xref: /illumos-gate/usr/src/common/crypto/modes/gcm.c

131 gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *ctx, char *data, size_t length,  in gcm_mode_encrypt_contiguous_blocks()  argument
150 	if (length + ctx->gcm_remainder_len < block_size) {  in gcm_mode_encrypt_contiguous_blocks()
153 		    (uint8_t *)ctx->gcm_remainder + ctx->gcm_remainder_len,  in gcm_mode_encrypt_contiguous_blocks()
155 		ctx->gcm_remainder_len += length;  in gcm_mode_encrypt_contiguous_blocks()
156 		ctx->gcm_copy_to = datap;  in gcm_mode_encrypt_contiguous_blocks()
160 	lastp = (uint8_t *)ctx->gcm_cb;  in gcm_mode_encrypt_contiguous_blocks()
166 		if (ctx->gcm_remainder_len > 0) {  in gcm_mode_encrypt_contiguous_blocks()
167 			need = block_size - ctx->gcm_remainder_len;  in gcm_mode_encrypt_contiguous_blocks()
172 			bcopy(datap, &((uint8_t *)ctx->gcm_remainder)  in gcm_mode_encrypt_contiguous_blocks()
173 			    [ctx->gcm_remainder_len], need);  in gcm_mode_encrypt_contiguous_blocks()
175 			blockp = (uint8_t *)ctx->gcm_remainder;  in gcm_mode_encrypt_contiguous_blocks()
184 		counter = ntohll(ctx->gcm_cb[1] & counter_mask);  in gcm_mode_encrypt_contiguous_blocks()
187 		ctx->gcm_cb[1] = (ctx->gcm_cb[1] & ~counter_mask) | counter;  in gcm_mode_encrypt_contiguous_blocks()
189 		encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_cb,  in gcm_mode_encrypt_contiguous_blocks()
190 		    (uint8_t *)ctx->gcm_tmp);  in gcm_mode_encrypt_contiguous_blocks()
191 		xor_block(blockp, (uint8_t *)ctx->gcm_tmp);  in gcm_mode_encrypt_contiguous_blocks()
193 		lastp = (uint8_t *)ctx->gcm_tmp;  in gcm_mode_encrypt_contiguous_blocks()
195 		ctx->gcm_processed_data_len += block_size;  in gcm_mode_encrypt_contiguous_blocks()
198 			if (ctx->gcm_remainder_len > 0) {  in gcm_mode_encrypt_contiguous_blocks()
199 				bcopy(blockp, ctx->gcm_copy_to,  in gcm_mode_encrypt_contiguous_blocks()
200 				    ctx->gcm_remainder_len);  in gcm_mode_encrypt_contiguous_blocks()
201 				bcopy(blockp + ctx->gcm_remainder_len, datap,  in gcm_mode_encrypt_contiguous_blocks()
224 		GHASH(ctx, ctx->gcm_tmp, ctx->gcm_ghash);  in gcm_mode_encrypt_contiguous_blocks()
227 		if (ctx->gcm_remainder_len != 0) {  in gcm_mode_encrypt_contiguous_blocks()
229 			ctx->gcm_remainder_len = 0;  in gcm_mode_encrypt_contiguous_blocks()
238 			bcopy(datap, ctx->gcm_remainder, remainder);  in gcm_mode_encrypt_contiguous_blocks()
239 			ctx->gcm_remainder_len = remainder;  in gcm_mode_encrypt_contiguous_blocks()
240 			ctx->gcm_copy_to = datap;  in gcm_mode_encrypt_contiguous_blocks()
243 		ctx->gcm_copy_to = NULL;  in gcm_mode_encrypt_contiguous_blocks()
252 gcm_encrypt_final(gcm_ctx_t *ctx, crypto_data_t *out, size_t block_size,  in gcm_encrypt_final()  argument
262 	    (ctx->gcm_remainder_len + ctx->gcm_tag_len)) {  in gcm_encrypt_final()
266 	ghash = (uint8_t *)ctx->gcm_ghash;  in gcm_encrypt_final()
268 	if (ctx->gcm_remainder_len > 0) {  in gcm_encrypt_final()
270 		uint8_t *tmpp = (uint8_t *)ctx->gcm_tmp;  in gcm_encrypt_final()
280 		counter = ntohll(ctx->gcm_cb[1] & counter_mask);  in gcm_encrypt_final()
283 		ctx->gcm_cb[1] = (ctx->gcm_cb[1] & ~counter_mask) | counter;  in gcm_encrypt_final()
285 		encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_cb,  in gcm_encrypt_final()
286 		    (uint8_t *)ctx->gcm_tmp);  in gcm_encrypt_final()
288 		macp = (uint8_t *)ctx->gcm_remainder;  in gcm_encrypt_final()
289 		bzero(macp + ctx->gcm_remainder_len,  in gcm_encrypt_final()
290 		    block_size - ctx->gcm_remainder_len);  in gcm_encrypt_final()
293 		for (i = 0; i < ctx->gcm_remainder_len; i++) {  in gcm_encrypt_final()
298 		GHASH(ctx, macp, ghash);  in gcm_encrypt_final()
300 		ctx->gcm_processed_data_len += ctx->gcm_remainder_len;  in gcm_encrypt_final()
303 	ctx->gcm_len_a_len_c[1] =  in gcm_encrypt_final()
304 	    htonll(CRYPTO_BYTES2BITS(ctx->gcm_processed_data_len));  in gcm_encrypt_final()
305 	GHASH(ctx, ctx->gcm_len_a_len_c, ghash);  in gcm_encrypt_final()
306 	encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_J0,  in gcm_encrypt_final()
307 	    (uint8_t *)ctx->gcm_J0);  in gcm_encrypt_final()
308 	xor_block((uint8_t *)ctx->gcm_J0, ghash);  in gcm_encrypt_final()
310 	if (ctx->gcm_remainder_len > 0) {  in gcm_encrypt_final()
311 		rv = crypto_put_output_data(macp, out, ctx->gcm_remainder_len);  in gcm_encrypt_final()
315 	out->cd_offset += ctx->gcm_remainder_len;  in gcm_encrypt_final()
316 	ctx->gcm_remainder_len = 0;  in gcm_encrypt_final()
317 	rv = crypto_put_output_data(ghash, out, ctx->gcm_tag_len);  in gcm_encrypt_final()
320 	out->cd_offset += ctx->gcm_tag_len;  in gcm_encrypt_final()
330 gcm_decrypt_incomplete_block(gcm_ctx_t *ctx, size_t block_size, size_t index,  in gcm_decrypt_incomplete_block()  argument
343 	counter = ntohll(ctx->gcm_cb[1] & counter_mask);  in gcm_decrypt_incomplete_block()
346 	ctx->gcm_cb[1] = (ctx->gcm_cb[1] & ~counter_mask) | counter;  in gcm_decrypt_incomplete_block()
348 	datap = (uint8_t *)ctx->gcm_remainder;  in gcm_decrypt_incomplete_block()
349 	outp = &((ctx->gcm_pt_buf)[index]);  in gcm_decrypt_incomplete_block()
350 	counterp = (uint8_t *)ctx->gcm_tmp;  in gcm_decrypt_incomplete_block()
353 	bzero((uint8_t *)ctx->gcm_tmp, block_size);  in gcm_decrypt_incomplete_block()
354 	bcopy(datap, (uint8_t *)ctx->gcm_tmp, ctx->gcm_remainder_len);  in gcm_decrypt_incomplete_block()
357 	GHASH(ctx, ctx->gcm_tmp, ctx->gcm_ghash);  in gcm_decrypt_incomplete_block()
360 	encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_cb, counterp);  in gcm_decrypt_incomplete_block()
363 	for (i = 0; i < ctx->gcm_remainder_len; i++) {  in gcm_decrypt_incomplete_block()
370 gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *ctx, char *data, size_t length,  in gcm_mode_decrypt_contiguous_blocks()  argument
384 		new_len = ctx->gcm_pt_buf_len + length;  in gcm_mode_decrypt_contiguous_blocks()
386 		new = kmem_alloc(new_len, ctx->gcm_kmflag);  in gcm_mode_decrypt_contiguous_blocks()
387 		bcopy(ctx->gcm_pt_buf, new, ctx->gcm_pt_buf_len);  in gcm_mode_decrypt_contiguous_blocks()
388 		kmem_free(ctx->gcm_pt_buf, ctx->gcm_pt_buf_len);  in gcm_mode_decrypt_contiguous_blocks()
391 		bcopy(ctx->gcm_pt_buf, new, ctx->gcm_pt_buf_len);  in gcm_mode_decrypt_contiguous_blocks()
392 		free(ctx->gcm_pt_buf);  in gcm_mode_decrypt_contiguous_blocks()
397 		ctx->gcm_pt_buf = new;  in gcm_mode_decrypt_contiguous_blocks()
398 		ctx->gcm_pt_buf_len = new_len;  in gcm_mode_decrypt_contiguous_blocks()
399 		bcopy(data, &ctx->gcm_pt_buf[ctx->gcm_processed_data_len],  in gcm_mode_decrypt_contiguous_blocks()
401 		ctx->gcm_processed_data_len += length;  in gcm_mode_decrypt_contiguous_blocks()
404 	ctx->gcm_remainder_len = 0;  in gcm_mode_decrypt_contiguous_blocks()
409 gcm_decrypt_final(gcm_ctx_t *ctx, crypto_data_t *out, size_t block_size,  in gcm_decrypt_final()  argument
422 	ASSERT3U(ctx->gcm_processed_data_len, ==, ctx->gcm_pt_buf_len);  in gcm_decrypt_final()
424 	pt_len = ctx->gcm_processed_data_len - ctx->gcm_tag_len;  in gcm_decrypt_final()
425 	ghash = (uint8_t *)ctx->gcm_ghash;  in gcm_decrypt_final()
426 	blockp = ctx->gcm_pt_buf;  in gcm_decrypt_final()
431 			bcopy(blockp, ctx->gcm_remainder, remainder);  in gcm_decrypt_final()
432 			ctx->gcm_remainder_len = remainder;  in gcm_decrypt_final()
437 			gcm_decrypt_incomplete_block(ctx, block_size,  in gcm_decrypt_final()
439 			ctx->gcm_remainder_len = 0;  in gcm_decrypt_final()
443 		GHASH(ctx, blockp, ghash);  in gcm_decrypt_final()
449 		counter = ntohll(ctx->gcm_cb[1] & counter_mask);  in gcm_decrypt_final()
452 		ctx->gcm_cb[1] = (ctx->gcm_cb[1] & ~counter_mask) | counter;  in gcm_decrypt_final()
454 		cbp = (uint8_t *)ctx->gcm_tmp;  in gcm_decrypt_final()
455 		encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_cb, cbp);  in gcm_decrypt_final()
465 	ctx->gcm_len_a_len_c[1] = htonll(CRYPTO_BYTES2BITS(pt_len));  in gcm_decrypt_final()
466 	GHASH(ctx, ctx->gcm_len_a_len_c, ghash);  in gcm_decrypt_final()
467 	encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_J0,  in gcm_decrypt_final()
468 	    (uint8_t *)ctx->gcm_J0);  in gcm_decrypt_final()
469 	xor_block((uint8_t *)ctx->gcm_J0, ghash);  in gcm_decrypt_final()
472 	if (bcmp(&ctx->gcm_pt_buf[pt_len], ghash, ctx->gcm_tag_len)) {  in gcm_decrypt_final()
476 		rv = crypto_put_output_data(ctx->gcm_pt_buf, out, pt_len);  in gcm_decrypt_final()
514     gcm_ctx_t *ctx, size_t block_size,  in gcm_format_initial_blocks()  argument
524 	ghash = (uint8_t *)ctx->gcm_ghash;  in gcm_format_initial_blocks()
525 	cb = (uint8_t *)ctx->gcm_cb;  in gcm_format_initial_blocks()
533 		copy_block(cb, (uint8_t *)ctx->gcm_J0);  in gcm_format_initial_blocks()
547 			GHASH(ctx, datap, ghash);  in gcm_format_initial_blocks()
552 		GHASH(ctx, len_a_len_c, ctx->gcm_J0);  in gcm_format_initial_blocks()
555 		copy_block((uint8_t *)ctx->gcm_J0, (uint8_t *)cb);  in gcm_format_initial_blocks()
564 gcm_init(gcm_ctx_t *ctx, unsigned char *iv, size_t iv_len,  in gcm_init()  argument
574 	bzero(ctx->gcm_H, sizeof (ctx->gcm_H));  in gcm_init()
575 	encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_H,  in gcm_init()
576 	    (uint8_t *)ctx->gcm_H);  in gcm_init()
578 	gcm_format_initial_blocks(iv, iv_len, ctx, block_size,  in gcm_init()
581 	authp = (uint8_t *)ctx->gcm_tmp;  in gcm_init()
582 	ghash = (uint8_t *)ctx->gcm_ghash;  in gcm_init()
605 		GHASH(ctx, datap, ghash);  in gcm_init()
720 gcm_set_kmflag(gcm_ctx_t *ctx, int kmflag)  in gcm_set_kmflag()  argument
722 	ctx->gcm_kmflag = kmflag;  in gcm_set_kmflag()

Last Index update Sat Apr 27 03:05:32 UTC 2024