| blob | 41705e84bc4b53c422deffb2997c3757add186b7 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 #include <sys/zfs_context.h>
27 #include <sys/crypto/common.h>
28 #include <sys/crypto/api.h>
29 #include <sys/crypto/impl.h>
31 /* Cryptographic mechanisms tables and their access functions */
33 /*
34 * Internal numbers assigned to mechanisms are coded as follows:
35 *
36 * +----------------+----------------+
37 * | mech. class | mech. index |
38 * <--- 32-bits --->+<--- 32-bits --->
39 *
40 * the mech_class identifies the table the mechanism belongs to.
41 * mech_index is the index for that mechanism in the table.
42 * A mechanism belongs to exactly 1 table.
43 * The tables are:
44 * . digest_mechs_tab[] for the msg digest mechs.
45 * . cipher_mechs_tab[] for encrypt/decrypt and wrap/unwrap mechs.
46 * . mac_mechs_tab[] for MAC mechs.
47 * . sign_mechs_tab[] for sign & verify mechs.
48 * . keyops_mechs_tab[] for key/key pair generation, and key derivation.
49 * . misc_mechs_tab[] for mechs that don't belong to any of the above.
50 *
51 * There are no holes in the tables.
52 */
54 /*
55 * Locking conventions:
56 * --------------------
57 * A mutex is associated with every entry of the tables.
58 * The mutex is acquired whenever the entry is accessed for
59 * 1) retrieving the mech_id (comparing the mech name)
60 * 2) finding a provider for an xxx_init() or atomic operation.
61 * 3) altering the mechs entry to add or remove a provider.
62 *
63 * In 2), after a provider is chosen, its prov_desc is held and the
64 * entry's mutex must be dropped. The provider's working function (SPI) is
65 * called outside the mech_entry's mutex.
66 *
67 * The number of providers for a particular mechanism is not expected to be
68 * long enough to justify the cost of using rwlocks, so the per-mechanism
69 * entry mutex won't be very *hot*.
70 *
71 */
73 /* Mechanisms tables */
76 /* RFE 4687834 Will deal with the extensibility of these tables later */
87 };
91 static int
93 {
97 }
99 void
101 {
103 ;
105 }
107 /*
108 * kcf_init_mech_tabs()
109 *
110 * Called by the misc/kcf's _init() routine to initialize the tables
111 * of mech_entry's.
112 */
113 void
115 {
118 }
120 /*
121 * kcf_create_mech_entry()
122 *
123 * Arguments:
124 * . The class of mechanism.
125 * . the name of the new mechanism.
126 *
127 * Description:
128 * Creates a new mech_entry for a mechanism not yet known to the
129 * framework.
130 * This routine is called by kcf_add_mech_provider, which is
131 * in turn invoked for each mechanism supported by a provider.
132 * The'class' argument depends on the crypto_func_group_t bitmask
133 * in the registering provider's mech_info struct for this mechanism.
134 * When there is ambiguity in the mapping between the crypto_func_group_t
135 * and a class (dual ops, ...) the KCF_MISC_CLASS should be used.
136 *
137 * Context:
138 * User context only.
139 *
140 * Returns:
141 * KCF_INVALID_MECH_CLASS or KCF_INVALID_MECH_NAME if the class or
142 * the mechname is bogus.
143 * KCF_MECH_TAB_FULL when there is no room left in the mech. tabs.
144 * KCF_SUCCESS otherwise.
145 */
146 static int
148 {
154 /*
155 * First check if the mechanism is already in one of the tables.
156 * The mech_entry could be in another class.
157 */
159 kcf_mech_entry_t tmptab;
163 /* Now take the next unused mech entry in the class's tab */
169 /* Found an empty spot */
171 CRYPTO_MAX_MECH_NAME);
174 /* Add the new mechanism to the hash table */
177 }
180 }
182 /*
183 * kcf_add_mech_provider()
184 *
185 * Arguments:
186 * . An index in to the provider mechanism array
187 * . A pointer to the provider descriptor
188 * . A storage for the kcf_prov_mech_desc_t the entry was added at.
189 *
190 * Description:
191 * Adds a new provider of a mechanism to the mechanism's mech_entry
192 * chain.
193 *
194 * Context:
195 * User context only.
196 *
197 * Returns
198 * KCF_SUCCESS on success
199 * KCF_MECH_TAB_FULL otherwise.
200 */
201 int
204 {
208 crypto_mech_type_t kcf_mech_type;
213 /*
214 * A mechanism belongs to exactly one mechanism table.
215 * Find the class corresponding to the function group flag of
216 * the mechanism.
217 */
231 else
234 /*
235 * Attempt to create a new mech_entry for the specified
236 * mechanism. kcf_create_mech_entry() can handle the case
237 * where such an entry already exists.
238 */
242 }
243 /* get the KCF mech type that was assigned to the mechanism */
246 }
251 /* allocate and initialize new kcf_prov_mech_desc */
262 /*
263 * Add new kcf_prov_mech_desc at the front of HW providers
264 * chain.
265 */
267 /*
268 * There is already a provider for this mechanism.
269 * Since we allow only one provider per mechanism,
270 * report this condition.
271 */
278 pd_description);
283 /*
284 * Set the provider as the provider for
285 * this mechanism.
286 */
288 }
293 }
295 /*
296 * kcf_remove_mech_provider()
297 *
298 * Arguments:
299 * . mech_name: the name of the mechanism.
300 * . prov_desc: The provider descriptor
301 *
302 * Description:
303 * Removes a provider from chain of provider descriptors.
304 * The provider is made unavailable to kernel consumers for the specified
305 * mechanism.
306 *
307 * Context:
308 * User context only.
309 */
310 void
312 {
313 crypto_mech_type_t mech_type;
317 /* get the KCF mech type that was assigned to the mechanism */
319 CRYPTO_MECH_INVALID) {
320 /*
321 * Provider was not allowed for this mech due to policy or
322 * configuration.
323 */
325 }
327 /* get a ptr to the mech_entry that was created */
329 /*
330 * Provider was not allowed for this mech due to policy or
331 * configuration.
332 */
334 }
338 /* not the provider for this mechanism */
340 }
344 /* free entry */
348 }
350 /*
351 * kcf_get_mech_entry()
352 *
353 * Arguments:
354 * . The framework mechanism type
355 * . Storage for the mechanism entry
356 *
357 * Description:
358 * Retrieves the mechanism entry for the mech.
359 *
360 * Context:
361 * User and interrupt contexts.
362 *
363 * Returns:
364 * KCF_MECHANISM_XXX appropriate error code.
365 * KCF_SUCCESS otherwise.
366 */
367 int
369 {
379 /* the caller won't need to know it's an invalid class */
381 }
388 }
393 }
395 /*
396 * crypto_mech2id()
397 *
398 * Arguments:
399 * . mechname: A null-terminated string identifying the mechanism name.
400 *
401 * Description:
402 * Walks the mechanisms tables, looking for an entry that matches the
403 * mechname. Once it find it, it builds the 64-bit mech_type and returns
404 * it.
405 *
406 * Context:
407 * Process and interruption.
408 *
409 * Returns:
410 * The unique mechanism identified by 'mechname', if found.
411 * CRYPTO_MECH_INVALID otherwise.
412 */
413 /*
414 * Lookup the hash table for an entry that matches the mechname.
415 * If there are no providers for the mechanism,
416 * but there is an unloaded provider, this routine will attempt
417 * to load it.
418 */
419 crypto_mech_type_t
421 {
428 }
431 }
433 #if defined(_KERNEL)
435 #endif