1*23c57df7Smcpowers /* 2*23c57df7Smcpowers * CDDL HEADER START 3*23c57df7Smcpowers * 4*23c57df7Smcpowers * The contents of this file are subject to the terms of the 5*23c57df7Smcpowers * Common Development and Distribution License (the "License"). 6*23c57df7Smcpowers * You may not use this file except in compliance with the License. 7*23c57df7Smcpowers * 8*23c57df7Smcpowers * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*23c57df7Smcpowers * or http://www.opensolaris.org/os/licensing. 10*23c57df7Smcpowers * See the License for the specific language governing permissions 11*23c57df7Smcpowers * and limitations under the License. 12*23c57df7Smcpowers * 13*23c57df7Smcpowers * When distributing Covered Code, include this CDDL HEADER in each 14*23c57df7Smcpowers * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*23c57df7Smcpowers * If applicable, add the following below this CDDL HEADER, with the 16*23c57df7Smcpowers * fields enclosed by brackets "[]" replaced with your own identifying 17*23c57df7Smcpowers * information: Portions Copyright [yyyy] [name of copyright owner] 18*23c57df7Smcpowers * 19*23c57df7Smcpowers * CDDL HEADER END 20*23c57df7Smcpowers */ 21*23c57df7Smcpowers /* 22*23c57df7Smcpowers * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23*23c57df7Smcpowers * Use is subject to license terms. 24*23c57df7Smcpowers */ 25*23c57df7Smcpowers 26*23c57df7Smcpowers #ifndef _COMMON_CRYPTO_MODES_H 27*23c57df7Smcpowers #define _COMMON_CRYPTO_MODES_H 28*23c57df7Smcpowers 29*23c57df7Smcpowers #pragma ident "%Z%%M% %I% %E% SMI" 30*23c57df7Smcpowers 31*23c57df7Smcpowers #ifdef __cplusplus 32*23c57df7Smcpowers extern "C" { 33*23c57df7Smcpowers #endif 34*23c57df7Smcpowers 35*23c57df7Smcpowers #include <sys/strsun.h> 36*23c57df7Smcpowers #include <sys/systm.h> 37*23c57df7Smcpowers #include <sys/sysmacros.h> 38*23c57df7Smcpowers #include <sys/types.h> 39*23c57df7Smcpowers #include <sys/errno.h> 40*23c57df7Smcpowers #include <sys/rwlock.h> 41*23c57df7Smcpowers #include <sys/kmem.h> 42*23c57df7Smcpowers #include <sys/crypto/common.h> 43*23c57df7Smcpowers #include <sys/crypto/impl.h> 44*23c57df7Smcpowers 45*23c57df7Smcpowers #define ECB_MODE 0x00000002 46*23c57df7Smcpowers #define CBC_MODE 0x00000004 47*23c57df7Smcpowers #define CTR_MODE 0x00000008 48*23c57df7Smcpowers #define CCM_MODE 0x00000010 49*23c57df7Smcpowers 50*23c57df7Smcpowers /* 51*23c57df7Smcpowers * cc_keysched: Pointer to key schedule. 52*23c57df7Smcpowers * 53*23c57df7Smcpowers * cc_keysched_len: Length of the key schedule. 54*23c57df7Smcpowers * 55*23c57df7Smcpowers * cc_remainder: This is for residual data, i.e. data that can't 56*23c57df7Smcpowers * be processed because there are too few bytes. 57*23c57df7Smcpowers * Must wait until more data arrives. 58*23c57df7Smcpowers * 59*23c57df7Smcpowers * cc_remainder_len: Number of bytes in cc_remainder. 60*23c57df7Smcpowers * 61*23c57df7Smcpowers * cc_iv: Scratch buffer that sometimes contains the IV. 62*23c57df7Smcpowers * 63*23c57df7Smcpowers * cc_lastblock: Scratch buffer. 64*23c57df7Smcpowers * 65*23c57df7Smcpowers * cc_lastp: Pointer to previous block of ciphertext. 66*23c57df7Smcpowers * 67*23c57df7Smcpowers * cc_copy_to: Pointer to where encrypted residual data needs 68*23c57df7Smcpowers * to be copied. 69*23c57df7Smcpowers * 70*23c57df7Smcpowers * cc_flags: PROVIDER_OWNS_KEY_SCHEDULE 71*23c57df7Smcpowers * When a context is freed, it is necessary 72*23c57df7Smcpowers * to know whether the key schedule was allocated 73*23c57df7Smcpowers * by the caller, or internally, e.g. an init routine. 74*23c57df7Smcpowers * If allocated by the latter, then it needs to be freed. 75*23c57df7Smcpowers * 76*23c57df7Smcpowers * ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE 77*23c57df7Smcpowers */ 78*23c57df7Smcpowers struct common_ctx { 79*23c57df7Smcpowers void *cc_keysched; 80*23c57df7Smcpowers size_t cc_keysched_len; 81*23c57df7Smcpowers uint64_t cc_iv[2]; 82*23c57df7Smcpowers uint64_t cc_lastblock[2]; 83*23c57df7Smcpowers uint64_t cc_remainder[2]; 84*23c57df7Smcpowers size_t cc_remainder_len; 85*23c57df7Smcpowers uint8_t *cc_lastp; 86*23c57df7Smcpowers uint8_t *cc_copy_to; 87*23c57df7Smcpowers uint32_t cc_flags; 88*23c57df7Smcpowers }; 89*23c57df7Smcpowers 90*23c57df7Smcpowers typedef struct common_ctx ecb_ctx_t; 91*23c57df7Smcpowers typedef struct common_ctx cbc_ctx_t; 92*23c57df7Smcpowers typedef struct common_ctx common_ctx_t; 93*23c57df7Smcpowers 94*23c57df7Smcpowers typedef struct ctr_ctx { 95*23c57df7Smcpowers struct common_ctx ctr_common; 96*23c57df7Smcpowers uint32_t ctr_tmp[4]; 97*23c57df7Smcpowers } ctr_ctx_t; 98*23c57df7Smcpowers 99*23c57df7Smcpowers /* 100*23c57df7Smcpowers * ctr_cb Counter block. 101*23c57df7Smcpowers * 102*23c57df7Smcpowers * ctr_counter_mask Mask of counter bits in the last 8 bytes of the 103*23c57df7Smcpowers * counter block. 104*23c57df7Smcpowers */ 105*23c57df7Smcpowers 106*23c57df7Smcpowers #define ctr_keysched ctr_common.cc_keysched 107*23c57df7Smcpowers #define ctr_keysched_len ctr_common.cc_keysched_len 108*23c57df7Smcpowers #define ctr_cb ctr_common.cc_iv 109*23c57df7Smcpowers #define ctr_counter_mask ctr_common.cc_lastblock[0] 110*23c57df7Smcpowers #define ctr_remainder ctr_common.cc_remainder 111*23c57df7Smcpowers #define ctr_remainder_len ctr_common.cc_remainder_len 112*23c57df7Smcpowers #define ctr_lastp ctr_common.cc_lastp 113*23c57df7Smcpowers #define ctr_copy_to ctr_common.cc_copy_to 114*23c57df7Smcpowers #define ctr_flags ctr_common.cc_flags 115*23c57df7Smcpowers 116*23c57df7Smcpowers /* 117*23c57df7Smcpowers * 118*23c57df7Smcpowers * ccm_mac_len: Stores length of the MAC in CCM mode. 119*23c57df7Smcpowers * ccm_mac_buf: Stores the intermediate value for MAC in CCM encrypt. 120*23c57df7Smcpowers * In CCM decrypt, stores the input MAC value. 121*23c57df7Smcpowers * ccm_data_len: Length of the plaintext for CCM mode encrypt, or 122*23c57df7Smcpowers * length of the ciphertext for CCM mode decrypt. 123*23c57df7Smcpowers * ccm_processed_data_len: 124*23c57df7Smcpowers * Length of processed plaintext in CCM mode encrypt, 125*23c57df7Smcpowers * or length of processed ciphertext for CCM mode decrypt. 126*23c57df7Smcpowers * ccm_processed_mac_len: 127*23c57df7Smcpowers * Length of MAC data accumulated in CCM mode decrypt. 128*23c57df7Smcpowers * 129*23c57df7Smcpowers * ccm_pt_buf: Only used in CCM mode decrypt. It stores the 130*23c57df7Smcpowers * decrypted plaintext to be returned when 131*23c57df7Smcpowers * MAC verification succeeds in decrypt_final. 132*23c57df7Smcpowers * Memory for this should be allocated in the AES module. 133*23c57df7Smcpowers * 134*23c57df7Smcpowers */ 135*23c57df7Smcpowers typedef struct ccm_ctx { 136*23c57df7Smcpowers struct common_ctx ccm_common; 137*23c57df7Smcpowers uint32_t ccm_tmp[4]; 138*23c57df7Smcpowers size_t ccm_mac_len; 139*23c57df7Smcpowers uint64_t ccm_mac_buf[2]; 140*23c57df7Smcpowers size_t ccm_data_len; 141*23c57df7Smcpowers size_t ccm_processed_data_len; 142*23c57df7Smcpowers size_t ccm_processed_mac_len; 143*23c57df7Smcpowers uint8_t *ccm_pt_buf; 144*23c57df7Smcpowers uint64_t ccm_mac_input_buf[2]; 145*23c57df7Smcpowers } ccm_ctx_t; 146*23c57df7Smcpowers 147*23c57df7Smcpowers #define ccm_keysched ccm_common.cc_keysched 148*23c57df7Smcpowers #define ccm_keysched_len ccm_common.cc_keysched_len 149*23c57df7Smcpowers #define ccm_cb ccm_common.cc_iv 150*23c57df7Smcpowers #define ccm_counter_mask ccm_common.cc_lastblock[0] 151*23c57df7Smcpowers #define ccm_remainder ccm_common.cc_remainder 152*23c57df7Smcpowers #define ccm_remainder_len ccm_common.cc_remainder_len 153*23c57df7Smcpowers #define ccm_lastp ccm_common.cc_lastp 154*23c57df7Smcpowers #define ccm_copy_to ccm_common.cc_copy_to 155*23c57df7Smcpowers #define ccm_flags ccm_common.cc_flags 156*23c57df7Smcpowers 157*23c57df7Smcpowers typedef struct aes_ctx { 158*23c57df7Smcpowers union { 159*23c57df7Smcpowers ecb_ctx_t acu_ecb; 160*23c57df7Smcpowers cbc_ctx_t acu_cbc; 161*23c57df7Smcpowers ctr_ctx_t acu_ctr; 162*23c57df7Smcpowers #ifdef _KERNEL 163*23c57df7Smcpowers ccm_ctx_t acu_ccm; 164*23c57df7Smcpowers #endif 165*23c57df7Smcpowers } acu; 166*23c57df7Smcpowers } aes_ctx_t; 167*23c57df7Smcpowers 168*23c57df7Smcpowers #define ac_flags acu.acu_ecb.cc_flags 169*23c57df7Smcpowers #define ac_remainder_len acu.acu_ecb.cc_remainder_len 170*23c57df7Smcpowers #define ac_keysched acu.acu_ecb.cc_keysched 171*23c57df7Smcpowers #define ac_keysched_len acu.acu_ecb.cc_keysched_len 172*23c57df7Smcpowers #define ac_iv acu.acu_ecb.cc_iv 173*23c57df7Smcpowers #define ac_lastp acu.acu_ecb.cc_lastp 174*23c57df7Smcpowers #define ac_pt_buf acu.acu_ccm.ccm_pt_buf 175*23c57df7Smcpowers #define ac_mac_len acu.acu_ccm.ccm_mac_len 176*23c57df7Smcpowers #define ac_data_len acu.acu_ccm.ccm_data_len 177*23c57df7Smcpowers #define ac_processed_mac_len acu.acu_ccm.ccm_processed_mac_len 178*23c57df7Smcpowers #define ac_processed_data_len acu.acu_ccm.ccm_processed_data_len 179*23c57df7Smcpowers 180*23c57df7Smcpowers typedef struct blowfish_ctx { 181*23c57df7Smcpowers union { 182*23c57df7Smcpowers ecb_ctx_t bcu_ecb; 183*23c57df7Smcpowers cbc_ctx_t bcu_cbc; 184*23c57df7Smcpowers } bcu; 185*23c57df7Smcpowers } blowfish_ctx_t; 186*23c57df7Smcpowers 187*23c57df7Smcpowers #define bc_flags bcu.bcu_ecb.cc_flags 188*23c57df7Smcpowers #define bc_remainder_len bcu.bcu_ecb.cc_remainder_len 189*23c57df7Smcpowers #define bc_keysched bcu.bcu_ecb.cc_keysched 190*23c57df7Smcpowers #define bc_keysched_len bcu.bcu_ecb.cc_keysched_len 191*23c57df7Smcpowers #define bc_iv bcu.bcu_ecb.cc_iv 192*23c57df7Smcpowers #define bc_lastp bcu.bcu_ecb.cc_lastp 193*23c57df7Smcpowers 194*23c57df7Smcpowers typedef struct des_ctx { 195*23c57df7Smcpowers union { 196*23c57df7Smcpowers ecb_ctx_t dcu_ecb; 197*23c57df7Smcpowers cbc_ctx_t dcu_cbc; 198*23c57df7Smcpowers } dcu; 199*23c57df7Smcpowers } des_ctx_t; 200*23c57df7Smcpowers 201*23c57df7Smcpowers #define dc_flags dcu.dcu_ecb.cc_flags 202*23c57df7Smcpowers #define dc_remainder_len dcu.dcu_ecb.cc_remainder_len 203*23c57df7Smcpowers #define dc_keysched dcu.dcu_ecb.cc_keysched 204*23c57df7Smcpowers #define dc_keysched_len dcu.dcu_ecb.cc_keysched_len 205*23c57df7Smcpowers #define dc_iv dcu.dcu_ecb.cc_iv 206*23c57df7Smcpowers #define dc_lastp dcu.dcu_ecb.cc_lastp 207*23c57df7Smcpowers 208*23c57df7Smcpowers extern int ecb_cipher_contiguous_blocks(cbc_ctx_t *, char *, size_t, 209*23c57df7Smcpowers crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *, 210*23c57df7Smcpowers uint8_t *)); 211*23c57df7Smcpowers 212*23c57df7Smcpowers extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 213*23c57df7Smcpowers crypto_data_t *, size_t, 214*23c57df7Smcpowers int (*encrypt)(const void *, const uint8_t *, uint8_t *), 215*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint8_t *), 216*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 217*23c57df7Smcpowers 218*23c57df7Smcpowers extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 219*23c57df7Smcpowers crypto_data_t *, size_t, 220*23c57df7Smcpowers int (*decrypt)(const void *, const uint8_t *, uint8_t *), 221*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint8_t *), 222*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 223*23c57df7Smcpowers 224*23c57df7Smcpowers extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t, 225*23c57df7Smcpowers crypto_data_t *, size_t, 226*23c57df7Smcpowers int (*cipher)(const void *, const uint8_t *, uint8_t *), 227*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 228*23c57df7Smcpowers 229*23c57df7Smcpowers extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 230*23c57df7Smcpowers crypto_data_t *, size_t, 231*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 232*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint8_t *), 233*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 234*23c57df7Smcpowers 235*23c57df7Smcpowers extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 236*23c57df7Smcpowers crypto_data_t *, size_t, 237*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 238*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint8_t *), 239*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 240*23c57df7Smcpowers 241*23c57df7Smcpowers int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 242*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 243*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 244*23c57df7Smcpowers 245*23c57df7Smcpowers extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 246*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 247*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint8_t *), 248*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 249*23c57df7Smcpowers 250*23c57df7Smcpowers extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *, 251*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 252*23c57df7Smcpowers 253*23c57df7Smcpowers extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t, 254*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint64_t *)); 255*23c57df7Smcpowers 256*23c57df7Smcpowers extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *, 257*23c57df7Smcpowers void (*copy_block)(uint8_t *, uint8_t *)); 258*23c57df7Smcpowers 259*23c57df7Smcpowers extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t, 260*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 261*23c57df7Smcpowers void (*xor_block)(uint8_t *, uint8_t *)); 262*23c57df7Smcpowers 263*23c57df7Smcpowers extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *, 264*23c57df7Smcpowers int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 265*23c57df7Smcpowers 266*23c57df7Smcpowers extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *); 267*23c57df7Smcpowers extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *, 268*23c57df7Smcpowers uint8_t **, size_t *, uint8_t **, size_t); 269*23c57df7Smcpowers 270*23c57df7Smcpowers extern void *ecb_alloc_ctx(int); 271*23c57df7Smcpowers extern void *cbc_alloc_ctx(int); 272*23c57df7Smcpowers extern void *ctr_alloc_ctx(int); 273*23c57df7Smcpowers extern void *ccm_alloc_ctx(int); 274*23c57df7Smcpowers extern void crypto_free_mode_ctx(void *); 275*23c57df7Smcpowers 276*23c57df7Smcpowers #ifdef __cplusplus 277*23c57df7Smcpowers } 278*23c57df7Smcpowers #endif 279*23c57df7Smcpowers 280*23c57df7Smcpowers #endif /* _COMMON_CRYPTO_MODES_H */ 281