1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2013 Saso Kiselkov. All rights reserved. 24 */ 25 26 #include <sys/modctl.h> 27 #include <sys/crypto/common.h> 28 #include <sys/crypto/spi.h> 29 #include <sys/strsun.h> 30 #include <sys/sysmacros.h> 31 #include <sys/systm.h> 32 #define SKEIN_MODULE_IMPL 33 #include <sys/skein.h> 34 35 /* 36 * Like the sha2 module, we create the skein module with two modlinkages: 37 * - modlmisc to allow direct calls to Skein_* API functions. 38 * - modlcrypto to integrate well into the Kernel Crypto Framework (KCF). 39 */ 40 static struct modlmisc modlmisc = { 41 &mod_miscops, 42 "Skein Message-Digest Algorithm" 43 }; 44 45 static struct modlcrypto modlcrypto = { 46 &mod_cryptoops, 47 "Skein Kernel SW Provider" 48 }; 49 50 static struct modlinkage modlinkage = { 51 MODREV_1, &modlmisc, &modlcrypto, NULL 52 }; 53 54 static crypto_mech_info_t skein_mech_info_tab[] = { 55 {CKM_SKEIN_256, SKEIN_256_MECH_INFO_TYPE, 56 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 57 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, 58 {CKM_SKEIN_256_MAC, SKEIN_256_MAC_MECH_INFO_TYPE, 59 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX, 60 CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 61 {CKM_SKEIN_512, SKEIN_512_MECH_INFO_TYPE, 62 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 63 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, 64 {CKM_SKEIN_512_MAC, SKEIN_512_MAC_MECH_INFO_TYPE, 65 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX, 66 CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 67 {CKM_SKEIN1024, SKEIN1024_MECH_INFO_TYPE, 68 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 69 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, 70 {CKM_SKEIN1024_MAC, SKEIN1024_MAC_MECH_INFO_TYPE, 71 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX, 72 CRYPTO_KEYSIZE_UNIT_IN_BYTES} 73 }; 74 75 static void skein_provider_status(crypto_provider_handle_t, uint_t *); 76 77 static crypto_control_ops_t skein_control_ops = { 78 skein_provider_status 79 }; 80 81 static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *, 82 crypto_req_handle_t); 83 static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 84 crypto_req_handle_t); 85 static int skein_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); 86 static int skein_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); 87 static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t, 88 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *, 89 crypto_req_handle_t); 90 91 static crypto_digest_ops_t skein_digest_ops = { 92 skein_digest_init, 93 skein_digest, 94 skein_update, 95 NULL, 96 skein_final, 97 skein_digest_atomic 98 }; 99 100 static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, 101 crypto_spi_ctx_template_t, crypto_req_handle_t); 102 static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t, 103 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, 104 crypto_spi_ctx_template_t, crypto_req_handle_t); 105 106 static crypto_mac_ops_t skein_mac_ops = { 107 skein_mac_init, 108 NULL, 109 skein_update, /* using regular digest update is OK here */ 110 skein_final, /* using regular digest final is OK here */ 111 skein_mac_atomic, 112 NULL 113 }; 114 115 static int skein_create_ctx_template(crypto_provider_handle_t, 116 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, 117 size_t *, crypto_req_handle_t); 118 static int skein_free_context(crypto_ctx_t *); 119 120 static crypto_ctx_ops_t skein_ctx_ops = { 121 skein_create_ctx_template, 122 skein_free_context 123 }; 124 125 static crypto_ops_t skein_crypto_ops = { 126 &skein_control_ops, 127 &skein_digest_ops, 128 NULL, 129 &skein_mac_ops, 130 NULL, 131 NULL, 132 NULL, 133 NULL, 134 NULL, 135 NULL, 136 NULL, 137 NULL, 138 NULL, 139 &skein_ctx_ops, 140 NULL, 141 NULL, 142 NULL 143 }; 144 145 static crypto_provider_info_t skein_prov_info = { 146 CRYPTO_SPI_VERSION_4, 147 "Skein Software Provider", 148 CRYPTO_SW_PROVIDER, 149 {&modlinkage}, 150 NULL, 151 &skein_crypto_ops, 152 sizeof (skein_mech_info_tab) / sizeof (crypto_mech_info_t), 153 skein_mech_info_tab 154 }; 155 156 static crypto_kcf_provider_handle_t skein_prov_handle = 0; 157 158 typedef struct skein_ctx { 159 skein_mech_type_t sc_mech_type; 160 size_t sc_digest_bitlen; 161 union { 162 Skein_256_Ctxt_t sc_256; 163 Skein_512_Ctxt_t sc_512; 164 Skein1024_Ctxt_t sc_1024; 165 } sc_u; 166 } skein_ctx_t; 167 #define SKEIN_CTX(_ctx_) ((skein_ctx_t *)((_ctx_)->cc_provider_private)) 168 #define SKEIN_CTX_LVALUE(_ctx_) (_ctx_)->cc_provider_private 169 #define SKEIN_OP(_skein_ctx, _op, ...) \ 170 do { \ 171 skein_ctx_t *sc = (_skein_ctx); \ 172 switch (sc->sc_mech_type) { \ 173 case SKEIN_256_MECH_INFO_TYPE: \ 174 case SKEIN_256_MAC_MECH_INFO_TYPE: \ 175 (void) Skein_256_ ## _op(&sc->sc_u.sc_256, \ 176 __VA_ARGS__); \ 177 break; \ 178 case SKEIN_512_MECH_INFO_TYPE: \ 179 case SKEIN_512_MAC_MECH_INFO_TYPE: \ 180 (void) Skein_512_ ## _op(&sc->sc_u.sc_512, \ 181 __VA_ARGS__); \ 182 break; \ 183 case SKEIN1024_MECH_INFO_TYPE: \ 184 case SKEIN1024_MAC_MECH_INFO_TYPE: \ 185 (void) Skein1024_ ## _op(&sc->sc_u.sc_1024, \ 186 __VA_ARGS__); \ 187 break; \ 188 } \ 189 _NOTE(CONSTCOND) \ 190 } while (0) 191 192 static int 193 skein_get_digest_bitlen(const crypto_mechanism_t *mechanism, size_t *result) 194 { 195 if (mechanism->cm_param != NULL) { 196 /*LINTED(E_BAD_PTR_CAST_ALIGN)*/ 197 skein_param_t *param = (skein_param_t *)mechanism->cm_param; 198 199 if (mechanism->cm_param_len != sizeof (*param) || 200 param->sp_digest_bitlen == 0) { 201 return (CRYPTO_MECHANISM_PARAM_INVALID); 202 } 203 *result = param->sp_digest_bitlen; 204 } else { 205 switch (mechanism->cm_type) { 206 case SKEIN_256_MECH_INFO_TYPE: 207 *result = 256; 208 break; 209 case SKEIN_512_MECH_INFO_TYPE: 210 *result = 512; 211 break; 212 case SKEIN1024_MECH_INFO_TYPE: 213 *result = 1024; 214 break; 215 default: 216 return (CRYPTO_MECHANISM_INVALID); 217 } 218 } 219 return (CRYPTO_SUCCESS); 220 } 221 222 int 223 _init(void) 224 { 225 int error; 226 227 if ((error = mod_install(&modlinkage)) != 0) 228 return (error); 229 230 /* 231 * Try to register with KCF - failure shouldn't unload us, since we 232 * still may want to continue providing misc/skein functionality. 233 */ 234 (void) crypto_register_provider(&skein_prov_info, &skein_prov_handle); 235 236 return (0); 237 } 238 239 int 240 _info(struct modinfo *modinfop) 241 { 242 return (mod_info(&modlinkage, modinfop)); 243 } 244 245 /* 246 * KCF software provider control entry points. 247 */ 248 /* ARGSUSED */ 249 static void 250 skein_provider_status(crypto_provider_handle_t provider, uint_t *status) 251 { 252 *status = CRYPTO_PROVIDER_READY; 253 } 254 255 /* 256 * General Skein hashing helper functions. 257 */ 258 259 /* 260 * Performs an Update on a context with uio input data. 261 */ 262 static int 263 skein_digest_update_uio(skein_ctx_t *ctx, const crypto_data_t *data) 264 { 265 off_t offset = data->cd_offset; 266 size_t length = data->cd_length; 267 uint_t vec_idx; 268 size_t cur_len; 269 const uio_t *uio = data->cd_uio; 270 271 /* we support only kernel buffer */ 272 if (uio->uio_segflg != UIO_SYSSPACE) 273 return (CRYPTO_ARGUMENTS_BAD); 274 275 /* 276 * Jump to the first iovec containing data to be 277 * digested. 278 */ 279 for (vec_idx = 0; vec_idx < uio->uio_iovcnt && 280 offset >= uio->uio_iov[vec_idx].iov_len; 281 offset -= uio->uio_iov[vec_idx++].iov_len) 282 ; 283 if (vec_idx == uio->uio_iovcnt) { 284 /* 285 * The caller specified an offset that is larger than the 286 * total size of the buffers it provided. 287 */ 288 return (CRYPTO_DATA_LEN_RANGE); 289 } 290 291 /* 292 * Now do the digesting on the iovecs. 293 */ 294 while (vec_idx < uio->uio_iovcnt && length > 0) { 295 cur_len = MIN(uio->uio_iov[vec_idx].iov_len - offset, length); 296 SKEIN_OP(ctx, Update, (uint8_t *)uio->uio_iov[vec_idx].iov_base 297 + offset, cur_len); 298 length -= cur_len; 299 vec_idx++; 300 offset = 0; 301 } 302 303 if (vec_idx == uio->uio_iovcnt && length > 0) { 304 /* 305 * The end of the specified iovec's was reached but 306 * the length requested could not be processed, i.e. 307 * The caller requested to digest more data than it provided. 308 */ 309 return (CRYPTO_DATA_LEN_RANGE); 310 } 311 312 return (CRYPTO_SUCCESS); 313 } 314 315 /* 316 * Performs a Final on a context and writes to a uio digest output. 317 */ 318 static int 319 skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest, 320 crypto_req_handle_t req) 321 { 322 off_t offset = digest->cd_offset; 323 uint_t vec_idx; 324 uio_t *uio = digest->cd_uio; 325 326 /* we support only kernel buffer */ 327 if (uio->uio_segflg != UIO_SYSSPACE) 328 return (CRYPTO_ARGUMENTS_BAD); 329 330 /* 331 * Jump to the first iovec containing ptr to the digest to be returned. 332 */ 333 for (vec_idx = 0; offset >= uio->uio_iov[vec_idx].iov_len && 334 vec_idx < uio->uio_iovcnt; 335 offset -= uio->uio_iov[vec_idx++].iov_len) 336 ; 337 if (vec_idx == uio->uio_iovcnt) { 338 /* 339 * The caller specified an offset that is larger than the 340 * total size of the buffers it provided. 341 */ 342 return (CRYPTO_DATA_LEN_RANGE); 343 } 344 if (offset + CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen) <= 345 uio->uio_iov[vec_idx].iov_len) { 346 /* The computed digest will fit in the current iovec. */ 347 SKEIN_OP(ctx, Final, 348 (uchar_t *)uio->uio_iov[vec_idx].iov_base + offset); 349 } else { 350 uint8_t *digest_tmp; 351 off_t scratch_offset = 0; 352 size_t length = CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen); 353 size_t cur_len; 354 355 digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES( 356 ctx->sc_digest_bitlen), crypto_kmflag(req)); 357 if (digest_tmp == NULL) 358 return (CRYPTO_HOST_MEMORY); 359 SKEIN_OP(ctx, Final, digest_tmp); 360 while (vec_idx < uio->uio_iovcnt && length > 0) { 361 cur_len = MIN(uio->uio_iov[vec_idx].iov_len - offset, 362 length); 363 bcopy(digest_tmp + scratch_offset, 364 uio->uio_iov[vec_idx].iov_base + offset, cur_len); 365 366 length -= cur_len; 367 vec_idx++; 368 scratch_offset += cur_len; 369 offset = 0; 370 } 371 kmem_free(digest_tmp, CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen)); 372 373 if (vec_idx == uio->uio_iovcnt && length > 0) { 374 /* 375 * The end of the specified iovec's was reached but 376 * the length requested could not be processed, i.e. 377 * The caller requested to digest more data than it 378 * provided. 379 */ 380 return (CRYPTO_DATA_LEN_RANGE); 381 } 382 } 383 384 return (CRYPTO_SUCCESS); 385 } 386 387 /* 388 * Performs an Update on a context with mblk input data. 389 */ 390 static int 391 skein_digest_update_mblk(skein_ctx_t *ctx, crypto_data_t *data) 392 { 393 off_t offset = data->cd_offset; 394 size_t length = data->cd_length; 395 mblk_t *mp; 396 size_t cur_len; 397 398 /* Jump to the first mblk_t containing data to be digested. */ 399 for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp); 400 offset -= MBLKL(mp), mp = mp->b_cont) 401 ; 402 if (mp == NULL) { 403 /* 404 * The caller specified an offset that is larger than the 405 * total size of the buffers it provided. 406 */ 407 return (CRYPTO_DATA_LEN_RANGE); 408 } 409 410 /* Now do the digesting on the mblk chain. */ 411 while (mp != NULL && length > 0) { 412 cur_len = MIN(MBLKL(mp) - offset, length); 413 SKEIN_OP(ctx, Update, mp->b_rptr + offset, cur_len); 414 length -= cur_len; 415 offset = 0; 416 mp = mp->b_cont; 417 } 418 419 if (mp == NULL && length > 0) { 420 /* 421 * The end of the mblk was reached but the length requested 422 * could not be processed, i.e. The caller requested 423 * to digest more data than it provided. 424 */ 425 return (CRYPTO_DATA_LEN_RANGE); 426 } 427 428 return (CRYPTO_SUCCESS); 429 } 430 431 /* 432 * Performs a Final on a context and writes to an mblk digest output. 433 */ 434 static int 435 skein_digest_final_mblk(skein_ctx_t *ctx, crypto_data_t *digest, 436 crypto_req_handle_t req) 437 { 438 off_t offset = digest->cd_offset; 439 mblk_t *mp; 440 441 /* Jump to the first mblk_t that will be used to store the digest. */ 442 for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp); 443 offset -= MBLKL(mp), mp = mp->b_cont) 444 ; 445 if (mp == NULL) { 446 /* caller specified offset is too large */ 447 return (CRYPTO_DATA_LEN_RANGE); 448 } 449 450 if (offset + CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen) <= MBLKL(mp)) { 451 /* The digest will fit in the current mblk. */ 452 SKEIN_OP(ctx, Final, mp->b_rptr + offset); 453 } else { 454 /* Split the digest up between the individual buffers. */ 455 uint8_t *digest_tmp; 456 off_t scratch_offset = 0; 457 size_t length = CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen); 458 size_t cur_len; 459 460 digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES( 461 ctx->sc_digest_bitlen), crypto_kmflag(req)); 462 if (digest_tmp == NULL) 463 return (CRYPTO_HOST_MEMORY); 464 SKEIN_OP(ctx, Final, digest_tmp); 465 while (mp != NULL && length > 0) { 466 cur_len = MIN(MBLKL(mp) - offset, length); 467 bcopy(digest_tmp + scratch_offset, 468 mp->b_rptr + offset, cur_len); 469 length -= cur_len; 470 mp = mp->b_cont; 471 scratch_offset += cur_len; 472 offset = 0; 473 } 474 kmem_free(digest_tmp, CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen)); 475 if (mp == NULL && length > 0) { 476 /* digest too long to fit in the mblk buffers */ 477 return (CRYPTO_DATA_LEN_RANGE); 478 } 479 } 480 481 return (CRYPTO_SUCCESS); 482 } 483 484 /* 485 * KCF software provider digest entry points. 486 */ 487 488 /* 489 * Initializes a skein digest context to the configuration in `mechanism'. 490 * The mechanism cm_type must be one of SKEIN_*_MECH_INFO_TYPE. The cm_param 491 * field may contain a skein_param_t structure indicating the length of the 492 * digest the algorithm should produce. Otherwise the default output lengths 493 * are applied (32 bytes for Skein-256, 64 bytes for Skein-512 and 128 bytes 494 * for Skein-1024). 495 */ 496 static int 497 skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 498 crypto_req_handle_t req) 499 { 500 int error = CRYPTO_SUCCESS; 501 502 if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type)) 503 return (CRYPTO_MECHANISM_INVALID); 504 505 SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), 506 crypto_kmflag(req)); 507 if (SKEIN_CTX(ctx) == NULL) 508 return (CRYPTO_HOST_MEMORY); 509 510 SKEIN_CTX(ctx)->sc_mech_type = mechanism->cm_type; 511 error = skein_get_digest_bitlen(mechanism, 512 &SKEIN_CTX(ctx)->sc_digest_bitlen); 513 if (error != CRYPTO_SUCCESS) 514 goto errout; 515 SKEIN_OP(SKEIN_CTX(ctx), Init, SKEIN_CTX(ctx)->sc_digest_bitlen); 516 517 return (CRYPTO_SUCCESS); 518 errout: 519 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 520 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 521 SKEIN_CTX_LVALUE(ctx) = NULL; 522 return (error); 523 } 524 525 /* 526 * Executes a skein_update and skein_digest on a pre-initialized crypto 527 * context in a single step. See the documentation to these functions to 528 * see what to pass here. 529 */ 530 static int 531 skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest, 532 crypto_req_handle_t req) 533 { 534 int error = CRYPTO_SUCCESS; 535 536 ASSERT(SKEIN_CTX(ctx) != NULL); 537 538 if (digest->cd_length < 539 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) { 540 digest->cd_length = 541 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen); 542 return (CRYPTO_BUFFER_TOO_SMALL); 543 } 544 545 error = skein_update(ctx, data, req); 546 if (error != CRYPTO_SUCCESS) { 547 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 548 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 549 SKEIN_CTX_LVALUE(ctx) = NULL; 550 digest->cd_length = 0; 551 return (error); 552 } 553 error = skein_final(ctx, digest, req); 554 555 return (error); 556 } 557 558 /* 559 * Performs a skein Update with the input message in `data' (successive calls 560 * can push more data). This is used both for digest and MAC operation. 561 * Supported input data formats are raw, uio and mblk. 562 */ 563 /*ARGSUSED*/ 564 static int 565 skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req) 566 { 567 int error = CRYPTO_SUCCESS; 568 569 ASSERT(SKEIN_CTX(ctx) != NULL); 570 571 switch (data->cd_format) { 572 case CRYPTO_DATA_RAW: 573 SKEIN_OP(SKEIN_CTX(ctx), Update, 574 (uint8_t *)data->cd_raw.iov_base + data->cd_offset, 575 data->cd_length); 576 break; 577 case CRYPTO_DATA_UIO: 578 error = skein_digest_update_uio(SKEIN_CTX(ctx), data); 579 break; 580 case CRYPTO_DATA_MBLK: 581 error = skein_digest_update_mblk(SKEIN_CTX(ctx), data); 582 break; 583 default: 584 error = CRYPTO_ARGUMENTS_BAD; 585 } 586 587 return (error); 588 } 589 590 /* 591 * Performs a skein Final, writing the output to `digest'. This is used both 592 * for digest and MAC operation. 593 * Supported output digest formats are raw, uio and mblk. 594 */ 595 /*ARGSUSED*/ 596 static int 597 skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req) 598 { 599 int error = CRYPTO_SUCCESS; 600 601 ASSERT(SKEIN_CTX(ctx) != NULL); 602 603 if (digest->cd_length < 604 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) { 605 digest->cd_length = 606 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen); 607 return (CRYPTO_BUFFER_TOO_SMALL); 608 } 609 610 switch (digest->cd_format) { 611 case CRYPTO_DATA_RAW: 612 SKEIN_OP(SKEIN_CTX(ctx), Final, 613 (uint8_t *)digest->cd_raw.iov_base + digest->cd_offset); 614 break; 615 case CRYPTO_DATA_UIO: 616 error = skein_digest_final_uio(SKEIN_CTX(ctx), digest, req); 617 break; 618 case CRYPTO_DATA_MBLK: 619 error = skein_digest_final_mblk(SKEIN_CTX(ctx), digest, req); 620 break; 621 default: 622 error = CRYPTO_ARGUMENTS_BAD; 623 } 624 625 if (error == CRYPTO_SUCCESS) 626 digest->cd_length = 627 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen); 628 else 629 digest->cd_length = 0; 630 631 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 632 kmem_free(SKEIN_CTX(ctx), sizeof (*(SKEIN_CTX(ctx)))); 633 SKEIN_CTX_LVALUE(ctx) = NULL; 634 635 return (error); 636 } 637 638 /* 639 * Performs a full skein digest computation in a single call, configuring the 640 * algorithm according to `mechanism', reading the input to be digested from 641 * `data' and writing the output to `digest'. 642 * Supported input/output formats are raw, uio and mblk. 643 */ 644 /*ARGSUSED*/ 645 static int 646 skein_digest_atomic(crypto_provider_handle_t provider, 647 crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 648 crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req) 649 { 650 int error; 651 skein_ctx_t skein_ctx; 652 crypto_ctx_t ctx; 653 SKEIN_CTX_LVALUE(&ctx) = &skein_ctx; 654 655 /* Init */ 656 if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type)) 657 return (CRYPTO_MECHANISM_INVALID); 658 skein_ctx.sc_mech_type = mechanism->cm_type; 659 error = skein_get_digest_bitlen(mechanism, &skein_ctx.sc_digest_bitlen); 660 if (error != CRYPTO_SUCCESS) 661 goto out; 662 SKEIN_OP(&skein_ctx, Init, skein_ctx.sc_digest_bitlen); 663 664 if ((error = skein_update(&ctx, data, digest)) != CRYPTO_SUCCESS) 665 goto out; 666 if ((error = skein_final(&ctx, data, digest)) != CRYPTO_SUCCESS) 667 goto out; 668 669 out: 670 if (error == CRYPTO_SUCCESS) 671 digest->cd_length = 672 CRYPTO_BITS2BYTES(skein_ctx.sc_digest_bitlen); 673 else 674 digest->cd_length = 0; 675 bzero(&skein_ctx, sizeof (skein_ctx)); 676 677 return (error); 678 } 679 680 /* 681 * Helper function that builds a Skein MAC context from the provided 682 * mechanism and key. 683 */ 684 static int 685 skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism, 686 crypto_key_t *key) 687 { 688 int error; 689 690 if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type)) 691 return (CRYPTO_MECHANISM_INVALID); 692 if (key->ck_format != CRYPTO_KEY_RAW) 693 return (CRYPTO_ARGUMENTS_BAD); 694 ctx->sc_mech_type = mechanism->cm_type; 695 error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen); 696 if (error != CRYPTO_SUCCESS) 697 return (error); 698 SKEIN_OP(ctx, InitExt, ctx->sc_digest_bitlen, 0, key->ck_data, 699 CRYPTO_BITS2BYTES(key->ck_length)); 700 701 return (CRYPTO_SUCCESS); 702 } 703 704 /* 705 * KCF software provide mac entry points. 706 */ 707 /* 708 * Initializes a skein MAC context. You may pass a ctx_template, in which 709 * case the template will be reused to make initialization more efficient. 710 * Otherwise a new context will be constructed. The mechanism cm_type must 711 * be one of SKEIN_*_MAC_MECH_INFO_TYPE. Same as in skein_digest_init, you 712 * may pass a skein_param_t in cm_param to configure the length of the 713 * digest. The key must be in raw format. 714 */ 715 static int 716 skein_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 717 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template, 718 crypto_req_handle_t req) 719 { 720 int error; 721 722 SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), 723 crypto_kmflag(req)); 724 if (SKEIN_CTX(ctx) == NULL) 725 return (CRYPTO_HOST_MEMORY); 726 727 if (ctx_template != NULL) { 728 bcopy(ctx_template, SKEIN_CTX(ctx), 729 sizeof (*SKEIN_CTX(ctx))); 730 } else { 731 error = skein_mac_ctx_build(SKEIN_CTX(ctx), mechanism, key); 732 if (error != CRYPTO_SUCCESS) 733 goto errout; 734 } 735 736 return (CRYPTO_SUCCESS); 737 errout: 738 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 739 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 740 return (error); 741 } 742 743 /* 744 * The MAC update and final calls are reused from the regular digest code. 745 */ 746 747 /*ARGSUSED*/ 748 /* 749 * Same as skein_digest_atomic, performs an atomic Skein MAC operation in 750 * one step. All the same properties apply to the arguments of this 751 * function as to those of the partial operations above. 752 */ 753 static int 754 skein_mac_atomic(crypto_provider_handle_t provider, 755 crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 756 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, 757 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req) 758 { 759 /* faux crypto context just for skein_digest_{update,final} */ 760 int error; 761 crypto_ctx_t ctx; 762 skein_ctx_t skein_ctx; 763 SKEIN_CTX_LVALUE(&ctx) = &skein_ctx; 764 765 if (ctx_template != NULL) { 766 bcopy(ctx_template, &skein_ctx, sizeof (skein_ctx)); 767 } else { 768 error = skein_mac_ctx_build(&skein_ctx, mechanism, key); 769 if (error != CRYPTO_SUCCESS) 770 goto errout; 771 } 772 773 if ((error = skein_update(&ctx, data, req)) != CRYPTO_SUCCESS) 774 goto errout; 775 if ((error = skein_final(&ctx, mac, req)) != CRYPTO_SUCCESS) 776 goto errout; 777 778 return (CRYPTO_SUCCESS); 779 errout: 780 bzero(&skein_ctx, sizeof (skein_ctx)); 781 return (error); 782 } 783 784 /* 785 * KCF software provider context management entry points. 786 */ 787 788 /* 789 * Constructs a context template for the Skein MAC algorithm. The same 790 * properties apply to the arguments of this function as to those of 791 * skein_mac_init. 792 */ 793 /*ARGSUSED*/ 794 static int 795 skein_create_ctx_template(crypto_provider_handle_t provider, 796 crypto_mechanism_t *mechanism, crypto_key_t *key, 797 crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size, 798 crypto_req_handle_t req) 799 { 800 int error; 801 skein_ctx_t *ctx_tmpl; 802 803 ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), crypto_kmflag(req)); 804 if (ctx_tmpl == NULL) 805 return (CRYPTO_HOST_MEMORY); 806 error = skein_mac_ctx_build(ctx_tmpl, mechanism, key); 807 if (error != CRYPTO_SUCCESS) 808 goto errout; 809 *ctx_template = ctx_tmpl; 810 *ctx_template_size = sizeof (*ctx_tmpl); 811 812 return (CRYPTO_SUCCESS); 813 errout: 814 bzero(ctx_tmpl, sizeof (*ctx_tmpl)); 815 kmem_free(ctx_tmpl, sizeof (*ctx_tmpl)); 816 return (error); 817 } 818 819 /* 820 * Frees a skein context in a parent crypto context. 821 */ 822 static int 823 skein_free_context(crypto_ctx_t *ctx) 824 { 825 if (SKEIN_CTX(ctx) != NULL) { 826 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 827 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); 828 SKEIN_CTX_LVALUE(ctx) = NULL; 829 } 830 831 return (CRYPTO_SUCCESS); 832 } 833