1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 26 * Copyright 2019 Joyent, Inc. 27 * Copyright 2023 RackTop Systems, Inc. 28 */ 29 30 #ifndef _COMMON_CRYPTO_MODES_H 31 #define _COMMON_CRYPTO_MODES_H 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #include <sys/strsun.h> 38 #include <sys/systm.h> 39 #include <sys/sysmacros.h> 40 #include <sys/types.h> 41 #include <sys/errno.h> 42 #include <sys/rwlock.h> 43 #include <sys/kmem.h> 44 #include <sys/crypto/common.h> 45 #include <sys/crypto/impl.h> 46 47 #define ECB_MODE 0x00000002 48 #define CBC_MODE 0x00000004 49 #define CTR_MODE 0x00000008 50 #define CCM_MODE 0x00000010 51 #define GCM_MODE 0x00000020 52 #define GMAC_MODE 0x00000040 53 #define CMAC_MODE 0x00000080 54 55 /* Private flag for pkcs11_softtoken */ 56 #define P11_DECRYPTED 0x80000000 57 58 /* 59 * cc_keysched: Pointer to key schedule. 60 * 61 * cc_keysched_len: Length of the key schedule. 62 * 63 * cc_remainder: This is for residual data, i.e. data that can't 64 * be processed because there are too few bytes. 65 * Must wait until more data arrives. 66 * 67 * cc_remainder_len: Number of bytes in cc_remainder. 68 * 69 * cc_iv: Scratch buffer that sometimes contains the IV. 70 * 71 * cc_lastp: Pointer to previous block of ciphertext. 72 * 73 * cc_copy_to: Pointer to where encrypted residual data needs 74 * to be copied. 75 * 76 * cc_flags: PROVIDER_OWNS_KEY_SCHEDULE 77 * When a context is freed, it is necessary 78 * to know whether the key schedule was allocated 79 * by the caller, or internally, e.g. an init routine. 80 * If allocated by the latter, then it needs to be freed. 81 * 82 * ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE 83 */ 84 struct common_ctx { 85 void *cc_keysched; 86 size_t cc_keysched_len; 87 uint64_t cc_iv[2]; 88 uint64_t cc_remainder[2]; 89 size_t cc_remainder_len; 90 uint8_t *cc_lastp; 91 uint8_t *cc_copy_to; 92 uint32_t cc_flags; 93 }; 94 95 typedef struct common_ctx common_ctx_t; 96 97 typedef struct ecb_ctx { 98 struct common_ctx ecb_common; 99 uint64_t ecb_lastblock[2]; 100 } ecb_ctx_t; 101 102 #define ecb_keysched ecb_common.cc_keysched 103 #define ecb_keysched_len ecb_common.cc_keysched_len 104 #define ecb_iv ecb_common.cc_iv 105 #define ecb_remainder ecb_common.cc_remainder 106 #define ecb_remainder_len ecb_common.cc_remainder_len 107 #define ecb_lastp ecb_common.cc_lastp 108 #define ecb_copy_to ecb_common.cc_copy_to 109 #define ecb_flags ecb_common.cc_flags 110 111 /* 112 * max_remain max bytes in cbc_remainder 113 */ 114 typedef struct cbc_ctx { 115 struct common_ctx cbc_common; 116 uint64_t cbc_lastblock[2]; 117 size_t max_remain; 118 } cbc_ctx_t; 119 120 #define cbc_keysched cbc_common.cc_keysched 121 #define cbc_keysched_len cbc_common.cc_keysched_len 122 #define cbc_iv cbc_common.cc_iv 123 #define cbc_remainder cbc_common.cc_remainder 124 #define cbc_remainder_len cbc_common.cc_remainder_len 125 #define cbc_lastp cbc_common.cc_lastp 126 #define cbc_copy_to cbc_common.cc_copy_to 127 #define cbc_flags cbc_common.cc_flags 128 129 /* 130 * ctr_lower_mask Bit-mask for lower 8 bytes of counter block. 131 * ctr_upper_mask Bit-mask for upper 8 bytes of counter block. 132 */ 133 typedef struct ctr_ctx { 134 struct common_ctx ctr_common; 135 uint64_t ctr_lower_mask; 136 uint64_t ctr_upper_mask; 137 size_t ctr_offset; 138 uint32_t ctr_keystream[4]; 139 } ctr_ctx_t; 140 141 /* 142 * ctr_cb Counter block. 143 */ 144 #define ctr_keysched ctr_common.cc_keysched 145 #define ctr_keysched_len ctr_common.cc_keysched_len 146 #define ctr_cb ctr_common.cc_iv 147 #define ctr_remainder ctr_common.cc_remainder 148 #define ctr_remainder_len ctr_common.cc_remainder_len 149 #define ctr_lastp ctr_common.cc_lastp 150 #define ctr_copy_to ctr_common.cc_copy_to 151 #define ctr_flags ctr_common.cc_flags 152 153 /* 154 * 155 * ccm_mac_len: Stores length of the MAC in CCM mode. 156 * ccm_mac_buf: Stores the intermediate value for MAC in CCM encrypt. 157 * In CCM decrypt, stores the input MAC value. 158 * ccm_data_len: Length of the plaintext for CCM mode encrypt, or 159 * length of the ciphertext for CCM mode decrypt. 160 * ccm_processed_data_len: 161 * Length of processed plaintext in CCM mode encrypt, 162 * or length of processed ciphertext for CCM mode decrypt. 163 * ccm_processed_mac_len: 164 * Length of MAC data accumulated in CCM mode decrypt. 165 * 166 * ccm_pt_buf: Only used in CCM mode decrypt. It stores the 167 * decrypted plaintext to be returned when 168 * MAC verification succeeds in decrypt_final. 169 * Memory for this should be allocated in the AES module. 170 * 171 */ 172 typedef struct ccm_ctx { 173 struct common_ctx ccm_common; 174 uint32_t ccm_tmp[4]; 175 size_t ccm_mac_len; 176 uint64_t ccm_mac_buf[2]; 177 size_t ccm_data_len; 178 size_t ccm_processed_data_len; 179 size_t ccm_processed_mac_len; 180 uint8_t *ccm_pt_buf; 181 uint64_t ccm_mac_input_buf[2]; 182 uint64_t ccm_counter_mask; 183 } ccm_ctx_t; 184 185 #define ccm_keysched ccm_common.cc_keysched 186 #define ccm_keysched_len ccm_common.cc_keysched_len 187 #define ccm_cb ccm_common.cc_iv 188 #define ccm_remainder ccm_common.cc_remainder 189 #define ccm_remainder_len ccm_common.cc_remainder_len 190 #define ccm_lastp ccm_common.cc_lastp 191 #define ccm_copy_to ccm_common.cc_copy_to 192 #define ccm_flags ccm_common.cc_flags 193 194 /* 195 * gcm_tag_len: Length of authentication tag. 196 * 197 * gcm_ghash: Stores output from the GHASH function. 198 * 199 * gcm_processed_data_len: 200 * Length of processed plaintext (encrypt) or 201 * length of processed ciphertext (decrypt). 202 * 203 * gcm_pt_buf: Stores the decrypted plaintext returned by 204 * decrypt_final when the computed authentication 205 * tag matches the user supplied tag. 206 * 207 * gcm_pt_buf_len: Length of the plaintext buffer. 208 * 209 * gcm_H: Subkey. 210 * 211 * gcm_J0: Pre-counter block generated from the IV. 212 * 213 * gcm_len_a_len_c: 64-bit representations of the bit lengths of 214 * AAD and ciphertext. 215 * 216 * gcm_kmflag: Current value of kmflag. Used only for allocating 217 * the plaintext buffer during decryption. 218 */ 219 typedef struct gcm_ctx { 220 struct common_ctx gcm_common; 221 size_t gcm_tag_len; 222 size_t gcm_processed_data_len; 223 size_t gcm_pt_buf_len; 224 uint32_t gcm_tmp[4]; 225 uint64_t gcm_ghash[2]; 226 uint64_t gcm_H[2]; 227 uint64_t gcm_J0[2]; 228 uint64_t gcm_len_a_len_c[2]; 229 uint8_t *gcm_pt_buf; 230 int gcm_kmflag; 231 } gcm_ctx_t; 232 233 #define gcm_keysched gcm_common.cc_keysched 234 #define gcm_keysched_len gcm_common.cc_keysched_len 235 #define gcm_cb gcm_common.cc_iv 236 #define gcm_remainder gcm_common.cc_remainder 237 #define gcm_remainder_len gcm_common.cc_remainder_len 238 #define gcm_lastp gcm_common.cc_lastp 239 #define gcm_copy_to gcm_common.cc_copy_to 240 #define gcm_flags gcm_common.cc_flags 241 242 #define AES_GMAC_IV_LEN 12 243 #define AES_GMAC_TAG_BITS 128 244 245 typedef struct aes_ctx { 246 union { 247 ecb_ctx_t acu_ecb; 248 cbc_ctx_t acu_cbc; 249 ctr_ctx_t acu_ctr; 250 ccm_ctx_t acu_ccm; 251 gcm_ctx_t acu_gcm; 252 } acu; 253 } aes_ctx_t; 254 255 #define ac_flags acu.acu_ecb.ecb_common.cc_flags 256 #define ac_remainder_len acu.acu_ecb.ecb_common.cc_remainder_len 257 #define ac_remainder acu.acu_ecb.ecb_common.cc_remainder 258 #define ac_keysched acu.acu_ecb.ecb_common.cc_keysched 259 #define ac_keysched_len acu.acu_ecb.ecb_common.cc_keysched_len 260 #define ac_iv acu.acu_ecb.ecb_common.cc_iv 261 #define ac_lastp acu.acu_ecb.ecb_common.cc_lastp 262 #define ac_pt_buf acu.acu_ccm.ccm_pt_buf 263 #define ac_mac_len acu.acu_ccm.ccm_mac_len 264 #define ac_data_len acu.acu_ccm.ccm_data_len 265 #define ac_processed_mac_len acu.acu_ccm.ccm_processed_mac_len 266 #define ac_processed_data_len acu.acu_ccm.ccm_processed_data_len 267 #define ac_tag_len acu.acu_gcm.gcm_tag_len 268 269 typedef struct blowfish_ctx { 270 union { 271 ecb_ctx_t bcu_ecb; 272 cbc_ctx_t bcu_cbc; 273 } bcu; 274 } blowfish_ctx_t; 275 276 #define bc_flags bcu.bcu_ecb.ecb_common.cc_flags 277 #define bc_remainder_len bcu.bcu_ecb.ecb_common.cc_remainder_len 278 #define bc_keysched bcu.bcu_ecb.ecb_common.cc_keysched 279 #define bc_keysched_len bcu.bcu_ecb.ecb_common.cc_keysched_len 280 #define bc_iv bcu.bcu_ecb.ecb_common.cc_iv 281 #define bc_lastp bcu.bcu_ecb.ecb_common.cc_lastp 282 283 typedef struct des_ctx { 284 union { 285 ecb_ctx_t dcu_ecb; 286 cbc_ctx_t dcu_cbc; 287 } dcu; 288 } des_ctx_t; 289 290 #define dc_flags dcu.dcu_ecb.ecb_common.cc_flags 291 #define dc_remainder_len dcu.dcu_ecb.ecb_common.cc_remainder_len 292 #define dc_keysched dcu.dcu_ecb.ecb_common.cc_keysched 293 #define dc_keysched_len dcu.dcu_ecb.ecb_common.cc_keysched_len 294 #define dc_iv dcu.dcu_ecb.ecb_common.cc_iv 295 #define dc_lastp dcu.dcu_ecb.ecb_common.cc_lastp 296 297 extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t, 298 crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *, 299 uint8_t *)); 300 301 extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 302 crypto_data_t *, size_t, 303 int (*encrypt)(const void *, const uint8_t *, uint8_t *), 304 void (*copy_block)(uint8_t *, uint8_t *), 305 void (*xor_block)(uint8_t *, uint8_t *)); 306 307 extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 308 crypto_data_t *, size_t, 309 int (*decrypt)(const void *, const uint8_t *, uint8_t *), 310 void (*copy_block)(uint8_t *, uint8_t *), 311 void (*xor_block)(uint8_t *, uint8_t *)); 312 313 extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t, 314 crypto_data_t *, size_t, 315 int (*cipher)(const void *, const uint8_t *, uint8_t *)); 316 317 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 318 crypto_data_t *, size_t, 319 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 320 void (*copy_block)(uint8_t *, uint8_t *), 321 void (*xor_block)(uint8_t *, uint8_t *)); 322 323 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 324 crypto_data_t *, size_t, 325 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 326 void (*copy_block)(uint8_t *, uint8_t *), 327 void (*xor_block)(uint8_t *, uint8_t *)); 328 329 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t, 330 crypto_data_t *, size_t, 331 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 332 void (*copy_block)(uint8_t *, uint8_t *), 333 void (*xor_block)(uint8_t *, uint8_t *)); 334 335 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t, 336 crypto_data_t *, size_t, 337 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 338 void (*copy_block)(uint8_t *, uint8_t *), 339 void (*xor_block)(uint8_t *, uint8_t *)); 340 341 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 342 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 343 void (*xor_block)(uint8_t *, uint8_t *)); 344 345 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t, 346 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 347 void (*copy_block)(uint8_t *, uint8_t *), 348 void (*xor_block)(uint8_t *, uint8_t *)); 349 350 int gmac_mode_final(gcm_ctx_t *, crypto_data_t *, size_t, 351 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 352 void (*xor_block)(uint8_t *, uint8_t *)); 353 354 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 355 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 356 void (*copy_block)(uint8_t *, uint8_t *), 357 void (*xor_block)(uint8_t *, uint8_t *)); 358 359 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t, 360 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 361 void (*xor_block)(uint8_t *, uint8_t *)); 362 363 extern int cmac_mode_final(cbc_ctx_t *, crypto_data_t *, 364 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 365 void (*xor_block)(uint8_t *, uint8_t *)); 366 367 extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t, 368 void (*copy_block)(uint8_t *, uint64_t *)); 369 370 extern int cmac_init_ctx(cbc_ctx_t *, size_t); 371 372 extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *, 373 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 374 void (*copy_block)(uint8_t *, uint8_t *)); 375 376 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t, 377 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 378 void (*xor_block)(uint8_t *, uint8_t *)); 379 380 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t, 381 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 382 void (*copy_block)(uint8_t *, uint8_t *), 383 void (*xor_block)(uint8_t *, uint8_t *)); 384 385 extern int gmac_init_ctx(gcm_ctx_t *, char *, size_t, 386 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 387 void (*copy_block)(uint8_t *, uint8_t *), 388 void (*xor_block)(uint8_t *, uint8_t *)); 389 390 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *, 391 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 392 393 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *); 394 395 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *); 396 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *, 397 uint8_t **, size_t *, uint8_t **, size_t); 398 399 extern void *ecb_alloc_ctx(int); 400 extern void *cbc_alloc_ctx(int); 401 extern void *cmac_alloc_ctx(int); 402 extern void *ctr_alloc_ctx(int); 403 extern void *ccm_alloc_ctx(int); 404 extern void *gcm_alloc_ctx(int); 405 extern void *gmac_alloc_ctx(int); 406 extern void crypto_free_mode_ctx(void *); 407 extern void gcm_set_kmflag(gcm_ctx_t *, int); 408 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); 409 410 #ifdef __cplusplus 411 } 412 #endif 413 414 #endif /* _COMMON_CRYPTO_MODES_H */ 415