Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 + * Copyright (c) 2018, Joyent, Inc.
24 25 */
25 26
26 27 #include <pthread.h>
27 28 #include <stdlib.h>
28 29 #include <string.h>
29 30 #include <strings.h>
30 31 #include <sys/types.h>
31 32 #include <security/cryptoki.h>
32 33 #include <modes/modes.h>
33 34 #include <arcfour.h>
34 35 #include "softSession.h"
35 36 #include "softObject.h"
36 37 #include "softOps.h"
37 38 #include "softCrypt.h"
38 39 #include "softRSA.h"
39 40
40 41 /*
41 42 * Remove padding bytes.
42 43 */
43 44 CK_RV
44 45 soft_remove_pkcs7_padding(CK_BYTE *pData, CK_ULONG padded_len,
45 46 CK_ULONG *pulDataLen)
46 47 {
47 48 CK_RV rv;
48 49
49 50 #ifdef __sparcv9
50 51 if ((rv = pkcs7_decode(pData, (&padded_len))) != CKR_OK)
51 52 #else /* !__sparcv9 */
52 53 if ((rv = pkcs7_decode(pData, (size_t *)(&padded_len))) != CKR_OK)
53 54 #endif /* __sparcv9 */
54 55 return (rv);
55 56
56 57 *pulDataLen = padded_len;
57 58 return (CKR_OK);
58 59 }
59 60
60 61
61 62 /*
62 63 * soft_decrypt_init()
63 64 *
64 65 * Arguments:
65 66 * session_p: pointer to soft_session_t struct
66 67 * pMechanism: pointer to CK_MECHANISM struct provided by application
67 68 * key_p: pointer to key soft_object_t struct
68 69 *
69 70 * Description:
70 71 * called by C_DecryptInit(). This function calls the corresponding
71 72 * decrypt init routine based on the mechanism.
72 73 *
73 74 * Returns:
74 75 * CKR_OK: success
75 76 * CKR_HOST_MEMORY: run out of system memory
76 77 * CKR_MECHANISM_PARAM_INVALID: invalid parameters in mechanism
77 78 * CKR_MECHANISM_INVALID: invalid mechanism type
78 79 * CKR_KEY_TYPE_INCONSISTENT: incorrect type of key to use
79 80 * with the specified mechanism
80 81 */
81 82 CK_RV
82 83 soft_decrypt_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
83 84 soft_object_t *key_p)
84 85 {
85 86
86 87 CK_RV rv;
87 88
88 89 switch (pMechanism->mechanism) {
89 90
90 91 case CKM_DES_ECB:
91 92
92 93 if (key_p->key_type != CKK_DES) {
93 94 return (CKR_KEY_TYPE_INCONSISTENT);
94 95 }
95 96
96 97 goto ecb_common;
97 98
98 99 case CKM_DES3_ECB:
99 100
100 101 if ((key_p->key_type != CKK_DES2) &&
101 102 (key_p->key_type != CKK_DES3)) {
102 103 return (CKR_KEY_TYPE_INCONSISTENT);
103 104 }
104 105
105 106 ecb_common:
106 107
107 108 return (soft_des_crypt_init_common(session_p, pMechanism,
108 109 key_p, B_FALSE));
109 110
110 111 case CKM_DES_CBC:
111 112 case CKM_DES_CBC_PAD:
112 113
113 114 if (key_p->key_type != CKK_DES) {
114 115 return (CKR_KEY_TYPE_INCONSISTENT);
115 116 }
116 117
117 118 goto cbc_common;
118 119
119 120 case CKM_DES3_CBC:
120 121 case CKM_DES3_CBC_PAD:
121 122 {
122 123 soft_des_ctx_t *soft_des_ctx;
123 124
124 125 if ((key_p->key_type != CKK_DES2) &&
125 126 (key_p->key_type != CKK_DES3)) {
126 127 return (CKR_KEY_TYPE_INCONSISTENT);
127 128 }
128 129
129 130 cbc_common:
130 131 if ((pMechanism->pParameter == NULL) ||
131 132 (pMechanism->ulParameterLen != DES_BLOCK_LEN)) {
132 133 return (CKR_MECHANISM_PARAM_INVALID);
133 134 }
134 135
135 136 rv = soft_des_crypt_init_common(session_p, pMechanism,
136 137 key_p, B_FALSE);
137 138
138 139 if (rv != CKR_OK)
139 140 return (rv);
140 141
141 142 (void) pthread_mutex_lock(&session_p->session_mutex);
142 143
143 144 soft_des_ctx = (soft_des_ctx_t *)session_p->decrypt.context;
|
↓ open down ↓ |
110 lines elided |
↑ open up ↑ |
144 145 /* Save Initialization Vector (IV) in the context. */
145 146 (void) memcpy(soft_des_ctx->ivec, pMechanism->pParameter,
146 147 DES_BLOCK_LEN);
147 148
148 149 /* Allocate a context for DES cipher-block chaining. */
149 150 soft_des_ctx->des_cbc = (void *)des_cbc_ctx_init(
150 151 soft_des_ctx->key_sched, soft_des_ctx->keysched_len,
151 152 soft_des_ctx->ivec, key_p->key_type);
152 153
153 154 if (soft_des_ctx->des_cbc == NULL) {
154 - bzero(soft_des_ctx->key_sched,
155 + freezero(soft_des_ctx->key_sched,
155 156 soft_des_ctx->keysched_len);
156 - free(soft_des_ctx->key_sched);
157 - free(session_p->decrypt.context);
157 + freezero(session_p->decrypt.context,
158 + sizeof (soft_des_ctx_t));
158 159 session_p->decrypt.context = NULL;
159 160 (void) pthread_mutex_unlock(&session_p->session_mutex);
160 161 return (CKR_HOST_MEMORY);
161 162 }
162 163
163 164 (void) pthread_mutex_unlock(&session_p->session_mutex);
164 165
165 166 return (rv);
166 167 }
167 168 case CKM_AES_ECB:
168 169
169 170 if (key_p->key_type != CKK_AES) {
170 171 return (CKR_KEY_TYPE_INCONSISTENT);
171 172 }
172 173
173 174 return (soft_aes_crypt_init_common(session_p, pMechanism,
174 175 key_p, B_FALSE));
175 176
176 177 case CKM_AES_CBC:
177 178 case CKM_AES_CBC_PAD:
178 179 {
179 180 soft_aes_ctx_t *soft_aes_ctx;
180 181
181 182 if (key_p->key_type != CKK_AES) {
182 183 return (CKR_KEY_TYPE_INCONSISTENT);
183 184 }
184 185
185 186 if ((pMechanism->pParameter == NULL) ||
186 187 (pMechanism->ulParameterLen != AES_BLOCK_LEN)) {
187 188 return (CKR_MECHANISM_PARAM_INVALID);
188 189 }
189 190
190 191 rv = soft_aes_crypt_init_common(session_p, pMechanism,
191 192 key_p, B_FALSE);
192 193
193 194 if (rv != CKR_OK)
194 195 return (rv);
195 196
196 197 (void) pthread_mutex_lock(&session_p->session_mutex);
197 198
198 199 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
199 200
|
↓ open down ↓ |
32 lines elided |
↑ open up ↑ |
200 201 /* Save Initialization Vector (IV) in the context. */
201 202 (void) memcpy(soft_aes_ctx->ivec, pMechanism->pParameter,
202 203 AES_BLOCK_LEN);
203 204
204 205 /* Allocate a context for AES cipher-block chaining. */
205 206 soft_aes_ctx->aes_cbc = (void *)aes_cbc_ctx_init(
206 207 soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len,
207 208 soft_aes_ctx->ivec);
208 209
209 210 if (soft_aes_ctx->aes_cbc == NULL) {
210 - bzero(soft_aes_ctx->key_sched,
211 + freezero(soft_aes_ctx->key_sched,
211 212 soft_aes_ctx->keysched_len);
212 - free(soft_aes_ctx->key_sched);
213 - free(session_p->decrypt.context);
213 + freezero(session_p->decrypt.context,
214 + sizeof (soft_aes_ctx_t));
214 215 session_p->decrypt.context = NULL;
215 216 (void) pthread_mutex_unlock(&session_p->session_mutex);
216 217 return (CKR_HOST_MEMORY);
217 218 }
218 219
219 220 (void) pthread_mutex_unlock(&session_p->session_mutex);
220 221
221 222 return (rv);
222 223 }
223 224 case CKM_AES_CTR:
224 225 {
225 226 soft_aes_ctx_t *soft_aes_ctx;
226 227
227 228 if (key_p->key_type != CKK_AES) {
228 229 return (CKR_KEY_TYPE_INCONSISTENT);
229 230 }
230 231
231 232 if (pMechanism->pParameter == NULL ||
232 233 pMechanism->ulParameterLen != sizeof (CK_AES_CTR_PARAMS)) {
233 234 return (CKR_MECHANISM_PARAM_INVALID);
234 235 }
235 236
236 237 rv = soft_aes_crypt_init_common(session_p, pMechanism,
237 238 key_p, B_FALSE);
238 239
239 240 if (rv != CKR_OK)
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
240 241 return (rv);
241 242
242 243 (void) pthread_mutex_lock(&session_p->session_mutex);
243 244
244 245 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
245 246 soft_aes_ctx->aes_cbc = aes_ctr_ctx_init(
246 247 soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len,
247 248 pMechanism->pParameter);
248 249
249 250 if (soft_aes_ctx->aes_cbc == NULL) {
250 - bzero(soft_aes_ctx->key_sched,
251 + freezero(soft_aes_ctx->key_sched,
251 252 soft_aes_ctx->keysched_len);
252 - free(soft_aes_ctx->key_sched);
253 - free(session_p->decrypt.context);
253 + freezero(session_p->decrypt.context,
254 + sizeof (soft_aes_ctx_t));
254 255 session_p->decrypt.context = NULL;
255 256 rv = CKR_HOST_MEMORY;
256 257 }
257 258
258 259 (void) pthread_mutex_unlock(&session_p->session_mutex);
259 260
260 261 return (rv);
261 262 }
262 263 case CKM_BLOWFISH_CBC:
263 264 {
264 265 soft_blowfish_ctx_t *soft_blowfish_ctx;
265 266
266 267 if (key_p->key_type != CKK_BLOWFISH)
267 268 return (CKR_KEY_TYPE_INCONSISTENT);
268 269
269 270 if ((pMechanism->pParameter == NULL) ||
270 271 (pMechanism->ulParameterLen != BLOWFISH_BLOCK_LEN))
271 272 return (CKR_MECHANISM_PARAM_INVALID);
272 273
273 274 rv = soft_blowfish_crypt_init_common(session_p, pMechanism,
274 275 key_p, B_FALSE);
275 276
276 277 if (rv != CKR_OK)
277 278 return (rv);
278 279
279 280 (void) pthread_mutex_lock(&session_p->session_mutex);
280 281
281 282 soft_blowfish_ctx =
282 283 (soft_blowfish_ctx_t *)session_p->decrypt.context;
283 284
284 285 /* Save Initialization Vector in the context. */
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
285 286 (void) memcpy(soft_blowfish_ctx->ivec, pMechanism->pParameter,
286 287 BLOWFISH_BLOCK_LEN);
287 288
288 289 /* Allocate a context for CBC */
289 290 soft_blowfish_ctx->blowfish_cbc =
290 291 (void *)blowfish_cbc_ctx_init(soft_blowfish_ctx->key_sched,
291 292 soft_blowfish_ctx->keysched_len,
292 293 soft_blowfish_ctx->ivec);
293 294
294 295 if (soft_blowfish_ctx->blowfish_cbc == NULL) {
295 - bzero(soft_blowfish_ctx->key_sched,
296 + freezero(soft_blowfish_ctx->key_sched,
296 297 soft_blowfish_ctx->keysched_len);
297 - free(soft_blowfish_ctx->key_sched);
298 - free(session_p->decrypt.context = NULL);
298 + freezero(session_p->decrypt.context,
299 + sizeof (soft_blowfish_ctx_t));
300 + session_p->decrypt.context = NULL;
299 301 (void) pthread_mutex_unlock(&session_p->session_mutex);
300 302 return (CKR_HOST_MEMORY);
301 303 }
302 304
303 305 (void) pthread_mutex_unlock(&session_p->session_mutex);
304 306 return (rv);
305 307 }
306 308
307 309 case CKM_RC4:
308 310
309 311 if (key_p->key_type != CKK_RC4) {
310 312 return (CKR_KEY_TYPE_INCONSISTENT);
311 313 }
312 314
313 315 return (soft_arcfour_crypt_init(session_p, pMechanism, key_p,
314 316 B_FALSE));
315 317
316 318 case CKM_RSA_X_509:
317 319 case CKM_RSA_PKCS:
318 320
319 321 if (key_p->key_type != CKK_RSA) {
320 322 return (CKR_KEY_TYPE_INCONSISTENT);
321 323 }
322 324
323 325 return (soft_rsa_crypt_init_common(session_p, pMechanism,
324 326 key_p, B_FALSE));
325 327
326 328 default:
327 329 return (CKR_MECHANISM_INVALID);
328 330 }
329 331 }
330 332
331 333
332 334 /*
333 335 * soft_decrypt_common()
334 336 *
335 337 * Arguments:
336 338 * session_p: pointer to soft_session_t struct
337 339 * pEncrypted: pointer to the encrypted data as input
338 340 * ulEncryptedLen: length of the input data
339 341 * pData: pointer to the output data contains plaintext
340 342 * pulDataLen: pointer to the length of the output data
341 343 * Update: boolean flag indicates caller is soft_decrypt
342 344 * or soft_decrypt_update
343 345 *
344 346 * Description:
345 347 * This function calls the corresponding decrypt routine based
346 348 * on the mechanism.
347 349 *
348 350 * Returns:
349 351 * see soft_decrypt_common().
350 352 */
351 353 CK_RV
352 354 soft_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted,
353 355 CK_ULONG ulEncryptedLen, CK_BYTE_PTR pData,
354 356 CK_ULONG_PTR pulDataLen, boolean_t Update)
355 357 {
356 358
357 359 CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism;
358 360
359 361 switch (mechanism) {
360 362
361 363 case CKM_DES_ECB:
362 364 case CKM_DES_CBC:
363 365 case CKM_DES3_ECB:
364 366 case CKM_DES3_CBC:
365 367
366 368 if (ulEncryptedLen == 0) {
367 369 *pulDataLen = 0;
368 370 return (CKR_OK);
369 371 }
370 372 /* FALLTHROUGH */
371 373
372 374 case CKM_DES_CBC_PAD:
373 375 case CKM_DES3_CBC_PAD:
374 376
375 377 return (soft_des_decrypt_common(session_p, pEncrypted,
376 378 ulEncryptedLen, pData, pulDataLen, Update));
377 379
378 380 case CKM_AES_ECB:
379 381 case CKM_AES_CBC:
380 382 case CKM_AES_CTR:
381 383
382 384 if (ulEncryptedLen == 0) {
383 385 *pulDataLen = 0;
384 386 return (CKR_OK);
385 387 }
386 388 /* FALLTHROUGH */
387 389
388 390 case CKM_AES_CBC_PAD:
389 391
390 392 return (soft_aes_decrypt_common(session_p, pEncrypted,
391 393 ulEncryptedLen, pData, pulDataLen, Update));
392 394
393 395 case CKM_BLOWFISH_CBC:
394 396
395 397 if (ulEncryptedLen == 0) {
396 398 *pulDataLen = 0;
397 399 return (CKR_OK);
398 400 }
399 401
400 402 return (soft_blowfish_decrypt_common(session_p, pEncrypted,
401 403 ulEncryptedLen, pData, pulDataLen, Update));
402 404
403 405 case CKM_RC4:
404 406
405 407 if (ulEncryptedLen == 0) {
406 408 *pulDataLen = 0;
407 409 return (CKR_OK);
408 410 }
409 411
410 412
411 413 return (soft_arcfour_crypt(&(session_p->decrypt), pEncrypted,
412 414 ulEncryptedLen, pData, pulDataLen));
413 415
414 416 case CKM_RSA_X_509:
415 417 case CKM_RSA_PKCS:
416 418
417 419 return (soft_rsa_decrypt_common(session_p, pEncrypted,
418 420 ulEncryptedLen, pData, pulDataLen, mechanism));
419 421
420 422 default:
421 423 return (CKR_MECHANISM_INVALID);
422 424
423 425 }
424 426 }
425 427
426 428
427 429 /*
428 430 * soft_decrypt()
429 431 *
430 432 * Arguments:
431 433 * session_p: pointer to soft_session_t struct
432 434 * pEncryptedData: pointer to the encrypted data as input
433 435 * ulEncryptedDataLen: length of the input data
434 436 * pData: pointer to the output data contains plaintext
435 437 * pulDataLen: pointer to the length of the output data
436 438 *
437 439 * Description:
438 440 * called by C_Decrypt(). This function calls the soft_decrypt_common
439 441 * routine.
440 442 *
441 443 * Returns:
442 444 * see soft_decrypt_common().
443 445 */
444 446 CK_RV
445 447 soft_decrypt(soft_session_t *session_p, CK_BYTE_PTR pEncryptedData,
446 448 CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
447 449 CK_ULONG_PTR pulDataLen)
448 450 {
449 451
450 452 return (soft_decrypt_common(session_p, pEncryptedData,
451 453 ulEncryptedDataLen, pData, pulDataLen, B_FALSE));
452 454 }
453 455
454 456
455 457 /*
456 458 * soft_decrypt_update()
457 459 *
458 460 * Arguments:
459 461 * session_p: pointer to soft_session_t struct
460 462 * pEncryptedPart: pointer to the encrypted data as input
461 463 * ulEncryptedPartLen: length of the input data
462 464 * pPart: pointer to the output data contains plaintext
463 465 * pulPartLen: pointer to the length of the output data
464 466 *
465 467 * Description:
466 468 * called by C_DecryptUpdate(). This function calls the
467 469 * soft_decrypt_common routine (with update flag on).
468 470 *
469 471 * Returns:
470 472 * see soft_decrypt_common().
471 473 */
472 474 CK_RV
473 475 soft_decrypt_update(soft_session_t *session_p, CK_BYTE_PTR pEncryptedPart,
474 476 CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
475 477 CK_ULONG_PTR pulPartLen)
476 478 {
477 479 CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism;
478 480
479 481 switch (mechanism) {
480 482
481 483 case CKM_DES_ECB:
482 484 case CKM_DES_CBC:
483 485 case CKM_DES_CBC_PAD:
484 486 case CKM_DES3_ECB:
485 487 case CKM_DES3_CBC:
486 488 case CKM_DES3_CBC_PAD:
487 489 case CKM_AES_ECB:
488 490 case CKM_AES_CBC:
489 491 case CKM_AES_CBC_PAD:
490 492 case CKM_AES_CTR:
491 493 case CKM_BLOWFISH_CBC:
492 494 case CKM_RC4:
493 495
494 496 return (soft_decrypt_common(session_p, pEncryptedPart,
495 497 ulEncryptedPartLen, pPart, pulPartLen, B_TRUE));
496 498
497 499 default:
498 500 /* PKCS11: The mechanism only supports single-part operation. */
499 501 return (CKR_MECHANISM_INVALID);
500 502 }
501 503
502 504 }
503 505
504 506
505 507 /*
506 508 * soft_decrypt_final()
507 509 *
508 510 * Arguments:
509 511 * session_p: pointer to soft_session_t struct
510 512 * pLastPart: pointer to the last recovered data part
511 513 * pulLastPartLen: pointer to the length of the last recovered data part
512 514 *
513 515 * Description:
514 516 * called by C_DecryptFinal().
515 517 *
516 518 * Returns:
517 519 * CKR_OK: success
518 520 * CKR_FUNCTION_FAILED: decrypt final function failed
519 521 * CKR_ENCRYPTED_DATA_LEN_RANGE: remaining buffer contains bad length
520 522 */
521 523 CK_RV
522 524 soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart,
523 525 CK_ULONG_PTR pulLastPartLen)
524 526 {
525 527
526 528 CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism;
527 529 CK_ULONG out_len;
528 530 CK_RV rv = CKR_OK;
529 531 int rc;
530 532
531 533 (void) pthread_mutex_lock(&session_p->session_mutex);
532 534
533 535 if (session_p->decrypt.context == NULL) {
534 536 rv = CKR_OPERATION_NOT_INITIALIZED;
535 537 *pulLastPartLen = 0;
536 538 goto clean2;
537 539 }
538 540 switch (mechanism) {
539 541
540 542 case CKM_DES_CBC_PAD:
541 543 case CKM_DES3_CBC_PAD:
542 544 {
543 545
544 546 soft_des_ctx_t *soft_des_ctx;
545 547
546 548 soft_des_ctx = (soft_des_ctx_t *)session_p->decrypt.context;
|
↓ open down ↓ |
238 lines elided |
↑ open up ↑ |
547 549
548 550 /*
549 551 * We should have only one block of data left in the
550 552 * remaining buffer.
551 553 */
552 554 if (soft_des_ctx->remain_len != DES_BLOCK_LEN) {
553 555 *pulLastPartLen = 0;
554 556 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
555 557 /* Cleanup memory space. */
556 558 free(soft_des_ctx->des_cbc);
557 - bzero(soft_des_ctx->key_sched,
559 + freezero(soft_des_ctx->key_sched,
558 560 soft_des_ctx->keysched_len);
559 - free(soft_des_ctx->key_sched);
560 561
561 562 goto clean1;
562 563 }
563 564
564 565 out_len = DES_BLOCK_LEN;
565 566
566 567 /*
567 568 * If application asks for the length of the output buffer
568 569 * to hold the plaintext?
569 570 */
570 571 if (pLastPart == NULL) {
571 572 *pulLastPartLen = out_len;
572 573 rv = CKR_OK;
573 574 goto clean2;
574 575 } else {
575 576 crypto_data_t out;
576 577
577 578 /* Copy remaining data to the output buffer. */
578 579 (void) memcpy(pLastPart, soft_des_ctx->data,
579 580 DES_BLOCK_LEN);
580 581
581 582 out.cd_format = CRYPTO_DATA_RAW;
582 583 out.cd_offset = 0;
583 584 out.cd_length = DES_BLOCK_LEN;
584 585 out.cd_raw.iov_base = (char *)pLastPart;
585 586 out.cd_raw.iov_len = DES_BLOCK_LEN;
586 587
587 588 /* Decrypt final block of data. */
588 589 rc = des_decrypt_contiguous_blocks(
589 590 (des_ctx_t *)soft_des_ctx->des_cbc,
590 591 (char *)pLastPart, DES_BLOCK_LEN, &out);
591 592
592 593 if (rc == 0) {
593 594 /*
594 595 * Remove padding bytes after decryption of
595 596 * ciphertext block to produce the original
596 597 * plaintext.
597 598 */
598 599 rv = soft_remove_pkcs7_padding(pLastPart,
599 600 DES_BLOCK_LEN, &out_len);
600 601 if (rv != CKR_OK)
|
↓ open down ↓ |
31 lines elided |
↑ open up ↑ |
601 602 *pulLastPartLen = 0;
602 603 else
603 604 *pulLastPartLen = out_len;
604 605 } else {
605 606 *pulLastPartLen = 0;
606 607 rv = CKR_FUNCTION_FAILED;
607 608 }
608 609
609 610 /* Cleanup memory space. */
610 611 free(soft_des_ctx->des_cbc);
611 - bzero(soft_des_ctx->key_sched,
612 + freezero(soft_des_ctx->key_sched,
612 613 soft_des_ctx->keysched_len);
613 - free(soft_des_ctx->key_sched);
614 614
615 615 }
616 616
617 617 break;
618 618 }
619 619
620 620 case CKM_DES_CBC:
621 621 case CKM_DES_ECB:
622 622 case CKM_DES3_CBC:
623 623 case CKM_DES3_ECB:
624 624 {
625 625
626 626 soft_des_ctx_t *soft_des_ctx;
627 627
628 628 soft_des_ctx = (soft_des_ctx_t *)session_p->decrypt.context;
629 629 /*
630 630 * CKM_DES_CBC and CKM_DES_ECB does not do any padding,
631 631 * so when the final is called, the remaining buffer
632 632 * should not contain any more data.
633 633 */
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
634 634 *pulLastPartLen = 0;
635 635 if (soft_des_ctx->remain_len != 0) {
636 636 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
637 637 } else {
638 638 if (pLastPart == NULL)
639 639 goto clean2;
640 640 }
641 641
642 642 /* Cleanup memory space. */
643 643 free(soft_des_ctx->des_cbc);
644 - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
645 - free(soft_des_ctx->key_sched);
644 + freezero(soft_des_ctx->key_sched,
645 + soft_des_ctx->keysched_len);
646 646
647 647 break;
648 648 }
649 649
650 650 case CKM_AES_CBC_PAD:
651 651 {
652 652
653 653 soft_aes_ctx_t *soft_aes_ctx;
654 654
655 655 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
656 656
657 657 /*
658 658 * We should have only one block of data left in the
659 659 * remaining buffer.
660 660 */
661 661 if (soft_aes_ctx->remain_len != AES_BLOCK_LEN) {
662 662 *pulLastPartLen = 0;
663 663 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
664 664 /* Cleanup memory space. */
665 665 free(soft_aes_ctx->aes_cbc);
666 - bzero(soft_aes_ctx->key_sched,
666 + freezero(soft_aes_ctx->key_sched,
667 667 soft_aes_ctx->keysched_len);
668 - free(soft_aes_ctx->key_sched);
669 668
670 669 goto clean1;
671 670 }
672 671
673 672 out_len = AES_BLOCK_LEN;
674 673
675 674 /*
676 675 * If application asks for the length of the output buffer
677 676 * to hold the plaintext?
678 677 */
679 678 if (pLastPart == NULL) {
680 679 *pulLastPartLen = out_len;
681 680 rv = CKR_OK;
682 681 goto clean2;
683 682 } else {
684 683 crypto_data_t out;
685 684
686 685 /* Copy remaining data to the output buffer. */
687 686 (void) memcpy(pLastPart, soft_aes_ctx->data,
688 687 AES_BLOCK_LEN);
689 688
690 689 out.cd_format = CRYPTO_DATA_RAW;
691 690 out.cd_offset = 0;
692 691 out.cd_length = AES_BLOCK_LEN;
693 692 out.cd_raw.iov_base = (char *)pLastPart;
694 693 out.cd_raw.iov_len = AES_BLOCK_LEN;
695 694
696 695 /* Decrypt final block of data. */
697 696 rc = aes_decrypt_contiguous_blocks(
698 697 (aes_ctx_t *)soft_aes_ctx->aes_cbc,
699 698 (char *)pLastPart, AES_BLOCK_LEN, &out);
700 699
701 700 if (rc == 0) {
702 701 /*
703 702 * Remove padding bytes after decryption of
704 703 * ciphertext block to produce the original
705 704 * plaintext.
706 705 */
707 706 rv = soft_remove_pkcs7_padding(pLastPart,
708 707 AES_BLOCK_LEN, &out_len);
709 708 if (rv != CKR_OK)
|
↓ open down ↓ |
31 lines elided |
↑ open up ↑ |
710 709 *pulLastPartLen = 0;
711 710 else
712 711 *pulLastPartLen = out_len;
713 712 } else {
714 713 *pulLastPartLen = 0;
715 714 rv = CKR_FUNCTION_FAILED;
716 715 }
717 716
718 717 /* Cleanup memory space. */
719 718 free(soft_aes_ctx->aes_cbc);
720 - bzero(soft_aes_ctx->key_sched,
719 + freezero(soft_aes_ctx->key_sched,
721 720 soft_aes_ctx->keysched_len);
722 - free(soft_aes_ctx->key_sched);
723 721
724 722 }
725 723
726 724 break;
727 725 }
728 726
729 727 case CKM_AES_CBC:
730 728 case CKM_AES_ECB:
731 729 {
732 730 soft_aes_ctx_t *soft_aes_ctx;
733 731
734 732 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
735 733 /*
736 734 * CKM_AES_CBC and CKM_AES_ECB does not do any padding,
737 735 * so when the final is called, the remaining buffer
738 736 * should not contain any more data.
739 737 */
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
740 738 *pulLastPartLen = 0;
741 739 if (soft_aes_ctx->remain_len != 0) {
742 740 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
743 741 } else {
744 742 if (pLastPart == NULL)
745 743 goto clean2;
746 744 }
747 745
748 746 /* Cleanup memory space. */
749 747 free(soft_aes_ctx->aes_cbc);
750 - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
751 - free(soft_aes_ctx->key_sched);
748 + freezero(soft_aes_ctx->key_sched,
749 + soft_aes_ctx->keysched_len);
752 750
753 751 break;
754 752 }
755 753 case CKM_AES_CTR:
756 754 {
757 755 crypto_data_t out;
758 756 soft_aes_ctx_t *soft_aes_ctx;
759 757 ctr_ctx_t *ctr_ctx;
760 758 size_t len;
761 759
762 760 soft_aes_ctx = (soft_aes_ctx_t *)session_p->decrypt.context;
763 761 ctr_ctx = soft_aes_ctx->aes_cbc;
764 762 len = ctr_ctx->ctr_remainder_len;
765 763 if (pLastPart == NULL) {
766 764 *pulLastPartLen = len;
767 765 goto clean1;
768 766 }
769 767 if (len > 0) {
770 768 out.cd_format = CRYPTO_DATA_RAW;
771 769 out.cd_offset = 0;
772 770 out.cd_length = len;
773 771 out.cd_raw.iov_base = (char *)pLastPart;
774 772 out.cd_raw.iov_len = len;
775 773
776 774 rv = ctr_mode_final(ctr_ctx, &out, aes_encrypt_block);
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
777 775 if (rv == CRYPTO_DATA_LEN_RANGE)
778 776 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
779 777 }
780 778 if (rv == CRYPTO_BUFFER_TOO_SMALL) {
781 779 *pulLastPartLen = len;
782 780 goto clean1;
783 781 }
784 782
785 783 /* Cleanup memory space. */
786 784 free(ctr_ctx);
787 - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
788 - free(soft_aes_ctx->key_sched);
785 + freezero(soft_aes_ctx->key_sched,
786 + soft_aes_ctx->keysched_len);
789 787
790 788 break;
791 789 }
792 790 case CKM_BLOWFISH_CBC:
793 791 {
794 792 soft_blowfish_ctx_t *soft_blowfish_ctx;
795 793
796 794 soft_blowfish_ctx =
797 795 (soft_blowfish_ctx_t *)session_p->decrypt.context;
798 796
799 797 *pulLastPartLen = 0;
800 798 if (soft_blowfish_ctx->remain_len != 0)
801 799 rv = CKR_ENCRYPTED_DATA_LEN_RANGE;
802 800 else {
803 801 if (pLastPart == NULL)
804 802 goto clean2;
805 803 }
806 804
807 805 free(soft_blowfish_ctx->blowfish_cbc);
808 - bzero(soft_blowfish_ctx->key_sched,
806 + freezero(soft_blowfish_ctx->key_sched,
809 807 soft_blowfish_ctx->keysched_len);
810 - free(soft_blowfish_ctx->key_sched);
811 808
812 809 break;
813 810 }
814 811
815 812 case CKM_RC4:
816 813 {
817 814 ARCFour_key *key = (ARCFour_key *)session_p->decrypt.context;
818 - bzero(key, sizeof (*key));
815 + explicit_bzero(key, sizeof (*key));
819 816 *pulLastPartLen = 0;
820 817 break;
821 818 }
822 819
823 820 default:
824 821 /* PKCS11: The mechanism only supports single-part operation. */
825 822 rv = CKR_MECHANISM_INVALID;
826 823 break;
827 824 }
828 825
829 826 clean1:
830 827 free(session_p->decrypt.context);
831 828 session_p->decrypt.context = NULL;
832 829
833 830 clean2:
834 831 (void) pthread_mutex_unlock(&session_p->session_mutex);
835 832
836 833 return (rv);
837 834
838 835 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX