xref: /illumos-gate/usr/src/common/crypto/modes/modes.h (revision 3afe87ebb25691cb6d158edaa34a6fb9b703a691)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_COMMON_CRYPTO_MODES_H
27 #define	_COMMON_CRYPTO_MODES_H
28 
29 #ifdef	__cplusplus
30 extern "C" {
31 #endif
32 
33 #include <sys/strsun.h>
34 #include <sys/systm.h>
35 #include <sys/sysmacros.h>
36 #include <sys/types.h>
37 #include <sys/errno.h>
38 #include <sys/rwlock.h>
39 #include <sys/kmem.h>
40 #include <sys/crypto/common.h>
41 #include <sys/crypto/impl.h>
42 
43 #define	ECB_MODE			0x00000002
44 #define	CBC_MODE			0x00000004
45 #define	CTR_MODE			0x00000008
46 #define	CCM_MODE			0x00000010
47 #define	GCM_MODE			0x00000020
48 
49 /*
50  * cc_keysched:		Pointer to key schedule.
51  *
52  * cc_keysched_len:	Length of the key schedule.
53  *
54  * cc_remainder:	This is for residual data, i.e. data that can't
55  *			be processed because there are too few bytes.
56  *			Must wait until more data arrives.
57  *
58  * cc_remainder_len:	Number of bytes in cc_remainder.
59  *
60  * cc_iv:		Scratch buffer that sometimes contains the IV.
61  *
62  * cc_lastp:		Pointer to previous block of ciphertext.
63  *
64  * cc_copy_to:		Pointer to where encrypted residual data needs
65  *			to be copied.
66  *
67  * cc_flags:		PROVIDER_OWNS_KEY_SCHEDULE
68  *			When a context is freed, it is necessary
69  *			to know whether the key schedule was allocated
70  *			by the caller, or internally, e.g. an init routine.
71  *			If allocated by the latter, then it needs to be freed.
72  *
73  *			ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE
74  */
75 struct common_ctx {
76 	void *cc_keysched;
77 	size_t cc_keysched_len;
78 	uint64_t cc_iv[2];
79 	uint64_t cc_remainder[2];
80 	size_t cc_remainder_len;
81 	uint8_t *cc_lastp;
82 	uint8_t *cc_copy_to;
83 	uint32_t cc_flags;
84 };
85 
86 typedef struct common_ctx common_ctx_t;
87 
88 typedef struct ecb_ctx {
89 	struct common_ctx ecb_common;
90 	uint64_t ecb_lastblock[2];
91 } ecb_ctx_t;
92 
93 #define	ecb_keysched		ecb_common.cc_keysched
94 #define	ecb_keysched_len	ecb_common.cc_keysched_len
95 #define	ecb_iv			ecb_common.cc_iv
96 #define	ecb_remainder		ecb_common.cc_remainder
97 #define	ecb_remainder_len	ecb_common.cc_remainder_len
98 #define	ecb_lastp		ecb_common.cc_lastp
99 #define	ecb_copy_to		ecb_common.cc_copy_to
100 #define	ecb_flags		ecb_common.cc_flags
101 
102 typedef struct cbc_ctx {
103 	struct common_ctx cbc_common;
104 	uint64_t cbc_lastblock[2];
105 } cbc_ctx_t;
106 
107 #define	cbc_keysched		cbc_common.cc_keysched
108 #define	cbc_keysched_len	cbc_common.cc_keysched_len
109 #define	cbc_iv			cbc_common.cc_iv
110 #define	cbc_remainder		cbc_common.cc_remainder
111 #define	cbc_remainder_len	cbc_common.cc_remainder_len
112 #define	cbc_lastp		cbc_common.cc_lastp
113 #define	cbc_copy_to		cbc_common.cc_copy_to
114 #define	cbc_flags		cbc_common.cc_flags
115 
116 /*
117  * ctr_lower_mask		Bit-mask for lower 8 bytes of counter block.
118  * ctr_upper_mask		Bit-mask for upper 8 bytes of counter block.
119  */
120 typedef struct ctr_ctx {
121 	struct common_ctx ctr_common;
122 	uint64_t ctr_lower_mask;
123 	uint64_t ctr_upper_mask;
124 	uint32_t ctr_tmp[4];
125 } ctr_ctx_t;
126 
127 /*
128  * ctr_cb			Counter block.
129  */
130 #define	ctr_keysched		ctr_common.cc_keysched
131 #define	ctr_keysched_len	ctr_common.cc_keysched_len
132 #define	ctr_cb			ctr_common.cc_iv
133 #define	ctr_remainder		ctr_common.cc_remainder
134 #define	ctr_remainder_len	ctr_common.cc_remainder_len
135 #define	ctr_lastp		ctr_common.cc_lastp
136 #define	ctr_copy_to		ctr_common.cc_copy_to
137 #define	ctr_flags		ctr_common.cc_flags
138 
139 /*
140  *
141  * ccm_mac_len:		Stores length of the MAC in CCM mode.
142  * ccm_mac_buf:		Stores the intermediate value for MAC in CCM encrypt.
143  *			In CCM decrypt, stores the input MAC value.
144  * ccm_data_len:	Length of the plaintext for CCM mode encrypt, or
145  *			length of the ciphertext for CCM mode decrypt.
146  * ccm_processed_data_len:
147  *			Length of processed plaintext in CCM mode encrypt,
148  *			or length of processed ciphertext for CCM mode decrypt.
149  * ccm_processed_mac_len:
150  *			Length of MAC data accumulated in CCM mode decrypt.
151  *
152  * ccm_pt_buf:		Only used in CCM mode decrypt.  It stores the
153  *			decrypted plaintext to be returned when
154  *			MAC verification succeeds in decrypt_final.
155  *			Memory for this should be allocated in the AES module.
156  *
157  */
158 typedef struct ccm_ctx {
159 	struct common_ctx ccm_common;
160 	uint32_t ccm_tmp[4];
161 	size_t ccm_mac_len;
162 	uint64_t ccm_mac_buf[2];
163 	size_t ccm_data_len;
164 	size_t ccm_processed_data_len;
165 	size_t ccm_processed_mac_len;
166 	uint8_t *ccm_pt_buf;
167 	uint64_t ccm_mac_input_buf[2];
168 	uint64_t ccm_counter_mask;
169 } ccm_ctx_t;
170 
171 #define	ccm_keysched		ccm_common.cc_keysched
172 #define	ccm_keysched_len	ccm_common.cc_keysched_len
173 #define	ccm_cb			ccm_common.cc_iv
174 #define	ccm_remainder		ccm_common.cc_remainder
175 #define	ccm_remainder_len	ccm_common.cc_remainder_len
176 #define	ccm_lastp		ccm_common.cc_lastp
177 #define	ccm_copy_to		ccm_common.cc_copy_to
178 #define	ccm_flags		ccm_common.cc_flags
179 
180 /*
181  * gcm_tag_len:		Length of authentication tag.
182  *
183  * gcm_ghash:		Stores output from the GHASH function.
184  *
185  * gcm_processed_data_len:
186  *			Length of processed plaintext (encrypt) or
187  *			length of processed ciphertext (decrypt).
188  *
189  * gcm_pt_buf:		Stores the decrypted plaintext returned by
190  *			decrypt_final when the computed authentication
191  *			tag matches the	user supplied tag.
192  *
193  * gcm_pt_buf_len:	Length of the plaintext buffer.
194  *
195  * gcm_H:		Subkey.
196  *
197  * gcm_J0:		Pre-counter block generated from the IV.
198  *
199  * gcm_len_a_len_c:	64-bit representations of the bit lengths of
200  *			AAD and ciphertext.
201  *
202  * gcm_kmflag:		Current value of kmflag. Used only for allocating
203  *			the plaintext buffer during decryption.
204  */
205 typedef struct gcm_ctx {
206 	struct common_ctx gcm_common;
207 	size_t gcm_tag_len;
208 	size_t gcm_processed_data_len;
209 	size_t gcm_pt_buf_len;
210 	uint32_t gcm_tmp[4];
211 	uint64_t gcm_ghash[2];
212 	uint64_t gcm_H[2];
213 	uint64_t gcm_J0[2];
214 	uint64_t gcm_len_a_len_c[2];
215 	uint8_t *gcm_pt_buf;
216 	int gcm_kmflag;
217 } gcm_ctx_t;
218 
219 #define	gcm_keysched		gcm_common.cc_keysched
220 #define	gcm_keysched_len	gcm_common.cc_keysched_len
221 #define	gcm_cb			gcm_common.cc_iv
222 #define	gcm_remainder		gcm_common.cc_remainder
223 #define	gcm_remainder_len	gcm_common.cc_remainder_len
224 #define	gcm_lastp		gcm_common.cc_lastp
225 #define	gcm_copy_to		gcm_common.cc_copy_to
226 #define	gcm_flags		gcm_common.cc_flags
227 
228 typedef struct aes_ctx {
229 	union {
230 		ecb_ctx_t acu_ecb;
231 		cbc_ctx_t acu_cbc;
232 		ctr_ctx_t acu_ctr;
233 #ifdef _KERNEL
234 		ccm_ctx_t acu_ccm;
235 		gcm_ctx_t acu_gcm;
236 #endif
237 	} acu;
238 } aes_ctx_t;
239 
240 #define	ac_flags		acu.acu_ecb.ecb_common.cc_flags
241 #define	ac_remainder_len	acu.acu_ecb.ecb_common.cc_remainder_len
242 #define	ac_keysched		acu.acu_ecb.ecb_common.cc_keysched
243 #define	ac_keysched_len		acu.acu_ecb.ecb_common.cc_keysched_len
244 #define	ac_iv			acu.acu_ecb.ecb_common.cc_iv
245 #define	ac_lastp		acu.acu_ecb.ecb_common.cc_lastp
246 #define	ac_pt_buf		acu.acu_ccm.ccm_pt_buf
247 #define	ac_mac_len		acu.acu_ccm.ccm_mac_len
248 #define	ac_data_len		acu.acu_ccm.ccm_data_len
249 #define	ac_processed_mac_len	acu.acu_ccm.ccm_processed_mac_len
250 #define	ac_processed_data_len	acu.acu_ccm.ccm_processed_data_len
251 #define	ac_tag_len		acu.acu_gcm.gcm_tag_len
252 
253 typedef struct blowfish_ctx {
254 	union {
255 		ecb_ctx_t bcu_ecb;
256 		cbc_ctx_t bcu_cbc;
257 	} bcu;
258 } blowfish_ctx_t;
259 
260 #define	bc_flags		bcu.bcu_ecb.ecb_common.cc_flags
261 #define	bc_remainder_len	bcu.bcu_ecb.ecb_common.cc_remainder_len
262 #define	bc_keysched		bcu.bcu_ecb.ecb_common.cc_keysched
263 #define	bc_keysched_len		bcu.bcu_ecb.ecb_common.cc_keysched_len
264 #define	bc_iv			bcu.bcu_ecb.ecb_common.cc_iv
265 #define	bc_lastp		bcu.bcu_ecb.ecb_common.cc_lastp
266 
267 typedef struct des_ctx {
268 	union {
269 		ecb_ctx_t dcu_ecb;
270 		cbc_ctx_t dcu_cbc;
271 	} dcu;
272 } des_ctx_t;
273 
274 #define	dc_flags		dcu.dcu_ecb.ecb_common.cc_flags
275 #define	dc_remainder_len	dcu.dcu_ecb.ecb_common.cc_remainder_len
276 #define	dc_keysched		dcu.dcu_ecb.ecb_common.cc_keysched
277 #define	dc_keysched_len		dcu.dcu_ecb.ecb_common.cc_keysched_len
278 #define	dc_iv			dcu.dcu_ecb.ecb_common.cc_iv
279 #define	dc_lastp		dcu.dcu_ecb.ecb_common.cc_lastp
280 
281 extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t,
282     crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *,
283     uint8_t *));
284 
285 extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
286     crypto_data_t *, size_t,
287     int (*encrypt)(const void *, const uint8_t *, uint8_t *),
288     void (*copy_block)(uint8_t *, uint8_t *),
289     void (*xor_block)(uint8_t *, uint8_t *));
290 
291 extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
292     crypto_data_t *, size_t,
293     int (*decrypt)(const void *, const uint8_t *, uint8_t *),
294     void (*copy_block)(uint8_t *, uint8_t *),
295     void (*xor_block)(uint8_t *, uint8_t *));
296 
297 extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t,
298     crypto_data_t *, size_t,
299     int (*cipher)(const void *, const uint8_t *, uint8_t *),
300     void (*xor_block)(uint8_t *, uint8_t *));
301 
302 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
303     crypto_data_t *, size_t,
304     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
305     void (*copy_block)(uint8_t *, uint8_t *),
306     void (*xor_block)(uint8_t *, uint8_t *));
307 
308 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
309     crypto_data_t *, size_t,
310     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
311     void (*copy_block)(uint8_t *, uint8_t *),
312     void (*xor_block)(uint8_t *, uint8_t *));
313 
314 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
315     crypto_data_t *, size_t,
316     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
317     void (*copy_block)(uint8_t *, uint8_t *),
318     void (*xor_block)(uint8_t *, uint8_t *));
319 
320 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
321     crypto_data_t *, size_t,
322     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
323     void (*copy_block)(uint8_t *, uint8_t *),
324     void (*xor_block)(uint8_t *, uint8_t *));
325 
326 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
327     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
328     void (*xor_block)(uint8_t *, uint8_t *));
329 
330 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
331     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
332     void (*copy_block)(uint8_t *, uint8_t *),
333     void (*xor_block)(uint8_t *, uint8_t *));
334 
335 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
336     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
337     void (*copy_block)(uint8_t *, uint8_t *),
338     void (*xor_block)(uint8_t *, uint8_t *));
339 
340 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
341     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
342     void (*xor_block)(uint8_t *, uint8_t *));
343 
344 extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *,
345     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
346 
347 extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t,
348     void (*copy_block)(uint8_t *, uint64_t *));
349 
350 extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *,
351     void (*copy_block)(uint8_t *, uint8_t *));
352 
353 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t,
354     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
355     void (*xor_block)(uint8_t *, uint8_t *));
356 
357 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t,
358     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
359     void (*copy_block)(uint8_t *, uint8_t *),
360     void (*xor_block)(uint8_t *, uint8_t *));
361 
362 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *,
363     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
364 
365 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *);
366 
367 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *);
368 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *,
369     uint8_t **, size_t *, uint8_t **, size_t);
370 
371 extern void *ecb_alloc_ctx(int);
372 extern void *cbc_alloc_ctx(int);
373 extern void *ctr_alloc_ctx(int);
374 extern void *ccm_alloc_ctx(int);
375 extern void *gcm_alloc_ctx(int);
376 extern void crypto_free_mode_ctx(void *);
377 extern void gcm_set_kmflag(gcm_ctx_t *, int);
378 
379 #ifdef	__cplusplus
380 }
381 #endif
382 
383 #endif	/* _COMMON_CRYPTO_MODES_H */
384