1734b6a94Sdarrenm /*
2734b6a94Sdarrenm * CDDL HEADER START
3734b6a94Sdarrenm *
4734b6a94Sdarrenm * The contents of this file are subject to the terms of the
5734b6a94Sdarrenm * Common Development and Distribution License (the "License").
6734b6a94Sdarrenm * You may not use this file except in compliance with the License.
7734b6a94Sdarrenm *
8734b6a94Sdarrenm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9734b6a94Sdarrenm * or http://www.opensolaris.org/os/licensing.
10734b6a94Sdarrenm * See the License for the specific language governing permissions
11734b6a94Sdarrenm * and limitations under the License.
12734b6a94Sdarrenm *
13734b6a94Sdarrenm * When distributing Covered Code, include this CDDL HEADER in each
14734b6a94Sdarrenm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15734b6a94Sdarrenm * If applicable, add the following below this CDDL HEADER, with the
16734b6a94Sdarrenm * fields enclosed by brackets "[]" replaced with your own identifying
17734b6a94Sdarrenm * information: Portions Copyright [yyyy] [name of copyright owner]
18734b6a94Sdarrenm *
19734b6a94Sdarrenm * CDDL HEADER END
20734b6a94Sdarrenm */
21734b6a94Sdarrenm
22734b6a94Sdarrenm /*
23d3b2efc7SAnthony Scarpino * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24734b6a94Sdarrenm * Use is subject to license terms.
25734b6a94Sdarrenm */
26734b6a94Sdarrenm
27734b6a94Sdarrenm #include <sys/modctl.h>
28734b6a94Sdarrenm #include <sys/cmn_err.h>
29734b6a94Sdarrenm #include <sys/note.h>
30734b6a94Sdarrenm #include <sys/crypto/common.h>
31734b6a94Sdarrenm #include <sys/crypto/spi.h>
32734b6a94Sdarrenm #include <sys/strsun.h>
33734b6a94Sdarrenm #include <sys/systm.h>
34734b6a94Sdarrenm #include <sys/sysmacros.h>
35734b6a94Sdarrenm
36734b6a94Sdarrenm #include <sys/sha1.h>
37b5a2d845SHai-May Chao #include <sha1/sha1_impl.h>
38734b6a94Sdarrenm
39734b6a94Sdarrenm /*
40734b6a94Sdarrenm * The sha1 module is created with two modlinkages:
41734b6a94Sdarrenm * - a modlmisc that allows consumers to directly call the entry points
42734b6a94Sdarrenm * SHA1Init, SHA1Update, and SHA1Final.
43734b6a94Sdarrenm * - a modlcrypto that allows the module to register with the Kernel
44734b6a94Sdarrenm * Cryptographic Framework (KCF) as a software provider for the SHA1
45734b6a94Sdarrenm * mechanisms.
46734b6a94Sdarrenm */
47734b6a94Sdarrenm
48734b6a94Sdarrenm static struct modlmisc modlmisc = {
49734b6a94Sdarrenm &mod_miscops,
50734b6a94Sdarrenm "SHA1 Message-Digest Algorithm"
51734b6a94Sdarrenm };
52734b6a94Sdarrenm
53734b6a94Sdarrenm static struct modlcrypto modlcrypto = {
54734b6a94Sdarrenm &mod_cryptoops,
55734b6a94Sdarrenm "SHA1 Kernel SW Provider 1.1"
56734b6a94Sdarrenm };
57734b6a94Sdarrenm
58734b6a94Sdarrenm static struct modlinkage modlinkage = {
59734b6a94Sdarrenm MODREV_1, &modlmisc, &modlcrypto, NULL
60734b6a94Sdarrenm };
61734b6a94Sdarrenm
62734b6a94Sdarrenm
63734b6a94Sdarrenm /*
64734b6a94Sdarrenm * Macros to access the SHA1 or SHA1-HMAC contexts from a context passed
65734b6a94Sdarrenm * by KCF to one of the entry points.
66734b6a94Sdarrenm */
67734b6a94Sdarrenm
68734b6a94Sdarrenm #define PROV_SHA1_CTX(ctx) ((sha1_ctx_t *)(ctx)->cc_provider_private)
69734b6a94Sdarrenm #define PROV_SHA1_HMAC_CTX(ctx) ((sha1_hmac_ctx_t *)(ctx)->cc_provider_private)
70734b6a94Sdarrenm
71734b6a94Sdarrenm /* to extract the digest length passed as mechanism parameter */
72734b6a94Sdarrenm #define PROV_SHA1_GET_DIGEST_LEN(m, len) { \
73734b6a94Sdarrenm if (IS_P2ALIGNED((m)->cm_param, sizeof (ulong_t))) \
748de5c4f4SDan OpenSolaris Anderson (len) = (uint32_t)*((ulong_t *)(void *)mechanism->cm_param); \
75734b6a94Sdarrenm else { \
76734b6a94Sdarrenm ulong_t tmp_ulong; \
77734b6a94Sdarrenm bcopy((m)->cm_param, &tmp_ulong, sizeof (ulong_t)); \
78734b6a94Sdarrenm (len) = (uint32_t)tmp_ulong; \
79734b6a94Sdarrenm } \
80734b6a94Sdarrenm }
81734b6a94Sdarrenm
82734b6a94Sdarrenm #define PROV_SHA1_DIGEST_KEY(ctx, key, len, digest) { \
83734b6a94Sdarrenm SHA1Init(ctx); \
84734b6a94Sdarrenm SHA1Update(ctx, key, len); \
85734b6a94Sdarrenm SHA1Final(digest, ctx); \
86734b6a94Sdarrenm }
87734b6a94Sdarrenm
88734b6a94Sdarrenm /*
89734b6a94Sdarrenm * Mechanism info structure passed to KCF during registration.
90734b6a94Sdarrenm */
91734b6a94Sdarrenm static crypto_mech_info_t sha1_mech_info_tab[] = {
92734b6a94Sdarrenm /* SHA1 */
93734b6a94Sdarrenm {SUN_CKM_SHA1, SHA1_MECH_INFO_TYPE,
94734b6a94Sdarrenm CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
95734b6a94Sdarrenm 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
96734b6a94Sdarrenm /* SHA1-HMAC */
97734b6a94Sdarrenm {SUN_CKM_SHA1_HMAC, SHA1_HMAC_MECH_INFO_TYPE,
98734b6a94Sdarrenm CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
99734b6a94Sdarrenm SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN,
1005b675b31SVladimir Kotal CRYPTO_KEYSIZE_UNIT_IN_BYTES},
101734b6a94Sdarrenm /* SHA1-HMAC GENERAL */
102734b6a94Sdarrenm {SUN_CKM_SHA1_HMAC_GENERAL, SHA1_HMAC_GEN_MECH_INFO_TYPE,
103734b6a94Sdarrenm CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
104734b6a94Sdarrenm SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN,
1055b675b31SVladimir Kotal CRYPTO_KEYSIZE_UNIT_IN_BYTES}
106734b6a94Sdarrenm };
107734b6a94Sdarrenm
108734b6a94Sdarrenm static void sha1_provider_status(crypto_provider_handle_t, uint_t *);
109734b6a94Sdarrenm
110734b6a94Sdarrenm static crypto_control_ops_t sha1_control_ops = {
111734b6a94Sdarrenm sha1_provider_status
112734b6a94Sdarrenm };
113734b6a94Sdarrenm
114734b6a94Sdarrenm static int sha1_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
115734b6a94Sdarrenm crypto_req_handle_t);
116734b6a94Sdarrenm static int sha1_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
117734b6a94Sdarrenm crypto_req_handle_t);
118734b6a94Sdarrenm static int sha1_digest_update(crypto_ctx_t *, crypto_data_t *,
119734b6a94Sdarrenm crypto_req_handle_t);
120734b6a94Sdarrenm static int sha1_digest_final(crypto_ctx_t *, crypto_data_t *,
121734b6a94Sdarrenm crypto_req_handle_t);
122734b6a94Sdarrenm static int sha1_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
123734b6a94Sdarrenm crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
124734b6a94Sdarrenm crypto_req_handle_t);
125734b6a94Sdarrenm
126734b6a94Sdarrenm static crypto_digest_ops_t sha1_digest_ops = {
127734b6a94Sdarrenm sha1_digest_init,
128734b6a94Sdarrenm sha1_digest,
129734b6a94Sdarrenm sha1_digest_update,
130734b6a94Sdarrenm NULL,
131734b6a94Sdarrenm sha1_digest_final,
132734b6a94Sdarrenm sha1_digest_atomic
133734b6a94Sdarrenm };
134734b6a94Sdarrenm
135734b6a94Sdarrenm static int sha1_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
136734b6a94Sdarrenm crypto_spi_ctx_template_t, crypto_req_handle_t);
137734b6a94Sdarrenm static int sha1_mac_update(crypto_ctx_t *, crypto_data_t *,
138734b6a94Sdarrenm crypto_req_handle_t);
139734b6a94Sdarrenm static int sha1_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
140734b6a94Sdarrenm static int sha1_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
141734b6a94Sdarrenm crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
142734b6a94Sdarrenm crypto_spi_ctx_template_t, crypto_req_handle_t);
143734b6a94Sdarrenm static int sha1_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
144734b6a94Sdarrenm crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
145734b6a94Sdarrenm crypto_spi_ctx_template_t, crypto_req_handle_t);
146734b6a94Sdarrenm
147734b6a94Sdarrenm static crypto_mac_ops_t sha1_mac_ops = {
148734b6a94Sdarrenm sha1_mac_init,
149734b6a94Sdarrenm NULL,
150734b6a94Sdarrenm sha1_mac_update,
151734b6a94Sdarrenm sha1_mac_final,
152734b6a94Sdarrenm sha1_mac_atomic,
153734b6a94Sdarrenm sha1_mac_verify_atomic
154734b6a94Sdarrenm };
155734b6a94Sdarrenm
156734b6a94Sdarrenm static int sha1_create_ctx_template(crypto_provider_handle_t,
157734b6a94Sdarrenm crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
158734b6a94Sdarrenm size_t *, crypto_req_handle_t);
159734b6a94Sdarrenm static int sha1_free_context(crypto_ctx_t *);
160734b6a94Sdarrenm
161734b6a94Sdarrenm static crypto_ctx_ops_t sha1_ctx_ops = {
162734b6a94Sdarrenm sha1_create_ctx_template,
163734b6a94Sdarrenm sha1_free_context
164734b6a94Sdarrenm };
165734b6a94Sdarrenm
166734b6a94Sdarrenm static crypto_ops_t sha1_crypto_ops = {
167734b6a94Sdarrenm &sha1_control_ops,
168734b6a94Sdarrenm &sha1_digest_ops,
169734b6a94Sdarrenm NULL,
170734b6a94Sdarrenm &sha1_mac_ops,
171734b6a94Sdarrenm NULL,
172734b6a94Sdarrenm NULL,
173734b6a94Sdarrenm NULL,
174734b6a94Sdarrenm NULL,
175734b6a94Sdarrenm NULL,
176734b6a94Sdarrenm NULL,
177734b6a94Sdarrenm NULL,
178734b6a94Sdarrenm NULL,
179734b6a94Sdarrenm NULL,
18073556491SAnthony Scarpino &sha1_ctx_ops,
18173556491SAnthony Scarpino NULL,
18273556491SAnthony Scarpino NULL,
183*6ea3c060SGarrett D'Amore NULL,
184734b6a94Sdarrenm };
185734b6a94Sdarrenm
186734b6a94Sdarrenm static crypto_provider_info_t sha1_prov_info = {
18773556491SAnthony Scarpino CRYPTO_SPI_VERSION_4,
188734b6a94Sdarrenm "SHA1 Software Provider",
189734b6a94Sdarrenm CRYPTO_SW_PROVIDER,
190734b6a94Sdarrenm {&modlinkage},
191734b6a94Sdarrenm NULL,
192734b6a94Sdarrenm &sha1_crypto_ops,
193734b6a94Sdarrenm sizeof (sha1_mech_info_tab)/sizeof (crypto_mech_info_t),
194734b6a94Sdarrenm sha1_mech_info_tab
195734b6a94Sdarrenm };
196734b6a94Sdarrenm
197734b6a94Sdarrenm static crypto_kcf_provider_handle_t sha1_prov_handle = NULL;
198734b6a94Sdarrenm
199734b6a94Sdarrenm int
_init()200734b6a94Sdarrenm _init()
201734b6a94Sdarrenm {
202734b6a94Sdarrenm int ret;
203734b6a94Sdarrenm
204734b6a94Sdarrenm if ((ret = mod_install(&modlinkage)) != 0)
205734b6a94Sdarrenm return (ret);
206734b6a94Sdarrenm
207734b6a94Sdarrenm /*
208d3b2efc7SAnthony Scarpino * Register with KCF. If the registration fails, log do not uninstall
209d3b2efc7SAnthony Scarpino * the module, since the functionality provided by misc/sha1 should
210d3b2efc7SAnthony Scarpino * still be available.
211734b6a94Sdarrenm */
212d3b2efc7SAnthony Scarpino (void) crypto_register_provider(&sha1_prov_info, &sha1_prov_handle);
213734b6a94Sdarrenm
214734b6a94Sdarrenm return (0);
215734b6a94Sdarrenm }
216734b6a94Sdarrenm
217734b6a94Sdarrenm int
_info(struct modinfo * modinfop)218734b6a94Sdarrenm _info(struct modinfo *modinfop)
219734b6a94Sdarrenm {
220734b6a94Sdarrenm return (mod_info(&modlinkage, modinfop));
221734b6a94Sdarrenm }
222734b6a94Sdarrenm
223734b6a94Sdarrenm /*
224734b6a94Sdarrenm * KCF software provider control entry points.
225734b6a94Sdarrenm */
226734b6a94Sdarrenm /* ARGSUSED */
227734b6a94Sdarrenm static void
sha1_provider_status(crypto_provider_handle_t provider,uint_t * status)228734b6a94Sdarrenm sha1_provider_status(crypto_provider_handle_t provider, uint_t *status)
229734b6a94Sdarrenm {
230734b6a94Sdarrenm *status = CRYPTO_PROVIDER_READY;
231734b6a94Sdarrenm }
232734b6a94Sdarrenm
233734b6a94Sdarrenm /*
234734b6a94Sdarrenm * KCF software provider digest entry points.
235734b6a94Sdarrenm */
236734b6a94Sdarrenm
237734b6a94Sdarrenm static int
sha1_digest_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_req_handle_t req)238734b6a94Sdarrenm sha1_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
239734b6a94Sdarrenm crypto_req_handle_t req)
240734b6a94Sdarrenm {
241734b6a94Sdarrenm if (mechanism->cm_type != SHA1_MECH_INFO_TYPE)
242734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
243734b6a94Sdarrenm
244734b6a94Sdarrenm /*
245734b6a94Sdarrenm * Allocate and initialize SHA1 context.
246734b6a94Sdarrenm */
247734b6a94Sdarrenm ctx->cc_provider_private = kmem_alloc(sizeof (sha1_ctx_t),
248734b6a94Sdarrenm crypto_kmflag(req));
249734b6a94Sdarrenm if (ctx->cc_provider_private == NULL)
250734b6a94Sdarrenm return (CRYPTO_HOST_MEMORY);
251734b6a94Sdarrenm
252734b6a94Sdarrenm PROV_SHA1_CTX(ctx)->sc_mech_type = SHA1_MECH_INFO_TYPE;
253734b6a94Sdarrenm SHA1Init(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx);
254734b6a94Sdarrenm
255734b6a94Sdarrenm return (CRYPTO_SUCCESS);
256734b6a94Sdarrenm }
257734b6a94Sdarrenm
258734b6a94Sdarrenm /*
259734b6a94Sdarrenm * Helper SHA1 digest update function for uio data.
260734b6a94Sdarrenm */
261734b6a94Sdarrenm static int
sha1_digest_update_uio(SHA1_CTX * sha1_ctx,crypto_data_t * data)262734b6a94Sdarrenm sha1_digest_update_uio(SHA1_CTX *sha1_ctx, crypto_data_t *data)
263734b6a94Sdarrenm {
264734b6a94Sdarrenm off_t offset = data->cd_offset;
265734b6a94Sdarrenm size_t length = data->cd_length;
266734b6a94Sdarrenm uint_t vec_idx;
267734b6a94Sdarrenm size_t cur_len;
268734b6a94Sdarrenm
269734b6a94Sdarrenm /* we support only kernel buffer */
270734b6a94Sdarrenm if (data->cd_uio->uio_segflg != UIO_SYSSPACE)
271734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
272734b6a94Sdarrenm
273734b6a94Sdarrenm /*
274734b6a94Sdarrenm * Jump to the first iovec containing data to be
275734b6a94Sdarrenm * digested.
276734b6a94Sdarrenm */
277734b6a94Sdarrenm for (vec_idx = 0; vec_idx < data->cd_uio->uio_iovcnt &&
278734b6a94Sdarrenm offset >= data->cd_uio->uio_iov[vec_idx].iov_len;
2795b675b31SVladimir Kotal offset -= data->cd_uio->uio_iov[vec_idx++].iov_len)
2805b675b31SVladimir Kotal ;
281734b6a94Sdarrenm if (vec_idx == data->cd_uio->uio_iovcnt) {
282734b6a94Sdarrenm /*
283734b6a94Sdarrenm * The caller specified an offset that is larger than the
284734b6a94Sdarrenm * total size of the buffers it provided.
285734b6a94Sdarrenm */
286734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
287734b6a94Sdarrenm }
288734b6a94Sdarrenm
289734b6a94Sdarrenm /*
290734b6a94Sdarrenm * Now do the digesting on the iovecs.
291734b6a94Sdarrenm */
292734b6a94Sdarrenm while (vec_idx < data->cd_uio->uio_iovcnt && length > 0) {
293734b6a94Sdarrenm cur_len = MIN(data->cd_uio->uio_iov[vec_idx].iov_len -
294734b6a94Sdarrenm offset, length);
295734b6a94Sdarrenm
296734b6a94Sdarrenm SHA1Update(sha1_ctx,
297734b6a94Sdarrenm (uint8_t *)data->cd_uio->uio_iov[vec_idx].iov_base + offset,
298734b6a94Sdarrenm cur_len);
299734b6a94Sdarrenm
300734b6a94Sdarrenm length -= cur_len;
301734b6a94Sdarrenm vec_idx++;
302734b6a94Sdarrenm offset = 0;
303734b6a94Sdarrenm }
304734b6a94Sdarrenm
305734b6a94Sdarrenm if (vec_idx == data->cd_uio->uio_iovcnt && length > 0) {
306734b6a94Sdarrenm /*
307734b6a94Sdarrenm * The end of the specified iovec's was reached but
308734b6a94Sdarrenm * the length requested could not be processed, i.e.
309734b6a94Sdarrenm * The caller requested to digest more data than it provided.
310734b6a94Sdarrenm */
311734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
312734b6a94Sdarrenm }
313734b6a94Sdarrenm
314734b6a94Sdarrenm return (CRYPTO_SUCCESS);
315734b6a94Sdarrenm }
316734b6a94Sdarrenm
317734b6a94Sdarrenm /*
318734b6a94Sdarrenm * Helper SHA1 digest final function for uio data.
319734b6a94Sdarrenm * digest_len is the length of the desired digest. If digest_len
320734b6a94Sdarrenm * is smaller than the default SHA1 digest length, the caller
321734b6a94Sdarrenm * must pass a scratch buffer, digest_scratch, which must
322734b6a94Sdarrenm * be at least SHA1_DIGEST_LENGTH bytes.
323734b6a94Sdarrenm */
324734b6a94Sdarrenm static int
sha1_digest_final_uio(SHA1_CTX * sha1_ctx,crypto_data_t * digest,ulong_t digest_len,uchar_t * digest_scratch)325734b6a94Sdarrenm sha1_digest_final_uio(SHA1_CTX *sha1_ctx, crypto_data_t *digest,
326734b6a94Sdarrenm ulong_t digest_len, uchar_t *digest_scratch)
327734b6a94Sdarrenm {
328734b6a94Sdarrenm off_t offset = digest->cd_offset;
329734b6a94Sdarrenm uint_t vec_idx;
330734b6a94Sdarrenm
331734b6a94Sdarrenm /* we support only kernel buffer */
332734b6a94Sdarrenm if (digest->cd_uio->uio_segflg != UIO_SYSSPACE)
333734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
334734b6a94Sdarrenm
335734b6a94Sdarrenm /*
336734b6a94Sdarrenm * Jump to the first iovec containing ptr to the digest to
337734b6a94Sdarrenm * be returned.
338734b6a94Sdarrenm */
339734b6a94Sdarrenm for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len &&
340734b6a94Sdarrenm vec_idx < digest->cd_uio->uio_iovcnt;
3415b675b31SVladimir Kotal offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len)
3425b675b31SVladimir Kotal ;
343734b6a94Sdarrenm if (vec_idx == digest->cd_uio->uio_iovcnt) {
344734b6a94Sdarrenm /*
345734b6a94Sdarrenm * The caller specified an offset that is
346734b6a94Sdarrenm * larger than the total size of the buffers
347734b6a94Sdarrenm * it provided.
348734b6a94Sdarrenm */
349734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
350734b6a94Sdarrenm }
351734b6a94Sdarrenm
352734b6a94Sdarrenm if (offset + digest_len <=
353734b6a94Sdarrenm digest->cd_uio->uio_iov[vec_idx].iov_len) {
354734b6a94Sdarrenm /*
355734b6a94Sdarrenm * The computed SHA1 digest will fit in the current
356734b6a94Sdarrenm * iovec.
357734b6a94Sdarrenm */
358734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
359734b6a94Sdarrenm /*
360734b6a94Sdarrenm * The caller requested a short digest. Digest
361734b6a94Sdarrenm * into a scratch buffer and return to
362734b6a94Sdarrenm * the user only what was requested.
363734b6a94Sdarrenm */
364734b6a94Sdarrenm SHA1Final(digest_scratch, sha1_ctx);
365734b6a94Sdarrenm bcopy(digest_scratch, (uchar_t *)digest->
366734b6a94Sdarrenm cd_uio->uio_iov[vec_idx].iov_base + offset,
367734b6a94Sdarrenm digest_len);
368734b6a94Sdarrenm } else {
369734b6a94Sdarrenm SHA1Final((uchar_t *)digest->
370734b6a94Sdarrenm cd_uio->uio_iov[vec_idx].iov_base + offset,
371734b6a94Sdarrenm sha1_ctx);
372734b6a94Sdarrenm }
373734b6a94Sdarrenm } else {
374734b6a94Sdarrenm /*
375734b6a94Sdarrenm * The computed digest will be crossing one or more iovec's.
376734b6a94Sdarrenm * This is bad performance-wise but we need to support it.
377734b6a94Sdarrenm * Allocate a small scratch buffer on the stack and
378734b6a94Sdarrenm * copy it piece meal to the specified digest iovec's.
379734b6a94Sdarrenm */
380734b6a94Sdarrenm uchar_t digest_tmp[SHA1_DIGEST_LENGTH];
381734b6a94Sdarrenm off_t scratch_offset = 0;
382734b6a94Sdarrenm size_t length = digest_len;
383734b6a94Sdarrenm size_t cur_len;
384734b6a94Sdarrenm
385734b6a94Sdarrenm SHA1Final(digest_tmp, sha1_ctx);
386734b6a94Sdarrenm
387734b6a94Sdarrenm while (vec_idx < digest->cd_uio->uio_iovcnt && length > 0) {
388734b6a94Sdarrenm cur_len = MIN(digest->cd_uio->uio_iov[vec_idx].iov_len -
389734b6a94Sdarrenm offset, length);
390734b6a94Sdarrenm bcopy(digest_tmp + scratch_offset,
391734b6a94Sdarrenm digest->cd_uio->uio_iov[vec_idx].iov_base + offset,
392734b6a94Sdarrenm cur_len);
393734b6a94Sdarrenm
394734b6a94Sdarrenm length -= cur_len;
395734b6a94Sdarrenm vec_idx++;
396734b6a94Sdarrenm scratch_offset += cur_len;
397734b6a94Sdarrenm offset = 0;
398734b6a94Sdarrenm }
399734b6a94Sdarrenm
400734b6a94Sdarrenm if (vec_idx == digest->cd_uio->uio_iovcnt && length > 0) {
401734b6a94Sdarrenm /*
402734b6a94Sdarrenm * The end of the specified iovec's was reached but
403734b6a94Sdarrenm * the length requested could not be processed, i.e.
404734b6a94Sdarrenm * The caller requested to digest more data than it
405734b6a94Sdarrenm * provided.
406734b6a94Sdarrenm */
407734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
408734b6a94Sdarrenm }
409734b6a94Sdarrenm }
410734b6a94Sdarrenm
411734b6a94Sdarrenm return (CRYPTO_SUCCESS);
412734b6a94Sdarrenm }
413734b6a94Sdarrenm
414734b6a94Sdarrenm /*
415734b6a94Sdarrenm * Helper SHA1 digest update for mblk's.
416734b6a94Sdarrenm */
417734b6a94Sdarrenm static int
sha1_digest_update_mblk(SHA1_CTX * sha1_ctx,crypto_data_t * data)418734b6a94Sdarrenm sha1_digest_update_mblk(SHA1_CTX *sha1_ctx, crypto_data_t *data)
419734b6a94Sdarrenm {
420734b6a94Sdarrenm off_t offset = data->cd_offset;
421734b6a94Sdarrenm size_t length = data->cd_length;
422734b6a94Sdarrenm mblk_t *mp;
423734b6a94Sdarrenm size_t cur_len;
424734b6a94Sdarrenm
425734b6a94Sdarrenm /*
426734b6a94Sdarrenm * Jump to the first mblk_t containing data to be digested.
427734b6a94Sdarrenm */
428734b6a94Sdarrenm for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp);
4295b675b31SVladimir Kotal offset -= MBLKL(mp), mp = mp->b_cont)
4305b675b31SVladimir Kotal ;
431734b6a94Sdarrenm if (mp == NULL) {
432734b6a94Sdarrenm /*
433734b6a94Sdarrenm * The caller specified an offset that is larger than the
434734b6a94Sdarrenm * total size of the buffers it provided.
435734b6a94Sdarrenm */
436734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
437734b6a94Sdarrenm }
438734b6a94Sdarrenm
439734b6a94Sdarrenm /*
440734b6a94Sdarrenm * Now do the digesting on the mblk chain.
441734b6a94Sdarrenm */
442734b6a94Sdarrenm while (mp != NULL && length > 0) {
443734b6a94Sdarrenm cur_len = MIN(MBLKL(mp) - offset, length);
444734b6a94Sdarrenm SHA1Update(sha1_ctx, mp->b_rptr + offset, cur_len);
445734b6a94Sdarrenm length -= cur_len;
446734b6a94Sdarrenm offset = 0;
447734b6a94Sdarrenm mp = mp->b_cont;
448734b6a94Sdarrenm }
449734b6a94Sdarrenm
450734b6a94Sdarrenm if (mp == NULL && length > 0) {
451734b6a94Sdarrenm /*
452734b6a94Sdarrenm * The end of the mblk was reached but the length requested
453734b6a94Sdarrenm * could not be processed, i.e. The caller requested
454734b6a94Sdarrenm * to digest more data than it provided.
455734b6a94Sdarrenm */
456734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
457734b6a94Sdarrenm }
458734b6a94Sdarrenm
459734b6a94Sdarrenm return (CRYPTO_SUCCESS);
460734b6a94Sdarrenm }
461734b6a94Sdarrenm
462734b6a94Sdarrenm /*
463734b6a94Sdarrenm * Helper SHA1 digest final for mblk's.
464734b6a94Sdarrenm * digest_len is the length of the desired digest. If digest_len
465734b6a94Sdarrenm * is smaller than the default SHA1 digest length, the caller
466734b6a94Sdarrenm * must pass a scratch buffer, digest_scratch, which must
467734b6a94Sdarrenm * be at least SHA1_DIGEST_LENGTH bytes.
468734b6a94Sdarrenm */
469734b6a94Sdarrenm static int
sha1_digest_final_mblk(SHA1_CTX * sha1_ctx,crypto_data_t * digest,ulong_t digest_len,uchar_t * digest_scratch)470734b6a94Sdarrenm sha1_digest_final_mblk(SHA1_CTX *sha1_ctx, crypto_data_t *digest,
471734b6a94Sdarrenm ulong_t digest_len, uchar_t *digest_scratch)
472734b6a94Sdarrenm {
473734b6a94Sdarrenm off_t offset = digest->cd_offset;
474734b6a94Sdarrenm mblk_t *mp;
475734b6a94Sdarrenm
476734b6a94Sdarrenm /*
477734b6a94Sdarrenm * Jump to the first mblk_t that will be used to store the digest.
478734b6a94Sdarrenm */
479734b6a94Sdarrenm for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp);
4805b675b31SVladimir Kotal offset -= MBLKL(mp), mp = mp->b_cont)
4815b675b31SVladimir Kotal ;
482734b6a94Sdarrenm if (mp == NULL) {
483734b6a94Sdarrenm /*
484734b6a94Sdarrenm * The caller specified an offset that is larger than the
485734b6a94Sdarrenm * total size of the buffers it provided.
486734b6a94Sdarrenm */
487734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
488734b6a94Sdarrenm }
489734b6a94Sdarrenm
490734b6a94Sdarrenm if (offset + digest_len <= MBLKL(mp)) {
491734b6a94Sdarrenm /*
492734b6a94Sdarrenm * The computed SHA1 digest will fit in the current mblk.
493734b6a94Sdarrenm * Do the SHA1Final() in-place.
494734b6a94Sdarrenm */
495734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
496734b6a94Sdarrenm /*
497734b6a94Sdarrenm * The caller requested a short digest. Digest
498734b6a94Sdarrenm * into a scratch buffer and return to
499734b6a94Sdarrenm * the user only what was requested.
500734b6a94Sdarrenm */
501734b6a94Sdarrenm SHA1Final(digest_scratch, sha1_ctx);
502734b6a94Sdarrenm bcopy(digest_scratch, mp->b_rptr + offset, digest_len);
503734b6a94Sdarrenm } else {
504734b6a94Sdarrenm SHA1Final(mp->b_rptr + offset, sha1_ctx);
505734b6a94Sdarrenm }
506734b6a94Sdarrenm } else {
507734b6a94Sdarrenm /*
508734b6a94Sdarrenm * The computed digest will be crossing one or more mblk's.
509734b6a94Sdarrenm * This is bad performance-wise but we need to support it.
510734b6a94Sdarrenm * Allocate a small scratch buffer on the stack and
511734b6a94Sdarrenm * copy it piece meal to the specified digest iovec's.
512734b6a94Sdarrenm */
513734b6a94Sdarrenm uchar_t digest_tmp[SHA1_DIGEST_LENGTH];
514734b6a94Sdarrenm off_t scratch_offset = 0;
515734b6a94Sdarrenm size_t length = digest_len;
516734b6a94Sdarrenm size_t cur_len;
517734b6a94Sdarrenm
518734b6a94Sdarrenm SHA1Final(digest_tmp, sha1_ctx);
519734b6a94Sdarrenm
520734b6a94Sdarrenm while (mp != NULL && length > 0) {
521734b6a94Sdarrenm cur_len = MIN(MBLKL(mp) - offset, length);
522734b6a94Sdarrenm bcopy(digest_tmp + scratch_offset,
523734b6a94Sdarrenm mp->b_rptr + offset, cur_len);
524734b6a94Sdarrenm
525734b6a94Sdarrenm length -= cur_len;
526734b6a94Sdarrenm mp = mp->b_cont;
527734b6a94Sdarrenm scratch_offset += cur_len;
528734b6a94Sdarrenm offset = 0;
529734b6a94Sdarrenm }
530734b6a94Sdarrenm
531734b6a94Sdarrenm if (mp == NULL && length > 0) {
532734b6a94Sdarrenm /*
533734b6a94Sdarrenm * The end of the specified mblk was reached but
534734b6a94Sdarrenm * the length requested could not be processed, i.e.
535734b6a94Sdarrenm * The caller requested to digest more data than it
536734b6a94Sdarrenm * provided.
537734b6a94Sdarrenm */
538734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
539734b6a94Sdarrenm }
540734b6a94Sdarrenm }
541734b6a94Sdarrenm
542734b6a94Sdarrenm return (CRYPTO_SUCCESS);
543734b6a94Sdarrenm }
544734b6a94Sdarrenm
545734b6a94Sdarrenm /* ARGSUSED */
546734b6a94Sdarrenm static int
sha1_digest(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * digest,crypto_req_handle_t req)547734b6a94Sdarrenm sha1_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
548734b6a94Sdarrenm crypto_req_handle_t req)
549734b6a94Sdarrenm {
550734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
551734b6a94Sdarrenm
552734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
553734b6a94Sdarrenm
554734b6a94Sdarrenm /*
555734b6a94Sdarrenm * We need to just return the length needed to store the output.
556734b6a94Sdarrenm * We should not destroy the context for the following cases.
557734b6a94Sdarrenm */
558734b6a94Sdarrenm if ((digest->cd_length == 0) ||
559734b6a94Sdarrenm (digest->cd_length < SHA1_DIGEST_LENGTH)) {
560734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
561734b6a94Sdarrenm return (CRYPTO_BUFFER_TOO_SMALL);
562734b6a94Sdarrenm }
563734b6a94Sdarrenm
564734b6a94Sdarrenm /*
565734b6a94Sdarrenm * Do the SHA1 update on the specified input data.
566734b6a94Sdarrenm */
567734b6a94Sdarrenm switch (data->cd_format) {
568734b6a94Sdarrenm case CRYPTO_DATA_RAW:
569734b6a94Sdarrenm SHA1Update(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
570734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
571734b6a94Sdarrenm data->cd_length);
572734b6a94Sdarrenm break;
573734b6a94Sdarrenm case CRYPTO_DATA_UIO:
574734b6a94Sdarrenm ret = sha1_digest_update_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
575734b6a94Sdarrenm data);
576734b6a94Sdarrenm break;
577734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
578734b6a94Sdarrenm ret = sha1_digest_update_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
579734b6a94Sdarrenm data);
580734b6a94Sdarrenm break;
581734b6a94Sdarrenm default:
582734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
583734b6a94Sdarrenm }
584734b6a94Sdarrenm
585734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS) {
586734b6a94Sdarrenm /* the update failed, free context and bail */
587734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_ctx_t));
588734b6a94Sdarrenm ctx->cc_provider_private = NULL;
589734b6a94Sdarrenm digest->cd_length = 0;
590734b6a94Sdarrenm return (ret);
591734b6a94Sdarrenm }
592734b6a94Sdarrenm
593734b6a94Sdarrenm /*
594734b6a94Sdarrenm * Do a SHA1 final, must be done separately since the digest
595734b6a94Sdarrenm * type can be different than the input data type.
596734b6a94Sdarrenm */
597734b6a94Sdarrenm switch (digest->cd_format) {
598734b6a94Sdarrenm case CRYPTO_DATA_RAW:
599734b6a94Sdarrenm SHA1Final((unsigned char *)digest->cd_raw.iov_base +
600734b6a94Sdarrenm digest->cd_offset, &PROV_SHA1_CTX(ctx)->sc_sha1_ctx);
601734b6a94Sdarrenm break;
602734b6a94Sdarrenm case CRYPTO_DATA_UIO:
603734b6a94Sdarrenm ret = sha1_digest_final_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
604734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
605734b6a94Sdarrenm break;
606734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
607734b6a94Sdarrenm ret = sha1_digest_final_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
608734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
609734b6a94Sdarrenm break;
610734b6a94Sdarrenm default:
611734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
612734b6a94Sdarrenm }
613734b6a94Sdarrenm
614734b6a94Sdarrenm /* all done, free context and return */
615734b6a94Sdarrenm
616734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
617734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
618734b6a94Sdarrenm } else {
619734b6a94Sdarrenm digest->cd_length = 0;
620734b6a94Sdarrenm }
621734b6a94Sdarrenm
622734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_ctx_t));
623734b6a94Sdarrenm ctx->cc_provider_private = NULL;
624734b6a94Sdarrenm return (ret);
625734b6a94Sdarrenm }
626734b6a94Sdarrenm
627734b6a94Sdarrenm /* ARGSUSED */
628734b6a94Sdarrenm static int
sha1_digest_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)629734b6a94Sdarrenm sha1_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
630734b6a94Sdarrenm crypto_req_handle_t req)
631734b6a94Sdarrenm {
632734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
633734b6a94Sdarrenm
634734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
635734b6a94Sdarrenm
636734b6a94Sdarrenm /*
637734b6a94Sdarrenm * Do the SHA1 update on the specified input data.
638734b6a94Sdarrenm */
639734b6a94Sdarrenm switch (data->cd_format) {
640734b6a94Sdarrenm case CRYPTO_DATA_RAW:
641734b6a94Sdarrenm SHA1Update(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
642734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
643734b6a94Sdarrenm data->cd_length);
644734b6a94Sdarrenm break;
645734b6a94Sdarrenm case CRYPTO_DATA_UIO:
646734b6a94Sdarrenm ret = sha1_digest_update_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
647734b6a94Sdarrenm data);
648734b6a94Sdarrenm break;
649734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
650734b6a94Sdarrenm ret = sha1_digest_update_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
651734b6a94Sdarrenm data);
652734b6a94Sdarrenm break;
653734b6a94Sdarrenm default:
654734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
655734b6a94Sdarrenm }
656734b6a94Sdarrenm
657734b6a94Sdarrenm return (ret);
658734b6a94Sdarrenm }
659734b6a94Sdarrenm
660734b6a94Sdarrenm /* ARGSUSED */
661734b6a94Sdarrenm static int
sha1_digest_final(crypto_ctx_t * ctx,crypto_data_t * digest,crypto_req_handle_t req)662734b6a94Sdarrenm sha1_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
663734b6a94Sdarrenm crypto_req_handle_t req)
664734b6a94Sdarrenm {
665734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
666734b6a94Sdarrenm
667734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
668734b6a94Sdarrenm
669734b6a94Sdarrenm /*
670734b6a94Sdarrenm * We need to just return the length needed to store the output.
671734b6a94Sdarrenm * We should not destroy the context for the following cases.
672734b6a94Sdarrenm */
673734b6a94Sdarrenm if ((digest->cd_length == 0) ||
674734b6a94Sdarrenm (digest->cd_length < SHA1_DIGEST_LENGTH)) {
675734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
676734b6a94Sdarrenm return (CRYPTO_BUFFER_TOO_SMALL);
677734b6a94Sdarrenm }
678734b6a94Sdarrenm
679734b6a94Sdarrenm /*
680734b6a94Sdarrenm * Do a SHA1 final.
681734b6a94Sdarrenm */
682734b6a94Sdarrenm switch (digest->cd_format) {
683734b6a94Sdarrenm case CRYPTO_DATA_RAW:
684734b6a94Sdarrenm SHA1Final((unsigned char *)digest->cd_raw.iov_base +
685734b6a94Sdarrenm digest->cd_offset, &PROV_SHA1_CTX(ctx)->sc_sha1_ctx);
686734b6a94Sdarrenm break;
687734b6a94Sdarrenm case CRYPTO_DATA_UIO:
688734b6a94Sdarrenm ret = sha1_digest_final_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
689734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
690734b6a94Sdarrenm break;
691734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
692734b6a94Sdarrenm ret = sha1_digest_final_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
693734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
694734b6a94Sdarrenm break;
695734b6a94Sdarrenm default:
696734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
697734b6a94Sdarrenm }
698734b6a94Sdarrenm
699734b6a94Sdarrenm /* all done, free context and return */
700734b6a94Sdarrenm
701734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
702734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
703734b6a94Sdarrenm } else {
704734b6a94Sdarrenm digest->cd_length = 0;
705734b6a94Sdarrenm }
706734b6a94Sdarrenm
707734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_ctx_t));
708734b6a94Sdarrenm ctx->cc_provider_private = NULL;
709734b6a94Sdarrenm
710734b6a94Sdarrenm return (ret);
711734b6a94Sdarrenm }
712734b6a94Sdarrenm
713734b6a94Sdarrenm /* ARGSUSED */
714734b6a94Sdarrenm static int
sha1_digest_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_data_t * data,crypto_data_t * digest,crypto_req_handle_t req)715734b6a94Sdarrenm sha1_digest_atomic(crypto_provider_handle_t provider,
716734b6a94Sdarrenm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
717734b6a94Sdarrenm crypto_data_t *data, crypto_data_t *digest,
718734b6a94Sdarrenm crypto_req_handle_t req)
719734b6a94Sdarrenm {
720734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
721734b6a94Sdarrenm SHA1_CTX sha1_ctx;
722734b6a94Sdarrenm
723734b6a94Sdarrenm if (mechanism->cm_type != SHA1_MECH_INFO_TYPE)
724734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
725734b6a94Sdarrenm
726734b6a94Sdarrenm /*
727734b6a94Sdarrenm * Do the SHA1 init.
728734b6a94Sdarrenm */
729734b6a94Sdarrenm SHA1Init(&sha1_ctx);
730734b6a94Sdarrenm
731734b6a94Sdarrenm /*
732734b6a94Sdarrenm * Do the SHA1 update on the specified input data.
733734b6a94Sdarrenm */
734734b6a94Sdarrenm switch (data->cd_format) {
735734b6a94Sdarrenm case CRYPTO_DATA_RAW:
736734b6a94Sdarrenm SHA1Update(&sha1_ctx,
737734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
738734b6a94Sdarrenm data->cd_length);
739734b6a94Sdarrenm break;
740734b6a94Sdarrenm case CRYPTO_DATA_UIO:
741734b6a94Sdarrenm ret = sha1_digest_update_uio(&sha1_ctx, data);
742734b6a94Sdarrenm break;
743734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
744734b6a94Sdarrenm ret = sha1_digest_update_mblk(&sha1_ctx, data);
745734b6a94Sdarrenm break;
746734b6a94Sdarrenm default:
747734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
748734b6a94Sdarrenm }
749734b6a94Sdarrenm
750734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS) {
751734b6a94Sdarrenm /* the update failed, bail */
752734b6a94Sdarrenm digest->cd_length = 0;
753734b6a94Sdarrenm return (ret);
754734b6a94Sdarrenm }
755734b6a94Sdarrenm
756734b6a94Sdarrenm /*
757734b6a94Sdarrenm * Do a SHA1 final, must be done separately since the digest
758734b6a94Sdarrenm * type can be different than the input data type.
759734b6a94Sdarrenm */
760734b6a94Sdarrenm switch (digest->cd_format) {
761734b6a94Sdarrenm case CRYPTO_DATA_RAW:
762734b6a94Sdarrenm SHA1Final((unsigned char *)digest->cd_raw.iov_base +
763734b6a94Sdarrenm digest->cd_offset, &sha1_ctx);
764734b6a94Sdarrenm break;
765734b6a94Sdarrenm case CRYPTO_DATA_UIO:
766734b6a94Sdarrenm ret = sha1_digest_final_uio(&sha1_ctx, digest,
767734b6a94Sdarrenm SHA1_DIGEST_LENGTH, NULL);
768734b6a94Sdarrenm break;
769734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
770734b6a94Sdarrenm ret = sha1_digest_final_mblk(&sha1_ctx, digest,
771734b6a94Sdarrenm SHA1_DIGEST_LENGTH, NULL);
772734b6a94Sdarrenm break;
773734b6a94Sdarrenm default:
774734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
775734b6a94Sdarrenm }
776734b6a94Sdarrenm
777734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
778734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
779734b6a94Sdarrenm } else {
780734b6a94Sdarrenm digest->cd_length = 0;
781734b6a94Sdarrenm }
782734b6a94Sdarrenm
783734b6a94Sdarrenm return (ret);
784734b6a94Sdarrenm }
785734b6a94Sdarrenm
786734b6a94Sdarrenm /*
787734b6a94Sdarrenm * KCF software provider mac entry points.
788734b6a94Sdarrenm *
789734b6a94Sdarrenm * SHA1 HMAC is: SHA1(key XOR opad, SHA1(key XOR ipad, text))
790734b6a94Sdarrenm *
791734b6a94Sdarrenm * Init:
792734b6a94Sdarrenm * The initialization routine initializes what we denote
793734b6a94Sdarrenm * as the inner and outer contexts by doing
794734b6a94Sdarrenm * - for inner context: SHA1(key XOR ipad)
795734b6a94Sdarrenm * - for outer context: SHA1(key XOR opad)
796734b6a94Sdarrenm *
797734b6a94Sdarrenm * Update:
798734b6a94Sdarrenm * Each subsequent SHA1 HMAC update will result in an
799734b6a94Sdarrenm * update of the inner context with the specified data.
800734b6a94Sdarrenm *
801734b6a94Sdarrenm * Final:
802734b6a94Sdarrenm * The SHA1 HMAC final will do a SHA1 final operation on the
803734b6a94Sdarrenm * inner context, and the resulting digest will be used
804734b6a94Sdarrenm * as the data for an update on the outer context. Last
805734b6a94Sdarrenm * but not least, a SHA1 final on the outer context will
806734b6a94Sdarrenm * be performed to obtain the SHA1 HMAC digest to return
807734b6a94Sdarrenm * to the user.
808734b6a94Sdarrenm */
809734b6a94Sdarrenm
810734b6a94Sdarrenm /*
811734b6a94Sdarrenm * Initialize a SHA1-HMAC context.
812734b6a94Sdarrenm */
813734b6a94Sdarrenm static void
sha1_mac_init_ctx(sha1_hmac_ctx_t * ctx,void * keyval,uint_t length_in_bytes)814734b6a94Sdarrenm sha1_mac_init_ctx(sha1_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
815734b6a94Sdarrenm {
816734b6a94Sdarrenm uint32_t ipad[SHA1_HMAC_INTS_PER_BLOCK];
817734b6a94Sdarrenm uint32_t opad[SHA1_HMAC_INTS_PER_BLOCK];
818734b6a94Sdarrenm uint_t i;
819734b6a94Sdarrenm
820734b6a94Sdarrenm bzero(ipad, SHA1_HMAC_BLOCK_SIZE);
821734b6a94Sdarrenm bzero(opad, SHA1_HMAC_BLOCK_SIZE);
822734b6a94Sdarrenm
823734b6a94Sdarrenm bcopy(keyval, ipad, length_in_bytes);
824734b6a94Sdarrenm bcopy(keyval, opad, length_in_bytes);
825734b6a94Sdarrenm
826734b6a94Sdarrenm /* XOR key with ipad (0x36) and opad (0x5c) */
827734b6a94Sdarrenm for (i = 0; i < SHA1_HMAC_INTS_PER_BLOCK; i++) {
828734b6a94Sdarrenm ipad[i] ^= 0x36363636;
829734b6a94Sdarrenm opad[i] ^= 0x5c5c5c5c;
830734b6a94Sdarrenm }
831734b6a94Sdarrenm
832734b6a94Sdarrenm /* perform SHA1 on ipad */
833734b6a94Sdarrenm SHA1Init(&ctx->hc_icontext);
834734b6a94Sdarrenm SHA1Update(&ctx->hc_icontext, (uint8_t *)ipad, SHA1_HMAC_BLOCK_SIZE);
835734b6a94Sdarrenm
836734b6a94Sdarrenm /* perform SHA1 on opad */
837734b6a94Sdarrenm SHA1Init(&ctx->hc_ocontext);
838734b6a94Sdarrenm SHA1Update(&ctx->hc_ocontext, (uint8_t *)opad, SHA1_HMAC_BLOCK_SIZE);
839734b6a94Sdarrenm }
840734b6a94Sdarrenm
841734b6a94Sdarrenm /*
842734b6a94Sdarrenm */
843734b6a94Sdarrenm static int
sha1_mac_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)844734b6a94Sdarrenm sha1_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
845734b6a94Sdarrenm crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
846734b6a94Sdarrenm crypto_req_handle_t req)
847734b6a94Sdarrenm {
848734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
849734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
850734b6a94Sdarrenm
851734b6a94Sdarrenm if (mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE &&
852734b6a94Sdarrenm mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)
853734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
854734b6a94Sdarrenm
855734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
856734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
857734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
858734b6a94Sdarrenm
859734b6a94Sdarrenm ctx->cc_provider_private = kmem_alloc(sizeof (sha1_hmac_ctx_t),
860734b6a94Sdarrenm crypto_kmflag(req));
861734b6a94Sdarrenm if (ctx->cc_provider_private == NULL)
862734b6a94Sdarrenm return (CRYPTO_HOST_MEMORY);
863734b6a94Sdarrenm
864734b6a94Sdarrenm if (ctx_template != NULL) {
865734b6a94Sdarrenm /* reuse context template */
866734b6a94Sdarrenm bcopy(ctx_template, PROV_SHA1_HMAC_CTX(ctx),
867734b6a94Sdarrenm sizeof (sha1_hmac_ctx_t));
868734b6a94Sdarrenm } else {
869734b6a94Sdarrenm /* no context template, compute context */
870734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
871734b6a94Sdarrenm uchar_t digested_key[SHA1_DIGEST_LENGTH];
872734b6a94Sdarrenm sha1_hmac_ctx_t *hmac_ctx = ctx->cc_provider_private;
873734b6a94Sdarrenm
874734b6a94Sdarrenm /*
875734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
876734b6a94Sdarrenm * The inner context is used since it hasn't been
877734b6a94Sdarrenm * initialized yet.
878734b6a94Sdarrenm */
879734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&hmac_ctx->hc_icontext,
880734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digested_key);
881734b6a94Sdarrenm sha1_mac_init_ctx(PROV_SHA1_HMAC_CTX(ctx),
882734b6a94Sdarrenm digested_key, SHA1_DIGEST_LENGTH);
883734b6a94Sdarrenm } else {
884734b6a94Sdarrenm sha1_mac_init_ctx(PROV_SHA1_HMAC_CTX(ctx),
885734b6a94Sdarrenm key->ck_data, keylen_in_bytes);
886734b6a94Sdarrenm }
887734b6a94Sdarrenm }
888734b6a94Sdarrenm
889734b6a94Sdarrenm /*
890734b6a94Sdarrenm * Get the mechanism parameters, if applicable.
891734b6a94Sdarrenm */
892734b6a94Sdarrenm PROV_SHA1_HMAC_CTX(ctx)->hc_mech_type = mechanism->cm_type;
893734b6a94Sdarrenm if (mechanism->cm_type == SHA1_HMAC_GEN_MECH_INFO_TYPE) {
894734b6a94Sdarrenm if (mechanism->cm_param == NULL ||
895734b6a94Sdarrenm mechanism->cm_param_len != sizeof (ulong_t))
896734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
897734b6a94Sdarrenm PROV_SHA1_GET_DIGEST_LEN(mechanism,
898734b6a94Sdarrenm PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len);
899734b6a94Sdarrenm if (PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len >
900734b6a94Sdarrenm SHA1_DIGEST_LENGTH)
901734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
902734b6a94Sdarrenm }
903734b6a94Sdarrenm
904734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS) {
905734b6a94Sdarrenm bzero(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
906734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
907734b6a94Sdarrenm ctx->cc_provider_private = NULL;
908734b6a94Sdarrenm }
909734b6a94Sdarrenm
910734b6a94Sdarrenm return (ret);
911734b6a94Sdarrenm }
912734b6a94Sdarrenm
913734b6a94Sdarrenm /* ARGSUSED */
914734b6a94Sdarrenm static int
sha1_mac_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)915734b6a94Sdarrenm sha1_mac_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
916734b6a94Sdarrenm {
917734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
918734b6a94Sdarrenm
919734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
920734b6a94Sdarrenm
921734b6a94Sdarrenm /*
922734b6a94Sdarrenm * Do a SHA1 update of the inner context using the specified
923734b6a94Sdarrenm * data.
924734b6a94Sdarrenm */
925734b6a94Sdarrenm switch (data->cd_format) {
926734b6a94Sdarrenm case CRYPTO_DATA_RAW:
927734b6a94Sdarrenm SHA1Update(&PROV_SHA1_HMAC_CTX(ctx)->hc_icontext,
928734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
929734b6a94Sdarrenm data->cd_length);
930734b6a94Sdarrenm break;
931734b6a94Sdarrenm case CRYPTO_DATA_UIO:
932734b6a94Sdarrenm ret = sha1_digest_update_uio(
933734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext, data);
934734b6a94Sdarrenm break;
935734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
936734b6a94Sdarrenm ret = sha1_digest_update_mblk(
937734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext, data);
938734b6a94Sdarrenm break;
939734b6a94Sdarrenm default:
940734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
941734b6a94Sdarrenm }
942734b6a94Sdarrenm
943734b6a94Sdarrenm return (ret);
944734b6a94Sdarrenm }
945734b6a94Sdarrenm
946734b6a94Sdarrenm /* ARGSUSED */
947734b6a94Sdarrenm static int
sha1_mac_final(crypto_ctx_t * ctx,crypto_data_t * mac,crypto_req_handle_t req)948734b6a94Sdarrenm sha1_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
949734b6a94Sdarrenm {
950734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
951734b6a94Sdarrenm uchar_t digest[SHA1_DIGEST_LENGTH];
952734b6a94Sdarrenm uint32_t digest_len = SHA1_DIGEST_LENGTH;
953734b6a94Sdarrenm
954734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
955734b6a94Sdarrenm
956734b6a94Sdarrenm if (PROV_SHA1_HMAC_CTX(ctx)->hc_mech_type ==
957734b6a94Sdarrenm SHA1_HMAC_GEN_MECH_INFO_TYPE)
958734b6a94Sdarrenm digest_len = PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len;
959734b6a94Sdarrenm
960734b6a94Sdarrenm /*
961734b6a94Sdarrenm * We need to just return the length needed to store the output.
962734b6a94Sdarrenm * We should not destroy the context for the following cases.
963734b6a94Sdarrenm */
964734b6a94Sdarrenm if ((mac->cd_length == 0) || (mac->cd_length < digest_len)) {
965734b6a94Sdarrenm mac->cd_length = digest_len;
966734b6a94Sdarrenm return (CRYPTO_BUFFER_TOO_SMALL);
967734b6a94Sdarrenm }
968734b6a94Sdarrenm
969734b6a94Sdarrenm /*
970734b6a94Sdarrenm * Do a SHA1 final on the inner context.
971734b6a94Sdarrenm */
972734b6a94Sdarrenm SHA1Final(digest, &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext);
973734b6a94Sdarrenm
974734b6a94Sdarrenm /*
975734b6a94Sdarrenm * Do a SHA1 update on the outer context, feeding the inner
976734b6a94Sdarrenm * digest as data.
977734b6a94Sdarrenm */
978734b6a94Sdarrenm SHA1Update(&PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext, digest,
979734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
980734b6a94Sdarrenm
981734b6a94Sdarrenm /*
982734b6a94Sdarrenm * Do a SHA1 final on the outer context, storing the computing
983734b6a94Sdarrenm * digest in the users buffer.
984734b6a94Sdarrenm */
985734b6a94Sdarrenm switch (mac->cd_format) {
986734b6a94Sdarrenm case CRYPTO_DATA_RAW:
987734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
988734b6a94Sdarrenm /*
989734b6a94Sdarrenm * The caller requested a short digest. Digest
990734b6a94Sdarrenm * into a scratch buffer and return to
991734b6a94Sdarrenm * the user only what was requested.
992734b6a94Sdarrenm */
993734b6a94Sdarrenm SHA1Final(digest,
994734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext);
995734b6a94Sdarrenm bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
996734b6a94Sdarrenm mac->cd_offset, digest_len);
997734b6a94Sdarrenm } else {
998734b6a94Sdarrenm SHA1Final((unsigned char *)mac->cd_raw.iov_base +
999734b6a94Sdarrenm mac->cd_offset,
1000734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext);
1001734b6a94Sdarrenm }
1002734b6a94Sdarrenm break;
1003734b6a94Sdarrenm case CRYPTO_DATA_UIO:
1004734b6a94Sdarrenm ret = sha1_digest_final_uio(
1005734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext, mac,
1006734b6a94Sdarrenm digest_len, digest);
1007734b6a94Sdarrenm break;
1008734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
1009734b6a94Sdarrenm ret = sha1_digest_final_mblk(
1010734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext, mac,
1011734b6a94Sdarrenm digest_len, digest);
1012734b6a94Sdarrenm break;
1013734b6a94Sdarrenm default:
1014734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1015734b6a94Sdarrenm }
1016734b6a94Sdarrenm
1017734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
1018734b6a94Sdarrenm mac->cd_length = digest_len;
1019734b6a94Sdarrenm } else {
1020734b6a94Sdarrenm mac->cd_length = 0;
1021734b6a94Sdarrenm }
1022734b6a94Sdarrenm
1023734b6a94Sdarrenm bzero(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
1024734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
1025734b6a94Sdarrenm ctx->cc_provider_private = NULL;
1026734b6a94Sdarrenm
1027734b6a94Sdarrenm return (ret);
1028734b6a94Sdarrenm }
1029734b6a94Sdarrenm
1030734b6a94Sdarrenm #define SHA1_MAC_UPDATE(data, ctx, ret) { \
1031734b6a94Sdarrenm switch (data->cd_format) { \
1032734b6a94Sdarrenm case CRYPTO_DATA_RAW: \
1033734b6a94Sdarrenm SHA1Update(&(ctx).hc_icontext, \
1034734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + \
1035734b6a94Sdarrenm data->cd_offset, data->cd_length); \
1036734b6a94Sdarrenm break; \
1037734b6a94Sdarrenm case CRYPTO_DATA_UIO: \
1038734b6a94Sdarrenm ret = sha1_digest_update_uio(&(ctx).hc_icontext, data); \
1039734b6a94Sdarrenm break; \
1040734b6a94Sdarrenm case CRYPTO_DATA_MBLK: \
1041734b6a94Sdarrenm ret = sha1_digest_update_mblk(&(ctx).hc_icontext, \
1042734b6a94Sdarrenm data); \
1043734b6a94Sdarrenm break; \
1044734b6a94Sdarrenm default: \
1045734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD; \
1046734b6a94Sdarrenm } \
1047734b6a94Sdarrenm }
1048734b6a94Sdarrenm
1049734b6a94Sdarrenm /* ARGSUSED */
1050734b6a94Sdarrenm static int
sha1_mac_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * mac,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)1051734b6a94Sdarrenm sha1_mac_atomic(crypto_provider_handle_t provider,
1052734b6a94Sdarrenm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1053734b6a94Sdarrenm crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1054734b6a94Sdarrenm crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1055734b6a94Sdarrenm {
1056734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
1057734b6a94Sdarrenm uchar_t digest[SHA1_DIGEST_LENGTH];
1058734b6a94Sdarrenm sha1_hmac_ctx_t sha1_hmac_ctx;
1059734b6a94Sdarrenm uint32_t digest_len = SHA1_DIGEST_LENGTH;
1060734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1061734b6a94Sdarrenm
1062734b6a94Sdarrenm if (mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE &&
1063734b6a94Sdarrenm mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)
1064734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
1065734b6a94Sdarrenm
1066734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
1067734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
1068734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1069734b6a94Sdarrenm
1070734b6a94Sdarrenm if (ctx_template != NULL) {
1071734b6a94Sdarrenm /* reuse context template */
1072734b6a94Sdarrenm bcopy(ctx_template, &sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1073734b6a94Sdarrenm } else {
1074734b6a94Sdarrenm /* no context template, initialize context */
1075734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
1076734b6a94Sdarrenm /*
1077734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
1078734b6a94Sdarrenm * The inner context is used since it hasn't been
1079734b6a94Sdarrenm * initialized yet.
1080734b6a94Sdarrenm */
1081734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&sha1_hmac_ctx.hc_icontext,
1082734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digest);
1083734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, digest,
1084734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1085734b6a94Sdarrenm } else {
1086734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, key->ck_data,
1087734b6a94Sdarrenm keylen_in_bytes);
1088734b6a94Sdarrenm }
1089734b6a94Sdarrenm }
1090734b6a94Sdarrenm
1091734b6a94Sdarrenm /* get the mechanism parameters, if applicable */
1092734b6a94Sdarrenm if (mechanism->cm_type == SHA1_HMAC_GEN_MECH_INFO_TYPE) {
1093734b6a94Sdarrenm if (mechanism->cm_param == NULL ||
1094734b6a94Sdarrenm mechanism->cm_param_len != sizeof (ulong_t)) {
1095734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1096734b6a94Sdarrenm goto bail;
1097734b6a94Sdarrenm }
1098734b6a94Sdarrenm PROV_SHA1_GET_DIGEST_LEN(mechanism, digest_len);
1099734b6a94Sdarrenm if (digest_len > SHA1_DIGEST_LENGTH) {
1100734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1101734b6a94Sdarrenm goto bail;
1102734b6a94Sdarrenm }
1103734b6a94Sdarrenm }
1104734b6a94Sdarrenm
1105734b6a94Sdarrenm /* do a SHA1 update of the inner context using the specified data */
1106734b6a94Sdarrenm SHA1_MAC_UPDATE(data, sha1_hmac_ctx, ret);
1107734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS)
1108734b6a94Sdarrenm /* the update failed, free context and bail */
1109734b6a94Sdarrenm goto bail;
1110734b6a94Sdarrenm
1111734b6a94Sdarrenm /*
1112734b6a94Sdarrenm * Do a SHA1 final on the inner context.
1113734b6a94Sdarrenm */
1114734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_icontext);
1115734b6a94Sdarrenm
1116734b6a94Sdarrenm /*
1117734b6a94Sdarrenm * Do an SHA1 update on the outer context, feeding the inner
1118734b6a94Sdarrenm * digest as data.
1119734b6a94Sdarrenm */
1120734b6a94Sdarrenm SHA1Update(&sha1_hmac_ctx.hc_ocontext, digest, SHA1_DIGEST_LENGTH);
1121734b6a94Sdarrenm
1122734b6a94Sdarrenm /*
1123734b6a94Sdarrenm * Do a SHA1 final on the outer context, storing the computed
1124734b6a94Sdarrenm * digest in the users buffer.
1125734b6a94Sdarrenm */
1126734b6a94Sdarrenm switch (mac->cd_format) {
1127734b6a94Sdarrenm case CRYPTO_DATA_RAW:
1128734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
1129734b6a94Sdarrenm /*
1130734b6a94Sdarrenm * The caller requested a short digest. Digest
1131734b6a94Sdarrenm * into a scratch buffer and return to
1132734b6a94Sdarrenm * the user only what was requested.
1133734b6a94Sdarrenm */
1134734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_ocontext);
1135734b6a94Sdarrenm bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1136734b6a94Sdarrenm mac->cd_offset, digest_len);
1137734b6a94Sdarrenm } else {
1138734b6a94Sdarrenm SHA1Final((unsigned char *)mac->cd_raw.iov_base +
1139734b6a94Sdarrenm mac->cd_offset, &sha1_hmac_ctx.hc_ocontext);
1140734b6a94Sdarrenm }
1141734b6a94Sdarrenm break;
1142734b6a94Sdarrenm case CRYPTO_DATA_UIO:
1143734b6a94Sdarrenm ret = sha1_digest_final_uio(&sha1_hmac_ctx.hc_ocontext, mac,
1144734b6a94Sdarrenm digest_len, digest);
1145734b6a94Sdarrenm break;
1146734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
1147734b6a94Sdarrenm ret = sha1_digest_final_mblk(&sha1_hmac_ctx.hc_ocontext, mac,
1148734b6a94Sdarrenm digest_len, digest);
1149734b6a94Sdarrenm break;
1150734b6a94Sdarrenm default:
1151734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1152734b6a94Sdarrenm }
1153734b6a94Sdarrenm
1154734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
1155734b6a94Sdarrenm mac->cd_length = digest_len;
1156734b6a94Sdarrenm } else {
1157734b6a94Sdarrenm mac->cd_length = 0;
1158734b6a94Sdarrenm }
1159734b6a94Sdarrenm /* Extra paranoia: zeroize the context on the stack */
1160734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1161734b6a94Sdarrenm
1162734b6a94Sdarrenm return (ret);
1163734b6a94Sdarrenm bail:
1164734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1165734b6a94Sdarrenm mac->cd_length = 0;
1166734b6a94Sdarrenm return (ret);
1167734b6a94Sdarrenm }
1168734b6a94Sdarrenm
1169734b6a94Sdarrenm /* ARGSUSED */
1170734b6a94Sdarrenm static int
sha1_mac_verify_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * mac,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)1171734b6a94Sdarrenm sha1_mac_verify_atomic(crypto_provider_handle_t provider,
1172734b6a94Sdarrenm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1173734b6a94Sdarrenm crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1174734b6a94Sdarrenm crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1175734b6a94Sdarrenm {
1176734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
1177734b6a94Sdarrenm uchar_t digest[SHA1_DIGEST_LENGTH];
1178734b6a94Sdarrenm sha1_hmac_ctx_t sha1_hmac_ctx;
1179734b6a94Sdarrenm uint32_t digest_len = SHA1_DIGEST_LENGTH;
1180734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1181734b6a94Sdarrenm
1182734b6a94Sdarrenm if (mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE &&
1183734b6a94Sdarrenm mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)
1184734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
1185734b6a94Sdarrenm
1186734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
1187734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
1188734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1189734b6a94Sdarrenm
1190734b6a94Sdarrenm if (ctx_template != NULL) {
1191734b6a94Sdarrenm /* reuse context template */
1192734b6a94Sdarrenm bcopy(ctx_template, &sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1193734b6a94Sdarrenm } else {
1194734b6a94Sdarrenm /* no context template, initialize context */
1195734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
1196734b6a94Sdarrenm /*
1197734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
1198734b6a94Sdarrenm * The inner context is used since it hasn't been
1199734b6a94Sdarrenm * initialized yet.
1200734b6a94Sdarrenm */
1201734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&sha1_hmac_ctx.hc_icontext,
1202734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digest);
1203734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, digest,
1204734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1205734b6a94Sdarrenm } else {
1206734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, key->ck_data,
1207734b6a94Sdarrenm keylen_in_bytes);
1208734b6a94Sdarrenm }
1209734b6a94Sdarrenm }
1210734b6a94Sdarrenm
1211734b6a94Sdarrenm /* get the mechanism parameters, if applicable */
1212734b6a94Sdarrenm if (mechanism->cm_type == SHA1_HMAC_GEN_MECH_INFO_TYPE) {
1213734b6a94Sdarrenm if (mechanism->cm_param == NULL ||
1214734b6a94Sdarrenm mechanism->cm_param_len != sizeof (ulong_t)) {
1215734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1216734b6a94Sdarrenm goto bail;
1217734b6a94Sdarrenm }
1218734b6a94Sdarrenm PROV_SHA1_GET_DIGEST_LEN(mechanism, digest_len);
1219734b6a94Sdarrenm if (digest_len > SHA1_DIGEST_LENGTH) {
1220734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1221734b6a94Sdarrenm goto bail;
1222734b6a94Sdarrenm }
1223734b6a94Sdarrenm }
1224734b6a94Sdarrenm
1225734b6a94Sdarrenm if (mac->cd_length != digest_len) {
1226734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1227734b6a94Sdarrenm goto bail;
1228734b6a94Sdarrenm }
1229734b6a94Sdarrenm
1230734b6a94Sdarrenm /* do a SHA1 update of the inner context using the specified data */
1231734b6a94Sdarrenm SHA1_MAC_UPDATE(data, sha1_hmac_ctx, ret);
1232734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS)
1233734b6a94Sdarrenm /* the update failed, free context and bail */
1234734b6a94Sdarrenm goto bail;
1235734b6a94Sdarrenm
1236734b6a94Sdarrenm /* do a SHA1 final on the inner context */
1237734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_icontext);
1238734b6a94Sdarrenm
1239734b6a94Sdarrenm /*
1240734b6a94Sdarrenm * Do an SHA1 update on the outer context, feeding the inner
1241734b6a94Sdarrenm * digest as data.
1242734b6a94Sdarrenm */
1243734b6a94Sdarrenm SHA1Update(&sha1_hmac_ctx.hc_ocontext, digest, SHA1_DIGEST_LENGTH);
1244734b6a94Sdarrenm
1245734b6a94Sdarrenm /*
1246734b6a94Sdarrenm * Do a SHA1 final on the outer context, storing the computed
1247734b6a94Sdarrenm * digest in the users buffer.
1248734b6a94Sdarrenm */
1249734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_ocontext);
1250734b6a94Sdarrenm
1251734b6a94Sdarrenm /*
1252734b6a94Sdarrenm * Compare the computed digest against the expected digest passed
1253734b6a94Sdarrenm * as argument.
1254734b6a94Sdarrenm */
1255734b6a94Sdarrenm
1256734b6a94Sdarrenm switch (mac->cd_format) {
1257734b6a94Sdarrenm
1258734b6a94Sdarrenm case CRYPTO_DATA_RAW:
1259734b6a94Sdarrenm if (bcmp(digest, (unsigned char *)mac->cd_raw.iov_base +
1260734b6a94Sdarrenm mac->cd_offset, digest_len) != 0)
1261734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1262734b6a94Sdarrenm break;
1263734b6a94Sdarrenm
1264734b6a94Sdarrenm case CRYPTO_DATA_UIO: {
1265734b6a94Sdarrenm off_t offset = mac->cd_offset;
1266734b6a94Sdarrenm uint_t vec_idx;
1267734b6a94Sdarrenm off_t scratch_offset = 0;
1268734b6a94Sdarrenm size_t length = digest_len;
1269734b6a94Sdarrenm size_t cur_len;
1270734b6a94Sdarrenm
1271734b6a94Sdarrenm /* we support only kernel buffer */
1272734b6a94Sdarrenm if (mac->cd_uio->uio_segflg != UIO_SYSSPACE)
1273734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1274734b6a94Sdarrenm
1275734b6a94Sdarrenm /* jump to the first iovec containing the expected digest */
1276734b6a94Sdarrenm for (vec_idx = 0;
1277734b6a94Sdarrenm offset >= mac->cd_uio->uio_iov[vec_idx].iov_len &&
1278734b6a94Sdarrenm vec_idx < mac->cd_uio->uio_iovcnt;
12795b675b31SVladimir Kotal offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len)
12805b675b31SVladimir Kotal ;
1281734b6a94Sdarrenm if (vec_idx == mac->cd_uio->uio_iovcnt) {
1282734b6a94Sdarrenm /*
1283734b6a94Sdarrenm * The caller specified an offset that is
1284734b6a94Sdarrenm * larger than the total size of the buffers
1285734b6a94Sdarrenm * it provided.
1286734b6a94Sdarrenm */
1287734b6a94Sdarrenm ret = CRYPTO_DATA_LEN_RANGE;
1288734b6a94Sdarrenm break;
1289734b6a94Sdarrenm }
1290734b6a94Sdarrenm
1291734b6a94Sdarrenm /* do the comparison of computed digest vs specified one */
1292734b6a94Sdarrenm while (vec_idx < mac->cd_uio->uio_iovcnt && length > 0) {
1293734b6a94Sdarrenm cur_len = MIN(mac->cd_uio->uio_iov[vec_idx].iov_len -
1294734b6a94Sdarrenm offset, length);
1295734b6a94Sdarrenm
1296734b6a94Sdarrenm if (bcmp(digest + scratch_offset,
1297734b6a94Sdarrenm mac->cd_uio->uio_iov[vec_idx].iov_base + offset,
1298734b6a94Sdarrenm cur_len) != 0) {
1299734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1300734b6a94Sdarrenm break;
1301734b6a94Sdarrenm }
1302734b6a94Sdarrenm
1303734b6a94Sdarrenm length -= cur_len;
1304734b6a94Sdarrenm vec_idx++;
1305734b6a94Sdarrenm scratch_offset += cur_len;
1306734b6a94Sdarrenm offset = 0;
1307734b6a94Sdarrenm }
1308734b6a94Sdarrenm break;
1309734b6a94Sdarrenm }
1310734b6a94Sdarrenm
1311734b6a94Sdarrenm case CRYPTO_DATA_MBLK: {
1312734b6a94Sdarrenm off_t offset = mac->cd_offset;
1313734b6a94Sdarrenm mblk_t *mp;
1314734b6a94Sdarrenm off_t scratch_offset = 0;
1315734b6a94Sdarrenm size_t length = digest_len;
1316734b6a94Sdarrenm size_t cur_len;
1317734b6a94Sdarrenm
1318734b6a94Sdarrenm /* jump to the first mblk_t containing the expected digest */
1319734b6a94Sdarrenm for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp);
13205b675b31SVladimir Kotal offset -= MBLKL(mp), mp = mp->b_cont)
13215b675b31SVladimir Kotal ;
1322734b6a94Sdarrenm if (mp == NULL) {
1323734b6a94Sdarrenm /*
1324734b6a94Sdarrenm * The caller specified an offset that is larger than
1325734b6a94Sdarrenm * the total size of the buffers it provided.
1326734b6a94Sdarrenm */
1327734b6a94Sdarrenm ret = CRYPTO_DATA_LEN_RANGE;
1328734b6a94Sdarrenm break;
1329734b6a94Sdarrenm }
1330734b6a94Sdarrenm
1331734b6a94Sdarrenm while (mp != NULL && length > 0) {
1332734b6a94Sdarrenm cur_len = MIN(MBLKL(mp) - offset, length);
1333734b6a94Sdarrenm if (bcmp(digest + scratch_offset,
1334734b6a94Sdarrenm mp->b_rptr + offset, cur_len) != 0) {
1335734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1336734b6a94Sdarrenm break;
1337734b6a94Sdarrenm }
1338734b6a94Sdarrenm
1339734b6a94Sdarrenm length -= cur_len;
1340734b6a94Sdarrenm mp = mp->b_cont;
1341734b6a94Sdarrenm scratch_offset += cur_len;
1342734b6a94Sdarrenm offset = 0;
1343734b6a94Sdarrenm }
1344734b6a94Sdarrenm break;
1345734b6a94Sdarrenm }
1346734b6a94Sdarrenm
1347734b6a94Sdarrenm default:
1348734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1349734b6a94Sdarrenm }
1350734b6a94Sdarrenm
1351734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1352734b6a94Sdarrenm return (ret);
1353734b6a94Sdarrenm bail:
1354734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1355734b6a94Sdarrenm mac->cd_length = 0;
1356734b6a94Sdarrenm return (ret);
1357734b6a94Sdarrenm }
1358734b6a94Sdarrenm
1359734b6a94Sdarrenm /*
1360734b6a94Sdarrenm * KCF software provider context management entry points.
1361734b6a94Sdarrenm */
1362734b6a94Sdarrenm
1363734b6a94Sdarrenm /* ARGSUSED */
1364734b6a94Sdarrenm static int
sha1_create_ctx_template(crypto_provider_handle_t provider,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t * ctx_template,size_t * ctx_template_size,crypto_req_handle_t req)1365734b6a94Sdarrenm sha1_create_ctx_template(crypto_provider_handle_t provider,
1366734b6a94Sdarrenm crypto_mechanism_t *mechanism, crypto_key_t *key,
1367734b6a94Sdarrenm crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
1368734b6a94Sdarrenm crypto_req_handle_t req)
1369734b6a94Sdarrenm {
1370734b6a94Sdarrenm sha1_hmac_ctx_t *sha1_hmac_ctx_tmpl;
1371734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1372734b6a94Sdarrenm
1373734b6a94Sdarrenm if ((mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE) &&
1374734b6a94Sdarrenm (mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)) {
1375734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
1376734b6a94Sdarrenm }
1377734b6a94Sdarrenm
1378734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
1379734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
1380734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1381734b6a94Sdarrenm
1382734b6a94Sdarrenm /*
1383734b6a94Sdarrenm * Allocate and initialize SHA1 context.
1384734b6a94Sdarrenm */
1385734b6a94Sdarrenm sha1_hmac_ctx_tmpl = kmem_alloc(sizeof (sha1_hmac_ctx_t),
1386734b6a94Sdarrenm crypto_kmflag(req));
1387734b6a94Sdarrenm if (sha1_hmac_ctx_tmpl == NULL)
1388734b6a94Sdarrenm return (CRYPTO_HOST_MEMORY);
1389734b6a94Sdarrenm
1390734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
1391734b6a94Sdarrenm uchar_t digested_key[SHA1_DIGEST_LENGTH];
1392734b6a94Sdarrenm
1393734b6a94Sdarrenm /*
1394734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
1395734b6a94Sdarrenm * The inner context is used since it hasn't been
1396734b6a94Sdarrenm * initialized yet.
1397734b6a94Sdarrenm */
1398734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&sha1_hmac_ctx_tmpl->hc_icontext,
1399734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digested_key);
1400734b6a94Sdarrenm sha1_mac_init_ctx(sha1_hmac_ctx_tmpl, digested_key,
1401734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1402734b6a94Sdarrenm } else {
1403734b6a94Sdarrenm sha1_mac_init_ctx(sha1_hmac_ctx_tmpl, key->ck_data,
1404734b6a94Sdarrenm keylen_in_bytes);
1405734b6a94Sdarrenm }
1406734b6a94Sdarrenm
1407734b6a94Sdarrenm sha1_hmac_ctx_tmpl->hc_mech_type = mechanism->cm_type;
1408734b6a94Sdarrenm *ctx_template = (crypto_spi_ctx_template_t)sha1_hmac_ctx_tmpl;
1409734b6a94Sdarrenm *ctx_template_size = sizeof (sha1_hmac_ctx_t);
1410734b6a94Sdarrenm
1411734b6a94Sdarrenm
1412734b6a94Sdarrenm return (CRYPTO_SUCCESS);
1413734b6a94Sdarrenm }
1414734b6a94Sdarrenm
1415734b6a94Sdarrenm static int
sha1_free_context(crypto_ctx_t * ctx)1416734b6a94Sdarrenm sha1_free_context(crypto_ctx_t *ctx)
1417734b6a94Sdarrenm {
1418734b6a94Sdarrenm uint_t ctx_len;
1419734b6a94Sdarrenm sha1_mech_type_t mech_type;
1420734b6a94Sdarrenm
1421734b6a94Sdarrenm if (ctx->cc_provider_private == NULL)
1422734b6a94Sdarrenm return (CRYPTO_SUCCESS);
1423734b6a94Sdarrenm
1424734b6a94Sdarrenm /*
1425734b6a94Sdarrenm * We have to free either SHA1 or SHA1-HMAC contexts, which
1426734b6a94Sdarrenm * have different lengths.
1427734b6a94Sdarrenm */
1428734b6a94Sdarrenm
1429734b6a94Sdarrenm mech_type = PROV_SHA1_CTX(ctx)->sc_mech_type;
1430734b6a94Sdarrenm if (mech_type == SHA1_MECH_INFO_TYPE)
1431734b6a94Sdarrenm ctx_len = sizeof (sha1_ctx_t);
1432734b6a94Sdarrenm else {
1433734b6a94Sdarrenm ASSERT(mech_type == SHA1_HMAC_MECH_INFO_TYPE ||
1434734b6a94Sdarrenm mech_type == SHA1_HMAC_GEN_MECH_INFO_TYPE);
1435734b6a94Sdarrenm ctx_len = sizeof (sha1_hmac_ctx_t);
1436734b6a94Sdarrenm }
1437734b6a94Sdarrenm
1438734b6a94Sdarrenm bzero(ctx->cc_provider_private, ctx_len);
1439734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, ctx_len);
1440734b6a94Sdarrenm ctx->cc_provider_private = NULL;
1441734b6a94Sdarrenm
1442734b6a94Sdarrenm return (CRYPTO_SUCCESS);
1443734b6a94Sdarrenm }
1444