10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 51920Smcpowers * Common Development and Distribution License (the "License"). 61920Smcpowers * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*7882SBhargava.Yenduri@Sun.COM * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #ifndef _SYS_CRYPTO_OPS_IMPL_H 270Sstevel@tonic-gate #define _SYS_CRYPTO_OPS_IMPL_H 280Sstevel@tonic-gate 290Sstevel@tonic-gate /* 300Sstevel@tonic-gate * Scheduler internal structures. 310Sstevel@tonic-gate */ 320Sstevel@tonic-gate 330Sstevel@tonic-gate #ifdef __cplusplus 340Sstevel@tonic-gate extern "C" { 350Sstevel@tonic-gate #endif 360Sstevel@tonic-gate 370Sstevel@tonic-gate #include <sys/types.h> 380Sstevel@tonic-gate #include <sys/mutex.h> 390Sstevel@tonic-gate #include <sys/condvar.h> 400Sstevel@tonic-gate #include <sys/crypto/api.h> 410Sstevel@tonic-gate #include <sys/crypto/spi.h> 420Sstevel@tonic-gate #include <sys/crypto/impl.h> 430Sstevel@tonic-gate #include <sys/crypto/common.h> 440Sstevel@tonic-gate 450Sstevel@tonic-gate /* 460Sstevel@tonic-gate * The parameters needed for each function group are batched 470Sstevel@tonic-gate * in one structure. This is much simpler than having a 480Sstevel@tonic-gate * separate structure for each function. 490Sstevel@tonic-gate * 500Sstevel@tonic-gate * In some cases, a field is generically named to keep the 510Sstevel@tonic-gate * structure small. The comments indicate these cases. 520Sstevel@tonic-gate */ 530Sstevel@tonic-gate typedef struct kcf_digest_ops_params { 540Sstevel@tonic-gate crypto_session_id_t do_sid; 550Sstevel@tonic-gate crypto_mech_type_t do_framework_mechtype; 560Sstevel@tonic-gate crypto_mechanism_t do_mech; 570Sstevel@tonic-gate crypto_data_t *do_data; 580Sstevel@tonic-gate crypto_data_t *do_digest; 590Sstevel@tonic-gate crypto_key_t *do_digest_key; /* Argument for digest_key() */ 600Sstevel@tonic-gate } kcf_digest_ops_params_t; 610Sstevel@tonic-gate 620Sstevel@tonic-gate typedef struct kcf_mac_ops_params { 630Sstevel@tonic-gate crypto_session_id_t mo_sid; 640Sstevel@tonic-gate crypto_mech_type_t mo_framework_mechtype; 650Sstevel@tonic-gate crypto_mechanism_t mo_mech; 660Sstevel@tonic-gate crypto_key_t *mo_key; 670Sstevel@tonic-gate crypto_data_t *mo_data; 680Sstevel@tonic-gate crypto_data_t *mo_mac; 690Sstevel@tonic-gate crypto_spi_ctx_template_t mo_templ; 700Sstevel@tonic-gate } kcf_mac_ops_params_t; 710Sstevel@tonic-gate 720Sstevel@tonic-gate typedef struct kcf_encrypt_ops_params { 730Sstevel@tonic-gate crypto_session_id_t eo_sid; 740Sstevel@tonic-gate crypto_mech_type_t eo_framework_mechtype; 750Sstevel@tonic-gate crypto_mechanism_t eo_mech; 760Sstevel@tonic-gate crypto_key_t *eo_key; 770Sstevel@tonic-gate crypto_data_t *eo_plaintext; 780Sstevel@tonic-gate crypto_data_t *eo_ciphertext; 790Sstevel@tonic-gate crypto_spi_ctx_template_t eo_templ; 800Sstevel@tonic-gate } kcf_encrypt_ops_params_t; 810Sstevel@tonic-gate 820Sstevel@tonic-gate typedef struct kcf_decrypt_ops_params { 830Sstevel@tonic-gate crypto_session_id_t dop_sid; 840Sstevel@tonic-gate crypto_mech_type_t dop_framework_mechtype; 850Sstevel@tonic-gate crypto_mechanism_t dop_mech; 860Sstevel@tonic-gate crypto_key_t *dop_key; 870Sstevel@tonic-gate crypto_data_t *dop_ciphertext; 880Sstevel@tonic-gate crypto_data_t *dop_plaintext; 890Sstevel@tonic-gate crypto_spi_ctx_template_t dop_templ; 900Sstevel@tonic-gate } kcf_decrypt_ops_params_t; 910Sstevel@tonic-gate 920Sstevel@tonic-gate typedef struct kcf_sign_ops_params { 930Sstevel@tonic-gate crypto_session_id_t so_sid; 940Sstevel@tonic-gate crypto_mech_type_t so_framework_mechtype; 950Sstevel@tonic-gate crypto_mechanism_t so_mech; 960Sstevel@tonic-gate crypto_key_t *so_key; 970Sstevel@tonic-gate crypto_data_t *so_data; 980Sstevel@tonic-gate crypto_data_t *so_signature; 990Sstevel@tonic-gate crypto_spi_ctx_template_t so_templ; 1000Sstevel@tonic-gate } kcf_sign_ops_params_t; 1010Sstevel@tonic-gate 1020Sstevel@tonic-gate typedef struct kcf_verify_ops_params { 1030Sstevel@tonic-gate crypto_session_id_t vo_sid; 1040Sstevel@tonic-gate crypto_mech_type_t vo_framework_mechtype; 1050Sstevel@tonic-gate crypto_mechanism_t vo_mech; 1060Sstevel@tonic-gate crypto_key_t *vo_key; 1070Sstevel@tonic-gate crypto_data_t *vo_data; 1080Sstevel@tonic-gate crypto_data_t *vo_signature; 1090Sstevel@tonic-gate crypto_spi_ctx_template_t vo_templ; 1100Sstevel@tonic-gate } kcf_verify_ops_params_t; 1110Sstevel@tonic-gate 1120Sstevel@tonic-gate typedef struct kcf_encrypt_mac_ops_params { 1130Sstevel@tonic-gate crypto_session_id_t em_sid; 1140Sstevel@tonic-gate crypto_mech_type_t em_framework_encr_mechtype; 1150Sstevel@tonic-gate crypto_mechanism_t em_encr_mech; 1160Sstevel@tonic-gate crypto_key_t *em_encr_key; 1170Sstevel@tonic-gate crypto_mech_type_t em_framework_mac_mechtype; 1180Sstevel@tonic-gate crypto_mechanism_t em_mac_mech; 1190Sstevel@tonic-gate crypto_key_t *em_mac_key; 1200Sstevel@tonic-gate crypto_data_t *em_plaintext; 1210Sstevel@tonic-gate crypto_dual_data_t *em_ciphertext; 1220Sstevel@tonic-gate crypto_data_t *em_mac; 1230Sstevel@tonic-gate crypto_spi_ctx_template_t em_encr_templ; 1240Sstevel@tonic-gate crypto_spi_ctx_template_t em_mac_templ; 1250Sstevel@tonic-gate } kcf_encrypt_mac_ops_params_t; 1260Sstevel@tonic-gate 1270Sstevel@tonic-gate typedef struct kcf_mac_decrypt_ops_params { 1280Sstevel@tonic-gate crypto_session_id_t md_sid; 1290Sstevel@tonic-gate crypto_mech_type_t md_framework_mac_mechtype; 1300Sstevel@tonic-gate crypto_mechanism_t md_mac_mech; 1310Sstevel@tonic-gate crypto_key_t *md_mac_key; 1320Sstevel@tonic-gate crypto_mech_type_t md_framework_decr_mechtype; 1330Sstevel@tonic-gate crypto_mechanism_t md_decr_mech; 1340Sstevel@tonic-gate crypto_key_t *md_decr_key; 1350Sstevel@tonic-gate crypto_dual_data_t *md_ciphertext; 1360Sstevel@tonic-gate crypto_data_t *md_mac; 1370Sstevel@tonic-gate crypto_data_t *md_plaintext; 1380Sstevel@tonic-gate crypto_spi_ctx_template_t md_mac_templ; 1390Sstevel@tonic-gate crypto_spi_ctx_template_t md_decr_templ; 1400Sstevel@tonic-gate } kcf_mac_decrypt_ops_params_t; 1410Sstevel@tonic-gate 1420Sstevel@tonic-gate typedef struct kcf_random_number_ops_params { 1430Sstevel@tonic-gate crypto_session_id_t rn_sid; 1440Sstevel@tonic-gate uchar_t *rn_buf; 1450Sstevel@tonic-gate size_t rn_buflen; 1461920Smcpowers uint_t rn_entropy_est; 1471920Smcpowers uint32_t rn_flags; 1480Sstevel@tonic-gate } kcf_random_number_ops_params_t; 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate /* 1510Sstevel@tonic-gate * so_pd is useful when the provider descriptor (pd) supplying the 1520Sstevel@tonic-gate * provider handle is different from the pd supplying the ops vector. 1530Sstevel@tonic-gate * This is the case for session open/close where so_pd can be the pd 1540Sstevel@tonic-gate * of a logical provider. The pd supplying the ops vector is passed 1550Sstevel@tonic-gate * as an argument to kcf_submit_request(). 1560Sstevel@tonic-gate */ 1570Sstevel@tonic-gate typedef struct kcf_session_ops_params { 1580Sstevel@tonic-gate crypto_session_id_t *so_sid_ptr; 1590Sstevel@tonic-gate crypto_session_id_t so_sid; 1600Sstevel@tonic-gate crypto_user_type_t so_user_type; 1610Sstevel@tonic-gate char *so_pin; 1620Sstevel@tonic-gate size_t so_pin_len; 1630Sstevel@tonic-gate kcf_provider_desc_t *so_pd; 1640Sstevel@tonic-gate } kcf_session_ops_params_t; 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate typedef struct kcf_object_ops_params { 1670Sstevel@tonic-gate crypto_session_id_t oo_sid; 1680Sstevel@tonic-gate crypto_object_id_t oo_object_id; 1690Sstevel@tonic-gate crypto_object_attribute_t *oo_template; 1700Sstevel@tonic-gate uint_t oo_attribute_count; 1710Sstevel@tonic-gate crypto_object_id_t *oo_object_id_ptr; 1720Sstevel@tonic-gate size_t *oo_object_size; 1730Sstevel@tonic-gate void **oo_find_init_pp_ptr; 1740Sstevel@tonic-gate void *oo_find_pp; 1750Sstevel@tonic-gate uint_t oo_max_object_count; 1760Sstevel@tonic-gate uint_t *oo_object_count_ptr; 1770Sstevel@tonic-gate } kcf_object_ops_params_t; 1780Sstevel@tonic-gate 1790Sstevel@tonic-gate /* 1800Sstevel@tonic-gate * ko_key is used to encode wrapping key in key_wrap() and 1810Sstevel@tonic-gate * unwrapping key in key_unwrap(). ko_key_template and 1820Sstevel@tonic-gate * ko_key_attribute_count are used to encode public template 1830Sstevel@tonic-gate * and public template attr count in key_generate_pair(). 1840Sstevel@tonic-gate * kops->ko_key_object_id_ptr is used to encode public key 1850Sstevel@tonic-gate * in key_generate_pair(). 1860Sstevel@tonic-gate */ 1870Sstevel@tonic-gate typedef struct kcf_key_ops_params { 1880Sstevel@tonic-gate crypto_session_id_t ko_sid; 1890Sstevel@tonic-gate crypto_mech_type_t ko_framework_mechtype; 1900Sstevel@tonic-gate crypto_mechanism_t ko_mech; 1910Sstevel@tonic-gate crypto_object_attribute_t *ko_key_template; 1920Sstevel@tonic-gate uint_t ko_key_attribute_count; 1930Sstevel@tonic-gate crypto_object_id_t *ko_key_object_id_ptr; 1940Sstevel@tonic-gate crypto_object_attribute_t *ko_private_key_template; 1950Sstevel@tonic-gate uint_t ko_private_key_attribute_count; 1960Sstevel@tonic-gate crypto_object_id_t *ko_private_key_object_id_ptr; 1970Sstevel@tonic-gate crypto_key_t *ko_key; 1980Sstevel@tonic-gate uchar_t *ko_wrapped_key; 1990Sstevel@tonic-gate size_t *ko_wrapped_key_len_ptr; 2004219Smcpowers crypto_object_attribute_t *ko_out_template1; 2014219Smcpowers crypto_object_attribute_t *ko_out_template2; 2024219Smcpowers uint_t ko_out_attribute_count1; 2034219Smcpowers uint_t ko_out_attribute_count2; 2040Sstevel@tonic-gate } kcf_key_ops_params_t; 2050Sstevel@tonic-gate 2060Sstevel@tonic-gate /* 2070Sstevel@tonic-gate * po_pin and po_pin_len are used to encode new_pin and new_pin_len 2080Sstevel@tonic-gate * when wrapping set_pin() function parameters. 2090Sstevel@tonic-gate * 2100Sstevel@tonic-gate * po_pd is useful when the provider descriptor (pd) supplying the 2110Sstevel@tonic-gate * provider handle is different from the pd supplying the ops vector. 2120Sstevel@tonic-gate * This is true for the ext_info provider entry point where po_pd 2130Sstevel@tonic-gate * can be the pd of a logical provider. The pd supplying the ops vector 2140Sstevel@tonic-gate * is passed as an argument to kcf_submit_request(). 2150Sstevel@tonic-gate */ 2160Sstevel@tonic-gate typedef struct kcf_provmgmt_ops_params { 2170Sstevel@tonic-gate crypto_session_id_t po_sid; 2180Sstevel@tonic-gate char *po_pin; 2190Sstevel@tonic-gate size_t po_pin_len; 2200Sstevel@tonic-gate char *po_old_pin; 2210Sstevel@tonic-gate size_t po_old_pin_len; 2220Sstevel@tonic-gate char *po_label; 2230Sstevel@tonic-gate crypto_provider_ext_info_t *po_ext_info; 2240Sstevel@tonic-gate kcf_provider_desc_t *po_pd; 2250Sstevel@tonic-gate } kcf_provmgmt_ops_params_t; 2260Sstevel@tonic-gate 2270Sstevel@tonic-gate /* 2280Sstevel@tonic-gate * The operation type within a function group. 2290Sstevel@tonic-gate */ 2300Sstevel@tonic-gate typedef enum kcf_op_type { 2310Sstevel@tonic-gate /* common ops for all mechanisms */ 2320Sstevel@tonic-gate KCF_OP_INIT = 1, 2330Sstevel@tonic-gate KCF_OP_SINGLE, /* pkcs11 sense. So, INIT is already done */ 2340Sstevel@tonic-gate KCF_OP_UPDATE, 2350Sstevel@tonic-gate KCF_OP_FINAL, 2360Sstevel@tonic-gate KCF_OP_ATOMIC, 2370Sstevel@tonic-gate 2380Sstevel@tonic-gate /* digest_key op */ 2390Sstevel@tonic-gate KCF_OP_DIGEST_KEY, 2400Sstevel@tonic-gate 2410Sstevel@tonic-gate /* mac specific op */ 2420Sstevel@tonic-gate KCF_OP_MAC_VERIFY_ATOMIC, 2430Sstevel@tonic-gate 2440Sstevel@tonic-gate /* mac/cipher specific op */ 2450Sstevel@tonic-gate KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC, 2460Sstevel@tonic-gate 2470Sstevel@tonic-gate /* sign_recover ops */ 2480Sstevel@tonic-gate KCF_OP_SIGN_RECOVER_INIT, 2490Sstevel@tonic-gate KCF_OP_SIGN_RECOVER, 2500Sstevel@tonic-gate KCF_OP_SIGN_RECOVER_ATOMIC, 2510Sstevel@tonic-gate 2520Sstevel@tonic-gate /* verify_recover ops */ 2530Sstevel@tonic-gate KCF_OP_VERIFY_RECOVER_INIT, 2540Sstevel@tonic-gate KCF_OP_VERIFY_RECOVER, 2550Sstevel@tonic-gate KCF_OP_VERIFY_RECOVER_ATOMIC, 2560Sstevel@tonic-gate 2570Sstevel@tonic-gate /* random number ops */ 2580Sstevel@tonic-gate KCF_OP_RANDOM_SEED, 2590Sstevel@tonic-gate KCF_OP_RANDOM_GENERATE, 2600Sstevel@tonic-gate 2610Sstevel@tonic-gate /* session management ops */ 2620Sstevel@tonic-gate KCF_OP_SESSION_OPEN, 2630Sstevel@tonic-gate KCF_OP_SESSION_CLOSE, 2640Sstevel@tonic-gate KCF_OP_SESSION_LOGIN, 2650Sstevel@tonic-gate KCF_OP_SESSION_LOGOUT, 2660Sstevel@tonic-gate 2670Sstevel@tonic-gate /* object management ops */ 2680Sstevel@tonic-gate KCF_OP_OBJECT_CREATE, 2690Sstevel@tonic-gate KCF_OP_OBJECT_COPY, 2700Sstevel@tonic-gate KCF_OP_OBJECT_DESTROY, 2710Sstevel@tonic-gate KCF_OP_OBJECT_GET_SIZE, 2720Sstevel@tonic-gate KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE, 2730Sstevel@tonic-gate KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE, 2740Sstevel@tonic-gate KCF_OP_OBJECT_FIND_INIT, 2750Sstevel@tonic-gate KCF_OP_OBJECT_FIND, 2760Sstevel@tonic-gate KCF_OP_OBJECT_FIND_FINAL, 2770Sstevel@tonic-gate 2780Sstevel@tonic-gate /* key management ops */ 2790Sstevel@tonic-gate KCF_OP_KEY_GENERATE, 2800Sstevel@tonic-gate KCF_OP_KEY_GENERATE_PAIR, 2810Sstevel@tonic-gate KCF_OP_KEY_WRAP, 2820Sstevel@tonic-gate KCF_OP_KEY_UNWRAP, 2830Sstevel@tonic-gate KCF_OP_KEY_DERIVE, 2840Sstevel@tonic-gate KCF_OP_KEY_CHECK, 2850Sstevel@tonic-gate 2860Sstevel@tonic-gate /* provider management ops */ 2870Sstevel@tonic-gate KCF_OP_MGMT_EXTINFO, 2880Sstevel@tonic-gate KCF_OP_MGMT_INITTOKEN, 2890Sstevel@tonic-gate KCF_OP_MGMT_INITPIN, 2900Sstevel@tonic-gate KCF_OP_MGMT_SETPIN 2910Sstevel@tonic-gate } kcf_op_type_t; 2920Sstevel@tonic-gate 2930Sstevel@tonic-gate /* 2940Sstevel@tonic-gate * The operation groups that need wrapping of parameters. This is somewhat 2950Sstevel@tonic-gate * similar to the function group type in spi.h except that this also includes 2960Sstevel@tonic-gate * all the functions that don't have a mechanism. 2970Sstevel@tonic-gate * 2980Sstevel@tonic-gate * The wrapper macros should never take these enum values as an argument. 2990Sstevel@tonic-gate * Rather, they are assigned in the macro itself since they are known 3000Sstevel@tonic-gate * from the macro name. 3010Sstevel@tonic-gate */ 3020Sstevel@tonic-gate typedef enum kcf_op_group { 3030Sstevel@tonic-gate KCF_OG_DIGEST = 1, 3040Sstevel@tonic-gate KCF_OG_MAC, 3050Sstevel@tonic-gate KCF_OG_ENCRYPT, 3060Sstevel@tonic-gate KCF_OG_DECRYPT, 3070Sstevel@tonic-gate KCF_OG_SIGN, 3080Sstevel@tonic-gate KCF_OG_VERIFY, 3090Sstevel@tonic-gate KCF_OG_ENCRYPT_MAC, 3100Sstevel@tonic-gate KCF_OG_MAC_DECRYPT, 3110Sstevel@tonic-gate KCF_OG_RANDOM, 3120Sstevel@tonic-gate KCF_OG_SESSION, 3130Sstevel@tonic-gate KCF_OG_OBJECT, 3140Sstevel@tonic-gate KCF_OG_KEY, 3154219Smcpowers KCF_OG_PROVMGMT, 3164219Smcpowers KCF_OG_NOSTORE_KEY 3170Sstevel@tonic-gate } kcf_op_group_t; 3180Sstevel@tonic-gate 3190Sstevel@tonic-gate /* 3200Sstevel@tonic-gate * The kcf_op_type_t enum values used here should be only for those 3210Sstevel@tonic-gate * operations for which there is a k-api routine in sys/crypto/api.h. 3220Sstevel@tonic-gate */ 3230Sstevel@tonic-gate #define IS_INIT_OP(ftype) ((ftype) == KCF_OP_INIT) 3240Sstevel@tonic-gate #define IS_SINGLE_OP(ftype) ((ftype) == KCF_OP_SINGLE) 3250Sstevel@tonic-gate #define IS_UPDATE_OP(ftype) ((ftype) == KCF_OP_UPDATE) 3260Sstevel@tonic-gate #define IS_FINAL_OP(ftype) ((ftype) == KCF_OP_FINAL) 3270Sstevel@tonic-gate #define IS_ATOMIC_OP(ftype) ( \ 3280Sstevel@tonic-gate (ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \ 3290Sstevel@tonic-gate (ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \ 3300Sstevel@tonic-gate (ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \ 3310Sstevel@tonic-gate (ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC) 3320Sstevel@tonic-gate 3330Sstevel@tonic-gate /* 3340Sstevel@tonic-gate * Keep the parameters associated with a request around. 3350Sstevel@tonic-gate * We need to pass them to the SPI. 3360Sstevel@tonic-gate */ 3370Sstevel@tonic-gate typedef struct kcf_req_params { 3380Sstevel@tonic-gate kcf_op_group_t rp_opgrp; 3390Sstevel@tonic-gate kcf_op_type_t rp_optype; 3400Sstevel@tonic-gate 3410Sstevel@tonic-gate union { 3420Sstevel@tonic-gate kcf_digest_ops_params_t digest_params; 3430Sstevel@tonic-gate kcf_mac_ops_params_t mac_params; 3440Sstevel@tonic-gate kcf_encrypt_ops_params_t encrypt_params; 3450Sstevel@tonic-gate kcf_decrypt_ops_params_t decrypt_params; 3460Sstevel@tonic-gate kcf_sign_ops_params_t sign_params; 3470Sstevel@tonic-gate kcf_verify_ops_params_t verify_params; 3480Sstevel@tonic-gate kcf_encrypt_mac_ops_params_t encrypt_mac_params; 3490Sstevel@tonic-gate kcf_mac_decrypt_ops_params_t mac_decrypt_params; 3500Sstevel@tonic-gate kcf_random_number_ops_params_t random_number_params; 3510Sstevel@tonic-gate kcf_session_ops_params_t session_params; 3520Sstevel@tonic-gate kcf_object_ops_params_t object_params; 3530Sstevel@tonic-gate kcf_key_ops_params_t key_params; 3540Sstevel@tonic-gate kcf_provmgmt_ops_params_t provmgmt_params; 3550Sstevel@tonic-gate } rp_u; 3560Sstevel@tonic-gate } kcf_req_params_t; 3570Sstevel@tonic-gate 3580Sstevel@tonic-gate 3590Sstevel@tonic-gate /* 3600Sstevel@tonic-gate * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t 3610Sstevel@tonic-gate * structure before calling a scheduler routine. The following macros are 3620Sstevel@tonic-gate * available for that purpose. 3630Sstevel@tonic-gate * 3640Sstevel@tonic-gate * For the most part, the macro arguments closely correspond to the 3650Sstevel@tonic-gate * function parameters. In some cases, we use generic names. The comments 3660Sstevel@tonic-gate * for the structure should indicate these cases. 3670Sstevel@tonic-gate */ 3680Sstevel@tonic-gate #define KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 3690Sstevel@tonic-gate _data, _digest) { \ 3700Sstevel@tonic-gate kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params; \ 371*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 3720Sstevel@tonic-gate \ 3730Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_DIGEST; \ 3740Sstevel@tonic-gate (req)->rp_optype = ftype; \ 3750Sstevel@tonic-gate dops->do_sid = _sid; \ 376*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 377*7882SBhargava.Yenduri@Sun.COM dops->do_mech = *mechp; \ 378*7882SBhargava.Yenduri@Sun.COM dops->do_framework_mechtype = mechp->cm_type; \ 379*7882SBhargava.Yenduri@Sun.COM } \ 3800Sstevel@tonic-gate dops->do_digest_key = _key; \ 3810Sstevel@tonic-gate dops->do_data = _data; \ 3820Sstevel@tonic-gate dops->do_digest = _digest; \ 3830Sstevel@tonic-gate } 3840Sstevel@tonic-gate 3850Sstevel@tonic-gate #define KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 3860Sstevel@tonic-gate _data, _mac, _templ) { \ 3870Sstevel@tonic-gate kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params; \ 388*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 3890Sstevel@tonic-gate \ 3900Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_MAC; \ 3910Sstevel@tonic-gate (req)->rp_optype = ftype; \ 3920Sstevel@tonic-gate mops->mo_sid = _sid; \ 393*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 394*7882SBhargava.Yenduri@Sun.COM mops->mo_mech = *mechp; \ 395*7882SBhargava.Yenduri@Sun.COM mops->mo_framework_mechtype = mechp->cm_type; \ 396*7882SBhargava.Yenduri@Sun.COM } \ 3970Sstevel@tonic-gate mops->mo_key = _key; \ 3980Sstevel@tonic-gate mops->mo_data = _data; \ 3990Sstevel@tonic-gate mops->mo_mac = _mac; \ 4000Sstevel@tonic-gate mops->mo_templ = _templ; \ 4010Sstevel@tonic-gate } 4020Sstevel@tonic-gate 4030Sstevel@tonic-gate #define KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 4040Sstevel@tonic-gate _plaintext, _ciphertext, _templ) { \ 4050Sstevel@tonic-gate kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params; \ 406*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 4070Sstevel@tonic-gate \ 4080Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_ENCRYPT; \ 4090Sstevel@tonic-gate (req)->rp_optype = ftype; \ 4100Sstevel@tonic-gate cops->eo_sid = _sid; \ 411*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 412*7882SBhargava.Yenduri@Sun.COM cops->eo_mech = *mechp; \ 413*7882SBhargava.Yenduri@Sun.COM cops->eo_framework_mechtype = mechp->cm_type; \ 414*7882SBhargava.Yenduri@Sun.COM } \ 4150Sstevel@tonic-gate cops->eo_key = _key; \ 4160Sstevel@tonic-gate cops->eo_plaintext = _plaintext; \ 4170Sstevel@tonic-gate cops->eo_ciphertext = _ciphertext; \ 4180Sstevel@tonic-gate cops->eo_templ = _templ; \ 4190Sstevel@tonic-gate } 4200Sstevel@tonic-gate 4210Sstevel@tonic-gate #define KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 4220Sstevel@tonic-gate _ciphertext, _plaintext, _templ) { \ 4230Sstevel@tonic-gate kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params; \ 424*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 4250Sstevel@tonic-gate \ 4260Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_DECRYPT; \ 4270Sstevel@tonic-gate (req)->rp_optype = ftype; \ 4280Sstevel@tonic-gate cops->dop_sid = _sid; \ 429*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 430*7882SBhargava.Yenduri@Sun.COM cops->dop_mech = *mechp; \ 431*7882SBhargava.Yenduri@Sun.COM cops->dop_framework_mechtype = mechp->cm_type; \ 432*7882SBhargava.Yenduri@Sun.COM } \ 4330Sstevel@tonic-gate cops->dop_key = _key; \ 4340Sstevel@tonic-gate cops->dop_ciphertext = _ciphertext; \ 4350Sstevel@tonic-gate cops->dop_plaintext = _plaintext; \ 4360Sstevel@tonic-gate cops->dop_templ = _templ; \ 4370Sstevel@tonic-gate } 4380Sstevel@tonic-gate 4390Sstevel@tonic-gate #define KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 4400Sstevel@tonic-gate _data, _signature, _templ) { \ 4410Sstevel@tonic-gate kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params; \ 442*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 4430Sstevel@tonic-gate \ 4440Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_SIGN; \ 4450Sstevel@tonic-gate (req)->rp_optype = ftype; \ 4460Sstevel@tonic-gate sops->so_sid = _sid; \ 447*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 448*7882SBhargava.Yenduri@Sun.COM sops->so_mech = *mechp; \ 449*7882SBhargava.Yenduri@Sun.COM sops->so_framework_mechtype = mechp->cm_type; \ 450*7882SBhargava.Yenduri@Sun.COM } \ 4510Sstevel@tonic-gate sops->so_key = _key; \ 4520Sstevel@tonic-gate sops->so_data = _data; \ 4530Sstevel@tonic-gate sops->so_signature = _signature; \ 4540Sstevel@tonic-gate sops->so_templ = _templ; \ 4550Sstevel@tonic-gate } 4560Sstevel@tonic-gate 4570Sstevel@tonic-gate #define KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key, \ 4580Sstevel@tonic-gate _data, _signature, _templ) { \ 4590Sstevel@tonic-gate kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params; \ 460*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 4610Sstevel@tonic-gate \ 4620Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_VERIFY; \ 4630Sstevel@tonic-gate (req)->rp_optype = ftype; \ 4640Sstevel@tonic-gate vops->vo_sid = _sid; \ 465*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 466*7882SBhargava.Yenduri@Sun.COM vops->vo_mech = *mechp; \ 467*7882SBhargava.Yenduri@Sun.COM vops->vo_framework_mechtype = mechp->cm_type; \ 468*7882SBhargava.Yenduri@Sun.COM } \ 4690Sstevel@tonic-gate vops->vo_key = _key; \ 4700Sstevel@tonic-gate vops->vo_data = _data; \ 4710Sstevel@tonic-gate vops->vo_signature = _signature; \ 4720Sstevel@tonic-gate vops->vo_templ = _templ; \ 4730Sstevel@tonic-gate } 4740Sstevel@tonic-gate 4750Sstevel@tonic-gate #define KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key, \ 4760Sstevel@tonic-gate _mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \ 4770Sstevel@tonic-gate kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \ 4780Sstevel@tonic-gate \ 4790Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_ENCRYPT_MAC; \ 4800Sstevel@tonic-gate (req)->rp_optype = ftype; \ 4810Sstevel@tonic-gate cmops->em_sid = _sid; \ 4820Sstevel@tonic-gate cmops->em_encr_key = _encr_key; \ 4830Sstevel@tonic-gate cmops->em_mac_key = _mac_key; \ 4840Sstevel@tonic-gate cmops->em_plaintext = _plaintext; \ 4850Sstevel@tonic-gate cmops->em_ciphertext = _ciphertext; \ 4860Sstevel@tonic-gate cmops->em_mac = _mac; \ 4870Sstevel@tonic-gate cmops->em_encr_templ = _encr_templ; \ 4880Sstevel@tonic-gate cmops->em_mac_templ = _mac_templ; \ 4890Sstevel@tonic-gate } 4900Sstevel@tonic-gate 4910Sstevel@tonic-gate #define KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key, \ 4920Sstevel@tonic-gate _decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \ 4930Sstevel@tonic-gate kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \ 4940Sstevel@tonic-gate \ 4950Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_MAC_DECRYPT; \ 4960Sstevel@tonic-gate (req)->rp_optype = ftype; \ 4970Sstevel@tonic-gate cmops->md_sid = _sid; \ 4980Sstevel@tonic-gate cmops->md_mac_key = _mac_key; \ 4990Sstevel@tonic-gate cmops->md_decr_key = _decr_key; \ 5000Sstevel@tonic-gate cmops->md_ciphertext = _ciphertext; \ 5010Sstevel@tonic-gate cmops->md_mac = _mac; \ 5020Sstevel@tonic-gate cmops->md_plaintext = _plaintext; \ 5030Sstevel@tonic-gate cmops->md_mac_templ = _mac_templ; \ 5040Sstevel@tonic-gate cmops->md_decr_templ = _decr_templ; \ 5050Sstevel@tonic-gate } 5060Sstevel@tonic-gate 5071920Smcpowers #define KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen, \ 5081920Smcpowers _est, _flags) { \ 5090Sstevel@tonic-gate kcf_random_number_ops_params_t *rops = \ 5100Sstevel@tonic-gate &(req)->rp_u.random_number_params; \ 5110Sstevel@tonic-gate \ 5120Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_RANDOM; \ 5130Sstevel@tonic-gate (req)->rp_optype = ftype; \ 5140Sstevel@tonic-gate rops->rn_sid = _sid; \ 5150Sstevel@tonic-gate rops->rn_buf = _buf; \ 5160Sstevel@tonic-gate rops->rn_buflen = _buflen; \ 5171920Smcpowers rops->rn_entropy_est = _est; \ 5181920Smcpowers rops->rn_flags = _flags; \ 5190Sstevel@tonic-gate } 5200Sstevel@tonic-gate 5210Sstevel@tonic-gate #define KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid, \ 5220Sstevel@tonic-gate _user_type, _pin, _pin_len, _pd) { \ 5230Sstevel@tonic-gate kcf_session_ops_params_t *sops = &(req)->rp_u.session_params; \ 5240Sstevel@tonic-gate \ 5250Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_SESSION; \ 5260Sstevel@tonic-gate (req)->rp_optype = ftype; \ 5270Sstevel@tonic-gate sops->so_sid_ptr = _sid_ptr; \ 5280Sstevel@tonic-gate sops->so_sid = _sid; \ 5290Sstevel@tonic-gate sops->so_user_type = _user_type; \ 5300Sstevel@tonic-gate sops->so_pin = _pin; \ 5310Sstevel@tonic-gate sops->so_pin_len = _pin_len; \ 5320Sstevel@tonic-gate sops->so_pd = _pd; \ 5330Sstevel@tonic-gate } 5340Sstevel@tonic-gate 5350Sstevel@tonic-gate #define KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id, \ 5360Sstevel@tonic-gate _template, _attribute_count, _object_id_ptr, _object_size, \ 5370Sstevel@tonic-gate _find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \ 5380Sstevel@tonic-gate kcf_object_ops_params_t *jops = &(req)->rp_u.object_params; \ 5390Sstevel@tonic-gate \ 5400Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_OBJECT; \ 5410Sstevel@tonic-gate (req)->rp_optype = ftype; \ 5420Sstevel@tonic-gate jops->oo_sid = _sid; \ 5430Sstevel@tonic-gate jops->oo_object_id = _object_id; \ 5440Sstevel@tonic-gate jops->oo_template = _template; \ 5450Sstevel@tonic-gate jops->oo_attribute_count = _attribute_count; \ 5460Sstevel@tonic-gate jops->oo_object_id_ptr = _object_id_ptr; \ 5470Sstevel@tonic-gate jops->oo_object_size = _object_size; \ 5480Sstevel@tonic-gate jops->oo_find_init_pp_ptr = _find_init_pp_ptr; \ 5490Sstevel@tonic-gate jops->oo_find_pp = _find_pp; \ 5500Sstevel@tonic-gate jops->oo_max_object_count = _max_object_count; \ 5510Sstevel@tonic-gate jops->oo_object_count_ptr = _object_count_ptr; \ 5520Sstevel@tonic-gate } 5530Sstevel@tonic-gate 5540Sstevel@tonic-gate #define KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \ 5550Sstevel@tonic-gate _key_attribute_count, _key_object_id_ptr, _private_key_template, \ 5560Sstevel@tonic-gate _private_key_attribute_count, _private_key_object_id_ptr, \ 5570Sstevel@tonic-gate _key, _wrapped_key, _wrapped_key_len_ptr) { \ 5580Sstevel@tonic-gate kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 559*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 5600Sstevel@tonic-gate \ 5610Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_KEY; \ 5620Sstevel@tonic-gate (req)->rp_optype = ftype; \ 5630Sstevel@tonic-gate kops->ko_sid = _sid; \ 564*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 565*7882SBhargava.Yenduri@Sun.COM kops->ko_mech = *mechp; \ 566*7882SBhargava.Yenduri@Sun.COM kops->ko_framework_mechtype = mechp->cm_type; \ 567*7882SBhargava.Yenduri@Sun.COM } \ 5680Sstevel@tonic-gate kops->ko_key_template = _key_template; \ 5690Sstevel@tonic-gate kops->ko_key_attribute_count = _key_attribute_count; \ 5700Sstevel@tonic-gate kops->ko_key_object_id_ptr = _key_object_id_ptr; \ 5710Sstevel@tonic-gate kops->ko_private_key_template = _private_key_template; \ 5720Sstevel@tonic-gate kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 5730Sstevel@tonic-gate kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \ 5740Sstevel@tonic-gate kops->ko_key = _key; \ 5750Sstevel@tonic-gate kops->ko_wrapped_key = _wrapped_key; \ 5760Sstevel@tonic-gate kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr; \ 5770Sstevel@tonic-gate } 5780Sstevel@tonic-gate 5790Sstevel@tonic-gate #define KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin, \ 5800Sstevel@tonic-gate _old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) { \ 5810Sstevel@tonic-gate kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params; \ 5820Sstevel@tonic-gate \ 5830Sstevel@tonic-gate (req)->rp_opgrp = KCF_OG_PROVMGMT; \ 5840Sstevel@tonic-gate (req)->rp_optype = ftype; \ 5850Sstevel@tonic-gate pops->po_sid = _sid; \ 5860Sstevel@tonic-gate pops->po_pin = _pin; \ 5870Sstevel@tonic-gate pops->po_pin_len = _pin_len; \ 5880Sstevel@tonic-gate pops->po_old_pin = _old_pin; \ 5890Sstevel@tonic-gate pops->po_old_pin_len = _old_pin_len; \ 5900Sstevel@tonic-gate pops->po_label = _label; \ 5910Sstevel@tonic-gate pops->po_ext_info = _ext_info; \ 5920Sstevel@tonic-gate pops->po_pd = _pd; \ 5930Sstevel@tonic-gate } 5940Sstevel@tonic-gate 5954219Smcpowers #define KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech, \ 5964219Smcpowers _key_template, _key_attribute_count, _private_key_template, \ 5974219Smcpowers _private_key_attribute_count, _key, _out_template1, \ 5984219Smcpowers _out_attribute_count1, _out_template2, _out_attribute_count2) { \ 5994219Smcpowers kcf_key_ops_params_t *kops = &(req)->rp_u.key_params; \ 600*7882SBhargava.Yenduri@Sun.COM crypto_mechanism_t *mechp = _mech; \ 6014219Smcpowers \ 6024219Smcpowers (req)->rp_opgrp = KCF_OG_NOSTORE_KEY; \ 6034219Smcpowers (req)->rp_optype = ftype; \ 6044219Smcpowers kops->ko_sid = _sid; \ 605*7882SBhargava.Yenduri@Sun.COM if (mechp != NULL) { \ 606*7882SBhargava.Yenduri@Sun.COM kops->ko_mech = *mechp; \ 607*7882SBhargava.Yenduri@Sun.COM kops->ko_framework_mechtype = mechp->cm_type; \ 608*7882SBhargava.Yenduri@Sun.COM } \ 6094219Smcpowers kops->ko_key_template = _key_template; \ 6104219Smcpowers kops->ko_key_attribute_count = _key_attribute_count; \ 6114219Smcpowers kops->ko_key_object_id_ptr = NULL; \ 6124219Smcpowers kops->ko_private_key_template = _private_key_template; \ 6134219Smcpowers kops->ko_private_key_attribute_count = _private_key_attribute_count; \ 6144219Smcpowers kops->ko_private_key_object_id_ptr = NULL; \ 6154219Smcpowers kops->ko_key = _key; \ 6164219Smcpowers kops->ko_wrapped_key = NULL; \ 6174219Smcpowers kops->ko_wrapped_key_len_ptr = 0; \ 6184219Smcpowers kops->ko_out_template1 = _out_template1; \ 6194219Smcpowers kops->ko_out_template2 = _out_template2; \ 6204219Smcpowers kops->ko_out_attribute_count1 = _out_attribute_count1; \ 6214219Smcpowers kops->ko_out_attribute_count2 = _out_attribute_count2; \ 6224219Smcpowers } 6234219Smcpowers 6240Sstevel@tonic-gate #define KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp) \ 6250Sstevel@tonic-gate (mechp)->cm_type = \ 6263708Skrishna KCF_TO_PROV_MECHNUM(pd, fmtype); 6270Sstevel@tonic-gate 6280Sstevel@tonic-gate #ifdef __cplusplus 6290Sstevel@tonic-gate } 6300Sstevel@tonic-gate #endif 6310Sstevel@tonic-gate 6320Sstevel@tonic-gate #endif /* _SYS_CRYPTO_OPS_IMPL_H */ 633