diff --git a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.c b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.c index 126da6d37bd..23dac5464b7 100644 --- a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.c +++ b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.c @@ -28,7 +28,6 @@ #include #include #include "jni_util.h" -#include #include "nativeCrypto.h" #include "nativeFunc.h" diff --git a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.h b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.h index a3ea195387e..2c5f4a52a7f 100644 --- a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.h +++ b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.h @@ -23,12 +23,38 @@ * questions. */ +#include // redirects to libucrypto.h starting 11.3 + #ifndef _Included_com_oracle_security_ucrypto_NativeCrypto #define _Included_com_oracle_security_ucrypto_NativeCrypto #ifdef __cplusplus extern "C" { #endif +// used by nativeCrypto.c +#ifdef _LIBUCRYPTO_H // workaround for Solaris bug; see 8157627 +#define CK_AES_CTR_PARAMS crypto_ctr_params_t +#define ulCounterBits ct_ctr_bits +#define cb ct_cb + +#define CK_AES_CCM_PARAMS crypto_ccm_params_t +#define ulMACSize cc_mac_size +#define ulNonceSize cc_nonce_size +#define ulAuthDataSize cc_auth_data_size +#define ulDataSize cc_data_size +#define nonce cc_nonce +#define authData cc_auth_data + +#define CK_AES_GCM_PARAMS crypto_gcm_params_t +#define pIv gc_iv +#define ulIvLen gc_iv_len +#define ulIvBits gc_iv_bits +#define pAAD gc_aad +#define ulAADLen gc_aad_len +#define ulTagBits gc_tag_bits +#endif + +// used by nativeCryptoMD.c #undef com_oracle_security_ucrypto_NativeDigestMD_MECH_MD5 #define com_oracle_security_ucrypto_NativeDigestMD_MECH_MD5 1L #undef com_oracle_security_ucrypto_NativeDigestMD_MECH_SHA1 diff --git a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCryptoMD.c b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCryptoMD.c index df60ce3613a..6e279e3039c 100644 --- a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCryptoMD.c +++ b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCryptoMD.c @@ -28,7 +28,6 @@ #include #include #include "jni_util.h" -#include #include "nativeCrypto.h" #include "nativeFunc.h" diff --git a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeFunc.h b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeFunc.h index 5f3a9ba87e3..106460c0bc1 100644 --- a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeFunc.h +++ b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeFunc.h @@ -28,7 +28,7 @@ #include #include #include -#include +#include // redirects to libucrypto.h starting 11.3 jboolean* loadNative(); diff --git a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/sys_old/crypto/common.h b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/sys_old/crypto/common.h deleted file mode 100644 index 9ac5202368e..00000000000 --- a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/sys_old/crypto/common.h +++ /dev/null @@ -1,637 +0,0 @@ -/* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#ifndef _SYS_CRYPTO_COMMON_H -#define _SYS_CRYPTO_COMMON_H - -/* - * Header file for the common data structures of the cryptographic framework - */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include -#include -#include -#include - -/* Convenience defines/macros */ - -#define CRYPTO_ARG_INPLACE(input, output) \ - if ((output) == NULL) \ - (output) = (input); - -#ifdef _KERNEL - -#include -#define CRYPTO_KMFLAG(x) crypto_kmflag((x)) -#define CRYPTO_ALLOC(sz, kmflag) kmem_alloc((sz), (kmflag)) -#define CRYPTO_ZALLOC(sz, kmflag) kmem_zalloc((sz), (kmflag)) -#define CRYPTO_FREE(ptr, sz) kmem_free((ptr), (sz)) -#define CRYPTO_ZFREE(ptr, sz) if (ptr != NULL) { \ - bzero((ptr), (sz)), \ - kmem_free((ptr), (sz)); \ - } - -#else /* _KERNEL */ - -#include -#define CRYPTO_KMFLAG(x) (0) -#define CRYPTO_ALLOC(sz, kmflag) malloc((sz)) -#define CRYPTO_ZALLOC(sz, kmflag) calloc(1, (sz)) -#define CRYPTO_FREE(ptr, sz) free((ptr)) -#define CRYPTO_ZFREE(ptr, sz) if (ptr != NULL) { \ - bzero((ptr), (sz)), \ - free((ptr)); \ - } - -#endif /* _KERNEL */ - -/* Cryptographic Mechanisms */ - -#define CRYPTO_MAX_MECH_NAME 32 -typedef char crypto_mech_name_t[CRYPTO_MAX_MECH_NAME]; - -typedef uint64_t crypto_mech_type_t; - -typedef struct crypto_mechanism { - crypto_mech_type_t cm_type; /* mechanism type */ - caddr_t cm_param; /* mech. parameter */ - size_t cm_param_len; /* mech. parameter len */ -} crypto_mechanism_t; - -#ifdef _SYSCALL32 - -typedef struct crypto_mechanism32 { - crypto_mech_type_t cm_type; /* mechanism type */ - caddr32_t cm_param; /* mech. parameter */ - size32_t cm_param_len; /* mech. parameter len */ -} crypto_mechanism32_t; - -#endif /* _SYSCALL32 */ - -#ifdef _KERNEL -/* CK_AES_CTR_PARAMS provides parameters to the CKM_AES_CTR mechanism */ -typedef struct CK_AES_CTR_PARAMS { - ulong_t ulCounterBits; - uint8_t cb[16]; -} CK_AES_CTR_PARAMS; -#endif - -/* CK_AES_CCM_PARAMS provides parameters to the CKM_AES_CCM mechanism */ -typedef struct CK_AES_CCM_PARAMS { - ulong_t ulMACSize; - ulong_t ulNonceSize; - ulong_t ulAuthDataSize; - ulong_t ulDataSize; /* used for plaintext or ciphertext */ - uchar_t *nonce; - uchar_t *authData; -} CK_AES_CCM_PARAMS; - -/* CK_AES_GCM_PARAMS provides parameters to the CKM_AES_GCM mechanism */ -typedef struct CK_AES_GCM_PARAMS { - uchar_t *pIv; - ulong_t ulIvLen; - ulong_t ulIvBits; - uchar_t *pAAD; - ulong_t ulAADLen; - ulong_t ulTagBits; -} CK_AES_GCM_PARAMS; - -/* CK_AES_GMAC_PARAMS provides parameters to the CKM_AES_GMAC mechanism */ -typedef struct CK_AES_GMAC_PARAMS { - uchar_t *pIv; - uchar_t *pAAD; - ulong_t ulAADLen; -} CK_AES_GMAC_PARAMS; - -#ifdef _KERNEL -/* - * CK_ECDH1_DERIVE_PARAMS provides the parameters to the - * CKM_ECDH1_KEY_DERIVE mechanism - */ -typedef struct CK_ECDH1_DERIVE_PARAMS { - ulong_t kdf; - ulong_t ulSharedDataLen; - uchar_t *pSharedData; - ulong_t ulPublicDataLen; - uchar_t *pPublicData; -} CK_ECDH1_DERIVE_PARAMS; -#endif - -#ifdef _KERNEL -#ifdef _SYSCALL32 - -/* needed for 32-bit applications running on 64-bit kernels */ -typedef struct CK_AES_CTR_PARAMS32 { - uint32_t ulCounterBits; - uint8_t cb[16]; -} CK_AES_CTR_PARAMS32; - -/* needed for 32-bit applications running on 64-bit kernels */ -typedef struct CK_AES_CCM_PARAMS32 { - uint32_t ulMACSize; - uint32_t ulNonceSize; - uint32_t ulAuthDataSize; - uint32_t ulDataSize; - caddr32_t nonce; - caddr32_t authData; -} CK_AES_CCM_PARAMS32; - -/* needed for 32-bit applications running on 64-bit kernels */ -typedef struct CK_AES_GCM_PARAMS32 { - caddr32_t pIv; - uint32_t ulIvLen; - uint32_t ulIvBits; - caddr32_t pAAD; - uint32_t ulAADLen; - uint32_t ulTagBits; -} CK_AES_GCM_PARAMS32; - -/* needed for 32-bit applications running on 64-bit kernels */ -typedef struct CK_AES_GMAC_PARAMS32 { - caddr32_t pIv; - caddr32_t pAAD; - uint32_t ulAADLen; -} CK_AES_GMAC_PARAMS32; - -typedef struct CK_ECDH1_DERIVE_PARAMS32 { - uint32_t kdf; - uint32_t ulSharedDataLen; - caddr32_t pSharedData; - uint32_t ulPublicDataLen; - caddr32_t pPublicData; -} CK_ECDH1_DERIVE_PARAMS32; - -#endif /* _SYSCALL32 */ -#endif /* _KERNEL */ - -/* - * The measurement unit bit flag for a mechanism's minimum or maximum key size. - * The unit are mechanism dependent. It can be in bits or in bytes. - */ -typedef uint32_t crypto_keysize_unit_t; - -/* - * The following bit flags are valid in cm_mech_flags field in - * the crypto_mech_info_t structure of the SPI. - * - * Only the first two bit flags are valid in mi_keysize_unit - * field in the crypto_mechanism_info_t structure of the API. - */ -#define CRYPTO_KEYSIZE_UNIT_IN_BITS 0x00000001 -#define CRYPTO_KEYSIZE_UNIT_IN_BYTES 0x00000002 -#define CRYPTO_CAN_SHARE_OPSTATE 0x00000004 /* supports sharing */ - - -/* Mechanisms supported out-of-the-box */ -#define SUN_CKM_MD4 "CKM_MD4" -#define SUN_CKM_MD5 "CKM_MD5" -#define SUN_CKM_MD5_HMAC "CKM_MD5_HMAC" -#define SUN_CKM_MD5_HMAC_GENERAL "CKM_MD5_HMAC_GENERAL" -#define SUN_CKM_SHA1 "CKM_SHA_1" -#define SUN_CKM_SHA1_HMAC "CKM_SHA_1_HMAC" -#define SUN_CKM_SHA1_HMAC_GENERAL "CKM_SHA_1_HMAC_GENERAL" -#define SUN_CKM_SHA256 "CKM_SHA256" -#define SUN_CKM_SHA256_HMAC "CKM_SHA256_HMAC" -#define SUN_CKM_SHA256_HMAC_GENERAL "CKM_SHA256_HMAC_GENERAL" -#define SUN_CKM_SHA384 "CKM_SHA384" -#define SUN_CKM_SHA384_HMAC "CKM_SHA384_HMAC" -#define SUN_CKM_SHA384_HMAC_GENERAL "CKM_SHA384_HMAC_GENERAL" -#define SUN_CKM_SHA512 "CKM_SHA512" -#define SUN_CKM_SHA512_HMAC "CKM_SHA512_HMAC" -#define SUN_CKM_SHA512_HMAC_GENERAL "CKM_SHA512_HMAC_GENERAL" -#define SUN_CKM_DES_CBC "CKM_DES_CBC" -#define SUN_CKM_DES3_CBC "CKM_DES3_CBC" -#define SUN_CKM_DES_ECB "CKM_DES_ECB" -#define SUN_CKM_DES3_ECB "CKM_DES3_ECB" -#define SUN_CKM_BLOWFISH_CBC "CKM_BLOWFISH_CBC" -#define SUN_CKM_BLOWFISH_ECB "CKM_BLOWFISH_ECB" -#define SUN_CKM_AES_CBC "CKM_AES_CBC" -#define SUN_CKM_AES_ECB "CKM_AES_ECB" -#define SUN_CKM_AES_CTR "CKM_AES_CTR" -#define SUN_CKM_AES_CCM "CKM_AES_CCM" -#define SUN_CKM_AES_GCM "CKM_AES_GCM" -#define SUN_CKM_AES_GMAC "CKM_AES_GMAC" -#define SUN_CKM_AES_CFB128 "CKM_AES_CFB128" -#define SUN_CKM_RC4 "CKM_RC4" -#define SUN_CKM_RSA_PKCS "CKM_RSA_PKCS" -#define SUN_CKM_RSA_X_509 "CKM_RSA_X_509" -#define SUN_CKM_MD5_RSA_PKCS "CKM_MD5_RSA_PKCS" -#define SUN_CKM_SHA1_RSA_PKCS "CKM_SHA1_RSA_PKCS" -#define SUN_CKM_SHA256_RSA_PKCS "CKM_SHA256_RSA_PKCS" -#define SUN_CKM_SHA384_RSA_PKCS "CKM_SHA384_RSA_PKCS" -#define SUN_CKM_SHA512_RSA_PKCS "CKM_SHA512_RSA_PKCS" -#define SUN_CKM_EC_KEY_PAIR_GEN "CKM_EC_KEY_PAIR_GEN" -#define SUN_CKM_ECDH1_DERIVE "CKM_ECDH1_DERIVE" -#define SUN_CKM_ECDSA_SHA1 "CKM_ECDSA_SHA1" -#define SUN_CKM_ECDSA "CKM_ECDSA" - -/* Shared operation context format for CKM_RC4 */ -typedef struct { -#if defined(__amd64) - uint32_t i, j; - uint32_t arr[256]; - uint32_t flag; -#else - uchar_t arr[256]; - uchar_t i, j; -#endif /* __amd64 */ - uint64_t pad; /* For 64-bit alignment */ -} arcfour_state_t; - -/* Data arguments of cryptographic operations */ - -typedef enum crypto_data_format { - CRYPTO_DATA_RAW = 1, - CRYPTO_DATA_UIO, - CRYPTO_DATA_MBLK -} crypto_data_format_t; - -typedef struct crypto_data { - crypto_data_format_t cd_format; /* Format identifier */ - off_t cd_offset; /* Offset from the beginning */ - size_t cd_length; /* # of bytes in use */ - caddr_t cd_miscdata; /* ancillary data */ - union { - /* Raw format */ - iovec_t cdu_raw; /* Pointer and length */ - - /* uio scatter-gather format */ - uio_t *cdu_uio; - - /* mblk scatter-gather format */ - mblk_t *cdu_mp; /* The mblk chain */ - - } cdu; /* Crypto Data Union */ -} crypto_data_t; - -#define cd_raw cdu.cdu_raw -#define cd_uio cdu.cdu_uio -#define cd_mp cdu.cdu_mp - -#define CRYPTO_SET_RAW_DATA(var, str, len) \ - (var).cd_format = CRYPTO_DATA_RAW; \ - (var).cd_offset = 0; \ - (var).cd_length = (len); \ - (var).cd_miscdata = NULL; \ - (var).cd_raw.iov_base = (caddr_t)(str); \ - (var).cd_raw.iov_len = (len); - -#define CRYPTO_DATA_IS_USERSPACE(buf) \ - ((buf->cd_format == CRYPTO_DATA_UIO && \ - buf->cd_uio->uio_segflg == UIO_USERSPACE)) - -typedef struct crypto_dual_data { - crypto_data_t dd_data; /* The data */ - off_t dd_offset2; /* Used by dual operation */ - size_t dd_len2; /* # of bytes to take */ -} crypto_dual_data_t; - -#define dd_format dd_data.cd_format -#define dd_offset1 dd_data.cd_offset -#define dd_len1 dd_data.cd_length -#define dd_miscdata dd_data.cd_miscdata -#define dd_raw dd_data.cd_raw -#define dd_uio dd_data.cd_uio -#define dd_mp dd_data.cd_mp - -/* The keys, and their contents */ - -typedef enum { - CRYPTO_KEY_RAW = 1, /* ck_data is a cleartext key */ - CRYPTO_KEY_REFERENCE, /* ck_obj_id is an opaque reference */ - CRYPTO_KEY_ATTR_LIST /* ck_attrs is a list of object attributes */ -} crypto_key_format_t; - -typedef uint64_t crypto_attr_type_t; - -/* Attribute types to use for passing a RSA public key or a private key. */ -#define SUN_CKA_MODULUS 0x00000120 -#define SUN_CKA_MODULUS_BITS 0x00000121 -#define SUN_CKA_PUBLIC_EXPONENT 0x00000122 -#define SUN_CKA_PRIVATE_EXPONENT 0x00000123 -#define SUN_CKA_PRIME_1 0x00000124 -#define SUN_CKA_PRIME_2 0x00000125 -#define SUN_CKA_EXPONENT_1 0x00000126 -#define SUN_CKA_EXPONENT_2 0x00000127 -#define SUN_CKA_COEFFICIENT 0x00000128 -#define SUN_CKA_PRIME 0x00000130 -#define SUN_CKA_SUBPRIME 0x00000131 -#define SUN_CKA_BASE 0x00000132 - -#define CKK_EC 0x00000003 -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC4 0x00000012 -#define CKK_AES 0x0000001F -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKA_CLASS 0x00000000 -#define CKA_VALUE 0x00000011 -#define CKA_KEY_TYPE 0x00000100 -#define CKA_VALUE_LEN 0x00000161 -#define CKA_EC_PARAMS 0x00000180 -#define CKA_EC_POINT 0x00000181 - -typedef uint32_t crypto_object_id_t; - -typedef struct crypto_object_attribute { - crypto_attr_type_t oa_type; /* attribute type */ - caddr_t oa_value; /* attribute value */ - ssize_t oa_value_len; /* length of attribute value */ -} crypto_object_attribute_t; - -typedef struct crypto_key { - crypto_key_format_t ck_format; /* format identifier */ - union { - /* for CRYPTO_KEY_RAW ck_format */ - struct { - uint_t cku_v_length; /* # of bits in ck_data */ - void *cku_v_data; /* ptr to key value */ - } cku_key_value; - - /* for CRYPTO_KEY_REFERENCE ck_format */ - crypto_object_id_t cku_key_id; /* reference to object key */ - - /* for CRYPTO_KEY_ATTR_LIST ck_format */ - struct { - uint_t cku_a_count; /* number of attributes */ - crypto_object_attribute_t *cku_a_oattr; - } cku_key_attrs; - } cku_data; /* Crypto Key union */ -} crypto_key_t; - -#ifdef _SYSCALL32 - -typedef struct crypto_object_attribute32 { - uint64_t oa_type; /* attribute type */ - caddr32_t oa_value; /* attribute value */ - ssize32_t oa_value_len; /* length of attribute value */ -} crypto_object_attribute32_t; - -typedef struct crypto_key32 { - crypto_key_format_t ck_format; /* format identifier */ - union { - /* for CRYPTO_KEY_RAW ck_format */ - struct { - uint32_t cku_v_length; /* # of bytes in ck_data */ - caddr32_t cku_v_data; /* ptr to key value */ - } cku_key_value; - - /* for CRYPTO_KEY_REFERENCE ck_format */ - crypto_object_id_t cku_key_id; /* reference to object key */ - - /* for CRYPTO_KEY_ATTR_LIST ck_format */ - struct { - uint32_t cku_a_count; /* number of attributes */ - caddr32_t cku_a_oattr; - } cku_key_attrs; - } cku_data; /* Crypto Key union */ -} crypto_key32_t; - -#endif /* _SYSCALL32 */ - -#define ck_data cku_data.cku_key_value.cku_v_data -#define ck_length cku_data.cku_key_value.cku_v_length -#define ck_obj_id cku_data.cku_key_id -#define ck_count cku_data.cku_key_attrs.cku_a_count -#define ck_attrs cku_data.cku_key_attrs.cku_a_oattr - -/* - * Raw key lengths are expressed in number of bits. - * The following macro returns the minimum number of - * bytes that can contain the specified number of bits. - * Round up without overflowing the integer type. - */ -#define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1) -#define CRYPTO_BYTES2BITS(n) ((n) << 3) - -/* Providers */ - -typedef enum { - CRYPTO_HW_PROVIDER = 0, - CRYPTO_SW_PROVIDER, - CRYPTO_LOGICAL_PROVIDER -} crypto_provider_type_t; - -typedef uint32_t crypto_provider_id_t; -#define KCF_PROVID_INVALID ((uint32_t)-1) - -typedef struct crypto_provider_entry { - crypto_provider_id_t pe_provider_id; - uint_t pe_mechanism_count; -} crypto_provider_entry_t; - -typedef struct crypto_dev_list_entry { - char le_dev_name[MAXNAMELEN]; - uint_t le_dev_instance; - uint_t le_mechanism_count; -} crypto_dev_list_entry_t; - -/* User type for authentication ioctls and SPI entry points */ - -typedef enum crypto_user_type { - CRYPTO_SO = 0, - CRYPTO_USER -} crypto_user_type_t; - -/* Version for provider management ioctls and SPI entry points */ - -typedef struct crypto_version { - uchar_t cv_major; - uchar_t cv_minor; -} crypto_version_t; - -/* session data structure opaque to the consumer */ -typedef void *crypto_session_t; - -/* provider data structure opaque to the consumer */ -typedef void *crypto_provider_t; - -/* Limits used by both consumers and providers */ -#define CRYPTO_EXT_SIZE_LABEL 32 -#define CRYPTO_EXT_SIZE_MANUF 32 -#define CRYPTO_EXT_SIZE_MODEL 16 -#define CRYPTO_EXT_SIZE_SERIAL 16 -#define CRYPTO_EXT_SIZE_TIME 16 - -typedef struct crypto_provider_ext_info { - uchar_t ei_label[CRYPTO_EXT_SIZE_LABEL]; - uchar_t ei_manufacturerID[CRYPTO_EXT_SIZE_MANUF]; - uchar_t ei_model[CRYPTO_EXT_SIZE_MODEL]; - uchar_t ei_serial_number[CRYPTO_EXT_SIZE_SERIAL]; - ulong_t ei_flags; - ulong_t ei_max_session_count; - ulong_t ei_max_pin_len; - ulong_t ei_min_pin_len; - ulong_t ei_total_public_memory; - ulong_t ei_free_public_memory; - ulong_t ei_total_private_memory; - ulong_t ei_free_private_memory; - crypto_version_t ei_hardware_version; - crypto_version_t ei_firmware_version; - uchar_t ei_time[CRYPTO_EXT_SIZE_TIME]; - int ei_hash_max_input_len; - int ei_hmac_max_input_len; -} crypto_provider_ext_info_t; - -typedef uint_t crypto_session_id_t; - -typedef enum cmd_type { - COPY_FROM_DATA, - COPY_TO_DATA, - COMPARE_TO_DATA, - MD5_DIGEST_DATA, - SHA1_DIGEST_DATA, - SHA2_DIGEST_DATA, - GHASH_DATA -} cmd_type_t; - -#define CRYPTO_DO_UPDATE 0x01 -#define CRYPTO_DO_FINAL 0x02 -#define CRYPTO_DO_MD5 0x04 -#define CRYPTO_DO_SHA1 0x08 -#define CRYPTO_DO_SIGN 0x10 -#define CRYPTO_DO_VERIFY 0x20 -#define CRYPTO_DO_SHA2 0x40 - -#define PROVIDER_OWNS_KEY_SCHEDULE 0x00000001 - -/* - * Common cryptographic status and error codes. - */ -#define CRYPTO_SUCCESS 0x00000000 -#define CRYPTO_CANCEL 0x00000001 -#define CRYPTO_HOST_MEMORY 0x00000002 -#define CRYPTO_GENERAL_ERROR 0x00000003 -#define CRYPTO_FAILED 0x00000004 -#define CRYPTO_ARGUMENTS_BAD 0x00000005 -#define CRYPTO_ATTRIBUTE_READ_ONLY 0x00000006 -#define CRYPTO_ATTRIBUTE_SENSITIVE 0x00000007 -#define CRYPTO_ATTRIBUTE_TYPE_INVALID 0x00000008 -#define CRYPTO_ATTRIBUTE_VALUE_INVALID 0x00000009 -#define CRYPTO_CANCELED 0x0000000A -#define CRYPTO_DATA_INVALID 0x0000000B -#define CRYPTO_DATA_LEN_RANGE 0x0000000C -#define CRYPTO_DEVICE_ERROR 0x0000000D -#define CRYPTO_DEVICE_MEMORY 0x0000000E -#define CRYPTO_DEVICE_REMOVED 0x0000000F -#define CRYPTO_ENCRYPTED_DATA_INVALID 0x00000010 -#define CRYPTO_ENCRYPTED_DATA_LEN_RANGE 0x00000011 -#define CRYPTO_KEY_HANDLE_INVALID 0x00000012 -#define CRYPTO_KEY_SIZE_RANGE 0x00000013 -#define CRYPTO_KEY_TYPE_INCONSISTENT 0x00000014 -#define CRYPTO_KEY_NOT_NEEDED 0x00000015 -#define CRYPTO_KEY_CHANGED 0x00000016 -#define CRYPTO_KEY_NEEDED 0x00000017 -#define CRYPTO_KEY_INDIGESTIBLE 0x00000018 -#define CRYPTO_KEY_FUNCTION_NOT_PERMITTED 0x00000019 -#define CRYPTO_KEY_NOT_WRAPPABLE 0x0000001A -#define CRYPTO_KEY_UNEXTRACTABLE 0x0000001B -#define CRYPTO_MECHANISM_INVALID 0x0000001C -#define CRYPTO_MECHANISM_PARAM_INVALID 0x0000001D -#define CRYPTO_OBJECT_HANDLE_INVALID 0x0000001E -#define CRYPTO_OPERATION_IS_ACTIVE 0x0000001F -#define CRYPTO_OPERATION_NOT_INITIALIZED 0x00000020 -#define CRYPTO_PIN_INCORRECT 0x00000021 -#define CRYPTO_PIN_INVALID 0x00000022 -#define CRYPTO_PIN_LEN_RANGE 0x00000023 -#define CRYPTO_PIN_EXPIRED 0x00000024 -#define CRYPTO_PIN_LOCKED 0x00000025 -#define CRYPTO_SESSION_CLOSED 0x00000026 -#define CRYPTO_SESSION_COUNT 0x00000027 -#define CRYPTO_SESSION_HANDLE_INVALID 0x00000028 -#define CRYPTO_SESSION_READ_ONLY 0x00000029 -#define CRYPTO_SESSION_EXISTS 0x0000002A -#define CRYPTO_SESSION_READ_ONLY_EXISTS 0x0000002B -#define CRYPTO_SESSION_READ_WRITE_SO_EXISTS 0x0000002C -#define CRYPTO_SIGNATURE_INVALID 0x0000002D -#define CRYPTO_SIGNATURE_LEN_RANGE 0x0000002E -#define CRYPTO_TEMPLATE_INCOMPLETE 0x0000002F -#define CRYPTO_TEMPLATE_INCONSISTENT 0x00000030 -#define CRYPTO_UNWRAPPING_KEY_HANDLE_INVALID 0x00000031 -#define CRYPTO_UNWRAPPING_KEY_SIZE_RANGE 0x00000032 -#define CRYPTO_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x00000033 -#define CRYPTO_USER_ALREADY_LOGGED_IN 0x00000034 -#define CRYPTO_USER_NOT_LOGGED_IN 0x00000035 -#define CRYPTO_USER_PIN_NOT_INITIALIZED 0x00000036 -#define CRYPTO_USER_TYPE_INVALID 0x00000037 -#define CRYPTO_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000038 -#define CRYPTO_USER_TOO_MANY_TYPES 0x00000039 -#define CRYPTO_WRAPPED_KEY_INVALID 0x0000003A -#define CRYPTO_WRAPPED_KEY_LEN_RANGE 0x0000003B -#define CRYPTO_WRAPPING_KEY_HANDLE_INVALID 0x0000003C -#define CRYPTO_WRAPPING_KEY_SIZE_RANGE 0x0000003D -#define CRYPTO_WRAPPING_KEY_TYPE_INCONSISTENT 0x0000003E -#define CRYPTO_RANDOM_SEED_NOT_SUPPORTED 0x0000003F -#define CRYPTO_RANDOM_NO_RNG 0x00000040 -#define CRYPTO_DOMAIN_PARAMS_INVALID 0x00000041 -#define CRYPTO_BUFFER_TOO_SMALL 0x00000042 -#define CRYPTO_INFORMATION_SENSITIVE 0x00000043 -#define CRYPTO_NOT_SUPPORTED 0x00000044 - -#define CRYPTO_QUEUED 0x00000045 -#define CRYPTO_BUFFER_TOO_BIG 0x00000046 -#define CRYPTO_INVALID_CONTEXT 0x00000047 -#define CRYPTO_INVALID_MAC 0x00000048 -#define CRYPTO_MECH_NOT_SUPPORTED 0x00000049 -#define CRYPTO_INCONSISTENT_ATTRIBUTE 0x0000004A -#define CRYPTO_NO_PERMISSION 0x0000004B -#define CRYPTO_INVALID_PROVIDER_ID 0x0000004C -#define CRYPTO_VERSION_MISMATCH 0x0000004D -#define CRYPTO_BUSY 0x0000004E -#define CRYPTO_UNKNOWN_PROVIDER 0x0000004F -#define CRYPTO_MODVERIFICATION_FAILED 0x00000050 -#define CRYPTO_OLD_CTX_TEMPLATE 0x00000051 -#define CRYPTO_WEAK_KEY 0x00000052 -#define CRYPTO_FIPS140_ERROR 0x00000053 -/* - * Don't forget to update CRYPTO_LAST_ERROR and the error_number_table[] - * in kernelUtil.c when new error code is added. - */ -#define CRYPTO_LAST_ERROR 0x00000053 - -/* - * Special values that can be used to indicate that information is unavailable - * or that there is not practical limit. These values can be used - * by fields of the SPI crypto_provider_ext_info(9S) structure. - * The value of CRYPTO_UNAVAILABLE_INFO should be the same as - * CK_UNAVAILABLE_INFO in the PKCS#11 spec. - */ -#define CRYPTO_UNAVAILABLE_INFO ((ulong_t)(-1)) -#define CRYPTO_EFFECTIVELY_INFINITE 0x0 - -#ifdef __cplusplus -} -#endif - -#endif /* _SYS_CRYPTO_COMMON_H */ diff --git a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/sys_old/crypto/spi.h b/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/sys_old/crypto/spi.h deleted file mode 100644 index bf1668509c0..00000000000 --- a/jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/sys_old/crypto/spi.h +++ /dev/null @@ -1,791 +0,0 @@ -/* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#ifndef _SYS_CRYPTO_SPI_H -#define _SYS_CRYPTO_SPI_H - -/* - * CSPI: Cryptographic Service Provider Interface. - */ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef _KERNEL -#include -#include -#include - -#define CRYPTO_SPI_VERSION_1 1 -#define CRYPTO_SPI_VERSION_2 2 -#define CRYPTO_SPI_VERSION_3 3 -#define CRYPTO_SPI_VERSION_4 4 -#define CRYPTO_SPI_VERSION_5 5 - -#define CRYPTO_OPS_OFFSET(f) offsetof(crypto_ops_t, co_##f) -#define CRYPTO_PROVIDER_OFFSET(f) \ - offsetof(crypto_provider_management_ops_t, f) -#define CRYPTO_OBJECT_OFFSET(f) offsetof(crypto_object_ops_t, f) -#define CRYPTO_SESSION_OFFSET(f) offsetof(crypto_session_ops_t, f) - -#endif - -/* - * Provider-private handle. This handle is specified by a provider - * when it registers by means of the pi_provider_handle field of - * the crypto_provider_info structure, and passed to the provider - * when its entry points are invoked. - */ -typedef void *crypto_provider_handle_t; - -/* - * Context templates can be used to by software providers to pre-process - * keying material, such as key schedules. They are allocated by - * a software provider create_ctx_template(9E) entry point, and passed - * as argument to initialization and atomic provider entry points. - */ -typedef void *crypto_spi_ctx_template_t; - -/* - * Request handles are used by the kernel to identify an asynchronous - * request being processed by a provider. It is passed by the kernel - * to a hardware provider when submitting a request, and must be - * specified by a provider when calling crypto_op_notification(9F) - */ -typedef void *crypto_req_handle_t; - -/* - * The context structure is passed from kcf to a provider in kernel and - * internally in libsoftcrypto between ucrypto and the algorithm. - * It contains the information needed to process a multi-part or - * single part operation. The context structure is not used - * by atomic operations. - * - * Parameters needed to perform a cryptographic operation, such - * as keys, mechanisms, input and output buffers, are passed - * as separate arguments to Provider routines. - */ -typedef struct crypto_ctx { - crypto_provider_handle_t cc_provider; - crypto_session_id_t cc_session; - void *cc_provider_private; /* owned by provider */ - void *cc_framework_private; /* owned by framework */ - uint32_t cc_flags; /* flags */ - void *cc_opstate; /* state */ -} crypto_ctx_t; - -#ifdef _KERNEL - -/* Values for cc_flags field */ -#define CRYPTO_INIT_OPSTATE 0x00000001 /* allocate and init cc_opstate */ -#define CRYPTO_USE_OPSTATE 0x00000002 /* .. start using it as context */ - -/* - * Extended provider information. - */ - -/* - * valid values for ei_flags field of extended info structure - * They match the RSA Security, Inc PKCS#11 tokenInfo flags. - */ -#define CRYPTO_EXTF_RNG 0x00000001 -#define CRYPTO_EXTF_WRITE_PROTECTED 0x00000002 -#define CRYPTO_EXTF_LOGIN_REQUIRED 0x00000004 -#define CRYPTO_EXTF_USER_PIN_INITIALIZED 0x00000008 -#define CRYPTO_EXTF_CLOCK_ON_TOKEN 0x00000040 -#define CRYPTO_EXTF_PROTECTED_AUTHENTICATION_PATH 0x00000100 -#define CRYPTO_EXTF_DUAL_CRYPTO_OPERATIONS 0x00000200 -#define CRYPTO_EXTF_TOKEN_INITIALIZED 0x00000400 -#define CRYPTO_EXTF_USER_PIN_COUNT_LOW 0x00010000 -#define CRYPTO_EXTF_USER_PIN_FINAL_TRY 0x00020000 -#define CRYPTO_EXTF_USER_PIN_LOCKED 0x00040000 -#define CRYPTO_EXTF_USER_PIN_TO_BE_CHANGED 0x00080000 -#define CRYPTO_EXTF_SO_PIN_COUNT_LOW 0x00100000 -#define CRYPTO_EXTF_SO_PIN_FINAL_TRY 0x00200000 -#define CRYPTO_EXTF_SO_PIN_LOCKED 0x00400000 -#define CRYPTO_EXTF_SO_PIN_TO_BE_CHANGED 0x00800000 - -/* - * The crypto_control_ops structure contains pointers to control - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_control_ops { - void (*provider_status)(crypto_provider_handle_t, uint_t *); -} crypto_control_ops_t; - -/* - * The crypto_ctx_ops structure contains points to context and context - * templates management operations for cryptographic providers. It is - * passed through the crypto_ops(9S) structure when providers register - * with the kernel using crypto_register_provider(9F). - */ -typedef struct crypto_ctx_ops { - int (*create_ctx_template)(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_key_t *, - crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); - int (*free_context)(crypto_ctx_t *); -} crypto_ctx_ops_t; - -/* - * The crypto_digest_ops structure contains pointers to digest - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_digest_ops { - int (*digest_init)(crypto_ctx_t *, crypto_mechanism_t *, - crypto_req_handle_t); - int (*digest)(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, - crypto_req_handle_t); - int (*digest_update)(crypto_ctx_t *, crypto_data_t *, - crypto_req_handle_t); - int (*digest_key)(crypto_ctx_t *, crypto_key_t *, crypto_req_handle_t); - int (*digest_final)(crypto_ctx_t *, crypto_data_t *, - crypto_req_handle_t); - int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_data_t *, - crypto_data_t *, crypto_req_handle_t); -} crypto_digest_ops_t; - -/* - * The crypto_cipher_ops structure contains pointers to encryption - * and decryption operations for cryptographic providers. It is - * passed through the crypto_ops(9S) structure when providers register - * with the kernel using crypto_register_provider(9F). - */ -typedef struct crypto_cipher_ops { - int (*encrypt_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, - crypto_spi_ctx_template_t, crypto_req_handle_t); - int (*encrypt)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*encrypt_update)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*encrypt_final)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); - - int (*decrypt_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, - crypto_spi_ctx_template_t, crypto_req_handle_t); - int (*decrypt)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*decrypt_update)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*decrypt_final)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); -} crypto_cipher_ops_t; - -/* - * The crypto_mac_ops structure contains pointers to MAC - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_mac_ops { - int (*mac_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, - crypto_spi_ctx_template_t, crypto_req_handle_t); - int (*mac)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*mac_update)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*mac_final)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); -} crypto_mac_ops_t; - -/* - * The crypto_sign_ops structure contains pointers to signing - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_sign_ops { - int (*sign_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*sign)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*sign_update)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*sign_final)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*sign_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*sign_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, - crypto_key_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*sign_recover)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*sign_recover_atomic)(crypto_provider_handle_t, - crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, - crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); -} crypto_sign_ops_t; - -/* - * The crypto_verify_ops structure contains pointers to verify - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_verify_ops { - int (*verify_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*verify)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*verify_update)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*verify_final)(crypto_ctx_t *, - crypto_data_t *, crypto_req_handle_t); - int (*verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*verify_recover_init)(crypto_ctx_t *, crypto_mechanism_t *, - crypto_key_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); - int (*verify_recover)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*verify_recover_atomic)(crypto_provider_handle_t, - crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, - crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, - crypto_req_handle_t); -} crypto_verify_ops_t; - -/* - * The crypto_dual_ops structure contains pointers to dual - * cipher and sign/verify operations for cryptographic providers. - * It is passed through the crypto_ops(9S) structure when - * providers register with the kernel using - * crypto_register_provider(9F). - */ -typedef struct crypto_dual_ops { - int (*digest_encrypt_update)( - crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, - crypto_data_t *, crypto_req_handle_t); - int (*decrypt_digest_update)( - crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, - crypto_data_t *, crypto_req_handle_t); - int (*sign_encrypt_update)( - crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, - crypto_data_t *, crypto_req_handle_t); - int (*decrypt_verify_update)( - crypto_ctx_t *, crypto_ctx_t *, crypto_data_t *, - crypto_data_t *, crypto_req_handle_t); -} crypto_dual_ops_t; - -/* - * The crypto_dual_cipher_mac_ops structure contains pointers to dual - * cipher and MAC operations for cryptographic providers. - * It is passed through the crypto_ops(9S) structure when - * providers register with the kernel using - * crypto_register_provider(9F). - */ -typedef struct crypto_dual_cipher_mac_ops { - int (*encrypt_mac_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, - crypto_key_t *, crypto_spi_ctx_template_t, - crypto_spi_ctx_template_t, crypto_req_handle_t); - int (*encrypt_mac)(crypto_ctx_t *, - crypto_data_t *, crypto_dual_data_t *, crypto_data_t *, - crypto_req_handle_t); - int (*encrypt_mac_update)(crypto_ctx_t *, - crypto_data_t *, crypto_dual_data_t *, crypto_req_handle_t); - int (*encrypt_mac_final)(crypto_ctx_t *, - crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*encrypt_mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, - crypto_key_t *, crypto_data_t *, crypto_dual_data_t *, - crypto_data_t *, crypto_spi_ctx_template_t, - crypto_spi_ctx_template_t, crypto_req_handle_t); - - int (*mac_decrypt_init)(crypto_ctx_t *, - crypto_mechanism_t *, crypto_key_t *, crypto_mechanism_t *, - crypto_key_t *, crypto_spi_ctx_template_t, - crypto_spi_ctx_template_t, crypto_req_handle_t); - int (*mac_decrypt)(crypto_ctx_t *, - crypto_dual_data_t *, crypto_data_t *, crypto_data_t *, - crypto_req_handle_t); - int (*mac_decrypt_update)(crypto_ctx_t *, - crypto_dual_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*mac_decrypt_final)(crypto_ctx_t *, - crypto_data_t *, crypto_data_t *, crypto_req_handle_t); - int (*mac_decrypt_atomic)(crypto_provider_handle_t, - crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, - crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, - crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, - crypto_spi_ctx_template_t, crypto_req_handle_t); - int (*mac_verify_decrypt_atomic)(crypto_provider_handle_t, - crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, - crypto_mechanism_t *, crypto_key_t *, crypto_dual_data_t *, - crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, - crypto_spi_ctx_template_t, crypto_req_handle_t); -} crypto_dual_cipher_mac_ops_t; - -/* - * The crypto_random_number_ops structure contains pointers to random - * number operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_random_number_ops { - int (*seed_random)(crypto_provider_handle_t, crypto_session_id_t, - uchar_t *, size_t, uint_t, uint32_t, crypto_req_handle_t); - int (*generate_random)(crypto_provider_handle_t, crypto_session_id_t, - uchar_t *, size_t, crypto_req_handle_t); -} crypto_random_number_ops_t; - -/* - * Flag values for seed_random. - */ -#define CRYPTO_SEED_NOW 0x00000001 - -/* - * The crypto_session_ops structure contains pointers to session - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_session_ops { - int (*session_open)(crypto_provider_handle_t, crypto_session_id_t *, - crypto_req_handle_t); - int (*session_close)(crypto_provider_handle_t, crypto_session_id_t, - crypto_req_handle_t); - int (*session_login)(crypto_provider_handle_t, crypto_session_id_t, - crypto_user_type_t, char *, size_t, crypto_req_handle_t); - int (*session_logout)(crypto_provider_handle_t, crypto_session_id_t, - crypto_req_handle_t); -} crypto_session_ops_t; - -/* - * The crypto_object_ops structure contains pointers to object - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_object_ops { - int (*object_create)(crypto_provider_handle_t, crypto_session_id_t, - crypto_object_attribute_t *, uint_t, crypto_object_id_t *, - crypto_req_handle_t); - int (*object_copy)(crypto_provider_handle_t, crypto_session_id_t, - crypto_object_id_t, crypto_object_attribute_t *, uint_t, - crypto_object_id_t *, crypto_req_handle_t); - int (*object_destroy)(crypto_provider_handle_t, crypto_session_id_t, - crypto_object_id_t, crypto_req_handle_t); - int (*object_get_size)(crypto_provider_handle_t, crypto_session_id_t, - crypto_object_id_t, size_t *, crypto_req_handle_t); - int (*object_get_attribute_value)(crypto_provider_handle_t, - crypto_session_id_t, crypto_object_id_t, - crypto_object_attribute_t *, uint_t, crypto_req_handle_t); - int (*object_set_attribute_value)(crypto_provider_handle_t, - crypto_session_id_t, crypto_object_id_t, - crypto_object_attribute_t *, uint_t, crypto_req_handle_t); - int (*object_find_init)(crypto_provider_handle_t, crypto_session_id_t, - crypto_object_attribute_t *, uint_t, void **, - crypto_req_handle_t); - int (*object_find)(crypto_provider_handle_t, void *, - crypto_object_id_t *, uint_t, uint_t *, crypto_req_handle_t); - int (*object_find_final)(crypto_provider_handle_t, void *, - crypto_req_handle_t); -} crypto_object_ops_t; - -/* - * The crypto_key_ops structure contains pointers to key - * operations for cryptographic providers. It is passed through - * the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_key_ops { - int (*key_generate)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, - crypto_object_id_t *, crypto_req_handle_t); - int (*key_generate_pair)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_object_attribute_t *, uint_t, - crypto_object_attribute_t *, uint_t, crypto_object_id_t *, - crypto_object_id_t *, crypto_req_handle_t); - int (*key_wrap)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_object_id_t *, - uchar_t *, size_t *, crypto_req_handle_t); - int (*key_unwrap)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, uchar_t *, size_t *, - crypto_object_attribute_t *, uint_t, - crypto_object_id_t *, crypto_req_handle_t); - int (*key_derive)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, - uint_t, crypto_object_id_t *, crypto_req_handle_t); - int (*key_check)(crypto_provider_handle_t, crypto_mechanism_t *, - crypto_key_t *); -} crypto_key_ops_t; - -/* - * The crypto_provider_management_ops structure contains pointers - * to management operations for cryptographic providers. It is passed - * through the crypto_ops(9S) structure when providers register with the - * kernel using crypto_register_provider(9F). - */ -typedef struct crypto_provider_management_ops { - int (*ext_info)(crypto_provider_handle_t, - crypto_provider_ext_info_t *, crypto_req_handle_t); - int (*init_token)(crypto_provider_handle_t, char *, size_t, - char *, crypto_req_handle_t); - int (*init_pin)(crypto_provider_handle_t, crypto_session_id_t, - char *, size_t, crypto_req_handle_t); - int (*set_pin)(crypto_provider_handle_t, crypto_session_id_t, - char *, size_t, char *, size_t, crypto_req_handle_t); -} crypto_provider_management_ops_t; - -typedef struct crypto_mech_ops { - int (*copyin_mechanism)(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_mechanism_t *, int *, int); - int (*copyout_mechanism)(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_mechanism_t *, int *, int); - int (*free_mechanism)(crypto_provider_handle_t, crypto_mechanism_t *); -} crypto_mech_ops_t; - -typedef struct crypto_nostore_key_ops { - int (*nostore_key_generate)(crypto_provider_handle_t, - crypto_session_id_t, crypto_mechanism_t *, - crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *, - uint_t, crypto_req_handle_t); - int (*nostore_key_generate_pair)(crypto_provider_handle_t, - crypto_session_id_t, crypto_mechanism_t *, - crypto_object_attribute_t *, uint_t, crypto_object_attribute_t *, - uint_t, crypto_object_attribute_t *, uint_t, - crypto_object_attribute_t *, uint_t, crypto_req_handle_t); - int (*nostore_key_derive)(crypto_provider_handle_t, crypto_session_id_t, - crypto_mechanism_t *, crypto_key_t *, crypto_object_attribute_t *, - uint_t, crypto_object_attribute_t *, uint_t, crypto_req_handle_t); -} crypto_nostore_key_ops_t; - -/* - * crypto_fips140_ops provides a function for FIPS 140 Power-On Self Test for - * those providers that are part of the Cryptographic Framework bounday. See - * crypto_fips140_ops(9s) for details. - */ -typedef struct crypto_fips140_ops { - void (*fips140_post)(int *); -} crypto_fips140_ops_t; - -/* - * The crypto_ops(9S) structure contains the structures containing - * the pointers to functions implemented by cryptographic providers. - * It is specified as part of the crypto_provider_info(9S) - * supplied by a provider when it registers with the kernel - * by calling crypto_register_provider(9F). - */ -typedef struct crypto_ops_v1 { - crypto_control_ops_t *co_control_ops; - crypto_digest_ops_t *co_digest_ops; - crypto_cipher_ops_t *co_cipher_ops; - crypto_mac_ops_t *co_mac_ops; - crypto_sign_ops_t *co_sign_ops; - crypto_verify_ops_t *co_verify_ops; - crypto_dual_ops_t *co_dual_ops; - crypto_dual_cipher_mac_ops_t *co_dual_cipher_mac_ops; - crypto_random_number_ops_t *co_random_ops; - crypto_session_ops_t *co_session_ops; - crypto_object_ops_t *co_object_ops; - crypto_key_ops_t *co_key_ops; - crypto_provider_management_ops_t *co_provider_ops; - crypto_ctx_ops_t *co_ctx_ops; -} crypto_ops_v1_t; - -typedef struct crypto_ops_v2 { - crypto_ops_v1_t v1_ops; - crypto_mech_ops_t *co_mech_ops; -} crypto_ops_v2_t; - -typedef struct crypto_ops_v3 { - crypto_ops_v2_t v2_ops; - crypto_nostore_key_ops_t *co_nostore_key_ops; -} crypto_ops_v3_t; - -typedef struct crypto_ops_v4 { - crypto_ops_v3_t v3_ops; - crypto_fips140_ops_t *co_fips140_ops; -} crypto_ops_v4_t; - -typedef struct crypto_ops_v5 { - crypto_ops_v4_t v4_ops; - boolean_t co_uio_userspace_ok; -} crypto_ops_v5_t; - -typedef struct crypto_ops { - union { - crypto_ops_v5_t cou_v5; - crypto_ops_v4_t cou_v4; - crypto_ops_v3_t cou_v3; - crypto_ops_v2_t cou_v2; - crypto_ops_v1_t cou_v1; - } cou; -} crypto_ops_t; - -#define co_control_ops cou.cou_v1.co_control_ops -#define co_digest_ops cou.cou_v1.co_digest_ops -#define co_cipher_ops cou.cou_v1.co_cipher_ops -#define co_mac_ops cou.cou_v1.co_mac_ops -#define co_sign_ops cou.cou_v1.co_sign_ops -#define co_verify_ops cou.cou_v1.co_verify_ops -#define co_dual_ops cou.cou_v1.co_dual_ops -#define co_dual_cipher_mac_ops cou.cou_v1.co_dual_cipher_mac_ops -#define co_random_ops cou.cou_v1.co_random_ops -#define co_session_ops cou.cou_v1.co_session_ops -#define co_object_ops cou.cou_v1.co_object_ops -#define co_key_ops cou.cou_v1.co_key_ops -#define co_provider_ops cou.cou_v1.co_provider_ops -#define co_ctx_ops cou.cou_v1.co_ctx_ops -#define co_mech_ops cou.cou_v2.co_mech_ops -#define co_nostore_key_ops cou.cou_v3.co_nostore_key_ops -#define co_fips140_ops cou.cou_v4.co_fips140_ops -#define co_uio_userspace_ok cou.cou_v5.co_uio_userspace_ok - -/* - * Provider device specification passed during registration. - * - * Software providers set the pi_provider_type field of provider_info_t - * to CRYPTO_SW_PROVIDER, and set the pd_sw field of - * crypto_provider_dev_t to the address of their modlinkage. - * - * Hardware providers set the pi_provider_type field of provider_info_t - * to CRYPTO_HW_PROVIDER, and set the pd_hw field of - * crypto_provider_dev_t to the dev_info structure corresponding - * to the device instance being registered. - * - * Logical providers set the pi_provider_type field of provider_info_t - * to CRYPTO_LOGICAL_PROVIDER, and set the pd_hw field of - * crypto_provider_dev_t to the dev_info structure corresponding - * to the device instance being registered. - */ - -typedef union crypto_provider_dev { - struct modlinkage *pd_sw; /* for CRYPTO_SW_PROVIDER */ - dev_info_t *pd_hw; /* for CRYPTO_HW_PROVIDER */ -} crypto_provider_dev_t; - -/* - * The mechanism info structure crypto_mech_info_t contains a function group - * bit mask cm_func_group_mask. This field, of type crypto_func_group_t, - * specifies the provider entry point that can be used a particular - * mechanism. The function group mask is a combination of the following values. - */ - -typedef uint32_t crypto_func_group_t; - -#endif /* _KERNEL */ - -#define CRYPTO_FG_ENCRYPT 0x00000001 /* encrypt_init() */ -#define CRYPTO_FG_DECRYPT 0x00000002 /* decrypt_init() */ -#define CRYPTO_FG_DIGEST 0x00000004 /* digest_init() */ -#define CRYPTO_FG_SIGN 0x00000008 /* sign_init() */ -#define CRYPTO_FG_SIGN_RECOVER 0x00000010 /* sign_recover_init() */ -#define CRYPTO_FG_VERIFY 0x00000020 /* verify_init() */ -#define CRYPTO_FG_VERIFY_RECOVER 0x00000040 /* verify_recover_init() */ -#define CRYPTO_FG_GENERATE 0x00000080 /* key_generate() */ -#define CRYPTO_FG_GENERATE_KEY_PAIR 0x00000100 /* key_generate_pair() */ -#define CRYPTO_FG_WRAP 0x00000200 /* key_wrap() */ -#define CRYPTO_FG_UNWRAP 0x00000400 /* key_unwrap() */ -#define CRYPTO_FG_DERIVE 0x00000800 /* key_derive() */ -#define CRYPTO_FG_MAC 0x00001000 /* mac_init() */ -#define CRYPTO_FG_ENCRYPT_MAC 0x00002000 /* encrypt_mac_init() */ -#define CRYPTO_FG_MAC_DECRYPT 0x00004000 /* decrypt_mac_init() */ -#define CRYPTO_FG_ENCRYPT_ATOMIC 0x00008000 /* encrypt_atomic() */ -#define CRYPTO_FG_DECRYPT_ATOMIC 0x00010000 /* decrypt_atomic() */ -#define CRYPTO_FG_MAC_ATOMIC 0x00020000 /* mac_atomic() */ -#define CRYPTO_FG_DIGEST_ATOMIC 0x00040000 /* digest_atomic() */ -#define CRYPTO_FG_SIGN_ATOMIC 0x00080000 /* sign_atomic() */ -#define CRYPTO_FG_SIGN_RECOVER_ATOMIC 0x00100000 /* sign_recover_atomic() */ -#define CRYPTO_FG_VERIFY_ATOMIC 0x00200000 /* verify_atomic() */ -#define CRYPTO_FG_VERIFY_RECOVER_ATOMIC 0x00400000 /* verify_recover_atomic() */ -#define CRYPTO_FG_ENCRYPT_MAC_ATOMIC 0x00800000 /* encrypt_mac_atomic() */ -#define CRYPTO_FG_MAC_DECRYPT_ATOMIC 0x01000000 /* mac_decrypt_atomic() */ -#define CRYPTO_FG_RESERVED 0x80000000 - -/* - * Maximum length of the pi_provider_description field of the - * crypto_provider_info structure. - */ -#define CRYPTO_PROVIDER_DESCR_MAX_LEN 64 - -#ifdef _KERNEL - -/* Bit mask for all the simple operations */ -#define CRYPTO_FG_SIMPLEOP_MASK (CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | \ - CRYPTO_FG_DIGEST | CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_MAC | \ - CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | \ - CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_DIGEST_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | \ - CRYPTO_FG_VERIFY_ATOMIC) - -/* Bit mask for all the dual operations */ -#define CRYPTO_FG_MAC_CIPHER_MASK (CRYPTO_FG_ENCRYPT_MAC | \ - CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | \ - CRYPTO_FG_MAC_DECRYPT_ATOMIC) - -/* Add other combos to CRYPTO_FG_DUAL_MASK */ -#define CRYPTO_FG_DUAL_MASK CRYPTO_FG_MAC_CIPHER_MASK - -/* - * The crypto_mech_info structure specifies one of the mechanisms - * supported by a cryptographic provider. The pi_mechanisms field of - * the crypto_provider_info structure contains a pointer to an array - * of crypto_mech_info's. - */ -typedef struct crypto_mech_info { - crypto_mech_name_t cm_mech_name; - crypto_mech_type_t cm_mech_number; - crypto_func_group_t cm_func_group_mask; - ssize_t cm_min_key_length; - ssize_t cm_max_key_length; - uint32_t cm_mech_flags; -} crypto_mech_info_t; - -/* Alias the old name to the new name for compatibility. */ -#define cm_keysize_unit cm_mech_flags - -/* - * crypto_kcf_provider_handle_t is a handle allocated by the kernel. - * It is returned after the provider registers with - * crypto_register_provider(), and must be specified by the provider - * when calling crypto_unregister_provider(), and - * crypto_provider_notification(). - */ -typedef uint_t crypto_kcf_provider_handle_t; - -/* - * Provider information. Passed as argument to crypto_register_provider(9F). - * Describes the provider and its capabilities. Multiple providers can - * register for the same device instance. In this case, the same - * pi_provider_dev must be specified with a different pi_provider_handle. - */ -typedef struct crypto_provider_info_v1 { - uint_t pi_interface_version; - char *pi_provider_description; - crypto_provider_type_t pi_provider_type; - crypto_provider_dev_t pi_provider_dev; - crypto_provider_handle_t pi_provider_handle; - crypto_ops_t *pi_ops_vector; - uint_t pi_mech_list_count; - crypto_mech_info_t *pi_mechanisms; - uint_t pi_logical_provider_count; - crypto_kcf_provider_handle_t *pi_logical_providers; -} crypto_provider_info_v1_t; - -typedef struct crypto_provider_info_v2 { - crypto_provider_info_v1_t v1_info; - uint_t pi_flags; -} crypto_provider_info_v2_t; - -typedef struct crypto_provider_info { - union { - crypto_provider_info_v2_t piu_v2; - crypto_provider_info_v1_t piu_v1; - } piu; -} crypto_provider_info_t; - -#define pi_interface_version piu.piu_v1.pi_interface_version -#define pi_provider_description piu.piu_v1.pi_provider_description -#define pi_provider_type piu.piu_v1.pi_provider_type -#define pi_provider_dev piu.piu_v1.pi_provider_dev -#define pi_provider_handle piu.piu_v1.pi_provider_handle -#define pi_ops_vector piu.piu_v1.pi_ops_vector -#define pi_mech_list_count piu.piu_v1.pi_mech_list_count -#define pi_mechanisms piu.piu_v1.pi_mechanisms -#define pi_logical_provider_count piu.piu_v1.pi_logical_provider_count -#define pi_logical_providers piu.piu_v1.pi_logical_providers -#define pi_flags piu.piu_v2.pi_flags - -/* hidden providers can only be accessed via a logical provider */ -#define CRYPTO_HIDE_PROVIDER 0x00000001 -/* - * provider can not do multi-part digest (updates) and has a limit - * on maximum input data that it can digest. The provider sets - * this value in crypto_provider_ext_info_t by implementing - * the ext_info entry point in the co_provider_ops vector. - */ -#define CRYPTO_HASH_NO_UPDATE 0x00000002 -/* - * provider can not do multi-part HMAC (updates) and has a limit - * on maximum input data that it can hmac. The provider sets - * this value in crypto_provider_ext_info_t by implementing - * the ext_info entry point in the co_provider_ops vector. - */ -#define CRYPTO_HMAC_NO_UPDATE 0x00000008 - -/* provider can handle the request without returning a CRYPTO_QUEUED */ -#define CRYPTO_SYNCHRONOUS 0x00000004 - -#define CRYPTO_PIFLAGS_RESERVED2 0x40000000 -#define CRYPTO_PIFLAGS_RESERVED1 0x80000000 - -/* - * Provider status passed by a provider to crypto_provider_notification(9F) - * and returned by the provider_stauts(9E) entry point. - */ -#define CRYPTO_PROVIDER_READY 0 -#define CRYPTO_PROVIDER_BUSY 1 -#define CRYPTO_PROVIDER_FAILED 2 - -/* - * Functions exported by Solaris to cryptographic providers. Providers - * call these functions to register and unregister, notify the kernel - * of state changes, and notify the kernel when a asynchronous request - * completed. - */ -extern int crypto_register_provider(crypto_provider_info_t *, - crypto_kcf_provider_handle_t *); -extern int crypto_unregister_provider(crypto_kcf_provider_handle_t); -extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t); -extern void crypto_op_notification(crypto_req_handle_t, int); -extern int crypto_kmflag(crypto_req_handle_t); - -#endif /* _KERNEL */ - -#ifdef __cplusplus -} -#endif - -#endif /* _SYS_CRYPTO_SPI_H */