Print this page
4896 Performance improvements for KCF AES modes

Split Close
Expand all
Collapse all
          --- old/usr/src/common/crypto/modes/ccm.c
          +++ new/usr/src/common/crypto/modes/ccm.c
↓ open down ↓ 12 lines elided ↑ open up ↑
  13   13   * When distributing Covered Code, include this CDDL HEADER in each
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22   22   * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
       23 + * Copyright 2015 by Saso Kiselkov. All rights reserved.
  23   24   */
  24   25  
  25   26  #ifndef _KERNEL
  26   27  #include <strings.h>
  27   28  #include <limits.h>
  28   29  #include <assert.h>
  29   30  #include <security/cryptoki.h>
  30   31  #endif
  31   32  
  32   33  #include <sys/types.h>
  33   34  #include <sys/kmem.h>
       35 +#define INLINE_CRYPTO_GET_PTRS
  34   36  #include <modes/modes.h>
  35   37  #include <sys/crypto/common.h>
  36   38  #include <sys/crypto/impl.h>
  37   39  #include <sys/byteorder.h>
  38   40  
  39   41  #if defined(__i386) || defined(__amd64)
  40   42  #define UNALIGNED_POINTERS_PERMITTED
  41   43  #endif
  42   44  
  43   45  /*
  44   46   * Encrypt multiple blocks of data in CCM mode.  Decrypt for CCM mode
  45   47   * is done in another function.
  46   48   */
  47   49  int
  48   50  ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *ctx, char *data, size_t length,
  49   51      crypto_data_t *out, size_t block_size,
  50   52      int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
  51      -    void (*copy_block)(uint8_t *, uint8_t *),
  52      -    void (*xor_block)(uint8_t *, uint8_t *))
       53 +    void (*copy_block)(const uint8_t *, uint8_t *),
       54 +    void (*xor_block)(const uint8_t *, uint8_t *))
  53   55  {
  54   56          size_t remainder = length;
  55   57          size_t need;
  56   58          uint8_t *datap = (uint8_t *)data;
  57   59          uint8_t *blockp;
  58   60          uint8_t *lastp;
  59   61          void *iov_or_mp;
  60   62          offset_t offset;
  61   63          uint8_t *out_data_1;
  62   64          uint8_t *out_data_2;
↓ open down ↓ 136 lines elided ↑ open up ↑
 199  201          /* calculate XOR of MAC with first counter block */
 200  202          for (i = 0; i < ctx->ccm_mac_len; i++) {
 201  203                  ccm_mac[i] = mac_buf[i] ^ counterp[i];
 202  204          }
 203  205  }
 204  206  
 205  207  /* ARGSUSED */
 206  208  int
 207  209  ccm_encrypt_final(ccm_ctx_t *ctx, crypto_data_t *out, size_t block_size,
 208  210      int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 209      -    void (*xor_block)(uint8_t *, uint8_t *))
      211 +    void (*xor_block)(const uint8_t *, uint8_t *))
 210  212  {
 211  213          uint8_t *lastp, *mac_buf, *ccm_mac_p, *macp;
 212  214          void *iov_or_mp;
 213  215          offset_t offset;
 214  216          uint8_t *out_data_1;
 215  217          uint8_t *out_data_2;
 216  218          size_t out_data_1_len;
 217  219          int i;
 218  220  
 219  221          if (out->cd_length < (ctx->ccm_remainder_len + ctx->ccm_mac_len)) {
↓ open down ↓ 132 lines elided ↑ open up ↑
 352  354  /*
 353  355   * This will decrypt the cipher text.  However, the plaintext won't be
 354  356   * returned to the caller.  It will be returned when decrypt_final() is
 355  357   * called if the MAC matches
 356  358   */
 357  359  /* ARGSUSED */
 358  360  int
 359  361  ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *ctx, char *data, size_t length,
 360  362      crypto_data_t *out, size_t block_size,
 361  363      int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 362      -    void (*copy_block)(uint8_t *, uint8_t *),
 363      -    void (*xor_block)(uint8_t *, uint8_t *))
      364 +    void (*copy_block)(const uint8_t *, uint8_t *),
      365 +    void (*xor_block)(const uint8_t *, uint8_t *))
 364  366  {
 365  367          size_t remainder = length;
 366  368          size_t need;
 367  369          uint8_t *datap = (uint8_t *)data;
 368  370          uint8_t *blockp;
 369  371          uint8_t *cbp;
 370  372          uint64_t counter;
 371  373          size_t pt_len, total_decrypted_len, mac_len, pm_len, pd_len;
 372  374          uint8_t *resultp;
 373  375  
↓ open down ↓ 145 lines elided ↑ open up ↑
 519  521  
 520  522          } while (remainder > 0);
 521  523  
 522  524  out:
 523  525          return (CRYPTO_SUCCESS);
 524  526  }
 525  527  
 526  528  int
 527  529  ccm_decrypt_final(ccm_ctx_t *ctx, crypto_data_t *out, size_t block_size,
 528  530      int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 529      -    void (*copy_block)(uint8_t *, uint8_t *),
 530      -    void (*xor_block)(uint8_t *, uint8_t *))
      531 +    void (*copy_block)(const uint8_t *, uint8_t *),
      532 +    void (*xor_block)(const uint8_t *, uint8_t *))
 531  533  {
 532  534          size_t mac_remain, pt_len;
 533  535          uint8_t *pt, *mac_buf, *macp, *ccm_mac_p;
 534  536          int rv;
 535  537  
 536  538          pt_len = ctx->ccm_data_len;
 537  539  
 538  540          /* Make sure output buffer can fit all of the plaintext */
 539  541          if (out->cd_length < pt_len) {
 540  542                  return (CRYPTO_DATA_LEN_RANGE);
↓ open down ↓ 222 lines elided ↑ open up ↑
 763  765  }
 764  766  
 765  767  /*
 766  768   * The following function should be call at encrypt or decrypt init time
 767  769   * for AES CCM mode.
 768  770   */
 769  771  int
 770  772  ccm_init(ccm_ctx_t *ctx, unsigned char *nonce, size_t nonce_len,
 771  773      unsigned char *auth_data, size_t auth_data_len, size_t block_size,
 772  774      int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 773      -    void (*xor_block)(uint8_t *, uint8_t *))
      775 +    void (*xor_block)(const uint8_t *, uint8_t *))
 774  776  {
 775  777          uint8_t *mac_buf, *datap, *ivp, *authp;
 776  778          size_t remainder, processed;
 777  779          uint8_t encoded_a[10]; /* max encoded auth data length is 10 octets */
 778  780          size_t encoded_a_len = 0;
 779  781  
 780  782          mac_buf = (uint8_t *)&(ctx->ccm_mac_buf);
 781  783  
 782  784          /*
 783  785           * Format the 1st block for CBC-MAC and construct the
↓ open down ↓ 63 lines elided ↑ open up ↑
 847  849  
 848  850          } while (remainder > 0);
 849  851  
 850  852          return (CRYPTO_SUCCESS);
 851  853  }
 852  854  
 853  855  int
 854  856  ccm_init_ctx(ccm_ctx_t *ccm_ctx, char *param, int kmflag,
 855  857      boolean_t is_encrypt_init, size_t block_size,
 856  858      int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 857      -    void (*xor_block)(uint8_t *, uint8_t *))
      859 +    void (*xor_block)(const uint8_t *, uint8_t *))
 858  860  {
 859  861          int rv;
 860  862          CK_AES_CCM_PARAMS *ccm_param;
 861  863  
 862  864          if (param != NULL) {
 863  865                  ccm_param = (CK_AES_CCM_PARAMS *)(void *)param;
 864  866  
 865  867                  if ((rv = ccm_validate_args(ccm_param,
 866  868                      is_encrypt_init)) != 0) {
 867  869                          return (rv);
↓ open down ↓ 55 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX