modes.h revision 8559:28c2be4cb4f0
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#ifndef _COMMON_CRYPTO_MODES_H 27#define _COMMON_CRYPTO_MODES_H 28 29#ifdef __cplusplus 30extern "C" { 31#endif 32 33#include <sys/strsun.h> 34#include <sys/systm.h> 35#include <sys/sysmacros.h> 36#include <sys/types.h> 37#include <sys/errno.h> 38#include <sys/rwlock.h> 39#include <sys/kmem.h> 40#include <sys/crypto/common.h> 41#include <sys/crypto/impl.h> 42 43#define ECB_MODE 0x00000002 44#define CBC_MODE 0x00000004 45#define CTR_MODE 0x00000008 46#define CCM_MODE 0x00000010 47#define GCM_MODE 0x00000020 48 49/* 50 * cc_keysched: Pointer to key schedule. 51 * 52 * cc_keysched_len: Length of the key schedule. 53 * 54 * cc_remainder: This is for residual data, i.e. data that can't 55 * be processed because there are too few bytes. 56 * Must wait until more data arrives. 57 * 58 * cc_remainder_len: Number of bytes in cc_remainder. 59 * 60 * cc_iv: Scratch buffer that sometimes contains the IV. 61 * 62 * cc_lastp: Pointer to previous block of ciphertext. 63 * 64 * cc_copy_to: Pointer to where encrypted residual data needs 65 * to be copied. 66 * 67 * cc_flags: PROVIDER_OWNS_KEY_SCHEDULE 68 * When a context is freed, it is necessary 69 * to know whether the key schedule was allocated 70 * by the caller, or internally, e.g. an init routine. 71 * If allocated by the latter, then it needs to be freed. 72 * 73 * ECB_MODE, CBC_MODE, CTR_MODE, or CCM_MODE 74 */ 75struct common_ctx { 76 void *cc_keysched; 77 size_t cc_keysched_len; 78 uint64_t cc_iv[2]; 79 uint64_t cc_remainder[2]; 80 size_t cc_remainder_len; 81 uint8_t *cc_lastp; 82 uint8_t *cc_copy_to; 83 uint32_t cc_flags; 84}; 85 86typedef struct common_ctx common_ctx_t; 87 88typedef struct ecb_ctx { 89 struct common_ctx ecb_common; 90 uint64_t ecb_lastblock[2]; 91} ecb_ctx_t; 92 93#define ecb_keysched ecb_common.cc_keysched 94#define ecb_keysched_len ecb_common.cc_keysched_len 95#define ecb_iv ecb_common.cc_iv 96#define ecb_remainder ecb_common.cc_remainder 97#define ecb_remainder_len ecb_common.cc_remainder_len 98#define ecb_lastp ecb_common.cc_lastp 99#define ecb_copy_to ecb_common.cc_copy_to 100#define ecb_flags ecb_common.cc_flags 101 102typedef struct cbc_ctx { 103 struct common_ctx cbc_common; 104 uint64_t cbc_lastblock[2]; 105} cbc_ctx_t; 106 107#define cbc_keysched cbc_common.cc_keysched 108#define cbc_keysched_len cbc_common.cc_keysched_len 109#define cbc_iv cbc_common.cc_iv 110#define cbc_remainder cbc_common.cc_remainder 111#define cbc_remainder_len cbc_common.cc_remainder_len 112#define cbc_lastp cbc_common.cc_lastp 113#define cbc_copy_to cbc_common.cc_copy_to 114#define cbc_flags cbc_common.cc_flags 115 116/* 117 * ctr_lower_mask Bit-mask for lower 8 bytes of counter block. 118 * ctr_upper_mask Bit-mask for upper 8 bytes of counter block. 119 */ 120typedef struct ctr_ctx { 121 struct common_ctx ctr_common; 122 uint64_t ctr_lower_mask; 123 uint64_t ctr_upper_mask; 124 uint32_t ctr_tmp[4]; 125} ctr_ctx_t; 126 127/* 128 * ctr_cb Counter block. 129 */ 130#define ctr_keysched ctr_common.cc_keysched 131#define ctr_keysched_len ctr_common.cc_keysched_len 132#define ctr_cb ctr_common.cc_iv 133#define ctr_remainder ctr_common.cc_remainder 134#define ctr_remainder_len ctr_common.cc_remainder_len 135#define ctr_lastp ctr_common.cc_lastp 136#define ctr_copy_to ctr_common.cc_copy_to 137#define ctr_flags ctr_common.cc_flags 138 139/* 140 * 141 * ccm_mac_len: Stores length of the MAC in CCM mode. 142 * ccm_mac_buf: Stores the intermediate value for MAC in CCM encrypt. 143 * In CCM decrypt, stores the input MAC value. 144 * ccm_data_len: Length of the plaintext for CCM mode encrypt, or 145 * length of the ciphertext for CCM mode decrypt. 146 * ccm_processed_data_len: 147 * Length of processed plaintext in CCM mode encrypt, 148 * or length of processed ciphertext for CCM mode decrypt. 149 * ccm_processed_mac_len: 150 * Length of MAC data accumulated in CCM mode decrypt. 151 * 152 * ccm_pt_buf: Only used in CCM mode decrypt. It stores the 153 * decrypted plaintext to be returned when 154 * MAC verification succeeds in decrypt_final. 155 * Memory for this should be allocated in the AES module. 156 * 157 */ 158typedef struct ccm_ctx { 159 struct common_ctx ccm_common; 160 uint32_t ccm_tmp[4]; 161 size_t ccm_mac_len; 162 uint64_t ccm_mac_buf[2]; 163 size_t ccm_data_len; 164 size_t ccm_processed_data_len; 165 size_t ccm_processed_mac_len; 166 uint8_t *ccm_pt_buf; 167 uint64_t ccm_mac_input_buf[2]; 168 uint64_t ccm_counter_mask; 169} ccm_ctx_t; 170 171#define ccm_keysched ccm_common.cc_keysched 172#define ccm_keysched_len ccm_common.cc_keysched_len 173#define ccm_cb ccm_common.cc_iv 174#define ccm_remainder ccm_common.cc_remainder 175#define ccm_remainder_len ccm_common.cc_remainder_len 176#define ccm_lastp ccm_common.cc_lastp 177#define ccm_copy_to ccm_common.cc_copy_to 178#define ccm_flags ccm_common.cc_flags 179 180/* 181 * gcm_tag_len: Length of authentication tag. 182 * 183 * gcm_ghash: Stores output from the GHASH function. 184 * 185 * gcm_processed_data_len: 186 * Length of processed plaintext (encrypt) or 187 * length of processed ciphertext (decrypt). 188 * 189 * gcm_pt_buf: Stores the decrypted plaintext returned by 190 * decrypt_final when the computed authentication 191 * tag matches the user supplied tag. 192 * 193 * gcm_pt_buf_len: Length of the plaintext buffer. 194 * 195 * gcm_H: Subkey. 196 * 197 * gcm_J0: Pre-counter block generated from the IV. 198 * 199 * gcm_len_a_len_c: 64-bit representations of the bit lengths of 200 * AAD and ciphertext. 201 * 202 * gcm_kmflag: Current value of kmflag. Used only for allocating 203 * the plaintext buffer during decryption. 204 */ 205typedef struct gcm_ctx { 206 struct common_ctx gcm_common; 207 size_t gcm_tag_len; 208 size_t gcm_processed_data_len; 209 size_t gcm_pt_buf_len; 210 uint32_t gcm_tmp[4]; 211 uint64_t gcm_ghash[2]; 212 uint64_t gcm_H[2]; 213 uint64_t gcm_J0[2]; 214 uint64_t gcm_len_a_len_c[2]; 215 uint8_t *gcm_pt_buf; 216 int gcm_kmflag; 217} gcm_ctx_t; 218 219#define gcm_keysched gcm_common.cc_keysched 220#define gcm_keysched_len gcm_common.cc_keysched_len 221#define gcm_cb gcm_common.cc_iv 222#define gcm_remainder gcm_common.cc_remainder 223#define gcm_remainder_len gcm_common.cc_remainder_len 224#define gcm_lastp gcm_common.cc_lastp 225#define gcm_copy_to gcm_common.cc_copy_to 226#define gcm_flags gcm_common.cc_flags 227 228typedef struct aes_ctx { 229 union { 230 ecb_ctx_t acu_ecb; 231 cbc_ctx_t acu_cbc; 232 ctr_ctx_t acu_ctr; 233#ifdef _KERNEL 234 ccm_ctx_t acu_ccm; 235 gcm_ctx_t acu_gcm; 236#endif 237 } acu; 238} aes_ctx_t; 239 240#define ac_flags acu.acu_ecb.ecb_common.cc_flags 241#define ac_remainder_len acu.acu_ecb.ecb_common.cc_remainder_len 242#define ac_keysched acu.acu_ecb.ecb_common.cc_keysched 243#define ac_keysched_len acu.acu_ecb.ecb_common.cc_keysched_len 244#define ac_iv acu.acu_ecb.ecb_common.cc_iv 245#define ac_lastp acu.acu_ecb.ecb_common.cc_lastp 246#define ac_pt_buf acu.acu_ccm.ccm_pt_buf 247#define ac_mac_len acu.acu_ccm.ccm_mac_len 248#define ac_data_len acu.acu_ccm.ccm_data_len 249#define ac_processed_mac_len acu.acu_ccm.ccm_processed_mac_len 250#define ac_processed_data_len acu.acu_ccm.ccm_processed_data_len 251#define ac_tag_len acu.acu_gcm.gcm_tag_len 252 253typedef struct blowfish_ctx { 254 union { 255 ecb_ctx_t bcu_ecb; 256 cbc_ctx_t bcu_cbc; 257 } bcu; 258} blowfish_ctx_t; 259 260#define bc_flags bcu.bcu_ecb.ecb_common.cc_flags 261#define bc_remainder_len bcu.bcu_ecb.ecb_common.cc_remainder_len 262#define bc_keysched bcu.bcu_ecb.ecb_common.cc_keysched 263#define bc_keysched_len bcu.bcu_ecb.ecb_common.cc_keysched_len 264#define bc_iv bcu.bcu_ecb.ecb_common.cc_iv 265#define bc_lastp bcu.bcu_ecb.ecb_common.cc_lastp 266 267typedef struct des_ctx { 268 union { 269 ecb_ctx_t dcu_ecb; 270 cbc_ctx_t dcu_cbc; 271 } dcu; 272} des_ctx_t; 273 274#define dc_flags dcu.dcu_ecb.ecb_common.cc_flags 275#define dc_remainder_len dcu.dcu_ecb.ecb_common.cc_remainder_len 276#define dc_keysched dcu.dcu_ecb.ecb_common.cc_keysched 277#define dc_keysched_len dcu.dcu_ecb.ecb_common.cc_keysched_len 278#define dc_iv dcu.dcu_ecb.ecb_common.cc_iv 279#define dc_lastp dcu.dcu_ecb.ecb_common.cc_lastp 280 281extern int ecb_cipher_contiguous_blocks(ecb_ctx_t *, char *, size_t, 282 crypto_data_t *, size_t, int (*cipher)(const void *, const uint8_t *, 283 uint8_t *)); 284 285extern int cbc_encrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 286 crypto_data_t *, size_t, 287 int (*encrypt)(const void *, const uint8_t *, uint8_t *), 288 void (*copy_block)(uint8_t *, uint8_t *), 289 void (*xor_block)(uint8_t *, uint8_t *)); 290 291extern int cbc_decrypt_contiguous_blocks(cbc_ctx_t *, char *, size_t, 292 crypto_data_t *, size_t, 293 int (*decrypt)(const void *, const uint8_t *, uint8_t *), 294 void (*copy_block)(uint8_t *, uint8_t *), 295 void (*xor_block)(uint8_t *, uint8_t *)); 296 297extern int ctr_mode_contiguous_blocks(ctr_ctx_t *, char *, size_t, 298 crypto_data_t *, size_t, 299 int (*cipher)(const void *, const uint8_t *, uint8_t *), 300 void (*xor_block)(uint8_t *, uint8_t *)); 301 302extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 303 crypto_data_t *, size_t, 304 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 305 void (*copy_block)(uint8_t *, uint8_t *), 306 void (*xor_block)(uint8_t *, uint8_t *)); 307 308extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t, 309 crypto_data_t *, size_t, 310 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 311 void (*copy_block)(uint8_t *, uint8_t *), 312 void (*xor_block)(uint8_t *, uint8_t *)); 313 314extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t, 315 crypto_data_t *, size_t, 316 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 317 void (*copy_block)(uint8_t *, uint8_t *), 318 void (*xor_block)(uint8_t *, uint8_t *)); 319 320extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t, 321 crypto_data_t *, size_t, 322 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 323 void (*copy_block)(uint8_t *, uint8_t *), 324 void (*xor_block)(uint8_t *, uint8_t *)); 325 326int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 327 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 328 void (*xor_block)(uint8_t *, uint8_t *)); 329 330int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t, 331 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 332 void (*copy_block)(uint8_t *, uint8_t *), 333 void (*xor_block)(uint8_t *, uint8_t *)); 334 335extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t, 336 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 337 void (*copy_block)(uint8_t *, uint8_t *), 338 void (*xor_block)(uint8_t *, uint8_t *)); 339 340extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t, 341 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 342 void (*xor_block)(uint8_t *, uint8_t *)); 343 344extern int ctr_mode_final(ctr_ctx_t *, crypto_data_t *, 345 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 346 347extern int cbc_init_ctx(cbc_ctx_t *, char *, size_t, size_t, 348 void (*copy_block)(uint8_t *, uint64_t *)); 349 350extern int ctr_init_ctx(ctr_ctx_t *, ulong_t, uint8_t *, 351 void (*copy_block)(uint8_t *, uint8_t *)); 352 353extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t, 354 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 355 void (*xor_block)(uint8_t *, uint8_t *)); 356 357extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t, 358 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *), 359 void (*copy_block)(uint8_t *, uint8_t *), 360 void (*xor_block)(uint8_t *, uint8_t *)); 361 362extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *, 363 int (*encrypt_block)(const void *, const uint8_t *, uint8_t *)); 364 365extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *); 366 367extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *); 368extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *, 369 uint8_t **, size_t *, uint8_t **, size_t); 370 371extern void *ecb_alloc_ctx(int); 372extern void *cbc_alloc_ctx(int); 373extern void *ctr_alloc_ctx(int); 374extern void *ccm_alloc_ctx(int); 375extern void *gcm_alloc_ctx(int); 376extern void crypto_free_mode_ctx(void *); 377extern void gcm_set_kmflag(gcm_ctx_t *, int); 378 379#ifdef __cplusplus 380} 381#endif 382 383#endif /* _COMMON_CRYPTO_MODES_H */ 384