Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/des/des_crypt.c
+++ new/usr/src/uts/common/des/des_crypt.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 *
21 21 */
22 22 /*
23 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 28 /* All Rights Reserved */
29 29
30 30 /*
31 31 * Portions of this source code were derived from Berkeley 4.3 BSD
32 32 * under license from the Regents of the University of California.
33 33 */
34 34
35 35 /*
36 36 * des_crypt.c, DES encryption library routines
37 37 */
38 38
39 39 #include <sys/errno.h>
40 40 #include <sys/modctl.h>
41 41
42 42 #include <sys/systm.h>
43 43 #include <sys/cmn_err.h>
↓ open down ↓ |
43 lines elided |
↑ open up ↑ |
44 44 #include <sys/ddi.h>
45 45 #include <sys/crypto/common.h>
46 46 #include <sys/crypto/spi.h>
47 47 #include <sys/sysmacros.h>
48 48 #include <sys/strsun.h>
49 49 #include <sys/note.h>
50 50 #include <modes/modes.h>
51 51 #define _DES_IMPL
52 52 #include <des/des_impl.h>
53 53
54 -/* EXPORT DELETE START */
55 54 #include <sys/types.h>
56 55 #include <rpc/des_crypt.h>
57 56 #include <des/des.h>
58 57
59 58 #ifdef sun_hardware
60 59 #include <sys/ioctl.h>
61 60 #ifdef _KERNEL
62 61 #include <sys/conf.h>
63 62 static int g_desfd = -1;
64 63 #define getdesfd() (cdevsw[11].d_open(0, 0) ? -1 : 0)
65 64 #define ioctl(a, b, c) (cdevsw[11].d_ioctl(0, b, c, 0) ? -1 : 0)
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
66 65 #else
67 66 #define getdesfd() (open("/dev/des", 0, 0))
68 67 #endif /* _KERNEL */
69 68 #endif /* sun */
70 69
71 70 static int common_crypt(char *key, char *buf, size_t len,
72 71 unsigned int mode, struct desparams *desp);
73 72
74 73 extern int _des_crypt(char *buf, size_t len, struct desparams *desp);
75 74
76 -/* EXPORT DELETE END */
77 -
78 75 extern struct mod_ops mod_cryptoops;
79 76
80 77 /*
81 78 * Module linkage information for the kernel.
82 79 */
83 80 static struct modlmisc modlmisc = {
84 81 &mod_miscops,
85 82 "des encryption",
86 83 };
87 84
88 85 static struct modlcrypto modlcrypto = {
89 86 &mod_cryptoops,
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
90 87 "DES Kernel SW Provider"
91 88 };
92 89
93 90 static struct modlinkage modlinkage = {
94 91 MODREV_1,
95 92 &modlmisc,
96 93 &modlcrypto,
97 94 NULL
98 95 };
99 96
100 -/* EXPORT DELETE START */
101 -
102 97 #define DES_MIN_KEY_LEN DES_MINBYTES
103 98 #define DES_MAX_KEY_LEN DES_MAXBYTES
104 99 #define DES3_MIN_KEY_LEN DES3_MAXBYTES /* no CKK_DES2 support */
105 100 #define DES3_MAX_KEY_LEN DES3_MAXBYTES
106 101
107 -/* EXPORT DELETE END */
108 -
109 102 #ifndef DES_MIN_KEY_LEN
110 103 #define DES_MIN_KEY_LEN 0
111 104 #endif
112 105
113 106 #ifndef DES_MAX_KEY_LEN
114 107 #define DES_MAX_KEY_LEN 0
115 108 #endif
116 109
117 110 #ifndef DES3_MIN_KEY_LEN
118 111 #define DES3_MIN_KEY_LEN 0
119 112 #endif
120 113
121 114 #ifndef DES3_MAX_KEY_LEN
122 115 #define DES3_MAX_KEY_LEN 0
123 116 #endif
124 117
125 118
126 119 /*
127 120 * Mechanism info structure passed to KCF during registration.
128 121 */
129 122 static crypto_mech_info_t des_mech_info_tab[] = {
130 123 /* DES_ECB */
131 124 {SUN_CKM_DES_ECB, DES_ECB_MECH_INFO_TYPE,
132 125 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
133 126 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
134 127 DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
135 128 /* DES_CBC */
136 129 {SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE,
137 130 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
138 131 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
139 132 DES_MIN_KEY_LEN, DES_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
140 133 /* DES3_ECB */
141 134 {SUN_CKM_DES3_ECB, DES3_ECB_MECH_INFO_TYPE,
142 135 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
143 136 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
144 137 DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
145 138 /* DES3_CBC */
146 139 {SUN_CKM_DES3_CBC, DES3_CBC_MECH_INFO_TYPE,
147 140 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
148 141 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC,
149 142 DES3_MIN_KEY_LEN, DES3_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BYTES}
150 143 };
151 144
152 145 /* operations are in-place if the output buffer is NULL */
153 146 #define DES_ARG_INPLACE(input, output) \
154 147 if ((output) == NULL) \
155 148 (output) = (input);
156 149
157 150 static void des_provider_status(crypto_provider_handle_t, uint_t *);
158 151
159 152 static crypto_control_ops_t des_control_ops = {
160 153 des_provider_status
161 154 };
162 155
163 156 static int
164 157 des_common_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
165 158 crypto_spi_ctx_template_t, crypto_req_handle_t);
166 159 static int des_common_init_ctx(des_ctx_t *, crypto_spi_ctx_template_t *,
167 160 crypto_mechanism_t *, crypto_key_t *, des_strength_t, int);
168 161 static int des_encrypt_final(crypto_ctx_t *, crypto_data_t *,
169 162 crypto_req_handle_t);
170 163 static int des_decrypt_final(crypto_ctx_t *, crypto_data_t *,
171 164 crypto_req_handle_t);
172 165
173 166 static int des_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
174 167 crypto_req_handle_t);
175 168 static int des_encrypt_update(crypto_ctx_t *, crypto_data_t *,
176 169 crypto_data_t *, crypto_req_handle_t);
177 170 static int des_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
178 171 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
179 172 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
180 173
181 174 static int des_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
182 175 crypto_req_handle_t);
183 176 static int des_decrypt_update(crypto_ctx_t *, crypto_data_t *,
184 177 crypto_data_t *, crypto_req_handle_t);
185 178 static int des_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
186 179 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
187 180 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
188 181
189 182 static crypto_cipher_ops_t des_cipher_ops = {
190 183 des_common_init,
191 184 des_encrypt,
192 185 des_encrypt_update,
193 186 des_encrypt_final,
194 187 des_encrypt_atomic,
195 188 des_common_init,
196 189 des_decrypt,
197 190 des_decrypt_update,
198 191 des_decrypt_final,
199 192 des_decrypt_atomic
200 193 };
201 194
202 195 static int des_create_ctx_template(crypto_provider_handle_t,
203 196 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
204 197 size_t *, crypto_req_handle_t);
205 198 static int des_free_context(crypto_ctx_t *);
206 199
207 200 static crypto_ctx_ops_t des_ctx_ops = {
208 201 des_create_ctx_template,
209 202 des_free_context
210 203 };
211 204
212 205 static int des_key_check(crypto_provider_handle_t, crypto_mechanism_t *,
213 206 crypto_key_t *);
214 207
215 208 static crypto_key_ops_t des_key_ops = {
216 209 NULL,
217 210 NULL,
218 211 NULL,
219 212 NULL,
220 213 NULL,
221 214 des_key_check
222 215 };
223 216
224 217 static crypto_ops_t des_crypto_ops = {
225 218 &des_control_ops,
226 219 NULL,
227 220 &des_cipher_ops,
228 221 NULL,
229 222 NULL,
230 223 NULL,
231 224 NULL,
232 225 NULL,
233 226 NULL,
234 227 NULL,
235 228 NULL,
236 229 &des_key_ops,
237 230 NULL,
238 231 &des_ctx_ops,
239 232 NULL,
240 233 NULL,
241 234 NULL
242 235 };
243 236
244 237 static crypto_provider_info_t des_prov_info = {
245 238 CRYPTO_SPI_VERSION_4,
246 239 "DES Software Provider",
247 240 CRYPTO_SW_PROVIDER,
248 241 {&modlinkage},
249 242 NULL,
250 243 &des_crypto_ops,
251 244 sizeof (des_mech_info_tab)/sizeof (crypto_mech_info_t),
252 245 des_mech_info_tab
253 246 };
254 247
255 248 static crypto_kcf_provider_handle_t des_prov_handle = NULL;
256 249
257 250 int
258 251 _init(void)
259 252 {
260 253 int ret;
261 254
262 255 if ((ret = mod_install(&modlinkage)) != 0)
263 256 return (ret);
264 257
265 258 /*
266 259 * Register with KCF. If the registration fails, kcf will log an
267 260 * error but do not uninstall the module, since the functionality
268 261 * provided by misc/des should still be available.
269 262 *
270 263 */
271 264 (void) crypto_register_provider(&des_prov_info, &des_prov_handle);
272 265
273 266 return (0);
274 267 }
275 268
276 269
277 270 int
278 271 _info(struct modinfo *modinfop)
279 272 {
280 273 return (mod_info(&modlinkage, modinfop));
281 274 }
282 275
283 276 /*
284 277 * Copy 8 bytes
285 278 */
286 279 #define COPY8(src, dst) { \
287 280 char *a = (char *)dst; \
288 281 char *b = (char *)src; \
289 282 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
290 283 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
291 284 }
292 285
293 286 /*
294 287 * Copy multiple of 8 bytes
295 288 */
296 289 #define DESCOPY(src, dst, len) { \
297 290 char *a = (char *)dst; \
298 291 char *b = (char *)src; \
299 292 int i; \
300 293 for (i = (size_t)len; i > 0; i -= 8) { \
301 294 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
302 295 *a++ = *b++; *a++ = *b++; *a++ = *b++; *a++ = *b++; \
303 296 } \
↓ open down ↓ |
185 lines elided |
↑ open up ↑ |
304 297 }
305 298
306 299 /*
307 300 * CBC mode encryption
308 301 */
309 302 /* ARGSUSED */
310 303 int
311 304 cbc_crypt(char *key, char *buf, size_t len, unsigned int mode, char *ivec)
312 305 {
313 306 int err = 0;
314 -/* EXPORT DELETE START */
315 307 struct desparams dp;
316 308
317 309 dp.des_mode = CBC;
318 310 COPY8(ivec, dp.des_ivec);
319 311 err = common_crypt(key, buf, len, mode, &dp);
320 312 COPY8(dp.des_ivec, ivec);
321 -/* EXPORT DELETE END */
322 313 return (err);
323 314 }
324 315
325 316
326 317 /*
327 318 * ECB mode encryption
328 319 */
329 320 /* ARGSUSED */
330 321 int
331 322 ecb_crypt(char *key, char *buf, size_t len, unsigned int mode)
332 323 {
333 324 int err = 0;
334 -/* EXPORT DELETE START */
335 325 struct desparams dp;
336 326
337 327 dp.des_mode = ECB;
338 328 err = common_crypt(key, buf, len, mode, &dp);
339 -/* EXPORT DELETE END */
340 329 return (err);
341 330 }
342 331
343 332
344 333
345 -/* EXPORT DELETE START */
346 334 /*
347 335 * Common code to cbc_crypt() & ecb_crypt()
348 336 */
349 337 static int
350 338 common_crypt(char *key, char *buf, size_t len, unsigned int mode,
351 339 struct desparams *desp)
352 340 {
353 341 int desdev;
354 342
355 343 if ((len % 8) != 0 || len > DES_MAXDATA)
356 344 return (DESERR_BADPARAM);
357 345
358 346 desp->des_dir =
359 347 ((mode & DES_DIRMASK) == DES_ENCRYPT) ? ENCRYPT : DECRYPT;
360 348
361 349 desdev = mode & DES_DEVMASK;
362 350 COPY8(key, desp->des_key);
363 351
364 352 #ifdef sun_hardware
365 353 if (desdev == DES_HW) {
366 354 int res;
367 355
368 356 if (g_desfd < 0 &&
369 357 (g_desfd == -1 || (g_desfd = getdesfd()) < 0))
370 358 goto software; /* no hardware device */
371 359
372 360 /*
373 361 * hardware
374 362 */
375 363 desp->des_len = len;
376 364 if (len <= DES_QUICKLEN) {
377 365 DESCOPY(buf, desp->des_data, len);
378 366 res = ioctl(g_desfd, DESIOCQUICK, (char *)desp);
379 367 DESCOPY(desp->des_data, buf, len);
380 368 } else {
381 369 desp->des_buf = (uchar_t *)buf;
382 370 res = ioctl(g_desfd, DESIOCBLOCK, (char *)desp);
383 371 }
384 372 return (res == 0 ? DESERR_NONE : DESERR_HWERROR);
385 373 }
386 374 software:
387 375 #endif
388 376 /*
389 377 * software
390 378 */
391 379 if (!_des_crypt(buf, len, desp))
392 380 return (DESERR_HWERROR);
393 381
394 382 return (desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE);
395 383 }
396 384
397 385 /*
398 386 * Initialize key schedules for DES and DES3
399 387 */
400 388 static int
401 389 init_keysched(crypto_key_t *key, void *newbie, des_strength_t strength)
402 390 {
403 391 uint8_t corrected_key[DES3_KEYSIZE];
404 392
405 393 /*
406 394 * Only keys by value are supported by this module.
407 395 */
408 396 switch (key->ck_format) {
409 397 case CRYPTO_KEY_RAW:
410 398 if (strength == DES && key->ck_length != DES_MAXBITS)
411 399 return (CRYPTO_KEY_SIZE_RANGE);
412 400 if (strength == DES3 && key->ck_length != DES3_MAXBITS)
413 401 return (CRYPTO_KEY_SIZE_RANGE);
414 402 break;
415 403 default:
416 404 return (CRYPTO_KEY_TYPE_INCONSISTENT);
417 405 }
418 406
419 407 /*
420 408 * Fix parity bits.
↓ open down ↓ |
65 lines elided |
↑ open up ↑ |
421 409 * Initialize key schedule even if key is weak.
422 410 */
423 411 if (key->ck_data == NULL)
424 412 return (CRYPTO_ARGUMENTS_BAD);
425 413
426 414 des_parity_fix(key->ck_data, strength, corrected_key);
427 415 des_init_keysched(corrected_key, strength, newbie);
428 416 return (CRYPTO_SUCCESS);
429 417 }
430 418
431 -/* EXPORT DELETE END */
432 -
433 419 /*
434 420 * KCF software provider control entry points.
435 421 */
436 422 /* ARGSUSED */
437 423 static void
438 424 des_provider_status(crypto_provider_handle_t provider, uint_t *status)
439 425 {
440 426 *status = CRYPTO_PROVIDER_READY;
441 427 }
442 428
443 429 /*
444 430 * KCF software provider encrypt entry points.
445 431 */
446 432 static int
447 433 des_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
448 434 crypto_key_t *key, crypto_spi_ctx_template_t template,
449 435 crypto_req_handle_t req)
450 436 {
451 437
452 -/* EXPORT DELETE START */
453 -
454 438 des_strength_t strength;
455 439 des_ctx_t *des_ctx = NULL;
456 440 int rv;
457 441 int kmflag;
458 442
459 443 /*
460 444 * Only keys by value are supported by this module.
461 445 */
462 446 if (key->ck_format != CRYPTO_KEY_RAW) {
463 447 return (CRYPTO_KEY_TYPE_INCONSISTENT);
464 448 }
465 449
466 450 kmflag = crypto_kmflag(req);
467 451 /* Check mechanism type and parameter length */
468 452 switch (mechanism->cm_type) {
469 453 case DES_ECB_MECH_INFO_TYPE:
470 454 des_ctx = ecb_alloc_ctx(kmflag);
471 455 /* FALLTHRU */
472 456 case DES_CBC_MECH_INFO_TYPE:
473 457 if (mechanism->cm_param != NULL &&
474 458 mechanism->cm_param_len != DES_BLOCK_LEN)
475 459 return (CRYPTO_MECHANISM_PARAM_INVALID);
476 460 if (key->ck_length != DES_MAXBITS)
477 461 return (CRYPTO_KEY_SIZE_RANGE);
478 462 strength = DES;
479 463 if (des_ctx == NULL)
480 464 des_ctx = cbc_alloc_ctx(kmflag);
481 465 break;
482 466 case DES3_ECB_MECH_INFO_TYPE:
483 467 des_ctx = ecb_alloc_ctx(kmflag);
484 468 /* FALLTHRU */
485 469 case DES3_CBC_MECH_INFO_TYPE:
486 470 if (mechanism->cm_param != NULL &&
487 471 mechanism->cm_param_len != DES_BLOCK_LEN)
488 472 return (CRYPTO_MECHANISM_PARAM_INVALID);
489 473 if (key->ck_length != DES3_MAXBITS)
490 474 return (CRYPTO_KEY_SIZE_RANGE);
491 475 strength = DES3;
492 476 if (des_ctx == NULL)
493 477 des_ctx = cbc_alloc_ctx(kmflag);
494 478 break;
495 479 default:
496 480 return (CRYPTO_MECHANISM_INVALID);
↓ open down ↓ |
33 lines elided |
↑ open up ↑ |
497 481 }
498 482
499 483 if ((rv = des_common_init_ctx(des_ctx, template, mechanism, key,
500 484 strength, kmflag)) != CRYPTO_SUCCESS) {
501 485 crypto_free_mode_ctx(des_ctx);
502 486 return (rv);
503 487 }
504 488
505 489 ctx->cc_provider_private = des_ctx;
506 490
507 -/* EXPORT DELETE END */
508 -
509 491 return (CRYPTO_SUCCESS);
510 492 }
511 493
512 494 static void
513 495 des_copy_block64(uint8_t *in, uint64_t *out)
514 496 {
515 497 if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
516 498 /* LINTED: pointer alignment */
517 499 out[0] = *(uint64_t *)&in[0];
518 500 } else {
519 501 uint64_t tmp64;
520 502
521 503 #ifdef _BIG_ENDIAN
522 504 tmp64 = (((uint64_t)in[0] << 56) |
523 505 ((uint64_t)in[1] << 48) |
524 506 ((uint64_t)in[2] << 40) |
525 507 ((uint64_t)in[3] << 32) |
526 508 ((uint64_t)in[4] << 24) |
527 509 ((uint64_t)in[5] << 16) |
528 510 ((uint64_t)in[6] << 8) |
529 511 (uint64_t)in[7]);
530 512 #else
531 513 tmp64 = (((uint64_t)in[7] << 56) |
532 514 ((uint64_t)in[6] << 48) |
533 515 ((uint64_t)in[5] << 40) |
534 516 ((uint64_t)in[4] << 32) |
535 517 ((uint64_t)in[3] << 24) |
536 518 ((uint64_t)in[2] << 16) |
537 519 ((uint64_t)in[1] << 8) |
538 520 (uint64_t)in[0]);
539 521 #endif /* _BIG_ENDIAN */
540 522
541 523 out[0] = tmp64;
↓ open down ↓ |
23 lines elided |
↑ open up ↑ |
542 524 }
543 525 }
544 526
545 527 /* ARGSUSED */
546 528 static int
547 529 des_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
548 530 crypto_data_t *ciphertext, crypto_req_handle_t req)
549 531 {
550 532 int ret;
551 533
552 -/* EXPORT DELETE START */
553 534 des_ctx_t *des_ctx;
554 535
555 536 /*
556 537 * Plaintext must be a multiple of the block size.
557 538 * This test only works for non-padded mechanisms
558 539 * when blocksize is 2^N.
559 540 */
560 541 if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
561 542 return (CRYPTO_DATA_LEN_RANGE);
562 543
563 544 ASSERT(ctx->cc_provider_private != NULL);
564 545 des_ctx = ctx->cc_provider_private;
565 546
566 547 DES_ARG_INPLACE(plaintext, ciphertext);
567 548
568 549 /*
569 550 * We need to just return the length needed to store the output.
570 551 * We should not destroy the context for the following case.
571 552 */
572 553 if (ciphertext->cd_length < plaintext->cd_length) {
573 554 ciphertext->cd_length = plaintext->cd_length;
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
574 555 return (CRYPTO_BUFFER_TOO_SMALL);
575 556 }
576 557
577 558 /*
578 559 * Do an update on the specified input data.
579 560 */
580 561 ret = des_encrypt_update(ctx, plaintext, ciphertext, req);
581 562 ASSERT(des_ctx->dc_remainder_len == 0);
582 563 (void) des_free_context(ctx);
583 564
584 -/* EXPORT DELETE END */
585 -
586 565 /* LINTED */
587 566 return (ret);
588 567 }
589 568
590 569 /* ARGSUSED */
591 570 static int
592 571 des_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
593 572 crypto_data_t *plaintext, crypto_req_handle_t req)
594 573 {
595 574 int ret;
596 575
597 -/* EXPORT DELETE START */
598 576 des_ctx_t *des_ctx;
599 577
600 578 /*
601 579 * Ciphertext must be a multiple of the block size.
602 580 * This test only works for non-padded mechanisms
603 581 * when blocksize is 2^N.
604 582 */
605 583 if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
606 584 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
607 585
608 586 ASSERT(ctx->cc_provider_private != NULL);
609 587 des_ctx = ctx->cc_provider_private;
610 588
611 589 DES_ARG_INPLACE(ciphertext, plaintext);
612 590
613 591 /*
614 592 * We need to just return the length needed to store the output.
615 593 * We should not destroy the context for the following case.
616 594 */
617 595 if (plaintext->cd_length < ciphertext->cd_length) {
618 596 plaintext->cd_length = ciphertext->cd_length;
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
619 597 return (CRYPTO_BUFFER_TOO_SMALL);
620 598 }
621 599
622 600 /*
623 601 * Do an update on the specified input data.
624 602 */
625 603 ret = des_decrypt_update(ctx, ciphertext, plaintext, req);
626 604 ASSERT(des_ctx->dc_remainder_len == 0);
627 605 (void) des_free_context(ctx);
628 606
629 -/* EXPORT DELETE END */
630 -
631 607 /* LINTED */
632 608 return (ret);
633 609 }
634 610
635 611 /* ARGSUSED */
636 612 static int
637 613 des_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
638 614 crypto_data_t *ciphertext, crypto_req_handle_t req)
639 615 {
640 616 off_t saved_offset;
641 617 size_t saved_length, out_len;
642 618 int ret = CRYPTO_SUCCESS;
643 619
644 -/* EXPORT DELETE START */
645 -
646 620 ASSERT(ctx->cc_provider_private != NULL);
647 621
648 622 DES_ARG_INPLACE(plaintext, ciphertext);
649 623
650 624 /* compute number of bytes that will hold the ciphertext */
651 625 out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len;
652 626 out_len += plaintext->cd_length;
653 627 out_len &= ~(DES_BLOCK_LEN - 1);
654 628
655 629 /* return length needed to store the output */
656 630 if (ciphertext->cd_length < out_len) {
657 631 ciphertext->cd_length = out_len;
658 632 return (CRYPTO_BUFFER_TOO_SMALL);
659 633 }
660 634
661 635 saved_offset = ciphertext->cd_offset;
662 636 saved_length = ciphertext->cd_length;
663 637
664 638 /*
665 639 * Do the DES update on the specified input data.
666 640 */
667 641 switch (plaintext->cd_format) {
668 642 case CRYPTO_DATA_RAW:
669 643 ret = crypto_update_iov(ctx->cc_provider_private,
670 644 plaintext, ciphertext, des_encrypt_contiguous_blocks,
671 645 des_copy_block64);
672 646 break;
673 647 case CRYPTO_DATA_UIO:
674 648 ret = crypto_update_uio(ctx->cc_provider_private,
675 649 plaintext, ciphertext, des_encrypt_contiguous_blocks,
676 650 des_copy_block64);
677 651 break;
678 652 case CRYPTO_DATA_MBLK:
679 653 ret = crypto_update_mp(ctx->cc_provider_private,
680 654 plaintext, ciphertext, des_encrypt_contiguous_blocks,
681 655 des_copy_block64);
682 656 break;
683 657 default:
684 658 ret = CRYPTO_ARGUMENTS_BAD;
685 659 }
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
686 660
687 661 if (ret == CRYPTO_SUCCESS) {
688 662 if (plaintext != ciphertext)
689 663 ciphertext->cd_length =
690 664 ciphertext->cd_offset - saved_offset;
691 665 } else {
692 666 ciphertext->cd_length = saved_length;
693 667 }
694 668 ciphertext->cd_offset = saved_offset;
695 669
696 -/* EXPORT DELETE END */
697 -
698 670 return (ret);
699 671 }
700 672
701 673 /* ARGSUSED */
702 674 static int
703 675 des_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
704 676 crypto_data_t *plaintext, crypto_req_handle_t req)
705 677 {
706 678 off_t saved_offset;
707 679 size_t saved_length, out_len;
708 680 int ret = CRYPTO_SUCCESS;
709 681
710 -/* EXPORT DELETE START */
711 -
712 682 ASSERT(ctx->cc_provider_private != NULL);
713 683
714 684 DES_ARG_INPLACE(ciphertext, plaintext);
715 685
716 686 /* compute number of bytes that will hold the plaintext */
717 687 out_len = ((des_ctx_t *)ctx->cc_provider_private)->dc_remainder_len;
718 688 out_len += ciphertext->cd_length;
719 689 out_len &= ~(DES_BLOCK_LEN - 1);
720 690
721 691 /* return length needed to store the output */
722 692 if (plaintext->cd_length < out_len) {
723 693 plaintext->cd_length = out_len;
724 694 return (CRYPTO_BUFFER_TOO_SMALL);
725 695 }
726 696
727 697 saved_offset = plaintext->cd_offset;
728 698 saved_length = plaintext->cd_length;
729 699
730 700 /*
731 701 * Do the DES update on the specified input data.
732 702 */
733 703 switch (ciphertext->cd_format) {
734 704 case CRYPTO_DATA_RAW:
735 705 ret = crypto_update_iov(ctx->cc_provider_private,
736 706 ciphertext, plaintext, des_decrypt_contiguous_blocks,
737 707 des_copy_block64);
738 708 break;
739 709 case CRYPTO_DATA_UIO:
740 710 ret = crypto_update_uio(ctx->cc_provider_private,
741 711 ciphertext, plaintext, des_decrypt_contiguous_blocks,
742 712 des_copy_block64);
743 713 break;
744 714 case CRYPTO_DATA_MBLK:
745 715 ret = crypto_update_mp(ctx->cc_provider_private,
746 716 ciphertext, plaintext, des_decrypt_contiguous_blocks,
747 717 des_copy_block64);
748 718 break;
749 719 default:
750 720 ret = CRYPTO_ARGUMENTS_BAD;
751 721 }
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
752 722
753 723 if (ret == CRYPTO_SUCCESS) {
754 724 if (ciphertext != plaintext)
755 725 plaintext->cd_length =
756 726 plaintext->cd_offset - saved_offset;
757 727 } else {
758 728 plaintext->cd_length = saved_length;
759 729 }
760 730 plaintext->cd_offset = saved_offset;
761 731
762 -/* EXPORT DELETE END */
763 -
764 732 return (ret);
765 733 }
766 734
767 735 /* ARGSUSED */
768 736 static int
769 737 des_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
770 738 crypto_req_handle_t req)
771 739 {
772 -
773 -/* EXPORT DELETE START */
774 -
775 740 des_ctx_t *des_ctx;
776 741
777 742 ASSERT(ctx->cc_provider_private != NULL);
778 743 des_ctx = ctx->cc_provider_private;
779 744
780 745 /*
781 746 * There must be no unprocessed plaintext.
782 747 * This happens if the length of the last data is
783 748 * not a multiple of the DES block length.
784 749 */
785 750 if (des_ctx->dc_remainder_len > 0)
786 751 return (CRYPTO_DATA_LEN_RANGE);
787 752
788 753 (void) des_free_context(ctx);
789 754 ciphertext->cd_length = 0;
790 755
791 -/* EXPORT DELETE END */
792 -
793 756 return (CRYPTO_SUCCESS);
794 757 }
795 758
796 759 /* ARGSUSED */
797 760 static int
798 761 des_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *plaintext,
799 762 crypto_req_handle_t req)
800 763 {
801 -
802 -/* EXPORT DELETE START */
803 -
804 764 des_ctx_t *des_ctx;
805 765
806 766 ASSERT(ctx->cc_provider_private != NULL);
807 767 des_ctx = ctx->cc_provider_private;
808 768
809 769 /*
810 770 * There must be no unprocessed ciphertext.
811 771 * This happens if the length of the last ciphertext is
812 772 * not a multiple of the DES block length.
813 773 */
814 774 if (des_ctx->dc_remainder_len > 0)
815 775 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
816 776
817 777 (void) des_free_context(ctx);
818 778 plaintext->cd_length = 0;
819 779
820 -/* EXPORT DELETE END */
821 -
822 780 return (CRYPTO_SUCCESS);
823 781 }
824 782
825 783 /* ARGSUSED */
826 784 static int
827 785 des_encrypt_atomic(crypto_provider_handle_t provider,
828 786 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
829 787 crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
830 788 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
831 789 {
832 790 int ret;
833 791
834 -/* EXPORT DELETE START */
835 -
836 792 des_ctx_t des_ctx; /* on the stack */
837 793 des_strength_t strength;
838 794 off_t saved_offset;
839 795 size_t saved_length;
840 796
841 797 DES_ARG_INPLACE(plaintext, ciphertext);
842 798
843 799 /*
844 800 * Plaintext must be a multiple of the block size.
845 801 * This test only works for non-padded mechanisms
846 802 * when blocksize is 2^N.
847 803 */
848 804 if ((plaintext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
849 805 return (CRYPTO_DATA_LEN_RANGE);
850 806
851 807 /* return length needed to store the output */
852 808 if (ciphertext->cd_length < plaintext->cd_length) {
853 809 ciphertext->cd_length = plaintext->cd_length;
854 810 return (CRYPTO_BUFFER_TOO_SMALL);
855 811 }
856 812
857 813 /* Check mechanism type and parameter length */
858 814 switch (mechanism->cm_type) {
859 815 case DES_ECB_MECH_INFO_TYPE:
860 816 case DES_CBC_MECH_INFO_TYPE:
861 817 if (mechanism->cm_param_len > 0 &&
862 818 mechanism->cm_param_len != DES_BLOCK_LEN)
863 819 return (CRYPTO_MECHANISM_PARAM_INVALID);
864 820 if (key->ck_length != DES_MINBITS)
865 821 return (CRYPTO_KEY_SIZE_RANGE);
866 822 strength = DES;
867 823 break;
868 824 case DES3_ECB_MECH_INFO_TYPE:
869 825 case DES3_CBC_MECH_INFO_TYPE:
870 826 if (mechanism->cm_param_len > 0 &&
871 827 mechanism->cm_param_len != DES_BLOCK_LEN)
872 828 return (CRYPTO_MECHANISM_PARAM_INVALID);
873 829 if (key->ck_length != DES3_MAXBITS)
874 830 return (CRYPTO_KEY_SIZE_RANGE);
875 831 strength = DES3;
876 832 break;
877 833 default:
878 834 return (CRYPTO_MECHANISM_INVALID);
879 835 }
880 836
881 837 bzero(&des_ctx, sizeof (des_ctx_t));
882 838
883 839 if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key,
884 840 strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) {
885 841 return (ret);
886 842 }
887 843
888 844 saved_offset = ciphertext->cd_offset;
889 845 saved_length = ciphertext->cd_length;
890 846
891 847 /*
892 848 * Do the update on the specified input data.
893 849 */
894 850 switch (plaintext->cd_format) {
895 851 case CRYPTO_DATA_RAW:
896 852 ret = crypto_update_iov(&des_ctx, plaintext, ciphertext,
897 853 des_encrypt_contiguous_blocks, des_copy_block64);
898 854 break;
899 855 case CRYPTO_DATA_UIO:
900 856 ret = crypto_update_uio(&des_ctx, plaintext, ciphertext,
901 857 des_encrypt_contiguous_blocks, des_copy_block64);
902 858 break;
903 859 case CRYPTO_DATA_MBLK:
904 860 ret = crypto_update_mp(&des_ctx, plaintext, ciphertext,
905 861 des_encrypt_contiguous_blocks, des_copy_block64);
906 862 break;
907 863 default:
908 864 ret = CRYPTO_ARGUMENTS_BAD;
909 865 }
910 866
911 867 if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
912 868 bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
913 869 kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
914 870 }
915 871
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
916 872 if (ret == CRYPTO_SUCCESS) {
917 873 ASSERT(des_ctx.dc_remainder_len == 0);
918 874 if (plaintext != ciphertext)
919 875 ciphertext->cd_length =
920 876 ciphertext->cd_offset - saved_offset;
921 877 } else {
922 878 ciphertext->cd_length = saved_length;
923 879 }
924 880 ciphertext->cd_offset = saved_offset;
925 881
926 -/* EXPORT DELETE END */
927 -
928 882 /* LINTED */
929 883 return (ret);
930 884 }
931 885
932 886 /* ARGSUSED */
933 887 static int
934 888 des_decrypt_atomic(crypto_provider_handle_t provider,
935 889 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
936 890 crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
937 891 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
938 892 {
939 893 int ret;
940 894
941 -/* EXPORT DELETE START */
942 -
943 895 des_ctx_t des_ctx; /* on the stack */
944 896 des_strength_t strength;
945 897 off_t saved_offset;
946 898 size_t saved_length;
947 899
948 900 DES_ARG_INPLACE(ciphertext, plaintext);
949 901
950 902 /*
951 903 * Ciphertext must be a multiple of the block size.
952 904 * This test only works for non-padded mechanisms
953 905 * when blocksize is 2^N.
954 906 */
955 907 if ((ciphertext->cd_length & (DES_BLOCK_LEN - 1)) != 0)
956 908 return (CRYPTO_DATA_LEN_RANGE);
957 909
958 910 /* return length needed to store the output */
959 911 if (plaintext->cd_length < ciphertext->cd_length) {
960 912 plaintext->cd_length = ciphertext->cd_length;
961 913 return (CRYPTO_BUFFER_TOO_SMALL);
962 914 }
963 915
964 916 /* Check mechanism type and parameter length */
965 917 switch (mechanism->cm_type) {
966 918 case DES_ECB_MECH_INFO_TYPE:
967 919 case DES_CBC_MECH_INFO_TYPE:
968 920 if (mechanism->cm_param_len > 0 &&
969 921 mechanism->cm_param_len != DES_BLOCK_LEN)
970 922 return (CRYPTO_MECHANISM_PARAM_INVALID);
971 923 if (key->ck_length != DES_MINBITS)
972 924 return (CRYPTO_KEY_SIZE_RANGE);
973 925 strength = DES;
974 926 break;
975 927 case DES3_ECB_MECH_INFO_TYPE:
976 928 case DES3_CBC_MECH_INFO_TYPE:
977 929 if (mechanism->cm_param_len > 0 &&
978 930 mechanism->cm_param_len != DES_BLOCK_LEN)
979 931 return (CRYPTO_MECHANISM_PARAM_INVALID);
980 932 if (key->ck_length != DES3_MAXBITS)
981 933 return (CRYPTO_KEY_SIZE_RANGE);
982 934 strength = DES3;
983 935 break;
984 936 default:
985 937 return (CRYPTO_MECHANISM_INVALID);
986 938 }
987 939
988 940 bzero(&des_ctx, sizeof (des_ctx_t));
989 941
990 942 if ((ret = des_common_init_ctx(&des_ctx, template, mechanism, key,
991 943 strength, crypto_kmflag(req))) != CRYPTO_SUCCESS) {
992 944 return (ret);
993 945 }
994 946
995 947 saved_offset = plaintext->cd_offset;
996 948 saved_length = plaintext->cd_length;
997 949
998 950 /*
999 951 * Do the update on the specified input data.
1000 952 */
1001 953 switch (ciphertext->cd_format) {
1002 954 case CRYPTO_DATA_RAW:
1003 955 ret = crypto_update_iov(&des_ctx, ciphertext, plaintext,
1004 956 des_decrypt_contiguous_blocks, des_copy_block64);
1005 957 break;
1006 958 case CRYPTO_DATA_UIO:
1007 959 ret = crypto_update_uio(&des_ctx, ciphertext, plaintext,
1008 960 des_decrypt_contiguous_blocks, des_copy_block64);
1009 961 break;
1010 962 case CRYPTO_DATA_MBLK:
1011 963 ret = crypto_update_mp(&des_ctx, ciphertext, plaintext,
1012 964 des_decrypt_contiguous_blocks, des_copy_block64);
1013 965 break;
1014 966 default:
1015 967 ret = CRYPTO_ARGUMENTS_BAD;
1016 968 }
1017 969
1018 970 if (des_ctx.dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1019 971 bzero(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
1020 972 kmem_free(des_ctx.dc_keysched, des_ctx.dc_keysched_len);
1021 973 }
1022 974
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
1023 975 if (ret == CRYPTO_SUCCESS) {
1024 976 ASSERT(des_ctx.dc_remainder_len == 0);
1025 977 if (ciphertext != plaintext)
1026 978 plaintext->cd_length =
1027 979 plaintext->cd_offset - saved_offset;
1028 980 } else {
1029 981 plaintext->cd_length = saved_length;
1030 982 }
1031 983 plaintext->cd_offset = saved_offset;
1032 984
1033 -/* EXPORT DELETE END */
1034 -
1035 985 /* LINTED */
1036 986 return (ret);
1037 987 }
1038 988
1039 989 /*
1040 990 * KCF software provider context template entry points.
1041 991 */
1042 992 /* ARGSUSED */
1043 993 static int
1044 994 des_create_ctx_template(crypto_provider_handle_t provider,
1045 995 crypto_mechanism_t *mechanism, crypto_key_t *key,
1046 996 crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
1047 997 {
1048 998
1049 -/* EXPORT DELETE START */
1050 -
1051 999 des_strength_t strength;
1052 1000 void *keysched;
1053 1001 size_t size;
1054 1002 int rv;
1055 1003
1056 1004 switch (mechanism->cm_type) {
1057 1005 case DES_ECB_MECH_INFO_TYPE:
1058 1006 strength = DES;
1059 1007 break;
1060 1008 case DES_CBC_MECH_INFO_TYPE:
1061 1009 strength = DES;
1062 1010 break;
1063 1011 case DES3_ECB_MECH_INFO_TYPE:
1064 1012 strength = DES3;
1065 1013 break;
1066 1014 case DES3_CBC_MECH_INFO_TYPE:
1067 1015 strength = DES3;
1068 1016 break;
1069 1017 default:
1070 1018 return (CRYPTO_MECHANISM_INVALID);
1071 1019 }
1072 1020
1073 1021 if ((keysched = des_alloc_keysched(&size, strength,
1074 1022 crypto_kmflag(req))) == NULL) {
1075 1023 return (CRYPTO_HOST_MEMORY);
1076 1024 }
1077 1025
1078 1026 /*
1079 1027 * Initialize key schedule. Key length information is stored
1080 1028 * in the key.
↓ open down ↓ |
20 lines elided |
↑ open up ↑ |
1081 1029 */
1082 1030 if ((rv = init_keysched(key, keysched, strength)) != CRYPTO_SUCCESS) {
1083 1031 bzero(keysched, size);
1084 1032 kmem_free(keysched, size);
1085 1033 return (rv);
1086 1034 }
1087 1035
1088 1036 *tmpl = keysched;
1089 1037 *tmpl_size = size;
1090 1038
1091 -/* EXPORT DELETE END */
1092 -
1093 1039 return (CRYPTO_SUCCESS);
1094 1040 }
1095 1041
1096 1042 /* ARGSUSED */
1097 1043 static int
1098 1044 des_free_context(crypto_ctx_t *ctx)
1099 1045 {
1100 -
1101 -/* EXPORT DELETE START */
1102 -
1103 1046 des_ctx_t *des_ctx = ctx->cc_provider_private;
1104 1047
1105 1048 if (des_ctx != NULL) {
1106 1049 if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1107 1050 ASSERT(des_ctx->dc_keysched_len != 0);
1108 1051 bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
1109 1052 kmem_free(des_ctx->dc_keysched,
1110 1053 des_ctx->dc_keysched_len);
1111 1054 }
1112 1055 crypto_free_mode_ctx(des_ctx);
1113 1056 ctx->cc_provider_private = NULL;
1114 1057 }
1115 1058
1116 -/* EXPORT DELETE END */
1117 -
1118 1059 return (CRYPTO_SUCCESS);
1119 1060 }
1120 1061
1121 1062 /*
1122 1063 * Pass it to des_keycheck() which will
1123 1064 * fix it (parity bits), and check if the fixed key is weak.
1124 1065 */
1125 1066 /* ARGSUSED */
1126 1067 static int
1127 1068 des_key_check(crypto_provider_handle_t pd, crypto_mechanism_t *mech,
1128 1069 crypto_key_t *key)
1129 1070 {
1130 -
1131 -/* EXPORT DELETE START */
1132 -
1133 1071 int expectedkeylen;
1134 1072 des_strength_t strength;
1135 1073 uint8_t keydata[DES3_MAX_KEY_LEN];
1136 1074
1137 1075 if ((mech == NULL) || (key == NULL))
1138 1076 return (CRYPTO_ARGUMENTS_BAD);
1139 1077
1140 1078 switch (mech->cm_type) {
1141 1079 case DES_ECB_MECH_INFO_TYPE:
1142 1080 case DES_CBC_MECH_INFO_TYPE:
1143 1081 expectedkeylen = DES_MINBITS;
1144 1082 strength = DES;
1145 1083 break;
1146 1084 case DES3_ECB_MECH_INFO_TYPE:
1147 1085 case DES3_CBC_MECH_INFO_TYPE:
1148 1086 expectedkeylen = DES3_MAXBITS;
1149 1087 strength = DES3;
1150 1088 break;
1151 1089 default:
1152 1090 return (CRYPTO_MECHANISM_INVALID);
1153 1091 }
1154 1092
1155 1093 if (key->ck_format != CRYPTO_KEY_RAW)
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
1156 1094 return (CRYPTO_KEY_TYPE_INCONSISTENT);
1157 1095
1158 1096 if (key->ck_length != expectedkeylen)
1159 1097 return (CRYPTO_KEY_SIZE_RANGE);
1160 1098
1161 1099 bcopy(key->ck_data, keydata, CRYPTO_BITS2BYTES(expectedkeylen));
1162 1100
1163 1101 if (des_keycheck(keydata, strength, key->ck_data) == B_FALSE)
1164 1102 return (CRYPTO_WEAK_KEY);
1165 1103
1166 -/* EXPORT DELETE END */
1167 -
1168 1104 return (CRYPTO_SUCCESS);
1169 1105 }
1170 1106
1171 1107 /* ARGSUSED */
1172 1108 static int
1173 1109 des_common_init_ctx(des_ctx_t *des_ctx, crypto_spi_ctx_template_t *template,
1174 1110 crypto_mechanism_t *mechanism, crypto_key_t *key, des_strength_t strength,
1175 1111 int kmflag)
1176 1112 {
1177 1113 int rv = CRYPTO_SUCCESS;
1178 1114
1179 -/* EXPORT DELETE START */
1180 -
1181 1115 void *keysched;
1182 1116 size_t size;
1183 1117
1184 1118 if (template == NULL) {
1185 1119 if ((keysched = des_alloc_keysched(&size, strength,
1186 1120 kmflag)) == NULL)
1187 1121 return (CRYPTO_HOST_MEMORY);
1188 1122 /*
1189 1123 * Initialize key schedule.
1190 1124 * Key length is stored in the key.
1191 1125 */
1192 1126 if ((rv = init_keysched(key, keysched,
1193 1127 strength)) != CRYPTO_SUCCESS)
1194 1128 kmem_free(keysched, size);
1195 1129
1196 1130 des_ctx->dc_flags |= PROVIDER_OWNS_KEY_SCHEDULE;
1197 1131 des_ctx->dc_keysched_len = size;
1198 1132 } else {
1199 1133 keysched = template;
1200 1134 }
1201 1135 des_ctx->dc_keysched = keysched;
1202 1136
1203 1137 if (strength == DES3) {
1204 1138 des_ctx->dc_flags |= DES3_STRENGTH;
1205 1139 }
1206 1140
1207 1141 switch (mechanism->cm_type) {
1208 1142 case DES_CBC_MECH_INFO_TYPE:
1209 1143 case DES3_CBC_MECH_INFO_TYPE:
1210 1144 rv = cbc_init_ctx((cbc_ctx_t *)des_ctx, mechanism->cm_param,
1211 1145 mechanism->cm_param_len, DES_BLOCK_LEN, des_copy_block64);
1212 1146 break;
1213 1147 case DES_ECB_MECH_INFO_TYPE:
1214 1148 case DES3_ECB_MECH_INFO_TYPE:
↓ open down ↓ |
24 lines elided |
↑ open up ↑ |
1215 1149 des_ctx->dc_flags |= ECB_MODE;
1216 1150 }
1217 1151
1218 1152 if (rv != CRYPTO_SUCCESS) {
1219 1153 if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) {
1220 1154 bzero(keysched, size);
1221 1155 kmem_free(keysched, size);
1222 1156 }
1223 1157 }
1224 1158
1225 -/* EXPORT DELETE END */
1226 -
1227 1159 return (rv);
1228 1160 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX