1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 */
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29
30 /*
31 * Portions of this source code were derived from Berkeley 4.3 BSD
32 * under license from the Regents of the University of California.
33 */
34
35 /*
36 * des_crypt.c, DES encryption library routines
37 */
38
39 #include <sys/errno.h>
40 #include <sys/modctl.h>
41
42 #include <sys/systm.h>
43 #include <sys/cmn_err.h>
44 #include <sys/ddi.h>
45 #include <sys/crypto/common.h>
46 #include <sys/crypto/spi.h>
47 #include <sys/sysmacros.h>
48 #include <sys/strsun.h>
49 #include <sys/note.h>
50 #include <modes/modes.h>
51 #define _DES_IMPL
52 #include <des/des_impl.h>
53
54 #include <sys/types.h>
55 #include <rpc/des_crypt.h>
56 #include <des/des.h>
57
58 #ifdef sun_hardware
59 #include <sys/ioctl.h>
60 #ifdef _KERNEL
61 #include <sys/conf.h>
62 static int g_desfd = -1;
63 #define getdesfd() (cdevsw[11].d_open(0, 0) ? -1 : 0)
64 #define ioctl(a, b, c) (cdevsw[11].d_ioctl(0, b, c, 0) ? -1 : 0)
65 #else
66 #define getdesfd() (open("/dev/des", 0, 0))
67 #endif /* _KERNEL */
68 #endif /* sun */
69
70 static int common_crypt(char *key, char *buf, size_t len,
71 unsigned int mode, struct desparams *desp);
72
73 extern int _des_crypt(char *buf, size_t len, struct desparams *desp);
74
75 extern struct mod_ops mod_cryptoops;
76
77 /*
78 * Module linkage information for the kernel.
79 */
80 static struct modlmisc modlmisc = {
81 &mod_miscops,
82 "des encryption",
83 };
84
85 static struct modlcrypto modlcrypto = {
86 &mod_cryptoops,
87 "DES Kernel SW Provider"
88 };
89
90 static struct modlinkage modlinkage = {
91 MODREV_1,
92 &modlmisc,
93 &modlcrypto,
94 NULL
95 };
96
97 #define DES_MIN_KEY_LEN DES_MINBYTES
98 #define DES_MAX_KEY_LEN DES_MAXBYTES
99 #define DES3_MIN_KEY_LEN DES3_MAXBYTES /* no CKK_DES2 support */
100 #define DES3_MAX_KEY_LEN DES3_MAXBYTES
101
102 #ifndef DES_MIN_KEY_LEN
103 #define DES_MIN_KEY_LEN 0
104 #endif
105
106 #ifndef DES_MAX_KEY_LEN
107 #define DES_MAX_KEY_LEN 0
108 #endif
109
110 #ifndef DES3_MIN_KEY_LEN
111 #define DES3_MIN_KEY_LEN 0
112 #endif
113
114 #ifndef DES3_MAX_KEY_LEN
115 #define DES3_MAX_KEY_LEN 0
116 #endif
117
118
119 /*
120 * Mechanism info structure passed to KCF during registration.
121 */
122 static crypto_mech_info_t des_mech_info_tab[] = {
123 /* DES_ECB */
124 {SUN_CKM_DES_ECB, DES_ECB_MECH_INFO_TYPE,
125 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
126 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
127 DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
128 /* DES_CBC */
129 {SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE,
130 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
131 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
132 DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
133 /* DES3_ECB */
134 {SUN_CKM_DES3_ECB, DES3_ECB_MECH_INFO_TYPE,
135 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
136 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
137 DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
138 /* DES3_CBC */
139 {SUN_CKM_DES3_CBC, DES3_CBC_MECH_INFO_TYPE,
140 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
141 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
142 DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}
143 };
144
145 /* operations are in-place if the output buffer is NULL */
146 #define DES_ARG_INPLACE(input, output) \
147 if ((output) == NULL) \
148 (output) = (input);
149
150 static void des_provider_status(crypto_provider_handle_t, uint_t *);
151
152 static crypto_control_ops_t des_control_ops = {
153 des_provider_status
154 };
155
156 static int
157 des_common_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
158 crypto_spi_ctx_template_t, crypto_req_handle_t);
159 static int des_common_init_ctx(des_ctx_t *, crypto_spi_ctx_template_t *,
160 crypto_mechanism_t *, crypto_key_t *, des_strength_t, int);
161 static int des_encrypt_final(crypto_ctx_t *, crypto_data_t *,
162 crypto_req_handle_t);
163 static int des_decrypt_final(crypto_ctx_t *, crypto_data_t *,
164 crypto_req_handle_t);
165
166 static int des_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
167 crypto_req_handle_t);
168 static int des_encrypt_update(crypto_ctx_t *, crypto_data_t *,
169 crypto_data_t *, crypto_req_handle_t);
170 static int des_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
171 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
172 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
173
174 static int des_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
175 crypto_req_handle_t);
176 static int des_decrypt_update(crypto_ctx_t *, crypto_data_t *,
177 crypto_data_t *, crypto_req_handle_t);
178 static int des_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
179 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
180 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
181
182 static crypto_cipher_ops_t des_cipher_ops = {
183 des_common_init,
184 des_encrypt,
185 des_encrypt_update,
186 des_encrypt_final,
187 des_encrypt_atomic,
188 des_common_init,
189 des_decrypt,
190 des_decrypt_update,
191 des_decrypt_final,
192 des_decrypt_atomic
193 };
194
195 static int des_create_ctx_template(crypto_provider_handle_t,
196 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
197 size_t *, crypto_req_handle_t);
198 static int des_free_context(crypto_ctx_t *);
199
200 static crypto_ctx_ops_t des_ctx_ops = {
201 des_create_ctx_template,
202 des_free_context
203 };
204
205 static int des_key_check(crypto_provider_handle_t, crypto_mechanism_t *,
206 crypto_key_t *);
207
208 static crypto_key_ops_t des_key_ops = {
209 NULL,
210 NULL,
211 NULL,
212 NULL,
213 NULL,
214 des_key_check
215 };
216
217 static crypto_ops_t des_crypto_ops = {
218 &des_control_ops,
219 NULL,
220 &des_cipher_ops,
221 NULL,
222 NULL,
223 NULL,
224 NULL,
225 NULL,
226 NULL,
227 NULL,
228 NULL,
229 &des_key_ops,
230 NULL,
231 &des_ctx_ops,
232 NULL,
233 NULL,
234 NULL
235 };
236
237 static crypto_provider_info_t des_prov_info = {
238 CRYPTO_SPI_VERSION_4,
239 "DES Software Provider",
240 CRYPTO_SW_PROVIDER,
241 {&modlinkage},
242 NULL,
243 &des_crypto_ops,
244 sizeof (des_mech_info_tab)/sizeof (crypto_mech_info_t),
245 des_mech_info_tab
246 };
247
248 static crypto_kcf_provider_handle_t des_prov_handle = NULL;
249
250 int
251 _init(void)
252 {
253 int ret;
254
255 if ((ret = mod_install(&modlinkage)) != 0)
256 return (ret);
257
258 /*
259 * Register with KCF. If the registration fails, kcf will log an
260 * error but do not uninstall the module, since the functionality
261 * provided by misc/des should still be available.
262 *
263 */
264 (void) crypto_register_provider(&des_prov_info, &des_prov_handle);
265
266 return (0);
267 }
268
269
270 int
271 _info(struct modinfo *modinfop)
272 {
273 return (mod_info(&modlinkage, modinfop));
274 }
275
276 /*
277 * Copy 8 bytes
278 */
279 #define COPY8(src, dst) { \
280 char *a = (char *)dst; \
281 char *b = (char *)src; \
282 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
283 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
284 }
285
286 /*
287 * Copy multiple of 8 bytes
288 */
289 #define DESCOPY(src, dst, len) { \
290 char *a = (char *)dst; \
291 char *b = (char *)src; \
292 int i; \
293 for (i = (size_t)len; i > 0; i -= 8) { \
294 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
295 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
296 } \
297 }
298
299 /*
300 * CBC mode encryption
301 */
302 /* ARGSUSED */
303 int
304 cbc_crypt(char *key, char *buf, size_t len, unsigned int mode, char *ivec)
305 {
306 int err = 0;
307 struct desparams dp;
308
309 dp.des_mode = CBC;
310 COPY8(ivec, dp.des_ivec);
311 err = common_crypt(key, buf, len, mode, &dp);
312 COPY8(dp.des_ivec, ivec);
313 return (err);
314 }
315
316
317 /*
318 * ECB mode encryption
319 */
320 /* ARGSUSED */
321 int
322 ecb_crypt(char *key, char *buf, size_t len, unsigned int mode)
323 {
324 int err = 0;
325 struct desparams dp;
326
327 dp.des_mode = ECB;
328 err = common_crypt(key, buf, len, mode, &dp);
329 return (err);
330 }
331
332
333
334 /*
335 * Common code to cbc_crypt() & ecb_crypt()
336 */
337 static int
338 common_crypt(char *key, char *buf, size_t len, unsigned int mode,
339 struct desparams *desp)
340 {
341 int desdev;
342
343 if ((len % 8) != 0 || len > DES_MAXDATA)
344 return (DESERR_BADPARAM);
345
346 desp->des_dir =
347 ((mode & DES_DIRMASK) == DES_ENCRYPT) ? ENCRYPT : DECRYPT;
348
349 desdev = mode & DES_DEVMASK;
350 COPY8(key, desp->des_key);
351
352 #ifdef sun_hardware
353 if (desdev == DES_HW) {
354 int res;
355
356 if (g_desfd < 0 &&
357 (g_desfd == -1 || (g_desfd = getdesfd()) < 0))
358 goto software; /* no hardware device */
359
360 /*
361 * hardware
362 */
363 desp->des_len = len;
364 if (len <= DES_QUICKLEN) {
365 DESCOPY(buf, desp->des_data, len);
366 res = ioctl(g_desfd, DESIOCQUICK, (char *)desp);
367 DESCOPY(desp->des_data, buf, len);
368 } else {
369 desp->des_buf = (uchar_t *)buf;
370 res = ioctl(g_desfd, DESIOCBLOCK, (char *)desp);
371 }
372 return (res == 0 ? DESERR_NONE : DESERR_HWERROR);
373 }
374 software:
375 #endif
376 /*
377 * software
378 */
379 if (!_des_crypt(buf, len, desp))
380 return (DESERR_HWERROR);
381
382 return (desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE);
383 }
384
385 /*
386 * Initialize key schedules for DES and DES3
387 */
388 static int
389 init_keysched(crypto_key_t *key, void *newbie, des_strength_t strength)
390 {
391 uint8_t corrected_key[DES3_KEYSIZE];
392
393 /*
394 * Only keys by value are supported by this module.
395 */
396 switch (key->ck_format) {
397 case CRYPTO_KEY_RAW:
398 if (strength == DES && key->ck_length != DES_MAXBITS)
399 return (CRYPTO_KEY_SIZE_RANGE);
400 if (strength == DES3 && key->ck_length != DES3_MAXBITS)
401 return (CRYPTO_KEY_SIZE_RANGE);
402 break;
403 default:
404 return (CRYPTO_KEY_TYPE_INCONSISTENT);
405 }
406
407 /*
408 * Fix parity bits.
409 * Initialize key schedule even if key is weak.
410 */
411 if (key->ck_data == NULL)
412 return (CRYPTO_ARGUMENTS_BAD);
413
414 des_parity_fix(key->ck_data, strength, corrected_key);
415 des_init_keysched(corrected_key, strength, newbie);
416 return (CRYPTO_SUCCESS);
417 }
418
419 /*
420 * KCF software provider control entry points.
421 */
422 /* ARGSUSED */
423 static void
424 des_provider_status(crypto_provider_handle_t provider, uint_t *status)
425 {
426 *status = CRYPTO_PROVIDER_READY;
427 }
428
429 /*
430 * KCF software provider encrypt entry points.
431 */
432 static int
433 des_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
434 crypto_key_t *key, crypto_spi_ctx_template_t template,
435 crypto_req_handle_t req)
436 {
437
438 des_strength_t strength;
439 des_ctx_t *des_ctx = NULL;
440 int rv;
441 int kmflag;
442
443 /*
444 * Only keys by value are supported by this module.
445 */
446 if (key->ck_format != CRYPTO_KEY_RAW) {
447 return (CRYPTO_KEY_TYPE_INCONSISTENT);
448 }
449
450 kmflag = crypto_kmflag(req);
451 /* Check mechanism type and parameter length */
452 switch (mechanism->cm_type) {
453 case DES_ECB_MECH_INFO_TYPE:
454 des_ctx = ecb_alloc_ctx(kmflag);
455 /* FALLTHRU */
456 case DES_CBC_MECH_INFO_TYPE:
457 if (mechanism->cm_param != NULL &&
458 mechanism->cm_param_len != DES_BLOCK_LEN)
459 return (CRYPTO_MECHANISM_PARAM_INVALID);
460 if (key->ck_length != DES_MAXBITS)
461 return (CRYPTO_KEY_SIZE_RANGE);
462 strength = DES;
463 if (des_ctx == NULL)
464 des_ctx = cbc_alloc_ctx(kmflag);
465 break;
466 case DES3_ECB_MECH_INFO_TYPE:
467 des_ctx = ecb_alloc_ctx(kmflag);
468 /* FALLTHRU */
469 case DES3_CBC_MECH_INFO_TYPE:
470 if (mechanism->cm_param != NULL &&
471 mechanism->cm_param_len != DES_BLOCK_LEN)
472 return (CRYPTO_MECHANISM_PARAM_INVALID);
473 if (key->ck_length != DES3_MAXBITS)
474 return (CRYPTO_KEY_SIZE_RANGE);
475 strength = DES3;
476 if (des_ctx == NULL)
477 des_ctx = cbc_alloc_ctx(kmflag);
478 break;
479 default:
480 return (CRYPTO_MECHANISM_INVALID);
481 }
482
483 if ((rv = des_common_init_ctx(des_ctx, template, mechanism, key,
484 strength, kmflag)) != CRYPTO_SUCCESS) {
485 crypto_free_mode_ctx(des_ctx);
486 return (rv);
487 }
488
489 ctx->cc_provider_private = des_ctx;
490
491 return (CRYPTO_SUCCESS);
492 }
493
494 static void
495 des_copy_block64(uint8_t *in, uint64_t *out)
496 {
497 if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
498 /* LINTED: pointer alignment */
499 out[0] = *(uint64_t *)&in[0];
500 } else {
501 uint64_t tmp64;
502
503 #ifdef _BIG_ENDIAN
504 tmp64 = (((uint64_t)in[0] << 56) |
505 ((uint64_t)in[1] << 48) |
506 ((uint64_t)in[2] << 40) |
507 ((uint64_t)in[3] << 32) |
508 ((uint64_t)in[4] << 24) |
509 ((uint64_t)in[5] << 16) |
510 ((uint64_t)in[6] << 8) |
511 (uint64_t)in[7]);
512 #else
513 tmp64 = (((uint64_t)in[7] << 56) |
514 ((uint64_t)in[6] << 48) |
515 ((uint64_t)in[5] << 40) |
516 ((uint64_t)in[4] << 32) |
517 ((uint64_t)in[3] << 24) |
518 ((uint64_t)in[2] << 16) |
519 ((uint64_t)in[1] << 8) |
520 (uint64_t)in[0]);
521 #endif /* _BIG_ENDIAN */
522
523 out[0] = tmp64;
524 }
525 }
526
527 /* ARGSUSED */
528 static int
529 des_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
530 crypto_data_t *ciphertext, crypto_req_handle_t req)
531 {
532 int ret;
533
534 des_ctx_t *des_ctx;
535
536 /*
537 * Plaintext must be a multiple of the block size.
538 * This test only works for non-padded mechanisms
539 * when blocksize is 2^N.
540 */
541 if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
542 return (CRYPTO_DATA_LEN_RANGE);
543
544 ASSERT(ctx->cc_provider_private != NULL);
545 des_ctx = ctx->cc_provider_private;
546
547 DES_ARG_INPLACE(plaintext, ciphertext);
548
549 /*
550 * We need to just return the length needed to store the output.
551 * We should not destroy the context for the following case.
552 */
553 if (ciphertext->cd_length < plaintext->cd_length) {
554 ciphertext->cd_length = plaintext->cd_length;
555 return (CRYPTO_BUFFER_TOO_SMALL);
556 }
557
558 /*
559 * Do an update on the specified input data.
560 */
561 ret = des_encrypt_update(ctx, plaintext, ciphertext, req);
562 ASSERT(des_ctx->dc_remainder_len == 0);
563 (void) des_free_context(ctx);
564
565 /* LINTED */
566 return (ret);
567 }
568
569 /* ARGSUSED */
570 static int
571 des_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
572 crypto_data_t *plaintext, crypto_req_handle_t req)
573 {
574 int ret;
575
576 des_ctx_t *des_ctx;
577
578 /*
579 * Ciphertext must be a multiple of the block size.
580 * This test only works for non-padded mechanisms
581 * when blocksize is 2^N.
582 */
583 if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
584 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
585
586 ASSERT(ctx->cc_provider_private != NULL);
587 des_ctx = ctx->cc_provider_private;
588
589 DES_ARG_INPLACE(ciphertext, plaintext);
590
591 /*
592 * We need to just return the length needed to store the output.
593 * We should not destroy the context for the following case.
594 */
595 if (plaintext->cd_length < ciphertext->cd_length) {
596 plaintext->cd_length = ciphertext->cd_length;
597 return (CRYPTO_BUFFER_TOO_SMALL);
598 }
599
600 /*
601 * Do an update on the specified input data.
602 */
603 ret = des_decrypt_update(ctx, ciphertext, plaintext, req);
604 ASSERT(des_ctx->dc_remainder_len == 0);
605 (void) des_free_context(ctx);
606
607 /* LINTED */
608 return (ret);
609 }
610
611 /* ARGSUSED */
612 static int
613 des_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
614 crypto_data_t *ciphertext, crypto_req_handle_t req)
615 {
616 off_t saved_offset;
617 size_t saved_length, out_len;
618 int ret = CRYPTO_SUCCESS;
619
620 ASSERT(ctx->cc_provider_private != NULL);
621
622 DES_ARG_INPLACE(plaintext, ciphertext);
623
624 /* compute number of bytes that will hold the ciphertext */
625 out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len;
626 out_len += plaintext->cd_length;
627 out_len &= ~(DES_BLOCK_LEN - 1);
628
629 /* return length needed to store the output */
630 if (ciphertext->cd_length < out_len) {
631 ciphertext->cd_length = out_len;
632 return (CRYPTO_BUFFER_TOO_SMALL);
633 }
634
635 saved_offset = ciphertext->cd_offset;
636 saved_length = ciphertext->cd_length;
637
638 /*
639 * Do the DES update on the specified input data.
640 */
641 switch (plaintext->cd_format) {
642 case CRYPTO_DATA_RAW:
643 ret = crypto_update_iov(ctx->cc_provider_private,
644 plaintext, ciphertext, des_encrypt_contiguous_blocks,
645 des_copy_block64);
646 break;
647 case CRYPTO_DATA_UIO:
648 ret = crypto_update_uio(ctx->cc_provider_private,
649 plaintext, ciphertext, des_encrypt_contiguous_blocks,
650 des_copy_block64);
651 break;
652 case CRYPTO_DATA_MBLK:
653 ret = crypto_update_mp(ctx->cc_provider_private,
654 plaintext, ciphertext, des_encrypt_contiguous_blocks,
655 des_copy_block64);
656 break;
657 default:
658 ret = CRYPTO_ARGUMENTS_BAD;
659 }
660
661 if (ret == CRYPTO_SUCCESS) {
662 if (plaintext != ciphertext)
663 ciphertext->cd_length =
664 ciphertext->cd_offset - saved_offset;
665 } else {
666 ciphertext->cd_length = saved_length;
667 }
668 ciphertext->cd_offset = saved_offset;
669
670 return (ret);
671 }
672
673 /* ARGSUSED */
674 static int
675 des_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
676 crypto_data_t *plaintext, crypto_req_handle_t req)
677 {
678 off_t saved_offset;
679 size_t saved_length, out_len;
680 int ret = CRYPTO_SUCCESS;
681
682 ASSERT(ctx->cc_provider_private != NULL);
683
684 DES_ARG_INPLACE(ciphertext, plaintext);
685
686 /* compute number of bytes that will hold the plaintext */
687 out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len;
688 out_len += ciphertext->cd_length;
689 out_len &= ~(DES_BLOCK_LEN - 1);
690
691 /* return length needed to store the output */
692 if (plaintext->cd_length < out_len) {
693 plaintext->cd_length = out_len;
694 return (CRYPTO_BUFFER_TOO_SMALL);
695 }
696
697 saved_offset = plaintext->cd_offset;
698 saved_length = plaintext->cd_length;
699
700 /*
701 * Do the DES update on the specified input data.
702 */
703 switch (ciphertext->cd_format) {
704 case CRYPTO_DATA_RAW:
705 ret = crypto_update_iov(ctx->cc_provider_private,
706 ciphertext, plaintext, des_decrypt_contiguous_blocks,
707 des_copy_block64);
708 break;
709 case CRYPTO_DATA_UIO:
710 ret = crypto_update_uio(ctx->cc_provider_private,
711 ciphertext, plaintext, des_decrypt_contiguous_blocks,
712 des_copy_block64);
713 break;
714 case CRYPTO_DATA_MBLK:
715 ret = crypto_update_mp(ctx->cc_provider_private,
716 ciphertext, plaintext, des_decrypt_contiguous_blocks,
717 des_copy_block64);
718 break;
719 default:
720 ret = CRYPTO_ARGUMENTS_BAD;
721 }
722
723 if (ret == CRYPTO_SUCCESS) {
724 if (ciphertext != plaintext)
725 plaintext->cd_length =
726 plaintext->cd_offset - saved_offset;
727 } else {
728 plaintext->cd_length = saved_length;
729 }
730 plaintext->cd_offset = saved_offset;
731
732 return (ret);
733 }
734
735 /* ARGSUSED */
736 static int
737 des_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
738 crypto_req_handle_t req)
739 {
740 des_ctx_t *des_ctx;
741
742 ASSERT(ctx->cc_provider_private != NULL);
743 des_ctx = ctx->cc_provider_private;
744
745 /*
746 * There must be no unprocessed plaintext.
747 * This happens if the length of the last data is
748 * not a multiple of the DES block length.
749 */
750 if (des_ctx->dc_remainder_len > 0)
751 return (CRYPTO_DATA_LEN_RANGE);
752
753 (void) des_free_context(ctx);
754 ciphertext->cd_length = 0;
755
756 return (CRYPTO_SUCCESS);
757 }
758
759 /* ARGSUSED */
760 static int
761 des_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *plaintext,
762 crypto_req_handle_t req)
763 {
764 des_ctx_t *des_ctx;
765
766 ASSERT(ctx->cc_provider_private != NULL);
767 des_ctx = ctx->cc_provider_private;
768
769 /*
770 * There must be no unprocessed ciphertext.
771 * This happens if the length of the last ciphertext is
772 * not a multiple of the DES block length.
773 */
774 if (des_ctx->dc_remainder_len > 0)
775 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
776
777 (void) des_free_context(ctx);
778 plaintext->cd_length = 0;
779
780 return (CRYPTO_SUCCESS);
781 }
782
783 /* ARGSUSED */
784 static int
785 des_encrypt_atomic(crypto_provider_handle_t provider,
786 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
787 crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
788 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
789 {
790 int ret;
791
792 des_ctx_t des_ctx; /* on the stack */
793 des_strength_t strength;
794 off_t saved_offset;
795 size_t saved_length;
796
797 DES_ARG_INPLACE(plaintext, ciphertext);
798
799 /*
800 * Plaintext must be a multiple of the block size.
801 * This test only works for non-padded mechanisms
802 * when blocksize is 2^N.
803 */
804 if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
805 return (CRYPTO_DATA_LEN_RANGE);
806
807 /* return length needed to store the output */
808 if (ciphertext->cd_length < plaintext->cd_length) {
809 ciphertext->cd_length = plaintext->cd_length;
810 return (CRYPTO_BUFFER_TOO_SMALL);
811 }
812
813 /* Check mechanism type and parameter length */
814 switch (mechanism->cm_type) {
815 case DES_ECB_MECH_INFO_TYPE:
816 case DES_CBC_MECH_INFO_TYPE:
817 if (mechanism->cm_param_len > 0 &&
818 mechanism->cm_param_len != DES_BLOCK_LEN)
819 return (CRYPTO_MECHANISM_PARAM_INVALID);
820 if (key->ck_length != DES_MINBITS)
821 return (CRYPTO_KEY_SIZE_RANGE);
822 strength = DES;
823 break;
824 case DES3_ECB_MECH_INFO_TYPE:
825 case DES3_CBC_MECH_INFO_TYPE:
826 if (mechanism->cm_param_len > 0 &&
827 mechanism->cm_param_len != DES_BLOCK_LEN)
828 return (CRYPTO_MECHANISM_PARAM_INVALID);
829 if (key->ck_length != DES3_MAXBITS)
830 return (CRYPTO_KEY_SIZE_RANGE);
831 strength = DES3;
832 break;
833 default:
834 return (CRYPTO_MECHANISM_INVALID);
835 }
836
837 bzero(&des_ctx, sizeof (des_ctx_t));
838
839 if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key,
840 strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) {
841 return (ret);
842 }
843
844 saved_offset = ciphertext->cd_offset;
845 saved_length = ciphertext->cd_length;
846
847 /*
848 * Do the update on the specified input data.
849 */
850 switch (plaintext->cd_format) {
851 case CRYPTO_DATA_RAW:
852 ret = crypto_update_iov(&des_ctx, plaintext, ciphertext,
853 des_encrypt_contiguous_blocks, des_copy_block64);
854 break;
855 case CRYPTO_DATA_UIO:
856 ret = crypto_update_uio(&des_ctx, plaintext, ciphertext,
857 des_encrypt_contiguous_blocks, des_copy_block64);
858 break;
859 case CRYPTO_DATA_MBLK:
860 ret = crypto_update_mp(&des_ctx, plaintext, ciphertext,
861 des_encrypt_contiguous_blocks, des_copy_block64);
862 break;
863 default:
864 ret = CRYPTO_ARGUMENTS_BAD;
865 }
866
867 if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
868 bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
869 kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
870 }
871
872 if (ret == CRYPTO_SUCCESS) {
873 ASSERT(des_ctx.dc_remainder_len == 0);
874 if (plaintext != ciphertext)
875 ciphertext->cd_length =
876 ciphertext->cd_offset - saved_offset;
877 } else {
878 ciphertext->cd_length = saved_length;
879 }
880 ciphertext->cd_offset = saved_offset;
881
882 /* LINTED */
883 return (ret);
884 }
885
886 /* ARGSUSED */
887 static int
888 des_decrypt_atomic(crypto_provider_handle_t provider,
889 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
890 crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
891 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
892 {
893 int ret;
894
895 des_ctx_t des_ctx; /* on the stack */
896 des_strength_t strength;
897 off_t saved_offset;
898 size_t saved_length;
899
900 DES_ARG_INPLACE(ciphertext, plaintext);
901
902 /*
903 * Ciphertext must be a multiple of the block size.
904 * This test only works for non-padded mechanisms
905 * when blocksize is 2^N.
906 */
907 if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
908 return (CRYPTO_DATA_LEN_RANGE);
909
910 /* return length needed to store the output */
911 if (plaintext->cd_length < ciphertext->cd_length) {
912 plaintext->cd_length = ciphertext->cd_length;
913 return (CRYPTO_BUFFER_TOO_SMALL);
914 }
915
916 /* Check mechanism type and parameter length */
917 switch (mechanism->cm_type) {
918 case DES_ECB_MECH_INFO_TYPE:
919 case DES_CBC_MECH_INFO_TYPE:
920 if (mechanism->cm_param_len > 0 &&
921 mechanism->cm_param_len != DES_BLOCK_LEN)
922 return (CRYPTO_MECHANISM_PARAM_INVALID);
923 if (key->ck_length != DES_MINBITS)
924 return (CRYPTO_KEY_SIZE_RANGE);
925 strength = DES;
926 break;
927 case DES3_ECB_MECH_INFO_TYPE:
928 case DES3_CBC_MECH_INFO_TYPE:
929 if (mechanism->cm_param_len > 0 &&
930 mechanism->cm_param_len != DES_BLOCK_LEN)
931 return (CRYPTO_MECHANISM_PARAM_INVALID);
932 if (key->ck_length != DES3_MAXBITS)
933 return (CRYPTO_KEY_SIZE_RANGE);
934 strength = DES3;
935 break;
936 default:
937 return (CRYPTO_MECHANISM_INVALID);
938 }
939
940 bzero(&des_ctx, sizeof (des_ctx_t));
941
942 if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key,
943 strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) {
944 return (ret);
945 }
946
947 saved_offset = plaintext->cd_offset;
948 saved_length = plaintext->cd_length;
949
950 /*
951 * Do the update on the specified input data.
952 */
953 switch (ciphertext->cd_format) {
954 case CRYPTO_DATA_RAW:
955 ret = crypto_update_iov(&des_ctx, ciphertext, plaintext,
956 des_decrypt_contiguous_blocks, des_copy_block64);
957 break;
958 case CRYPTO_DATA_UIO:
959 ret = crypto_update_uio(&des_ctx, ciphertext, plaintext,
960 des_decrypt_contiguous_blocks, des_copy_block64);
961 break;
962 case CRYPTO_DATA_MBLK:
963 ret = crypto_update_mp(&des_ctx, ciphertext, plaintext,
964 des_decrypt_contiguous_blocks, des_copy_block64);
965 break;
966 default:
967 ret = CRYPTO_ARGUMENTS_BAD;
968 }
969
970 if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
971 bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
972 kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
973 }
974
975 if (ret == CRYPTO_SUCCESS) {
976 ASSERT(des_ctx.dc_remainder_len == 0);
977 if (ciphertext != plaintext)
978 plaintext->cd_length =
979 plaintext->cd_offset - saved_offset;
980 } else {
981 plaintext->cd_length = saved_length;
982 }
983 plaintext->cd_offset = saved_offset;
984
985 /* LINTED */
986 return (ret);
987 }
988
989 /*
990 * KCF software provider context template entry points.
991 */
992 /* ARGSUSED */
993 static int
994 des_create_ctx_template(crypto_provider_handle_t provider,
995 crypto_mechanism_t *mechanism, crypto_key_t *key,
996 crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
997 {
998
999 des_strength_t strength;
1000 void *keysched;
1001 size_t size;
1002 int rv;
1003
1004 switch (mechanism->cm_type) {
1005 case DES_ECB_MECH_INFO_TYPE:
1006 strength = DES;
1007 break;
1008 case DES_CBC_MECH_INFO_TYPE:
1009 strength = DES;
1010 break;
1011 case DES3_ECB_MECH_INFO_TYPE:
1012 strength = DES3;
1013 break;
1014 case DES3_CBC_MECH_INFO_TYPE:
1015 strength = DES3;
1016 break;
1017 default:
1018 return (CRYPTO_MECHANISM_INVALID);
1019 }
1020
1021 if ((keysched = des_alloc_keysched(&size, strength,
1022 crypto_kmflag(req))) == NULL) {
1023 return (CRYPTO_HOST_MEMORY);
1024 }
1025
1026 /*
1027 * Initialize key schedule. Key length information is stored
1028 * in the key.
1029 */
1030 if ((rv = init_keysched(key, keysched, strength)) != CRYPTO_SUCCESS) {
1031 bzero(keysched, size);
1032 kmem_free(keysched, size);
1033 return (rv);
1034 }
1035
1036 *tmpl = keysched;
1037 *tmpl_size = size;
1038
1039 return (CRYPTO_SUCCESS);
1040 }
1041
1042 /* ARGSUSED */
1043 static int
1044 des_free_context(crypto_ctx_t *ctx)
1045 {
1046 des_ctx_t *des_ctx = ctx->cc_provider_private;
1047
1048 if (des_ctx != NULL) {
1049 if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1050 ASSERT(des_ctx->dc_keysched_len != 0);
1051 bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
1052 kmem_free(des_ctx->dc_keysched,
1053 des_ctx->dc_keysched_len);
1054 }
1055 crypto_free_mode_ctx(des_ctx);
1056 ctx->cc_provider_private = NULL;
1057 }
1058
1059 return (CRYPTO_SUCCESS);
1060 }
1061
1062 /*
1063 * Pass it to des_keycheck() which will
1064 * fix it (parity bits), and check if the fixed key is weak.
1065 */
1066 /* ARGSUSED */
1067 static int
1068 des_key_check(crypto_provider_handle_t pd, crypto_mechanism_t *mech,
1069 crypto_key_t *key)
1070 {
1071 int expectedkeylen;
1072 des_strength_t strength;
1073 uint8_t keydata[DES3_MAX_KEY_LEN];
1074
1075 if ((mech == NULL) || (key == NULL))
1076 return (CRYPTO_ARGUMENTS_BAD);
1077
1078 switch (mech->cm_type) {
1079 case DES_ECB_MECH_INFO_TYPE:
1080 case DES_CBC_MECH_INFO_TYPE:
1081 expectedkeylen = DES_MINBITS;
1082 strength = DES;
1083 break;
1084 case DES3_ECB_MECH_INFO_TYPE:
1085 case DES3_CBC_MECH_INFO_TYPE:
1086 expectedkeylen = DES3_MAXBITS;
1087 strength = DES3;
1088 break;
1089 default:
1090 return (CRYPTO_MECHANISM_INVALID);
1091 }
1092
1093 if (key->ck_format != CRYPTO_KEY_RAW)
1094 return (CRYPTO_KEY_TYPE_INCONSISTENT);
1095
1096 if (key->ck_length != expectedkeylen)
1097 return (CRYPTO_KEY_SIZE_RANGE);
1098
1099 bcopy(key->ck_data, keydata, CRYPTO_BITS2BYTES(expectedkeylen));
1100
1101 if (des_keycheck(keydata, strength, key->ck_data) == B_FALSE)
1102 return (CRYPTO_WEAK_KEY);
1103
1104 return (CRYPTO_SUCCESS);
1105 }
1106
1107 /* ARGSUSED */
1108 static int
1109 des_common_init_ctx(des_ctx_t *des_ctx, crypto_spi_ctx_template_t *template,
1110 crypto_mechanism_t *mechanism, crypto_key_t *key, des_strength_t strength,
1111 int kmflag)
1112 {
1113 int rv = CRYPTO_SUCCESS;
1114
1115 void *keysched;
1116 size_t size;
1117
1118 if (template == NULL) {
1119 if ((keysched = des_alloc_keysched(&size, strength,
1120 kmflag)) == NULL)
1121 return (CRYPTO_HOST_MEMORY);
1122 /*
1123 * Initialize key schedule.
1124 * Key length is stored in the key.
1125 */
1126 if ((rv = init_keysched(key, keysched,
1127 strength)) != CRYPTO_SUCCESS)
1128 kmem_free(keysched, size);
1129
1130 des_ctx->dc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
1131 des_ctx->dc_keysched_len = size;
1132 } else {
1133 keysched = template;
1134 }
1135 des_ctx->dc_keysched = keysched;
1136
1137 if (strength == DES3) {
1138 des_ctx->dc_flags |= DES3_STRENGTH;
1139 }
1140
1141 switch (mechanism->cm_type) {
1142 case DES_CBC_MECH_INFO_TYPE:
1143 case DES3_CBC_MECH_INFO_TYPE:
1144 rv = cbc_init_ctx((cbc_ctx_t *)des_ctx, mechanism->cm_param,
1145 mechanism->cm_param_len, DES_BLOCK_LEN, des_copy_block64);
1146 break;
1147 case DES_ECB_MECH_INFO_TYPE:
1148 case DES3_ECB_MECH_INFO_TYPE:
1149 des_ctx->dc_flags |= ECB_MODE;
1150 }
1151
1152 if (rv != CRYPTO_SUCCESS) {
1153 if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1154 bzero(keysched, size);
1155 kmem_free(keysched, size);
1156 }
1157 }
1158
1159 return (rv);
1160 }