xref: /onnv-gate/usr/src/uts/common/sys/crypto/ops_impl.h (revision 7882:7c94281d10be)
10Sstevel@tonic-gate /*
20Sstevel@tonic-gate  * CDDL HEADER START
30Sstevel@tonic-gate  *
40Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
51920Smcpowers  * Common Development and Distribution License (the "License").
61920Smcpowers  * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate  *
80Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate  * See the License for the specific language governing permissions
110Sstevel@tonic-gate  * and limitations under the License.
120Sstevel@tonic-gate  *
130Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate  *
190Sstevel@tonic-gate  * CDDL HEADER END
200Sstevel@tonic-gate  */
210Sstevel@tonic-gate /*
22*7882SBhargava.Yenduri@Sun.COM  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
230Sstevel@tonic-gate  * Use is subject to license terms.
240Sstevel@tonic-gate  */
250Sstevel@tonic-gate 
260Sstevel@tonic-gate #ifndef _SYS_CRYPTO_OPS_IMPL_H
270Sstevel@tonic-gate #define	_SYS_CRYPTO_OPS_IMPL_H
280Sstevel@tonic-gate 
290Sstevel@tonic-gate /*
300Sstevel@tonic-gate  * Scheduler internal structures.
310Sstevel@tonic-gate  */
320Sstevel@tonic-gate 
330Sstevel@tonic-gate #ifdef __cplusplus
340Sstevel@tonic-gate extern "C" {
350Sstevel@tonic-gate #endif
360Sstevel@tonic-gate 
370Sstevel@tonic-gate #include <sys/types.h>
380Sstevel@tonic-gate #include <sys/mutex.h>
390Sstevel@tonic-gate #include <sys/condvar.h>
400Sstevel@tonic-gate #include <sys/crypto/api.h>
410Sstevel@tonic-gate #include <sys/crypto/spi.h>
420Sstevel@tonic-gate #include <sys/crypto/impl.h>
430Sstevel@tonic-gate #include <sys/crypto/common.h>
440Sstevel@tonic-gate 
450Sstevel@tonic-gate /*
460Sstevel@tonic-gate  * The parameters needed for each function group are batched
470Sstevel@tonic-gate  * in one structure. This is much simpler than having a
480Sstevel@tonic-gate  * separate structure for each function.
490Sstevel@tonic-gate  *
500Sstevel@tonic-gate  * In some cases, a field is generically named to keep the
510Sstevel@tonic-gate  * structure small. The comments indicate these cases.
520Sstevel@tonic-gate  */
530Sstevel@tonic-gate typedef struct kcf_digest_ops_params {
540Sstevel@tonic-gate 	crypto_session_id_t	do_sid;
550Sstevel@tonic-gate 	crypto_mech_type_t	do_framework_mechtype;
560Sstevel@tonic-gate 	crypto_mechanism_t	do_mech;
570Sstevel@tonic-gate 	crypto_data_t		*do_data;
580Sstevel@tonic-gate 	crypto_data_t		*do_digest;
590Sstevel@tonic-gate 	crypto_key_t		*do_digest_key;	/* Argument for digest_key() */
600Sstevel@tonic-gate } kcf_digest_ops_params_t;
610Sstevel@tonic-gate 
620Sstevel@tonic-gate typedef struct kcf_mac_ops_params {
630Sstevel@tonic-gate 	crypto_session_id_t		mo_sid;
640Sstevel@tonic-gate 	crypto_mech_type_t		mo_framework_mechtype;
650Sstevel@tonic-gate 	crypto_mechanism_t		mo_mech;
660Sstevel@tonic-gate 	crypto_key_t			*mo_key;
670Sstevel@tonic-gate 	crypto_data_t			*mo_data;
680Sstevel@tonic-gate 	crypto_data_t			*mo_mac;
690Sstevel@tonic-gate 	crypto_spi_ctx_template_t	mo_templ;
700Sstevel@tonic-gate } kcf_mac_ops_params_t;
710Sstevel@tonic-gate 
720Sstevel@tonic-gate typedef struct kcf_encrypt_ops_params {
730Sstevel@tonic-gate 	crypto_session_id_t		eo_sid;
740Sstevel@tonic-gate 	crypto_mech_type_t		eo_framework_mechtype;
750Sstevel@tonic-gate 	crypto_mechanism_t		eo_mech;
760Sstevel@tonic-gate 	crypto_key_t			*eo_key;
770Sstevel@tonic-gate 	crypto_data_t			*eo_plaintext;
780Sstevel@tonic-gate 	crypto_data_t			*eo_ciphertext;
790Sstevel@tonic-gate 	crypto_spi_ctx_template_t	eo_templ;
800Sstevel@tonic-gate } kcf_encrypt_ops_params_t;
810Sstevel@tonic-gate 
820Sstevel@tonic-gate typedef struct kcf_decrypt_ops_params {
830Sstevel@tonic-gate 	crypto_session_id_t		dop_sid;
840Sstevel@tonic-gate 	crypto_mech_type_t		dop_framework_mechtype;
850Sstevel@tonic-gate 	crypto_mechanism_t		dop_mech;
860Sstevel@tonic-gate 	crypto_key_t			*dop_key;
870Sstevel@tonic-gate 	crypto_data_t			*dop_ciphertext;
880Sstevel@tonic-gate 	crypto_data_t			*dop_plaintext;
890Sstevel@tonic-gate 	crypto_spi_ctx_template_t	dop_templ;
900Sstevel@tonic-gate } kcf_decrypt_ops_params_t;
910Sstevel@tonic-gate 
920Sstevel@tonic-gate typedef struct kcf_sign_ops_params {
930Sstevel@tonic-gate 	crypto_session_id_t		so_sid;
940Sstevel@tonic-gate 	crypto_mech_type_t		so_framework_mechtype;
950Sstevel@tonic-gate 	crypto_mechanism_t		so_mech;
960Sstevel@tonic-gate 	crypto_key_t			*so_key;
970Sstevel@tonic-gate 	crypto_data_t			*so_data;
980Sstevel@tonic-gate 	crypto_data_t			*so_signature;
990Sstevel@tonic-gate 	crypto_spi_ctx_template_t	so_templ;
1000Sstevel@tonic-gate } kcf_sign_ops_params_t;
1010Sstevel@tonic-gate 
1020Sstevel@tonic-gate typedef struct kcf_verify_ops_params {
1030Sstevel@tonic-gate 	crypto_session_id_t		vo_sid;
1040Sstevel@tonic-gate 	crypto_mech_type_t		vo_framework_mechtype;
1050Sstevel@tonic-gate 	crypto_mechanism_t		vo_mech;
1060Sstevel@tonic-gate 	crypto_key_t			*vo_key;
1070Sstevel@tonic-gate 	crypto_data_t			*vo_data;
1080Sstevel@tonic-gate 	crypto_data_t			*vo_signature;
1090Sstevel@tonic-gate 	crypto_spi_ctx_template_t	vo_templ;
1100Sstevel@tonic-gate } kcf_verify_ops_params_t;
1110Sstevel@tonic-gate 
1120Sstevel@tonic-gate typedef struct kcf_encrypt_mac_ops_params {
1130Sstevel@tonic-gate 	crypto_session_id_t 		em_sid;
1140Sstevel@tonic-gate 	crypto_mech_type_t		em_framework_encr_mechtype;
1150Sstevel@tonic-gate 	crypto_mechanism_t		em_encr_mech;
1160Sstevel@tonic-gate 	crypto_key_t			*em_encr_key;
1170Sstevel@tonic-gate 	crypto_mech_type_t		em_framework_mac_mechtype;
1180Sstevel@tonic-gate 	crypto_mechanism_t		em_mac_mech;
1190Sstevel@tonic-gate 	crypto_key_t			*em_mac_key;
1200Sstevel@tonic-gate 	crypto_data_t			*em_plaintext;
1210Sstevel@tonic-gate 	crypto_dual_data_t		*em_ciphertext;
1220Sstevel@tonic-gate 	crypto_data_t			*em_mac;
1230Sstevel@tonic-gate 	crypto_spi_ctx_template_t	em_encr_templ;
1240Sstevel@tonic-gate 	crypto_spi_ctx_template_t	em_mac_templ;
1250Sstevel@tonic-gate } kcf_encrypt_mac_ops_params_t;
1260Sstevel@tonic-gate 
1270Sstevel@tonic-gate typedef struct kcf_mac_decrypt_ops_params {
1280Sstevel@tonic-gate 	crypto_session_id_t 		md_sid;
1290Sstevel@tonic-gate 	crypto_mech_type_t		md_framework_mac_mechtype;
1300Sstevel@tonic-gate 	crypto_mechanism_t		md_mac_mech;
1310Sstevel@tonic-gate 	crypto_key_t			*md_mac_key;
1320Sstevel@tonic-gate 	crypto_mech_type_t		md_framework_decr_mechtype;
1330Sstevel@tonic-gate 	crypto_mechanism_t		md_decr_mech;
1340Sstevel@tonic-gate 	crypto_key_t			*md_decr_key;
1350Sstevel@tonic-gate 	crypto_dual_data_t		*md_ciphertext;
1360Sstevel@tonic-gate 	crypto_data_t			*md_mac;
1370Sstevel@tonic-gate 	crypto_data_t			*md_plaintext;
1380Sstevel@tonic-gate 	crypto_spi_ctx_template_t	md_mac_templ;
1390Sstevel@tonic-gate 	crypto_spi_ctx_template_t	md_decr_templ;
1400Sstevel@tonic-gate } kcf_mac_decrypt_ops_params_t;
1410Sstevel@tonic-gate 
1420Sstevel@tonic-gate typedef struct kcf_random_number_ops_params {
1430Sstevel@tonic-gate 	crypto_session_id_t	rn_sid;
1440Sstevel@tonic-gate 	uchar_t			*rn_buf;
1450Sstevel@tonic-gate 	size_t			rn_buflen;
1461920Smcpowers 	uint_t			rn_entropy_est;
1471920Smcpowers 	uint32_t		rn_flags;
1480Sstevel@tonic-gate } kcf_random_number_ops_params_t;
1490Sstevel@tonic-gate 
1500Sstevel@tonic-gate /*
1510Sstevel@tonic-gate  * so_pd is useful when the provider descriptor (pd) supplying the
1520Sstevel@tonic-gate  * provider handle is different from the pd supplying the ops vector.
1530Sstevel@tonic-gate  * This is the case for session open/close where so_pd can be the pd
1540Sstevel@tonic-gate  * of a logical provider. The pd supplying the ops vector is passed
1550Sstevel@tonic-gate  * as an argument to kcf_submit_request().
1560Sstevel@tonic-gate  */
1570Sstevel@tonic-gate typedef struct kcf_session_ops_params {
1580Sstevel@tonic-gate 	crypto_session_id_t	*so_sid_ptr;
1590Sstevel@tonic-gate 	crypto_session_id_t	so_sid;
1600Sstevel@tonic-gate 	crypto_user_type_t	so_user_type;
1610Sstevel@tonic-gate 	char			*so_pin;
1620Sstevel@tonic-gate 	size_t			so_pin_len;
1630Sstevel@tonic-gate 	kcf_provider_desc_t	*so_pd;
1640Sstevel@tonic-gate } kcf_session_ops_params_t;
1650Sstevel@tonic-gate 
1660Sstevel@tonic-gate typedef struct kcf_object_ops_params {
1670Sstevel@tonic-gate 	crypto_session_id_t		oo_sid;
1680Sstevel@tonic-gate 	crypto_object_id_t		oo_object_id;
1690Sstevel@tonic-gate 	crypto_object_attribute_t	*oo_template;
1700Sstevel@tonic-gate 	uint_t 				oo_attribute_count;
1710Sstevel@tonic-gate 	crypto_object_id_t		*oo_object_id_ptr;
1720Sstevel@tonic-gate 	size_t				*oo_object_size;
1730Sstevel@tonic-gate 	void				**oo_find_init_pp_ptr;
1740Sstevel@tonic-gate 	void				*oo_find_pp;
1750Sstevel@tonic-gate 	uint_t				oo_max_object_count;
1760Sstevel@tonic-gate 	uint_t				*oo_object_count_ptr;
1770Sstevel@tonic-gate } kcf_object_ops_params_t;
1780Sstevel@tonic-gate 
1790Sstevel@tonic-gate /*
1800Sstevel@tonic-gate  * ko_key is used to encode wrapping key in key_wrap() and
1810Sstevel@tonic-gate  * unwrapping key in key_unwrap(). ko_key_template and
1820Sstevel@tonic-gate  * ko_key_attribute_count are used to encode public template
1830Sstevel@tonic-gate  * and public template attr count in key_generate_pair().
1840Sstevel@tonic-gate  * kops->ko_key_object_id_ptr is used to encode public key
1850Sstevel@tonic-gate  * in key_generate_pair().
1860Sstevel@tonic-gate  */
1870Sstevel@tonic-gate typedef struct kcf_key_ops_params {
1880Sstevel@tonic-gate 	crypto_session_id_t		ko_sid;
1890Sstevel@tonic-gate 	crypto_mech_type_t		ko_framework_mechtype;
1900Sstevel@tonic-gate 	crypto_mechanism_t		ko_mech;
1910Sstevel@tonic-gate 	crypto_object_attribute_t	*ko_key_template;
1920Sstevel@tonic-gate 	uint_t				ko_key_attribute_count;
1930Sstevel@tonic-gate 	crypto_object_id_t		*ko_key_object_id_ptr;
1940Sstevel@tonic-gate 	crypto_object_attribute_t	*ko_private_key_template;
1950Sstevel@tonic-gate 	uint_t				ko_private_key_attribute_count;
1960Sstevel@tonic-gate 	crypto_object_id_t		*ko_private_key_object_id_ptr;
1970Sstevel@tonic-gate 	crypto_key_t			*ko_key;
1980Sstevel@tonic-gate 	uchar_t				*ko_wrapped_key;
1990Sstevel@tonic-gate 	size_t				*ko_wrapped_key_len_ptr;
2004219Smcpowers 	crypto_object_attribute_t	*ko_out_template1;
2014219Smcpowers 	crypto_object_attribute_t	*ko_out_template2;
2024219Smcpowers 	uint_t				ko_out_attribute_count1;
2034219Smcpowers 	uint_t				ko_out_attribute_count2;
2040Sstevel@tonic-gate } kcf_key_ops_params_t;
2050Sstevel@tonic-gate 
2060Sstevel@tonic-gate /*
2070Sstevel@tonic-gate  * po_pin and po_pin_len are used to encode new_pin and new_pin_len
2080Sstevel@tonic-gate  * when wrapping set_pin() function parameters.
2090Sstevel@tonic-gate  *
2100Sstevel@tonic-gate  * po_pd is useful when the provider descriptor (pd) supplying the
2110Sstevel@tonic-gate  * provider handle is different from the pd supplying the ops vector.
2120Sstevel@tonic-gate  * This is true for the ext_info provider entry point where po_pd
2130Sstevel@tonic-gate  * can be the pd of a logical provider. The pd supplying the ops vector
2140Sstevel@tonic-gate  * is passed as an argument to kcf_submit_request().
2150Sstevel@tonic-gate  */
2160Sstevel@tonic-gate typedef struct kcf_provmgmt_ops_params {
2170Sstevel@tonic-gate 	crypto_session_id_t 		po_sid;
2180Sstevel@tonic-gate 	char				*po_pin;
2190Sstevel@tonic-gate 	size_t				po_pin_len;
2200Sstevel@tonic-gate 	char				*po_old_pin;
2210Sstevel@tonic-gate 	size_t				po_old_pin_len;
2220Sstevel@tonic-gate 	char				*po_label;
2230Sstevel@tonic-gate 	crypto_provider_ext_info_t	*po_ext_info;
2240Sstevel@tonic-gate 	kcf_provider_desc_t		*po_pd;
2250Sstevel@tonic-gate } kcf_provmgmt_ops_params_t;
2260Sstevel@tonic-gate 
2270Sstevel@tonic-gate /*
2280Sstevel@tonic-gate  * The operation type within a function group.
2290Sstevel@tonic-gate  */
2300Sstevel@tonic-gate typedef enum kcf_op_type {
2310Sstevel@tonic-gate 	/* common ops for all mechanisms */
2320Sstevel@tonic-gate 	KCF_OP_INIT = 1,
2330Sstevel@tonic-gate 	KCF_OP_SINGLE,	/* pkcs11 sense. So, INIT is already done */
2340Sstevel@tonic-gate 	KCF_OP_UPDATE,
2350Sstevel@tonic-gate 	KCF_OP_FINAL,
2360Sstevel@tonic-gate 	KCF_OP_ATOMIC,
2370Sstevel@tonic-gate 
2380Sstevel@tonic-gate 	/* digest_key op */
2390Sstevel@tonic-gate 	KCF_OP_DIGEST_KEY,
2400Sstevel@tonic-gate 
2410Sstevel@tonic-gate 	/* mac specific op */
2420Sstevel@tonic-gate 	KCF_OP_MAC_VERIFY_ATOMIC,
2430Sstevel@tonic-gate 
2440Sstevel@tonic-gate 	/* mac/cipher specific op */
2450Sstevel@tonic-gate 	KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC,
2460Sstevel@tonic-gate 
2470Sstevel@tonic-gate 	/* sign_recover ops */
2480Sstevel@tonic-gate 	KCF_OP_SIGN_RECOVER_INIT,
2490Sstevel@tonic-gate 	KCF_OP_SIGN_RECOVER,
2500Sstevel@tonic-gate 	KCF_OP_SIGN_RECOVER_ATOMIC,
2510Sstevel@tonic-gate 
2520Sstevel@tonic-gate 	/* verify_recover ops */
2530Sstevel@tonic-gate 	KCF_OP_VERIFY_RECOVER_INIT,
2540Sstevel@tonic-gate 	KCF_OP_VERIFY_RECOVER,
2550Sstevel@tonic-gate 	KCF_OP_VERIFY_RECOVER_ATOMIC,
2560Sstevel@tonic-gate 
2570Sstevel@tonic-gate 	/* random number ops */
2580Sstevel@tonic-gate 	KCF_OP_RANDOM_SEED,
2590Sstevel@tonic-gate 	KCF_OP_RANDOM_GENERATE,
2600Sstevel@tonic-gate 
2610Sstevel@tonic-gate 	/* session management ops */
2620Sstevel@tonic-gate 	KCF_OP_SESSION_OPEN,
2630Sstevel@tonic-gate 	KCF_OP_SESSION_CLOSE,
2640Sstevel@tonic-gate 	KCF_OP_SESSION_LOGIN,
2650Sstevel@tonic-gate 	KCF_OP_SESSION_LOGOUT,
2660Sstevel@tonic-gate 
2670Sstevel@tonic-gate 	/* object management ops */
2680Sstevel@tonic-gate 	KCF_OP_OBJECT_CREATE,
2690Sstevel@tonic-gate 	KCF_OP_OBJECT_COPY,
2700Sstevel@tonic-gate 	KCF_OP_OBJECT_DESTROY,
2710Sstevel@tonic-gate 	KCF_OP_OBJECT_GET_SIZE,
2720Sstevel@tonic-gate 	KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE,
2730Sstevel@tonic-gate 	KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE,
2740Sstevel@tonic-gate 	KCF_OP_OBJECT_FIND_INIT,
2750Sstevel@tonic-gate 	KCF_OP_OBJECT_FIND,
2760Sstevel@tonic-gate 	KCF_OP_OBJECT_FIND_FINAL,
2770Sstevel@tonic-gate 
2780Sstevel@tonic-gate 	/* key management ops */
2790Sstevel@tonic-gate 	KCF_OP_KEY_GENERATE,
2800Sstevel@tonic-gate 	KCF_OP_KEY_GENERATE_PAIR,
2810Sstevel@tonic-gate 	KCF_OP_KEY_WRAP,
2820Sstevel@tonic-gate 	KCF_OP_KEY_UNWRAP,
2830Sstevel@tonic-gate 	KCF_OP_KEY_DERIVE,
2840Sstevel@tonic-gate 	KCF_OP_KEY_CHECK,
2850Sstevel@tonic-gate 
2860Sstevel@tonic-gate 	/* provider management ops */
2870Sstevel@tonic-gate 	KCF_OP_MGMT_EXTINFO,
2880Sstevel@tonic-gate 	KCF_OP_MGMT_INITTOKEN,
2890Sstevel@tonic-gate 	KCF_OP_MGMT_INITPIN,
2900Sstevel@tonic-gate 	KCF_OP_MGMT_SETPIN
2910Sstevel@tonic-gate } kcf_op_type_t;
2920Sstevel@tonic-gate 
2930Sstevel@tonic-gate /*
2940Sstevel@tonic-gate  * The operation groups that need wrapping of parameters. This is somewhat
2950Sstevel@tonic-gate  * similar to the function group type in spi.h except that this also includes
2960Sstevel@tonic-gate  * all the functions that don't have a mechanism.
2970Sstevel@tonic-gate  *
2980Sstevel@tonic-gate  * The wrapper macros should never take these enum values as an argument.
2990Sstevel@tonic-gate  * Rather, they are assigned in the macro itself since they are known
3000Sstevel@tonic-gate  * from the macro name.
3010Sstevel@tonic-gate  */
3020Sstevel@tonic-gate typedef enum kcf_op_group {
3030Sstevel@tonic-gate 	KCF_OG_DIGEST = 1,
3040Sstevel@tonic-gate 	KCF_OG_MAC,
3050Sstevel@tonic-gate 	KCF_OG_ENCRYPT,
3060Sstevel@tonic-gate 	KCF_OG_DECRYPT,
3070Sstevel@tonic-gate 	KCF_OG_SIGN,
3080Sstevel@tonic-gate 	KCF_OG_VERIFY,
3090Sstevel@tonic-gate 	KCF_OG_ENCRYPT_MAC,
3100Sstevel@tonic-gate 	KCF_OG_MAC_DECRYPT,
3110Sstevel@tonic-gate 	KCF_OG_RANDOM,
3120Sstevel@tonic-gate 	KCF_OG_SESSION,
3130Sstevel@tonic-gate 	KCF_OG_OBJECT,
3140Sstevel@tonic-gate 	KCF_OG_KEY,
3154219Smcpowers 	KCF_OG_PROVMGMT,
3164219Smcpowers 	KCF_OG_NOSTORE_KEY
3170Sstevel@tonic-gate } kcf_op_group_t;
3180Sstevel@tonic-gate 
3190Sstevel@tonic-gate /*
3200Sstevel@tonic-gate  * The kcf_op_type_t enum values used here should be only for those
3210Sstevel@tonic-gate  * operations for which there is a k-api routine in sys/crypto/api.h.
3220Sstevel@tonic-gate  */
3230Sstevel@tonic-gate #define	IS_INIT_OP(ftype)	((ftype) == KCF_OP_INIT)
3240Sstevel@tonic-gate #define	IS_SINGLE_OP(ftype)	((ftype) == KCF_OP_SINGLE)
3250Sstevel@tonic-gate #define	IS_UPDATE_OP(ftype)	((ftype) == KCF_OP_UPDATE)
3260Sstevel@tonic-gate #define	IS_FINAL_OP(ftype)	((ftype) == KCF_OP_FINAL)
3270Sstevel@tonic-gate #define	IS_ATOMIC_OP(ftype)	( \
3280Sstevel@tonic-gate 	(ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \
3290Sstevel@tonic-gate 	(ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \
3300Sstevel@tonic-gate 	(ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \
3310Sstevel@tonic-gate 	(ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC)
3320Sstevel@tonic-gate 
3330Sstevel@tonic-gate /*
3340Sstevel@tonic-gate  * Keep the parameters associated with a request around.
3350Sstevel@tonic-gate  * We need to pass them to the SPI.
3360Sstevel@tonic-gate  */
3370Sstevel@tonic-gate typedef struct kcf_req_params {
3380Sstevel@tonic-gate 	kcf_op_group_t		rp_opgrp;
3390Sstevel@tonic-gate 	kcf_op_type_t		rp_optype;
3400Sstevel@tonic-gate 
3410Sstevel@tonic-gate 	union {
3420Sstevel@tonic-gate 		kcf_digest_ops_params_t		digest_params;
3430Sstevel@tonic-gate 		kcf_mac_ops_params_t		mac_params;
3440Sstevel@tonic-gate 		kcf_encrypt_ops_params_t	encrypt_params;
3450Sstevel@tonic-gate 		kcf_decrypt_ops_params_t	decrypt_params;
3460Sstevel@tonic-gate 		kcf_sign_ops_params_t		sign_params;
3470Sstevel@tonic-gate 		kcf_verify_ops_params_t		verify_params;
3480Sstevel@tonic-gate 		kcf_encrypt_mac_ops_params_t	encrypt_mac_params;
3490Sstevel@tonic-gate 		kcf_mac_decrypt_ops_params_t	mac_decrypt_params;
3500Sstevel@tonic-gate 		kcf_random_number_ops_params_t	random_number_params;
3510Sstevel@tonic-gate 		kcf_session_ops_params_t	session_params;
3520Sstevel@tonic-gate 		kcf_object_ops_params_t		object_params;
3530Sstevel@tonic-gate 		kcf_key_ops_params_t		key_params;
3540Sstevel@tonic-gate 		kcf_provmgmt_ops_params_t	provmgmt_params;
3550Sstevel@tonic-gate 	} rp_u;
3560Sstevel@tonic-gate } kcf_req_params_t;
3570Sstevel@tonic-gate 
3580Sstevel@tonic-gate 
3590Sstevel@tonic-gate /*
3600Sstevel@tonic-gate  * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t
3610Sstevel@tonic-gate  * structure before calling a scheduler routine. The following macros are
3620Sstevel@tonic-gate  * available for that purpose.
3630Sstevel@tonic-gate  *
3640Sstevel@tonic-gate  * For the most part, the macro arguments closely correspond to the
3650Sstevel@tonic-gate  * function parameters. In some cases, we use generic names. The comments
3660Sstevel@tonic-gate  * for the structure should indicate these cases.
3670Sstevel@tonic-gate  */
3680Sstevel@tonic-gate #define	KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
3690Sstevel@tonic-gate 	_data, _digest) {						\
3700Sstevel@tonic-gate 	kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params;	\
371*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
3720Sstevel@tonic-gate 									\
3730Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_DIGEST;				\
3740Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
3750Sstevel@tonic-gate 	dops->do_sid = _sid;						\
376*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
377*7882SBhargava.Yenduri@Sun.COM 		dops->do_mech = *mechp;					\
378*7882SBhargava.Yenduri@Sun.COM 		dops->do_framework_mechtype = mechp->cm_type;		\
379*7882SBhargava.Yenduri@Sun.COM 	}								\
3800Sstevel@tonic-gate 	dops->do_digest_key = _key;					\
3810Sstevel@tonic-gate 	dops->do_data = _data;						\
3820Sstevel@tonic-gate 	dops->do_digest = _digest;					\
3830Sstevel@tonic-gate }
3840Sstevel@tonic-gate 
3850Sstevel@tonic-gate #define	KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key,		\
3860Sstevel@tonic-gate 	_data, _mac, _templ) {						\
3870Sstevel@tonic-gate 	kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params;		\
388*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
3890Sstevel@tonic-gate 									\
3900Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_MAC;					\
3910Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
3920Sstevel@tonic-gate 	mops->mo_sid = _sid;						\
393*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
394*7882SBhargava.Yenduri@Sun.COM 		mops->mo_mech = *mechp;					\
395*7882SBhargava.Yenduri@Sun.COM 		mops->mo_framework_mechtype = mechp->cm_type;		\
396*7882SBhargava.Yenduri@Sun.COM 	}								\
3970Sstevel@tonic-gate 	mops->mo_key = _key;						\
3980Sstevel@tonic-gate 	mops->mo_data = _data;						\
3990Sstevel@tonic-gate 	mops->mo_mac = _mac;						\
4000Sstevel@tonic-gate 	mops->mo_templ = _templ;					\
4010Sstevel@tonic-gate }
4020Sstevel@tonic-gate 
4030Sstevel@tonic-gate #define	KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
4040Sstevel@tonic-gate 	_plaintext, _ciphertext, _templ) {				\
4050Sstevel@tonic-gate 	kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params;	\
406*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
4070Sstevel@tonic-gate 									\
4080Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_ENCRYPT;				\
4090Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
4100Sstevel@tonic-gate 	cops->eo_sid = _sid;						\
411*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
412*7882SBhargava.Yenduri@Sun.COM 		cops->eo_mech = *mechp;					\
413*7882SBhargava.Yenduri@Sun.COM 		cops->eo_framework_mechtype = mechp->cm_type;		\
414*7882SBhargava.Yenduri@Sun.COM 	}								\
4150Sstevel@tonic-gate 	cops->eo_key = _key;						\
4160Sstevel@tonic-gate 	cops->eo_plaintext = _plaintext;				\
4170Sstevel@tonic-gate 	cops->eo_ciphertext = _ciphertext;				\
4180Sstevel@tonic-gate 	cops->eo_templ = _templ;					\
4190Sstevel@tonic-gate }
4200Sstevel@tonic-gate 
4210Sstevel@tonic-gate #define	KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
4220Sstevel@tonic-gate 	_ciphertext, _plaintext, _templ) {				\
4230Sstevel@tonic-gate 	kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params;	\
424*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
4250Sstevel@tonic-gate 									\
4260Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_DECRYPT;				\
4270Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
4280Sstevel@tonic-gate 	cops->dop_sid = _sid;						\
429*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
430*7882SBhargava.Yenduri@Sun.COM 		cops->dop_mech = *mechp;				\
431*7882SBhargava.Yenduri@Sun.COM 		cops->dop_framework_mechtype = mechp->cm_type;		\
432*7882SBhargava.Yenduri@Sun.COM 	}								\
4330Sstevel@tonic-gate 	cops->dop_key = _key;						\
4340Sstevel@tonic-gate 	cops->dop_ciphertext = _ciphertext;				\
4350Sstevel@tonic-gate 	cops->dop_plaintext = _plaintext;				\
4360Sstevel@tonic-gate 	cops->dop_templ = _templ;					\
4370Sstevel@tonic-gate }
4380Sstevel@tonic-gate 
4390Sstevel@tonic-gate #define	KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key,		\
4400Sstevel@tonic-gate 	_data, _signature, _templ) {					\
4410Sstevel@tonic-gate 	kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params;		\
442*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
4430Sstevel@tonic-gate 									\
4440Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_SIGN;					\
4450Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
4460Sstevel@tonic-gate 	sops->so_sid = _sid;						\
447*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
448*7882SBhargava.Yenduri@Sun.COM 		sops->so_mech = *mechp;					\
449*7882SBhargava.Yenduri@Sun.COM 		sops->so_framework_mechtype = mechp->cm_type;		\
450*7882SBhargava.Yenduri@Sun.COM 	}								\
4510Sstevel@tonic-gate 	sops->so_key = _key;						\
4520Sstevel@tonic-gate 	sops->so_data = _data;						\
4530Sstevel@tonic-gate 	sops->so_signature = _signature;				\
4540Sstevel@tonic-gate 	sops->so_templ = _templ;					\
4550Sstevel@tonic-gate }
4560Sstevel@tonic-gate 
4570Sstevel@tonic-gate #define	KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
4580Sstevel@tonic-gate 	_data, _signature, _templ) {					\
4590Sstevel@tonic-gate 	kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params;	\
460*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
4610Sstevel@tonic-gate 									\
4620Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_VERIFY;				\
4630Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
4640Sstevel@tonic-gate 	vops->vo_sid = _sid;						\
465*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
466*7882SBhargava.Yenduri@Sun.COM 		vops->vo_mech = *mechp;					\
467*7882SBhargava.Yenduri@Sun.COM 		vops->vo_framework_mechtype = mechp->cm_type;		\
468*7882SBhargava.Yenduri@Sun.COM 	}								\
4690Sstevel@tonic-gate 	vops->vo_key = _key;						\
4700Sstevel@tonic-gate 	vops->vo_data = _data;						\
4710Sstevel@tonic-gate 	vops->vo_signature = _signature;				\
4720Sstevel@tonic-gate 	vops->vo_templ = _templ;					\
4730Sstevel@tonic-gate }
4740Sstevel@tonic-gate 
4750Sstevel@tonic-gate #define	KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key,	\
4760Sstevel@tonic-gate 	_mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \
4770Sstevel@tonic-gate 	kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \
4780Sstevel@tonic-gate 									\
4790Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_ENCRYPT_MAC;				\
4800Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
4810Sstevel@tonic-gate 	cmops->em_sid = _sid;						\
4820Sstevel@tonic-gate 	cmops->em_encr_key = _encr_key;					\
4830Sstevel@tonic-gate 	cmops->em_mac_key = _mac_key;					\
4840Sstevel@tonic-gate 	cmops->em_plaintext = _plaintext;				\
4850Sstevel@tonic-gate 	cmops->em_ciphertext = _ciphertext;				\
4860Sstevel@tonic-gate 	cmops->em_mac = _mac;						\
4870Sstevel@tonic-gate 	cmops->em_encr_templ = _encr_templ;				\
4880Sstevel@tonic-gate 	cmops->em_mac_templ = _mac_templ;				\
4890Sstevel@tonic-gate }
4900Sstevel@tonic-gate 
4910Sstevel@tonic-gate #define	KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key,	\
4920Sstevel@tonic-gate 	_decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \
4930Sstevel@tonic-gate 	kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \
4940Sstevel@tonic-gate 									\
4950Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_MAC_DECRYPT;				\
4960Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
4970Sstevel@tonic-gate 	cmops->md_sid = _sid;						\
4980Sstevel@tonic-gate 	cmops->md_mac_key = _mac_key;					\
4990Sstevel@tonic-gate 	cmops->md_decr_key = _decr_key;					\
5000Sstevel@tonic-gate 	cmops->md_ciphertext = _ciphertext;				\
5010Sstevel@tonic-gate 	cmops->md_mac = _mac;						\
5020Sstevel@tonic-gate 	cmops->md_plaintext = _plaintext;				\
5030Sstevel@tonic-gate 	cmops->md_mac_templ = _mac_templ;				\
5040Sstevel@tonic-gate 	cmops->md_decr_templ = _decr_templ;				\
5050Sstevel@tonic-gate }
5060Sstevel@tonic-gate 
5071920Smcpowers #define	KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen,	\
5081920Smcpowers 	_est, _flags) {							\
5090Sstevel@tonic-gate 	kcf_random_number_ops_params_t *rops =				\
5100Sstevel@tonic-gate 		&(req)->rp_u.random_number_params;			\
5110Sstevel@tonic-gate 									\
5120Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_RANDOM;				\
5130Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
5140Sstevel@tonic-gate 	rops->rn_sid = _sid;						\
5150Sstevel@tonic-gate 	rops->rn_buf = _buf;						\
5160Sstevel@tonic-gate 	rops->rn_buflen = _buflen;					\
5171920Smcpowers 	rops->rn_entropy_est = _est;					\
5181920Smcpowers 	rops->rn_flags = _flags;					\
5190Sstevel@tonic-gate }
5200Sstevel@tonic-gate 
5210Sstevel@tonic-gate #define	KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid,		\
5220Sstevel@tonic-gate 	_user_type, _pin, _pin_len, _pd) {				\
5230Sstevel@tonic-gate 	kcf_session_ops_params_t *sops = &(req)->rp_u.session_params;	\
5240Sstevel@tonic-gate 									\
5250Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_SESSION;				\
5260Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
5270Sstevel@tonic-gate 	sops->so_sid_ptr = _sid_ptr;					\
5280Sstevel@tonic-gate 	sops->so_sid = _sid;						\
5290Sstevel@tonic-gate 	sops->so_user_type = _user_type;				\
5300Sstevel@tonic-gate 	sops->so_pin = _pin;						\
5310Sstevel@tonic-gate 	sops->so_pin_len = _pin_len;					\
5320Sstevel@tonic-gate 	sops->so_pd = _pd;						\
5330Sstevel@tonic-gate }
5340Sstevel@tonic-gate 
5350Sstevel@tonic-gate #define	KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id,	\
5360Sstevel@tonic-gate 	_template, _attribute_count, _object_id_ptr, _object_size,	\
5370Sstevel@tonic-gate 	_find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \
5380Sstevel@tonic-gate 	kcf_object_ops_params_t *jops = &(req)->rp_u.object_params;	\
5390Sstevel@tonic-gate 									\
5400Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_OBJECT;				\
5410Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
5420Sstevel@tonic-gate 	jops->oo_sid = _sid;						\
5430Sstevel@tonic-gate 	jops->oo_object_id = _object_id;				\
5440Sstevel@tonic-gate 	jops->oo_template = _template;					\
5450Sstevel@tonic-gate 	jops->oo_attribute_count = _attribute_count;			\
5460Sstevel@tonic-gate 	jops->oo_object_id_ptr = _object_id_ptr;			\
5470Sstevel@tonic-gate 	jops->oo_object_size = _object_size;				\
5480Sstevel@tonic-gate 	jops->oo_find_init_pp_ptr = _find_init_pp_ptr;			\
5490Sstevel@tonic-gate 	jops->oo_find_pp = _find_pp;					\
5500Sstevel@tonic-gate 	jops->oo_max_object_count = _max_object_count;			\
5510Sstevel@tonic-gate 	jops->oo_object_count_ptr = _object_count_ptr;			\
5520Sstevel@tonic-gate }
5530Sstevel@tonic-gate 
5540Sstevel@tonic-gate #define	KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \
5550Sstevel@tonic-gate 	_key_attribute_count, _key_object_id_ptr, _private_key_template, \
5560Sstevel@tonic-gate 	_private_key_attribute_count, _private_key_object_id_ptr,	\
5570Sstevel@tonic-gate 	_key, _wrapped_key, _wrapped_key_len_ptr) {			\
5580Sstevel@tonic-gate 	kcf_key_ops_params_t *kops = &(req)->rp_u.key_params;		\
559*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
5600Sstevel@tonic-gate 									\
5610Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_KEY;					\
5620Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
5630Sstevel@tonic-gate 	kops->ko_sid = _sid;						\
564*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
565*7882SBhargava.Yenduri@Sun.COM 		kops->ko_mech = *mechp;					\
566*7882SBhargava.Yenduri@Sun.COM 		kops->ko_framework_mechtype = mechp->cm_type;		\
567*7882SBhargava.Yenduri@Sun.COM 	}								\
5680Sstevel@tonic-gate 	kops->ko_key_template = _key_template;				\
5690Sstevel@tonic-gate 	kops->ko_key_attribute_count = _key_attribute_count;		\
5700Sstevel@tonic-gate 	kops->ko_key_object_id_ptr = _key_object_id_ptr;		\
5710Sstevel@tonic-gate 	kops->ko_private_key_template = _private_key_template;		\
5720Sstevel@tonic-gate 	kops->ko_private_key_attribute_count = _private_key_attribute_count; \
5730Sstevel@tonic-gate 	kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \
5740Sstevel@tonic-gate 	kops->ko_key = _key;						\
5750Sstevel@tonic-gate 	kops->ko_wrapped_key = _wrapped_key;				\
5760Sstevel@tonic-gate 	kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr;		\
5770Sstevel@tonic-gate }
5780Sstevel@tonic-gate 
5790Sstevel@tonic-gate #define	KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin,	\
5800Sstevel@tonic-gate 	_old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) {		\
5810Sstevel@tonic-gate 	kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params;	\
5820Sstevel@tonic-gate 									\
5830Sstevel@tonic-gate 	(req)->rp_opgrp = KCF_OG_PROVMGMT;				\
5840Sstevel@tonic-gate 	(req)->rp_optype = ftype;					\
5850Sstevel@tonic-gate 	pops->po_sid = _sid;						\
5860Sstevel@tonic-gate 	pops->po_pin = _pin;						\
5870Sstevel@tonic-gate 	pops->po_pin_len = _pin_len;					\
5880Sstevel@tonic-gate 	pops->po_old_pin = _old_pin;					\
5890Sstevel@tonic-gate 	pops->po_old_pin_len = _old_pin_len;				\
5900Sstevel@tonic-gate 	pops->po_label = _label;					\
5910Sstevel@tonic-gate 	pops->po_ext_info = _ext_info;					\
5920Sstevel@tonic-gate 	pops->po_pd = _pd;						\
5930Sstevel@tonic-gate }
5940Sstevel@tonic-gate 
5954219Smcpowers #define	KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech,	\
5964219Smcpowers 	_key_template, _key_attribute_count, _private_key_template,	\
5974219Smcpowers 	_private_key_attribute_count, _key, _out_template1,		\
5984219Smcpowers 	_out_attribute_count1, _out_template2, _out_attribute_count2) {	\
5994219Smcpowers 	kcf_key_ops_params_t *kops = &(req)->rp_u.key_params;		\
600*7882SBhargava.Yenduri@Sun.COM 	crypto_mechanism_t *mechp = _mech;				\
6014219Smcpowers 									\
6024219Smcpowers 	(req)->rp_opgrp = KCF_OG_NOSTORE_KEY;				\
6034219Smcpowers 	(req)->rp_optype = ftype;					\
6044219Smcpowers 	kops->ko_sid = _sid;						\
605*7882SBhargava.Yenduri@Sun.COM 	if (mechp != NULL) {						\
606*7882SBhargava.Yenduri@Sun.COM 		kops->ko_mech = *mechp;					\
607*7882SBhargava.Yenduri@Sun.COM 		kops->ko_framework_mechtype = mechp->cm_type;		\
608*7882SBhargava.Yenduri@Sun.COM 	}								\
6094219Smcpowers 	kops->ko_key_template = _key_template;				\
6104219Smcpowers 	kops->ko_key_attribute_count = _key_attribute_count;		\
6114219Smcpowers 	kops->ko_key_object_id_ptr = NULL;				\
6124219Smcpowers 	kops->ko_private_key_template = _private_key_template;		\
6134219Smcpowers 	kops->ko_private_key_attribute_count = _private_key_attribute_count; \
6144219Smcpowers 	kops->ko_private_key_object_id_ptr = NULL;			\
6154219Smcpowers 	kops->ko_key = _key;						\
6164219Smcpowers 	kops->ko_wrapped_key = NULL;					\
6174219Smcpowers 	kops->ko_wrapped_key_len_ptr = 0;				\
6184219Smcpowers 	kops->ko_out_template1 = _out_template1;			\
6194219Smcpowers 	kops->ko_out_template2 = _out_template2;			\
6204219Smcpowers 	kops->ko_out_attribute_count1 = _out_attribute_count1;		\
6214219Smcpowers 	kops->ko_out_attribute_count2 = _out_attribute_count2;		\
6224219Smcpowers }
6234219Smcpowers 
6240Sstevel@tonic-gate #define	KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp)			\
6250Sstevel@tonic-gate 	(mechp)->cm_type =						\
6263708Skrishna 	    KCF_TO_PROV_MECHNUM(pd, fmtype);
6270Sstevel@tonic-gate 
6280Sstevel@tonic-gate #ifdef __cplusplus
6290Sstevel@tonic-gate }
6300Sstevel@tonic-gate #endif
6310Sstevel@tonic-gate 
6320Sstevel@tonic-gate #endif /* _SYS_CRYPTO_OPS_IMPL_H */
633