|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2001-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// File: decr_mgr.c
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Decryption manager routines
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <pthread.h>
|
|
Packit |
8681c6 |
#include <string.h> // for memcmp() et al
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "defs.h"
|
|
Packit |
8681c6 |
#include "host_defs.h"
|
|
Packit |
8681c6 |
#include "h_extern.h"
|
|
Packit |
8681c6 |
#include "tok_spec_struct.h"
|
|
Packit |
8681c6 |
#include "trace.h"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
CK_RV decr_mgr_init(STDLL_TokData_t *tokdata,
|
|
Packit |
8681c6 |
SESSION *sess,
|
|
Packit |
8681c6 |
ENCR_DECR_CONTEXT *ctx,
|
|
Packit |
8681c6 |
CK_ULONG operation,
|
|
Packit |
8681c6 |
CK_MECHANISM *mech, CK_OBJECT_HANDLE key_handle)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
OBJECT *key_obj = NULL;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE *attr = NULL;
|
|
Packit |
8681c6 |
CK_BYTE *ptr = NULL;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keytype;
|
|
Packit |
8681c6 |
CK_BBOOL flag;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Invalid function arguments.\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->active != FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
|
|
Packit |
8681c6 |
return CKR_OPERATION_ACTIVE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// key usage restrictions
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
if (operation == OP_DECRYPT_INIT) {
|
|
Packit |
8681c6 |
rc = object_mgr_find_in_map1(tokdata, key_handle, &key_obj, READ_LOCK);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Failed to acquire key from specified handle.\n");
|
|
Packit |
8681c6 |
if (rc == CKR_OBJECT_HANDLE_INVALID)
|
|
Packit |
8681c6 |
return CKR_KEY_HANDLE_INVALID;
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is key allowed to do general decryption?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_DECRYPT, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_ENCRYPT for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_KEY_FUNCTION_NOT_PERMITTED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
flag = *(CK_BBOOL *) attr->pValue;
|
|
Packit |
8681c6 |
if (flag != TRUE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_FUNCTION_NOT_PERMITTED));
|
|
Packit |
8681c6 |
rc = CKR_KEY_FUNCTION_NOT_PERMITTED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else if (operation == OP_UNWRAP) {
|
|
Packit |
8681c6 |
rc = object_mgr_find_in_map1(tokdata, key_handle, &key_obj, READ_LOCK);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Failed to acquire key from specified handle.\n");
|
|
Packit |
8681c6 |
if (rc == CKR_OBJECT_HANDLE_INVALID)
|
|
Packit |
8681c6 |
rc = CKR_WRAPPING_KEY_HANDLE_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is key allowed to unwrap other keys?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_UNWRAP, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_UNWRAP for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_KEY_FUNCTION_NOT_PERMITTED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
flag = *(CK_BBOOL *) attr->pValue;
|
|
Packit |
8681c6 |
if (flag == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("CKA_UNWRAP is set to FALSE.\n");
|
|
Packit |
8681c6 |
rc = CKR_KEY_FUNCTION_NOT_PERMITTED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the mechanism supported? is the key type correct? is a
|
|
Packit |
8681c6 |
// parameter present if required? is the key size allowed?
|
|
Packit |
8681c6 |
// does the key support decryption?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Will the FCV allow the operation?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
switch (mech->mechanism) {
|
|
Packit |
8681c6 |
case CKM_DES_ECB:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_DES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// Check FCV
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// if ((nv_FCV.FunctionCntlBytes[DES_FUNCTION_BYTE]
|
|
Packit |
8681c6 |
// & FCV_56_BIT_DES) == 0)
|
|
Packit |
8681c6 |
// rc = CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
// goto done;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_CDMF_ECB:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_CDMF) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// Check FCV
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// if ((nv_FCV.FunctionCntlBytes[DES_FUNCTION_BYTE]
|
|
Packit |
8681c6 |
// & FCV_CDMF_DES) == 0)
|
|
Packit |
8681c6 |
// rc = CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
// goto done;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_DES_CBC:
|
|
Packit |
8681c6 |
case CKM_DES_CBC_PAD:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != DES_BLOCK_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_DES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// Check FCV
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// if ((nv_FCV.FunctionCntlBytes[DES_FUNCTION_BYTE]
|
|
Packit |
8681c6 |
// & FCV_56_BIT_DES) == 0)
|
|
Packit |
8681c6 |
// rc = CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
// goto done;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC:
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC_PAD:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != DES_BLOCK_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_CDMF) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_DES_CFB8:
|
|
Packit |
8681c6 |
case CKM_DES_CFB64:
|
|
Packit |
8681c6 |
case CKM_DES_OFB64:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != DES_BLOCK_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if ((keytype != CKK_DES3)) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_DES3_ECB:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_DES3 && keytype != CKK_DES2) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// Check FCV
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// if ((nv_FCV.FunctionCntlBytes[DES_FUNCTION_BYTE]
|
|
Packit |
8681c6 |
// & FCV_TRIPLE_DES) == 0)
|
|
Packit |
8681c6 |
// rc = CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
// goto done;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_DES3_CBC:
|
|
Packit |
8681c6 |
case CKM_DES3_CBC_PAD:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != DES_BLOCK_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_DES3 && keytype != CKK_DES2) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// Check FCV
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// if ((nv_FCV.FunctionCntlBytes[DES_FUNCTION_BYTE]
|
|
Packit |
8681c6 |
// & FCV_TRIPLE_DES) == 0)
|
|
Packit |
8681c6 |
// rc = CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
// goto done;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(DES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(DES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_RSA_PKCS_OAEP:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen == 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_RSA) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// RSA cannot be used for multi-part operations
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
ctx->context_len = 0;
|
|
Packit |
8681c6 |
ctx->context = NULL;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_RSA_X_509:
|
|
Packit |
8681c6 |
case CKM_RSA_PKCS:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_RSA) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// RSA cannot be used for multi-part operations
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
ctx->context_len = 0;
|
|
Packit |
8681c6 |
ctx->context = NULL;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_AES_ECB:
|
|
Packit |
8681c6 |
// XXX Copied from DES3, should be verified - KEY
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_AES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(AES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_AES_CBC:
|
|
Packit |
8681c6 |
case CKM_AES_CBC_PAD:
|
|
Packit |
8681c6 |
// XXX Copied from DES3, should be verified - KEY
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != AES_INIT_VECTOR_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_AES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(AES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_AES_CTR:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != sizeof(CK_AES_CTR_PARAMS)) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
// is the key type correct?
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_AES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(AES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_AES_GCM:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != sizeof(CK_GCM_PARAMS)) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_AES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(AES_GCM_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(AES_GCM_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(AES_GCM_CONTEXT));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = aes_gcm_init(tokdata, sess, ctx, mech, key_handle, 0);
|
|
Packit |
8681c6 |
if (rc) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not initialize AES_GCM parms.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_AES_OFB:
|
|
Packit |
8681c6 |
case CKM_AES_CFB8:
|
|
Packit |
8681c6 |
case CKM_AES_CFB64:
|
|
Packit |
8681c6 |
case CKM_AES_CFB128:
|
|
Packit |
8681c6 |
if (mech->ulParameterLen != AES_INIT_VECTOR_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
keytype = *(CK_KEY_TYPE *) attr->pValue;
|
|
Packit |
8681c6 |
if (keytype != CKK_AES) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
rc = CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(AES_CONTEXT);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
if (!ctx->context) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(ctx->context, 0x0, sizeof(AES_CONTEXT));
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
if (mech->ulParameterLen > 0 && mech->pParameter != NULL) {
|
|
Packit |
8681c6 |
ptr = (CK_BYTE *) malloc(mech->ulParameterLen);
|
|
Packit |
8681c6 |
if (!ptr) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
rc = CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memcpy(ptr, mech->pParameter, mech->ulParameterLen);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ctx->key = key_handle;
|
|
Packit |
8681c6 |
ctx->mech.ulParameterLen = mech->ulParameterLen;
|
|
Packit |
8681c6 |
ctx->mech.mechanism = mech->mechanism;
|
|
Packit |
8681c6 |
ctx->mech.pParameter = ptr;
|
|
Packit |
8681c6 |
ctx->multi_init = FALSE;
|
|
Packit |
8681c6 |
ctx->multi = FALSE;
|
|
Packit |
8681c6 |
ctx->active = TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
object_put(tokdata, key_obj, TRUE);
|
|
Packit |
8681c6 |
key_obj = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
CK_RV decr_mgr_cleanup(ENCR_DECR_CONTEXT *ctx)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (!ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Invalid function argument.\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
ctx->key = 0;
|
|
Packit |
8681c6 |
ctx->mech.ulParameterLen = 0;
|
|
Packit |
8681c6 |
ctx->mech.mechanism = 0;
|
|
Packit |
8681c6 |
ctx->multi_init = FALSE;
|
|
Packit |
8681c6 |
ctx->multi = FALSE;
|
|
Packit |
8681c6 |
ctx->active = FALSE;
|
|
Packit |
8681c6 |
ctx->init_pending = FALSE;
|
|
Packit |
8681c6 |
ctx->context_len = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ctx->mech.pParameter) {
|
|
Packit |
8681c6 |
free(ctx->mech.pParameter);
|
|
Packit |
8681c6 |
ctx->mech.pParameter = NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ctx->context) {
|
|
Packit |
8681c6 |
free(ctx->context);
|
|
Packit |
8681c6 |
ctx->context = NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
CK_RV decr_mgr_decrypt(STDLL_TokData_t *tokdata,
|
|
Packit |
8681c6 |
SESSION *sess,
|
|
Packit |
8681c6 |
CK_BBOOL length_only,
|
|
Packit |
8681c6 |
ENCR_DECR_CONTEXT *ctx,
|
|
Packit |
8681c6 |
CK_BYTE *in_data,
|
|
Packit |
8681c6 |
CK_ULONG in_data_len,
|
|
Packit |
8681c6 |
CK_BYTE *out_data, CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_KEY_TYPE keytype;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Invalid function arguments.\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->active == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
|
|
Packit |
8681c6 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->multi_init == FALSE) {
|
|
Packit |
8681c6 |
ctx->multi = FALSE;
|
|
Packit |
8681c6 |
ctx->multi_init = TRUE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// if the caller just wants the decrypted length, there is no reason to
|
|
Packit |
8681c6 |
// specify the input data. I just need the data length
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
if ((length_only == FALSE) && (!in_data || !out_data)) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->multi == TRUE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
|
|
Packit |
8681c6 |
return CKR_OPERATION_ACTIVE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
switch (ctx->mech.mechanism) {
|
|
Packit |
8681c6 |
case CKM_CDMF_ECB:
|
|
Packit |
8681c6 |
case CKM_DES_ECB:
|
|
Packit |
8681c6 |
return des_ecb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC:
|
|
Packit |
8681c6 |
case CKM_DES_CBC:
|
|
Packit |
8681c6 |
return des_cbc_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES_CBC_PAD:
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC_PAD:
|
|
Packit |
8681c6 |
return des_cbc_pad_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES_OFB64:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_ofb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES_CFB8:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_cfb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x01);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES_CFB64:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_cfb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x08);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES3_ECB:
|
|
Packit |
8681c6 |
return des3_ecb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES3_CBC:
|
|
Packit |
8681c6 |
return des3_cbc_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES3_CBC_PAD:
|
|
Packit |
8681c6 |
return des3_cbc_pad_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_RSA_PKCS:
|
|
Packit |
8681c6 |
return rsa_pkcs_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_RSA_PKCS_OAEP:
|
|
Packit |
8681c6 |
return rsa_oaep_crypt(tokdata, sess, length_only, ctx, in_data,
|
|
Packit |
8681c6 |
in_data_len, out_data, out_data_len, DECRYPT);
|
|
Packit |
8681c6 |
case CKM_RSA_X_509:
|
|
Packit |
8681c6 |
return rsa_x509_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
#ifndef NOAES
|
|
Packit |
8681c6 |
case CKM_AES_CBC:
|
|
Packit |
8681c6 |
return aes_cbc_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_ECB:
|
|
Packit |
8681c6 |
return aes_ecb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CBC_PAD:
|
|
Packit |
8681c6 |
return aes_cbc_pad_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CTR:
|
|
Packit |
8681c6 |
return aes_ctr_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_GCM:
|
|
Packit |
8681c6 |
return aes_gcm_decrypt(tokdata, sess, length_only, ctx, in_data,
|
|
Packit |
8681c6 |
in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_OFB:
|
|
Packit |
8681c6 |
return aes_ofb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CFB8:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x01);
|
|
Packit |
8681c6 |
case CKM_AES_CFB64:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x08);
|
|
Packit |
8681c6 |
case CKM_AES_CFB128:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x10);
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
CK_RV decr_mgr_decrypt_update(STDLL_TokData_t *tokdata,
|
|
Packit |
8681c6 |
SESSION *sess,
|
|
Packit |
8681c6 |
CK_BBOOL length_only,
|
|
Packit |
8681c6 |
ENCR_DECR_CONTEXT *ctx,
|
|
Packit |
8681c6 |
CK_BYTE *in_data,
|
|
Packit |
8681c6 |
CK_ULONG in_data_len,
|
|
Packit |
8681c6 |
CK_BYTE *out_data, CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_KEY_TYPE keytype;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Invalid function arguments.\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!out_data && !length_only) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ctx->active == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
|
|
Packit |
8681c6 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->multi_init == FALSE) {
|
|
Packit |
8681c6 |
ctx->multi = TRUE;
|
|
Packit |
8681c6 |
ctx->multi_init = TRUE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->multi == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
|
|
Packit |
8681c6 |
return CKR_OPERATION_ACTIVE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
switch (ctx->mech.mechanism) {
|
|
Packit |
8681c6 |
case CKM_CDMF_ECB:
|
|
Packit |
8681c6 |
case CKM_DES_ECB:
|
|
Packit |
8681c6 |
return des_ecb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC:
|
|
Packit |
8681c6 |
case CKM_DES_CBC:
|
|
Packit |
8681c6 |
return des_cbc_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES_CBC_PAD:
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC_PAD:
|
|
Packit |
8681c6 |
return des_cbc_pad_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES_OFB64:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_ofb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES_CFB8:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_cfb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x01);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES_CFB64:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_cfb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x08);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES3_ECB:
|
|
Packit |
8681c6 |
return des3_ecb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES3_CBC:
|
|
Packit |
8681c6 |
return des3_cbc_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES3_CBC_PAD:
|
|
Packit |
8681c6 |
return des3_cbc_pad_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
#ifndef NOAES
|
|
Packit |
8681c6 |
case CKM_AES_ECB:
|
|
Packit |
8681c6 |
return aes_ecb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CBC:
|
|
Packit |
8681c6 |
return aes_cbc_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CBC_PAD:
|
|
Packit |
8681c6 |
return aes_cbc_pad_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CTR:
|
|
Packit |
8681c6 |
return aes_ctr_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_GCM:
|
|
Packit |
8681c6 |
return aes_gcm_decrypt_update(tokdata, sess, length_only, ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len, out_data,
|
|
Packit |
8681c6 |
out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_OFB:
|
|
Packit |
8681c6 |
return aes_ofb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CFB8:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x01);
|
|
Packit |
8681c6 |
case CKM_AES_CFB64:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x08);
|
|
Packit |
8681c6 |
case CKM_AES_CFB128:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt_update(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx,
|
|
Packit |
8681c6 |
in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len, 0x10);
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
CK_RV decr_mgr_decrypt_final(STDLL_TokData_t *tokdata,
|
|
Packit |
8681c6 |
SESSION *sess,
|
|
Packit |
8681c6 |
CK_BBOOL length_only,
|
|
Packit |
8681c6 |
ENCR_DECR_CONTEXT *ctx,
|
|
Packit |
8681c6 |
CK_BYTE *out_data, CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_KEY_TYPE keytype;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Invalid function arguments.\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->active == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
|
|
Packit |
8681c6 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->multi_init == FALSE) {
|
|
Packit |
8681c6 |
ctx->multi = TRUE;
|
|
Packit |
8681c6 |
ctx->multi_init = TRUE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (ctx->multi == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
|
|
Packit |
8681c6 |
return CKR_OPERATION_ACTIVE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
switch (ctx->mech.mechanism) {
|
|
Packit |
8681c6 |
case CKM_CDMF_ECB:
|
|
Packit |
8681c6 |
case CKM_DES_ECB:
|
|
Packit |
8681c6 |
return des_ecb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC:
|
|
Packit |
8681c6 |
case CKM_DES_CBC:
|
|
Packit |
8681c6 |
return des_cbc_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES_CBC_PAD:
|
|
Packit |
8681c6 |
case CKM_CDMF_CBC_PAD:
|
|
Packit |
8681c6 |
return des_cbc_pad_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES_OFB64:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_ofb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES_CFB8:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_cfb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len, 0x01);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES_CFB64:
|
|
Packit |
8681c6 |
get_keytype(tokdata, ctx->key, &keytype);
|
|
Packit |
8681c6 |
if (keytype == CKK_DES3) {
|
|
Packit |
8681c6 |
return des3_cfb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len, 0x08);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));
|
|
Packit |
8681c6 |
return CKR_KEY_TYPE_INCONSISTENT;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
case CKM_DES3_ECB:
|
|
Packit |
8681c6 |
return des3_ecb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES3_CBC:
|
|
Packit |
8681c6 |
return des3_cbc_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_DES3_CBC_PAD:
|
|
Packit |
8681c6 |
return des3_cbc_pad_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
#ifndef NOAES
|
|
Packit |
8681c6 |
case CKM_AES_ECB:
|
|
Packit |
8681c6 |
return aes_ecb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CBC:
|
|
Packit |
8681c6 |
return aes_cbc_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CBC_PAD:
|
|
Packit |
8681c6 |
return aes_cbc_pad_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_OFB:
|
|
Packit |
8681c6 |
return aes_ofb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_CFB8:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len, 0x01);
|
|
Packit |
8681c6 |
case CKM_AES_CFB64:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len, 0x08);
|
|
Packit |
8681c6 |
case CKM_AES_CFB128:
|
|
Packit |
8681c6 |
return aes_cfb_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len, 0x10);
|
|
Packit |
8681c6 |
case CKM_AES_CTR:
|
|
Packit |
8681c6 |
return aes_ctr_decrypt_final(tokdata, sess, length_only,
|
|
Packit |
8681c6 |
ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
case CKM_AES_GCM:
|
|
Packit |
8681c6 |
return aes_gcm_decrypt_final(tokdata, sess, length_only, ctx,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|