1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or https://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_SPI_H 27 #define _SYS_CRYPTO_SPI_H 28 29 /* 30 * CSPI: Cryptographic Service Provider Interface. 31 */ 32 33 #include <sys/zfs_context.h> 34 #include <sys/crypto/common.h> 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 #ifdef CONSTIFY_PLUGIN 41 #define __no_const __attribute__((no_const)) 42 #else 43 #define __no_const 44 #endif /* CONSTIFY_PLUGIN */ 45 46 /* 47 * Context templates can be used to by providers to pre-process 48 * keying material, such as key schedules. They are allocated by 49 * a provider create_ctx_template(9E) entry point, and passed 50 * as argument to initialization and atomic provider entry points. 51 */ 52 typedef void *crypto_spi_ctx_template_t; 53 54 /* 55 * The context structure is passed from the kernel to a provider. 56 * It contains the information needed to process a multi-part or 57 * single part operation. The context structure is not used 58 * by atomic operations. 59 * 60 * Parameters needed to perform a cryptographic operation, such 61 * as keys, mechanisms, input and output buffers, are passed 62 * as separate arguments to Provider routines. 63 */ 64 typedef struct crypto_ctx { 65 void *cc_provider_private; /* owned by provider */ 66 void *cc_framework_private; /* owned by framework */ 67 } crypto_ctx_t; 68 69 /* 70 * The crypto_digest_ops structure contains pointers to digest 71 * operations for cryptographic providers. It is passed through 72 * the crypto_ops(9S) structure when providers register with the 73 * kernel using crypto_register_provider(9F). 74 */ 75 typedef struct crypto_digest_ops { 76 int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *); 77 int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); 78 int (*digest_update)(crypto_ctx_t *, crypto_data_t *); 79 int (*digest_key)(crypto_ctx_t *, crypto_key_t *); 80 int (*digest_final)(crypto_ctx_t *, crypto_data_t *); 81 int (*digest_atomic)(crypto_mechanism_t *, crypto_data_t *, 82 crypto_data_t *); 83 } __no_const crypto_digest_ops_t; 84 85 /* 86 * The crypto_cipher_ops structure contains pointers to encryption 87 * and decryption operations for cryptographic providers. It is 88 * passed through the crypto_ops(9S) structure when providers register 89 * with the kernel using crypto_register_provider(9F). 90 */ 91 typedef struct crypto_cipher_ops { 92 int (*encrypt_init)(crypto_ctx_t *, 93 crypto_mechanism_t *, crypto_key_t *, 94 crypto_spi_ctx_template_t); 95 int (*encrypt)(crypto_ctx_t *, 96 crypto_data_t *, crypto_data_t *); 97 int (*encrypt_update)(crypto_ctx_t *, 98 crypto_data_t *, crypto_data_t *); 99 int (*encrypt_final)(crypto_ctx_t *, 100 crypto_data_t *); 101 int (*encrypt_atomic)(crypto_mechanism_t *, crypto_key_t *, 102 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 103 104 int (*decrypt_init)(crypto_ctx_t *, 105 crypto_mechanism_t *, crypto_key_t *, 106 crypto_spi_ctx_template_t); 107 int (*decrypt)(crypto_ctx_t *, 108 crypto_data_t *, crypto_data_t *); 109 int (*decrypt_update)(crypto_ctx_t *, 110 crypto_data_t *, crypto_data_t *); 111 int (*decrypt_final)(crypto_ctx_t *, 112 crypto_data_t *); 113 int (*decrypt_atomic)(crypto_mechanism_t *, crypto_key_t *, 114 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 115 } __no_const crypto_cipher_ops_t; 116 117 /* 118 * The crypto_mac_ops structure contains pointers to MAC 119 * operations for cryptographic providers. It is passed through 120 * the crypto_ops(9S) structure when providers register with the 121 * kernel using crypto_register_provider(9F). 122 */ 123 typedef struct crypto_mac_ops { 124 int (*mac_init)(crypto_ctx_t *, 125 crypto_mechanism_t *, crypto_key_t *, 126 crypto_spi_ctx_template_t); 127 int (*mac)(crypto_ctx_t *, 128 crypto_data_t *, crypto_data_t *); 129 int (*mac_update)(crypto_ctx_t *, 130 crypto_data_t *); 131 int (*mac_final)(crypto_ctx_t *, 132 crypto_data_t *); 133 int (*mac_atomic)(crypto_mechanism_t *, crypto_key_t *, 134 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 135 int (*mac_verify_atomic)(crypto_mechanism_t *, crypto_key_t *, 136 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); 137 } __no_const crypto_mac_ops_t; 138 139 /* 140 * The crypto_ctx_ops structure contains points to context and context 141 * templates management operations for cryptographic providers. It is 142 * passed through the crypto_ops(9S) structure when providers register 143 * with the kernel using crypto_register_provider(9F). 144 */ 145 typedef struct crypto_ctx_ops { 146 int (*create_ctx_template)(crypto_mechanism_t *, crypto_key_t *, 147 crypto_spi_ctx_template_t *, size_t *); 148 int (*free_context)(crypto_ctx_t *); 149 } __no_const crypto_ctx_ops_t; 150 151 /* 152 * The crypto_ops(9S) structure contains the structures containing 153 * the pointers to functions implemented by cryptographic providers. 154 * It is specified as part of the crypto_provider_info(9S) 155 * supplied by a provider when it registers with the kernel 156 * by calling crypto_register_provider(9F). 157 */ 158 typedef struct crypto_ops { 159 const crypto_digest_ops_t *co_digest_ops; 160 const crypto_cipher_ops_t *co_cipher_ops; 161 const crypto_mac_ops_t *co_mac_ops; 162 const crypto_ctx_ops_t *co_ctx_ops; 163 } crypto_ops_t; 164 165 /* 166 * The mechanism info structure crypto_mech_info_t contains a function group 167 * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, 168 * specifies the provider entry point that can be used a particular 169 * mechanism. The function group mask is a combination of the following values. 170 */ 171 172 typedef uint32_t crypto_func_group_t; 173 174 175 #define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ 176 #define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ 177 #define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ 178 #define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ 179 #define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ 180 #define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ 181 #define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ 182 #define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ 183 184 /* 185 * Maximum length of the pi_provider_description field of the 186 * crypto_provider_info structure. 187 */ 188 #define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 189 190 191 /* 192 * The crypto_mech_info structure specifies one of the mechanisms 193 * supported by a cryptographic provider. The pi_mechanisms field of 194 * the crypto_provider_info structure contains a pointer to an array 195 * of crypto_mech_info's. 196 */ 197 typedef struct crypto_mech_info { 198 crypto_mech_name_t cm_mech_name; 199 crypto_mech_type_t cm_mech_number; 200 crypto_func_group_t cm_func_group_mask; 201 } crypto_mech_info_t; 202 203 /* 204 * crypto_kcf_provider_handle_t is a handle allocated by the kernel. 205 * It is returned after the provider registers with 206 * crypto_register_provider(), and must be specified by the provider 207 * when calling crypto_unregister_provider(), and 208 * crypto_provider_notification(). 209 */ 210 typedef uint_t crypto_kcf_provider_handle_t; 211 212 /* 213 * Provider information. Passed as argument to crypto_register_provider(9F). 214 * Describes the provider and its capabilities. 215 */ 216 typedef struct crypto_provider_info { 217 const char *pi_provider_description; 218 const crypto_ops_t *pi_ops_vector; 219 uint_t pi_mech_list_count; 220 const crypto_mech_info_t *pi_mechanisms; 221 } crypto_provider_info_t; 222 223 /* 224 * Functions exported by Solaris to cryptographic providers. Providers 225 * call these functions to register and unregister, notify the kernel 226 * of state changes, and notify the kernel when a asynchronous request 227 * completed. 228 */ 229 extern int crypto_register_provider(const crypto_provider_info_t *, 230 crypto_kcf_provider_handle_t *); 231 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); 232 233 234 #ifdef __cplusplus 235 } 236 #endif 237 238 #endif /* _SYS_CRYPTO_SPI_H */ 239