/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #ifndef _SYS_CRYPTO_SPI_H #define _SYS_CRYPTO_SPI_H /* * CSPI: Cryptographic Service Provider Interface. */ #include #include #ifdef __cplusplus extern "C" { #endif #ifdef CONSTIFY_PLUGIN #define __no_const __attribute__((no_const)) #else #define __no_const #endif /* CONSTIFY_PLUGIN */ #define CRYPTO_SPI_VERSION_1 1 #define CRYPTO_SPI_VERSION_2 2 #define CRYPTO_SPI_VERSION_3 3 /* * Provider-private handle. This handle is specified by a provider * when it registers by means of the pi_provider_handle field of * the crypto_provider_info structure, and passed to the provider * when its entry points are invoked. */ typedef void *crypto_provider_handle_t; /* * Context templates can be used to by software providers to pre-process * keying material, such as key schedules. They are allocated by * a software provider create_ctx_template(9E) entry point, and passed * as argument to initialization and atomic provider entry points. */ typedef void *crypto_spi_ctx_template_t; /* * Request handles are used by the kernel to identify an asynchronous * request being processed by a provider. It is passed by the kernel * to a hardware provider when submitting a request, and must be * specified by a provider when calling crypto_op_notification(9F) */ typedef void *crypto_req_handle_t; /* Values for cc_flags field */ #define CRYPTO_INIT_OPSTATE 0x00000001 /* allocate and init cc_opstate */ #define CRYPTO_USE_OPSTATE 0x00000002 /* .. start using it as context */ /* * The context structure is passed from the kernel to a provider. * It contains the information needed to process a multi-part or * single part operation. The context structure is not used * by atomic operations. * * Parameters needed to perform a cryptographic operation, such * as keys, mechanisms, input and output buffers, are passed * as separate arguments to Provider routines. */ typedef struct crypto_ctx { crypto_provider_handle_t cc_provider; crypto_session_id_t cc_session; void *cc_provider_private; /* owned by provider */ void *cc_framework_private; /* owned by framework */ uint32_t cc_flags; /* flags */ void *cc_opstate; /* state */ } crypto_ctx_t; /* * The crypto_digest_ops structure contains pointers to digest * operations for cryptographic providers. It is passed through * the crypto_ops(9S) structure when providers register with the * kernel using crypto_register_provider(9F). */ typedef struct crypto_digest_ops { int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *, crypto_req_handle_t); int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); int (*digest_update)(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t); int (*digest_final)(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); } __no_const crypto_digest_ops_t; /* * The crypto_cipher_ops structure contains pointers to encryption * and decryption operations for cryptographic providers. It is * passed through the crypto_ops(9S) structure when providers register * with the kernel using crypto_register_provider(9F). */ typedef struct crypto_cipher_ops { int (*encrypt_init)(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); int (*encrypt)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); int (*encrypt_update)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); int (*encrypt_final)(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); int (*decrypt_init)(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); int (*decrypt)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); int (*decrypt_update)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); int (*decrypt_final)(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); } __no_const crypto_cipher_ops_t; /* * The crypto_mac_ops structure contains pointers to MAC * operations for cryptographic providers. It is passed through * the crypto_ops(9S) structure when providers register with the * kernel using crypto_register_provider(9F). */ typedef struct crypto_mac_ops { int (*mac_init)(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); int (*mac)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); int (*mac_update)(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); int (*mac_final)(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); } __no_const crypto_mac_ops_t; /* * The crypto_ctx_ops structure contains points to context and context * templates management operations for cryptographic providers. It is * passed through the crypto_ops(9S) structure when providers register * with the kernel using crypto_register_provider(9F). */ typedef struct crypto_ctx_ops { int (*create_ctx_template)(crypto_provider_handle_t, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); int (*free_context)(crypto_ctx_t *); } __no_const crypto_ctx_ops_t; /* * The crypto_ops(9S) structure contains the structures containing * the pointers to functions implemented by cryptographic providers. * It is specified as part of the crypto_provider_info(9S) * supplied by a provider when it registers with the kernel * by calling crypto_register_provider(9F). */ typedef struct crypto_ops { const crypto_digest_ops_t *co_digest_ops; const crypto_cipher_ops_t *co_cipher_ops; const crypto_mac_ops_t *co_mac_ops; const crypto_ctx_ops_t *co_ctx_ops; } crypto_ops_t; /* * The mechanism info structure crypto_mech_info_t contains a function group * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, * specifies the provider entry point that can be used a particular * mechanism. The function group mask is a combination of the following values. */ typedef uint32_t crypto_func_group_t; #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ /* * Maximum length of the pi_provider_description field of the * crypto_provider_info structure. */ #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 /* * The crypto_mech_info structure specifies one of the mechanisms * supported by a cryptographic provider. The pi_mechanisms field of * the crypto_provider_info structure contains a pointer to an array * of crypto_mech_info's. */ typedef struct crypto_mech_info { crypto_mech_name_t cm_mech_name; crypto_mech_type_t cm_mech_number; crypto_func_group_t cm_func_group_mask; ssize_t cm_min_key_length; ssize_t cm_max_key_length; uint32_t cm_mech_flags; } crypto_mech_info_t; /* * The following is used by a provider that sets * CRYPTO_HASH_NO_UPDATE. It needs to specify the maximum * input data size it can digest in this field. */ #define cm_max_input_length cm_max_key_length /* * crypto_kcf_provider_handle_t is a handle allocated by the kernel. * It is returned after the provider registers with * crypto_register_provider(), and must be specified by the provider * when calling crypto_unregister_provider(), and * crypto_provider_notification(). */ typedef uint_t crypto_kcf_provider_handle_t; /* * Provider information. Passed as argument to crypto_register_provider(9F). * Describes the provider and its capabilities. Multiple providers can * register for the same device instance. In this case, the same * pi_provider_dev must be specified with a different pi_provider_handle. */ typedef struct crypto_provider_info { char *pi_provider_description; crypto_provider_type_t pi_provider_type; crypto_provider_handle_t pi_provider_handle; const crypto_ops_t *pi_ops_vector; uint_t pi_mech_list_count; const crypto_mech_info_t *pi_mechanisms; uint_t pi_logical_provider_count; crypto_kcf_provider_handle_t *pi_logical_providers; uint_t pi_flags; } crypto_provider_info_t; /* hidden providers can only be accessed via a logical provider */ #define CRYPTO_HIDE_PROVIDER 0x00000001 /* * provider can not do multi-part digest (updates) and has a limit * on maximum input data that it can digest. */ #define CRYPTO_HASH_NO_UPDATE 0x00000002 /* provider can handle the request without returning a CRYPTO_QUEUED */ #define CRYPTO_SYNCHRONOUS 0x00000004 #define CRYPTO_PIFLAGS_RESERVED2 0x40000000 #define CRYPTO_PIFLAGS_RESERVED1 0x80000000 /* * Functions exported by Solaris to cryptographic providers. Providers * call these functions to register and unregister, notify the kernel * of state changes, and notify the kernel when a asynchronous request * completed. */ extern int crypto_register_provider(const crypto_provider_info_t *, crypto_kcf_provider_handle_t *); extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); extern int crypto_kmflag(crypto_req_handle_t); #ifdef __cplusplus } #endif #endif /* _SYS_CRYPTO_SPI_H */