17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 23*f66d273dSizick * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #include <stdlib.h> 307c478bd9Sstevel@tonic-gate #include <strings.h> 317c478bd9Sstevel@tonic-gate #include <sys/types.h> 327c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 337c478bd9Sstevel@tonic-gate #include "softObject.h" 347c478bd9Sstevel@tonic-gate #include "softOps.h" 357c478bd9Sstevel@tonic-gate #include "softSession.h" 367c478bd9Sstevel@tonic-gate #include "softMAC.h" 377c478bd9Sstevel@tonic-gate #include "softRSA.h" 387c478bd9Sstevel@tonic-gate #include "softDSA.h" 397c478bd9Sstevel@tonic-gate #include "softCrypt.h" 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate /* 427c478bd9Sstevel@tonic-gate * soft_sign_init() 437c478bd9Sstevel@tonic-gate * 447c478bd9Sstevel@tonic-gate * Arguments: 457c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 467c478bd9Sstevel@tonic-gate * pMechanism: pointer to CK_MECHANISM struct provided by application 477c478bd9Sstevel@tonic-gate * key_p: pointer to key soft_object_t struct 487c478bd9Sstevel@tonic-gate * 497c478bd9Sstevel@tonic-gate * Description: 507c478bd9Sstevel@tonic-gate * called by C_SignInit(). This function calls the corresponding 517c478bd9Sstevel@tonic-gate * sign init routine based on the mechanism. 527c478bd9Sstevel@tonic-gate * 537c478bd9Sstevel@tonic-gate */ 547c478bd9Sstevel@tonic-gate CK_RV 557c478bd9Sstevel@tonic-gate soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 567c478bd9Sstevel@tonic-gate soft_object_t *key_p) 577c478bd9Sstevel@tonic-gate { 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) { 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 627c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 637c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 647c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 657c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 667c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 67*f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 68*f66d273dSizick case CKM_SHA256_HMAC: 69*f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 70*f66d273dSizick case CKM_SHA384_HMAC: 71*f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 72*f66d273dSizick case CKM_SHA512_HMAC: 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_init_common(session_p, 757c478bd9Sstevel@tonic-gate pMechanism, key_p, B_TRUE)); 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 787c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 797c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 807c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 81*f66d273dSizick case CKM_SHA256_RSA_PKCS: 82*f66d273dSizick case CKM_SHA384_RSA_PKCS: 83*f66d273dSizick case CKM_SHA512_RSA_PKCS: 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 867c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gate case CKM_DSA: 897c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate return (soft_dsa_sign_verify_init_common(session_p, pMechanism, 927c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 957c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 967c478bd9Sstevel@tonic-gate 977c478bd9Sstevel@tonic-gate return (soft_des_sign_verify_init_common(session_p, pMechanism, 987c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate default: 1017c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 1027c478bd9Sstevel@tonic-gate } 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate } 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate 1077c478bd9Sstevel@tonic-gate /* 1087c478bd9Sstevel@tonic-gate * soft_sign() 1097c478bd9Sstevel@tonic-gate * 1107c478bd9Sstevel@tonic-gate * Arguments: 1117c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 1127c478bd9Sstevel@tonic-gate * pData: pointer to the input data to be signed 1137c478bd9Sstevel@tonic-gate * ulDataLen: length of the input data 1147c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing 1157c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature 1167c478bd9Sstevel@tonic-gate * 1177c478bd9Sstevel@tonic-gate * Description: 1187c478bd9Sstevel@tonic-gate * called by C_Sign(). This function calls the corresponding 1197c478bd9Sstevel@tonic-gate * sign routine based on the mechanism. 1207c478bd9Sstevel@tonic-gate * 1217c478bd9Sstevel@tonic-gate */ 1227c478bd9Sstevel@tonic-gate CK_RV 1237c478bd9Sstevel@tonic-gate soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData, 1247c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 1257c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 1267c478bd9Sstevel@tonic-gate { 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 1297c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 1307c478bd9Sstevel@tonic-gate 1317c478bd9Sstevel@tonic-gate switch (mechanism) { 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 1347c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 1357c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 1367c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 1377c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 1387c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 139*f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 140*f66d273dSizick case CKM_SHA256_HMAC: 141*f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 142*f66d273dSizick case CKM_SHA384_HMAC: 143*f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 144*f66d273dSizick case CKM_SHA512_HMAC: 1457c478bd9Sstevel@tonic-gate { 146*f66d273dSizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 1497c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 1507c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData, 1517c478bd9Sstevel@tonic-gate ulDataLen, hmac, pulSignatureLen, B_TRUE); 1527c478bd9Sstevel@tonic-gate } else { 1537c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */ 1547c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData, 1557c478bd9Sstevel@tonic-gate ulDataLen, pSignature, pulSignatureLen, B_TRUE); 1567c478bd9Sstevel@tonic-gate } 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 1597c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen); 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate return (rv); 1627c478bd9Sstevel@tonic-gate } 1637c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 1647c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 1657c478bd9Sstevel@tonic-gate { 1667c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 1697c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 1707c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData, 1717c478bd9Sstevel@tonic-gate ulDataLen, signature, pulSignatureLen, B_TRUE, 1727c478bd9Sstevel@tonic-gate B_FALSE); 1737c478bd9Sstevel@tonic-gate } else { 1747c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */ 1757c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData, 1767c478bd9Sstevel@tonic-gate ulDataLen, NULL, pulSignatureLen, B_TRUE, 1777c478bd9Sstevel@tonic-gate B_FALSE); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 1817c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen); 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate return (rv); 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 1867c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen, 1897c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism)); 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 1927c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 193*f66d273dSizick case CKM_SHA256_RSA_PKCS: 194*f66d273dSizick case CKM_SHA384_RSA_PKCS: 195*f66d273dSizick case CKM_SHA512_RSA_PKCS: 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen, 1987c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_FALSE)); 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate case CKM_DSA: 2017c478bd9Sstevel@tonic-gate 2027c478bd9Sstevel@tonic-gate return (soft_dsa_sign(session_p, pData, ulDataLen, 2037c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen)); 2047c478bd9Sstevel@tonic-gate 2057c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 2067c478bd9Sstevel@tonic-gate 2077c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen, 2087c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_FALSE)); 2097c478bd9Sstevel@tonic-gate 2107c478bd9Sstevel@tonic-gate default: 2117c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 2127c478bd9Sstevel@tonic-gate } 2137c478bd9Sstevel@tonic-gate } 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate 2167c478bd9Sstevel@tonic-gate /* 2177c478bd9Sstevel@tonic-gate * soft_sign_update() 2187c478bd9Sstevel@tonic-gate * 2197c478bd9Sstevel@tonic-gate * Arguments: 2207c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 2217c478bd9Sstevel@tonic-gate * pPart: pointer to the input data to be signed 2227c478bd9Sstevel@tonic-gate * ulPartLen: length of the input data 2237c478bd9Sstevel@tonic-gate * 2247c478bd9Sstevel@tonic-gate * Description: 2257c478bd9Sstevel@tonic-gate * called by C_SignUpdate(). This function calls the corresponding 2267c478bd9Sstevel@tonic-gate * sign update routine based on the mechanism. 2277c478bd9Sstevel@tonic-gate * 2287c478bd9Sstevel@tonic-gate */ 2297c478bd9Sstevel@tonic-gate CK_RV 2307c478bd9Sstevel@tonic-gate soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart, 2317c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen) 2327c478bd9Sstevel@tonic-gate { 2337c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate switch (mechanism) { 2367c478bd9Sstevel@tonic-gate 2377c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 2387c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 2397c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 2407c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 2417c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 2427c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 243*f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 244*f66d273dSizick case CKM_SHA256_HMAC: 245*f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 246*f66d273dSizick case CKM_SHA384_HMAC: 247*f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 248*f66d273dSizick case CKM_SHA512_HMAC: 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate return (soft_hmac_sign_verify_update(session_p, pPart, 2517c478bd9Sstevel@tonic-gate ulPartLen, B_TRUE)); 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 2547c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 2557c478bd9Sstevel@tonic-gate 2567c478bd9Sstevel@tonic-gate return (soft_des_mac_sign_verify_update(session_p, pPart, 2577c478bd9Sstevel@tonic-gate ulPartLen)); 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 2607c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 261*f66d273dSizick case CKM_SHA256_RSA_PKCS: 262*f66d273dSizick case CKM_SHA384_RSA_PKCS: 263*f66d273dSizick case CKM_SHA512_RSA_PKCS: 2647c478bd9Sstevel@tonic-gate /* 2657c478bd9Sstevel@tonic-gate * The MD5/SHA1 digest value is accumulated in the context 2667c478bd9Sstevel@tonic-gate * of the multiple-part digesting operation. In the final 2677c478bd9Sstevel@tonic-gate * operation, the digest is encoded and then perform RSA 2687c478bd9Sstevel@tonic-gate * signing. 2697c478bd9Sstevel@tonic-gate */ 2707c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 2717c478bd9Sstevel@tonic-gate 2727c478bd9Sstevel@tonic-gate return (soft_digest_update(session_p, pPart, ulPartLen)); 2737c478bd9Sstevel@tonic-gate 2747c478bd9Sstevel@tonic-gate default: 2757c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */ 2767c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 2777c478bd9Sstevel@tonic-gate } 2787c478bd9Sstevel@tonic-gate } 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate 2817c478bd9Sstevel@tonic-gate /* 2827c478bd9Sstevel@tonic-gate * soft_sign_final() 2837c478bd9Sstevel@tonic-gate * 2847c478bd9Sstevel@tonic-gate * Arguments: 2857c478bd9Sstevel@tonic-gate * session_p: pointer to soft_session_t struct 2867c478bd9Sstevel@tonic-gate * pSignature: pointer to the signature after signing 2877c478bd9Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature 2887c478bd9Sstevel@tonic-gate * 2897c478bd9Sstevel@tonic-gate * Description: 2907c478bd9Sstevel@tonic-gate * called by C_SignFinal(). This function calls the corresponding 2917c478bd9Sstevel@tonic-gate * sign final routine based on the mechanism. 2927c478bd9Sstevel@tonic-gate * 2937c478bd9Sstevel@tonic-gate */ 2947c478bd9Sstevel@tonic-gate CK_RV 2957c478bd9Sstevel@tonic-gate soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature, 2967c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 2977c478bd9Sstevel@tonic-gate { 2987c478bd9Sstevel@tonic-gate 2997c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 3007c478bd9Sstevel@tonic-gate CK_RV rv = CKR_OK; 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate switch (mechanism) { 3037c478bd9Sstevel@tonic-gate 3047c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 3057c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 3067c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 3077c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 3087c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 3097c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 310*f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 311*f66d273dSizick case CKM_SHA256_HMAC: 312*f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 313*f66d273dSizick case CKM_SHA384_HMAC: 314*f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 315*f66d273dSizick case CKM_SHA512_HMAC: 3167c478bd9Sstevel@tonic-gate { 317*f66d273dSizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */ 3187c478bd9Sstevel@tonic-gate 3197c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 3207c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow */ 3217c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL, 3227c478bd9Sstevel@tonic-gate 0, hmac, pulSignatureLen, B_TRUE); 3237c478bd9Sstevel@tonic-gate } else { 3247c478bd9Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */ 3257c478bd9Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL, 3267c478bd9Sstevel@tonic-gate 0, pSignature, pulSignatureLen, B_TRUE); 3277c478bd9Sstevel@tonic-gate } 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 3307c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen); 3317c478bd9Sstevel@tonic-gate 3327c478bd9Sstevel@tonic-gate return (rv); 3337c478bd9Sstevel@tonic-gate } 3347c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 3357c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 3367c478bd9Sstevel@tonic-gate { 3377c478bd9Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */ 3387c478bd9Sstevel@tonic-gate 3397c478bd9Sstevel@tonic-gate if (pSignature != NULL) { 3407c478bd9Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */ 3417c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0, 3427c478bd9Sstevel@tonic-gate signature, pulSignatureLen, B_TRUE, B_TRUE); 3437c478bd9Sstevel@tonic-gate } else { 3447c478bd9Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */ 3457c478bd9Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0, 3467c478bd9Sstevel@tonic-gate NULL, pulSignatureLen, B_TRUE, B_TRUE); 3477c478bd9Sstevel@tonic-gate } 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL)) 3507c478bd9Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen); 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate return (rv); 3537c478bd9Sstevel@tonic-gate } 3547c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 3557c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 356*f66d273dSizick case CKM_SHA256_RSA_PKCS: 357*f66d273dSizick case CKM_SHA384_RSA_PKCS: 358*f66d273dSizick case CKM_SHA512_RSA_PKCS: 3597c478bd9Sstevel@tonic-gate 3607c478bd9Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, NULL, 0, 3617c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_TRUE)); 3627c478bd9Sstevel@tonic-gate 3637c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 3647c478bd9Sstevel@tonic-gate 3657c478bd9Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, NULL, 0, 3667c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, B_TRUE)); 3677c478bd9Sstevel@tonic-gate 3687c478bd9Sstevel@tonic-gate default: 3697c478bd9Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */ 3707c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 3717c478bd9Sstevel@tonic-gate } 3727c478bd9Sstevel@tonic-gate } 3737c478bd9Sstevel@tonic-gate 3747c478bd9Sstevel@tonic-gate 3757c478bd9Sstevel@tonic-gate CK_RV 3767c478bd9Sstevel@tonic-gate soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, 3777c478bd9Sstevel@tonic-gate soft_object_t *key_p) 3787c478bd9Sstevel@tonic-gate { 3797c478bd9Sstevel@tonic-gate 3807c478bd9Sstevel@tonic-gate switch (pMechanism->mechanism) { 3817c478bd9Sstevel@tonic-gate 3827c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 3837c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism, 3867c478bd9Sstevel@tonic-gate key_p, B_TRUE)); 3877c478bd9Sstevel@tonic-gate 3887c478bd9Sstevel@tonic-gate default: 3897c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 3907c478bd9Sstevel@tonic-gate } 3917c478bd9Sstevel@tonic-gate } 3927c478bd9Sstevel@tonic-gate 3937c478bd9Sstevel@tonic-gate 3947c478bd9Sstevel@tonic-gate CK_RV 3957c478bd9Sstevel@tonic-gate soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData, 3967c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 3977c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 3987c478bd9Sstevel@tonic-gate { 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism; 4017c478bd9Sstevel@tonic-gate 4027c478bd9Sstevel@tonic-gate switch (mechanism) { 4037c478bd9Sstevel@tonic-gate 4047c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 4057c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen, 4087c478bd9Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism)); 4097c478bd9Sstevel@tonic-gate 4107c478bd9Sstevel@tonic-gate default: 4117c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 4127c478bd9Sstevel@tonic-gate } 4137c478bd9Sstevel@tonic-gate } 4147c478bd9Sstevel@tonic-gate 4157c478bd9Sstevel@tonic-gate /* 4167c478bd9Sstevel@tonic-gate * This function frees the allocated active crypto context. 4177c478bd9Sstevel@tonic-gate * It is only called by the first tier of sign/verify routines 4187c478bd9Sstevel@tonic-gate * and the caller of this function may or may not hold the session mutex. 4197c478bd9Sstevel@tonic-gate */ 4207c478bd9Sstevel@tonic-gate void 4217c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, 4227c478bd9Sstevel@tonic-gate boolean_t lock_held) 4237c478bd9Sstevel@tonic-gate { 4247c478bd9Sstevel@tonic-gate 4257c478bd9Sstevel@tonic-gate crypto_active_op_t *active_op; 4267c478bd9Sstevel@tonic-gate boolean_t lock_true = B_TRUE; 4277c478bd9Sstevel@tonic-gate 4287c478bd9Sstevel@tonic-gate if (!lock_held) 4297c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 4307c478bd9Sstevel@tonic-gate 4317c478bd9Sstevel@tonic-gate active_op = (sign) ? &(session_p->sign) : &(session_p->verify); 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate switch (active_op->mech.mechanism) { 4347c478bd9Sstevel@tonic-gate 4357c478bd9Sstevel@tonic-gate case CKM_MD5_RSA_PKCS: 4367c478bd9Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS: 437*f66d273dSizick case CKM_SHA256_RSA_PKCS: 438*f66d273dSizick case CKM_SHA384_RSA_PKCS: 439*f66d273dSizick case CKM_SHA512_RSA_PKCS: 4407c478bd9Sstevel@tonic-gate case CKM_DSA_SHA1: 4417c478bd9Sstevel@tonic-gate if (session_p->digest.context != NULL) { 4427c478bd9Sstevel@tonic-gate free(session_p->digest.context); 4437c478bd9Sstevel@tonic-gate session_p->digest.context = NULL; 4447c478bd9Sstevel@tonic-gate session_p->digest.flags = 0; 4457c478bd9Sstevel@tonic-gate } 4467c478bd9Sstevel@tonic-gate break; 4477c478bd9Sstevel@tonic-gate 4487c478bd9Sstevel@tonic-gate case CKM_RSA_PKCS: 4497c478bd9Sstevel@tonic-gate case CKM_RSA_X_509: 4507c478bd9Sstevel@tonic-gate case CKM_DSA: 4517c478bd9Sstevel@tonic-gate break; 4527c478bd9Sstevel@tonic-gate 4537c478bd9Sstevel@tonic-gate case CKM_SSL3_MD5_MAC: 4547c478bd9Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC: 4557c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL: 4567c478bd9Sstevel@tonic-gate case CKM_MD5_HMAC: 4577c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL: 4587c478bd9Sstevel@tonic-gate case CKM_SHA_1_HMAC: 459*f66d273dSizick case CKM_SHA256_HMAC_GENERAL: 460*f66d273dSizick case CKM_SHA256_HMAC: 461*f66d273dSizick case CKM_SHA384_HMAC_GENERAL: 462*f66d273dSizick case CKM_SHA384_HMAC: 463*f66d273dSizick case CKM_SHA512_HMAC_GENERAL: 464*f66d273dSizick case CKM_SHA512_HMAC: 4657c478bd9Sstevel@tonic-gate if (active_op->context != NULL) 4667c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_hmac_ctx_t)); 4677c478bd9Sstevel@tonic-gate break; 4687c478bd9Sstevel@tonic-gate case CKM_DES_MAC_GENERAL: 4697c478bd9Sstevel@tonic-gate case CKM_DES_MAC: 4707c478bd9Sstevel@tonic-gate if (session_p->encrypt.context != NULL) { 4717c478bd9Sstevel@tonic-gate free(session_p->encrypt.context); 4727c478bd9Sstevel@tonic-gate session_p->encrypt.context = NULL; 4737c478bd9Sstevel@tonic-gate session_p->encrypt.flags = 0; 4747c478bd9Sstevel@tonic-gate } 4757c478bd9Sstevel@tonic-gate if (active_op->context != NULL) 4767c478bd9Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_des_ctx_t)); 4777c478bd9Sstevel@tonic-gate break; 4787c478bd9Sstevel@tonic-gate 4797c478bd9Sstevel@tonic-gate } 4807c478bd9Sstevel@tonic-gate 4817c478bd9Sstevel@tonic-gate if (active_op->context != NULL) { 4827c478bd9Sstevel@tonic-gate free(active_op->context); 4837c478bd9Sstevel@tonic-gate active_op->context = NULL; 4847c478bd9Sstevel@tonic-gate } 4857c478bd9Sstevel@tonic-gate 4867c478bd9Sstevel@tonic-gate active_op->flags = 0; 4877c478bd9Sstevel@tonic-gate 4887c478bd9Sstevel@tonic-gate if (!lock_held) 4897c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_true); 4907c478bd9Sstevel@tonic-gate } 491