modes.h revision 8559:28c2be4cb4f0 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef	_COMMON_CRYPTO_MODES_H
27#define	_COMMON_CRYPTO_MODES_H
28
29#ifdef	__cplusplus
30extern "C" {
31#endif
32
33#include <sys/strsun.h>
34#include <sys/systm.h>
35#include <sys/sysmacros.h>
36#include <sys/types.h>
37#include <sys/errno.h>
38#include <sys/rwlock.h>
39#include <sys/kmem.h>
40#include <sys/crypto/common.h>
41#include <sys/crypto/impl.h>
42
43#define	ECB_MODE			0x00000002
44#define	CBC_MODE			0x00000004
45#define	CTR_MODE			0x00000008
46#define	CCM_MODE			0x00000010
47#define	GCM_MODE			0x00000020
48
49/*
50 * cc_keysched:		Pointer to key schedule.
51 *
52 * cc_keysched_len:	Length of the key schedule.
53 *
54 * cc_remainder:	This is for residual data, i.e. data that can't
55 *			be processed because there are too few bytes.
56 *			Must wait until more data arrives.
57 *
58 * cc_remainder_len:	Number of bytes in cc_remainder.
59 *
60 * cc_iv:		Scratch buffer that sometimes contains the IV.
61 *
62 * cc_lastp:		Pointer to previous block of ciphertext.
63 *
64 * cc_copy_to:		Pointer to where encrypted residual data needs
65 *			to be copied.
66 *
67 * cc_flags:		PROVIDER_OWNS_KEY_SCHEDULE
68 *			When a context is freed, it is necessary
69 *			to know whether the key schedule was allocated
70 *			by the caller, or internally, e.g. an init routine.
71 *			If allocated by the latter, then it needs to be freed.
72 *
73 *			ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE
74 */
75struct common_ctx {
76	void *cc_keysched;
77	size_t cc_keysched_len;
78	uint64_t cc_iv[2];
79	uint64_t cc_remainder[2];
80	size_t cc_remainder_len;
81	uint8_t *cc_lastp;
82	uint8_t *cc_copy_to;
83	uint32_t cc_flags;
84};
85
86typedef struct common_ctx common_ctx_t;
87
88typedef struct ecb_ctx {
89	struct common_ctx ecb_common;
90	uint64_t ecb_lastblock[2];
91} ecb_ctx_t;
92
93#define	ecb_keysched		ecb_common.cc_keysched
94#define	ecb_keysched_len	ecb_common.cc_keysched_len
95#define	ecb_iv			ecb_common.cc_iv
96#define	ecb_remainder		ecb_common.cc_remainder
97#define	ecb_remainder_len	ecb_common.cc_remainder_len
98#define	ecb_lastp		ecb_common.cc_lastp
99#define	ecb_copy_to		ecb_common.cc_copy_to
100#define	ecb_flags		ecb_common.cc_flags
101
102typedef struct cbc_ctx {
103	struct common_ctx cbc_common;
104	uint64_t cbc_lastblock[2];
105} cbc_ctx_t;
106
107#define	cbc_keysched		cbc_common.cc_keysched
108#define	cbc_keysched_len	cbc_common.cc_keysched_len
109#define	cbc_iv			cbc_common.cc_iv
110#define	cbc_remainder		cbc_common.cc_remainder
111#define	cbc_remainder_len	cbc_common.cc_remainder_len
112#define	cbc_lastp		cbc_common.cc_lastp
113#define	cbc_copy_to		cbc_common.cc_copy_to
114#define	cbc_flags		cbc_common.cc_flags
115
116/*
117 * ctr_lower_mask		Bit-mask for lower 8 bytes of counter block.
118 * ctr_upper_mask		Bit-mask for upper 8 bytes of counter block.
119 */
120typedef struct ctr_ctx {
121	struct common_ctx ctr_common;
122	uint64_t ctr_lower_mask;
123	uint64_t ctr_upper_mask;
124	uint32_t ctr_tmp[4];
125} ctr_ctx_t;
126
127/*
128 * ctr_cb			Counter block.
129 */
130#define	ctr_keysched		ctr_common.cc_keysched
131#define	ctr_keysched_len	ctr_common.cc_keysched_len
132#define	ctr_cb			ctr_common.cc_iv
133#define	ctr_remainder		ctr_common.cc_remainder
134#define	ctr_remainder_len	ctr_common.cc_remainder_len
135#define	ctr_lastp		ctr_common.cc_lastp
136#define	ctr_copy_to		ctr_common.cc_copy_to
137#define	ctr_flags		ctr_common.cc_flags
138
139/*
140 *
141 * ccm_mac_len:		Stores length of the MAC in CCM mode.
142 * ccm_mac_buf:		Stores the intermediate value for MAC in CCM encrypt.
143 *			In CCM decrypt, stores the input MAC value.
144 * ccm_data_len:	Length of the plaintext for CCM mode encrypt, or
145 *			length of the ciphertext for CCM mode decrypt.
146 * ccm_processed_data_len:
147 *			Length of processed plaintext in CCM mode encrypt,
148 *			or length of processed ciphertext for CCM mode decrypt.
149 * ccm_processed_mac_len:
150 *			Length of MAC data accumulated in CCM mode decrypt.
151 *
152 * ccm_pt_buf:		Only used in CCM mode decrypt.  It stores the
153 *			decrypted plaintext to be returned when
154 *			MAC verification succeeds in decrypt_final.
155 *			Memory for this should be allocated in the AES module.
156 *
157 */
158typedef struct ccm_ctx {
159	struct common_ctx ccm_common;
160	uint32_t ccm_tmp[4];
161	size_t ccm_mac_len;
162	uint64_t ccm_mac_buf[2];
163	size_t ccm_data_len;
164	size_t ccm_processed_data_len;
165	size_t ccm_processed_mac_len;
166	uint8_t *ccm_pt_buf;
167	uint64_t ccm_mac_input_buf[2];
168	uint64_t ccm_counter_mask;
169} ccm_ctx_t;
170
171#define	ccm_keysched		ccm_common.cc_keysched
172#define	ccm_keysched_len	ccm_common.cc_keysched_len
173#define	ccm_cb			ccm_common.cc_iv
174#define	ccm_remainder		ccm_common.cc_remainder
175#define	ccm_remainder_len	ccm_common.cc_remainder_len
176#define	ccm_lastp		ccm_common.cc_lastp
177#define	ccm_copy_to		ccm_common.cc_copy_to
178#define	ccm_flags		ccm_common.cc_flags
179
180/*
181 * gcm_tag_len:		Length of authentication tag.
182 *
183 * gcm_ghash:		Stores output from the GHASH function.
184 *
185 * gcm_processed_data_len:
186 *			Length of processed plaintext (encrypt) or
187 *			length of processed ciphertext (decrypt).
188 *
189 * gcm_pt_buf:		Stores the decrypted plaintext returned by
190 *			decrypt_final when the computed authentication
191 *			tag matches the	user supplied tag.
192 *
193 * gcm_pt_buf_len:	Length of the plaintext buffer.
194 *
195 * gcm_H:		Subkey.
196 *
197 * gcm_J0:		Pre-counter block generated from the IV.
198 *
199 * gcm_len_a_len_c:	64-bit representations of the bit lengths of
200 *			AAD and ciphertext.
201 *
202 * gcm_kmflag:		Current value of kmflag. Used only for allocating
203 *			the plaintext buffer during decryption.
204 */
205typedef struct gcm_ctx {
206	struct common_ctx gcm_common;
207	size_t gcm_tag_len;
208	size_t gcm_processed_data_len;
209	size_t gcm_pt_buf_len;
210	uint32_t gcm_tmp[4];
211	uint64_t gcm_ghash[2];
212	uint64_t gcm_H[2];
213	uint64_t gcm_J0[2];
214	uint64_t gcm_len_a_len_c[2];
215	uint8_t *gcm_pt_buf;
216	int gcm_kmflag;
217} gcm_ctx_t;
218
219#define	gcm_keysched		gcm_common.cc_keysched
220#define	gcm_keysched_len	gcm_common.cc_keysched_len
221#define	gcm_cb			gcm_common.cc_iv
222#define	gcm_remainder		gcm_common.cc_remainder
223#define	gcm_remainder_len	gcm_common.cc_remainder_len
224#define	gcm_lastp		gcm_common.cc_lastp
225#define	gcm_copy_to		gcm_common.cc_copy_to
226#define	gcm_flags		gcm_common.cc_flags
227
228typedef struct aes_ctx {
229	union {
230		ecb_ctx_t acu_ecb;
231		cbc_ctx_t acu_cbc;
232		ctr_ctx_t acu_ctr;
233#ifdef _KERNEL
234		ccm_ctx_t acu_ccm;
235		gcm_ctx_t acu_gcm;
236#endif
237	} acu;
238} aes_ctx_t;
239
240#define	ac_flags		acu.acu_ecb.ecb_common.cc_flags
241#define	ac_remainder_len	acu.acu_ecb.ecb_common.cc_remainder_len
242#define	ac_keysched		acu.acu_ecb.ecb_common.cc_keysched
243#define	ac_keysched_len		acu.acu_ecb.ecb_common.cc_keysched_len
244#define	ac_iv			acu.acu_ecb.ecb_common.cc_iv
245#define	ac_lastp		acu.acu_ecb.ecb_common.cc_lastp
246#define	ac_pt_buf		acu.acu_ccm.ccm_pt_buf
247#define	ac_mac_len		acu.acu_ccm.ccm_mac_len
248#define	ac_data_len		acu.acu_ccm.ccm_data_len
249#define	ac_processed_mac_len	acu.acu_ccm.ccm_processed_mac_len
250#define	ac_processed_data_len	acu.acu_ccm.ccm_processed_data_len
251#define	ac_tag_len		acu.acu_gcm.gcm_tag_len
252
253typedef struct blowfish_ctx {
254	union {
255		ecb_ctx_t bcu_ecb;
256		cbc_ctx_t bcu_cbc;
257	} bcu;
258} blowfish_ctx_t;
259
260#define	bc_flags		bcu.bcu_ecb.ecb_common.cc_flags
261#define	bc_remainder_len	bcu.bcu_ecb.ecb_common.cc_remainder_len
262#define	bc_keysched		bcu.bcu_ecb.ecb_common.cc_keysched
263#define	bc_keysched_len		bcu.bcu_ecb.ecb_common.cc_keysched_len
264#define	bc_iv			bcu.bcu_ecb.ecb_common.cc_iv
265#define	bc_lastp		bcu.bcu_ecb.ecb_common.cc_lastp
266
267typedef struct des_ctx {
268	union {
269		ecb_ctx_t dcu_ecb;
270		cbc_ctx_t dcu_cbc;
271	} dcu;
272} des_ctx_t;
273
274#define	dc_flags		dcu.dcu_ecb.ecb_common.cc_flags
275#define	dc_remainder_len	dcu.dcu_ecb.ecb_common.cc_remainder_len
276#define	dc_keysched		dcu.dcu_ecb.ecb_common.cc_keysched
277#define	dc_keysched_len		dcu.dcu_ecb.ecb_common.cc_keysched_len
278#define	dc_iv			dcu.dcu_ecb.ecb_common.cc_iv
279#define	dc_lastp		dcu.dcu_ecb.ecb_common.cc_lastp
280
281extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t,
282    crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *,
283    uint8_t *));
284
285extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
286    crypto_data_t *, size_t,
287    int (*encrypt)(const void *, const uint8_t *, uint8_t *),
288    void (*copy_block)(uint8_t *, uint8_t *),
289    void (*xor_block)(uint8_t *, uint8_t *));
290
291extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t,
292    crypto_data_t *, size_t,
293    int (*decrypt)(const void *, const uint8_t *, uint8_t *),
294    void (*copy_block)(uint8_t *, uint8_t *),
295    void (*xor_block)(uint8_t *, uint8_t *));
296
297extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t,
298    crypto_data_t *, size_t,
299    int (*cipher)(const void *, const uint8_t *, uint8_t *),
300    void (*xor_block)(uint8_t *, uint8_t *));
301
302extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
303    crypto_data_t *, size_t,
304    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
305    void (*copy_block)(uint8_t *, uint8_t *),
306    void (*xor_block)(uint8_t *, uint8_t *));
307
308extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
309    crypto_data_t *, size_t,
310    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
311    void (*copy_block)(uint8_t *, uint8_t *),
312    void (*xor_block)(uint8_t *, uint8_t *));
313
314extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
315    crypto_data_t *, size_t,
316    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
317    void (*copy_block)(uint8_t *, uint8_t *),
318    void (*xor_block)(uint8_t *, uint8_t *));
319
320extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
321    crypto_data_t *, size_t,
322    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
323    void (*copy_block)(uint8_t *, uint8_t *),
324    void (*xor_block)(uint8_t *, uint8_t *));
325
326int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
327    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
328    void (*xor_block)(uint8_t *, uint8_t *));
329
330int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
331    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
332    void (*copy_block)(uint8_t *, uint8_t *),
333    void (*xor_block)(uint8_t *, uint8_t *));
334
335extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
336    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
337    void (*copy_block)(uint8_t *, uint8_t *),
338    void (*xor_block)(uint8_t *, uint8_t *));
339
340extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
341    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
342    void (*xor_block)(uint8_t *, uint8_t *));
343
344extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *,
345    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
346
347extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t,
348    void (*copy_block)(uint8_t *, uint64_t *));
349
350extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *,
351    void (*copy_block)(uint8_t *, uint8_t *));
352
353extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t,
354    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
355    void (*xor_block)(uint8_t *, uint8_t *));
356
357extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t,
358    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
359    void (*copy_block)(uint8_t *, uint8_t *),
360    void (*xor_block)(uint8_t *, uint8_t *));
361
362extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *,
363    int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
364
365extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *);
366
367extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *);
368extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *,
369    uint8_t **, size_t *, uint8_t **, size_t);
370
371extern void *ecb_alloc_ctx(int);
372extern void *cbc_alloc_ctx(int);
373extern void *ctr_alloc_ctx(int);
374extern void *ccm_alloc_ctx(int);
375extern void *gcm_alloc_ctx(int);
376extern void crypto_free_mode_ctx(void *);
377extern void gcm_set_kmflag(gcm_ctx_t *, int);
378
379#ifdef	__cplusplus
380}
381#endif
382
383#endif	/* _COMMON_CRYPTO_MODES_H */
384