1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * In kernel module, the md5 module is created with two modlinkages: 29 * - a modlmisc that allows consumers to directly call the entry points 30 * MD5Init, MD5Update, and MD5Final. 31 * - a modlcrypto that allows the module to register with the Kernel 32 * Cryptographic Framework (KCF) as a software provider for the MD5 33 * mechanisms. 34 */ 35 36 #include <sys/types.h> 37 #include <sys/systm.h> 38 #include <sys/modctl.h> 39 #include <sys/cmn_err.h> 40 #include <sys/ddi.h> 41 #include <sys/crypto/common.h> 42 #include <sys/crypto/spi.h> 43 #include <sys/sysmacros.h> 44 #include <sys/strsun.h> 45 #include <sys/note.h> 46 #include <sys/md5.h> 47 48 extern struct mod_ops mod_miscops; 49 extern struct mod_ops mod_cryptoops; 50 51 /* 52 * Module linkage information for the kernel. 53 */ 54 55 static struct modlmisc modlmisc = { 56 &mod_miscops, 57 "MD5 Message-Digest Algorithm" 58 }; 59 60 static struct modlcrypto modlcrypto = { 61 &mod_cryptoops, 62 "MD5 Kernel SW Provider" 63 }; 64 65 static struct modlinkage modlinkage = { 66 MODREV_1, 67 (void *)&modlmisc, 68 (void *)&modlcrypto, 69 NULL 70 }; 71 72 /* 73 * CSPI information (entry points, provider info, etc.) 74 */ 75 76 typedef enum md5_mech_type { 77 MD5_MECH_INFO_TYPE, /* SUN_CKM_MD5 */ 78 MD5_HMAC_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC */ 79 MD5_HMAC_GEN_MECH_INFO_TYPE /* SUN_CKM_MD5_HMAC_GENERAL */ 80 } md5_mech_type_t; 81 82 #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */ 83 #define MD5_HMAC_BLOCK_SIZE 64 /* MD5 block size */ 84 #define MD5_HMAC_MIN_KEY_LEN 1 /* MD5-HMAC min key length in bytes */ 85 #define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bytes */ 86 #define MD5_HMAC_INTS_PER_BLOCK (MD5_HMAC_BLOCK_SIZE/sizeof (uint32_t)) 87 88 /* 89 * Context for MD5 mechanism. 90 */ 91 typedef struct md5_ctx { 92 md5_mech_type_t mc_mech_type; /* type of context */ 93 MD5_CTX mc_md5_ctx; /* MD5 context */ 94 } md5_ctx_t; 95 96 /* 97 * Context for MD5-HMAC and MD5-HMAC-GENERAL mechanisms. 98 */ 99 typedef struct md5_hmac_ctx { 100 md5_mech_type_t hc_mech_type; /* type of context */ 101 uint32_t hc_digest_len; /* digest len in bytes */ 102 MD5_CTX hc_icontext; /* inner MD5 context */ 103 MD5_CTX hc_ocontext; /* outer MD5 context */ 104 } md5_hmac_ctx_t; 105 106 /* 107 * Macros to access the MD5 or MD5-HMAC contexts from a context passed 108 * by KCF to one of the entry points. 109 */ 110 111 #define PROV_MD5_CTX(ctx) ((md5_ctx_t *)(ctx)->cc_provider_private) 112 #define PROV_MD5_HMAC_CTX(ctx) ((md5_hmac_ctx_t *)(ctx)->cc_provider_private) 113 /* to extract the digest length passed as mechanism parameter */ 114 115 #define PROV_MD5_GET_DIGEST_LEN(m, len) { \ 116 if (IS_P2ALIGNED((m)->cm_param, sizeof (ulong_t))) \ 117 (len) = (uint32_t)*((ulong_t *)(void *)mechanism->cm_param); \ 118 else { \ 119 ulong_t tmp_ulong; \ 120 bcopy((m)->cm_param, &tmp_ulong, sizeof (ulong_t)); \ 121 (len) = (uint32_t)tmp_ulong; \ 122 } \ 123 } 124 125 #define PROV_MD5_DIGEST_KEY(ctx, key, len, digest) { \ 126 MD5Init(ctx); \ 127 MD5Update(ctx, key, len); \ 128 MD5Final(digest, ctx); \ 129 } 130 131 /* 132 * Mechanism info structure passed to KCF during registration. 133 */ 134 static crypto_mech_info_t md5_mech_info_tab[] = { 135 /* MD5 */ 136 {SUN_CKM_MD5, MD5_MECH_INFO_TYPE, 137 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 138 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, 139 /* MD5-HMAC */ 140 {SUN_CKM_MD5_HMAC, MD5_HMAC_MECH_INFO_TYPE, 141 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 142 MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN, 143 CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 144 /* MD5-HMAC GENERAL */ 145 {SUN_CKM_MD5_HMAC_GENERAL, MD5_HMAC_GEN_MECH_INFO_TYPE, 146 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 147 MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN, 148 CRYPTO_KEYSIZE_UNIT_IN_BYTES} 149 }; 150 151 static void md5_provider_status(crypto_provider_handle_t, uint_t *); 152 153 static crypto_control_ops_t md5_control_ops = { 154 md5_provider_status 155 }; 156 157 static int md5_digest_init(crypto_ctx_t *, crypto_mechanism_t *, 158 crypto_req_handle_t); 159 static int md5_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 160 crypto_req_handle_t); 161 static int md5_digest_update(crypto_ctx_t *, crypto_data_t *, 162 crypto_req_handle_t); 163 static int md5_digest_final(crypto_ctx_t *, crypto_data_t *, 164 crypto_req_handle_t); 165 static int md5_digest_atomic(crypto_provider_handle_t, crypto_session_id_t, 166 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *, 167 crypto_req_handle_t); 168 169 static crypto_digest_ops_t md5_digest_ops = { 170 md5_digest_init, 171 md5_digest, 172 md5_digest_update, 173 NULL, 174 md5_digest_final, 175 md5_digest_atomic 176 }; 177 178 static int md5_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, 179 crypto_spi_ctx_template_t, crypto_req_handle_t); 180 static int md5_mac_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); 181 static int md5_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); 182 static int md5_mac_atomic(crypto_provider_handle_t, crypto_session_id_t, 183 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, 184 crypto_spi_ctx_template_t, crypto_req_handle_t); 185 static int md5_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t, 186 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, 187 crypto_spi_ctx_template_t, crypto_req_handle_t); 188 189 static crypto_mac_ops_t md5_mac_ops = { 190 md5_mac_init, 191 NULL, 192 md5_mac_update, 193 md5_mac_final, 194 md5_mac_atomic, 195 md5_mac_verify_atomic 196 }; 197 198 static int md5_create_ctx_template(crypto_provider_handle_t, 199 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, 200 size_t *, crypto_req_handle_t); 201 static int md5_free_context(crypto_ctx_t *); 202 203 static crypto_ctx_ops_t md5_ctx_ops = { 204 md5_create_ctx_template, 205 md5_free_context 206 }; 207 208 static crypto_ops_t md5_crypto_ops = { 209 &md5_control_ops, 210 &md5_digest_ops, 211 NULL, 212 &md5_mac_ops, 213 NULL, 214 NULL, 215 NULL, 216 NULL, 217 NULL, 218 NULL, 219 NULL, 220 NULL, 221 NULL, 222 &md5_ctx_ops 223 }; 224 225 static crypto_provider_info_t md5_prov_info = { 226 CRYPTO_SPI_VERSION_1, 227 "MD5 Software Provider", 228 CRYPTO_SW_PROVIDER, 229 {&modlinkage}, 230 NULL, 231 &md5_crypto_ops, 232 sizeof (md5_mech_info_tab)/sizeof (crypto_mech_info_t), 233 md5_mech_info_tab 234 }; 235 236 static crypto_kcf_provider_handle_t md5_prov_handle = NULL; 237 238 int 239 _init(void) 240 { 241 int ret; 242 243 if ((ret = mod_install(&modlinkage)) != 0) 244 return (ret); 245 246 /* 247 * Register with KCF. If the registration fails, do not uninstall the 248 * module, since the functionality provided by misc/md5 should still be 249 * available. 250 */ 251 (void) crypto_register_provider(&md5_prov_info, &md5_prov_handle); 252 253 return (0); 254 } 255 256 int 257 _fini(void) 258 { 259 int ret; 260 261 /* 262 * Unregister from KCF if previous registration succeeded. 263 */ 264 if (md5_prov_handle != NULL) { 265 if ((ret = crypto_unregister_provider(md5_prov_handle)) != 266 CRYPTO_SUCCESS) 267 return (ret); 268 269 md5_prov_handle = NULL; 270 } 271 272 return (mod_remove(&modlinkage)); 273 } 274 275 int 276 _info(struct modinfo *modinfop) 277 { 278 return (mod_info(&modlinkage, modinfop)); 279 } 280 281 /* 282 * KCF software provider control entry points. 283 */ 284 /* ARGSUSED */ 285 static void 286 md5_provider_status(crypto_provider_handle_t provider, uint_t *status) 287 { 288 *status = CRYPTO_PROVIDER_READY; 289 } 290 291 /* 292 * KCF software provider digest entry points. 293 */ 294 295 static int 296 md5_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 297 crypto_req_handle_t req) 298 { 299 if (mechanism->cm_type != MD5_MECH_INFO_TYPE) 300 return (CRYPTO_MECHANISM_INVALID); 301 302 /* 303 * Allocate and initialize MD5 context. 304 */ 305 ctx->cc_provider_private = kmem_alloc(sizeof (md5_ctx_t), 306 crypto_kmflag(req)); 307 if (ctx->cc_provider_private == NULL) 308 return (CRYPTO_HOST_MEMORY); 309 310 PROV_MD5_CTX(ctx)->mc_mech_type = MD5_MECH_INFO_TYPE; 311 MD5Init(&PROV_MD5_CTX(ctx)->mc_md5_ctx); 312 313 return (CRYPTO_SUCCESS); 314 } 315 316 /* 317 * Helper MD5 digest update function for uio data. 318 */ 319 static int 320 md5_digest_update_uio(MD5_CTX *md5_ctx, crypto_data_t *data) 321 { 322 off_t offset = data->cd_offset; 323 size_t length = data->cd_length; 324 uint_t vec_idx; 325 size_t cur_len; 326 327 /* we support only kernel buffer */ 328 if (data->cd_uio->uio_segflg != UIO_SYSSPACE) 329 return (CRYPTO_ARGUMENTS_BAD); 330 331 /* 332 * Jump to the first iovec containing data to be 333 * digested. 334 */ 335 for (vec_idx = 0; vec_idx < data->cd_uio->uio_iovcnt && 336 offset >= data->cd_uio->uio_iov[vec_idx].iov_len; 337 offset -= data->cd_uio->uio_iov[vec_idx++].iov_len) 338 ; 339 if (vec_idx == data->cd_uio->uio_iovcnt) { 340 /* 341 * The caller specified an offset that is larger than the 342 * total size of the buffers it provided. 343 */ 344 return (CRYPTO_DATA_LEN_RANGE); 345 } 346 347 /* 348 * Now do the digesting on the iovecs. 349 */ 350 while (vec_idx < data->cd_uio->uio_iovcnt && length > 0) { 351 cur_len = MIN(data->cd_uio->uio_iov[vec_idx].iov_len - 352 offset, length); 353 354 MD5Update(md5_ctx, data->cd_uio->uio_iov[vec_idx].iov_base + 355 offset, cur_len); 356 357 length -= cur_len; 358 vec_idx++; 359 offset = 0; 360 } 361 362 if (vec_idx == data->cd_uio->uio_iovcnt && length > 0) { 363 /* 364 * The end of the specified iovec's was reached but 365 * the length requested could not be processed, i.e. 366 * The caller requested to digest more data than it provided. 367 */ 368 return (CRYPTO_DATA_LEN_RANGE); 369 } 370 371 return (CRYPTO_SUCCESS); 372 } 373 374 /* 375 * Helper MD5 digest final function for uio data. 376 * digest_len is the length of the desired digest. If digest_len 377 * is smaller than the default MD5 digest length, the caller 378 * must pass a scratch buffer, digest_scratch, which must 379 * be at least MD5_DIGEST_LENGTH bytes. 380 */ 381 static int 382 md5_digest_final_uio(MD5_CTX *md5_ctx, crypto_data_t *digest, 383 ulong_t digest_len, uchar_t *digest_scratch) 384 { 385 off_t offset = digest->cd_offset; 386 uint_t vec_idx; 387 388 /* we support only kernel buffer */ 389 if (digest->cd_uio->uio_segflg != UIO_SYSSPACE) 390 return (CRYPTO_ARGUMENTS_BAD); 391 392 /* 393 * Jump to the first iovec containing ptr to the digest to 394 * be returned. 395 */ 396 for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len && 397 vec_idx < digest->cd_uio->uio_iovcnt; 398 offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len) 399 ; 400 if (vec_idx == digest->cd_uio->uio_iovcnt) { 401 /* 402 * The caller specified an offset that is 403 * larger than the total size of the buffers 404 * it provided. 405 */ 406 return (CRYPTO_DATA_LEN_RANGE); 407 } 408 409 if (offset + digest_len <= 410 digest->cd_uio->uio_iov[vec_idx].iov_len) { 411 /* 412 * The computed MD5 digest will fit in the current 413 * iovec. 414 */ 415 if (digest_len != MD5_DIGEST_LENGTH) { 416 /* 417 * The caller requested a short digest. Digest 418 * into a scratch buffer and return to 419 * the user only what was requested. 420 */ 421 MD5Final(digest_scratch, md5_ctx); 422 bcopy(digest_scratch, (uchar_t *)digest-> 423 cd_uio->uio_iov[vec_idx].iov_base + offset, 424 digest_len); 425 } else { 426 MD5Final((uchar_t *)digest-> 427 cd_uio->uio_iov[vec_idx].iov_base + offset, 428 md5_ctx); 429 } 430 } else { 431 /* 432 * The computed digest will be crossing one or more iovec's. 433 * This is bad performance-wise but we need to support it. 434 * Allocate a small scratch buffer on the stack and 435 * copy it piece meal to the specified digest iovec's. 436 */ 437 uchar_t digest_tmp[MD5_DIGEST_LENGTH]; 438 off_t scratch_offset = 0; 439 size_t length = digest_len; 440 size_t cur_len; 441 442 MD5Final(digest_tmp, md5_ctx); 443 444 while (vec_idx < digest->cd_uio->uio_iovcnt && length > 0) { 445 cur_len = MIN(digest->cd_uio->uio_iov[vec_idx].iov_len - 446 offset, length); 447 bcopy(digest_tmp + scratch_offset, 448 digest->cd_uio->uio_iov[vec_idx].iov_base + offset, 449 cur_len); 450 451 length -= cur_len; 452 vec_idx++; 453 scratch_offset += cur_len; 454 offset = 0; 455 } 456 457 if (vec_idx == digest->cd_uio->uio_iovcnt && length > 0) { 458 /* 459 * The end of the specified iovec's was reached but 460 * the length requested could not be processed, i.e. 461 * The caller requested to digest more data than it 462 * provided. 463 */ 464 return (CRYPTO_DATA_LEN_RANGE); 465 } 466 } 467 468 return (CRYPTO_SUCCESS); 469 } 470 471 /* 472 * Helper MD5 digest update for mblk's. 473 */ 474 static int 475 md5_digest_update_mblk(MD5_CTX *md5_ctx, crypto_data_t *data) 476 { 477 off_t offset = data->cd_offset; 478 size_t length = data->cd_length; 479 mblk_t *mp; 480 size_t cur_len; 481 482 /* 483 * Jump to the first mblk_t containing data to be digested. 484 */ 485 for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp); 486 offset -= MBLKL(mp), mp = mp->b_cont) 487 ; 488 if (mp == NULL) { 489 /* 490 * The caller specified an offset that is larger than the 491 * total size of the buffers it provided. 492 */ 493 return (CRYPTO_DATA_LEN_RANGE); 494 } 495 496 /* 497 * Now do the digesting on the mblk chain. 498 */ 499 while (mp != NULL && length > 0) { 500 cur_len = MIN(MBLKL(mp) - offset, length); 501 MD5Update(md5_ctx, mp->b_rptr + offset, cur_len); 502 length -= cur_len; 503 offset = 0; 504 mp = mp->b_cont; 505 } 506 507 if (mp == NULL && length > 0) { 508 /* 509 * The end of the mblk was reached but the length requested 510 * could not be processed, i.e. The caller requested 511 * to digest more data than it provided. 512 */ 513 return (CRYPTO_DATA_LEN_RANGE); 514 } 515 516 return (CRYPTO_SUCCESS); 517 } 518 519 /* 520 * Helper MD5 digest final for mblk's. 521 * digest_len is the length of the desired digest. If digest_len 522 * is smaller than the default MD5 digest length, the caller 523 * must pass a scratch buffer, digest_scratch, which must 524 * be at least MD5_DIGEST_LENGTH bytes. 525 */ 526 static int 527 md5_digest_final_mblk(MD5_CTX *md5_ctx, crypto_data_t *digest, 528 ulong_t digest_len, uchar_t *digest_scratch) 529 { 530 off_t offset = digest->cd_offset; 531 mblk_t *mp; 532 533 /* 534 * Jump to the first mblk_t that will be used to store the digest. 535 */ 536 for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp); 537 offset -= MBLKL(mp), mp = mp->b_cont) 538 ; 539 if (mp == NULL) { 540 /* 541 * The caller specified an offset that is larger than the 542 * total size of the buffers it provided. 543 */ 544 return (CRYPTO_DATA_LEN_RANGE); 545 } 546 547 if (offset + digest_len <= MBLKL(mp)) { 548 /* 549 * The computed MD5 digest will fit in the current mblk. 550 * Do the MD5Final() in-place. 551 */ 552 if (digest_len != MD5_DIGEST_LENGTH) { 553 /* 554 * The caller requested a short digest. Digest 555 * into a scratch buffer and return to 556 * the user only what was requested. 557 */ 558 MD5Final(digest_scratch, md5_ctx); 559 bcopy(digest_scratch, mp->b_rptr + offset, digest_len); 560 } else { 561 MD5Final(mp->b_rptr + offset, md5_ctx); 562 } 563 } else { 564 /* 565 * The computed digest will be crossing one or more mblk's. 566 * This is bad performance-wise but we need to support it. 567 * Allocate a small scratch buffer on the stack and 568 * copy it piece meal to the specified digest iovec's. 569 */ 570 uchar_t digest_tmp[MD5_DIGEST_LENGTH]; 571 off_t scratch_offset = 0; 572 size_t length = digest_len; 573 size_t cur_len; 574 575 MD5Final(digest_tmp, md5_ctx); 576 577 while (mp != NULL && length > 0) { 578 cur_len = MIN(MBLKL(mp) - offset, length); 579 bcopy(digest_tmp + scratch_offset, 580 mp->b_rptr + offset, cur_len); 581 582 length -= cur_len; 583 mp = mp->b_cont; 584 scratch_offset += cur_len; 585 offset = 0; 586 } 587 588 if (mp == NULL && length > 0) { 589 /* 590 * The end of the specified mblk was reached but 591 * the length requested could not be processed, i.e. 592 * The caller requested to digest more data than it 593 * provided. 594 */ 595 return (CRYPTO_DATA_LEN_RANGE); 596 } 597 } 598 599 return (CRYPTO_SUCCESS); 600 } 601 602 /* ARGSUSED */ 603 static int 604 md5_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest, 605 crypto_req_handle_t req) 606 { 607 int ret = CRYPTO_SUCCESS; 608 609 ASSERT(ctx->cc_provider_private != NULL); 610 611 /* 612 * We need to just return the length needed to store the output. 613 * We should not destroy the context for the following cases. 614 */ 615 if ((digest->cd_length == 0) || 616 (digest->cd_length < MD5_DIGEST_LENGTH)) { 617 digest->cd_length = MD5_DIGEST_LENGTH; 618 return (CRYPTO_BUFFER_TOO_SMALL); 619 } 620 621 /* 622 * Do the MD5 update on the specified input data. 623 */ 624 switch (data->cd_format) { 625 case CRYPTO_DATA_RAW: 626 MD5Update(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 627 data->cd_raw.iov_base + data->cd_offset, 628 data->cd_length); 629 break; 630 case CRYPTO_DATA_UIO: 631 ret = md5_digest_update_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 632 data); 633 break; 634 case CRYPTO_DATA_MBLK: 635 ret = md5_digest_update_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 636 data); 637 break; 638 default: 639 ret = CRYPTO_ARGUMENTS_BAD; 640 } 641 642 if (ret != CRYPTO_SUCCESS) { 643 /* the update failed, free context and bail */ 644 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t)); 645 ctx->cc_provider_private = NULL; 646 digest->cd_length = 0; 647 return (ret); 648 } 649 650 /* 651 * Do an MD5 final, must be done separately since the digest 652 * type can be different than the input data type. 653 */ 654 switch (digest->cd_format) { 655 case CRYPTO_DATA_RAW: 656 MD5Final((unsigned char *)digest->cd_raw.iov_base + 657 digest->cd_offset, &PROV_MD5_CTX(ctx)->mc_md5_ctx); 658 break; 659 case CRYPTO_DATA_UIO: 660 ret = md5_digest_final_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 661 digest, MD5_DIGEST_LENGTH, NULL); 662 break; 663 case CRYPTO_DATA_MBLK: 664 ret = md5_digest_final_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 665 digest, MD5_DIGEST_LENGTH, NULL); 666 break; 667 default: 668 ret = CRYPTO_ARGUMENTS_BAD; 669 } 670 671 /* all done, free context and return */ 672 673 if (ret == CRYPTO_SUCCESS) { 674 digest->cd_length = MD5_DIGEST_LENGTH; 675 } else { 676 digest->cd_length = 0; 677 } 678 679 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t)); 680 ctx->cc_provider_private = NULL; 681 return (ret); 682 } 683 684 /* ARGSUSED */ 685 static int 686 md5_digest_update(crypto_ctx_t *ctx, crypto_data_t *data, 687 crypto_req_handle_t req) 688 { 689 int ret = CRYPTO_SUCCESS; 690 691 ASSERT(ctx->cc_provider_private != NULL); 692 693 /* 694 * Do the MD5 update on the specified input data. 695 */ 696 switch (data->cd_format) { 697 case CRYPTO_DATA_RAW: 698 MD5Update(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 699 data->cd_raw.iov_base + data->cd_offset, 700 data->cd_length); 701 break; 702 case CRYPTO_DATA_UIO: 703 ret = md5_digest_update_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 704 data); 705 break; 706 case CRYPTO_DATA_MBLK: 707 ret = md5_digest_update_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 708 data); 709 break; 710 default: 711 ret = CRYPTO_ARGUMENTS_BAD; 712 } 713 714 return (ret); 715 } 716 717 /* ARGSUSED */ 718 static int 719 md5_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest, 720 crypto_req_handle_t req) 721 { 722 int ret = CRYPTO_SUCCESS; 723 724 ASSERT(ctx->cc_provider_private != NULL); 725 726 /* 727 * We need to just return the length needed to store the output. 728 * We should not destroy the context for the following cases. 729 */ 730 if ((digest->cd_length == 0) || 731 (digest->cd_length < MD5_DIGEST_LENGTH)) { 732 digest->cd_length = MD5_DIGEST_LENGTH; 733 return (CRYPTO_BUFFER_TOO_SMALL); 734 } 735 736 /* 737 * Do an MD5 final. 738 */ 739 switch (digest->cd_format) { 740 case CRYPTO_DATA_RAW: 741 MD5Final((unsigned char *)digest->cd_raw.iov_base + 742 digest->cd_offset, &PROV_MD5_CTX(ctx)->mc_md5_ctx); 743 break; 744 case CRYPTO_DATA_UIO: 745 ret = md5_digest_final_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 746 digest, MD5_DIGEST_LENGTH, NULL); 747 break; 748 case CRYPTO_DATA_MBLK: 749 ret = md5_digest_final_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx, 750 digest, MD5_DIGEST_LENGTH, NULL); 751 break; 752 default: 753 ret = CRYPTO_ARGUMENTS_BAD; 754 } 755 756 /* all done, free context and return */ 757 758 if (ret == CRYPTO_SUCCESS) { 759 digest->cd_length = MD5_DIGEST_LENGTH; 760 } else { 761 digest->cd_length = 0; 762 } 763 764 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t)); 765 ctx->cc_provider_private = NULL; 766 767 return (ret); 768 } 769 770 /* ARGSUSED */ 771 static int 772 md5_digest_atomic(crypto_provider_handle_t provider, 773 crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 774 crypto_data_t *data, crypto_data_t *digest, 775 crypto_req_handle_t req) 776 { 777 int ret = CRYPTO_SUCCESS; 778 MD5_CTX md5_ctx; 779 780 if (mechanism->cm_type != MD5_MECH_INFO_TYPE) 781 return (CRYPTO_MECHANISM_INVALID); 782 783 /* 784 * Do the MD5 init. 785 */ 786 MD5Init(&md5_ctx); 787 788 /* 789 * Do the MD5 update on the specified input data. 790 */ 791 switch (data->cd_format) { 792 case CRYPTO_DATA_RAW: 793 MD5Update(&md5_ctx, data->cd_raw.iov_base + data->cd_offset, 794 data->cd_length); 795 break; 796 case CRYPTO_DATA_UIO: 797 ret = md5_digest_update_uio(&md5_ctx, data); 798 break; 799 case CRYPTO_DATA_MBLK: 800 ret = md5_digest_update_mblk(&md5_ctx, data); 801 break; 802 default: 803 ret = CRYPTO_ARGUMENTS_BAD; 804 } 805 806 if (ret != CRYPTO_SUCCESS) { 807 /* the update failed, bail */ 808 digest->cd_length = 0; 809 return (ret); 810 } 811 812 /* 813 * Do an MD5 final, must be done separately since the digest 814 * type can be different than the input data type. 815 */ 816 switch (digest->cd_format) { 817 case CRYPTO_DATA_RAW: 818 MD5Final((unsigned char *)digest->cd_raw.iov_base + 819 digest->cd_offset, &md5_ctx); 820 break; 821 case CRYPTO_DATA_UIO: 822 ret = md5_digest_final_uio(&md5_ctx, digest, 823 MD5_DIGEST_LENGTH, NULL); 824 break; 825 case CRYPTO_DATA_MBLK: 826 ret = md5_digest_final_mblk(&md5_ctx, digest, 827 MD5_DIGEST_LENGTH, NULL); 828 break; 829 default: 830 ret = CRYPTO_ARGUMENTS_BAD; 831 } 832 833 if (ret == CRYPTO_SUCCESS) { 834 digest->cd_length = MD5_DIGEST_LENGTH; 835 } else { 836 digest->cd_length = 0; 837 } 838 839 return (ret); 840 } 841 842 /* 843 * KCF software provider mac entry points. 844 * 845 * MD5 HMAC is: MD5(key XOR opad, MD5(key XOR ipad, text)) 846 * 847 * Init: 848 * The initialization routine initializes what we denote 849 * as the inner and outer contexts by doing 850 * - for inner context: MD5(key XOR ipad) 851 * - for outer context: MD5(key XOR opad) 852 * 853 * Update: 854 * Each subsequent MD5 HMAC update will result in an 855 * update of the inner context with the specified data. 856 * 857 * Final: 858 * The MD5 HMAC final will do a MD5 final operation on the 859 * inner context, and the resulting digest will be used 860 * as the data for an update on the outer context. Last 861 * but not least, an MD5 final on the outer context will 862 * be performed to obtain the MD5 HMAC digest to return 863 * to the user. 864 */ 865 866 /* 867 * Initialize a MD5-HMAC context. 868 */ 869 static void 870 md5_mac_init_ctx(md5_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes) 871 { 872 uint32_t ipad[MD5_HMAC_INTS_PER_BLOCK]; 873 uint32_t opad[MD5_HMAC_INTS_PER_BLOCK]; 874 uint_t i; 875 876 bzero(ipad, MD5_HMAC_BLOCK_SIZE); 877 bzero(opad, MD5_HMAC_BLOCK_SIZE); 878 879 bcopy(keyval, ipad, length_in_bytes); 880 bcopy(keyval, opad, length_in_bytes); 881 882 /* XOR key with ipad (0x36) and opad (0x5c) */ 883 for (i = 0; i < MD5_HMAC_INTS_PER_BLOCK; i++) { 884 ipad[i] ^= 0x36363636; 885 opad[i] ^= 0x5c5c5c5c; 886 } 887 888 /* perform MD5 on ipad */ 889 MD5Init(&ctx->hc_icontext); 890 MD5Update(&ctx->hc_icontext, ipad, MD5_HMAC_BLOCK_SIZE); 891 892 /* perform MD5 on opad */ 893 MD5Init(&ctx->hc_ocontext); 894 MD5Update(&ctx->hc_ocontext, opad, MD5_HMAC_BLOCK_SIZE); 895 } 896 897 /* 898 * Initializes a multi-part MAC operation. 899 */ 900 static int 901 md5_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 902 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template, 903 crypto_req_handle_t req) 904 { 905 int ret = CRYPTO_SUCCESS; 906 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); 907 908 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE && 909 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE) 910 return (CRYPTO_MECHANISM_INVALID); 911 912 /* Add support for key by attributes (RFE 4706552) */ 913 if (key->ck_format != CRYPTO_KEY_RAW) 914 return (CRYPTO_ARGUMENTS_BAD); 915 916 ctx->cc_provider_private = kmem_alloc(sizeof (md5_hmac_ctx_t), 917 crypto_kmflag(req)); 918 if (ctx->cc_provider_private == NULL) 919 return (CRYPTO_HOST_MEMORY); 920 921 if (ctx_template != NULL) { 922 /* reuse context template */ 923 bcopy(ctx_template, PROV_MD5_HMAC_CTX(ctx), 924 sizeof (md5_hmac_ctx_t)); 925 } else { 926 /* no context template, compute context */ 927 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) { 928 uchar_t digested_key[MD5_DIGEST_LENGTH]; 929 md5_hmac_ctx_t *hmac_ctx = ctx->cc_provider_private; 930 931 /* 932 * Hash the passed-in key to get a smaller key. 933 * The inner context is used since it hasn't been 934 * initialized yet. 935 */ 936 PROV_MD5_DIGEST_KEY(&hmac_ctx->hc_icontext, 937 key->ck_data, keylen_in_bytes, digested_key); 938 md5_mac_init_ctx(PROV_MD5_HMAC_CTX(ctx), 939 digested_key, MD5_DIGEST_LENGTH); 940 } else { 941 md5_mac_init_ctx(PROV_MD5_HMAC_CTX(ctx), 942 key->ck_data, keylen_in_bytes); 943 } 944 } 945 946 /* 947 * Get the mechanism parameters, if applicable. 948 */ 949 PROV_MD5_HMAC_CTX(ctx)->hc_mech_type = mechanism->cm_type; 950 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) { 951 if (mechanism->cm_param == NULL || 952 mechanism->cm_param_len != sizeof (ulong_t)) 953 ret = CRYPTO_MECHANISM_PARAM_INVALID; 954 PROV_MD5_GET_DIGEST_LEN(mechanism, 955 PROV_MD5_HMAC_CTX(ctx)->hc_digest_len); 956 if (PROV_MD5_HMAC_CTX(ctx)->hc_digest_len > 957 MD5_DIGEST_LENGTH) 958 ret = CRYPTO_MECHANISM_PARAM_INVALID; 959 } 960 961 if (ret != CRYPTO_SUCCESS) { 962 bzero(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t)); 963 kmem_free(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t)); 964 ctx->cc_provider_private = NULL; 965 } 966 967 return (ret); 968 } 969 970 971 /* ARGSUSED */ 972 static int 973 md5_mac_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req) 974 { 975 int ret = CRYPTO_SUCCESS; 976 977 ASSERT(ctx->cc_provider_private != NULL); 978 979 /* 980 * Do an MD5 update of the inner context using the specified 981 * data. 982 */ 983 switch (data->cd_format) { 984 case CRYPTO_DATA_RAW: 985 MD5Update(&PROV_MD5_HMAC_CTX(ctx)->hc_icontext, 986 data->cd_raw.iov_base + data->cd_offset, 987 data->cd_length); 988 break; 989 case CRYPTO_DATA_UIO: 990 ret = md5_digest_update_uio( 991 &PROV_MD5_HMAC_CTX(ctx)->hc_icontext, data); 992 break; 993 case CRYPTO_DATA_MBLK: 994 ret = md5_digest_update_mblk( 995 &PROV_MD5_HMAC_CTX(ctx)->hc_icontext, data); 996 break; 997 default: 998 ret = CRYPTO_ARGUMENTS_BAD; 999 } 1000 1001 return (ret); 1002 } 1003 1004 /* ARGSUSED */ 1005 static int 1006 md5_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req) 1007 { 1008 int ret = CRYPTO_SUCCESS; 1009 uchar_t digest[MD5_DIGEST_LENGTH]; 1010 uint32_t digest_len = MD5_DIGEST_LENGTH; 1011 1012 ASSERT(ctx->cc_provider_private != NULL); 1013 1014 if (PROV_MD5_HMAC_CTX(ctx)->hc_mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE) 1015 digest_len = PROV_MD5_HMAC_CTX(ctx)->hc_digest_len; 1016 1017 /* 1018 * We need to just return the length needed to store the output. 1019 * We should not destroy the context for the following cases. 1020 */ 1021 if ((mac->cd_length == 0) || (mac->cd_length < digest_len)) { 1022 mac->cd_length = digest_len; 1023 return (CRYPTO_BUFFER_TOO_SMALL); 1024 } 1025 1026 /* 1027 * Do an MD5 final on the inner context. 1028 */ 1029 MD5Final(digest, &PROV_MD5_HMAC_CTX(ctx)->hc_icontext); 1030 1031 /* 1032 * Do an MD5 update on the outer context, feeding the inner 1033 * digest as data. 1034 */ 1035 MD5Update(&PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, digest, 1036 MD5_DIGEST_LENGTH); 1037 1038 /* 1039 * Do an MD5 final on the outer context, storing the computing 1040 * digest in the users buffer. 1041 */ 1042 switch (mac->cd_format) { 1043 case CRYPTO_DATA_RAW: 1044 if (digest_len != MD5_DIGEST_LENGTH) { 1045 /* 1046 * The caller requested a short digest. Digest 1047 * into a scratch buffer and return to 1048 * the user only what was requested. 1049 */ 1050 MD5Final(digest, 1051 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext); 1052 bcopy(digest, (unsigned char *)mac->cd_raw.iov_base + 1053 mac->cd_offset, digest_len); 1054 } else { 1055 MD5Final((unsigned char *)mac->cd_raw.iov_base + 1056 mac->cd_offset, 1057 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext); 1058 } 1059 break; 1060 case CRYPTO_DATA_UIO: 1061 ret = md5_digest_final_uio( 1062 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, mac, 1063 digest_len, digest); 1064 break; 1065 case CRYPTO_DATA_MBLK: 1066 ret = md5_digest_final_mblk( 1067 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, mac, 1068 digest_len, digest); 1069 break; 1070 default: 1071 ret = CRYPTO_ARGUMENTS_BAD; 1072 } 1073 1074 if (ret == CRYPTO_SUCCESS) { 1075 mac->cd_length = digest_len; 1076 } else { 1077 mac->cd_length = 0; 1078 } 1079 1080 bzero(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t)); 1081 kmem_free(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t)); 1082 ctx->cc_provider_private = NULL; 1083 1084 return (ret); 1085 } 1086 1087 #define MD5_MAC_UPDATE(data, ctx, ret) { \ 1088 switch (data->cd_format) { \ 1089 case CRYPTO_DATA_RAW: \ 1090 MD5Update(&(ctx).hc_icontext, \ 1091 data->cd_raw.iov_base + data->cd_offset, \ 1092 data->cd_length); \ 1093 break; \ 1094 case CRYPTO_DATA_UIO: \ 1095 ret = md5_digest_update_uio(&(ctx).hc_icontext, data); \ 1096 break; \ 1097 case CRYPTO_DATA_MBLK: \ 1098 ret = md5_digest_update_mblk(&(ctx).hc_icontext, \ 1099 data); \ 1100 break; \ 1101 default: \ 1102 ret = CRYPTO_ARGUMENTS_BAD; \ 1103 } \ 1104 } 1105 1106 1107 /* ARGSUSED */ 1108 static int 1109 md5_mac_atomic(crypto_provider_handle_t provider, 1110 crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 1111 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, 1112 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req) 1113 { 1114 int ret = CRYPTO_SUCCESS; 1115 uchar_t digest[MD5_DIGEST_LENGTH]; 1116 md5_hmac_ctx_t md5_hmac_ctx; 1117 uint32_t digest_len = MD5_DIGEST_LENGTH; 1118 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); 1119 1120 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE && 1121 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE) 1122 return (CRYPTO_MECHANISM_INVALID); 1123 1124 /* Add support for key by attributes (RFE 4706552) */ 1125 if (key->ck_format != CRYPTO_KEY_RAW) 1126 return (CRYPTO_ARGUMENTS_BAD); 1127 1128 if (ctx_template != NULL) { 1129 /* reuse context template */ 1130 bcopy(ctx_template, &md5_hmac_ctx, sizeof (md5_hmac_ctx_t)); 1131 } else { 1132 /* no context template, compute context */ 1133 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) { 1134 /* 1135 * Hash the passed-in key to get a smaller key. 1136 * The inner context is used since it hasn't been 1137 * initialized yet. 1138 */ 1139 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx.hc_icontext, 1140 key->ck_data, keylen_in_bytes, digest); 1141 md5_mac_init_ctx(&md5_hmac_ctx, digest, 1142 MD5_DIGEST_LENGTH); 1143 } else { 1144 md5_mac_init_ctx(&md5_hmac_ctx, key->ck_data, 1145 keylen_in_bytes); 1146 } 1147 } 1148 1149 /* 1150 * Get the mechanism parameters, if applicable. 1151 */ 1152 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) { 1153 if (mechanism->cm_param == NULL || 1154 mechanism->cm_param_len != sizeof (ulong_t)) { 1155 ret = CRYPTO_MECHANISM_PARAM_INVALID; 1156 goto bail; 1157 } 1158 PROV_MD5_GET_DIGEST_LEN(mechanism, digest_len); 1159 if (digest_len > MD5_DIGEST_LENGTH) { 1160 ret = CRYPTO_MECHANISM_PARAM_INVALID; 1161 goto bail; 1162 } 1163 } 1164 1165 /* do an MD5 update of the inner context using the specified data */ 1166 MD5_MAC_UPDATE(data, md5_hmac_ctx, ret); 1167 if (ret != CRYPTO_SUCCESS) 1168 /* the update failed, free context and bail */ 1169 goto bail; 1170 1171 /* do an MD5 final on the inner context */ 1172 MD5Final(digest, &md5_hmac_ctx.hc_icontext); 1173 1174 /* 1175 * Do an MD5 update on the outer context, feeding the inner 1176 * digest as data. 1177 */ 1178 MD5Update(&md5_hmac_ctx.hc_ocontext, digest, MD5_DIGEST_LENGTH); 1179 1180 /* 1181 * Do an MD5 final on the outer context, storing the computed 1182 * digest in the users buffer. 1183 */ 1184 switch (mac->cd_format) { 1185 case CRYPTO_DATA_RAW: 1186 if (digest_len != MD5_DIGEST_LENGTH) { 1187 /* 1188 * The caller requested a short digest. Digest 1189 * into a scratch buffer and return to 1190 * the user only what was requested. 1191 */ 1192 MD5Final(digest, &md5_hmac_ctx.hc_ocontext); 1193 bcopy(digest, (unsigned char *)mac->cd_raw.iov_base + 1194 mac->cd_offset, digest_len); 1195 } else { 1196 MD5Final((unsigned char *)mac->cd_raw.iov_base + 1197 mac->cd_offset, &md5_hmac_ctx.hc_ocontext); 1198 } 1199 break; 1200 case CRYPTO_DATA_UIO: 1201 ret = md5_digest_final_uio(&md5_hmac_ctx.hc_ocontext, mac, 1202 digest_len, digest); 1203 break; 1204 case CRYPTO_DATA_MBLK: 1205 ret = md5_digest_final_mblk(&md5_hmac_ctx.hc_ocontext, mac, 1206 digest_len, digest); 1207 break; 1208 default: 1209 ret = CRYPTO_ARGUMENTS_BAD; 1210 } 1211 1212 if (ret == CRYPTO_SUCCESS) { 1213 mac->cd_length = digest_len; 1214 } else { 1215 mac->cd_length = 0; 1216 } 1217 /* Extra paranoia: zeroizing the local context on the stack */ 1218 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t)); 1219 1220 return (ret); 1221 bail: 1222 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t)); 1223 mac->cd_length = 0; 1224 return (ret); 1225 } 1226 1227 /* ARGSUSED */ 1228 static int 1229 md5_mac_verify_atomic(crypto_provider_handle_t provider, 1230 crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 1231 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, 1232 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req) 1233 { 1234 int ret = CRYPTO_SUCCESS; 1235 uchar_t digest[MD5_DIGEST_LENGTH]; 1236 md5_hmac_ctx_t md5_hmac_ctx; 1237 uint32_t digest_len = MD5_DIGEST_LENGTH; 1238 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); 1239 1240 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE && 1241 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE) 1242 return (CRYPTO_MECHANISM_INVALID); 1243 1244 /* Add support for key by attributes (RFE 4706552) */ 1245 if (key->ck_format != CRYPTO_KEY_RAW) 1246 return (CRYPTO_ARGUMENTS_BAD); 1247 1248 if (ctx_template != NULL) { 1249 /* reuse context template */ 1250 bcopy(ctx_template, &md5_hmac_ctx, sizeof (md5_hmac_ctx_t)); 1251 } else { 1252 /* no context template, compute context */ 1253 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) { 1254 /* 1255 * Hash the passed-in key to get a smaller key. 1256 * The inner context is used since it hasn't been 1257 * initialized yet. 1258 */ 1259 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx.hc_icontext, 1260 key->ck_data, keylen_in_bytes, digest); 1261 md5_mac_init_ctx(&md5_hmac_ctx, digest, 1262 MD5_DIGEST_LENGTH); 1263 } else { 1264 md5_mac_init_ctx(&md5_hmac_ctx, key->ck_data, 1265 keylen_in_bytes); 1266 } 1267 } 1268 1269 /* 1270 * Get the mechanism parameters, if applicable. 1271 */ 1272 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) { 1273 if (mechanism->cm_param == NULL || 1274 mechanism->cm_param_len != sizeof (ulong_t)) { 1275 ret = CRYPTO_MECHANISM_PARAM_INVALID; 1276 goto bail; 1277 } 1278 PROV_MD5_GET_DIGEST_LEN(mechanism, digest_len); 1279 if (digest_len > MD5_DIGEST_LENGTH) { 1280 ret = CRYPTO_MECHANISM_PARAM_INVALID; 1281 goto bail; 1282 } 1283 } 1284 1285 if (mac->cd_length != digest_len) { 1286 ret = CRYPTO_INVALID_MAC; 1287 goto bail; 1288 } 1289 1290 /* do an MD5 update of the inner context using the specified data */ 1291 MD5_MAC_UPDATE(data, md5_hmac_ctx, ret); 1292 if (ret != CRYPTO_SUCCESS) 1293 /* the update failed, free context and bail */ 1294 goto bail; 1295 1296 /* do an MD5 final on the inner context */ 1297 MD5Final(digest, &md5_hmac_ctx.hc_icontext); 1298 1299 /* 1300 * Do an MD5 update on the outer context, feeding the inner 1301 * digest as data. 1302 */ 1303 MD5Update(&md5_hmac_ctx.hc_ocontext, digest, MD5_DIGEST_LENGTH); 1304 1305 /* 1306 * Do an MD5 final on the outer context, storing the computed 1307 * digest in the local digest buffer. 1308 */ 1309 MD5Final(digest, &md5_hmac_ctx.hc_ocontext); 1310 1311 /* 1312 * Compare the computed digest against the expected digest passed 1313 * as argument. 1314 */ 1315 switch (mac->cd_format) { 1316 1317 case CRYPTO_DATA_RAW: 1318 if (bcmp(digest, (unsigned char *)mac->cd_raw.iov_base + 1319 mac->cd_offset, digest_len) != 0) 1320 ret = CRYPTO_INVALID_MAC; 1321 break; 1322 1323 case CRYPTO_DATA_UIO: { 1324 off_t offset = mac->cd_offset; 1325 uint_t vec_idx; 1326 off_t scratch_offset = 0; 1327 size_t length = digest_len; 1328 size_t cur_len; 1329 1330 /* we support only kernel buffer */ 1331 if (mac->cd_uio->uio_segflg != UIO_SYSSPACE) 1332 return (CRYPTO_ARGUMENTS_BAD); 1333 1334 /* jump to the first iovec containing the expected digest */ 1335 for (vec_idx = 0; 1336 offset >= mac->cd_uio->uio_iov[vec_idx].iov_len && 1337 vec_idx < mac->cd_uio->uio_iovcnt; 1338 offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len) 1339 ; 1340 if (vec_idx == mac->cd_uio->uio_iovcnt) { 1341 /* 1342 * The caller specified an offset that is 1343 * larger than the total size of the buffers 1344 * it provided. 1345 */ 1346 ret = CRYPTO_DATA_LEN_RANGE; 1347 break; 1348 } 1349 1350 /* do the comparison of computed digest vs specified one */ 1351 while (vec_idx < mac->cd_uio->uio_iovcnt && length > 0) { 1352 cur_len = MIN(mac->cd_uio->uio_iov[vec_idx].iov_len - 1353 offset, length); 1354 1355 if (bcmp(digest + scratch_offset, 1356 mac->cd_uio->uio_iov[vec_idx].iov_base + offset, 1357 cur_len) != 0) { 1358 ret = CRYPTO_INVALID_MAC; 1359 break; 1360 } 1361 1362 length -= cur_len; 1363 vec_idx++; 1364 scratch_offset += cur_len; 1365 offset = 0; 1366 } 1367 break; 1368 } 1369 1370 case CRYPTO_DATA_MBLK: { 1371 off_t offset = mac->cd_offset; 1372 mblk_t *mp; 1373 off_t scratch_offset = 0; 1374 size_t length = digest_len; 1375 size_t cur_len; 1376 1377 /* jump to the first mblk_t containing the expected digest */ 1378 for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp); 1379 offset -= MBLKL(mp), mp = mp->b_cont) 1380 ; 1381 if (mp == NULL) { 1382 /* 1383 * The caller specified an offset that is larger than 1384 * the total size of the buffers it provided. 1385 */ 1386 ret = CRYPTO_DATA_LEN_RANGE; 1387 break; 1388 } 1389 1390 while (mp != NULL && length > 0) { 1391 cur_len = MIN(MBLKL(mp) - offset, length); 1392 if (bcmp(digest + scratch_offset, 1393 mp->b_rptr + offset, cur_len) != 0) { 1394 ret = CRYPTO_INVALID_MAC; 1395 break; 1396 } 1397 1398 length -= cur_len; 1399 mp = mp->b_cont; 1400 scratch_offset += cur_len; 1401 offset = 0; 1402 } 1403 break; 1404 } 1405 1406 default: 1407 ret = CRYPTO_ARGUMENTS_BAD; 1408 } 1409 1410 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t)); 1411 return (ret); 1412 bail: 1413 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t)); 1414 mac->cd_length = 0; 1415 return (ret); 1416 } 1417 1418 /* 1419 * KCF software provider context management entry points. 1420 */ 1421 1422 /* ARGSUSED */ 1423 static int 1424 md5_create_ctx_template(crypto_provider_handle_t provider, 1425 crypto_mechanism_t *mechanism, crypto_key_t *key, 1426 crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size, 1427 crypto_req_handle_t req) 1428 { 1429 md5_hmac_ctx_t *md5_hmac_ctx_tmpl; 1430 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); 1431 1432 if ((mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE) && 1433 (mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)) 1434 return (CRYPTO_MECHANISM_INVALID); 1435 1436 /* Add support for key by attributes (RFE 4706552) */ 1437 if (key->ck_format != CRYPTO_KEY_RAW) 1438 return (CRYPTO_ARGUMENTS_BAD); 1439 1440 /* 1441 * Allocate and initialize MD5 context. 1442 */ 1443 md5_hmac_ctx_tmpl = kmem_alloc(sizeof (md5_hmac_ctx_t), 1444 crypto_kmflag(req)); 1445 if (md5_hmac_ctx_tmpl == NULL) 1446 return (CRYPTO_HOST_MEMORY); 1447 1448 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) { 1449 uchar_t digested_key[MD5_DIGEST_LENGTH]; 1450 1451 /* 1452 * Hash the passed-in key to get a smaller key. 1453 * The inner context is used since it hasn't been 1454 * initialized yet. 1455 */ 1456 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx_tmpl->hc_icontext, 1457 key->ck_data, keylen_in_bytes, digested_key); 1458 md5_mac_init_ctx(md5_hmac_ctx_tmpl, digested_key, 1459 MD5_DIGEST_LENGTH); 1460 } else { 1461 md5_mac_init_ctx(md5_hmac_ctx_tmpl, key->ck_data, 1462 keylen_in_bytes); 1463 } 1464 1465 md5_hmac_ctx_tmpl->hc_mech_type = mechanism->cm_type; 1466 *ctx_template = (crypto_spi_ctx_template_t)md5_hmac_ctx_tmpl; 1467 *ctx_template_size = sizeof (md5_hmac_ctx_t); 1468 1469 return (CRYPTO_SUCCESS); 1470 } 1471 1472 static int 1473 md5_free_context(crypto_ctx_t *ctx) 1474 { 1475 uint_t ctx_len; 1476 md5_mech_type_t mech_type; 1477 1478 if (ctx->cc_provider_private == NULL) 1479 return (CRYPTO_SUCCESS); 1480 1481 /* 1482 * We have to free either MD5 or MD5-HMAC contexts, which 1483 * have different lengths. 1484 */ 1485 1486 mech_type = PROV_MD5_CTX(ctx)->mc_mech_type; 1487 if (mech_type == MD5_MECH_INFO_TYPE) 1488 ctx_len = sizeof (md5_ctx_t); 1489 else { 1490 ASSERT(mech_type == MD5_HMAC_MECH_INFO_TYPE || 1491 mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE); 1492 ctx_len = sizeof (md5_hmac_ctx_t); 1493 } 1494 1495 bzero(ctx->cc_provider_private, ctx_len); 1496 kmem_free(ctx->cc_provider_private, ctx_len); 1497 ctx->cc_provider_private = NULL; 1498 1499 return (CRYPTO_SUCCESS); 1500 } 1501