Print this page
fixup .text where possible
7127 remove -Wno-missing-braces from Makefile.uts
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/crypto/io/blowfish.c
+++ new/usr/src/uts/common/crypto/io/blowfish.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 /*
27 27 * Blowfish provider for the Kernel Cryptographic Framework (KCF)
28 28 */
29 29
30 30 #include <sys/types.h>
31 31 #include <sys/systm.h>
32 32 #include <sys/modctl.h>
33 33 #include <sys/cmn_err.h>
34 34 #include <sys/ddi.h>
35 35 #include <sys/crypto/common.h>
36 36 #include <sys/crypto/spi.h>
37 37 #include <sys/sysmacros.h>
38 38 #include <sys/strsun.h>
39 39 #include <sys/note.h>
40 40 #include <modes/modes.h>
41 41 #include <blowfish/blowfish_impl.h>
42 42
43 43 extern struct mod_ops mod_cryptoops;
44 44
|
↓ open down ↓ |
44 lines elided |
↑ open up ↑ |
45 45 /*
46 46 * Module linkage information for the kernel.
47 47 */
48 48 static struct modlcrypto modlcrypto = {
49 49 &mod_cryptoops,
50 50 "Blowfish Kernel SW Provider"
51 51 };
52 52
53 53 static struct modlinkage modlinkage = {
54 54 MODREV_1,
55 - (void *)&modlcrypto,
56 - NULL
55 + { (void *)&modlcrypto,
56 + NULL }
57 57 };
58 58
59 59 /*
60 60 * CSPI information (entry points, provider info, etc.)
61 61 */
62 62 typedef enum blowfish_mech_type {
63 63 BLOWFISH_ECB_MECH_INFO_TYPE, /* SUN_CKM_BLOWFISH_ECB */
64 64 BLOWFISH_CBC_MECH_INFO_TYPE /* SUN_CKM_BLOWFISH_CBC */
65 65 } blowfish_mech_type_t;
66 66
67 67
68 68 #define BLOWFISH_COPY_BLOCK(src, dst) \
69 69 (dst)[0] = (src)[0]; \
70 70 (dst)[1] = (src)[1]; \
71 71 (dst)[2] = (src)[2]; \
72 72 (dst)[3] = (src)[3]; \
73 73 (dst)[4] = (src)[4]; \
74 74 (dst)[5] = (src)[5]; \
75 75 (dst)[6] = (src)[6]; \
76 76 (dst)[7] = (src)[7]
77 77
78 78 #define BLOWFISH_XOR_BLOCK(src, dst) \
79 79 (dst)[0] ^= (src)[0]; \
80 80 (dst)[1] ^= (src)[1]; \
81 81 (dst)[2] ^= (src)[2]; \
82 82 (dst)[3] ^= (src)[3]; \
83 83 (dst)[4] ^= (src)[4]; \
84 84 (dst)[5] ^= (src)[5]; \
85 85 (dst)[6] ^= (src)[6]; \
86 86 (dst)[7] ^= (src)[7]
87 87
88 88 /*
89 89 * Mechanism info structure passed to KCF during registration.
90 90 */
91 91
92 92 static crypto_mech_info_t blowfish_mech_info_tab[] = {
93 93 /* BLOWFISH_ECB */
94 94 {SUN_CKM_BLOWFISH_ECB, BLOWFISH_ECB_MECH_INFO_TYPE,
95 95 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
96 96 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
97 97 BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS},
98 98 /* BLOWFISH_CBC */
99 99 {SUN_CKM_BLOWFISH_CBC, BLOWFISH_CBC_MECH_INFO_TYPE,
100 100 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
101 101 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
102 102 BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS}
103 103 };
104 104
105 105 #define BLOWFISH_VALID_MECH(mech) \
106 106 (((mech)->cm_type == BLOWFISH_ECB_MECH_INFO_TYPE || \
107 107 (mech)->cm_type == BLOWFISH_CBC_MECH_INFO_TYPE) ? 1 : 0)
108 108
109 109 /* operations are in-place if the output buffer is NULL */
110 110 #define BLOWFISH_ARG_INPLACE(input, output) \
111 111 if ((output) == NULL) \
112 112 (output) = (input);
113 113
114 114 static void blowfish_provider_status(crypto_provider_handle_t, uint_t *);
115 115
116 116 static crypto_control_ops_t blowfish_control_ops = {
117 117 blowfish_provider_status
118 118 };
119 119
120 120 static int blowfish_common_init(crypto_ctx_t *, crypto_mechanism_t *,
121 121 crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
122 122 static int blowfish_common_init_ctx(blowfish_ctx_t *,
123 123 crypto_spi_ctx_template_t *, crypto_mechanism_t *, crypto_key_t *, int);
124 124 static int blowfish_encrypt_final(crypto_ctx_t *, crypto_data_t *,
125 125 crypto_req_handle_t);
126 126 static int blowfish_decrypt_final(crypto_ctx_t *, crypto_data_t *,
127 127 crypto_req_handle_t);
128 128
129 129 static int blowfish_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
130 130 crypto_req_handle_t);
131 131 static int blowfish_encrypt_update(crypto_ctx_t *, crypto_data_t *,
132 132 crypto_data_t *, crypto_req_handle_t);
133 133 static int blowfish_encrypt_atomic(crypto_provider_handle_t,
134 134 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
135 135 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
136 136
137 137 static int blowfish_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
138 138 crypto_req_handle_t);
139 139 static int blowfish_decrypt_update(crypto_ctx_t *, crypto_data_t *,
140 140 crypto_data_t *, crypto_req_handle_t);
141 141 static int blowfish_decrypt_atomic(crypto_provider_handle_t,
142 142 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
143 143 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
144 144
145 145 static crypto_cipher_ops_t blowfish_cipher_ops = {
146 146 blowfish_common_init,
147 147 blowfish_encrypt,
148 148 blowfish_encrypt_update,
149 149 blowfish_encrypt_final,
150 150 blowfish_encrypt_atomic,
151 151 blowfish_common_init,
152 152 blowfish_decrypt,
153 153 blowfish_decrypt_update,
154 154 blowfish_decrypt_final,
155 155 blowfish_decrypt_atomic
156 156 };
157 157
158 158 static int blowfish_create_ctx_template(crypto_provider_handle_t,
|
↓ open down ↓ |
92 lines elided |
↑ open up ↑ |
159 159 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
160 160 size_t *, crypto_req_handle_t);
161 161 static int blowfish_free_context(crypto_ctx_t *);
162 162
163 163 static crypto_ctx_ops_t blowfish_ctx_ops = {
164 164 blowfish_create_ctx_template,
165 165 blowfish_free_context
166 166 };
167 167
168 168 static crypto_ops_t blowfish_crypto_ops = {
169 - &blowfish_control_ops,
170 - NULL,
171 - &blowfish_cipher_ops,
172 - NULL,
173 - NULL,
174 - NULL,
175 - NULL,
176 - NULL,
177 - NULL,
178 - NULL,
179 - NULL,
180 - NULL,
181 - NULL,
182 - &blowfish_ctx_ops
169 + .co_control_ops = &blowfish_control_ops,
170 + .co_digest_ops = NULL,
171 + .co_cipher_ops = &blowfish_cipher_ops,
172 + .co_mac_ops = NULL,
173 + .co_sign_ops = NULL,
174 + .co_verify_ops = NULL,
175 + .co_dual_ops = NULL,
176 + .co_dual_cipher_mac_ops = NULL,
177 + .co_random_ops = NULL,
178 + .co_session_ops = NULL,
179 + .co_object_ops = NULL,
180 + .co_key_ops = NULL,
181 + .co_provider_ops = NULL,
182 + .co_ctx_ops = &blowfish_ctx_ops
183 183 };
184 184
185 -static crypto_provider_info_t blowfish_prov_info = {
185 +static crypto_provider_info_t blowfish_prov_info = {{{{
186 186 CRYPTO_SPI_VERSION_1,
187 187 "Blowfish Software Provider",
188 188 CRYPTO_SW_PROVIDER,
189 189 {&modlinkage},
190 190 NULL,
191 191 &blowfish_crypto_ops,
192 192 sizeof (blowfish_mech_info_tab)/sizeof (crypto_mech_info_t),
193 193 blowfish_mech_info_tab
194 -};
194 +}}}};
195 195
196 196
197 197 static crypto_kcf_provider_handle_t blowfish_prov_handle = NULL;
198 198
199 199 int
200 200 _init(void)
201 201 {
202 202 int ret;
203 203
204 204 if ((ret = mod_install(&modlinkage)) != 0)
205 205 return (ret);
206 206
207 207 /* Register with KCF. If the registration fails, remove the module. */
208 208 if (crypto_register_provider(&blowfish_prov_info,
209 209 &blowfish_prov_handle)) {
210 210 (void) mod_remove(&modlinkage);
211 211 return (EACCES);
212 212 }
213 213
214 214 return (0);
215 215 }
216 216
217 217 int
218 218 _fini(void)
219 219 {
220 220 /* Unregister from KCF if module is registered */
221 221 if (blowfish_prov_handle != NULL) {
222 222 if (crypto_unregister_provider(blowfish_prov_handle))
223 223 return (EBUSY);
224 224
225 225 blowfish_prov_handle = NULL;
226 226 }
227 227
228 228 return (mod_remove(&modlinkage));
229 229 }
230 230
231 231 int
232 232 _info(struct modinfo *modinfop)
233 233 {
234 234 return (mod_info(&modlinkage, modinfop));
235 235 }
236 236
237 237 /*
238 238 * Initialize key schedules for blowfish
239 239 */
240 240 static int
241 241 init_keysched(crypto_key_t *key, void *keysched)
242 242 {
243 243 /*
244 244 * Only keys by value are supported by this module.
245 245 */
246 246 switch (key->ck_format) {
247 247 case CRYPTO_KEY_RAW:
248 248 if (key->ck_length < BLOWFISH_MINBITS ||
249 249 key->ck_length > BLOWFISH_MAXBITS) {
250 250 return (CRYPTO_KEY_SIZE_RANGE);
251 251 }
252 252 break;
253 253 default:
254 254 return (CRYPTO_KEY_TYPE_INCONSISTENT);
255 255 }
256 256
257 257 blowfish_init_keysched(key->ck_data, key->ck_length, keysched);
258 258 return (CRYPTO_SUCCESS);
259 259 }
260 260
261 261 /*
262 262 * KCF software provider control entry points.
263 263 */
264 264 /* ARGSUSED */
265 265 static void
266 266 blowfish_provider_status(crypto_provider_handle_t provider, uint_t *status)
267 267 {
268 268 *status = CRYPTO_PROVIDER_READY;
269 269 }
270 270
271 271 /*
272 272 * KCF software provider encrypt entry points.
273 273 */
274 274 static int
275 275 blowfish_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
276 276 crypto_key_t *key, crypto_spi_ctx_template_t template,
277 277 crypto_req_handle_t req)
278 278 {
279 279 blowfish_ctx_t *blowfish_ctx;
280 280 int rv;
281 281 int kmflag;
282 282
283 283 /*
284 284 * Only keys by value are supported by this module.
285 285 */
286 286 if (key->ck_format != CRYPTO_KEY_RAW) {
287 287 return (CRYPTO_KEY_TYPE_INCONSISTENT);
288 288 }
289 289
290 290 if (!BLOWFISH_VALID_MECH(mechanism))
291 291 return (CRYPTO_MECHANISM_INVALID);
292 292
293 293 if (mechanism->cm_param != NULL &&
294 294 mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
295 295 return (CRYPTO_MECHANISM_PARAM_INVALID);
296 296
297 297 kmflag = crypto_kmflag(req);
298 298 switch (mechanism->cm_type) {
299 299 case BLOWFISH_ECB_MECH_INFO_TYPE:
300 300 blowfish_ctx = ecb_alloc_ctx(kmflag);
301 301 break;
302 302 case BLOWFISH_CBC_MECH_INFO_TYPE:
303 303 blowfish_ctx = cbc_alloc_ctx(kmflag);
304 304 break;
305 305 }
306 306 if (blowfish_ctx == NULL)
307 307 return (CRYPTO_HOST_MEMORY);
308 308
309 309 rv = blowfish_common_init_ctx(blowfish_ctx, template, mechanism,
310 310 key, kmflag);
311 311 if (rv != CRYPTO_SUCCESS) {
312 312 crypto_free_mode_ctx(blowfish_ctx);
313 313 return (rv);
314 314 }
315 315
316 316 ctx->cc_provider_private = blowfish_ctx;
317 317
318 318 return (CRYPTO_SUCCESS);
319 319 }
320 320
321 321 static void
322 322 blowfish_copy_block64(uint8_t *in, uint64_t *out)
323 323 {
324 324 if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
325 325 /* LINTED: pointer alignment */
326 326 out[0] = *(uint64_t *)&in[0];
327 327 } else {
328 328 uint8_t *iv8 = (uint8_t *)&out[0];
329 329
330 330 BLOWFISH_COPY_BLOCK(in, iv8);
331 331 }
332 332 }
333 333
334 334 /* ARGSUSED */
335 335 static int
336 336 blowfish_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
337 337 crypto_data_t *ciphertext, crypto_req_handle_t req)
338 338 {
339 339 int ret;
340 340
341 341 blowfish_ctx_t *blowfish_ctx;
342 342
343 343 /*
344 344 * Plaintext must be a multiple of blowfish block size.
345 345 * This test only works for non-padded mechanisms
346 346 * when blocksize is 2^N.
347 347 */
348 348 if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
349 349 return (CRYPTO_DATA_LEN_RANGE);
350 350
351 351 ASSERT(ctx->cc_provider_private != NULL);
352 352 blowfish_ctx = ctx->cc_provider_private;
353 353
354 354 BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
355 355
356 356 /*
357 357 * We need to just return the length needed to store the output.
358 358 * We should not destroy the context for the following case.
359 359 */
360 360 if (ciphertext->cd_length < plaintext->cd_length) {
361 361 ciphertext->cd_length = plaintext->cd_length;
362 362 return (CRYPTO_BUFFER_TOO_SMALL);
363 363 }
364 364
365 365 /*
366 366 * Do an update on the specified input data.
367 367 */
368 368 ret = blowfish_encrypt_update(ctx, plaintext, ciphertext, req);
369 369 ASSERT(blowfish_ctx->bc_remainder_len == 0);
370 370 (void) blowfish_free_context(ctx);
371 371
372 372 /* LINTED */
373 373 return (ret);
374 374 }
375 375
376 376 /* ARGSUSED */
377 377 static int
378 378 blowfish_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
379 379 crypto_data_t *plaintext, crypto_req_handle_t req)
380 380 {
381 381 int ret;
382 382
383 383 blowfish_ctx_t *blowfish_ctx;
384 384
385 385 /*
386 386 * Ciphertext must be a multiple of blowfish block size.
387 387 * This test only works for non-padded mechanisms
388 388 * when blocksize is 2^N.
389 389 */
390 390 if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
391 391 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
392 392
393 393 ASSERT(ctx->cc_provider_private != NULL);
394 394 blowfish_ctx = ctx->cc_provider_private;
395 395
396 396 BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
397 397
398 398 /*
399 399 * We need to just return the length needed to store the output.
400 400 * We should not destroy the context for the following case.
401 401 */
402 402 if (plaintext->cd_length < ciphertext->cd_length) {
403 403 plaintext->cd_length = ciphertext->cd_length;
404 404 return (CRYPTO_BUFFER_TOO_SMALL);
405 405 }
406 406
407 407 /*
408 408 * Do an update on the specified input data.
409 409 */
410 410 ret = blowfish_decrypt_update(ctx, ciphertext, plaintext, req);
411 411 ASSERT(blowfish_ctx->bc_remainder_len == 0);
412 412 (void) blowfish_free_context(ctx);
413 413
414 414 /* LINTED */
415 415 return (ret);
416 416 }
417 417
418 418 /* ARGSUSED */
419 419 static int
420 420 blowfish_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
421 421 crypto_data_t *ciphertext, crypto_req_handle_t req)
422 422 {
423 423 off_t saved_offset;
424 424 size_t saved_length, out_len;
425 425 int ret = CRYPTO_SUCCESS;
426 426
427 427 ASSERT(ctx->cc_provider_private != NULL);
428 428
429 429 BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
430 430
431 431 /* compute number of bytes that will hold the ciphertext */
432 432 out_len =
433 433 ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
434 434 out_len += plaintext->cd_length;
435 435 out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
436 436
437 437 /* return length needed to store the output */
438 438 if (ciphertext->cd_length < out_len) {
439 439 ciphertext->cd_length = out_len;
440 440 return (CRYPTO_BUFFER_TOO_SMALL);
441 441 }
442 442
443 443 saved_offset = ciphertext->cd_offset;
444 444 saved_length = ciphertext->cd_length;
445 445
446 446 /*
447 447 * Do the blowfish update on the specified input data.
448 448 */
449 449 switch (plaintext->cd_format) {
450 450 case CRYPTO_DATA_RAW:
451 451 ret = crypto_update_iov(ctx->cc_provider_private,
452 452 plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
453 453 blowfish_copy_block64);
454 454 break;
455 455 case CRYPTO_DATA_UIO:
456 456 ret = crypto_update_uio(ctx->cc_provider_private,
457 457 plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
458 458 blowfish_copy_block64);
459 459 break;
460 460 case CRYPTO_DATA_MBLK:
461 461 ret = crypto_update_mp(ctx->cc_provider_private,
462 462 plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
463 463 blowfish_copy_block64);
464 464 break;
465 465 default:
466 466 ret = CRYPTO_ARGUMENTS_BAD;
467 467 }
468 468
469 469 if (ret == CRYPTO_SUCCESS) {
470 470 if (plaintext != ciphertext)
471 471 ciphertext->cd_length =
472 472 ciphertext->cd_offset - saved_offset;
473 473 } else {
474 474 ciphertext->cd_length = saved_length;
475 475 }
476 476 ciphertext->cd_offset = saved_offset;
477 477
478 478 return (ret);
479 479 }
480 480
481 481 /* ARGSUSED */
482 482 static int
483 483 blowfish_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
484 484 crypto_data_t *plaintext, crypto_req_handle_t req)
485 485 {
486 486 off_t saved_offset;
487 487 size_t saved_length, out_len;
488 488 int ret = CRYPTO_SUCCESS;
489 489
490 490 ASSERT(ctx->cc_provider_private != NULL);
491 491
492 492 BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
493 493
494 494 /* compute number of bytes that will hold the plaintext */
495 495 out_len =
496 496 ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
497 497 out_len += ciphertext->cd_length;
498 498 out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
499 499
500 500 /* return length needed to store the output */
501 501 if (plaintext->cd_length < out_len) {
502 502 plaintext->cd_length = out_len;
503 503 return (CRYPTO_BUFFER_TOO_SMALL);
504 504 }
505 505
506 506 saved_offset = plaintext->cd_offset;
507 507 saved_length = plaintext->cd_length;
508 508
509 509 /*
510 510 * Do the blowfish update on the specified input data.
511 511 */
512 512 switch (ciphertext->cd_format) {
513 513 case CRYPTO_DATA_RAW:
514 514 ret = crypto_update_iov(ctx->cc_provider_private,
515 515 ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
516 516 blowfish_copy_block64);
517 517 break;
518 518 case CRYPTO_DATA_UIO:
519 519 ret = crypto_update_uio(ctx->cc_provider_private,
520 520 ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
521 521 blowfish_copy_block64);
522 522 break;
523 523 case CRYPTO_DATA_MBLK:
524 524 ret = crypto_update_mp(ctx->cc_provider_private,
525 525 ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
526 526 blowfish_copy_block64);
527 527 break;
528 528 default:
529 529 ret = CRYPTO_ARGUMENTS_BAD;
530 530 }
531 531
532 532 if (ret == CRYPTO_SUCCESS) {
533 533 if (ciphertext != plaintext)
534 534 plaintext->cd_length =
535 535 plaintext->cd_offset - saved_offset;
536 536 } else {
537 537 plaintext->cd_length = saved_length;
538 538 }
539 539 plaintext->cd_offset = saved_offset;
540 540
541 541 return (ret);
542 542 }
543 543
544 544 /* ARGSUSED */
545 545 static int
546 546 blowfish_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
547 547 crypto_req_handle_t req)
548 548 {
549 549 blowfish_ctx_t *blowfish_ctx;
550 550
551 551 ASSERT(ctx->cc_provider_private != NULL);
552 552 blowfish_ctx = ctx->cc_provider_private;
553 553
554 554 /*
555 555 * There must be no unprocessed data.
556 556 * This happens if the length of the last data is
557 557 * not a multiple of the BLOWFISH block length.
558 558 */
559 559 if (blowfish_ctx->bc_remainder_len > 0)
560 560 return (CRYPTO_DATA_LEN_RANGE);
561 561
562 562 (void) blowfish_free_context(ctx);
563 563 data->cd_length = 0;
564 564
565 565 return (CRYPTO_SUCCESS);
566 566 }
567 567
568 568 /* ARGSUSED */
569 569 static int
570 570 blowfish_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
571 571 crypto_req_handle_t req)
572 572 {
573 573 blowfish_ctx_t *blowfish_ctx;
574 574
575 575 ASSERT(ctx->cc_provider_private != NULL);
576 576 blowfish_ctx = ctx->cc_provider_private;
577 577
578 578 /*
579 579 * There must be no unprocessed ciphertext.
580 580 * This happens if the length of the last ciphertext is
581 581 * not a multiple of the BLOWFISH block length.
582 582 */
583 583 if (blowfish_ctx->bc_remainder_len > 0)
584 584 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
585 585
586 586 (void) blowfish_free_context(ctx);
587 587 data->cd_length = 0;
588 588
589 589 return (CRYPTO_SUCCESS);
590 590 }
591 591
592 592 /* ARGSUSED */
593 593 static int
594 594 blowfish_encrypt_atomic(crypto_provider_handle_t provider,
595 595 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
596 596 crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
597 597 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
598 598 {
599 599 blowfish_ctx_t blowfish_ctx; /* on the stack */
600 600 off_t saved_offset;
601 601 size_t saved_length;
602 602 int ret;
603 603
604 604 BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
605 605
606 606 /*
607 607 * Plaintext must be a multiple of blowfish block size.
608 608 * This test only works for non-padded mechanisms
609 609 * when blocksize is 2^N.
610 610 */
611 611 if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
612 612 return (CRYPTO_DATA_LEN_RANGE);
613 613
614 614 /* return length needed to store the output */
615 615 if (ciphertext->cd_length < plaintext->cd_length) {
616 616 ciphertext->cd_length = plaintext->cd_length;
617 617 return (CRYPTO_BUFFER_TOO_SMALL);
618 618 }
619 619
620 620 if (!BLOWFISH_VALID_MECH(mechanism))
621 621 return (CRYPTO_MECHANISM_INVALID);
622 622
623 623 if (mechanism->cm_param_len != 0 &&
624 624 mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
625 625 return (CRYPTO_MECHANISM_PARAM_INVALID);
626 626
627 627 bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
628 628
629 629 ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
630 630 key, crypto_kmflag(req));
631 631 if (ret != CRYPTO_SUCCESS)
632 632 return (ret);
633 633
634 634 saved_offset = ciphertext->cd_offset;
635 635 saved_length = ciphertext->cd_length;
636 636
637 637 /*
638 638 * Do an update on the specified input data.
639 639 */
640 640 switch (plaintext->cd_format) {
641 641 case CRYPTO_DATA_RAW:
642 642 ret = crypto_update_iov(&blowfish_ctx,
643 643 plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
644 644 blowfish_copy_block64);
645 645 break;
646 646 case CRYPTO_DATA_UIO:
647 647 ret = crypto_update_uio(&blowfish_ctx,
648 648 plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
649 649 blowfish_copy_block64);
650 650 break;
651 651 case CRYPTO_DATA_MBLK:
652 652 ret = crypto_update_mp((void *)&blowfish_ctx,
653 653 plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
654 654 blowfish_copy_block64);
655 655 break;
656 656 default:
657 657 ret = CRYPTO_ARGUMENTS_BAD;
658 658 }
659 659
660 660 if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
661 661 bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
662 662 kmem_free(blowfish_ctx.bc_keysched,
663 663 blowfish_ctx.bc_keysched_len);
664 664 }
665 665
666 666 if (ret == CRYPTO_SUCCESS) {
667 667 ASSERT(blowfish_ctx.bc_remainder_len == 0);
668 668 if (plaintext != ciphertext)
669 669 ciphertext->cd_length =
670 670 ciphertext->cd_offset - saved_offset;
671 671 } else {
672 672 ciphertext->cd_length = saved_length;
673 673 }
674 674 ciphertext->cd_offset = saved_offset;
675 675
676 676 return (ret);
677 677 }
678 678
679 679 /* ARGSUSED */
680 680 static int
681 681 blowfish_decrypt_atomic(crypto_provider_handle_t provider,
682 682 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
683 683 crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
684 684 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
685 685 {
686 686 blowfish_ctx_t blowfish_ctx; /* on the stack */
687 687 off_t saved_offset;
688 688 size_t saved_length;
689 689 int ret;
690 690
691 691 BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
692 692
693 693 /*
694 694 * Ciphertext must be a multiple of blowfish block size.
695 695 * This test only works for non-padded mechanisms
696 696 * when blocksize is 2^N.
697 697 */
698 698 if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
699 699 return (CRYPTO_DATA_LEN_RANGE);
700 700
701 701 /* return length needed to store the output */
702 702 if (plaintext->cd_length < ciphertext->cd_length) {
703 703 plaintext->cd_length = ciphertext->cd_length;
704 704 return (CRYPTO_BUFFER_TOO_SMALL);
705 705 }
706 706
707 707 if (!BLOWFISH_VALID_MECH(mechanism))
708 708 return (CRYPTO_MECHANISM_INVALID);
709 709
710 710 if (mechanism->cm_param_len != 0 &&
711 711 mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
712 712 return (CRYPTO_MECHANISM_PARAM_INVALID);
713 713
714 714 bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
715 715
716 716 ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
717 717 key, crypto_kmflag(req));
718 718 if (ret != CRYPTO_SUCCESS)
719 719 return (ret);
720 720
721 721 saved_offset = plaintext->cd_offset;
722 722 saved_length = plaintext->cd_length;
723 723
724 724 /*
725 725 * Do an update on the specified input data.
726 726 */
727 727 switch (ciphertext->cd_format) {
728 728 case CRYPTO_DATA_RAW:
729 729 ret = crypto_update_iov(&blowfish_ctx,
730 730 ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
731 731 blowfish_copy_block64);
732 732 break;
733 733 case CRYPTO_DATA_UIO:
734 734 ret = crypto_update_uio(&blowfish_ctx,
735 735 ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
736 736 blowfish_copy_block64);
737 737 break;
738 738 case CRYPTO_DATA_MBLK:
739 739 ret = crypto_update_mp(&blowfish_ctx,
740 740 ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
741 741 blowfish_copy_block64);
742 742 break;
743 743 default:
744 744 ret = CRYPTO_ARGUMENTS_BAD;
745 745 }
746 746
747 747 if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
748 748 bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
749 749 kmem_free(blowfish_ctx.bc_keysched,
750 750 blowfish_ctx.bc_keysched_len);
751 751 }
752 752
753 753 if (ret == CRYPTO_SUCCESS) {
754 754 ASSERT(blowfish_ctx.bc_remainder_len == 0);
755 755 if (ciphertext != plaintext)
756 756 plaintext->cd_length =
757 757 plaintext->cd_offset - saved_offset;
758 758 } else {
759 759 plaintext->cd_length = saved_length;
760 760 }
761 761 plaintext->cd_offset = saved_offset;
762 762
763 763 return (ret);
764 764 }
765 765
766 766 /*
767 767 * KCF software provider context template entry points.
768 768 */
769 769 /* ARGSUSED */
770 770 static int
771 771 blowfish_create_ctx_template(crypto_provider_handle_t provider,
772 772 crypto_mechanism_t *mechanism, crypto_key_t *key,
773 773 crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
774 774 {
775 775 void *keysched;
776 776 size_t size;
777 777 int rv;
778 778
779 779 if (!BLOWFISH_VALID_MECH(mechanism))
780 780 return (CRYPTO_MECHANISM_INVALID);
781 781
782 782 if ((keysched = blowfish_alloc_keysched(&size,
783 783 crypto_kmflag(req))) == NULL) {
784 784 return (CRYPTO_HOST_MEMORY);
785 785 }
786 786
787 787 /*
788 788 * Initialize key schedule. Key length information is stored
789 789 * in the key.
790 790 */
791 791 if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) {
792 792 bzero(keysched, size);
793 793 kmem_free(keysched, size);
794 794 return (rv);
795 795 }
796 796
797 797 *tmpl = keysched;
798 798 *tmpl_size = size;
799 799
800 800 return (CRYPTO_SUCCESS);
801 801 }
802 802
803 803 /* ARGSUSED */
804 804 static int
805 805 blowfish_free_context(crypto_ctx_t *ctx)
806 806 {
807 807 blowfish_ctx_t *blowfish_ctx = ctx->cc_provider_private;
808 808
809 809 if (blowfish_ctx != NULL) {
810 810 if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
811 811 ASSERT(blowfish_ctx->bc_keysched_len != 0);
812 812 bzero(blowfish_ctx->bc_keysched,
813 813 blowfish_ctx->bc_keysched_len);
814 814 kmem_free(blowfish_ctx->bc_keysched,
815 815 blowfish_ctx->bc_keysched_len);
816 816 }
817 817 crypto_free_mode_ctx(blowfish_ctx);
818 818 ctx->cc_provider_private = NULL;
819 819 }
820 820
821 821 return (CRYPTO_SUCCESS);
822 822 }
823 823
824 824 /* ARGSUSED */
825 825 static int
826 826 blowfish_common_init_ctx(blowfish_ctx_t *blowfish_ctx,
827 827 crypto_spi_ctx_template_t *template, crypto_mechanism_t *mechanism,
828 828 crypto_key_t *key, int kmflag)
829 829 {
830 830 int rv = CRYPTO_SUCCESS;
831 831
832 832 void *keysched;
833 833 size_t size;
834 834
835 835 if (template == NULL) {
836 836 if ((keysched = blowfish_alloc_keysched(&size, kmflag)) == NULL)
837 837 return (CRYPTO_HOST_MEMORY);
838 838 /*
839 839 * Initialize key schedule.
840 840 * Key length is stored in the key.
841 841 */
842 842 if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS)
843 843 kmem_free(keysched, size);
844 844
845 845 blowfish_ctx->bc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
846 846 blowfish_ctx->bc_keysched_len = size;
847 847 } else {
848 848 keysched = template;
849 849 }
850 850 blowfish_ctx->bc_keysched = keysched;
851 851
852 852 switch (mechanism->cm_type) {
853 853 case BLOWFISH_CBC_MECH_INFO_TYPE:
854 854 rv = cbc_init_ctx((cbc_ctx_t *)blowfish_ctx,
855 855 mechanism->cm_param, mechanism->cm_param_len,
856 856 BLOWFISH_BLOCK_LEN, blowfish_copy_block64);
857 857 break;
858 858 case BLOWFISH_ECB_MECH_INFO_TYPE:
859 859 blowfish_ctx->bc_flags |= ECB_MODE;
860 860 }
861 861
862 862 if (rv != CRYPTO_SUCCESS) {
863 863 if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
864 864 bzero(keysched, size);
865 865 kmem_free(keysched, size);
866 866 }
867 867 }
868 868
869 869 return (rv);
870 870 }
|
↓ open down ↓ |
666 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX