search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softMAC.c
blobf608d1b42b4446ca8e2810f66bc99591ae0d8514
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <pthread.h>
30 #include <sys/md5.h>
31 #include <sys/sha1.h>
32 #include <sys/sha2.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <strings.h>
36 #include <sys/types.h>
37 #include <security/cryptoki.h>
38 #include "softObject.h"
39 #include "softOps.h"
40 #include "softSession.h"
41 #include "softMAC.h"
42
43 /*
44 * IPAD = 0x36 repeated 48 times for ssl md5, repeated 40 times for ssl sha1
45 * OPAD = 0x5C repeated 48 times for SSL md5, repeated 40 times for ssl sha1
46 */
47 const uint32_t md5_ssl_ipad[] = {
48 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,
49 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,
50 0x36363636, 0x36363636};
51 const uint32_t sha1_ssl_ipad[] = {
52 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636,
53 0x36363636, 0x36363636, 0x36363636, 0x36363636, 0x36363636};
54 const uint32_t md5_ssl_opad[] = {
55 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c,
56 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c,
57 0x5c5c5c5c, 0x5c5c5c5c};
58 const uint32_t sha1_ssl_opad[] = {
59 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c,
60 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c, 0x5c5c5c5c};
61
62 /*
63 * Allocate and initialize a HMAC context, and save the context pointer in
64 * the session struct. For General-length HMAC, checks the length in the
65 * parameter to see if it is in the right range.
66 */
67 CK_RV
68 soft_hmac_sign_verify_init_common(soft_session_t *session_p,
69 CK_MECHANISM_PTR pMechanism, soft_object_t *key_p, boolean_t sign_op)
70 {
71
72 soft_hmac_ctx_t *hmac_ctx;
73 CK_RV rv = CKR_OK;
74
75 if ((key_p->class != CKO_SECRET_KEY) ||
76 (key_p->key_type != CKK_GENERIC_SECRET)) {
77 return (CKR_KEY_TYPE_INCONSISTENT);
78 }
79
80 hmac_ctx = malloc(sizeof (soft_hmac_ctx_t));
81
82 if (hmac_ctx == NULL) {
83 return (CKR_HOST_MEMORY);
84 }
85
86 switch (pMechanism->mechanism) {
87 case CKM_MD5_HMAC:
88 hmac_ctx->hmac_len = MD5_HASH_SIZE;
89 break;
90
91 case CKM_SHA_1_HMAC:
92 hmac_ctx->hmac_len = SHA1_HASH_SIZE;
93 break;
94
95 case CKM_SHA256_HMAC:
96 hmac_ctx->hmac_len = SHA256_DIGEST_LENGTH;
97 break;
98
99 case CKM_SHA384_HMAC:
100 hmac_ctx->hmac_len = SHA384_DIGEST_LENGTH;
101 break;
102
103 case CKM_SHA512_HMAC:
104 hmac_ctx->hmac_len = SHA512_DIGEST_LENGTH;
105 break;
106
107 case CKM_MD5_HMAC_GENERAL:
108 case CKM_SSL3_MD5_MAC:
109 if ((pMechanism->ulParameterLen !=
110 sizeof (CK_MAC_GENERAL_PARAMS)) &&
111 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
112 MD5_HASH_SIZE)) {
113 free(hmac_ctx);
114 return (CKR_MECHANISM_PARAM_INVALID);
115 }
116 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
117 pMechanism->pParameter);
118 break;
119
120 case CKM_SSL3_SHA1_MAC:
121 case CKM_SHA_1_HMAC_GENERAL:
122 if ((pMechanism->ulParameterLen !=
123 sizeof (CK_MAC_GENERAL_PARAMS)) &&
124 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
125 SHA1_HASH_SIZE)) {
126 free(hmac_ctx);
127 return (CKR_MECHANISM_PARAM_INVALID);
128 }
129 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
130 pMechanism->pParameter);
131 break;
132
133 case CKM_SHA256_HMAC_GENERAL:
134 if ((pMechanism->ulParameterLen !=
135 sizeof (CK_MAC_GENERAL_PARAMS)) &&
136 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
137 SHA256_DIGEST_LENGTH)) {
138 free(hmac_ctx);
139 return (CKR_MECHANISM_PARAM_INVALID);
140 }
141 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
142 pMechanism->pParameter);
143 break;
144
145 case CKM_SHA384_HMAC_GENERAL:
146 case CKM_SHA512_HMAC_GENERAL:
147 if ((pMechanism->ulParameterLen !=
148 sizeof (CK_MAC_GENERAL_PARAMS)) &&
149 (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter >
150 SHA512_DIGEST_LENGTH)) {
151 free(hmac_ctx);
152 return (CKR_MECHANISM_PARAM_INVALID);
153 }
154
155 hmac_ctx->hmac_len = *((CK_MAC_GENERAL_PARAMS_PTR)
156 pMechanism->pParameter);
157 break;
158
159 }
160
161
162 /* Initialize a MAC context. */
163 rv = mac_init_ctx(session_p, key_p, hmac_ctx, pMechanism->mechanism);
164 if (rv != CKR_OK)
165 return (rv);
166
167 (void) pthread_mutex_lock(&session_p->session_mutex);
168
169 if (sign_op) {
170 session_p->sign.mech.mechanism = pMechanism->mechanism;
171 session_p->sign.context = hmac_ctx;
172 } else {
173 session_p->verify.mech.mechanism = pMechanism->mechanism;
174 session_p->verify.context = hmac_ctx;
175 }
176
177 (void) pthread_mutex_unlock(&session_p->session_mutex);
178
179 return (CKR_OK);
180 }
181
182
183 /*
184 * Initialize a HMAC context.
185 */
186 CK_RV
187 mac_init_ctx(soft_session_t *session_p, soft_object_t *key,
188 soft_hmac_ctx_t *ctx, CK_MECHANISM_TYPE mech)
189 {
190 CK_RV rv = CKR_OK;
191
192 switch (mech) {
193 case CKM_SSL3_MD5_MAC:
194 {
195 CK_BYTE md5_ipad[MD5_SSL_PAD_AND_KEY_SIZE];
196 CK_BYTE md5_opad[MD5_SSL_PAD_AND_KEY_SIZE];
197
198 if (OBJ_SEC(key)->sk_value_len > MD5_SSL_PAD_AND_KEY_SIZE) {
199 return (CKR_KEY_SIZE_RANGE);
200 }
201
202 bzero(md5_ipad, MD5_SSL_PAD_AND_KEY_SIZE);
203 bzero(md5_opad, MD5_SSL_PAD_AND_KEY_SIZE);
204
205 /* SSL MAC is HASH(key + opad + HASH(key + ipad + data)) */
206 (void) memcpy(md5_ipad, OBJ_SEC(key)->sk_value,
207 OBJ_SEC(key)->sk_value_len);
208 (void) memcpy(&md5_ipad[OBJ_SEC(key)->sk_value_len],
209 md5_ssl_ipad, MD5_SSL_PAD_SIZE);
210 (void) memcpy(md5_opad, OBJ_SEC(key)->sk_value,
211 OBJ_SEC(key)->sk_value_len);
212 (void) memcpy(&md5_opad[OBJ_SEC(key)->sk_value_len],
213 md5_ssl_opad, MD5_SSL_PAD_SIZE);
214
215 SOFT_MAC_INIT_CTX(MD5, &(ctx->hc_ctx_u.md5_ctx),
216 md5_ipad, md5_opad, MD5_SSL_PAD_AND_KEY_SIZE);
217
218 break;
219 }
220 case CKM_MD5_HMAC_GENERAL:
221 case CKM_MD5_HMAC:
222 {
223 uint32_t md5_ipad[MD5_HMAC_INTS_PER_BLOCK];
224 uint32_t md5_opad[MD5_HMAC_INTS_PER_BLOCK];
225 CK_MECHANISM digest_mech;
226 CK_ULONG hash_len = MD5_HASH_SIZE;
227
228 bzero(md5_ipad, MD5_HMAC_BLOCK_SIZE);
229 bzero(md5_opad, MD5_HMAC_BLOCK_SIZE);
230
231 if (OBJ_SEC(key)->sk_value_len > MD5_HMAC_BLOCK_SIZE) {
232 /*
233 * Hash the key when it is longer than 64 bytes.
234 */
235 digest_mech.mechanism = CKM_MD5;
236 digest_mech.pParameter = NULL_PTR;
237 digest_mech.ulParameterLen = 0;
238 rv = soft_digest_init_internal(session_p, &digest_mech);
239 if (rv != CKR_OK)
240 return (rv);
241 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
242 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)md5_ipad,
243 &hash_len);
244 session_p->digest.flags = 0;
245 if (rv != CKR_OK)
246 return (rv);
247 (void) memcpy(md5_opad, md5_ipad, hash_len);
248 } else {
249 (void) memcpy(md5_ipad, OBJ_SEC(key)->sk_value,
250 OBJ_SEC(key)->sk_value_len);
251 (void) memcpy(md5_opad, OBJ_SEC(key)->sk_value,
252 OBJ_SEC(key)->sk_value_len);
253 }
254
255 md5_hmac_ctx_init(&ctx->hc_ctx_u.md5_ctx, md5_ipad, md5_opad);
256 break;
257 }
258
259 case CKM_SSL3_SHA1_MAC:
260 {
261 CK_BYTE sha1_ipad[SHA1_SSL_PAD_AND_KEY_SIZE];
262 CK_BYTE sha1_opad[SHA1_SSL_PAD_AND_KEY_SIZE];
263
264 if (OBJ_SEC(key)->sk_value_len > SHA1_HMAC_BLOCK_SIZE) {
265 return (CKR_KEY_SIZE_RANGE);
266 }
267
268 bzero(sha1_ipad, SHA1_SSL_PAD_AND_KEY_SIZE);
269 bzero(sha1_opad, SHA1_SSL_PAD_AND_KEY_SIZE);
270
271 /* SSL MAC is HASH(key + opad + HASH(key + ipad + data)) */
272 (void) memcpy(sha1_ipad, OBJ_SEC(key)->sk_value,
273 OBJ_SEC(key)->sk_value_len);
274 (void) memcpy(&sha1_ipad[OBJ_SEC(key)->sk_value_len],
275 sha1_ssl_ipad, SHA1_SSL_PAD_SIZE);
276 (void) memcpy(sha1_opad, OBJ_SEC(key)->sk_value,
277 OBJ_SEC(key)->sk_value_len);
278 (void) memcpy(&sha1_opad[OBJ_SEC(key)->sk_value_len],
279 sha1_ssl_opad, SHA1_SSL_PAD_SIZE);
280
281 SOFT_MAC_INIT_CTX(SHA1, &(ctx->hc_ctx_u.sha1_ctx),
282 sha1_ipad, sha1_opad, SHA1_SSL_PAD_AND_KEY_SIZE);
283
284 break;
285 }
286 case CKM_SHA_1_HMAC_GENERAL:
287 case CKM_SHA_1_HMAC:
288 {
289 uint32_t sha1_ipad[SHA1_HMAC_INTS_PER_BLOCK];
290 uint32_t sha1_opad[SHA1_HMAC_INTS_PER_BLOCK];
291 CK_MECHANISM digest_mech;
292 CK_ULONG hash_len = SHA1_HASH_SIZE;
293
294 bzero(sha1_ipad, SHA1_HMAC_BLOCK_SIZE);
295 bzero(sha1_opad, SHA1_HMAC_BLOCK_SIZE);
296
297 if (OBJ_SEC(key)->sk_value_len > SHA1_HMAC_BLOCK_SIZE) {
298 /*
299 * Hash the key when it is longer than 64 bytes.
300 */
301 digest_mech.mechanism = CKM_SHA_1;
302 digest_mech.pParameter = NULL_PTR;
303 digest_mech.ulParameterLen = 0;
304 rv = soft_digest_init_internal(session_p, &digest_mech);
305 if (rv != CKR_OK)
306 return (rv);
307 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
308 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha1_ipad,
309 &hash_len);
310 session_p->digest.flags = 0;
311 if (rv != CKR_OK)
312 return (rv);
313 (void) memcpy(sha1_opad, sha1_ipad, hash_len);
314 } else {
315 (void) memcpy(sha1_ipad, OBJ_SEC(key)->sk_value,
316 OBJ_SEC(key)->sk_value_len);
317 (void) memcpy(sha1_opad, OBJ_SEC(key)->sk_value,
318 OBJ_SEC(key)->sk_value_len);
319 }
320
321 sha1_hmac_ctx_init(&ctx->hc_ctx_u.sha1_ctx, sha1_ipad,
322 sha1_opad);
323
324 break;
325 }
326 case CKM_SHA256_HMAC:
327 case CKM_SHA256_HMAC_GENERAL:
328 {
329 uint64_t sha_ipad[SHA256_HMAC_INTS_PER_BLOCK];
330 uint64_t sha_opad[SHA256_HMAC_INTS_PER_BLOCK];
331 CK_MECHANISM digest_mech;
332 CK_ULONG hash_len = SHA256_DIGEST_LENGTH;
333
334 bzero(sha_ipad, SHA256_HMAC_BLOCK_SIZE);
335 bzero(sha_opad, SHA256_HMAC_BLOCK_SIZE);
336
337 if (OBJ_SEC(key)->sk_value_len > SHA256_HMAC_BLOCK_SIZE) {
338 /*
339 * Hash the key when it is longer than 64 bytes.
340 */
341 digest_mech.mechanism = CKM_SHA256;
342 digest_mech.pParameter = NULL_PTR;
343 digest_mech.ulParameterLen = 0;
344 rv = soft_digest_init_internal(session_p, &digest_mech);
345 if (rv != CKR_OK)
346 return (rv);
347 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
348 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha_ipad,
349 &hash_len);
350 session_p->digest.flags = 0;
351 if (rv != CKR_OK)
352 return (rv);
353 (void) memcpy(sha_opad, sha_ipad, hash_len);
354 } else {
355 (void) memcpy(sha_ipad, OBJ_SEC(key)->sk_value,
356 OBJ_SEC(key)->sk_value_len);
357 (void) memcpy(sha_opad, OBJ_SEC(key)->sk_value,
358 OBJ_SEC(key)->sk_value_len);
359 }
360
361 sha2_hmac_ctx_init(CKM_TO_SHA2(mech), &ctx->hc_ctx_u.sha2_ctx,
362 sha_ipad, sha_opad, SHA256_HMAC_INTS_PER_BLOCK,
363 SHA256_HMAC_BLOCK_SIZE);
364
365 break;
366 }
367 case CKM_SHA384_HMAC:
368 case CKM_SHA384_HMAC_GENERAL:
369 {
370 uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK];
371 uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK];
372 CK_MECHANISM digest_mech;
373 CK_ULONG hash_len = SHA384_DIGEST_LENGTH;
374
375 bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE);
376 bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE);
377
378 if (OBJ_SEC(key)->sk_value_len > SHA512_HMAC_BLOCK_SIZE) {
379 /*
380 * Hash the key when it is longer than 64 bytes.
381 */
382 digest_mech.mechanism = CKM_SHA384;
383 digest_mech.pParameter = NULL_PTR;
384 digest_mech.ulParameterLen = 0;
385 rv = soft_digest_init_internal(session_p, &digest_mech);
386 if (rv != CKR_OK)
387 return (rv);
388 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
389 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha_ipad,
390 &hash_len);
391 session_p->digest.flags = 0;
392 if (rv != CKR_OK)
393 return (rv);
394 (void) memcpy(sha_opad, sha_ipad, hash_len);
395 } else {
396 (void) memcpy(sha_ipad, OBJ_SEC(key)->sk_value,
397 OBJ_SEC(key)->sk_value_len);
398 (void) memcpy(sha_opad, OBJ_SEC(key)->sk_value,
399 OBJ_SEC(key)->sk_value_len);
400 }
401
402 sha2_hmac_ctx_init(CKM_TO_SHA2(mech), &ctx->hc_ctx_u.sha2_ctx,
403 sha_ipad, sha_opad, SHA512_HMAC_INTS_PER_BLOCK,
404 SHA512_HMAC_BLOCK_SIZE);
405
406 break;
407 }
408 case CKM_SHA512_HMAC:
409 case CKM_SHA512_HMAC_GENERAL:
410 {
411 uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK];
412 uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK];
413 CK_MECHANISM digest_mech;
414 CK_ULONG hash_len = SHA512_DIGEST_LENGTH;
415
416 bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE);
417 bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE);
418
419 if (OBJ_SEC(key)->sk_value_len > SHA512_HMAC_BLOCK_SIZE) {
420 /*
421 * Hash the key when it is longer than 64 bytes.
422 */
423 digest_mech.mechanism = CKM_SHA512;
424 digest_mech.pParameter = NULL_PTR;
425 digest_mech.ulParameterLen = 0;
426 rv = soft_digest_init_internal(session_p, &digest_mech);
427 if (rv != CKR_OK)
428 return (rv);
429 rv = soft_digest(session_p, OBJ_SEC(key)->sk_value,
430 OBJ_SEC(key)->sk_value_len, (CK_BYTE_PTR)sha_ipad,
431 &hash_len);
432 session_p->digest.flags = 0;
433 if (rv != CKR_OK)
434 return (rv);
435 (void) memcpy(sha_opad, sha_ipad, hash_len);
436 } else {
437 (void) memcpy(sha_ipad, OBJ_SEC(key)->sk_value,
438 OBJ_SEC(key)->sk_value_len);
439 (void) memcpy(sha_opad, OBJ_SEC(key)->sk_value,
440 OBJ_SEC(key)->sk_value_len);
441 }
442
443 sha2_hmac_ctx_init(CKM_TO_SHA2(mech), &ctx->hc_ctx_u.sha2_ctx,
444 sha_ipad, sha_opad, SHA512_HMAC_INTS_PER_BLOCK,
445 SHA512_HMAC_BLOCK_SIZE);
446
447 break;
448 }
449 }
450 return (rv);
451 }
452
453
454 /*
455 * Called by soft_sign(), soft_sign_final(), soft_verify() or
456 * soft_verify_final().
457 */
458 CK_RV
459 soft_hmac_sign_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData,
460 CK_ULONG ulDataLen, CK_BYTE_PTR pSigned, CK_ULONG_PTR pulSignedLen,
461 boolean_t sign_op)
462 {
463
464 soft_hmac_ctx_t *hmac_ctx;
465 CK_MECHANISM_TYPE mechanism;
466 uint_t datalen = ulDataLen;
467
468 if (sign_op) {
469 hmac_ctx = (soft_hmac_ctx_t *)session_p->sign.context;
470 mechanism = session_p->sign.mech.mechanism;
471
472 /*
473 * If application asks for the length of the output buffer
474 * to hold the signature?
475 */
476 if (pSigned == NULL) {
477 *pulSignedLen = hmac_ctx->hmac_len;
478 return (CKR_OK);
479 }
480
481 /* Is the application-supplied buffer large enough? */
482 if (*pulSignedLen < hmac_ctx->hmac_len) {
483 *pulSignedLen = hmac_ctx->hmac_len;
484 return (CKR_BUFFER_TOO_SMALL);
485 }
486 } else {
487 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
488 mechanism = session_p->verify.mech.mechanism;
489 }
490
491 switch (mechanism) {
492
493 case CKM_SSL3_MD5_MAC:
494 case CKM_MD5_HMAC_GENERAL:
495 case CKM_MD5_HMAC:
496
497 if (pData != NULL) {
498 /* Called by soft_sign() or soft_verify(). */
499 SOFT_MAC_UPDATE(MD5, &(hmac_ctx->hc_ctx_u.md5_ctx),
500 pData, datalen);
501 }
502 SOFT_MAC_FINAL(MD5, &(hmac_ctx->hc_ctx_u.md5_ctx), pSigned);
503 break;
504
505 case CKM_SSL3_SHA1_MAC:
506 case CKM_SHA_1_HMAC_GENERAL:
507 case CKM_SHA_1_HMAC:
508
509 if (pData != NULL) {
510 /* Called by soft_sign() or soft_verify(). */
511 SOFT_MAC_UPDATE(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx),
512 pData, datalen);
513 }
514 SOFT_MAC_FINAL(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx), pSigned);
515 break;
516
517 case CKM_SHA256_HMAC_GENERAL:
518 case CKM_SHA256_HMAC:
519 if (pData != NULL)
520 /* Called by soft_sign() or soft_verify(). */
521 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
522 pData, datalen);
523
524 SOFT_MAC_FINAL_2(SHA256, &(hmac_ctx->hc_ctx_u.sha2_ctx),
525 pSigned);
526 break;
527
528 case CKM_SHA384_HMAC_GENERAL:
529 case CKM_SHA384_HMAC:
530 if (pData != NULL)
531 /* Called by soft_sign() or soft_verify(). */
532 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
533 pData, datalen);
534
535 SOFT_MAC_FINAL_2(SHA384, &(hmac_ctx->hc_ctx_u.sha2_ctx),
536 pSigned);
537 hmac_ctx->hmac_len = SHA384_DIGEST_LENGTH;
538 break;
539
540 case CKM_SHA512_HMAC_GENERAL:
541 case CKM_SHA512_HMAC:
542
543 if (pData != NULL)
544 /* Called by soft_sign() or soft_verify(). */
545 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext),
546 pData, datalen);
547
548 SOFT_MAC_FINAL_2(SHA512, &(hmac_ctx->hc_ctx_u.sha2_ctx),
549 pSigned);
550 };
551
552 *pulSignedLen = hmac_ctx->hmac_len;
553
554
555 clean_exit:
556
557 (void) pthread_mutex_lock(&session_p->session_mutex);
558
559 if (sign_op) {
560 bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t));
561 free(session_p->sign.context);
562 session_p->sign.context = NULL;
563 } else {
564 bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t));
565 free(session_p->verify.context);
566 session_p->verify.context = NULL;
567 }
568
569 (void) pthread_mutex_unlock(&session_p->session_mutex);
570
571 return (CKR_OK);
572 }
573
574
575 /*
576 * Called by soft_sign_update() or soft_verify_update().
577 */
578 CK_RV
579 soft_hmac_sign_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
580 CK_ULONG ulPartLen, boolean_t sign_op)
581 {
582
583 soft_hmac_ctx_t *hmac_ctx;
584 CK_MECHANISM_TYPE mechanism;
585 uint_t partlen = ulPartLen;
586
587 if (sign_op) {
588 hmac_ctx = (soft_hmac_ctx_t *)session_p->sign.context;
589 mechanism = session_p->sign.mech.mechanism;
590 } else {
591 hmac_ctx = (soft_hmac_ctx_t *)session_p->verify.context;
592 mechanism = session_p->verify.mech.mechanism;
593 }
594
595 switch (mechanism) {
596
597 case CKM_SSL3_MD5_MAC:
598 case CKM_MD5_HMAC_GENERAL:
599 case CKM_MD5_HMAC:
600
601 SOFT_MAC_UPDATE(MD5, &(hmac_ctx->hc_ctx_u.md5_ctx), pPart,
602 partlen);
603 break;
604
605 case CKM_SSL3_SHA1_MAC:
606 case CKM_SHA_1_HMAC_GENERAL:
607 case CKM_SHA_1_HMAC:
608
609 SOFT_MAC_UPDATE(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx), pPart,
610 partlen);
611
612 break;
613
614 case CKM_SHA256_HMAC_GENERAL:
615 case CKM_SHA256_HMAC:
616 case CKM_SHA384_HMAC_GENERAL:
617 case CKM_SHA384_HMAC:
618 case CKM_SHA512_HMAC_GENERAL:
619 case CKM_SHA512_HMAC:
620
621 SOFT_MAC_UPDATE(SHA2, &(hmac_ctx->hc_ctx_u.sha2_ctx), pPart,
622 partlen);
623 break;
624
625 }
626 return (CKR_OK);
627 }
628
629 /*
630 * The following 2 functions expect the MAC key to be alreay copied in
631 * the ipad and opad
632 */
633 void
634 md5_hmac_ctx_init(md5_hc_ctx_t *md5_hmac_ctx, uint32_t *ipad, uint32_t *opad)
635 {
636 int i;
637 /* XOR key with ipad (0x36) and opad (0x5c) */
638 for (i = 0; i < MD5_HMAC_INTS_PER_BLOCK; i++) {
639 ipad[i] ^= 0x36363636;
640 opad[i] ^= 0x5c5c5c5c;
641 }
642 SOFT_MAC_INIT_CTX(MD5, md5_hmac_ctx, ipad, opad, MD5_HMAC_BLOCK_SIZE);
643 }
644
645 void
646 sha1_hmac_ctx_init(sha1_hc_ctx_t *sha1_hmac_ctx, uint32_t *ipad, uint32_t *opad)
647 {
648 int i;
649 /* XOR key with ipad (0x36) and opad (0x5c) */
650 for (i = 0; i < SHA1_HMAC_INTS_PER_BLOCK; i++) {
651 ipad[i] ^= 0x36363636;
652 opad[i] ^= 0x5c5c5c5c;
653 }
654 SOFT_MAC_INIT_CTX(SHA1, sha1_hmac_ctx, (const uchar_t *)ipad,
655 (const uchar_t *)opad, SHA1_HMAC_BLOCK_SIZE);
656 }
657
658
659 void
660 sha2_hmac_ctx_init(uint_t mech, sha2_hc_ctx_t *ctx, uint64_t *ipad,
661 uint64_t *opad, uint_t blocks_per_int64, uint_t block_size)
662 {
663 int i;
664
665 /* XOR key with ipad (0x36) and opad (0x5c) */
666 for (i = 0; i < blocks_per_int64; i ++) {
667 ipad[i] ^= 0x3636363636363636ULL;
668 opad[i] ^= 0x5c5c5c5c5c5c5c5cULL;
669 }
670
671 /* perform SHA2 on ipad */
672 SHA2Init(mech, &ctx->hc_icontext);
673 SHA2Update(&ctx->hc_icontext, (uint8_t *)ipad, block_size);
674
675 /* perform SHA2 on opad */
676 SHA2Init(mech, &ctx->hc_ocontext);
677 SHA2Update(&ctx->hc_ocontext, (uint8_t *)opad, block_size);
678
679 }
unleashed repo fork