1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SOFTMAC_H 28 #define _SOFTMAC_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 #include <sys/md5.h> 35 #include <sys/sha1.h> 36 #include <sys/sha2.h> 37 #include <security/pkcs11t.h> 38 #include "softSession.h" 39 #include "softObject.h" 40 41 #define MD5_HASH_SIZE 16 /* MD5 digest length in bytes */ 42 #define SHA1_HASH_SIZE 20 /* SHA_1 digest length in bytes */ 43 #define MD5_HMAC_BLOCK_SIZE 64 /* MD5 block size */ 44 #define MD5_HMAC_INTS_PER_BLOCK (MD5_HMAC_BLOCK_SIZE/sizeof (uint32_t)) 45 #define SHA1_HMAC_BLOCK_SIZE 64 /* SHA1-HMAC block size */ 46 #define SHA1_HMAC_INTS_PER_BLOCK (SHA1_HMAC_BLOCK_SIZE/sizeof (uint32_t)) 47 #define SHA256_HMAC_INTS_PER_BLOCK \ 48 (SHA256_HMAC_BLOCK_SIZE/sizeof (uint64_t)) 49 #define SHA512_HMAC_INTS_PER_BLOCK \ 50 (SHA512_HMAC_BLOCK_SIZE/sizeof (uint64_t)) 51 52 53 #define MD5_SSL_PAD_SIZE 48 /* MD5 SSL pad length in bytes */ 54 /* 48 (MD5 SSL pad length in bytes) + 16 (key length in bytes) = 64 */ 55 #define MD5_SSL_PAD_AND_KEY_SIZE 64 56 57 #define SHA1_SSL_PAD_SIZE 40 /* SHA1 SSL pad length in bytes */ 58 /* 40 (SHA1 SSL pad length in bytes) + 20 (key length in bytes) = 104 */ 59 #define SHA1_SSL_PAD_AND_KEY_SIZE 60 60 61 /* 62 * Context for MD5-HMAC and MD5-HMAC-GENERAL mechanisms. 63 */ 64 typedef struct md5_hc_ctx { 65 MD5_CTX hc_icontext; /* inner MD5 context */ 66 MD5_CTX hc_ocontext; /* outer MD5 context */ 67 } md5_hc_ctx_t; 68 69 /* 70 * Context for SHA1-HMAC and SHA1-HMAC-GENERAL mechanisms. 71 */ 72 typedef struct sha1_hc_ctx { 73 SHA1_CTX hc_icontext; /* inner SHA1 context */ 74 SHA1_CTX hc_ocontext; /* outer SHA1 context */ 75 } sha1_hc_ctx_t; 76 77 typedef struct sha2_hc_ctx { 78 SHA2_CTX hc_icontext; /* inner SHA2 context */ 79 SHA2_CTX hc_ocontext; /* outer SHA2 context */ 80 } sha2_hc_ctx_t; 81 82 /* 83 * Generic Context struct for HMAC. 84 */ 85 typedef struct soft_hmac_ctx { 86 size_t hmac_len; /* digest len in bytes */ 87 union { 88 md5_hc_ctx_t md5_ctx; 89 sha1_hc_ctx_t sha1_ctx; 90 sha2_hc_ctx_t sha2_ctx; 91 } hc_ctx_u; 92 } soft_hmac_ctx_t; 93 94 95 /* Generic MAC envelop macros. Substitute HASH with MD5, SHA1, & SHA2 mechs */ 96 97 #define SOFT_MAC_INIT_CTX(HASH, mac_ctx, ipad, opad, len) \ 98 /* Perform HASH on ipad */ \ 99 HASH##Init(&((mac_ctx)->hc_icontext)); \ 100 HASH##Update(&((mac_ctx)->hc_icontext), ipad, len); \ 101 /* Perform HASH on opad */ \ 102 HASH##Init(&((mac_ctx)->hc_ocontext)); \ 103 HASH##Update(&((mac_ctx)->hc_ocontext), opad, len); 104 105 #define SOFT_MAC_UPDATE(HASH, mac_ctx, pPart, PartLen) \ 106 HASH##Update(&((mac_ctx)->hc_icontext), pPart, PartLen); 107 108 #define SOFT_MAC_FINAL(HASH, mac_ctx, mac) \ 109 HASH##Final((mac), &((mac_ctx)->hc_icontext)); \ 110 HASH##Update(&((mac_ctx)->hc_ocontext), (mac), HASH##_HASH_SIZE);\ 111 HASH##Final((mac), &((mac_ctx)->hc_ocontext)); 112 113 #define SOFT_MAC_FINAL_2(HASH, mac_ctx, mac) \ 114 SHA2Final((mac), &((mac_ctx)->hc_icontext)); \ 115 SHA2Update(&((mac_ctx)->hc_ocontext), (mac), HASH##_DIGEST_LENGTH); \ 116 SHA2Final((mac), &((mac_ctx)->hc_ocontext)); 117 118 #define CKM_TO_SHA2(ckm_value) \ 119 (ckm_value % 0x10) + (((ckm_value - 0x250) / 0x10) * 3) 120 121 /* 122 * Function Prototypes. 123 */ 124 CK_RV soft_hmac_sign_verify_init_common(soft_session_t *, CK_MECHANISM_PTR, 125 soft_object_t *, boolean_t); 126 127 CK_RV mac_init_ctx(soft_session_t *session_p, soft_object_t *, 128 soft_hmac_ctx_t *, CK_MECHANISM_TYPE); 129 130 CK_RV soft_hmac_sign_verify_common(soft_session_t *, CK_BYTE_PTR, 131 CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, boolean_t); 132 133 CK_RV soft_hmac_sign_verify_update(soft_session_t *, CK_BYTE_PTR, 134 CK_ULONG, boolean_t); 135 136 void md5_hmac_ctx_init(md5_hc_ctx_t *, uint32_t *, uint32_t *); 137 138 void sha1_hmac_ctx_init(sha1_hc_ctx_t *, uint32_t *, uint32_t *); 139 140 void sha2_hmac_ctx_init(uint_t mech, sha2_hc_ctx_t *, uint64_t *, uint64_t *, 141 uint_t, uint_t); 142 143 #ifdef __cplusplus 144 } 145 #endif 146 147 #endif /* _SOFTMAC_H */ 148