softAESCrypt.c revision 16239bc82c111618343e0a5b1a70e0fc702d00e0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <security/cryptoki.h>
#include "softSession.h"
#include "softObject.h"
#include "softCrypt.h"
#include <aes_impl.h>
/*
* Allocate context for the active encryption or decryption operation, and
* generate AES key schedule to speed up the operation.
*/
{
if (soft_aes_ctx == NULL) {
return (CKR_HOST_MEMORY);
}
return (CKR_HOST_MEMORY);
}
if (encrypt) {
/* Called by C_EncryptInit. */
} else {
/* Called by C_DecryptInit. */
}
/*
* If this is a non-sensitive key and it does NOT have
* a key schedule yet, then allocate one and expand it.
* Otherwise, if it's a non-sensitive key, and it DOES have
* a key schedule already attached to it, just copy the
* pre-expanded schedule to the context and avoid the
* extra key schedule expansion operation.
*/
void *ks;
(void) pthread_mutex_unlock(
&key_p->object_mutex);
return (CKR_HOST_MEMORY);
}
#ifdef __sparcv9
/* LINTED */
#else /* !__sparcv9 */
#endif /* __sparcv9 */
}
}
} else {
/*
* Initialize key schedule for AES. aes_init_keysched()
* requires key length in bits.
*/
#ifdef __sparcv9
/* LINTED */
#else /* !__sparcv9 */
#endif /* __sparcv9 */
}
return (CKR_OK);
}
/*
* soft_aes_encrypt_common()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pData: pointer to the input data to be encrypted
* ulDataLen: length of the input data
* pEncrypted: pointer to the output data after encryption
* pulEncryptedLen: pointer to the length of the output data
* update: boolean flag indicates caller is soft_encrypt
* or soft_encrypt_update
*
* Description:
* This function calls the corresponding encrypt routine based
* on the mechanism.
*
* Returns:
* CKR_OK: success
* CKR_BUFFER_TOO_SMALL: the output buffer provided by application
* is too small
* CKR_FUNCTION_FAILED: encrypt function failed
* CKR_DATA_LEN_RANGE: the input data is not a multiple of blocksize
*/
{
int rc = 0;
if (mechanism == CKM_AES_CTR)
goto do_encryption;
/*
* AES only takes input length that is a multiple of blocksize
* for C_Encrypt function with the mechanism CKM_AES_ECB or
* CKM_AES_CBC.
*
* AES allows any input length for C_Encrypt function with the
* mechanism CKM_AES_CBC_PAD and for C_EncryptUpdate function.
*/
if ((ulDataLen % AES_BLOCK_LEN) != 0) {
goto cleanup;
}
}
if (!update) {
/*
* Called by C_Encrypt
*/
if (mechanism == CKM_AES_CBC_PAD) {
/*
* For CKM_AES_CBC_PAD, compute output length to
* count for the padding. If the length of input
* data is a multiple of blocksize, then make output
* length to be the sum of the input length and
* one blocksize. Otherwise, output length will
* be rounded up to the next multiple of blocksize.
*/
out_len = AES_BLOCK_LEN *
} else {
/*
* For non-padding mode, the output length will
* be same as the input length.
*/
}
/*
* If application asks for the length of the output buffer
* to hold the ciphertext?
*/
if (pEncrypted == NULL) {
return (CKR_OK);
}
/* Is the application-supplied buffer large enough? */
if (*pulEncryptedLen < out_len) {
return (CKR_BUFFER_TOO_SMALL);
}
/* Encrypt pad bytes in a separate operation */
if (mechanism == CKM_AES_CBC_PAD) {
out_len -= AES_BLOCK_LEN;
}
} else {
/*
* Called by C_EncryptUpdate
*
* Add the lengths of last remaining data and current
* plaintext together to get the total input length.
*/
/*
* If the total input length is less than one blocksize,
* or if the total input length is just one blocksize and
* the mechanism is CKM_AES_CBC_PAD, we will need to delay
* encryption until when more data comes in next
* C_EncryptUpdate or when C_EncryptFinal is called.
*/
if ((total_len < AES_BLOCK_LEN) ||
((mechanism == CKM_AES_CBC_PAD) &&
(total_len == AES_BLOCK_LEN))) {
if (pEncrypted != NULL) {
/*
* Save input data and its length in
* the remaining buffer of AES context.
*/
}
/* Set encrypted data length to 0. */
*pulEncryptedLen = 0;
return (CKR_OK);
}
/* Compute the length of remaing data. */
/*
* Make sure that the output length is a multiple of
* blocksize.
*/
/*
* If application asks for the length of the output buffer
* to hold the ciphertext?
*/
if (pEncrypted == NULL) {
return (CKR_OK);
}
/* Is the application-supplied buffer large enough? */
if (*pulEncryptedLen < out_len) {
return (CKR_BUFFER_TOO_SMALL);
}
if (soft_aes_ctx->remain_len != 0) {
/*
* Copy last remaining data and current input data
* to the output buffer.
*/
in_buf = pEncrypted;
} else {
}
}
/*
* Begin Encryption now.
*/
switch (mechanism) {
case CKM_AES_ECB:
{
ulong_t i;
for (i = 0; i < out_len; i += AES_BLOCK_LEN) {
tmp_outbuf = &out_buf[i];
/* Crunch one block of data for AES. */
}
if (update) {
/*
* For encrypt update, if there is a remaining
* data, save it and its length in the context.
*/
if (remain != 0)
}
break;
}
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
{
/* Encrypt multiple blocks of data. */
if (rc != 0)
goto encrypt_failed;
if (update) {
/*
* For encrypt update, if there is remaining data,
* save it and its length in the context.
*/
if (remain != 0)
} else if (mechanism == CKM_AES_CBC_PAD) {
/*
* Save the remainder of the input
* block in a temporary block because
* we dont want to overrun the buffer
* by tacking on pad bytes.
*/
/* Encrypt last block containing pad bytes. */
out_len += AES_BLOCK_LEN;
}
if (rc == 0) {
break;
}
*pulEncryptedLen = 0;
goto cleanup;
}
case CKM_AES_CTR:
{
if (rc != 0) {
*pulEncryptedLen = 0;
goto cleanup;
}
/*
* Since AES counter mode is a stream cipher, we call
* aes_counter_final() to pick up any remaining bytes.
* It is an internal function that does not destroy
* the context like *normal* final routines.
*/
}
} /* end switch */
if (update)
return (CKR_OK);
/*
* The following code will be executed if the caller is
* soft_encrypt() or an error occurred. The encryption
* operation will be terminated so we need to do some cleanup.
*/
}
return (rv);
}
/*
* soft_aes_decrypt_common()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pEncrypted: pointer to the input data to be decrypted
* ulEncryptedLen: length of the input data
* pData: pointer to the output data
* pulDataLen: pointer to the length of the output data
* Update: boolean flag indicates caller is soft_decrypt
* or soft_decrypt_update
*
* Description:
* This function calls the corresponding decrypt routine based
* on the mechanism.
*
* Returns:
* CKR_OK: success
* CKR_BUFFER_TOO_SMALL: the output buffer provided by application
* is too small
* CKR_ENCRYPTED_DATA_LEN_RANGE: the input data is not a multiple
* of blocksize
* CKR_FUNCTION_FAILED: decrypt function failed
*/
{
int rc = 0;
if (mechanism == CKM_AES_CTR)
goto do_decryption;
/*
* AES only takes input length that is a multiple of 16 bytes
* for C_Decrypt function with the mechanism CKM_AES_ECB,
* CKM_AES_CBC or CKM_AES_CBC_PAD.
*
* AES allows any input length for C_DecryptUpdate function.
*/
if (!update) {
/*
* Called by C_Decrypt
*/
if ((ulEncryptedLen % AES_BLOCK_LEN) != 0) {
goto cleanup;
}
/*
* If application asks for the length of the output buffer
* to hold the plaintext?
*/
return (CKR_OK);
}
/* Is the application-supplied buffer large enough? */
if (mechanism != CKM_AES_CBC_PAD) {
if (*pulDataLen < ulEncryptedLen) {
return (CKR_BUFFER_TOO_SMALL);
}
} else {
/*
* For CKM_AES_CBC_PAD, we don't know how
* many bytes for padding at this time, so
* we'd assume one block was padded.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
in_buf = pEncrypted;
} else {
/*
* Called by C_DecryptUpdate
*
* Add the lengths of last remaining data and current
* input data together to get the total input length.
*/
/*
* If the total input length is less than one blocksize,
* or if the total input length is just one blocksize and
* the mechanism is CKM_AES_CBC_PAD, we will need to delay
* decryption until when more data comes in next
* C_DecryptUpdate or when C_DecryptFinal is called.
*/
if ((total_len < AES_BLOCK_LEN) ||
((mechanism == CKM_AES_CBC_PAD) &&
(total_len == AES_BLOCK_LEN))) {
/*
* Save input data and its length in
* the remaining buffer of AES context.
*/
}
/* Set output data length to 0. */
*pulDataLen = 0;
return (CKR_OK);
}
/* Compute the length of remaing data. */
/*
* Make sure that the output length is a multiple of
* blocksize.
*/
if (mechanism == CKM_AES_CBC_PAD) {
/*
* If the input data length is a multiple of
* blocksize, then save the last block of input
* data in the remaining buffer. C_DecryptFinal
* will handle this last block of data.
*/
if (remain == 0) {
out_len -= AES_BLOCK_LEN;
}
}
/*
* If application asks for the length of the output buffer
* to hold the plaintext?
*/
*pulDataLen = out_len;
return (CKR_OK);
}
/*
* Is the application-supplied buffer large enough?
*/
if (*pulDataLen < out_len) {
*pulDataLen = out_len;
return (CKR_BUFFER_TOO_SMALL);
}
if (soft_aes_ctx->remain_len != 0) {
/*
* Copy last remaining data and current input data
* to the output buffer.
*/
} else {
in_buf = pEncrypted;
}
}
/*
* Begin Decryption.
*/
switch (mechanism) {
case CKM_AES_ECB:
{
ulong_t i;
for (i = 0; i < out_len; i += AES_BLOCK_LEN) {
tmp_outbuf = &out_buf[i];
/* Crunch one block of data for AES. */
}
if (update) {
/*
* For decrypt update, if there is a remaining
* data, save it and its length in the context.
*/
if (remain != 0)
}
*pulDataLen = out_len;
break;
}
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
{
/* Decrypt multiple blocks of data. */
if (rc != 0)
goto decrypt_failed;
/* Decrypt last block containing pad bytes. */
/* Decrypt last block containing pad bytes. */
if (rc != 0)
goto decrypt_failed;
/*
* Remove padding bytes after decryption of
* ciphertext block to produce the original
* plaintext.
*/
if (rem_len != 0)
} else {
*pulDataLen = 0;
goto cleanup;
}
} else {
*pulDataLen = out_len;
}
if (update) {
/*
* For decrypt update, if there is remaining data,
* save it and its length in the context.
*/
if (remain != 0)
}
if (rc == 0)
break;
*pulDataLen = 0;
goto cleanup;
}
case CKM_AES_CTR:
{
if (rc != 0) {
*pulDataLen = 0;
goto cleanup;
}
/*
* Since AES counter mode is a stream cipher, we call
* aes_counter_final() to pick up any remaining bytes.
* It is an internal function that does not destroy
* the context like *normal* final routines.
*/
> 0) {
if (rc == CRYPTO_DATA_LEN_RANGE)
}
}
} /* end switch */
if (update)
return (CKR_OK);
/*
* The following code will be executed if the caller is
* soft_decrypt() or an error occurred. The decryption
* operation will be terminated so we need to do some cleanup.
*/
}
return (rv);
}
/*
* Allocate and initialize a context for AES CBC mode of operation.
*/
void *
{
return (NULL);
return (cbc_ctx);
}
/*
* Allocate and initialize a context for AES CTR mode of operation.
*/
void *
{
/* LINTED: pointer alignment */
return (NULL);
!= CRYPTO_SUCCESS) {
return (NULL);
}
return (ctr_ctx);
}