Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.

  25  */
  26 
  27 #pragma ident   "%Z%%M% %I%     %E% SMI"
  28 
  29 #include <pthread.h>
  30 #include <sys/md5.h>
  31 #include <sys/sha1.h>
  32 #include <sys/sha2.h>
  33 #include <stdlib.h>
  34 #include <string.h>
  35 #include <strings.h>
  36 #include <sys/types.h>
  37 #include <security/cryptoki.h>
  38 #include "softObject.h"
  39 #include "softOps.h"
  40 #include "softSession.h"
  41 #include "softMAC.h"
  42 
  43 /*
  44  * IPAD = 0x36 repeated 48 times for ssl md5, repeated 40 times for ssl sha1
  45  * OPAD = 0x5C repeated 48 times for SSL md5, repeated 40 times for ssl sha1
  46  */
  47 const uint32_t md5_ssl_ipad[] = {
  48         0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,


 545         case CKM_SHA512_HMAC_GENERAL:
 546         case CKM_SHA512_HMAC:
 547 
 548                 if (pData != NULL)
 549                         /* Called by soft_sign() or soft_verify(). */
 550                         SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
 551                             pData, datalen);
 552 
 553                 SOFT_MAC_FINAL_2(SHA512, &(hmac_ctx->hc_ctx_u.sha2_ctx),
 554                     pSigned);
 555         };
 556 
 557         *pulSignedLen = hmac_ctx->hmac_len;
 558 
 559 
 560 clean_exit:
 561 
 562         (void) pthread_mutex_lock(&session_p->session_mutex);
 563 
 564         if (sign_op) {
 565                 bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t));
 566                 free(session_p->sign.context);
 567                 session_p->sign.context = NULL;
 568         } else {
 569                 bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t));
 570                 free(session_p->verify.context);
 571                 session_p->verify.context = NULL;
 572         }
 573 
 574         (void) pthread_mutex_unlock(&session_p->session_mutex);
 575 
 576         return (CKR_OK);
 577 }
 578 
 579 
 580 /*
 581  * Called by soft_sign_update() or soft_verify_update().
 582  */
 583 CK_RV
 584 soft_hmac_sign_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
 585         CK_ULONG ulPartLen, boolean_t sign_op)
 586 {
 587 
 588         soft_hmac_ctx_t *hmac_ctx;
 589         CK_MECHANISM_TYPE       mechanism;
 590 #ifdef  __sparcv9




   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  * Copyright (c) 2018, Joyent, Inc.
  26  */
  27 


  28 #include <pthread.h>
  29 #include <sys/md5.h>
  30 #include <sys/sha1.h>
  31 #include <sys/sha2.h>
  32 #include <stdlib.h>
  33 #include <string.h>
  34 #include <strings.h>
  35 #include <sys/types.h>
  36 #include <security/cryptoki.h>
  37 #include "softObject.h"
  38 #include "softOps.h"
  39 #include "softSession.h"
  40 #include "softMAC.h"
  41 
  42 /*
  43  * IPAD = 0x36 repeated 48 times for ssl md5, repeated 40 times for ssl sha1
  44  * OPAD = 0x5C repeated 48 times for SSL md5, repeated 40 times for ssl sha1
  45  */
  46 const uint32_t md5_ssl_ipad[] = {
  47         0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,


 544         case CKM_SHA512_HMAC_GENERAL:
 545         case CKM_SHA512_HMAC:
 546 
 547                 if (pData != NULL)
 548                         /* Called by soft_sign() or soft_verify(). */
 549                         SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
 550                             pData, datalen);
 551 
 552                 SOFT_MAC_FINAL_2(SHA512, &(hmac_ctx->hc_ctx_u.sha2_ctx),
 553                     pSigned);
 554         };
 555 
 556         *pulSignedLen = hmac_ctx->hmac_len;
 557 
 558 
 559 clean_exit:
 560 
 561         (void) pthread_mutex_lock(&session_p->session_mutex);
 562 
 563         if (sign_op) {
 564                 freezero(session_p->sign.context, sizeof (soft_hmac_ctx_t));

 565                 session_p->sign.context = NULL;
 566         } else {
 567                 freezero(session_p->verify.context, sizeof (soft_hmac_ctx_t));

 568                 session_p->verify.context = NULL;
 569         }
 570 
 571         (void) pthread_mutex_unlock(&session_p->session_mutex);
 572 
 573         return (CKR_OK);
 574 }
 575 
 576 
 577 /*
 578  * Called by soft_sign_update() or soft_verify_update().
 579  */
 580 CK_RV
 581 soft_hmac_sign_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
 582         CK_ULONG ulPartLen, boolean_t sign_op)
 583 {
 584 
 585         soft_hmac_ctx_t *hmac_ctx;
 586         CK_MECHANISM_TYPE       mechanism;
 587 #ifdef  __sparcv9