1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or https://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#include <sys/zfs_context.h> 27#include <modes/modes.h> 28#include <sys/crypto/common.h> 29#include <sys/crypto/impl.h> 30 31/* 32 * Initialize by setting iov_or_mp to point to the current iovec or mp, 33 * and by setting current_offset to an offset within the current iovec or mp. 34 */ 35void 36crypto_init_ptrs(crypto_data_t *out, void **iov_or_mp, offset_t *current_offset) 37{ 38 offset_t offset; 39 40 switch (out->cd_format) { 41 case CRYPTO_DATA_RAW: 42 *current_offset = out->cd_offset; 43 break; 44 45 case CRYPTO_DATA_UIO: { 46 zfs_uio_t *uiop = out->cd_uio; 47 uint_t vec_idx; 48 49 offset = out->cd_offset; 50 offset = zfs_uio_index_at_offset(uiop, offset, &vec_idx); 51 52 *current_offset = offset; 53 *iov_or_mp = (void *)(uintptr_t)vec_idx; 54 break; 55 } 56 } /* end switch */ 57} 58 59/* 60 * Get pointers for where in the output to copy a block of encrypted or 61 * decrypted data. The iov_or_mp argument stores a pointer to the current 62 * iovec or mp, and offset stores an offset into the current iovec or mp. 63 */ 64void 65crypto_get_ptrs(crypto_data_t *out, void **iov_or_mp, offset_t *current_offset, 66 uint8_t **out_data_1, size_t *out_data_1_len, uint8_t **out_data_2, 67 size_t amt) 68{ 69 offset_t offset; 70 71 switch (out->cd_format) { 72 case CRYPTO_DATA_RAW: { 73 iovec_t *iov; 74 75 offset = *current_offset; 76 iov = &out->cd_raw; 77 if ((offset + amt) <= iov->iov_len) { 78 /* one block fits */ 79 *out_data_1 = (uint8_t *)iov->iov_base + offset; 80 *out_data_1_len = amt; 81 *out_data_2 = NULL; 82 *current_offset = offset + amt; 83 } 84 break; 85 } 86 87 case CRYPTO_DATA_UIO: { 88 zfs_uio_t *uio = out->cd_uio; 89 offset_t offset; 90 uint_t vec_idx; 91 uint8_t *p; 92 uint64_t iov_len; 93 void *iov_base; 94 95 offset = *current_offset; 96 vec_idx = (uintptr_t)(*iov_or_mp); 97 zfs_uio_iov_at_index(uio, vec_idx, &iov_base, &iov_len); 98 p = (uint8_t *)iov_base + offset; 99 *out_data_1 = p; 100 101 if (offset + amt <= iov_len) { 102 /* can fit one block into this iov */ 103 *out_data_1_len = amt; 104 *out_data_2 = NULL; 105 *current_offset = offset + amt; 106 } else { 107 /* one block spans two iovecs */ 108 *out_data_1_len = iov_len - offset; 109 if (vec_idx == zfs_uio_iovcnt(uio)) { 110 *out_data_2 = NULL; 111 return; 112 } 113 vec_idx++; 114 zfs_uio_iov_at_index(uio, vec_idx, &iov_base, &iov_len); 115 *out_data_2 = (uint8_t *)iov_base; 116 *current_offset = amt - *out_data_1_len; 117 } 118 *iov_or_mp = (void *)(uintptr_t)vec_idx; 119 break; 120 } 121 } /* end switch */ 122} 123 124void 125crypto_free_mode_ctx(void *ctx) 126{ 127 common_ctx_t *common_ctx = (common_ctx_t *)ctx; 128 129 switch (common_ctx->cc_flags & 130 (ECB_MODE|CBC_MODE|CTR_MODE|CCM_MODE|GCM_MODE|GMAC_MODE)) { 131 case ECB_MODE: 132 kmem_free(common_ctx, sizeof (ecb_ctx_t)); 133 break; 134 135 case CBC_MODE: 136 kmem_free(common_ctx, sizeof (cbc_ctx_t)); 137 break; 138 139 case CTR_MODE: 140 kmem_free(common_ctx, sizeof (ctr_ctx_t)); 141 break; 142 143 case CCM_MODE: 144 if (((ccm_ctx_t *)ctx)->ccm_pt_buf != NULL) 145 vmem_free(((ccm_ctx_t *)ctx)->ccm_pt_buf, 146 ((ccm_ctx_t *)ctx)->ccm_data_len); 147 148 kmem_free(ctx, sizeof (ccm_ctx_t)); 149 break; 150 151 case GCM_MODE: 152 case GMAC_MODE: 153 gcm_clear_ctx((gcm_ctx_t *)ctx); 154 kmem_free(ctx, sizeof (gcm_ctx_t)); 155 } 156} 157 158static void * 159explicit_memset(void *s, int c, size_t n) 160{ 161 memset(s, c, n); 162 __asm__ __volatile__("" :: "r"(s) : "memory"); 163 return (s); 164} 165 166/* 167 * Clear sensitive data in the context and free allocated memory. 168 * 169 * ctx->gcm_remainder may contain a plaintext remainder. ctx->gcm_H and 170 * ctx->gcm_Htable contain the hash sub key which protects authentication. 171 * ctx->gcm_pt_buf contains the plaintext result of decryption. 172 * 173 * Although extremely unlikely, ctx->gcm_J0 and ctx->gcm_tmp could be used for 174 * a known plaintext attack, they consist of the IV and the first and last 175 * counter respectively. If they should be cleared is debatable. 176 */ 177void 178gcm_clear_ctx(gcm_ctx_t *ctx) 179{ 180 explicit_memset(ctx->gcm_remainder, 0, sizeof (ctx->gcm_remainder)); 181 explicit_memset(ctx->gcm_H, 0, sizeof (ctx->gcm_H)); 182#if defined(CAN_USE_GCM_ASM) 183 if (ctx->gcm_use_avx == B_TRUE) { 184 ASSERT3P(ctx->gcm_Htable, !=, NULL); 185 memset(ctx->gcm_Htable, 0, ctx->gcm_htab_len); 186 kmem_free(ctx->gcm_Htable, ctx->gcm_htab_len); 187 } 188#endif 189 if (ctx->gcm_pt_buf != NULL) { 190 memset(ctx->gcm_pt_buf, 0, ctx->gcm_pt_buf_len); 191 vmem_free(ctx->gcm_pt_buf, ctx->gcm_pt_buf_len); 192 } 193 /* Optional */ 194 explicit_memset(ctx->gcm_J0, 0, sizeof (ctx->gcm_J0)); 195 explicit_memset(ctx->gcm_tmp, 0, sizeof (ctx->gcm_tmp)); 196} 197