xref: /titanic_50/usr/src/uts/common/crypto/io/blowfish.c (revision cb8a054b1ab30d5caa746e6c44f29d4c9d3071c1)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Blowfish provider for the Kernel Cryptographic Framework (KCF)
28  */
29 
30 #include <sys/types.h>
31 #include <sys/systm.h>
32 #include <sys/modctl.h>
33 #include <sys/cmn_err.h>
34 #include <sys/ddi.h>
35 #include <sys/crypto/common.h>
36 #include <sys/crypto/spi.h>
37 #include <sys/sysmacros.h>
38 #include <sys/strsun.h>
39 #include <sys/note.h>
40 #include <modes/modes.h>
41 #include <blowfish/blowfish_impl.h>
42 
43 extern struct mod_ops mod_cryptoops;
44 
45 /*
46  * Module linkage information for the kernel.
47  */
48 static struct modlcrypto modlcrypto = {
49 	&mod_cryptoops,
50 	"Blowfish Kernel SW Provider"
51 };
52 
53 static struct modlinkage modlinkage = {
54 	MODREV_1,
55 	(void *)&modlcrypto,
56 	NULL
57 };
58 
59 /*
60  * CSPI information (entry points, provider info, etc.)
61  */
62 typedef enum blowfish_mech_type {
63 	BLOWFISH_ECB_MECH_INFO_TYPE,		/* SUN_CKM_BLOWFISH_ECB */
64 	BLOWFISH_CBC_MECH_INFO_TYPE		/* SUN_CKM_BLOWFISH_CBC */
65 } blowfish_mech_type_t;
66 
67 
68 #define	BLOWFISH_COPY_BLOCK(src, dst) \
69 	(dst)[0] = (src)[0]; \
70 	(dst)[1] = (src)[1]; \
71 	(dst)[2] = (src)[2]; \
72 	(dst)[3] = (src)[3]; \
73 	(dst)[4] = (src)[4]; \
74 	(dst)[5] = (src)[5]; \
75 	(dst)[6] = (src)[6]; \
76 	(dst)[7] = (src)[7]
77 
78 #define	BLOWFISH_XOR_BLOCK(src, dst) \
79 	(dst)[0] ^= (src)[0]; \
80 	(dst)[1] ^= (src)[1]; \
81 	(dst)[2] ^= (src)[2]; \
82 	(dst)[3] ^= (src)[3]; \
83 	(dst)[4] ^= (src)[4]; \
84 	(dst)[5] ^= (src)[5]; \
85 	(dst)[6] ^= (src)[6]; \
86 	(dst)[7] ^= (src)[7]
87 
88 /*
89  * Mechanism info structure passed to KCF during registration.
90  */
91 
92 static crypto_mech_info_t blowfish_mech_info_tab[] = {
93 	/* BLOWFISH_ECB */
94 	{SUN_CKM_BLOWFISH_ECB, BLOWFISH_ECB_MECH_INFO_TYPE,
95 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
96 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
97 	    BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS},
98 	/* BLOWFISH_CBC */
99 	{SUN_CKM_BLOWFISH_CBC, BLOWFISH_CBC_MECH_INFO_TYPE,
100 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
101 	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
102 	    BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS}
103 };
104 
105 #define	BLOWFISH_VALID_MECH(mech)				\
106 	(((mech)->cm_type == BLOWFISH_ECB_MECH_INFO_TYPE ||		\
107 	(mech)->cm_type == BLOWFISH_CBC_MECH_INFO_TYPE) ? 1 : 0)
108 
109 /* operations are in-place if the output buffer is NULL */
110 #define	BLOWFISH_ARG_INPLACE(input, output)			\
111 	if ((output) == NULL)					\
112 		(output) = (input);
113 
114 static void blowfish_provider_status(crypto_provider_handle_t, uint_t *);
115 
116 static crypto_control_ops_t blowfish_control_ops = {
117 	blowfish_provider_status
118 };
119 
120 static int blowfish_common_init(crypto_ctx_t *, crypto_mechanism_t *,
121     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
122 static int blowfish_common_init_ctx(blowfish_ctx_t *,
123     crypto_spi_ctx_template_t *, crypto_mechanism_t *, crypto_key_t *, int);
124 static int blowfish_encrypt_final(crypto_ctx_t *, crypto_data_t *,
125     crypto_req_handle_t);
126 static int blowfish_decrypt_final(crypto_ctx_t *, crypto_data_t *,
127     crypto_req_handle_t);
128 
129 static int blowfish_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
130     crypto_req_handle_t);
131 static int blowfish_encrypt_update(crypto_ctx_t *, crypto_data_t *,
132     crypto_data_t *, crypto_req_handle_t);
133 static int blowfish_encrypt_atomic(crypto_provider_handle_t,
134     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
135     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
136 
137 static int blowfish_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
138     crypto_req_handle_t);
139 static int blowfish_decrypt_update(crypto_ctx_t *, crypto_data_t *,
140     crypto_data_t *, crypto_req_handle_t);
141 static int blowfish_decrypt_atomic(crypto_provider_handle_t,
142     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
143     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
144 
145 static crypto_cipher_ops_t blowfish_cipher_ops = {
146 	blowfish_common_init,
147 	blowfish_encrypt,
148 	blowfish_encrypt_update,
149 	blowfish_encrypt_final,
150 	blowfish_encrypt_atomic,
151 	blowfish_common_init,
152 	blowfish_decrypt,
153 	blowfish_decrypt_update,
154 	blowfish_decrypt_final,
155 	blowfish_decrypt_atomic
156 };
157 
158 static int blowfish_create_ctx_template(crypto_provider_handle_t,
159     crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
160     size_t *, crypto_req_handle_t);
161 static int blowfish_free_context(crypto_ctx_t *);
162 
163 static crypto_ctx_ops_t blowfish_ctx_ops = {
164 	blowfish_create_ctx_template,
165 	blowfish_free_context
166 };
167 
168 static crypto_ops_t blowfish_crypto_ops = {
169 	&blowfish_control_ops,
170 	NULL,
171 	&blowfish_cipher_ops,
172 	NULL,
173 	NULL,
174 	NULL,
175 	NULL,
176 	NULL,
177 	NULL,
178 	NULL,
179 	NULL,
180 	NULL,
181 	NULL,
182 	&blowfish_ctx_ops
183 };
184 
185 static crypto_provider_info_t blowfish_prov_info = {
186 	CRYPTO_SPI_VERSION_1,
187 	"Blowfish Software Provider",
188 	CRYPTO_SW_PROVIDER,
189 	{&modlinkage},
190 	NULL,
191 	&blowfish_crypto_ops,
192 	sizeof (blowfish_mech_info_tab)/sizeof (crypto_mech_info_t),
193 	blowfish_mech_info_tab
194 };
195 
196 
197 static crypto_kcf_provider_handle_t blowfish_prov_handle = NULL;
198 
199 int
200 _init(void)
201 {
202 	int ret;
203 
204 	if ((ret = mod_install(&modlinkage)) != 0)
205 		return (ret);
206 
207 	/* Register with KCF.  If the registration fails, remove the module. */
208 	if (crypto_register_provider(&blowfish_prov_info,
209 	    &blowfish_prov_handle)) {
210 		(void) mod_remove(&modlinkage);
211 		return (EACCES);
212 	}
213 
214 	return (0);
215 }
216 
217 int
218 _fini(void)
219 {
220 	/* Unregister from KCF if module is registered */
221 	if (blowfish_prov_handle != NULL) {
222 		if (crypto_unregister_provider(blowfish_prov_handle))
223 			return (EBUSY);
224 
225 		blowfish_prov_handle = NULL;
226 	}
227 
228 	return (mod_remove(&modlinkage));
229 }
230 
231 int
232 _info(struct modinfo *modinfop)
233 {
234 	return (mod_info(&modlinkage, modinfop));
235 }
236 
237 /*
238  * Initialize key schedules for blowfish
239  */
240 static int
241 init_keysched(crypto_key_t *key, void *keysched)
242 {
243 /* EXPORT DELETE START */
244 	/*
245 	 * Only keys by value are supported by this module.
246 	 */
247 	switch (key->ck_format) {
248 	case CRYPTO_KEY_RAW:
249 		if (key->ck_length < BLOWFISH_MINBITS ||
250 		    key->ck_length > BLOWFISH_MAXBITS) {
251 			return (CRYPTO_KEY_SIZE_RANGE);
252 		}
253 		break;
254 	default:
255 		return (CRYPTO_KEY_TYPE_INCONSISTENT);
256 	}
257 
258 	blowfish_init_keysched(key->ck_data, key->ck_length, keysched);
259 /* EXPORT DELETE END */
260 	return (CRYPTO_SUCCESS);
261 }
262 
263 /*
264  * KCF software provider control entry points.
265  */
266 /* ARGSUSED */
267 static void
268 blowfish_provider_status(crypto_provider_handle_t provider, uint_t *status)
269 {
270 	*status = CRYPTO_PROVIDER_READY;
271 }
272 
273 /*
274  * KCF software provider encrypt entry points.
275  */
276 static int
277 blowfish_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
278     crypto_key_t *key, crypto_spi_ctx_template_t template,
279     crypto_req_handle_t req)
280 {
281 
282 /* EXPORT DELETE START */
283 
284 	blowfish_ctx_t *blowfish_ctx;
285 	int rv;
286 	int kmflag;
287 
288 	/*
289 	 * Only keys by value are supported by this module.
290 	 */
291 	if (key->ck_format != CRYPTO_KEY_RAW) {
292 		return (CRYPTO_KEY_TYPE_INCONSISTENT);
293 	}
294 
295 	if (!BLOWFISH_VALID_MECH(mechanism))
296 		return (CRYPTO_MECHANISM_INVALID);
297 
298 	if (mechanism->cm_param != NULL &&
299 	    mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
300 		return (CRYPTO_MECHANISM_PARAM_INVALID);
301 
302 	kmflag = crypto_kmflag(req);
303 	switch (mechanism->cm_type) {
304 	case BLOWFISH_ECB_MECH_INFO_TYPE:
305 		blowfish_ctx = ecb_alloc_ctx(kmflag);
306 		break;
307 	case BLOWFISH_CBC_MECH_INFO_TYPE:
308 		blowfish_ctx = cbc_alloc_ctx(kmflag);
309 		break;
310 	}
311 	if (blowfish_ctx == NULL)
312 		return (CRYPTO_HOST_MEMORY);
313 
314 	rv = blowfish_common_init_ctx(blowfish_ctx, template, mechanism,
315 	    key, kmflag);
316 	if (rv != CRYPTO_SUCCESS) {
317 		crypto_free_mode_ctx(blowfish_ctx);
318 		return (rv);
319 	}
320 
321 	ctx->cc_provider_private = blowfish_ctx;
322 
323 /* EXPORT DELETE END */
324 
325 	return (CRYPTO_SUCCESS);
326 }
327 
328 static void
329 blowfish_copy_block64(uint8_t *in, uint64_t *out)
330 {
331 	if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
332 		/* LINTED: pointer alignment */
333 		out[0] = *(uint64_t *)&in[0];
334 	} else {
335 		uint8_t *iv8 = (uint8_t *)&out[0];
336 
337 		BLOWFISH_COPY_BLOCK(in, iv8);
338 	}
339 }
340 
341 /* ARGSUSED */
342 static int
343 blowfish_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
344     crypto_data_t *ciphertext, crypto_req_handle_t req)
345 {
346 	int ret;
347 
348 /* EXPORT DELETE START */
349 
350 	blowfish_ctx_t *blowfish_ctx;
351 
352 	/*
353 	 * Plaintext must be a multiple of blowfish block size.
354 	 * This test only works for non-padded mechanisms
355 	 * when blocksize is 2^N.
356 	 */
357 	if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
358 		return (CRYPTO_DATA_LEN_RANGE);
359 
360 	ASSERT(ctx->cc_provider_private != NULL);
361 	blowfish_ctx = ctx->cc_provider_private;
362 
363 	BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
364 
365 	/*
366 	 * We need to just return the length needed to store the output.
367 	 * We should not destroy the context for the following case.
368 	 */
369 	if (ciphertext->cd_length < plaintext->cd_length) {
370 		ciphertext->cd_length = plaintext->cd_length;
371 		return (CRYPTO_BUFFER_TOO_SMALL);
372 	}
373 
374 	/*
375 	 * Do an update on the specified input data.
376 	 */
377 	ret = blowfish_encrypt_update(ctx, plaintext, ciphertext, req);
378 	ASSERT(blowfish_ctx->bc_remainder_len  == 0);
379 	(void) blowfish_free_context(ctx);
380 
381 /* EXPORT DELETE END */
382 
383 	/* LINTED */
384 	return (ret);
385 }
386 
387 /* ARGSUSED */
388 static int
389 blowfish_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
390     crypto_data_t *plaintext, crypto_req_handle_t req)
391 {
392 	int ret;
393 
394 /* EXPORT DELETE START */
395 
396 	blowfish_ctx_t *blowfish_ctx;
397 
398 	/*
399 	 * Ciphertext must be a multiple of blowfish block size.
400 	 * This test only works for non-padded mechanisms
401 	 * when blocksize is 2^N.
402 	 */
403 	if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
404 		return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
405 
406 	ASSERT(ctx->cc_provider_private != NULL);
407 	blowfish_ctx = ctx->cc_provider_private;
408 
409 	BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
410 
411 	/*
412 	 * We need to just return the length needed to store the output.
413 	 * We should not destroy the context for the following case.
414 	 */
415 	if (plaintext->cd_length < ciphertext->cd_length) {
416 		plaintext->cd_length = ciphertext->cd_length;
417 		return (CRYPTO_BUFFER_TOO_SMALL);
418 	}
419 
420 	/*
421 	 * Do an update on the specified input data.
422 	 */
423 	ret = blowfish_decrypt_update(ctx, ciphertext, plaintext, req);
424 	ASSERT(blowfish_ctx->bc_remainder_len == 0);
425 	(void) blowfish_free_context(ctx);
426 
427 /* EXPORT DELETE END */
428 
429 	/* LINTED */
430 	return (ret);
431 }
432 
433 /* ARGSUSED */
434 static int
435 blowfish_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
436     crypto_data_t *ciphertext, crypto_req_handle_t req)
437 {
438 	off_t saved_offset;
439 	size_t saved_length, out_len;
440 	int ret = CRYPTO_SUCCESS;
441 
442 	ASSERT(ctx->cc_provider_private != NULL);
443 
444 	BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
445 
446 	/* compute number of bytes that will hold the ciphertext */
447 	out_len =
448 	    ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
449 	out_len += plaintext->cd_length;
450 	out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
451 
452 	/* return length needed to store the output */
453 	if (ciphertext->cd_length < out_len) {
454 		ciphertext->cd_length = out_len;
455 		return (CRYPTO_BUFFER_TOO_SMALL);
456 	}
457 
458 	saved_offset = ciphertext->cd_offset;
459 	saved_length = ciphertext->cd_length;
460 
461 	/*
462 	 * Do the blowfish update on the specified input data.
463 	 */
464 	switch (plaintext->cd_format) {
465 	case CRYPTO_DATA_RAW:
466 		ret = crypto_update_iov(ctx->cc_provider_private,
467 		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
468 		    blowfish_copy_block64);
469 		break;
470 	case CRYPTO_DATA_UIO:
471 		ret = crypto_update_uio(ctx->cc_provider_private,
472 		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
473 		    blowfish_copy_block64);
474 		break;
475 	case CRYPTO_DATA_MBLK:
476 		ret = crypto_update_mp(ctx->cc_provider_private,
477 		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
478 		    blowfish_copy_block64);
479 		break;
480 	default:
481 		ret = CRYPTO_ARGUMENTS_BAD;
482 	}
483 
484 	if (ret == CRYPTO_SUCCESS) {
485 		if (plaintext != ciphertext)
486 			ciphertext->cd_length =
487 			    ciphertext->cd_offset - saved_offset;
488 	} else {
489 		ciphertext->cd_length = saved_length;
490 	}
491 	ciphertext->cd_offset = saved_offset;
492 
493 	return (ret);
494 }
495 
496 /* ARGSUSED */
497 static int
498 blowfish_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
499     crypto_data_t *plaintext, crypto_req_handle_t req)
500 {
501 	off_t saved_offset;
502 	size_t saved_length, out_len;
503 	int ret = CRYPTO_SUCCESS;
504 
505 	ASSERT(ctx->cc_provider_private != NULL);
506 
507 	BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
508 
509 	/* compute number of bytes that will hold the plaintext */
510 	out_len =
511 	    ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
512 	out_len += ciphertext->cd_length;
513 	out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
514 
515 	/* return length needed to store the output */
516 	if (plaintext->cd_length < out_len) {
517 		plaintext->cd_length = out_len;
518 		return (CRYPTO_BUFFER_TOO_SMALL);
519 	}
520 
521 	saved_offset = plaintext->cd_offset;
522 	saved_length = plaintext->cd_length;
523 
524 	/*
525 	 * Do the blowfish update on the specified input data.
526 	 */
527 	switch (ciphertext->cd_format) {
528 	case CRYPTO_DATA_RAW:
529 		ret = crypto_update_iov(ctx->cc_provider_private,
530 		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
531 		    blowfish_copy_block64);
532 		break;
533 	case CRYPTO_DATA_UIO:
534 		ret = crypto_update_uio(ctx->cc_provider_private,
535 		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
536 		    blowfish_copy_block64);
537 		break;
538 	case CRYPTO_DATA_MBLK:
539 		ret = crypto_update_mp(ctx->cc_provider_private,
540 		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
541 		    blowfish_copy_block64);
542 		break;
543 	default:
544 		ret = CRYPTO_ARGUMENTS_BAD;
545 	}
546 
547 	if (ret == CRYPTO_SUCCESS) {
548 		if (ciphertext != plaintext)
549 			plaintext->cd_length =
550 			    plaintext->cd_offset - saved_offset;
551 	} else {
552 		plaintext->cd_length = saved_length;
553 	}
554 	plaintext->cd_offset = saved_offset;
555 
556 	return (ret);
557 }
558 
559 /* ARGSUSED */
560 static int
561 blowfish_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
562     crypto_req_handle_t req)
563 {
564 
565 /* EXPORT DELETE START */
566 
567 	blowfish_ctx_t *blowfish_ctx;
568 
569 	ASSERT(ctx->cc_provider_private != NULL);
570 	blowfish_ctx = ctx->cc_provider_private;
571 
572 	/*
573 	 * There must be no unprocessed data.
574 	 * This happens if the length of the last data is
575 	 * not a multiple of the BLOWFISH block length.
576 	 */
577 	if (blowfish_ctx->bc_remainder_len > 0)
578 		return (CRYPTO_DATA_LEN_RANGE);
579 
580 	(void) blowfish_free_context(ctx);
581 	data->cd_length = 0;
582 
583 /* EXPORT DELETE END */
584 
585 	return (CRYPTO_SUCCESS);
586 }
587 
588 /* ARGSUSED */
589 static int
590 blowfish_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
591     crypto_req_handle_t req)
592 {
593 
594 /* EXPORT DELETE START */
595 
596 	blowfish_ctx_t *blowfish_ctx;
597 
598 	ASSERT(ctx->cc_provider_private != NULL);
599 	blowfish_ctx = ctx->cc_provider_private;
600 
601 	/*
602 	 * There must be no unprocessed ciphertext.
603 	 * This happens if the length of the last ciphertext is
604 	 * not a multiple of the BLOWFISH block length.
605 	 */
606 	if (blowfish_ctx->bc_remainder_len > 0)
607 		return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
608 
609 	(void) blowfish_free_context(ctx);
610 	data->cd_length = 0;
611 
612 /* EXPORT DELETE END */
613 
614 	return (CRYPTO_SUCCESS);
615 }
616 
617 /* ARGSUSED */
618 static int
619 blowfish_encrypt_atomic(crypto_provider_handle_t provider,
620     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
621     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
622     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
623 {
624 	blowfish_ctx_t blowfish_ctx;	/* on the stack */
625 	off_t saved_offset;
626 	size_t saved_length;
627 	int ret;
628 
629 	BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
630 
631 	/*
632 	 * Plaintext must be a multiple of blowfish block size.
633 	 * This test only works for non-padded mechanisms
634 	 * when blocksize is 2^N.
635 	 */
636 	if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
637 		return (CRYPTO_DATA_LEN_RANGE);
638 
639 	/* return length needed to store the output */
640 	if (ciphertext->cd_length < plaintext->cd_length) {
641 		ciphertext->cd_length = plaintext->cd_length;
642 		return (CRYPTO_BUFFER_TOO_SMALL);
643 	}
644 
645 	if (!BLOWFISH_VALID_MECH(mechanism))
646 		return (CRYPTO_MECHANISM_INVALID);
647 
648 	if (mechanism->cm_param_len != 0 &&
649 	    mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
650 		return (CRYPTO_MECHANISM_PARAM_INVALID);
651 
652 	bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
653 
654 	ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
655 	    key, crypto_kmflag(req));
656 	if (ret != CRYPTO_SUCCESS)
657 		return (ret);
658 
659 	saved_offset = ciphertext->cd_offset;
660 	saved_length = ciphertext->cd_length;
661 
662 	/*
663 	 * Do an update on the specified input data.
664 	 */
665 	switch (plaintext->cd_format) {
666 	case CRYPTO_DATA_RAW:
667 		ret = crypto_update_iov(&blowfish_ctx,
668 		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
669 		    blowfish_copy_block64);
670 		break;
671 	case CRYPTO_DATA_UIO:
672 		ret = crypto_update_uio(&blowfish_ctx,
673 		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
674 		    blowfish_copy_block64);
675 		break;
676 	case CRYPTO_DATA_MBLK:
677 		ret = crypto_update_mp((void *)&blowfish_ctx,
678 		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
679 		    blowfish_copy_block64);
680 		break;
681 	default:
682 		ret = CRYPTO_ARGUMENTS_BAD;
683 	}
684 
685 	if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
686 		bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
687 		kmem_free(blowfish_ctx.bc_keysched,
688 		    blowfish_ctx.bc_keysched_len);
689 	}
690 
691 	if (ret == CRYPTO_SUCCESS) {
692 		ASSERT(blowfish_ctx.bc_remainder_len == 0);
693 		if (plaintext != ciphertext)
694 			ciphertext->cd_length =
695 			    ciphertext->cd_offset - saved_offset;
696 	} else {
697 		ciphertext->cd_length = saved_length;
698 	}
699 	ciphertext->cd_offset = saved_offset;
700 
701 	return (ret);
702 }
703 
704 /* ARGSUSED */
705 static int
706 blowfish_decrypt_atomic(crypto_provider_handle_t provider,
707     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
708     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
709     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
710 {
711 	blowfish_ctx_t blowfish_ctx;	/* on the stack */
712 	off_t saved_offset;
713 	size_t saved_length;
714 	int ret;
715 
716 	BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
717 
718 	/*
719 	 * Ciphertext must be a multiple of blowfish block size.
720 	 * This test only works for non-padded mechanisms
721 	 * when blocksize is 2^N.
722 	 */
723 	if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
724 		return (CRYPTO_DATA_LEN_RANGE);
725 
726 	/* return length needed to store the output */
727 	if (plaintext->cd_length < ciphertext->cd_length) {
728 		plaintext->cd_length = ciphertext->cd_length;
729 		return (CRYPTO_BUFFER_TOO_SMALL);
730 	}
731 
732 	if (!BLOWFISH_VALID_MECH(mechanism))
733 		return (CRYPTO_MECHANISM_INVALID);
734 
735 	if (mechanism->cm_param_len != 0 &&
736 	    mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
737 		return (CRYPTO_MECHANISM_PARAM_INVALID);
738 
739 	bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
740 
741 	ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
742 	    key, crypto_kmflag(req));
743 	if (ret != CRYPTO_SUCCESS)
744 		return (ret);
745 
746 	saved_offset = plaintext->cd_offset;
747 	saved_length = plaintext->cd_length;
748 
749 	/*
750 	 * Do an update on the specified input data.
751 	 */
752 	switch (ciphertext->cd_format) {
753 	case CRYPTO_DATA_RAW:
754 		ret = crypto_update_iov(&blowfish_ctx,
755 		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
756 		    blowfish_copy_block64);
757 		break;
758 	case CRYPTO_DATA_UIO:
759 		ret = crypto_update_uio(&blowfish_ctx,
760 		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
761 		    blowfish_copy_block64);
762 		break;
763 	case CRYPTO_DATA_MBLK:
764 		ret = crypto_update_mp(&blowfish_ctx,
765 		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
766 		    blowfish_copy_block64);
767 		break;
768 	default:
769 		ret = CRYPTO_ARGUMENTS_BAD;
770 	}
771 
772 	if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
773 		bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
774 		kmem_free(blowfish_ctx.bc_keysched,
775 		    blowfish_ctx.bc_keysched_len);
776 	}
777 
778 	if (ret == CRYPTO_SUCCESS) {
779 		ASSERT(blowfish_ctx.bc_remainder_len == 0);
780 		if (ciphertext != plaintext)
781 			plaintext->cd_length =
782 			    plaintext->cd_offset - saved_offset;
783 	} else {
784 		plaintext->cd_length = saved_length;
785 	}
786 	plaintext->cd_offset = saved_offset;
787 
788 	return (ret);
789 }
790 
791 /*
792  * KCF software provider context template entry points.
793  */
794 /* ARGSUSED */
795 static int
796 blowfish_create_ctx_template(crypto_provider_handle_t provider,
797     crypto_mechanism_t *mechanism, crypto_key_t *key,
798     crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
799 {
800 
801 /* EXPORT DELETE START */
802 
803 	void *keysched;
804 	size_t size;
805 	int rv;
806 
807 	if (!BLOWFISH_VALID_MECH(mechanism))
808 		return (CRYPTO_MECHANISM_INVALID);
809 
810 	if ((keysched = blowfish_alloc_keysched(&size,
811 	    crypto_kmflag(req))) == NULL) {
812 		return (CRYPTO_HOST_MEMORY);
813 	}
814 
815 	/*
816 	 * Initialize key schedule.  Key length information is stored
817 	 * in the key.
818 	 */
819 	if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) {
820 		bzero(keysched, size);
821 		kmem_free(keysched, size);
822 		return (rv);
823 	}
824 
825 	*tmpl = keysched;
826 	*tmpl_size = size;
827 
828 /* EXPORT DELETE END */
829 
830 	return (CRYPTO_SUCCESS);
831 }
832 
833 /* ARGSUSED */
834 static int
835 blowfish_free_context(crypto_ctx_t *ctx)
836 {
837 	blowfish_ctx_t *blowfish_ctx = ctx->cc_provider_private;
838 
839 	if (blowfish_ctx != NULL) {
840 		if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
841 			ASSERT(blowfish_ctx->bc_keysched_len != 0);
842 			bzero(blowfish_ctx->bc_keysched,
843 			    blowfish_ctx->bc_keysched_len);
844 			kmem_free(blowfish_ctx->bc_keysched,
845 			    blowfish_ctx->bc_keysched_len);
846 		}
847 		crypto_free_mode_ctx(blowfish_ctx);
848 		ctx->cc_provider_private = NULL;
849 	}
850 
851 	return (CRYPTO_SUCCESS);
852 }
853 
854 /* ARGSUSED */
855 static int
856 blowfish_common_init_ctx(blowfish_ctx_t *blowfish_ctx,
857     crypto_spi_ctx_template_t *template, crypto_mechanism_t *mechanism,
858     crypto_key_t *key, int kmflag)
859 {
860 	int rv = CRYPTO_SUCCESS;
861 
862 /* EXPORT DELETE START */
863 
864 	void *keysched;
865 	size_t size;
866 
867 	if (template == NULL) {
868 		if ((keysched = blowfish_alloc_keysched(&size, kmflag)) == NULL)
869 			return (CRYPTO_HOST_MEMORY);
870 		/*
871 		 * Initialize key schedule.
872 		 * Key length is stored in the key.
873 		 */
874 		if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS)
875 			kmem_free(keysched, size);
876 
877 		blowfish_ctx->bc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
878 		blowfish_ctx->bc_keysched_len = size;
879 	} else {
880 		keysched = template;
881 	}
882 	blowfish_ctx->bc_keysched = keysched;
883 
884 	switch (mechanism->cm_type) {
885 	case BLOWFISH_CBC_MECH_INFO_TYPE:
886 		rv = cbc_init_ctx((cbc_ctx_t *)blowfish_ctx,
887 		    mechanism->cm_param, mechanism->cm_param_len,
888 		    BLOWFISH_BLOCK_LEN, blowfish_copy_block64);
889 		break;
890 	case BLOWFISH_ECB_MECH_INFO_TYPE:
891 		blowfish_ctx->bc_flags |= ECB_MODE;
892 	}
893 
894 	if (rv != CRYPTO_SUCCESS) {
895 		if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
896 			bzero(keysched, size);
897 			kmem_free(keysched, size);
898 		}
899 	}
900 
901 /* EXPORT DELETE END */
902 
903 	return (rv);
904 }
905