1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 30*7c478bd9Sstevel@tonic-gate #include <strings.h> 31*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 32*7c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 33*7c478bd9Sstevel@tonic-gate #include "softObject.h" 34*7c478bd9Sstevel@tonic-gate #include "softOps.h" 35*7c478bd9Sstevel@tonic-gate #include "softSession.h" 36*7c478bd9Sstevel@tonic-gate #include "softMAC.h" 37*7c478bd9Sstevel@tonic-gate #include "softRSA.h" 38*7c478bd9Sstevel@tonic-gate #include "softDSA.h" 39*7c478bd9Sstevel@tonic-gate #include "softCrypt.h" 40*7c478bd9Sstevel@tonic-gate 41*7c478bd9Sstevel@tonic-gate /* 42*7c478bd9Sstevel@tonic-gate * soft_sign_init() 43*7c478bd9Sstevel@tonic-gate * 44*7c478bd9Sstevel@tonic-gate * Arguments: 45*7c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 46*7c478bd9Sstevel@tonic-gate * pMechanism: pointer to CK_MECHANISM struct provided by application 47*7c478bd9Sstevel@tonic-gate * key_p: pointer to key soft_object_t struct 48*7c478bd9Sstevel@tonic-gate * 49*7c478bd9Sstevel@tonic-gate * Description: 50*7c478bd9Sstevel@tonic-gate * called by C_SignInit(). This function calls the corresponding 51*7c478bd9Sstevel@tonic-gate * sign init routine based on the mechanism. 52*7c478bd9Sstevel@tonic-gate * 53*7c478bd9Sstevel@tonic-gate */ 54*7c478bd9Sstevel@tonic-gate CK_RV 55*7c478bd9Sstevel@tonic-gate soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 56*7c478bd9Sstevel@tonic-gate soft_object_t *key_p) 57*7c478bd9Sstevel@tonic-gate { 58*7c478bd9Sstevel@tonic-gate 59*7c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) { 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 62*7c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 63*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 64*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 65*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 66*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_init_common(session_p, 69*7c478bd9Sstevel@tonic-gate pMechanism, key_p, B_TRUE)); 70*7c478bd9Sstevel@tonic-gate 71*7c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 72*7c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 73*7c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 74*7c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 75*7c478bd9Sstevel@tonic-gate 76*7c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 77*7c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 78*7c478bd9Sstevel@tonic-gate 79*7c478bd9Sstevel@tonic-gate case CKM_DSA: 80*7c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 81*7c478bd9Sstevel@tonic-gate 82*7c478bd9Sstevel@tonic-gate return (soft_dsa_sign_verify_init_common(session_p, pMechanism, 83*7c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 84*7c478bd9Sstevel@tonic-gate 85*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 86*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 87*7c478bd9Sstevel@tonic-gate 88*7c478bd9Sstevel@tonic-gate return (soft_des_sign_verify_init_common(session_p, pMechanism, 89*7c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 90*7c478bd9Sstevel@tonic-gate 91*7c478bd9Sstevel@tonic-gate default: 92*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 93*7c478bd9Sstevel@tonic-gate } 94*7c478bd9Sstevel@tonic-gate 95*7c478bd9Sstevel@tonic-gate } 96*7c478bd9Sstevel@tonic-gate 97*7c478bd9Sstevel@tonic-gate 98*7c478bd9Sstevel@tonic-gate /* 99*7c478bd9Sstevel@tonic-gate * soft_sign() 100*7c478bd9Sstevel@tonic-gate * 101*7c478bd9Sstevel@tonic-gate * Arguments: 102*7c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 103*7c478bd9Sstevel@tonic-gate * pData: pointer to the input data to be signed 104*7c478bd9Sstevel@tonic-gate * ulDataLen: length of the input data 105*7c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing 106*7c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature 107*7c478bd9Sstevel@tonic-gate * 108*7c478bd9Sstevel@tonic-gate * Description: 109*7c478bd9Sstevel@tonic-gate * called by C_Sign(). This function calls the corresponding 110*7c478bd9Sstevel@tonic-gate * sign routine based on the mechanism. 111*7c478bd9Sstevel@tonic-gate * 112*7c478bd9Sstevel@tonic-gate */ 113*7c478bd9Sstevel@tonic-gate CK_RV 114*7c478bd9Sstevel@tonic-gate soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData, 115*7c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 116*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 117*7c478bd9Sstevel@tonic-gate { 118*7c478bd9Sstevel@tonic-gate 119*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 120*7c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 121*7c478bd9Sstevel@tonic-gate 122*7c478bd9Sstevel@tonic-gate switch (mechanism) { 123*7c478bd9Sstevel@tonic-gate 124*7c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 125*7c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 126*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 127*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 128*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 129*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 130*7c478bd9Sstevel@tonic-gate { 131*7c478bd9Sstevel@tonic-gate CK_BYTE hmac[SHA1_HASH_SIZE]; /* use the maximum size */ 132*7c478bd9Sstevel@tonic-gate 133*7c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 134*7c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 135*7c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData, 136*7c478bd9Sstevel@tonic-gate ulDataLen, hmac, pulSignatureLen, B_TRUE); 137*7c478bd9Sstevel@tonic-gate } else { 138*7c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */ 139*7c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData, 140*7c478bd9Sstevel@tonic-gate ulDataLen, pSignature, pulSignatureLen, B_TRUE); 141*7c478bd9Sstevel@tonic-gate } 142*7c478bd9Sstevel@tonic-gate 143*7c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 144*7c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen); 145*7c478bd9Sstevel@tonic-gate 146*7c478bd9Sstevel@tonic-gate return (rv); 147*7c478bd9Sstevel@tonic-gate } 148*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 149*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 150*7c478bd9Sstevel@tonic-gate { 151*7c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 152*7c478bd9Sstevel@tonic-gate 153*7c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 154*7c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 155*7c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData, 156*7c478bd9Sstevel@tonic-gate ulDataLen, signature, pulSignatureLen, B_TRUE, 157*7c478bd9Sstevel@tonic-gate B_FALSE); 158*7c478bd9Sstevel@tonic-gate } else { 159*7c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */ 160*7c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData, 161*7c478bd9Sstevel@tonic-gate ulDataLen, NULL, pulSignatureLen, B_TRUE, 162*7c478bd9Sstevel@tonic-gate B_FALSE); 163*7c478bd9Sstevel@tonic-gate } 164*7c478bd9Sstevel@tonic-gate 165*7c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 166*7c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen); 167*7c478bd9Sstevel@tonic-gate 168*7c478bd9Sstevel@tonic-gate return (rv); 169*7c478bd9Sstevel@tonic-gate } 170*7c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 171*7c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 172*7c478bd9Sstevel@tonic-gate 173*7c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen, 174*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism)); 175*7c478bd9Sstevel@tonic-gate 176*7c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 177*7c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen, 180*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_FALSE)); 181*7c478bd9Sstevel@tonic-gate 182*7c478bd9Sstevel@tonic-gate case CKM_DSA: 183*7c478bd9Sstevel@tonic-gate 184*7c478bd9Sstevel@tonic-gate return (soft_dsa_sign(session_p, pData, ulDataLen, 185*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen)); 186*7c478bd9Sstevel@tonic-gate 187*7c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen, 190*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_FALSE)); 191*7c478bd9Sstevel@tonic-gate 192*7c478bd9Sstevel@tonic-gate default: 193*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 194*7c478bd9Sstevel@tonic-gate } 195*7c478bd9Sstevel@tonic-gate } 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate 198*7c478bd9Sstevel@tonic-gate /* 199*7c478bd9Sstevel@tonic-gate * soft_sign_update() 200*7c478bd9Sstevel@tonic-gate * 201*7c478bd9Sstevel@tonic-gate * Arguments: 202*7c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 203*7c478bd9Sstevel@tonic-gate * pPart: pointer to the input data to be signed 204*7c478bd9Sstevel@tonic-gate * ulPartLen: length of the input data 205*7c478bd9Sstevel@tonic-gate * 206*7c478bd9Sstevel@tonic-gate * Description: 207*7c478bd9Sstevel@tonic-gate * called by C_SignUpdate(). This function calls the corresponding 208*7c478bd9Sstevel@tonic-gate * sign update routine based on the mechanism. 209*7c478bd9Sstevel@tonic-gate * 210*7c478bd9Sstevel@tonic-gate */ 211*7c478bd9Sstevel@tonic-gate CK_RV 212*7c478bd9Sstevel@tonic-gate soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart, 213*7c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen) 214*7c478bd9Sstevel@tonic-gate { 215*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 216*7c478bd9Sstevel@tonic-gate 217*7c478bd9Sstevel@tonic-gate switch (mechanism) { 218*7c478bd9Sstevel@tonic-gate 219*7c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 220*7c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 221*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 222*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 223*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 224*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 225*7c478bd9Sstevel@tonic-gate 226*7c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_update(session_p, pPart, 227*7c478bd9Sstevel@tonic-gate ulPartLen, B_TRUE)); 228*7c478bd9Sstevel@tonic-gate 229*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 230*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 231*7c478bd9Sstevel@tonic-gate 232*7c478bd9Sstevel@tonic-gate return (soft_des_mac_sign_verify_update(session_p, pPart, 233*7c478bd9Sstevel@tonic-gate ulPartLen)); 234*7c478bd9Sstevel@tonic-gate 235*7c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 236*7c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 237*7c478bd9Sstevel@tonic-gate /* 238*7c478bd9Sstevel@tonic-gate * The MD5/SHA1 digest value is accumulated in the context 239*7c478bd9Sstevel@tonic-gate * of the multiple-part digesting operation. In the final 240*7c478bd9Sstevel@tonic-gate * operation, the digest is encoded and then perform RSA 241*7c478bd9Sstevel@tonic-gate * signing. 242*7c478bd9Sstevel@tonic-gate */ 243*7c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 244*7c478bd9Sstevel@tonic-gate 245*7c478bd9Sstevel@tonic-gate return (soft_digest_update(session_p, pPart, ulPartLen)); 246*7c478bd9Sstevel@tonic-gate 247*7c478bd9Sstevel@tonic-gate default: 248*7c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */ 249*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 250*7c478bd9Sstevel@tonic-gate } 251*7c478bd9Sstevel@tonic-gate } 252*7c478bd9Sstevel@tonic-gate 253*7c478bd9Sstevel@tonic-gate 254*7c478bd9Sstevel@tonic-gate /* 255*7c478bd9Sstevel@tonic-gate * soft_sign_final() 256*7c478bd9Sstevel@tonic-gate * 257*7c478bd9Sstevel@tonic-gate * Arguments: 258*7c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 259*7c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing 260*7c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature 261*7c478bd9Sstevel@tonic-gate * 262*7c478bd9Sstevel@tonic-gate * Description: 263*7c478bd9Sstevel@tonic-gate * called by C_SignFinal(). This function calls the corresponding 264*7c478bd9Sstevel@tonic-gate * sign final routine based on the mechanism. 265*7c478bd9Sstevel@tonic-gate * 266*7c478bd9Sstevel@tonic-gate */ 267*7c478bd9Sstevel@tonic-gate CK_RV 268*7c478bd9Sstevel@tonic-gate soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature, 269*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 270*7c478bd9Sstevel@tonic-gate { 271*7c478bd9Sstevel@tonic-gate 272*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 273*7c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 274*7c478bd9Sstevel@tonic-gate 275*7c478bd9Sstevel@tonic-gate switch (mechanism) { 276*7c478bd9Sstevel@tonic-gate 277*7c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 278*7c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 279*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 280*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 281*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 282*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 283*7c478bd9Sstevel@tonic-gate { 284*7c478bd9Sstevel@tonic-gate CK_BYTE hmac[SHA1_HASH_SIZE]; /* use the maximum size */ 285*7c478bd9Sstevel@tonic-gate 286*7c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 287*7c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow */ 288*7c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL, 289*7c478bd9Sstevel@tonic-gate 0, hmac, pulSignatureLen, B_TRUE); 290*7c478bd9Sstevel@tonic-gate } else { 291*7c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */ 292*7c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL, 293*7c478bd9Sstevel@tonic-gate 0, pSignature, pulSignatureLen, B_TRUE); 294*7c478bd9Sstevel@tonic-gate } 295*7c478bd9Sstevel@tonic-gate 296*7c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 297*7c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen); 298*7c478bd9Sstevel@tonic-gate 299*7c478bd9Sstevel@tonic-gate return (rv); 300*7c478bd9Sstevel@tonic-gate } 301*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 302*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 303*7c478bd9Sstevel@tonic-gate { 304*7c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 305*7c478bd9Sstevel@tonic-gate 306*7c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 307*7c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 308*7c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0, 309*7c478bd9Sstevel@tonic-gate signature, pulSignatureLen, B_TRUE, B_TRUE); 310*7c478bd9Sstevel@tonic-gate } else { 311*7c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */ 312*7c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0, 313*7c478bd9Sstevel@tonic-gate NULL, pulSignatureLen, B_TRUE, B_TRUE); 314*7c478bd9Sstevel@tonic-gate } 315*7c478bd9Sstevel@tonic-gate 316*7c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 317*7c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen); 318*7c478bd9Sstevel@tonic-gate 319*7c478bd9Sstevel@tonic-gate return (rv); 320*7c478bd9Sstevel@tonic-gate } 321*7c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 322*7c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 323*7c478bd9Sstevel@tonic-gate 324*7c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, NULL, 0, 325*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_TRUE)); 326*7c478bd9Sstevel@tonic-gate 327*7c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, NULL, 0, 330*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_TRUE)); 331*7c478bd9Sstevel@tonic-gate 332*7c478bd9Sstevel@tonic-gate default: 333*7c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */ 334*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 335*7c478bd9Sstevel@tonic-gate } 336*7c478bd9Sstevel@tonic-gate } 337*7c478bd9Sstevel@tonic-gate 338*7c478bd9Sstevel@tonic-gate 339*7c478bd9Sstevel@tonic-gate CK_RV 340*7c478bd9Sstevel@tonic-gate soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 341*7c478bd9Sstevel@tonic-gate soft_object_t *key_p) 342*7c478bd9Sstevel@tonic-gate { 343*7c478bd9Sstevel@tonic-gate 344*7c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) { 345*7c478bd9Sstevel@tonic-gate 346*7c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 347*7c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 348*7c478bd9Sstevel@tonic-gate 349*7c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 350*7c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 351*7c478bd9Sstevel@tonic-gate 352*7c478bd9Sstevel@tonic-gate default: 353*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 354*7c478bd9Sstevel@tonic-gate } 355*7c478bd9Sstevel@tonic-gate } 356*7c478bd9Sstevel@tonic-gate 357*7c478bd9Sstevel@tonic-gate 358*7c478bd9Sstevel@tonic-gate CK_RV 359*7c478bd9Sstevel@tonic-gate soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData, 360*7c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 361*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 362*7c478bd9Sstevel@tonic-gate { 363*7c478bd9Sstevel@tonic-gate 364*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 365*7c478bd9Sstevel@tonic-gate 366*7c478bd9Sstevel@tonic-gate switch (mechanism) { 367*7c478bd9Sstevel@tonic-gate 368*7c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 369*7c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 370*7c478bd9Sstevel@tonic-gate 371*7c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen, 372*7c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism)); 373*7c478bd9Sstevel@tonic-gate 374*7c478bd9Sstevel@tonic-gate default: 375*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 376*7c478bd9Sstevel@tonic-gate } 377*7c478bd9Sstevel@tonic-gate } 378*7c478bd9Sstevel@tonic-gate 379*7c478bd9Sstevel@tonic-gate /* 380*7c478bd9Sstevel@tonic-gate * This function frees the allocated active crypto context. 381*7c478bd9Sstevel@tonic-gate * It is only called by the first tier of sign/verify routines 382*7c478bd9Sstevel@tonic-gate * and the caller of this function may or may not hold the session mutex. 383*7c478bd9Sstevel@tonic-gate */ 384*7c478bd9Sstevel@tonic-gate void 385*7c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, 386*7c478bd9Sstevel@tonic-gate boolean_t lock_held) 387*7c478bd9Sstevel@tonic-gate { 388*7c478bd9Sstevel@tonic-gate 389*7c478bd9Sstevel@tonic-gate crypto_active_op_t *active_op; 390*7c478bd9Sstevel@tonic-gate boolean_t lock_true = B_TRUE; 391*7c478bd9Sstevel@tonic-gate 392*7c478bd9Sstevel@tonic-gate if (!lock_held) 393*7c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 394*7c478bd9Sstevel@tonic-gate 395*7c478bd9Sstevel@tonic-gate active_op = (sign) ? &(session_p->sign) : &(session_p->verify); 396*7c478bd9Sstevel@tonic-gate 397*7c478bd9Sstevel@tonic-gate switch (active_op->mech.mechanism) { 398*7c478bd9Sstevel@tonic-gate 399*7c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 400*7c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 401*7c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 402*7c478bd9Sstevel@tonic-gate if (session_p->digest.context != NULL) { 403*7c478bd9Sstevel@tonic-gate free(session_p->digest.context); 404*7c478bd9Sstevel@tonic-gate session_p->digest.context = NULL; 405*7c478bd9Sstevel@tonic-gate session_p->digest.flags = 0; 406*7c478bd9Sstevel@tonic-gate } 407*7c478bd9Sstevel@tonic-gate break; 408*7c478bd9Sstevel@tonic-gate 409*7c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 410*7c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 411*7c478bd9Sstevel@tonic-gate case CKM_DSA: 412*7c478bd9Sstevel@tonic-gate break; 413*7c478bd9Sstevel@tonic-gate 414*7c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 415*7c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 416*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 417*7c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 418*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 419*7c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 420*7c478bd9Sstevel@tonic-gate if (active_op->context != NULL) 421*7c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_hmac_ctx_t)); 422*7c478bd9Sstevel@tonic-gate break; 423*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 424*7c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 425*7c478bd9Sstevel@tonic-gate if (session_p->encrypt.context != NULL) { 426*7c478bd9Sstevel@tonic-gate free(session_p->encrypt.context); 427*7c478bd9Sstevel@tonic-gate session_p->encrypt.context = NULL; 428*7c478bd9Sstevel@tonic-gate session_p->encrypt.flags = 0; 429*7c478bd9Sstevel@tonic-gate } 430*7c478bd9Sstevel@tonic-gate if (active_op->context != NULL) 431*7c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_des_ctx_t)); 432*7c478bd9Sstevel@tonic-gate break; 433*7c478bd9Sstevel@tonic-gate 434*7c478bd9Sstevel@tonic-gate } 435*7c478bd9Sstevel@tonic-gate 436*7c478bd9Sstevel@tonic-gate if (active_op->context != NULL) { 437*7c478bd9Sstevel@tonic-gate free(active_op->context); 438*7c478bd9Sstevel@tonic-gate active_op->context = NULL; 439*7c478bd9Sstevel@tonic-gate } 440*7c478bd9Sstevel@tonic-gate 441*7c478bd9Sstevel@tonic-gate active_op->flags = 0; 442*7c478bd9Sstevel@tonic-gate 443*7c478bd9Sstevel@tonic-gate if (!lock_held) 444*7c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_true); 445*7c478bd9Sstevel@tonic-gate } 446