static void smb2_hmac_sha256_final(sha2_hc_ctx_t *hc, uint8_t *digest) { /* SOFT_MAC_FINAL_2(...) */ SHA2Final(digest, &hc->hc_icontext); SHA2Update(&hc->hc_ocontext, digest, SHA256_DIGEST_LENGTH); SHA2Final(digest, &hc->hc_ocontext); }
/*ARGSUSED*/ void zio_checksum_SHA512_native(const void *buf, uint64_t size, const void *ctx_template, zio_cksum_t *zcp) { SHA2_CTX ctx; SHA2Init(SHA512_256, &ctx); SHA2Update(&ctx, buf, size); SHA2Final(zcp, &ctx); }
/*ARGSUSED*/ void abd_checksum_SHA512_native(abd_t *abd, uint64_t size, const void *ctx_template, zio_cksum_t *zcp) { SHA2_CTX ctx; SHA2Init(SHA512_256, &ctx); (void) abd_iterate_func(abd, 0, size, sha_incremental, &ctx); SHA2Final(zcp, &ctx); }
/*ARGSUSED*/ void zio_checksum_SHA256(const void *buf, uint64_t size, const void *ctx_template, zio_cksum_t *zcp) { SHA2_CTX ctx; zio_cksum_t tmp; SHA2Init(SHA256, &ctx); SHA2Update(&ctx, buf, size); SHA2Final(&tmp, &ctx); /* * A prior implementation of this function had a * private SHA256 implementation always wrote things out in * Big Endian and there wasn't a byteswap variant of it. * To preseve on disk compatibility we need to force that * behaviour. */ zcp->zc_word[0] = BE_64(tmp.zc_word[0]); zcp->zc_word[1] = BE_64(tmp.zc_word[1]); zcp->zc_word[2] = BE_64(tmp.zc_word[2]); zcp->zc_word[3] = BE_64(tmp.zc_word[3]); }
/* ARGSUSED */ static int sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req) { int ret = CRYPTO_SUCCESS; uint_t sha_digest_len; ASSERT(ctx->cc_provider_private != NULL); switch (PROV_SHA2_CTX(ctx)->sc_mech_type) { case SHA256_MECH_INFO_TYPE: sha_digest_len = SHA256_DIGEST_LENGTH; break; case SHA384_MECH_INFO_TYPE: sha_digest_len = SHA384_DIGEST_LENGTH; break; case SHA512_MECH_INFO_TYPE: sha_digest_len = SHA512_DIGEST_LENGTH; break; default: return (CRYPTO_MECHANISM_INVALID); } /* * We need to just return the length needed to store the output. * We should not destroy the context for the following cases. */ if ((digest->cd_length == 0) || (digest->cd_length < sha_digest_len)) { digest->cd_length = sha_digest_len; return (CRYPTO_BUFFER_TOO_SMALL); } /* * Do a SHA2 final. */ switch (digest->cd_format) { case CRYPTO_DATA_RAW: SHA2Final((unsigned char *)digest->cd_raw.iov_base + digest->cd_offset, &PROV_SHA2_CTX(ctx)->sc_sha2_ctx); break; case CRYPTO_DATA_UIO: ret = sha2_digest_final_uio(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx, digest, sha_digest_len, NULL); break; case CRYPTO_DATA_MBLK: ret = sha2_digest_final_mblk(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx, digest, sha_digest_len, NULL); break; default: ret = CRYPTO_ARGUMENTS_BAD; } /* all done, free context and return */ if (ret == CRYPTO_SUCCESS) digest->cd_length = sha_digest_len; else digest->cd_length = 0; kmem_free(ctx->cc_provider_private, sizeof (sha2_ctx_t)); ctx->cc_provider_private = NULL; return (ret); }
/* ARGSUSED */ static int sha2_digest_atomic(crypto_provider_handle_t provider, crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req) { int ret = CRYPTO_SUCCESS; SHA2_CTX sha2_ctx; uint32_t sha_digest_len; /* * Do the SHA inits. */ SHA2Init(mechanism->cm_type, &sha2_ctx); switch (data->cd_format) { case CRYPTO_DATA_RAW: SHA2Update(&sha2_ctx, (uint8_t *)data-> cd_raw.iov_base + data->cd_offset, data->cd_length); break; case CRYPTO_DATA_UIO: ret = sha2_digest_update_uio(&sha2_ctx, data); break; case CRYPTO_DATA_MBLK: ret = sha2_digest_update_mblk(&sha2_ctx, data); break; default: ret = CRYPTO_ARGUMENTS_BAD; } /* * Do the SHA updates on the specified input data. */ if (ret != CRYPTO_SUCCESS) { /* the update failed, bail */ digest->cd_length = 0; return (ret); } if (mechanism->cm_type <= SHA256_HMAC_GEN_MECH_INFO_TYPE) sha_digest_len = SHA256_DIGEST_LENGTH; else sha_digest_len = SHA512_DIGEST_LENGTH; /* * Do a SHA2 final, must be done separately since the digest * type can be different than the input data type. */ switch (digest->cd_format) { case CRYPTO_DATA_RAW: SHA2Final((unsigned char *)digest->cd_raw.iov_base + digest->cd_offset, &sha2_ctx); break; case CRYPTO_DATA_UIO: ret = sha2_digest_final_uio(&sha2_ctx, digest, sha_digest_len, NULL); break; case CRYPTO_DATA_MBLK: ret = sha2_digest_final_mblk(&sha2_ctx, digest, sha_digest_len, NULL); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (ret == CRYPTO_SUCCESS) digest->cd_length = sha_digest_len; else digest->cd_length = 0; return (ret); }
/* * Helper SHA2 digest final for mblk's. * digest_len is the length of the desired digest. If digest_len * is smaller than the default SHA2 digest length, the caller * must pass a scratch buffer, digest_scratch, which must * be at least the algorithm's digest length bytes. */ static int sha2_digest_final_mblk(SHA2_CTX *sha2_ctx, crypto_data_t *digest, ulong_t digest_len, uchar_t *digest_scratch) { off_t offset = digest->cd_offset; mblk_t *mp; /* * Jump to the first mblk_t that will be used to store the digest. */ for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp); offset -= MBLKL(mp), mp = mp->b_cont) ; if (mp == NULL) { /* * The caller specified an offset that is larger than the * total size of the buffers it provided. */ return (CRYPTO_DATA_LEN_RANGE); } if (offset + digest_len <= MBLKL(mp)) { /* * The computed SHA2 digest will fit in the current mblk. * Do the SHA2Final() in-place. */ if (((sha2_ctx->algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) && (digest_len != SHA256_DIGEST_LENGTH)) || ((sha2_ctx->algotype > SHA256_HMAC_GEN_MECH_INFO_TYPE) && (digest_len != SHA512_DIGEST_LENGTH))) { /* * The caller requested a short digest. Digest * into a scratch buffer and return to * the user only what was requested. */ SHA2Final(digest_scratch, sha2_ctx); bcopy(digest_scratch, mp->b_rptr + offset, digest_len); } else { SHA2Final(mp->b_rptr + offset, sha2_ctx); } } else { /* * The computed digest will be crossing one or more mblk's. * This is bad performance-wise but we need to support it. * Allocate a small scratch buffer on the stack and * copy it piece meal to the specified digest iovec's. */ uchar_t digest_tmp[SHA512_DIGEST_LENGTH]; off_t scratch_offset = 0; size_t length = digest_len; size_t cur_len; SHA2Final(digest_tmp, sha2_ctx); while (mp != NULL && length > 0) { cur_len = MIN(MBLKL(mp) - offset, length); bcopy(digest_tmp + scratch_offset, mp->b_rptr + offset, cur_len); length -= cur_len; mp = mp->b_cont; scratch_offset += cur_len; offset = 0; } if (mp == NULL && length > 0) { /* * The end of the specified mblk was reached but * the length requested could not be processed, i.e. * The caller requested to digest more data than it * provided. */ return (CRYPTO_DATA_LEN_RANGE); } } return (CRYPTO_SUCCESS); }
/* * Helper SHA2 digest final function for uio data. * digest_len is the length of the desired digest. If digest_len * is smaller than the default SHA2 digest length, the caller * must pass a scratch buffer, digest_scratch, which must * be at least the algorithm's digest length bytes. */ static int sha2_digest_final_uio(SHA2_CTX *sha2_ctx, crypto_data_t *digest, ulong_t digest_len, uchar_t *digest_scratch) { off_t offset = digest->cd_offset; uint_t vec_idx; /* we support only kernel buffer */ if (digest->cd_uio->uio_segflg != UIO_SYSSPACE) return (CRYPTO_ARGUMENTS_BAD); /* * Jump to the first iovec containing ptr to the digest to * be returned. */ for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len && vec_idx < digest->cd_uio->uio_iovcnt; offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len) ; if (vec_idx == digest->cd_uio->uio_iovcnt) { /* * The caller specified an offset that is * larger than the total size of the buffers * it provided. */ return (CRYPTO_DATA_LEN_RANGE); } if (offset + digest_len <= digest->cd_uio->uio_iov[vec_idx].iov_len) { /* * The computed SHA2 digest will fit in the current * iovec. */ if (((sha2_ctx->algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) && (digest_len != SHA256_DIGEST_LENGTH)) || ((sha2_ctx->algotype > SHA256_HMAC_GEN_MECH_INFO_TYPE) && (digest_len != SHA512_DIGEST_LENGTH))) { /* * The caller requested a short digest. Digest * into a scratch buffer and return to * the user only what was requested. */ SHA2Final(digest_scratch, sha2_ctx); bcopy(digest_scratch, (uchar_t *)digest-> cd_uio->uio_iov[vec_idx].iov_base + offset, digest_len); } else { SHA2Final((uchar_t *)digest-> cd_uio->uio_iov[vec_idx].iov_base + offset, sha2_ctx); } } else { /* * The computed digest will be crossing one or more iovec's. * This is bad performance-wise but we need to support it. * Allocate a small scratch buffer on the stack and * copy it piece meal to the specified digest iovec's. */ uchar_t digest_tmp[SHA512_DIGEST_LENGTH]; off_t scratch_offset = 0; size_t length = digest_len; size_t cur_len; SHA2Final(digest_tmp, sha2_ctx); while (vec_idx < digest->cd_uio->uio_iovcnt && length > 0) { cur_len = MIN(digest->cd_uio->uio_iov[vec_idx].iov_len - offset, length); bcopy(digest_tmp + scratch_offset, digest->cd_uio->uio_iov[vec_idx].iov_base + offset, cur_len); length -= cur_len; vec_idx++; scratch_offset += cur_len; offset = 0; } if (vec_idx == digest->cd_uio->uio_iovcnt && length > 0) { /* * The end of the specified iovec's was reached but * the length requested could not be processed, i.e. * The caller requested to digest more data than it * provided. */ return (CRYPTO_DATA_LEN_RANGE); } } return (CRYPTO_SUCCESS); }
/* ARGSUSED */ static int sha2_mac_verify_atomic(crypto_provider_handle_t provider, crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req) { int ret = CRYPTO_SUCCESS; uchar_t digest[SHA512_DIGEST_LENGTH]; sha2_hmac_ctx_t sha2_hmac_ctx; uint32_t sha_digest_len, digest_len, sha_hmac_block_size; uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); /* * Set the digest length and block size to values appropriate to the * mechanism */ switch (mechanism->cm_type) { case SHA256_HMAC_MECH_INFO_TYPE: case SHA256_HMAC_GEN_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA256_DIGEST_LENGTH; sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE; break; case SHA384_HMAC_MECH_INFO_TYPE: case SHA384_HMAC_GEN_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_GEN_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA512_DIGEST_LENGTH; sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE; break; default: return (CRYPTO_MECHANISM_INVALID); } /* Add support for key by attributes (RFE 4706552) */ if (key->ck_format != CRYPTO_KEY_RAW) return (CRYPTO_ARGUMENTS_BAD); if (ctx_template != NULL) { /* reuse context template */ bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); } else { sha2_hmac_ctx.hc_mech_type = mechanism->cm_type; /* no context template, initialize context */ if (keylen_in_bytes > sha_hmac_block_size) { /* * Hash the passed-in key to get a smaller key. * The inner context is used since it hasn't been * initialized yet. */ PROV_SHA2_DIGEST_KEY(mechanism->cm_type / 3, &sha2_hmac_ctx.hc_icontext, key->ck_data, keylen_in_bytes, digest); sha2_mac_init_ctx(&sha2_hmac_ctx, digest, sha_digest_len); } else { sha2_mac_init_ctx(&sha2_hmac_ctx, key->ck_data, keylen_in_bytes); } } /* get the mechanism parameters, if applicable */ if (mechanism->cm_type % 3 == 2) { if (mechanism->cm_param == NULL || mechanism->cm_param_len != sizeof (ulong_t)) { ret = CRYPTO_MECHANISM_PARAM_INVALID; goto bail; } PROV_SHA2_GET_DIGEST_LEN(mechanism, digest_len); if (digest_len > sha_digest_len) { ret = CRYPTO_MECHANISM_PARAM_INVALID; goto bail; } } if (mac->cd_length != digest_len) { ret = CRYPTO_INVALID_MAC; goto bail; } /* do a SHA2 update of the inner context using the specified data */ SHA2_MAC_UPDATE(data, sha2_hmac_ctx, ret); if (ret != CRYPTO_SUCCESS) /* the update failed, free context and bail */ goto bail; /* do a SHA2 final on the inner context */ SHA2Final(digest, &sha2_hmac_ctx.hc_icontext); /* * Do an SHA2 update on the outer context, feeding the inner * digest as data. * * HMAC-SHA384 needs special handling as the outer hash needs only 48 * bytes of the inner hash value. */ if (mechanism->cm_type == SHA384_HMAC_MECH_INFO_TYPE || mechanism->cm_type == SHA384_HMAC_GEN_MECH_INFO_TYPE) SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, SHA384_DIGEST_LENGTH); else SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len); /* * Do a SHA2 final on the outer context, storing the computed * digest in the users buffer. */ SHA2Final(digest, &sha2_hmac_ctx.hc_ocontext); /* * Compare the computed digest against the expected digest passed * as argument. */ switch (mac->cd_format) { case CRYPTO_DATA_RAW: if (bcmp(digest, (unsigned char *)mac->cd_raw.iov_base + mac->cd_offset, digest_len) != 0) ret = CRYPTO_INVALID_MAC; break; case CRYPTO_DATA_UIO: { off_t offset = mac->cd_offset; uint_t vec_idx; off_t scratch_offset = 0; size_t length = digest_len; size_t cur_len; /* we support only kernel buffer */ if (mac->cd_uio->uio_segflg != UIO_SYSSPACE) return (CRYPTO_ARGUMENTS_BAD); /* jump to the first iovec containing the expected digest */ for (vec_idx = 0; offset >= mac->cd_uio->uio_iov[vec_idx].iov_len && vec_idx < mac->cd_uio->uio_iovcnt; offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len) ; if (vec_idx == mac->cd_uio->uio_iovcnt) { /* * The caller specified an offset that is * larger than the total size of the buffers * it provided. */ ret = CRYPTO_DATA_LEN_RANGE; break; } /* do the comparison of computed digest vs specified one */ while (vec_idx < mac->cd_uio->uio_iovcnt && length > 0) { cur_len = MIN(mac->cd_uio->uio_iov[vec_idx].iov_len - offset, length); if (bcmp(digest + scratch_offset, mac->cd_uio->uio_iov[vec_idx].iov_base + offset, cur_len) != 0) { ret = CRYPTO_INVALID_MAC; break; } length -= cur_len; vec_idx++; scratch_offset += cur_len; offset = 0; } break; } case CRYPTO_DATA_MBLK: { off_t offset = mac->cd_offset; mblk_t *mp; off_t scratch_offset = 0; size_t length = digest_len; size_t cur_len; /* jump to the first mblk_t containing the expected digest */ for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp); offset -= MBLKL(mp), mp = mp->b_cont) ; if (mp == NULL) { /* * The caller specified an offset that is larger than * the total size of the buffers it provided. */ ret = CRYPTO_DATA_LEN_RANGE; break; } while (mp != NULL && length > 0) { cur_len = MIN(MBLKL(mp) - offset, length); if (bcmp(digest + scratch_offset, mp->b_rptr + offset, cur_len) != 0) { ret = CRYPTO_INVALID_MAC; break; } length -= cur_len; mp = mp->b_cont; scratch_offset += cur_len; offset = 0; } break; } default: ret = CRYPTO_ARGUMENTS_BAD; } return (ret); bail: bzero(&sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); mac->cd_length = 0; return (ret); }
/* ARGSUSED */ static int sha2_mac_atomic(crypto_provider_handle_t provider, crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req) { int ret = CRYPTO_SUCCESS; uchar_t digest[SHA512_DIGEST_LENGTH]; sha2_hmac_ctx_t sha2_hmac_ctx; uint32_t sha_digest_len, digest_len, sha_hmac_block_size; uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); /* * Set the digest length and block size to values appropriate to the * mechanism */ switch (mechanism->cm_type) { case SHA256_HMAC_MECH_INFO_TYPE: case SHA256_HMAC_GEN_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA256_DIGEST_LENGTH; sha_hmac_block_size = SHA256_HMAC_BLOCK_SIZE; break; case SHA384_HMAC_MECH_INFO_TYPE: case SHA384_HMAC_GEN_MECH_INFO_TYPE: case SHA512_HMAC_MECH_INFO_TYPE: case SHA512_HMAC_GEN_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA512_DIGEST_LENGTH; sha_hmac_block_size = SHA512_HMAC_BLOCK_SIZE; break; default: return (CRYPTO_MECHANISM_INVALID); } /* Add support for key by attributes (RFE 4706552) */ if (key->ck_format != CRYPTO_KEY_RAW) return (CRYPTO_ARGUMENTS_BAD); if (ctx_template != NULL) { /* reuse context template */ bcopy(ctx_template, &sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); } else { sha2_hmac_ctx.hc_mech_type = mechanism->cm_type; /* no context template, initialize context */ if (keylen_in_bytes > sha_hmac_block_size) { /* * Hash the passed-in key to get a smaller key. * The inner context is used since it hasn't been * initialized yet. */ PROV_SHA2_DIGEST_KEY(mechanism->cm_type / 3, &sha2_hmac_ctx.hc_icontext, key->ck_data, keylen_in_bytes, digest); sha2_mac_init_ctx(&sha2_hmac_ctx, digest, sha_digest_len); } else { sha2_mac_init_ctx(&sha2_hmac_ctx, key->ck_data, keylen_in_bytes); } } /* get the mechanism parameters, if applicable */ if ((mechanism->cm_type % 3) == 2) { if (mechanism->cm_param == NULL || mechanism->cm_param_len != sizeof (ulong_t)) { ret = CRYPTO_MECHANISM_PARAM_INVALID; goto bail; } PROV_SHA2_GET_DIGEST_LEN(mechanism, digest_len); if (digest_len > sha_digest_len) { ret = CRYPTO_MECHANISM_PARAM_INVALID; goto bail; } } /* do a SHA2 update of the inner context using the specified data */ SHA2_MAC_UPDATE(data, sha2_hmac_ctx, ret); if (ret != CRYPTO_SUCCESS) /* the update failed, free context and bail */ goto bail; /* * Do a SHA2 final on the inner context. */ SHA2Final(digest, &sha2_hmac_ctx.hc_icontext); /* * Do an SHA2 update on the outer context, feeding the inner * digest as data. * * HMAC-SHA384 needs special handling as the outer hash needs only 48 * bytes of the inner hash value. */ if (mechanism->cm_type == SHA384_HMAC_MECH_INFO_TYPE || mechanism->cm_type == SHA384_HMAC_GEN_MECH_INFO_TYPE) SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, SHA384_DIGEST_LENGTH); else SHA2Update(&sha2_hmac_ctx.hc_ocontext, digest, sha_digest_len); /* * Do a SHA2 final on the outer context, storing the computed * digest in the users buffer. */ switch (mac->cd_format) { case CRYPTO_DATA_RAW: if (digest_len != sha_digest_len) { /* * The caller requested a short digest. Digest * into a scratch buffer and return to * the user only what was requested. */ SHA2Final(digest, &sha2_hmac_ctx.hc_ocontext); bcopy(digest, (unsigned char *)mac->cd_raw.iov_base + mac->cd_offset, digest_len); } else { SHA2Final((unsigned char *)mac->cd_raw.iov_base + mac->cd_offset, &sha2_hmac_ctx.hc_ocontext); } break; case CRYPTO_DATA_UIO: ret = sha2_digest_final_uio(&sha2_hmac_ctx.hc_ocontext, mac, digest_len, digest); break; case CRYPTO_DATA_MBLK: ret = sha2_digest_final_mblk(&sha2_hmac_ctx.hc_ocontext, mac, digest_len, digest); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (ret == CRYPTO_SUCCESS) { mac->cd_length = digest_len; return (CRYPTO_SUCCESS); } bail: bzero(&sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); mac->cd_length = 0; return (ret); }
/* ARGSUSED */ static int sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req) { int ret = CRYPTO_SUCCESS; uchar_t digest[SHA512_DIGEST_LENGTH]; uint32_t digest_len, sha_digest_len; ASSERT(ctx->cc_provider_private != NULL); /* Set the digest lengths to values appropriate to the mechanism */ switch (PROV_SHA2_HMAC_CTX(ctx)->hc_mech_type) { case SHA256_HMAC_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA256_DIGEST_LENGTH; break; case SHA384_HMAC_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA384_DIGEST_LENGTH; break; case SHA512_HMAC_MECH_INFO_TYPE: sha_digest_len = digest_len = SHA512_DIGEST_LENGTH; break; case SHA256_HMAC_GEN_MECH_INFO_TYPE: sha_digest_len = SHA256_DIGEST_LENGTH; digest_len = PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len; break; case SHA384_HMAC_GEN_MECH_INFO_TYPE: case SHA512_HMAC_GEN_MECH_INFO_TYPE: sha_digest_len = SHA512_DIGEST_LENGTH; digest_len = PROV_SHA2_HMAC_CTX(ctx)->hc_digest_len; break; } /* * We need to just return the length needed to store the output. * We should not destroy the context for the following cases. */ if ((mac->cd_length == 0) || (mac->cd_length < digest_len)) { mac->cd_length = digest_len; return (CRYPTO_BUFFER_TOO_SMALL); } /* * Do a SHA2 final on the inner context. */ SHA2Final(digest, &PROV_SHA2_HMAC_CTX(ctx)->hc_icontext); /* * Do a SHA2 update on the outer context, feeding the inner * digest as data. */ SHA2Update(&PROV_SHA2_HMAC_CTX(ctx)->hc_ocontext, digest, sha_digest_len); /* * Do a SHA2 final on the outer context, storing the computing * digest in the users buffer. */ switch (mac->cd_format) { case CRYPTO_DATA_RAW: if (digest_len != sha_digest_len) { /* * The caller requested a short digest. Digest * into a scratch buffer and return to * the user only what was requested. */ SHA2Final(digest, &PROV_SHA2_HMAC_CTX(ctx)->hc_ocontext); bcopy(digest, (unsigned char *)mac->cd_raw.iov_base + mac->cd_offset, digest_len); } else { SHA2Final((unsigned char *)mac->cd_raw.iov_base + mac->cd_offset, &PROV_SHA2_HMAC_CTX(ctx)->hc_ocontext); } break; case CRYPTO_DATA_UIO: ret = sha2_digest_final_uio( &PROV_SHA2_HMAC_CTX(ctx)->hc_ocontext, mac, digest_len, digest); break; case CRYPTO_DATA_MBLK: ret = sha2_digest_final_mblk( &PROV_SHA2_HMAC_CTX(ctx)->hc_ocontext, mac, digest_len, digest); break; default: ret = CRYPTO_ARGUMENTS_BAD; } if (ret == CRYPTO_SUCCESS) mac->cd_length = digest_len; else mac->cd_length = 0; bzero(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t)); kmem_free(ctx->cc_provider_private, sizeof (sha2_hmac_ctx_t)); ctx->cc_provider_private = NULL; return (ret); }