1 /* |
|
2 * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 #ifndef _SYS_CRYPTO_COMMON_H |
|
27 #define _SYS_CRYPTO_COMMON_H |
|
28 |
|
29 /* |
|
30 * Header file for the common data structures of the cryptographic framework |
|
31 */ |
|
32 |
|
33 #ifdef __cplusplus |
|
34 extern "C" { |
|
35 #endif |
|
36 |
|
37 #include <sys/types.h> |
|
38 #include <sys/uio.h> |
|
39 #include <sys/stream.h> |
|
40 #include <sys/mutex.h> |
|
41 #include <sys/condvar.h> |
|
42 |
|
43 /* Convenience defines/macros */ |
|
44 |
|
45 #define CRYPTO_ARG_INPLACE(input, output) \ |
|
46 if ((output) == NULL) \ |
|
47 (output) = (input); |
|
48 |
|
49 #ifdef _KERNEL |
|
50 |
|
51 #include <sys/kmem.h> |
|
52 #define CRYPTO_KMFLAG(x) crypto_kmflag((x)) |
|
53 #define CRYPTO_ALLOC(sz, kmflag) kmem_alloc((sz), (kmflag)) |
|
54 #define CRYPTO_ZALLOC(sz, kmflag) kmem_zalloc((sz), (kmflag)) |
|
55 #define CRYPTO_FREE(ptr, sz) kmem_free((ptr), (sz)) |
|
56 #define CRYPTO_ZFREE(ptr, sz) if (ptr != NULL) { \ |
|
57 bzero((ptr), (sz)), \ |
|
58 kmem_free((ptr), (sz)); \ |
|
59 } |
|
60 |
|
61 #else /* _KERNEL */ |
|
62 |
|
63 #include <malloc.h> |
|
64 #define CRYPTO_KMFLAG(x) (0) |
|
65 #define CRYPTO_ALLOC(sz, kmflag) malloc((sz)) |
|
66 #define CRYPTO_ZALLOC(sz, kmflag) calloc(1, (sz)) |
|
67 #define CRYPTO_FREE(ptr, sz) free((ptr)) |
|
68 #define CRYPTO_ZFREE(ptr, sz) if (ptr != NULL) { \ |
|
69 bzero((ptr), (sz)), \ |
|
70 free((ptr)); \ |
|
71 } |
|
72 |
|
73 #endif /* _KERNEL */ |
|
74 |
|
75 /* Cryptographic Mechanisms */ |
|
76 |
|
77 #define CRYPTO_MAX_MECH_NAME 32 |
|
78 typedef char crypto_mech_name_t[CRYPTO_MAX_MECH_NAME]; |
|
79 |
|
80 typedef uint64_t crypto_mech_type_t; |
|
81 |
|
82 typedef struct crypto_mechanism { |
|
83 crypto_mech_type_t cm_type; /* mechanism type */ |
|
84 caddr_t cm_param; /* mech. parameter */ |
|
85 size_t cm_param_len; /* mech. parameter len */ |
|
86 } crypto_mechanism_t; |
|
87 |
|
88 #ifdef _SYSCALL32 |
|
89 |
|
90 typedef struct crypto_mechanism32 { |
|
91 crypto_mech_type_t cm_type; /* mechanism type */ |
|
92 caddr32_t cm_param; /* mech. parameter */ |
|
93 size32_t cm_param_len; /* mech. parameter len */ |
|
94 } crypto_mechanism32_t; |
|
95 |
|
96 #endif /* _SYSCALL32 */ |
|
97 |
|
98 #ifdef _KERNEL |
|
99 /* CK_AES_CTR_PARAMS provides parameters to the CKM_AES_CTR mechanism */ |
|
100 typedef struct CK_AES_CTR_PARAMS { |
|
101 ulong_t ulCounterBits; |
|
102 uint8_t cb[16]; |
|
103 } CK_AES_CTR_PARAMS; |
|
104 #endif |
|
105 |
|
106 /* CK_AES_CCM_PARAMS provides parameters to the CKM_AES_CCM mechanism */ |
|
107 typedef struct CK_AES_CCM_PARAMS { |
|
108 ulong_t ulMACSize; |
|
109 ulong_t ulNonceSize; |
|
110 ulong_t ulAuthDataSize; |
|
111 ulong_t ulDataSize; /* used for plaintext or ciphertext */ |
|
112 uchar_t *nonce; |
|
113 uchar_t *authData; |
|
114 } CK_AES_CCM_PARAMS; |
|
115 |
|
116 /* CK_AES_GCM_PARAMS provides parameters to the CKM_AES_GCM mechanism */ |
|
117 typedef struct CK_AES_GCM_PARAMS { |
|
118 uchar_t *pIv; |
|
119 ulong_t ulIvLen; |
|
120 ulong_t ulIvBits; |
|
121 uchar_t *pAAD; |
|
122 ulong_t ulAADLen; |
|
123 ulong_t ulTagBits; |
|
124 } CK_AES_GCM_PARAMS; |
|
125 |
|
126 /* CK_AES_GMAC_PARAMS provides parameters to the CKM_AES_GMAC mechanism */ |
|
127 typedef struct CK_AES_GMAC_PARAMS { |
|
128 uchar_t *pIv; |
|
129 uchar_t *pAAD; |
|
130 ulong_t ulAADLen; |
|
131 } CK_AES_GMAC_PARAMS; |
|
132 |
|
133 #ifdef _KERNEL |
|
134 /* |
|
135 * CK_ECDH1_DERIVE_PARAMS provides the parameters to the |
|
136 * CKM_ECDH1_KEY_DERIVE mechanism |
|
137 */ |
|
138 typedef struct CK_ECDH1_DERIVE_PARAMS { |
|
139 ulong_t kdf; |
|
140 ulong_t ulSharedDataLen; |
|
141 uchar_t *pSharedData; |
|
142 ulong_t ulPublicDataLen; |
|
143 uchar_t *pPublicData; |
|
144 } CK_ECDH1_DERIVE_PARAMS; |
|
145 #endif |
|
146 |
|
147 #ifdef _KERNEL |
|
148 #ifdef _SYSCALL32 |
|
149 |
|
150 /* needed for 32-bit applications running on 64-bit kernels */ |
|
151 typedef struct CK_AES_CTR_PARAMS32 { |
|
152 uint32_t ulCounterBits; |
|
153 uint8_t cb[16]; |
|
154 } CK_AES_CTR_PARAMS32; |
|
155 |
|
156 /* needed for 32-bit applications running on 64-bit kernels */ |
|
157 typedef struct CK_AES_CCM_PARAMS32 { |
|
158 uint32_t ulMACSize; |
|
159 uint32_t ulNonceSize; |
|
160 uint32_t ulAuthDataSize; |
|
161 uint32_t ulDataSize; |
|
162 caddr32_t nonce; |
|
163 caddr32_t authData; |
|
164 } CK_AES_CCM_PARAMS32; |
|
165 |
|
166 /* needed for 32-bit applications running on 64-bit kernels */ |
|
167 typedef struct CK_AES_GCM_PARAMS32 { |
|
168 caddr32_t pIv; |
|
169 uint32_t ulIvLen; |
|
170 uint32_t ulIvBits; |
|
171 caddr32_t pAAD; |
|
172 uint32_t ulAADLen; |
|
173 uint32_t ulTagBits; |
|
174 } CK_AES_GCM_PARAMS32; |
|
175 |
|
176 /* needed for 32-bit applications running on 64-bit kernels */ |
|
177 typedef struct CK_AES_GMAC_PARAMS32 { |
|
178 caddr32_t pIv; |
|
179 caddr32_t pAAD; |
|
180 uint32_t ulAADLen; |
|
181 } CK_AES_GMAC_PARAMS32; |
|
182 |
|
183 typedef struct CK_ECDH1_DERIVE_PARAMS32 { |
|
184 uint32_t kdf; |
|
185 uint32_t ulSharedDataLen; |
|
186 caddr32_t pSharedData; |
|
187 uint32_t ulPublicDataLen; |
|
188 caddr32_t pPublicData; |
|
189 } CK_ECDH1_DERIVE_PARAMS32; |
|
190 |
|
191 #endif /* _SYSCALL32 */ |
|
192 #endif /* _KERNEL */ |
|
193 |
|
194 /* |
|
195 * The measurement unit bit flag for a mechanism's minimum or maximum key size. |
|
196 * The unit are mechanism dependent. It can be in bits or in bytes. |
|
197 */ |
|
198 typedef uint32_t crypto_keysize_unit_t; |
|
199 |
|
200 /* |
|
201 * The following bit flags are valid in cm_mech_flags field in |
|
202 * the crypto_mech_info_t structure of the SPI. |
|
203 * |
|
204 * Only the first two bit flags are valid in mi_keysize_unit |
|
205 * field in the crypto_mechanism_info_t structure of the API. |
|
206 */ |
|
207 #define CRYPTO_KEYSIZE_UNIT_IN_BITS 0x00000001 |
|
208 #define CRYPTO_KEYSIZE_UNIT_IN_BYTES 0x00000002 |
|
209 #define CRYPTO_CAN_SHARE_OPSTATE 0x00000004 /* supports sharing */ |
|
210 |
|
211 |
|
212 /* Mechanisms supported out-of-the-box */ |
|
213 #define SUN_CKM_MD4 "CKM_MD4" |
|
214 #define SUN_CKM_MD5 "CKM_MD5" |
|
215 #define SUN_CKM_MD5_HMAC "CKM_MD5_HMAC" |
|
216 #define SUN_CKM_MD5_HMAC_GENERAL "CKM_MD5_HMAC_GENERAL" |
|
217 #define SUN_CKM_SHA1 "CKM_SHA_1" |
|
218 #define SUN_CKM_SHA1_HMAC "CKM_SHA_1_HMAC" |
|
219 #define SUN_CKM_SHA1_HMAC_GENERAL "CKM_SHA_1_HMAC_GENERAL" |
|
220 #define SUN_CKM_SHA256 "CKM_SHA256" |
|
221 #define SUN_CKM_SHA256_HMAC "CKM_SHA256_HMAC" |
|
222 #define SUN_CKM_SHA256_HMAC_GENERAL "CKM_SHA256_HMAC_GENERAL" |
|
223 #define SUN_CKM_SHA384 "CKM_SHA384" |
|
224 #define SUN_CKM_SHA384_HMAC "CKM_SHA384_HMAC" |
|
225 #define SUN_CKM_SHA384_HMAC_GENERAL "CKM_SHA384_HMAC_GENERAL" |
|
226 #define SUN_CKM_SHA512 "CKM_SHA512" |
|
227 #define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC" |
|
228 #define SUN_CKM_SHA512_HMAC_GENERAL "CKM_SHA512_HMAC_GENERAL" |
|
229 #define SUN_CKM_DES_CBC "CKM_DES_CBC" |
|
230 #define SUN_CKM_DES3_CBC "CKM_DES3_CBC" |
|
231 #define SUN_CKM_DES_ECB "CKM_DES_ECB" |
|
232 #define SUN_CKM_DES3_ECB "CKM_DES3_ECB" |
|
233 #define SUN_CKM_BLOWFISH_CBC "CKM_BLOWFISH_CBC" |
|
234 #define SUN_CKM_BLOWFISH_ECB "CKM_BLOWFISH_ECB" |
|
235 #define SUN_CKM_AES_CBC "CKM_AES_CBC" |
|
236 #define SUN_CKM_AES_ECB "CKM_AES_ECB" |
|
237 #define SUN_CKM_AES_CTR "CKM_AES_CTR" |
|
238 #define SUN_CKM_AES_CCM "CKM_AES_CCM" |
|
239 #define SUN_CKM_AES_GCM "CKM_AES_GCM" |
|
240 #define SUN_CKM_AES_GMAC "CKM_AES_GMAC" |
|
241 #define SUN_CKM_AES_CFB128 "CKM_AES_CFB128" |
|
242 #define SUN_CKM_RC4 "CKM_RC4" |
|
243 #define SUN_CKM_RSA_PKCS "CKM_RSA_PKCS" |
|
244 #define SUN_CKM_RSA_X_509 "CKM_RSA_X_509" |
|
245 #define SUN_CKM_MD5_RSA_PKCS "CKM_MD5_RSA_PKCS" |
|
246 #define SUN_CKM_SHA1_RSA_PKCS "CKM_SHA1_RSA_PKCS" |
|
247 #define SUN_CKM_SHA256_RSA_PKCS "CKM_SHA256_RSA_PKCS" |
|
248 #define SUN_CKM_SHA384_RSA_PKCS "CKM_SHA384_RSA_PKCS" |
|
249 #define SUN_CKM_SHA512_RSA_PKCS "CKM_SHA512_RSA_PKCS" |
|
250 #define SUN_CKM_EC_KEY_PAIR_GEN "CKM_EC_KEY_PAIR_GEN" |
|
251 #define SUN_CKM_ECDH1_DERIVE "CKM_ECDH1_DERIVE" |
|
252 #define SUN_CKM_ECDSA_SHA1 "CKM_ECDSA_SHA1" |
|
253 #define SUN_CKM_ECDSA "CKM_ECDSA" |
|
254 |
|
255 /* Shared operation context format for CKM_RC4 */ |
|
256 typedef struct { |
|
257 #if defined(__amd64) |
|
258 uint32_t i, j; |
|
259 uint32_t arr[256]; |
|
260 uint32_t flag; |
|
261 #else |
|
262 uchar_t arr[256]; |
|
263 uchar_t i, j; |
|
264 #endif /* __amd64 */ |
|
265 uint64_t pad; /* For 64-bit alignment */ |
|
266 } arcfour_state_t; |
|
267 |
|
268 /* Data arguments of cryptographic operations */ |
|
269 |
|
270 typedef enum crypto_data_format { |
|
271 CRYPTO_DATA_RAW = 1, |
|
272 CRYPTO_DATA_UIO, |
|
273 CRYPTO_DATA_MBLK |
|
274 } crypto_data_format_t; |
|
275 |
|
276 typedef struct crypto_data { |
|
277 crypto_data_format_t cd_format; /* Format identifier */ |
|
278 off_t cd_offset; /* Offset from the beginning */ |
|
279 size_t cd_length; /* # of bytes in use */ |
|
280 caddr_t cd_miscdata; /* ancillary data */ |
|
281 union { |
|
282 /* Raw format */ |
|
283 iovec_t cdu_raw; /* Pointer and length */ |
|
284 |
|
285 /* uio scatter-gather format */ |
|
286 uio_t *cdu_uio; |
|
287 |
|
288 /* mblk scatter-gather format */ |
|
289 mblk_t *cdu_mp; /* The mblk chain */ |
|
290 |
|
291 } cdu; /* Crypto Data Union */ |
|
292 } crypto_data_t; |
|
293 |
|
294 #define cd_raw cdu.cdu_raw |
|
295 #define cd_uio cdu.cdu_uio |
|
296 #define cd_mp cdu.cdu_mp |
|
297 |
|
298 #define CRYPTO_SET_RAW_DATA(var, str, len) \ |
|
299 (var).cd_format = CRYPTO_DATA_RAW; \ |
|
300 (var).cd_offset = 0; \ |
|
301 (var).cd_length = (len); \ |
|
302 (var).cd_miscdata = NULL; \ |
|
303 (var).cd_raw.iov_base = (caddr_t)(str); \ |
|
304 (var).cd_raw.iov_len = (len); |
|
305 |
|
306 #define CRYPTO_DATA_IS_USERSPACE(buf) \ |
|
307 ((buf->cd_format == CRYPTO_DATA_UIO && \ |
|
308 buf->cd_uio->uio_segflg == UIO_USERSPACE)) |
|
309 |
|
310 typedef struct crypto_dual_data { |
|
311 crypto_data_t dd_data; /* The data */ |
|
312 off_t dd_offset2; /* Used by dual operation */ |
|
313 size_t dd_len2; /* # of bytes to take */ |
|
314 } crypto_dual_data_t; |
|
315 |
|
316 #define dd_format dd_data.cd_format |
|
317 #define dd_offset1 dd_data.cd_offset |
|
318 #define dd_len1 dd_data.cd_length |
|
319 #define dd_miscdata dd_data.cd_miscdata |
|
320 #define dd_raw dd_data.cd_raw |
|
321 #define dd_uio dd_data.cd_uio |
|
322 #define dd_mp dd_data.cd_mp |
|
323 |
|
324 /* The keys, and their contents */ |
|
325 |
|
326 typedef enum { |
|
327 CRYPTO_KEY_RAW = 1, /* ck_data is a cleartext key */ |
|
328 CRYPTO_KEY_REFERENCE, /* ck_obj_id is an opaque reference */ |
|
329 CRYPTO_KEY_ATTR_LIST /* ck_attrs is a list of object attributes */ |
|
330 } crypto_key_format_t; |
|
331 |
|
332 typedef uint64_t crypto_attr_type_t; |
|
333 |
|
334 /* Attribute types to use for passing a RSA public key or a private key. */ |
|
335 #define SUN_CKA_MODULUS 0x00000120 |
|
336 #define SUN_CKA_MODULUS_BITS 0x00000121 |
|
337 #define SUN_CKA_PUBLIC_EXPONENT 0x00000122 |
|
338 #define SUN_CKA_PRIVATE_EXPONENT 0x00000123 |
|
339 #define SUN_CKA_PRIME_1 0x00000124 |
|
340 #define SUN_CKA_PRIME_2 0x00000125 |
|
341 #define SUN_CKA_EXPONENT_1 0x00000126 |
|
342 #define SUN_CKA_EXPONENT_2 0x00000127 |
|
343 #define SUN_CKA_COEFFICIENT 0x00000128 |
|
344 #define SUN_CKA_PRIME 0x00000130 |
|
345 #define SUN_CKA_SUBPRIME 0x00000131 |
|
346 #define SUN_CKA_BASE 0x00000132 |
|
347 |
|
348 #define CKK_EC 0x00000003 |
|
349 #define CKK_GENERIC_SECRET 0x00000010 |
|
350 #define CKK_RC4 0x00000012 |
|
351 #define CKK_AES 0x0000001F |
|
352 #define CKK_DES 0x00000013 |
|
353 #define CKK_DES2 0x00000014 |
|
354 #define CKK_DES3 0x00000015 |
|
355 |
|
356 #define CKO_PUBLIC_KEY 0x00000002 |
|
357 #define CKO_PRIVATE_KEY 0x00000003 |
|
358 #define CKA_CLASS 0x00000000 |
|
359 #define CKA_VALUE 0x00000011 |
|
360 #define CKA_KEY_TYPE 0x00000100 |
|
361 #define CKA_VALUE_LEN 0x00000161 |
|
362 #define CKA_EC_PARAMS 0x00000180 |
|
363 #define CKA_EC_POINT 0x00000181 |
|
364 |
|
365 typedef uint32_t crypto_object_id_t; |
|
366 |
|
367 typedef struct crypto_object_attribute { |
|
368 crypto_attr_type_t oa_type; /* attribute type */ |
|
369 caddr_t oa_value; /* attribute value */ |
|
370 ssize_t oa_value_len; /* length of attribute value */ |
|
371 } crypto_object_attribute_t; |
|
372 |
|
373 typedef struct crypto_key { |
|
374 crypto_key_format_t ck_format; /* format identifier */ |
|
375 union { |
|
376 /* for CRYPTO_KEY_RAW ck_format */ |
|
377 struct { |
|
378 uint_t cku_v_length; /* # of bits in ck_data */ |
|
379 void *cku_v_data; /* ptr to key value */ |
|
380 } cku_key_value; |
|
381 |
|
382 /* for CRYPTO_KEY_REFERENCE ck_format */ |
|
383 crypto_object_id_t cku_key_id; /* reference to object key */ |
|
384 |
|
385 /* for CRYPTO_KEY_ATTR_LIST ck_format */ |
|
386 struct { |
|
387 uint_t cku_a_count; /* number of attributes */ |
|
388 crypto_object_attribute_t *cku_a_oattr; |
|
389 } cku_key_attrs; |
|
390 } cku_data; /* Crypto Key union */ |
|
391 } crypto_key_t; |
|
392 |
|
393 #ifdef _SYSCALL32 |
|
394 |
|
395 typedef struct crypto_object_attribute32 { |
|
396 uint64_t oa_type; /* attribute type */ |
|
397 caddr32_t oa_value; /* attribute value */ |
|
398 ssize32_t oa_value_len; /* length of attribute value */ |
|
399 } crypto_object_attribute32_t; |
|
400 |
|
401 typedef struct crypto_key32 { |
|
402 crypto_key_format_t ck_format; /* format identifier */ |
|
403 union { |
|
404 /* for CRYPTO_KEY_RAW ck_format */ |
|
405 struct { |
|
406 uint32_t cku_v_length; /* # of bytes in ck_data */ |
|
407 caddr32_t cku_v_data; /* ptr to key value */ |
|
408 } cku_key_value; |
|
409 |
|
410 /* for CRYPTO_KEY_REFERENCE ck_format */ |
|
411 crypto_object_id_t cku_key_id; /* reference to object key */ |
|
412 |
|
413 /* for CRYPTO_KEY_ATTR_LIST ck_format */ |
|
414 struct { |
|
415 uint32_t cku_a_count; /* number of attributes */ |
|
416 caddr32_t cku_a_oattr; |
|
417 } cku_key_attrs; |
|
418 } cku_data; /* Crypto Key union */ |
|
419 } crypto_key32_t; |
|
420 |
|
421 #endif /* _SYSCALL32 */ |
|
422 |
|
423 #define ck_data cku_data.cku_key_value.cku_v_data |
|
424 #define ck_length cku_data.cku_key_value.cku_v_length |
|
425 #define ck_obj_id cku_data.cku_key_id |
|
426 #define ck_count cku_data.cku_key_attrs.cku_a_count |
|
427 #define ck_attrs cku_data.cku_key_attrs.cku_a_oattr |
|
428 |
|
429 /* |
|
430 * Raw key lengths are expressed in number of bits. |
|
431 * The following macro returns the minimum number of |
|
432 * bytes that can contain the specified number of bits. |
|
433 * Round up without overflowing the integer type. |
|
434 */ |
|
435 #define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1) |
|
436 #define CRYPTO_BYTES2BITS(n) ((n) << 3) |
|
437 |
|
438 /* Providers */ |
|
439 |
|
440 typedef enum { |
|
441 CRYPTO_HW_PROVIDER = 0, |
|
442 CRYPTO_SW_PROVIDER, |
|
443 CRYPTO_LOGICAL_PROVIDER |
|
444 } crypto_provider_type_t; |
|
445 |
|
446 typedef uint32_t crypto_provider_id_t; |
|
447 #define KCF_PROVID_INVALID ((uint32_t)-1) |
|
448 |
|
449 typedef struct crypto_provider_entry { |
|
450 crypto_provider_id_t pe_provider_id; |
|
451 uint_t pe_mechanism_count; |
|
452 } crypto_provider_entry_t; |
|
453 |
|
454 typedef struct crypto_dev_list_entry { |
|
455 char le_dev_name[MAXNAMELEN]; |
|
456 uint_t le_dev_instance; |
|
457 uint_t le_mechanism_count; |
|
458 } crypto_dev_list_entry_t; |
|
459 |
|
460 /* User type for authentication ioctls and SPI entry points */ |
|
461 |
|
462 typedef enum crypto_user_type { |
|
463 CRYPTO_SO = 0, |
|
464 CRYPTO_USER |
|
465 } crypto_user_type_t; |
|
466 |
|
467 /* Version for provider management ioctls and SPI entry points */ |
|
468 |
|
469 typedef struct crypto_version { |
|
470 uchar_t cv_major; |
|
471 uchar_t cv_minor; |
|
472 } crypto_version_t; |
|
473 |
|
474 /* session data structure opaque to the consumer */ |
|
475 typedef void *crypto_session_t; |
|
476 |
|
477 /* provider data structure opaque to the consumer */ |
|
478 typedef void *crypto_provider_t; |
|
479 |
|
480 /* Limits used by both consumers and providers */ |
|
481 #define CRYPTO_EXT_SIZE_LABEL 32 |
|
482 #define CRYPTO_EXT_SIZE_MANUF 32 |
|
483 #define CRYPTO_EXT_SIZE_MODEL 16 |
|
484 #define CRYPTO_EXT_SIZE_SERIAL 16 |
|
485 #define CRYPTO_EXT_SIZE_TIME 16 |
|
486 |
|
487 typedef struct crypto_provider_ext_info { |
|
488 uchar_t ei_label[CRYPTO_EXT_SIZE_LABEL]; |
|
489 uchar_t ei_manufacturerID[CRYPTO_EXT_SIZE_MANUF]; |
|
490 uchar_t ei_model[CRYPTO_EXT_SIZE_MODEL]; |
|
491 uchar_t ei_serial_number[CRYPTO_EXT_SIZE_SERIAL]; |
|
492 ulong_t ei_flags; |
|
493 ulong_t ei_max_session_count; |
|
494 ulong_t ei_max_pin_len; |
|
495 ulong_t ei_min_pin_len; |
|
496 ulong_t ei_total_public_memory; |
|
497 ulong_t ei_free_public_memory; |
|
498 ulong_t ei_total_private_memory; |
|
499 ulong_t ei_free_private_memory; |
|
500 crypto_version_t ei_hardware_version; |
|
501 crypto_version_t ei_firmware_version; |
|
502 uchar_t ei_time[CRYPTO_EXT_SIZE_TIME]; |
|
503 int ei_hash_max_input_len; |
|
504 int ei_hmac_max_input_len; |
|
505 } crypto_provider_ext_info_t; |
|
506 |
|
507 typedef uint_t crypto_session_id_t; |
|
508 |
|
509 typedef enum cmd_type { |
|
510 COPY_FROM_DATA, |
|
511 COPY_TO_DATA, |
|
512 COMPARE_TO_DATA, |
|
513 MD5_DIGEST_DATA, |
|
514 SHA1_DIGEST_DATA, |
|
515 SHA2_DIGEST_DATA, |
|
516 GHASH_DATA |
|
517 } cmd_type_t; |
|
518 |
|
519 #define CRYPTO_DO_UPDATE 0x01 |
|
520 #define CRYPTO_DO_FINAL 0x02 |
|
521 #define CRYPTO_DO_MD5 0x04 |
|
522 #define CRYPTO_DO_SHA1 0x08 |
|
523 #define CRYPTO_DO_SIGN 0x10 |
|
524 #define CRYPTO_DO_VERIFY 0x20 |
|
525 #define CRYPTO_DO_SHA2 0x40 |
|
526 |
|
527 #define PROVIDER_OWNS_KEY_SCHEDULE 0x00000001 |
|
528 |
|
529 /* |
|
530 * Common cryptographic status and error codes. |
|
531 */ |
|
532 #define CRYPTO_SUCCESS 0x00000000 |
|
533 #define CRYPTO_CANCEL 0x00000001 |
|
534 #define CRYPTO_HOST_MEMORY 0x00000002 |
|
535 #define CRYPTO_GENERAL_ERROR 0x00000003 |
|
536 #define CRYPTO_FAILED 0x00000004 |
|
537 #define CRYPTO_ARGUMENTS_BAD 0x00000005 |
|
538 #define CRYPTO_ATTRIBUTE_READ_ONLY 0x00000006 |
|
539 #define CRYPTO_ATTRIBUTE_SENSITIVE 0x00000007 |
|
540 #define CRYPTO_ATTRIBUTE_TYPE_INVALID 0x00000008 |
|
541 #define CRYPTO_ATTRIBUTE_VALUE_INVALID 0x00000009 |
|
542 #define CRYPTO_CANCELED 0x0000000A |
|
543 #define CRYPTO_DATA_INVALID 0x0000000B |
|
544 #define CRYPTO_DATA_LEN_RANGE 0x0000000C |
|
545 #define CRYPTO_DEVICE_ERROR 0x0000000D |
|
546 #define CRYPTO_DEVICE_MEMORY 0x0000000E |
|
547 #define CRYPTO_DEVICE_REMOVED 0x0000000F |
|
548 #define CRYPTO_ENCRYPTED_DATA_INVALID 0x00000010 |
|
549 #define CRYPTO_ENCRYPTED_DATA_LEN_RANGE 0x00000011 |
|
550 #define CRYPTO_KEY_HANDLE_INVALID 0x00000012 |
|
551 #define CRYPTO_KEY_SIZE_RANGE 0x00000013 |
|
552 #define CRYPTO_KEY_TYPE_INCONSISTENT 0x00000014 |
|
553 #define CRYPTO_KEY_NOT_NEEDED 0x00000015 |
|
554 #define CRYPTO_KEY_CHANGED 0x00000016 |
|
555 #define CRYPTO_KEY_NEEDED 0x00000017 |
|
556 #define CRYPTO_KEY_INDIGESTIBLE 0x00000018 |
|
557 #define CRYPTO_KEY_FUNCTION_NOT_PERMITTED 0x00000019 |
|
558 #define CRYPTO_KEY_NOT_WRAPPABLE 0x0000001A |
|
559 #define CRYPTO_KEY_UNEXTRACTABLE 0x0000001B |
|
560 #define CRYPTO_MECHANISM_INVALID 0x0000001C |
|
561 #define CRYPTO_MECHANISM_PARAM_INVALID 0x0000001D |
|
562 #define CRYPTO_OBJECT_HANDLE_INVALID 0x0000001E |
|
563 #define CRYPTO_OPERATION_IS_ACTIVE 0x0000001F |
|
564 #define CRYPTO_OPERATION_NOT_INITIALIZED 0x00000020 |
|
565 #define CRYPTO_PIN_INCORRECT 0x00000021 |
|
566 #define CRYPTO_PIN_INVALID 0x00000022 |
|
567 #define CRYPTO_PIN_LEN_RANGE 0x00000023 |
|
568 #define CRYPTO_PIN_EXPIRED 0x00000024 |
|
569 #define CRYPTO_PIN_LOCKED 0x00000025 |
|
570 #define CRYPTO_SESSION_CLOSED 0x00000026 |
|
571 #define CRYPTO_SESSION_COUNT 0x00000027 |
|
572 #define CRYPTO_SESSION_HANDLE_INVALID 0x00000028 |
|
573 #define CRYPTO_SESSION_READ_ONLY 0x00000029 |
|
574 #define CRYPTO_SESSION_EXISTS 0x0000002A |
|
575 #define CRYPTO_SESSION_READ_ONLY_EXISTS 0x0000002B |
|
576 #define CRYPTO_SESSION_READ_WRITE_SO_EXISTS 0x0000002C |
|
577 #define CRYPTO_SIGNATURE_INVALID 0x0000002D |
|
578 #define CRYPTO_SIGNATURE_LEN_RANGE 0x0000002E |
|
579 #define CRYPTO_TEMPLATE_INCOMPLETE 0x0000002F |
|
580 #define CRYPTO_TEMPLATE_INCONSISTENT 0x00000030 |
|
581 #define CRYPTO_UNWRAPPING_KEY_HANDLE_INVALID 0x00000031 |
|
582 #define CRYPTO_UNWRAPPING_KEY_SIZE_RANGE 0x00000032 |
|
583 #define CRYPTO_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x00000033 |
|
584 #define CRYPTO_USER_ALREADY_LOGGED_IN 0x00000034 |
|
585 #define CRYPTO_USER_NOT_LOGGED_IN 0x00000035 |
|
586 #define CRYPTO_USER_PIN_NOT_INITIALIZED 0x00000036 |
|
587 #define CRYPTO_USER_TYPE_INVALID 0x00000037 |
|
588 #define CRYPTO_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000038 |
|
589 #define CRYPTO_USER_TOO_MANY_TYPES 0x00000039 |
|
590 #define CRYPTO_WRAPPED_KEY_INVALID 0x0000003A |
|
591 #define CRYPTO_WRAPPED_KEY_LEN_RANGE 0x0000003B |
|
592 #define CRYPTO_WRAPPING_KEY_HANDLE_INVALID 0x0000003C |
|
593 #define CRYPTO_WRAPPING_KEY_SIZE_RANGE 0x0000003D |
|
594 #define CRYPTO_WRAPPING_KEY_TYPE_INCONSISTENT 0x0000003E |
|
595 #define CRYPTO_RANDOM_SEED_NOT_SUPPORTED 0x0000003F |
|
596 #define CRYPTO_RANDOM_NO_RNG 0x00000040 |
|
597 #define CRYPTO_DOMAIN_PARAMS_INVALID 0x00000041 |
|
598 #define CRYPTO_BUFFER_TOO_SMALL 0x00000042 |
|
599 #define CRYPTO_INFORMATION_SENSITIVE 0x00000043 |
|
600 #define CRYPTO_NOT_SUPPORTED 0x00000044 |
|
601 |
|
602 #define CRYPTO_QUEUED 0x00000045 |
|
603 #define CRYPTO_BUFFER_TOO_BIG 0x00000046 |
|
604 #define CRYPTO_INVALID_CONTEXT 0x00000047 |
|
605 #define CRYPTO_INVALID_MAC 0x00000048 |
|
606 #define CRYPTO_MECH_NOT_SUPPORTED 0x00000049 |
|
607 #define CRYPTO_INCONSISTENT_ATTRIBUTE 0x0000004A |
|
608 #define CRYPTO_NO_PERMISSION 0x0000004B |
|
609 #define CRYPTO_INVALID_PROVIDER_ID 0x0000004C |
|
610 #define CRYPTO_VERSION_MISMATCH 0x0000004D |
|
611 #define CRYPTO_BUSY 0x0000004E |
|
612 #define CRYPTO_UNKNOWN_PROVIDER 0x0000004F |
|
613 #define CRYPTO_MODVERIFICATION_FAILED 0x00000050 |
|
614 #define CRYPTO_OLD_CTX_TEMPLATE 0x00000051 |
|
615 #define CRYPTO_WEAK_KEY 0x00000052 |
|
616 #define CRYPTO_FIPS140_ERROR 0x00000053 |
|
617 /* |
|
618 * Don't forget to update CRYPTO_LAST_ERROR and the error_number_table[] |
|
619 * in kernelUtil.c when new error code is added. |
|
620 */ |
|
621 #define CRYPTO_LAST_ERROR 0x00000053 |
|
622 |
|
623 /* |
|
624 * Special values that can be used to indicate that information is unavailable |
|
625 * or that there is not practical limit. These values can be used |
|
626 * by fields of the SPI crypto_provider_ext_info(9S) structure. |
|
627 * The value of CRYPTO_UNAVAILABLE_INFO should be the same as |
|
628 * CK_UNAVAILABLE_INFO in the PKCS#11 spec. |
|
629 */ |
|
630 #define CRYPTO_UNAVAILABLE_INFO ((ulong_t)(-1)) |
|
631 #define CRYPTO_EFFECTIVELY_INFINITE 0x0 |
|
632 |
|
633 #ifdef __cplusplus |
|
634 } |
|
635 #endif |
|
636 |
|
637 #endif /* _SYS_CRYPTO_COMMON_H */ |
|