search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softEC.c
blob70409c469512819c3c62c336a2fe64021afed499
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <stdlib.h>
27 #include <string.h>
28 #include <strings.h>
29 #include <sys/types.h>
30 #include <sys/crypto/common.h>
31 #include <security/cryptoki.h>
32 #include <bignum.h>
33 #include <des_impl.h>
34 #include "softGlobal.h"
35 #include "softSession.h"
36 #include "softObject.h"
37 #include "softEC.h"
38 #include "softCrypt.h"
39 #include "softOps.h"
40 #include "softMAC.h"
41
42 void
43 soft_free_ecparams(ECParams *params, boolean_t freeit)
44 {
45 SECITEM_FreeItem(&params->fieldID.u.prime, B_FALSE);
46 SECITEM_FreeItem(&params->curve.a, B_FALSE);
47 SECITEM_FreeItem(&params->curve.b, B_FALSE);
48 SECITEM_FreeItem(&params->curve.seed, B_FALSE);
49 SECITEM_FreeItem(&params->base, B_FALSE);
50 SECITEM_FreeItem(&params->order, B_FALSE);
51 SECITEM_FreeItem(&params->DEREncoding, B_FALSE);
52 SECITEM_FreeItem(&params->curveOID, B_FALSE);
53 if (freeit)
54 free(params);
55 }
56
57 static void
58 soft_free_ecc_context(soft_ecc_ctx_t *ecc_ctx)
59 {
60 if (ecc_ctx != NULL) {
61 if (ecc_ctx->key != NULL) {
62 soft_cleanup_object(ecc_ctx->key);
63 free(ecc_ctx->key);
64 }
65
66 soft_free_ecparams(&ecc_ctx->ecparams, B_FALSE);
67 free(ecc_ctx);
68 }
69 }
70
71 void
72 soft_free_ecprivkey(ECPrivateKey *key)
73 {
74 soft_free_ecparams(&key->ecParams, B_FALSE);
75 /*
76 * Don't free publicValue or privateValue
77 * as these values are copied into objects.
78 */
79 SECITEM_FreeItem(&key->version, B_FALSE);
80 free(key);
81 }
82
83 /*
84 * Called from init routines to do basic sanity checks. Init routines,
85 * e.g. sign_init should fail rather than subsequent operations.
86 */
87 static int
88 check_key(soft_object_t *key_p, boolean_t sign)
89 {
90 biginteger_t *p;
91 ulong_t len;
92
93 if (sign) {
94 if ((key_p->class != CKO_PRIVATE_KEY) ||
95 (key_p->key_type != CKK_EC))
96 return (CKR_KEY_TYPE_INCONSISTENT);
97
98 p = OBJ_PRI_EC_VALUE(key_p);
99 len = p->big_value_len;
100 if (p->big_value == NULL)
101 len = 0;
102
103 if (len < CRYPTO_BITS2BYTES(EC_MIN_KEY_LEN) ||
104 len > CRYPTO_BITS2BYTES(EC_MAX_KEY_LEN))
105 return (CKR_KEY_SIZE_RANGE);
106 } else {
107 if ((key_p->class != CKO_PUBLIC_KEY) ||
108 (key_p->key_type != CKK_EC))
109 return (CKR_KEY_TYPE_INCONSISTENT);
110
111 p = OBJ_PUB_EC_POINT(key_p);
112 len = p->big_value_len;
113 if (p->big_value == NULL)
114 len = 0;
115
116 if (len < CRYPTO_BITS2BYTES(EC_MIN_KEY_LEN) * 2 + 1 ||
117 len > CRYPTO_BITS2BYTES(EC_MAX_KEY_LEN) * 2 + 1)
118 return (CKR_KEY_SIZE_RANGE);
119 }
120
121 return (CKR_OK);
122 }
123
124 /*
125 * This function places the octet string of the specified attribute
126 * into the corresponding key object.
127 */
128 static void
129 soft_genECkey_set_attribute(soft_object_t *key, biginteger_t *bi,
130 CK_ATTRIBUTE_TYPE type)
131 {
132 biginteger_t *dst;
133
134 switch (type) {
135 case CKA_VALUE:
136 dst = OBJ_PRI_EC_VALUE(key);
137 break;
138
139 case CKA_EC_POINT:
140 dst = OBJ_PUB_EC_POINT(key);
141 break;
142 }
143 copy_bigint_attr(bi, dst);
144 }
145
146 CK_RV
147 soft_ec_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
148 {
149 CK_RV rv;
150 CK_ATTRIBUTE template;
151 ECPrivateKey *privKey; /* contains both public and private values */
152 ECParams *ecparams;
153 SECKEYECParams params_item;
154 biginteger_t bi;
155 uchar_t param_buffer[EC_MAX_OID_LEN];
156 uint_t paramlen;
157
158 if ((pubkey->class != CKO_PUBLIC_KEY) ||
159 (pubkey->key_type != CKK_EC))
160 return (CKR_KEY_TYPE_INCONSISTENT);
161
162 if ((prikey->class != CKO_PRIVATE_KEY) ||
163 (prikey->key_type != CKK_EC))
164 return (CKR_KEY_TYPE_INCONSISTENT);
165
166 template.type = CKA_EC_PARAMS;
167 template.pValue = param_buffer;
168 template.ulValueLen = sizeof (param_buffer);
169 rv = soft_get_public_key_attribute(pubkey, &template);
170 if (rv != CKR_OK) {
171 return (rv);
172 }
173 paramlen = template.ulValueLen;
174
175 /* private key also has CKA_EC_PARAMS attribute */
176 rv = set_extra_attr_to_object(prikey, CKA_EC_PARAMS, &template);
177 if (rv != CKR_OK) {
178 return (rv);
179 }
180
181 /* ASN1 check */
182 if (param_buffer[0] != 0x06 ||
183 param_buffer[1] != paramlen - 2) {
184 return (CKR_ATTRIBUTE_VALUE_INVALID);
185 }
186 params_item.len = paramlen;
187 params_item.data = param_buffer;
188 if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
189 /* bad curve OID */
190 return (CKR_ARGUMENTS_BAD);
191 }
192
193 if (EC_NewKey(ecparams, &privKey, 0) != SECSuccess) {
194 soft_free_ecparams(ecparams, B_TRUE);
195 return (CKR_FUNCTION_FAILED);
196 }
197
198 bi.big_value = privKey->privateValue.data;
199 bi.big_value_len = privKey->privateValue.len;
200 soft_genECkey_set_attribute(prikey, &bi, CKA_VALUE);
201
202 bi.big_value = privKey->publicValue.data;
203 bi.big_value_len = privKey->publicValue.len;
204 soft_genECkey_set_attribute(pubkey, &bi, CKA_EC_POINT);
205
206 soft_free_ecprivkey(privKey);
207 soft_free_ecparams(ecparams, B_TRUE);
208
209 return (CKR_OK);
210 }
211
212 CK_RV
213 soft_ec_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
214 void *mech_params, size_t mech_params_len)
215 {
216 CK_RV rv;
217 CK_ATTRIBUTE template;
218 CK_ECDH1_DERIVE_PARAMS *ecdh1_derive_params = mech_params;
219 uchar_t value[EC_MAX_VALUE_LEN];
220 uint32_t value_len = sizeof (value);
221 uchar_t params[EC_MAX_OID_LEN];
222 uint32_t params_len = sizeof (params);
223 uint32_t keylen;
224 ECParams *ecparams;
225 SECKEYECParams params_item;
226 SECItem public_value_item, private_value_item, secret_item;
227 uchar_t *buf;
228
229 if (mech_params_len != sizeof (CK_ECDH1_DERIVE_PARAMS) ||
230 ecdh1_derive_params->kdf != CKD_NULL) {
231 return (CKR_MECHANISM_PARAM_INVALID);
232 }
233
234 template.type = CKA_VALUE;
235 template.pValue = value;
236 template.ulValueLen = value_len;
237 rv = soft_get_private_key_attribute(basekey, &template);
238 if (rv != CKR_OK) {
239 return (rv);
240 }
241 value_len = template.ulValueLen;
242 private_value_item.data = value;
243 private_value_item.len = value_len;
244
245 template.type = CKA_EC_PARAMS;
246 template.pValue = params;
247 template.ulValueLen = params_len;
248 rv = soft_get_private_key_attribute(basekey, &template);
249 if (rv != CKR_OK) {
250 return (rv);
251 }
252 params_len = template.ulValueLen;
253
254 switch (secretkey->key_type) {
255 case CKK_DES:
256 keylen = DES_KEYSIZE;
257 break;
258 case CKK_DES2:
259 keylen = DES2_KEYSIZE;
260 break;
261 case CKK_DES3:
262 keylen = DES3_KEYSIZE;
263 break;
264 case CKK_RC4:
265 case CKK_AES:
266 case CKK_GENERIC_SECRET:
267 keylen = OBJ_SEC_VALUE_LEN(secretkey);
268 break;
269 }
270
271 /* ASN1 check */
272 if (params[0] != 0x06 ||
273 params[1] != params_len - 2) {
274 return (CKR_ATTRIBUTE_VALUE_INVALID);
275 }
276 params_item.data = params;
277 params_item.len = params_len;
278 if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
279 /* bad curve OID */
280 return (CKR_ARGUMENTS_BAD);
281 }
282
283 public_value_item.data = ecdh1_derive_params->pPublicData;
284 public_value_item.len = ecdh1_derive_params->ulPublicDataLen;
285
286 secret_item.data = NULL;
287 secret_item.len = 0;
288
289 if (ECDH_Derive(&public_value_item, ecparams, &private_value_item,
290 B_FALSE, &secret_item, 0) != SECSuccess) {
291 soft_free_ecparams(ecparams, B_TRUE);
292 return (CKR_FUNCTION_FAILED);
293 } else {
294 rv = CKR_OK;
295 }
296
297 if (keylen == 0)
298 keylen = secret_item.len;
299
300 if (keylen > secret_item.len) {
301 rv = CKR_ATTRIBUTE_VALUE_INVALID;
302 goto out;
303 }
304 buf = malloc(keylen);
305 if (buf == NULL) {
306 rv = CKR_HOST_MEMORY;
307 goto out;
308 }
309 bcopy(secret_item.data + secret_item.len - keylen, buf, keylen);
310 OBJ_SEC_VALUE_LEN(secretkey) = keylen;
311 OBJ_SEC_VALUE(secretkey) = buf;
312
313 out:
314 soft_free_ecparams(ecparams, B_TRUE);
315 SECITEM_FreeItem(&secret_item, B_FALSE);
316
317 return (rv);
318 }
319
320 /*
321 * Allocate a ECC context for the active sign or verify operation.
322 * This function is called without the session lock held.
323 */
324 CK_RV
325 soft_ecc_sign_verify_init_common(soft_session_t *session_p,
326 CK_MECHANISM_PTR pMechanism, soft_object_t *key_p,
327 boolean_t sign)
328 {
329 CK_RV rv;
330 CK_ATTRIBUTE template;
331 CK_MECHANISM digest_mech;
332 soft_ecc_ctx_t *ecc_ctx;
333 soft_object_t *tmp_key = NULL;
334 uchar_t params[EC_MAX_OID_LEN];
335 ECParams *ecparams;
336 SECKEYECParams params_item;
337
338 if ((rv = check_key(key_p, sign)) != CKR_OK)
339 return (rv);
340
341 if (pMechanism->mechanism == CKM_ECDSA_SHA1) {
342 digest_mech.mechanism = CKM_SHA_1;
343 rv = soft_digest_init_internal(session_p, &digest_mech);
344 if (rv != CKR_OK)
345 return (rv);
346 }
347
348 ecc_ctx = malloc(sizeof (soft_ecc_ctx_t));
349 if (ecc_ctx == NULL) {
350 return (CKR_HOST_MEMORY);
351 }
352
353 /*
354 * Make a copy of the signature or verification key, and save it
355 * in the ECC crypto context since it will be used later for
356 * signing/verification. We don't want to hold any object reference
357 * on this original key while doing signing/verification.
358 */
359 (void) pthread_mutex_lock(&key_p->object_mutex);
360 rv = soft_copy_object(key_p, &tmp_key, SOFT_COPY_OBJ_ORIG_SH, NULL);
361 if ((rv != CKR_OK) || (tmp_key == NULL)) {
362 /* Most likely we ran out of space. */
363 (void) pthread_mutex_unlock(&key_p->object_mutex);
364 free(ecc_ctx);
365 return (rv);
366 }
367
368
369 template.type = CKA_EC_PARAMS;
370 template.pValue = params;
371 template.ulValueLen = sizeof (params);
372 rv = soft_get_private_key_attribute(key_p, &template);
373 (void) pthread_mutex_unlock(&key_p->object_mutex);
374 if (rv != CKR_OK) {
375 goto out;
376 }
377
378 /* ASN1 check */
379 if (params[0] != 0x06 ||
380 params[1] != template.ulValueLen - 2) {
381 rv = CKR_ATTRIBUTE_VALUE_INVALID;
382 goto out;
383 }
384 params_item.data = params;
385 params_item.len = template.ulValueLen;
386
387 ecc_ctx->key = tmp_key;
388
389 if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
390 /* bad curve OID */
391 rv = CKR_ARGUMENTS_BAD;
392 goto out;
393 }
394 ecc_ctx->ecparams = *ecparams;
395 free(ecparams);
396
397 (void) pthread_mutex_lock(&session_p->session_mutex);
398
399 if (sign) {
400 session_p->sign.context = ecc_ctx;
401 session_p->sign.mech.mechanism = pMechanism->mechanism;
402 } else {
403 session_p->verify.context = ecc_ctx;
404 session_p->verify.mech.mechanism = pMechanism->mechanism;
405 }
406
407 (void) pthread_mutex_unlock(&session_p->session_mutex);
408 return (CKR_OK);
409
410 out:
411 soft_cleanup_object(tmp_key);
412 free(tmp_key);
413 free(ecc_ctx);
414
415 return (rv);
416 }
417
418 CK_RV
419 soft_ecc_digest_sign_common(soft_session_t *session_p, CK_BYTE_PTR pData,
420 CK_ULONG ulDataLen, CK_BYTE_PTR pSigned,
421 CK_ULONG_PTR pulSignedLen, boolean_t Final)
422 {
423 CK_RV rv = CKR_OK;
424 CK_BYTE hash[SHA1_HASH_SIZE];
425 CK_ULONG hash_len = SHA1_HASH_SIZE;
426
427 if (pSigned != NULL) {
428 if (Final) {
429 rv = soft_digest_final(session_p, hash, &hash_len);
430 } else {
431 rv = soft_digest(session_p, pData, ulDataLen, hash,
432 &hash_len);
433 }
434
435 if (rv != CKR_OK) {
436 (void) pthread_mutex_lock(&session_p->session_mutex);
437 soft_free_ecc_context(session_p->sign.context);
438 session_p->sign.context = NULL;
439 session_p->digest.flags = 0;
440 (void) pthread_mutex_unlock(&session_p->session_mutex);
441 return (rv);
442 }
443 }
444
445 rv = soft_ecc_sign(session_p, hash, hash_len, pSigned, pulSignedLen);
446
447 clean_exit:
448 (void) pthread_mutex_lock(&session_p->session_mutex);
449 /* soft_digest_common() has freed the digest context */
450 session_p->digest.flags = 0;
451 (void) pthread_mutex_unlock(&session_p->session_mutex);
452
453 clean1:
454 return (rv);
455 }
456
457 CK_RV
458 soft_ecc_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
459 CK_ULONG ulDataLen, CK_BYTE_PTR pSigned,
460 CK_ULONG_PTR pulSignedLen)
461 {
462 CK_RV rv = CKR_OK;
463 SECStatus ss;
464 soft_ecc_ctx_t *ecc_ctx = session_p->sign.context;
465 soft_object_t *key = ecc_ctx->key;
466 uchar_t value[EC_MAX_VALUE_LEN];
467 ECPrivateKey ECkey;
468 SECItem signature_item;
469 SECItem digest_item;
470 uint_t value_len;
471
472 if ((key->class != CKO_PRIVATE_KEY) || (key->key_type != CKK_EC)) {
473 rv = CKR_KEY_TYPE_INCONSISTENT;
474 goto clean_exit;
475 }
476
477 if (ulDataLen > EC_MAX_DIGEST_LEN) {
478 rv = CKR_DATA_LEN_RANGE;
479 goto clean_exit;
480 }
481
482 /* structure assignment */
483 ECkey.ecParams = ecc_ctx->ecparams;
484
485 value_len = EC_MAX_VALUE_LEN;
486 rv = soft_get_private_value(key, CKA_VALUE, value, &value_len);
487 if (rv != CKR_OK) {
488 goto clean_exit;
489 }
490
491 ECkey.privateValue.data = value;
492 ECkey.privateValue.len = value_len;
493
494 signature_item.data = pSigned;
495 signature_item.len = *pulSignedLen;
496
497 digest_item.data = pData;
498 digest_item.len = ulDataLen;
499
500 if ((ss = ECDSA_SignDigest(&ECkey, &signature_item, &digest_item, 0))
501 != SECSuccess) {
502 if (ss == SECBufferTooSmall)
503 return (CKR_BUFFER_TOO_SMALL);
504
505 rv = CKR_FUNCTION_FAILED;
506 goto clean_exit;
507 }
508
509 if (rv == CKR_OK) {
510 *pulSignedLen = signature_item.len;
511 if (pSigned == NULL)
512 return (rv);
513 }
514
515 clean_exit:
516 (void) pthread_mutex_lock(&session_p->session_mutex);
517 soft_free_ecc_context(session_p->sign.context);
518 session_p->sign.context = NULL;
519 (void) pthread_mutex_unlock(&session_p->session_mutex);
520 return (rv);
521 }
522
523 CK_RV
524 soft_ecc_verify(soft_session_t *session_p, CK_BYTE_PTR pData,
525 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
526 CK_ULONG ulSignatureLen)
527 {
528 CK_RV rv = CKR_OK;
529 soft_ecc_ctx_t *ecc_ctx = session_p->verify.context;
530 soft_object_t *key = ecc_ctx->key;
531 uchar_t point[EC_MAX_POINT_LEN];
532 CK_ATTRIBUTE template;
533 ECPublicKey ECkey;
534 SECItem signature_item;
535 SECItem digest_item;
536
537 if ((key->class != CKO_PUBLIC_KEY) ||(key->key_type != CKK_EC)) {
538 rv = CKR_KEY_TYPE_INCONSISTENT;
539 goto clean_exit;
540 }
541
542 if (ulSignatureLen > EC_MAX_SIG_LEN) {
543 rv = CKR_SIGNATURE_LEN_RANGE;
544 goto clean_exit;
545 }
546
547 if (ulDataLen > EC_MAX_DIGEST_LEN) {
548 rv = CKR_DATA_LEN_RANGE;
549 goto clean_exit;
550 }
551
552 /* structure assignment */
553 ECkey.ecParams = ecc_ctx->ecparams;
554
555 template.type = CKA_EC_POINT;
556 template.pValue = point;
557 template.ulValueLen = sizeof (point);
558 rv = soft_get_public_key_attribute(key, &template);
559 if (rv != CKR_OK) {
560 goto clean_exit;
561 }
562
563 ECkey.publicValue.data = point;
564 ECkey.publicValue.len = template.ulValueLen;
565
566 signature_item.data = pSignature;
567 signature_item.len = ulSignatureLen;
568
569 digest_item.data = pData;
570 digest_item.len = ulDataLen;
571
572 if (ECDSA_VerifyDigest(&ECkey, &signature_item, &digest_item, 0)
573 != SECSuccess) {
574 rv = CKR_SIGNATURE_INVALID;
575 } else {
576 rv = CKR_OK;
577 }
578
579 clean_exit:
580 (void) pthread_mutex_lock(&session_p->session_mutex);
581 soft_free_ecc_context(session_p->verify.context);
582 session_p->verify.context = NULL;
583 (void) pthread_mutex_unlock(&session_p->session_mutex);
584 return (rv);
585 }
586
587
588 CK_RV
589 soft_ecc_digest_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData,
590 CK_ULONG ulDataLen, CK_BYTE_PTR pSigned,
591 CK_ULONG ulSignedLen, boolean_t Final)
592 {
593 CK_RV rv;
594 CK_BYTE hash[SHA1_HASH_SIZE];
595 CK_ULONG hash_len = SHA1_HASH_SIZE;
596
597 if (Final) {
598 rv = soft_digest_final(session_p, hash, &hash_len);
599 } else {
600 rv = soft_digest(session_p, pData, ulDataLen, hash, &hash_len);
601 }
602
603 if (rv != CKR_OK) {
604 (void) pthread_mutex_lock(&session_p->session_mutex);
605 soft_free_ecc_context(session_p->verify.context);
606 session_p->verify.context = NULL;
607 session_p->digest.flags = 0;
608 (void) pthread_mutex_unlock(&session_p->session_mutex);
609 return (rv);
610 }
611
612 /*
613 * Now, we are ready to verify the data using signature.
614 * soft_ecc_verify() will free the verification key.
615 */
616 rv = soft_ecc_verify(session_p, hash, hash_len,
617 pSigned, ulSignedLen);
618
619 clean_exit:
620 (void) pthread_mutex_lock(&session_p->session_mutex);
621 /* soft_digest_common() has freed the digest context */
622 session_p->digest.flags = 0;
623 (void) pthread_mutex_unlock(&session_p->session_mutex);
624 return (rv);
625 }
unleashed repo fork