2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * Add padding bytes with the value of length of padding. 2N/A * Remove padding bytes. 2N/A /* Make sure there is a valid padding value. */ 2N/A * Allocate context for the active encryption or decryption operation, and 2N/A * generate AES key schedule to speed up the operation. 2N/A /* Called by C_EncryptInit. */ 2N/A /* Called by C_DecryptInit. */ 2N/A * If this is a non-sensitive key and it does NOT have 2N/A * a key schedule yet, then allocate one and expand it. 2N/A * Otherwise, if it's a non-sensitive key, and it DOES have 2N/A * a key schedule already attached to it, just copy the 2N/A * pre-expanded schedule to the context and avoid the 2N/A * extra key schedule expansion operation. 2N/A#
else /* !__sparcv9 */ 2N/A#
endif /* __sparcv9 */ 2N/A * Initialize key schedule for AES. aes_init_keysched() 2N/A * requires key length in bits. 2N/A#
else /* !__sparcv9 */ 2N/A#
endif /* __sparcv9 */ 2N/A * kms_aes_encrypt_common() 2N/A * session_p: pointer to kms_session_t struct 2N/A * pData: pointer to the input data to be encrypted 2N/A * ulDataLen: length of the input data 2N/A * pEncrypted: pointer to the output data after encryption 2N/A * pulEncryptedLen: pointer to the length of the output data 2N/A * update: boolean flag indicates caller is kms_encrypt 2N/A * or kms_encrypt_update 2N/A * This function calls the corresponding encrypt routine based 2N/A * CKR_BUFFER_TOO_SMALL: the output buffer provided by application 2N/A * CKR_FUNCTION_FAILED: encrypt function failed 2N/A * CKR_DATA_LEN_RANGE: the input data is not a multiple of blocksize 2N/A * AES only takes input length that is a multiple of blocksize 2N/A * for C_Encrypt function with the mechanism CKM_AES_ECB or 2N/A * AES allows any input length for C_Encrypt function with the 2N/A * mechanism CKM_AES_CBC_PAD and for C_EncryptUpdate function. 2N/A * Called by C_Encrypt 2N/A * For CKM_AES_CBC_PAD, compute output length to 2N/A * count for the padding. If the length of input 2N/A * data is a multiple of blocksize, then make output 2N/A * length to be the sum of the input length and 2N/A * one blocksize. Otherwise, output length will 2N/A * be rounded up to the next multiple of blocksize. 2N/A * For non-padding mode, the output length will 2N/A * be same as the input length. 2N/A * If application asks for the length of the output buffer 2N/A * to hold the ciphertext? 2N/A /* Is the application-supplied buffer large enough? */ 2N/A /* Encrypt pad bytes in a separate operation */ 2N/A * Called by C_EncryptUpdate 2N/A * Add the lengths of last remaining data and current 2N/A * plaintext together to get the total input length. 2N/A * If the total input length is less than one blocksize, 2N/A * or if the total input length is just one blocksize and 2N/A * the mechanism is CKM_AES_CBC_PAD, we will need to delay 2N/A * encryption until when more data comes in next 2N/A * C_EncryptUpdate or when C_EncryptFinal is called. 2N/A * Save input data and its length in 2N/A * the remaining buffer of AES context. 2N/A /* Set encrypted data length to 0. */ 2N/A /* Compute the length of remaining data. */ 2N/A * Make sure that the output length is a multiple of 2N/A * If application asks for the length of the output buffer 2N/A * to hold the ciphertext? 2N/A /* Is the application-supplied buffer large enough? */ 2N/A * Copy last remaining data and current input data 2N/A * to the output buffer. 2N/A * Begin Encryption now. 2N/A /* Encrypt multiple blocks of data. */ 2N/A * For encrypt update, if there is remaining data, 2N/A * save it and its length in the context. 2N/A * Save the remainder of the input 2N/A * block in a temporary block because 2N/A * we dont want to overrun the buffer 2N/A * by tacking on pad bytes. 2N/A /* Encrypt last block containing pad bytes. */ 2N/A * The following code will be executed if the caller is 2N/A * kms_encrypt() or an error occurred. The encryption 2N/A * operation will be terminated so we need to do some cleanup. 2N/A * kms_aes_decrypt_common() 2N/A * session_p: pointer to kms_session_t struct 2N/A * pEncrypted: pointer to the input data to be decrypted 2N/A * ulEncryptedLen: length of the input data 2N/A * pData: pointer to the output data 2N/A * pulDataLen: pointer to the length of the output data 2N/A * Update: boolean flag indicates caller is kms_decrypt 2N/A * or kms_decrypt_update 2N/A * This function calls the corresponding decrypt routine based 2N/A * CKR_BUFFER_TOO_SMALL: the output buffer provided by application 2N/A * CKR_ENCRYPTED_DATA_LEN_RANGE: the input data is not a multiple 2N/A * CKR_FUNCTION_FAILED: decrypt function failed 2N/A * AES only takes input length that is a multiple of 16 bytes 2N/A * for C_Decrypt function with the mechanism CKM_AES_ECB, 2N/A * CKM_AES_CBC or CKM_AES_CBC_PAD. 2N/A * AES allows any input length for C_DecryptUpdate function. 2N/A * Called by C_Decrypt 2N/A * If application asks for the length of the output buffer 2N/A * to hold the plaintext? 2N/A /* Is the application-supplied buffer large enough? */ 2N/A * For CKM_AES_CBC_PAD, we don't know how 2N/A * many bytes for padding at this time, so 2N/A * we'd assume one block was padded. 2N/A * Called by C_DecryptUpdate 2N/A * Add the lengths of last remaining data and current 2N/A * input data together to get the total input length. 2N/A * If the total input length is less than one blocksize, 2N/A * or if the total input length is just one blocksize and 2N/A * the mechanism is CKM_AES_CBC_PAD, we will need to delay 2N/A * decryption until when more data comes in next 2N/A * C_DecryptUpdate or when C_DecryptFinal is called. 2N/A * Save input data and its length in 2N/A * the remaining buffer of AES context. 2N/A /* Set output data length to 0. */ 2N/A /* Compute the length of remaining data. */ 2N/A * Make sure that the output length is a multiple of 2N/A * If the input data length is a multiple of 2N/A * blocksize, then save the last block of input 2N/A * data in the remaining buffer. C_DecryptFinal 2N/A * will handle this last block of data. 2N/A * If application asks for the length of the output buffer 2N/A * to hold the plaintext? 2N/A * Is the application-supplied buffer large enough? 2N/A * Copy last remaining data and current input data 2N/A * to the output buffer. 2N/A /* Decrypt multiple blocks of data. */ 2N/A /* Decrypt last block containing pad bytes. */ 2N/A /* Decrypt last block containing pad bytes. */ 2N/A * Remove padding bytes after decryption of 2N/A * ciphertext block to produce the original 2N/A * For decrypt update, if there is remaining data, 2N/A * save it and its length in the context. 2N/A * The following code will be executed if the caller is 2N/A * kms_decrypt() or an error occurred. The decryption 2N/A * operation will be terminated so we need to do some cleanup. 2N/A * Allocate and initialize a context for AES CBC mode of operation. 2N/A * kms_encrypt_final() 2N/A * session_p: pointer to kms_session_t struct 2N/A * pLastEncryptedPart: pointer to the last encrypted data part 2N/A * pulLastEncryptedPartLen: pointer to the length of the last 2N/A * encrypted data part 2N/A * called by C_EncryptFinal(). 2N/A * CKR_FUNCTION_FAILED: encrypt final function failed 2N/A * CKR_DATA_LEN_RANGE: remaining buffer contains bad length 2N/A * For CKM_AES_CBC_PAD, compute output length with 2N/A * padding. If the remaining buffer has one block 2N/A * of data, then output length will be two blocksize of 2N/A * ciphertext. If the remaining buffer has less than 2N/A * one block of data, then output length will be 2N/A * Application asks for the length of the output 2N/A * buffer to hold the ciphertext. 2N/A /* Copy remaining data to the output buffer. */ 2N/A * Add padding bytes prior to encrypt final. 2N/A /* Encrypt multiple blocks of data. */ 2N/A /* Cleanup memory space. */ 2N/A * CKM_AES_CBC and CKM_AES_ECB does not do any padding, 2N/A * so when the final is called, the remaining buffer 2N/A * should not contain any more data. 2N/A /* Cleanup memory space. */ 2N/A * kms_decrypt_final() 2N/A * session_p: pointer to kms_session_t struct 2N/A * pLastPart: pointer to the last recovered data part 2N/A * pulLastPartLen: pointer to the length of the last recovered data part 2N/A * called by C_DecryptFinal(). 2N/A * CKR_FUNCTION_FAILED: decrypt final function failed 2N/A * CKR_ENCRYPTED_DATA_LEN_RANGE: remaining buffer contains bad length 2N/A * We should have only one block of data left in the 2N/A /* Cleanup memory space. */ 2N/A * If application asks for the length of the output buffer 2N/A * to hold the plaintext? 2N/A /* Copy remaining data to the output buffer. */ 2N/A /* Decrypt final block of data. */ 2N/A * Remove padding bytes after decryption of 2N/A * ciphertext block to produce the original 2N/A /* Cleanup memory space. */ 2N/A * CKM_AES_CBC and CKM_AES_ECB does not do any padding, 2N/A * so when the final is called, the remaining buffer 2N/A * should not contain any more data. 2N/A /* Cleanup memory space. */ 2N/A /* PKCS11: The mechanism only supports single-part operation. */