312 lines
11 KiB
C
312 lines
11 KiB
C
/*
|
|
* CDDL HEADER START
|
|
*
|
|
* The contents of this file are subject to the terms of the
|
|
* Common Development and Distribution License (the "License").
|
|
* You may not use this file except in compliance with the License.
|
|
*
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
* See the License for the specific language governing permissions
|
|
* and limitations under the License.
|
|
*
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
*
|
|
* CDDL HEADER END
|
|
*/
|
|
/*
|
|
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
|
|
* Use is subject to license terms.
|
|
*/
|
|
|
|
#ifndef _SYS_CRYPTO_SPI_H
|
|
#define _SYS_CRYPTO_SPI_H
|
|
|
|
/*
|
|
* CSPI: Cryptographic Service Provider Interface.
|
|
*/
|
|
|
|
#include <sys/zfs_context.h>
|
|
#include <sys/crypto/common.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#ifdef CONSTIFY_PLUGIN
|
|
#define __no_const __attribute__((no_const))
|
|
#else
|
|
#define __no_const
|
|
#endif /* CONSTIFY_PLUGIN */
|
|
|
|
#define CRYPTO_SPI_VERSION_1 1
|
|
#define CRYPTO_SPI_VERSION_2 2
|
|
#define CRYPTO_SPI_VERSION_3 3
|
|
|
|
/*
|
|
* Provider-private handle. This handle is specified by a provider
|
|
* when it registers by means of the pi_provider_handle field of
|
|
* the crypto_provider_info structure, and passed to the provider
|
|
* when its entry points are invoked.
|
|
*/
|
|
typedef void *crypto_provider_handle_t;
|
|
|
|
/*
|
|
* Context templates can be used to by software providers to pre-process
|
|
* keying material, such as key schedules. They are allocated by
|
|
* a software provider create_ctx_template(9E) entry point, and passed
|
|
* as argument to initialization and atomic provider entry points.
|
|
*/
|
|
typedef void *crypto_spi_ctx_template_t;
|
|
|
|
/*
|
|
* Request handles are used by the kernel to identify an asynchronous
|
|
* request being processed by a provider. It is passed by the kernel
|
|
* to a hardware provider when submitting a request, and must be
|
|
* specified by a provider when calling crypto_op_notification(9F)
|
|
*/
|
|
typedef void *crypto_req_handle_t;
|
|
|
|
/* Values for cc_flags field */
|
|
#define CRYPTO_INIT_OPSTATE 0x00000001 /* allocate and init cc_opstate */
|
|
#define CRYPTO_USE_OPSTATE 0x00000002 /* .. start using it as context */
|
|
|
|
/*
|
|
* The context structure is passed from the kernel to a provider.
|
|
* It contains the information needed to process a multi-part or
|
|
* single part operation. The context structure is not used
|
|
* by atomic operations.
|
|
*
|
|
* Parameters needed to perform a cryptographic operation, such
|
|
* as keys, mechanisms, input and output buffers, are passed
|
|
* as separate arguments to Provider routines.
|
|
*/
|
|
typedef struct crypto_ctx {
|
|
crypto_provider_handle_t cc_provider;
|
|
crypto_session_id_t cc_session;
|
|
void *cc_provider_private; /* owned by provider */
|
|
void *cc_framework_private; /* owned by framework */
|
|
uint32_t cc_flags; /* flags */
|
|
void *cc_opstate; /* state */
|
|
} crypto_ctx_t;
|
|
|
|
/*
|
|
* The crypto_digest_ops structure contains pointers to digest
|
|
* operations for cryptographic providers. It is passed through
|
|
* the crypto_ops(9S) structure when providers register with the
|
|
* kernel using crypto_register_provider(9F).
|
|
*/
|
|
typedef struct crypto_digest_ops {
|
|
int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *,
|
|
crypto_req_handle_t);
|
|
int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
|
|
crypto_req_handle_t);
|
|
int (*digest_update)(crypto_ctx_t *, crypto_data_t *,
|
|
crypto_req_handle_t);
|
|
int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t);
|
|
int (*digest_final)(crypto_ctx_t *, crypto_data_t *,
|
|
crypto_req_handle_t);
|
|
int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t,
|
|
crypto_mechanism_t *, crypto_data_t *,
|
|
crypto_data_t *, crypto_req_handle_t);
|
|
} __no_const crypto_digest_ops_t;
|
|
|
|
/*
|
|
* The crypto_cipher_ops structure contains pointers to encryption
|
|
* and decryption operations for cryptographic providers. It is
|
|
* passed through the crypto_ops(9S) structure when providers register
|
|
* with the kernel using crypto_register_provider(9F).
|
|
*/
|
|
typedef struct crypto_cipher_ops {
|
|
int (*encrypt_init)(crypto_ctx_t *,
|
|
crypto_mechanism_t *, crypto_key_t *,
|
|
crypto_spi_ctx_template_t, crypto_req_handle_t);
|
|
int (*encrypt)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
|
|
int (*encrypt_update)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
|
|
int (*encrypt_final)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_req_handle_t);
|
|
int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t,
|
|
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
|
|
crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
|
|
|
|
int (*decrypt_init)(crypto_ctx_t *,
|
|
crypto_mechanism_t *, crypto_key_t *,
|
|
crypto_spi_ctx_template_t, crypto_req_handle_t);
|
|
int (*decrypt)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
|
|
int (*decrypt_update)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
|
|
int (*decrypt_final)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_req_handle_t);
|
|
int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t,
|
|
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
|
|
crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
|
|
} __no_const crypto_cipher_ops_t;
|
|
|
|
/*
|
|
* The crypto_mac_ops structure contains pointers to MAC
|
|
* operations for cryptographic providers. It is passed through
|
|
* the crypto_ops(9S) structure when providers register with the
|
|
* kernel using crypto_register_provider(9F).
|
|
*/
|
|
typedef struct crypto_mac_ops {
|
|
int (*mac_init)(crypto_ctx_t *,
|
|
crypto_mechanism_t *, crypto_key_t *,
|
|
crypto_spi_ctx_template_t, crypto_req_handle_t);
|
|
int (*mac)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
|
|
int (*mac_update)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_req_handle_t);
|
|
int (*mac_final)(crypto_ctx_t *,
|
|
crypto_data_t *, crypto_req_handle_t);
|
|
int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t,
|
|
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
|
|
crypto_data_t *, crypto_spi_ctx_template_t,
|
|
crypto_req_handle_t);
|
|
int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t,
|
|
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
|
|
crypto_data_t *, crypto_spi_ctx_template_t,
|
|
crypto_req_handle_t);
|
|
} __no_const crypto_mac_ops_t;
|
|
|
|
/*
|
|
* The crypto_ctx_ops structure contains points to context and context
|
|
* templates management operations for cryptographic providers. It is
|
|
* passed through the crypto_ops(9S) structure when providers register
|
|
* with the kernel using crypto_register_provider(9F).
|
|
*/
|
|
typedef struct crypto_ctx_ops {
|
|
int (*create_ctx_template)(crypto_provider_handle_t,
|
|
crypto_mechanism_t *, crypto_key_t *,
|
|
crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t);
|
|
int (*free_context)(crypto_ctx_t *);
|
|
} __no_const crypto_ctx_ops_t;
|
|
|
|
/*
|
|
* The crypto_ops(9S) structure contains the structures containing
|
|
* the pointers to functions implemented by cryptographic providers.
|
|
* It is specified as part of the crypto_provider_info(9S)
|
|
* supplied by a provider when it registers with the kernel
|
|
* by calling crypto_register_provider(9F).
|
|
*/
|
|
typedef struct crypto_ops {
|
|
const crypto_digest_ops_t *co_digest_ops;
|
|
const crypto_cipher_ops_t *co_cipher_ops;
|
|
const crypto_mac_ops_t *co_mac_ops;
|
|
const crypto_ctx_ops_t *co_ctx_ops;
|
|
} crypto_ops_t;
|
|
|
|
/*
|
|
* The mechanism info structure crypto_mech_info_t contains a function group
|
|
* bit mask cm_func_group_mask. This field, of type crypto_func_group_t,
|
|
* specifies the provider entry point that can be used a particular
|
|
* mechanism. The function group mask is a combination of the following values.
|
|
*/
|
|
|
|
typedef uint32_t crypto_func_group_t;
|
|
|
|
|
|
#define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */
|
|
#define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */
|
|
#define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */
|
|
#define CRYPTO_FG_MAC 0x00001000 /* mac_init() */
|
|
#define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */
|
|
#define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */
|
|
#define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */
|
|
#define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */
|
|
|
|
/*
|
|
* Maximum length of the pi_provider_description field of the
|
|
* crypto_provider_info structure.
|
|
*/
|
|
#define CRYPTO_PROVIDER_DESCR_MAX_LEN 64
|
|
|
|
|
|
/*
|
|
* The crypto_mech_info structure specifies one of the mechanisms
|
|
* supported by a cryptographic provider. The pi_mechanisms field of
|
|
* the crypto_provider_info structure contains a pointer to an array
|
|
* of crypto_mech_info's.
|
|
*/
|
|
typedef struct crypto_mech_info {
|
|
crypto_mech_name_t cm_mech_name;
|
|
crypto_mech_type_t cm_mech_number;
|
|
crypto_func_group_t cm_func_group_mask;
|
|
ssize_t cm_min_key_length;
|
|
ssize_t cm_max_key_length;
|
|
uint32_t cm_mech_flags;
|
|
} crypto_mech_info_t;
|
|
|
|
|
|
/*
|
|
* The following is used by a provider that sets
|
|
* CRYPTO_HASH_NO_UPDATE. It needs to specify the maximum
|
|
* input data size it can digest in this field.
|
|
*/
|
|
#define cm_max_input_length cm_max_key_length
|
|
|
|
/*
|
|
* crypto_kcf_provider_handle_t is a handle allocated by the kernel.
|
|
* It is returned after the provider registers with
|
|
* crypto_register_provider(), and must be specified by the provider
|
|
* when calling crypto_unregister_provider(), and
|
|
* crypto_provider_notification().
|
|
*/
|
|
typedef uint_t crypto_kcf_provider_handle_t;
|
|
|
|
/*
|
|
* Provider information. Passed as argument to crypto_register_provider(9F).
|
|
* Describes the provider and its capabilities. Multiple providers can
|
|
* register for the same device instance. In this case, the same
|
|
* pi_provider_dev must be specified with a different pi_provider_handle.
|
|
*/
|
|
typedef struct crypto_provider_info {
|
|
const char *pi_provider_description;
|
|
crypto_provider_type_t pi_provider_type;
|
|
crypto_provider_handle_t pi_provider_handle;
|
|
const crypto_ops_t *pi_ops_vector;
|
|
uint_t pi_mech_list_count;
|
|
const crypto_mech_info_t *pi_mechanisms;
|
|
uint_t pi_logical_provider_count;
|
|
crypto_kcf_provider_handle_t *pi_logical_providers;
|
|
uint_t pi_flags;
|
|
} crypto_provider_info_t;
|
|
|
|
/* hidden providers can only be accessed via a logical provider */
|
|
#define CRYPTO_HIDE_PROVIDER 0x00000001
|
|
/*
|
|
* provider can not do multi-part digest (updates) and has a limit
|
|
* on maximum input data that it can digest.
|
|
*/
|
|
#define CRYPTO_HASH_NO_UPDATE 0x00000002
|
|
|
|
/* provider can handle the request without returning a CRYPTO_QUEUED */
|
|
#define CRYPTO_SYNCHRONOUS 0x00000004
|
|
|
|
#define CRYPTO_PIFLAGS_RESERVED2 0x40000000
|
|
#define CRYPTO_PIFLAGS_RESERVED1 0x80000000
|
|
|
|
/*
|
|
* Functions exported by Solaris to cryptographic providers. Providers
|
|
* call these functions to register and unregister, notify the kernel
|
|
* of state changes, and notify the kernel when a asynchronous request
|
|
* completed.
|
|
*/
|
|
extern int crypto_register_provider(const crypto_provider_info_t *,
|
|
crypto_kcf_provider_handle_t *);
|
|
extern int crypto_unregister_provider(crypto_kcf_provider_handle_t);
|
|
extern int crypto_kmflag(crypto_req_handle_t);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _SYS_CRYPTO_SPI_H */
|