1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_OPS_IMPL_H 27 #define _SYS_CRYPTO_OPS_IMPL_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 /* 32 * Scheduler internal structures. 33 */ 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #include <sys/types.h> 40 #include <sys/mutex.h> 41 #include <sys/condvar.h> 42 #include <sys/crypto/api.h> 43 #include <sys/crypto/spi.h> 44 #include <sys/crypto/impl.h> 45 #include <sys/crypto/common.h> 46 47 /* 48 * The parameters needed for each function group are batched 49 * in one structure. This is much simpler than having a 50 * separate structure for each function. 51 * 52 * In some cases, a field is generically named to keep the 53 * structure small. The comments indicate these cases. 54 */ 55 typedef struct kcf_digest_ops_params { 56 crypto_session_id_t do_sid; 57 crypto_mech_type_t do_framework_mechtype; 58 crypto_mechanism_t do_mech; 59 crypto_data_t *do_data; 60 crypto_data_t *do_digest; 61 crypto_key_t *do_digest_key; /* Argument for digest_key() */ 62 } kcf_digest_ops_params_t; 63 64 typedef struct kcf_mac_ops_params { 65 crypto_session_id_t mo_sid; 66 crypto_mech_type_t mo_framework_mechtype; 67 crypto_mechanism_t mo_mech; 68 crypto_key_t *mo_key; 69 crypto_data_t *mo_data; 70 crypto_data_t *mo_mac; 71 crypto_spi_ctx_template_t mo_templ; 72 } kcf_mac_ops_params_t; 73 74 typedef struct kcf_encrypt_ops_params { 75 crypto_session_id_t eo_sid; 76 crypto_mech_type_t eo_framework_mechtype; 77 crypto_mechanism_t eo_mech; 78 crypto_key_t *eo_key; 79 crypto_data_t *eo_plaintext; 80 crypto_data_t *eo_ciphertext; 81 crypto_spi_ctx_template_t eo_templ; 82 } kcf_encrypt_ops_params_t; 83 84 typedef struct kcf_decrypt_ops_params { 85 crypto_session_id_t dop_sid; 86 crypto_mech_type_t dop_framework_mechtype; 87 crypto_mechanism_t dop_mech; 88 crypto_key_t *dop_key; 89 crypto_data_t *dop_ciphertext; 90 crypto_data_t *dop_plaintext; 91 crypto_spi_ctx_template_t dop_templ; 92 } kcf_decrypt_ops_params_t; 93 94 typedef struct kcf_sign_ops_params { 95 crypto_session_id_t so_sid; 96 crypto_mech_type_t so_framework_mechtype; 97 crypto_mechanism_t so_mech; 98 crypto_key_t *so_key; 99 crypto_data_t *so_data; 100 crypto_data_t *so_signature; 101 crypto_spi_ctx_template_t so_templ; 102 } kcf_sign_ops_params_t; 103 104 typedef struct kcf_verify_ops_params { 105 crypto_session_id_t vo_sid; 106 crypto_mech_type_t vo_framework_mechtype; 107 crypto_mechanism_t vo_mech; 108 crypto_key_t *vo_key; 109 crypto_data_t *vo_data; 110 crypto_data_t *vo_signature; 111 crypto_spi_ctx_template_t vo_templ; 112 } kcf_verify_ops_params_t; 113 114 typedef struct kcf_encrypt_mac_ops_params { 115 crypto_session_id_t em_sid; 116 crypto_mech_type_t em_framework_encr_mechtype; 117 crypto_mechanism_t em_encr_mech; 118 crypto_key_t *em_encr_key; 119 crypto_mech_type_t em_framework_mac_mechtype; 120 crypto_mechanism_t em_mac_mech; 121 crypto_key_t *em_mac_key; 122 crypto_data_t *em_plaintext; 123 crypto_dual_data_t *em_ciphertext; 124 crypto_data_t *em_mac; 125 crypto_spi_ctx_template_t em_encr_templ; 126 crypto_spi_ctx_template_t em_mac_templ; 127 } kcf_encrypt_mac_ops_params_t; 128 129 typedef struct kcf_mac_decrypt_ops_params { 130 crypto_session_id_t md_sid; 131 crypto_mech_type_t md_framework_mac_mechtype; 132 crypto_mechanism_t md_mac_mech; 133 crypto_key_t *md_mac_key; 134 crypto_mech_type_t md_framework_decr_mechtype; 135 crypto_mechanism_t md_decr_mech; 136 crypto_key_t *md_decr_key; 137 crypto_dual_data_t *md_ciphertext; 138 crypto_data_t *md_mac; 139 crypto_data_t *md_plaintext; 140 crypto_spi_ctx_template_t md_mac_templ; 141 crypto_spi_ctx_template_t md_decr_templ; 142 } kcf_mac_decrypt_ops_params_t; 143 144 typedef struct kcf_random_number_ops_params { 145 crypto_session_id_t rn_sid; 146 uchar_t *rn_buf; 147 size_t rn_buflen; 148 uint_t rn_entropy_est; 149 uint32_t rn_flags; 150 } kcf_random_number_ops_params_t; 151 152 /* 153 * so_pd is useful when the provider descriptor (pd) supplying the 154 * provider handle is different from the pd supplying the ops vector. 155 * This is the case for session open/close where so_pd can be the pd 156 * of a logical provider. The pd supplying the ops vector is passed 157 * as an argument to kcf_submit_request(). 158 */ 159 typedef struct kcf_session_ops_params { 160 crypto_session_id_t *so_sid_ptr; 161 crypto_session_id_t so_sid; 162 crypto_user_type_t so_user_type; 163 char *so_pin; 164 size_t so_pin_len; 165 kcf_provider_desc_t *so_pd; 166 } kcf_session_ops_params_t; 167 168 typedef struct kcf_object_ops_params { 169 crypto_session_id_t oo_sid; 170 crypto_object_id_t oo_object_id; 171 crypto_object_attribute_t *oo_template; 172 uint_t oo_attribute_count; 173 crypto_object_id_t *oo_object_id_ptr; 174 size_t *oo_object_size; 175 void **oo_find_init_pp_ptr; 176 void *oo_find_pp; 177 uint_t oo_max_object_count; 178 uint_t *oo_object_count_ptr; 179 } kcf_object_ops_params_t; 180 181 /* 182 * ko_key is used to encode wrapping key in key_wrap() and 183 * unwrapping key in key_unwrap(). ko_key_template and 184 * ko_key_attribute_count are used to encode public template 185 * and public template attr count in key_generate_pair(). 186 * kops->ko_key_object_id_ptr is used to encode public key 187 * in key_generate_pair(). 188 */ 189 typedef struct kcf_key_ops_params { 190 crypto_session_id_t ko_sid; 191 crypto_mech_type_t ko_framework_mechtype; 192 crypto_mechanism_t ko_mech; 193 crypto_object_attribute_t *ko_key_template; 194 uint_t ko_key_attribute_count; 195 crypto_object_id_t *ko_key_object_id_ptr; 196 crypto_object_attribute_t *ko_private_key_template; 197 uint_t ko_private_key_attribute_count; 198 crypto_object_id_t *ko_private_key_object_id_ptr; 199 crypto_key_t *ko_key; 200 uchar_t *ko_wrapped_key; 201 size_t *ko_wrapped_key_len_ptr; 202 crypto_object_attribute_t *ko_out_template1; 203 crypto_object_attribute_t *ko_out_template2; 204 uint_t ko_out_attribute_count1; 205 uint_t ko_out_attribute_count2; 206 } kcf_key_ops_params_t; 207 208 /* 209 * po_pin and po_pin_len are used to encode new_pin and new_pin_len 210 * when wrapping set_pin() function parameters. 211 * 212 * po_pd is useful when the provider descriptor (pd) supplying the 213 * provider handle is different from the pd supplying the ops vector. 214 * This is true for the ext_info provider entry point where po_pd 215 * can be the pd of a logical provider. The pd supplying the ops vector 216 * is passed as an argument to kcf_submit_request(). 217 */ 218 typedef struct kcf_provmgmt_ops_params { 219 crypto_session_id_t po_sid; 220 char *po_pin; 221 size_t po_pin_len; 222 char *po_old_pin; 223 size_t po_old_pin_len; 224 char *po_label; 225 crypto_provider_ext_info_t *po_ext_info; 226 kcf_provider_desc_t *po_pd; 227 } kcf_provmgmt_ops_params_t; 228 229 /* 230 * The operation type within a function group. 231 */ 232 typedef enum kcf_op_type { 233 /* common ops for all mechanisms */ 234 KCF_OP_INIT = 1, 235 KCF_OP_SINGLE, /* pkcs11 sense. So, INIT is already done */ 236 KCF_OP_UPDATE, 237 KCF_OP_FINAL, 238 KCF_OP_ATOMIC, 239 240 /* digest_key op */ 241 KCF_OP_DIGEST_KEY, 242 243 /* mac specific op */ 244 KCF_OP_MAC_VERIFY_ATOMIC, 245 246 /* mac/cipher specific op */ 247 KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC, 248 249 /* sign_recover ops */ 250 KCF_OP_SIGN_RECOVER_INIT, 251 KCF_OP_SIGN_RECOVER, 252 KCF_OP_SIGN_RECOVER_ATOMIC, 253 254 /* verify_recover ops */ 255 KCF_OP_VERIFY_RECOVER_INIT, 256 KCF_OP_VERIFY_RECOVER, 257 KCF_OP_VERIFY_RECOVER_ATOMIC, 258 259 /* random number ops */ 260 KCF_OP_RANDOM_SEED, 261 KCF_OP_RANDOM_GENERATE, 262 263 /* session management ops */ 264 KCF_OP_SESSION_OPEN, 265 KCF_OP_SESSION_CLOSE, 266 KCF_OP_SESSION_LOGIN, 267 KCF_OP_SESSION_LOGOUT, 268 269 /* object management ops */ 270 KCF_OP_OBJECT_CREATE, 271 KCF_OP_OBJECT_COPY, 272 KCF_OP_OBJECT_DESTROY, 273 KCF_OP_OBJECT_GET_SIZE, 274 KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE, 275 KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE, 276 KCF_OP_OBJECT_FIND_INIT, 277 KCF_OP_OBJECT_FIND, 278 KCF_OP_OBJECT_FIND_FINAL, 279 280 /* key management ops */ 281 KCF_OP_KEY_GENERATE, 282 KCF_OP_KEY_GENERATE_PAIR, 283 KCF_OP_KEY_WRAP, 284 KCF_OP_KEY_UNWRAP, 285 KCF_OP_KEY_DERIVE, 286 KCF_OP_KEY_CHECK, 287 288 /* provider management ops */ 289 KCF_OP_MGMT_EXTINFO, 290 KCF_OP_MGMT_INITTOKEN, 291 KCF_OP_MGMT_INITPIN, 292 KCF_OP_MGMT_SETPIN 293 } kcf_op_type_t; 294 295 /* 296 * The operation groups that need wrapping of parameters. This is somewhat 297 * similar to the function group type in spi.h except that this also includes 298 * all the functions that don't have a mechanism. 299 * 300 * The wrapper macros should never take these enum values as an argument. 301 * Rather, they are assigned in the macro itself since they are known 302 * from the macro name. 303 */ 304 typedef enum kcf_op_group { 305 KCF_OG_DIGEST = 1, 306 KCF_OG_MAC, 307 KCF_OG_ENCRYPT, 308 KCF_OG_DECRYPT, 309 KCF_OG_SIGN, 310 KCF_OG_VERIFY, 311 KCF_OG_ENCRYPT_MAC, 312 KCF_OG_MAC_DECRYPT, 313 KCF_OG_RANDOM, 314 KCF_OG_SESSION, 315 KCF_OG_OBJECT, 316 KCF_OG_KEY, 317 KCF_OG_PROVMGMT, 318 KCF_OG_NOSTORE_KEY 319 } kcf_op_group_t; 320 321 /* 322 * The kcf_op_type_t enum values used here should be only for those 323 * operations for which there is a k-api routine in sys/crypto/api.h. 324 */ 325 #define IS_INIT_OP(ftype) ((ftype) == KCF_OP_INIT) 326 #define IS_SINGLE_OP(ftype) ((ftype) == KCF_OP_SINGLE) 327 #define IS_UPDATE_OP(ftype) ((ftype) == KCF_OP_UPDATE) 328 #define IS_FINAL_OP(ftype) ((ftype) == KCF_OP_FINAL) 329 #define IS_ATOMIC_OP(ftype) ( \ 330 (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \ 331 (ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \ 332 (ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \ 333 (ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC) 334 335 /* 336 * Keep the parameters associated with a request around. 337 * We need to pass them to the SPI. 338 */ 339 typedef struct kcf_req_params { 340 kcf_op_group_t rp_opgrp; 341 kcf_op_type_t rp_optype; 342 343 union { 344 kcf_digest_ops_params_t digest_params; 345 kcf_mac_ops_params_t mac_params; 346 kcf_encrypt_ops_params_t encrypt_params; 347 kcf_decrypt_ops_params_t decrypt_params; 348 kcf_sign_ops_params_t sign_params; 349 kcf_verify_ops_params_t verify_params; 350 kcf_encrypt_mac_ops_params_t encrypt_mac_params; 351 kcf_mac_decrypt_ops_params_t mac_decrypt_params; 352 kcf_random_number_ops_params_t random_number_params; 353 kcf_session_ops_params_t session_params; 354 kcf_object_ops_params_t object_params; 355 kcf_key_ops_params_t key_params; 356 kcf_provmgmt_ops_params_t provmgmt_params; 357 } rp_u; 358 } kcf_req_params_t; 359 360 361 /* 362 * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t 363 * structure before calling a scheduler routine. The following macros are 364 * available for that purpose. 365 * 366 * For the most part, the macro arguments closely correspond to the 367 * function parameters. In some cases, we use generic names. The comments 368 * for the structure should indicate these cases. 369 */ 370 #define KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 371 _data, _digest) { \ 372 kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params; \ 373 \ 374 (req)->rp_opgrp = KCF_OG_DIGEST; \ 375 (req)->rp_optype = ftype; \ 376 dops->do_sid = _sid; \ 377 kcf_dup_mech(_mech, &dops->do_mech, &dops->do_framework_mechtype); \ 378 dops->do_digest_key = _key; \ 379 dops->do_data = _data; \ 380 dops->do_digest = _digest; \ 381 } 382 383 #define KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 384 _data, _mac, _templ) { \ 385 kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params; \ 386 \ 387 (req)->rp_opgrp = KCF_OG_MAC; \ 388 (req)->rp_optype = ftype; \ 389 mops->mo_sid = _sid; \ 390 kcf_dup_mech(_mech, &mops->mo_mech, &mops->mo_framework_mechtype); \ 391 mops->mo_key = _key; \ 392 mops->mo_data = _data; \ 393 mops->mo_mac = _mac; \ 394 mops->mo_templ = _templ; \ 395 } 396 397 #define KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 398 _plaintext, _ciphertext, _templ) { \ 399 kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params; \ 400 \ 401 (req)->rp_opgrp = KCF_OG_ENCRYPT; \ 402 (req)->rp_optype = ftype; \ 403 cops->eo_sid = _sid; \ 404 kcf_dup_mech(_mech, &cops->eo_mech, &cops->eo_framework_mechtype); \ 405 cops->eo_key = _key; \ 406 cops->eo_plaintext = _plaintext; \ 407 cops->eo_ciphertext = _ciphertext; \ 408 cops->eo_templ = _templ; \ 409 } 410 411 #define KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 412 _ciphertext, _plaintext, _templ) { \ 413 kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params; \ 414 \ 415 (req)->rp_opgrp = KCF_OG_DECRYPT; \ 416 (req)->rp_optype = ftype; \ 417 cops->dop_sid = _sid; \ 418 kcf_dup_mech(_mech, &cops->dop_mech, &cops->dop_framework_mechtype); \ 419 cops->dop_key = _key; \ 420 cops->dop_ciphertext = _ciphertext; \ 421 cops->dop_plaintext = _plaintext; \ 422 cops->dop_templ = _templ; \ 423 } 424 425 #define KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 426 _data, _signature, _templ) { \ 427 kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params; \ 428 \ 429 (req)->rp_opgrp = KCF_OG_SIGN; \ 430 (req)->rp_optype = ftype; \ 431 sops->so_sid = _sid; \ 432 kcf_dup_mech(_mech, &sops->so_mech, &sops->so_framework_mechtype); \ 433 sops->so_key = _key; \ 434 sops->so_data = _data; \ 435 sops->so_signature = _signature; \ 436 sops->so_templ = _templ; \ 437 } 438 439 #define KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 440 _data, _signature, _templ) { \ 441 kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params; \ 442 \ 443 (req)->rp_opgrp = KCF_OG_VERIFY; \ 444 (req)->rp_optype = ftype; \ 445 vops->vo_sid = _sid; \ 446 kcf_dup_mech(_mech, &vops->vo_mech, &vops->vo_framework_mechtype); \ 447 vops->vo_key = _key; \ 448 vops->vo_data = _data; \ 449 vops->vo_signature = _signature; \ 450 vops->vo_templ = _templ; \ 451 } 452 453 #define KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key, \ 454 _mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \ 455 kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \ 456 \ 457 (req)->rp_opgrp = KCF_OG_ENCRYPT_MAC; \ 458 (req)->rp_optype = ftype; \ 459 cmops->em_sid = _sid; \ 460 cmops->em_encr_key = _encr_key; \ 461 cmops->em_mac_key = _mac_key; \ 462 cmops->em_plaintext = _plaintext; \ 463 cmops->em_ciphertext = _ciphertext; \ 464 cmops->em_mac = _mac; \ 465 cmops->em_encr_templ = _encr_templ; \ 466 cmops->em_mac_templ = _mac_templ; \ 467 } 468 469 #define KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key, \ 470 _decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \ 471 kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \ 472 \ 473 (req)->rp_opgrp = KCF_OG_MAC_DECRYPT; \ 474 (req)->rp_optype = ftype; \ 475 cmops->md_sid = _sid; \ 476 cmops->md_mac_key = _mac_key; \ 477 cmops->md_decr_key = _decr_key; \ 478 cmops->md_ciphertext = _ciphertext; \ 479 cmops->md_mac = _mac; \ 480 cmops->md_plaintext = _plaintext; \ 481 cmops->md_mac_templ = _mac_templ; \ 482 cmops->md_decr_templ = _decr_templ; \ 483 } 484 485 #define KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen, \ 486 _est, _flags) { \ 487 kcf_random_number_ops_params_t *rops = \ 488 &(req)->rp_u.random_number_params; \ 489 \ 490 (req)->rp_opgrp = KCF_OG_RANDOM; \ 491 (req)->rp_optype = ftype; \ 492 rops->rn_sid = _sid; \ 493 rops->rn_buf = _buf; \ 494 rops->rn_buflen = _buflen; \ 495 rops->rn_entropy_est = _est; \ 496 rops->rn_flags = _flags; \ 497 } 498 499 #define KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid, \ 500 _user_type, _pin, _pin_len, _pd) { \ 501 kcf_session_ops_params_t *sops = &(req)->rp_u.session_params; \ 502 \ 503 (req)->rp_opgrp = KCF_OG_SESSION; \ 504 (req)->rp_optype = ftype; \ 505 sops->so_sid_ptr = _sid_ptr; \ 506 sops->so_sid = _sid; \ 507 sops->so_user_type = _user_type; \ 508 sops->so_pin = _pin; \ 509 sops->so_pin_len = _pin_len; \ 510 sops->so_pd = _pd; \ 511 } 512 513 #define KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id, \ 514 _template, _attribute_count, _object_id_ptr, _object_size, \ 515 _find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \ 516 kcf_object_ops_params_t *jops = &(req)->rp_u.object_params; \ 517 \ 518 (req)->rp_opgrp = KCF_OG_OBJECT; \ 519 (req)->rp_optype = ftype; \ 520 jops->oo_sid = _sid; \ 521 jops->oo_object_id = _object_id; \ 522 jops->oo_template = _template; \ 523 jops->oo_attribute_count = _attribute_count; \ 524 jops->oo_object_id_ptr = _object_id_ptr; \ 525 jops->oo_object_size = _object_size; \ 526 jops->oo_find_init_pp_ptr = _find_init_pp_ptr; \ 527 jops->oo_find_pp = _find_pp; \ 528 jops->oo_max_object_count = _max_object_count; \ 529 jops->oo_object_count_ptr = _object_count_ptr; \ 530 } 531 532 #define KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \ 533 _key_attribute_count, _key_object_id_ptr, _private_key_template, \ 534 _private_key_attribute_count, _private_key_object_id_ptr, \ 535 _key, _wrapped_key, _wrapped_key_len_ptr) { \ 536 kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 537 \ 538 (req)->rp_opgrp = KCF_OG_KEY; \ 539 (req)->rp_optype = ftype; \ 540 kops->ko_sid = _sid; \ 541 kcf_dup_mech(_mech, &kops->ko_mech, &kops->ko_framework_mechtype); \ 542 kops->ko_key_template = _key_template; \ 543 kops->ko_key_attribute_count = _key_attribute_count; \ 544 kops->ko_key_object_id_ptr = _key_object_id_ptr; \ 545 kops->ko_private_key_template = _private_key_template; \ 546 kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 547 kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \ 548 kops->ko_key = _key; \ 549 kops->ko_wrapped_key = _wrapped_key; \ 550 kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr; \ 551 } 552 553 #define KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin, \ 554 _old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) { \ 555 kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params; \ 556 \ 557 (req)->rp_opgrp = KCF_OG_PROVMGMT; \ 558 (req)->rp_optype = ftype; \ 559 pops->po_sid = _sid; \ 560 pops->po_pin = _pin; \ 561 pops->po_pin_len = _pin_len; \ 562 pops->po_old_pin = _old_pin; \ 563 pops->po_old_pin_len = _old_pin_len; \ 564 pops->po_label = _label; \ 565 pops->po_ext_info = _ext_info; \ 566 pops->po_pd = _pd; \ 567 } 568 569 #define KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech, \ 570 _key_template, _key_attribute_count, _private_key_template, \ 571 _private_key_attribute_count, _key, _out_template1, \ 572 _out_attribute_count1, _out_template2, _out_attribute_count2) { \ 573 kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 574 \ 575 (req)->rp_opgrp = KCF_OG_NOSTORE_KEY; \ 576 (req)->rp_optype = ftype; \ 577 kops->ko_sid = _sid; \ 578 kcf_dup_mech(_mech, &kops->ko_mech, &kops->ko_framework_mechtype); \ 579 kops->ko_key_template = _key_template; \ 580 kops->ko_key_attribute_count = _key_attribute_count; \ 581 kops->ko_key_object_id_ptr = NULL; \ 582 kops->ko_private_key_template = _private_key_template; \ 583 kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 584 kops->ko_private_key_object_id_ptr = NULL; \ 585 kops->ko_key = _key; \ 586 kops->ko_wrapped_key = NULL; \ 587 kops->ko_wrapped_key_len_ptr = 0; \ 588 kops->ko_out_template1 = _out_template1; \ 589 kops->ko_out_template2 = _out_template2; \ 590 kops->ko_out_attribute_count1 = _out_attribute_count1; \ 591 kops->ko_out_attribute_count2 = _out_attribute_count2; \ 592 } 593 594 #define KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp) \ 595 (mechp)->cm_type = \ 596 KCF_TO_PROV_MECHNUM(pd, fmtype); 597 598 #ifdef __cplusplus 599 } 600 #endif 601 602 #endif /* _SYS_CRYPTO_OPS_IMPL_H */ 603