1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright (c) 2018, Joyent, Inc.
26 */
27
28 #include <pthread.h>
29 #include <security/cryptoki.h>
30 #include "softGlobal.h"
31 #include "softSession.h"
32 #include "softObject.h"
33 #include "softOps.h"
34
35
36 CK_RV
C_EncryptInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)37 C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
38 CK_OBJECT_HANDLE hKey)
39 {
40
41 CK_RV rv;
42 soft_session_t *session_p;
43 soft_object_t *key_p;
44 boolean_t lock_held = B_FALSE;
45
46 if (!softtoken_initialized)
47 return (CKR_CRYPTOKI_NOT_INITIALIZED);
48
49 /* Obtain the session pointer. */
50 rv = handle2session(hSession, &session_p);
51 if (rv != CKR_OK)
52 return (rv);
53
54 if (pMechanism == NULL) {
55 rv = CKR_ARGUMENTS_BAD;
56 goto clean_exit;
57 }
58
59 /* Obtain the object pointer. */
60 HANDLE2OBJECT(hKey, key_p, rv);
61 if (rv != CKR_OK)
62 goto clean_exit;
63
64 /* Check to see if key object allows for encryption. */
65 if (!(key_p->bool_attr_mask & ENCRYPT_BOOL_ON)) {
66 rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
67 goto clean_exit1;
68 }
69
70 (void) pthread_mutex_lock(&session_p->session_mutex);
71 lock_held = B_TRUE;
72
73 /* Check to see if encrypt operation is already active. */
74 if (session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE) {
75 /* free the memory to avoid memory leak */
76 soft_crypt_cleanup(session_p, B_TRUE, lock_held);
77 }
78
79 /*
80 * This active flag will remain ON until application calls either
81 * C_Encrypt or C_EncryptFinal to actually obtain the final piece
82 * of ciphertext.
83 */
84 session_p->encrypt.flags = CRYPTO_OPERATION_ACTIVE;
85
86 (void) pthread_mutex_unlock(&session_p->session_mutex);
87 lock_held = B_FALSE;
88
89 rv = soft_encrypt_init(session_p, pMechanism, key_p);
90
91 if (rv != CKR_OK) {
92 (void) pthread_mutex_lock(&session_p->session_mutex);
93 session_p->encrypt.flags &= ~CRYPTO_OPERATION_ACTIVE;
94 lock_held = B_TRUE;
95 }
96
97 clean_exit1:
98 OBJ_REFRELE(key_p);
99 clean_exit:
100 SES_REFRELE(session_p, lock_held);
101 return (rv);
102 }
103
104
105 CK_RV
C_Encrypt(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pEncryptedData,CK_ULONG_PTR pulEncryptedDataLen)106 C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
107 CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
108 {
109
110 CK_RV rv;
111 soft_session_t *session_p;
112 boolean_t lock_held = B_FALSE;
113
114 if (!softtoken_initialized)
115 return (CKR_CRYPTOKI_NOT_INITIALIZED);
116
117 /* Obtain the session pointer. */
118 rv = handle2session(hSession, &session_p);
119 if (rv != CKR_OK)
120 return (rv);
121
122 /*
123 * How to handle zero input length depends on the mechanism in use.
124 * For secret key mechanisms, unpadded ones yield zero length output,
125 * but padded ones always result in greater than zero length output.
126 */
127 if (pData == NULL && ulDataLen != 0) {
128 rv = CKR_ARGUMENTS_BAD;
129 goto clean_exit;
130 }
131
132 /*
133 * Only check if pulEncryptedDataLen is NULL.
134 * No need to check if pEncryptedData is NULL because
135 * application might just ask for the length of buffer to hold
136 * the ciphertext.
137 */
138 if (pulEncryptedDataLen == NULL) {
139 rv = CKR_ARGUMENTS_BAD;
140 goto clean_exit;
141 }
142
143 (void) pthread_mutex_lock(&session_p->session_mutex);
144 lock_held = B_TRUE;
145
146 /* Application must call C_EncryptInit before calling C_Encrypt. */
147 if (!(session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE)) {
148 SES_REFRELE(session_p, lock_held);
149 return (CKR_OPERATION_NOT_INITIALIZED);
150 }
151
152 /*
153 * C_Encrypt must be called without intervening C_EncryptUpdate
154 * calls.
155 */
156 if (session_p->encrypt.flags & CRYPTO_OPERATION_UPDATE) {
157 /*
158 * C_Encrypt can not be used to terminate a multi-part
159 * operation, so we'll leave the active encrypt operation
160 * flag on and let the application continue with the
161 * encrypt update operation.
162 */
163 SES_REFRELE(session_p, lock_held);
164 return (CKR_FUNCTION_FAILED);
165 }
166
167 (void) pthread_mutex_unlock(&session_p->session_mutex);
168 lock_held = B_FALSE;
169
170 rv = soft_encrypt(session_p, pData, ulDataLen, pEncryptedData,
171 pulEncryptedDataLen);
172
173 if ((rv == CKR_BUFFER_TOO_SMALL) ||
174 (pEncryptedData == NULL && rv == CKR_OK)) {
175 /*
176 * We will not terminate the active encrypt operation flag,
177 * when the application-supplied buffer is too small, or
178 * the application asks for the length of buffer to hold
179 * the ciphertext.
180 */
181 SES_REFRELE(session_p, lock_held);
182 return (rv);
183 }
184
185 clean_exit:
186 /* Clear context, free key, and release session counter */
187 soft_crypt_cleanup(session_p, B_TRUE, B_FALSE);
188 return (rv);
189 }
190
191
192 CK_RV
C_EncryptUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen,CK_BYTE_PTR pEncryptedPart,CK_ULONG_PTR pulEncryptedPartLen)193 C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
194 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
195 CK_ULONG_PTR pulEncryptedPartLen)
196 {
197
198 CK_RV rv;
199 soft_session_t *session_p;
200 boolean_t lock_held = B_FALSE;
201
202 if (!softtoken_initialized)
203 return (CKR_CRYPTOKI_NOT_INITIALIZED);
204
205 /* Obtain the session pointer. */
206 rv = handle2session(hSession, &session_p);
207 if (rv != CKR_OK)
208 return (rv);
209
210 /*
211 * Only check if input buffer is null. How to handle zero input
212 * length depends on the mechanism in use. For secret key mechanisms,
213 * unpadded ones yeild zero length output, but padded ones always
214 * result in greater than zero length output.
215 */
216 if (pPart == NULL) {
217 rv = CKR_ARGUMENTS_BAD;
218 goto clean_exit;
219 }
220
221 /*
222 * Only check if pulEncryptedPartLen is NULL.
223 * No need to check if pEncryptedPart is NULL because
224 * application might just ask for the length of buffer to hold
225 * the ciphertext.
226 */
227 if (pulEncryptedPartLen == NULL) {
228 rv = CKR_ARGUMENTS_BAD;
229 goto clean_exit;
230 }
231
232 (void) pthread_mutex_lock(&session_p->session_mutex);
233 lock_held = B_TRUE;
234
235 /*
236 * Application must call C_EncryptInit before calling
237 * C_EncryptUpdate.
238 */
239 if (!(session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE)) {
240 SES_REFRELE(session_p, lock_held);
241 return (CKR_OPERATION_NOT_INITIALIZED);
242 }
243
244 session_p->encrypt.flags |= CRYPTO_OPERATION_UPDATE;
245
246 (void) pthread_mutex_unlock(&session_p->session_mutex);
247 lock_held = B_FALSE;
248
249 rv = soft_encrypt_update(session_p, pPart, ulPartLen,
250 pEncryptedPart, pulEncryptedPartLen);
251
252 /*
253 * If CKR_OK or CKR_BUFFER_TOO_SMALL, don't terminate the
254 * current encryption operation.
255 */
256 if ((rv == CKR_OK) || (rv == CKR_BUFFER_TOO_SMALL)) {
257 SES_REFRELE(session_p, lock_held);
258 return (rv);
259 }
260
261 clean_exit:
262 /*
263 * After an error occurred, terminate the current encrypt
264 * operation by resetting the active and update flags.
265 */
266 soft_crypt_cleanup(session_p, B_TRUE, lock_held);
267
268 return (rv);
269 }
270
271
272 CK_RV
C_EncryptFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pLastEncryptedPart,CK_ULONG_PTR pulLastEncryptedPartLen)273 C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart,
274 CK_ULONG_PTR pulLastEncryptedPartLen)
275 {
276
277 CK_RV rv;
278 soft_session_t *session_p;
279 boolean_t lock_held = B_FALSE;
280
281 if (!softtoken_initialized)
282 return (CKR_CRYPTOKI_NOT_INITIALIZED);
283
284 /* Obtain the session pointer. */
285 rv = handle2session(hSession, &session_p);
286 if (rv != CKR_OK)
287 return (rv);
288
289 if (pulLastEncryptedPartLen == NULL) {
290 rv = CKR_ARGUMENTS_BAD;
291 goto clean_exit;
292 }
293
294 (void) pthread_mutex_lock(&session_p->session_mutex);
295 lock_held = B_TRUE;
296
297 /*
298 * Application must call C_EncryptInit before calling
299 * C_EncryptFinal.
300 */
301 if (!(session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE)) {
302 SES_REFRELE(session_p, lock_held);
303 return (CKR_OPERATION_NOT_INITIALIZED);
304 }
305
306 (void) pthread_mutex_unlock(&session_p->session_mutex);
307 lock_held = B_FALSE;
308
309 rv = soft_encrypt_final(session_p, pLastEncryptedPart,
310 pulLastEncryptedPartLen);
311
312 if ((rv == CKR_BUFFER_TOO_SMALL) ||
313 (pLastEncryptedPart == NULL && rv == CKR_OK)) {
314 /*
315 * We will not terminate the active encrypt operation flag,
316 * when the application-supplied buffer is too small, or
317 * the application asks for the length of buffer to hold
318 * the ciphertext.
319 */
320 SES_REFRELE(session_p, lock_held);
321 return (rv);
322 }
323
324 /* Terminates the active encrypt operation. */
325 (void) pthread_mutex_lock(&session_p->session_mutex);
326 session_p->encrypt.flags = 0;
327 lock_held = B_TRUE;
328 SES_REFRELE(session_p, lock_held);
329
330 return (rv);
331
332 clean_exit:
333 /* Terminates the active encrypt operation. */
334 soft_crypt_cleanup(session_p, B_TRUE, lock_held);
335
336 return (rv);
337 }
338