4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
29 #include <sys/types.h>
30 #include <security/cryptoki.h>
31 #include "softObject.h"
33 #include "softSession.h"
38 #include "softCrypt.h"
44 * session_p: pointer to soft_session_t struct
45 * pMechanism: pointer to CK_MECHANISM struct provided by application
46 * key_p: pointer to key soft_object_t struct
49 * called by C_SignInit(). This function calls the corresponding
50 * sign init routine based on the mechanism.
54 soft_sign_init(soft_session_t
*session_p
, CK_MECHANISM_PTR pMechanism
,
58 switch (pMechanism
->mechanism
) {
60 case CKM_SSL3_MD5_MAC
:
61 case CKM_SSL3_SHA1_MAC
:
62 case CKM_MD5_HMAC_GENERAL
:
64 case CKM_SHA_1_HMAC_GENERAL
:
66 case CKM_SHA256_HMAC_GENERAL
:
68 case CKM_SHA384_HMAC_GENERAL
:
70 case CKM_SHA512_HMAC_GENERAL
:
73 return (soft_hmac_sign_verify_init_common(session_p
,
74 pMechanism
, key_p
, B_TRUE
));
78 case CKM_MD5_RSA_PKCS
:
79 case CKM_SHA1_RSA_PKCS
:
80 case CKM_SHA256_RSA_PKCS
:
81 case CKM_SHA384_RSA_PKCS
:
82 case CKM_SHA512_RSA_PKCS
:
84 return (soft_rsa_sign_verify_init_common(session_p
, pMechanism
,
90 return (soft_dsa_sign_verify_init_common(session_p
, pMechanism
,
96 return (soft_ecc_sign_verify_init_common(session_p
, pMechanism
,
99 case CKM_DES_MAC_GENERAL
:
102 return (soft_des_sign_verify_init_common(session_p
, pMechanism
,
105 case CKM_AES_CMAC_GENERAL
:
108 return (soft_aes_sign_verify_init_common(session_p
, pMechanism
,
112 return (CKR_MECHANISM_INVALID
);
122 * session_p: pointer to soft_session_t struct
123 * pData: pointer to the input data to be signed
124 * ulDataLen: length of the input data
125 * pSignature: pointer to the signature after signing
126 * pulSignatureLen: pointer to the length of the signature
129 * called by C_Sign(). This function calls the corresponding
130 * sign routine based on the mechanism.
134 soft_sign(soft_session_t
*session_p
, CK_BYTE_PTR pData
,
135 CK_ULONG ulDataLen
, CK_BYTE_PTR pSignature
,
136 CK_ULONG_PTR pulSignatureLen
)
139 CK_MECHANISM_TYPE mechanism
= session_p
->sign
.mech
.mechanism
;
144 case CKM_SSL3_MD5_MAC
:
145 case CKM_SSL3_SHA1_MAC
:
146 case CKM_MD5_HMAC_GENERAL
:
148 case CKM_SHA_1_HMAC_GENERAL
:
150 case CKM_SHA256_HMAC_GENERAL
:
151 case CKM_SHA256_HMAC
:
152 case CKM_SHA384_HMAC_GENERAL
:
153 case CKM_SHA384_HMAC
:
154 case CKM_SHA512_HMAC_GENERAL
:
155 case CKM_SHA512_HMAC
:
157 CK_BYTE hmac
[SHA512_DIGEST_LENGTH
]; /* use the maximum size */
159 if (pSignature
!= NULL
) {
160 /* Pass local buffer to avoid overflow. */
161 rv
= soft_hmac_sign_verify_common(session_p
, pData
,
162 ulDataLen
, hmac
, pulSignatureLen
, B_TRUE
);
164 /* Pass original pSignature, let callee to handle it. */
165 rv
= soft_hmac_sign_verify_common(session_p
, pData
,
166 ulDataLen
, pSignature
, pulSignatureLen
, B_TRUE
);
169 if ((rv
== CKR_OK
) && (pSignature
!= NULL
))
170 (void) memcpy(pSignature
, hmac
, *pulSignatureLen
);
174 case CKM_DES_MAC_GENERAL
:
177 CK_BYTE signature
[DES_BLOCK_LEN
]; /* use the maximum size */
179 if (pSignature
!= NULL
) {
180 /* Pass local buffer to avoid overflow. */
181 rv
= soft_des_sign_verify_common(session_p
, pData
,
182 ulDataLen
, signature
, pulSignatureLen
, B_TRUE
,
185 /* Pass NULL, let callee to handle it. */
186 rv
= soft_des_sign_verify_common(session_p
, pData
,
187 ulDataLen
, NULL
, pulSignatureLen
, B_TRUE
, B_FALSE
);
190 if ((rv
== CKR_OK
) && (pSignature
!= NULL
))
191 (void) memcpy(pSignature
, signature
, *pulSignatureLen
);
195 case CKM_AES_CMAC_GENERAL
:
198 CK_BYTE signature
[AES_BLOCK_LEN
];
200 if (pSignature
!= NULL
) {
201 /* Pass local buffer to avoid overflow. */
202 rv
= soft_aes_sign_verify_common(session_p
, pData
,
203 ulDataLen
, signature
, pulSignatureLen
, B_TRUE
,
206 /* Pass NULL, let callee handle it. */
207 rv
= soft_aes_sign_verify_common(session_p
, pData
,
208 ulDataLen
, NULL
, pulSignatureLen
, B_TRUE
, B_FALSE
);
211 if ((rv
== CKR_OK
) && (pSignature
!= NULL
))
212 (void) memcpy(pSignature
, signature
, *pulSignatureLen
);
219 return (soft_rsa_sign_common(session_p
, pData
, ulDataLen
,
220 pSignature
, pulSignatureLen
, mechanism
));
222 case CKM_MD5_RSA_PKCS
:
223 case CKM_SHA1_RSA_PKCS
:
224 case CKM_SHA256_RSA_PKCS
:
225 case CKM_SHA384_RSA_PKCS
:
226 case CKM_SHA512_RSA_PKCS
:
228 return (soft_rsa_digest_sign_common(session_p
, pData
, ulDataLen
,
229 pSignature
, pulSignatureLen
, mechanism
, B_FALSE
));
233 return (soft_dsa_sign(session_p
, pData
, ulDataLen
,
234 pSignature
, pulSignatureLen
));
238 return (soft_dsa_digest_sign_common(session_p
, pData
, ulDataLen
,
239 pSignature
, pulSignatureLen
, B_FALSE
));
243 return (soft_ecc_sign(session_p
, pData
, ulDataLen
,
244 pSignature
, pulSignatureLen
));
248 return (soft_ecc_digest_sign_common(session_p
, pData
, ulDataLen
,
249 pSignature
, pulSignatureLen
, B_FALSE
));
252 return (CKR_MECHANISM_INVALID
);
261 * session_p: pointer to soft_session_t struct
262 * pPart: pointer to the input data to be signed
263 * ulPartLen: length of the input data
266 * called by C_SignUpdate(). This function calls the corresponding
267 * sign update routine based on the mechanism.
271 soft_sign_update(soft_session_t
*session_p
, CK_BYTE_PTR pPart
,
274 CK_MECHANISM_TYPE mechanism
= session_p
->sign
.mech
.mechanism
;
278 case CKM_SSL3_MD5_MAC
:
279 case CKM_SSL3_SHA1_MAC
:
280 case CKM_MD5_HMAC_GENERAL
:
282 case CKM_SHA_1_HMAC_GENERAL
:
284 case CKM_SHA256_HMAC_GENERAL
:
285 case CKM_SHA256_HMAC
:
286 case CKM_SHA384_HMAC_GENERAL
:
287 case CKM_SHA384_HMAC
:
288 case CKM_SHA512_HMAC_GENERAL
:
289 case CKM_SHA512_HMAC
:
291 return (soft_hmac_sign_verify_update(session_p
, pPart
,
294 case CKM_DES_MAC_GENERAL
:
297 return (soft_des_mac_sign_verify_update(session_p
, pPart
,
300 case CKM_AES_CMAC_GENERAL
:
303 return (soft_aes_mac_sign_verify_update(session_p
, pPart
,
306 case CKM_MD5_RSA_PKCS
:
307 case CKM_SHA1_RSA_PKCS
:
308 case CKM_SHA256_RSA_PKCS
:
309 case CKM_SHA384_RSA_PKCS
:
310 case CKM_SHA512_RSA_PKCS
:
312 * The MD5/SHA1 digest value is accumulated in the context
313 * of the multiple-part digesting operation. In the final
314 * operation, the digest is encoded and then perform RSA
320 return (soft_digest_update(session_p
, pPart
, ulPartLen
));
323 /* PKCS11: The mechanism only supports single-part operation. */
324 return (CKR_MECHANISM_INVALID
);
333 * session_p: pointer to soft_session_t struct
334 * pSignature: pointer to the signature after signing
335 * pulSignatureLen: pointer to the length of the signature
338 * called by C_SignFinal(). This function calls the corresponding
339 * sign final routine based on the mechanism.
343 soft_sign_final(soft_session_t
*session_p
, CK_BYTE_PTR pSignature
,
344 CK_ULONG_PTR pulSignatureLen
)
347 CK_MECHANISM_TYPE mechanism
= session_p
->sign
.mech
.mechanism
;
352 case CKM_SSL3_MD5_MAC
:
353 case CKM_SSL3_SHA1_MAC
:
354 case CKM_MD5_HMAC_GENERAL
:
356 case CKM_SHA_1_HMAC_GENERAL
:
358 case CKM_SHA256_HMAC_GENERAL
:
359 case CKM_SHA256_HMAC
:
360 case CKM_SHA384_HMAC_GENERAL
:
361 case CKM_SHA384_HMAC
:
362 case CKM_SHA512_HMAC_GENERAL
:
363 case CKM_SHA512_HMAC
:
365 CK_BYTE hmac
[SHA512_DIGEST_LENGTH
]; /* use the maximum size */
367 if (pSignature
!= NULL
) {
368 /* Pass local buffer to avoid overflow */
369 rv
= soft_hmac_sign_verify_common(session_p
, NULL
,
370 0, hmac
, pulSignatureLen
, B_TRUE
);
372 /* Pass original pSignature, let callee to handle it. */
373 rv
= soft_hmac_sign_verify_common(session_p
, NULL
,
374 0, pSignature
, pulSignatureLen
, B_TRUE
);
377 if ((rv
== CKR_OK
) && (pSignature
!= NULL
))
378 (void) memcpy(pSignature
, hmac
, *pulSignatureLen
);
382 case CKM_DES_MAC_GENERAL
:
385 CK_BYTE signature
[DES_BLOCK_LEN
]; /* use the maximum size */
387 if (pSignature
!= NULL
) {
388 /* Pass local buffer to avoid overflow. */
389 rv
= soft_des_sign_verify_common(session_p
, NULL
, 0,
390 signature
, pulSignatureLen
, B_TRUE
, B_TRUE
);
392 /* Pass NULL, let callee to handle it. */
393 rv
= soft_des_sign_verify_common(session_p
, NULL
, 0,
394 NULL
, pulSignatureLen
, B_TRUE
, B_TRUE
);
397 if ((rv
== CKR_OK
) && (pSignature
!= NULL
))
398 (void) memcpy(pSignature
, signature
, *pulSignatureLen
);
402 case CKM_AES_CMAC_GENERAL
:
405 CK_BYTE signature
[AES_BLOCK_LEN
]; /* use the maximum size */
407 if (pSignature
!= NULL
) {
408 /* Pass local buffer to avoid overflow. */
409 rv
= soft_aes_sign_verify_common(session_p
, NULL
, 0,
410 signature
, pulSignatureLen
, B_TRUE
, B_TRUE
);
412 /* Pass NULL, let callee handle it. */
413 rv
= soft_aes_sign_verify_common(session_p
, NULL
, 0,
414 NULL
, pulSignatureLen
, B_TRUE
, B_TRUE
);
417 if ((rv
== CKR_OK
) && (pSignature
!= NULL
))
418 (void) memcpy(pSignature
, signature
, *pulSignatureLen
);
422 case CKM_MD5_RSA_PKCS
:
423 case CKM_SHA1_RSA_PKCS
:
424 case CKM_SHA256_RSA_PKCS
:
425 case CKM_SHA384_RSA_PKCS
:
426 case CKM_SHA512_RSA_PKCS
:
428 return (soft_rsa_digest_sign_common(session_p
, NULL
, 0,
429 pSignature
, pulSignatureLen
, mechanism
, B_TRUE
));
433 return (soft_dsa_digest_sign_common(session_p
, NULL
, 0,
434 pSignature
, pulSignatureLen
, B_TRUE
));
438 return (soft_ecc_digest_sign_common(session_p
, NULL
, 0,
439 pSignature
, pulSignatureLen
, B_TRUE
));
442 /* PKCS11: The mechanism only supports single-part operation. */
443 return (CKR_MECHANISM_INVALID
);
449 soft_sign_recover_init(soft_session_t
*session_p
, CK_MECHANISM_PTR pMechanism
,
450 soft_object_t
*key_p
)
453 switch (pMechanism
->mechanism
) {
458 return (soft_rsa_sign_verify_init_common(session_p
, pMechanism
,
462 return (CKR_MECHANISM_INVALID
);
468 soft_sign_recover(soft_session_t
*session_p
, CK_BYTE_PTR pData
,
469 CK_ULONG ulDataLen
, CK_BYTE_PTR pSignature
,
470 CK_ULONG_PTR pulSignatureLen
)
473 CK_MECHANISM_TYPE mechanism
= session_p
->sign
.mech
.mechanism
;
480 return (soft_rsa_sign_common(session_p
, pData
, ulDataLen
,
481 pSignature
, pulSignatureLen
, mechanism
));
484 return (CKR_MECHANISM_INVALID
);
489 * This function frees the allocated active crypto context.
490 * It is only called by the first tier of sign/verify routines
491 * and the caller of this function may or may not hold the session mutex.
494 soft_sign_verify_cleanup(soft_session_t
*session_p
, boolean_t sign
,
498 crypto_active_op_t
*active_op
;
499 boolean_t lock_true
= B_TRUE
;
502 (void) pthread_mutex_lock(&session_p
->session_mutex
);
504 active_op
= (sign
) ? &(session_p
->sign
) : &(session_p
->verify
);
506 switch (active_op
->mech
.mechanism
) {
508 case CKM_MD5_RSA_PKCS
:
509 case CKM_SHA1_RSA_PKCS
:
510 case CKM_SHA256_RSA_PKCS
:
511 case CKM_SHA384_RSA_PKCS
:
512 case CKM_SHA512_RSA_PKCS
:
513 if (session_p
->digest
.context
!= NULL
) {
514 free(session_p
->digest
.context
);
515 session_p
->digest
.context
= NULL
;
516 session_p
->digest
.flags
= 0;
523 soft_rsa_ctx_t
*rsa_ctx
=
524 (soft_rsa_ctx_t
*)active_op
->context
;
526 if (rsa_ctx
!= NULL
&& rsa_ctx
->key
!= NULL
) {
527 soft_cleanup_object(rsa_ctx
->key
);
534 if (session_p
->digest
.context
!= NULL
) {
535 free(session_p
->digest
.context
);
536 session_p
->digest
.context
= NULL
;
537 session_p
->digest
.flags
= 0;
543 soft_dsa_ctx_t
*dsa_ctx
=
544 (soft_dsa_ctx_t
*)active_op
->context
;
546 if (dsa_ctx
!= NULL
&& dsa_ctx
->key
!= NULL
) {
547 soft_cleanup_object(dsa_ctx
->key
);
553 case CKM_SSL3_MD5_MAC
:
554 case CKM_SSL3_SHA1_MAC
:
555 case CKM_MD5_HMAC_GENERAL
:
557 case CKM_SHA_1_HMAC_GENERAL
:
559 case CKM_SHA256_HMAC_GENERAL
:
560 case CKM_SHA256_HMAC
:
561 case CKM_SHA384_HMAC_GENERAL
:
562 case CKM_SHA384_HMAC
:
563 case CKM_SHA512_HMAC_GENERAL
:
564 case CKM_SHA512_HMAC
:
565 if (active_op
->context
!= NULL
)
566 bzero(active_op
->context
, sizeof (soft_hmac_ctx_t
));
568 case CKM_DES_MAC_GENERAL
:
570 if (session_p
->encrypt
.context
!= NULL
) {
571 free(session_p
->encrypt
.context
);
572 session_p
->encrypt
.context
= NULL
;
573 session_p
->encrypt
.flags
= 0;
575 if (active_op
->context
!= NULL
)
576 bzero(active_op
->context
, sizeof (soft_des_ctx_t
));
579 case CKM_AES_CMAC_GENERAL
:
581 if (session_p
->encrypt
.context
!= NULL
) {
582 free(session_p
->encrypt
.context
);
583 session_p
->encrypt
.context
= NULL
;
584 session_p
->encrypt
.flags
= 0;
586 if (active_op
->context
!= NULL
)
587 bzero(active_op
->context
, sizeof (soft_aes_ctx_t
));
592 if (active_op
->context
!= NULL
) {
593 free(active_op
->context
);
594 active_op
->context
= NULL
;
597 active_op
->flags
= 0;
600 SES_REFRELE(session_p
, lock_true
);