/*

 * COPYRIGHT (c) International Business Machines Corp. 2001-2017

 *

 * This program is provided under the terms of the Common Public License,

 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this

 * software constitutes recipient's acceptance of CPL-1.0 terms which can be

 * found in the file LICENSE file or at

 * https://opensource.org/licenses/cpl1.0.php

 */

/* File:  mech_ec.c

 *

 * Mechanisms for Elliptic Curve (EC)

 */

#define _GNU_SOURCE

#include <endian.h>

#include <stdio.h>

#include <stdlib.h>

#include <stdint.h>

#include <string.h>

#include "pkcs11types.h"

#include "defs.h"

#include "host_defs.h"

#include "h_extern.h"

#include "tok_spec_struct.h"

#include "trace.h"

#include "tok_specific.h"

#include "ec_defs.h"

#include "openssl/obj_mac.h"

#include <openssl/ec.h>

#if OPENSSL_VERSION_NUMBER < 0x10100000L

/*

 * Older OpenSLL versions do not have BN_bn2binpad, so implement it here

 */

static int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)

{

    int len, pad;

    unsigned char *buf;

    len = BN_num_bytes(a);

    buf = (unsigned char *)malloc(len);

    if (buf == NULL)

        return -1;

    BN_bn2bin(a, buf);

    if (len >= tolen) {

        memcpy(to, buf, tolen);

    } else {

        pad = tolen - len;

        memset(to, 0, pad);

        memcpy(to + pad, buf, len);

    }

    free(buf);

    return tolen;

}

#endif

#ifndef NID_brainpoolP160r1

/*

 * Older OpenSLL versions may not have the brainpool NIDs defined, define them

 * here

 */

#define NID_brainpoolP160r1             921

#define NID_brainpoolP160t1             922

#define NID_brainpoolP192r1             923

#define NID_brainpoolP192t1             924

#define NID_brainpoolP224r1             925

#define NID_brainpoolP224t1             926

#define NID_brainpoolP256r1             927

#define NID_brainpoolP256t1             928

#define NID_brainpoolP320r1             929

#define NID_brainpoolP320t1             930

#define NID_brainpoolP384r1             931

#define NID_brainpoolP384t1             932

#define NID_brainpoolP512r1             933

#define NID_brainpoolP512t1             934

#endif

#ifndef NID_X25519

#define NID_X25519                      1034

#define NID_X448                        1035

#endif

#ifndef NID_ED25519

#define NID_ED25519                     1087

#define NID_ED448                       1088

#endif

const CK_BYTE brainpoolP160r1[] = OCK_BRAINPOOL_P160R1;

const CK_BYTE brainpoolP160t1[] = OCK_BRAINPOOL_P160T1;

const CK_BYTE brainpoolP192r1[] = OCK_BRAINPOOL_P192R1;

const CK_BYTE brainpoolP192t1[] = OCK_BRAINPOOL_P192T1;

const CK_BYTE brainpoolP224r1[] = OCK_BRAINPOOL_P224R1;

const CK_BYTE brainpoolP224t1[] = OCK_BRAINPOOL_P224T1;

const CK_BYTE brainpoolP256r1[] = OCK_BRAINPOOL_P256R1;

const CK_BYTE brainpoolP256t1[] = OCK_BRAINPOOL_P256T1;

const CK_BYTE brainpoolP320r1[] = OCK_BRAINPOOL_P320R1;

const CK_BYTE brainpoolP320t1[] = OCK_BRAINPOOL_P320T1;

const CK_BYTE brainpoolP384r1[] = OCK_BRAINPOOL_P384R1;

const CK_BYTE brainpoolP384t1[] = OCK_BRAINPOOL_P384T1;

const CK_BYTE brainpoolP512r1[] = OCK_BRAINPOOL_P512R1;

const CK_BYTE brainpoolP512t1[] = OCK_BRAINPOOL_P512T1;

const CK_BYTE prime192v1[] = OCK_PRIME192V1;

const CK_BYTE secp224r1[] = OCK_SECP224R1;

const CK_BYTE prime256v1[] = OCK_PRIME256V1;

const CK_BYTE secp384r1[] = OCK_SECP384R1;

const CK_BYTE secp521r1[] = OCK_SECP521R1;

const CK_BYTE secp256k1[] = OCK_SECP256K1;

const CK_BYTE curve25519[] = OCK_CURVE25519;

const CK_BYTE curve448[] = OCK_CURVE448;

const CK_BYTE ed25519[] = OCK_ED25519;

const CK_BYTE ed448[] = OCK_ED448;

const struct _ec der_ec_supported[NUMEC] = {

    {BRAINPOOL_CURVE, CURVE160, NID_brainpoolP160r1,

            sizeof(brainpoolP160r1), &brainpoolP160r1},

    {BRAINPOOL_CURVE, CURVE160, NID_brainpoolP160t1,

            sizeof(brainpoolP160t1), &brainpoolP160t1},

    {BRAINPOOL_CURVE, CURVE192, NID_brainpoolP192r1,

            sizeof(brainpoolP192r1), &brainpoolP192r1},

    {BRAINPOOL_CURVE, CURVE192, NID_brainpoolP192t1,

            sizeof(brainpoolP192t1), &brainpoolP192t1},

    {BRAINPOOL_CURVE, CURVE224, NID_brainpoolP224r1,

            sizeof(brainpoolP224r1), &brainpoolP224r1},

    {BRAINPOOL_CURVE, CURVE224, NID_brainpoolP224t1,

            sizeof(brainpoolP224t1), &brainpoolP224t1},

    {BRAINPOOL_CURVE, CURVE256, NID_brainpoolP256r1,

            sizeof(brainpoolP256r1), &brainpoolP256r1},

    {BRAINPOOL_CURVE, CURVE256, NID_brainpoolP256t1,

            sizeof(brainpoolP256t1), &brainpoolP256t1},

    {BRAINPOOL_CURVE, CURVE320, NID_brainpoolP320r1,

            sizeof(brainpoolP320r1), &brainpoolP320r1},

    {BRAINPOOL_CURVE, CURVE320, NID_brainpoolP320t1,

            sizeof(brainpoolP320t1), &brainpoolP320t1},

    {BRAINPOOL_CURVE, CURVE384, NID_brainpoolP384r1,

            sizeof(brainpoolP384r1), &brainpoolP384r1},

    {BRAINPOOL_CURVE, CURVE384, NID_brainpoolP384t1,

            sizeof(brainpoolP384t1), &brainpoolP384t1},

    {BRAINPOOL_CURVE, CURVE512, NID_brainpoolP512r1,

            sizeof(brainpoolP512r1), &brainpoolP512r1},

    {BRAINPOOL_CURVE, CURVE512, NID_brainpoolP512t1,

            sizeof(brainpoolP512t1), &brainpoolP512t1},

    {PRIME_CURVE, CURVE192, NID_X9_62_prime192v1,

            sizeof(prime192v1), &prime192v1},

    {PRIME_CURVE, CURVE224, NID_secp224r1, sizeof(secp224r1), &secp224r1},

    {PRIME_CURVE, CURVE256, NID_X9_62_prime256v1,

            sizeof(prime256v1), &prime256v1},

    {PRIME_CURVE, CURVE384, NID_secp384r1, sizeof(secp384r1), &secp384r1},

    {PRIME_CURVE, CURVE521, NID_secp521r1, sizeof(secp521r1), &secp521r1},

    {PRIME_CURVE, CURVE256, NID_secp256k1, sizeof(secp256k1), &secp256k1},

    {MONTGOMERY_CURVE, CURVE256, NID_X25519, sizeof(curve25519), &curve25519},

    {MONTGOMERY_CURVE, CURVE456, NID_X448, sizeof(curve448), &curve448},

    {EDWARDS_CURVE, CURVE256, NID_ED25519, sizeof(ed25519), &ed25519},

    {EDWARDS_CURVE, CURVE456, NID_ED448, sizeof(ed448), &ed448},

};

CK_RV get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)

{

    CK_BBOOL flag;

    CK_ATTRIBUTE *attr = NULL;

    int i;

    flag = template_attribute_find(key_obj->template, CKA_ECDSA_PARAMS, &attr);

    if (flag == FALSE) {

        TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");

        return CKR_FUNCTION_FAILED;

    }

    /* loop thru supported curves to find the size.

     * both pkcs#11v2.20 and CCA expect the signature length to be

     * twice the length of p.

     * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)

     */

    for (i = 0; i < NUMEC; i++) {

        if (!memcmp(attr->pValue, der_ec_supported[i].data,

                    MIN(attr->ulValueLen, der_ec_supported[i].data_size))) {

            *size = der_ec_supported[i].len_bits;

            /* round up if necessary */

            if ((*size % 8) == 0)

                *size = (*size / 8) * 2;

            else

                *size = ((*size / 8) + 1) * 2;

            TRACE_DEVEL("getlen, curve = %d, size = %lu\n",

                        der_ec_supported[i].len_bits, *size);

            return CKR_OK;

        }

    }

    TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));

    return CKR_MECHANISM_PARAM_INVALID;

}

CK_RV ckm_ec_key_pair_gen(STDLL_TokData_t *tokdata, TEMPLATE *publ_tmpl,

                          TEMPLATE *priv_tmpl)

{

    CK_RV rc;

    if (token_specific.t_ec_generate_keypair == NULL) {

        TRACE_ERROR("ec_generate_keypair not supported by this token\n");

        return CKR_FUNCTION_NOT_SUPPORTED;

    }

    rc = token_specific.t_ec_generate_keypair(tokdata, publ_tmpl, priv_tmpl);

    if (rc != CKR_OK)

        TRACE_ERROR("Key Generation failed\n");

    return rc;

}

CK_RV ckm_ec_sign(STDLL_TokData_t *tokdata,

                  SESSION *sess,

                  CK_BYTE *in_data,

                  CK_ULONG in_data_len,

                  CK_BYTE *out_data, CK_ULONG *out_data_len, OBJECT *key_obj)

{

    CK_ATTRIBUTE *attr = NULL;

    CK_OBJECT_CLASS keyclass;

    CK_RV rc;

    if (token_specific.t_ec_sign == NULL) {

        TRACE_ERROR("ec_sign not supported by this token\n");

        return CKR_FUNCTION_NOT_SUPPORTED;

    }

    rc = template_attribute_find(key_obj->template, CKA_CLASS, &attr);

    if (rc == FALSE) {

        TRACE_ERROR("Could not find CKA_CLASS in the template\n");

        return CKR_FUNCTION_FAILED;

    }

    keyclass = *(CK_OBJECT_CLASS *) attr->pValue;

    // this had better be a private key

    //

    if (keyclass != CKO_PRIVATE_KEY) {

        TRACE_ERROR("This operation requires a private key.\n");

        return CKR_KEY_FUNCTION_NOT_PERMITTED;

    }

    rc = token_specific.t_ec_sign(tokdata, sess, in_data, in_data_len, out_data,

                                  out_data_len, key_obj);

    if (rc != CKR_OK)

        TRACE_DEVEL("EC Sign failed.\n");

    return rc;

}

CK_RV ec_sign(STDLL_TokData_t *tokdata,

              SESSION *sess,

              CK_BBOOL length_only,

              SIGN_VERIFY_CONTEXT *ctx,

              CK_BYTE *in_data,

              CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len)

{

    OBJECT *key_obj = NULL;

    CK_ULONG plen;

    CK_RV rc;

    if (!sess || !ctx || !out_data_len) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    rc = object_mgr_find_in_map1(tokdata, ctx->key, &key_obj, READ_LOCK);

    if (rc != CKR_OK) {

        TRACE_ERROR("Failed to acquire key from specified handle");

        if (rc == CKR_OBJECT_HANDLE_INVALID)

            return CKR_KEY_HANDLE_INVALID;

        else

            return rc;

    }

    rc = get_ecsiglen(key_obj, &plen);

    if (rc != CKR_OK) {

        TRACE_DEVEL("get_ecsiglen failed.\n");

        goto done;

    }

    if (length_only == TRUE) {

        *out_data_len = plen;

        rc = CKR_OK;

        goto done;

    }

    if (*out_data_len < plen) {

        TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));

        rc = CKR_BUFFER_TOO_SMALL;

        goto done;

    }

    rc = ckm_ec_sign(tokdata, sess, in_data, in_data_len, out_data,

                     out_data_len, key_obj);

done:

    object_put(tokdata, key_obj, TRUE);

    key_obj = NULL;

    return rc;

}

CK_RV ckm_ec_verify(STDLL_TokData_t *tokdata,

                    SESSION *sess,

                    CK_BYTE *in_data,

                    CK_ULONG in_data_len,

                    CK_BYTE *out_data, CK_ULONG out_data_len, OBJECT *key_obj)

{

    CK_ATTRIBUTE *attr = NULL;

    CK_OBJECT_CLASS keyclass;

    CK_RV rc;

    if (token_specific.t_ec_verify == NULL) {

        TRACE_ERROR("ec_verify not supported by this token\n");

        return CKR_FUNCTION_NOT_SUPPORTED;

    }

    rc = template_attribute_find(key_obj->template, CKA_CLASS, &attr);

    if (rc == FALSE) {

        TRACE_ERROR("Could not find CKA_CLASS in the template\n");

        return CKR_FUNCTION_FAILED;

    }

    keyclass = *(CK_OBJECT_CLASS *) attr->pValue;

    // this had better be a public key

    //

    if (keyclass != CKO_PUBLIC_KEY) {

        TRACE_ERROR("This operation requires a public key.\n");

        return CKR_KEY_FUNCTION_NOT_PERMITTED;

    }

    rc = token_specific.t_ec_verify(tokdata, sess, in_data, in_data_len,

                                    out_data, out_data_len, key_obj);

    if (rc != CKR_OK)

        TRACE_ERROR("Token specific ec verify failed.\n");

    return rc;

}

CK_RV ec_verify(STDLL_TokData_t *tokdata,

                SESSION *sess,

                SIGN_VERIFY_CONTEXT *ctx,

                CK_BYTE *in_data,

                CK_ULONG in_data_len, CK_BYTE *signature, CK_ULONG sig_len)

{

    OBJECT *key_obj = NULL;

    CK_ULONG plen;

    CK_RV rc;

    rc = object_mgr_find_in_map1(tokdata, ctx->key, &key_obj, READ_LOCK);

    if (rc != CKR_OK) {

        TRACE_ERROR("Failed to acquire key from specified handle");

        if (rc == CKR_OBJECT_HANDLE_INVALID)

            return CKR_KEY_HANDLE_INVALID;

        else

            return rc;

    }

    rc = get_ecsiglen(key_obj, &plen);

    if (rc != CKR_OK) {

        TRACE_DEVEL("get_ecsiglen failed.\n");

        goto done;

    }

    // check input data length restrictions

    //

    if (sig_len > plen) {

        TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_LEN_RANGE));

        rc = CKR_SIGNATURE_LEN_RANGE;

        goto done;

    }

    rc = ckm_ec_verify(tokdata, sess, in_data, in_data_len, signature,

                       sig_len, key_obj);

done:

    object_put(tokdata, key_obj, TRUE);

    key_obj = NULL;

    return rc;

}

CK_RV ec_hash_sign(STDLL_TokData_t *tokdata,

                   SESSION *sess,

                   CK_BBOOL length_only,

                   SIGN_VERIFY_CONTEXT *ctx,

                   CK_BYTE *in_data,

                   CK_ULONG in_data_len,

                   CK_BYTE *signature, CK_ULONG *sig_len)

{

    CK_BYTE hash[MAX_SHA_HASH_SIZE];

    DIGEST_CONTEXT digest_ctx;

    SIGN_VERIFY_CONTEXT sign_ctx;

    CK_MECHANISM digest_mech;

    CK_MECHANISM sign_mech;

    CK_ULONG hash_len;

    CK_RV rc;

    if (!sess || !ctx || !in_data) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    memset(&digest_ctx, 0x0, sizeof(digest_ctx));

    memset(&sign_ctx, 0x0, sizeof(sign_ctx));

    switch (ctx->mech.mechanism) {

    case CKM_ECDSA_SHA1:

        digest_mech.mechanism = CKM_SHA_1;

        break;

    case CKM_ECDSA_SHA224:

        digest_mech.mechanism = CKM_SHA224;

        break;

    case CKM_ECDSA_SHA256:

        digest_mech.mechanism = CKM_SHA256;

        break;

    case CKM_ECDSA_SHA384:

        digest_mech.mechanism = CKM_SHA384;

        break;

    case CKM_ECDSA_SHA512:

        digest_mech.mechanism = CKM_SHA512;

        break;

    default:

        return CKR_MECHANISM_INVALID;

    }

    digest_mech.ulParameterLen = 0;

    digest_mech.pParameter = NULL;

    rc = get_sha_size(digest_mech.mechanism, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Get SHA Size failed.\n");

        return rc;

    }

    rc = digest_mgr_init(tokdata, sess, &digest_ctx, &digest_mech);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Init failed.\n");

        return rc;

    }

    rc = digest_mgr_digest(tokdata, sess, length_only, &digest_ctx, in_data,

                           in_data_len, hash, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Digest failed.\n");

        return rc;

    }

    sign_mech.mechanism = CKM_ECDSA;

    sign_mech.ulParameterLen = 0;

    sign_mech.pParameter = NULL;

    rc = sign_mgr_init(tokdata, sess, &sign_ctx, &sign_mech, FALSE, ctx->key);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Sign Mgr Init failed.\n");

        goto error;

    }

    rc = sign_mgr_sign(tokdata, sess, length_only, &sign_ctx, hash, hash_len,

                       signature, sig_len);

    if (rc != CKR_OK)

        TRACE_DEVEL("Sign Mgr Sign failed.\n");

error:

    sign_mgr_cleanup(&sign_ctx);

    return rc;

}

CK_RV ec_hash_sign_update(STDLL_TokData_t *tokdata,

                          SESSION *sess,

                          SIGN_VERIFY_CONTEXT *ctx,

                          CK_BYTE *in_data, CK_ULONG in_data_len)

{

    RSA_DIGEST_CONTEXT *context = NULL;

    CK_MECHANISM digest_mech;

    CK_RV rc;

    if (!sess || !ctx) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    context = (RSA_DIGEST_CONTEXT *) ctx->context;

    if (context->flag == FALSE) {

        switch (ctx->mech.mechanism) {

        case CKM_ECDSA_SHA1:

            digest_mech.mechanism = CKM_SHA_1;

            break;

        case CKM_ECDSA_SHA224:

            digest_mech.mechanism = CKM_SHA224;

            break;

        case CKM_ECDSA_SHA256:

            digest_mech.mechanism = CKM_SHA256;

            break;

        case CKM_ECDSA_SHA384:

            digest_mech.mechanism = CKM_SHA384;

            break;

        case CKM_ECDSA_SHA512:

            digest_mech.mechanism = CKM_SHA512;

            break;

        default:

            return CKR_MECHANISM_INVALID;

        }

        digest_mech.ulParameterLen = 0;

        digest_mech.pParameter = NULL;

        rc = digest_mgr_init(tokdata, sess, &context->hash_context,

                             &digest_mech);

        if (rc != CKR_OK) {

            TRACE_DEVEL("Digest Mgr Init failed.\n");

            return rc;

        }

        context->flag = TRUE;

    }

    rc = digest_mgr_digest_update(tokdata, sess, &context->hash_context,

                                  in_data, in_data_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Update failed.\n");

        return rc;

    }

    return CKR_OK;

}

CK_RV ec_hash_sign_final(STDLL_TokData_t *tokdata,

                         SESSION *sess,

                         CK_BBOOL length_only,

                         SIGN_VERIFY_CONTEXT *ctx,

                         CK_BYTE *signature, CK_ULONG *sig_len)

{

    CK_BYTE hash[MAX_SHA_HASH_SIZE];

    RSA_DIGEST_CONTEXT *context = NULL;

    CK_ULONG hash_len;

    CK_MECHANISM sign_mech;

    SIGN_VERIFY_CONTEXT sign_ctx;

    CK_RV rc;

    if (!sess || !ctx || !sig_len) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    memset(&sign_ctx, 0x0, sizeof(sign_ctx));

    context = (RSA_DIGEST_CONTEXT *) ctx->context;

    rc = get_sha_size(context->hash_context.mech.mechanism, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Get SHA Size failed.\n");

        return rc;

    }

    rc = digest_mgr_digest_final(tokdata, sess, length_only,

                                 &context->hash_context, hash, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Final failed.\n");

        return rc;

    }

    sign_mech.mechanism = CKM_ECDSA;

    sign_mech.ulParameterLen = 0;

    sign_mech.pParameter = NULL;

    rc = sign_mgr_init(tokdata, sess, &sign_ctx, &sign_mech, FALSE, ctx->key);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Sign Mgr Init failed.\n");

        goto done;

    }

    //rc = sign_mgr_sign( sess, length_only, &sign_ctx, ber_data, ber_data_len,

    //signature, sig_len );

    rc = sign_mgr_sign(tokdata, sess, length_only, &sign_ctx, hash, hash_len,

                       signature, sig_len);

    if (rc != CKR_OK)

        TRACE_DEVEL("Sign Mgr Sign failed.\n");

    if (length_only == TRUE || rc == CKR_BUFFER_TOO_SMALL) {

        sign_mgr_cleanup(&sign_ctx);

        return rc;

    }

done:

    sign_mgr_cleanup(&sign_ctx);

    return rc;

}

CK_RV ec_hash_verify(STDLL_TokData_t *tokdata,

                     SESSION *sess,

                     SIGN_VERIFY_CONTEXT *ctx,

                     CK_BYTE *in_data,

                     CK_ULONG in_data_len,

                     CK_BYTE *signature, CK_ULONG sig_len)

{

    CK_BYTE hash[MAX_SHA_HASH_SIZE];

    DIGEST_CONTEXT digest_ctx;

    SIGN_VERIFY_CONTEXT verify_ctx;

    CK_MECHANISM digest_mech;

    CK_MECHANISM verify_mech;

    CK_ULONG hash_len;

    CK_RV rc;

    if (!sess || !ctx || !in_data) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    memset(&digest_ctx, 0x0, sizeof(digest_ctx));

    memset(&verify_ctx, 0x0, sizeof(verify_ctx));

    switch (ctx->mech.mechanism) {

    case CKM_ECDSA_SHA1:

        digest_mech.mechanism = CKM_SHA_1;

        break;

    case CKM_ECDSA_SHA224:

        digest_mech.mechanism = CKM_SHA224;

        break;

    case CKM_ECDSA_SHA256:

        digest_mech.mechanism = CKM_SHA256;

        break;

    case CKM_ECDSA_SHA384:

        digest_mech.mechanism = CKM_SHA384;

        break;

    case CKM_ECDSA_SHA512:

        digest_mech.mechanism = CKM_SHA512;

        break;

    default:

        return CKR_MECHANISM_INVALID;

    }

    digest_mech.ulParameterLen = 0;

    digest_mech.pParameter = NULL;

    rc = get_sha_size(digest_mech.mechanism, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Get SHA Size failed.\n");

        return rc;

    }

    rc = digest_mgr_init(tokdata, sess, &digest_ctx, &digest_mech);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Init failed.\n");

        return rc;

    }

    rc = digest_mgr_digest(tokdata, sess, FALSE, &digest_ctx, in_data,

                           in_data_len, hash, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Digest failed.\n");

        return rc;

    }

    // Verify the Signed BER-encoded Data block

    //

    verify_mech.mechanism = CKM_ECDSA;

    verify_mech.ulParameterLen = 0;

    verify_mech.pParameter = NULL;

    rc = verify_mgr_init(tokdata, sess, &verify_ctx, &verify_mech, FALSE,

                         ctx->key);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Verify Mgr Init failed.\n");

        goto done;

    }

    //rc = verify_mgr_verify( sess, &verify_ctx, ber_data, ber_data_len,

    //signature, sig_len );

    rc = verify_mgr_verify(tokdata, sess, &verify_ctx, hash, hash_len,

                           signature, sig_len);

    if (rc != CKR_OK)

        TRACE_DEVEL("Verify Mgr Verify failed.\n");

done:

    sign_mgr_cleanup(&verify_ctx);

    return rc;

}

CK_RV ec_hash_verify_update(STDLL_TokData_t *tokdata,

                            SESSION *sess,

                            SIGN_VERIFY_CONTEXT *ctx,

                            CK_BYTE *in_data, CK_ULONG in_data_len)

{

    RSA_DIGEST_CONTEXT *context = NULL;

    CK_MECHANISM digest_mech;

    CK_RV rc;

    if (!sess || !ctx) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    context = (RSA_DIGEST_CONTEXT *) ctx->context;

    if (context->flag == FALSE) {

        switch (ctx->mech.mechanism) {

        case CKM_ECDSA_SHA1:

            digest_mech.mechanism = CKM_SHA_1;

            break;

        case CKM_ECDSA_SHA224:

            digest_mech.mechanism = CKM_SHA224;

            break;

        case CKM_ECDSA_SHA256:

            digest_mech.mechanism = CKM_SHA256;

            break;

        case CKM_ECDSA_SHA384:

            digest_mech.mechanism = CKM_SHA384;

            break;

        case CKM_ECDSA_SHA512:

            digest_mech.mechanism = CKM_SHA512;

            break;

        default:

            return CKR_MECHANISM_INVALID;

        }

        digest_mech.ulParameterLen = 0;

        digest_mech.pParameter = NULL;

        rc = digest_mgr_init(tokdata, sess, &context->hash_context,

                             &digest_mech);

        if (rc != CKR_OK) {

            TRACE_DEVEL("Digest Mgr Init failed.\n");

            return rc;

        }

        context->flag = TRUE;

    }

    rc = digest_mgr_digest_update(tokdata, sess, &context->hash_context,

                                  in_data, in_data_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Update failed.\n");

        return rc;

    }

    return CKR_OK;

}

CK_RV ec_hash_verify_final(STDLL_TokData_t *tokdata,

                           SESSION *sess,

                           SIGN_VERIFY_CONTEXT *ctx,

                           CK_BYTE *signature, CK_ULONG sig_len)

{

    CK_BYTE hash[MAX_SHA_HASH_SIZE];

    RSA_DIGEST_CONTEXT *context = NULL;

    CK_ULONG hash_len;

    CK_MECHANISM verify_mech;

    SIGN_VERIFY_CONTEXT verify_ctx;

    CK_RV rc;

    if (!sess || !ctx || !signature) {

        TRACE_ERROR("%s received bad argument(s)\n", __func__);

        return CKR_FUNCTION_FAILED;

    }

    memset(&verify_ctx, 0x0, sizeof(verify_ctx));

    context = (RSA_DIGEST_CONTEXT *) ctx->context;

    rc = get_sha_size(context->hash_context.mech.mechanism, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Get SHA Size failed.\n");

        return rc;

    }

    rc = digest_mgr_digest_final(tokdata, sess, FALSE, &context->hash_context,

                                 hash, &hash_len);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Digest Mgr Final failed.\n");

        return rc;

    }

    verify_mech.mechanism = CKM_ECDSA;

    verify_mech.ulParameterLen = 0;

    verify_mech.pParameter = NULL;

    rc = verify_mgr_init(tokdata, sess, &verify_ctx, &verify_mech, FALSE,

                         ctx->key);

    if (rc != CKR_OK) {

        TRACE_DEVEL("Verify Mgr Init failed.\n");

        goto done;

    }

    rc = verify_mgr_verify(tokdata, sess, &verify_ctx, hash, hash_len,

                           signature, sig_len);

    if (rc != CKR_OK)

        TRACE_DEVEL("Verify Mgr Verify failed.\n");

done:

    verify_mgr_cleanup(&verify_ctx);

    return rc;

}

CK_RV ckm_kdf(STDLL_TokData_t *tokdata, SESSION *sess, CK_ULONG kdf,

              CK_BYTE *data, CK_ULONG data_len, CK_BYTE *hash, CK_ULONG *h_len)

{

    CK_RV rc;

    DIGEST_CONTEXT ctx;

    CK_MECHANISM digest_mech;

    memset(&ctx, 0, sizeof(DIGEST_CONTEXT));

    memset(&digest_mech, 0, sizeof(CK_MECHANISM));

    switch (kdf) {

    case CKD_SHA1_KDF:

        digest_mech.mechanism = CKM_SHA_1;

        *h_len = SHA1_HASH_SIZE;

        break;

    case CKD_SHA224_KDF:

        digest_mech.mechanism = CKM_SHA224;

        *h_len = SHA224_HASH_SIZE;

        break;

    case CKD_SHA256_KDF:

        digest_mech.mechanism = CKM_SHA256;

        *h_len = SHA256_HASH_SIZE;

        break;

    case CKD_SHA384_KDF:

        digest_mech.mechanism = CKM_SHA384;

        *h_len = SHA384_HASH_SIZE;

        break;

    case CKD_SHA512_KDF:

        digest_mech.mechanism = CKM_SHA512;

        *h_len = SHA512_HASH_SIZE;

        break;

    case CKD_NULL:

        memcpy(hash, data, data_len - 4);

        *h_len = data_len - 4;  // data length minus counter length

        return CKR_OK;

    default:

        TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));

        return CKR_FUNCTION_NOT_SUPPORTED;

    }

    rc = digest_mgr_init(tokdata, sess, &ctx, &digest_mech);

    if (rc != CKR_OK) {

        TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));

        return rc;

    }

    rc = digest_mgr_digest(tokdata, sess, FALSE, &ctx, data, data_len, hash,

                           h_len);

    if (rc != CKR_OK) {

        TRACE_ERROR("digest_mgr_digest failed with rc = %s\n", ock_err(rc));

        return rc;

    }

    return CKR_OK;

}

CK_RV ckm_kdf_X9_63(STDLL_TokData_t *tokdata, SESSION *sess, CK_ULONG kdf,

                    CK_ULONG kdf_digest_len, const CK_BYTE *z, CK_ULONG z_len,

                    const CK_BYTE *shared_data, CK_ULONG shared_data_len,

                    CK_BYTE *key, CK_ULONG key_len)

{

    CK_ULONG counter_length = 4;

    CK_BYTE *ctx = NULL;

    CK_ULONG ctx_len;

    CK_BYTE hash[MAX_SUPPORTED_HASH_LENGTH];

    CK_ULONG h_len;

    CK_RV rc;

    unsigned int i, counter, counter_en;

    /* Check max keylen according to ANSI X9.63 */

    /* digest_len * 2^32 */

    CK_ULONG max_keybytes = kdf_digest_len * 0x100000000ul;

    if (key_len >= max_keybytes) {

        TRACE_ERROR("Desired key length %lu greater than max supported key "

                    "length %lu.\n", key_len, max_keybytes);

        return CKR_KEY_SIZE_RANGE;

    }

    /* If no KDF to be used, just return the shared_data.

     * Cannot concatenate hashes. */

    if (kdf == CKD_NULL) {

        memcpy(key, z, z_len);

        return CKR_OK;

    }

    /* Allocate memory for hash context */

    ctx_len = z_len + counter_length + shared_data_len;

    ctx = malloc(ctx_len);