1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #ifndef _COMMON_CRYPTO_MODES_H
  27 #define _COMMON_CRYPTO_MODES_H
  28 
  29 #ifdef  __cplusplus
  30 extern "C" {
  31 #endif
  32 
  33 #include <sys/strsun.h>
  34 #include <sys/systm.h>
  35 #include <sys/sysmacros.h>
  36 #include <sys/types.h>
  37 #include <sys/errno.h>
  38 #include <sys/rwlock.h>
  39 #include <sys/kmem.h>
  40 #include <sys/crypto/common.h>
  41 #include <sys/crypto/impl.h>
  42 
  43 #define ECB_MODE                        0x00000002
  44 #define CBC_MODE                        0x00000004
  45 #define CTR_MODE                        0x00000008
  46 #define CCM_MODE                        0x00000010
  47 #define GCM_MODE                        0x00000020
  48 #define GMAC_MODE                       0x00000040
  49 
  50 /*
  51  * cc_keysched:         Pointer to key schedule.
  52  *
  53  * cc_keysched_len:     Length of the key schedule.
  54  *
  55  * cc_remainder:        This is for residual data, i.e. data that can't
  56  *                      be processed because there are too few bytes.
  57  *                      Must wait until more data arrives.
  58  *
  59  * cc_remainder_len:    Number of bytes in cc_remainder.
  60  *
  61  * cc_iv:               Scratch buffer that sometimes contains the IV.
  62  *
  63  * cc_lastp:            Pointer to previous block of ciphertext.
  64  *
  65  * cc_copy_to:          Pointer to where encrypted residual data needs
  66  *                      to be copied.
  67  *
  68  * cc_flags:            PROVIDER_OWNS_KEY_SCHEDULE
  69  *                      When a context is freed, it is necessary
  70  *                      to know whether the key schedule was allocated
  71  *                      by the caller, or internally, e.g. an init routine.
  72  *                      If allocated by the latter, then it needs to be freed.
  73  *
  74  *                      ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE
  75  */
  76 struct common_ctx {
  77         void *cc_keysched;
  78         size_t cc_keysched_len;
  79         uint64_t cc_iv[2];
  80         uint64_t cc_remainder[2];
  81         size_t cc_remainder_len;
  82         uint8_t *cc_lastp;
  83         uint8_t *cc_copy_to;
  84         uint32_t cc_flags;
  85 };
  86 
  87 typedef struct common_ctx common_ctx_t;
  88 
  89 typedef struct ecb_ctx {
  90         struct common_ctx ecb_common;
  91         uint64_t ecb_lastblock[2];
  92 } ecb_ctx_t;
  93 
  94 #define ecb_keysched            ecb_common.cc_keysched
  95 #define ecb_keysched_len        ecb_common.cc_keysched_len
  96 #define ecb_iv                  ecb_common.cc_iv
  97 #define ecb_remainder           ecb_common.cc_remainder
  98 #define ecb_remainder_len       ecb_common.cc_remainder_len
  99 #define ecb_lastp               ecb_common.cc_lastp
 100 #define ecb_copy_to             ecb_common.cc_copy_to
 101 #define ecb_flags               ecb_common.cc_flags
 102 
 103 typedef struct cbc_ctx {
 104         struct common_ctx cbc_common;
 105         uint64_t cbc_lastblock[2];
 106 } cbc_ctx_t;
 107 
 108 #define cbc_keysched            cbc_common.cc_keysched
 109 #define cbc_keysched_len        cbc_common.cc_keysched_len
 110 #define cbc_iv                  cbc_common.cc_iv
 111 #define cbc_remainder           cbc_common.cc_remainder
 112 #define cbc_remainder_len       cbc_common.cc_remainder_len
 113 #define cbc_lastp               cbc_common.cc_lastp
 114 #define cbc_copy_to             cbc_common.cc_copy_to
 115 #define cbc_flags               cbc_common.cc_flags
 116 
 117 /*
 118  * ctr_lower_mask               Bit-mask for lower 8 bytes of counter block.
 119  * ctr_upper_mask               Bit-mask for upper 8 bytes of counter block.
 120  */
 121 typedef struct ctr_ctx {
 122         struct common_ctx ctr_common;
 123         uint64_t ctr_lower_mask;
 124         uint64_t ctr_upper_mask;
 125         uint32_t ctr_tmp[4];
 126 } ctr_ctx_t;
 127 
 128 /*
 129  * ctr_cb                       Counter block.
 130  */
 131 #define ctr_keysched            ctr_common.cc_keysched
 132 #define ctr_keysched_len        ctr_common.cc_keysched_len
 133 #define ctr_cb                  ctr_common.cc_iv
 134 #define ctr_remainder           ctr_common.cc_remainder
 135 #define ctr_remainder_len       ctr_common.cc_remainder_len
 136 #define ctr_lastp               ctr_common.cc_lastp
 137 #define ctr_copy_to             ctr_common.cc_copy_to
 138 #define ctr_flags               ctr_common.cc_flags
 139 
 140 /*
 141  *
 142  * ccm_mac_len:         Stores length of the MAC in CCM mode.
 143  * ccm_mac_buf:         Stores the intermediate value for MAC in CCM encrypt.
 144  *                      In CCM decrypt, stores the input MAC value.
 145  * ccm_data_len:        Length of the plaintext for CCM mode encrypt, or
 146  *                      length of the ciphertext for CCM mode decrypt.
 147  * ccm_processed_data_len:
 148  *                      Length of processed plaintext in CCM mode encrypt,
 149  *                      or length of processed ciphertext for CCM mode decrypt.
 150  * ccm_processed_mac_len:
 151  *                      Length of MAC data accumulated in CCM mode decrypt.
 152  *
 153  * ccm_pt_buf:          Only used in CCM mode decrypt.  It stores the
 154  *                      decrypted plaintext to be returned when
 155  *                      MAC verification succeeds in decrypt_final.
 156  *                      Memory for this should be allocated in the AES module.
 157  *
 158  */
 159 typedef struct ccm_ctx {
 160         struct common_ctx ccm_common;
 161         uint32_t ccm_tmp[4];
 162         size_t ccm_mac_len;
 163         uint64_t ccm_mac_buf[2];
 164         size_t ccm_data_len;
 165         size_t ccm_processed_data_len;
 166         size_t ccm_processed_mac_len;
 167         uint8_t *ccm_pt_buf;
 168         uint64_t ccm_mac_input_buf[2];
 169         uint64_t ccm_counter_mask;
 170 } ccm_ctx_t;
 171 
 172 #define ccm_keysched            ccm_common.cc_keysched
 173 #define ccm_keysched_len        ccm_common.cc_keysched_len
 174 #define ccm_cb                  ccm_common.cc_iv
 175 #define ccm_remainder           ccm_common.cc_remainder
 176 #define ccm_remainder_len       ccm_common.cc_remainder_len
 177 #define ccm_lastp               ccm_common.cc_lastp
 178 #define ccm_copy_to             ccm_common.cc_copy_to
 179 #define ccm_flags               ccm_common.cc_flags
 180 
 181 /*
 182  * gcm_tag_len:         Length of authentication tag.
 183  *
 184  * gcm_ghash:           Stores output from the GHASH function.
 185  *
 186  * gcm_processed_data_len:
 187  *                      Length of processed plaintext (encrypt) or
 188  *                      length of processed ciphertext (decrypt).
 189  *
 190  * gcm_pt_buf:          Stores the decrypted plaintext returned by
 191  *                      decrypt_final when the computed authentication
 192  *                      tag matches the user supplied tag.
 193  *
 194  * gcm_pt_buf_len:      Length of the plaintext buffer.
 195  *
 196  * gcm_H:               Subkey.
 197  *
 198  * gcm_J0:              Pre-counter block generated from the IV.
 199  *
 200  * gcm_len_a_len_c:     64-bit representations of the bit lengths of
 201  *                      AAD and ciphertext.
 202  *
 203  * gcm_kmflag:          Current value of kmflag. Used only for allocating
 204  *                      the plaintext buffer during decryption.
 205  */
 206 typedef struct gcm_ctx {
 207         struct common_ctx gcm_common;
 208         size_t gcm_tag_len;
 209         size_t gcm_processed_data_len;
 210         size_t gcm_pt_buf_len;
 211         uint32_t gcm_tmp[4];
 212         uint64_t gcm_ghash[2];
 213         uint64_t gcm_H[2];
 214         uint64_t gcm_J0[2];
 215         uint64_t gcm_len_a_len_c[2];
 216         uint8_t *gcm_pt_buf;
 217         int gcm_kmflag;
 218 } gcm_ctx_t;
 219 
 220 #define gcm_keysched            gcm_common.cc_keysched
 221 #define gcm_keysched_len        gcm_common.cc_keysched_len
 222 #define gcm_cb                  gcm_common.cc_iv
 223 #define gcm_remainder           gcm_common.cc_remainder
 224 #define gcm_remainder_len       gcm_common.cc_remainder_len
 225 #define gcm_lastp               gcm_common.cc_lastp
 226 #define gcm_copy_to             gcm_common.cc_copy_to
 227 #define gcm_flags               gcm_common.cc_flags
 228 
 229 #define AES_GMAC_IV_LEN         12
 230 #define AES_GMAC_TAG_BITS       128
 231 
 232 typedef struct aes_ctx {
 233         union {
 234                 ecb_ctx_t acu_ecb;
 235                 cbc_ctx_t acu_cbc;
 236                 ctr_ctx_t acu_ctr;
 237 #ifdef _KERNEL
 238                 ccm_ctx_t acu_ccm;
 239                 gcm_ctx_t acu_gcm;
 240 #endif
 241         } acu;
 242 } aes_ctx_t;
 243 
 244 #define ac_flags                acu.acu_ecb.ecb_common.cc_flags
 245 #define ac_remainder_len        acu.acu_ecb.ecb_common.cc_remainder_len
 246 #define ac_keysched             acu.acu_ecb.ecb_common.cc_keysched
 247 #define ac_keysched_len         acu.acu_ecb.ecb_common.cc_keysched_len
 248 #define ac_iv                   acu.acu_ecb.ecb_common.cc_iv
 249 #define ac_lastp                acu.acu_ecb.ecb_common.cc_lastp
 250 #define ac_pt_buf               acu.acu_ccm.ccm_pt_buf
 251 #define ac_mac_len              acu.acu_ccm.ccm_mac_len
 252 #define ac_data_len             acu.acu_ccm.ccm_data_len
 253 #define ac_processed_mac_len    acu.acu_ccm.ccm_processed_mac_len
 254 #define ac_processed_data_len   acu.acu_ccm.ccm_processed_data_len
 255 #define ac_tag_len              acu.acu_gcm.gcm_tag_len
 256 
 257 typedef struct blowfish_ctx {
 258         union {
 259                 ecb_ctx_t bcu_ecb;
 260                 cbc_ctx_t bcu_cbc;
 261         } bcu;
 262 } blowfish_ctx_t;
 263 
 264 #define bc_flags                bcu.bcu_ecb.ecb_common.cc_flags
 265 #define bc_remainder_len        bcu.bcu_ecb.ecb_common.cc_remainder_len
 266 #define bc_keysched             bcu.bcu_ecb.ecb_common.cc_keysched
 267 #define bc_keysched_len         bcu.bcu_ecb.ecb_common.cc_keysched_len
 268 #define bc_iv                   bcu.bcu_ecb.ecb_common.cc_iv
 269 #define bc_lastp                bcu.bcu_ecb.ecb_common.cc_lastp
 270 
 271 typedef struct des_ctx {
 272         union {
 273                 ecb_ctx_t dcu_ecb;
 274                 cbc_ctx_t dcu_cbc;
 275         } dcu;
 276 } des_ctx_t;
 277 
 278 #define dc_flags                dcu.dcu_ecb.ecb_common.cc_flags
 279 #define dc_remainder_len        dcu.dcu_ecb.ecb_common.cc_remainder_len
 280 #define dc_keysched             dcu.dcu_ecb.ecb_common.cc_keysched
 281 #define dc_keysched_len         dcu.dcu_ecb.ecb_common.cc_keysched_len
 282 #define dc_iv                   dcu.dcu_ecb.ecb_common.cc_iv
 283 #define dc_lastp                dcu.dcu_ecb.ecb_common.cc_lastp
 284 
 285 extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t,
 286     crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *,
 287     uint8_t *));
 288 
 289 extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
 290     crypto_data_t *, size_t,
 291     int (*encrypt)(const void *, const uint8_t *, uint8_t *),
 292     void (*copy_block)(uint8_t *, uint8_t *),
 293     void (*xor_block)(uint8_t *, uint8_t *));
 294 
 295 extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
 296     crypto_data_t *, size_t,
 297     int (*decrypt)(const void *, const uint8_t *, uint8_t *),
 298     void (*copy_block)(uint8_t *, uint8_t *),
 299     void (*xor_block)(uint8_t *, uint8_t *));
 300 
 301 extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t,
 302     crypto_data_t *, size_t,
 303     int (*cipher)(const void *, const uint8_t *, uint8_t *),
 304     void (*xor_block)(uint8_t *, uint8_t *));
 305 
 306 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
 307     crypto_data_t *, size_t,
 308     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 309     void (*copy_block)(uint8_t *, uint8_t *),
 310     void (*xor_block)(uint8_t *, uint8_t *));
 311 
 312 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
 313     crypto_data_t *, size_t,
 314     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 315     void (*copy_block)(uint8_t *, uint8_t *),
 316     void (*xor_block)(uint8_t *, uint8_t *));
 317 
 318 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
 319     crypto_data_t *, size_t,
 320     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 321     void (*copy_block)(uint8_t *, uint8_t *),
 322     void (*xor_block)(uint8_t *, uint8_t *));
 323 
 324 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
 325     crypto_data_t *, size_t,
 326     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 327     void (*copy_block)(uint8_t *, uint8_t *),
 328     void (*xor_block)(uint8_t *, uint8_t *));
 329 
 330 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
 331     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 332     void (*xor_block)(uint8_t *, uint8_t *));
 333 
 334 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
 335     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 336     void (*copy_block)(uint8_t *, uint8_t *),
 337     void (*xor_block)(uint8_t *, uint8_t *));
 338 
 339 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
 340     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 341     void (*copy_block)(uint8_t *, uint8_t *),
 342     void (*xor_block)(uint8_t *, uint8_t *));
 343 
 344 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
 345     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 346     void (*xor_block)(uint8_t *, uint8_t *));
 347 
 348 extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *,
 349     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
 350 
 351 extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t,
 352     void (*copy_block)(uint8_t *, uint64_t *));
 353 
 354 extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *,
 355     void (*copy_block)(uint8_t *, uint8_t *));
 356 
 357 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t,
 358     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 359     void (*xor_block)(uint8_t *, uint8_t *));
 360 
 361 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t,
 362     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 363     void (*copy_block)(uint8_t *, uint8_t *),
 364     void (*xor_block)(uint8_t *, uint8_t *));
 365 
 366 extern int gmac_init_ctx(gcm_ctx_t *, char *, size_t,
 367     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 368     void (*copy_block)(uint8_t *, uint8_t *),
 369     void (*xor_block)(uint8_t *, uint8_t *));
 370 
 371 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *,
 372     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
 373 
 374 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *);
 375 
 376 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *);
 377 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *,
 378     uint8_t **, size_t *, uint8_t **, size_t);
 379 
 380 extern void *ecb_alloc_ctx(int);
 381 extern void *cbc_alloc_ctx(int);
 382 extern void *ctr_alloc_ctx(int);
 383 extern void *ccm_alloc_ctx(int);
 384 extern void *gcm_alloc_ctx(int);
 385 extern void *gmac_alloc_ctx(int);
 386 extern void crypto_free_mode_ctx(void *);
 387 extern void gcm_set_kmflag(gcm_ctx_t *, int);
 388 
 389 #ifdef  __cplusplus
 390 }
 391 #endif
 392 
 393 #endif  /* _COMMON_CRYPTO_MODES_H */