1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _COMMON_CRYPTO_MODES_H 27 #define _COMMON_CRYPTO_MODES_H 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #include <sys/strsun.h> 34 #include <sys/systm.h> 35 #include <sys/sysmacros.h> 36 #include <sys/types.h> 37 #include <sys/errno.h> 38 #include <sys/rwlock.h> 39 #include <sys/kmem.h> 40 #include <sys/crypto/common.h> 41 #include <sys/crypto/impl.h> 42 43 #define ECB_MODE 0x00000002 44 #define CBC_MODE 0x00000004 45 #define CTR_MODE 0x00000008 46 #define CCM_MODE 0x00000010 47 #define GCM_MODE 0x00000020 48 #define GMAC_MODE 0x00000040 49 50 /* 51 * cc_keysched: Pointer to key schedule. 52 * 53 * cc_keysched_len: Length of the key schedule. 54 * 55 * cc_remainder: This is for residual data, i.e. data that can't 56 * be processed because there are too few bytes. 57 * Must wait until more data arrives. 58 * 59 * cc_remainder_len: Number of bytes in cc_remainder. 60 * 61 * cc_iv: Scratch buffer that sometimes contains the IV. 62 * 63 * cc_lastp: Pointer to previous block of ciphertext. 64 * 65 * cc_copy_to: Pointer to where encrypted residual data needs 66 * to be copied. 67 * 68 * cc_flags: PROVIDER_OWNS_KEY_SCHEDULE 69 * When a context is freed, it is necessary 70 * to know whether the key schedule was allocated 71 * by the caller, or internally, e.g. an init routine. 72 * If allocated by the latter, then it needs to be freed. 73 * 74 * ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE 75 */ 76 struct common_ctx { 77 void *cc_keysched; 78 size_t cc_keysched_len; 79 uint64_t cc_iv[2]; 80 uint64_t cc_remainder[2]; 81 size_t cc_remainder_len; 82 uint8_t *cc_lastp; 83 uint8_t *cc_copy_to; 84 uint32_t cc_flags; 85 }; 86 87 typedef struct common_ctx common_ctx_t; 88 89 typedef struct ecb_ctx { 90 struct common_ctx ecb_common; 91 uint64_t ecb_lastblock[2]; 92 } ecb_ctx_t; 93 94 #define ecb_keysched ecb_common.cc_keysched 95 #define ecb_keysched_len ecb_common.cc_keysched_len 96 #define ecb_iv ecb_common.cc_iv 97 #define ecb_remainder ecb_common.cc_remainder 98 #define ecb_remainder_len ecb_common.cc_remainder_len 99 #define ecb_lastp ecb_common.cc_lastp 100 #define ecb_copy_to ecb_common.cc_copy_to 101 #define ecb_flags ecb_common.cc_flags 102 103 typedef struct cbc_ctx { 104 struct common_ctx cbc_common; 105 uint64_t cbc_lastblock[2]; 106 } cbc_ctx_t; 107 108 #define cbc_keysched cbc_common.cc_keysched 109 #define cbc_keysched_len cbc_common.cc_keysched_len 110 #define cbc_iv cbc_common.cc_iv 111 #define cbc_remainder cbc_common.cc_remainder 112 #define cbc_remainder_len cbc_common.cc_remainder_len 113 #define cbc_lastp cbc_common.cc_lastp 114 #define cbc_copy_to cbc_common.cc_copy_to 115 #define cbc_flags cbc_common.cc_flags 116 117 /* 118 * ctr_lower_mask Bit-mask for lower 8 bytes of counter block. 119 * ctr_upper_mask Bit-mask for upper 8 bytes of counter block. 120 */ 121 typedef struct ctr_ctx { 122 struct common_ctx ctr_common; 123 uint64_t ctr_lower_mask; 124 uint64_t ctr_upper_mask; 125 uint32_t ctr_tmp[4]; 126 } ctr_ctx_t; 127 128 /* 129 * ctr_cb Counter block. 130 */ 131 #define ctr_keysched ctr_common.cc_keysched 132 #define ctr_keysched_len ctr_common.cc_keysched_len 133 #define ctr_cb ctr_common.cc_iv 134 #define ctr_remainder ctr_common.cc_remainder 135 #define ctr_remainder_len ctr_common.cc_remainder_len 136 #define ctr_lastp ctr_common.cc_lastp 137 #define ctr_copy_to ctr_common.cc_copy_to 138 #define ctr_flags ctr_common.cc_flags 139 140 /* 141 * 142 * ccm_mac_len: Stores length of the MAC in CCM mode. 143 * ccm_mac_buf: Stores the intermediate value for MAC in CCM encrypt. 144 * In CCM decrypt, stores the input MAC value. 145 * ccm_data_len: Length of the plaintext for CCM mode encrypt, or 146 * length of the ciphertext for CCM mode decrypt. 147 * ccm_processed_data_len: 148 * Length of processed plaintext in CCM mode encrypt, 149 * or length of processed ciphertext for CCM mode decrypt. 150 * ccm_processed_mac_len: 151 * Length of MAC data accumulated in CCM mode decrypt. 152 * 153 * ccm_pt_buf: Only used in CCM mode decrypt. It stores the 154 * decrypted plaintext to be returned when 155 * MAC verification succeeds in decrypt_final. 156 * Memory for this should be allocated in the AES module. 157 * 158 */ 159 typedef struct ccm_ctx { 160 struct common_ctx ccm_common; 161 uint32_t ccm_tmp[4]; 162 size_t ccm_mac_len; 163 uint64_t ccm_mac_buf[2]; 164 size_t ccm_data_len; 165 size_t ccm_processed_data_len; 166 size_t ccm_processed_mac_len; 167 uint8_t *ccm_pt_buf; 168 uint64_t ccm_mac_input_buf[2]; 169 uint64_t ccm_counter_mask; 170 } ccm_ctx_t; 171 172 #define ccm_keysched ccm_common.cc_keysched 173 #define ccm_keysched_len ccm_common.cc_keysched_len 174 #define ccm_cb ccm_common.cc_iv 175 #define ccm_remainder ccm_common.cc_remainder 176 #define ccm_remainder_len ccm_common.cc_remainder_len 177 #define ccm_lastp ccm_common.cc_lastp 178 #define ccm_copy_to ccm_common.cc_copy_to 179 #define ccm_flags ccm_common.cc_flags 180 181 /* 182 * gcm_tag_len: Length of authentication tag. 183 * 184 * gcm_ghash: Stores output from the GHASH function. 185 * 186 * gcm_processed_data_len: 187 * Length of processed plaintext (encrypt) or 188 * length of processed ciphertext (decrypt). 189 * 190 * gcm_pt_buf: Stores the decrypted plaintext returned by 191 * decrypt_final when the computed authentication 192 * tag matches the user supplied tag. 193 * 194 * gcm_pt_buf_len: Length of the plaintext buffer. 195 * 196 * gcm_H: Subkey. 197 * 198 * gcm_J0: Pre-counter block generated from the IV. 199 * 200 * gcm_len_a_len_c: 64-bit representations of the bit lengths of 201 * AAD and ciphertext. 202 * 203 * gcm_kmflag: Current value of kmflag. Used only for allocating 204 * the plaintext buffer during decryption. 205 */ 206 typedef struct gcm_ctx { 207 struct common_ctx gcm_common; 208 size_t gcm_tag_len; 209 size_t gcm_processed_data_len; 210 size_t gcm_pt_buf_len; 211 uint32_t gcm_tmp[4]; 212 uint64_t gcm_ghash[2]; 213 uint64_t gcm_H[2]; 214 uint64_t gcm_J0[2]; 215 uint64_t gcm_len_a_len_c[2]; 216 uint8_t *gcm_pt_buf; 217 int gcm_kmflag; 218 } gcm_ctx_t; 219 220 #define gcm_keysched gcm_common.cc_keysched 221 #define gcm_keysched_len gcm_common.cc_keysched_len 222 #define gcm_cb gcm_common.cc_iv 223 #define gcm_remainder gcm_common.cc_remainder 224 #define gcm_remainder_len gcm_common.cc_remainder_len 225 #define gcm_lastp gcm_common.cc_lastp 226 #define gcm_copy_to gcm_common.cc_copy_to 227 #define gcm_flags gcm_common.cc_flags 228 229 #define AES_GMAC_IV_LEN 12 230 #define AES_GMAC_TAG_BITS 128 231 232 typedef struct aes_ctx { 233 union { 234 ecb_ctx_t acu_ecb; 235 cbc_ctx_t acu_cbc; 236 ctr_ctx_t acu_ctr; 237 #ifdef _KERNEL 238 ccm_ctx_t acu_ccm; 239 gcm_ctx_t acu_gcm; 240 #endif 241 } acu; 242 } aes_ctx_t; 243 244 #define ac_flags acu.acu_ecb.ecb_common.cc_flags 245 #define ac_remainder_len acu.acu_ecb.ecb_common.cc_remainder_len 246 #define ac_keysched acu.acu_ecb.ecb_common.cc_keysched 247 #define ac_keysched_len acu.acu_ecb.ecb_common.cc_keysched_len 248 #define ac_iv acu.acu_ecb.ecb_common.cc_iv 249 #define ac_lastp acu.acu_ecb.ecb_common.cc_lastp 250 #define ac_pt_buf acu.acu_ccm.ccm_pt_buf 251 #define ac_mac_len acu.acu_ccm.ccm_mac_len 252 #define ac_data_len acu.acu_ccm.ccm_data_len 253 #define ac_processed_mac_len acu.acu_ccm.ccm_processed_mac_len 254 #define ac_processed_data_len acu.acu_ccm.ccm_processed_data_len 255 #define ac_tag_len acu.acu_gcm.gcm_tag_len 256 257 typedef struct blowfish_ctx { 258 union { 259 ecb_ctx_t bcu_ecb; 260 cbc_ctx_t bcu_cbc; 261 } bcu; 262 } blowfish_ctx_t; 263 264 #define bc_flags bcu.bcu_ecb.ecb_common.cc_flags 265 #define bc_remainder_len bcu.bcu_ecb.ecb_common.cc_remainder_len 266 #define bc_keysched bcu.bcu_ecb.ecb_common.cc_keysched 267 #define bc_keysched_len bcu.bcu_ecb.ecb_common.cc_keysched_len 268 #define bc_iv bcu.bcu_ecb.ecb_common.cc_iv 269 #define bc_lastp bcu.bcu_ecb.ecb_common.cc_lastp 270 271 typedef struct des_ctx { 272 union { 273 ecb_ctx_t dcu_ecb; 274 cbc_ctx_t dcu_cbc; 275 } dcu; 276 } des_ctx_t; 277 278 #define dc_flags dcu.dcu_ecb.ecb_common.cc_flags 279 #define dc_remainder_len dcu.dcu_ecb.ecb_common.cc_remainder_len 280 #define dc_keysched dcu.dcu_ecb.ecb_common.cc_keysched 281 #define dc_keysched_len dcu.dcu_ecb.ecb_common.cc_keysched_len 282 #define dc_iv dcu.dcu_ecb.ecb_common.cc_iv 283 #define dc_lastp dcu.dcu_ecb.ecb_common.cc_lastp 284 285 extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t, 286 crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *, 287 uint8_t *)); 288 289 extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 290 crypto_data_t *, size_t, 291 int (*encrypt)(const void *, const uint8_t *, uint8_t *), 292 void (*copy_block)(uint8_t *, uint8_t *), 293 void (*xor_block)(uint8_t *, uint8_t *)); 294 295 extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 296 crypto_data_t *, size_t, 297 int (*decrypt)(const void *, const uint8_t *, uint8_t *), 298 void (*copy_block)(uint8_t *, uint8_t *), 299 void (*xor_block)(uint8_t *, uint8_t *)); 300 301 extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t, 302 crypto_data_t *, size_t, 303 int (*cipher)(const void *, const uint8_t *, uint8_t *), 304 void (*xor_block)(uint8_t *, uint8_t *)); 305 306 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 307 crypto_data_t *, size_t, 308 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 309 void (*copy_block)(uint8_t *, uint8_t *), 310 void (*xor_block)(uint8_t *, uint8_t *)); 311 312 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 313 crypto_data_t *, size_t, 314 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 315 void (*copy_block)(uint8_t *, uint8_t *), 316 void (*xor_block)(uint8_t *, uint8_t *)); 317 318 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t, 319 crypto_data_t *, size_t, 320 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 321 void (*copy_block)(uint8_t *, uint8_t *), 322 void (*xor_block)(uint8_t *, uint8_t *)); 323 324 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t, 325 crypto_data_t *, size_t, 326 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 327 void (*copy_block)(uint8_t *, uint8_t *), 328 void (*xor_block)(uint8_t *, uint8_t *)); 329 330 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 331 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 332 void (*xor_block)(uint8_t *, uint8_t *)); 333 334 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t, 335 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 336 void (*copy_block)(uint8_t *, uint8_t *), 337 void (*xor_block)(uint8_t *, uint8_t *)); 338 339 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 340 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 341 void (*copy_block)(uint8_t *, uint8_t *), 342 void (*xor_block)(uint8_t *, uint8_t *)); 343 344 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t, 345 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 346 void (*xor_block)(uint8_t *, uint8_t *)); 347 348 extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *, 349 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 350 351 extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t, 352 void (*copy_block)(uint8_t *, uint64_t *)); 353 354 extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *, 355 void (*copy_block)(uint8_t *, uint8_t *)); 356 357 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t, 358 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 359 void (*xor_block)(uint8_t *, uint8_t *)); 360 361 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t, 362 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 363 void (*copy_block)(uint8_t *, uint8_t *), 364 void (*xor_block)(uint8_t *, uint8_t *)); 365 366 extern int gmac_init_ctx(gcm_ctx_t *, char *, size_t, 367 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 368 void (*copy_block)(uint8_t *, uint8_t *), 369 void (*xor_block)(uint8_t *, uint8_t *)); 370 371 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *, 372 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 373 374 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *); 375 376 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *); 377 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *, 378 uint8_t **, size_t *, uint8_t **, size_t); 379 380 extern void *ecb_alloc_ctx(int); 381 extern void *cbc_alloc_ctx(int); 382 extern void *ctr_alloc_ctx(int); 383 extern void *ccm_alloc_ctx(int); 384 extern void *gcm_alloc_ctx(int); 385 extern void *gmac_alloc_ctx(int); 386 extern void crypto_free_mode_ctx(void *); 387 extern void gcm_set_kmflag(gcm_ctx_t *, int); 388 389 #ifdef __cplusplus 390 } 391 #endif 392 393 #endif /* _COMMON_CRYPTO_MODES_H */ 394