1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_CRYPTO_OPS_IMPL_H 27 #define _SYS_CRYPTO_OPS_IMPL_H 28 29 /* 30 * Scheduler internal structures. 31 */ 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #include <sys/zfs_context.h> 38 #include <sys/crypto/api.h> 39 #include <sys/crypto/spi.h> 40 #include <sys/crypto/impl.h> 41 #include <sys/crypto/common.h> 42 43 /* 44 * The parameters needed for each function group are batched 45 * in one structure. This is much simpler than having a 46 * separate structure for each function. 47 * 48 * In some cases, a field is generically named to keep the 49 * structure small. The comments indicate these cases. 50 */ 51 typedef struct kcf_digest_ops_params { 52 crypto_session_id_t do_sid; 53 crypto_mech_type_t do_framework_mechtype; 54 crypto_mechanism_t do_mech; 55 crypto_data_t *do_data; 56 crypto_data_t *do_digest; 57 crypto_key_t *do_digest_key; /* Argument for digest_key() */ 58 } kcf_digest_ops_params_t; 59 60 typedef struct kcf_mac_ops_params { 61 crypto_session_id_t mo_sid; 62 crypto_mech_type_t mo_framework_mechtype; 63 crypto_mechanism_t mo_mech; 64 crypto_key_t *mo_key; 65 crypto_data_t *mo_data; 66 crypto_data_t *mo_mac; 67 crypto_spi_ctx_template_t mo_templ; 68 } kcf_mac_ops_params_t; 69 70 typedef struct kcf_encrypt_ops_params { 71 crypto_session_id_t eo_sid; 72 crypto_mech_type_t eo_framework_mechtype; 73 crypto_mechanism_t eo_mech; 74 crypto_key_t *eo_key; 75 crypto_data_t *eo_plaintext; 76 crypto_data_t *eo_ciphertext; 77 crypto_spi_ctx_template_t eo_templ; 78 } kcf_encrypt_ops_params_t; 79 80 typedef struct kcf_decrypt_ops_params { 81 crypto_session_id_t dop_sid; 82 crypto_mech_type_t dop_framework_mechtype; 83 crypto_mechanism_t dop_mech; 84 crypto_key_t *dop_key; 85 crypto_data_t *dop_ciphertext; 86 crypto_data_t *dop_plaintext; 87 crypto_spi_ctx_template_t dop_templ; 88 } kcf_decrypt_ops_params_t; 89 90 typedef struct kcf_sign_ops_params { 91 crypto_session_id_t so_sid; 92 crypto_mech_type_t so_framework_mechtype; 93 crypto_mechanism_t so_mech; 94 crypto_key_t *so_key; 95 crypto_data_t *so_data; 96 crypto_data_t *so_signature; 97 crypto_spi_ctx_template_t so_templ; 98 } kcf_sign_ops_params_t; 99 100 typedef struct kcf_verify_ops_params { 101 crypto_session_id_t vo_sid; 102 crypto_mech_type_t vo_framework_mechtype; 103 crypto_mechanism_t vo_mech; 104 crypto_key_t *vo_key; 105 crypto_data_t *vo_data; 106 crypto_data_t *vo_signature; 107 crypto_spi_ctx_template_t vo_templ; 108 } kcf_verify_ops_params_t; 109 110 typedef struct kcf_encrypt_mac_ops_params { 111 crypto_session_id_t em_sid; 112 crypto_mech_type_t em_framework_encr_mechtype; 113 crypto_mechanism_t em_encr_mech; 114 crypto_key_t *em_encr_key; 115 crypto_mech_type_t em_framework_mac_mechtype; 116 crypto_mechanism_t em_mac_mech; 117 crypto_key_t *em_mac_key; 118 crypto_data_t *em_plaintext; 119 crypto_dual_data_t *em_ciphertext; 120 crypto_data_t *em_mac; 121 crypto_spi_ctx_template_t em_encr_templ; 122 crypto_spi_ctx_template_t em_mac_templ; 123 } kcf_encrypt_mac_ops_params_t; 124 125 typedef struct kcf_mac_decrypt_ops_params { 126 crypto_session_id_t md_sid; 127 crypto_mech_type_t md_framework_mac_mechtype; 128 crypto_mechanism_t md_mac_mech; 129 crypto_key_t *md_mac_key; 130 crypto_mech_type_t md_framework_decr_mechtype; 131 crypto_mechanism_t md_decr_mech; 132 crypto_key_t *md_decr_key; 133 crypto_dual_data_t *md_ciphertext; 134 crypto_data_t *md_mac; 135 crypto_data_t *md_plaintext; 136 crypto_spi_ctx_template_t md_mac_templ; 137 crypto_spi_ctx_template_t md_decr_templ; 138 } kcf_mac_decrypt_ops_params_t; 139 140 typedef struct kcf_random_number_ops_params { 141 crypto_session_id_t rn_sid; 142 uchar_t *rn_buf; 143 size_t rn_buflen; 144 uint_t rn_entropy_est; 145 uint32_t rn_flags; 146 } kcf_random_number_ops_params_t; 147 148 /* 149 * so_pd is useful when the provider descriptor (pd) supplying the 150 * provider handle is different from the pd supplying the ops vector. 151 * This is the case for session open/close where so_pd can be the pd 152 * of a logical provider. The pd supplying the ops vector is passed 153 * as an argument to kcf_submit_request(). 154 */ 155 typedef struct kcf_session_ops_params { 156 crypto_session_id_t *so_sid_ptr; 157 crypto_session_id_t so_sid; 158 crypto_user_type_t so_user_type; 159 char *so_pin; 160 size_t so_pin_len; 161 kcf_provider_desc_t *so_pd; 162 } kcf_session_ops_params_t; 163 164 typedef struct kcf_object_ops_params { 165 crypto_session_id_t oo_sid; 166 crypto_object_id_t oo_object_id; 167 crypto_object_attribute_t *oo_template; 168 uint_t oo_attribute_count; 169 crypto_object_id_t *oo_object_id_ptr; 170 size_t *oo_object_size; 171 void **oo_find_init_pp_ptr; 172 void *oo_find_pp; 173 uint_t oo_max_object_count; 174 uint_t *oo_object_count_ptr; 175 } kcf_object_ops_params_t; 176 177 /* 178 * ko_key is used to encode wrapping key in key_wrap() and 179 * unwrapping key in key_unwrap(). ko_key_template and 180 * ko_key_attribute_count are used to encode public template 181 * and public template attr count in key_generate_pair(). 182 * kops->ko_key_object_id_ptr is used to encode public key 183 * in key_generate_pair(). 184 */ 185 typedef struct kcf_key_ops_params { 186 crypto_session_id_t ko_sid; 187 crypto_mech_type_t ko_framework_mechtype; 188 crypto_mechanism_t ko_mech; 189 crypto_object_attribute_t *ko_key_template; 190 uint_t ko_key_attribute_count; 191 crypto_object_id_t *ko_key_object_id_ptr; 192 crypto_object_attribute_t *ko_private_key_template; 193 uint_t ko_private_key_attribute_count; 194 crypto_object_id_t *ko_private_key_object_id_ptr; 195 crypto_key_t *ko_key; 196 uchar_t *ko_wrapped_key; 197 size_t *ko_wrapped_key_len_ptr; 198 crypto_object_attribute_t *ko_out_template1; 199 crypto_object_attribute_t *ko_out_template2; 200 uint_t ko_out_attribute_count1; 201 uint_t ko_out_attribute_count2; 202 } kcf_key_ops_params_t; 203 204 /* 205 * po_pin and po_pin_len are used to encode new_pin and new_pin_len 206 * when wrapping set_pin() function parameters. 207 * 208 * po_pd is useful when the provider descriptor (pd) supplying the 209 * provider handle is different from the pd supplying the ops vector. 210 * This is true for the ext_info provider entry point where po_pd 211 * can be the pd of a logical provider. The pd supplying the ops vector 212 * is passed as an argument to kcf_submit_request(). 213 */ 214 typedef struct kcf_provmgmt_ops_params { 215 crypto_session_id_t po_sid; 216 char *po_pin; 217 size_t po_pin_len; 218 char *po_old_pin; 219 size_t po_old_pin_len; 220 char *po_label; 221 crypto_provider_ext_info_t *po_ext_info; 222 kcf_provider_desc_t *po_pd; 223 } kcf_provmgmt_ops_params_t; 224 225 /* 226 * The operation type within a function group. 227 */ 228 typedef enum kcf_op_type { 229 /* common ops for all mechanisms */ 230 KCF_OP_INIT = 1, 231 KCF_OP_SINGLE, /* pkcs11 sense. So, INIT is already done */ 232 KCF_OP_UPDATE, 233 KCF_OP_FINAL, 234 KCF_OP_ATOMIC, 235 236 /* digest_key op */ 237 KCF_OP_DIGEST_KEY, 238 239 /* mac specific op */ 240 KCF_OP_MAC_VERIFY_ATOMIC, 241 242 /* mac/cipher specific op */ 243 KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC, 244 245 /* sign_recover ops */ 246 KCF_OP_SIGN_RECOVER_INIT, 247 KCF_OP_SIGN_RECOVER, 248 KCF_OP_SIGN_RECOVER_ATOMIC, 249 250 /* verify_recover ops */ 251 KCF_OP_VERIFY_RECOVER_INIT, 252 KCF_OP_VERIFY_RECOVER, 253 KCF_OP_VERIFY_RECOVER_ATOMIC, 254 255 /* random number ops */ 256 KCF_OP_RANDOM_SEED, 257 KCF_OP_RANDOM_GENERATE, 258 259 /* session management ops */ 260 KCF_OP_SESSION_OPEN, 261 KCF_OP_SESSION_CLOSE, 262 KCF_OP_SESSION_LOGIN, 263 KCF_OP_SESSION_LOGOUT, 264 265 /* object management ops */ 266 KCF_OP_OBJECT_CREATE, 267 KCF_OP_OBJECT_COPY, 268 KCF_OP_OBJECT_DESTROY, 269 KCF_OP_OBJECT_GET_SIZE, 270 KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE, 271 KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE, 272 KCF_OP_OBJECT_FIND_INIT, 273 KCF_OP_OBJECT_FIND, 274 KCF_OP_OBJECT_FIND_FINAL, 275 276 /* key management ops */ 277 KCF_OP_KEY_GENERATE, 278 KCF_OP_KEY_GENERATE_PAIR, 279 KCF_OP_KEY_WRAP, 280 KCF_OP_KEY_UNWRAP, 281 KCF_OP_KEY_DERIVE, 282 KCF_OP_KEY_CHECK, 283 284 /* provider management ops */ 285 KCF_OP_MGMT_EXTINFO, 286 KCF_OP_MGMT_INITTOKEN, 287 KCF_OP_MGMT_INITPIN, 288 KCF_OP_MGMT_SETPIN 289 } kcf_op_type_t; 290 291 /* 292 * The operation groups that need wrapping of parameters. This is somewhat 293 * similar to the function group type in spi.h except that this also includes 294 * all the functions that don't have a mechanism. 295 * 296 * The wrapper macros should never take these enum values as an argument. 297 * Rather, they are assigned in the macro itself since they are known 298 * from the macro name. 299 */ 300 typedef enum kcf_op_group { 301 KCF_OG_DIGEST = 1, 302 KCF_OG_MAC, 303 KCF_OG_ENCRYPT, 304 KCF_OG_DECRYPT, 305 KCF_OG_SIGN, 306 KCF_OG_VERIFY, 307 KCF_OG_ENCRYPT_MAC, 308 KCF_OG_MAC_DECRYPT, 309 KCF_OG_RANDOM, 310 KCF_OG_SESSION, 311 KCF_OG_OBJECT, 312 KCF_OG_KEY, 313 KCF_OG_PROVMGMT, 314 KCF_OG_NOSTORE_KEY 315 } kcf_op_group_t; 316 317 /* 318 * The kcf_op_type_t enum values used here should be only for those 319 * operations for which there is a k-api routine in sys/crypto/api.h. 320 */ 321 #define IS_INIT_OP(ftype) ((ftype) == KCF_OP_INIT) 322 #define IS_SINGLE_OP(ftype) ((ftype) == KCF_OP_SINGLE) 323 #define IS_UPDATE_OP(ftype) ((ftype) == KCF_OP_UPDATE) 324 #define IS_FINAL_OP(ftype) ((ftype) == KCF_OP_FINAL) 325 #define IS_ATOMIC_OP(ftype) ( \ 326 (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \ 327 (ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \ 328 (ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \ 329 (ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC) 330 331 /* 332 * Keep the parameters associated with a request around. 333 * We need to pass them to the SPI. 334 */ 335 typedef struct kcf_req_params { 336 kcf_op_group_t rp_opgrp; 337 kcf_op_type_t rp_optype; 338 339 union { 340 kcf_digest_ops_params_t digest_params; 341 kcf_mac_ops_params_t mac_params; 342 kcf_encrypt_ops_params_t encrypt_params; 343 kcf_decrypt_ops_params_t decrypt_params; 344 kcf_sign_ops_params_t sign_params; 345 kcf_verify_ops_params_t verify_params; 346 kcf_encrypt_mac_ops_params_t encrypt_mac_params; 347 kcf_mac_decrypt_ops_params_t mac_decrypt_params; 348 kcf_random_number_ops_params_t random_number_params; 349 kcf_session_ops_params_t session_params; 350 kcf_object_ops_params_t object_params; 351 kcf_key_ops_params_t key_params; 352 kcf_provmgmt_ops_params_t provmgmt_params; 353 } rp_u; 354 } kcf_req_params_t; 355 356 357 /* 358 * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t 359 * structure before calling a scheduler routine. The following macros are 360 * available for that purpose. 361 * 362 * For the most part, the macro arguments closely correspond to the 363 * function parameters. In some cases, we use generic names. The comments 364 * for the structure should indicate these cases. 365 */ 366 #define KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 367 _data, _digest) { \ 368 kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params; \ 369 crypto_mechanism_t *mechp = _mech; \ 370 \ 371 (req)->rp_opgrp = KCF_OG_DIGEST; \ 372 (req)->rp_optype = ftype; \ 373 dops->do_sid = _sid; \ 374 if (mechp != NULL) { \ 375 dops->do_mech = *mechp; \ 376 dops->do_framework_mechtype = mechp->cm_type; \ 377 } \ 378 dops->do_digest_key = _key; \ 379 dops->do_data = _data; \ 380 dops->do_digest = _digest; \ 381 } 382 383 #define KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 384 _data, _mac, _templ) { \ 385 kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params; \ 386 crypto_mechanism_t *mechp = _mech; \ 387 \ 388 (req)->rp_opgrp = KCF_OG_MAC; \ 389 (req)->rp_optype = ftype; \ 390 mops->mo_sid = _sid; \ 391 if (mechp != NULL) { \ 392 mops->mo_mech = *mechp; \ 393 mops->mo_framework_mechtype = mechp->cm_type; \ 394 } \ 395 mops->mo_key = _key; \ 396 mops->mo_data = _data; \ 397 mops->mo_mac = _mac; \ 398 mops->mo_templ = _templ; \ 399 } 400 401 #define KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 402 _plaintext, _ciphertext, _templ) { \ 403 kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params; \ 404 crypto_mechanism_t *mechp = _mech; \ 405 \ 406 (req)->rp_opgrp = KCF_OG_ENCRYPT; \ 407 (req)->rp_optype = ftype; \ 408 cops->eo_sid = _sid; \ 409 if (mechp != NULL) { \ 410 cops->eo_mech = *mechp; \ 411 cops->eo_framework_mechtype = mechp->cm_type; \ 412 } \ 413 cops->eo_key = _key; \ 414 cops->eo_plaintext = _plaintext; \ 415 cops->eo_ciphertext = _ciphertext; \ 416 cops->eo_templ = _templ; \ 417 } 418 419 #define KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 420 _ciphertext, _plaintext, _templ) { \ 421 kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params; \ 422 crypto_mechanism_t *mechp = _mech; \ 423 \ 424 (req)->rp_opgrp = KCF_OG_DECRYPT; \ 425 (req)->rp_optype = ftype; \ 426 cops->dop_sid = _sid; \ 427 if (mechp != NULL) { \ 428 cops->dop_mech = *mechp; \ 429 cops->dop_framework_mechtype = mechp->cm_type; \ 430 } \ 431 cops->dop_key = _key; \ 432 cops->dop_ciphertext = _ciphertext; \ 433 cops->dop_plaintext = _plaintext; \ 434 cops->dop_templ = _templ; \ 435 } 436 437 #define KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 438 _data, _signature, _templ) { \ 439 kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params; \ 440 crypto_mechanism_t *mechp = _mech; \ 441 \ 442 (req)->rp_opgrp = KCF_OG_SIGN; \ 443 (req)->rp_optype = ftype; \ 444 sops->so_sid = _sid; \ 445 if (mechp != NULL) { \ 446 sops->so_mech = *mechp; \ 447 sops->so_framework_mechtype = mechp->cm_type; \ 448 } \ 449 sops->so_key = _key; \ 450 sops->so_data = _data; \ 451 sops->so_signature = _signature; \ 452 sops->so_templ = _templ; \ 453 } 454 455 #define KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 456 _data, _signature, _templ) { \ 457 kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params; \ 458 crypto_mechanism_t *mechp = _mech; \ 459 \ 460 (req)->rp_opgrp = KCF_OG_VERIFY; \ 461 (req)->rp_optype = ftype; \ 462 vops->vo_sid = _sid; \ 463 if (mechp != NULL) { \ 464 vops->vo_mech = *mechp; \ 465 vops->vo_framework_mechtype = mechp->cm_type; \ 466 } \ 467 vops->vo_key = _key; \ 468 vops->vo_data = _data; \ 469 vops->vo_signature = _signature; \ 470 vops->vo_templ = _templ; \ 471 } 472 473 #define KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key, \ 474 _mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \ 475 kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \ 476 \ 477 (req)->rp_opgrp = KCF_OG_ENCRYPT_MAC; \ 478 (req)->rp_optype = ftype; \ 479 cmops->em_sid = _sid; \ 480 cmops->em_encr_key = _encr_key; \ 481 cmops->em_mac_key = _mac_key; \ 482 cmops->em_plaintext = _plaintext; \ 483 cmops->em_ciphertext = _ciphertext; \ 484 cmops->em_mac = _mac; \ 485 cmops->em_encr_templ = _encr_templ; \ 486 cmops->em_mac_templ = _mac_templ; \ 487 } 488 489 #define KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key, \ 490 _decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \ 491 kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \ 492 \ 493 (req)->rp_opgrp = KCF_OG_MAC_DECRYPT; \ 494 (req)->rp_optype = ftype; \ 495 cmops->md_sid = _sid; \ 496 cmops->md_mac_key = _mac_key; \ 497 cmops->md_decr_key = _decr_key; \ 498 cmops->md_ciphertext = _ciphertext; \ 499 cmops->md_mac = _mac; \ 500 cmops->md_plaintext = _plaintext; \ 501 cmops->md_mac_templ = _mac_templ; \ 502 cmops->md_decr_templ = _decr_templ; \ 503 } 504 505 #define KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen, \ 506 _est, _flags) { \ 507 kcf_random_number_ops_params_t *rops = \ 508 &(req)->rp_u.random_number_params; \ 509 \ 510 (req)->rp_opgrp = KCF_OG_RANDOM; \ 511 (req)->rp_optype = ftype; \ 512 rops->rn_sid = _sid; \ 513 rops->rn_buf = _buf; \ 514 rops->rn_buflen = _buflen; \ 515 rops->rn_entropy_est = _est; \ 516 rops->rn_flags = _flags; \ 517 } 518 519 #define KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid, \ 520 _user_type, _pin, _pin_len, _pd) { \ 521 kcf_session_ops_params_t *sops = &(req)->rp_u.session_params; \ 522 \ 523 (req)->rp_opgrp = KCF_OG_SESSION; \ 524 (req)->rp_optype = ftype; \ 525 sops->so_sid_ptr = _sid_ptr; \ 526 sops->so_sid = _sid; \ 527 sops->so_user_type = _user_type; \ 528 sops->so_pin = _pin; \ 529 sops->so_pin_len = _pin_len; \ 530 sops->so_pd = _pd; \ 531 } 532 533 #define KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id, \ 534 _template, _attribute_count, _object_id_ptr, _object_size, \ 535 _find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \ 536 kcf_object_ops_params_t *jops = &(req)->rp_u.object_params; \ 537 \ 538 (req)->rp_opgrp = KCF_OG_OBJECT; \ 539 (req)->rp_optype = ftype; \ 540 jops->oo_sid = _sid; \ 541 jops->oo_object_id = _object_id; \ 542 jops->oo_template = _template; \ 543 jops->oo_attribute_count = _attribute_count; \ 544 jops->oo_object_id_ptr = _object_id_ptr; \ 545 jops->oo_object_size = _object_size; \ 546 jops->oo_find_init_pp_ptr = _find_init_pp_ptr; \ 547 jops->oo_find_pp = _find_pp; \ 548 jops->oo_max_object_count = _max_object_count; \ 549 jops->oo_object_count_ptr = _object_count_ptr; \ 550 } 551 552 #define KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \ 553 _key_attribute_count, _key_object_id_ptr, _private_key_template, \ 554 _private_key_attribute_count, _private_key_object_id_ptr, \ 555 _key, _wrapped_key, _wrapped_key_len_ptr) { \ 556 kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 557 crypto_mechanism_t *mechp = _mech; \ 558 \ 559 (req)->rp_opgrp = KCF_OG_KEY; \ 560 (req)->rp_optype = ftype; \ 561 kops->ko_sid = _sid; \ 562 if (mechp != NULL) { \ 563 kops->ko_mech = *mechp; \ 564 kops->ko_framework_mechtype = mechp->cm_type; \ 565 } \ 566 kops->ko_key_template = _key_template; \ 567 kops->ko_key_attribute_count = _key_attribute_count; \ 568 kops->ko_key_object_id_ptr = _key_object_id_ptr; \ 569 kops->ko_private_key_template = _private_key_template; \ 570 kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 571 kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \ 572 kops->ko_key = _key; \ 573 kops->ko_wrapped_key = _wrapped_key; \ 574 kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr; \ 575 } 576 577 #define KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin, \ 578 _old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) { \ 579 kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params; \ 580 \ 581 (req)->rp_opgrp = KCF_OG_PROVMGMT; \ 582 (req)->rp_optype = ftype; \ 583 pops->po_sid = _sid; \ 584 pops->po_pin = _pin; \ 585 pops->po_pin_len = _pin_len; \ 586 pops->po_old_pin = _old_pin; \ 587 pops->po_old_pin_len = _old_pin_len; \ 588 pops->po_label = _label; \ 589 pops->po_ext_info = _ext_info; \ 590 pops->po_pd = _pd; \ 591 } 592 593 #define KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech, \ 594 _key_template, _key_attribute_count, _private_key_template, \ 595 _private_key_attribute_count, _key, _out_template1, \ 596 _out_attribute_count1, _out_template2, _out_attribute_count2) { \ 597 kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 598 crypto_mechanism_t *mechp = _mech; \ 599 \ 600 (req)->rp_opgrp = KCF_OG_NOSTORE_KEY; \ 601 (req)->rp_optype = ftype; \ 602 kops->ko_sid = _sid; \ 603 if (mechp != NULL) { \ 604 kops->ko_mech = *mechp; \ 605 kops->ko_framework_mechtype = mechp->cm_type; \ 606 } \ 607 kops->ko_key_template = _key_template; \ 608 kops->ko_key_attribute_count = _key_attribute_count; \ 609 kops->ko_key_object_id_ptr = NULL; \ 610 kops->ko_private_key_template = _private_key_template; \ 611 kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 612 kops->ko_private_key_object_id_ptr = NULL; \ 613 kops->ko_key = _key; \ 614 kops->ko_wrapped_key = NULL; \ 615 kops->ko_wrapped_key_len_ptr = 0; \ 616 kops->ko_out_template1 = _out_template1; \ 617 kops->ko_out_template2 = _out_template2; \ 618 kops->ko_out_attribute_count1 = _out_attribute_count1; \ 619 kops->ko_out_attribute_count2 = _out_attribute_count2; \ 620 } 621 622 #define KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp) \ 623 (mechp)->cm_type = \ 624 KCF_TO_PROV_MECHNUM(pd, fmtype); 625 626 #ifdef __cplusplus 627 } 628 #endif 629 630 #endif /* _SYS_CRYPTO_OPS_IMPL_H */ 631