sha2_mod.c revision 5b675b316486993a90722f1a7ec08ce857ef7af7
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <sys/sysmacros.h>
#define _SHA2_IMPL
/*
* The sha2 module is created with two modlinkages:
* - a modlmisc that allows consumers to directly call the entry points
* SHA2Init, SHA2Update, and SHA2Final.
* - a modlcrypto that allows the module to register with the Kernel
* Cryptographic Framework (KCF) as a software provider for the SHA2
* mechanisms.
*/
"SHA2 Message-Digest Algorithm"
};
static struct modlcrypto modlcrypto = {
"SHA2 Kernel SW Provider"
};
static struct modlinkage modlinkage = {
};
/*
* CSPI information (entry points, provider info, etc.)
*/
/*
* Context for SHA2 mechanism.
*/
typedef struct sha2_ctx {
} sha2_ctx_t;
/*
* Context for SHA2 HMAC and HMAC GENERAL mechanisms.
*/
typedef struct sha2_hmac_ctx {
/*
* Macros to access the SHA2 or SHA2-HMAC contexts from a context passed
* by KCF to one of the entry points.
*/
/* to extract the digest length passed as mechanism parameter */
#define PROV_SHA2_GET_DIGEST_LEN(m, len) { \
else { \
} \
}
}
/*
* Mechanism info structure passed to KCF during registration.
*/
static crypto_mech_info_t sha2_mech_info_tab[] = {
/* SHA256 */
0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
/* SHA256-HMAC */
/* SHA256-HMAC GENERAL */
/* SHA384 */
0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
/* SHA384-HMAC */
/* SHA384-HMAC GENERAL */
/* SHA512 */
0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
/* SHA512-HMAC */
/* SHA512-HMAC GENERAL */
};
static crypto_control_ops_t sha2_control_ops = {
};
static crypto_digest_ops_t sha2_digest_ops = {
NULL,
};
static crypto_mac_ops_t sha2_mac_ops = {
NULL,
};
static int sha2_create_ctx_template(crypto_provider_handle_t,
static int sha2_free_context(crypto_ctx_t *);
static crypto_ctx_ops_t sha2_ctx_ops = {
};
static crypto_ops_t sha2_crypto_ops = {
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
static crypto_provider_info_t sha2_prov_info = {
"SHA2 Software Provider",
{&modlinkage},
NULL,
sizeof (sha2_mech_info_tab)/sizeof (crypto_mech_info_t),
};
int
_init()
{
int ret;
return (ret);
/*
* Register with KCF. If the registration fails, log an
* error but do not uninstall the module, since the functionality
*/
&sha2_prov_handle)) != CRYPTO_SUCCESS)
"crypto_register_provider() failed (0x%x)", ret);
return (0);
}
int
{
}
/*
* KCF software provider control entry points.
*/
/* ARGSUSED */
static void
{
}
/*
* KCF software provider digest entry points.
*/
static int
{
/*
* Allocate and initialize SHA2 context.
*/
crypto_kmflag(req));
return (CRYPTO_HOST_MEMORY);
return (CRYPTO_SUCCESS);
}
/*
* Helper SHA2 digest update function for uio data.
*/
static int
{
/* we support only kernel buffer */
return (CRYPTO_ARGUMENTS_BAD);
/*
* Jump to the first iovec containing data to be
* digested.
*/
;
/*
* The caller specified an offset that is larger than the
* total size of the buffers it provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
/*
* Now do the digesting on the iovecs.
*/
vec_idx++;
offset = 0;
}
/*
* The end of the specified iovec's was reached but
* the length requested could not be processed, i.e.
* The caller requested to digest more data than it provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
return (CRYPTO_SUCCESS);
}
/*
* Helper SHA2 digest final function for uio data.
* digest_len is the length of the desired digest. If digest_len
* is smaller than the default SHA2 digest length, the caller
* must pass a scratch buffer, digest_scratch, which must
* be at least the algorithm's digest length bytes.
*/
static int
{
/* we support only kernel buffer */
return (CRYPTO_ARGUMENTS_BAD);
/*
* Jump to the first iovec containing ptr to the digest to
* be returned.
*/
;
/*
* The caller specified an offset that is
* larger than the total size of the buffers
* it provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
if (offset + digest_len <=
/*
* The computed SHA2 digest will fit in the current
* iovec.
*/
(digest_len != SHA256_DIGEST_LENGTH)) ||
(digest_len != SHA512_DIGEST_LENGTH))) {
/*
* The caller requested a short digest. Digest
* into a scratch buffer and return to
* the user only what was requested.
*/
} else {
sha2_ctx);
}
} else {
/*
* The computed digest will be crossing one or more iovec's.
* This is bad performance-wise but we need to support it.
* Allocate a small scratch buffer on the stack and
* copy it piece meal to the specified digest iovec's.
*/
off_t scratch_offset = 0;
cur_len =
cur_len);
vec_idx++;
offset = 0;
}
/*
* The end of the specified iovec's was reached but
* the length requested could not be processed, i.e.
* The caller requested to digest more data than it
* provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
}
return (CRYPTO_SUCCESS);
}
/*
* Helper SHA2 digest update for mblk's.
*/
static int
{
/*
* Jump to the first mblk_t containing data to be digested.
*/
;
/*
* The caller specified an offset that is larger than the
* total size of the buffers it provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
/*
* Now do the digesting on the mblk chain.
*/
offset = 0;
}
/*
* The end of the mblk was reached but the length requested
* could not be processed, i.e. The caller requested
* to digest more data than it provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
return (CRYPTO_SUCCESS);
}
/*
* Helper SHA2 digest final for mblk's.
* digest_len is the length of the desired digest. If digest_len
* is smaller than the default SHA2 digest length, the caller
* must pass a scratch buffer, digest_scratch, which must
* be at least the algorithm's digest length bytes.
*/
static int
{
/*
* Jump to the first mblk_t that will be used to store the digest.
*/
;
/*
* The caller specified an offset that is larger than the
* total size of the buffers it provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
/*
* The computed SHA2 digest will fit in the current mblk.
* Do the SHA2Final() in-place.
*/
(digest_len != SHA256_DIGEST_LENGTH)) ||
(digest_len != SHA512_DIGEST_LENGTH))) {
/*
* The caller requested a short digest. Digest
* into a scratch buffer and return to
* the user only what was requested.
*/
} else {
}
} else {
/*
* The computed digest will be crossing one or more mblk's.
* This is bad performance-wise but we need to support it.
* Allocate a small scratch buffer on the stack and
* copy it piece meal to the specified digest iovec's.
*/
off_t scratch_offset = 0;
offset = 0;
}
/*
* The end of the specified mblk was reached but
* the length requested could not be processed, i.e.
* The caller requested to digest more data than it
* provided.
*/
return (CRYPTO_DATA_LEN_RANGE);
}
}
return (CRYPTO_SUCCESS);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
case SHA256_MECH_INFO_TYPE:
break;
case SHA384_MECH_INFO_TYPE:
break;
case SHA512_MECH_INFO_TYPE:
break;
default:
return (CRYPTO_MECHANISM_INVALID);
}
/*
* We need to just return the length needed to store the output.
* We should not destroy the context for the following cases.
*/
return (CRYPTO_BUFFER_TOO_SMALL);
}
/*
* Do the SHA2 update on the specified input data.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
data);
break;
case CRYPTO_DATA_MBLK:
data);
break;
default:
}
if (ret != CRYPTO_SUCCESS) {
/* the update failed, free context and bail */
return (ret);
}
/*
* Do a SHA2 final, must be done separately since the digest
* type can be different than the input data type.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
break;
case CRYPTO_DATA_MBLK:
break;
default:
}
/* all done, free context and return */
if (ret == CRYPTO_SUCCESS)
else
return (ret);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
/*
* Do the SHA2 update on the specified input data.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
data);
break;
case CRYPTO_DATA_MBLK:
data);
break;
default:
}
return (ret);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
case SHA256_MECH_INFO_TYPE:
break;
case SHA384_MECH_INFO_TYPE:
break;
case SHA512_MECH_INFO_TYPE:
break;
default:
return (CRYPTO_MECHANISM_INVALID);
}
/*
* We need to just return the length needed to store the output.
* We should not destroy the context for the following cases.
*/
return (CRYPTO_BUFFER_TOO_SMALL);
}
/*
* Do a SHA2 final.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
break;
case CRYPTO_DATA_MBLK:
break;
default:
}
/* all done, free context and return */
if (ret == CRYPTO_SUCCESS)
else
return (ret);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
/*
* Do the SHA inits.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
break;
case CRYPTO_DATA_MBLK:
break;
default:
}
/*
* Do the SHA updates on the specified input data.
*/
if (ret != CRYPTO_SUCCESS) {
/* the update failed, bail */
return (ret);
}
else
/*
* Do a SHA2 final, must be done separately since the digest
* type can be different than the input data type.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
break;
case CRYPTO_DATA_MBLK:
break;
default:
}
if (ret == CRYPTO_SUCCESS)
else
return (ret);
}
/*
* KCF software provider mac entry points.
*
* SHA2 HMAC is: SHA2(key XOR opad, SHA2(key XOR ipad, text))
*
* Init:
* The initialization routine initializes what we denote
* as the inner and outer contexts by doing
* - for inner context: SHA2(key XOR ipad)
* - for outer context: SHA2(key XOR opad)
*
* Update:
* Each subsequent SHA2 HMAC update will result in an
* update of the inner context with the specified data.
*
* Final:
* The SHA2 HMAC final will do a SHA2 final operation on the
* inner context, and the resulting digest will be used
* as the data for an update on the outer context. Last
* but not least, a SHA2 final on the outer context will
* be performed to obtain the SHA2 HMAC digest to return
* to the user.
*/
/*
* Initialize a SHA2-HMAC context.
*/
static void
{
int i, block_size, blocks_per_int64;
/* Determine the block size */
} else {
}
/* XOR key with ipad (0x36) and opad (0x5c) */
for (i = 0; i < blocks_per_int64; i ++) {
ipad[i] ^= 0x3636363636363636;
opad[i] ^= 0x5c5c5c5c5c5c5c5c;
}
/* perform SHA2 on ipad */
/* perform SHA2 on opad */
}
/*
*/
static int
{
int ret = CRYPTO_SUCCESS;
/*
* Set the digest length and block size to values approriate to the
* mechanism
*/
break;
break;
default:
return (CRYPTO_MECHANISM_INVALID);
}
return (CRYPTO_ARGUMENTS_BAD);
crypto_kmflag(req));
return (CRYPTO_HOST_MEMORY);
if (ctx_template != NULL) {
/* reuse context template */
sizeof (sha2_hmac_ctx_t));
} else {
/* no context template, compute context */
if (keylen_in_bytes > sha_hmac_block_size) {
/*
* Hash the passed-in key to get a smaller key.
* The inner context is used since it hasn't been
* initialized yet.
*/
} else {
}
}
/*
* Get the mechanism parameters, if applicable.
*/
}
if (ret != CRYPTO_SUCCESS) {
}
return (ret);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
/*
* Do a SHA2 update of the inner context using the specified
* data.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO:
break;
case CRYPTO_DATA_MBLK:
break;
default:
}
return (ret);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
/* Set the digest lengths to values approriate to the mechanism */
break;
break;
break;
break;
break;
}
/*
* We need to just return the length needed to store the output.
* We should not destroy the context for the following cases.
*/
return (CRYPTO_BUFFER_TOO_SMALL);
}
/*
* Do a SHA2 final on the inner context.
*/
/*
* Do a SHA2 update on the outer context, feeding the inner
* digest as data.
*/
/*
* Do a SHA2 final on the outer context, storing the computing
* digest in the users buffer.
*/
case CRYPTO_DATA_RAW:
if (digest_len != sha_digest_len) {
/*
* The caller requested a short digest. Digest
* into a scratch buffer and return to
* the user only what was requested.
*/
} else {
}
break;
case CRYPTO_DATA_UIO:
digest_len, digest);
break;
case CRYPTO_DATA_MBLK:
digest_len, digest);
break;
default:
}
if (ret == CRYPTO_SUCCESS)
else
return (ret);
}
case CRYPTO_DATA_RAW: \
break; \
case CRYPTO_DATA_UIO: \
break; \
case CRYPTO_DATA_MBLK: \
data); \
break; \
default: \
ret = CRYPTO_ARGUMENTS_BAD; \
} \
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
/*
* Set the digest length and block size to values approriate to the
* mechanism
*/
break;
break;
default:
return (CRYPTO_MECHANISM_INVALID);
}
/* Add support for key by attributes (RFE 4706552) */
return (CRYPTO_ARGUMENTS_BAD);
if (ctx_template != NULL) {
/* reuse context template */
} else {
/* no context template, initialize context */
if (keylen_in_bytes > sha_hmac_block_size) {
/*
* Hash the passed-in key to get a smaller key.
* The inner context is used since it hasn't been
* initialized yet.
*/
} else {
}
}
/* get the mechanism parameters, if applicable */
goto bail;
}
if (digest_len > sha_digest_len) {
goto bail;
}
}
/* do a SHA2 update of the inner context using the specified data */
if (ret != CRYPTO_SUCCESS)
/* the update failed, free context and bail */
goto bail;
/*
* Do a SHA2 final on the inner context.
*/
/*
* Do an SHA2 update on the outer context, feeding the inner
* digest as data.
*
* HMAC-SHA384 needs special handling as the outer hash needs only 48
* bytes of the inner hash value.
*/
else
/*
* Do a SHA2 final on the outer context, storing the computed
* digest in the users buffer.
*/
case CRYPTO_DATA_RAW:
if (digest_len != sha_digest_len) {
/*
* The caller requested a short digest. Digest
* into a scratch buffer and return to
* the user only what was requested.
*/
} else {
}
break;
case CRYPTO_DATA_UIO:
digest_len, digest);
break;
case CRYPTO_DATA_MBLK:
digest_len, digest);
break;
default:
}
if (ret == CRYPTO_SUCCESS) {
return (CRYPTO_SUCCESS);
}
bail:
return (ret);
}
/* ARGSUSED */
static int
{
int ret = CRYPTO_SUCCESS;
/*
* Set the digest length and block size to values approriate to the
* mechanism
*/
break;
break;
default:
return (CRYPTO_MECHANISM_INVALID);
}
/* Add support for key by attributes (RFE 4706552) */
return (CRYPTO_ARGUMENTS_BAD);
if (ctx_template != NULL) {
/* reuse context template */
} else {
/* no context template, initialize context */
if (keylen_in_bytes > sha_hmac_block_size) {
/*
* Hash the passed-in key to get a smaller key.
* The inner context is used since it hasn't been
* initialized yet.
*/
} else {
}
}
/* get the mechanism parameters, if applicable */
goto bail;
}
if (digest_len > sha_digest_len) {
goto bail;
}
}
goto bail;
}
/* do a SHA2 update of the inner context using the specified data */
if (ret != CRYPTO_SUCCESS)
/* the update failed, free context and bail */
goto bail;
/* do a SHA2 final on the inner context */
/*
* Do an SHA2 update on the outer context, feeding the inner
* digest as data.
*
* HMAC-SHA384 needs special handling as the outer hash needs only 48
* bytes of the inner hash value.
*/
else
/*
* Do a SHA2 final on the outer context, storing the computed
* digest in the users buffer.
*/
/*
* Compare the computed digest against the expected digest passed
* as argument.
*/
case CRYPTO_DATA_RAW:
break;
case CRYPTO_DATA_UIO: {
off_t scratch_offset = 0;
/* we support only kernel buffer */
return (CRYPTO_ARGUMENTS_BAD);
/* jump to the first iovec containing the expected digest */
for (vec_idx = 0;
;
/*
* The caller specified an offset that is
* larger than the total size of the buffers
* it provided.
*/
break;
}
/* do the comparison of computed digest vs specified one */
cur_len) != 0) {
break;
}
vec_idx++;
offset = 0;
}
break;
}
case CRYPTO_DATA_MBLK: {
off_t scratch_offset = 0;
/* jump to the first mblk_t containing the expected digest */
;
/*
* The caller specified an offset that is larger than
* the total size of the buffers it provided.
*/
break;
}
break;
}
offset = 0;
}
break;
}
default:
}
return (ret);
bail:
return (ret);
}
/*
* KCF software provider context management entry points.
*/
/* ARGSUSED */
static int
{
/*
* Set the digest length and block size to values approriate to the
* mechanism
*/
break;
break;
default:
return (CRYPTO_MECHANISM_INVALID);
}
/* Add support for key by attributes (RFE 4706552) */
return (CRYPTO_ARGUMENTS_BAD);
/*
* Allocate and initialize SHA2 context.
*/
crypto_kmflag(req));
if (sha2_hmac_ctx_tmpl == NULL)
return (CRYPTO_HOST_MEMORY);
if (keylen_in_bytes > sha_hmac_block_size) {
/*
* Hash the passed-in key to get a smaller key.
* The inner context is used since it hasn't been
* initialized yet.
*/
} else {
}
*ctx_template_size = sizeof (sha2_hmac_ctx_t);
return (CRYPTO_SUCCESS);
}
static int
{
return (CRYPTO_SUCCESS);
/*
* We have to free either SHA2 or SHA2-HMAC contexts, which
* have different lengths.
*
* Note: Below is dependent on the mechanism ordering.
*/
ctx_len = sizeof (sha2_ctx_t);
else
ctx_len = sizeof (sha2_hmac_ctx_t);
return (CRYPTO_SUCCESS);
}