f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CDDL HEADER START
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The contents of this file are subject to the terms of the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Common Development and Distribution License (the "License").
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * You may not use this file except in compliance with the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * See the License for the specific language governing permissions
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * and limitations under the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * When distributing Covered Code, include this CDDL HEADER in each
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * If applicable, add the following below this CDDL HEADER, with the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * fields enclosed by brackets "[]" replaced with your own identifying
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * information: Portions Copyright [yyyy] [name of copyright owner]
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CDDL HEADER END
7b79d84636ec82b45f00c982cf6810db81852d17Dina K Nimeh * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Use is subject to license terms.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_free_ecparams(ECParams *params, boolean_t freeit)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers SECITEM_FreeItem(¶ms->fieldID.u.prime, B_FALSE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Don't free publicValue or privateValue
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * as these values are copied into objects.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Called from init routines to do basic sanity checks. Init routines,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * e.g. sign_init should fail rather than subsequent operations.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (len < CRYPTO_BITS2BYTES(EC_MIN_KEY_LEN) * 2 + 1 ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This function places the octet string of the specified attribute
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * into the corresponding key object.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_genECkey_set_attribute(soft_object_t *key, biginteger_t *bi,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ec_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ECPrivateKey *privKey; /* contains both public and private values */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_get_public_key_attribute(pubkey, &template);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* private key also has CKA_EC_PARAMS attribute */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = set_extra_attr_to_object(prikey, CKA_EC_PARAMS, &template);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* ASN1 check */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* bad curve OID */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (EC_NewKey(ecparams, &privKey, 0) != SECSuccess) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers soft_genECkey_set_attribute(prikey, &bi, CKA_VALUE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers soft_genECkey_set_attribute(pubkey, &bi, CKA_EC_POINT);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ec_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers CK_ECDH1_DERIVE_PARAMS *ecdh1_derive_params = mech_params;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers SECItem public_value_item, private_value_item, secret_item;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (mech_params_len != sizeof (CK_ECDH1_DERIVE_PARAMS) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_get_private_key_attribute(basekey, &template);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_get_private_key_attribute(basekey, &template);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* LINTED */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else /* !__sparcv9 */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif /* __sparcv9 */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* ASN1 check */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* bad curve OID */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers public_value_item.data = ecdh1_derive_params->pPublicData;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers public_value_item.len = ecdh1_derive_params->ulPublicDataLen;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (ECDH_Derive(&public_value_item, ecparams, &private_value_item,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bcopy(secret_item.data + secret_item.len - keylen, buf, keylen);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Allocate a ECC context for the active sign or verify operation.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This function is called without the session lock held.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ecc_sign_verify_init_common(soft_session_t *session_p,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_digest_init_internal(session_p, &digest_mech);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Make a copy of the signature or verification key, and save it
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * in the ECC crypto context since it will be used later for
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * signing/verification. We don't want to hold any object reference
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * on this original key while doing signing/verification.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_copy_object(key_p, &tmp_key, SOFT_COPY_OBJ_ORIG_SH, NULL);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* Most likely we ran out of space. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_get_private_key_attribute(key_p, &template);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* ASN1 check */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* bad curve OID */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers session_p->sign.mech.mechanism = pMechanism->mechanism;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers session_p->verify.mech.mechanism = pMechanism->mechanism;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_unlock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ecc_digest_sign_common(soft_session_t *session_p, CK_BYTE_PTR pData,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_digest_final(session_p, hash, &hash_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_digest(session_p, pData, ulDataLen, hash,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_unlock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_ecc_sign(session_p, hash, hash_len, pSigned, pulSignedLen);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* soft_digest_common() has freed the digest context */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_unlock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ecc_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((key->class != CKO_PRIVATE_KEY) || (key->key_type != CKK_EC)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* structure assignment */
c64d15a587b6038b85a928885fc997da7315fbfemcpowers rv = soft_get_private_value(key, CKA_VALUE, value, &value_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((ss = ECDSA_SignDigest(&ECkey, &signature_item, &digest_item, 0))
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_unlock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ecc_verify(soft_session_t *session_p, CK_BYTE_PTR pData,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers soft_ecc_ctx_t *ecc_ctx = session_p->verify.context;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((key->class != CKO_PUBLIC_KEY) ||(key->key_type != CKK_EC)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* structure assignment */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_get_public_key_attribute(key, &template);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (ECDSA_VerifyDigest(&ECkey, &signature_item, &digest_item, 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_unlock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerssoft_ecc_digest_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_digest_final(session_p, hash, &hash_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rv = soft_digest(session_p, pData, ulDataLen, hash, &hash_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_unlock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Now, we are ready to verify the data using signature.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * soft_ecc_verify() will free the verification key.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) pthread_mutex_lock(&session_p->session_mutex);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* soft_digest_common() has freed the digest context */