usr/src/common/crypto/modes/modes.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  *
  25  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  26  */
  27
  28 #ifndef _COMMON_CRYPTO_MODES_H
  29 #define _COMMON_CRYPTO_MODES_H
  30
  31 #ifdef  __cplusplus
  32 extern "C" {
  33 #endif
  34
  35 #include <sys/strsun.h>
  36 #include <sys/systm.h>
  37 #include <sys/sysmacros.h>
  38 #include <sys/types.h>
  39 #include <sys/errno.h>
  40 #include <sys/rwlock.h>
  41 #include <sys/kmem.h>
  42 #include <sys/crypto/common.h>
  43 #include <sys/crypto/impl.h>
  44
  45 #define ECB_MODE                        0x00000002
  46 #define CBC_MODE                        0x00000004
  47 #define CTR_MODE                        0x00000008
  48 #define CCM_MODE                        0x00000010
  49 #define GCM_MODE                        0x00000020
  50 #define GMAC_MODE                       0x00000040
  51 #define CMAC_MODE                       0x00000080
  52
  53 /*
  54  * cc_keysched:         Pointer to key schedule.
  55  *
  56  * cc_keysched_len:     Length of the key schedule.
  57  *
  58  * cc_remainder:        This is for residual data, i.e. data that can't
  59  *                      be processed because there are too few bytes.
  60  *                      Must wait until more data arrives.
  61  *
  62  * cc_remainder_len:    Number of bytes in cc_remainder.
  63  *
  64  * cc_iv:               Scratch buffer that sometimes contains the IV.
  65  *
  66  * cc_lastp:            Pointer to previous block of ciphertext.
  67  *
  68  * cc_copy_to:          Pointer to where encrypted residual data needs
  69  *                      to be copied.
  70  *
  71  * cc_flags:            PROVIDER_OWNS_KEY_SCHEDULE
  72  *                      When a context is freed, it is necessary
  73  *                      to know whether the key schedule was allocated
  74  *                      by the caller, or internally, e.g. an init routine.
  75  *                      If allocated by the latter, then it needs to be freed.
  76  *
  77  *                      ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE
  78  */
  79 struct common_ctx {
  80         void *cc_keysched;
  81         size_t cc_keysched_len;
  82         uint64_t cc_iv[2];
  83         uint64_t cc_remainder[2];
  84         size_t cc_remainder_len;
  85         uint8_t *cc_lastp;
  86         uint8_t *cc_copy_to;
  87         uint32_t cc_flags;
  88 };
  89
  90 typedef struct common_ctx common_ctx_t;
  91
  92 typedef struct ecb_ctx {
  93         struct common_ctx ecb_common;
  94         uint64_t ecb_lastblock[2];
  95 } ecb_ctx_t;
  96
  97 #define ecb_keysched            ecb_common.cc_keysched
  98 #define ecb_keysched_len        ecb_common.cc_keysched_len
  99 #define ecb_iv                  ecb_common.cc_iv
 100 #define ecb_remainder           ecb_common.cc_remainder
 101 #define ecb_remainder_len       ecb_common.cc_remainder_len
 102 #define ecb_lastp               ecb_common.cc_lastp
 103 #define ecb_copy_to             ecb_common.cc_copy_to
 104 #define ecb_flags               ecb_common.cc_flags
 105
 106 /*
 107  * max_remain                   max bytes in cbc_remainder
 108  */
 109 typedef struct cbc_ctx {
 110         struct common_ctx cbc_common;
 111         uint64_t cbc_lastblock[2];
 112         size_t max_remain;
 113 } cbc_ctx_t;
 114
 115 #define cbc_keysched            cbc_common.cc_keysched
 116 #define cbc_keysched_len        cbc_common.cc_keysched_len
 117 #define cbc_iv                  cbc_common.cc_iv
 118 #define cbc_remainder           cbc_common.cc_remainder
 119 #define cbc_remainder_len       cbc_common.cc_remainder_len
 120 #define cbc_lastp               cbc_common.cc_lastp
 121 #define cbc_copy_to             cbc_common.cc_copy_to
 122 #define cbc_flags               cbc_common.cc_flags
 123
 124 /*
 125  * ctr_lower_mask               Bit-mask for lower 8 bytes of counter block.
 126  * ctr_upper_mask               Bit-mask for upper 8 bytes of counter block.
 127  */
 128 typedef struct ctr_ctx {
 129         struct common_ctx ctr_common;
 130         uint64_t ctr_lower_mask;
 131         uint64_t ctr_upper_mask;
 132         uint32_t ctr_tmp[4];
 133 } ctr_ctx_t;
 134
 135 /*
 136  * ctr_cb                       Counter block.
 137  */
 138 #define ctr_keysched            ctr_common.cc_keysched
 139 #define ctr_keysched_len        ctr_common.cc_keysched_len
 140 #define ctr_cb                  ctr_common.cc_iv
 141 #define ctr_remainder           ctr_common.cc_remainder
 142 #define ctr_remainder_len       ctr_common.cc_remainder_len
 143 #define ctr_lastp               ctr_common.cc_lastp
 144 #define ctr_copy_to             ctr_common.cc_copy_to
 145 #define ctr_flags               ctr_common.cc_flags
 146
 147 /*
 148  *
 149  * ccm_mac_len:         Stores length of the MAC in CCM mode.
 150  * ccm_mac_buf:         Stores the intermediate value for MAC in CCM encrypt.
 151  *                      In CCM decrypt, stores the input MAC value.
 152  * ccm_data_len:        Length of the plaintext for CCM mode encrypt, or
 153  *                      length of the ciphertext for CCM mode decrypt.
 154  * ccm_processed_data_len:
 155  *                      Length of processed plaintext in CCM mode encrypt,
 156  *                      or length of processed ciphertext for CCM mode decrypt.
 157  * ccm_processed_mac_len:
 158  *                      Length of MAC data accumulated in CCM mode decrypt.
 159  *
 160  * ccm_pt_buf:          Only used in CCM mode decrypt.  It stores the
 161  *                      decrypted plaintext to be returned when
 162  *                      MAC verification succeeds in decrypt_final.
 163  *                      Memory for this should be allocated in the AES module.
 164  *
 165  */
 166 typedef struct ccm_ctx {
 167         struct common_ctx ccm_common;
 168         uint32_t ccm_tmp[4];
 169         size_t ccm_mac_len;
 170         uint64_t ccm_mac_buf[2];
 171         size_t ccm_data_len;
 172         size_t ccm_processed_data_len;
 173         size_t ccm_processed_mac_len;
 174         uint8_t *ccm_pt_buf;
 175         uint64_t ccm_mac_input_buf[2];
 176         uint64_t ccm_counter_mask;
 177 } ccm_ctx_t;
 178
 179 #define ccm_keysched            ccm_common.cc_keysched
 180 #define ccm_keysched_len        ccm_common.cc_keysched_len
 181 #define ccm_cb                  ccm_common.cc_iv
 182 #define ccm_remainder           ccm_common.cc_remainder
 183 #define ccm_remainder_len       ccm_common.cc_remainder_len
 184 #define ccm_lastp               ccm_common.cc_lastp
 185 #define ccm_copy_to             ccm_common.cc_copy_to
 186 #define ccm_flags               ccm_common.cc_flags
 187
 188 /*
 189  * gcm_tag_len:         Length of authentication tag.
 190  *
 191  * gcm_ghash:           Stores output from the GHASH function.
 192  *
 193  * gcm_processed_data_len:
 194  *                      Length of processed plaintext (encrypt) or
 195  *                      length of processed ciphertext (decrypt).
 196  *
 197  * gcm_pt_buf:          Stores the decrypted plaintext returned by
 198  *                      decrypt_final when the computed authentication
 199  *                      tag matches the user supplied tag.
 200  *
 201  * gcm_pt_buf_len:      Length of the plaintext buffer.
 202  *
 203  * gcm_H:               Subkey.
 204  *
 205  * gcm_J0:              Pre-counter block generated from the IV.
 206  *
 207  * gcm_len_a_len_c:     64-bit representations of the bit lengths of
 208  *                      AAD and ciphertext.
 209  *
 210  * gcm_kmflag:          Current value of kmflag. Used only for allocating
 211  *                      the plaintext buffer during decryption.
 212  */
 213 typedef struct gcm_ctx {
 214         struct common_ctx gcm_common;
 215         size_t gcm_tag_len;
 216         size_t gcm_processed_data_len;
 217         size_t gcm_pt_buf_len;
 218         uint32_t gcm_tmp[4];
 219         uint64_t gcm_ghash[2];
 220         uint64_t gcm_H[2];
 221         uint64_t gcm_J0[2];
 222         uint64_t gcm_len_a_len_c[2];
 223         uint8_t *gcm_pt_buf;
 224         int gcm_kmflag;
 225 } gcm_ctx_t;
 226
 227 #define gcm_keysched            gcm_common.cc_keysched
 228 #define gcm_keysched_len        gcm_common.cc_keysched_len
 229 #define gcm_cb                  gcm_common.cc_iv
 230 #define gcm_remainder           gcm_common.cc_remainder
 231 #define gcm_remainder_len       gcm_common.cc_remainder_len
 232 #define gcm_lastp               gcm_common.cc_lastp
 233 #define gcm_copy_to             gcm_common.cc_copy_to
 234 #define gcm_flags               gcm_common.cc_flags
 235
 236 #define AES_GMAC_IV_LEN         12
 237 #define AES_GMAC_TAG_BITS       128
 238
 239 typedef struct aes_ctx {
 240         union {
 241                 ecb_ctx_t acu_ecb;
 242                 cbc_ctx_t acu_cbc;
 243                 ctr_ctx_t acu_ctr;
 244 #ifdef _KERNEL
 245                 ccm_ctx_t acu_ccm;
 246                 gcm_ctx_t acu_gcm;
 247 #endif
 248         } acu;
 249 } aes_ctx_t;
 250
 251 #define ac_flags                acu.acu_ecb.ecb_common.cc_flags
 252 #define ac_remainder_len        acu.acu_ecb.ecb_common.cc_remainder_len
 253 #define ac_keysched             acu.acu_ecb.ecb_common.cc_keysched
 254 #define ac_keysched_len         acu.acu_ecb.ecb_common.cc_keysched_len
 255 #define ac_iv                   acu.acu_ecb.ecb_common.cc_iv
 256 #define ac_lastp                acu.acu_ecb.ecb_common.cc_lastp
 257 #define ac_pt_buf               acu.acu_ccm.ccm_pt_buf
 258 #define ac_mac_len              acu.acu_ccm.ccm_mac_len
 259 #define ac_data_len             acu.acu_ccm.ccm_data_len
 260 #define ac_processed_mac_len    acu.acu_ccm.ccm_processed_mac_len
 261 #define ac_processed_data_len   acu.acu_ccm.ccm_processed_data_len
 262 #define ac_tag_len              acu.acu_gcm.gcm_tag_len
 263
 264 typedef struct blowfish_ctx {
 265         union {
 266                 ecb_ctx_t bcu_ecb;
 267                 cbc_ctx_t bcu_cbc;
 268         } bcu;
 269 } blowfish_ctx_t;
 270
 271 #define bc_flags                bcu.bcu_ecb.ecb_common.cc_flags
 272 #define bc_remainder_len        bcu.bcu_ecb.ecb_common.cc_remainder_len
 273 #define bc_keysched             bcu.bcu_ecb.ecb_common.cc_keysched
 274 #define bc_keysched_len         bcu.bcu_ecb.ecb_common.cc_keysched_len
 275 #define bc_iv                   bcu.bcu_ecb.ecb_common.cc_iv
 276 #define bc_lastp                bcu.bcu_ecb.ecb_common.cc_lastp
 277
 278 typedef struct des_ctx {
 279         union {
 280                 ecb_ctx_t dcu_ecb;
 281                 cbc_ctx_t dcu_cbc;
 282         } dcu;
 283 } des_ctx_t;
 284
 285 #define dc_flags                dcu.dcu_ecb.ecb_common.cc_flags
 286 #define dc_remainder_len        dcu.dcu_ecb.ecb_common.cc_remainder_len
 287 #define dc_keysched             dcu.dcu_ecb.ecb_common.cc_keysched
 288 #define dc_keysched_len         dcu.dcu_ecb.ecb_common.cc_keysched_len
 289 #define dc_iv                   dcu.dcu_ecb.ecb_common.cc_iv
 290 #define dc_lastp                dcu.dcu_ecb.ecb_common.cc_lastp
 291
 292 extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t,
 293     crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *,
 294     uint8_t *));
 295
 296 extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
 297     crypto_data_t *, size_t,
 298     int (*encrypt)(const void *, const uint8_t *, uint8_t *),
 299     void (*copy_block)(uint8_t *, uint8_t *),
 300     void (*xor_block)(uint8_t *, uint8_t *));
 301
 302 extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
 303     crypto_data_t *, size_t,
 304     int (*decrypt)(const void *, const uint8_t *, uint8_t *),
 305     void (*copy_block)(uint8_t *, uint8_t *),
 306     void (*xor_block)(uint8_t *, uint8_t *));
 307
 308 extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t,
 309     crypto_data_t *, size_t,
 310     int (*cipher)(const void *, const uint8_t *, uint8_t *),
 311     void (*xor_block)(uint8_t *, uint8_t *));
 312
 313 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
 314     crypto_data_t *, size_t,
 315     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 316     void (*copy_block)(uint8_t *, uint8_t *),
 317     void (*xor_block)(uint8_t *, uint8_t *));
 318
 319 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
 320     crypto_data_t *, size_t,
 321     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 322     void (*copy_block)(uint8_t *, uint8_t *),
 323     void (*xor_block)(uint8_t *, uint8_t *));
 324
 325 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
 326     crypto_data_t *, size_t,
 327     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 328     void (*copy_block)(uint8_t *, uint8_t *),
 329     void (*xor_block)(uint8_t *, uint8_t *));
 330
 331 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
 332     crypto_data_t *, size_t,
 333     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 334     void (*copy_block)(uint8_t *, uint8_t *),
 335     void (*xor_block)(uint8_t *, uint8_t *));
 336
 337 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
 338     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 339     void (*xor_block)(uint8_t *, uint8_t *));
 340
 341 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
 342     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 343     void (*copy_block)(uint8_t *, uint8_t *),
 344     void (*xor_block)(uint8_t *, uint8_t *));
 345
 346 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
 347     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 348     void (*copy_block)(uint8_t *, uint8_t *),
 349     void (*xor_block)(uint8_t *, uint8_t *));
 350
 351 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
 352     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 353     void (*xor_block)(uint8_t *, uint8_t *));
 354
 355 extern int cmac_mode_final(cbc_ctx_t *, crypto_data_t *,
 356     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 357     void (*xor_block)(uint8_t *, uint8_t *));
 358
 359 extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *,
 360     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
 361
 362 extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t,
 363     void (*copy_block)(uint8_t *, uint64_t *));
 364
 365 extern int cmac_init_ctx(cbc_ctx_t *, size_t);
 366
 367 extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *,
 368     void (*copy_block)(uint8_t *, uint8_t *));
 369
 370 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t,
 371     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 372     void (*xor_block)(uint8_t *, uint8_t *));
 373
 374 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t,
 375     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 376     void (*copy_block)(uint8_t *, uint8_t *),
 377     void (*xor_block)(uint8_t *, uint8_t *));
 378
 379 extern int gmac_init_ctx(gcm_ctx_t *, char *, size_t,
 380     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 381     void (*copy_block)(uint8_t *, uint8_t *),
 382     void (*xor_block)(uint8_t *, uint8_t *));
 383
 384 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *,
 385     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
 386
 387 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *);
 388
 389 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *);
 390 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *,
 391     uint8_t **, size_t *, uint8_t **, size_t);
 392
 393 extern void *ecb_alloc_ctx(int);
 394 extern void *cbc_alloc_ctx(int);
 395 extern void *cmac_alloc_ctx(int);
 396 extern void *ctr_alloc_ctx(int);
 397 extern void *ccm_alloc_ctx(int);
 398 extern void *gcm_alloc_ctx(int);
 399 extern void *gmac_alloc_ctx(int);
 400 extern void crypto_free_mode_ctx(void *);
 401 extern void gcm_set_kmflag(gcm_ctx_t *, int);
 402 extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int);
 403
 404 #ifdef  __cplusplus
 405 }
 406 #endif
 407
 408 #endif  /* _COMMON_CRYPTO_MODES_H */