diff options
Diffstat (limited to 'sys/contrib/openzfs/module/icp/include/sys/crypto/impl.h')
-rw-r--r-- | sys/contrib/openzfs/module/icp/include/sys/crypto/impl.h | 1119 |
1 files changed, 73 insertions, 1046 deletions
diff --git a/sys/contrib/openzfs/module/icp/include/sys/crypto/impl.h b/sys/contrib/openzfs/module/icp/include/sys/crypto/impl.h index 0f37f3f63532..4d17221ea9a3 100644 --- a/sys/contrib/openzfs/module/icp/include/sys/crypto/impl.h +++ b/sys/contrib/openzfs/module/icp/include/sys/crypto/impl.h @@ -6,7 +6,7 @@ * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. + * or https://opensource.org/licenses/CDDL-1.0. * See the License for the specific language governing permissions * and limitations under the License. * @@ -34,80 +34,17 @@ #include <sys/crypto/common.h> #include <sys/crypto/api.h> #include <sys/crypto/spi.h> -#include <sys/crypto/ioctl.h> +#include <sys/avl.h> #ifdef __cplusplus extern "C" { #endif -#define KCF_MODULE "kcf" - /* * Prefixes convention: structures internal to the kernel cryptographic * framework start with 'kcf_'. Exposed structure start with 'crypto_'. */ -/* Provider stats. Not protected. */ -typedef struct kcf_prov_stats { - kstat_named_t ps_ops_total; - kstat_named_t ps_ops_passed; - kstat_named_t ps_ops_failed; - kstat_named_t ps_ops_busy_rval; -} kcf_prov_stats_t; - -/* Various kcf stats. Not protected. */ -typedef struct kcf_stats { - kstat_named_t ks_thrs_in_pool; - kstat_named_t ks_idle_thrs; - kstat_named_t ks_minthrs; - kstat_named_t ks_maxthrs; - kstat_named_t ks_swq_njobs; - kstat_named_t ks_swq_maxjobs; - kstat_named_t ks_taskq_threads; - kstat_named_t ks_taskq_minalloc; - kstat_named_t ks_taskq_maxalloc; -} kcf_stats_t; - -/* - * Keep all the information needed by the scheduler from - * this provider. - */ -typedef struct kcf_sched_info { - /* The number of operations dispatched. */ - uint64_t ks_ndispatches; - - /* The number of operations that failed. */ - uint64_t ks_nfails; - - /* The number of operations that returned CRYPTO_BUSY. */ - uint64_t ks_nbusy_rval; - - /* taskq used to dispatch crypto requests */ - taskq_t *ks_taskq; -} kcf_sched_info_t; - -/* - * pd_irefcnt approximates the number of inflight requests to the - * provider. Though we increment this counter during registration for - * other purposes, that base value is mostly same across all providers. - * So, it is a good measure of the load on a provider when it is not - * in a busy state. Once a provider notifies it is busy, requests - * backup in the taskq. So, we use tq_nalloc in that case which gives - * the number of task entries in the task queue. Note that we do not - * acquire any locks here as it is not critical to get the exact number - * and the lock contention may be too costly for this code path. - */ -#define KCF_PROV_LOAD(pd) ((pd)->pd_state != KCF_PROV_BUSY ? \ - (pd)->pd_irefcnt : (pd)->pd_sched_info.ks_taskq->tq_nalloc) - -#define KCF_PROV_INCRSTATS(pd, error) { \ - (pd)->pd_sched_info.ks_ndispatches++; \ - if (error == CRYPTO_BUSY) \ - (pd)->pd_sched_info.ks_nbusy_rval++; \ - else if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) \ - (pd)->pd_sched_info.ks_nfails++; \ -} - /* * The following two macros should be @@ -118,7 +55,7 @@ typedef struct kcf_sched_info { * When impl.h is broken up (bug# 4703218), this will be done. For now, * we hardcode these values. */ -#define KCF_OPS_CLASSSIZE 8 +#define KCF_OPS_CLASSSIZE 4 #define KCF_MAXMECHTAB 32 /* @@ -126,21 +63,17 @@ typedef struct kcf_sched_info { * the elements is important. * * Routines which get a provider or the list of providers - * should pick only those that are either in KCF_PROV_READY state - * or in KCF_PROV_BUSY state. + * should pick only those that are in KCF_PROV_READY state. */ typedef enum { KCF_PROV_ALLOCATED = 1, - KCF_PROV_UNVERIFIED, - KCF_PROV_VERIFICATION_FAILED, /* * state < KCF_PROV_READY means the provider can not * be used at all. */ KCF_PROV_READY, - KCF_PROV_BUSY, /* - * state > KCF_PROV_BUSY means the provider can not + * state > KCF_PROV_READY means the provider can not * be used for new requests. */ KCF_PROV_FAILED, @@ -153,112 +86,66 @@ typedef enum { KCF_PROV_FREED } kcf_prov_state_t; -#define KCF_IS_PROV_UNVERIFIED(pd) ((pd)->pd_state == KCF_PROV_UNVERIFIED) -#define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY || \ - (pd)->pd_state == KCF_PROV_BUSY) +#define KCF_IS_PROV_USABLE(pd) ((pd)->pd_state == KCF_PROV_READY) #define KCF_IS_PROV_REMOVED(pd) ((pd)->pd_state >= KCF_PROV_REMOVED) -/* Internal flags valid for pd_flags field */ -#define KCF_PROV_RESTRICTED 0x40000000 -#define KCF_LPROV_MEMBER 0x80000000 /* is member of a logical provider */ - /* * A provider descriptor structure. There is one such structure per * provider. It is allocated and initialized at registration time and * freed when the provider unregisters. * - * pd_prov_type: Provider type, hardware or software - * pd_sid: Session ID of the provider used by kernel clients. - * This is valid only for session-oriented providers. * pd_refcnt: Reference counter to this provider descriptor * pd_irefcnt: References held by the framework internal structs - * pd_lock: lock protects pd_state and pd_provider_list + * pd_lock: lock protects pd_state * pd_state: State value of the provider - * pd_provider_list: Used to cross-reference logical providers and their - * members. Not used for software providers. - * pd_resume_cv: cv to wait for state to change from KCF_PROV_BUSY - * pd_prov_handle: Provider handle specified by provider * pd_ops_vector: The ops vector specified by Provider * pd_mech_indx: Lookup table which maps a core framework mechanism * number to an index in pd_mechanisms array * pd_mechanisms: Array of mechanisms supported by the provider, specified * by the provider during registration - * pd_sched_info: Scheduling information associated with the provider * pd_mech_list_count: The number of entries in pi_mechanisms, specified * by the provider during registration - * pd_name: Device name or module name - * pd_instance: Device instance - * pd_module_id: Module ID returned by modload - * pd_mctlp: Pointer to modctl structure for this provider * pd_remove_cv: cv to wait on while the provider queue drains * pd_description: Provider description string - * pd_flags bitwise OR of pi_flags from crypto_provider_info_t - * and other internal flags defined above. - * pd_hash_limit Maximum data size that hash mechanisms of this provider - * can support. * pd_kcf_prov_handle: KCF-private handle assigned by KCF * pd_prov_id: Identification # assigned by KCF to provider - * pd_kstat: kstat associated with the provider - * pd_ks_data: kstat data */ typedef struct kcf_provider_desc { - crypto_provider_type_t pd_prov_type; - crypto_session_id_t pd_sid; uint_t pd_refcnt; uint_t pd_irefcnt; kmutex_t pd_lock; kcf_prov_state_t pd_state; - struct kcf_provider_list *pd_provider_list; - kcondvar_t pd_resume_cv; - crypto_provider_handle_t pd_prov_handle; - crypto_ops_t *pd_ops_vector; + const crypto_ops_t *pd_ops_vector; ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\ [KCF_MAXMECHTAB]; - crypto_mech_info_t *pd_mechanisms; - kcf_sched_info_t pd_sched_info; + const crypto_mech_info_t *pd_mechanisms; uint_t pd_mech_list_count; - // char *pd_name; - // uint_t pd_instance; - // int pd_module_id; - // struct modctl *pd_mctlp; kcondvar_t pd_remove_cv; - char *pd_description; - uint_t pd_flags; - uint_t pd_hash_limit; + const char *pd_description; crypto_kcf_provider_handle_t pd_kcf_prov_handle; crypto_provider_id_t pd_prov_id; - kstat_t *pd_kstat; - kcf_prov_stats_t pd_ks_data; } kcf_provider_desc_t; -/* useful for making a list of providers */ -typedef struct kcf_provider_list { - struct kcf_provider_list *pl_next; - struct kcf_provider_desc *pl_provider; -} kcf_provider_list_t; - -/* atomic operations in linux implicitly form a memory barrier */ -#define membar_exit() - /* * If a component has a reference to a kcf_provider_desc_t, * it REFHOLD()s. A new provider descriptor which is referenced only * by the providers table has a reference counter of one. */ -#define KCF_PROV_REFHOLD(desc) { \ - atomic_add_32(&(desc)->pd_refcnt, 1); \ - ASSERT((desc)->pd_refcnt != 0); \ +#define KCF_PROV_REFHOLD(desc) { \ + int newval = atomic_add_32_nv(&(desc)->pd_refcnt, 1); \ + ASSERT(newval != 0); \ } -#define KCF_PROV_IREFHOLD(desc) { \ - atomic_add_32(&(desc)->pd_irefcnt, 1); \ - ASSERT((desc)->pd_irefcnt != 0); \ +#define KCF_PROV_IREFHOLD(desc) { \ + int newval = atomic_add_32_nv(&(desc)->pd_irefcnt, 1); \ + ASSERT(newval != 0); \ } #define KCF_PROV_IREFRELE(desc) { \ - ASSERT((desc)->pd_irefcnt != 0); \ - membar_exit(); \ - if (atomic_add_32_nv(&(desc)->pd_irefcnt, -1) == 0) { \ + membar_producer(); \ + int newval = atomic_add_32_nv(&(desc)->pd_irefcnt, -1); \ + ASSERT(newval != -1); \ + if (newval == 0) { \ cv_broadcast(&(desc)->pd_remove_cv); \ } \ } @@ -266,22 +153,15 @@ typedef struct kcf_provider_list { #define KCF_PROV_REFHELD(desc) ((desc)->pd_refcnt >= 1) #define KCF_PROV_REFRELE(desc) { \ - ASSERT((desc)->pd_refcnt != 0); \ - membar_exit(); \ - if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) { \ + membar_producer(); \ + int newval = atomic_add_32_nv(&(desc)->pd_refcnt, -1); \ + ASSERT(newval != -1); \ + if (newval == 0) { \ kcf_provider_zero_refcnt((desc)); \ } \ } -/* list of crypto_mech_info_t valid as the second mech in a dual operation */ - -typedef struct crypto_mech_info_list { - struct crypto_mech_info_list *ml_next; - crypto_mech_type_t ml_kcf_mechid; /* KCF's id */ - crypto_mech_info_t ml_mech_info; -} crypto_mech_info_list_t; - /* * An element in a mechanism provider descriptors chain. * The kcf_prov_mech_desc_t is duplicated in every chain the provider belongs @@ -293,15 +173,9 @@ typedef struct kcf_prov_mech_desc { struct kcf_mech_entry *pm_me; /* Back to the head */ struct kcf_prov_mech_desc *pm_next; /* Next in the chain */ crypto_mech_info_t pm_mech_info; /* Provider mech info */ - crypto_mech_info_list_t *pm_mi_list; /* list for duals */ kcf_provider_desc_t *pm_prov_desc; /* Common desc. */ } kcf_prov_mech_desc_t; -/* and the notation shortcuts ... */ -#define pm_provider_type pm_prov_desc.pd_provider_type -#define pm_provider_handle pm_prov_desc.pd_provider_handle -#define pm_ops_vector pm_prov_desc.pd_ops_vector - /* * A mechanism entry in an xxx_mech_tab[]. me_pad was deemed * to be unnecessary and removed. @@ -309,55 +183,18 @@ typedef struct kcf_prov_mech_desc { typedef struct kcf_mech_entry { crypto_mech_name_t me_name; /* mechanism name */ crypto_mech_type_t me_mechid; /* Internal id for mechanism */ - kmutex_t me_mutex; /* access protection */ - kcf_prov_mech_desc_t *me_hw_prov_chain; /* list of HW providers */ - kcf_prov_mech_desc_t *me_sw_prov; /* SW provider */ - /* - * Number of HW providers in the chain. There is only one - * SW provider. So, we need only a count of HW providers. - */ - int me_num_hwprov; - /* - * When a SW provider is present, this is the generation number that - * ensures no objects from old SW providers are used in the new one - */ - uint32_t me_gen_swprov; - /* - * threshold for using hardware providers for this mech - */ - size_t me_threshold; + kcf_prov_mech_desc_t *me_sw_prov; /* provider */ + avl_node_t me_node; } kcf_mech_entry_t; /* - * A policy descriptor structure. It is allocated and initialized - * when administrative ioctls load disabled mechanisms. - * - * pd_prov_type: Provider type, hardware or software - * pd_name: Device name or module name. - * pd_instance: Device instance. - * pd_refcnt: Reference counter for this policy descriptor - * pd_mutex: Protects array and count of disabled mechanisms. - * pd_disabled_count: Count of disabled mechanisms. - * pd_disabled_mechs: Array of disabled mechanisms. - */ -typedef struct kcf_policy_desc { - crypto_provider_type_t pd_prov_type; - char *pd_name; - uint_t pd_instance; - uint_t pd_refcnt; - kmutex_t pd_mutex; - uint_t pd_disabled_count; - crypto_mech_name_t *pd_disabled_mechs; -} kcf_policy_desc_t; - -/* * If a component has a reference to a kcf_policy_desc_t, * it REFHOLD()s. A new policy descriptor which is referenced only * by the policy table has a reference count of one. */ -#define KCF_POLICY_REFHOLD(desc) { \ - atomic_add_32(&(desc)->pd_refcnt, 1); \ - ASSERT((desc)->pd_refcnt != 0); \ +#define KCF_POLICY_REFHOLD(desc) { \ + int newval = atomic_add_32_nv(&(desc)->pd_refcnt, 1); \ + ASSERT(newval != 0); \ } /* @@ -365,63 +202,36 @@ typedef struct kcf_policy_desc { * reference is released, the descriptor is freed. */ #define KCF_POLICY_REFRELE(desc) { \ - ASSERT((desc)->pd_refcnt != 0); \ - membar_exit(); \ - if (atomic_add_32_nv(&(desc)->pd_refcnt, -1) == 0) \ + membar_producer(); \ + int newval = atomic_add_32_nv(&(desc)->pd_refcnt, -1); \ + ASSERT(newval != -1); \ + if (newval == 0) \ kcf_policy_free_desc(desc); \ } /* - * This entry stores the name of a software module and its - * mechanisms. The mechanisms are 'hints' that are used to - * trigger loading of the module. - */ -typedef struct kcf_soft_conf_entry { - struct kcf_soft_conf_entry *ce_next; - char *ce_name; - crypto_mech_name_t *ce_mechs; - uint_t ce_count; -} kcf_soft_conf_entry_t; - -extern kmutex_t soft_config_mutex; -extern kcf_soft_conf_entry_t *soft_config_list; - -/* * Global tables. The sizes are from the predefined PKCS#11 v2.20 mechanisms, * with a margin of few extra empty entry points */ #define KCF_MAXDIGEST 16 /* Digests */ -#define KCF_MAXCIPHER 64 /* Ciphers */ +#define KCF_MAXCIPHER 32 /* Ciphers */ #define KCF_MAXMAC 40 /* Message authentication codes */ -#define KCF_MAXSIGN 24 /* Sign/Verify */ -#define KCF_MAXKEYOPS 116 /* Key generation and derivation */ -#define KCF_MAXMISC 16 /* Others ... */ - -#define KCF_MAXMECHS KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \ - KCF_MAXSIGN + KCF_MAXKEYOPS + \ - KCF_MAXMISC -extern kcf_mech_entry_t kcf_digest_mechs_tab[]; -extern kcf_mech_entry_t kcf_cipher_mechs_tab[]; -extern kcf_mech_entry_t kcf_mac_mechs_tab[]; -extern kcf_mech_entry_t kcf_sign_mechs_tab[]; -extern kcf_mech_entry_t kcf_keyops_mechs_tab[]; -extern kcf_mech_entry_t kcf_misc_mechs_tab[]; - -extern kmutex_t kcf_mech_tabs_lock; +_Static_assert(KCF_MAXCIPHER == KCF_MAXMECHTAB, + "KCF_MAXCIPHER != KCF_MAXMECHTAB"); /* See KCF_MAXMECHTAB comment */ typedef enum { KCF_DIGEST_CLASS = 1, KCF_CIPHER_CLASS, KCF_MAC_CLASS, - KCF_SIGN_CLASS, - KCF_KEYOPS_CLASS, - KCF_MISC_CLASS } kcf_ops_class_t; #define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS -#define KCF_LAST_OPSCLASS KCF_MISC_CLASS +#define KCF_LAST_OPSCLASS KCF_MAC_CLASS +_Static_assert( + KCF_OPS_CLASSSIZE == (KCF_LAST_OPSCLASS - KCF_FIRST_OPSCLASS + 2), + "KCF_OPS_CLASSSIZE doesn't match kcf_ops_class_t!"); /* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */ @@ -430,14 +240,14 @@ typedef struct kcf_mech_entry_tab { kcf_mech_entry_t *met_tab; /* the table */ } kcf_mech_entry_tab_t; -extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; +extern const kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; #define KCF_MECHID(class, index) \ (((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index)) #define KCF_MECH2CLASS(mech_type) ((kcf_ops_class_t)((mech_type) >> 32)) -#define KCF_MECH2INDEX(mech_type) ((int)(mech_type)) +#define KCF_MECH2INDEX(mech_type) ((int)((mech_type) & 0xFFFFFFFF)) #define KCF_TO_PROV_MECH_INDX(pd, mech_type) \ ((pd)->pd_mech_indx[KCF_MECH2CLASS(mech_type)] \ @@ -449,58 +259,6 @@ extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[]; #define KCF_TO_PROV_MECHNUM(pd, mech_type) \ (KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_number) -#define KCF_CAN_SHARE_OPSTATE(pd, mech_type) \ - ((KCF_TO_PROV_MECHINFO(pd, mech_type).cm_mech_flags) & \ - CRYPTO_CAN_SHARE_OPSTATE) - -/* ps_refcnt is protected by cm_lock in the crypto_minor structure */ -typedef struct crypto_provider_session { - struct crypto_provider_session *ps_next; - crypto_session_id_t ps_session; - kcf_provider_desc_t *ps_provider; - kcf_provider_desc_t *ps_real_provider; - uint_t ps_refcnt; -} crypto_provider_session_t; - -typedef struct crypto_session_data { - kmutex_t sd_lock; - kcondvar_t sd_cv; - uint32_t sd_flags; - int sd_pre_approved_amount; - crypto_ctx_t *sd_digest_ctx; - crypto_ctx_t *sd_encr_ctx; - crypto_ctx_t *sd_decr_ctx; - crypto_ctx_t *sd_sign_ctx; - crypto_ctx_t *sd_verify_ctx; - crypto_ctx_t *sd_sign_recover_ctx; - crypto_ctx_t *sd_verify_recover_ctx; - kcf_provider_desc_t *sd_provider; - void *sd_find_init_cookie; - crypto_provider_session_t *sd_provider_session; -} crypto_session_data_t; - -#define CRYPTO_SESSION_IN_USE 0x00000001 -#define CRYPTO_SESSION_IS_BUSY 0x00000002 -#define CRYPTO_SESSION_IS_CLOSED 0x00000004 - -#define KCF_MAX_PIN_LEN 1024 - -/* - * Per-minor info. - * - * cm_lock protects everything in this structure except for cm_refcnt. - */ -typedef struct crypto_minor { - uint_t cm_refcnt; - kmutex_t cm_lock; - kcondvar_t cm_cv; - crypto_session_data_t **cm_session_table; - uint_t cm_session_table_count; - kcf_provider_desc_t **cm_provider_array; - uint_t cm_provider_count; - crypto_provider_session_t *cm_provider_session; -} crypto_minor_t; - /* * Return codes for internal functions */ @@ -512,849 +270,118 @@ typedef struct crypto_minor { #define KCF_INVALID_INDX ((ushort_t)-1) /* - * kCF internal mechanism and function group for tracking RNG providers. - */ -#define SUN_RANDOM "random" -#define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */ - -/* * Wrappers for ops vectors. In the wrapper definitions below, the pd * argument always corresponds to a pointer to a provider descriptor * of type kcf_prov_desc_t. */ -#define KCF_PROV_CONTROL_OPS(pd) ((pd)->pd_ops_vector->co_control_ops) -#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops) #define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops) #define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops) #define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops) -#define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops) -#define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops) -#define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops) -#define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \ - ((pd)->pd_ops_vector->co_dual_cipher_mac_ops) -#define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops) -#define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops) -#define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops) -#define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops) -#define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops) -#define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops) -#define KCF_PROV_NOSTORE_KEY_OPS(pd) \ - ((pd)->pd_ops_vector->co_nostore_key_ops) - -/* - * Wrappers for crypto_control_ops(9S) entry points. - */ - -#define KCF_PROV_STATUS(pd, status) ( \ - (KCF_PROV_CONTROL_OPS(pd) && \ - KCF_PROV_CONTROL_OPS(pd)->provider_status) ? \ - KCF_PROV_CONTROL_OPS(pd)->provider_status( \ - (pd)->pd_prov_handle, status) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_ctx_ops(9S) entry points. - */ - -#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \ - (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ - KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ - (pd)->pd_prov_handle, mech, key, template, size, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ - (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \ - KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \ - (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \ - KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \ - (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \ - (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \ - KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \ - (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_FREE_MECH(pd, prov_mech) ( \ - (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \ - KCF_PROV_MECH_OPS(pd)->free_mechanism( \ - (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED) +#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops) /* * Wrappers for crypto_digest_ops(9S) entry points. */ -#define KCF_PROV_DIGEST_INIT(pd, ctx, mech, req) ( \ +#define KCF_PROV_DIGEST_INIT(pd, ctx, mech) ( \ (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_init) ? \ - KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech, req) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * The _ (underscore) in _digest is needed to avoid replacing the - * function digest(). - */ -#define KCF_PROV_DIGEST(pd, ctx, data, _digest, req) ( \ - (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest) ? \ - KCF_PROV_DIGEST_OPS(pd)->digest(ctx, data, _digest, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DIGEST_UPDATE(pd, ctx, data, req) ( \ - (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_update) ? \ - KCF_PROV_DIGEST_OPS(pd)->digest_update(ctx, data, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DIGEST_KEY(pd, ctx, key, req) ( \ - (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_key) ? \ - KCF_PROV_DIGEST_OPS(pd)->digest_key(ctx, key, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DIGEST_FINAL(pd, ctx, digest, req) ( \ - (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_final) ? \ - KCF_PROV_DIGEST_OPS(pd)->digest_final(ctx, digest, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DIGEST_ATOMIC(pd, session, mech, data, digest, req) ( \ - (KCF_PROV_DIGEST_OPS(pd) && KCF_PROV_DIGEST_OPS(pd)->digest_atomic) ? \ - KCF_PROV_DIGEST_OPS(pd)->digest_atomic( \ - (pd)->pd_prov_handle, session, mech, data, digest, req) : \ + KCF_PROV_DIGEST_OPS(pd)->digest_init(ctx, mech) : \ CRYPTO_NOT_SUPPORTED) /* * Wrappers for crypto_cipher_ops(9S) entry points. */ -#define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template, req) ( \ +#define KCF_PROV_ENCRYPT_INIT(pd, ctx, mech, key, template) ( \ (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_init) ? \ - KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template, \ - req) : \ + KCF_PROV_CIPHER_OPS(pd)->encrypt_init(ctx, mech, key, template) : \ CRYPTO_NOT_SUPPORTED) -#define KCF_PROV_ENCRYPT(pd, ctx, plaintext, ciphertext, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt) ? \ - KCF_PROV_CIPHER_OPS(pd)->encrypt(ctx, plaintext, ciphertext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_update) ? \ - KCF_PROV_CIPHER_OPS(pd)->encrypt_update(ctx, plaintext, \ - ciphertext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_FINAL(pd, ctx, ciphertext, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_final) ? \ - KCF_PROV_CIPHER_OPS(pd)->encrypt_final(ctx, ciphertext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_ATOMIC(pd, session, mech, key, plaintext, ciphertext, \ - template, req) ( \ +#define KCF_PROV_ENCRYPT_ATOMIC(pd, mech, key, plaintext, ciphertext, \ + template) ( \ (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \ KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \ - (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \ - template, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DECRYPT_INIT(pd, ctx, mech, key, template, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_init) ? \ - KCF_PROV_CIPHER_OPS(pd)->decrypt_init(ctx, mech, key, template, \ - req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DECRYPT(pd, ctx, ciphertext, plaintext, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt) ? \ - KCF_PROV_CIPHER_OPS(pd)->decrypt(ctx, ciphertext, plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_update) ? \ - KCF_PROV_CIPHER_OPS(pd)->decrypt_update(ctx, ciphertext, \ - plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DECRYPT_FINAL(pd, ctx, plaintext, req) ( \ - (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_final) ? \ - KCF_PROV_CIPHER_OPS(pd)->decrypt_final(ctx, plaintext, req) : \ + mech, key, plaintext, ciphertext, template) : \ CRYPTO_NOT_SUPPORTED) -#define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \ - template, req) ( \ +#define KCF_PROV_DECRYPT_ATOMIC(pd, mech, key, ciphertext, plaintext, \ + template) ( \ (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \ KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \ - (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \ - template, req) : \ + mech, key, ciphertext, plaintext, template) : \ CRYPTO_NOT_SUPPORTED) /* * Wrappers for crypto_mac_ops(9S) entry points. */ -#define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template, req) ( \ +#define KCF_PROV_MAC_INIT(pd, ctx, mech, key, template) ( \ (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_init) ? \ - KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template, req) \ + KCF_PROV_MAC_OPS(pd)->mac_init(ctx, mech, key, template) \ : CRYPTO_NOT_SUPPORTED) /* * The _ (underscore) in _mac is needed to avoid replacing the * function mac(). */ -#define KCF_PROV_MAC(pd, ctx, data, _mac, req) ( \ - (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac) ? \ - KCF_PROV_MAC_OPS(pd)->mac(ctx, data, _mac, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_UPDATE(pd, ctx, data, req) ( \ +#define KCF_PROV_MAC_UPDATE(pd, ctx, data) ( \ (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_update) ? \ - KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data, req) : \ + KCF_PROV_MAC_OPS(pd)->mac_update(ctx, data) : \ CRYPTO_NOT_SUPPORTED) -#define KCF_PROV_MAC_FINAL(pd, ctx, mac, req) ( \ +#define KCF_PROV_MAC_FINAL(pd, ctx, mac) ( \ (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_final) ? \ - KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac, req) : \ + KCF_PROV_MAC_OPS(pd)->mac_final(ctx, mac) : \ CRYPTO_NOT_SUPPORTED) -#define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template, \ - req) ( \ +#define KCF_PROV_MAC_ATOMIC(pd, mech, key, data, mac, template) ( \ (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \ KCF_PROV_MAC_OPS(pd)->mac_atomic( \ - (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ - req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_VERIFY_ATOMIC(pd, session, mech, key, data, mac, \ - template, req) ( \ - (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_verify_atomic) ? \ - KCF_PROV_MAC_OPS(pd)->mac_verify_atomic( \ - (pd)->pd_prov_handle, session, mech, key, data, mac, template, \ - req) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_sign_ops(9S) entry points. - */ - -#define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_init( \ - ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \ - KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \ + mech, key, data, mac, template) : \ CRYPTO_NOT_SUPPORTED) -#define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \ - sig, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_atomic( \ - (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ - req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \ - req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \ - req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \ - sig, req) ( \ - (KCF_PROV_SIGN_OPS(pd) && \ - KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \ - KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \ - (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ - req) : CRYPTO_NOT_SUPPORTED) - /* - * Wrappers for crypto_verify_ops(9S) entry points. - */ - -#define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \ - req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->do_verify) ? \ - KCF_PROV_VERIFY_OPS(pd)->do_verify(ctx, data, sig, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \ - req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \ - (pd)->pd_prov_handle, session, mech, key, data, sig, template, \ - req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \ - req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && \ - KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \ - template, req) : CRYPTO_NOT_SUPPORTED) - -/* verify_recover() CSPI routine has different argument order than verify() */ -#define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * verify_recover_atomic() CSPI routine has different argument order - * than verify_atomic(). - */ -#define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \ - template, data, req) ( \ - (KCF_PROV_VERIFY_OPS(pd) && \ - KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \ - KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \ - (pd)->pd_prov_handle, session, mech, key, sig, data, template, \ - req) : CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_dual_ops(9S) entry points. - */ - -#define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \ - ciphertext, req) ( \ - (KCF_PROV_DUAL_OPS(pd) && \ - KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \ - KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \ - digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \ - plaintext, req) ( \ - (KCF_PROV_DUAL_OPS(pd) && \ - KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \ - KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \ - decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \ - ciphertext, req) ( \ - (KCF_PROV_DUAL_OPS(pd) && \ - KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \ - KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \ - sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \ - plaintext, req) ( \ - (KCF_PROV_DUAL_OPS(pd) && \ - KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \ - KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \ - decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points. - */ - -#define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \ - mac_key, encr_ctx_template, mac_ctx_template, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \ - ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \ - mac_ctx_template, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \ - ctx, plaintext, ciphertext, mac, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \ - ctx, plaintext, ciphertext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \ - ctx, ciphertext, mac, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \ - mac_mech, mac_key, plaintext, ciphertext, mac, \ - encr_ctx_template, mac_ctx_template, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \ - (pd)->pd_prov_handle, session, encr_mech, encr_key, \ - mac_mech, mac_key, plaintext, ciphertext, mac, \ - encr_ctx_template, mac_ctx_template, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \ - decr_key, mac_ctx_template, decr_ctx_template, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \ - ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \ - decr_ctx_template, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \ - ctx, ciphertext, mac, plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \ - ctx, ciphertext, plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \ - ctx, mac, plaintext, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ - decr_mech, decr_key, ciphertext, mac, plaintext, \ - mac_ctx_template, decr_ctx_template, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \ - (pd)->pd_prov_handle, session, mac_mech, mac_key, \ - decr_mech, decr_key, ciphertext, mac, plaintext, \ - mac_ctx_template, decr_ctx_template, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \ - decr_mech, decr_key, ciphertext, mac, plaintext, \ - mac_ctx_template, decr_ctx_template, req) ( \ - (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \ - != NULL) ? \ - KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \ - (pd)->pd_prov_handle, session, mac_mech, mac_key, \ - decr_mech, decr_key, ciphertext, mac, plaintext, \ - mac_ctx_template, decr_ctx_template, req) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_random_number_ops(9S) entry points. - */ - -#define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \ - (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \ - KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \ - session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \ - (KCF_PROV_RANDOM_OPS(pd) && \ - KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \ - KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \ - session, buf, len, req) : CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_session_ops(9S) entry points. - * - * ops_pd is the provider descriptor that supplies the ops_vector. - * pd is the descriptor that supplies the provider handle. - * Only session open/close needs two handles. - */ - -#define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \ - (KCF_PROV_SESSION_OPS(ops_pd) && \ - KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \ - KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \ - session, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \ - (KCF_PROV_SESSION_OPS(ops_pd) && \ - KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \ - KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \ - session, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \ - (KCF_PROV_SESSION_OPS(pd) && \ - KCF_PROV_SESSION_OPS(pd)->session_login) ? \ - KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \ - session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \ - (KCF_PROV_SESSION_OPS(pd) && \ - KCF_PROV_SESSION_OPS(pd)->session_logout) ? \ - KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \ - session, req) : CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_object_ops(9S) entry points. - */ - -#define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \ - session, template, count, object, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \ - new_object, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \ - session, object, template, count, new_object, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \ - session, object, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && \ - KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \ - session, object, size, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \ - count, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && \ - KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \ - (pd)->pd_prov_handle, session, object, template, count, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \ - count, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && \ - KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \ - (pd)->pd_prov_handle, session, object, template, count, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \ - req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && \ - KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \ - session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \ - req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_find( \ - (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \ - req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \ - (KCF_PROV_OBJECT_OPS(pd) && \ - KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \ - KCF_PROV_OBJECT_OPS(pd)->object_find_final( \ - (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_key_ops(9S) entry points. + * Wrappers for crypto_ctx_ops(9S) entry points. */ -#define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \ - req) ( \ - (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \ - KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \ - session, mech, template, count, object, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ - pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \ - (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \ - KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \ - session, mech, pub_template, pub_count, priv_template, \ - priv_count, pub_key, priv_key, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \ - wrapped_key_len, req) ( \ - (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \ - KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \ - session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \ - req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \ - wrapped_key_len, template, count, key, req) ( \ - (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \ - KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \ - session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \ - template, count, key, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \ - key, req) ( \ - (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \ - KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \ - session, mech, base_key, template, count, key, req) : \ - CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_KEY_CHECK(pd, mech, key) ( \ - (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \ - KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \ +#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size) ( \ + (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ + KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ + mech, key, template, size) : \ CRYPTO_NOT_SUPPORTED) -/* - * Wrappers for crypto_provider_management_ops(9S) entry points. - * - * ops_pd is the provider descriptor that supplies the ops_vector. - * pd is the descriptor that supplies the provider handle. - * Only ext_info needs two handles. - */ - -#define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \ - (KCF_PROV_PROVIDER_OPS(ops_pd) && \ - KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \ - KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \ - provext_info, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \ - (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \ - KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \ - pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \ - (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \ - KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \ - session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \ - req) ( \ - (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \ - KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \ - session, old_pin, old_len, new_pin, new_len, req) : \ - CRYPTO_NOT_SUPPORTED) - -/* - * Wrappers for crypto_nostore_key_ops(9S) entry points. - */ - -#define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \ - out_template, out_count, req) ( \ - (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ - KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \ - KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \ - (pd)->pd_prov_handle, session, mech, template, count, \ - out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \ - pub_count, priv_template, priv_count, out_pub_template, \ - out_pub_count, out_priv_template, out_priv_count, req) ( \ - (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ - KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \ - KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \ - (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \ - priv_template, priv_count, out_pub_template, out_pub_count, \ - out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED) - -#define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \ - count, out_template, out_count, req) ( \ - (KCF_PROV_NOSTORE_KEY_OPS(pd) && \ - KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \ - KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \ - (pd)->pd_prov_handle, session, mech, base_key, template, count, \ - out_template, out_count, req) : CRYPTO_NOT_SUPPORTED) - -/* - * The following routines are exported by the kcf module (/kernel/misc/kcf) - * to the crypto and cryptoadmin modules. - */ - -/* Digest/mac/cipher entry points that take a provider descriptor and session */ -extern int crypto_digest_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -extern int crypto_mac_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - - -/* Other private digest/mac/cipher entry points not exported through k-API */ -extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *, - crypto_call_req_t *); - -/* Private sign entry points exported by KCF */ -extern int crypto_sign_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -/* Private verify entry points exported by KCF */ -extern int crypto_verify_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *, - crypto_data_t *, crypto_call_req_t *); - -/* Private dual operations entry points exported by KCF */ -extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t, - crypto_data_t *, crypto_data_t *, crypto_call_req_t *); -extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t, - crypto_data_t *, crypto_data_t *, crypto_call_req_t *); -extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t, - crypto_data_t *, crypto_data_t *, crypto_call_req_t *); -extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t, - crypto_data_t *, crypto_data_t *, crypto_call_req_t *); - -/* Random Number Generation */ -int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf, - size_t len, crypto_call_req_t *req); -int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf, - size_t len, crypto_call_req_t *req); - -/* Provider Management */ -int crypto_get_provider_info(crypto_provider_id_t id, - crypto_provider_info_t **info, crypto_call_req_t *req); -int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id, - uint_t *count, crypto_mech_name_t **list); -int crypto_init_token(crypto_provider_handle_t provider, char *pin, - size_t pin_len, char *label, crypto_call_req_t *); -int crypto_init_pin(crypto_provider_handle_t provider, char *pin, - size_t pin_len, crypto_call_req_t *req); -int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin, - size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req); -void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count); -void crypto_free_provider_info(crypto_provider_info_t *info); +#define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ + (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \ + KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED) -/* Administrative */ -int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list); -int crypto_get_soft_list(uint_t *count, char **list, size_t *len); -int crypto_get_dev_info(char *name, uint_t instance, uint_t *count, - crypto_mech_name_t **list); -int crypto_get_soft_info(caddr_t name, uint_t *count, - crypto_mech_name_t **list); -int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count, - crypto_mech_name_t *list); -int crypto_load_soft_disabled(caddr_t name, uint_t count, - crypto_mech_name_t *list); -int crypto_unload_soft_module(caddr_t path); -int crypto_load_soft_config(caddr_t name, uint_t count, - crypto_mech_name_t *list); -int crypto_load_door(uint_t did); -void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count); -void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count); /* Miscellaneous */ -int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number); -int crypto_get_function_list(crypto_provider_id_t id, - crypto_function_list_t **list, int kmflag); -void crypto_free_function_list(crypto_function_list_t *list); -int crypto_build_permitted_mech_names(kcf_provider_desc_t *, - crypto_mech_name_t **, uint_t *, int); extern void kcf_destroy_mech_tabs(void); extern void kcf_init_mech_tabs(void); extern int kcf_add_mech_provider(short, kcf_provider_desc_t *, kcf_prov_mech_desc_t **); -extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *); +extern void kcf_remove_mech_provider(const char *, kcf_provider_desc_t *); extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **); -extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *); +extern kcf_provider_desc_t *kcf_alloc_provider_desc(void); extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *); extern void kcf_free_provider_desc(kcf_provider_desc_t *); -extern void kcf_soft_config_init(void); -extern int get_sw_provider_for_mech(crypto_mech_name_t, char **); -extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t); extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); -extern void redo_register_provider(kcf_provider_desc_t *); -extern void kcf_rnd_init(void); -extern boolean_t kcf_rngprov_check(void); -extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t); -extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t, boolean_t); -extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t); -extern void kcf_rnd_schedule_timeout(boolean_t); -extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t, - void *, void (*update)(void)); -extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t, - void *, void (*update)(void)); extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); -extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *); -extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *, - int kmflag); -extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *, - void (*update)(void), void (*final)(void), uchar_t); extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)); + int (*cipher)(void *, caddr_t, size_t, crypto_data_t *)); extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)); -extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)); -extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **, - ssize_t *); + int (*cipher)(void *, caddr_t, size_t, crypto_data_t *)); /* Access to the provider's table */ extern void kcf_prov_tab_destroy(void); extern void kcf_prov_tab_init(void); extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *); extern int kcf_prov_tab_rem_provider(crypto_provider_id_t); -extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *); -extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t); -extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int, - char *, uint_t, boolean_t); -extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t); -extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **); extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t); extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **, kcf_mech_entry_t **, boolean_t); -/* Access to the policy table */ -extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t); -extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *, - uint_t, crypto_mech_name_t); -extern void kcf_policy_tab_init(void); -extern void kcf_policy_free_desc(kcf_policy_desc_t *); -extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **); -extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *, - crypto_mech_name_t **); -extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *); -extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t); -extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *, - uint_t *, crypto_mech_name_t **); -extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t, - crypto_mech_name_t *, uint_t *, crypto_mech_name_t **); -extern boolean_t in_soft_config_list(char *); - #ifdef __cplusplus } |