10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 50Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 60Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 70Sstevel@tonic-gate * with the License. 80Sstevel@tonic-gate * 90Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 100Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 110Sstevel@tonic-gate * See the License for the specific language governing permissions 120Sstevel@tonic-gate * and limitations under the License. 130Sstevel@tonic-gate * 140Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 150Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 160Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 170Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 180Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 190Sstevel@tonic-gate * 200Sstevel@tonic-gate * CDDL HEADER END 210Sstevel@tonic-gate */ 220Sstevel@tonic-gate /* 230Sstevel@tonic-gate * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 240Sstevel@tonic-gate * Use is subject to license terms. 250Sstevel@tonic-gate */ 260Sstevel@tonic-gate 270Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 280Sstevel@tonic-gate 290Sstevel@tonic-gate /* 300Sstevel@tonic-gate * AES provider for the Kernel Cryptographic Framework (KCF) 310Sstevel@tonic-gate */ 320Sstevel@tonic-gate 330Sstevel@tonic-gate #include <sys/types.h> 340Sstevel@tonic-gate #include <sys/systm.h> 350Sstevel@tonic-gate #include <sys/modctl.h> 360Sstevel@tonic-gate #include <sys/cmn_err.h> 370Sstevel@tonic-gate #include <sys/ddi.h> 380Sstevel@tonic-gate #include <sys/crypto/common.h> 390Sstevel@tonic-gate #include <sys/crypto/spi.h> 400Sstevel@tonic-gate #include <sys/sysmacros.h> 410Sstevel@tonic-gate #include <sys/strsun.h> 420Sstevel@tonic-gate #include <aes_impl.h> 430Sstevel@tonic-gate #include <aes_cbc_crypt.h> 440Sstevel@tonic-gate 450Sstevel@tonic-gate extern struct mod_ops mod_cryptoops; 460Sstevel@tonic-gate 470Sstevel@tonic-gate /* 480Sstevel@tonic-gate * Module linkage information for the kernel. 490Sstevel@tonic-gate */ 500Sstevel@tonic-gate static struct modlcrypto modlcrypto = { 510Sstevel@tonic-gate &mod_cryptoops, 520Sstevel@tonic-gate "AES Kernel SW Provider %I%" 530Sstevel@tonic-gate }; 540Sstevel@tonic-gate 550Sstevel@tonic-gate static struct modlinkage modlinkage = { 560Sstevel@tonic-gate MODREV_1, 570Sstevel@tonic-gate (void *)&modlcrypto, 580Sstevel@tonic-gate NULL 590Sstevel@tonic-gate }; 600Sstevel@tonic-gate 610Sstevel@tonic-gate /* 620Sstevel@tonic-gate * CSPI information (entry points, provider info, etc.) 630Sstevel@tonic-gate */ 640Sstevel@tonic-gate typedef enum aes_mech_type { 650Sstevel@tonic-gate AES_ECB_MECH_INFO_TYPE, /* SUN_CKM_AES_ECB */ 660Sstevel@tonic-gate AES_CBC_MECH_INFO_TYPE, /* SUN_CKM_AES_CBC */ 67904Smcpowers AES_CBC_PAD_MECH_INFO_TYPE, /* SUN_CKM_AES_CBC_PAD */ 68904Smcpowers AES_CTR_MECH_INFO_TYPE /* SUN_CKM_AES_CTR */ 690Sstevel@tonic-gate } aes_mech_type_t; 700Sstevel@tonic-gate 710Sstevel@tonic-gate /* 720Sstevel@tonic-gate * The following definitions are to keep EXPORT_SRC happy. 730Sstevel@tonic-gate */ 740Sstevel@tonic-gate #ifndef AES_MIN_KEY_LEN 750Sstevel@tonic-gate #define AES_MIN_KEY_LEN 0 760Sstevel@tonic-gate #endif 770Sstevel@tonic-gate 780Sstevel@tonic-gate #ifndef AES_MAX_KEY_LEN 790Sstevel@tonic-gate #define AES_MAX_KEY_LEN 0 800Sstevel@tonic-gate #endif 810Sstevel@tonic-gate 820Sstevel@tonic-gate /* 830Sstevel@tonic-gate * Mechanism info structure passed to KCF during registration. 840Sstevel@tonic-gate */ 850Sstevel@tonic-gate static crypto_mech_info_t aes_mech_info_tab[] = { 860Sstevel@tonic-gate /* AES_ECB */ 870Sstevel@tonic-gate {SUN_CKM_AES_ECB, AES_ECB_MECH_INFO_TYPE, 880Sstevel@tonic-gate CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 890Sstevel@tonic-gate CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 900Sstevel@tonic-gate AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 910Sstevel@tonic-gate /* AES_CBC */ 920Sstevel@tonic-gate {SUN_CKM_AES_CBC, AES_CBC_MECH_INFO_TYPE, 930Sstevel@tonic-gate CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 940Sstevel@tonic-gate CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 95904Smcpowers AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 96904Smcpowers /* AES_CTR */ 97904Smcpowers {SUN_CKM_AES_CTR, AES_CTR_MECH_INFO_TYPE, 98904Smcpowers CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 99904Smcpowers CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 1000Sstevel@tonic-gate AES_MIN_KEY_LEN, AES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES} 1010Sstevel@tonic-gate }; 1020Sstevel@tonic-gate 1030Sstevel@tonic-gate /* operations are in-place if the output buffer is NULL */ 1040Sstevel@tonic-gate #define AES_ARG_INPLACE(input, output) \ 1050Sstevel@tonic-gate if ((output) == NULL) \ 1060Sstevel@tonic-gate (output) = (input); 1070Sstevel@tonic-gate 1080Sstevel@tonic-gate static void aes_provider_status(crypto_provider_handle_t, uint_t *); 1090Sstevel@tonic-gate 1100Sstevel@tonic-gate static crypto_control_ops_t aes_control_ops = { 1110Sstevel@tonic-gate aes_provider_status 1120Sstevel@tonic-gate }; 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate static int aes_common_init(crypto_ctx_t *, crypto_mechanism_t *, 1150Sstevel@tonic-gate crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1160Sstevel@tonic-gate static int aes_common_init_ctx(aes_ctx_t *, crypto_spi_ctx_template_t *, 1170Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, int); 1180Sstevel@tonic-gate static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *, 1190Sstevel@tonic-gate crypto_req_handle_t); 1200Sstevel@tonic-gate static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *, 1210Sstevel@tonic-gate crypto_req_handle_t); 1220Sstevel@tonic-gate 1230Sstevel@tonic-gate static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 1240Sstevel@tonic-gate crypto_req_handle_t); 1250Sstevel@tonic-gate static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *, 1260Sstevel@tonic-gate crypto_data_t *, crypto_req_handle_t); 1270Sstevel@tonic-gate static int aes_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, 1280Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 1290Sstevel@tonic-gate crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1300Sstevel@tonic-gate 1310Sstevel@tonic-gate static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 1320Sstevel@tonic-gate crypto_req_handle_t); 1330Sstevel@tonic-gate static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *, 1340Sstevel@tonic-gate crypto_data_t *, crypto_req_handle_t); 1350Sstevel@tonic-gate static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, 1360Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 1370Sstevel@tonic-gate crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1380Sstevel@tonic-gate 1390Sstevel@tonic-gate static crypto_cipher_ops_t aes_cipher_ops = { 1400Sstevel@tonic-gate aes_common_init, 1410Sstevel@tonic-gate aes_encrypt, 1420Sstevel@tonic-gate aes_encrypt_update, 1430Sstevel@tonic-gate aes_encrypt_final, 1440Sstevel@tonic-gate aes_encrypt_atomic, 1450Sstevel@tonic-gate aes_common_init, 1460Sstevel@tonic-gate aes_decrypt, 1470Sstevel@tonic-gate aes_decrypt_update, 1480Sstevel@tonic-gate aes_decrypt_final, 1490Sstevel@tonic-gate aes_decrypt_atomic 1500Sstevel@tonic-gate }; 1510Sstevel@tonic-gate 1520Sstevel@tonic-gate static int aes_create_ctx_template(crypto_provider_handle_t, 1530Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, 1540Sstevel@tonic-gate size_t *, crypto_req_handle_t); 1550Sstevel@tonic-gate static int aes_free_context(crypto_ctx_t *); 1560Sstevel@tonic-gate 1570Sstevel@tonic-gate static crypto_ctx_ops_t aes_ctx_ops = { 1580Sstevel@tonic-gate aes_create_ctx_template, 1590Sstevel@tonic-gate aes_free_context 1600Sstevel@tonic-gate }; 1610Sstevel@tonic-gate 1620Sstevel@tonic-gate static crypto_ops_t aes_crypto_ops = { 1630Sstevel@tonic-gate &aes_control_ops, 1640Sstevel@tonic-gate NULL, 1650Sstevel@tonic-gate &aes_cipher_ops, 1660Sstevel@tonic-gate NULL, 1670Sstevel@tonic-gate NULL, 1680Sstevel@tonic-gate NULL, 1690Sstevel@tonic-gate NULL, 1700Sstevel@tonic-gate NULL, 1710Sstevel@tonic-gate NULL, 1720Sstevel@tonic-gate NULL, 1730Sstevel@tonic-gate NULL, 1740Sstevel@tonic-gate NULL, 1750Sstevel@tonic-gate NULL, 1760Sstevel@tonic-gate &aes_ctx_ops 1770Sstevel@tonic-gate }; 1780Sstevel@tonic-gate 1790Sstevel@tonic-gate static crypto_provider_info_t aes_prov_info = { 1800Sstevel@tonic-gate CRYPTO_SPI_VERSION_1, 1810Sstevel@tonic-gate "AES Software Provider", 1820Sstevel@tonic-gate CRYPTO_SW_PROVIDER, 1830Sstevel@tonic-gate {&modlinkage}, 1840Sstevel@tonic-gate NULL, 1850Sstevel@tonic-gate &aes_crypto_ops, 1860Sstevel@tonic-gate sizeof (aes_mech_info_tab)/sizeof (crypto_mech_info_t), 1870Sstevel@tonic-gate aes_mech_info_tab 1880Sstevel@tonic-gate }; 1890Sstevel@tonic-gate 1900Sstevel@tonic-gate static crypto_kcf_provider_handle_t aes_prov_handle = NULL; 1910Sstevel@tonic-gate 1920Sstevel@tonic-gate int 1930Sstevel@tonic-gate _init(void) 1940Sstevel@tonic-gate { 1950Sstevel@tonic-gate int ret; 1960Sstevel@tonic-gate 1970Sstevel@tonic-gate /* 1980Sstevel@tonic-gate * Register with KCF. If the registration fails, return error. 1990Sstevel@tonic-gate */ 2000Sstevel@tonic-gate if ((ret = crypto_register_provider(&aes_prov_info, 2010Sstevel@tonic-gate &aes_prov_handle)) != CRYPTO_SUCCESS) { 2020Sstevel@tonic-gate cmn_err(CE_WARN, "%s _init: crypto_register_provider()" 2030Sstevel@tonic-gate "failed (0x%x)", CRYPTO_PROVIDER_NAME, ret); 2040Sstevel@tonic-gate return (EACCES); 2050Sstevel@tonic-gate } 2060Sstevel@tonic-gate 2070Sstevel@tonic-gate if ((ret = mod_install(&modlinkage)) != 0) { 2080Sstevel@tonic-gate int rv; 2090Sstevel@tonic-gate 2100Sstevel@tonic-gate ASSERT(aes_prov_handle != NULL); 2110Sstevel@tonic-gate /* We should not return if the unregister returns busy. */ 2120Sstevel@tonic-gate while ((rv = crypto_unregister_provider(aes_prov_handle)) 2130Sstevel@tonic-gate == CRYPTO_BUSY) { 2140Sstevel@tonic-gate cmn_err(CE_WARN, 2150Sstevel@tonic-gate "%s _init: crypto_unregister_provider() " 2160Sstevel@tonic-gate "failed (0x%x). Retrying.", 2170Sstevel@tonic-gate CRYPTO_PROVIDER_NAME, rv); 2180Sstevel@tonic-gate /* wait 10 seconds and try again. */ 2190Sstevel@tonic-gate delay(10 * drv_usectohz(1000000)); 2200Sstevel@tonic-gate } 2210Sstevel@tonic-gate } 2220Sstevel@tonic-gate 2230Sstevel@tonic-gate return (ret); 2240Sstevel@tonic-gate } 2250Sstevel@tonic-gate 2260Sstevel@tonic-gate int 2270Sstevel@tonic-gate _fini(void) 2280Sstevel@tonic-gate { 2290Sstevel@tonic-gate int ret; 2300Sstevel@tonic-gate 2310Sstevel@tonic-gate /* 2320Sstevel@tonic-gate * Unregister from KCF if previous registration succeeded. 2330Sstevel@tonic-gate */ 2340Sstevel@tonic-gate if (aes_prov_handle != NULL) { 2350Sstevel@tonic-gate if ((ret = crypto_unregister_provider(aes_prov_handle)) != 2360Sstevel@tonic-gate CRYPTO_SUCCESS) { 2370Sstevel@tonic-gate cmn_err(CE_WARN, 2380Sstevel@tonic-gate "%s _fini: crypto_unregister_provider() " 2390Sstevel@tonic-gate "failed (0x%x)", CRYPTO_PROVIDER_NAME, ret); 2400Sstevel@tonic-gate return (EBUSY); 2410Sstevel@tonic-gate } 2420Sstevel@tonic-gate aes_prov_handle = NULL; 2430Sstevel@tonic-gate } 2440Sstevel@tonic-gate 2450Sstevel@tonic-gate return (mod_remove(&modlinkage)); 2460Sstevel@tonic-gate } 2470Sstevel@tonic-gate 2480Sstevel@tonic-gate int 2490Sstevel@tonic-gate _info(struct modinfo *modinfop) 2500Sstevel@tonic-gate { 2510Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop)); 2520Sstevel@tonic-gate } 2530Sstevel@tonic-gate 2540Sstevel@tonic-gate 255991Smcpowers static int 256991Smcpowers aes_check_mech_param(crypto_mechanism_t *mechanism) 257991Smcpowers { 258991Smcpowers int rv = CRYPTO_SUCCESS; 259991Smcpowers 260991Smcpowers switch (mechanism->cm_type) { 261991Smcpowers case AES_ECB_MECH_INFO_TYPE: 262991Smcpowers /* no parameter */ 263991Smcpowers break; 264991Smcpowers case AES_CBC_MECH_INFO_TYPE: 265*1010Smcpowers if (mechanism->cm_param != NULL && 266991Smcpowers mechanism->cm_param_len != AES_BLOCK_LEN) 267991Smcpowers rv = CRYPTO_MECHANISM_PARAM_INVALID; 268991Smcpowers break; 269991Smcpowers case AES_CTR_MECH_INFO_TYPE: 270*1010Smcpowers if (mechanism->cm_param != NULL && 271991Smcpowers mechanism->cm_param_len != sizeof (CK_AES_CTR_PARAMS)) 272991Smcpowers rv = CRYPTO_MECHANISM_PARAM_INVALID; 273991Smcpowers break; 274991Smcpowers default: 275991Smcpowers rv = CRYPTO_MECHANISM_INVALID; 276991Smcpowers } 277991Smcpowers return (rv); 278991Smcpowers } 279991Smcpowers 280*1010Smcpowers /* EXPORT DELETE START */ 281*1010Smcpowers 2820Sstevel@tonic-gate /* 2830Sstevel@tonic-gate * Initialize key schedules for AES 2840Sstevel@tonic-gate */ 2850Sstevel@tonic-gate static int 2860Sstevel@tonic-gate init_keysched(crypto_key_t *key, void *newbie) 2870Sstevel@tonic-gate { 2880Sstevel@tonic-gate /* 2890Sstevel@tonic-gate * Only keys by value are supported by this module. 2900Sstevel@tonic-gate */ 2910Sstevel@tonic-gate switch (key->ck_format) { 2920Sstevel@tonic-gate case CRYPTO_KEY_RAW: 2930Sstevel@tonic-gate if (key->ck_length < AES_MINBITS || 2940Sstevel@tonic-gate key->ck_length > AES_MAXBITS) { 2950Sstevel@tonic-gate return (CRYPTO_KEY_SIZE_RANGE); 2960Sstevel@tonic-gate } 2970Sstevel@tonic-gate 2980Sstevel@tonic-gate /* key length must be either 128, 192, or 256 */ 2990Sstevel@tonic-gate if ((key->ck_length & 63) != 0) 3000Sstevel@tonic-gate return (CRYPTO_KEY_SIZE_RANGE); 3010Sstevel@tonic-gate break; 3020Sstevel@tonic-gate default: 3030Sstevel@tonic-gate return (CRYPTO_KEY_TYPE_INCONSISTENT); 3040Sstevel@tonic-gate } 3050Sstevel@tonic-gate 3060Sstevel@tonic-gate aes_init_keysched(key->ck_data, key->ck_length, newbie); 3070Sstevel@tonic-gate return (CRYPTO_SUCCESS); 3080Sstevel@tonic-gate } 3090Sstevel@tonic-gate 3100Sstevel@tonic-gate /* EXPORT DELETE END */ 3110Sstevel@tonic-gate 3120Sstevel@tonic-gate /* 3130Sstevel@tonic-gate * KCF software provider control entry points. 3140Sstevel@tonic-gate */ 3150Sstevel@tonic-gate /* ARGSUSED */ 3160Sstevel@tonic-gate static void 3170Sstevel@tonic-gate aes_provider_status(crypto_provider_handle_t provider, uint_t *status) 3180Sstevel@tonic-gate { 3190Sstevel@tonic-gate *status = CRYPTO_PROVIDER_READY; 3200Sstevel@tonic-gate } 3210Sstevel@tonic-gate 3220Sstevel@tonic-gate /* 3230Sstevel@tonic-gate * KCF software provider encrypt entry points. 3240Sstevel@tonic-gate */ 3250Sstevel@tonic-gate static int 3260Sstevel@tonic-gate aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 3270Sstevel@tonic-gate crypto_key_t *key, crypto_spi_ctx_template_t template, 3280Sstevel@tonic-gate crypto_req_handle_t req) 3290Sstevel@tonic-gate { 3300Sstevel@tonic-gate 3310Sstevel@tonic-gate /* EXPORT DELETE START */ 3320Sstevel@tonic-gate 3330Sstevel@tonic-gate aes_ctx_t *aes_ctx; 3340Sstevel@tonic-gate int rv; 3350Sstevel@tonic-gate int kmflag; 3360Sstevel@tonic-gate 3370Sstevel@tonic-gate /* 3380Sstevel@tonic-gate * Only keys by value are supported by this module. 3390Sstevel@tonic-gate */ 3400Sstevel@tonic-gate if (key->ck_format != CRYPTO_KEY_RAW) { 3410Sstevel@tonic-gate return (CRYPTO_KEY_TYPE_INCONSISTENT); 3420Sstevel@tonic-gate } 3430Sstevel@tonic-gate 344991Smcpowers if ((rv = aes_check_mech_param(mechanism)) != CRYPTO_SUCCESS) 345991Smcpowers return (rv); 3460Sstevel@tonic-gate 3470Sstevel@tonic-gate /* 3480Sstevel@tonic-gate * Allocate an AES context. 3490Sstevel@tonic-gate */ 3500Sstevel@tonic-gate kmflag = crypto_kmflag(req); 3510Sstevel@tonic-gate if ((aes_ctx = kmem_zalloc(sizeof (aes_ctx_t), kmflag)) == NULL) 3520Sstevel@tonic-gate return (CRYPTO_HOST_MEMORY); 3530Sstevel@tonic-gate 3540Sstevel@tonic-gate rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, kmflag); 3550Sstevel@tonic-gate if (rv != CRYPTO_SUCCESS) { 3560Sstevel@tonic-gate kmem_free(aes_ctx, sizeof (aes_ctx_t)); 3570Sstevel@tonic-gate return (rv); 3580Sstevel@tonic-gate } 3590Sstevel@tonic-gate 3600Sstevel@tonic-gate ctx->cc_provider_private = aes_ctx; 3610Sstevel@tonic-gate 3620Sstevel@tonic-gate /* EXPORT DELETE END */ 3630Sstevel@tonic-gate 3640Sstevel@tonic-gate return (CRYPTO_SUCCESS); 3650Sstevel@tonic-gate } 3660Sstevel@tonic-gate 3670Sstevel@tonic-gate /* 3680Sstevel@tonic-gate * Helper AES encrypt update function for iov input data. 3690Sstevel@tonic-gate */ 3700Sstevel@tonic-gate static int 3710Sstevel@tonic-gate aes_cipher_update_iov(aes_ctx_t *aes_ctx, crypto_data_t *input, 3720Sstevel@tonic-gate crypto_data_t *output, int (*cipher)(aes_ctx_t *, caddr_t, size_t, 3730Sstevel@tonic-gate crypto_data_t *)) 3740Sstevel@tonic-gate { 3750Sstevel@tonic-gate int rv; 3760Sstevel@tonic-gate /* EXPORT DELETE START */ 3770Sstevel@tonic-gate 3780Sstevel@tonic-gate if (input->cd_miscdata != NULL) { 3790Sstevel@tonic-gate if (IS_P2ALIGNED(input->cd_miscdata, sizeof (uint64_t))) { 3800Sstevel@tonic-gate /* LINTED: pointer alignment */ 3810Sstevel@tonic-gate aes_ctx->ac_iv[0] = *(uint64_t *)input->cd_miscdata; 3820Sstevel@tonic-gate /* LINTED: pointer alignment */ 3830Sstevel@tonic-gate aes_ctx->ac_iv[1] = *(uint64_t *)&input->cd_miscdata[8]; 3840Sstevel@tonic-gate } else { 3850Sstevel@tonic-gate uint8_t *miscdata8 = (uint8_t *)&input->cd_miscdata[0]; 3860Sstevel@tonic-gate uint8_t *iv8 = (uint8_t *)&aes_ctx->ac_iv[0]; 3870Sstevel@tonic-gate 3880Sstevel@tonic-gate AES_COPY_BLOCK(miscdata8, iv8); 3890Sstevel@tonic-gate } 3900Sstevel@tonic-gate } 3910Sstevel@tonic-gate 3920Sstevel@tonic-gate if (input->cd_raw.iov_len < input->cd_length) 3930Sstevel@tonic-gate return (CRYPTO_ARGUMENTS_BAD); 3940Sstevel@tonic-gate 3950Sstevel@tonic-gate rv = (cipher)(aes_ctx, input->cd_raw.iov_base + input->cd_offset, 3960Sstevel@tonic-gate input->cd_length, (input == output) ? NULL : output); 3970Sstevel@tonic-gate 3980Sstevel@tonic-gate /* EXPORT DELETE END */ 3990Sstevel@tonic-gate 4000Sstevel@tonic-gate return (rv); 4010Sstevel@tonic-gate } 4020Sstevel@tonic-gate 4030Sstevel@tonic-gate /* 4040Sstevel@tonic-gate * Helper AES encrypt update function for uio input data. 4050Sstevel@tonic-gate */ 4060Sstevel@tonic-gate static int 4070Sstevel@tonic-gate aes_cipher_update_uio(aes_ctx_t *aes_ctx, crypto_data_t *input, 4080Sstevel@tonic-gate crypto_data_t *output, int (*cipher)(aes_ctx_t *, caddr_t, size_t, 4090Sstevel@tonic-gate crypto_data_t *)) 4100Sstevel@tonic-gate { 4110Sstevel@tonic-gate /* EXPORT DELETE START */ 4120Sstevel@tonic-gate uio_t *uiop = input->cd_uio; 4130Sstevel@tonic-gate off_t offset = input->cd_offset; 4140Sstevel@tonic-gate size_t length = input->cd_length; 4150Sstevel@tonic-gate uint_t vec_idx; 4160Sstevel@tonic-gate size_t cur_len; 4170Sstevel@tonic-gate 4180Sstevel@tonic-gate if (input->cd_miscdata != NULL) { 4190Sstevel@tonic-gate if (IS_P2ALIGNED(input->cd_miscdata, sizeof (uint64_t))) { 4200Sstevel@tonic-gate /* LINTED: pointer alignment */ 4210Sstevel@tonic-gate aes_ctx->ac_iv[0] = *(uint64_t *)input->cd_miscdata; 4220Sstevel@tonic-gate /* LINTED: pointer alignment */ 4230Sstevel@tonic-gate aes_ctx->ac_iv[1] = *(uint64_t *)&input->cd_miscdata[8]; 4240Sstevel@tonic-gate } else { 4250Sstevel@tonic-gate uint8_t *miscdata8 = (uint8_t *)&input->cd_miscdata[0]; 4260Sstevel@tonic-gate uint8_t *iv8 = (uint8_t *)&aes_ctx->ac_iv[0]; 4270Sstevel@tonic-gate 4280Sstevel@tonic-gate AES_COPY_BLOCK(miscdata8, iv8); 4290Sstevel@tonic-gate } 4300Sstevel@tonic-gate } 4310Sstevel@tonic-gate 4320Sstevel@tonic-gate if (input->cd_uio->uio_segflg != UIO_SYSSPACE) { 4330Sstevel@tonic-gate return (CRYPTO_ARGUMENTS_BAD); 4340Sstevel@tonic-gate } 4350Sstevel@tonic-gate 4360Sstevel@tonic-gate /* 4370Sstevel@tonic-gate * Jump to the first iovec containing data to be 4380Sstevel@tonic-gate * processed. 4390Sstevel@tonic-gate */ 4400Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt && 4410Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len; 4420Sstevel@tonic-gate offset -= uiop->uio_iov[vec_idx++].iov_len); 4430Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) { 4440Sstevel@tonic-gate /* 4450Sstevel@tonic-gate * The caller specified an offset that is larger than the 4460Sstevel@tonic-gate * total size of the buffers it provided. 4470Sstevel@tonic-gate */ 4480Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 4490Sstevel@tonic-gate } 4500Sstevel@tonic-gate 4510Sstevel@tonic-gate /* 4520Sstevel@tonic-gate * Now process the iovecs. 4530Sstevel@tonic-gate */ 4540Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && length > 0) { 4550Sstevel@tonic-gate cur_len = MIN(uiop->uio_iov[vec_idx].iov_len - 4560Sstevel@tonic-gate offset, length); 4570Sstevel@tonic-gate 4580Sstevel@tonic-gate (cipher)(aes_ctx, uiop->uio_iov[vec_idx].iov_base + offset, 4590Sstevel@tonic-gate cur_len, (input == output) ? NULL : output); 4600Sstevel@tonic-gate 4610Sstevel@tonic-gate length -= cur_len; 4620Sstevel@tonic-gate vec_idx++; 4630Sstevel@tonic-gate offset = 0; 4640Sstevel@tonic-gate } 4650Sstevel@tonic-gate 4660Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && length > 0) { 4670Sstevel@tonic-gate /* 4680Sstevel@tonic-gate * The end of the specified iovec's was reached but 4690Sstevel@tonic-gate * the length requested could not be processed, i.e. 4700Sstevel@tonic-gate * The caller requested to digest more data than it provided. 4710Sstevel@tonic-gate */ 4720Sstevel@tonic-gate 4730Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 4740Sstevel@tonic-gate } 4750Sstevel@tonic-gate 4760Sstevel@tonic-gate /* EXPORT DELETE END */ 4770Sstevel@tonic-gate 4780Sstevel@tonic-gate return (CRYPTO_SUCCESS); 4790Sstevel@tonic-gate } 4800Sstevel@tonic-gate 4810Sstevel@tonic-gate /* 4820Sstevel@tonic-gate * Helper AES encrypt update function for mblk input data. 4830Sstevel@tonic-gate */ 4840Sstevel@tonic-gate static int 4850Sstevel@tonic-gate aes_cipher_update_mp(aes_ctx_t *aes_ctx, crypto_data_t *input, 4860Sstevel@tonic-gate crypto_data_t *output, int (*cipher)(aes_ctx_t *, caddr_t, size_t, 4870Sstevel@tonic-gate crypto_data_t *)) 4880Sstevel@tonic-gate { 4890Sstevel@tonic-gate /* EXPORT DELETE START */ 4900Sstevel@tonic-gate off_t offset = input->cd_offset; 4910Sstevel@tonic-gate size_t length = input->cd_length; 4920Sstevel@tonic-gate mblk_t *mp; 4930Sstevel@tonic-gate size_t cur_len; 4940Sstevel@tonic-gate 4950Sstevel@tonic-gate if (input->cd_miscdata != NULL) { 4960Sstevel@tonic-gate if (IS_P2ALIGNED(input->cd_miscdata, sizeof (uint64_t))) { 4970Sstevel@tonic-gate /* LINTED: pointer alignment */ 4980Sstevel@tonic-gate aes_ctx->ac_iv[0] = *(uint64_t *)input->cd_miscdata; 4990Sstevel@tonic-gate /* LINTED: pointer alignment */ 5000Sstevel@tonic-gate aes_ctx->ac_iv[1] = *(uint64_t *)&input->cd_miscdata[8]; 5010Sstevel@tonic-gate } else { 5020Sstevel@tonic-gate uint8_t *miscdata8 = (uint8_t *)&input->cd_miscdata[0]; 5030Sstevel@tonic-gate uint8_t *iv8 = (uint8_t *)&aes_ctx->ac_iv[0]; 5040Sstevel@tonic-gate 5050Sstevel@tonic-gate AES_COPY_BLOCK(miscdata8, iv8); 5060Sstevel@tonic-gate } 5070Sstevel@tonic-gate } 5080Sstevel@tonic-gate 5090Sstevel@tonic-gate /* 5100Sstevel@tonic-gate * Jump to the first mblk_t containing data to be processed. 5110Sstevel@tonic-gate */ 5120Sstevel@tonic-gate for (mp = input->cd_mp; mp != NULL && offset >= MBLKL(mp); 5130Sstevel@tonic-gate offset -= MBLKL(mp), mp = mp->b_cont); 5140Sstevel@tonic-gate if (mp == NULL) { 5150Sstevel@tonic-gate /* 5160Sstevel@tonic-gate * The caller specified an offset that is larger than the 5170Sstevel@tonic-gate * total size of the buffers it provided. 5180Sstevel@tonic-gate */ 5190Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 5200Sstevel@tonic-gate } 5210Sstevel@tonic-gate 5220Sstevel@tonic-gate /* 5230Sstevel@tonic-gate * Now do the processing on the mblk chain. 5240Sstevel@tonic-gate */ 5250Sstevel@tonic-gate while (mp != NULL && length > 0) { 5260Sstevel@tonic-gate cur_len = MIN(MBLKL(mp) - offset, length); 5270Sstevel@tonic-gate (cipher)(aes_ctx, (char *)(mp->b_rptr + offset), cur_len, 5280Sstevel@tonic-gate (input == output) ? NULL : output); 5290Sstevel@tonic-gate 5300Sstevel@tonic-gate length -= cur_len; 5310Sstevel@tonic-gate offset = 0; 5320Sstevel@tonic-gate mp = mp->b_cont; 5330Sstevel@tonic-gate } 5340Sstevel@tonic-gate 5350Sstevel@tonic-gate if (mp == NULL && length > 0) { 5360Sstevel@tonic-gate /* 5370Sstevel@tonic-gate * The end of the mblk was reached but the length requested 5380Sstevel@tonic-gate * could not be processed, i.e. The caller requested 5390Sstevel@tonic-gate * to digest more data than it provided. 5400Sstevel@tonic-gate */ 5410Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 5420Sstevel@tonic-gate } 5430Sstevel@tonic-gate 5440Sstevel@tonic-gate /* EXPORT DELETE END */ 5450Sstevel@tonic-gate 5460Sstevel@tonic-gate return (CRYPTO_SUCCESS); 5470Sstevel@tonic-gate } 5480Sstevel@tonic-gate 5490Sstevel@tonic-gate /* ARGSUSED */ 5500Sstevel@tonic-gate static int 5510Sstevel@tonic-gate aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext, 5520Sstevel@tonic-gate crypto_data_t *ciphertext, crypto_req_handle_t req) 5530Sstevel@tonic-gate { 5540Sstevel@tonic-gate int ret = CRYPTO_FAILED; 5550Sstevel@tonic-gate 5560Sstevel@tonic-gate /* EXPORT DELETE START */ 5570Sstevel@tonic-gate 5580Sstevel@tonic-gate aes_ctx_t *aes_ctx; 5590Sstevel@tonic-gate 5600Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 5610Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 5620Sstevel@tonic-gate 563904Smcpowers /* 564904Smcpowers * For block ciphers, plaintext must be a multiple of AES block size. 565904Smcpowers * This test is only valid for ciphers whose blocksize is a power of 2. 566904Smcpowers */ 567904Smcpowers if (((aes_ctx->ac_flags & AES_CTR_MODE) == 0) && 568904Smcpowers (plaintext->cd_length & (AES_BLOCK_LEN - 1)) != 0) 569904Smcpowers return (CRYPTO_DATA_LEN_RANGE); 570904Smcpowers 5710Sstevel@tonic-gate AES_ARG_INPLACE(plaintext, ciphertext); 5720Sstevel@tonic-gate 5730Sstevel@tonic-gate /* 5740Sstevel@tonic-gate * We need to just return the length needed to store the output. 5750Sstevel@tonic-gate * We should not destroy the context for the following case. 5760Sstevel@tonic-gate */ 5770Sstevel@tonic-gate if (ciphertext->cd_length < plaintext->cd_length) { 5780Sstevel@tonic-gate ciphertext->cd_length = plaintext->cd_length; 5790Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 5800Sstevel@tonic-gate } 5810Sstevel@tonic-gate 5820Sstevel@tonic-gate /* 5830Sstevel@tonic-gate * Do an update on the specified input data. 5840Sstevel@tonic-gate */ 5850Sstevel@tonic-gate ret = aes_encrypt_update(ctx, plaintext, ciphertext, req); 5860Sstevel@tonic-gate ASSERT(aes_ctx->ac_remainder_len == 0); 5870Sstevel@tonic-gate (void) aes_free_context(ctx); 5880Sstevel@tonic-gate 5890Sstevel@tonic-gate /* EXPORT DELETE END */ 5900Sstevel@tonic-gate 5910Sstevel@tonic-gate /* LINTED */ 5920Sstevel@tonic-gate return (ret); 5930Sstevel@tonic-gate } 5940Sstevel@tonic-gate 5950Sstevel@tonic-gate /* ARGSUSED */ 5960Sstevel@tonic-gate static int 5970Sstevel@tonic-gate aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext, 5980Sstevel@tonic-gate crypto_data_t *plaintext, crypto_req_handle_t req) 5990Sstevel@tonic-gate { 6000Sstevel@tonic-gate int ret = CRYPTO_FAILED; 6010Sstevel@tonic-gate 6020Sstevel@tonic-gate /* EXPORT DELETE START */ 6030Sstevel@tonic-gate 6040Sstevel@tonic-gate aes_ctx_t *aes_ctx; 6050Sstevel@tonic-gate 6060Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 6070Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 6080Sstevel@tonic-gate 609904Smcpowers /* 610904Smcpowers * For block ciphers, ciphertext must be a multiple of AES block size. 611904Smcpowers * This test is only valid for ciphers whose blocksize is a power of 2. 612904Smcpowers */ 613904Smcpowers if (((aes_ctx->ac_flags & AES_CTR_MODE) == 0) && 614904Smcpowers (ciphertext->cd_length & (AES_BLOCK_LEN - 1)) != 0) 615904Smcpowers return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE); 616904Smcpowers 6170Sstevel@tonic-gate AES_ARG_INPLACE(ciphertext, plaintext); 6180Sstevel@tonic-gate 6190Sstevel@tonic-gate /* 6200Sstevel@tonic-gate * We need to just return the length needed to store the output. 6210Sstevel@tonic-gate * We should not destroy the context for the following case. 6220Sstevel@tonic-gate */ 6230Sstevel@tonic-gate if (plaintext->cd_length < ciphertext->cd_length) { 6240Sstevel@tonic-gate plaintext->cd_length = ciphertext->cd_length; 6250Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 6260Sstevel@tonic-gate } 6270Sstevel@tonic-gate 6280Sstevel@tonic-gate /* 6290Sstevel@tonic-gate * Do an update on the specified input data. 6300Sstevel@tonic-gate */ 6310Sstevel@tonic-gate ret = aes_decrypt_update(ctx, ciphertext, plaintext, req); 6320Sstevel@tonic-gate ASSERT(aes_ctx->ac_remainder_len == 0); 6330Sstevel@tonic-gate (void) aes_free_context(ctx); 6340Sstevel@tonic-gate 6350Sstevel@tonic-gate /* EXPORT DELETE END */ 6360Sstevel@tonic-gate 6370Sstevel@tonic-gate /* LINTED */ 6380Sstevel@tonic-gate return (ret); 6390Sstevel@tonic-gate } 6400Sstevel@tonic-gate 6410Sstevel@tonic-gate /* ARGSUSED */ 6420Sstevel@tonic-gate static int 6430Sstevel@tonic-gate aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext, 6440Sstevel@tonic-gate crypto_data_t *ciphertext, crypto_req_handle_t req) 6450Sstevel@tonic-gate { 6460Sstevel@tonic-gate off_t saved_offset; 6470Sstevel@tonic-gate size_t saved_length, out_len; 6480Sstevel@tonic-gate int ret = CRYPTO_SUCCESS; 649904Smcpowers aes_ctx_t *aes_ctx; 6500Sstevel@tonic-gate 6510Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 6520Sstevel@tonic-gate 6530Sstevel@tonic-gate AES_ARG_INPLACE(plaintext, ciphertext); 6540Sstevel@tonic-gate 6550Sstevel@tonic-gate /* compute number of bytes that will hold the ciphertext */ 6560Sstevel@tonic-gate out_len = ((aes_ctx_t *)ctx->cc_provider_private)->ac_remainder_len; 6570Sstevel@tonic-gate out_len += plaintext->cd_length; 6580Sstevel@tonic-gate out_len &= ~(AES_BLOCK_LEN - 1); 6590Sstevel@tonic-gate 6600Sstevel@tonic-gate /* return length needed to store the output */ 6610Sstevel@tonic-gate if (ciphertext->cd_length < out_len) { 6620Sstevel@tonic-gate ciphertext->cd_length = out_len; 6630Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 6640Sstevel@tonic-gate } 6650Sstevel@tonic-gate 6660Sstevel@tonic-gate saved_offset = ciphertext->cd_offset; 6670Sstevel@tonic-gate saved_length = ciphertext->cd_length; 6680Sstevel@tonic-gate 6690Sstevel@tonic-gate /* 6700Sstevel@tonic-gate * Do the AES update on the specified input data. 6710Sstevel@tonic-gate */ 6720Sstevel@tonic-gate switch (plaintext->cd_format) { 6730Sstevel@tonic-gate case CRYPTO_DATA_RAW: 6740Sstevel@tonic-gate ret = aes_cipher_update_iov(ctx->cc_provider_private, 6750Sstevel@tonic-gate plaintext, ciphertext, aes_encrypt_contiguous_blocks); 6760Sstevel@tonic-gate break; 6770Sstevel@tonic-gate case CRYPTO_DATA_UIO: 6780Sstevel@tonic-gate ret = aes_cipher_update_uio(ctx->cc_provider_private, 6790Sstevel@tonic-gate plaintext, ciphertext, aes_encrypt_contiguous_blocks); 6800Sstevel@tonic-gate break; 6810Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 6820Sstevel@tonic-gate ret = aes_cipher_update_mp(ctx->cc_provider_private, 6830Sstevel@tonic-gate plaintext, ciphertext, aes_encrypt_contiguous_blocks); 6840Sstevel@tonic-gate break; 6850Sstevel@tonic-gate default: 6860Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 6870Sstevel@tonic-gate } 6880Sstevel@tonic-gate 689904Smcpowers /* 690904Smcpowers * Since AES counter mode is a stream cipher, we call 691904Smcpowers * aes_counter_final() to pick up any remaining bytes. 692904Smcpowers * It is an internal function that does not destroy 693904Smcpowers * the context like *normal* final routines. 694904Smcpowers */ 695904Smcpowers aes_ctx = ctx->cc_provider_private; 696904Smcpowers if ((aes_ctx->ac_flags & AES_CTR_MODE) && 697904Smcpowers (aes_ctx->ac_remainder_len > 0)) { 698904Smcpowers ret = aes_counter_final(aes_ctx, ciphertext); 699904Smcpowers } 700904Smcpowers 7010Sstevel@tonic-gate if (ret == CRYPTO_SUCCESS) { 7020Sstevel@tonic-gate if (plaintext != ciphertext) 7030Sstevel@tonic-gate ciphertext->cd_length = 7040Sstevel@tonic-gate ciphertext->cd_offset - saved_offset; 7050Sstevel@tonic-gate } else { 7060Sstevel@tonic-gate ciphertext->cd_length = saved_length; 7070Sstevel@tonic-gate } 7080Sstevel@tonic-gate ciphertext->cd_offset = saved_offset; 7090Sstevel@tonic-gate 7100Sstevel@tonic-gate return (ret); 7110Sstevel@tonic-gate } 7120Sstevel@tonic-gate 7130Sstevel@tonic-gate /* ARGSUSED */ 7140Sstevel@tonic-gate static int 7150Sstevel@tonic-gate aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext, 7160Sstevel@tonic-gate crypto_data_t *plaintext, crypto_req_handle_t req) 7170Sstevel@tonic-gate { 7180Sstevel@tonic-gate off_t saved_offset; 7190Sstevel@tonic-gate size_t saved_length, out_len; 7200Sstevel@tonic-gate int ret = CRYPTO_SUCCESS; 721904Smcpowers aes_ctx_t *aes_ctx; 7220Sstevel@tonic-gate 7230Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 7240Sstevel@tonic-gate 7250Sstevel@tonic-gate AES_ARG_INPLACE(ciphertext, plaintext); 7260Sstevel@tonic-gate 7270Sstevel@tonic-gate /* compute number of bytes that will hold the plaintext */ 7280Sstevel@tonic-gate out_len = ((aes_ctx_t *)ctx->cc_provider_private)->ac_remainder_len; 7290Sstevel@tonic-gate out_len += ciphertext->cd_length; 7300Sstevel@tonic-gate out_len &= ~(AES_BLOCK_LEN - 1); 7310Sstevel@tonic-gate 7320Sstevel@tonic-gate /* return length needed to store the output */ 7330Sstevel@tonic-gate if (plaintext->cd_length < out_len) { 7340Sstevel@tonic-gate plaintext->cd_length = out_len; 7350Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 7360Sstevel@tonic-gate } 7370Sstevel@tonic-gate 7380Sstevel@tonic-gate saved_offset = plaintext->cd_offset; 7390Sstevel@tonic-gate saved_length = plaintext->cd_length; 7400Sstevel@tonic-gate 7410Sstevel@tonic-gate /* 7420Sstevel@tonic-gate * Do the AES update on the specified input data. 7430Sstevel@tonic-gate */ 7440Sstevel@tonic-gate switch (ciphertext->cd_format) { 7450Sstevel@tonic-gate case CRYPTO_DATA_RAW: 7460Sstevel@tonic-gate ret = aes_cipher_update_iov(ctx->cc_provider_private, 7470Sstevel@tonic-gate ciphertext, plaintext, aes_decrypt_contiguous_blocks); 7480Sstevel@tonic-gate break; 7490Sstevel@tonic-gate case CRYPTO_DATA_UIO: 7500Sstevel@tonic-gate ret = aes_cipher_update_uio(ctx->cc_provider_private, 7510Sstevel@tonic-gate ciphertext, plaintext, aes_decrypt_contiguous_blocks); 7520Sstevel@tonic-gate break; 7530Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 7540Sstevel@tonic-gate ret = aes_cipher_update_mp(ctx->cc_provider_private, 7550Sstevel@tonic-gate ciphertext, plaintext, aes_decrypt_contiguous_blocks); 7560Sstevel@tonic-gate break; 7570Sstevel@tonic-gate default: 7580Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 7590Sstevel@tonic-gate } 7600Sstevel@tonic-gate 761904Smcpowers /* 762904Smcpowers * Since AES counter mode is a stream cipher, we call 763904Smcpowers * aes_counter_final() to pick up any remaining bytes. 764904Smcpowers * It is an internal function that does not destroy 765904Smcpowers * the context like *normal* final routines. 766904Smcpowers */ 767904Smcpowers aes_ctx = ctx->cc_provider_private; 768904Smcpowers if ((aes_ctx->ac_flags & AES_CTR_MODE) && 769904Smcpowers (aes_ctx->ac_remainder_len > 0)) { 770904Smcpowers ret = aes_counter_final(aes_ctx, plaintext); 771904Smcpowers } 772904Smcpowers 7730Sstevel@tonic-gate if (ret == CRYPTO_SUCCESS) { 7740Sstevel@tonic-gate if (ciphertext != plaintext) 7750Sstevel@tonic-gate plaintext->cd_length = 7760Sstevel@tonic-gate plaintext->cd_offset - saved_offset; 7770Sstevel@tonic-gate } else { 7780Sstevel@tonic-gate plaintext->cd_length = saved_length; 7790Sstevel@tonic-gate } 7800Sstevel@tonic-gate plaintext->cd_offset = saved_offset; 7810Sstevel@tonic-gate 782904Smcpowers 7830Sstevel@tonic-gate return (ret); 7840Sstevel@tonic-gate } 7850Sstevel@tonic-gate 7860Sstevel@tonic-gate /* ARGSUSED */ 7870Sstevel@tonic-gate static int 7880Sstevel@tonic-gate aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data, 7890Sstevel@tonic-gate crypto_req_handle_t req) 7900Sstevel@tonic-gate { 7910Sstevel@tonic-gate 7920Sstevel@tonic-gate /* EXPORT DELETE START */ 7930Sstevel@tonic-gate 7940Sstevel@tonic-gate aes_ctx_t *aes_ctx; 795904Smcpowers int ret; 7960Sstevel@tonic-gate 7970Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 7980Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 7990Sstevel@tonic-gate 800904Smcpowers if (data->cd_format != CRYPTO_DATA_RAW && 801904Smcpowers data->cd_format != CRYPTO_DATA_UIO && 802904Smcpowers data->cd_format != CRYPTO_DATA_MBLK) { 803904Smcpowers return (CRYPTO_ARGUMENTS_BAD); 804904Smcpowers } 805904Smcpowers 8060Sstevel@tonic-gate /* 8070Sstevel@tonic-gate * There must be no unprocessed plaintext. 8080Sstevel@tonic-gate * This happens if the length of the last data is 8090Sstevel@tonic-gate * not a multiple of the AES block length. 8100Sstevel@tonic-gate */ 811904Smcpowers if (aes_ctx->ac_remainder_len > 0) { 812904Smcpowers if ((aes_ctx->ac_flags & AES_CTR_MODE) == 0) 813904Smcpowers return (CRYPTO_DATA_LEN_RANGE); 814904Smcpowers else { 815904Smcpowers ret = aes_counter_final(aes_ctx, data); 816904Smcpowers if (ret != CRYPTO_SUCCESS) 817904Smcpowers return (ret); 818904Smcpowers } 819904Smcpowers } 820904Smcpowers 821904Smcpowers if ((aes_ctx->ac_flags & AES_CTR_MODE) == 0) 822904Smcpowers data->cd_length = 0; 8230Sstevel@tonic-gate 8240Sstevel@tonic-gate (void) aes_free_context(ctx); 8250Sstevel@tonic-gate 8260Sstevel@tonic-gate /* EXPORT DELETE END */ 8270Sstevel@tonic-gate 8280Sstevel@tonic-gate return (CRYPTO_SUCCESS); 8290Sstevel@tonic-gate } 8300Sstevel@tonic-gate 8310Sstevel@tonic-gate /* ARGSUSED */ 8320Sstevel@tonic-gate static int 8330Sstevel@tonic-gate aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data, 8340Sstevel@tonic-gate crypto_req_handle_t req) 8350Sstevel@tonic-gate { 8360Sstevel@tonic-gate 8370Sstevel@tonic-gate /* EXPORT DELETE START */ 8380Sstevel@tonic-gate 8390Sstevel@tonic-gate aes_ctx_t *aes_ctx; 840904Smcpowers int ret; 8410Sstevel@tonic-gate 8420Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 8430Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 8440Sstevel@tonic-gate 845904Smcpowers if (data->cd_format != CRYPTO_DATA_RAW && 846904Smcpowers data->cd_format != CRYPTO_DATA_UIO && 847904Smcpowers data->cd_format != CRYPTO_DATA_MBLK) { 848904Smcpowers return (CRYPTO_ARGUMENTS_BAD); 849904Smcpowers } 850904Smcpowers 8510Sstevel@tonic-gate /* 8520Sstevel@tonic-gate * There must be no unprocessed ciphertext. 8530Sstevel@tonic-gate * This happens if the length of the last ciphertext is 8540Sstevel@tonic-gate * not a multiple of the AES block length. 8550Sstevel@tonic-gate */ 856904Smcpowers if (aes_ctx->ac_remainder_len > 0) { 857904Smcpowers if ((aes_ctx->ac_flags & AES_CTR_MODE) == 0) 858904Smcpowers return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE); 859904Smcpowers else { 860904Smcpowers ret = aes_counter_final(aes_ctx, data); 861904Smcpowers if (ret != CRYPTO_SUCCESS) 862904Smcpowers return (ret); 863904Smcpowers } 864904Smcpowers } 865904Smcpowers 866904Smcpowers if ((aes_ctx->ac_flags & AES_CTR_MODE) == 0) 867904Smcpowers data->cd_length = 0; 8680Sstevel@tonic-gate 8690Sstevel@tonic-gate (void) aes_free_context(ctx); 8700Sstevel@tonic-gate 8710Sstevel@tonic-gate /* EXPORT DELETE END */ 8720Sstevel@tonic-gate 8730Sstevel@tonic-gate return (CRYPTO_SUCCESS); 8740Sstevel@tonic-gate } 8750Sstevel@tonic-gate 8760Sstevel@tonic-gate /* ARGSUSED */ 8770Sstevel@tonic-gate static int 8780Sstevel@tonic-gate aes_encrypt_atomic(crypto_provider_handle_t provider, 8790Sstevel@tonic-gate crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 8800Sstevel@tonic-gate crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext, 8810Sstevel@tonic-gate crypto_spi_ctx_template_t template, crypto_req_handle_t req) 8820Sstevel@tonic-gate { 8830Sstevel@tonic-gate aes_ctx_t aes_ctx; /* on the stack */ 8840Sstevel@tonic-gate off_t saved_offset; 8850Sstevel@tonic-gate size_t saved_length; 8860Sstevel@tonic-gate int ret; 8870Sstevel@tonic-gate 8880Sstevel@tonic-gate AES_ARG_INPLACE(plaintext, ciphertext); 8890Sstevel@tonic-gate 890904Smcpowers if (mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) { 891904Smcpowers /* 892904Smcpowers * Plaintext must be a multiple of AES block size. 893904Smcpowers * This test only works for non-padded mechanisms 894904Smcpowers * when blocksize is 2^N. 895904Smcpowers */ 896904Smcpowers if ((plaintext->cd_length & (AES_BLOCK_LEN - 1)) != 0) 897904Smcpowers return (CRYPTO_DATA_LEN_RANGE); 898904Smcpowers } 8990Sstevel@tonic-gate 9000Sstevel@tonic-gate /* return length needed to store the output */ 9010Sstevel@tonic-gate if (ciphertext->cd_length < plaintext->cd_length) { 9020Sstevel@tonic-gate ciphertext->cd_length = plaintext->cd_length; 9030Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 9040Sstevel@tonic-gate } 9050Sstevel@tonic-gate 906991Smcpowers if ((ret = aes_check_mech_param(mechanism)) != CRYPTO_SUCCESS) 907991Smcpowers return (ret); 9080Sstevel@tonic-gate 9090Sstevel@tonic-gate bzero(&aes_ctx, sizeof (aes_ctx_t)); 9100Sstevel@tonic-gate 9110Sstevel@tonic-gate ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key, 9120Sstevel@tonic-gate crypto_kmflag(req)); 9130Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 9140Sstevel@tonic-gate return (ret); 9150Sstevel@tonic-gate 9160Sstevel@tonic-gate saved_offset = ciphertext->cd_offset; 9170Sstevel@tonic-gate saved_length = ciphertext->cd_length; 9180Sstevel@tonic-gate 9190Sstevel@tonic-gate /* 9200Sstevel@tonic-gate * Do an update on the specified input data. 9210Sstevel@tonic-gate */ 9220Sstevel@tonic-gate switch (plaintext->cd_format) { 9230Sstevel@tonic-gate case CRYPTO_DATA_RAW: 9240Sstevel@tonic-gate ret = aes_cipher_update_iov(&aes_ctx, plaintext, ciphertext, 9250Sstevel@tonic-gate aes_encrypt_contiguous_blocks); 9260Sstevel@tonic-gate break; 9270Sstevel@tonic-gate case CRYPTO_DATA_UIO: 9280Sstevel@tonic-gate ret = aes_cipher_update_uio(&aes_ctx, plaintext, ciphertext, 9290Sstevel@tonic-gate aes_encrypt_contiguous_blocks); 9300Sstevel@tonic-gate break; 9310Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 9320Sstevel@tonic-gate ret = aes_cipher_update_mp(&aes_ctx, plaintext, ciphertext, 9330Sstevel@tonic-gate aes_encrypt_contiguous_blocks); 9340Sstevel@tonic-gate break; 9350Sstevel@tonic-gate default: 9360Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 9370Sstevel@tonic-gate } 9380Sstevel@tonic-gate 939904Smcpowers if (ret == CRYPTO_SUCCESS) { 940904Smcpowers if (mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) { 941904Smcpowers ASSERT(aes_ctx.ac_remainder_len == 0); 942904Smcpowers if (plaintext != ciphertext) 943904Smcpowers ciphertext->cd_length = 944904Smcpowers ciphertext->cd_offset - saved_offset; 945904Smcpowers } else { 946904Smcpowers if (aes_ctx.ac_remainder_len > 0) { 947904Smcpowers ret = aes_counter_final(&aes_ctx, ciphertext); 948904Smcpowers if (ret != CRYPTO_SUCCESS) 949904Smcpowers goto out; 950904Smcpowers } 951904Smcpowers if (plaintext != ciphertext) 952904Smcpowers ciphertext->cd_length = 953904Smcpowers ciphertext->cd_offset - saved_offset; 954904Smcpowers } 955904Smcpowers } else { 956904Smcpowers ciphertext->cd_length = saved_length; 957904Smcpowers } 958904Smcpowers ciphertext->cd_offset = saved_offset; 959904Smcpowers 960904Smcpowers out: 9610Sstevel@tonic-gate if (aes_ctx.ac_flags & AES_PROVIDER_OWNS_KEY_SCHEDULE) { 9620Sstevel@tonic-gate bzero(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 9630Sstevel@tonic-gate kmem_free(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 9640Sstevel@tonic-gate } 9650Sstevel@tonic-gate 9660Sstevel@tonic-gate return (ret); 9670Sstevel@tonic-gate } 9680Sstevel@tonic-gate 9690Sstevel@tonic-gate /* ARGSUSED */ 9700Sstevel@tonic-gate static int 9710Sstevel@tonic-gate aes_decrypt_atomic(crypto_provider_handle_t provider, 9720Sstevel@tonic-gate crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 9730Sstevel@tonic-gate crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext, 9740Sstevel@tonic-gate crypto_spi_ctx_template_t template, crypto_req_handle_t req) 9750Sstevel@tonic-gate { 9760Sstevel@tonic-gate aes_ctx_t aes_ctx; /* on the stack */ 9770Sstevel@tonic-gate off_t saved_offset; 9780Sstevel@tonic-gate size_t saved_length; 9790Sstevel@tonic-gate int ret; 9800Sstevel@tonic-gate 9810Sstevel@tonic-gate AES_ARG_INPLACE(ciphertext, plaintext); 9820Sstevel@tonic-gate 983904Smcpowers if (mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) { 984904Smcpowers /* 985904Smcpowers * Ciphertext must be a multiple of AES block size. 986904Smcpowers * This test only works for non-padded mechanisms 987904Smcpowers * when blocksize is 2^N. 988904Smcpowers */ 989904Smcpowers if ((ciphertext->cd_length & (AES_BLOCK_LEN - 1)) != 0) 990904Smcpowers return (CRYPTO_DATA_LEN_RANGE); 991904Smcpowers } 9920Sstevel@tonic-gate 9930Sstevel@tonic-gate /* return length needed to store the output */ 9940Sstevel@tonic-gate if (plaintext->cd_length < ciphertext->cd_length) { 9950Sstevel@tonic-gate plaintext->cd_length = ciphertext->cd_length; 9960Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 9970Sstevel@tonic-gate } 9980Sstevel@tonic-gate 999991Smcpowers if ((ret = aes_check_mech_param(mechanism)) != CRYPTO_SUCCESS) 1000991Smcpowers return (ret); 10010Sstevel@tonic-gate 10020Sstevel@tonic-gate bzero(&aes_ctx, sizeof (aes_ctx_t)); 10030Sstevel@tonic-gate 10040Sstevel@tonic-gate ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key, 10050Sstevel@tonic-gate crypto_kmflag(req)); 10060Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 10070Sstevel@tonic-gate return (ret); 10080Sstevel@tonic-gate 10090Sstevel@tonic-gate saved_offset = plaintext->cd_offset; 10100Sstevel@tonic-gate saved_length = plaintext->cd_length; 10110Sstevel@tonic-gate 10120Sstevel@tonic-gate /* 10130Sstevel@tonic-gate * Do an update on the specified input data. 10140Sstevel@tonic-gate */ 10150Sstevel@tonic-gate switch (ciphertext->cd_format) { 10160Sstevel@tonic-gate case CRYPTO_DATA_RAW: 10170Sstevel@tonic-gate ret = aes_cipher_update_iov(&aes_ctx, ciphertext, plaintext, 10180Sstevel@tonic-gate aes_decrypt_contiguous_blocks); 10190Sstevel@tonic-gate break; 10200Sstevel@tonic-gate case CRYPTO_DATA_UIO: 10210Sstevel@tonic-gate ret = aes_cipher_update_uio(&aes_ctx, ciphertext, plaintext, 10220Sstevel@tonic-gate aes_decrypt_contiguous_blocks); 10230Sstevel@tonic-gate break; 10240Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 10250Sstevel@tonic-gate ret = aes_cipher_update_mp(&aes_ctx, ciphertext, plaintext, 10260Sstevel@tonic-gate aes_decrypt_contiguous_blocks); 10270Sstevel@tonic-gate break; 10280Sstevel@tonic-gate default: 10290Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 10300Sstevel@tonic-gate } 10310Sstevel@tonic-gate 1032904Smcpowers if (ret == CRYPTO_SUCCESS) { 1033904Smcpowers if (mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) { 1034904Smcpowers ASSERT(aes_ctx.ac_remainder_len == 0); 1035904Smcpowers if (ciphertext != plaintext) 1036904Smcpowers plaintext->cd_length = 1037904Smcpowers plaintext->cd_offset - saved_offset; 1038904Smcpowers } else { 1039904Smcpowers if (aes_ctx.ac_remainder_len > 0) { 1040904Smcpowers ret = aes_counter_final(&aes_ctx, plaintext); 1041904Smcpowers if (ret != CRYPTO_SUCCESS) 1042904Smcpowers goto out; 1043904Smcpowers } 1044904Smcpowers if (ciphertext != plaintext) 1045904Smcpowers plaintext->cd_length = 1046904Smcpowers plaintext->cd_offset - saved_offset; 1047904Smcpowers } 1048904Smcpowers } else { 1049904Smcpowers plaintext->cd_length = saved_length; 1050904Smcpowers } 1051904Smcpowers plaintext->cd_offset = saved_offset; 1052904Smcpowers 1053904Smcpowers out: 10540Sstevel@tonic-gate if (aes_ctx.ac_flags & AES_PROVIDER_OWNS_KEY_SCHEDULE) { 10550Sstevel@tonic-gate bzero(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 10560Sstevel@tonic-gate kmem_free(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 10570Sstevel@tonic-gate } 10580Sstevel@tonic-gate 10590Sstevel@tonic-gate return (ret); 10600Sstevel@tonic-gate } 10610Sstevel@tonic-gate 10620Sstevel@tonic-gate /* 10630Sstevel@tonic-gate * KCF software provider context template entry points. 10640Sstevel@tonic-gate */ 10650Sstevel@tonic-gate /* ARGSUSED */ 10660Sstevel@tonic-gate static int 10670Sstevel@tonic-gate aes_create_ctx_template(crypto_provider_handle_t provider, 10680Sstevel@tonic-gate crypto_mechanism_t *mechanism, crypto_key_t *key, 10690Sstevel@tonic-gate crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req) 10700Sstevel@tonic-gate { 10710Sstevel@tonic-gate 10720Sstevel@tonic-gate /* EXPORT DELETE START */ 10730Sstevel@tonic-gate 10740Sstevel@tonic-gate void *keysched; 10750Sstevel@tonic-gate size_t size; 10760Sstevel@tonic-gate int rv; 10770Sstevel@tonic-gate 1078991Smcpowers if (mechanism->cm_type != AES_ECB_MECH_INFO_TYPE && 1079991Smcpowers mechanism->cm_type != AES_CBC_MECH_INFO_TYPE && 1080991Smcpowers mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) 10810Sstevel@tonic-gate return (CRYPTO_MECHANISM_INVALID); 10820Sstevel@tonic-gate 10830Sstevel@tonic-gate if ((keysched = aes_alloc_keysched(&size, 10840Sstevel@tonic-gate crypto_kmflag(req))) == NULL) { 10850Sstevel@tonic-gate return (CRYPTO_HOST_MEMORY); 10860Sstevel@tonic-gate } 10870Sstevel@tonic-gate 10880Sstevel@tonic-gate /* 10890Sstevel@tonic-gate * Initialize key schedule. Key length information is stored 10900Sstevel@tonic-gate * in the key. 10910Sstevel@tonic-gate */ 10920Sstevel@tonic-gate if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) { 10930Sstevel@tonic-gate bzero(keysched, size); 10940Sstevel@tonic-gate kmem_free(keysched, size); 10950Sstevel@tonic-gate return (rv); 10960Sstevel@tonic-gate } 10970Sstevel@tonic-gate 10980Sstevel@tonic-gate *tmpl = keysched; 10990Sstevel@tonic-gate *tmpl_size = size; 11000Sstevel@tonic-gate 11010Sstevel@tonic-gate /* EXPORT DELETE END */ 11020Sstevel@tonic-gate 11030Sstevel@tonic-gate return (CRYPTO_SUCCESS); 11040Sstevel@tonic-gate } 11050Sstevel@tonic-gate 11060Sstevel@tonic-gate /* ARGSUSED */ 11070Sstevel@tonic-gate static int 11080Sstevel@tonic-gate aes_free_context(crypto_ctx_t *ctx) 11090Sstevel@tonic-gate { 11100Sstevel@tonic-gate 11110Sstevel@tonic-gate /* EXPORT DELETE START */ 11120Sstevel@tonic-gate 11130Sstevel@tonic-gate aes_ctx_t *aes_ctx = ctx->cc_provider_private; 11140Sstevel@tonic-gate 11150Sstevel@tonic-gate if (aes_ctx != NULL) { 11160Sstevel@tonic-gate if (aes_ctx->ac_flags & AES_PROVIDER_OWNS_KEY_SCHEDULE) { 11170Sstevel@tonic-gate ASSERT(aes_ctx->ac_keysched_len != 0); 11180Sstevel@tonic-gate bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len); 11190Sstevel@tonic-gate kmem_free(aes_ctx->ac_keysched, 11200Sstevel@tonic-gate aes_ctx->ac_keysched_len); 11210Sstevel@tonic-gate } 11220Sstevel@tonic-gate kmem_free(aes_ctx, sizeof (aes_ctx_t)); 11230Sstevel@tonic-gate ctx->cc_provider_private = NULL; 11240Sstevel@tonic-gate } 11250Sstevel@tonic-gate 11260Sstevel@tonic-gate /* EXPORT DELETE END */ 11270Sstevel@tonic-gate 11280Sstevel@tonic-gate return (CRYPTO_SUCCESS); 11290Sstevel@tonic-gate } 11300Sstevel@tonic-gate 11310Sstevel@tonic-gate /* ARGSUSED */ 11320Sstevel@tonic-gate static int 11330Sstevel@tonic-gate aes_common_init_ctx(aes_ctx_t *aes_ctx, crypto_spi_ctx_template_t *template, 11340Sstevel@tonic-gate crypto_mechanism_t *mechanism, crypto_key_t *key, int kmflag) 11350Sstevel@tonic-gate { 11360Sstevel@tonic-gate int rv = CRYPTO_SUCCESS; 11370Sstevel@tonic-gate 11380Sstevel@tonic-gate /* EXPORT DELETE START */ 11390Sstevel@tonic-gate 11400Sstevel@tonic-gate void *keysched; 11410Sstevel@tonic-gate size_t size; 11420Sstevel@tonic-gate 1143904Smcpowers aes_ctx->ac_flags = 0; 11440Sstevel@tonic-gate 11450Sstevel@tonic-gate if (mechanism->cm_type == AES_CBC_MECH_INFO_TYPE) { 11460Sstevel@tonic-gate /* 1147904Smcpowers * Copy 128-bit IV into context. 11480Sstevel@tonic-gate * 11490Sstevel@tonic-gate * If cm_param == NULL then the IV comes from the 11500Sstevel@tonic-gate * cd_miscdata field in the crypto_data structure. 11510Sstevel@tonic-gate */ 11520Sstevel@tonic-gate if (mechanism->cm_param != NULL) { 11530Sstevel@tonic-gate ASSERT(mechanism->cm_param_len == AES_BLOCK_LEN); 11540Sstevel@tonic-gate if (IS_P2ALIGNED(mechanism->cm_param, 11550Sstevel@tonic-gate sizeof (uint64_t))) { 11560Sstevel@tonic-gate uint64_t *param64; 11570Sstevel@tonic-gate param64 = (uint64_t *)mechanism->cm_param; 11580Sstevel@tonic-gate 11590Sstevel@tonic-gate aes_ctx->ac_iv[0] = *param64++; 11600Sstevel@tonic-gate aes_ctx->ac_iv[1] = *param64; 11610Sstevel@tonic-gate } else { 11620Sstevel@tonic-gate uint8_t *iv8; 11630Sstevel@tonic-gate uint8_t *p8; 11640Sstevel@tonic-gate iv8 = (uint8_t *)&aes_ctx->ac_iv; 11650Sstevel@tonic-gate p8 = (uint8_t *)&mechanism->cm_param[0]; 11660Sstevel@tonic-gate 11670Sstevel@tonic-gate iv8[0] = p8[0]; 11680Sstevel@tonic-gate iv8[1] = p8[1]; 11690Sstevel@tonic-gate iv8[2] = p8[2]; 11700Sstevel@tonic-gate iv8[3] = p8[3]; 11710Sstevel@tonic-gate iv8[4] = p8[4]; 11720Sstevel@tonic-gate iv8[5] = p8[5]; 11730Sstevel@tonic-gate iv8[6] = p8[6]; 11740Sstevel@tonic-gate iv8[7] = p8[7]; 11750Sstevel@tonic-gate iv8[8] = p8[8]; 11760Sstevel@tonic-gate iv8[9] = p8[9]; 11770Sstevel@tonic-gate iv8[10] = p8[10]; 11780Sstevel@tonic-gate iv8[11] = p8[11]; 11790Sstevel@tonic-gate iv8[12] = p8[12]; 11800Sstevel@tonic-gate iv8[13] = p8[13]; 11810Sstevel@tonic-gate iv8[14] = p8[14]; 11820Sstevel@tonic-gate iv8[15] = p8[15]; 11830Sstevel@tonic-gate } 11840Sstevel@tonic-gate } 11850Sstevel@tonic-gate 11860Sstevel@tonic-gate aes_ctx->ac_lastp = (uint8_t *)&aes_ctx->ac_iv[0]; 11870Sstevel@tonic-gate aes_ctx->ac_flags |= AES_CBC_MODE; 1188904Smcpowers 1189904Smcpowers } else if (mechanism->cm_type == AES_CTR_MECH_INFO_TYPE) { 1190904Smcpowers if (mechanism->cm_param != NULL) { 1191904Smcpowers CK_AES_CTR_PARAMS *pp; 1192904Smcpowers uint64_t mask = 0; 1193904Smcpowers ulong_t count; 1194904Smcpowers uint8_t *iv8; 1195904Smcpowers uint8_t *p8; 1196904Smcpowers 1197904Smcpowers pp = (CK_AES_CTR_PARAMS *)mechanism->cm_param; 1198904Smcpowers iv8 = (uint8_t *)&aes_ctx->ac_iv; 1199904Smcpowers p8 = (uint8_t *)&pp->cb[0]; 1200904Smcpowers 1201904Smcpowers /* XXX what to do about miscdata */ 1202904Smcpowers count = pp->ulCounterBits; 1203904Smcpowers if (count == 0 || count > 64) { 1204904Smcpowers return (CRYPTO_MECHANISM_PARAM_INVALID); 1205904Smcpowers } 1206904Smcpowers while (count-- > 0) 1207904Smcpowers mask |= (1ULL << count); 1208904Smcpowers 1209904Smcpowers aes_ctx->ac_counter_mask = mask; 1210904Smcpowers 1211904Smcpowers iv8[0] = p8[0]; 1212904Smcpowers iv8[1] = p8[1]; 1213904Smcpowers iv8[2] = p8[2]; 1214904Smcpowers iv8[3] = p8[3]; 1215904Smcpowers iv8[4] = p8[4]; 1216904Smcpowers iv8[5] = p8[5]; 1217904Smcpowers iv8[6] = p8[6]; 1218904Smcpowers iv8[7] = p8[7]; 1219904Smcpowers iv8[8] = p8[8]; 1220904Smcpowers iv8[9] = p8[9]; 1221904Smcpowers iv8[10] = p8[10]; 1222904Smcpowers iv8[11] = p8[11]; 1223904Smcpowers iv8[12] = p8[12]; 1224904Smcpowers iv8[13] = p8[13]; 1225904Smcpowers iv8[14] = p8[14]; 1226904Smcpowers iv8[15] = p8[15]; 1227904Smcpowers } else { 1228904Smcpowers return (CRYPTO_MECHANISM_PARAM_INVALID); 1229904Smcpowers } 1230904Smcpowers 1231904Smcpowers aes_ctx->ac_lastp = (uint8_t *)&aes_ctx->ac_iv[0]; 1232904Smcpowers aes_ctx->ac_flags |= AES_CTR_MODE; 1233904Smcpowers } else { 1234904Smcpowers aes_ctx->ac_flags |= AES_ECB_MODE; 1235904Smcpowers } 1236904Smcpowers 1237904Smcpowers if (template == NULL) { 1238904Smcpowers if ((keysched = aes_alloc_keysched(&size, kmflag)) == NULL) 1239904Smcpowers return (CRYPTO_HOST_MEMORY); 1240904Smcpowers /* 1241904Smcpowers * Initialize key schedule. 1242904Smcpowers * Key length is stored in the key. 1243904Smcpowers */ 1244904Smcpowers if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) 1245904Smcpowers kmem_free(keysched, size); 1246904Smcpowers 1247904Smcpowers aes_ctx->ac_flags |= AES_PROVIDER_OWNS_KEY_SCHEDULE; 1248904Smcpowers aes_ctx->ac_keysched_len = size; 1249904Smcpowers } else { 1250904Smcpowers keysched = template; 12510Sstevel@tonic-gate } 12520Sstevel@tonic-gate aes_ctx->ac_keysched = keysched; 12530Sstevel@tonic-gate 12540Sstevel@tonic-gate /* EXPORT DELETE END */ 12550Sstevel@tonic-gate 12560Sstevel@tonic-gate return (rv); 12570Sstevel@tonic-gate } 1258