1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 */
26
27 #include <stdlib.h>
28 #include <strings.h>
29 #include <sys/types.h>
30 #include <security/cryptoki.h>
31 #include "softObject.h"
32 #include "softOps.h"
33 #include "softSession.h"
34 #include "softMAC.h"
35 #include "softRSA.h"
36 #include "softDSA.h"
37 #include "softEC.h"
38 #include "softCrypt.h"
39
40 /*
41 * soft_sign_init()
42 *
43 * Arguments:
44 * session_p: pointer to soft_session_t struct
45 * pMechanism: pointer to CK_MECHANISM struct provided by application
46 * key_p: pointer to key soft_object_t struct
47 *
48 * Description:
49 * called by C_SignInit(). This function calls the corresponding
50 * sign init routine based on the mechanism.
51 *
52 */
53 CK_RV
54 soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
55 soft_object_t *key_p)
56 {
57
58 switch (pMechanism->mechanism) {
59
60 case CKM_SSL3_MD5_MAC:
61 case CKM_SSL3_SHA1_MAC:
62 case CKM_MD5_HMAC_GENERAL:
63 case CKM_MD5_HMAC:
64 case CKM_SHA_1_HMAC_GENERAL:
65 case CKM_SHA_1_HMAC:
66 case CKM_SHA256_HMAC_GENERAL:
67 case CKM_SHA256_HMAC:
68 case CKM_SHA384_HMAC_GENERAL:
69 case CKM_SHA384_HMAC:
70 case CKM_SHA512_HMAC_GENERAL:
71 case CKM_SHA512_HMAC:
72
73 return (soft_hmac_sign_verify_init_common(session_p,
74 pMechanism, key_p, B_TRUE));
75
76 case CKM_RSA_X_509:
77 case CKM_RSA_PKCS:
78 case CKM_MD5_RSA_PKCS:
79 case CKM_SHA1_RSA_PKCS:
80 case CKM_SHA256_RSA_PKCS:
81 case CKM_SHA384_RSA_PKCS:
82 case CKM_SHA512_RSA_PKCS:
83
84 return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
85 key_p, B_TRUE));
86
87 case CKM_DSA:
88 case CKM_DSA_SHA1:
89
90 return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
91 key_p, B_TRUE));
92
93 case CKM_ECDSA:
94 case CKM_ECDSA_SHA1:
95
96 return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
97 key_p, B_TRUE));
98
99 case CKM_DES_MAC_GENERAL:
100 case CKM_DES_MAC:
101
102 return (soft_des_sign_verify_init_common(session_p, pMechanism,
103 key_p, B_TRUE));
104
105 case CKM_AES_CMAC_GENERAL:
106 case CKM_AES_CMAC:
107
108 return (soft_aes_sign_verify_init_common(session_p, pMechanism,
109 key_p, B_TRUE));
110
111 default:
112 return (CKR_MECHANISM_INVALID);
113 }
114
115 }
116
117
118 /*
119 * soft_sign()
120 *
121 * Arguments:
122 * session_p: pointer to soft_session_t struct
123 * pData: pointer to the input data to be signed
124 * ulDataLen: length of the input data
125 * pSignature: pointer to the signature after signing
126 * pulSignatureLen: pointer to the length of the signature
127 *
128 * Description:
129 * called by C_Sign(). This function calls the corresponding
130 * sign routine based on the mechanism.
131 *
132 */
133 CK_RV
134 soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
135 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
136 CK_ULONG_PTR pulSignatureLen)
137 {
138
139 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
140 CK_RV rv = CKR_OK;
141
142 switch (mechanism) {
143
144 case CKM_SSL3_MD5_MAC:
145 case CKM_SSL3_SHA1_MAC:
146 case CKM_MD5_HMAC_GENERAL:
147 case CKM_MD5_HMAC:
148 case CKM_SHA_1_HMAC_GENERAL:
149 case CKM_SHA_1_HMAC:
150 case CKM_SHA256_HMAC_GENERAL:
151 case CKM_SHA256_HMAC:
152 case CKM_SHA384_HMAC_GENERAL:
153 case CKM_SHA384_HMAC:
154 case CKM_SHA512_HMAC_GENERAL:
155 case CKM_SHA512_HMAC:
156 {
157 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
158
159 if (pSignature != NULL) {
160 /* Pass local buffer to avoid overflow. */
161 rv = soft_hmac_sign_verify_common(session_p, pData,
162 ulDataLen, hmac, pulSignatureLen, B_TRUE);
163 } else {
164 /* Pass original pSignature, let callee to handle it. */
165 rv = soft_hmac_sign_verify_common(session_p, pData,
166 ulDataLen, pSignature, pulSignatureLen, B_TRUE);
167 }
168
169 if ((rv == CKR_OK) && (pSignature != NULL))
170 (void) memcpy(pSignature, hmac, *pulSignatureLen);
171
172 return (rv);
173 }
174 case CKM_DES_MAC_GENERAL:
175 case CKM_DES_MAC:
176 {
177 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
178
179 if (pSignature != NULL) {
180 /* Pass local buffer to avoid overflow. */
181 rv = soft_des_sign_verify_common(session_p, pData,
182 ulDataLen, signature, pulSignatureLen, B_TRUE,
183 B_FALSE);
184 } else {
185 /* Pass NULL, let callee to handle it. */
186 rv = soft_des_sign_verify_common(session_p, pData,
187 ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
188 }
189
190 if ((rv == CKR_OK) && (pSignature != NULL))
191 (void) memcpy(pSignature, signature, *pulSignatureLen);
192
193 return (rv);
194 }
195 case CKM_AES_CMAC_GENERAL:
196 case CKM_AES_CMAC:
197 {
198 CK_BYTE signature[AES_BLOCK_LEN];
199
200 if (pSignature != NULL) {
201 /* Pass local buffer to avoid overflow. */
202 rv = soft_aes_sign_verify_common(session_p, pData,
203 ulDataLen, signature, pulSignatureLen, B_TRUE,
204 B_FALSE);
205 } else {
206 /* Pass NULL, let callee handle it. */
207 rv = soft_aes_sign_verify_common(session_p, pData,
208 ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
209 }
210
211 if ((rv == CKR_OK) && (pSignature != NULL))
212 (void) memcpy(pSignature, signature, *pulSignatureLen);
213
214 return (rv);
215 }
216 case CKM_RSA_X_509:
217 case CKM_RSA_PKCS:
218
219 return (soft_rsa_sign_common(session_p, pData, ulDataLen,
220 pSignature, pulSignatureLen, mechanism));
221
222 case CKM_MD5_RSA_PKCS:
223 case CKM_SHA1_RSA_PKCS:
224 case CKM_SHA256_RSA_PKCS:
225 case CKM_SHA384_RSA_PKCS:
226 case CKM_SHA512_RSA_PKCS:
227
228 return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen,
229 pSignature, pulSignatureLen, mechanism, B_FALSE));
230
231 case CKM_DSA:
232
233 return (soft_dsa_sign(session_p, pData, ulDataLen,
234 pSignature, pulSignatureLen));
235
236 case CKM_DSA_SHA1:
237
238 return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen,
239 pSignature, pulSignatureLen, B_FALSE));
240
241 case CKM_ECDSA:
242
243 return (soft_ecc_sign(session_p, pData, ulDataLen,
244 pSignature, pulSignatureLen));
245
246 case CKM_ECDSA_SHA1:
247
248 return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen,
249 pSignature, pulSignatureLen, B_FALSE));
250
251 default:
252 return (CKR_MECHANISM_INVALID);
253 }
254 }
255
256
257 /*
258 * soft_sign_update()
259 *
260 * Arguments:
261 * session_p: pointer to soft_session_t struct
262 * pPart: pointer to the input data to be signed
263 * ulPartLen: length of the input data
264 *
265 * Description:
266 * called by C_SignUpdate(). This function calls the corresponding
267 * sign update routine based on the mechanism.
268 *
269 */
270 CK_RV
271 soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
272 CK_ULONG ulPartLen)
273 {
274 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
275
276 switch (mechanism) {
277
278 case CKM_SSL3_MD5_MAC:
279 case CKM_SSL3_SHA1_MAC:
280 case CKM_MD5_HMAC_GENERAL:
281 case CKM_MD5_HMAC:
282 case CKM_SHA_1_HMAC_GENERAL:
283 case CKM_SHA_1_HMAC:
284 case CKM_SHA256_HMAC_GENERAL:
285 case CKM_SHA256_HMAC:
286 case CKM_SHA384_HMAC_GENERAL:
287 case CKM_SHA384_HMAC:
288 case CKM_SHA512_HMAC_GENERAL:
289 case CKM_SHA512_HMAC:
290
291 return (soft_hmac_sign_verify_update(session_p, pPart,
292 ulPartLen, B_TRUE));
293
294 case CKM_DES_MAC_GENERAL:
295 case CKM_DES_MAC:
296
297 return (soft_des_mac_sign_verify_update(session_p, pPart,
298 ulPartLen));
299
300 case CKM_AES_CMAC_GENERAL:
301 case CKM_AES_CMAC:
302
303 return (soft_aes_mac_sign_verify_update(session_p, pPart,
304 ulPartLen));
305
306 case CKM_MD5_RSA_PKCS:
307 case CKM_SHA1_RSA_PKCS:
308 case CKM_SHA256_RSA_PKCS:
309 case CKM_SHA384_RSA_PKCS:
310 case CKM_SHA512_RSA_PKCS:
311 /*
312 * The MD5/SHA1 digest value is accumulated in the context
313 * of the multiple-part digesting operation. In the final
314 * operation, the digest is encoded and then perform RSA
315 * signing.
316 */
317 case CKM_DSA_SHA1:
318 case CKM_ECDSA_SHA1:
319
320 return (soft_digest_update(session_p, pPart, ulPartLen));
321
322 default:
323 /* PKCS11: The mechanism only supports single-part operation. */
324 return (CKR_MECHANISM_INVALID);
325 }
326 }
327
328
329 /*
330 * soft_sign_final()
331 *
332 * Arguments:
333 * session_p: pointer to soft_session_t struct
334 * pSignature: pointer to the signature after signing
335 * pulSignatureLen: pointer to the length of the signature
336 *
337 * Description:
338 * called by C_SignFinal(). This function calls the corresponding
339 * sign final routine based on the mechanism.
340 *
341 */
342 CK_RV
343 soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
344 CK_ULONG_PTR pulSignatureLen)
345 {
346
347 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
348 CK_RV rv = CKR_OK;
349
350 switch (mechanism) {
351
352 case CKM_SSL3_MD5_MAC:
353 case CKM_SSL3_SHA1_MAC:
354 case CKM_MD5_HMAC_GENERAL:
355 case CKM_MD5_HMAC:
356 case CKM_SHA_1_HMAC_GENERAL:
357 case CKM_SHA_1_HMAC:
358 case CKM_SHA256_HMAC_GENERAL:
359 case CKM_SHA256_HMAC:
360 case CKM_SHA384_HMAC_GENERAL:
361 case CKM_SHA384_HMAC:
362 case CKM_SHA512_HMAC_GENERAL:
363 case CKM_SHA512_HMAC:
364 {
365 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
366
367 if (pSignature != NULL) {
368 /* Pass local buffer to avoid overflow */
369 rv = soft_hmac_sign_verify_common(session_p, NULL,
370 0, hmac, pulSignatureLen, B_TRUE);
371 } else {
372 /* Pass original pSignature, let callee to handle it. */
373 rv = soft_hmac_sign_verify_common(session_p, NULL,
374 0, pSignature, pulSignatureLen, B_TRUE);
375 }
376
377 if ((rv == CKR_OK) && (pSignature != NULL))
378 (void) memcpy(pSignature, hmac, *pulSignatureLen);
379
380 return (rv);
381 }
382 case CKM_DES_MAC_GENERAL:
383 case CKM_DES_MAC:
384 {
385 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
386
387 if (pSignature != NULL) {
388 /* Pass local buffer to avoid overflow. */
389 rv = soft_des_sign_verify_common(session_p, NULL, 0,
390 signature, pulSignatureLen, B_TRUE, B_TRUE);
391 } else {
392 /* Pass NULL, let callee to handle it. */
393 rv = soft_des_sign_verify_common(session_p, NULL, 0,
394 NULL, pulSignatureLen, B_TRUE, B_TRUE);
395 }
396
397 if ((rv == CKR_OK) && (pSignature != NULL))
398 (void) memcpy(pSignature, signature, *pulSignatureLen);
399
400 return (rv);
401 }
402 case CKM_AES_CMAC_GENERAL:
403 case CKM_AES_CMAC:
404 {
405 CK_BYTE signature[AES_BLOCK_LEN]; /* use the maximum size */
406
407 if (pSignature != NULL) {
408 /* Pass local buffer to avoid overflow. */
409 rv = soft_aes_sign_verify_common(session_p, NULL, 0,
410 signature, pulSignatureLen, B_TRUE, B_TRUE);
411 } else {
412 /* Pass NULL, let callee handle it. */
413 rv = soft_aes_sign_verify_common(session_p, NULL, 0,
414 NULL, pulSignatureLen, B_TRUE, B_TRUE);
415 }
416
417 if ((rv == CKR_OK) && (pSignature != NULL))
418 (void) memcpy(pSignature, signature, *pulSignatureLen);
419
420 return (rv);
421 }
422 case CKM_MD5_RSA_PKCS:
423 case CKM_SHA1_RSA_PKCS:
424 case CKM_SHA256_RSA_PKCS:
425 case CKM_SHA384_RSA_PKCS:
426 case CKM_SHA512_RSA_PKCS:
427
428 return (soft_rsa_digest_sign_common(session_p, NULL, 0,
429 pSignature, pulSignatureLen, mechanism, B_TRUE));
430
431 case CKM_DSA_SHA1:
432
433 return (soft_dsa_digest_sign_common(session_p, NULL, 0,
434 pSignature, pulSignatureLen, B_TRUE));
435
436 case CKM_ECDSA_SHA1:
437
438 return (soft_ecc_digest_sign_common(session_p, NULL, 0,
439 pSignature, pulSignatureLen, B_TRUE));
440
441 default:
442 /* PKCS11: The mechanism only supports single-part operation. */
443 return (CKR_MECHANISM_INVALID);
444 }
445 }
446
447
448 CK_RV
449 soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
450 soft_object_t *key_p)
451 {
452
453 switch (pMechanism->mechanism) {
454
455 case CKM_RSA_X_509:
456 case CKM_RSA_PKCS:
457
458 return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
459 key_p, B_TRUE));
460
461 default:
462 return (CKR_MECHANISM_INVALID);
463 }
464 }
465
466
467 CK_RV
468 soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData,
469 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
470 CK_ULONG_PTR pulSignatureLen)
471 {
472
473 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
474
475 switch (mechanism) {
476
477 case CKM_RSA_X_509:
478 case CKM_RSA_PKCS:
479
480 return (soft_rsa_sign_common(session_p, pData, ulDataLen,
481 pSignature, pulSignatureLen, mechanism));
482
483 default:
484 return (CKR_MECHANISM_INVALID);
485 }
486 }
487
488 /*
489 * This function frees the allocated active crypto context.
490 * It is only called by the first tier of sign/verify routines
491 * and the caller of this function may or may not hold the session mutex.
492 */
493 void
494 soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign,
495 boolean_t lock_held)
496 {
497
498 crypto_active_op_t *active_op;
499 boolean_t lock_true = B_TRUE;
500
501 if (!lock_held)
502 (void) pthread_mutex_lock(&session_p->session_mutex);
503
504 active_op = (sign) ? &(session_p->sign) : &(session_p->verify);
505
506 switch (active_op->mech.mechanism) {
507
508 case CKM_MD5_RSA_PKCS:
509 case CKM_SHA1_RSA_PKCS:
510 case CKM_SHA256_RSA_PKCS:
511 case CKM_SHA384_RSA_PKCS:
512 case CKM_SHA512_RSA_PKCS:
513 if (session_p->digest.context != NULL) {
514 free(session_p->digest.context);
515 session_p->digest.context = NULL;
516 session_p->digest.flags = 0;
517 }
518 /* FALLTHRU */
519
520 case CKM_RSA_PKCS:
521 case CKM_RSA_X_509:
522 {
523 soft_rsa_ctx_t *rsa_ctx =
524 (soft_rsa_ctx_t *)active_op->context;
525
526 if (rsa_ctx != NULL && rsa_ctx->key != NULL) {
527 soft_cleanup_object(rsa_ctx->key);
528 free(rsa_ctx->key);
529 }
530 break;
531
532 }
533 case CKM_DSA_SHA1:
534 if (session_p->digest.context != NULL) {
535 free(session_p->digest.context);
536 session_p->digest.context = NULL;
537 session_p->digest.flags = 0;
538 }
539
540 /* FALLTHRU */
541 case CKM_DSA:
542 {
543 soft_dsa_ctx_t *dsa_ctx =
544 (soft_dsa_ctx_t *)active_op->context;
545
546 if (dsa_ctx != NULL && dsa_ctx->key != NULL) {
547 soft_cleanup_object(dsa_ctx->key);
548 free(dsa_ctx->key);
549 }
550 break;
551
552 }
553 case CKM_SSL3_MD5_MAC:
554 case CKM_SSL3_SHA1_MAC:
555 case CKM_MD5_HMAC_GENERAL:
556 case CKM_MD5_HMAC:
557 case CKM_SHA_1_HMAC_GENERAL:
558 case CKM_SHA_1_HMAC:
559 case CKM_SHA256_HMAC_GENERAL:
560 case CKM_SHA256_HMAC:
561 case CKM_SHA384_HMAC_GENERAL:
562 case CKM_SHA384_HMAC:
563 case CKM_SHA512_HMAC_GENERAL:
564 case CKM_SHA512_HMAC:
565 if (active_op->context != NULL)
566 bzero(active_op->context, sizeof (soft_hmac_ctx_t));
567 break;
568 case CKM_DES_MAC_GENERAL:
569 case CKM_DES_MAC:
570 if (session_p->encrypt.context != NULL) {
571 free(session_p->encrypt.context);
572 session_p->encrypt.context = NULL;
573 session_p->encrypt.flags = 0;
574 }
575 if (active_op->context != NULL)
576 bzero(active_op->context, sizeof (soft_des_ctx_t));
577 break;
578
579 case CKM_AES_CMAC_GENERAL:
580 case CKM_AES_CMAC:
581 if (session_p->encrypt.context != NULL) {
582 free(session_p->encrypt.context);
583 session_p->encrypt.context = NULL;
584 session_p->encrypt.flags = 0;
585 }
586 if (active_op->context != NULL)
587 bzero(active_op->context, sizeof (soft_aes_ctx_t));
588 break;
589
590 }
591
592 if (active_op->context != NULL) {
593 free(active_op->context);
594 active_op->context = NULL;
595 }
596
597 active_op->flags = 0;
598
599 if (!lock_held)
600 SES_REFRELE(session_p, lock_true);
601 }