17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 54c21f043Sizick * Common Development and Distribution License (the "License"). 64c21f043Sizick * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22f9fbec18Smcpowers * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 24*cd964fceSMatt Barden * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate #include <stdlib.h> 287c478bd9Sstevel@tonic-gate #include <strings.h> 297c478bd9Sstevel@tonic-gate #include <sys/types.h> 307c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 317c478bd9Sstevel@tonic-gate #include "softObject.h" 327c478bd9Sstevel@tonic-gate #include "softOps.h" 337c478bd9Sstevel@tonic-gate #include "softSession.h" 347c478bd9Sstevel@tonic-gate #include "softMAC.h" 357c478bd9Sstevel@tonic-gate #include "softRSA.h" 367c478bd9Sstevel@tonic-gate #include "softDSA.h" 37f9fbec18Smcpowers #include "softEC.h" 387c478bd9Sstevel@tonic-gate #include "softCrypt.h" 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate /* 417c478bd9Sstevel@tonic-gate * soft_sign_init() 427c478bd9Sstevel@tonic-gate * 437c478bd9Sstevel@tonic-gate * Arguments: 447c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 457c478bd9Sstevel@tonic-gate * pMechanism: pointer to CK_MECHANISM struct provided by application 467c478bd9Sstevel@tonic-gate * key_p: pointer to key soft_object_t struct 477c478bd9Sstevel@tonic-gate * 487c478bd9Sstevel@tonic-gate * Description: 497c478bd9Sstevel@tonic-gate * called by C_SignInit(). This function calls the corresponding 507c478bd9Sstevel@tonic-gate * sign init routine based on the mechanism. 517c478bd9Sstevel@tonic-gate * 527c478bd9Sstevel@tonic-gate */ 537c478bd9Sstevel@tonic-gate CK_RV 547c478bd9Sstevel@tonic-gate soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 557c478bd9Sstevel@tonic-gate soft_object_t *key_p) 567c478bd9Sstevel@tonic-gate { 577c478bd9Sstevel@tonic-gate 587c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) { 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 617c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 627c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 637c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 647c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 657c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 66f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 67f66d273dSizick case CKM_SHA256_HMAC: 68f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 69f66d273dSizick case CKM_SHA384_HMAC: 70f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 71f66d273dSizick case CKM_SHA512_HMAC: 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_init_common(session_p, 747c478bd9Sstevel@tonic-gate pMechanism, key_p, B_TRUE)); 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 777c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 787c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 797c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 80f66d273dSizick case CKM_SHA256_RSA_PKCS: 81f66d273dSizick case CKM_SHA384_RSA_PKCS: 82f66d273dSizick case CKM_SHA512_RSA_PKCS: 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 857c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate case CKM_DSA: 887c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate return (soft_dsa_sign_verify_init_common(session_p, pMechanism, 917c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 927c478bd9Sstevel@tonic-gate 93f9fbec18Smcpowers case CKM_ECDSA: 94f9fbec18Smcpowers case CKM_ECDSA_SHA1: 95f9fbec18Smcpowers 96f9fbec18Smcpowers return (soft_ecc_sign_verify_init_common(session_p, pMechanism, 97f9fbec18Smcpowers key_p, B_TRUE)); 98f9fbec18Smcpowers 997c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 1007c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate return (soft_des_sign_verify_init_common(session_p, pMechanism, 1037c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 1047c478bd9Sstevel@tonic-gate 105*cd964fceSMatt Barden case CKM_AES_CMAC_GENERAL: 106*cd964fceSMatt Barden case CKM_AES_CMAC: 107*cd964fceSMatt Barden 108*cd964fceSMatt Barden return (soft_aes_sign_verify_init_common(session_p, pMechanism, 109*cd964fceSMatt Barden key_p, B_TRUE)); 110*cd964fceSMatt Barden 1117c478bd9Sstevel@tonic-gate default: 1127c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 1137c478bd9Sstevel@tonic-gate } 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate } 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate /* 1197c478bd9Sstevel@tonic-gate * soft_sign() 1207c478bd9Sstevel@tonic-gate * 1217c478bd9Sstevel@tonic-gate * Arguments: 1227c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 1237c478bd9Sstevel@tonic-gate * pData: pointer to the input data to be signed 1247c478bd9Sstevel@tonic-gate * ulDataLen: length of the input data 1257c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing 1267c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature 1277c478bd9Sstevel@tonic-gate * 1287c478bd9Sstevel@tonic-gate * Description: 1297c478bd9Sstevel@tonic-gate * called by C_Sign(). This function calls the corresponding 1307c478bd9Sstevel@tonic-gate * sign routine based on the mechanism. 1317c478bd9Sstevel@tonic-gate * 1327c478bd9Sstevel@tonic-gate */ 1337c478bd9Sstevel@tonic-gate CK_RV 1347c478bd9Sstevel@tonic-gate soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData, 1357c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 1367c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 1377c478bd9Sstevel@tonic-gate { 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 1407c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate switch (mechanism) { 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 1457c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 1467c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 1477c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 1487c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 1497c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 150f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 151f66d273dSizick case CKM_SHA256_HMAC: 152f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 153f66d273dSizick case CKM_SHA384_HMAC: 154f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 155f66d273dSizick case CKM_SHA512_HMAC: 1567c478bd9Sstevel@tonic-gate { 157f66d273dSizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 1607c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 1617c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData, 1627c478bd9Sstevel@tonic-gate ulDataLen, hmac, pulSignatureLen, B_TRUE); 1637c478bd9Sstevel@tonic-gate } else { 1647c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */ 1657c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData, 1667c478bd9Sstevel@tonic-gate ulDataLen, pSignature, pulSignatureLen, B_TRUE); 1677c478bd9Sstevel@tonic-gate } 1687c478bd9Sstevel@tonic-gate 1697c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 1707c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen); 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate return (rv); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 1757c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 1767c478bd9Sstevel@tonic-gate { 1777c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 1807c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 1817c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData, 182f9fbec18Smcpowers ulDataLen, signature, pulSignatureLen, B_TRUE, 183f9fbec18Smcpowers B_FALSE); 1847c478bd9Sstevel@tonic-gate } else { 1857c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */ 1867c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData, 187f9fbec18Smcpowers ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE); 1887c478bd9Sstevel@tonic-gate } 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 1917c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen); 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate return (rv); 1947c478bd9Sstevel@tonic-gate } 195*cd964fceSMatt Barden case CKM_AES_CMAC_GENERAL: 196*cd964fceSMatt Barden case CKM_AES_CMAC: 197*cd964fceSMatt Barden { 198*cd964fceSMatt Barden CK_BYTE signature[AES_BLOCK_LEN]; 199*cd964fceSMatt Barden 200*cd964fceSMatt Barden if (pSignature != NULL) { 201*cd964fceSMatt Barden /* Pass local buffer to avoid overflow. */ 202*cd964fceSMatt Barden rv = soft_aes_sign_verify_common(session_p, pData, 203*cd964fceSMatt Barden ulDataLen, signature, pulSignatureLen, B_TRUE, 204*cd964fceSMatt Barden B_FALSE); 205*cd964fceSMatt Barden } else { 206*cd964fceSMatt Barden /* Pass NULL, let callee handle it. */ 207*cd964fceSMatt Barden rv = soft_aes_sign_verify_common(session_p, pData, 208*cd964fceSMatt Barden ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE); 209*cd964fceSMatt Barden } 210*cd964fceSMatt Barden 211*cd964fceSMatt Barden if ((rv == CKR_OK) && (pSignature != NULL)) 212*cd964fceSMatt Barden (void) memcpy(pSignature, signature, *pulSignatureLen); 213*cd964fceSMatt Barden 214*cd964fceSMatt Barden return (rv); 215*cd964fceSMatt Barden } 2167c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 2177c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen, 2207c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism)); 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 2237c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 224f66d273dSizick case CKM_SHA256_RSA_PKCS: 225f66d273dSizick case CKM_SHA384_RSA_PKCS: 226f66d273dSizick case CKM_SHA512_RSA_PKCS: 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen, 2297c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_FALSE)); 2307c478bd9Sstevel@tonic-gate 2317c478bd9Sstevel@tonic-gate case CKM_DSA: 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate return (soft_dsa_sign(session_p, pData, ulDataLen, 2347c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen)); 2357c478bd9Sstevel@tonic-gate 2367c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 2377c478bd9Sstevel@tonic-gate 2387c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen, 2397c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_FALSE)); 2407c478bd9Sstevel@tonic-gate 241f9fbec18Smcpowers case CKM_ECDSA: 242f9fbec18Smcpowers 243f9fbec18Smcpowers return (soft_ecc_sign(session_p, pData, ulDataLen, 244f9fbec18Smcpowers pSignature, pulSignatureLen)); 245f9fbec18Smcpowers 246f9fbec18Smcpowers case CKM_ECDSA_SHA1: 247f9fbec18Smcpowers 248f9fbec18Smcpowers return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen, 249f9fbec18Smcpowers pSignature, pulSignatureLen, B_FALSE)); 250f9fbec18Smcpowers 2517c478bd9Sstevel@tonic-gate default: 2527c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 2537c478bd9Sstevel@tonic-gate } 2547c478bd9Sstevel@tonic-gate } 2557c478bd9Sstevel@tonic-gate 2567c478bd9Sstevel@tonic-gate 2577c478bd9Sstevel@tonic-gate /* 2587c478bd9Sstevel@tonic-gate * soft_sign_update() 2597c478bd9Sstevel@tonic-gate * 2607c478bd9Sstevel@tonic-gate * Arguments: 2617c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 2627c478bd9Sstevel@tonic-gate * pPart: pointer to the input data to be signed 2637c478bd9Sstevel@tonic-gate * ulPartLen: length of the input data 2647c478bd9Sstevel@tonic-gate * 2657c478bd9Sstevel@tonic-gate * Description: 2667c478bd9Sstevel@tonic-gate * called by C_SignUpdate(). This function calls the corresponding 2677c478bd9Sstevel@tonic-gate * sign update routine based on the mechanism. 2687c478bd9Sstevel@tonic-gate * 2697c478bd9Sstevel@tonic-gate */ 2707c478bd9Sstevel@tonic-gate CK_RV 2717c478bd9Sstevel@tonic-gate soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart, 2727c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen) 2737c478bd9Sstevel@tonic-gate { 2747c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 2757c478bd9Sstevel@tonic-gate 2767c478bd9Sstevel@tonic-gate switch (mechanism) { 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 2797c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 2807c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 2817c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 2827c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 2837c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 284f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 285f66d273dSizick case CKM_SHA256_HMAC: 286f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 287f66d273dSizick case CKM_SHA384_HMAC: 288f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 289f66d273dSizick case CKM_SHA512_HMAC: 2907c478bd9Sstevel@tonic-gate 2917c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_update(session_p, pPart, 2927c478bd9Sstevel@tonic-gate ulPartLen, B_TRUE)); 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 2957c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 2967c478bd9Sstevel@tonic-gate 2977c478bd9Sstevel@tonic-gate return (soft_des_mac_sign_verify_update(session_p, pPart, 2987c478bd9Sstevel@tonic-gate ulPartLen)); 2997c478bd9Sstevel@tonic-gate 300*cd964fceSMatt Barden case CKM_AES_CMAC_GENERAL: 301*cd964fceSMatt Barden case CKM_AES_CMAC: 302*cd964fceSMatt Barden 303*cd964fceSMatt Barden return (soft_aes_mac_sign_verify_update(session_p, pPart, 304*cd964fceSMatt Barden ulPartLen)); 305*cd964fceSMatt Barden 3067c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 3077c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 308f66d273dSizick case CKM_SHA256_RSA_PKCS: 309f66d273dSizick case CKM_SHA384_RSA_PKCS: 310f66d273dSizick case CKM_SHA512_RSA_PKCS: 3117c478bd9Sstevel@tonic-gate /* 3127c478bd9Sstevel@tonic-gate * The MD5/SHA1 digest value is accumulated in the context 3137c478bd9Sstevel@tonic-gate * of the multiple-part digesting operation. In the final 3147c478bd9Sstevel@tonic-gate * operation, the digest is encoded and then perform RSA 3157c478bd9Sstevel@tonic-gate * signing. 3167c478bd9Sstevel@tonic-gate */ 3177c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 318f9fbec18Smcpowers case CKM_ECDSA_SHA1: 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate return (soft_digest_update(session_p, pPart, ulPartLen)); 3217c478bd9Sstevel@tonic-gate 3227c478bd9Sstevel@tonic-gate default: 3237c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */ 3247c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 3257c478bd9Sstevel@tonic-gate } 3267c478bd9Sstevel@tonic-gate } 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate /* 3307c478bd9Sstevel@tonic-gate * soft_sign_final() 3317c478bd9Sstevel@tonic-gate * 3327c478bd9Sstevel@tonic-gate * Arguments: 3337c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 3347c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing 3357c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature 3367c478bd9Sstevel@tonic-gate * 3377c478bd9Sstevel@tonic-gate * Description: 3387c478bd9Sstevel@tonic-gate * called by C_SignFinal(). This function calls the corresponding 3397c478bd9Sstevel@tonic-gate * sign final routine based on the mechanism. 3407c478bd9Sstevel@tonic-gate * 3417c478bd9Sstevel@tonic-gate */ 3427c478bd9Sstevel@tonic-gate CK_RV 3437c478bd9Sstevel@tonic-gate soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature, 3447c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 3457c478bd9Sstevel@tonic-gate { 3467c478bd9Sstevel@tonic-gate 3477c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 3487c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 3497c478bd9Sstevel@tonic-gate 3507c478bd9Sstevel@tonic-gate switch (mechanism) { 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 3537c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 3547c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 3557c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 3567c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 3577c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 358f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 359f66d273dSizick case CKM_SHA256_HMAC: 360f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 361f66d273dSizick case CKM_SHA384_HMAC: 362f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 363f66d273dSizick case CKM_SHA512_HMAC: 3647c478bd9Sstevel@tonic-gate { 365f66d273dSizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 3667c478bd9Sstevel@tonic-gate 3677c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 3687c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow */ 3697c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL, 3707c478bd9Sstevel@tonic-gate 0, hmac, pulSignatureLen, B_TRUE); 3717c478bd9Sstevel@tonic-gate } else { 3727c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */ 3737c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL, 3747c478bd9Sstevel@tonic-gate 0, pSignature, pulSignatureLen, B_TRUE); 3757c478bd9Sstevel@tonic-gate } 3767c478bd9Sstevel@tonic-gate 3777c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 3787c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen); 3797c478bd9Sstevel@tonic-gate 3807c478bd9Sstevel@tonic-gate return (rv); 3817c478bd9Sstevel@tonic-gate } 3827c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 3837c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 3847c478bd9Sstevel@tonic-gate { 3857c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 3867c478bd9Sstevel@tonic-gate 3877c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 3887c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 3897c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0, 390f9fbec18Smcpowers signature, pulSignatureLen, B_TRUE, B_TRUE); 3917c478bd9Sstevel@tonic-gate } else { 3927c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */ 3937c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0, 394f9fbec18Smcpowers NULL, pulSignatureLen, B_TRUE, B_TRUE); 3957c478bd9Sstevel@tonic-gate } 3967c478bd9Sstevel@tonic-gate 3977c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 3987c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen); 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate return (rv); 4017c478bd9Sstevel@tonic-gate } 402*cd964fceSMatt Barden case CKM_AES_CMAC_GENERAL: 403*cd964fceSMatt Barden case CKM_AES_CMAC: 404*cd964fceSMatt Barden { 405*cd964fceSMatt Barden CK_BYTE signature[AES_BLOCK_LEN]; /* use the maximum size */ 406*cd964fceSMatt Barden 407*cd964fceSMatt Barden if (pSignature != NULL) { 408*cd964fceSMatt Barden /* Pass local buffer to avoid overflow. */ 409*cd964fceSMatt Barden rv = soft_aes_sign_verify_common(session_p, NULL, 0, 410*cd964fceSMatt Barden signature, pulSignatureLen, B_TRUE, B_TRUE); 411*cd964fceSMatt Barden } else { 412*cd964fceSMatt Barden /* Pass NULL, let callee handle it. */ 413*cd964fceSMatt Barden rv = soft_aes_sign_verify_common(session_p, NULL, 0, 414*cd964fceSMatt Barden NULL, pulSignatureLen, B_TRUE, B_TRUE); 415*cd964fceSMatt Barden } 416*cd964fceSMatt Barden 417*cd964fceSMatt Barden if ((rv == CKR_OK) && (pSignature != NULL)) 418*cd964fceSMatt Barden (void) memcpy(pSignature, signature, *pulSignatureLen); 419*cd964fceSMatt Barden 420*cd964fceSMatt Barden return (rv); 421*cd964fceSMatt Barden } 4227c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 4237c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 424f66d273dSizick case CKM_SHA256_RSA_PKCS: 425f66d273dSizick case CKM_SHA384_RSA_PKCS: 426f66d273dSizick case CKM_SHA512_RSA_PKCS: 4277c478bd9Sstevel@tonic-gate 4287c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, NULL, 0, 4297c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_TRUE)); 4307c478bd9Sstevel@tonic-gate 4317c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, NULL, 0, 4347c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_TRUE)); 4357c478bd9Sstevel@tonic-gate 436f9fbec18Smcpowers case CKM_ECDSA_SHA1: 437f9fbec18Smcpowers 438f9fbec18Smcpowers return (soft_ecc_digest_sign_common(session_p, NULL, 0, 439f9fbec18Smcpowers pSignature, pulSignatureLen, B_TRUE)); 440f9fbec18Smcpowers 4417c478bd9Sstevel@tonic-gate default: 4427c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */ 4437c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 4447c478bd9Sstevel@tonic-gate } 4457c478bd9Sstevel@tonic-gate } 4467c478bd9Sstevel@tonic-gate 4477c478bd9Sstevel@tonic-gate 4487c478bd9Sstevel@tonic-gate CK_RV 4497c478bd9Sstevel@tonic-gate soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 4507c478bd9Sstevel@tonic-gate soft_object_t *key_p) 4517c478bd9Sstevel@tonic-gate { 4527c478bd9Sstevel@tonic-gate 4537c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) { 4547c478bd9Sstevel@tonic-gate 4557c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 4567c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 4577c478bd9Sstevel@tonic-gate 4587c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 4597c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 4607c478bd9Sstevel@tonic-gate 4617c478bd9Sstevel@tonic-gate default: 4627c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 4637c478bd9Sstevel@tonic-gate } 4647c478bd9Sstevel@tonic-gate } 4657c478bd9Sstevel@tonic-gate 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate CK_RV 4687c478bd9Sstevel@tonic-gate soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData, 4697c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 4707c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 4717c478bd9Sstevel@tonic-gate { 4727c478bd9Sstevel@tonic-gate 4737c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 4747c478bd9Sstevel@tonic-gate 4757c478bd9Sstevel@tonic-gate switch (mechanism) { 4767c478bd9Sstevel@tonic-gate 4777c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 4787c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen, 4817c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism)); 4827c478bd9Sstevel@tonic-gate 4837c478bd9Sstevel@tonic-gate default: 4847c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 4857c478bd9Sstevel@tonic-gate } 4867c478bd9Sstevel@tonic-gate } 4877c478bd9Sstevel@tonic-gate 4887c478bd9Sstevel@tonic-gate /* 4897c478bd9Sstevel@tonic-gate * This function frees the allocated active crypto context. 4907c478bd9Sstevel@tonic-gate * It is only called by the first tier of sign/verify routines 4917c478bd9Sstevel@tonic-gate * and the caller of this function may or may not hold the session mutex. 4927c478bd9Sstevel@tonic-gate */ 4937c478bd9Sstevel@tonic-gate void 4947c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, 4957c478bd9Sstevel@tonic-gate boolean_t lock_held) 4967c478bd9Sstevel@tonic-gate { 4977c478bd9Sstevel@tonic-gate 4987c478bd9Sstevel@tonic-gate crypto_active_op_t *active_op; 4997c478bd9Sstevel@tonic-gate boolean_t lock_true = B_TRUE; 5007c478bd9Sstevel@tonic-gate 5017c478bd9Sstevel@tonic-gate if (!lock_held) 5027c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 5037c478bd9Sstevel@tonic-gate 5047c478bd9Sstevel@tonic-gate active_op = (sign) ? &(session_p->sign) : &(session_p->verify); 5057c478bd9Sstevel@tonic-gate 5067c478bd9Sstevel@tonic-gate switch (active_op->mech.mechanism) { 5077c478bd9Sstevel@tonic-gate 5087c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 5097c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 510f66d273dSizick case CKM_SHA256_RSA_PKCS: 511f66d273dSizick case CKM_SHA384_RSA_PKCS: 512f66d273dSizick case CKM_SHA512_RSA_PKCS: 5137c478bd9Sstevel@tonic-gate if (session_p->digest.context != NULL) { 5147c478bd9Sstevel@tonic-gate free(session_p->digest.context); 5157c478bd9Sstevel@tonic-gate session_p->digest.context = NULL; 5167c478bd9Sstevel@tonic-gate session_p->digest.flags = 0; 5177c478bd9Sstevel@tonic-gate } 5184c21f043Sizick /* FALLTHRU */ 5197c478bd9Sstevel@tonic-gate 5207c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 5217c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 5224c21f043Sizick { 5234c21f043Sizick soft_rsa_ctx_t *rsa_ctx = 5244c21f043Sizick (soft_rsa_ctx_t *)active_op->context; 5254c21f043Sizick 5264c21f043Sizick if (rsa_ctx != NULL && rsa_ctx->key != NULL) { 5274c21f043Sizick soft_cleanup_object(rsa_ctx->key); 5284c21f043Sizick free(rsa_ctx->key); 5294c21f043Sizick } 5304c21f043Sizick break; 5314c21f043Sizick 5324c21f043Sizick } 5334c21f043Sizick case CKM_DSA_SHA1: 5344c21f043Sizick if (session_p->digest.context != NULL) { 5354c21f043Sizick free(session_p->digest.context); 5364c21f043Sizick session_p->digest.context = NULL; 5374c21f043Sizick session_p->digest.flags = 0; 5384c21f043Sizick } 5394c21f043Sizick 5404c21f043Sizick /* FALLTHRU */ 5417c478bd9Sstevel@tonic-gate case CKM_DSA: 5424c21f043Sizick { 5434c21f043Sizick soft_dsa_ctx_t *dsa_ctx = 5444c21f043Sizick (soft_dsa_ctx_t *)active_op->context; 5454c21f043Sizick 5464c21f043Sizick if (dsa_ctx != NULL && dsa_ctx->key != NULL) { 5474c21f043Sizick soft_cleanup_object(dsa_ctx->key); 5484c21f043Sizick free(dsa_ctx->key); 5494c21f043Sizick } 5507c478bd9Sstevel@tonic-gate break; 5517c478bd9Sstevel@tonic-gate 5524c21f043Sizick } 5537c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 5547c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 5557c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 5567c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 5577c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 5587c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 559f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 560f66d273dSizick case CKM_SHA256_HMAC: 561f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 562f66d273dSizick case CKM_SHA384_HMAC: 563f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 564f66d273dSizick case CKM_SHA512_HMAC: 5657c478bd9Sstevel@tonic-gate if (active_op->context != NULL) 5667c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_hmac_ctx_t)); 5677c478bd9Sstevel@tonic-gate break; 5687c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 5697c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 5707c478bd9Sstevel@tonic-gate if (session_p->encrypt.context != NULL) { 5717c478bd9Sstevel@tonic-gate free(session_p->encrypt.context); 5727c478bd9Sstevel@tonic-gate session_p->encrypt.context = NULL; 5737c478bd9Sstevel@tonic-gate session_p->encrypt.flags = 0; 5747c478bd9Sstevel@tonic-gate } 5757c478bd9Sstevel@tonic-gate if (active_op->context != NULL) 5767c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_des_ctx_t)); 5777c478bd9Sstevel@tonic-gate break; 5787c478bd9Sstevel@tonic-gate 579*cd964fceSMatt Barden case CKM_AES_CMAC_GENERAL: 580*cd964fceSMatt Barden case CKM_AES_CMAC: 581*cd964fceSMatt Barden if (session_p->encrypt.context != NULL) { 582*cd964fceSMatt Barden free(session_p->encrypt.context); 583*cd964fceSMatt Barden session_p->encrypt.context = NULL; 584*cd964fceSMatt Barden session_p->encrypt.flags = 0; 585*cd964fceSMatt Barden } 586*cd964fceSMatt Barden if (active_op->context != NULL) 587*cd964fceSMatt Barden bzero(active_op->context, sizeof (soft_aes_ctx_t)); 588*cd964fceSMatt Barden break; 589*cd964fceSMatt Barden 5907c478bd9Sstevel@tonic-gate } 5917c478bd9Sstevel@tonic-gate 5927c478bd9Sstevel@tonic-gate if (active_op->context != NULL) { 5937c478bd9Sstevel@tonic-gate free(active_op->context); 5947c478bd9Sstevel@tonic-gate active_op->context = NULL; 5957c478bd9Sstevel@tonic-gate } 5967c478bd9Sstevel@tonic-gate 5977c478bd9Sstevel@tonic-gate active_op->flags = 0; 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate if (!lock_held) 6007c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_true); 6017c478bd9Sstevel@tonic-gate } 602