4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 2013 Saso Kiselkov. All rights reserved.
26 #include <sys/modctl.h>
27 #include <sys/crypto/common.h>
28 #include <sys/crypto/icp.h>
29 #include <sys/crypto/spi.h>
30 #include <sys/sysmacros.h>
31 #define SKEIN_MODULE_IMPL
32 #include <sys/skein.h>
35 * Like the sha2 module, we create the skein module with two modlinkages:
36 * - modlmisc to allow direct calls to Skein_* API functions.
37 * - modlcrypto to integrate well into the Kernel Crypto Framework (KCF).
39 static struct modlmisc modlmisc = {
41 "Skein Message-Digest Algorithm"
44 static struct modlcrypto modlcrypto = {
46 "Skein Kernel SW Provider"
49 static struct modlinkage modlinkage = {
50 MODREV_1, {&modlmisc, &modlcrypto, NULL}
53 static crypto_mech_info_t skein_mech_info_tab[] = {
54 {CKM_SKEIN_256, SKEIN_256_MECH_INFO_TYPE,
55 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
56 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
57 {CKM_SKEIN_256_MAC, SKEIN_256_MAC_MECH_INFO_TYPE,
58 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX,
59 CRYPTO_KEYSIZE_UNIT_IN_BYTES},
60 {CKM_SKEIN_512, SKEIN_512_MECH_INFO_TYPE,
61 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
62 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
63 {CKM_SKEIN_512_MAC, SKEIN_512_MAC_MECH_INFO_TYPE,
64 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX,
65 CRYPTO_KEYSIZE_UNIT_IN_BYTES},
66 {CKM_SKEIN1024, SKEIN1024_MECH_INFO_TYPE,
67 CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
68 0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
69 {CKM_SKEIN1024_MAC, SKEIN1024_MAC_MECH_INFO_TYPE,
70 CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, 1, INT_MAX,
71 CRYPTO_KEYSIZE_UNIT_IN_BYTES}
74 static void skein_provider_status(crypto_provider_handle_t, uint_t *);
76 static crypto_control_ops_t skein_control_ops = {
80 static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
82 static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
84 static int skein_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
85 static int skein_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
86 static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
87 crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
90 static crypto_digest_ops_t skein_digest_ops = {
91 .digest_init = skein_digest_init,
92 .digest = skein_digest,
93 .digest_update = skein_update,
95 .digest_final = skein_final,
96 .digest_atomic = skein_digest_atomic
99 static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
100 crypto_spi_ctx_template_t, crypto_req_handle_t);
101 static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
102 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
103 crypto_spi_ctx_template_t, crypto_req_handle_t);
105 static crypto_mac_ops_t skein_mac_ops = {
106 .mac_init = skein_mac_init,
108 .mac_update = skein_update, /* using regular digest update is OK here */
109 .mac_final = skein_final, /* using regular digest final is OK here */
110 .mac_atomic = skein_mac_atomic,
111 .mac_verify_atomic = NULL
114 static int skein_create_ctx_template(crypto_provider_handle_t,
115 crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
116 size_t *, crypto_req_handle_t);
117 static int skein_free_context(crypto_ctx_t *);
119 static crypto_ctx_ops_t skein_ctx_ops = {
120 .create_ctx_template = skein_create_ctx_template,
121 .free_context = skein_free_context
124 static crypto_ops_t skein_crypto_ops = {{{{{
141 static crypto_provider_info_t skein_prov_info = {{{{
142 CRYPTO_SPI_VERSION_1,
143 "Skein Software Provider",
147 sizeof (skein_mech_info_tab) / sizeof (crypto_mech_info_t),
151 static crypto_kcf_provider_handle_t skein_prov_handle = 0;
153 typedef struct skein_ctx {
154 skein_mech_type_t sc_mech_type;
155 size_t sc_digest_bitlen;
156 /*LINTED(E_ANONYMOUS_UNION_DECL)*/
158 Skein_256_Ctxt_t sc_256;
159 Skein_512_Ctxt_t sc_512;
160 Skein1024_Ctxt_t sc_1024;
163 #define SKEIN_CTX(_ctx_) ((skein_ctx_t *)((_ctx_)->cc_provider_private))
164 #define SKEIN_CTX_LVALUE(_ctx_) (_ctx_)->cc_provider_private
165 #define SKEIN_OP(_skein_ctx, _op, ...) \
167 skein_ctx_t *sc = (_skein_ctx); \
168 switch (sc->sc_mech_type) { \
169 case SKEIN_256_MECH_INFO_TYPE: \
170 case SKEIN_256_MAC_MECH_INFO_TYPE: \
171 (void) Skein_256_ ## _op(&sc->sc_256, __VA_ARGS__);\
173 case SKEIN_512_MECH_INFO_TYPE: \
174 case SKEIN_512_MAC_MECH_INFO_TYPE: \
175 (void) Skein_512_ ## _op(&sc->sc_512, __VA_ARGS__);\
177 case SKEIN1024_MECH_INFO_TYPE: \
178 case SKEIN1024_MAC_MECH_INFO_TYPE: \
179 (void) Skein1024_ ## _op(&sc->sc_1024, __VA_ARGS__);\
186 skein_get_digest_bitlen(const crypto_mechanism_t *mechanism, size_t *result)
188 if (mechanism->cm_param != NULL) {
189 /*LINTED(E_BAD_PTR_CAST_ALIGN)*/
190 skein_param_t *param = (skein_param_t *)mechanism->cm_param;
192 if (mechanism->cm_param_len != sizeof (*param) ||
193 param->sp_digest_bitlen == 0) {
194 return (CRYPTO_MECHANISM_PARAM_INVALID);
196 *result = param->sp_digest_bitlen;
198 switch (mechanism->cm_type) {
199 case SKEIN_256_MECH_INFO_TYPE:
202 case SKEIN_512_MECH_INFO_TYPE:
205 case SKEIN1024_MECH_INFO_TYPE:
209 return (CRYPTO_MECHANISM_INVALID);
212 return (CRYPTO_SUCCESS);
220 if ((error = mod_install(&modlinkage)) != 0)
224 * Try to register with KCF - failure shouldn't unload us, since we
225 * still may want to continue providing misc/skein functionality.
227 (void) crypto_register_provider(&skein_prov_info, &skein_prov_handle);
237 if (skein_prov_handle != 0) {
238 if ((ret = crypto_unregister_provider(skein_prov_handle)) !=
241 "skein _fini: crypto_unregister_provider() "
242 "failed (0x%x)", ret);
245 skein_prov_handle = 0;
248 return (mod_remove(&modlinkage));
252 * KCF software provider control entry points.
256 skein_provider_status(crypto_provider_handle_t provider, uint_t *status)
258 *status = CRYPTO_PROVIDER_READY;
262 * General Skein hashing helper functions.
266 * Performs an Update on a context with uio input data.
269 skein_digest_update_uio(skein_ctx_t *ctx, const crypto_data_t *data)
271 off_t offset = data->cd_offset;
272 size_t length = data->cd_length;
275 uio_t *uio = data->cd_uio;
277 /* we support only kernel buffer */
278 if (uio_segflg(uio) != UIO_SYSSPACE)
279 return (CRYPTO_ARGUMENTS_BAD);
282 * Jump to the first iovec containing data to be
285 offset = uio_index_at_offset(uio, offset, &vec_idx);
286 if (vec_idx == uio_iovcnt(uio)) {
288 * The caller specified an offset that is larger than the
289 * total size of the buffers it provided.
291 return (CRYPTO_DATA_LEN_RANGE);
295 * Now do the digesting on the iovecs.
297 while (vec_idx < uio_iovcnt(uio) && length > 0) {
298 cur_len = MIN(uio_iovlen(uio, vec_idx) - offset, length);
299 SKEIN_OP(ctx, Update, (uint8_t *)uio_iovbase(uio, vec_idx)
306 if (vec_idx == uio_iovcnt(uio) && length > 0) {
308 * The end of the specified iovec's was reached but
309 * the length requested could not be processed, i.e.
310 * The caller requested to digest more data than it provided.
312 return (CRYPTO_DATA_LEN_RANGE);
315 return (CRYPTO_SUCCESS);
319 * Performs a Final on a context and writes to a uio digest output.
322 skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
323 crypto_req_handle_t req)
325 off_t offset = digest->cd_offset;
327 uio_t *uio = digest->cd_uio;
329 /* we support only kernel buffer */
330 if (uio_segflg(uio) != UIO_SYSSPACE)
331 return (CRYPTO_ARGUMENTS_BAD);
334 * Jump to the first iovec containing ptr to the digest to be returned.
336 offset = uio_index_at_offset(uio, offset, &vec_idx);
337 if (vec_idx == uio_iovcnt(uio)) {
339 * The caller specified an offset that is larger than the
340 * total size of the buffers it provided.
342 return (CRYPTO_DATA_LEN_RANGE);
344 if (offset + CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen) <=
345 uio_iovlen(uio, vec_idx)) {
346 /* The computed digest will fit in the current iovec. */
348 (uchar_t *)uio_iovbase(uio, vec_idx) + offset);
351 off_t scratch_offset = 0;
352 size_t length = CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen);
355 digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES(
356 ctx->sc_digest_bitlen), crypto_kmflag(req));
357 if (digest_tmp == NULL)
358 return (CRYPTO_HOST_MEMORY);
359 SKEIN_OP(ctx, Final, digest_tmp);
360 while (vec_idx < uio_iovcnt(uio) && length > 0) {
361 cur_len = MIN(uio_iovlen(uio, vec_idx) - offset,
363 bcopy(digest_tmp + scratch_offset,
364 uio_iovbase(uio, vec_idx) + offset, cur_len);
368 scratch_offset += cur_len;
371 kmem_free(digest_tmp, CRYPTO_BITS2BYTES(ctx->sc_digest_bitlen));
373 if (vec_idx == uio_iovcnt(uio) && length > 0) {
375 * The end of the specified iovec's was reached but
376 * the length requested could not be processed, i.e.
377 * The caller requested to digest more data than it
380 return (CRYPTO_DATA_LEN_RANGE);
384 return (CRYPTO_SUCCESS);
388 * KCF software provider digest entry points.
392 * Initializes a skein digest context to the configuration in `mechanism'.
393 * The mechanism cm_type must be one of SKEIN_*_MECH_INFO_TYPE. The cm_param
394 * field may contain a skein_param_t structure indicating the length of the
395 * digest the algorithm should produce. Otherwise the default output lengths
396 * are applied (32 bytes for Skein-256, 64 bytes for Skein-512 and 128 bytes
400 skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
401 crypto_req_handle_t req)
403 int error = CRYPTO_SUCCESS;
405 if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type))
406 return (CRYPTO_MECHANISM_INVALID);
408 SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
410 if (SKEIN_CTX(ctx) == NULL)
411 return (CRYPTO_HOST_MEMORY);
413 SKEIN_CTX(ctx)->sc_mech_type = mechanism->cm_type;
414 error = skein_get_digest_bitlen(mechanism,
415 &SKEIN_CTX(ctx)->sc_digest_bitlen);
416 if (error != CRYPTO_SUCCESS)
418 SKEIN_OP(SKEIN_CTX(ctx), Init, SKEIN_CTX(ctx)->sc_digest_bitlen);
420 return (CRYPTO_SUCCESS);
422 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
423 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
424 SKEIN_CTX_LVALUE(ctx) = NULL;
429 * Executes a skein_update and skein_digest on a pre-initialized crypto
430 * context in a single step. See the documentation to these functions to
431 * see what to pass here.
434 skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
435 crypto_req_handle_t req)
437 int error = CRYPTO_SUCCESS;
439 ASSERT(SKEIN_CTX(ctx) != NULL);
441 if (digest->cd_length <
442 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) {
444 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen);
445 return (CRYPTO_BUFFER_TOO_SMALL);
448 error = skein_update(ctx, data, req);
449 if (error != CRYPTO_SUCCESS) {
450 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
451 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
452 SKEIN_CTX_LVALUE(ctx) = NULL;
453 digest->cd_length = 0;
456 error = skein_final(ctx, digest, req);
462 * Performs a skein Update with the input message in `data' (successive calls
463 * can push more data). This is used both for digest and MAC operation.
464 * Supported input data formats are raw, uio and mblk.
468 skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
470 int error = CRYPTO_SUCCESS;
472 ASSERT(SKEIN_CTX(ctx) != NULL);
474 switch (data->cd_format) {
475 case CRYPTO_DATA_RAW:
476 SKEIN_OP(SKEIN_CTX(ctx), Update,
477 (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
480 case CRYPTO_DATA_UIO:
481 error = skein_digest_update_uio(SKEIN_CTX(ctx), data);
484 error = CRYPTO_ARGUMENTS_BAD;
491 * Performs a skein Final, writing the output to `digest'. This is used both
492 * for digest and MAC operation.
493 * Supported output digest formats are raw, uio and mblk.
497 skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
499 int error = CRYPTO_SUCCESS;
501 ASSERT(SKEIN_CTX(ctx) != NULL);
503 if (digest->cd_length <
504 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen)) {
506 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen);
507 return (CRYPTO_BUFFER_TOO_SMALL);
510 switch (digest->cd_format) {
511 case CRYPTO_DATA_RAW:
512 SKEIN_OP(SKEIN_CTX(ctx), Final,
513 (uint8_t *)digest->cd_raw.iov_base + digest->cd_offset);
515 case CRYPTO_DATA_UIO:
516 error = skein_digest_final_uio(SKEIN_CTX(ctx), digest, req);
519 error = CRYPTO_ARGUMENTS_BAD;
522 if (error == CRYPTO_SUCCESS)
524 CRYPTO_BITS2BYTES(SKEIN_CTX(ctx)->sc_digest_bitlen);
526 digest->cd_length = 0;
528 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
529 kmem_free(SKEIN_CTX(ctx), sizeof (*(SKEIN_CTX(ctx))));
530 SKEIN_CTX_LVALUE(ctx) = NULL;
536 * Performs a full skein digest computation in a single call, configuring the
537 * algorithm according to `mechanism', reading the input to be digested from
538 * `data' and writing the output to `digest'.
539 * Supported input/output formats are raw, uio and mblk.
543 skein_digest_atomic(crypto_provider_handle_t provider,
544 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
545 crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req)
548 skein_ctx_t skein_ctx;
550 SKEIN_CTX_LVALUE(&ctx) = &skein_ctx;
553 if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type))
554 return (CRYPTO_MECHANISM_INVALID);
555 skein_ctx.sc_mech_type = mechanism->cm_type;
556 error = skein_get_digest_bitlen(mechanism, &skein_ctx.sc_digest_bitlen);
557 if (error != CRYPTO_SUCCESS)
559 SKEIN_OP(&skein_ctx, Init, skein_ctx.sc_digest_bitlen);
561 if ((error = skein_update(&ctx, data, digest)) != CRYPTO_SUCCESS)
563 if ((error = skein_final(&ctx, data, digest)) != CRYPTO_SUCCESS)
567 if (error == CRYPTO_SUCCESS)
569 CRYPTO_BITS2BYTES(skein_ctx.sc_digest_bitlen);
571 digest->cd_length = 0;
572 bzero(&skein_ctx, sizeof (skein_ctx));
578 * Helper function that builds a Skein MAC context from the provided
582 skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
587 if (!VALID_SKEIN_MAC_MECH(mechanism->cm_type))
588 return (CRYPTO_MECHANISM_INVALID);
589 if (key->ck_format != CRYPTO_KEY_RAW)
590 return (CRYPTO_ARGUMENTS_BAD);
591 ctx->sc_mech_type = mechanism->cm_type;
592 error = skein_get_digest_bitlen(mechanism, &ctx->sc_digest_bitlen);
593 if (error != CRYPTO_SUCCESS)
595 SKEIN_OP(ctx, InitExt, ctx->sc_digest_bitlen, 0, key->ck_data,
596 CRYPTO_BITS2BYTES(key->ck_length));
598 return (CRYPTO_SUCCESS);
602 * KCF software provide mac entry points.
605 * Initializes a skein MAC context. You may pass a ctx_template, in which
606 * case the template will be reused to make initialization more efficient.
607 * Otherwise a new context will be constructed. The mechanism cm_type must
608 * be one of SKEIN_*_MAC_MECH_INFO_TYPE. Same as in skein_digest_init, you
609 * may pass a skein_param_t in cm_param to configure the length of the
610 * digest. The key must be in raw format.
613 skein_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
614 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
615 crypto_req_handle_t req)
619 SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
621 if (SKEIN_CTX(ctx) == NULL)
622 return (CRYPTO_HOST_MEMORY);
624 if (ctx_template != NULL) {
625 bcopy(ctx_template, SKEIN_CTX(ctx),
626 sizeof (*SKEIN_CTX(ctx)));
628 error = skein_mac_ctx_build(SKEIN_CTX(ctx), mechanism, key);
629 if (error != CRYPTO_SUCCESS)
633 return (CRYPTO_SUCCESS);
635 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
636 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
641 * The MAC update and final calls are reused from the regular digest code.
646 * Same as skein_digest_atomic, performs an atomic Skein MAC operation in
647 * one step. All the same properties apply to the arguments of this
648 * function as to those of the partial operations above.
651 skein_mac_atomic(crypto_provider_handle_t provider,
652 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
653 crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
654 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
656 /* faux crypto context just for skein_digest_{update,final} */
659 skein_ctx_t skein_ctx;
660 SKEIN_CTX_LVALUE(&ctx) = &skein_ctx;
662 if (ctx_template != NULL) {
663 bcopy(ctx_template, &skein_ctx, sizeof (skein_ctx));
665 error = skein_mac_ctx_build(&skein_ctx, mechanism, key);
666 if (error != CRYPTO_SUCCESS)
670 if ((error = skein_update(&ctx, data, req)) != CRYPTO_SUCCESS)
672 if ((error = skein_final(&ctx, mac, req)) != CRYPTO_SUCCESS)
675 return (CRYPTO_SUCCESS);
677 bzero(&skein_ctx, sizeof (skein_ctx));
682 * KCF software provider context management entry points.
686 * Constructs a context template for the Skein MAC algorithm. The same
687 * properties apply to the arguments of this function as to those of
692 skein_create_ctx_template(crypto_provider_handle_t provider,
693 crypto_mechanism_t *mechanism, crypto_key_t *key,
694 crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
695 crypto_req_handle_t req)
698 skein_ctx_t *ctx_tmpl;
700 ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), crypto_kmflag(req));
701 if (ctx_tmpl == NULL)
702 return (CRYPTO_HOST_MEMORY);
703 error = skein_mac_ctx_build(ctx_tmpl, mechanism, key);
704 if (error != CRYPTO_SUCCESS)
706 *ctx_template = ctx_tmpl;
707 *ctx_template_size = sizeof (*ctx_tmpl);
709 return (CRYPTO_SUCCESS);
711 bzero(ctx_tmpl, sizeof (*ctx_tmpl));
712 kmem_free(ctx_tmpl, sizeof (*ctx_tmpl));
717 * Frees a skein context in a parent crypto context.
720 skein_free_context(crypto_ctx_t *ctx)
722 if (SKEIN_CTX(ctx) != NULL) {
723 bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
724 kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
725 SKEIN_CTX_LVALUE(ctx) = NULL;
728 return (CRYPTO_SUCCESS);