aboutsummaryrefslogtreecommitdiffstats
path: root/module/icp/include
diff options
context:
space:
mode:
authorнаб <[email protected]>2021-12-22 23:29:25 +0100
committerBrian Behlendorf <[email protected]>2022-02-15 16:23:28 -0800
commit464700ae0293a3bb5d84d35eb7fc771ec22f3fad (patch)
treeadd44730a05d959049485cce3b21d58bcb0d4aca /module/icp/include
parentf5896e2bdf9d8824befe8660c7fe1f77ff773e3b (diff)
module: icp: spi: crypto_ops_t: remove unused op types
Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Ahelenia Ziemiańska <[email protected]> Closes #12901
Diffstat (limited to 'module/icp/include')
-rw-r--r--module/icp/include/sys/crypto/impl.h653
-rw-r--r--module/icp/include/sys/crypto/ops_impl.h389
-rw-r--r--module/icp/include/sys/crypto/sched_impl.h27
-rw-r--r--module/icp/include/sys/crypto/spi.h358
4 files changed, 23 insertions, 1404 deletions
diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h
index bb777e689..3c8f4d37e 100644
--- a/module/icp/include/sys/crypto/impl.h
+++ b/module/icp/include/sys/crypto/impl.h
@@ -117,7 +117,7 @@ typedef struct kcf_sched_info {
* When impl.h is broken up (bug# 4703218), this will be done. For now,
* we hardcode these values.
*/
-#define KCF_OPS_CLASSSIZE 8
+#define KCF_OPS_CLASSSIZE 4
#define KCF_MAXMECHTAB 32
/*
@@ -393,21 +393,15 @@ extern kcf_soft_conf_entry_t *soft_config_list;
#define KCF_MAXDIGEST 16 /* Digests */
#define KCF_MAXCIPHER 64 /* Ciphers */
#define KCF_MAXMAC 40 /* Message authentication codes */
-#define KCF_MAXSIGN 24 /* Sign/Verify */
-#define KCF_MAXKEYOPS 116 /* Key generation and derivation */
-#define KCF_MAXMISC 16 /* Others ... */
typedef enum {
KCF_DIGEST_CLASS = 1,
KCF_CIPHER_CLASS,
KCF_MAC_CLASS,
- KCF_SIGN_CLASS,
- KCF_KEYOPS_CLASS,
- KCF_MISC_CLASS
} kcf_ops_class_t;
#define KCF_FIRST_OPSCLASS KCF_DIGEST_CLASS
-#define KCF_LAST_OPSCLASS KCF_MISC_CLASS
+#define KCF_LAST_OPSCLASS KCF_MAC_CLASS
/* The table of all the kcf_xxx_mech_tab[]s, indexed by kcf_ops_class */
@@ -498,65 +492,15 @@ typedef struct crypto_minor {
#define KCF_INVALID_INDX ((ushort_t)-1)
/*
- * kCF internal mechanism and function group for tracking RNG providers.
- */
-#define SUN_RANDOM "random"
-#define CRYPTO_FG_RANDOM 0x80000000 /* generate_random() */
-
-/*
* Wrappers for ops vectors. In the wrapper definitions below, the pd
* argument always corresponds to a pointer to a provider descriptor
* of type kcf_prov_desc_t.
*/
-#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops)
#define KCF_PROV_DIGEST_OPS(pd) ((pd)->pd_ops_vector->co_digest_ops)
#define KCF_PROV_CIPHER_OPS(pd) ((pd)->pd_ops_vector->co_cipher_ops)
#define KCF_PROV_MAC_OPS(pd) ((pd)->pd_ops_vector->co_mac_ops)
-#define KCF_PROV_SIGN_OPS(pd) ((pd)->pd_ops_vector->co_sign_ops)
-#define KCF_PROV_VERIFY_OPS(pd) ((pd)->pd_ops_vector->co_verify_ops)
-#define KCF_PROV_DUAL_OPS(pd) ((pd)->pd_ops_vector->co_dual_ops)
-#define KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) \
- ((pd)->pd_ops_vector->co_dual_cipher_mac_ops)
-#define KCF_PROV_RANDOM_OPS(pd) ((pd)->pd_ops_vector->co_random_ops)
-#define KCF_PROV_SESSION_OPS(pd) ((pd)->pd_ops_vector->co_session_ops)
-#define KCF_PROV_OBJECT_OPS(pd) ((pd)->pd_ops_vector->co_object_ops)
-#define KCF_PROV_KEY_OPS(pd) ((pd)->pd_ops_vector->co_key_ops)
-#define KCF_PROV_PROVIDER_OPS(pd) ((pd)->pd_ops_vector->co_provider_ops)
-#define KCF_PROV_MECH_OPS(pd) ((pd)->pd_ops_vector->co_mech_ops)
-#define KCF_PROV_NOSTORE_KEY_OPS(pd) \
- ((pd)->pd_ops_vector->co_nostore_key_ops)
-
-/*
- * Wrappers for crypto_ctx_ops(9S) entry points.
- */
-
-#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \
- (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \
- KCF_PROV_CTX_OPS(pd)->create_ctx_template( \
- (pd)->pd_prov_handle, mech, key, template, size, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \
- (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \
- KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_COPYIN_MECH(pd, umech, kmech, errorp, mode) ( \
- (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyin_mechanism) ? \
- KCF_PROV_MECH_OPS(pd)->copyin_mechanism( \
- (pd)->pd_prov_handle, umech, kmech, errorp, mode) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_COPYOUT_MECH(pd, kmech, umech, errorp, mode) ( \
- (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->copyout_mechanism) ? \
- KCF_PROV_MECH_OPS(pd)->copyout_mechanism( \
- (pd)->pd_prov_handle, kmech, umech, errorp, mode) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_FREE_MECH(pd, prov_mech) ( \
- (KCF_PROV_MECH_OPS(pd) && KCF_PROV_MECH_OPS(pd)->free_mechanism) ? \
- KCF_PROV_MECH_OPS(pd)->free_mechanism( \
- (pd)->pd_prov_handle, prov_mech) : CRYPTO_NOT_SUPPORTED)
+#define KCF_PROV_CTX_OPS(pd) ((pd)->pd_ops_vector->co_ctx_ops)
/*
* Wrappers for crypto_digest_ops(9S) entry points.
@@ -706,552 +650,21 @@ typedef struct crypto_minor {
CRYPTO_NOT_SUPPORTED)
/*
- * Wrappers for crypto_sign_ops(9S) entry points.
- */
-
-#define KCF_PROV_SIGN_INIT(pd, ctx, mech, key, template, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_init) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_init( \
- ctx, mech, key, template, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN(pd, ctx, data, sig, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign) ? \
- KCF_PROV_SIGN_OPS(pd)->sign(ctx, data, sig, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_UPDATE(pd, ctx, data, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_update) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_update(ctx, data, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_FINAL(pd, ctx, sig, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_final) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_final(ctx, sig, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_ATOMIC(pd, session, mech, key, data, template, \
- sig, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_atomic) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_atomic( \
- (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_RECOVER_INIT(pd, ctx, mech, key, template, \
- req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover_init) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_recover_init(ctx, mech, key, template, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_RECOVER(pd, ctx, data, sig, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && KCF_PROV_SIGN_OPS(pd)->sign_recover) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_recover(ctx, data, sig, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_RECOVER_ATOMIC(pd, session, mech, key, data, template, \
- sig, req) ( \
- (KCF_PROV_SIGN_OPS(pd) && \
- KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic) ? \
- KCF_PROV_SIGN_OPS(pd)->sign_recover_atomic( \
- (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_verify_ops(9S) entry points.
- */
-
-#define KCF_PROV_VERIFY_INIT(pd, ctx, mech, key, template, req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_init) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_init(ctx, mech, key, template, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_VERIFY(pd, ctx, data, sig, req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->do_verify) ? \
- KCF_PROV_VERIFY_OPS(pd)->do_verify(ctx, data, sig, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_VERIFY_UPDATE(pd, ctx, data, req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_update) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_update(ctx, data, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_VERIFY_FINAL(pd, ctx, sig, req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_final) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_final(ctx, sig, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_VERIFY_ATOMIC(pd, session, mech, key, data, template, sig, \
- req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_atomic) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_atomic( \
- (pd)->pd_prov_handle, session, mech, key, data, sig, template, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx, mech, key, template, \
- req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && \
- KCF_PROV_VERIFY_OPS(pd)->verify_recover_init) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_recover_init(ctx, mech, key, \
- template, req) : CRYPTO_NOT_SUPPORTED)
-
-/* verify_recover() CSPI routine has different argument order than verify() */
-#define KCF_PROV_VERIFY_RECOVER(pd, ctx, sig, data, req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && KCF_PROV_VERIFY_OPS(pd)->verify_recover) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_recover(ctx, sig, data, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-/*
- * verify_recover_atomic() CSPI routine has different argument order
- * than verify_atomic().
- */
-#define KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, session, mech, key, sig, \
- template, data, req) ( \
- (KCF_PROV_VERIFY_OPS(pd) && \
- KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic) ? \
- KCF_PROV_VERIFY_OPS(pd)->verify_recover_atomic( \
- (pd)->pd_prov_handle, session, mech, key, sig, data, template, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_dual_ops(9S) entry points.
- */
-
-#define KCF_PROV_DIGEST_ENCRYPT_UPDATE(digest_ctx, encrypt_ctx, plaintext, \
- ciphertext, req) ( \
- (KCF_PROV_DUAL_OPS(pd) && \
- KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update) ? \
- KCF_PROV_DUAL_OPS(pd)->digest_encrypt_update( \
- digest_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_DECRYPT_DIGEST_UPDATE(decrypt_ctx, digest_ctx, ciphertext, \
- plaintext, req) ( \
- (KCF_PROV_DUAL_OPS(pd) && \
- KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update) ? \
- KCF_PROV_DUAL_OPS(pd)->decrypt_digest_update( \
- decrypt_ctx, digest_ctx, ciphertext, plaintext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SIGN_ENCRYPT_UPDATE(sign_ctx, encrypt_ctx, plaintext, \
- ciphertext, req) ( \
- (KCF_PROV_DUAL_OPS(pd) && \
- KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update) ? \
- KCF_PROV_DUAL_OPS(pd)->sign_encrypt_update( \
- sign_ctx, encrypt_ctx, plaintext, ciphertext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_DECRYPT_VERIFY_UPDATE(decrypt_ctx, verify_ctx, ciphertext, \
- plaintext, req) ( \
- (KCF_PROV_DUAL_OPS(pd) && \
- KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update) ? \
- KCF_PROV_DUAL_OPS(pd)->decrypt_verify_update( \
- decrypt_ctx, verify_ctx, ciphertext, plaintext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_dual_cipher_mac_ops(9S) entry points.
- */
-
-#define KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, encr_mech, encr_key, mac_mech, \
- mac_key, encr_ctx_template, mac_ctx_template, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_init( \
- ctx, encr_mech, encr_key, mac_mech, mac_key, encr_ctx_template, \
- mac_ctx_template, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_ENCRYPT_MAC(pd, ctx, plaintext, ciphertext, mac, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac( \
- ctx, plaintext, ciphertext, mac, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, plaintext, ciphertext, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_update( \
- ctx, plaintext, ciphertext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ciphertext, mac, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_final( \
- ctx, ciphertext, mac, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, session, encr_mech, encr_key, \
- mac_mech, mac_key, plaintext, ciphertext, mac, \
- encr_ctx_template, mac_ctx_template, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->encrypt_mac_atomic( \
- (pd)->pd_prov_handle, session, encr_mech, encr_key, \
- mac_mech, mac_key, plaintext, ciphertext, mac, \
- encr_ctx_template, mac_ctx_template, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, mac_mech, mac_key, decr_mech, \
- decr_key, mac_ctx_template, decr_ctx_template, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_init( \
- ctx, mac_mech, mac_key, decr_mech, decr_key, mac_ctx_template, \
- decr_ctx_template, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_MAC_DECRYPT(pd, ctx, ciphertext, mac, plaintext, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt( \
- ctx, ciphertext, mac, plaintext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ciphertext, plaintext, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_update( \
- ctx, ciphertext, plaintext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, plaintext, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_final( \
- ctx, mac, plaintext, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_MAC_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
- decr_mech, decr_key, ciphertext, mac, plaintext, \
- mac_ctx_template, decr_ctx_template, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_decrypt_atomic( \
- (pd)->pd_prov_handle, session, mac_mech, mac_key, \
- decr_mech, decr_key, ciphertext, mac, plaintext, \
- mac_ctx_template, decr_ctx_template, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd, session, mac_mech, mac_key, \
- decr_mech, decr_key, ciphertext, mac, plaintext, \
- mac_ctx_template, decr_ctx_template, req) ( \
- (KCF_PROV_DUAL_CIPHER_MAC_OPS(pd) && \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic \
- != NULL) ? \
- KCF_PROV_DUAL_CIPHER_MAC_OPS(pd)->mac_verify_decrypt_atomic( \
- (pd)->pd_prov_handle, session, mac_mech, mac_key, \
- decr_mech, decr_key, ciphertext, mac, plaintext, \
- mac_ctx_template, decr_ctx_template, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_random_number_ops(9S) entry points.
- */
-
-#define KCF_PROV_SEED_RANDOM(pd, session, buf, len, est, flags, req) ( \
- (KCF_PROV_RANDOM_OPS(pd) && KCF_PROV_RANDOM_OPS(pd)->seed_random) ? \
- KCF_PROV_RANDOM_OPS(pd)->seed_random((pd)->pd_prov_handle, \
- session, buf, len, est, flags, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_GENERATE_RANDOM(pd, session, buf, len, req) ( \
- (KCF_PROV_RANDOM_OPS(pd) && \
- KCF_PROV_RANDOM_OPS(pd)->generate_random) ? \
- KCF_PROV_RANDOM_OPS(pd)->generate_random((pd)->pd_prov_handle, \
- session, buf, len, req) : CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_session_ops(9S) entry points.
- *
- * ops_pd is the provider descriptor that supplies the ops_vector.
- * pd is the descriptor that supplies the provider handle.
- * Only session open/close needs two handles.
- */
-
-#define KCF_PROV_SESSION_OPEN(ops_pd, session, req, pd) ( \
- (KCF_PROV_SESSION_OPS(ops_pd) && \
- KCF_PROV_SESSION_OPS(ops_pd)->session_open) ? \
- KCF_PROV_SESSION_OPS(ops_pd)->session_open((pd)->pd_prov_handle, \
- session, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SESSION_CLOSE(ops_pd, session, req, pd) ( \
- (KCF_PROV_SESSION_OPS(ops_pd) && \
- KCF_PROV_SESSION_OPS(ops_pd)->session_close) ? \
- KCF_PROV_SESSION_OPS(ops_pd)->session_close((pd)->pd_prov_handle, \
- session, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SESSION_LOGIN(pd, session, user_type, pin, len, req) ( \
- (KCF_PROV_SESSION_OPS(pd) && \
- KCF_PROV_SESSION_OPS(pd)->session_login) ? \
- KCF_PROV_SESSION_OPS(pd)->session_login((pd)->pd_prov_handle, \
- session, user_type, pin, len, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SESSION_LOGOUT(pd, session, req) ( \
- (KCF_PROV_SESSION_OPS(pd) && \
- KCF_PROV_SESSION_OPS(pd)->session_logout) ? \
- KCF_PROV_SESSION_OPS(pd)->session_logout((pd)->pd_prov_handle, \
- session, req) : CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_object_ops(9S) entry points.
- */
-
-#define KCF_PROV_OBJECT_CREATE(pd, session, template, count, object, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_create) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_create((pd)->pd_prov_handle, \
- session, template, count, object, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_COPY(pd, session, object, template, count, \
- new_object, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_copy) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_copy((pd)->pd_prov_handle, \
- session, object, template, count, new_object, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_DESTROY(pd, session, object, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_destroy) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_destroy((pd)->pd_prov_handle, \
- session, object, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_GET_SIZE(pd, session, object, size, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && \
- KCF_PROV_OBJECT_OPS(pd)->object_get_size) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_get_size((pd)->pd_prov_handle, \
- session, object, size, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd, session, object, template, \
- count, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && \
- KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_get_attribute_value( \
- (pd)->pd_prov_handle, session, object, template, count, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd, session, object, template, \
- count, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && \
- KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_set_attribute_value( \
- (pd)->pd_prov_handle, session, object, template, count, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_FIND_INIT(pd, session, template, count, ppriv, \
- req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && \
- KCF_PROV_OBJECT_OPS(pd)->object_find_init) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_find_init((pd)->pd_prov_handle, \
- session, template, count, ppriv, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_FIND(pd, ppriv, objects, max_objects, object_count, \
- req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && KCF_PROV_OBJECT_OPS(pd)->object_find) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_find( \
- (pd)->pd_prov_handle, ppriv, objects, max_objects, object_count, \
- req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_OBJECT_FIND_FINAL(pd, ppriv, req) ( \
- (KCF_PROV_OBJECT_OPS(pd) && \
- KCF_PROV_OBJECT_OPS(pd)->object_find_final) ? \
- KCF_PROV_OBJECT_OPS(pd)->object_find_final( \
- (pd)->pd_prov_handle, ppriv, req) : CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_key_ops(9S) entry points.
+ * Wrappers for crypto_ctx_ops(9S) entry points.
*/
-#define KCF_PROV_KEY_GENERATE(pd, session, mech, template, count, object, \
- req) ( \
- (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate) ? \
- KCF_PROV_KEY_OPS(pd)->key_generate((pd)->pd_prov_handle, \
- session, mech, template, count, object, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
- pub_count, priv_template, priv_count, pub_key, priv_key, req) ( \
- (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_generate_pair) ? \
- KCF_PROV_KEY_OPS(pd)->key_generate_pair((pd)->pd_prov_handle, \
- session, mech, pub_template, pub_count, priv_template, \
- priv_count, pub_key, priv_key, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_KEY_WRAP(pd, session, mech, wrapping_key, key, wrapped_key, \
- wrapped_key_len, req) ( \
- (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_wrap) ? \
- KCF_PROV_KEY_OPS(pd)->key_wrap((pd)->pd_prov_handle, \
- session, mech, wrapping_key, key, wrapped_key, wrapped_key_len, \
- req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_KEY_UNWRAP(pd, session, mech, unwrapping_key, wrapped_key, \
- wrapped_key_len, template, count, key, req) ( \
- (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_unwrap) ? \
- KCF_PROV_KEY_OPS(pd)->key_unwrap((pd)->pd_prov_handle, \
- session, mech, unwrapping_key, wrapped_key, wrapped_key_len, \
- template, count, key, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_KEY_DERIVE(pd, session, mech, base_key, template, count, \
- key, req) ( \
- (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_derive) ? \
- KCF_PROV_KEY_OPS(pd)->key_derive((pd)->pd_prov_handle, \
- session, mech, base_key, template, count, key, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_KEY_CHECK(pd, mech, key) ( \
- (KCF_PROV_KEY_OPS(pd) && KCF_PROV_KEY_OPS(pd)->key_check) ? \
- KCF_PROV_KEY_OPS(pd)->key_check((pd)->pd_prov_handle, mech, key) : \
+#define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size, req) ( \
+ (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \
+ KCF_PROV_CTX_OPS(pd)->create_ctx_template( \
+ (pd)->pd_prov_handle, mech, key, template, size, req) : \
CRYPTO_NOT_SUPPORTED)
-/*
- * Wrappers for crypto_provider_management_ops(9S) entry points.
- *
- * ops_pd is the provider descriptor that supplies the ops_vector.
- * pd is the descriptor that supplies the provider handle.
- * Only ext_info needs two handles.
- */
-
-#define KCF_PROV_EXT_INFO(ops_pd, provext_info, req, pd) ( \
- (KCF_PROV_PROVIDER_OPS(ops_pd) && \
- KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info) ? \
- KCF_PROV_PROVIDER_OPS(ops_pd)->ext_info((pd)->pd_prov_handle, \
- provext_info, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_INIT_TOKEN(pd, pin, pin_len, label, req) ( \
- (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_token) ? \
- KCF_PROV_PROVIDER_OPS(pd)->init_token((pd)->pd_prov_handle, \
- pin, pin_len, label, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_INIT_PIN(pd, session, pin, pin_len, req) ( \
- (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->init_pin) ? \
- KCF_PROV_PROVIDER_OPS(pd)->init_pin((pd)->pd_prov_handle, \
- session, pin, pin_len, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_SET_PIN(pd, session, old_pin, old_len, new_pin, new_len, \
- req) ( \
- (KCF_PROV_PROVIDER_OPS(pd) && KCF_PROV_PROVIDER_OPS(pd)->set_pin) ? \
- KCF_PROV_PROVIDER_OPS(pd)->set_pin((pd)->pd_prov_handle, \
- session, old_pin, old_len, new_pin, new_len, req) : \
- CRYPTO_NOT_SUPPORTED)
-
-/*
- * Wrappers for crypto_nostore_key_ops(9S) entry points.
- */
-
-#define KCF_PROV_NOSTORE_KEY_GENERATE(pd, session, mech, template, count, \
- out_template, out_count, req) ( \
- (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
- KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate) ? \
- KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate( \
- (pd)->pd_prov_handle, session, mech, template, count, \
- out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd, session, mech, pub_template, \
- pub_count, priv_template, priv_count, out_pub_template, \
- out_pub_count, out_priv_template, out_priv_count, req) ( \
- (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
- KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair) ? \
- KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_generate_pair( \
- (pd)->pd_prov_handle, session, mech, pub_template, pub_count, \
- priv_template, priv_count, out_pub_template, out_pub_count, \
- out_priv_template, out_priv_count, req) : CRYPTO_NOT_SUPPORTED)
-
-#define KCF_PROV_NOSTORE_KEY_DERIVE(pd, session, mech, base_key, template, \
- count, out_template, out_count, req) ( \
- (KCF_PROV_NOSTORE_KEY_OPS(pd) && \
- KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive) ? \
- KCF_PROV_NOSTORE_KEY_OPS(pd)->nostore_key_derive( \
- (pd)->pd_prov_handle, session, mech, base_key, template, count, \
- out_template, out_count, req) : CRYPTO_NOT_SUPPORTED)
-
-/*
- * The following routines are exported by the kcf module (/kernel/misc/kcf)
- * to the crypto and cryptoadmin modules.
- */
+#define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \
+ (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->free_context) ? \
+ KCF_PROV_CTX_OPS(pd)->free_context(ctx) : CRYPTO_NOT_SUPPORTED)
-/* Digest/mac/cipher entry points that take a provider descriptor and session */
-extern int crypto_digest_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-extern int crypto_mac_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-extern int crypto_encrypt_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-extern int crypto_decrypt_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-
-/* Other private digest/mac/cipher entry points not exported through k-API */
-extern int crypto_digest_key_prov(crypto_context_t, crypto_key_t *,
- crypto_call_req_t *);
-
-/* Private sign entry points exported by KCF */
-extern int crypto_sign_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-extern int crypto_sign_recover_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-/* Private verify entry points exported by KCF */
-extern int crypto_verify_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-extern int crypto_verify_recover_single(crypto_context_t, crypto_data_t *,
- crypto_data_t *, crypto_call_req_t *);
-
-/* Private dual operations entry points exported by KCF */
-extern int crypto_digest_encrypt_update(crypto_context_t, crypto_context_t,
- crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
-extern int crypto_decrypt_digest_update(crypto_context_t, crypto_context_t,
- crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
-extern int crypto_sign_encrypt_update(crypto_context_t, crypto_context_t,
- crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
-extern int crypto_decrypt_verify_update(crypto_context_t, crypto_context_t,
- crypto_data_t *, crypto_data_t *, crypto_call_req_t *);
-
-/* Random Number Generation */
-int crypto_seed_random(crypto_provider_handle_t provider, uchar_t *buf,
- size_t len, crypto_call_req_t *req);
-int crypto_generate_random(crypto_provider_handle_t provider, uchar_t *buf,
- size_t len, crypto_call_req_t *req);
-
-/* Provider Management */
-int crypto_get_provider_info(crypto_provider_id_t id,
- crypto_provider_info_t **info, crypto_call_req_t *req);
-int crypto_get_provider_mechanisms(crypto_minor_t *, crypto_provider_id_t id,
- uint_t *count, crypto_mech_name_t **list);
-int crypto_init_token(crypto_provider_handle_t provider, char *pin,
- size_t pin_len, char *label, crypto_call_req_t *);
-int crypto_init_pin(crypto_provider_handle_t provider, char *pin,
- size_t pin_len, crypto_call_req_t *req);
-int crypto_set_pin(crypto_provider_handle_t provider, char *old_pin,
- size_t old_len, char *new_pin, size_t new_len, crypto_call_req_t *req);
-void crypto_free_provider_list(crypto_provider_entry_t *list, uint_t count);
-void crypto_free_provider_info(crypto_provider_info_t *info);
-
-/* Administrative */
-int crypto_get_dev_list(uint_t *count, crypto_dev_list_entry_t **list);
-int crypto_get_soft_list(uint_t *count, char **list, size_t *len);
-int crypto_get_dev_info(char *name, uint_t instance, uint_t *count,
- crypto_mech_name_t **list);
-int crypto_get_soft_info(caddr_t name, uint_t *count,
- crypto_mech_name_t **list);
-int crypto_load_dev_disabled(char *name, uint_t instance, uint_t count,
- crypto_mech_name_t *list);
-int crypto_load_soft_disabled(caddr_t name, uint_t count,
- crypto_mech_name_t *list);
-int crypto_unload_soft_module(caddr_t path);
-int crypto_load_soft_config(caddr_t name, uint_t count,
- crypto_mech_name_t *list);
-int crypto_load_door(uint_t did);
-void crypto_free_mech_list(crypto_mech_name_t *list, uint_t count);
-void crypto_free_dev_list(crypto_dev_list_entry_t *list, uint_t count);
/* Miscellaneous */
-int crypto_get_mechanism_number(caddr_t name, crypto_mech_type_t *number);
-int crypto_build_permitted_mech_names(kcf_provider_desc_t *,
- crypto_mech_name_t **, uint_t *, int);
extern void kcf_destroy_mech_tabs(void);
extern void kcf_init_mech_tabs(void);
extern int kcf_add_mech_provider(short, kcf_provider_desc_t *,
@@ -1262,71 +675,27 @@ extern kcf_provider_desc_t *kcf_alloc_provider_desc(
const crypto_provider_info_t *);
extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
extern void kcf_free_provider_desc(kcf_provider_desc_t *);
-extern void kcf_soft_config_init(void);
-extern int get_sw_provider_for_mech(crypto_mech_name_t, char **);
extern crypto_mech_type_t crypto_mech2id_common(const char *, boolean_t);
extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
-extern void redo_register_provider(kcf_provider_desc_t *);
-extern void kcf_rnd_init(void);
-extern boolean_t kcf_rngprov_check(void);
-extern int kcf_rnd_get_pseudo_bytes(uint8_t *, size_t);
-extern int kcf_rnd_get_bytes(uint8_t *, size_t, boolean_t, boolean_t);
-extern int random_add_pseudo_entropy(uint8_t *, size_t, uint_t);
-extern void kcf_rnd_schedule_timeout(boolean_t);
extern int crypto_uio_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
void *, void (*update)(void));
-extern int crypto_mblk_data(crypto_data_t *, uchar_t *, int, cmd_type_t,
- void *, void (*update)(void));
extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
-extern int crypto_get_input_data(crypto_data_t *, uchar_t **, uchar_t *);
-extern int crypto_copy_key_to_ctx(crypto_key_t *, crypto_key_t **, size_t *,
- int kmflag);
-extern int crypto_digest_data(crypto_data_t *, void *, uchar_t *,
- void (*update)(void), void (*final)(void), uchar_t);
extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *,
int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
void (*copy_block)(uint8_t *, uint64_t *));
extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *,
int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
void (*copy_block)(uint8_t *, uint64_t *));
-extern int crypto_update_mp(void *, crypto_data_t *, crypto_data_t *,
- int (*cipher)(void *, caddr_t, size_t, crypto_data_t *),
- void (*copy_block)(uint8_t *, uint64_t *));
-extern int crypto_get_key_attr(crypto_key_t *, crypto_attr_type_t, uchar_t **,
- ssize_t *);
/* Access to the provider's table */
extern void kcf_prov_tab_destroy(void);
extern void kcf_prov_tab_init(void);
extern int kcf_prov_tab_add_provider(kcf_provider_desc_t *);
extern int kcf_prov_tab_rem_provider(crypto_provider_id_t);
-extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_name(char *);
-extern kcf_provider_desc_t *kcf_prov_tab_lookup_by_dev(char *, uint_t);
-extern int kcf_get_hw_prov_tab(uint_t *, kcf_provider_desc_t ***, int,
- char *, uint_t, boolean_t);
-extern int kcf_get_slot_list(uint_t *, kcf_provider_desc_t ***, boolean_t);
-extern void kcf_free_provider_tab(uint_t, kcf_provider_desc_t **);
extern kcf_provider_desc_t *kcf_prov_tab_lookup(crypto_provider_id_t);
extern int kcf_get_sw_prov(crypto_mech_type_t, kcf_provider_desc_t **,
kcf_mech_entry_t **, boolean_t);
-/* Access to the policy table */
-extern boolean_t is_mech_disabled(kcf_provider_desc_t *, crypto_mech_name_t);
-extern boolean_t is_mech_disabled_byname(crypto_provider_type_t, char *,
- uint_t, crypto_mech_name_t);
-extern void kcf_policy_tab_init(void);
-extern void kcf_policy_free_desc(kcf_policy_desc_t *);
-extern void kcf_policy_remove_by_name(char *, uint_t *, crypto_mech_name_t **);
-extern void kcf_policy_remove_by_dev(char *, uint_t, uint_t *,
- crypto_mech_name_t **);
-extern kcf_policy_desc_t *kcf_policy_lookup_by_name(char *);
-extern kcf_policy_desc_t *kcf_policy_lookup_by_dev(char *, uint_t);
-extern int kcf_policy_load_soft_disabled(char *, uint_t, crypto_mech_name_t *,
- uint_t *, crypto_mech_name_t **);
-extern int kcf_policy_load_dev_disabled(char *, uint_t, uint_t,
- crypto_mech_name_t *, uint_t *, crypto_mech_name_t **);
-extern boolean_t in_soft_config_list(char *);
-
#ifdef __cplusplus
}
diff --git a/module/icp/include/sys/crypto/ops_impl.h b/module/icp/include/sys/crypto/ops_impl.h
index 230d74b06..9300e53bc 100644
--- a/module/icp/include/sys/crypto/ops_impl.h
+++ b/module/icp/include/sys/crypto/ops_impl.h
@@ -87,141 +87,6 @@ typedef struct kcf_decrypt_ops_params {
crypto_spi_ctx_template_t dop_templ;
} kcf_decrypt_ops_params_t;
-typedef struct kcf_sign_ops_params {
- crypto_session_id_t so_sid;
- crypto_mech_type_t so_framework_mechtype;
- crypto_mechanism_t so_mech;
- crypto_key_t *so_key;
- crypto_data_t *so_data;
- crypto_data_t *so_signature;
- crypto_spi_ctx_template_t so_templ;
-} kcf_sign_ops_params_t;
-
-typedef struct kcf_verify_ops_params {
- crypto_session_id_t vo_sid;
- crypto_mech_type_t vo_framework_mechtype;
- crypto_mechanism_t vo_mech;
- crypto_key_t *vo_key;
- crypto_data_t *vo_data;
- crypto_data_t *vo_signature;
- crypto_spi_ctx_template_t vo_templ;
-} kcf_verify_ops_params_t;
-
-typedef struct kcf_encrypt_mac_ops_params {
- crypto_session_id_t em_sid;
- crypto_mech_type_t em_framework_encr_mechtype;
- crypto_mechanism_t em_encr_mech;
- crypto_key_t *em_encr_key;
- crypto_mech_type_t em_framework_mac_mechtype;
- crypto_mechanism_t em_mac_mech;
- crypto_key_t *em_mac_key;
- crypto_data_t *em_plaintext;
- crypto_dual_data_t *em_ciphertext;
- crypto_data_t *em_mac;
- crypto_spi_ctx_template_t em_encr_templ;
- crypto_spi_ctx_template_t em_mac_templ;
-} kcf_encrypt_mac_ops_params_t;
-
-typedef struct kcf_mac_decrypt_ops_params {
- crypto_session_id_t md_sid;
- crypto_mech_type_t md_framework_mac_mechtype;
- crypto_mechanism_t md_mac_mech;
- crypto_key_t *md_mac_key;
- crypto_mech_type_t md_framework_decr_mechtype;
- crypto_mechanism_t md_decr_mech;
- crypto_key_t *md_decr_key;
- crypto_dual_data_t *md_ciphertext;
- crypto_data_t *md_mac;
- crypto_data_t *md_plaintext;
- crypto_spi_ctx_template_t md_mac_templ;
- crypto_spi_ctx_template_t md_decr_templ;
-} kcf_mac_decrypt_ops_params_t;
-
-typedef struct kcf_random_number_ops_params {
- crypto_session_id_t rn_sid;
- uchar_t *rn_buf;
- size_t rn_buflen;
- uint_t rn_entropy_est;
- uint32_t rn_flags;
-} kcf_random_number_ops_params_t;
-
-/*
- * so_pd is useful when the provider descriptor (pd) supplying the
- * provider handle is different from the pd supplying the ops vector.
- * This is the case for session open/close where so_pd can be the pd
- * of a logical provider. The pd supplying the ops vector is passed
- * as an argument to kcf_submit_request().
- */
-typedef struct kcf_session_ops_params {
- crypto_session_id_t *so_sid_ptr;
- crypto_session_id_t so_sid;
- crypto_user_type_t so_user_type;
- char *so_pin;
- size_t so_pin_len;
- kcf_provider_desc_t *so_pd;
-} kcf_session_ops_params_t;
-
-typedef struct kcf_object_ops_params {
- crypto_session_id_t oo_sid;
- crypto_object_id_t oo_object_id;
- crypto_object_attribute_t *oo_template;
- uint_t oo_attribute_count;
- crypto_object_id_t *oo_object_id_ptr;
- size_t *oo_object_size;
- void **oo_find_init_pp_ptr;
- void *oo_find_pp;
- uint_t oo_max_object_count;
- uint_t *oo_object_count_ptr;
-} kcf_object_ops_params_t;
-
-/*
- * ko_key is used to encode wrapping key in key_wrap() and
- * unwrapping key in key_unwrap(). ko_key_template and
- * ko_key_attribute_count are used to encode public template
- * and public template attr count in key_generate_pair().
- * kops->ko_key_object_id_ptr is used to encode public key
- * in key_generate_pair().
- */
-typedef struct kcf_key_ops_params {
- crypto_session_id_t ko_sid;
- crypto_mech_type_t ko_framework_mechtype;
- crypto_mechanism_t ko_mech;
- crypto_object_attribute_t *ko_key_template;
- uint_t ko_key_attribute_count;
- crypto_object_id_t *ko_key_object_id_ptr;
- crypto_object_attribute_t *ko_private_key_template;
- uint_t ko_private_key_attribute_count;
- crypto_object_id_t *ko_private_key_object_id_ptr;
- crypto_key_t *ko_key;
- uchar_t *ko_wrapped_key;
- size_t *ko_wrapped_key_len_ptr;
- crypto_object_attribute_t *ko_out_template1;
- crypto_object_attribute_t *ko_out_template2;
- uint_t ko_out_attribute_count1;
- uint_t ko_out_attribute_count2;
-} kcf_key_ops_params_t;
-
-/*
- * po_pin and po_pin_len are used to encode new_pin and new_pin_len
- * when wrapping set_pin() function parameters.
- *
- * po_pd is useful when the provider descriptor (pd) supplying the
- * provider handle is different from the pd supplying the ops vector.
- * This is true for the ext_info provider entry point where po_pd
- * can be the pd of a logical provider. The pd supplying the ops vector
- * is passed as an argument to kcf_submit_request().
- */
-typedef struct kcf_provmgmt_ops_params {
- crypto_session_id_t po_sid;
- char *po_pin;
- size_t po_pin_len;
- char *po_old_pin;
- size_t po_old_pin_len;
- char *po_label;
- crypto_provider_ext_info_t *po_ext_info;
- kcf_provider_desc_t *po_pd;
-} kcf_provmgmt_ops_params_t;
-
/*
* The operation type within a function group.
*/
@@ -241,51 +106,6 @@ typedef enum kcf_op_type {
/* mac/cipher specific op */
KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC,
-
- /* sign_recover ops */
- KCF_OP_SIGN_RECOVER_INIT,
- KCF_OP_SIGN_RECOVER,
- KCF_OP_SIGN_RECOVER_ATOMIC,
-
- /* verify_recover ops */
- KCF_OP_VERIFY_RECOVER_INIT,
- KCF_OP_VERIFY_RECOVER,
- KCF_OP_VERIFY_RECOVER_ATOMIC,
-
- /* random number ops */
- KCF_OP_RANDOM_SEED,
- KCF_OP_RANDOM_GENERATE,
-
- /* session management ops */
- KCF_OP_SESSION_OPEN,
- KCF_OP_SESSION_CLOSE,
- KCF_OP_SESSION_LOGIN,
- KCF_OP_SESSION_LOGOUT,
-
- /* object management ops */
- KCF_OP_OBJECT_CREATE,
- KCF_OP_OBJECT_COPY,
- KCF_OP_OBJECT_DESTROY,
- KCF_OP_OBJECT_GET_SIZE,
- KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE,
- KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE,
- KCF_OP_OBJECT_FIND_INIT,
- KCF_OP_OBJECT_FIND,
- KCF_OP_OBJECT_FIND_FINAL,
-
- /* key management ops */
- KCF_OP_KEY_GENERATE,
- KCF_OP_KEY_GENERATE_PAIR,
- KCF_OP_KEY_WRAP,
- KCF_OP_KEY_UNWRAP,
- KCF_OP_KEY_DERIVE,
- KCF_OP_KEY_CHECK,
-
- /* provider management ops */
- KCF_OP_MGMT_EXTINFO,
- KCF_OP_MGMT_INITTOKEN,
- KCF_OP_MGMT_INITPIN,
- KCF_OP_MGMT_SETPIN
} kcf_op_type_t;
/*
@@ -302,16 +122,6 @@ typedef enum kcf_op_group {
KCF_OG_MAC,
KCF_OG_ENCRYPT,
KCF_OG_DECRYPT,
- KCF_OG_SIGN,
- KCF_OG_VERIFY,
- KCF_OG_ENCRYPT_MAC,
- KCF_OG_MAC_DECRYPT,
- KCF_OG_RANDOM,
- KCF_OG_SESSION,
- KCF_OG_OBJECT,
- KCF_OG_KEY,
- KCF_OG_PROVMGMT,
- KCF_OG_NOSTORE_KEY
} kcf_op_group_t;
/*
@@ -323,10 +133,7 @@ typedef enum kcf_op_group {
#define IS_UPDATE_OP(ftype) ((ftype) == KCF_OP_UPDATE)
#define IS_FINAL_OP(ftype) ((ftype) == KCF_OP_FINAL)
#define IS_ATOMIC_OP(ftype) ( \
- (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \
- (ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \
- (ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \
- (ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC)
+ (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC)
/*
* Keep the parameters associated with a request around.
@@ -341,15 +148,6 @@ typedef struct kcf_req_params {
kcf_mac_ops_params_t mac_params;
kcf_encrypt_ops_params_t encrypt_params;
kcf_decrypt_ops_params_t decrypt_params;
- kcf_sign_ops_params_t sign_params;
- kcf_verify_ops_params_t verify_params;
- kcf_encrypt_mac_ops_params_t encrypt_mac_params;
- kcf_mac_decrypt_ops_params_t mac_decrypt_params;
- kcf_random_number_ops_params_t random_number_params;
- kcf_session_ops_params_t session_params;
- kcf_object_ops_params_t object_params;
- kcf_key_ops_params_t key_params;
- kcf_provmgmt_ops_params_t provmgmt_params;
} rp_u;
} kcf_req_params_t;
@@ -434,191 +232,6 @@ typedef struct kcf_req_params {
cops->dop_templ = _templ; \
}
-#define KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key, \
- _data, _signature, _templ) { \
- kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params; \
- crypto_mechanism_t *mechp = _mech; \
- \
- (req)->rp_opgrp = KCF_OG_SIGN; \
- (req)->rp_optype = ftype; \
- sops->so_sid = _sid; \
- if (mechp != NULL) { \
- sops->so_mech = *mechp; \
- sops->so_framework_mechtype = mechp->cm_type; \
- } \
- sops->so_key = _key; \
- sops->so_data = _data; \
- sops->so_signature = _signature; \
- sops->so_templ = _templ; \
-}
-
-#define KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key, \
- _data, _signature, _templ) { \
- kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params; \
- crypto_mechanism_t *mechp = _mech; \
- \
- (req)->rp_opgrp = KCF_OG_VERIFY; \
- (req)->rp_optype = ftype; \
- vops->vo_sid = _sid; \
- if (mechp != NULL) { \
- vops->vo_mech = *mechp; \
- vops->vo_framework_mechtype = mechp->cm_type; \
- } \
- vops->vo_key = _key; \
- vops->vo_data = _data; \
- vops->vo_signature = _signature; \
- vops->vo_templ = _templ; \
-}
-
-#define KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key, \
- _mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \
- kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \
- \
- (req)->rp_opgrp = KCF_OG_ENCRYPT_MAC; \
- (req)->rp_optype = ftype; \
- cmops->em_sid = _sid; \
- cmops->em_encr_key = _encr_key; \
- cmops->em_mac_key = _mac_key; \
- cmops->em_plaintext = _plaintext; \
- cmops->em_ciphertext = _ciphertext; \
- cmops->em_mac = _mac; \
- cmops->em_encr_templ = _encr_templ; \
- cmops->em_mac_templ = _mac_templ; \
-}
-
-#define KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key, \
- _decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \
- kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \
- \
- (req)->rp_opgrp = KCF_OG_MAC_DECRYPT; \
- (req)->rp_optype = ftype; \
- cmops->md_sid = _sid; \
- cmops->md_mac_key = _mac_key; \
- cmops->md_decr_key = _decr_key; \
- cmops->md_ciphertext = _ciphertext; \
- cmops->md_mac = _mac; \
- cmops->md_plaintext = _plaintext; \
- cmops->md_mac_templ = _mac_templ; \
- cmops->md_decr_templ = _decr_templ; \
-}
-
-#define KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen, \
- _est, _flags) { \
- kcf_random_number_ops_params_t *rops = \
- &(req)->rp_u.random_number_params; \
- \
- (req)->rp_opgrp = KCF_OG_RANDOM; \
- (req)->rp_optype = ftype; \
- rops->rn_sid = _sid; \
- rops->rn_buf = _buf; \
- rops->rn_buflen = _buflen; \
- rops->rn_entropy_est = _est; \
- rops->rn_flags = _flags; \
-}
-
-#define KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid, \
- _user_type, _pin, _pin_len, _pd) { \
- kcf_session_ops_params_t *sops = &(req)->rp_u.session_params; \
- \
- (req)->rp_opgrp = KCF_OG_SESSION; \
- (req)->rp_optype = ftype; \
- sops->so_sid_ptr = _sid_ptr; \
- sops->so_sid = _sid; \
- sops->so_user_type = _user_type; \
- sops->so_pin = _pin; \
- sops->so_pin_len = _pin_len; \
- sops->so_pd = _pd; \
-}
-
-#define KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id, \
- _template, _attribute_count, _object_id_ptr, _object_size, \
- _find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \
- kcf_object_ops_params_t *jops = &(req)->rp_u.object_params; \
- \
- (req)->rp_opgrp = KCF_OG_OBJECT; \
- (req)->rp_optype = ftype; \
- jops->oo_sid = _sid; \
- jops->oo_object_id = _object_id; \
- jops->oo_template = _template; \
- jops->oo_attribute_count = _attribute_count; \
- jops->oo_object_id_ptr = _object_id_ptr; \
- jops->oo_object_size = _object_size; \
- jops->oo_find_init_pp_ptr = _find_init_pp_ptr; \
- jops->oo_find_pp = _find_pp; \
- jops->oo_max_object_count = _max_object_count; \
- jops->oo_object_count_ptr = _object_count_ptr; \
-}
-
-#define KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \
- _key_attribute_count, _key_object_id_ptr, _private_key_template, \
- _private_key_attribute_count, _private_key_object_id_ptr, \
- _key, _wrapped_key, _wrapped_key_len_ptr) { \
- kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \
- crypto_mechanism_t *mechp = _mech; \
- \
- (req)->rp_opgrp = KCF_OG_KEY; \
- (req)->rp_optype = ftype; \
- kops->ko_sid = _sid; \
- if (mechp != NULL) { \
- kops->ko_mech = *mechp; \
- kops->ko_framework_mechtype = mechp->cm_type; \
- } \
- kops->ko_key_template = _key_template; \
- kops->ko_key_attribute_count = _key_attribute_count; \
- kops->ko_key_object_id_ptr = _key_object_id_ptr; \
- kops->ko_private_key_template = _private_key_template; \
- kops->ko_private_key_attribute_count = _private_key_attribute_count; \
- kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \
- kops->ko_key = _key; \
- kops->ko_wrapped_key = _wrapped_key; \
- kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr; \
-}
-
-#define KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin, \
- _old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) { \
- kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params; \
- \
- (req)->rp_opgrp = KCF_OG_PROVMGMT; \
- (req)->rp_optype = ftype; \
- pops->po_sid = _sid; \
- pops->po_pin = _pin; \
- pops->po_pin_len = _pin_len; \
- pops->po_old_pin = _old_pin; \
- pops->po_old_pin_len = _old_pin_len; \
- pops->po_label = _label; \
- pops->po_ext_info = _ext_info; \
- pops->po_pd = _pd; \
-}
-
-#define KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech, \
- _key_template, _key_attribute_count, _private_key_template, \
- _private_key_attribute_count, _key, _out_template1, \
- _out_attribute_count1, _out_template2, _out_attribute_count2) { \
- kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \
- crypto_mechanism_t *mechp = _mech; \
- \
- (req)->rp_opgrp = KCF_OG_NOSTORE_KEY; \
- (req)->rp_optype = ftype; \
- kops->ko_sid = _sid; \
- if (mechp != NULL) { \
- kops->ko_mech = *mechp; \
- kops->ko_framework_mechtype = mechp->cm_type; \
- } \
- kops->ko_key_template = _key_template; \
- kops->ko_key_attribute_count = _key_attribute_count; \
- kops->ko_key_object_id_ptr = NULL; \
- kops->ko_private_key_template = _private_key_template; \
- kops->ko_private_key_attribute_count = _private_key_attribute_count; \
- kops->ko_private_key_object_id_ptr = NULL; \
- kops->ko_key = _key; \
- kops->ko_wrapped_key = NULL; \
- kops->ko_wrapped_key_len_ptr = 0; \
- kops->ko_out_template1 = _out_template1; \
- kops->ko_out_template2 = _out_template2; \
- kops->ko_out_attribute_count1 = _out_attribute_count1; \
- kops->ko_out_attribute_count2 = _out_attribute_count2; \
-}
-
#define KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp) \
(mechp)->cm_type = \
KCF_TO_PROV_MECHNUM(pd, fmtype);
diff --git a/module/icp/include/sys/crypto/sched_impl.h b/module/icp/include/sys/crypto/sched_impl.h
index 29ef8021f..a5357dce3 100644
--- a/module/icp/include/sys/crypto/sched_impl.h
+++ b/module/icp/include/sys/crypto/sched_impl.h
@@ -87,13 +87,6 @@ extern ulong_t kcf_swprov_hndl;
#define REQHNDL2_KMFLAG(rhndl) \
((rhndl == &kcf_swprov_hndl) ? KM_NOSLEEP : KM_SLEEP)
-/* Internal call_req flags. They start after the public ones in api.h */
-
-#define CRYPTO_SETDUAL 0x00001000 /* Set the 'cont' boolean before */
- /* submitting the request */
-#define KCF_ISDUALREQ(crq) \
- (((crq) == NULL) ? B_FALSE : (crq->cr_flag & CRYPTO_SETDUAL))
-
typedef struct kcf_prov_tried {
kcf_provider_desc_t *pt_pd;
struct kcf_prov_tried *pt_next;
@@ -182,7 +175,6 @@ typedef struct kcf_areq_node {
kcondvar_t an_turn_cv;
boolean_t an_is_my_turn;
- boolean_t an_isdual; /* for internal reuse */
/*
* Next and previous nodes in the global software
@@ -219,15 +211,6 @@ typedef struct kcf_areq_node {
#define NOTIFY_CLIENT(areq, err) (*(areq)->an_reqarg.cr_callback_func)(\
(areq)->an_reqarg.cr_callback_arg, err);
-/* For internally generated call requests for dual operations */
-typedef struct kcf_call_req {
- crypto_call_req_t kr_callreq; /* external client call req */
- kcf_req_params_t kr_params; /* Params saved for next call */
- kcf_areq_node_t *kr_areq; /* Use this areq */
- off_t kr_saveoffset;
- size_t kr_savelen;
-} kcf_dual_req_t;
-
/*
* The following are some what similar to macros in callo.h, which implement
* callout tables.
@@ -488,14 +471,10 @@ extern kcf_prov_tried_t *kcf_insert_triedlist(kcf_prov_tried_t **,
extern kcf_provider_desc_t *kcf_get_mech_provider(crypto_mech_type_t,
kcf_mech_entry_t **, int *, kcf_prov_tried_t *, crypto_func_group_t,
boolean_t, size_t);
-extern kcf_provider_desc_t *kcf_get_dual_provider(crypto_mechanism_t *,
- crypto_mechanism_t *, kcf_mech_entry_t **, crypto_mech_type_t *,
- crypto_mech_type_t *, int *, kcf_prov_tried_t *,
- crypto_func_group_t, crypto_func_group_t, boolean_t, size_t);
extern crypto_ctx_t *kcf_new_ctx(crypto_call_req_t *, kcf_provider_desc_t *,
crypto_session_id_t);
extern int kcf_submit_request(kcf_provider_desc_t *, crypto_ctx_t *,
- crypto_call_req_t *, kcf_req_params_t *, boolean_t);
+ crypto_call_req_t *, kcf_req_params_t *);
extern void kcf_sched_destroy(void);
extern void kcf_sched_init(void);
extern void kcf_sched_start(void);
@@ -517,10 +496,6 @@ extern void crypto_bufcall_service(void);
extern void kcf_walk_ntfylist(uint32_t, void *);
extern void kcf_do_notify(kcf_provider_desc_t *, boolean_t);
-extern kcf_dual_req_t *kcf_alloc_req(crypto_call_req_t *);
-extern void kcf_next_req(void *, int);
-extern void kcf_last_req(void *, int);
-
#ifdef __cplusplus
}
#endif
diff --git a/module/icp/include/sys/crypto/spi.h b/module/icp/include/sys/crypto/spi.h
index 7e265d3a9..2993caa4f 100644
--- a/module/icp/include/sys/crypto/spi.h
+++ b/module/icp/include/sys/crypto/spi.h
@@ -95,44 +95,6 @@ typedef struct crypto_ctx {
} crypto_ctx_t;
/*
- * Extended provider information.
- */
-
-/*
- * valid values for ei_flags field of extended info structure
- * They match the RSA Security, Inc PKCS#11 tokenInfo flags.
- */
-#define CRYPTO_EXTF_RNG 0x00000001
-#define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002
-#define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004
-#define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008
-#define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040
-#define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-#define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200
-#define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400
-#define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000
-#define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000
-#define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000
-#define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000
-#define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000
-#define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000
-#define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000
-#define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000
-
-/*
- * The crypto_ctx_ops structure contains points to context and context
- * templates management operations for cryptographic providers. It is
- * passed through the crypto_ops(9S) structure when providers register
- * with the kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_ctx_ops {
- int (*create_ctx_template)(crypto_provider_handle_t,
- crypto_mechanism_t *, crypto_key_t *,
- crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t);
- int (*free_context)(crypto_ctx_t *);
-} __no_const crypto_ctx_ops_t;
-
-/*
* The crypto_digest_ops structure contains pointers to digest
* operations for cryptographic providers. It is passed through
* the crypto_ops(9S) structure when providers register with the
@@ -214,271 +176,17 @@ typedef struct crypto_mac_ops {
} __no_const crypto_mac_ops_t;
/*
- * The crypto_sign_ops structure contains pointers to signing
- * operations for cryptographic providers. It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_sign_ops {
- int (*sign_init)(crypto_ctx_t *,
- crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
- int (*sign)(crypto_ctx_t *,
- crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*sign_update)(crypto_ctx_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*sign_final)(crypto_ctx_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
- crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
- int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
- int (*sign_recover)(crypto_ctx_t *,
- crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*sign_recover_atomic)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
-} __no_const crypto_sign_ops_t;
-
-/*
- * The crypto_verify_ops structure contains pointers to verify
- * operations for cryptographic providers. It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_verify_ops {
- int (*verify_init)(crypto_ctx_t *,
- crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
- int (*do_verify)(crypto_ctx_t *,
- crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*verify_update)(crypto_ctx_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*verify_final)(crypto_ctx_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
- crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
- int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
- int (*verify_recover)(crypto_ctx_t *,
- crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*verify_recover_atomic)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_req_handle_t);
-} __no_const crypto_verify_ops_t;
-
-/*
- * The crypto_dual_ops structure contains pointers to dual
- * cipher and sign/verify operations for cryptographic providers.
- * It is passed through the crypto_ops(9S) structure when
- * providers register with the kernel using
- * crypto_register_provider(9F).
- */
-typedef struct crypto_dual_ops {
- int (*digest_encrypt_update)(
- crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*decrypt_digest_update)(
- crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*sign_encrypt_update)(
- crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
- crypto_data_t *, crypto_req_handle_t);
- int (*decrypt_verify_update)(
- crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *,
- crypto_data_t *, crypto_req_handle_t);
-} __no_const crypto_dual_ops_t;
-
-/*
- * The crypto_dual_cipher_mac_ops structure contains pointers to dual
- * cipher and MAC operations for cryptographic providers.
- * It is passed through the crypto_ops(9S) structure when
- * providers register with the kernel using
- * crypto_register_provider(9F).
- */
-typedef struct crypto_dual_cipher_mac_ops {
- int (*encrypt_mac_init)(crypto_ctx_t *,
- crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
- int (*encrypt_mac)(crypto_ctx_t *,
- crypto_data_t *, crypto_dual_data_t *, crypto_data_t *,
- crypto_req_handle_t);
- int (*encrypt_mac_update)(crypto_ctx_t *,
- crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t);
- int (*encrypt_mac_final)(crypto_ctx_t *,
- crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_data_t *, crypto_dual_data_t *,
- crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
-
- int (*mac_decrypt_init)(crypto_ctx_t *,
- crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
- int (*mac_decrypt)(crypto_ctx_t *,
- crypto_dual_data_t *, crypto_data_t *, crypto_data_t *,
- crypto_req_handle_t);
- int (*mac_decrypt_update)(crypto_ctx_t *,
- crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*mac_decrypt_final)(crypto_ctx_t *,
- crypto_data_t *, crypto_data_t *, crypto_req_handle_t);
- int (*mac_decrypt_atomic)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *,
- crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
- int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
- crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *,
- crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
-} __no_const crypto_dual_cipher_mac_ops_t;
-
-/*
- * The crypto_random_number_ops structure contains pointers to random
- * number operations for cryptographic providers. It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_random_number_ops {
- int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t,
- uchar_t *, size_t, uint_t, uint32_t, crypto_req_handle_t);
- int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t,
- uchar_t *, size_t, crypto_req_handle_t);
-} __no_const crypto_random_number_ops_t;
-
-/*
- * Flag values for seed_random.
- */
-#define CRYPTO_SEED_NOW 0x00000001
-
-/*
- * The crypto_session_ops structure contains pointers to session
- * operations for cryptographic providers. It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_session_ops {
- int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *,
- crypto_req_handle_t);
- int (*session_close)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_req_handle_t);
- int (*session_login)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_user_type_t, char *, size_t, crypto_req_handle_t);
- int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_req_handle_t);
-} __no_const crypto_session_ops_t;
-
-/*
- * The crypto_object_ops structure contains pointers to object
- * operations for cryptographic providers. It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_object_ops {
- int (*object_create)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
- crypto_req_handle_t);
- int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_object_id_t, crypto_object_attribute_t *, uint_t,
- crypto_object_id_t *, crypto_req_handle_t);
- int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_object_id_t, crypto_req_handle_t);
- int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_object_id_t, size_t *, crypto_req_handle_t);
- int (*object_get_attribute_value)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_object_id_t,
- crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
- int (*object_set_attribute_value)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_object_id_t,
- crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
- int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_object_attribute_t *, uint_t, void **,
- crypto_req_handle_t);
- int (*object_find)(crypto_provider_handle_t, void *,
- crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t);
- int (*object_find_final)(crypto_provider_handle_t, void *,
- crypto_req_handle_t);
-} __no_const crypto_object_ops_t;
-
-/*
- * The crypto_key_ops structure contains pointers to key
- * operations for cryptographic providers. It is passed through
- * the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
- */
-typedef struct crypto_key_ops {
- int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
- crypto_object_id_t *, crypto_req_handle_t);
- int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_object_attribute_t *, uint_t,
- crypto_object_attribute_t *, uint_t, crypto_object_id_t *,
- crypto_object_id_t *, crypto_req_handle_t);
- int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *,
- uchar_t *, size_t *, crypto_req_handle_t);
- int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *,
- crypto_object_attribute_t *, uint_t,
- crypto_object_id_t *, crypto_req_handle_t);
- int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
- uint_t, crypto_object_id_t *, crypto_req_handle_t);
- int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *,
- crypto_key_t *);
-} __no_const crypto_key_ops_t;
-
-/*
- * The crypto_provider_management_ops structure contains pointers
- * to management operations for cryptographic providers. It is passed
- * through the crypto_ops(9S) structure when providers register with the
- * kernel using crypto_register_provider(9F).
+ * The crypto_ctx_ops structure contains points to context and context
+ * templates management operations for cryptographic providers. It is
+ * passed through the crypto_ops(9S) structure when providers register
+ * with the kernel using crypto_register_provider(9F).
*/
-typedef struct crypto_provider_management_ops {
- int (*ext_info)(crypto_provider_handle_t,
- crypto_provider_ext_info_t *, crypto_req_handle_t);
- int (*init_token)(crypto_provider_handle_t, char *, size_t,
- char *, crypto_req_handle_t);
- int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t,
- char *, size_t, crypto_req_handle_t);
- int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t,
- char *, size_t, char *, size_t, crypto_req_handle_t);
-} __no_const crypto_provider_management_ops_t;
-
-typedef struct crypto_mech_ops {
- int (*copyin_mechanism)(crypto_provider_handle_t,
- crypto_mechanism_t *, crypto_mechanism_t *, int *, int);
- int (*copyout_mechanism)(crypto_provider_handle_t,
- crypto_mechanism_t *, crypto_mechanism_t *, int *, int);
- int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *);
-} __no_const crypto_mech_ops_t;
-
-typedef struct crypto_nostore_key_ops {
- int (*nostore_key_generate)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_mechanism_t *,
- crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
- uint_t, crypto_req_handle_t);
- int (*nostore_key_generate_pair)(crypto_provider_handle_t,
- crypto_session_id_t, crypto_mechanism_t *,
- crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *,
- uint_t, crypto_object_attribute_t *, uint_t,
- crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
- int (*nostore_key_derive)(crypto_provider_handle_t, crypto_session_id_t,
- crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *,
- uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t);
-} __no_const crypto_nostore_key_ops_t;
+typedef struct crypto_ctx_ops {
+ int (*create_ctx_template)(crypto_provider_handle_t,
+ crypto_mechanism_t *, crypto_key_t *,
+ crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t);
+ int (*free_context)(crypto_ctx_t *);
+} __no_const crypto_ctx_ops_t;
/*
* The crypto_ops(9S) structure contains the structures containing
@@ -491,18 +199,7 @@ typedef struct crypto_ops {
const crypto_digest_ops_t *co_digest_ops;
const crypto_cipher_ops_t *co_cipher_ops;
const crypto_mac_ops_t *co_mac_ops;
- crypto_sign_ops_t *co_sign_ops;
- crypto_verify_ops_t *co_verify_ops;
- crypto_dual_ops_t *co_dual_ops;
- crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops;
- crypto_random_number_ops_t *co_random_ops;
- crypto_session_ops_t *co_session_ops;
- crypto_object_ops_t *co_object_ops;
- crypto_key_ops_t *co_key_ops;
- crypto_provider_management_ops_t *co_provider_ops;
const crypto_ctx_ops_t *co_ctx_ops;
- crypto_mech_ops_t *co_mech_ops;
- crypto_nostore_key_ops_t *co_nostore_key_ops;
} crypto_ops_t;
/*
@@ -518,29 +215,11 @@ typedef uint32_t crypto_func_group_t;
#define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */
#define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */
#define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */
-#define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */
-#define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */
-#define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */
-#define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */
-#define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */
-#define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */
-#define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */
-#define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */
-#define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */
#define CRYPTO_FG_MAC 0x00001000 /* mac_init() */
-#define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */
-#define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */
#define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */
#define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */
#define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */
#define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */
-#define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */
-#define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */
-#define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */
-#define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */
-#define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */
-#define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */
-#define CRYPTO_FG_RESERVED 0x80000000
/*
* Maximum length of the pi_provider_description field of the
@@ -549,21 +228,6 @@ typedef uint32_t crypto_func_group_t;
#define CRYPTO_PROVIDER_DESCR_MAX_LEN 64
-/* Bit mask for all the simple operations */
-#define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \
- CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \
- CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \
- CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \
- CRYPTO_FG_VERIFY_ATOMIC)
-
-/* Bit mask for all the dual operations */
-#define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \
- CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \
- CRYPTO_FG_MAC_DECRYPT_ATOMIC)
-
-/* Add other combos to CRYPTO_FG_DUAL_MASK */
-#define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK
-
/*
* The crypto_mech_info structure specifies one of the mechanisms
* supported by a cryptographic provider. The pi_mechanisms field of
@@ -579,8 +243,6 @@ typedef struct crypto_mech_info {
uint32_t cm_mech_flags;
} crypto_mech_info_t;
-/* Alias the old name to the new name for compatibility. */
-#define cm_keysize_unit cm_mech_flags
/*
* The following is used by a provider that sets