Print this page
fixup .text where possible
7127 remove -Wno-missing-braces from Makefile.uts
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/crypto/io/md5_mod.c
+++ new/usr/src/uts/common/crypto/io/md5_mod.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 /*
28 28 * In kernel module, the md5 module is created with two modlinkages:
29 29 * - a modlmisc that allows consumers to directly call the entry points
30 30 * MD5Init, MD5Update, and MD5Final.
31 31 * - a modlcrypto that allows the module to register with the Kernel
32 32 * Cryptographic Framework (KCF) as a software provider for the MD5
33 33 * mechanisms.
34 34 */
35 35
36 36 #include <sys/types.h>
37 37 #include <sys/systm.h>
38 38 #include <sys/modctl.h>
39 39 #include <sys/cmn_err.h>
40 40 #include <sys/ddi.h>
41 41 #include <sys/crypto/common.h>
42 42 #include <sys/crypto/spi.h>
43 43 #include <sys/sysmacros.h>
44 44 #include <sys/strsun.h>
45 45 #include <sys/note.h>
46 46 #include <sys/md5.h>
47 47
48 48 extern struct mod_ops mod_miscops;
49 49 extern struct mod_ops mod_cryptoops;
50 50
51 51 /*
52 52 * Module linkage information for the kernel.
53 53 */
54 54
55 55 static struct modlmisc modlmisc = {
56 56 &mod_miscops,
|
↓ open down ↓ |
56 lines elided |
↑ open up ↑ |
57 57 "MD5 Message-Digest Algorithm"
58 58 };
59 59
60 60 static struct modlcrypto modlcrypto = {
61 61 &mod_cryptoops,
62 62 "MD5 Kernel SW Provider"
63 63 };
64 64
65 65 static struct modlinkage modlinkage = {
66 66 MODREV_1,
67 - (void *)&modlmisc,
68 - (void *)&modlcrypto,
69 - NULL
67 + { (void *)&modlmisc,
68 + (void *)&modlcrypto,
69 + NULL }
70 70 };
71 71
72 72 /*
73 73 * CSPI information (entry points, provider info, etc.)
74 74 */
75 75
76 76 typedef enum md5_mech_type {
77 77 MD5_MECH_INFO_TYPE, /* SUN_CKM_MD5 */
78 78 MD5_HMAC_MECH_INFO_TYPE, /* SUN_CKM_MD5_HMAC */
79 79 MD5_HMAC_GEN_MECH_INFO_TYPE /* SUN_CKM_MD5_HMAC_GENERAL */
80 80 } md5_mech_type_t;
81 81
82 82 #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */
83 83 #define MD5_HMAC_BLOCK_SIZE 64 /* MD5 block size */
84 84 #define MD5_HMAC_MIN_KEY_LEN 1 /* MD5-HMAC min key length in bytes */
85 85 #define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bytes */
86 86 #define MD5_HMAC_INTS_PER_BLOCK (MD5_HMAC_BLOCK_SIZE/sizeof (uint32_t))
87 87
88 88 /*
89 89 * Context for MD5 mechanism.
90 90 */
91 91 typedef struct md5_ctx {
92 92 md5_mech_type_t mc_mech_type; /* type of context */
93 93 MD5_CTX mc_md5_ctx; /* MD5 context */
94 94 } md5_ctx_t;
95 95
96 96 /*
97 97 * Context for MD5-HMAC and MD5-HMAC-GENERAL mechanisms.
98 98 */
99 99 typedef struct md5_hmac_ctx {
100 100 md5_mech_type_t hc_mech_type; /* type of context */
101 101 uint32_t hc_digest_len; /* digest len in bytes */
102 102 MD5_CTX hc_icontext; /* inner MD5 context */
103 103 MD5_CTX hc_ocontext; /* outer MD5 context */
104 104 } md5_hmac_ctx_t;
105 105
106 106 /*
107 107 * Macros to access the MD5 or MD5-HMAC contexts from a context passed
108 108 * by KCF to one of the entry points.
109 109 */
110 110
111 111 #define PROV_MD5_CTX(ctx) ((md5_ctx_t *)(ctx)->cc_provider_private)
112 112 #define PROV_MD5_HMAC_CTX(ctx) ((md5_hmac_ctx_t *)(ctx)->cc_provider_private)
113 113 /* to extract the digest length passed as mechanism parameter */
114 114
115 115 #define PROV_MD5_GET_DIGEST_LEN(m, len) { \
116 116 if (IS_P2ALIGNED((m)->cm_param, sizeof (ulong_t))) \
117 117 (len) = (uint32_t)*((ulong_t *)(void *)mechanism->cm_param); \
118 118 else { \
119 119 ulong_t tmp_ulong; \
120 120 bcopy((m)->cm_param, &tmp_ulong, sizeof (ulong_t)); \
121 121 (len) = (uint32_t)tmp_ulong; \
122 122 } \
123 123 }
124 124
125 125 #define PROV_MD5_DIGEST_KEY(ctx, key, len, digest) { \
126 126 MD5Init(ctx); \
127 127 MD5Update(ctx, key, len); \
128 128 MD5Final(digest, ctx); \
129 129 }
130 130
131 131 /*
132 132 * Mechanism info structure passed to KCF during registration.
133 133 */
134 134 static crypto_mech_info_t md5_mech_info_tab[] = {
135 135 /* MD5 */
136 136 {SUN_CKM_MD5, MD5_MECH_INFO_TYPE,
137 137 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
138 138 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
139 139 /* MD5-HMAC */
140 140 {SUN_CKM_MD5_HMAC, MD5_HMAC_MECH_INFO_TYPE,
141 141 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
142 142 MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN,
143 143 CRYPTO_KEYSIZE_UNIT_IN_BYTES},
144 144 /* MD5-HMAC GENERAL */
145 145 {SUN_CKM_MD5_HMAC_GENERAL, MD5_HMAC_GEN_MECH_INFO_TYPE,
146 146 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
147 147 MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN,
148 148 CRYPTO_KEYSIZE_UNIT_IN_BYTES}
149 149 };
150 150
151 151 static void md5_provider_status(crypto_provider_handle_t, uint_t *);
152 152
153 153 static crypto_control_ops_t md5_control_ops = {
154 154 md5_provider_status
155 155 };
156 156
157 157 static int md5_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
158 158 crypto_req_handle_t);
159 159 static int md5_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
160 160 crypto_req_handle_t);
161 161 static int md5_digest_update(crypto_ctx_t *, crypto_data_t *,
162 162 crypto_req_handle_t);
163 163 static int md5_digest_final(crypto_ctx_t *, crypto_data_t *,
164 164 crypto_req_handle_t);
165 165 static int md5_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
166 166 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
167 167 crypto_req_handle_t);
168 168
169 169 static crypto_digest_ops_t md5_digest_ops = {
170 170 md5_digest_init,
171 171 md5_digest,
172 172 md5_digest_update,
173 173 NULL,
174 174 md5_digest_final,
175 175 md5_digest_atomic
176 176 };
177 177
178 178 static int md5_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
179 179 crypto_spi_ctx_template_t, crypto_req_handle_t);
180 180 static int md5_mac_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
181 181 static int md5_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
182 182 static int md5_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
183 183 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
184 184 crypto_spi_ctx_template_t, crypto_req_handle_t);
185 185 static int md5_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
186 186 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
187 187 crypto_spi_ctx_template_t, crypto_req_handle_t);
188 188
189 189 static crypto_mac_ops_t md5_mac_ops = {
190 190 md5_mac_init,
191 191 NULL,
192 192 md5_mac_update,
193 193 md5_mac_final,
194 194 md5_mac_atomic,
195 195 md5_mac_verify_atomic
196 196 };
197 197
198 198 static int md5_create_ctx_template(crypto_provider_handle_t,
|
↓ open down ↓ |
119 lines elided |
↑ open up ↑ |
199 199 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
200 200 size_t *, crypto_req_handle_t);
201 201 static int md5_free_context(crypto_ctx_t *);
202 202
203 203 static crypto_ctx_ops_t md5_ctx_ops = {
204 204 md5_create_ctx_template,
205 205 md5_free_context
206 206 };
207 207
208 208 static crypto_ops_t md5_crypto_ops = {
209 - &md5_control_ops,
210 - &md5_digest_ops,
211 - NULL,
212 - &md5_mac_ops,
213 - NULL,
214 - NULL,
215 - NULL,
216 - NULL,
217 - NULL,
218 - NULL,
219 - NULL,
220 - NULL,
221 - NULL,
222 - &md5_ctx_ops
209 + .co_control_ops = &md5_control_ops,
210 + .co_digest_ops = &md5_digest_ops,
211 + .co_cipher_ops = NULL,
212 + .co_mac_ops = &md5_mac_ops,
213 + .co_sign_ops = NULL,
214 + .co_verify_ops = NULL,
215 + .co_dual_ops = NULL,
216 + .co_dual_cipher_mac_ops = NULL,
217 + .co_random_ops = NULL,
218 + .co_session_ops = NULL,
219 + .co_object_ops = NULL,
220 + .co_key_ops = NULL,
221 + .co_provider_ops = NULL,
222 + .co_ctx_ops = &md5_ctx_ops
223 223 };
224 224
225 -static crypto_provider_info_t md5_prov_info = {
225 +static crypto_provider_info_t md5_prov_info = {{{{
226 226 CRYPTO_SPI_VERSION_1,
227 227 "MD5 Software Provider",
228 228 CRYPTO_SW_PROVIDER,
229 229 {&modlinkage},
230 230 NULL,
231 231 &md5_crypto_ops,
232 232 sizeof (md5_mech_info_tab)/sizeof (crypto_mech_info_t),
233 233 md5_mech_info_tab
234 -};
234 +}}}};
235 235
236 236 static crypto_kcf_provider_handle_t md5_prov_handle = NULL;
237 237
238 238 int
239 239 _init(void)
240 240 {
241 241 int ret;
242 242
243 243 if ((ret = mod_install(&modlinkage)) != 0)
244 244 return (ret);
245 245
246 246 /*
247 247 * Register with KCF. If the registration fails, do not uninstall the
248 248 * module, since the functionality provided by misc/md5 should still be
249 249 * available.
250 250 */
251 251 (void) crypto_register_provider(&md5_prov_info, &md5_prov_handle);
252 252
253 253 return (0);
254 254 }
255 255
256 256 int
257 257 _fini(void)
258 258 {
259 259 int ret;
260 260
261 261 /*
262 262 * Unregister from KCF if previous registration succeeded.
263 263 */
264 264 if (md5_prov_handle != NULL) {
265 265 if ((ret = crypto_unregister_provider(md5_prov_handle)) !=
266 266 CRYPTO_SUCCESS)
267 267 return (ret);
268 268
269 269 md5_prov_handle = NULL;
270 270 }
271 271
272 272 return (mod_remove(&modlinkage));
273 273 }
274 274
275 275 int
276 276 _info(struct modinfo *modinfop)
277 277 {
278 278 return (mod_info(&modlinkage, modinfop));
279 279 }
280 280
281 281 /*
282 282 * KCF software provider control entry points.
283 283 */
284 284 /* ARGSUSED */
285 285 static void
286 286 md5_provider_status(crypto_provider_handle_t provider, uint_t *status)
287 287 {
288 288 *status = CRYPTO_PROVIDER_READY;
289 289 }
290 290
291 291 /*
292 292 * KCF software provider digest entry points.
293 293 */
294 294
295 295 static int
296 296 md5_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
297 297 crypto_req_handle_t req)
298 298 {
299 299 if (mechanism->cm_type != MD5_MECH_INFO_TYPE)
300 300 return (CRYPTO_MECHANISM_INVALID);
301 301
302 302 /*
303 303 * Allocate and initialize MD5 context.
304 304 */
305 305 ctx->cc_provider_private = kmem_alloc(sizeof (md5_ctx_t),
306 306 crypto_kmflag(req));
307 307 if (ctx->cc_provider_private == NULL)
308 308 return (CRYPTO_HOST_MEMORY);
309 309
310 310 PROV_MD5_CTX(ctx)->mc_mech_type = MD5_MECH_INFO_TYPE;
311 311 MD5Init(&PROV_MD5_CTX(ctx)->mc_md5_ctx);
312 312
313 313 return (CRYPTO_SUCCESS);
314 314 }
315 315
316 316 /*
317 317 * Helper MD5 digest update function for uio data.
318 318 */
319 319 static int
320 320 md5_digest_update_uio(MD5_CTX *md5_ctx, crypto_data_t *data)
321 321 {
322 322 off_t offset = data->cd_offset;
323 323 size_t length = data->cd_length;
324 324 uint_t vec_idx;
325 325 size_t cur_len;
326 326
327 327 /* we support only kernel buffer */
328 328 if (data->cd_uio->uio_segflg != UIO_SYSSPACE)
329 329 return (CRYPTO_ARGUMENTS_BAD);
330 330
331 331 /*
332 332 * Jump to the first iovec containing data to be
333 333 * digested.
334 334 */
335 335 for (vec_idx = 0; vec_idx < data->cd_uio->uio_iovcnt &&
336 336 offset >= data->cd_uio->uio_iov[vec_idx].iov_len;
337 337 offset -= data->cd_uio->uio_iov[vec_idx++].iov_len)
338 338 ;
339 339 if (vec_idx == data->cd_uio->uio_iovcnt) {
340 340 /*
341 341 * The caller specified an offset that is larger than the
342 342 * total size of the buffers it provided.
343 343 */
344 344 return (CRYPTO_DATA_LEN_RANGE);
345 345 }
346 346
347 347 /*
348 348 * Now do the digesting on the iovecs.
349 349 */
350 350 while (vec_idx < data->cd_uio->uio_iovcnt && length > 0) {
351 351 cur_len = MIN(data->cd_uio->uio_iov[vec_idx].iov_len -
352 352 offset, length);
353 353
354 354 MD5Update(md5_ctx, data->cd_uio->uio_iov[vec_idx].iov_base +
355 355 offset, cur_len);
356 356
357 357 length -= cur_len;
358 358 vec_idx++;
359 359 offset = 0;
360 360 }
361 361
362 362 if (vec_idx == data->cd_uio->uio_iovcnt && length > 0) {
363 363 /*
364 364 * The end of the specified iovec's was reached but
365 365 * the length requested could not be processed, i.e.
366 366 * The caller requested to digest more data than it provided.
367 367 */
368 368 return (CRYPTO_DATA_LEN_RANGE);
369 369 }
370 370
371 371 return (CRYPTO_SUCCESS);
372 372 }
373 373
374 374 /*
375 375 * Helper MD5 digest final function for uio data.
376 376 * digest_len is the length of the desired digest. If digest_len
377 377 * is smaller than the default MD5 digest length, the caller
378 378 * must pass a scratch buffer, digest_scratch, which must
379 379 * be at least MD5_DIGEST_LENGTH bytes.
380 380 */
381 381 static int
382 382 md5_digest_final_uio(MD5_CTX *md5_ctx, crypto_data_t *digest,
383 383 ulong_t digest_len, uchar_t *digest_scratch)
384 384 {
385 385 off_t offset = digest->cd_offset;
386 386 uint_t vec_idx;
387 387
388 388 /* we support only kernel buffer */
389 389 if (digest->cd_uio->uio_segflg != UIO_SYSSPACE)
390 390 return (CRYPTO_ARGUMENTS_BAD);
391 391
392 392 /*
393 393 * Jump to the first iovec containing ptr to the digest to
394 394 * be returned.
395 395 */
396 396 for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len &&
397 397 vec_idx < digest->cd_uio->uio_iovcnt;
398 398 offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len)
399 399 ;
400 400 if (vec_idx == digest->cd_uio->uio_iovcnt) {
401 401 /*
402 402 * The caller specified an offset that is
403 403 * larger than the total size of the buffers
404 404 * it provided.
405 405 */
406 406 return (CRYPTO_DATA_LEN_RANGE);
407 407 }
408 408
409 409 if (offset + digest_len <=
410 410 digest->cd_uio->uio_iov[vec_idx].iov_len) {
411 411 /*
412 412 * The computed MD5 digest will fit in the current
413 413 * iovec.
414 414 */
415 415 if (digest_len != MD5_DIGEST_LENGTH) {
416 416 /*
417 417 * The caller requested a short digest. Digest
418 418 * into a scratch buffer and return to
419 419 * the user only what was requested.
420 420 */
421 421 MD5Final(digest_scratch, md5_ctx);
422 422 bcopy(digest_scratch, (uchar_t *)digest->
423 423 cd_uio->uio_iov[vec_idx].iov_base + offset,
424 424 digest_len);
425 425 } else {
426 426 MD5Final((uchar_t *)digest->
427 427 cd_uio->uio_iov[vec_idx].iov_base + offset,
428 428 md5_ctx);
429 429 }
430 430 } else {
431 431 /*
432 432 * The computed digest will be crossing one or more iovec's.
433 433 * This is bad performance-wise but we need to support it.
434 434 * Allocate a small scratch buffer on the stack and
435 435 * copy it piece meal to the specified digest iovec's.
436 436 */
437 437 uchar_t digest_tmp[MD5_DIGEST_LENGTH];
438 438 off_t scratch_offset = 0;
439 439 size_t length = digest_len;
440 440 size_t cur_len;
441 441
442 442 MD5Final(digest_tmp, md5_ctx);
443 443
444 444 while (vec_idx < digest->cd_uio->uio_iovcnt && length > 0) {
445 445 cur_len = MIN(digest->cd_uio->uio_iov[vec_idx].iov_len -
446 446 offset, length);
447 447 bcopy(digest_tmp + scratch_offset,
448 448 digest->cd_uio->uio_iov[vec_idx].iov_base + offset,
449 449 cur_len);
450 450
451 451 length -= cur_len;
452 452 vec_idx++;
453 453 scratch_offset += cur_len;
454 454 offset = 0;
455 455 }
456 456
457 457 if (vec_idx == digest->cd_uio->uio_iovcnt && length > 0) {
458 458 /*
459 459 * The end of the specified iovec's was reached but
460 460 * the length requested could not be processed, i.e.
461 461 * The caller requested to digest more data than it
462 462 * provided.
463 463 */
464 464 return (CRYPTO_DATA_LEN_RANGE);
465 465 }
466 466 }
467 467
468 468 return (CRYPTO_SUCCESS);
469 469 }
470 470
471 471 /*
472 472 * Helper MD5 digest update for mblk's.
473 473 */
474 474 static int
475 475 md5_digest_update_mblk(MD5_CTX *md5_ctx, crypto_data_t *data)
476 476 {
477 477 off_t offset = data->cd_offset;
478 478 size_t length = data->cd_length;
479 479 mblk_t *mp;
480 480 size_t cur_len;
481 481
482 482 /*
483 483 * Jump to the first mblk_t containing data to be digested.
484 484 */
485 485 for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp);
486 486 offset -= MBLKL(mp), mp = mp->b_cont)
487 487 ;
488 488 if (mp == NULL) {
489 489 /*
490 490 * The caller specified an offset that is larger than the
491 491 * total size of the buffers it provided.
492 492 */
493 493 return (CRYPTO_DATA_LEN_RANGE);
494 494 }
495 495
496 496 /*
497 497 * Now do the digesting on the mblk chain.
498 498 */
499 499 while (mp != NULL && length > 0) {
500 500 cur_len = MIN(MBLKL(mp) - offset, length);
501 501 MD5Update(md5_ctx, mp->b_rptr + offset, cur_len);
502 502 length -= cur_len;
503 503 offset = 0;
504 504 mp = mp->b_cont;
505 505 }
506 506
507 507 if (mp == NULL && length > 0) {
508 508 /*
509 509 * The end of the mblk was reached but the length requested
510 510 * could not be processed, i.e. The caller requested
511 511 * to digest more data than it provided.
512 512 */
513 513 return (CRYPTO_DATA_LEN_RANGE);
514 514 }
515 515
516 516 return (CRYPTO_SUCCESS);
517 517 }
518 518
519 519 /*
520 520 * Helper MD5 digest final for mblk's.
521 521 * digest_len is the length of the desired digest. If digest_len
522 522 * is smaller than the default MD5 digest length, the caller
523 523 * must pass a scratch buffer, digest_scratch, which must
524 524 * be at least MD5_DIGEST_LENGTH bytes.
525 525 */
526 526 static int
527 527 md5_digest_final_mblk(MD5_CTX *md5_ctx, crypto_data_t *digest,
528 528 ulong_t digest_len, uchar_t *digest_scratch)
529 529 {
530 530 off_t offset = digest->cd_offset;
531 531 mblk_t *mp;
532 532
533 533 /*
534 534 * Jump to the first mblk_t that will be used to store the digest.
535 535 */
536 536 for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp);
537 537 offset -= MBLKL(mp), mp = mp->b_cont)
538 538 ;
539 539 if (mp == NULL) {
540 540 /*
541 541 * The caller specified an offset that is larger than the
542 542 * total size of the buffers it provided.
543 543 */
544 544 return (CRYPTO_DATA_LEN_RANGE);
545 545 }
546 546
547 547 if (offset + digest_len <= MBLKL(mp)) {
548 548 /*
549 549 * The computed MD5 digest will fit in the current mblk.
550 550 * Do the MD5Final() in-place.
551 551 */
552 552 if (digest_len != MD5_DIGEST_LENGTH) {
553 553 /*
554 554 * The caller requested a short digest. Digest
555 555 * into a scratch buffer and return to
556 556 * the user only what was requested.
557 557 */
558 558 MD5Final(digest_scratch, md5_ctx);
559 559 bcopy(digest_scratch, mp->b_rptr + offset, digest_len);
560 560 } else {
561 561 MD5Final(mp->b_rptr + offset, md5_ctx);
562 562 }
563 563 } else {
564 564 /*
565 565 * The computed digest will be crossing one or more mblk's.
566 566 * This is bad performance-wise but we need to support it.
567 567 * Allocate a small scratch buffer on the stack and
568 568 * copy it piece meal to the specified digest iovec's.
569 569 */
570 570 uchar_t digest_tmp[MD5_DIGEST_LENGTH];
571 571 off_t scratch_offset = 0;
572 572 size_t length = digest_len;
573 573 size_t cur_len;
574 574
575 575 MD5Final(digest_tmp, md5_ctx);
576 576
577 577 while (mp != NULL && length > 0) {
578 578 cur_len = MIN(MBLKL(mp) - offset, length);
579 579 bcopy(digest_tmp + scratch_offset,
580 580 mp->b_rptr + offset, cur_len);
581 581
582 582 length -= cur_len;
583 583 mp = mp->b_cont;
584 584 scratch_offset += cur_len;
585 585 offset = 0;
586 586 }
587 587
588 588 if (mp == NULL && length > 0) {
589 589 /*
590 590 * The end of the specified mblk was reached but
591 591 * the length requested could not be processed, i.e.
592 592 * The caller requested to digest more data than it
593 593 * provided.
594 594 */
595 595 return (CRYPTO_DATA_LEN_RANGE);
596 596 }
597 597 }
598 598
599 599 return (CRYPTO_SUCCESS);
600 600 }
601 601
602 602 /* ARGSUSED */
603 603 static int
604 604 md5_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
605 605 crypto_req_handle_t req)
606 606 {
607 607 int ret = CRYPTO_SUCCESS;
608 608
609 609 ASSERT(ctx->cc_provider_private != NULL);
610 610
611 611 /*
612 612 * We need to just return the length needed to store the output.
613 613 * We should not destroy the context for the following cases.
614 614 */
615 615 if ((digest->cd_length == 0) ||
616 616 (digest->cd_length < MD5_DIGEST_LENGTH)) {
617 617 digest->cd_length = MD5_DIGEST_LENGTH;
618 618 return (CRYPTO_BUFFER_TOO_SMALL);
619 619 }
620 620
621 621 /*
622 622 * Do the MD5 update on the specified input data.
623 623 */
624 624 switch (data->cd_format) {
625 625 case CRYPTO_DATA_RAW:
626 626 MD5Update(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
627 627 data->cd_raw.iov_base + data->cd_offset,
628 628 data->cd_length);
629 629 break;
630 630 case CRYPTO_DATA_UIO:
631 631 ret = md5_digest_update_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
632 632 data);
633 633 break;
634 634 case CRYPTO_DATA_MBLK:
635 635 ret = md5_digest_update_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
636 636 data);
637 637 break;
638 638 default:
639 639 ret = CRYPTO_ARGUMENTS_BAD;
640 640 }
641 641
642 642 if (ret != CRYPTO_SUCCESS) {
643 643 /* the update failed, free context and bail */
644 644 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t));
645 645 ctx->cc_provider_private = NULL;
646 646 digest->cd_length = 0;
647 647 return (ret);
648 648 }
649 649
650 650 /*
651 651 * Do an MD5 final, must be done separately since the digest
652 652 * type can be different than the input data type.
653 653 */
654 654 switch (digest->cd_format) {
655 655 case CRYPTO_DATA_RAW:
656 656 MD5Final((unsigned char *)digest->cd_raw.iov_base +
657 657 digest->cd_offset, &PROV_MD5_CTX(ctx)->mc_md5_ctx);
658 658 break;
659 659 case CRYPTO_DATA_UIO:
660 660 ret = md5_digest_final_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
661 661 digest, MD5_DIGEST_LENGTH, NULL);
662 662 break;
663 663 case CRYPTO_DATA_MBLK:
664 664 ret = md5_digest_final_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
665 665 digest, MD5_DIGEST_LENGTH, NULL);
666 666 break;
667 667 default:
668 668 ret = CRYPTO_ARGUMENTS_BAD;
669 669 }
670 670
671 671 /* all done, free context and return */
672 672
673 673 if (ret == CRYPTO_SUCCESS) {
674 674 digest->cd_length = MD5_DIGEST_LENGTH;
675 675 } else {
676 676 digest->cd_length = 0;
677 677 }
678 678
679 679 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t));
680 680 ctx->cc_provider_private = NULL;
681 681 return (ret);
682 682 }
683 683
684 684 /* ARGSUSED */
685 685 static int
686 686 md5_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
687 687 crypto_req_handle_t req)
688 688 {
689 689 int ret = CRYPTO_SUCCESS;
690 690
691 691 ASSERT(ctx->cc_provider_private != NULL);
692 692
693 693 /*
694 694 * Do the MD5 update on the specified input data.
695 695 */
696 696 switch (data->cd_format) {
697 697 case CRYPTO_DATA_RAW:
698 698 MD5Update(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
699 699 data->cd_raw.iov_base + data->cd_offset,
700 700 data->cd_length);
701 701 break;
702 702 case CRYPTO_DATA_UIO:
703 703 ret = md5_digest_update_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
704 704 data);
705 705 break;
706 706 case CRYPTO_DATA_MBLK:
707 707 ret = md5_digest_update_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
708 708 data);
709 709 break;
710 710 default:
711 711 ret = CRYPTO_ARGUMENTS_BAD;
712 712 }
713 713
714 714 return (ret);
715 715 }
716 716
717 717 /* ARGSUSED */
718 718 static int
719 719 md5_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
720 720 crypto_req_handle_t req)
721 721 {
722 722 int ret = CRYPTO_SUCCESS;
723 723
724 724 ASSERT(ctx->cc_provider_private != NULL);
725 725
726 726 /*
727 727 * We need to just return the length needed to store the output.
728 728 * We should not destroy the context for the following cases.
729 729 */
730 730 if ((digest->cd_length == 0) ||
731 731 (digest->cd_length < MD5_DIGEST_LENGTH)) {
732 732 digest->cd_length = MD5_DIGEST_LENGTH;
733 733 return (CRYPTO_BUFFER_TOO_SMALL);
734 734 }
735 735
736 736 /*
737 737 * Do an MD5 final.
738 738 */
739 739 switch (digest->cd_format) {
740 740 case CRYPTO_DATA_RAW:
741 741 MD5Final((unsigned char *)digest->cd_raw.iov_base +
742 742 digest->cd_offset, &PROV_MD5_CTX(ctx)->mc_md5_ctx);
743 743 break;
744 744 case CRYPTO_DATA_UIO:
745 745 ret = md5_digest_final_uio(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
746 746 digest, MD5_DIGEST_LENGTH, NULL);
747 747 break;
748 748 case CRYPTO_DATA_MBLK:
749 749 ret = md5_digest_final_mblk(&PROV_MD5_CTX(ctx)->mc_md5_ctx,
750 750 digest, MD5_DIGEST_LENGTH, NULL);
751 751 break;
752 752 default:
753 753 ret = CRYPTO_ARGUMENTS_BAD;
754 754 }
755 755
756 756 /* all done, free context and return */
757 757
758 758 if (ret == CRYPTO_SUCCESS) {
759 759 digest->cd_length = MD5_DIGEST_LENGTH;
760 760 } else {
761 761 digest->cd_length = 0;
762 762 }
763 763
764 764 kmem_free(ctx->cc_provider_private, sizeof (md5_ctx_t));
765 765 ctx->cc_provider_private = NULL;
766 766
767 767 return (ret);
768 768 }
769 769
770 770 /* ARGSUSED */
771 771 static int
772 772 md5_digest_atomic(crypto_provider_handle_t provider,
773 773 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
774 774 crypto_data_t *data, crypto_data_t *digest,
775 775 crypto_req_handle_t req)
776 776 {
777 777 int ret = CRYPTO_SUCCESS;
778 778 MD5_CTX md5_ctx;
779 779
780 780 if (mechanism->cm_type != MD5_MECH_INFO_TYPE)
781 781 return (CRYPTO_MECHANISM_INVALID);
782 782
783 783 /*
784 784 * Do the MD5 init.
785 785 */
786 786 MD5Init(&md5_ctx);
787 787
788 788 /*
789 789 * Do the MD5 update on the specified input data.
790 790 */
791 791 switch (data->cd_format) {
792 792 case CRYPTO_DATA_RAW:
793 793 MD5Update(&md5_ctx, data->cd_raw.iov_base + data->cd_offset,
794 794 data->cd_length);
795 795 break;
796 796 case CRYPTO_DATA_UIO:
797 797 ret = md5_digest_update_uio(&md5_ctx, data);
798 798 break;
799 799 case CRYPTO_DATA_MBLK:
800 800 ret = md5_digest_update_mblk(&md5_ctx, data);
801 801 break;
802 802 default:
803 803 ret = CRYPTO_ARGUMENTS_BAD;
804 804 }
805 805
806 806 if (ret != CRYPTO_SUCCESS) {
807 807 /* the update failed, bail */
808 808 digest->cd_length = 0;
809 809 return (ret);
810 810 }
811 811
812 812 /*
813 813 * Do an MD5 final, must be done separately since the digest
814 814 * type can be different than the input data type.
815 815 */
816 816 switch (digest->cd_format) {
817 817 case CRYPTO_DATA_RAW:
818 818 MD5Final((unsigned char *)digest->cd_raw.iov_base +
819 819 digest->cd_offset, &md5_ctx);
820 820 break;
821 821 case CRYPTO_DATA_UIO:
822 822 ret = md5_digest_final_uio(&md5_ctx, digest,
823 823 MD5_DIGEST_LENGTH, NULL);
824 824 break;
825 825 case CRYPTO_DATA_MBLK:
826 826 ret = md5_digest_final_mblk(&md5_ctx, digest,
827 827 MD5_DIGEST_LENGTH, NULL);
828 828 break;
829 829 default:
830 830 ret = CRYPTO_ARGUMENTS_BAD;
831 831 }
832 832
833 833 if (ret == CRYPTO_SUCCESS) {
834 834 digest->cd_length = MD5_DIGEST_LENGTH;
835 835 } else {
836 836 digest->cd_length = 0;
837 837 }
838 838
839 839 return (ret);
840 840 }
841 841
842 842 /*
843 843 * KCF software provider mac entry points.
844 844 *
845 845 * MD5 HMAC is: MD5(key XOR opad, MD5(key XOR ipad, text))
846 846 *
847 847 * Init:
848 848 * The initialization routine initializes what we denote
849 849 * as the inner and outer contexts by doing
850 850 * - for inner context: MD5(key XOR ipad)
851 851 * - for outer context: MD5(key XOR opad)
852 852 *
853 853 * Update:
854 854 * Each subsequent MD5 HMAC update will result in an
855 855 * update of the inner context with the specified data.
856 856 *
857 857 * Final:
858 858 * The MD5 HMAC final will do a MD5 final operation on the
859 859 * inner context, and the resulting digest will be used
860 860 * as the data for an update on the outer context. Last
861 861 * but not least, an MD5 final on the outer context will
862 862 * be performed to obtain the MD5 HMAC digest to return
863 863 * to the user.
864 864 */
865 865
866 866 /*
867 867 * Initialize a MD5-HMAC context.
868 868 */
869 869 static void
870 870 md5_mac_init_ctx(md5_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
871 871 {
872 872 uint32_t ipad[MD5_HMAC_INTS_PER_BLOCK];
873 873 uint32_t opad[MD5_HMAC_INTS_PER_BLOCK];
874 874 uint_t i;
875 875
876 876 bzero(ipad, MD5_HMAC_BLOCK_SIZE);
877 877 bzero(opad, MD5_HMAC_BLOCK_SIZE);
878 878
879 879 bcopy(keyval, ipad, length_in_bytes);
880 880 bcopy(keyval, opad, length_in_bytes);
881 881
882 882 /* XOR key with ipad (0x36) and opad (0x5c) */
883 883 for (i = 0; i < MD5_HMAC_INTS_PER_BLOCK; i++) {
884 884 ipad[i] ^= 0x36363636;
885 885 opad[i] ^= 0x5c5c5c5c;
886 886 }
887 887
888 888 /* perform MD5 on ipad */
889 889 MD5Init(&ctx->hc_icontext);
890 890 MD5Update(&ctx->hc_icontext, ipad, MD5_HMAC_BLOCK_SIZE);
891 891
892 892 /* perform MD5 on opad */
893 893 MD5Init(&ctx->hc_ocontext);
894 894 MD5Update(&ctx->hc_ocontext, opad, MD5_HMAC_BLOCK_SIZE);
895 895 }
896 896
897 897 /*
898 898 * Initializes a multi-part MAC operation.
899 899 */
900 900 static int
901 901 md5_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
902 902 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
903 903 crypto_req_handle_t req)
904 904 {
905 905 int ret = CRYPTO_SUCCESS;
906 906 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
907 907
908 908 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE &&
909 909 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)
910 910 return (CRYPTO_MECHANISM_INVALID);
911 911
912 912 /* Add support for key by attributes (RFE 4706552) */
913 913 if (key->ck_format != CRYPTO_KEY_RAW)
914 914 return (CRYPTO_ARGUMENTS_BAD);
915 915
916 916 ctx->cc_provider_private = kmem_alloc(sizeof (md5_hmac_ctx_t),
917 917 crypto_kmflag(req));
918 918 if (ctx->cc_provider_private == NULL)
919 919 return (CRYPTO_HOST_MEMORY);
920 920
921 921 if (ctx_template != NULL) {
922 922 /* reuse context template */
923 923 bcopy(ctx_template, PROV_MD5_HMAC_CTX(ctx),
924 924 sizeof (md5_hmac_ctx_t));
925 925 } else {
926 926 /* no context template, compute context */
927 927 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
928 928 uchar_t digested_key[MD5_DIGEST_LENGTH];
929 929 md5_hmac_ctx_t *hmac_ctx = ctx->cc_provider_private;
930 930
931 931 /*
932 932 * Hash the passed-in key to get a smaller key.
933 933 * The inner context is used since it hasn't been
934 934 * initialized yet.
935 935 */
936 936 PROV_MD5_DIGEST_KEY(&hmac_ctx->hc_icontext,
937 937 key->ck_data, keylen_in_bytes, digested_key);
938 938 md5_mac_init_ctx(PROV_MD5_HMAC_CTX(ctx),
939 939 digested_key, MD5_DIGEST_LENGTH);
940 940 } else {
941 941 md5_mac_init_ctx(PROV_MD5_HMAC_CTX(ctx),
942 942 key->ck_data, keylen_in_bytes);
943 943 }
944 944 }
945 945
946 946 /*
947 947 * Get the mechanism parameters, if applicable.
948 948 */
949 949 PROV_MD5_HMAC_CTX(ctx)->hc_mech_type = mechanism->cm_type;
950 950 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) {
951 951 if (mechanism->cm_param == NULL ||
952 952 mechanism->cm_param_len != sizeof (ulong_t))
953 953 ret = CRYPTO_MECHANISM_PARAM_INVALID;
954 954 PROV_MD5_GET_DIGEST_LEN(mechanism,
955 955 PROV_MD5_HMAC_CTX(ctx)->hc_digest_len);
956 956 if (PROV_MD5_HMAC_CTX(ctx)->hc_digest_len >
957 957 MD5_DIGEST_LENGTH)
958 958 ret = CRYPTO_MECHANISM_PARAM_INVALID;
959 959 }
960 960
961 961 if (ret != CRYPTO_SUCCESS) {
962 962 bzero(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
963 963 kmem_free(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
964 964 ctx->cc_provider_private = NULL;
965 965 }
966 966
967 967 return (ret);
968 968 }
969 969
970 970
971 971 /* ARGSUSED */
972 972 static int
973 973 md5_mac_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
974 974 {
975 975 int ret = CRYPTO_SUCCESS;
976 976
977 977 ASSERT(ctx->cc_provider_private != NULL);
978 978
979 979 /*
980 980 * Do an MD5 update of the inner context using the specified
981 981 * data.
982 982 */
983 983 switch (data->cd_format) {
984 984 case CRYPTO_DATA_RAW:
985 985 MD5Update(&PROV_MD5_HMAC_CTX(ctx)->hc_icontext,
986 986 data->cd_raw.iov_base + data->cd_offset,
987 987 data->cd_length);
988 988 break;
989 989 case CRYPTO_DATA_UIO:
990 990 ret = md5_digest_update_uio(
991 991 &PROV_MD5_HMAC_CTX(ctx)->hc_icontext, data);
992 992 break;
993 993 case CRYPTO_DATA_MBLK:
994 994 ret = md5_digest_update_mblk(
995 995 &PROV_MD5_HMAC_CTX(ctx)->hc_icontext, data);
996 996 break;
997 997 default:
998 998 ret = CRYPTO_ARGUMENTS_BAD;
999 999 }
1000 1000
1001 1001 return (ret);
1002 1002 }
1003 1003
1004 1004 /* ARGSUSED */
1005 1005 static int
1006 1006 md5_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
1007 1007 {
1008 1008 int ret = CRYPTO_SUCCESS;
1009 1009 uchar_t digest[MD5_DIGEST_LENGTH];
1010 1010 uint32_t digest_len = MD5_DIGEST_LENGTH;
1011 1011
1012 1012 ASSERT(ctx->cc_provider_private != NULL);
1013 1013
1014 1014 if (PROV_MD5_HMAC_CTX(ctx)->hc_mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE)
1015 1015 digest_len = PROV_MD5_HMAC_CTX(ctx)->hc_digest_len;
1016 1016
1017 1017 /*
1018 1018 * We need to just return the length needed to store the output.
1019 1019 * We should not destroy the context for the following cases.
1020 1020 */
1021 1021 if ((mac->cd_length == 0) || (mac->cd_length < digest_len)) {
1022 1022 mac->cd_length = digest_len;
1023 1023 return (CRYPTO_BUFFER_TOO_SMALL);
1024 1024 }
1025 1025
1026 1026 /*
1027 1027 * Do an MD5 final on the inner context.
1028 1028 */
1029 1029 MD5Final(digest, &PROV_MD5_HMAC_CTX(ctx)->hc_icontext);
1030 1030
1031 1031 /*
1032 1032 * Do an MD5 update on the outer context, feeding the inner
1033 1033 * digest as data.
1034 1034 */
1035 1035 MD5Update(&PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, digest,
1036 1036 MD5_DIGEST_LENGTH);
1037 1037
1038 1038 /*
1039 1039 * Do an MD5 final on the outer context, storing the computing
1040 1040 * digest in the users buffer.
1041 1041 */
1042 1042 switch (mac->cd_format) {
1043 1043 case CRYPTO_DATA_RAW:
1044 1044 if (digest_len != MD5_DIGEST_LENGTH) {
1045 1045 /*
1046 1046 * The caller requested a short digest. Digest
1047 1047 * into a scratch buffer and return to
1048 1048 * the user only what was requested.
1049 1049 */
1050 1050 MD5Final(digest,
1051 1051 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext);
1052 1052 bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1053 1053 mac->cd_offset, digest_len);
1054 1054 } else {
1055 1055 MD5Final((unsigned char *)mac->cd_raw.iov_base +
1056 1056 mac->cd_offset,
1057 1057 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext);
1058 1058 }
1059 1059 break;
1060 1060 case CRYPTO_DATA_UIO:
1061 1061 ret = md5_digest_final_uio(
1062 1062 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, mac,
1063 1063 digest_len, digest);
1064 1064 break;
1065 1065 case CRYPTO_DATA_MBLK:
1066 1066 ret = md5_digest_final_mblk(
1067 1067 &PROV_MD5_HMAC_CTX(ctx)->hc_ocontext, mac,
1068 1068 digest_len, digest);
1069 1069 break;
1070 1070 default:
1071 1071 ret = CRYPTO_ARGUMENTS_BAD;
1072 1072 }
1073 1073
1074 1074 if (ret == CRYPTO_SUCCESS) {
1075 1075 mac->cd_length = digest_len;
1076 1076 } else {
1077 1077 mac->cd_length = 0;
1078 1078 }
1079 1079
1080 1080 bzero(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
1081 1081 kmem_free(ctx->cc_provider_private, sizeof (md5_hmac_ctx_t));
1082 1082 ctx->cc_provider_private = NULL;
1083 1083
1084 1084 return (ret);
1085 1085 }
1086 1086
1087 1087 #define MD5_MAC_UPDATE(data, ctx, ret) { \
1088 1088 switch (data->cd_format) { \
1089 1089 case CRYPTO_DATA_RAW: \
1090 1090 MD5Update(&(ctx).hc_icontext, \
1091 1091 data->cd_raw.iov_base + data->cd_offset, \
1092 1092 data->cd_length); \
1093 1093 break; \
1094 1094 case CRYPTO_DATA_UIO: \
1095 1095 ret = md5_digest_update_uio(&(ctx).hc_icontext, data); \
1096 1096 break; \
1097 1097 case CRYPTO_DATA_MBLK: \
1098 1098 ret = md5_digest_update_mblk(&(ctx).hc_icontext, \
1099 1099 data); \
1100 1100 break; \
1101 1101 default: \
1102 1102 ret = CRYPTO_ARGUMENTS_BAD; \
1103 1103 } \
1104 1104 }
1105 1105
1106 1106
1107 1107 /* ARGSUSED */
1108 1108 static int
1109 1109 md5_mac_atomic(crypto_provider_handle_t provider,
1110 1110 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1111 1111 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1112 1112 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1113 1113 {
1114 1114 int ret = CRYPTO_SUCCESS;
1115 1115 uchar_t digest[MD5_DIGEST_LENGTH];
1116 1116 md5_hmac_ctx_t md5_hmac_ctx;
1117 1117 uint32_t digest_len = MD5_DIGEST_LENGTH;
1118 1118 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1119 1119
1120 1120 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE &&
1121 1121 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)
1122 1122 return (CRYPTO_MECHANISM_INVALID);
1123 1123
1124 1124 /* Add support for key by attributes (RFE 4706552) */
1125 1125 if (key->ck_format != CRYPTO_KEY_RAW)
1126 1126 return (CRYPTO_ARGUMENTS_BAD);
1127 1127
1128 1128 if (ctx_template != NULL) {
1129 1129 /* reuse context template */
1130 1130 bcopy(ctx_template, &md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1131 1131 } else {
1132 1132 /* no context template, compute context */
1133 1133 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
1134 1134 /*
1135 1135 * Hash the passed-in key to get a smaller key.
1136 1136 * The inner context is used since it hasn't been
1137 1137 * initialized yet.
1138 1138 */
1139 1139 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx.hc_icontext,
1140 1140 key->ck_data, keylen_in_bytes, digest);
1141 1141 md5_mac_init_ctx(&md5_hmac_ctx, digest,
1142 1142 MD5_DIGEST_LENGTH);
1143 1143 } else {
1144 1144 md5_mac_init_ctx(&md5_hmac_ctx, key->ck_data,
1145 1145 keylen_in_bytes);
1146 1146 }
1147 1147 }
1148 1148
1149 1149 /*
1150 1150 * Get the mechanism parameters, if applicable.
1151 1151 */
1152 1152 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) {
1153 1153 if (mechanism->cm_param == NULL ||
1154 1154 mechanism->cm_param_len != sizeof (ulong_t)) {
1155 1155 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1156 1156 goto bail;
1157 1157 }
1158 1158 PROV_MD5_GET_DIGEST_LEN(mechanism, digest_len);
1159 1159 if (digest_len > MD5_DIGEST_LENGTH) {
1160 1160 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1161 1161 goto bail;
1162 1162 }
1163 1163 }
1164 1164
1165 1165 /* do an MD5 update of the inner context using the specified data */
1166 1166 MD5_MAC_UPDATE(data, md5_hmac_ctx, ret);
1167 1167 if (ret != CRYPTO_SUCCESS)
1168 1168 /* the update failed, free context and bail */
1169 1169 goto bail;
1170 1170
1171 1171 /* do an MD5 final on the inner context */
1172 1172 MD5Final(digest, &md5_hmac_ctx.hc_icontext);
1173 1173
1174 1174 /*
1175 1175 * Do an MD5 update on the outer context, feeding the inner
1176 1176 * digest as data.
1177 1177 */
1178 1178 MD5Update(&md5_hmac_ctx.hc_ocontext, digest, MD5_DIGEST_LENGTH);
1179 1179
1180 1180 /*
1181 1181 * Do an MD5 final on the outer context, storing the computed
1182 1182 * digest in the users buffer.
1183 1183 */
1184 1184 switch (mac->cd_format) {
1185 1185 case CRYPTO_DATA_RAW:
1186 1186 if (digest_len != MD5_DIGEST_LENGTH) {
1187 1187 /*
1188 1188 * The caller requested a short digest. Digest
1189 1189 * into a scratch buffer and return to
1190 1190 * the user only what was requested.
1191 1191 */
1192 1192 MD5Final(digest, &md5_hmac_ctx.hc_ocontext);
1193 1193 bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1194 1194 mac->cd_offset, digest_len);
1195 1195 } else {
1196 1196 MD5Final((unsigned char *)mac->cd_raw.iov_base +
1197 1197 mac->cd_offset, &md5_hmac_ctx.hc_ocontext);
1198 1198 }
1199 1199 break;
1200 1200 case CRYPTO_DATA_UIO:
1201 1201 ret = md5_digest_final_uio(&md5_hmac_ctx.hc_ocontext, mac,
1202 1202 digest_len, digest);
1203 1203 break;
1204 1204 case CRYPTO_DATA_MBLK:
1205 1205 ret = md5_digest_final_mblk(&md5_hmac_ctx.hc_ocontext, mac,
1206 1206 digest_len, digest);
1207 1207 break;
1208 1208 default:
1209 1209 ret = CRYPTO_ARGUMENTS_BAD;
1210 1210 }
1211 1211
1212 1212 if (ret == CRYPTO_SUCCESS) {
1213 1213 mac->cd_length = digest_len;
1214 1214 } else {
1215 1215 mac->cd_length = 0;
1216 1216 }
1217 1217 /* Extra paranoia: zeroizing the local context on the stack */
1218 1218 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1219 1219
1220 1220 return (ret);
1221 1221 bail:
1222 1222 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1223 1223 mac->cd_length = 0;
1224 1224 return (ret);
1225 1225 }
1226 1226
1227 1227 /* ARGSUSED */
1228 1228 static int
1229 1229 md5_mac_verify_atomic(crypto_provider_handle_t provider,
1230 1230 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1231 1231 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1232 1232 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1233 1233 {
1234 1234 int ret = CRYPTO_SUCCESS;
1235 1235 uchar_t digest[MD5_DIGEST_LENGTH];
1236 1236 md5_hmac_ctx_t md5_hmac_ctx;
1237 1237 uint32_t digest_len = MD5_DIGEST_LENGTH;
1238 1238 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1239 1239
1240 1240 if (mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE &&
1241 1241 mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE)
1242 1242 return (CRYPTO_MECHANISM_INVALID);
1243 1243
1244 1244 /* Add support for key by attributes (RFE 4706552) */
1245 1245 if (key->ck_format != CRYPTO_KEY_RAW)
1246 1246 return (CRYPTO_ARGUMENTS_BAD);
1247 1247
1248 1248 if (ctx_template != NULL) {
1249 1249 /* reuse context template */
1250 1250 bcopy(ctx_template, &md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1251 1251 } else {
1252 1252 /* no context template, compute context */
1253 1253 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
1254 1254 /*
1255 1255 * Hash the passed-in key to get a smaller key.
1256 1256 * The inner context is used since it hasn't been
1257 1257 * initialized yet.
1258 1258 */
1259 1259 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx.hc_icontext,
1260 1260 key->ck_data, keylen_in_bytes, digest);
1261 1261 md5_mac_init_ctx(&md5_hmac_ctx, digest,
1262 1262 MD5_DIGEST_LENGTH);
1263 1263 } else {
1264 1264 md5_mac_init_ctx(&md5_hmac_ctx, key->ck_data,
1265 1265 keylen_in_bytes);
1266 1266 }
1267 1267 }
1268 1268
1269 1269 /*
1270 1270 * Get the mechanism parameters, if applicable.
1271 1271 */
1272 1272 if (mechanism->cm_type == MD5_HMAC_GEN_MECH_INFO_TYPE) {
1273 1273 if (mechanism->cm_param == NULL ||
1274 1274 mechanism->cm_param_len != sizeof (ulong_t)) {
1275 1275 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1276 1276 goto bail;
1277 1277 }
1278 1278 PROV_MD5_GET_DIGEST_LEN(mechanism, digest_len);
1279 1279 if (digest_len > MD5_DIGEST_LENGTH) {
1280 1280 ret = CRYPTO_MECHANISM_PARAM_INVALID;
1281 1281 goto bail;
1282 1282 }
1283 1283 }
1284 1284
1285 1285 if (mac->cd_length != digest_len) {
1286 1286 ret = CRYPTO_INVALID_MAC;
1287 1287 goto bail;
1288 1288 }
1289 1289
1290 1290 /* do an MD5 update of the inner context using the specified data */
1291 1291 MD5_MAC_UPDATE(data, md5_hmac_ctx, ret);
1292 1292 if (ret != CRYPTO_SUCCESS)
1293 1293 /* the update failed, free context and bail */
1294 1294 goto bail;
1295 1295
1296 1296 /* do an MD5 final on the inner context */
1297 1297 MD5Final(digest, &md5_hmac_ctx.hc_icontext);
1298 1298
1299 1299 /*
1300 1300 * Do an MD5 update on the outer context, feeding the inner
1301 1301 * digest as data.
1302 1302 */
1303 1303 MD5Update(&md5_hmac_ctx.hc_ocontext, digest, MD5_DIGEST_LENGTH);
1304 1304
1305 1305 /*
1306 1306 * Do an MD5 final on the outer context, storing the computed
1307 1307 * digest in the local digest buffer.
1308 1308 */
1309 1309 MD5Final(digest, &md5_hmac_ctx.hc_ocontext);
1310 1310
1311 1311 /*
1312 1312 * Compare the computed digest against the expected digest passed
1313 1313 * as argument.
1314 1314 */
1315 1315 switch (mac->cd_format) {
1316 1316
1317 1317 case CRYPTO_DATA_RAW:
1318 1318 if (bcmp(digest, (unsigned char *)mac->cd_raw.iov_base +
1319 1319 mac->cd_offset, digest_len) != 0)
1320 1320 ret = CRYPTO_INVALID_MAC;
1321 1321 break;
1322 1322
1323 1323 case CRYPTO_DATA_UIO: {
1324 1324 off_t offset = mac->cd_offset;
1325 1325 uint_t vec_idx;
1326 1326 off_t scratch_offset = 0;
1327 1327 size_t length = digest_len;
1328 1328 size_t cur_len;
1329 1329
1330 1330 /* we support only kernel buffer */
1331 1331 if (mac->cd_uio->uio_segflg != UIO_SYSSPACE)
1332 1332 return (CRYPTO_ARGUMENTS_BAD);
1333 1333
1334 1334 /* jump to the first iovec containing the expected digest */
1335 1335 for (vec_idx = 0;
1336 1336 offset >= mac->cd_uio->uio_iov[vec_idx].iov_len &&
1337 1337 vec_idx < mac->cd_uio->uio_iovcnt;
1338 1338 offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len)
1339 1339 ;
1340 1340 if (vec_idx == mac->cd_uio->uio_iovcnt) {
1341 1341 /*
1342 1342 * The caller specified an offset that is
1343 1343 * larger than the total size of the buffers
1344 1344 * it provided.
1345 1345 */
1346 1346 ret = CRYPTO_DATA_LEN_RANGE;
1347 1347 break;
1348 1348 }
1349 1349
1350 1350 /* do the comparison of computed digest vs specified one */
1351 1351 while (vec_idx < mac->cd_uio->uio_iovcnt && length > 0) {
1352 1352 cur_len = MIN(mac->cd_uio->uio_iov[vec_idx].iov_len -
1353 1353 offset, length);
1354 1354
1355 1355 if (bcmp(digest + scratch_offset,
1356 1356 mac->cd_uio->uio_iov[vec_idx].iov_base + offset,
1357 1357 cur_len) != 0) {
1358 1358 ret = CRYPTO_INVALID_MAC;
1359 1359 break;
1360 1360 }
1361 1361
1362 1362 length -= cur_len;
1363 1363 vec_idx++;
1364 1364 scratch_offset += cur_len;
1365 1365 offset = 0;
1366 1366 }
1367 1367 break;
1368 1368 }
1369 1369
1370 1370 case CRYPTO_DATA_MBLK: {
1371 1371 off_t offset = mac->cd_offset;
1372 1372 mblk_t *mp;
1373 1373 off_t scratch_offset = 0;
1374 1374 size_t length = digest_len;
1375 1375 size_t cur_len;
1376 1376
1377 1377 /* jump to the first mblk_t containing the expected digest */
1378 1378 for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp);
1379 1379 offset -= MBLKL(mp), mp = mp->b_cont)
1380 1380 ;
1381 1381 if (mp == NULL) {
1382 1382 /*
1383 1383 * The caller specified an offset that is larger than
1384 1384 * the total size of the buffers it provided.
1385 1385 */
1386 1386 ret = CRYPTO_DATA_LEN_RANGE;
1387 1387 break;
1388 1388 }
1389 1389
1390 1390 while (mp != NULL && length > 0) {
1391 1391 cur_len = MIN(MBLKL(mp) - offset, length);
1392 1392 if (bcmp(digest + scratch_offset,
1393 1393 mp->b_rptr + offset, cur_len) != 0) {
1394 1394 ret = CRYPTO_INVALID_MAC;
1395 1395 break;
1396 1396 }
1397 1397
1398 1398 length -= cur_len;
1399 1399 mp = mp->b_cont;
1400 1400 scratch_offset += cur_len;
1401 1401 offset = 0;
1402 1402 }
1403 1403 break;
1404 1404 }
1405 1405
1406 1406 default:
1407 1407 ret = CRYPTO_ARGUMENTS_BAD;
1408 1408 }
1409 1409
1410 1410 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1411 1411 return (ret);
1412 1412 bail:
1413 1413 bzero(&md5_hmac_ctx, sizeof (md5_hmac_ctx_t));
1414 1414 mac->cd_length = 0;
1415 1415 return (ret);
1416 1416 }
1417 1417
1418 1418 /*
1419 1419 * KCF software provider context management entry points.
1420 1420 */
1421 1421
1422 1422 /* ARGSUSED */
1423 1423 static int
1424 1424 md5_create_ctx_template(crypto_provider_handle_t provider,
1425 1425 crypto_mechanism_t *mechanism, crypto_key_t *key,
1426 1426 crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
1427 1427 crypto_req_handle_t req)
1428 1428 {
1429 1429 md5_hmac_ctx_t *md5_hmac_ctx_tmpl;
1430 1430 uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1431 1431
1432 1432 if ((mechanism->cm_type != MD5_HMAC_MECH_INFO_TYPE) &&
1433 1433 (mechanism->cm_type != MD5_HMAC_GEN_MECH_INFO_TYPE))
1434 1434 return (CRYPTO_MECHANISM_INVALID);
1435 1435
1436 1436 /* Add support for key by attributes (RFE 4706552) */
1437 1437 if (key->ck_format != CRYPTO_KEY_RAW)
1438 1438 return (CRYPTO_ARGUMENTS_BAD);
1439 1439
1440 1440 /*
1441 1441 * Allocate and initialize MD5 context.
1442 1442 */
1443 1443 md5_hmac_ctx_tmpl = kmem_alloc(sizeof (md5_hmac_ctx_t),
1444 1444 crypto_kmflag(req));
1445 1445 if (md5_hmac_ctx_tmpl == NULL)
1446 1446 return (CRYPTO_HOST_MEMORY);
1447 1447
1448 1448 if (keylen_in_bytes > MD5_HMAC_BLOCK_SIZE) {
1449 1449 uchar_t digested_key[MD5_DIGEST_LENGTH];
1450 1450
1451 1451 /*
1452 1452 * Hash the passed-in key to get a smaller key.
1453 1453 * The inner context is used since it hasn't been
1454 1454 * initialized yet.
1455 1455 */
1456 1456 PROV_MD5_DIGEST_KEY(&md5_hmac_ctx_tmpl->hc_icontext,
1457 1457 key->ck_data, keylen_in_bytes, digested_key);
1458 1458 md5_mac_init_ctx(md5_hmac_ctx_tmpl, digested_key,
1459 1459 MD5_DIGEST_LENGTH);
1460 1460 } else {
1461 1461 md5_mac_init_ctx(md5_hmac_ctx_tmpl, key->ck_data,
1462 1462 keylen_in_bytes);
1463 1463 }
1464 1464
1465 1465 md5_hmac_ctx_tmpl->hc_mech_type = mechanism->cm_type;
1466 1466 *ctx_template = (crypto_spi_ctx_template_t)md5_hmac_ctx_tmpl;
1467 1467 *ctx_template_size = sizeof (md5_hmac_ctx_t);
1468 1468
1469 1469 return (CRYPTO_SUCCESS);
1470 1470 }
1471 1471
1472 1472 static int
1473 1473 md5_free_context(crypto_ctx_t *ctx)
1474 1474 {
1475 1475 uint_t ctx_len;
1476 1476 md5_mech_type_t mech_type;
1477 1477
1478 1478 if (ctx->cc_provider_private == NULL)
1479 1479 return (CRYPTO_SUCCESS);
1480 1480
1481 1481 /*
1482 1482 * We have to free either MD5 or MD5-HMAC contexts, which
1483 1483 * have different lengths.
1484 1484 */
1485 1485
1486 1486 mech_type = PROV_MD5_CTX(ctx)->mc_mech_type;
1487 1487 if (mech_type == MD5_MECH_INFO_TYPE)
1488 1488 ctx_len = sizeof (md5_ctx_t);
1489 1489 else {
1490 1490 ASSERT(mech_type == MD5_HMAC_MECH_INFO_TYPE ||
1491 1491 mech_type == MD5_HMAC_GEN_MECH_INFO_TYPE);
1492 1492 ctx_len = sizeof (md5_hmac_ctx_t);
1493 1493 }
1494 1494
1495 1495 bzero(ctx->cc_provider_private, ctx_len);
1496 1496 kmem_free(ctx->cc_provider_private, ctx_len);
1497 1497 ctx->cc_provider_private = NULL;
1498 1498
1499 1499 return (CRYPTO_SUCCESS);
1500 1500 }
|
↓ open down ↓ |
1256 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX