xref: /illumos-gate/usr/src/common/crypto/modes/modes.h (revision d5ace9454616652a717c9831d949dffa319381f9)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_COMMON_CRYPTO_MODES_H
27 #define	_COMMON_CRYPTO_MODES_H
28 
29 #ifdef	__cplusplus
30 extern "C" {
31 #endif
32 
33 #include <sys/strsun.h>
34 #include <sys/systm.h>
35 #include <sys/sysmacros.h>
36 #include <sys/types.h>
37 #include <sys/errno.h>
38 #include <sys/rwlock.h>
39 #include <sys/kmem.h>
40 #include <sys/crypto/common.h>
41 #include <sys/crypto/impl.h>
42 
43 #define	ECB_MODE			0x00000002
44 #define	CBC_MODE			0x00000004
45 #define	CTR_MODE			0x00000008
46 #define	CCM_MODE			0x00000010
47 #define	GCM_MODE			0x00000020
48 #define	GMAC_MODE			0x00000040
49 
50 /*
51  * cc_keysched:		Pointer to key schedule.
52  *
53  * cc_keysched_len:	Length of the key schedule.
54  *
55  * cc_remainder:	This is for residual data, i.e. data that can't
56  *			be processed because there are too few bytes.
57  *			Must wait until more data arrives.
58  *
59  * cc_remainder_len:	Number of bytes in cc_remainder.
60  *
61  * cc_iv:		Scratch buffer that sometimes contains the IV.
62  *
63  * cc_lastp:		Pointer to previous block of ciphertext.
64  *
65  * cc_copy_to:		Pointer to where encrypted residual data needs
66  *			to be copied.
67  *
68  * cc_flags:		PROVIDER_OWNS_KEY_SCHEDULE
69  *			When a context is freed, it is necessary
70  *			to know whether the key schedule was allocated
71  *			by the caller, or internally, e.g. an init routine.
72  *			If allocated by the latter, then it needs to be freed.
73  *
74  *			ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE
75  */
76 struct common_ctx {
77 	void *cc_keysched;
78 	size_t cc_keysched_len;
79 	uint64_t cc_iv[2];
80 	uint64_t cc_remainder[2];
81 	size_t cc_remainder_len;
82 	uint8_t *cc_lastp;
83 	uint8_t *cc_copy_to;
84 	uint32_t cc_flags;
85 };
86 
87 typedef struct common_ctx common_ctx_t;
88 
89 typedef struct ecb_ctx {
90 	struct common_ctx ecb_common;
91 	uint64_t ecb_lastblock[2];
92 } ecb_ctx_t;
93 
94 #define	ecb_keysched		ecb_common.cc_keysched
95 #define	ecb_keysched_len	ecb_common.cc_keysched_len
96 #define	ecb_iv			ecb_common.cc_iv
97 #define	ecb_remainder		ecb_common.cc_remainder
98 #define	ecb_remainder_len	ecb_common.cc_remainder_len
99 #define	ecb_lastp		ecb_common.cc_lastp
100 #define	ecb_copy_to		ecb_common.cc_copy_to
101 #define	ecb_flags		ecb_common.cc_flags
102 
103 typedef struct cbc_ctx {
104 	struct common_ctx cbc_common;
105 	uint64_t cbc_lastblock[2];
106 } cbc_ctx_t;
107 
108 #define	cbc_keysched		cbc_common.cc_keysched
109 #define	cbc_keysched_len	cbc_common.cc_keysched_len
110 #define	cbc_iv			cbc_common.cc_iv
111 #define	cbc_remainder		cbc_common.cc_remainder
112 #define	cbc_remainder_len	cbc_common.cc_remainder_len
113 #define	cbc_lastp		cbc_common.cc_lastp
114 #define	cbc_copy_to		cbc_common.cc_copy_to
115 #define	cbc_flags		cbc_common.cc_flags
116 
117 /*
118  * ctr_lower_mask		Bit-mask for lower 8 bytes of counter block.
119  * ctr_upper_mask		Bit-mask for upper 8 bytes of counter block.
120  */
121 typedef struct ctr_ctx {
122 	struct common_ctx ctr_common;
123 	uint64_t ctr_lower_mask;
124 	uint64_t ctr_upper_mask;
125 	uint32_t ctr_tmp[4];
126 } ctr_ctx_t;
127 
128 /*
129  * ctr_cb			Counter block.
130  */
131 #define	ctr_keysched		ctr_common.cc_keysched
132 #define	ctr_keysched_len	ctr_common.cc_keysched_len
133 #define	ctr_cb			ctr_common.cc_iv
134 #define	ctr_remainder		ctr_common.cc_remainder
135 #define	ctr_remainder_len	ctr_common.cc_remainder_len
136 #define	ctr_lastp		ctr_common.cc_lastp
137 #define	ctr_copy_to		ctr_common.cc_copy_to
138 #define	ctr_flags		ctr_common.cc_flags
139 
140 /*
141  *
142  * ccm_mac_len:		Stores length of the MAC in CCM mode.
143  * ccm_mac_buf:		Stores the intermediate value for MAC in CCM encrypt.
144  *			In CCM decrypt, stores the input MAC value.
145  * ccm_data_len:	Length of the plaintext for CCM mode encrypt, or
146  *			length of the ciphertext for CCM mode decrypt.
147  * ccm_processed_data_len:
148  *			Length of processed plaintext in CCM mode encrypt,
149  *			or length of processed ciphertext for CCM mode decrypt.
150  * ccm_processed_mac_len:
151  *			Length of MAC data accumulated in CCM mode decrypt.
152  *
153  * ccm_pt_buf:		Only used in CCM mode decrypt.  It stores the
154  *			decrypted plaintext to be returned when
155  *			MAC verification succeeds in decrypt_final.
156  *			Memory for this should be allocated in the AES module.
157  *
158  */
159 typedef struct ccm_ctx {
160 	struct common_ctx ccm_common;
161 	uint32_t ccm_tmp[4];
162 	size_t ccm_mac_len;
163 	uint64_t ccm_mac_buf[2];
164 	size_t ccm_data_len;
165 	size_t ccm_processed_data_len;
166 	size_t ccm_processed_mac_len;
167 	uint8_t *ccm_pt_buf;
168 	uint64_t ccm_mac_input_buf[2];
169 	uint64_t ccm_counter_mask;
170 } ccm_ctx_t;
171 
172 #define	ccm_keysched		ccm_common.cc_keysched
173 #define	ccm_keysched_len	ccm_common.cc_keysched_len
174 #define	ccm_cb			ccm_common.cc_iv
175 #define	ccm_remainder		ccm_common.cc_remainder
176 #define	ccm_remainder_len	ccm_common.cc_remainder_len
177 #define	ccm_lastp		ccm_common.cc_lastp
178 #define	ccm_copy_to		ccm_common.cc_copy_to
179 #define	ccm_flags		ccm_common.cc_flags
180 
181 /*
182  * gcm_tag_len:		Length of authentication tag.
183  *
184  * gcm_ghash:		Stores output from the GHASH function.
185  *
186  * gcm_processed_data_len:
187  *			Length of processed plaintext (encrypt) or
188  *			length of processed ciphertext (decrypt).
189  *
190  * gcm_pt_buf:		Stores the decrypted plaintext returned by
191  *			decrypt_final when the computed authentication
192  *			tag matches the	user supplied tag.
193  *
194  * gcm_pt_buf_len:	Length of the plaintext buffer.
195  *
196  * gcm_H:		Subkey.
197  *
198  * gcm_J0:		Pre-counter block generated from the IV.
199  *
200  * gcm_len_a_len_c:	64-bit representations of the bit lengths of
201  *			AAD and ciphertext.
202  *
203  * gcm_kmflag:		Current value of kmflag. Used only for allocating
204  *			the plaintext buffer during decryption.
205  */
206 typedef struct gcm_ctx {
207 	struct common_ctx gcm_common;
208 	size_t gcm_tag_len;
209 	size_t gcm_processed_data_len;
210 	size_t gcm_pt_buf_len;
211 	uint32_t gcm_tmp[4];
212 	uint64_t gcm_ghash[2];
213 	uint64_t gcm_H[2];
214 	uint64_t gcm_J0[2];
215 	uint64_t gcm_len_a_len_c[2];
216 	uint8_t *gcm_pt_buf;
217 	int gcm_kmflag;
218 } gcm_ctx_t;
219 
220 #define	gcm_keysched		gcm_common.cc_keysched
221 #define	gcm_keysched_len	gcm_common.cc_keysched_len
222 #define	gcm_cb			gcm_common.cc_iv
223 #define	gcm_remainder		gcm_common.cc_remainder
224 #define	gcm_remainder_len	gcm_common.cc_remainder_len
225 #define	gcm_lastp		gcm_common.cc_lastp
226 #define	gcm_copy_to		gcm_common.cc_copy_to
227 #define	gcm_flags		gcm_common.cc_flags
228 
229 #define	AES_GMAC_IV_LEN		12
230 #define	AES_GMAC_TAG_BITS	128
231 
232 typedef struct aes_ctx {
233 	union {
234 		ecb_ctx_t acu_ecb;
235 		cbc_ctx_t acu_cbc;
236 		ctr_ctx_t acu_ctr;
237 #ifdef _KERNEL
238 		ccm_ctx_t acu_ccm;
239 		gcm_ctx_t acu_gcm;
240 #endif
241 	} acu;
242 } aes_ctx_t;
243 
244 #define	ac_flags		acu.acu_ecb.ecb_common.cc_flags
245 #define	ac_remainder_len	acu.acu_ecb.ecb_common.cc_remainder_len
246 #define	ac_keysched		acu.acu_ecb.ecb_common.cc_keysched
247 #define	ac_keysched_len		acu.acu_ecb.ecb_common.cc_keysched_len
248 #define	ac_iv			acu.acu_ecb.ecb_common.cc_iv
249 #define	ac_lastp		acu.acu_ecb.ecb_common.cc_lastp
250 #define	ac_pt_buf		acu.acu_ccm.ccm_pt_buf
251 #define	ac_mac_len		acu.acu_ccm.ccm_mac_len
252 #define	ac_data_len		acu.acu_ccm.ccm_data_len
253 #define	ac_processed_mac_len	acu.acu_ccm.ccm_processed_mac_len
254 #define	ac_processed_data_len	acu.acu_ccm.ccm_processed_data_len
255 #define	ac_tag_len		acu.acu_gcm.gcm_tag_len
256 
257 typedef struct blowfish_ctx {
258 	union {
259 		ecb_ctx_t bcu_ecb;
260 		cbc_ctx_t bcu_cbc;
261 	} bcu;
262 } blowfish_ctx_t;
263 
264 #define	bc_flags		bcu.bcu_ecb.ecb_common.cc_flags
265 #define	bc_remainder_len	bcu.bcu_ecb.ecb_common.cc_remainder_len
266 #define	bc_keysched		bcu.bcu_ecb.ecb_common.cc_keysched
267 #define	bc_keysched_len		bcu.bcu_ecb.ecb_common.cc_keysched_len
268 #define	bc_iv			bcu.bcu_ecb.ecb_common.cc_iv
269 #define	bc_lastp		bcu.bcu_ecb.ecb_common.cc_lastp
270 
271 typedef struct des_ctx {
272 	union {
273 		ecb_ctx_t dcu_ecb;
274 		cbc_ctx_t dcu_cbc;
275 	} dcu;
276 } des_ctx_t;
277 
278 #define	dc_flags		dcu.dcu_ecb.ecb_common.cc_flags
279 #define	dc_remainder_len	dcu.dcu_ecb.ecb_common.cc_remainder_len
280 #define	dc_keysched		dcu.dcu_ecb.ecb_common.cc_keysched
281 #define	dc_keysched_len		dcu.dcu_ecb.ecb_common.cc_keysched_len
282 #define	dc_iv			dcu.dcu_ecb.ecb_common.cc_iv
283 #define	dc_lastp		dcu.dcu_ecb.ecb_common.cc_lastp
284 
285 extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t,
286     crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *,
287     uint8_t *));
288 
289 extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
290     crypto_data_t *, size_t,
291     int (*encrypt)(const void *, const uint8_t *, uint8_t *),
292     void (*copy_block)(uint8_t *, uint8_t *),
293     void (*xor_block)(uint8_t *, uint8_t *));
294 
295 extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
296     crypto_data_t *, size_t,
297     int (*decrypt)(const void *, const uint8_t *, uint8_t *),
298     void (*copy_block)(uint8_t *, uint8_t *),
299     void (*xor_block)(uint8_t *, uint8_t *));
300 
301 extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t,
302     crypto_data_t *, size_t,
303     int (*cipher)(const void *, const uint8_t *, uint8_t *),
304     void (*xor_block)(uint8_t *, uint8_t *));
305 
306 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
307     crypto_data_t *, size_t,
308     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
309     void (*copy_block)(uint8_t *, uint8_t *),
310     void (*xor_block)(uint8_t *, uint8_t *));
311 
312 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
313     crypto_data_t *, size_t,
314     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
315     void (*copy_block)(uint8_t *, uint8_t *),
316     void (*xor_block)(uint8_t *, uint8_t *));
317 
318 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
319     crypto_data_t *, size_t,
320     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
321     void (*copy_block)(uint8_t *, uint8_t *),
322     void (*xor_block)(uint8_t *, uint8_t *));
323 
324 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
325     crypto_data_t *, size_t,
326     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
327     void (*copy_block)(uint8_t *, uint8_t *),
328     void (*xor_block)(uint8_t *, uint8_t *));
329 
330 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
331     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
332     void (*xor_block)(uint8_t *, uint8_t *));
333 
334 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
335     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
336     void (*copy_block)(uint8_t *, uint8_t *),
337     void (*xor_block)(uint8_t *, uint8_t *));
338 
339 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
340     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
341     void (*copy_block)(uint8_t *, uint8_t *),
342     void (*xor_block)(uint8_t *, uint8_t *));
343 
344 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
345     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
346     void (*xor_block)(uint8_t *, uint8_t *));
347 
348 extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *,
349     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
350 
351 extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t,
352     void (*copy_block)(uint8_t *, uint64_t *));
353 
354 extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *,
355     void (*copy_block)(uint8_t *, uint8_t *));
356 
357 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t,
358     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
359     void (*xor_block)(uint8_t *, uint8_t *));
360 
361 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t,
362     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
363     void (*copy_block)(uint8_t *, uint8_t *),
364     void (*xor_block)(uint8_t *, uint8_t *));
365 
366 extern int gmac_init_ctx(gcm_ctx_t *, char *, size_t,
367     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
368     void (*copy_block)(uint8_t *, uint8_t *),
369     void (*xor_block)(uint8_t *, uint8_t *));
370 
371 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *,
372     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
373 
374 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *);
375 
376 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *);
377 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *,
378     uint8_t **, size_t *, uint8_t **, size_t);
379 
380 extern void *ecb_alloc_ctx(int);
381 extern void *cbc_alloc_ctx(int);
382 extern void *ctr_alloc_ctx(int);
383 extern void *ccm_alloc_ctx(int);
384 extern void *gcm_alloc_ctx(int);
385 extern void *gmac_alloc_ctx(int);
386 extern void crypto_free_mode_ctx(void *);
387 extern void gcm_set_kmflag(gcm_ctx_t *, int);
388 
389 #ifdef	__cplusplus
390 }
391 #endif
392 
393 #endif	/* _COMMON_CRYPTO_MODES_H */
394