 * pd_disabled_mechs: Array of disabled mechanisms.
382 383 */
383 384 typedef struct kcf_policy_desc {
384 385 crypto_provider_type_t pd_prov_type;
385 386 char *pd_name;
386 387 uint_t pd_instance;
387 388 uint_t pd_refcnt;
388 389 kmutex_t pd_mutex;
389 390 uint_t pd_disabled_count;
390 391 crypto_mech_name_t *pd_disabled_mechs;
391 392 } kcf_policy_desc_t;
392 393
393 394 /*
394 395 * If a component has a reference to a kcf_policy_desc_t,
395 396 * it REFHOLD()s. A new policy descriptor which is referenced only
396 397 * by the policy table has a reference count of one.
397 398 */
398 399 #define KCF_POLICY_REFHOLD(desc) { \
399 400 atomic_inc_32(&(desc)->pd_refcnt); \
400 401 ASSERT((desc)->pd_refcnt != 0); \
401 402 }
402 403
403 404 /*
404 405 * Releases a reference to a policy descriptor. When the last
405 406 * reference is released, the descriptor is freed.
406 407 */
407 408 #define KCF_POLICY_REFRELE(desc) { \
408 409 ASSERT((desc)->pd_refcnt != 0); \
409 410 membar_exit(); \
410 411 if (atomic_dec_32_nv(&(desc)->pd_refcnt) == 0) \
411 412 kcf_policy_free_desc(desc); \
412 413 }
413 414
414 415 /*
415 416 * This entry stores the name of a software module and its
416 417 * mechanisms. The mechanisms are 'hints' that are used to
417 418 * trigger loading of the module.
418 419 */
419 420 typedef struct kcf_soft_conf_entry {
420 421 struct kcf_soft_conf_entry *ce_next;
421 422 char *ce_name;
422 423 crypto_mech_name_t *ce_mechs;
423 424 uint_t ce_count;
424 425 } kcf_soft_conf_entry_t;
425 426
426 427 extern kmutex_t soft_config_mutex;
427 428 extern kcf_soft_conf_entry_t *soft_config_list;
428 429
429 430 /*
430 431 * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms,
431 432 * with a margin of few extra empty entry points
432 433 */
433 434
434 435 #define KCF_MAXDIGEST 16 /* Digests */
435 436 #define KCF_MAXCIPHER 64 /* Ciphers */
436 437 #define KCF_MAXMAC 40 /* Message authentication codes */
437 438 #define KCF_MAXSIGN 24 /* Sign/Verify */
438 439 #define KCF_MAXKEYOPS 116 /* Key generation and derivation */
439 440 #define KCF_MAXMISC 16 /* Others ... */
440 441
441 442 #define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \
442 443 KCF_MAXSIGN + KCF_MAXKEYOPS + \
443 444 KCF_MAXMISC
444 445
445 446 extern kcf_mech_entry_t kcf_digest_mechs_tab[];
446 447 extern kcf_mech_entry_t kcf_cipher_mechs_tab[];
447 448 extern kcf_mech_entry_t kcf_mac_mechs_tab[];
448 449 extern kcf_mech_entry_t kcf_sign_mechs_tab[];
449 450 extern kcf_mech_entry_t kcf_keyops_mechs_tab[];
450 451 extern kcf_mech_entry_t kcf_misc_mechs_tab[];
451 452
452 453 extern kmutex_t kcf_mech_tabs_lock;
453 454
454 455 typedef enum {
455 456 KCF_DIGEST_CLASS = 1,
456 457 KCF_CIPHER_CLASS,
457 458 KCF_MAC_CLASS,
458 459 KCF_SIGN_CLASS,
459 460 KCF_KEYOPS_CLASS,
460 461 KCF_MISC_CLASS
461 462 } kcf_ops_class_t;
462 463
463 464 #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS
464 465 #define KCF_LAST_OPSCLASS KCF_MISC_CLASS
465 466
466 467 /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */
467 468
468 469 typedef struct kcf_mech_entry_tab {
469 470 int met_size; /* Size of the met_tab[] */
470 471 kcf_mech_entry_t *met_tab; /* the table */
471 472 } kcf_mech_entry_tab_t;
472 473
473 474 extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
474 475
475 476 #define KCF_MECHID(class, index) \
476 477 (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index))
477 478
478 479 #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32))
479 480
480 481 #define KCF_MECH2INDEX(mech_type) ((int)(mech_type))
481 482
482 483 #define KCF_TO_PROV_MECH_INDX(pd, mech_type) \
483 484 ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \
484 485 [KCF_MECH2INDEX(mech_type)])
485 486
486 487 #define KCF_TO_PROV_MECHINFO(pd, mech_type) \
487 488 ((pd)->pd_mechanisms[KCF_TO_PROV_MECH_INDX(pd, mech_type)])
488 489
489 490 #define KCF_TO_PROV_MECHNUM(pd, mech_type) \
490 491 (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number)
491 492
492 493 #define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \
493 494 ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \
494 495 CRYPTO_CAN_SHARE_OPSTATE)
495 496
496 497 /* ps_refcnt is protected by cm_lock in the crypto_minor structure */
497 498 typedef struct crypto_provider_session {
498 499 struct crypto_provider_session *ps_next;
499 500 crypto_session_id_t ps_session;
500 501 kcf_provider_desc_t *ps_provider;
501 502 kcf_provider_desc_t *ps_real_provider;
502 503 uint_t ps_refcnt;
503 504 } crypto_provider_session_t;
504 505
505 506 typedef struct crypto_session_data {
506 507 kmutex_t sd_lock;
507 508 kcondvar_t sd_cv;
508 509 uint32_t sd_flags;
509 510 int sd_pre_approved_amount;
510 511 crypto_ctx_t *sd_digest_ctx;
511 512 crypto_ctx_t *sd_encr_ctx;
512 513 crypto_ctx_t *sd_decr_ctx;
513 514 crypto_ctx_t *sd_sign_ctx;
514 515 crypto_ctx_t *sd_verify_ctx;
515 516 crypto_ctx_t *sd_sign_recover_ctx;
516 517 crypto_ctx_t *sd_verify_recover_ctx;
517 518 kcf_provider_desc_t *sd_provider;
518 519 void *sd_find_init_cookie;
519 520 crypto_provider_session_t *sd_provider_session;
520 521 } crypto_session_data_t;
521 522
522 523 #define CRYPTO_SESSION_IN_USE 0x00000001
523 524 #define CRYPTO_SESSION_IS_BUSY 0x00000002
524 525 #define CRYPTO_SESSION_IS_CLOSED 0x00000004
525 526
526 527 #define KCF_MAX_PIN_LEN 1024
527 528
528 529 /*
529 530 * Per-minor info.
530 531 *
531 532 * cm_lock protects everything in this structure except for cm_refcnt.
532 533 */
533 534 typedef struct crypto_minor {
534 535 uint_t cm_refcnt;
535 536 kmutex_t cm_lock;
536 537 kcondvar_t cm_cv;
537 538 crypto_session_data_t **cm_session_table;
538 539 uint_t cm_session_table_count;
539 540 kcf_provider_desc_t **cm_provider_array;
540 541 uint_t cm_provider_count;
541 542 crypto_provider_session_t *cm_provider_session;
542 543 } crypto_minor_t;
543 544
544 545 /* resource control framework handle used by /dev/crypto */
545 546 extern rctl_hndl_t rc_project_crypto_mem;
546 547 /*
547 548 * Return codes for internal functions
548 549 */
549 550 #define KCF_SUCCESS 0x0 /* Successful call */
550 551 #define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */
551 552 #define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */
552 553 #define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */
553 554 #define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */
554 555 #define KCF_INVALID_INDX ((ushort_t)-1)
555 556
556 557 /*
557 558 * kCF internal mechanism and function group for tracking RNG providers.
558 559 */
559 560 #define SUN_RANDOM "random"
560 561 #define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */
561 562
562 563 /*
563 564 * Wrappers for ops vectors. In the wrapper definitions below, the pd
564 565 * argument always corresponds to a pointer to a provider descriptor
565 566 * of type kcf_prov_desc_t.
566 567 */
567 568
568 569 #define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops)
569 570 #define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops)
570 571 #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops)
571 572 #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops)
572 573 #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops)
573 574 #define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops)
574 575 #define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops)
575 576 #define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops)
576 577 #define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \
577 578 ((pd)->pd_ops_vector->co_dual_cipher_mac_ops)
578 579 #define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops)
579 580 #define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops)
580 581 #define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops)
581 582 #define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops)
582 583 #define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
583 584 #define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops)
584 585 #define KCF_PROV_NOSTORE_KEY_OPS(pd) \
585 586 ((pd)->pd_ops_vector->co_nostore_key_ops)
586 587 #define KCF_PROV_FIPS140_OPS(pd) ((pd)->pd_ops_vector->co_fips140_ops)
587 588 #define KCF_PROV_PROVMGMT_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
588 589
589 590 /*
590 591 * Wrappers for crypto_control_ops(9S) entry points.
591 592 */
592 593
593 594 #define KCF_PROV_STATUS(pd, status) ( \
594 595 (KCF_PROV_CONTROL_OPS(pd) && \
595 596 KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \
596 597 KCF_PROV_CONTROL_OPS(pd)->provider_status( \
597 598 (pd)->pd_prov_handle, status) : \
598 599 CRYPTO_NOT_SUPPORTED)
599 600
600 601 /*
601 602 * Wrappers for crypto_ctx_ops(9S) entry points.
602 603 */
603 604
604 605 #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \
605 606 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \
606 607 KCF_PROV_CTX_OPS(pd)->create_ctx_template( \
607 608 (pd)->pd_prov_handle, mech, key, template, size, req) : \
608 609 CRYPTO_NOT_SUPPORTED)
609 610
610 611 #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \
611 612 (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \
612 613 KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED)
613 614
614 615 #define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \
615 616 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \
616 617 KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \
617 618 (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \
618 619 CRYPTO_NOT_SUPPORTED)
619 620
620 621 #define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \
621 622 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \
622 623 KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \
623 624 (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \
624 625 CRYPTO_NOT_SUPPORTED)
625 626
626 627 #define KCF_PROV_FREE_MECH(pd, prov_mech) ( \
627 628 (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \
628 629 KCF_PROV_MECH_OPS(pd)->free_mechanism( \
629 630 (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED)
630 631
631 632 /*
632 633 * Wrappers for crypto_digest_ops(9S) entry points.
633 634 */
634 635
635 636 #define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \
636 637 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \
637 638 KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \
638 639 CRYPTO_NOT_SUPPORTED)
639 640
640 641 /*
641 642 * The _ (underscore) in _digest is needed to avoid replacing the
642 643 * function digest().
643 644 */
644 645 #define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \
645 646 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \
646 647 KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \
647 648 CRYPTO_NOT_SUPPORTED)
648 649
649 650 #define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \
650 651 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \
651 652 KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \
652 653 CRYPTO_NOT_SUPPORTED)
653 654
654 655 #define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \
655 656 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \
656 657 KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \
657 658 CRYPTO_NOT_SUPPORTED)
658 659
659 660 #define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \
660 661 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \
661 662 KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \
662 663 CRYPTO_NOT_SUPPORTED)
663 664
664 665 #define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \
665 666 (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \
666 667 KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \
667 668 (pd)->pd_prov_handle, session, mech, data, digest, req) : \
668 669 CRYPTO_NOT_SUPPORTED)
669 670
670 671 /*
671 672 * Wrappers for crypto_cipher_ops(9S) entry points.
672 673 */
673 674
674 675 #define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \
675 676 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \
676 677 KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \
677 678 req) : \
678 679 CRYPTO_NOT_SUPPORTED)
679 680
680 681 #define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \
681 682 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \
682 683 KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \
683 684 CRYPTO_NOT_SUPPORTED)
684 685
685 686 #define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
686 687 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \
687 688 KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \
688 689 ciphertext, req) : \
689 690 CRYPTO_NOT_SUPPORTED)
690 691
691 692 #define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \
692 693 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \
693 694 KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \
694 695 CRYPTO_NOT_SUPPORTED)
695 696
696 697 #define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \
697 698 template, req) ( \
698 699 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \
699 700 KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \
700 701 (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \
701 702 template, req) : \
702 703 CRYPTO_NOT_SUPPORTED)
703 704
704 705 #define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \
705 706 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \
706 707 KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \
707 708 req) : \
708 709 CRYPTO_NOT_SUPPORTED)
709 710
710 711 #define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \
711 712 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \
712 713 KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \
713 714 CRYPTO_NOT_SUPPORTED)
714 715
715 716 #define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
716 717 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \
717 718 KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \
718 719 plaintext, req) : \
719 720 CRYPTO_NOT_SUPPORTED)
720 721
721 722 #define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \
722 723 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \
723 724 KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \
724 725 CRYPTO_NOT_SUPPORTED)
725 726
726 727 #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \
727 728 template, req) ( \
728 729 (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \
729 730 KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \
730 731 (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \
731 732 template, req) : \
732 733 CRYPTO_NOT_SUPPORTED)
733 734
734 735 /*
735 736 * Wrappers for crypto_mac_ops(9S) entry points.
736 737 */
737 738
738 739 #define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \
739 740 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \
740 741 KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \
741 742 : CRYPTO_NOT_SUPPORTED)
742 743
743 744 /*
744 745 * The _ (underscore) in _mac is needed to avoid replacing the
745 746 * function mac().
746 747 */
747 748 #define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \
748 749 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \
749 750 KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \
750 751 CRYPTO_NOT_SUPPORTED)
751 752
752 753 #define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \
753 754 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \
754 755 KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \
755 756 CRYPTO_NOT_SUPPORTED)
756 757
757 758 #define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \
758 759 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \
759 760 KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \
760 761 CRYPTO_NOT_SUPPORTED)
761 762
762 763 #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \
763 764 req) ( \
764 765 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \
765 766 KCF_PROV_MAC_OPS(pd)->mac_atomic( \
766 767 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \
767 768 req) : \
768 769 CRYPTO_NOT_SUPPORTED)
769 770
770 771 #define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \
771 772 template, req) ( \
772 773 (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \
773 774 KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \
774 775 (pd)->pd_prov_handle, session, mech, key, data, mac, template, \
775 776 req) : \
776 777 CRYPTO_NOT_SUPPORTED)
777 778
778 779 /*
779 780 * Wrappers for crypto_sign_ops(9S) entry points.
780 781 */
781 782
782 783 #define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \
783 784 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \
784 785 KCF_PROV_SIGN_OPS(pd)->sign_init( \
785 786 ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED)
786 787
787 788 #define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \
788 789 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \
789 790 KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \
790 791 CRYPTO_NOT_SUPPORTED)
791 792
792 793 #define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \
793 794 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \
794 795 KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \
795 796 CRYPTO_NOT_SUPPORTED)
796 797
797 798 #define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \
798 799 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \
799 800 KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \
800 801 CRYPTO_NOT_SUPPORTED)
801 802
802 803 #define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \
803 804 sig, req) ( \
804 805 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \
805 806 KCF_PROV_SIGN_OPS(pd)->sign_atomic( \
806 807 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
807 808 req) : CRYPTO_NOT_SUPPORTED)
808 809
809 810 #define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \
810 811 req) ( \
811 812 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \
812 813 KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \
813 814 req) : CRYPTO_NOT_SUPPORTED)
814 815
815 816 #define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \
816 817 (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \
817 818 KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \
818 819 CRYPTO_NOT_SUPPORTED)
819 820
820 821 #define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \
821 822 sig, req) ( \
822 823 (KCF_PROV_SIGN_OPS(pd) && \
823 824 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \
824 825 KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \
825 826 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
826 827 req) : CRYPTO_NOT_SUPPORTED)
827 828
828 829 /*
829 830 * Wrappers for crypto_verify_ops(9S) entry points.
830 831 */
831 832
832 833 #define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \
833 834 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \
834 835 KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \
835 836 req) : CRYPTO_NOT_SUPPORTED)
836 837
837 838 #define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \
838 839 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify) ? \
839 840 KCF_PROV_VERIFY_OPS(pd)->verify(ctx, data, sig, req) : \
840 841 CRYPTO_NOT_SUPPORTED)
841 842
842 843 #define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \
843 844 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \
844 845 KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \
845 846 CRYPTO_NOT_SUPPORTED)
846 847
847 848 #define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \
848 849 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \
849 850 KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \
850 851 CRYPTO_NOT_SUPPORTED)
851 852
852 853 #define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \
853 854 req) ( \
854 855 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \
855 856 KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \
856 857 (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
857 858 req) : CRYPTO_NOT_SUPPORTED)
858 859
859 860 #define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \
860 861 req) ( \
861 862 (KCF_PROV_VERIFY_OPS(pd) && \
862 863 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \
863 864 KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \
864 865 template, req) : CRYPTO_NOT_SUPPORTED)
865 866
866 867 /* verify_recover() CSPI routine has different argument order than verify() */
867 868 #define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \
868 869 (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \
869 870 KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \
870 871 CRYPTO_NOT_SUPPORTED)
871 872
872 873 /*
873 874 * verify_recover_atomic() CSPI routine has different argument order
874 875 * than verify_atomic().
875 876 */
876 877 #define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \
877 878 template, data, req) ( \
878 879 (KCF_PROV_VERIFY_OPS(pd) && \
879 880 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \
880 881 KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \
881 882 (pd)->pd_prov_handle, session, mech, key, sig, data, template, \
882 883 req) : CRYPTO_NOT_SUPPORTED)
883 884
884 885 /*
885 886 * Wrappers for crypto_dual_ops(9S) entry points.
886 887 */
887 888
888 889 #define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \
889 890 ciphertext, req) ( \
890 891 (KCF_PROV_DUAL_OPS(pd) && \
891 892 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \
892 893 KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \
893 894 digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
894 895 CRYPTO_NOT_SUPPORTED)
895 896
896 897 #define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \
897 898 plaintext, req) ( \
898 899 (KCF_PROV_DUAL_OPS(pd) && \
899 900 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \
900 901 KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \
901 902 decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \
902 903 CRYPTO_NOT_SUPPORTED)
903 904
904 905 #define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \
905 906 ciphertext, req) ( \
906 907 (KCF_PROV_DUAL_OPS(pd) && \
907 908 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \
908 909 KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \
909 910 sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
910 911 CRYPTO_NOT_SUPPORTED)
911 912
912 913 #define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \
913 914 plaintext, req) ( \
914 915 (KCF_PROV_DUAL_OPS(pd) && \
915 916 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \
916 917 KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \
917 918 decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \
918 919 CRYPTO_NOT_SUPPORTED)
919 920
920 921 /*
921 922 * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points.
922 923 */
923 924
924 925 #define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \
925 926 mac_key, encr_ctx_template, mac_ctx_template, req) ( \
926 927 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
927 928 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \
928 929 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \
929 930 ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \
930 931 mac_ctx_template, req) : \
931 932 CRYPTO_NOT_SUPPORTED)
932 933
933 934 #define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \
934 935 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
935 936 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \
936 937 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \
937 938 ctx, plaintext, ciphertext, mac, req) : \
938 939 CRYPTO_NOT_SUPPORTED)
939 940
940 941 #define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
941 942 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
942 943 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \
943 944 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \
944 945 ctx, plaintext, ciphertext, req) : \
945 946 CRYPTO_NOT_SUPPORTED)
946 947
947 948 #define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \
948 949 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
949 950 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \
950 951 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \
951 952 ctx, ciphertext, mac, req) : \
952 953 CRYPTO_NOT_SUPPORTED)
953 954
954 955 #define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \
955 956 mac_mech, mac_key, plaintext, ciphertext, mac, \
956 957 encr_ctx_template, mac_ctx_template, req) ( \
957 958 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
958 959 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \
959 960 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \
960 961 (pd)->pd_prov_handle, session, encr_mech, encr_key, \
961 962 mac_mech, mac_key, plaintext, ciphertext, mac, \
962 963 encr_ctx_template, mac_ctx_template, req) : \
963 964 CRYPTO_NOT_SUPPORTED)
964 965
965 966 #define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \
966 967 decr_key, mac_ctx_template, decr_ctx_template, req) ( \
967 968 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
968 969 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \
969 970 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \
970 971 ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \
971 972 decr_ctx_template, req) : \
972 973 CRYPTO_NOT_SUPPORTED)
973 974
974 975 #define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \
975 976 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
976 977 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \
977 978 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \
978 979 ctx, ciphertext, mac, plaintext, req) : \
979 980 CRYPTO_NOT_SUPPORTED)
980 981
981 982 #define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
982 983 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
983 984 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \
984 985 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \
985 986 ctx, ciphertext, plaintext, req) : \
986 987 CRYPTO_NOT_SUPPORTED)
987 988
988 989 #define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \
989 990 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
990 991 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \
991 992 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \
992 993 ctx, mac, plaintext, req) : \
993 994 CRYPTO_NOT_SUPPORTED)
994 995
995 996 #define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
996 997 decr_mech, decr_key, ciphertext, mac, plaintext, \
997 998 mac_ctx_template, decr_ctx_template, req) ( \
998 999 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
999 1000 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \
1000 1001 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \
1001 1002 (pd)->pd_prov_handle, session, mac_mech, mac_key, \
1002 1003 decr_mech, decr_key, ciphertext, mac, plaintext, \
1003 1004 mac_ctx_template, decr_ctx_template, req) : \
1004 1005 CRYPTO_NOT_SUPPORTED)
1005 1006
1006 1007 #define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
1007 1008 decr_mech, decr_key, ciphertext, mac, plaintext, \
1008 1009 mac_ctx_template, decr_ctx_template, req) ( \
1009 1010 (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
1010 1011 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \
1011 1012 != NULL) ? \
1012 1013 KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \
1013 1014 (pd)->pd_prov_handle, session, mac_mech, mac_key, \
1014 1015 decr_mech, decr_key, ciphertext, mac, plaintext, \
1015 1016 mac_ctx_template, decr_ctx_template, req) : \
1016 1017 CRYPTO_NOT_SUPPORTED)
1017 1018
1018 1019 /*
1019 1020 * Wrappers for crypto_random_number_ops(9S) entry points.
1020 1021 */
1021 1022
1022 1023 #define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \
1023 1024 (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \
1024 1025 KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \
1025 1026 session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED)
1026 1027
1027 1028 #define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \
1028 1029 (KCF_PROV_RANDOM_OPS(pd) && \
1029 1030 KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \
1030 1031 KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \
1031 1032 session, buf, len, req) : CRYPTO_NOT_SUPPORTED)
1032 1033
1033 1034 /*
1034 1035 * Wrappers for crypto_session_ops(9S) entry points.
1035 1036 *
1036 1037 * ops_pd is the provider descriptor that supplies the ops_vector.
1037 1038 * pd is the descriptor that supplies the provider handle.
1038 1039 * Only session open/close needs two handles.
1039 1040 */
1040 1041
1041 1042 #define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \
1042 1043 (KCF_PROV_SESSION_OPS(ops_pd) && \
1043 1044 KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \
1044 1045 KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \
1045 1046 session, req) : CRYPTO_NOT_SUPPORTED)
1046 1047
1047 1048 #define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \
1048 1049 (KCF_PROV_SESSION_OPS(ops_pd) && \
1049 1050 KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \
1050 1051 KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \
1051 1052 session, req) : CRYPTO_NOT_SUPPORTED)
1052 1053
1053 1054 #define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \
1054 1055 (KCF_PROV_SESSION_OPS(pd) && \
1055 1056 KCF_PROV_SESSION_OPS(pd)->session_login) ? \
1056 1057 KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \
1057 1058 session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED)
1058 1059
1059 1060 #define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \
1060 1061 (KCF_PROV_SESSION_OPS(pd) && \
1061 1062 KCF_PROV_SESSION_OPS(pd)->session_logout) ? \
1062 1063 KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \
1063 1064 session, req) : CRYPTO_NOT_SUPPORTED)
1064 1065
1065 1066 /*
1066 1067 * Wrappers for crypto_object_ops(9S) entry points.
1067 1068 */
1068 1069
1069 1070 #define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \
1070 1071 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \
1071 1072 KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \
1072 1073 session, template, count, object, req) : CRYPTO_NOT_SUPPORTED)
1073 1074
1074 1075 #define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \
1075 1076 new_object, req) ( \
1076 1077 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \
1077 1078 KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \
1078 1079 session, object, template, count, new_object, req) : \
1079 1080 CRYPTO_NOT_SUPPORTED)
1080 1081
1081 1082 #define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \
1082 1083 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \
1083 1084 KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \
1084 1085 session, object, req) : CRYPTO_NOT_SUPPORTED)
1085 1086
1086 1087 #define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \
1087 1088 (KCF_PROV_OBJECT_OPS(pd) && \
1088 1089 KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \
1089 1090 KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \
1090 1091 session, object, size, req) : CRYPTO_NOT_SUPPORTED)
1091 1092
1092 1093 #define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \
1093 1094 count, req) ( \
1094 1095 (KCF_PROV_OBJECT_OPS(pd) && \
1095 1096 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \
1096 1097 KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \
1097 1098 (pd)->pd_prov_handle, session, object, template, count, req) : \
1098 1099 CRYPTO_NOT_SUPPORTED)
1099 1100
1100 1101 #define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \
1101 1102 count, req) ( \
1102 1103 (KCF_PROV_OBJECT_OPS(pd) && \
1103 1104 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \
1104 1105 KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \
1105 1106 (pd)->pd_prov_handle, session, object, template, count, req) : \
1106 1107 CRYPTO_NOT_SUPPORTED)
1107 1108
1108 1109 #define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \
1109 1110 req) ( \
1110 1111 (KCF_PROV_OBJECT_OPS(pd) && \
1111 1112 KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \
1112 1113 KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \
1113 1114 session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED)
1114 1115
1115 1116 #define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \
1116 1117 req) ( \
1117 1118 (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \
1118 1119 KCF_PROV_OBJECT_OPS(pd)->object_find( \
1119 1120 (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \
1120 1121 req) : CRYPTO_NOT_SUPPORTED)
1121 1122
1122 1123 #define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \
1123 1124 (KCF_PROV_OBJECT_OPS(pd) && \
1124 1125 KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \
1125 1126 KCF_PROV_OBJECT_OPS(pd)->object_find_final( \
1126 1127 (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED)
1127 1128
1128 1129 /*
1129 1130 * Wrappers for crypto_key_ops(9S) entry points.
1130 1131 */
1131 1132
1132 1133 #define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \
1133 1134 req) ( \
1134 1135 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \
1135 1136 KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \
1136 1137 session, mech, template, count, object, req) : \
1137 1138 CRYPTO_NOT_SUPPORTED)
1138 1139
1139 1140 #define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
1140 1141 pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \
1141 1142 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \
1142 1143 KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \
1143 1144 session, mech, pub_template, pub_count, priv_template, \
1144 1145 priv_count, pub_key, priv_key, req) : \
1145 1146 CRYPTO_NOT_SUPPORTED)
1146 1147
1147 1148 #define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \
1148 1149 wrapped_key_len, req) ( \
1149 1150 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \
1150 1151 KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \
1151 1152 session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \
1152 1153 req) : \
1153 1154 CRYPTO_NOT_SUPPORTED)
1154 1155
1155 1156 #define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \
1156 1157 wrapped_key_len, template, count, key, req) ( \
1157 1158 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \
1158 1159 KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \
1159 1160 session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \
1160 1161 template, count, key, req) : \
1161 1162 CRYPTO_NOT_SUPPORTED)
1162 1163
1163 1164 #define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \
1164 1165 key, req) ( \
1165 1166 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \
1166 1167 KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \
1167 1168 session, mech, base_key, template, count, key, req) : \
1168 1169 CRYPTO_NOT_SUPPORTED)
1169 1170
1170 1171 #define KCF_PROV_KEY_CHECK(pd, mech, key) ( \
1171 1172 (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \
1172 1173 KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \
1173 1174 CRYPTO_NOT_SUPPORTED)
1174 1175
1175 1176 /*
1176 1177 * Wrappers for crypto_provider_management_ops(9S) entry points.
1177 1178 *
1178 1179 * ops_pd is the provider descriptor that supplies the ops_vector.
1179 1180 * pd is the descriptor that supplies the provider handle.
1180 1181 * Only ext_info needs two handles.
1181 1182 */
1182 1183
1183 1184 #define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \
1184 1185 (KCF_PROV_PROVIDER_OPS(ops_pd) && \
1185 1186 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \
1186 1187 KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \
1187 1188 provext_info, req) : CRYPTO_NOT_SUPPORTED)
1188 1189
1189 1190 #define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \
1190 1191 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \
1191 1192 KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \
1192 1193 pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED)
1193 1194
1194 1195 #define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \
1195 1196 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \
1196 1197 KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \
1197 1198 session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED)
1198 1199
1199 1200 #define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \
1200 1201 req) ( \
1201 1202 (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \
1202 1203 KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \
1203 1204 session, old_pin, old_len, new_pin, new_len, req) : \
1204 1205 CRYPTO_NOT_SUPPORTED)
1205 1206
1206 1207 /*
1207 1208 * Wrappers for crypto_nostore_key_ops(9S) entry points.
1208 1209 */
1209 1210
1210 1211 #define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \
1211 1212 out_template, out_count, req) ( \
1212 1213 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1213 1214 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \
1214 1215 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \
1215 1216 (pd)->pd_prov_handle, session, mech, template, count, \
1216 1217 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
1217 1218
1218 1219 #define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
1219 1220 pub_count, priv_template, priv_count, out_pub_template, \
1220 1221 out_pub_count, out_priv_template, out_priv_count, req) ( \
1221 1222 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1222 1223 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \
1223 1224 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \
1224 1225 (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \
1225 1226 priv_template, priv_count, out_pub_template, out_pub_count, \
1226 1227 out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED)
1227 1228
1228 1229 #define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \
1229 1230 count, out_template, out_count, req) ( \
1230 1231 (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
1231 1232 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \
1232 1233 KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \
1233 1234 (pd)->pd_prov_handle, session, mech, base_key, template, count, \
1234 1235 out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
1235 1236
1236 1237 /*
1237 1238 * The following routines are exported by the kcf module (/kernel/misc/kcf)
1238 1239 * to the crypto and cryptoadmin modules.
1239 1240 */
1240 1241
1241 1242 /* Digest/mac/cipher entry points that take a provider descriptor and session */
1242 1243 extern int crypto_digest_single(crypto_context_t, crypto_data_t *,
1243 1244 crypto_data_t *, crypto_call_req_t *);
1244 1245
1245 1246 extern int crypto_mac_single(crypto_context_t, crypto_data_t *,
1246 1247 crypto_data_t *, crypto_call_req_t *);
1247 1248
1248 1249 extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *,
1249 1250 crypto_data_t *, crypto_call_req_t *);
1250 1251
1251 1252 extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *,
1252 1253 crypto_data_t *, crypto_call_req_t *);
1253 1254
1254 1255
1255 1256 /* Other private digest/mac/cipher entry points not exported through k-API */
1256 1257 extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *,
1257 1258 crypto_call_req_t *);
1258 1259
1259 1260 /* Private sign entry points exported by KCF */
1260 1261 extern int crypto_sign_single(crypto_context_t, crypto_data_t *,
1261 1262 crypto_data_t *, crypto_call_req_t *);
1262 1263
1263 1264 extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *,
1264 1265 crypto_data_t *, crypto_call_req_t *);
1265 1266
1266 1267 /* Private verify entry points exported by KCF */
1267 1268 extern int crypto_verify_single(crypto_context_t, crypto_data_t *,
1268 1269 crypto_data_t *, crypto_call_req_t *);
1269 1270
1270 1271 extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *,
1271 1272 crypto_data_t *, crypto_call_req_t *);
1272 1273
1273 1274 /* Private dual operations entry points exported by KCF */
1274 1275 extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t,
1275 1276 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1276 1277 extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t,
1277 1278 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1278 1279 extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t,
1279 1280 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1280 1281 extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t,
1281 1282 crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
1282 1283
1283 1284 /* Random Number Generation */
1284 1285 int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf,
1285 1286 size_t len, crypto_call_req_t *req);
1286 1287 int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf,
1287 1288 size_t len, crypto_call_req_t *req);
1288 1289
1289 1290 /* Provider Management */
1290 1291 int crypto_get_provider_info(crypto_provider_id_t id,
1291 1292 crypto_provider_info_t **info, crypto_call_req_t *req);
1292 1293 int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id,
1293 1294 uint_t *count, crypto_mech_name_t **list);
1294 1295 int crypto_init_token(crypto_provider_handle_t provider, char *pin,
1295 1296 size_t pin_len, char *label, crypto_call_req_t *);
1296 1297 int crypto_init_pin(crypto_provider_handle_t provider, char *pin,
1297 1298 size_t pin_len, crypto_call_req_t *req);
1298 1299 int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin,
1299 1300 size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req);
1300 1301 void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count);
1301 1302 void crypto_free_provider_info(crypto_provider_info_t *info);
1302 1303
1303 1304 /* Administrative */
1304 1305 int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list);
1305 1306 int crypto_get_soft_list(uint_t *count, char **list, size_t *len);
1306 1307 int crypto_get_dev_info(char *name, uint_t instance, uint_t *count,
1307 1308 crypto_mech_name_t **list);
1308 1309 int crypto_get_soft_info(caddr_t name, uint_t *count,
1309 1310 crypto_mech_name_t **list);
1310 1311 int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count,
1311 1312 crypto_mech_name_t *list);
1312 1313 int crypto_load_soft_disabled(caddr_t name, uint_t count,
1313 1314 crypto_mech_name_t *list);
1314 1315 int crypto_unload_soft_module(caddr_t path);
1315 1316 int crypto_load_soft_config(caddr_t name, uint_t count,
1316 1317 crypto_mech_name_t *list);
1317 1318 int crypto_load_door(uint_t did);
1318 1319 void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count);
1319 1320 void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count);
1320 1321 extern void kcf_activate();
1321 1322
1322 1323 /* Miscellaneous */
1323 1324 int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number);
1324 1325 int crypto_get_function_list(crypto_provider_id_t id,
1325 1326 crypto_function_list_t **list, int kmflag);
1326 1327 void crypto_free_function_list(crypto_function_list_t *list);
1327 1328 int crypto_build_permitted_mech_names(kcf_provider_desc_t *,
1328 1329 crypto_mech_name_t **, uint_t *, int);
1329 1330 extern void kcf_init_mech_tabs(void);
1330 1331 extern int kcf_add_mech_provider(short, kcf_provider_desc_t *,
1331 1332 kcf_prov_mech_desc_t **);
1332 1333 extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *);
1333 1334 extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **);
1334 1335 extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *);
1335 1336 extern void kcf_free_provider_desc(kcf_provider_desc_t *);
1336 1337 extern void kcf_soft_config_init(void);
1337 1338 extern int get_sw_provider_for_mech(crypto_mech_name_t, char **);
1338 1339 extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t);
1339 1340 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
1340 1341 extern void redo_register_provider(kcf_provider_desc_t *);
1341 1342 extern void kcf_rnd_init();
1342 1343 extern boolean_t kcf_rngprov_check(void);
1343 1344 extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t);
1344 1345 extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t);
1345 1346 extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t);
1346 1347 extern void kcf_rnd_chpoll(short, int, short *, struct pollhead **);
1347 1348 extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
1348 1349 void *, void (*update)());
|
↓ open down ↓ |
1316 lines elided |
↑ open up ↑ |
1349 1350 extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
1350 1351 void *, void (*update)());
1351 1352 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
1352 1353 extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *);
1353 1354 extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *,
1354 1355 int kmflag);
1355 1356 extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *,
1356 1357 void (*update)(), void (*final)(), uchar_t);
1357 1358 extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
1358 1359 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1359 - void (*copy_block)(uint8_t *, uint64_t *));
1360 + void (*copy_block)(const uint8_t *, uint64_t *));
1360 1361 extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *,
1361 1362 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1362 - void (*copy_block)(uint8_t *, uint64_t *));
1363 + void (*copy_block)(const uint8_t *, uint64_t *));
1363 1364 extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *,
1364 1365 int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
1365 - void (*copy_block)(uint8_t *, uint64_t *));
1366 + void (*copy_block)(const uint8_t *, uint64_t *));
1366 1367 extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **,
1367 1368 ssize_t *);
1368 1369
1369 1370 /* Access to the provider's table */
1370 1371 extern void kcf_prov_tab_init(void);
1371 1372 extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *);
1372 1373 extern int kcf_prov_tab_rem_provider(crypto_provider_id_t);
1373 1374 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *);
1374 1375 extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t);
1375 1376 extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int,
1376 1377 char *, uint_t, boolean_t);
1377 1378 extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t);
1378 1379 extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **);
1379 1380 extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t);
1380 1381 extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **,
1381 1382 kcf_mech_entry_t **, boolean_t);
1382 1383
1383 1384 extern kmutex_t prov_tab_mutex;
1384 1385 extern boolean_t kcf_need_provtab_walk;
1385 1386 extern int kcf_get_refcnt(kcf_provider_desc_t *, boolean_t);
1386 1387
1387 1388 /* Access to the policy table */
1388 1389 extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t);
1389 1390 extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *,
1390 1391 uint_t, crypto_mech_name_t);
1391 1392 extern void kcf_policy_tab_init(void);
1392 1393 extern void kcf_policy_free_desc(kcf_policy_desc_t *);
1393 1394 extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **);
1394 1395 extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *,
1395 1396 crypto_mech_name_t **);
1396 1397 extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *);
1397 1398 extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t);
1398 1399 extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *,
1399 1400 uint_t *, crypto_mech_name_t **);
1400 1401 extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t,
1401 1402 crypto_mech_name_t *, uint_t *, crypto_mech_name_t **);
1402 1403 extern void remove_soft_config(char *);
1403 1404
1404 1405 #endif /* _KERNEL */
1405 1406
1406 1407 #ifdef __cplusplus
1407 1408 }
1408 1409 #endif
1409 1410
1410 1411 #endif /* _SYS_CRYPTO_IMPL_H */
|
↓ open down ↓ |
35 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX