1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 #include <pthread.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <sys/types.h>
31 #include <security/cryptoki.h>
32 #include <modes/modes.h>
33 #include <arcfour.h>
34 #include "softSession.h"
35 #include "softObject.h"
36 #include "softOps.h"
37 #include "softCrypt.h"
38 #include "softRSA.h"
39
40 /*
41 * Remove padding bytes.
42 */
43 CK_RV
soft_remove_pkcs7_padding(CK_BYTE * pData,CK_ULONG padded_len,CK_ULONG * pulDataLen)44 soft_remove_pkcs7_padding(CK_BYTE *pData, CK_ULONG padded_len,
45 CK_ULONG *pulDataLen)
46 {
47 CK_RV rv;
48
49 #ifdef __sparcv9
50 if ((rv = pkcs7_decode(pData, (&padded_len))) != CKR_OK)
51 #else /* !__sparcv9 */
52 if ((rv = pkcs7_decode(pData, (size_t *)(&padded_len))) != CKR_OK)
53 #endif /* __sparcv9 */
54 return (rv);
55
56 *pulDataLen = padded_len;
57 return (CKR_OK);
58 }
59
60
61 /*
62 * soft_decrypt_init()
63 *
64 * Arguments:
65 * session_p: pointer to soft_session_t struct
66 * pMechanism: pointer to CK_MECHANISM struct provided by application
67 * key_p: pointer to key soft_object_t struct
68 *
69 * Description:
70 * called by C_DecryptInit(). This function calls the corresponding
71 * decrypt init routine based on the mechanism.
72 *
73 * Returns:
74 * CKR_OK: success
75 * CKR_HOST_MEMORY: run out of system memory
76 * CKR_MECHANISM_PARAM_INVALID: invalid parameters in mechanism
77 * CKR_MECHANISM_INVALID: invalid mechanism type
78 * CKR_KEY_TYPE_INCONSISTENT: incorrect type of key to use
79 * with the specified mechanism
80 */
81 CK_RV
soft_decrypt_init(soft_session_t * session_p,CK_MECHANISM_PTR pMechanism,soft_object_t * key_p)82 soft_decrypt_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
83 soft_object_t *key_p)
84 {
85
86 CK_RV rv;
87
88 switch (pMechanism->mechanism) {
89
90 case CKM_DES_ECB:
91
92 if (key_p->key_type != CKK_DES) {
93 return (CKR_KEY_TYPE_INCONSISTENT);
94 }
95
96 goto ecb_common;
97
98 case CKM_DES3_ECB:
99
100 if ((key_p->key_type != CKK_DES2) &&
101 (key_p->key_type != CKK_DES3)) {
102 return (CKR_KEY_TYPE_INCONSISTENT);
103 }
104
105 ecb_common:
106
107 return (soft_des_crypt_init_common(session_p, pMechanism,
108 key_p, B_FALSE));
109
110 case CKM_DES_CBC:
111 case CKM_DES_CBC_PAD:
112
113 if (key_p->key_type != CKK_DES) {
114 return (CKR_KEY_TYPE_INCONSISTENT);
115 }
116
117 goto cbc_common;
118
119 case CKM_DES3_CBC:
120 case CKM_DES3_CBC_PAD:
121 {
122 soft_des_ctx_t *soft_des_ctx;
123
124 if ((key_p->key_type != CKK_DES2) &&
125 (key_p->key_type != CKK_DES3)) {
126 return (CKR_KEY_TYPE_INCONSISTENT);
127 }
128
129 cbc_common:
130 if ((pMechanism->pParameter == NULL) ||
131 (pMechanism->ulParameterLen != DES_BLOCK_LEN)) {
132 return (CKR_MECHANISM_PARAM_INVALID);
133 }
134
135 rv = soft_des_crypt_init_common(session_p, pMechanism,
136 key_p, B_FALSE);
137
138 if (rv != CKR_OK)
139 return (rv);
140
141 (void) pthread_mutex_lock(&session_p->session_mutex);
142
143 soft_des_ctx = (soft_des_ctx_t *)session_p->decrypt.context;
144 /* Save Initialization Vector (IV) in the context. */
145 (void) memcpy(soft_des_ctx->ivec, pMechanism->pParameter,
146 DES_BLOCK_LEN);
147
148 /* Allocate a context for DES cipher-block chaining. */
149 soft_des_ctx->des_cbc = (void *)des_cbc_ctx_init(
150 soft_des_ctx->key_sched, soft_des_ctx->keysched_len,
151 soft_des_ctx->ivec, key_p->key_type);
152
153 if (soft_des_ctx->des_cbc == NULL) {
154 bzero(soft_des_ctx->key_sched,
155 soft_des_ctx->keysched_len);
156 free(soft_des_ctx->key_sched);
157 free(session_p->decrypt.context);
158 session_p->decrypt.context = NULL;
159 (void) pthread_mutex_unlock(&session_p->session_mutex);
160 return (CKR_HOST_MEMORY);
161 }
162
163 (void) pthread_mutex_unlock(&session_p->session_mutex);
164
165 return (rv);
166 }
167 case CKM_AES_ECB:
168
169 if (key_p->key_type != CKK_AES) {
170 return (CKR_KEY_TYPE_INCONSISTENT);
171 }
172
173 return (soft_aes_crypt_init_common(session_p, pMechanism,
174 key_p, B_FALSE));
175
176 case CKM_AES_CBC:
177 case CKM_AES_CBC_PAD:
178 {
179 soft_aes_ctx_t *soft_aes_ctx;
180
181 if (key_p->key_type != CKK_AES) {
182 return (CKR_KEY_TYPE_INCONSISTENT);
183 }
184
185 if ((pMechanism->pParameter == NULL) ||
186 (pMechanism->ulParameterLen != AES_BLOCK_LEN)) {
187 return (CKR_MECHANISM_PARAM_INVALID);
188 }
189
190 rv = soft_aes_crypt_init_common(session_p, pMechanism,
191 key_p, B_FALSE);
192
193 if (rv != CKR_OK)
194 return (rv);
195
196 (void) pthread_mutex_lock(&session_p->session_mutex);
197
198 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
199
200 /* Save Initialization Vector (IV) in the context. */
201 (void) memcpy(soft_aes_ctx->ivec, pMechanism->pParameter,
202 AES_BLOCK_LEN);
203
204 /* Allocate a context for AES cipher-block chaining. */
205 soft_aes_ctx->aes_cbc = (void *)aes_cbc_ctx_init(
206 soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len,
207 soft_aes_ctx->ivec);
208
209 if (soft_aes_ctx->aes_cbc == NULL) {
210 bzero(soft_aes_ctx->key_sched,
211 soft_aes_ctx->keysched_len);
212 free(soft_aes_ctx->key_sched);
213 free(session_p->decrypt.context);
214 session_p->decrypt.context = NULL;
215 (void) pthread_mutex_unlock(&session_p->session_mutex);
216 return (CKR_HOST_MEMORY);
217 }
218
219 (void) pthread_mutex_unlock(&session_p->session_mutex);
220
221 return (rv);
222 }
223 case CKM_AES_CTR:
224 {
225 soft_aes_ctx_t *soft_aes_ctx;
226
227 if (key_p->key_type != CKK_AES) {
228 return (CKR_KEY_TYPE_INCONSISTENT);
229 }
230
231 if (pMechanism->pParameter == NULL ||
232 pMechanism->ulParameterLen != sizeof (CK_AES_CTR_PARAMS)) {
233 return (CKR_MECHANISM_PARAM_INVALID);
234 }
235
236 rv = soft_aes_crypt_init_common(session_p, pMechanism,
237 key_p, B_FALSE);
238
239 if (rv != CKR_OK)
240 return (rv);
241
242 (void) pthread_mutex_lock(&session_p->session_mutex);
243
244 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
245 soft_aes_ctx->aes_cbc = aes_ctr_ctx_init(
246 soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len,
247 pMechanism->pParameter);
248
249 if (soft_aes_ctx->aes_cbc == NULL) {
250 bzero(soft_aes_ctx->key_sched,
251 soft_aes_ctx->keysched_len);
252 free(soft_aes_ctx->key_sched);
253 free(session_p->decrypt.context);
254 session_p->decrypt.context = NULL;
255 rv = CKR_HOST_MEMORY;
256 }
257
258 (void) pthread_mutex_unlock(&session_p->session_mutex);
259
260 return (rv);
261 }
262 case CKM_BLOWFISH_CBC:
263 {
264 soft_blowfish_ctx_t *soft_blowfish_ctx;
265
266 if (key_p->key_type != CKK_BLOWFISH)
267 return (CKR_KEY_TYPE_INCONSISTENT);
268
269 if ((pMechanism->pParameter == NULL) ||
270 (pMechanism->ulParameterLen != BLOWFISH_BLOCK_LEN))
271 return (CKR_MECHANISM_PARAM_INVALID);
272
273 rv = soft_blowfish_crypt_init_common(session_p, pMechanism,
274 key_p, B_FALSE);
275
276 if (rv != CKR_OK)
277 return (rv);
278
279 (void) pthread_mutex_lock(&session_p->session_mutex);
280
281 soft_blowfish_ctx =
282 (soft_blowfish_ctx_t *)session_p->decrypt.context;
283
284 /* Save Initialization Vector in the context. */
285 (void) memcpy(soft_blowfish_ctx->ivec, pMechanism->pParameter,
286 BLOWFISH_BLOCK_LEN);
287
288 /* Allocate a context for CBC */
289 soft_blowfish_ctx->blowfish_cbc =
290 (void *)blowfish_cbc_ctx_init(soft_blowfish_ctx->key_sched,
291 soft_blowfish_ctx->keysched_len,
292 soft_blowfish_ctx->ivec);
293
294 if (soft_blowfish_ctx->blowfish_cbc == NULL) {
295 bzero(soft_blowfish_ctx->key_sched,
296 soft_blowfish_ctx->keysched_len);
297 free(soft_blowfish_ctx->key_sched);
298 free(session_p->decrypt.context = NULL);
299 (void) pthread_mutex_unlock(&session_p->session_mutex);
300 return (CKR_HOST_MEMORY);
301 }
302
303 (void) pthread_mutex_unlock(&session_p->session_mutex);
304 return (rv);
305 }
306
307 case CKM_RC4:
308
309 if (key_p->key_type != CKK_RC4) {
310 return (CKR_KEY_TYPE_INCONSISTENT);
311 }
312
313 return (soft_arcfour_crypt_init(session_p, pMechanism, key_p,
314 B_FALSE));
315
316 case CKM_RSA_X_509:
317 case CKM_RSA_PKCS:
318
319 if (key_p->key_type != CKK_RSA) {
320 return (CKR_KEY_TYPE_INCONSISTENT);
321 }
322
323 return (soft_rsa_crypt_init_common(session_p, pMechanism,
324 key_p, B_FALSE));
325
326 default:
327 return (CKR_MECHANISM_INVALID);
328 }
329 }
330
331
332 /*
333 * soft_decrypt_common()
334 *
335 * Arguments:
336 * session_p: pointer to soft_session_t struct
337 * pEncrypted: pointer to the encrypted data as input
338 * ulEncryptedLen: length of the input data
339 * pData: pointer to the output data contains plaintext
340 * pulDataLen: pointer to the length of the output data
341 * Update: boolean flag indicates caller is soft_decrypt
342 * or soft_decrypt_update
343 *
344 * Description:
345 * This function calls the corresponding decrypt routine based
346 * on the mechanism.
347 *
348 * Returns:
349 * see soft_decrypt_common().
350 */
351 CK_RV
soft_decrypt_common(soft_session_t * session_p,CK_BYTE_PTR pEncrypted,CK_ULONG ulEncryptedLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen,boolean_t Update)352 soft_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted,
353 CK_ULONG ulEncryptedLen, CK_BYTE_PTR pData,
354 CK_ULONG_PTR pulDataLen, boolean_t Update)
355 {
356
357 CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism;
358
359 switch (mechanism) {
360
361 case CKM_DES_ECB:
362 case CKM_DES_CBC:
363 case CKM_DES3_ECB:
364 case CKM_DES3_CBC:
365
366 if (ulEncryptedLen == 0) {
367 *pulDataLen = 0;
368 return (CKR_OK);
369 }
370 /* FALLTHROUGH */
371
372 case CKM_DES_CBC_PAD:
373 case CKM_DES3_CBC_PAD:
374
375 return (soft_des_decrypt_common(session_p, pEncrypted,
376 ulEncryptedLen, pData, pulDataLen, Update));
377
378 case CKM_AES_ECB:
379 case CKM_AES_CBC:
380 case CKM_AES_CTR:
381
382 if (ulEncryptedLen == 0) {
383 *pulDataLen = 0;
384 return (CKR_OK);
385 }
386 /* FALLTHROUGH */
387
388 case CKM_AES_CBC_PAD:
389
390 return (soft_aes_decrypt_common(session_p, pEncrypted,
391 ulEncryptedLen, pData, pulDataLen, Update));
392
393 case CKM_BLOWFISH_CBC:
394
395 if (ulEncryptedLen == 0) {
396 *pulDataLen = 0;
397 return (CKR_OK);
398 }
399
400 return (soft_blowfish_decrypt_common(session_p, pEncrypted,
401 ulEncryptedLen, pData, pulDataLen, Update));
402
403 case CKM_RC4:
404
405 if (ulEncryptedLen == 0) {
406 *pulDataLen = 0;
407 return (CKR_OK);
408 }
409
410
411 return (soft_arcfour_crypt(&(session_p->decrypt), pEncrypted,
412 ulEncryptedLen, pData, pulDataLen));
413
414 case CKM_RSA_X_509:
415 case CKM_RSA_PKCS:
416
417 return (soft_rsa_decrypt_common(session_p, pEncrypted,
418 ulEncryptedLen, pData, pulDataLen, mechanism));
419
420 default:
421 return (CKR_MECHANISM_INVALID);
422
423 }
424 }
425
426
427 /*
428 * soft_decrypt()
429 *
430 * Arguments:
431 * session_p: pointer to soft_session_t struct
432 * pEncryptedData: pointer to the encrypted data as input
433 * ulEncryptedDataLen: length of the input data
434 * pData: pointer to the output data contains plaintext
435 * pulDataLen: pointer to the length of the output data
436 *
437 * Description:
438 * called by C_Decrypt(). This function calls the soft_decrypt_common
439 * routine.
440 *
441 * Returns:
442 * see soft_decrypt_common().
443 */
444 CK_RV
soft_decrypt(soft_session_t * session_p,CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)445 soft_decrypt(soft_session_t *session_p, CK_BYTE_PTR pEncryptedData,
446 CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
447 CK_ULONG_PTR pulDataLen)
448 {
449
450 return (soft_decrypt_common(session_p, pEncryptedData,
451 ulEncryptedDataLen, pData, pulDataLen, B_FALSE));
452 }
453
454
455 /*
456 * soft_decrypt_update()
457 *
458 * Arguments:
459 * session_p: pointer to soft_session_t struct
460 * pEncryptedPart: pointer to the encrypted data as input
461 * ulEncryptedPartLen: length of the input data
462 * pPart: pointer to the output data contains plaintext
463 * pulPartLen: pointer to the length of the output data
464 *
465 * Description:
466 * called by C_DecryptUpdate(). This function calls the
467 * soft_decrypt_common routine (with update flag on).
468 *
469 * Returns:
470 * see soft_decrypt_common().
471 */
472 CK_RV
soft_decrypt_update(soft_session_t * session_p,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)473 soft_decrypt_update(soft_session_t *session_p, CK_BYTE_PTR pEncryptedPart,
474 CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
475 CK_ULONG_PTR pulPartLen)
476 {
477 CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism;
478
479 switch (mechanism) {
480
481 case CKM_DES_ECB:
482 case CKM_DES_CBC:
483 case CKM_DES_CBC_PAD:
484 case CKM_DES3_ECB:
485 case CKM_DES3_CBC:
486 case CKM_DES3_CBC_PAD:
487 case CKM_AES_ECB:
488 case CKM_AES_CBC:
489 case CKM_AES_CBC_PAD:
490 case CKM_AES_CTR:
491 case CKM_BLOWFISH_CBC:
492 case CKM_RC4:
493
494 return (soft_decrypt_common(session_p, pEncryptedPart,
495 ulEncryptedPartLen, pPart, pulPartLen, B_TRUE));
496
497 default:
498 /* PKCS11: The mechanism only supports single-part operation. */
499 return (CKR_MECHANISM_INVALID);
500 }
501
502 }
503
504
505 /*
506 * soft_decrypt_final()
507 *
508 * Arguments:
509 * session_p: pointer to soft_session_t struct
510 * pLastPart: pointer to the last recovered data part
511 * pulLastPartLen: pointer to the length of the last recovered data part
512 *
513 * Description:
514 * called by C_DecryptFinal().
515 *
516 * Returns:
517 * CKR_OK: success
518 * CKR_FUNCTION_FAILED: decrypt final function failed
519 * CKR_ENCRYPTED_DATA_LEN_RANGE: remaining buffer contains bad length
520 */
521 CK_RV
soft_decrypt_final(soft_session_t * session_p,CK_BYTE_PTR pLastPart,CK_ULONG_PTR pulLastPartLen)522 soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart,
523 CK_ULONG_PTR pulLastPartLen)
524 {
525
526 CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism;
527 CK_ULONG out_len;
528 CK_RV rv = CKR_OK;
529 int rc;
530
531 (void) pthread_mutex_lock(&session_p->session_mutex);
532
533 if (session_p->decrypt.context == NULL) {
534 rv = CKR_OPERATION_NOT_INITIALIZED;
535 *pulLastPartLen = 0;
536 goto clean2;
537 }
538 switch (mechanism) {
539
540 case CKM_DES_CBC_PAD:
541 case CKM_DES3_CBC_PAD:
542 {
543
544 soft_des_ctx_t *soft_des_ctx;
545
546 soft_des_ctx = (soft_des_ctx_t *)session_p->decrypt.context;
547
548 /*
549 * We should have only one block of data left in the
550 * remaining buffer.
551 */
552 if (soft_des_ctx->remain_len != DES_BLOCK_LEN) {
553 *pulLastPartLen = 0;
554 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
555 /* Cleanup memory space. */
556 free(soft_des_ctx->des_cbc);
557 bzero(soft_des_ctx->key_sched,
558 soft_des_ctx->keysched_len);
559 free(soft_des_ctx->key_sched);
560
561 goto clean1;
562 }
563
564 out_len = DES_BLOCK_LEN;
565
566 /*
567 * If application asks for the length of the output buffer
568 * to hold the plaintext?
569 */
570 if (pLastPart == NULL) {
571 *pulLastPartLen = out_len;
572 rv = CKR_OK;
573 goto clean2;
574 } else {
575 crypto_data_t out;
576
577 /* Copy remaining data to the output buffer. */
578 (void) memcpy(pLastPart, soft_des_ctx->data,
579 DES_BLOCK_LEN);
580
581 out.cd_format = CRYPTO_DATA_RAW;
582 out.cd_offset = 0;
583 out.cd_length = DES_BLOCK_LEN;
584 out.cd_raw.iov_base = (char *)pLastPart;
585 out.cd_raw.iov_len = DES_BLOCK_LEN;
586
587 /* Decrypt final block of data. */
588 rc = des_decrypt_contiguous_blocks(
589 (des_ctx_t *)soft_des_ctx->des_cbc,
590 (char *)pLastPart, DES_BLOCK_LEN, &out);
591
592 if (rc == 0) {
593 /*
594 * Remove padding bytes after decryption of
595 * ciphertext block to produce the original
596 * plaintext.
597 */
598 rv = soft_remove_pkcs7_padding(pLastPart,
599 DES_BLOCK_LEN, &out_len);
600 if (rv != CKR_OK)
601 *pulLastPartLen = 0;
602 else
603 *pulLastPartLen = out_len;
604 } else {
605 *pulLastPartLen = 0;
606 rv = CKR_FUNCTION_FAILED;
607 }
608
609 /* Cleanup memory space. */
610 free(soft_des_ctx->des_cbc);
611 bzero(soft_des_ctx->key_sched,
612 soft_des_ctx->keysched_len);
613 free(soft_des_ctx->key_sched);
614
615 }
616
617 break;
618 }
619
620 case CKM_DES_CBC:
621 case CKM_DES_ECB:
622 case CKM_DES3_CBC:
623 case CKM_DES3_ECB:
624 {
625
626 soft_des_ctx_t *soft_des_ctx;
627
628 soft_des_ctx = (soft_des_ctx_t *)session_p->decrypt.context;
629 /*
630 * CKM_DES_CBC and CKM_DES_ECB does not do any padding,
631 * so when the final is called, the remaining buffer
632 * should not contain any more data.
633 */
634 *pulLastPartLen = 0;
635 if (soft_des_ctx->remain_len != 0) {
636 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
637 } else {
638 if (pLastPart == NULL)
639 goto clean2;
640 }
641
642 /* Cleanup memory space. */
643 free(soft_des_ctx->des_cbc);
644 bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
645 free(soft_des_ctx->key_sched);
646
647 break;
648 }
649
650 case CKM_AES_CBC_PAD:
651 {
652
653 soft_aes_ctx_t *soft_aes_ctx;
654
655 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
656
657 /*
658 * We should have only one block of data left in the
659 * remaining buffer.
660 */
661 if (soft_aes_ctx->remain_len != AES_BLOCK_LEN) {
662 *pulLastPartLen = 0;
663 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
664 /* Cleanup memory space. */
665 free(soft_aes_ctx->aes_cbc);
666 bzero(soft_aes_ctx->key_sched,
667 soft_aes_ctx->keysched_len);
668 free(soft_aes_ctx->key_sched);
669
670 goto clean1;
671 }
672
673 out_len = AES_BLOCK_LEN;
674
675 /*
676 * If application asks for the length of the output buffer
677 * to hold the plaintext?
678 */
679 if (pLastPart == NULL) {
680 *pulLastPartLen = out_len;
681 rv = CKR_OK;
682 goto clean2;
683 } else {
684 crypto_data_t out;
685
686 /* Copy remaining data to the output buffer. */
687 (void) memcpy(pLastPart, soft_aes_ctx->data,
688 AES_BLOCK_LEN);
689
690 out.cd_format = CRYPTO_DATA_RAW;
691 out.cd_offset = 0;
692 out.cd_length = AES_BLOCK_LEN;
693 out.cd_raw.iov_base = (char *)pLastPart;
694 out.cd_raw.iov_len = AES_BLOCK_LEN;
695
696 /* Decrypt final block of data. */
697 rc = aes_decrypt_contiguous_blocks(
698 (aes_ctx_t *)soft_aes_ctx->aes_cbc,
699 (char *)pLastPart, AES_BLOCK_LEN, &out);
700
701 if (rc == 0) {
702 /*
703 * Remove padding bytes after decryption of
704 * ciphertext block to produce the original
705 * plaintext.
706 */
707 rv = soft_remove_pkcs7_padding(pLastPart,
708 AES_BLOCK_LEN, &out_len);
709 if (rv != CKR_OK)
710 *pulLastPartLen = 0;
711 else
712 *pulLastPartLen = out_len;
713 } else {
714 *pulLastPartLen = 0;
715 rv = CKR_FUNCTION_FAILED;
716 }
717
718 /* Cleanup memory space. */
719 free(soft_aes_ctx->aes_cbc);
720 bzero(soft_aes_ctx->key_sched,
721 soft_aes_ctx->keysched_len);
722 free(soft_aes_ctx->key_sched);
723
724 }
725
726 break;
727 }
728
729 case CKM_AES_CBC:
730 case CKM_AES_ECB:
731 {
732 soft_aes_ctx_t *soft_aes_ctx;
733
734 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
735 /*
736 * CKM_AES_CBC and CKM_AES_ECB does not do any padding,
737 * so when the final is called, the remaining buffer
738 * should not contain any more data.
739 */
740 *pulLastPartLen = 0;
741 if (soft_aes_ctx->remain_len != 0) {
742 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
743 } else {
744 if (pLastPart == NULL)
745 goto clean2;
746 }
747
748 /* Cleanup memory space. */
749 free(soft_aes_ctx->aes_cbc);
750 bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
751 free(soft_aes_ctx->key_sched);
752
753 break;
754 }
755 case CKM_AES_CTR:
756 {
757 crypto_data_t out;
758 soft_aes_ctx_t *soft_aes_ctx;
759 ctr_ctx_t *ctr_ctx;
760 size_t len;
761
762 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
763 ctr_ctx = soft_aes_ctx->aes_cbc;
764 len = ctr_ctx->ctr_remainder_len;
765 if (pLastPart == NULL) {
766 *pulLastPartLen = len;
767 goto clean1;
768 }
769 if (len > 0) {
770 out.cd_format = CRYPTO_DATA_RAW;
771 out.cd_offset = 0;
772 out.cd_length = len;
773 out.cd_raw.iov_base = (char *)pLastPart;
774 out.cd_raw.iov_len = len;
775
776 rv = ctr_mode_final(ctr_ctx, &out, aes_encrypt_block);
777 if (rv == CRYPTO_DATA_LEN_RANGE)
778 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
779 }
780 if (rv == CRYPTO_BUFFER_TOO_SMALL) {
781 *pulLastPartLen = len;
782 goto clean1;
783 }
784
785 /* Cleanup memory space. */
786 free(ctr_ctx);
787 bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
788 free(soft_aes_ctx->key_sched);
789
790 break;
791 }
792 case CKM_BLOWFISH_CBC:
793 {
794 soft_blowfish_ctx_t *soft_blowfish_ctx;
795
796 soft_blowfish_ctx =
797 (soft_blowfish_ctx_t *)session_p->decrypt.context;
798
799 *pulLastPartLen = 0;
800 if (soft_blowfish_ctx->remain_len != 0)
801 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
802 else {
803 if (pLastPart == NULL)
804 goto clean2;
805 }
806
807 free(soft_blowfish_ctx->blowfish_cbc);
808 bzero(soft_blowfish_ctx->key_sched,
809 soft_blowfish_ctx->keysched_len);
810 free(soft_blowfish_ctx->key_sched);
811
812 break;
813 }
814
815 case CKM_RC4:
816 {
817 ARCFour_key *key = (ARCFour_key *)session_p->decrypt.context;
818 bzero(key, sizeof (*key));
819 *pulLastPartLen = 0;
820 break;
821 }
822
823 default:
824 /* PKCS11: The mechanism only supports single-part operation. */
825 rv = CKR_MECHANISM_INVALID;
826 break;
827 }
828
829 clean1:
830 free(session_p->decrypt.context);
831 session_p->decrypt.context = NULL;
832
833 clean2:
834 (void) pthread_mutex_unlock(&session_p->session_mutex);
835
836 return (rv);
837
838 }
839