xref: /illumos-gate/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.h (revision f012ee0c3db17469b492c2cf757226f3d7b1ebbc) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _SOFTMAC_H
28 #define	_SOFTMAC_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <sys/md5.h>
37 #include <sys/sha1.h>
38 #include <sys/sha2.h>
39 #include <security/pkcs11t.h>
40 #include "softSession.h"
41 #include "softObject.h"
42 
43 #define	MD5_HASH_SIZE		16	/* MD5 digest length in bytes */
44 #define	SHA1_HASH_SIZE		20	/* SHA_1 digest length in bytes */
45 #define	MD5_HMAC_BLOCK_SIZE	64    	/* MD5 block size */
46 #define	MD5_HMAC_INTS_PER_BLOCK (MD5_HMAC_BLOCK_SIZE/sizeof (uint32_t))
47 #define	SHA1_HMAC_BLOCK_SIZE	64	/* SHA1-HMAC block size */
48 #define	SHA1_HMAC_INTS_PER_BLOCK	(SHA1_HMAC_BLOCK_SIZE/sizeof (uint32_t))
49 #define	SHA256_HMAC_INTS_PER_BLOCK	\
50 	(SHA256_HMAC_BLOCK_SIZE/sizeof (uint64_t))
51 #define	SHA512_HMAC_INTS_PER_BLOCK	\
52 	(SHA512_HMAC_BLOCK_SIZE/sizeof (uint64_t))
53 
54 
55 #define	MD5_SSL_PAD_SIZE	48	/* MD5 SSL pad length in bytes */
56 /* 48 (MD5 SSL pad length in bytes) + 16 (key length in bytes) = 64 */
57 #define	MD5_SSL_PAD_AND_KEY_SIZE	64
58 
59 #define	SHA1_SSL_PAD_SIZE	40 /* SHA1 SSL pad length in bytes */
60 /* 40 (SHA1 SSL pad length in bytes) + 20 (key length in bytes) = 104 */
61 #define	SHA1_SSL_PAD_AND_KEY_SIZE	60
62 
63 /*
64  * Context for MD5-HMAC and MD5-HMAC-GENERAL mechanisms.
65  */
66 typedef struct md5_hc_ctx {
67 	MD5_CTX		hc_icontext;    /* inner MD5 context */
68 	MD5_CTX		hc_ocontext;    /* outer MD5 context */
69 } md5_hc_ctx_t;
70 
71 /*
72  * Context for SHA1-HMAC and SHA1-HMAC-GENERAL mechanisms.
73  */
74 typedef struct sha1_hc_ctx {
75 	SHA1_CTX	hc_icontext;    /* inner SHA1 context */
76 	SHA1_CTX	hc_ocontext;    /* outer SHA1 context */
77 } sha1_hc_ctx_t;
78 
79 typedef struct sha2_hc_ctx {
80 	SHA2_CTX	hc_icontext;    /* inner SHA2 context */
81 	SHA2_CTX	hc_ocontext;    /* outer SHA2 context */
82 } sha2_hc_ctx_t;
83 
84 /*
85  * Generic Context struct for HMAC.
86  */
87 typedef struct soft_hmac_ctx {
88 	size_t	hmac_len;    	/* digest len in bytes */
89 	union {
90 		md5_hc_ctx_t	md5_ctx;
91 		sha1_hc_ctx_t	sha1_ctx;
92 		sha2_hc_ctx_t	sha2_ctx;
93 	} hc_ctx_u;
94 } soft_hmac_ctx_t;
95 
96 
97 /* Generic MAC envelop macros. Substitute HASH with MD5, SHA1, & SHA2 mechs */
98 
99 #define	SOFT_MAC_INIT_CTX(HASH, mac_ctx, ipad, opad, len)		\
100 	/* Perform HASH on ipad */					\
101 	HASH##Init(&((mac_ctx)->hc_icontext));				\
102 	HASH##Update(&((mac_ctx)->hc_icontext), ipad, len);		\
103 	/* Perform HASH on opad */					\
104 	HASH##Init(&((mac_ctx)->hc_ocontext));				\
105 	HASH##Update(&((mac_ctx)->hc_ocontext), opad, len);
106 
107 #define	SOFT_MAC_UPDATE(HASH, mac_ctx, pPart, PartLen)			\
108 	HASH##Update(&((mac_ctx)->hc_icontext), pPart, PartLen);
109 
110 #define	SOFT_MAC_FINAL(HASH, mac_ctx, mac)				\
111 	HASH##Final((mac), &((mac_ctx)->hc_icontext));			\
112 	HASH##Update(&((mac_ctx)->hc_ocontext), (mac), HASH##_HASH_SIZE);\
113 	HASH##Final((mac), &((mac_ctx)->hc_ocontext));
114 
115 #define	SOFT_MAC_FINAL_2(HASH, mac_ctx, mac)				\
116 	SHA2Final((mac), &((mac_ctx)->hc_icontext));			\
117 	SHA2Update(&((mac_ctx)->hc_ocontext), (mac), HASH##_DIGEST_LENGTH); \
118 	SHA2Final((mac), &((mac_ctx)->hc_ocontext));
119 
120 #define	CKM_TO_SHA2(ckm_value)	\
121 	(ckm_value % 0x10) + (((ckm_value - 0x250) / 0x10) * 3)
122 
123 /*
124  * Function Prototypes.
125  */
126 CK_RV soft_hmac_sign_verify_init_common(soft_session_t *, CK_MECHANISM_PTR,
127 	soft_object_t *, boolean_t);
128 
129 CK_RV mac_init_ctx(soft_session_t *session_p, soft_object_t *,
130 	soft_hmac_ctx_t *, CK_MECHANISM_TYPE);
131 
132 CK_RV soft_hmac_sign_verify_common(soft_session_t *, CK_BYTE_PTR,
133 	CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, boolean_t);
134 
135 CK_RV soft_hmac_sign_verify_update(soft_session_t *, CK_BYTE_PTR,
136 	CK_ULONG, boolean_t);
137 
138 void md5_hmac_ctx_init(md5_hc_ctx_t *, uint32_t *, uint32_t *);
139 
140 void sha1_hmac_ctx_init(sha1_hc_ctx_t *, uint32_t *, uint32_t *);
141 
142 void sha2_hmac_ctx_init(uint_t mech, sha2_hc_ctx_t *, uint64_t *, uint64_t *,
143     uint_t, uint_t);
144 
145 #ifdef	__cplusplus
146 }
147 #endif
148 
149 #endif /* _SOFTMAC_H */
150