1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * In kernel module, the md5 module is created with two modlinkages:
29 * - a modlmisc that allows consumers to directly call the entry points
30 * MD5Init, MD5Update, and MD5Final.
31 * - a modlcrypto that allows the module to register with the Kernel
32 * Cryptographic Framework (KCF) as a software provider for the MD5
33 * mechanisms.
34 */
35
36 #include <sys/types.h>
37 #include <sys/systm.h>
38 #include <sys/modctl.h>
39 #include <sys/cmn_err.h>
40 #include <sys/ddi.h>
41 #include <sys/crypto/common.h>
42 #include <sys/crypto/spi.h>
43 #include <sys/sysmacros.h>
44 #include <sys/strsun.h>
45 #include <sys/note.h>
46 #include <sys/md5.h>
47
48 extern struct mod_ops mod_miscops;
49 extern struct mod_ops mod_cryptoops;
50
51 /*
52 * Module linkage information for the kernel.
53 */
54
55 static struct modlmisc modlmisc = {
56 &mod_miscops,
57 "MD5 Message-Digest Algorithm"
58 };
59
60 static struct modlcrypto modlcrypto = {
61 &mod_cryptoops,
62 "MD5 Kernel SW Provider"
63 };
64
65 static struct modlinkage modlinkage = {
66 MODREV_1,
67 (void *)&modlmisc,
68 (void *)&modlcrypto,
69 NULL
70 };
71
72 /*
73 * CSPI information (entry points, provider info, etc.)
74 */
75
76 typedef enum md5_mech_type {
77 MD5_MECH_INFO_TYPE, /* SUN_CKM_MD5 */
78 MD5_HMAC_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC */
79 MD5_HMAC_GEN_MECH_INFO_TYPE /* SUN_CKM_MD5_HMAC_GENERAL */
80 } md5_mech_type_t;
81
82 #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */
83 #define MD5_HMAC_BLOCK_SIZE 64 /* MD5 block size */
84 #define MD5_HMAC_MIN_KEY_LEN 1 /* MD5-HMAC min key length in bytes */
85 #define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bytes */
86 #define MD5_HMAC_INTS_PER_BLOCK (MD5_HMAC_BLOCK_SIZE/sizeof (uint32_t))
87
88 /*
89 * Context for MD5 mechanism.
90 */
91 typedef struct md5_ctx {
92 md5_mech_type_t mc_mech_type; /* type of context */
93 MD5_CTX mc_md5_ctx; /* MD5 context */
94 } md5_ctx_t;
95
96 /*
97 * Context for MD5-HMAC and MD5-HMAC-GENERAL mechanisms.
98 */
99 typedef struct md5_hmac_ctx {
100 md5_mech_type_t hc_mech_type; /* type of context */
101 uint32_t hc_digest_len; /* digest len in bytes */
102 MD5_CTX hc_icontext; /* inner MD5 context */
103 MD5_CTX hc_ocontext; /* outer MD5 context */
104 } md5_hmac_ctx_t;
105
106 /*
107 * Macros to access the MD5 or MD5-HMAC contexts from a context passed
108 * by KCF to one of the entry points.
109 */
110
111 #define PROV_MD5_CTX(ctx) ((md5_ctx_t *)(ctx)->cc_provider_private)
112 #define PROV_MD5_HMAC_CTX(ctx) ((md5_hmac_ctx_t *)(ctx)->cc_provider_private)
113 /* to extract the digest length passed as mechanism parameter */
114
115 #define PROV_MD5_GET_DIGEST_LEN(m, len) { \
116 if (IS_P2ALIGNED((m)->cm_param, sizeof (ulong_t))) \
117 (len) = (uint32_t)*((ulong_t *)(void *)mechanism->cm_param); \
118 else { \
119 ulong_t tmp_ulong; \
120 bcopy((m)->cm_param, &tmp_ulong, sizeof (ulong_t)); \
121 (len) = (uint32_t)tmp_ulong; \
122 } \
123 }
124
125 #define PROV_MD5_DIGEST_KEY(ctx, key, len, digest) { \
126 MD5Init(ctx); \
127 MD5Update(ctx, key, len); \
128 MD5Final(digest, ctx); \
129 }
130
131 /*
132 * Mechanism info structure passed to KCF during registration.
133 */
134 static crypto_mech_info_t md5_mech_info_tab[] = {
135 /* MD5 */
136 {SUN_CKM_MD5, MD5_MECH_INFO_TYPE,
137 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
138 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
139 /* MD5-HMAC */
140 {SUN_CKM_MD5_HMAC, MD5_HMAC_MECH_INFO_TYPE,
141 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
142 MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN,
143 CRYPTO_KEYSIZE_UNIT_IN_BYTES},
144 /* MD5-HMAC GENERAL */
145 {SUN_CKM_MD5_HMAC_GENERAL, MD5_HMAC_GEN_MECH_INFO_TYPE,
146 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
147 MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN,
148 CRYPTO_KEYSIZE_UNIT_IN_BYTES}
149 };
150
151 static void md5_provider_status(crypto_provider_handle_t, uint_t *);
152
153 static crypto_control_ops_t md5_control_ops = {
154 md5_provider_status
155 };
156
157 static int md5_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
158 crypto_req_handle_t);
159 static int md5_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
160 crypto_req_handle_t);
161 static int md5_digest_update(crypto_ctx_t *, crypto_data_t *,
162 crypto_req_handle_t);
163 static int md5_digest_final(crypto_ctx_t *, crypto_data_t *,
164 crypto_req_handle_t);
165 static int md5_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
166 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
167 crypto_req_handle_t);
168
169 static crypto_digest_ops_t md5_digest_ops = {
170 md5_digest_init,
171 md5_digest,
172 md5_digest_update,
173 NULL,
174 md5_digest_final,
175 md5_digest_atomic
176 };
177
178 static int md5_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
179 crypto_spi_ctx_template_t, crypto_req_handle_t);
180 static int md5_mac_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
181 static int md5_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
182 static int md5_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
183 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
184 crypto_spi_ctx_template_t, crypto_req_handle_t);
185 static int md5_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
186 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
187 crypto_spi_ctx_template_t, crypto_req_handle_t);
188
189 static crypto_mac_ops_t md5_mac_ops = {
190 md5_mac_init,
191 NULL,
192 md5_mac_update,
193 md5_mac_final,
194 md5_mac_atomic,
195 md5_mac_verify_atomic
196 };
197
198 static int md5_create_ctx_template(crypto_provider_handle_t,
199 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
200 size_t *, crypto_req_handle_t);
201 static int md5_free_context(crypto_ctx_t *);
202
203 static crypto_ctx_ops_t md5_ctx_ops = {
204 md5_create_ctx_template,
205 md5_free_context
206 };
207
208 static crypto_ops_t md5_crypto_ops = {
209 &md5_control_ops,
210 &md5_digest_ops,
211 NULL,
212 &md5_mac_ops,
213 NULL,
214 NULL,
215 NULL,
216 NULL,
217 NULL,
218 NULL,
219 NULL,
220 NULL,
221 NULL,
222 &md5_ctx_ops
223 };
224
225 static crypto_provider_info_t md5_prov_info = {
226 CRYPTO_SPI_VERSION_1,
227 "MD5 Software Provider",
228 CRYPTO_SW_PROVIDER,
229 {&modlinkage},
230 NULL,
231 &md5_crypto_ops,
232 sizeof (md5_mech_info_tab)/sizeof (crypto_mech_info_t),
233 md5_mech_info_tab
234 };
235
236 static crypto_kcf_provider_handle_t md5_prov_handle = NULL;
237
238 int
239 _init(void)
240 {
241 int ret;
242
243 if ((ret = mod_install(&modlinkage)) != 0)
244 return (ret);
245
246 /*
247 * Register with KCF. If the registration fails, do not uninstall the
248 * module, since the functionality provided by misc/md5 should still be
249 * available.
250 */
251 (void) crypto_register_provider(&md5_prov_info, &md5_prov_handle);
252
253 return (0);
254 }
255
256 int
257 _fini(void)
258 {
259 int ret;
260
261 /*
262 * Unregister from KCF if previous registration succeeded.
263 */
264 if (md5_prov_handle != NULL) {
265 if ((ret = crypto_unregister_provider(md5_prov_handle)) !=
266 CRYPTO_SUCCESS)
267 return (ret);
268
269 md5_prov_handle = NULL;
270 }
271
272 return (mod_remove(&modlinkage));
273 }
274
275 int
276 _info(struct modinfo *modinfop)
277 {
278 return (mod_info(&modlinkage, modinfop));
279 }
280
281 /*
282 * KCF software provider control entry points.
283 */
284 /* ARGSUSED */
285 static void
286 md5_provider_status(crypto_provider_handle_t provider, uint_t *status)
287 {
288 *status = CRYPTO_PROVIDER_READY;
289 }
290
291 /*
292 * KCF software provider digest entry points.
293 */
294
295 static int
296 md5_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
297 crypto_req_handle_t req)
298 {
299 if (mechanism->cm_type != MD5_MECH_INFO_TYPE)
300 return (CRYPTO_MECHANISM_INVALID);
301
302 /*
303 * Allocate and initialize MD5 context.
304 */
305 ctx->cc_provider_private = kmem_alloc(sizeof (md5_ctx_t),
306 crypto_kmflag(req));
307 if (ctx->cc_provider_private == NULL)
308 return (CRYPTO_HOST_MEMORY);
309
310 PROV_MD5_CTX(ctx)->mc_mech_type = MD5_MECH_INFO_TYPE;
311 MD5Init(&PROV_MD5_CTX(ctx)->mc_md5_ctx);
312
313 return (CRYPTO_SUCCESS);
314 }
315
316 /*
317 * Helper MD5 digest update function for uio data.
318 */
319 static int
320 md5_digest_update_uio(MD5_CTX *md5_ctx, crypto_data_t *data)
321 {
322 off_t offset = data->cd_offset;
323 size_t length = data->cd_length;
324 uint_t vec_idx;
325 size_t cur_len;
326
327 /* we support only kernel buffer */
328 if (data->cd_uio->uio_segflg != UIO_SYSSPACE)
329 return (CRYPTO_ARGUMENTS_BAD);
330
331 /*
332 * Jump to the first iovec containing data to be
333 * digested.
334 */
335 for (vec_idx = 0; vec_idx < data->cd_uio->uio_iovcnt &&
336 offset >= data->cd_uio->uio_iov[vec_idx].iov_len;
337 offset -= data->cd_uio->uio_iov[vec_idx++].iov_len)
338 ;
339 if (vec_idx == data->cd_uio->uio_iovcnt) {
340 /*
341 * The caller specified an offset that is larger than the
342 * total size of the buffers it provided.
343 */
344 return (CRYPTO_DATA_LEN_RANGE);
345 }
346
347 /*
348 * Now do the digesting on the iovecs.
349 */
350 while (vec_idx < data->cd_uio->uio_iovcnt && length > 0) {
351 cur_len = MIN(data->cd_uio->uio_iov[vec_idx].iov_len -
352 offset, length);
353
354 MD5Update(md5_ctx, data->cd_uio->uio_iov[vec_idx].iov_base +
355 offset, cur_len);
356
357 length -= cur_len;
358 vec_idx++;
359 offset = 0;
360 }
361
362 if (vec_idx == data->cd_uio->uio_iovcnt && length > 0) {
363 /*
364 * The end of the specified iovec's was reached but
365 * the length requested could not be processed, i.e.
366 * The caller requested to digest more data than it provided.
367 */
368 return (CRYPTO_DATA_LEN_RANGE);
369 }
370
371 return (CRYPTO_SUCCESS);
372 }
373
374 /*
375 * Helper MD5 digest final function for uio data.
376 * digest_len is the length of the desired digest. If digest_len
377 * is smaller than the default MD5 digest length, the caller
378 * must pass a scratch buffer, digest_scratch, which must
379 * be at least MD5_DIGEST_LENGTH bytes.
380 */
381 static int
382 md5_digest_final_uio(MD5_CTX *md5_ctx, crypto_data_t *digest,
383 ulong_t digest_len, uchar_t *digest_scratch)
384 {
385 off_t offset = digest->cd_offset;
386 uint_t vec_idx;
387
388 /* we support only kernel buffer */
389 if (digest->cd_uio->uio_segflg != UIO_SYSSPACE)
390 return (CRYPTO_ARGUMENTS_BAD);
391
392 /*
393 * Jump to the first iovec containing ptr to the digest to
394 * be returned.
395 */
396 for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len &&
397 vec_idx < digest->cd_uio->uio_iovcnt;
398 offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len)
399 ;
400 if (vec_idx == digest->cd_uio->uio_iovcnt) {
401 /*
402 * The caller specified an offset that is
403 * larger than the total size of the buffers
404 * it provided.
405 */
406 return (CRYPTO_DATA_LEN_RANGE);
407 }
408
409 if (offset + digest_len <=
410 digest->cd_uio->uio_iov[vec_idx].iov_len) {
411 /*
412 * The computed MD5 digest will fit in the current
413 * iovec.
414 */
415 if (digest_len != MD5_DIGEST_LENGTH) {
416 /*
417 * The caller requested a short digest. Digest
418 * into a scratch buffer and return to
419 * the user only what was requested.
420 */
421 MD5Final(digest_scratch, md5_ctx);
422 bcopy(digest_scratch, (uchar_t *)digest->
423 cd_uio->uio_iov[vec_idx].iov_base + offset,
424 digest_len);
425 } else {
426 MD5Final((uchar_t *)digest->
427 cd_uio->uio_iov[vec_idx].iov_base + offset,
428 md5_ctx);
429 }
430 } else {
431 /*
432 * The computed digest will be crossing one or more iovec's.
433 * This is bad performance-wise but we need to support it.
434 * Allocate a small scratch buffer on the stack and
435 * copy it piece meal to the specified digest iovec's.
436 */
437 uchar_t digest_tmp[MD5_DIGEST_LENGTH];
438 off_t scratch_offset = 0;
439 size_t length = digest_len;
440 size_t cur_len;
441
442 MD5Final(digest_tmp, md5_ctx);
443
444 while (vec_idx < digest->cd_uio->uio_iovcnt && length > 0) {
445 cur_len = MIN(digest->cd_uio->uio_iov[vec_idx].iov_len -
446 offset, length);
447 bcopy(digest_tmp + scratch_offset,
448 digest->cd_uio->uio_iov[vec_idx].iov_base + offset,
449 cur_len);
450
451 length -= cur_len;
452 vec_idx++;
453 scratch_offset += cur_len;
454 offset = 0;
455 }
456
457 if (vec_idx == digest->cd_uio->uio_iovcnt && length > 0) {
458 /*
459 * The end of the specified iovec's was reached but
460 * the length requested could not be processed, i.e.
461 * The caller requested to digest more data than it
462 * provided.
463 */
464 return (CRYPTO_DATA_LEN_RANGE);
465 }
466 }
467
468 return (CRYPTO_SUCCESS);
469 }
470
471 /*
472 * Helper MD5 digest update for mblk's.
473 */
474 static int
475 md5_digest_update_mblk(MD5_CTX *md5_ctx, crypto_data_t *data)
476 {
477 off_t offset = data->cd_offset;
478 size_t length = data->cd_length;
479 mblk_t *mp;
480 size_t cur_len;
481
482 /*
483 * Jump to the first mblk_t containing data to be digested.
484 */
485 for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp);
486 offset -= MBLKL(mp), mp = mp->b_cont)
487 ;
488 if (mp == NULL) {
489 /*
490 * The caller specified an offset that is larger than the
491 * total size of the buffers it provided.
492 */
493 return (CRYPTO_DATA_LEN_RANGE);
494 }
495
496 /*
497 * Now do the digesting on the mblk chain.
498 */
499 while (mp != NULL && length > 0) {
500 cur_len = MIN(MBLKL(mp) - offset, length);
501 MD5Update(md5_ctx, mp->b_rptr + offset, cur_len);
502 length -= cur_len;
503 offset = 0;
504 mp = mp->b_cont;
505 }
506
507 if (mp == NULL && length > 0) {
508 /*
509 * The end of the mblk was reached but the length requested
510 * could not be processed, i.e. The caller requested
511 * to digest more data than it provided.
512 */
513 return (CRYPTO_DATA_LEN_RANGE);
514 }
515
516 return (CRYPTO_SUCCESS);
517 }
518
519 /*
520 * Helper MD5 digest final for mblk's.
521 * digest_len is the length of the desired digest. If digest_len
522 * is smaller than the default MD5 digest length, the caller
523 * must pass a scratch buffer, digest_scratch, which must
524 * be at least MD5_DIGEST_LENGTH bytes.
525 */
526 static int
527 md5_digest_final_mblk(MD5_CTX *md5_ctx, crypto_data_t *digest,
528 ulong_t digest_len, uchar_t *digest_scratch)
529 {
530 off_t offset = digest->cd_offset;
531 mblk_t *mp;
532
533 /*
534 * Jump to the first mblk_t that will be used to store the digest.
535 */
536 for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp);
537 offset -= MBLKL(mp), mp = mp->b_cont)
538 ;
539 if (mp == NULL) {
540 /*
541 * The caller specified an offset that is larger than the
542 * total size of the buffers it provided.
543 */
544 return (CRYPTO_DATA_LEN_RANGE);
545 }
546
547 if (offset + digest_len <= MBLKL(mp)) {
548 /*
549 * The computed MD5 digest will fit in the current mblk.
550 * Do the MD5Final() in-place.
551 */
552 if (digest_len != MD5_DIGEST_LENGTH) {
553 /*
554 * The caller requested a short digest. Digest
555 * into a scratch buffer and return to
556 * the user only what was requested.
557 */
558 MD5Final(digest_scratch, md5_ctx);
559 bcopy(digest_scratch, mp->b_rptr + offset, digest_len);
560 } else {
561 MD5Final(mp->b_rptr + offset, md5_ctx);
562 }
563 } else {
564 /*
565 * The computed digest will be crossing one or more mblk's.
566 * This is bad performance-wise but we need to support it.
567 * Allocate a small scratch buffer on the stack and
568 * copy it piece meal to the specified digest iovec's.
569 */
570 uchar_t digest_tmp[MD5_DIGEST_LENGTH];
571 off_t scratch_offset = 0;
572 size_t length = digest_len;
573 size_t cur_len;
574
575 MD5Final(digest_tmp, md5_ctx);
576
577 while (mp != NULL && length > 0) {
578 cur_len = MIN(MBLKL(mp) - offset, length);
579 bcopy(digest_tmp + scratch_offset,
580 mp->b_rptr + offset, cur_len);
581
582 length -= cur_len;
583 mp = mp->b_cont;
584 scratch_offset += cur_len;
585 offset = 0;
586 }
587
588 if (mp == NULL && length > 0) {
589 /*
590 * The end of the specified mblk was reached but
591 * the length requested could not be processed, i.e.
592 * The caller requested to digest more data than it
593 * provided.
594 */
595 return (CRYPTO_DATA_LEN_RANGE);
596 }
597 }
598
599 return (CRYPTO_SUCCESS);
600 }
601
602 /* ARGSUSED */
603 static int
604 md5_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
605 crypto_req_handle_t req)
606 {
607 int ret = CRYPTO_SUCCESS;
608
609 ASSERT(ctx->cc_provider_private != NULL);
610
611 /*
612 * We need to just return the length needed to store the output.
613 * We should not destroy the context for the following cases.
614 */
615 if ((digest->cd_length == 0) ||
616 (digest->cd_length < MD5_DIGEST_LENGTH)) {
617 digest->cd_length = MD5_DIGEST_LENGTH;
618 return (CRYPTO_BUFFER_TOO_SMALL);
619 }
620
621 /*
622 * Do the MD5 update on the specified input data.
623 */
624 switch (data->cd_format) {
625 case CRYPTO_DATA_RAW:
626 MD5Update(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
627 data->cd_raw.iov_base + data->cd_offset,
628 data->cd_length);
629 break;
630 case CRYPTO_DATA_UIO:
631 ret = md5_digest_update_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
632 data);
633 break;
634 case CRYPTO_DATA_MBLK:
635 ret = md5_digest_update_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
636 data);
637 break;
638 default:
639 ret = CRYPTO_ARGUMENTS_BAD;
640 }
641
642 if (ret != CRYPTO_SUCCESS) {
643 /* the update failed, free context and bail */
644 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t));
645 ctx->cc_provider_private = NULL;
646 digest->cd_length = 0;
647 return (ret);
648 }
649
650 /*
651 * Do an MD5 final, must be done separately since the digest
652 * type can be different than the input data type.
653 */
654 switch (digest->cd_format) {
655 case CRYPTO_DATA_RAW:
656 MD5Final((unsigned char *)digest->cd_raw.iov_base +
657 digest->cd_offset, &PROV_MD5_CTX(ctx)->mc_md5_ctx);
658 break;
659 case CRYPTO_DATA_UIO:
660 ret = md5_digest_final_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
661 digest, MD5_DIGEST_LENGTH, NULL);
662 break;
663 case CRYPTO_DATA_MBLK:
664 ret = md5_digest_final_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
665 digest, MD5_DIGEST_LENGTH, NULL);
666 break;
667 default:
668 ret = CRYPTO_ARGUMENTS_BAD;
669 }
670
671 /* all done, free context and return */
672
673 if (ret == CRYPTO_SUCCESS) {
674 digest->cd_length = MD5_DIGEST_LENGTH;
675 } else {
676 digest->cd_length = 0;
677 }
678
679 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t));
680 ctx->cc_provider_private = NULL;
681 return (ret);
682 }
683
684 /* ARGSUSED */
685 static int
686 md5_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
687 crypto_req_handle_t req)
688 {
689 int ret = CRYPTO_SUCCESS;
690
691 ASSERT(ctx->cc_provider_private != NULL);
692
693 /*
694 * Do the MD5 update on the specified input data.
695 */
696 switch (data->cd_format) {
697 case CRYPTO_DATA_RAW:
698 MD5Update(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
699 data->cd_raw.iov_base + data->cd_offset,
700 data->cd_length);
701 break;
702 case CRYPTO_DATA_UIO:
703 ret = md5_digest_update_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
704 data);
705 break;
706 case CRYPTO_DATA_MBLK:
707 ret = md5_digest_update_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
708 data);
709 break;
710 default:
711 ret = CRYPTO_ARGUMENTS_BAD;
712 }
713
714 return (ret);
715 }
716
717 /* ARGSUSED */
718 static int
719 md5_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
720 crypto_req_handle_t req)
721 {
722 int ret = CRYPTO_SUCCESS;
723
724 ASSERT(ctx->cc_provider_private != NULL);
725
726 /*
727 * We need to just return the length needed to store the output.
728 * We should not destroy the context for the following cases.
729 */
730 if ((digest->cd_length == 0) ||
731 (digest->cd_length < MD5_DIGEST_LENGTH)) {
732 digest->cd_length = MD5_DIGEST_LENGTH;
733 return (CRYPTO_BUFFER_TOO_SMALL);
734 }
735
736 /*
737 * Do an MD5 final.
738 */
739 switch (digest->cd_format) {
740 case CRYPTO_DATA_RAW:
741 MD5Final((unsigned char *)digest->cd_raw.iov_base +
742 digest->cd_offset, &PROV_MD5_CTX(ctx)->mc_md5_ctx);
743 break;
744 case CRYPTO_DATA_UIO:
745 ret = md5_digest_final_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
746 digest, MD5_DIGEST_LENGTH, NULL);
747 break;
748 case CRYPTO_DATA_MBLK:
749 ret = md5_digest_final_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
750 digest, MD5_DIGEST_LENGTH, NULL);
751 break;
752 default:
753 ret = CRYPTO_ARGUMENTS_BAD;
754 }
755
756 /* all done, free context and return */
757
758 if (ret == CRYPTO_SUCCESS) {
759 digest->cd_length = MD5_DIGEST_LENGTH;
760 } else {
761 digest->cd_length = 0;
762 }
763
764 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t));
765 ctx->cc_provider_private = NULL;
766
767 return (ret);
768 }
769
770 /* ARGSUSED */
771 static int
772 md5_digest_atomic(crypto_provider_handle_t provider,
773 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
774 crypto_data_t *data, crypto_data_t *digest,
775 crypto_req_handle_t req)
776 {
777 int ret = CRYPTO_SUCCESS;
778 MD5_CTX md5_ctx;
779
780 if (mechanism->cm_type != MD5_MECH_INFO_TYPE)
781 return (CRYPTO_MECHANISM_INVALID);
782
783 /*
784 * Do the MD5 init.
785 */
786 MD5Init(&md5_ctx);
787
788 /*
789 * Do the MD5 update on the specified input data.
790 */
791 switch (data->cd_format) {
792 case CRYPTO_DATA_RAW:
793 MD5Update(&md5_ctx, data->cd_raw.iov_base + data->cd_offset,
794 data->cd_length);
795 break;
796 case CRYPTO_DATA_UIO:
797 ret = md5_digest_update_uio(&md5_ctx, data);
798 break;
799 case CRYPTO_DATA_MBLK:
800 ret = md5_digest_update_mblk(&md5_ctx, data);
801 break;
802 default:
803 ret = CRYPTO_ARGUMENTS_BAD;
804 }
805
806 if (ret != CRYPTO_SUCCESS) {
807 /* the update failed, bail */
808 digest->cd_length = 0;
809 return (ret);
810 }
811
812 /*
813 * Do an MD5 final, must be done separately since the digest
814 * type can be different than the input data type.
815 */
816 switch (digest->cd_format) {
817 case CRYPTO_DATA_RAW:
818 MD5Final((unsigned char *)digest->cd_raw.iov_base +
819 digest->cd_offset, &md5_ctx);
820 break;
821 case CRYPTO_DATA_UIO:
822 ret = md5_digest_final_uio(&md5_ctx, digest,
823 MD5_DIGEST_LENGTH, NULL);
824 break;
825 case CRYPTO_DATA_MBLK:
826 ret = md5_digest_final_mblk(&md5_ctx, digest,
827 MD5_DIGEST_LENGTH, NULL);
828 break;
829 default:
830 ret = CRYPTO_ARGUMENTS_BAD;
831 }
832
833 if (ret == CRYPTO_SUCCESS) {
834 digest->cd_length = MD5_DIGEST_LENGTH;
835 } else {
836 digest->cd_length = 0;
837 }
838
839 return (ret);
840 }
841
842 /*
843 * KCF software provider mac entry points.
844 *
845 * MD5 HMAC is: MD5(key XOR opad, MD5(key XOR ipad, text))
846 *
847 * Init:
848 * The initialization routine initializes what we denote
849 * as the inner and outer contexts by doing
850 * - for inner context: MD5(key XOR ipad)
851 * - for outer context: MD5(key XOR opad)
852 *
853 * Update:
854 * Each subsequent MD5 HMAC update will result in an
855 * update of the inner context with the specified data.
856 *
857 * Final:
858 * The MD5 HMAC final will do a MD5 final operation on the
859 * inner context, and the resulting digest will be used
860 * as the data for an update on the outer context. Last
861 * but not least, an MD5 final on the outer context will
862 * be performed to obtain the MD5 HMAC digest to return
863 * to the user.
864 */
865
866 /*
867 * Initialize a MD5-HMAC context.
868 */
869 static void
870 md5_mac_init_ctx(md5_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
871 {
872 uint32_t ipad[MD5_HMAC_INTS_PER_BLOCK];
873 uint32_t opad[MD5_HMAC_INTS_PER_BLOCK];
874 uint_t i;
875
876 bzero(ipad, MD5_HMAC_BLOCK_SIZE);
877 bzero(opad, MD5_HMAC_BLOCK_SIZE);
878
879 bcopy(keyval, ipad, length_in_bytes);
880 bcopy(keyval, opad, length_in_bytes);
881
882 /* XOR key with ipad (0x36) and opad (0x5c) */
883 for (i = 0; i < MD5_HMAC_INTS_PER_BLOCK; i++) {
884 ipad[i] ^= 0x36363636;
885 opad[i] ^= 0x5c5c5c5c;
886 }
887
888 /* perform MD5 on ipad */
889 MD5Init(&ctx->hc_icontext);
890 MD5Update(&ctx->hc_icontext, ipad, MD5_HMAC_BLOCK_SIZE);
891
892 /* perform MD5 on opad */
893 MD5Init(&ctx->hc_ocontext);
894 MD5Update(&ctx->hc_ocontext, opad, MD5_HMAC_BLOCK_SIZE);
895 }
896
897 /*
898 * Initializes a multi-part MAC operation.
899 */
900 static int
901 md5_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
902 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
903 crypto_req_handle_t req)
904 {
905 int ret = CRYPTO_SUCCESS;
906 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
907
908 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE &&
909 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)
910 return (CRYPTO_MECHANISM_INVALID);
911
912 /* Add support for key by attributes (RFE 4706552) */
913 if (key->ck_format != CRYPTO_KEY_RAW)
914 return (CRYPTO_ARGUMENTS_BAD);
915
916 ctx->cc_provider_private = kmem_alloc(sizeof (md5_hmac_ctx_t),
917 crypto_kmflag(req));
918 if (ctx->cc_provider_private == NULL)
919 return (CRYPTO_HOST_MEMORY);
920
921 if (ctx_template != NULL) {
922 /* reuse context template */
923 bcopy(ctx_template, PROV_MD5_HMAC_CTX(ctx),
924 sizeof (md5_hmac_ctx_t));
925 } else {
926 /* no context template, compute context */
927 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
928 uchar_t digested_key[MD5_DIGEST_LENGTH];
929 md5_hmac_ctx_t *hmac_ctx = ctx->cc_provider_private;
930
931 /*
932 * Hash the passed-in key to get a smaller key.
933 * The inner context is used since it hasn't been
934 * initialized yet.
935 */
936 PROV_MD5_DIGEST_KEY(&hmac_ctx->hc_icontext,
937 key->ck_data, keylen_in_bytes, digested_key);
938 md5_mac_init_ctx(PROV_MD5_HMAC_CTX(ctx),
939 digested_key, MD5_DIGEST_LENGTH);
940 } else {
941 md5_mac_init_ctx(PROV_MD5_HMAC_CTX(ctx),
942 key->ck_data, keylen_in_bytes);
943 }
944 }
945
946 /*
947 * Get the mechanism parameters, if applicable.
948 */
949 PROV_MD5_HMAC_CTX(ctx)->hc_mech_type = mechanism->cm_type;
950 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) {
951 if (mechanism->cm_param == NULL ||
952 mechanism->cm_param_len != sizeof (ulong_t))
953 ret = CRYPTO_MECHANISM_PARAM_INVALID;
954 PROV_MD5_GET_DIGEST_LEN(mechanism,
955 PROV_MD5_HMAC_CTX(ctx)->hc_digest_len);
956 if (PROV_MD5_HMAC_CTX(ctx)->hc_digest_len >
957 MD5_DIGEST_LENGTH)
958 ret = CRYPTO_MECHANISM_PARAM_INVALID;
959 }
960
961 if (ret != CRYPTO_SUCCESS) {
962 bzero(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
963 kmem_free(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
964 ctx->cc_provider_private = NULL;
965 }
966
967 return (ret);
968 }
969
970
971 /* ARGSUSED */
972 static int
973 md5_mac_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
974 {
975 int ret = CRYPTO_SUCCESS;
976
977 ASSERT(ctx->cc_provider_private != NULL);
978
979 /*
980 * Do an MD5 update of the inner context using the specified
981 * data.
982 */
983 switch (data->cd_format) {
984 case CRYPTO_DATA_RAW:
985 MD5Update(&PROV_MD5_HMAC_CTX(ctx)->hc_icontext,
986 data->cd_raw.iov_base + data->cd_offset,
987 data->cd_length);
988 break;
989 case CRYPTO_DATA_UIO:
990 ret = md5_digest_update_uio(
991 &PROV_MD5_HMAC_CTX(ctx)->hc_icontext, data);
992 break;
993 case CRYPTO_DATA_MBLK:
994 ret = md5_digest_update_mblk(
995 &PROV_MD5_HMAC_CTX(ctx)->hc_icontext, data);
996 break;
997 default:
998 ret = CRYPTO_ARGUMENTS_BAD;
999 }
1000
1001 return (ret);
1002 }
1003
1004 /* ARGSUSED */
1005 static int
1006 md5_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
1007 {
1008 int ret = CRYPTO_SUCCESS;
1009 uchar_t digest[MD5_DIGEST_LENGTH];
1010 uint32_t digest_len = MD5_DIGEST_LENGTH;
1011
1012 ASSERT(ctx->cc_provider_private != NULL);
1013
1014 if (PROV_MD5_HMAC_CTX(ctx)->hc_mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE)
1015 digest_len = PROV_MD5_HMAC_CTX(ctx)->hc_digest_len;
1016
1017 /*
1018 * We need to just return the length needed to store the output.
1019 * We should not destroy the context for the following cases.
1020 */
1021 if ((mac->cd_length == 0) || (mac->cd_length < digest_len)) {
1022 mac->cd_length = digest_len;
1023 return (CRYPTO_BUFFER_TOO_SMALL);
1024 }
1025
1026 /*
1027 * Do an MD5 final on the inner context.
1028 */
1029 MD5Final(digest, &PROV_MD5_HMAC_CTX(ctx)->hc_icontext);
1030
1031 /*
1032 * Do an MD5 update on the outer context, feeding the inner
1033 * digest as data.
1034 */
1035 MD5Update(&PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, digest,
1036 MD5_DIGEST_LENGTH);
1037
1038 /*
1039 * Do an MD5 final on the outer context, storing the computing
1040 * digest in the users buffer.
1041 */
1042 switch (mac->cd_format) {
1043 case CRYPTO_DATA_RAW:
1044 if (digest_len != MD5_DIGEST_LENGTH) {
1045 /*
1046 * The caller requested a short digest. Digest
1047 * into a scratch buffer and return to
1048 * the user only what was requested.
1049 */
1050 MD5Final(digest,
1051 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext);
1052 bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1053 mac->cd_offset, digest_len);
1054 } else {
1055 MD5Final((unsigned char *)mac->cd_raw.iov_base +
1056 mac->cd_offset,
1057 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext);
1058 }
1059 break;
1060 case CRYPTO_DATA_UIO:
1061 ret = md5_digest_final_uio(
1062 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, mac,
1063 digest_len, digest);
1064 break;
1065 case CRYPTO_DATA_MBLK:
1066 ret = md5_digest_final_mblk(
1067 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, mac,
1068 digest_len, digest);
1069 break;
1070 default:
1071 ret = CRYPTO_ARGUMENTS_BAD;
1072 }
1073
1074 if (ret == CRYPTO_SUCCESS) {
1075 mac->cd_length = digest_len;
1076 } else {
1077 mac->cd_length = 0;
1078 }
1079
1080 bzero(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
1081 kmem_free(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
1082 ctx->cc_provider_private = NULL;
1083
1084 return (ret);
1085 }
1086
1087 #define MD5_MAC_UPDATE(data, ctx, ret) { \
1088 switch (data->cd_format) { \
1089 case CRYPTO_DATA_RAW: \
1090 MD5Update(&(ctx).hc_icontext, \
1091 data->cd_raw.iov_base + data->cd_offset, \
1092 data->cd_length); \
1093 break; \
1094 case CRYPTO_DATA_UIO: \
1095 ret = md5_digest_update_uio(&(ctx).hc_icontext, data); \
1096 break; \
1097 case CRYPTO_DATA_MBLK: \
1098 ret = md5_digest_update_mblk(&(ctx).hc_icontext, \
1099 data); \
1100 break; \
1101 default: \
1102 ret = CRYPTO_ARGUMENTS_BAD; \
1103 } \
1104 }
1105
1106
1107 /* ARGSUSED */
1108 static int
1109 md5_mac_atomic(crypto_provider_handle_t provider,
1110 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1111 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1112 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1113 {
1114 int ret = CRYPTO_SUCCESS;
1115 uchar_t digest[MD5_DIGEST_LENGTH];
1116 md5_hmac_ctx_t md5_hmac_ctx;
1117 uint32_t digest_len = MD5_DIGEST_LENGTH;
1118 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1119
1120 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE &&
1121 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)
1122 return (CRYPTO_MECHANISM_INVALID);
1123
1124 /* Add support for key by attributes (RFE 4706552) */
1125 if (key->ck_format != CRYPTO_KEY_RAW)
1126 return (CRYPTO_ARGUMENTS_BAD);
1127
1128 if (ctx_template != NULL) {
1129 /* reuse context template */
1130 bcopy(ctx_template, &md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1131 } else {
1132 /* no context template, compute context */
1133 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
1134 /*
1135 * Hash the passed-in key to get a smaller key.
1136 * The inner context is used since it hasn't been
1137 * initialized yet.
1138 */
1139 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx.hc_icontext,
1140 key->ck_data, keylen_in_bytes, digest);
1141 md5_mac_init_ctx(&md5_hmac_ctx, digest,
1142 MD5_DIGEST_LENGTH);
1143 } else {
1144 md5_mac_init_ctx(&md5_hmac_ctx, key->ck_data,
1145 keylen_in_bytes);
1146 }
1147 }
1148
1149 /*
1150 * Get the mechanism parameters, if applicable.
1151 */
1152 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) {
1153 if (mechanism->cm_param == NULL ||
1154 mechanism->cm_param_len != sizeof (ulong_t)) {
1155 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1156 goto bail;
1157 }
1158 PROV_MD5_GET_DIGEST_LEN(mechanism, digest_len);
1159 if (digest_len > MD5_DIGEST_LENGTH) {
1160 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1161 goto bail;
1162 }
1163 }
1164
1165 /* do an MD5 update of the inner context using the specified data */
1166 MD5_MAC_UPDATE(data, md5_hmac_ctx, ret);
1167 if (ret != CRYPTO_SUCCESS)
1168 /* the update failed, free context and bail */
1169 goto bail;
1170
1171 /* do an MD5 final on the inner context */
1172 MD5Final(digest, &md5_hmac_ctx.hc_icontext);
1173
1174 /*
1175 * Do an MD5 update on the outer context, feeding the inner
1176 * digest as data.
1177 */
1178 MD5Update(&md5_hmac_ctx.hc_ocontext, digest, MD5_DIGEST_LENGTH);
1179
1180 /*
1181 * Do an MD5 final on the outer context, storing the computed
1182 * digest in the users buffer.
1183 */
1184 switch (mac->cd_format) {
1185 case CRYPTO_DATA_RAW:
1186 if (digest_len != MD5_DIGEST_LENGTH) {
1187 /*
1188 * The caller requested a short digest. Digest
1189 * into a scratch buffer and return to
1190 * the user only what was requested.
1191 */
1192 MD5Final(digest, &md5_hmac_ctx.hc_ocontext);
1193 bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1194 mac->cd_offset, digest_len);
1195 } else {
1196 MD5Final((unsigned char *)mac->cd_raw.iov_base +
1197 mac->cd_offset, &md5_hmac_ctx.hc_ocontext);
1198 }
1199 break;
1200 case CRYPTO_DATA_UIO:
1201 ret = md5_digest_final_uio(&md5_hmac_ctx.hc_ocontext, mac,
1202 digest_len, digest);
1203 break;
1204 case CRYPTO_DATA_MBLK:
1205 ret = md5_digest_final_mblk(&md5_hmac_ctx.hc_ocontext, mac,
1206 digest_len, digest);
1207 break;
1208 default:
1209 ret = CRYPTO_ARGUMENTS_BAD;
1210 }
1211
1212 if (ret == CRYPTO_SUCCESS) {
1213 mac->cd_length = digest_len;
1214 } else {
1215 mac->cd_length = 0;
1216 }
1217 /* Extra paranoia: zeroizing the local context on the stack */
1218 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1219
1220 return (ret);
1221 bail:
1222 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1223 mac->cd_length = 0;
1224 return (ret);
1225 }
1226
1227 /* ARGSUSED */
1228 static int
1229 md5_mac_verify_atomic(crypto_provider_handle_t provider,
1230 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1231 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1232 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1233 {
1234 int ret = CRYPTO_SUCCESS;
1235 uchar_t digest[MD5_DIGEST_LENGTH];
1236 md5_hmac_ctx_t md5_hmac_ctx;
1237 uint32_t digest_len = MD5_DIGEST_LENGTH;
1238 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1239
1240 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE &&
1241 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)
1242 return (CRYPTO_MECHANISM_INVALID);
1243
1244 /* Add support for key by attributes (RFE 4706552) */
1245 if (key->ck_format != CRYPTO_KEY_RAW)
1246 return (CRYPTO_ARGUMENTS_BAD);
1247
1248 if (ctx_template != NULL) {
1249 /* reuse context template */
1250 bcopy(ctx_template, &md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1251 } else {
1252 /* no context template, compute context */
1253 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
1254 /*
1255 * Hash the passed-in key to get a smaller key.
1256 * The inner context is used since it hasn't been
1257 * initialized yet.
1258 */
1259 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx.hc_icontext,
1260 key->ck_data, keylen_in_bytes, digest);
1261 md5_mac_init_ctx(&md5_hmac_ctx, digest,
1262 MD5_DIGEST_LENGTH);
1263 } else {
1264 md5_mac_init_ctx(&md5_hmac_ctx, key->ck_data,
1265 keylen_in_bytes);
1266 }
1267 }
1268
1269 /*
1270 * Get the mechanism parameters, if applicable.
1271 */
1272 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) {
1273 if (mechanism->cm_param == NULL ||
1274 mechanism->cm_param_len != sizeof (ulong_t)) {
1275 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1276 goto bail;
1277 }
1278 PROV_MD5_GET_DIGEST_LEN(mechanism, digest_len);
1279 if (digest_len > MD5_DIGEST_LENGTH) {
1280 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1281 goto bail;
1282 }
1283 }
1284
1285 if (mac->cd_length != digest_len) {
1286 ret = CRYPTO_INVALID_MAC;
1287 goto bail;
1288 }
1289
1290 /* do an MD5 update of the inner context using the specified data */
1291 MD5_MAC_UPDATE(data, md5_hmac_ctx, ret);
1292 if (ret != CRYPTO_SUCCESS)
1293 /* the update failed, free context and bail */
1294 goto bail;
1295
1296 /* do an MD5 final on the inner context */
1297 MD5Final(digest, &md5_hmac_ctx.hc_icontext);
1298
1299 /*
1300 * Do an MD5 update on the outer context, feeding the inner
1301 * digest as data.
1302 */
1303 MD5Update(&md5_hmac_ctx.hc_ocontext, digest, MD5_DIGEST_LENGTH);
1304
1305 /*
1306 * Do an MD5 final on the outer context, storing the computed
1307 * digest in the local digest buffer.
1308 */
1309 MD5Final(digest, &md5_hmac_ctx.hc_ocontext);
1310
1311 /*
1312 * Compare the computed digest against the expected digest passed
1313 * as argument.
1314 */
1315 switch (mac->cd_format) {
1316
1317 case CRYPTO_DATA_RAW:
1318 if (bcmp(digest, (unsigned char *)mac->cd_raw.iov_base +
1319 mac->cd_offset, digest_len) != 0)
1320 ret = CRYPTO_INVALID_MAC;
1321 break;
1322
1323 case CRYPTO_DATA_UIO: {
1324 off_t offset = mac->cd_offset;
1325 uint_t vec_idx;
1326 off_t scratch_offset = 0;
1327 size_t length = digest_len;
1328 size_t cur_len;
1329
1330 /* we support only kernel buffer */
1331 if (mac->cd_uio->uio_segflg != UIO_SYSSPACE)
1332 return (CRYPTO_ARGUMENTS_BAD);
1333
1334 /* jump to the first iovec containing the expected digest */
1335 for (vec_idx = 0;
1336 offset >= mac->cd_uio->uio_iov[vec_idx].iov_len &&
1337 vec_idx < mac->cd_uio->uio_iovcnt;
1338 offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len)
1339 ;
1340 if (vec_idx == mac->cd_uio->uio_iovcnt) {
1341 /*
1342 * The caller specified an offset that is
1343 * larger than the total size of the buffers
1344 * it provided.
1345 */
1346 ret = CRYPTO_DATA_LEN_RANGE;
1347 break;
1348 }
1349
1350 /* do the comparison of computed digest vs specified one */
1351 while (vec_idx < mac->cd_uio->uio_iovcnt && length > 0) {
1352 cur_len = MIN(mac->cd_uio->uio_iov[vec_idx].iov_len -
1353 offset, length);
1354
1355 if (bcmp(digest + scratch_offset,
1356 mac->cd_uio->uio_iov[vec_idx].iov_base + offset,
1357 cur_len) != 0) {
1358 ret = CRYPTO_INVALID_MAC;
1359 break;
1360 }
1361
1362 length -= cur_len;
1363 vec_idx++;
1364 scratch_offset += cur_len;
1365 offset = 0;
1366 }
1367 break;
1368 }
1369
1370 case CRYPTO_DATA_MBLK: {
1371 off_t offset = mac->cd_offset;
1372 mblk_t *mp;
1373 off_t scratch_offset = 0;
1374 size_t length = digest_len;
1375 size_t cur_len;
1376
1377 /* jump to the first mblk_t containing the expected digest */
1378 for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp);
1379 offset -= MBLKL(mp), mp = mp->b_cont)
1380 ;
1381 if (mp == NULL) {
1382 /*
1383 * The caller specified an offset that is larger than
1384 * the total size of the buffers it provided.
1385 */
1386 ret = CRYPTO_DATA_LEN_RANGE;
1387 break;
1388 }
1389
1390 while (mp != NULL && length > 0) {
1391 cur_len = MIN(MBLKL(mp) - offset, length);
1392 if (bcmp(digest + scratch_offset,
1393 mp->b_rptr + offset, cur_len) != 0) {
1394 ret = CRYPTO_INVALID_MAC;
1395 break;
1396 }
1397
1398 length -= cur_len;
1399 mp = mp->b_cont;
1400 scratch_offset += cur_len;
1401 offset = 0;
1402 }
1403 break;
1404 }
1405
1406 default:
1407 ret = CRYPTO_ARGUMENTS_BAD;
1408 }
1409
1410 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1411 return (ret);
1412 bail:
1413 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1414 mac->cd_length = 0;
1415 return (ret);
1416 }
1417
1418 /*
1419 * KCF software provider context management entry points.
1420 */
1421
1422 /* ARGSUSED */
1423 static int
1424 md5_create_ctx_template(crypto_provider_handle_t provider,
1425 crypto_mechanism_t *mechanism, crypto_key_t *key,
1426 crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
1427 crypto_req_handle_t req)
1428 {
1429 md5_hmac_ctx_t *md5_hmac_ctx_tmpl;
1430 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1431
1432 if ((mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE) &&
1433 (mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE))
1434 return (CRYPTO_MECHANISM_INVALID);
1435
1436 /* Add support for key by attributes (RFE 4706552) */
1437 if (key->ck_format != CRYPTO_KEY_RAW)
1438 return (CRYPTO_ARGUMENTS_BAD);
1439
1440 /*
1441 * Allocate and initialize MD5 context.
1442 */
1443 md5_hmac_ctx_tmpl = kmem_alloc(sizeof (md5_hmac_ctx_t),
1444 crypto_kmflag(req));
1445 if (md5_hmac_ctx_tmpl == NULL)
1446 return (CRYPTO_HOST_MEMORY);
1447
1448 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
1449 uchar_t digested_key[MD5_DIGEST_LENGTH];
1450
1451 /*
1452 * Hash the passed-in key to get a smaller key.
1453 * The inner context is used since it hasn't been
1454 * initialized yet.
1455 */
1456 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx_tmpl->hc_icontext,
1457 key->ck_data, keylen_in_bytes, digested_key);
1458 md5_mac_init_ctx(md5_hmac_ctx_tmpl, digested_key,
1459 MD5_DIGEST_LENGTH);
1460 } else {
1461 md5_mac_init_ctx(md5_hmac_ctx_tmpl, key->ck_data,
1462 keylen_in_bytes);
1463 }
1464
1465 md5_hmac_ctx_tmpl->hc_mech_type = mechanism->cm_type;
1466 *ctx_template = (crypto_spi_ctx_template_t)md5_hmac_ctx_tmpl;
1467 *ctx_template_size = sizeof (md5_hmac_ctx_t);
1468
1469 return (CRYPTO_SUCCESS);
1470 }
1471
1472 static int
1473 md5_free_context(crypto_ctx_t *ctx)
1474 {
1475 uint_t ctx_len;
1476 md5_mech_type_t mech_type;
1477
1478 if (ctx->cc_provider_private == NULL)
1479 return (CRYPTO_SUCCESS);
1480
1481 /*
1482 * We have to free either MD5 or MD5-HMAC contexts, which
1483 * have different lengths.
1484 */
1485
1486 mech_type = PROV_MD5_CTX(ctx)->mc_mech_type;
1487 if (mech_type == MD5_MECH_INFO_TYPE)
1488 ctx_len = sizeof (md5_ctx_t);
1489 else {
1490 ASSERT(mech_type == MD5_HMAC_MECH_INFO_TYPE ||
1491 mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE);
1492 ctx_len = sizeof (md5_hmac_ctx_t);
1493 }
1494
1495 bzero(ctx->cc_provider_private, ctx_len);
1496 kmem_free(ctx->cc_provider_private, ctx_len);
1497 ctx->cc_provider_private = NULL;
1498
1499 return (CRYPTO_SUCCESS);
1500 }