| /* |
| * CDDL HEADER START |
| * |
| * The contents of this file are subject to the terms of the |
| * Common Development and Distribution License (the "License"). |
| * You may not use this file except in compliance with the License. |
| * |
| * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| * or http://www.opensolaris.org/os/licensing. |
| * See the License for the specific language governing permissions |
| * and limitations under the License. |
| * |
| * When distributing Covered Code, include this CDDL HEADER in each |
| * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| * If applicable, add the following below this CDDL HEADER, with the |
| * fields enclosed by brackets "[]" replaced with your own identifying |
| * information: Portions Copyright [yyyy] [name of copyright owner] |
| * |
| * CDDL HEADER END |
| */ |
| /* |
| * Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
| * Use is subject to license terms. |
| */ |
| |
| #ifndef _SYS_CRYPTO_OPS_IMPL_H |
| #define _SYS_CRYPTO_OPS_IMPL_H |
| |
| /* |
| * Scheduler internal structures. |
| */ |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| #include <sys/zfs_context.h> |
| #include <sys/crypto/api.h> |
| #include <sys/crypto/spi.h> |
| #include <sys/crypto/impl.h> |
| #include <sys/crypto/common.h> |
| |
| /* |
| * The parameters needed for each function group are batched |
| * in one structure. This is much simpler than having a |
| * separate structure for each function. |
| * |
| * In some cases, a field is generically named to keep the |
| * structure small. The comments indicate these cases. |
| */ |
| typedef struct kcf_digest_ops_params { |
| crypto_session_id_t do_sid; |
| crypto_mech_type_t do_framework_mechtype; |
| crypto_mechanism_t do_mech; |
| crypto_data_t *do_data; |
| crypto_data_t *do_digest; |
| crypto_key_t *do_digest_key; /* Argument for digest_key() */ |
| } kcf_digest_ops_params_t; |
| |
| typedef struct kcf_mac_ops_params { |
| crypto_session_id_t mo_sid; |
| crypto_mech_type_t mo_framework_mechtype; |
| crypto_mechanism_t mo_mech; |
| crypto_key_t *mo_key; |
| crypto_data_t *mo_data; |
| crypto_data_t *mo_mac; |
| crypto_spi_ctx_template_t mo_templ; |
| } kcf_mac_ops_params_t; |
| |
| typedef struct kcf_encrypt_ops_params { |
| crypto_session_id_t eo_sid; |
| crypto_mech_type_t eo_framework_mechtype; |
| crypto_mechanism_t eo_mech; |
| crypto_key_t *eo_key; |
| crypto_data_t *eo_plaintext; |
| crypto_data_t *eo_ciphertext; |
| crypto_spi_ctx_template_t eo_templ; |
| } kcf_encrypt_ops_params_t; |
| |
| typedef struct kcf_decrypt_ops_params { |
| crypto_session_id_t dop_sid; |
| crypto_mech_type_t dop_framework_mechtype; |
| crypto_mechanism_t dop_mech; |
| crypto_key_t *dop_key; |
| crypto_data_t *dop_ciphertext; |
| crypto_data_t *dop_plaintext; |
| crypto_spi_ctx_template_t dop_templ; |
| } kcf_decrypt_ops_params_t; |
| |
| typedef struct kcf_sign_ops_params { |
| crypto_session_id_t so_sid; |
| crypto_mech_type_t so_framework_mechtype; |
| crypto_mechanism_t so_mech; |
| crypto_key_t *so_key; |
| crypto_data_t *so_data; |
| crypto_data_t *so_signature; |
| crypto_spi_ctx_template_t so_templ; |
| } kcf_sign_ops_params_t; |
| |
| typedef struct kcf_verify_ops_params { |
| crypto_session_id_t vo_sid; |
| crypto_mech_type_t vo_framework_mechtype; |
| crypto_mechanism_t vo_mech; |
| crypto_key_t *vo_key; |
| crypto_data_t *vo_data; |
| crypto_data_t *vo_signature; |
| crypto_spi_ctx_template_t vo_templ; |
| } kcf_verify_ops_params_t; |
| |
| typedef struct kcf_encrypt_mac_ops_params { |
| crypto_session_id_t em_sid; |
| crypto_mech_type_t em_framework_encr_mechtype; |
| crypto_mechanism_t em_encr_mech; |
| crypto_key_t *em_encr_key; |
| crypto_mech_type_t em_framework_mac_mechtype; |
| crypto_mechanism_t em_mac_mech; |
| crypto_key_t *em_mac_key; |
| crypto_data_t *em_plaintext; |
| crypto_dual_data_t *em_ciphertext; |
| crypto_data_t *em_mac; |
| crypto_spi_ctx_template_t em_encr_templ; |
| crypto_spi_ctx_template_t em_mac_templ; |
| } kcf_encrypt_mac_ops_params_t; |
| |
| typedef struct kcf_mac_decrypt_ops_params { |
| crypto_session_id_t md_sid; |
| crypto_mech_type_t md_framework_mac_mechtype; |
| crypto_mechanism_t md_mac_mech; |
| crypto_key_t *md_mac_key; |
| crypto_mech_type_t md_framework_decr_mechtype; |
| crypto_mechanism_t md_decr_mech; |
| crypto_key_t *md_decr_key; |
| crypto_dual_data_t *md_ciphertext; |
| crypto_data_t *md_mac; |
| crypto_data_t *md_plaintext; |
| crypto_spi_ctx_template_t md_mac_templ; |
| crypto_spi_ctx_template_t md_decr_templ; |
| } kcf_mac_decrypt_ops_params_t; |
| |
| typedef struct kcf_random_number_ops_params { |
| crypto_session_id_t rn_sid; |
| uchar_t *rn_buf; |
| size_t rn_buflen; |
| uint_t rn_entropy_est; |
| uint32_t rn_flags; |
| } kcf_random_number_ops_params_t; |
| |
| /* |
| * so_pd is useful when the provider descriptor (pd) supplying the |
| * provider handle is different from the pd supplying the ops vector. |
| * This is the case for session open/close where so_pd can be the pd |
| * of a logical provider. The pd supplying the ops vector is passed |
| * as an argument to kcf_submit_request(). |
| */ |
| typedef struct kcf_session_ops_params { |
| crypto_session_id_t *so_sid_ptr; |
| crypto_session_id_t so_sid; |
| crypto_user_type_t so_user_type; |
| char *so_pin; |
| size_t so_pin_len; |
| kcf_provider_desc_t *so_pd; |
| } kcf_session_ops_params_t; |
| |
| typedef struct kcf_object_ops_params { |
| crypto_session_id_t oo_sid; |
| crypto_object_id_t oo_object_id; |
| crypto_object_attribute_t *oo_template; |
| uint_t oo_attribute_count; |
| crypto_object_id_t *oo_object_id_ptr; |
| size_t *oo_object_size; |
| void **oo_find_init_pp_ptr; |
| void *oo_find_pp; |
| uint_t oo_max_object_count; |
| uint_t *oo_object_count_ptr; |
| } kcf_object_ops_params_t; |
| |
| /* |
| * ko_key is used to encode wrapping key in key_wrap() and |
| * unwrapping key in key_unwrap(). ko_key_template and |
| * ko_key_attribute_count are used to encode public template |
| * and public template attr count in key_generate_pair(). |
| * kops->ko_key_object_id_ptr is used to encode public key |
| * in key_generate_pair(). |
| */ |
| typedef struct kcf_key_ops_params { |
| crypto_session_id_t ko_sid; |
| crypto_mech_type_t ko_framework_mechtype; |
| crypto_mechanism_t ko_mech; |
| crypto_object_attribute_t *ko_key_template; |
| uint_t ko_key_attribute_count; |
| crypto_object_id_t *ko_key_object_id_ptr; |
| crypto_object_attribute_t *ko_private_key_template; |
| uint_t ko_private_key_attribute_count; |
| crypto_object_id_t *ko_private_key_object_id_ptr; |
| crypto_key_t *ko_key; |
| uchar_t *ko_wrapped_key; |
| size_t *ko_wrapped_key_len_ptr; |
| crypto_object_attribute_t *ko_out_template1; |
| crypto_object_attribute_t *ko_out_template2; |
| uint_t ko_out_attribute_count1; |
| uint_t ko_out_attribute_count2; |
| } kcf_key_ops_params_t; |
| |
| /* |
| * po_pin and po_pin_len are used to encode new_pin and new_pin_len |
| * when wrapping set_pin() function parameters. |
| * |
| * po_pd is useful when the provider descriptor (pd) supplying the |
| * provider handle is different from the pd supplying the ops vector. |
| * This is true for the ext_info provider entry point where po_pd |
| * can be the pd of a logical provider. The pd supplying the ops vector |
| * is passed as an argument to kcf_submit_request(). |
| */ |
| typedef struct kcf_provmgmt_ops_params { |
| crypto_session_id_t po_sid; |
| char *po_pin; |
| size_t po_pin_len; |
| char *po_old_pin; |
| size_t po_old_pin_len; |
| char *po_label; |
| crypto_provider_ext_info_t *po_ext_info; |
| kcf_provider_desc_t *po_pd; |
| } kcf_provmgmt_ops_params_t; |
| |
| /* |
| * The operation type within a function group. |
| */ |
| typedef enum kcf_op_type { |
| /* common ops for all mechanisms */ |
| KCF_OP_INIT = 1, |
| KCF_OP_SINGLE, /* pkcs11 sense. So, INIT is already done */ |
| KCF_OP_UPDATE, |
| KCF_OP_FINAL, |
| KCF_OP_ATOMIC, |
| |
| /* digest_key op */ |
| KCF_OP_DIGEST_KEY, |
| |
| /* mac specific op */ |
| KCF_OP_MAC_VERIFY_ATOMIC, |
| |
| /* mac/cipher specific op */ |
| KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC, |
| |
| /* sign_recover ops */ |
| KCF_OP_SIGN_RECOVER_INIT, |
| KCF_OP_SIGN_RECOVER, |
| KCF_OP_SIGN_RECOVER_ATOMIC, |
| |
| /* verify_recover ops */ |
| KCF_OP_VERIFY_RECOVER_INIT, |
| KCF_OP_VERIFY_RECOVER, |
| KCF_OP_VERIFY_RECOVER_ATOMIC, |
| |
| /* random number ops */ |
| KCF_OP_RANDOM_SEED, |
| KCF_OP_RANDOM_GENERATE, |
| |
| /* session management ops */ |
| KCF_OP_SESSION_OPEN, |
| KCF_OP_SESSION_CLOSE, |
| KCF_OP_SESSION_LOGIN, |
| KCF_OP_SESSION_LOGOUT, |
| |
| /* object management ops */ |
| KCF_OP_OBJECT_CREATE, |
| KCF_OP_OBJECT_COPY, |
| KCF_OP_OBJECT_DESTROY, |
| KCF_OP_OBJECT_GET_SIZE, |
| KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE, |
| KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE, |
| KCF_OP_OBJECT_FIND_INIT, |
| KCF_OP_OBJECT_FIND, |
| KCF_OP_OBJECT_FIND_FINAL, |
| |
| /* key management ops */ |
| KCF_OP_KEY_GENERATE, |
| KCF_OP_KEY_GENERATE_PAIR, |
| KCF_OP_KEY_WRAP, |
| KCF_OP_KEY_UNWRAP, |
| KCF_OP_KEY_DERIVE, |
| KCF_OP_KEY_CHECK, |
| |
| /* provider management ops */ |
| KCF_OP_MGMT_EXTINFO, |
| KCF_OP_MGMT_INITTOKEN, |
| KCF_OP_MGMT_INITPIN, |
| KCF_OP_MGMT_SETPIN |
| } kcf_op_type_t; |
| |
| /* |
| * The operation groups that need wrapping of parameters. This is somewhat |
| * similar to the function group type in spi.h except that this also includes |
| * all the functions that don't have a mechanism. |
| * |
| * The wrapper macros should never take these enum values as an argument. |
| * Rather, they are assigned in the macro itself since they are known |
| * from the macro name. |
| */ |
| typedef enum kcf_op_group { |
| KCF_OG_DIGEST = 1, |
| KCF_OG_MAC, |
| KCF_OG_ENCRYPT, |
| KCF_OG_DECRYPT, |
| KCF_OG_SIGN, |
| KCF_OG_VERIFY, |
| KCF_OG_ENCRYPT_MAC, |
| KCF_OG_MAC_DECRYPT, |
| KCF_OG_RANDOM, |
| KCF_OG_SESSION, |
| KCF_OG_OBJECT, |
| KCF_OG_KEY, |
| KCF_OG_PROVMGMT, |
| KCF_OG_NOSTORE_KEY |
| } kcf_op_group_t; |
| |
| /* |
| * The kcf_op_type_t enum values used here should be only for those |
| * operations for which there is a k-api routine in sys/crypto/api.h. |
| */ |
| #define IS_INIT_OP(ftype) ((ftype) == KCF_OP_INIT) |
| #define IS_SINGLE_OP(ftype) ((ftype) == KCF_OP_SINGLE) |
| #define IS_UPDATE_OP(ftype) ((ftype) == KCF_OP_UPDATE) |
| #define IS_FINAL_OP(ftype) ((ftype) == KCF_OP_FINAL) |
| #define IS_ATOMIC_OP(ftype) ( \ |
| (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \ |
| (ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \ |
| (ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \ |
| (ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC) |
| |
| /* |
| * Keep the parameters associated with a request around. |
| * We need to pass them to the SPI. |
| */ |
| typedef struct kcf_req_params { |
| kcf_op_group_t rp_opgrp; |
| kcf_op_type_t rp_optype; |
| |
| union { |
| kcf_digest_ops_params_t digest_params; |
| kcf_mac_ops_params_t mac_params; |
| kcf_encrypt_ops_params_t encrypt_params; |
| kcf_decrypt_ops_params_t decrypt_params; |
| kcf_sign_ops_params_t sign_params; |
| kcf_verify_ops_params_t verify_params; |
| kcf_encrypt_mac_ops_params_t encrypt_mac_params; |
| kcf_mac_decrypt_ops_params_t mac_decrypt_params; |
| kcf_random_number_ops_params_t random_number_params; |
| kcf_session_ops_params_t session_params; |
| kcf_object_ops_params_t object_params; |
| kcf_key_ops_params_t key_params; |
| kcf_provmgmt_ops_params_t provmgmt_params; |
| } rp_u; |
| } kcf_req_params_t; |
| |
| |
| /* |
| * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t |
| * structure before calling a scheduler routine. The following macros are |
| * available for that purpose. |
| * |
| * For the most part, the macro arguments closely correspond to the |
| * function parameters. In some cases, we use generic names. The comments |
| * for the structure should indicate these cases. |
| */ |
| #define KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ |
| _data, _digest) { \ |
| kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_DIGEST; \ |
| (req)->rp_optype = ftype; \ |
| dops->do_sid = _sid; \ |
| if (mechp != NULL) { \ |
| dops->do_mech = *mechp; \ |
| dops->do_framework_mechtype = mechp->cm_type; \ |
| } \ |
| dops->do_digest_key = _key; \ |
| dops->do_data = _data; \ |
| dops->do_digest = _digest; \ |
| } |
| |
| #define KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ |
| _data, _mac, _templ) { \ |
| kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_MAC; \ |
| (req)->rp_optype = ftype; \ |
| mops->mo_sid = _sid; \ |
| if (mechp != NULL) { \ |
| mops->mo_mech = *mechp; \ |
| mops->mo_framework_mechtype = mechp->cm_type; \ |
| } \ |
| mops->mo_key = _key; \ |
| mops->mo_data = _data; \ |
| mops->mo_mac = _mac; \ |
| mops->mo_templ = _templ; \ |
| } |
| |
| #define KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ |
| _plaintext, _ciphertext, _templ) { \ |
| kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_ENCRYPT; \ |
| (req)->rp_optype = ftype; \ |
| cops->eo_sid = _sid; \ |
| if (mechp != NULL) { \ |
| cops->eo_mech = *mechp; \ |
| cops->eo_framework_mechtype = mechp->cm_type; \ |
| } \ |
| cops->eo_key = _key; \ |
| cops->eo_plaintext = _plaintext; \ |
| cops->eo_ciphertext = _ciphertext; \ |
| cops->eo_templ = _templ; \ |
| } |
| |
| #define KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ |
| _ciphertext, _plaintext, _templ) { \ |
| kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_DECRYPT; \ |
| (req)->rp_optype = ftype; \ |
| cops->dop_sid = _sid; \ |
| if (mechp != NULL) { \ |
| cops->dop_mech = *mechp; \ |
| cops->dop_framework_mechtype = mechp->cm_type; \ |
| } \ |
| cops->dop_key = _key; \ |
| cops->dop_ciphertext = _ciphertext; \ |
| cops->dop_plaintext = _plaintext; \ |
| cops->dop_templ = _templ; \ |
| } |
| |
| #define KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ |
| _data, _signature, _templ) { \ |
| kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_SIGN; \ |
| (req)->rp_optype = ftype; \ |
| sops->so_sid = _sid; \ |
| if (mechp != NULL) { \ |
| sops->so_mech = *mechp; \ |
| sops->so_framework_mechtype = mechp->cm_type; \ |
| } \ |
| sops->so_key = _key; \ |
| sops->so_data = _data; \ |
| sops->so_signature = _signature; \ |
| sops->so_templ = _templ; \ |
| } |
| |
| #define KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ |
| _data, _signature, _templ) { \ |
| kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_VERIFY; \ |
| (req)->rp_optype = ftype; \ |
| vops->vo_sid = _sid; \ |
| if (mechp != NULL) { \ |
| vops->vo_mech = *mechp; \ |
| vops->vo_framework_mechtype = mechp->cm_type; \ |
| } \ |
| vops->vo_key = _key; \ |
| vops->vo_data = _data; \ |
| vops->vo_signature = _signature; \ |
| vops->vo_templ = _templ; \ |
| } |
| |
| #define KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key, \ |
| _mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \ |
| kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_ENCRYPT_MAC; \ |
| (req)->rp_optype = ftype; \ |
| cmops->em_sid = _sid; \ |
| cmops->em_encr_key = _encr_key; \ |
| cmops->em_mac_key = _mac_key; \ |
| cmops->em_plaintext = _plaintext; \ |
| cmops->em_ciphertext = _ciphertext; \ |
| cmops->em_mac = _mac; \ |
| cmops->em_encr_templ = _encr_templ; \ |
| cmops->em_mac_templ = _mac_templ; \ |
| } |
| |
| #define KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key, \ |
| _decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \ |
| kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_MAC_DECRYPT; \ |
| (req)->rp_optype = ftype; \ |
| cmops->md_sid = _sid; \ |
| cmops->md_mac_key = _mac_key; \ |
| cmops->md_decr_key = _decr_key; \ |
| cmops->md_ciphertext = _ciphertext; \ |
| cmops->md_mac = _mac; \ |
| cmops->md_plaintext = _plaintext; \ |
| cmops->md_mac_templ = _mac_templ; \ |
| cmops->md_decr_templ = _decr_templ; \ |
| } |
| |
| #define KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen, \ |
| _est, _flags) { \ |
| kcf_random_number_ops_params_t *rops = \ |
| &(req)->rp_u.random_number_params; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_RANDOM; \ |
| (req)->rp_optype = ftype; \ |
| rops->rn_sid = _sid; \ |
| rops->rn_buf = _buf; \ |
| rops->rn_buflen = _buflen; \ |
| rops->rn_entropy_est = _est; \ |
| rops->rn_flags = _flags; \ |
| } |
| |
| #define KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid, \ |
| _user_type, _pin, _pin_len, _pd) { \ |
| kcf_session_ops_params_t *sops = &(req)->rp_u.session_params; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_SESSION; \ |
| (req)->rp_optype = ftype; \ |
| sops->so_sid_ptr = _sid_ptr; \ |
| sops->so_sid = _sid; \ |
| sops->so_user_type = _user_type; \ |
| sops->so_pin = _pin; \ |
| sops->so_pin_len = _pin_len; \ |
| sops->so_pd = _pd; \ |
| } |
| |
| #define KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id, \ |
| _template, _attribute_count, _object_id_ptr, _object_size, \ |
| _find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \ |
| kcf_object_ops_params_t *jops = &(req)->rp_u.object_params; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_OBJECT; \ |
| (req)->rp_optype = ftype; \ |
| jops->oo_sid = _sid; \ |
| jops->oo_object_id = _object_id; \ |
| jops->oo_template = _template; \ |
| jops->oo_attribute_count = _attribute_count; \ |
| jops->oo_object_id_ptr = _object_id_ptr; \ |
| jops->oo_object_size = _object_size; \ |
| jops->oo_find_init_pp_ptr = _find_init_pp_ptr; \ |
| jops->oo_find_pp = _find_pp; \ |
| jops->oo_max_object_count = _max_object_count; \ |
| jops->oo_object_count_ptr = _object_count_ptr; \ |
| } |
| |
| #define KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \ |
| _key_attribute_count, _key_object_id_ptr, _private_key_template, \ |
| _private_key_attribute_count, _private_key_object_id_ptr, \ |
| _key, _wrapped_key, _wrapped_key_len_ptr) { \ |
| kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_KEY; \ |
| (req)->rp_optype = ftype; \ |
| kops->ko_sid = _sid; \ |
| if (mechp != NULL) { \ |
| kops->ko_mech = *mechp; \ |
| kops->ko_framework_mechtype = mechp->cm_type; \ |
| } \ |
| kops->ko_key_template = _key_template; \ |
| kops->ko_key_attribute_count = _key_attribute_count; \ |
| kops->ko_key_object_id_ptr = _key_object_id_ptr; \ |
| kops->ko_private_key_template = _private_key_template; \ |
| kops->ko_private_key_attribute_count = _private_key_attribute_count; \ |
| kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \ |
| kops->ko_key = _key; \ |
| kops->ko_wrapped_key = _wrapped_key; \ |
| kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr; \ |
| } |
| |
| #define KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin, \ |
| _old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) { \ |
| kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_PROVMGMT; \ |
| (req)->rp_optype = ftype; \ |
| pops->po_sid = _sid; \ |
| pops->po_pin = _pin; \ |
| pops->po_pin_len = _pin_len; \ |
| pops->po_old_pin = _old_pin; \ |
| pops->po_old_pin_len = _old_pin_len; \ |
| pops->po_label = _label; \ |
| pops->po_ext_info = _ext_info; \ |
| pops->po_pd = _pd; \ |
| } |
| |
| #define KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech, \ |
| _key_template, _key_attribute_count, _private_key_template, \ |
| _private_key_attribute_count, _key, _out_template1, \ |
| _out_attribute_count1, _out_template2, _out_attribute_count2) { \ |
| kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ |
| crypto_mechanism_t *mechp = _mech; \ |
| \ |
| (req)->rp_opgrp = KCF_OG_NOSTORE_KEY; \ |
| (req)->rp_optype = ftype; \ |
| kops->ko_sid = _sid; \ |
| if (mechp != NULL) { \ |
| kops->ko_mech = *mechp; \ |
| kops->ko_framework_mechtype = mechp->cm_type; \ |
| } \ |
| kops->ko_key_template = _key_template; \ |
| kops->ko_key_attribute_count = _key_attribute_count; \ |
| kops->ko_key_object_id_ptr = NULL; \ |
| kops->ko_private_key_template = _private_key_template; \ |
| kops->ko_private_key_attribute_count = _private_key_attribute_count; \ |
| kops->ko_private_key_object_id_ptr = NULL; \ |
| kops->ko_key = _key; \ |
| kops->ko_wrapped_key = NULL; \ |
| kops->ko_wrapped_key_len_ptr = 0; \ |
| kops->ko_out_template1 = _out_template1; \ |
| kops->ko_out_template2 = _out_template2; \ |
| kops->ko_out_attribute_count1 = _out_attribute_count1; \ |
| kops->ko_out_attribute_count2 = _out_attribute_count2; \ |
| } |
| |
| #define KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp) \ |
| (mechp)->cm_type = \ |
| KCF_TO_PROV_MECHNUM(pd, fmtype); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* _SYS_CRYPTO_OPS_IMPL_H */ |