17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
54c21f043Sizick * Common Development and Distribution License (the "License").
64c21f043Sizick * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*f9fbec18Smcpowers * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate #include <stdlib.h>
297c478bd9Sstevel@tonic-gate #include <strings.h>
307c478bd9Sstevel@tonic-gate #include <sys/types.h>
317c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
327c478bd9Sstevel@tonic-gate #include "softObject.h"
337c478bd9Sstevel@tonic-gate #include "softOps.h"
347c478bd9Sstevel@tonic-gate #include "softSession.h"
357c478bd9Sstevel@tonic-gate #include "softMAC.h"
367c478bd9Sstevel@tonic-gate #include "softRSA.h"
377c478bd9Sstevel@tonic-gate #include "softDSA.h"
38*f9fbec18Smcpowers #include "softEC.h"
397c478bd9Sstevel@tonic-gate #include "softCrypt.h"
407c478bd9Sstevel@tonic-gate
417c478bd9Sstevel@tonic-gate /*
427c478bd9Sstevel@tonic-gate * soft_sign_init()
437c478bd9Sstevel@tonic-gate *
447c478bd9Sstevel@tonic-gate * Arguments:
457c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
467c478bd9Sstevel@tonic-gate * pMechanism: pointer to CK_MECHANISM struct provided by application
477c478bd9Sstevel@tonic-gate * key_p: pointer to key soft_object_t struct
487c478bd9Sstevel@tonic-gate *
497c478bd9Sstevel@tonic-gate * Description:
507c478bd9Sstevel@tonic-gate * called by C_SignInit(). This function calls the corresponding
517c478bd9Sstevel@tonic-gate * sign init routine based on the mechanism.
527c478bd9Sstevel@tonic-gate *
537c478bd9Sstevel@tonic-gate */
547c478bd9Sstevel@tonic-gate CK_RV
soft_sign_init(soft_session_t * session_p,CK_MECHANISM_PTR pMechanism,soft_object_t * key_p)557c478bd9Sstevel@tonic-gate soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
567c478bd9Sstevel@tonic-gate soft_object_t *key_p)
577c478bd9Sstevel@tonic-gate {
587c478bd9Sstevel@tonic-gate
597c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) {
607c478bd9Sstevel@tonic-gate
617c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
627c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
637c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
647c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC:
657c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
667c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC:
67f66d273dSizick case CKM_SHA256_HMAC_GENERAL:
68f66d273dSizick case CKM_SHA256_HMAC:
69f66d273dSizick case CKM_SHA384_HMAC_GENERAL:
70f66d273dSizick case CKM_SHA384_HMAC:
71f66d273dSizick case CKM_SHA512_HMAC_GENERAL:
72f66d273dSizick case CKM_SHA512_HMAC:
737c478bd9Sstevel@tonic-gate
747c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_init_common(session_p,
757c478bd9Sstevel@tonic-gate pMechanism, key_p, B_TRUE));
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate case CKM_RSA_X_509:
787c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS:
797c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
807c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
81f66d273dSizick case CKM_SHA256_RSA_PKCS:
82f66d273dSizick case CKM_SHA384_RSA_PKCS:
83f66d273dSizick case CKM_SHA512_RSA_PKCS:
847c478bd9Sstevel@tonic-gate
857c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
867c478bd9Sstevel@tonic-gate key_p, B_TRUE));
877c478bd9Sstevel@tonic-gate
887c478bd9Sstevel@tonic-gate case CKM_DSA:
897c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1:
907c478bd9Sstevel@tonic-gate
917c478bd9Sstevel@tonic-gate return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
927c478bd9Sstevel@tonic-gate key_p, B_TRUE));
937c478bd9Sstevel@tonic-gate
94*f9fbec18Smcpowers case CKM_ECDSA:
95*f9fbec18Smcpowers case CKM_ECDSA_SHA1:
96*f9fbec18Smcpowers
97*f9fbec18Smcpowers return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
98*f9fbec18Smcpowers key_p, B_TRUE));
99*f9fbec18Smcpowers
1007c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
1017c478bd9Sstevel@tonic-gate case CKM_DES_MAC:
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate return (soft_des_sign_verify_init_common(session_p, pMechanism,
1047c478bd9Sstevel@tonic-gate key_p, B_TRUE));
1057c478bd9Sstevel@tonic-gate
1067c478bd9Sstevel@tonic-gate default:
1077c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
1087c478bd9Sstevel@tonic-gate }
1097c478bd9Sstevel@tonic-gate
1107c478bd9Sstevel@tonic-gate }
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate
1137c478bd9Sstevel@tonic-gate /*
1147c478bd9Sstevel@tonic-gate * soft_sign()
1157c478bd9Sstevel@tonic-gate *
1167c478bd9Sstevel@tonic-gate * Arguments:
1177c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
1187c478bd9Sstevel@tonic-gate * pData: pointer to the input data to be signed
1197c478bd9Sstevel@tonic-gate * ulDataLen: length of the input data
1207c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing
1217c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature
1227c478bd9Sstevel@tonic-gate *
1237c478bd9Sstevel@tonic-gate * Description:
1247c478bd9Sstevel@tonic-gate * called by C_Sign(). This function calls the corresponding
1257c478bd9Sstevel@tonic-gate * sign routine based on the mechanism.
1267c478bd9Sstevel@tonic-gate *
1277c478bd9Sstevel@tonic-gate */
1287c478bd9Sstevel@tonic-gate CK_RV
soft_sign(soft_session_t * session_p,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)1297c478bd9Sstevel@tonic-gate soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
1307c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
1317c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen)
1327c478bd9Sstevel@tonic-gate {
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
1357c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK;
1367c478bd9Sstevel@tonic-gate
1377c478bd9Sstevel@tonic-gate switch (mechanism) {
1387c478bd9Sstevel@tonic-gate
1397c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
1407c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
1417c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
1427c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC:
1437c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
1447c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC:
145f66d273dSizick case CKM_SHA256_HMAC_GENERAL:
146f66d273dSizick case CKM_SHA256_HMAC:
147f66d273dSizick case CKM_SHA384_HMAC_GENERAL:
148f66d273dSizick case CKM_SHA384_HMAC:
149f66d273dSizick case CKM_SHA512_HMAC_GENERAL:
150f66d273dSizick case CKM_SHA512_HMAC:
1517c478bd9Sstevel@tonic-gate {
152f66d273dSizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
1537c478bd9Sstevel@tonic-gate
1547c478bd9Sstevel@tonic-gate if (pSignature != NULL) {
1557c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */
1567c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData,
1577c478bd9Sstevel@tonic-gate ulDataLen, hmac, pulSignatureLen, B_TRUE);
1587c478bd9Sstevel@tonic-gate } else {
1597c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */
1607c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData,
1617c478bd9Sstevel@tonic-gate ulDataLen, pSignature, pulSignatureLen, B_TRUE);
1627c478bd9Sstevel@tonic-gate }
1637c478bd9Sstevel@tonic-gate
1647c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
1657c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen);
1667c478bd9Sstevel@tonic-gate
1677c478bd9Sstevel@tonic-gate return (rv);
1687c478bd9Sstevel@tonic-gate }
1697c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
1707c478bd9Sstevel@tonic-gate case CKM_DES_MAC:
1717c478bd9Sstevel@tonic-gate {
1727c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
1737c478bd9Sstevel@tonic-gate
1747c478bd9Sstevel@tonic-gate if (pSignature != NULL) {
1757c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */
1767c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData,
1777c478bd9Sstevel@tonic-gate ulDataLen, signature, pulSignatureLen, B_TRUE,
1787c478bd9Sstevel@tonic-gate B_FALSE);
1797c478bd9Sstevel@tonic-gate } else {
1807c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */
1817c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData,
182*f9fbec18Smcpowers ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
1837c478bd9Sstevel@tonic-gate }
1847c478bd9Sstevel@tonic-gate
1857c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
1867c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen);
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate return (rv);
1897c478bd9Sstevel@tonic-gate }
1907c478bd9Sstevel@tonic-gate case CKM_RSA_X_509:
1917c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS:
1927c478bd9Sstevel@tonic-gate
1937c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen,
1947c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism));
1957c478bd9Sstevel@tonic-gate
1967c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
1977c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
198f66d273dSizick case CKM_SHA256_RSA_PKCS:
199f66d273dSizick case CKM_SHA384_RSA_PKCS:
200f66d273dSizick case CKM_SHA512_RSA_PKCS:
2017c478bd9Sstevel@tonic-gate
2027c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen,
2037c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_FALSE));
2047c478bd9Sstevel@tonic-gate
2057c478bd9Sstevel@tonic-gate case CKM_DSA:
2067c478bd9Sstevel@tonic-gate
2077c478bd9Sstevel@tonic-gate return (soft_dsa_sign(session_p, pData, ulDataLen,
2087c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen));
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1:
2117c478bd9Sstevel@tonic-gate
2127c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen,
2137c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_FALSE));
2147c478bd9Sstevel@tonic-gate
215*f9fbec18Smcpowers case CKM_ECDSA:
216*f9fbec18Smcpowers
217*f9fbec18Smcpowers return (soft_ecc_sign(session_p, pData, ulDataLen,
218*f9fbec18Smcpowers pSignature, pulSignatureLen));
219*f9fbec18Smcpowers
220*f9fbec18Smcpowers case CKM_ECDSA_SHA1:
221*f9fbec18Smcpowers
222*f9fbec18Smcpowers return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen,
223*f9fbec18Smcpowers pSignature, pulSignatureLen, B_FALSE));
224*f9fbec18Smcpowers
2257c478bd9Sstevel@tonic-gate default:
2267c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
2277c478bd9Sstevel@tonic-gate }
2287c478bd9Sstevel@tonic-gate }
2297c478bd9Sstevel@tonic-gate
2307c478bd9Sstevel@tonic-gate
2317c478bd9Sstevel@tonic-gate /*
2327c478bd9Sstevel@tonic-gate * soft_sign_update()
2337c478bd9Sstevel@tonic-gate *
2347c478bd9Sstevel@tonic-gate * Arguments:
2357c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
2367c478bd9Sstevel@tonic-gate * pPart: pointer to the input data to be signed
2377c478bd9Sstevel@tonic-gate * ulPartLen: length of the input data
2387c478bd9Sstevel@tonic-gate *
2397c478bd9Sstevel@tonic-gate * Description:
2407c478bd9Sstevel@tonic-gate * called by C_SignUpdate(). This function calls the corresponding
2417c478bd9Sstevel@tonic-gate * sign update routine based on the mechanism.
2427c478bd9Sstevel@tonic-gate *
2437c478bd9Sstevel@tonic-gate */
2447c478bd9Sstevel@tonic-gate CK_RV
soft_sign_update(soft_session_t * session_p,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)2457c478bd9Sstevel@tonic-gate soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
2467c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen)
2477c478bd9Sstevel@tonic-gate {
2487c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
2497c478bd9Sstevel@tonic-gate
2507c478bd9Sstevel@tonic-gate switch (mechanism) {
2517c478bd9Sstevel@tonic-gate
2527c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
2537c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
2547c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
2557c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC:
2567c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
2577c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC:
258f66d273dSizick case CKM_SHA256_HMAC_GENERAL:
259f66d273dSizick case CKM_SHA256_HMAC:
260f66d273dSizick case CKM_SHA384_HMAC_GENERAL:
261f66d273dSizick case CKM_SHA384_HMAC:
262f66d273dSizick case CKM_SHA512_HMAC_GENERAL:
263f66d273dSizick case CKM_SHA512_HMAC:
2647c478bd9Sstevel@tonic-gate
2657c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_update(session_p, pPart,
2667c478bd9Sstevel@tonic-gate ulPartLen, B_TRUE));
2677c478bd9Sstevel@tonic-gate
2687c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
2697c478bd9Sstevel@tonic-gate case CKM_DES_MAC:
2707c478bd9Sstevel@tonic-gate
2717c478bd9Sstevel@tonic-gate return (soft_des_mac_sign_verify_update(session_p, pPart,
2727c478bd9Sstevel@tonic-gate ulPartLen));
2737c478bd9Sstevel@tonic-gate
2747c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
2757c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
276f66d273dSizick case CKM_SHA256_RSA_PKCS:
277f66d273dSizick case CKM_SHA384_RSA_PKCS:
278f66d273dSizick case CKM_SHA512_RSA_PKCS:
2797c478bd9Sstevel@tonic-gate /*
2807c478bd9Sstevel@tonic-gate * The MD5/SHA1 digest value is accumulated in the context
2817c478bd9Sstevel@tonic-gate * of the multiple-part digesting operation. In the final
2827c478bd9Sstevel@tonic-gate * operation, the digest is encoded and then perform RSA
2837c478bd9Sstevel@tonic-gate * signing.
2847c478bd9Sstevel@tonic-gate */
2857c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1:
286*f9fbec18Smcpowers case CKM_ECDSA_SHA1:
2877c478bd9Sstevel@tonic-gate
2887c478bd9Sstevel@tonic-gate return (soft_digest_update(session_p, pPart, ulPartLen));
2897c478bd9Sstevel@tonic-gate
2907c478bd9Sstevel@tonic-gate default:
2917c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */
2927c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
2937c478bd9Sstevel@tonic-gate }
2947c478bd9Sstevel@tonic-gate }
2957c478bd9Sstevel@tonic-gate
2967c478bd9Sstevel@tonic-gate
2977c478bd9Sstevel@tonic-gate /*
2987c478bd9Sstevel@tonic-gate * soft_sign_final()
2997c478bd9Sstevel@tonic-gate *
3007c478bd9Sstevel@tonic-gate * Arguments:
3017c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
3027c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing
3037c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature
3047c478bd9Sstevel@tonic-gate *
3057c478bd9Sstevel@tonic-gate * Description:
3067c478bd9Sstevel@tonic-gate * called by C_SignFinal(). This function calls the corresponding
3077c478bd9Sstevel@tonic-gate * sign final routine based on the mechanism.
3087c478bd9Sstevel@tonic-gate *
3097c478bd9Sstevel@tonic-gate */
3107c478bd9Sstevel@tonic-gate CK_RV
soft_sign_final(soft_session_t * session_p,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)3117c478bd9Sstevel@tonic-gate soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
3127c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen)
3137c478bd9Sstevel@tonic-gate {
3147c478bd9Sstevel@tonic-gate
3157c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
3167c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK;
3177c478bd9Sstevel@tonic-gate
3187c478bd9Sstevel@tonic-gate switch (mechanism) {
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
3217c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
3227c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
3237c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC:
3247c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
3257c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC:
326f66d273dSizick case CKM_SHA256_HMAC_GENERAL:
327f66d273dSizick case CKM_SHA256_HMAC:
328f66d273dSizick case CKM_SHA384_HMAC_GENERAL:
329f66d273dSizick case CKM_SHA384_HMAC:
330f66d273dSizick case CKM_SHA512_HMAC_GENERAL:
331f66d273dSizick case CKM_SHA512_HMAC:
3327c478bd9Sstevel@tonic-gate {
333f66d273dSizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
3347c478bd9Sstevel@tonic-gate
3357c478bd9Sstevel@tonic-gate if (pSignature != NULL) {
3367c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow */
3377c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL,
3387c478bd9Sstevel@tonic-gate 0, hmac, pulSignatureLen, B_TRUE);
3397c478bd9Sstevel@tonic-gate } else {
3407c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */
3417c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL,
3427c478bd9Sstevel@tonic-gate 0, pSignature, pulSignatureLen, B_TRUE);
3437c478bd9Sstevel@tonic-gate }
3447c478bd9Sstevel@tonic-gate
3457c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
3467c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen);
3477c478bd9Sstevel@tonic-gate
3487c478bd9Sstevel@tonic-gate return (rv);
3497c478bd9Sstevel@tonic-gate }
3507c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
3517c478bd9Sstevel@tonic-gate case CKM_DES_MAC:
3527c478bd9Sstevel@tonic-gate {
3537c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
3547c478bd9Sstevel@tonic-gate
3557c478bd9Sstevel@tonic-gate if (pSignature != NULL) {
3567c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */
3577c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0,
3587c478bd9Sstevel@tonic-gate signature, pulSignatureLen, B_TRUE, B_TRUE);
3597c478bd9Sstevel@tonic-gate } else {
3607c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */
3617c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0,
3627c478bd9Sstevel@tonic-gate NULL, pulSignatureLen, B_TRUE, B_TRUE);
3637c478bd9Sstevel@tonic-gate }
3647c478bd9Sstevel@tonic-gate
3657c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
3667c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen);
3677c478bd9Sstevel@tonic-gate
3687c478bd9Sstevel@tonic-gate return (rv);
3697c478bd9Sstevel@tonic-gate }
3707c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
3717c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
372f66d273dSizick case CKM_SHA256_RSA_PKCS:
373f66d273dSizick case CKM_SHA384_RSA_PKCS:
374f66d273dSizick case CKM_SHA512_RSA_PKCS:
3757c478bd9Sstevel@tonic-gate
3767c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, NULL, 0,
3777c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_TRUE));
3787c478bd9Sstevel@tonic-gate
3797c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1:
3807c478bd9Sstevel@tonic-gate
3817c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, NULL, 0,
3827c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_TRUE));
3837c478bd9Sstevel@tonic-gate
384*f9fbec18Smcpowers case CKM_ECDSA_SHA1:
385*f9fbec18Smcpowers
386*f9fbec18Smcpowers return (soft_ecc_digest_sign_common(session_p, NULL, 0,
387*f9fbec18Smcpowers pSignature, pulSignatureLen, B_TRUE));
388*f9fbec18Smcpowers
3897c478bd9Sstevel@tonic-gate default:
3907c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */
3917c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
3927c478bd9Sstevel@tonic-gate }
3937c478bd9Sstevel@tonic-gate }
3947c478bd9Sstevel@tonic-gate
3957c478bd9Sstevel@tonic-gate
3967c478bd9Sstevel@tonic-gate CK_RV
soft_sign_recover_init(soft_session_t * session_p,CK_MECHANISM_PTR pMechanism,soft_object_t * key_p)3977c478bd9Sstevel@tonic-gate soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
3987c478bd9Sstevel@tonic-gate soft_object_t *key_p)
3997c478bd9Sstevel@tonic-gate {
4007c478bd9Sstevel@tonic-gate
4017c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) {
4027c478bd9Sstevel@tonic-gate
4037c478bd9Sstevel@tonic-gate case CKM_RSA_X_509:
4047c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS:
4057c478bd9Sstevel@tonic-gate
4067c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
4077c478bd9Sstevel@tonic-gate key_p, B_TRUE));
4087c478bd9Sstevel@tonic-gate
4097c478bd9Sstevel@tonic-gate default:
4107c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
4117c478bd9Sstevel@tonic-gate }
4127c478bd9Sstevel@tonic-gate }
4137c478bd9Sstevel@tonic-gate
4147c478bd9Sstevel@tonic-gate
4157c478bd9Sstevel@tonic-gate CK_RV
soft_sign_recover(soft_session_t * session_p,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)4167c478bd9Sstevel@tonic-gate soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData,
4177c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
4187c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen)
4197c478bd9Sstevel@tonic-gate {
4207c478bd9Sstevel@tonic-gate
4217c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
4227c478bd9Sstevel@tonic-gate
4237c478bd9Sstevel@tonic-gate switch (mechanism) {
4247c478bd9Sstevel@tonic-gate
4257c478bd9Sstevel@tonic-gate case CKM_RSA_X_509:
4267c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS:
4277c478bd9Sstevel@tonic-gate
4287c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen,
4297c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism));
4307c478bd9Sstevel@tonic-gate
4317c478bd9Sstevel@tonic-gate default:
4327c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
4337c478bd9Sstevel@tonic-gate }
4347c478bd9Sstevel@tonic-gate }
4357c478bd9Sstevel@tonic-gate
4367c478bd9Sstevel@tonic-gate /*
4377c478bd9Sstevel@tonic-gate * This function frees the allocated active crypto context.
4387c478bd9Sstevel@tonic-gate * It is only called by the first tier of sign/verify routines
4397c478bd9Sstevel@tonic-gate * and the caller of this function may or may not hold the session mutex.
4407c478bd9Sstevel@tonic-gate */
4417c478bd9Sstevel@tonic-gate void
soft_sign_verify_cleanup(soft_session_t * session_p,boolean_t sign,boolean_t lock_held)4427c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign,
4437c478bd9Sstevel@tonic-gate boolean_t lock_held)
4447c478bd9Sstevel@tonic-gate {
4457c478bd9Sstevel@tonic-gate
4467c478bd9Sstevel@tonic-gate crypto_active_op_t *active_op;
4477c478bd9Sstevel@tonic-gate boolean_t lock_true = B_TRUE;
4487c478bd9Sstevel@tonic-gate
4497c478bd9Sstevel@tonic-gate if (!lock_held)
4507c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
4517c478bd9Sstevel@tonic-gate
4527c478bd9Sstevel@tonic-gate active_op = (sign) ? &(session_p->sign) : &(session_p->verify);
4537c478bd9Sstevel@tonic-gate
4547c478bd9Sstevel@tonic-gate switch (active_op->mech.mechanism) {
4557c478bd9Sstevel@tonic-gate
4567c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
4577c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
458f66d273dSizick case CKM_SHA256_RSA_PKCS:
459f66d273dSizick case CKM_SHA384_RSA_PKCS:
460f66d273dSizick case CKM_SHA512_RSA_PKCS:
4614c21f043Sizick if (session_p->digest.context != NULL) {
4624c21f043Sizick free(session_p->digest.context);
4634c21f043Sizick session_p->digest.context = NULL;
4644c21f043Sizick session_p->digest.flags = 0;
4654c21f043Sizick }
4664c21f043Sizick /* FALLTHRU */
4674c21f043Sizick
4684c21f043Sizick case CKM_RSA_PKCS:
4694c21f043Sizick case CKM_RSA_X_509:
4704c21f043Sizick {
4714c21f043Sizick soft_rsa_ctx_t *rsa_ctx =
4724c21f043Sizick (soft_rsa_ctx_t *)active_op->context;
4734c21f043Sizick
4744c21f043Sizick if (rsa_ctx != NULL && rsa_ctx->key != NULL) {
4754c21f043Sizick soft_cleanup_object(rsa_ctx->key);
4764c21f043Sizick free(rsa_ctx->key);
4774c21f043Sizick }
4784c21f043Sizick break;
4794c21f043Sizick
4804c21f043Sizick }
4817c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1:
4827c478bd9Sstevel@tonic-gate if (session_p->digest.context != NULL) {
4837c478bd9Sstevel@tonic-gate free(session_p->digest.context);
4847c478bd9Sstevel@tonic-gate session_p->digest.context = NULL;
4857c478bd9Sstevel@tonic-gate session_p->digest.flags = 0;
4867c478bd9Sstevel@tonic-gate }
4877c478bd9Sstevel@tonic-gate
4884c21f043Sizick /* FALLTHRU */
4897c478bd9Sstevel@tonic-gate case CKM_DSA:
4904c21f043Sizick {
4914c21f043Sizick soft_dsa_ctx_t *dsa_ctx =
4924c21f043Sizick (soft_dsa_ctx_t *)active_op->context;
4934c21f043Sizick
4944c21f043Sizick if (dsa_ctx != NULL && dsa_ctx->key != NULL) {
4954c21f043Sizick soft_cleanup_object(dsa_ctx->key);
4964c21f043Sizick free(dsa_ctx->key);
4974c21f043Sizick }
4987c478bd9Sstevel@tonic-gate break;
4997c478bd9Sstevel@tonic-gate
5004c21f043Sizick }
5017c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
5027c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
5037c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
5047c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC:
5057c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
5067c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC:
507f66d273dSizick case CKM_SHA256_HMAC_GENERAL:
508f66d273dSizick case CKM_SHA256_HMAC:
509f66d273dSizick case CKM_SHA384_HMAC_GENERAL:
510f66d273dSizick case CKM_SHA384_HMAC:
511f66d273dSizick case CKM_SHA512_HMAC_GENERAL:
512f66d273dSizick case CKM_SHA512_HMAC:
5137c478bd9Sstevel@tonic-gate if (active_op->context != NULL)
5147c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_hmac_ctx_t));
5157c478bd9Sstevel@tonic-gate break;
5167c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
5177c478bd9Sstevel@tonic-gate case CKM_DES_MAC:
5187c478bd9Sstevel@tonic-gate if (session_p->encrypt.context != NULL) {
5197c478bd9Sstevel@tonic-gate free(session_p->encrypt.context);
5207c478bd9Sstevel@tonic-gate session_p->encrypt.context = NULL;
5217c478bd9Sstevel@tonic-gate session_p->encrypt.flags = 0;
5227c478bd9Sstevel@tonic-gate }
5237c478bd9Sstevel@tonic-gate if (active_op->context != NULL)
5247c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_des_ctx_t));
5257c478bd9Sstevel@tonic-gate break;
5267c478bd9Sstevel@tonic-gate
5277c478bd9Sstevel@tonic-gate }
5287c478bd9Sstevel@tonic-gate
5297c478bd9Sstevel@tonic-gate if (active_op->context != NULL) {
5307c478bd9Sstevel@tonic-gate free(active_op->context);
5317c478bd9Sstevel@tonic-gate active_op->context = NULL;
5327c478bd9Sstevel@tonic-gate }
5337c478bd9Sstevel@tonic-gate
5347c478bd9Sstevel@tonic-gate active_op->flags = 0;
5357c478bd9Sstevel@tonic-gate
5367c478bd9Sstevel@tonic-gate if (!lock_held)
5377c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_true);
5387c478bd9Sstevel@tonic-gate }
539