1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <pthread.h>
30 #include <errno.h>
31 #include <stdio.h>
32 #include <strings.h>
33 #include <sys/crypto/ioctl.h>
34 #include <security/cryptoki.h>
35 #include <security/pkcs11t.h>
36 #include "softSession.h"
37 #include "softObject.h"
38 #include "softOps.h"
39 #include "softMAC.h"
40 #include "kernelSoftCommon.h"
41
42 /*
43 * Do the operation(s) specified by opflag.
44 */
45 CK_RV
46 do_soft_digest(void **s, CK_MECHANISM_PTR pMechanism, CK_BYTE_PTR pData,
47 CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen,
48 int opflag)
49 {
50 soft_session_t *session_p;
51 CK_RV rv = CKR_ARGUMENTS_BAD;
52
53 session_p = *((soft_session_t **)s);
54 if (session_p == NULL) {
55 if (!(opflag & OP_INIT)) {
56 return (CKR_ARGUMENTS_BAD);
57 }
58
59 session_p = calloc(1, sizeof (soft_session_t));
60 /*
61 * Initialize the lock for the newly created session.
62 * We do only the minimum needed setup for the
63 * soft_digest* routines to succeed.
64 */
65 if (pthread_mutex_init(&session_p->session_mutex, NULL) != 0) {
66 free(session_p);
67 return (CKR_CANT_LOCK);
68 }
69
70 *s = session_p;
71 } else if (opflag & OP_INIT) {
72 free_soft_ctx(session_p, OP_DIGEST);
73 }
74
75 if (opflag & OP_INIT) {
76 rv = soft_digest_init(session_p, pMechanism);
77 if (rv != CKR_OK)
78 return (rv);
79 }
80
81 if (opflag & OP_SINGLE) {
82 rv = soft_digest(session_p, pData, ulDataLen,
83 pDigest, pulDigestLen);
84 } else {
85 if (opflag & OP_UPDATE) {
86 rv = soft_digest_update(session_p, pData, ulDataLen);
87 if (rv != CKR_OK)
88 return (rv);
89 }
90
91 if (opflag & OP_FINAL) {
92 rv = soft_digest_final(session_p,
93 pDigest, pulDigestLen);
94 }
95 }
96
97 return (rv);
98 }
99
100 /*
101 * opflag specifies whether this is a sign or verify.
102 */
103 CK_RV
104 do_soft_hmac_init(void **s, CK_MECHANISM_PTR pMechanism,
105 CK_BYTE_PTR kval, CK_ULONG klen, int opflag)
106 {
107 CK_RV rv;
108 soft_object_t keyobj;
109 secret_key_obj_t skeyobj;
110 soft_object_t *key_p;
111 soft_session_t *session_p;
112
113 session_p = *((soft_session_t **)s);
114 if (session_p == NULL) {
115 session_p = calloc(1, sizeof (soft_session_t));
116 /* See comments in do_soft_digest() above */
117 if (pthread_mutex_init(&session_p->session_mutex, NULL) != 0) {
118 free(session_p);
119 return (CKR_CANT_LOCK);
120 }
121
122 *s = session_p;
123 } else if (opflag & OP_INIT) {
124 free_soft_ctx(session_p, opflag);
125 }
126
127 /* Do the minimum needed setup for the call to succeed */
128 key_p = &keyobj;
129 bzero(key_p, sizeof (soft_object_t));
130 key_p->class = CKO_SECRET_KEY;
131 key_p->key_type = CKK_GENERIC_SECRET;
132
133 bzero(&skeyobj, sizeof (secret_key_obj_t));
134 OBJ_SEC(key_p) = &skeyobj;
135 OBJ_SEC_VALUE(key_p) = kval;
136 OBJ_SEC_VALUE_LEN(key_p) = klen;
137
138 rv = soft_hmac_sign_verify_init_common(session_p, pMechanism,
139 key_p, opflag & OP_SIGN);
140
141 return (rv);
142 }
143
144 /*
145 * opflag specifies whether this is a sign or verify.
146 */
147 CK_RV
148 do_soft_hmac_update(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen, int opflag)
149 {
150 soft_session_t *session_p;
151
152 session_p = *((soft_session_t **)s);
153 if (session_p == NULL) {
154 return (CKR_ARGUMENTS_BAD);
155 }
156
157 return (soft_hmac_sign_verify_update(session_p,
158 pData, ulDataLen, opflag & OP_SIGN));
159 }
160
161 /*
162 * opflag specifies whether this is a final or single.
163 */
164 CK_RV
165 do_soft_hmac_sign(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
166 CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen, int opflag)
167 {
168 CK_RV rv;
169 soft_session_t *session_p;
170 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
171
172 session_p = *((soft_session_t **)s);
173 if (session_p == NULL || !(opflag & OP_SINGLE || opflag & OP_FINAL)) {
174 return (CKR_ARGUMENTS_BAD);
175 }
176
177 rv = soft_hmac_sign_verify_common(session_p, pData, ulDataLen,
178 (pSignature != NULL ? hmac : NULL), pulSignatureLen, B_TRUE);
179
180 if ((rv == CKR_OK) && (pSignature != NULL)) {
181 (void) memcpy(pSignature, hmac, *pulSignatureLen);
182 }
183
184 return (rv);
185 }
186
187 /*
188 * opflag specifies whether this is a final or single.
189 */
190 CK_RV
191 do_soft_hmac_verify(void **s, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
192 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, int opflag)
193 {
194 CK_RV rv;
195 CK_ULONG len;
196 soft_session_t *session_p;
197 soft_hmac_ctx_t *hmac_ctx;
198 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
199
200 session_p = *((soft_session_t **)s);
201 if (session_p == NULL || !(opflag & OP_SINGLE || opflag & OP_FINAL)) {
202 return (CKR_ARGUMENTS_BAD);
203 }
204
205 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
206 len = hmac_ctx->hmac_len;
207
208 rv = soft_hmac_sign_verify_common(session_p, pData,
209 ulDataLen, hmac, &len, B_FALSE);
210
211 if (rv == CKR_OK) {
212 if (len != ulSignatureLen) {
213 rv = CKR_SIGNATURE_LEN_RANGE;
214 }
215
216 if (memcmp(hmac, pSignature, len) != 0) {
217 rv = CKR_SIGNATURE_INVALID;
218 }
219 }
220
221 return (rv);
222 }
223
224 /*
225 * Helper routine to handle the case when the ctx is abandoned.
226 */
227 void
228 free_soft_ctx(void *s, int opflag)
229 {
230 soft_session_t *session_p;
231
232 session_p = (soft_session_t *)s;
233 if (session_p == NULL)
234 return;
235
236 if (opflag & OP_SIGN) {
237 if (session_p->sign.context == NULL)
238 return;
239 bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t));
240 free(session_p->sign.context);
241 session_p->sign.context = NULL;
242 session_p->sign.flags = 0;
243 } else if (opflag & OP_VERIFY) {
244 if (session_p->verify.context == NULL)
245 return;
246 bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t));
247 free(session_p->verify.context);
248 session_p->verify.context = NULL;
249 session_p->verify.flags = 0;
250 } else {
251 if (session_p->digest.context == NULL)
252 return;
253 free(session_p->digest.context);
254 session_p->digest.context = NULL;
255 session_p->digest.flags = 0;
256 }
257 }