search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
9075 Improve ZFS pool import/load process and corrupted pool recovery
[unleashed.git] / usr / src / uts / common / crypto / api / kcf_dual.c
blob7d6f726e720f7ad11b205b5cbd6a75bd495b62a9
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 #include <sys/errno.h>
26 #include <sys/types.h>
27 #include <sys/kmem.h>
28 #include <sys/sysmacros.h>
29 #include <sys/crypto/common.h>
30 #include <sys/crypto/impl.h>
31 #include <sys/crypto/api.h>
32 #include <sys/crypto/spi.h>
33 #include <sys/crypto/sched_impl.h>
34
35 #define CRYPTO_OPS_OFFSET(f) offsetof(crypto_ops_t, co_##f)
36 #define CRYPTO_CIPHER_MAC_OFFSET(f) offsetof(crypto_dual_cipher_mac_ops_t, f)
37
38 static int crypto_mac_decrypt_common(crypto_mechanism_t *,
39 crypto_mechanism_t *, crypto_dual_data_t *, crypto_key_t *, crypto_key_t *,
40 crypto_ctx_template_t, crypto_ctx_template_t, crypto_data_t *,
41 crypto_data_t *, crypto_call_req_t *, boolean_t);
42
43 static int crypto_mac_decrypt_common_prov(crypto_provider_t provider,
44 crypto_session_id_t sid, crypto_mechanism_t *, crypto_mechanism_t *,
45 crypto_dual_data_t *, crypto_key_t *, crypto_key_t *,
46 crypto_ctx_template_t, crypto_ctx_template_t, crypto_data_t *,
47 crypto_data_t *, crypto_call_req_t *, boolean_t);
48
49 int
50 crypto_encrypt_mac_prov(crypto_provider_t provider, crypto_session_id_t sid,
51 crypto_mechanism_t *encr_mech, crypto_mechanism_t *mac_mech,
52 crypto_data_t *pt, crypto_key_t *encr_key, crypto_key_t *mac_key,
53 crypto_ctx_template_t encr_tmpl, crypto_ctx_template_t mac_tmpl,
54 crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *crq)
55 {
56 /*
57 * First try to find a provider for the encryption mechanism, that
58 * is also capable of the MAC mechanism.
59 */
60 int rv;
61 kcf_mech_entry_t *me;
62 kcf_provider_desc_t *pd = provider;
63 kcf_provider_desc_t *real_provider = pd;
64 kcf_ctx_template_t *ctx_encr_tmpl, *ctx_mac_tmpl;
65 kcf_req_params_t params;
66 kcf_encrypt_mac_ops_params_t *cmops;
67 crypto_spi_ctx_template_t spi_encr_tmpl = NULL, spi_mac_tmpl = NULL;
68
69 ASSERT(KCF_PROV_REFHELD(pd));
70
71 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
72 rv = kcf_get_hardware_provider(encr_mech->cm_type, encr_key,
73 mac_mech->cm_type, mac_key, pd, &real_provider,
74 CRYPTO_FG_ENCRYPT_MAC_ATOMIC);
75
76 if (rv != CRYPTO_SUCCESS)
77 return (rv);
78 }
79
80 /*
81 * For SW providers, check the validity of the context template
82 * It is very rare that the generation number mis-matches, so
83 * is acceptable to fail here, and let the consumer recover by
84 * freeing this tmpl and create a new one for the key and new SW
85 * provider
86 * Warning! will need to change when multiple software providers
87 * per mechanism are supported.
88 */
89
90 if (real_provider->pd_prov_type == CRYPTO_SW_PROVIDER) {
91 if (encr_tmpl != NULL) {
92 if (kcf_get_mech_entry(encr_mech->cm_type, &me) !=
93 KCF_SUCCESS) {
94 rv = CRYPTO_MECHANISM_INVALID;
95 goto out;
96 }
97 ctx_encr_tmpl = (kcf_ctx_template_t *)encr_tmpl;
98 if (ctx_encr_tmpl->ct_generation != me->me_gen_swprov) {
99 rv = CRYPTO_OLD_CTX_TEMPLATE;
100 goto out;
101 }
102 spi_encr_tmpl = ctx_encr_tmpl->ct_prov_tmpl;
103 }
104
105 if (mac_tmpl != NULL) {
106 if (kcf_get_mech_entry(mac_mech->cm_type, &me) !=
107 KCF_SUCCESS) {
108 rv = CRYPTO_MECHANISM_INVALID;
109 goto out;
110 }
111 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
112 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
113 rv = CRYPTO_OLD_CTX_TEMPLATE;
114 goto out;
115 }
116 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
117 }
118 }
119
120 /* The fast path for SW providers. */
121 if (CHECK_FASTPATH(crq, real_provider)) {
122 crypto_mechanism_t lencr_mech;
123 crypto_mechanism_t lmac_mech;
124
125 /* careful! structs assignments */
126 lencr_mech = *encr_mech;
127 KCF_SET_PROVIDER_MECHNUM(encr_mech->cm_type, real_provider,
128 &lencr_mech);
129
130 lmac_mech = *mac_mech;
131 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
132 &lmac_mech);
133
134 rv = KCF_PROV_ENCRYPT_MAC_ATOMIC(real_provider, sid,
135 &lencr_mech, encr_key, &lmac_mech, mac_key, pt, ct,
136 mac, spi_encr_tmpl, spi_mac_tmpl, KCF_SWFP_RHNDL(crq));
137
138 KCF_PROV_INCRSTATS(pd, rv);
139 } else {
140 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_ATOMIC,
141 sid, encr_key, mac_key, pt, ct, mac, spi_encr_tmpl,
142 spi_mac_tmpl);
143
144 cmops = &(params.rp_u.encrypt_mac_params);
145
146 /* careful! structs assignments */
147 cmops->em_encr_mech = *encr_mech;
148 KCF_SET_PROVIDER_MECHNUM(encr_mech->cm_type, real_provider,
149 &cmops->em_encr_mech);
150 cmops->em_framework_encr_mechtype = encr_mech->cm_type;
151
152 cmops->em_mac_mech = *mac_mech;
153 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
154 &cmops->em_mac_mech);
155 cmops->em_framework_mac_mechtype = mac_mech->cm_type;
156
157 rv = kcf_submit_request(real_provider, NULL, crq, &params,
158 B_FALSE);
159 }
160
161 out:
162 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
163 KCF_PROV_REFRELE(real_provider);
164 return (rv);
165 }
166
167 /*
168 * Performs a dual encrypt/mac atomic operation. The provider and session
169 * to use are determined by the KCF dispatcher.
170 */
171 int
172 crypto_encrypt_mac(crypto_mechanism_t *encr_mech,
173 crypto_mechanism_t *mac_mech, crypto_data_t *pt,
174 crypto_key_t *encr_key, crypto_key_t *mac_key,
175 crypto_ctx_template_t encr_tmpl, crypto_ctx_template_t mac_tmpl,
176 crypto_dual_data_t *ct, crypto_data_t *mac, crypto_call_req_t *crq)
177 {
178 /*
179 * First try to find a provider for the encryption mechanism, that
180 * is also capable of the MAC mechanism.
181 */
182 int error;
183 kcf_mech_entry_t *me;
184 kcf_provider_desc_t *pd;
185 kcf_ctx_template_t *ctx_encr_tmpl, *ctx_mac_tmpl;
186 kcf_req_params_t params;
187 kcf_encrypt_mac_ops_params_t *cmops;
188 crypto_spi_ctx_template_t spi_encr_tmpl = NULL, spi_mac_tmpl = NULL;
189 crypto_mech_type_t prov_encr_mechid, prov_mac_mechid;
190 kcf_prov_tried_t *list = NULL;
191 boolean_t encr_tmpl_checked = B_FALSE;
192 boolean_t mac_tmpl_checked = B_FALSE;
193 kcf_dual_req_t *next_req = NULL;
194
195 retry:
196 /* pd is returned held on success */
197 pd = kcf_get_dual_provider(encr_mech, encr_key, mac_mech, mac_key,
198 &me, &prov_encr_mechid,
199 &prov_mac_mechid, &error, list,
200 CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC,
201 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_ENCRYPT_MAC_ATOMIC,
202 ct->dd_len1);
203 if (pd == NULL) {
204 if (list != NULL)
205 kcf_free_triedlist(list);
206 if (next_req != NULL)
207 kmem_free(next_req, sizeof (kcf_dual_req_t));
208 return (error);
209 }
210
211 /*
212 * For SW providers, check the validity of the context template
213 * It is very rare that the generation number mis-matches, so
214 * is acceptable to fail here, and let the consumer recover by
215 * freeing this tmpl and create a new one for the key and new SW
216 * provider
217 * Warning! will need to change when multiple software providers
218 * per mechanism are supported.
219 */
220
221 if ((!encr_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
222 if (encr_tmpl != NULL) {
223 ctx_encr_tmpl = (kcf_ctx_template_t *)encr_tmpl;
224 if (ctx_encr_tmpl->ct_generation != me->me_gen_swprov) {
225
226 if (next_req != NULL)
227 kmem_free(next_req,
228 sizeof (kcf_dual_req_t));
229 if (list != NULL)
230 kcf_free_triedlist(list);
231
232 KCF_PROV_REFRELE(pd);
233 /* Which one is the the old one ? */
234 return (CRYPTO_OLD_CTX_TEMPLATE);
235 }
236 spi_encr_tmpl = ctx_encr_tmpl->ct_prov_tmpl;
237 }
238 encr_tmpl_checked = B_TRUE;
239 }
240
241 if (prov_mac_mechid == CRYPTO_MECH_INVALID) {
242 crypto_call_req_t encr_req;
243
244 /* Need to emulate with 2 internal calls */
245 /* Allocate and initialize the MAC req for the callback */
246
247 if (crq != NULL) {
248 if (next_req == NULL) {
249 next_req = kcf_alloc_req(crq);
250
251 if (next_req == NULL) {
252 KCF_PROV_REFRELE(pd);
253 if (list != NULL)
254 kcf_free_triedlist(list);
255 return (CRYPTO_HOST_MEMORY);
256 }
257 /*
258 * Careful! we're wrapping-in mac_tmpl instead
259 * of an spi_mac_tmpl. The callback routine will
260 * have to validate mac_tmpl, and use the
261 * mac_ctx_tmpl, once it picks a MAC provider.
262 */
263 KCF_WRAP_MAC_OPS_PARAMS(&(next_req->kr_params),
264 KCF_OP_ATOMIC, NULL, mac_mech, mac_key,
265 (crypto_data_t *)ct, mac, mac_tmpl);
266 }
267
268 encr_req.cr_flag = crq->cr_flag;
269 encr_req.cr_callback_func = kcf_next_req;
270 encr_req.cr_callback_arg = next_req;
271 }
272
273 if (pt == NULL) {
274 KCF_WRAP_ENCRYPT_OPS_PARAMS(&params, KCF_OP_ATOMIC,
275 pd->pd_sid, encr_mech, encr_key,
276 (crypto_data_t *)ct, NULL, spi_encr_tmpl);
277 } else {
278 KCF_WRAP_ENCRYPT_OPS_PARAMS(&params, KCF_OP_ATOMIC,
279 pd->pd_sid, encr_mech, encr_key, pt,
280 (crypto_data_t *)ct, spi_encr_tmpl);
281 }
282
283 error = kcf_submit_request(pd, NULL, (crq == NULL) ? NULL :
284 &encr_req, &params, B_TRUE);
285
286 switch (error) {
287 case CRYPTO_SUCCESS: {
288 off_t saveoffset;
289 size_t savelen;
290
291 /*
292 * The encryption step is done. Reuse the encr_req
293 * for submitting the MAC step.
294 */
295 if (next_req == NULL) {
296 saveoffset = ct->dd_offset1;
297 savelen = ct->dd_len1;
298 } else {
299 saveoffset = next_req->kr_saveoffset =
300 ct->dd_offset1;
301 savelen = next_req->kr_savelen = ct->dd_len1;
302 encr_req.cr_callback_func = kcf_last_req;
303 }
304
305 ct->dd_offset1 = ct->dd_offset2;
306 ct->dd_len1 = ct->dd_len2;
307
308 error = crypto_mac(mac_mech, (crypto_data_t *)ct,
309 mac_key, mac_tmpl, mac, (crq == NULL) ? NULL :
310 &encr_req);
311
312 if (error != CRYPTO_QUEUED) {
313 ct->dd_offset1 = saveoffset;
314 ct->dd_len1 = savelen;
315 }
316 break;
317 }
318
319 case CRYPTO_QUEUED:
320 if ((crq != NULL) &&
321 !(crq->cr_flag & CRYPTO_SKIP_REQID))
322 crq->cr_reqid = encr_req.cr_reqid;
323 break;
324
325 default:
326
327 /* Add pd to the linked list of providers tried. */
328 if (IS_RECOVERABLE(error)) {
329 if (kcf_insert_triedlist(&list, pd,
330 KCF_KMFLAG(crq)) != NULL)
331 goto retry;
332 }
333 }
334 if (error != CRYPTO_QUEUED && next_req != NULL)
335 kmem_free(next_req, sizeof (kcf_dual_req_t));
336 if (list != NULL)
337 kcf_free_triedlist(list);
338 KCF_PROV_REFRELE(pd);
339 return (error);
340 }
341 if ((!mac_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
342 if ((mac_tmpl != NULL) &&
343 (prov_mac_mechid != CRYPTO_MECH_INVALID)) {
344 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
345 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
346
347 if (next_req != NULL)
348 kmem_free(next_req,
349 sizeof (kcf_dual_req_t));
350 if (list != NULL)
351 kcf_free_triedlist(list);
352
353 KCF_PROV_REFRELE(pd);
354 /* Which one is the the old one ? */
355 return (CRYPTO_OLD_CTX_TEMPLATE);
356 }
357 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
358 }
359 mac_tmpl_checked = B_TRUE;
360 }
361
362 /* The fast path for SW providers. */
363 if (CHECK_FASTPATH(crq, pd)) {
364 crypto_mechanism_t lencr_mech;
365 crypto_mechanism_t lmac_mech;
366
367 /* careful! structs assignments */
368 lencr_mech = *encr_mech;
369 lencr_mech.cm_type = prov_encr_mechid;
370 lmac_mech = *mac_mech;
371 lmac_mech.cm_type = prov_mac_mechid;
372
373 error = KCF_PROV_ENCRYPT_MAC_ATOMIC(pd, pd->pd_sid,
374 &lencr_mech, encr_key, &lmac_mech, mac_key, pt, ct,
375 mac, spi_encr_tmpl, spi_mac_tmpl, KCF_SWFP_RHNDL(crq));
376
377 KCF_PROV_INCRSTATS(pd, error);
378 } else {
379 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_ATOMIC,
380 pd->pd_sid, encr_key, mac_key, pt, ct, mac, spi_encr_tmpl,
381 spi_mac_tmpl);
382
383 cmops = &(params.rp_u.encrypt_mac_params);
384
385 /* careful! structs assignments */
386 cmops->em_encr_mech = *encr_mech;
387 cmops->em_encr_mech.cm_type = prov_encr_mechid;
388 cmops->em_framework_encr_mechtype = encr_mech->cm_type;
389 cmops->em_mac_mech = *mac_mech;
390 cmops->em_mac_mech.cm_type = prov_mac_mechid;
391 cmops->em_framework_mac_mechtype = mac_mech->cm_type;
392
393 error = kcf_submit_request(pd, NULL, crq, &params, B_FALSE);
394 }
395
396 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED &&
397 IS_RECOVERABLE(error)) {
398 /* Add pd to the linked list of providers tried. */
399 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL)
400 goto retry;
401 }
402
403 if (next_req != NULL)
404 kmem_free(next_req, sizeof (kcf_dual_req_t));
405
406 if (list != NULL)
407 kcf_free_triedlist(list);
408
409 KCF_PROV_REFRELE(pd);
410 return (error);
411 }
412
413 int
414 crypto_encrypt_mac_init_prov(crypto_provider_t provider,
415 crypto_session_id_t sid, crypto_mechanism_t *encr_mech,
416 crypto_mechanism_t *mac_mech, crypto_key_t *encr_key,
417 crypto_key_t *mac_key, crypto_ctx_template_t encr_tmpl,
418 crypto_ctx_template_t mac_tmpl, crypto_context_t *ctxp,
419 crypto_call_req_t *cr)
420 {
421 /*
422 * First try to find a provider for the encryption mechanism, that
423 * is also capable of the MAC mechanism.
424 */
425 int rv;
426 kcf_mech_entry_t *me;
427 kcf_provider_desc_t *pd = provider;
428 kcf_provider_desc_t *real_provider = pd;
429 kcf_ctx_template_t *ctx_encr_tmpl, *ctx_mac_tmpl;
430 kcf_req_params_t params;
431 kcf_encrypt_mac_ops_params_t *cmops;
432 crypto_spi_ctx_template_t spi_encr_tmpl = NULL, spi_mac_tmpl = NULL;
433 crypto_ctx_t *ctx;
434 kcf_context_t *encr_kcf_context = NULL;
435
436 ASSERT(KCF_PROV_REFHELD(pd));
437
438 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
439 rv = kcf_get_hardware_provider(encr_mech->cm_type, encr_key,
440 mac_mech->cm_type, mac_key, pd, &real_provider,
441 CRYPTO_FG_ENCRYPT_MAC);
442
443 if (rv != CRYPTO_SUCCESS)
444 return (rv);
445 }
446
447 /*
448 * For SW providers, check the validity of the context template
449 * It is very rare that the generation number mis-matches, so
450 * is acceptable to fail here, and let the consumer recover by
451 * freeing this tmpl and create a new one for the key and new SW
452 * provider
453 * Warning! will need to change when multiple software providers
454 * per mechanism are supported.
455 */
456
457 if (real_provider->pd_prov_type == CRYPTO_SW_PROVIDER) {
458 if (encr_tmpl != NULL) {
459 if (kcf_get_mech_entry(encr_mech->cm_type, &me) !=
460 KCF_SUCCESS) {
461 rv = CRYPTO_MECHANISM_INVALID;
462 goto out;
463 }
464 ctx_encr_tmpl = (kcf_ctx_template_t *)encr_tmpl;
465 if (ctx_encr_tmpl->ct_generation != me->me_gen_swprov) {
466 rv = CRYPTO_OLD_CTX_TEMPLATE;
467 goto out;
468 }
469 spi_encr_tmpl = ctx_encr_tmpl->ct_prov_tmpl;
470 }
471
472 if (mac_tmpl != NULL) {
473 if (kcf_get_mech_entry(mac_mech->cm_type, &me) !=
474 KCF_SUCCESS) {
475 rv = CRYPTO_MECHANISM_INVALID;
476 goto out;
477 }
478 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
479 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
480 rv = CRYPTO_OLD_CTX_TEMPLATE;
481 goto out;
482 }
483 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
484 }
485 }
486
487 ctx = kcf_new_ctx(cr, real_provider, sid);
488 if (ctx == NULL) {
489 rv = CRYPTO_HOST_MEMORY;
490 goto out;
491 }
492 encr_kcf_context = (kcf_context_t *)ctx->cc_framework_private;
493
494 /* The fast path for SW providers. */
495 if (CHECK_FASTPATH(cr, real_provider)) {
496 crypto_mechanism_t lencr_mech;
497 crypto_mechanism_t lmac_mech;
498
499 /* careful! structs assignments */
500 lencr_mech = *encr_mech;
501 KCF_SET_PROVIDER_MECHNUM(encr_mech->cm_type, real_provider,
502 &lencr_mech);
503
504 lmac_mech = *mac_mech;
505 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
506 &lmac_mech);
507
508 rv = KCF_PROV_ENCRYPT_MAC_INIT(real_provider, ctx, &lencr_mech,
509 encr_key, &lmac_mech, mac_key, spi_encr_tmpl, spi_mac_tmpl,
510 KCF_SWFP_RHNDL(cr));
511
512 KCF_PROV_INCRSTATS(pd, rv);
513 } else {
514 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_INIT,
515 sid, encr_key, mac_key, NULL, NULL, NULL,
516 spi_encr_tmpl, spi_mac_tmpl);
517
518 cmops = &(params.rp_u.encrypt_mac_params);
519
520 /* careful! structs assignments */
521 cmops->em_encr_mech = *encr_mech;
522 KCF_SET_PROVIDER_MECHNUM(encr_mech->cm_type, real_provider,
523 &cmops->em_encr_mech);
524 cmops->em_framework_encr_mechtype = encr_mech->cm_type;
525
526 cmops->em_mac_mech = *mac_mech;
527 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
528 &cmops->em_mac_mech);
529 cmops->em_framework_mac_mechtype = mac_mech->cm_type;
530
531 rv = kcf_submit_request(real_provider, ctx, cr, &params,
532 B_FALSE);
533 }
534
535 if (rv != CRYPTO_SUCCESS && rv != CRYPTO_QUEUED) {
536 KCF_CONTEXT_REFRELE(encr_kcf_context);
537 } else
538 *ctxp = (crypto_context_t)ctx;
539
540 out:
541 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
542 KCF_PROV_REFRELE(real_provider);
543 return (rv);
544 }
545
546 /*
547 * Starts a multi-part dual encrypt/mac operation. The provider and session
548 * to use are determined by the KCF dispatcher.
549 */
550 /* ARGSUSED */
551 int
552 crypto_encrypt_mac_init(crypto_mechanism_t *encr_mech,
553 crypto_mechanism_t *mac_mech, crypto_key_t *encr_key,
554 crypto_key_t *mac_key, crypto_ctx_template_t encr_tmpl,
555 crypto_ctx_template_t mac_tmpl, crypto_context_t *ctxp,
556 crypto_call_req_t *cr)
557 {
558 /*
559 * First try to find a provider for the encryption mechanism, that
560 * is also capable of the MAC mechanism.
561 */
562 int error;
563 kcf_mech_entry_t *me;
564 kcf_provider_desc_t *pd;
565 kcf_ctx_template_t *ctx_encr_tmpl, *ctx_mac_tmpl;
566 kcf_req_params_t params;
567 kcf_encrypt_mac_ops_params_t *cmops;
568 crypto_spi_ctx_template_t spi_encr_tmpl = NULL, spi_mac_tmpl = NULL;
569 crypto_mech_type_t prov_encr_mechid, prov_mac_mechid;
570 kcf_prov_tried_t *list = NULL;
571 boolean_t encr_tmpl_checked = B_FALSE;
572 boolean_t mac_tmpl_checked = B_FALSE;
573 crypto_ctx_t *ctx = NULL;
574 kcf_context_t *encr_kcf_context = NULL, *mac_kcf_context;
575 crypto_call_flag_t save_flag;
576
577 retry:
578 /* pd is returned held on success */
579 pd = kcf_get_dual_provider(encr_mech, encr_key, mac_mech, mac_key,
580 &me, &prov_encr_mechid,
581 &prov_mac_mechid, &error, list,
582 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_MAC, CRYPTO_FG_MAC, 0);
583 if (pd == NULL) {
584 if (list != NULL)
585 kcf_free_triedlist(list);
586 return (error);
587 }
588
589 /*
590 * For SW providers, check the validity of the context template
591 * It is very rare that the generation number mis-matches, so
592 * is acceptable to fail here, and let the consumer recover by
593 * freeing this tmpl and create a new one for the key and new SW
594 * provider
595 * Warning! will need to change when multiple software providers
596 * per mechanism are supported.
597 */
598
599 if ((!encr_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
600 if (encr_tmpl != NULL) {
601 ctx_encr_tmpl = (kcf_ctx_template_t *)encr_tmpl;
602 if (ctx_encr_tmpl->ct_generation != me->me_gen_swprov) {
603
604 if (list != NULL)
605 kcf_free_triedlist(list);
606 if (encr_kcf_context != NULL)
607 KCF_CONTEXT_REFRELE(encr_kcf_context);
608
609 KCF_PROV_REFRELE(pd);
610 /* Which one is the the old one ? */
611 return (CRYPTO_OLD_CTX_TEMPLATE);
612 }
613 spi_encr_tmpl = ctx_encr_tmpl->ct_prov_tmpl;
614 }
615 encr_tmpl_checked = B_TRUE;
616 }
617
618 if (prov_mac_mechid == CRYPTO_MECH_INVALID) {
619 /* Need to emulate with 2 internal calls */
620
621 /*
622 * We avoid code complexity by limiting the pure async.
623 * case to be done using only a SW provider.
624 * XXX - Redo the emulation code below so that we can
625 * remove this limitation.
626 */
627 if (cr != NULL && pd->pd_prov_type == CRYPTO_HW_PROVIDER) {
628 if ((kcf_insert_triedlist(&list, pd, KCF_KMFLAG(cr))
629 != NULL))
630 goto retry;
631 if (list != NULL)
632 kcf_free_triedlist(list);
633 if (encr_kcf_context != NULL)
634 KCF_CONTEXT_REFRELE(encr_kcf_context);
635 KCF_PROV_REFRELE(pd);
636 return (CRYPTO_HOST_MEMORY);
637 }
638
639 if (ctx == NULL && pd->pd_prov_type == CRYPTO_SW_PROVIDER) {
640 ctx = kcf_new_ctx(cr, pd, pd->pd_sid);
641 if (ctx == NULL) {
642 if (list != NULL)
643 kcf_free_triedlist(list);
644 if (encr_kcf_context != NULL)
645 KCF_CONTEXT_REFRELE(encr_kcf_context);
646 KCF_PROV_REFRELE(pd);
647 return (CRYPTO_HOST_MEMORY);
648 }
649 encr_kcf_context = (kcf_context_t *)
650 ctx->cc_framework_private;
651 }
652 /*
653 * Trade-off speed vs avoidance of code complexity and
654 * duplication:
655 * Could do all the combinations of fastpath / synch / asynch
656 * for the encryption and the mac steps. Early attempts
657 * showed the code grew wild and bug-prone, for little gain.
658 * Therefore, the adaptative asynch case is not implemented.
659 * It's either pure synchronous, or pure asynchronous.
660 * We still preserve a fastpath for the pure synchronous
661 * requests to SW providers.
662 */
663 if (cr == NULL) {
664 crypto_context_t mac_context;
665
666 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER) {
667 crypto_mechanism_t lmech = *encr_mech;
668
669 lmech.cm_type = prov_encr_mechid;
670
671 error = KCF_PROV_ENCRYPT_INIT(pd, ctx, &lmech,
672 encr_key, spi_encr_tmpl,
673 KCF_RHNDL(KM_SLEEP));
674 } else {
675 /*
676 * If we did the 'goto retry' then ctx may not
677 * be NULL. In general, we can't reuse another
678 * provider's context, so we free it now so
679 * we don't leak it.
680 */
681 if (ctx != NULL) {
682 KCF_CONTEXT_REFRELE((kcf_context_t *)
683 ctx->cc_framework_private);
684 encr_kcf_context = NULL;
685 }
686 error = crypto_encrypt_init_prov(pd, pd->pd_sid,
687 encr_mech, encr_key, &encr_tmpl,
688 (crypto_context_t *)&ctx, NULL);
689
690 if (error == CRYPTO_SUCCESS) {
691 encr_kcf_context = (kcf_context_t *)
692 ctx->cc_framework_private;
693 }
694 }
695 KCF_PROV_INCRSTATS(pd, error);
696
697 KCF_PROV_REFRELE(pd);
698
699 if (error != CRYPTO_SUCCESS) {
700 /* Can't be CRYPTO_QUEUED. return the failure */
701 if (list != NULL)
702 kcf_free_triedlist(list);
703 if (encr_kcf_context != NULL)
704 KCF_CONTEXT_REFRELE(encr_kcf_context);
705
706 return (error);
707 }
708 error = crypto_mac_init(mac_mech, mac_key, mac_tmpl,
709 &mac_context, NULL);
710
711 if (list != NULL)
712 kcf_free_triedlist(list);
713
714 if (error != CRYPTO_SUCCESS) {
715 /* Should this be an ASSERT() ? */
716
717 KCF_CONTEXT_REFRELE(encr_kcf_context);
718 } else {
719 encr_kcf_context = (kcf_context_t *)
720 ctx->cc_framework_private;
721 mac_kcf_context = (kcf_context_t *)
722 ((crypto_ctx_t *)mac_context)->
723 cc_framework_private;
724
725 encr_kcf_context->kc_secondctx =
726 mac_kcf_context;
727 KCF_CONTEXT_REFHOLD(mac_kcf_context);
728
729 *ctxp = (crypto_context_t)ctx;
730 }
731
732 return (error);
733 }
734
735 /* submit a pure asynchronous request. */
736 save_flag = cr->cr_flag;
737 cr->cr_flag |= CRYPTO_ALWAYS_QUEUE;
738
739 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_INIT,
740 pd->pd_sid, encr_key, mac_key, NULL, NULL, NULL,
741 spi_encr_tmpl, spi_mac_tmpl);
742
743 cmops = &(params.rp_u.encrypt_mac_params);
744
745 /* careful! structs assignments */
746 cmops->em_encr_mech = *encr_mech;
747 /*
748 * cmops->em_encr_mech.cm_type will be set when we get to
749 * kcf_emulate_dual() routine.
750 */
751 cmops->em_framework_encr_mechtype = encr_mech->cm_type;
752 cmops->em_mac_mech = *mac_mech;
753
754 /*
755 * cmops->em_mac_mech.cm_type will be set when we know the
756 * MAC provider.
757 */
758 cmops->em_framework_mac_mechtype = mac_mech->cm_type;
759
760 /*
761 * non-NULL ctx->kc_secondctx tells common_submit_request
762 * that this request uses separate cipher and MAC contexts.
763 * That function will set ctx->kc_secondctx to the new
764 * MAC context, once it gets one.
765 */
766 encr_kcf_context->kc_secondctx = encr_kcf_context;
767
768 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
769
770 cr->cr_flag = save_flag;
771
772 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) {
773 KCF_CONTEXT_REFRELE(encr_kcf_context);
774 }
775 if (list != NULL)
776 kcf_free_triedlist(list);
777 *ctxp = (crypto_context_t)ctx;
778 KCF_PROV_REFRELE(pd);
779 return (error);
780 }
781
782 if ((!mac_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
783 if ((mac_tmpl != NULL) &&
784 (prov_mac_mechid != CRYPTO_MECH_INVALID)) {
785 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
786 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
787
788 if (list != NULL)
789 kcf_free_triedlist(list);
790
791 KCF_PROV_REFRELE(pd);
792 /* Which one is the the old one ? */
793 return (CRYPTO_OLD_CTX_TEMPLATE);
794 }
795 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
796 }
797 mac_tmpl_checked = B_TRUE;
798 }
799
800 if (ctx == NULL) {
801 ctx = kcf_new_ctx(cr, pd, pd->pd_sid);
802 if (ctx == NULL) {
803 if (list != NULL)
804 kcf_free_triedlist(list);
805
806 KCF_PROV_REFRELE(pd);
807 return (CRYPTO_HOST_MEMORY);
808 }
809 encr_kcf_context = (kcf_context_t *)ctx->cc_framework_private;
810 }
811
812 /* The fast path for SW providers. */
813 if (CHECK_FASTPATH(cr, pd)) {
814 crypto_mechanism_t lencr_mech;
815 crypto_mechanism_t lmac_mech;
816
817 /* careful! structs assignments */
818 lencr_mech = *encr_mech;
819 lencr_mech.cm_type = prov_encr_mechid;
820 lmac_mech = *mac_mech;
821 lmac_mech.cm_type = prov_mac_mechid;
822
823 error = KCF_PROV_ENCRYPT_MAC_INIT(pd, ctx, &lencr_mech,
824 encr_key, &lmac_mech, mac_key, spi_encr_tmpl, spi_mac_tmpl,
825 KCF_SWFP_RHNDL(cr));
826
827 KCF_PROV_INCRSTATS(pd, error);
828 } else {
829 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_INIT,
830 pd->pd_sid, encr_key, mac_key, NULL, NULL, NULL,
831 spi_encr_tmpl, spi_mac_tmpl);
832
833 cmops = &(params.rp_u.encrypt_mac_params);
834
835 /* careful! structs assignments */
836 cmops->em_encr_mech = *encr_mech;
837 cmops->em_encr_mech.cm_type = prov_encr_mechid;
838 cmops->em_framework_encr_mechtype = encr_mech->cm_type;
839 cmops->em_mac_mech = *mac_mech;
840 cmops->em_mac_mech.cm_type = prov_mac_mechid;
841 cmops->em_framework_mac_mechtype = mac_mech->cm_type;
842
843 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
844 }
845
846 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) {
847 if ((IS_RECOVERABLE(error)) &&
848 (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(cr)) != NULL))
849 goto retry;
850
851 KCF_CONTEXT_REFRELE(encr_kcf_context);
852 } else
853 *ctxp = (crypto_context_t)ctx;
854
855 if (list != NULL)
856 kcf_free_triedlist(list);
857
858 KCF_PROV_REFRELE(pd);
859 return (error);
860 }
861
862 /*
863 * Continues a multi-part dual encrypt/mac operation.
864 */
865 /* ARGSUSED */
866 int
867 crypto_encrypt_mac_update(crypto_context_t context,
868 crypto_data_t *pt, crypto_dual_data_t *ct, crypto_call_req_t *cr)
869 {
870 crypto_ctx_t *ctx = (crypto_ctx_t *)context, *mac_ctx;
871 kcf_context_t *kcf_ctx, *kcf_mac_ctx;
872 kcf_provider_desc_t *pd;
873 int error;
874 kcf_req_params_t params;
875
876 if ((ctx == NULL) ||
877 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) ||
878 ((pd = kcf_ctx->kc_prov_desc) == NULL)) {
879 return (CRYPTO_INVALID_CONTEXT);
880 }
881
882 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
883
884 if ((kcf_mac_ctx = kcf_ctx->kc_secondctx) != NULL) {
885 off_t save_offset;
886 size_t save_len;
887 crypto_call_flag_t save_flag;
888
889 if (kcf_mac_ctx->kc_prov_desc == NULL) {
890 error = CRYPTO_INVALID_CONTEXT;
891 goto out;
892 }
893 mac_ctx = &kcf_mac_ctx->kc_glbl_ctx;
894
895 /* First we submit the encryption request */
896 if (cr == NULL) {
897 /*
898 * 'ct' is always not NULL.
899 * A NULL 'pt' means in-place.
900 */
901 if (pt == NULL)
902 error = crypto_encrypt_update(context,
903 (crypto_data_t *)ct, NULL, NULL);
904 else
905 error = crypto_encrypt_update(context, pt,
906 (crypto_data_t *)ct, NULL);
907
908 if (error != CRYPTO_SUCCESS)
909 goto out;
910
911 /*
912 * call mac_update when there is data to throw in
913 * the mix. Either an explicitly non-zero ct->dd_len2,
914 * or the last ciphertext portion.
915 */
916 save_offset = ct->dd_offset1;
917 save_len = ct->dd_len1;
918 if (ct->dd_len2 == 0) {
919 /*
920 * The previous encrypt step was an
921 * accumulation only and didn't produce any
922 * partial output
923 */
924 if (ct->dd_len1 == 0)
925 goto out;
926 } else {
927 ct->dd_offset1 = ct->dd_offset2;
928 ct->dd_len1 = ct->dd_len2;
929 }
930 error = crypto_mac_update((crypto_context_t)mac_ctx,
931 (crypto_data_t *)ct, NULL);
932
933 ct->dd_offset1 = save_offset;
934 ct->dd_len1 = save_len;
935
936 goto out;
937 }
938 /* submit a pure asynchronous request. */
939 save_flag = cr->cr_flag;
940 cr->cr_flag |= CRYPTO_ALWAYS_QUEUE;
941
942 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_UPDATE,
943 pd->pd_sid, NULL, NULL, pt, ct, NULL, NULL, NULL)
944
945
946 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
947
948 cr->cr_flag = save_flag;
949 goto out;
950 }
951
952 /* The fast path for SW providers. */
953 if (CHECK_FASTPATH(cr, pd)) {
954 error = KCF_PROV_ENCRYPT_MAC_UPDATE(pd, ctx, pt, ct, NULL);
955 KCF_PROV_INCRSTATS(pd, error);
956 } else {
957 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_UPDATE,
958 ctx->cc_session, NULL, NULL, pt, ct, NULL, NULL, NULL);
959
960 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
961 }
962 out:
963 return (error);
964 }
965
966 /*
967 * Terminates a multi-part dual encrypt/mac operation.
968 */
969 /* ARGSUSED */
970 int crypto_encrypt_mac_final(crypto_context_t context, crypto_dual_data_t *ct,
971 crypto_data_t *mac, crypto_call_req_t *cr)
972 {
973 crypto_ctx_t *ctx = (crypto_ctx_t *)context, *mac_ctx;
974 kcf_context_t *kcf_ctx, *kcf_mac_ctx;
975 kcf_provider_desc_t *pd;
976 int error;
977 kcf_req_params_t params;
978
979 if ((ctx == NULL) ||
980 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) ||
981 ((pd = kcf_ctx->kc_prov_desc) == NULL)) {
982 return (CRYPTO_INVALID_CONTEXT);
983 }
984
985 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
986
987 if ((kcf_mac_ctx = kcf_ctx->kc_secondctx) != NULL) {
988 off_t save_offset;
989 size_t save_len;
990 crypto_context_t mac_context;
991 crypto_call_flag_t save_flag;
992
993 if (kcf_mac_ctx->kc_prov_desc == NULL) {
994 return (CRYPTO_INVALID_CONTEXT);
995 }
996 mac_ctx = &kcf_mac_ctx->kc_glbl_ctx;
997 mac_context = (crypto_context_t)mac_ctx;
998
999 if (cr == NULL) {
1000 /* Get the last chunk of ciphertext */
1001 error = crypto_encrypt_final(context,
1002 (crypto_data_t *)ct, NULL);
1003
1004 if (error != CRYPTO_SUCCESS) {
1005 /*
1006 * Needed here, because the caller of
1007 * crypto_encrypt_mac_final() lost all
1008 * refs to the mac_ctx.
1009 */
1010 crypto_cancel_ctx(mac_context);
1011 return (error);
1012 }
1013 if (ct->dd_len2 > 0) {
1014 save_offset = ct->dd_offset1;
1015 save_len = ct->dd_len1;
1016 ct->dd_offset1 = ct->dd_offset2;
1017 ct->dd_len1 = ct->dd_len2;
1018
1019 error = crypto_mac_update(mac_context,
1020 (crypto_data_t *)ct, NULL);
1021
1022 ct->dd_offset1 = save_offset;
1023 ct->dd_len1 = save_len;
1024
1025 if (error != CRYPTO_SUCCESS) {
1026 crypto_cancel_ctx(mac_context);
1027 return (error);
1028 }
1029 }
1030
1031 /* and finally, collect the MAC */
1032 error = crypto_mac_final(mac_context, mac, NULL);
1033
1034 return (error);
1035 }
1036 /* submit a pure asynchronous request. */
1037 save_flag = cr->cr_flag;
1038 cr->cr_flag |= CRYPTO_ALWAYS_QUEUE;
1039
1040 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_FINAL,
1041 pd->pd_sid, NULL, NULL, NULL, ct, mac, NULL, NULL)
1042
1043
1044 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
1045
1046 cr->cr_flag = save_flag;
1047 return (error);
1048 }
1049 /* The fast path for SW providers. */
1050 if (CHECK_FASTPATH(cr, pd)) {
1051 error = KCF_PROV_ENCRYPT_MAC_FINAL(pd, ctx, ct, mac, NULL);
1052 KCF_PROV_INCRSTATS(pd, error);
1053 } else {
1054 KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(&params, KCF_OP_FINAL,
1055 ctx->cc_session, NULL, NULL, NULL, ct, mac, NULL, NULL);
1056 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
1057 }
1058 out:
1059 /* Release the hold done in kcf_new_ctx() during init step. */
1060 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx);
1061 return (error);
1062 }
1063
1064 /*
1065 * Performs an atomic dual mac/decrypt operation. The provider to use
1066 * is determined by the KCF dispatcher.
1067 */
1068 int
1069 crypto_mac_decrypt(crypto_mechanism_t *mac_mech,
1070 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
1071 crypto_key_t *mac_key, crypto_key_t *decr_key,
1072 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
1073 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *crq)
1074 {
1075 return (crypto_mac_decrypt_common(mac_mech, decr_mech, ct, mac_key,
1076 decr_key, mac_tmpl, decr_tmpl, mac, pt, crq, B_FALSE));
1077 }
1078
1079 int
1080 crypto_mac_decrypt_prov(crypto_provider_t provider, crypto_session_id_t sid,
1081 crypto_mechanism_t *mac_mech, crypto_mechanism_t *decr_mech,
1082 crypto_dual_data_t *ct, crypto_key_t *mac_key, crypto_key_t *decr_key,
1083 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
1084 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *crq)
1085 {
1086 return (crypto_mac_decrypt_common_prov(provider, sid, mac_mech,
1087 decr_mech, ct, mac_key, decr_key, mac_tmpl, decr_tmpl, mac, pt,
1088 crq, B_FALSE));
1089 }
1090
1091 /*
1092 * Performs an atomic dual mac/decrypt operation. The provider to use
1093 * is determined by the KCF dispatcher. 'mac' specifies the expected
1094 * value for the MAC. The decryption is not performed if the computed
1095 * MAC does not match the expected MAC.
1096 */
1097 int
1098 crypto_mac_verify_decrypt(crypto_mechanism_t *mac_mech,
1099 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
1100 crypto_key_t *mac_key, crypto_key_t *decr_key,
1101 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
1102 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *crq)
1103 {
1104 return (crypto_mac_decrypt_common(mac_mech, decr_mech, ct, mac_key,
1105 decr_key, mac_tmpl, decr_tmpl, mac, pt, crq, B_TRUE));
1106 }
1107
1108 int
1109 crypto_mac_verify_decrypt_prov(crypto_provider_t provider,
1110 crypto_session_id_t sid, crypto_mechanism_t *mac_mech,
1111 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
1112 crypto_key_t *mac_key, crypto_key_t *decr_key,
1113 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
1114 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *crq)
1115 {
1116 return (crypto_mac_decrypt_common_prov(provider, sid, mac_mech,
1117 decr_mech, ct, mac_key, decr_key, mac_tmpl, decr_tmpl, mac, pt,
1118 crq, B_TRUE));
1119 }
1120
1121 /*
1122 * Called by both crypto_mac_decrypt() and crypto_mac_verify_decrypt().
1123 * optionally verified if the MACs match before calling the decryption step.
1124 */
1125 static int
1126 crypto_mac_decrypt_common(crypto_mechanism_t *mac_mech,
1127 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
1128 crypto_key_t *mac_key, crypto_key_t *decr_key,
1129 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
1130 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *crq,
1131 boolean_t do_verify)
1132 {
1133 /*
1134 * First try to find a provider for the decryption mechanism, that
1135 * is also capable of the MAC mechanism.
1136 * We still favor optimizing the costlier decryption.
1137 */
1138 int error;
1139 kcf_mech_entry_t *me;
1140 kcf_provider_desc_t *pd;
1141 kcf_ctx_template_t *ctx_decr_tmpl, *ctx_mac_tmpl;
1142 kcf_req_params_t params;
1143 kcf_mac_decrypt_ops_params_t *cmops;
1144 crypto_spi_ctx_template_t spi_decr_tmpl = NULL, spi_mac_tmpl = NULL;
1145 crypto_mech_type_t prov_decr_mechid, prov_mac_mechid;
1146 kcf_prov_tried_t *list = NULL;
1147 boolean_t decr_tmpl_checked = B_FALSE;
1148 boolean_t mac_tmpl_checked = B_FALSE;
1149 kcf_dual_req_t *next_req = NULL;
1150 crypto_call_req_t mac_req, *mac_reqp = NULL;
1151
1152 retry:
1153 /* pd is returned held on success */
1154 pd = kcf_get_dual_provider(decr_mech, decr_key, mac_mech, mac_key,
1155 &me, &prov_decr_mechid,
1156 &prov_mac_mechid, &error, list,
1157 CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC,
1158 CRYPTO_FG_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, ct->dd_len2);
1159 if (pd == NULL) {
1160 if (list != NULL)
1161 kcf_free_triedlist(list);
1162 if (next_req != NULL)
1163 kmem_free(next_req, sizeof (kcf_dual_req_t));
1164 return (CRYPTO_MECH_NOT_SUPPORTED);
1165 }
1166
1167 /*
1168 * For SW providers, check the validity of the context template
1169 * It is very rare that the generation number mis-matches, so
1170 * is acceptable to fail here, and let the consumer recover by
1171 * freeing this tmpl and create a new one for the key and new SW
1172 * provider
1173 */
1174
1175 if ((!decr_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
1176 if (decr_tmpl != NULL) {
1177 ctx_decr_tmpl = (kcf_ctx_template_t *)decr_tmpl;
1178 if (ctx_decr_tmpl->ct_generation != me->me_gen_swprov) {
1179 if (next_req != NULL)
1180 kmem_free(next_req,
1181 sizeof (kcf_dual_req_t));
1182 if (list != NULL)
1183 kcf_free_triedlist(list);
1184 KCF_PROV_REFRELE(pd);
1185
1186 /* Which one is the the old one ? */
1187 return (CRYPTO_OLD_CTX_TEMPLATE);
1188 }
1189 spi_decr_tmpl = ctx_decr_tmpl->ct_prov_tmpl;
1190 }
1191 decr_tmpl_checked = B_TRUE;
1192 }
1193 if (prov_mac_mechid == CRYPTO_MECH_INVALID) {
1194 /* Need to emulate with 2 internal calls */
1195
1196 /* Prepare the call_req to be submitted for the MAC step */
1197
1198 if (crq != NULL) {
1199
1200 if (next_req == NULL) {
1201 /*
1202 * allocate, initialize and prepare the
1203 * params for the next step only in the
1204 * first pass (not on every retry).
1205 */
1206 next_req = kcf_alloc_req(crq);
1207
1208 if (next_req == NULL) {
1209 KCF_PROV_REFRELE(pd);
1210 if (list != NULL)
1211 kcf_free_triedlist(list);
1212 return (CRYPTO_HOST_MEMORY);
1213 }
1214 KCF_WRAP_DECRYPT_OPS_PARAMS(
1215 &(next_req->kr_params), KCF_OP_ATOMIC,
1216 NULL, decr_mech, decr_key,
1217 (crypto_data_t *)ct, pt, spi_decr_tmpl);
1218 }
1219
1220 mac_req.cr_flag = (crq != NULL) ? crq->cr_flag : 0;
1221 mac_req.cr_flag |= CRYPTO_SETDUAL;
1222 mac_req.cr_callback_func = kcf_next_req;
1223 mac_req.cr_callback_arg = next_req;
1224 mac_reqp = &mac_req;
1225 }
1226
1227 /* 'pd' is the decryption provider. */
1228
1229 if (do_verify)
1230 error = crypto_mac_verify(mac_mech, (crypto_data_t *)ct,
1231 mac_key, mac_tmpl, mac,
1232 (crq == NULL) ? NULL : mac_reqp);
1233 else
1234 error = crypto_mac(mac_mech, (crypto_data_t *)ct,
1235 mac_key, mac_tmpl, mac,
1236 (crq == NULL) ? NULL : mac_reqp);
1237
1238 switch (error) {
1239 case CRYPTO_SUCCESS: {
1240 off_t saveoffset;
1241 size_t savelen;
1242
1243 if (next_req == NULL) {
1244 saveoffset = ct->dd_offset1;
1245 savelen = ct->dd_len1;
1246 } else {
1247 saveoffset = next_req->kr_saveoffset =
1248 ct->dd_offset1;
1249 savelen = next_req->kr_savelen = ct->dd_len1;
1250
1251 ASSERT(mac_reqp != NULL);
1252 mac_req.cr_flag &= ~CRYPTO_SETDUAL;
1253 mac_req.cr_callback_func = kcf_last_req;
1254 }
1255 ct->dd_offset1 = ct->dd_offset2;
1256 ct->dd_len1 = ct->dd_len2;
1257
1258 if (CHECK_FASTPATH(crq, pd)) {
1259 crypto_mechanism_t lmech;
1260
1261 lmech = *decr_mech;
1262 KCF_SET_PROVIDER_MECHNUM(decr_mech->cm_type,
1263 pd, &lmech);
1264
1265 error = KCF_PROV_DECRYPT_ATOMIC(pd, pd->pd_sid,
1266 &lmech, decr_key, (crypto_data_t *)ct,
1267 (crypto_data_t *)pt, spi_decr_tmpl,
1268 KCF_SWFP_RHNDL(mac_reqp));
1269
1270 KCF_PROV_INCRSTATS(pd, error);
1271 } else {
1272 KCF_WRAP_DECRYPT_OPS_PARAMS(&params,
1273 KCF_OP_ATOMIC, pd->pd_sid, decr_mech,
1274 decr_key, (crypto_data_t *)ct, pt,
1275 spi_decr_tmpl);
1276
1277 error = kcf_submit_request(pd, NULL,
1278 (crq == NULL) ? NULL : mac_reqp,
1279 &params, B_FALSE);
1280 }
1281 if (error != CRYPTO_QUEUED) {
1282 KCF_PROV_INCRSTATS(pd, error);
1283 ct->dd_offset1 = saveoffset;
1284 ct->dd_len1 = savelen;
1285 }
1286 break;
1287 }
1288
1289 case CRYPTO_QUEUED:
1290 if ((crq != NULL) && (crq->cr_flag & CRYPTO_SKIP_REQID))
1291 crq->cr_reqid = mac_req.cr_reqid;
1292 break;
1293
1294 default:
1295 if (IS_RECOVERABLE(error)) {
1296 if (kcf_insert_triedlist(&list, pd,
1297 KCF_KMFLAG(crq)) != NULL)
1298 goto retry;
1299 }
1300 }
1301 if (error != CRYPTO_QUEUED && next_req != NULL)
1302 kmem_free(next_req, sizeof (kcf_dual_req_t));
1303 if (list != NULL)
1304 kcf_free_triedlist(list);
1305 KCF_PROV_REFRELE(pd);
1306 return (error);
1307 }
1308
1309 if ((!mac_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
1310 if ((mac_tmpl != NULL) &&
1311 (prov_mac_mechid != CRYPTO_MECH_INVALID)) {
1312 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
1313 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
1314 if (next_req != NULL)
1315 kmem_free(next_req,
1316 sizeof (kcf_dual_req_t));
1317 if (list != NULL)
1318 kcf_free_triedlist(list);
1319 KCF_PROV_REFRELE(pd);
1320
1321 /* Which one is the the old one ? */
1322 return (CRYPTO_OLD_CTX_TEMPLATE);
1323 }
1324 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
1325 }
1326 mac_tmpl_checked = B_TRUE;
1327 }
1328
1329 /* The fast path for SW providers. */
1330 if (CHECK_FASTPATH(crq, pd)) {
1331 crypto_mechanism_t lmac_mech;
1332 crypto_mechanism_t ldecr_mech;
1333
1334 /* careful! structs assignments */
1335 ldecr_mech = *decr_mech;
1336 ldecr_mech.cm_type = prov_decr_mechid;
1337 lmac_mech = *mac_mech;
1338 lmac_mech.cm_type = prov_mac_mechid;
1339
1340 if (do_verify)
1341 error = KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(pd,
1342 pd->pd_sid, &lmac_mech, mac_key, &ldecr_mech,
1343 decr_key, ct, mac, pt, spi_mac_tmpl, spi_decr_tmpl,
1344 KCF_SWFP_RHNDL(crq));
1345 else
1346 error = KCF_PROV_MAC_DECRYPT_ATOMIC(pd, pd->pd_sid,
1347 &lmac_mech, mac_key, &ldecr_mech, decr_key,
1348 ct, mac, pt, spi_mac_tmpl, spi_decr_tmpl,
1349 KCF_SWFP_RHNDL(crq));
1350
1351 KCF_PROV_INCRSTATS(pd, error);
1352 } else {
1353 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params,
1354 (do_verify) ? KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC :
1355 KCF_OP_ATOMIC, pd->pd_sid, mac_key, decr_key, ct, mac, pt,
1356 spi_mac_tmpl, spi_decr_tmpl);
1357
1358 cmops = &(params.rp_u.mac_decrypt_params);
1359
1360 /* careful! structs assignments */
1361 cmops->md_decr_mech = *decr_mech;
1362 cmops->md_decr_mech.cm_type = prov_decr_mechid;
1363 cmops->md_framework_decr_mechtype = decr_mech->cm_type;
1364 cmops->md_mac_mech = *mac_mech;
1365 cmops->md_mac_mech.cm_type = prov_mac_mechid;
1366 cmops->md_framework_mac_mechtype = mac_mech->cm_type;
1367
1368 error = kcf_submit_request(pd, NULL, crq, &params, B_FALSE);
1369 }
1370
1371 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED &&
1372 IS_RECOVERABLE(error)) {
1373 /* Add pd to the linked list of providers tried. */
1374 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL)
1375 goto retry;
1376 }
1377
1378 if (list != NULL)
1379 kcf_free_triedlist(list);
1380
1381 if (next_req != NULL)
1382 kmem_free(next_req, sizeof (kcf_dual_req_t));
1383 KCF_PROV_REFRELE(pd);
1384 return (error);
1385 }
1386
1387 static int
1388 crypto_mac_decrypt_common_prov(crypto_provider_t provider,
1389 crypto_session_id_t sid, crypto_mechanism_t *mac_mech,
1390 crypto_mechanism_t *decr_mech, crypto_dual_data_t *ct,
1391 crypto_key_t *mac_key, crypto_key_t *decr_key,
1392 crypto_ctx_template_t mac_tmpl, crypto_ctx_template_t decr_tmpl,
1393 crypto_data_t *mac, crypto_data_t *pt, crypto_call_req_t *crq,
1394 boolean_t do_verify)
1395 {
1396 /*
1397 * First try to find a provider for the decryption mechanism, that
1398 * is also capable of the MAC mechanism.
1399 * We still favor optimizing the costlier decryption.
1400 */
1401 int error;
1402 kcf_mech_entry_t *me;
1403 kcf_provider_desc_t *pd = provider;
1404 kcf_provider_desc_t *real_provider = pd;
1405 kcf_ctx_template_t *ctx_decr_tmpl, *ctx_mac_tmpl;
1406 kcf_req_params_t params;
1407 kcf_mac_decrypt_ops_params_t *cmops;
1408 crypto_spi_ctx_template_t spi_decr_tmpl = NULL, spi_mac_tmpl = NULL;
1409
1410 ASSERT(KCF_PROV_REFHELD(pd));
1411
1412 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
1413 error = kcf_get_hardware_provider(decr_mech->cm_type, decr_key,
1414 mac_mech->cm_type, mac_key, pd, &real_provider,
1415 CRYPTO_FG_MAC_DECRYPT_ATOMIC);
1416
1417 if (error != CRYPTO_SUCCESS)
1418 return (error);
1419 }
1420
1421 /*
1422 * For SW providers, check the validity of the context template
1423 * It is very rare that the generation number mis-matches, so
1424 * is acceptable to fail here, and let the consumer recover by
1425 * freeing this tmpl and create a new one for the key and new SW
1426 * provider
1427 */
1428
1429 if (real_provider->pd_prov_type == CRYPTO_SW_PROVIDER) {
1430 if (decr_tmpl != NULL) {
1431 if (kcf_get_mech_entry(decr_mech->cm_type, &me) !=
1432 KCF_SUCCESS) {
1433 error = CRYPTO_MECHANISM_INVALID;
1434 goto out;
1435 }
1436 ctx_decr_tmpl = (kcf_ctx_template_t *)decr_tmpl;
1437 if (ctx_decr_tmpl->ct_generation != me->me_gen_swprov) {
1438 error = CRYPTO_OLD_CTX_TEMPLATE;
1439 goto out;
1440 }
1441 spi_decr_tmpl = ctx_decr_tmpl->ct_prov_tmpl;
1442 }
1443
1444 if (mac_tmpl != NULL) {
1445 if (kcf_get_mech_entry(mac_mech->cm_type, &me) !=
1446 KCF_SUCCESS) {
1447 error = CRYPTO_MECHANISM_INVALID;
1448 goto out;
1449 }
1450 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
1451 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
1452 error = CRYPTO_OLD_CTX_TEMPLATE;
1453 goto out;
1454 }
1455 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
1456 }
1457 }
1458
1459 /* The fast path for SW providers. */
1460 if (CHECK_FASTPATH(crq, pd)) {
1461 crypto_mechanism_t lmac_mech;
1462 crypto_mechanism_t ldecr_mech;
1463
1464 /* careful! structs assignments */
1465 ldecr_mech = *decr_mech;
1466 KCF_SET_PROVIDER_MECHNUM(decr_mech->cm_type, real_provider,
1467 &ldecr_mech);
1468
1469 lmac_mech = *mac_mech;
1470 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
1471 &lmac_mech);
1472
1473 if (do_verify)
1474 error = KCF_PROV_MAC_VERIFY_DECRYPT_ATOMIC(
1475 real_provider, sid, &lmac_mech, mac_key,
1476 &ldecr_mech, decr_key, ct, mac, pt, spi_mac_tmpl,
1477 spi_decr_tmpl, KCF_SWFP_RHNDL(crq));
1478 else
1479 error = KCF_PROV_MAC_DECRYPT_ATOMIC(real_provider, sid,
1480 &lmac_mech, mac_key, &ldecr_mech, decr_key,
1481 ct, mac, pt, spi_mac_tmpl, spi_decr_tmpl,
1482 KCF_SWFP_RHNDL(crq));
1483
1484 KCF_PROV_INCRSTATS(pd, error);
1485 } else {
1486 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params,
1487 (do_verify) ? KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC :
1488 KCF_OP_ATOMIC, sid, mac_key, decr_key, ct, mac, pt,
1489 spi_mac_tmpl, spi_decr_tmpl);
1490
1491 cmops = &(params.rp_u.mac_decrypt_params);
1492
1493 /* careful! structs assignments */
1494 cmops->md_decr_mech = *decr_mech;
1495 KCF_SET_PROVIDER_MECHNUM(decr_mech->cm_type, real_provider,
1496 &cmops->md_decr_mech);
1497 cmops->md_framework_decr_mechtype = decr_mech->cm_type;
1498
1499 cmops->md_mac_mech = *mac_mech;
1500 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
1501 &cmops->md_mac_mech);
1502 cmops->md_framework_mac_mechtype = mac_mech->cm_type;
1503
1504 error = kcf_submit_request(real_provider, NULL, crq, &params,
1505 B_FALSE);
1506 }
1507
1508 out:
1509 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
1510 KCF_PROV_REFRELE(real_provider);
1511 return (error);
1512 }
1513
1514 /*
1515 * Starts a multi-part dual mac/decrypt operation. The provider to
1516 * use is determined by the KCF dispatcher.
1517 */
1518 /* ARGSUSED */
1519 int
1520 crypto_mac_decrypt_init(crypto_mechanism_t *mac_mech,
1521 crypto_mechanism_t *decr_mech, crypto_key_t *mac_key,
1522 crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl,
1523 crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp,
1524 crypto_call_req_t *cr)
1525 {
1526 /*
1527 * First try to find a provider for the decryption mechanism, that
1528 * is also capable of the MAC mechanism.
1529 * We still favor optimizing the costlier decryption.
1530 */
1531 int error;
1532 kcf_mech_entry_t *me;
1533 kcf_provider_desc_t *pd;
1534 kcf_ctx_template_t *ctx_decr_tmpl, *ctx_mac_tmpl;
1535 kcf_req_params_t params;
1536 kcf_mac_decrypt_ops_params_t *mdops;
1537 crypto_spi_ctx_template_t spi_decr_tmpl = NULL, spi_mac_tmpl = NULL;
1538 crypto_mech_type_t prov_decr_mechid, prov_mac_mechid;
1539 kcf_prov_tried_t *list = NULL;
1540 boolean_t decr_tmpl_checked = B_FALSE;
1541 boolean_t mac_tmpl_checked = B_FALSE;
1542 crypto_ctx_t *ctx = NULL;
1543 kcf_context_t *decr_kcf_context = NULL, *mac_kcf_context = NULL;
1544 crypto_call_flag_t save_flag;
1545
1546 retry:
1547 /* pd is returned held on success */
1548 pd = kcf_get_dual_provider(decr_mech, decr_key, mac_mech, mac_key,
1549 &me, &prov_decr_mechid,
1550 &prov_mac_mechid, &error, list,
1551 CRYPTO_FG_DECRYPT | CRYPTO_FG_MAC_DECRYPT, CRYPTO_FG_MAC, 0);
1552 if (pd == NULL) {
1553 if (list != NULL)
1554 kcf_free_triedlist(list);
1555 return (error);
1556 }
1557
1558 /*
1559 * For SW providers, check the validity of the context template
1560 * It is very rare that the generation number mis-matches, so
1561 * is acceptable to fail here, and let the consumer recover by
1562 * freeing this tmpl and create a new one for the key and new SW
1563 * provider
1564 * Warning! will need to change when multiple software providers
1565 * per mechanism are supported.
1566 */
1567
1568 if ((!decr_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
1569 if (decr_tmpl != NULL) {
1570 ctx_decr_tmpl = (kcf_ctx_template_t *)decr_tmpl;
1571 if (ctx_decr_tmpl->ct_generation != me->me_gen_swprov) {
1572
1573 if (list != NULL)
1574 kcf_free_triedlist(list);
1575 if (decr_kcf_context != NULL)
1576 KCF_CONTEXT_REFRELE(decr_kcf_context);
1577
1578 KCF_PROV_REFRELE(pd);
1579 /* Which one is the the old one ? */
1580 return (CRYPTO_OLD_CTX_TEMPLATE);
1581 }
1582 spi_decr_tmpl = ctx_decr_tmpl->ct_prov_tmpl;
1583 }
1584 decr_tmpl_checked = B_TRUE;
1585 }
1586
1587 if (prov_mac_mechid == CRYPTO_MECH_INVALID) {
1588 /* Need to emulate with 2 internal calls */
1589
1590 /*
1591 * We avoid code complexity by limiting the pure async.
1592 * case to be done using only a SW provider.
1593 * XXX - Redo the emulation code below so that we can
1594 * remove this limitation.
1595 */
1596 if (cr != NULL && pd->pd_prov_type == CRYPTO_HW_PROVIDER) {
1597 if ((kcf_insert_triedlist(&list, pd, KCF_KMFLAG(cr))
1598 != NULL))
1599 goto retry;
1600 if (list != NULL)
1601 kcf_free_triedlist(list);
1602 if (decr_kcf_context != NULL)
1603 KCF_CONTEXT_REFRELE(decr_kcf_context);
1604 KCF_PROV_REFRELE(pd);
1605 return (CRYPTO_HOST_MEMORY);
1606 }
1607
1608 if (ctx == NULL && pd->pd_prov_type == CRYPTO_SW_PROVIDER) {
1609 ctx = kcf_new_ctx(cr, pd, pd->pd_sid);
1610 if (ctx == NULL) {
1611 if (list != NULL)
1612 kcf_free_triedlist(list);
1613 if (decr_kcf_context != NULL)
1614 KCF_CONTEXT_REFRELE(decr_kcf_context);
1615 KCF_PROV_REFRELE(pd);
1616 return (CRYPTO_HOST_MEMORY);
1617 }
1618 decr_kcf_context = (kcf_context_t *)
1619 ctx->cc_framework_private;
1620 }
1621 /*
1622 * Trade-off speed vs avoidance of code complexity and
1623 * duplication:
1624 * Could do all the combinations of fastpath / synch / asynch
1625 * for the decryption and the mac steps. Early attempts
1626 * showed the code grew wild and bug-prone, for little gain.
1627 * Therefore, the adaptative asynch case is not implemented.
1628 * It's either pure synchronous, or pure asynchronous.
1629 * We still preserve a fastpath for the pure synchronous
1630 * requests to SW providers.
1631 */
1632 if (cr == NULL) {
1633 crypto_context_t mac_context;
1634
1635 error = crypto_mac_init(mac_mech, mac_key, mac_tmpl,
1636 &mac_context, NULL);
1637
1638 if (error != CRYPTO_SUCCESS) {
1639 /* Can't be CRYPTO_QUEUED. return the failure */
1640 if (list != NULL)
1641 kcf_free_triedlist(list);
1642
1643 if (decr_kcf_context != NULL)
1644 KCF_CONTEXT_REFRELE(decr_kcf_context);
1645 return (error);
1646 }
1647 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER) {
1648 crypto_mechanism_t lmech = *decr_mech;
1649
1650 lmech.cm_type = prov_decr_mechid;
1651
1652 error = KCF_PROV_DECRYPT_INIT(pd, ctx, &lmech,
1653 decr_key, spi_decr_tmpl,
1654 KCF_RHNDL(KM_SLEEP));
1655 } else {
1656 /*
1657 * If we did the 'goto retry' then ctx may not
1658 * be NULL. In general, we can't reuse another
1659 * provider's context, so we free it now so
1660 * we don't leak it.
1661 */
1662 if (ctx != NULL) {
1663 KCF_CONTEXT_REFRELE((kcf_context_t *)
1664 ctx->cc_framework_private);
1665 decr_kcf_context = NULL;
1666 }
1667 error = crypto_decrypt_init_prov(pd, pd->pd_sid,
1668 decr_mech, decr_key, &decr_tmpl,
1669 (crypto_context_t *)&ctx, NULL);
1670
1671 if (error == CRYPTO_SUCCESS) {
1672 decr_kcf_context = (kcf_context_t *)
1673 ctx->cc_framework_private;
1674 }
1675 }
1676
1677 KCF_PROV_INCRSTATS(pd, error);
1678
1679 KCF_PROV_REFRELE(pd);
1680
1681 if (error != CRYPTO_SUCCESS) {
1682 /* Can't be CRYPTO_QUEUED. return the failure */
1683 if (list != NULL)
1684 kcf_free_triedlist(list);
1685 if (mac_kcf_context != NULL)
1686 KCF_CONTEXT_REFRELE(mac_kcf_context);
1687
1688 return (error);
1689 }
1690 mac_kcf_context = (kcf_context_t *)
1691 ((crypto_ctx_t *)mac_context)->
1692 cc_framework_private;
1693
1694 decr_kcf_context = (kcf_context_t *)
1695 ctx->cc_framework_private;
1696
1697 /*
1698 * Here also, the mac context is second. The callback
1699 * case can't overwrite the context returned to
1700 * the caller.
1701 */
1702 decr_kcf_context->kc_secondctx = mac_kcf_context;
1703 KCF_CONTEXT_REFHOLD(mac_kcf_context);
1704
1705 *ctxp = (crypto_context_t)ctx;
1706
1707 return (error);
1708 }
1709 /* submit a pure asynchronous request. */
1710 save_flag = cr->cr_flag;
1711 cr->cr_flag |= CRYPTO_ALWAYS_QUEUE;
1712
1713 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_INIT,
1714 pd->pd_sid, mac_key, decr_key, NULL, NULL, NULL,
1715 spi_mac_tmpl, spi_decr_tmpl);
1716
1717 mdops = &(params.rp_u.mac_decrypt_params);
1718
1719 /* careful! structs assignments */
1720 mdops->md_decr_mech = *decr_mech;
1721 /*
1722 * mdops->md_decr_mech.cm_type will be set when we get to
1723 * kcf_emulate_dual() routine.
1724 */
1725 mdops->md_framework_decr_mechtype = decr_mech->cm_type;
1726 mdops->md_mac_mech = *mac_mech;
1727
1728 /*
1729 * mdops->md_mac_mech.cm_type will be set when we know the
1730 * MAC provider.
1731 */
1732 mdops->md_framework_mac_mechtype = mac_mech->cm_type;
1733
1734 /*
1735 * non-NULL ctx->kc_secondctx tells common_submit_request
1736 * that this request uses separate cipher and MAC contexts.
1737 * That function will set the MAC context's kc_secondctx to
1738 * this decrypt context.
1739 */
1740 decr_kcf_context->kc_secondctx = decr_kcf_context;
1741
1742 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
1743
1744 cr->cr_flag = save_flag;
1745
1746 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) {
1747 KCF_CONTEXT_REFRELE(decr_kcf_context);
1748 }
1749 if (list != NULL)
1750 kcf_free_triedlist(list);
1751 *ctxp = ctx;
1752 KCF_PROV_REFRELE(pd);
1753 return (error);
1754 }
1755
1756 if ((!mac_tmpl_checked) && (pd->pd_prov_type == CRYPTO_SW_PROVIDER)) {
1757 if ((mac_tmpl != NULL) &&
1758 (prov_mac_mechid != CRYPTO_MECH_INVALID)) {
1759 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
1760 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
1761
1762 if (list != NULL)
1763 kcf_free_triedlist(list);
1764
1765 KCF_PROV_REFRELE(pd);
1766 /* Which one is the the old one ? */
1767 return (CRYPTO_OLD_CTX_TEMPLATE);
1768 }
1769 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
1770 }
1771 mac_tmpl_checked = B_TRUE;
1772 }
1773
1774 if (ctx == NULL) {
1775 ctx = kcf_new_ctx(cr, pd, pd->pd_sid);
1776 if (ctx == NULL) {
1777 error = CRYPTO_HOST_MEMORY;
1778 if (list != NULL)
1779 kcf_free_triedlist(list);
1780 return (CRYPTO_HOST_MEMORY);
1781 }
1782 decr_kcf_context = (kcf_context_t *)ctx->cc_framework_private;
1783 }
1784
1785 /* The fast path for SW providers. */
1786 if (CHECK_FASTPATH(cr, pd)) {
1787 crypto_mechanism_t ldecr_mech;
1788 crypto_mechanism_t lmac_mech;
1789
1790 /* careful! structs assignments */
1791 ldecr_mech = *decr_mech;
1792 ldecr_mech.cm_type = prov_decr_mechid;
1793 lmac_mech = *mac_mech;
1794 lmac_mech.cm_type = prov_mac_mechid;
1795
1796 error = KCF_PROV_MAC_DECRYPT_INIT(pd, ctx, &lmac_mech,
1797 mac_key, &ldecr_mech, decr_key, spi_mac_tmpl, spi_decr_tmpl,
1798 KCF_SWFP_RHNDL(cr));
1799
1800 KCF_PROV_INCRSTATS(pd, error);
1801 } else {
1802 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_INIT,
1803 pd->pd_sid, mac_key, decr_key, NULL, NULL, NULL,
1804 spi_mac_tmpl, spi_decr_tmpl);
1805
1806 mdops = &(params.rp_u.mac_decrypt_params);
1807
1808 /* careful! structs assignments */
1809 mdops->md_decr_mech = *decr_mech;
1810 mdops->md_decr_mech.cm_type = prov_decr_mechid;
1811 mdops->md_framework_decr_mechtype = decr_mech->cm_type;
1812 mdops->md_mac_mech = *mac_mech;
1813 mdops->md_mac_mech.cm_type = prov_mac_mechid;
1814 mdops->md_framework_mac_mechtype = mac_mech->cm_type;
1815
1816 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
1817 }
1818
1819 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED) {
1820 if ((IS_RECOVERABLE(error)) &&
1821 (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(cr)) != NULL))
1822 goto retry;
1823
1824 KCF_CONTEXT_REFRELE(decr_kcf_context);
1825 } else
1826 *ctxp = (crypto_context_t)ctx;
1827
1828 if (list != NULL)
1829 kcf_free_triedlist(list);
1830
1831 KCF_PROV_REFRELE(pd);
1832 return (error);
1833 }
1834
1835 int
1836 crypto_mac_decrypt_init_prov(crypto_provider_t provider,
1837 crypto_session_id_t sid, crypto_mechanism_t *mac_mech,
1838 crypto_mechanism_t *decr_mech, crypto_key_t *mac_key,
1839 crypto_key_t *decr_key, crypto_ctx_template_t mac_tmpl,
1840 crypto_ctx_template_t decr_tmpl, crypto_context_t *ctxp,
1841 crypto_call_req_t *cr)
1842 {
1843 /*
1844 * First try to find a provider for the decryption mechanism, that
1845 * is also capable of the MAC mechanism.
1846 * We still favor optimizing the costlier decryption.
1847 */
1848 int rv;
1849 kcf_mech_entry_t *me;
1850 kcf_provider_desc_t *pd = provider;
1851 kcf_provider_desc_t *real_provider = pd;
1852 kcf_ctx_template_t *ctx_decr_tmpl, *ctx_mac_tmpl;
1853 kcf_req_params_t params;
1854 kcf_mac_decrypt_ops_params_t *mdops;
1855 crypto_spi_ctx_template_t spi_decr_tmpl = NULL, spi_mac_tmpl = NULL;
1856 crypto_ctx_t *ctx;
1857 kcf_context_t *decr_kcf_context = NULL;
1858
1859 ASSERT(KCF_PROV_REFHELD(pd));
1860
1861 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) {
1862 rv = kcf_get_hardware_provider(decr_mech->cm_type, decr_key,
1863 mac_mech->cm_type, mac_key, pd, &real_provider,
1864 CRYPTO_FG_MAC_DECRYPT);
1865
1866 if (rv != CRYPTO_SUCCESS)
1867 return (rv);
1868 }
1869
1870 /*
1871 * For SW providers, check the validity of the context template
1872 * It is very rare that the generation number mis-matches, so
1873 * is acceptable to fail here, and let the consumer recover by
1874 * freeing this tmpl and create a new one for the key and new SW
1875 * provider
1876 * Warning! will need to change when multiple software providers
1877 * per mechanism are supported.
1878 */
1879
1880 if (real_provider->pd_prov_type == CRYPTO_SW_PROVIDER) {
1881 if (decr_tmpl != NULL) {
1882 if (kcf_get_mech_entry(decr_mech->cm_type, &me) !=
1883 KCF_SUCCESS) {
1884 rv = CRYPTO_MECHANISM_INVALID;
1885 goto out;
1886 }
1887 ctx_decr_tmpl = (kcf_ctx_template_t *)decr_tmpl;
1888 if (ctx_decr_tmpl->ct_generation != me->me_gen_swprov) {
1889 rv = CRYPTO_OLD_CTX_TEMPLATE;
1890 goto out;
1891 }
1892 spi_decr_tmpl = ctx_decr_tmpl->ct_prov_tmpl;
1893 }
1894
1895 if (mac_tmpl != NULL) {
1896 if (kcf_get_mech_entry(mac_mech->cm_type, &me) !=
1897 KCF_SUCCESS) {
1898 rv = CRYPTO_MECHANISM_INVALID;
1899 goto out;
1900 }
1901 ctx_mac_tmpl = (kcf_ctx_template_t *)mac_tmpl;
1902 if (ctx_mac_tmpl->ct_generation != me->me_gen_swprov) {
1903 rv = CRYPTO_OLD_CTX_TEMPLATE;
1904 goto out;
1905 }
1906 spi_mac_tmpl = ctx_mac_tmpl->ct_prov_tmpl;
1907 }
1908 }
1909
1910 ctx = kcf_new_ctx(cr, real_provider, sid);
1911 if (ctx == NULL) {
1912 rv = CRYPTO_HOST_MEMORY;
1913 goto out;
1914 }
1915 decr_kcf_context = (kcf_context_t *)ctx->cc_framework_private;
1916
1917 /* The fast path for SW providers. */
1918 if (CHECK_FASTPATH(cr, pd)) {
1919 crypto_mechanism_t ldecr_mech;
1920 crypto_mechanism_t lmac_mech;
1921
1922 /* careful! structs assignments */
1923 ldecr_mech = *decr_mech;
1924 KCF_SET_PROVIDER_MECHNUM(decr_mech->cm_type, real_provider,
1925 &ldecr_mech);
1926
1927 lmac_mech = *mac_mech;
1928 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
1929 &lmac_mech);
1930
1931 rv = KCF_PROV_MAC_DECRYPT_INIT(real_provider, ctx, &lmac_mech,
1932 mac_key, &ldecr_mech, decr_key, spi_mac_tmpl, spi_decr_tmpl,
1933 KCF_SWFP_RHNDL(cr));
1934
1935 KCF_PROV_INCRSTATS(pd, rv);
1936 } else {
1937 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_INIT,
1938 sid, mac_key, decr_key, NULL, NULL, NULL,
1939 spi_mac_tmpl, spi_decr_tmpl);
1940
1941 mdops = &(params.rp_u.mac_decrypt_params);
1942
1943 /* careful! structs assignments */
1944 mdops->md_decr_mech = *decr_mech;
1945 KCF_SET_PROVIDER_MECHNUM(decr_mech->cm_type, real_provider,
1946 &mdops->md_decr_mech);
1947 mdops->md_framework_decr_mechtype = decr_mech->cm_type;
1948
1949 mdops->md_mac_mech = *mac_mech;
1950 KCF_SET_PROVIDER_MECHNUM(mac_mech->cm_type, real_provider,
1951 &mdops->md_mac_mech);
1952 mdops->md_framework_mac_mechtype = mac_mech->cm_type;
1953
1954 rv = kcf_submit_request(real_provider, ctx, cr, &params,
1955 B_FALSE);
1956 }
1957
1958 if (rv != CRYPTO_SUCCESS && rv != CRYPTO_QUEUED) {
1959 KCF_CONTEXT_REFRELE(decr_kcf_context);
1960 } else
1961 *ctxp = (crypto_context_t)ctx;
1962
1963 out:
1964 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
1965 KCF_PROV_REFRELE(real_provider);
1966 return (rv);
1967 }
1968 /*
1969 * Continues a multi-part dual mac/decrypt operation.
1970 */
1971 /* ARGSUSED */
1972 int
1973 crypto_mac_decrypt_update(crypto_context_t context,
1974 crypto_dual_data_t *ct, crypto_data_t *pt, crypto_call_req_t *cr)
1975 {
1976 crypto_ctx_t *ctx = (crypto_ctx_t *)context, *mac_ctx;
1977 kcf_context_t *kcf_ctx, *kcf_mac_ctx;
1978 kcf_provider_desc_t *pd;
1979 int error;
1980 kcf_req_params_t params;
1981
1982 if ((ctx == NULL) ||
1983 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) ||
1984 ((pd = kcf_ctx->kc_prov_desc) == NULL)) {
1985 return (CRYPTO_INVALID_CONTEXT);
1986 }
1987
1988 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
1989
1990 if ((kcf_mac_ctx = kcf_ctx->kc_secondctx) != NULL) {
1991 off_t save_offset;
1992 size_t save_len;
1993 crypto_call_flag_t save_flag;
1994
1995 if (kcf_mac_ctx->kc_prov_desc == NULL) {
1996 error = CRYPTO_INVALID_CONTEXT;
1997 goto out;
1998 }
1999 mac_ctx = &kcf_mac_ctx->kc_glbl_ctx;
2000
2001 /* First we submit the MAC request */
2002 if (cr == NULL) {
2003 /*
2004 * 'ct' is always not NULL.
2005 */
2006 error = crypto_mac_update((crypto_context_t)mac_ctx,
2007 (crypto_data_t *)ct, NULL);
2008
2009 if (error != CRYPTO_SUCCESS)
2010 goto out;
2011
2012 /* Decrypt a different length only when told so */
2013
2014 save_offset = ct->dd_offset1;
2015 save_len = ct->dd_len1;
2016
2017 if (ct->dd_len2 > 0) {
2018 ct->dd_offset1 = ct->dd_offset2;
2019 ct->dd_len1 = ct->dd_len2;
2020 }
2021
2022 error = crypto_decrypt_update(context,
2023 (crypto_data_t *)ct, pt, NULL);
2024
2025 ct->dd_offset1 = save_offset;
2026 ct->dd_len1 = save_len;
2027
2028 goto out;
2029 }
2030 /* submit a pure asynchronous request. */
2031 save_flag = cr->cr_flag;
2032 cr->cr_flag |= CRYPTO_ALWAYS_QUEUE;
2033
2034 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_UPDATE,
2035 pd->pd_sid, NULL, NULL, ct, NULL, pt, NULL, NULL)
2036
2037
2038 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
2039
2040 cr->cr_flag = save_flag;
2041 goto out;
2042 }
2043
2044 /* The fast path for SW providers. */
2045 if (CHECK_FASTPATH(cr, pd)) {
2046 error = KCF_PROV_MAC_DECRYPT_UPDATE(pd, ctx, ct, pt, NULL);
2047 KCF_PROV_INCRSTATS(pd, error);
2048 } else {
2049 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_UPDATE,
2050 ctx->cc_session, NULL, NULL, ct, NULL, pt, NULL, NULL);
2051
2052 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
2053 }
2054 out:
2055 return (error);
2056 }
2057
2058 /*
2059 * Terminates a multi-part dual mac/decrypt operation.
2060 */
2061 /* ARGSUSED */
2062 int
2063 crypto_mac_decrypt_final(crypto_context_t context, crypto_data_t *mac,
2064 crypto_data_t *pt, crypto_call_req_t *cr)
2065 {
2066 crypto_ctx_t *ctx = (crypto_ctx_t *)context, *mac_ctx;
2067 kcf_context_t *kcf_ctx, *kcf_mac_ctx;
2068 kcf_provider_desc_t *pd;
2069 int error;
2070 kcf_req_params_t params;
2071
2072 if ((ctx == NULL) ||
2073 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) ||
2074 ((pd = kcf_ctx->kc_prov_desc) == NULL)) {
2075 return (CRYPTO_INVALID_CONTEXT);
2076 }
2077
2078 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
2079
2080 if ((kcf_mac_ctx = kcf_ctx->kc_secondctx) != NULL) {
2081 crypto_call_flag_t save_flag;
2082
2083 if (kcf_mac_ctx->kc_prov_desc == NULL) {
2084 error = CRYPTO_INVALID_CONTEXT;
2085 goto out;
2086 }
2087 mac_ctx = &kcf_mac_ctx->kc_glbl_ctx;
2088
2089 /* First we collect the MAC */
2090 if (cr == NULL) {
2091
2092 error = crypto_mac_final((crypto_context_t)mac_ctx,
2093 mac, NULL);
2094
2095 if (error != CRYPTO_SUCCESS) {
2096 crypto_cancel_ctx(ctx);
2097 } else {
2098 /* Get the last chunk of plaintext */
2099 error = crypto_decrypt_final(context, pt, NULL);
2100 }
2101
2102 return (error);
2103 }
2104 /* submit a pure asynchronous request. */
2105 save_flag = cr->cr_flag;
2106 cr->cr_flag |= CRYPTO_ALWAYS_QUEUE;
2107
2108 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_FINAL,
2109 pd->pd_sid, NULL, NULL, NULL, mac, pt, NULL, NULL)
2110
2111
2112 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
2113
2114 cr->cr_flag = save_flag;
2115
2116 return (error);
2117 }
2118
2119 /* The fast path for SW providers. */
2120 if (CHECK_FASTPATH(cr, pd)) {
2121 error = KCF_PROV_MAC_DECRYPT_FINAL(pd, ctx, mac, pt, NULL);
2122 KCF_PROV_INCRSTATS(pd, error);
2123 } else {
2124 KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(&params, KCF_OP_FINAL,
2125 ctx->cc_session, NULL, NULL, NULL, mac, pt, NULL, NULL);
2126
2127 error = kcf_submit_request(pd, ctx, cr, &params, B_FALSE);
2128 }
2129 out:
2130 /* Release the hold done in kcf_new_ctx() during init step. */
2131 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx);
2132 return (error);
2133 }
2134
2135 /*
2136 * Digest/Encrypt dual operation. Project-private entry point, not part of
2137 * the k-API.
2138 */
2139 /* ARGSUSED */
2140 int
2141 crypto_digest_encrypt_update(crypto_context_t digest_ctx,
2142 crypto_context_t encrypt_ctx, crypto_data_t *plaintext,
2143 crypto_data_t *ciphertext, crypto_call_req_t *crq)
2144 {
2145 /*
2146 * RFE 4688647:
2147 * core functions needed by ioctl interface missing from impl.h
2148 */
2149 return (CRYPTO_NOT_SUPPORTED);
2150 }
2151
2152 /*
2153 * Decrypt/Digest dual operation. Project-private entry point, not part of
2154 * the k-API.
2155 */
2156 /* ARGSUSED */
2157 int
2158 crypto_decrypt_digest_update(crypto_context_t decryptctx,
2159 crypto_context_t encrypt_ctx, crypto_data_t *ciphertext,
2160 crypto_data_t *plaintext, crypto_call_req_t *crq)
2161 {
2162 /*
2163 * RFE 4688647:
2164 * core functions needed by ioctl interface missing from impl.h
2165 */
2166 return (CRYPTO_NOT_SUPPORTED);
2167 }
2168
2169 /*
2170 * Sign/Encrypt dual operation. Project-private entry point, not part of
2171 * the k-API.
2172 */
2173 /* ARGSUSED */
2174 int
2175 crypto_sign_encrypt_update(crypto_context_t sign_ctx,
2176 crypto_context_t encrypt_ctx, crypto_data_t *plaintext,
2177 crypto_data_t *ciphertext, crypto_call_req_t *crq)
2178 {
2179 /*
2180 * RFE 4688647:
2181 * core functions needed by ioctl interface missing from impl.h
2182 */
2183 return (CRYPTO_NOT_SUPPORTED);
2184 }
2185
2186 /*
2187 * Decrypt/Verify dual operation. Project-private entry point, not part of
2188 * the k-API.
2189 */
2190 /* ARGSUSED */
2191 int
2192 crypto_decrypt_verify_update(crypto_context_t decrypt_ctx,
2193 crypto_context_t verify_ctx, crypto_data_t *ciphertext,
2194 crypto_data_t *plaintext, crypto_call_req_t *crq)
2195 {
2196 /*
2197 * RFE 4688647:
2198 * core functions needed by ioctl interface missing from impl.h
2199 */
2200 return (CRYPTO_NOT_SUPPORTED);
2201 }
Unleashed OS