]>
Commit | Line | Data |
---|---|---|
3c67d83a TH |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://opensource.org/licenses/CDDL-1.0. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | ||
22 | /* | |
23 | * Copyright 2013 Saso Kiselkov. All rights reserved. | |
24 | */ | |
25 | ||
3c67d83a | 26 | #include <sys/crypto/common.h> |
60356b1a | 27 | #include <sys/crypto/icp.h> |
3c67d83a TH |
28 | #include <sys/crypto/spi.h> |
29 | #include <sys/sysmacros.h> | |
3c67d83a TH |
30 | #define SKEIN_MODULE_IMPL |
31 | #include <sys/skein.h> | |
32 | ||
18168da7 | 33 | static const crypto_mech_info_t skein_mech_info_tab[] = { |
3c67d83a TH |
34 | {CKM_SKEIN_256, SKEIN_256_MECH_INFO_TYPE, |
35 | CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, | |
36 | 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, | |
37 | {CKM_SKEIN_256_MAC, SKEIN_256_MAC_MECH_INFO_TYPE, | |
38 | CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX, | |
39 | CRYPTO_KEYSIZE_UNIT_IN_BYTES}, | |
40 | {CKM_SKEIN_512, SKEIN_512_MECH_INFO_TYPE, | |
41 | CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, | |
42 | 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, | |
43 | {CKM_SKEIN_512_MAC, SKEIN_512_MAC_MECH_INFO_TYPE, | |
44 | CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX, | |
45 | CRYPTO_KEYSIZE_UNIT_IN_BYTES}, | |
46 | {CKM_SKEIN1024, SKEIN1024_MECH_INFO_TYPE, | |
47 | CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, | |
48 | 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS}, | |
49 | {CKM_SKEIN1024_MAC, SKEIN1024_MAC_MECH_INFO_TYPE, | |
50 | CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX, | |
51 | CRYPTO_KEYSIZE_UNIT_IN_BYTES} | |
52 | }; | |
53 | ||
54 | static void skein_provider_status(crypto_provider_handle_t, uint_t *); | |
55 | ||
18168da7 | 56 | static const crypto_control_ops_t skein_control_ops = { |
3c67d83a TH |
57 | skein_provider_status |
58 | }; | |
59 | ||
60 | static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *, | |
61 | crypto_req_handle_t); | |
62 | static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *, | |
63 | crypto_req_handle_t); | |
64 | static int skein_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); | |
65 | static int skein_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t); | |
66 | static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t, | |
67 | crypto_mechanism_t *, crypto_data_t *, crypto_data_t *, | |
68 | crypto_req_handle_t); | |
69 | ||
18168da7 | 70 | static const crypto_digest_ops_t skein_digest_ops = { |
56d8d8ac MW |
71 | .digest_init = skein_digest_init, |
72 | .digest = skein_digest, | |
73 | .digest_update = skein_update, | |
74 | .digest_key = NULL, | |
75 | .digest_final = skein_final, | |
76 | .digest_atomic = skein_digest_atomic | |
3c67d83a TH |
77 | }; |
78 | ||
79 | static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, | |
80 | crypto_spi_ctx_template_t, crypto_req_handle_t); | |
81 | static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t, | |
82 | crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, | |
83 | crypto_spi_ctx_template_t, crypto_req_handle_t); | |
84 | ||
18168da7 | 85 | static const crypto_mac_ops_t skein_mac_ops = { |
56d8d8ac MW |
86 | .mac_init = skein_mac_init, |
87 | .mac = NULL, | |
88 | .mac_update = skein_update, /* using regular digest update is OK here */ | |
89 | .mac_final = skein_final, /* using regular digest final is OK here */ | |
90 | .mac_atomic = skein_mac_atomic, | |
91 | .mac_verify_atomic = NULL | |
3c67d83a TH |
92 | }; |
93 | ||
94 | static int skein_create_ctx_template(crypto_provider_handle_t, | |
95 | crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, | |
96 | size_t *, crypto_req_handle_t); | |
97 | static int skein_free_context(crypto_ctx_t *); | |
98 | ||
18168da7 | 99 | static const crypto_ctx_ops_t skein_ctx_ops = { |
56d8d8ac MW |
100 | .create_ctx_template = skein_create_ctx_template, |
101 | .free_context = skein_free_context | |
3c67d83a TH |
102 | }; |
103 | ||
18168da7 | 104 | static const crypto_ops_t skein_crypto_ops = {{{{{ |
3c67d83a TH |
105 | &skein_control_ops, |
106 | &skein_digest_ops, | |
107 | NULL, | |
108 | &skein_mac_ops, | |
109 | NULL, | |
110 | NULL, | |
111 | NULL, | |
112 | NULL, | |
113 | NULL, | |
114 | NULL, | |
115 | NULL, | |
116 | NULL, | |
117 | NULL, | |
118 | &skein_ctx_ops, | |
119 | }}}}}; | |
120 | ||
18168da7 | 121 | static const crypto_provider_info_t skein_prov_info = {{{{ |
3c67d83a TH |
122 | CRYPTO_SPI_VERSION_1, |
123 | "Skein Software Provider", | |
124 | CRYPTO_SW_PROVIDER, | |
125 | NULL, | |
126 | &skein_crypto_ops, | |
127 | sizeof (skein_mech_info_tab) / sizeof (crypto_mech_info_t), | |
128 | skein_mech_info_tab | |
129 | }}}}; | |
130 | ||
131 | static crypto_kcf_provider_handle_t skein_prov_handle = 0; | |
132 | ||
133 | typedef struct skein_ctx { | |
134 | skein_mech_type_t sc_mech_type; | |
135 | size_t sc_digest_bitlen; | |
136 | /*LINTED(E_ANONYMOUS_UNION_DECL)*/ | |
137 | union { | |
138 | Skein_256_Ctxt_t sc_256; | |
139 | Skein_512_Ctxt_t sc_512; | |
140 | Skein1024_Ctxt_t sc_1024; | |
141 | }; | |
142 | } skein_ctx_t; | |
143 | #define SKEIN_CTX(_ctx_) ((skein_ctx_t *)((_ctx_)->cc_provider_private)) | |
144 | #define SKEIN_CTX_LVALUE(_ctx_) (_ctx_)->cc_provider_private | |
145 | #define SKEIN_OP(_skein_ctx, _op, ...) \ | |
146 | do { \ | |
147 | skein_ctx_t *sc = (_skein_ctx); \ | |
148 | switch (sc->sc_mech_type) { \ | |
149 | case SKEIN_256_MECH_INFO_TYPE: \ | |
150 | case SKEIN_256_MAC_MECH_INFO_TYPE: \ | |
151 | (void) Skein_256_ ## _op(&sc->sc_256, __VA_ARGS__);\ | |
152 | break; \ | |
153 | case SKEIN_512_MECH_INFO_TYPE: \ | |
154 | case SKEIN_512_MAC_MECH_INFO_TYPE: \ | |
155 | (void) Skein_512_ ## _op(&sc->sc_512, __VA_ARGS__);\ | |
156 | break; \ | |
157 | case SKEIN1024_MECH_INFO_TYPE: \ | |
158 | case SKEIN1024_MAC_MECH_INFO_TYPE: \ | |
159 | (void) Skein1024_ ## _op(&sc->sc_1024, __VA_ARGS__);\ | |
160 | break; \ | |
161 | } \ | |
3c67d83a TH |
162 | } while (0) |
163 | ||
164 | static int | |
165 | skein_get_digest_bitlen(const crypto_mechanism_t *mechanism, size_t *result) | |
166 | { | |
167 | if (mechanism->cm_param != NULL) { | |
168 | /*LINTED(E_BAD_PTR_CAST_ALIGN)*/ | |
169 | skein_param_t *param = (skein_param_t *)mechanism->cm_param; | |
170 | ||
171 | if (mechanism->cm_param_len != sizeof (*param) || | |
172 | param->sp_digest_bitlen == 0) { | |
173 | return (CRYPTO_MECHANISM_PARAM_INVALID); | |
174 | } | |
175 | *result = param->sp_digest_bitlen; | |
176 | } else { | |
177 | switch (mechanism->cm_type) { | |
178 | case SKEIN_256_MECH_INFO_TYPE: | |
179 | *result = 256; | |
180 | break; | |
181 | case SKEIN_512_MECH_INFO_TYPE: | |
182 | *result = 512; | |
183 | break; | |
184 | case SKEIN1024_MECH_INFO_TYPE: | |
185 | *result = 1024; | |
186 | break; | |
187 | default: | |
188 | return (CRYPTO_MECHANISM_INVALID); | |
189 | } | |
190 | } | |
191 | return (CRYPTO_SUCCESS); | |
192 | } | |
193 | ||
194 | int | |
195 | skein_mod_init(void) | |
196 | { | |
3c67d83a TH |
197 | /* |
198 | * Try to register with KCF - failure shouldn't unload us, since we | |
199 | * still may want to continue providing misc/skein functionality. | |
200 | */ | |
201 | (void) crypto_register_provider(&skein_prov_info, &skein_prov_handle); | |
202 | ||
203 | return (0); | |
204 | } | |
205 | ||
206 | int | |
4ea3f864 GM |
207 | skein_mod_fini(void) |
208 | { | |
5c8389a8 | 209 | int ret = 0; |
ef78750d TC |
210 | |
211 | if (skein_prov_handle != 0) { | |
212 | if ((ret = crypto_unregister_provider(skein_prov_handle)) != | |
213 | CRYPTO_SUCCESS) { | |
214 | cmn_err(CE_WARN, | |
215 | "skein _fini: crypto_unregister_provider() " | |
216 | "failed (0x%x)", ret); | |
217 | return (EBUSY); | |
218 | } | |
219 | skein_prov_handle = 0; | |
220 | } | |
221 | ||
5c8389a8 | 222 | return (0); |
3c67d83a TH |
223 | } |
224 | ||
225 | /* | |
226 | * KCF software provider control entry points. | |
227 | */ | |
3c67d83a TH |
228 | static void |
229 | skein_provider_status(crypto_provider_handle_t provider, uint_t *status) | |
230 | { | |
18e4f679 | 231 | (void) provider; |
3c67d83a TH |
232 | *status = CRYPTO_PROVIDER_READY; |
233 | } | |
234 | ||
235 | /* | |
236 | * General Skein hashing helper functions. | |
237 | */ | |
238 | ||
239 | /* | |
240 | * Performs an Update on a context with uio input data. | |
241 | */ | |
242 | static int | |
243 | skein_digest_update_uio(skein_ctx_t *ctx, const crypto_data_t *data) | |
244 | { | |
245 | off_t offset = data->cd_offset; | |
246 | size_t length = data->cd_length; | |
59f6594c | 247 | uint_t vec_idx = 0; |
3c67d83a | 248 | size_t cur_len; |
d0cd9a5c | 249 | zfs_uio_t *uio = data->cd_uio; |
3c67d83a TH |
250 | |
251 | /* we support only kernel buffer */ | |
d0cd9a5c | 252 | if (zfs_uio_segflg(uio) != UIO_SYSSPACE) |
3c67d83a TH |
253 | return (CRYPTO_ARGUMENTS_BAD); |
254 | ||
255 | /* | |
256 | * Jump to the first iovec containing data to be | |
257 | * digested. | |
258 | */ | |
d0cd9a5c BA |
259 | offset = zfs_uio_index_at_offset(uio, offset, &vec_idx); |
260 | if (vec_idx == zfs_uio_iovcnt(uio)) { | |
3c67d83a TH |
261 | /* |
262 | * The caller specified an offset that is larger than the | |
263 | * total size of the buffers it provided. | |
264 | */ | |
265 | return (CRYPTO_DATA_LEN_RANGE); | |
266 | } | |
267 | ||
268 | /* | |
269 | * Now do the digesting on the iovecs. | |
270 | */ | |
d0cd9a5c BA |
271 | while (vec_idx < zfs_uio_iovcnt(uio) && length > 0) { |
272 | cur_len = MIN(zfs_uio_iovlen(uio, vec_idx) - offset, length); | |
273 | SKEIN_OP(ctx, Update, (uint8_t *)zfs_uio_iovbase(uio, vec_idx) | |
3c67d83a TH |
274 | + offset, cur_len); |
275 | length -= cur_len; | |
276 | vec_idx++; | |
277 | offset = 0; | |
278 | } | |
279 | ||
d0cd9a5c | 280 | if (vec_idx == zfs_uio_iovcnt(uio) && length > 0) { |
3c67d83a TH |
281 | /* |
282 | * The end of the specified iovec's was reached but | |
283 | * the length requested could not be processed, i.e. | |
284 | * The caller requested to digest more data than it provided. | |
285 | */ | |
286 | return (CRYPTO_DATA_LEN_RANGE); | |
287 | } | |
288 | ||
289 | return (CRYPTO_SUCCESS); | |
290 | } | |
291 | ||
292 | /* | |
293 | * Performs a Final on a context and writes to a uio digest output. | |
294 | */ | |
295 | static int | |
296 | skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest, | |
297 | crypto_req_handle_t req) | |
298 | { | |
d0cd9a5c BA |
299 | off_t offset = digest->cd_offset; |
300 | uint_t vec_idx = 0; | |
301 | zfs_uio_t *uio = digest->cd_uio; | |
3c67d83a TH |
302 | |
303 | /* we support only kernel buffer */ | |
d0cd9a5c | 304 | if (zfs_uio_segflg(uio) != UIO_SYSSPACE) |
3c67d83a TH |
305 | return (CRYPTO_ARGUMENTS_BAD); |
306 | ||
307 | /* | |
308 | * Jump to the first iovec containing ptr to the digest to be returned. | |
309 | */ | |
d0cd9a5c BA |
310 | offset = zfs_uio_index_at_offset(uio, offset, &vec_idx); |
311 | if (vec_idx == zfs_uio_iovcnt(uio)) { | |
3c67d83a TH |
312 | /* |
313 | * The caller specified an offset that is larger than the | |
314 | * total size of the buffers it provided. | |
315 | */ | |
316 | return (CRYPTO_DATA_LEN_RANGE); | |
317 | } | |
318 | if (offset + CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen) <= | |
d0cd9a5c | 319 | zfs_uio_iovlen(uio, vec_idx)) { |
3c67d83a TH |
320 | /* The computed digest will fit in the current iovec. */ |
321 | SKEIN_OP(ctx, Final, | |
d0cd9a5c | 322 | (uchar_t *)zfs_uio_iovbase(uio, vec_idx) + offset); |
3c67d83a TH |
323 | } else { |
324 | uint8_t *digest_tmp; | |
325 | off_t scratch_offset = 0; | |
326 | size_t length = CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen); | |
327 | size_t cur_len; | |
328 | ||
329 | digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES( | |
330 | ctx->sc_digest_bitlen), crypto_kmflag(req)); | |
331 | if (digest_tmp == NULL) | |
332 | return (CRYPTO_HOST_MEMORY); | |
333 | SKEIN_OP(ctx, Final, digest_tmp); | |
d0cd9a5c BA |
334 | while (vec_idx < zfs_uio_iovcnt(uio) && length > 0) { |
335 | cur_len = MIN(zfs_uio_iovlen(uio, vec_idx) - offset, | |
3c67d83a TH |
336 | length); |
337 | bcopy(digest_tmp + scratch_offset, | |
d0cd9a5c | 338 | zfs_uio_iovbase(uio, vec_idx) + offset, cur_len); |
3c67d83a TH |
339 | |
340 | length -= cur_len; | |
341 | vec_idx++; | |
342 | scratch_offset += cur_len; | |
343 | offset = 0; | |
344 | } | |
345 | kmem_free(digest_tmp, CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen)); | |
346 | ||
d0cd9a5c | 347 | if (vec_idx == zfs_uio_iovcnt(uio) && length > 0) { |
3c67d83a TH |
348 | /* |
349 | * The end of the specified iovec's was reached but | |
350 | * the length requested could not be processed, i.e. | |
351 | * The caller requested to digest more data than it | |
352 | * provided. | |
353 | */ | |
354 | return (CRYPTO_DATA_LEN_RANGE); | |
355 | } | |
356 | } | |
357 | ||
358 | return (CRYPTO_SUCCESS); | |
359 | } | |
360 | ||
361 | /* | |
362 | * KCF software provider digest entry points. | |
363 | */ | |
364 | ||
365 | /* | |
366 | * Initializes a skein digest context to the configuration in `mechanism'. | |
367 | * The mechanism cm_type must be one of SKEIN_*_MECH_INFO_TYPE. The cm_param | |
368 | * field may contain a skein_param_t structure indicating the length of the | |
369 | * digest the algorithm should produce. Otherwise the default output lengths | |
370 | * are applied (32 bytes for Skein-256, 64 bytes for Skein-512 and 128 bytes | |
371 | * for Skein-1024). | |
372 | */ | |
373 | static int | |
374 | skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, | |
375 | crypto_req_handle_t req) | |
376 | { | |
377 | int error = CRYPTO_SUCCESS; | |
378 | ||
379 | if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type)) | |
380 | return (CRYPTO_MECHANISM_INVALID); | |
381 | ||
382 | SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), | |
383 | crypto_kmflag(req)); | |
384 | if (SKEIN_CTX(ctx) == NULL) | |
385 | return (CRYPTO_HOST_MEMORY); | |
386 | ||
387 | SKEIN_CTX(ctx)->sc_mech_type = mechanism->cm_type; | |
388 | error = skein_get_digest_bitlen(mechanism, | |
389 | &SKEIN_CTX(ctx)->sc_digest_bitlen); | |
390 | if (error != CRYPTO_SUCCESS) | |
391 | goto errout; | |
392 | SKEIN_OP(SKEIN_CTX(ctx), Init, SKEIN_CTX(ctx)->sc_digest_bitlen); | |
393 | ||
394 | return (CRYPTO_SUCCESS); | |
395 | errout: | |
396 | bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
397 | kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
398 | SKEIN_CTX_LVALUE(ctx) = NULL; | |
399 | return (error); | |
400 | } | |
401 | ||
402 | /* | |
403 | * Executes a skein_update and skein_digest on a pre-initialized crypto | |
404 | * context in a single step. See the documentation to these functions to | |
405 | * see what to pass here. | |
406 | */ | |
407 | static int | |
408 | skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest, | |
409 | crypto_req_handle_t req) | |
410 | { | |
411 | int error = CRYPTO_SUCCESS; | |
412 | ||
413 | ASSERT(SKEIN_CTX(ctx) != NULL); | |
414 | ||
415 | if (digest->cd_length < | |
416 | CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) { | |
417 | digest->cd_length = | |
418 | CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen); | |
419 | return (CRYPTO_BUFFER_TOO_SMALL); | |
420 | } | |
421 | ||
422 | error = skein_update(ctx, data, req); | |
423 | if (error != CRYPTO_SUCCESS) { | |
424 | bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
425 | kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
426 | SKEIN_CTX_LVALUE(ctx) = NULL; | |
427 | digest->cd_length = 0; | |
428 | return (error); | |
429 | } | |
430 | error = skein_final(ctx, digest, req); | |
431 | ||
432 | return (error); | |
433 | } | |
434 | ||
435 | /* | |
436 | * Performs a skein Update with the input message in `data' (successive calls | |
437 | * can push more data). This is used both for digest and MAC operation. | |
438 | * Supported input data formats are raw, uio and mblk. | |
439 | */ | |
3c67d83a TH |
440 | static int |
441 | skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req) | |
442 | { | |
18e4f679 | 443 | (void) req; |
3c67d83a TH |
444 | int error = CRYPTO_SUCCESS; |
445 | ||
446 | ASSERT(SKEIN_CTX(ctx) != NULL); | |
447 | ||
448 | switch (data->cd_format) { | |
449 | case CRYPTO_DATA_RAW: | |
450 | SKEIN_OP(SKEIN_CTX(ctx), Update, | |
451 | (uint8_t *)data->cd_raw.iov_base + data->cd_offset, | |
452 | data->cd_length); | |
453 | break; | |
454 | case CRYPTO_DATA_UIO: | |
455 | error = skein_digest_update_uio(SKEIN_CTX(ctx), data); | |
456 | break; | |
457 | default: | |
458 | error = CRYPTO_ARGUMENTS_BAD; | |
459 | } | |
460 | ||
461 | return (error); | |
462 | } | |
463 | ||
464 | /* | |
465 | * Performs a skein Final, writing the output to `digest'. This is used both | |
466 | * for digest and MAC operation. | |
467 | * Supported output digest formats are raw, uio and mblk. | |
468 | */ | |
3c67d83a TH |
469 | static int |
470 | skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req) | |
471 | { | |
472 | int error = CRYPTO_SUCCESS; | |
473 | ||
474 | ASSERT(SKEIN_CTX(ctx) != NULL); | |
475 | ||
476 | if (digest->cd_length < | |
477 | CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) { | |
478 | digest->cd_length = | |
479 | CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen); | |
480 | return (CRYPTO_BUFFER_TOO_SMALL); | |
481 | } | |
482 | ||
483 | switch (digest->cd_format) { | |
484 | case CRYPTO_DATA_RAW: | |
485 | SKEIN_OP(SKEIN_CTX(ctx), Final, | |
486 | (uint8_t *)digest->cd_raw.iov_base + digest->cd_offset); | |
487 | break; | |
488 | case CRYPTO_DATA_UIO: | |
489 | error = skein_digest_final_uio(SKEIN_CTX(ctx), digest, req); | |
490 | break; | |
491 | default: | |
492 | error = CRYPTO_ARGUMENTS_BAD; | |
493 | } | |
494 | ||
495 | if (error == CRYPTO_SUCCESS) | |
496 | digest->cd_length = | |
497 | CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen); | |
498 | else | |
499 | digest->cd_length = 0; | |
500 | ||
501 | bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
502 | kmem_free(SKEIN_CTX(ctx), sizeof (*(SKEIN_CTX(ctx)))); | |
503 | SKEIN_CTX_LVALUE(ctx) = NULL; | |
504 | ||
505 | return (error); | |
506 | } | |
507 | ||
508 | /* | |
509 | * Performs a full skein digest computation in a single call, configuring the | |
510 | * algorithm according to `mechanism', reading the input to be digested from | |
511 | * `data' and writing the output to `digest'. | |
512 | * Supported input/output formats are raw, uio and mblk. | |
513 | */ | |
3c67d83a TH |
514 | static int |
515 | skein_digest_atomic(crypto_provider_handle_t provider, | |
516 | crypto_session_id_t session_id, crypto_mechanism_t *mechanism, | |
517 | crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req) | |
518 | { | |
18e4f679 AZ |
519 | (void) provider, (void) session_id, (void) req; |
520 | int error; | |
521 | skein_ctx_t skein_ctx; | |
522 | crypto_ctx_t ctx; | |
3c67d83a TH |
523 | SKEIN_CTX_LVALUE(&ctx) = &skein_ctx; |
524 | ||
525 | /* Init */ | |
526 | if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type)) | |
527 | return (CRYPTO_MECHANISM_INVALID); | |
528 | skein_ctx.sc_mech_type = mechanism->cm_type; | |
529 | error = skein_get_digest_bitlen(mechanism, &skein_ctx.sc_digest_bitlen); | |
530 | if (error != CRYPTO_SUCCESS) | |
531 | goto out; | |
532 | SKEIN_OP(&skein_ctx, Init, skein_ctx.sc_digest_bitlen); | |
533 | ||
534 | if ((error = skein_update(&ctx, data, digest)) != CRYPTO_SUCCESS) | |
535 | goto out; | |
536 | if ((error = skein_final(&ctx, data, digest)) != CRYPTO_SUCCESS) | |
537 | goto out; | |
538 | ||
539 | out: | |
540 | if (error == CRYPTO_SUCCESS) | |
541 | digest->cd_length = | |
542 | CRYPTO_BITS2BYTES(skein_ctx.sc_digest_bitlen); | |
543 | else | |
544 | digest->cd_length = 0; | |
545 | bzero(&skein_ctx, sizeof (skein_ctx)); | |
546 | ||
547 | return (error); | |
548 | } | |
549 | ||
550 | /* | |
551 | * Helper function that builds a Skein MAC context from the provided | |
552 | * mechanism and key. | |
553 | */ | |
554 | static int | |
555 | skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism, | |
556 | crypto_key_t *key) | |
557 | { | |
558 | int error; | |
559 | ||
560 | if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type)) | |
561 | return (CRYPTO_MECHANISM_INVALID); | |
562 | if (key->ck_format != CRYPTO_KEY_RAW) | |
563 | return (CRYPTO_ARGUMENTS_BAD); | |
564 | ctx->sc_mech_type = mechanism->cm_type; | |
565 | error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen); | |
566 | if (error != CRYPTO_SUCCESS) | |
567 | return (error); | |
568 | SKEIN_OP(ctx, InitExt, ctx->sc_digest_bitlen, 0, key->ck_data, | |
569 | CRYPTO_BITS2BYTES(key->ck_length)); | |
570 | ||
571 | return (CRYPTO_SUCCESS); | |
572 | } | |
573 | ||
574 | /* | |
575 | * KCF software provide mac entry points. | |
576 | */ | |
577 | /* | |
578 | * Initializes a skein MAC context. You may pass a ctx_template, in which | |
579 | * case the template will be reused to make initialization more efficient. | |
580 | * Otherwise a new context will be constructed. The mechanism cm_type must | |
581 | * be one of SKEIN_*_MAC_MECH_INFO_TYPE. Same as in skein_digest_init, you | |
582 | * may pass a skein_param_t in cm_param to configure the length of the | |
583 | * digest. The key must be in raw format. | |
584 | */ | |
585 | static int | |
586 | skein_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism, | |
587 | crypto_key_t *key, crypto_spi_ctx_template_t ctx_template, | |
588 | crypto_req_handle_t req) | |
589 | { | |
590 | int error; | |
591 | ||
592 | SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), | |
593 | crypto_kmflag(req)); | |
594 | if (SKEIN_CTX(ctx) == NULL) | |
595 | return (CRYPTO_HOST_MEMORY); | |
596 | ||
597 | if (ctx_template != NULL) { | |
598 | bcopy(ctx_template, SKEIN_CTX(ctx), | |
599 | sizeof (*SKEIN_CTX(ctx))); | |
600 | } else { | |
601 | error = skein_mac_ctx_build(SKEIN_CTX(ctx), mechanism, key); | |
602 | if (error != CRYPTO_SUCCESS) | |
603 | goto errout; | |
604 | } | |
605 | ||
606 | return (CRYPTO_SUCCESS); | |
607 | errout: | |
608 | bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
609 | kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
610 | return (error); | |
611 | } | |
612 | ||
613 | /* | |
614 | * The MAC update and final calls are reused from the regular digest code. | |
615 | */ | |
616 | ||
3c67d83a TH |
617 | /* |
618 | * Same as skein_digest_atomic, performs an atomic Skein MAC operation in | |
619 | * one step. All the same properties apply to the arguments of this | |
620 | * function as to those of the partial operations above. | |
621 | */ | |
622 | static int | |
623 | skein_mac_atomic(crypto_provider_handle_t provider, | |
624 | crypto_session_id_t session_id, crypto_mechanism_t *mechanism, | |
625 | crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, | |
626 | crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req) | |
627 | { | |
628 | /* faux crypto context just for skein_digest_{update,final} */ | |
18e4f679 AZ |
629 | (void) provider, (void) session_id; |
630 | int error; | |
631 | crypto_ctx_t ctx; | |
632 | skein_ctx_t skein_ctx; | |
3c67d83a TH |
633 | SKEIN_CTX_LVALUE(&ctx) = &skein_ctx; |
634 | ||
635 | if (ctx_template != NULL) { | |
636 | bcopy(ctx_template, &skein_ctx, sizeof (skein_ctx)); | |
637 | } else { | |
638 | error = skein_mac_ctx_build(&skein_ctx, mechanism, key); | |
639 | if (error != CRYPTO_SUCCESS) | |
640 | goto errout; | |
641 | } | |
642 | ||
643 | if ((error = skein_update(&ctx, data, req)) != CRYPTO_SUCCESS) | |
644 | goto errout; | |
645 | if ((error = skein_final(&ctx, mac, req)) != CRYPTO_SUCCESS) | |
646 | goto errout; | |
647 | ||
648 | return (CRYPTO_SUCCESS); | |
649 | errout: | |
650 | bzero(&skein_ctx, sizeof (skein_ctx)); | |
651 | return (error); | |
652 | } | |
653 | ||
654 | /* | |
655 | * KCF software provider context management entry points. | |
656 | */ | |
657 | ||
658 | /* | |
659 | * Constructs a context template for the Skein MAC algorithm. The same | |
660 | * properties apply to the arguments of this function as to those of | |
661 | * skein_mac_init. | |
662 | */ | |
3c67d83a TH |
663 | static int |
664 | skein_create_ctx_template(crypto_provider_handle_t provider, | |
665 | crypto_mechanism_t *mechanism, crypto_key_t *key, | |
666 | crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size, | |
667 | crypto_req_handle_t req) | |
668 | { | |
18e4f679 AZ |
669 | (void) provider; |
670 | int error; | |
671 | skein_ctx_t *ctx_tmpl; | |
3c67d83a TH |
672 | |
673 | ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), crypto_kmflag(req)); | |
674 | if (ctx_tmpl == NULL) | |
675 | return (CRYPTO_HOST_MEMORY); | |
676 | error = skein_mac_ctx_build(ctx_tmpl, mechanism, key); | |
677 | if (error != CRYPTO_SUCCESS) | |
678 | goto errout; | |
679 | *ctx_template = ctx_tmpl; | |
680 | *ctx_template_size = sizeof (*ctx_tmpl); | |
681 | ||
682 | return (CRYPTO_SUCCESS); | |
683 | errout: | |
684 | bzero(ctx_tmpl, sizeof (*ctx_tmpl)); | |
685 | kmem_free(ctx_tmpl, sizeof (*ctx_tmpl)); | |
686 | return (error); | |
687 | } | |
688 | ||
689 | /* | |
690 | * Frees a skein context in a parent crypto context. | |
691 | */ | |
692 | static int | |
693 | skein_free_context(crypto_ctx_t *ctx) | |
694 | { | |
695 | if (SKEIN_CTX(ctx) != NULL) { | |
696 | bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
697 | kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx))); | |
698 | SKEIN_CTX_LVALUE(ctx) = NULL; | |
699 | } | |
700 | ||
701 | return (CRYPTO_SUCCESS); | |
702 | } |