kcf_cipher.c revision 9b009fc1b553084f6003dcd46b171890049de0ff
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 2N/A * Encryption and decryption routines. * The following are the possible returned values common to all the routines * below. The applicability of some of these return values depends on the * presence of the arguments. * CRYPTO_SUCCESS: The operation completed successfully. * CRYPTO_QUEUED: A request was submitted successfully. The callback * routine will be called when the operation is done. * CRYPTO_INVALID_MECH_NUMBER, CRYPTO_INVALID_MECH_PARAM, or * CRYPTO_INVALID_MECH for problems with the 'mech'. * CRYPTO_INVALID_DATA for bogus 'data' * CRYPTO_HOST_MEMORY for failure to allocate memory to handle this work. * CRYPTO_INVALID_CONTEXT: Not a valid context. * CRYPTO_BUSY: Cannot process the request now. Schedule a * crypto_bufcall(), or try later. * CRYPTO_NOT_SUPPORTED and CRYPTO_MECH_NOT_SUPPORTED: No provider is * capable of a function or a mechanism. * CRYPTO_INVALID_KEY: bogus 'key' argument. * CRYPTO_INVALID_PLAINTEXT: bogus 'plaintext' argument. * CRYPTO_INVALID_CIPHERTEXT: bogus 'ciphertext' argument. * crypto_cipher_init_prov() * pd: provider descriptor * mech: crypto_mechanism_t pointer. * mech_type is a valid value previously returned by * When the mech's parameter is not NULL, its definition depends * on the standard definition of the mechanism. * key: pointer to a crypto_key_t structure. * tmpl: a crypto_ctx_template_t, opaque template of a context of an * encryption or decryption with the 'mech' using 'key'. * 'tmpl' is created by a previous call to * crypto_create_ctx_template(). * ctxp: Pointer to a crypto_context_t. * func: CRYPTO_FG_ENCRYPT or CRYPTO_FG_DECRYPT. * cr: crypto_call_req_t calling conditions and call back info. * This is a common function invoked internally by both * crypto_encrypt_init() and crypto_decrypt_init(). * Asynchronously submits a request for, or synchronously performs the * initialization of an encryption or a decryption operation. * When possible and applicable, will internally use the pre-expanded key * schedule from the context template, tmpl. * When complete and successful, 'ctxp' will contain a crypto_context_t * valid for later calls to encrypt_update() and encrypt_final(), or * decrypt_update() and decrypt_final(). * The caller should hold a reference on the specified provider * descriptor before calling this function. * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. /* Allocate and initialize the canonical context */ /* The fast path for SW providers. */ /* Check if context sharing is possible */ * key->ck_length from the consumer is always in bits. * We convert it to be in the same unit registered by * the provider in order to do a comparison. * Check if the software provider can support context * sharing and support this key length. /* Release the hold done in kcf_new_ctx(). */ * Same as crypto_cipher_init_prov(), but relies on the scheduler to pick * an appropriate provider. See crypto_cipher_init_prov() comments for more /* pd is returned held */ * For SW providers, check the validity of the context template * It is very rare that the generation number mis-matches, so * is acceptable to fail here, and let the consumer recover by * freeing this tmpl and create a new one for the key and new SW /* Add pd to the linked list of providers tried. */ * pd: provider descriptor * mech: crypto_mechanism_t pointer. * mech_type is a valid value previously returned by * When the mech's parameter is not NULL, its definition depends * on the standard definition of the mechanism. * key: pointer to a crypto_key_t structure. * plaintext: The message to be encrypted * ciphertext: Storage for the encrypted message. The length needed * depends on the mechanism, and the plaintext's size. * tmpl: a crypto_ctx_template_t, opaque template of a context of an * encryption with the 'mech' using 'key'. 'tmpl' is created by * a previous call to crypto_create_ctx_template(). * cr: crypto_call_req_t calling conditions and call back info. * Asynchronously submits a request for, or synchronously performs a * single-part encryption of 'plaintext' with the mechanism 'mech', using * When complete and successful, 'ciphertext' will contain the encrypted * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. * Same as crypto_encrypt_prov(), but relies on the scheduler to pick * a provider. See crypto_encrypt_prov() for more details. /* pd is returned held */ * For SW providers, check the validity of the context template * It is very rare that the generation number mis-matches, so * is acceptable to fail here, and let the consumer recover by * freeing this tmpl and create a new one for the key and new SW /* The fast path for SW providers. */ /* Add pd to the linked list of providers tried. */ * crypto_encrypt_init_prov() * Calls crypto_cipher_init_prov() to initialize an encryption operation. * Calls crypto_cipher_init() to initialize an encryption operation * crypto_encrypt_update() * context: A crypto_context_t initialized by encrypt_init(). * plaintext: The message part to be encrypted * ciphertext: Storage for the encrypted message part. * cr: crypto_call_req_t calling conditions and call back info. * Asynchronously submits a request for, or synchronously performs a * part of an encryption operation. * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. /* The fast path for SW providers. */ /* Check if we should use a software provider for small jobs */ * context: A crypto_context_t initialized by encrypt_init(). * ciphertext: Storage for the last part of encrypted message * cr: crypto_call_req_t calling conditions and call back info. * Asynchronously submits a request for, or synchronously performs the * final part of an encryption operation. * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. /* The fast path for SW providers. */ /* Release the hold done in kcf_new_ctx() during init step. */ * pd: provider descriptor * mech: crypto_mechanism_t pointer. * mech_type is a valid value previously returned by * When the mech's parameter is not NULL, its definition depends * on the standard definition of the mechanism. * key: pointer to a crypto_key_t structure. * ciphertext: The message to be encrypted * plaintext: Storage for the encrypted message. The length needed * depends on the mechanism, and the plaintext's size. * tmpl: a crypto_ctx_template_t, opaque template of a context of an * encryption with the 'mech' using 'key'. 'tmpl' is created by * a previous call to crypto_create_ctx_template(). * cr: crypto_call_req_t calling conditions and call back info. * Asynchronously submits a request for, or synchronously performs a * single-part decryption of 'ciphertext' with the mechanism 'mech', using * When complete and successful, 'plaintext' will contain the decrypted * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. * Same as crypto_decrypt_prov(), but relies on the KCF scheduler to * choose a provider. See crypto_decrypt_prov() comments for more /* pd is returned held */ * For SW providers, check the validity of the context template * It is very rare that the generation number mis-matches, so * is acceptable to fail here, and let the consumer recover by * freeing this tmpl and create a new one for the key and new SW /* The fast path for SW providers. */ /* Add pd to the linked list of providers tried. */ * crypto_decrypt_init_prov() * Calls crypto_cipher_init_prov() to initialize a decryption operation * Calls crypto_cipher_init() to initialize a decryption operation * crypto_decrypt_update() * context: A crypto_context_t initialized by decrypt_init(). * ciphertext: The message part to be decrypted * plaintext: Storage for the decrypted message part. * cr: crypto_call_req_t calling conditions and call back info. * Asynchronously submits a request for, or synchronously performs a * part of an decryption operation. * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. /* The fast path for SW providers. */ /* Check if we should use a software provider for small jobs */ * context: A crypto_context_t initialized by decrypt_init(). * plaintext: Storage for the last part of the decrypted message * cr: crypto_call_req_t calling conditions and call back info. * Asynchronously submits a request for, or synchronously performs the * final part of a decryption operation. * Process or interrupt, according to the semantics dictated by the 'cr'. * See comment in the beginning of the file. /* The fast path for SW providers. */ /* Release the hold done in kcf_new_ctx() during init step. */ * See comments for crypto_encrypt_update(). /* The fast path for SW providers. */ /* Release the hold done in kcf_new_ctx() during init step. */ * See comments for crypto_decrypt_update(). /* The fast path for SW providers. */ /* Release the hold done in kcf_new_ctx() during init step. */