1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _KERNEL
27 #include <strings.h>
28 #include <limits.h>
29 #include <assert.h>
30 #include <security/cryptoki.h>
31 #endif
32
33 #include <sys/types.h>
34 #include <modes/modes.h>
35 #include <sys/crypto/common.h>
36 #include <sys/crypto/impl.h>
37
38 /*
39 * Algorithm independent CBC functions.
40 */
41 int
cbc_encrypt_contiguous_blocks(cbc_ctx_t * ctx,char * data,size_t length,crypto_data_t * out,size_t block_size,int (* encrypt)(const void *,const uint8_t *,uint8_t *),void (* copy_block)(uint8_t *,uint8_t *),void (* xor_block)(uint8_t *,uint8_t *))42 cbc_encrypt_contiguous_blocks(cbc_ctx_t *ctx, char *data, size_t length,
43 crypto_data_t *out, size_t block_size,
44 int (*encrypt)(const void *, const uint8_t *, uint8_t *),
45 void (*copy_block)(uint8_t *, uint8_t *),
46 void (*xor_block)(uint8_t *, uint8_t *))
47 {
48 size_t remainder = length;
49 size_t need;
50 uint8_t *datap = (uint8_t *)data;
51 uint8_t *blockp;
52 uint8_t *lastp;
53 void *iov_or_mp;
54 offset_t offset;
55 uint8_t *out_data_1;
56 uint8_t *out_data_2;
57 size_t out_data_1_len;
58
59 if (length + ctx->cbc_remainder_len < block_size) {
60 /* accumulate bytes here and return */
61 bcopy(datap,
62 (uint8_t *)ctx->cbc_remainder + ctx->cbc_remainder_len,
63 length);
64 ctx->cbc_remainder_len += length;
65 ctx->cbc_copy_to = datap;
66 return (CRYPTO_SUCCESS);
67 }
68
69 lastp = (uint8_t *)ctx->cbc_iv;
70 if (out != NULL)
71 crypto_init_ptrs(out, &iov_or_mp, &offset);
72
73 do {
74 /* Unprocessed data from last call. */
75 if (ctx->cbc_remainder_len > 0) {
76 need = block_size - ctx->cbc_remainder_len;
77
78 if (need > remainder)
79 return (CRYPTO_DATA_LEN_RANGE);
80
81 bcopy(datap, &((uint8_t *)ctx->cbc_remainder)
82 [ctx->cbc_remainder_len], need);
83
84 blockp = (uint8_t *)ctx->cbc_remainder;
85 } else {
86 blockp = datap;
87 }
88
89 if (out == NULL) {
90 /*
91 * XOR the previous cipher block or IV with the
92 * current clear block.
93 */
94 xor_block(lastp, blockp);
95 encrypt(ctx->cbc_keysched, blockp, blockp);
96
97 ctx->cbc_lastp = blockp;
98 lastp = blockp;
99
100 if (ctx->cbc_remainder_len > 0) {
101 bcopy(blockp, ctx->cbc_copy_to,
102 ctx->cbc_remainder_len);
103 bcopy(blockp + ctx->cbc_remainder_len, datap,
104 need);
105 }
106 } else {
107 /*
108 * XOR the previous cipher block or IV with the
109 * current clear block.
110 */
111 xor_block(blockp, lastp);
112 encrypt(ctx->cbc_keysched, lastp, lastp);
113 crypto_get_ptrs(out, &iov_or_mp, &offset, &out_data_1,
114 &out_data_1_len, &out_data_2, block_size);
115
116 /* copy block to where it belongs */
117 if (out_data_1_len == block_size) {
118 copy_block(lastp, out_data_1);
119 } else {
120 bcopy(lastp, out_data_1, out_data_1_len);
121 if (out_data_2 != NULL) {
122 bcopy(lastp + out_data_1_len,
123 out_data_2,
124 block_size - out_data_1_len);
125 }
126 }
127 /* update offset */
128 out->cd_offset += block_size;
129 }
130
131 /* Update pointer to next block of data to be processed. */
132 if (ctx->cbc_remainder_len != 0) {
133 datap += need;
134 ctx->cbc_remainder_len = 0;
135 } else {
136 datap += block_size;
137 }
138
139 remainder = (size_t)&data[length] - (size_t)datap;
140
141 /* Incomplete last block. */
142 if (remainder > 0 && remainder < block_size) {
143 bcopy(datap, ctx->cbc_remainder, remainder);
144 ctx->cbc_remainder_len = remainder;
145 ctx->cbc_copy_to = datap;
146 goto out;
147 }
148 ctx->cbc_copy_to = NULL;
149
150 } while (remainder > 0);
151
152 out:
153 /*
154 * Save the last encrypted block in the context.
155 */
156 if (ctx->cbc_lastp != NULL) {
157 copy_block((uint8_t *)ctx->cbc_lastp, (uint8_t *)ctx->cbc_iv);
158 ctx->cbc_lastp = (uint8_t *)ctx->cbc_iv;
159 }
160
161 return (CRYPTO_SUCCESS);
162 }
163
164 #define OTHER(a, ctx) \
165 (((a) == (ctx)->cbc_lastblock) ? (ctx)->cbc_iv : (ctx)->cbc_lastblock)
166
167 /* ARGSUSED */
168 int
cbc_decrypt_contiguous_blocks(cbc_ctx_t * ctx,char * data,size_t length,crypto_data_t * out,size_t block_size,int (* decrypt)(const void *,const uint8_t *,uint8_t *),void (* copy_block)(uint8_t *,uint8_t *),void (* xor_block)(uint8_t *,uint8_t *))169 cbc_decrypt_contiguous_blocks(cbc_ctx_t *ctx, char *data, size_t length,
170 crypto_data_t *out, size_t block_size,
171 int (*decrypt)(const void *, const uint8_t *, uint8_t *),
172 void (*copy_block)(uint8_t *, uint8_t *),
173 void (*xor_block)(uint8_t *, uint8_t *))
174 {
175 size_t remainder = length;
176 size_t need;
177 uint8_t *datap = (uint8_t *)data;
178 uint8_t *blockp;
179 uint8_t *lastp;
180 void *iov_or_mp;
181 offset_t offset;
182 uint8_t *out_data_1;
183 uint8_t *out_data_2;
184 size_t out_data_1_len;
185
186 if (length + ctx->cbc_remainder_len < block_size) {
187 /* accumulate bytes here and return */
188 bcopy(datap,
189 (uint8_t *)ctx->cbc_remainder + ctx->cbc_remainder_len,
190 length);
191 ctx->cbc_remainder_len += length;
192 ctx->cbc_copy_to = datap;
193 return (CRYPTO_SUCCESS);
194 }
195
196 lastp = ctx->cbc_lastp;
197 if (out != NULL)
198 crypto_init_ptrs(out, &iov_or_mp, &offset);
199
200 do {
201 /* Unprocessed data from last call. */
202 if (ctx->cbc_remainder_len > 0) {
203 need = block_size - ctx->cbc_remainder_len;
204
205 if (need > remainder)
206 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
207
208 bcopy(datap, &((uint8_t *)ctx->cbc_remainder)
209 [ctx->cbc_remainder_len], need);
210
211 blockp = (uint8_t *)ctx->cbc_remainder;
212 } else {
213 blockp = datap;
214 }
215
216 /* LINTED: pointer alignment */
217 copy_block(blockp, (uint8_t *)OTHER((uint64_t *)lastp, ctx));
218
219 if (out != NULL) {
220 decrypt(ctx->cbc_keysched, blockp,
221 (uint8_t *)ctx->cbc_remainder);
222 blockp = (uint8_t *)ctx->cbc_remainder;
223 } else {
224 decrypt(ctx->cbc_keysched, blockp, blockp);
225 }
226
227 /*
228 * XOR the previous cipher block or IV with the
229 * currently decrypted block.
230 */
231 xor_block(lastp, blockp);
232
233 /* LINTED: pointer alignment */
234 lastp = (uint8_t *)OTHER((uint64_t *)lastp, ctx);
235
236 if (out != NULL) {
237 crypto_get_ptrs(out, &iov_or_mp, &offset, &out_data_1,
238 &out_data_1_len, &out_data_2, block_size);
239
240 bcopy(blockp, out_data_1, out_data_1_len);
241 if (out_data_2 != NULL) {
242 bcopy(blockp + out_data_1_len, out_data_2,
243 block_size - out_data_1_len);
244 }
245
246 /* update offset */
247 out->cd_offset += block_size;
248
249 } else if (ctx->cbc_remainder_len > 0) {
250 /* copy temporary block to where it belongs */
251 bcopy(blockp, ctx->cbc_copy_to, ctx->cbc_remainder_len);
252 bcopy(blockp + ctx->cbc_remainder_len, datap, need);
253 }
254
255 /* Update pointer to next block of data to be processed. */
256 if (ctx->cbc_remainder_len != 0) {
257 datap += need;
258 ctx->cbc_remainder_len = 0;
259 } else {
260 datap += block_size;
261 }
262
263 remainder = (size_t)&data[length] - (size_t)datap;
264
265 /* Incomplete last block. */
266 if (remainder > 0 && remainder < block_size) {
267 bcopy(datap, ctx->cbc_remainder, remainder);
268 ctx->cbc_remainder_len = remainder;
269 ctx->cbc_lastp = lastp;
270 ctx->cbc_copy_to = datap;
271 return (CRYPTO_SUCCESS);
272 }
273 ctx->cbc_copy_to = NULL;
274
275 } while (remainder > 0);
276
277 ctx->cbc_lastp = lastp;
278 return (CRYPTO_SUCCESS);
279 }
280
281 int
cbc_init_ctx(cbc_ctx_t * cbc_ctx,char * param,size_t param_len,size_t block_size,void (* copy_block)(uint8_t *,uint64_t *))282 cbc_init_ctx(cbc_ctx_t *cbc_ctx, char *param, size_t param_len,
283 size_t block_size, void (*copy_block)(uint8_t *, uint64_t *))
284 {
285 /*
286 * Copy IV into context.
287 *
288 * If cm_param == NULL then the IV comes from the
289 * cd_miscdata field in the crypto_data structure.
290 */
291 if (param != NULL) {
292 #ifdef _KERNEL
293 ASSERT(param_len == block_size);
294 #else
295 assert(param_len == block_size);
296 #endif
297 copy_block((uchar_t *)param, cbc_ctx->cbc_iv);
298 }
299
300 cbc_ctx->cbc_lastp = (uint8_t *)&cbc_ctx->cbc_iv[0];
301 cbc_ctx->cbc_flags |= CBC_MODE;
302 return (CRYPTO_SUCCESS);
303 }
304
305 /* ARGSUSED */
306 void *
cbc_alloc_ctx(int kmflag)307 cbc_alloc_ctx(int kmflag)
308 {
309 cbc_ctx_t *cbc_ctx;
310
311 #ifdef _KERNEL
312 if ((cbc_ctx = kmem_zalloc(sizeof (cbc_ctx_t), kmflag)) == NULL)
313 #else
314 if ((cbc_ctx = calloc(1, sizeof (cbc_ctx_t))) == NULL)
315 #endif
316 return (NULL);
317
318 cbc_ctx->cbc_flags = CBC_MODE;
319 return (cbc_ctx);
320 }
321