/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <security/cryptoki.h>
#include <arcfour.h>
#include "softSession.h"
#include "softObject.h"
#include "softOps.h"
#include "softCrypt.h"
#include "softRSA.h"
/*
* Add padding bytes with the value of length of padding.
*/
void
{
}
/*
* Perform encrypt init operation internally for the support of
* CKM_DES_MAC and CKM_DES_MAC_GENERAL
*
* This function is called with the session being held, and without
* its mutex taken.
*/
{
/* Check to see if encrypt operation is already active */
return (CKR_OPERATION_ACTIVE);
}
}
return (rv);
}
/*
* soft_encrypt_init()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pMechanism: pointer to CK_MECHANISM struct provided by application
* key_p: pointer to key soft_object_t struct
*
* Description:
* called by C_EncryptInit(). This function calls the corresponding
* encrypt init routine based on the mechanism.
*
* Returns:
* CKR_OK: success
* CKR_HOST_MEMORY: run out of system memory
* CKR_MECHANISM_PARAM_INVALID: invalid parameters in mechanism
* CKR_MECHANISM_INVALID: invalid mechanism type
* CKR_KEY_TYPE_INCONSISTENT: incorrect type of key to use
* with the specified mechanism
*/
{
switch (pMechanism->mechanism) {
case CKM_DES_ECB:
return (CKR_KEY_TYPE_INCONSISTENT);
}
goto ecb_common;
case CKM_DES3_ECB:
return (CKR_KEY_TYPE_INCONSISTENT);
}
case CKM_DES_CBC:
case CKM_DES_CBC_PAD:
return (CKR_KEY_TYPE_INCONSISTENT);
}
goto cbc_common;
case CKM_DES3_CBC:
case CKM_DES3_CBC_PAD:
{
return (CKR_KEY_TYPE_INCONSISTENT);
}
return (CKR_MECHANISM_PARAM_INVALID);
}
return (rv);
/* Copy Initialization Vector (IV) into the context. */
/* Allocate a context for DES cipher-block chaining. */
}
return (rv);
}
case CKM_AES_ECB:
return (CKR_KEY_TYPE_INCONSISTENT);
}
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
{
return (CKR_KEY_TYPE_INCONSISTENT);
}
return (CKR_MECHANISM_PARAM_INVALID);
}
return (rv);
/* Copy Initialization Vector (IV) into the context. */
/* Allocate a context for AES cipher-block chaining. */
soft_aes_ctx->ivec);
}
return (rv);
}
case CKM_AES_CTR:
{
return (CKR_KEY_TYPE_INCONSISTENT);
}
return (CKR_MECHANISM_PARAM_INVALID);
}
return (rv);
}
return (rv);
}
case CKM_RC4:
return (CKR_KEY_TYPE_INCONSISTENT);
}
B_TRUE));
case CKM_RSA_X_509:
case CKM_RSA_PKCS:
return (CKR_KEY_TYPE_INCONSISTENT);
}
case CKM_BLOWFISH_CBC:
{
return (CKR_KEY_TYPE_INCONSISTENT);
return (CKR_MECHANISM_PARAM_INVALID);
return (rv);
/* Copy Initialization Vector (IV) into the context. */
/* Allocate a context for Blowfish cipher-block chaining */
}
return (rv);
}
default:
return (CKR_MECHANISM_INVALID);
}
}
/*
* soft_encrypt_common()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pData: pointer to the input data to be encrypted
* ulDataLen: length of the input data
* pEncrypted: pointer to the output data after encryption
* pulEncryptedLen: pointer to the length of the output data
* update: boolean flag indicates caller is soft_encrypt
* or soft_encrypt_update
*
* Description:
* This function calls the corresponding encrypt routine based
* on the mechanism.
*
* Returns:
* see corresponding encrypt routine.
*/
{
switch (mechanism) {
case CKM_DES_ECB:
case CKM_DES_CBC:
case CKM_DES3_ECB:
case CKM_DES3_CBC:
if (ulDataLen == 0) {
*pulEncryptedLen = 0;
return (CKR_OK);
}
/* FALLTHROUGH */
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_AES_ECB:
case CKM_AES_CBC:
case CKM_AES_CTR:
if (ulDataLen == 0) {
*pulEncryptedLen = 0;
return (CKR_OK);
}
/* FALLTHROUGH */
case CKM_AES_CBC_PAD:
case CKM_BLOWFISH_CBC:
if (ulDataLen == 0) {
*pulEncryptedLen = 0;
return (CKR_OK);
}
case CKM_RC4:
if (ulDataLen == 0) {
*pulEncryptedLen = 0;
return (CKR_OK);
}
case CKM_RSA_X_509:
case CKM_RSA_PKCS:
default:
return (CKR_MECHANISM_INVALID);
}
}
/*
* soft_encrypt()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pData: pointer to the input data to be encrypted
* ulDataLen: length of the input data
* pEncryptedData: pointer to the output data after encryption
* pulEncryptedDataLen: pointer to the length of the output data
*
* Description:
* called by C_Encrypt(). This function calls the soft_encrypt_common
* routine.
*
* Returns:
* see soft_encrypt_common().
*/
{
}
/*
* soft_encrypt_update()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pPart: pointer to the input data to be digested
* ulPartLen: length of the input data
* pEncryptedPart: pointer to the ciphertext
* pulEncryptedPartLen: pointer to the length of the ciphertext
*
* Description:
* called by C_EncryptUpdate(). This function calls the
* soft_encrypt_common routine (with update flag on).
*
* Returns:
* see soft_encrypt_common().
*/
{
switch (mechanism) {
case CKM_DES_ECB:
case CKM_DES_CBC:
case CKM_DES_CBC_PAD:
case CKM_DES3_ECB:
case CKM_DES3_CBC:
case CKM_DES3_CBC_PAD:
case CKM_AES_ECB:
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
case CKM_AES_CTR:
case CKM_BLOWFISH_CBC:
case CKM_RC4:
default:
/* PKCS11: The mechanism only supports single-part operation. */
return (CKR_MECHANISM_INVALID);
}
}
/*
* soft_encrypt_final()
*
* Arguments:
* session_p: pointer to soft_session_t struct
* pLastEncryptedPart: pointer to the last encrypted data part
* pulLastEncryptedPartLen: pointer to the length of the last
* encrypted data part
*
* Description:
* called by C_EncryptFinal().
*
* Returns:
* CKR_OK: success
* CKR_FUNCTION_FAILED: encrypt final function failed
* CKR_DATA_LEN_RANGE: remaining buffer contains bad length
*/
{
int rc;
*pulLastEncryptedPartLen = 0;
goto clean1;
}
switch (mechanism) {
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
{
/*
* For CKM_DES_CBC_PAD, compute output length with
* padding. If the remaining buffer has one block
* of data, then output length will be two blocksize of
* ciphertext. If the remaining buffer has less than
* one block of data, then output length will be
* one blocksize.
*/
else
if (pLastEncryptedPart == NULL) {
/*
* Application asks for the length of the output
* buffer to hold the ciphertext.
*/
goto clean1;
} else {
/* Copy remaining data to the output buffer. */
/*
* Add padding bytes prior to encrypt final.
*/
/* Encrypt multiple blocks of data. */
if (rc == 0) {
} else {
*pulLastEncryptedPartLen = 0;
}
/* Cleanup memory space. */
}
break;
}
case CKM_DES_CBC:
case CKM_DES_ECB:
case CKM_DES3_CBC:
case CKM_DES3_ECB:
{
/*
* CKM_DES_CBC and CKM_DES_ECB does not do any padding,
* so when the final is called, the remaining buffer
* should not contain any more data.
*/
*pulLastEncryptedPartLen = 0;
if (soft_des_ctx->remain_len != 0) {
} else {
if (pLastEncryptedPart == NULL)
goto clean1;
}
/* Cleanup memory space. */
break;
}
case CKM_AES_CBC_PAD:
{
/*
* For CKM_AES_CBC_PAD, compute output length with
* padding. If the remaining buffer has one block
* of data, then output length will be two blocksize of
* ciphertext. If the remaining buffer has less than
* one block of data, then output length will be
* one blocksize.
*/
else
if (pLastEncryptedPart == NULL) {
/*
* Application asks for the length of the output
* buffer to hold the ciphertext.
*/
goto clean1;
} else {
/* Copy remaining data to the output buffer. */
/*
* Add padding bytes prior to encrypt final.
*/
/* Encrypt multiple blocks of data. */
if (rc == 0) {
} else {
*pulLastEncryptedPartLen = 0;
}
/* Cleanup memory space. */
}
break;
}
case CKM_AES_CBC:
case CKM_AES_ECB:
{
/*
* CKM_AES_CBC and CKM_AES_ECB does not do any padding,
* so when the final is called, the remaining buffer
* should not contain any more data.
*/
*pulLastEncryptedPartLen = 0;
if (soft_aes_ctx->remain_len != 0) {
} else {
if (pLastEncryptedPart == NULL)
goto clean1;
}
/* Cleanup memory space. */
break;
}
case CKM_AES_CTR:
{
if (pLastEncryptedPart == NULL) {
goto clean1;
}
if (len > 0) {
}
if (rv == CRYPTO_BUFFER_TOO_SMALL) {
goto clean1;
}
/* Cleanup memory space. */
break;
}
case CKM_BLOWFISH_CBC:
{
/*
* CKM_BLOWFISH_CBC does not do any padding, so when the
* final is called, the remaining buffer should not contain
* any more data
*/
*pulLastEncryptedPartLen = 0;
if (soft_blowfish_ctx->remain_len != 0)
else {
if (pLastEncryptedPart == NULL)
goto clean1;
}
break;
}
case CKM_RC4:
{
/* Remaining data size is always zero for RC4. */
*pulLastEncryptedPartLen = 0;
if (pLastEncryptedPart == NULL)
goto clean1;
break;
}
default:
/* PKCS11: The mechanism only supports single-part operation. */
break;
}
return (rv);
}
/*
* This function frees the allocated active crypto context and the
* lower level of allocated struct as needed.
* or by the 2nd tier of session close routine. Since the 1st tier
* caller will always call this function without locking the session
* mutex and the 2nd tier caller will call with the lock, we add the
* third parameter "lock_held" to distinguish this case.
*/
void
{
if (!lock_held)
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_DES_CBC:
case CKM_DES_ECB:
case CKM_DES3_CBC:
case CKM_DES3_ECB:
{
if (soft_des_ctx != NULL) {
}
}
break;
}
case CKM_AES_CBC_PAD:
case CKM_AES_CBC:
case CKM_AES_ECB:
{
if (soft_aes_ctx != NULL) {
}
}
break;
}
case CKM_BLOWFISH_CBC:
{
if (soft_blowfish_ctx != NULL) {
if (blowfish_ctx != NULL) {
}
}
break;
}
case CKM_RC4:
{
break;
}
case CKM_RSA_X_509:
case CKM_RSA_PKCS:
{
}
break;
}
} /* switch */
}
if (!lock_held)
}