1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_API_H 27 #define _SYS_CRYPTO_API_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #include <sys/types.h> 36 #include <sys/crypto/common.h> 37 38 #ifdef _KERNEL 39 40 41 typedef long crypto_req_id_t; 42 typedef void *crypto_bc_t; 43 typedef void *crypto_context_t; 44 typedef void *crypto_ctx_template_t; 45 46 typedef uint32_t crypto_call_flag_t; 47 48 /* crypto_call_flag's values */ 49 #define CRYPTO_ALWAYS_QUEUE 0x00000001 /* ALWAYS queue the req. */ 50 #define CRYPTO_NOTIFY_OPDONE 0x00000002 /* Notify intermediate steps */ 51 #define CRYPTO_SKIP_REQID 0x00000004 /* Skip request ID generation */ 52 #define CRYPTO_RESTRICTED 0x00000008 /* cannot use restricted prov */ 53 54 typedef struct { 55 crypto_call_flag_t cr_flag; 56 void (*cr_callback_func)(void *, int); 57 void *cr_callback_arg; 58 crypto_req_id_t cr_reqid; 59 } crypto_call_req_t; 60 61 /* 62 * Returns the mechanism type corresponding to a mechanism name. 63 */ 64 65 #define CRYPTO_MECH_INVALID ((uint64_t)-1) 66 extern crypto_mech_type_t crypto_mech2id(crypto_mech_name_t name); 67 68 /* 69 * Create and destroy context templates. 70 */ 71 extern int crypto_create_ctx_template(crypto_mechanism_t *mech, 72 crypto_key_t *key, crypto_ctx_template_t *tmpl, int kmflag); 73 extern void crypto_destroy_ctx_template(crypto_ctx_template_t tmpl); 74 75 /* 76 * Single and multi-part digest operations. 77 */ 78 extern int crypto_digest(crypto_mechanism_t *mech, crypto_data_t *data, 79 crypto_data_t *digest, crypto_call_req_t *cr); 80 extern int crypto_digest_prov(crypto_provider_t, crypto_session_id_t, 81 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *, 82 crypto_call_req_t *); 83 extern int crypto_digest_init(crypto_mechanism_t *mech, crypto_context_t *ctxp, 84 crypto_call_req_t *cr); 85 extern int crypto_digest_init_prov(crypto_provider_t, crypto_session_id_t, 86 crypto_mechanism_t *, crypto_context_t *, crypto_call_req_t *); 87 extern int crypto_digest_update(crypto_context_t ctx, crypto_data_t *data, 88 crypto_call_req_t *cr); 89 extern int crypto_digest_final(crypto_context_t ctx, crypto_data_t *digest, 90 crypto_call_req_t *cr); 91 92 /* 93 * Single and multi-part MAC operations. 94 */ 95 extern int crypto_mac(crypto_mechanism_t *mech, crypto_data_t *data, 96 crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac, 97 crypto_call_req_t *cr); 98 extern int crypto_mac_prov(crypto_provider_t, crypto_session_id_t, 99 crypto_mechanism_t *, crypto_data_t *, crypto_key_t *, 100 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 101 extern int crypto_mac_verify(crypto_mechanism_t *mech, crypto_data_t *data, 102 crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *mac, 103 crypto_call_req_t *cr); 104 extern int crypto_mac_verify_prov(crypto_provider_t, crypto_session_id_t, 105 crypto_mechanism_t *, crypto_data_t *, crypto_key_t *, 106 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 107 extern int crypto_mac_init(crypto_mechanism_t *mech, crypto_key_t *key, 108 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr); 109 extern int crypto_mac_init_prov(crypto_provider_t, crypto_session_id_t, 110 crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t, 111 crypto_context_t *, crypto_call_req_t *); 112 extern int crypto_mac_update(crypto_context_t ctx, crypto_data_t *data, 113 crypto_call_req_t *cr); 114 extern int crypto_mac_final(crypto_context_t ctx, crypto_data_t *data, 115 crypto_call_req_t *cr); 116 117 /* 118 * Single and multi-part sign with private key operations. 119 */ 120 extern int crypto_sign(crypto_mechanism_t *mech, crypto_key_t *key, 121 crypto_data_t *data, crypto_ctx_template_t tmpl, 122 crypto_data_t *signature, crypto_call_req_t *cr); 123 extern int crypto_sign_prov(crypto_provider_t, crypto_session_id_t, 124 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 125 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 126 extern int crypto_sign_init(crypto_mechanism_t *mech, crypto_key_t *key, 127 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr); 128 extern int crypto_sign_init_prov(crypto_provider_t, crypto_session_id_t, 129 crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t, 130 crypto_context_t *, crypto_call_req_t *); 131 extern int crypto_sign_update(crypto_context_t ctx, crypto_data_t *data, 132 crypto_call_req_t *cr); 133 extern int crypto_sign_final(crypto_context_t ctx, crypto_data_t *signature, 134 crypto_call_req_t *cr); 135 extern int crypto_sign_recover_init_prov(crypto_provider_t, 136 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 137 crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *); 138 extern int crypto_sign_recover(crypto_mechanism_t *mech, crypto_key_t *key, 139 crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature, 140 crypto_call_req_t *cr); 141 extern int crypto_sign_recover_prov(crypto_provider_t, crypto_session_id_t, 142 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 143 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 144 145 /* 146 * Single and multi-part verify with public key operations. 147 */ 148 extern int crypto_verify(crypto_mechanism_t *mech, crypto_key_t *key, 149 crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature, 150 crypto_call_req_t *cr); 151 extern int crypto_verify_prov(crypto_provider_t, crypto_session_id_t, 152 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 153 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 154 extern int crypto_verify_init(crypto_mechanism_t *mech, crypto_key_t *key, 155 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr); 156 extern int crypto_verify_init_prov(crypto_provider_t, crypto_session_id_t, 157 crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t, 158 crypto_context_t *, crypto_call_req_t *); 159 extern int crypto_verify_update(crypto_context_t ctx, crypto_data_t *data, 160 crypto_call_req_t *cr); 161 extern int crypto_verify_final(crypto_context_t ctx, crypto_data_t *signature, 162 crypto_call_req_t *cr); 163 extern int crypto_verify_recover_init_prov(crypto_provider_t, 164 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, 165 crypto_ctx_template_t tmpl, crypto_context_t *, crypto_call_req_t *); 166 extern int crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key, 167 crypto_data_t *signature, crypto_ctx_template_t tmpl, crypto_data_t *data, 168 crypto_call_req_t *cr); 169 extern int crypto_verify_recover_prov(crypto_provider_t, crypto_session_id_t, 170 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 171 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 172 173 /* 174 * Single and multi-part encryption operations. 175 */ 176 extern int crypto_encrypt(crypto_mechanism_t *mech, crypto_data_t *plaintext, 177 crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *ciphertext, 178 crypto_call_req_t *cr); 179 extern int crypto_encrypt_prov(crypto_provider_t, crypto_session_id_t, 180 crypto_mechanism_t *, crypto_data_t *, crypto_key_t *, 181 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 182 extern int crypto_encrypt_init(crypto_mechanism_t *mech, crypto_key_t *key, 183 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *cr); 184 extern int crypto_encrypt_init_prov(crypto_provider_t, crypto_session_id_t, 185 crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t, 186 crypto_context_t *, crypto_call_req_t *); 187 extern int crypto_encrypt_update(crypto_context_t ctx, 188 crypto_data_t *plaintext, crypto_data_t *ciphertext, 189 crypto_call_req_t *cr); 190 extern int crypto_encrypt_final(crypto_context_t ctx, 191 crypto_data_t *ciphertext, crypto_call_req_t *cr); 192 193 /* 194 * Single and multi-part decryption operations. 195 */ 196 extern int crypto_decrypt(crypto_mechanism_t *mech, crypto_data_t *ciphertext, 197 crypto_key_t *key, crypto_ctx_template_t tmpl, crypto_data_t *plaintext, 198 crypto_call_req_t *cr); 199 extern int crypto_decrypt_prov(crypto_provider_t, crypto_session_id_t, 200 crypto_mechanism_t *, crypto_data_t *, crypto_key_t *, 201 crypto_ctx_template_t, crypto_data_t *, crypto_call_req_t *); 202 extern int crypto_decrypt_init(crypto_mechanism_t *mech, crypto_key_t *key, 203 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, 204 crypto_call_req_t *cr); 205 extern int crypto_decrypt_init_prov(crypto_provider_t, crypto_session_id_t, 206 crypto_mechanism_t *, crypto_key_t *, crypto_ctx_template_t, 207 crypto_context_t *, crypto_call_req_t *); 208 extern int crypto_decrypt_update(crypto_context_t ctx, 209 crypto_data_t *ciphertext, crypto_data_t *plaintext, 210 crypto_call_req_t *cr); 211 extern int crypto_decrypt_final(crypto_context_t ctx, crypto_data_t *plaintext, 212 crypto_call_req_t *cr); 213 214 /* 215 * Single and multi-part encrypt/MAC dual operations. 216 */ 217 extern int crypto_encrypt_mac(crypto_mechanism_t *encr_mech, 218 crypto_mechanism_t *mac_mech, crypto_data_t *pt, 219 crypto_key_t *encr_key, crypto_key_t *mac_key, 220 crypto_ctx_template_t encr_tmpl, crypto_ctx_template_t mac_tmpl, 221 crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *cr); 222 extern int crypto_encrypt_mac_prov(crypto_provider_t, crypto_session_id_t, 223 crypto_mechanism_t *, crypto_mechanism_t *, crypto_data_t *, 224 crypto_key_t *, crypto_key_t *, crypto_ctx_template_t, 225 crypto_ctx_template_t, crypto_dual_data_t *, crypto_data_t *, 226 crypto_call_req_t *); 227 extern int crypto_encrypt_mac_init(crypto_mechanism_t *encr_mech, 228 crypto_mechanism_t *mac_mech, crypto_key_t *encr_key, 229 crypto_key_t *mac_key, crypto_ctx_template_t encr_tmpl, 230 crypto_ctx_template_t mac_tmpl, crypto_context_t *ctxp, 231 crypto_call_req_t *cr); 232 extern int crypto_encrypt_mac_init_prov(crypto_provider_t, crypto_session_id_t, 233 crypto_mechanism_t *, crypto_mechanism_t *, crypto_key_t *, crypto_key_t *, 234 crypto_ctx_template_t, crypto_ctx_template_t, crypto_context_t *, 235 crypto_call_req_t *); 236 extern int crypto_encrypt_mac_update(crypto_context_t ctx, 237 crypto_data_t *pt, crypto_dual_data_t *ct, crypto_call_req_t *cr); 238 extern int crypto_encrypt_mac_final(crypto_context_t ctx, 239 crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *cr); 240 241 /* 242 * Single and multi-part MAC/decrypt dual operations. 243 */ 244 extern int crypto_mac_decrypt(crypto_mechanism_t *mac_mech, 245 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct, 246 crypto_key_t *mac_key, crypto_key_t *decr_key, 247 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl, 248 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr); 249 extern int crypto_mac_decrypt_prov(crypto_provider_t, crypto_session_id_t, 250 crypto_mechanism_t *mac_mech, crypto_mechanism_t *decr_mech, 251 crypto_dual_data_t *ct, crypto_key_t *mac_key, crypto_key_t *decr_key, 252 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl, 253 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr); 254 extern int crypto_mac_verify_decrypt(crypto_mechanism_t *mac_mech, 255 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct, 256 crypto_key_t *mac_key, crypto_key_t *decr_key, 257 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl, 258 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr); 259 extern int crypto_mac_verify_decrypt_prov(crypto_provider_t, 260 crypto_session_id_t, crypto_mechanism_t *mac_mech, 261 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct, 262 crypto_key_t *mac_key, crypto_key_t *decr_key, 263 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl, 264 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *cr); 265 extern int crypto_mac_decrypt_init(crypto_mechanism_t *mac_mech, 266 crypto_mechanism_t *decr_mech, crypto_key_t *mac_key, 267 crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl, 268 crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp, 269 crypto_call_req_t *cr); 270 extern int crypto_mac_decrypt_init_prov(crypto_provider_t, 271 crypto_session_id_t, crypto_mechanism_t *mac_mech, 272 crypto_mechanism_t *decr_mech, crypto_key_t *mac_key, 273 crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl, 274 crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp, 275 crypto_call_req_t *cr); 276 extern int crypto_mac_decrypt_update(crypto_context_t ctx, 277 crypto_dual_data_t *ct, crypto_data_t *pt, crypto_call_req_t *cr); 278 extern int crypto_mac_decrypt_final(crypto_context_t ctx, crypto_data_t *mac, 279 crypto_data_t *pt, crypto_call_req_t *cr); 280 281 /* Session Management */ 282 extern int crypto_session_open(crypto_provider_t, crypto_session_id_t *, 283 crypto_call_req_t *); 284 extern int crypto_session_close(crypto_provider_t, crypto_session_id_t, 285 crypto_call_req_t *); 286 extern int crypto_session_login(crypto_provider_t, crypto_session_id_t, 287 crypto_user_type_t, char *, size_t, crypto_call_req_t *); 288 extern int crypto_session_logout(crypto_provider_t, crypto_session_id_t, 289 crypto_call_req_t *); 290 291 /* Object Management */ 292 extern int crypto_object_copy(crypto_provider_t, crypto_session_id_t, 293 crypto_object_id_t, crypto_object_attribute_t *, uint_t, 294 crypto_object_id_t *, crypto_call_req_t *); 295 extern int crypto_object_create(crypto_provider_t, crypto_session_id_t, 296 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 297 crypto_call_req_t *); 298 extern int crypto_object_destroy(crypto_provider_t, crypto_session_id_t, 299 crypto_object_id_t, crypto_call_req_t *); 300 extern int crypto_object_get_attribute_value(crypto_provider_t, 301 crypto_session_id_t, crypto_object_id_t, crypto_object_attribute_t *, 302 uint_t, crypto_call_req_t *); 303 extern int crypto_object_get_size(crypto_provider_t, crypto_session_id_t, 304 crypto_object_id_t, size_t *, crypto_call_req_t *); 305 extern int crypto_object_find_final(crypto_provider_t, void *, 306 crypto_call_req_t *); 307 extern int crypto_object_find_init(crypto_provider_t, crypto_session_id_t, 308 crypto_object_attribute_t *, uint_t, void **, crypto_call_req_t *); 309 extern int crypto_object_find(crypto_provider_t, void *, crypto_object_id_t *, 310 uint_t *, uint_t, crypto_call_req_t *); 311 extern int crypto_object_set_attribute_value(crypto_provider_t, 312 crypto_session_id_t, crypto_object_id_t, crypto_object_attribute_t *, 313 uint_t, crypto_call_req_t *); 314 315 /* Key Management */ 316 extern int crypto_key_derive(crypto_provider_t, crypto_session_id_t, 317 crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, 318 uint_t, crypto_object_id_t *, crypto_call_req_t *); 319 extern int crypto_key_generate(crypto_provider_t, crypto_session_id_t, 320 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 321 crypto_object_id_t *, crypto_call_req_t *); 322 extern int crypto_key_generate_pair(crypto_provider_t, crypto_session_id_t, 323 crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, 324 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 325 crypto_object_id_t *, crypto_call_req_t *); 326 extern int crypto_key_unwrap(crypto_provider_t, crypto_session_id_t, 327 crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *, 328 crypto_object_attribute_t *, uint_t, crypto_object_id_t *, 329 crypto_call_req_t *); 330 extern int crypto_key_wrap(crypto_provider_t, crypto_session_id_t, 331 crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, uchar_t *, 332 size_t *, crypto_call_req_t *); 333 extern int crypto_key_check_prov(crypto_provider_t, crypto_mechanism_t *mech, 334 crypto_key_t *key); 335 extern int crypto_key_check(crypto_mechanism_t *mech, crypto_key_t *key); 336 337 338 /* 339 * Routines to cancel a single asynchronous request or all asynchronous 340 * requests associated with a particular context. 341 */ 342 extern void crypto_cancel_req(crypto_req_id_t req); 343 extern void crypto_cancel_ctx(crypto_context_t ctx); 344 345 /* 346 * crypto_get_mech_list(9F) allocates and returns the list of currently 347 * supported cryptographic mechanisms. 348 */ 349 extern crypto_mech_name_t *crypto_get_mech_list(uint_t *count, int kmflag); 350 extern void crypto_free_mech_list(crypto_mech_name_t *mech_names, 351 uint_t count); 352 353 extern crypto_provider_t crypto_get_provider(char *, char *, char *); 354 extern int crypto_get_provinfo(crypto_provider_t, crypto_provider_ext_info_t *); 355 extern void crypto_release_provider(crypto_provider_t); 356 357 /* 358 * A kernel consumer can request to be notified when some particular event 359 * occurs. The valid events, callback function type, and functions to 360 * be called to register or unregister for notification are defined below. 361 */ 362 363 #define CRYPTO_EVENT_MECHS_CHANGED 0x00000001 364 #define CRYPTO_EVENT_PROVIDER_REGISTERED 0x00000002 365 #define CRYPTO_EVENT_PROVIDER_UNREGISTERED 0x00000004 366 367 typedef enum { 368 CRYPTO_MECH_ADDED = 1, 369 CRYPTO_MECH_REMOVED 370 } crypto_event_change_t; 371 372 /* The event_arg argument structure for CRYPTO_EVENT_PROVIDERS_CHANGE event */ 373 typedef struct crypto_notify_event_change { 374 crypto_mech_name_t ec_mech_name; 375 crypto_provider_type_t ec_provider_type; 376 crypto_event_change_t ec_change; 377 } crypto_notify_event_change_t; 378 379 typedef void *crypto_notify_handle_t; 380 typedef void (*crypto_notify_callback_t)(uint32_t event_mask, void *event_arg); 381 382 extern crypto_notify_handle_t crypto_notify_events( 383 crypto_notify_callback_t nf, uint32_t event_mask); 384 extern void crypto_unnotify_events(crypto_notify_handle_t); 385 386 /* 387 * crypto_bufcall(9F) group of routines. 388 */ 389 extern crypto_bc_t crypto_bufcall_alloc(void); 390 extern int crypto_bufcall_free(crypto_bc_t bc); 391 extern int crypto_bufcall(crypto_bc_t bc, void (*func)(void *arg), void *arg); 392 extern int crypto_unbufcall(crypto_bc_t bc); 393 394 /* 395 * To obtain the list of key size ranges supported by a mechanism. 396 */ 397 398 #define CRYPTO_MECH_USAGE_ENCRYPT 0x00000001 399 #define CRYPTO_MECH_USAGE_DECRYPT 0x00000002 400 #define CRYPTO_MECH_USAGE_MAC 0x00000004 401 402 typedef uint32_t crypto_mech_usage_t; 403 404 typedef struct crypto_mechanism_info { 405 size_t mi_min_key_size; 406 size_t mi_max_key_size; 407 crypto_keysize_unit_t mi_keysize_unit; /* for mi_xxx_key_size */ 408 crypto_mech_usage_t mi_usage; 409 } crypto_mechanism_info_t; 410 411 extern int crypto_get_all_mech_info(crypto_mech_type_t, 412 crypto_mechanism_info_t **, uint_t *, int); 413 414 #endif /* _KERNEL */ 415 416 #ifdef __cplusplus 417 } 418 #endif 419 420 #endif /* _SYS_CRYPTO_API_H */ 421