| Current File : //usr/include/libucrypto.h |
/*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _LIBUCRYPTO_H
#define _LIBUCRYPTO_H
#ifdef __cplusplus
extern "C" {
#endif
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <strings.h>
#include <sys/crypto/spi.h>
#include <sys/crypto/common.h>
#include <security/cryptoki.h>
/* Constants for getting FIPS-140 mode */
#define FIPS_KEYWORD "fips-140"
#define CRYPTO_FIPS_MODE_DISABLED 0
#define CRYPTO_FIPS_MODE_ENABLED 1
#define FIPS_STATUS "fips_status"
/*
* Mechanism list for ucrypto.
* The mechanism value of 0 is used for mechanism invalid.
*
* JDK hardwired to these enum values. Do not change existing enum values.
* New enum values may be added to the end, and remember to make parallel
* updates to mechstrlist in the libucrypto library, and aes_mech_type_t
* in the AES crypto module, or rsa_mech_type_t in the RSA crypto module,
* or hmac_mech_type_t in the HMAC module, as appropriate.
*/
typedef enum ucrypto_mech {
CRYPTO_AES_ECB = 1,
CRYPTO_AES_CBC,
CRYPTO_AES_CBC_PAD,
CRYPTO_AES_CTR,
CRYPTO_AES_CCM,
CRYPTO_AES_GCM,
CRYPTO_AES_GMAC, /* Unsupported */
CRYPTO_AES_CFB128,
CRYPTO_AES_XTS,
CRYPTO_AES_XCBC_MAC,
CRYPTO_CAMELLIA_ECB,
CRYPTO_CAMELLIA_CBC,
CRYPTO_CAMELLIA_CBC_PAD,
CRYPTO_RSA_PKCS = 31,
CRYPTO_RSA_X_509,
CRYPTO_MD5_RSA_PKCS,
CRYPTO_SHA1_RSA_PKCS,
CRYPTO_SHA256_RSA_PKCS,
CRYPTO_SHA384_RSA_PKCS,
CRYPTO_SHA512_RSA_PKCS,
CRYPTO_SHA224_RSA_PKCS,
/* CRYPTO_DSA, 39 */
/* CRYPTO_DSA_SHA1, 40 */
CRYPTO_SHA224_DSA = 41,
CRYPTO_SHA256_DSA,
CRYPTO_SHA384_DSA,
CRYPTO_SHA512_DSA, /* = 44 */
CRYPTO_MD4 = 90,
CRYPTO_MD5 = 93,
CRYPTO_MD5_HMAC,
CRYPTO_MD5_HMAC_GEN,
CRYPTO_SHA1 = 96,
CRYPTO_SHA1_HMAC,
CRYPTO_SHA1_HMAC_GEN,
CRYPTO_SHA224 = 99,
CRYPTO_SHA224_HMAC,
CRYPTO_SHA224_HMAC_GEN,
CRYPTO_SHA256 = 102,
CRYPTO_SHA256_HMAC,
CRYPTO_SHA256_HMAC_GEN,
CRYPTO_SHA384 = 105,
CRYPTO_SHA384_HMAC,
CRYPTO_SHA384_HMAC_GEN,
CRYPTO_SHA512 = 108,
CRYPTO_SHA512_HMAC,
CRYPTO_SHA512_HMAC_GEN,
/* 111-125 are reserved for SHA512_T helper mechanisms. Do not use! */
CRYPTO_SHA512_T = 126,
CRYPTO_SHA512_T_HMAC,
CRYPTO_SHA512_T_HMAC_GEN
} ucrypto_mech_t;
/*
* This is a private interface to software crypto in the libucrypto
* library.
*
* Crypto context:
*
* crypto_ctx_t is a pointer to the crypto context that must be passed to
* each of the functions to perform a multi-part operation. The init
* function will allocate and final function will the free the context.
* On failure of any of the multi-part functions, the context will
* be freed.
* For atomic operations, the contexts in handled internally and no
* user interaction is needed.
*
* Output length:
* For functions that have an "out_len", this variable will be set to
* the length of the data returned by the operation. In case the function
* failures the value is not guaranteed to be zero.
*/
/* Encrypt multi-part */
extern int ucrypto_encrypt_init(crypto_ctx_t *context,
ucrypto_mech_t mech_type, uchar_t *key_str, size_t key_len,
void *iv, size_t iv_len);
extern int ucrypto_encrypt_update(crypto_ctx_t *context, uchar_t *in,
size_t in_len, uchar_t *out, size_t *out_len);
extern int ucrypto_encrypt_final(crypto_ctx_t *context, uchar_t *out,
size_t *out_len);
/* Encrypt atomic */
extern int ucrypto_encrypt(ucrypto_mech_t mech_type, uchar_t *key_str,
size_t key_len, void *iv, size_t iv_len, uchar_t *in,
size_t in_len, uchar_t *out, size_t *out_len);
/* Decrypt multi-part */
extern int ucrypto_decrypt_init(crypto_ctx_t *context,
ucrypto_mech_t mech_type, uchar_t *key_str, size_t key_len,
void *iv, size_t iv_len);
extern int ucrypto_decrypt_update(crypto_ctx_t *context, uchar_t *in,
size_t in_len, uchar_t *out, size_t *out_len);
extern int ucrypto_decrypt_final(crypto_ctx_t *context, uchar_t *out,
size_t *out_len);
/* Decrypt atomic */
extern int ucrypto_decrypt(ucrypto_mech_t mech_type, uchar_t *key_str,
size_t key_len, void *iv, size_t iv_len, uchar_t *in,
size_t in_len, uchar_t *out, size_t *out_len);
/* Sign multi-part */
extern int ucrypto_sign_init(crypto_ctx_t *context, ucrypto_mech_t mech_type,
uchar_t *key_str, size_t key_len, void *iv, size_t iv_len);
extern int ucrypto_sign_update(crypto_ctx_t *context,
const uchar_t *data_str, size_t data_len);
extern int ucrypto_sign_final(crypto_ctx_t *context,
uchar_t *sig_str, size_t *sig_len);
/* Sign atomic */
extern int ucrypto_sign(ucrypto_mech_t mech_type,
uchar_t *key_str, size_t key_len, void *iv, size_t iv_len,
const uchar_t *data_str, size_t data_len, uchar_t *sig_str,
size_t *sig_len);
/* Verify multi-part */
extern int ucrypto_verify_init(crypto_ctx_t *context, ucrypto_mech_t mech_type,
uchar_t *key_str, size_t key_len, void *iv, size_t iv_len);
extern int ucrypto_verify_update(crypto_ctx_t *context,
const uchar_t *data_str, size_t data_len);
extern int ucrypto_verify_final(crypto_ctx_t *context,
uchar_t *sig_str, size_t *sig_len);
/* Verify atomic */
extern int ucrypto_verify(ucrypto_mech_t mech_type,
uchar_t *key_str, size_t key_len, void *iv, size_t iv_len,
const uchar_t *data_str, size_t data_len, uchar_t *sig, size_t *sig_len);
/* Digest multi-part */
extern int ucrypto_digest_length(crypto_ctx_t *context,
size_t *digest_len);
extern int ucrypto_digest_init(crypto_ctx_t *context,
ucrypto_mech_t mech_type, void *param, size_t param_len);
extern int ucrypto_digest_update(crypto_ctx_t *context,
const uchar_t *data, size_t data_len);
extern int ucrypto_digest_final(crypto_ctx_t *context,
uchar_t *digest, size_t *digest_len);
/* Digest atomic */
extern int ucrypto_digest(ucrypto_mech_t mech_type,
void *param, size_t param_len,
const uchar_t *data, size_t data_len,
uchar_t *digest, size_t *digest_len);
/* MAC multi-part */
extern int ucrypto_mac_init(crypto_ctx_t *context, ucrypto_mech_t mech_type,
uchar_t *key_str, size_t key_len, void *param, size_t param_len);
extern int ucrypto_mac_update(crypto_ctx_t *context,
uchar_t *data, size_t data_len);
extern int ucrypto_mac_final(crypto_ctx_t *context,
uchar_t *mac, size_t *mac_len);
/* MAC atomic */
extern int ucrypto_mac(ucrypto_mech_t mech_type,
uchar_t *key_str, size_t key_len,
void *param, size_t param_len,
uchar_t *data, size_t data_len,
uchar_t *mac, size_t *mac_len);
/* Clean up crypto context */
extern void ucrypto_free_context(crypto_ctx_t *context);
/*
* Sets in the given pointer a delimited string of supported mechanisms
* with their value number specifed in ucrypto_mech_t. There are no
* whitespaces in the string. The return value is the length of the string.
* If the pointer given is NULL, the function will return the length of the
* string.
*
* The format is as below:
* < number of supported mechanisms >: \
* < name of mechanism >,< number of mechanism >; \
* < name of mechanism >,< number of mechanism >; \
* ... repeat until finished.
*/
extern int ucrypto_get_mechlist(char *str);
/*
* Returns the mechanism string value for a given mechanism id number.
* This will return NULL for invalid mechanisms.
*/
extern const char *ucrypto_id2mech(ucrypto_mech_t mech_type);
/*
* Returns the mechanism id number for a given mechanism string.
* This will return 0 for invalid mechanisms.
*/
extern ucrypto_mech_t ucrypto_mech2id(const char *str);
/* Returns the version of this library */
extern int ucrypto_version(void);
/* Sets *mode to whether or not FIPS mode is enabled */
extern CK_RV get_fips_mode(int *mode);
#ifdef __cplusplus
}
#endif
#endif /* _LIBUCRYPTO_H */