/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <security/cryptoki.h>
#include <aes_impl.h>
#include "kmsSession.h"
#include "kmsObject.h"
#include "kmsCrypt.h"
/*
* Add padding bytes with the value of length of padding.
*/
static void
{
for (i = 0; i < pad_len; i++)
}
/*
* Remove padding bytes.
*/
static CK_RV
{
ulong_t i;
/* Make sure there is a valid padding value. */
return (CKR_ENCRYPTED_DATA_INVALID);
return (CKR_ENCRYPTED_DATA_INVALID);
return (CKR_OK);
}
/*
* Allocate context for the active encryption or decryption operation, and
* generate AES key schedule to speed up the operation.
*/
{
if (kms_aes_ctx == NULL) {
return (CKR_HOST_MEMORY);
}
return (CKR_HOST_MEMORY);
}
if (encrypt) {
/* Called by C_EncryptInit. */
} else {
/* Called by C_DecryptInit. */
}
/*
* If this is a non-sensitive key and it does NOT have
* a key schedule yet, then allocate one and expand it.
* Otherwise, if it's a non-sensitive key, and it DOES have
* a key schedule already attached to it, just copy the
* pre-expanded schedule to the context and avoid the
* extra key schedule expansion operation.
*/
void *ks;
(void) pthread_mutex_unlock(
&key_p->object_mutex);
return (CKR_HOST_MEMORY);
}
#ifdef __sparcv9
/* LINTED */
#else /* !__sparcv9 */
#endif /* __sparcv9 */
}
}
} else {
/*
* Initialize key schedule for AES. aes_init_keysched()
* requires key length in bits.
*/
#ifdef __sparcv9
/* LINTED */
#else /* !__sparcv9 */
#endif /* __sparcv9 */
}
return (CKR_OK);
}
/*
* kms_aes_encrypt_common()
*
* Arguments:
* session_p: pointer to kms_session_t struct
* pData: pointer to the input data to be encrypted
* ulDataLen: length of the input data
* pEncrypted: pointer to the output data after encryption
* pulEncryptedLen: pointer to the length of the output data
* update: boolean flag indicates caller is kms_encrypt
* or kms_encrypt_update
*
* Description:
* This function calls the corresponding encrypt routine based
* on the mechanism.
*
* Returns:
* CKR_OK: success
* CKR_BUFFER_TOO_SMALL: the output buffer provided by application
* is too small
* CKR_FUNCTION_FAILED: encrypt function failed
* CKR_DATA_LEN_RANGE: the input data is not a multiple of blocksize
*/
{
int rc = 0;
if (mechanism == CKM_AES_CTR)
goto do_encryption;
/*
* AES only takes input length that is a multiple of blocksize
* for C_Encrypt function with the mechanism CKM_AES_ECB or
* CKM_AES_CBC.
*
* AES allows any input length for C_Encrypt function with the
* mechanism CKM_AES_CBC_PAD and for C_EncryptUpdate function.
*/
if ((ulDataLen % AES_BLOCK_LEN) != 0) {
goto cleanup;
}
}
if (!update) {
/*
* Called by C_Encrypt
*/
if (mechanism == CKM_AES_CBC_PAD) {
/*
* For CKM_AES_CBC_PAD, compute output length to
* count for the padding. If the length of input
* data is a multiple of blocksize, then make output
* length to be the sum of the input length and
* one blocksize. Otherwise, output length will
* be rounded up to the next multiple of blocksize.
*/
out_len = AES_BLOCK_LEN *
} else {
/*
* For non-padding mode, the output length will
* be same as the input length.
*/
}
/*
* If application asks for the length of the output buffer
* to hold the ciphertext?
*/
if (pEncrypted == NULL) {
return (CKR_OK);
}
/* Is the application-supplied buffer large enough? */
if (*pulEncryptedLen < out_len) {
return (CKR_BUFFER_TOO_SMALL);
}
/* Encrypt pad bytes in a separate operation */
if (mechanism == CKM_AES_CBC_PAD) {
out_len -= AES_BLOCK_LEN;
}
} else {
/*
* Called by C_EncryptUpdate
*
* Add the lengths of last remaining data and current
* plaintext together to get the total input length.
*/
/*
* If the total input length is less than one blocksize,
* or if the total input length is just one blocksize and
* the mechanism is CKM_AES_CBC_PAD, we will need to delay
* encryption until when more data comes in next
* C_EncryptUpdate or when C_EncryptFinal is called.
*/
if ((total_len < AES_BLOCK_LEN) ||
((mechanism == CKM_AES_CBC_PAD) &&
(total_len == AES_BLOCK_LEN))) {
if (pEncrypted != NULL) {
/*
* Save input data and its length in
* the remaining buffer of AES context.
*/
}
/* Set encrypted data length to 0. */
*pulEncryptedLen = 0;
return (CKR_OK);
}
/* Compute the length of remaining data. */
/*
* Make sure that the output length is a multiple of
* blocksize.
*/
/*
* If application asks for the length of the output buffer
* to hold the ciphertext?
*/
if (pEncrypted == NULL) {
return (CKR_OK);
}
/* Is the application-supplied buffer large enough? */
if (*pulEncryptedLen < out_len) {
return (CKR_BUFFER_TOO_SMALL);
}
if (kms_aes_ctx->remain_len != 0) {
/*
* Copy last remaining data and current input data
* to the output buffer.
*/
in_buf = pEncrypted;
} else {
}
}
/*
* Begin Encryption now.
*/
switch (mechanism) {
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
{
/* Encrypt multiple blocks of data. */
if (rc != 0)
goto encrypt_failed;
if (update) {
/*
* For encrypt update, if there is remaining data,
* save it and its length in the context.
*/
if (remain != 0)
} else if (mechanism == CKM_AES_CBC_PAD) {
/*
* Save the remainder of the input
* block in a temporary block because
* we dont want to overrun the buffer
* by tacking on pad bytes.
*/
/* Encrypt last block containing pad bytes. */
out_len += AES_BLOCK_LEN;
}
if (rc == 0) {
break;
}
*pulEncryptedLen = 0;
goto cleanup;
}
default:
goto cleanup;
} /* end switch */
if (update)
return (CKR_OK);
/*
* The following code will be executed if the caller is
* kms_encrypt() or an error occurred. The encryption
* operation will be terminated so we need to do some cleanup.
*/
}
return (rv);
}
/*
* kms_aes_decrypt_common()
*
* Arguments:
* session_p: pointer to kms_session_t struct
* pEncrypted: pointer to the input data to be decrypted
* ulEncryptedLen: length of the input data
* pData: pointer to the output data
* pulDataLen: pointer to the length of the output data
* Update: boolean flag indicates caller is kms_decrypt
* or kms_decrypt_update
*
* Description:
* This function calls the corresponding decrypt routine based
* on the mechanism.
*
* Returns:
* CKR_OK: success
* CKR_BUFFER_TOO_SMALL: the output buffer provided by application
* is too small
* CKR_ENCRYPTED_DATA_LEN_RANGE: the input data is not a multiple
* of blocksize
* CKR_FUNCTION_FAILED: decrypt function failed
*/
{
int rc = 0;
if (mechanism == CKM_AES_CTR)
goto do_decryption;
/*
* AES only takes input length that is a multiple of 16 bytes
* for C_Decrypt function with the mechanism CKM_AES_ECB,
* CKM_AES_CBC or CKM_AES_CBC_PAD.
*
* AES allows any input length for C_DecryptUpdate function.
*/
if (!update) {
/*
* Called by C_Decrypt
*/
if ((ulEncryptedLen % AES_BLOCK_LEN) != 0) {
goto cleanup;
}
/*
* If application asks for the length of the output buffer
* to hold the plaintext?
*/
return (CKR_OK);
}
/* Is the application-supplied buffer large enough? */
if (mechanism != CKM_AES_CBC_PAD) {
if (*pulDataLen < ulEncryptedLen) {
return (CKR_BUFFER_TOO_SMALL);
}
} else {
/*
* For CKM_AES_CBC_PAD, we don't know how
* many bytes for padding at this time, so
* we'd assume one block was padded.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
in_buf = pEncrypted;
} else {
/*
* Called by C_DecryptUpdate
*
* Add the lengths of last remaining data and current
* input data together to get the total input length.
*/
/*
* If the total input length is less than one blocksize,
* or if the total input length is just one blocksize and
* the mechanism is CKM_AES_CBC_PAD, we will need to delay
* decryption until when more data comes in next
* C_DecryptUpdate or when C_DecryptFinal is called.
*/
if ((total_len < AES_BLOCK_LEN) ||
((mechanism == CKM_AES_CBC_PAD) &&
(total_len == AES_BLOCK_LEN))) {
/*
* Save input data and its length in
* the remaining buffer of AES context.
*/
}
/* Set output data length to 0. */
*pulDataLen = 0;
return (CKR_OK);
}
/* Compute the length of remaining data. */
/*
* Make sure that the output length is a multiple of
* blocksize.
*/
if (mechanism == CKM_AES_CBC_PAD) {
/*
* If the input data length is a multiple of
* blocksize, then save the last block of input
* data in the remaining buffer. C_DecryptFinal
* will handle this last block of data.
*/
if (remain == 0) {
out_len -= AES_BLOCK_LEN;
}
}
/*
* If application asks for the length of the output buffer
* to hold the plaintext?
*/
*pulDataLen = out_len;
return (CKR_OK);
}
/*
* Is the application-supplied buffer large enough?
*/
if (*pulDataLen < out_len) {
*pulDataLen = out_len;
return (CKR_BUFFER_TOO_SMALL);
}
if (kms_aes_ctx->remain_len != 0) {
/*
* Copy last remaining data and current input data
* to the output buffer.
*/
} else {
in_buf = pEncrypted;
}
}
/*
* Begin Decryption.
*/
switch (mechanism) {
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
{
/* Decrypt multiple blocks of data. */
if (rc != 0)
goto decrypt_failed;
/* Decrypt last block containing pad bytes. */
/* Decrypt last block containing pad bytes. */
if (rc != 0)
goto decrypt_failed;
/*
* Remove padding bytes after decryption of
* ciphertext block to produce the original
* plaintext.
*/
if (rem_len != 0)
} else {
*pulDataLen = 0;
goto cleanup;
}
} else {
*pulDataLen = out_len;
}
if (update) {
/*
* For decrypt update, if there is remaining data,
* save it and its length in the context.
*/
if (remain != 0)
}
if (rc == 0)
break;
*pulDataLen = 0;
goto cleanup;
}
default:
goto cleanup;
} /* end switch */
if (update)
return (CKR_OK);
/*
* The following code will be executed if the caller is
* kms_decrypt() or an error occurred. The decryption
* operation will be terminated so we need to do some cleanup.
*/
}
return (rv);
}
/*
* Allocate and initialize a context for AES CBC mode of operation.
*/
void *
{
return (NULL);
return ((void *)aes_ctx);
}
/*
* kms_encrypt_final()
*
* Arguments:
* session_p: pointer to kms_session_t struct
* pLastEncryptedPart: pointer to the last encrypted data part
* pulLastEncryptedPartLen: pointer to the length of the last
* encrypted data part
*
* Description:
* called by C_EncryptFinal().
*
* Returns:
* CKR_OK: success
* CKR_FUNCTION_FAILED: encrypt final function failed
* CKR_DATA_LEN_RANGE: remaining buffer contains bad length
*/
{
int rc;
*pulLastEncryptedPartLen = 0;
}
if (mechanism == CKM_AES_CBC_PAD) {
/*
* For CKM_AES_CBC_PAD, compute output length with
* padding. If the remaining buffer has one block
* of data, then output length will be two blocksize of
* ciphertext. If the remaining buffer has less than
* one block of data, then output length will be
* one blocksize.
*/
else
if (pLastEncryptedPart == NULL) {
/*
* Application asks for the length of the output
* buffer to hold the ciphertext.
*/
goto clean1;
} else {
/* Copy remaining data to the output buffer. */
/*
* Add padding bytes prior to encrypt final.
*/
/* Encrypt multiple blocks of data. */
if (rc == 0) {
} else {
*pulLastEncryptedPartLen = 0;
}
/* Cleanup memory space. */
}
} else if (mechanism == CKM_AES_CBC) {
/*
* CKM_AES_CBC and CKM_AES_ECB does not do any padding,
* so when the final is called, the remaining buffer
* should not contain any more data.
*/
*pulLastEncryptedPartLen = 0;
if (aes_ctx->remain_len != 0) {
} else {
if (pLastEncryptedPart == NULL)
goto clean1;
}
/* Cleanup memory space. */
} else {
}
return (rv);
}
/*
* kms_decrypt_final()
*
* Arguments:
* session_p: pointer to kms_session_t struct
* pLastPart: pointer to the last recovered data part
* pulLastPartLen: pointer to the length of the last recovered data part
*
* Description:
* called by C_DecryptFinal().
*
* Returns:
* CKR_OK: success
* CKR_FUNCTION_FAILED: decrypt final function failed
* CKR_ENCRYPTED_DATA_LEN_RANGE: remaining buffer contains bad length
*/
{
int rc;
*pulLastPartLen = 0;
goto clean2;
}
switch (mechanism) {
case CKM_AES_CBC_PAD:
{
/*
* We should have only one block of data left in the
* remaining buffer.
*/
*pulLastPartLen = 0;
/* Cleanup memory space. */
goto clean1;
}
/*
* If application asks for the length of the output buffer
* to hold the plaintext?
*/
goto clean2;
} else {
/* Copy remaining data to the output buffer. */
/* Decrypt final block of data. */
if (rc == 0) {
/*
* Remove padding bytes after decryption of
* ciphertext block to produce the original
* plaintext.
*/
*pulLastPartLen = 0;
else
} else {
*pulLastPartLen = 0;
}
/* Cleanup memory space. */
}
break;
}
case CKM_AES_CBC:
{
/*
* CKM_AES_CBC and CKM_AES_ECB does not do any padding,
* so when the final is called, the remaining buffer
* should not contain any more data.
*/
*pulLastPartLen = 0;
if (kms_aes_ctx->remain_len != 0) {
} else {
goto clean2;
}
/* Cleanup memory space. */
break;
}
default:
/* PKCS11: The mechanism only supports single-part operation. */
break;
}
return (rv);
}