Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
25 + * Copyright (c) 2018, Joyent, Inc.
25 26 */
26 27
27 28 #include <pthread.h>
28 29 #include <stdlib.h>
29 30 #include <string.h>
30 31 #include <strings.h>
31 32 #include <sys/types.h>
32 33 #include <security/cryptoki.h>
33 34 #include <modes/modes.h>
34 35 #include <arcfour.h>
35 36 #include "softSession.h"
36 37 #include "softObject.h"
37 38 #include "softOps.h"
38 39 #include "softCrypt.h"
39 40 #include "softRSA.h"
40 41
41 42 /*
42 43 * Add padding bytes with the value of length of padding.
43 44 */
44 45 void
45 46 soft_add_pkcs7_padding(CK_BYTE *buf, int block_size, CK_ULONG data_len)
46 47 {
47 48 (void) pkcs7_encode(NULL, data_len, buf, block_size, block_size);
48 49 }
49 50
50 51 /*
51 52 * Perform encrypt init operation internally for the support of
52 53 * CKM_AES and CKM_DES MAC operations.
53 54 *
54 55 * This function is called with the session being held, and without
55 56 * its mutex taken.
56 57 */
57 58 CK_RV
58 59 soft_encrypt_init_internal(soft_session_t *session_p, CK_MECHANISM_PTR
59 60 pMechanism, soft_object_t *key_p)
60 61 {
61 62 CK_RV rv;
62 63
63 64 (void) pthread_mutex_lock(&session_p->session_mutex);
64 65
65 66 /* Check to see if encrypt operation is already active */
66 67 if (session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE) {
67 68 (void) pthread_mutex_unlock(&session_p->session_mutex);
68 69 return (CKR_OPERATION_ACTIVE);
69 70 }
70 71
71 72 session_p->encrypt.flags = CRYPTO_OPERATION_ACTIVE;
72 73
73 74 (void) pthread_mutex_unlock(&session_p->session_mutex);
74 75
75 76 rv = soft_encrypt_init(session_p, pMechanism, key_p);
76 77
77 78 if (rv != CKR_OK) {
78 79 (void) pthread_mutex_lock(&session_p->session_mutex);
79 80 session_p->encrypt.flags &= ~CRYPTO_OPERATION_ACTIVE;
80 81 (void) pthread_mutex_unlock(&session_p->session_mutex);
81 82 }
82 83
83 84 return (rv);
84 85 }
85 86
86 87 /*
87 88 * soft_encrypt_init()
88 89 *
89 90 * Arguments:
90 91 * session_p: pointer to soft_session_t struct
91 92 * pMechanism: pointer to CK_MECHANISM struct provided by application
92 93 * key_p: pointer to key soft_object_t struct
93 94 *
94 95 * Description:
95 96 * called by C_EncryptInit(). This function calls the corresponding
96 97 * encrypt init routine based on the mechanism.
97 98 *
98 99 * Returns:
99 100 * CKR_OK: success
100 101 * CKR_HOST_MEMORY: run out of system memory
101 102 * CKR_MECHANISM_PARAM_INVALID: invalid parameters in mechanism
102 103 * CKR_MECHANISM_INVALID: invalid mechanism type
103 104 * CKR_KEY_TYPE_INCONSISTENT: incorrect type of key to use
104 105 * with the specified mechanism
105 106 */
106 107 CK_RV
107 108 soft_encrypt_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
108 109 soft_object_t *key_p)
109 110 {
110 111
111 112 CK_RV rv;
112 113
113 114 switch (pMechanism->mechanism) {
114 115
115 116 case CKM_DES_ECB:
116 117
117 118 if (key_p->key_type != CKK_DES) {
118 119 return (CKR_KEY_TYPE_INCONSISTENT);
119 120 }
120 121 goto ecb_common;
121 122
122 123 case CKM_DES3_ECB:
123 124
124 125 if ((key_p->key_type != CKK_DES2) &&
125 126 (key_p->key_type != CKK_DES3)) {
126 127 return (CKR_KEY_TYPE_INCONSISTENT);
127 128 }
128 129
129 130 ecb_common:
130 131 return (soft_des_crypt_init_common(session_p, pMechanism,
131 132 key_p, B_TRUE));
132 133
133 134 case CKM_DES_CBC:
134 135 case CKM_DES_CBC_PAD:
135 136
136 137 if (key_p->key_type != CKK_DES) {
137 138 return (CKR_KEY_TYPE_INCONSISTENT);
138 139 }
139 140
140 141 goto cbc_common;
141 142
142 143 case CKM_DES3_CBC:
143 144 case CKM_DES3_CBC_PAD:
144 145 {
145 146
146 147 soft_des_ctx_t *soft_des_ctx;
147 148
148 149 if ((key_p->key_type != CKK_DES2) &&
149 150 (key_p->key_type != CKK_DES3)) {
150 151 return (CKR_KEY_TYPE_INCONSISTENT);
151 152 }
152 153
153 154 cbc_common:
154 155 if ((pMechanism->pParameter == NULL) ||
155 156 (pMechanism->ulParameterLen != DES_BLOCK_LEN)) {
156 157 return (CKR_MECHANISM_PARAM_INVALID);
157 158 }
158 159
159 160 rv = soft_des_crypt_init_common(session_p, pMechanism,
160 161 key_p, B_TRUE);
161 162
162 163 if (rv != CKR_OK)
163 164 return (rv);
164 165
165 166 (void) pthread_mutex_lock(&session_p->session_mutex);
166 167
167 168 soft_des_ctx = (soft_des_ctx_t *)session_p->encrypt.context;
|
↓ open down ↓ |
133 lines elided |
↑ open up ↑ |
168 169 /* Copy Initialization Vector (IV) into the context. */
169 170 (void) memcpy(soft_des_ctx->ivec, pMechanism->pParameter,
170 171 DES_BLOCK_LEN);
171 172
172 173 /* Allocate a context for DES cipher-block chaining. */
173 174 soft_des_ctx->des_cbc = (void *)des_cbc_ctx_init(
174 175 soft_des_ctx->key_sched, soft_des_ctx->keysched_len,
175 176 soft_des_ctx->ivec, key_p->key_type);
176 177
177 178 if (soft_des_ctx->des_cbc == NULL) {
178 - bzero(soft_des_ctx->key_sched,
179 + freezero(soft_des_ctx->key_sched,
179 180 soft_des_ctx->keysched_len);
180 - free(soft_des_ctx->key_sched);
181 - free(session_p->encrypt.context);
181 + freezero(session_p->encrypt.context,
182 + sizeof (soft_des_ctx_t));
182 183 session_p->encrypt.context = NULL;
183 184 rv = CKR_HOST_MEMORY;
184 185 }
185 186
186 187 (void) pthread_mutex_unlock(&session_p->session_mutex);
187 188
188 189 return (rv);
189 190 }
190 191 case CKM_AES_ECB:
191 192
192 193 if (key_p->key_type != CKK_AES) {
193 194 return (CKR_KEY_TYPE_INCONSISTENT);
194 195 }
195 196
196 197 return (soft_aes_crypt_init_common(session_p, pMechanism,
197 198 key_p, B_TRUE));
198 199
199 200 case CKM_AES_CBC:
200 201 case CKM_AES_CBC_PAD:
201 202 if ((pMechanism->pParameter == NULL) ||
202 203 (pMechanism->ulParameterLen != AES_BLOCK_LEN)) {
203 204 return (CKR_MECHANISM_PARAM_INVALID);
204 205 }
205 206 /* FALLTHRU */
206 207 case CKM_AES_CMAC:
207 208 {
208 209 soft_aes_ctx_t *soft_aes_ctx;
209 210
210 211 if (key_p->key_type != CKK_AES) {
211 212 return (CKR_KEY_TYPE_INCONSISTENT);
212 213 }
213 214
214 215
215 216 rv = soft_aes_crypt_init_common(session_p, pMechanism,
216 217 key_p, B_TRUE);
217 218
218 219 if (rv != CKR_OK)
219 220 return (rv);
220 221
221 222 (void) pthread_mutex_lock(&session_p->session_mutex);
222 223
223 224 soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
224 225 /* Copy Initialization Vector (IV) into the context. */
225 226 if (pMechanism->mechanism == CKM_AES_CMAC) {
226 227 (void) bzero(soft_aes_ctx->ivec, AES_BLOCK_LEN);
227 228 /* Allocate a context for AES cipher-block chaining. */
228 229 soft_aes_ctx->aes_cbc = (void *)aes_cmac_ctx_init(
229 230 soft_aes_ctx->key_sched,
230 231 soft_aes_ctx->keysched_len);
231 232 } else {
|
↓ open down ↓ |
40 lines elided |
↑ open up ↑ |
232 233 (void) memcpy(soft_aes_ctx->ivec,
233 234 pMechanism->pParameter,
234 235 AES_BLOCK_LEN);
235 236 /* Allocate a context for AES cipher-block chaining. */
236 237 soft_aes_ctx->aes_cbc = (void *)aes_cbc_ctx_init(
237 238 soft_aes_ctx->key_sched,
238 239 soft_aes_ctx->keysched_len,
239 240 soft_aes_ctx->ivec);
240 241 }
241 242 if (soft_aes_ctx->aes_cbc == NULL) {
242 - bzero(soft_aes_ctx->key_sched,
243 + freezero(soft_aes_ctx->key_sched,
243 244 soft_aes_ctx->keysched_len);
244 - free(soft_aes_ctx->key_sched);
245 - free(session_p->encrypt.context);
245 + freezero(session_p->encrypt.context,
246 + sizeof (soft_aes_ctx_t));
246 247 session_p->encrypt.context = NULL;
247 248 rv = CKR_HOST_MEMORY;
248 249 }
249 250
250 251 (void) pthread_mutex_unlock(&session_p->session_mutex);
251 252
252 253 return (rv);
253 254 }
254 255 case CKM_AES_CTR:
255 256 {
256 257 soft_aes_ctx_t *soft_aes_ctx;
257 258
258 259 if (key_p->key_type != CKK_AES) {
259 260 return (CKR_KEY_TYPE_INCONSISTENT);
260 261 }
261 262
262 263 if (pMechanism->pParameter == NULL ||
263 264 pMechanism->ulParameterLen != sizeof (CK_AES_CTR_PARAMS)) {
264 265 return (CKR_MECHANISM_PARAM_INVALID);
265 266 }
266 267
267 268 rv = soft_aes_crypt_init_common(session_p, pMechanism,
268 269 key_p, B_TRUE);
269 270
270 271 if (rv != CKR_OK)
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
271 272 return (rv);
272 273
273 274 (void) pthread_mutex_lock(&session_p->session_mutex);
274 275
275 276 soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
276 277 soft_aes_ctx->aes_cbc = aes_ctr_ctx_init(
277 278 soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len,
278 279 pMechanism->pParameter);
279 280
280 281 if (soft_aes_ctx->aes_cbc == NULL) {
281 - bzero(soft_aes_ctx->key_sched,
282 + freezero(soft_aes_ctx->key_sched,
282 283 soft_aes_ctx->keysched_len);
283 - free(soft_aes_ctx->key_sched);
284 - free(session_p->encrypt.context);
284 + freezero(session_p->encrypt.context,
285 + sizeof (soft_aes_ctx_t));
285 286 session_p->encrypt.context = NULL;
286 287 rv = CKR_HOST_MEMORY;
287 288 }
288 289
289 290 (void) pthread_mutex_unlock(&session_p->session_mutex);
290 291
291 292 return (rv);
292 293 }
293 294 case CKM_RC4:
294 295
295 296 if (key_p->key_type != CKK_RC4) {
296 297 return (CKR_KEY_TYPE_INCONSISTENT);
297 298 }
298 299
299 300 return (soft_arcfour_crypt_init(session_p, pMechanism, key_p,
300 301 B_TRUE));
301 302
302 303 case CKM_RSA_X_509:
303 304 case CKM_RSA_PKCS:
304 305
305 306 if (key_p->key_type != CKK_RSA) {
306 307 return (CKR_KEY_TYPE_INCONSISTENT);
307 308 }
308 309
309 310 return (soft_rsa_crypt_init_common(session_p, pMechanism,
310 311 key_p, B_TRUE));
311 312
312 313 case CKM_BLOWFISH_CBC:
313 314 {
314 315 soft_blowfish_ctx_t *soft_blowfish_ctx;
315 316
316 317 if (key_p->key_type != CKK_BLOWFISH)
317 318 return (CKR_KEY_TYPE_INCONSISTENT);
318 319
319 320 if ((pMechanism->pParameter == NULL) ||
320 321 (pMechanism->ulParameterLen != BLOWFISH_BLOCK_LEN))
321 322 return (CKR_MECHANISM_PARAM_INVALID);
322 323
323 324 rv = soft_blowfish_crypt_init_common(session_p, pMechanism,
324 325 key_p, B_TRUE);
325 326
326 327 if (rv != CKR_OK)
327 328 return (rv);
328 329
329 330 (void) pthread_mutex_lock(&session_p->session_mutex);
330 331
331 332 soft_blowfish_ctx =
332 333 (soft_blowfish_ctx_t *)session_p->encrypt.context;
333 334 /* Copy Initialization Vector (IV) into the context. */
|
↓ open down ↓ |
39 lines elided |
↑ open up ↑ |
334 335 (void) memcpy(soft_blowfish_ctx->ivec, pMechanism->pParameter,
335 336 BLOWFISH_BLOCK_LEN);
336 337
337 338 /* Allocate a context for Blowfish cipher-block chaining */
338 339 soft_blowfish_ctx->blowfish_cbc =
339 340 (void *)blowfish_cbc_ctx_init(soft_blowfish_ctx->key_sched,
340 341 soft_blowfish_ctx->keysched_len,
341 342 soft_blowfish_ctx->ivec);
342 343
343 344 if (soft_blowfish_ctx->blowfish_cbc == NULL) {
344 - bzero(soft_blowfish_ctx->key_sched,
345 + freezero(soft_blowfish_ctx->key_sched,
345 346 soft_blowfish_ctx->keysched_len);
346 - free(soft_blowfish_ctx->key_sched);
347 - free(session_p->encrypt.context);
347 + freezero(session_p->encrypt.context,
348 + sizeof (soft_blowfish_ctx_t));
348 349 session_p->encrypt.context = NULL;
349 350 rv = CKR_HOST_MEMORY;
350 351 }
351 352
352 353 (void) pthread_mutex_unlock(&session_p->session_mutex);
353 354
354 355 return (rv);
355 356 }
356 357 default:
357 358 return (CKR_MECHANISM_INVALID);
358 359 }
359 360 }
360 361
361 362
362 363 /*
363 364 * soft_encrypt_common()
364 365 *
365 366 * Arguments:
366 367 * session_p: pointer to soft_session_t struct
367 368 * pData: pointer to the input data to be encrypted
368 369 * ulDataLen: length of the input data
369 370 * pEncrypted: pointer to the output data after encryption
370 371 * pulEncryptedLen: pointer to the length of the output data
371 372 * update: boolean flag indicates caller is soft_encrypt
372 373 * or soft_encrypt_update
373 374 *
374 375 * Description:
375 376 * This function calls the corresponding encrypt routine based
376 377 * on the mechanism.
377 378 *
378 379 * Returns:
379 380 * see corresponding encrypt routine.
380 381 */
381 382 CK_RV
382 383 soft_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData,
383 384 CK_ULONG ulDataLen, CK_BYTE_PTR pEncrypted,
384 385 CK_ULONG_PTR pulEncryptedLen, boolean_t update)
385 386 {
386 387
387 388 CK_MECHANISM_TYPE mechanism = session_p->encrypt.mech.mechanism;
388 389
389 390 switch (mechanism) {
390 391
391 392 case CKM_DES_ECB:
392 393 case CKM_DES_CBC:
393 394 case CKM_DES3_ECB:
394 395 case CKM_DES3_CBC:
395 396
396 397 if (ulDataLen == 0) {
397 398 *pulEncryptedLen = 0;
398 399 return (CKR_OK);
399 400 }
400 401 /* FALLTHROUGH */
401 402
402 403 case CKM_DES_CBC_PAD:
403 404 case CKM_DES3_CBC_PAD:
404 405
405 406 return (soft_des_encrypt_common(session_p, pData,
406 407 ulDataLen, pEncrypted, pulEncryptedLen, update));
407 408
408 409 case CKM_AES_ECB:
409 410 case CKM_AES_CBC:
410 411 case CKM_AES_CTR:
411 412
412 413 if (ulDataLen == 0) {
413 414 *pulEncryptedLen = 0;
414 415 return (CKR_OK);
415 416 }
416 417 /* FALLTHROUGH */
417 418
418 419 case CKM_AES_CMAC:
419 420 case CKM_AES_CBC_PAD:
420 421
421 422 return (soft_aes_encrypt_common(session_p, pData,
422 423 ulDataLen, pEncrypted, pulEncryptedLen, update));
423 424
424 425 case CKM_BLOWFISH_CBC:
425 426
426 427 if (ulDataLen == 0) {
427 428 *pulEncryptedLen = 0;
428 429 return (CKR_OK);
429 430 }
430 431
431 432 return (soft_blowfish_encrypt_common(session_p, pData,
432 433 ulDataLen, pEncrypted, pulEncryptedLen, update));
433 434
434 435 case CKM_RC4:
435 436
436 437 if (ulDataLen == 0) {
437 438 *pulEncryptedLen = 0;
438 439 return (CKR_OK);
439 440 }
440 441
441 442 return (soft_arcfour_crypt(&(session_p->encrypt), pData,
442 443 ulDataLen, pEncrypted, pulEncryptedLen));
443 444
444 445 case CKM_RSA_X_509:
445 446 case CKM_RSA_PKCS:
446 447
447 448 return (soft_rsa_encrypt_common(session_p, pData,
448 449 ulDataLen, pEncrypted, pulEncryptedLen, mechanism));
449 450
450 451 default:
451 452 return (CKR_MECHANISM_INVALID);
452 453 }
453 454 }
454 455
455 456
456 457 /*
457 458 * soft_encrypt()
458 459 *
459 460 * Arguments:
460 461 * session_p: pointer to soft_session_t struct
461 462 * pData: pointer to the input data to be encrypted
462 463 * ulDataLen: length of the input data
463 464 * pEncryptedData: pointer to the output data after encryption
464 465 * pulEncryptedDataLen: pointer to the length of the output data
465 466 *
466 467 * Description:
467 468 * called by C_Encrypt(). This function calls the soft_encrypt_common
468 469 * routine.
469 470 *
470 471 * Returns:
471 472 * see soft_encrypt_common().
472 473 */
473 474 CK_RV
474 475 soft_encrypt(soft_session_t *session_p, CK_BYTE_PTR pData,
475 476 CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
476 477 CK_ULONG_PTR pulEncryptedDataLen)
477 478 {
478 479
479 480 return (soft_encrypt_common(session_p, pData, ulDataLen,
480 481 pEncryptedData, pulEncryptedDataLen, B_FALSE));
481 482 }
482 483
483 484
484 485 /*
485 486 * soft_encrypt_update()
486 487 *
487 488 * Arguments:
488 489 * session_p: pointer to soft_session_t struct
489 490 * pPart: pointer to the input data to be digested
490 491 * ulPartLen: length of the input data
491 492 * pEncryptedPart: pointer to the ciphertext
492 493 * pulEncryptedPartLen: pointer to the length of the ciphertext
493 494 *
494 495 * Description:
495 496 * called by C_EncryptUpdate(). This function calls the
496 497 * soft_encrypt_common routine (with update flag on).
497 498 *
498 499 * Returns:
499 500 * see soft_encrypt_common().
500 501 */
501 502 CK_RV
502 503 soft_encrypt_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
503 504 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
504 505 CK_ULONG_PTR pulEncryptedPartLen)
505 506 {
506 507
507 508 CK_MECHANISM_TYPE mechanism = session_p->encrypt.mech.mechanism;
508 509
509 510 switch (mechanism) {
510 511
511 512 case CKM_DES_ECB:
512 513 case CKM_DES_CBC:
513 514 case CKM_DES_CBC_PAD:
514 515 case CKM_DES3_ECB:
515 516 case CKM_DES3_CBC:
516 517 case CKM_DES3_CBC_PAD:
517 518 case CKM_AES_ECB:
518 519 case CKM_AES_CBC:
519 520 case CKM_AES_CBC_PAD:
520 521 case CKM_AES_CMAC:
521 522 case CKM_AES_CTR:
522 523 case CKM_BLOWFISH_CBC:
523 524 case CKM_RC4:
524 525
525 526 return (soft_encrypt_common(session_p, pPart, ulPartLen,
526 527 pEncryptedPart, pulEncryptedPartLen, B_TRUE));
527 528
528 529 default:
529 530 /* PKCS11: The mechanism only supports single-part operation. */
530 531 return (CKR_MECHANISM_INVALID);
531 532 }
532 533 }
533 534
534 535
535 536 /*
536 537 * soft_encrypt_final()
537 538 *
538 539 * Arguments:
539 540 * session_p: pointer to soft_session_t struct
540 541 * pLastEncryptedPart: pointer to the last encrypted data part
541 542 * pulLastEncryptedPartLen: pointer to the length of the last
542 543 * encrypted data part
543 544 *
544 545 * Description:
545 546 * called by C_EncryptFinal().
546 547 *
547 548 * Returns:
548 549 * CKR_OK: success
549 550 * CKR_FUNCTION_FAILED: encrypt final function failed
550 551 * CKR_DATA_LEN_RANGE: remaining buffer contains bad length
551 552 */
552 553 CK_RV
553 554 soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart,
554 555 CK_ULONG_PTR pulLastEncryptedPartLen)
555 556 {
556 557
557 558 CK_MECHANISM_TYPE mechanism = session_p->encrypt.mech.mechanism;
558 559 CK_ULONG out_len;
559 560 CK_RV rv = CKR_OK;
560 561 int rc;
561 562
562 563 (void) pthread_mutex_lock(&session_p->session_mutex);
563 564
564 565 if (session_p->encrypt.context == NULL) {
565 566 rv = CKR_OPERATION_NOT_INITIALIZED;
566 567 *pulLastEncryptedPartLen = 0;
567 568 goto clean1;
568 569 }
569 570 switch (mechanism) {
570 571
571 572 case CKM_DES_CBC_PAD:
572 573 case CKM_DES3_CBC_PAD:
573 574 {
574 575 soft_des_ctx_t *soft_des_ctx;
575 576
576 577 soft_des_ctx = (soft_des_ctx_t *)session_p->encrypt.context;
577 578 /*
578 579 * For CKM_DES_CBC_PAD, compute output length with
579 580 * padding. If the remaining buffer has one block
580 581 * of data, then output length will be two blocksize of
581 582 * ciphertext. If the remaining buffer has less than
582 583 * one block of data, then output length will be
583 584 * one blocksize.
584 585 */
585 586 if (soft_des_ctx->remain_len == DES_BLOCK_LEN)
586 587 out_len = 2 * DES_BLOCK_LEN;
587 588 else
588 589 out_len = DES_BLOCK_LEN;
589 590
590 591 if (pLastEncryptedPart == NULL) {
591 592 /*
592 593 * Application asks for the length of the output
593 594 * buffer to hold the ciphertext.
594 595 */
595 596 *pulLastEncryptedPartLen = out_len;
596 597 goto clean1;
597 598 } else {
598 599 crypto_data_t out;
599 600
600 601 /* Copy remaining data to the output buffer. */
601 602 (void) memcpy(pLastEncryptedPart, soft_des_ctx->data,
602 603 soft_des_ctx->remain_len);
603 604
604 605 /*
605 606 * Add padding bytes prior to encrypt final.
606 607 */
607 608 soft_add_pkcs7_padding(pLastEncryptedPart +
608 609 soft_des_ctx->remain_len, DES_BLOCK_LEN,
609 610 soft_des_ctx->remain_len);
610 611
611 612 out.cd_format = CRYPTO_DATA_RAW;
612 613 out.cd_offset = 0;
613 614 out.cd_length = out_len;
614 615 out.cd_raw.iov_base = (char *)pLastEncryptedPart;
615 616 out.cd_raw.iov_len = out_len;
616 617
617 618 /* Encrypt multiple blocks of data. */
618 619 rc = des_encrypt_contiguous_blocks(
619 620 (des_ctx_t *)soft_des_ctx->des_cbc,
620 621 (char *)pLastEncryptedPart, out_len, &out);
|
↓ open down ↓ |
263 lines elided |
↑ open up ↑ |
621 622
622 623 if (rc == 0) {
623 624 *pulLastEncryptedPartLen = out_len;
624 625 } else {
625 626 *pulLastEncryptedPartLen = 0;
626 627 rv = CKR_FUNCTION_FAILED;
627 628 }
628 629
629 630 /* Cleanup memory space. */
630 631 free(soft_des_ctx->des_cbc);
631 - bzero(soft_des_ctx->key_sched,
632 + freezero(soft_des_ctx->key_sched,
632 633 soft_des_ctx->keysched_len);
633 - free(soft_des_ctx->key_sched);
634 634 }
635 635
636 636 break;
637 637 }
638 638 case CKM_DES_CBC:
639 639 case CKM_DES_ECB:
640 640 case CKM_DES3_CBC:
641 641 case CKM_DES3_ECB:
642 642 {
643 643
644 644 soft_des_ctx_t *soft_des_ctx;
645 645
646 646 soft_des_ctx = (soft_des_ctx_t *)session_p->encrypt.context;
647 647 /*
648 648 * CKM_DES_CBC and CKM_DES_ECB does not do any padding,
649 649 * so when the final is called, the remaining buffer
650 650 * should not contain any more data.
651 651 */
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
652 652 *pulLastEncryptedPartLen = 0;
653 653 if (soft_des_ctx->remain_len != 0) {
654 654 rv = CKR_DATA_LEN_RANGE;
655 655 } else {
656 656 if (pLastEncryptedPart == NULL)
657 657 goto clean1;
658 658 }
659 659
660 660 /* Cleanup memory space. */
661 661 free(soft_des_ctx->des_cbc);
662 - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
663 - free(soft_des_ctx->key_sched);
662 + freezero(soft_des_ctx->key_sched,
663 + soft_des_ctx->keysched_len);
664 664
665 665 break;
666 666 }
667 667 case CKM_AES_CBC_PAD:
668 668 {
669 669 soft_aes_ctx_t *soft_aes_ctx;
670 670
671 671 soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
672 672 /*
673 673 * For CKM_AES_CBC_PAD, compute output length with
674 674 * padding. If the remaining buffer has one block
675 675 * of data, then output length will be two blocksize of
676 676 * ciphertext. If the remaining buffer has less than
677 677 * one block of data, then output length will be
678 678 * one blocksize.
679 679 */
680 680 if (soft_aes_ctx->remain_len == AES_BLOCK_LEN)
681 681 out_len = 2 * AES_BLOCK_LEN;
682 682 else
683 683 out_len = AES_BLOCK_LEN;
684 684
685 685 if (pLastEncryptedPart == NULL) {
686 686 /*
687 687 * Application asks for the length of the output
688 688 * buffer to hold the ciphertext.
689 689 */
690 690 *pulLastEncryptedPartLen = out_len;
691 691 goto clean1;
692 692 } else {
693 693 crypto_data_t out;
694 694
695 695 /* Copy remaining data to the output buffer. */
696 696 (void) memcpy(pLastEncryptedPart, soft_aes_ctx->data,
697 697 soft_aes_ctx->remain_len);
698 698
699 699 /*
700 700 * Add padding bytes prior to encrypt final.
701 701 */
702 702 soft_add_pkcs7_padding(pLastEncryptedPart +
703 703 soft_aes_ctx->remain_len, AES_BLOCK_LEN,
704 704 soft_aes_ctx->remain_len);
705 705
706 706 out.cd_format = CRYPTO_DATA_RAW;
707 707 out.cd_offset = 0;
708 708 out.cd_length = out_len;
709 709 out.cd_raw.iov_base = (char *)pLastEncryptedPart;
710 710 out.cd_raw.iov_len = out_len;
711 711
712 712 /* Encrypt multiple blocks of data. */
713 713 rc = aes_encrypt_contiguous_blocks(
714 714 (aes_ctx_t *)soft_aes_ctx->aes_cbc,
715 715 (char *)pLastEncryptedPart, out_len, &out);
|
↓ open down ↓ |
42 lines elided |
↑ open up ↑ |
716 716
717 717 if (rc == 0) {
718 718 *pulLastEncryptedPartLen = out_len;
719 719 } else {
720 720 *pulLastEncryptedPartLen = 0;
721 721 rv = CKR_FUNCTION_FAILED;
722 722 }
723 723
724 724 /* Cleanup memory space. */
725 725 free(soft_aes_ctx->aes_cbc);
726 - bzero(soft_aes_ctx->key_sched,
726 + freezero(soft_aes_ctx->key_sched,
727 727 soft_aes_ctx->keysched_len);
728 - free(soft_aes_ctx->key_sched);
729 728 }
730 729
731 730 break;
732 731 }
733 732 case CKM_AES_CMAC:
734 733 {
735 734 soft_aes_ctx_t *soft_aes_ctx;
736 735 soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
737 736
738 737 if (pLastEncryptedPart == NULL) {
739 738 /*
740 739 * Application asks for the length of the output
741 740 * buffer to hold the ciphertext.
742 741 */
743 742 *pulLastEncryptedPartLen = AES_BLOCK_LEN;
744 743 goto clean1;
745 744 } else {
746 745 crypto_data_t out;
747 746
748 747 out.cd_format = CRYPTO_DATA_RAW;
749 748 out.cd_offset = 0;
750 749 out.cd_length = AES_BLOCK_LEN;
751 750 out.cd_raw.iov_base = (char *)pLastEncryptedPart;
752 751 out.cd_raw.iov_len = AES_BLOCK_LEN;
753 752
754 753 rc = cmac_mode_final(soft_aes_ctx->aes_cbc, &out,
755 754 aes_encrypt_block, aes_xor_block);
|
↓ open down ↓ |
17 lines elided |
↑ open up ↑ |
756 755
757 756 if (rc == 0) {
758 757 *pulLastEncryptedPartLen = AES_BLOCK_LEN;
759 758 } else {
760 759 *pulLastEncryptedPartLen = 0;
761 760 rv = CKR_FUNCTION_FAILED;
762 761 }
763 762
764 763 /* Cleanup memory space. */
765 764 free(soft_aes_ctx->aes_cbc);
766 - bzero(soft_aes_ctx->key_sched,
765 + freezero(soft_aes_ctx->key_sched,
767 766 soft_aes_ctx->keysched_len);
768 - free(soft_aes_ctx->key_sched);
769 767 }
770 768
771 769 break;
772 770 }
773 771 case CKM_AES_CBC:
774 772 case CKM_AES_ECB:
775 773 {
776 774 soft_aes_ctx_t *soft_aes_ctx;
777 775
778 776 soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
779 777 /*
780 778 * CKM_AES_CBC and CKM_AES_ECB does not do any padding,
781 779 * so when the final is called, the remaining buffer
782 780 * should not contain any more data.
783 781 */
|
↓ open down ↓ |
5 lines elided |
↑ open up ↑ |
784 782 *pulLastEncryptedPartLen = 0;
785 783 if (soft_aes_ctx->remain_len != 0) {
786 784 rv = CKR_DATA_LEN_RANGE;
787 785 } else {
788 786 if (pLastEncryptedPart == NULL)
789 787 goto clean1;
790 788 }
791 789
792 790 /* Cleanup memory space. */
793 791 free(soft_aes_ctx->aes_cbc);
794 - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
795 - free(soft_aes_ctx->key_sched);
792 + freezero(soft_aes_ctx->key_sched,
793 + soft_aes_ctx->keysched_len);
796 794
797 795 break;
798 796 }
799 797 case CKM_AES_CTR:
800 798 {
801 799 crypto_data_t out;
802 800 soft_aes_ctx_t *soft_aes_ctx;
803 801 ctr_ctx_t *ctr_ctx;
804 802 size_t len;
805 803
806 804 soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
807 805 ctr_ctx = soft_aes_ctx->aes_cbc;
808 806 len = ctr_ctx->ctr_remainder_len;
809 807
810 808 if (pLastEncryptedPart == NULL) {
811 809 *pulLastEncryptedPartLen = len;
812 810 goto clean1;
813 811 }
814 812 if (len > 0) {
815 813 out.cd_format = CRYPTO_DATA_RAW;
816 814 out.cd_offset = 0;
817 815 out.cd_length = len;
818 816 out.cd_raw.iov_base = (char *)pLastEncryptedPart;
819 817 out.cd_raw.iov_len = len;
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
820 818
821 819 rv = ctr_mode_final(ctr_ctx, &out, aes_encrypt_block);
822 820 }
823 821 if (rv == CRYPTO_BUFFER_TOO_SMALL) {
824 822 *pulLastEncryptedPartLen = len;
825 823 goto clean1;
826 824 }
827 825
828 826 /* Cleanup memory space. */
829 827 free(ctr_ctx);
830 - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
831 - free(soft_aes_ctx->key_sched);
828 + freezero(soft_aes_ctx->key_sched,
829 + soft_aes_ctx->keysched_len);
832 830
833 831 break;
834 832 }
835 833 case CKM_BLOWFISH_CBC:
836 834 {
837 835 soft_blowfish_ctx_t *soft_blowfish_ctx;
838 836
839 837 soft_blowfish_ctx =
840 838 (soft_blowfish_ctx_t *)session_p->encrypt.context;
841 839 /*
842 840 * CKM_BLOWFISH_CBC does not do any padding, so when the
843 841 * final is called, the remaining buffer should not contain
844 842 * any more data
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
845 843 */
846 844 *pulLastEncryptedPartLen = 0;
847 845 if (soft_blowfish_ctx->remain_len != 0)
848 846 rv = CKR_DATA_LEN_RANGE;
849 847 else {
850 848 if (pLastEncryptedPart == NULL)
851 849 goto clean1;
852 850 }
853 851
854 852 free(soft_blowfish_ctx->blowfish_cbc);
855 - bzero(soft_blowfish_ctx->key_sched,
853 + freezero(soft_blowfish_ctx->key_sched,
856 854 soft_blowfish_ctx->keysched_len);
857 - free(soft_blowfish_ctx->key_sched);
858 855 break;
859 856 }
860 857
861 858 case CKM_RC4:
862 859 {
863 860 ARCFour_key *key = (ARCFour_key *)session_p->encrypt.context;
864 861 /* Remaining data size is always zero for RC4. */
865 862 *pulLastEncryptedPartLen = 0;
866 863 if (pLastEncryptedPart == NULL)
867 864 goto clean1;
868 - bzero(key, sizeof (*key));
865 + explicit_bzero(key, sizeof (*key));
869 866 break;
870 867 }
871 868 default:
872 869 /* PKCS11: The mechanism only supports single-part operation. */
873 870 rv = CKR_MECHANISM_INVALID;
874 871 break;
875 872 }
876 873
877 874 free(session_p->encrypt.context);
878 875 session_p->encrypt.context = NULL;
879 876 clean1:
880 877 (void) pthread_mutex_unlock(&session_p->session_mutex);
881 878
882 879 return (rv);
883 880 }
884 881
885 882 /*
886 883 * This function frees the allocated active crypto context and the
887 884 * lower level of allocated struct as needed.
888 885 * This function is called by the 1st tier of encrypt/decrypt routines
889 886 * or by the 2nd tier of session close routine. Since the 1st tier
890 887 * caller will always call this function without locking the session
891 888 * mutex and the 2nd tier caller will call with the lock, we add the
892 889 * third parameter "lock_held" to distinguish this case.
893 890 */
894 891 void
895 892 soft_crypt_cleanup(soft_session_t *session_p, boolean_t encrypt,
896 893 boolean_t lock_held)
897 894 {
898 895
899 896 crypto_active_op_t *active_op;
900 897 boolean_t lock_true = B_TRUE;
901 898
902 899 if (!lock_held)
903 900 (void) pthread_mutex_lock(&session_p->session_mutex);
904 901
905 902 active_op = (encrypt) ? &(session_p->encrypt) : &(session_p->decrypt);
906 903
907 904 switch (active_op->mech.mechanism) {
908 905
909 906 case CKM_DES_CBC_PAD:
910 907 case CKM_DES3_CBC_PAD:
911 908 case CKM_DES_CBC:
912 909 case CKM_DES_ECB:
913 910 case CKM_DES3_CBC:
|
↓ open down ↓ |
35 lines elided |
↑ open up ↑ |
914 911 case CKM_DES3_ECB:
915 912 {
916 913
917 914 soft_des_ctx_t *soft_des_ctx =
918 915 (soft_des_ctx_t *)active_op->context;
919 916 des_ctx_t *des_ctx;
920 917
921 918 if (soft_des_ctx != NULL) {
922 919 des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
923 920 if (des_ctx != NULL) {
924 - bzero(des_ctx->dc_keysched,
921 + explicit_bzero(des_ctx->dc_keysched,
925 922 des_ctx->dc_keysched_len);
926 923 free(soft_des_ctx->des_cbc);
927 924 }
928 - bzero(soft_des_ctx->key_sched,
925 + freezero(soft_des_ctx->key_sched,
929 926 soft_des_ctx->keysched_len);
930 - free(soft_des_ctx->key_sched);
931 927 }
932 928 break;
933 929 }
934 930
935 931 case CKM_AES_CBC_PAD:
936 932 case CKM_AES_CBC:
937 933 case CKM_AES_CMAC:
938 934 case CKM_AES_ECB:
939 935 {
940 936 soft_aes_ctx_t *soft_aes_ctx =
941 937 (soft_aes_ctx_t *)active_op->context;
942 938 aes_ctx_t *aes_ctx;
943 939
944 940 if (soft_aes_ctx != NULL) {
945 941 aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc;
946 942 if (aes_ctx != NULL) {
947 - bzero(aes_ctx->ac_keysched,
943 + explicit_bzero(aes_ctx->ac_keysched,
948 944 aes_ctx->ac_keysched_len);
949 945 free(soft_aes_ctx->aes_cbc);
950 946 }
951 - bzero(soft_aes_ctx->key_sched,
947 + freezero(soft_aes_ctx->key_sched,
952 948 soft_aes_ctx->keysched_len);
953 - free(soft_aes_ctx->key_sched);
954 949 }
955 950 break;
956 951 }
957 952
958 953 case CKM_BLOWFISH_CBC:
959 954 {
960 955 soft_blowfish_ctx_t *soft_blowfish_ctx =
961 956 (soft_blowfish_ctx_t *)active_op->context;
962 957 blowfish_ctx_t *blowfish_ctx;
963 958
964 959 if (soft_blowfish_ctx != NULL) {
965 960 blowfish_ctx =
966 961 (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
967 962 if (blowfish_ctx != NULL) {
968 - bzero(blowfish_ctx->bc_keysched,
963 + explicit_bzero(blowfish_ctx->bc_keysched,
969 964 blowfish_ctx->bc_keysched_len);
970 965 free(soft_blowfish_ctx->blowfish_cbc);
971 966 }
972 967
973 - bzero(soft_blowfish_ctx->key_sched,
968 + freezero(soft_blowfish_ctx->key_sched,
974 969 soft_blowfish_ctx->keysched_len);
975 - free(soft_blowfish_ctx->key_sched);
976 970 }
977 971 break;
978 972 }
979 973
980 974 case CKM_RC4:
981 975 {
982 976 ARCFour_key *key = (ARCFour_key *)active_op->context;
983 977
984 978 if (key != NULL)
985 - bzero(key, sizeof (*key));
979 + explicit_bzero(key, sizeof (*key));
986 980 break;
987 981 }
988 982
989 983 case CKM_RSA_X_509:
990 984 case CKM_RSA_PKCS:
991 985 {
992 986 soft_rsa_ctx_t *rsa_ctx =
993 987 (soft_rsa_ctx_t *)active_op->context;
994 988
995 989 if (rsa_ctx != NULL)
996 990 if (rsa_ctx->key != NULL) {
997 991 soft_cleanup_object(rsa_ctx->key);
998 992 free(rsa_ctx->key);
999 993 }
1000 994
1001 995 break;
1002 996 }
1003 997
1004 998 } /* switch */
1005 999
1006 1000 if (active_op->context != NULL) {
1007 1001 free(active_op->context);
1008 1002 active_op->context = NULL;
1009 1003 }
1010 1004
1011 1005 active_op->flags = 0;
1012 1006
1013 1007 if (!lock_held)
1014 1008 SES_REFRELE(session_p, lock_true);
1015 1009 }
|
↓ open down ↓ |
20 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX