xref: /illumos-gate/usr/src/uts/common/crypto/io/dprov.c (revision 05204290)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  * Copyright 2018, Joyent, Inc.
26  */
27 
28 
29 /*
30  * Dummy Cryptographic Provider:
31  *
32  * This file implements a "dummy" cryptographic provider. It is implemented
33  * as a pseudo device driver.
34  *
35  */
36 
37 /*
38  * This driver implements a KEF provider with the following capabilities:
39  *
40  * - registration/unregistration with KEF
41  * - digest entry points
42  * - mac entry points
43  * - ctx management
44  * - support for async requests
45  * - cipher entry points
46  * - dual entry points
47  * - sign entry points
48  * - verify entry points
49  * - dual operations entry points
50  * - dual cipher/mac operation entry points
51  * - session management
52  * - object management
53  * - key management
54  * - provider management
55  *
56  * In order to avoid duplicating the implementation of algorithms
57  * provided by software providers, this pseudo driver acts as
58  * a consumer of the framework. When invoking one of the framework's
59  * entry points, the driver specifies the software provider to
60  * be used for the operation.
61  *
62  * User management: we implement a PKCS#11 style provider which supports:
63  * - one normal user with a PIN, and
64  * - one SO user with a PIN.
65  * These values are kept in the per-instance structure, and are initialized
66  * with the provider management entry points.
67  *
68  */
69 
70 
71 #include <sys/types.h>
72 #include <sys/modctl.h>
73 #include <sys/conf.h>
74 #include <sys/stat.h>
75 #include <sys/ddi.h>
76 #include <sys/sunddi.h>
77 #include <sys/kmem.h>
78 #include <sys/errno.h>
79 #include <sys/ksynch.h>
80 #include <sys/file.h>
81 #include <sys/open.h>
82 #include <sys/cred.h>
83 #include <sys/model.h>
84 #include <sys/note.h>
85 #include <sys/random.h>
86 #include <sys/byteorder.h>
87 #include <sys/crypto/common.h>
88 #include <sys/crypto/spi.h>
89 
90 #include <sys/taskq.h>
91 #include <sys/disp.h>
92 #include <sys/sysmacros.h>
93 #include <sys/crypto/impl.h>
94 #include <sys/crypto/sched_impl.h>
95 
96 #include <sys/sha2.h>
97 #include <modes/modes.h>
98 #include <aes/aes_impl.h>
99 #include <des/des_impl.h>
100 #include <ecc/ecc_impl.h>
101 #include <blowfish/blowfish_impl.h>
102 
103 /*
104  * Debugging macros.
105  */
106 #ifdef DEBUG
107 #define	D_INIT		0x00000001	/* _init/_fini/_info */
108 #define	D_ATTACH	0x00000002	/* attach/detach */
109 #define	D_DIGEST	0x00000010	/* digest entry points */
110 #define	D_MAC		0x00000020	/* mac entry points */
111 #define	D_CONTEXT	0x00000040	/* context entry points */
112 #define	D_CIPHER	0x00000080	/* cipher entry points */
113 #define	D_SIGN		0x00000100	/* sign entry points */
114 #define	D_VERIFY	0x00000200	/* verify entry points */
115 #define	D_SESSION	0x00000400	/* session management entry points */
116 #define	D_MGMT		0x00000800	/* provider management entry points */
117 #define	D_DUAL		0x00001000	/* dual ops */
118 #define	D_CIPHER_MAC	0x00002000	/* cipher/mac dual ops */
119 #define	D_OBJECT	0x00004000	/* object management */
120 #define	D_RANDOM	0x00008000	/* random number generation */
121 #define	D_KEY		0x00010000	/* key management */
122 
123 static uint32_t dprov_debug = 0;
124 
125 #define	DPROV_DEBUG(f, x)	if (dprov_debug & (f)) { (void) printf x; }
126 #define	DPROV_CALL(f, r, x)	if (dprov_debug & (f)) { (void) r x; }
127 #else /* DEBUG */
128 #define	DPROV_DEBUG(f, x)
129 #define	DPROV_CALL(f, r, x)
130 #endif /* DEBUG */
131 
132 static int nostore_key_gen;
133 static boolean_t dprov_no_multipart = B_FALSE;
134 static int dprov_max_digestsz = INT_MAX;
135 
136 /*
137  * DDI entry points.
138  */
139 static int dprov_attach(dev_info_t *, ddi_attach_cmd_t);
140 static int dprov_detach(dev_info_t *, ddi_detach_cmd_t);
141 static int dprov_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
142 
143 /*
144  * Module linkage.
145  */
146 static struct cb_ops cbops = {
147 	nodev,			/* cb_open */
148 	nodev,			/* cb_close */
149 	nodev,			/* cb_strategy */
150 	nodev,			/* cb_print */
151 	nodev,			/* cb_dump */
152 	nodev,			/* cb_read */
153 	nodev,			/* cb_write */
154 	nodev,			/* cb_ioctl */
155 	nodev,			/* cb_devmap */
156 	nodev,			/* cb_mmap */
157 	nodev,			/* cb_segmap */
158 	nochpoll,		/* cb_chpoll */
159 	ddi_prop_op,		/* cb_prop_op */
160 	NULL,			/* cb_streamtab */
161 	D_MP,			/* cb_flag */
162 	CB_REV,			/* cb_rev */
163 	nodev,			/* cb_aread */
164 	nodev,			/* cb_awrite */
165 };
166 
167 static struct dev_ops devops = {
168 	DEVO_REV,		/* devo_rev */
169 	0,			/* devo_refcnt */
170 	dprov_getinfo,		/* devo_getinfo */
171 	nulldev,		/* devo_identify */
172 	nulldev,		/* devo_probe */
173 	dprov_attach,		/* devo_attach */
174 	dprov_detach,		/* devo_detach */
175 	nodev,			/* devo_reset */
176 	&cbops,			/* devo_cb_ops */
177 	NULL,			/* devo_bus_ops */
178 	NULL,			/* devo_power */
179 	ddi_quiesce_not_needed,		/* devo_quiesce */
180 };
181 
182 static struct modldrv modldrv = {
183 	&mod_driverops,
184 	"Pseudo KCF Prov (drv)",
185 	&devops
186 };
187 
188 static struct modlcrypto modlcrypto = {
189 	&mod_cryptoops,
190 	"Pseudo KCF Prov (crypto)"
191 };
192 
193 static struct modlinkage modlinkage = {
194 	MODREV_1,
195 	&modldrv,
196 	&modlcrypto,
197 	NULL
198 };
199 
200 /*
201  * CSPI information (entry points, provider info, etc.)
202  */
203 
204 typedef enum dprov_mech_type {
205 	MD4_MECH_INFO_TYPE,		/* SUN_CKM_MD4 */
206 
207 	MD5_MECH_INFO_TYPE,		/* SUN_CKM_MD5 */
208 	MD5_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_MD5_HMAC */
209 	MD5_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_MD5_HMAC_GENERAL */
210 
211 	SHA1_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA1_HMAC */
212 	SHA1_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA1_HMAC_GENERAL */
213 	SHA1_MECH_INFO_TYPE,		/* SUN_CKM_SHA1 */
214 
215 	SHA256_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC */
216 	SHA256_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_HMAC_GENERAL */
217 	SHA256_MECH_INFO_TYPE,		/* SUN_CKM_SHA256 */
218 	SHA384_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC */
219 	SHA384_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_HMAC_GENERAL */
220 	SHA384_MECH_INFO_TYPE,		/* SUN_CKM_SHA384 */
221 	SHA512_HMAC_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC */
222 	SHA512_HMAC_GEN_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_HMAC_GENERAL */
223 	SHA512_MECH_INFO_TYPE,		/* SUN_CKM_SHA512 */
224 	SHA512_224_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_224 */
225 	SHA512_256_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_256 */
226 
227 	DES_CBC_MECH_INFO_TYPE,		/* SUN_CKM_DES_CBC */
228 	DES3_CBC_MECH_INFO_TYPE,	/* SUN_CKM_DES3_CBC */
229 	DES_ECB_MECH_INFO_TYPE,		/* SUN_CKM_DES_ECB */
230 	DES3_ECB_MECH_INFO_TYPE,	/* SUN_CKM_DES3_ECB */
231 
232 	BLOWFISH_CBC_MECH_INFO_TYPE,	/* SUN_CKM_BLOWFISH_CBC */
233 	BLOWFISH_ECB_MECH_INFO_TYPE,	/* SUN_CKM_BLOWFISH_ECB */
234 	AES_CBC_MECH_INFO_TYPE,		/* SUN_CKM_AES_CBC */
235 	AES_CMAC_MECH_INFO_TYPE,	/* SUN_CKM_AES_CMAC */
236 	AES_ECB_MECH_INFO_TYPE,		/* SUN_CKM_AES_ECB */
237 	AES_CTR_MECH_INFO_TYPE,		/* SUN_CKM_AES_CTR */
238 	AES_CCM_MECH_INFO_TYPE,		/* SUN_CKM_AES_CCM */
239 	AES_GCM_MECH_INFO_TYPE,		/* SUN_CKM_AES_GCM */
240 	AES_GMAC_MECH_INFO_TYPE,	/* SUN_CKM_AES_GMAC */
241 	RC4_MECH_INFO_TYPE,		/* SUN_CKM_RC4 */
242 	RSA_PKCS_MECH_INFO_TYPE,	/* SUN_CKM_RSA_PKCS */
243 	RSA_X_509_MECH_INFO_TYPE,	/* SUN_CKM_RSA_X_509 */
244 	MD5_RSA_PKCS_MECH_INFO_TYPE,	/* SUN_CKM_MD5_RSA_PKCS */
245 	SHA1_RSA_PKCS_MECH_INFO_TYPE,	/* SUN_CKM_SHA1_RSA_PKCS */
246 	SHA256_RSA_PKCS_MECH_INFO_TYPE,	/* SUN_CKM_SHA256_RSA_PKCS */
247 	SHA384_RSA_PKCS_MECH_INFO_TYPE,	/* SUN_CKM_SHA384_RSA_PKCS */
248 	SHA512_RSA_PKCS_MECH_INFO_TYPE,	/* SUN_CKM_SHA512_RSA_PKCS */
249 	MD5_KEY_DERIVATION_MECH_INFO_TYPE, /* SUN_CKM_MD5_KEY_DERIVATION */
250 	SHA1_KEY_DERIVATION_MECH_INFO_TYPE, /* SUN_CKM_SHA1_KEY_DERIVATION */
251 	/* SUN_CKM_SHA256_KEY_DERIVATION */
252 	SHA256_KEY_DERIVATION_MECH_INFO_TYPE,
253 	/* SUN_CKM_SHA384_KEY_DERIVATION */
254 	SHA384_KEY_DERIVATION_MECH_INFO_TYPE,
255 	/* SUN_CKM_SHA512_KEY_DERIVATION */
256 	SHA512_KEY_DERIVATION_MECH_INFO_TYPE,
257 	DES_KEY_GEN_MECH_INFO_TYPE,	/* SUN_CKM_DES_KEY_GEN */
258 	DES3_KEY_GEN_MECH_INFO_TYPE,	/* SUN_CKM_DES3_KEY_GEN */
259 	AES_KEY_GEN_MECH_INFO_TYPE,	/* SUN_CKM_AES_KEY_GEN */
260 	BLOWFISH_KEY_GEN_MECH_INFO_TYPE,	/* SUN_CKM_BLOWFISH_KEY_GEN */
261 	RC4_KEY_GEN_MECH_INFO_TYPE,	/* SUN_CKM_RC4_KEY_GEN */
262 	EC_KEY_PAIR_GEN_MECH_INFO_TYPE,	/* SUN_CKM_EC_KEY_PAIR_GEN */
263 	ECDSA_MECH_INFO_TYPE,		/* SUN_CKM_ECDSA */
264 	ECDSA_SHA1_MECH_INFO_TYPE,	/* SUN_CKM_ECDSA_SHA1 */
265 	ECDH1_DERIVE_MECH_INFO_TYPE,	/* SUN_CKM_ECDH1_DERIVE */
266 	DH_PKCS_KEY_PAIR_GEN_MECH_INFO_TYPE, /* SUN_CKM_DH_PKCS_KEY_PAIR_GEN */
267 	DH_PKCS_DERIVE_MECH_INFO_TYPE,	/* SUN_CKM_DH_PKCS_DERIVE */
268 	RSA_PKCS_KEY_PAIR_GEN_MECH_INFO_TYPE /* SUN_CKM_RSA_PKCS_KEY_PAIR_GEN */
269 } dprov_mech_type_t;
270 
271 /*
272  * Mechanism info structure passed to KCF during registration.
273  */
274 #define	MD5_DIGEST_LEN		16	/* MD5 digest size */
275 #define	MD5_HMAC_BLOCK_SIZE	64	/* MD5-HMAC block size */
276 #define	MD5_HMAC_MIN_KEY_LEN	1	/* MD5-HMAC min key length in bytes */
277 #define	MD5_HMAC_MAX_KEY_LEN	INT_MAX	/* MD5-HMAC max key length in bytes */
278 
279 #define	SHA1_DIGEST_LEN		20	/* SHA1 digest size */
280 #define	SHA1_HMAC_BLOCK_SIZE	64	/* SHA1-HMAC block size */
281 #define	SHA1_HMAC_MIN_KEY_LEN	1	/* SHA1-HMAC min key length in bytes */
282 #define	SHA1_HMAC_MAX_KEY_LEN	INT_MAX	/* SHA1-HMAC max key length in bytes */
283 
284 #define	DES_KEY_LEN		8	/* DES key length in bytes */
285 #define	DES3_KEY_LEN		24	/* DES3 key length in bytes */
286 
287 #define	BLOWFISH_MIN_KEY_LEN	32	/* Blowfish min key length in bits */
288 #define	BLOWFISH_MAX_KEY_LEN	448	/* Blowfish max key length in bits */
289 
290 #define	AES_MIN_KEY_LEN		16	/* AES min key length in bytes */
291 #define	AES_MAX_KEY_LEN		32	/* AES max key length in bytes */
292 
293 #define	ARCFOUR_MIN_KEY_BITS	40	/* RC4 min supported key size */
294 #define	ARCFOUR_MAX_KEY_BITS	2048	/* RC4 max supported key size */
295 
296 #define	RSA_MIN_KEY_LEN		256	/* RSA min key length in bits */
297 #define	RSA_MAX_KEY_LEN		4096	/* RSA max key length in bits */
298 
299 #define	DH_MIN_KEY_LEN		64	/* DH min key length in bits */
300 #define	DH_MAX_KEY_LEN		4096	/* DH max key length in bits */
301 
302 #define	DPROV_CKM_MD5_KEY_DERIVATION	"CKM_MD5_KEY_DERIVATION"
303 #define	DPROV_CKM_SHA1_KEY_DERIVATION	"CKM_SHA1_KEY_DERIVATION"
304 #define	DPROV_CKM_SHA256_KEY_DERIVATION	"CKM_SHA256_KEY_DERIVATION"
305 #define	DPROV_CKM_SHA384_KEY_DERIVATION	"CKM_SHA384_KEY_DERIVATION"
306 #define	DPROV_CKM_SHA512_KEY_DERIVATION	"CKM_SHA512_KEY_DERIVATION"
307 #define	DPROV_CKM_DES_KEY_GEN		"CKM_DES_KEY_GEN"
308 #define	DPROV_CKM_DES3_KEY_GEN		"CKM_DES3_KEY_GEN"
309 #define	DPROV_CKM_AES_KEY_GEN		"CKM_AES_KEY_GEN"
310 #define	DPROV_CKM_BLOWFISH_KEY_GEN	"CKM_BLOWFISH_KEY_GEN"
311 #define	DPROV_CKM_RC4_KEY_GEN		"CKM_RC4_KEY_GEN"
312 #define	DPROV_CKM_RSA_PKCS_KEY_PAIR_GEN	"CKM_RSA_PKCS_KEY_PAIR_GEN"
313 #define	DPROV_CKM_EC_KEY_PAIR_GEN	"CKM_EC_KEY_PAIR_GEN"
314 #define	DPROV_CKM_ECDSA			"CKM_ECDSA"
315 #define	DPROV_CKM_ECDSA_SHA1		"CKM_ECDSA_SHA1"
316 #define	DPROV_CKM_ECDH1_DERIVE		"CKM_ECDH1_DERIVE"
317 #define	DPROV_CKM_DH_PKCS_KEY_PAIR_GEN	"CKM_DH_PKCS_KEY_PAIR_GEN"
318 #define	DPROV_CKM_DH_PKCS_DERIVE	"CKM_DH_PKCS_DERIVE"
319 
320 static crypto_mech_info_t dprov_mech_info_tab[] = {
321 	/* MD4 */
322 	{SUN_CKM_MD4, MD4_MECH_INFO_TYPE,
323 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
324 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
325 	/* MD5 */
326 	{SUN_CKM_MD5, MD5_MECH_INFO_TYPE,
327 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
328 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
329 	/* MD5-HMAC */
330 	{SUN_CKM_MD5_HMAC, MD5_HMAC_MECH_INFO_TYPE,
331 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
332 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
333 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
334 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
335 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
336 	    MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN,
337 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
338 	/* MD5-HMAC GENERAL */
339 	{SUN_CKM_MD5_HMAC_GENERAL, MD5_HMAC_GEN_MECH_INFO_TYPE,
340 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
341 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
342 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
343 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
344 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
345 	    MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN,
346 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
347 	/* SHA1 */
348 	{SUN_CKM_SHA1, SHA1_MECH_INFO_TYPE,
349 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
350 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
351 	/* SHA1-HMAC */
352 	{SUN_CKM_SHA1_HMAC, SHA1_HMAC_MECH_INFO_TYPE,
353 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
354 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
355 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
356 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
357 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
358 	    SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN,
359 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
360 	/* SHA1-HMAC GENERAL */
361 	{SUN_CKM_SHA1_HMAC_GENERAL, SHA1_HMAC_GEN_MECH_INFO_TYPE,
362 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
363 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
364 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
365 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
366 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
367 	    SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN,
368 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
369 	/* SHA256 */
370 	{SUN_CKM_SHA256, SHA256_MECH_INFO_TYPE,
371 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
372 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
373 	/* SHA256-HMAC */
374 	{SUN_CKM_SHA256_HMAC, SHA256_HMAC_MECH_INFO_TYPE,
375 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
376 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
377 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
378 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
379 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
380 	    SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN,
381 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
382 	/* SHA256-HMAC GENERAL */
383 	{SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE,
384 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
385 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
386 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
387 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
388 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
389 	    SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN,
390 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
391 	/* SHA384 */
392 	{SUN_CKM_SHA384, SHA384_MECH_INFO_TYPE,
393 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
394 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
395 	/* SHA384-HMAC */
396 	{SUN_CKM_SHA384_HMAC, SHA384_HMAC_MECH_INFO_TYPE,
397 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
398 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
399 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
400 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
401 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
402 	    SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN,
403 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
404 	/* SHA384-HMAC GENERAL */
405 	{SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE,
406 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
407 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
408 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
409 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
410 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
411 	    SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN,
412 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
413 	/* SHA512 */
414 	{SUN_CKM_SHA512, SHA512_MECH_INFO_TYPE,
415 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
416 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
417 	/* SHA512-HMAC */
418 	{SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE,
419 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
420 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
421 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
422 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
423 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
424 	    SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN,
425 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
426 	/* SHA512-HMAC GENERAL */
427 	{SUN_CKM_SHA512_HMAC_GENERAL, SHA512_HMAC_GEN_MECH_INFO_TYPE,
428 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
429 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
430 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
431 	    CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT |
432 	    CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
433 	    SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN,
434 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
435 	/* SHA512_224 */
436 	{SUN_CKM_SHA512_224, SHA512_224_MECH_INFO_TYPE,
437 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
438 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
439 	/* SHA512_256 */
440 	{SUN_CKM_SHA512_256, SHA512_256_MECH_INFO_TYPE,
441 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0,
442 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
443 	/* DES-CBC */
444 	{SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE,
445 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
446 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
447 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
448 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
449 	    DES_KEY_LEN, DES_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
450 	/* DES3-CBC */
451 	{SUN_CKM_DES3_CBC, DES3_CBC_MECH_INFO_TYPE,
452 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
453 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
454 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
455 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
456 	    DES3_KEY_LEN, DES3_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
457 	/* DES-ECB */
458 	{SUN_CKM_DES_ECB, DES_ECB_MECH_INFO_TYPE,
459 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
460 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
461 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
462 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
463 	    DES_KEY_LEN, DES_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
464 	/* DES3-ECB */
465 	{SUN_CKM_DES3_ECB, DES3_ECB_MECH_INFO_TYPE,
466 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
467 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
468 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
469 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
470 	    DES3_KEY_LEN, DES3_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
471 	/* BLOWFISH-CBC */
472 	{SUN_CKM_BLOWFISH_CBC, BLOWFISH_CBC_MECH_INFO_TYPE,
473 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
474 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
475 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
476 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC, BLOWFISH_MIN_KEY_LEN,
477 	    BLOWFISH_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
478 	/* BLOWFISH-ECB */
479 	{SUN_CKM_BLOWFISH_ECB, BLOWFISH_ECB_MECH_INFO_TYPE,
480 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
481 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
482 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
483 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC, BLOWFISH_MIN_KEY_LEN,
484 	    BLOWFISH_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
485 	/* AES-CBC */
486 	{SUN_CKM_AES_CBC, AES_CBC_MECH_INFO_TYPE,
487 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
488 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
489 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
490 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
491 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
492 	/* AES-CMAC */
493 	{SUN_CKM_AES_CMAC, AES_CMAC_MECH_INFO_TYPE,
494 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_MAC |
495 	    CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
496 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
497 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
498 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
499 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
500 	/* AES-ECB */
501 	{SUN_CKM_AES_ECB, AES_ECB_MECH_INFO_TYPE,
502 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
503 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
504 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
505 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
506 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
507 	/* AES-CTR */
508 	{SUN_CKM_AES_CTR, AES_CTR_MECH_INFO_TYPE,
509 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
510 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
511 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
512 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
513 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
514 	/* AES-CCM */
515 	{SUN_CKM_AES_CCM, AES_CCM_MECH_INFO_TYPE,
516 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
517 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
518 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
519 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
520 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
521 	/* AES-GCM */
522 	{SUN_CKM_AES_GCM, AES_GCM_MECH_INFO_TYPE,
523 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
524 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
525 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
526 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC,
527 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
528 	/* AES-GMAC */
529 	{SUN_CKM_AES_GMAC, AES_GMAC_MECH_INFO_TYPE,
530 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
531 	    CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
532 	    CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
533 	    CRYPTO_FG_MAC_DECRYPT_ATOMIC |
534 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
535 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
536 	    AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
537 	/* RC4 */
538 	{SUN_CKM_RC4, RC4_MECH_INFO_TYPE,
539 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
540 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
541 	    ARCFOUR_MIN_KEY_BITS, ARCFOUR_MAX_KEY_BITS,
542 	    CRYPTO_KEYSIZE_UNIT_IN_BITS | CRYPTO_CAN_SHARE_OPSTATE},
543 	/* RSA_PKCS */
544 	{SUN_CKM_RSA_PKCS, RSA_PKCS_MECH_INFO_TYPE,
545 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
546 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC |
547 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
548 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
549 	    CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
550 	    CRYPTO_FG_VERIFY_RECOVER | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
551 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
552 	/* RSA_X_509 */
553 	{SUN_CKM_RSA_X_509, RSA_X_509_MECH_INFO_TYPE,
554 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
555 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC |
556 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
557 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
558 	    CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
559 	    CRYPTO_FG_VERIFY_RECOVER | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
560 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
561 	/* MD5_RSA_PKCS */
562 	{SUN_CKM_MD5_RSA_PKCS, MD5_RSA_PKCS_MECH_INFO_TYPE,
563 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
564 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
565 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
566 	/* SHA1_RSA_PKCS */
567 	{SUN_CKM_SHA1_RSA_PKCS, SHA1_RSA_PKCS_MECH_INFO_TYPE,
568 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
569 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
570 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
571 	/* SHA256_RSA_PKCS */
572 	{SUN_CKM_SHA256_RSA_PKCS, SHA256_RSA_PKCS_MECH_INFO_TYPE,
573 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
574 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
575 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
576 	/* SHA384_RSA_PKCS */
577 	{SUN_CKM_SHA384_RSA_PKCS, SHA384_RSA_PKCS_MECH_INFO_TYPE,
578 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
579 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
580 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
581 	/* SHA512_RSA_PKCS */
582 	{SUN_CKM_SHA512_RSA_PKCS, SHA512_RSA_PKCS_MECH_INFO_TYPE,
583 	    CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
584 	    CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
585 	    RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
586 	/* MD5_KEY_DERIVATION */
587 	{DPROV_CKM_MD5_KEY_DERIVATION, MD5_KEY_DERIVATION_MECH_INFO_TYPE,
588 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
589 	/* SHA1_KEY_DERIVATION */
590 	{DPROV_CKM_SHA1_KEY_DERIVATION, SHA1_KEY_DERIVATION_MECH_INFO_TYPE,
591 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
592 	/* SHA256_KEY_DERIVATION */
593 	{DPROV_CKM_SHA256_KEY_DERIVATION, SHA256_KEY_DERIVATION_MECH_INFO_TYPE,
594 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
595 	/* SHA384_KEY_DERIVATION */
596 	{DPROV_CKM_SHA384_KEY_DERIVATION, SHA384_KEY_DERIVATION_MECH_INFO_TYPE,
597 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
598 	/* SHA512_KEY_DERIVATION */
599 	{DPROV_CKM_SHA512_KEY_DERIVATION, SHA512_KEY_DERIVATION_MECH_INFO_TYPE,
600 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
601 	/* DES_KEY_GENERATION */
602 	{DPROV_CKM_DES_KEY_GEN, DES_KEY_GEN_MECH_INFO_TYPE,
603 	    CRYPTO_FG_GENERATE, DES_KEY_LEN, DES_KEY_LEN,
604 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
605 	/* DES3_KEY_GENERATION */
606 	{DPROV_CKM_DES3_KEY_GEN, DES3_KEY_GEN_MECH_INFO_TYPE,
607 	    CRYPTO_FG_GENERATE, DES3_KEY_LEN, DES3_KEY_LEN,
608 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
609 	/* AES_KEY_GENERATION */
610 	{DPROV_CKM_AES_KEY_GEN, AES_KEY_GEN_MECH_INFO_TYPE,
611 	    CRYPTO_FG_GENERATE, AES_MIN_KEY_LEN, AES_MAX_KEY_LEN,
612 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
613 	/* BLOWFISH_KEY_GENERATION */
614 	{DPROV_CKM_BLOWFISH_KEY_GEN, BLOWFISH_KEY_GEN_MECH_INFO_TYPE,
615 	    CRYPTO_FG_GENERATE, BLOWFISH_MIN_KEY_LEN, BLOWFISH_MAX_KEY_LEN,
616 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES},
617 	/* RC4_KEY_GENERATION */
618 	{DPROV_CKM_RC4_KEY_GEN, RC4_KEY_GEN_MECH_INFO_TYPE,
619 	    CRYPTO_FG_GENERATE, ARCFOUR_MIN_KEY_BITS, ARCFOUR_MAX_KEY_BITS,
620 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
621 	/* DH_PKCS_KEY_PAIR_GEN */
622 	{DPROV_CKM_DH_PKCS_KEY_PAIR_GEN, DH_PKCS_KEY_PAIR_GEN_MECH_INFO_TYPE,
623 	    CRYPTO_FG_GENERATE_KEY_PAIR, DH_MIN_KEY_LEN, DH_MAX_KEY_LEN,
624 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
625 	/* DH_PKCS_DERIVE */
626 	{DPROV_CKM_DH_PKCS_DERIVE, DH_PKCS_DERIVE_MECH_INFO_TYPE,
627 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
628 	/* RSA_PKCS_KEY_PAIR_GEN */
629 	{DPROV_CKM_RSA_PKCS_KEY_PAIR_GEN, RSA_PKCS_KEY_PAIR_GEN_MECH_INFO_TYPE,
630 	    CRYPTO_FG_GENERATE_KEY_PAIR, RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
631 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
632 	/* EC_KEY_PAIR_GEN */
633 	{DPROV_CKM_EC_KEY_PAIR_GEN, EC_KEY_PAIR_GEN_MECH_INFO_TYPE,
634 	    CRYPTO_FG_GENERATE_KEY_PAIR, EC_MIN_KEY_LEN, EC_MAX_KEY_LEN,
635 	    CRYPTO_KEYSIZE_UNIT_IN_BITS},
636 	/* ECDSA */
637 	{DPROV_CKM_ECDSA, ECDSA_MECH_INFO_TYPE,
638 	    CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY |
639 	    CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_VERIFY_ATOMIC |
640 	    EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
641 	/* ECDSA_SHA1 */
642 	{DPROV_CKM_ECDSA_SHA1, ECDSA_SHA1_MECH_INFO_TYPE,
643 	    CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY |
644 	    CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_VERIFY_ATOMIC |
645 	    EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
646 	/* ECDH1_DERIVE */
647 	{DPROV_CKM_ECDH1_DERIVE, ECDH1_DERIVE_MECH_INFO_TYPE,
648 	    CRYPTO_FG_DERIVE, 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}
649 };
650 
651 /*
652  * Crypto Values
653  *
654  * These values are the used in the STC ef test suite.  If they are changed
655  * the test suite needs to be changed.
656  */
657 static uchar_t dh_value[8] = { 'd', 'h', 'd', 'h', 'd', 'h', 'd', '\0' };
658 char public_exponent[3] = { 0x01, 0x00, 0x01 };
659 static uchar_t private_exponent[128] = {
660 	0x8e, 0xc9, 0x70, 0x57, 0x6b, 0xcd, 0xfb, 0xa9,
661 	0x19, 0xad, 0xcd, 0x91, 0x69, 0xd5, 0x52, 0xec,
662 	0x72, 0x1e, 0x45, 0x15, 0x06, 0xdc, 0x65, 0x2d,
663 	0x98, 0xc4, 0xce, 0x33, 0x54, 0x15, 0x70, 0x8d,
664 	0xfa, 0x65, 0xea, 0x53, 0x44, 0xf3, 0x3e, 0x3f,
665 	0xb4, 0x4c, 0x60, 0xd5, 0x01, 0x2d, 0xa4, 0x12,
666 	0x99, 0xbf, 0x3f, 0x0b, 0xcd, 0xbb, 0x24, 0x10,
667 	0x60, 0x30, 0x5e, 0x58, 0xf8, 0x59, 0xaa, 0xd1,
668 	0x63, 0x3b, 0xbc, 0xcb, 0x94, 0x58, 0x38, 0x24,
669 	0xfc, 0x65, 0x25, 0xc5, 0xa6, 0x51, 0xa2, 0x2e,
670 	0xf1, 0x5e, 0xf5, 0xc1, 0xf5, 0x46, 0xf7, 0xbd,
671 	0xc7, 0x62, 0xa8, 0xe2, 0x27, 0xd6, 0x94, 0x5b,
672 	0xd3, 0xa2, 0xb5, 0x76, 0x42, 0x67, 0x6b, 0x86,
673 	0x91, 0x97, 0x4d, 0x07, 0x92, 0x00, 0x4a, 0xdf,
674 	0x0b, 0x65, 0x64, 0x05, 0x03, 0x48, 0x27, 0xeb,
675 	0xce, 0x9a, 0x49, 0x7f, 0x3e, 0x10, 0xe0, 0x01
676 };
677 
678 static uchar_t modulus[128] = {
679 	0x94, 0x32, 0xb9, 0x12, 0x1d, 0x68, 0x2c, 0xda,
680 	0x2b, 0xe0, 0xe4, 0x97, 0x1b, 0x4d, 0xdc, 0x43,
681 	0xdf, 0x38, 0x6e, 0x7b, 0x9f, 0x07, 0x58, 0xae,
682 	0x9d, 0x82, 0x1e, 0xc7, 0xbc, 0x92, 0xbf, 0xd3,
683 	0xce, 0x00, 0xbb, 0x91, 0xc9, 0x79, 0x06, 0x03,
684 	0x1f, 0xbc, 0x9f, 0x94, 0x75, 0x29, 0x5f, 0xd7,
685 	0xc5, 0xf3, 0x73, 0x8a, 0xa4, 0x35, 0x43, 0x7a,
686 	0x00, 0x32, 0x97, 0x3e, 0x86, 0xef, 0x70, 0x6f,
687 	0x18, 0x56, 0x15, 0xaa, 0x6a, 0x87, 0xe7, 0x8d,
688 	0x7d, 0xdd, 0x1f, 0xa4, 0xe4, 0x31, 0xd4, 0x7a,
689 	0x8c, 0x0e, 0x20, 0xd2, 0x23, 0xf5, 0x57, 0x3c,
690 	0x1b, 0xa8, 0x44, 0xa4, 0x57, 0x8f, 0x33, 0x52,
691 	0xad, 0x83, 0xae, 0x4a, 0x97, 0xa6, 0x1e, 0xa6,
692 	0x2b, 0xfa, 0xea, 0xeb, 0x6e, 0x71, 0xb8, 0xb6,
693 	0x0a, 0x36, 0xed, 0x83, 0xce, 0xb0, 0xdf, 0xc1,
694 	0xd4, 0x3a, 0xe9, 0x99, 0x6f, 0xf3, 0x96, 0xb7
695 };
696 
697 
698 static void dprov_provider_status(crypto_provider_handle_t, uint_t *);
699 
700 static crypto_control_ops_t dprov_control_ops = {
701 	dprov_provider_status
702 };
703 
704 #define	DPROV_MANUFACTURER	"SUNW                            "
705 #define	DPROV_MODEL		"dprov           "
706 #define	DPROV_ALLSPACES		"                "
707 
708 static int dprov_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
709     crypto_req_handle_t);
710 static int dprov_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
711     crypto_req_handle_t);
712 static int dprov_digest_update(crypto_ctx_t *, crypto_data_t *,
713     crypto_req_handle_t);
714 static int dprov_digest_key(crypto_ctx_t *, crypto_key_t *,
715     crypto_req_handle_t);
716 static int dprov_digest_final(crypto_ctx_t *, crypto_data_t *,
717     crypto_req_handle_t);
718 static int dprov_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
719     crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
720     crypto_req_handle_t);
721 
722 static crypto_digest_ops_t dprov_digest_ops = {
723 	dprov_digest_init,
724 	dprov_digest,
725 	dprov_digest_update,
726 	dprov_digest_key,
727 	dprov_digest_final,
728 	dprov_digest_atomic
729 };
730 
731 static int dprov_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
732     crypto_spi_ctx_template_t, crypto_req_handle_t);
733 static int dprov_mac(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
734     crypto_req_handle_t);
735 static int dprov_mac_update(crypto_ctx_t *, crypto_data_t *,
736     crypto_req_handle_t);
737 static int dprov_mac_final(crypto_ctx_t *, crypto_data_t *,
738     crypto_req_handle_t);
739 static int dprov_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
740     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
741     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
742 static int dprov_mac_verify_atomic(crypto_provider_handle_t,
743     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
744     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
745 
746 static crypto_mac_ops_t dprov_mac_ops = {
747 	dprov_mac_init,
748 	dprov_mac,
749 	dprov_mac_update,
750 	dprov_mac_final,
751 	dprov_mac_atomic,
752 	dprov_mac_verify_atomic
753 };
754 
755 static int dprov_encrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
756     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
757 static int dprov_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
758     crypto_req_handle_t);
759 static int dprov_encrypt_update(crypto_ctx_t *, crypto_data_t *,
760     crypto_data_t *, crypto_req_handle_t);
761 static int dprov_encrypt_final(crypto_ctx_t *, crypto_data_t *,
762     crypto_req_handle_t);
763 static int dprov_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
764     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
765     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
766 
767 static int dprov_decrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
768     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
769 static int dprov_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
770     crypto_req_handle_t);
771 static int dprov_decrypt_update(crypto_ctx_t *, crypto_data_t *,
772     crypto_data_t *, crypto_req_handle_t);
773 static int dprov_decrypt_final(crypto_ctx_t *, crypto_data_t *,
774     crypto_req_handle_t);
775 static int dprov_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
776     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
777     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
778 
779 static crypto_cipher_ops_t dprov_cipher_ops = {
780 	dprov_encrypt_init,
781 	dprov_encrypt,
782 	dprov_encrypt_update,
783 	dprov_encrypt_final,
784 	dprov_encrypt_atomic,
785 	dprov_decrypt_init,
786 	dprov_decrypt,
787 	dprov_decrypt_update,
788 	dprov_decrypt_final,
789 	dprov_decrypt_atomic
790 };
791 
792 static int dprov_sign_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
793     crypto_spi_ctx_template_t, crypto_req_handle_t);
794 static int dprov_sign(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
795     crypto_req_handle_t);
796 static int dprov_sign_update(crypto_ctx_t *, crypto_data_t *,
797     crypto_req_handle_t);
798 static int dprov_sign_final(crypto_ctx_t *, crypto_data_t *,
799     crypto_req_handle_t);
800 static int dprov_sign_atomic(crypto_provider_handle_t, crypto_session_id_t,
801     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
802     crypto_spi_ctx_template_t, crypto_req_handle_t);
803 static int dprov_sign_recover_init(crypto_ctx_t *, crypto_mechanism_t *,
804     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
805 static int dprov_sign_recover(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
806     crypto_req_handle_t);
807 static int dprov_sign_recover_atomic(crypto_provider_handle_t,
808     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
809     crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
810     crypto_req_handle_t);
811 
812 static crypto_sign_ops_t dprov_sign_ops = {
813 	dprov_sign_init,
814 	dprov_sign,
815 	dprov_sign_update,
816 	dprov_sign_final,
817 	dprov_sign_atomic,
818 	dprov_sign_recover_init,
819 	dprov_sign_recover,
820 	dprov_sign_recover_atomic
821 };
822 
823 static int dprov_verify_init(crypto_ctx_t *, crypto_mechanism_t *,
824     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
825 static int dprov_verify(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
826     crypto_req_handle_t);
827 static int dprov_verify_update(crypto_ctx_t *, crypto_data_t *,
828     crypto_req_handle_t);
829 static int dprov_verify_final(crypto_ctx_t *, crypto_data_t *,
830     crypto_req_handle_t);
831 static int dprov_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
832     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
833     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
834 static int dprov_verify_recover_init(crypto_ctx_t *, crypto_mechanism_t *,
835     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
836 static int dprov_verify_recover(crypto_ctx_t *, crypto_data_t *,
837     crypto_data_t *, crypto_req_handle_t);
838 static int dprov_verify_recover_atomic(crypto_provider_handle_t,
839     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
840     crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
841     crypto_req_handle_t);
842 
843 static crypto_verify_ops_t dprov_verify_ops = {
844 	dprov_verify_init,
845 	dprov_verify,
846 	dprov_verify_update,
847 	dprov_verify_final,
848 	dprov_verify_atomic,
849 	dprov_verify_recover_init,
850 	dprov_verify_recover,
851 	dprov_verify_recover_atomic
852 };
853 
854 static int dprov_digest_encrypt_update(crypto_ctx_t *, crypto_ctx_t *,
855     crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
856 static int dprov_decrypt_digest_update(crypto_ctx_t *, crypto_ctx_t *,
857     crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
858 static int dprov_sign_encrypt_update(crypto_ctx_t *, crypto_ctx_t *,
859     crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
860 static int dprov_decrypt_verify_update(crypto_ctx_t *, crypto_ctx_t *,
861     crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
862 
863 static crypto_dual_ops_t dprov_dual_ops = {
864 	dprov_digest_encrypt_update,
865 	dprov_decrypt_digest_update,
866 	dprov_sign_encrypt_update,
867 	dprov_decrypt_verify_update
868 };
869 
870 static int dprov_encrypt_mac_init(crypto_ctx_t *,
871     crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
872     crypto_key_t *, crypto_spi_ctx_template_t,
873     crypto_spi_ctx_template_t, crypto_req_handle_t);
874 static int dprov_encrypt_mac(crypto_ctx_t *,
875     crypto_data_t *, crypto_dual_data_t *, crypto_data_t *,
876     crypto_req_handle_t);
877 static int dprov_encrypt_mac_update(crypto_ctx_t *,
878     crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t);
879 static int dprov_encrypt_mac_final(crypto_ctx_t *,
880     crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t);
881 static int dprov_encrypt_mac_atomic(crypto_provider_handle_t,
882     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
883     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
884     crypto_dual_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
885     crypto_spi_ctx_template_t, crypto_req_handle_t);
886 
887 static int dprov_mac_decrypt_init(crypto_ctx_t *,
888     crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
889     crypto_key_t *, crypto_spi_ctx_template_t,
890     crypto_spi_ctx_template_t, crypto_req_handle_t);
891 static int dprov_mac_decrypt(crypto_ctx_t *,
892     crypto_dual_data_t *, crypto_data_t *, crypto_data_t *,
893     crypto_req_handle_t);
894 static int dprov_mac_decrypt_update(crypto_ctx_t *,
895     crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t);
896 static int dprov_mac_decrypt_final(crypto_ctx_t *,
897     crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
898 static int dprov_mac_decrypt_atomic(crypto_provider_handle_t,
899     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
900     crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *,
901     crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
902     crypto_spi_ctx_template_t, crypto_req_handle_t);
903 static int dprov_mac_verify_decrypt_atomic(crypto_provider_handle_t,
904     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
905     crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *,
906     crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
907     crypto_spi_ctx_template_t, crypto_req_handle_t);
908 
909 static crypto_dual_cipher_mac_ops_t dprov_cipher_mac_ops = {
910 	dprov_encrypt_mac_init,
911 	dprov_encrypt_mac,
912 	dprov_encrypt_mac_update,
913 	dprov_encrypt_mac_final,
914 	dprov_encrypt_mac_atomic,
915 	dprov_mac_decrypt_init,
916 	dprov_mac_decrypt,
917 	dprov_mac_decrypt_update,
918 	dprov_mac_decrypt_final,
919 	dprov_mac_decrypt_atomic,
920 	dprov_mac_verify_decrypt_atomic
921 };
922 
923 static int dprov_seed_random(crypto_provider_handle_t, crypto_session_id_t,
924     uchar_t *, size_t, uint_t, uint32_t, crypto_req_handle_t);
925 static int dprov_generate_random(crypto_provider_handle_t, crypto_session_id_t,
926     uchar_t *, size_t, crypto_req_handle_t);
927 
928 static crypto_random_number_ops_t dprov_random_number_ops = {
929 	dprov_seed_random,
930 	dprov_generate_random
931 };
932 
933 static int dprov_session_open(crypto_provider_handle_t, crypto_session_id_t *,
934     crypto_req_handle_t);
935 static int dprov_session_close(crypto_provider_handle_t, crypto_session_id_t,
936     crypto_req_handle_t);
937 static int dprov_session_login(crypto_provider_handle_t, crypto_session_id_t,
938     crypto_user_type_t, char *, size_t, crypto_req_handle_t);
939 static int dprov_session_logout(crypto_provider_handle_t, crypto_session_id_t,
940     crypto_req_handle_t);
941 
942 static crypto_session_ops_t dprov_session_ops = {
943 	dprov_session_open,
944 	dprov_session_close,
945 	dprov_session_login,
946 	dprov_session_logout
947 };
948 
949 static int dprov_object_create(crypto_provider_handle_t, crypto_session_id_t,
950     crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
951     crypto_req_handle_t);
952 static int dprov_object_copy(crypto_provider_handle_t, crypto_session_id_t,
953     crypto_object_id_t, crypto_object_attribute_t *, uint_t,
954     crypto_object_id_t *, crypto_req_handle_t);
955 static int dprov_object_destroy(crypto_provider_handle_t, crypto_session_id_t,
956     crypto_object_id_t, crypto_req_handle_t);
957 static int dprov_object_get_size(crypto_provider_handle_t, crypto_session_id_t,
958     crypto_object_id_t, size_t *, crypto_req_handle_t);
959 static int dprov_object_get_attribute_value(crypto_provider_handle_t,
960     crypto_session_id_t, crypto_object_id_t,
961     crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
962 static int dprov_object_set_attribute_value(crypto_provider_handle_t,
963     crypto_session_id_t, crypto_object_id_t,
964     crypto_object_attribute_t *,  uint_t, crypto_req_handle_t);
965 static int dprov_object_find_init(crypto_provider_handle_t, crypto_session_id_t,
966     crypto_object_attribute_t *, uint_t, void **,
967     crypto_req_handle_t);
968 static int dprov_object_find(crypto_provider_handle_t, void *,
969     crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t);
970 static int dprov_object_find_final(crypto_provider_handle_t, void *,
971     crypto_req_handle_t);
972 
973 static crypto_object_ops_t dprov_object_ops = {
974 	dprov_object_create,
975 	dprov_object_copy,
976 	dprov_object_destroy,
977 	dprov_object_get_size,
978 	dprov_object_get_attribute_value,
979 	dprov_object_set_attribute_value,
980 	dprov_object_find_init,
981 	dprov_object_find,
982 	dprov_object_find_final
983 };
984 
985 static int dprov_key_generate(crypto_provider_handle_t, crypto_session_id_t,
986     crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
987     crypto_object_id_t *, crypto_req_handle_t);
988 static int dprov_key_generate_pair(crypto_provider_handle_t,
989     crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
990     uint_t, crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
991     crypto_object_id_t *, crypto_req_handle_t);
992 static int dprov_key_wrap(crypto_provider_handle_t, crypto_session_id_t,
993     crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *,
994     uchar_t *, size_t *, crypto_req_handle_t);
995 static int dprov_key_unwrap(crypto_provider_handle_t, crypto_session_id_t,
996     crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *,
997     crypto_object_attribute_t *, uint_t,
998     crypto_object_id_t *, crypto_req_handle_t);
999 static int dprov_key_derive(crypto_provider_handle_t, crypto_session_id_t,
1000     crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
1001     uint_t, crypto_object_id_t *, crypto_req_handle_t);
1002 
1003 static crypto_key_ops_t dprov_key_ops = {
1004 	dprov_key_generate,
1005 	dprov_key_generate_pair,
1006 	dprov_key_wrap,
1007 	dprov_key_unwrap,
1008 	dprov_key_derive
1009 };
1010 
1011 static int dprov_ext_info(crypto_provider_handle_t,
1012     crypto_provider_ext_info_t *, crypto_req_handle_t);
1013 static int dprov_init_token(crypto_provider_handle_t, char *, size_t,
1014     char *, crypto_req_handle_t);
1015 static int dprov_init_pin(crypto_provider_handle_t, crypto_session_id_t,
1016     char *, size_t, crypto_req_handle_t);
1017 static int dprov_set_pin(crypto_provider_handle_t, crypto_session_id_t,
1018     char *, size_t, char *, size_t, crypto_req_handle_t);
1019 
1020 static crypto_provider_management_ops_t dprov_management_ops = {
1021 	dprov_ext_info,
1022 	dprov_init_token,
1023 	dprov_init_pin,
1024 	dprov_set_pin
1025 };
1026 
1027 static int dprov_free_context(crypto_ctx_t *);
1028 static int dprov_copyin_mechanism(crypto_provider_handle_t,
1029     crypto_mechanism_t *, crypto_mechanism_t *, int *error, int);
1030 static int dprov_copyout_mechanism(crypto_provider_handle_t,
1031     crypto_mechanism_t *, crypto_mechanism_t *, int *error, int);
1032 static int dprov_free_mechanism(crypto_provider_handle_t,
1033     crypto_mechanism_t *);
1034 
1035 static crypto_ctx_ops_t dprov_ctx_ops = {
1036 	NULL,
1037 	dprov_free_context
1038 };
1039 
1040 static crypto_mech_ops_t dprov_mech_ops = {
1041 	dprov_copyin_mechanism,
1042 	dprov_copyout_mechanism,
1043 	dprov_free_mechanism
1044 };
1045 
1046 static int dprov_nostore_key_generate(crypto_provider_handle_t,
1047     crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
1048     uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
1049 static int dprov_nostore_key_generate_pair(crypto_provider_handle_t,
1050     crypto_session_id_t, crypto_mechanism_t *, crypto_object_attribute_t *,
1051     uint_t, crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
1052     uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
1053 static int dprov_nostore_key_derive(crypto_provider_handle_t,
1054     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
1055     crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
1056     uint_t, crypto_req_handle_t);
1057 
1058 static crypto_nostore_key_ops_t dprov_nostore_key_ops = {
1059 	dprov_nostore_key_generate,
1060 	dprov_nostore_key_generate_pair,
1061 	dprov_nostore_key_derive
1062 };
1063 
1064 static crypto_ops_t dprov_crypto_ops = {
1065 	&dprov_control_ops,
1066 	&dprov_digest_ops,
1067 	&dprov_cipher_ops,
1068 	&dprov_mac_ops,
1069 	&dprov_sign_ops,
1070 	&dprov_verify_ops,
1071 	&dprov_dual_ops,
1072 	&dprov_cipher_mac_ops,
1073 	&dprov_random_number_ops,
1074 	&dprov_session_ops,
1075 	&dprov_object_ops,
1076 	&dprov_key_ops,
1077 	&dprov_management_ops,
1078 	&dprov_ctx_ops,
1079 	&dprov_mech_ops
1080 };
1081 
1082 
1083 /* maximum SO and user PIN lengths */
1084 #define	DPROV_MAX_PIN_LEN	128
1085 
1086 /*
1087  * Objects: each session is associated with an array of objects.
1088  * Unlike PKCS#11, the objects cannot be shared between sessions.
1089  * The ioctl driver multiplexes PKCS#11 sessions to providers
1090  * sessions in order to support this semantic. This simplifies
1091  * the CSPI greatly since the provider does not have to associate
1092  * sessions with a user space process.
1093  * There is also a per-instance array of objects, which correspond
1094  * to PKCS#11 token objects. These objects can be shared by multiple
1095  * sesions.
1096  *
1097  * Token objects are identified by having a CKA_TOKEN attribute B_TRUE.
1098  * Private objects are identified by having a CKA_PRIVATE attribute
1099  * set to B_TRUE.
1100  */
1101 
1102 #define	DPROV_MAX_OBJECTS	128	/* max # of objects */
1103 #define	DPROV_MAX_ATTR		64	/* max # of attributes per object */
1104 
1105 /* object description */
1106 typedef struct dprov_object {
1107 	crypto_object_attribute_t do_attr[DPROV_MAX_ATTR]; /* attributes */
1108 	uint_t do_token_idx;		/* index in per-instance table */
1109 					/* for token objects. */
1110 	boolean_t do_destroyed;		/* object has been destroyed. */
1111 					/* keep object around until all */
1112 					/* sessions that refer to it */
1113 					/* are closed, but mark it */
1114 					/* destroyed so that references */
1115 					/* to the object fail. */
1116 					/* used for token objects only */
1117 	uint_t do_refcnt;
1118 } dprov_object_t;
1119 
1120 /*
1121  * If a session has a reference to a dprov_object_t,
1122  * it REFHOLD()s.
1123  */
1124 #define	DPROV_OBJECT_REFHOLD(object) {		\
1125 	atomic_inc_32(&(object)->do_refcnt);	\
1126 	ASSERT((object)->do_refcnt != 0);		\
1127 }
1128 
1129 /*
1130  * Releases a reference to an object. When the last
1131  * reference is released, the object is freed.
1132  */
1133 #define	DPROV_OBJECT_REFRELE(object) {				\
1134 	ASSERT((object)->do_refcnt != 0);			\
1135 	membar_exit();						\
1136 	if (atomic_dec_32_nv(&(object)->do_refcnt) == 0)	\
1137 		dprov_free_object(object);			\
1138 }
1139 
1140 /*
1141  * Object attributes are passed to the provider using crypto_object_attribute
1142  * structures, which contain the type of the attribute, a pointer to
1143  * it's value, and the length of its value. The attribute types values
1144  * are defined by the PKCS#11 specification. This provider only cares
1145  * about a subset of these attributes. In order to avoid having to
1146  * include the PKCS#11 header files, we define here the attributes values
1147  * which are used by the provider.
1148  */
1149 
1150 #define	DPROV_CKA_CLASS			0x00000000
1151 #define	DPROV_CKA_TOKEN			0x00000001
1152 #define	DPROV_CKA_PRIVATE		0x00000002
1153 #define	DPROV_CKA_VALUE			0x00000011
1154 #define	DPROV_CKA_CERTIFICATE_TYPE	0x00000080
1155 #define	DPROV_CKA_KEY_TYPE		0x00000100
1156 #define	DPROV_CKA_SENSITIVE		0x00000103
1157 #define	DPROV_CKA_ENCRYPT		0x00000104
1158 #define	DPROV_CKA_DECRYPT		0x00000105
1159 #define	DPROV_CKA_WRAP			0x00000106
1160 #define	DPROV_CKA_UNWRAP		0x00000107
1161 #define	DPROV_CKA_SIGN			0x00000108
1162 #define	DPROV_CKA_SIGN_RECOVER		0x00000109
1163 #define	DPROV_CKA_VERIFY		0x0000010A
1164 #define	DPROV_CKA_VERIFY_RECOVER	0x0000010B
1165 #define	DPROV_CKA_DERIVE		0x0000010C
1166 #define	DPROV_CKA_MODULUS		0x00000120
1167 #define	DPROV_CKA_MODULUS_BITS		0x00000121
1168 #define	DPROV_CKA_PUBLIC_EXPONENT	0x00000122
1169 #define	DPROV_CKA_PRIVATE_EXPONENT	0x00000123
1170 #define	DPROV_CKA_PRIME			0x00000130
1171 #define	DPROV_CKA_BASE			0x00000132
1172 #define	DPROV_CKA_VALUE_BITS		0x00000160
1173 #define	DPROV_CKA_VALUE_LEN		0x00000161
1174 #define	DPROV_CKA_EXTRACTABLE		0x00000162
1175 #define	DPROV_CKA_EC_PARAMS		0x00000180
1176 #define	DPROV_CKA_EC_POINT		0x00000181
1177 #define	DPROV_HW_FEATURE_TYPE		0x00000300
1178 
1179 /*
1180  * Object classes from PKCS#11
1181  */
1182 #define	DPROV_CKO_DATA			0x00000000
1183 #define	DPROV_CKO_CERTIFICATE		0x00000001
1184 #define	DPROV_CKO_PUBLIC_KEY		0x00000002
1185 #define	DPROV_CKO_PRIVATE_KEY		0x00000003
1186 #define	DPROV_CKO_SECRET_KEY		0x00000004
1187 #define	DPROV_CKO_HW_FEATURE		0x00000005
1188 #define	DPROV_CKO_DOMAIN_PARAMETERS	0x00000006
1189 #define	DPROV_CKO_VENDOR_DEFINED	0x80000000
1190 
1191 /*
1192  * A few key types from PKCS#11
1193  */
1194 #define	DPROV_CKK_RSA			0x00000000
1195 #define	DPROV_CKK_GENERIC_SECRET	0x00000010
1196 #define	DPROV_CKK_RC4			0x00000012
1197 #define	DPROV_CKK_DES			0x00000013
1198 #define	DPROV_CKK_DES3			0x00000015
1199 #define	DPROV_CKK_AES			0x0000001F
1200 #define	DPROV_CKK_BLOWFISH		0x00000020
1201 
1202 /*
1203  * Find object context. Allows the find object init/find/final
1204  * to store data persistent across calls.
1205  */
1206 typedef struct dprov_find_ctx {
1207 	crypto_object_id_t fc_ids[DPROV_MAX_OBJECTS];	/* object ids */
1208 	uint_t fc_nids;			/* number of ids in fc_ids */
1209 	uint_t fc_next;			/* next id to return */
1210 } dprov_find_ctx_t;
1211 
1212 /*
1213  * Session management: each instance is associated with an array
1214  * of sessions. KEF providers sessions are always R/W the library and
1215  * the ioctl maintain the PKCS#11 R/W attributes for the session.
1216  */
1217 
1218 #define	DPROV_MIN_SESSIONS	32	/* # of sessions to start with */
1219 
1220 typedef enum dprov_session_state {
1221 	DPROV_SESSION_STATE_PUBLIC,	/* public (default) */
1222 	DPROV_SESSION_STATE_SO,		/* SO logged in */
1223 	DPROV_SESSION_STATE_USER	/* user logged in */
1224 } dprov_session_state_t;
1225 
1226 /* session description */
1227 typedef struct dprov_session {
1228 	dprov_session_state_t ds_state;	/* session state */
1229 	dprov_object_t *ds_objects[DPROV_MAX_OBJECTS];	/* session objects */
1230 } dprov_session_t;
1231 
1232 
1233 static crypto_provider_info_t dprov_prov_info = {
1234 	CRYPTO_SPI_VERSION_2,
1235 	"Dummy Pseudo HW Provider",
1236 	CRYPTO_HW_PROVIDER,
1237 	NULL,				/* pi_provider_dev */
1238 	NULL,				/* pi_provider_handle */
1239 	&dprov_crypto_ops,
1240 	sizeof (dprov_mech_info_tab)/sizeof (crypto_mech_info_t),
1241 	dprov_mech_info_tab,
1242 	0,				/* pi_logical_provider_count */
1243 	NULL,				/* pi_logical_providers */
1244 	0				/* pi_flags */
1245 };
1246 
1247 /*
1248  * Per-instance info.
1249  */
1250 typedef struct dprov_state {
1251 	kmutex_t ds_lock;		/* per-instance lock */
1252 	dev_info_t *ds_dip;		/* device info */
1253 	crypto_kcf_provider_handle_t ds_prov_handle;	/* framework handle */
1254 	taskq_t *ds_taskq;		/* taskq for async behavior */
1255 	char ds_user_pin[DPROV_MAX_PIN_LEN];	/* normal user PIN */
1256 	uint_t ds_user_pin_len;
1257 	char ds_so_pin[DPROV_MAX_PIN_LEN];	/* SO PIN */
1258 	uint_t ds_so_pin_len;
1259 	dprov_session_t **ds_sessions;	/* sessions for this instance */
1260 	uint_t ds_sessions_slots;	/* number of session slots */
1261 	uint_t ds_sessions_count;	/* number of open sessions */
1262 	boolean_t ds_token_initialized;	/* provider initialized? */
1263 	boolean_t ds_user_pin_set;	/* user pin set? */
1264 	char ds_label[CRYPTO_EXT_SIZE_LABEL];		/* "token" label */
1265 	dprov_object_t *ds_objects[DPROV_MAX_OBJECTS];	/* "token" objects */
1266 } dprov_state_t;
1267 
1268 
1269 /*
1270  * A taskq is associated with each instance of the pseudo driver in order
1271  * to simulate the asynchronous execution of requests.
1272  * The following defines the taskq request structures.
1273  */
1274 
1275 /* request types */
1276 typedef enum dprov_req_type {
1277 	/* digest requests */
1278 	DPROV_REQ_DIGEST_INIT = 1,
1279 	DPROV_REQ_DIGEST,
1280 	DPROV_REQ_DIGEST_UPDATE,
1281 	DPROV_REQ_DIGEST_KEY,
1282 	DPROV_REQ_DIGEST_FINAL,
1283 	DPROV_REQ_DIGEST_ATOMIC,
1284 	/* cipher requests */
1285 	DPROV_REQ_ENCRYPT_INIT,
1286 	DPROV_REQ_ENCRYPT,
1287 	DPROV_REQ_ENCRYPT_UPDATE,
1288 	DPROV_REQ_ENCRYPT_FINAL,
1289 	DPROV_REQ_ENCRYPT_ATOMIC,
1290 	DPROV_REQ_DECRYPT_INIT,
1291 	DPROV_REQ_DECRYPT,
1292 	DPROV_REQ_DECRYPT_UPDATE,
1293 	DPROV_REQ_DECRYPT_FINAL,
1294 	DPROV_REQ_DECRYPT_ATOMIC,
1295 	/* mac requests */
1296 	DPROV_REQ_MAC_INIT,
1297 	DPROV_REQ_MAC,
1298 	DPROV_REQ_MAC_UPDATE,
1299 	DPROV_REQ_MAC_FINAL,
1300 	DPROV_REQ_MAC_ATOMIC,
1301 	DPROV_REQ_MAC_VERIFY_ATOMIC,
1302 	/* sign requests */
1303 	DPROV_REQ_SIGN_INIT,
1304 	DPROV_REQ_SIGN,
1305 	DPROV_REQ_SIGN_UPDATE,
1306 	DPROV_REQ_SIGN_FINAL,
1307 	DPROV_REQ_SIGN_ATOMIC,
1308 	DPROV_REQ_SIGN_RECOVER_INIT,
1309 	DPROV_REQ_SIGN_RECOVER,
1310 	DPROV_REQ_SIGN_RECOVER_ATOMIC,
1311 	/* verify requests */
1312 	DPROV_REQ_VERIFY_INIT,
1313 	DPROV_REQ_VERIFY,
1314 	DPROV_REQ_VERIFY_UPDATE,
1315 	DPROV_REQ_VERIFY_FINAL,
1316 	DPROV_REQ_VERIFY_ATOMIC,
1317 	DPROV_REQ_VERIFY_RECOVER_INIT,
1318 	DPROV_REQ_VERIFY_RECOVER,
1319 	DPROV_REQ_VERIFY_RECOVER_ATOMIC,
1320 	/* dual ops requests */
1321 	DPROV_REQ_DIGEST_ENCRYPT_UPDATE,
1322 	DPROV_REQ_DECRYPT_DIGEST_UPDATE,
1323 	DPROV_REQ_SIGN_ENCRYPT_UPDATE,
1324 	DPROV_REQ_DECRYPT_VERIFY_UPDATE,
1325 	/* dual cipher/mac requests */
1326 	DPROV_REQ_ENCRYPT_MAC_INIT,
1327 	DPROV_REQ_ENCRYPT_MAC,
1328 	DPROV_REQ_ENCRYPT_MAC_UPDATE,
1329 	DPROV_REQ_ENCRYPT_MAC_FINAL,
1330 	DPROV_REQ_ENCRYPT_MAC_ATOMIC,
1331 	DPROV_REQ_MAC_DECRYPT_INIT,
1332 	DPROV_REQ_MAC_DECRYPT,
1333 	DPROV_REQ_MAC_DECRYPT_UPDATE,
1334 	DPROV_REQ_MAC_DECRYPT_FINAL,
1335 	DPROV_REQ_MAC_DECRYPT_ATOMIC,
1336 	DPROV_REQ_MAC_VERIFY_DECRYPT_ATOMIC,
1337 	/* random number ops */
1338 	DPROV_REQ_RANDOM_SEED,
1339 	DPROV_REQ_RANDOM_GENERATE,
1340 	/* session management requests */
1341 	DPROV_REQ_SESSION_OPEN,
1342 	DPROV_REQ_SESSION_CLOSE,
1343 	DPROV_REQ_SESSION_LOGIN,
1344 	DPROV_REQ_SESSION_LOGOUT,
1345 	/* object management requests */
1346 	DPROV_REQ_OBJECT_CREATE,
1347 	DPROV_REQ_OBJECT_COPY,
1348 	DPROV_REQ_OBJECT_DESTROY,
1349 	DPROV_REQ_OBJECT_GET_SIZE,
1350 	DPROV_REQ_OBJECT_GET_ATTRIBUTE_VALUE,
1351 	DPROV_REQ_OBJECT_SET_ATTRIBUTE_VALUE,
1352 	DPROV_REQ_OBJECT_FIND_INIT,
1353 	DPROV_REQ_OBJECT_FIND,
1354 	DPROV_REQ_OBJECT_FIND_FINAL,
1355 	/* key management requests */
1356 	DPROV_REQ_KEY_GENERATE,
1357 	DPROV_REQ_KEY_GENERATE_PAIR,
1358 	DPROV_REQ_KEY_WRAP,
1359 	DPROV_REQ_KEY_UNWRAP,
1360 	DPROV_REQ_KEY_DERIVE,
1361 	/* provider management requests */
1362 	DPROV_REQ_MGMT_EXTINFO,
1363 	DPROV_REQ_MGMT_INITTOKEN,
1364 	DPROV_REQ_MGMT_INITPIN,
1365 	DPROV_REQ_MGMT_SETPIN,
1366 	/* no (key)store key management requests */
1367 	DPROV_REQ_NOSTORE_KEY_GENERATE,
1368 	DPROV_REQ_NOSTORE_KEY_GENERATE_PAIR,
1369 	DPROV_REQ_NOSTORE_KEY_DERIVE
1370 } dprov_req_type_t;
1371 
1372 /* for DPROV_REQ_DIGEST requests */
1373 typedef struct dprov_digest_req {
1374 	crypto_mechanism_t *dr_mechanism;
1375 	crypto_ctx_t *dr_ctx;
1376 	crypto_data_t *dr_data;
1377 	crypto_key_t *dr_key;
1378 	crypto_data_t *dr_digest;
1379 } dprov_digest_req_t;
1380 
1381 /* for DPROV_REQ_MAC requests */
1382 typedef struct dprov_mac_req {
1383 	crypto_mechanism_t *dr_mechanism;
1384 	crypto_ctx_t *dr_ctx;
1385 	crypto_key_t *dr_key;
1386 	crypto_data_t *dr_data;
1387 	crypto_data_t *dr_mac;
1388 	crypto_session_id_t dr_session_id;
1389 } dprov_mac_req_t;
1390 
1391 /* for DPROV_REQ_ENCRYPT and DPROV_REQ_DECRYPT requests */
1392 typedef struct dprov_cipher_req {
1393 	crypto_mechanism_t *dr_mechanism;
1394 	crypto_ctx_t *dr_ctx;
1395 	crypto_key_t *dr_key;
1396 	crypto_data_t *dr_plaintext;
1397 	crypto_data_t *dr_ciphertext;
1398 	crypto_session_id_t dr_session_id;
1399 } dprov_cipher_req_t;
1400 
1401 /* for DPROV_REQ_SIGN requests */
1402 typedef struct dprov_sign_req {
1403 	crypto_mechanism_t *sr_mechanism;
1404 	crypto_ctx_t *sr_ctx;
1405 	crypto_key_t *sr_key;
1406 	crypto_data_t *sr_data;
1407 	crypto_data_t *sr_signature;
1408 	crypto_session_id_t sr_session_id;
1409 } dprov_sign_req_t;
1410 
1411 /* for DPROV_REQ_VERIFY requests */
1412 typedef struct dprov_verify_req {
1413 	crypto_mechanism_t *vr_mechanism;
1414 	crypto_ctx_t *vr_ctx;
1415 	crypto_key_t *vr_key;
1416 	crypto_data_t *vr_data;
1417 	crypto_data_t *vr_signature;
1418 	crypto_session_id_t vr_session_id;
1419 } dprov_verify_req_t;
1420 
1421 /* for dual ops requests */
1422 typedef struct dprov_dual_req {
1423 	crypto_ctx_t *dr_signverify_ctx;
1424 	crypto_ctx_t *dr_cipher_ctx;
1425 	crypto_data_t *dr_plaintext;
1426 	crypto_data_t *dr_ciphertext;
1427 } dprov_dual_req_t;
1428 
1429 /* for cipher/mac dual ops requests */
1430 typedef struct dprov_cipher_mac_req {
1431 	crypto_session_id_t mr_session_id;
1432 	crypto_ctx_t *mr_ctx;
1433 	crypto_mechanism_t *mr_cipher_mech;
1434 	crypto_key_t *mr_cipher_key;
1435 	crypto_mechanism_t *mr_mac_mech;
1436 	crypto_key_t *mr_mac_key;
1437 	crypto_dual_data_t *mr_dual_data;
1438 	crypto_data_t *mr_data;
1439 	crypto_data_t *mr_mac;
1440 } dprov_cipher_mac_req_t;
1441 
1442 /* for DPROV_REQ_RANDOM requests */
1443 typedef struct dprov_random_req {
1444 	uchar_t *rr_buf;
1445 	size_t rr_len;
1446 	crypto_session_id_t rr_session_id;
1447 	uint_t rr_entropy_est;
1448 	uint32_t rr_flags;
1449 } dprov_random_req_t;
1450 
1451 /* for DPROV_REQ_SESSION requests */
1452 typedef struct dprov_session_req {
1453 	crypto_session_id_t *sr_session_id_ptr;
1454 	crypto_session_id_t sr_session_id;
1455 	crypto_user_type_t sr_user_type;
1456 	char *sr_pin;
1457 	size_t sr_pin_len;
1458 } dprov_session_req_t;
1459 
1460 /* for DPROV_REQ_OBJECT requests */
1461 typedef struct dprov_object_req {
1462 	crypto_session_id_t or_session_id;
1463 	crypto_object_id_t or_object_id;
1464 	crypto_object_attribute_t *or_template;
1465 	uint_t or_attribute_count;
1466 	crypto_object_id_t *or_object_id_ptr;
1467 	size_t *or_object_size;
1468 	void **or_find_pp;
1469 	void *or_find_p;
1470 	uint_t or_max_object_count;
1471 	uint_t *or_object_count_ptr;
1472 } dprov_object_req_t;
1473 
1474 /* for DPROV_REQ_KEY requests */
1475 typedef struct dprov_key_req {
1476 	crypto_session_id_t kr_session_id;
1477 	crypto_mechanism_t *kr_mechanism;
1478 	crypto_object_attribute_t *kr_template;
1479 	uint_t kr_attribute_count;
1480 	crypto_object_id_t *kr_object_id_ptr;
1481 	crypto_object_attribute_t *kr_private_key_template;
1482 	uint_t kr_private_key_attribute_count;
1483 	crypto_object_id_t *kr_private_key_object_id_ptr;
1484 	crypto_key_t *kr_key;
1485 	uchar_t *kr_wrapped_key;
1486 	size_t *kr_wrapped_key_len_ptr;
1487 	crypto_object_attribute_t *kr_out_template1;
1488 	crypto_object_attribute_t *kr_out_template2;
1489 	uint_t kr_out_attribute_count1;
1490 	uint_t kr_out_attribute_count2;
1491 } dprov_key_req_t;
1492 
1493 /* for DPROV_REQ_MGMT requests */
1494 typedef struct dprov_mgmt_req {
1495 	crypto_session_id_t mr_session_id;
1496 	char *mr_pin;
1497 	size_t mr_pin_len;
1498 	char *mr_old_pin;
1499 	size_t mr_old_pin_len;
1500 	char *mr_label;
1501 	crypto_provider_ext_info_t *mr_ext_info;
1502 } dprov_mgmt_req_t;
1503 
1504 /* request, as queued on taskq */
1505 typedef struct dprov_req {
1506 	dprov_req_type_t dr_type;
1507 	dprov_state_t *dr_softc;
1508 	crypto_req_handle_t dr_kcf_req;
1509 	union {
1510 		dprov_digest_req_t dru_digest_req;
1511 		dprov_mac_req_t dru_mac_req;
1512 		dprov_cipher_req_t dru_cipher_req;
1513 		dprov_sign_req_t dru_sign_req;
1514 		dprov_verify_req_t dru_verify_req;
1515 		dprov_dual_req_t dru_dual_req;
1516 		dprov_cipher_mac_req_t dru_cipher_mac_req;
1517 		dprov_random_req_t dru_random_req;
1518 		dprov_session_req_t dru_session_req;
1519 		dprov_object_req_t dru_object_req;
1520 		dprov_key_req_t dru_key_req;
1521 		dprov_mgmt_req_t dru_mgmt_req;
1522 	} dr_req;
1523 } dprov_req_t;
1524 
1525 /* shortcuts for union fields */
1526 #define	dr_digest_req		dr_req.dru_digest_req
1527 #define	dr_mac_req		dr_req.dru_mac_req
1528 #define	dr_cipher_req		dr_req.dru_cipher_req
1529 #define	dr_sign_req		dr_req.dru_sign_req
1530 #define	dr_verify_req		dr_req.dru_verify_req
1531 #define	dr_dual_req		dr_req.dru_dual_req
1532 #define	dr_cipher_mac_req	dr_req.dru_cipher_mac_req
1533 #define	dr_random_req		dr_req.dru_random_req
1534 #define	dr_session_req		dr_req.dru_session_req
1535 #define	dr_object_req		dr_req.dru_object_req
1536 #define	dr_key_req		dr_req.dru_key_req
1537 #define	dr_mgmt_req		dr_req.dru_mgmt_req
1538 
1539 /* prototypes for the tasq dispatcher functions */
1540 static void dprov_digest_task(dprov_req_t *);
1541 static void dprov_mac_task(dprov_req_t *);
1542 static void dprov_sign_task(dprov_req_t *);
1543 static void dprov_verify_task(dprov_req_t *);
1544 static void dprov_dual_task(dprov_req_t *);
1545 static void dprov_cipher_task(dprov_req_t *);
1546 static void dprov_cipher_mac_task(dprov_req_t *);
1547 static void dprov_random_task(dprov_req_t *);
1548 static void dprov_session_task(dprov_req_t *);
1549 static void dprov_object_task(dprov_req_t *);
1550 static void dprov_key_task(dprov_req_t *);
1551 static void dprov_mgmt_task(dprov_req_t *);
1552 
1553 /* helper functions */
1554 static int dprov_digest_submit_req(dprov_req_type_t, dprov_state_t *,
1555     crypto_req_handle_t, crypto_mechanism_t *, crypto_data_t *, crypto_key_t *,
1556     crypto_data_t *, crypto_ctx_t *, int);
1557 static int dprov_cipher_submit_req(dprov_req_type_t, dprov_state_t *,
1558     crypto_req_handle_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
1559     crypto_data_t *, crypto_ctx_t *, crypto_session_id_t, int);
1560 static int dprov_mac_submit_req(dprov_req_type_t, dprov_state_t *,
1561     crypto_req_handle_t, crypto_mechanism_t *, crypto_data_t *,
1562     crypto_key_t *, crypto_data_t *, crypto_ctx_t *, crypto_session_id_t, int);
1563 static int dprov_sign_submit_req(dprov_req_type_t, dprov_state_t *,
1564     crypto_req_handle_t, crypto_mechanism_t *, crypto_key_t *,
1565     crypto_data_t *, crypto_data_t *, crypto_ctx_t *, crypto_session_id_t, int);
1566 static int dprov_verify_submit_req(dprov_req_type_t, dprov_state_t *,
1567     crypto_req_handle_t, crypto_mechanism_t *, crypto_key_t *,
1568     crypto_data_t *, crypto_data_t *, crypto_ctx_t *, crypto_session_id_t, int);
1569 static int dprov_dual_submit_req(dprov_req_type_t, dprov_state_t *,
1570     crypto_req_handle_t, crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
1571     crypto_data_t *);
1572 static int dprov_cipher_mac_submit_req(dprov_req_type_t, dprov_state_t *,
1573     crypto_req_handle_t, crypto_ctx_t *, crypto_session_id_t,
1574     crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, crypto_key_t *,
1575     crypto_dual_data_t *, crypto_data_t *, crypto_data_t *, int);
1576 static int dprov_random_submit_req(dprov_req_type_t, dprov_state_t *,
1577     crypto_req_handle_t, uchar_t *, size_t, crypto_session_id_t, uint_t,
1578     uint32_t);
1579 static int dprov_session_submit_req(dprov_req_type_t, dprov_state_t *,
1580     crypto_req_handle_t, crypto_session_id_t *, crypto_session_id_t,
1581     crypto_user_type_t, char *, size_t);
1582 static int dprov_object_submit_req(dprov_req_type_t, dprov_state_t *,
1583     crypto_req_handle_t, crypto_session_id_t, crypto_object_id_t,
1584     crypto_object_attribute_t *, uint_t, crypto_object_id_t *, size_t *,
1585     void **, void *, uint_t, uint_t *, int);
1586 static int dprov_key_submit_req(dprov_req_type_t, dprov_state_t *,
1587     crypto_req_handle_t, crypto_session_id_t, crypto_mechanism_t *,
1588     crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
1589     crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
1590     crypto_key_t *, uchar_t *, size_t *, crypto_object_attribute_t *,
1591     uint_t, crypto_object_attribute_t *, uint_t);
1592 static int dprov_mgmt_submit_req(dprov_req_type_t, dprov_state_t *,
1593     crypto_req_handle_t, crypto_session_id_t, char *, size_t, char *, size_t,
1594     char *, crypto_provider_ext_info_t *);
1595 static int dprov_get_sw_prov(crypto_mechanism_t *, kcf_provider_desc_t **,
1596     crypto_mech_type_t *);
1597 
1598 /* object management helper functions */
1599 static void dprov_free_object(dprov_object_t *);
1600 static void dprov_release_session_objects(dprov_session_t *);
1601 static void dprov_adjust_attrs(crypto_object_attribute_t *, int);
1602 static boolean_t dprov_object_is_private(dprov_object_t *);
1603 static boolean_t dprov_object_is_token(dprov_object_t *);
1604 static int dprov_key_value_secret(dprov_state_t *, crypto_session_id_t,
1605     dprov_req_type_t, crypto_key_t *, crypto_key_t *);
1606 static int dprov_key_attr_asymmetric(dprov_state_t *, crypto_session_id_t,
1607     dprov_req_type_t, crypto_key_t *, crypto_key_t *);
1608 static int dprov_get_object_attr_boolean(dprov_object_t *, uint64_t,
1609 	boolean_t *);
1610 static int dprov_get_object_attr_ulong(dprov_object_t *, uint64_t, ulong_t *);
1611 static int dprov_get_object_attr_array(dprov_object_t *, uint64_t, void **,
1612     size_t *);
1613 static int dprov_get_key_attr_ulong(crypto_key_t *, uint64_t, ulong_t *);
1614 static int dprov_get_key_attr_array(crypto_key_t *, uint64_t, void **,
1615     size_t *);
1616 static int dprov_create_object_from_template(dprov_state_t *, dprov_session_t *,
1617     crypto_object_attribute_t *, uint_t, crypto_object_id_t *, boolean_t,
1618     boolean_t);
1619 static int dprov_get_template_attr_scalar_common(crypto_object_attribute_t *,
1620     uint_t, uint64_t, void *, size_t);
1621 static int dprov_get_template_attr_boolean(crypto_object_attribute_t *,
1622     uint_t, uint64_t, boolean_t *);
1623 static int dprov_get_template_attr_ulong(crypto_object_attribute_t *, uint_t,
1624     uint64_t, ulong_t *);
1625 static int dprov_template_attr_present(crypto_object_attribute_t *, uint_t,
1626     uint64_t);
1627 static int dprov_get_template_attr_array(crypto_object_attribute_t *, uint_t,
1628     uint64_t, void **, size_t *);
1629 static int dprov_destroy_object(dprov_state_t *, dprov_session_t *,
1630     crypto_object_id_t);
1631 static int dprov_object_set_attr(dprov_session_t *, crypto_object_id_t,
1632     crypto_object_attribute_t *, uint_t, boolean_t);
1633 static int dprov_find_attr(crypto_object_attribute_t *, uint_t, uint64_t);
1634 static boolean_t dprov_attributes_match(dprov_object_t *,
1635     crypto_object_attribute_t *, uint_t);
1636 
1637 /* retrieve the softc and instance number from a SPI crypto context */
1638 #define	DPROV_SOFTC_FROM_CTX(ctx, softc, instance) {	\
1639 	(softc) = (dprov_state_t *)(ctx)->cc_provider;	\
1640 	(instance) = ddi_get_instance((softc)->ds_dip);	\
1641 }
1642 
1643 /* retrieve the softc and instance number from a taskq request */
1644 #define	DPROV_SOFTC_FROM_REQ(req, softc, instance) {	\
1645 	(softc) = (req)->dr_softc;			\
1646 	(instance) = ddi_get_instance((softc)->ds_dip);	\
1647 }
1648 
1649 /*
1650  * The dprov private context most of the time contains a pointer to the
1651  * crypto_context_t that was allocated when calling a KCF function.
1652  * Dual cipher/mac operations however require the dprov driver
1653  * to maintain the contexts associated with the separate cipher
1654  * and mac operations. These two types of dprov contexts are
1655  * defined below.
1656  */
1657 typedef enum dprov_ctx_type {
1658 	DPROV_CTX_SINGLE,
1659 	DPROV_CTX_DUAL
1660 } dprov_ctx_type_t;
1661 
1662 /*
1663  * When the context refers to a single KCF context, the
1664  * cc_provider field of a crypto_ctx_t points to a structure of
1665  * type dprov_ctx_single.
1666  */
1667 typedef struct dprov_ctx_single {
1668 	dprov_ctx_type_t dc_type;
1669 	crypto_context_t dc_ctx;
1670 	boolean_t dc_svrfy_to_mac;
1671 } dprov_ctx_single_t;
1672 
1673 /*
1674  * When the context is used for cipher/mac operations, it contains
1675  * pointers to to KCF contexts, one for the cipher operation, the
1676  * other for the mac operation.
1677  */
1678 typedef struct dprov_ctx_dual {
1679 	dprov_ctx_type_t cd_type;
1680 	crypto_context_t cd_cipher_ctx;
1681 	crypto_context_t cd_mac_ctx;
1682 } dprov_ctx_dual_t;
1683 
1684 /*
1685  * Helper macros for context accessors. These macros return the
1686  * k-API context corresponding to the given SPI context for
1687  * single and dual cipher/mac operations.
1688  */
1689 
1690 #define	DPROV_CTX_P(_ctx) \
1691 	((dprov_ctx_single_t *)(_ctx)->cc_provider_private)
1692 
1693 #define	DPROV_CTX_SINGLE(_ctx)	((DPROV_CTX_P(_ctx))->dc_ctx)
1694 
1695 #define	DPROV_CTX_DUAL_CIPHER(_ctx) \
1696 	(((dprov_ctx_dual_t *)(_ctx)->cc_provider_private)->cd_cipher_ctx)
1697 
1698 #define	DPROV_CTX_DUAL_MAC(_ctx) \
1699 	(((dprov_ctx_dual_t *)(_ctx)->cc_provider_private)->cd_mac_ctx)
1700 
1701 static int dprov_alloc_context(dprov_req_type_t, crypto_ctx_t *);
1702 
1703 
1704 
1705 static void *statep;	/* state pointer */
1706 
1707 /*
1708  * DDI entry points.
1709  */
1710 int
_init(void)1711 _init(void)
1712 {
1713 	int error;
1714 
1715 	DPROV_DEBUG(D_INIT, ("dprov: in _init\n"));
1716 
1717 	if ((error = ddi_soft_state_init(&statep, sizeof (dprov_state_t),
1718 	    0)) != 0)
1719 		return (error);
1720 
1721 	return (mod_install(&modlinkage));
1722 }
1723 
1724 int
_fini(void)1725 _fini(void)
1726 {
1727 	int error;
1728 
1729 	DPROV_DEBUG(D_INIT, ("dprov: in _fini\n"));
1730 
1731 	if ((error = mod_remove(&modlinkage)) != 0)
1732 		return (error);
1733 
1734 	ddi_soft_state_fini(&statep);
1735 
1736 	return (0);
1737 }
1738 
1739 int
_info(struct modinfo * modinfop)1740 _info(struct modinfo *modinfop)
1741 {
1742 	DPROV_DEBUG(D_INIT, ("dprov: in _info\n"));
1743 
1744 	return (mod_info(&modlinkage, modinfop));
1745 }
1746 
1747 /* ARGSUSED */
1748 static int
dprov_getinfo(dev_info_t * dip,ddi_info_cmd_t cmd,void * arg,void ** result)1749 dprov_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result)
1750 {
1751 	int instance = getminor((dev_t)arg);
1752 	dprov_state_t *softc;
1753 
1754 	DPROV_DEBUG(D_ATTACH, ("dprov: in dprov_getinfo() for %d\n",
1755 	    instance));
1756 
1757 	switch (cmd) {
1758 	case DDI_INFO_DEVT2DEVINFO:
1759 		softc = ddi_get_soft_state(statep, instance);
1760 		*result = softc->ds_dip;
1761 		return (DDI_SUCCESS);
1762 
1763 	case DDI_INFO_DEVT2INSTANCE:
1764 		*result = (void *)(uintptr_t)instance;
1765 		return (DDI_SUCCESS);
1766 	}
1767 	return (DDI_FAILURE);
1768 }
1769 
1770 static int
dprov_attach(dev_info_t * dip,ddi_attach_cmd_t cmd)1771 dprov_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
1772 {
1773 	int instance = ddi_get_instance(dip);
1774 	dprov_state_t *softc;
1775 	char devname[256];
1776 	int ret;
1777 
1778 	DPROV_DEBUG(D_ATTACH, ("dprov: in dprov_attach() for %d\n",
1779 	    instance));
1780 
1781 	if (cmd != DDI_ATTACH) {
1782 		return (DDI_FAILURE);
1783 	}
1784 
1785 	/* get new softc and initialize it */
1786 	if (ddi_soft_state_zalloc(statep, instance) != DDI_SUCCESS)
1787 		return (DDI_FAILURE);
1788 
1789 	softc = ddi_get_soft_state(statep, instance);
1790 	mutex_init(&softc->ds_lock, NULL, MUTEX_DRIVER, NULL);
1791 	softc->ds_dip = dip;
1792 	softc->ds_prov_handle = 0;
1793 
1794 	/* create minor node */
1795 	(void) sprintf(devname, "dprov%d", instance);
1796 	if (ddi_create_minor_node(dip, devname, S_IFCHR, instance,
1797 	    DDI_PSEUDO, 0) != DDI_SUCCESS) {
1798 		cmn_err(CE_WARN, "attach: failed creating minor node");
1799 		mutex_destroy(&softc->ds_lock);
1800 		ddi_soft_state_free(statep, instance);
1801 		return (DDI_FAILURE);
1802 	}
1803 
1804 	nostore_key_gen = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1805 	    DDI_PROP_DONTPASS, "nostore_key_gen", 0);
1806 	if (nostore_key_gen != 0) {
1807 		dprov_prov_info.pi_interface_version = CRYPTO_SPI_VERSION_3;
1808 		dprov_crypto_ops.co_object_ops = NULL;
1809 		dprov_crypto_ops.co_nostore_key_ops = &dprov_nostore_key_ops;
1810 	}
1811 
1812 	dprov_max_digestsz = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1813 	    DDI_PROP_DONTPASS, "max_digest_sz", INT_MAX);
1814 	if (dprov_max_digestsz != INT_MAX && dprov_max_digestsz != 0 &&
1815 	    dprov_max_digestsz != DDI_PROP_NOT_FOUND) {
1816 		dprov_no_multipart = B_TRUE;
1817 		dprov_prov_info.pi_flags |=
1818 		    (CRYPTO_HASH_NO_UPDATE | CRYPTO_HMAC_NO_UPDATE);
1819 	}
1820 
1821 	/* create taskq */
1822 	softc->ds_taskq = taskq_create(devname, 1, minclsyspri,
1823 	    crypto_taskq_minalloc, crypto_taskq_maxalloc, TASKQ_PREPOPULATE);
1824 
1825 	/* initialize table of sessions */
1826 	softc->ds_sessions = kmem_zalloc(DPROV_MIN_SESSIONS *
1827 	    sizeof (dprov_session_t *), KM_SLEEP);
1828 	softc->ds_sessions_slots = DPROV_MIN_SESSIONS;
1829 	softc->ds_sessions_count = 0;
1830 
1831 	/* initialized done by init_token entry point */
1832 	softc->ds_token_initialized = B_TRUE;
1833 
1834 	(void) memset(softc->ds_label, ' ', CRYPTO_EXT_SIZE_LABEL);
1835 	bcopy("Dummy Pseudo HW Provider", softc->ds_label, 24);
1836 
1837 	bcopy("changeme", softc->ds_user_pin, 8);
1838 	softc->ds_user_pin_len = 8;
1839 	softc->ds_user_pin_set = B_TRUE;
1840 
1841 	/* register with the crypto framework */
1842 	dprov_prov_info.pi_provider_dev.pd_hw = dip;
1843 	dprov_prov_info.pi_provider_handle = softc;
1844 
1845 	if (dprov_no_multipart) { /* Export only single part */
1846 		dprov_digest_ops.digest_update = NULL;
1847 		dprov_digest_ops.digest_key = NULL;
1848 		dprov_digest_ops.digest_final = NULL;
1849 		dprov_object_ops.object_create = NULL;
1850 	}
1851 
1852 	if ((ret = crypto_register_provider(&dprov_prov_info,
1853 	    &softc->ds_prov_handle)) != CRYPTO_SUCCESS) {
1854 		cmn_err(CE_WARN,
1855 		    "dprov crypto_register_provider() failed (0x%x)", ret);
1856 		taskq_destroy(softc->ds_taskq);
1857 		kmem_free(softc->ds_sessions, softc->ds_sessions_slots *
1858 		    sizeof (dprov_session_t *));
1859 		mutex_destroy(&softc->ds_lock);
1860 		ddi_soft_state_free(statep, instance);
1861 		ddi_remove_minor_node(dip, NULL);
1862 		return (DDI_FAILURE);
1863 	}
1864 
1865 	/*
1866 	 * This call is for testing only; it is not required by the SPI.
1867 	 */
1868 	crypto_provider_notification(softc->ds_prov_handle,
1869 	    CRYPTO_PROVIDER_READY);
1870 
1871 	return (DDI_SUCCESS);
1872 }
1873 
1874 static int
dprov_detach(dev_info_t * dip,ddi_detach_cmd_t cmd)1875 dprov_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
1876 {
1877 	int instance = ddi_get_instance(dip);
1878 	dprov_state_t *softc = ddi_get_soft_state(statep, instance);
1879 	dprov_session_t *session;
1880 	int i, ret;
1881 
1882 	DPROV_DEBUG(D_ATTACH, ("dprov: in dprov_detach() for %d\n",
1883 	    instance));
1884 
1885 	if (cmd != DDI_DETACH)
1886 		return (DDI_FAILURE);
1887 
1888 	/* unregister from the crypto framework */
1889 	if (softc->ds_prov_handle != 0)
1890 		if ((ret = crypto_unregister_provider(
1891 		    softc->ds_prov_handle)) != CRYPTO_SUCCESS) {
1892 			cmn_err(CE_WARN, "dprov_detach: "
1893 			    "crypto_unregister_provider() "
1894 			    "failed (0x%x)", ret);
1895 			return (DDI_FAILURE);
1896 		}
1897 
1898 
1899 	taskq_destroy(softc->ds_taskq);
1900 
1901 	for (i = 0; i < softc->ds_sessions_slots; i++) {
1902 		if ((session = softc->ds_sessions[i]) == NULL)
1903 			continue;
1904 
1905 		dprov_release_session_objects(session);
1906 
1907 		kmem_free(session, sizeof (dprov_session_t));
1908 		softc->ds_sessions_count--;
1909 
1910 	}
1911 
1912 	kmem_free(softc->ds_sessions, softc->ds_sessions_slots *
1913 	    sizeof (dprov_session_t *));
1914 	/* free token objects */
1915 	for (i = 0; i < DPROV_MAX_OBJECTS; i++)
1916 		if (softc->ds_objects[i] != NULL)
1917 			dprov_free_object(softc->ds_objects[i]);
1918 
1919 	mutex_destroy(&softc->ds_lock);
1920 	ddi_soft_state_free(statep, instance);
1921 
1922 	ddi_remove_minor_node(dip, NULL);
1923 
1924 	return (DDI_SUCCESS);
1925 }
1926 
1927 /*
1928  * Control entry points.
1929  */
1930 static void
dprov_provider_status(crypto_provider_handle_t provider,uint_t * status)1931 dprov_provider_status(crypto_provider_handle_t provider, uint_t *status)
1932 {
1933 	_NOTE(ARGUNUSED(provider))
1934 
1935 	*status = CRYPTO_PROVIDER_READY;
1936 }
1937 
1938 /*
1939  * Digest entry points.
1940  */
1941 
1942 static int
dprov_digest_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_req_handle_t req)1943 dprov_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
1944     crypto_req_handle_t req)
1945 {
1946 	int error = CRYPTO_FAILED;
1947 	dprov_state_t *softc;
1948 	/* LINTED E_FUNC_SET_NOT_USED */
1949 	int instance;
1950 
1951 	/* extract softc and instance number from context */
1952 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
1953 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_init: started\n", instance));
1954 
1955 	/* check mechanism */
1956 	if (mechanism->cm_type != MD4_MECH_INFO_TYPE &&
1957 	    mechanism->cm_type != MD5_MECH_INFO_TYPE &&
1958 	    mechanism->cm_type != SHA1_MECH_INFO_TYPE &&
1959 	    mechanism->cm_type != SHA256_MECH_INFO_TYPE &&
1960 	    mechanism->cm_type != SHA384_MECH_INFO_TYPE &&
1961 	    mechanism->cm_type != SHA512_MECH_INFO_TYPE &&
1962 	    mechanism->cm_type != SHA512_224_MECH_INFO_TYPE &&
1963 	    mechanism->cm_type != SHA512_256_MECH_INFO_TYPE) {
1964 		cmn_err(CE_WARN, "dprov_digest_init: unexpected mech type "
1965 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
1966 		return (CRYPTO_MECHANISM_INVALID);
1967 	}
1968 
1969 	/* submit request to the taskq */
1970 	error = dprov_digest_submit_req(DPROV_REQ_DIGEST_INIT, softc, req,
1971 	    mechanism, NULL, NULL, NULL, ctx, KM_SLEEP);
1972 
1973 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_init: done err = 0x%x\n",
1974 	    instance, error));
1975 
1976 	return (error);
1977 }
1978 
1979 static int
dprov_digest(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * digest,crypto_req_handle_t req)1980 dprov_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
1981     crypto_req_handle_t req)
1982 {
1983 	int error = CRYPTO_FAILED;
1984 	dprov_state_t *softc;
1985 	/* LINTED E_FUNC_SET_NOT_USED */
1986 	int instance;
1987 
1988 	if (dprov_no_multipart && data->cd_length > dprov_max_digestsz)
1989 		return (CRYPTO_BUFFER_TOO_BIG);
1990 
1991 	/* extract softc and instance number from context */
1992 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
1993 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest: started\n", instance));
1994 
1995 	/* submit request to the taskq */
1996 	error = dprov_digest_submit_req(DPROV_REQ_DIGEST, softc, req,
1997 	    NULL, data, NULL, digest, ctx, KM_NOSLEEP);
1998 
1999 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest: done, err = 0x%x\n",
2000 	    instance, error));
2001 
2002 	return (error);
2003 }
2004 
2005 static int
dprov_digest_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)2006 dprov_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
2007     crypto_req_handle_t req)
2008 {
2009 	int error = CRYPTO_FAILED;
2010 	dprov_state_t *softc;
2011 	/* LINTED E_FUNC_SET_NOT_USED */
2012 	int instance;
2013 
2014 	/* extract softc and instance number from context */
2015 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2016 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_update: started\n",
2017 	    instance));
2018 
2019 	/* submit request to the taskq */
2020 	error = dprov_digest_submit_req(DPROV_REQ_DIGEST_UPDATE, softc,
2021 	    req, NULL, data, NULL, NULL, ctx, KM_NOSLEEP);
2022 
2023 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_update: done err = 0x0%x\n",
2024 	    instance, error));
2025 
2026 	return (error);
2027 }
2028 
2029 static int
dprov_digest_key(crypto_ctx_t * ctx,crypto_key_t * key,crypto_req_handle_t req)2030 dprov_digest_key(crypto_ctx_t *ctx, crypto_key_t *key, crypto_req_handle_t req)
2031 {
2032 	int error = CRYPTO_FAILED;
2033 	dprov_state_t *softc;
2034 	/* LINTED E_FUNC_SET_NOT_USED */
2035 	int instance;
2036 
2037 	/* extract softc and instance number from context */
2038 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2039 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_key: started\n", instance));
2040 
2041 	/* submit request to the taskq */
2042 	error = dprov_digest_submit_req(DPROV_REQ_DIGEST_KEY, softc, req, NULL,
2043 	    NULL, key, NULL, ctx, KM_NOSLEEP);
2044 
2045 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_key: done err = 0x0%x\n",
2046 	    instance, error));
2047 
2048 	return (error);
2049 }
2050 
2051 static int
dprov_digest_final(crypto_ctx_t * ctx,crypto_data_t * digest,crypto_req_handle_t req)2052 dprov_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
2053     crypto_req_handle_t req)
2054 {
2055 	int error = CRYPTO_FAILED;
2056 	dprov_state_t *softc;
2057 	/* LINTED E_FUNC_SET_NOT_USED */
2058 	int instance;
2059 
2060 	/* extract softc and instance number from context */
2061 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2062 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_final: started\n", instance));
2063 
2064 	/* submit request to the taskq */
2065 	error = dprov_digest_submit_req(DPROV_REQ_DIGEST_FINAL, softc, req,
2066 	    NULL, NULL, NULL, digest, ctx, KM_NOSLEEP);
2067 
2068 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_final: done err = 0x0%x\n",
2069 	    instance, error));
2070 
2071 	return (error);
2072 }
2073 
2074 /* ARGSUSED */
2075 static int
dprov_digest_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_data_t * data,crypto_data_t * digest,crypto_req_handle_t req)2076 dprov_digest_atomic(crypto_provider_handle_t provider,
2077     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2078     crypto_data_t *data, crypto_data_t *digest,
2079     crypto_req_handle_t req)
2080 {
2081 	int error = CRYPTO_FAILED;
2082 	dprov_state_t *softc = (dprov_state_t *)provider;
2083 	/* LINTED E_FUNC_SET_NOT_USED */
2084 	int instance;
2085 
2086 	if (dprov_no_multipart && data->cd_length > dprov_max_digestsz)
2087 		return (CRYPTO_BUFFER_TOO_BIG);
2088 
2089 	instance = ddi_get_instance(softc->ds_dip);
2090 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_atomic: started\n",
2091 	    instance));
2092 
2093 	/* check mechanism */
2094 	if (mechanism->cm_type != MD4_MECH_INFO_TYPE &&
2095 	    mechanism->cm_type != MD5_MECH_INFO_TYPE &&
2096 	    mechanism->cm_type != SHA1_MECH_INFO_TYPE &&
2097 	    mechanism->cm_type != SHA256_MECH_INFO_TYPE &&
2098 	    mechanism->cm_type != SHA384_MECH_INFO_TYPE &&
2099 	    mechanism->cm_type != SHA512_MECH_INFO_TYPE) {
2100 		cmn_err(CE_WARN, "dprov_digest_atomic: unexpected mech type "
2101 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2102 		return (CRYPTO_MECHANISM_INVALID);
2103 	}
2104 
2105 	/* submit request to the taskq */
2106 	error = dprov_digest_submit_req(DPROV_REQ_DIGEST_ATOMIC, softc, req,
2107 	    mechanism, data, NULL, digest, NULL, KM_SLEEP);
2108 
2109 	DPROV_DEBUG(D_DIGEST, ("(%d) dprov_digest_atomic: done err = 0x0%x\n",
2110 	    instance, error));
2111 
2112 	return (error);
2113 }
2114 
2115 /*
2116  * MAC entry points.
2117  */
2118 
2119 /*
2120  * Checks whether the specified mech_type is supported by mac
2121  * entry points.
2122  */
2123 static boolean_t
dprov_valid_mac_mech(crypto_mech_type_t mech_type)2124 dprov_valid_mac_mech(crypto_mech_type_t mech_type)
2125 {
2126 	return (mech_type == MD5_HMAC_MECH_INFO_TYPE ||
2127 	    mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE ||
2128 	    mech_type == SHA1_HMAC_MECH_INFO_TYPE ||
2129 	    mech_type == SHA1_HMAC_GEN_MECH_INFO_TYPE ||
2130 	    mech_type == SHA256_HMAC_MECH_INFO_TYPE ||
2131 	    mech_type == SHA256_HMAC_GEN_MECH_INFO_TYPE ||
2132 	    mech_type == SHA384_HMAC_MECH_INFO_TYPE ||
2133 	    mech_type == SHA384_HMAC_GEN_MECH_INFO_TYPE ||
2134 	    mech_type == SHA512_HMAC_MECH_INFO_TYPE ||
2135 	    mech_type == SHA512_HMAC_GEN_MECH_INFO_TYPE ||
2136 	    mech_type == AES_GMAC_MECH_INFO_TYPE ||
2137 	    mech_type == AES_CMAC_MECH_INFO_TYPE);
2138 }
2139 
2140 static int
dprov_mac_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2141 dprov_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2142     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
2143     crypto_req_handle_t req)
2144 {
2145 	int error = CRYPTO_FAILED;
2146 	dprov_state_t *softc;
2147 	/* LINTED E_FUNC_SET_NOT_USED */
2148 	int instance;
2149 
2150 	/* extract softc and instance number from context */
2151 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2152 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_init: started\n", instance));
2153 
2154 	/* check mechanism */
2155 	if (!dprov_valid_mac_mech(mechanism->cm_type)) {
2156 		cmn_err(CE_WARN, "dprov_mac_init: unexpected mech type "
2157 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2158 		return (CRYPTO_MECHANISM_INVALID);
2159 	}
2160 
2161 	if (ctx_template != NULL)
2162 		return (CRYPTO_ARGUMENTS_BAD);
2163 
2164 	/* submit request to the taskq */
2165 	error = dprov_mac_submit_req(DPROV_REQ_MAC_INIT, softc, req,
2166 	    mechanism, NULL, key, NULL, ctx, 0, KM_SLEEP);
2167 
2168 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_init: done err = 0x%x\n",
2169 	    instance, error));
2170 
2171 	return (error);
2172 }
2173 
2174 static int
dprov_mac(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * mac,crypto_req_handle_t req)2175 dprov_mac(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *mac,
2176     crypto_req_handle_t req)
2177 {
2178 	int error = CRYPTO_FAILED;
2179 	dprov_state_t *softc;
2180 	/* LINTED E_FUNC_SET_NOT_USED */
2181 	int instance;
2182 
2183 	/* extract softc and instance number from context */
2184 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2185 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac: started\n", instance));
2186 
2187 	/* submit request to the taskq */
2188 	error = dprov_mac_submit_req(DPROV_REQ_MAC, softc, req,
2189 	    NULL, data, NULL, mac, ctx, 0, KM_NOSLEEP);
2190 
2191 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac: done, err = 0x%x\n", instance,
2192 	    error));
2193 
2194 	return (error);
2195 }
2196 
2197 static int
dprov_mac_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)2198 dprov_mac_update(crypto_ctx_t *ctx, crypto_data_t *data,
2199     crypto_req_handle_t req)
2200 {
2201 	int error = CRYPTO_FAILED;
2202 	dprov_state_t *softc;
2203 	/* LINTED E_FUNC_SET_NOT_USED */
2204 	int instance;
2205 
2206 	/* extract softc and instance number from context */
2207 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2208 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_update: started\n", instance));
2209 
2210 	/* submit request to the taskq */
2211 	error = dprov_mac_submit_req(DPROV_REQ_MAC_UPDATE, softc,
2212 	    req, NULL, data, NULL, NULL, ctx, 0, KM_NOSLEEP);
2213 
2214 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_update: done err = 0x0%x\n",
2215 	    instance, error));
2216 
2217 	return (error);
2218 }
2219 
2220 static int
dprov_mac_final(crypto_ctx_t * ctx,crypto_data_t * mac,crypto_req_handle_t req)2221 dprov_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
2222 {
2223 	int error = CRYPTO_FAILED;
2224 	dprov_state_t *softc;
2225 	/* LINTED E_FUNC_SET_NOT_USED */
2226 	int instance;
2227 
2228 	/* extract softc and instance number from context */
2229 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2230 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_final: started\n", instance));
2231 
2232 	/* submit request to the taskq */
2233 	error = dprov_mac_submit_req(DPROV_REQ_MAC_FINAL, softc, req,
2234 	    NULL, NULL, NULL, mac, ctx, 0, KM_NOSLEEP);
2235 
2236 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_final: done err = 0x0%x\n",
2237 	    instance, error));
2238 
2239 	return (error);
2240 }
2241 
2242 static int
dprov_mac_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * mac,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2243 dprov_mac_atomic(crypto_provider_handle_t provider,
2244     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2245     crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
2246     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
2247 {
2248 	int error = CRYPTO_FAILED;
2249 	dprov_state_t *softc = (dprov_state_t *)provider;
2250 	/* LINTED E_FUNC_SET_NOT_USED */
2251 	int instance;
2252 
2253 	instance = ddi_get_instance(softc->ds_dip);
2254 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_atomic: started\n", instance));
2255 
2256 	if (ctx_template != NULL)
2257 		return (CRYPTO_ARGUMENTS_BAD);
2258 
2259 	/* check mechanism */
2260 	if (!dprov_valid_mac_mech(mechanism->cm_type)) {
2261 		cmn_err(CE_WARN, "dprov_mac_atomic: unexpected mech type "
2262 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2263 		return (CRYPTO_MECHANISM_INVALID);
2264 	}
2265 
2266 	/* submit request to the taskq */
2267 	error = dprov_mac_submit_req(DPROV_REQ_MAC_ATOMIC, softc, req,
2268 	    mechanism, data, key, mac, NULL, session_id, KM_SLEEP);
2269 
2270 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_atomic: done err = 0x0%x\n",
2271 	    instance, error));
2272 
2273 	return (error);
2274 }
2275 
2276 static int
dprov_mac_verify_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * mac,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2277 dprov_mac_verify_atomic(crypto_provider_handle_t provider,
2278     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2279     crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
2280     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
2281 {
2282 	int error = CRYPTO_FAILED;
2283 	dprov_state_t *softc = (dprov_state_t *)provider;
2284 	/* LINTED E_FUNC_SET_NOT_USED */
2285 	int instance;
2286 
2287 	instance = ddi_get_instance(softc->ds_dip);
2288 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_verify_atomic: started\n",
2289 	    instance));
2290 
2291 	if (ctx_template != NULL)
2292 		return (CRYPTO_ARGUMENTS_BAD);
2293 
2294 	/* check mechanism */
2295 	if (!dprov_valid_mac_mech(mechanism->cm_type)) {
2296 		cmn_err(CE_WARN, "dprov_mac_verify_atomic: unexpected mech "
2297 		    "type 0x%llx\n", (unsigned long long)mechanism->cm_type);
2298 		return (CRYPTO_MECHANISM_INVALID);
2299 	}
2300 
2301 	/* submit request to the taskq */
2302 	error = dprov_mac_submit_req(DPROV_REQ_MAC_VERIFY_ATOMIC, softc, req,
2303 	    mechanism, data, key, mac, NULL, session_id, KM_SLEEP);
2304 
2305 	DPROV_DEBUG(D_MAC, ("(%d) dprov_mac_verify_atomic: done err = 0x0%x\n",
2306 	    instance, error));
2307 
2308 	return (error);
2309 }
2310 
2311 /*
2312  * Cipher (encrypt/decrypt) entry points.
2313  */
2314 
2315 /*
2316  * Checks whether the specified mech_type is supported by cipher entry
2317  * points.
2318  */
2319 static boolean_t
dprov_valid_cipher_mech(crypto_mech_type_t mech_type)2320 dprov_valid_cipher_mech(crypto_mech_type_t mech_type)
2321 {
2322 	return (mech_type == DES_CBC_MECH_INFO_TYPE ||
2323 	    mech_type == DES3_CBC_MECH_INFO_TYPE ||
2324 	    mech_type == DES_ECB_MECH_INFO_TYPE ||
2325 	    mech_type == DES3_ECB_MECH_INFO_TYPE ||
2326 	    mech_type == BLOWFISH_CBC_MECH_INFO_TYPE ||
2327 	    mech_type == BLOWFISH_ECB_MECH_INFO_TYPE ||
2328 	    mech_type == AES_CBC_MECH_INFO_TYPE ||
2329 	    mech_type == AES_CMAC_MECH_INFO_TYPE ||
2330 	    mech_type == AES_ECB_MECH_INFO_TYPE ||
2331 	    mech_type == AES_CTR_MECH_INFO_TYPE ||
2332 	    mech_type == AES_CCM_MECH_INFO_TYPE ||
2333 	    mech_type == AES_GCM_MECH_INFO_TYPE ||
2334 	    mech_type == AES_GMAC_MECH_INFO_TYPE ||
2335 	    mech_type == RC4_MECH_INFO_TYPE ||
2336 	    mech_type == RSA_PKCS_MECH_INFO_TYPE ||
2337 	    mech_type == RSA_X_509_MECH_INFO_TYPE ||
2338 	    mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE ||
2339 	    mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE ||
2340 	    mech_type == SHA256_RSA_PKCS_MECH_INFO_TYPE ||
2341 	    mech_type == SHA384_RSA_PKCS_MECH_INFO_TYPE ||
2342 	    mech_type == SHA512_RSA_PKCS_MECH_INFO_TYPE);
2343 }
2344 
2345 static boolean_t
is_publickey_mech(crypto_mech_type_t mech_type)2346 is_publickey_mech(crypto_mech_type_t mech_type)
2347 {
2348 	return (mech_type == RSA_PKCS_MECH_INFO_TYPE ||
2349 	    mech_type == RSA_X_509_MECH_INFO_TYPE ||
2350 	    mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE ||
2351 	    mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE ||
2352 	    mech_type == SHA256_RSA_PKCS_MECH_INFO_TYPE ||
2353 	    mech_type == SHA384_RSA_PKCS_MECH_INFO_TYPE ||
2354 	    mech_type == SHA512_RSA_PKCS_MECH_INFO_TYPE ||
2355 	    mech_type == ECDSA_SHA1_MECH_INFO_TYPE ||
2356 	    mech_type == ECDSA_MECH_INFO_TYPE);
2357 }
2358 
2359 
2360 /* ARGSUSED */
2361 static int
dprov_encrypt_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2362 dprov_encrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2363     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
2364     crypto_req_handle_t req)
2365 {
2366 	int error = CRYPTO_FAILED;
2367 	dprov_state_t *softc;
2368 	/* LINTED E_FUNC_SET_NOT_USED */
2369 	int instance;
2370 
2371 	/* extract softc and instance number from context */
2372 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2373 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt_init: started\n",
2374 	    instance));
2375 
2376 	/* check mechanism */
2377 	if (!dprov_valid_cipher_mech(mechanism->cm_type)) {
2378 		cmn_err(CE_WARN, "dprov_encrypt_init: unexpected mech type "
2379 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2380 		return (CRYPTO_MECHANISM_INVALID);
2381 	}
2382 
2383 	/* submit request to the taskq */
2384 	error = dprov_cipher_submit_req(DPROV_REQ_ENCRYPT_INIT, softc,
2385 	    req, mechanism, key, NULL, NULL, ctx, 0, KM_SLEEP);
2386 
2387 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt_init: done err = 0x0%x\n",
2388 	    instance, error));
2389 
2390 	return (error);
2391 }
2392 
2393 /* ARGSUSED */
2394 static int
dprov_encrypt(crypto_ctx_t * ctx,crypto_data_t * plaintext,crypto_data_t * ciphertext,crypto_req_handle_t req)2395 dprov_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
2396     crypto_data_t *ciphertext, crypto_req_handle_t req)
2397 {
2398 	int error = CRYPTO_FAILED;
2399 	dprov_state_t *softc;
2400 	/* LINTED E_FUNC_SET_NOT_USED */
2401 	int instance;
2402 
2403 	/* extract softc and instance number from context */
2404 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2405 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt: started\n", instance));
2406 
2407 	/* submit request to the taskq */
2408 	error = dprov_cipher_submit_req(DPROV_REQ_ENCRYPT, softc,
2409 	    req, NULL, NULL, plaintext, ciphertext, ctx, 0, KM_NOSLEEP);
2410 
2411 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt: done err = 0x0%x\n",
2412 	    instance, error));
2413 
2414 	return (error);
2415 }
2416 
2417 /* ARGSUSED */
2418 static int
dprov_encrypt_update(crypto_ctx_t * ctx,crypto_data_t * plaintext,crypto_data_t * ciphertext,crypto_req_handle_t req)2419 dprov_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
2420     crypto_data_t *ciphertext, crypto_req_handle_t req)
2421 {
2422 	int error = CRYPTO_FAILED;
2423 	dprov_state_t *softc;
2424 	/* LINTED E_FUNC_SET_NOT_USED */
2425 	int instance;
2426 
2427 	/* extract softc and instance number from context */
2428 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2429 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt_update: started\n",
2430 	    instance));
2431 
2432 	/* submit request to the taskq */
2433 	error = dprov_cipher_submit_req(DPROV_REQ_ENCRYPT_UPDATE, softc,
2434 	    req, NULL, NULL, plaintext, ciphertext, ctx, 0, KM_NOSLEEP);
2435 
2436 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt_update: done err = 0x0%x\n",
2437 	    instance, error));
2438 
2439 	return (error);
2440 }
2441 
2442 /* ARGSUSED */
2443 static int
dprov_encrypt_final(crypto_ctx_t * ctx,crypto_data_t * ciphertext,crypto_req_handle_t req)2444 dprov_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
2445     crypto_req_handle_t req)
2446 {
2447 	int error = CRYPTO_FAILED;
2448 	dprov_state_t *softc;
2449 	/* LINTED E_FUNC_SET_NOT_USED */
2450 	int instance;
2451 
2452 	/* extract softc and instance number from context */
2453 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2454 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt_final: started\n",
2455 	    instance));
2456 
2457 	/* submit request to the taskq */
2458 	error = dprov_cipher_submit_req(DPROV_REQ_ENCRYPT_FINAL, softc,
2459 	    req, NULL, NULL, NULL, ciphertext, ctx, 0, KM_NOSLEEP);
2460 
2461 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_encrypt_final: done err = 0x0%x\n",
2462 	    instance, error));
2463 
2464 	return (error);
2465 }
2466 
2467 static int
dprov_encrypt_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * plaintext,crypto_data_t * ciphertext,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2468 dprov_encrypt_atomic(crypto_provider_handle_t provider,
2469     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2470     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
2471     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
2472 {
2473 	int error = CRYPTO_FAILED;
2474 	dprov_state_t *softc = (dprov_state_t *)provider;
2475 	/* LINTED E_FUNC_SET_NOT_USED */
2476 	int instance;
2477 
2478 	instance = ddi_get_instance(softc->ds_dip);
2479 	DPROV_DEBUG(D_MAC, ("(%d) dprov_encrypt_atomic: started\n", instance));
2480 
2481 	if (ctx_template != NULL)
2482 		return (CRYPTO_ARGUMENTS_BAD);
2483 
2484 	/* check mechanism */
2485 	if (!dprov_valid_cipher_mech(mechanism->cm_type)) {
2486 		cmn_err(CE_WARN, "dprov_encrypt_atomic: unexpected mech type "
2487 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2488 		return (CRYPTO_MECHANISM_INVALID);
2489 	}
2490 
2491 	error = dprov_cipher_submit_req(DPROV_REQ_ENCRYPT_ATOMIC, softc,
2492 	    req, mechanism, key, plaintext, ciphertext, NULL, session_id,
2493 	    KM_SLEEP);
2494 
2495 	DPROV_DEBUG(D_MAC, ("(%d) dprov_encrypt_atomic: done err = 0x0%x\n",
2496 	    instance, error));
2497 
2498 	return (error);
2499 }
2500 
2501 /* ARGSUSED */
2502 static int
dprov_decrypt_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2503 dprov_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2504     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
2505     crypto_req_handle_t req)
2506 {
2507 	int error = CRYPTO_FAILED;
2508 	dprov_state_t *softc;
2509 	/* LINTED E_FUNC_SET_NOT_USED */
2510 	int instance;
2511 
2512 	/* extract softc and instance number from context */
2513 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2514 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt_init: started\n",
2515 	    instance));
2516 
2517 	/* check mechanism */
2518 	if (!dprov_valid_cipher_mech(mechanism->cm_type)) {
2519 		cmn_err(CE_WARN, "dprov_decrypt_init: unexpected mech type "
2520 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2521 		return (CRYPTO_MECHANISM_INVALID);
2522 	}
2523 
2524 	/* submit request to the taskq */
2525 	error = dprov_cipher_submit_req(DPROV_REQ_DECRYPT_INIT, softc,
2526 	    req, mechanism, key, NULL, NULL, ctx, 0, KM_SLEEP);
2527 
2528 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt_init: done err = 0x0%x\n",
2529 	    instance, error));
2530 
2531 	return (error);
2532 }
2533 
2534 /* ARGSUSED */
2535 static int
dprov_decrypt(crypto_ctx_t * ctx,crypto_data_t * ciphertext,crypto_data_t * plaintext,crypto_req_handle_t req)2536 dprov_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
2537     crypto_data_t *plaintext, crypto_req_handle_t req)
2538 {
2539 	int error = CRYPTO_FAILED;
2540 
2541 	dprov_state_t *softc;
2542 	/* LINTED E_FUNC_SET_NOT_USED */
2543 	int instance;
2544 
2545 	/* extract softc and instance number from context */
2546 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2547 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt: started\n", instance));
2548 
2549 	/* submit request to the taskq */
2550 	error = dprov_cipher_submit_req(DPROV_REQ_DECRYPT, softc,
2551 	    req, NULL, NULL, plaintext, ciphertext, ctx, 0, KM_NOSLEEP);
2552 
2553 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt: done err = 0x0%x\n",
2554 	    instance, error));
2555 
2556 	return (error);
2557 }
2558 
2559 /* ARGSUSED */
2560 static int
dprov_decrypt_update(crypto_ctx_t * ctx,crypto_data_t * ciphertext,crypto_data_t * plaintext,crypto_req_handle_t req)2561 dprov_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
2562     crypto_data_t *plaintext, crypto_req_handle_t req)
2563 {
2564 	int error = CRYPTO_FAILED;
2565 	dprov_state_t *softc;
2566 	/* LINTED E_FUNC_SET_NOT_USED */
2567 	int instance;
2568 
2569 	/* extract softc and instance number from context */
2570 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2571 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt_update: started\n",
2572 	    instance));
2573 
2574 	/* submit request to the taskq */
2575 	error = dprov_cipher_submit_req(DPROV_REQ_DECRYPT_UPDATE, softc,
2576 	    req, NULL, NULL, plaintext, ciphertext, ctx, 0, KM_NOSLEEP);
2577 
2578 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt_update: done err = 0x0%x\n",
2579 	    instance, error));
2580 
2581 	return (error);
2582 }
2583 
2584 /* ARGSUSED */
2585 static int
dprov_decrypt_final(crypto_ctx_t * ctx,crypto_data_t * plaintext,crypto_req_handle_t req)2586 dprov_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *plaintext,
2587     crypto_req_handle_t req)
2588 {
2589 	int error = CRYPTO_FAILED;
2590 	dprov_state_t *softc;
2591 	/* LINTED E_FUNC_SET_NOT_USED */
2592 	int instance;
2593 
2594 	/* extract softc and instance number from context */
2595 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2596 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt_final: started\n",
2597 	    instance));
2598 
2599 	/* submit request to the taskq */
2600 	error = dprov_cipher_submit_req(DPROV_REQ_DECRYPT_FINAL, softc,
2601 	    req, NULL, NULL, plaintext, NULL, ctx, 0, KM_NOSLEEP);
2602 
2603 	DPROV_DEBUG(D_CIPHER, ("(%d) dprov_decrypt_final: done err = 0x0%x\n",
2604 	    instance, error));
2605 
2606 	return (error);
2607 }
2608 
2609 static int
dprov_decrypt_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * ciphertext,crypto_data_t * plaintext,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2610 dprov_decrypt_atomic(crypto_provider_handle_t provider,
2611     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2612     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
2613     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
2614 {
2615 	int error = CRYPTO_FAILED;
2616 	dprov_state_t *softc = (dprov_state_t *)provider;
2617 	/* LINTED E_FUNC_SET_NOT_USED */
2618 	int instance;
2619 
2620 	instance = ddi_get_instance(softc->ds_dip);
2621 	DPROV_DEBUG(D_MAC, ("(%d) dprov_decrypt_atomic: started\n", instance));
2622 
2623 	if (ctx_template != NULL)
2624 		return (CRYPTO_ARGUMENTS_BAD);
2625 
2626 	/* check mechanism */
2627 	if (!dprov_valid_cipher_mech(mechanism->cm_type)) {
2628 		cmn_err(CE_WARN, "dprov_atomic_init: unexpected mech type "
2629 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2630 		return (CRYPTO_MECHANISM_INVALID);
2631 	}
2632 
2633 	error = dprov_cipher_submit_req(DPROV_REQ_DECRYPT_ATOMIC, softc,
2634 	    req, mechanism, key, plaintext, ciphertext, NULL, session_id,
2635 	    KM_SLEEP);
2636 
2637 	DPROV_DEBUG(D_MAC, ("(%d) dprov_decrypt_atomic: done err = 0x0%x\n",
2638 	    instance, error));
2639 
2640 	return (error);
2641 }
2642 
2643 /*
2644  * Sign entry points.
2645  */
2646 
2647 /*
2648  * Checks whether the specified mech_type is supported by sign/verify
2649  * entry points.
2650  */
2651 static boolean_t
dprov_valid_sign_verif_mech(crypto_mech_type_t mech_type)2652 dprov_valid_sign_verif_mech(crypto_mech_type_t mech_type)
2653 {
2654 	return (mech_type == MD5_HMAC_MECH_INFO_TYPE ||
2655 	    mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE ||
2656 	    mech_type == SHA1_HMAC_MECH_INFO_TYPE ||
2657 	    mech_type == SHA1_HMAC_GEN_MECH_INFO_TYPE ||
2658 	    mech_type == SHA256_HMAC_MECH_INFO_TYPE ||
2659 	    mech_type == SHA256_HMAC_GEN_MECH_INFO_TYPE ||
2660 	    mech_type == SHA384_HMAC_MECH_INFO_TYPE ||
2661 	    mech_type == SHA384_HMAC_GEN_MECH_INFO_TYPE ||
2662 	    mech_type == SHA512_HMAC_MECH_INFO_TYPE ||
2663 	    mech_type == SHA512_HMAC_GEN_MECH_INFO_TYPE ||
2664 	    mech_type == RSA_PKCS_MECH_INFO_TYPE ||
2665 	    mech_type == RSA_X_509_MECH_INFO_TYPE ||
2666 	    mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE ||
2667 	    mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE ||
2668 	    mech_type == SHA256_RSA_PKCS_MECH_INFO_TYPE ||
2669 	    mech_type == SHA384_RSA_PKCS_MECH_INFO_TYPE ||
2670 	    mech_type == SHA512_RSA_PKCS_MECH_INFO_TYPE ||
2671 	    mech_type == ECDSA_SHA1_MECH_INFO_TYPE ||
2672 	    mech_type == ECDSA_MECH_INFO_TYPE ||
2673 	    mech_type == AES_CMAC_MECH_INFO_TYPE);
2674 }
2675 
2676 static int
dprov_sign_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2677 dprov_sign_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2678     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
2679     crypto_req_handle_t req)
2680 {
2681 	int error = CRYPTO_FAILED;
2682 	dprov_state_t *softc;
2683 	/* LINTED E_FUNC_SET_NOT_USED */
2684 	int instance;
2685 
2686 	/* extract softc and instance number from context */
2687 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2688 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_init: started\n", instance));
2689 
2690 	/* check mechanism */
2691 	if (!dprov_valid_sign_verif_mech(mechanism->cm_type)) {
2692 		cmn_err(CE_WARN, "dprov_sign_init: unexpected mech type "
2693 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2694 		return (CRYPTO_MECHANISM_INVALID);
2695 	}
2696 
2697 	if (ctx_template != NULL)
2698 		return (CRYPTO_ARGUMENTS_BAD);
2699 
2700 	/* submit request to the taskq */
2701 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_INIT, softc, req,
2702 	    mechanism, key, NULL, NULL, ctx, 0, KM_SLEEP);
2703 
2704 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_init: done err = 0x%x\n",
2705 	    instance, error));
2706 
2707 	return (error);
2708 }
2709 
2710 static int
dprov_sign(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * signature,crypto_req_handle_t req)2711 dprov_sign(crypto_ctx_t *ctx, crypto_data_t *data,
2712     crypto_data_t *signature, crypto_req_handle_t req)
2713 {
2714 	int error = CRYPTO_FAILED;
2715 	dprov_state_t *softc;
2716 	/* LINTED E_FUNC_SET_NOT_USED */
2717 	int instance;
2718 
2719 	/* extract softc and instance number from context */
2720 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2721 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign: started\n", instance));
2722 
2723 	/* submit request to the taskq */
2724 	error = dprov_sign_submit_req(DPROV_REQ_SIGN, softc, req,
2725 	    NULL, NULL, data, signature, ctx, 0, KM_NOSLEEP);
2726 
2727 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign: done err = 0x%x\n",
2728 	    instance, error));
2729 
2730 	return (error);
2731 }
2732 
2733 static int
dprov_sign_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)2734 dprov_sign_update(crypto_ctx_t *ctx, crypto_data_t *data,
2735     crypto_req_handle_t req)
2736 {
2737 	int error = CRYPTO_FAILED;
2738 	dprov_state_t *softc;
2739 	/* LINTED E_FUNC_SET_NOT_USED */
2740 	int instance;
2741 
2742 	/* extract softc and instance number from context */
2743 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2744 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_update: started\n", instance));
2745 
2746 	/* submit request to the taskq */
2747 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_UPDATE, softc, req,
2748 	    NULL, NULL, data, NULL, ctx, 0, KM_NOSLEEP);
2749 
2750 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_update: done err = 0x%x\n",
2751 	    instance, error));
2752 
2753 	return (error);
2754 }
2755 
2756 static int
dprov_sign_final(crypto_ctx_t * ctx,crypto_data_t * signature,crypto_req_handle_t req)2757 dprov_sign_final(crypto_ctx_t *ctx, crypto_data_t *signature,
2758     crypto_req_handle_t req)
2759 {
2760 	int error = CRYPTO_FAILED;
2761 	dprov_state_t *softc;
2762 	/* LINTED E_FUNC_SET_NOT_USED */
2763 	int instance;
2764 
2765 	/* extract softc and instance number from context */
2766 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2767 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_final: started\n", instance));
2768 
2769 	/* submit request to the taskq */
2770 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_FINAL, softc, req,
2771 	    NULL, NULL, NULL, signature, ctx, 0, KM_NOSLEEP);
2772 
2773 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_final: done err = 0x%x\n",
2774 	    instance, error));
2775 
2776 	return (error);
2777 }
2778 
2779 static int
dprov_sign_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * signature,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2780 dprov_sign_atomic(crypto_provider_handle_t provider,
2781     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2782     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
2783     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
2784 {
2785 	int error = CRYPTO_FAILED;
2786 	dprov_state_t *softc = (dprov_state_t *)provider;
2787 	/* LINTED E_FUNC_SET_NOT_USED */
2788 	int instance;
2789 
2790 	instance = ddi_get_instance(softc->ds_dip);
2791 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_atomic: started\n", instance));
2792 
2793 	/* check mechanism */
2794 	if (!dprov_valid_sign_verif_mech(mechanism->cm_type)) {
2795 		cmn_err(CE_WARN, "dprov_sign_atomic: unexpected mech type "
2796 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2797 		return (CRYPTO_MECHANISM_INVALID);
2798 	}
2799 
2800 	if (ctx_template != NULL)
2801 		return (CRYPTO_ARGUMENTS_BAD);
2802 
2803 	/* submit request to the taskq */
2804 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_ATOMIC, softc, req,
2805 	    mechanism, key, data, signature, NULL, session_id, KM_SLEEP);
2806 
2807 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_atomic: done err = 0x%x\n",
2808 	    instance, error));
2809 
2810 	return (error);
2811 }
2812 
2813 static int
dprov_sign_recover_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2814 dprov_sign_recover_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2815     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
2816     crypto_req_handle_t req)
2817 {
2818 	int error = CRYPTO_FAILED;
2819 	dprov_state_t *softc;
2820 	/* LINTED E_FUNC_SET_NOT_USED */
2821 	int instance;
2822 
2823 	/* extract softc and instance number from context */
2824 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2825 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_recover_init: started\n",
2826 	    instance));
2827 
2828 	if (ctx_template != NULL)
2829 		return (CRYPTO_ARGUMENTS_BAD);
2830 
2831 	/* submit request to the taskq */
2832 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_RECOVER_INIT, softc, req,
2833 	    mechanism, key, NULL, NULL, ctx, 0, KM_SLEEP);
2834 
2835 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_recover_init: done err = 0x%x\n",
2836 	    instance, error));
2837 
2838 	return (error);
2839 }
2840 
2841 static int
dprov_sign_recover(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * signature,crypto_req_handle_t req)2842 dprov_sign_recover(crypto_ctx_t *ctx, crypto_data_t *data,
2843     crypto_data_t *signature, crypto_req_handle_t req)
2844 {
2845 	int error = CRYPTO_FAILED;
2846 	dprov_state_t *softc;
2847 	/* LINTED E_FUNC_SET_NOT_USED */
2848 	int instance;
2849 
2850 	/* extract softc and instance number from context */
2851 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2852 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_recover: started\n", instance));
2853 
2854 	/* submit request to the taskq */
2855 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_RECOVER, softc, req,
2856 	    NULL, NULL, data, signature, ctx, 0, KM_NOSLEEP);
2857 
2858 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_recover: done err = 0x%x\n",
2859 	    instance, error));
2860 
2861 	return (error);
2862 }
2863 
2864 static int
dprov_sign_recover_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * signature,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2865 dprov_sign_recover_atomic(crypto_provider_handle_t provider,
2866     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
2867     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
2868     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
2869 {
2870 	int error = CRYPTO_FAILED;
2871 	dprov_state_t *softc = (dprov_state_t *)provider;
2872 	/* LINTED E_FUNC_SET_NOT_USED */
2873 	int instance;
2874 
2875 	instance = ddi_get_instance(softc->ds_dip);
2876 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_recover_atomic: started\n",
2877 	    instance));
2878 
2879 	if (ctx_template != NULL)
2880 		return (CRYPTO_ARGUMENTS_BAD);
2881 
2882 	/* submit request to the taskq */
2883 	error = dprov_sign_submit_req(DPROV_REQ_SIGN_RECOVER_ATOMIC, softc, req,
2884 	    mechanism, key, data, signature, NULL, session_id, KM_SLEEP);
2885 
2886 	DPROV_DEBUG(D_SIGN, ("(%d) dprov_sign_recover_atomic: done "
2887 	    "err = 0x%x\n", instance, error));
2888 
2889 	return (error);
2890 }
2891 
2892 /*
2893  * Verify entry points.
2894  */
2895 
2896 static int
dprov_verify_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)2897 dprov_verify_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2898     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
2899     crypto_req_handle_t req)
2900 {
2901 	int error = CRYPTO_FAILED;
2902 	dprov_state_t *softc;
2903 	/* LINTED E_FUNC_SET_NOT_USED */
2904 	int instance;
2905 
2906 	/* extract softc and instance number from context */
2907 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2908 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_init: started\n", instance));
2909 
2910 	/* check mechanism */
2911 	if (!dprov_valid_sign_verif_mech(mechanism->cm_type)) {
2912 		cmn_err(CE_WARN, "dprov_verify_init: unexpected mech type "
2913 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
2914 		return (CRYPTO_MECHANISM_INVALID);
2915 	}
2916 
2917 	if (ctx_template != NULL)
2918 		return (CRYPTO_ARGUMENTS_BAD);
2919 
2920 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_INIT, softc, req,
2921 	    mechanism, key, NULL, NULL, ctx, 0, KM_SLEEP);
2922 
2923 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_init: done err = 0x%x\n",
2924 	    instance, error));
2925 
2926 	return (error);
2927 }
2928 
2929 static int
dprov_verify(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * signature,crypto_req_handle_t req)2930 dprov_verify(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *signature,
2931     crypto_req_handle_t req)
2932 {
2933 	int error = CRYPTO_FAILED;
2934 	dprov_state_t *softc;
2935 	/* LINTED E_FUNC_SET_NOT_USED */
2936 	int instance;
2937 
2938 	/* extract softc and instance number from context */
2939 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2940 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify: started\n", instance));
2941 
2942 	/* submit request to the taskq */
2943 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY, softc, req,
2944 	    NULL, NULL, data, signature, ctx, 0, KM_NOSLEEP);
2945 
2946 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify: done err = 0x%x\n",
2947 	    instance, error));
2948 
2949 	return (error);
2950 }
2951 
2952 static int
dprov_verify_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)2953 dprov_verify_update(crypto_ctx_t *ctx, crypto_data_t *data,
2954     crypto_req_handle_t req)
2955 {
2956 	int error = CRYPTO_FAILED;
2957 	dprov_state_t *softc;
2958 	/* LINTED E_FUNC_SET_NOT_USED */
2959 	int instance;
2960 
2961 	/* extract softc and instance number from context */
2962 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2963 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_update: started\n",
2964 	    instance));
2965 
2966 	/* submit request to the taskq */
2967 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_UPDATE, softc, req,
2968 	    NULL, NULL, data, NULL, ctx, 0, KM_NOSLEEP);
2969 
2970 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_update: done err = 0x%x\n",
2971 	    instance, error));
2972 
2973 	return (error);
2974 }
2975 
2976 static int
dprov_verify_final(crypto_ctx_t * ctx,crypto_data_t * signature,crypto_req_handle_t req)2977 dprov_verify_final(crypto_ctx_t *ctx, crypto_data_t *signature,
2978     crypto_req_handle_t req)
2979 {
2980 	int error = CRYPTO_FAILED;
2981 	dprov_state_t *softc;
2982 	/* LINTED E_FUNC_SET_NOT_USED */
2983 	int instance;
2984 
2985 	/* extract softc and instance number from context */
2986 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
2987 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_final: started\n", instance));
2988 
2989 	/* submit request to the taskq */
2990 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_FINAL, softc, req,
2991 	    NULL, NULL, NULL, signature, ctx, 0, KM_NOSLEEP);
2992 
2993 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_final: done err = 0x%x\n",
2994 	    instance, error));
2995 
2996 	return (error);
2997 }
2998 
2999 static int
dprov_verify_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * signature,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)3000 dprov_verify_atomic(crypto_provider_handle_t provider,
3001     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
3002     crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
3003     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
3004 {
3005 	int error = CRYPTO_FAILED;
3006 	dprov_state_t *softc = (dprov_state_t *)provider;
3007 	/* LINTED E_FUNC_SET_NOT_USED */
3008 	int instance;
3009 
3010 	instance = ddi_get_instance(softc->ds_dip);
3011 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_atomic: started\n",
3012 	    instance));
3013 
3014 	/* check mechanism */
3015 	if (!dprov_valid_sign_verif_mech(mechanism->cm_type)) {
3016 		cmn_err(CE_WARN, "dprov_verify_atomic: unexpected mech type "
3017 		    "0x%llx\n", (unsigned long long)mechanism->cm_type);
3018 		return (CRYPTO_MECHANISM_INVALID);
3019 	}
3020 
3021 	if (ctx_template != NULL)
3022 		return (CRYPTO_ARGUMENTS_BAD);
3023 
3024 	/* submit request to the taskq */
3025 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_ATOMIC, softc, req,
3026 	    mechanism, key, data, signature, NULL, session_id, KM_SLEEP);
3027 
3028 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_atomic: done err = 0x%x\n",
3029 	    instance, error));
3030 
3031 	return (error);
3032 }
3033 
3034 static int
dprov_verify_recover_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)3035 dprov_verify_recover_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
3036     crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
3037     crypto_req_handle_t req)
3038 {
3039 	int error = CRYPTO_FAILED;
3040 	dprov_state_t *softc;
3041 	/* LINTED E_FUNC_SET_NOT_USED */
3042 	int instance;
3043 
3044 	/* extract softc and instance number from context */
3045 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
3046 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_recover_init: started\n",
3047 	    instance));
3048 
3049 	if (ctx_template != NULL)
3050 		return (CRYPTO_ARGUMENTS_BAD);
3051 
3052 	/* submit request to the taskq */
3053 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_RECOVER_INIT, softc,
3054 	    req, mechanism, key, NULL, NULL, ctx, 0, KM_SLEEP);
3055 
3056 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_recover_init: done "
3057 	    "err = 0x%x\n", instance, error));
3058 
3059 	return (error);
3060 }
3061 
3062 static int
dprov_verify_recover(crypto_ctx_t * ctx,crypto_data_t * signature,crypto_data_t * data,crypto_req_handle_t req)3063 dprov_verify_recover(crypto_ctx_t *ctx, crypto_data_t *signature,
3064     crypto_data_t *data, crypto_req_handle_t req)
3065 {
3066 	int error = CRYPTO_FAILED;
3067 	dprov_state_t *softc;
3068 	/* LINTED E_FUNC_SET_NOT_USED */
3069 	int instance;
3070 
3071 	/* extract softc and instance number from context */
3072 	DPROV_SOFTC_FROM_CTX(ctx, softc, instance);
3073 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_recover: started\n",
3074 	    instance));
3075 
3076 	/* submit request to the taskq */
3077 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_RECOVER, softc, req,
3078 	    NULL, NULL, data, signature, ctx, 0, KM_NOSLEEP);
3079 
3080 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_recover: done err = 0x%x\n",
3081 	    instance, error));
3082 
3083 	return (error);
3084 }
3085 
3086 static int
dprov_verify_recover_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * signature,crypto_data_t * data,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)3087 dprov_verify_recover_atomic(crypto_provider_handle_t provider,
3088     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
3089     crypto_key_t *key, crypto_data_t *signature, crypto_data_t *data,
3090     crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
3091 {
3092 	int error = CRYPTO_FAILED;
3093 	dprov_state_t *softc = (dprov_state_t *)provider;
3094 	/* LINTED E_FUNC_SET_NOT_USED */
3095 	int instance;
3096 
3097 	instance = ddi_get_instance(softc->ds_dip);
3098 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_recover_atomic: started\n",
3099 	    instance));
3100 
3101 	if (ctx_template != NULL)
3102 		return (CRYPTO_ARGUMENTS_BAD);
3103 
3104 	/* submit request to the taskq */
3105 	error = dprov_verify_submit_req(DPROV_REQ_VERIFY_RECOVER_ATOMIC, softc,
3106 	    req, mechanism, key, data, signature, NULL, session_id, KM_SLEEP);
3107 
3108 	DPROV_DEBUG(D_VERIFY, ("(%d) dprov_verify_recover_atomic: done "
3109 	    "err = 0x%x\n", instance, error));
3110 
3111 	return (error);
3112 }
3113 
3114 /*
3115  * Dual operations entry points.
3116  */
3117 
3118 static int
dprov_digest_encrypt_update(crypto_ctx_t * digest_ctx,crypto_ctx_t * encrypt_ctx,crypto_data_t * plaintext,crypto_data_t * ciphertext,crypto_req_handle_t req)3119 dprov_digest_encrypt_update(crypto_ctx_t *digest_ctx,
3120     crypto_ctx_t *encrypt_ctx, crypto_data_t *plaintext,
3121     crypto_data_t *ciphertext, crypto_req_handle_t req)
3122 {
3123 	int error = CRYPTO_FAILED;
3124 	dprov_state_t *softc;
3125 	/* LINTED E_FUNC_SET_NOT_USED */
3126 	int instance;
3127 
3128 	/* extract softc and instance number from context */
3129 	DPROV_SOFTC_FROM_CTX(digest_ctx, softc, instance);
3130 	DPROV_DEBUG(D_DUAL, ("(%d) dprov_digest_encrypt_update: started\n",
3131 	    instance));
3132 
3133 	if (digest_ctx->cc_provider != encrypt_ctx->cc_provider)
3134 		return (CRYPTO_INVALID_CONTEXT);
3135 
3136 	/* submit request to the taskq */
3137 	error = dprov_dual_submit_req(DPROV_REQ_DIGEST_ENCRYPT_UPDATE,
3138 	    softc, req, digest_ctx, encrypt_ctx, plaintext, ciphertext);
3139 
3140 	DPROV_DEBUG(D_DUAL, ("(%d) dprov_digest_encrypt_update: done "
3141 	    "err = 0x%x\n", instance, error));
3142 
3143 	return (error);
3144 }
3145 
3146 static int
dprov_decrypt_digest_update(crypto_ctx_t * decrypt_ctx,crypto_ctx_t * digest_ctx,crypto_data_t * ciphertext,crypto_data_t * plaintext,crypto_req_handle_t req)3147 dprov_decrypt_digest_update(crypto_ctx_t *decrypt_ctx, crypto_ctx_t *