/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * */ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ /* All Rights Reserved */ /* * Portions of this source code were derived from Berkeley 4.3 BSD * under license from the Regents of the University of California. */ /* * des_crypt.c, DES encryption library routines */ #include #include #include #include #include #include #include #include #include #include #include #define _DES_IMPL #include #include #include #include #ifdef sun_hardware #include #ifdef _KERNEL #include static int g_desfd = -1; #define getdesfd() (cdevsw[11].d_open(0, 0) ? -1 : 0) #define ioctl(a, b, c) (cdevsw[11].d_ioctl(0, b, c, 0) ? -1 : 0) #else #define getdesfd() (open("/dev/des", 0, 0)) #endif /* _KERNEL */ #endif /* sun */ static int common_crypt(char *key, char *buf, size_t len, unsigned int mode, struct desparams *desp); extern int _des_crypt(char *buf, size_t len, struct desparams *desp); extern struct mod_ops mod_cryptoops; /* * Module linkage information for the kernel. */ static struct modlmisc modlmisc = { &mod_miscops, "des encryption", }; static struct modlcrypto modlcrypto = { &mod_cryptoops, "DES Kernel SW Provider" }; static struct modlinkage modlinkage = { MODREV_1, &modlmisc, &modlcrypto, NULL }; #define DES_MIN_KEY_LEN DES_MINBYTES #define DES_MAX_KEY_LEN DES_MAXBYTES #define DES3_MIN_KEY_LEN DES3_MAXBYTES /* no CKK_DES2 support */ #define DES3_MAX_KEY_LEN DES3_MAXBYTES #ifndef DES_MIN_KEY_LEN #define DES_MIN_KEY_LEN 0 #endif #ifndef DES_MAX_KEY_LEN #define DES_MAX_KEY_LEN 0 #endif #ifndef DES3_MIN_KEY_LEN #define DES3_MIN_KEY_LEN 0 #endif #ifndef DES3_MAX_KEY_LEN #define DES3_MAX_KEY_LEN 0 #endif /* * Mechanism info structure passed to KCF during registration. */ static crypto_mech_info_t des_mech_info_tab[] = { /* DES_ECB */ {SUN_CKM_DES_ECB, DES_ECB_MECH_INFO_TYPE, CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* DES_CBC */ {SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE, CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* DES3_ECB */ {SUN_CKM_DES3_ECB, DES3_ECB_MECH_INFO_TYPE, CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* DES3_CBC */ {SUN_CKM_DES3_CBC, DES3_CBC_MECH_INFO_TYPE, CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES} }; /* operations are in-place if the output buffer is NULL */ #define DES_ARG_INPLACE(input, output) \ if ((output) == NULL) \ (output) = (input); static void des_provider_status(crypto_provider_handle_t, uint_t *); static crypto_control_ops_t des_control_ops = { des_provider_status }; static int des_common_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); static int des_common_init_ctx(des_ctx_t *, crypto_spi_ctx_template_t *, crypto_mechanism_t *, crypto_key_t *, des_strength_t, int); static int des_encrypt_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); static int des_decrypt_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); static int des_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); static int des_encrypt_update(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); static int des_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); static int des_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); static int des_decrypt_update(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, crypto_req_handle_t); static int des_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); static crypto_cipher_ops_t des_cipher_ops = { des_common_init, des_encrypt, des_encrypt_update, des_encrypt_final, des_encrypt_atomic, des_common_init, des_decrypt, des_decrypt_update, des_decrypt_final, des_decrypt_atomic }; static int des_create_ctx_template(crypto_provider_handle_t, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, size_t *, crypto_req_handle_t); static int des_free_context(crypto_ctx_t *); static crypto_ctx_ops_t des_ctx_ops = { des_create_ctx_template, des_free_context }; static int des_key_check(crypto_provider_handle_t, crypto_mechanism_t *, crypto_key_t *); static crypto_key_ops_t des_key_ops = { NULL, NULL, NULL, NULL, NULL, des_key_check }; static crypto_ops_t des_crypto_ops = { &des_control_ops, NULL, &des_cipher_ops, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, &des_key_ops, NULL, &des_ctx_ops, NULL, NULL, NULL }; static crypto_provider_info_t des_prov_info = { CRYPTO_SPI_VERSION_4, "DES Software Provider", CRYPTO_SW_PROVIDER, {&modlinkage}, NULL, &des_crypto_ops, sizeof (des_mech_info_tab)/sizeof (crypto_mech_info_t), des_mech_info_tab }; static crypto_kcf_provider_handle_t des_prov_handle = 0; int _init(void) { int ret; if ((ret = mod_install(&modlinkage)) != 0) return (ret); /* * Register with KCF. If the registration fails, kcf will log an * error but do not uninstall the module, since the functionality * provided by misc/des should still be available. * */ (void) crypto_register_provider(&des_prov_info, &des_prov_handle); return (0); } int _info(struct modinfo *modinfop) { return (mod_info(&modlinkage, modinfop)); } /* * Copy 8 bytes */ #define COPY8(src, dst) { \ char *a = (char *)dst; \ char *b = (char *)src; \ *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \ *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \ } /* * Copy multiple of 8 bytes */ #define DESCOPY(src, dst, len) { \ char *a = (char *)dst; \ char *b = (char *)src; \ int i; \ for (i = (size_t)len; i > 0; i -= 8) { \ *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \ *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \ } \ } /* * CBC mode encryption */ /* ARGSUSED */ int cbc_crypt(char *key, char *buf, size_t len, unsigned int mode, char *ivec) { int err = 0; struct desparams dp; dp.des_mode = CBC; COPY8(ivec, dp.des_ivec); err = common_crypt(key, buf, len, mode, &dp); COPY8(dp.des_ivec, ivec); return (err); } /* * ECB mode encryption */ /* ARGSUSED */ int ecb_crypt(char *key, char *buf, size_t len, unsigned int mode) { int err = 0; struct desparams dp; dp.des_mode = ECB; err = common_crypt(key, buf, len, mode, &dp); return (err); } /* * Common code to cbc_crypt() & ecb_crypt() */ static int common_crypt(char *key, char *buf, size_t len, unsigned int mode, struct desparams *desp) { int desdev; if ((len % 8) != 0 || len > DES_MAXDATA) return (DESERR_BADPARAM); desp->des_dir = ((mode & DES_DIRMASK) == DES_ENCRYPT) ? ENCRYPT : DECRYPT; desdev = mode & DES_DEVMASK; COPY8(key, desp->des_key); #ifdef sun_hardware if (desdev == DES_HW) { int res; if (g_desfd < 0 && (g_desfd == -1 || (g_desfd = getdesfd()) < 0)) goto software; /* no hardware device */ /* * hardware */ desp->des_len = len; if (len <= DES_QUICKLEN) { DESCOPY(buf, desp->des_data, len); res = ioctl(g_desfd, DESIOCQUICK, (char *)desp); DESCOPY(desp->des_data, buf, len); } else { desp->des_buf = (uchar_t *)buf; res = ioctl(g_desfd, DESIOCBLOCK, (char *)desp); } return (res == 0 ? DESERR_NONE : DESERR_HWERROR); } software: #endif /* * software */ if (!_des_crypt(buf, len, desp)) return (DESERR_HWERROR); return (desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE); } /* * Initialize key schedules for DES and DES3 */ static int init_keysched(crypto_key_t *key, void *newbie, des_strength_t strength) { uint8_t corrected_key[DES3_KEYSIZE]; /* * Only keys by value are supported by this module. */ switch (key->ck_format) { case CRYPTO_KEY_RAW: if (strength == DES && key->ck_length != DES_MAXBITS) return (CRYPTO_KEY_SIZE_RANGE); if (strength == DES3 && key->ck_length != DES3_MAXBITS) return (CRYPTO_KEY_SIZE_RANGE); break; default: return (CRYPTO_KEY_TYPE_INCONSISTENT); } /* * Fix parity bits. * Initialize key schedule even if key is weak. */ if (key->ck_data == NULL) return (CRYPTO_ARGUMENTS_BAD); des_parity_fix(key->ck_data, strength, corrected_key); des_init_keysched(corrected_key, strength, newbie); return (CRYPTO_SUCCESS); } /* * KCF software provider control entry points. */ /* ARGSUSED */ static void des_provider_status(crypto_provider_handle_t provider, uint_t *status) { *status = CRYPTO_PROVIDER_READY; } /* * KCF software provider encrypt entry points. */ static int des_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_spi_ctx_template_t template, crypto_req_handle_t req) { des_strength_t strength; des_ctx_t *des_ctx = NULL; int rv; int kmflag; /* * Only keys by value are supported by this module. */ if (key->ck_format != CRYPTO_KEY_RAW) { return (CRYPTO_KEY_TYPE_INCONSISTENT); } kmflag = crypto_kmflag(req); /* Check mechanism type and parameter length */ switch (mechanism->cm_type) { case DES_ECB_MECH_INFO_TYPE: des_ctx = ecb_alloc_ctx(kmflag); /* FALLTHRU */ case DES_CBC_MECH_INFO_TYPE: if (mechanism->cm_param != NULL && mechanism->cm_param_len != DES_BLOCK_LEN) return (CRYPTO_MECHANISM_PARAM_INVALID); if (key->ck_length != DES_MAXBITS) return (CRYPTO_KEY_SIZE_RANGE); strength = DES; if (des_ctx == NULL) des_ctx = cbc_alloc_ctx(kmflag); break; case DES3_ECB_MECH_INFO_TYPE: des_ctx = ecb_alloc_ctx(kmflag); /* FALLTHRU */ case DES3_CBC_MECH_INFO_TYPE: if (mechanism->cm_param != NULL && mechanism->cm_param_len != DES_BLOCK_LEN) return (CRYPTO_MECHANISM_PARAM_INVALID); if (key->ck_length != DES3_MAXBITS) return (CRYPTO_KEY_SIZE_RANGE); strength = DES3; if (des_ctx == NULL) des_ctx = cbc_alloc_ctx(kmflag); break; default: return (CRYPTO_MECHANISM_INVALID); } if ((rv = des_common_init_ctx(des_ctx, template, mechanism, key, strength, kmflag)) != CRYPTO_SUCCESS) { crypto_free_mode_ctx(des_ctx); return (rv); } ctx->cc_provider_private = des_ctx; return (CRYPTO_SUCCESS); } static void des_copy_block64(uint8_t *in, uint64_t *out) { if (IS_P2ALIGNED(in, sizeof (uint64_t))) { /* LINTED: pointer alignment */ out[0] = *(uint64_t *)&in[0]; } else { uint64_t tmp64; #ifdef _BIG_ENDIAN tmp64 = (((uint64_t)in[0] << 56) | ((uint64_t)in[1] << 48) | ((uint64_t)in[2] << 40) | ((uint64_t)in[3] << 32) | ((uint64_t)in[4] << 24) | ((uint64_t)in[5] << 16) | ((uint64_t)in[6] << 8) | (uint64_t)in[7]); #else tmp64 = (((uint64_t)in[7] << 56) | ((uint64_t)in[6] << 48) | ((uint64_t)in[5] << 40) | ((uint64_t)in[4] << 32) | ((uint64_t)in[3] << 24) | ((uint64_t)in[2] << 16) | ((uint64_t)in[1] << 8) | (uint64_t)in[0]); #endif /* _BIG_ENDIAN */ out[0] = tmp64; } } /* ARGSUSED */ static int des_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext, crypto_data_t *ciphertext, crypto_req_handle_t req) { int ret; des_ctx_t *des_ctx; /* * Plaintext must be a multiple of the block size. * This test only works for non-padded mechanisms * when blocksize is 2^N. */ if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0) return (CRYPTO_DATA_LEN_RANGE); ASSERT(ctx->cc_provider_private != NULL); des_ctx = ctx->cc_provider_private; DES_ARG_INPLACE(plaintext, ciphertext); /* * We need to just return the length needed to store the output. * We should not destroy the context for the following case. */ if (ciphertext->cd_length < plaintext->cd_length) { ciphertext->cd_length = plaintext->cd_length; return (CRYPTO_BUFFER_TOO_SMALL); } /* * Do an update on the specified input data. */ ret = des_encrypt_update(ctx, plaintext, ciphertext, req); ASSERT(des_ctx->dc_remainder_len == 0); (void) des_free_context(ctx); /* LINTED */ return (ret); } /* ARGSUSED */ static int des_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext, crypto_data_t *plaintext, crypto_req_handle_t req) { int ret; des_ctx_t *des_ctx; /* * Ciphertext must be a multiple of the block size. * This test only works for non-padded mechanisms * when blocksize is 2^N. */ if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0) return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE); ASSERT(ctx->cc_provider_private != NULL); des_ctx = ctx->cc_provider_private; DES_ARG_INPLACE(ciphertext, plaintext); /* * We need to just return the length needed to store the output. * We should not destroy the context for the following case. */ if (plaintext->cd_length < ciphertext->cd_length) { plaintext->cd_length = ciphertext->cd_length; return (CRYPTO_BUFFER_TOO_SMALL); } /* * Do an update on the specified input data. */ ret = des_decrypt_update(ctx, ciphertext, plaintext, req); ASSERT(des_ctx->dc_remainder_len == 0); (void) des_free_context(ctx); /* LINTED */ return (ret); } /* ARGSUSED */ static int des_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext, crypto_data_t *ciphertext, crypto_req_handle_t req) { off_t saved_offset; size_t saved_length, out_len; int ret = CRYPTO_SUCCESS; ASSERT(ctx->cc_provider_private != NULL); DES_ARG_INPLACE(plaintext, ciphertext); /* compute number of bytes that will hold the ciphertext */ out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len; out_len += plaintext->cd_length; out_len &= ~(DES_BLOCK_LEN - 1); /* return length needed to store the output */ if (ciphertext->cd_length < out_len) { ciphertext->cd_length = out_len; return (CRYPTO_BUFFER_TOO_SMALL); } saved_offset = ciphertext->cd_offset; saved_length = ciphertext->cd_length; /* * Do the DES update on the specified input data. */ switch (plaintext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(ctx->cc_provider_private, plaintext, ciphertext, des_encrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(ctx->cc_provider_private, plaintext, ciphertext, des_encrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_MBLK: ret = crypto_update_mp(ctx->cc_provider_private, plaintext, ciphertext, des_encrypt_contiguous_blocks, des_copy_block64); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (ret == CRYPTO_SUCCESS) { if (plaintext != ciphertext) ciphertext->cd_length = ciphertext->cd_offset - saved_offset; } else { ciphertext->cd_length = saved_length; } ciphertext->cd_offset = saved_offset; return (ret); } /* ARGSUSED */ static int des_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext, crypto_data_t *plaintext, crypto_req_handle_t req) { off_t saved_offset; size_t saved_length, out_len; int ret = CRYPTO_SUCCESS; ASSERT(ctx->cc_provider_private != NULL); DES_ARG_INPLACE(ciphertext, plaintext); /* compute number of bytes that will hold the plaintext */ out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len; out_len += ciphertext->cd_length; out_len &= ~(DES_BLOCK_LEN - 1); /* return length needed to store the output */ if (plaintext->cd_length < out_len) { plaintext->cd_length = out_len; return (CRYPTO_BUFFER_TOO_SMALL); } saved_offset = plaintext->cd_offset; saved_length = plaintext->cd_length; /* * Do the DES update on the specified input data. */ switch (ciphertext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(ctx->cc_provider_private, ciphertext, plaintext, des_decrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(ctx->cc_provider_private, ciphertext, plaintext, des_decrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_MBLK: ret = crypto_update_mp(ctx->cc_provider_private, ciphertext, plaintext, des_decrypt_contiguous_blocks, des_copy_block64); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (ret == CRYPTO_SUCCESS) { if (ciphertext != plaintext) plaintext->cd_length = plaintext->cd_offset - saved_offset; } else { plaintext->cd_length = saved_length; } plaintext->cd_offset = saved_offset; return (ret); } /* ARGSUSED */ static int des_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *ciphertext, crypto_req_handle_t req) { des_ctx_t *des_ctx; ASSERT(ctx->cc_provider_private != NULL); des_ctx = ctx->cc_provider_private; /* * There must be no unprocessed plaintext. * This happens if the length of the last data is * not a multiple of the DES block length. */ if (des_ctx->dc_remainder_len > 0) return (CRYPTO_DATA_LEN_RANGE); (void) des_free_context(ctx); ciphertext->cd_length = 0; return (CRYPTO_SUCCESS); } /* ARGSUSED */ static int des_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *plaintext, crypto_req_handle_t req) { des_ctx_t *des_ctx; ASSERT(ctx->cc_provider_private != NULL); des_ctx = ctx->cc_provider_private; /* * There must be no unprocessed ciphertext. * This happens if the length of the last ciphertext is * not a multiple of the DES block length. */ if (des_ctx->dc_remainder_len > 0) return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE); (void) des_free_context(ctx); plaintext->cd_length = 0; return (CRYPTO_SUCCESS); } /* ARGSUSED */ static int des_encrypt_atomic(crypto_provider_handle_t provider, crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext, crypto_spi_ctx_template_t template, crypto_req_handle_t req) { int ret; des_ctx_t des_ctx; /* on the stack */ des_strength_t strength; off_t saved_offset; size_t saved_length; DES_ARG_INPLACE(plaintext, ciphertext); /* * Plaintext must be a multiple of the block size. * This test only works for non-padded mechanisms * when blocksize is 2^N. */ if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0) return (CRYPTO_DATA_LEN_RANGE); /* return length needed to store the output */ if (ciphertext->cd_length < plaintext->cd_length) { ciphertext->cd_length = plaintext->cd_length; return (CRYPTO_BUFFER_TOO_SMALL); } /* Check mechanism type and parameter length */ switch (mechanism->cm_type) { case DES_ECB_MECH_INFO_TYPE: case DES_CBC_MECH_INFO_TYPE: if (mechanism->cm_param_len > 0 && mechanism->cm_param_len != DES_BLOCK_LEN) return (CRYPTO_MECHANISM_PARAM_INVALID); if (key->ck_length != DES_MINBITS) return (CRYPTO_KEY_SIZE_RANGE); strength = DES; break; case DES3_ECB_MECH_INFO_TYPE: case DES3_CBC_MECH_INFO_TYPE: if (mechanism->cm_param_len > 0 && mechanism->cm_param_len != DES_BLOCK_LEN) return (CRYPTO_MECHANISM_PARAM_INVALID); if (key->ck_length != DES3_MAXBITS) return (CRYPTO_KEY_SIZE_RANGE); strength = DES3; break; default: return (CRYPTO_MECHANISM_INVALID); } bzero(&des_ctx, sizeof (des_ctx_t)); if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key, strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) { return (ret); } saved_offset = ciphertext->cd_offset; saved_length = ciphertext->cd_length; /* * Do the update on the specified input data. */ switch (plaintext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(&des_ctx, plaintext, ciphertext, des_encrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(&des_ctx, plaintext, ciphertext, des_encrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_MBLK: ret = crypto_update_mp(&des_ctx, plaintext, ciphertext, des_encrypt_contiguous_blocks, des_copy_block64); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) { bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len); kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len); } if (ret == CRYPTO_SUCCESS) { ASSERT(des_ctx.dc_remainder_len == 0); if (plaintext != ciphertext) ciphertext->cd_length = ciphertext->cd_offset - saved_offset; } else { ciphertext->cd_length = saved_length; } ciphertext->cd_offset = saved_offset; /* LINTED */ return (ret); } /* ARGSUSED */ static int des_decrypt_atomic(crypto_provider_handle_t provider, crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext, crypto_spi_ctx_template_t template, crypto_req_handle_t req) { int ret; des_ctx_t des_ctx; /* on the stack */ des_strength_t strength; off_t saved_offset; size_t saved_length; DES_ARG_INPLACE(ciphertext, plaintext); /* * Ciphertext must be a multiple of the block size. * This test only works for non-padded mechanisms * when blocksize is 2^N. */ if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0) return (CRYPTO_DATA_LEN_RANGE); /* return length needed to store the output */ if (plaintext->cd_length < ciphertext->cd_length) { plaintext->cd_length = ciphertext->cd_length; return (CRYPTO_BUFFER_TOO_SMALL); } /* Check mechanism type and parameter length */ switch (mechanism->cm_type) { case DES_ECB_MECH_INFO_TYPE: case DES_CBC_MECH_INFO_TYPE: if (mechanism->cm_param_len > 0 && mechanism->cm_param_len != DES_BLOCK_LEN) return (CRYPTO_MECHANISM_PARAM_INVALID); if (key->ck_length != DES_MINBITS) return (CRYPTO_KEY_SIZE_RANGE); strength = DES; break; case DES3_ECB_MECH_INFO_TYPE: case DES3_CBC_MECH_INFO_TYPE: if (mechanism->cm_param_len > 0 && mechanism->cm_param_len != DES_BLOCK_LEN) return (CRYPTO_MECHANISM_PARAM_INVALID); if (key->ck_length != DES3_MAXBITS) return (CRYPTO_KEY_SIZE_RANGE); strength = DES3; break; default: return (CRYPTO_MECHANISM_INVALID); } bzero(&des_ctx, sizeof (des_ctx_t)); if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key, strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) { return (ret); } saved_offset = plaintext->cd_offset; saved_length = plaintext->cd_length; /* * Do the update on the specified input data. */ switch (ciphertext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(&des_ctx, ciphertext, plaintext, des_decrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(&des_ctx, ciphertext, plaintext, des_decrypt_contiguous_blocks, des_copy_block64); break; case CRYPTO_DATA_MBLK: ret = crypto_update_mp(&des_ctx, ciphertext, plaintext, des_decrypt_contiguous_blocks, des_copy_block64); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) { bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len); kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len); } if (ret == CRYPTO_SUCCESS) { ASSERT(des_ctx.dc_remainder_len == 0); if (ciphertext != plaintext) plaintext->cd_length = plaintext->cd_offset - saved_offset; } else { plaintext->cd_length = saved_length; } plaintext->cd_offset = saved_offset; /* LINTED */ return (ret); } /* * KCF software provider context template entry points. */ /* ARGSUSED */ static int des_create_ctx_template(crypto_provider_handle_t provider, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req) { des_strength_t strength; void *keysched; size_t size; int rv; switch (mechanism->cm_type) { case DES_ECB_MECH_INFO_TYPE: strength = DES; break; case DES_CBC_MECH_INFO_TYPE: strength = DES; break; case DES3_ECB_MECH_INFO_TYPE: strength = DES3; break; case DES3_CBC_MECH_INFO_TYPE: strength = DES3; break; default: return (CRYPTO_MECHANISM_INVALID); } if ((keysched = des_alloc_keysched(&size, strength, crypto_kmflag(req))) == NULL) { return (CRYPTO_HOST_MEMORY); } /* * Initialize key schedule. Key length information is stored * in the key. */ if ((rv = init_keysched(key, keysched, strength)) != CRYPTO_SUCCESS) { bzero(keysched, size); kmem_free(keysched, size); return (rv); } *tmpl = keysched; *tmpl_size = size; return (CRYPTO_SUCCESS); } /* ARGSUSED */ static int des_free_context(crypto_ctx_t *ctx) { des_ctx_t *des_ctx = ctx->cc_provider_private; if (des_ctx != NULL) { if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) { ASSERT(des_ctx->dc_keysched_len != 0); bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len); kmem_free(des_ctx->dc_keysched, des_ctx->dc_keysched_len); } crypto_free_mode_ctx(des_ctx); ctx->cc_provider_private = NULL; } return (CRYPTO_SUCCESS); } /* * Pass it to des_keycheck() which will * fix it (parity bits), and check if the fixed key is weak. */ /* ARGSUSED */ static int des_key_check(crypto_provider_handle_t pd, crypto_mechanism_t *mech, crypto_key_t *key) { int expectedkeylen; des_strength_t strength; uint8_t keydata[DES3_MAX_KEY_LEN]; if ((mech == NULL) || (key == NULL)) return (CRYPTO_ARGUMENTS_BAD); switch (mech->cm_type) { case DES_ECB_MECH_INFO_TYPE: case DES_CBC_MECH_INFO_TYPE: expectedkeylen = DES_MINBITS; strength = DES; break; case DES3_ECB_MECH_INFO_TYPE: case DES3_CBC_MECH_INFO_TYPE: expectedkeylen = DES3_MAXBITS; strength = DES3; break; default: return (CRYPTO_MECHANISM_INVALID); } if (key->ck_format != CRYPTO_KEY_RAW) return (CRYPTO_KEY_TYPE_INCONSISTENT); if (key->ck_length != expectedkeylen) return (CRYPTO_KEY_SIZE_RANGE); bcopy(key->ck_data, keydata, CRYPTO_BITS2BYTES(expectedkeylen)); if (des_keycheck(keydata, strength, key->ck_data) == B_FALSE) return (CRYPTO_WEAK_KEY); return (CRYPTO_SUCCESS); } /* ARGSUSED */ static int des_common_init_ctx(des_ctx_t *des_ctx, crypto_spi_ctx_template_t *template, crypto_mechanism_t *mechanism, crypto_key_t *key, des_strength_t strength, int kmflag) { int rv = CRYPTO_SUCCESS; void *keysched; size_t size; if (template == NULL) { if ((keysched = des_alloc_keysched(&size, strength, kmflag)) == NULL) return (CRYPTO_HOST_MEMORY); /* * Initialize key schedule. * Key length is stored in the key. */ if ((rv = init_keysched(key, keysched, strength)) != CRYPTO_SUCCESS) kmem_free(keysched, size); des_ctx->dc_flags |= PROVIDER_OWNS_KEY_SCHEDULE; des_ctx->dc_keysched_len = size; } else { keysched = template; } des_ctx->dc_keysched = keysched; if (strength == DES3) { des_ctx->dc_flags |= DES3_STRENGTH; } switch (mechanism->cm_type) { case DES_CBC_MECH_INFO_TYPE: case DES3_CBC_MECH_INFO_TYPE: rv = cbc_init_ctx((cbc_ctx_t *)des_ctx, mechanism->cm_param, mechanism->cm_param_len, DES_BLOCK_LEN, des_copy_block64); break; case DES_ECB_MECH_INFO_TYPE: case DES3_ECB_MECH_INFO_TYPE: des_ctx->dc_flags |= ECB_MODE; } if (rv != CRYPTO_SUCCESS) { if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) { bzero(keysched, size); kmem_free(keysched, size); } } return (rv); }