10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
52940Sizick * Common Development and Distribution License (the "License").
62940Sizick * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
22*5697Smcpowers * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
270Sstevel@tonic-gate
280Sstevel@tonic-gate #include <stdlib.h>
290Sstevel@tonic-gate #include <strings.h>
300Sstevel@tonic-gate #include <sys/types.h>
310Sstevel@tonic-gate #include <security/cryptoki.h>
320Sstevel@tonic-gate #include "softObject.h"
330Sstevel@tonic-gate #include "softOps.h"
340Sstevel@tonic-gate #include "softSession.h"
350Sstevel@tonic-gate #include "softMAC.h"
360Sstevel@tonic-gate #include "softRSA.h"
370Sstevel@tonic-gate #include "softDSA.h"
38*5697Smcpowers #include "softEC.h"
390Sstevel@tonic-gate #include "softCrypt.h"
400Sstevel@tonic-gate
410Sstevel@tonic-gate /*
420Sstevel@tonic-gate * soft_sign_init()
430Sstevel@tonic-gate *
440Sstevel@tonic-gate * Arguments:
450Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
460Sstevel@tonic-gate * pMechanism: pointer to CK_MECHANISM struct provided by application
470Sstevel@tonic-gate * key_p: pointer to key soft_object_t struct
480Sstevel@tonic-gate *
490Sstevel@tonic-gate * Description:
500Sstevel@tonic-gate * called by C_SignInit(). This function calls the corresponding
510Sstevel@tonic-gate * sign init routine based on the mechanism.
520Sstevel@tonic-gate *
530Sstevel@tonic-gate */
540Sstevel@tonic-gate CK_RV
soft_sign_init(soft_session_t * session_p,CK_MECHANISM_PTR pMechanism,soft_object_t * key_p)550Sstevel@tonic-gate soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
560Sstevel@tonic-gate soft_object_t *key_p)
570Sstevel@tonic-gate {
580Sstevel@tonic-gate
590Sstevel@tonic-gate switch (pMechanism->mechanism) {
600Sstevel@tonic-gate
610Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
620Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
630Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
640Sstevel@tonic-gate case CKM_MD5_HMAC:
650Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
660Sstevel@tonic-gate case CKM_SHA_1_HMAC:
67676Sizick case CKM_SHA256_HMAC_GENERAL:
68676Sizick case CKM_SHA256_HMAC:
69676Sizick case CKM_SHA384_HMAC_GENERAL:
70676Sizick case CKM_SHA384_HMAC:
71676Sizick case CKM_SHA512_HMAC_GENERAL:
72676Sizick case CKM_SHA512_HMAC:
730Sstevel@tonic-gate
740Sstevel@tonic-gate return (soft_hmac_sign_verify_init_common(session_p,
750Sstevel@tonic-gate pMechanism, key_p, B_TRUE));
760Sstevel@tonic-gate
770Sstevel@tonic-gate case CKM_RSA_X_509:
780Sstevel@tonic-gate case CKM_RSA_PKCS:
790Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
800Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
81676Sizick case CKM_SHA256_RSA_PKCS:
82676Sizick case CKM_SHA384_RSA_PKCS:
83676Sizick case CKM_SHA512_RSA_PKCS:
840Sstevel@tonic-gate
850Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
860Sstevel@tonic-gate key_p, B_TRUE));
870Sstevel@tonic-gate
880Sstevel@tonic-gate case CKM_DSA:
890Sstevel@tonic-gate case CKM_DSA_SHA1:
900Sstevel@tonic-gate
910Sstevel@tonic-gate return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
920Sstevel@tonic-gate key_p, B_TRUE));
930Sstevel@tonic-gate
94*5697Smcpowers case CKM_ECDSA:
95*5697Smcpowers case CKM_ECDSA_SHA1:
96*5697Smcpowers
97*5697Smcpowers return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
98*5697Smcpowers key_p, B_TRUE));
99*5697Smcpowers
1000Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
1010Sstevel@tonic-gate case CKM_DES_MAC:
1020Sstevel@tonic-gate
1030Sstevel@tonic-gate return (soft_des_sign_verify_init_common(session_p, pMechanism,
1040Sstevel@tonic-gate key_p, B_TRUE));
1050Sstevel@tonic-gate
1060Sstevel@tonic-gate default:
1070Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
1080Sstevel@tonic-gate }
1090Sstevel@tonic-gate
1100Sstevel@tonic-gate }
1110Sstevel@tonic-gate
1120Sstevel@tonic-gate
1130Sstevel@tonic-gate /*
1140Sstevel@tonic-gate * soft_sign()
1150Sstevel@tonic-gate *
1160Sstevel@tonic-gate * Arguments:
1170Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
1180Sstevel@tonic-gate * pData: pointer to the input data to be signed
1190Sstevel@tonic-gate * ulDataLen: length of the input data
1200Sstevel@tonic-gate * pSignature: pointer to the signature after signing
1210Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature
1220Sstevel@tonic-gate *
1230Sstevel@tonic-gate * Description:
1240Sstevel@tonic-gate * called by C_Sign(). This function calls the corresponding
1250Sstevel@tonic-gate * sign routine based on the mechanism.
1260Sstevel@tonic-gate *
1270Sstevel@tonic-gate */
1280Sstevel@tonic-gate CK_RV
soft_sign(soft_session_t * session_p,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)1290Sstevel@tonic-gate soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
1300Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
1310Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen)
1320Sstevel@tonic-gate {
1330Sstevel@tonic-gate
1340Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
1350Sstevel@tonic-gate CK_RV rv = CKR_OK;
1360Sstevel@tonic-gate
1370Sstevel@tonic-gate switch (mechanism) {
1380Sstevel@tonic-gate
1390Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
1400Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
1410Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
1420Sstevel@tonic-gate case CKM_MD5_HMAC:
1430Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
1440Sstevel@tonic-gate case CKM_SHA_1_HMAC:
145676Sizick case CKM_SHA256_HMAC_GENERAL:
146676Sizick case CKM_SHA256_HMAC:
147676Sizick case CKM_SHA384_HMAC_GENERAL:
148676Sizick case CKM_SHA384_HMAC:
149676Sizick case CKM_SHA512_HMAC_GENERAL:
150676Sizick case CKM_SHA512_HMAC:
1510Sstevel@tonic-gate {
152676Sizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
1530Sstevel@tonic-gate
1540Sstevel@tonic-gate if (pSignature != NULL) {
1550Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */
1560Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData,
1570Sstevel@tonic-gate ulDataLen, hmac, pulSignatureLen, B_TRUE);
1580Sstevel@tonic-gate } else {
1590Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */
1600Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, pData,
1610Sstevel@tonic-gate ulDataLen, pSignature, pulSignatureLen, B_TRUE);
1620Sstevel@tonic-gate }
1630Sstevel@tonic-gate
1640Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
1650Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen);
1660Sstevel@tonic-gate
1670Sstevel@tonic-gate return (rv);
1680Sstevel@tonic-gate }
1690Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
1700Sstevel@tonic-gate case CKM_DES_MAC:
1710Sstevel@tonic-gate {
1720Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
1730Sstevel@tonic-gate
1740Sstevel@tonic-gate if (pSignature != NULL) {
1750Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */
1760Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData,
177*5697Smcpowers ulDataLen, signature, pulSignatureLen, B_TRUE,
178*5697Smcpowers B_FALSE);
1790Sstevel@tonic-gate } else {
1800Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */
1810Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, pData,
182*5697Smcpowers ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
1830Sstevel@tonic-gate }
1840Sstevel@tonic-gate
1850Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
1860Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen);
1870Sstevel@tonic-gate
1880Sstevel@tonic-gate return (rv);
1890Sstevel@tonic-gate }
1900Sstevel@tonic-gate case CKM_RSA_X_509:
1910Sstevel@tonic-gate case CKM_RSA_PKCS:
1920Sstevel@tonic-gate
1930Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen,
1940Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism));
1950Sstevel@tonic-gate
1960Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
1970Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
198676Sizick case CKM_SHA256_RSA_PKCS:
199676Sizick case CKM_SHA384_RSA_PKCS:
200676Sizick case CKM_SHA512_RSA_PKCS:
2010Sstevel@tonic-gate
2020Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen,
2030Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_FALSE));
2040Sstevel@tonic-gate
2050Sstevel@tonic-gate case CKM_DSA:
2060Sstevel@tonic-gate
2070Sstevel@tonic-gate return (soft_dsa_sign(session_p, pData, ulDataLen,
2080Sstevel@tonic-gate pSignature, pulSignatureLen));
2090Sstevel@tonic-gate
2100Sstevel@tonic-gate case CKM_DSA_SHA1:
2110Sstevel@tonic-gate
2120Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen,
2130Sstevel@tonic-gate pSignature, pulSignatureLen, B_FALSE));
2140Sstevel@tonic-gate
215*5697Smcpowers case CKM_ECDSA:
216*5697Smcpowers
217*5697Smcpowers return (soft_ecc_sign(session_p, pData, ulDataLen,
218*5697Smcpowers pSignature, pulSignatureLen));
219*5697Smcpowers
220*5697Smcpowers case CKM_ECDSA_SHA1:
221*5697Smcpowers
222*5697Smcpowers return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen,
223*5697Smcpowers pSignature, pulSignatureLen, B_FALSE));
224*5697Smcpowers
2250Sstevel@tonic-gate default:
2260Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
2270Sstevel@tonic-gate }
2280Sstevel@tonic-gate }
2290Sstevel@tonic-gate
2300Sstevel@tonic-gate
2310Sstevel@tonic-gate /*
2320Sstevel@tonic-gate * soft_sign_update()
2330Sstevel@tonic-gate *
2340Sstevel@tonic-gate * Arguments:
2350Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
2360Sstevel@tonic-gate * pPart: pointer to the input data to be signed
2370Sstevel@tonic-gate * ulPartLen: length of the input data
2380Sstevel@tonic-gate *
2390Sstevel@tonic-gate * Description:
2400Sstevel@tonic-gate * called by C_SignUpdate(). This function calls the corresponding
2410Sstevel@tonic-gate * sign update routine based on the mechanism.
2420Sstevel@tonic-gate *
2430Sstevel@tonic-gate */
2440Sstevel@tonic-gate CK_RV
soft_sign_update(soft_session_t * session_p,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)2450Sstevel@tonic-gate soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
2460Sstevel@tonic-gate CK_ULONG ulPartLen)
2470Sstevel@tonic-gate {
2480Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
2490Sstevel@tonic-gate
2500Sstevel@tonic-gate switch (mechanism) {
2510Sstevel@tonic-gate
2520Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
2530Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
2540Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
2550Sstevel@tonic-gate case CKM_MD5_HMAC:
2560Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
2570Sstevel@tonic-gate case CKM_SHA_1_HMAC:
258676Sizick case CKM_SHA256_HMAC_GENERAL:
259676Sizick case CKM_SHA256_HMAC:
260676Sizick case CKM_SHA384_HMAC_GENERAL:
261676Sizick case CKM_SHA384_HMAC:
262676Sizick case CKM_SHA512_HMAC_GENERAL:
263676Sizick case CKM_SHA512_HMAC:
2640Sstevel@tonic-gate
2650Sstevel@tonic-gate return (soft_hmac_sign_verify_update(session_p, pPart,
2660Sstevel@tonic-gate ulPartLen, B_TRUE));
2670Sstevel@tonic-gate
2680Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
2690Sstevel@tonic-gate case CKM_DES_MAC:
2700Sstevel@tonic-gate
2710Sstevel@tonic-gate return (soft_des_mac_sign_verify_update(session_p, pPart,
2720Sstevel@tonic-gate ulPartLen));
2730Sstevel@tonic-gate
2740Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
2750Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
276676Sizick case CKM_SHA256_RSA_PKCS:
277676Sizick case CKM_SHA384_RSA_PKCS:
278676Sizick case CKM_SHA512_RSA_PKCS:
2790Sstevel@tonic-gate /*
2800Sstevel@tonic-gate * The MD5/SHA1 digest value is accumulated in the context
2810Sstevel@tonic-gate * of the multiple-part digesting operation. In the final
2820Sstevel@tonic-gate * operation, the digest is encoded and then perform RSA
2830Sstevel@tonic-gate * signing.
2840Sstevel@tonic-gate */
2850Sstevel@tonic-gate case CKM_DSA_SHA1:
286*5697Smcpowers case CKM_ECDSA_SHA1:
2870Sstevel@tonic-gate
2880Sstevel@tonic-gate return (soft_digest_update(session_p, pPart, ulPartLen));
2890Sstevel@tonic-gate
2900Sstevel@tonic-gate default:
2910Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */
2920Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
2930Sstevel@tonic-gate }
2940Sstevel@tonic-gate }
2950Sstevel@tonic-gate
2960Sstevel@tonic-gate
2970Sstevel@tonic-gate /*
2980Sstevel@tonic-gate * soft_sign_final()
2990Sstevel@tonic-gate *
3000Sstevel@tonic-gate * Arguments:
3010Sstevel@tonic-gate * session_p: pointer to soft_session_t struct
3020Sstevel@tonic-gate * pSignature: pointer to the signature after signing
3030Sstevel@tonic-gate * pulSignatureLen: pointer to the length of the signature
3040Sstevel@tonic-gate *
3050Sstevel@tonic-gate * Description:
3060Sstevel@tonic-gate * called by C_SignFinal(). This function calls the corresponding
3070Sstevel@tonic-gate * sign final routine based on the mechanism.
3080Sstevel@tonic-gate *
3090Sstevel@tonic-gate */
3100Sstevel@tonic-gate CK_RV
soft_sign_final(soft_session_t * session_p,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)3110Sstevel@tonic-gate soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
3120Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen)
3130Sstevel@tonic-gate {
3140Sstevel@tonic-gate
3150Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
3160Sstevel@tonic-gate CK_RV rv = CKR_OK;
3170Sstevel@tonic-gate
3180Sstevel@tonic-gate switch (mechanism) {
3190Sstevel@tonic-gate
3200Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
3210Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
3220Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
3230Sstevel@tonic-gate case CKM_MD5_HMAC:
3240Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
3250Sstevel@tonic-gate case CKM_SHA_1_HMAC:
326676Sizick case CKM_SHA256_HMAC_GENERAL:
327676Sizick case CKM_SHA256_HMAC:
328676Sizick case CKM_SHA384_HMAC_GENERAL:
329676Sizick case CKM_SHA384_HMAC:
330676Sizick case CKM_SHA512_HMAC_GENERAL:
331676Sizick case CKM_SHA512_HMAC:
3320Sstevel@tonic-gate {
333676Sizick CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
3340Sstevel@tonic-gate
3350Sstevel@tonic-gate if (pSignature != NULL) {
3360Sstevel@tonic-gate /* Pass local buffer to avoid overflow */
3370Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL,
3380Sstevel@tonic-gate 0, hmac, pulSignatureLen, B_TRUE);
3390Sstevel@tonic-gate } else {
3400Sstevel@tonic-gate /* Pass original pSignature, let callee to handle it. */
3410Sstevel@tonic-gate rv = soft_hmac_sign_verify_common(session_p, NULL,
3420Sstevel@tonic-gate 0, pSignature, pulSignatureLen, B_TRUE);
3430Sstevel@tonic-gate }
3440Sstevel@tonic-gate
3450Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
3460Sstevel@tonic-gate (void) memcpy(pSignature, hmac, *pulSignatureLen);
3470Sstevel@tonic-gate
3480Sstevel@tonic-gate return (rv);
3490Sstevel@tonic-gate }
3500Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
3510Sstevel@tonic-gate case CKM_DES_MAC:
3520Sstevel@tonic-gate {
3530Sstevel@tonic-gate CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
3540Sstevel@tonic-gate
3550Sstevel@tonic-gate if (pSignature != NULL) {
3560Sstevel@tonic-gate /* Pass local buffer to avoid overflow. */
3570Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0,
358*5697Smcpowers signature, pulSignatureLen, B_TRUE, B_TRUE);
3590Sstevel@tonic-gate } else {
3600Sstevel@tonic-gate /* Pass NULL, let callee to handle it. */
3610Sstevel@tonic-gate rv = soft_des_sign_verify_common(session_p, NULL, 0,
362*5697Smcpowers NULL, pulSignatureLen, B_TRUE, B_TRUE);
3630Sstevel@tonic-gate }
3640Sstevel@tonic-gate
3650Sstevel@tonic-gate if ((rv == CKR_OK) && (pSignature != NULL))
3660Sstevel@tonic-gate (void) memcpy(pSignature, signature, *pulSignatureLen);
3670Sstevel@tonic-gate
3680Sstevel@tonic-gate return (rv);
3690Sstevel@tonic-gate }
3700Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
3710Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
372676Sizick case CKM_SHA256_RSA_PKCS:
373676Sizick case CKM_SHA384_RSA_PKCS:
374676Sizick case CKM_SHA512_RSA_PKCS:
3750Sstevel@tonic-gate
3760Sstevel@tonic-gate return (soft_rsa_digest_sign_common(session_p, NULL, 0,
3770Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism, B_TRUE));
3780Sstevel@tonic-gate
3790Sstevel@tonic-gate case CKM_DSA_SHA1:
3800Sstevel@tonic-gate
3810Sstevel@tonic-gate return (soft_dsa_digest_sign_common(session_p, NULL, 0,
3820Sstevel@tonic-gate pSignature, pulSignatureLen, B_TRUE));
3830Sstevel@tonic-gate
384*5697Smcpowers case CKM_ECDSA_SHA1:
385*5697Smcpowers
386*5697Smcpowers return (soft_ecc_digest_sign_common(session_p, NULL, 0,
387*5697Smcpowers pSignature, pulSignatureLen, B_TRUE));
388*5697Smcpowers
3890Sstevel@tonic-gate default:
3900Sstevel@tonic-gate /* PKCS11: The mechanism only supports single-part operation. */
3910Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
3920Sstevel@tonic-gate }
3930Sstevel@tonic-gate }
3940Sstevel@tonic-gate
3950Sstevel@tonic-gate
3960Sstevel@tonic-gate CK_RV
soft_sign_recover_init(soft_session_t * session_p,CK_MECHANISM_PTR pMechanism,soft_object_t * key_p)3970Sstevel@tonic-gate soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
3980Sstevel@tonic-gate soft_object_t *key_p)
3990Sstevel@tonic-gate {
4000Sstevel@tonic-gate
4010Sstevel@tonic-gate switch (pMechanism->mechanism) {
4020Sstevel@tonic-gate
4030Sstevel@tonic-gate case CKM_RSA_X_509:
4040Sstevel@tonic-gate case CKM_RSA_PKCS:
4050Sstevel@tonic-gate
4060Sstevel@tonic-gate return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
4070Sstevel@tonic-gate key_p, B_TRUE));
4080Sstevel@tonic-gate
4090Sstevel@tonic-gate default:
4100Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
4110Sstevel@tonic-gate }
4120Sstevel@tonic-gate }
4130Sstevel@tonic-gate
4140Sstevel@tonic-gate
4150Sstevel@tonic-gate CK_RV
soft_sign_recover(soft_session_t * session_p,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)4160Sstevel@tonic-gate soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData,
4170Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
4180Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen)
4190Sstevel@tonic-gate {
4200Sstevel@tonic-gate
4210Sstevel@tonic-gate CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
4220Sstevel@tonic-gate
4230Sstevel@tonic-gate switch (mechanism) {
4240Sstevel@tonic-gate
4250Sstevel@tonic-gate case CKM_RSA_X_509:
4260Sstevel@tonic-gate case CKM_RSA_PKCS:
4270Sstevel@tonic-gate
4280Sstevel@tonic-gate return (soft_rsa_sign_common(session_p, pData, ulDataLen,
4290Sstevel@tonic-gate pSignature, pulSignatureLen, mechanism));
4300Sstevel@tonic-gate
4310Sstevel@tonic-gate default:
4320Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
4330Sstevel@tonic-gate }
4340Sstevel@tonic-gate }
4350Sstevel@tonic-gate
4360Sstevel@tonic-gate /*
4370Sstevel@tonic-gate * This function frees the allocated active crypto context.
4380Sstevel@tonic-gate * It is only called by the first tier of sign/verify routines
4390Sstevel@tonic-gate * and the caller of this function may or may not hold the session mutex.
4400Sstevel@tonic-gate */
4410Sstevel@tonic-gate void
soft_sign_verify_cleanup(soft_session_t * session_p,boolean_t sign,boolean_t lock_held)4420Sstevel@tonic-gate soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign,
4430Sstevel@tonic-gate boolean_t lock_held)
4440Sstevel@tonic-gate {
4450Sstevel@tonic-gate
4460Sstevel@tonic-gate crypto_active_op_t *active_op;
4470Sstevel@tonic-gate boolean_t lock_true = B_TRUE;
4480Sstevel@tonic-gate
4490Sstevel@tonic-gate if (!lock_held)
4500Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
4510Sstevel@tonic-gate
4520Sstevel@tonic-gate active_op = (sign) ? &(session_p->sign) : &(session_p->verify);
4530Sstevel@tonic-gate
4540Sstevel@tonic-gate switch (active_op->mech.mechanism) {
4550Sstevel@tonic-gate
4560Sstevel@tonic-gate case CKM_MD5_RSA_PKCS:
4570Sstevel@tonic-gate case CKM_SHA1_RSA_PKCS:
458676Sizick case CKM_SHA256_RSA_PKCS:
459676Sizick case CKM_SHA384_RSA_PKCS:
460676Sizick case CKM_SHA512_RSA_PKCS:
4612940Sizick if (session_p->digest.context != NULL) {
4622940Sizick free(session_p->digest.context);
4632940Sizick session_p->digest.context = NULL;
4642940Sizick session_p->digest.flags = 0;
4652940Sizick }
4662940Sizick /* FALLTHRU */
4672940Sizick
4682940Sizick case CKM_RSA_PKCS:
4692940Sizick case CKM_RSA_X_509:
4702940Sizick {
4712940Sizick soft_rsa_ctx_t *rsa_ctx =
4722940Sizick (soft_rsa_ctx_t *)active_op->context;
4732940Sizick
4742940Sizick if (rsa_ctx != NULL && rsa_ctx->key != NULL) {
4752940Sizick soft_cleanup_object(rsa_ctx->key);
4762940Sizick free(rsa_ctx->key);
4772940Sizick }
4782940Sizick break;
4792940Sizick
4802940Sizick }
4810Sstevel@tonic-gate case CKM_DSA_SHA1:
4820Sstevel@tonic-gate if (session_p->digest.context != NULL) {
4830Sstevel@tonic-gate free(session_p->digest.context);
4840Sstevel@tonic-gate session_p->digest.context = NULL;
4850Sstevel@tonic-gate session_p->digest.flags = 0;
4860Sstevel@tonic-gate }
4872940Sizick
4882940Sizick /* FALLTHRU */
4892940Sizick case CKM_DSA:
4902940Sizick {
4912940Sizick soft_dsa_ctx_t *dsa_ctx =
4922940Sizick (soft_dsa_ctx_t *)active_op->context;
4932940Sizick
4942940Sizick if (dsa_ctx != NULL && dsa_ctx->key != NULL) {
4952940Sizick soft_cleanup_object(dsa_ctx->key);
4962940Sizick free(dsa_ctx->key);
4972940Sizick }
4980Sstevel@tonic-gate break;
4990Sstevel@tonic-gate
5002940Sizick }
5010Sstevel@tonic-gate case CKM_SSL3_MD5_MAC:
5020Sstevel@tonic-gate case CKM_SSL3_SHA1_MAC:
5030Sstevel@tonic-gate case CKM_MD5_HMAC_GENERAL:
5040Sstevel@tonic-gate case CKM_MD5_HMAC:
5050Sstevel@tonic-gate case CKM_SHA_1_HMAC_GENERAL:
5060Sstevel@tonic-gate case CKM_SHA_1_HMAC:
507676Sizick case CKM_SHA256_HMAC_GENERAL:
508676Sizick case CKM_SHA256_HMAC:
509676Sizick case CKM_SHA384_HMAC_GENERAL:
510676Sizick case CKM_SHA384_HMAC:
511676Sizick case CKM_SHA512_HMAC_GENERAL:
512676Sizick case CKM_SHA512_HMAC:
5130Sstevel@tonic-gate if (active_op->context != NULL)
5140Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_hmac_ctx_t));
5150Sstevel@tonic-gate break;
5160Sstevel@tonic-gate case CKM_DES_MAC_GENERAL:
5170Sstevel@tonic-gate case CKM_DES_MAC:
5180Sstevel@tonic-gate if (session_p->encrypt.context != NULL) {
5190Sstevel@tonic-gate free(session_p->encrypt.context);
5200Sstevel@tonic-gate session_p->encrypt.context = NULL;
5210Sstevel@tonic-gate session_p->encrypt.flags = 0;
5220Sstevel@tonic-gate }
5230Sstevel@tonic-gate if (active_op->context != NULL)
5240Sstevel@tonic-gate bzero(active_op->context, sizeof (soft_des_ctx_t));
5250Sstevel@tonic-gate break;
5260Sstevel@tonic-gate
5270Sstevel@tonic-gate }
5280Sstevel@tonic-gate
5290Sstevel@tonic-gate if (active_op->context != NULL) {
5300Sstevel@tonic-gate free(active_op->context);
5310Sstevel@tonic-gate active_op->context = NULL;
5320Sstevel@tonic-gate }
5330Sstevel@tonic-gate
5340Sstevel@tonic-gate active_op->flags = 0;
5350Sstevel@tonic-gate
5360Sstevel@tonic-gate if (!lock_held)
5370Sstevel@tonic-gate SES_REFRELE(session_p, lock_true);
5380Sstevel@tonic-gate }
539