10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*3708Skrishna * Common Development and Distribution License (the "License"). 6*3708Skrishna * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*3708Skrishna * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 270Sstevel@tonic-gate 280Sstevel@tonic-gate /* 290Sstevel@tonic-gate * RC4 provider for the Kernel Cryptographic Framework (KCF) 300Sstevel@tonic-gate */ 310Sstevel@tonic-gate 320Sstevel@tonic-gate #include <sys/types.h> 330Sstevel@tonic-gate #include <sys/systm.h> 340Sstevel@tonic-gate #include <sys/modctl.h> 350Sstevel@tonic-gate #include <sys/cmn_err.h> 360Sstevel@tonic-gate #include <sys/ddi.h> 370Sstevel@tonic-gate #include <sys/crypto/common.h> 380Sstevel@tonic-gate #include <sys/crypto/spi.h> 390Sstevel@tonic-gate #include <sys/sysmacros.h> 400Sstevel@tonic-gate #include <sys/strsun.h> 410Sstevel@tonic-gate #include <arcfour.h> 420Sstevel@tonic-gate 430Sstevel@tonic-gate extern struct mod_ops mod_cryptoops; 440Sstevel@tonic-gate 450Sstevel@tonic-gate /* 460Sstevel@tonic-gate * Module linkage information for the kernel. 470Sstevel@tonic-gate */ 480Sstevel@tonic-gate static struct modlcrypto modlcrypto = { 490Sstevel@tonic-gate &mod_cryptoops, 500Sstevel@tonic-gate "RC4 Kernel SW Provider %I%" 510Sstevel@tonic-gate }; 520Sstevel@tonic-gate 530Sstevel@tonic-gate static struct modlinkage modlinkage = { 540Sstevel@tonic-gate MODREV_1, 550Sstevel@tonic-gate (void *)&modlcrypto, 560Sstevel@tonic-gate NULL 570Sstevel@tonic-gate }; 580Sstevel@tonic-gate 590Sstevel@tonic-gate /* 600Sstevel@tonic-gate * CSPI information (entry points, provider info, etc.) 610Sstevel@tonic-gate */ 620Sstevel@tonic-gate 630Sstevel@tonic-gate #define RC4_MECH_INFO_TYPE 0 640Sstevel@tonic-gate /* 650Sstevel@tonic-gate * Mechanism info structure passed to KCF during registration. 660Sstevel@tonic-gate */ 670Sstevel@tonic-gate static crypto_mech_info_t rc4_mech_info_tab[] = { 680Sstevel@tonic-gate {SUN_CKM_RC4, RC4_MECH_INFO_TYPE, 690Sstevel@tonic-gate CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC | 700Sstevel@tonic-gate CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC, 710Sstevel@tonic-gate ARCFOUR_MIN_KEY_BITS, ARCFOUR_MAX_KEY_BITS, 72*3708Skrishna CRYPTO_KEYSIZE_UNIT_IN_BITS | CRYPTO_CAN_SHARE_OPSTATE} 730Sstevel@tonic-gate }; 740Sstevel@tonic-gate 750Sstevel@tonic-gate static void rc4_provider_status(crypto_provider_handle_t, uint_t *); 760Sstevel@tonic-gate 770Sstevel@tonic-gate static crypto_control_ops_t rc4_control_ops = { 780Sstevel@tonic-gate rc4_provider_status 790Sstevel@tonic-gate }; 800Sstevel@tonic-gate 810Sstevel@tonic-gate static int rc4_common_init(crypto_ctx_t *, crypto_mechanism_t *, 820Sstevel@tonic-gate crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 830Sstevel@tonic-gate 840Sstevel@tonic-gate static int rc4_crypt_update(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 850Sstevel@tonic-gate crypto_req_handle_t); 860Sstevel@tonic-gate 870Sstevel@tonic-gate static int rc4_crypt_final(crypto_ctx_t *, crypto_data_t *, 880Sstevel@tonic-gate crypto_req_handle_t); 890Sstevel@tonic-gate 900Sstevel@tonic-gate static int rc4_crypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, 910Sstevel@tonic-gate crypto_req_handle_t); 920Sstevel@tonic-gate 930Sstevel@tonic-gate static int rc4_crypt_atomic(crypto_provider_handle_t, crypto_session_id_t, 940Sstevel@tonic-gate crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, 950Sstevel@tonic-gate crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t); 960Sstevel@tonic-gate 970Sstevel@tonic-gate 980Sstevel@tonic-gate static crypto_cipher_ops_t rc4_cipher_ops = { 990Sstevel@tonic-gate rc4_common_init, 1000Sstevel@tonic-gate rc4_crypt, 1010Sstevel@tonic-gate rc4_crypt_update, 1020Sstevel@tonic-gate rc4_crypt_final, 1030Sstevel@tonic-gate rc4_crypt_atomic, 1040Sstevel@tonic-gate rc4_common_init, 1050Sstevel@tonic-gate rc4_crypt, 1060Sstevel@tonic-gate rc4_crypt_update, 1070Sstevel@tonic-gate rc4_crypt_final, 1080Sstevel@tonic-gate rc4_crypt_atomic 1090Sstevel@tonic-gate }; 1100Sstevel@tonic-gate 1110Sstevel@tonic-gate static int rc4_free_context(crypto_ctx_t *); 1120Sstevel@tonic-gate 1130Sstevel@tonic-gate static crypto_ctx_ops_t rc4_ctx_ops = { 1140Sstevel@tonic-gate NULL, 1150Sstevel@tonic-gate rc4_free_context 1160Sstevel@tonic-gate }; 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate static crypto_ops_t rc4_crypto_ops = { 1190Sstevel@tonic-gate &rc4_control_ops, 1200Sstevel@tonic-gate NULL, 1210Sstevel@tonic-gate &rc4_cipher_ops, 1220Sstevel@tonic-gate NULL, 1230Sstevel@tonic-gate NULL, 1240Sstevel@tonic-gate NULL, 1250Sstevel@tonic-gate NULL, 1260Sstevel@tonic-gate NULL, 1270Sstevel@tonic-gate NULL, 1280Sstevel@tonic-gate NULL, 1290Sstevel@tonic-gate NULL, 1300Sstevel@tonic-gate NULL, 1310Sstevel@tonic-gate NULL, 1320Sstevel@tonic-gate &rc4_ctx_ops 1330Sstevel@tonic-gate }; 1340Sstevel@tonic-gate 1350Sstevel@tonic-gate static crypto_provider_info_t rc4_prov_info = { 1360Sstevel@tonic-gate CRYPTO_SPI_VERSION_1, 1370Sstevel@tonic-gate "RC4 Software Provider", 1380Sstevel@tonic-gate CRYPTO_SW_PROVIDER, 1390Sstevel@tonic-gate {&modlinkage}, 1400Sstevel@tonic-gate NULL, 1410Sstevel@tonic-gate &rc4_crypto_ops, 1420Sstevel@tonic-gate sizeof (rc4_mech_info_tab)/sizeof (crypto_mech_info_t), 1430Sstevel@tonic-gate rc4_mech_info_tab 1440Sstevel@tonic-gate }; 1450Sstevel@tonic-gate 1460Sstevel@tonic-gate static crypto_kcf_provider_handle_t rc4_prov_handle = NULL; 1470Sstevel@tonic-gate 1480Sstevel@tonic-gate static mblk_t *advance_position(mblk_t *, off_t, uchar_t **); 1490Sstevel@tonic-gate static int crypto_arcfour_crypt(ARCFour_key *, uchar_t *, crypto_data_t *, 1500Sstevel@tonic-gate int); 1510Sstevel@tonic-gate 1520Sstevel@tonic-gate int 1530Sstevel@tonic-gate _init(void) 1540Sstevel@tonic-gate { 1550Sstevel@tonic-gate int ret; 1560Sstevel@tonic-gate 1570Sstevel@tonic-gate /* 1580Sstevel@tonic-gate * Register with KCF. If the registration fails, log an error 1590Sstevel@tonic-gate * and uninstall the module. 1600Sstevel@tonic-gate */ 1610Sstevel@tonic-gate if ((ret = crypto_register_provider(&rc4_prov_info, 1620Sstevel@tonic-gate &rc4_prov_handle)) != CRYPTO_SUCCESS) { 1630Sstevel@tonic-gate cmn_err(CE_WARN, "_init: crypto_register_provider(%s)" 1640Sstevel@tonic-gate "failed (0x%x)", "arcfour", ret); 1650Sstevel@tonic-gate return (EACCES); 1660Sstevel@tonic-gate } 1670Sstevel@tonic-gate 1680Sstevel@tonic-gate if ((ret = mod_install(&modlinkage)) != 0) { 1690Sstevel@tonic-gate int rv; 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate ASSERT(rc4_prov_handle != NULL); 1720Sstevel@tonic-gate /* We should not return if the unregister returns busy. */ 1730Sstevel@tonic-gate while ((rv = crypto_unregister_provider(rc4_prov_handle)) 1740Sstevel@tonic-gate == CRYPTO_BUSY) { 1750Sstevel@tonic-gate cmn_err(CE_WARN, "_init: crypto_unregister_provider(%s)" 1760Sstevel@tonic-gate " failed (0x%x). Retrying.", "arcfour", rv); 1770Sstevel@tonic-gate /* wait 10 seconds and try again. */ 1780Sstevel@tonic-gate delay(10 * drv_usectohz(1000000)); 1790Sstevel@tonic-gate } 1800Sstevel@tonic-gate } 1810Sstevel@tonic-gate 1820Sstevel@tonic-gate return (0); 1830Sstevel@tonic-gate } 1840Sstevel@tonic-gate 1850Sstevel@tonic-gate int 1860Sstevel@tonic-gate _fini(void) 1870Sstevel@tonic-gate { 1880Sstevel@tonic-gate int ret; 1890Sstevel@tonic-gate 1900Sstevel@tonic-gate /* 1910Sstevel@tonic-gate * Unregister from KCF if previous registration succeeded. 1920Sstevel@tonic-gate */ 1930Sstevel@tonic-gate if (rc4_prov_handle != NULL) { 1940Sstevel@tonic-gate if ((ret = crypto_unregister_provider(rc4_prov_handle)) != 1950Sstevel@tonic-gate CRYPTO_SUCCESS) { 1960Sstevel@tonic-gate cmn_err(CE_WARN, "_fini: crypto_unregister_provider(%s)" 1970Sstevel@tonic-gate " failed (0x%x)", "arcfour", ret); 1980Sstevel@tonic-gate return (EBUSY); 1990Sstevel@tonic-gate } 2000Sstevel@tonic-gate rc4_prov_handle = NULL; 2010Sstevel@tonic-gate } 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate return (mod_remove(&modlinkage)); 2040Sstevel@tonic-gate } 2050Sstevel@tonic-gate 2060Sstevel@tonic-gate int 2070Sstevel@tonic-gate _info(struct modinfo *modinfop) 2080Sstevel@tonic-gate { 2090Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop)); 2100Sstevel@tonic-gate } 2110Sstevel@tonic-gate 2120Sstevel@tonic-gate 2130Sstevel@tonic-gate /* 2140Sstevel@tonic-gate * KCF software provider control entry points. 2150Sstevel@tonic-gate */ 2160Sstevel@tonic-gate /* ARGSUSED */ 2170Sstevel@tonic-gate static void 2180Sstevel@tonic-gate rc4_provider_status(crypto_provider_handle_t provider, uint_t *status) 2190Sstevel@tonic-gate { 2200Sstevel@tonic-gate *status = CRYPTO_PROVIDER_READY; 2210Sstevel@tonic-gate } 2220Sstevel@tonic-gate 2230Sstevel@tonic-gate /* ARGSUSED */ 2240Sstevel@tonic-gate static int 2250Sstevel@tonic-gate rc4_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, 2260Sstevel@tonic-gate crypto_key_t *key, crypto_spi_ctx_template_t template, 2270Sstevel@tonic-gate crypto_req_handle_t req) 2280Sstevel@tonic-gate { 2290Sstevel@tonic-gate 2300Sstevel@tonic-gate /* EXPORT DELETE START */ 2310Sstevel@tonic-gate 2320Sstevel@tonic-gate ARCFour_key *keystream; 2330Sstevel@tonic-gate 2340Sstevel@tonic-gate if ((mechanism)->cm_type != RC4_MECH_INFO_TYPE) 2350Sstevel@tonic-gate return (CRYPTO_MECHANISM_INVALID); 2360Sstevel@tonic-gate 2370Sstevel@tonic-gate if (key->ck_format != CRYPTO_KEY_RAW) 2380Sstevel@tonic-gate return (CRYPTO_KEY_TYPE_INCONSISTENT); 2390Sstevel@tonic-gate 2400Sstevel@tonic-gate if (key->ck_length < ARCFOUR_MIN_KEY_BITS || 2410Sstevel@tonic-gate key->ck_length > ARCFOUR_MAX_KEY_BITS) { 2420Sstevel@tonic-gate return (CRYPTO_KEY_SIZE_RANGE); 2430Sstevel@tonic-gate } 2440Sstevel@tonic-gate 2450Sstevel@tonic-gate /* 2460Sstevel@tonic-gate * Allocate an RC4 key stream. 2470Sstevel@tonic-gate */ 2480Sstevel@tonic-gate if ((keystream = kmem_alloc(sizeof (ARCFour_key), 2490Sstevel@tonic-gate crypto_kmflag(req))) == NULL) 2500Sstevel@tonic-gate return (CRYPTO_HOST_MEMORY); 2510Sstevel@tonic-gate 2520Sstevel@tonic-gate arcfour_key_init(keystream, key->ck_data, key->ck_length >> 3); 2530Sstevel@tonic-gate 2540Sstevel@tonic-gate ctx->cc_provider_private = keystream; 2550Sstevel@tonic-gate 2560Sstevel@tonic-gate /* EXPORT DELETE END */ 2570Sstevel@tonic-gate 2580Sstevel@tonic-gate return (CRYPTO_SUCCESS); 2590Sstevel@tonic-gate } 2600Sstevel@tonic-gate 2610Sstevel@tonic-gate static int 2620Sstevel@tonic-gate rc4_crypt(crypto_ctx_t *ctx, crypto_data_t *input, crypto_data_t *output, 2630Sstevel@tonic-gate crypto_req_handle_t req) 2640Sstevel@tonic-gate { 2650Sstevel@tonic-gate int ret; 2660Sstevel@tonic-gate 2670Sstevel@tonic-gate ret = rc4_crypt_update(ctx, input, output, req); 2680Sstevel@tonic-gate 2690Sstevel@tonic-gate if (ret != CRYPTO_BUFFER_TOO_SMALL) 2700Sstevel@tonic-gate (void) rc4_free_context(ctx); 2710Sstevel@tonic-gate 2720Sstevel@tonic-gate return (ret); 2730Sstevel@tonic-gate } 2740Sstevel@tonic-gate 2750Sstevel@tonic-gate /* ARGSUSED */ 2760Sstevel@tonic-gate static int 2770Sstevel@tonic-gate rc4_crypt_update(crypto_ctx_t *ctx, crypto_data_t *input, crypto_data_t *output, 2780Sstevel@tonic-gate crypto_req_handle_t req) 2790Sstevel@tonic-gate { 2800Sstevel@tonic-gate int ret = CRYPTO_SUCCESS; 2810Sstevel@tonic-gate 2820Sstevel@tonic-gate /* EXPORT DELETE START */ 2830Sstevel@tonic-gate 2840Sstevel@tonic-gate ARCFour_key *key; 2850Sstevel@tonic-gate off_t saveoffset; 2860Sstevel@tonic-gate 2870Sstevel@tonic-gate ASSERT(ctx->cc_provider_private != NULL); 2880Sstevel@tonic-gate 289*3708Skrishna if ((ctx->cc_flags & CRYPTO_USE_OPSTATE) && ctx->cc_opstate != NULL) 290*3708Skrishna key = ctx->cc_opstate; 291*3708Skrishna else 292*3708Skrishna key = ctx->cc_provider_private; 2930Sstevel@tonic-gate 2940Sstevel@tonic-gate /* Simple case: in-line encipherment */ 2950Sstevel@tonic-gate 2960Sstevel@tonic-gate if (output == NULL) { 2970Sstevel@tonic-gate switch (input->cd_format) { 2980Sstevel@tonic-gate case CRYPTO_DATA_RAW: { 2990Sstevel@tonic-gate char *start, *end; 3000Sstevel@tonic-gate start = input->cd_raw.iov_base + input->cd_offset; 3010Sstevel@tonic-gate 3020Sstevel@tonic-gate end = input->cd_raw.iov_base + input->cd_raw.iov_len; 3030Sstevel@tonic-gate 3040Sstevel@tonic-gate if (start + input->cd_length > end) 3050Sstevel@tonic-gate return (CRYPTO_DATA_INVALID); 3060Sstevel@tonic-gate 3070Sstevel@tonic-gate arcfour_crypt(key, (uchar_t *)start, (uchar_t *)start, 3080Sstevel@tonic-gate input->cd_length); 3090Sstevel@tonic-gate break; 3100Sstevel@tonic-gate } 3110Sstevel@tonic-gate case CRYPTO_DATA_MBLK: { 3120Sstevel@tonic-gate uchar_t *start, *end; 3130Sstevel@tonic-gate size_t len, left; 3140Sstevel@tonic-gate mblk_t *mp = input->cd_mp, *mp1, *mp2; 3150Sstevel@tonic-gate 3160Sstevel@tonic-gate ASSERT(mp != NULL); 3170Sstevel@tonic-gate 3180Sstevel@tonic-gate mp1 = advance_position(mp, input->cd_offset, &start); 3190Sstevel@tonic-gate 3200Sstevel@tonic-gate if (mp1 == NULL) 3210Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 3220Sstevel@tonic-gate 3230Sstevel@tonic-gate mp2 = advance_position(mp, input->cd_offset + 3240Sstevel@tonic-gate input->cd_length, &end); 3250Sstevel@tonic-gate 3260Sstevel@tonic-gate if (mp2 == NULL) 3270Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 3280Sstevel@tonic-gate 3290Sstevel@tonic-gate left = input->cd_length; 3300Sstevel@tonic-gate while (mp1 != NULL) { 3310Sstevel@tonic-gate if (mp1->b_wptr - start > left) { 3320Sstevel@tonic-gate len = left; 3330Sstevel@tonic-gate arcfour_crypt(key, start, start, len); 3340Sstevel@tonic-gate mp1 = NULL; 3350Sstevel@tonic-gate } else { 3360Sstevel@tonic-gate len = mp1->b_wptr - start; 3370Sstevel@tonic-gate arcfour_crypt(key, start, start, len); 3380Sstevel@tonic-gate mp1 = mp1->b_cont; 3390Sstevel@tonic-gate start = mp1->b_rptr; 3400Sstevel@tonic-gate left -= len; 3410Sstevel@tonic-gate } 3420Sstevel@tonic-gate } 3430Sstevel@tonic-gate break; 3440Sstevel@tonic-gate } 3450Sstevel@tonic-gate case CRYPTO_DATA_UIO: { 3460Sstevel@tonic-gate uio_t *uiop = input->cd_uio; 3470Sstevel@tonic-gate off_t offset = input->cd_offset; 3480Sstevel@tonic-gate size_t length = input->cd_length; 3490Sstevel@tonic-gate uint_t vec_idx; 3500Sstevel@tonic-gate size_t cur_len; 3510Sstevel@tonic-gate 3520Sstevel@tonic-gate /* 3530Sstevel@tonic-gate * Jump to the first iovec containing data to be 3540Sstevel@tonic-gate * processed. 3550Sstevel@tonic-gate */ 3560Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt && 3570Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len; 3580Sstevel@tonic-gate offset -= uiop->uio_iov[vec_idx++].iov_len); 3590Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) { 3600Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 3610Sstevel@tonic-gate } 3620Sstevel@tonic-gate 3630Sstevel@tonic-gate /* 3640Sstevel@tonic-gate * Now process the iovecs. 3650Sstevel@tonic-gate */ 3660Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && length > 0) { 3670Sstevel@tonic-gate uchar_t *start; 3680Sstevel@tonic-gate iovec_t *iovp = &(uiop->uio_iov[vec_idx]); 3690Sstevel@tonic-gate 3700Sstevel@tonic-gate cur_len = MIN(iovp->iov_len - offset, length); 3710Sstevel@tonic-gate 3720Sstevel@tonic-gate start = (uchar_t *)(iovp->iov_base + offset); 3730Sstevel@tonic-gate arcfour_crypt(key, start + offset, 3740Sstevel@tonic-gate start + offset, cur_len); 3750Sstevel@tonic-gate 3760Sstevel@tonic-gate length -= cur_len; 3770Sstevel@tonic-gate vec_idx++; 3780Sstevel@tonic-gate offset = 0; 3790Sstevel@tonic-gate } 3800Sstevel@tonic-gate 3810Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && length > 0) { 3820Sstevel@tonic-gate 3830Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 3840Sstevel@tonic-gate } 3850Sstevel@tonic-gate break; 3860Sstevel@tonic-gate } 3870Sstevel@tonic-gate } 3880Sstevel@tonic-gate return (CRYPTO_SUCCESS); 3890Sstevel@tonic-gate } 3900Sstevel@tonic-gate 3910Sstevel@tonic-gate /* 3920Sstevel@tonic-gate * We need to just return the length needed to store the output. 3930Sstevel@tonic-gate * We should not destroy the context for the following case. 3940Sstevel@tonic-gate */ 3950Sstevel@tonic-gate 3960Sstevel@tonic-gate if (input->cd_length > output->cd_length) { 3970Sstevel@tonic-gate output->cd_length = input->cd_length; 3980Sstevel@tonic-gate return (CRYPTO_BUFFER_TOO_SMALL); 3990Sstevel@tonic-gate } 4000Sstevel@tonic-gate 4010Sstevel@tonic-gate saveoffset = output->cd_offset; 4020Sstevel@tonic-gate 4030Sstevel@tonic-gate switch (input->cd_format) { 4040Sstevel@tonic-gate case CRYPTO_DATA_RAW: { 4050Sstevel@tonic-gate char *start, *end; 4060Sstevel@tonic-gate start = input->cd_raw.iov_base + input->cd_offset; 4070Sstevel@tonic-gate 4080Sstevel@tonic-gate end = input->cd_raw.iov_base + input->cd_raw.iov_len; 4090Sstevel@tonic-gate 4100Sstevel@tonic-gate if (start + input->cd_length > end) 4110Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 4120Sstevel@tonic-gate 4130Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, (uchar_t *)start, output, 4140Sstevel@tonic-gate input->cd_length); 4150Sstevel@tonic-gate 4160Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 4170Sstevel@tonic-gate return (ret); 4180Sstevel@tonic-gate break; 4190Sstevel@tonic-gate } 4200Sstevel@tonic-gate case CRYPTO_DATA_MBLK: { 4210Sstevel@tonic-gate uchar_t *start, *end; 4220Sstevel@tonic-gate size_t len, left; 4230Sstevel@tonic-gate mblk_t *mp = input->cd_mp, *mp1, *mp2; 4240Sstevel@tonic-gate 4250Sstevel@tonic-gate ASSERT(mp != NULL); 4260Sstevel@tonic-gate 4270Sstevel@tonic-gate mp1 = advance_position(mp, input->cd_offset, &start); 4280Sstevel@tonic-gate 4290Sstevel@tonic-gate if (mp1 == NULL) 4300Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 4310Sstevel@tonic-gate 4320Sstevel@tonic-gate mp2 = advance_position(mp, input->cd_offset + input->cd_length, 4330Sstevel@tonic-gate &end); 4340Sstevel@tonic-gate 4350Sstevel@tonic-gate if (mp2 == NULL) 4360Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 4370Sstevel@tonic-gate 4380Sstevel@tonic-gate left = input->cd_length; 4390Sstevel@tonic-gate while (mp1 != NULL) { 4400Sstevel@tonic-gate if (mp1->b_wptr - start > left) { 4410Sstevel@tonic-gate len = left; 4420Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, start, output, 4430Sstevel@tonic-gate len); 4440Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 4450Sstevel@tonic-gate return (ret); 4460Sstevel@tonic-gate mp1 = NULL; 4470Sstevel@tonic-gate } else { 4480Sstevel@tonic-gate len = mp1->b_wptr - start; 4490Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, start, output, 4500Sstevel@tonic-gate len); 4510Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 4520Sstevel@tonic-gate return (ret); 4530Sstevel@tonic-gate mp1 = mp1->b_cont; 4540Sstevel@tonic-gate start = mp1->b_rptr; 4550Sstevel@tonic-gate left -= len; 4560Sstevel@tonic-gate output->cd_offset += len; 4570Sstevel@tonic-gate } 4580Sstevel@tonic-gate } 4590Sstevel@tonic-gate break; 4600Sstevel@tonic-gate } 4610Sstevel@tonic-gate case CRYPTO_DATA_UIO: { 4620Sstevel@tonic-gate uio_t *uiop = input->cd_uio; 4630Sstevel@tonic-gate off_t offset = input->cd_offset; 4640Sstevel@tonic-gate size_t length = input->cd_length; 4650Sstevel@tonic-gate uint_t vec_idx; 4660Sstevel@tonic-gate size_t cur_len; 4670Sstevel@tonic-gate 4680Sstevel@tonic-gate /* 4690Sstevel@tonic-gate * Jump to the first iovec containing data to be 4700Sstevel@tonic-gate * processed. 4710Sstevel@tonic-gate */ 4720Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt && 4730Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len; 4740Sstevel@tonic-gate offset -= uiop->uio_iov[vec_idx++].iov_len); 4750Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) { 4760Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 4770Sstevel@tonic-gate } 4780Sstevel@tonic-gate 4790Sstevel@tonic-gate /* 4800Sstevel@tonic-gate * Now process the iovecs. 4810Sstevel@tonic-gate */ 4820Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && length > 0) { 4830Sstevel@tonic-gate uchar_t *start; 4840Sstevel@tonic-gate iovec_t *iovp = &(uiop->uio_iov[vec_idx]); 4850Sstevel@tonic-gate cur_len = MIN(iovp->iov_len - offset, length); 4860Sstevel@tonic-gate 4870Sstevel@tonic-gate start = (uchar_t *)(iovp->iov_base + offset); 4880Sstevel@tonic-gate ret = crypto_arcfour_crypt(key, start + offset, 4890Sstevel@tonic-gate output, cur_len); 4900Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 4910Sstevel@tonic-gate return (ret); 4920Sstevel@tonic-gate 4930Sstevel@tonic-gate length -= cur_len; 4940Sstevel@tonic-gate vec_idx++; 4950Sstevel@tonic-gate offset = 0; 4960Sstevel@tonic-gate output->cd_offset += cur_len; 4970Sstevel@tonic-gate } 4980Sstevel@tonic-gate 4990Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && length > 0) { 5000Sstevel@tonic-gate 5010Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 5020Sstevel@tonic-gate } 5030Sstevel@tonic-gate } 5040Sstevel@tonic-gate } 5050Sstevel@tonic-gate 5060Sstevel@tonic-gate output->cd_offset = saveoffset; 5070Sstevel@tonic-gate output->cd_length = input->cd_length; 5080Sstevel@tonic-gate 5090Sstevel@tonic-gate /* EXPORT DELETE END */ 5100Sstevel@tonic-gate 5110Sstevel@tonic-gate return (ret); 5120Sstevel@tonic-gate } 5130Sstevel@tonic-gate 5140Sstevel@tonic-gate /* ARGSUSED */ 5150Sstevel@tonic-gate static int rc4_crypt_final(crypto_ctx_t *ctx, crypto_data_t *data, 5160Sstevel@tonic-gate crypto_req_handle_t req) 5170Sstevel@tonic-gate { 5180Sstevel@tonic-gate /* No final part for streams ciphers. Just free the context */ 5190Sstevel@tonic-gate if (data != NULL) 5200Sstevel@tonic-gate data->cd_length = 0; 5210Sstevel@tonic-gate 5220Sstevel@tonic-gate return (rc4_free_context(ctx)); 5230Sstevel@tonic-gate } 5240Sstevel@tonic-gate 5250Sstevel@tonic-gate /* ARGSUSED */ 5260Sstevel@tonic-gate static int 5270Sstevel@tonic-gate rc4_crypt_atomic(crypto_provider_handle_t handle, crypto_session_id_t session, 5280Sstevel@tonic-gate crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *input, 5290Sstevel@tonic-gate crypto_data_t *output, crypto_spi_ctx_template_t template, 5300Sstevel@tonic-gate crypto_req_handle_t req) 5310Sstevel@tonic-gate { 5320Sstevel@tonic-gate crypto_ctx_t ctx; 5330Sstevel@tonic-gate int ret; 5340Sstevel@tonic-gate 535*3708Skrishna bzero(&ctx, sizeof (crypto_ctx_t)); 5360Sstevel@tonic-gate ret = rc4_common_init(&ctx, mechanism, key, template, req); 5370Sstevel@tonic-gate 5380Sstevel@tonic-gate if (ret != CRYPTO_SUCCESS) 5390Sstevel@tonic-gate return (ret); 5400Sstevel@tonic-gate 5410Sstevel@tonic-gate ret = rc4_crypt_update(&ctx, input, output, req); 5420Sstevel@tonic-gate 5430Sstevel@tonic-gate (void) rc4_free_context(&ctx); 5440Sstevel@tonic-gate 5450Sstevel@tonic-gate return (ret); 5460Sstevel@tonic-gate } 5470Sstevel@tonic-gate 5480Sstevel@tonic-gate /* ARGSUSED */ 5490Sstevel@tonic-gate static int 5500Sstevel@tonic-gate rc4_free_context(crypto_ctx_t *ctx) 5510Sstevel@tonic-gate { 5520Sstevel@tonic-gate 5530Sstevel@tonic-gate /* EXPORT DELETE START */ 5540Sstevel@tonic-gate 5550Sstevel@tonic-gate ARCFour_key *keystream = ctx->cc_provider_private; 5560Sstevel@tonic-gate 5570Sstevel@tonic-gate if (keystream != NULL) { 5580Sstevel@tonic-gate bzero(keystream, sizeof (ARCFour_key)); 5590Sstevel@tonic-gate kmem_free(keystream, sizeof (ARCFour_key)); 5600Sstevel@tonic-gate ctx->cc_provider_private = NULL; 5610Sstevel@tonic-gate } 5620Sstevel@tonic-gate 5630Sstevel@tonic-gate /* EXPORT DELETE END */ 5640Sstevel@tonic-gate 5650Sstevel@tonic-gate return (CRYPTO_SUCCESS); 5660Sstevel@tonic-gate } 5670Sstevel@tonic-gate 5680Sstevel@tonic-gate /* Encrypts a contiguous input 'in' into the 'out' crypto_data_t */ 5690Sstevel@tonic-gate 5700Sstevel@tonic-gate static int 5710Sstevel@tonic-gate crypto_arcfour_crypt(ARCFour_key *key, uchar_t *in, crypto_data_t *out, 5720Sstevel@tonic-gate int length) 5730Sstevel@tonic-gate { 5740Sstevel@tonic-gate switch (out->cd_format) { 5750Sstevel@tonic-gate case CRYPTO_DATA_RAW: { 5760Sstevel@tonic-gate uchar_t *start, *end; 5770Sstevel@tonic-gate start = (uchar_t *)(out->cd_raw.iov_base + 5780Sstevel@tonic-gate out->cd_offset); 5790Sstevel@tonic-gate 5800Sstevel@tonic-gate end = (uchar_t *)(out->cd_raw.iov_base + 5810Sstevel@tonic-gate out->cd_raw.iov_len); 5820Sstevel@tonic-gate 5830Sstevel@tonic-gate if (start + out->cd_length > end) 5840Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 5850Sstevel@tonic-gate 5860Sstevel@tonic-gate arcfour_crypt(key, in, start, length); 5870Sstevel@tonic-gate 5880Sstevel@tonic-gate return (CRYPTO_SUCCESS); 5890Sstevel@tonic-gate } 5900Sstevel@tonic-gate case CRYPTO_DATA_MBLK: { 5910Sstevel@tonic-gate uchar_t *start, *end; 5920Sstevel@tonic-gate size_t len, left; 5930Sstevel@tonic-gate mblk_t *mp = out->cd_mp, *mp1, *mp2; 5940Sstevel@tonic-gate 5950Sstevel@tonic-gate ASSERT(mp != NULL); 5960Sstevel@tonic-gate 5970Sstevel@tonic-gate mp1 = advance_position(mp, out->cd_offset, &start); 5980Sstevel@tonic-gate 5990Sstevel@tonic-gate if (mp1 == NULL) 6000Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 6010Sstevel@tonic-gate 6020Sstevel@tonic-gate mp2 = advance_position(mp, out->cd_offset + 6030Sstevel@tonic-gate out->cd_length, &end); 6040Sstevel@tonic-gate 6050Sstevel@tonic-gate if (mp2 == NULL) 6060Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 6070Sstevel@tonic-gate 6080Sstevel@tonic-gate left = length; 6090Sstevel@tonic-gate while (mp1 != NULL) { 6100Sstevel@tonic-gate if (mp1->b_wptr - start > left) { 6110Sstevel@tonic-gate len = left; 6120Sstevel@tonic-gate arcfour_crypt(key, in, start, len); 6130Sstevel@tonic-gate mp1 = NULL; 6140Sstevel@tonic-gate } else { 6150Sstevel@tonic-gate len = mp1->b_wptr - start; 6160Sstevel@tonic-gate arcfour_crypt(key, in, start, len); 6170Sstevel@tonic-gate mp1 = mp1->b_cont; 6180Sstevel@tonic-gate start = mp1->b_rptr; 6190Sstevel@tonic-gate left -= len; 6200Sstevel@tonic-gate } 6210Sstevel@tonic-gate } 6220Sstevel@tonic-gate break; 6230Sstevel@tonic-gate } 6240Sstevel@tonic-gate case CRYPTO_DATA_UIO: { 6250Sstevel@tonic-gate uio_t *uiop = out->cd_uio; 6260Sstevel@tonic-gate off_t offset = out->cd_offset; 6270Sstevel@tonic-gate size_t len = length; 6280Sstevel@tonic-gate uint_t vec_idx; 6290Sstevel@tonic-gate size_t cur_len; 6300Sstevel@tonic-gate 6310Sstevel@tonic-gate /* 6320Sstevel@tonic-gate * Jump to the first iovec containing data to be 6330Sstevel@tonic-gate * processed. 6340Sstevel@tonic-gate */ 6350Sstevel@tonic-gate for (vec_idx = 0; vec_idx < uiop->uio_iovcnt && 6360Sstevel@tonic-gate offset >= uiop->uio_iov[vec_idx].iov_len; 6370Sstevel@tonic-gate offset -= uiop->uio_iov[vec_idx++].iov_len); 6380Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt) { 6390Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 6400Sstevel@tonic-gate } 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate /* 6430Sstevel@tonic-gate * Now process the iovecs. 6440Sstevel@tonic-gate */ 6450Sstevel@tonic-gate while (vec_idx < uiop->uio_iovcnt && len > 0) { 6460Sstevel@tonic-gate uchar_t *start; 6470Sstevel@tonic-gate iovec_t *iovp = &(uiop->uio_iov[vec_idx]); 6480Sstevel@tonic-gate cur_len = MIN(iovp->iov_len - offset, len); 6490Sstevel@tonic-gate 6500Sstevel@tonic-gate start = (uchar_t *)(iovp->iov_base + offset); 6510Sstevel@tonic-gate arcfour_crypt(key, start + offset, 6520Sstevel@tonic-gate start + offset, cur_len); 6530Sstevel@tonic-gate 6540Sstevel@tonic-gate len -= cur_len; 6550Sstevel@tonic-gate vec_idx++; 6560Sstevel@tonic-gate offset = 0; 6570Sstevel@tonic-gate } 6580Sstevel@tonic-gate 6590Sstevel@tonic-gate if (vec_idx == uiop->uio_iovcnt && len > 0) { 6600Sstevel@tonic-gate return (CRYPTO_DATA_LEN_RANGE); 6610Sstevel@tonic-gate } 6620Sstevel@tonic-gate break; 6630Sstevel@tonic-gate } 6640Sstevel@tonic-gate default: 6650Sstevel@tonic-gate return (CRYPTO_DATA_INVALID); 6660Sstevel@tonic-gate } 6670Sstevel@tonic-gate return (CRYPTO_SUCCESS); 6680Sstevel@tonic-gate } 6690Sstevel@tonic-gate 6700Sstevel@tonic-gate /* 6710Sstevel@tonic-gate * Advances 'offset' bytes from the beginning of the first block in 'mp', 6720Sstevel@tonic-gate * possibly jumping across b_cont boundary 6730Sstevel@tonic-gate * '*cpp' is set to the position of the byte we want, and the block where 6740Sstevel@tonic-gate * 'cpp' is returned. 6750Sstevel@tonic-gate */ 6760Sstevel@tonic-gate static mblk_t * 6770Sstevel@tonic-gate advance_position(mblk_t *mp, off_t offset, uchar_t **cpp) 6780Sstevel@tonic-gate { 6790Sstevel@tonic-gate mblk_t *mp1 = mp; 6800Sstevel@tonic-gate size_t l; 6810Sstevel@tonic-gate off_t o = offset; 6820Sstevel@tonic-gate 6830Sstevel@tonic-gate while (mp1 != NULL) { 6840Sstevel@tonic-gate l = MBLKL(mp1); 6850Sstevel@tonic-gate 6860Sstevel@tonic-gate if (l <= o) { 6870Sstevel@tonic-gate o -= l; 6880Sstevel@tonic-gate mp1 = mp1->b_cont; 6890Sstevel@tonic-gate } else { 6900Sstevel@tonic-gate *cpp = (uchar_t *)(mp1->b_rptr + o); 6910Sstevel@tonic-gate break; 6920Sstevel@tonic-gate } 6930Sstevel@tonic-gate } 6940Sstevel@tonic-gate return (mp1); 6950Sstevel@tonic-gate } 696