]> git.proxmox.com Git - mirror_zfs.git/blame - module/icp/io/skein_mod.c
projects / mirror_zfs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
OpenZFS 4185 - add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R
[mirror_zfs.git] / module / icp / io / skein_mod.c
CommitLineData
3c67d83a
TH		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright 2013 Saso Kiselkov. All rights reserved.
24 */
25
26#include <sys/modctl.h>
27#include <sys/crypto/common.h>
28#include <sys/crypto/spi.h>
29#include <sys/sysmacros.h>
30#include <sys/systm.h>
31#define SKEIN_MODULE_IMPL
32#include <sys/skein.h>
33
34/*
35 * Like the sha2 module, we create the skein module with two modlinkages:
36 * - modlmisc to allow direct calls to Skein_* API functions.
37 * - modlcrypto to integrate well into the Kernel Crypto Framework (KCF).
38 */
39static struct modlmisc modlmisc = {
40 &mod_cryptoops,
41 "Skein Message-Digest Algorithm"
42};
43
44static struct modlcrypto modlcrypto = {
45 &mod_cryptoops,
46 "Skein Kernel SW Provider"
47};
48
49static struct modlinkage modlinkage = {
50 MODREV_1, {&modlmisc, &modlcrypto, NULL}
51};
52
53static crypto_mech_info_t skein_mech_info_tab[] = {
54 {CKM_SKEIN_256, SKEIN_256_MECH_INFO_TYPE,
55 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
56 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
57 {CKM_SKEIN_256_MAC, SKEIN_256_MAC_MECH_INFO_TYPE,
58 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX,
59 CRYPTO_KEYSIZE_UNIT_IN_BYTES},
60 {CKM_SKEIN_512, SKEIN_512_MECH_INFO_TYPE,
61 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
62 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
63 {CKM_SKEIN_512_MAC, SKEIN_512_MAC_MECH_INFO_TYPE,
64 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX,
65 CRYPTO_KEYSIZE_UNIT_IN_BYTES},
66 {CKM_SKEIN1024, SKEIN1024_MECH_INFO_TYPE,
67 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
68 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
69 {CKM_SKEIN1024_MAC, SKEIN1024_MAC_MECH_INFO_TYPE,
70 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX,
71 CRYPTO_KEYSIZE_UNIT_IN_BYTES}
72};
73
74static void skein_provider_status(crypto_provider_handle_t, uint_t *);
75
76static crypto_control_ops_t skein_control_ops = {
77 skein_provider_status
78};
79
80static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
81 crypto_req_handle_t);
82static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
83 crypto_req_handle_t);
84static int skein_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
85static int skein_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
86static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
87 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
88 crypto_req_handle_t);
89
90static crypto_digest_ops_t skein_digest_ops = {
91 skein_digest_init,
92 skein_digest,
93 skein_update,
94 NULL,
95 skein_final,
96 skein_digest_atomic
97};
98
99static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
100 crypto_spi_ctx_template_t, crypto_req_handle_t);
101static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
102 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
103 crypto_spi_ctx_template_t, crypto_req_handle_t);
104
105static crypto_mac_ops_t skein_mac_ops = {
106 skein_mac_init,
107 NULL,
108 skein_update, /* using regular digest update is OK here */
109 skein_final, /* using regular digest final is OK here */
110 skein_mac_atomic,
111 NULL
112};
113
114static int skein_create_ctx_template(crypto_provider_handle_t,
115 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
116 size_t *, crypto_req_handle_t);
117static int skein_free_context(crypto_ctx_t *);
118
119static crypto_ctx_ops_t skein_ctx_ops = {
120 skein_create_ctx_template,
121 skein_free_context
122};
123
124static crypto_ops_t skein_crypto_ops = {{{{{
125 &skein_control_ops,
126 &skein_digest_ops,
127 NULL,
128 &skein_mac_ops,
129 NULL,
130 NULL,
131 NULL,
132 NULL,
133 NULL,
134 NULL,
135 NULL,
136 NULL,
137 NULL,
138 &skein_ctx_ops,
139}}}}};
140
141static crypto_provider_info_t skein_prov_info = {{{{
142 CRYPTO_SPI_VERSION_1,
143 "Skein Software Provider",
144 CRYPTO_SW_PROVIDER,
145 NULL,
146 &skein_crypto_ops,
147 sizeof (skein_mech_info_tab) / sizeof (crypto_mech_info_t),
148 skein_mech_info_tab
149}}}};
150
151static crypto_kcf_provider_handle_t skein_prov_handle = 0;
152
153typedef struct skein_ctx {
154 skein_mech_type_t sc_mech_type;
155 size_t sc_digest_bitlen;
156 /*LINTED(E_ANONYMOUS_UNION_DECL)*/
157 union {
158 Skein_256_Ctxt_t sc_256;
159 Skein_512_Ctxt_t sc_512;
160 Skein1024_Ctxt_t sc_1024;
161 };
162} skein_ctx_t;
163#define SKEIN_CTX(_ctx_) ((skein_ctx_t *)((_ctx_)->cc_provider_private))
164#define SKEIN_CTX_LVALUE(_ctx_) (_ctx_)->cc_provider_private
165#define SKEIN_OP(_skein_ctx, _op, ...) \
166 do { \
167 skein_ctx_t *sc = (_skein_ctx); \
168 switch (sc->sc_mech_type) { \
169 case SKEIN_256_MECH_INFO_TYPE: \
170 case SKEIN_256_MAC_MECH_INFO_TYPE: \
171 (void) Skein_256_ ## _op(&sc->sc_256, __VA_ARGS__);\
172 break; \
173 case SKEIN_512_MECH_INFO_TYPE: \
174 case SKEIN_512_MAC_MECH_INFO_TYPE: \
175 (void) Skein_512_ ## _op(&sc->sc_512, __VA_ARGS__);\
176 break; \
177 case SKEIN1024_MECH_INFO_TYPE: \
178 case SKEIN1024_MAC_MECH_INFO_TYPE: \
179 (void) Skein1024_ ## _op(&sc->sc_1024, __VA_ARGS__);\
180 break; \
181 } \
182 _NOTE(CONSTCOND) \
183 } while (0)
184
185static int
186skein_get_digest_bitlen(const crypto_mechanism_t *mechanism, size_t *result)
187{
188 if (mechanism->cm_param != NULL) {
189 /*LINTED(E_BAD_PTR_CAST_ALIGN)*/
190 skein_param_t *param = (skein_param_t *)mechanism->cm_param;
191
192 if (mechanism->cm_param_len != sizeof (*param) ||
193 param->sp_digest_bitlen == 0) {
194 return (CRYPTO_MECHANISM_PARAM_INVALID);
195 }
196 *result = param->sp_digest_bitlen;
197 } else {
198 switch (mechanism->cm_type) {
199 case SKEIN_256_MECH_INFO_TYPE:
200 *result = 256;
201 break;
202 case SKEIN_512_MECH_INFO_TYPE:
203 *result = 512;
204 break;
205 case SKEIN1024_MECH_INFO_TYPE:
206 *result = 1024;
207 break;
208 default:
209 return (CRYPTO_MECHANISM_INVALID);
210 }
211 }
212 return (CRYPTO_SUCCESS);
213}
214
215int
216skein_mod_init(void)
217{
218 int error;
219
220 if ((error = mod_install(&modlinkage)) != 0)
221 return (error);
222
223 /*
224 * Try to register with KCF - failure shouldn't unload us, since we
225 * still may want to continue providing misc/skein functionality.
226 */
227 (void) crypto_register_provider(&skein_prov_info, &skein_prov_handle);
228
229 return (0);
230}
231
232int
233skein_mod_fini(void) {
234 return (mod_remove(&modlinkage));
235}
236
237/*
238 * KCF software provider control entry points.
239 */
240/* ARGSUSED */
241static void
242skein_provider_status(crypto_provider_handle_t provider, uint_t *status)
243{
244 *status = CRYPTO_PROVIDER_READY;
245}
246
247/*
248 * General Skein hashing helper functions.
249 */
250
251/*
252 * Performs an Update on a context with uio input data.
253 */
254static int
255skein_digest_update_uio(skein_ctx_t *ctx, const crypto_data_t *data)
256{
257 off_t offset = data->cd_offset;
258 size_t length = data->cd_length;
259 uint_t vec_idx;
260 size_t cur_len;
261 const uio_t *uio = data->cd_uio;
262
263 /* we support only kernel buffer */
264 if (uio->uio_segflg != UIO_SYSSPACE)
265 return (CRYPTO_ARGUMENTS_BAD);
266
267 /*
268 * Jump to the first iovec containing data to be
269 * digested.
270 */
271 for (vec_idx = 0; vec_idx < uio->uio_iovcnt &&
272 offset >= uio->uio_iov[vec_idx].iov_len;
273 offset -= uio->uio_iov[vec_idx++].iov_len)
274 ;
275 if (vec_idx == uio->uio_iovcnt) {
276 /*
277 * The caller specified an offset that is larger than the
278 * total size of the buffers it provided.
279 */
280 return (CRYPTO_DATA_LEN_RANGE);
281 }
282
283 /*
284 * Now do the digesting on the iovecs.
285 */
286 while (vec_idx < uio->uio_iovcnt && length > 0) {
287 cur_len = MIN(uio->uio_iov[vec_idx].iov_len - offset, length);
288 SKEIN_OP(ctx, Update, (uint8_t *)uio->uio_iov[vec_idx].iov_base
289 + offset, cur_len);
290 length -= cur_len;
291 vec_idx++;
292 offset = 0;
293 }
294
295 if (vec_idx == uio->uio_iovcnt && length > 0) {
296 /*
297 * The end of the specified iovec's was reached but
298 * the length requested could not be processed, i.e.
299 * The caller requested to digest more data than it provided.
300 */
301 return (CRYPTO_DATA_LEN_RANGE);
302 }
303
304 return (CRYPTO_SUCCESS);
305}
306
307/*
308 * Performs a Final on a context and writes to a uio digest output.
309 */
310static int
311skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
312 crypto_req_handle_t req)
313{
314 off_t offset = digest->cd_offset;
315 uint_t vec_idx;
316 uio_t *uio = digest->cd_uio;
317
318 /* we support only kernel buffer */
319 if (uio->uio_segflg != UIO_SYSSPACE)
320 return (CRYPTO_ARGUMENTS_BAD);
321
322 /*
323 * Jump to the first iovec containing ptr to the digest to be returned.
324 */
325 for (vec_idx = 0; offset >= uio->uio_iov[vec_idx].iov_len &&
326 vec_idx < uio->uio_iovcnt;
327 offset -= uio->uio_iov[vec_idx++].iov_len)
328 ;
329 if (vec_idx == uio->uio_iovcnt) {
330 /*
331 * The caller specified an offset that is larger than the
332 * total size of the buffers it provided.
333 */
334 return (CRYPTO_DATA_LEN_RANGE);
335 }
336 if (offset + CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen) <=
337 uio->uio_iov[vec_idx].iov_len) {
338 /* The computed digest will fit in the current iovec. */
339 SKEIN_OP(ctx, Final,
340 (uchar_t *)uio->uio_iov[vec_idx].iov_base + offset);
341 } else {
342 uint8_t *digest_tmp;
343 off_t scratch_offset = 0;
344 size_t length = CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen);
345 size_t cur_len;
346
347 digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES(
348 ctx->sc_digest_bitlen), crypto_kmflag(req));
349 if (digest_tmp == NULL)
350 return (CRYPTO_HOST_MEMORY);
351 SKEIN_OP(ctx, Final, digest_tmp);
352 while (vec_idx < uio->uio_iovcnt && length > 0) {
353 cur_len = MIN(uio->uio_iov[vec_idx].iov_len - offset,
354 length);
355 bcopy(digest_tmp + scratch_offset,
356 uio->uio_iov[vec_idx].iov_base + offset, cur_len);
357
358 length -= cur_len;
359 vec_idx++;
360 scratch_offset += cur_len;
361 offset = 0;
362 }
363 kmem_free(digest_tmp, CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen));
364
365 if (vec_idx == uio->uio_iovcnt && length > 0) {
366 /*
367 * The end of the specified iovec's was reached but
368 * the length requested could not be processed, i.e.
369 * The caller requested to digest more data than it
370 * provided.
371 */
372 return (CRYPTO_DATA_LEN_RANGE);
373 }
374 }
375
376 return (CRYPTO_SUCCESS);
377}
378
379/*
380 * KCF software provider digest entry points.
381 */
382
383/*
384 * Initializes a skein digest context to the configuration in `mechanism'.
385 * The mechanism cm_type must be one of SKEIN_*_MECH_INFO_TYPE. The cm_param
386 * field may contain a skein_param_t structure indicating the length of the
387 * digest the algorithm should produce. Otherwise the default output lengths
388 * are applied (32 bytes for Skein-256, 64 bytes for Skein-512 and 128 bytes
389 * for Skein-1024).
390 */
391static int
392skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
393 crypto_req_handle_t req)
394{
395 int error = CRYPTO_SUCCESS;
396
397 if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type))
398 return (CRYPTO_MECHANISM_INVALID);
399
400 SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
401 crypto_kmflag(req));
402 if (SKEIN_CTX(ctx) == NULL)
403 return (CRYPTO_HOST_MEMORY);
404
405 SKEIN_CTX(ctx)->sc_mech_type = mechanism->cm_type;
406 error = skein_get_digest_bitlen(mechanism,
407 &SKEIN_CTX(ctx)->sc_digest_bitlen);
408 if (error != CRYPTO_SUCCESS)
409 goto errout;
410 SKEIN_OP(SKEIN_CTX(ctx), Init, SKEIN_CTX(ctx)->sc_digest_bitlen);
411
412 return (CRYPTO_SUCCESS);
413errout:
414 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
415 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
416 SKEIN_CTX_LVALUE(ctx) = NULL;
417 return (error);
418}
419
420/*
421 * Executes a skein_update and skein_digest on a pre-initialized crypto
422 * context in a single step. See the documentation to these functions to
423 * see what to pass here.
424 */
425static int
426skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
427 crypto_req_handle_t req)
428{
429 int error = CRYPTO_SUCCESS;
430
431 ASSERT(SKEIN_CTX(ctx) != NULL);
432
433 if (digest->cd_length <
434 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) {
435 digest->cd_length =
436 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen);
437 return (CRYPTO_BUFFER_TOO_SMALL);
438 }
439
440 error = skein_update(ctx, data, req);
441 if (error != CRYPTO_SUCCESS) {
442 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
443 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
444 SKEIN_CTX_LVALUE(ctx) = NULL;
445 digest->cd_length = 0;
446 return (error);
447 }
448 error = skein_final(ctx, digest, req);
449
450 return (error);
451}
452
453/*
454 * Performs a skein Update with the input message in `data' (successive calls
455 * can push more data). This is used both for digest and MAC operation.
456 * Supported input data formats are raw, uio and mblk.
457 */
458/*ARGSUSED*/
459static int
460skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
461{
462 int error = CRYPTO_SUCCESS;
463
464 ASSERT(SKEIN_CTX(ctx) != NULL);
465
466 switch (data->cd_format) {
467 case CRYPTO_DATA_RAW:
468 SKEIN_OP(SKEIN_CTX(ctx), Update,
469 (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
470 data->cd_length);
471 break;
472 case CRYPTO_DATA_UIO:
473 error = skein_digest_update_uio(SKEIN_CTX(ctx), data);
474 break;
475 default:
476 error = CRYPTO_ARGUMENTS_BAD;
477 }
478
479 return (error);
480}
481
482/*
483 * Performs a skein Final, writing the output to `digest'. This is used both
484 * for digest and MAC operation.
485 * Supported output digest formats are raw, uio and mblk.
486 */
487/*ARGSUSED*/
488static int
489skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
490{
491 int error = CRYPTO_SUCCESS;
492
493 ASSERT(SKEIN_CTX(ctx) != NULL);
494
495 if (digest->cd_length <
496 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) {
497 digest->cd_length =
498 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen);
499 return (CRYPTO_BUFFER_TOO_SMALL);
500 }
501
502 switch (digest->cd_format) {
503 case CRYPTO_DATA_RAW:
504 SKEIN_OP(SKEIN_CTX(ctx), Final,
505 (uint8_t *)digest->cd_raw.iov_base + digest->cd_offset);
506 break;
507 case CRYPTO_DATA_UIO:
508 error = skein_digest_final_uio(SKEIN_CTX(ctx), digest, req);
509 break;
510 default:
511 error = CRYPTO_ARGUMENTS_BAD;
512 }
513
514 if (error == CRYPTO_SUCCESS)
515 digest->cd_length =
516 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen);
517 else
518 digest->cd_length = 0;
519
520 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
521 kmem_free(SKEIN_CTX(ctx), sizeof (*(SKEIN_CTX(ctx))));
522 SKEIN_CTX_LVALUE(ctx) = NULL;
523
524 return (error);
525}
526
527/*
528 * Performs a full skein digest computation in a single call, configuring the
529 * algorithm according to `mechanism', reading the input to be digested from
530 * `data' and writing the output to `digest'.
531 * Supported input/output formats are raw, uio and mblk.
532 */
533/*ARGSUSED*/
534static int
535skein_digest_atomic(crypto_provider_handle_t provider,
536 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
537 crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req)
538{
539 int error;
540 skein_ctx_t skein_ctx;
541 crypto_ctx_t ctx;
542 SKEIN_CTX_LVALUE(&ctx) = &skein_ctx;
543
544 /* Init */
545 if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type))
546 return (CRYPTO_MECHANISM_INVALID);
547 skein_ctx.sc_mech_type = mechanism->cm_type;
548 error = skein_get_digest_bitlen(mechanism, &skein_ctx.sc_digest_bitlen);
549 if (error != CRYPTO_SUCCESS)
550 goto out;
551 SKEIN_OP(&skein_ctx, Init, skein_ctx.sc_digest_bitlen);
552
553 if ((error = skein_update(&ctx, data, digest)) != CRYPTO_SUCCESS)
554 goto out;
555 if ((error = skein_final(&ctx, data, digest)) != CRYPTO_SUCCESS)
556 goto out;
557
558out:
559 if (error == CRYPTO_SUCCESS)
560 digest->cd_length =
561 CRYPTO_BITS2BYTES(skein_ctx.sc_digest_bitlen);
562 else
563 digest->cd_length = 0;
564 bzero(&skein_ctx, sizeof (skein_ctx));
565
566 return (error);
567}
568
569/*
570 * Helper function that builds a Skein MAC context from the provided
571 * mechanism and key.
572 */
573static int
574skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
575 crypto_key_t *key)
576{
577 int error;
578
579 if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type))
580 return (CRYPTO_MECHANISM_INVALID);
581 if (key->ck_format != CRYPTO_KEY_RAW)
582 return (CRYPTO_ARGUMENTS_BAD);
583 ctx->sc_mech_type = mechanism->cm_type;
584 error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen);
585 if (error != CRYPTO_SUCCESS)
586 return (error);
587 SKEIN_OP(ctx, InitExt, ctx->sc_digest_bitlen, 0, key->ck_data,
588 CRYPTO_BITS2BYTES(key->ck_length));
589
590 return (CRYPTO_SUCCESS);
591}
592
593/*
594 * KCF software provide mac entry points.
595 */
596/*
597 * Initializes a skein MAC context. You may pass a ctx_template, in which
598 * case the template will be reused to make initialization more efficient.
599 * Otherwise a new context will be constructed. The mechanism cm_type must
600 * be one of SKEIN_*_MAC_MECH_INFO_TYPE. Same as in skein_digest_init, you
601 * may pass a skein_param_t in cm_param to configure the length of the
602 * digest. The key must be in raw format.
603 */
604static int
605skein_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
606 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
607 crypto_req_handle_t req)
608{
609 int error;
610
611 SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
612 crypto_kmflag(req));
613 if (SKEIN_CTX(ctx) == NULL)
614 return (CRYPTO_HOST_MEMORY);
615
616 if (ctx_template != NULL) {
617 bcopy(ctx_template, SKEIN_CTX(ctx),
618 sizeof (*SKEIN_CTX(ctx)));
619 } else {
620 error = skein_mac_ctx_build(SKEIN_CTX(ctx), mechanism, key);
621 if (error != CRYPTO_SUCCESS)
622 goto errout;
623 }
624
625 return (CRYPTO_SUCCESS);
626errout:
627 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
628 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
629 return (error);
630}
631
632/*
633 * The MAC update and final calls are reused from the regular digest code.
634 */
635
636/*ARGSUSED*/
637/*
638 * Same as skein_digest_atomic, performs an atomic Skein MAC operation in
639 * one step. All the same properties apply to the arguments of this
640 * function as to those of the partial operations above.
641 */
642static int
643skein_mac_atomic(crypto_provider_handle_t provider,
644 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
645 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
646 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
647{
648 /* faux crypto context just for skein_digest_{update,final} */
649 int error;
650 crypto_ctx_t ctx;
651 skein_ctx_t skein_ctx;
652 SKEIN_CTX_LVALUE(&ctx) = &skein_ctx;
653
654 if (ctx_template != NULL) {
655 bcopy(ctx_template, &skein_ctx, sizeof (skein_ctx));
656 } else {
657 error = skein_mac_ctx_build(&skein_ctx, mechanism, key);
658 if (error != CRYPTO_SUCCESS)
659 goto errout;
660 }
661
662 if ((error = skein_update(&ctx, data, req)) != CRYPTO_SUCCESS)
663 goto errout;
664 if ((error = skein_final(&ctx, mac, req)) != CRYPTO_SUCCESS)
665 goto errout;
666
667 return (CRYPTO_SUCCESS);
668errout:
669 bzero(&skein_ctx, sizeof (skein_ctx));
670 return (error);
671}
672
673/*
674 * KCF software provider context management entry points.
675 */
676
677/*
678 * Constructs a context template for the Skein MAC algorithm. The same
679 * properties apply to the arguments of this function as to those of
680 * skein_mac_init.
681 */
682/*ARGSUSED*/
683static int
684skein_create_ctx_template(crypto_provider_handle_t provider,
685 crypto_mechanism_t *mechanism, crypto_key_t *key,
686 crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
687 crypto_req_handle_t req)
688{
689 int error;
690 skein_ctx_t *ctx_tmpl;
691
692 ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), crypto_kmflag(req));
693 if (ctx_tmpl == NULL)
694 return (CRYPTO_HOST_MEMORY);
695 error = skein_mac_ctx_build(ctx_tmpl, mechanism, key);
696 if (error != CRYPTO_SUCCESS)
697 goto errout;
698 *ctx_template = ctx_tmpl;
699 *ctx_template_size = sizeof (*ctx_tmpl);
700
701 return (CRYPTO_SUCCESS);
702errout:
703 bzero(ctx_tmpl, sizeof (*ctx_tmpl));
704 kmem_free(ctx_tmpl, sizeof (*ctx_tmpl));
705 return (error);
706}
707
708/*
709 * Frees a skein context in a parent crypto context.
710 */
711static int
712skein_free_context(crypto_ctx_t *ctx)
713{
714 if (SKEIN_CTX(ctx) != NULL) {
715 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
716 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
717 SKEIN_CTX_LVALUE(ctx) = NULL;
718 }
719
720 return (CRYPTO_SUCCESS);
721}
ZFS On Linux mirror for PVE