|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2001-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// File: mech_sha.c
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Mechanisms for SHA-1 related routines
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// The following applies to the software SHA implementation:
|
|
Packit |
8681c6 |
// Written 2 September 1992, Peter C. Gutmann.
|
|
Packit |
8681c6 |
// This implementation placed in the public domain.
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Modified 1 June 1993, Colin Plumb.
|
|
Packit |
8681c6 |
// Modified for the new SHS based on Peter Gutmann's work,
|
|
Packit |
8681c6 |
// 18 July 1994, Colin Plumb.
|
|
Packit |
8681c6 |
// Gutmann's work.
|
|
Packit |
8681c6 |
// Renamed to SHA and comments updated a bit 1 November 1995, Colin Plumb.
|
|
Packit |
8681c6 |
// These modifications placed in the public domain.
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Comments to pgut1@cs.aukuni.ac.nz
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <pthread.h>
|
|
Packit |
8681c6 |
#include <string.h> // for memcmp() et al
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <memory.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "defs.h"
|
|
Packit |
8681c6 |
#include "host_defs.h"
|
|
Packit |
8681c6 |
#include "h_extern.h"
|
|
Packit |
8681c6 |
#include "tok_spec_struct.h"
|
|
Packit |
8681c6 |
#include "trace.h"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <openssl/sha.h>
|
|
Packit |
8681c6 |
#include <openssl/crypto.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
// Software SHA-1 implementation (OpenSSL based)
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
void sw_sha1_init(DIGEST_CONTEXT *ctx)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
ctx->context_len = sizeof(SHA_CTX);
|
|
Packit |
8681c6 |
ctx->context = (CK_BYTE *) malloc(sizeof(SHA_CTX));
|
|
Packit |
8681c6 |
if (ctx->context == NULL) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
Packit |
8681c6 |
// TODO: propagate error up?
|
|
Packit |
8681c6 |
return;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
SHA1_Init((SHA_CTX *)ctx->context);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
Packit |
8681c6 |
CK_ULONG in_data_len, CK_BYTE *out_data,
|
|
Packit |
8681c6 |
CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!ctx || !out_data_len) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (*out_data_len < SHA1_HASH_SIZE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));
|
|
Packit |
8681c6 |
return CKR_BUFFER_TOO_SMALL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ctx->context == NULL)
|
|
Packit |
8681c6 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
SHA1_Update((SHA_CTX *)ctx->context, in_data, in_data_len);
|
|
Packit |
8681c6 |
SHA1_Final(out_data, (SHA_CTX *)ctx->context);
|
|
Packit |
8681c6 |
*out_data_len = SHA1_HASH_SIZE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
free(ctx->context);
|
|
Packit |
8681c6 |
ctx->context = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV sw_sha1_update(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
Packit |
8681c6 |
CK_ULONG in_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (ctx->context == NULL)
|
|
Packit |
8681c6 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
SHA1_Update((SHA_CTX *)ctx->context, in_data, in_data_len);
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV sw_sha1_final(DIGEST_CONTEXT *ctx, CK_BYTE *out_data,
|
|
Packit |
8681c6 |
CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (ctx->context == NULL)
|
|
Packit |
8681c6 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
SHA1_Final(out_data, (SHA_CTX *)ctx->context);
|
|
Packit |
8681c6 |
*out_data_len = SHA1_HASH_SIZE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
free(ctx->context);
|
|
Packit |
8681c6 |
ctx->context = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV sha_init(STDLL_TokData_t *tokdata, SESSION *sess, DIGEST_CONTEXT *ctx,
|
|
Packit |
8681c6 |
CK_MECHANISM *mech)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
UNUSED(sess);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_sha_init != NULL) {
|
|
Packit |
8681c6 |
return token_specific.t_sha_init(tokdata, ctx, mech);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
/* For current tokens, continue legacy of using software
|
|
Packit |
8681c6 |
* implemented SHA-1 if the token does not have its own
|
|
Packit |
8681c6 |
* SHA-1 implementation.
|
|
Packit |
8681c6 |
* Future tokens' crypto should be its own so that
|
|
Packit |
8681c6 |
* opencryptoki is not responsible for crypto. If token
|
|
Packit |
8681c6 |
* does not have SHA-1, then should be mechanism not
|
|
Packit |
8681c6 |
* supported. JML
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (mech->mechanism == CKM_SHA_1) {
|
|
Packit |
8681c6 |
sw_sha1_init(ctx);
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV sha_hash(STDLL_TokData_t *tokdata, SESSION *sess, CK_BBOOL length_only,
|
|
Packit |
8681c6 |
DIGEST_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len,
|
|
Packit |
8681c6 |
CK_BYTE *out_data, CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ULONG hsize;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
UNUSED(sess);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!ctx || !out_data_len) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
switch (ctx->mech.mechanism) {
|
|
Packit |
8681c6 |
case CKM_SHA_1:
|
|
Packit |
8681c6 |
hsize = SHA1_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA224:
|
|
Packit |
8681c6 |
case CKM_SHA512_224:
|
|
Packit |
8681c6 |
hsize = SHA224_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA256:
|
|
Packit |
8681c6 |
case CKM_SHA512_256:
|
|
Packit |
8681c6 |
hsize = SHA256_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA384:
|
|
Packit |
8681c6 |
hsize = SHA384_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA512:
|
|
Packit |
8681c6 |
hsize = SHA512_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_224:
|
|
Packit |
8681c6 |
hsize = SHA3_224_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_256:
|
|
Packit |
8681c6 |
hsize = SHA3_256_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_384:
|
|
Packit |
8681c6 |
hsize = SHA3_384_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_512:
|
|
Packit |
8681c6 |
hsize = SHA3_512_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (length_only == TRUE) {
|
|
Packit |
8681c6 |
*out_data_len = hsize;
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (*out_data_len < hsize) {
|
|
Packit |
8681c6 |
*out_data_len = hsize;
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));
|
|
Packit |
8681c6 |
return CKR_BUFFER_TOO_SMALL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ctx->context == NULL)
|
|
Packit |
8681c6 |
return CKR_HOST_MEMORY;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_sha != NULL) {
|
|
Packit |
8681c6 |
return token_specific.t_sha(tokdata, ctx, in_data, in_data_len,
|
|
Packit |
8681c6 |
out_data, out_data_len);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
if (ctx->mech.mechanism == CKM_SHA_1)
|
|
Packit |
8681c6 |
return sw_sha1_hash(ctx, in_data, in_data_len, out_data,
|
|
Packit |
8681c6 |
out_data_len);
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
CK_RV sha_hash_update(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
Packit |
8681c6 |
CK_ULONG in_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
UNUSED(sess);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* if no data to hash, just return */
|
|
Packit |
8681c6 |
if (!in_data_len)
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_sha_update != NULL) {
|
|
Packit |
8681c6 |
return token_specific.t_sha_update(tokdata, ctx, in_data, in_data_len);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
if (ctx->mech.mechanism == CKM_SHA_1)
|
|
Packit |
8681c6 |
return sw_sha1_update(ctx, in_data, in_data_len);
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV sha_hash_final(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_BYTE length_only, DIGEST_CONTEXT *ctx,
|
|
Packit |
8681c6 |
CK_BYTE *out_data, CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ULONG hsize;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
UNUSED(sess);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!out_data_len) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
switch (ctx->mech.mechanism) {
|
|
Packit |
8681c6 |
case CKM_SHA_1:
|
|
Packit |
8681c6 |
hsize = SHA1_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA224:
|
|
Packit |
8681c6 |
case CKM_SHA512_224:
|
|
Packit |
8681c6 |
hsize = SHA224_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA256:
|
|
Packit |
8681c6 |
case CKM_SHA512_256:
|
|
Packit |
8681c6 |
hsize = SHA256_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA384:
|
|
Packit |
8681c6 |
hsize = SHA384_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_SHA512:
|
|
Packit |
8681c6 |
hsize = SHA512_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_224:
|
|
Packit |
8681c6 |
hsize = SHA3_224_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_256:
|
|
Packit |
8681c6 |
hsize = SHA3_256_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_384:
|
|
Packit |
8681c6 |
hsize = SHA3_384_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case CKM_IBM_SHA3_512:
|
|
Packit |
8681c6 |
hsize = SHA3_512_HASH_SIZE;
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (length_only == TRUE) {
|
|
Packit |
8681c6 |
*out_data_len = hsize;
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (*out_data_len < hsize) {
|
|
Packit |
8681c6 |
*out_data_len = hsize;
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));
|
|
Packit |
8681c6 |
return CKR_BUFFER_TOO_SMALL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_sha_final != NULL) {
|
|
Packit |
8681c6 |
return token_specific.t_sha_final(tokdata, ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
if (ctx->mech.mechanism == CKM_SHA_1)
|
|
Packit |
8681c6 |
return sw_sha1_final(ctx, out_data, out_data_len);
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
// this routine gets called for these mechanisms actually:
|
|
Packit Service |
8aa27d |
// CKM_SHA_1_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA_1_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA224_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA224_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA256_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA256_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA384_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA384_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA512_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA512_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA512_224_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA512_224_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA512_256_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA512_256_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_224_HMAC
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_256_HMAC
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_384_HMAC
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_512_HMAC
|
|
Packit |
8681c6 |
//
|
|
Packit Service |
8aa27d |
CK_RV sha_hmac_sign(STDLL_TokData_t *tokdata,
|
|
Packit Service |
8aa27d |
SESSION *sess, CK_BBOOL length_only,
|
|
Packit Service |
8aa27d |
SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
|
|
Packit Service |
8aa27d |
CK_ULONG in_data_len, CK_BYTE *out_data,
|
|
Packit Service |
8aa27d |
CK_ULONG *out_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
OBJECT *key_obj = NULL;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE *attr = NULL;
|
|
Packit Service |
8aa27d |
CK_BYTE hash[MAX_SHA_HASH_SIZE];
|
|
Packit |
8681c6 |
DIGEST_CONTEXT digest_ctx;
|
|
Packit |
8681c6 |
CK_MECHANISM digest_mech;
|
|
Packit Service |
8aa27d |
CK_BYTE k_ipad[MAX_SHA_BLOCK_SIZE];
|
|
Packit Service |
8aa27d |
CK_BYTE k_opad[MAX_SHA_BLOCK_SIZE];
|
|
Packit Service |
8aa27d |
CK_ULONG key_bytes, hash_len, hmac_len, digest_hash_len, digest_block_size;
|
|
Packit Service |
8aa27d |
CK_BBOOL general = FALSE;
|
|
Packit |
8681c6 |
CK_ULONG i;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx || !out_data_len) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
digest_mech.ulParameterLen = 0;
|
|
Packit Service |
8aa27d |
digest_mech.pParameter = NULL;
|
|
Packit Service |
8aa27d |
rc = get_hmac_digest(ctx->mech.mechanism, &digest_mech.mechanism, &general);
|
|
Packit Service |
8aa27d |
if (rc != 0) {
|
|
Packit Service |
8aa27d |
TRACE_ERROR("get_hmac_digest failed");
|
|
Packit Service |
8aa27d |
return rc;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
rc = get_sha_block_size(digest_mech.mechanism, &digest_block_size);
|
|
Packit Service |
8aa27d |
if (rc != 0) {
|
|
Packit Service |
8aa27d |
TRACE_ERROR("get_sha_block_size failed");
|
|
Packit Service |
8aa27d |
return rc;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
rc = get_sha_size(digest_mech.mechanism, &digest_hash_len);
|
|
Packit Service |
8aa27d |
if (rc != 0) {
|
|
Packit Service |
8aa27d |
TRACE_ERROR("get_sha_size failed");
|
|
Packit Service |
8aa27d |
return rc;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
if (general == FALSE) {
|
|
Packit Service |
8aa27d |
hmac_len = digest_hash_len;
|
|
Packit Service |
8aa27d |
} else {
|
|
Packit Service |
8aa27d |
hmac_len = *(CK_ULONG *)ctx->mech.pParameter;
|
|
Packit Service |
8aa27d |
if (hmac_len > digest_hash_len)
|
|
Packit Service |
8aa27d |
return CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (hmac_len == 0) {
|
|
Packit |
8681c6 |
*out_data_len = 0;
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (length_only == TRUE) {
|
|
Packit |
8681c6 |
*out_data_len = hmac_len;
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_sign != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_sign(tokdata, sess, in_data,
|
|
Packit |
8681c6 |
in_data_len, out_data, out_data_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Do manual hmac if token doesn't have an hmac crypto call.
|
|
Packit |
8681c6 |
* Secure tokens should not do manual hmac.
|
|
Packit |
8681c6 |
*/
|
|
Packit Service |
8aa27d |
|
|
Packit |
8681c6 |
memset(&digest_ctx, 0x0, sizeof(DIGEST_CONTEXT));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = object_mgr_find_in_map1(tokdata, ctx->key, &key_obj, READ_LOCK);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Failed to acquire key from specified handle");
|
|
Packit |
8681c6 |
if (rc == CKR_OBJECT_HANDLE_INVALID)
|
|
Packit |
8681c6 |
return CKR_KEY_HANDLE_INVALID;
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit Service |
8aa27d |
|
|
Packit |
8681c6 |
rc = template_attribute_find(key_obj->template, CKA_VALUE, &attr);
|
|
Packit |
8681c6 |
if (rc == FALSE) {
|
|
Packit |
8681c6 |
TRACE_ERROR("Could not find CKA_VALUE in the template\n");
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
key_bytes = attr->ulValueLen;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// build (K XOR ipad), (K XOR opad)
|
|
Packit |
8681c6 |
//
|
|
Packit Service |
8aa27d |
if (key_bytes > digest_block_size) {
|
|
Packit |
8681c6 |
rc = digest_mgr_init(tokdata, sess, &digest_ctx, &digest_mech);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Init failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
hash_len = digest_hash_len;
|
|
Packit |
8681c6 |
rc = digest_mgr_digest(tokdata, sess, FALSE, &digest_ctx,
|
|
Packit |
8681c6 |
attr->pValue, attr->ulValueLen, hash, &hash_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Digest failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&digest_ctx, 0x0, sizeof(DIGEST_CONTEXT));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < hash_len; i++) {
|
|
Packit |
8681c6 |
k_ipad[i] = hash[i] ^ 0x36;
|
|
Packit |
8681c6 |
k_opad[i] = hash[i] ^ 0x5C;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
memset(&k_ipad[i], 0x36, digest_block_size - i);
|
|
Packit Service |
8aa27d |
memset(&k_opad[i], 0x5C, digest_block_size - i);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
CK_BYTE *key = attr->pValue;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < key_bytes; i++) {
|
|
Packit |
8681c6 |
k_ipad[i] = key[i] ^ 0x36;
|
|
Packit |
8681c6 |
k_opad[i] = key[i] ^ 0x5C;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
memset(&k_ipad[i], 0x36, digest_block_size - key_bytes);
|
|
Packit Service |
8aa27d |
memset(&k_opad[i], 0x5C, digest_block_size - key_bytes);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// inner hash
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = digest_mgr_init(tokdata, sess, &digest_ctx, &digest_mech);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Init failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = digest_mgr_digest_update(tokdata, sess, &digest_ctx, k_ipad,
|
|
Packit Service |
8aa27d |
digest_block_size);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Update failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = digest_mgr_digest_update(tokdata, sess, &digest_ctx, in_data,
|
|
Packit |
8681c6 |
in_data_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Update failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
hash_len = digest_hash_len;
|
|
Packit |
8681c6 |
rc = digest_mgr_digest_final(tokdata, sess, FALSE, &digest_ctx, hash,
|
|
Packit |
8681c6 |
&hash_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Final failed.\n");
|
|
Packit Service |
8aa27d |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&digest_ctx, 0x0, sizeof(DIGEST_CONTEXT));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// outer hash
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
rc = digest_mgr_init(tokdata, sess, &digest_ctx, &digest_mech);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Init failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = digest_mgr_digest_update(tokdata, sess, &digest_ctx, k_opad,
|
|
Packit Service |
8aa27d |
digest_block_size);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Update failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = digest_mgr_digest_update(tokdata, sess, &digest_ctx, hash, hash_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Update failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
hash_len = digest_hash_len;
|
|
Packit |
8681c6 |
rc = digest_mgr_digest_final(tokdata, sess, FALSE, &digest_ctx, hash,
|
|
Packit |
8681c6 |
&hash_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Digest Mgr Final failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(out_data, hash, hmac_len);
|
|
Packit |
8681c6 |
*out_data_len = hmac_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
object_put(tokdata, key_obj, TRUE);
|
|
Packit |
8681c6 |
key_obj = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
// this routine gets called for these mechanisms actually:
|
|
Packit Service |
8aa27d |
// CKM_SHA_1_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA_1_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA224_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA224_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA256_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA256_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA384_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA384_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA512_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA512_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA512_224_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA512_224_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_SHA512_256_HMAC
|
|
Packit Service |
8aa27d |
// CKM_SHA512_256_HMAC_GENERAL
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_224_HMAC
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_256_HMAC
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_384_HMAC
|
|
Packit Service |
8aa27d |
// CKM_IBM_SHA3_512_HMAC
|
|
Packit Service |
8aa27d |
//
|
|
Packit Service |
8aa27d |
CK_RV sha_hmac_verify(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit Service |
8aa27d |
SIGN_VERIFY_CONTEXT *ctx,
|
|
Packit Service |
8aa27d |
CK_BYTE *in_data, CK_ULONG in_data_len,
|
|
Packit Service |
8aa27d |
CK_BYTE *signature, CK_ULONG sig_len)
|
|
Packit |
8681c6 |
{
|
|
Packit Service |
8aa27d |
CK_BYTE hmac[MAX_SHA_HASH_SIZE];
|
|
Packit |
8681c6 |
SIGN_VERIFY_CONTEXT hmac_ctx;
|
|
Packit Service |
8aa27d |
CK_ULONG hmac_len, len, digest_mech, digest_hash_len;
|
|
Packit Service |
8aa27d |
CK_BBOOL general = FALSE;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx || !in_data || !signature) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_verify != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_verify(tokdata, sess, in_data,
|
|
Packit |
8681c6 |
in_data_len, signature, sig_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Do manual hmac verify if token doesn't have an hmac crypto call.
|
|
Packit |
8681c6 |
* Secure tokens should not do manual hmac.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
rc = get_hmac_digest(ctx->mech.mechanism, &digest_mech, &general);
|
|
Packit Service |
8aa27d |
if (rc != 0) {
|
|
Packit Service |
8aa27d |
TRACE_ERROR("get_hmac_digest failed");
|
|
Packit Service |
8aa27d |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
rc = get_sha_size(digest_mech, &digest_hash_len);
|
|
Packit Service |
8aa27d |
if (rc != 0) {
|
|
Packit Service |
8aa27d |
TRACE_ERROR("get_sha_size failed");
|
|
Packit Service |
8aa27d |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
if (general == FALSE) {
|
|
Packit Service |
8aa27d |
hmac_len = digest_hash_len;
|
|
Packit Service |
8aa27d |
} else {
|
|
Packit Service |
8aa27d |
hmac_len = *(CK_ULONG *)ctx->mech.pParameter;
|
|
Packit Service |
8aa27d |
if (hmac_len > digest_hash_len)
|
|
Packit Service |
8aa27d |
return CKR_MECHANISM_PARAM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&hmac_ctx, 0, sizeof(SIGN_VERIFY_CONTEXT));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = sign_mgr_init(tokdata, sess, &hmac_ctx, &ctx->mech, FALSE, ctx->key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Sign Mgr Init failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit Service |
8aa27d |
len = hmac_len;
|
|
Packit |
8681c6 |
rc = sign_mgr_sign(tokdata, sess, FALSE, &hmac_ctx, in_data, in_data_len,
|
|
Packit |
8681c6 |
hmac, &len;;
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
TRACE_DEVEL("Sign Mgr Sign failed.\n");
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if ((len != hmac_len) || (len != sig_len)) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_LEN_RANGE));
|
|
Packit |
8681c6 |
rc = CKR_SIGNATURE_LEN_RANGE;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (CRYPTO_memcmp(hmac, signature, hmac_len) != 0) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_INVALID));
|
|
Packit |
8681c6 |
rc = CKR_SIGNATURE_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
sign_mgr_cleanup(&hmac_ctx);
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV hmac_sign_init(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_MECHANISM *mech, CK_OBJECT_HANDLE hkey)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_sign_init != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_sign_init(tokdata, sess, mech, hkey);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Return ok with the intention that the local hmac
|
|
Packit |
8681c6 |
* implementation will get used instead.
|
|
Packit |
8681c6 |
* For those tokens not supporting HMAC at all,
|
|
Packit |
8681c6 |
* will need to return CKR_MECHANISM_INVALID.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV hmac_sign_update(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_BYTE *in_data, CK_ULONG in_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
SIGN_VERIFY_CONTEXT *ctx = &sess->sign_ctx;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_sign_update != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_sign_update(tokdata, sess,
|
|
Packit |
8681c6 |
in_data, in_data_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("hmac-update is not supported\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV hmac_sign_final(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_BYTE *signature, CK_ULONG *sig_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
SIGN_VERIFY_CONTEXT *ctx = &sess->sign_ctx;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_sign_final != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_sign_final(tokdata, sess,
|
|
Packit |
8681c6 |
signature, sig_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("hmac-final is not supported\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV hmac_verify_init(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_MECHANISM *mech, CK_OBJECT_HANDLE hkey)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_verify_init != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_verify_init(tokdata, sess, mech, hkey);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Return ok with the intention that the local hmac
|
|
Packit |
8681c6 |
* implementation will get used instead.
|
|
Packit |
8681c6 |
* For those tokens not supporting HMAC at all,
|
|
Packit |
8681c6 |
* will need to return CKR_MECHANISM_INVALID.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV hmac_verify_update(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_BYTE *in_data, CK_ULONG in_data_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
SIGN_VERIFY_CONTEXT *ctx = &sess->sign_ctx;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_verify_update != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_verify_update(tokdata, sess,
|
|
Packit |
8681c6 |
in_data, in_data_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("hmac-update is not supported\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV hmac_verify_final(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
Packit |
8681c6 |
CK_BYTE *signature, CK_ULONG sig_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
SIGN_VERIFY_CONTEXT *ctx = &sess->sign_ctx;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!sess || !ctx) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (token_specific.t_hmac_verify_final != NULL)
|
|
Packit |
8681c6 |
return token_specific.t_hmac_verify_final(tokdata, sess,
|
|
Packit |
8681c6 |
signature, sig_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
TRACE_ERROR("hmac-final is not supported\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV ckm_generic_secret_key_gen(STDLL_TokData_t *tokdata, TEMPLATE *tmpl)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (token_specific.t_generic_secret_key_gen == NULL) {
|
|
Packit |
8681c6 |
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));
|
|
Packit |
8681c6 |
return CKR_MECHANISM_INVALID;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return token_specific.t_generic_secret_key_gen(tokdata, tmpl);
|
|
Packit |
8681c6 |
}
|