1734b6a94Sdarrenm /*
2734b6a94Sdarrenm * CDDL HEADER START
3734b6a94Sdarrenm *
4734b6a94Sdarrenm * The contents of this file are subject to the terms of the
5734b6a94Sdarrenm * Common Development and Distribution License (the "License").
6734b6a94Sdarrenm * You may not use this file except in compliance with the License.
7734b6a94Sdarrenm *
8734b6a94Sdarrenm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9734b6a94Sdarrenm * or http://www.opensolaris.org/os/licensing.
10734b6a94Sdarrenm * See the License for the specific language governing permissions
11734b6a94Sdarrenm * and limitations under the License.
12734b6a94Sdarrenm *
13734b6a94Sdarrenm * When distributing Covered Code, include this CDDL HEADER in each
14734b6a94Sdarrenm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15734b6a94Sdarrenm * If applicable, add the following below this CDDL HEADER, with the
16734b6a94Sdarrenm * fields enclosed by brackets "[]" replaced with your own identifying
17734b6a94Sdarrenm * information: Portions Copyright [yyyy] [name of copyright owner]
18734b6a94Sdarrenm *
19734b6a94Sdarrenm * CDDL HEADER END
20734b6a94Sdarrenm */
21734b6a94Sdarrenm
22734b6a94Sdarrenm /*
23d3b2efc7SAnthony Scarpino * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24734b6a94Sdarrenm * Use is subject to license terms.
25*5e8da2b9SJason King * Copyright 2019 Joyent, Inc.
26734b6a94Sdarrenm */
27734b6a94Sdarrenm
28734b6a94Sdarrenm #include <sys/modctl.h>
29734b6a94Sdarrenm #include <sys/cmn_err.h>
30734b6a94Sdarrenm #include <sys/note.h>
31734b6a94Sdarrenm #include <sys/crypto/common.h>
32734b6a94Sdarrenm #include <sys/crypto/spi.h>
33734b6a94Sdarrenm #include <sys/strsun.h>
34734b6a94Sdarrenm #include <sys/systm.h>
35734b6a94Sdarrenm #include <sys/sysmacros.h>
36734b6a94Sdarrenm
37734b6a94Sdarrenm #include <sys/sha1.h>
38b5a2d845SHai-May Chao #include <sha1/sha1_impl.h>
39734b6a94Sdarrenm
40734b6a94Sdarrenm /*
41734b6a94Sdarrenm * The sha1 module is created with two modlinkages:
42734b6a94Sdarrenm * - a modlmisc that allows consumers to directly call the entry points
43734b6a94Sdarrenm * SHA1Init, SHA1Update, and SHA1Final.
44734b6a94Sdarrenm * - a modlcrypto that allows the module to register with the Kernel
45734b6a94Sdarrenm * Cryptographic Framework (KCF) as a software provider for the SHA1
46734b6a94Sdarrenm * mechanisms.
47734b6a94Sdarrenm */
48734b6a94Sdarrenm
49734b6a94Sdarrenm static struct modlmisc modlmisc = {
50734b6a94Sdarrenm &mod_miscops,
51734b6a94Sdarrenm "SHA1 Message-Digest Algorithm"
52734b6a94Sdarrenm };
53734b6a94Sdarrenm
54734b6a94Sdarrenm static struct modlcrypto modlcrypto = {
55734b6a94Sdarrenm &mod_cryptoops,
56734b6a94Sdarrenm "SHA1 Kernel SW Provider 1.1"
57734b6a94Sdarrenm };
58734b6a94Sdarrenm
59734b6a94Sdarrenm static struct modlinkage modlinkage = {
60734b6a94Sdarrenm MODREV_1, &modlmisc, &modlcrypto, NULL
61734b6a94Sdarrenm };
62734b6a94Sdarrenm
63734b6a94Sdarrenm
64734b6a94Sdarrenm /*
65734b6a94Sdarrenm * Macros to access the SHA1 or SHA1-HMAC contexts from a context passed
66734b6a94Sdarrenm * by KCF to one of the entry points.
67734b6a94Sdarrenm */
68734b6a94Sdarrenm
69734b6a94Sdarrenm #define PROV_SHA1_CTX(ctx) ((sha1_ctx_t *)(ctx)->cc_provider_private)
70734b6a94Sdarrenm #define PROV_SHA1_HMAC_CTX(ctx) ((sha1_hmac_ctx_t *)(ctx)->cc_provider_private)
71734b6a94Sdarrenm
72734b6a94Sdarrenm /* to extract the digest length passed as mechanism parameter */
73734b6a94Sdarrenm #define PROV_SHA1_GET_DIGEST_LEN(m, len) { \
74734b6a94Sdarrenm if (IS_P2ALIGNED((m)->cm_param, sizeof (ulong_t))) \
758de5c4f4SDan OpenSolaris Anderson (len) = (uint32_t)*((ulong_t *)(void *)mechanism->cm_param); \
76734b6a94Sdarrenm else { \
77734b6a94Sdarrenm ulong_t tmp_ulong; \
78734b6a94Sdarrenm bcopy((m)->cm_param, &tmp_ulong, sizeof (ulong_t)); \
79734b6a94Sdarrenm (len) = (uint32_t)tmp_ulong; \
80734b6a94Sdarrenm } \
81734b6a94Sdarrenm }
82734b6a94Sdarrenm
83734b6a94Sdarrenm #define PROV_SHA1_DIGEST_KEY(ctx, key, len, digest) { \
84734b6a94Sdarrenm SHA1Init(ctx); \
85734b6a94Sdarrenm SHA1Update(ctx, key, len); \
86734b6a94Sdarrenm SHA1Final(digest, ctx); \
87734b6a94Sdarrenm }
88734b6a94Sdarrenm
89734b6a94Sdarrenm /*
90734b6a94Sdarrenm * Mechanism info structure passed to KCF during registration.
91734b6a94Sdarrenm */
92734b6a94Sdarrenm static crypto_mech_info_t sha1_mech_info_tab[] = {
93734b6a94Sdarrenm /* SHA1 */
94734b6a94Sdarrenm {SUN_CKM_SHA1, SHA1_MECH_INFO_TYPE,
95734b6a94Sdarrenm CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
96734b6a94Sdarrenm 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
97734b6a94Sdarrenm /* SHA1-HMAC */
98734b6a94Sdarrenm {SUN_CKM_SHA1_HMAC, SHA1_HMAC_MECH_INFO_TYPE,
99734b6a94Sdarrenm CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
100734b6a94Sdarrenm SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN,
1015b675b31SVladimir Kotal CRYPTO_KEYSIZE_UNIT_IN_BYTES},
102734b6a94Sdarrenm /* SHA1-HMAC GENERAL */
103734b6a94Sdarrenm {SUN_CKM_SHA1_HMAC_GENERAL, SHA1_HMAC_GEN_MECH_INFO_TYPE,
104734b6a94Sdarrenm CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
105734b6a94Sdarrenm SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN,
1065b675b31SVladimir Kotal CRYPTO_KEYSIZE_UNIT_IN_BYTES}
107734b6a94Sdarrenm };
108734b6a94Sdarrenm
109734b6a94Sdarrenm static void sha1_provider_status(crypto_provider_handle_t, uint_t *);
110734b6a94Sdarrenm
111734b6a94Sdarrenm static crypto_control_ops_t sha1_control_ops = {
112734b6a94Sdarrenm sha1_provider_status
113734b6a94Sdarrenm };
114734b6a94Sdarrenm
115734b6a94Sdarrenm static int sha1_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
116734b6a94Sdarrenm crypto_req_handle_t);
117734b6a94Sdarrenm static int sha1_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
118734b6a94Sdarrenm crypto_req_handle_t);
119734b6a94Sdarrenm static int sha1_digest_update(crypto_ctx_t *, crypto_data_t *,
120734b6a94Sdarrenm crypto_req_handle_t);
121734b6a94Sdarrenm static int sha1_digest_final(crypto_ctx_t *, crypto_data_t *,
122734b6a94Sdarrenm crypto_req_handle_t);
123734b6a94Sdarrenm static int sha1_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
124734b6a94Sdarrenm crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
125734b6a94Sdarrenm crypto_req_handle_t);
126734b6a94Sdarrenm
127734b6a94Sdarrenm static crypto_digest_ops_t sha1_digest_ops = {
128734b6a94Sdarrenm sha1_digest_init,
129734b6a94Sdarrenm sha1_digest,
130734b6a94Sdarrenm sha1_digest_update,
131734b6a94Sdarrenm NULL,
132734b6a94Sdarrenm sha1_digest_final,
133734b6a94Sdarrenm sha1_digest_atomic
134734b6a94Sdarrenm };
135734b6a94Sdarrenm
136734b6a94Sdarrenm static int sha1_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
137734b6a94Sdarrenm crypto_spi_ctx_template_t, crypto_req_handle_t);
138*5e8da2b9SJason King static int sha1_mac(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
139*5e8da2b9SJason King crypto_req_handle_t);
140734b6a94Sdarrenm static int sha1_mac_update(crypto_ctx_t *, crypto_data_t *,
141734b6a94Sdarrenm crypto_req_handle_t);
142734b6a94Sdarrenm static int sha1_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
143734b6a94Sdarrenm static int sha1_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
144734b6a94Sdarrenm crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
145734b6a94Sdarrenm crypto_spi_ctx_template_t, crypto_req_handle_t);
146734b6a94Sdarrenm static int sha1_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
147734b6a94Sdarrenm crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
148734b6a94Sdarrenm crypto_spi_ctx_template_t, crypto_req_handle_t);
149734b6a94Sdarrenm
150734b6a94Sdarrenm static crypto_mac_ops_t sha1_mac_ops = {
151734b6a94Sdarrenm sha1_mac_init,
152*5e8da2b9SJason King sha1_mac,
153734b6a94Sdarrenm sha1_mac_update,
154734b6a94Sdarrenm sha1_mac_final,
155734b6a94Sdarrenm sha1_mac_atomic,
156734b6a94Sdarrenm sha1_mac_verify_atomic
157734b6a94Sdarrenm };
158734b6a94Sdarrenm
159734b6a94Sdarrenm static int sha1_create_ctx_template(crypto_provider_handle_t,
160734b6a94Sdarrenm crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
161734b6a94Sdarrenm size_t *, crypto_req_handle_t);
162734b6a94Sdarrenm static int sha1_free_context(crypto_ctx_t *);
163734b6a94Sdarrenm
164734b6a94Sdarrenm static crypto_ctx_ops_t sha1_ctx_ops = {
165734b6a94Sdarrenm sha1_create_ctx_template,
166734b6a94Sdarrenm sha1_free_context
167734b6a94Sdarrenm };
168734b6a94Sdarrenm
169734b6a94Sdarrenm static crypto_ops_t sha1_crypto_ops = {
170734b6a94Sdarrenm &sha1_control_ops,
171734b6a94Sdarrenm &sha1_digest_ops,
172734b6a94Sdarrenm NULL,
173734b6a94Sdarrenm &sha1_mac_ops,
174734b6a94Sdarrenm NULL,
175734b6a94Sdarrenm NULL,
176734b6a94Sdarrenm NULL,
177734b6a94Sdarrenm NULL,
178734b6a94Sdarrenm NULL,
179734b6a94Sdarrenm NULL,
180734b6a94Sdarrenm NULL,
181734b6a94Sdarrenm NULL,
182734b6a94Sdarrenm NULL,
18373556491SAnthony Scarpino &sha1_ctx_ops,
18473556491SAnthony Scarpino NULL,
18573556491SAnthony Scarpino NULL,
1866ea3c060SGarrett D'Amore NULL,
187734b6a94Sdarrenm };
188734b6a94Sdarrenm
189734b6a94Sdarrenm static crypto_provider_info_t sha1_prov_info = {
19073556491SAnthony Scarpino CRYPTO_SPI_VERSION_4,
191734b6a94Sdarrenm "SHA1 Software Provider",
192734b6a94Sdarrenm CRYPTO_SW_PROVIDER,
193734b6a94Sdarrenm {&modlinkage},
194734b6a94Sdarrenm NULL,
195734b6a94Sdarrenm &sha1_crypto_ops,
196734b6a94Sdarrenm sizeof (sha1_mech_info_tab)/sizeof (crypto_mech_info_t),
197734b6a94Sdarrenm sha1_mech_info_tab
198734b6a94Sdarrenm };
199734b6a94Sdarrenm
2001769ed96SToomas Soome static crypto_kcf_provider_handle_t sha1_prov_handle = 0;
201734b6a94Sdarrenm
202734b6a94Sdarrenm int
_init()203734b6a94Sdarrenm _init()
204734b6a94Sdarrenm {
205734b6a94Sdarrenm int ret;
206734b6a94Sdarrenm
207734b6a94Sdarrenm if ((ret = mod_install(&modlinkage)) != 0)
208734b6a94Sdarrenm return (ret);
209734b6a94Sdarrenm
210734b6a94Sdarrenm /*
211d3b2efc7SAnthony Scarpino * Register with KCF. If the registration fails, log do not uninstall
212d3b2efc7SAnthony Scarpino * the module, since the functionality provided by misc/sha1 should
213d3b2efc7SAnthony Scarpino * still be available.
214734b6a94Sdarrenm */
215d3b2efc7SAnthony Scarpino (void) crypto_register_provider(&sha1_prov_info, &sha1_prov_handle);
216734b6a94Sdarrenm
217734b6a94Sdarrenm return (0);
218734b6a94Sdarrenm }
219734b6a94Sdarrenm
220734b6a94Sdarrenm int
_info(struct modinfo * modinfop)221734b6a94Sdarrenm _info(struct modinfo *modinfop)
222734b6a94Sdarrenm {
223734b6a94Sdarrenm return (mod_info(&modlinkage, modinfop));
224734b6a94Sdarrenm }
225734b6a94Sdarrenm
226734b6a94Sdarrenm /*
227734b6a94Sdarrenm * KCF software provider control entry points.
228734b6a94Sdarrenm */
229734b6a94Sdarrenm /* ARGSUSED */
230734b6a94Sdarrenm static void
sha1_provider_status(crypto_provider_handle_t provider,uint_t * status)231734b6a94Sdarrenm sha1_provider_status(crypto_provider_handle_t provider, uint_t *status)
232734b6a94Sdarrenm {
233734b6a94Sdarrenm *status = CRYPTO_PROVIDER_READY;
234734b6a94Sdarrenm }
235734b6a94Sdarrenm
236734b6a94Sdarrenm /*
237734b6a94Sdarrenm * KCF software provider digest entry points.
238734b6a94Sdarrenm */
239734b6a94Sdarrenm
240734b6a94Sdarrenm static int
sha1_digest_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_req_handle_t req)241734b6a94Sdarrenm sha1_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
242734b6a94Sdarrenm crypto_req_handle_t req)
243734b6a94Sdarrenm {
244734b6a94Sdarrenm if (mechanism->cm_type != SHA1_MECH_INFO_TYPE)
245734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
246734b6a94Sdarrenm
247734b6a94Sdarrenm /*
248734b6a94Sdarrenm * Allocate and initialize SHA1 context.
249734b6a94Sdarrenm */
250734b6a94Sdarrenm ctx->cc_provider_private = kmem_alloc(sizeof (sha1_ctx_t),
251734b6a94Sdarrenm crypto_kmflag(req));
252734b6a94Sdarrenm if (ctx->cc_provider_private == NULL)
253734b6a94Sdarrenm return (CRYPTO_HOST_MEMORY);
254734b6a94Sdarrenm
255734b6a94Sdarrenm PROV_SHA1_CTX(ctx)->sc_mech_type = SHA1_MECH_INFO_TYPE;
256734b6a94Sdarrenm SHA1Init(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx);
257734b6a94Sdarrenm
258734b6a94Sdarrenm return (CRYPTO_SUCCESS);
259734b6a94Sdarrenm }
260734b6a94Sdarrenm
261734b6a94Sdarrenm /*
262734b6a94Sdarrenm * Helper SHA1 digest update function for uio data.
263734b6a94Sdarrenm */
264734b6a94Sdarrenm static int
sha1_digest_update_uio(SHA1_CTX * sha1_ctx,crypto_data_t * data)265734b6a94Sdarrenm sha1_digest_update_uio(SHA1_CTX *sha1_ctx, crypto_data_t *data)
266734b6a94Sdarrenm {
267734b6a94Sdarrenm off_t offset = data->cd_offset;
268734b6a94Sdarrenm size_t length = data->cd_length;
269734b6a94Sdarrenm uint_t vec_idx;
270734b6a94Sdarrenm size_t cur_len;
271734b6a94Sdarrenm
272734b6a94Sdarrenm /* we support only kernel buffer */
273734b6a94Sdarrenm if (data->cd_uio->uio_segflg != UIO_SYSSPACE)
274734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
275734b6a94Sdarrenm
276734b6a94Sdarrenm /*
277734b6a94Sdarrenm * Jump to the first iovec containing data to be
278734b6a94Sdarrenm * digested.
279734b6a94Sdarrenm */
280734b6a94Sdarrenm for (vec_idx = 0; vec_idx < data->cd_uio->uio_iovcnt &&
281734b6a94Sdarrenm offset >= data->cd_uio->uio_iov[vec_idx].iov_len;
2825b675b31SVladimir Kotal offset -= data->cd_uio->uio_iov[vec_idx++].iov_len)
2835b675b31SVladimir Kotal ;
284734b6a94Sdarrenm if (vec_idx == data->cd_uio->uio_iovcnt) {
285734b6a94Sdarrenm /*
286734b6a94Sdarrenm * The caller specified an offset that is larger than the
287734b6a94Sdarrenm * total size of the buffers it provided.
288734b6a94Sdarrenm */
289734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
290734b6a94Sdarrenm }
291734b6a94Sdarrenm
292734b6a94Sdarrenm /*
293734b6a94Sdarrenm * Now do the digesting on the iovecs.
294734b6a94Sdarrenm */
295734b6a94Sdarrenm while (vec_idx < data->cd_uio->uio_iovcnt && length > 0) {
296734b6a94Sdarrenm cur_len = MIN(data->cd_uio->uio_iov[vec_idx].iov_len -
297734b6a94Sdarrenm offset, length);
298734b6a94Sdarrenm
299734b6a94Sdarrenm SHA1Update(sha1_ctx,
300734b6a94Sdarrenm (uint8_t *)data->cd_uio->uio_iov[vec_idx].iov_base + offset,
301734b6a94Sdarrenm cur_len);
302734b6a94Sdarrenm
303734b6a94Sdarrenm length -= cur_len;
304734b6a94Sdarrenm vec_idx++;
305734b6a94Sdarrenm offset = 0;
306734b6a94Sdarrenm }
307734b6a94Sdarrenm
308734b6a94Sdarrenm if (vec_idx == data->cd_uio->uio_iovcnt && length > 0) {
309734b6a94Sdarrenm /*
310734b6a94Sdarrenm * The end of the specified iovec's was reached but
311734b6a94Sdarrenm * the length requested could not be processed, i.e.
312734b6a94Sdarrenm * The caller requested to digest more data than it provided.
313734b6a94Sdarrenm */
314734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
315734b6a94Sdarrenm }
316734b6a94Sdarrenm
317734b6a94Sdarrenm return (CRYPTO_SUCCESS);
318734b6a94Sdarrenm }
319734b6a94Sdarrenm
320734b6a94Sdarrenm /*
321734b6a94Sdarrenm * Helper SHA1 digest final function for uio data.
322734b6a94Sdarrenm * digest_len is the length of the desired digest. If digest_len
323734b6a94Sdarrenm * is smaller than the default SHA1 digest length, the caller
324734b6a94Sdarrenm * must pass a scratch buffer, digest_scratch, which must
325734b6a94Sdarrenm * be at least SHA1_DIGEST_LENGTH bytes.
326734b6a94Sdarrenm */
327734b6a94Sdarrenm static int
sha1_digest_final_uio(SHA1_CTX * sha1_ctx,crypto_data_t * digest,ulong_t digest_len,uchar_t * digest_scratch)328734b6a94Sdarrenm sha1_digest_final_uio(SHA1_CTX *sha1_ctx, crypto_data_t *digest,
329734b6a94Sdarrenm ulong_t digest_len, uchar_t *digest_scratch)
330734b6a94Sdarrenm {
331734b6a94Sdarrenm off_t offset = digest->cd_offset;
332734b6a94Sdarrenm uint_t vec_idx;
333734b6a94Sdarrenm
334734b6a94Sdarrenm /* we support only kernel buffer */
335734b6a94Sdarrenm if (digest->cd_uio->uio_segflg != UIO_SYSSPACE)
336734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
337734b6a94Sdarrenm
338734b6a94Sdarrenm /*
339734b6a94Sdarrenm * Jump to the first iovec containing ptr to the digest to
340734b6a94Sdarrenm * be returned.
341734b6a94Sdarrenm */
342734b6a94Sdarrenm for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len &&
343734b6a94Sdarrenm vec_idx < digest->cd_uio->uio_iovcnt;
3445b675b31SVladimir Kotal offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len)
3455b675b31SVladimir Kotal ;
346734b6a94Sdarrenm if (vec_idx == digest->cd_uio->uio_iovcnt) {
347734b6a94Sdarrenm /*
348734b6a94Sdarrenm * The caller specified an offset that is
349734b6a94Sdarrenm * larger than the total size of the buffers
350734b6a94Sdarrenm * it provided.
351734b6a94Sdarrenm */
352734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
353734b6a94Sdarrenm }
354734b6a94Sdarrenm
355734b6a94Sdarrenm if (offset + digest_len <=
356734b6a94Sdarrenm digest->cd_uio->uio_iov[vec_idx].iov_len) {
357734b6a94Sdarrenm /*
358734b6a94Sdarrenm * The computed SHA1 digest will fit in the current
359734b6a94Sdarrenm * iovec.
360734b6a94Sdarrenm */
361734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
362734b6a94Sdarrenm /*
363734b6a94Sdarrenm * The caller requested a short digest. Digest
364734b6a94Sdarrenm * into a scratch buffer and return to
365734b6a94Sdarrenm * the user only what was requested.
366734b6a94Sdarrenm */
367734b6a94Sdarrenm SHA1Final(digest_scratch, sha1_ctx);
368734b6a94Sdarrenm bcopy(digest_scratch, (uchar_t *)digest->
369734b6a94Sdarrenm cd_uio->uio_iov[vec_idx].iov_base + offset,
370734b6a94Sdarrenm digest_len);
371734b6a94Sdarrenm } else {
372734b6a94Sdarrenm SHA1Final((uchar_t *)digest->
373734b6a94Sdarrenm cd_uio->uio_iov[vec_idx].iov_base + offset,
374734b6a94Sdarrenm sha1_ctx);
375734b6a94Sdarrenm }
376734b6a94Sdarrenm } else {
377734b6a94Sdarrenm /*
378734b6a94Sdarrenm * The computed digest will be crossing one or more iovec's.
379734b6a94Sdarrenm * This is bad performance-wise but we need to support it.
380734b6a94Sdarrenm * Allocate a small scratch buffer on the stack and
381734b6a94Sdarrenm * copy it piece meal to the specified digest iovec's.
382734b6a94Sdarrenm */
383734b6a94Sdarrenm uchar_t digest_tmp[SHA1_DIGEST_LENGTH];
384734b6a94Sdarrenm off_t scratch_offset = 0;
385734b6a94Sdarrenm size_t length = digest_len;
386734b6a94Sdarrenm size_t cur_len;
387734b6a94Sdarrenm
388734b6a94Sdarrenm SHA1Final(digest_tmp, sha1_ctx);
389734b6a94Sdarrenm
390734b6a94Sdarrenm while (vec_idx < digest->cd_uio->uio_iovcnt && length > 0) {
391734b6a94Sdarrenm cur_len = MIN(digest->cd_uio->uio_iov[vec_idx].iov_len -
392734b6a94Sdarrenm offset, length);
393734b6a94Sdarrenm bcopy(digest_tmp + scratch_offset,
394734b6a94Sdarrenm digest->cd_uio->uio_iov[vec_idx].iov_base + offset,
395734b6a94Sdarrenm cur_len);
396734b6a94Sdarrenm
397734b6a94Sdarrenm length -= cur_len;
398734b6a94Sdarrenm vec_idx++;
399734b6a94Sdarrenm scratch_offset += cur_len;
400734b6a94Sdarrenm offset = 0;
401734b6a94Sdarrenm }
402734b6a94Sdarrenm
403734b6a94Sdarrenm if (vec_idx == digest->cd_uio->uio_iovcnt && length > 0) {
404734b6a94Sdarrenm /*
405734b6a94Sdarrenm * The end of the specified iovec's was reached but
406734b6a94Sdarrenm * the length requested could not be processed, i.e.
407734b6a94Sdarrenm * The caller requested to digest more data than it
408734b6a94Sdarrenm * provided.
409734b6a94Sdarrenm */
410734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
411734b6a94Sdarrenm }
412734b6a94Sdarrenm }
413734b6a94Sdarrenm
414734b6a94Sdarrenm return (CRYPTO_SUCCESS);
415734b6a94Sdarrenm }
416734b6a94Sdarrenm
417734b6a94Sdarrenm /*
418734b6a94Sdarrenm * Helper SHA1 digest update for mblk's.
419734b6a94Sdarrenm */
420734b6a94Sdarrenm static int
sha1_digest_update_mblk(SHA1_CTX * sha1_ctx,crypto_data_t * data)421734b6a94Sdarrenm sha1_digest_update_mblk(SHA1_CTX *sha1_ctx, crypto_data_t *data)
422734b6a94Sdarrenm {
423734b6a94Sdarrenm off_t offset = data->cd_offset;
424734b6a94Sdarrenm size_t length = data->cd_length;
425734b6a94Sdarrenm mblk_t *mp;
426734b6a94Sdarrenm size_t cur_len;
427734b6a94Sdarrenm
428734b6a94Sdarrenm /*
429734b6a94Sdarrenm * Jump to the first mblk_t containing data to be digested.
430734b6a94Sdarrenm */
431734b6a94Sdarrenm for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp);
4325b675b31SVladimir Kotal offset -= MBLKL(mp), mp = mp->b_cont)
4335b675b31SVladimir Kotal ;
434734b6a94Sdarrenm if (mp == NULL) {
435734b6a94Sdarrenm /*
436734b6a94Sdarrenm * The caller specified an offset that is larger than the
437734b6a94Sdarrenm * total size of the buffers it provided.
438734b6a94Sdarrenm */
439734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
440734b6a94Sdarrenm }
441734b6a94Sdarrenm
442734b6a94Sdarrenm /*
443734b6a94Sdarrenm * Now do the digesting on the mblk chain.
444734b6a94Sdarrenm */
445734b6a94Sdarrenm while (mp != NULL && length > 0) {
446734b6a94Sdarrenm cur_len = MIN(MBLKL(mp) - offset, length);
447734b6a94Sdarrenm SHA1Update(sha1_ctx, mp->b_rptr + offset, cur_len);
448734b6a94Sdarrenm length -= cur_len;
449734b6a94Sdarrenm offset = 0;
450734b6a94Sdarrenm mp = mp->b_cont;
451734b6a94Sdarrenm }
452734b6a94Sdarrenm
453734b6a94Sdarrenm if (mp == NULL && length > 0) {
454734b6a94Sdarrenm /*
455734b6a94Sdarrenm * The end of the mblk was reached but the length requested
456734b6a94Sdarrenm * could not be processed, i.e. The caller requested
457734b6a94Sdarrenm * to digest more data than it provided.
458734b6a94Sdarrenm */
459734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
460734b6a94Sdarrenm }
461734b6a94Sdarrenm
462734b6a94Sdarrenm return (CRYPTO_SUCCESS);
463734b6a94Sdarrenm }
464734b6a94Sdarrenm
465734b6a94Sdarrenm /*
466734b6a94Sdarrenm * Helper SHA1 digest final for mblk's.
467734b6a94Sdarrenm * digest_len is the length of the desired digest. If digest_len
468734b6a94Sdarrenm * is smaller than the default SHA1 digest length, the caller
469734b6a94Sdarrenm * must pass a scratch buffer, digest_scratch, which must
470734b6a94Sdarrenm * be at least SHA1_DIGEST_LENGTH bytes.
471734b6a94Sdarrenm */
472734b6a94Sdarrenm static int
sha1_digest_final_mblk(SHA1_CTX * sha1_ctx,crypto_data_t * digest,ulong_t digest_len,uchar_t * digest_scratch)473734b6a94Sdarrenm sha1_digest_final_mblk(SHA1_CTX *sha1_ctx, crypto_data_t *digest,
474734b6a94Sdarrenm ulong_t digest_len, uchar_t *digest_scratch)
475734b6a94Sdarrenm {
476734b6a94Sdarrenm off_t offset = digest->cd_offset;
477734b6a94Sdarrenm mblk_t *mp;
478734b6a94Sdarrenm
479734b6a94Sdarrenm /*
480734b6a94Sdarrenm * Jump to the first mblk_t that will be used to store the digest.
481734b6a94Sdarrenm */
482734b6a94Sdarrenm for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp);
4835b675b31SVladimir Kotal offset -= MBLKL(mp), mp = mp->b_cont)
4845b675b31SVladimir Kotal ;
485734b6a94Sdarrenm if (mp == NULL) {
486734b6a94Sdarrenm /*
487734b6a94Sdarrenm * The caller specified an offset that is larger than the
488734b6a94Sdarrenm * total size of the buffers it provided.
489734b6a94Sdarrenm */
490734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
491734b6a94Sdarrenm }
492734b6a94Sdarrenm
493734b6a94Sdarrenm if (offset + digest_len <= MBLKL(mp)) {
494734b6a94Sdarrenm /*
495734b6a94Sdarrenm * The computed SHA1 digest will fit in the current mblk.
496734b6a94Sdarrenm * Do the SHA1Final() in-place.
497734b6a94Sdarrenm */
498734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
499734b6a94Sdarrenm /*
500734b6a94Sdarrenm * The caller requested a short digest. Digest
501734b6a94Sdarrenm * into a scratch buffer and return to
502734b6a94Sdarrenm * the user only what was requested.
503734b6a94Sdarrenm */
504734b6a94Sdarrenm SHA1Final(digest_scratch, sha1_ctx);
505734b6a94Sdarrenm bcopy(digest_scratch, mp->b_rptr + offset, digest_len);
506734b6a94Sdarrenm } else {
507734b6a94Sdarrenm SHA1Final(mp->b_rptr + offset, sha1_ctx);
508734b6a94Sdarrenm }
509734b6a94Sdarrenm } else {
510734b6a94Sdarrenm /*
511734b6a94Sdarrenm * The computed digest will be crossing one or more mblk's.
512734b6a94Sdarrenm * This is bad performance-wise but we need to support it.
513734b6a94Sdarrenm * Allocate a small scratch buffer on the stack and
514734b6a94Sdarrenm * copy it piece meal to the specified digest iovec's.
515734b6a94Sdarrenm */
516734b6a94Sdarrenm uchar_t digest_tmp[SHA1_DIGEST_LENGTH];
517734b6a94Sdarrenm off_t scratch_offset = 0;
518734b6a94Sdarrenm size_t length = digest_len;
519734b6a94Sdarrenm size_t cur_len;
520734b6a94Sdarrenm
521734b6a94Sdarrenm SHA1Final(digest_tmp, sha1_ctx);
522734b6a94Sdarrenm
523734b6a94Sdarrenm while (mp != NULL && length > 0) {
524734b6a94Sdarrenm cur_len = MIN(MBLKL(mp) - offset, length);
525734b6a94Sdarrenm bcopy(digest_tmp + scratch_offset,
526734b6a94Sdarrenm mp->b_rptr + offset, cur_len);
527734b6a94Sdarrenm
528734b6a94Sdarrenm length -= cur_len;
529734b6a94Sdarrenm mp = mp->b_cont;
530734b6a94Sdarrenm scratch_offset += cur_len;
531734b6a94Sdarrenm offset = 0;
532734b6a94Sdarrenm }
533734b6a94Sdarrenm
534734b6a94Sdarrenm if (mp == NULL && length > 0) {
535734b6a94Sdarrenm /*
536734b6a94Sdarrenm * The end of the specified mblk was reached but
537734b6a94Sdarrenm * the length requested could not be processed, i.e.
538734b6a94Sdarrenm * The caller requested to digest more data than it
539734b6a94Sdarrenm * provided.
540734b6a94Sdarrenm */
541734b6a94Sdarrenm return (CRYPTO_DATA_LEN_RANGE);
542734b6a94Sdarrenm }
543734b6a94Sdarrenm }
544734b6a94Sdarrenm
545734b6a94Sdarrenm return (CRYPTO_SUCCESS);
546734b6a94Sdarrenm }
547734b6a94Sdarrenm
548734b6a94Sdarrenm /* ARGSUSED */
549734b6a94Sdarrenm static int
sha1_digest(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * digest,crypto_req_handle_t req)550734b6a94Sdarrenm sha1_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
551734b6a94Sdarrenm crypto_req_handle_t req)
552734b6a94Sdarrenm {
553734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
554734b6a94Sdarrenm
555734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
556734b6a94Sdarrenm
557734b6a94Sdarrenm /*
558734b6a94Sdarrenm * We need to just return the length needed to store the output.
559734b6a94Sdarrenm * We should not destroy the context for the following cases.
560734b6a94Sdarrenm */
561734b6a94Sdarrenm if ((digest->cd_length == 0) ||
562734b6a94Sdarrenm (digest->cd_length < SHA1_DIGEST_LENGTH)) {
563734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
564734b6a94Sdarrenm return (CRYPTO_BUFFER_TOO_SMALL);
565734b6a94Sdarrenm }
566734b6a94Sdarrenm
567734b6a94Sdarrenm /*
568734b6a94Sdarrenm * Do the SHA1 update on the specified input data.
569734b6a94Sdarrenm */
570734b6a94Sdarrenm switch (data->cd_format) {
571734b6a94Sdarrenm case CRYPTO_DATA_RAW:
572734b6a94Sdarrenm SHA1Update(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
573734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
574734b6a94Sdarrenm data->cd_length);
575734b6a94Sdarrenm break;
576734b6a94Sdarrenm case CRYPTO_DATA_UIO:
577734b6a94Sdarrenm ret = sha1_digest_update_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
578734b6a94Sdarrenm data);
579734b6a94Sdarrenm break;
580734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
581734b6a94Sdarrenm ret = sha1_digest_update_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
582734b6a94Sdarrenm data);
583734b6a94Sdarrenm break;
584734b6a94Sdarrenm default:
585734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
586734b6a94Sdarrenm }
587734b6a94Sdarrenm
588734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS) {
589734b6a94Sdarrenm /* the update failed, free context and bail */
590734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_ctx_t));
591734b6a94Sdarrenm ctx->cc_provider_private = NULL;
592734b6a94Sdarrenm digest->cd_length = 0;
593734b6a94Sdarrenm return (ret);
594734b6a94Sdarrenm }
595734b6a94Sdarrenm
596734b6a94Sdarrenm /*
597734b6a94Sdarrenm * Do a SHA1 final, must be done separately since the digest
598734b6a94Sdarrenm * type can be different than the input data type.
599734b6a94Sdarrenm */
600734b6a94Sdarrenm switch (digest->cd_format) {
601734b6a94Sdarrenm case CRYPTO_DATA_RAW:
602734b6a94Sdarrenm SHA1Final((unsigned char *)digest->cd_raw.iov_base +
603734b6a94Sdarrenm digest->cd_offset, &PROV_SHA1_CTX(ctx)->sc_sha1_ctx);
604734b6a94Sdarrenm break;
605734b6a94Sdarrenm case CRYPTO_DATA_UIO:
606734b6a94Sdarrenm ret = sha1_digest_final_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
607734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
608734b6a94Sdarrenm break;
609734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
610734b6a94Sdarrenm ret = sha1_digest_final_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
611734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
612734b6a94Sdarrenm break;
613734b6a94Sdarrenm default:
614734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
615734b6a94Sdarrenm }
616734b6a94Sdarrenm
617734b6a94Sdarrenm /* all done, free context and return */
618734b6a94Sdarrenm
619734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
620734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
621734b6a94Sdarrenm } else {
622734b6a94Sdarrenm digest->cd_length = 0;
623734b6a94Sdarrenm }
624734b6a94Sdarrenm
625734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_ctx_t));
626734b6a94Sdarrenm ctx->cc_provider_private = NULL;
627734b6a94Sdarrenm return (ret);
628734b6a94Sdarrenm }
629734b6a94Sdarrenm
630734b6a94Sdarrenm /* ARGSUSED */
631734b6a94Sdarrenm static int
sha1_digest_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)632734b6a94Sdarrenm sha1_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
633734b6a94Sdarrenm crypto_req_handle_t req)
634734b6a94Sdarrenm {
635734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
636734b6a94Sdarrenm
637734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
638734b6a94Sdarrenm
639734b6a94Sdarrenm /*
640734b6a94Sdarrenm * Do the SHA1 update on the specified input data.
641734b6a94Sdarrenm */
642734b6a94Sdarrenm switch (data->cd_format) {
643734b6a94Sdarrenm case CRYPTO_DATA_RAW:
644734b6a94Sdarrenm SHA1Update(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
645734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
646734b6a94Sdarrenm data->cd_length);
647734b6a94Sdarrenm break;
648734b6a94Sdarrenm case CRYPTO_DATA_UIO:
649734b6a94Sdarrenm ret = sha1_digest_update_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
650734b6a94Sdarrenm data);
651734b6a94Sdarrenm break;
652734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
653734b6a94Sdarrenm ret = sha1_digest_update_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
654734b6a94Sdarrenm data);
655734b6a94Sdarrenm break;
656734b6a94Sdarrenm default:
657734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
658734b6a94Sdarrenm }
659734b6a94Sdarrenm
660734b6a94Sdarrenm return (ret);
661734b6a94Sdarrenm }
662734b6a94Sdarrenm
663734b6a94Sdarrenm /* ARGSUSED */
664734b6a94Sdarrenm static int
sha1_digest_final(crypto_ctx_t * ctx,crypto_data_t * digest,crypto_req_handle_t req)665734b6a94Sdarrenm sha1_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
666734b6a94Sdarrenm crypto_req_handle_t req)
667734b6a94Sdarrenm {
668734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
669734b6a94Sdarrenm
670734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
671734b6a94Sdarrenm
672734b6a94Sdarrenm /*
673734b6a94Sdarrenm * We need to just return the length needed to store the output.
674734b6a94Sdarrenm * We should not destroy the context for the following cases.
675734b6a94Sdarrenm */
676734b6a94Sdarrenm if ((digest->cd_length == 0) ||
677734b6a94Sdarrenm (digest->cd_length < SHA1_DIGEST_LENGTH)) {
678734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
679734b6a94Sdarrenm return (CRYPTO_BUFFER_TOO_SMALL);
680734b6a94Sdarrenm }
681734b6a94Sdarrenm
682734b6a94Sdarrenm /*
683734b6a94Sdarrenm * Do a SHA1 final.
684734b6a94Sdarrenm */
685734b6a94Sdarrenm switch (digest->cd_format) {
686734b6a94Sdarrenm case CRYPTO_DATA_RAW:
687734b6a94Sdarrenm SHA1Final((unsigned char *)digest->cd_raw.iov_base +
688734b6a94Sdarrenm digest->cd_offset, &PROV_SHA1_CTX(ctx)->sc_sha1_ctx);
689734b6a94Sdarrenm break;
690734b6a94Sdarrenm case CRYPTO_DATA_UIO:
691734b6a94Sdarrenm ret = sha1_digest_final_uio(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
692734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
693734b6a94Sdarrenm break;
694734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
695734b6a94Sdarrenm ret = sha1_digest_final_mblk(&PROV_SHA1_CTX(ctx)->sc_sha1_ctx,
696734b6a94Sdarrenm digest, SHA1_DIGEST_LENGTH, NULL);
697734b6a94Sdarrenm break;
698734b6a94Sdarrenm default:
699734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
700734b6a94Sdarrenm }
701734b6a94Sdarrenm
702734b6a94Sdarrenm /* all done, free context and return */
703734b6a94Sdarrenm
704734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
705734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
706734b6a94Sdarrenm } else {
707734b6a94Sdarrenm digest->cd_length = 0;
708734b6a94Sdarrenm }
709734b6a94Sdarrenm
710734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_ctx_t));
711734b6a94Sdarrenm ctx->cc_provider_private = NULL;
712734b6a94Sdarrenm
713734b6a94Sdarrenm return (ret);
714734b6a94Sdarrenm }
715734b6a94Sdarrenm
716734b6a94Sdarrenm /* ARGSUSED */
717734b6a94Sdarrenm static int
sha1_digest_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_data_t * data,crypto_data_t * digest,crypto_req_handle_t req)718734b6a94Sdarrenm sha1_digest_atomic(crypto_provider_handle_t provider,
719734b6a94Sdarrenm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
720734b6a94Sdarrenm crypto_data_t *data, crypto_data_t *digest,
721734b6a94Sdarrenm crypto_req_handle_t req)
722734b6a94Sdarrenm {
723734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
724734b6a94Sdarrenm SHA1_CTX sha1_ctx;
725734b6a94Sdarrenm
726734b6a94Sdarrenm if (mechanism->cm_type != SHA1_MECH_INFO_TYPE)
727734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
728734b6a94Sdarrenm
729734b6a94Sdarrenm /*
730734b6a94Sdarrenm * Do the SHA1 init.
731734b6a94Sdarrenm */
732734b6a94Sdarrenm SHA1Init(&sha1_ctx);
733734b6a94Sdarrenm
734734b6a94Sdarrenm /*
735734b6a94Sdarrenm * Do the SHA1 update on the specified input data.
736734b6a94Sdarrenm */
737734b6a94Sdarrenm switch (data->cd_format) {
738734b6a94Sdarrenm case CRYPTO_DATA_RAW:
739734b6a94Sdarrenm SHA1Update(&sha1_ctx,
740734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
741734b6a94Sdarrenm data->cd_length);
742734b6a94Sdarrenm break;
743734b6a94Sdarrenm case CRYPTO_DATA_UIO:
744734b6a94Sdarrenm ret = sha1_digest_update_uio(&sha1_ctx, data);
745734b6a94Sdarrenm break;
746734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
747734b6a94Sdarrenm ret = sha1_digest_update_mblk(&sha1_ctx, data);
748734b6a94Sdarrenm break;
749734b6a94Sdarrenm default:
750734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
751734b6a94Sdarrenm }
752734b6a94Sdarrenm
753734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS) {
754734b6a94Sdarrenm /* the update failed, bail */
755734b6a94Sdarrenm digest->cd_length = 0;
756734b6a94Sdarrenm return (ret);
757734b6a94Sdarrenm }
758734b6a94Sdarrenm
759734b6a94Sdarrenm /*
760734b6a94Sdarrenm * Do a SHA1 final, must be done separately since the digest
761734b6a94Sdarrenm * type can be different than the input data type.
762734b6a94Sdarrenm */
763734b6a94Sdarrenm switch (digest->cd_format) {
764734b6a94Sdarrenm case CRYPTO_DATA_RAW:
765734b6a94Sdarrenm SHA1Final((unsigned char *)digest->cd_raw.iov_base +
766734b6a94Sdarrenm digest->cd_offset, &sha1_ctx);
767734b6a94Sdarrenm break;
768734b6a94Sdarrenm case CRYPTO_DATA_UIO:
769734b6a94Sdarrenm ret = sha1_digest_final_uio(&sha1_ctx, digest,
770734b6a94Sdarrenm SHA1_DIGEST_LENGTH, NULL);
771734b6a94Sdarrenm break;
772734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
773734b6a94Sdarrenm ret = sha1_digest_final_mblk(&sha1_ctx, digest,
774734b6a94Sdarrenm SHA1_DIGEST_LENGTH, NULL);
775734b6a94Sdarrenm break;
776734b6a94Sdarrenm default:
777734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
778734b6a94Sdarrenm }
779734b6a94Sdarrenm
780734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
781734b6a94Sdarrenm digest->cd_length = SHA1_DIGEST_LENGTH;
782734b6a94Sdarrenm } else {
783734b6a94Sdarrenm digest->cd_length = 0;
784734b6a94Sdarrenm }
785734b6a94Sdarrenm
786734b6a94Sdarrenm return (ret);
787734b6a94Sdarrenm }
788734b6a94Sdarrenm
789734b6a94Sdarrenm /*
790734b6a94Sdarrenm * KCF software provider mac entry points.
791734b6a94Sdarrenm *
792734b6a94Sdarrenm * SHA1 HMAC is: SHA1(key XOR opad, SHA1(key XOR ipad, text))
793734b6a94Sdarrenm *
794734b6a94Sdarrenm * Init:
795734b6a94Sdarrenm * The initialization routine initializes what we denote
796734b6a94Sdarrenm * as the inner and outer contexts by doing
797734b6a94Sdarrenm * - for inner context: SHA1(key XOR ipad)
798734b6a94Sdarrenm * - for outer context: SHA1(key XOR opad)
799734b6a94Sdarrenm *
800734b6a94Sdarrenm * Update:
801734b6a94Sdarrenm * Each subsequent SHA1 HMAC update will result in an
802734b6a94Sdarrenm * update of the inner context with the specified data.
803734b6a94Sdarrenm *
804734b6a94Sdarrenm * Final:
805734b6a94Sdarrenm * The SHA1 HMAC final will do a SHA1 final operation on the
806734b6a94Sdarrenm * inner context, and the resulting digest will be used
807734b6a94Sdarrenm * as the data for an update on the outer context. Last
808734b6a94Sdarrenm * but not least, a SHA1 final on the outer context will
809734b6a94Sdarrenm * be performed to obtain the SHA1 HMAC digest to return
810734b6a94Sdarrenm * to the user.
811734b6a94Sdarrenm */
812734b6a94Sdarrenm
813734b6a94Sdarrenm /*
814734b6a94Sdarrenm * Initialize a SHA1-HMAC context.
815734b6a94Sdarrenm */
816734b6a94Sdarrenm static void
sha1_mac_init_ctx(sha1_hmac_ctx_t * ctx,void * keyval,uint_t length_in_bytes)817734b6a94Sdarrenm sha1_mac_init_ctx(sha1_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
818734b6a94Sdarrenm {
819734b6a94Sdarrenm uint32_t ipad[SHA1_HMAC_INTS_PER_BLOCK];
820734b6a94Sdarrenm uint32_t opad[SHA1_HMAC_INTS_PER_BLOCK];
821734b6a94Sdarrenm uint_t i;
822734b6a94Sdarrenm
823734b6a94Sdarrenm bzero(ipad, SHA1_HMAC_BLOCK_SIZE);
824734b6a94Sdarrenm bzero(opad, SHA1_HMAC_BLOCK_SIZE);
825734b6a94Sdarrenm
826734b6a94Sdarrenm bcopy(keyval, ipad, length_in_bytes);
827734b6a94Sdarrenm bcopy(keyval, opad, length_in_bytes);
828734b6a94Sdarrenm
829734b6a94Sdarrenm /* XOR key with ipad (0x36) and opad (0x5c) */
830734b6a94Sdarrenm for (i = 0; i < SHA1_HMAC_INTS_PER_BLOCK; i++) {
831734b6a94Sdarrenm ipad[i] ^= 0x36363636;
832734b6a94Sdarrenm opad[i] ^= 0x5c5c5c5c;
833734b6a94Sdarrenm }
834734b6a94Sdarrenm
835734b6a94Sdarrenm /* perform SHA1 on ipad */
836734b6a94Sdarrenm SHA1Init(&ctx->hc_icontext);
837734b6a94Sdarrenm SHA1Update(&ctx->hc_icontext, (uint8_t *)ipad, SHA1_HMAC_BLOCK_SIZE);
838734b6a94Sdarrenm
839734b6a94Sdarrenm /* perform SHA1 on opad */
840734b6a94Sdarrenm SHA1Init(&ctx->hc_ocontext);
841734b6a94Sdarrenm SHA1Update(&ctx->hc_ocontext, (uint8_t *)opad, SHA1_HMAC_BLOCK_SIZE);
842734b6a94Sdarrenm }
843734b6a94Sdarrenm
844734b6a94Sdarrenm /*
845734b6a94Sdarrenm */
846734b6a94Sdarrenm static int
sha1_mac_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)847734b6a94Sdarrenm sha1_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
848734b6a94Sdarrenm crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
849734b6a94Sdarrenm crypto_req_handle_t req)
850734b6a94Sdarrenm {
851734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
852734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
853734b6a94Sdarrenm
854734b6a94Sdarrenm if (mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE &&
855734b6a94Sdarrenm mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)
856734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
857734b6a94Sdarrenm
858734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
859734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
860734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
861734b6a94Sdarrenm
862734b6a94Sdarrenm ctx->cc_provider_private = kmem_alloc(sizeof (sha1_hmac_ctx_t),
863734b6a94Sdarrenm crypto_kmflag(req));
864734b6a94Sdarrenm if (ctx->cc_provider_private == NULL)
865734b6a94Sdarrenm return (CRYPTO_HOST_MEMORY);
866734b6a94Sdarrenm
867734b6a94Sdarrenm if (ctx_template != NULL) {
868734b6a94Sdarrenm /* reuse context template */
869734b6a94Sdarrenm bcopy(ctx_template, PROV_SHA1_HMAC_CTX(ctx),
870734b6a94Sdarrenm sizeof (sha1_hmac_ctx_t));
871734b6a94Sdarrenm } else {
872734b6a94Sdarrenm /* no context template, compute context */
873734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
874734b6a94Sdarrenm uchar_t digested_key[SHA1_DIGEST_LENGTH];
875734b6a94Sdarrenm sha1_hmac_ctx_t *hmac_ctx = ctx->cc_provider_private;
876734b6a94Sdarrenm
877734b6a94Sdarrenm /*
878734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
879734b6a94Sdarrenm * The inner context is used since it hasn't been
880734b6a94Sdarrenm * initialized yet.
881734b6a94Sdarrenm */
882734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&hmac_ctx->hc_icontext,
883734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digested_key);
884734b6a94Sdarrenm sha1_mac_init_ctx(PROV_SHA1_HMAC_CTX(ctx),
885734b6a94Sdarrenm digested_key, SHA1_DIGEST_LENGTH);
886734b6a94Sdarrenm } else {
887734b6a94Sdarrenm sha1_mac_init_ctx(PROV_SHA1_HMAC_CTX(ctx),
888734b6a94Sdarrenm key->ck_data, keylen_in_bytes);
889734b6a94Sdarrenm }
890734b6a94Sdarrenm }
891734b6a94Sdarrenm
892734b6a94Sdarrenm /*
893734b6a94Sdarrenm * Get the mechanism parameters, if applicable.
894734b6a94Sdarrenm */
895734b6a94Sdarrenm PROV_SHA1_HMAC_CTX(ctx)->hc_mech_type = mechanism->cm_type;
896734b6a94Sdarrenm if (mechanism->cm_type == SHA1_HMAC_GEN_MECH_INFO_TYPE) {
897734b6a94Sdarrenm if (mechanism->cm_param == NULL ||
898734b6a94Sdarrenm mechanism->cm_param_len != sizeof (ulong_t))
899734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
900734b6a94Sdarrenm PROV_SHA1_GET_DIGEST_LEN(mechanism,
901734b6a94Sdarrenm PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len);
902734b6a94Sdarrenm if (PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len >
903734b6a94Sdarrenm SHA1_DIGEST_LENGTH)
904734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
905734b6a94Sdarrenm }
906734b6a94Sdarrenm
907734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS) {
908734b6a94Sdarrenm bzero(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
909734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
910734b6a94Sdarrenm ctx->cc_provider_private = NULL;
911734b6a94Sdarrenm }
912734b6a94Sdarrenm
913734b6a94Sdarrenm return (ret);
914734b6a94Sdarrenm }
915734b6a94Sdarrenm
916*5e8da2b9SJason King static int
sha1_mac(crypto_ctx_t * ctx,crypto_data_t * data,crypto_data_t * mac,crypto_req_handle_t req)917*5e8da2b9SJason King sha1_mac(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *mac,
918*5e8da2b9SJason King crypto_req_handle_t req)
919*5e8da2b9SJason King {
920*5e8da2b9SJason King SHA1_CTX *ictx = NULL;
921*5e8da2b9SJason King SHA1_CTX *octx = NULL;
922*5e8da2b9SJason King uchar_t digest[SHA1_DIGEST_LENGTH];
923*5e8da2b9SJason King uint32_t digest_len = SHA1_DIGEST_LENGTH;
924*5e8da2b9SJason King int ret = CRYPTO_SUCCESS;
925*5e8da2b9SJason King
926*5e8da2b9SJason King ASSERT(ctx->cc_provider_private != NULL);
927*5e8da2b9SJason King
928*5e8da2b9SJason King if (PROV_SHA1_HMAC_CTX(ctx)->hc_mech_type ==
929*5e8da2b9SJason King SHA1_HMAC_GEN_MECH_INFO_TYPE) {
930*5e8da2b9SJason King digest_len = PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len;
931*5e8da2b9SJason King }
932*5e8da2b9SJason King
933*5e8da2b9SJason King if ((mac->cd_length == 0) ||
934*5e8da2b9SJason King (mac->cd_length < digest_len)) {
935*5e8da2b9SJason King mac->cd_length = digest_len;
936*5e8da2b9SJason King return (CRYPTO_BUFFER_TOO_SMALL);
937*5e8da2b9SJason King }
938*5e8da2b9SJason King
939*5e8da2b9SJason King ictx = &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext;
940*5e8da2b9SJason King octx = &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext;
941*5e8da2b9SJason King
942*5e8da2b9SJason King switch (data->cd_format) {
943*5e8da2b9SJason King case CRYPTO_DATA_RAW:
944*5e8da2b9SJason King SHA1Update(ictx,
945*5e8da2b9SJason King (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
946*5e8da2b9SJason King data->cd_length);
947*5e8da2b9SJason King break;
948*5e8da2b9SJason King case CRYPTO_DATA_UIO:
949*5e8da2b9SJason King ret = sha1_digest_update_uio(ictx, data);
950*5e8da2b9SJason King break;
951*5e8da2b9SJason King case CRYPTO_DATA_MBLK:
952*5e8da2b9SJason King ret = sha1_digest_update_mblk(ictx, data);
953*5e8da2b9SJason King break;
954*5e8da2b9SJason King default:
955*5e8da2b9SJason King ret = CRYPTO_ARGUMENTS_BAD;
956*5e8da2b9SJason King }
957*5e8da2b9SJason King
958*5e8da2b9SJason King if (ret != CRYPTO_SUCCESS) {
959*5e8da2b9SJason King kmem_free(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
960*5e8da2b9SJason King ctx->cc_provider_private = NULL;
961*5e8da2b9SJason King mac->cd_length = 0;
962*5e8da2b9SJason King return (ret);
963*5e8da2b9SJason King }
964*5e8da2b9SJason King
965*5e8da2b9SJason King /*
966*5e8da2b9SJason King * Do a SHA1 final on the inner context.
967*5e8da2b9SJason King */
968*5e8da2b9SJason King SHA1Final(digest, ictx);
969*5e8da2b9SJason King
970*5e8da2b9SJason King /*
971*5e8da2b9SJason King * Do a SH1 update on the outer context, feeding the inner
972*5e8da2b9SJason King * digest as data.
973*5e8da2b9SJason King */
974*5e8da2b9SJason King SHA1Update(octx, digest, SHA1_DIGEST_LENGTH);
975*5e8da2b9SJason King
976*5e8da2b9SJason King switch (mac->cd_format) {
977*5e8da2b9SJason King case CRYPTO_DATA_RAW:
978*5e8da2b9SJason King if (digest_len != SHA1_DIGEST_LENGTH) {
979*5e8da2b9SJason King /*
980*5e8da2b9SJason King * The caller requested a short digest. Digest
981*5e8da2b9SJason King * into a scratch buffer and return to
982*5e8da2b9SJason King * the user only what was requested.
983*5e8da2b9SJason King */
984*5e8da2b9SJason King SHA1Final(digest, octx);
985*5e8da2b9SJason King bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
986*5e8da2b9SJason King mac->cd_offset, digest_len);
987*5e8da2b9SJason King } else {
988*5e8da2b9SJason King SHA1Final((unsigned char *)mac->cd_raw.iov_base +
989*5e8da2b9SJason King mac->cd_offset, octx);
990*5e8da2b9SJason King }
991*5e8da2b9SJason King break;
992*5e8da2b9SJason King case CRYPTO_DATA_UIO:
993*5e8da2b9SJason King ret = sha1_digest_final_uio(octx, mac, digest_len, digest);
994*5e8da2b9SJason King break;
995*5e8da2b9SJason King case CRYPTO_DATA_MBLK:
996*5e8da2b9SJason King ret = sha1_digest_final_mblk(octx, mac, digest_len, digest);
997*5e8da2b9SJason King break;
998*5e8da2b9SJason King default:
999*5e8da2b9SJason King ret = CRYPTO_ARGUMENTS_BAD;
1000*5e8da2b9SJason King }
1001*5e8da2b9SJason King
1002*5e8da2b9SJason King if (ret == CRYPTO_SUCCESS) {
1003*5e8da2b9SJason King mac->cd_length = SHA1_DIGEST_LENGTH;
1004*5e8da2b9SJason King } else {
1005*5e8da2b9SJason King mac->cd_length = 0;
1006*5e8da2b9SJason King }
1007*5e8da2b9SJason King
1008*5e8da2b9SJason King kmem_free(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
1009*5e8da2b9SJason King ctx->cc_provider_private = NULL;
1010*5e8da2b9SJason King return (ret);
1011*5e8da2b9SJason King }
1012*5e8da2b9SJason King
1013734b6a94Sdarrenm /* ARGSUSED */
1014734b6a94Sdarrenm static int
sha1_mac_update(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)1015734b6a94Sdarrenm sha1_mac_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
1016734b6a94Sdarrenm {
1017734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
1018734b6a94Sdarrenm
1019734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
1020734b6a94Sdarrenm
1021734b6a94Sdarrenm /*
1022734b6a94Sdarrenm * Do a SHA1 update of the inner context using the specified
1023734b6a94Sdarrenm * data.
1024734b6a94Sdarrenm */
1025734b6a94Sdarrenm switch (data->cd_format) {
1026734b6a94Sdarrenm case CRYPTO_DATA_RAW:
1027734b6a94Sdarrenm SHA1Update(&PROV_SHA1_HMAC_CTX(ctx)->hc_icontext,
1028734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
1029734b6a94Sdarrenm data->cd_length);
1030734b6a94Sdarrenm break;
1031734b6a94Sdarrenm case CRYPTO_DATA_UIO:
1032734b6a94Sdarrenm ret = sha1_digest_update_uio(
1033734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext, data);
1034734b6a94Sdarrenm break;
1035734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
1036734b6a94Sdarrenm ret = sha1_digest_update_mblk(
1037734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext, data);
1038734b6a94Sdarrenm break;
1039734b6a94Sdarrenm default:
1040734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1041734b6a94Sdarrenm }
1042734b6a94Sdarrenm
1043734b6a94Sdarrenm return (ret);
1044734b6a94Sdarrenm }
1045734b6a94Sdarrenm
1046734b6a94Sdarrenm /* ARGSUSED */
1047734b6a94Sdarrenm static int
sha1_mac_final(crypto_ctx_t * ctx,crypto_data_t * mac,crypto_req_handle_t req)1048734b6a94Sdarrenm sha1_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
1049734b6a94Sdarrenm {
1050734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
1051734b6a94Sdarrenm uchar_t digest[SHA1_DIGEST_LENGTH];
1052734b6a94Sdarrenm uint32_t digest_len = SHA1_DIGEST_LENGTH;
1053734b6a94Sdarrenm
1054734b6a94Sdarrenm ASSERT(ctx->cc_provider_private != NULL);
1055734b6a94Sdarrenm
1056734b6a94Sdarrenm if (PROV_SHA1_HMAC_CTX(ctx)->hc_mech_type ==
1057734b6a94Sdarrenm SHA1_HMAC_GEN_MECH_INFO_TYPE)
1058734b6a94Sdarrenm digest_len = PROV_SHA1_HMAC_CTX(ctx)->hc_digest_len;
1059734b6a94Sdarrenm
1060734b6a94Sdarrenm /*
1061734b6a94Sdarrenm * We need to just return the length needed to store the output.
1062734b6a94Sdarrenm * We should not destroy the context for the following cases.
1063734b6a94Sdarrenm */
1064734b6a94Sdarrenm if ((mac->cd_length == 0) || (mac->cd_length < digest_len)) {
1065734b6a94Sdarrenm mac->cd_length = digest_len;
1066734b6a94Sdarrenm return (CRYPTO_BUFFER_TOO_SMALL);
1067734b6a94Sdarrenm }
1068734b6a94Sdarrenm
1069734b6a94Sdarrenm /*
1070734b6a94Sdarrenm * Do a SHA1 final on the inner context.
1071734b6a94Sdarrenm */
1072734b6a94Sdarrenm SHA1Final(digest, &PROV_SHA1_HMAC_CTX(ctx)->hc_icontext);
1073734b6a94Sdarrenm
1074734b6a94Sdarrenm /*
1075734b6a94Sdarrenm * Do a SHA1 update on the outer context, feeding the inner
1076734b6a94Sdarrenm * digest as data.
1077734b6a94Sdarrenm */
1078734b6a94Sdarrenm SHA1Update(&PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext, digest,
1079734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1080734b6a94Sdarrenm
1081734b6a94Sdarrenm /*
1082734b6a94Sdarrenm * Do a SHA1 final on the outer context, storing the computing
1083734b6a94Sdarrenm * digest in the users buffer.
1084734b6a94Sdarrenm */
1085734b6a94Sdarrenm switch (mac->cd_format) {
1086734b6a94Sdarrenm case CRYPTO_DATA_RAW:
1087734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
1088734b6a94Sdarrenm /*
1089734b6a94Sdarrenm * The caller requested a short digest. Digest
1090734b6a94Sdarrenm * into a scratch buffer and return to
1091734b6a94Sdarrenm * the user only what was requested.
1092734b6a94Sdarrenm */
1093734b6a94Sdarrenm SHA1Final(digest,
1094734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext);
1095734b6a94Sdarrenm bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1096734b6a94Sdarrenm mac->cd_offset, digest_len);
1097734b6a94Sdarrenm } else {
1098734b6a94Sdarrenm SHA1Final((unsigned char *)mac->cd_raw.iov_base +
1099734b6a94Sdarrenm mac->cd_offset,
1100734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext);
1101734b6a94Sdarrenm }
1102734b6a94Sdarrenm break;
1103734b6a94Sdarrenm case CRYPTO_DATA_UIO:
1104734b6a94Sdarrenm ret = sha1_digest_final_uio(
1105734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext, mac,
1106734b6a94Sdarrenm digest_len, digest);
1107734b6a94Sdarrenm break;
1108734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
1109734b6a94Sdarrenm ret = sha1_digest_final_mblk(
1110734b6a94Sdarrenm &PROV_SHA1_HMAC_CTX(ctx)->hc_ocontext, mac,
1111734b6a94Sdarrenm digest_len, digest);
1112734b6a94Sdarrenm break;
1113734b6a94Sdarrenm default:
1114734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1115734b6a94Sdarrenm }
1116734b6a94Sdarrenm
1117734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
1118734b6a94Sdarrenm mac->cd_length = digest_len;
1119734b6a94Sdarrenm } else {
1120734b6a94Sdarrenm mac->cd_length = 0;
1121734b6a94Sdarrenm }
1122734b6a94Sdarrenm
1123734b6a94Sdarrenm bzero(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
1124734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, sizeof (sha1_hmac_ctx_t));
1125734b6a94Sdarrenm ctx->cc_provider_private = NULL;
1126734b6a94Sdarrenm
1127734b6a94Sdarrenm return (ret);
1128734b6a94Sdarrenm }
1129734b6a94Sdarrenm
1130734b6a94Sdarrenm #define SHA1_MAC_UPDATE(data, ctx, ret) { \
1131734b6a94Sdarrenm switch (data->cd_format) { \
1132734b6a94Sdarrenm case CRYPTO_DATA_RAW: \
1133734b6a94Sdarrenm SHA1Update(&(ctx).hc_icontext, \
1134734b6a94Sdarrenm (uint8_t *)data->cd_raw.iov_base + \
1135734b6a94Sdarrenm data->cd_offset, data->cd_length); \
1136734b6a94Sdarrenm break; \
1137734b6a94Sdarrenm case CRYPTO_DATA_UIO: \
1138734b6a94Sdarrenm ret = sha1_digest_update_uio(&(ctx).hc_icontext, data); \
1139734b6a94Sdarrenm break; \
1140734b6a94Sdarrenm case CRYPTO_DATA_MBLK: \
1141734b6a94Sdarrenm ret = sha1_digest_update_mblk(&(ctx).hc_icontext, \
1142734b6a94Sdarrenm data); \
1143734b6a94Sdarrenm break; \
1144734b6a94Sdarrenm default: \
1145734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD; \
1146734b6a94Sdarrenm } \
1147734b6a94Sdarrenm }
1148734b6a94Sdarrenm
1149734b6a94Sdarrenm /* ARGSUSED */
1150734b6a94Sdarrenm static int
sha1_mac_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * mac,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)1151734b6a94Sdarrenm sha1_mac_atomic(crypto_provider_handle_t provider,
1152734b6a94Sdarrenm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1153734b6a94Sdarrenm crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1154734b6a94Sdarrenm crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1155734b6a94Sdarrenm {
1156734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
1157734b6a94Sdarrenm uchar_t digest[SHA1_DIGEST_LENGTH];
1158734b6a94Sdarrenm sha1_hmac_ctx_t sha1_hmac_ctx;
1159734b6a94Sdarrenm uint32_t digest_len = SHA1_DIGEST_LENGTH;
1160734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1161734b6a94Sdarrenm
1162734b6a94Sdarrenm if (mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE &&
1163734b6a94Sdarrenm mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)
1164734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
1165734b6a94Sdarrenm
1166734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
1167734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
1168734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1169734b6a94Sdarrenm
1170734b6a94Sdarrenm if (ctx_template != NULL) {
1171734b6a94Sdarrenm /* reuse context template */
1172734b6a94Sdarrenm bcopy(ctx_template, &sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1173734b6a94Sdarrenm } else {
1174734b6a94Sdarrenm /* no context template, initialize context */
1175734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
1176734b6a94Sdarrenm /*
1177734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
1178734b6a94Sdarrenm * The inner context is used since it hasn't been
1179734b6a94Sdarrenm * initialized yet.
1180734b6a94Sdarrenm */
1181734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&sha1_hmac_ctx.hc_icontext,
1182734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digest);
1183734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, digest,
1184734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1185734b6a94Sdarrenm } else {
1186734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, key->ck_data,
1187734b6a94Sdarrenm keylen_in_bytes);
1188734b6a94Sdarrenm }
1189734b6a94Sdarrenm }
1190734b6a94Sdarrenm
1191734b6a94Sdarrenm /* get the mechanism parameters, if applicable */
1192734b6a94Sdarrenm if (mechanism->cm_type == SHA1_HMAC_GEN_MECH_INFO_TYPE) {
1193734b6a94Sdarrenm if (mechanism->cm_param == NULL ||
1194734b6a94Sdarrenm mechanism->cm_param_len != sizeof (ulong_t)) {
1195734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1196734b6a94Sdarrenm goto bail;
1197734b6a94Sdarrenm }
1198734b6a94Sdarrenm PROV_SHA1_GET_DIGEST_LEN(mechanism, digest_len);
1199734b6a94Sdarrenm if (digest_len > SHA1_DIGEST_LENGTH) {
1200734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1201734b6a94Sdarrenm goto bail;
1202734b6a94Sdarrenm }
1203734b6a94Sdarrenm }
1204734b6a94Sdarrenm
1205734b6a94Sdarrenm /* do a SHA1 update of the inner context using the specified data */
1206734b6a94Sdarrenm SHA1_MAC_UPDATE(data, sha1_hmac_ctx, ret);
1207734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS)
1208734b6a94Sdarrenm /* the update failed, free context and bail */
1209734b6a94Sdarrenm goto bail;
1210734b6a94Sdarrenm
1211734b6a94Sdarrenm /*
1212734b6a94Sdarrenm * Do a SHA1 final on the inner context.
1213734b6a94Sdarrenm */
1214734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_icontext);
1215734b6a94Sdarrenm
1216734b6a94Sdarrenm /*
1217734b6a94Sdarrenm * Do an SHA1 update on the outer context, feeding the inner
1218734b6a94Sdarrenm * digest as data.
1219734b6a94Sdarrenm */
1220734b6a94Sdarrenm SHA1Update(&sha1_hmac_ctx.hc_ocontext, digest, SHA1_DIGEST_LENGTH);
1221734b6a94Sdarrenm
1222734b6a94Sdarrenm /*
1223734b6a94Sdarrenm * Do a SHA1 final on the outer context, storing the computed
1224734b6a94Sdarrenm * digest in the users buffer.
1225734b6a94Sdarrenm */
1226734b6a94Sdarrenm switch (mac->cd_format) {
1227734b6a94Sdarrenm case CRYPTO_DATA_RAW:
1228734b6a94Sdarrenm if (digest_len != SHA1_DIGEST_LENGTH) {
1229734b6a94Sdarrenm /*
1230734b6a94Sdarrenm * The caller requested a short digest. Digest
1231734b6a94Sdarrenm * into a scratch buffer and return to
1232734b6a94Sdarrenm * the user only what was requested.
1233734b6a94Sdarrenm */
1234734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_ocontext);
1235734b6a94Sdarrenm bcopy(digest, (unsigned char *)mac->cd_raw.iov_base +
1236734b6a94Sdarrenm mac->cd_offset, digest_len);
1237734b6a94Sdarrenm } else {
1238734b6a94Sdarrenm SHA1Final((unsigned char *)mac->cd_raw.iov_base +
1239734b6a94Sdarrenm mac->cd_offset, &sha1_hmac_ctx.hc_ocontext);
1240734b6a94Sdarrenm }
1241734b6a94Sdarrenm break;
1242734b6a94Sdarrenm case CRYPTO_DATA_UIO:
1243734b6a94Sdarrenm ret = sha1_digest_final_uio(&sha1_hmac_ctx.hc_ocontext, mac,
1244734b6a94Sdarrenm digest_len, digest);
1245734b6a94Sdarrenm break;
1246734b6a94Sdarrenm case CRYPTO_DATA_MBLK:
1247734b6a94Sdarrenm ret = sha1_digest_final_mblk(&sha1_hmac_ctx.hc_ocontext, mac,
1248734b6a94Sdarrenm digest_len, digest);
1249734b6a94Sdarrenm break;
1250734b6a94Sdarrenm default:
1251734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1252734b6a94Sdarrenm }
1253734b6a94Sdarrenm
1254734b6a94Sdarrenm if (ret == CRYPTO_SUCCESS) {
1255734b6a94Sdarrenm mac->cd_length = digest_len;
1256734b6a94Sdarrenm } else {
1257734b6a94Sdarrenm mac->cd_length = 0;
1258734b6a94Sdarrenm }
1259734b6a94Sdarrenm /* Extra paranoia: zeroize the context on the stack */
1260734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1261734b6a94Sdarrenm
1262734b6a94Sdarrenm return (ret);
1263734b6a94Sdarrenm bail:
1264734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1265734b6a94Sdarrenm mac->cd_length = 0;
1266734b6a94Sdarrenm return (ret);
1267734b6a94Sdarrenm }
1268734b6a94Sdarrenm
1269734b6a94Sdarrenm /* ARGSUSED */
1270734b6a94Sdarrenm static int
sha1_mac_verify_atomic(crypto_provider_handle_t provider,crypto_session_id_t session_id,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * data,crypto_data_t * mac,crypto_spi_ctx_template_t ctx_template,crypto_req_handle_t req)1271734b6a94Sdarrenm sha1_mac_verify_atomic(crypto_provider_handle_t provider,
1272734b6a94Sdarrenm crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1273734b6a94Sdarrenm crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
1274734b6a94Sdarrenm crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1275734b6a94Sdarrenm {
1276734b6a94Sdarrenm int ret = CRYPTO_SUCCESS;
1277734b6a94Sdarrenm uchar_t digest[SHA1_DIGEST_LENGTH];
1278734b6a94Sdarrenm sha1_hmac_ctx_t sha1_hmac_ctx;
1279734b6a94Sdarrenm uint32_t digest_len = SHA1_DIGEST_LENGTH;
1280734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1281734b6a94Sdarrenm
1282734b6a94Sdarrenm if (mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE &&
1283734b6a94Sdarrenm mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)
1284734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
1285734b6a94Sdarrenm
1286734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
1287734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
1288734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1289734b6a94Sdarrenm
1290734b6a94Sdarrenm if (ctx_template != NULL) {
1291734b6a94Sdarrenm /* reuse context template */
1292734b6a94Sdarrenm bcopy(ctx_template, &sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1293734b6a94Sdarrenm } else {
1294734b6a94Sdarrenm /* no context template, initialize context */
1295734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
1296734b6a94Sdarrenm /*
1297734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
1298734b6a94Sdarrenm * The inner context is used since it hasn't been
1299734b6a94Sdarrenm * initialized yet.
1300734b6a94Sdarrenm */
1301734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&sha1_hmac_ctx.hc_icontext,
1302734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digest);
1303734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, digest,
1304734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1305734b6a94Sdarrenm } else {
1306734b6a94Sdarrenm sha1_mac_init_ctx(&sha1_hmac_ctx, key->ck_data,
1307734b6a94Sdarrenm keylen_in_bytes);
1308734b6a94Sdarrenm }
1309734b6a94Sdarrenm }
1310734b6a94Sdarrenm
1311734b6a94Sdarrenm /* get the mechanism parameters, if applicable */
1312734b6a94Sdarrenm if (mechanism->cm_type == SHA1_HMAC_GEN_MECH_INFO_TYPE) {
1313734b6a94Sdarrenm if (mechanism->cm_param == NULL ||
1314734b6a94Sdarrenm mechanism->cm_param_len != sizeof (ulong_t)) {
1315734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1316734b6a94Sdarrenm goto bail;
1317734b6a94Sdarrenm }
1318734b6a94Sdarrenm PROV_SHA1_GET_DIGEST_LEN(mechanism, digest_len);
1319734b6a94Sdarrenm if (digest_len > SHA1_DIGEST_LENGTH) {
1320734b6a94Sdarrenm ret = CRYPTO_MECHANISM_PARAM_INVALID;
1321734b6a94Sdarrenm goto bail;
1322734b6a94Sdarrenm }
1323734b6a94Sdarrenm }
1324734b6a94Sdarrenm
1325734b6a94Sdarrenm if (mac->cd_length != digest_len) {
1326734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1327734b6a94Sdarrenm goto bail;
1328734b6a94Sdarrenm }
1329734b6a94Sdarrenm
1330734b6a94Sdarrenm /* do a SHA1 update of the inner context using the specified data */
1331734b6a94Sdarrenm SHA1_MAC_UPDATE(data, sha1_hmac_ctx, ret);
1332734b6a94Sdarrenm if (ret != CRYPTO_SUCCESS)
1333734b6a94Sdarrenm /* the update failed, free context and bail */
1334734b6a94Sdarrenm goto bail;
1335734b6a94Sdarrenm
1336734b6a94Sdarrenm /* do a SHA1 final on the inner context */
1337734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_icontext);
1338734b6a94Sdarrenm
1339734b6a94Sdarrenm /*
1340734b6a94Sdarrenm * Do an SHA1 update on the outer context, feeding the inner
1341734b6a94Sdarrenm * digest as data.
1342734b6a94Sdarrenm */
1343734b6a94Sdarrenm SHA1Update(&sha1_hmac_ctx.hc_ocontext, digest, SHA1_DIGEST_LENGTH);
1344734b6a94Sdarrenm
1345734b6a94Sdarrenm /*
1346734b6a94Sdarrenm * Do a SHA1 final on the outer context, storing the computed
1347734b6a94Sdarrenm * digest in the users buffer.
1348734b6a94Sdarrenm */
1349734b6a94Sdarrenm SHA1Final(digest, &sha1_hmac_ctx.hc_ocontext);
1350734b6a94Sdarrenm
1351734b6a94Sdarrenm /*
1352734b6a94Sdarrenm * Compare the computed digest against the expected digest passed
1353734b6a94Sdarrenm * as argument.
1354734b6a94Sdarrenm */
1355734b6a94Sdarrenm
1356734b6a94Sdarrenm switch (mac->cd_format) {
1357734b6a94Sdarrenm
1358734b6a94Sdarrenm case CRYPTO_DATA_RAW:
1359734b6a94Sdarrenm if (bcmp(digest, (unsigned char *)mac->cd_raw.iov_base +
1360734b6a94Sdarrenm mac->cd_offset, digest_len) != 0)
1361734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1362734b6a94Sdarrenm break;
1363734b6a94Sdarrenm
1364734b6a94Sdarrenm case CRYPTO_DATA_UIO: {
1365734b6a94Sdarrenm off_t offset = mac->cd_offset;
1366734b6a94Sdarrenm uint_t vec_idx;
1367734b6a94Sdarrenm off_t scratch_offset = 0;
1368734b6a94Sdarrenm size_t length = digest_len;
1369734b6a94Sdarrenm size_t cur_len;
1370734b6a94Sdarrenm
1371734b6a94Sdarrenm /* we support only kernel buffer */
1372734b6a94Sdarrenm if (mac->cd_uio->uio_segflg != UIO_SYSSPACE)
1373734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1374734b6a94Sdarrenm
1375734b6a94Sdarrenm /* jump to the first iovec containing the expected digest */
1376734b6a94Sdarrenm for (vec_idx = 0;
1377734b6a94Sdarrenm offset >= mac->cd_uio->uio_iov[vec_idx].iov_len &&
1378734b6a94Sdarrenm vec_idx < mac->cd_uio->uio_iovcnt;
13795b675b31SVladimir Kotal offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len)
13805b675b31SVladimir Kotal ;
1381734b6a94Sdarrenm if (vec_idx == mac->cd_uio->uio_iovcnt) {
1382734b6a94Sdarrenm /*
1383734b6a94Sdarrenm * The caller specified an offset that is
1384734b6a94Sdarrenm * larger than the total size of the buffers
1385734b6a94Sdarrenm * it provided.
1386734b6a94Sdarrenm */
1387734b6a94Sdarrenm ret = CRYPTO_DATA_LEN_RANGE;
1388734b6a94Sdarrenm break;
1389734b6a94Sdarrenm }
1390734b6a94Sdarrenm
1391734b6a94Sdarrenm /* do the comparison of computed digest vs specified one */
1392734b6a94Sdarrenm while (vec_idx < mac->cd_uio->uio_iovcnt && length > 0) {
1393734b6a94Sdarrenm cur_len = MIN(mac->cd_uio->uio_iov[vec_idx].iov_len -
1394734b6a94Sdarrenm offset, length);
1395734b6a94Sdarrenm
1396734b6a94Sdarrenm if (bcmp(digest + scratch_offset,
1397734b6a94Sdarrenm mac->cd_uio->uio_iov[vec_idx].iov_base + offset,
1398734b6a94Sdarrenm cur_len) != 0) {
1399734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1400734b6a94Sdarrenm break;
1401734b6a94Sdarrenm }
1402734b6a94Sdarrenm
1403734b6a94Sdarrenm length -= cur_len;
1404734b6a94Sdarrenm vec_idx++;
1405734b6a94Sdarrenm scratch_offset += cur_len;
1406734b6a94Sdarrenm offset = 0;
1407734b6a94Sdarrenm }
1408734b6a94Sdarrenm break;
1409734b6a94Sdarrenm }
1410734b6a94Sdarrenm
1411734b6a94Sdarrenm case CRYPTO_DATA_MBLK: {
1412734b6a94Sdarrenm off_t offset = mac->cd_offset;
1413734b6a94Sdarrenm mblk_t *mp;
1414734b6a94Sdarrenm off_t scratch_offset = 0;
1415734b6a94Sdarrenm size_t length = digest_len;
1416734b6a94Sdarrenm size_t cur_len;
1417734b6a94Sdarrenm
1418734b6a94Sdarrenm /* jump to the first mblk_t containing the expected digest */
1419734b6a94Sdarrenm for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp);
14205b675b31SVladimir Kotal offset -= MBLKL(mp), mp = mp->b_cont)
14215b675b31SVladimir Kotal ;
1422734b6a94Sdarrenm if (mp == NULL) {
1423734b6a94Sdarrenm /*
1424734b6a94Sdarrenm * The caller specified an offset that is larger than
1425734b6a94Sdarrenm * the total size of the buffers it provided.
1426734b6a94Sdarrenm */
1427734b6a94Sdarrenm ret = CRYPTO_DATA_LEN_RANGE;
1428734b6a94Sdarrenm break;
1429734b6a94Sdarrenm }
1430734b6a94Sdarrenm
1431734b6a94Sdarrenm while (mp != NULL && length > 0) {
1432734b6a94Sdarrenm cur_len = MIN(MBLKL(mp) - offset, length);
1433734b6a94Sdarrenm if (bcmp(digest + scratch_offset,
1434734b6a94Sdarrenm mp->b_rptr + offset, cur_len) != 0) {
1435734b6a94Sdarrenm ret = CRYPTO_INVALID_MAC;
1436734b6a94Sdarrenm break;
1437734b6a94Sdarrenm }
1438734b6a94Sdarrenm
1439734b6a94Sdarrenm length -= cur_len;
1440734b6a94Sdarrenm mp = mp->b_cont;
1441734b6a94Sdarrenm scratch_offset += cur_len;
1442734b6a94Sdarrenm offset = 0;
1443734b6a94Sdarrenm }
1444734b6a94Sdarrenm break;
1445734b6a94Sdarrenm }
1446734b6a94Sdarrenm
1447734b6a94Sdarrenm default:
1448734b6a94Sdarrenm ret = CRYPTO_ARGUMENTS_BAD;
1449734b6a94Sdarrenm }
1450734b6a94Sdarrenm
1451734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1452734b6a94Sdarrenm return (ret);
1453734b6a94Sdarrenm bail:
1454734b6a94Sdarrenm bzero(&sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t));
1455734b6a94Sdarrenm mac->cd_length = 0;
1456734b6a94Sdarrenm return (ret);
1457734b6a94Sdarrenm }
1458734b6a94Sdarrenm
1459734b6a94Sdarrenm /*
1460734b6a94Sdarrenm * KCF software provider context management entry points.
1461734b6a94Sdarrenm */
1462734b6a94Sdarrenm
1463734b6a94Sdarrenm /* ARGSUSED */
1464734b6a94Sdarrenm static int
sha1_create_ctx_template(crypto_provider_handle_t provider,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t * ctx_template,size_t * ctx_template_size,crypto_req_handle_t req)1465734b6a94Sdarrenm sha1_create_ctx_template(crypto_provider_handle_t provider,
1466734b6a94Sdarrenm crypto_mechanism_t *mechanism, crypto_key_t *key,
1467734b6a94Sdarrenm crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
1468734b6a94Sdarrenm crypto_req_handle_t req)
1469734b6a94Sdarrenm {
1470734b6a94Sdarrenm sha1_hmac_ctx_t *sha1_hmac_ctx_tmpl;
1471734b6a94Sdarrenm uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
1472734b6a94Sdarrenm
1473734b6a94Sdarrenm if ((mechanism->cm_type != SHA1_HMAC_MECH_INFO_TYPE) &&
1474734b6a94Sdarrenm (mechanism->cm_type != SHA1_HMAC_GEN_MECH_INFO_TYPE)) {
1475734b6a94Sdarrenm return (CRYPTO_MECHANISM_INVALID);
1476734b6a94Sdarrenm }
1477734b6a94Sdarrenm
1478734b6a94Sdarrenm /* Add support for key by attributes (RFE 4706552) */
1479734b6a94Sdarrenm if (key->ck_format != CRYPTO_KEY_RAW)
1480734b6a94Sdarrenm return (CRYPTO_ARGUMENTS_BAD);
1481734b6a94Sdarrenm
1482734b6a94Sdarrenm /*
1483734b6a94Sdarrenm * Allocate and initialize SHA1 context.
1484734b6a94Sdarrenm */
1485734b6a94Sdarrenm sha1_hmac_ctx_tmpl = kmem_alloc(sizeof (sha1_hmac_ctx_t),
1486734b6a94Sdarrenm crypto_kmflag(req));
1487734b6a94Sdarrenm if (sha1_hmac_ctx_tmpl == NULL)
1488734b6a94Sdarrenm return (CRYPTO_HOST_MEMORY);
1489734b6a94Sdarrenm
1490734b6a94Sdarrenm if (keylen_in_bytes > SHA1_HMAC_BLOCK_SIZE) {
1491734b6a94Sdarrenm uchar_t digested_key[SHA1_DIGEST_LENGTH];
1492734b6a94Sdarrenm
1493734b6a94Sdarrenm /*
1494734b6a94Sdarrenm * Hash the passed-in key to get a smaller key.
1495734b6a94Sdarrenm * The inner context is used since it hasn't been
1496734b6a94Sdarrenm * initialized yet.
1497734b6a94Sdarrenm */
1498734b6a94Sdarrenm PROV_SHA1_DIGEST_KEY(&sha1_hmac_ctx_tmpl->hc_icontext,
1499734b6a94Sdarrenm key->ck_data, keylen_in_bytes, digested_key);
1500734b6a94Sdarrenm sha1_mac_init_ctx(sha1_hmac_ctx_tmpl, digested_key,
1501734b6a94Sdarrenm SHA1_DIGEST_LENGTH);
1502734b6a94Sdarrenm } else {
1503734b6a94Sdarrenm sha1_mac_init_ctx(sha1_hmac_ctx_tmpl, key->ck_data,
1504734b6a94Sdarrenm keylen_in_bytes);
1505734b6a94Sdarrenm }
1506734b6a94Sdarrenm
1507734b6a94Sdarrenm sha1_hmac_ctx_tmpl->hc_mech_type = mechanism->cm_type;
1508734b6a94Sdarrenm *ctx_template = (crypto_spi_ctx_template_t)sha1_hmac_ctx_tmpl;
1509734b6a94Sdarrenm *ctx_template_size = sizeof (sha1_hmac_ctx_t);
1510734b6a94Sdarrenm
1511734b6a94Sdarrenm
1512734b6a94Sdarrenm return (CRYPTO_SUCCESS);
1513734b6a94Sdarrenm }
1514734b6a94Sdarrenm
1515734b6a94Sdarrenm static int
sha1_free_context(crypto_ctx_t * ctx)1516734b6a94Sdarrenm sha1_free_context(crypto_ctx_t *ctx)
1517734b6a94Sdarrenm {
1518734b6a94Sdarrenm uint_t ctx_len;
1519734b6a94Sdarrenm sha1_mech_type_t mech_type;
1520734b6a94Sdarrenm
1521734b6a94Sdarrenm if (ctx->cc_provider_private == NULL)
1522734b6a94Sdarrenm return (CRYPTO_SUCCESS);
1523734b6a94Sdarrenm
1524734b6a94Sdarrenm /*
1525734b6a94Sdarrenm * We have to free either SHA1 or SHA1-HMAC contexts, which
1526734b6a94Sdarrenm * have different lengths.
1527734b6a94Sdarrenm */
1528734b6a94Sdarrenm
1529734b6a94Sdarrenm mech_type = PROV_SHA1_CTX(ctx)->sc_mech_type;
1530734b6a94Sdarrenm if (mech_type == SHA1_MECH_INFO_TYPE)
1531734b6a94Sdarrenm ctx_len = sizeof (sha1_ctx_t);
1532734b6a94Sdarrenm else {
1533734b6a94Sdarrenm ASSERT(mech_type == SHA1_HMAC_MECH_INFO_TYPE ||
1534734b6a94Sdarrenm mech_type == SHA1_HMAC_GEN_MECH_INFO_TYPE);
1535734b6a94Sdarrenm ctx_len = sizeof (sha1_hmac_ctx_t);
1536734b6a94Sdarrenm }
1537734b6a94Sdarrenm
1538734b6a94Sdarrenm bzero(ctx->cc_provider_private, ctx_len);
1539734b6a94Sdarrenm kmem_free(ctx->cc_provider_private, ctx_len);
1540734b6a94Sdarrenm ctx->cc_provider_private = NULL;
1541734b6a94Sdarrenm
1542734b6a94Sdarrenm return (CRYPTO_SUCCESS);
1543734b6a94Sdarrenm }
1544