xref: /titanic_52/usr/src/uts/common/sys/crypto/ops_impl.h (revision fb3fb4f3d76d55b64440afd0af72775dfad3bd1d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _SYS_CRYPTO_OPS_IMPL_H
28 #define	_SYS_CRYPTO_OPS_IMPL_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 /*
33  * Scheduler internal structures.
34  */
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/mutex.h>
42 #include <sys/condvar.h>
43 #include <sys/crypto/api.h>
44 #include <sys/crypto/spi.h>
45 #include <sys/crypto/impl.h>
46 #include <sys/crypto/common.h>
47 
48 /*
49  * The parameters needed for each function group are batched
50  * in one structure. This is much simpler than having a
51  * separate structure for each function.
52  *
53  * In some cases, a field is generically named to keep the
54  * structure small. The comments indicate these cases.
55  */
56 typedef struct kcf_digest_ops_params {
57 	crypto_session_id_t	do_sid;
58 	crypto_mech_type_t	do_framework_mechtype;
59 	crypto_mechanism_t	do_mech;
60 	crypto_data_t		*do_data;
61 	crypto_data_t		*do_digest;
62 	crypto_key_t		*do_digest_key;	/* Argument for digest_key() */
63 } kcf_digest_ops_params_t;
64 
65 typedef struct kcf_mac_ops_params {
66 	crypto_session_id_t		mo_sid;
67 	crypto_mech_type_t		mo_framework_mechtype;
68 	crypto_mechanism_t		mo_mech;
69 	crypto_key_t			*mo_key;
70 	crypto_data_t			*mo_data;
71 	crypto_data_t			*mo_mac;
72 	crypto_spi_ctx_template_t	mo_templ;
73 } kcf_mac_ops_params_t;
74 
75 typedef struct kcf_encrypt_ops_params {
76 	crypto_session_id_t		eo_sid;
77 	crypto_mech_type_t		eo_framework_mechtype;
78 	crypto_mechanism_t		eo_mech;
79 	crypto_key_t			*eo_key;
80 	crypto_data_t			*eo_plaintext;
81 	crypto_data_t			*eo_ciphertext;
82 	crypto_spi_ctx_template_t	eo_templ;
83 } kcf_encrypt_ops_params_t;
84 
85 typedef struct kcf_decrypt_ops_params {
86 	crypto_session_id_t		dop_sid;
87 	crypto_mech_type_t		dop_framework_mechtype;
88 	crypto_mechanism_t		dop_mech;
89 	crypto_key_t			*dop_key;
90 	crypto_data_t			*dop_ciphertext;
91 	crypto_data_t			*dop_plaintext;
92 	crypto_spi_ctx_template_t	dop_templ;
93 } kcf_decrypt_ops_params_t;
94 
95 typedef struct kcf_sign_ops_params {
96 	crypto_session_id_t		so_sid;
97 	crypto_mech_type_t		so_framework_mechtype;
98 	crypto_mechanism_t		so_mech;
99 	crypto_key_t			*so_key;
100 	crypto_data_t			*so_data;
101 	crypto_data_t			*so_signature;
102 	crypto_spi_ctx_template_t	so_templ;
103 } kcf_sign_ops_params_t;
104 
105 typedef struct kcf_verify_ops_params {
106 	crypto_session_id_t		vo_sid;
107 	crypto_mech_type_t		vo_framework_mechtype;
108 	crypto_mechanism_t		vo_mech;
109 	crypto_key_t			*vo_key;
110 	crypto_data_t			*vo_data;
111 	crypto_data_t			*vo_signature;
112 	crypto_spi_ctx_template_t	vo_templ;
113 } kcf_verify_ops_params_t;
114 
115 typedef struct kcf_encrypt_mac_ops_params {
116 	crypto_session_id_t 		em_sid;
117 	crypto_mech_type_t		em_framework_encr_mechtype;
118 	crypto_mechanism_t		em_encr_mech;
119 	crypto_key_t			*em_encr_key;
120 	crypto_mech_type_t		em_framework_mac_mechtype;
121 	crypto_mechanism_t		em_mac_mech;
122 	crypto_key_t			*em_mac_key;
123 	crypto_data_t			*em_plaintext;
124 	crypto_dual_data_t		*em_ciphertext;
125 	crypto_data_t			*em_mac;
126 	crypto_spi_ctx_template_t	em_encr_templ;
127 	crypto_spi_ctx_template_t	em_mac_templ;
128 } kcf_encrypt_mac_ops_params_t;
129 
130 typedef struct kcf_mac_decrypt_ops_params {
131 	crypto_session_id_t 		md_sid;
132 	crypto_mech_type_t		md_framework_mac_mechtype;
133 	crypto_mechanism_t		md_mac_mech;
134 	crypto_key_t			*md_mac_key;
135 	crypto_mech_type_t		md_framework_decr_mechtype;
136 	crypto_mechanism_t		md_decr_mech;
137 	crypto_key_t			*md_decr_key;
138 	crypto_dual_data_t		*md_ciphertext;
139 	crypto_data_t			*md_mac;
140 	crypto_data_t			*md_plaintext;
141 	crypto_spi_ctx_template_t	md_mac_templ;
142 	crypto_spi_ctx_template_t	md_decr_templ;
143 } kcf_mac_decrypt_ops_params_t;
144 
145 typedef struct kcf_random_number_ops_params {
146 	crypto_session_id_t	rn_sid;
147 	uchar_t			*rn_buf;
148 	size_t			rn_buflen;
149 } kcf_random_number_ops_params_t;
150 
151 /*
152  * so_pd is useful when the provider descriptor (pd) supplying the
153  * provider handle is different from the pd supplying the ops vector.
154  * This is the case for session open/close where so_pd can be the pd
155  * of a logical provider. The pd supplying the ops vector is passed
156  * as an argument to kcf_submit_request().
157  */
158 typedef struct kcf_session_ops_params {
159 	crypto_session_id_t	*so_sid_ptr;
160 	crypto_session_id_t	so_sid;
161 	crypto_user_type_t	so_user_type;
162 	char			*so_pin;
163 	size_t			so_pin_len;
164 	kcf_provider_desc_t	*so_pd;
165 } kcf_session_ops_params_t;
166 
167 typedef struct kcf_object_ops_params {
168 	crypto_session_id_t		oo_sid;
169 	crypto_object_id_t		oo_object_id;
170 	crypto_object_attribute_t	*oo_template;
171 	uint_t 				oo_attribute_count;
172 	crypto_object_id_t		*oo_object_id_ptr;
173 	size_t				*oo_object_size;
174 	void				**oo_find_init_pp_ptr;
175 	void				*oo_find_pp;
176 	uint_t				oo_max_object_count;
177 	uint_t				*oo_object_count_ptr;
178 } kcf_object_ops_params_t;
179 
180 /*
181  * ko_key is used to encode wrapping key in key_wrap() and
182  * unwrapping key in key_unwrap(). ko_key_template and
183  * ko_key_attribute_count are used to encode public template
184  * and public template attr count in key_generate_pair().
185  * kops->ko_key_object_id_ptr is used to encode public key
186  * in key_generate_pair().
187  */
188 typedef struct kcf_key_ops_params {
189 	crypto_session_id_t		ko_sid;
190 	crypto_mech_type_t		ko_framework_mechtype;
191 	crypto_mechanism_t		ko_mech;
192 	crypto_object_attribute_t	*ko_key_template;
193 	uint_t				ko_key_attribute_count;
194 	crypto_object_id_t		*ko_key_object_id_ptr;
195 	crypto_object_attribute_t	*ko_private_key_template;
196 	uint_t				ko_private_key_attribute_count;
197 	crypto_object_id_t		*ko_private_key_object_id_ptr;
198 	crypto_key_t			*ko_key;
199 	uchar_t				*ko_wrapped_key;
200 	size_t				*ko_wrapped_key_len_ptr;
201 } kcf_key_ops_params_t;
202 
203 /*
204  * po_pin and po_pin_len are used to encode new_pin and new_pin_len
205  * when wrapping set_pin() function parameters.
206  *
207  * po_pd is useful when the provider descriptor (pd) supplying the
208  * provider handle is different from the pd supplying the ops vector.
209  * This is true for the ext_info provider entry point where po_pd
210  * can be the pd of a logical provider. The pd supplying the ops vector
211  * is passed as an argument to kcf_submit_request().
212  */
213 typedef struct kcf_provmgmt_ops_params {
214 	crypto_session_id_t 		po_sid;
215 	char				*po_pin;
216 	size_t				po_pin_len;
217 	char				*po_old_pin;
218 	size_t				po_old_pin_len;
219 	char				*po_label;
220 	crypto_provider_ext_info_t	*po_ext_info;
221 	kcf_provider_desc_t		*po_pd;
222 } kcf_provmgmt_ops_params_t;
223 
224 /*
225  * The operation type within a function group.
226  */
227 typedef enum kcf_op_type {
228 	/* common ops for all mechanisms */
229 	KCF_OP_INIT = 1,
230 	KCF_OP_SINGLE,	/* pkcs11 sense. So, INIT is already done */
231 	KCF_OP_UPDATE,
232 	KCF_OP_FINAL,
233 	KCF_OP_ATOMIC,
234 
235 	/* digest_key op */
236 	KCF_OP_DIGEST_KEY,
237 
238 	/* mac specific op */
239 	KCF_OP_MAC_VERIFY_ATOMIC,
240 
241 	/* mac/cipher specific op */
242 	KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC,
243 
244 	/* sign_recover ops */
245 	KCF_OP_SIGN_RECOVER_INIT,
246 	KCF_OP_SIGN_RECOVER,
247 	KCF_OP_SIGN_RECOVER_ATOMIC,
248 
249 	/* verify_recover ops */
250 	KCF_OP_VERIFY_RECOVER_INIT,
251 	KCF_OP_VERIFY_RECOVER,
252 	KCF_OP_VERIFY_RECOVER_ATOMIC,
253 
254 	/* random number ops */
255 	KCF_OP_RANDOM_SEED,
256 	KCF_OP_RANDOM_GENERATE,
257 
258 	/* session management ops */
259 	KCF_OP_SESSION_OPEN,
260 	KCF_OP_SESSION_CLOSE,
261 	KCF_OP_SESSION_LOGIN,
262 	KCF_OP_SESSION_LOGOUT,
263 
264 	/* object management ops */
265 	KCF_OP_OBJECT_CREATE,
266 	KCF_OP_OBJECT_COPY,
267 	KCF_OP_OBJECT_DESTROY,
268 	KCF_OP_OBJECT_GET_SIZE,
269 	KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE,
270 	KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE,
271 	KCF_OP_OBJECT_FIND_INIT,
272 	KCF_OP_OBJECT_FIND,
273 	KCF_OP_OBJECT_FIND_FINAL,
274 
275 	/* key management ops */
276 	KCF_OP_KEY_GENERATE,
277 	KCF_OP_KEY_GENERATE_PAIR,
278 	KCF_OP_KEY_WRAP,
279 	KCF_OP_KEY_UNWRAP,
280 	KCF_OP_KEY_DERIVE,
281 	KCF_OP_KEY_CHECK,
282 
283 	/* provider management ops */
284 	KCF_OP_MGMT_EXTINFO,
285 	KCF_OP_MGMT_INITTOKEN,
286 	KCF_OP_MGMT_INITPIN,
287 	KCF_OP_MGMT_SETPIN
288 } kcf_op_type_t;
289 
290 /*
291  * The operation groups that need wrapping of parameters. This is somewhat
292  * similar to the function group type in spi.h except that this also includes
293  * all the functions that don't have a mechanism.
294  *
295  * The wrapper macros should never take these enum values as an argument.
296  * Rather, they are assigned in the macro itself since they are known
297  * from the macro name.
298  */
299 typedef enum kcf_op_group {
300 	KCF_OG_DIGEST = 1,
301 	KCF_OG_MAC,
302 	KCF_OG_ENCRYPT,
303 	KCF_OG_DECRYPT,
304 	KCF_OG_SIGN,
305 	KCF_OG_VERIFY,
306 	KCF_OG_ENCRYPT_MAC,
307 	KCF_OG_MAC_DECRYPT,
308 	KCF_OG_RANDOM,
309 	KCF_OG_SESSION,
310 	KCF_OG_OBJECT,
311 	KCF_OG_KEY,
312 	KCF_OG_PROVMGMT
313 } kcf_op_group_t;
314 
315 /*
316  * The kcf_op_type_t enum values used here should be only for those
317  * operations for which there is a k-api routine in sys/crypto/api.h.
318  */
319 #define	IS_INIT_OP(ftype)	((ftype) == KCF_OP_INIT)
320 #define	IS_SINGLE_OP(ftype)	((ftype) == KCF_OP_SINGLE)
321 #define	IS_UPDATE_OP(ftype)	((ftype) == KCF_OP_UPDATE)
322 #define	IS_FINAL_OP(ftype)	((ftype) == KCF_OP_FINAL)
323 #define	IS_ATOMIC_OP(ftype)	( \
324 	(ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \
325 	(ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \
326 	(ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \
327 	(ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC)
328 
329 /*
330  * Keep the parameters associated with a request around.
331  * We need to pass them to the SPI.
332  */
333 typedef struct kcf_req_params {
334 	kcf_op_group_t		rp_opgrp;
335 	kcf_op_type_t		rp_optype;
336 
337 	union {
338 		kcf_digest_ops_params_t		digest_params;
339 		kcf_mac_ops_params_t		mac_params;
340 		kcf_encrypt_ops_params_t	encrypt_params;
341 		kcf_decrypt_ops_params_t	decrypt_params;
342 		kcf_sign_ops_params_t		sign_params;
343 		kcf_verify_ops_params_t		verify_params;
344 		kcf_encrypt_mac_ops_params_t	encrypt_mac_params;
345 		kcf_mac_decrypt_ops_params_t	mac_decrypt_params;
346 		kcf_random_number_ops_params_t	random_number_params;
347 		kcf_session_ops_params_t	session_params;
348 		kcf_object_ops_params_t		object_params;
349 		kcf_key_ops_params_t		key_params;
350 		kcf_provmgmt_ops_params_t	provmgmt_params;
351 	} rp_u;
352 } kcf_req_params_t;
353 
354 
355 /*
356  * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t
357  * structure before calling a scheduler routine. The following macros are
358  * available for that purpose.
359  *
360  * For the most part, the macro arguments closely correspond to the
361  * function parameters. In some cases, we use generic names. The comments
362  * for the structure should indicate these cases.
363  */
364 #define	KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
365 	_data, _digest) {						\
366 	kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params;	\
367 									\
368 	(req)->rp_opgrp = KCF_OG_DIGEST;				\
369 	(req)->rp_optype = ftype;					\
370 	dops->do_sid = _sid;						\
371 	kcf_dup_mech(_mech, &dops->do_mech, &dops->do_framework_mechtype); \
372 	dops->do_digest_key = _key;					\
373 	dops->do_data = _data;						\
374 	dops->do_digest = _digest;					\
375 }
376 
377 #define	KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key,		\
378 	_data, _mac, _templ) {						\
379 	kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params;		\
380 									\
381 	(req)->rp_opgrp = KCF_OG_MAC;					\
382 	(req)->rp_optype = ftype;					\
383 	mops->mo_sid = _sid;						\
384 	kcf_dup_mech(_mech, &mops->mo_mech, &mops->mo_framework_mechtype); \
385 	mops->mo_key = _key;						\
386 	mops->mo_data = _data;						\
387 	mops->mo_mac = _mac;						\
388 	mops->mo_templ = _templ;					\
389 }
390 
391 #define	KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
392 	_plaintext, _ciphertext, _templ) {				\
393 	kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params;	\
394 									\
395 	(req)->rp_opgrp = KCF_OG_ENCRYPT;				\
396 	(req)->rp_optype = ftype;					\
397 	cops->eo_sid = _sid;						\
398 	kcf_dup_mech(_mech, &cops->eo_mech, &cops->eo_framework_mechtype); \
399 	cops->eo_key = _key;						\
400 	cops->eo_plaintext = _plaintext;				\
401 	cops->eo_ciphertext = _ciphertext;				\
402 	cops->eo_templ = _templ;					\
403 }
404 
405 #define	KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
406 	_ciphertext, _plaintext, _templ) {				\
407 	kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params;	\
408 									\
409 	(req)->rp_opgrp = KCF_OG_DECRYPT;				\
410 	(req)->rp_optype = ftype;					\
411 	cops->dop_sid = _sid;						\
412 	kcf_dup_mech(_mech, &cops->dop_mech, &cops->dop_framework_mechtype); \
413 	cops->dop_key = _key;						\
414 	cops->dop_ciphertext = _ciphertext;				\
415 	cops->dop_plaintext = _plaintext;				\
416 	cops->dop_templ = _templ;					\
417 }
418 
419 #define	KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key,		\
420 	_data, _signature, _templ) {					\
421 	kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params;		\
422 									\
423 	(req)->rp_opgrp = KCF_OG_SIGN;					\
424 	(req)->rp_optype = ftype;					\
425 	sops->so_sid = _sid;						\
426 	kcf_dup_mech(_mech, &sops->so_mech, &sops->so_framework_mechtype); \
427 	sops->so_key = _key;						\
428 	sops->so_data = _data;						\
429 	sops->so_signature = _signature;				\
430 	sops->so_templ = _templ;					\
431 }
432 
433 #define	KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
434 	_data, _signature, _templ) {					\
435 	kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params;	\
436 									\
437 	(req)->rp_opgrp = KCF_OG_VERIFY;				\
438 	(req)->rp_optype = ftype;					\
439 	vops->vo_sid = _sid;						\
440 	kcf_dup_mech(_mech, &vops->vo_mech, &vops->vo_framework_mechtype); \
441 	vops->vo_key = _key;						\
442 	vops->vo_data = _data;						\
443 	vops->vo_signature = _signature;				\
444 	vops->vo_templ = _templ;					\
445 }
446 
447 #define	KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key,	\
448 	_mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \
449 	kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \
450 									\
451 	(req)->rp_opgrp = KCF_OG_ENCRYPT_MAC;				\
452 	(req)->rp_optype = ftype;					\
453 	cmops->em_sid = _sid;						\
454 	cmops->em_encr_key = _encr_key;					\
455 	cmops->em_mac_key = _mac_key;					\
456 	cmops->em_plaintext = _plaintext;				\
457 	cmops->em_ciphertext = _ciphertext;				\
458 	cmops->em_mac = _mac;						\
459 	cmops->em_encr_templ = _encr_templ;				\
460 	cmops->em_mac_templ = _mac_templ;				\
461 }
462 
463 #define	KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key,	\
464 	_decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \
465 	kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \
466 									\
467 	(req)->rp_opgrp = KCF_OG_MAC_DECRYPT;				\
468 	(req)->rp_optype = ftype;					\
469 	cmops->md_sid = _sid;						\
470 	cmops->md_mac_key = _mac_key;					\
471 	cmops->md_decr_key = _decr_key;					\
472 	cmops->md_ciphertext = _ciphertext;				\
473 	cmops->md_mac = _mac;						\
474 	cmops->md_plaintext = _plaintext;				\
475 	cmops->md_mac_templ = _mac_templ;				\
476 	cmops->md_decr_templ = _decr_templ;				\
477 }
478 
479 #define	KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen) {	\
480 	kcf_random_number_ops_params_t *rops =				\
481 		&(req)->rp_u.random_number_params;			\
482 									\
483 	(req)->rp_opgrp = KCF_OG_RANDOM;				\
484 	(req)->rp_optype = ftype;					\
485 	rops->rn_sid = _sid;						\
486 	rops->rn_buf = _buf;						\
487 	rops->rn_buflen = _buflen;					\
488 }
489 
490 #define	KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid,		\
491 	_user_type, _pin, _pin_len, _pd) {				\
492 	kcf_session_ops_params_t *sops = &(req)->rp_u.session_params;	\
493 									\
494 	(req)->rp_opgrp = KCF_OG_SESSION;				\
495 	(req)->rp_optype = ftype;					\
496 	sops->so_sid_ptr = _sid_ptr;					\
497 	sops->so_sid = _sid;						\
498 	sops->so_user_type = _user_type;				\
499 	sops->so_pin = _pin;						\
500 	sops->so_pin_len = _pin_len;					\
501 	sops->so_pd = _pd;						\
502 }
503 
504 #define	KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id,	\
505 	_template, _attribute_count, _object_id_ptr, _object_size,	\
506 	_find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \
507 	kcf_object_ops_params_t *jops = &(req)->rp_u.object_params;	\
508 									\
509 	(req)->rp_opgrp = KCF_OG_OBJECT;				\
510 	(req)->rp_optype = ftype;					\
511 	jops->oo_sid = _sid;						\
512 	jops->oo_object_id = _object_id;				\
513 	jops->oo_template = _template;					\
514 	jops->oo_attribute_count = _attribute_count;			\
515 	jops->oo_object_id_ptr = _object_id_ptr;			\
516 	jops->oo_object_size = _object_size;				\
517 	jops->oo_find_init_pp_ptr = _find_init_pp_ptr;			\
518 	jops->oo_find_pp = _find_pp;					\
519 	jops->oo_max_object_count = _max_object_count;			\
520 	jops->oo_object_count_ptr = _object_count_ptr;			\
521 }
522 
523 #define	KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \
524 	_key_attribute_count, _key_object_id_ptr, _private_key_template, \
525 	_private_key_attribute_count, _private_key_object_id_ptr,	\
526 	_key, _wrapped_key, _wrapped_key_len_ptr) {			\
527 	kcf_key_ops_params_t *kops = &(req)->rp_u.key_params;		\
528 									\
529 	(req)->rp_opgrp = KCF_OG_KEY;					\
530 	(req)->rp_optype = ftype;					\
531 	kops->ko_sid = _sid;						\
532 	kcf_dup_mech(_mech, &kops->ko_mech, &kops->ko_framework_mechtype); \
533 	kops->ko_key_template = _key_template;				\
534 	kops->ko_key_attribute_count = _key_attribute_count;		\
535 	kops->ko_key_object_id_ptr = _key_object_id_ptr;		\
536 	kops->ko_private_key_template = _private_key_template;		\
537 	kops->ko_private_key_attribute_count = _private_key_attribute_count; \
538 	kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \
539 	kops->ko_key = _key;						\
540 	kops->ko_wrapped_key = _wrapped_key;				\
541 	kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr;		\
542 }
543 
544 #define	KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin,	\
545 	_old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) {		\
546 	kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params;	\
547 									\
548 	(req)->rp_opgrp = KCF_OG_PROVMGMT;				\
549 	(req)->rp_optype = ftype;					\
550 	pops->po_sid = _sid;						\
551 	pops->po_pin = _pin;						\
552 	pops->po_pin_len = _pin_len;					\
553 	pops->po_old_pin = _old_pin;					\
554 	pops->po_old_pin_len = _old_pin_len;				\
555 	pops->po_label = _label;					\
556 	pops->po_ext_info = _ext_info;					\
557 	pops->po_pd = _pd;						\
558 }
559 
560 #define	KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp)			\
561 	(mechp)->cm_type =						\
562 	    (pd)->pd_map_mechnums[KCF_MECH2CLASS(fmtype)]		\
563 	    [KCF_MECH2INDEX(fmtype)];
564 
565 #ifdef __cplusplus
566 }
567 #endif
568 
569 #endif /* _SYS_CRYPTO_OPS_IMPL_H */
570