10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 52530Spwernau * Common Development and Distribution License (the "License"). 62530Spwernau * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*7188Smcpowers * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 270Sstevel@tonic-gate 280Sstevel@tonic-gate /* 290Sstevel@tonic-gate * AES provider for the Kernel Cryptographic Framework (KCF) 300Sstevel@tonic-gate */ 310Sstevel@tonic-gate 320Sstevel@tonic-gate #include <sys/types.h> 330Sstevel@tonic-gate #include <sys/systm.h> 340Sstevel@tonic-gate #include <sys/modctl.h> 350Sstevel@tonic-gate #include <sys/cmn_err.h> 360Sstevel@tonic-gate #include <sys/ddi.h> 370Sstevel@tonic-gate #include <sys/crypto/common.h> 38*7188Smcpowers #include <sys/crypto/impl.h> 390Sstevel@tonic-gate #include <sys/crypto/spi.h> 400Sstevel@tonic-gate #include <sys/sysmacros.h> 410Sstevel@tonic-gate #include <sys/strsun.h> 42*7188Smcpowers #include <modes/modes.h> 43*7188Smcpowers #include <aes/aes_impl.h> 440Sstevel@tonic-gate 450Sstevel@tonic-gate extern struct mod_ops mod_cryptoops; 460Sstevel@tonic-gate 470Sstevel@tonic-gate /* 480Sstevel@tonic-gate * Module linkage information for the kernel. 490Sstevel@tonic-gate */ 500Sstevel@tonic-gate static struct modlcrypto modlcrypto = { 510Sstevel@tonic-gate &mod_cryptoops, 525072Smcpowers "AES Kernel SW Provider" 530Sstevel@tonic-gate }; 540Sstevel@tonic-gate 550Sstevel@tonic-gate static struct modlinkage modlinkage = { 560Sstevel@tonic-gate MODREV_1, 570Sstevel@tonic-gate (void *)&modlcrypto, 580Sstevel@tonic-gate NULL 590Sstevel@tonic-gate }; 600Sstevel@tonic-gate 610Sstevel@tonic-gate /* 620Sstevel@tonic-gate * CSPI information (entry points, provider info, etc.) 630Sstevel@tonic-gate */ 640Sstevel@tonic-gate typedef enum aes_mech_type { 650Sstevel@tonic-gate AES_ECB_MECH_INFO_TYPE, /* SUN_CKM_AES_ECB */ 660Sstevel@tonic-gate AES_CBC_MECH_INFO_TYPE, /* SUN_CKM_AES_CBC */ 67904Smcpowers AES_CBC_PAD_MECH_INFO_TYPE, /* SUN_CKM_AES_CBC_PAD */ 684486Sktung AES_CTR_MECH_INFO_TYPE, /* SUN_CKM_AES_CTR */ 694486Sktung AES_CCM_MECH_INFO_TYPE /* SUN_CKM_AES_CCM */ 700Sstevel@tonic-gate } aes_mech_type_t; 710Sstevel@tonic-gate 720Sstevel@tonic-gate /* 730Sstevel@tonic-gate * The following definitions are to keep EXPORT_SRC happy. 740Sstevel@tonic-gate */ 752530Spwernau #ifndef AES_MIN_KEY_BYTES 762530Spwernau #define AES_MIN_KEY_BYTES 0 770Sstevel@tonic-gate #endif 780Sstevel@tonic-gate 792530Spwernau #ifndef AES_MAX_KEY_BYTES 802530Spwernau #define AES_MAX_KEY_BYTES 0 810Sstevel@tonic-gate #endif 820Sstevel@tonic-gate 830Sstevel@tonic-gate /* 840Sstevel@tonic-gate * Mechanism info structure passed to KCF during registration. 850Sstevel@tonic-gate */ 860Sstevel@tonic-gate static crypto_mech_info_t aes_mech_info_tab[] = { 870Sstevel@tonic-gate /* AES_ECB */ 880Sstevel@tonic-gate {SUN_CKM_AES_ECB, AES_ECB_MECH_INFO_TYPE, 890Sstevel@tonic-gate CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 900Sstevel@tonic-gate CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 912530Spwernau AES_MIN_KEY_BYTES, AES_MAX_KEY_BYTES, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 920Sstevel@tonic-gate /* AES_CBC */ 930Sstevel@tonic-gate {SUN_CKM_AES_CBC, AES_CBC_MECH_INFO_TYPE, 940Sstevel@tonic-gate CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 950Sstevel@tonic-gate CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 962530Spwernau AES_MIN_KEY_BYTES, AES_MAX_KEY_BYTES, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 97904Smcpowers /* AES_CTR */ 98904Smcpowers {SUN_CKM_AES_CTR, AES_CTR_MECH_INFO_TYPE, 99904Smcpowers CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 100904Smcpowers CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 1014486Sktung AES_MIN_KEY_BYTES, AES_MAX_KEY_BYTES, CRYPTO_KEYSIZE_UNIT_IN_BYTES}, 1024486Sktung /* AES_CCM */ 1034486Sktung {SUN_CKM_AES_CCM, AES_CCM_MECH_INFO_TYPE, 1044486Sktung CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 1054486Sktung CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 1062530Spwernau AES_MIN_KEY_BYTES, AES_MAX_KEY_BYTES, CRYPTO_KEYSIZE_UNIT_IN_BYTES} 1070Sstevel@tonic-gate }; 1080Sstevel@tonic-gate 1090Sstevel@tonic-gate /* operations are in-place if the output buffer is NULL */ 1100Sstevel@tonic-gate #define AES_ARG_INPLACE(input, output) \ 1110Sstevel@tonic-gate if ((output) == NULL) \ 1120Sstevel@tonic-gate (output) = (input); 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate static void aes_provider_status(crypto_provider_handle_t, uint_t *); 1150Sstevel@tonic-gate 1160Sstevel@tonic-gate static crypto_control_ops_t aes_control_ops = { 1170Sstevel@tonic-gate aes_provider_status 1180Sstevel@tonic-gate }; 1190Sstevel@tonic-gate 1204486Sktung static int aes_encrypt_init(crypto_ctx_t *, crypto_mechanism_t *, 1214486Sktung crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1224486Sktung static int aes_decrypt_init(crypto_ctx_t *, crypto_mechanism_t *, 1230Sstevel@tonic-gate crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1244486Sktung static int aes_common_init(crypto_ctx_t *, crypto_mechanism_t *, 1254486Sktung crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t, boolean_t); 1260Sstevel@tonic-gate static int aes_common_init_ctx(aes_ctx_t *, crypto_spi_ctx_template_t *, 1274486Sktung crypto_mechanism_t *, crypto_key_t *, int, boolean_t); 1280Sstevel@tonic-gate static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *, 1290Sstevel@tonic-gate crypto_req_handle_t); 1300Sstevel@tonic-gate static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *, 1310Sstevel@tonic-gate crypto_req_handle_t); 1320Sstevel@tonic-gate 1330Sstevel@tonic-gate static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 1340Sstevel@tonic-gate crypto_req_handle_t); 1350Sstevel@tonic-gate static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *, 1360Sstevel@tonic-gate crypto_data_t *, crypto_req_handle_t); 1370Sstevel@tonic-gate static int aes_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, 1380Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 1390Sstevel@tonic-gate crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1400Sstevel@tonic-gate 1410Sstevel@tonic-gate static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 1420Sstevel@tonic-gate crypto_req_handle_t); 1430Sstevel@tonic-gate static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *, 1440Sstevel@tonic-gate crypto_data_t *, crypto_req_handle_t); 1450Sstevel@tonic-gate static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, 1460Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 1470Sstevel@tonic-gate crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 1480Sstevel@tonic-gate 1490Sstevel@tonic-gate static crypto_cipher_ops_t aes_cipher_ops = { 1504486Sktung aes_encrypt_init, 1510Sstevel@tonic-gate aes_encrypt, 1520Sstevel@tonic-gate aes_encrypt_update, 1530Sstevel@tonic-gate aes_encrypt_final, 1540Sstevel@tonic-gate aes_encrypt_atomic, 1554486Sktung aes_decrypt_init, 1560Sstevel@tonic-gate aes_decrypt, 1570Sstevel@tonic-gate aes_decrypt_update, 1580Sstevel@tonic-gate aes_decrypt_final, 1590Sstevel@tonic-gate aes_decrypt_atomic 1600Sstevel@tonic-gate }; 1610Sstevel@tonic-gate 1620Sstevel@tonic-gate static int aes_create_ctx_template(crypto_provider_handle_t, 1630Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, 1640Sstevel@tonic-gate size_t *, crypto_req_handle_t); 1650Sstevel@tonic-gate static int aes_free_context(crypto_ctx_t *); 1660Sstevel@tonic-gate 1670Sstevel@tonic-gate static crypto_ctx_ops_t aes_ctx_ops = { 1680Sstevel@tonic-gate aes_create_ctx_template, 1690Sstevel@tonic-gate aes_free_context 1700Sstevel@tonic-gate }; 1710Sstevel@tonic-gate 1720Sstevel@tonic-gate static crypto_ops_t aes_crypto_ops = { 1730Sstevel@tonic-gate &aes_control_ops, 1740Sstevel@tonic-gate NULL, 1750Sstevel@tonic-gate &aes_cipher_ops, 1760Sstevel@tonic-gate NULL, 1770Sstevel@tonic-gate NULL, 1780Sstevel@tonic-gate NULL, 1790Sstevel@tonic-gate NULL, 1800Sstevel@tonic-gate NULL, 1810Sstevel@tonic-gate NULL, 1820Sstevel@tonic-gate NULL, 1830Sstevel@tonic-gate NULL, 1840Sstevel@tonic-gate NULL, 1850Sstevel@tonic-gate NULL, 1860Sstevel@tonic-gate &aes_ctx_ops 1870Sstevel@tonic-gate }; 1880Sstevel@tonic-gate 1890Sstevel@tonic-gate static crypto_provider_info_t aes_prov_info = { 1900Sstevel@tonic-gate CRYPTO_SPI_VERSION_1, 1910Sstevel@tonic-gate "AES Software Provider", 1920Sstevel@tonic-gate CRYPTO_SW_PROVIDER, 1930Sstevel@tonic-gate {&modlinkage}, 1940Sstevel@tonic-gate NULL, 1950Sstevel@tonic-gate &aes_crypto_ops, 1960Sstevel@tonic-gate sizeof (aes_mech_info_tab)/sizeof (crypto_mech_info_t), 1970Sstevel@tonic-gate aes_mech_info_tab 1980Sstevel@tonic-gate }; 1990Sstevel@tonic-gate 2000Sstevel@tonic-gate static crypto_kcf_provider_handle_t aes_prov_handle = NULL; 2010Sstevel@tonic-gate 2020Sstevel@tonic-gate int 2030Sstevel@tonic-gate _init(void) 2040Sstevel@tonic-gate { 2050Sstevel@tonic-gate int ret; 2060Sstevel@tonic-gate 2070Sstevel@tonic-gate /* 2080Sstevel@tonic-gate * Register with KCF. If the registration fails, return error. 2090Sstevel@tonic-gate */ 2100Sstevel@tonic-gate if ((ret = crypto_register_provider(&aes_prov_info, 2110Sstevel@tonic-gate &aes_prov_handle)) != CRYPTO_SUCCESS) { 2120Sstevel@tonic-gate cmn_err(CE_WARN, "%s _init: crypto_register_provider()" 2130Sstevel@tonic-gate "failed (0x%x)", CRYPTO_PROVIDER_NAME, ret); 2140Sstevel@tonic-gate return (EACCES); 2150Sstevel@tonic-gate } 2160Sstevel@tonic-gate 2170Sstevel@tonic-gate if ((ret = mod_install(&modlinkage)) != 0) { 2180Sstevel@tonic-gate int rv; 2190Sstevel@tonic-gate 2200Sstevel@tonic-gate ASSERT(aes_prov_handle != NULL); 2210Sstevel@tonic-gate /* We should not return if the unregister returns busy. */ 2220Sstevel@tonic-gate while ((rv = crypto_unregister_provider(aes_prov_handle)) 2230Sstevel@tonic-gate == CRYPTO_BUSY) { 2240Sstevel@tonic-gate cmn_err(CE_WARN, 2250Sstevel@tonic-gate "%s _init: crypto_unregister_provider() " 2260Sstevel@tonic-gate "failed (0x%x). Retrying.", 2270Sstevel@tonic-gate CRYPTO_PROVIDER_NAME, rv); 2280Sstevel@tonic-gate /* wait 10 seconds and try again. */ 2290Sstevel@tonic-gate delay(10 * drv_usectohz(1000000)); 2300Sstevel@tonic-gate } 2310Sstevel@tonic-gate } 2320Sstevel@tonic-gate 2330Sstevel@tonic-gate return (ret); 2340Sstevel@tonic-gate } 2350Sstevel@tonic-gate 2360Sstevel@tonic-gate int 2370Sstevel@tonic-gate _fini(void) 2380Sstevel@tonic-gate { 2390Sstevel@tonic-gate int ret; 2400Sstevel@tonic-gate 2410Sstevel@tonic-gate /* 2420Sstevel@tonic-gate * Unregister from KCF if previous registration succeeded. 2430Sstevel@tonic-gate */ 2440Sstevel@tonic-gate if (aes_prov_handle != NULL) { 2450Sstevel@tonic-gate if ((ret = crypto_unregister_provider(aes_prov_handle)) != 2460Sstevel@tonic-gate CRYPTO_SUCCESS) { 2470Sstevel@tonic-gate cmn_err(CE_WARN, 2480Sstevel@tonic-gate "%s _fini: crypto_unregister_provider() " 2490Sstevel@tonic-gate "failed (0x%x)", CRYPTO_PROVIDER_NAME, ret); 2500Sstevel@tonic-gate return (EBUSY); 2510Sstevel@tonic-gate } 2520Sstevel@tonic-gate aes_prov_handle = NULL; 2530Sstevel@tonic-gate } 2540Sstevel@tonic-gate 2550Sstevel@tonic-gate return (mod_remove(&modlinkage)); 2560Sstevel@tonic-gate } 2570Sstevel@tonic-gate 2580Sstevel@tonic-gate int 2590Sstevel@tonic-gate _info(struct modinfo *modinfop) 2600Sstevel@tonic-gate { 2610Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop)); 2620Sstevel@tonic-gate } 2630Sstevel@tonic-gate 2640Sstevel@tonic-gate 265991Smcpowers static int 266*7188Smcpowers aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag) 267991Smcpowers { 268*7188Smcpowers void *p = NULL; 269991Smcpowers int rv = CRYPTO_SUCCESS; 270991Smcpowers 271991Smcpowers switch (mechanism->cm_type) { 272991Smcpowers case AES_ECB_MECH_INFO_TYPE: 273991Smcpowers /* no parameter */ 274*7188Smcpowers if (ctx != NULL) 275*7188Smcpowers p = ecb_alloc_ctx(kmflag); 276991Smcpowers break; 277991Smcpowers case AES_CBC_MECH_INFO_TYPE: 2781010Smcpowers if (mechanism->cm_param != NULL && 279*7188Smcpowers mechanism->cm_param_len != AES_BLOCK_LEN) { 280991Smcpowers rv = CRYPTO_MECHANISM_PARAM_INVALID; 281*7188Smcpowers break; 282*7188Smcpowers } 283*7188Smcpowers if (ctx != NULL) 284*7188Smcpowers p = cbc_alloc_ctx(kmflag); 285991Smcpowers break; 286991Smcpowers case AES_CTR_MECH_INFO_TYPE: 2871010Smcpowers if (mechanism->cm_param != NULL && 288*7188Smcpowers mechanism->cm_param_len != sizeof (CK_AES_CTR_PARAMS)) { 289991Smcpowers rv = CRYPTO_MECHANISM_PARAM_INVALID; 290*7188Smcpowers break; 291*7188Smcpowers } 292*7188Smcpowers if (ctx != NULL) 293*7188Smcpowers p = ctr_alloc_ctx(kmflag); 294991Smcpowers break; 2954486Sktung case AES_CCM_MECH_INFO_TYPE: 2964486Sktung if (mechanism->cm_param != NULL && 297*7188Smcpowers mechanism->cm_param_len != sizeof (CK_AES_CCM_PARAMS)) { 2984486Sktung rv = CRYPTO_MECHANISM_PARAM_INVALID; 299*7188Smcpowers break; 300*7188Smcpowers } 301*7188Smcpowers if (ctx != NULL) 302*7188Smcpowers p = ccm_alloc_ctx(kmflag); 3034486Sktung break; 304991Smcpowers default: 305991Smcpowers rv = CRYPTO_MECHANISM_INVALID; 306991Smcpowers } 307*7188Smcpowers if (ctx != NULL) 308*7188Smcpowers *ctx = p; 309*7188Smcpowers 310991Smcpowers return (rv); 311991Smcpowers } 312991Smcpowers 3131010Smcpowers /* EXPORT DELETE START */ 3141010Smcpowers 3150Sstevel@tonic-gate /* 3160Sstevel@tonic-gate * Initialize key schedules for AES 3170Sstevel@tonic-gate */ 3180Sstevel@tonic-gate static int 3190Sstevel@tonic-gate init_keysched(crypto_key_t *key, void *newbie) 3200Sstevel@tonic-gate { 3210Sstevel@tonic-gate /* 3220Sstevel@tonic-gate * Only keys by value are supported by this module. 3230Sstevel@tonic-gate */ 3240Sstevel@tonic-gate switch (key->ck_format) { 3250Sstevel@tonic-gate case CRYPTO_KEY_RAW: 3260Sstevel@tonic-gate if (key->ck_length < AES_MINBITS || 3270Sstevel@tonic-gate key->ck_length > AES_MAXBITS) { 3280Sstevel@tonic-gate return (CRYPTO_KEY_SIZE_RANGE); 3290Sstevel@tonic-gate } 3300Sstevel@tonic-gate 3310Sstevel@tonic-gate /* key length must be either 128, 192, or 256 */ 3320Sstevel@tonic-gate if ((key->ck_length & 63) != 0) 3330Sstevel@tonic-gate return (CRYPTO_KEY_SIZE_RANGE); 3340Sstevel@tonic-gate break; 3350Sstevel@tonic-gate default: 3360Sstevel@tonic-gate return (CRYPTO_KEY_TYPE_INCONSISTENT); 3370Sstevel@tonic-gate } 3380Sstevel@tonic-gate 3390Sstevel@tonic-gate aes_init_keysched(key->ck_data, key->ck_length, newbie); 3400Sstevel@tonic-gate return (CRYPTO_SUCCESS); 3410Sstevel@tonic-gate } 3420Sstevel@tonic-gate 3430Sstevel@tonic-gate /* EXPORT DELETE END */ 3440Sstevel@tonic-gate 3450Sstevel@tonic-gate /* 3460Sstevel@tonic-gate * KCF software provider control entry points. 3470Sstevel@tonic-gate */ 3480Sstevel@tonic-gate /* ARGSUSED */ 3490Sstevel@tonic-gate static void 3500Sstevel@tonic-gate aes_provider_status(crypto_provider_handle_t provider, uint_t *status) 3510Sstevel@tonic-gate { 3520Sstevel@tonic-gate *status = CRYPTO_PROVIDER_READY; 3530Sstevel@tonic-gate } 3540Sstevel@tonic-gate 3554486Sktung static int 3564486Sktung aes_encrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 3574486Sktung crypto_key_t *key, crypto_spi_ctx_template_t template, 3584486Sktung crypto_req_handle_t req) { 3594486Sktung return (aes_common_init(ctx, mechanism, key, template, req, B_TRUE)); 3604486Sktung } 3614486Sktung 3624486Sktung static int 3634486Sktung aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 3644486Sktung crypto_key_t *key, crypto_spi_ctx_template_t template, 3654486Sktung crypto_req_handle_t req) { 3664486Sktung return (aes_common_init(ctx, mechanism, key, template, req, B_FALSE)); 3674486Sktung } 3684486Sktung 3694486Sktung 3704486Sktung 3710Sstevel@tonic-gate /* 3720Sstevel@tonic-gate * KCF software provider encrypt entry points. 3730Sstevel@tonic-gate */ 3740Sstevel@tonic-gate static int 3750Sstevel@tonic-gate aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 3760Sstevel@tonic-gate crypto_key_t *key, crypto_spi_ctx_template_t template, 3774486Sktung crypto_req_handle_t req, boolean_t is_encrypt_init) 3780Sstevel@tonic-gate { 3790Sstevel@tonic-gate 3800Sstevel@tonic-gate /* EXPORT DELETE START */ 3810Sstevel@tonic-gate 3820Sstevel@tonic-gate aes_ctx_t *aes_ctx; 3830Sstevel@tonic-gate int rv; 3840Sstevel@tonic-gate int kmflag; 3850Sstevel@tonic-gate 3860Sstevel@tonic-gate /* 3870Sstevel@tonic-gate * Only keys by value are supported by this module. 3880Sstevel@tonic-gate */ 3890Sstevel@tonic-gate if (key->ck_format != CRYPTO_KEY_RAW) { 3900Sstevel@tonic-gate return (CRYPTO_KEY_TYPE_INCONSISTENT); 3910Sstevel@tonic-gate } 3920Sstevel@tonic-gate 393*7188Smcpowers kmflag = crypto_kmflag(req); 394*7188Smcpowers if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag)) 395*7188Smcpowers != CRYPTO_SUCCESS) 396991Smcpowers return (rv); 3970Sstevel@tonic-gate 3984486Sktung rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, kmflag, 3994486Sktung is_encrypt_init); 4000Sstevel@tonic-gate if (rv != CRYPTO_SUCCESS) { 401*7188Smcpowers crypto_free_mode_ctx(aes_ctx); 4020Sstevel@tonic-gate return (rv); 4030Sstevel@tonic-gate } 4040Sstevel@tonic-gate 4050Sstevel@tonic-gate ctx->cc_provider_private = aes_ctx; 4060Sstevel@tonic-gate 4070Sstevel@tonic-gate /* EXPORT DELETE END */ 4080Sstevel@tonic-gate 4090Sstevel@tonic-gate return (CRYPTO_SUCCESS); 4100Sstevel@tonic-gate } 4110Sstevel@tonic-gate 412*7188Smcpowers static void 413*7188Smcpowers aes_copy_block64(uint8_t *in, uint64_t *out) 4140Sstevel@tonic-gate { 415*7188Smcpowers if (IS_P2ALIGNED(in, sizeof (uint64_t))) { 416*7188Smcpowers /* LINTED: pointer alignment */ 417*7188Smcpowers out[0] = *(uint64_t *)&in[0]; 418*7188Smcpowers /* LINTED: pointer alignment */ 419*7188Smcpowers out[1] = *(uint64_t *)&in[8]; 420*7188Smcpowers } else { 421*7188Smcpowers uint8_t *iv8 = (uint8_t *)&out[0]; 4220Sstevel@tonic-gate 423*7188Smcpowers AES_COPY_BLOCK(in, iv8); 4240Sstevel@tonic-gate } 4250Sstevel@tonic-gate } 4260Sstevel@tonic-gate 4270Sstevel@tonic-gate /* ARGSUSED */ 4280Sstevel@tonic-gate static int 4290Sstevel@tonic-gate aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext, 4300Sstevel@tonic-gate crypto_data_t *ciphertext, crypto_req_handle_t req) 4310Sstevel@tonic-gate { 4320Sstevel@tonic-gate int ret = CRYPTO_FAILED; 4330Sstevel@tonic-gate 4340Sstevel@tonic-gate /* EXPORT DELETE START */ 4350Sstevel@tonic-gate 4360Sstevel@tonic-gate aes_ctx_t *aes_ctx; 4374486Sktung size_t saved_length, saved_offset, length_needed; 4380Sstevel@tonic-gate 4390Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 4400Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 4410Sstevel@tonic-gate 442904Smcpowers /* 443904Smcpowers * For block ciphers, plaintext must be a multiple of AES block size. 444904Smcpowers * This test is only valid for ciphers whose blocksize is a power of 2. 4454486Sktung * Even though AES CCM mode is a block cipher, it does not 4464486Sktung * require the plaintext to be a multiple of AES block size. 4474486Sktung * The length requirement for AES CCM mode has already been checked 4484486Sktung * at init time 449904Smcpowers */ 450*7188Smcpowers if (((aes_ctx->ac_flags & CTR_MODE) == 0) && 451*7188Smcpowers ((aes_ctx->ac_flags & CCM_MODE) == 0) && 452904Smcpowers (plaintext->cd_length & (AES_BLOCK_LEN - 1)) != 0) 453904Smcpowers return (CRYPTO_DATA_LEN_RANGE); 454904Smcpowers 4550Sstevel@tonic-gate AES_ARG_INPLACE(plaintext, ciphertext); 4560Sstevel@tonic-gate 4570Sstevel@tonic-gate /* 4580Sstevel@tonic-gate * We need to just return the length needed to store the output. 4590Sstevel@tonic-gate * We should not destroy the context for the following case. 4600Sstevel@tonic-gate */ 461*7188Smcpowers if (aes_ctx->ac_flags & CCM_MODE) { 462*7188Smcpowers length_needed = plaintext->cd_length + aes_ctx->ac_mac_len; 4634486Sktung } else { 4644486Sktung length_needed = plaintext->cd_length; 4654486Sktung } 4664486Sktung 4674486Sktung if (ciphertext->cd_length < length_needed) { 4684486Sktung ciphertext->cd_length = length_needed; 4690Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 4700Sstevel@tonic-gate } 4710Sstevel@tonic-gate 4724486Sktung saved_length = ciphertext->cd_length; 4734486Sktung saved_offset = ciphertext->cd_offset; 4744486Sktung 4750Sstevel@tonic-gate /* 4760Sstevel@tonic-gate * Do an update on the specified input data. 4770Sstevel@tonic-gate */ 4780Sstevel@tonic-gate ret = aes_encrypt_update(ctx, plaintext, ciphertext, req); 4794486Sktung if (ret != CRYPTO_SUCCESS) { 4804486Sktung return (ret); 4814486Sktung } 4824486Sktung 4834486Sktung /* 4844486Sktung * For CCM mode, aes_ccm_encrypt_final() will take care of any 4854486Sktung * left-over unprocessed data, and compute the MAC 4864486Sktung */ 487*7188Smcpowers if (aes_ctx->ac_flags & CCM_MODE) { 4884486Sktung /* 4894486Sktung * aes_ccm_encrypt_final() will compute the MAC and append 4904486Sktung * it to existing ciphertext. So, need to adjust the left over 4914486Sktung * length value accordingly 4924486Sktung */ 4934486Sktung 4944486Sktung /* order of following 2 lines MUST not be reversed */ 4954486Sktung ciphertext->cd_offset = ciphertext->cd_length; 4964486Sktung ciphertext->cd_length = saved_length - ciphertext->cd_length; 497*7188Smcpowers ret = ccm_encrypt_final((ccm_ctx_t *)aes_ctx, ciphertext, 498*7188Smcpowers AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block); 4994486Sktung if (ret != CRYPTO_SUCCESS) { 5004486Sktung return (ret); 5014486Sktung } 5024486Sktung 5034486Sktung if (plaintext != ciphertext) { 5044486Sktung ciphertext->cd_length = 5054486Sktung ciphertext->cd_offset - saved_offset; 5064486Sktung } 5074486Sktung ciphertext->cd_offset = saved_offset; 5084486Sktung } 5094486Sktung 5100Sstevel@tonic-gate ASSERT(aes_ctx->ac_remainder_len == 0); 5110Sstevel@tonic-gate (void) aes_free_context(ctx); 5120Sstevel@tonic-gate 5130Sstevel@tonic-gate /* EXPORT DELETE END */ 5140Sstevel@tonic-gate 5150Sstevel@tonic-gate /* LINTED */ 5160Sstevel@tonic-gate return (ret); 5170Sstevel@tonic-gate } 5180Sstevel@tonic-gate 5190Sstevel@tonic-gate /* ARGSUSED */ 5200Sstevel@tonic-gate static int 5210Sstevel@tonic-gate aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext, 5220Sstevel@tonic-gate crypto_data_t *plaintext, crypto_req_handle_t req) 5230Sstevel@tonic-gate { 5240Sstevel@tonic-gate int ret = CRYPTO_FAILED; 5250Sstevel@tonic-gate 5260Sstevel@tonic-gate /* EXPORT DELETE START */ 5270Sstevel@tonic-gate 5280Sstevel@tonic-gate aes_ctx_t *aes_ctx; 5294486Sktung off_t saved_offset; 5304486Sktung size_t saved_length; 5310Sstevel@tonic-gate 5320Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 5330Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 5340Sstevel@tonic-gate 535904Smcpowers /* 5364486Sktung * For block ciphers, plaintext must be a multiple of AES block size. 537904Smcpowers * This test is only valid for ciphers whose blocksize is a power of 2. 5384486Sktung * Even though AES CCM mode is a block cipher, it does not 5394486Sktung * require the plaintext to be a multiple of AES block size. 5404486Sktung * The length requirement for AES CCM mode has already been checked 5414486Sktung * at init time 542904Smcpowers */ 543*7188Smcpowers if (((aes_ctx->ac_flags & CTR_MODE) == 0) && 544*7188Smcpowers ((aes_ctx->ac_flags & CCM_MODE) == 0) && 5454558Sktung (ciphertext->cd_length & (AES_BLOCK_LEN - 1)) != 0) { 5464558Sktung return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE); 5474558Sktung } 548904Smcpowers 5490Sstevel@tonic-gate AES_ARG_INPLACE(ciphertext, plaintext); 5500Sstevel@tonic-gate 5510Sstevel@tonic-gate /* 5520Sstevel@tonic-gate * We need to just return the length needed to store the output. 5530Sstevel@tonic-gate * We should not destroy the context for the following case. 5544486Sktung * 5554486Sktung * For AES CCM mode, size of the plaintext will be MAC_SIZE 5564486Sktung * smaller than size of the cipher text. 5570Sstevel@tonic-gate */ 558*7188Smcpowers if (aes_ctx->ac_flags & CCM_MODE) { 559*7188Smcpowers if (plaintext->cd_length < aes_ctx->ac_data_len) { 560*7188Smcpowers plaintext->cd_length = aes_ctx->ac_data_len; 5614486Sktung return (CRYPTO_BUFFER_TOO_SMALL); 5624486Sktung } 5634486Sktung saved_offset = plaintext->cd_offset; 5644486Sktung saved_length = plaintext->cd_length; 5654486Sktung } else if (plaintext->cd_length < ciphertext->cd_length) { 5660Sstevel@tonic-gate plaintext->cd_length = ciphertext->cd_length; 5670Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 5680Sstevel@tonic-gate } 5690Sstevel@tonic-gate 5700Sstevel@tonic-gate /* 5710Sstevel@tonic-gate * Do an update on the specified input data. 5720Sstevel@tonic-gate */ 5730Sstevel@tonic-gate ret = aes_decrypt_update(ctx, ciphertext, plaintext, req); 5744486Sktung if (ret != CRYPTO_SUCCESS) { 5754486Sktung goto cleanup; 5764486Sktung } 5774486Sktung 578*7188Smcpowers if (aes_ctx->ac_flags & CCM_MODE) { 579*7188Smcpowers ASSERT(aes_ctx->ac_processed_data_len == aes_ctx->ac_data_len); 580*7188Smcpowers ASSERT(aes_ctx->ac_processed_mac_len == aes_ctx->ac_mac_len); 5814486Sktung 5824486Sktung /* order of following 2 lines MUST not be reversed */ 5834486Sktung plaintext->cd_offset = plaintext->cd_length; 5844486Sktung plaintext->cd_length = saved_length - plaintext->cd_length; 5854486Sktung 586*7188Smcpowers ret = ccm_decrypt_final((ccm_ctx_t *)aes_ctx, plaintext, 587*7188Smcpowers AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, 588*7188Smcpowers aes_xor_block); 5894486Sktung if (ret == CRYPTO_SUCCESS) { 5904486Sktung if (plaintext != ciphertext) { 5914486Sktung plaintext->cd_length = 5924486Sktung plaintext->cd_offset - saved_offset; 5934486Sktung } 5944486Sktung } else { 5954486Sktung plaintext->cd_length = saved_length; 5964486Sktung } 5974486Sktung 5984486Sktung plaintext->cd_offset = saved_offset; 5994486Sktung } 6004486Sktung 6010Sstevel@tonic-gate ASSERT(aes_ctx->ac_remainder_len == 0); 6024486Sktung 6034486Sktung cleanup: 6040Sstevel@tonic-gate (void) aes_free_context(ctx); 6050Sstevel@tonic-gate 6060Sstevel@tonic-gate /* EXPORT DELETE END */ 6070Sstevel@tonic-gate 6080Sstevel@tonic-gate /* LINTED */ 6090Sstevel@tonic-gate return (ret); 6100Sstevel@tonic-gate } 6110Sstevel@tonic-gate 6120Sstevel@tonic-gate /* ARGSUSED */ 6130Sstevel@tonic-gate static int 6140Sstevel@tonic-gate aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext, 6150Sstevel@tonic-gate crypto_data_t *ciphertext, crypto_req_handle_t req) 6160Sstevel@tonic-gate { 6170Sstevel@tonic-gate off_t saved_offset; 6180Sstevel@tonic-gate size_t saved_length, out_len; 6190Sstevel@tonic-gate int ret = CRYPTO_SUCCESS; 620904Smcpowers aes_ctx_t *aes_ctx; 6210Sstevel@tonic-gate 6220Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 623*7188Smcpowers aes_ctx = ctx->cc_provider_private; 6240Sstevel@tonic-gate 6250Sstevel@tonic-gate AES_ARG_INPLACE(plaintext, ciphertext); 6260Sstevel@tonic-gate 6270Sstevel@tonic-gate /* compute number of bytes that will hold the ciphertext */ 628*7188Smcpowers out_len = aes_ctx->ac_remainder_len; 6290Sstevel@tonic-gate out_len += plaintext->cd_length; 6300Sstevel@tonic-gate out_len &= ~(AES_BLOCK_LEN - 1); 6310Sstevel@tonic-gate 6320Sstevel@tonic-gate /* return length needed to store the output */ 6330Sstevel@tonic-gate if (ciphertext->cd_length < out_len) { 6340Sstevel@tonic-gate ciphertext->cd_length = out_len; 6350Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 6360Sstevel@tonic-gate } 6370Sstevel@tonic-gate 6380Sstevel@tonic-gate saved_offset = ciphertext->cd_offset; 6390Sstevel@tonic-gate saved_length = ciphertext->cd_length; 6400Sstevel@tonic-gate 6414486Sktung 6420Sstevel@tonic-gate /* 6430Sstevel@tonic-gate * Do the AES update on the specified input data. 6440Sstevel@tonic-gate */ 6450Sstevel@tonic-gate switch (plaintext->cd_format) { 6460Sstevel@tonic-gate case CRYPTO_DATA_RAW: 647*7188Smcpowers ret = crypto_update_iov(ctx->cc_provider_private, 648*7188Smcpowers plaintext, ciphertext, aes_encrypt_contiguous_blocks, 649*7188Smcpowers aes_copy_block64); 6500Sstevel@tonic-gate break; 6510Sstevel@tonic-gate case CRYPTO_DATA_UIO: 652*7188Smcpowers ret = crypto_update_uio(ctx->cc_provider_private, 653*7188Smcpowers plaintext, ciphertext, aes_encrypt_contiguous_blocks, 654*7188Smcpowers aes_copy_block64); 6550Sstevel@tonic-gate break; 6560Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 657*7188Smcpowers ret = crypto_update_mp(ctx->cc_provider_private, 658*7188Smcpowers plaintext, ciphertext, aes_encrypt_contiguous_blocks, 659*7188Smcpowers aes_copy_block64); 6600Sstevel@tonic-gate break; 6610Sstevel@tonic-gate default: 6620Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 6630Sstevel@tonic-gate } 6640Sstevel@tonic-gate 665904Smcpowers /* 666904Smcpowers * Since AES counter mode is a stream cipher, we call 667*7188Smcpowers * ctr_mode_final() to pick up any remaining bytes. 668904Smcpowers * It is an internal function that does not destroy 669904Smcpowers * the context like *normal* final routines. 670904Smcpowers */ 671*7188Smcpowers if ((aes_ctx->ac_flags & CTR_MODE) && (aes_ctx->ac_remainder_len > 0)) { 672*7188Smcpowers ret = ctr_mode_final((ctr_ctx_t *)aes_ctx, 673*7188Smcpowers ciphertext, aes_encrypt_block); 674904Smcpowers } 675904Smcpowers 6760Sstevel@tonic-gate if (ret == CRYPTO_SUCCESS) { 6770Sstevel@tonic-gate if (plaintext != ciphertext) 6780Sstevel@tonic-gate ciphertext->cd_length = 6790Sstevel@tonic-gate ciphertext->cd_offset - saved_offset; 6800Sstevel@tonic-gate } else { 6810Sstevel@tonic-gate ciphertext->cd_length = saved_length; 6820Sstevel@tonic-gate } 6830Sstevel@tonic-gate ciphertext->cd_offset = saved_offset; 6840Sstevel@tonic-gate 6850Sstevel@tonic-gate return (ret); 6860Sstevel@tonic-gate } 6870Sstevel@tonic-gate 6880Sstevel@tonic-gate /* ARGSUSED */ 6890Sstevel@tonic-gate static int 6900Sstevel@tonic-gate aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext, 6910Sstevel@tonic-gate crypto_data_t *plaintext, crypto_req_handle_t req) 6920Sstevel@tonic-gate { 6930Sstevel@tonic-gate off_t saved_offset; 6940Sstevel@tonic-gate size_t saved_length, out_len; 6950Sstevel@tonic-gate int ret = CRYPTO_SUCCESS; 696904Smcpowers aes_ctx_t *aes_ctx; 6970Sstevel@tonic-gate 6980Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 699*7188Smcpowers aes_ctx = ctx->cc_provider_private; 7000Sstevel@tonic-gate 7010Sstevel@tonic-gate AES_ARG_INPLACE(ciphertext, plaintext); 7020Sstevel@tonic-gate 7030Sstevel@tonic-gate /* compute number of bytes that will hold the plaintext */ 704*7188Smcpowers out_len = aes_ctx->ac_remainder_len; 7050Sstevel@tonic-gate out_len += ciphertext->cd_length; 7060Sstevel@tonic-gate out_len &= ~(AES_BLOCK_LEN - 1); 7070Sstevel@tonic-gate 7080Sstevel@tonic-gate /* return length needed to store the output */ 7090Sstevel@tonic-gate if (plaintext->cd_length < out_len) { 7100Sstevel@tonic-gate plaintext->cd_length = out_len; 7110Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 7120Sstevel@tonic-gate } 7130Sstevel@tonic-gate 7140Sstevel@tonic-gate saved_offset = plaintext->cd_offset; 7150Sstevel@tonic-gate saved_length = plaintext->cd_length; 7160Sstevel@tonic-gate 7170Sstevel@tonic-gate /* 7180Sstevel@tonic-gate * Do the AES update on the specified input data. 7190Sstevel@tonic-gate */ 7200Sstevel@tonic-gate switch (ciphertext->cd_format) { 7210Sstevel@tonic-gate case CRYPTO_DATA_RAW: 722*7188Smcpowers ret = crypto_update_iov(ctx->cc_provider_private, 723*7188Smcpowers ciphertext, plaintext, aes_decrypt_contiguous_blocks, 724*7188Smcpowers aes_copy_block64); 7250Sstevel@tonic-gate break; 7260Sstevel@tonic-gate case CRYPTO_DATA_UIO: 727*7188Smcpowers ret = crypto_update_uio(ctx->cc_provider_private, 728*7188Smcpowers ciphertext, plaintext, aes_decrypt_contiguous_blocks, 729*7188Smcpowers aes_copy_block64); 7300Sstevel@tonic-gate break; 7310Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 732*7188Smcpowers ret = crypto_update_mp(ctx->cc_provider_private, 733*7188Smcpowers ciphertext, plaintext, aes_decrypt_contiguous_blocks, 734*7188Smcpowers aes_copy_block64); 7350Sstevel@tonic-gate break; 7360Sstevel@tonic-gate default: 7370Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 7380Sstevel@tonic-gate } 7390Sstevel@tonic-gate 740904Smcpowers /* 741904Smcpowers * Since AES counter mode is a stream cipher, we call 742*7188Smcpowers * ctr_mode_final() to pick up any remaining bytes. 743904Smcpowers * It is an internal function that does not destroy 744904Smcpowers * the context like *normal* final routines. 745904Smcpowers */ 746*7188Smcpowers if ((aes_ctx->ac_flags & CTR_MODE) && (aes_ctx->ac_remainder_len > 0)) { 747*7188Smcpowers ret = ctr_mode_final((ctr_ctx_t *)aes_ctx, plaintext, 748*7188Smcpowers aes_encrypt_block); 749*7188Smcpowers if (ret == CRYPTO_DATA_LEN_RANGE) 750*7188Smcpowers ret = CRYPTO_ENCRYPTED_DATA_LEN_RANGE; 751904Smcpowers } 752904Smcpowers 7530Sstevel@tonic-gate if (ret == CRYPTO_SUCCESS) { 7540Sstevel@tonic-gate if (ciphertext != plaintext) 7550Sstevel@tonic-gate plaintext->cd_length = 7560Sstevel@tonic-gate plaintext->cd_offset - saved_offset; 7570Sstevel@tonic-gate } else { 7580Sstevel@tonic-gate plaintext->cd_length = saved_length; 7590Sstevel@tonic-gate } 7600Sstevel@tonic-gate plaintext->cd_offset = saved_offset; 7610Sstevel@tonic-gate 762904Smcpowers 7630Sstevel@tonic-gate return (ret); 7640Sstevel@tonic-gate } 7650Sstevel@tonic-gate 7660Sstevel@tonic-gate /* ARGSUSED */ 7670Sstevel@tonic-gate static int 7680Sstevel@tonic-gate aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data, 7690Sstevel@tonic-gate crypto_req_handle_t req) 7700Sstevel@tonic-gate { 7710Sstevel@tonic-gate 7720Sstevel@tonic-gate /* EXPORT DELETE START */ 7730Sstevel@tonic-gate 7740Sstevel@tonic-gate aes_ctx_t *aes_ctx; 775904Smcpowers int ret; 7760Sstevel@tonic-gate 7770Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 7780Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 7790Sstevel@tonic-gate 780904Smcpowers if (data->cd_format != CRYPTO_DATA_RAW && 781904Smcpowers data->cd_format != CRYPTO_DATA_UIO && 782904Smcpowers data->cd_format != CRYPTO_DATA_MBLK) { 783904Smcpowers return (CRYPTO_ARGUMENTS_BAD); 784904Smcpowers } 785904Smcpowers 786*7188Smcpowers if (aes_ctx->ac_flags & CTR_MODE) { 7874486Sktung if (aes_ctx->ac_remainder_len > 0) { 788*7188Smcpowers ret = ctr_mode_final((ctr_ctx_t *)aes_ctx, data, 789*7188Smcpowers aes_encrypt_block); 790904Smcpowers if (ret != CRYPTO_SUCCESS) 791904Smcpowers return (ret); 792904Smcpowers } 793*7188Smcpowers } else if (aes_ctx->ac_flags & CCM_MODE) { 794*7188Smcpowers ret = ccm_encrypt_final((ccm_ctx_t *)aes_ctx, data, 795*7188Smcpowers AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block); 7964486Sktung if (ret != CRYPTO_SUCCESS) { 7974486Sktung return (ret); 7984486Sktung } 7994486Sktung } else { 8004486Sktung /* 8014486Sktung * There must be no unprocessed plaintext. 8024486Sktung * This happens if the length of the last data is 8034486Sktung * not a multiple of the AES block length. 8044486Sktung */ 8054486Sktung if (aes_ctx->ac_remainder_len > 0) { 8064486Sktung return (CRYPTO_DATA_LEN_RANGE); 8074486Sktung } 8084558Sktung data->cd_length = 0; 809904Smcpowers } 810904Smcpowers 8110Sstevel@tonic-gate (void) aes_free_context(ctx); 8120Sstevel@tonic-gate 8130Sstevel@tonic-gate /* EXPORT DELETE END */ 8140Sstevel@tonic-gate 8150Sstevel@tonic-gate return (CRYPTO_SUCCESS); 8160Sstevel@tonic-gate } 8170Sstevel@tonic-gate 8180Sstevel@tonic-gate /* ARGSUSED */ 8190Sstevel@tonic-gate static int 8200Sstevel@tonic-gate aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data, 8210Sstevel@tonic-gate crypto_req_handle_t req) 8220Sstevel@tonic-gate { 8230Sstevel@tonic-gate 8240Sstevel@tonic-gate /* EXPORT DELETE START */ 8250Sstevel@tonic-gate 8260Sstevel@tonic-gate aes_ctx_t *aes_ctx; 827904Smcpowers int ret; 8284486Sktung off_t saved_offset; 8294486Sktung size_t saved_length; 8300Sstevel@tonic-gate 8310Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 8320Sstevel@tonic-gate aes_ctx = ctx->cc_provider_private; 8330Sstevel@tonic-gate 834904Smcpowers if (data->cd_format != CRYPTO_DATA_RAW && 835904Smcpowers data->cd_format != CRYPTO_DATA_UIO && 836904Smcpowers data->cd_format != CRYPTO_DATA_MBLK) { 837904Smcpowers return (CRYPTO_ARGUMENTS_BAD); 838904Smcpowers } 839904Smcpowers 8400Sstevel@tonic-gate /* 8410Sstevel@tonic-gate * There must be no unprocessed ciphertext. 8420Sstevel@tonic-gate * This happens if the length of the last ciphertext is 8430Sstevel@tonic-gate * not a multiple of the AES block length. 8440Sstevel@tonic-gate */ 845904Smcpowers if (aes_ctx->ac_remainder_len > 0) { 846*7188Smcpowers if ((aes_ctx->ac_flags & CTR_MODE) == 0) 847904Smcpowers return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE); 848904Smcpowers else { 849*7188Smcpowers ret = ctr_mode_final((ctr_ctx_t *)aes_ctx, data, 850*7188Smcpowers aes_encrypt_block); 851*7188Smcpowers if (ret == CRYPTO_DATA_LEN_RANGE) 852*7188Smcpowers ret = CRYPTO_ENCRYPTED_DATA_LEN_RANGE; 853904Smcpowers if (ret != CRYPTO_SUCCESS) 854904Smcpowers return (ret); 855904Smcpowers } 856904Smcpowers } 857904Smcpowers 858*7188Smcpowers if (aes_ctx->ac_flags & CCM_MODE) { 8594486Sktung /* 8604486Sktung * This is where all the plaintext is returned, make sure 8614486Sktung * the plaintext buffer is big enough 8624486Sktung */ 863*7188Smcpowers size_t pt_len = aes_ctx->ac_data_len; 8644486Sktung if (data->cd_length < pt_len) { 8654486Sktung data->cd_length = pt_len; 8664486Sktung return (CRYPTO_BUFFER_TOO_SMALL); 8674486Sktung } 8684486Sktung 869*7188Smcpowers ASSERT(aes_ctx->ac_processed_data_len == pt_len); 870*7188Smcpowers ASSERT(aes_ctx->ac_processed_mac_len == aes_ctx->ac_mac_len); 8714486Sktung saved_offset = data->cd_offset; 8724486Sktung saved_length = data->cd_length; 873*7188Smcpowers ret = ccm_decrypt_final((ccm_ctx_t *)aes_ctx, data, 874*7188Smcpowers AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, 875*7188Smcpowers aes_xor_block); 8764486Sktung if (ret == CRYPTO_SUCCESS) { 8774486Sktung data->cd_length = data->cd_offset - saved_offset; 8784486Sktung } else { 8794486Sktung data->cd_length = saved_length; 8804486Sktung } 8814486Sktung 8824486Sktung data->cd_offset = saved_offset; 8834486Sktung if (ret != CRYPTO_SUCCESS) { 8844486Sktung return (ret); 8854486Sktung } 8864486Sktung } 8874486Sktung 8884486Sktung 889*7188Smcpowers if (((aes_ctx->ac_flags & CTR_MODE) == 0) && 890*7188Smcpowers ((aes_ctx->ac_flags & CCM_MODE) == 0)) { 891904Smcpowers data->cd_length = 0; 8924558Sktung } 8930Sstevel@tonic-gate 8940Sstevel@tonic-gate (void) aes_free_context(ctx); 8950Sstevel@tonic-gate 8960Sstevel@tonic-gate /* EXPORT DELETE END */ 8970Sstevel@tonic-gate 8980Sstevel@tonic-gate return (CRYPTO_SUCCESS); 8990Sstevel@tonic-gate } 9000Sstevel@tonic-gate 9010Sstevel@tonic-gate /* ARGSUSED */ 9020Sstevel@tonic-gate static int 9030Sstevel@tonic-gate aes_encrypt_atomic(crypto_provider_handle_t provider, 9040Sstevel@tonic-gate crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 9050Sstevel@tonic-gate crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext, 9060Sstevel@tonic-gate crypto_spi_ctx_template_t template, crypto_req_handle_t req) 9070Sstevel@tonic-gate { 9080Sstevel@tonic-gate aes_ctx_t aes_ctx; /* on the stack */ 9090Sstevel@tonic-gate off_t saved_offset; 9100Sstevel@tonic-gate size_t saved_length; 9110Sstevel@tonic-gate int ret; 9120Sstevel@tonic-gate 9130Sstevel@tonic-gate AES_ARG_INPLACE(plaintext, ciphertext); 9140Sstevel@tonic-gate 9154486Sktung if ((mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) && 9164486Sktung (mechanism->cm_type != AES_CCM_MECH_INFO_TYPE)) { 917904Smcpowers /* 918904Smcpowers * Plaintext must be a multiple of AES block size. 919904Smcpowers * This test only works for non-padded mechanisms 920904Smcpowers * when blocksize is 2^N. 921904Smcpowers */ 922904Smcpowers if ((plaintext->cd_length & (AES_BLOCK_LEN - 1)) != 0) 923904Smcpowers return (CRYPTO_DATA_LEN_RANGE); 924904Smcpowers } 9250Sstevel@tonic-gate 9260Sstevel@tonic-gate /* return length needed to store the output */ 9270Sstevel@tonic-gate if (ciphertext->cd_length < plaintext->cd_length) { 9280Sstevel@tonic-gate ciphertext->cd_length = plaintext->cd_length; 9290Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 9300Sstevel@tonic-gate } 9310Sstevel@tonic-gate 932*7188Smcpowers if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS) 933991Smcpowers return (ret); 9340Sstevel@tonic-gate 9350Sstevel@tonic-gate bzero(&aes_ctx, sizeof (aes_ctx_t)); 9360Sstevel@tonic-gate 9370Sstevel@tonic-gate ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key, 9384486Sktung crypto_kmflag(req), B_TRUE); 9390Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 9400Sstevel@tonic-gate return (ret); 9410Sstevel@tonic-gate 9424486Sktung if (mechanism->cm_type == AES_CCM_MECH_INFO_TYPE) { 9434486Sktung size_t length_needed 944*7188Smcpowers = plaintext->cd_length + aes_ctx.ac_mac_len; 9454486Sktung if (ciphertext->cd_length < length_needed) { 9464486Sktung ciphertext->cd_length = length_needed; 9474486Sktung return (CRYPTO_BUFFER_TOO_SMALL); 9484486Sktung } 9494486Sktung } 9504486Sktung 9514486Sktung 9520Sstevel@tonic-gate saved_offset = ciphertext->cd_offset; 9530Sstevel@tonic-gate saved_length = ciphertext->cd_length; 9540Sstevel@tonic-gate 9550Sstevel@tonic-gate /* 9560Sstevel@tonic-gate * Do an update on the specified input data. 9570Sstevel@tonic-gate */ 9580Sstevel@tonic-gate switch (plaintext->cd_format) { 9590Sstevel@tonic-gate case CRYPTO_DATA_RAW: 960*7188Smcpowers ret = crypto_update_iov(&aes_ctx, plaintext, ciphertext, 961*7188Smcpowers aes_encrypt_contiguous_blocks, aes_copy_block64); 9620Sstevel@tonic-gate break; 9630Sstevel@tonic-gate case CRYPTO_DATA_UIO: 964*7188Smcpowers ret = crypto_update_uio(&aes_ctx, plaintext, ciphertext, 965*7188Smcpowers aes_encrypt_contiguous_blocks, aes_copy_block64); 9660Sstevel@tonic-gate break; 9670Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 968*7188Smcpowers ret = crypto_update_mp(&aes_ctx, plaintext, ciphertext, 969*7188Smcpowers aes_encrypt_contiguous_blocks, aes_copy_block64); 9700Sstevel@tonic-gate break; 9710Sstevel@tonic-gate default: 9720Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 9730Sstevel@tonic-gate } 9740Sstevel@tonic-gate 975904Smcpowers if (ret == CRYPTO_SUCCESS) { 9764486Sktung if (mechanism->cm_type == AES_CCM_MECH_INFO_TYPE) { 977*7188Smcpowers ret = ccm_encrypt_final((ccm_ctx_t *)&aes_ctx, 978*7188Smcpowers ciphertext, AES_BLOCK_LEN, aes_encrypt_block, 979*7188Smcpowers aes_xor_block); 9804486Sktung if (ret != CRYPTO_SUCCESS) 9814486Sktung goto out; 982904Smcpowers ASSERT(aes_ctx.ac_remainder_len == 0); 9834486Sktung } else if (mechanism->cm_type == AES_CTR_MECH_INFO_TYPE) { 984904Smcpowers if (aes_ctx.ac_remainder_len > 0) { 985*7188Smcpowers ret = ctr_mode_final((ctr_ctx_t *)&aes_ctx, 986*7188Smcpowers ciphertext, aes_encrypt_block); 987904Smcpowers if (ret != CRYPTO_SUCCESS) 988904Smcpowers goto out; 989904Smcpowers } 9904486Sktung } else { 9914486Sktung ASSERT(aes_ctx.ac_remainder_len == 0); 9924486Sktung } 9934486Sktung 9944486Sktung if (plaintext != ciphertext) { 9954486Sktung ciphertext->cd_length = 9964486Sktung ciphertext->cd_offset - saved_offset; 997904Smcpowers } 998904Smcpowers } else { 999904Smcpowers ciphertext->cd_length = saved_length; 1000904Smcpowers } 1001904Smcpowers ciphertext->cd_offset = saved_offset; 1002904Smcpowers 1003904Smcpowers out: 1004*7188Smcpowers if (aes_ctx.ac_flags & PROVIDER_OWNS_KEY_SCHEDULE) { 10050Sstevel@tonic-gate bzero(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 10060Sstevel@tonic-gate kmem_free(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 10070Sstevel@tonic-gate } 10080Sstevel@tonic-gate 10090Sstevel@tonic-gate return (ret); 10100Sstevel@tonic-gate } 10110Sstevel@tonic-gate 10120Sstevel@tonic-gate /* ARGSUSED */ 10130Sstevel@tonic-gate static int 10140Sstevel@tonic-gate aes_decrypt_atomic(crypto_provider_handle_t provider, 10150Sstevel@tonic-gate crypto_session_id_t session_id, crypto_mechanism_t *mechanism, 10160Sstevel@tonic-gate crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext, 10170Sstevel@tonic-gate crypto_spi_ctx_template_t template, crypto_req_handle_t req) 10180Sstevel@tonic-gate { 10190Sstevel@tonic-gate aes_ctx_t aes_ctx; /* on the stack */ 10200Sstevel@tonic-gate off_t saved_offset; 10210Sstevel@tonic-gate size_t saved_length; 10220Sstevel@tonic-gate int ret; 10230Sstevel@tonic-gate 10240Sstevel@tonic-gate AES_ARG_INPLACE(ciphertext, plaintext); 10250Sstevel@tonic-gate 10264486Sktung /* 10274486Sktung * For block ciphers, ciphertext must be a multiple of AES block size. 10284486Sktung * This test is only valid for non-padded mechanisms 10294486Sktung * when blocksize is 2^N 10304486Sktung * Even though AES CCM mode is a block cipher, it does not 10314486Sktung * require the plaintext to be a multiple of AES block size. 10324486Sktung * The length requirement for AES CCM mode will be checked 10334486Sktung * at init time 10344486Sktung */ 10354486Sktung if ((mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) && 10364486Sktung (mechanism->cm_type != AES_CCM_MECH_INFO_TYPE) && 10374486Sktung ((ciphertext->cd_length & (AES_BLOCK_LEN - 1)) != 0)) 10384486Sktung return (CRYPTO_DATA_LEN_RANGE); 10390Sstevel@tonic-gate 10404486Sktung /* 10414486Sktung * return length needed to store the output, length requirement 10424486Sktung * for AES CCM mode can not be determined until later 10434486Sktung */ 10444486Sktung if ((plaintext->cd_length < ciphertext->cd_length) && 10454486Sktung (mechanism->cm_type != AES_CCM_MECH_INFO_TYPE)) { 10460Sstevel@tonic-gate plaintext->cd_length = ciphertext->cd_length; 10470Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 10480Sstevel@tonic-gate } 10490Sstevel@tonic-gate 10504486Sktung 1051*7188Smcpowers if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS) 1052991Smcpowers return (ret); 10530Sstevel@tonic-gate 10540Sstevel@tonic-gate bzero(&aes_ctx, sizeof (aes_ctx_t)); 10550Sstevel@tonic-gate 10560Sstevel@tonic-gate ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key, 10574486Sktung crypto_kmflag(req), B_FALSE); 10580Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 10590Sstevel@tonic-gate return (ret); 10600Sstevel@tonic-gate 10614486Sktung /* check length requirement for AES CCM mode now */ 10624486Sktung if (mechanism->cm_type == AES_CCM_MECH_INFO_TYPE) { 1063*7188Smcpowers if (plaintext->cd_length < aes_ctx.ac_data_len) { 1064*7188Smcpowers plaintext->cd_length = aes_ctx.ac_data_len; 10654486Sktung ret = CRYPTO_BUFFER_TOO_SMALL; 10664486Sktung goto out; 10674486Sktung } 10684486Sktung } 10694486Sktung 10700Sstevel@tonic-gate saved_offset = plaintext->cd_offset; 10710Sstevel@tonic-gate saved_length = plaintext->cd_length; 10720Sstevel@tonic-gate 10730Sstevel@tonic-gate /* 10740Sstevel@tonic-gate * Do an update on the specified input data. 10750Sstevel@tonic-gate */ 10760Sstevel@tonic-gate switch (ciphertext->cd_format) { 10770Sstevel@tonic-gate case CRYPTO_DATA_RAW: 1078*7188Smcpowers ret = crypto_update_iov(&aes_ctx, ciphertext, plaintext, 1079*7188Smcpowers aes_decrypt_contiguous_blocks, aes_copy_block64); 10800Sstevel@tonic-gate break; 10810Sstevel@tonic-gate case CRYPTO_DATA_UIO: 1082*7188Smcpowers ret = crypto_update_uio(&aes_ctx, ciphertext, plaintext, 1083*7188Smcpowers aes_decrypt_contiguous_blocks, aes_copy_block64); 10840Sstevel@tonic-gate break; 10850Sstevel@tonic-gate case CRYPTO_DATA_MBLK: 1086*7188Smcpowers ret = crypto_update_mp(&aes_ctx, ciphertext, plaintext, 1087*7188Smcpowers aes_decrypt_contiguous_blocks, aes_copy_block64); 10880Sstevel@tonic-gate break; 10890Sstevel@tonic-gate default: 10900Sstevel@tonic-gate ret = CRYPTO_ARGUMENTS_BAD; 10910Sstevel@tonic-gate } 10920Sstevel@tonic-gate 1093904Smcpowers if (ret == CRYPTO_SUCCESS) { 10944486Sktung if (mechanism->cm_type == AES_CCM_MECH_INFO_TYPE) { 1095*7188Smcpowers ASSERT(aes_ctx.ac_processed_data_len 1096*7188Smcpowers == aes_ctx.ac_data_len); 1097*7188Smcpowers ASSERT(aes_ctx.ac_processed_mac_len 1098*7188Smcpowers == aes_ctx.ac_mac_len); 1099*7188Smcpowers ret = ccm_decrypt_final((ccm_ctx_t *)&aes_ctx, 1100*7188Smcpowers plaintext, AES_BLOCK_LEN, aes_encrypt_block, 1101*7188Smcpowers aes_copy_block, aes_xor_block); 11024486Sktung ASSERT(aes_ctx.ac_remainder_len == 0); 11034486Sktung if ((ret == CRYPTO_SUCCESS) && 11044486Sktung (ciphertext != plaintext)) { 11054486Sktung plaintext->cd_length = 11064486Sktung plaintext->cd_offset - saved_offset; 11074486Sktung } else { 11084486Sktung plaintext->cd_length = saved_length; 11094486Sktung } 11104486Sktung } else if (mechanism->cm_type != AES_CTR_MECH_INFO_TYPE) { 1111904Smcpowers ASSERT(aes_ctx.ac_remainder_len == 0); 1112904Smcpowers if (ciphertext != plaintext) 1113904Smcpowers plaintext->cd_length = 1114904Smcpowers plaintext->cd_offset - saved_offset; 1115904Smcpowers } else { 1116904Smcpowers if (aes_ctx.ac_remainder_len > 0) { 1117*7188Smcpowers ret = ctr_mode_final((ctr_ctx_t *)&aes_ctx, 1118*7188Smcpowers plaintext, aes_encrypt_block); 1119*7188Smcpowers if (ret == CRYPTO_DATA_LEN_RANGE) 1120*7188Smcpowers ret = CRYPTO_ENCRYPTED_DATA_LEN_RANGE; 1121904Smcpowers if (ret != CRYPTO_SUCCESS) 1122904Smcpowers goto out; 1123904Smcpowers } 1124904Smcpowers if (ciphertext != plaintext) 1125904Smcpowers plaintext->cd_length = 1126904Smcpowers plaintext->cd_offset - saved_offset; 1127904Smcpowers } 1128904Smcpowers } else { 1129904Smcpowers plaintext->cd_length = saved_length; 1130904Smcpowers } 1131904Smcpowers plaintext->cd_offset = saved_offset; 1132904Smcpowers 1133904Smcpowers out: 1134*7188Smcpowers if (aes_ctx.ac_flags & PROVIDER_OWNS_KEY_SCHEDULE) { 11350Sstevel@tonic-gate bzero(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 11360Sstevel@tonic-gate kmem_free(aes_ctx.ac_keysched, aes_ctx.ac_keysched_len); 11370Sstevel@tonic-gate } 11380Sstevel@tonic-gate 1139*7188Smcpowers if (aes_ctx.ac_flags & CCM_MODE) { 1140*7188Smcpowers if (aes_ctx.ac_pt_buf != NULL) { 1141*7188Smcpowers kmem_free(aes_ctx.ac_pt_buf, aes_ctx.ac_data_len); 1142*7188Smcpowers } 11434486Sktung } 11444486Sktung 11450Sstevel@tonic-gate return (ret); 11460Sstevel@tonic-gate } 11470Sstevel@tonic-gate 11480Sstevel@tonic-gate /* 11490Sstevel@tonic-gate * KCF software provider context template entry points. 11500Sstevel@tonic-gate */ 11510Sstevel@tonic-gate /* ARGSUSED */ 11520Sstevel@tonic-gate static int 11530Sstevel@tonic-gate aes_create_ctx_template(crypto_provider_handle_t provider, 11540Sstevel@tonic-gate crypto_mechanism_t *mechanism, crypto_key_t *key, 11550Sstevel@tonic-gate crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req) 11560Sstevel@tonic-gate { 11570Sstevel@tonic-gate 11580Sstevel@tonic-gate /* EXPORT DELETE START */ 11590Sstevel@tonic-gate 11600Sstevel@tonic-gate void *keysched; 11610Sstevel@tonic-gate size_t size; 11620Sstevel@tonic-gate int rv; 11630Sstevel@tonic-gate 1164991Smcpowers if (mechanism->cm_type != AES_ECB_MECH_INFO_TYPE && 1165991Smcpowers mechanism->cm_type != AES_CBC_MECH_INFO_TYPE && 11664486Sktung mechanism->cm_type != AES_CTR_MECH_INFO_TYPE && 11674486Sktung mechanism->cm_type != AES_CCM_MECH_INFO_TYPE) 11680Sstevel@tonic-gate return (CRYPTO_MECHANISM_INVALID); 11690Sstevel@tonic-gate 11700Sstevel@tonic-gate if ((keysched = aes_alloc_keysched(&size, 11710Sstevel@tonic-gate crypto_kmflag(req))) == NULL) { 11720Sstevel@tonic-gate return (CRYPTO_HOST_MEMORY); 11730Sstevel@tonic-gate } 11740Sstevel@tonic-gate 11750Sstevel@tonic-gate /* 11760Sstevel@tonic-gate * Initialize key schedule. Key length information is stored 11770Sstevel@tonic-gate * in the key. 11780Sstevel@tonic-gate */ 11790Sstevel@tonic-gate if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) { 11800Sstevel@tonic-gate bzero(keysched, size); 11810Sstevel@tonic-gate kmem_free(keysched, size); 11820Sstevel@tonic-gate return (rv); 11830Sstevel@tonic-gate } 11840Sstevel@tonic-gate 11850Sstevel@tonic-gate *tmpl = keysched; 11860Sstevel@tonic-gate *tmpl_size = size; 11870Sstevel@tonic-gate 11880Sstevel@tonic-gate /* EXPORT DELETE END */ 11890Sstevel@tonic-gate 11900Sstevel@tonic-gate return (CRYPTO_SUCCESS); 11910Sstevel@tonic-gate } 11920Sstevel@tonic-gate 11930Sstevel@tonic-gate /* ARGSUSED */ 11940Sstevel@tonic-gate static int 11950Sstevel@tonic-gate aes_free_context(crypto_ctx_t *ctx) 11960Sstevel@tonic-gate { 11970Sstevel@tonic-gate 11980Sstevel@tonic-gate /* EXPORT DELETE START */ 11990Sstevel@tonic-gate 12000Sstevel@tonic-gate aes_ctx_t *aes_ctx = ctx->cc_provider_private; 12010Sstevel@tonic-gate 12020Sstevel@tonic-gate if (aes_ctx != NULL) { 1203*7188Smcpowers if (aes_ctx->ac_flags & PROVIDER_OWNS_KEY_SCHEDULE) { 12040Sstevel@tonic-gate ASSERT(aes_ctx->ac_keysched_len != 0); 12050Sstevel@tonic-gate bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len); 12060Sstevel@tonic-gate kmem_free(aes_ctx->ac_keysched, 12070Sstevel@tonic-gate aes_ctx->ac_keysched_len); 12080Sstevel@tonic-gate } 1209*7188Smcpowers crypto_free_mode_ctx(aes_ctx); 12100Sstevel@tonic-gate ctx->cc_provider_private = NULL; 12110Sstevel@tonic-gate } 12120Sstevel@tonic-gate 12130Sstevel@tonic-gate /* EXPORT DELETE END */ 12140Sstevel@tonic-gate 12150Sstevel@tonic-gate return (CRYPTO_SUCCESS); 12160Sstevel@tonic-gate } 12170Sstevel@tonic-gate 12180Sstevel@tonic-gate /* ARGSUSED */ 12190Sstevel@tonic-gate static int 12200Sstevel@tonic-gate aes_common_init_ctx(aes_ctx_t *aes_ctx, crypto_spi_ctx_template_t *template, 12214486Sktung crypto_mechanism_t *mechanism, crypto_key_t *key, int kmflag, 12224486Sktung boolean_t is_encrypt_init) 12230Sstevel@tonic-gate { 12240Sstevel@tonic-gate int rv = CRYPTO_SUCCESS; 12250Sstevel@tonic-gate 12260Sstevel@tonic-gate /* EXPORT DELETE START */ 12270Sstevel@tonic-gate 12280Sstevel@tonic-gate void *keysched; 12290Sstevel@tonic-gate size_t size; 1230904Smcpowers 1231904Smcpowers if (template == NULL) { 1232904Smcpowers if ((keysched = aes_alloc_keysched(&size, kmflag)) == NULL) 1233904Smcpowers return (CRYPTO_HOST_MEMORY); 1234904Smcpowers /* 1235904Smcpowers * Initialize key schedule. 1236904Smcpowers * Key length is stored in the key. 1237904Smcpowers */ 12384486Sktung if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) { 1239904Smcpowers kmem_free(keysched, size); 12404486Sktung return (rv); 12414486Sktung } 1242904Smcpowers 1243*7188Smcpowers aes_ctx->ac_flags |= PROVIDER_OWNS_KEY_SCHEDULE; 1244904Smcpowers aes_ctx->ac_keysched_len = size; 1245904Smcpowers } else { 1246904Smcpowers keysched = template; 12470Sstevel@tonic-gate } 12480Sstevel@tonic-gate aes_ctx->ac_keysched = keysched; 12490Sstevel@tonic-gate 1250*7188Smcpowers switch (mechanism->cm_type) { 1251*7188Smcpowers case AES_CBC_MECH_INFO_TYPE: 1252*7188Smcpowers rv = cbc_init_ctx((cbc_ctx_t *)aes_ctx, mechanism->cm_param, 1253*7188Smcpowers mechanism->cm_param_len, AES_BLOCK_LEN, aes_copy_block64); 1254*7188Smcpowers break; 1255*7188Smcpowers case AES_CTR_MECH_INFO_TYPE: { 1256*7188Smcpowers CK_AES_CTR_PARAMS *pp; 1257*7188Smcpowers 1258*7188Smcpowers if (mechanism->cm_param == NULL || 1259*7188Smcpowers mechanism->cm_param_len != sizeof (CK_AES_CTR_PARAMS)) { 12604486Sktung return (CRYPTO_MECHANISM_PARAM_INVALID); 12614486Sktung } 1262*7188Smcpowers pp = (CK_AES_CTR_PARAMS *)mechanism->cm_param; 1263*7188Smcpowers rv = ctr_init_ctx((ctr_ctx_t *)aes_ctx, pp->ulCounterBits, 1264*7188Smcpowers pp->cb, aes_copy_block); 1265*7188Smcpowers break; 1266*7188Smcpowers } 1267*7188Smcpowers case AES_CCM_MECH_INFO_TYPE: 1268*7188Smcpowers if (mechanism->cm_param == NULL || 1269*7188Smcpowers mechanism->cm_param_len != sizeof (CK_AES_CCM_PARAMS)) { 1270*7188Smcpowers return (CRYPTO_MECHANISM_PARAM_INVALID); 1271*7188Smcpowers } 1272*7188Smcpowers rv = ccm_init_ctx((ccm_ctx_t *)aes_ctx, mechanism->cm_param, 1273*7188Smcpowers kmflag, is_encrypt_init, AES_BLOCK_LEN, aes_encrypt_block, 1274*7188Smcpowers aes_xor_block); 1275*7188Smcpowers break; 1276*7188Smcpowers case AES_ECB_MECH_INFO_TYPE: 1277*7188Smcpowers aes_ctx->ac_flags |= ECB_MODE; 1278*7188Smcpowers } 1279*7188Smcpowers 1280*7188Smcpowers if (rv != CRYPTO_SUCCESS) { 1281*7188Smcpowers if (aes_ctx->ac_flags & PROVIDER_OWNS_KEY_SCHEDULE) { 1282*7188Smcpowers bzero(keysched, size); 1283*7188Smcpowers kmem_free(keysched, size); 12844486Sktung } 12854486Sktung } 12864486Sktung 12870Sstevel@tonic-gate /* EXPORT DELETE END */ 12880Sstevel@tonic-gate 12890Sstevel@tonic-gate return (rv); 12900Sstevel@tonic-gate } 1291