1
// SPDX-License-Identifier: CDDL-1.0
2
/*
3
 * CDDL HEADER START
4
 *
5
 * The contents of this file are subject to the terms of the
6
 * Common Development and Distribution License (the "License").
7
 * You may not use this file except in compliance with the License.
8
 *
9
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10
 * or https://opensource.org/licenses/CDDL-1.0.
11
 * See the License for the specific language governing permissions
12
 * and limitations under the License.
13
 *
14
 * When distributing Covered Code, include this CDDL HEADER in each
15
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16
 * If applicable, add the following below this CDDL HEADER, with the
17
 * fields enclosed by brackets "[]" replaced with your own identifying
18
 * information: Portions Copyright [yyyy] [name of copyright owner]
19
 *
20
 * CDDL HEADER END
21
 */
22
/*
23
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24
 * Use is subject to license terms.
25
 */
26

27
#include <sys/zfs_context.h>
28
#include <modes/modes.h>
29
#include <sys/crypto/common.h>
30
#include <sys/crypto/impl.h>
31

32
/*
33
 * Initialize by setting iov_or_mp to point to the current iovec or mp,
34
 * and by setting current_offset to an offset within the current iovec or mp.
35
 */
36
void
37
crypto_init_ptrs(crypto_data_t *out, void **iov_or_mp, offset_t *current_offset)
38
{
39
	offset_t offset;
40

41
	switch (out->cd_format) {
42
	case CRYPTO_DATA_RAW:
43
		*current_offset = out->cd_offset;
44
		break;
45

46
	case CRYPTO_DATA_UIO: {
47
		zfs_uio_t *uiop = out->cd_uio;
48
		uint_t vec_idx;
49

50
		offset = out->cd_offset;
51
		offset = zfs_uio_index_at_offset(uiop, offset, &vec_idx);
52

53
		*current_offset = offset;
54
		*iov_or_mp = (void *)(uintptr_t)vec_idx;
55
		break;
56
	}
57
	} /* end switch */
58
}
59

60
/*
61
 * Get pointers for where in the output to copy a block of encrypted or
62
 * decrypted data.  The iov_or_mp argument stores a pointer to the current
63
 * iovec or mp, and offset stores an offset into the current iovec or mp.
64
 */
65
void
66
crypto_get_ptrs(crypto_data_t *out, void **iov_or_mp, offset_t *current_offset,
67
    uint8_t **out_data_1, size_t *out_data_1_len, uint8_t **out_data_2,
68
    size_t amt)
69
{
70
	offset_t offset;
71

72
	switch (out->cd_format) {
73
	case CRYPTO_DATA_RAW: {
74
		iovec_t *iov;
75

76
		offset = *current_offset;
77
		iov = &out->cd_raw;
78
		if ((offset + amt) <= iov->iov_len) {
79
			/* one block fits */
80
			*out_data_1 = (uint8_t *)iov->iov_base + offset;
81
			*out_data_1_len = amt;
82
			*out_data_2 = NULL;
83
			*current_offset = offset + amt;
84
		}
85
		break;
86
	}
87

88
	case CRYPTO_DATA_UIO: {
89
		zfs_uio_t *uio = out->cd_uio;
90
		offset_t offset;
91
		uint_t vec_idx;
92
		uint8_t *p;
93
		uint64_t iov_len;
94
		void *iov_base;
95

96
		offset = *current_offset;
97
		vec_idx = (uintptr_t)(*iov_or_mp);
98
		zfs_uio_iov_at_index(uio, vec_idx, &iov_base, &iov_len);
99
		p = (uint8_t *)iov_base + offset;
100
		*out_data_1 = p;
101

102
		if (offset + amt <= iov_len) {
103
			/* can fit one block into this iov */
104
			*out_data_1_len = amt;
105
			*out_data_2 = NULL;
106
			*current_offset = offset + amt;
107
		} else {
108
			/* one block spans two iovecs */
109
			*out_data_1_len = iov_len - offset;
110
			if (vec_idx == zfs_uio_iovcnt(uio)) {
111
				*out_data_2 = NULL;
112
				return;
113
			}
114
			vec_idx++;
115
			zfs_uio_iov_at_index(uio, vec_idx, &iov_base, &iov_len);
116
			*out_data_2 = (uint8_t *)iov_base;
117
			*current_offset = amt - *out_data_1_len;
118
		}
119
		*iov_or_mp = (void *)(uintptr_t)vec_idx;
120
		break;
121
	}
122
	} /* end switch */
123
}
124

125
void
126
crypto_free_mode_ctx(void *ctx)
127
{
128
	common_ctx_t *common_ctx = (common_ctx_t *)ctx;
129

130
	switch (common_ctx->cc_flags & (CCM_MODE|GCM_MODE)) {
131
	case CCM_MODE:
132
		if (((ccm_ctx_t *)ctx)->ccm_pt_buf != NULL)
133
			vmem_free(((ccm_ctx_t *)ctx)->ccm_pt_buf,
134
			    ((ccm_ctx_t *)ctx)->ccm_data_len);
135

136
		kmem_free(ctx, sizeof (ccm_ctx_t));
137
		break;
138

139
	case GCM_MODE:
140
		gcm_clear_ctx((gcm_ctx_t *)ctx);
141
		kmem_free(ctx, sizeof (gcm_ctx_t));
142
		break;
143

144
	default:
145
		__builtin_unreachable();
146
	}
147
}
148

149
static void *
150
explicit_memset(void *s, int c, size_t n)
151
{
152
	memset(s, c, n);
153
	__asm__ __volatile__("" :: "r"(s) : "memory");
154
	return (s);
155
}
156

157
/*
158
 * Clear sensitive data in the context and free allocated memory.
159
 *
160
 * ctx->gcm_remainder may contain a plaintext remainder. ctx->gcm_H and
161
 * ctx->gcm_Htable contain the hash sub key which protects authentication.
162
 * ctx->gcm_pt_buf contains the plaintext result of decryption.
163
 *
164
 * Although extremely unlikely, ctx->gcm_J0 and ctx->gcm_tmp could be used for
165
 * a known plaintext attack, they consist of the IV and the first and last
166
 * counter respectively. If they should be cleared is debatable.
167
 */
168
void
169
gcm_clear_ctx(gcm_ctx_t *ctx)
170
{
171
	explicit_memset(ctx->gcm_remainder, 0, sizeof (ctx->gcm_remainder));
172
	explicit_memset(ctx->gcm_H, 0, sizeof (ctx->gcm_H));
173
#if defined(CAN_USE_GCM_ASM)
174
	if (ctx->impl != GCM_IMPL_GENERIC) {
175
		ASSERT3P(ctx->gcm_Htable, !=, NULL);
176
		explicit_memset(ctx->gcm_Htable, 0, ctx->gcm_htab_len);
177
		kmem_free(ctx->gcm_Htable, ctx->gcm_htab_len);
178
	}
179
#endif
180
	if (ctx->gcm_pt_buf != NULL) {
181
		explicit_memset(ctx->gcm_pt_buf, 0, ctx->gcm_pt_buf_len);
182
		vmem_free(ctx->gcm_pt_buf, ctx->gcm_pt_buf_len);
183
	}
184
	/* Optional */
185
	explicit_memset(ctx->gcm_J0, 0, sizeof (ctx->gcm_J0));
186
	explicit_memset(ctx->gcm_tmp, 0, sizeof (ctx->gcm_tmp));
187
}
188

189