1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/errno.h> 30 #include <sys/types.h> 31 #include <sys/kmem.h> 32 #include <sys/sysmacros.h> 33 #include <sys/crypto/common.h> 34 #include <sys/crypto/impl.h> 35 #include <sys/crypto/api.h> 36 #include <sys/crypto/spi.h> 37 #include <sys/crypto/sched_impl.h> 38 39 #define CRYPTO_OPS_OFFSET(f) offsetof(crypto_ops_t, co_##f) 40 #define CRYPTO_VERIFY_OFFSET(f) offsetof(crypto_verify_ops_t, f) 41 42 /* 43 * Verify entry points. 44 */ 45 46 /* 47 * See comments for crypto_digest_init_prov(). 48 */ 49 int 50 crypto_verify_init_prov(crypto_provider_t provider, crypto_session_id_t sid, 51 crypto_mechanism_t *mech, crypto_key_t *key, crypto_ctx_template_t tmpl, 52 crypto_context_t *ctxp, crypto_call_req_t *crq) 53 { 54 int rv; 55 crypto_ctx_t *ctx; 56 kcf_req_params_t params; 57 kcf_provider_desc_t *pd = provider; 58 kcf_provider_desc_t *real_provider = pd; 59 60 ASSERT(KCF_PROV_REFHELD(pd)); 61 62 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 63 rv = kcf_get_hardware_provider(mech->cm_type, 64 CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops), 65 CRYPTO_VERIFY_OFFSET(verify_init), 66 CHECK_RESTRICT(crq), pd, &real_provider); 67 68 if (rv != CRYPTO_SUCCESS) 69 return (rv); 70 } 71 72 /* Allocate and initialize the canonical context */ 73 if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) { 74 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 75 KCF_PROV_REFRELE(real_provider); 76 return (CRYPTO_HOST_MEMORY); 77 } 78 79 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_INIT, sid, mech, 80 key, NULL, NULL, tmpl); 81 rv = kcf_submit_request(real_provider, ctx, crq, ¶ms, B_FALSE); 82 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 83 KCF_PROV_REFRELE(real_provider); 84 85 if ((rv == CRYPTO_SUCCESS) || (rv == CRYPTO_QUEUED)) 86 *ctxp = (crypto_context_t)ctx; 87 else { 88 /* Release the hold done in kcf_new_ctx(). */ 89 KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private); 90 } 91 92 return (rv); 93 } 94 95 96 int 97 crypto_verify_init(crypto_mechanism_t *mech, crypto_key_t *key, 98 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *crq) 99 { 100 int error; 101 kcf_mech_entry_t *me; 102 kcf_provider_desc_t *pd; 103 kcf_prov_tried_t *list = NULL; 104 kcf_ctx_template_t *ctx_tmpl; 105 crypto_spi_ctx_template_t spi_ctx_tmpl = NULL; 106 107 retry: 108 /* The pd is returned held */ 109 if ((pd = kcf_get_mech_provider(mech->cm_type, &me, &error, 110 list, CRYPTO_FG_VERIFY, CHECK_RESTRICT(crq), 0)) == NULL) { 111 if (list != NULL) 112 kcf_free_triedlist(list); 113 return (error); 114 } 115 116 /* 117 * For SW providers, check the validity of the context template 118 * It is very rare that the generation number mis-matches, so 119 * it is acceptable to fail here, and let the consumer recover by 120 * freeing this tmpl and create a new one for the key and new SW 121 * provider. 122 */ 123 if ((pd->pd_prov_type == CRYPTO_SW_PROVIDER) && 124 ((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) { 125 if (ctx_tmpl->ct_generation != me->me_gen_swprov) { 126 if (list != NULL) 127 kcf_free_triedlist(list); 128 KCF_PROV_REFRELE(pd); 129 return (CRYPTO_OLD_CTX_TEMPLATE); 130 } else { 131 spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl; 132 } 133 } 134 135 error = crypto_verify_init_prov(pd, pd->pd_sid, mech, key, spi_ctx_tmpl, 136 ctxp, crq); 137 138 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED && 139 IS_RECOVERABLE(error)) { 140 /* Add pd to the linked list of providers tried. */ 141 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL) 142 goto retry; 143 } 144 145 if (list != NULL) 146 kcf_free_triedlist(list); 147 KCF_PROV_REFRELE(pd); 148 return (error); 149 } 150 151 int 152 crypto_verify_single(crypto_context_t context, crypto_data_t *data, 153 crypto_data_t *signature, crypto_call_req_t *cr) 154 { 155 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 156 kcf_context_t *kcf_ctx; 157 kcf_provider_desc_t *pd; 158 int error; 159 kcf_req_params_t params; 160 161 if ((ctx == NULL) || 162 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 163 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 164 return (CRYPTO_INVALID_CONTEXT); 165 } 166 167 KCF_PROV_REFHOLD(pd); 168 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_SINGLE, 0, NULL, 169 NULL, data, signature, NULL); 170 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 171 KCF_PROV_REFRELE(pd); 172 173 /* Release the hold done in kcf_new_ctx() during init step. */ 174 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx); 175 return (error); 176 } 177 178 /* 179 * See comments for crypto_digest_update(). 180 */ 181 int 182 crypto_verify_update(crypto_context_t context, crypto_data_t *data, 183 crypto_call_req_t *cr) 184 185 { 186 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 187 kcf_context_t *kcf_ctx; 188 kcf_provider_desc_t *pd; 189 kcf_req_params_t params; 190 int rv; 191 192 if ((ctx == NULL) || 193 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 194 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 195 return (CRYPTO_INVALID_CONTEXT); 196 } 197 198 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 199 KCF_PROV_REFHOLD(pd); 200 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_UPDATE, ctx->cc_session, 201 NULL, NULL, data, NULL, NULL); 202 rv = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 203 KCF_PROV_REFRELE(pd); 204 205 return (rv); 206 } 207 208 /* 209 * See comments for crypto_digest_final(). 210 */ 211 int 212 crypto_verify_final(crypto_context_t context, crypto_data_t *signature, 213 crypto_call_req_t *cr) 214 { 215 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 216 kcf_context_t *kcf_ctx; 217 kcf_provider_desc_t *pd; 218 kcf_req_params_t params; 219 int rv; 220 221 if ((ctx == NULL) || 222 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 223 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 224 return (CRYPTO_INVALID_CONTEXT); 225 } 226 227 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 228 KCF_PROV_REFHOLD(pd); 229 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_FINAL, ctx->cc_session, 230 NULL, NULL, NULL, signature, NULL); 231 rv = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 232 KCF_PROV_REFRELE(pd); 233 234 /* Release the hold done in kcf_new_ctx() during init step. */ 235 KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx); 236 return (rv); 237 } 238 239 int 240 crypto_verify_prov(crypto_provider_t provider, crypto_session_id_t sid, 241 crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *data, 242 crypto_ctx_template_t tmpl, crypto_data_t *signature, 243 crypto_call_req_t *crq) 244 { 245 kcf_req_params_t params; 246 kcf_provider_desc_t *pd = provider; 247 kcf_provider_desc_t *real_provider = pd; 248 int rv; 249 250 ASSERT(KCF_PROV_REFHELD(pd)); 251 252 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 253 rv = kcf_get_hardware_provider(mech->cm_type, 254 CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops), 255 CRYPTO_VERIFY_OFFSET(verify_atomic), CHECK_RESTRICT(crq), 256 pd, &real_provider); 257 258 if (rv != CRYPTO_SUCCESS) 259 return (rv); 260 } 261 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_ATOMIC, sid, mech, 262 key, data, signature, tmpl); 263 rv = kcf_submit_request(real_provider, NULL, crq, ¶ms, B_FALSE); 264 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 265 KCF_PROV_REFRELE(real_provider); 266 267 return (rv); 268 } 269 270 static int 271 verify_vr_atomic_common(crypto_mechanism_t *mech, crypto_key_t *key, 272 crypto_data_t *data, crypto_ctx_template_t tmpl, crypto_data_t *signature, 273 crypto_call_req_t *crq, crypto_func_group_t fg) 274 { 275 int error; 276 kcf_mech_entry_t *me; 277 kcf_provider_desc_t *pd; 278 kcf_req_params_t params; 279 kcf_prov_tried_t *list = NULL; 280 kcf_ctx_template_t *ctx_tmpl; 281 crypto_spi_ctx_template_t spi_ctx_tmpl = NULL; 282 283 retry: 284 /* The pd is returned held */ 285 if ((pd = kcf_get_mech_provider(mech->cm_type, &me, &error, list, fg, 286 CHECK_RESTRICT(crq), data->cd_length)) == NULL) { 287 if (list != NULL) 288 kcf_free_triedlist(list); 289 return (error); 290 } 291 292 /* 293 * For SW providers, check the validity of the context template 294 * It is very rare that the generation number mis-matches, so 295 * it is acceptable to fail here, and let the consumer recover by 296 * freeing this tmpl and create a new one for the key and new SW 297 * provider. 298 */ 299 if ((pd->pd_prov_type == CRYPTO_SW_PROVIDER) && 300 ((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) { 301 if (ctx_tmpl->ct_generation != me->me_gen_swprov) { 302 if (list != NULL) 303 kcf_free_triedlist(list); 304 KCF_PROV_REFRELE(pd); 305 return (CRYPTO_OLD_CTX_TEMPLATE); 306 } else { 307 spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl; 308 } 309 } 310 311 /* The fast path for SW providers. */ 312 if (CHECK_FASTPATH(crq, pd)) { 313 crypto_mechanism_t lmech; 314 315 lmech = *mech; 316 KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech); 317 if (fg == CRYPTO_FG_VERIFY_ATOMIC) 318 error = KCF_PROV_VERIFY_ATOMIC(pd, pd->pd_sid, &lmech, 319 key, data, spi_ctx_tmpl, signature, 320 KCF_SWFP_RHNDL(crq)); 321 else 322 /* Note: The argument order is different from above */ 323 error = KCF_PROV_VERIFY_RECOVER_ATOMIC(pd, pd->pd_sid, 324 &lmech, key, signature, spi_ctx_tmpl, data, 325 KCF_SWFP_RHNDL(crq)); 326 KCF_PROV_INCRSTATS(pd, error); 327 } else { 328 kcf_op_type_t op = ((fg == CRYPTO_FG_VERIFY_ATOMIC) ? 329 KCF_OP_ATOMIC : KCF_OP_VERIFY_RECOVER_ATOMIC); 330 331 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, op, pd->pd_sid, 332 mech, key, data, signature, spi_ctx_tmpl); 333 334 /* no crypto context to carry between multiple parts. */ 335 error = kcf_submit_request(pd, NULL, crq, ¶ms, B_FALSE); 336 } 337 338 if (error != CRYPTO_SUCCESS && error != CRYPTO_QUEUED && 339 IS_RECOVERABLE(error)) { 340 /* Add pd to the linked list of providers tried. */ 341 if (kcf_insert_triedlist(&list, pd, KCF_KMFLAG(crq)) != NULL) 342 goto retry; 343 } 344 345 if (list != NULL) 346 kcf_free_triedlist(list); 347 348 KCF_PROV_REFRELE(pd); 349 return (error); 350 } 351 352 int 353 crypto_verify(crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *data, 354 crypto_ctx_template_t tmpl, crypto_data_t *signature, 355 crypto_call_req_t *crq) 356 { 357 return (verify_vr_atomic_common(mech, key, data, tmpl, signature, crq, 358 CRYPTO_FG_VERIFY_ATOMIC)); 359 } 360 361 int 362 crypto_verify_recover_prov(crypto_provider_t provider, crypto_session_id_t sid, 363 crypto_mechanism_t *mech, crypto_key_t *key, crypto_data_t *signature, 364 crypto_ctx_template_t tmpl, crypto_data_t *data, crypto_call_req_t *crq) 365 { 366 kcf_req_params_t params; 367 kcf_provider_desc_t *pd = provider; 368 kcf_provider_desc_t *real_provider = pd; 369 int rv; 370 371 ASSERT(KCF_PROV_REFHELD(pd)); 372 373 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 374 rv = kcf_get_hardware_provider(mech->cm_type, 375 CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops), 376 CRYPTO_VERIFY_OFFSET(verify_recover_atomic), 377 CHECK_RESTRICT(crq), pd, &real_provider); 378 379 if (rv != CRYPTO_SUCCESS) 380 return (rv); 381 } 382 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_VERIFY_RECOVER_ATOMIC, 383 sid, mech, key, data, signature, tmpl); 384 rv = kcf_submit_request(real_provider, NULL, crq, ¶ms, B_FALSE); 385 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 386 KCF_PROV_REFRELE(real_provider); 387 388 return (rv); 389 } 390 391 int 392 crypto_verify_recover(crypto_mechanism_t *mech, crypto_key_t *key, 393 crypto_data_t *signature, crypto_ctx_template_t tmpl, crypto_data_t *data, 394 crypto_call_req_t *crq) 395 { 396 return (verify_vr_atomic_common(mech, key, data, tmpl, signature, crq, 397 CRYPTO_FG_VERIFY_RECOVER_ATOMIC)); 398 } 399 400 int 401 crypto_verify_recover_init_prov(crypto_provider_t provider, 402 crypto_session_id_t sid, crypto_mechanism_t *mech, crypto_key_t *key, 403 crypto_ctx_template_t tmpl, crypto_context_t *ctxp, crypto_call_req_t *crq) 404 { 405 int rv; 406 crypto_ctx_t *ctx; 407 kcf_req_params_t params; 408 kcf_provider_desc_t *pd = provider; 409 kcf_provider_desc_t *real_provider = pd; 410 411 ASSERT(KCF_PROV_REFHELD(pd)); 412 413 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) { 414 rv = kcf_get_hardware_provider(mech->cm_type, 415 CRYPTO_MECH_INVALID, CRYPTO_OPS_OFFSET(verify_ops), 416 CRYPTO_VERIFY_OFFSET(verify_recover_init), 417 CHECK_RESTRICT(crq), pd, &real_provider); 418 419 if (rv != CRYPTO_SUCCESS) 420 return (rv); 421 } 422 423 /* Allocate and initialize the canonical context */ 424 if ((ctx = kcf_new_ctx(crq, real_provider, sid)) == NULL) { 425 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 426 KCF_PROV_REFRELE(real_provider); 427 return (CRYPTO_HOST_MEMORY); 428 } 429 430 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_VERIFY_RECOVER_INIT, 431 sid, mech, key, NULL, NULL, tmpl); 432 rv = kcf_submit_request(real_provider, ctx, crq, ¶ms, B_FALSE); 433 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 434 KCF_PROV_REFRELE(real_provider); 435 436 if ((rv == CRYPTO_SUCCESS) || (rv == CRYPTO_QUEUED)) 437 *ctxp = (crypto_context_t)ctx; 438 else { 439 /* Release the hold done in kcf_new_ctx(). */ 440 KCF_CONTEXT_REFRELE((kcf_context_t *)ctx->cc_framework_private); 441 } 442 443 return (rv); 444 } 445 446 int 447 crypto_verify_recover_single(crypto_context_t context, crypto_data_t *signature, 448 crypto_data_t *data, crypto_call_req_t *cr) 449 { 450 crypto_ctx_t *ctx = (crypto_ctx_t *)context; 451 kcf_context_t *kcf_ctx; 452 kcf_provider_desc_t *pd; 453 int error; 454 kcf_req_params_t params; 455 456 if ((ctx == NULL) || 457 ((kcf_ctx = (kcf_context_t *)ctx->cc_framework_private) == NULL) || 458 ((pd = kcf_ctx->kc_prov_desc) == NULL)) { 459 return (CRYPTO_INVALID_CONTEXT); 460 } 461 462 KCF_PROV_REFHOLD(pd); 463 KCF_WRAP_VERIFY_OPS_PARAMS(¶ms, KCF_OP_VERIFY_RECOVER, 0, NULL, 464 NULL, data, signature, NULL); 465 error = kcf_submit_request(pd, ctx, cr, ¶ms, B_FALSE); 466 KCF_PROV_REFRELE(pd); 467 468 /* Release the hold done in kcf_new_ctx() during init step. */ 469 KCF_CONTEXT_COND_RELEASE(error, kcf_ctx); 470 return (error); 471 } 472