1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or https://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_SPI_H 27 #define _SYS_CRYPTO_SPI_H 28 29 /* 30 * CSPI: Cryptographic Service Provider Interface. 31 */ 32 33 #include <sys/zfs_context.h> 34 #include <sys/crypto/common.h> 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 #ifdef CONSTIFY_PLUGIN 41 #define __no_const __attribute__((no_const)) 42 #else 43 #define __no_const 44 #endif /* CONSTIFY_PLUGIN */ 45 46 /* 47 * Context templates can be used to by providers to pre-process 48 * keying material, such as key schedules. They are allocated by 49 * a provider create_ctx_template(9E) entry point, and passed 50 * as argument to initialization and atomic provider entry points. 51 */ 52 typedef void *crypto_spi_ctx_template_t; 53 54 /* 55 * The context structure is passed from the kernel to a provider. 56 * It contains the information needed to process a multi-part or 57 * single part operation. The context structure is not used 58 * by atomic operations. 59 * 60 * Parameters needed to perform a cryptographic operation, such 61 * as keys, mechanisms, input and output buffers, are passed 62 * as separate arguments to Provider routines. 63 */ 64 typedef struct crypto_ctx { 65 void *cc_provider_private; /* owned by provider */ 66 void *cc_framework_private; /* owned by framework */ 67 } crypto_ctx_t; 68 69 /* 70 * The crypto_cipher_ops structure contains pointers to encryption 71 * and decryption operations for cryptographic providers. It is 72 * passed through the crypto_ops(9S) structure when providers register 73 * with the kernel using crypto_register_provider(9F). 74 */ 75 typedef struct crypto_cipher_ops { 76 int (*encrypt_atomic)(crypto_mechanism_t *, crypto_key_t *, 77 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 78 int (*decrypt_atomic)(crypto_mechanism_t *, crypto_key_t *, 79 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 80 } __no_const crypto_cipher_ops_t; 81 82 /* 83 * The crypto_mac_ops structure contains pointers to MAC 84 * operations for cryptographic providers. It is passed through 85 * the crypto_ops(9S) structure when providers register with the 86 * kernel using crypto_register_provider(9F). 87 */ 88 typedef struct crypto_mac_ops { 89 int (*mac_init)(crypto_ctx_t *, 90 crypto_mechanism_t *, crypto_key_t *, 91 crypto_spi_ctx_template_t); 92 int (*mac)(crypto_ctx_t *, 93 crypto_data_t *, crypto_data_t *); 94 int (*mac_update)(crypto_ctx_t *, 95 crypto_data_t *); 96 int (*mac_final)(crypto_ctx_t *, 97 crypto_data_t *); 98 int (*mac_atomic)(crypto_mechanism_t *, crypto_key_t *, 99 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 100 int (*mac_verify_atomic)(crypto_mechanism_t *, crypto_key_t *, 101 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 102 } __no_const crypto_mac_ops_t; 103 104 /* 105 * The crypto_ctx_ops structure contains points to context and context 106 * templates management operations for cryptographic providers. It is 107 * passed through the crypto_ops(9S) structure when providers register 108 * with the kernel using crypto_register_provider(9F). 109 */ 110 typedef struct crypto_ctx_ops { 111 int (*create_ctx_template)(crypto_mechanism_t *, crypto_key_t *, 112 crypto_spi_ctx_template_t *, size_t *); 113 int (*free_context)(crypto_ctx_t *); 114 } __no_const crypto_ctx_ops_t; 115 116 /* 117 * The crypto_ops(9S) structure contains the structures containing 118 * the pointers to functions implemented by cryptographic providers. 119 * It is specified as part of the crypto_provider_info(9S) 120 * supplied by a provider when it registers with the kernel 121 * by calling crypto_register_provider(9F). 122 */ 123 typedef struct crypto_ops { 124 const crypto_cipher_ops_t *co_cipher_ops; 125 const crypto_mac_ops_t *co_mac_ops; 126 const crypto_ctx_ops_t *co_ctx_ops; 127 } crypto_ops_t; 128 129 /* 130 * The mechanism info structure crypto_mech_info_t contains a function group 131 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 132 * specifies the provider entry point that can be used a particular 133 * mechanism. The function group mask is a combination of the following values. 134 */ 135 136 typedef uint32_t crypto_func_group_t; 137 138 139 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 140 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 141 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 142 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 143 144 /* 145 * Maximum length of the pi_provider_description field of the 146 * crypto_provider_info structure. 147 */ 148 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 149 150 151 /* 152 * The crypto_mech_info structure specifies one of the mechanisms 153 * supported by a cryptographic provider. The pi_mechanisms field of 154 * the crypto_provider_info structure contains a pointer to an array 155 * of crypto_mech_info's. 156 */ 157 typedef struct crypto_mech_info { 158 crypto_mech_name_t cm_mech_name; 159 crypto_mech_type_t cm_mech_number; 160 crypto_func_group_t cm_func_group_mask; 161 } crypto_mech_info_t; 162 163 /* 164 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 165 * It is returned after the provider registers with 166 * crypto_register_provider(), and must be specified by the provider 167 * when calling crypto_unregister_provider(), and 168 * crypto_provider_notification(). 169 */ 170 typedef uint_t crypto_kcf_provider_handle_t; 171 172 /* 173 * Provider information. Passed as argument to crypto_register_provider(9F). 174 * Describes the provider and its capabilities. 175 */ 176 typedef struct crypto_provider_info { 177 const char *pi_provider_description; 178 const crypto_ops_t *pi_ops_vector; 179 uint_t pi_mech_list_count; 180 const crypto_mech_info_t *pi_mechanisms; 181 } crypto_provider_info_t; 182 183 /* 184 * Functions exported by Solaris to cryptographic providers. Providers 185 * call these functions to register and unregister, notify the kernel 186 * of state changes, and notify the kernel when a asynchronous request 187 * completed. 188 */ 189 extern int crypto_register_provider(const crypto_provider_info_t *, 190 crypto_kcf_provider_handle_t *); 191 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 192 193 194 #ifdef __cplusplus 195 } 196 #endif 197 198 #endif /* _SYS_CRYPTO_SPI_H */ 199