/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <pthread.h>
#include <errno.h>
#include <stdio.h>
#include <strings.h>
#include <sys/crypto/ioctl.h>
#include <security/cryptoki.h>
#include <security/pkcs11t.h>
#include "softSession.h"
#include "softObject.h"
#include "softOps.h"
#include "softMAC.h"
#include "kernelSoftCommon.h"

/*
 * Do the operation(s) specified by opflag.
 */
CK_RV
do_soft_digest(void **s, CK_MECHANISM_PTR pMechanism, CK_BYTE_PTR pData,
    CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen,
    int opflag)
{
	soft_session_t *session_p;
	CK_RV rv = CKR_ARGUMENTS_BAD;

	session_p = *((soft_session_t **)s);
	if (session_p == NULL) {
		if (!(opflag & OP_INIT)) {
			return (CKR_ARGUMENTS_BAD);
		}

		session_p = calloc(1, sizeof (soft_session_t));
		/*
		 * Initialize the lock for the newly created session.
		 * We do only the minimum needed setup for the
		 * soft_digest* routines to succeed.
		 */
		if (pthread_mutex_init(&session_p->session_mutex, NULL) != 0) {
			free(session_p);
			return (CKR_CANT_LOCK);
		}

		*s = session_p;
	} else if (opflag & OP_INIT) {
		free_soft_ctx(session_p, OP_DIGEST);
	}

	if (opflag & OP_INIT) {
		rv = soft_digest_init(session_p, pMechanism);
		if (rv != CKR_OK)
			return (rv);
	}

	if (opflag & OP_SINGLE) {
		rv = soft_digest(session_p, pData, ulDataLen,
		    pDigest, pulDigestLen);
	} else {
		if (opflag & OP_UPDATE) {
			rv = soft_digest_update(session_p, pData, ulDataLen);
			if (rv != CKR_OK)
				return (rv);
		}

		if (opflag & OP_FINAL) {
			rv = soft_digest_final(session_p,
			    pDigest, pulDigestLen);
		}
	}

	return (rv);
}

/*
 * opflag specifies whether this is a sign or verify.
 */
CK_RV
do_soft_hmac_init(void **s, CK_MECHANISM_PTR pMechanism,
    CK_BYTE_PTR kval, CK_ULONG klen, int opflag)
{
	CK_RV rv;
	soft_object_t keyobj;
	secret_key_obj_t skeyobj;
	soft_object_t *key_p;
	soft_session_t *session_p;

	session_p = *((soft_session_t **)s);
	if (session_p == NULL) {
		session_p = calloc(1, sizeof (soft_session_t));
		/* See comments in do_soft_digest() above */
		if (pthread_mutex_init(&session_p->session_mutex, NULL) != 0) {
			free(session_p);
			return (CKR_CANT_LOCK);
		}

		*s = session_p;
	} else if (opflag & OP_INIT) {
		free_soft_ctx(session_p, opflag);
	}

	/* Do the minimum needed setup for the call to succeed */
	key_p = &keyobj;
	bzero(key_p, sizeof (soft_object_t));
	key_p->class = CKO_SECRET_KEY;
	key_p->key_type = CKK_GENERIC_SECRET;

	bzero(&skeyobj, sizeof (secret_key_obj_t));
	OBJ_SEC(key_p) = &skeyobj;
	OBJ_SEC_VALUE(key_p) = kval;
	OBJ_SEC_VALUE_LEN(key_p) = klen;

	rv = soft_hmac_sign_verify_init_common(session_p, pMechanism,
	    key_p, opflag & OP_SIGN);

	return (rv);
}

/*
 * opflag specifies whether this is a sign or verify.
 */
CK_RV
do_soft_hmac_update(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen, int opflag)
{
	soft_session_t *session_p;

	session_p = *((soft_session_t **)s);
	if (session_p == NULL) {
		return (CKR_ARGUMENTS_BAD);
	}

	return (soft_hmac_sign_verify_update(session_p,
	    pData, ulDataLen, opflag & OP_SIGN));
}

/*
 * opflag specifies whether this is a final or single.
 */
CK_RV
do_soft_hmac_sign(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
    CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen, int opflag)
{
	CK_RV rv;
	soft_session_t *session_p;
	CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */

	session_p = *((soft_session_t **)s);
	if (session_p == NULL || !(opflag & OP_SINGLE || opflag & OP_FINAL)) {
		return (CKR_ARGUMENTS_BAD);
	}

	rv = soft_hmac_sign_verify_common(session_p, pData, ulDataLen,
	    (pSignature != NULL ? hmac : NULL), pulSignatureLen, B_TRUE);

	if ((rv == CKR_OK) && (pSignature != NULL)) {
		(void) memcpy(pSignature, hmac, *pulSignatureLen);
	}

	return (rv);
}

/*
 * opflag specifies whether this is a final or single.
 */
CK_RV
do_soft_hmac_verify(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
    CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, int opflag)
{
	CK_RV rv;
	CK_ULONG len;
	soft_session_t *session_p;
	soft_hmac_ctx_t *hmac_ctx;
	CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */

	session_p = *((soft_session_t **)s);
	if (session_p == NULL || !(opflag & OP_SINGLE || opflag & OP_FINAL)) {
		return (CKR_ARGUMENTS_BAD);
	}

	hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
	len = hmac_ctx->hmac_len;

	rv = soft_hmac_sign_verify_common(session_p, pData,
	    ulDataLen, hmac, &len, B_FALSE);

	if (rv == CKR_OK) {
		if (len != ulSignatureLen) {
			rv = CKR_SIGNATURE_LEN_RANGE;
		}

		if (memcmp(hmac, pSignature, len) != 0) {
			rv = CKR_SIGNATURE_INVALID;
		}
	}

	return (rv);
}

/*
 * Helper routine to handle the case when the ctx is abandoned.
 */
void
free_soft_ctx(void *s, int opflag)
{
	soft_session_t *session_p;

	session_p = (soft_session_t *)s;
	if (session_p == NULL)
		return;

	if (opflag & OP_SIGN) {
		if (session_p->sign.context == NULL)
			return;
		bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t));
		free(session_p->sign.context);
		session_p->sign.context = NULL;
		session_p->sign.flags = 0;
	} else if (opflag & OP_VERIFY) {
		if (session_p->verify.context == NULL)
			return;
		bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t));
		free(session_p->verify.context);
		session_p->verify.context = NULL;
		session_p->verify.flags = 0;
	} else {
		if (session_p->digest.context == NULL)
			return;
		free(session_p->digest.context);
		session_p->digest.context = NULL;
		session_p->digest.flags = 0;
	}
}