xref: /illumos-gate/usr/src/common/crypto/modes/cbc.c (revision 16239bc8) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _KERNEL
27 #include <strings.h>
28 #include <limits.h>
29 #include <assert.h>
30 #include <security/cryptoki.h>
31 #endif
32 
33 #include <sys/types.h>
34 #include <modes/modes.h>
35 #include <sys/crypto/common.h>
36 #include <sys/crypto/impl.h>
37 
38 /*
39  * Algorithm independent CBC functions.
40  */
41 int
42 cbc_encrypt_contiguous_blocks(cbc_ctx_t *ctx, char *data, size_t length,
43     crypto_data_t *out, size_t block_size,
44     int (*encrypt)(const void *, const uint8_t *, uint8_t *),
45     void (*copy_block)(uint8_t *, uint8_t *),
46     void (*xor_block)(uint8_t *, uint8_t *))
47 {
48 	size_t remainder = length;
49 	size_t need;
50 	uint8_t *datap = (uint8_t *)data;
51 	uint8_t *blockp;
52 	uint8_t *lastp;
53 	void *iov_or_mp;
54 	offset_t offset;
55 	uint8_t *out_data_1;
56 	uint8_t *out_data_2;
57 	size_t out_data_1_len;
58 
59 	if (length + ctx->cbc_remainder_len < block_size) {
60 		/* accumulate bytes here and return */
61 		bcopy(datap,
62 		    (uint8_t *)ctx->cbc_remainder + ctx->cbc_remainder_len,
63 		    length);
64 		ctx->cbc_remainder_len += length;
65 		ctx->cbc_copy_to = datap;
66 		return (CRYPTO_SUCCESS);
67 	}
68 
69 	lastp = (uint8_t *)ctx->cbc_iv;
70 	if (out != NULL)
71 		crypto_init_ptrs(out, &iov_or_mp, &offset);
72 
73 	do {
74 		/* Unprocessed data from last call. */
75 		if (ctx->cbc_remainder_len > 0) {
76 			need = block_size - ctx->cbc_remainder_len;
77 
78 			if (need > remainder)
79 				return (CRYPTO_DATA_LEN_RANGE);
80 
81 			bcopy(datap, &((uint8_t *)ctx->cbc_remainder)
82 			    [ctx->cbc_remainder_len], need);
83 
84 			blockp = (uint8_t *)ctx->cbc_remainder;
85 		} else {
86 			blockp = datap;
87 		}
88 
89 		if (out == NULL) {
90 			/*
91 			 * XOR the previous cipher block or IV with the
92 			 * current clear block.
93 			 */
94 			xor_block(lastp, blockp);
95 			encrypt(ctx->cbc_keysched, blockp, blockp);
96 
97 			ctx->cbc_lastp = blockp;
98 			lastp = blockp;
99 
100 			if (ctx->cbc_remainder_len > 0) {
101 				bcopy(blockp, ctx->cbc_copy_to,
102 				    ctx->cbc_remainder_len);
103 				bcopy(blockp + ctx->cbc_remainder_len, datap,
104 				    need);
105 			}
106 		} else {
107 			/*
108 			 * XOR the previous cipher block or IV with the
109 			 * current clear block.
110 			 */
111 			xor_block(blockp, lastp);
112 			encrypt(ctx->cbc_keysched, lastp, lastp);
113 			crypto_get_ptrs(out, &iov_or_mp, &offset, &out_data_1,
114 			    &out_data_1_len, &out_data_2, block_size);
115 
116 			/* copy block to where it belongs */
117 			if (out_data_1_len == block_size) {
118 				copy_block(lastp, out_data_1);
119 			} else {
120 				bcopy(lastp, out_data_1, out_data_1_len);
121 				if (out_data_2 != NULL) {
122 					bcopy(lastp + out_data_1_len,
123 					    out_data_2,
124 					    block_size - out_data_1_len);
125 				}
126 			}
127 			/* update offset */
128 			out->cd_offset += block_size;
129 		}
130 
131 		/* Update pointer to next block of data to be processed. */
132 		if (ctx->cbc_remainder_len != 0) {
133 			datap += need;
134 			ctx->cbc_remainder_len = 0;
135 		} else {
136 			datap += block_size;
137 		}
138 
139 		remainder = (size_t)&data[length] - (size_t)datap;
140 
141 		/* Incomplete last block. */
142 		if (remainder > 0 && remainder < block_size) {
143 			bcopy(datap, ctx->cbc_remainder, remainder);
144 			ctx->cbc_remainder_len = remainder;
145 			ctx->cbc_copy_to = datap;
146 			goto out;
147 		}
148 		ctx->cbc_copy_to = NULL;
149 
150 	} while (remainder > 0);
151 
152 out:
153 	/*
154 	 * Save the last encrypted block in the context.
155 	 */
156 	if (ctx->cbc_lastp != NULL) {
157 		copy_block((uint8_t *)ctx->cbc_lastp, (uint8_t *)ctx->cbc_iv);
158 		ctx->cbc_lastp = (uint8_t *)ctx->cbc_iv;
159 	}
160 
161 	return (CRYPTO_SUCCESS);
162 }
163 
164 #define	OTHER(a, ctx) \
165 	(((a) == (ctx)->cbc_lastblock) ? (ctx)->cbc_iv : (ctx)->cbc_lastblock)
166 
167 /* ARGSUSED */
168 int
169 cbc_decrypt_contiguous_blocks(cbc_ctx_t *ctx, char *data, size_t length,
170     crypto_data_t *out, size_t block_size,
171     int (*decrypt)(const void *, const uint8_t *, uint8_t *),
172     void (*copy_block)(uint8_t *, uint8_t *),
173     void (*xor_block)(uint8_t *, uint8_t *))
174 {
175 	size_t remainder = length;
176 	size_t need;
177 	uint8_t *datap = (uint8_t *)data;
178 	uint8_t *blockp;
179 	uint8_t *lastp;
180 	void *iov_or_mp;
181 	offset_t offset;
182 	uint8_t *out_data_1;
183 	uint8_t *out_data_2;
184 	size_t out_data_1_len;
185 
186 	if (length + ctx->cbc_remainder_len < block_size) {
187 		/* accumulate bytes here and return */
188 		bcopy(datap,
189 		    (uint8_t *)ctx->cbc_remainder + ctx->cbc_remainder_len,
190 		    length);
191 		ctx->cbc_remainder_len += length;
192 		ctx->cbc_copy_to = datap;
193 		return (CRYPTO_SUCCESS);
194 	}
195 
196 	lastp = ctx->cbc_lastp;
197 	if (out != NULL)
198 		crypto_init_ptrs(out, &iov_or_mp, &offset);
199 
200 	do {
201 		/* Unprocessed data from last call. */
202 		if (ctx->cbc_remainder_len > 0) {
203 			need = block_size - ctx->cbc_remainder_len;
204 
205 			if (need > remainder)
206 				return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
207 
208 			bcopy(datap, &((uint8_t *)ctx->cbc_remainder)
209 			    [ctx->cbc_remainder_len], need);
210 
211 			blockp = (uint8_t *)ctx->cbc_remainder;
212 		} else {
213 			blockp = datap;
214 		}
215 
216 		/* LINTED: pointer alignment */
217 		copy_block(blockp, (uint8_t *)OTHER((uint64_t *)lastp, ctx));
218 
219 		if (out != NULL) {
220 			decrypt(ctx->cbc_keysched, blockp,
221 			    (uint8_t *)ctx->cbc_remainder);
222 			blockp = (uint8_t *)ctx->cbc_remainder;
223 		} else {
224 			decrypt(ctx->cbc_keysched, blockp, blockp);
225 		}
226 
227 		/*
228 		 * XOR the previous cipher block or IV with the
229 		 * currently decrypted block.
230 		 */
231 		xor_block(lastp, blockp);
232 
233 		/* LINTED: pointer alignment */
234 		lastp = (uint8_t *)OTHER((uint64_t *)lastp, ctx);
235 
236 		if (out != NULL) {
237 			crypto_get_ptrs(out, &iov_or_mp, &offset, &out_data_1,
238 			    &out_data_1_len, &out_data_2, block_size);
239 
240 			bcopy(blockp, out_data_1, out_data_1_len);
241 			if (out_data_2 != NULL) {
242 				bcopy(blockp + out_data_1_len, out_data_2,
243 				    block_size - out_data_1_len);
244 			}
245 
246 			/* update offset */
247 			out->cd_offset += block_size;
248 
249 		} else if (ctx->cbc_remainder_len > 0) {
250 			/* copy temporary block to where it belongs */
251 			bcopy(blockp, ctx->cbc_copy_to, ctx->cbc_remainder_len);
252 			bcopy(blockp + ctx->cbc_remainder_len, datap, need);
253 		}
254 
255 		/* Update pointer to next block of data to be processed. */
256 		if (ctx->cbc_remainder_len != 0) {
257 			datap += need;
258 			ctx->cbc_remainder_len = 0;
259 		} else {
260 			datap += block_size;
261 		}
262 
263 		remainder = (size_t)&data[length] - (size_t)datap;
264 
265 		/* Incomplete last block. */
266 		if (remainder > 0 && remainder < block_size) {
267 			bcopy(datap, ctx->cbc_remainder, remainder);
268 			ctx->cbc_remainder_len = remainder;
269 			ctx->cbc_lastp = lastp;
270 			ctx->cbc_copy_to = datap;
271 			return (CRYPTO_SUCCESS);
272 		}
273 		ctx->cbc_copy_to = NULL;
274 
275 	} while (remainder > 0);
276 
277 	ctx->cbc_lastp = lastp;
278 	return (CRYPTO_SUCCESS);
279 }
280 
281 int
282 cbc_init_ctx(cbc_ctx_t *cbc_ctx, char *param, size_t param_len,
283     size_t block_size, void (*copy_block)(uint8_t *, uint64_t *))
284 {
285 	/*
286 	 * Copy IV into context.
287 	 *
288 	 * If cm_param == NULL then the IV comes from the
289 	 * cd_miscdata field in the crypto_data structure.
290 	 */
291 	if (param != NULL) {
292 #ifdef _KERNEL
293 		ASSERT(param_len == block_size);
294 #else
295 		assert(param_len == block_size);
296 #endif
297 		copy_block((uchar_t *)param, cbc_ctx->cbc_iv);
298 	}
299 
300 	cbc_ctx->cbc_lastp = (uint8_t *)&cbc_ctx->cbc_iv[0];
301 	cbc_ctx->cbc_flags |= CBC_MODE;
302 	return (CRYPTO_SUCCESS);
303 }
304 
305 /* ARGSUSED */
306 void *
307 cbc_alloc_ctx(int kmflag)
308 {
309 	cbc_ctx_t *cbc_ctx;
310 
311 #ifdef _KERNEL
312 	if ((cbc_ctx = kmem_zalloc(sizeof (cbc_ctx_t), kmflag)) == NULL)
313 #else
314 	if ((cbc_ctx = calloc(1, sizeof (cbc_ctx_t))) == NULL)
315 #endif
316 		return (NULL);
317 
318 	cbc_ctx->cbc_flags = CBC_MODE;
319 	return (cbc_ctx);
320 }
321