/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include #include #include #include #include #include #include #include "softSession.h" #include "softObject.h" #include "softOps.h" #include "softMAC.h" #include "kernelSoftCommon.h" /* * Do the operation specified by opflag. We assume that the caller * does only one operation at a time. This code needs revisiting * if that assumption is not true. */ CK_RV do_soft_digest(void **s, CK_MECHANISM_PTR pMechanism, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen, int opflag) { soft_session_t *session_p; CK_RV rv; session_p = *((soft_session_t **)s); if (session_p == NULL) { if (!(opflag & OP_INIT)) { return (CKR_ARGUMENTS_BAD); } session_p = calloc(1, sizeof (soft_session_t)); /* * Initialize the lock for the newly created session. * We do only the minimum needed setup for the * soft_digest* routines to succeed. */ if (pthread_mutex_init(&session_p->session_mutex, NULL) != 0) { free(session_p); return (CKR_CANT_LOCK); } *s = session_p; } else if (opflag & OP_INIT) { free_soft_ctx(session_p, OP_DIGEST); } switch (opflag & (OP_INIT | OP_UPDATE | OP_SINGLE | OP_FINAL)) { case OP_INIT: rv = soft_digest_init(session_p, pMechanism); break; case OP_SINGLE: rv = soft_digest(session_p, pData, ulDataLen, pDigest, pulDigestLen); break; case OP_UPDATE: rv = soft_digest_update(session_p, pData, ulDataLen); break; case OP_FINAL: rv = soft_digest_final(session_p, pDigest, pulDigestLen); break; default: rv = CKR_ARGUMENTS_BAD; } return (rv); } /* * opflag specifies whether this is a sign or verify. */ CK_RV do_soft_hmac_init(void **s, CK_MECHANISM_PTR pMechanism, CK_BYTE_PTR kval, CK_ULONG klen, int opflag) { CK_RV rv; soft_object_t keyobj; secret_key_obj_t skeyobj; soft_object_t *key_p; soft_session_t *session_p; session_p = *((soft_session_t **)s); if (session_p == NULL) { session_p = calloc(1, sizeof (soft_session_t)); /* See comments in do_soft_digest() above */ if (pthread_mutex_init(&session_p->session_mutex, NULL) != 0) { free(session_p); return (CKR_CANT_LOCK); } *s = session_p; } else if (opflag & OP_INIT) { free_soft_ctx(session_p, opflag); } /* Do the minimum needed setup for the call to succeed */ key_p = &keyobj; bzero(key_p, sizeof (soft_object_t)); key_p->class = CKO_SECRET_KEY; key_p->key_type = CKK_GENERIC_SECRET; bzero(&skeyobj, sizeof (secret_key_obj_t)); OBJ_SEC(key_p) = &skeyobj; OBJ_SEC_VALUE(key_p) = kval; OBJ_SEC_VALUE_LEN(key_p) = klen; rv = soft_hmac_sign_verify_init_common(session_p, pMechanism, key_p, opflag & OP_SIGN); return (rv); } /* * opflag specifies whether this is a sign or verify. */ CK_RV do_soft_hmac_update(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen, int opflag) { soft_session_t *session_p; session_p = *((soft_session_t **)s); if (session_p == NULL) { return (CKR_ARGUMENTS_BAD); } return (soft_hmac_sign_verify_update(session_p, pData, ulDataLen, opflag & OP_SIGN)); } /* * opflag specifies whether this is a final or single. */ CK_RV do_soft_hmac_sign(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen, int opflag) { CK_RV rv; soft_session_t *session_p; CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ session_p = *((soft_session_t **)s); if (session_p == NULL || !(opflag & OP_SINGLE || opflag & OP_FINAL)) { return (CKR_ARGUMENTS_BAD); } rv = soft_hmac_sign_verify_common(session_p, pData, ulDataLen, (pSignature != NULL ? hmac : NULL), pulSignatureLen, B_TRUE); if ((rv == CKR_OK) && (pSignature != NULL)) { (void) memcpy(pSignature, hmac, *pulSignatureLen); } return (rv); } /* * opflag specifies whether this is a final or single. */ CK_RV do_soft_hmac_verify(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, int opflag) { CK_RV rv; CK_ULONG len; soft_session_t *session_p; soft_hmac_ctx_t *hmac_ctx; CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ session_p = *((soft_session_t **)s); if (session_p == NULL || !(opflag & OP_SINGLE || opflag & OP_FINAL)) { return (CKR_ARGUMENTS_BAD); } hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context; len = hmac_ctx->hmac_len; rv = soft_hmac_sign_verify_common(session_p, pData, ulDataLen, hmac, &len, B_FALSE); if (rv == CKR_OK) { if (len != ulSignatureLen) { rv = CKR_SIGNATURE_LEN_RANGE; } if (memcmp(hmac, pSignature, len) != 0) { rv = CKR_SIGNATURE_INVALID; } } return (rv); } /* * Helper routine to handle the case when the ctx is abandoned. */ void free_soft_ctx(void *s, int opflag) { soft_session_t *session_p; session_p = (soft_session_t *)s; if (session_p == NULL) return; if (opflag & OP_SIGN) { if (session_p->sign.context == NULL) return; bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t)); free(session_p->sign.context); session_p->sign.context = NULL; session_p->sign.flags = 0; } else if (opflag & OP_VERIFY) { if (session_p->verify.context == NULL) return; bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t)); free(session_p->verify.context); session_p->verify.context = NULL; session_p->verify.flags = 0; } else { if (session_p->digest.context == NULL) return; free(session_p->digest.context); session_p->digest.context = NULL; session_p->digest.flags = 0; } }