1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 #include <stdlib.h> 28 #include <strings.h> 29 #include <sys/types.h> 30 #include <security/cryptoki.h> 31 #include "softObject.h" 32 #include "softOps.h" 33 #include "softSession.h" 34 #include "softMAC.h" 35 #include "softRSA.h" 36 #include "softDSA.h" 37 #include "softEC.h" 38 #include "softCrypt.h" 39 40 /* 41 * soft_sign_init() 42 * 43 * Arguments: 44 * session_p: pointer to soft_session_t struct 45 * pMechanism: pointer to CK_MECHANISM struct provided by application 46 * key_p: pointer to key soft_object_t struct 47 * 48 * Description: 49 * called by C_SignInit(). This function calls the corresponding 50 * sign init routine based on the mechanism. 51 * 52 */ 53 CK_RV 54 soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 55 soft_object_t *key_p) 56 { 57 58 switch (pMechanism->mechanism) { 59 60 case CKM_SSL3_MD5_MAC: 61 case CKM_SSL3_SHA1_MAC: 62 case CKM_MD5_HMAC_GENERAL: 63 case CKM_MD5_HMAC: 64 case CKM_SHA_1_HMAC_GENERAL: 65 case CKM_SHA_1_HMAC: 66 case CKM_SHA256_HMAC_GENERAL: 67 case CKM_SHA256_HMAC: 68 case CKM_SHA384_HMAC_GENERAL: 69 case CKM_SHA384_HMAC: 70 case CKM_SHA512_HMAC_GENERAL: 71 case CKM_SHA512_HMAC: 72 73 return (soft_hmac_sign_verify_init_common(session_p, 74 pMechanism, key_p, B_TRUE)); 75 76 case CKM_RSA_X_509: 77 case CKM_RSA_PKCS: 78 case CKM_MD5_RSA_PKCS: 79 case CKM_SHA1_RSA_PKCS: 80 case CKM_SHA256_RSA_PKCS: 81 case CKM_SHA384_RSA_PKCS: 82 case CKM_SHA512_RSA_PKCS: 83 84 return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 85 key_p, B_TRUE)); 86 87 case CKM_DSA: 88 case CKM_DSA_SHA1: 89 90 return (soft_dsa_sign_verify_init_common(session_p, pMechanism, 91 key_p, B_TRUE)); 92 93 case CKM_ECDSA: 94 case CKM_ECDSA_SHA1: 95 96 return (soft_ecc_sign_verify_init_common(session_p, pMechanism, 97 key_p, B_TRUE)); 98 99 case CKM_DES_MAC_GENERAL: 100 case CKM_DES_MAC: 101 102 return (soft_des_sign_verify_init_common(session_p, pMechanism, 103 key_p, B_TRUE)); 104 105 case CKM_AES_CMAC_GENERAL: 106 case CKM_AES_CMAC: 107 108 return (soft_aes_sign_verify_init_common(session_p, pMechanism, 109 key_p, B_TRUE)); 110 111 default: 112 return (CKR_MECHANISM_INVALID); 113 } 114 115 } 116 117 118 /* 119 * soft_sign() 120 * 121 * Arguments: 122 * session_p: pointer to soft_session_t struct 123 * pData: pointer to the input data to be signed 124 * ulDataLen: length of the input data 125 * pSignature: pointer to the signature after signing 126 * pulSignatureLen: pointer to the length of the signature 127 * 128 * Description: 129 * called by C_Sign(). This function calls the corresponding 130 * sign routine based on the mechanism. 131 * 132 */ 133 CK_RV 134 soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData, 135 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 136 CK_ULONG_PTR pulSignatureLen) 137 { 138 139 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 140 CK_RV rv = CKR_OK; 141 142 switch (mechanism) { 143 144 case CKM_SSL3_MD5_MAC: 145 case CKM_SSL3_SHA1_MAC: 146 case CKM_MD5_HMAC_GENERAL: 147 case CKM_MD5_HMAC: 148 case CKM_SHA_1_HMAC_GENERAL: 149 case CKM_SHA_1_HMAC: 150 case CKM_SHA256_HMAC_GENERAL: 151 case CKM_SHA256_HMAC: 152 case CKM_SHA384_HMAC_GENERAL: 153 case CKM_SHA384_HMAC: 154 case CKM_SHA512_HMAC_GENERAL: 155 case CKM_SHA512_HMAC: 156 { 157 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 158 159 if (pSignature != NULL) { 160 /* Pass local buffer to avoid overflow. */ 161 rv = soft_hmac_sign_verify_common(session_p, pData, 162 ulDataLen, hmac, pulSignatureLen, B_TRUE); 163 } else { 164 /* Pass original pSignature, let callee to handle it. */ 165 rv = soft_hmac_sign_verify_common(session_p, pData, 166 ulDataLen, pSignature, pulSignatureLen, B_TRUE); 167 } 168 169 if ((rv == CKR_OK) && (pSignature != NULL)) 170 (void) memcpy(pSignature, hmac, *pulSignatureLen); 171 172 return (rv); 173 } 174 case CKM_DES_MAC_GENERAL: 175 case CKM_DES_MAC: 176 { 177 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 178 179 if (pSignature != NULL) { 180 /* Pass local buffer to avoid overflow. */ 181 rv = soft_des_sign_verify_common(session_p, pData, 182 ulDataLen, signature, pulSignatureLen, B_TRUE, 183 B_FALSE); 184 } else { 185 /* Pass NULL, let callee to handle it. */ 186 rv = soft_des_sign_verify_common(session_p, pData, 187 ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE); 188 } 189 190 if ((rv == CKR_OK) && (pSignature != NULL)) 191 (void) memcpy(pSignature, signature, *pulSignatureLen); 192 193 return (rv); 194 } 195 case CKM_AES_CMAC_GENERAL: 196 case CKM_AES_CMAC: 197 { 198 CK_BYTE signature[AES_BLOCK_LEN]; 199 200 if (pSignature != NULL) { 201 /* Pass local buffer to avoid overflow. */ 202 rv = soft_aes_sign_verify_common(session_p, pData, 203 ulDataLen, signature, pulSignatureLen, B_TRUE, 204 B_FALSE); 205 } else { 206 /* Pass NULL, let callee handle it. */ 207 rv = soft_aes_sign_verify_common(session_p, pData, 208 ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE); 209 } 210 211 if ((rv == CKR_OK) && (pSignature != NULL)) 212 (void) memcpy(pSignature, signature, *pulSignatureLen); 213 214 return (rv); 215 } 216 case CKM_RSA_X_509: 217 case CKM_RSA_PKCS: 218 219 return (soft_rsa_sign_common(session_p, pData, ulDataLen, 220 pSignature, pulSignatureLen, mechanism)); 221 222 case CKM_MD5_RSA_PKCS: 223 case CKM_SHA1_RSA_PKCS: 224 case CKM_SHA256_RSA_PKCS: 225 case CKM_SHA384_RSA_PKCS: 226 case CKM_SHA512_RSA_PKCS: 227 228 return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen, 229 pSignature, pulSignatureLen, mechanism, B_FALSE)); 230 231 case CKM_DSA: 232 233 return (soft_dsa_sign(session_p, pData, ulDataLen, 234 pSignature, pulSignatureLen)); 235 236 case CKM_DSA_SHA1: 237 238 return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen, 239 pSignature, pulSignatureLen, B_FALSE)); 240 241 case CKM_ECDSA: 242 243 return (soft_ecc_sign(session_p, pData, ulDataLen, 244 pSignature, pulSignatureLen)); 245 246 case CKM_ECDSA_SHA1: 247 248 return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen, 249 pSignature, pulSignatureLen, B_FALSE)); 250 251 default: 252 return (CKR_MECHANISM_INVALID); 253 } 254 } 255 256 257 /* 258 * soft_sign_update() 259 * 260 * Arguments: 261 * session_p: pointer to soft_session_t struct 262 * pPart: pointer to the input data to be signed 263 * ulPartLen: length of the input data 264 * 265 * Description: 266 * called by C_SignUpdate(). This function calls the corresponding 267 * sign update routine based on the mechanism. 268 * 269 */ 270 CK_RV 271 soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart, 272 CK_ULONG ulPartLen) 273 { 274 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 275 276 switch (mechanism) { 277 278 case CKM_SSL3_MD5_MAC: 279 case CKM_SSL3_SHA1_MAC: 280 case CKM_MD5_HMAC_GENERAL: 281 case CKM_MD5_HMAC: 282 case CKM_SHA_1_HMAC_GENERAL: 283 case CKM_SHA_1_HMAC: 284 case CKM_SHA256_HMAC_GENERAL: 285 case CKM_SHA256_HMAC: 286 case CKM_SHA384_HMAC_GENERAL: 287 case CKM_SHA384_HMAC: 288 case CKM_SHA512_HMAC_GENERAL: 289 case CKM_SHA512_HMAC: 290 291 return (soft_hmac_sign_verify_update(session_p, pPart, 292 ulPartLen, B_TRUE)); 293 294 case CKM_DES_MAC_GENERAL: 295 case CKM_DES_MAC: 296 297 return (soft_des_mac_sign_verify_update(session_p, pPart, 298 ulPartLen)); 299 300 case CKM_AES_CMAC_GENERAL: 301 case CKM_AES_CMAC: 302 303 return (soft_aes_mac_sign_verify_update(session_p, pPart, 304 ulPartLen)); 305 306 case CKM_MD5_RSA_PKCS: 307 case CKM_SHA1_RSA_PKCS: 308 case CKM_SHA256_RSA_PKCS: 309 case CKM_SHA384_RSA_PKCS: 310 case CKM_SHA512_RSA_PKCS: 311 /* 312 * The MD5/SHA1 digest value is accumulated in the context 313 * of the multiple-part digesting operation. In the final 314 * operation, the digest is encoded and then perform RSA 315 * signing. 316 */ 317 case CKM_DSA_SHA1: 318 case CKM_ECDSA_SHA1: 319 320 return (soft_digest_update(session_p, pPart, ulPartLen)); 321 322 default: 323 /* PKCS11: The mechanism only supports single-part operation. */ 324 return (CKR_MECHANISM_INVALID); 325 } 326 } 327 328 329 /* 330 * soft_sign_final() 331 * 332 * Arguments: 333 * session_p: pointer to soft_session_t struct 334 * pSignature: pointer to the signature after signing 335 * pulSignatureLen: pointer to the length of the signature 336 * 337 * Description: 338 * called by C_SignFinal(). This function calls the corresponding 339 * sign final routine based on the mechanism. 340 * 341 */ 342 CK_RV 343 soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature, 344 CK_ULONG_PTR pulSignatureLen) 345 { 346 347 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 348 CK_RV rv = CKR_OK; 349 350 switch (mechanism) { 351 352 case CKM_SSL3_MD5_MAC: 353 case CKM_SSL3_SHA1_MAC: 354 case CKM_MD5_HMAC_GENERAL: 355 case CKM_MD5_HMAC: 356 case CKM_SHA_1_HMAC_GENERAL: 357 case CKM_SHA_1_HMAC: 358 case CKM_SHA256_HMAC_GENERAL: 359 case CKM_SHA256_HMAC: 360 case CKM_SHA384_HMAC_GENERAL: 361 case CKM_SHA384_HMAC: 362 case CKM_SHA512_HMAC_GENERAL: 363 case CKM_SHA512_HMAC: 364 { 365 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 366 367 if (pSignature != NULL) { 368 /* Pass local buffer to avoid overflow */ 369 rv = soft_hmac_sign_verify_common(session_p, NULL, 370 0, hmac, pulSignatureLen, B_TRUE); 371 } else { 372 /* Pass original pSignature, let callee to handle it. */ 373 rv = soft_hmac_sign_verify_common(session_p, NULL, 374 0, pSignature, pulSignatureLen, B_TRUE); 375 } 376 377 if ((rv == CKR_OK) && (pSignature != NULL)) 378 (void) memcpy(pSignature, hmac, *pulSignatureLen); 379 380 return (rv); 381 } 382 case CKM_DES_MAC_GENERAL: 383 case CKM_DES_MAC: 384 { 385 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 386 387 if (pSignature != NULL) { 388 /* Pass local buffer to avoid overflow. */ 389 rv = soft_des_sign_verify_common(session_p, NULL, 0, 390 signature, pulSignatureLen, B_TRUE, B_TRUE); 391 } else { 392 /* Pass NULL, let callee to handle it. */ 393 rv = soft_des_sign_verify_common(session_p, NULL, 0, 394 NULL, pulSignatureLen, B_TRUE, B_TRUE); 395 } 396 397 if ((rv == CKR_OK) && (pSignature != NULL)) 398 (void) memcpy(pSignature, signature, *pulSignatureLen); 399 400 return (rv); 401 } 402 case CKM_AES_CMAC_GENERAL: 403 case CKM_AES_CMAC: 404 { 405 CK_BYTE signature[AES_BLOCK_LEN]; /* use the maximum size */ 406 407 if (pSignature != NULL) { 408 /* Pass local buffer to avoid overflow. */ 409 rv = soft_aes_sign_verify_common(session_p, NULL, 0, 410 signature, pulSignatureLen, B_TRUE, B_TRUE); 411 } else { 412 /* Pass NULL, let callee handle it. */ 413 rv = soft_aes_sign_verify_common(session_p, NULL, 0, 414 NULL, pulSignatureLen, B_TRUE, B_TRUE); 415 } 416 417 if ((rv == CKR_OK) && (pSignature != NULL)) 418 (void) memcpy(pSignature, signature, *pulSignatureLen); 419 420 return (rv); 421 } 422 case CKM_MD5_RSA_PKCS: 423 case CKM_SHA1_RSA_PKCS: 424 case CKM_SHA256_RSA_PKCS: 425 case CKM_SHA384_RSA_PKCS: 426 case CKM_SHA512_RSA_PKCS: 427 428 return (soft_rsa_digest_sign_common(session_p, NULL, 0, 429 pSignature, pulSignatureLen, mechanism, B_TRUE)); 430 431 case CKM_DSA_SHA1: 432 433 return (soft_dsa_digest_sign_common(session_p, NULL, 0, 434 pSignature, pulSignatureLen, B_TRUE)); 435 436 case CKM_ECDSA_SHA1: 437 438 return (soft_ecc_digest_sign_common(session_p, NULL, 0, 439 pSignature, pulSignatureLen, B_TRUE)); 440 441 default: 442 /* PKCS11: The mechanism only supports single-part operation. */ 443 return (CKR_MECHANISM_INVALID); 444 } 445 } 446 447 448 CK_RV 449 soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 450 soft_object_t *key_p) 451 { 452 453 switch (pMechanism->mechanism) { 454 455 case CKM_RSA_X_509: 456 case CKM_RSA_PKCS: 457 458 return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 459 key_p, B_TRUE)); 460 461 default: 462 return (CKR_MECHANISM_INVALID); 463 } 464 } 465 466 467 CK_RV 468 soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData, 469 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 470 CK_ULONG_PTR pulSignatureLen) 471 { 472 473 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 474 475 switch (mechanism) { 476 477 case CKM_RSA_X_509: 478 case CKM_RSA_PKCS: 479 480 return (soft_rsa_sign_common(session_p, pData, ulDataLen, 481 pSignature, pulSignatureLen, mechanism)); 482 483 default: 484 return (CKR_MECHANISM_INVALID); 485 } 486 } 487 488 /* 489 * This function frees the allocated active crypto context. 490 * It is only called by the first tier of sign/verify routines 491 * and the caller of this function may or may not hold the session mutex. 492 */ 493 void 494 soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, 495 boolean_t lock_held) 496 { 497 498 crypto_active_op_t *active_op; 499 boolean_t lock_true = B_TRUE; 500 501 if (!lock_held) 502 (void) pthread_mutex_lock(&session_p->session_mutex); 503 504 active_op = (sign) ? &(session_p->sign) : &(session_p->verify); 505 506 switch (active_op->mech.mechanism) { 507 508 case CKM_MD5_RSA_PKCS: 509 case CKM_SHA1_RSA_PKCS: 510 case CKM_SHA256_RSA_PKCS: 511 case CKM_SHA384_RSA_PKCS: 512 case CKM_SHA512_RSA_PKCS: 513 if (session_p->digest.context != NULL) { 514 free(session_p->digest.context); 515 session_p->digest.context = NULL; 516 session_p->digest.flags = 0; 517 } 518 /* FALLTHRU */ 519 520 case CKM_RSA_PKCS: 521 case CKM_RSA_X_509: 522 { 523 soft_rsa_ctx_t *rsa_ctx = 524 (soft_rsa_ctx_t *)active_op->context; 525 526 if (rsa_ctx != NULL && rsa_ctx->key != NULL) { 527 soft_cleanup_object(rsa_ctx->key); 528 free(rsa_ctx->key); 529 } 530 break; 531 532 } 533 case CKM_DSA_SHA1: 534 if (session_p->digest.context != NULL) { 535 free(session_p->digest.context); 536 session_p->digest.context = NULL; 537 session_p->digest.flags = 0; 538 } 539 540 /* FALLTHRU */ 541 case CKM_DSA: 542 { 543 soft_dsa_ctx_t *dsa_ctx = 544 (soft_dsa_ctx_t *)active_op->context; 545 546 if (dsa_ctx != NULL && dsa_ctx->key != NULL) { 547 soft_cleanup_object(dsa_ctx->key); 548 free(dsa_ctx->key); 549 } 550 break; 551 552 } 553 case CKM_SSL3_MD5_MAC: 554 case CKM_SSL3_SHA1_MAC: 555 case CKM_MD5_HMAC_GENERAL: 556 case CKM_MD5_HMAC: 557 case CKM_SHA_1_HMAC_GENERAL: 558 case CKM_SHA_1_HMAC: 559 case CKM_SHA256_HMAC_GENERAL: 560 case CKM_SHA256_HMAC: 561 case CKM_SHA384_HMAC_GENERAL: 562 case CKM_SHA384_HMAC: 563 case CKM_SHA512_HMAC_GENERAL: 564 case CKM_SHA512_HMAC: 565 if (active_op->context != NULL) 566 bzero(active_op->context, sizeof (soft_hmac_ctx_t)); 567 break; 568 case CKM_DES_MAC_GENERAL: 569 case CKM_DES_MAC: 570 if (session_p->encrypt.context != NULL) { 571 free(session_p->encrypt.context); 572 session_p->encrypt.context = NULL; 573 session_p->encrypt.flags = 0; 574 } 575 if (active_op->context != NULL) 576 bzero(active_op->context, sizeof (soft_des_ctx_t)); 577 break; 578 579 case CKM_AES_CMAC_GENERAL: 580 case CKM_AES_CMAC: 581 if (session_p->encrypt.context != NULL) { 582 free(session_p->encrypt.context); 583 session_p->encrypt.context = NULL; 584 session_p->encrypt.flags = 0; 585 } 586 if (active_op->context != NULL) 587 bzero(active_op->context, sizeof (soft_aes_ctx_t)); 588 break; 589 590 } 591 592 if (active_op->context != NULL) { 593 free(active_op->context); 594 active_op->context = NULL; 595 } 596 597 active_op->flags = 0; 598 599 if (!lock_held) 600 SES_REFRELE(session_p, lock_true); 601 } 602