4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
30 #include <sys/types.h>
31 #include <security/cryptoki.h>
32 #include "softObject.h"
34 #include "softSession.h"
39 #include "softCrypt.h"
45 * session_p: pointer to soft_session_t struct
46 * pMechanism: pointer to CK_MECHANISM struct provided by application
47 * key_p: pointer to key soft_object_t struct
50 * called by C_VerifyInit(). This function calls the corresponding
51 * verify init routine based on the mechanism.
55 soft_verify_init(soft_session_t
*session_p
, CK_MECHANISM_PTR pMechanism
,
59 switch (pMechanism
->mechanism
) {
61 case CKM_SSL3_MD5_MAC
:
62 case CKM_SSL3_SHA1_MAC
:
63 case CKM_MD5_HMAC_GENERAL
:
65 case CKM_SHA_1_HMAC_GENERAL
:
67 case CKM_SHA256_HMAC_GENERAL
:
69 case CKM_SHA384_HMAC_GENERAL
:
71 case CKM_SHA512_HMAC_GENERAL
:
74 return (soft_hmac_sign_verify_init_common(session_p
,
75 pMechanism
, key_p
, B_FALSE
));
79 case CKM_MD5_RSA_PKCS
:
80 case CKM_SHA1_RSA_PKCS
:
81 case CKM_SHA256_RSA_PKCS
:
82 case CKM_SHA384_RSA_PKCS
:
83 case CKM_SHA512_RSA_PKCS
:
85 return (soft_rsa_sign_verify_init_common(session_p
, pMechanism
,
91 return (soft_dsa_sign_verify_init_common(session_p
, pMechanism
,
97 return (soft_ecc_sign_verify_init_common(session_p
, pMechanism
,
100 case CKM_DES_MAC_GENERAL
:
103 return (soft_des_sign_verify_init_common(session_p
, pMechanism
,
106 case CKM_AES_CMAC_GENERAL
:
109 return (soft_aes_sign_verify_init_common(session_p
, pMechanism
,
113 return (CKR_MECHANISM_INVALID
);
123 * session_p: pointer to soft_session_t struct
124 * pData: pointer to the input data
125 * ulDataLen: length of the input data
126 * pSignature: pointer to the signature
127 * ulSignatureLen: length of the signature
130 * called by C_Verify(). This function calls the corresponding
131 * verify routine based on the mechanism.
135 soft_verify(soft_session_t
*session_p
, CK_BYTE_PTR pData
,
136 CK_ULONG ulDataLen
, CK_BYTE_PTR pSignature
,
137 CK_ULONG ulSignatureLen
)
140 CK_MECHANISM_TYPE mechanism
= session_p
->verify
.mech
.mechanism
;
145 case CKM_SSL3_MD5_MAC
:
146 case CKM_SSL3_SHA1_MAC
:
147 case CKM_MD5_HMAC_GENERAL
:
149 case CKM_SHA_1_HMAC_GENERAL
:
151 case CKM_SHA256_HMAC_GENERAL
:
152 case CKM_SHA256_HMAC
:
153 case CKM_SHA384_HMAC_GENERAL
:
154 case CKM_SHA384_HMAC
:
155 case CKM_SHA512_HMAC_GENERAL
:
156 case CKM_SHA512_HMAC
:
159 CK_BYTE hmac
[SHA512_DIGEST_LENGTH
]; /* use the maximum size */
160 soft_hmac_ctx_t
*hmac_ctx
;
162 hmac_ctx
= (soft_hmac_ctx_t
*)session_p
->verify
.context
;
163 len
= hmac_ctx
->hmac_len
;
165 rv
= soft_hmac_sign_verify_common(session_p
, pData
,
166 ulDataLen
, hmac
, &len
, B_FALSE
);
169 if (len
!= ulSignatureLen
) {
170 rv
= CKR_SIGNATURE_LEN_RANGE
;
173 if (memcmp(hmac
, pSignature
, len
) != 0) {
174 rv
= CKR_SIGNATURE_INVALID
;
180 case CKM_DES_MAC_GENERAL
:
184 CK_BYTE signature
[DES_BLOCK_LEN
]; /* use the maximum size */
185 soft_des_ctx_t
*des_ctx
;
187 des_ctx
= (soft_des_ctx_t
*)session_p
->verify
.context
;
188 len
= des_ctx
->mac_len
;
190 /* Pass local buffer to avoid overflow. */
191 rv
= soft_des_sign_verify_common(session_p
, pData
,
192 ulDataLen
, signature
, &len
, B_FALSE
, B_FALSE
);
195 if (len
!= ulSignatureLen
) {
196 rv
= CKR_SIGNATURE_LEN_RANGE
;
199 if (memcmp(signature
, pSignature
, len
) != 0) {
200 rv
= CKR_SIGNATURE_INVALID
;
206 case CKM_AES_CMAC_GENERAL
:
210 CK_BYTE signature
[AES_BLOCK_LEN
];
211 soft_aes_ctx_t
*aes_ctx
;
213 aes_ctx
= (soft_aes_ctx_t
*)session_p
->verify
.context
;
214 len
= aes_ctx
->mac_len
;
216 /* Pass local buffer to avoid overflow. */
217 rv
= soft_aes_sign_verify_common(session_p
, pData
,
218 ulDataLen
, signature
, &len
, B_FALSE
, B_FALSE
);
221 if (len
!= ulSignatureLen
) {
222 rv
= CKR_SIGNATURE_LEN_RANGE
;
225 if (memcmp(signature
, pSignature
, len
) != 0) {
226 rv
= CKR_SIGNATURE_INVALID
;
235 return (soft_rsa_verify_common(session_p
, pData
, ulDataLen
,
236 pSignature
, ulSignatureLen
, mechanism
));
238 case CKM_MD5_RSA_PKCS
:
239 case CKM_SHA1_RSA_PKCS
:
240 case CKM_SHA256_RSA_PKCS
:
241 case CKM_SHA384_RSA_PKCS
:
242 case CKM_SHA512_RSA_PKCS
:
244 return (soft_rsa_digest_verify_common(session_p
, pData
,
245 ulDataLen
, pSignature
, ulSignatureLen
, mechanism
, B_FALSE
));
249 return (soft_dsa_verify(session_p
, pData
, ulDataLen
,
250 pSignature
, ulSignatureLen
));
254 return (soft_dsa_digest_verify_common(session_p
, pData
,
255 ulDataLen
, pSignature
, ulSignatureLen
, B_FALSE
));
259 return (soft_ecc_verify(session_p
, pData
, ulDataLen
,
260 pSignature
, ulSignatureLen
));
264 return (soft_ecc_digest_verify_common(session_p
, pData
,
265 ulDataLen
, pSignature
, ulSignatureLen
, B_FALSE
));
268 return (CKR_MECHANISM_INVALID
);
274 * soft_verify_update()
277 * session_p: pointer to soft_session_t struct
278 * pPart: pointer to the input data
279 * ulPartLen: length of the input data
282 * called by C_VerifyUpdate(). This function calls the corresponding
283 * verify update routine based on the mechanism.
287 soft_verify_update(soft_session_t
*session_p
, CK_BYTE_PTR pPart
,
290 CK_MECHANISM_TYPE mechanism
= session_p
->verify
.mech
.mechanism
;
294 case CKM_SSL3_MD5_MAC
:
295 case CKM_SSL3_SHA1_MAC
:
296 case CKM_MD5_HMAC_GENERAL
:
298 case CKM_SHA_1_HMAC_GENERAL
:
300 case CKM_SHA256_HMAC_GENERAL
:
301 case CKM_SHA256_HMAC
:
302 case CKM_SHA384_HMAC_GENERAL
:
303 case CKM_SHA384_HMAC
:
304 case CKM_SHA512_HMAC_GENERAL
:
305 case CKM_SHA512_HMAC
:
307 return (soft_hmac_sign_verify_update(session_p
, pPart
,
308 ulPartLen
, B_FALSE
));
310 case CKM_DES_MAC_GENERAL
:
313 return (soft_des_mac_sign_verify_update(session_p
, pPart
,
316 case CKM_AES_CMAC_GENERAL
:
319 return (soft_aes_mac_sign_verify_update(session_p
, pPart
,
322 case CKM_MD5_RSA_PKCS
:
323 case CKM_SHA1_RSA_PKCS
:
324 case CKM_SHA256_RSA_PKCS
:
325 case CKM_SHA384_RSA_PKCS
:
326 case CKM_SHA512_RSA_PKCS
:
328 * The MD5/SHA1 digest value is accumulated in the context
329 * of the multiple-part digesting operation. In the final
330 * operation, the digest is encoded and then perform RSA
336 return (soft_digest_update(session_p
, pPart
, ulPartLen
));
339 /* PKCS11: The mechanism only supports single-part operation. */
340 return (CKR_MECHANISM_INVALID
);
346 * soft_verify_final()
349 * session_p: pointer to soft_session_t struct
350 * pSignature: pointer to the signature
351 * ulSignatureLen: length of the signature
354 * called by C_VerifyFinal(). This function calls the corresponding
355 * verify final routine based on the mechanism.
359 soft_verify_final(soft_session_t
*session_p
, CK_BYTE_PTR pSignature
,
360 CK_ULONG ulSignatureLen
)
363 CK_MECHANISM_TYPE mechanism
= session_p
->verify
.mech
.mechanism
;
368 case CKM_SSL3_MD5_MAC
:
369 case CKM_SSL3_SHA1_MAC
:
370 case CKM_MD5_HMAC_GENERAL
:
372 case CKM_SHA_1_HMAC_GENERAL
:
374 case CKM_SHA256_HMAC_GENERAL
:
375 case CKM_SHA256_HMAC
:
376 case CKM_SHA384_HMAC_GENERAL
:
377 case CKM_SHA384_HMAC
:
378 case CKM_SHA512_HMAC_GENERAL
:
379 case CKM_SHA512_HMAC
:
382 CK_BYTE hmac
[SHA512_DIGEST_LENGTH
];
383 soft_hmac_ctx_t
*hmac_ctx
;
385 hmac_ctx
= (soft_hmac_ctx_t
*)session_p
->verify
.context
;
386 len
= hmac_ctx
->hmac_len
;
388 rv
= soft_hmac_sign_verify_common(session_p
, NULL
, 0,
389 hmac
, &len
, B_FALSE
);
392 if (len
!= ulSignatureLen
) {
393 rv
= CKR_SIGNATURE_LEN_RANGE
;
396 if (memcmp(hmac
, pSignature
, len
) != 0) {
397 rv
= CKR_SIGNATURE_INVALID
;
403 case CKM_DES_MAC_GENERAL
:
407 CK_BYTE signature
[DES_BLOCK_LEN
]; /* use the maximum size */
408 soft_des_ctx_t
*des_ctx
;
410 des_ctx
= (soft_des_ctx_t
*)session_p
->verify
.context
;
411 len
= des_ctx
->mac_len
;
413 /* Pass local buffer to avoid overflow. */
414 rv
= soft_des_sign_verify_common(session_p
, NULL
, 0,
415 signature
, &len
, B_FALSE
, B_TRUE
);
418 if (len
!= ulSignatureLen
) {
419 rv
= CKR_SIGNATURE_LEN_RANGE
;
422 if (memcmp(signature
, pSignature
, len
) != 0) {
423 rv
= CKR_SIGNATURE_INVALID
;
429 case CKM_AES_CMAC_GENERAL
:
433 CK_BYTE signature
[AES_BLOCK_LEN
];
434 soft_aes_ctx_t
*aes_ctx
;
436 aes_ctx
= (soft_aes_ctx_t
*)session_p
->verify
.context
;
437 len
= aes_ctx
->mac_len
;
439 /* Pass local buffer to avoid overflow. */
440 rv
= soft_aes_sign_verify_common(session_p
, NULL
, 0,
441 signature
, &len
, B_FALSE
, B_TRUE
);
444 if (len
!= ulSignatureLen
) {
445 rv
= CKR_SIGNATURE_LEN_RANGE
;
448 if (memcmp(signature
, pSignature
, len
) != 0) {
449 rv
= CKR_SIGNATURE_INVALID
;
455 case CKM_MD5_RSA_PKCS
:
456 case CKM_SHA1_RSA_PKCS
:
457 case CKM_SHA256_RSA_PKCS
:
458 case CKM_SHA384_RSA_PKCS
:
459 case CKM_SHA512_RSA_PKCS
:
461 return (soft_rsa_digest_verify_common(session_p
, NULL
, 0,
462 pSignature
, ulSignatureLen
, mechanism
, B_TRUE
));
466 return (soft_dsa_digest_verify_common(session_p
, NULL
, 0,
467 pSignature
, ulSignatureLen
, B_TRUE
));
471 return (soft_ecc_digest_verify_common(session_p
, NULL
, 0,
472 pSignature
, ulSignatureLen
, B_TRUE
));
475 /* PKCS11: The mechanism only supports single-part operation. */
476 return (CKR_MECHANISM_INVALID
);
483 soft_verify_recover_init(soft_session_t
*session_p
, CK_MECHANISM_PTR pMechanism
,
484 soft_object_t
*key_p
)
487 switch (pMechanism
->mechanism
) {
492 return (soft_rsa_sign_verify_init_common(session_p
, pMechanism
,
496 return (CKR_MECHANISM_INVALID
);
502 soft_verify_recover(soft_session_t
*session_p
, CK_BYTE_PTR pSignature
,
503 CK_ULONG ulSignatureLen
, CK_BYTE_PTR pData
, CK_ULONG_PTR pulDataLen
)
506 CK_MECHANISM_TYPE mechanism
= session_p
->verify
.mech
.mechanism
;
513 return (soft_rsa_verify_recover(session_p
, pSignature
,
514 ulSignatureLen
, pData
, pulDataLen
));
517 return (CKR_MECHANISM_INVALID
);