1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26/*
27 * Blowfish provider for the Kernel Cryptographic Framework (KCF)
28 */
29
30#include <sys/types.h>
31#include <sys/systm.h>
32#include <sys/modctl.h>
33#include <sys/cmn_err.h>
34#include <sys/ddi.h>
35#include <sys/crypto/common.h>
36#include <sys/crypto/spi.h>
37#include <sys/sysmacros.h>
38#include <sys/strsun.h>
39#include <sys/note.h>
40#include <modes/modes.h>
41#include <blowfish/blowfish_impl.h>
42
43extern struct mod_ops mod_cryptoops;
44
45/*
46 * Module linkage information for the kernel.
47 */
48static struct modlcrypto modlcrypto = {
49	&mod_cryptoops,
50	"Blowfish Kernel SW Provider"
51};
52
53static struct modlinkage modlinkage = {
54	MODREV_1,
55	(void *)&modlcrypto,
56	NULL
57};
58
59/*
60 * CSPI information (entry points, provider info, etc.)
61 */
62typedef enum blowfish_mech_type {
63	BLOWFISH_ECB_MECH_INFO_TYPE,		/* SUN_CKM_BLOWFISH_ECB */
64	BLOWFISH_CBC_MECH_INFO_TYPE		/* SUN_CKM_BLOWFISH_CBC */
65} blowfish_mech_type_t;
66
67
68#define	BLOWFISH_COPY_BLOCK(src, dst) \
69	(dst)[0] = (src)[0]; \
70	(dst)[1] = (src)[1]; \
71	(dst)[2] = (src)[2]; \
72	(dst)[3] = (src)[3]; \
73	(dst)[4] = (src)[4]; \
74	(dst)[5] = (src)[5]; \
75	(dst)[6] = (src)[6]; \
76	(dst)[7] = (src)[7]
77
78#define	BLOWFISH_XOR_BLOCK(src, dst) \
79	(dst)[0] ^= (src)[0]; \
80	(dst)[1] ^= (src)[1]; \
81	(dst)[2] ^= (src)[2]; \
82	(dst)[3] ^= (src)[3]; \
83	(dst)[4] ^= (src)[4]; \
84	(dst)[5] ^= (src)[5]; \
85	(dst)[6] ^= (src)[6]; \
86	(dst)[7] ^= (src)[7]
87
88/*
89 * Mechanism info structure passed to KCF during registration.
90 */
91
92static crypto_mech_info_t blowfish_mech_info_tab[] = {
93	/* BLOWFISH_ECB */
94	{SUN_CKM_BLOWFISH_ECB, BLOWFISH_ECB_MECH_INFO_TYPE,
95	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
96	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
97	    BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS},
98	/* BLOWFISH_CBC */
99	{SUN_CKM_BLOWFISH_CBC, BLOWFISH_CBC_MECH_INFO_TYPE,
100	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
101	    CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
102	    BLOWFISH_MINBITS, BLOWFISH_MAXBITS, CRYPTO_KEYSIZE_UNIT_IN_BITS}
103};
104
105#define	BLOWFISH_VALID_MECH(mech)				\
106	(((mech)->cm_type == BLOWFISH_ECB_MECH_INFO_TYPE ||		\
107	(mech)->cm_type == BLOWFISH_CBC_MECH_INFO_TYPE) ? 1 : 0)
108
109/* operations are in-place if the output buffer is NULL */
110#define	BLOWFISH_ARG_INPLACE(input, output)			\
111	if ((output) == NULL)					\
112		(output) = (input);
113
114static void blowfish_provider_status(crypto_provider_handle_t, uint_t *);
115
116static crypto_control_ops_t blowfish_control_ops = {
117	blowfish_provider_status
118};
119
120static int blowfish_common_init(crypto_ctx_t *, crypto_mechanism_t *,
121    crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
122static int blowfish_common_init_ctx(blowfish_ctx_t *,
123    crypto_spi_ctx_template_t *, crypto_mechanism_t *, crypto_key_t *, int);
124static int blowfish_encrypt_final(crypto_ctx_t *, crypto_data_t *,
125    crypto_req_handle_t);
126static int blowfish_decrypt_final(crypto_ctx_t *, crypto_data_t *,
127    crypto_req_handle_t);
128
129static int blowfish_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
130    crypto_req_handle_t);
131static int blowfish_encrypt_update(crypto_ctx_t *, crypto_data_t *,
132    crypto_data_t *, crypto_req_handle_t);
133static int blowfish_encrypt_atomic(crypto_provider_handle_t,
134    crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
135    crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
136
137static int blowfish_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
138    crypto_req_handle_t);
139static int blowfish_decrypt_update(crypto_ctx_t *, crypto_data_t *,
140    crypto_data_t *, crypto_req_handle_t);
141static int blowfish_decrypt_atomic(crypto_provider_handle_t,
142    crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
143    crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
144
145static crypto_cipher_ops_t blowfish_cipher_ops = {
146	blowfish_common_init,
147	blowfish_encrypt,
148	blowfish_encrypt_update,
149	blowfish_encrypt_final,
150	blowfish_encrypt_atomic,
151	blowfish_common_init,
152	blowfish_decrypt,
153	blowfish_decrypt_update,
154	blowfish_decrypt_final,
155	blowfish_decrypt_atomic
156};
157
158static int blowfish_create_ctx_template(crypto_provider_handle_t,
159    crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
160    size_t *, crypto_req_handle_t);
161static int blowfish_free_context(crypto_ctx_t *);
162
163static crypto_ctx_ops_t blowfish_ctx_ops = {
164	blowfish_create_ctx_template,
165	blowfish_free_context
166};
167
168static crypto_ops_t blowfish_crypto_ops = {
169	&blowfish_control_ops,
170	NULL,
171	&blowfish_cipher_ops,
172	NULL,
173	NULL,
174	NULL,
175	NULL,
176	NULL,
177	NULL,
178	NULL,
179	NULL,
180	NULL,
181	NULL,
182	&blowfish_ctx_ops
183};
184
185static crypto_provider_info_t blowfish_prov_info = {
186	CRYPTO_SPI_VERSION_1,
187	"Blowfish Software Provider",
188	CRYPTO_SW_PROVIDER,
189	{&modlinkage},
190	NULL,
191	&blowfish_crypto_ops,
192	sizeof (blowfish_mech_info_tab)/sizeof (crypto_mech_info_t),
193	blowfish_mech_info_tab
194};
195
196
197static crypto_kcf_provider_handle_t blowfish_prov_handle = NULL;
198
199int
200_init(void)
201{
202	int ret;
203
204	if ((ret = mod_install(&modlinkage)) != 0)
205		return (ret);
206
207	/* Register with KCF.  If the registration fails, remove the module. */
208	if (crypto_register_provider(&blowfish_prov_info,
209	    &blowfish_prov_handle)) {
210		(void) mod_remove(&modlinkage);
211		return (EACCES);
212	}
213
214	return (0);
215}
216
217int
218_fini(void)
219{
220	/* Unregister from KCF if module is registered */
221	if (blowfish_prov_handle != NULL) {
222		if (crypto_unregister_provider(blowfish_prov_handle))
223			return (EBUSY);
224
225		blowfish_prov_handle = NULL;
226	}
227
228	return (mod_remove(&modlinkage));
229}
230
231int
232_info(struct modinfo *modinfop)
233{
234	return (mod_info(&modlinkage, modinfop));
235}
236
237/*
238 * Initialize key schedules for blowfish
239 */
240static int
241init_keysched(crypto_key_t *key, void *keysched)
242{
243/* EXPORT DELETE START */
244	/*
245	 * Only keys by value are supported by this module.
246	 */
247	switch (key->ck_format) {
248	case CRYPTO_KEY_RAW:
249		if (key->ck_length < BLOWFISH_MINBITS ||
250		    key->ck_length > BLOWFISH_MAXBITS) {
251			return (CRYPTO_KEY_SIZE_RANGE);
252		}
253		break;
254	default:
255		return (CRYPTO_KEY_TYPE_INCONSISTENT);
256	}
257
258	blowfish_init_keysched(key->ck_data, key->ck_length, keysched);
259/* EXPORT DELETE END */
260	return (CRYPTO_SUCCESS);
261}
262
263/*
264 * KCF software provider control entry points.
265 */
266/* ARGSUSED */
267static void
268blowfish_provider_status(crypto_provider_handle_t provider, uint_t *status)
269{
270	*status = CRYPTO_PROVIDER_READY;
271}
272
273/*
274 * KCF software provider encrypt entry points.
275 */
276static int
277blowfish_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
278    crypto_key_t *key, crypto_spi_ctx_template_t template,
279    crypto_req_handle_t req)
280{
281
282/* EXPORT DELETE START */
283
284	blowfish_ctx_t *blowfish_ctx;
285	int rv;
286	int kmflag;
287
288	/*
289	 * Only keys by value are supported by this module.
290	 */
291	if (key->ck_format != CRYPTO_KEY_RAW) {
292		return (CRYPTO_KEY_TYPE_INCONSISTENT);
293	}
294
295	if (!BLOWFISH_VALID_MECH(mechanism))
296		return (CRYPTO_MECHANISM_INVALID);
297
298	if (mechanism->cm_param != NULL &&
299	    mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
300		return (CRYPTO_MECHANISM_PARAM_INVALID);
301
302	kmflag = crypto_kmflag(req);
303	switch (mechanism->cm_type) {
304	case BLOWFISH_ECB_MECH_INFO_TYPE:
305		blowfish_ctx = ecb_alloc_ctx(kmflag);
306		break;
307	case BLOWFISH_CBC_MECH_INFO_TYPE:
308		blowfish_ctx = cbc_alloc_ctx(kmflag);
309		break;
310	}
311	if (blowfish_ctx == NULL)
312		return (CRYPTO_HOST_MEMORY);
313
314	rv = blowfish_common_init_ctx(blowfish_ctx, template, mechanism,
315	    key, kmflag);
316	if (rv != CRYPTO_SUCCESS) {
317		crypto_free_mode_ctx(blowfish_ctx);
318		return (rv);
319	}
320
321	ctx->cc_provider_private = blowfish_ctx;
322
323/* EXPORT DELETE END */
324
325	return (CRYPTO_SUCCESS);
326}
327
328static void
329blowfish_copy_block64(uint8_t *in, uint64_t *out)
330{
331	if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
332		/* LINTED: pointer alignment */
333		out[0] = *(uint64_t *)&in[0];
334	} else {
335		uint8_t *iv8 = (uint8_t *)&out[0];
336
337		BLOWFISH_COPY_BLOCK(in, iv8);
338	}
339}
340
341/* ARGSUSED */
342static int
343blowfish_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
344    crypto_data_t *ciphertext, crypto_req_handle_t req)
345{
346	int ret;
347
348/* EXPORT DELETE START */
349
350	blowfish_ctx_t *blowfish_ctx;
351
352	/*
353	 * Plaintext must be a multiple of blowfish block size.
354	 * This test only works for non-padded mechanisms
355	 * when blocksize is 2^N.
356	 */
357	if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
358		return (CRYPTO_DATA_LEN_RANGE);
359
360	ASSERT(ctx->cc_provider_private != NULL);
361	blowfish_ctx = ctx->cc_provider_private;
362
363	BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
364
365	/*
366	 * We need to just return the length needed to store the output.
367	 * We should not destroy the context for the following case.
368	 */
369	if (ciphertext->cd_length < plaintext->cd_length) {
370		ciphertext->cd_length = plaintext->cd_length;
371		return (CRYPTO_BUFFER_TOO_SMALL);
372	}
373
374	/*
375	 * Do an update on the specified input data.
376	 */
377	ret = blowfish_encrypt_update(ctx, plaintext, ciphertext, req);
378	ASSERT(blowfish_ctx->bc_remainder_len  == 0);
379	(void) blowfish_free_context(ctx);
380
381/* EXPORT DELETE END */
382
383	/* LINTED */
384	return (ret);
385}
386
387/* ARGSUSED */
388static int
389blowfish_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
390    crypto_data_t *plaintext, crypto_req_handle_t req)
391{
392	int ret;
393
394/* EXPORT DELETE START */
395
396	blowfish_ctx_t *blowfish_ctx;
397
398	/*
399	 * Ciphertext must be a multiple of blowfish block size.
400	 * This test only works for non-padded mechanisms
401	 * when blocksize is 2^N.
402	 */
403	if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
404		return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
405
406	ASSERT(ctx->cc_provider_private != NULL);
407	blowfish_ctx = ctx->cc_provider_private;
408
409	BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
410
411	/*
412	 * We need to just return the length needed to store the output.
413	 * We should not destroy the context for the following case.
414	 */
415	if (plaintext->cd_length < ciphertext->cd_length) {
416		plaintext->cd_length = ciphertext->cd_length;
417		return (CRYPTO_BUFFER_TOO_SMALL);
418	}
419
420	/*
421	 * Do an update on the specified input data.
422	 */
423	ret = blowfish_decrypt_update(ctx, ciphertext, plaintext, req);
424	ASSERT(blowfish_ctx->bc_remainder_len == 0);
425	(void) blowfish_free_context(ctx);
426
427/* EXPORT DELETE END */
428
429	/* LINTED */
430	return (ret);
431}
432
433/* ARGSUSED */
434static int
435blowfish_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
436    crypto_data_t *ciphertext, crypto_req_handle_t req)
437{
438	off_t saved_offset;
439	size_t saved_length, out_len;
440	int ret = CRYPTO_SUCCESS;
441
442	ASSERT(ctx->cc_provider_private != NULL);
443
444	BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
445
446	/* compute number of bytes that will hold the ciphertext */
447	out_len =
448	    ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
449	out_len += plaintext->cd_length;
450	out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
451
452	/* return length needed to store the output */
453	if (ciphertext->cd_length < out_len) {
454		ciphertext->cd_length = out_len;
455		return (CRYPTO_BUFFER_TOO_SMALL);
456	}
457
458	saved_offset = ciphertext->cd_offset;
459	saved_length = ciphertext->cd_length;
460
461	/*
462	 * Do the blowfish update on the specified input data.
463	 */
464	switch (plaintext->cd_format) {
465	case CRYPTO_DATA_RAW:
466		ret = crypto_update_iov(ctx->cc_provider_private,
467		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
468		    blowfish_copy_block64);
469		break;
470	case CRYPTO_DATA_UIO:
471		ret = crypto_update_uio(ctx->cc_provider_private,
472		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
473		    blowfish_copy_block64);
474		break;
475	case CRYPTO_DATA_MBLK:
476		ret = crypto_update_mp(ctx->cc_provider_private,
477		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
478		    blowfish_copy_block64);
479		break;
480	default:
481		ret = CRYPTO_ARGUMENTS_BAD;
482	}
483
484	if (ret == CRYPTO_SUCCESS) {
485		if (plaintext != ciphertext)
486			ciphertext->cd_length =
487			    ciphertext->cd_offset - saved_offset;
488	} else {
489		ciphertext->cd_length = saved_length;
490	}
491	ciphertext->cd_offset = saved_offset;
492
493	return (ret);
494}
495
496/* ARGSUSED */
497static int
498blowfish_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
499    crypto_data_t *plaintext, crypto_req_handle_t req)
500{
501	off_t saved_offset;
502	size_t saved_length, out_len;
503	int ret = CRYPTO_SUCCESS;
504
505	ASSERT(ctx->cc_provider_private != NULL);
506
507	BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
508
509	/* compute number of bytes that will hold the plaintext */
510	out_len =
511	    ((blowfish_ctx_t *)ctx->cc_provider_private)->bc_remainder_len;
512	out_len += ciphertext->cd_length;
513	out_len &= ~(BLOWFISH_BLOCK_LEN - 1);
514
515	/* return length needed to store the output */
516	if (plaintext->cd_length < out_len) {
517		plaintext->cd_length = out_len;
518		return (CRYPTO_BUFFER_TOO_SMALL);
519	}
520
521	saved_offset = plaintext->cd_offset;
522	saved_length = plaintext->cd_length;
523
524	/*
525	 * Do the blowfish update on the specified input data.
526	 */
527	switch (ciphertext->cd_format) {
528	case CRYPTO_DATA_RAW:
529		ret = crypto_update_iov(ctx->cc_provider_private,
530		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
531		    blowfish_copy_block64);
532		break;
533	case CRYPTO_DATA_UIO:
534		ret = crypto_update_uio(ctx->cc_provider_private,
535		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
536		    blowfish_copy_block64);
537		break;
538	case CRYPTO_DATA_MBLK:
539		ret = crypto_update_mp(ctx->cc_provider_private,
540		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
541		    blowfish_copy_block64);
542		break;
543	default:
544		ret = CRYPTO_ARGUMENTS_BAD;
545	}
546
547	if (ret == CRYPTO_SUCCESS) {
548		if (ciphertext != plaintext)
549			plaintext->cd_length =
550			    plaintext->cd_offset - saved_offset;
551	} else {
552		plaintext->cd_length = saved_length;
553	}
554	plaintext->cd_offset = saved_offset;
555
556	return (ret);
557}
558
559/* ARGSUSED */
560static int
561blowfish_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
562    crypto_req_handle_t req)
563{
564
565/* EXPORT DELETE START */
566
567	blowfish_ctx_t *blowfish_ctx;
568
569	ASSERT(ctx->cc_provider_private != NULL);
570	blowfish_ctx = ctx->cc_provider_private;
571
572	/*
573	 * There must be no unprocessed data.
574	 * This happens if the length of the last data is
575	 * not a multiple of the BLOWFISH block length.
576	 */
577	if (blowfish_ctx->bc_remainder_len > 0)
578		return (CRYPTO_DATA_LEN_RANGE);
579
580	(void) blowfish_free_context(ctx);
581	data->cd_length = 0;
582
583/* EXPORT DELETE END */
584
585	return (CRYPTO_SUCCESS);
586}
587
588/* ARGSUSED */
589static int
590blowfish_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
591    crypto_req_handle_t req)
592{
593
594/* EXPORT DELETE START */
595
596	blowfish_ctx_t *blowfish_ctx;
597
598	ASSERT(ctx->cc_provider_private != NULL);
599	blowfish_ctx = ctx->cc_provider_private;
600
601	/*
602	 * There must be no unprocessed ciphertext.
603	 * This happens if the length of the last ciphertext is
604	 * not a multiple of the BLOWFISH block length.
605	 */
606	if (blowfish_ctx->bc_remainder_len > 0)
607		return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
608
609	(void) blowfish_free_context(ctx);
610	data->cd_length = 0;
611
612/* EXPORT DELETE END */
613
614	return (CRYPTO_SUCCESS);
615}
616
617/* ARGSUSED */
618static int
619blowfish_encrypt_atomic(crypto_provider_handle_t provider,
620    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
621    crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
622    crypto_spi_ctx_template_t template, crypto_req_handle_t req)
623{
624	blowfish_ctx_t blowfish_ctx;	/* on the stack */
625	off_t saved_offset;
626	size_t saved_length;
627	int ret;
628
629	BLOWFISH_ARG_INPLACE(plaintext, ciphertext);
630
631	/*
632	 * Plaintext must be a multiple of blowfish block size.
633	 * This test only works for non-padded mechanisms
634	 * when blocksize is 2^N.
635	 */
636	if ((plaintext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
637		return (CRYPTO_DATA_LEN_RANGE);
638
639	/* return length needed to store the output */
640	if (ciphertext->cd_length < plaintext->cd_length) {
641		ciphertext->cd_length = plaintext->cd_length;
642		return (CRYPTO_BUFFER_TOO_SMALL);
643	}
644
645	if (!BLOWFISH_VALID_MECH(mechanism))
646		return (CRYPTO_MECHANISM_INVALID);
647
648	if (mechanism->cm_param_len != 0 &&
649	    mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
650		return (CRYPTO_MECHANISM_PARAM_INVALID);
651
652	bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
653
654	ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
655	    key, crypto_kmflag(req));
656	if (ret != CRYPTO_SUCCESS)
657		return (ret);
658
659	saved_offset = ciphertext->cd_offset;
660	saved_length = ciphertext->cd_length;
661
662	/*
663	 * Do an update on the specified input data.
664	 */
665	switch (plaintext->cd_format) {
666	case CRYPTO_DATA_RAW:
667		ret = crypto_update_iov(&blowfish_ctx,
668		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
669		    blowfish_copy_block64);
670		break;
671	case CRYPTO_DATA_UIO:
672		ret = crypto_update_uio(&blowfish_ctx,
673		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
674		    blowfish_copy_block64);
675		break;
676	case CRYPTO_DATA_MBLK:
677		ret = crypto_update_mp((void *)&blowfish_ctx,
678		    plaintext, ciphertext, blowfish_encrypt_contiguous_blocks,
679		    blowfish_copy_block64);
680		break;
681	default:
682		ret = CRYPTO_ARGUMENTS_BAD;
683	}
684
685	if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
686		bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
687		kmem_free(blowfish_ctx.bc_keysched,
688		    blowfish_ctx.bc_keysched_len);
689	}
690
691	if (ret == CRYPTO_SUCCESS) {
692		ASSERT(blowfish_ctx.bc_remainder_len == 0);
693		if (plaintext != ciphertext)
694			ciphertext->cd_length =
695			    ciphertext->cd_offset - saved_offset;
696	} else {
697		ciphertext->cd_length = saved_length;
698	}
699	ciphertext->cd_offset = saved_offset;
700
701	return (ret);
702}
703
704/* ARGSUSED */
705static int
706blowfish_decrypt_atomic(crypto_provider_handle_t provider,
707    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
708    crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
709    crypto_spi_ctx_template_t template, crypto_req_handle_t req)
710{
711	blowfish_ctx_t blowfish_ctx;	/* on the stack */
712	off_t saved_offset;
713	size_t saved_length;
714	int ret;
715
716	BLOWFISH_ARG_INPLACE(ciphertext, plaintext);
717
718	/*
719	 * Ciphertext must be a multiple of blowfish block size.
720	 * This test only works for non-padded mechanisms
721	 * when blocksize is 2^N.
722	 */
723	if ((ciphertext->cd_length & (BLOWFISH_BLOCK_LEN - 1)) != 0)
724		return (CRYPTO_DATA_LEN_RANGE);
725
726	/* return length needed to store the output */
727	if (plaintext->cd_length < ciphertext->cd_length) {
728		plaintext->cd_length = ciphertext->cd_length;
729		return (CRYPTO_BUFFER_TOO_SMALL);
730	}
731
732	if (!BLOWFISH_VALID_MECH(mechanism))
733		return (CRYPTO_MECHANISM_INVALID);
734
735	if (mechanism->cm_param_len != 0 &&
736	    mechanism->cm_param_len != BLOWFISH_BLOCK_LEN)
737		return (CRYPTO_MECHANISM_PARAM_INVALID);
738
739	bzero(&blowfish_ctx, sizeof (blowfish_ctx_t));
740
741	ret = blowfish_common_init_ctx(&blowfish_ctx, template, mechanism,
742	    key, crypto_kmflag(req));
743	if (ret != CRYPTO_SUCCESS)
744		return (ret);
745
746	saved_offset = plaintext->cd_offset;
747	saved_length = plaintext->cd_length;
748
749	/*
750	 * Do an update on the specified input data.
751	 */
752	switch (ciphertext->cd_format) {
753	case CRYPTO_DATA_RAW:
754		ret = crypto_update_iov(&blowfish_ctx,
755		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
756		    blowfish_copy_block64);
757		break;
758	case CRYPTO_DATA_UIO:
759		ret = crypto_update_uio(&blowfish_ctx,
760		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
761		    blowfish_copy_block64);
762		break;
763	case CRYPTO_DATA_MBLK:
764		ret = crypto_update_mp(&blowfish_ctx,
765		    ciphertext, plaintext, blowfish_decrypt_contiguous_blocks,
766		    blowfish_copy_block64);
767		break;
768	default:
769		ret = CRYPTO_ARGUMENTS_BAD;
770	}
771
772	if (blowfish_ctx.bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
773		bzero(blowfish_ctx.bc_keysched, blowfish_ctx.bc_keysched_len);
774		kmem_free(blowfish_ctx.bc_keysched,
775		    blowfish_ctx.bc_keysched_len);
776	}
777
778	if (ret == CRYPTO_SUCCESS) {
779		ASSERT(blowfish_ctx.bc_remainder_len == 0);
780		if (ciphertext != plaintext)
781			plaintext->cd_length =
782			    plaintext->cd_offset - saved_offset;
783	} else {
784		plaintext->cd_length = saved_length;
785	}
786	plaintext->cd_offset = saved_offset;
787
788	return (ret);
789}
790
791/*
792 * KCF software provider context template entry points.
793 */
794/* ARGSUSED */
795static int
796blowfish_create_ctx_template(crypto_provider_handle_t provider,
797    crypto_mechanism_t *mechanism, crypto_key_t *key,
798    crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
799{
800
801/* EXPORT DELETE START */
802
803	void *keysched;
804	size_t size;
805	int rv;
806
807	if (!BLOWFISH_VALID_MECH(mechanism))
808		return (CRYPTO_MECHANISM_INVALID);
809
810	if ((keysched = blowfish_alloc_keysched(&size,
811	    crypto_kmflag(req))) == NULL) {
812		return (CRYPTO_HOST_MEMORY);
813	}
814
815	/*
816	 * Initialize key schedule.  Key length information is stored
817	 * in the key.
818	 */
819	if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS) {
820		bzero(keysched, size);
821		kmem_free(keysched, size);
822		return (rv);
823	}
824
825	*tmpl = keysched;
826	*tmpl_size = size;
827
828/* EXPORT DELETE END */
829
830	return (CRYPTO_SUCCESS);
831}
832
833/* ARGSUSED */
834static int
835blowfish_free_context(crypto_ctx_t *ctx)
836{
837	blowfish_ctx_t *blowfish_ctx = ctx->cc_provider_private;
838
839	if (blowfish_ctx != NULL) {
840		if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
841			ASSERT(blowfish_ctx->bc_keysched_len != 0);
842			bzero(blowfish_ctx->bc_keysched,
843			    blowfish_ctx->bc_keysched_len);
844			kmem_free(blowfish_ctx->bc_keysched,
845			    blowfish_ctx->bc_keysched_len);
846		}
847		crypto_free_mode_ctx(blowfish_ctx);
848		ctx->cc_provider_private = NULL;
849	}
850
851	return (CRYPTO_SUCCESS);
852}
853
854/* ARGSUSED */
855static int
856blowfish_common_init_ctx(blowfish_ctx_t *blowfish_ctx,
857    crypto_spi_ctx_template_t *template, crypto_mechanism_t *mechanism,
858    crypto_key_t *key, int kmflag)
859{
860	int rv = CRYPTO_SUCCESS;
861
862/* EXPORT DELETE START */
863
864	void *keysched;
865	size_t size;
866
867	if (template == NULL) {
868		if ((keysched = blowfish_alloc_keysched(&size, kmflag)) == NULL)
869			return (CRYPTO_HOST_MEMORY);
870		/*
871		 * Initialize key schedule.
872		 * Key length is stored in the key.
873		 */
874		if ((rv = init_keysched(key, keysched)) != CRYPTO_SUCCESS)
875			kmem_free(keysched, size);
876
877		blowfish_ctx->bc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
878		blowfish_ctx->bc_keysched_len = size;
879	} else {
880		keysched = template;
881	}
882	blowfish_ctx->bc_keysched = keysched;
883
884	switch (mechanism->cm_type) {
885	case BLOWFISH_CBC_MECH_INFO_TYPE:
886		rv = cbc_init_ctx((cbc_ctx_t *)blowfish_ctx,
887		    mechanism->cm_param, mechanism->cm_param_len,
888		    BLOWFISH_BLOCK_LEN, blowfish_copy_block64);
889		break;
890	case BLOWFISH_ECB_MECH_INFO_TYPE:
891		blowfish_ctx->bc_flags |= ECB_MODE;
892	}
893
894	if (rv != CRYPTO_SUCCESS) {
895		if (blowfish_ctx->bc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
896			bzero(keysched, size);
897			kmem_free(keysched, size);
898		}
899	}
900
901/* EXPORT DELETE END */
902
903	return (rv);
904}
905