aboutsummaryrefslogtreecommitdiffstats
path: root/module/icp/io/aes.c
diff options
context:
space:
mode:
Diffstat (limited to 'module/icp/io/aes.c')
-rw-r--r--module/icp/io/aes.c107
1 files changed, 43 insertions, 64 deletions
diff --git a/module/icp/io/aes.c b/module/icp/io/aes.c
index ad8a15a72..034cf4d07 100644
--- a/module/icp/io/aes.c
+++ b/module/icp/io/aes.c
@@ -74,33 +74,29 @@ static const crypto_mech_info_t aes_mech_info_tab[] = {
};
static int aes_encrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+ crypto_key_t *, crypto_spi_ctx_template_t);
static int aes_decrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+ crypto_key_t *, crypto_spi_ctx_template_t);
static int aes_common_init(crypto_ctx_t *, crypto_mechanism_t *,
- crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t, boolean_t);
+ crypto_key_t *, crypto_spi_ctx_template_t, boolean_t);
static int aes_common_init_ctx(aes_ctx_t *, crypto_spi_ctx_template_t *,
crypto_mechanism_t *, crypto_key_t *, int, boolean_t);
-static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *,
- crypto_req_handle_t);
-static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *,
- crypto_req_handle_t);
+static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *);
+static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *);
-static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
- crypto_req_handle_t);
+static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *,
- crypto_data_t *, crypto_req_handle_t);
+ crypto_data_t *);
static int aes_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
- crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+ crypto_data_t *, crypto_spi_ctx_template_t);
-static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
- crypto_req_handle_t);
+static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *,
- crypto_data_t *, crypto_req_handle_t);
+ crypto_data_t *);
static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
- crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+ crypto_data_t *, crypto_spi_ctx_template_t);
static const crypto_cipher_ops_t aes_cipher_ops = {
.encrypt_init = aes_encrypt_init,
@@ -117,10 +113,10 @@ static const crypto_cipher_ops_t aes_cipher_ops = {
static int aes_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
+ crypto_spi_ctx_template_t);
static int aes_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
- crypto_spi_ctx_template_t, crypto_req_handle_t);
+ crypto_spi_ctx_template_t);
static const crypto_mac_ops_t aes_mac_ops = {
.mac_init = NULL,
@@ -133,7 +129,7 @@ static const crypto_mac_ops_t aes_mac_ops = {
static int aes_create_ctx_template(crypto_provider_handle_t,
crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
- size_t *, crypto_req_handle_t);
+ size_t *);
static int aes_free_context(crypto_ctx_t *);
static const crypto_ctx_ops_t aes_ctx_ops = {
@@ -188,7 +184,7 @@ aes_mod_fini(void)
}
static int
-aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
+aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx)
{
void *p = NULL;
boolean_t param_required = B_TRUE;
@@ -230,7 +226,7 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
rv = CRYPTO_MECHANISM_PARAM_INVALID;
}
if (ctx != NULL) {
- p = (alloc_fun)(kmflag);
+ p = (alloc_fun)(KM_SLEEP);
*ctx = p;
}
return (rv);
@@ -257,18 +253,16 @@ init_keysched(crypto_key_t *key, void *newbie)
static int
aes_encrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
- crypto_key_t *key, crypto_spi_ctx_template_t template,
- crypto_req_handle_t req)
+ crypto_key_t *key, crypto_spi_ctx_template_t template)
{
- return (aes_common_init(ctx, mechanism, key, template, req, B_TRUE));
+ return (aes_common_init(ctx, mechanism, key, template, B_TRUE));
}
static int
aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
- crypto_key_t *key, crypto_spi_ctx_template_t template,
- crypto_req_handle_t req)
+ crypto_key_t *key, crypto_spi_ctx_template_t template)
{
- return (aes_common_init(ctx, mechanism, key, template, req, B_FALSE));
+ return (aes_common_init(ctx, mechanism, key, template, B_FALSE));
}
@@ -279,18 +273,16 @@ aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
static int
aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_spi_ctx_template_t template,
- crypto_req_handle_t req, boolean_t is_encrypt_init)
+ boolean_t is_encrypt_init)
{
aes_ctx_t *aes_ctx;
int rv;
- int kmflag;
- kmflag = crypto_kmflag(req);
- if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
+ if ((rv = aes_check_mech_param(mechanism, &aes_ctx))
!= CRYPTO_SUCCESS)
return (rv);
- rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, kmflag,
+ rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, KM_SLEEP,
is_encrypt_init);
if (rv != CRYPTO_SUCCESS) {
crypto_free_mode_ctx(aes_ctx);
@@ -320,7 +312,7 @@ aes_copy_block64(uint8_t *in, uint64_t *out)
static int
aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
- crypto_data_t *ciphertext, crypto_req_handle_t req)
+ crypto_data_t *ciphertext)
{
int ret = CRYPTO_FAILED;
@@ -372,7 +364,7 @@ aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
/*
* Do an update on the specified input data.
*/
- ret = aes_encrypt_update(ctx, plaintext, ciphertext, req);
+ ret = aes_encrypt_update(ctx, plaintext, ciphertext);
if (ret != CRYPTO_SUCCESS) {
return (ret);
}
@@ -435,7 +427,7 @@ aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
static int
aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
- crypto_data_t *plaintext, crypto_req_handle_t req)
+ crypto_data_t *plaintext)
{
int ret = CRYPTO_FAILED;
@@ -493,7 +485,7 @@ aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
/*
* Do an update on the specified input data.
*/
- ret = aes_decrypt_update(ctx, ciphertext, plaintext, req);
+ ret = aes_decrypt_update(ctx, ciphertext, plaintext);
if (ret != CRYPTO_SUCCESS) {
goto cleanup;
}
@@ -549,9 +541,8 @@ cleanup:
static int
aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
- crypto_data_t *ciphertext, crypto_req_handle_t req)
+ crypto_data_t *ciphertext)
{
- (void) req;
off_t saved_offset;
size_t saved_length, out_len;
int ret = CRYPTO_SUCCESS;
@@ -618,7 +609,7 @@ aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
static int
aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
- crypto_data_t *plaintext, crypto_req_handle_t req)
+ crypto_data_t *plaintext)
{
off_t saved_offset;
size_t saved_length, out_len;
@@ -650,9 +641,6 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
saved_offset = plaintext->cd_offset;
saved_length = plaintext->cd_length;
- if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE))
- gcm_set_kmflag((gcm_ctx_t *)aes_ctx, crypto_kmflag(req));
-
/*
* Do the AES update on the specified input data.
*/
@@ -696,10 +684,8 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
}
static int
-aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
- crypto_req_handle_t req)
+aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
{
- (void) req;
aes_ctx_t *aes_ctx;
int ret;
@@ -753,10 +739,8 @@ aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
}
static int
-aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
- crypto_req_handle_t req)
+aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
{
- (void) req;
aes_ctx_t *aes_ctx;
int ret;
off_t saved_offset;
@@ -859,7 +843,7 @@ static int
aes_encrypt_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
- crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+ crypto_spi_ctx_template_t template)
{
(void) provider, (void) session_id;
aes_ctx_t aes_ctx; /* on the stack */
@@ -885,13 +869,13 @@ aes_encrypt_atomic(crypto_provider_handle_t provider,
return (CRYPTO_DATA_LEN_RANGE);
}
- if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS)
+ if ((ret = aes_check_mech_param(mechanism, NULL)) != CRYPTO_SUCCESS)
return (ret);
bzero(&aes_ctx, sizeof (aes_ctx_t));
ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key,
- crypto_kmflag(req), B_TRUE);
+ KM_SLEEP, B_TRUE);
if (ret != CRYPTO_SUCCESS)
return (ret);
@@ -995,7 +979,7 @@ static int
aes_decrypt_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
- crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+ crypto_spi_ctx_template_t template)
{
(void) provider, (void) session_id;
aes_ctx_t aes_ctx; /* on the stack */
@@ -1021,13 +1005,13 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
}
- if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS)
+ if ((ret = aes_check_mech_param(mechanism, NULL)) != CRYPTO_SUCCESS)
return (ret);
bzero(&aes_ctx, sizeof (aes_ctx_t));
ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key,
- crypto_kmflag(req), B_FALSE);
+ KM_SLEEP, B_FALSE);
if (ret != CRYPTO_SUCCESS)
return (ret);
@@ -1057,10 +1041,6 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
saved_offset = plaintext->cd_offset;
saved_length = plaintext->cd_length;
- if (mechanism->cm_type == AES_GCM_MECH_INFO_TYPE ||
- mechanism->cm_type == AES_GMAC_MECH_INFO_TYPE)
- gcm_set_kmflag((gcm_ctx_t *)&aes_ctx, crypto_kmflag(req));
-
/*
* Do an update on the specified input data.
*/
@@ -1164,7 +1144,7 @@ out:
static int
aes_create_ctx_template(crypto_provider_handle_t provider,
crypto_mechanism_t *mechanism, crypto_key_t *key,
- crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
+ crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size)
{
(void) provider;
void *keysched;
@@ -1179,8 +1159,7 @@ aes_create_ctx_template(crypto_provider_handle_t provider,
mechanism->cm_type != AES_GMAC_MECH_INFO_TYPE)
return (CRYPTO_MECHANISM_INVALID);
- if ((keysched = aes_alloc_keysched(&size,
- crypto_kmflag(req))) == NULL) {
+ if ((keysched = aes_alloc_keysched(&size, KM_SLEEP)) == NULL) {
return (CRYPTO_HOST_MEMORY);
}
@@ -1342,7 +1321,7 @@ static int
aes_mac_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
- crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+ crypto_spi_ctx_template_t template)
{
CK_AES_GCM_PARAMS gcm_params;
crypto_mechanism_t gcm_mech;
@@ -1357,14 +1336,14 @@ aes_mac_atomic(crypto_provider_handle_t provider,
gcm_mech.cm_param = (char *)&gcm_params;
return (aes_encrypt_atomic(provider, session_id, &gcm_mech,
- key, &null_crypto_data, mac, template, req));
+ key, &null_crypto_data, mac, template));
}
static int
aes_mac_verify_atomic(crypto_provider_handle_t provider,
crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
- crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+ crypto_spi_ctx_template_t template)
{
CK_AES_GCM_PARAMS gcm_params;
crypto_mechanism_t gcm_mech;
@@ -1379,5 +1358,5 @@ aes_mac_verify_atomic(crypto_provider_handle_t provider,
gcm_mech.cm_param = (char *)&gcm_params;
return (aes_decrypt_atomic(provider, session_id, &gcm_mech,
- key, mac, &null_crypto_data, template, req));
+ key, mac, &null_crypto_data, template));
}