4 files changed, 28 insertions, 10 deletions

diff --git a/usr/src/common/crypto/aes/aes_impl.h b/usr/src/common/crypto/aes/aes_impl.h
index d73729c03d..7021276162 100644
--- a/usr/src/common/crypto/aes/aes_impl.h
+++ b/usr/src/common/crypto/aes/aes_impl.h
@@ -21,6 +21,8 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2018, Joyent, Inc.
  */
 
 #ifndef	_AES_IMPL_H
@@ -135,9 +137,10 @@ extern int aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt);
 
 /*
  * AES mode functions.
- * The first 2 functions operate on 16-byte AES blocks.
+ * The first 3 functions operate on 16-byte AES blocks.
  */
 extern void aes_copy_block(uint8_t *in, uint8_t *out);
+extern void aes_copy_block64(uint8_t *in, uint64_t *out);
 extern void aes_xor_block(uint8_t *data, uint8_t *dst);
 
 /* Note: ctx is a pointer to aes_ctx_t defined in modes.h */
diff --git a/usr/src/common/crypto/aes/aes_modes.c b/usr/src/common/crypto/aes/aes_modes.c
index 884bfa934c..b23c78d65c 100644
--- a/usr/src/common/crypto/aes/aes_modes.c
+++ b/usr/src/common/crypto/aes/aes_modes.c
@@ -21,6 +21,7 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2018, Joyent, Inc.
  */
 
 #include <sys/types.h>
@@ -50,6 +51,24 @@ aes_copy_block(uint8_t *in, uint8_t *out)
 	}
 }
 
+/*
+ * Copy a 16-byte AES block in 64-bit chunks if the input address is aligned
+ * to 64-bits
+ */
+void
+aes_copy_block64(uint8_t *in, uint64_t *out)
+{
+	if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
+		/* LINTED: pointer alignment */
+		out[0] = *(uint64_t *)&in[0];
+		/* LINTED: pointer alignment */
+		out[1] = *(uint64_t *)&in[8];
+	} else {
+		uint8_t *iv8 = (uint8_t *)&out[0];
+
+		AES_COPY_BLOCK(in, iv8);
+	}
+}
 
 /* XOR a 16-byte AES block of data into dst */
 void
@@ -83,7 +102,6 @@ aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
 	if (aes_ctx->ac_flags & CTR_MODE) {
 		rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
 		    AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
-#ifdef _KERNEL
 	} else if (aes_ctx->ac_flags & CCM_MODE) {
 		rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
@@ -92,7 +110,6 @@ aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
 		rv = gcm_mode_encrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
 		    aes_xor_block);
-#endif
 	} else if (aes_ctx->ac_flags & (CBC_MODE|CMAC_MODE)) {
 		rv = cbc_encrypt_contiguous_blocks(ctx,
 		    data, length, out, AES_BLOCK_LEN, aes_encrypt_block,
@@ -120,7 +137,6 @@ aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
 		    AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
 		if (rv == CRYPTO_DATA_LEN_RANGE)
 			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
-#ifdef _KERNEL
 	} else if (aes_ctx->ac_flags & CCM_MODE) {
 		rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
@@ -129,7 +145,6 @@ aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
 		rv = gcm_mode_decrypt_contiguous_blocks(ctx, data, length,
 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
 		    aes_xor_block);
-#endif
 	} else if (aes_ctx->ac_flags & CBC_MODE) {
 		rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
 		    AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block,
diff --git a/usr/src/common/crypto/modes/gcm.c b/usr/src/common/crypto/modes/gcm.c
index f75b0b70dd..564507abdc 100644
--- a/usr/src/common/crypto/modes/gcm.c
+++ b/usr/src/common/crypto/modes/gcm.c
@@ -20,17 +20,17 @@
  */
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018, Joyent, Inc.
  */
 
 
 #ifndef _KERNEL
 #include <strings.h>
 #include <limits.h>
-#include <assert.h>
 #include <security/cryptoki.h>
 #endif	/* _KERNEL */
 
-
+#include <sys/debug.h>
 #include <sys/types.h>
 #include <sys/kmem.h>
 #include <modes/modes.h>
@@ -419,7 +419,7 @@ gcm_decrypt_final(gcm_ctx_t *ctx, crypto_data_t *out, size_t block_size,
 	uint64_t counter_mask = ntohll(0x00000000ffffffffULL);
 	int processed = 0, rv;
 
-	ASSERT(ctx->gcm_processed_data_len == ctx->gcm_pt_buf_len);
+	ASSERT3U(ctx->gcm_processed_data_len, ==, ctx->gcm_pt_buf_len);
 
 	pt_len = ctx->gcm_processed_data_len - ctx->gcm_tag_len;
 	ghash = (uint8_t *)ctx->gcm_ghash;
diff --git a/usr/src/common/crypto/modes/modes.h b/usr/src/common/crypto/modes/modes.h
index efb3770eea..0ad18b0c25 100644
--- a/usr/src/common/crypto/modes/modes.h
+++ b/usr/src/common/crypto/modes/modes.h
@@ -23,6 +23,7 @@
  * Use is subject to license terms.
  *
  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #ifndef	_COMMON_CRYPTO_MODES_H
@@ -241,15 +242,14 @@ typedef struct aes_ctx {
 		ecb_ctx_t acu_ecb;
 		cbc_ctx_t acu_cbc;
 		ctr_ctx_t acu_ctr;
-#ifdef _KERNEL
 		ccm_ctx_t acu_ccm;
 		gcm_ctx_t acu_gcm;
-#endif
 	} acu;
 } aes_ctx_t;
 
 #define	ac_flags		acu.acu_ecb.ecb_common.cc_flags
 #define	ac_remainder_len	acu.acu_ecb.ecb_common.cc_remainder_len
+#define	ac_remainder		acu.acu_ecb.ecb_common.cc_remainder
 #define	ac_keysched		acu.acu_ecb.ecb_common.cc_keysched
 #define	ac_keysched_len		acu.acu_ecb.ecb_common.cc_keysched_len
 #define	ac_iv			acu.acu_ecb.ecb_common.cc_iv