Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22 /*
23 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 + * Copyright (c) 2018, Joyent, Inc.
25 26 */
26 27
27 -#pragma ident "%Z%%M% %I% %E% SMI"
28 -
29 28 #include <pthread.h>
30 29 #include <sys/md5.h>
31 30 #include <sys/sha1.h>
32 31 #include <sys/sha2.h>
33 32 #include <stdlib.h>
34 33 #include <string.h>
35 34 #include <strings.h>
36 35 #include <sys/types.h>
37 36 #include <security/cryptoki.h>
38 37 #include "softObject.h"
39 38 #include "softOps.h"
40 39 #include "softSession.h"
41 40 #include "softMAC.h"
42 41
43 42 /*
44 43 * IPAD = 0x36 repeated 48 times for ssl md5, repeated 40 times for ssl sha1
45 44 * OPAD = 0x5C repeated 48 times for SSL md5, repeated 40 times for ssl sha1
46 45 */
47 46 const uint32_t md5_ssl_ipad[] = {
48 47 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,
49 48 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,
50 49 0x36363636, 0x36363636};
51 50 const uint32_t sha1_ssl_ipad[] = {
52 51 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,
53 52 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636};
54 53 const uint32_t md5_ssl_opad[] = {
55 54 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c,
56 55 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c,
57 56 0x5c5c5c5c, 0x5c5c5c5c};
58 57 const uint32_t sha1_ssl_opad[] = {
59 58 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c,
60 59 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c};
61 60
62 61 /*
63 62 * Allocate and initialize a HMAC context, and save the context pointer in
64 63 * the session struct. For General-length HMAC, checks the length in the
65 64 * parameter to see if it is in the right range.
66 65 */
67 66 CK_RV
68 67 soft_hmac_sign_verify_init_common(soft_session_t *session_p,
69 68 CK_MECHANISM_PTR pMechanism, soft_object_t *key_p, boolean_t sign_op)
70 69 {
71 70
72 71 soft_hmac_ctx_t *hmac_ctx;
73 72 CK_RV rv = CKR_OK;
74 73
75 74 if ((key_p->class != CKO_SECRET_KEY) ||
76 75 (key_p->key_type != CKK_GENERIC_SECRET)) {
77 76 return (CKR_KEY_TYPE_INCONSISTENT);
78 77 }
79 78
80 79 hmac_ctx = malloc(sizeof (soft_hmac_ctx_t));
81 80
82 81 if (hmac_ctx == NULL) {
83 82 return (CKR_HOST_MEMORY);
84 83 }
85 84
86 85 switch (pMechanism->mechanism) {
87 86 case CKM_MD5_HMAC:
88 87 hmac_ctx->hmac_len = MD5_HASH_SIZE;
89 88 break;
90 89
91 90 case CKM_SHA_1_HMAC:
92 91 hmac_ctx->hmac_len = SHA1_HASH_SIZE;
93 92 break;
94 93
95 94 case CKM_SHA256_HMAC:
96 95 hmac_ctx->hmac_len = SHA256_DIGEST_LENGTH;
97 96 break;
98 97
99 98 case CKM_SHA384_HMAC:
100 99 hmac_ctx->hmac_len = SHA384_DIGEST_LENGTH;
101 100 break;
102 101
103 102 case CKM_SHA512_HMAC:
104 103 hmac_ctx->hmac_len = SHA512_DIGEST_LENGTH;
105 104 break;
106 105
107 106 case CKM_MD5_HMAC_GENERAL:
108 107 case CKM_SSL3_MD5_MAC:
109 108 if ((pMechanism->ulParameterLen !=
110 109 sizeof (CK_MAC_GENERAL_PARAMS)) &&
111 110 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
112 111 MD5_HASH_SIZE)) {
113 112 free(hmac_ctx);
114 113 return (CKR_MECHANISM_PARAM_INVALID);
115 114 }
116 115 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
117 116 pMechanism->pParameter);
118 117 break;
119 118
120 119 case CKM_SSL3_SHA1_MAC:
121 120 case CKM_SHA_1_HMAC_GENERAL:
122 121 if ((pMechanism->ulParameterLen !=
123 122 sizeof (CK_MAC_GENERAL_PARAMS)) &&
124 123 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
125 124 SHA1_HASH_SIZE)) {
126 125 free(hmac_ctx);
127 126 return (CKR_MECHANISM_PARAM_INVALID);
128 127 }
129 128 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
130 129 pMechanism->pParameter);
131 130 break;
132 131
133 132 case CKM_SHA256_HMAC_GENERAL:
134 133 if ((pMechanism->ulParameterLen !=
135 134 sizeof (CK_MAC_GENERAL_PARAMS)) &&
136 135 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
137 136 SHA256_DIGEST_LENGTH)) {
138 137 free(hmac_ctx);
139 138 return (CKR_MECHANISM_PARAM_INVALID);
140 139 }
141 140 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
142 141 pMechanism->pParameter);
143 142 break;
144 143
145 144 case CKM_SHA384_HMAC_GENERAL:
146 145 case CKM_SHA512_HMAC_GENERAL:
147 146 if ((pMechanism->ulParameterLen !=
148 147 sizeof (CK_MAC_GENERAL_PARAMS)) &&
149 148 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
150 149 SHA512_DIGEST_LENGTH)) {
151 150 free(hmac_ctx);
152 151 return (CKR_MECHANISM_PARAM_INVALID);
153 152 }
154 153
155 154 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
156 155 pMechanism->pParameter);
157 156 break;
158 157
159 158 }
160 159
161 160
162 161 /* Initialize a MAC context. */
163 162 rv = mac_init_ctx(session_p, key_p, hmac_ctx, pMechanism->mechanism);
164 163 if (rv != CKR_OK)
165 164 return (rv);
166 165
167 166 (void) pthread_mutex_lock(&session_p->session_mutex);
168 167
169 168 if (sign_op) {
170 169 session_p->sign.mech.mechanism = pMechanism->mechanism;
171 170 session_p->sign.context = hmac_ctx;
172 171 } else {
173 172 session_p->verify.mech.mechanism = pMechanism->mechanism;
174 173 session_p->verify.context = hmac_ctx;
175 174 }
176 175
177 176 (void) pthread_mutex_unlock(&session_p->session_mutex);
178 177
179 178 return (CKR_OK);
180 179 }
181 180
182 181
183 182 /*
184 183 * Initialize a HMAC context.
185 184 */
186 185 CK_RV
187 186 mac_init_ctx(soft_session_t *session_p, soft_object_t *key,
188 187 soft_hmac_ctx_t *ctx, CK_MECHANISM_TYPE mech)
189 188 {
190 189 CK_RV rv = CKR_OK;
191 190
192 191 switch (mech) {
193 192 case CKM_SSL3_MD5_MAC:
194 193 {
195 194 CK_BYTE md5_ipad[MD5_SSL_PAD_AND_KEY_SIZE];
196 195 CK_BYTE md5_opad[MD5_SSL_PAD_AND_KEY_SIZE];
197 196
198 197 if (OBJ_SEC(key)->sk_value_len > MD5_SSL_PAD_AND_KEY_SIZE) {
199 198 return (CKR_KEY_SIZE_RANGE);
200 199 }
201 200
202 201 bzero(md5_ipad, MD5_SSL_PAD_AND_KEY_SIZE);
203 202 bzero(md5_opad, MD5_SSL_PAD_AND_KEY_SIZE);
204 203
205 204 /* SSL MAC is HASH(key + opad + HASH(key + ipad + data)) */
206 205 (void) memcpy(md5_ipad, OBJ_SEC(key)->sk_value,
207 206 OBJ_SEC(key)->sk_value_len);
208 207 (void) memcpy(&md5_ipad[OBJ_SEC(key)->sk_value_len],
209 208 md5_ssl_ipad, MD5_SSL_PAD_SIZE);
210 209 (void) memcpy(md5_opad, OBJ_SEC(key)->sk_value,
211 210 OBJ_SEC(key)->sk_value_len);
212 211 (void) memcpy(&md5_opad[OBJ_SEC(key)->sk_value_len],
213 212 md5_ssl_opad, MD5_SSL_PAD_SIZE);
214 213
215 214 SOFT_MAC_INIT_CTX(MD5, &(ctx->hc_ctx_u.md5_ctx),
216 215 md5_ipad, md5_opad, MD5_SSL_PAD_AND_KEY_SIZE);
217 216
218 217 break;
219 218 }
220 219 case CKM_MD5_HMAC_GENERAL:
221 220 case CKM_MD5_HMAC:
222 221 {
223 222 uint32_t md5_ipad[MD5_HMAC_INTS_PER_BLOCK];
224 223 uint32_t md5_opad[MD5_HMAC_INTS_PER_BLOCK];
225 224 CK_MECHANISM digest_mech;
226 225 CK_ULONG hash_len = MD5_HASH_SIZE;
227 226
228 227 bzero(md5_ipad, MD5_HMAC_BLOCK_SIZE);
229 228 bzero(md5_opad, MD5_HMAC_BLOCK_SIZE);
230 229
231 230 if (OBJ_SEC(key)->sk_value_len > MD5_HMAC_BLOCK_SIZE) {
232 231 /*
233 232 * Hash the key when it is longer than 64 bytes.
234 233 */
235 234 digest_mech.mechanism = CKM_MD5;
236 235 digest_mech.pParameter = NULL_PTR;
237 236 digest_mech.ulParameterLen = 0;
238 237 rv = soft_digest_init_internal(session_p, &digest_mech);
239 238 if (rv != CKR_OK)
240 239 return (rv);
241 240 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
242 241 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)md5_ipad,
243 242 &hash_len);
244 243 session_p->digest.flags = 0;
245 244 if (rv != CKR_OK)
246 245 return (rv);
247 246 (void) memcpy(md5_opad, md5_ipad, hash_len);
248 247 } else {
249 248 (void) memcpy(md5_ipad, OBJ_SEC(key)->sk_value,
250 249 OBJ_SEC(key)->sk_value_len);
251 250 (void) memcpy(md5_opad, OBJ_SEC(key)->sk_value,
252 251 OBJ_SEC(key)->sk_value_len);
253 252 }
254 253
255 254 md5_hmac_ctx_init(&ctx->hc_ctx_u.md5_ctx, md5_ipad, md5_opad);
256 255 break;
257 256 }
258 257
259 258 case CKM_SSL3_SHA1_MAC:
260 259 {
261 260 CK_BYTE sha1_ipad[SHA1_SSL_PAD_AND_KEY_SIZE];
262 261 CK_BYTE sha1_opad[SHA1_SSL_PAD_AND_KEY_SIZE];
263 262
264 263 if (OBJ_SEC(key)->sk_value_len > SHA1_HMAC_BLOCK_SIZE) {
265 264 return (CKR_KEY_SIZE_RANGE);
266 265 }
267 266
268 267 bzero(sha1_ipad, SHA1_SSL_PAD_AND_KEY_SIZE);
269 268 bzero(sha1_opad, SHA1_SSL_PAD_AND_KEY_SIZE);
270 269
271 270 /* SSL MAC is HASH(key + opad + HASH(key + ipad + data)) */
272 271 (void) memcpy(sha1_ipad, OBJ_SEC(key)->sk_value,
273 272 OBJ_SEC(key)->sk_value_len);
274 273 (void) memcpy(&sha1_ipad[OBJ_SEC(key)->sk_value_len],
275 274 sha1_ssl_ipad, SHA1_SSL_PAD_SIZE);
276 275 (void) memcpy(sha1_opad, OBJ_SEC(key)->sk_value,
277 276 OBJ_SEC(key)->sk_value_len);
278 277 (void) memcpy(&sha1_opad[OBJ_SEC(key)->sk_value_len],
279 278 sha1_ssl_opad, SHA1_SSL_PAD_SIZE);
280 279
281 280 SOFT_MAC_INIT_CTX(SHA1, &(ctx->hc_ctx_u.sha1_ctx),
282 281 sha1_ipad, sha1_opad, SHA1_SSL_PAD_AND_KEY_SIZE);
283 282
284 283 break;
285 284 }
286 285 case CKM_SHA_1_HMAC_GENERAL:
287 286 case CKM_SHA_1_HMAC:
288 287 {
289 288 uint32_t sha1_ipad[SHA1_HMAC_INTS_PER_BLOCK];
290 289 uint32_t sha1_opad[SHA1_HMAC_INTS_PER_BLOCK];
291 290 CK_MECHANISM digest_mech;
292 291 CK_ULONG hash_len = SHA1_HASH_SIZE;
293 292
294 293 bzero(sha1_ipad, SHA1_HMAC_BLOCK_SIZE);
295 294 bzero(sha1_opad, SHA1_HMAC_BLOCK_SIZE);
296 295
297 296 if (OBJ_SEC(key)->sk_value_len > SHA1_HMAC_BLOCK_SIZE) {
298 297 /*
299 298 * Hash the key when it is longer than 64 bytes.
300 299 */
301 300 digest_mech.mechanism = CKM_SHA_1;
302 301 digest_mech.pParameter = NULL_PTR;
303 302 digest_mech.ulParameterLen = 0;
304 303 rv = soft_digest_init_internal(session_p, &digest_mech);
305 304 if (rv != CKR_OK)
306 305 return (rv);
307 306 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
308 307 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha1_ipad,
309 308 &hash_len);
310 309 session_p->digest.flags = 0;
311 310 if (rv != CKR_OK)
312 311 return (rv);
313 312 (void) memcpy(sha1_opad, sha1_ipad, hash_len);
314 313 } else {
315 314 (void) memcpy(sha1_ipad, OBJ_SEC(key)->sk_value,
316 315 OBJ_SEC(key)->sk_value_len);
317 316 (void) memcpy(sha1_opad, OBJ_SEC(key)->sk_value,
318 317 OBJ_SEC(key)->sk_value_len);
319 318 }
320 319
321 320 sha1_hmac_ctx_init(&ctx->hc_ctx_u.sha1_ctx, sha1_ipad,
322 321 sha1_opad);
323 322
324 323 break;
325 324 }
326 325 case CKM_SHA256_HMAC:
327 326 case CKM_SHA256_HMAC_GENERAL:
328 327 {
329 328 uint64_t sha_ipad[SHA256_HMAC_INTS_PER_BLOCK];
330 329 uint64_t sha_opad[SHA256_HMAC_INTS_PER_BLOCK];
331 330 CK_MECHANISM digest_mech;
332 331 CK_ULONG hash_len = SHA256_DIGEST_LENGTH;
333 332
334 333 bzero(sha_ipad, SHA256_HMAC_BLOCK_SIZE);
335 334 bzero(sha_opad, SHA256_HMAC_BLOCK_SIZE);
336 335
337 336 if (OBJ_SEC(key)->sk_value_len > SHA256_HMAC_BLOCK_SIZE) {
338 337 /*
339 338 * Hash the key when it is longer than 64 bytes.
340 339 */
341 340 digest_mech.mechanism = CKM_SHA256;
342 341 digest_mech.pParameter = NULL_PTR;
343 342 digest_mech.ulParameterLen = 0;
344 343 rv = soft_digest_init_internal(session_p, &digest_mech);
345 344 if (rv != CKR_OK)
346 345 return (rv);
347 346 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
348 347 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha_ipad,
349 348 &hash_len);
350 349 session_p->digest.flags = 0;
351 350 if (rv != CKR_OK)
352 351 return (rv);
353 352 (void) memcpy(sha_opad, sha_ipad, hash_len);
354 353 } else {
355 354 (void) memcpy(sha_ipad, OBJ_SEC(key)->sk_value,
356 355 OBJ_SEC(key)->sk_value_len);
357 356 (void) memcpy(sha_opad, OBJ_SEC(key)->sk_value,
358 357 OBJ_SEC(key)->sk_value_len);
359 358 }
360 359
361 360 sha2_hmac_ctx_init(CKM_TO_SHA2(mech), &ctx->hc_ctx_u.sha2_ctx,
362 361 sha_ipad, sha_opad, SHA256_HMAC_INTS_PER_BLOCK,
363 362 SHA256_HMAC_BLOCK_SIZE);
364 363
365 364 break;
366 365 }
367 366 case CKM_SHA384_HMAC:
368 367 case CKM_SHA384_HMAC_GENERAL:
369 368 {
370 369 uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK];
371 370 uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK];
372 371 CK_MECHANISM digest_mech;
373 372 CK_ULONG hash_len = SHA384_DIGEST_LENGTH;
374 373
375 374 bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE);
376 375 bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE);
377 376
378 377 if (OBJ_SEC(key)->sk_value_len > SHA512_HMAC_BLOCK_SIZE) {
379 378 /*
380 379 * Hash the key when it is longer than 64 bytes.
381 380 */
382 381 digest_mech.mechanism = CKM_SHA384;
383 382 digest_mech.pParameter = NULL_PTR;
384 383 digest_mech.ulParameterLen = 0;
385 384 rv = soft_digest_init_internal(session_p, &digest_mech);
386 385 if (rv != CKR_OK)
387 386 return (rv);
388 387 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
389 388 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha_ipad,
390 389 &hash_len);
391 390 session_p->digest.flags = 0;
392 391 if (rv != CKR_OK)
393 392 return (rv);
394 393 (void) memcpy(sha_opad, sha_ipad, hash_len);
395 394 } else {
396 395 (void) memcpy(sha_ipad, OBJ_SEC(key)->sk_value,
397 396 OBJ_SEC(key)->sk_value_len);
398 397 (void) memcpy(sha_opad, OBJ_SEC(key)->sk_value,
399 398 OBJ_SEC(key)->sk_value_len);
400 399 }
401 400
402 401 sha2_hmac_ctx_init(CKM_TO_SHA2(mech), &ctx->hc_ctx_u.sha2_ctx,
403 402 sha_ipad, sha_opad, SHA512_HMAC_INTS_PER_BLOCK,
404 403 SHA512_HMAC_BLOCK_SIZE);
405 404
406 405 break;
407 406 }
408 407 case CKM_SHA512_HMAC:
409 408 case CKM_SHA512_HMAC_GENERAL:
410 409 {
411 410 uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK];
412 411 uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK];
413 412 CK_MECHANISM digest_mech;
414 413 CK_ULONG hash_len = SHA512_DIGEST_LENGTH;
415 414
416 415 bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE);
417 416 bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE);
418 417
419 418 if (OBJ_SEC(key)->sk_value_len > SHA512_HMAC_BLOCK_SIZE) {
420 419 /*
421 420 * Hash the key when it is longer than 64 bytes.
422 421 */
423 422 digest_mech.mechanism = CKM_SHA512;
424 423 digest_mech.pParameter = NULL_PTR;
425 424 digest_mech.ulParameterLen = 0;
426 425 rv = soft_digest_init_internal(session_p, &digest_mech);
427 426 if (rv != CKR_OK)
428 427 return (rv);
429 428 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
430 429 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha_ipad,
431 430 &hash_len);
432 431 session_p->digest.flags = 0;
433 432 if (rv != CKR_OK)
434 433 return (rv);
435 434 (void) memcpy(sha_opad, sha_ipad, hash_len);
436 435 } else {
437 436 (void) memcpy(sha_ipad, OBJ_SEC(key)->sk_value,
438 437 OBJ_SEC(key)->sk_value_len);
439 438 (void) memcpy(sha_opad, OBJ_SEC(key)->sk_value,
440 439 OBJ_SEC(key)->sk_value_len);
441 440 }
442 441
443 442 sha2_hmac_ctx_init(CKM_TO_SHA2(mech), &ctx->hc_ctx_u.sha2_ctx,
444 443 sha_ipad, sha_opad, SHA512_HMAC_INTS_PER_BLOCK,
445 444 SHA512_HMAC_BLOCK_SIZE);
446 445
447 446 break;
448 447 }
449 448 }
450 449 return (rv);
451 450 }
452 451
453 452
454 453 /*
455 454 * Called by soft_sign(), soft_sign_final(), soft_verify() or
456 455 * soft_verify_final().
457 456 */
458 457 CK_RV
459 458 soft_hmac_sign_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData,
460 459 CK_ULONG ulDataLen, CK_BYTE_PTR pSigned, CK_ULONG_PTR pulSignedLen,
461 460 boolean_t sign_op)
462 461 {
463 462
464 463 soft_hmac_ctx_t *hmac_ctx;
465 464 CK_MECHANISM_TYPE mechanism;
466 465 #ifdef __sparcv9
467 466 /* LINTED */
468 467 uint_t datalen = (uint_t)ulDataLen;
469 468 #else /* __sparcv9 */
470 469 uint_t datalen = ulDataLen;
471 470 #endif /* __sparcv9 */
472 471
473 472 if (sign_op) {
474 473 hmac_ctx = (soft_hmac_ctx_t *)session_p->sign.context;
475 474 mechanism = session_p->sign.mech.mechanism;
476 475
477 476 /*
478 477 * If application asks for the length of the output buffer
479 478 * to hold the signature?
480 479 */
481 480 if (pSigned == NULL) {
482 481 *pulSignedLen = hmac_ctx->hmac_len;
483 482 return (CKR_OK);
484 483 }
485 484
486 485 /* Is the application-supplied buffer large enough? */
487 486 if (*pulSignedLen < hmac_ctx->hmac_len) {
488 487 *pulSignedLen = hmac_ctx->hmac_len;
489 488 return (CKR_BUFFER_TOO_SMALL);
490 489 }
491 490 } else {
492 491 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
493 492 mechanism = session_p->verify.mech.mechanism;
494 493 }
495 494
496 495 switch (mechanism) {
497 496
498 497 case CKM_SSL3_MD5_MAC:
499 498 case CKM_MD5_HMAC_GENERAL:
500 499 case CKM_MD5_HMAC:
501 500
502 501 if (pData != NULL) {
503 502 /* Called by soft_sign() or soft_verify(). */
504 503 SOFT_MAC_UPDATE(MD5, &(hmac_ctx->hc_ctx_u.md5_ctx),
505 504 pData, datalen);
506 505 }
507 506 SOFT_MAC_FINAL(MD5, &(hmac_ctx->hc_ctx_u.md5_ctx), pSigned);
508 507 break;
509 508
510 509 case CKM_SSL3_SHA1_MAC:
511 510 case CKM_SHA_1_HMAC_GENERAL:
512 511 case CKM_SHA_1_HMAC:
513 512
514 513 if (pData != NULL) {
515 514 /* Called by soft_sign() or soft_verify(). */
516 515 SOFT_MAC_UPDATE(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx),
517 516 pData, datalen);
518 517 }
519 518 SOFT_MAC_FINAL(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx), pSigned);
520 519 break;
521 520
522 521 case CKM_SHA256_HMAC_GENERAL:
523 522 case CKM_SHA256_HMAC:
524 523 if (pData != NULL)
525 524 /* Called by soft_sign() or soft_verify(). */
526 525 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
527 526 pData, datalen);
528 527
529 528 SOFT_MAC_FINAL_2(SHA256, &(hmac_ctx->hc_ctx_u.sha2_ctx),
530 529 pSigned);
531 530 break;
532 531
533 532 case CKM_SHA384_HMAC_GENERAL:
534 533 case CKM_SHA384_HMAC:
535 534 if (pData != NULL)
536 535 /* Called by soft_sign() or soft_verify(). */
537 536 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
538 537 pData, datalen);
539 538
540 539 SOFT_MAC_FINAL_2(SHA384, &(hmac_ctx->hc_ctx_u.sha2_ctx),
541 540 pSigned);
542 541 hmac_ctx->hmac_len = SHA384_DIGEST_LENGTH;
543 542 break;
544 543
545 544 case CKM_SHA512_HMAC_GENERAL:
546 545 case CKM_SHA512_HMAC:
547 546
548 547 if (pData != NULL)
549 548 /* Called by soft_sign() or soft_verify(). */
550 549 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
551 550 pData, datalen);
552 551
553 552 SOFT_MAC_FINAL_2(SHA512, &(hmac_ctx->hc_ctx_u.sha2_ctx),
554 553 pSigned);
|
↓ open down ↓ |
516 lines elided |
↑ open up ↑ |
555 554 };
556 555
557 556 *pulSignedLen = hmac_ctx->hmac_len;
558 557
559 558
560 559 clean_exit:
561 560
562 561 (void) pthread_mutex_lock(&session_p->session_mutex);
563 562
564 563 if (sign_op) {
565 - bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t));
566 - free(session_p->sign.context);
564 + freezero(session_p->sign.context, sizeof (soft_hmac_ctx_t));
567 565 session_p->sign.context = NULL;
568 566 } else {
569 - bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t));
570 - free(session_p->verify.context);
567 + freezero(session_p->verify.context, sizeof (soft_hmac_ctx_t));
571 568 session_p->verify.context = NULL;
572 569 }
573 570
574 571 (void) pthread_mutex_unlock(&session_p->session_mutex);
575 572
576 573 return (CKR_OK);
577 574 }
578 575
579 576
580 577 /*
581 578 * Called by soft_sign_update() or soft_verify_update().
582 579 */
583 580 CK_RV
584 581 soft_hmac_sign_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
585 582 CK_ULONG ulPartLen, boolean_t sign_op)
586 583 {
587 584
588 585 soft_hmac_ctx_t *hmac_ctx;
589 586 CK_MECHANISM_TYPE mechanism;
590 587 #ifdef __sparcv9
591 588 /* LINTED */
592 589 uint_t partlen = (uint_t)ulPartLen;
593 590 #else /* __sparcv9 */
594 591 uint_t partlen = ulPartLen;
595 592 #endif /* __sparcv9 */
596 593
597 594 if (sign_op) {
598 595 hmac_ctx = (soft_hmac_ctx_t *)session_p->sign.context;
599 596 mechanism = session_p->sign.mech.mechanism;
600 597 } else {
601 598 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
602 599 mechanism = session_p->verify.mech.mechanism;
603 600 }
604 601
605 602 switch (mechanism) {
606 603
607 604 case CKM_SSL3_MD5_MAC:
608 605 case CKM_MD5_HMAC_GENERAL:
609 606 case CKM_MD5_HMAC:
610 607
611 608 SOFT_MAC_UPDATE(MD5, &(hmac_ctx->hc_ctx_u.md5_ctx), pPart,
612 609 partlen);
613 610 break;
614 611
615 612 case CKM_SSL3_SHA1_MAC:
616 613 case CKM_SHA_1_HMAC_GENERAL:
617 614 case CKM_SHA_1_HMAC:
618 615
619 616 SOFT_MAC_UPDATE(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx), pPart,
620 617 partlen);
621 618
622 619 break;
623 620
624 621 case CKM_SHA256_HMAC_GENERAL:
625 622 case CKM_SHA256_HMAC:
626 623 case CKM_SHA384_HMAC_GENERAL:
627 624 case CKM_SHA384_HMAC:
628 625 case CKM_SHA512_HMAC_GENERAL:
629 626 case CKM_SHA512_HMAC:
630 627
631 628 SOFT_MAC_UPDATE(SHA2, &(hmac_ctx->hc_ctx_u.sha2_ctx), pPart,
632 629 partlen);
633 630 break;
634 631
635 632 }
636 633 return (CKR_OK);
637 634 }
638 635
639 636 /*
640 637 * The following 2 functions expect the MAC key to be alreay copied in
641 638 * the ipad and opad
642 639 */
643 640 void
644 641 md5_hmac_ctx_init(md5_hc_ctx_t *md5_hmac_ctx, uint32_t *ipad, uint32_t *opad)
645 642 {
646 643 int i;
647 644 /* XOR key with ipad (0x36) and opad (0x5c) */
648 645 for (i = 0; i < MD5_HMAC_INTS_PER_BLOCK; i++) {
649 646 ipad[i] ^= 0x36363636;
650 647 opad[i] ^= 0x5c5c5c5c;
651 648 }
652 649 SOFT_MAC_INIT_CTX(MD5, md5_hmac_ctx, ipad, opad, MD5_HMAC_BLOCK_SIZE);
653 650 }
654 651
655 652 void
656 653 sha1_hmac_ctx_init(sha1_hc_ctx_t *sha1_hmac_ctx, uint32_t *ipad, uint32_t *opad)
657 654 {
658 655 int i;
659 656 /* XOR key with ipad (0x36) and opad (0x5c) */
660 657 for (i = 0; i < SHA1_HMAC_INTS_PER_BLOCK; i++) {
661 658 ipad[i] ^= 0x36363636;
662 659 opad[i] ^= 0x5c5c5c5c;
663 660 }
664 661 SOFT_MAC_INIT_CTX(SHA1, sha1_hmac_ctx, (const uchar_t *)ipad,
665 662 (const uchar_t *)opad, SHA1_HMAC_BLOCK_SIZE);
666 663 }
667 664
668 665
669 666 void
670 667 sha2_hmac_ctx_init(uint_t mech, sha2_hc_ctx_t *ctx, uint64_t *ipad,
671 668 uint64_t *opad, uint_t blocks_per_int64, uint_t block_size)
672 669 {
673 670 int i;
674 671
675 672 /* XOR key with ipad (0x36) and opad (0x5c) */
676 673 for (i = 0; i < blocks_per_int64; i ++) {
677 674 ipad[i] ^= 0x3636363636363636ULL;
678 675 opad[i] ^= 0x5c5c5c5c5c5c5c5cULL;
679 676 }
680 677
681 678 /* perform SHA2 on ipad */
682 679 SHA2Init(mech, &ctx->hc_icontext);
683 680 SHA2Update(&ctx->hc_icontext, (uint8_t *)ipad, block_size);
684 681
685 682 /* perform SHA2 on opad */
686 683 SHA2Init(mech, &ctx->hc_ocontext);
687 684 SHA2Update(&ctx->hc_ocontext, (uint8_t *)opad, block_size);
688 685
689 686 }
|
↓ open down ↓ |
109 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX