Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.

  25  */
  26 
  27 #include <pthread.h>
  28 #include <stdlib.h>
  29 #include <string.h>
  30 #include <strings.h>
  31 #include <sys/types.h>
  32 #include <security/cryptoki.h>
  33 #include <aes_impl.h>
  34 #include "softSession.h"
  35 #include "softObject.h"
  36 #include "softCrypt.h"
  37 #include "softOps.h"
  38 
  39 /*
  40  * Allocate context for the active encryption or decryption operation, and
  41  * generate AES key schedule to speed up the operation.
  42  */
  43 CK_RV
  44 soft_aes_crypt_init_common(soft_session_t *session_p,


 471                 /*
 472                  * Even though success means we've encrypted all of the input,
 473                  * we should still behave like the other functions and return
 474                  * the encrypted length in pulEncryptedLen
 475                  */
 476                 *pulEncryptedLen = ulDataLen;
 477         }
 478         } /* end switch */
 479 
 480         if (update)
 481                 return (CKR_OK);
 482 
 483         /*
 484          * The following code will be executed if the caller is
 485          * soft_encrypt() or an error occurred. The encryption
 486          * operation will be terminated so we need to do some cleanup.
 487          */
 488 cleanup:
 489         (void) pthread_mutex_lock(&session_p->session_mutex);
 490         aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc;
 491         if (aes_ctx != NULL) {
 492                 bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len);
 493                 free(soft_aes_ctx->aes_cbc);









 494         }
 495 
 496         bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
 497         free(soft_aes_ctx->key_sched);
 498         free(session_p->encrypt.context);
 499         session_p->encrypt.context = NULL;
 500         (void) pthread_mutex_unlock(&session_p->session_mutex);
 501 
 502         return (rv);
 503 }
 504 
 505 
 506 /*
 507  * soft_aes_decrypt_common()
 508  *
 509  * Arguments:
 510  *      session_p:      pointer to soft_session_t struct
 511  *      pEncrypted:     pointer to the input data to be decrypted
 512  *      ulEncryptedLen: length of the input data
 513  *      pData:          pointer to the output data
 514  *      pulDataLen:     pointer to the length of the output data
 515  *      Update:         boolean flag indicates caller is soft_decrypt
 516  *                      or soft_decrypt_update
 517  *
 518  * Description:


 834                  * Even though success means we've decrypted all of the input,
 835                  * we should still behave like the other functions and return
 836                  * the decrypted length in pulDataLen
 837                  */
 838                 *pulDataLen = ulEncryptedLen;
 839 
 840         }
 841         } /* end switch */
 842 
 843         if (update)
 844                 return (CKR_OK);
 845 
 846         /*
 847          * The following code will be executed if the caller is
 848          * soft_decrypt() or an error occurred. The decryption
 849          * operation will be terminated so we need to do some cleanup.
 850          */
 851 cleanup:
 852         (void) pthread_mutex_lock(&session_p->session_mutex);
 853         aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc;
 854         if (aes_ctx != NULL) {
 855                 bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len);
 856                 free(soft_aes_ctx->aes_cbc);
 857         }
 858 
 859         bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
 860         free(soft_aes_ctx->key_sched);
 861         free(session_p->decrypt.context);
 862         session_p->decrypt.context = NULL;
 863         (void) pthread_mutex_unlock(&session_p->session_mutex);
 864 
 865         return (rv);
 866 }
 867 
 868 
 869 /*
 870  * Allocate and initialize a context for AES CBC mode of operation.
 871  */
 872 void *
 873 aes_cbc_ctx_init(void *key_sched, size_t size, uint8_t *ivec)
 874 {
 875 
 876         cbc_ctx_t *cbc_ctx;
 877 
 878         if ((cbc_ctx = calloc(1, sizeof (cbc_ctx_t))) == NULL)
 879                 return (NULL);
 880 
 881         cbc_ctx->cbc_keysched = key_sched;




   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  25  * Copyright (c) 2018, Joyent, Inc.
  26  */
  27 
  28 #include <pthread.h>
  29 #include <stdlib.h>
  30 #include <string.h>
  31 #include <strings.h>
  32 #include <sys/types.h>
  33 #include <security/cryptoki.h>
  34 #include <aes_impl.h>
  35 #include "softSession.h"
  36 #include "softObject.h"
  37 #include "softCrypt.h"
  38 #include "softOps.h"
  39 
  40 /*
  41  * Allocate context for the active encryption or decryption operation, and
  42  * generate AES key schedule to speed up the operation.
  43  */
  44 CK_RV
  45 soft_aes_crypt_init_common(soft_session_t *session_p,


 472                 /*
 473                  * Even though success means we've encrypted all of the input,
 474                  * we should still behave like the other functions and return
 475                  * the encrypted length in pulEncryptedLen
 476                  */
 477                 *pulEncryptedLen = ulDataLen;
 478         }
 479         } /* end switch */
 480 
 481         if (update)
 482                 return (CKR_OK);
 483 
 484         /*
 485          * The following code will be executed if the caller is
 486          * soft_encrypt() or an error occurred. The encryption
 487          * operation will be terminated so we need to do some cleanup.
 488          */
 489 cleanup:
 490         (void) pthread_mutex_lock(&session_p->session_mutex);
 491         aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc;
 492         switch (mechanism) {
 493         case CKM_AES_ECB:
 494                 freezero(aes_ctx, sizeof (ecb_ctx_t));
 495                 break;
 496         case CKM_AES_CMAC:
 497         case CKM_AES_CBC:
 498         case CKM_AES_CBC_PAD:
 499                 freezero(aes_ctx, sizeof (cbc_ctx_t));
 500                 break;
 501         case CKM_AES_CTR:
 502                 freezero(aes_ctx, sizeof (ctr_ctx_t));
 503                 break;
 504         }
 505         freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
 506         freezero(session_p->encrypt.context, sizeof (soft_aes_ctx_t));


 507         session_p->encrypt.context = NULL;
 508         (void) pthread_mutex_unlock(&session_p->session_mutex);
 509 
 510         return (rv);
 511 }
 512 
 513 
 514 /*
 515  * soft_aes_decrypt_common()
 516  *
 517  * Arguments:
 518  *      session_p:      pointer to soft_session_t struct
 519  *      pEncrypted:     pointer to the input data to be decrypted
 520  *      ulEncryptedLen: length of the input data
 521  *      pData:          pointer to the output data
 522  *      pulDataLen:     pointer to the length of the output data
 523  *      Update:         boolean flag indicates caller is soft_decrypt
 524  *                      or soft_decrypt_update
 525  *
 526  * Description:


 842                  * Even though success means we've decrypted all of the input,
 843                  * we should still behave like the other functions and return
 844                  * the decrypted length in pulDataLen
 845                  */
 846                 *pulDataLen = ulEncryptedLen;
 847 
 848         }
 849         } /* end switch */
 850 
 851         if (update)
 852                 return (CKR_OK);
 853 
 854         /*
 855          * The following code will be executed if the caller is
 856          * soft_decrypt() or an error occurred. The decryption
 857          * operation will be terminated so we need to do some cleanup.
 858          */
 859 cleanup:
 860         (void) pthread_mutex_lock(&session_p->session_mutex);
 861         aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc;
 862         free(aes_ctx);
 863         freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
 864         freezero(session_p->decrypt.context, sizeof (soft_aes_ctx_t));





 865         session_p->decrypt.context = NULL;
 866         (void) pthread_mutex_unlock(&session_p->session_mutex);
 867 
 868         return (rv);
 869 }
 870 
 871 
 872 /*
 873  * Allocate and initialize a context for AES CBC mode of operation.
 874  */
 875 void *
 876 aes_cbc_ctx_init(void *key_sched, size_t size, uint8_t *ivec)
 877 {
 878 
 879         cbc_ctx_t *cbc_ctx;
 880 
 881         if ((cbc_ctx = calloc(1, sizeof (cbc_ctx_t))) == NULL)
 882                 return (NULL);
 883 
 884         cbc_ctx->cbc_keysched = key_sched;