1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 /*
  27  * Blowfish provider for the Kernel Cryptographic Framework (KCF)
  28  */
  29 
  30 #include <sys/types.h>
  31 #include <sys/systm.h>
  32 #include <sys/modctl.h>
  33 #include <sys/cmn_err.h>
  34 #include <sys/ddi.h>
  35 #include <sys/crypto/common.h>
  36 #include <sys/crypto/spi.h>
  37 #include <sys/sysmacros.h>
  38 #include <sys/strsun.h>
  39 #include <sys/note.h>
  40 #include <modes/modes.h>
  41 #include <blowfish/blowfish_impl.h>
  42 
  43 extern struct mod_ops mod_cryptoops;
  44 
  45 /*
  46  * Module linkage information for the kernel.
  47  */
  48 static struct modlcrypto modlcrypto = {
  49         &mod_cryptoops,
  50         "Blowfish Kernel SW Provider"
  51 };
  52 
  53 static struct modlinkage modlinkage = {
  54         MODREV_1,
  55         (void *)&modlcrypto,
  56         NULL
  57 };
  58 
  59 /*
  60  * CSPI information (entry points, provider info, etc.)
  61  */
  62 typedef enum blowfish_mech_type {
  63         BLOWFISH_ECB_MECH_INFO_TYPE,            /* SUN_CKM_BLOWFISH_ECB */
  64         BLOWFISH_CBC_MECH_INFO_TYPE             /* SUN_CKM_BLOWFISH_CBC */
  65 } blowfish_mech_type_t;
  66 
  67 
  68 #define BLOWFISH_COPY_BLOCK(src, dst) \
  69         (dst)[0] = (src)[0]; \
  70         (dst)[1] = (src)[1]; \
  71         (dst)[2] = (src)[2]; \
  72         (dst)[3] = (src)[3]; \
  73         (dst)[4] = (src)[4]; \
  74         (dst)[5] = (src)[5]; \
  75         (dst)[6] = (src)[6]; \
  76         (dst)[7] = (src)[7]
  77 
  78 #define BLOWFISH_XOR_BLOCK(src, dst) \
  79         (dst)[0] ^= (src)[0]; \
  80         (dst)[1] ^= (src)[1]; \
  81         (dst)[2] ^= (src)[2]; \
  82         (dst)[3] ^= (src)[3]; \
  83         (dst)[4] ^= (src)[4]; \
  84         (dst)[5] ^= (src)[5]; \
  85         (dst)[6] ^= (src)[6]; \
  86         (dst)[7] ^= (src)[7]
  87 
  88 /*
  89  * Mechanism info structure passed to KCF during registration.
  90  */
  91 
  92 static crypto_mech_info_t blowfish_mech_info_tab[] = {
  93         /* BLOWFISH_ECB */
  94         {SUN_CKM_BLOWFISH_ECB, BLOWFISH_ECB_MECH_INFO_TYPE,
  95             CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
  96             CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
  97             BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS},
  98         /* BLOWFISH_CBC */
  99         {SUN_CKM_BLOWFISH_CBC, BLOWFISH_CBC_MECH_INFO_TYPE,
 100             CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
 101             CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
 102             BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS}
 103 };
 104 
 105 #define BLOWFISH_VALID_MECH(mech)                               \
 106         (((mech)->cm_type == BLOWFISH_ECB_MECH_INFO_TYPE ||          \
 107         (mech)->cm_type == BLOWFISH_CBC_MECH_INFO_TYPE) ? 1 : 0)
 108 
 109 /* operations are in-place if the output buffer is NULL */
 110 #define BLOWFISH_ARG_INPLACE(input, output)                     \
 111         if ((output) == NULL)                                   \
 112                 (output) = (input);
 113 
 114 static void blowfish_provider_status(crypto_provider_handle_t, uint_t *);
 115 
 116 static crypto_control_ops_t blowfish_control_ops = {
 117         blowfish_provider_status
 118 };
 119 
 120 static int blowfish_common_init(crypto_ctx_t *, crypto_mechanism_t *,
 121     crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 122 static int blowfish_common_init_ctx(blowfish_ctx_t *,
 123     crypto_spi_ctx_template_t *, crypto_mechanism_t *, crypto_key_t *, int);
 124 static int blowfish_encrypt_final(crypto_ctx_t *, crypto_data_t *,
 125     crypto_req_handle_t);
 126 static int blowfish_decrypt_final(crypto_ctx_t *, crypto_data_t *,
 127     crypto_req_handle_t);
 128 
 129 static int blowfish_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
 130     crypto_req_handle_t);
 131 static int blowfish_encrypt_update(crypto_ctx_t *, crypto_data_t *,
 132     crypto_data_t *, crypto_req_handle_t);
 133 static int blowfish_encrypt_atomic(crypto_provider_handle_t,
 134     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
 135     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 136 
 137 static int blowfish_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
 138     crypto_req_handle_t);
 139 static int blowfish_decrypt_update(crypto_ctx_t *, crypto_data_t *,
 140     crypto_data_t *, crypto_req_handle_t);
 141 static int blowfish_decrypt_atomic(crypto_provider_handle_t,
 142     crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
 143     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 144 
 145 static crypto_cipher_ops_t blowfish_cipher_ops = {
 146         blowfish_common_init,
 147         blowfish_encrypt,
 148         blowfish_encrypt_update,
 149         blowfish_encrypt_final,
 150         blowfish_encrypt_atomic,
 151         blowfish_common_init,
 152         blowfish_decrypt,
 153         blowfish_decrypt_update,
 154         blowfish_decrypt_final,
 155         blowfish_decrypt_atomic
 156 };
 157 
 158 static int blowfish_create_ctx_template(crypto_provider_handle_t,
 159     crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
 160     size_t *, crypto_req_handle_t);
 161 static int blowfish_free_context(crypto_ctx_t *);
 162 
 163 static crypto_ctx_ops_t blowfish_ctx_ops = {
 164         blowfish_create_ctx_template,
 165         blowfish_free_context
 166 };
 167 
 168 static crypto_ops_t blowfish_crypto_ops = {
 169         &blowfish_control_ops,
 170         NULL,
 171         &blowfish_cipher_ops,
 172         NULL,
 173         NULL,
 174         NULL,
 175         NULL,
 176         NULL,
 177         NULL,
 178         NULL,
 179         NULL,
 180         NULL,
 181         NULL,
 182         &blowfish_ctx_ops
 183 };
 184 
 185 static crypto_provider_info_t blowfish_prov_info = {
 186         CRYPTO_SPI_VERSION_1,
 187         "Blowfish Software Provider",
 188         CRYPTO_SW_PROVIDER,
 189         {&modlinkage},
 190         NULL,
 191         &blowfish_crypto_ops,
 192         sizeof (blowfish_mech_info_tab)/sizeof (crypto_mech_info_t),
 193         blowfish_mech_info_tab
 194 };
 195 
 196 
 197 static crypto_kcf_provider_handle_t blowfish_prov_handle = NULL;
 198 
 199 int
 200 _init(void)
 201 {
 202         int ret;
 203 
 204         if ((ret = mod_install(&modlinkage)) != 0)
 205                 return (ret);
 206 
 207         /* Register with KCF.  If the registration fails, remove the module. */
 208         if (crypto_register_provider(&blowfish_prov_info,
 209             &blowfish_prov_handle)) {
 210                 (void) mod_remove(&modlinkage);
 211                 return (EACCES);
 212         }
 213 
 214         return (0);
 215 }
 216 
 217 int
 218 _fini(void)
 219 {
 220         /* Unregister from KCF if module is registered */
 221         if (blowfish_prov_handle != NULL) {
 222                 if (crypto_unregister_provider(blowfish_prov_handle))
 223                         return (EBUSY);
 224 
 225                 blowfish_prov_handle = NULL;
 226         }
 227 
 228         return (mod_remove(&modlinkage));
 229 }
 230 
 231 int
 232 _info(struct modinfo *modinfop)
 233 {
 234         return (mod_info(&modlinkage, modinfop));
 235 }
 236 
 237 /*
 238  * Initialize key schedules for blowfish
 239  */
 240 static int
 241 init_keysched(crypto_key_t *key, void *keysched)
 242 {
 243         /*
 244          * Only keys by value are supported by this module.
 245          */
 246         switch (key->ck_format) {
 247         case CRYPTO_KEY_RAW:
 248                 if (key->ck_length < BLOWFISH_MINBITS ||
 249                     key->ck_length > BLOWFISH_MAXBITS) {
 250                         return (CRYPTO_KEY_SIZE_RANGE);
 251                 }
 252                 break;
 253         default:
 254                 return (CRYPTO_KEY_TYPE_INCONSISTENT);
 255         }
 256 
 257         blowfish_init_keysched(key->ck_data, key->ck_length, keysched);
 258         return (CRYPTO_SUCCESS);
 259 }
 260 
 261 /*
 262  * KCF software provider control entry points.
 263  */
 264 /* ARGSUSED */
 265 static void
 266 blowfish_provider_status(crypto_provider_handle_t provider, uint_t *status)
 267 {
 268         *status = CRYPTO_PROVIDER_READY;
 269 }
 270 
 271 /*
 272  * KCF software provider encrypt entry points.
 273  */
 274 static int
 275 blowfish_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 276     crypto_key_t *key, crypto_spi_ctx_template_t template,
 277     crypto_req_handle_t req)
 278 {
 279         blowfish_ctx_t *blowfish_ctx;
 280         int rv;
 281         int kmflag;
 282 
 283         /*
 284          * Only keys by value are supported by this module.
 285          */
 286         if (key->ck_format != CRYPTO_KEY_RAW) {
 287                 return (CRYPTO_KEY_TYPE_INCONSISTENT);
 288         }
 289 
 290         if (!BLOWFISH_VALID_MECH(mechanism))
 291                 return (CRYPTO_MECHANISM_INVALID);
 292 
 293         if (mechanism->cm_param != NULL &&
 294             mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
 295                 return (CRYPTO_MECHANISM_PARAM_INVALID);
 296 
 297         kmflag = crypto_kmflag(req);
 298         switch (mechanism->cm_type) {
 299         case BLOWFISH_ECB_MECH_INFO_TYPE:
 300                 blowfish_ctx = ecb_alloc_ctx(kmflag);
 301                 break;
 302         case BLOWFISH_CBC_MECH_INFO_TYPE:
 303                 blowfish_ctx = cbc_alloc_ctx(kmflag);
 304                 break;
 305         }
 306         if (blowfish_ctx == NULL)
 307                 return (CRYPTO_HOST_MEMORY);
 308 
 309         rv = blowfish_common_init_ctx(blowfish_ctx, template, mechanism,
 310             key, kmflag);
 311         if (rv != CRYPTO_SUCCESS) {
 312                 crypto_free_mode_ctx(blowfish_ctx);
 313                 return (rv);
 314         }
 315 
 316         ctx->cc_provider_private = blowfish_ctx;
 317 
 318         return (CRYPTO_SUCCESS);
 319 }
 320 
 321 static void
 322 blowfish_copy_block64(uint8_t *in, uint64_t *out)
 323 {
 324         if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
 325                 /* LINTED: pointer alignment */
 326                 out[0] = *(uint64_t *)&in[0];
 327         } else {
 328                 uint8_t *iv8 = (uint8_t *)&out[0];
 329 
 330                 BLOWFISH_COPY_BLOCK(in, iv8);
 331         }
 332 }
 333 
 334 /* ARGSUSED */
 335 static int
 336 blowfish_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 337     crypto_data_t *ciphertext, crypto_req_handle_t req)
 338 {
 339         int ret;
 340 
 341         blowfish_ctx_t *blowfish_ctx;
 342 
 343         /*
 344          * Plaintext must be a multiple of blowfish block size.
 345          * This test only works for non-padded mechanisms
 346          * when blocksize is 2^N.
 347          */
 348         if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 349                 return (CRYPTO_DATA_LEN_RANGE);
 350 
 351         ASSERT(ctx->cc_provider_private != NULL);
 352         blowfish_ctx = ctx->cc_provider_private;
 353 
 354         BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
 355 
 356         /*
 357          * We need to just return the length needed to store the output.
 358          * We should not destroy the context for the following case.
 359          */
 360         if (ciphertext->cd_length < plaintext->cd_length) {
 361                 ciphertext->cd_length = plaintext->cd_length;
 362                 return (CRYPTO_BUFFER_TOO_SMALL);
 363         }
 364 
 365         /*
 366          * Do an update on the specified input data.
 367          */
 368         ret = blowfish_encrypt_update(ctx, plaintext, ciphertext, req);
 369         ASSERT(blowfish_ctx->bc_remainder_len  == 0);
 370         (void) blowfish_free_context(ctx);
 371 
 372         /* LINTED */
 373         return (ret);
 374 }
 375 
 376 /* ARGSUSED */
 377 static int
 378 blowfish_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 379     crypto_data_t *plaintext, crypto_req_handle_t req)
 380 {
 381         int ret;
 382 
 383         blowfish_ctx_t *blowfish_ctx;
 384 
 385         /*
 386          * Ciphertext must be a multiple of blowfish block size.
 387          * This test only works for non-padded mechanisms
 388          * when blocksize is 2^N.
 389          */
 390         if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 391                 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
 392 
 393         ASSERT(ctx->cc_provider_private != NULL);
 394         blowfish_ctx = ctx->cc_provider_private;
 395 
 396         BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
 397 
 398         /*
 399          * We need to just return the length needed to store the output.
 400          * We should not destroy the context for the following case.
 401          */
 402         if (plaintext->cd_length < ciphertext->cd_length) {
 403                 plaintext->cd_length = ciphertext->cd_length;
 404                 return (CRYPTO_BUFFER_TOO_SMALL);
 405         }
 406 
 407         /*
 408          * Do an update on the specified input data.
 409          */
 410         ret = blowfish_decrypt_update(ctx, ciphertext, plaintext, req);
 411         ASSERT(blowfish_ctx->bc_remainder_len == 0);
 412         (void) blowfish_free_context(ctx);
 413 
 414         /* LINTED */
 415         return (ret);
 416 }
 417 
 418 /* ARGSUSED */
 419 static int
 420 blowfish_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 421     crypto_data_t *ciphertext, crypto_req_handle_t req)
 422 {
 423         off_t saved_offset;
 424         size_t saved_length, out_len;
 425         int ret = CRYPTO_SUCCESS;
 426 
 427         ASSERT(ctx->cc_provider_private != NULL);
 428 
 429         BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
 430 
 431         /* compute number of bytes that will hold the ciphertext */
 432         out_len =
 433             ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
 434         out_len += plaintext->cd_length;
 435         out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
 436 
 437         /* return length needed to store the output */
 438         if (ciphertext->cd_length < out_len) {
 439                 ciphertext->cd_length = out_len;
 440                 return (CRYPTO_BUFFER_TOO_SMALL);
 441         }
 442 
 443         saved_offset = ciphertext->cd_offset;
 444         saved_length = ciphertext->cd_length;
 445 
 446         /*
 447          * Do the blowfish update on the specified input data.
 448          */
 449         switch (plaintext->cd_format) {
 450         case CRYPTO_DATA_RAW:
 451                 ret = crypto_update_iov(ctx->cc_provider_private,
 452                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 453                     blowfish_copy_block64);
 454                 break;
 455         case CRYPTO_DATA_UIO:
 456                 ret = crypto_update_uio(ctx->cc_provider_private,
 457                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 458                     blowfish_copy_block64);
 459                 break;
 460         case CRYPTO_DATA_MBLK:
 461                 ret = crypto_update_mp(ctx->cc_provider_private,
 462                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 463                     blowfish_copy_block64);
 464                 break;
 465         default:
 466                 ret = CRYPTO_ARGUMENTS_BAD;
 467         }
 468 
 469         if (ret == CRYPTO_SUCCESS) {
 470                 if (plaintext != ciphertext)
 471                         ciphertext->cd_length =
 472                             ciphertext->cd_offset - saved_offset;
 473         } else {
 474                 ciphertext->cd_length = saved_length;
 475         }
 476         ciphertext->cd_offset = saved_offset;
 477 
 478         return (ret);
 479 }
 480 
 481 /* ARGSUSED */
 482 static int
 483 blowfish_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 484     crypto_data_t *plaintext, crypto_req_handle_t req)
 485 {
 486         off_t saved_offset;
 487         size_t saved_length, out_len;
 488         int ret = CRYPTO_SUCCESS;
 489 
 490         ASSERT(ctx->cc_provider_private != NULL);
 491 
 492         BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
 493 
 494         /* compute number of bytes that will hold the plaintext */
 495         out_len =
 496             ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
 497         out_len += ciphertext->cd_length;
 498         out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
 499 
 500         /* return length needed to store the output */
 501         if (plaintext->cd_length < out_len) {
 502                 plaintext->cd_length = out_len;
 503                 return (CRYPTO_BUFFER_TOO_SMALL);
 504         }
 505 
 506         saved_offset = plaintext->cd_offset;
 507         saved_length = plaintext->cd_length;
 508 
 509         /*
 510          * Do the blowfish update on the specified input data.
 511          */
 512         switch (ciphertext->cd_format) {
 513         case CRYPTO_DATA_RAW:
 514                 ret = crypto_update_iov(ctx->cc_provider_private,
 515                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 516                     blowfish_copy_block64);
 517                 break;
 518         case CRYPTO_DATA_UIO:
 519                 ret = crypto_update_uio(ctx->cc_provider_private,
 520                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 521                     blowfish_copy_block64);
 522                 break;
 523         case CRYPTO_DATA_MBLK:
 524                 ret = crypto_update_mp(ctx->cc_provider_private,
 525                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 526                     blowfish_copy_block64);
 527                 break;
 528         default:
 529                 ret = CRYPTO_ARGUMENTS_BAD;
 530         }
 531 
 532         if (ret == CRYPTO_SUCCESS) {
 533                 if (ciphertext != plaintext)
 534                         plaintext->cd_length =
 535                             plaintext->cd_offset - saved_offset;
 536         } else {
 537                 plaintext->cd_length = saved_length;
 538         }
 539         plaintext->cd_offset = saved_offset;
 540 
 541         return (ret);
 542 }
 543 
 544 /* ARGSUSED */
 545 static int
 546 blowfish_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 547     crypto_req_handle_t req)
 548 {
 549         blowfish_ctx_t *blowfish_ctx;
 550 
 551         ASSERT(ctx->cc_provider_private != NULL);
 552         blowfish_ctx = ctx->cc_provider_private;
 553 
 554         /*
 555          * There must be no unprocessed data.
 556          * This happens if the length of the last data is
 557          * not a multiple of the BLOWFISH block length.
 558          */
 559         if (blowfish_ctx->bc_remainder_len > 0)
 560                 return (CRYPTO_DATA_LEN_RANGE);
 561 
 562         (void) blowfish_free_context(ctx);
 563         data->cd_length = 0;
 564 
 565         return (CRYPTO_SUCCESS);
 566 }
 567 
 568 /* ARGSUSED */
 569 static int
 570 blowfish_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 571     crypto_req_handle_t req)
 572 {
 573         blowfish_ctx_t *blowfish_ctx;
 574 
 575         ASSERT(ctx->cc_provider_private != NULL);
 576         blowfish_ctx = ctx->cc_provider_private;
 577 
 578         /*
 579          * There must be no unprocessed ciphertext.
 580          * This happens if the length of the last ciphertext is
 581          * not a multiple of the BLOWFISH block length.
 582          */
 583         if (blowfish_ctx->bc_remainder_len > 0)
 584                 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
 585 
 586         (void) blowfish_free_context(ctx);
 587         data->cd_length = 0;
 588 
 589         return (CRYPTO_SUCCESS);
 590 }
 591 
 592 /* ARGSUSED */
 593 static int
 594 blowfish_encrypt_atomic(crypto_provider_handle_t provider,
 595     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 596     crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
 597     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
 598 {
 599         blowfish_ctx_t blowfish_ctx;    /* on the stack */
 600         off_t saved_offset;
 601         size_t saved_length;
 602         int ret;
 603 
 604         BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
 605 
 606         /*
 607          * Plaintext must be a multiple of blowfish block size.
 608          * This test only works for non-padded mechanisms
 609          * when blocksize is 2^N.
 610          */
 611         if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 612                 return (CRYPTO_DATA_LEN_RANGE);
 613 
 614         /* return length needed to store the output */
 615         if (ciphertext->cd_length < plaintext->cd_length) {
 616                 ciphertext->cd_length = plaintext->cd_length;
 617                 return (CRYPTO_BUFFER_TOO_SMALL);
 618         }
 619 
 620         if (!BLOWFISH_VALID_MECH(mechanism))
 621                 return (CRYPTO_MECHANISM_INVALID);
 622 
 623         if (mechanism->cm_param_len != 0 &&
 624             mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
 625                 return (CRYPTO_MECHANISM_PARAM_INVALID);
 626 
 627         bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
 628 
 629         ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
 630             key, crypto_kmflag(req));
 631         if (ret != CRYPTO_SUCCESS)
 632                 return (ret);
 633 
 634         saved_offset = ciphertext->cd_offset;
 635         saved_length = ciphertext->cd_length;
 636 
 637         /*
 638          * Do an update on the specified input data.
 639          */
 640         switch (plaintext->cd_format) {
 641         case CRYPTO_DATA_RAW:
 642                 ret = crypto_update_iov(&blowfish_ctx,
 643                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 644                     blowfish_copy_block64);
 645                 break;
 646         case CRYPTO_DATA_UIO:
 647                 ret = crypto_update_uio(&blowfish_ctx,
 648                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 649                     blowfish_copy_block64);
 650                 break;
 651         case CRYPTO_DATA_MBLK:
 652                 ret = crypto_update_mp((void *)&blowfish_ctx,
 653                     plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
 654                     blowfish_copy_block64);
 655                 break;
 656         default:
 657                 ret = CRYPTO_ARGUMENTS_BAD;
 658         }
 659 
 660         if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 661                 bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
 662                 kmem_free(blowfish_ctx.bc_keysched,
 663                     blowfish_ctx.bc_keysched_len);
 664         }
 665 
 666         if (ret == CRYPTO_SUCCESS) {
 667                 ASSERT(blowfish_ctx.bc_remainder_len == 0);
 668                 if (plaintext != ciphertext)
 669                         ciphertext->cd_length =
 670                             ciphertext->cd_offset - saved_offset;
 671         } else {
 672                 ciphertext->cd_length = saved_length;
 673         }
 674         ciphertext->cd_offset = saved_offset;
 675 
 676         return (ret);
 677 }
 678 
 679 /* ARGSUSED */
 680 static int
 681 blowfish_decrypt_atomic(crypto_provider_handle_t provider,
 682     crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 683     crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
 684     crypto_spi_ctx_template_t template, crypto_req_handle_t req)
 685 {
 686         blowfish_ctx_t blowfish_ctx;    /* on the stack */
 687         off_t saved_offset;
 688         size_t saved_length;
 689         int ret;
 690 
 691         BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
 692 
 693         /*
 694          * Ciphertext must be a multiple of blowfish block size.
 695          * This test only works for non-padded mechanisms
 696          * when blocksize is 2^N.
 697          */
 698         if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
 699                 return (CRYPTO_DATA_LEN_RANGE);
 700 
 701         /* return length needed to store the output */
 702         if (plaintext->cd_length < ciphertext->cd_length) {
 703                 plaintext->cd_length = ciphertext->cd_length;
 704                 return (CRYPTO_BUFFER_TOO_SMALL);
 705         }
 706 
 707         if (!BLOWFISH_VALID_MECH(mechanism))
 708                 return (CRYPTO_MECHANISM_INVALID);
 709 
 710         if (mechanism->cm_param_len != 0 &&
 711             mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
 712                 return (CRYPTO_MECHANISM_PARAM_INVALID);
 713 
 714         bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
 715 
 716         ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
 717             key, crypto_kmflag(req));
 718         if (ret != CRYPTO_SUCCESS)
 719                 return (ret);
 720 
 721         saved_offset = plaintext->cd_offset;
 722         saved_length = plaintext->cd_length;
 723 
 724         /*
 725          * Do an update on the specified input data.
 726          */
 727         switch (ciphertext->cd_format) {
 728         case CRYPTO_DATA_RAW:
 729                 ret = crypto_update_iov(&blowfish_ctx,
 730                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 731                     blowfish_copy_block64);
 732                 break;
 733         case CRYPTO_DATA_UIO:
 734                 ret = crypto_update_uio(&blowfish_ctx,
 735                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 736                     blowfish_copy_block64);
 737                 break;
 738         case CRYPTO_DATA_MBLK:
 739                 ret = crypto_update_mp(&blowfish_ctx,
 740                     ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
 741                     blowfish_copy_block64);
 742                 break;
 743         default:
 744                 ret = CRYPTO_ARGUMENTS_BAD;
 745         }
 746 
 747         if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 748                 bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
 749                 kmem_free(blowfish_ctx.bc_keysched,
 750                     blowfish_ctx.bc_keysched_len);
 751         }
 752 
 753         if (ret == CRYPTO_SUCCESS) {
 754                 ASSERT(blowfish_ctx.bc_remainder_len == 0);
 755                 if (ciphertext != plaintext)
 756                         plaintext->cd_length =
 757                             plaintext->cd_offset - saved_offset;
 758         } else {
 759                 plaintext->cd_length = saved_length;
 760         }
 761         plaintext->cd_offset = saved_offset;
 762 
 763         return (ret);
 764 }
 765 
 766 /*
 767  * KCF software provider context template entry points.
 768  */
 769 /* ARGSUSED */
 770 static int
 771 blowfish_create_ctx_template(crypto_provider_handle_t provider,
 772     crypto_mechanism_t *mechanism, crypto_key_t *key,
 773     crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
 774 {
 775         void *keysched;
 776         size_t size;
 777         int rv;
 778 
 779         if (!BLOWFISH_VALID_MECH(mechanism))
 780                 return (CRYPTO_MECHANISM_INVALID);
 781 
 782         if ((keysched = blowfish_alloc_keysched(&size,
 783             crypto_kmflag(req))) == NULL) {
 784                 return (CRYPTO_HOST_MEMORY);
 785         }
 786 
 787         /*
 788          * Initialize key schedule.  Key length information is stored
 789          * in the key.
 790          */
 791         if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) {
 792                 bzero(keysched, size);
 793                 kmem_free(keysched, size);
 794                 return (rv);
 795         }
 796 
 797         *tmpl = keysched;
 798         *tmpl_size = size;
 799 
 800         return (CRYPTO_SUCCESS);
 801 }
 802 
 803 /* ARGSUSED */
 804 static int
 805 blowfish_free_context(crypto_ctx_t *ctx)
 806 {
 807         blowfish_ctx_t *blowfish_ctx = ctx->cc_provider_private;
 808 
 809         if (blowfish_ctx != NULL) {
 810                 if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 811                         ASSERT(blowfish_ctx->bc_keysched_len != 0);
 812                         bzero(blowfish_ctx->bc_keysched,
 813                             blowfish_ctx->bc_keysched_len);
 814                         kmem_free(blowfish_ctx->bc_keysched,
 815                             blowfish_ctx->bc_keysched_len);
 816                 }
 817                 crypto_free_mode_ctx(blowfish_ctx);
 818                 ctx->cc_provider_private = NULL;
 819         }
 820 
 821         return (CRYPTO_SUCCESS);
 822 }
 823 
 824 /* ARGSUSED */
 825 static int
 826 blowfish_common_init_ctx(blowfish_ctx_t *blowfish_ctx,
 827     crypto_spi_ctx_template_t *template, crypto_mechanism_t *mechanism,
 828     crypto_key_t *key, int kmflag)
 829 {
 830         int rv = CRYPTO_SUCCESS;
 831 
 832         void *keysched;
 833         size_t size;
 834 
 835         if (template == NULL) {
 836                 if ((keysched = blowfish_alloc_keysched(&size, kmflag)) == NULL)
 837                         return (CRYPTO_HOST_MEMORY);
 838                 /*
 839                  * Initialize key schedule.
 840                  * Key length is stored in the key.
 841                  */
 842                 if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS)
 843                         kmem_free(keysched, size);
 844 
 845                 blowfish_ctx->bc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
 846                 blowfish_ctx->bc_keysched_len = size;
 847         } else {
 848                 keysched = template;
 849         }
 850         blowfish_ctx->bc_keysched = keysched;
 851 
 852         switch (mechanism->cm_type) {
 853         case BLOWFISH_CBC_MECH_INFO_TYPE:
 854                 rv = cbc_init_ctx((cbc_ctx_t *)blowfish_ctx,
 855                     mechanism->cm_param, mechanism->cm_param_len,
 856                     BLOWFISH_BLOCK_LEN, blowfish_copy_block64);
 857                 break;
 858         case BLOWFISH_ECB_MECH_INFO_TYPE:
 859                 blowfish_ctx->bc_flags |= ECB_MODE;
 860         }
 861 
 862         if (rv != CRYPTO_SUCCESS) {
 863                 if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
 864                         bzero(keysched, size);
 865                         kmem_free(keysched, size);
 866                 }
 867         }
 868 
 869         return (rv);
 870 }