1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/errno.h> 27 #include <sys/types.h> 28 #include <sys/kmem.h> 29 #include <sys/sysmacros.h> 30 #include <sys/crypto/common.h> 31 #include <sys/crypto/impl.h> 32 #include <sys/crypto/api.h> 33 #include <sys/crypto/spi.h> 34 #include <sys/crypto/sched_impl.h> 35 36 #define CRYPTO_OPS_OFFSET(f) offsetof(crypto_ops_t, co_##f) 37 #define CRYPTO_VERIFY_OFFSET(f) offsetof(crypto_verify_ops_t, f) 38 39 /* 40 * Verify entry points. 41 */ 42 43 /* 44 * See comments for crypto_digest_init_prov(). 45 */ 46 int 47 crypto_verify_init_prov(crypto_provider_t provider, crypto_session_id_t sid, 48 crypto_mechanism_t *mech, crypto_key_t *key, crypto_ctx_template_t tmpl, 49 crypto_context_t *ctxp, crypto_call_req_t *crq) 50 { 51 int rv; 52 crypto_ctx_t *ctx; 53 kcf_req_params_t params; 54 kcf_provider_desc_t *pd = provider; 55 kcf_provider_desc_t *real_provider = pd; 56 57 ASSERT(KCF_PROV_REFHELD(pd)); 58 59 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 60 rv = kcf_get_hardware_provider(mech->cm_type, key, 61 CRYPTO_MECH_INVALID, NULL, CHECK_RESTRICT(crq), pd, 62 &real_provider, CRYPTO_FG_VERIFY); 63 64 if (rv != CRYPTO_SUCCESS) 65 return (rv); 66 } 67 68 /* Allocate and initialize the canonical context */ 69 if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) { 70 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 71 KCF_PROV_REFRELE(real_provider); 72 return (CRYPTO_HOST_MEMORY); 73 } 74 75 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_INIT, sid, mech, 76 key, NULL, NULL, tmpl); 77 rv = kcf_submit_request(real_provider, ctx, crq, ¶ms, B_FALSE); 78 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 79 KCF_PROV_REFRELE(real_provider); 80 81 if ((rv == CRYPTO_SUCCESS) || (rv == CRYPTO_QUEUED)) 82 *ctxp = (crypto_context_t)ctx; 83 else { 84 /* Release the hold done in kcf_new_ctx(). */ 85 KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private); 86 } 87 88 return (rv); 89 } 90 91 92 int 93 crypto_verify_init(crypto_mechanism_t *mech, crypto_key_t *key, 94 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *crq) 95 { 96 int error; 97 kcf_mech_entry_t *me; 98 kcf_provider_desc_t *pd; 99 kcf_prov_tried_t *list = NULL; 100 kcf_ctx_template_t *ctx_tmpl; 101 crypto_spi_ctx_template_t spi_ctx_tmpl = NULL; 102 103 retry: 104 /* The pd is returned held */ 105 if ((pd = kcf_get_mech_provider(mech->cm_type, key, &me, &error, 106 list, CRYPTO_FG_VERIFY, CHECK_RESTRICT(crq), 0)) == NULL) { 107 if (list != NULL) 108 kcf_free_triedlist(list); 109 return (error); 110 } 111 112 /* 113 * For SW providers, check the validity of the context template 114 * It is very rare that the generation number mis-matches, so 115 * it is acceptable to fail here, and let the consumer recover by 116 * freeing this tmpl and create a new one for the key and new SW 117 * provider. 118 */ 119 if ((pd->pd_prov_type == CRYPTO_SW_PROVIDER) && 120 ((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) { 121 if (ctx_tmpl->ct_generation != me->me_gen_swprov) { 122 if (list != NULL) 123 kcf_free_triedlist(list); 124 KCF_PROV_REFRELE(pd); 125 return (CRYPTO_OLD_CTX_TEMPLATE); 126 } else { 127 spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl; 128 } 129 } 130 131 error = crypto_verify_init_prov(pd, pd->pd_sid, mech, key, spi_ctx_tmpl, 132 ctxp, crq); 133 134 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED && 135 IS_RECOVERABLE(error)) { 136 /* Add pd to the linked list of providers tried. */ 137 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL) 138 goto retry; 139 } 140 141 if (list != NULL) 142 kcf_free_triedlist(list); 143 KCF_PROV_REFRELE(pd); 144 return (error); 145 } 146 147 int 148 crypto_verify_single(crypto_context_t context, crypto_data_t *data, 149 crypto_data_t *signature, crypto_call_req_t *cr) 150 { 151 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 152 kcf_context_t *kcf_ctx; 153 kcf_provider_desc_t *pd; 154 int error; 155 kcf_req_params_t params; 156 157 if ((ctx == NULL) || 158 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 159 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 160 return (CRYPTO_INVALID_CONTEXT); 161 } 162 163 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_SINGLE, 0, NULL, 164 NULL, data, signature, NULL); 165 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 166 167 /* Release the hold done in kcf_new_ctx() during init step. */ 168 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx); 169 return (error); 170 } 171 172 /* 173 * See comments for crypto_digest_update(). 174 */ 175 int 176 crypto_verify_update(crypto_context_t context, crypto_data_t *data, 177 crypto_call_req_t *cr) 178 179 { 180 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 181 kcf_context_t *kcf_ctx; 182 kcf_provider_desc_t *pd; 183 kcf_req_params_t params; 184 int rv; 185 186 if ((ctx == NULL) || 187 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 188 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 189 return (CRYPTO_INVALID_CONTEXT); 190 } 191 192 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 193 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_UPDATE, ctx->cc_session, 194 NULL, NULL, data, NULL, NULL); 195 rv = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 196 197 return (rv); 198 } 199 200 /* 201 * See comments for crypto_digest_final(). 202 */ 203 int 204 crypto_verify_final(crypto_context_t context, crypto_data_t *signature, 205 crypto_call_req_t *cr) 206 { 207 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 208 kcf_context_t *kcf_ctx; 209 kcf_provider_desc_t *pd; 210 kcf_req_params_t params; 211 int rv; 212 213 if ((ctx == NULL) || 214 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 215 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 216 return (CRYPTO_INVALID_CONTEXT); 217 } 218 219 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 220 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_FINAL, ctx->cc_session, 221 NULL, NULL, NULL, signature, NULL); 222 rv = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 223 224 /* Release the hold done in kcf_new_ctx() during init step. */ 225 KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx); 226 return (rv); 227 } 228 229 int 230 crypto_verify_prov(crypto_provider_t provider, crypto_session_id_t sid, 231 crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *data, 232 crypto_ctx_template_t tmpl, crypto_data_t *signature, 233 crypto_call_req_t *crq) 234 { 235 kcf_req_params_t params; 236 kcf_provider_desc_t *pd = provider; 237 kcf_provider_desc_t *real_provider = pd; 238 int rv; 239 240 ASSERT(KCF_PROV_REFHELD(pd)); 241 242 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 243 rv = kcf_get_hardware_provider(mech->cm_type, key, 244 CRYPTO_MECH_INVALID, NULL, CHECK_RESTRICT(crq), 245 pd, &real_provider, CRYPTO_FG_VERIFY_ATOMIC); 246 247 if (rv != CRYPTO_SUCCESS) 248 return (rv); 249 } 250 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_ATOMIC, sid, mech, 251 key, data, signature, tmpl); 252 rv = kcf_submit_request(real_provider, NULL, crq, ¶ms, B_FALSE); 253 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 254 KCF_PROV_REFRELE(real_provider); 255 256 return (rv); 257 } 258 259 static int 260 verify_vr_atomic_common(crypto_mechanism_t *mech, crypto_key_t *key, 261 crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature, 262 crypto_call_req_t *crq, crypto_func_group_t fg) 263 { 264 int error; 265 kcf_mech_entry_t *me; 266 kcf_provider_desc_t *pd; 267 kcf_req_params_t params; 268 kcf_prov_tried_t *list = NULL; 269 kcf_ctx_template_t *ctx_tmpl; 270 crypto_spi_ctx_template_t spi_ctx_tmpl = NULL; 271 272 retry: 273 /* The pd is returned held */ 274 if ((pd = kcf_get_mech_provider(mech->cm_type, key, &me, &error, 275 list, fg, CHECK_RESTRICT(crq), data->cd_length)) == NULL) { 276 if (list != NULL) 277 kcf_free_triedlist(list); 278 return (error); 279 } 280 281 /* 282 * For SW providers, check the validity of the context template 283 * It is very rare that the generation number mis-matches, so 284 * it is acceptable to fail here, and let the consumer recover by 285 * freeing this tmpl and create a new one for the key and new SW 286 * provider. 287 */ 288 if ((pd->pd_prov_type == CRYPTO_SW_PROVIDER) && 289 ((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) { 290 if (ctx_tmpl->ct_generation != me->me_gen_swprov) { 291 if (list != NULL) 292 kcf_free_triedlist(list); 293 KCF_PROV_REFRELE(pd); 294 return (CRYPTO_OLD_CTX_TEMPLATE); 295 } else { 296 spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl; 297 } 298 } 299 300 /* The fast path for SW providers. */ 301 if (CHECK_FASTPATH(crq, pd)) { 302 crypto_mechanism_t lmech; 303 304 lmech = *mech; 305 KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech); 306 if (fg == CRYPTO_FG_VERIFY_ATOMIC) 307 error = KCF_PROV_VERIFY_ATOMIC(pd, pd->pd_sid, &lmech, 308 key, data, spi_ctx_tmpl, signature, 309 KCF_SWFP_RHNDL(crq)); 310 else 311 /* Note: The argument order is different from above */ 312 error = KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, pd->pd_sid, 313 &lmech, key, signature, spi_ctx_tmpl, data, 314 KCF_SWFP_RHNDL(crq)); 315 KCF_PROV_INCRSTATS(pd, error); 316 } else { 317 kcf_op_type_t op = ((fg == CRYPTO_FG_VERIFY_ATOMIC) ? 318 KCF_OP_ATOMIC : KCF_OP_VERIFY_RECOVER_ATOMIC); 319 320 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, op, pd->pd_sid, 321 mech, key, data, signature, spi_ctx_tmpl); 322 323 /* no crypto context to carry between multiple parts. */ 324 error = kcf_submit_request(pd, NULL, crq, ¶ms, B_FALSE); 325 } 326 327 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED && 328 IS_RECOVERABLE(error)) { 329 /* Add pd to the linked list of providers tried. */ 330 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL) 331 goto retry; 332 } 333 334 if (list != NULL) 335 kcf_free_triedlist(list); 336 337 KCF_PROV_REFRELE(pd); 338 return (error); 339 } 340 341 int 342 crypto_verify(crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *data, 343 crypto_ctx_template_t tmpl, crypto_data_t *signature, 344 crypto_call_req_t *crq) 345 { 346 return (verify_vr_atomic_common(mech, key, data, tmpl, signature, crq, 347 CRYPTO_FG_VERIFY_ATOMIC)); 348 } 349 350 int 351 crypto_verify_recover_prov(crypto_provider_t provider, crypto_session_id_t sid, 352 crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *signature, 353 crypto_ctx_template_t tmpl, crypto_data_t *data, crypto_call_req_t *crq) 354 { 355 kcf_req_params_t params; 356 kcf_provider_desc_t *pd = provider; 357 kcf_provider_desc_t *real_provider = pd; 358 int rv; 359 360 ASSERT(KCF_PROV_REFHELD(pd)); 361 362 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 363 rv = kcf_get_hardware_provider(mech->cm_type, key, 364 CRYPTO_MECH_INVALID, NULL, CHECK_RESTRICT(crq), pd, 365 &real_provider, CRYPTO_FG_VERIFY_RECOVER_ATOMIC); 366 367 if (rv != CRYPTO_SUCCESS) 368 return (rv); 369 } 370 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_VERIFY_RECOVER_ATOMIC, 371 sid, mech, key, data, signature, tmpl); 372 rv = kcf_submit_request(real_provider, NULL, crq, ¶ms, B_FALSE); 373 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 374 KCF_PROV_REFRELE(real_provider); 375 376 return (rv); 377 } 378 379 int 380 crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key, 381 crypto_data_t *signature, crypto_ctx_template_t tmpl, crypto_data_t *data, 382 crypto_call_req_t *crq) 383 { 384 return (verify_vr_atomic_common(mech, key, data, tmpl, signature, crq, 385 CRYPTO_FG_VERIFY_RECOVER_ATOMIC)); 386 } 387 388 int 389 crypto_verify_recover_init_prov(crypto_provider_t provider, 390 crypto_session_id_t sid, crypto_mechanism_t *mech, crypto_key_t *key, 391 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *crq) 392 { 393 int rv; 394 crypto_ctx_t *ctx; 395 kcf_req_params_t params; 396 kcf_provider_desc_t *pd = provider; 397 kcf_provider_desc_t *real_provider = pd; 398 399 ASSERT(KCF_PROV_REFHELD(pd)); 400 401 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 402 rv = kcf_get_hardware_provider(mech->cm_type, key, 403 CRYPTO_MECH_INVALID, NULL, CHECK_RESTRICT(crq), pd, 404 &real_provider, CRYPTO_FG_VERIFY_RECOVER); 405 406 if (rv != CRYPTO_SUCCESS) 407 return (rv); 408 } 409 410 /* Allocate and initialize the canonical context */ 411 if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) { 412 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 413 KCF_PROV_REFRELE(real_provider); 414 return (CRYPTO_HOST_MEMORY); 415 } 416 417 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_VERIFY_RECOVER_INIT, 418 sid, mech, key, NULL, NULL, tmpl); 419 rv = kcf_submit_request(real_provider, ctx, crq, ¶ms, B_FALSE); 420 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 421 KCF_PROV_REFRELE(real_provider); 422 423 if ((rv == CRYPTO_SUCCESS) || (rv == CRYPTO_QUEUED)) 424 *ctxp = (crypto_context_t)ctx; 425 else { 426 /* Release the hold done in kcf_new_ctx(). */ 427 KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private); 428 } 429 430 return (rv); 431 } 432 433 int 434 crypto_verify_recover_single(crypto_context_t context, crypto_data_t *signature, 435 crypto_data_t *data, crypto_call_req_t *cr) 436 { 437 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 438 kcf_context_t *kcf_ctx; 439 kcf_provider_desc_t *pd; 440 int error; 441 kcf_req_params_t params; 442 443 if ((ctx == NULL) || 444 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 445 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 446 return (CRYPTO_INVALID_CONTEXT); 447 } 448 449 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_VERIFY_RECOVER, 0, NULL, 450 NULL, data, signature, NULL); 451 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 452 453 /* Release the hold done in kcf_new_ctx() during init step. */ 454 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx); 455 return (error); 456 } 457