module/icp/include/modes/modes.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or https://opensource.org/licenses/CDDL-1.0.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #ifndef _COMMON_CRYPTO_MODES_H
  27 #define _COMMON_CRYPTO_MODES_H
  28
  29 #ifdef  __cplusplus
  30 extern "C" {
  31 #endif
  32
  33 #include <sys/zfs_context.h>
  34 #include <sys/crypto/common.h>
  35 #include <sys/crypto/impl.h>
  36
  37 /*
  38  * Does the build chain support all instructions needed for the GCM assembler
  39  * routines. AVX support should imply AES-NI and PCLMULQDQ, but make sure
  40  * anyhow.
  41  */
  42 #if defined(__x86_64__) && defined(HAVE_AVX) && \
  43     defined(HAVE_AES) && defined(HAVE_PCLMULQDQ)
  44 #define CAN_USE_GCM_ASM
  45 extern boolean_t gcm_avx_can_use_movbe;
  46 #endif
  47
  48 #define CCM_MODE                        0x00000010
  49 #define GCM_MODE                        0x00000020
  50
  51 /*
  52  * cc_keysched:         Pointer to key schedule.
  53  *
  54  * cc_keysched_len:     Length of the key schedule.
  55  *
  56  * cc_remainder:        This is for residual data, i.e. data that can't
  57  *                      be processed because there are too few bytes.
  58  *                      Must wait until more data arrives.
  59  *
  60  * cc_remainder_len:    Number of bytes in cc_remainder.
  61  *
  62  * cc_iv:               Scratch buffer that sometimes contains the IV.
  63  *
  64  * cc_lastp:            Pointer to previous block of ciphertext.
  65  *
  66  * cc_copy_to:          Pointer to where encrypted residual data needs
  67  *                      to be copied.
  68  *
  69  * cc_flags:            PROVIDER_OWNS_KEY_SCHEDULE
  70  *                      When a context is freed, it is necessary
  71  *                      to know whether the key schedule was allocated
  72  *                      by the caller, or internally, e.g. an init routine.
  73  *                      If allocated by the latter, then it needs to be freed.
  74  *
  75  *                      CCM_MODE
  76  */
  77 struct common_ctx {
  78         void *cc_keysched;
  79         size_t cc_keysched_len;
  80         uint64_t cc_iv[2];
  81         uint64_t cc_remainder[2];
  82         size_t cc_remainder_len;
  83         uint8_t *cc_lastp;
  84         uint8_t *cc_copy_to;
  85         uint32_t cc_flags;
  86 };
  87
  88 typedef struct common_ctx common_ctx_t;
  89
  90 /*
  91  *
  92  * ccm_mac_len:         Stores length of the MAC in CCM mode.
  93  * ccm_mac_buf:         Stores the intermediate value for MAC in CCM encrypt.
  94  *                      In CCM decrypt, stores the input MAC value.
  95  * ccm_data_len:        Length of the plaintext for CCM mode encrypt, or
  96  *                      length of the ciphertext for CCM mode decrypt.
  97  * ccm_processed_data_len:
  98  *                      Length of processed plaintext in CCM mode encrypt,
  99  *                      or length of processed ciphertext for CCM mode decrypt.
 100  * ccm_processed_mac_len:
 101  *                      Length of MAC data accumulated in CCM mode decrypt.
 102  *
 103  * ccm_pt_buf:          Only used in CCM mode decrypt.  It stores the
 104  *                      decrypted plaintext to be returned when
 105  *                      MAC verification succeeds in decrypt_final.
 106  *                      Memory for this should be allocated in the AES module.
 107  *
 108  */
 109 typedef struct ccm_ctx {
 110         struct common_ctx ccm_common;
 111         uint32_t ccm_tmp[4];
 112         size_t ccm_mac_len;
 113         uint64_t ccm_mac_buf[2];
 114         size_t ccm_data_len;
 115         size_t ccm_processed_data_len;
 116         size_t ccm_processed_mac_len;
 117         uint8_t *ccm_pt_buf;
 118         uint64_t ccm_mac_input_buf[2];
 119         uint64_t ccm_counter_mask;
 120 } ccm_ctx_t;
 121
 122 #define ccm_keysched            ccm_common.cc_keysched
 123 #define ccm_keysched_len        ccm_common.cc_keysched_len
 124 #define ccm_cb                  ccm_common.cc_iv
 125 #define ccm_remainder           ccm_common.cc_remainder
 126 #define ccm_remainder_len       ccm_common.cc_remainder_len
 127 #define ccm_lastp               ccm_common.cc_lastp
 128 #define ccm_copy_to             ccm_common.cc_copy_to
 129 #define ccm_flags               ccm_common.cc_flags
 130
 131 /*
 132  * gcm_tag_len:         Length of authentication tag.
 133  *
 134  * gcm_ghash:           Stores output from the GHASH function.
 135  *
 136  * gcm_processed_data_len:
 137  *                      Length of processed plaintext (encrypt) or
 138  *                      length of processed ciphertext (decrypt).
 139  *
 140  * gcm_pt_buf:          Stores the decrypted plaintext returned by
 141  *                      decrypt_final when the computed authentication
 142  *                      tag matches the user supplied tag.
 143  *
 144  * gcm_pt_buf_len:      Length of the plaintext buffer.
 145  *
 146  * gcm_H:               Subkey.
 147  *
 148  * gcm_Htable:          Pre-computed and pre-shifted H, H^2, ... H^6 for the
 149  *                      Karatsuba Algorithm in host byte order.
 150  *
 151  * gcm_J0:              Pre-counter block generated from the IV.
 152  *
 153  * gcm_len_a_len_c:     64-bit representations of the bit lengths of
 154  *                      AAD and ciphertext.
 155  */
 156 typedef struct gcm_ctx {
 157         struct common_ctx gcm_common;
 158         size_t gcm_tag_len;
 159         size_t gcm_processed_data_len;
 160         size_t gcm_pt_buf_len;
 161         uint32_t gcm_tmp[4];
 162         /*
 163          * The offset of gcm_Htable relative to gcm_ghash, (32), is hard coded
 164          * in aesni-gcm-x86_64.S, so please don't change (or adjust there).
 165          */
 166         uint64_t gcm_ghash[2];
 167         uint64_t gcm_H[2];
 168 #ifdef CAN_USE_GCM_ASM
 169         uint64_t *gcm_Htable;
 170         size_t gcm_htab_len;
 171 #endif
 172         uint64_t gcm_J0[2];
 173         uint64_t gcm_len_a_len_c[2];
 174         uint8_t *gcm_pt_buf;
 175 #ifdef CAN_USE_GCM_ASM
 176         boolean_t gcm_use_avx;
 177 #endif
 178 } gcm_ctx_t;
 179
 180 #define gcm_keysched            gcm_common.cc_keysched
 181 #define gcm_keysched_len        gcm_common.cc_keysched_len
 182 #define gcm_cb                  gcm_common.cc_iv
 183 #define gcm_remainder           gcm_common.cc_remainder
 184 #define gcm_remainder_len       gcm_common.cc_remainder_len
 185 #define gcm_lastp               gcm_common.cc_lastp
 186 #define gcm_copy_to             gcm_common.cc_copy_to
 187 #define gcm_flags               gcm_common.cc_flags
 188
 189 void gcm_clear_ctx(gcm_ctx_t *ctx);
 190
 191 typedef struct aes_ctx {
 192         union {
 193                 ccm_ctx_t acu_ccm;
 194                 gcm_ctx_t acu_gcm;
 195         } acu;
 196 } aes_ctx_t;
 197
 198 #define ac_flags                acu.acu_ccm.ccm_common.cc_flags
 199 #define ac_remainder_len        acu.acu_ccm.ccm_common.cc_remainder_len
 200 #define ac_keysched             acu.acu_ccm.ccm_common.cc_keysched
 201 #define ac_keysched_len         acu.acu_ccm.ccm_common.cc_keysched_len
 202 #define ac_iv                   acu.acu_ccm.ccm_common.cc_iv
 203 #define ac_lastp                acu.acu_ccm.ccm_common.cc_lastp
 204 #define ac_pt_buf               acu.acu_ccm.ccm_pt_buf
 205 #define ac_mac_len              acu.acu_ccm.ccm_mac_len
 206 #define ac_data_len             acu.acu_ccm.ccm_data_len
 207 #define ac_processed_mac_len    acu.acu_ccm.ccm_processed_mac_len
 208 #define ac_processed_data_len   acu.acu_ccm.ccm_processed_data_len
 209 #define ac_tag_len              acu.acu_gcm.gcm_tag_len
 210
 211 extern int ccm_mode_encrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
 212     crypto_data_t *, size_t,
 213     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 214     void (*copy_block)(uint8_t *, uint8_t *),
 215     void (*xor_block)(uint8_t *, uint8_t *));
 216
 217 extern int ccm_mode_decrypt_contiguous_blocks(ccm_ctx_t *, char *, size_t,
 218     crypto_data_t *, size_t,
 219     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 220     void (*copy_block)(uint8_t *, uint8_t *),
 221     void (*xor_block)(uint8_t *, uint8_t *));
 222
 223 extern int gcm_mode_encrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
 224     crypto_data_t *, size_t,
 225     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 226     void (*copy_block)(uint8_t *, uint8_t *),
 227     void (*xor_block)(uint8_t *, uint8_t *));
 228
 229 extern int gcm_mode_decrypt_contiguous_blocks(gcm_ctx_t *, char *, size_t,
 230     crypto_data_t *, size_t,
 231     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 232     void (*copy_block)(uint8_t *, uint8_t *),
 233     void (*xor_block)(uint8_t *, uint8_t *));
 234
 235 int ccm_encrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
 236     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 237     void (*xor_block)(uint8_t *, uint8_t *));
 238
 239 int gcm_encrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
 240     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 241     void (*copy_block)(uint8_t *, uint8_t *),
 242     void (*xor_block)(uint8_t *, uint8_t *));
 243
 244 extern int ccm_decrypt_final(ccm_ctx_t *, crypto_data_t *, size_t,
 245     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 246     void (*copy_block)(uint8_t *, uint8_t *),
 247     void (*xor_block)(uint8_t *, uint8_t *));
 248
 249 extern int gcm_decrypt_final(gcm_ctx_t *, crypto_data_t *, size_t,
 250     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 251     void (*xor_block)(uint8_t *, uint8_t *));
 252
 253 extern int ccm_init_ctx(ccm_ctx_t *, char *, int, boolean_t, size_t,
 254     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 255     void (*xor_block)(uint8_t *, uint8_t *));
 256
 257 extern int gcm_init_ctx(gcm_ctx_t *, char *, size_t,
 258     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *),
 259     void (*copy_block)(uint8_t *, uint8_t *),
 260     void (*xor_block)(uint8_t *, uint8_t *));
 261
 262 extern void calculate_ccm_mac(ccm_ctx_t *, uint8_t *,
 263     int (*encrypt_block)(const void *, const uint8_t *, uint8_t *));
 264
 265 extern void gcm_mul(uint64_t *, uint64_t *, uint64_t *);
 266
 267 extern void crypto_init_ptrs(crypto_data_t *, void **, offset_t *);
 268 extern void crypto_get_ptrs(crypto_data_t *, void **, offset_t *,
 269     uint8_t **, size_t *, uint8_t **, size_t);
 270
 271 extern void *ccm_alloc_ctx(int);
 272 extern void *gcm_alloc_ctx(int);
 273 extern void crypto_free_mode_ctx(void *);
 274
 275 #ifdef  __cplusplus
 276 }
 277 #endif
 278
 279 #endif  /* _COMMON_CRYPTO_MODES_H */