1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <stdlib.h> 29 #include <string.h> 30 #include <strings.h> 31 #include <sys/types.h> 32 #include <security/cryptoki.h> 33 #include "softObject.h" 34 #include "softOps.h" 35 #include "softSession.h" 36 #include "softMAC.h" 37 #include "softRSA.h" 38 #include "softDSA.h" 39 #include "softEC.h" 40 #include "softCrypt.h" 41 42 /* 43 * soft_verify_init() 44 * 45 * Arguments: 46 * session_p: pointer to soft_session_t struct 47 * pMechanism: pointer to CK_MECHANISM struct provided by application 48 * key_p: pointer to key soft_object_t struct 49 * 50 * Description: 51 * called by C_VerifyInit(). This function calls the corresponding 52 * verify init routine based on the mechanism. 53 * 54 */ 55 CK_RV 56 soft_verify_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 57 soft_object_t *key_p) 58 { 59 60 switch (pMechanism->mechanism) { 61 62 case CKM_SSL3_MD5_MAC: 63 case CKM_SSL3_SHA1_MAC: 64 case CKM_MD5_HMAC_GENERAL: 65 case CKM_MD5_HMAC: 66 case CKM_SHA_1_HMAC_GENERAL: 67 case CKM_SHA_1_HMAC: 68 case CKM_SHA256_HMAC_GENERAL: 69 case CKM_SHA256_HMAC: 70 case CKM_SHA384_HMAC_GENERAL: 71 case CKM_SHA384_HMAC: 72 case CKM_SHA512_HMAC_GENERAL: 73 case CKM_SHA512_HMAC: 74 75 return (soft_hmac_sign_verify_init_common(session_p, 76 pMechanism, key_p, B_FALSE)); 77 78 case CKM_RSA_X_509: 79 case CKM_RSA_PKCS: 80 case CKM_MD5_RSA_PKCS: 81 case CKM_SHA1_RSA_PKCS: 82 case CKM_SHA256_RSA_PKCS: 83 case CKM_SHA384_RSA_PKCS: 84 case CKM_SHA512_RSA_PKCS: 85 86 return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 87 key_p, B_FALSE)); 88 89 case CKM_DSA: 90 case CKM_DSA_SHA1: 91 92 return (soft_dsa_sign_verify_init_common(session_p, pMechanism, 93 key_p, B_FALSE)); 94 95 case CKM_ECDSA: 96 case CKM_ECDSA_SHA1: 97 98 return (soft_ecc_sign_verify_init_common(session_p, pMechanism, 99 key_p, B_FALSE)); 100 101 case CKM_DES_MAC_GENERAL: 102 case CKM_DES_MAC: 103 104 return (soft_des_sign_verify_init_common(session_p, pMechanism, 105 key_p, B_FALSE)); 106 107 default: 108 return (CKR_MECHANISM_INVALID); 109 } 110 111 } 112 113 114 /* 115 * soft_verify() 116 * 117 * Arguments: 118 * session_p: pointer to soft_session_t struct 119 * pData: pointer to the input data 120 * ulDataLen: length of the input data 121 * pSignature: pointer to the signature 122 * ulSignatureLen: length of the signature 123 * 124 * Description: 125 * called by C_Verify(). This function calls the corresponding 126 * verify routine based on the mechanism. 127 * 128 */ 129 CK_RV 130 soft_verify(soft_session_t *session_p, CK_BYTE_PTR pData, 131 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 132 CK_ULONG ulSignatureLen) 133 { 134 135 CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism; 136 CK_RV rv = CKR_OK; 137 138 switch (mechanism) { 139 140 case CKM_SSL3_MD5_MAC: 141 case CKM_SSL3_SHA1_MAC: 142 case CKM_MD5_HMAC_GENERAL: 143 case CKM_MD5_HMAC: 144 case CKM_SHA_1_HMAC_GENERAL: 145 case CKM_SHA_1_HMAC: 146 case CKM_SHA256_HMAC_GENERAL: 147 case CKM_SHA256_HMAC: 148 case CKM_SHA384_HMAC_GENERAL: 149 case CKM_SHA384_HMAC: 150 case CKM_SHA512_HMAC_GENERAL: 151 case CKM_SHA512_HMAC: 152 { 153 CK_ULONG len; 154 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 155 soft_hmac_ctx_t *hmac_ctx; 156 157 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context; 158 len = hmac_ctx->hmac_len; 159 160 rv = soft_hmac_sign_verify_common(session_p, pData, 161 ulDataLen, hmac, &len, B_FALSE); 162 163 if (rv == CKR_OK) { 164 if (len != ulSignatureLen) { 165 rv = CKR_SIGNATURE_LEN_RANGE; 166 } 167 168 if (memcmp(hmac, pSignature, len) != 0) { 169 rv = CKR_SIGNATURE_INVALID; 170 } 171 } 172 173 return (rv); 174 } 175 case CKM_DES_MAC_GENERAL: 176 case CKM_DES_MAC: 177 { 178 CK_ULONG len; 179 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 180 soft_des_ctx_t *des_ctx; 181 182 des_ctx = (soft_des_ctx_t *)session_p->verify.context; 183 len = des_ctx->mac_len; 184 185 /* Pass local buffer to avoid overflow. */ 186 rv = soft_des_sign_verify_common(session_p, pData, 187 ulDataLen, signature, &len, B_FALSE, B_FALSE); 188 189 if (rv == CKR_OK) { 190 if (len != ulSignatureLen) { 191 rv = CKR_SIGNATURE_LEN_RANGE; 192 } 193 194 if (memcmp(signature, pSignature, len) != 0) { 195 rv = CKR_SIGNATURE_INVALID; 196 } 197 } 198 199 return (rv); 200 } 201 case CKM_RSA_X_509: 202 case CKM_RSA_PKCS: 203 204 return (soft_rsa_verify_common(session_p, pData, ulDataLen, 205 pSignature, ulSignatureLen, mechanism)); 206 207 case CKM_MD5_RSA_PKCS: 208 case CKM_SHA1_RSA_PKCS: 209 case CKM_SHA256_RSA_PKCS: 210 case CKM_SHA384_RSA_PKCS: 211 case CKM_SHA512_RSA_PKCS: 212 213 return (soft_rsa_digest_verify_common(session_p, pData, 214 ulDataLen, pSignature, ulSignatureLen, mechanism, B_FALSE)); 215 216 case CKM_DSA: 217 218 return (soft_dsa_verify(session_p, pData, ulDataLen, 219 pSignature, ulSignatureLen)); 220 221 case CKM_DSA_SHA1: 222 223 return (soft_dsa_digest_verify_common(session_p, pData, 224 ulDataLen, pSignature, ulSignatureLen, B_FALSE)); 225 226 case CKM_ECDSA: 227 228 return (soft_ecc_verify(session_p, pData, ulDataLen, 229 pSignature, ulSignatureLen)); 230 231 case CKM_ECDSA_SHA1: 232 233 return (soft_ecc_digest_verify_common(session_p, pData, 234 ulDataLen, pSignature, ulSignatureLen, B_FALSE)); 235 236 default: 237 return (CKR_MECHANISM_INVALID); 238 } 239 } 240 241 242 /* 243 * soft_verify_update() 244 * 245 * Arguments: 246 * session_p: pointer to soft_session_t struct 247 * pPart: pointer to the input data 248 * ulPartLen: length of the input data 249 * 250 * Description: 251 * called by C_VerifyUpdate(). This function calls the corresponding 252 * verify update routine based on the mechanism. 253 * 254 */ 255 CK_RV 256 soft_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart, 257 CK_ULONG ulPartLen) 258 { 259 CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism; 260 261 switch (mechanism) { 262 263 case CKM_SSL3_MD5_MAC: 264 case CKM_SSL3_SHA1_MAC: 265 case CKM_MD5_HMAC_GENERAL: 266 case CKM_MD5_HMAC: 267 case CKM_SHA_1_HMAC_GENERAL: 268 case CKM_SHA_1_HMAC: 269 case CKM_SHA256_HMAC_GENERAL: 270 case CKM_SHA256_HMAC: 271 case CKM_SHA384_HMAC_GENERAL: 272 case CKM_SHA384_HMAC: 273 case CKM_SHA512_HMAC_GENERAL: 274 case CKM_SHA512_HMAC: 275 276 return (soft_hmac_sign_verify_update(session_p, pPart, 277 ulPartLen, B_FALSE)); 278 279 case CKM_DES_MAC_GENERAL: 280 case CKM_DES_MAC: 281 282 return (soft_des_mac_sign_verify_update(session_p, pPart, 283 ulPartLen)); 284 285 case CKM_MD5_RSA_PKCS: 286 case CKM_SHA1_RSA_PKCS: 287 case CKM_SHA256_RSA_PKCS: 288 case CKM_SHA384_RSA_PKCS: 289 case CKM_SHA512_RSA_PKCS: 290 /* 291 * The MD5/SHA1 digest value is accumulated in the context 292 * of the multiple-part digesting operation. In the final 293 * operation, the digest is encoded and then perform RSA 294 * verification. 295 */ 296 case CKM_DSA_SHA1: 297 case CKM_ECDSA_SHA1: 298 299 return (soft_digest_update(session_p, pPart, ulPartLen)); 300 301 default: 302 /* PKCS11: The mechanism only supports single-part operation. */ 303 return (CKR_MECHANISM_INVALID); 304 } 305 } 306 307 308 /* 309 * soft_verify_final() 310 * 311 * Arguments: 312 * session_p: pointer to soft_session_t struct 313 * pSignature: pointer to the signature 314 * ulSignatureLen: length of the signature 315 * 316 * Description: 317 * called by C_VerifyFinal(). This function calls the corresponding 318 * verify final routine based on the mechanism. 319 * 320 */ 321 CK_RV 322 soft_verify_final(soft_session_t *session_p, CK_BYTE_PTR pSignature, 323 CK_ULONG ulSignatureLen) 324 { 325 326 CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism; 327 CK_RV rv = CKR_OK; 328 329 switch (mechanism) { 330 331 case CKM_SSL3_MD5_MAC: 332 case CKM_SSL3_SHA1_MAC: 333 case CKM_MD5_HMAC_GENERAL: 334 case CKM_MD5_HMAC: 335 case CKM_SHA_1_HMAC_GENERAL: 336 case CKM_SHA_1_HMAC: 337 case CKM_SHA256_HMAC_GENERAL: 338 case CKM_SHA256_HMAC: 339 case CKM_SHA384_HMAC_GENERAL: 340 case CKM_SHA384_HMAC: 341 case CKM_SHA512_HMAC_GENERAL: 342 case CKM_SHA512_HMAC: 343 { 344 CK_ULONG len; 345 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; 346 soft_hmac_ctx_t *hmac_ctx; 347 348 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context; 349 len = hmac_ctx->hmac_len; 350 351 rv = soft_hmac_sign_verify_common(session_p, NULL, 0, 352 hmac, &len, B_FALSE); 353 354 if (rv == CKR_OK) { 355 if (len != ulSignatureLen) { 356 rv = CKR_SIGNATURE_LEN_RANGE; 357 } 358 359 if (memcmp(hmac, pSignature, len) != 0) { 360 rv = CKR_SIGNATURE_INVALID; 361 } 362 } 363 364 return (rv); 365 } 366 case CKM_DES_MAC_GENERAL: 367 case CKM_DES_MAC: 368 { 369 CK_ULONG len; 370 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 371 soft_des_ctx_t *des_ctx; 372 373 des_ctx = (soft_des_ctx_t *)session_p->verify.context; 374 len = des_ctx->mac_len; 375 376 /* Pass local buffer to avoid overflow. */ 377 rv = soft_des_sign_verify_common(session_p, NULL, 0, 378 signature, &len, B_FALSE, B_TRUE); 379 380 if (rv == CKR_OK) { 381 if (len != ulSignatureLen) { 382 rv = CKR_SIGNATURE_LEN_RANGE; 383 } 384 385 if (memcmp(signature, pSignature, len) != 0) { 386 rv = CKR_SIGNATURE_INVALID; 387 } 388 } 389 390 return (rv); 391 } 392 case CKM_MD5_RSA_PKCS: 393 case CKM_SHA1_RSA_PKCS: 394 case CKM_SHA256_RSA_PKCS: 395 case CKM_SHA384_RSA_PKCS: 396 case CKM_SHA512_RSA_PKCS: 397 398 return (soft_rsa_digest_verify_common(session_p, NULL, 0, 399 pSignature, ulSignatureLen, mechanism, B_TRUE)); 400 401 case CKM_DSA_SHA1: 402 403 return (soft_dsa_digest_verify_common(session_p, NULL, 0, 404 pSignature, ulSignatureLen, B_TRUE)); 405 406 case CKM_ECDSA_SHA1: 407 408 return (soft_ecc_digest_verify_common(session_p, NULL, 0, 409 pSignature, ulSignatureLen, B_TRUE)); 410 411 default: 412 /* PKCS11: The mechanism only supports single-part operation. */ 413 return (CKR_MECHANISM_INVALID); 414 415 } 416 } 417 418 419 CK_RV 420 soft_verify_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 421 soft_object_t *key_p) 422 { 423 424 switch (pMechanism->mechanism) { 425 426 case CKM_RSA_X_509: 427 case CKM_RSA_PKCS: 428 429 return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 430 key_p, B_FALSE)); 431 432 default: 433 return (CKR_MECHANISM_INVALID); 434 } 435 } 436 437 438 CK_RV 439 soft_verify_recover(soft_session_t *session_p, CK_BYTE_PTR pSignature, 440 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) 441 { 442 443 CK_MECHANISM_TYPE mechanism = session_p->verify.mech.mechanism; 444 445 switch (mechanism) { 446 447 case CKM_RSA_X_509: 448 case CKM_RSA_PKCS: 449 450 return (soft_rsa_verify_recover(session_p, pSignature, 451 ulSignatureLen, pData, pulDataLen)); 452 453 default: 454 return (CKR_MECHANISM_INVALID); 455 } 456 } 457