10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 51920Smcpowers * Common Development and Distribution License (the "License"). 61920Smcpowers * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*12304SValerie.Fenwick@Oracle.COM * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 230Sstevel@tonic-gate */ 240Sstevel@tonic-gate 250Sstevel@tonic-gate #ifndef _SYS_CRYPTO_IMPL_H 260Sstevel@tonic-gate #define _SYS_CRYPTO_IMPL_H 270Sstevel@tonic-gate 280Sstevel@tonic-gate /* 290Sstevel@tonic-gate * Kernel Cryptographic Framework private implementation definitions. 300Sstevel@tonic-gate */ 310Sstevel@tonic-gate 320Sstevel@tonic-gate #include <sys/types.h> 330Sstevel@tonic-gate #include <sys/param.h> 340Sstevel@tonic-gate 350Sstevel@tonic-gate #ifdef _KERNEL 360Sstevel@tonic-gate #include <sys/crypto/common.h> 370Sstevel@tonic-gate #include <sys/crypto/api.h> 380Sstevel@tonic-gate #include <sys/crypto/spi.h> 390Sstevel@tonic-gate #include <sys/crypto/ioctl.h> 400Sstevel@tonic-gate #include <sys/tnf_probe.h> 410Sstevel@tonic-gate #include <sys/atomic.h> 420Sstevel@tonic-gate #include <sys/project.h> 430Sstevel@tonic-gate #include <sys/taskq.h> 440Sstevel@tonic-gate #include <sys/rctl.h> 459505SBhargava.Yenduri@Sun.COM #include <sys/cpuvar.h> 460Sstevel@tonic-gate #endif /* _KERNEL */ 470Sstevel@tonic-gate 480Sstevel@tonic-gate #ifdef __cplusplus 490Sstevel@tonic-gate extern "C" { 500Sstevel@tonic-gate #endif 510Sstevel@tonic-gate 520Sstevel@tonic-gate #ifdef _KERNEL 530Sstevel@tonic-gate 540Sstevel@tonic-gate /* 550Sstevel@tonic-gate * Prefixes convention: structures internal to the kernel cryptographic 560Sstevel@tonic-gate * framework start with 'kcf_'. Exposed structure start with 'crypto_'. 570Sstevel@tonic-gate */ 580Sstevel@tonic-gate 590Sstevel@tonic-gate /* Provider stats. Not protected. */ 600Sstevel@tonic-gate typedef struct kcf_prov_stats { 610Sstevel@tonic-gate kstat_named_t ps_ops_total; 620Sstevel@tonic-gate kstat_named_t ps_ops_passed; 630Sstevel@tonic-gate kstat_named_t ps_ops_failed; 640Sstevel@tonic-gate kstat_named_t ps_ops_busy_rval; 650Sstevel@tonic-gate } kcf_prov_stats_t; 660Sstevel@tonic-gate 670Sstevel@tonic-gate /* Various kcf stats. Not protected. */ 680Sstevel@tonic-gate typedef struct kcf_stats { 690Sstevel@tonic-gate kstat_named_t ks_thrs_in_pool; 700Sstevel@tonic-gate kstat_named_t ks_idle_thrs; 710Sstevel@tonic-gate kstat_named_t ks_minthrs; 720Sstevel@tonic-gate kstat_named_t ks_maxthrs; 730Sstevel@tonic-gate kstat_named_t ks_swq_njobs; 740Sstevel@tonic-gate kstat_named_t ks_swq_maxjobs; 754494Skrishna kstat_named_t ks_taskq_threads; 760Sstevel@tonic-gate kstat_named_t ks_taskq_minalloc; 770Sstevel@tonic-gate kstat_named_t ks_taskq_maxalloc; 780Sstevel@tonic-gate } kcf_stats_t; 790Sstevel@tonic-gate 809505SBhargava.Yenduri@Sun.COM #define CPU_SEQID (CPU->cpu_seqid) 810Sstevel@tonic-gate 829505SBhargava.Yenduri@Sun.COM typedef struct kcf_lock_withpad { 839505SBhargava.Yenduri@Sun.COM kmutex_t kl_lock; 849505SBhargava.Yenduri@Sun.COM uint8_t kl_pad[64 - sizeof (kmutex_t)]; 859505SBhargava.Yenduri@Sun.COM } kcf_lock_withpad_t; 860Sstevel@tonic-gate 874494Skrishna /* 889505SBhargava.Yenduri@Sun.COM * Per-CPU structure used by a provider to keep track of 899505SBhargava.Yenduri@Sun.COM * various counters. 909505SBhargava.Yenduri@Sun.COM */ 919505SBhargava.Yenduri@Sun.COM typedef struct kcf_prov_cpu { 929505SBhargava.Yenduri@Sun.COM kmutex_t kp_lock; 939505SBhargava.Yenduri@Sun.COM int kp_holdcnt; /* can go negative! */ 949505SBhargava.Yenduri@Sun.COM uint_t kp_jobcnt; 959505SBhargava.Yenduri@Sun.COM 969505SBhargava.Yenduri@Sun.COM uint64_t kp_ndispatches; 979505SBhargava.Yenduri@Sun.COM uint64_t kp_nfails; 989505SBhargava.Yenduri@Sun.COM uint64_t kp_nbusy_rval; 999505SBhargava.Yenduri@Sun.COM kcondvar_t kp_cv; 1009505SBhargava.Yenduri@Sun.COM 1019505SBhargava.Yenduri@Sun.COM uint8_t kp_pad[64 - sizeof (kmutex_t) - 2 * sizeof (int) - 1029505SBhargava.Yenduri@Sun.COM 3 * sizeof (uint64_t) - sizeof (kcondvar_t)]; 1039505SBhargava.Yenduri@Sun.COM } kcf_prov_cpu_t; 1049505SBhargava.Yenduri@Sun.COM 1059505SBhargava.Yenduri@Sun.COM /* 1069505SBhargava.Yenduri@Sun.COM * kcf_get_refcnt(pd) is the number of inflight requests to the 1079505SBhargava.Yenduri@Sun.COM * provider. So, it is a good measure of the load on a provider when 1089505SBhargava.Yenduri@Sun.COM * it is not in a busy state. Once a provider notifies it is busy, requests 1094494Skrishna * backup in the taskq. So, we use tq_nalloc in that case which gives 1104494Skrishna * the number of task entries in the task queue. Note that we do not 1114494Skrishna * acquire any locks here as it is not critical to get the exact number 1129505SBhargava.Yenduri@Sun.COM * and the lock contention is too costly for this code path. 1134494Skrishna */ 1144494Skrishna #define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \ 1159505SBhargava.Yenduri@Sun.COM kcf_get_refcnt(pd, B_FALSE) : (pd)->pd_taskq->tq_nalloc) 1160Sstevel@tonic-gate 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate /* 1190Sstevel@tonic-gate * The following two macros should be 1200Sstevel@tonic-gate * #define KCF_OPS_CLASSSIZE (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2) 1210Sstevel@tonic-gate * #define KCF_MAXMECHTAB KCF_MAXCIPHER 1220Sstevel@tonic-gate * 1230Sstevel@tonic-gate * However, doing that would involve reorganizing the header file a bit. 1240Sstevel@tonic-gate * When impl.h is broken up (bug# 4703218), this will be done. For now, 1250Sstevel@tonic-gate * we hardcode these values. 1260Sstevel@tonic-gate */ 1270Sstevel@tonic-gate #define KCF_OPS_CLASSSIZE 8 1280Sstevel@tonic-gate #define KCF_MAXMECHTAB 32 1290Sstevel@tonic-gate 1300Sstevel@tonic-gate /* 1310Sstevel@tonic-gate * Valid values for the state of a provider. The order of 1320Sstevel@tonic-gate * the elements is important. 1330Sstevel@tonic-gate * 1340Sstevel@tonic-gate * Routines which get a provider or the list of providers 1350Sstevel@tonic-gate * should pick only those that are either in KCF_PROV_READY state 1360Sstevel@tonic-gate * or in KCF_PROV_BUSY state. 1370Sstevel@tonic-gate */ 1380Sstevel@tonic-gate typedef enum { 1390Sstevel@tonic-gate KCF_PROV_ALLOCATED = 1, 1400Sstevel@tonic-gate KCF_PROV_UNVERIFIED, 14110732SAnthony.Scarpino@Sun.COM KCF_PROV_UNVERIFIED_FIPS140, 1424373Skrishna KCF_PROV_VERIFICATION_FAILED, 1430Sstevel@tonic-gate /* 1440Sstevel@tonic-gate * state < KCF_PROV_READY means the provider can not 1450Sstevel@tonic-gate * be used at all. 1460Sstevel@tonic-gate */ 1470Sstevel@tonic-gate KCF_PROV_READY, 1480Sstevel@tonic-gate KCF_PROV_BUSY, 1490Sstevel@tonic-gate /* 1500Sstevel@tonic-gate * state > KCF_PROV_BUSY means the provider can not 1510Sstevel@tonic-gate * be used for new requests. 1520Sstevel@tonic-gate */ 1530Sstevel@tonic-gate KCF_PROV_FAILED, 1540Sstevel@tonic-gate /* 1550Sstevel@tonic-gate * Threads setting the following two states should do so only 1560Sstevel@tonic-gate * if the current state < KCF_PROV_DISABLED. 1570Sstevel@tonic-gate */ 1580Sstevel@tonic-gate KCF_PROV_DISABLED, 1599505SBhargava.Yenduri@Sun.COM KCF_PROV_UNREGISTERING, 1609505SBhargava.Yenduri@Sun.COM KCF_PROV_UNREGISTERED 1610Sstevel@tonic-gate } kcf_prov_state_t; 1620Sstevel@tonic-gate 1630Sstevel@tonic-gate #define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED) 1640Sstevel@tonic-gate #define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \ 1650Sstevel@tonic-gate (pd)->pd_state == KCF_PROV_BUSY) 1669505SBhargava.Yenduri@Sun.COM #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_UNREGISTERING) 1670Sstevel@tonic-gate 1683708Skrishna /* Internal flags valid for pd_flags field */ 1693708Skrishna #define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */ 1702800Skrishna 1712800Skrishna /* 1720Sstevel@tonic-gate * A provider descriptor structure. There is one such structure per 1730Sstevel@tonic-gate * provider. It is allocated and initialized at registration time and 1740Sstevel@tonic-gate * freed when the provider unregisters. 1750Sstevel@tonic-gate * 1760Sstevel@tonic-gate * pd_prov_type: Provider type, hardware or software 1773708Skrishna * pd_sid: Session ID of the provider used by kernel clients. 1783708Skrishna * This is valid only for session-oriented providers. 1799505SBhargava.Yenduri@Sun.COM * pd_taskq: taskq used to dispatch crypto requests 1809505SBhargava.Yenduri@Sun.COM * pd_nbins: number of bins in pd_percpu_bins 1819505SBhargava.Yenduri@Sun.COM * pd_percpu_bins: Pointer to an array of per-CPU structures 1829505SBhargava.Yenduri@Sun.COM * containing a lock, a cv and various counters. 1833708Skrishna * pd_lock: lock protects pd_state and pd_provider_list 1843708Skrishna * pd_state: State value of the provider 1853708Skrishna * pd_provider_list: Used to cross-reference logical providers and their 1863708Skrishna * members. Not used for software providers. 1873708Skrishna * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY 1880Sstevel@tonic-gate * pd_prov_handle: Provider handle specified by provider 1890Sstevel@tonic-gate * pd_ops_vector: The ops vector specified by Provider 1903708Skrishna * pd_mech_indx: Lookup table which maps a core framework mechanism 1913708Skrishna * number to an index in pd_mechanisms array 1923708Skrishna * pd_mechanisms: Array of mechanisms supported by the provider, specified 1933708Skrishna * by the provider during registration 1940Sstevel@tonic-gate * pd_mech_list_count: The number of entries in pi_mechanisms, specified 1950Sstevel@tonic-gate * by the provider during registration 1960Sstevel@tonic-gate * pd_name: Device name or module name 1970Sstevel@tonic-gate * pd_instance: Device instance 1980Sstevel@tonic-gate * pd_module_id: Module ID returned by modload 1990Sstevel@tonic-gate * pd_mctlp: Pointer to modctl structure for this provider 2003708Skrishna * pd_description: Provider description string 2019505SBhargava.Yenduri@Sun.COM * pd_flags: bitwise OR of pi_flags from crypto_provider_info_t 2024072Skrishna * and other internal flags defined above. 2039505SBhargava.Yenduri@Sun.COM * pd_hash_limit: Maximum data size that hash mechanisms of this provider 2044072Skrishna * can support. 20511304SJanie.Lu@Sun.COM * pd_hmac_limit: Maximum data size that HMAC mechanisms of this provider 20611304SJanie.Lu@Sun.COM * can support. 2073708Skrishna * pd_kcf_prov_handle: KCF-private handle assigned by KCF 2083708Skrishna * pd_prov_id: Identification # assigned by KCF to provider 2093708Skrishna * pd_kstat: kstat associated with the provider 2103708Skrishna * pd_ks_data: kstat data 2110Sstevel@tonic-gate */ 2120Sstevel@tonic-gate typedef struct kcf_provider_desc { 2130Sstevel@tonic-gate crypto_provider_type_t pd_prov_type; 2143708Skrishna crypto_session_id_t pd_sid; 2159505SBhargava.Yenduri@Sun.COM taskq_t *pd_taskq; 2169505SBhargava.Yenduri@Sun.COM uint_t pd_nbins; 2179505SBhargava.Yenduri@Sun.COM kcf_prov_cpu_t *pd_percpu_bins; 2183708Skrishna kmutex_t pd_lock; 2193708Skrishna kcf_prov_state_t pd_state; 2203708Skrishna struct kcf_provider_list *pd_provider_list; 2213708Skrishna kcondvar_t pd_resume_cv; 2223708Skrishna crypto_provider_handle_t pd_prov_handle; 2233708Skrishna crypto_ops_t *pd_ops_vector; 2243708Skrishna ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\ 2253708Skrishna [KCF_MAXMECHTAB]; 2263708Skrishna crypto_mech_info_t *pd_mechanisms; 2273708Skrishna uint_t pd_mech_list_count; 2280Sstevel@tonic-gate char *pd_name; 2290Sstevel@tonic-gate uint_t pd_instance; 2300Sstevel@tonic-gate int pd_module_id; 2310Sstevel@tonic-gate struct modctl *pd_mctlp; 2323708Skrishna char *pd_description; 233904Smcpowers uint_t pd_flags; 2344072Skrishna uint_t pd_hash_limit; 23511304SJanie.Lu@Sun.COM uint_t pd_hmac_limit; 2363708Skrishna crypto_kcf_provider_handle_t pd_kcf_prov_handle; 2373708Skrishna crypto_provider_id_t pd_prov_id; 2383708Skrishna kstat_t *pd_kstat; 2393708Skrishna kcf_prov_stats_t pd_ks_data; 2400Sstevel@tonic-gate } kcf_provider_desc_t; 2410Sstevel@tonic-gate 2420Sstevel@tonic-gate /* useful for making a list of providers */ 2430Sstevel@tonic-gate typedef struct kcf_provider_list { 2440Sstevel@tonic-gate struct kcf_provider_list *pl_next; 2450Sstevel@tonic-gate struct kcf_provider_desc *pl_provider; 2460Sstevel@tonic-gate } kcf_provider_list_t; 2470Sstevel@tonic-gate 2480Sstevel@tonic-gate /* 2490Sstevel@tonic-gate * If a component has a reference to a kcf_provider_desc_t, 2500Sstevel@tonic-gate * it REFHOLD()s. A new provider descriptor which is referenced only 2510Sstevel@tonic-gate * by the providers table has a reference counter of one. 2520Sstevel@tonic-gate */ 2539505SBhargava.Yenduri@Sun.COM #define KCF_PROV_REFHOLD(desc) { \ 2549505SBhargava.Yenduri@Sun.COM kcf_prov_cpu_t *mp; \ 2559505SBhargava.Yenduri@Sun.COM \ 2569505SBhargava.Yenduri@Sun.COM mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \ 2579505SBhargava.Yenduri@Sun.COM mutex_enter(&mp->kp_lock); \ 2589505SBhargava.Yenduri@Sun.COM mp->kp_holdcnt++; \ 2599505SBhargava.Yenduri@Sun.COM mutex_exit(&mp->kp_lock); \ 2600Sstevel@tonic-gate } 2610Sstevel@tonic-gate 2629505SBhargava.Yenduri@Sun.COM #define KCF_PROV_REFRELE(desc) { \ 2639505SBhargava.Yenduri@Sun.COM kcf_prov_cpu_t *mp; \ 2649505SBhargava.Yenduri@Sun.COM \ 2659505SBhargava.Yenduri@Sun.COM mp = &((desc)->pd_percpu_bins[CPU_SEQID]); \ 2669505SBhargava.Yenduri@Sun.COM mutex_enter(&mp->kp_lock); \ 2679505SBhargava.Yenduri@Sun.COM mp->kp_holdcnt--; \ 2689505SBhargava.Yenduri@Sun.COM mutex_exit(&mp->kp_lock); \ 2690Sstevel@tonic-gate } 2700Sstevel@tonic-gate 2719505SBhargava.Yenduri@Sun.COM #define KCF_PROV_REFHELD(desc) (kcf_get_refcnt(desc, B_TRUE) >= 1) 2729505SBhargava.Yenduri@Sun.COM 2739505SBhargava.Yenduri@Sun.COM /* 2749505SBhargava.Yenduri@Sun.COM * The JOB macros are used only for a hardware provider. 2759505SBhargava.Yenduri@Sun.COM * Hardware providers can have holds that stay forever. 2769505SBhargava.Yenduri@Sun.COM * So, the job counter is used to check if it is safe to 2779505SBhargava.Yenduri@Sun.COM * unregister a provider. 2789505SBhargava.Yenduri@Sun.COM */ 2799505SBhargava.Yenduri@Sun.COM #define KCF_PROV_JOB_HOLD(mp) { \ 2809505SBhargava.Yenduri@Sun.COM mutex_enter(&(mp)->kp_lock); \ 2819505SBhargava.Yenduri@Sun.COM (mp)->kp_jobcnt++; \ 2829505SBhargava.Yenduri@Sun.COM mutex_exit(&(mp)->kp_lock); \ 2830Sstevel@tonic-gate } 2840Sstevel@tonic-gate 2859505SBhargava.Yenduri@Sun.COM #define KCF_PROV_JOB_RELE(mp) { \ 2869505SBhargava.Yenduri@Sun.COM mutex_enter(&(mp)->kp_lock); \ 2879505SBhargava.Yenduri@Sun.COM (mp)->kp_jobcnt--; \ 2889505SBhargava.Yenduri@Sun.COM if ((mp)->kp_jobcnt == 0) \ 2899505SBhargava.Yenduri@Sun.COM cv_signal(&(mp)->kp_cv); \ 2909505SBhargava.Yenduri@Sun.COM mutex_exit(&(mp)->kp_lock); \ 2910Sstevel@tonic-gate } 2920Sstevel@tonic-gate 2939505SBhargava.Yenduri@Sun.COM #define KCF_PROV_JOB_RELE_STAT(mp, doincr) { \ 2949505SBhargava.Yenduri@Sun.COM if (doincr) \ 2959505SBhargava.Yenduri@Sun.COM (mp)->kp_nfails++; \ 2969505SBhargava.Yenduri@Sun.COM KCF_PROV_JOB_RELE(mp); \ 2979505SBhargava.Yenduri@Sun.COM } 2989505SBhargava.Yenduri@Sun.COM 2999505SBhargava.Yenduri@Sun.COM #define KCF_PROV_INCRSTATS(pd, error) { \ 3009505SBhargava.Yenduri@Sun.COM kcf_prov_cpu_t *mp; \ 3019505SBhargava.Yenduri@Sun.COM \ 3029505SBhargava.Yenduri@Sun.COM mp = &((pd)->pd_percpu_bins[CPU_SEQID]); \ 3039505SBhargava.Yenduri@Sun.COM mp->kp_ndispatches++; \ 3049505SBhargava.Yenduri@Sun.COM if ((error) == CRYPTO_BUSY) \ 3059505SBhargava.Yenduri@Sun.COM mp->kp_nbusy_rval++; \ 3069505SBhargava.Yenduri@Sun.COM else if ((error) != CRYPTO_SUCCESS && (error) != CRYPTO_QUEUED) \ 3079505SBhargava.Yenduri@Sun.COM mp->kp_nfails++; \ 3089505SBhargava.Yenduri@Sun.COM } 3090Sstevel@tonic-gate 3100Sstevel@tonic-gate /* list of crypto_mech_info_t valid as the second mech in a dual operation */ 3110Sstevel@tonic-gate 3120Sstevel@tonic-gate typedef struct crypto_mech_info_list { 3130Sstevel@tonic-gate struct crypto_mech_info_list *ml_next; 3140Sstevel@tonic-gate crypto_mech_type_t ml_kcf_mechid; /* KCF's id */ 3150Sstevel@tonic-gate crypto_mech_info_t ml_mech_info; 3160Sstevel@tonic-gate } crypto_mech_info_list_t; 3170Sstevel@tonic-gate 3180Sstevel@tonic-gate /* 3190Sstevel@tonic-gate * An element in a mechanism provider descriptors chain. 3200Sstevel@tonic-gate * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs 3210Sstevel@tonic-gate * to. This is a small tradeoff memory vs mutex spinning time to access the 3220Sstevel@tonic-gate * common provider field. 3230Sstevel@tonic-gate */ 3240Sstevel@tonic-gate 3250Sstevel@tonic-gate typedef struct kcf_prov_mech_desc { 3260Sstevel@tonic-gate struct kcf_mech_entry *pm_me; /* Back to the head */ 3270Sstevel@tonic-gate struct kcf_prov_mech_desc *pm_next; /* Next in the chain */ 3280Sstevel@tonic-gate crypto_mech_info_t pm_mech_info; /* Provider mech info */ 3290Sstevel@tonic-gate crypto_mech_info_list_t *pm_mi_list; /* list for duals */ 3300Sstevel@tonic-gate kcf_provider_desc_t *pm_prov_desc; /* Common desc. */ 3310Sstevel@tonic-gate } kcf_prov_mech_desc_t; 3320Sstevel@tonic-gate 3330Sstevel@tonic-gate /* and the notation shortcuts ... */ 3340Sstevel@tonic-gate #define pm_provider_type pm_prov_desc.pd_provider_type 3350Sstevel@tonic-gate #define pm_provider_handle pm_prov_desc.pd_provider_handle 3360Sstevel@tonic-gate #define pm_ops_vector pm_prov_desc.pd_ops_vector 3370Sstevel@tonic-gate 3389505SBhargava.Yenduri@Sun.COM extern kcf_lock_withpad_t *me_mutexes; 3390Sstevel@tonic-gate 340445Skrishna #define KCF_CPU_PAD (128 - sizeof (crypto_mech_name_t) - \ 3412935Skrishna sizeof (crypto_mech_type_t) - \ 3429505SBhargava.Yenduri@Sun.COM 2 * sizeof (kcf_prov_mech_desc_t *) - \ 343445Skrishna sizeof (int) - sizeof (uint32_t) - sizeof (size_t)) 344445Skrishna 3450Sstevel@tonic-gate /* 346445Skrishna * A mechanism entry in an xxx_mech_tab[]. KCF_CPU_PAD needs 347445Skrishna * to be adjusted if this structure is changed. 3480Sstevel@tonic-gate */ 3490Sstevel@tonic-gate typedef struct kcf_mech_entry { 3500Sstevel@tonic-gate crypto_mech_name_t me_name; /* mechanism name */ 3512935Skrishna crypto_mech_type_t me_mechid; /* Internal id for mechanism */ 3520Sstevel@tonic-gate kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */ 3530Sstevel@tonic-gate kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */ 3540Sstevel@tonic-gate /* 3550Sstevel@tonic-gate * Number of HW providers in the chain. There is only one 3560Sstevel@tonic-gate * SW provider. So, we need only a count of HW providers. 3570Sstevel@tonic-gate */ 3580Sstevel@tonic-gate int me_num_hwprov; 3590Sstevel@tonic-gate /* 3600Sstevel@tonic-gate * When a SW provider is present, this is the generation number that 3610Sstevel@tonic-gate * ensures no objects from old SW providers are used in the new one 3620Sstevel@tonic-gate */ 3630Sstevel@tonic-gate uint32_t me_gen_swprov; 3640Sstevel@tonic-gate /* 3650Sstevel@tonic-gate * threshold for using hardware providers for this mech 3660Sstevel@tonic-gate */ 3670Sstevel@tonic-gate size_t me_threshold; 368445Skrishna uint8_t me_pad[KCF_CPU_PAD]; 3690Sstevel@tonic-gate } kcf_mech_entry_t; 3700Sstevel@tonic-gate 3710Sstevel@tonic-gate /* 3720Sstevel@tonic-gate * A policy descriptor structure. It is allocated and initialized 3730Sstevel@tonic-gate * when administrative ioctls load disabled mechanisms. 3740Sstevel@tonic-gate * 3750Sstevel@tonic-gate * pd_prov_type: Provider type, hardware or software 3760Sstevel@tonic-gate * pd_name: Device name or module name. 3770Sstevel@tonic-gate * pd_instance: Device instance. 3780Sstevel@tonic-gate * pd_refcnt: Reference counter for this policy descriptor 3790Sstevel@tonic-gate * pd_mutex: Protects array and count of disabled mechanisms. 3800Sstevel@tonic-gate * pd_disabled_count: Count of disabled mechanisms. 3810Sstevel@tonic-gate * pd_disabled_mechs: Array of disabled mechanisms. 3820Sstevel@tonic-gate */ 3830Sstevel@tonic-gate typedef struct kcf_policy_desc { 3840Sstevel@tonic-gate crypto_provider_type_t pd_prov_type; 3850Sstevel@tonic-gate char *pd_name; 3860Sstevel@tonic-gate uint_t pd_instance; 3870Sstevel@tonic-gate uint_t pd_refcnt; 3880Sstevel@tonic-gate kmutex_t pd_mutex; 3890Sstevel@tonic-gate uint_t pd_disabled_count; 3900Sstevel@tonic-gate crypto_mech_name_t *pd_disabled_mechs; 3910Sstevel@tonic-gate } kcf_policy_desc_t; 3920Sstevel@tonic-gate 3930Sstevel@tonic-gate /* 3940Sstevel@tonic-gate * If a component has a reference to a kcf_policy_desc_t, 3950Sstevel@tonic-gate * it REFHOLD()s. A new policy descriptor which is referenced only 3960Sstevel@tonic-gate * by the policy table has a reference count of one. 3970Sstevel@tonic-gate */ 3980Sstevel@tonic-gate #define KCF_POLICY_REFHOLD(desc) { \ 3990Sstevel@tonic-gate atomic_add_32(&(desc)->pd_refcnt, 1); \ 4000Sstevel@tonic-gate ASSERT((desc)->pd_refcnt != 0); \ 4010Sstevel@tonic-gate } 4020Sstevel@tonic-gate 4030Sstevel@tonic-gate /* 4040Sstevel@tonic-gate * Releases a reference to a policy descriptor. When the last 4050Sstevel@tonic-gate * reference is released, the descriptor is freed. 4060Sstevel@tonic-gate */ 4070Sstevel@tonic-gate #define KCF_POLICY_REFRELE(desc) { \ 4080Sstevel@tonic-gate ASSERT((desc)->pd_refcnt != 0); \ 4090Sstevel@tonic-gate membar_exit(); \ 4100Sstevel@tonic-gate if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) \ 4110Sstevel@tonic-gate kcf_policy_free_desc(desc); \ 4120Sstevel@tonic-gate } 4130Sstevel@tonic-gate 4140Sstevel@tonic-gate /* 4150Sstevel@tonic-gate * This entry stores the name of a software module and its 4160Sstevel@tonic-gate * mechanisms. The mechanisms are 'hints' that are used to 4170Sstevel@tonic-gate * trigger loading of the module. 4180Sstevel@tonic-gate */ 4190Sstevel@tonic-gate typedef struct kcf_soft_conf_entry { 4200Sstevel@tonic-gate struct kcf_soft_conf_entry *ce_next; 4210Sstevel@tonic-gate char *ce_name; 4220Sstevel@tonic-gate crypto_mech_name_t *ce_mechs; 4230Sstevel@tonic-gate uint_t ce_count; 4240Sstevel@tonic-gate } kcf_soft_conf_entry_t; 4250Sstevel@tonic-gate 4260Sstevel@tonic-gate extern kmutex_t soft_config_mutex; 4270Sstevel@tonic-gate extern kcf_soft_conf_entry_t *soft_config_list; 4280Sstevel@tonic-gate 4290Sstevel@tonic-gate /* 4300Sstevel@tonic-gate * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms, 4310Sstevel@tonic-gate * with a margin of few extra empty entry points 4320Sstevel@tonic-gate */ 4330Sstevel@tonic-gate 4340Sstevel@tonic-gate #define KCF_MAXDIGEST 16 /* Digests */ 4350Sstevel@tonic-gate #define KCF_MAXCIPHER 64 /* Ciphers */ 4360Sstevel@tonic-gate #define KCF_MAXMAC 40 /* Message authentication codes */ 4370Sstevel@tonic-gate #define KCF_MAXSIGN 24 /* Sign/Verify */ 4380Sstevel@tonic-gate #define KCF_MAXKEYOPS 116 /* Key generation and derivation */ 4390Sstevel@tonic-gate #define KCF_MAXMISC 16 /* Others ... */ 4400Sstevel@tonic-gate 4410Sstevel@tonic-gate #define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \ 4420Sstevel@tonic-gate KCF_MAXSIGN + KCF_MAXKEYOPS + \ 4430Sstevel@tonic-gate KCF_MAXMISC 4440Sstevel@tonic-gate 4450Sstevel@tonic-gate extern kcf_mech_entry_t kcf_digest_mechs_tab[]; 4460Sstevel@tonic-gate extern kcf_mech_entry_t kcf_cipher_mechs_tab[]; 4470Sstevel@tonic-gate extern kcf_mech_entry_t kcf_mac_mechs_tab[]; 4480Sstevel@tonic-gate extern kcf_mech_entry_t kcf_sign_mechs_tab[]; 4490Sstevel@tonic-gate extern kcf_mech_entry_t kcf_keyops_mechs_tab[]; 4500Sstevel@tonic-gate extern kcf_mech_entry_t kcf_misc_mechs_tab[]; 4510Sstevel@tonic-gate 4520Sstevel@tonic-gate extern kmutex_t kcf_mech_tabs_lock; 4530Sstevel@tonic-gate 4540Sstevel@tonic-gate typedef enum { 4550Sstevel@tonic-gate KCF_DIGEST_CLASS = 1, 4560Sstevel@tonic-gate KCF_CIPHER_CLASS, 4570Sstevel@tonic-gate KCF_MAC_CLASS, 4580Sstevel@tonic-gate KCF_SIGN_CLASS, 4590Sstevel@tonic-gate KCF_KEYOPS_CLASS, 4600Sstevel@tonic-gate KCF_MISC_CLASS 4610Sstevel@tonic-gate } kcf_ops_class_t; 4620Sstevel@tonic-gate 4630Sstevel@tonic-gate #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS 4640Sstevel@tonic-gate #define KCF_LAST_OPSCLASS KCF_MISC_CLASS 4650Sstevel@tonic-gate 4660Sstevel@tonic-gate /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */ 4670Sstevel@tonic-gate 4680Sstevel@tonic-gate typedef struct kcf_mech_entry_tab { 4690Sstevel@tonic-gate int met_size; /* Size of the met_tab[] */ 4700Sstevel@tonic-gate kcf_mech_entry_t *met_tab; /* the table */ 4710Sstevel@tonic-gate } kcf_mech_entry_tab_t; 4720Sstevel@tonic-gate 4730Sstevel@tonic-gate extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; 4740Sstevel@tonic-gate 4750Sstevel@tonic-gate #define KCF_MECHID(class, index) \ 4760Sstevel@tonic-gate (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index)) 4770Sstevel@tonic-gate 4780Sstevel@tonic-gate #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32)) 4790Sstevel@tonic-gate 4800Sstevel@tonic-gate #define KCF_MECH2INDEX(mech_type) ((int)(mech_type)) 4810Sstevel@tonic-gate 4823708Skrishna #define KCF_TO_PROV_MECH_INDX(pd, mech_type) \ 4833708Skrishna ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \ 4843708Skrishna [KCF_MECH2INDEX(mech_type)]) 4853708Skrishna 4863708Skrishna #define KCF_TO_PROV_MECHINFO(pd, mech_type) \ 4873708Skrishna ((pd)->pd_mechanisms[KCF_TO_PROV_MECH_INDX(pd, mech_type)]) 4883708Skrishna 4893708Skrishna #define KCF_TO_PROV_MECHNUM(pd, mech_type) \ 4903708Skrishna (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number) 4913708Skrishna 4923708Skrishna #define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \ 4933708Skrishna ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \ 4943708Skrishna CRYPTO_CAN_SHARE_OPSTATE) 4953708Skrishna 4960Sstevel@tonic-gate /* ps_refcnt is protected by cm_lock in the crypto_minor structure */ 4970Sstevel@tonic-gate typedef struct crypto_provider_session { 4980Sstevel@tonic-gate struct crypto_provider_session *ps_next; 4990Sstevel@tonic-gate crypto_session_id_t ps_session; 5000Sstevel@tonic-gate kcf_provider_desc_t *ps_provider; 5010Sstevel@tonic-gate kcf_provider_desc_t *ps_real_provider; 5020Sstevel@tonic-gate uint_t ps_refcnt; 5030Sstevel@tonic-gate } crypto_provider_session_t; 5040Sstevel@tonic-gate 5050Sstevel@tonic-gate typedef struct crypto_session_data { 5060Sstevel@tonic-gate kmutex_t sd_lock; 5070Sstevel@tonic-gate kcondvar_t sd_cv; 5080Sstevel@tonic-gate uint32_t sd_flags; 5096424Skrishna int sd_pre_approved_amount; 5100Sstevel@tonic-gate crypto_ctx_t *sd_digest_ctx; 5110Sstevel@tonic-gate crypto_ctx_t *sd_encr_ctx; 5120Sstevel@tonic-gate crypto_ctx_t *sd_decr_ctx; 5130Sstevel@tonic-gate crypto_ctx_t *sd_sign_ctx; 5140Sstevel@tonic-gate crypto_ctx_t *sd_verify_ctx; 5150Sstevel@tonic-gate crypto_ctx_t *sd_sign_recover_ctx; 5160Sstevel@tonic-gate crypto_ctx_t *sd_verify_recover_ctx; 5170Sstevel@tonic-gate kcf_provider_desc_t *sd_provider; 5180Sstevel@tonic-gate void *sd_find_init_cookie; 5190Sstevel@tonic-gate crypto_provider_session_t *sd_provider_session; 5200Sstevel@tonic-gate } crypto_session_data_t; 5210Sstevel@tonic-gate 5220Sstevel@tonic-gate #define CRYPTO_SESSION_IN_USE 0x00000001 5230Sstevel@tonic-gate #define CRYPTO_SESSION_IS_BUSY 0x00000002 5240Sstevel@tonic-gate #define CRYPTO_SESSION_IS_CLOSED 0x00000004 5250Sstevel@tonic-gate 5260Sstevel@tonic-gate #define KCF_MAX_PIN_LEN 1024 5270Sstevel@tonic-gate 52810732SAnthony.Scarpino@Sun.COM /* Global FIPS 140 mode variable */ 52910732SAnthony.Scarpino@Sun.COM extern uint32_t global_fips140_mode; 53010732SAnthony.Scarpino@Sun.COM /* Global FIPS 140 mode lock */ 53110732SAnthony.Scarpino@Sun.COM extern kmutex_t fips140_mode_lock; 53210732SAnthony.Scarpino@Sun.COM /* Conditional variable for kcf to wait until kcfd tells the FIPS mode status */ 53310732SAnthony.Scarpino@Sun.COM extern kcondvar_t cv_fips140; 53410732SAnthony.Scarpino@Sun.COM 5350Sstevel@tonic-gate /* 5360Sstevel@tonic-gate * Per-minor info. 5370Sstevel@tonic-gate * 5380Sstevel@tonic-gate * cm_lock protects everything in this structure except for cm_refcnt. 5390Sstevel@tonic-gate */ 5400Sstevel@tonic-gate typedef struct crypto_minor { 5410Sstevel@tonic-gate uint_t cm_refcnt; 5420Sstevel@tonic-gate kmutex_t cm_lock; 5430Sstevel@tonic-gate kcondvar_t cm_cv; 5440Sstevel@tonic-gate crypto_session_data_t **cm_session_table; 5450Sstevel@tonic-gate uint_t cm_session_table_count; 5460Sstevel@tonic-gate kcf_provider_desc_t **cm_provider_array; 5470Sstevel@tonic-gate uint_t cm_provider_count; 5480Sstevel@tonic-gate crypto_provider_session_t *cm_provider_session; 5490Sstevel@tonic-gate } crypto_minor_t; 5500Sstevel@tonic-gate 5510Sstevel@tonic-gate /* resource control framework handle used by /dev/crypto */ 5520Sstevel@tonic-gate extern rctl_hndl_t rc_project_crypto_mem; 5530Sstevel@tonic-gate /* 5540Sstevel@tonic-gate * Return codes for internal functions 5550Sstevel@tonic-gate */ 5560Sstevel@tonic-gate #define KCF_SUCCESS 0x0 /* Successful call */ 5570Sstevel@tonic-gate #define KCF_INVALID_MECH_NUMBER 0x1 /* invalid mechanism number */ 5580Sstevel@tonic-gate #define KCF_INVALID_MECH_NAME 0x2 /* invalid mechanism name */ 5590Sstevel@tonic-gate #define KCF_INVALID_MECH_CLASS 0x3 /* invalid mechanism class */ 5600Sstevel@tonic-gate #define KCF_MECH_TAB_FULL 0x4 /* Need more room in the mech tabs. */ 5613708Skrishna #define KCF_INVALID_INDX ((ushort_t)-1) 5620Sstevel@tonic-gate 5630Sstevel@tonic-gate /* 5640Sstevel@tonic-gate * kCF internal mechanism and function group for tracking RNG providers. 5650Sstevel@tonic-gate */ 5660Sstevel@tonic-gate #define SUN_RANDOM "random" 5670Sstevel@tonic-gate #define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */ 5680Sstevel@tonic-gate 5690Sstevel@tonic-gate /* 5700Sstevel@tonic-gate * Wrappers for ops vectors. In the wrapper definitions below, the pd 5710Sstevel@tonic-gate * argument always corresponds to a pointer to a provider descriptor 5720Sstevel@tonic-gate * of type kcf_prov_desc_t. 5730Sstevel@tonic-gate */ 5740Sstevel@tonic-gate 575904Smcpowers #define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops) 576904Smcpowers #define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops) 577904Smcpowers #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops) 578904Smcpowers #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops) 579904Smcpowers #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops) 580904Smcpowers #define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops) 581904Smcpowers #define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops) 582904Smcpowers #define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops) 5830Sstevel@tonic-gate #define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \ 584904Smcpowers ((pd)->pd_ops_vector->co_dual_cipher_mac_ops) 585904Smcpowers #define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops) 586904Smcpowers #define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops) 587904Smcpowers #define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops) 588904Smcpowers #define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops) 589904Smcpowers #define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) 590904Smcpowers #define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops) 5914219Smcpowers #define KCF_PROV_NOSTORE_KEY_OPS(pd) \ 5924219Smcpowers ((pd)->pd_ops_vector->co_nostore_key_ops) 59310732SAnthony.Scarpino@Sun.COM #define KCF_PROV_FIPS140_OPS(pd) ((pd)->pd_ops_vector->co_fips140_ops) 59411304SJanie.Lu@Sun.COM #define KCF_PROV_PROVMGMT_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) 5950Sstevel@tonic-gate 5960Sstevel@tonic-gate /* 5970Sstevel@tonic-gate * Wrappers for crypto_control_ops(9S) entry points. 5980Sstevel@tonic-gate */ 5990Sstevel@tonic-gate 6000Sstevel@tonic-gate #define KCF_PROV_STATUS(pd, status) ( \ 6010Sstevel@tonic-gate (KCF_PROV_CONTROL_OPS(pd) && \ 6020Sstevel@tonic-gate KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \ 6030Sstevel@tonic-gate KCF_PROV_CONTROL_OPS(pd)->provider_status( \ 6040Sstevel@tonic-gate (pd)->pd_prov_handle, status) : \ 6050Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6060Sstevel@tonic-gate 6070Sstevel@tonic-gate /* 6080Sstevel@tonic-gate * Wrappers for crypto_ctx_ops(9S) entry points. 6090Sstevel@tonic-gate */ 6100Sstevel@tonic-gate 6110Sstevel@tonic-gate #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \ 6120Sstevel@tonic-gate (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ 6130Sstevel@tonic-gate KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ 6140Sstevel@tonic-gate (pd)->pd_prov_handle, mech, key, template, size, req) : \ 6150Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6160Sstevel@tonic-gate 6170Sstevel@tonic-gate #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ 6180Sstevel@tonic-gate (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \ 6190Sstevel@tonic-gate KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED) 6200Sstevel@tonic-gate 621904Smcpowers #define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \ 622904Smcpowers (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \ 623904Smcpowers KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \ 624904Smcpowers (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \ 625904Smcpowers CRYPTO_NOT_SUPPORTED) 626904Smcpowers 627904Smcpowers #define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \ 628904Smcpowers (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \ 629904Smcpowers KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \ 630904Smcpowers (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \ 631904Smcpowers CRYPTO_NOT_SUPPORTED) 632904Smcpowers 633904Smcpowers #define KCF_PROV_FREE_MECH(pd, prov_mech) ( \ 634904Smcpowers (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \ 635904Smcpowers KCF_PROV_MECH_OPS(pd)->free_mechanism( \ 636904Smcpowers (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED) 637904Smcpowers 6380Sstevel@tonic-gate /* 6390Sstevel@tonic-gate * Wrappers for crypto_digest_ops(9S) entry points. 6400Sstevel@tonic-gate */ 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate #define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \ 6430Sstevel@tonic-gate (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \ 6440Sstevel@tonic-gate KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \ 6450Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6460Sstevel@tonic-gate 6470Sstevel@tonic-gate /* 6480Sstevel@tonic-gate * The _ (underscore) in _digest is needed to avoid replacing the 6490Sstevel@tonic-gate * function digest(). 6500Sstevel@tonic-gate */ 6510Sstevel@tonic-gate #define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \ 6520Sstevel@tonic-gate (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \ 6530Sstevel@tonic-gate KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \ 6540Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6550Sstevel@tonic-gate 6560Sstevel@tonic-gate #define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \ 6570Sstevel@tonic-gate (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \ 6580Sstevel@tonic-gate KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \ 6590Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6600Sstevel@tonic-gate 6610Sstevel@tonic-gate #define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \ 6620Sstevel@tonic-gate (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \ 6630Sstevel@tonic-gate KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \ 6640Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6650Sstevel@tonic-gate 6660Sstevel@tonic-gate #define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \ 6670Sstevel@tonic-gate (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \ 6680Sstevel@tonic-gate KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \ 6690Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6700Sstevel@tonic-gate 6710Sstevel@tonic-gate #define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \ 6720Sstevel@tonic-gate (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \ 6730Sstevel@tonic-gate KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \ 6740Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, data, digest, req) : \ 6750Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6760Sstevel@tonic-gate 6770Sstevel@tonic-gate /* 6780Sstevel@tonic-gate * Wrappers for crypto_cipher_ops(9S) entry points. 6790Sstevel@tonic-gate */ 6800Sstevel@tonic-gate 6810Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 6820Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \ 6830Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \ 6840Sstevel@tonic-gate req) : \ 6850Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6860Sstevel@tonic-gate 6870Sstevel@tonic-gate #define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \ 6880Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \ 6890Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \ 6900Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6910Sstevel@tonic-gate 6920Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 6930Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \ 6940Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \ 6950Sstevel@tonic-gate ciphertext, req) : \ 6960Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 6970Sstevel@tonic-gate 6980Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \ 6990Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \ 7000Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \ 7010Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7020Sstevel@tonic-gate 7030Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \ 7040Sstevel@tonic-gate template, req) ( \ 7050Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \ 7060Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \ 7070Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \ 7080Sstevel@tonic-gate template, req) : \ 7090Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7100Sstevel@tonic-gate 7110Sstevel@tonic-gate #define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \ 7120Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \ 7130Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \ 7140Sstevel@tonic-gate req) : \ 7150Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7160Sstevel@tonic-gate 7170Sstevel@tonic-gate #define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \ 7180Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \ 7190Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \ 7200Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7210Sstevel@tonic-gate 7220Sstevel@tonic-gate #define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 7230Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \ 7240Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \ 7250Sstevel@tonic-gate plaintext, req) : \ 7260Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7270Sstevel@tonic-gate 7280Sstevel@tonic-gate #define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \ 7290Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \ 7300Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \ 7310Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7320Sstevel@tonic-gate 7330Sstevel@tonic-gate #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \ 7340Sstevel@tonic-gate template, req) ( \ 7350Sstevel@tonic-gate (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \ 7360Sstevel@tonic-gate KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \ 7370Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \ 7380Sstevel@tonic-gate template, req) : \ 7390Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7400Sstevel@tonic-gate 7410Sstevel@tonic-gate /* 7420Sstevel@tonic-gate * Wrappers for crypto_mac_ops(9S) entry points. 7430Sstevel@tonic-gate */ 7440Sstevel@tonic-gate 7450Sstevel@tonic-gate #define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \ 7460Sstevel@tonic-gate (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \ 7470Sstevel@tonic-gate KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \ 7480Sstevel@tonic-gate : CRYPTO_NOT_SUPPORTED) 7490Sstevel@tonic-gate 7500Sstevel@tonic-gate /* 7510Sstevel@tonic-gate * The _ (underscore) in _mac is needed to avoid replacing the 7520Sstevel@tonic-gate * function mac(). 7530Sstevel@tonic-gate */ 7540Sstevel@tonic-gate #define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \ 7550Sstevel@tonic-gate (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \ 7560Sstevel@tonic-gate KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \ 7570Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7580Sstevel@tonic-gate 7590Sstevel@tonic-gate #define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \ 7600Sstevel@tonic-gate (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \ 7610Sstevel@tonic-gate KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \ 7620Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7630Sstevel@tonic-gate 7640Sstevel@tonic-gate #define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \ 7650Sstevel@tonic-gate (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \ 7660Sstevel@tonic-gate KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \ 7670Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7680Sstevel@tonic-gate 7690Sstevel@tonic-gate #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \ 7700Sstevel@tonic-gate req) ( \ 7710Sstevel@tonic-gate (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \ 7720Sstevel@tonic-gate KCF_PROV_MAC_OPS(pd)->mac_atomic( \ 7730Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 7740Sstevel@tonic-gate req) : \ 7750Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7760Sstevel@tonic-gate 7770Sstevel@tonic-gate #define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \ 7780Sstevel@tonic-gate template, req) ( \ 7790Sstevel@tonic-gate (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \ 7800Sstevel@tonic-gate KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \ 7810Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ 7820Sstevel@tonic-gate req) : \ 7830Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7840Sstevel@tonic-gate 7850Sstevel@tonic-gate /* 7860Sstevel@tonic-gate * Wrappers for crypto_sign_ops(9S) entry points. 7870Sstevel@tonic-gate */ 7880Sstevel@tonic-gate 7890Sstevel@tonic-gate #define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \ 7900Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \ 7910Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_init( \ 7920Sstevel@tonic-gate ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED) 7930Sstevel@tonic-gate 7940Sstevel@tonic-gate #define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \ 7950Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \ 7960Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \ 7970Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 7980Sstevel@tonic-gate 7990Sstevel@tonic-gate #define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \ 8000Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \ 8010Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \ 8020Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8030Sstevel@tonic-gate 8040Sstevel@tonic-gate #define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \ 8050Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \ 8060Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \ 8070Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8080Sstevel@tonic-gate 8090Sstevel@tonic-gate #define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \ 8100Sstevel@tonic-gate sig, req) ( \ 8110Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \ 8120Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_atomic( \ 8130Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 8140Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 8150Sstevel@tonic-gate 8160Sstevel@tonic-gate #define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \ 8170Sstevel@tonic-gate req) ( \ 8180Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \ 8190Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \ 8200Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 8210Sstevel@tonic-gate 8220Sstevel@tonic-gate #define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \ 8230Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \ 8240Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \ 8250Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8260Sstevel@tonic-gate 8270Sstevel@tonic-gate #define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \ 8280Sstevel@tonic-gate sig, req) ( \ 8290Sstevel@tonic-gate (KCF_PROV_SIGN_OPS(pd) && \ 8300Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \ 8310Sstevel@tonic-gate KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \ 8320Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 8330Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 8340Sstevel@tonic-gate 8350Sstevel@tonic-gate /* 8360Sstevel@tonic-gate * Wrappers for crypto_verify_ops(9S) entry points. 8370Sstevel@tonic-gate */ 8380Sstevel@tonic-gate 8390Sstevel@tonic-gate #define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \ 8400Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \ 8410Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \ 8420Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 8430Sstevel@tonic-gate 8440Sstevel@tonic-gate #define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \ 8450Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify) ? \ 8460Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify(ctx, data, sig, req) : \ 8470Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8480Sstevel@tonic-gate 8490Sstevel@tonic-gate #define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \ 8500Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \ 8510Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \ 8520Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8530Sstevel@tonic-gate 8540Sstevel@tonic-gate #define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \ 8550Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \ 8560Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \ 8570Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8580Sstevel@tonic-gate 8590Sstevel@tonic-gate #define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \ 8600Sstevel@tonic-gate req) ( \ 8610Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \ 8620Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \ 8630Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ 8640Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 8650Sstevel@tonic-gate 8660Sstevel@tonic-gate #define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \ 8670Sstevel@tonic-gate req) ( \ 8680Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && \ 8690Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \ 8700Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \ 8710Sstevel@tonic-gate template, req) : CRYPTO_NOT_SUPPORTED) 8720Sstevel@tonic-gate 8730Sstevel@tonic-gate /* verify_recover() CSPI routine has different argument order than verify() */ 8740Sstevel@tonic-gate #define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \ 8750Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \ 8760Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \ 8770Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 8780Sstevel@tonic-gate 8790Sstevel@tonic-gate /* 8800Sstevel@tonic-gate * verify_recover_atomic() CSPI routine has different argument order 8810Sstevel@tonic-gate * than verify_atomic(). 8820Sstevel@tonic-gate */ 8830Sstevel@tonic-gate #define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \ 8840Sstevel@tonic-gate template, data, req) ( \ 8850Sstevel@tonic-gate (KCF_PROV_VERIFY_OPS(pd) && \ 8860Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \ 8870Sstevel@tonic-gate KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \ 8880Sstevel@tonic-gate (pd)->pd_prov_handle, session, mech, key, sig, data, template, \ 8890Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 8900Sstevel@tonic-gate 8910Sstevel@tonic-gate /* 8920Sstevel@tonic-gate * Wrappers for crypto_dual_ops(9S) entry points. 8930Sstevel@tonic-gate */ 8940Sstevel@tonic-gate 8950Sstevel@tonic-gate #define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \ 8960Sstevel@tonic-gate ciphertext, req) ( \ 8970Sstevel@tonic-gate (KCF_PROV_DUAL_OPS(pd) && \ 8980Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \ 8990Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \ 9000Sstevel@tonic-gate digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 9010Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9020Sstevel@tonic-gate 9030Sstevel@tonic-gate #define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \ 9040Sstevel@tonic-gate plaintext, req) ( \ 9050Sstevel@tonic-gate (KCF_PROV_DUAL_OPS(pd) && \ 9060Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \ 9070Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \ 9080Sstevel@tonic-gate decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \ 9090Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9100Sstevel@tonic-gate 9110Sstevel@tonic-gate #define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \ 9120Sstevel@tonic-gate ciphertext, req) ( \ 9130Sstevel@tonic-gate (KCF_PROV_DUAL_OPS(pd) && \ 9140Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \ 9150Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \ 9160Sstevel@tonic-gate sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ 9170Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9180Sstevel@tonic-gate 9190Sstevel@tonic-gate #define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \ 9200Sstevel@tonic-gate plaintext, req) ( \ 9210Sstevel@tonic-gate (KCF_PROV_DUAL_OPS(pd) && \ 9220Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \ 9230Sstevel@tonic-gate KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \ 9240Sstevel@tonic-gate decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \ 9250Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9260Sstevel@tonic-gate 9270Sstevel@tonic-gate /* 9280Sstevel@tonic-gate * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points. 9290Sstevel@tonic-gate */ 9300Sstevel@tonic-gate 9310Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \ 9320Sstevel@tonic-gate mac_key, encr_ctx_template, mac_ctx_template, req) ( \ 9330Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9340Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \ 9350Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \ 9360Sstevel@tonic-gate ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \ 9370Sstevel@tonic-gate mac_ctx_template, req) : \ 9380Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9390Sstevel@tonic-gate 9400Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \ 9410Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9420Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \ 9430Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \ 9440Sstevel@tonic-gate ctx, plaintext, ciphertext, mac, req) : \ 9450Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9460Sstevel@tonic-gate 9470Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ 9480Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9490Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \ 9500Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \ 9510Sstevel@tonic-gate ctx, plaintext, ciphertext, req) : \ 9520Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9530Sstevel@tonic-gate 9540Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \ 9550Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9560Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \ 9570Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \ 9580Sstevel@tonic-gate ctx, ciphertext, mac, req) : \ 9590Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9600Sstevel@tonic-gate 9610Sstevel@tonic-gate #define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \ 9620Sstevel@tonic-gate mac_mech, mac_key, plaintext, ciphertext, mac, \ 9630Sstevel@tonic-gate encr_ctx_template, mac_ctx_template, req) ( \ 9640Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9650Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \ 9660Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \ 9670Sstevel@tonic-gate (pd)->pd_prov_handle, session, encr_mech, encr_key, \ 9680Sstevel@tonic-gate mac_mech, mac_key, plaintext, ciphertext, mac, \ 9690Sstevel@tonic-gate encr_ctx_template, mac_ctx_template, req) : \ 9700Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9710Sstevel@tonic-gate 9720Sstevel@tonic-gate #define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \ 9730Sstevel@tonic-gate decr_key, mac_ctx_template, decr_ctx_template, req) ( \ 9740Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9750Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \ 9760Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \ 9770Sstevel@tonic-gate ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \ 9780Sstevel@tonic-gate decr_ctx_template, req) : \ 9790Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9800Sstevel@tonic-gate 9810Sstevel@tonic-gate #define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \ 9820Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9830Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \ 9840Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \ 9850Sstevel@tonic-gate ctx, ciphertext, mac, plaintext, req) : \ 9860Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9870Sstevel@tonic-gate 9880Sstevel@tonic-gate #define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ 9890Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9900Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \ 9910Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \ 9920Sstevel@tonic-gate ctx, ciphertext, plaintext, req) : \ 9930Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 9940Sstevel@tonic-gate 9950Sstevel@tonic-gate #define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \ 9960Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 9970Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \ 9980Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \ 9990Sstevel@tonic-gate ctx, mac, plaintext, req) : \ 10000Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 10010Sstevel@tonic-gate 10020Sstevel@tonic-gate #define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 10030Sstevel@tonic-gate decr_mech, decr_key, ciphertext, mac, plaintext, \ 10040Sstevel@tonic-gate mac_ctx_template, decr_ctx_template, req) ( \ 10050Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 10060Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \ 10070Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \ 10080Sstevel@tonic-gate (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 10090Sstevel@tonic-gate decr_mech, decr_key, ciphertext, mac, plaintext, \ 10100Sstevel@tonic-gate mac_ctx_template, decr_ctx_template, req) : \ 10110Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 10120Sstevel@tonic-gate 10130Sstevel@tonic-gate #define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ 10140Sstevel@tonic-gate decr_mech, decr_key, ciphertext, mac, plaintext, \ 10150Sstevel@tonic-gate mac_ctx_template, decr_ctx_template, req) ( \ 10160Sstevel@tonic-gate (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ 10170Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \ 10180Sstevel@tonic-gate != NULL) ? \ 10190Sstevel@tonic-gate KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \ 10200Sstevel@tonic-gate (pd)->pd_prov_handle, session, mac_mech, mac_key, \ 10210Sstevel@tonic-gate decr_mech, decr_key, ciphertext, mac, plaintext, \ 10220Sstevel@tonic-gate mac_ctx_template, decr_ctx_template, req) : \ 10230Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 10240Sstevel@tonic-gate 10250Sstevel@tonic-gate /* 10260Sstevel@tonic-gate * Wrappers for crypto_random_number_ops(9S) entry points. 10270Sstevel@tonic-gate */ 10280Sstevel@tonic-gate 10291920Smcpowers #define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \ 10300Sstevel@tonic-gate (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \ 10310Sstevel@tonic-gate KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \ 10321920Smcpowers session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED) 10330Sstevel@tonic-gate 10340Sstevel@tonic-gate #define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \ 10350Sstevel@tonic-gate (KCF_PROV_RANDOM_OPS(pd) && \ 10360Sstevel@tonic-gate KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \ 10370Sstevel@tonic-gate KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \ 10380Sstevel@tonic-gate session, buf, len, req) : CRYPTO_NOT_SUPPORTED) 10390Sstevel@tonic-gate 10400Sstevel@tonic-gate /* 10410Sstevel@tonic-gate * Wrappers for crypto_session_ops(9S) entry points. 10420Sstevel@tonic-gate * 10430Sstevel@tonic-gate * ops_pd is the provider descriptor that supplies the ops_vector. 10440Sstevel@tonic-gate * pd is the descriptor that supplies the provider handle. 10450Sstevel@tonic-gate * Only session open/close needs two handles. 10460Sstevel@tonic-gate */ 10470Sstevel@tonic-gate 10480Sstevel@tonic-gate #define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \ 10490Sstevel@tonic-gate (KCF_PROV_SESSION_OPS(ops_pd) && \ 10500Sstevel@tonic-gate KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \ 10510Sstevel@tonic-gate KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \ 10520Sstevel@tonic-gate session, req) : CRYPTO_NOT_SUPPORTED) 10530Sstevel@tonic-gate 10540Sstevel@tonic-gate #define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \ 10550Sstevel@tonic-gate (KCF_PROV_SESSION_OPS(ops_pd) && \ 10560Sstevel@tonic-gate KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \ 10570Sstevel@tonic-gate KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \ 10580Sstevel@tonic-gate session, req) : CRYPTO_NOT_SUPPORTED) 10590Sstevel@tonic-gate 10600Sstevel@tonic-gate #define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \ 10610Sstevel@tonic-gate (KCF_PROV_SESSION_OPS(pd) && \ 10620Sstevel@tonic-gate KCF_PROV_SESSION_OPS(pd)->session_login) ? \ 10630Sstevel@tonic-gate KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \ 10640Sstevel@tonic-gate session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED) 10650Sstevel@tonic-gate 10660Sstevel@tonic-gate #define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \ 10670Sstevel@tonic-gate (KCF_PROV_SESSION_OPS(pd) && \ 10680Sstevel@tonic-gate KCF_PROV_SESSION_OPS(pd)->session_logout) ? \ 10690Sstevel@tonic-gate KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \ 10700Sstevel@tonic-gate session, req) : CRYPTO_NOT_SUPPORTED) 10710Sstevel@tonic-gate 10720Sstevel@tonic-gate /* 10730Sstevel@tonic-gate * Wrappers for crypto_object_ops(9S) entry points. 10740Sstevel@tonic-gate */ 10750Sstevel@tonic-gate 10760Sstevel@tonic-gate #define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \ 10770Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \ 10780Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \ 10790Sstevel@tonic-gate session, template, count, object, req) : CRYPTO_NOT_SUPPORTED) 10800Sstevel@tonic-gate 10810Sstevel@tonic-gate #define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \ 10820Sstevel@tonic-gate new_object, req) ( \ 10830Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \ 10840Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \ 10850Sstevel@tonic-gate session, object, template, count, new_object, req) : \ 10860Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 10870Sstevel@tonic-gate 10880Sstevel@tonic-gate #define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \ 10890Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \ 10900Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \ 10910Sstevel@tonic-gate session, object, req) : CRYPTO_NOT_SUPPORTED) 10920Sstevel@tonic-gate 10930Sstevel@tonic-gate #define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \ 10940Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && \ 10950Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \ 10960Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \ 10970Sstevel@tonic-gate session, object, size, req) : CRYPTO_NOT_SUPPORTED) 10980Sstevel@tonic-gate 10990Sstevel@tonic-gate #define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \ 11000Sstevel@tonic-gate count, req) ( \ 11010Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && \ 11020Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \ 11030Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \ 11040Sstevel@tonic-gate (pd)->pd_prov_handle, session, object, template, count, req) : \ 11050Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11060Sstevel@tonic-gate 11070Sstevel@tonic-gate #define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \ 11080Sstevel@tonic-gate count, req) ( \ 11090Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && \ 11100Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \ 11110Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \ 11120Sstevel@tonic-gate (pd)->pd_prov_handle, session, object, template, count, req) : \ 11130Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11140Sstevel@tonic-gate 11150Sstevel@tonic-gate #define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \ 11160Sstevel@tonic-gate req) ( \ 11170Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && \ 11180Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \ 11190Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \ 11200Sstevel@tonic-gate session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED) 11210Sstevel@tonic-gate 11220Sstevel@tonic-gate #define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \ 11230Sstevel@tonic-gate req) ( \ 11240Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \ 11250Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_find( \ 11260Sstevel@tonic-gate (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \ 11270Sstevel@tonic-gate req) : CRYPTO_NOT_SUPPORTED) 11280Sstevel@tonic-gate 11290Sstevel@tonic-gate #define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \ 11300Sstevel@tonic-gate (KCF_PROV_OBJECT_OPS(pd) && \ 11310Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \ 11320Sstevel@tonic-gate KCF_PROV_OBJECT_OPS(pd)->object_find_final( \ 11330Sstevel@tonic-gate (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED) 11340Sstevel@tonic-gate 11350Sstevel@tonic-gate /* 11360Sstevel@tonic-gate * Wrappers for crypto_key_ops(9S) entry points. 11370Sstevel@tonic-gate */ 11380Sstevel@tonic-gate 11390Sstevel@tonic-gate #define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \ 11400Sstevel@tonic-gate req) ( \ 11410Sstevel@tonic-gate (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \ 11420Sstevel@tonic-gate KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \ 11430Sstevel@tonic-gate session, mech, template, count, object, req) : \ 11440Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11450Sstevel@tonic-gate 11460Sstevel@tonic-gate #define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 11470Sstevel@tonic-gate pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \ 11480Sstevel@tonic-gate (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \ 11490Sstevel@tonic-gate KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \ 11500Sstevel@tonic-gate session, mech, pub_template, pub_count, priv_template, \ 11510Sstevel@tonic-gate priv_count, pub_key, priv_key, req) : \ 11520Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11530Sstevel@tonic-gate 11540Sstevel@tonic-gate #define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \ 11550Sstevel@tonic-gate wrapped_key_len, req) ( \ 11560Sstevel@tonic-gate (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \ 11570Sstevel@tonic-gate KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \ 11580Sstevel@tonic-gate session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \ 11590Sstevel@tonic-gate req) : \ 11600Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11610Sstevel@tonic-gate 11620Sstevel@tonic-gate #define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \ 11630Sstevel@tonic-gate wrapped_key_len, template, count, key, req) ( \ 11640Sstevel@tonic-gate (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \ 11650Sstevel@tonic-gate KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \ 11660Sstevel@tonic-gate session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \ 11670Sstevel@tonic-gate template, count, key, req) : \ 11680Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11690Sstevel@tonic-gate 11700Sstevel@tonic-gate #define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \ 11710Sstevel@tonic-gate key, req) ( \ 11720Sstevel@tonic-gate (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \ 11730Sstevel@tonic-gate KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \ 11740Sstevel@tonic-gate session, mech, base_key, template, count, key, req) : \ 11750Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11760Sstevel@tonic-gate 11770Sstevel@tonic-gate #define KCF_PROV_KEY_CHECK(pd, mech, key) ( \ 11780Sstevel@tonic-gate (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \ 11790Sstevel@tonic-gate KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \ 11800Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 11810Sstevel@tonic-gate 11820Sstevel@tonic-gate /* 11830Sstevel@tonic-gate * Wrappers for crypto_provider_management_ops(9S) entry points. 11840Sstevel@tonic-gate * 11850Sstevel@tonic-gate * ops_pd is the provider descriptor that supplies the ops_vector. 11860Sstevel@tonic-gate * pd is the descriptor that supplies the provider handle. 11870Sstevel@tonic-gate * Only ext_info needs two handles. 11880Sstevel@tonic-gate */ 11890Sstevel@tonic-gate 11900Sstevel@tonic-gate #define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \ 11910Sstevel@tonic-gate (KCF_PROV_PROVIDER_OPS(ops_pd) && \ 11920Sstevel@tonic-gate KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \ 11930Sstevel@tonic-gate KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \ 11940Sstevel@tonic-gate provext_info, req) : CRYPTO_NOT_SUPPORTED) 11950Sstevel@tonic-gate 11960Sstevel@tonic-gate #define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \ 11970Sstevel@tonic-gate (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \ 11980Sstevel@tonic-gate KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \ 11990Sstevel@tonic-gate pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED) 12000Sstevel@tonic-gate 12010Sstevel@tonic-gate #define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \ 12020Sstevel@tonic-gate (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \ 12030Sstevel@tonic-gate KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \ 12040Sstevel@tonic-gate session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED) 12050Sstevel@tonic-gate 12060Sstevel@tonic-gate #define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \ 12070Sstevel@tonic-gate req) ( \ 12080Sstevel@tonic-gate (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \ 12090Sstevel@tonic-gate KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \ 12100Sstevel@tonic-gate session, old_pin, old_len, new_pin, new_len, req) : \ 12110Sstevel@tonic-gate CRYPTO_NOT_SUPPORTED) 12120Sstevel@tonic-gate 12130Sstevel@tonic-gate /* 12144219Smcpowers * Wrappers for crypto_nostore_key_ops(9S) entry points. 12154219Smcpowers */ 12164219Smcpowers 12174219Smcpowers #define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \ 12184219Smcpowers out_template, out_count, req) ( \ 12194219Smcpowers (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 12204219Smcpowers KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \ 12214219Smcpowers KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \ 12224219Smcpowers (pd)->pd_prov_handle, session, mech, template, count, \ 12234219Smcpowers out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) 12244219Smcpowers 12254219Smcpowers #define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ 12264219Smcpowers pub_count, priv_template, priv_count, out_pub_template, \ 12274219Smcpowers out_pub_count, out_priv_template, out_priv_count, req) ( \ 12284219Smcpowers (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 12294219Smcpowers KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \ 12304219Smcpowers KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \ 12314219Smcpowers (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \ 12324219Smcpowers priv_template, priv_count, out_pub_template, out_pub_count, \ 12334219Smcpowers out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED) 12344219Smcpowers 12354219Smcpowers #define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \ 12364219Smcpowers count, out_template, out_count, req) ( \ 12374219Smcpowers (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ 12384219Smcpowers KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \ 12394219Smcpowers KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \ 12404219Smcpowers (pd)->pd_prov_handle, session, mech, base_key, template, count, \ 12414219Smcpowers out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) 12424219Smcpowers 12434219Smcpowers /* 12440Sstevel@tonic-gate * The following routines are exported by the kcf module (/kernel/misc/kcf) 12450Sstevel@tonic-gate * to the crypto and cryptoadmin modules. 12460Sstevel@tonic-gate */ 12470Sstevel@tonic-gate 12480Sstevel@tonic-gate /* Digest/mac/cipher entry points that take a provider descriptor and session */ 12490Sstevel@tonic-gate extern int crypto_digest_single(crypto_context_t, crypto_data_t *, 12500Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12510Sstevel@tonic-gate 12520Sstevel@tonic-gate extern int crypto_mac_single(crypto_context_t, crypto_data_t *, 12530Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12540Sstevel@tonic-gate 12550Sstevel@tonic-gate extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *, 12560Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12570Sstevel@tonic-gate 12580Sstevel@tonic-gate extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *, 12590Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12600Sstevel@tonic-gate 12610Sstevel@tonic-gate 12620Sstevel@tonic-gate /* Other private digest/mac/cipher entry points not exported through k-API */ 12630Sstevel@tonic-gate extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *, 12640Sstevel@tonic-gate crypto_call_req_t *); 12650Sstevel@tonic-gate 12660Sstevel@tonic-gate /* Private sign entry points exported by KCF */ 12670Sstevel@tonic-gate extern int crypto_sign_single(crypto_context_t, crypto_data_t *, 12680Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12690Sstevel@tonic-gate 12700Sstevel@tonic-gate extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *, 12710Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12720Sstevel@tonic-gate 12730Sstevel@tonic-gate /* Private verify entry points exported by KCF */ 12740Sstevel@tonic-gate extern int crypto_verify_single(crypto_context_t, crypto_data_t *, 12750Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12760Sstevel@tonic-gate 12770Sstevel@tonic-gate extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *, 12780Sstevel@tonic-gate crypto_data_t *, crypto_call_req_t *); 12790Sstevel@tonic-gate 12800Sstevel@tonic-gate /* Private dual operations entry points exported by KCF */ 12810Sstevel@tonic-gate extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t, 12820Sstevel@tonic-gate crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 12830Sstevel@tonic-gate extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t, 12840Sstevel@tonic-gate crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 12850Sstevel@tonic-gate extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t, 12860Sstevel@tonic-gate crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 12870Sstevel@tonic-gate extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t, 12880Sstevel@tonic-gate crypto_data_t *, crypto_data_t *, crypto_call_req_t *); 12890Sstevel@tonic-gate 12900Sstevel@tonic-gate /* Random Number Generation */ 12910Sstevel@tonic-gate int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf, 12920Sstevel@tonic-gate size_t len, crypto_call_req_t *req); 12930Sstevel@tonic-gate int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf, 12940Sstevel@tonic-gate size_t len, crypto_call_req_t *req); 12950Sstevel@tonic-gate 12960Sstevel@tonic-gate /* Provider Management */ 12970Sstevel@tonic-gate int crypto_get_provider_info(crypto_provider_id_t id, 12980Sstevel@tonic-gate crypto_provider_info_t **info, crypto_call_req_t *req); 12990Sstevel@tonic-gate int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id, 13000Sstevel@tonic-gate uint_t *count, crypto_mech_name_t **list); 13010Sstevel@tonic-gate int crypto_init_token(crypto_provider_handle_t provider, char *pin, 13020Sstevel@tonic-gate size_t pin_len, char *label, crypto_call_req_t *); 13030Sstevel@tonic-gate int crypto_init_pin(crypto_provider_handle_t provider, char *pin, 13040Sstevel@tonic-gate size_t pin_len, crypto_call_req_t *req); 13050Sstevel@tonic-gate int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin, 13060Sstevel@tonic-gate size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req); 13070Sstevel@tonic-gate void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count); 13080Sstevel@tonic-gate void crypto_free_provider_info(crypto_provider_info_t *info); 13090Sstevel@tonic-gate 13100Sstevel@tonic-gate /* Administrative */ 13110Sstevel@tonic-gate int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list); 13120Sstevel@tonic-gate int crypto_get_soft_list(uint_t *count, char **list, size_t *len); 13130Sstevel@tonic-gate int crypto_get_dev_info(char *name, uint_t instance, uint_t *count, 13140Sstevel@tonic-gate crypto_mech_name_t **list); 13150Sstevel@tonic-gate int crypto_get_soft_info(caddr_t name, uint_t *count, 13160Sstevel@tonic-gate crypto_mech_name_t **list); 13170Sstevel@tonic-gate int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count, 13180Sstevel@tonic-gate crypto_mech_name_t *list); 13190Sstevel@tonic-gate int crypto_load_soft_disabled(caddr_t name, uint_t count, 13200Sstevel@tonic-gate crypto_mech_name_t *list); 13210Sstevel@tonic-gate int crypto_unload_soft_module(caddr_t path); 13220Sstevel@tonic-gate int crypto_load_soft_config(caddr_t name, uint_t count, 13230Sstevel@tonic-gate crypto_mech_name_t *list); 13240Sstevel@tonic-gate int crypto_load_door(uint_t did); 13250Sstevel@tonic-gate void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count); 13260Sstevel@tonic-gate void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count); 132710732SAnthony.Scarpino@Sun.COM extern void kcf_activate(); 13280Sstevel@tonic-gate 13290Sstevel@tonic-gate /* Miscellaneous */ 13300Sstevel@tonic-gate int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number); 13310Sstevel@tonic-gate int crypto_get_function_list(crypto_provider_id_t id, 13320Sstevel@tonic-gate crypto_function_list_t **list, int kmflag); 13330Sstevel@tonic-gate void crypto_free_function_list(crypto_function_list_t *list); 13340Sstevel@tonic-gate int crypto_build_permitted_mech_names(kcf_provider_desc_t *, 13350Sstevel@tonic-gate crypto_mech_name_t **, uint_t *, int); 13360Sstevel@tonic-gate extern void kcf_init_mech_tabs(void); 13373708Skrishna extern int kcf_add_mech_provider(short, kcf_provider_desc_t *, 13380Sstevel@tonic-gate kcf_prov_mech_desc_t **); 13390Sstevel@tonic-gate extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *); 13400Sstevel@tonic-gate extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **); 13410Sstevel@tonic-gate extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *); 13420Sstevel@tonic-gate extern void kcf_free_provider_desc(kcf_provider_desc_t *); 13430Sstevel@tonic-gate extern void kcf_soft_config_init(void); 13440Sstevel@tonic-gate extern int get_sw_provider_for_mech(crypto_mech_name_t, char **); 13450Sstevel@tonic-gate extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t); 13460Sstevel@tonic-gate extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); 13470Sstevel@tonic-gate extern void redo_register_provider(kcf_provider_desc_t *); 13480Sstevel@tonic-gate extern void kcf_rnd_init(); 13490Sstevel@tonic-gate extern boolean_t kcf_rngprov_check(void); 13500Sstevel@tonic-gate extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t); 13519619SBhargava.Yenduri@Sun.COM extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t); 13521920Smcpowers extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t); 13538928SBhargava.Yenduri@Sun.COM extern void kcf_rnd_chpoll(short, int, short *, struct pollhead **); 13540Sstevel@tonic-gate extern void kcf_rnd_schedule_timeout(boolean_t); 13557188Smcpowers extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t, 13567188Smcpowers void *, void (*update)()); 13577188Smcpowers extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t, 13587188Smcpowers void *, void (*update)()); 13597188Smcpowers extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); 13607188Smcpowers extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *); 13617188Smcpowers extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *, 13627188Smcpowers int kmflag); 13637188Smcpowers extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *, 13647188Smcpowers void (*update)(), void (*final)(), uchar_t); 13657188Smcpowers extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, 13667188Smcpowers int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 13677188Smcpowers void (*copy_block)(uint8_t *, uint64_t *)); 13687188Smcpowers extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *, 13697188Smcpowers int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 13707188Smcpowers void (*copy_block)(uint8_t *, uint64_t *)); 13717188Smcpowers extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *, 13727188Smcpowers int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), 13737188Smcpowers void (*copy_block)(uint8_t *, uint64_t *)); 13747188Smcpowers extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **, 13757188Smcpowers ssize_t *); 13760Sstevel@tonic-gate 13770Sstevel@tonic-gate /* Access to the provider's table */ 13780Sstevel@tonic-gate extern void kcf_prov_tab_init(void); 13790Sstevel@tonic-gate extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *); 13800Sstevel@tonic-gate extern int kcf_prov_tab_rem_provider(crypto_provider_id_t); 13810Sstevel@tonic-gate extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *); 13820Sstevel@tonic-gate extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t); 13830Sstevel@tonic-gate extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int, 13840Sstevel@tonic-gate char *, uint_t, boolean_t); 13850Sstevel@tonic-gate extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t); 13860Sstevel@tonic-gate extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **); 13870Sstevel@tonic-gate extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t); 13880Sstevel@tonic-gate extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **, 13893708Skrishna kcf_mech_entry_t **, boolean_t); 13900Sstevel@tonic-gate 13919505SBhargava.Yenduri@Sun.COM extern kmutex_t prov_tab_mutex; 13929505SBhargava.Yenduri@Sun.COM extern boolean_t kcf_need_provtab_walk; 13939505SBhargava.Yenduri@Sun.COM extern int kcf_get_refcnt(kcf_provider_desc_t *, boolean_t); 13949505SBhargava.Yenduri@Sun.COM 13950Sstevel@tonic-gate /* Access to the policy table */ 13960Sstevel@tonic-gate extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t); 13970Sstevel@tonic-gate extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *, 13980Sstevel@tonic-gate uint_t, crypto_mech_name_t); 13990Sstevel@tonic-gate extern void kcf_policy_tab_init(void); 14000Sstevel@tonic-gate extern void kcf_policy_free_desc(kcf_policy_desc_t *); 14010Sstevel@tonic-gate extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **); 14020Sstevel@tonic-gate extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *, 14030Sstevel@tonic-gate crypto_mech_name_t **); 14040Sstevel@tonic-gate extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *); 14050Sstevel@tonic-gate extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t); 14060Sstevel@tonic-gate extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *, 14070Sstevel@tonic-gate uint_t *, crypto_mech_name_t **); 14080Sstevel@tonic-gate extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t, 14090Sstevel@tonic-gate crypto_mech_name_t *, uint_t *, crypto_mech_name_t **); 141010732SAnthony.Scarpino@Sun.COM extern void remove_soft_config(char *); 141110732SAnthony.Scarpino@Sun.COM 141210732SAnthony.Scarpino@Sun.COM /* FIPS 140 functions */ 141310500SHai-May.Chao@Sun.COM extern int kcf_get_fips140_mode(void); 141410732SAnthony.Scarpino@Sun.COM extern void kcf_fips140_validate(); 141510732SAnthony.Scarpino@Sun.COM extern void kcf_activate(); 14160Sstevel@tonic-gate 14170Sstevel@tonic-gate #endif /* _KERNEL */ 14180Sstevel@tonic-gate 14190Sstevel@tonic-gate #ifdef __cplusplus 14200Sstevel@tonic-gate } 14210Sstevel@tonic-gate #endif 14220Sstevel@tonic-gate 14230Sstevel@tonic-gate #endif /* _SYS_CRYPTO_IMPL_H */ 1424