ccm.c revision 25cc6a4036ecb7db695004fd80f58ac8a82aedeb
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _KERNEL
#include <strings.h>
#include <limits.h>
#include <assert.h>
#include <security/cryptoki.h>
#endif
#include <sys/byteorder.h>
#define UNALIGNED_POINTERS_PERMITTED
#endif
/*
* Encrypt multiple blocks of data in CCM mode. Decrypt for CCM mode
* is done in another function.
*/
int
{
void *iov_or_mp;
/* accumulate bytes here and return */
length);
return (CRYPTO_SUCCESS);
}
do {
/* Unprocessed data from last call. */
if (ctx->ccm_remainder_len > 0) {
return (CRYPTO_DATA_LEN_RANGE);
} else {
}
/*
* do CBC MAC
*
* XOR the previous cipher block current clear block.
* mac_buf always contain previous cipher block.
*/
/* ccm_cb is the counter block */
/*
* Increment counter. Counter bits are confined
* to the bottom 64 bits of the counter block.
*/
#ifdef _LITTLE_ENDIAN
#else
counter++;
#endif /* _LITTLE_ENDIAN */
/*
* XOR encrypted counter block with the current clear block.
*/
if (ctx->ccm_remainder_len > 0) {
need);
}
} else {
/* copy block to where it belongs */
if (out_data_1_len == block_size) {
} else {
if (out_data_2 != NULL) {
}
}
/* update offset */
}
/* Update pointer to next block of data to be processed. */
if (ctx->ccm_remainder_len != 0) {
ctx->ccm_remainder_len = 0;
} else {
datap += block_size;
}
/* Incomplete last block. */
goto out;
}
} while (remainder > 0);
out:
return (CRYPTO_SUCCESS);
}
void
{
int i;
/* first counter block start with index 0 */
counter = 0;
/* calculate XOR of MAC with first counter block */
for (i = 0; i < ctx->ccm_mac_len; i++) {
}
}
/* ARGSUSED */
int
{
void *iov_or_mp;
int i;
return (CRYPTO_DATA_LEN_RANGE);
}
/*
* When we get here, the number of bytes of payload processed
* plus whatever data remains, if any,
* should be the same as the number of bytes that's being
* passed in the argument during init time.
*/
!= (ctx->ccm_data_len)) {
return (CRYPTO_DATA_LEN_RANGE);
}
if (ctx->ccm_remainder_len > 0) {
/* ccm_mac_input_buf is not used for encryption */
/* copy remainder to temporary buffer */
/* calculate the CBC MAC */
/* calculate the counter mode */
/* XOR with counter block */
for (i = 0; i < ctx->ccm_remainder_len; i++) {
}
}
/* Calculate the CCM MAC */
if (ctx->ccm_remainder_len > 0) {
/* copy temporary block to where it belongs */
if (out_data_2 == NULL) {
/* everything will fit in out_data_1 */
ctx->ccm_mac_len);
} else {
ctx->ccm_mac_len);
} else {
/* mac will be in out_data_2 */
ctx->ccm_mac_len);
} else {
/*
* part of mac in will be in
* out_data_1, part of the mac will be
* in out_data_2
*/
}
}
}
} else {
/* copy block to where it belongs */
if (out_data_2 != NULL) {
}
}
ctx->ccm_remainder_len = 0;
return (CRYPTO_SUCCESS);
}
/*
* This will only deal with decrypting the last block of the input that
* might not be a multiple of block length.
*/
void
{
int i;
/* XOR with counter block */
for (i = 0; i < ctx->ccm_remainder_len; i++) {
}
}
/*
* This will decrypt the cipher text. However, the plaintext won't be
* returned to the caller. It will be returned when decrypt_final() is
* called if the MAC matches
*/
/* ARGSUSED */
int
{
if (pm_len > 0) {
/*
* all ciphertext has been processed, just waiting for
* part of the value of the mac
*/
return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
}
return (CRYPTO_SUCCESS);
}
/*
* If we decrypt the given data, what total amount of data would
* have been decrypted?
*/
if (total_decrypted_len >
return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
}
if (total_decrypted_len > pt_len) {
/*
* part of the input will be the MAC, need to isolate that
* to be dealt with later. The left-over data in
* ccm_remainder_len from last time will not be part of the
* MAC. Otherwise, it would have already been taken out
* when this call is made last time.
*/
/*
* since this is last of the ciphertext, will
* just decrypt with it here
*/
ctx->ccm_remainder_len = 0;
return (CRYPTO_SUCCESS);
} else {
/* let rest of the code handle this */
}
/* accumulate bytes here and return */
length);
return (CRYPTO_SUCCESS);
}
do {
/* Unprocessed data from last call. */
if (ctx->ccm_remainder_len > 0) {
return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
} else {
}
/* Calculate the counter mode, ccm_cb is the counter block */
/*
* Increment counter.
* Counter bits are confined to the bottom 64 bits
*/
#ifdef _LITTLE_ENDIAN
#else
counter++;
#endif /* _LITTLE_ENDIAN */
/* XOR with the ciphertext */
/* Copy the plaintext to the "holding buffer" */
/* Update pointer to next block of data to be processed. */
if (ctx->ccm_remainder_len != 0) {
ctx->ccm_remainder_len = 0;
} else {
datap += block_size;
}
/* Incomplete last block */
if (ctx->ccm_processed_mac_len > 0) {
/*
* not expecting anymore ciphertext, just
* compute plaintext for the remaining input
*/
ctx->ccm_remainder_len = 0;
}
goto out;
}
} while (remainder > 0);
out:
return (CRYPTO_SUCCESS);
}
int
{
void *iov_or_mp;
/* Make sure output buffer can fit all of the plaintext */
return (CRYPTO_DATA_LEN_RANGE);
}
while (mac_remain > 0) {
if (mac_remain < block_size) {
mac_remain = 0;
} else {
mac_remain -= block_size;
pt += block_size;
}
/* calculate the CBC MAC */
}
/* Calculate the CCM MAC */
/* compare the input CCM MAC value with what we calculated */
/* They don't match */
return (CRYPTO_INVALID_MAC);
} else {
if (out_data_2 != NULL) {
}
}
return (CRYPTO_SUCCESS);
}
int
{
uint8_t q;
/*
* Check the length of the MAC. The only valid
* lengths for the MAC are: 4, 6, 8, 10, 12, 14, 16
*/
return (CRYPTO_MECHANISM_PARAM_INVALID);
}
/* Check the nonce length. Valid values are 7, 8, 9, 10, 11, 12, 13 */
return (CRYPTO_MECHANISM_PARAM_INVALID);
}
/* q is the length of the field storing the length, in bytes */
/*
* If it is decrypt, need to make sure size of ciphertext is at least
* bigger than MAC len
*/
return (CRYPTO_MECHANISM_PARAM_INVALID);
}
/*
* Check to make sure the length of the payload is within the
* range of values allowed by q
*/
if (q < 8) {
} else {
}
return (CRYPTO_MECHANISM_PARAM_INVALID);
}
return (CRYPTO_SUCCESS);
}
/*
* Format the first block used in CBC-MAC (B0) and the initial counter
* block based on formatting functions and counter generation functions
* specified in RFC 3610 and NIST publication 800-38C, appendix A
*
* b0 is the first block used in CBC-MAC
* cb0 is the first counter block
*
* It's assumed that the arguments b0 and cb0 are preallocated AES blocks
*
*/
static void
{
uint8_t t, q, have_adata = 0;
int i, j, k;
/* Construct the first octet of b0 */
if (authDataSize > 0) {
have_adata = 1;
}
/* copy the nonce value into b0 */
/* store the length of the payload into b0 */
}
/* format the counter block */
/* copy the nonce value into the counter block */
/* Create the mask for the counter field based on the size of nonce */
q <<= 3;
while (q-- > 0) {
mask |= (1ULL << q);
}
#ifdef _LITTLE_ENDIAN
#endif
/*
* During calculation, we start using counter block 1, we will
* set it up right here.
* We can just set the last byte to have the value 1, because
* even with the biggest nonce of 13, the last byte of the
* counter block will be used for the counter value.
*/
}
/*
* Encode the length of the associated data as
* specified in RFC 3610 and NIST publication 800-38C, appendix A
*/
static void
{
#ifdef UNALIGNED_POINTERS_PERMITTED
#ifdef _LP64
#endif
#endif /* UNALIGNED_POINTERS_PERMITTED */
/* 0 < a < (2^16-2^8) */
*encoded_len = 2;
/* (2^16-2^8) <= a < 2^32 */
*encoded_len = 6;
encoded[0] = 0xff;
#ifdef UNALIGNED_POINTERS_PERMITTED
#else
#endif /* UNALIGNED_POINTERS_PERMITTED */
#ifdef _LP64
} else {
/* 2^32 <= a < 2^64 */
*encoded_len = 10;
encoded[0] = 0xff;
#ifdef UNALIGNED_POINTERS_PERMITTED
#else
#endif /* UNALIGNED_POINTERS_PERMITTED */
#endif /* _LP64 */
}
}
/*
* The following function should be call at encrypt or decrypt init time
* for AES CCM mode.
*/
int
{
size_t encoded_a_len = 0;
/*
* Format the 1st block for CBC-MAC and construct the
* 1st counter block.
*
* aes_ctx->ccm_iv is used for storing the counter block
* mac_buf will store b0 at this time.
*/
/* The IV for CBC MAC for AES CCM mode is always zero */
/* encrypt the nonce */
/* take care of the associated data, if any */
if (auth_data_len == 0) {
return (CRYPTO_SUCCESS);
}
/* 1st block: it contains encoded associated data, and some data */
if (processed > auth_data_len) {
/* in case auth_data is very small */
}
/* xor with previous buffer */
if (remainder == 0) {
/* a small amount of associated data, it's all done now */
return (CRYPTO_SUCCESS);
}
do {
if (remainder < block_size) {
/*
* There's not a block full of data, pad rest of
* buffer with zero
*/
remainder = 0;
} else {
processed += block_size;
remainder -= block_size;
}
} while (remainder > 0);
return (CRYPTO_SUCCESS);
}
int
{
int rv;
is_encrypt_init)) != 0) {
return (rv);
}
if (is_encrypt_init) {
} else {
ccm_ctx->ccm_processed_mac_len = 0;
}
} else {
goto out;
}
encrypt_block, xor_block) != 0) {
goto out;
}
if (!is_encrypt_init) {
/* allocate buffer for storing decrypted plaintext */
#ifdef _KERNEL
kmflag);
#else
#endif
}
}
out:
return (rv);
}
void *
ccm_alloc_ctx(int kmflag)
{
#ifdef _KERNEL
#else
#endif
return (NULL);
return (ccm_ctx);
}