xref: /titanic_41/usr/src/uts/common/des/des_crypt.c (revision 635216b673cf196ac523ff2a7ab715717e553292)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  *
21  */
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
28 /*	  All Rights Reserved  	*/
29 
30 /*
31  * Portions of this source code were derived from Berkeley 4.3 BSD
32  * under license from the Regents of the University of California.
33  */
34 
35 /*
36  * des_crypt.c, DES encryption library routines
37  */
38 
39 #include <sys/errno.h>
40 #include <sys/modctl.h>
41 
42 #include <sys/systm.h>
43 #include <sys/cmn_err.h>
44 #include <sys/ddi.h>
45 #include <sys/crypto/common.h>
46 #include <sys/crypto/spi.h>
47 #include <sys/sysmacros.h>
48 #include <sys/strsun.h>
49 #include <sys/note.h>
50 #include <modes/modes.h>
51 #define	_DES_FIPS_POST
52 #include <des/des_impl.h>
53 
54 /* EXPORT DELETE START */
55 #include <sys/types.h>
56 #include <rpc/des_crypt.h>
57 #include <des/des.h>
58 
59 #ifdef sun_hardware
60 #include <sys/ioctl.h>
61 #ifdef _KERNEL
62 #include <sys/conf.h>
63 static int g_desfd = -1;
64 #define	getdesfd()	(cdevsw[11].d_open(0, 0) ? -1 : 0)
65 #define	ioctl(a, b, c)	(cdevsw[11].d_ioctl(0, b, c, 0) ? -1 : 0)
66 #else
67 #define	getdesfd()	(open("/dev/des", 0, 0))
68 #endif	/* _KERNEL */
69 #endif	/* sun */
70 
71 static int common_crypt(char *key, char *buf, size_t len,
72     unsigned int mode, struct desparams *desp);
73 
74 extern int _des_crypt(char *buf, size_t len, struct desparams *desp);
75 
76 /* EXPORT DELETE END */
77 
78 extern struct mod_ops mod_cryptoops;
79 
80 /*
81  * Module linkage information for the kernel.
82  */
83 static struct modlmisc modlmisc = {
84 	&mod_miscops,
85 	"des encryption",
86 };
87 
88 static struct modlcrypto modlcrypto = {
89 	&mod_cryptoops,
90 	"DES Kernel SW Provider"
91 };
92 
93 static struct modlinkage modlinkage = {
94 	MODREV_1,
95 	&modlmisc,
96 	&modlcrypto,
97 	NULL
98 };
99 
100 /* EXPORT DELETE START */
101 
102 #define	DES_MIN_KEY_LEN		DES_MINBYTES
103 #define	DES_MAX_KEY_LEN		DES_MAXBYTES
104 #define	DES3_MIN_KEY_LEN	DES3_MAXBYTES	/* no CKK_DES2 support */
105 #define	DES3_MAX_KEY_LEN	DES3_MAXBYTES
106 
107 /* EXPORT DELETE END */
108 
109 #ifndef DES_MIN_KEY_LEN
110 #define	DES_MIN_KEY_LEN		0
111 #endif
112 
113 #ifndef DES_MAX_KEY_LEN
114 #define	DES_MAX_KEY_LEN		0
115 #endif
116 
117 #ifndef DES3_MIN_KEY_LEN
118 #define	DES3_MIN_KEY_LEN	0
119 #endif
120 
121 #ifndef DES3_MAX_KEY_LEN
122 #define	DES3_MAX_KEY_LEN	0
123 #endif
124 
125 
126 /*
127  * Mechanism info structure passed to KCF during registration.
128  */
129 static crypto_mech_info_t des_mech_info_tab[] = {
130 	/* DES_ECB */
131 	{SUN_CKM_DES_ECB, DES_ECB_MECH_INFO_TYPE,
132 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
133 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
134 	    DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
135 	/* DES_CBC */
136 	{SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE,
137 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
138 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
139 	    DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
140 	/* DES3_ECB */
141 	{SUN_CKM_DES3_ECB, DES3_ECB_MECH_INFO_TYPE,
142 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
143 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
144 	    DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
145 	/* DES3_CBC */
146 	{SUN_CKM_DES3_CBC, DES3_CBC_MECH_INFO_TYPE,
147 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
148 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
149 	    DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}
150 };
151 
152 /* operations are in-place if the output buffer is NULL */
153 #define	DES_ARG_INPLACE(input, output)				\
154 	if ((output) == NULL)					\
155 		(output) = (input);
156 
157 static void des_provider_status(crypto_provider_handle_t, uint_t *);
158 
159 static crypto_control_ops_t des_control_ops = {
160 	des_provider_status
161 };
162 
163 static int
164 des_common_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
165     crypto_spi_ctx_template_t, crypto_req_handle_t);
166 static int des_common_init_ctx(des_ctx_t *, crypto_spi_ctx_template_t *,
167     crypto_mechanism_t *, crypto_key_t *, des_strength_t, int);
168 static int des_encrypt_final(crypto_ctx_t *, crypto_data_t *,
169     crypto_req_handle_t);
170 static int des_decrypt_final(crypto_ctx_t *, crypto_data_t *,
171     crypto_req_handle_t);
172 
173 static int des_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
174     crypto_req_handle_t);
175 static int des_encrypt_update(crypto_ctx_t *, crypto_data_t *,
176     crypto_data_t *, crypto_req_handle_t);
177 static int des_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
178     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
179     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
180 
181 static int des_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
182     crypto_req_handle_t);
183 static int des_decrypt_update(crypto_ctx_t *, crypto_data_t *,
184     crypto_data_t *, crypto_req_handle_t);
185 static int des_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
186     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
187     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
188 
189 static crypto_cipher_ops_t des_cipher_ops = {
190 	des_common_init,
191 	des_encrypt,
192 	des_encrypt_update,
193 	des_encrypt_final,
194 	des_encrypt_atomic,
195 	des_common_init,
196 	des_decrypt,
197 	des_decrypt_update,
198 	des_decrypt_final,
199 	des_decrypt_atomic
200 };
201 
202 static int des_create_ctx_template(crypto_provider_handle_t,
203     crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
204     size_t *, crypto_req_handle_t);
205 static int des_free_context(crypto_ctx_t *);
206 
207 static crypto_ctx_ops_t des_ctx_ops = {
208 	des_create_ctx_template,
209 	des_free_context
210 };
211 
212 static int des_key_check(crypto_provider_handle_t, crypto_mechanism_t *,
213     crypto_key_t *);
214 
215 static crypto_key_ops_t des_key_ops = {
216 	NULL,
217 	NULL,
218 	NULL,
219 	NULL,
220 	NULL,
221 	des_key_check
222 };
223 
224 static void des_POST(int *);
225 
226 static crypto_fips140_ops_t des_fips140_ops = {
227 	des_POST
228 };
229 
230 static crypto_ops_t des_crypto_ops = {
231 	&des_control_ops,
232 	NULL,
233 	&des_cipher_ops,
234 	NULL,
235 	NULL,
236 	NULL,
237 	NULL,
238 	NULL,
239 	NULL,
240 	NULL,
241 	NULL,
242 	&des_key_ops,
243 	NULL,
244 	&des_ctx_ops,
245 	NULL,
246 	NULL,
247 	&des_fips140_ops
248 };
249 
250 static crypto_provider_info_t des_prov_info = {
251 	CRYPTO_SPI_VERSION_4,
252 	"DES Software Provider",
253 	CRYPTO_SW_PROVIDER,
254 	{&modlinkage},
255 	NULL,
256 	&des_crypto_ops,
257 	sizeof (des_mech_info_tab)/sizeof (crypto_mech_info_t),
258 	des_mech_info_tab
259 };
260 
261 static crypto_kcf_provider_handle_t des_prov_handle = NULL;
262 
263 int
264 _init(void)
265 {
266 	int ret;
267 
268 	if ((ret = mod_install(&modlinkage)) != 0)
269 		return (ret);
270 
271 	/*
272 	 * Register with KCF. If the registration fails, log an
273 	 * error but do not uninstall the module, since the functionality
274 	 * provided by misc/des should still be available.
275 	 */
276 	if ((ret = crypto_register_provider(&des_prov_info,
277 	    &des_prov_handle)) != CRYPTO_SUCCESS) {
278 		cmn_err(CE_WARN, "des _init: crypto_register_provider() "
279 		    "failed (0x%x)", ret);
280 	}
281 
282 	return (0);
283 }
284 
285 
286 int
287 _info(struct modinfo *modinfop)
288 {
289 	return (mod_info(&modlinkage, modinfop));
290 }
291 
292 /*
293  * Copy 8 bytes
294  */
295 #define	COPY8(src, dst) { \
296 	char *a = (char *)dst; \
297 	char *b = (char *)src; \
298 	*a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
299 	*a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
300 }
301 
302 /*
303  * Copy multiple of 8 bytes
304  */
305 #define	DESCOPY(src, dst, len) { \
306 	char *a = (char *)dst; \
307 	char *b = (char *)src; \
308 	int i; \
309 	for (i = (size_t)len; i > 0; i -= 8) { \
310 		*a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
311 		*a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
312 	} \
313 }
314 
315 /*
316  * CBC mode encryption
317  */
318 /* ARGSUSED */
319 int
320 cbc_crypt(char *key, char *buf, size_t len, unsigned int mode, char *ivec)
321 {
322 	int err = 0;
323 /* EXPORT DELETE START */
324 	struct desparams dp;
325 
326 	dp.des_mode = CBC;
327 	COPY8(ivec, dp.des_ivec);
328 	err = common_crypt(key, buf, len, mode, &dp);
329 	COPY8(dp.des_ivec, ivec);
330 /* EXPORT DELETE END */
331 	return (err);
332 }
333 
334 
335 /*
336  * ECB mode encryption
337  */
338 /* ARGSUSED */
339 int
340 ecb_crypt(char *key, char *buf, size_t len, unsigned int mode)
341 {
342 	int err = 0;
343 /* EXPORT DELETE START */
344 	struct desparams dp;
345 
346 	dp.des_mode = ECB;
347 	err = common_crypt(key, buf, len, mode, &dp);
348 /* EXPORT DELETE END */
349 	return (err);
350 }
351 
352 
353 
354 /* EXPORT DELETE START */
355 /*
356  * Common code to cbc_crypt() & ecb_crypt()
357  */
358 static int
359 common_crypt(char *key, char *buf, size_t len, unsigned int mode,
360     struct desparams *desp)
361 {
362 	int desdev;
363 
364 	if ((len % 8) != 0 || len > DES_MAXDATA)
365 		return (DESERR_BADPARAM);
366 
367 	desp->des_dir =
368 	    ((mode & DES_DIRMASK) == DES_ENCRYPT) ? ENCRYPT : DECRYPT;
369 
370 	desdev = mode & DES_DEVMASK;
371 	COPY8(key, desp->des_key);
372 
373 #ifdef sun_hardware
374 	if (desdev == DES_HW) {
375 		int res;
376 
377 		if (g_desfd < 0 &&
378 		    (g_desfd == -1 || (g_desfd = getdesfd()) < 0))
379 				goto software;	/* no hardware device */
380 
381 		/*
382 		 * hardware
383 		 */
384 		desp->des_len = len;
385 		if (len <= DES_QUICKLEN) {
386 			DESCOPY(buf, desp->des_data, len);
387 			res = ioctl(g_desfd, DESIOCQUICK, (char *)desp);
388 			DESCOPY(desp->des_data, buf, len);
389 		} else {
390 			desp->des_buf = (uchar_t *)buf;
391 			res = ioctl(g_desfd, DESIOCBLOCK, (char *)desp);
392 		}
393 		return (res == 0 ? DESERR_NONE : DESERR_HWERROR);
394 	}
395 software:
396 #endif
397 	/*
398 	 * software
399 	 */
400 	if (!_des_crypt(buf, len, desp))
401 		return (DESERR_HWERROR);
402 
403 	return (desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE);
404 }
405 
406 /*
407  * Initialize key schedules for DES and DES3
408  */
409 static int
410 init_keysched(crypto_key_t *key, void *newbie, des_strength_t strength)
411 {
412 	uint8_t corrected_key[DES3_KEYSIZE];
413 
414 	/*
415 	 * Only keys by value are supported by this module.
416 	 */
417 	switch (key->ck_format) {
418 	case CRYPTO_KEY_RAW:
419 		if (strength == DES && key->ck_length != DES_MAXBITS)
420 			return (CRYPTO_KEY_SIZE_RANGE);
421 		if (strength == DES3 && key->ck_length != DES3_MAXBITS)
422 			return (CRYPTO_KEY_SIZE_RANGE);
423 		break;
424 	default:
425 		return (CRYPTO_KEY_TYPE_INCONSISTENT);
426 	}
427 
428 	/*
429 	 * Fix parity bits.
430 	 * Initialize key schedule even if key is weak.
431 	 */
432 	if (key->ck_data == NULL)
433 		return (CRYPTO_ARGUMENTS_BAD);
434 
435 	des_parity_fix(key->ck_data, strength, corrected_key);
436 	des_init_keysched(corrected_key, strength, newbie);
437 	return (CRYPTO_SUCCESS);
438 }
439 
440 /* EXPORT DELETE END */
441 
442 /*
443  * KCF software provider control entry points.
444  */
445 /* ARGSUSED */
446 static void
447 des_provider_status(crypto_provider_handle_t provider, uint_t *status)
448 {
449 	*status = CRYPTO_PROVIDER_READY;
450 }
451 
452 /*
453  * KCF software provider encrypt entry points.
454  */
455 static int
456 des_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
457     crypto_key_t *key, crypto_spi_ctx_template_t template,
458     crypto_req_handle_t req)
459 {
460 
461 /* EXPORT DELETE START */
462 
463 	des_strength_t strength;
464 	des_ctx_t *des_ctx = NULL;
465 	int rv;
466 	int kmflag;
467 
468 	/*
469 	 * Only keys by value are supported by this module.
470 	 */
471 	if (key->ck_format != CRYPTO_KEY_RAW) {
472 		return (CRYPTO_KEY_TYPE_INCONSISTENT);
473 	}
474 
475 	kmflag = crypto_kmflag(req);
476 	/* Check mechanism type and parameter length */
477 	switch (mechanism->cm_type) {
478 	case DES_ECB_MECH_INFO_TYPE:
479 		des_ctx = ecb_alloc_ctx(kmflag);
480 		/* FALLTHRU */
481 	case DES_CBC_MECH_INFO_TYPE:
482 		if (mechanism->cm_param != NULL &&
483 		    mechanism->cm_param_len != DES_BLOCK_LEN)
484 			return (CRYPTO_MECHANISM_PARAM_INVALID);
485 		if (key->ck_length != DES_MAXBITS)
486 			return (CRYPTO_KEY_SIZE_RANGE);
487 		strength = DES;
488 		if (des_ctx == NULL)
489 			des_ctx = cbc_alloc_ctx(kmflag);
490 		break;
491 	case DES3_ECB_MECH_INFO_TYPE:
492 		des_ctx = ecb_alloc_ctx(kmflag);
493 		/* FALLTHRU */
494 	case DES3_CBC_MECH_INFO_TYPE:
495 		if (mechanism->cm_param != NULL &&
496 		    mechanism->cm_param_len != DES_BLOCK_LEN)
497 			return (CRYPTO_MECHANISM_PARAM_INVALID);
498 		if (key->ck_length != DES3_MAXBITS)
499 			return (CRYPTO_KEY_SIZE_RANGE);
500 		strength = DES3;
501 		if (des_ctx == NULL)
502 			des_ctx = cbc_alloc_ctx(kmflag);
503 		break;
504 	default:
505 		return (CRYPTO_MECHANISM_INVALID);
506 	}
507 
508 	if ((rv = des_common_init_ctx(des_ctx, template, mechanism, key,
509 	    strength, kmflag)) != CRYPTO_SUCCESS) {
510 		crypto_free_mode_ctx(des_ctx);
511 		return (rv);
512 	}
513 
514 	ctx->cc_provider_private = des_ctx;
515 
516 /* EXPORT DELETE END */
517 
518 	return (CRYPTO_SUCCESS);
519 }
520 
521 static void
522 des_copy_block64(uint8_t *in, uint64_t *out)
523 {
524 	if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
525 		/* LINTED: pointer alignment */
526 		out[0] = *(uint64_t *)&in[0];
527 	} else {
528 		uint64_t tmp64;
529 
530 #ifdef _BIG_ENDIAN
531 		tmp64 = (((uint64_t)in[0] << 56) |
532 		    ((uint64_t)in[1] << 48) |
533 		    ((uint64_t)in[2] << 40) |
534 		    ((uint64_t)in[3] << 32) |
535 		    ((uint64_t)in[4] << 24) |
536 		    ((uint64_t)in[5] << 16) |
537 		    ((uint64_t)in[6] << 8) |
538 		    (uint64_t)in[7]);
539 #else
540 		tmp64 = (((uint64_t)in[7] << 56) |
541 		    ((uint64_t)in[6] << 48) |
542 		    ((uint64_t)in[5] << 40) |
543 		    ((uint64_t)in[4] << 32) |
544 		    ((uint64_t)in[3] << 24) |
545 		    ((uint64_t)in[2] << 16) |
546 		    ((uint64_t)in[1] << 8) |
547 		    (uint64_t)in[0]);
548 #endif /* _BIG_ENDIAN */
549 
550 		out[0] = tmp64;
551 	}
552 }
553 
554 /* ARGSUSED */
555 static int
556 des_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
557     crypto_data_t *ciphertext, crypto_req_handle_t req)
558 {
559 	int ret;
560 
561 /* EXPORT DELETE START */
562 	des_ctx_t *des_ctx;
563 
564 	/*
565 	 * Plaintext must be a multiple of the block size.
566 	 * This test only works for non-padded mechanisms
567 	 * when blocksize is 2^N.
568 	 */
569 	if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
570 		return (CRYPTO_DATA_LEN_RANGE);
571 
572 	ASSERT(ctx->cc_provider_private != NULL);
573 	des_ctx = ctx->cc_provider_private;
574 
575 	DES_ARG_INPLACE(plaintext, ciphertext);
576 
577 	/*
578 	 * We need to just return the length needed to store the output.
579 	 * We should not destroy the context for the following case.
580 	 */
581 	if (ciphertext->cd_length < plaintext->cd_length) {
582 		ciphertext->cd_length = plaintext->cd_length;
583 		return (CRYPTO_BUFFER_TOO_SMALL);
584 	}
585 
586 	/*
587 	 * Do an update on the specified input data.
588 	 */
589 	ret = des_encrypt_update(ctx, plaintext, ciphertext, req);
590 	ASSERT(des_ctx->dc_remainder_len == 0);
591 	(void) des_free_context(ctx);
592 
593 /* EXPORT DELETE END */
594 
595 	/* LINTED */
596 	return (ret);
597 }
598 
599 /* ARGSUSED */
600 static int
601 des_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
602     crypto_data_t *plaintext, crypto_req_handle_t req)
603 {
604 	int ret;
605 
606 /* EXPORT DELETE START */
607 	des_ctx_t *des_ctx;
608 
609 	/*
610 	 * Ciphertext must be a multiple of the block size.
611 	 * This test only works for non-padded mechanisms
612 	 * when blocksize is 2^N.
613 	 */
614 	if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
615 		return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
616 
617 	ASSERT(ctx->cc_provider_private != NULL);
618 	des_ctx = ctx->cc_provider_private;
619 
620 	DES_ARG_INPLACE(ciphertext, plaintext);
621 
622 	/*
623 	 * We need to just return the length needed to store the output.
624 	 * We should not destroy the context for the following case.
625 	 */
626 	if (plaintext->cd_length < ciphertext->cd_length) {
627 		plaintext->cd_length = ciphertext->cd_length;
628 		return (CRYPTO_BUFFER_TOO_SMALL);
629 	}
630 
631 	/*
632 	 * Do an update on the specified input data.
633 	 */
634 	ret = des_decrypt_update(ctx, ciphertext, plaintext, req);
635 	ASSERT(des_ctx->dc_remainder_len == 0);
636 	(void) des_free_context(ctx);
637 
638 /* EXPORT DELETE END */
639 
640 	/* LINTED */
641 	return (ret);
642 }
643 
644 /* ARGSUSED */
645 static int
646 des_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
647     crypto_data_t *ciphertext, crypto_req_handle_t req)
648 {
649 	off_t saved_offset;
650 	size_t saved_length, out_len;
651 	int ret = CRYPTO_SUCCESS;
652 
653 /* EXPORT DELETE START */
654 
655 	ASSERT(ctx->cc_provider_private != NULL);
656 
657 	DES_ARG_INPLACE(plaintext, ciphertext);
658 
659 	/* compute number of bytes that will hold the ciphertext */
660 	out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len;
661 	out_len += plaintext->cd_length;
662 	out_len &= ~(DES_BLOCK_LEN - 1);
663 
664 	/* return length needed to store the output */
665 	if (ciphertext->cd_length < out_len) {
666 		ciphertext->cd_length = out_len;
667 		return (CRYPTO_BUFFER_TOO_SMALL);
668 	}
669 
670 	saved_offset = ciphertext->cd_offset;
671 	saved_length = ciphertext->cd_length;
672 
673 	/*
674 	 * Do the DES update on the specified input data.
675 	 */
676 	switch (plaintext->cd_format) {
677 	case CRYPTO_DATA_RAW:
678 		ret = crypto_update_iov(ctx->cc_provider_private,
679 		    plaintext, ciphertext, des_encrypt_contiguous_blocks,
680 		    des_copy_block64);
681 		break;
682 	case CRYPTO_DATA_UIO:
683 		ret = crypto_update_uio(ctx->cc_provider_private,
684 		    plaintext, ciphertext, des_encrypt_contiguous_blocks,
685 		    des_copy_block64);
686 		break;
687 	case CRYPTO_DATA_MBLK:
688 		ret = crypto_update_mp(ctx->cc_provider_private,
689 		    plaintext, ciphertext, des_encrypt_contiguous_blocks,
690 		    des_copy_block64);
691 		break;
692 	default:
693 		ret = CRYPTO_ARGUMENTS_BAD;
694 	}
695 
696 	if (ret == CRYPTO_SUCCESS) {
697 		if (plaintext != ciphertext)
698 			ciphertext->cd_length =
699 			    ciphertext->cd_offset - saved_offset;
700 	} else {
701 		ciphertext->cd_length = saved_length;
702 	}
703 	ciphertext->cd_offset = saved_offset;
704 
705 /* EXPORT DELETE END */
706 
707 	return (ret);
708 }
709 
710 /* ARGSUSED */
711 static int
712 des_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
713     crypto_data_t *plaintext, crypto_req_handle_t req)
714 {
715 	off_t saved_offset;
716 	size_t saved_length, out_len;
717 	int ret = CRYPTO_SUCCESS;
718 
719 /* EXPORT DELETE START */
720 
721 	ASSERT(ctx->cc_provider_private != NULL);
722 
723 	DES_ARG_INPLACE(ciphertext, plaintext);
724 
725 	/* compute number of bytes that will hold the plaintext */
726 	out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len;
727 	out_len += ciphertext->cd_length;
728 	out_len &= ~(DES_BLOCK_LEN - 1);
729 
730 	/* return length needed to store the output */
731 	if (plaintext->cd_length < out_len) {
732 		plaintext->cd_length = out_len;
733 		return (CRYPTO_BUFFER_TOO_SMALL);
734 	}
735 
736 	saved_offset = plaintext->cd_offset;
737 	saved_length = plaintext->cd_length;
738 
739 	/*
740 	 * Do the DES update on the specified input data.
741 	 */
742 	switch (ciphertext->cd_format) {
743 	case CRYPTO_DATA_RAW:
744 		ret = crypto_update_iov(ctx->cc_provider_private,
745 		    ciphertext, plaintext, des_decrypt_contiguous_blocks,
746 		    des_copy_block64);
747 		break;
748 	case CRYPTO_DATA_UIO:
749 		ret = crypto_update_uio(ctx->cc_provider_private,
750 		    ciphertext, plaintext, des_decrypt_contiguous_blocks,
751 		    des_copy_block64);
752 		break;
753 	case CRYPTO_DATA_MBLK:
754 		ret = crypto_update_mp(ctx->cc_provider_private,
755 		    ciphertext, plaintext, des_decrypt_contiguous_blocks,
756 		    des_copy_block64);
757 		break;
758 	default:
759 		ret = CRYPTO_ARGUMENTS_BAD;
760 	}
761 
762 	if (ret == CRYPTO_SUCCESS) {
763 		if (ciphertext != plaintext)
764 			plaintext->cd_length =
765 			    plaintext->cd_offset - saved_offset;
766 	} else {
767 		plaintext->cd_length = saved_length;
768 	}
769 	plaintext->cd_offset = saved_offset;
770 
771 /* EXPORT DELETE END */
772 
773 	return (ret);
774 }
775 
776 /* ARGSUSED */
777 static int
778 des_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
779     crypto_req_handle_t req)
780 {
781 
782 /* EXPORT DELETE START */
783 
784 	des_ctx_t *des_ctx;
785 
786 	ASSERT(ctx->cc_provider_private != NULL);
787 	des_ctx = ctx->cc_provider_private;
788 
789 	/*
790 	 * There must be no unprocessed plaintext.
791 	 * This happens if the length of the last data is
792 	 * not a multiple of the DES block length.
793 	 */
794 	if (des_ctx->dc_remainder_len > 0)
795 		return (CRYPTO_DATA_LEN_RANGE);
796 
797 	(void) des_free_context(ctx);
798 	ciphertext->cd_length = 0;
799 
800 /* EXPORT DELETE END */
801 
802 	return (CRYPTO_SUCCESS);
803 }
804 
805 /* ARGSUSED */
806 static int
807 des_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *plaintext,
808     crypto_req_handle_t req)
809 {
810 
811 /* EXPORT DELETE START */
812 
813 	des_ctx_t *des_ctx;
814 
815 	ASSERT(ctx->cc_provider_private != NULL);
816 	des_ctx = ctx->cc_provider_private;
817 
818 	/*
819 	 * There must be no unprocessed ciphertext.
820 	 * This happens if the length of the last ciphertext is
821 	 * not a multiple of the DES block length.
822 	 */
823 	if (des_ctx->dc_remainder_len > 0)
824 		return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
825 
826 	(void) des_free_context(ctx);
827 	plaintext->cd_length = 0;
828 
829 /* EXPORT DELETE END */
830 
831 	return (CRYPTO_SUCCESS);
832 }
833 
834 /* ARGSUSED */
835 static int
836 des_encrypt_atomic(crypto_provider_handle_t provider,
837     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
838     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
839     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
840 {
841 	int ret;
842 
843 /* EXPORT DELETE START */
844 
845 	des_ctx_t des_ctx;		/* on the stack */
846 	des_strength_t strength;
847 	off_t saved_offset;
848 	size_t saved_length;
849 
850 	DES_ARG_INPLACE(plaintext, ciphertext);
851 
852 	/*
853 	 * Plaintext must be a multiple of the block size.
854 	 * This test only works for non-padded mechanisms
855 	 * when blocksize is 2^N.
856 	 */
857 	if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
858 		return (CRYPTO_DATA_LEN_RANGE);
859 
860 	/* return length needed to store the output */
861 	if (ciphertext->cd_length < plaintext->cd_length) {
862 		ciphertext->cd_length = plaintext->cd_length;
863 		return (CRYPTO_BUFFER_TOO_SMALL);
864 	}
865 
866 	/* Check mechanism type and parameter length */
867 	switch (mechanism->cm_type) {
868 	case DES_ECB_MECH_INFO_TYPE:
869 	case DES_CBC_MECH_INFO_TYPE:
870 		if (mechanism->cm_param_len > 0 &&
871 		    mechanism->cm_param_len != DES_BLOCK_LEN)
872 			return (CRYPTO_MECHANISM_PARAM_INVALID);
873 		if (key->ck_length != DES_MINBITS)
874 			return (CRYPTO_KEY_SIZE_RANGE);
875 		strength = DES;
876 		break;
877 	case DES3_ECB_MECH_INFO_TYPE:
878 	case DES3_CBC_MECH_INFO_TYPE:
879 		if (mechanism->cm_param_len > 0 &&
880 		    mechanism->cm_param_len != DES_BLOCK_LEN)
881 			return (CRYPTO_MECHANISM_PARAM_INVALID);
882 		if (key->ck_length != DES3_MAXBITS)
883 			return (CRYPTO_KEY_SIZE_RANGE);
884 		strength = DES3;
885 		break;
886 	default:
887 		return (CRYPTO_MECHANISM_INVALID);
888 	}
889 
890 	bzero(&des_ctx, sizeof (des_ctx_t));
891 
892 	if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key,
893 	    strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) {
894 		return (ret);
895 	}
896 
897 	saved_offset = ciphertext->cd_offset;
898 	saved_length = ciphertext->cd_length;
899 
900 	/*
901 	 * Do the update on the specified input data.
902 	 */
903 	switch (plaintext->cd_format) {
904 	case CRYPTO_DATA_RAW:
905 		ret = crypto_update_iov(&des_ctx, plaintext, ciphertext,
906 		    des_encrypt_contiguous_blocks, des_copy_block64);
907 		break;
908 	case CRYPTO_DATA_UIO:
909 		ret = crypto_update_uio(&des_ctx, plaintext, ciphertext,
910 		    des_encrypt_contiguous_blocks, des_copy_block64);
911 		break;
912 	case CRYPTO_DATA_MBLK:
913 		ret = crypto_update_mp(&des_ctx, plaintext, ciphertext,
914 		    des_encrypt_contiguous_blocks, des_copy_block64);
915 		break;
916 	default:
917 		ret = CRYPTO_ARGUMENTS_BAD;
918 	}
919 
920 	if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
921 		bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
922 		kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
923 	}
924 
925 	if (ret == CRYPTO_SUCCESS) {
926 		ASSERT(des_ctx.dc_remainder_len == 0);
927 		if (plaintext != ciphertext)
928 			ciphertext->cd_length =
929 			    ciphertext->cd_offset - saved_offset;
930 	} else {
931 		ciphertext->cd_length = saved_length;
932 	}
933 	ciphertext->cd_offset = saved_offset;
934 
935 /* EXPORT DELETE END */
936 
937 	/* LINTED */
938 	return (ret);
939 }
940 
941 /* ARGSUSED */
942 static int
943 des_decrypt_atomic(crypto_provider_handle_t provider,
944     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
945     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
946     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
947 {
948 	int ret;
949 
950 /* EXPORT DELETE START */
951 
952 	des_ctx_t des_ctx;	/* on the stack */
953 	des_strength_t strength;
954 	off_t saved_offset;
955 	size_t saved_length;
956 
957 	DES_ARG_INPLACE(ciphertext, plaintext);
958 
959 	/*
960 	 * Ciphertext must be a multiple of the block size.
961 	 * This test only works for non-padded mechanisms
962 	 * when blocksize is 2^N.
963 	 */
964 	if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
965 		return (CRYPTO_DATA_LEN_RANGE);
966 
967 	/* return length needed to store the output */
968 	if (plaintext->cd_length < ciphertext->cd_length) {
969 		plaintext->cd_length = ciphertext->cd_length;
970 		return (CRYPTO_BUFFER_TOO_SMALL);
971 	}
972 
973 	/* Check mechanism type and parameter length */
974 	switch (mechanism->cm_type) {
975 	case DES_ECB_MECH_INFO_TYPE:
976 	case DES_CBC_MECH_INFO_TYPE:
977 		if (mechanism->cm_param_len > 0 &&
978 		    mechanism->cm_param_len != DES_BLOCK_LEN)
979 			return (CRYPTO_MECHANISM_PARAM_INVALID);
980 		if (key->ck_length != DES_MINBITS)
981 			return (CRYPTO_KEY_SIZE_RANGE);
982 		strength = DES;
983 		break;
984 	case DES3_ECB_MECH_INFO_TYPE:
985 	case DES3_CBC_MECH_INFO_TYPE:
986 		if (mechanism->cm_param_len > 0 &&
987 		    mechanism->cm_param_len != DES_BLOCK_LEN)
988 			return (CRYPTO_MECHANISM_PARAM_INVALID);
989 		if (key->ck_length != DES3_MAXBITS)
990 			return (CRYPTO_KEY_SIZE_RANGE);
991 		strength = DES3;
992 		break;
993 	default:
994 		return (CRYPTO_MECHANISM_INVALID);
995 	}
996 
997 	bzero(&des_ctx, sizeof (des_ctx_t));
998 
999 	if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key,
1000 	    strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) {
1001 		return (ret);
1002 	}
1003 
1004 	saved_offset = plaintext->cd_offset;
1005 	saved_length = plaintext->cd_length;
1006 
1007 	/*
1008 	 * Do the update on the specified input data.
1009 	 */
1010 	switch (ciphertext->cd_format) {
1011 	case CRYPTO_DATA_RAW:
1012 		ret = crypto_update_iov(&des_ctx, ciphertext, plaintext,
1013 		    des_decrypt_contiguous_blocks, des_copy_block64);
1014 		break;
1015 	case CRYPTO_DATA_UIO:
1016 		ret = crypto_update_uio(&des_ctx, ciphertext, plaintext,
1017 		    des_decrypt_contiguous_blocks, des_copy_block64);
1018 		break;
1019 	case CRYPTO_DATA_MBLK:
1020 		ret = crypto_update_mp(&des_ctx, ciphertext, plaintext,
1021 		    des_decrypt_contiguous_blocks, des_copy_block64);
1022 		break;
1023 	default:
1024 		ret = CRYPTO_ARGUMENTS_BAD;
1025 	}
1026 
1027 	if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1028 		bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
1029 		kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
1030 	}
1031 
1032 	if (ret == CRYPTO_SUCCESS) {
1033 		ASSERT(des_ctx.dc_remainder_len == 0);
1034 		if (ciphertext != plaintext)
1035 			plaintext->cd_length =
1036 			    plaintext->cd_offset - saved_offset;
1037 	} else {
1038 		plaintext->cd_length = saved_length;
1039 	}
1040 	plaintext->cd_offset = saved_offset;
1041 
1042 /* EXPORT DELETE END */
1043 
1044 	/* LINTED */
1045 	return (ret);
1046 }
1047 
1048 /*
1049  * KCF software provider context template entry points.
1050  */
1051 /* ARGSUSED */
1052 static int
1053 des_create_ctx_template(crypto_provider_handle_t provider,
1054     crypto_mechanism_t *mechanism, crypto_key_t *key,
1055     crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
1056 {
1057 
1058 /* EXPORT DELETE START */
1059 
1060 	des_strength_t strength;
1061 	void *keysched;
1062 	size_t size;
1063 	int rv;
1064 
1065 	switch (mechanism->cm_type) {
1066 	case DES_ECB_MECH_INFO_TYPE:
1067 		strength = DES;
1068 		break;
1069 	case DES_CBC_MECH_INFO_TYPE:
1070 		strength = DES;
1071 		break;
1072 	case DES3_ECB_MECH_INFO_TYPE:
1073 		strength = DES3;
1074 		break;
1075 	case DES3_CBC_MECH_INFO_TYPE:
1076 		strength = DES3;
1077 		break;
1078 	default:
1079 		return (CRYPTO_MECHANISM_INVALID);
1080 	}
1081 
1082 	if ((keysched = des_alloc_keysched(&size, strength,
1083 	    crypto_kmflag(req))) == NULL) {
1084 		return (CRYPTO_HOST_MEMORY);
1085 	}
1086 
1087 	/*
1088 	 * Initialize key schedule.  Key length information is stored
1089 	 * in the key.
1090 	 */
1091 	if ((rv = init_keysched(key, keysched, strength)) != CRYPTO_SUCCESS) {
1092 		bzero(keysched, size);
1093 		kmem_free(keysched, size);
1094 		return (rv);
1095 	}
1096 
1097 	*tmpl = keysched;
1098 	*tmpl_size = size;
1099 
1100 /* EXPORT DELETE END */
1101 
1102 	return (CRYPTO_SUCCESS);
1103 }
1104 
1105 /* ARGSUSED */
1106 static int
1107 des_free_context(crypto_ctx_t *ctx)
1108 {
1109 
1110 /* EXPORT DELETE START */
1111 
1112 	des_ctx_t *des_ctx = ctx->cc_provider_private;
1113 
1114 	if (des_ctx != NULL) {
1115 		if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1116 			ASSERT(des_ctx->dc_keysched_len != 0);
1117 			bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
1118 			kmem_free(des_ctx->dc_keysched,
1119 			    des_ctx->dc_keysched_len);
1120 		}
1121 		crypto_free_mode_ctx(des_ctx);
1122 		ctx->cc_provider_private = NULL;
1123 	}
1124 
1125 /* EXPORT DELETE END */
1126 
1127 	return (CRYPTO_SUCCESS);
1128 }
1129 
1130 /*
1131  * Pass it to des_keycheck() which will
1132  * fix it (parity bits), and check if the fixed key is weak.
1133  */
1134 /* ARGSUSED */
1135 static int
1136 des_key_check(crypto_provider_handle_t pd, crypto_mechanism_t *mech,
1137     crypto_key_t *key)
1138 {
1139 
1140 /* EXPORT DELETE START */
1141 
1142 	int expectedkeylen;
1143 	des_strength_t strength;
1144 	uint8_t keydata[DES3_MAX_KEY_LEN];
1145 
1146 	if ((mech == NULL) || (key == NULL))
1147 		return (CRYPTO_ARGUMENTS_BAD);
1148 
1149 	switch (mech->cm_type) {
1150 	case DES_ECB_MECH_INFO_TYPE:
1151 	case DES_CBC_MECH_INFO_TYPE:
1152 		expectedkeylen = DES_MINBITS;
1153 		strength = DES;
1154 		break;
1155 	case DES3_ECB_MECH_INFO_TYPE:
1156 	case DES3_CBC_MECH_INFO_TYPE:
1157 		expectedkeylen = DES3_MAXBITS;
1158 		strength = DES3;
1159 		break;
1160 	default:
1161 		return (CRYPTO_MECHANISM_INVALID);
1162 	}
1163 
1164 	if (key->ck_format != CRYPTO_KEY_RAW)
1165 		return (CRYPTO_KEY_TYPE_INCONSISTENT);
1166 
1167 	if (key->ck_length != expectedkeylen)
1168 		return (CRYPTO_KEY_SIZE_RANGE);
1169 
1170 	bcopy(key->ck_data, keydata, CRYPTO_BITS2BYTES(expectedkeylen));
1171 
1172 	if (des_keycheck(keydata, strength, key->ck_data) == B_FALSE)
1173 		return (CRYPTO_WEAK_KEY);
1174 
1175 /* EXPORT DELETE END */
1176 
1177 	return (CRYPTO_SUCCESS);
1178 }
1179 
1180 /* ARGSUSED */
1181 static int
1182 des_common_init_ctx(des_ctx_t *des_ctx, crypto_spi_ctx_template_t *template,
1183     crypto_mechanism_t *mechanism, crypto_key_t *key, des_strength_t strength,
1184     int kmflag)
1185 {
1186 	int rv = CRYPTO_SUCCESS;
1187 
1188 /* EXPORT DELETE START */
1189 
1190 	void *keysched;
1191 	size_t size;
1192 
1193 	if (template == NULL) {
1194 		if ((keysched = des_alloc_keysched(&size, strength,
1195 		    kmflag)) == NULL)
1196 			return (CRYPTO_HOST_MEMORY);
1197 		/*
1198 		 * Initialize key schedule.
1199 		 * Key length is stored in the key.
1200 		 */
1201 		if ((rv = init_keysched(key, keysched,
1202 		    strength)) != CRYPTO_SUCCESS)
1203 			kmem_free(keysched, size);
1204 
1205 		des_ctx->dc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
1206 		des_ctx->dc_keysched_len = size;
1207 	} else {
1208 		keysched = template;
1209 	}
1210 	des_ctx->dc_keysched = keysched;
1211 
1212 	if (strength == DES3) {
1213 		des_ctx->dc_flags |= DES3_STRENGTH;
1214 	}
1215 
1216 	switch (mechanism->cm_type) {
1217 	case DES_CBC_MECH_INFO_TYPE:
1218 	case DES3_CBC_MECH_INFO_TYPE:
1219 		rv = cbc_init_ctx((cbc_ctx_t *)des_ctx, mechanism->cm_param,
1220 		    mechanism->cm_param_len, DES_BLOCK_LEN, des_copy_block64);
1221 		break;
1222 	case DES_ECB_MECH_INFO_TYPE:
1223 	case DES3_ECB_MECH_INFO_TYPE:
1224 		des_ctx->dc_flags |= ECB_MODE;
1225 	}
1226 
1227 	if (rv != CRYPTO_SUCCESS) {
1228 		if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1229 			bzero(keysched, size);
1230 			kmem_free(keysched, size);
1231 		}
1232 	}
1233 
1234 /* EXPORT DELETE END */
1235 
1236 	return (rv);
1237 }
1238 
1239 /*
1240  * Triple DES Power-Up Self-Test
1241  */
1242 void
1243 des_POST(int *rc)
1244 {
1245 
1246 	*rc = fips_des3_post();
1247 
1248 }
1249