1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25#ifndef	_SYS_CRYPTO_API_H
26#define	_SYS_CRYPTO_API_H
27
28#ifdef	__cplusplus
29extern "C" {
30#endif
31
32#include <sys/types.h>
33#include <sys/crypto/common.h>
34
35typedef long crypto_req_id_t;
36typedef void *crypto_bc_t;
37typedef void *crypto_context_t;
38typedef void *crypto_ctx_template_t;
39
40typedef uint32_t crypto_call_flag_t;
41
42/* crypto_call_flag's values */
43#define	CRYPTO_ALWAYS_QUEUE	0x00000001	/* ALWAYS queue the req. */
44#define	CRYPTO_NOTIFY_OPDONE	0x00000002	/* Notify intermediate steps */
45#define	CRYPTO_SKIP_REQID	0x00000004	/* Skip request ID generation */
46
47typedef struct {
48	crypto_call_flag_t	cr_flag;
49	void			(*cr_callback_func)(void *, int);
50	void			*cr_callback_arg;
51	crypto_req_id_t		cr_reqid;
52} crypto_call_req_t;
53
54/*
55 * Returns the mechanism type corresponding to a mechanism name.
56 */
57
58#define	CRYPTO_MECH_INVALID	((uint64_t)-1)
59extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name);
60
61/*
62 * Create and destroy context templates.
63 */
64extern int crypto_create_ctx_template(crypto_mechanism_t *mech,
65    crypto_key_t *key, crypto_ctx_template_t *tmpl, int kmflag);
66extern void crypto_destroy_ctx_template(crypto_ctx_template_t tmpl);
67
68/*
69 * Single and multi-part digest operations.
70 */
71extern int crypto_digest(crypto_mechanism_t *mech, crypto_data_t *data,
72    crypto_data_t *digest, crypto_call_req_t *cr);
73extern int crypto_digest_prov(crypto_provider_t, crypto_session_id_t,
74    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
75    crypto_call_req_t *);
76extern int crypto_digest_init(crypto_mechanism_t *mech, crypto_context_t *ctxp,
77    crypto_call_req_t *cr);
78extern int crypto_digest_init_prov(crypto_provider_t, crypto_session_id_t,
79    crypto_mechanism_t *, crypto_context_t *, crypto_call_req_t *);
80extern int crypto_digest_update(crypto_context_t ctx, crypto_data_t *data,
81    crypto_call_req_t *cr);
82extern int crypto_digest_final(crypto_context_t ctx, crypto_data_t *digest,
83    crypto_call_req_t *cr);
84
85/*
86 * Single and multi-part MAC operations.
87 */
88extern int crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data,
89    crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac,
90    crypto_call_req_t *cr);
91extern int crypto_mac_prov(crypto_provider_t, crypto_session_id_t,
92    crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
93    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
94extern int crypto_mac_verify(crypto_mechanism_t *mech, crypto_data_t *data,
95    crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac,
96    crypto_call_req_t *cr);
97extern int crypto_mac_verify_prov(crypto_provider_t, crypto_session_id_t,
98    crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
99    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
100extern int crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key,
101    crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
102extern int crypto_mac_init_prov(crypto_provider_t, crypto_session_id_t,
103    crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
104    crypto_context_t *, crypto_call_req_t *);
105extern int crypto_mac_update(crypto_context_t ctx, crypto_data_t *data,
106    crypto_call_req_t *cr);
107extern int crypto_mac_final(crypto_context_t ctx, crypto_data_t *data,
108    crypto_call_req_t *cr);
109
110/*
111 * Single and multi-part sign with private key operations.
112 */
113extern int crypto_sign(crypto_mechanism_t *mech, crypto_key_t *key,
114    crypto_data_t *data, crypto_ctx_template_t tmpl,
115    crypto_data_t *signature, crypto_call_req_t *cr);
116extern int crypto_sign_prov(crypto_provider_t, crypto_session_id_t,
117    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
118    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
119extern int crypto_sign_init(crypto_mechanism_t *mech, crypto_key_t *key,
120    crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
121extern int crypto_sign_init_prov(crypto_provider_t, crypto_session_id_t,
122    crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
123    crypto_context_t *, crypto_call_req_t *);
124extern int crypto_sign_update(crypto_context_t ctx, crypto_data_t *data,
125    crypto_call_req_t *cr);
126extern int crypto_sign_final(crypto_context_t ctx, crypto_data_t *signature,
127    crypto_call_req_t *cr);
128extern int crypto_sign_recover_init_prov(crypto_provider_t,
129    crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
130    crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *);
131extern int crypto_sign_recover(crypto_mechanism_t *mech, crypto_key_t *key,
132    crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature,
133    crypto_call_req_t *cr);
134extern int crypto_sign_recover_prov(crypto_provider_t, crypto_session_id_t,
135    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
136    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
137
138/*
139 * Single and multi-part verify with public key operations.
140 */
141extern int crypto_verify(crypto_mechanism_t *mech, crypto_key_t *key,
142    crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature,
143    crypto_call_req_t *cr);
144extern int crypto_verify_prov(crypto_provider_t, crypto_session_id_t,
145    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
146    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
147extern int crypto_verify_init(crypto_mechanism_t *mech, crypto_key_t *key,
148    crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
149extern int crypto_verify_init_prov(crypto_provider_t, crypto_session_id_t,
150    crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
151    crypto_context_t *, crypto_call_req_t *);
152extern int crypto_verify_update(crypto_context_t ctx, crypto_data_t *data,
153    crypto_call_req_t *cr);
154extern int crypto_verify_final(crypto_context_t ctx, crypto_data_t *signature,
155    crypto_call_req_t *cr);
156extern int crypto_verify_recover_init_prov(crypto_provider_t,
157    crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
158    crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *);
159extern int crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key,
160    crypto_data_t *signature, crypto_ctx_template_t tmpl, crypto_data_t *data,
161    crypto_call_req_t *cr);
162extern int crypto_verify_recover_prov(crypto_provider_t, crypto_session_id_t,
163    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
164    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
165
166/*
167 * Single and multi-part encryption operations.
168 */
169extern int crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext,
170    crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext,
171    crypto_call_req_t *cr);
172extern int crypto_encrypt_prov(crypto_provider_t, crypto_session_id_t,
173    crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
174    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
175extern int crypto_encrypt_init(crypto_mechanism_t *mech, crypto_key_t *key,
176    crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr);
177extern int crypto_encrypt_init_prov(crypto_provider_t, crypto_session_id_t,
178    crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
179    crypto_context_t *, crypto_call_req_t *);
180extern int crypto_encrypt_update(crypto_context_t ctx,
181    crypto_data_t *plaintext, crypto_data_t *ciphertext,
182    crypto_call_req_t *cr);
183extern int crypto_encrypt_final(crypto_context_t ctx,
184    crypto_data_t *ciphertext, crypto_call_req_t *cr);
185
186/*
187 * Single and multi-part decryption operations.
188 */
189extern int crypto_decrypt(crypto_mechanism_t *mech, crypto_data_t *ciphertext,
190    crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext,
191    crypto_call_req_t *cr);
192extern int crypto_decrypt_prov(crypto_provider_t, crypto_session_id_t,
193    crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
194    crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *);
195extern int crypto_decrypt_init(crypto_mechanism_t *mech, crypto_key_t *key,
196    crypto_ctx_template_t tmpl, crypto_context_t *ctxp,
197    crypto_call_req_t *cr);
198extern int crypto_decrypt_init_prov(crypto_provider_t, crypto_session_id_t,
199    crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t,
200    crypto_context_t *, crypto_call_req_t *);
201extern int crypto_decrypt_update(crypto_context_t ctx,
202    crypto_data_t *ciphertext, crypto_data_t *plaintext,
203    crypto_call_req_t *cr);
204extern int crypto_decrypt_final(crypto_context_t ctx, crypto_data_t *plaintext,
205    crypto_call_req_t *cr);
206
207/*
208 * Single and multi-part encrypt/MAC dual operations.
209 */
210extern int crypto_encrypt_mac(crypto_mechanism_t *encr_mech,
211    crypto_mechanism_t *mac_mech, crypto_data_t *pt,
212    crypto_key_t *encr_key, crypto_key_t *mac_key,
213    crypto_ctx_template_t encr_tmpl, crypto_ctx_template_t mac_tmpl,
214    crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *cr);
215extern int crypto_encrypt_mac_prov(crypto_provider_t, crypto_session_id_t,
216    crypto_mechanism_t *, crypto_mechanism_t *, crypto_data_t *,
217    crypto_key_t *, crypto_key_t *, crypto_ctx_template_t,
218    crypto_ctx_template_t, crypto_dual_data_t *, crypto_data_t *,
219    crypto_call_req_t *);
220extern int crypto_encrypt_mac_init(crypto_mechanism_t *encr_mech,
221    crypto_mechanism_t *mac_mech, crypto_key_t *encr_key,
222    crypto_key_t *mac_key, crypto_ctx_template_t encr_tmpl,
223    crypto_ctx_template_t mac_tmpl, crypto_context_t *ctxp,
224    crypto_call_req_t *cr);
225extern int crypto_encrypt_mac_init_prov(crypto_provider_t, crypto_session_id_t,
226    crypto_mechanism_t *, crypto_mechanism_t *, crypto_key_t *, crypto_key_t *,
227    crypto_ctx_template_t, crypto_ctx_template_t, crypto_context_t *,
228    crypto_call_req_t *);
229extern int crypto_encrypt_mac_update(crypto_context_t ctx,
230    crypto_data_t *pt, crypto_dual_data_t *ct, crypto_call_req_t *cr);
231extern int crypto_encrypt_mac_final(crypto_context_t ctx,
232    crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *cr);
233
234/*
235 * Single and multi-part MAC/decrypt dual operations.
236 */
237extern int crypto_mac_decrypt(crypto_mechanism_t *mac_mech,
238    crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
239    crypto_key_t *mac_key, crypto_key_t *decr_key,
240    crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
241    crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
242extern int crypto_mac_decrypt_prov(crypto_provider_t, crypto_session_id_t,
243    crypto_mechanism_t *mac_mech, crypto_mechanism_t *decr_mech,
244    crypto_dual_data_t *ct, crypto_key_t *mac_key, crypto_key_t *decr_key,
245    crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
246    crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
247extern int crypto_mac_verify_decrypt(crypto_mechanism_t *mac_mech,
248    crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
249    crypto_key_t *mac_key, crypto_key_t *decr_key,
250    crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
251    crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
252extern int crypto_mac_verify_decrypt_prov(crypto_provider_t,
253    crypto_session_id_t, crypto_mechanism_t *mac_mech,
254    crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
255    crypto_key_t *mac_key, crypto_key_t *decr_key,
256    crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
257    crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr);
258extern int crypto_mac_decrypt_init(crypto_mechanism_t *mac_mech,
259    crypto_mechanism_t *decr_mech, crypto_key_t *mac_key,
260    crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl,
261    crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp,
262    crypto_call_req_t *cr);
263extern int crypto_mac_decrypt_init_prov(crypto_provider_t,
264    crypto_session_id_t, crypto_mechanism_t *mac_mech,
265    crypto_mechanism_t *decr_mech, crypto_key_t *mac_key,
266    crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl,
267    crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp,
268    crypto_call_req_t *cr);
269extern int crypto_mac_decrypt_update(crypto_context_t ctx,
270    crypto_dual_data_t *ct, crypto_data_t *pt, crypto_call_req_t *cr);
271extern int crypto_mac_decrypt_final(crypto_context_t ctx, crypto_data_t *mac,
272    crypto_data_t *pt, crypto_call_req_t *cr);
273
274/* Session Management */
275extern int crypto_session_open(crypto_provider_t, crypto_session_id_t *,
276    crypto_call_req_t *);
277extern int crypto_session_close(crypto_provider_t, crypto_session_id_t,
278    crypto_call_req_t *);
279extern int crypto_session_login(crypto_provider_t, crypto_session_id_t,
280    crypto_user_type_t, char *, size_t, crypto_call_req_t *);
281extern int crypto_session_logout(crypto_provider_t, crypto_session_id_t,
282    crypto_call_req_t *);
283
284/* Object Management */
285extern int crypto_object_copy(crypto_provider_t, crypto_session_id_t,
286    crypto_object_id_t, crypto_object_attribute_t *, uint_t,
287    crypto_object_id_t *, crypto_call_req_t *);
288extern int crypto_object_create(crypto_provider_t, crypto_session_id_t,
289    crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
290    crypto_call_req_t *);
291extern int crypto_object_destroy(crypto_provider_t, crypto_session_id_t,
292    crypto_object_id_t, crypto_call_req_t *);
293extern int crypto_object_get_attribute_value(crypto_provider_t,
294    crypto_session_id_t, crypto_object_id_t, crypto_object_attribute_t *,
295    uint_t, crypto_call_req_t *);
296extern int crypto_object_get_size(crypto_provider_t, crypto_session_id_t,
297    crypto_object_id_t, size_t *, crypto_call_req_t *);
298extern int crypto_object_find_final(crypto_provider_t, void *,
299    crypto_call_req_t *);
300extern int crypto_object_find_init(crypto_provider_t, crypto_session_id_t,
301    crypto_object_attribute_t *, uint_t, void **, crypto_call_req_t *);
302extern int crypto_object_find(crypto_provider_t, void *, crypto_object_id_t *,
303    uint_t *, uint_t, crypto_call_req_t *);
304extern int crypto_object_set_attribute_value(crypto_provider_t,
305    crypto_session_id_t, crypto_object_id_t, crypto_object_attribute_t *,
306    uint_t, crypto_call_req_t *);
307
308/* Key Management */
309extern int crypto_key_derive(crypto_provider_t, crypto_session_id_t,
310    crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
311    uint_t, crypto_object_id_t *, crypto_call_req_t *);
312extern int crypto_key_generate(crypto_provider_t, crypto_session_id_t,
313    crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
314    crypto_object_id_t *, crypto_call_req_t *);
315extern int crypto_key_generate_pair(crypto_provider_t, crypto_session_id_t,
316    crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
317    crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
318    crypto_object_id_t *, crypto_call_req_t *);
319extern int crypto_key_unwrap(crypto_provider_t, crypto_session_id_t,
320    crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *,
321    crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
322    crypto_call_req_t *);
323extern int crypto_key_wrap(crypto_provider_t, crypto_session_id_t,
324    crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, uchar_t *,
325    size_t *, crypto_call_req_t *);
326extern int crypto_key_check_prov(crypto_provider_t, crypto_mechanism_t *mech,
327    crypto_key_t *key);
328extern int crypto_key_check(crypto_mechanism_t *mech, crypto_key_t *key);
329
330
331/*
332 * Routines to cancel a single asynchronous request or all asynchronous
333 * requests associated with a particular context.
334 */
335extern void crypto_cancel_req(crypto_req_id_t req);
336extern void crypto_cancel_ctx(crypto_context_t ctx);
337
338/*
339 * crypto_get_mech_list(9F) allocates and returns the list of currently
340 * supported cryptographic mechanisms.
341 */
342extern crypto_mech_name_t *crypto_get_mech_list(uint_t *count, int kmflag);
343extern void crypto_free_mech_list(crypto_mech_name_t *mech_names,
344    uint_t count);
345
346extern crypto_provider_t crypto_get_provider(char *, char *, char *);
347extern int crypto_get_provinfo(crypto_provider_t, crypto_provider_ext_info_t *);
348extern void crypto_release_provider(crypto_provider_t);
349
350/*
351 * A kernel consumer can request to be notified when some particular event
352 * occurs. The valid events, callback function type, and functions to
353 * be called to register or unregister for notification are defined below.
354 */
355
356#define	CRYPTO_EVENT_MECHS_CHANGED		0x00000001
357#define	CRYPTO_EVENT_PROVIDER_REGISTERED	0x00000002
358#define	CRYPTO_EVENT_PROVIDER_UNREGISTERED	0x00000004
359
360typedef enum {
361	CRYPTO_MECH_ADDED = 1,
362	CRYPTO_MECH_REMOVED
363} crypto_event_change_t;
364
365/* The event_arg argument structure for CRYPTO_EVENT_PROVIDERS_CHANGE event */
366typedef struct crypto_notify_event_change {
367	crypto_mech_name_t ec_mech_name;
368	crypto_provider_type_t ec_provider_type;
369	crypto_event_change_t ec_change;
370} crypto_notify_event_change_t;
371
372typedef void *crypto_notify_handle_t;
373typedef void (*crypto_notify_callback_t)(uint32_t event_mask, void *event_arg);
374
375extern crypto_notify_handle_t crypto_notify_events(
376    crypto_notify_callback_t nf, uint32_t event_mask);
377extern void crypto_unnotify_events(crypto_notify_handle_t);
378
379/*
380 * crypto_bufcall(9F) group of routines.
381 */
382extern crypto_bc_t crypto_bufcall_alloc(void);
383extern int crypto_bufcall_free(crypto_bc_t bc);
384extern int crypto_bufcall(crypto_bc_t bc, void (*func)(void *arg), void *arg);
385extern int crypto_unbufcall(crypto_bc_t bc);
386
387/*
388 * To obtain the list of key size ranges supported by a mechanism.
389 */
390
391#define	CRYPTO_MECH_USAGE_ENCRYPT	0x00000001
392#define	CRYPTO_MECH_USAGE_DECRYPT	0x00000002
393#define	CRYPTO_MECH_USAGE_MAC		0x00000004
394
395typedef	uint32_t crypto_mech_usage_t;
396
397typedef struct crypto_mechanism_info {
398	size_t mi_min_key_size;
399	size_t mi_max_key_size;
400	crypto_keysize_unit_t mi_keysize_unit; /* for mi_xxx_key_size */
401	crypto_mech_usage_t mi_usage;
402} crypto_mechanism_info_t;
403
404#ifdef	_SYSCALL32
405
406typedef struct crypto_mechanism_info32 {
407	size32_t mi_min_key_size;
408	size32_t mi_max_key_size;
409	crypto_keysize_unit_t mi_keysize_unit; /* for mi_xxx_key_size */
410	crypto_mech_usage_t mi_usage;
411} crypto_mechanism_info32_t;
412
413#endif	/* _SYSCALL32 */
414
415extern int crypto_get_all_mech_info(crypto_mech_type_t,
416    crypto_mechanism_info_t **, uint_t *, int);
417extern void crypto_free_all_mech_info(crypto_mechanism_info_t *, uint_t);
418
419#ifdef	__cplusplus
420}
421#endif
422
423#endif	/* _SYS_CRYPTO_API_H */
424