Print this page
first pass

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/crypto/io/aes.c
          +++ new/usr/src/uts/common/crypto/io/aes.c
↓ open down ↓ 298 lines elided ↑ open up ↑
 299  299              mechanism->cm_param_len != param_len) {
 300  300                  rv = CRYPTO_MECHANISM_PARAM_INVALID;
 301  301          }
 302  302          if (ctx != NULL) {
 303  303                  p = (alloc_fun)(kmflag);
 304  304                  *ctx = p;
 305  305          }
 306  306          return (rv);
 307  307  }
 308  308  
 309      -/* EXPORT DELETE START */
 310      -
 311  309  /*
 312  310   * Initialize key schedules for AES
 313  311   */
 314  312  static int
 315  313  init_keysched(crypto_key_t *key, void *newbie)
 316  314  {
 317  315          /*
 318  316           * Only keys by value are supported by this module.
 319  317           */
 320  318          switch (key->ck_format) {
↓ open down ↓ 8 lines elided ↑ open up ↑
 329  327                          return (CRYPTO_KEY_SIZE_RANGE);
 330  328                  break;
 331  329          default:
 332  330                  return (CRYPTO_KEY_TYPE_INCONSISTENT);
 333  331          }
 334  332  
 335  333          aes_init_keysched(key->ck_data, key->ck_length, newbie);
 336  334          return (CRYPTO_SUCCESS);
 337  335  }
 338  336  
 339      -/* EXPORT DELETE END */
 340      -
 341  337  /*
 342  338   * KCF software provider control entry points.
 343  339   */
 344  340  /* ARGSUSED */
 345  341  static void
 346  342  aes_provider_status(crypto_provider_handle_t provider, uint_t *status)
 347  343  {
 348  344          *status = CRYPTO_PROVIDER_READY;
 349  345  }
 350  346  
↓ open down ↓ 14 lines elided ↑ open up ↑
 365  361  
 366  362  
 367  363  /*
 368  364   * KCF software provider encrypt entry points.
 369  365   */
 370  366  static int
 371  367  aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 372  368      crypto_key_t *key, crypto_spi_ctx_template_t template,
 373  369      crypto_req_handle_t req, boolean_t is_encrypt_init)
 374  370  {
 375      -
 376      -/* EXPORT DELETE START */
 377      -
 378  371          aes_ctx_t *aes_ctx;
 379  372          int rv;
 380  373          int kmflag;
 381  374  
 382  375          /*
 383  376           * Only keys by value are supported by this module.
 384  377           */
 385  378          if (key->ck_format != CRYPTO_KEY_RAW) {
 386  379                  return (CRYPTO_KEY_TYPE_INCONSISTENT);
 387  380          }
↓ open down ↓ 5 lines elided ↑ open up ↑
 393  386  
 394  387          rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, kmflag,
 395  388              is_encrypt_init);
 396  389          if (rv != CRYPTO_SUCCESS) {
 397  390                  crypto_free_mode_ctx(aes_ctx);
 398  391                  return (rv);
 399  392          }
 400  393  
 401  394          ctx->cc_provider_private = aes_ctx;
 402  395  
 403      -/* EXPORT DELETE END */
 404      -
 405  396          return (CRYPTO_SUCCESS);
 406  397  }
 407  398  
 408  399  static void
 409  400  aes_copy_block64(uint8_t *in, uint64_t *out)
 410  401  {
 411  402          if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
 412  403                  /* LINTED: pointer alignment */
 413  404                  out[0] = *(uint64_t *)&in[0];
 414  405                  /* LINTED: pointer alignment */
↓ open down ↓ 5 lines elided ↑ open up ↑
 420  411          }
 421  412  }
 422  413  
 423  414  
 424  415  static int
 425  416  aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 426  417      crypto_data_t *ciphertext, crypto_req_handle_t req)
 427  418  {
 428  419          int ret = CRYPTO_FAILED;
 429  420  
 430      -/* EXPORT DELETE START */
 431      -
 432  421          aes_ctx_t *aes_ctx;
 433  422          size_t saved_length, saved_offset, length_needed;
 434  423  
 435  424          ASSERT(ctx->cc_provider_private != NULL);
 436  425          aes_ctx = ctx->cc_provider_private;
 437  426  
 438  427          /*
 439  428           * For block ciphers, plaintext must be a multiple of AES block size.
 440  429           * This test is only valid for ciphers whose blocksize is a power of 2.
 441  430           */
↓ open down ↓ 85 lines elided ↑ open up ↑
 527  516                  if (plaintext != ciphertext) {
 528  517                          ciphertext->cd_length =
 529  518                              ciphertext->cd_offset - saved_offset;
 530  519                  }
 531  520                  ciphertext->cd_offset = saved_offset;
 532  521          }
 533  522  
 534  523          ASSERT(aes_ctx->ac_remainder_len == 0);
 535  524          (void) aes_free_context(ctx);
 536  525  
 537      -/* EXPORT DELETE END */
 538      -
 539  526          return (ret);
 540  527  }
 541  528  
 542  529  
 543  530  static int
 544  531  aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 545  532      crypto_data_t *plaintext, crypto_req_handle_t req)
 546  533  {
 547  534          int ret = CRYPTO_FAILED;
 548  535  
 549      -/* EXPORT DELETE START */
 550      -
 551  536          aes_ctx_t *aes_ctx;
 552  537          off_t saved_offset;
 553  538          size_t saved_length, length_needed;
 554  539  
 555  540          ASSERT(ctx->cc_provider_private != NULL);
 556  541          aes_ctx = ctx->cc_provider_private;
 557  542  
 558  543          /*
 559  544           * For block ciphers, plaintext must be a multiple of AES block size.
 560  545           * This test is only valid for ciphers whose blocksize is a power of 2.
↓ open down ↓ 84 lines elided ↑ open up ↑
 645  630                  }
 646  631  
 647  632                  plaintext->cd_offset = saved_offset;
 648  633          }
 649  634  
 650  635          ASSERT(aes_ctx->ac_remainder_len == 0);
 651  636  
 652  637  cleanup:
 653  638          (void) aes_free_context(ctx);
 654  639  
 655      -/* EXPORT DELETE END */
 656      -
 657  640          return (ret);
 658  641  }
 659  642  
 660  643  
 661  644  /* ARGSUSED */
 662  645  static int
 663  646  aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 664  647      crypto_data_t *ciphertext, crypto_req_handle_t req)
 665  648  {
 666  649          off_t saved_offset;
↓ open down ↓ 151 lines elided ↑ open up ↑
 818  801  
 819  802  
 820  803          return (ret);
 821  804  }
 822  805  
 823  806  /* ARGSUSED */
 824  807  static int
 825  808  aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 826  809      crypto_req_handle_t req)
 827  810  {
 828      -
 829      -/* EXPORT DELETE START */
 830      -
 831  811          aes_ctx_t *aes_ctx;
 832  812          int ret;
 833  813  
 834  814          ASSERT(ctx->cc_provider_private != NULL);
 835  815          aes_ctx = ctx->cc_provider_private;
 836  816  
 837  817          if (data->cd_format != CRYPTO_DATA_RAW &&
 838  818              data->cd_format != CRYPTO_DATA_UIO &&
 839  819              data->cd_format != CRYPTO_DATA_MBLK) {
 840  820                  return (CRYPTO_ARGUMENTS_BAD);
↓ open down ↓ 30 lines elided ↑ open up ↑
 871  851                   * not a multiple of the AES block length.
 872  852                   */
 873  853                  if (aes_ctx->ac_remainder_len > 0) {
 874  854                          return (CRYPTO_DATA_LEN_RANGE);
 875  855                  }
 876  856                  data->cd_length = 0;
 877  857          }
 878  858  
 879  859          (void) aes_free_context(ctx);
 880  860  
 881      -/* EXPORT DELETE END */
 882      -
 883  861          return (CRYPTO_SUCCESS);
 884  862  }
 885  863  
 886  864  /* ARGSUSED */
 887  865  static int
 888  866  aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 889  867      crypto_req_handle_t req)
 890  868  {
 891      -
 892      -/* EXPORT DELETE START */
 893      -
 894  869          aes_ctx_t *aes_ctx;
 895  870          int ret;
 896  871          off_t saved_offset;
 897  872          size_t saved_length;
 898  873  
 899  874          ASSERT(ctx->cc_provider_private != NULL);
 900  875          aes_ctx = ctx->cc_provider_private;
 901  876  
 902  877          if (data->cd_format != CRYPTO_DATA_RAW &&
 903  878              data->cd_format != CRYPTO_DATA_UIO &&
↓ open down ↓ 76 lines elided ↑ open up ↑
 980  955                  }
 981  956          }
 982  957  
 983  958  
 984  959          if ((aes_ctx->ac_flags & (CTR_MODE|CCM_MODE|GCM_MODE|GMAC_MODE)) == 0) {
 985  960                  data->cd_length = 0;
 986  961          }
 987  962  
 988  963          (void) aes_free_context(ctx);
 989  964  
 990      -/* EXPORT DELETE END */
 991      -
 992  965          return (CRYPTO_SUCCESS);
 993  966  }
 994  967  
 995  968  /* ARGSUSED */
 996  969  static int
 997  970  aes_encrypt_atomic(crypto_provider_handle_t provider,
 998  971      crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
 999  972      crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
1000  973      crypto_spi_ctx_template_t template, crypto_req_handle_t req)
1001  974  {
↓ open down ↓ 285 lines elided ↑ open up ↑
1287 1260  
1288 1261  /*
1289 1262   * KCF software provider context template entry points.
1290 1263   */
1291 1264  /* ARGSUSED */
1292 1265  static int
1293 1266  aes_create_ctx_template(crypto_provider_handle_t provider,
1294 1267      crypto_mechanism_t *mechanism, crypto_key_t *key,
1295 1268      crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
1296 1269  {
1297      -
1298      -/* EXPORT DELETE START */
1299      -
1300 1270          void *keysched;
1301 1271          size_t size;
1302 1272          int rv;
1303 1273  
1304 1274          if (mechanism->cm_type != AES_ECB_MECH_INFO_TYPE &&
1305 1275              mechanism->cm_type != AES_CBC_MECH_INFO_TYPE &&
1306 1276              mechanism->cm_type != AES_CTR_MECH_INFO_TYPE &&
1307 1277              mechanism->cm_type != AES_CCM_MECH_INFO_TYPE &&
1308 1278              mechanism->cm_type != AES_GCM_MECH_INFO_TYPE &&
1309 1279              mechanism->cm_type != AES_GMAC_MECH_INFO_TYPE)
↓ open down ↓ 10 lines elided ↑ open up ↑
1320 1290           */
1321 1291          if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) {
1322 1292                  bzero(keysched, size);
1323 1293                  kmem_free(keysched, size);
1324 1294                  return (rv);
1325 1295          }
1326 1296  
1327 1297          *tmpl = keysched;
1328 1298          *tmpl_size = size;
1329 1299  
1330      -/* EXPORT DELETE END */
1331      -
1332 1300          return (CRYPTO_SUCCESS);
1333 1301  }
1334 1302  
1335 1303  
1336 1304  static int
1337 1305  aes_free_context(crypto_ctx_t *ctx)
1338 1306  {
1339      -
1340      -/* EXPORT DELETE START */
1341      -
1342 1307          aes_ctx_t *aes_ctx = ctx->cc_provider_private;
1343 1308  
1344 1309          if (aes_ctx != NULL) {
1345 1310                  if (aes_ctx->ac_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1346 1311                          ASSERT(aes_ctx->ac_keysched_len != 0);
1347 1312                          bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len);
1348 1313                          kmem_free(aes_ctx->ac_keysched,
1349 1314                              aes_ctx->ac_keysched_len);
1350 1315                  }
1351 1316                  crypto_free_mode_ctx(aes_ctx);
1352 1317                  ctx->cc_provider_private = NULL;
1353 1318          }
1354 1319  
1355      -/* EXPORT DELETE END */
1356      -
1357 1320          return (CRYPTO_SUCCESS);
1358 1321  }
1359 1322  
1360 1323  
1361 1324  static int
1362 1325  aes_common_init_ctx(aes_ctx_t *aes_ctx, crypto_spi_ctx_template_t *template,
1363 1326      crypto_mechanism_t *mechanism, crypto_key_t *key, int kmflag,
1364 1327      boolean_t is_encrypt_init)
1365 1328  {
1366 1329          int rv = CRYPTO_SUCCESS;
1367      -
1368      -/* EXPORT DELETE START */
1369      -
1370 1330          void *keysched;
1371 1331          size_t size;
1372 1332  
1373 1333          if (template == NULL) {
1374 1334                  if ((keysched = aes_alloc_keysched(&size, kmflag)) == NULL)
1375 1335                          return (CRYPTO_HOST_MEMORY);
1376 1336                  /*
1377 1337                   * Initialize key schedule.
1378 1338                   * Key length is stored in the key.
1379 1339                   */
↓ open down ↓ 57 lines elided ↑ open up ↑
1437 1397                  aes_ctx->ac_flags |= ECB_MODE;
1438 1398          }
1439 1399  
1440 1400          if (rv != CRYPTO_SUCCESS) {
1441 1401                  if (aes_ctx->ac_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1442 1402                          bzero(keysched, size);
1443 1403                          kmem_free(keysched, size);
1444 1404                  }
1445 1405          }
1446 1406  
1447      -/* EXPORT DELETE END */
1448      -
1449 1407          return (rv);
1450 1408  }
1451 1409  
1452 1410  static int
1453 1411  process_gmac_mech(crypto_mechanism_t *mech, crypto_data_t *data,
1454 1412      CK_AES_GCM_PARAMS *gcm_params)
1455 1413  {
1456 1414          /* LINTED: pointer alignment */
1457 1415          CK_AES_GMAC_PARAMS *params = (CK_AES_GMAC_PARAMS *)mech->cm_param;
1458 1416  
↓ open down ↓ 67 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX