aboutsummaryrefslogtreecommitdiffstats
path: root/module/icp/core/kcf_callprov.c
diff options
context:
space:
mode:
Diffstat (limited to 'module/icp/core/kcf_callprov.c')
-rw-r--r--module/icp/core/kcf_callprov.c1002
1 files changed, 0 insertions, 1002 deletions
diff --git a/module/icp/core/kcf_callprov.c b/module/icp/core/kcf_callprov.c
index 345014d0a..1468e0a1a 100644
--- a/module/icp/core/kcf_callprov.c
+++ b/module/icp/core/kcf_callprov.c
@@ -27,9 +27,6 @@
#include <sys/crypto/impl.h>
#include <sys/crypto/sched_impl.h>
-static int kcf_emulate_dual(kcf_provider_desc_t *, crypto_ctx_t *,
- kcf_req_params_t *);
-
void
kcf_free_triedlist(kcf_prov_tried_t *list)
{
@@ -349,144 +346,6 @@ kcf_get_mech_provider(crypto_mech_type_t mech_type, kcf_mech_entry_t **mepp,
}
/*
- * Very similar to kcf_get_mech_provider(). Finds the best provider capable of
- * a dual operation with both me1 and me2.
- * When no dual-ops capable providers are available, return the best provider
- * for me1 only, and sets *prov_mt2 to CRYPTO_INVALID_MECHID;
- * We assume/expect that a slower HW capable of the dual is still
- * faster than the 2 fastest providers capable of the individual ops
- * separately.
- */
-kcf_provider_desc_t *
-kcf_get_dual_provider(crypto_mechanism_t *mech1, crypto_mechanism_t *mech2,
- kcf_mech_entry_t **mepp, crypto_mech_type_t *prov_mt1,
- crypto_mech_type_t *prov_mt2, int *error, kcf_prov_tried_t *triedl,
- crypto_func_group_t fg1, crypto_func_group_t fg2, boolean_t call_restrict,
- size_t data_size)
-{
- kcf_provider_desc_t *pd = NULL, *pdm1 = NULL, *pdm1m2 = NULL;
- kcf_prov_mech_desc_t *prov_chain, *mdesc;
- int len, gqlen = INT_MAX, dgqlen = INT_MAX;
- crypto_mech_info_list_t *mil;
- crypto_mech_type_t m2id = mech2->cm_type;
- kcf_mech_entry_t *me;
-
- /* when mech is a valid mechanism, me will be its mech_entry */
- if (kcf_get_mech_entry(mech1->cm_type, &me) != KCF_SUCCESS) {
- *error = CRYPTO_MECHANISM_INVALID;
- return (NULL);
- }
-
- *prov_mt2 = CRYPTO_MECH_INVALID;
-
- if (mepp != NULL)
- *mepp = me;
- mutex_enter(&me->me_mutex);
-
- prov_chain = me->me_hw_prov_chain;
- /*
- * We check the threshold for using a hardware provider for
- * this amount of data. If there is no software provider available
- * for the first mechanism, then the threshold is ignored.
- */
- if ((prov_chain != NULL) &&
- ((data_size == 0) || (me->me_threshold == 0) ||
- (data_size >= me->me_threshold) ||
- ((mdesc = me->me_sw_prov) == NULL) ||
- (!IS_FG_SUPPORTED(mdesc, fg1)) ||
- (!KCF_IS_PROV_USABLE(mdesc->pm_prov_desc)))) {
- /* there is at least one provider */
- ASSERT(me->me_num_hwprov > 0);
-
- /*
- * Find the least loaded provider capable of the combo
- * me1 + me2, and save a pointer to the least loaded
- * provider capable of me1 only.
- */
- while (prov_chain != NULL) {
- pd = prov_chain->pm_prov_desc;
- len = KCF_PROV_LOAD(pd);
-
- if (!IS_FG_SUPPORTED(prov_chain, fg1) ||
- !KCF_IS_PROV_USABLE(pd) ||
- IS_PROVIDER_TRIED(pd, triedl) ||
- (call_restrict &&
- (pd->pd_flags & KCF_PROV_RESTRICTED))) {
- prov_chain = prov_chain->pm_next;
- continue;
- }
-
- /* Save the best provider capable of m1 */
- if (len < gqlen) {
- *prov_mt1 =
- prov_chain->pm_mech_info.cm_mech_number;
- gqlen = len;
- pdm1 = pd;
- }
-
- /* See if pd can do me2 too */
- for (mil = prov_chain->pm_mi_list;
- mil != NULL; mil = mil->ml_next) {
- if ((mil->ml_mech_info.cm_func_group_mask &
- fg2) == 0)
- continue;
-
- if ((mil->ml_kcf_mechid == m2id) &&
- (len < dgqlen)) {
- /* Bingo! */
- dgqlen = len;
- pdm1m2 = pd;
- *prov_mt2 =
- mil->ml_mech_info.cm_mech_number;
- *prov_mt1 = prov_chain->
- pm_mech_info.cm_mech_number;
- break;
- }
- }
-
- prov_chain = prov_chain->pm_next;
- }
-
- pd = (pdm1m2 != NULL) ? pdm1m2 : pdm1;
- }
-
- /* no HW provider for this mech, is there a SW provider? */
- if (pd == NULL && (mdesc = me->me_sw_prov) != NULL) {
- pd = mdesc->pm_prov_desc;
- if (!IS_FG_SUPPORTED(mdesc, fg1) ||
- !KCF_IS_PROV_USABLE(pd) ||
- IS_PROVIDER_TRIED(pd, triedl) ||
- (call_restrict && (pd->pd_flags & KCF_PROV_RESTRICTED)))
- pd = NULL;
- else {
- /* See if pd can do me2 too */
- for (mil = me->me_sw_prov->pm_mi_list;
- mil != NULL; mil = mil->ml_next) {
- if ((mil->ml_mech_info.cm_func_group_mask &
- fg2) == 0)
- continue;
-
- if (mil->ml_kcf_mechid == m2id) {
- /* Bingo! */
- *prov_mt2 =
- mil->ml_mech_info.cm_mech_number;
- break;
- }
- }
- *prov_mt1 = me->me_sw_prov->pm_mech_info.cm_mech_number;
- }
- }
-
- if (pd == NULL)
- *error = CRYPTO_MECH_NOT_SUPPORTED;
- else
- KCF_PROV_REFHOLD(pd);
-
- mutex_exit(&me->me_mutex);
- return (pd);
-}
-
-/*
* Do the actual work of calling the provider routines.
*
* pd - Provider structure
@@ -697,605 +556,6 @@ common_submit_request(kcf_provider_desc_t *pd, crypto_ctx_t *ctx,
}
break;
}
-
- case KCF_OG_SIGN: {
- kcf_sign_ops_params_t *sops = &params->rp_u.sign_params;
-
- switch (optype) {
- case KCF_OP_INIT:
- KCF_SET_PROVIDER_MECHNUM(sops->so_framework_mechtype,
- pd, &sops->so_mech);
-
- err = KCF_PROV_SIGN_INIT(pd, ctx, &sops->so_mech,
- sops->so_key, sops->so_templ, rhndl);
- break;
-
- case KCF_OP_SIGN_RECOVER_INIT:
- KCF_SET_PROVIDER_MECHNUM(sops->so_framework_mechtype,
- pd, &sops->so_mech);
-
- err = KCF_PROV_SIGN_RECOVER_INIT(pd, ctx,
- &sops->so_mech, sops->so_key, sops->so_templ,
- rhndl);
- break;
-
- case KCF_OP_SINGLE:
- err = KCF_PROV_SIGN(pd, ctx, sops->so_data,
- sops->so_signature, rhndl);
- break;
-
- case KCF_OP_SIGN_RECOVER:
- err = KCF_PROV_SIGN_RECOVER(pd, ctx,
- sops->so_data, sops->so_signature, rhndl);
- break;
-
- case KCF_OP_UPDATE:
- err = KCF_PROV_SIGN_UPDATE(pd, ctx, sops->so_data,
- rhndl);
- break;
-
- case KCF_OP_FINAL:
- err = KCF_PROV_SIGN_FINAL(pd, ctx, sops->so_signature,
- rhndl);
- break;
-
- case KCF_OP_ATOMIC:
- ASSERT(ctx == NULL);
- KCF_SET_PROVIDER_MECHNUM(sops->so_framework_mechtype,
- pd, &sops->so_mech);
-
- err = KCF_PROV_SIGN_ATOMIC(pd, sops->so_sid,
- &sops->so_mech, sops->so_key, sops->so_data,
- sops->so_templ, sops->so_signature, rhndl);
- break;
-
- case KCF_OP_SIGN_RECOVER_ATOMIC:
- ASSERT(ctx == NULL);
- KCF_SET_PROVIDER_MECHNUM(sops->so_framework_mechtype,
- pd, &sops->so_mech);
-
- err = KCF_PROV_SIGN_RECOVER_ATOMIC(pd, sops->so_sid,
- &sops->so_mech, sops->so_key, sops->so_data,
- sops->so_templ, sops->so_signature, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_VERIFY: {
- kcf_verify_ops_params_t *vops = &params->rp_u.verify_params;
-
- switch (optype) {
- case KCF_OP_INIT:
- KCF_SET_PROVIDER_MECHNUM(vops->vo_framework_mechtype,
- pd, &vops->vo_mech);
-
- err = KCF_PROV_VERIFY_INIT(pd, ctx, &vops->vo_mech,
- vops->vo_key, vops->vo_templ, rhndl);
- break;
-
- case KCF_OP_VERIFY_RECOVER_INIT:
- KCF_SET_PROVIDER_MECHNUM(vops->vo_framework_mechtype,
- pd, &vops->vo_mech);
-
- err = KCF_PROV_VERIFY_RECOVER_INIT(pd, ctx,
- &vops->vo_mech, vops->vo_key, vops->vo_templ,
- rhndl);
- break;
-
- case KCF_OP_SINGLE:
- err = KCF_PROV_VERIFY(pd, ctx, vops->vo_data,
- vops->vo_signature, rhndl);
- break;
-
- case KCF_OP_VERIFY_RECOVER:
- err = KCF_PROV_VERIFY_RECOVER(pd, ctx,
- vops->vo_signature, vops->vo_data, rhndl);
- break;
-
- case KCF_OP_UPDATE:
- err = KCF_PROV_VERIFY_UPDATE(pd, ctx, vops->vo_data,
- rhndl);
- break;
-
- case KCF_OP_FINAL:
- err = KCF_PROV_VERIFY_FINAL(pd, ctx, vops->vo_signature,
- rhndl);
- break;
-
- case KCF_OP_ATOMIC:
- ASSERT(ctx == NULL);
- KCF_SET_PROVIDER_MECHNUM(vops->vo_framework_mechtype,
- pd, &vops->vo_mech);
-
- err = KCF_PROV_VERIFY_ATOMIC(pd, vops->vo_sid,
- &vops->vo_mech, vops->vo_key, vops->vo_data,
- vops->vo_templ, vops->vo_signature, rhndl);
- break;
-
- case KCF_OP_VERIFY_RECOVER_ATOMIC:
- ASSERT(ctx == NULL);
- KCF_SET_PROVIDER_MECHNUM(vops->vo_framework_mechtype,
- pd, &vops->vo_mech);
-
- err = KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, vops->vo_sid,
- &vops->vo_mech, vops->vo_key, vops->vo_signature,
- vops->vo_templ, vops->vo_data, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_ENCRYPT_MAC: {
- kcf_encrypt_mac_ops_params_t *eops =
- &params->rp_u.encrypt_mac_params;
- kcf_context_t *kcf_secondctx;
-
- switch (optype) {
- case KCF_OP_INIT:
- kcf_secondctx = ((kcf_context_t *)
- (ctx->cc_framework_private))->kc_secondctx;
-
- if (kcf_secondctx != NULL) {
- err = kcf_emulate_dual(pd, ctx, params);
- break;
- }
- KCF_SET_PROVIDER_MECHNUM(
- eops->em_framework_encr_mechtype,
- pd, &eops->em_encr_mech);
-
- KCF_SET_PROVIDER_MECHNUM(
- eops->em_framework_mac_mechtype,
- pd, &eops->em_mac_mech);
-
- err = KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx,
- &eops->em_encr_mech, eops->em_encr_key,
- &eops->em_mac_mech, eops->em_mac_key,
- eops->em_encr_templ, eops->em_mac_templ,
- rhndl);
-
- break;
-
- case KCF_OP_SINGLE:
- err = KCF_PROV_ENCRYPT_MAC(pd, ctx,
- eops->em_plaintext, eops->em_ciphertext,
- eops->em_mac, rhndl);
- break;
-
- case KCF_OP_UPDATE:
- kcf_secondctx = ((kcf_context_t *)
- (ctx->cc_framework_private))->kc_secondctx;
- if (kcf_secondctx != NULL) {
- err = kcf_emulate_dual(pd, ctx, params);
- break;
- }
- err = KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx,
- eops->em_plaintext, eops->em_ciphertext, rhndl);
- break;
-
- case KCF_OP_FINAL:
- kcf_secondctx = ((kcf_context_t *)
- (ctx->cc_framework_private))->kc_secondctx;
- if (kcf_secondctx != NULL) {
- err = kcf_emulate_dual(pd, ctx, params);
- break;
- }
- err = KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx,
- eops->em_ciphertext, eops->em_mac, rhndl);
- break;
-
- case KCF_OP_ATOMIC:
- ASSERT(ctx == NULL);
-
- KCF_SET_PROVIDER_MECHNUM(
- eops->em_framework_encr_mechtype,
- pd, &eops->em_encr_mech);
-
- KCF_SET_PROVIDER_MECHNUM(
- eops->em_framework_mac_mechtype,
- pd, &eops->em_mac_mech);
-
- err = KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, eops->em_sid,
- &eops->em_encr_mech, eops->em_encr_key,
- &eops->em_mac_mech, eops->em_mac_key,
- eops->em_plaintext, eops->em_ciphertext,
- eops->em_mac,
- eops->em_encr_templ, eops->em_mac_templ,
- rhndl);
-
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_MAC_DECRYPT: {
- kcf_mac_decrypt_ops_params_t *dops =
- &params->rp_u.mac_decrypt_params;
- kcf_context_t *kcf_secondctx;
-
- switch (optype) {
- case KCF_OP_INIT:
- kcf_secondctx = ((kcf_context_t *)
- (ctx->cc_framework_private))->kc_secondctx;
-
- if (kcf_secondctx != NULL) {
- err = kcf_emulate_dual(pd, ctx, params);
- break;
- }
- KCF_SET_PROVIDER_MECHNUM(
- dops->md_framework_mac_mechtype,
- pd, &dops->md_mac_mech);
-
- KCF_SET_PROVIDER_MECHNUM(
- dops->md_framework_decr_mechtype,
- pd, &dops->md_decr_mech);
-
- err = KCF_PROV_MAC_DECRYPT_INIT(pd, ctx,
- &dops->md_mac_mech, dops->md_mac_key,
- &dops->md_decr_mech, dops->md_decr_key,
- dops->md_mac_templ, dops->md_decr_templ,
- rhndl);
-
- break;
-
- case KCF_OP_SINGLE:
- err = KCF_PROV_MAC_DECRYPT(pd, ctx,
- dops->md_ciphertext, dops->md_mac,
- dops->md_plaintext, rhndl);
- break;
-
- case KCF_OP_UPDATE:
- kcf_secondctx = ((kcf_context_t *)
- (ctx->cc_framework_private))->kc_secondctx;
- if (kcf_secondctx != NULL) {
- err = kcf_emulate_dual(pd, ctx, params);
- break;
- }
- err = KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx,
- dops->md_ciphertext, dops->md_plaintext, rhndl);
- break;
-
- case KCF_OP_FINAL:
- kcf_secondctx = ((kcf_context_t *)
- (ctx->cc_framework_private))->kc_secondctx;
- if (kcf_secondctx != NULL) {
- err = kcf_emulate_dual(pd, ctx, params);
- break;
- }
- err = KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx,
- dops->md_mac, dops->md_plaintext, rhndl);
- break;
-
- case KCF_OP_ATOMIC:
- ASSERT(ctx == NULL);
-
- KCF_SET_PROVIDER_MECHNUM(
- dops->md_framework_mac_mechtype,
- pd, &dops->md_mac_mech);
-
- KCF_SET_PROVIDER_MECHNUM(
- dops->md_framework_decr_mechtype,
- pd, &dops->md_decr_mech);
-
- err = KCF_PROV_MAC_DECRYPT_ATOMIC(pd, dops->md_sid,
- &dops->md_mac_mech, dops->md_mac_key,
- &dops->md_decr_mech, dops->md_decr_key,
- dops->md_ciphertext, dops->md_mac,
- dops->md_plaintext,
- dops->md_mac_templ, dops->md_decr_templ,
- rhndl);
-
- break;
-
- case KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC:
- ASSERT(ctx == NULL);
-
- KCF_SET_PROVIDER_MECHNUM(
- dops->md_framework_mac_mechtype,
- pd, &dops->md_mac_mech);
-
- KCF_SET_PROVIDER_MECHNUM(
- dops->md_framework_decr_mechtype,
- pd, &dops->md_decr_mech);
-
- err = KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd,
- dops->md_sid, &dops->md_mac_mech, dops->md_mac_key,
- &dops->md_decr_mech, dops->md_decr_key,
- dops->md_ciphertext, dops->md_mac,
- dops->md_plaintext,
- dops->md_mac_templ, dops->md_decr_templ,
- rhndl);
-
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_KEY: {
- kcf_key_ops_params_t *kops = &params->rp_u.key_params;
-
- ASSERT(ctx == NULL);
- KCF_SET_PROVIDER_MECHNUM(kops->ko_framework_mechtype, pd,
- &kops->ko_mech);
-
- switch (optype) {
- case KCF_OP_KEY_GENERATE:
- err = KCF_PROV_KEY_GENERATE(pd, kops->ko_sid,
- &kops->ko_mech,
- kops->ko_key_template, kops->ko_key_attribute_count,
- kops->ko_key_object_id_ptr, rhndl);
- break;
-
- case KCF_OP_KEY_GENERATE_PAIR:
- err = KCF_PROV_KEY_GENERATE_PAIR(pd, kops->ko_sid,
- &kops->ko_mech,
- kops->ko_key_template, kops->ko_key_attribute_count,
- kops->ko_private_key_template,
- kops->ko_private_key_attribute_count,
- kops->ko_key_object_id_ptr,
- kops->ko_private_key_object_id_ptr, rhndl);
- break;
-
- case KCF_OP_KEY_WRAP:
- err = KCF_PROV_KEY_WRAP(pd, kops->ko_sid,
- &kops->ko_mech,
- kops->ko_key, kops->ko_key_object_id_ptr,
- kops->ko_wrapped_key, kops->ko_wrapped_key_len_ptr,
- rhndl);
- break;
-
- case KCF_OP_KEY_UNWRAP:
- err = KCF_PROV_KEY_UNWRAP(pd, kops->ko_sid,
- &kops->ko_mech,
- kops->ko_key, kops->ko_wrapped_key,
- kops->ko_wrapped_key_len_ptr,
- kops->ko_key_template, kops->ko_key_attribute_count,
- kops->ko_key_object_id_ptr, rhndl);
- break;
-
- case KCF_OP_KEY_DERIVE:
- err = KCF_PROV_KEY_DERIVE(pd, kops->ko_sid,
- &kops->ko_mech,
- kops->ko_key, kops->ko_key_template,
- kops->ko_key_attribute_count,
- kops->ko_key_object_id_ptr, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_RANDOM: {
- kcf_random_number_ops_params_t *rops =
- &params->rp_u.random_number_params;
-
- ASSERT(ctx == NULL);
-
- switch (optype) {
- case KCF_OP_RANDOM_SEED:
- err = KCF_PROV_SEED_RANDOM(pd, rops->rn_sid,
- rops->rn_buf, rops->rn_buflen, rops->rn_entropy_est,
- rops->rn_flags, rhndl);
- break;
-
- case KCF_OP_RANDOM_GENERATE:
- err = KCF_PROV_GENERATE_RANDOM(pd, rops->rn_sid,
- rops->rn_buf, rops->rn_buflen, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_SESSION: {
- kcf_session_ops_params_t *sops = &params->rp_u.session_params;
-
- ASSERT(ctx == NULL);
- switch (optype) {
- case KCF_OP_SESSION_OPEN:
- /*
- * so_pd may be a logical provider, in which case
- * we need to check whether it has been removed.
- */
- if (KCF_IS_PROV_REMOVED(sops->so_pd)) {
- err = CRYPTO_DEVICE_ERROR;
- break;
- }
- err = KCF_PROV_SESSION_OPEN(pd, sops->so_sid_ptr,
- rhndl, sops->so_pd);
- break;
-
- case KCF_OP_SESSION_CLOSE:
- /*
- * so_pd may be a logical provider, in which case
- * we need to check whether it has been removed.
- */
- if (KCF_IS_PROV_REMOVED(sops->so_pd)) {
- err = CRYPTO_DEVICE_ERROR;
- break;
- }
- err = KCF_PROV_SESSION_CLOSE(pd, sops->so_sid,
- rhndl, sops->so_pd);
- break;
-
- case KCF_OP_SESSION_LOGIN:
- err = KCF_PROV_SESSION_LOGIN(pd, sops->so_sid,
- sops->so_user_type, sops->so_pin,
- sops->so_pin_len, rhndl);
- break;
-
- case KCF_OP_SESSION_LOGOUT:
- err = KCF_PROV_SESSION_LOGOUT(pd, sops->so_sid, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_OBJECT: {
- kcf_object_ops_params_t *jops = &params->rp_u.object_params;
-
- ASSERT(ctx == NULL);
- switch (optype) {
- case KCF_OP_OBJECT_CREATE:
- err = KCF_PROV_OBJECT_CREATE(pd, jops->oo_sid,
- jops->oo_template, jops->oo_attribute_count,
- jops->oo_object_id_ptr, rhndl);
- break;
-
- case KCF_OP_OBJECT_COPY:
- err = KCF_PROV_OBJECT_COPY(pd, jops->oo_sid,
- jops->oo_object_id,
- jops->oo_template, jops->oo_attribute_count,
- jops->oo_object_id_ptr, rhndl);
- break;
-
- case KCF_OP_OBJECT_DESTROY:
- err = KCF_PROV_OBJECT_DESTROY(pd, jops->oo_sid,
- jops->oo_object_id, rhndl);
- break;
-
- case KCF_OP_OBJECT_GET_SIZE:
- err = KCF_PROV_OBJECT_GET_SIZE(pd, jops->oo_sid,
- jops->oo_object_id, jops->oo_object_size, rhndl);
- break;
-
- case KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE:
- err = KCF_PROV_OBJECT_GET_ATTRIBUTE_VALUE(pd,
- jops->oo_sid, jops->oo_object_id,
- jops->oo_template, jops->oo_attribute_count, rhndl);
- break;
-
- case KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE:
- err = KCF_PROV_OBJECT_SET_ATTRIBUTE_VALUE(pd,
- jops->oo_sid, jops->oo_object_id,
- jops->oo_template, jops->oo_attribute_count, rhndl);
- break;
-
- case KCF_OP_OBJECT_FIND_INIT:
- err = KCF_PROV_OBJECT_FIND_INIT(pd, jops->oo_sid,
- jops->oo_template, jops->oo_attribute_count,
- jops->oo_find_init_pp_ptr, rhndl);
- break;
-
- case KCF_OP_OBJECT_FIND:
- err = KCF_PROV_OBJECT_FIND(pd, jops->oo_find_pp,
- jops->oo_object_id_ptr, jops->oo_max_object_count,
- jops->oo_object_count_ptr, rhndl);
- break;
-
- case KCF_OP_OBJECT_FIND_FINAL:
- err = KCF_PROV_OBJECT_FIND_FINAL(pd, jops->oo_find_pp,
- rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_PROVMGMT: {
- kcf_provmgmt_ops_params_t *pops = &params->rp_u.provmgmt_params;
-
- ASSERT(ctx == NULL);
- switch (optype) {
- case KCF_OP_MGMT_EXTINFO:
- /*
- * po_pd may be a logical provider, in which case
- * we need to check whether it has been removed.
- */
- if (KCF_IS_PROV_REMOVED(pops->po_pd)) {
- err = CRYPTO_DEVICE_ERROR;
- break;
- }
- err = KCF_PROV_EXT_INFO(pd, pops->po_ext_info, rhndl,
- pops->po_pd);
- break;
-
- case KCF_OP_MGMT_INITTOKEN:
- err = KCF_PROV_INIT_TOKEN(pd, pops->po_pin,
- pops->po_pin_len, pops->po_label, rhndl);
- break;
-
- case KCF_OP_MGMT_INITPIN:
- err = KCF_PROV_INIT_PIN(pd, pops->po_sid, pops->po_pin,
- pops->po_pin_len, rhndl);
- break;
-
- case KCF_OP_MGMT_SETPIN:
- err = KCF_PROV_SET_PIN(pd, pops->po_sid,
- pops->po_old_pin, pops->po_old_pin_len,
- pops->po_pin, pops->po_pin_len, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
-
- case KCF_OG_NOSTORE_KEY: {
- kcf_key_ops_params_t *kops = &params->rp_u.key_params;
-
- ASSERT(ctx == NULL);
- KCF_SET_PROVIDER_MECHNUM(kops->ko_framework_mechtype, pd,
- &kops->ko_mech);
-
- switch (optype) {
- case KCF_OP_KEY_GENERATE:
- err = KCF_PROV_NOSTORE_KEY_GENERATE(pd, kops->ko_sid,
- &kops->ko_mech, kops->ko_key_template,
- kops->ko_key_attribute_count,
- kops->ko_out_template1,
- kops->ko_out_attribute_count1, rhndl);
- break;
-
- case KCF_OP_KEY_GENERATE_PAIR:
- err = KCF_PROV_NOSTORE_KEY_GENERATE_PAIR(pd,
- kops->ko_sid, &kops->ko_mech,
- kops->ko_key_template, kops->ko_key_attribute_count,
- kops->ko_private_key_template,
- kops->ko_private_key_attribute_count,
- kops->ko_out_template1,
- kops->ko_out_attribute_count1,
- kops->ko_out_template2,
- kops->ko_out_attribute_count2,
- rhndl);
- break;
-
- case KCF_OP_KEY_DERIVE:
- err = KCF_PROV_NOSTORE_KEY_DERIVE(pd, kops->ko_sid,
- &kops->ko_mech, kops->ko_key,
- kops->ko_key_template,
- kops->ko_key_attribute_count,
- kops->ko_out_template1,
- kops->ko_out_attribute_count1, rhndl);
- break;
-
- default:
- break;
- }
- break;
- }
default:
break;
} /* end of switch(params->rp_opgrp) */
@@ -1303,265 +563,3 @@ common_submit_request(kcf_provider_desc_t *pd, crypto_ctx_t *ctx,
KCF_PROV_INCRSTATS(pd, err);
return (err);
}
-
-
-/*
- * Emulate the call for a multipart dual ops with 2 single steps.
- * This routine is always called in the context of a working thread
- * running kcf_svc_do_run().
- * The single steps are submitted in a pure synchronous way (blocking).
- * When this routine returns, kcf_svc_do_run() will call kcf_aop_done()
- * so the originating consumer's callback gets invoked. kcf_aop_done()
- * takes care of freeing the operation context. So, this routine does
- * not free the operation context.
- *
- * The provider descriptor is assumed held by the callers.
- */
-static int
-kcf_emulate_dual(kcf_provider_desc_t *pd, crypto_ctx_t *ctx,
- kcf_req_params_t *params)
-{
- int err = CRYPTO_ARGUMENTS_BAD;
- kcf_op_type_t optype;
- size_t save_len;
- off_t save_offset;
-
- optype = params->rp_optype;
-
- switch (params->rp_opgrp) {
- case KCF_OG_ENCRYPT_MAC: {
- kcf_encrypt_mac_ops_params_t *cmops =
- &params->rp_u.encrypt_mac_params;
- kcf_context_t *encr_kcf_ctx;
- crypto_ctx_t *mac_ctx;
- kcf_req_params_t encr_params;
-
- encr_kcf_ctx = (kcf_context_t *)(ctx->cc_framework_private);
-
- switch (optype) {
- case KCF_OP_INIT: {
- encr_kcf_ctx->kc_secondctx = NULL;
-
- KCF_WRAP_ENCRYPT_OPS_PARAMS(&encr_params, KCF_OP_INIT,
- pd->pd_sid, &cmops->em_encr_mech,
- cmops->em_encr_key, NULL, NULL,
- cmops->em_encr_templ);
-
- err = kcf_submit_request(pd, ctx, NULL, &encr_params,
- B_FALSE);
-
- /* It can't be CRYPTO_QUEUED */
- if (err != CRYPTO_SUCCESS) {
- break;
- }
-
- err = crypto_mac_init(&cmops->em_mac_mech,
- cmops->em_mac_key, cmops->em_mac_templ,
- (crypto_context_t *)&mac_ctx, NULL);
-
- if (err == CRYPTO_SUCCESS) {
- encr_kcf_ctx->kc_secondctx = (kcf_context_t *)
- mac_ctx->cc_framework_private;
- KCF_CONTEXT_REFHOLD((kcf_context_t *)
- mac_ctx->cc_framework_private);
- }
-
- break;
-
- }
- case KCF_OP_UPDATE: {
- crypto_dual_data_t *ct = cmops->em_ciphertext;
- crypto_data_t *pt = cmops->em_plaintext;
- kcf_context_t *mac_kcf_ctx = encr_kcf_ctx->kc_secondctx;
- crypto_ctx_t *mac_ctx = &mac_kcf_ctx->kc_glbl_ctx;
-
- KCF_WRAP_ENCRYPT_OPS_PARAMS(&encr_params, KCF_OP_UPDATE,
- pd->pd_sid, NULL, NULL, pt, (crypto_data_t *)ct,
- NULL);
-
- err = kcf_submit_request(pd, ctx, NULL, &encr_params,
- B_FALSE);
-
- /* It can't be CRYPTO_QUEUED */
- if (err != CRYPTO_SUCCESS) {
- break;
- }
-
- save_offset = ct->dd_offset1;
- save_len = ct->dd_len1;
- if (ct->dd_len2 == 0) {
- /*
- * The previous encrypt step was an
- * accumulation only and didn't produce any
- * partial output
- */
- if (ct->dd_len1 == 0)
- break;
-
- } else {
- ct->dd_offset1 = ct->dd_offset2;
- ct->dd_len1 = ct->dd_len2;
- }
- err = crypto_mac_update((crypto_context_t)mac_ctx,
- (crypto_data_t *)ct, NULL);
-
- ct->dd_offset1 = save_offset;
- ct->dd_len1 = save_len;
-
- break;
- }
- case KCF_OP_FINAL: {
- crypto_dual_data_t *ct = cmops->em_ciphertext;
- crypto_data_t *mac = cmops->em_mac;
- kcf_context_t *mac_kcf_ctx = encr_kcf_ctx->kc_secondctx;
- crypto_ctx_t *mac_ctx = &mac_kcf_ctx->kc_glbl_ctx;
- crypto_context_t mac_context = mac_ctx;
-
- KCF_WRAP_ENCRYPT_OPS_PARAMS(&encr_params, KCF_OP_FINAL,
- pd->pd_sid, NULL, NULL, NULL, (crypto_data_t *)ct,
- NULL);
-
- err = kcf_submit_request(pd, ctx, NULL, &encr_params,
- B_FALSE);
-
- /* It can't be CRYPTO_QUEUED */
- if (err != CRYPTO_SUCCESS) {
- crypto_cancel_ctx(mac_context);
- break;
- }
-
- if (ct->dd_len2 > 0) {
- save_offset = ct->dd_offset1;
- save_len = ct->dd_len1;
- ct->dd_offset1 = ct->dd_offset2;
- ct->dd_len1 = ct->dd_len2;
-
- err = crypto_mac_update(mac_context,
- (crypto_data_t *)ct, NULL);
-
- ct->dd_offset1 = save_offset;
- ct->dd_len1 = save_len;
-
- if (err != CRYPTO_SUCCESS) {
- crypto_cancel_ctx(mac_context);
- return (err);
- }
- }
-
- /* and finally, collect the MAC */
- err = crypto_mac_final(mac_context, mac, NULL);
- break;
- }
-
- default:
- break;
- }
- KCF_PROV_INCRSTATS(pd, err);
- break;
- }
- case KCF_OG_MAC_DECRYPT: {
- kcf_mac_decrypt_ops_params_t *mdops =
- &params->rp_u.mac_decrypt_params;
- kcf_context_t *decr_kcf_ctx;
- crypto_ctx_t *mac_ctx;
- kcf_req_params_t decr_params;
-
- decr_kcf_ctx = (kcf_context_t *)(ctx->cc_framework_private);
-
- switch (optype) {
- case KCF_OP_INIT: {
- decr_kcf_ctx->kc_secondctx = NULL;
-
- err = crypto_mac_init(&mdops->md_mac_mech,
- mdops->md_mac_key, mdops->md_mac_templ,
- (crypto_context_t *)&mac_ctx, NULL);
-
- /* It can't be CRYPTO_QUEUED */
- if (err != CRYPTO_SUCCESS) {
- break;
- }
-
- KCF_WRAP_DECRYPT_OPS_PARAMS(&decr_params, KCF_OP_INIT,
- pd->pd_sid, &mdops->md_decr_mech,
- mdops->md_decr_key, NULL, NULL,
- mdops->md_decr_templ);
-
- err = kcf_submit_request(pd, ctx, NULL, &decr_params,
- B_FALSE);
-
- /* It can't be CRYPTO_QUEUED */
- if (err != CRYPTO_SUCCESS) {
- crypto_cancel_ctx((crypto_context_t)mac_ctx);
- break;
- }
-
- decr_kcf_ctx->kc_secondctx = (kcf_context_t *)
- mac_ctx->cc_framework_private;
- KCF_CONTEXT_REFHOLD((kcf_context_t *)
- mac_ctx->cc_framework_private);
-
- break;
- default:
- break;
-
- }
- case KCF_OP_UPDATE: {
- crypto_dual_data_t *ct = mdops->md_ciphertext;
- crypto_data_t *pt = mdops->md_plaintext;
- kcf_context_t *mac_kcf_ctx = decr_kcf_ctx->kc_secondctx;
- crypto_ctx_t *mac_ctx = &mac_kcf_ctx->kc_glbl_ctx;
-
- err = crypto_mac_update((crypto_context_t)mac_ctx,
- (crypto_data_t *)ct, NULL);
-
- if (err != CRYPTO_SUCCESS)
- break;
-
- save_offset = ct->dd_offset1;
- save_len = ct->dd_len1;
-
- /* zero ct->dd_len2 means decrypt everything */
- if (ct->dd_len2 > 0) {
- ct->dd_offset1 = ct->dd_offset2;
- ct->dd_len1 = ct->dd_len2;
- }
-
- err = crypto_decrypt_update((crypto_context_t)ctx,
- (crypto_data_t *)ct, pt, NULL);
-
- ct->dd_offset1 = save_offset;
- ct->dd_len1 = save_len;
-
- break;
- }
- case KCF_OP_FINAL: {
- crypto_data_t *pt = mdops->md_plaintext;
- crypto_data_t *mac = mdops->md_mac;
- kcf_context_t *mac_kcf_ctx = decr_kcf_ctx->kc_secondctx;
- crypto_ctx_t *mac_ctx = &mac_kcf_ctx->kc_glbl_ctx;
-
- err = crypto_mac_final((crypto_context_t)mac_ctx,
- mac, NULL);
-
- if (err != CRYPTO_SUCCESS) {
- crypto_cancel_ctx(ctx);
- break;
- }
-
- /* Get the last chunk of plaintext */
- KCF_CONTEXT_REFHOLD(decr_kcf_ctx);
- err = crypto_decrypt_final((crypto_context_t)ctx, pt,
- NULL);
-
- break;
- }
- }
- break;
- }
- default:
-
- break;
- } /* end of switch(params->rp_opgrp) */
-
- return (err);
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 06:28:00 +0000