xref: /illumos-gate/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerifyUtil.c (revision a6e6969cf9cfe2070eae4cd6071f76b0fa4f539f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <stdlib.h>
29 #include <string.h>
30 #include <strings.h>
31 #include <sys/types.h>
32 #include <security/cryptoki.h>
33 #include "softObject.h"
34 #include "softOps.h"
35 #include "softSession.h"
36 #include "softMAC.h"
37 #include "softRSA.h"
38 #include "softDSA.h"
39 #include "softEC.h"
40 #include "softCrypt.h"
41 
42 /*
43  * soft_verify_init()
44  *
45  * Arguments:
46  *	session_p:	pointer to soft_session_t struct
47  *	pMechanism:	pointer to CK_MECHANISM struct provided by application
48  *	key_p:		pointer to key soft_object_t struct
49  *
50  * Description:
51  *	called by C_VerifyInit(). This function calls the corresponding
52  *	verify init routine based on the mechanism.
53  *
54  */
55 CK_RV
56 soft_verify_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
57     soft_object_t *key_p)
58 {
59 
60 	switch (pMechanism->mechanism) {
61 
62 	case CKM_SSL3_MD5_MAC:
63 	case CKM_SSL3_SHA1_MAC:
64 	case CKM_MD5_HMAC_GENERAL:
65 	case CKM_MD5_HMAC:
66 	case CKM_SHA_1_HMAC_GENERAL:
67 	case CKM_SHA_1_HMAC:
68 	case CKM_SHA256_HMAC_GENERAL:
69 	case CKM_SHA256_HMAC:
70 	case CKM_SHA384_HMAC_GENERAL:
71 	case CKM_SHA384_HMAC:
72 	case CKM_SHA512_HMAC_GENERAL:
73 	case CKM_SHA512_HMAC:
74 
75 		return (soft_hmac_sign_verify_init_common(session_p,
76 		    pMechanism, key_p, B_FALSE));
77 
78 	case CKM_RSA_X_509:
79 	case CKM_RSA_PKCS:
80 	case CKM_MD5_RSA_PKCS:
81 	case CKM_SHA1_RSA_PKCS:
82 	case CKM_SHA256_RSA_PKCS:
83 	case CKM_SHA384_RSA_PKCS:
84 	case CKM_SHA512_RSA_PKCS:
85 
86 		return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
87 		    key_p, B_FALSE));
88 
89 	case CKM_DSA:
90 	case CKM_DSA_SHA1:
91 
92 		return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
93 		    key_p, B_FALSE));
94 
95 	case CKM_ECDSA:
96 	case CKM_ECDSA_SHA1:
97 
98 		return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
99 		    key_p, B_FALSE));
100 
101 	case CKM_DES_MAC_GENERAL:
102 	case CKM_DES_MAC:
103 
104 		return (soft_des_sign_verify_init_common(session_p, pMechanism,
105 		    key_p, B_FALSE));
106 
107 	default:
108 		return (CKR_MECHANISM_INVALID);
109 	}
110 
111 }
112 
113 
114 /*
115  * soft_verify()
116  *
117  * Arguments:
118  *      session_p:	pointer to soft_session_t struct
119  *	pData:		pointer to the input data
120  *	ulDataLen:	length of the input data
121  *	pSignature:	pointer to the signature
122  *	ulSignatureLen:	length of the signature
123  *
124  * Description:
125  *      called by C_Verify(). This function calls the corresponding
126  *	verify routine based on the mechanism.
127  *
128  */
129 CK_RV
130 soft_verify(soft_session_t *session_p, CK_BYTE_PTR pData,
131     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
132     CK_ULONG ulSignatureLen)
133 {
134 
135 	CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism;
136 	CK_RV rv = CKR_OK;
137 
138 	switch (mechanism) {
139 
140 	case CKM_SSL3_MD5_MAC:
141 	case CKM_SSL3_SHA1_MAC:
142 	case CKM_MD5_HMAC_GENERAL:
143 	case CKM_MD5_HMAC:
144 	case CKM_SHA_1_HMAC_GENERAL:
145 	case CKM_SHA_1_HMAC:
146 	case CKM_SHA256_HMAC_GENERAL:
147 	case CKM_SHA256_HMAC:
148 	case CKM_SHA384_HMAC_GENERAL:
149 	case CKM_SHA384_HMAC:
150 	case CKM_SHA512_HMAC_GENERAL:
151 	case CKM_SHA512_HMAC:
152 	{
153 		CK_ULONG len;
154 		CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
155 		soft_hmac_ctx_t *hmac_ctx;
156 
157 		hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
158 		len = hmac_ctx->hmac_len;
159 
160 		rv = soft_hmac_sign_verify_common(session_p, pData,
161 		    ulDataLen, hmac, &len, B_FALSE);
162 
163 		if (rv == CKR_OK) {
164 			if (len != ulSignatureLen) {
165 				rv = CKR_SIGNATURE_LEN_RANGE;
166 			}
167 
168 			if (memcmp(hmac, pSignature, len) != 0) {
169 				rv = CKR_SIGNATURE_INVALID;
170 			}
171 		}
172 
173 		return (rv);
174 	}
175 	case CKM_DES_MAC_GENERAL:
176 	case CKM_DES_MAC:
177 	{
178 		CK_ULONG len;
179 		CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
180 		soft_des_ctx_t *des_ctx;
181 
182 		des_ctx = (soft_des_ctx_t *)session_p->verify.context;
183 		len = des_ctx->mac_len;
184 
185 		/* Pass local buffer to avoid overflow. */
186 		rv = soft_des_sign_verify_common(session_p, pData,
187 		    ulDataLen, signature, &len, B_FALSE, B_FALSE);
188 
189 		if (rv == CKR_OK) {
190 			if (len != ulSignatureLen) {
191 				rv = CKR_SIGNATURE_LEN_RANGE;
192 			}
193 
194 			if (memcmp(signature, pSignature, len) != 0) {
195 				rv = CKR_SIGNATURE_INVALID;
196 			}
197 		}
198 
199 		return (rv);
200 	}
201 	case CKM_RSA_X_509:
202 	case CKM_RSA_PKCS:
203 
204 		return (soft_rsa_verify_common(session_p, pData, ulDataLen,
205 		    pSignature, ulSignatureLen, mechanism));
206 
207 	case CKM_MD5_RSA_PKCS:
208 	case CKM_SHA1_RSA_PKCS:
209 	case CKM_SHA256_RSA_PKCS:
210 	case CKM_SHA384_RSA_PKCS:
211 	case CKM_SHA512_RSA_PKCS:
212 
213 		return (soft_rsa_digest_verify_common(session_p, pData,
214 		    ulDataLen, pSignature, ulSignatureLen, mechanism, B_FALSE));
215 
216 	case CKM_DSA:
217 
218 		return (soft_dsa_verify(session_p, pData, ulDataLen,
219 		    pSignature, ulSignatureLen));
220 
221 	case CKM_DSA_SHA1:
222 
223 		return (soft_dsa_digest_verify_common(session_p, pData,
224 		    ulDataLen, pSignature, ulSignatureLen, B_FALSE));
225 
226 	case CKM_ECDSA:
227 
228 		return (soft_ecc_verify(session_p, pData, ulDataLen,
229 		    pSignature, ulSignatureLen));
230 
231 	case CKM_ECDSA_SHA1:
232 
233 		return (soft_ecc_digest_verify_common(session_p, pData,
234 		    ulDataLen, pSignature, ulSignatureLen, B_FALSE));
235 
236 	default:
237 		return (CKR_MECHANISM_INVALID);
238 	}
239 }
240 
241 
242 /*
243  * soft_verify_update()
244  *
245  * Arguments:
246  *      session_p:	pointer to soft_session_t struct
247  *      pPart:		pointer to the input data
248  *      ulPartLen:	length of the input data
249  *
250  * Description:
251  *      called by C_VerifyUpdate(). This function calls the corresponding
252  *	verify update routine based on the mechanism.
253  *
254  */
255 CK_RV
256 soft_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
257     CK_ULONG ulPartLen)
258 {
259 	CK_MECHANISM_TYPE	mechanism = session_p->verify.mech.mechanism;
260 
261 	switch (mechanism) {
262 
263 	case CKM_SSL3_MD5_MAC:
264 	case CKM_SSL3_SHA1_MAC:
265 	case CKM_MD5_HMAC_GENERAL:
266 	case CKM_MD5_HMAC:
267 	case CKM_SHA_1_HMAC_GENERAL:
268 	case CKM_SHA_1_HMAC:
269 	case CKM_SHA256_HMAC_GENERAL:
270 	case CKM_SHA256_HMAC:
271 	case CKM_SHA384_HMAC_GENERAL:
272 	case CKM_SHA384_HMAC:
273 	case CKM_SHA512_HMAC_GENERAL:
274 	case CKM_SHA512_HMAC:
275 
276 		return (soft_hmac_sign_verify_update(session_p, pPart,
277 		    ulPartLen, B_FALSE));
278 
279 	case CKM_DES_MAC_GENERAL:
280 	case CKM_DES_MAC:
281 
282 		return (soft_des_mac_sign_verify_update(session_p, pPart,
283 		    ulPartLen));
284 
285 	case CKM_MD5_RSA_PKCS:
286 	case CKM_SHA1_RSA_PKCS:
287 	case CKM_SHA256_RSA_PKCS:
288 	case CKM_SHA384_RSA_PKCS:
289 	case CKM_SHA512_RSA_PKCS:
290 		/*
291 		 * The MD5/SHA1 digest value is accumulated in the context
292 		 * of the multiple-part digesting operation. In the final
293 		 * operation, the digest is encoded and then perform RSA
294 		 * verification.
295 		 */
296 	case CKM_DSA_SHA1:
297 	case CKM_ECDSA_SHA1:
298 
299 		return (soft_digest_update(session_p, pPart, ulPartLen));
300 
301 	default:
302 		/* PKCS11: The mechanism only supports single-part operation. */
303 		return (CKR_MECHANISM_INVALID);
304 	}
305 }
306 
307 
308 /*
309  * soft_verify_final()
310  *
311  * Arguments:
312  *      session_p:	pointer to soft_session_t struct
313  *      pSignature:	pointer to the signature
314  *      ulSignatureLen:	length of the signature
315  *
316  * Description:
317  *      called by C_VerifyFinal().  This function calls the corresponding
318  *	verify final routine based on the mechanism.
319  *
320  */
321 CK_RV
322 soft_verify_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
323     CK_ULONG ulSignatureLen)
324 {
325 
326 	CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism;
327 	CK_RV rv = CKR_OK;
328 
329 	switch (mechanism) {
330 
331 	case CKM_SSL3_MD5_MAC:
332 	case CKM_SSL3_SHA1_MAC:
333 	case CKM_MD5_HMAC_GENERAL:
334 	case CKM_MD5_HMAC:
335 	case CKM_SHA_1_HMAC_GENERAL:
336 	case CKM_SHA_1_HMAC:
337 	case CKM_SHA256_HMAC_GENERAL:
338 	case CKM_SHA256_HMAC:
339 	case CKM_SHA384_HMAC_GENERAL:
340 	case CKM_SHA384_HMAC:
341 	case CKM_SHA512_HMAC_GENERAL:
342 	case CKM_SHA512_HMAC:
343 	{
344 		CK_ULONG len;
345 		CK_BYTE hmac[SHA512_DIGEST_LENGTH];
346 		soft_hmac_ctx_t *hmac_ctx;
347 
348 		hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
349 		len = hmac_ctx->hmac_len;
350 
351 		rv = soft_hmac_sign_verify_common(session_p, NULL, 0,
352 		    hmac, &len, B_FALSE);
353 
354 		if (rv == CKR_OK) {
355 			if (len != ulSignatureLen) {
356 				rv = CKR_SIGNATURE_LEN_RANGE;
357 			}
358 
359 			if (memcmp(hmac, pSignature, len) != 0) {
360 				rv = CKR_SIGNATURE_INVALID;
361 			}
362 		}
363 
364 		return (rv);
365 	}
366 	case CKM_DES_MAC_GENERAL:
367 	case CKM_DES_MAC:
368 	{
369 		CK_ULONG len;
370 		CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
371 		soft_des_ctx_t *des_ctx;
372 
373 		des_ctx = (soft_des_ctx_t *)session_p->verify.context;
374 		len = des_ctx->mac_len;
375 
376 		/* Pass local buffer to avoid overflow. */
377 		rv = soft_des_sign_verify_common(session_p, NULL, 0,
378 		    signature, &len, B_FALSE, B_TRUE);
379 
380 		if (rv == CKR_OK) {
381 			if (len != ulSignatureLen) {
382 				rv = CKR_SIGNATURE_LEN_RANGE;
383 			}
384 
385 			if (memcmp(signature, pSignature, len) != 0) {
386 				rv = CKR_SIGNATURE_INVALID;
387 			}
388 		}
389 
390 		return (rv);
391 	}
392 	case CKM_MD5_RSA_PKCS:
393 	case CKM_SHA1_RSA_PKCS:
394 	case CKM_SHA256_RSA_PKCS:
395 	case CKM_SHA384_RSA_PKCS:
396 	case CKM_SHA512_RSA_PKCS:
397 
398 		return (soft_rsa_digest_verify_common(session_p, NULL, 0,
399 		    pSignature, ulSignatureLen, mechanism, B_TRUE));
400 
401 	case CKM_DSA_SHA1:
402 
403 		return (soft_dsa_digest_verify_common(session_p, NULL, 0,
404 		    pSignature, ulSignatureLen, B_TRUE));
405 
406 	case CKM_ECDSA_SHA1:
407 
408 		return (soft_ecc_digest_verify_common(session_p, NULL, 0,
409 		    pSignature, ulSignatureLen, B_TRUE));
410 
411 	default:
412 		/* PKCS11: The mechanism only supports single-part operation. */
413 		return (CKR_MECHANISM_INVALID);
414 
415 	}
416 }
417 
418 
419 CK_RV
420 soft_verify_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
421     soft_object_t *key_p)
422 {
423 
424 	switch (pMechanism->mechanism) {
425 
426 	case CKM_RSA_X_509:
427 	case CKM_RSA_PKCS:
428 
429 		return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
430 		    key_p, B_FALSE));
431 
432 	default:
433 		return (CKR_MECHANISM_INVALID);
434 	}
435 }
436 
437 
438 CK_RV
439 soft_verify_recover(soft_session_t *session_p, CK_BYTE_PTR pSignature,
440     CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
441 {
442 
443 	CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism;
444 
445 	switch (mechanism) {
446 
447 	case CKM_RSA_X_509:
448 	case CKM_RSA_PKCS:
449 
450 		return (soft_rsa_verify_recover(session_p, pSignature,
451 		    ulSignatureLen, pData, pulDataLen));
452 
453 	default:
454 		return (CKR_MECHANISM_INVALID);
455 	}
456 }
457