10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
53708Skrishna * Common Development and Distribution License (the "License").
63708Skrishna * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
2211413Sopensolaris@drydog.com * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate /*
270Sstevel@tonic-gate * RC4 provider for the Kernel Cryptographic Framework (KCF)
280Sstevel@tonic-gate */
290Sstevel@tonic-gate
300Sstevel@tonic-gate #include <sys/types.h>
310Sstevel@tonic-gate #include <sys/systm.h>
320Sstevel@tonic-gate #include <sys/modctl.h>
330Sstevel@tonic-gate #include <sys/cmn_err.h>
340Sstevel@tonic-gate #include <sys/ddi.h>
350Sstevel@tonic-gate #include <sys/crypto/common.h>
360Sstevel@tonic-gate #include <sys/crypto/spi.h>
370Sstevel@tonic-gate #include <sys/sysmacros.h>
380Sstevel@tonic-gate #include <sys/strsun.h>
390Sstevel@tonic-gate #include <arcfour.h>
400Sstevel@tonic-gate
410Sstevel@tonic-gate extern struct mod_ops mod_cryptoops;
420Sstevel@tonic-gate
430Sstevel@tonic-gate /*
440Sstevel@tonic-gate * Module linkage information for the kernel.
450Sstevel@tonic-gate */
460Sstevel@tonic-gate static struct modlcrypto modlcrypto = {
470Sstevel@tonic-gate &mod_cryptoops,
485072Smcpowers "RC4 Kernel SW Provider"
490Sstevel@tonic-gate };
500Sstevel@tonic-gate
510Sstevel@tonic-gate static struct modlinkage modlinkage = {
520Sstevel@tonic-gate MODREV_1,
530Sstevel@tonic-gate (void *)&modlcrypto,
540Sstevel@tonic-gate NULL
550Sstevel@tonic-gate };
560Sstevel@tonic-gate
570Sstevel@tonic-gate /*
580Sstevel@tonic-gate * CSPI information (entry points, provider info, etc.)
590Sstevel@tonic-gate */
600Sstevel@tonic-gate
610Sstevel@tonic-gate #define RC4_MECH_INFO_TYPE 0
620Sstevel@tonic-gate /*
630Sstevel@tonic-gate * Mechanism info structure passed to KCF during registration.
640Sstevel@tonic-gate */
650Sstevel@tonic-gate static crypto_mech_info_t rc4_mech_info_tab[] = {
660Sstevel@tonic-gate {SUN_CKM_RC4, RC4_MECH_INFO_TYPE,
670Sstevel@tonic-gate CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
680Sstevel@tonic-gate CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
690Sstevel@tonic-gate ARCFOUR_MIN_KEY_BITS, ARCFOUR_MAX_KEY_BITS,
703708Skrishna CRYPTO_KEYSIZE_UNIT_IN_BITS | CRYPTO_CAN_SHARE_OPSTATE}
710Sstevel@tonic-gate };
720Sstevel@tonic-gate
730Sstevel@tonic-gate static void rc4_provider_status(crypto_provider_handle_t, uint_t *);
740Sstevel@tonic-gate
750Sstevel@tonic-gate static crypto_control_ops_t rc4_control_ops = {
760Sstevel@tonic-gate rc4_provider_status
770Sstevel@tonic-gate };
780Sstevel@tonic-gate
790Sstevel@tonic-gate static int rc4_common_init(crypto_ctx_t *, crypto_mechanism_t *,
800Sstevel@tonic-gate crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
810Sstevel@tonic-gate
820Sstevel@tonic-gate static int rc4_crypt_update(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
830Sstevel@tonic-gate crypto_req_handle_t);
840Sstevel@tonic-gate
850Sstevel@tonic-gate static int rc4_crypt_final(crypto_ctx_t *, crypto_data_t *,
860Sstevel@tonic-gate crypto_req_handle_t);
870Sstevel@tonic-gate
880Sstevel@tonic-gate static int rc4_crypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
890Sstevel@tonic-gate crypto_req_handle_t);
900Sstevel@tonic-gate
910Sstevel@tonic-gate static int rc4_crypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
920Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
930Sstevel@tonic-gate crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
940Sstevel@tonic-gate
950Sstevel@tonic-gate
960Sstevel@tonic-gate static crypto_cipher_ops_t rc4_cipher_ops = {
970Sstevel@tonic-gate rc4_common_init,
980Sstevel@tonic-gate rc4_crypt,
990Sstevel@tonic-gate rc4_crypt_update,
1000Sstevel@tonic-gate rc4_crypt_final,
1010Sstevel@tonic-gate rc4_crypt_atomic,
1020Sstevel@tonic-gate rc4_common_init,
1030Sstevel@tonic-gate rc4_crypt,
1040Sstevel@tonic-gate rc4_crypt_update,
1050Sstevel@tonic-gate rc4_crypt_final,
1060Sstevel@tonic-gate rc4_crypt_atomic
1070Sstevel@tonic-gate };
1080Sstevel@tonic-gate
1090Sstevel@tonic-gate static int rc4_free_context(crypto_ctx_t *);
1100Sstevel@tonic-gate
1110Sstevel@tonic-gate static crypto_ctx_ops_t rc4_ctx_ops = {
1120Sstevel@tonic-gate NULL,
1130Sstevel@tonic-gate rc4_free_context
1140Sstevel@tonic-gate };
1150Sstevel@tonic-gate
1160Sstevel@tonic-gate static crypto_ops_t rc4_crypto_ops = {
1170Sstevel@tonic-gate &rc4_control_ops,
1180Sstevel@tonic-gate NULL,
1190Sstevel@tonic-gate &rc4_cipher_ops,
1200Sstevel@tonic-gate NULL,
1210Sstevel@tonic-gate NULL,
1220Sstevel@tonic-gate NULL,
1230Sstevel@tonic-gate NULL,
1240Sstevel@tonic-gate NULL,
1250Sstevel@tonic-gate NULL,
1260Sstevel@tonic-gate NULL,
1270Sstevel@tonic-gate NULL,
1280Sstevel@tonic-gate NULL,
1290Sstevel@tonic-gate NULL,
1300Sstevel@tonic-gate &rc4_ctx_ops
1310Sstevel@tonic-gate };
1320Sstevel@tonic-gate
1330Sstevel@tonic-gate static crypto_provider_info_t rc4_prov_info = {
1340Sstevel@tonic-gate CRYPTO_SPI_VERSION_1,
1350Sstevel@tonic-gate "RC4 Software Provider",
1360Sstevel@tonic-gate CRYPTO_SW_PROVIDER,
1370Sstevel@tonic-gate {&modlinkage},
1380Sstevel@tonic-gate NULL,
1390Sstevel@tonic-gate &rc4_crypto_ops,
1400Sstevel@tonic-gate sizeof (rc4_mech_info_tab)/sizeof (crypto_mech_info_t),
1410Sstevel@tonic-gate rc4_mech_info_tab
1420Sstevel@tonic-gate };
1430Sstevel@tonic-gate
1440Sstevel@tonic-gate static crypto_kcf_provider_handle_t rc4_prov_handle = NULL;
1450Sstevel@tonic-gate
1460Sstevel@tonic-gate static mblk_t *advance_position(mblk_t *, off_t, uchar_t **);
1470Sstevel@tonic-gate static int crypto_arcfour_crypt(ARCFour_key *, uchar_t *, crypto_data_t *,
1480Sstevel@tonic-gate int);
1490Sstevel@tonic-gate
1500Sstevel@tonic-gate int
_init(void)1510Sstevel@tonic-gate _init(void)
1520Sstevel@tonic-gate {
1530Sstevel@tonic-gate int ret;
1540Sstevel@tonic-gate
155*11751SAnthony.Scarpino@Sun.COM if ((ret = mod_install(&modlinkage)) != 0)
156*11751SAnthony.Scarpino@Sun.COM return (ret);
1570Sstevel@tonic-gate
158*11751SAnthony.Scarpino@Sun.COM /* Register with KCF. If the registration fails, remove the module. */
159*11751SAnthony.Scarpino@Sun.COM if (crypto_register_provider(&rc4_prov_info, &rc4_prov_handle)) {
160*11751SAnthony.Scarpino@Sun.COM (void) mod_remove(&modlinkage);
161*11751SAnthony.Scarpino@Sun.COM return (EACCES);
1620Sstevel@tonic-gate }
1630Sstevel@tonic-gate
1640Sstevel@tonic-gate return (0);
1650Sstevel@tonic-gate }
1660Sstevel@tonic-gate
1670Sstevel@tonic-gate int
_fini(void)1680Sstevel@tonic-gate _fini(void)
1690Sstevel@tonic-gate {
170*11751SAnthony.Scarpino@Sun.COM /* Unregister from KCF if module is registered */
1710Sstevel@tonic-gate if (rc4_prov_handle != NULL) {
172*11751SAnthony.Scarpino@Sun.COM if (crypto_unregister_provider(rc4_prov_handle))
1730Sstevel@tonic-gate return (EBUSY);
174*11751SAnthony.Scarpino@Sun.COM
1750Sstevel@tonic-gate rc4_prov_handle = NULL;
1760Sstevel@tonic-gate }
1770Sstevel@tonic-gate
1780Sstevel@tonic-gate return (mod_remove(&modlinkage));
1790Sstevel@tonic-gate }
1800Sstevel@tonic-gate
1810Sstevel@tonic-gate int
_info(struct modinfo * modinfop)1820Sstevel@tonic-gate _info(struct modinfo *modinfop)
1830Sstevel@tonic-gate {
1840Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop));
1850Sstevel@tonic-gate }
1860Sstevel@tonic-gate
1870Sstevel@tonic-gate
1880Sstevel@tonic-gate /*
1890Sstevel@tonic-gate * KCF software provider control entry points.
1900Sstevel@tonic-gate */
1910Sstevel@tonic-gate /* ARGSUSED */
1920Sstevel@tonic-gate static void
rc4_provider_status(crypto_provider_handle_t provider,uint_t * status)1930Sstevel@tonic-gate rc4_provider_status(crypto_provider_handle_t provider, uint_t *status)
1940Sstevel@tonic-gate {
1950Sstevel@tonic-gate *status = CRYPTO_PROVIDER_READY;
1960Sstevel@tonic-gate }
1970Sstevel@tonic-gate
1980Sstevel@tonic-gate /* ARGSUSED */
1990Sstevel@tonic-gate static int
rc4_common_init(crypto_ctx_t * ctx,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_spi_ctx_template_t template,crypto_req_handle_t req)2000Sstevel@tonic-gate rc4_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
2010Sstevel@tonic-gate crypto_key_t *key, crypto_spi_ctx_template_t template,
2020Sstevel@tonic-gate crypto_req_handle_t req)
2030Sstevel@tonic-gate {
2040Sstevel@tonic-gate
2050Sstevel@tonic-gate /* EXPORT DELETE START */
2060Sstevel@tonic-gate
2070Sstevel@tonic-gate ARCFour_key *keystream;
2080Sstevel@tonic-gate
2090Sstevel@tonic-gate if ((mechanism)->cm_type != RC4_MECH_INFO_TYPE)
2100Sstevel@tonic-gate return (CRYPTO_MECHANISM_INVALID);
2110Sstevel@tonic-gate
2120Sstevel@tonic-gate if (key->ck_format != CRYPTO_KEY_RAW)
2130Sstevel@tonic-gate return (CRYPTO_KEY_TYPE_INCONSISTENT);
2140Sstevel@tonic-gate
2150Sstevel@tonic-gate if (key->ck_length < ARCFOUR_MIN_KEY_BITS ||
2160Sstevel@tonic-gate key->ck_length > ARCFOUR_MAX_KEY_BITS) {
2170Sstevel@tonic-gate return (CRYPTO_KEY_SIZE_RANGE);
2180Sstevel@tonic-gate }
2190Sstevel@tonic-gate
2200Sstevel@tonic-gate /*
2210Sstevel@tonic-gate * Allocate an RC4 key stream.
2220Sstevel@tonic-gate */
2230Sstevel@tonic-gate if ((keystream = kmem_alloc(sizeof (ARCFour_key),
2240Sstevel@tonic-gate crypto_kmflag(req))) == NULL)
2250Sstevel@tonic-gate return (CRYPTO_HOST_MEMORY);
2260Sstevel@tonic-gate
22711413Sopensolaris@drydog.com arcfour_key_init(keystream, key->ck_data,
22811413Sopensolaris@drydog.com CRYPTO_BITS2BYTES(key->ck_length));
2290Sstevel@tonic-gate
2300Sstevel@tonic-gate ctx->cc_provider_private = keystream;
2310Sstevel@tonic-gate
2320Sstevel@tonic-gate /* EXPORT DELETE END */
2330Sstevel@tonic-gate
2340Sstevel@tonic-gate return (CRYPTO_SUCCESS);
2350Sstevel@tonic-gate }
2360Sstevel@tonic-gate
2370Sstevel@tonic-gate static int
rc4_crypt(crypto_ctx_t * ctx,crypto_data_t * input,crypto_data_t * output,crypto_req_handle_t req)2380Sstevel@tonic-gate rc4_crypt(crypto_ctx_t *ctx, crypto_data_t *input, crypto_data_t *output,
2390Sstevel@tonic-gate crypto_req_handle_t req)
2400Sstevel@tonic-gate {
2410Sstevel@tonic-gate int ret;
2420Sstevel@tonic-gate
2430Sstevel@tonic-gate ret = rc4_crypt_update(ctx, input, output, req);
2440Sstevel@tonic-gate
2450Sstevel@tonic-gate if (ret != CRYPTO_BUFFER_TOO_SMALL)
2460Sstevel@tonic-gate (void) rc4_free_context(ctx);
2470Sstevel@tonic-gate
2480Sstevel@tonic-gate return (ret);
2490Sstevel@tonic-gate }
2500Sstevel@tonic-gate
2510Sstevel@tonic-gate /* ARGSUSED */
2520Sstevel@tonic-gate static int
rc4_crypt_update(crypto_ctx_t * ctx,crypto_data_t * input,crypto_data_t * output,crypto_req_handle_t req)2530Sstevel@tonic-gate rc4_crypt_update(crypto_ctx_t *ctx, crypto_data_t *input, crypto_data_t *output,
2540Sstevel@tonic-gate crypto_req_handle_t req)
2550Sstevel@tonic-gate {
2560Sstevel@tonic-gate int ret = CRYPTO_SUCCESS;
2570Sstevel@tonic-gate
2580Sstevel@tonic-gate /* EXPORT DELETE START */
2590Sstevel@tonic-gate
2600Sstevel@tonic-gate ARCFour_key *key;
2610Sstevel@tonic-gate off_t saveoffset;
2620Sstevel@tonic-gate
2630Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL);
2640Sstevel@tonic-gate
2653708Skrishna if ((ctx->cc_flags & CRYPTO_USE_OPSTATE) && ctx->cc_opstate != NULL)
2663708Skrishna key = ctx->cc_opstate;
2673708Skrishna else
2683708Skrishna key = ctx->cc_provider_private;
2690Sstevel@tonic-gate
2700Sstevel@tonic-gate /* Simple case: in-line encipherment */
2710Sstevel@tonic-gate
2720Sstevel@tonic-gate if (output == NULL) {
2730Sstevel@tonic-gate switch (input->cd_format) {
2740Sstevel@tonic-gate case CRYPTO_DATA_RAW: {
2750Sstevel@tonic-gate char *start, *end;
2760Sstevel@tonic-gate start = input->cd_raw.iov_base + input->cd_offset;
2770Sstevel@tonic-gate
2780Sstevel@tonic-gate end = input->cd_raw.iov_base + input->cd_raw.iov_len;
2790Sstevel@tonic-gate
2800Sstevel@tonic-gate if (start + input->cd_length > end)
2810Sstevel@tonic-gate return (CRYPTO_DATA_INVALID);
2820Sstevel@tonic-gate
2830Sstevel@tonic-gate arcfour_crypt(key, (uchar_t *)start, (uchar_t *)start,
2840Sstevel@tonic-gate input->cd_length);
2850Sstevel@tonic-gate break;
2860Sstevel@tonic-gate }
2870Sstevel@tonic-gate case CRYPTO_DATA_MBLK: {
2880Sstevel@tonic-gate uchar_t *start, *end;
2890Sstevel@tonic-gate size_t len, left;
2900Sstevel@tonic-gate mblk_t *mp = input->cd_mp, *mp1, *mp2;
2910Sstevel@tonic-gate
2920Sstevel@tonic-gate ASSERT(mp != NULL);
2930Sstevel@tonic-gate
2940Sstevel@tonic-gate mp1 = advance_position(mp, input->cd_offset, &start);
2950Sstevel@tonic-gate
2960Sstevel@tonic-gate if (mp1 == NULL)
2970Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
2980Sstevel@tonic-gate
2990Sstevel@tonic-gate mp2 = advance_position(mp, input->cd_offset +
3000Sstevel@tonic-gate input->cd_length, &end);
3010Sstevel@tonic-gate
3020Sstevel@tonic-gate if (mp2 == NULL)
3030Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
3040Sstevel@tonic-gate
3050Sstevel@tonic-gate left = input->cd_length;
3060Sstevel@tonic-gate while (mp1 != NULL) {
3079110Sopensolaris@drydog.com if (_PTRDIFF(mp1->b_wptr, start) > left) {
3080Sstevel@tonic-gate len = left;
3090Sstevel@tonic-gate arcfour_crypt(key, start, start, len);
3100Sstevel@tonic-gate mp1 = NULL;
3110Sstevel@tonic-gate } else {
3129110Sopensolaris@drydog.com len = _PTRDIFF(mp1->b_wptr, start);
3130Sstevel@tonic-gate arcfour_crypt(key, start, start, len);
3140Sstevel@tonic-gate mp1 = mp1->b_cont;
3150Sstevel@tonic-gate start = mp1->b_rptr;
3160Sstevel@tonic-gate left -= len;
3170Sstevel@tonic-gate }
3180Sstevel@tonic-gate }
3190Sstevel@tonic-gate break;
3200Sstevel@tonic-gate }
3210Sstevel@tonic-gate case CRYPTO_DATA_UIO: {
3220Sstevel@tonic-gate uio_t *uiop = input->cd_uio;
3230Sstevel@tonic-gate off_t offset = input->cd_offset;
3240Sstevel@tonic-gate size_t length = input->cd_length;
3250Sstevel@tonic-gate uint_t vec_idx;
3260Sstevel@tonic-gate size_t cur_len;
3270Sstevel@tonic-gate
3280Sstevel@tonic-gate /*
3290Sstevel@tonic-gate * Jump to the first iovec containing data to be
3300Sstevel@tonic-gate * processed.
3310Sstevel@tonic-gate */
3320Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
3330Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len;
3345072Smcpowers offset -= uiop->uio_iov[vec_idx++].iov_len)
3355072Smcpowers ;
3360Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) {
3370Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
3380Sstevel@tonic-gate }
3390Sstevel@tonic-gate
3400Sstevel@tonic-gate /*
3410Sstevel@tonic-gate * Now process the iovecs.
3420Sstevel@tonic-gate */
3430Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && length > 0) {
3440Sstevel@tonic-gate uchar_t *start;
3450Sstevel@tonic-gate iovec_t *iovp = &(uiop->uio_iov[vec_idx]);
3460Sstevel@tonic-gate
3470Sstevel@tonic-gate cur_len = MIN(iovp->iov_len - offset, length);
3480Sstevel@tonic-gate
3490Sstevel@tonic-gate start = (uchar_t *)(iovp->iov_base + offset);
3500Sstevel@tonic-gate arcfour_crypt(key, start + offset,
3510Sstevel@tonic-gate start + offset, cur_len);
3520Sstevel@tonic-gate
3530Sstevel@tonic-gate length -= cur_len;
3540Sstevel@tonic-gate vec_idx++;
3550Sstevel@tonic-gate offset = 0;
3560Sstevel@tonic-gate }
3570Sstevel@tonic-gate
3580Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && length > 0) {
3590Sstevel@tonic-gate
3600Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
3610Sstevel@tonic-gate }
3620Sstevel@tonic-gate break;
3630Sstevel@tonic-gate }
3640Sstevel@tonic-gate }
3650Sstevel@tonic-gate return (CRYPTO_SUCCESS);
3660Sstevel@tonic-gate }
3670Sstevel@tonic-gate
3680Sstevel@tonic-gate /*
3690Sstevel@tonic-gate * We need to just return the length needed to store the output.
3700Sstevel@tonic-gate * We should not destroy the context for the following case.
3710Sstevel@tonic-gate */
3720Sstevel@tonic-gate
3730Sstevel@tonic-gate if (input->cd_length > output->cd_length) {
3740Sstevel@tonic-gate output->cd_length = input->cd_length;
3750Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL);
3760Sstevel@tonic-gate }
3770Sstevel@tonic-gate
3780Sstevel@tonic-gate saveoffset = output->cd_offset;
3790Sstevel@tonic-gate
3800Sstevel@tonic-gate switch (input->cd_format) {
3810Sstevel@tonic-gate case CRYPTO_DATA_RAW: {
3820Sstevel@tonic-gate char *start, *end;
3830Sstevel@tonic-gate start = input->cd_raw.iov_base + input->cd_offset;
3840Sstevel@tonic-gate
3850Sstevel@tonic-gate end = input->cd_raw.iov_base + input->cd_raw.iov_len;
3860Sstevel@tonic-gate
3870Sstevel@tonic-gate if (start + input->cd_length > end)
3880Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
3890Sstevel@tonic-gate
3900Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, (uchar_t *)start, output,
3910Sstevel@tonic-gate input->cd_length);
3920Sstevel@tonic-gate
3930Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS)
3940Sstevel@tonic-gate return (ret);
3950Sstevel@tonic-gate break;
3960Sstevel@tonic-gate }
3970Sstevel@tonic-gate case CRYPTO_DATA_MBLK: {
3980Sstevel@tonic-gate uchar_t *start, *end;
3990Sstevel@tonic-gate size_t len, left;
4000Sstevel@tonic-gate mblk_t *mp = input->cd_mp, *mp1, *mp2;
4010Sstevel@tonic-gate
4020Sstevel@tonic-gate ASSERT(mp != NULL);
4030Sstevel@tonic-gate
4040Sstevel@tonic-gate mp1 = advance_position(mp, input->cd_offset, &start);
4050Sstevel@tonic-gate
4060Sstevel@tonic-gate if (mp1 == NULL)
4070Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
4080Sstevel@tonic-gate
4090Sstevel@tonic-gate mp2 = advance_position(mp, input->cd_offset + input->cd_length,
4100Sstevel@tonic-gate &end);
4110Sstevel@tonic-gate
4120Sstevel@tonic-gate if (mp2 == NULL)
4130Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
4140Sstevel@tonic-gate
4150Sstevel@tonic-gate left = input->cd_length;
4160Sstevel@tonic-gate while (mp1 != NULL) {
4179110Sopensolaris@drydog.com if (_PTRDIFF(mp1->b_wptr, start) > left) {
4180Sstevel@tonic-gate len = left;
4190Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, start, output,
4200Sstevel@tonic-gate len);
4210Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS)
4220Sstevel@tonic-gate return (ret);
4230Sstevel@tonic-gate mp1 = NULL;
4240Sstevel@tonic-gate } else {
4259110Sopensolaris@drydog.com len = _PTRDIFF(mp1->b_wptr, start);
4260Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, start, output,
4270Sstevel@tonic-gate len);
4280Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS)
4290Sstevel@tonic-gate return (ret);
4300Sstevel@tonic-gate mp1 = mp1->b_cont;
4310Sstevel@tonic-gate start = mp1->b_rptr;
4320Sstevel@tonic-gate left -= len;
4330Sstevel@tonic-gate output->cd_offset += len;
4340Sstevel@tonic-gate }
4350Sstevel@tonic-gate }
4360Sstevel@tonic-gate break;
4370Sstevel@tonic-gate }
4380Sstevel@tonic-gate case CRYPTO_DATA_UIO: {
4390Sstevel@tonic-gate uio_t *uiop = input->cd_uio;
4400Sstevel@tonic-gate off_t offset = input->cd_offset;
4410Sstevel@tonic-gate size_t length = input->cd_length;
4420Sstevel@tonic-gate uint_t vec_idx;
4430Sstevel@tonic-gate size_t cur_len;
4440Sstevel@tonic-gate
4450Sstevel@tonic-gate /*
4460Sstevel@tonic-gate * Jump to the first iovec containing data to be
4470Sstevel@tonic-gate * processed.
4480Sstevel@tonic-gate */
4490Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
4500Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len;
4515072Smcpowers offset -= uiop->uio_iov[vec_idx++].iov_len)
4525072Smcpowers ;
4530Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) {
4540Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
4550Sstevel@tonic-gate }
4560Sstevel@tonic-gate
4570Sstevel@tonic-gate /*
4580Sstevel@tonic-gate * Now process the iovecs.
4590Sstevel@tonic-gate */
4600Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && length > 0) {
4610Sstevel@tonic-gate uchar_t *start;
4620Sstevel@tonic-gate iovec_t *iovp = &(uiop->uio_iov[vec_idx]);
4630Sstevel@tonic-gate cur_len = MIN(iovp->iov_len - offset, length);
4640Sstevel@tonic-gate
4650Sstevel@tonic-gate start = (uchar_t *)(iovp->iov_base + offset);
4660Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, start + offset,
4670Sstevel@tonic-gate output, cur_len);
4680Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS)
4690Sstevel@tonic-gate return (ret);
4700Sstevel@tonic-gate
4710Sstevel@tonic-gate length -= cur_len;
4720Sstevel@tonic-gate vec_idx++;
4730Sstevel@tonic-gate offset = 0;
4740Sstevel@tonic-gate output->cd_offset += cur_len;
4750Sstevel@tonic-gate }
4760Sstevel@tonic-gate
4770Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && length > 0) {
4780Sstevel@tonic-gate
4790Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
4800Sstevel@tonic-gate }
4810Sstevel@tonic-gate }
4820Sstevel@tonic-gate }
4830Sstevel@tonic-gate
4840Sstevel@tonic-gate output->cd_offset = saveoffset;
4850Sstevel@tonic-gate output->cd_length = input->cd_length;
4860Sstevel@tonic-gate
4870Sstevel@tonic-gate /* EXPORT DELETE END */
4880Sstevel@tonic-gate
4890Sstevel@tonic-gate return (ret);
4900Sstevel@tonic-gate }
4910Sstevel@tonic-gate
4920Sstevel@tonic-gate /* ARGSUSED */
rc4_crypt_final(crypto_ctx_t * ctx,crypto_data_t * data,crypto_req_handle_t req)4930Sstevel@tonic-gate static int rc4_crypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
4940Sstevel@tonic-gate crypto_req_handle_t req)
4950Sstevel@tonic-gate {
4960Sstevel@tonic-gate /* No final part for streams ciphers. Just free the context */
4970Sstevel@tonic-gate if (data != NULL)
4980Sstevel@tonic-gate data->cd_length = 0;
4990Sstevel@tonic-gate
5000Sstevel@tonic-gate return (rc4_free_context(ctx));
5010Sstevel@tonic-gate }
5020Sstevel@tonic-gate
5030Sstevel@tonic-gate /* ARGSUSED */
5040Sstevel@tonic-gate static int
rc4_crypt_atomic(crypto_provider_handle_t handle,crypto_session_id_t session,crypto_mechanism_t * mechanism,crypto_key_t * key,crypto_data_t * input,crypto_data_t * output,crypto_spi_ctx_template_t template,crypto_req_handle_t req)5050Sstevel@tonic-gate rc4_crypt_atomic(crypto_provider_handle_t handle, crypto_session_id_t session,
5060Sstevel@tonic-gate crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *input,
5070Sstevel@tonic-gate crypto_data_t *output, crypto_spi_ctx_template_t template,
5080Sstevel@tonic-gate crypto_req_handle_t req)
5090Sstevel@tonic-gate {
5100Sstevel@tonic-gate crypto_ctx_t ctx;
5110Sstevel@tonic-gate int ret;
5120Sstevel@tonic-gate
5133708Skrishna bzero(&ctx, sizeof (crypto_ctx_t));
5140Sstevel@tonic-gate ret = rc4_common_init(&ctx, mechanism, key, template, req);
5150Sstevel@tonic-gate
5160Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS)
5170Sstevel@tonic-gate return (ret);
5180Sstevel@tonic-gate
5190Sstevel@tonic-gate ret = rc4_crypt_update(&ctx, input, output, req);
5200Sstevel@tonic-gate
5210Sstevel@tonic-gate (void) rc4_free_context(&ctx);
5220Sstevel@tonic-gate
5230Sstevel@tonic-gate return (ret);
5240Sstevel@tonic-gate }
5250Sstevel@tonic-gate
5260Sstevel@tonic-gate /* ARGSUSED */
5270Sstevel@tonic-gate static int
rc4_free_context(crypto_ctx_t * ctx)5280Sstevel@tonic-gate rc4_free_context(crypto_ctx_t *ctx)
5290Sstevel@tonic-gate {
5300Sstevel@tonic-gate
5310Sstevel@tonic-gate /* EXPORT DELETE START */
5320Sstevel@tonic-gate
5330Sstevel@tonic-gate ARCFour_key *keystream = ctx->cc_provider_private;
5340Sstevel@tonic-gate
5350Sstevel@tonic-gate if (keystream != NULL) {
5360Sstevel@tonic-gate bzero(keystream, sizeof (ARCFour_key));
5370Sstevel@tonic-gate kmem_free(keystream, sizeof (ARCFour_key));
5380Sstevel@tonic-gate ctx->cc_provider_private = NULL;
5390Sstevel@tonic-gate }
5400Sstevel@tonic-gate
5410Sstevel@tonic-gate /* EXPORT DELETE END */
5420Sstevel@tonic-gate
5430Sstevel@tonic-gate return (CRYPTO_SUCCESS);
5440Sstevel@tonic-gate }
5450Sstevel@tonic-gate
5460Sstevel@tonic-gate /* Encrypts a contiguous input 'in' into the 'out' crypto_data_t */
5470Sstevel@tonic-gate
5480Sstevel@tonic-gate static int
crypto_arcfour_crypt(ARCFour_key * key,uchar_t * in,crypto_data_t * out,int length)5490Sstevel@tonic-gate crypto_arcfour_crypt(ARCFour_key *key, uchar_t *in, crypto_data_t *out,
5500Sstevel@tonic-gate int length)
5510Sstevel@tonic-gate {
5520Sstevel@tonic-gate switch (out->cd_format) {
5530Sstevel@tonic-gate case CRYPTO_DATA_RAW: {
5540Sstevel@tonic-gate uchar_t *start, *end;
5550Sstevel@tonic-gate start = (uchar_t *)(out->cd_raw.iov_base +
5560Sstevel@tonic-gate out->cd_offset);
5570Sstevel@tonic-gate
5580Sstevel@tonic-gate end = (uchar_t *)(out->cd_raw.iov_base +
5590Sstevel@tonic-gate out->cd_raw.iov_len);
5600Sstevel@tonic-gate
5610Sstevel@tonic-gate if (start + out->cd_length > end)
5620Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
5630Sstevel@tonic-gate
5640Sstevel@tonic-gate arcfour_crypt(key, in, start, length);
5650Sstevel@tonic-gate
5660Sstevel@tonic-gate return (CRYPTO_SUCCESS);
5670Sstevel@tonic-gate }
5680Sstevel@tonic-gate case CRYPTO_DATA_MBLK: {
5690Sstevel@tonic-gate uchar_t *start, *end;
5700Sstevel@tonic-gate size_t len, left;
5710Sstevel@tonic-gate mblk_t *mp = out->cd_mp, *mp1, *mp2;
5720Sstevel@tonic-gate
5730Sstevel@tonic-gate ASSERT(mp != NULL);
5740Sstevel@tonic-gate
5750Sstevel@tonic-gate mp1 = advance_position(mp, out->cd_offset, &start);
5760Sstevel@tonic-gate
5770Sstevel@tonic-gate if (mp1 == NULL)
5780Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
5790Sstevel@tonic-gate
5800Sstevel@tonic-gate mp2 = advance_position(mp, out->cd_offset +
5810Sstevel@tonic-gate out->cd_length, &end);
5820Sstevel@tonic-gate
5830Sstevel@tonic-gate if (mp2 == NULL)
5840Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
5850Sstevel@tonic-gate
5860Sstevel@tonic-gate left = length;
5870Sstevel@tonic-gate while (mp1 != NULL) {
5889110Sopensolaris@drydog.com if (_PTRDIFF(mp1->b_wptr, start) > left) {
5890Sstevel@tonic-gate len = left;
5900Sstevel@tonic-gate arcfour_crypt(key, in, start, len);
5910Sstevel@tonic-gate mp1 = NULL;
5920Sstevel@tonic-gate } else {
5939110Sopensolaris@drydog.com len = _PTRDIFF(mp1->b_wptr, start);
5940Sstevel@tonic-gate arcfour_crypt(key, in, start, len);
5950Sstevel@tonic-gate mp1 = mp1->b_cont;
5960Sstevel@tonic-gate start = mp1->b_rptr;
5970Sstevel@tonic-gate left -= len;
5980Sstevel@tonic-gate }
5990Sstevel@tonic-gate }
6000Sstevel@tonic-gate break;
6010Sstevel@tonic-gate }
6020Sstevel@tonic-gate case CRYPTO_DATA_UIO: {
6030Sstevel@tonic-gate uio_t *uiop = out->cd_uio;
6040Sstevel@tonic-gate off_t offset = out->cd_offset;
6050Sstevel@tonic-gate size_t len = length;
6060Sstevel@tonic-gate uint_t vec_idx;
6070Sstevel@tonic-gate size_t cur_len;
6080Sstevel@tonic-gate
6090Sstevel@tonic-gate /*
6100Sstevel@tonic-gate * Jump to the first iovec containing data to be
6110Sstevel@tonic-gate * processed.
6120Sstevel@tonic-gate */
6130Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt &&
6140Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len;
6155072Smcpowers offset -= uiop->uio_iov[vec_idx++].iov_len)
6165072Smcpowers ;
6170Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) {
6180Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
6190Sstevel@tonic-gate }
6200Sstevel@tonic-gate
6210Sstevel@tonic-gate /*
6220Sstevel@tonic-gate * Now process the iovecs.
6230Sstevel@tonic-gate */
6240Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && len > 0) {
6250Sstevel@tonic-gate uchar_t *start;
6260Sstevel@tonic-gate iovec_t *iovp = &(uiop->uio_iov[vec_idx]);
6270Sstevel@tonic-gate cur_len = MIN(iovp->iov_len - offset, len);
6280Sstevel@tonic-gate
6290Sstevel@tonic-gate start = (uchar_t *)(iovp->iov_base + offset);
6300Sstevel@tonic-gate arcfour_crypt(key, start + offset,
6310Sstevel@tonic-gate start + offset, cur_len);
6320Sstevel@tonic-gate
6330Sstevel@tonic-gate len -= cur_len;
6340Sstevel@tonic-gate vec_idx++;
6350Sstevel@tonic-gate offset = 0;
6360Sstevel@tonic-gate }
6370Sstevel@tonic-gate
6380Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && len > 0) {
6390Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE);
6400Sstevel@tonic-gate }
6410Sstevel@tonic-gate break;
6420Sstevel@tonic-gate }
6430Sstevel@tonic-gate default:
6440Sstevel@tonic-gate return (CRYPTO_DATA_INVALID);
6450Sstevel@tonic-gate }
6460Sstevel@tonic-gate return (CRYPTO_SUCCESS);
6470Sstevel@tonic-gate }
6480Sstevel@tonic-gate
6490Sstevel@tonic-gate /*
6500Sstevel@tonic-gate * Advances 'offset' bytes from the beginning of the first block in 'mp',
6510Sstevel@tonic-gate * possibly jumping across b_cont boundary
6520Sstevel@tonic-gate * '*cpp' is set to the position of the byte we want, and the block where
6530Sstevel@tonic-gate * 'cpp' is returned.
6540Sstevel@tonic-gate */
6550Sstevel@tonic-gate static mblk_t *
advance_position(mblk_t * mp,off_t offset,uchar_t ** cpp)6560Sstevel@tonic-gate advance_position(mblk_t *mp, off_t offset, uchar_t **cpp)
6570Sstevel@tonic-gate {
6580Sstevel@tonic-gate mblk_t *mp1 = mp;
6590Sstevel@tonic-gate size_t l;
6600Sstevel@tonic-gate off_t o = offset;
6610Sstevel@tonic-gate
6620Sstevel@tonic-gate while (mp1 != NULL) {
6630Sstevel@tonic-gate l = MBLKL(mp1);
6640Sstevel@tonic-gate
6650Sstevel@tonic-gate if (l <= o) {
6660Sstevel@tonic-gate o -= l;
6670Sstevel@tonic-gate mp1 = mp1->b_cont;
6680Sstevel@tonic-gate } else {
6690Sstevel@tonic-gate *cpp = (uchar_t *)(mp1->b_rptr + o);
6700Sstevel@tonic-gate break;
6710Sstevel@tonic-gate }
6720Sstevel@tonic-gate }
6730Sstevel@tonic-gate return (mp1);
6740Sstevel@tonic-gate }
675