1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 /*
  26  * Copyright 2015 by Saso Kiselkov. All rights reserved.
  27  */
  28 
  29 /*
  30  * Blowfish provider for the Kernel Cryptographic Framework (KCF)
  31  */
  32 
  33 #include <sys/types.h>
  34 #include <sys/systm.h>
  35 #include <sys/modctl.h>
  36 #include <sys/cmn_err.h>
  37 #include <sys/ddi.h>
  38 #include <sys/crypto/common.h>
  39 #include <sys/crypto/spi.h>
  40 #include <sys/sysmacros.h>
  41 #include <sys/strsun.h>
  42 #include <sys/note.h>
  43 #include <modes/modes.h>
  44 #include <blowfish/blowfish_impl.h>
  45 
  46 extern struct mod_ops mod_cryptoops;
  47 
  48 /*
  49  * Module linkage information for the kernel.
  50  */
  51 static struct modlcrypto modlcrypto = {
  52         &mod_cryptoops,
  53         "Blowfish Kernel SW Provider"
  54 };
  55 
  56 static struct modlinkage modlinkage = {
  57         MODREV_1,
  58         (void *)&modlcrypto,
  59         NULL
  60 };
  61 
  62 /*
  63  * CSPI information (entry points, provider info, etc.)
  64  */
  65 typedef enum blowfish_mech_type {
  66         BLOWFISH_ECB_MECH_INFO_TYPE,            /* SUN_CKM_BLOWFISH_ECB */
  67         BLOWFISH_CBC_MECH_INFO_TYPE             /* SUN_CKM_BLOWFISH_CBC */
  68 } blowfish_mech_type_t;
  69 
  70 
  71 #define BLOWFISH_COPY_BLOCK(src, dst) \
  72         (dst)[0] = (src)[0]; \
  73         (dst)[1] = (src)[1]; \
  74         (dst)[2] = (src)[2]; \
  75         (dst)[3] = (src)[3]; \
  76         (dst)[4] = (src)[4]; \
  77         (dst)[5] = (src)[5]; \
  78         (dst)[6] = (src)[6]; \
  79         (dst)[7] = (src)[7]
  80 
  81 #define BLOWFISH_XOR_BLOCK(src, dst) \
  82         (dst)[0] ^= (src)[0]; \
  83         (dst)[1] ^= (src)[1]; \
  84         (dst)[2] ^= (src)[2]; \
  85         (dst)[3] ^= (src)[3]; \
  86         (dst)[4] ^= (src)[4]; \
  87         (dst)[5] ^= (src)[5]; \
  88         (dst)[6] ^= (src)[6]; \
  89         (dst)[7] ^= (src)[7]
  90 
  91 /*
  92  * Mechanism info structure passed to KCF during registration.
  93  */
  94 
  95 static crypto_mech_info_t blowfish_mech_info_tab[] = {
  96         /* BLOWFISH_ECB */
  97         {SUN_CKM_BLOWFISH_ECB, BLOWFISH_ECB_MECH_INFO_TYPE,
  98             CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
  99             CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
 100             BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS},
 101         /* BLOWFISH_CBC */
 102         {SUN_CKM_BLOWFISH_CBC, BLOWFISH_CBC_MECH_INFO_TYPE,
 103             CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
 104             CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
 105             BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS}
 106 };
 107 
 108 #define BLOWFISH_VALID_MECH(mech)                               \
 109         (((mech)->cm_type == BLOWFISH_ECB_MECH_INFO_TYPE ||          \
 110         (mech)->cm_type == BLOWFISH_CBC_MECH_INFO_TYPE) ? 1 : 0)
 111 
 112 /* operations are in-place if the output buffer is NULL */
 113 #define BLOWFISH_ARG_INPLACE(input, output)                     \
 114         if ((output) == NULL)                                   \
 115                 (output) = (input);
 116 
 117 static void blowfish_provider_status(crypto_provider_handle_t, uint_t *);
 118 
 119 static crypto_control_ops_t blowfish_control_ops = {
 120         blowfish_provider_status
 121 };
 122 
 123 static int blowfish_common_init(crypto_ctx_t *, crypto_mechanism_t *,
 124     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 125 static int blowfish_common_init_ctx(blowfish_ctx_t *,
 126     crypto_spi_ctx_template_t *, crypto_mechanism_t *, crypto_key_t *, int);
 127 static int blowfish_encrypt_final(crypto_ctx_t *, crypto_data_t *,
 128     crypto_req_handle_t);
 129 static int blowfish_decrypt_final(crypto_ctx_t *, crypto_data_t *,
 130     crypto_req_handle_t);
 131 
 132 static int blowfish_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
 133     crypto_req_handle_t);
 134 static int blowfish_encrypt_update(crypto_ctx_t *, crypto_data_t *,
 135     crypto_data_t *, crypto_req_handle_t);
 136 static int blowfish_encrypt_atomic(crypto_provider_handle_t,
 137     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
 138     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 139 
 140 static int blowfish_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
 141     crypto_req_handle_t);
 142 static int blowfish_decrypt_update(crypto_ctx_t *, crypto_data_t *,
 143     crypto_data_t *, crypto_req_handle_t);
 144 static int blowfish_decrypt_atomic(crypto_provider_handle_t,
 145     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
 146     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 147 
 148 static crypto_cipher_ops_t blowfish_cipher_ops = {
 149         blowfish_common_init,
 150         blowfish_encrypt,
 151         blowfish_encrypt_update,
 152         blowfish_encrypt_final,
 153         blowfish_encrypt_atomic,
 154         blowfish_common_init,
 155         blowfish_decrypt,
 156         blowfish_decrypt_update,
 157         blowfish_decrypt_final,
 158         blowfish_decrypt_atomic
 159 };
 160 
 161 static int blowfish_create_ctx_template(crypto_provider_handle_t,
 162     crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
 163     size_t *, crypto_req_handle_t);
 164 static int blowfish_free_context(crypto_ctx_t *);
 165 
 166 static crypto_ctx_ops_t blowfish_ctx_ops = {
 167         blowfish_create_ctx_template,
 168         blowfish_free_context
 169 };
 170 
 171 static crypto_ops_t blowfish_crypto_ops = {
 172         &blowfish_control_ops,
 173         NULL,
 174         &blowfish_cipher_ops,
 175         NULL,
 176         NULL,
 177         NULL,
 178         NULL,
 179         NULL,
 180         NULL,
 181         NULL,
 182         NULL,
 183         NULL,
 184         NULL,
 185         &blowfish_ctx_ops
 186 };
 187 
 188 static crypto_provider_info_t blowfish_prov_info = {
 189         CRYPTO_SPI_VERSION_1,
 190         "Blowfish Software Provider",
 191         CRYPTO_SW_PROVIDER,
 192         {&modlinkage},
 193         NULL,
 194         &blowfish_crypto_ops,
 195         sizeof (blowfish_mech_info_tab)/sizeof (crypto_mech_info_t),
 196         blowfish_mech_info_tab
 197 };
 198 
 199 
 200 static crypto_kcf_provider_handle_t blowfish_prov_handle = NULL;
 201 
 202 int
 203 _init(void)
 204 {
 205         int ret;
 206 
 207         if ((ret = mod_install(&modlinkage)) != 0)
 208                 return (ret);
 209 
 210         /* Register with KCF.  If the registration fails, remove the module. */
 211         if (crypto_register_provider(&blowfish_prov_info,
 212             &blowfish_prov_handle)) {
 213                 (void) mod_remove(&modlinkage);
 214                 return (EACCES);
 215         }
 216 
 217         return (0);
 218 }
 219 
 220 int
 221 _fini(void)
 222 {
 223         /* Unregister from KCF if module is registered */
 224         if (blowfish_prov_handle != NULL) {
 225                 if (crypto_unregister_provider(blowfish_prov_handle))
 226                         return (EBUSY);
 227 
 228                 blowfish_prov_handle = NULL;
 229         }
 230 
 231         return (mod_remove(&modlinkage));
 232 }
 233 
 234 int
 235 _info(struct modinfo *modinfop)
 236 {
 237         return (mod_info(&modlinkage, modinfop));
 238 }
 239 
 240 /*
 241  * Initialize key schedules for blowfish
 242  */
 243 static int
 244 init_keysched(crypto_key_t *key, void *keysched)
 245 {
 246         /*
 247          * Only keys by value are supported by this module.
 248          */
 249         switch (key->ck_format) {
 250         case CRYPTO_KEY_RAW:
 251                 if (key->ck_length < BLOWFISH_MINBITS ||
 252                     key->ck_length > BLOWFISH_MAXBITS) {
 253                         return (CRYPTO_KEY_SIZE_RANGE);
 254                 }
 255                 break;
 256         default:
 257                 return (CRYPTO_KEY_TYPE_INCONSISTENT);
 258         }
 259 
 260         blowfish_init_keysched(key->ck_data, key->ck_length, keysched);
 261         return (CRYPTO_SUCCESS);
 262 }
 263 
 264 /*
 265  * KCF software provider control entry points.
 266  */
 267 /* ARGSUSED */
 268 static void
 269 blowfish_provider_status(crypto_provider_handle_t provider, uint_t *status)
 270 {
 271         *status = CRYPTO_PROVIDER_READY;
 272 }
 273 
 274 /*
 275  * KCF software provider encrypt entry points.
 276  */
 277 static int
 278 blowfish_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 279     crypto_key_t *key, crypto_spi_ctx_template_t template,
 280     crypto_req_handle_t req)
 281 {
 282         blowfish_ctx_t *blowfish_ctx;
 283         int rv;
 284         int kmflag;
 285 
 286         /*
 287          * Only keys by value are supported by this module.
 288          */
 289         if (key->ck_format != CRYPTO_KEY_RAW) {
 290                 return (CRYPTO_KEY_TYPE_INCONSISTENT);
 291         }
 292 
 293         if (!BLOWFISH_VALID_MECH(mechanism))
 294                 return (CRYPTO_MECHANISM_INVALID);
 295 
 296         if (mechanism->cm_param != NULL &&
 297             mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
 298                 return (CRYPTO_MECHANISM_PARAM_INVALID);
 299 
 300         kmflag = crypto_kmflag(req);
 301         switch (mechanism->cm_type) {
 302         case BLOWFISH_ECB_MECH_INFO_TYPE:
 303                 blowfish_ctx = ecb_alloc_ctx(kmflag);
 304                 break;
 305         case BLOWFISH_CBC_MECH_INFO_TYPE:
 306                 blowfish_ctx = cbc_alloc_ctx(kmflag);
 307                 break;
 308         }
 309         if (blowfish_ctx == NULL)
 310                 return (CRYPTO_HOST_MEMORY);
 311 
 312         rv = blowfish_common_init_ctx(blowfish_ctx, template, mechanism,
 313             key, kmflag);
 314         if (rv != CRYPTO_SUCCESS) {
 315                 crypto_free_mode_ctx(blowfish_ctx);
 316                 return (rv);
 317         }
 318 
 319         ctx->cc_provider_private = blowfish_ctx;
 320 
 321         return (CRYPTO_SUCCESS);
 322 }
 323 
 324 static void
 325 blowfish_copy_block64(const uint8_t *in, uint64_t *out)
 326 {
 327         if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
 328                 /* LINTED: pointer alignment */
 329                 out[0] = *(uint64_t *)&in[0];
 330         } else {
 331                 uint8_t *iv8 = (uint8_t *)&out[0];
 332 
 333                 BLOWFISH_COPY_BLOCK(in, iv8);
 334         }
 335 }
 336 
 337 /* ARGSUSED */
 338 static int
 339 blowfish_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 340     crypto_data_t *ciphertext, crypto_req_handle_t req)
 341 {
 342         int ret;
 343 
 344         blowfish_ctx_t *blowfish_ctx;
 345 
 346         /*
 347          * Plaintext must be a multiple of blowfish block size.
 348          * This test only works for non-padded mechanisms
 349          * when blocksize is 2^N.
 350          */
 351         if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 352                 return (CRYPTO_DATA_LEN_RANGE);
 353 
 354         ASSERT(ctx->cc_provider_private != NULL);
 355         blowfish_ctx = ctx->cc_provider_private;
 356 
 357         BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
 358 
 359         /*
 360          * We need to just return the length needed to store the output.
 361          * We should not destroy the context for the following case.
 362          */
 363         if (ciphertext->cd_length < plaintext->cd_length) {
 364                 ciphertext->cd_length = plaintext->cd_length;
 365                 return (CRYPTO_BUFFER_TOO_SMALL);
 366         }
 367 
 368         /*
 369          * Do an update on the specified input data.
 370          */
 371         ret = blowfish_encrypt_update(ctx, plaintext, ciphertext, req);
 372         ASSERT(blowfish_ctx->bc_remainder_len  == 0);
 373         (void) blowfish_free_context(ctx);
 374 
 375         /* LINTED */
 376         return (ret);
 377 }
 378 
 379 /* ARGSUSED */
 380 static int
 381 blowfish_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 382     crypto_data_t *plaintext, crypto_req_handle_t req)
 383 {
 384         int ret;
 385 
 386         blowfish_ctx_t *blowfish_ctx;
 387 
 388         /*
 389          * Ciphertext must be a multiple of blowfish block size.
 390          * This test only works for non-padded mechanisms
 391          * when blocksize is 2^N.
 392          */
 393         if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 394                 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
 395 
 396         ASSERT(ctx->cc_provider_private != NULL);
 397         blowfish_ctx = ctx->cc_provider_private;
 398 
 399         BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
 400 
 401         /*
 402          * We need to just return the length needed to store the output.
 403          * We should not destroy the context for the following case.
 404          */
 405         if (plaintext->cd_length < ciphertext->cd_length) {
 406                 plaintext->cd_length = ciphertext->cd_length;
 407                 return (CRYPTO_BUFFER_TOO_SMALL);
 408         }
 409 
 410         /*
 411          * Do an update on the specified input data.
 412          */
 413         ret = blowfish_decrypt_update(ctx, ciphertext, plaintext, req);
 414         ASSERT(blowfish_ctx->bc_remainder_len == 0);
 415         (void) blowfish_free_context(ctx);
 416 
 417         /* LINTED */
 418         return (ret);
 419 }
 420 
 421 /* ARGSUSED */
 422 static int
 423 blowfish_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 424     crypto_data_t *ciphertext, crypto_req_handle_t req)
 425 {
 426         off_t saved_offset;
 427         size_t saved_length, out_len;
 428         int ret = CRYPTO_SUCCESS;
 429 
 430         ASSERT(ctx->cc_provider_private != NULL);
 431 
 432         BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
 433 
 434         /* compute number of bytes that will hold the ciphertext */
 435         out_len =
 436             ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
 437         out_len += plaintext->cd_length;
 438         out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
 439 
 440         /* return length needed to store the output */
 441         if (ciphertext->cd_length < out_len) {
 442                 ciphertext->cd_length = out_len;
 443                 return (CRYPTO_BUFFER_TOO_SMALL);
 444         }
 445 
 446         saved_offset = ciphertext->cd_offset;
 447         saved_length = ciphertext->cd_length;
 448 
 449         /*
 450          * Do the blowfish update on the specified input data.
 451          */
 452         switch (plaintext->cd_format) {
 453         case CRYPTO_DATA_RAW:
 454                 ret = crypto_update_iov(ctx->cc_provider_private,
 455                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 456                     blowfish_copy_block64);
 457                 break;
 458         case CRYPTO_DATA_UIO:
 459                 ret = crypto_update_uio(ctx->cc_provider_private,
 460                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 461                     blowfish_copy_block64);
 462                 break;
 463         case CRYPTO_DATA_MBLK:
 464                 ret = crypto_update_mp(ctx->cc_provider_private,
 465                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 466                     blowfish_copy_block64);
 467                 break;
 468         default:
 469                 ret = CRYPTO_ARGUMENTS_BAD;
 470         }
 471 
 472         if (ret == CRYPTO_SUCCESS) {
 473                 if (plaintext != ciphertext)
 474                         ciphertext->cd_length =
 475                             ciphertext->cd_offset - saved_offset;
 476         } else {
 477                 ciphertext->cd_length = saved_length;
 478         }
 479         ciphertext->cd_offset = saved_offset;
 480 
 481         return (ret);
 482 }
 483 
 484 /* ARGSUSED */
 485 static int
 486 blowfish_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 487     crypto_data_t *plaintext, crypto_req_handle_t req)
 488 {
 489         off_t saved_offset;
 490         size_t saved_length, out_len;
 491         int ret = CRYPTO_SUCCESS;
 492 
 493         ASSERT(ctx->cc_provider_private != NULL);
 494 
 495         BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
 496 
 497         /* compute number of bytes that will hold the plaintext */
 498         out_len =
 499             ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
 500         out_len += ciphertext->cd_length;
 501         out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
 502 
 503         /* return length needed to store the output */
 504         if (plaintext->cd_length < out_len) {
 505                 plaintext->cd_length = out_len;
 506                 return (CRYPTO_BUFFER_TOO_SMALL);
 507         }
 508 
 509         saved_offset = plaintext->cd_offset;
 510         saved_length = plaintext->cd_length;
 511 
 512         /*
 513          * Do the blowfish update on the specified input data.
 514          */
 515         switch (ciphertext->cd_format) {
 516         case CRYPTO_DATA_RAW:
 517                 ret = crypto_update_iov(ctx->cc_provider_private,
 518                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 519                     blowfish_copy_block64);
 520                 break;
 521         case CRYPTO_DATA_UIO:
 522                 ret = crypto_update_uio(ctx->cc_provider_private,
 523                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 524                     blowfish_copy_block64);
 525                 break;
 526         case CRYPTO_DATA_MBLK:
 527                 ret = crypto_update_mp(ctx->cc_provider_private,
 528                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 529                     blowfish_copy_block64);
 530                 break;
 531         default:
 532                 ret = CRYPTO_ARGUMENTS_BAD;
 533         }
 534 
 535         if (ret == CRYPTO_SUCCESS) {
 536                 if (ciphertext != plaintext)
 537                         plaintext->cd_length =
 538                             plaintext->cd_offset - saved_offset;
 539         } else {
 540                 plaintext->cd_length = saved_length;
 541         }
 542         plaintext->cd_offset = saved_offset;
 543 
 544         return (ret);
 545 }
 546 
 547 /* ARGSUSED */
 548 static int
 549 blowfish_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 550     crypto_req_handle_t req)
 551 {
 552         blowfish_ctx_t *blowfish_ctx;
 553 
 554         ASSERT(ctx->cc_provider_private != NULL);
 555         blowfish_ctx = ctx->cc_provider_private;
 556 
 557         /*
 558          * There must be no unprocessed data.
 559          * This happens if the length of the last data is
 560          * not a multiple of the BLOWFISH block length.
 561          */
 562         if (blowfish_ctx->bc_remainder_len > 0)
 563                 return (CRYPTO_DATA_LEN_RANGE);
 564 
 565         (void) blowfish_free_context(ctx);
 566         data->cd_length = 0;
 567 
 568         return (CRYPTO_SUCCESS);
 569 }
 570 
 571 /* ARGSUSED */
 572 static int
 573 blowfish_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 574     crypto_req_handle_t req)
 575 {
 576         blowfish_ctx_t *blowfish_ctx;
 577 
 578         ASSERT(ctx->cc_provider_private != NULL);
 579         blowfish_ctx = ctx->cc_provider_private;
 580 
 581         /*
 582          * There must be no unprocessed ciphertext.
 583          * This happens if the length of the last ciphertext is
 584          * not a multiple of the BLOWFISH block length.
 585          */
 586         if (blowfish_ctx->bc_remainder_len > 0)
 587                 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
 588 
 589         (void) blowfish_free_context(ctx);
 590         data->cd_length = 0;
 591 
 592         return (CRYPTO_SUCCESS);
 593 }
 594 
 595 /* ARGSUSED */
 596 static int
 597 blowfish_encrypt_atomic(crypto_provider_handle_t provider,
 598     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 599     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
 600     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
 601 {
 602         blowfish_ctx_t blowfish_ctx;    /* on the stack */
 603         off_t saved_offset;
 604         size_t saved_length;
 605         int ret;
 606 
 607         BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
 608 
 609         /*
 610          * Plaintext must be a multiple of blowfish block size.
 611          * This test only works for non-padded mechanisms
 612          * when blocksize is 2^N.
 613          */
 614         if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 615                 return (CRYPTO_DATA_LEN_RANGE);
 616 
 617         /* return length needed to store the output */
 618         if (ciphertext->cd_length < plaintext->cd_length) {
 619                 ciphertext->cd_length = plaintext->cd_length;
 620                 return (CRYPTO_BUFFER_TOO_SMALL);
 621         }
 622 
 623         if (!BLOWFISH_VALID_MECH(mechanism))
 624                 return (CRYPTO_MECHANISM_INVALID);
 625 
 626         if (mechanism->cm_param_len != 0 &&
 627             mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
 628                 return (CRYPTO_MECHANISM_PARAM_INVALID);
 629 
 630         bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
 631 
 632         ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
 633             key, crypto_kmflag(req));
 634         if (ret != CRYPTO_SUCCESS)
 635                 return (ret);
 636 
 637         saved_offset = ciphertext->cd_offset;
 638         saved_length = ciphertext->cd_length;
 639 
 640         /*
 641          * Do an update on the specified input data.
 642          */
 643         switch (plaintext->cd_format) {
 644         case CRYPTO_DATA_RAW:
 645                 ret = crypto_update_iov(&blowfish_ctx,
 646                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 647                     blowfish_copy_block64);
 648                 break;
 649         case CRYPTO_DATA_UIO:
 650                 ret = crypto_update_uio(&blowfish_ctx,
 651                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 652                     blowfish_copy_block64);
 653                 break;
 654         case CRYPTO_DATA_MBLK:
 655                 ret = crypto_update_mp((void *)&blowfish_ctx,
 656                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 657                     blowfish_copy_block64);
 658                 break;
 659         default:
 660                 ret = CRYPTO_ARGUMENTS_BAD;
 661         }
 662 
 663         if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 664                 bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
 665                 kmem_free(blowfish_ctx.bc_keysched,
 666                     blowfish_ctx.bc_keysched_len);
 667         }
 668 
 669         if (ret == CRYPTO_SUCCESS) {
 670                 ASSERT(blowfish_ctx.bc_remainder_len == 0);
 671                 if (plaintext != ciphertext)
 672                         ciphertext->cd_length =
 673                             ciphertext->cd_offset - saved_offset;
 674         } else {
 675                 ciphertext->cd_length = saved_length;
 676         }
 677         ciphertext->cd_offset = saved_offset;
 678 
 679         return (ret);
 680 }
 681 
 682 /* ARGSUSED */
 683 static int
 684 blowfish_decrypt_atomic(crypto_provider_handle_t provider,
 685     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 686     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
 687     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
 688 {
 689         blowfish_ctx_t blowfish_ctx;    /* on the stack */
 690         off_t saved_offset;
 691         size_t saved_length;
 692         int ret;
 693 
 694         BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
 695 
 696         /*
 697          * Ciphertext must be a multiple of blowfish block size.
 698          * This test only works for non-padded mechanisms
 699          * when blocksize is 2^N.
 700          */
 701         if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 702                 return (CRYPTO_DATA_LEN_RANGE);
 703 
 704         /* return length needed to store the output */
 705         if (plaintext->cd_length < ciphertext->cd_length) {
 706                 plaintext->cd_length = ciphertext->cd_length;
 707                 return (CRYPTO_BUFFER_TOO_SMALL);
 708         }
 709 
 710         if (!BLOWFISH_VALID_MECH(mechanism))
 711                 return (CRYPTO_MECHANISM_INVALID);
 712 
 713         if (mechanism->cm_param_len != 0 &&
 714             mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
 715                 return (CRYPTO_MECHANISM_PARAM_INVALID);
 716 
 717         bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
 718 
 719         ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
 720             key, crypto_kmflag(req));
 721         if (ret != CRYPTO_SUCCESS)
 722                 return (ret);
 723 
 724         saved_offset = plaintext->cd_offset;
 725         saved_length = plaintext->cd_length;
 726 
 727         /*
 728          * Do an update on the specified input data.
 729          */
 730         switch (ciphertext->cd_format) {
 731         case CRYPTO_DATA_RAW:
 732                 ret = crypto_update_iov(&blowfish_ctx,
 733                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 734                     blowfish_copy_block64);
 735                 break;
 736         case CRYPTO_DATA_UIO:
 737                 ret = crypto_update_uio(&blowfish_ctx,
 738                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 739                     blowfish_copy_block64);
 740                 break;
 741         case CRYPTO_DATA_MBLK:
 742                 ret = crypto_update_mp(&blowfish_ctx,
 743                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 744                     blowfish_copy_block64);
 745                 break;
 746         default:
 747                 ret = CRYPTO_ARGUMENTS_BAD;
 748         }
 749 
 750         if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 751                 bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
 752                 kmem_free(blowfish_ctx.bc_keysched,
 753                     blowfish_ctx.bc_keysched_len);
 754         }
 755 
 756         if (ret == CRYPTO_SUCCESS) {
 757                 ASSERT(blowfish_ctx.bc_remainder_len == 0);
 758                 if (ciphertext != plaintext)
 759                         plaintext->cd_length =
 760                             plaintext->cd_offset - saved_offset;
 761         } else {
 762                 plaintext->cd_length = saved_length;
 763         }
 764         plaintext->cd_offset = saved_offset;
 765 
 766         return (ret);
 767 }
 768 
 769 /*
 770  * KCF software provider context template entry points.
 771  */
 772 /* ARGSUSED */
 773 static int
 774 blowfish_create_ctx_template(crypto_provider_handle_t provider,
 775     crypto_mechanism_t *mechanism, crypto_key_t *key,
 776     crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
 777 {
 778         void *keysched;
 779         size_t size;
 780         int rv;
 781 
 782         if (!BLOWFISH_VALID_MECH(mechanism))
 783                 return (CRYPTO_MECHANISM_INVALID);
 784 
 785         if ((keysched = blowfish_alloc_keysched(&size,
 786             crypto_kmflag(req))) == NULL) {
 787                 return (CRYPTO_HOST_MEMORY);
 788         }
 789 
 790         /*
 791          * Initialize key schedule.  Key length information is stored
 792          * in the key.
 793          */
 794         if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) {
 795                 bzero(keysched, size);
 796                 kmem_free(keysched, size);
 797                 return (rv);
 798         }
 799 
 800         *tmpl = keysched;
 801         *tmpl_size = size;
 802 
 803         return (CRYPTO_SUCCESS);
 804 }
 805 
 806 /* ARGSUSED */
 807 static int
 808 blowfish_free_context(crypto_ctx_t *ctx)
 809 {
 810         blowfish_ctx_t *blowfish_ctx = ctx->cc_provider_private;
 811 
 812         if (blowfish_ctx != NULL) {
 813                 if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 814                         ASSERT(blowfish_ctx->bc_keysched_len != 0);
 815                         bzero(blowfish_ctx->bc_keysched,
 816                             blowfish_ctx->bc_keysched_len);
 817                         kmem_free(blowfish_ctx->bc_keysched,
 818                             blowfish_ctx->bc_keysched_len);
 819                 }
 820                 crypto_free_mode_ctx(blowfish_ctx);
 821                 ctx->cc_provider_private = NULL;
 822         }
 823 
 824         return (CRYPTO_SUCCESS);
 825 }
 826 
 827 /* ARGSUSED */
 828 static int
 829 blowfish_common_init_ctx(blowfish_ctx_t *blowfish_ctx,
 830     crypto_spi_ctx_template_t *template, crypto_mechanism_t *mechanism,
 831     crypto_key_t *key, int kmflag)
 832 {
 833         int rv = CRYPTO_SUCCESS;
 834 
 835         void *keysched;
 836         size_t size;
 837 
 838         if (template == NULL) {
 839                 if ((keysched = blowfish_alloc_keysched(&size, kmflag)) == NULL)
 840                         return (CRYPTO_HOST_MEMORY);
 841                 /*
 842                  * Initialize key schedule.
 843                  * Key length is stored in the key.
 844                  */
 845                 if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS)
 846                         kmem_free(keysched, size);
 847 
 848                 blowfish_ctx->bc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
 849                 blowfish_ctx->bc_keysched_len = size;
 850         } else {
 851                 keysched = template;
 852         }
 853         blowfish_ctx->bc_keysched = keysched;
 854 
 855         switch (mechanism->cm_type) {
 856         case BLOWFISH_CBC_MECH_INFO_TYPE:
 857                 rv = cbc_init_ctx((cbc_ctx_t *)blowfish_ctx,
 858                     mechanism->cm_param, mechanism->cm_param_len,
 859                     BLOWFISH_BLOCK_LEN, blowfish_copy_block64);
 860                 break;
 861         case BLOWFISH_ECB_MECH_INFO_TYPE:
 862                 blowfish_ctx->bc_flags |= ECB_MODE;
 863         }
 864 
 865         if (rv != CRYPTO_SUCCESS) {
 866                 if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 867                         bzero(keysched, size);
 868                         kmem_free(keysched, size);
 869                 }
 870         }
 871 
 872         return (rv);
 873 }