Print this page
6414175 kcf.conf's supportedlist not providing much usefulness
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h
+++ new/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 - * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22 + * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 #ifndef _CRYPTOADM_H
27 27 #define _CRYPTOADM_H
28 28
29 -#pragma ident "%Z%%M% %I% %E% SMI"
30 -
29 +#include <sys/types.h>
31 30 #include <sys/crypto/ioctladmin.h>
32 31 #include <cryptoutil.h>
33 32 #include <security/cryptoki.h>
34 33
35 34 #ifdef __cplusplus
36 35 extern "C" {
37 36 #endif
38 37
39 38 #define _PATH_KCF_CONF "/etc/crypto/kcf.conf"
40 39 #define _PATH_KCFD "/usr/lib/crypto/kcfd"
41 40 #define TMPFILE_TEMPLATE "/etc/crypto/admXXXXXX"
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
42 41
43 42 #define ERROR_USAGE 2
44 43
45 44 /*
46 45 * Common keywords and delimiters for pkcs11.conf and kcf.conf files are
47 46 * defined in usr/lib/libcryptoutil/common/cryptoutil.h. The following is
48 47 * the extra keywords and delimiters used in kcf.conf file.
49 48 */
50 49 #define SEP_SLASH '/'
51 50 #define EF_SUPPORTED "supportedlist="
52 -#define HW_DRIVER_STRING "driver_names"
51 +#define EF_UNLOAD "unload"
53 52 #define RANDOM "random"
54 53 #define UEF_FRAME_LIB "/usr/lib/libpkcs11.so"
55 54
56 55 #define ADD_MODE 1
57 56 #define DELETE_MODE 2
58 57 #define MODIFY_MODE 3
59 58
60 59 typedef char prov_name_t[MAXNAMELEN];
61 60 typedef char mech_name_t[CRYPTO_MAX_MECH_NAME];
62 61
63 62 typedef struct mechlist {
64 63 mech_name_t name;
65 64 struct mechlist *next;
66 65 } mechlist_t;
67 66
68 67
69 68 typedef struct entry {
70 69 prov_name_t name;
71 70 mechlist_t *suplist; /* supported list */
72 - uint_t sup_count;
71 + uint_t sup_count;
73 72 mechlist_t *dislist; /* disabled list */
74 - uint_t dis_count;
73 + uint_t dis_count;
74 + boolean_t load; /* B_FALSE after cryptoadm unload */
75 75 } entry_t;
76 76
77 77
78 78 typedef struct entrylist {
79 79 entry_t *pent;
80 80 struct entrylist *next;
81 81 } entrylist_t;
82 82
83 83 typedef enum {
84 84 NO_RNG,
85 85 HAS_RNG
86 86 } flag_val_t;
87 87
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
88 88 extern int errno;
89 89
90 90 /* adm_util */
91 91 extern boolean_t is_in_list(char *, mechlist_t *);
92 92 extern mechlist_t *create_mech(char *);
93 93 extern void free_mechlist(mechlist_t *);
94 94
95 95 /* adm_kef_util */
96 96 extern boolean_t is_device(char *);
97 97 extern char *ent2str(entry_t *);
98 -extern entry_t *getent_kef(char *);
99 -extern int check_active_for_soft(char *, boolean_t *);
100 -extern int check_active_for_hard(char *, boolean_t *);
98 +extern entry_t *getent_kef(char *provname,
99 + entrylist_t *pdevlist, entrylist_t *psoftlist);
100 +extern int check_kernel_for_soft(char *provname,
101 + crypto_get_soft_list_t *psoftlist, boolean_t *in_kernel);
102 +extern int check_kernel_for_hard(char *provname,
103 + crypto_get_dev_list_t *pdevlist, boolean_t *in_kernel);
101 104 extern int disable_mechs(entry_t **, mechlist_t *, boolean_t, mechlist_t *);
102 105 extern int enable_mechs(entry_t **, boolean_t, mechlist_t *);
103 106 extern int get_kcfconf_info(entrylist_t **, entrylist_t **);
104 107 extern int get_admindev_info(entrylist_t **, entrylist_t **);
105 108 extern int get_mech_count(mechlist_t *);
109 +extern entry_t *create_entry(char *provname);
106 110 extern int insert_kcfconf(entry_t *);
107 111 extern int split_hw_provname(char *, char *, int *);
108 112 extern int update_kcfconf(entry_t *, int);
109 113 extern void free_entry(entry_t *);
110 114 extern void free_entrylist(entrylist_t *);
111 115 extern void print_mechlist(char *, mechlist_t *);
112 -extern void print_kef_policy(entry_t *, boolean_t, boolean_t);
116 +extern void print_kef_policy(char *provname, entry_t *pent,
117 + boolean_t has_random, boolean_t has_mechs);
113 118 extern boolean_t filter_mechlist(mechlist_t **, const char *);
114 119 extern uentry_t *getent_uef(char *);
115 120
116 121
117 122 /* adm_uef */
118 123 extern int list_mechlist_for_lib(char *, mechlist_t *, flag_val_t *,
119 124 boolean_t, boolean_t, boolean_t);
120 125 extern int list_policy_for_lib(char *);
121 126 extern int disable_uef_lib(char *, boolean_t, boolean_t, mechlist_t *);
122 127 extern int enable_uef_lib(char *, boolean_t, boolean_t, mechlist_t *);
123 128 extern int install_uef_lib(char *);
124 129 extern int uninstall_uef_lib(char *);
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
125 130 extern int print_uef_policy(uentry_t *);
126 131 extern void display_token_flags(CK_FLAGS flags);
127 132 extern int convert_mechlist(CK_MECHANISM_TYPE **, CK_ULONG *, mechlist_t *);
128 133 extern void display_verbose_mech_header();
129 134 extern void display_mech_info(CK_MECHANISM_INFO *);
130 135 extern int display_policy(uentry_t *);
131 136 extern int update_pkcs11conf(uentry_t *);
132 137 extern int update_policylist(uentry_t *, mechlist_t *, int);
133 138
134 139 /* adm_kef */
135 -extern int list_mechlist_for_soft(char *);
140 +extern int list_mechlist_for_soft(char *provname,
141 + entrylist_t *phardlist, entrylist_t *psoftlist);
136 142 extern int list_mechlist_for_hard(char *);
137 -extern int list_policy_for_soft(char *);
138 -extern int list_policy_for_hard(char *);
143 +extern int list_policy_for_soft(char *provname,
144 + entrylist_t *phardlist, entrylist_t *psoftlist);
145 +extern int list_policy_for_hard(char *provname,
146 + entrylist_t *phardlist, entrylist_t *psoftlist,
147 + crypto_get_dev_list_t *pdevlist);
139 148 extern int disable_kef_software(char *, boolean_t, boolean_t, mechlist_t *);
140 149 extern int disable_kef_hardware(char *, boolean_t, boolean_t, mechlist_t *);
141 150 extern int enable_kef(char *, boolean_t, boolean_t, mechlist_t *);
142 151 extern int install_kef(char *, mechlist_t *);
143 152 extern int uninstall_kef(char *);
144 -extern int unload_kef_soft(char *, boolean_t);
153 +extern int unload_kef_soft(char *provname);
145 154 extern int refresh(void);
146 155 extern int start_daemon(void);
147 156 extern int stop_daemon(void);
148 157
149 158 /* adm_ioctl */
150 159 extern crypto_load_soft_config_t *setup_soft_conf(entry_t *);
151 160 extern crypto_load_soft_disabled_t *setup_soft_dis(entry_t *);
152 161 extern crypto_load_dev_disabled_t *setup_dev_dis(entry_t *);
153 162 extern crypto_unload_soft_module_t *setup_unload_soft(entry_t *);
154 163 extern int get_dev_info(char *, int, int, mechlist_t **);
155 164 extern int get_dev_list(crypto_get_dev_list_t **);
156 -extern int get_soft_info(char *, mechlist_t **);
165 +extern int get_soft_info(char *provname, mechlist_t **ppmechlist,
166 + entrylist_t *phardlist, entrylist_t *psoftlist);
157 167 extern int get_soft_list(crypto_get_soft_list_t **);
158 168
159 169 /* adm_metaslot */
160 170 extern int list_metaslot_info(boolean_t, boolean_t, mechlist_t *);
161 171 extern int list_metaslot_policy();
162 172 extern int disable_metaslot(mechlist_t *, boolean_t, boolean_t);
163 173 extern int enable_metaslot(char *, char *, boolean_t, mechlist_t *, boolean_t,
164 174 boolean_t);
165 175
166 176 #ifdef __cplusplus
167 177 }
168 178 #endif
169 179
170 180 #endif /* _CRYPTOADM_H */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX