1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  25  */
  26 
  27 #include <stdlib.h>
  28 #include <strings.h>
  29 #include <sys/types.h>
  30 #include <security/cryptoki.h>
  31 #include "softObject.h"
  32 #include "softOps.h"
  33 #include "softSession.h"
  34 #include "softMAC.h"
  35 #include "softRSA.h"
  36 #include "softDSA.h"
  37 #include "softEC.h"
  38 #include "softCrypt.h"
  39 
  40 /*
  41  * soft_sign_init()
  42  *
  43  * Arguments:
  44  *      session_p:      pointer to soft_session_t struct
  45  *      pMechanism:     pointer to CK_MECHANISM struct provided by application
  46  *      key_p:          pointer to key soft_object_t struct
  47  *
  48  * Description:
  49  *      called by C_SignInit(). This function calls the corresponding
  50  *      sign init routine based on the mechanism.
  51  *
  52  */
  53 CK_RV
  54 soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
  55     soft_object_t *key_p)
  56 {
  57 
  58         switch (pMechanism->mechanism) {
  59 
  60         case CKM_SSL3_MD5_MAC:
  61         case CKM_SSL3_SHA1_MAC:
  62         case CKM_MD5_HMAC_GENERAL:
  63         case CKM_MD5_HMAC:
  64         case CKM_SHA_1_HMAC_GENERAL:
  65         case CKM_SHA_1_HMAC:
  66         case CKM_SHA256_HMAC_GENERAL:
  67         case CKM_SHA256_HMAC:
  68         case CKM_SHA384_HMAC_GENERAL:
  69         case CKM_SHA384_HMAC:
  70         case CKM_SHA512_HMAC_GENERAL:
  71         case CKM_SHA512_HMAC:
  72 
  73                 return (soft_hmac_sign_verify_init_common(session_p,
  74                     pMechanism, key_p, B_TRUE));
  75 
  76         case CKM_RSA_X_509:
  77         case CKM_RSA_PKCS:
  78         case CKM_MD5_RSA_PKCS:
  79         case CKM_SHA1_RSA_PKCS:
  80         case CKM_SHA256_RSA_PKCS:
  81         case CKM_SHA384_RSA_PKCS:
  82         case CKM_SHA512_RSA_PKCS:
  83 
  84                 return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
  85                     key_p, B_TRUE));
  86 
  87         case CKM_DSA:
  88         case CKM_DSA_SHA1:
  89 
  90                 return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
  91                     key_p, B_TRUE));
  92 
  93         case CKM_ECDSA:
  94         case CKM_ECDSA_SHA1:
  95 
  96                 return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
  97                     key_p, B_TRUE));
  98 
  99         case CKM_DES_MAC_GENERAL:
 100         case CKM_DES_MAC:
 101 
 102                 return (soft_des_sign_verify_init_common(session_p, pMechanism,
 103                     key_p, B_TRUE));
 104 
 105         case CKM_AES_CMAC_GENERAL:
 106         case CKM_AES_CMAC:
 107 
 108                 return (soft_aes_sign_verify_init_common(session_p, pMechanism,
 109                     key_p, B_TRUE));
 110 
 111         default:
 112                 return (CKR_MECHANISM_INVALID);
 113         }
 114 
 115 }
 116 
 117 
 118 /*
 119  * soft_sign()
 120  *
 121  * Arguments:
 122  *      session_p:      pointer to soft_session_t struct
 123  *      pData:          pointer to the input data to be signed
 124  *      ulDataLen:      length of the input data
 125  *      pSignature:     pointer to the signature after signing
 126  *      pulSignatureLen: pointer to the length of the signature
 127  *
 128  * Description:
 129  *      called by C_Sign(). This function calls the corresponding
 130  *      sign routine based on the mechanism.
 131  *
 132  */
 133 CK_RV
 134 soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
 135     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
 136     CK_ULONG_PTR pulSignatureLen)
 137 {
 138 
 139         CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
 140         CK_RV rv = CKR_OK;
 141 
 142         switch (mechanism) {
 143 
 144         case CKM_SSL3_MD5_MAC:
 145         case CKM_SSL3_SHA1_MAC:
 146         case CKM_MD5_HMAC_GENERAL:
 147         case CKM_MD5_HMAC:
 148         case CKM_SHA_1_HMAC_GENERAL:
 149         case CKM_SHA_1_HMAC:
 150         case CKM_SHA256_HMAC_GENERAL:
 151         case CKM_SHA256_HMAC:
 152         case CKM_SHA384_HMAC_GENERAL:
 153         case CKM_SHA384_HMAC:
 154         case CKM_SHA512_HMAC_GENERAL:
 155         case CKM_SHA512_HMAC:
 156         {
 157                 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
 158 
 159                 if (pSignature != NULL) {
 160                         /* Pass local buffer to avoid overflow. */
 161                         rv = soft_hmac_sign_verify_common(session_p, pData,
 162                             ulDataLen, hmac, pulSignatureLen, B_TRUE);
 163                 } else {
 164                         /* Pass original pSignature, let callee to handle it. */
 165                         rv = soft_hmac_sign_verify_common(session_p, pData,
 166                             ulDataLen, pSignature, pulSignatureLen, B_TRUE);
 167                 }
 168 
 169                 if ((rv == CKR_OK) && (pSignature != NULL))
 170                         (void) memcpy(pSignature, hmac, *pulSignatureLen);
 171 
 172                 return (rv);
 173         }
 174         case CKM_DES_MAC_GENERAL:
 175         case CKM_DES_MAC:
 176         {
 177                 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
 178 
 179                 if (pSignature != NULL) {
 180                         /* Pass local buffer to avoid overflow. */
 181                         rv = soft_des_sign_verify_common(session_p, pData,
 182                             ulDataLen, signature, pulSignatureLen, B_TRUE,
 183                             B_FALSE);
 184                 } else {
 185                         /* Pass NULL, let callee to handle it. */
 186                         rv = soft_des_sign_verify_common(session_p, pData,
 187                             ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
 188                 }
 189 
 190                 if ((rv == CKR_OK) && (pSignature != NULL))
 191                         (void) memcpy(pSignature, signature, *pulSignatureLen);
 192 
 193                 return (rv);
 194         }
 195         case CKM_AES_CMAC_GENERAL:
 196         case CKM_AES_CMAC:
 197         {
 198                 CK_BYTE signature[AES_BLOCK_LEN];
 199 
 200                 if (pSignature != NULL) {
 201                         /* Pass local buffer to avoid overflow. */
 202                         rv = soft_aes_sign_verify_common(session_p, pData,
 203                             ulDataLen, signature, pulSignatureLen, B_TRUE,
 204                             B_FALSE);
 205                 } else {
 206                         /* Pass NULL, let callee handle it. */
 207                         rv = soft_aes_sign_verify_common(session_p, pData,
 208                             ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
 209                 }
 210 
 211                 if ((rv == CKR_OK) && (pSignature != NULL))
 212                         (void) memcpy(pSignature, signature, *pulSignatureLen);
 213 
 214                 return (rv);
 215         }
 216         case CKM_RSA_X_509:
 217         case CKM_RSA_PKCS:
 218 
 219                 return (soft_rsa_sign_common(session_p, pData, ulDataLen,
 220                     pSignature, pulSignatureLen, mechanism));
 221 
 222         case CKM_MD5_RSA_PKCS:
 223         case CKM_SHA1_RSA_PKCS:
 224         case CKM_SHA256_RSA_PKCS:
 225         case CKM_SHA384_RSA_PKCS:
 226         case CKM_SHA512_RSA_PKCS:
 227 
 228                 return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen,
 229                     pSignature, pulSignatureLen, mechanism, B_FALSE));
 230 
 231         case CKM_DSA:
 232 
 233                 return (soft_dsa_sign(session_p, pData, ulDataLen,
 234                     pSignature, pulSignatureLen));
 235 
 236         case CKM_DSA_SHA1:
 237 
 238                 return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen,
 239                     pSignature, pulSignatureLen, B_FALSE));
 240 
 241         case CKM_ECDSA:
 242 
 243                 return (soft_ecc_sign(session_p, pData, ulDataLen,
 244                     pSignature, pulSignatureLen));
 245 
 246         case CKM_ECDSA_SHA1:
 247 
 248                 return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen,
 249                     pSignature, pulSignatureLen, B_FALSE));
 250 
 251         default:
 252                 return (CKR_MECHANISM_INVALID);
 253         }
 254 }
 255 
 256 
 257 /*
 258  * soft_sign_update()
 259  *
 260  * Arguments:
 261  *      session_p:      pointer to soft_session_t struct
 262  *      pPart:          pointer to the input data to be signed
 263  *      ulPartLen:      length of the input data
 264  *
 265  * Description:
 266  *      called by C_SignUpdate(). This function calls the corresponding
 267  *      sign update routine based on the mechanism.
 268  *
 269  */
 270 CK_RV
 271 soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
 272     CK_ULONG ulPartLen)
 273 {
 274         CK_MECHANISM_TYPE       mechanism = session_p->sign.mech.mechanism;
 275 
 276         switch (mechanism) {
 277 
 278         case CKM_SSL3_MD5_MAC:
 279         case CKM_SSL3_SHA1_MAC:
 280         case CKM_MD5_HMAC_GENERAL:
 281         case CKM_MD5_HMAC:
 282         case CKM_SHA_1_HMAC_GENERAL:
 283         case CKM_SHA_1_HMAC:
 284         case CKM_SHA256_HMAC_GENERAL:
 285         case CKM_SHA256_HMAC:
 286         case CKM_SHA384_HMAC_GENERAL:
 287         case CKM_SHA384_HMAC:
 288         case CKM_SHA512_HMAC_GENERAL:
 289         case CKM_SHA512_HMAC:
 290 
 291                 return (soft_hmac_sign_verify_update(session_p, pPart,
 292                     ulPartLen, B_TRUE));
 293 
 294         case CKM_DES_MAC_GENERAL:
 295         case CKM_DES_MAC:
 296 
 297                 return (soft_des_mac_sign_verify_update(session_p, pPart,
 298                     ulPartLen));
 299 
 300         case CKM_AES_CMAC_GENERAL:
 301         case CKM_AES_CMAC:
 302 
 303                 return (soft_aes_mac_sign_verify_update(session_p, pPart,
 304                     ulPartLen));
 305 
 306         case CKM_MD5_RSA_PKCS:
 307         case CKM_SHA1_RSA_PKCS:
 308         case CKM_SHA256_RSA_PKCS:
 309         case CKM_SHA384_RSA_PKCS:
 310         case CKM_SHA512_RSA_PKCS:
 311                 /*
 312                  * The MD5/SHA1 digest value is accumulated in the context
 313                  * of the multiple-part digesting operation. In the final
 314                  * operation, the digest is encoded and then perform RSA
 315                  * signing.
 316                  */
 317         case CKM_DSA_SHA1:
 318         case CKM_ECDSA_SHA1:
 319 
 320                 return (soft_digest_update(session_p, pPart, ulPartLen));
 321 
 322         default:
 323                 /* PKCS11: The mechanism only supports single-part operation. */
 324                 return (CKR_MECHANISM_INVALID);
 325         }
 326 }
 327 
 328 
 329 /*
 330  * soft_sign_final()
 331  *
 332  * Arguments:
 333  *      session_p:      pointer to soft_session_t struct
 334  *      pSignature:     pointer to the signature after signing
 335  *      pulSignatureLen: pointer to the length of the signature
 336  *
 337  * Description:
 338  *      called by C_SignFinal(). This function calls the corresponding
 339  *      sign final routine based on the mechanism.
 340  *
 341  */
 342 CK_RV
 343 soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
 344     CK_ULONG_PTR pulSignatureLen)
 345 {
 346 
 347         CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
 348         CK_RV rv = CKR_OK;
 349 
 350         switch (mechanism) {
 351 
 352         case CKM_SSL3_MD5_MAC:
 353         case CKM_SSL3_SHA1_MAC:
 354         case CKM_MD5_HMAC_GENERAL:
 355         case CKM_MD5_HMAC:
 356         case CKM_SHA_1_HMAC_GENERAL:
 357         case CKM_SHA_1_HMAC:
 358         case CKM_SHA256_HMAC_GENERAL:
 359         case CKM_SHA256_HMAC:
 360         case CKM_SHA384_HMAC_GENERAL:
 361         case CKM_SHA384_HMAC:
 362         case CKM_SHA512_HMAC_GENERAL:
 363         case CKM_SHA512_HMAC:
 364         {
 365                 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
 366 
 367                 if (pSignature != NULL) {
 368                         /* Pass local buffer to avoid overflow */
 369                         rv = soft_hmac_sign_verify_common(session_p, NULL,
 370                             0, hmac, pulSignatureLen, B_TRUE);
 371                 } else {
 372                         /* Pass original pSignature, let callee to handle it. */
 373                         rv = soft_hmac_sign_verify_common(session_p, NULL,
 374                             0, pSignature, pulSignatureLen, B_TRUE);
 375                 }
 376 
 377                 if ((rv == CKR_OK) && (pSignature != NULL))
 378                         (void) memcpy(pSignature, hmac, *pulSignatureLen);
 379 
 380                 return (rv);
 381         }
 382         case CKM_DES_MAC_GENERAL:
 383         case CKM_DES_MAC:
 384         {
 385                 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
 386 
 387                 if (pSignature != NULL) {
 388                         /* Pass local buffer to avoid overflow. */
 389                         rv = soft_des_sign_verify_common(session_p, NULL, 0,
 390                             signature, pulSignatureLen, B_TRUE, B_TRUE);
 391                 } else {
 392                         /* Pass NULL, let callee to handle it. */
 393                         rv = soft_des_sign_verify_common(session_p, NULL, 0,
 394                             NULL, pulSignatureLen, B_TRUE, B_TRUE);
 395                 }
 396 
 397                 if ((rv == CKR_OK) && (pSignature != NULL))
 398                         (void) memcpy(pSignature, signature, *pulSignatureLen);
 399 
 400                 return (rv);
 401         }
 402         case CKM_AES_CMAC_GENERAL:
 403         case CKM_AES_CMAC:
 404         {
 405                 CK_BYTE signature[AES_BLOCK_LEN]; /* use the maximum size */
 406 
 407                 if (pSignature != NULL) {
 408                         /* Pass local buffer to avoid overflow. */
 409                         rv = soft_aes_sign_verify_common(session_p, NULL, 0,
 410                             signature, pulSignatureLen, B_TRUE, B_TRUE);
 411                 } else {
 412                         /* Pass NULL, let callee handle it. */
 413                         rv = soft_aes_sign_verify_common(session_p, NULL, 0,
 414                             NULL, pulSignatureLen, B_TRUE, B_TRUE);
 415                 }
 416 
 417                 if ((rv == CKR_OK) && (pSignature != NULL))
 418                         (void) memcpy(pSignature, signature, *pulSignatureLen);
 419 
 420                 return (rv);
 421         }
 422         case CKM_MD5_RSA_PKCS:
 423         case CKM_SHA1_RSA_PKCS:
 424         case CKM_SHA256_RSA_PKCS:
 425         case CKM_SHA384_RSA_PKCS:
 426         case CKM_SHA512_RSA_PKCS:
 427 
 428                 return (soft_rsa_digest_sign_common(session_p, NULL, 0,
 429                     pSignature, pulSignatureLen, mechanism, B_TRUE));
 430 
 431         case CKM_DSA_SHA1:
 432 
 433                 return (soft_dsa_digest_sign_common(session_p, NULL, 0,
 434                     pSignature, pulSignatureLen, B_TRUE));
 435 
 436         case CKM_ECDSA_SHA1:
 437 
 438                 return (soft_ecc_digest_sign_common(session_p, NULL, 0,
 439                     pSignature, pulSignatureLen, B_TRUE));
 440 
 441         default:
 442                 /* PKCS11: The mechanism only supports single-part operation. */
 443                 return (CKR_MECHANISM_INVALID);
 444         }
 445 }
 446 
 447 
 448 CK_RV
 449 soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
 450     soft_object_t *key_p)
 451 {
 452 
 453         switch (pMechanism->mechanism) {
 454 
 455         case CKM_RSA_X_509:
 456         case CKM_RSA_PKCS:
 457 
 458                 return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
 459                     key_p, B_TRUE));
 460 
 461         default:
 462                 return (CKR_MECHANISM_INVALID);
 463         }
 464 }
 465 
 466 
 467 CK_RV
 468 soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData,
 469     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
 470     CK_ULONG_PTR pulSignatureLen)
 471 {
 472 
 473         CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
 474 
 475         switch (mechanism) {
 476 
 477         case CKM_RSA_X_509:
 478         case CKM_RSA_PKCS:
 479 
 480                 return (soft_rsa_sign_common(session_p, pData, ulDataLen,
 481                     pSignature, pulSignatureLen, mechanism));
 482 
 483         default:
 484                 return (CKR_MECHANISM_INVALID);
 485         }
 486 }
 487 
 488 /*
 489  * This function frees the allocated active crypto context.
 490  * It is only called by the first tier of sign/verify routines
 491  * and the caller of this function may or may not hold the session mutex.
 492  */
 493 void
 494 soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign,
 495     boolean_t lock_held)
 496 {
 497 
 498         crypto_active_op_t *active_op;
 499         boolean_t lock_true = B_TRUE;
 500 
 501         if (!lock_held)
 502                 (void) pthread_mutex_lock(&session_p->session_mutex);
 503 
 504         active_op = (sign) ? &(session_p->sign) : &(session_p->verify);
 505 
 506         switch (active_op->mech.mechanism) {
 507 
 508         case CKM_MD5_RSA_PKCS:
 509         case CKM_SHA1_RSA_PKCS:
 510         case CKM_SHA256_RSA_PKCS:
 511         case CKM_SHA384_RSA_PKCS:
 512         case CKM_SHA512_RSA_PKCS:
 513                 if (session_p->digest.context != NULL) {
 514                         free(session_p->digest.context);
 515                         session_p->digest.context = NULL;
 516                         session_p->digest.flags = 0;
 517                 }
 518                 /* FALLTHRU */
 519 
 520         case CKM_RSA_PKCS:
 521         case CKM_RSA_X_509:
 522         {
 523                 soft_rsa_ctx_t *rsa_ctx =
 524                     (soft_rsa_ctx_t *)active_op->context;
 525 
 526                 if (rsa_ctx != NULL && rsa_ctx->key != NULL) {
 527                         soft_cleanup_object(rsa_ctx->key);
 528                         free(rsa_ctx->key);
 529                 }
 530                 break;
 531 
 532         }
 533         case CKM_DSA_SHA1:
 534                 if (session_p->digest.context != NULL) {
 535                         free(session_p->digest.context);
 536                         session_p->digest.context = NULL;
 537                         session_p->digest.flags = 0;
 538                 }
 539 
 540                 /* FALLTHRU */
 541         case CKM_DSA:
 542         {
 543                 soft_dsa_ctx_t *dsa_ctx =
 544                     (soft_dsa_ctx_t *)active_op->context;
 545 
 546                 if (dsa_ctx != NULL && dsa_ctx->key != NULL) {
 547                         soft_cleanup_object(dsa_ctx->key);
 548                         free(dsa_ctx->key);
 549                 }
 550                 break;
 551 
 552         }
 553         case CKM_SSL3_MD5_MAC:
 554         case CKM_SSL3_SHA1_MAC:
 555         case CKM_MD5_HMAC_GENERAL:
 556         case CKM_MD5_HMAC:
 557         case CKM_SHA_1_HMAC_GENERAL:
 558         case CKM_SHA_1_HMAC:
 559         case CKM_SHA256_HMAC_GENERAL:
 560         case CKM_SHA256_HMAC:
 561         case CKM_SHA384_HMAC_GENERAL:
 562         case CKM_SHA384_HMAC:
 563         case CKM_SHA512_HMAC_GENERAL:
 564         case CKM_SHA512_HMAC:
 565                 if (active_op->context != NULL)
 566                         bzero(active_op->context, sizeof (soft_hmac_ctx_t));
 567                 break;
 568         case CKM_DES_MAC_GENERAL:
 569         case CKM_DES_MAC:
 570                 if (session_p->encrypt.context != NULL) {
 571                         free(session_p->encrypt.context);
 572                         session_p->encrypt.context = NULL;
 573                         session_p->encrypt.flags = 0;
 574                 }
 575                 if (active_op->context != NULL)
 576                         bzero(active_op->context, sizeof (soft_des_ctx_t));
 577                 break;
 578 
 579         case CKM_AES_CMAC_GENERAL:
 580         case CKM_AES_CMAC:
 581                 if (session_p->encrypt.context != NULL) {
 582                         free(session_p->encrypt.context);
 583                         session_p->encrypt.context = NULL;
 584                         session_p->encrypt.flags = 0;
 585                 }
 586                 if (active_op->context != NULL)
 587                         bzero(active_op->context, sizeof (soft_aes_ctx_t));
 588                 break;
 589 
 590         }
 591 
 592         if (active_op->context != NULL) {
 593                 free(active_op->context);
 594                 active_op->context = NULL;
 595         }
 596 
 597         active_op->flags = 0;
 598 
 599         if (!lock_held)
 600                 SES_REFRELE(session_p, lock_true);
 601 }