1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_OPS_IMPL_H 27 #define _SYS_CRYPTO_OPS_IMPL_H 28 29 /* 30 * Scheduler internal structures. 31 */ 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #include <sys/types.h> 38 #include <sys/mutex.h> 39 #include <sys/condvar.h> 40 #include <sys/crypto/api.h> 41 #include <sys/crypto/spi.h> 42 #include <sys/crypto/impl.h> 43 #include <sys/crypto/common.h> 44 45 /* 46 * The parameters needed for each function group are batched 47 * in one structure. This is much simpler than having a 48 * separate structure for each function. 49 * 50 * In some cases, a field is generically named to keep the 51 * structure small. The comments indicate these cases. 52 */ 53 typedef struct kcf_digest_ops_params { 54 crypto_session_id_t do_sid; 55 crypto_mech_type_t do_framework_mechtype; 56 crypto_mechanism_t do_mech; 57 crypto_data_t *do_data; 58 crypto_data_t *do_digest; 59 crypto_key_t *do_digest_key; /* Argument for digest_key() */ 60 } kcf_digest_ops_params_t; 61 62 typedef struct kcf_mac_ops_params { 63 crypto_session_id_t mo_sid; 64 crypto_mech_type_t mo_framework_mechtype; 65 crypto_mechanism_t mo_mech; 66 crypto_key_t *mo_key; 67 crypto_data_t *mo_data; 68 crypto_data_t *mo_mac; 69 crypto_spi_ctx_template_t mo_templ; 70 } kcf_mac_ops_params_t; 71 72 typedef struct kcf_encrypt_ops_params { 73 crypto_session_id_t eo_sid; 74 crypto_mech_type_t eo_framework_mechtype; 75 crypto_mechanism_t eo_mech; 76 crypto_key_t *eo_key; 77 crypto_data_t *eo_plaintext; 78 crypto_data_t *eo_ciphertext; 79 crypto_spi_ctx_template_t eo_templ; 80 } kcf_encrypt_ops_params_t; 81 82 typedef struct kcf_decrypt_ops_params { 83 crypto_session_id_t dop_sid; 84 crypto_mech_type_t dop_framework_mechtype; 85 crypto_mechanism_t dop_mech; 86 crypto_key_t *dop_key; 87 crypto_data_t *dop_ciphertext; 88 crypto_data_t *dop_plaintext; 89 crypto_spi_ctx_template_t dop_templ; 90 } kcf_decrypt_ops_params_t; 91 92 typedef struct kcf_sign_ops_params { 93 crypto_session_id_t so_sid; 94 crypto_mech_type_t so_framework_mechtype; 95 crypto_mechanism_t so_mech; 96 crypto_key_t *so_key; 97 crypto_data_t *so_data; 98 crypto_data_t *so_signature; 99 crypto_spi_ctx_template_t so_templ; 100 } kcf_sign_ops_params_t; 101 102 typedef struct kcf_verify_ops_params { 103 crypto_session_id_t vo_sid; 104 crypto_mech_type_t vo_framework_mechtype; 105 crypto_mechanism_t vo_mech; 106 crypto_key_t *vo_key; 107 crypto_data_t *vo_data; 108 crypto_data_t *vo_signature; 109 crypto_spi_ctx_template_t vo_templ; 110 } kcf_verify_ops_params_t; 111 112 typedef struct kcf_encrypt_mac_ops_params { 113 crypto_session_id_t em_sid; 114 crypto_mech_type_t em_framework_encr_mechtype; 115 crypto_mechanism_t em_encr_mech; 116 crypto_key_t *em_encr_key; 117 crypto_mech_type_t em_framework_mac_mechtype; 118 crypto_mechanism_t em_mac_mech; 119 crypto_key_t *em_mac_key; 120 crypto_data_t *em_plaintext; 121 crypto_dual_data_t *em_ciphertext; 122 crypto_data_t *em_mac; 123 crypto_spi_ctx_template_t em_encr_templ; 124 crypto_spi_ctx_template_t em_mac_templ; 125 } kcf_encrypt_mac_ops_params_t; 126 127 typedef struct kcf_mac_decrypt_ops_params { 128 crypto_session_id_t md_sid; 129 crypto_mech_type_t md_framework_mac_mechtype; 130 crypto_mechanism_t md_mac_mech; 131 crypto_key_t *md_mac_key; 132 crypto_mech_type_t md_framework_decr_mechtype; 133 crypto_mechanism_t md_decr_mech; 134 crypto_key_t *md_decr_key; 135 crypto_dual_data_t *md_ciphertext; 136 crypto_data_t *md_mac; 137 crypto_data_t *md_plaintext; 138 crypto_spi_ctx_template_t md_mac_templ; 139 crypto_spi_ctx_template_t md_decr_templ; 140 } kcf_mac_decrypt_ops_params_t; 141 142 typedef struct kcf_random_number_ops_params { 143 crypto_session_id_t rn_sid; 144 uchar_t *rn_buf; 145 size_t rn_buflen; 146 uint_t rn_entropy_est; 147 uint32_t rn_flags; 148 } kcf_random_number_ops_params_t; 149 150 /* 151 * so_pd is useful when the provider descriptor (pd) supplying the 152 * provider handle is different from the pd supplying the ops vector. 153 * This is the case for session open/close where so_pd can be the pd 154 * of a logical provider. The pd supplying the ops vector is passed 155 * as an argument to kcf_submit_request(). 156 */ 157 typedef struct kcf_session_ops_params { 158 crypto_session_id_t *so_sid_ptr; 159 crypto_session_id_t so_sid; 160 crypto_user_type_t so_user_type; 161 char *so_pin; 162 size_t so_pin_len; 163 kcf_provider_desc_t *so_pd; 164 } kcf_session_ops_params_t; 165 166 typedef struct kcf_object_ops_params { 167 crypto_session_id_t oo_sid; 168 crypto_object_id_t oo_object_id; 169 crypto_object_attribute_t *oo_template; 170 uint_t oo_attribute_count; 171 crypto_object_id_t *oo_object_id_ptr; 172 size_t *oo_object_size; 173 void **oo_find_init_pp_ptr; 174 void *oo_find_pp; 175 uint_t oo_max_object_count; 176 uint_t *oo_object_count_ptr; 177 } kcf_object_ops_params_t; 178 179 /* 180 * ko_key is used to encode wrapping key in key_wrap() and 181 * unwrapping key in key_unwrap(). ko_key_template and 182 * ko_key_attribute_count are used to encode public template 183 * and public template attr count in key_generate_pair(). 184 * kops->ko_key_object_id_ptr is used to encode public key 185 * in key_generate_pair(). 186 */ 187 typedef struct kcf_key_ops_params { 188 crypto_session_id_t ko_sid; 189 crypto_mech_type_t ko_framework_mechtype; 190 crypto_mechanism_t ko_mech; 191 crypto_object_attribute_t *ko_key_template; 192 uint_t ko_key_attribute_count; 193 crypto_object_id_t *ko_key_object_id_ptr; 194 crypto_object_attribute_t *ko_private_key_template; 195 uint_t ko_private_key_attribute_count; 196 crypto_object_id_t *ko_private_key_object_id_ptr; 197 crypto_key_t *ko_key; 198 uchar_t *ko_wrapped_key; 199 size_t *ko_wrapped_key_len_ptr; 200 crypto_object_attribute_t *ko_out_template1; 201 crypto_object_attribute_t *ko_out_template2; 202 uint_t ko_out_attribute_count1; 203 uint_t ko_out_attribute_count2; 204 } kcf_key_ops_params_t; 205 206 /* 207 * po_pin and po_pin_len are used to encode new_pin and new_pin_len 208 * when wrapping set_pin() function parameters. 209 * 210 * po_pd is useful when the provider descriptor (pd) supplying the 211 * provider handle is different from the pd supplying the ops vector. 212 * This is true for the ext_info provider entry point where po_pd 213 * can be the pd of a logical provider. The pd supplying the ops vector 214 * is passed as an argument to kcf_submit_request(). 215 */ 216 typedef struct kcf_provmgmt_ops_params { 217 crypto_session_id_t po_sid; 218 char *po_pin; 219 size_t po_pin_len; 220 char *po_old_pin; 221 size_t po_old_pin_len; 222 char *po_label; 223 crypto_provider_ext_info_t *po_ext_info; 224 kcf_provider_desc_t *po_pd; 225 } kcf_provmgmt_ops_params_t; 226 227 /* 228 * The operation type within a function group. 229 */ 230 typedef enum kcf_op_type { 231 /* common ops for all mechanisms */ 232 KCF_OP_INIT = 1, 233 KCF_OP_SINGLE, /* pkcs11 sense. So, INIT is already done */ 234 KCF_OP_UPDATE, 235 KCF_OP_FINAL, 236 KCF_OP_ATOMIC, 237 238 /* digest_key op */ 239 KCF_OP_DIGEST_KEY, 240 241 /* mac specific op */ 242 KCF_OP_MAC_VERIFY_ATOMIC, 243 244 /* mac/cipher specific op */ 245 KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC, 246 247 /* sign_recover ops */ 248 KCF_OP_SIGN_RECOVER_INIT, 249 KCF_OP_SIGN_RECOVER, 250 KCF_OP_SIGN_RECOVER_ATOMIC, 251 252 /* verify_recover ops */ 253 KCF_OP_VERIFY_RECOVER_INIT, 254 KCF_OP_VERIFY_RECOVER, 255 KCF_OP_VERIFY_RECOVER_ATOMIC, 256 257 /* random number ops */ 258 KCF_OP_RANDOM_SEED, 259 KCF_OP_RANDOM_GENERATE, 260 261 /* session management ops */ 262 KCF_OP_SESSION_OPEN, 263 KCF_OP_SESSION_CLOSE, 264 KCF_OP_SESSION_LOGIN, 265 KCF_OP_SESSION_LOGOUT, 266 267 /* object management ops */ 268 KCF_OP_OBJECT_CREATE, 269 KCF_OP_OBJECT_COPY, 270 KCF_OP_OBJECT_DESTROY, 271 KCF_OP_OBJECT_GET_SIZE, 272 KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE, 273 KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE, 274 KCF_OP_OBJECT_FIND_INIT, 275 KCF_OP_OBJECT_FIND, 276 KCF_OP_OBJECT_FIND_FINAL, 277 278 /* key management ops */ 279 KCF_OP_KEY_GENERATE, 280 KCF_OP_KEY_GENERATE_PAIR, 281 KCF_OP_KEY_WRAP, 282 KCF_OP_KEY_UNWRAP, 283 KCF_OP_KEY_DERIVE, 284 KCF_OP_KEY_CHECK, 285 286 /* provider management ops */ 287 KCF_OP_MGMT_EXTINFO, 288 KCF_OP_MGMT_INITTOKEN, 289 KCF_OP_MGMT_INITPIN, 290 KCF_OP_MGMT_SETPIN 291 } kcf_op_type_t; 292 293 /* 294 * The operation groups that need wrapping of parameters. This is somewhat 295 * similar to the function group type in spi.h except that this also includes 296 * all the functions that don't have a mechanism. 297 * 298 * The wrapper macros should never take these enum values as an argument. 299 * Rather, they are assigned in the macro itself since they are known 300 * from the macro name. 301 */ 302 typedef enum kcf_op_group { 303 KCF_OG_DIGEST = 1, 304 KCF_OG_MAC, 305 KCF_OG_ENCRYPT, 306 KCF_OG_DECRYPT, 307 KCF_OG_SIGN, 308 KCF_OG_VERIFY, 309 KCF_OG_ENCRYPT_MAC, 310 KCF_OG_MAC_DECRYPT, 311 KCF_OG_RANDOM, 312 KCF_OG_SESSION, 313 KCF_OG_OBJECT, 314 KCF_OG_KEY, 315 KCF_OG_PROVMGMT, 316 KCF_OG_NOSTORE_KEY 317 } kcf_op_group_t; 318 319 /* 320 * The kcf_op_type_t enum values used here should be only for those 321 * operations for which there is a k-api routine in sys/crypto/api.h. 322 */ 323 #define IS_INIT_OP(ftype) ((ftype) == KCF_OP_INIT) 324 #define IS_SINGLE_OP(ftype) ((ftype) == KCF_OP_SINGLE) 325 #define IS_UPDATE_OP(ftype) ((ftype) == KCF_OP_UPDATE) 326 #define IS_FINAL_OP(ftype) ((ftype) == KCF_OP_FINAL) 327 #define IS_ATOMIC_OP(ftype) ( \ 328 (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \ 329 (ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \ 330 (ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \ 331 (ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC) 332 333 /* 334 * Keep the parameters associated with a request around. 335 * We need to pass them to the SPI. 336 */ 337 typedef struct kcf_req_params { 338 kcf_op_group_t rp_opgrp; 339 kcf_op_type_t rp_optype; 340 341 union { 342 kcf_digest_ops_params_t digest_params; 343 kcf_mac_ops_params_t mac_params; 344 kcf_encrypt_ops_params_t encrypt_params; 345 kcf_decrypt_ops_params_t decrypt_params; 346 kcf_sign_ops_params_t sign_params; 347 kcf_verify_ops_params_t verify_params; 348 kcf_encrypt_mac_ops_params_t encrypt_mac_params; 349 kcf_mac_decrypt_ops_params_t mac_decrypt_params; 350 kcf_random_number_ops_params_t random_number_params; 351 kcf_session_ops_params_t session_params; 352 kcf_object_ops_params_t object_params; 353 kcf_key_ops_params_t key_params; 354 kcf_provmgmt_ops_params_t provmgmt_params; 355 } rp_u; 356 } kcf_req_params_t; 357 358 359 /* 360 * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t 361 * structure before calling a scheduler routine. The following macros are 362 * available for that purpose. 363 * 364 * For the most part, the macro arguments closely correspond to the 365 * function parameters. In some cases, we use generic names. The comments 366 * for the structure should indicate these cases. 367 */ 368 #define KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 369 _data, _digest) { \ 370 kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params; \ 371 crypto_mechanism_t *mechp = _mech; \ 372 \ 373 (req)->rp_opgrp = KCF_OG_DIGEST; \ 374 (req)->rp_optype = ftype; \ 375 dops->do_sid = _sid; \ 376 if (mechp != NULL) { \ 377 dops->do_mech = *mechp; \ 378 dops->do_framework_mechtype = mechp->cm_type; \ 379 } \ 380 dops->do_digest_key = _key; \ 381 dops->do_data = _data; \ 382 dops->do_digest = _digest; \ 383 } 384 385 #define KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 386 _data, _mac, _templ) { \ 387 kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params; \ 388 crypto_mechanism_t *mechp = _mech; \ 389 \ 390 (req)->rp_opgrp = KCF_OG_MAC; \ 391 (req)->rp_optype = ftype; \ 392 mops->mo_sid = _sid; \ 393 if (mechp != NULL) { \ 394 mops->mo_mech = *mechp; \ 395 mops->mo_framework_mechtype = mechp->cm_type; \ 396 } \ 397 mops->mo_key = _key; \ 398 mops->mo_data = _data; \ 399 mops->mo_mac = _mac; \ 400 mops->mo_templ = _templ; \ 401 } 402 403 #define KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 404 _plaintext, _ciphertext, _templ) { \ 405 kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params; \ 406 crypto_mechanism_t *mechp = _mech; \ 407 \ 408 (req)->rp_opgrp = KCF_OG_ENCRYPT; \ 409 (req)->rp_optype = ftype; \ 410 cops->eo_sid = _sid; \ 411 if (mechp != NULL) { \ 412 cops->eo_mech = *mechp; \ 413 cops->eo_framework_mechtype = mechp->cm_type; \ 414 } \ 415 cops->eo_key = _key; \ 416 cops->eo_plaintext = _plaintext; \ 417 cops->eo_ciphertext = _ciphertext; \ 418 cops->eo_templ = _templ; \ 419 } 420 421 #define KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 422 _ciphertext, _plaintext, _templ) { \ 423 kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params; \ 424 crypto_mechanism_t *mechp = _mech; \ 425 \ 426 (req)->rp_opgrp = KCF_OG_DECRYPT; \ 427 (req)->rp_optype = ftype; \ 428 cops->dop_sid = _sid; \ 429 if (mechp != NULL) { \ 430 cops->dop_mech = *mechp; \ 431 cops->dop_framework_mechtype = mechp->cm_type; \ 432 } \ 433 cops->dop_key = _key; \ 434 cops->dop_ciphertext = _ciphertext; \ 435 cops->dop_plaintext = _plaintext; \ 436 cops->dop_templ = _templ; \ 437 } 438 439 #define KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 440 _data, _signature, _templ) { \ 441 kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params; \ 442 crypto_mechanism_t *mechp = _mech; \ 443 \ 444 (req)->rp_opgrp = KCF_OG_SIGN; \ 445 (req)->rp_optype = ftype; \ 446 sops->so_sid = _sid; \ 447 if (mechp != NULL) { \ 448 sops->so_mech = *mechp; \ 449 sops->so_framework_mechtype = mechp->cm_type; \ 450 } \ 451 sops->so_key = _key; \ 452 sops->so_data = _data; \ 453 sops->so_signature = _signature; \ 454 sops->so_templ = _templ; \ 455 } 456 457 #define KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 458 _data, _signature, _templ) { \ 459 kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params; \ 460 crypto_mechanism_t *mechp = _mech; \ 461 \ 462 (req)->rp_opgrp = KCF_OG_VERIFY; \ 463 (req)->rp_optype = ftype; \ 464 vops->vo_sid = _sid; \ 465 if (mechp != NULL) { \ 466 vops->vo_mech = *mechp; \ 467 vops->vo_framework_mechtype = mechp->cm_type; \ 468 } \ 469 vops->vo_key = _key; \ 470 vops->vo_data = _data; \ 471 vops->vo_signature = _signature; \ 472 vops->vo_templ = _templ; \ 473 } 474 475 #define KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key, \ 476 _mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \ 477 kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \ 478 \ 479 (req)->rp_opgrp = KCF_OG_ENCRYPT_MAC; \ 480 (req)->rp_optype = ftype; \ 481 cmops->em_sid = _sid; \ 482 cmops->em_encr_key = _encr_key; \ 483 cmops->em_mac_key = _mac_key; \ 484 cmops->em_plaintext = _plaintext; \ 485 cmops->em_ciphertext = _ciphertext; \ 486 cmops->em_mac = _mac; \ 487 cmops->em_encr_templ = _encr_templ; \ 488 cmops->em_mac_templ = _mac_templ; \ 489 } 490 491 #define KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key, \ 492 _decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \ 493 kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \ 494 \ 495 (req)->rp_opgrp = KCF_OG_MAC_DECRYPT; \ 496 (req)->rp_optype = ftype; \ 497 cmops->md_sid = _sid; \ 498 cmops->md_mac_key = _mac_key; \ 499 cmops->md_decr_key = _decr_key; \ 500 cmops->md_ciphertext = _ciphertext; \ 501 cmops->md_mac = _mac; \ 502 cmops->md_plaintext = _plaintext; \ 503 cmops->md_mac_templ = _mac_templ; \ 504 cmops->md_decr_templ = _decr_templ; \ 505 } 506 507 #define KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen, \ 508 _est, _flags) { \ 509 kcf_random_number_ops_params_t *rops = \ 510 &(req)->rp_u.random_number_params; \ 511 \ 512 (req)->rp_opgrp = KCF_OG_RANDOM; \ 513 (req)->rp_optype = ftype; \ 514 rops->rn_sid = _sid; \ 515 rops->rn_buf = _buf; \ 516 rops->rn_buflen = _buflen; \ 517 rops->rn_entropy_est = _est; \ 518 rops->rn_flags = _flags; \ 519 } 520 521 #define KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid, \ 522 _user_type, _pin, _pin_len, _pd) { \ 523 kcf_session_ops_params_t *sops = &(req)->rp_u.session_params; \ 524 \ 525 (req)->rp_opgrp = KCF_OG_SESSION; \ 526 (req)->rp_optype = ftype; \ 527 sops->so_sid_ptr = _sid_ptr; \ 528 sops->so_sid = _sid; \ 529 sops->so_user_type = _user_type; \ 530 sops->so_pin = _pin; \ 531 sops->so_pin_len = _pin_len; \ 532 sops->so_pd = _pd; \ 533 } 534 535 #define KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id, \ 536 _template, _attribute_count, _object_id_ptr, _object_size, \ 537 _find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \ 538 kcf_object_ops_params_t *jops = &(req)->rp_u.object_params; \ 539 \ 540 (req)->rp_opgrp = KCF_OG_OBJECT; \ 541 (req)->rp_optype = ftype; \ 542 jops->oo_sid = _sid; \ 543 jops->oo_object_id = _object_id; \ 544 jops->oo_template = _template; \ 545 jops->oo_attribute_count = _attribute_count; \ 546 jops->oo_object_id_ptr = _object_id_ptr; \ 547 jops->oo_object_size = _object_size; \ 548 jops->oo_find_init_pp_ptr = _find_init_pp_ptr; \ 549 jops->oo_find_pp = _find_pp; \ 550 jops->oo_max_object_count = _max_object_count; \ 551 jops->oo_object_count_ptr = _object_count_ptr; \ 552 } 553 554 #define KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \ 555 _key_attribute_count, _key_object_id_ptr, _private_key_template, \ 556 _private_key_attribute_count, _private_key_object_id_ptr, \ 557 _key, _wrapped_key, _wrapped_key_len_ptr) { \ 558 kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 559 crypto_mechanism_t *mechp = _mech; \ 560 \ 561 (req)->rp_opgrp = KCF_OG_KEY; \ 562 (req)->rp_optype = ftype; \ 563 kops->ko_sid = _sid; \ 564 if (mechp != NULL) { \ 565 kops->ko_mech = *mechp; \ 566 kops->ko_framework_mechtype = mechp->cm_type; \ 567 } \ 568 kops->ko_key_template = _key_template; \ 569 kops->ko_key_attribute_count = _key_attribute_count; \ 570 kops->ko_key_object_id_ptr = _key_object_id_ptr; \ 571 kops->ko_private_key_template = _private_key_template; \ 572 kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 573 kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \ 574 kops->ko_key = _key; \ 575 kops->ko_wrapped_key = _wrapped_key; \ 576 kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr; \ 577 } 578 579 #define KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin, \ 580 _old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) { \ 581 kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params; \ 582 \ 583 (req)->rp_opgrp = KCF_OG_PROVMGMT; \ 584 (req)->rp_optype = ftype; \ 585 pops->po_sid = _sid; \ 586 pops->po_pin = _pin; \ 587 pops->po_pin_len = _pin_len; \ 588 pops->po_old_pin = _old_pin; \ 589 pops->po_old_pin_len = _old_pin_len; \ 590 pops->po_label = _label; \ 591 pops->po_ext_info = _ext_info; \ 592 pops->po_pd = _pd; \ 593 } 594 595 #define KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech, \ 596 _key_template, _key_attribute_count, _private_key_template, \ 597 _private_key_attribute_count, _key, _out_template1, \ 598 _out_attribute_count1, _out_template2, _out_attribute_count2) { \ 599 kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 600 crypto_mechanism_t *mechp = _mech; \ 601 \ 602 (req)->rp_opgrp = KCF_OG_NOSTORE_KEY; \ 603 (req)->rp_optype = ftype; \ 604 kops->ko_sid = _sid; \ 605 if (mechp != NULL) { \ 606 kops->ko_mech = *mechp; \ 607 kops->ko_framework_mechtype = mechp->cm_type; \ 608 } \ 609 kops->ko_key_template = _key_template; \ 610 kops->ko_key_attribute_count = _key_attribute_count; \ 611 kops->ko_key_object_id_ptr = NULL; \ 612 kops->ko_private_key_template = _private_key_template; \ 613 kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 614 kops->ko_private_key_object_id_ptr = NULL; \ 615 kops->ko_key = _key; \ 616 kops->ko_wrapped_key = NULL; \ 617 kops->ko_wrapped_key_len_ptr = 0; \ 618 kops->ko_out_template1 = _out_template1; \ 619 kops->ko_out_template2 = _out_template2; \ 620 kops->ko_out_attribute_count1 = _out_attribute_count1; \ 621 kops->ko_out_attribute_count2 = _out_attribute_count2; \ 622 } 623 624 #define KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp) \ 625 (mechp)->cm_type = \ 626 KCF_TO_PROV_MECHNUM(pd, fmtype); 627 628 #ifdef __cplusplus 629 } 630 #endif 631 632 #endif /* _SYS_CRYPTO_OPS_IMPL_H */ 633