Tree - source-git/opencryptoki

source-git / opencryptoki

Blame usr/lib/common/sign_mgr.c

Blob History Raw

Packit	8681c6	`/*`
Packit	8681c6	`* COPYRIGHT (c) International Business Machines Corp. 2001-2017`
Packit	8681c6	`*`
Packit	8681c6	`* This program is provided under the terms of the Common Public License,`
Packit	8681c6	`* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this`
Packit	8681c6	`* software constitutes recipient's acceptance of CPL-1.0 terms which can be`
Packit	8681c6	`* found in the file LICENSE file or at`
Packit	8681c6	`* https://opensource.org/licenses/cpl1.0.php`
Packit	8681c6	`*/`
Packit	8681c6
Packit	8681c6	`// File: sign_mgr.c`
Packit	8681c6	`//`
Packit	8681c6	`// Signature manager routines`
Packit	8681c6	`//`
Packit	8681c6
Packit	8681c6	`#include <pthread.h>`
Packit	8681c6
Packit	8681c6	`#include <string.h> // for memcmp() et al`
Packit	8681c6	`#include <stdlib.h>`
Packit	8681c6
Packit	8681c6	`#include "pkcs11types.h"`
Packit	8681c6	`#include "defs.h"`
Packit	8681c6	`#include "host_defs.h"`
Packit	8681c6	`#include "h_extern.h"`
Packit	8681c6	`#include "tok_spec_struct.h"`
Packit	8681c6	`#include "trace.h"`
Packit	8681c6
Packit	8681c6	`//`
Packit	8681c6	`//`
Packit	8681c6	`CK_RV sign_mgr_init(STDLL_TokData_t *tokdata,`
Packit	8681c6	`SESSION *sess,`
Packit	8681c6	`SIGN_VERIFY_CONTEXT *ctx,`
Packit	8681c6	`CK_MECHANISM *mech,`
Packit	8681c6	`CK_BBOOL recover_mode, CK_OBJECT_HANDLE key)`
Packit	8681c6	`{`
Packit	8681c6	`OBJECT *key_obj = NULL;`
Packit	8681c6	`CK_ATTRIBUTE *attr = NULL;`
Packit	8681c6	`CK_BYTE *ptr = NULL;`
Packit	8681c6	`CK_KEY_TYPE keytype;`
Packit	8681c6	`CK_OBJECT_CLASS class;`
Packit	8681c6	`CK_BBOOL flag;`
Packit	8681c6	`CK_RV rc;`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`if (!sess \|\| !ctx) {`
Packit	8681c6	`TRACE_ERROR("Invalid function arguments.\n");`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->active != FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));`
Packit	8681c6	`return CKR_OPERATION_ACTIVE;`
Packit	8681c6	`}`
Packit	8681c6	`// key usage restrictions`
Packit	8681c6	`//`
Packit	8681c6	`rc = object_mgr_find_in_map1(tokdata, key, &key_obj, READ_LOCK);`
Packit	8681c6	`if (rc != CKR_OK) {`
Packit	8681c6	`TRACE_ERROR("Failed to acquire key from specified handle.\n");`
Packit	8681c6	`if (rc == CKR_OBJECT_HANDLE_INVALID)`
Packit	8681c6	`return CKR_KEY_HANDLE_INVALID;`
Packit	8681c6	`else`
Packit	8681c6	`return rc;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (recover_mode) {`
Packit	8681c6	`// is key allowed to generate signatures where the data can be`
Packit	8681c6	`// recovered from the signature?`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_SIGN_RECOVER,`
Packit	8681c6	`&attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_SIGN_RECOVER for the key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`} else {`
Packit	8681c6	`// is key allowed to generate signatures where the signature is an`
Packit	8681c6	`// appendix to the data?`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_SIGN, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_SIGN for the key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6	`flag = (CK_BBOOL ) attr->pValue;`
Packit	8681c6	`if (flag != TRUE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_FUNCTION_NOT_PERMITTED));`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// is the mechanism supported? is the key type correct? is a`
Packit	8681c6	`// parameter present if required? is the key size allowed?`
Packit	8681c6	`// is the key allowed to generate signatures?`
Packit	8681c6	`//`
Packit	8681c6	`switch (mech->mechanism) {`
Packit	8681c6	`case CKM_RSA_X_509:`
Packit	8681c6	`case CKM_RSA_PKCS:`
Packit	8681c6	`case CKM_RSA_PKCS_PSS:`
Packit	8681c6	`if (mech->mechanism == CKM_RSA_PKCS_PSS) {`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_MODULUS, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_MODULUS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`rc = check_pss_params(mech, attr->ulValueLen);`
Packit	8681c6	`if (rc != CKR_OK) {`
Packit	8681c6	`TRACE_DEVEL("check_pss_params() failed.\n");`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`} else {`
Packit	8681c6	`if (mech->ulParameterLen != 0) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_RSA) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// must be a PRIVATE key`
Packit	8681c6	`//`
Packit	8681c6	`flag = template_attribute_find(key_obj->template, CKA_CLASS, &attr);`
Packit	8681c6	`if (flag == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`class = (CK_OBJECT_CLASS ) attr->pValue;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// if it's not a private RSA key then we have an internal failure...`
Packit	8681c6	`// means that somehow a public key got assigned a CKA_SIGN attribute`
Packit	8681c6	`//`
Packit	8681c6	`if (class != CKO_PRIVATE_KEY) {`
Packit	8681c6	`TRACE_ERROR("This operation requires a private key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`// PKCS #11 doesn't allow multi-part RSA operations`
Packit	8681c6	`//`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_ECDSA:`
Packit	8681c6	`case CKM_ECDSA_SHA1:`
Packit	8681c6	`case CKM_ECDSA_SHA224:`
Packit	8681c6	`case CKM_ECDSA_SHA256:`
Packit	8681c6	`case CKM_ECDSA_SHA384:`
Packit	8681c6	`case CKM_ECDSA_SHA512:`
Packit	8681c6	`if (mech->ulParameterLen != 0) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_EC) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// must be a PRIVATE key`
Packit	8681c6	`//`
Packit	8681c6	`flag = template_attribute_find(key_obj->template, CKA_CLASS, &attr);`
Packit	8681c6	`if (flag == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`class = (CK_OBJECT_CLASS ) attr->pValue;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (class != CKO_PRIVATE_KEY) {`
Packit	8681c6	`TRACE_ERROR("This operation requires a private key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (mech->mechanism == CKM_ECDSA) {`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6	`} else {`
Packit	8681c6	`ctx->context_len = sizeof(RSA_DIGEST_CONTEXT);`
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(RSA_DIGEST_CONTEXT));`
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(RSA_DIGEST_CONTEXT));`
Packit	8681c6	`}`
Packit	8681c6	`break;`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_RSA_PKCS:`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS:`
Packit	8681c6	`if (mech->ulParameterLen != 0) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_RSA) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// must be a PRIVATE key operation`
Packit	8681c6	`//`
Packit	8681c6	`flag = template_attribute_find(key_obj->template, CKA_CLASS, &attr);`
Packit	8681c6	`if (flag == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`class = (CK_OBJECT_CLASS ) attr->pValue;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (class != CKO_PRIVATE_KEY) {`
Packit	8681c6	`TRACE_ERROR("This operation requires a private key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`ctx->context_len = sizeof(RSA_DIGEST_CONTEXT);`
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(RSA_DIGEST_CONTEXT));`
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(RSA_DIGEST_CONTEXT));`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS_PSS:`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_MODULUS, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`rc = check_pss_params(mech, attr->ulValueLen);`
Packit	8681c6	`if (rc != CKR_OK) {`
Packit	8681c6	`TRACE_DEVEL("check_pss_params failed.\n");`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_RSA) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// must be a PRIVATE key operation`
Packit	8681c6	`//`
Packit	8681c6	`flag = template_attribute_find(key_obj->template, CKA_CLASS, &attr);`
Packit	8681c6	`if (flag == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`class = (CK_OBJECT_CLASS ) attr->pValue;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (class != CKO_PRIVATE_KEY) {`
Packit	8681c6	`TRACE_ERROR("This operation requires a private key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`ctx->context_len = sizeof(DIGEST_CONTEXT);`
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(ctx->context_len);`
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, ctx->context_len);`
Packit	8681c6	`break;`
Packit	8681c6	`#if !(NODSA)`
Packit	8681c6	`case CKM_DSA:`
Packit	8681c6	`if (mech->ulParameterLen != 0) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_DSA) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// must be a PRIVATE key`
Packit	8681c6	`//`
Packit	8681c6	`flag = template_attribute_find(key_obj->template, CKA_CLASS, &attr);`
Packit	8681c6	`if (flag == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`class = (CK_OBJECT_CLASS ) attr->pValue;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// if it's not a private RSA key then we have an internal failure...`
Packit	8681c6	`// means that somehow a public key got assigned a CKA_SIGN attribute`
Packit	8681c6	`//`
Packit	8681c6	`if (class != CKO_PRIVATE_KEY) {`
Packit	8681c6	`TRACE_ERROR("This operation requires a private key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`// PKCS #11 doesn't allow multi-part DSA operations`
Packit	8681c6	`//`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6	`break;`
Packit	8681c6	`#endif`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_HMAC:`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_HMAC:`
Packit	8681c6	`if (mech->ulParameterLen != 0) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_GENERIC_SECRET) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`/* Note: It was previously believed that pkcs#11 did not`
Packit	8681c6	`* support hmac multipart. As a result, those tokens using the`
Packit	8681c6	`* locally implemented hmac helper functions do not support`
Packit	8681c6	`* multipart hmac.`
Packit	8681c6	`*/`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_SHA_1_HMAC:`
Packit	8681c6	`case CKM_SHA224_HMAC:`
Packit	8681c6	`case CKM_SHA256_HMAC:`
Packit	8681c6	`case CKM_SHA384_HMAC:`
Packit	8681c6	`case CKM_SHA512_HMAC:`
Packit	8681c6	`case CKM_SHA512_224_HMAC:`
Packit	8681c6	`case CKM_SHA512_256_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_224_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_256_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_384_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_512_HMAC:`
Packit	8681c6	`if (mech->ulParameterLen != 0) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_GENERIC_SECRET) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_KEY_TYPE_INCONSISTENT));`
Packit	8681c6	`rc = CKR_KEY_TYPE_INCONSISTENT;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// PKCS #11 doesn't allow multi-part HMAC operations`
Packit	8681c6	`//`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6
Packit	8681c6	`rc = hmac_sign_init(tokdata, sess, mech, key);`
Packit	8681c6	`if (rc != CKR_OK) {`
Packit	8681c6	`TRACE_ERROR("Failed to initialize hmac.\n");`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`break;`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_HMAC_GENERAL:`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_HMAC_GENERAL:`
Packit	8681c6	`{`
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`if ((mech->mechanism == CKM_MD2_HMAC_GENERAL) && (*param > 16)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`#endif`
Packit	8681c6
Packit	8681c6	`if ((mech->mechanism == CKM_MD5_HMAC_GENERAL) && (*param > 16)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE,`
Packit	8681c6	`&attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_GENERIC_SECRET) {`
Packit	8681c6	`TRACE_ERROR("A generic secret key is required.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// PKCS #11 doesn't allow multi-part HMAC operations`
Packit	8681c6	`//`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6	`}`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_SHA_1_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA256_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA384_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_256_HMAC_GENERAL:`
Packit	8681c6	`{`
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if ((mech->mechanism == CKM_SHA_1_HMAC_GENERAL) && (*param > 20)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`if ((mech->mechanism == CKM_SHA224_HMAC_GENERAL) && (*param > 28)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`if ((mech->mechanism == CKM_SHA256_HMAC_GENERAL) && (*param > 32)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`if ((mech->mechanism == CKM_SHA384_HMAC_GENERAL) && (*param > 48)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`if ((mech->mechanism == CKM_SHA512_HMAC_GENERAL) && (*param > 64)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`if ((mech->mechanism == CKM_SHA512_224_HMAC_GENERAL)`
Packit	8681c6	`&& (*param > 28)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`if ((mech->mechanism == CKM_SHA512_256_HMAC_GENERAL)`
Packit	8681c6	`&& (*param > 32)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_KEY_TYPE,`
Packit	8681c6	`&attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_KEY_TYPE for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`keytype = (CK_KEY_TYPE ) attr->pValue;`
Packit	8681c6	`if (keytype != CKK_GENERIC_SECRET) {`
Packit	8681c6	`TRACE_ERROR("A generic secret key is required.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`/* Note: It was previously believed that pkcs#11 did not`
Packit	8681c6	`* support hmac multipart. As a result, those tokens using the`
Packit	8681c6	`* locally implemented hmac helper functions do not support`
Packit	8681c6	`* multipart hmac.`
Packit	8681c6	`*/`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6
Packit	8681c6	`rc = hmac_sign_init(tokdata, sess, mech, key);`
Packit	8681c6	`if (rc != CKR_OK) {`
Packit	8681c6	`TRACE_ERROR("Failed to initialize hmac.\n");`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_SSL3_MD5_MAC:`
Packit	8681c6	`case CKM_SSL3_SHA1_MAC:`
Packit	8681c6	`{`
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`// FIXME - Netscape sets the parameter == 16. PKCS #11 limit is 8`
Packit	8681c6	`//`
Packit	8681c6	`if (mech->mechanism == CKM_SSL3_MD5_MAC) {`
Packit	8681c6	`if (param < 4 \|\| param > 16) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (mech->mechanism == CKM_SSL3_SHA1_MAC) {`
Packit	8681c6	`if (param < 4 \|\| param > 20) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`rc = template_attribute_find(key_obj->template, CKA_CLASS, &attr);`
Packit	8681c6	`if (rc == FALSE) {`
Packit	8681c6	`TRACE_ERROR("Could not find CKA_CLASS for the key.\n");`
Packit	8681c6	`rc = CKR_FUNCTION_FAILED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`} else {`
Packit	8681c6	`class = (CK_OBJECT_CLASS ) attr->pValue;`
Packit	8681c6	`if (class != CKO_SECRET_KEY) {`
Packit	8681c6	`TRACE_ERROR("This operation requires a secret key.\n");`
Packit	8681c6	`rc = CKR_KEY_FUNCTION_NOT_PERMITTED;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`ctx->context_len = sizeof(SSL3_MAC_CONTEXT);`
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(SSL3_MAC_CONTEXT));`
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(SSL3_MAC_CONTEXT));`
Packit	8681c6	`}`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_DES3_MAC:`
Packit	8681c6	`case CKM_DES3_MAC_GENERAL:`
Packit	8681c6	`if (mech->pParameter) {`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->mechanism == CKM_DES3_MAC_GENERAL) {`
Packit	8681c6	`if (param < 1 \|\| param > DES_BLOCK_SIZE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`} else {`
Packit	8681c6	`/* CKM_DES3_MAC should not have params */`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(DES_DATA_CONTEXT));`
Packit	8681c6	`ctx->context_len = sizeof(DES_DATA_CONTEXT);`
Packit	8681c6
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(DES_DATA_CONTEXT));`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_DES3_CMAC:`
Packit	8681c6	`case CKM_DES3_CMAC_GENERAL:`
Packit	8681c6	`if (mech->pParameter) {`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->mechanism == CKM_DES3_CMAC_GENERAL) {`
Packit	8681c6	`if (param < 1 \|\| param > DES_BLOCK_SIZE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`} else {`
Packit	8681c6	`/* CKM_DES3_CMAC should not have params */`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(DES_CMAC_CONTEXT));`
Packit	8681c6	`ctx->context_len = sizeof(DES_CMAC_CONTEXT);`
Packit	8681c6
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(DES_CMAC_CONTEXT));`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_AES_MAC:`
Packit	8681c6	`case CKM_AES_MAC_GENERAL:`
Packit	8681c6	`if (mech->pParameter) {`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->mechanism == CKM_AES_MAC_GENERAL) {`
Packit	8681c6	`if (param < 1 \|\| param > AES_BLOCK_SIZE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`} else {`
Packit	8681c6	`/* CKM_AES_MAC should not have params */`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(AES_DATA_CONTEXT));`
Packit	8681c6	`ctx->context_len = sizeof(AES_DATA_CONTEXT);`
Packit	8681c6
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(AES_DATA_CONTEXT));`
Packit	8681c6	`break;`
Packit	8681c6	`case CKM_AES_CMAC:`
Packit	8681c6	`case CKM_AES_CMAC_GENERAL:`
Packit	8681c6	`if (mech->pParameter) {`
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`CK_MAC_GENERAL_PARAMS *param =`
Packit	8681c6	`(CK_MAC_GENERAL_PARAMS *) mech->pParameter;`
Packit	8681c6
Packit	8681c6	`if (mech->mechanism == CKM_AES_CMAC_GENERAL) {`
Packit	8681c6	`if (param < 1 \|\| param > AES_BLOCK_SIZE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`} else {`
Packit	8681c6	`/* CKM_AES_CMAC should not have params */`
Packit	8681c6	`rc = CKR_MECHANISM_PARAM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`ctx->context = (CK_BYTE *) malloc(sizeof(AES_CMAC_CONTEXT));`
Packit	8681c6	`ctx->context_len = sizeof(AES_CMAC_CONTEXT);`
Packit	8681c6
Packit	8681c6	`if (!ctx->context) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memset(ctx->context, 0x0, sizeof(AES_CMAC_CONTEXT));`
Packit	8681c6	`break;`
Packit	8681c6	`default:`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));`
Packit	8681c6	`rc = CKR_MECHANISM_INVALID;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`if (mech->ulParameterLen > 0 && mech->pParameter != NULL) {`
Packit	8681c6	`ptr = (CK_BYTE *) malloc(mech->ulParameterLen);`
Packit	8681c6	`if (!ptr) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
Packit	8681c6	`rc = CKR_HOST_MEMORY;`
Packit	8681c6	`goto done;`
Packit	8681c6	`}`
Packit	8681c6	`memcpy(ptr, mech->pParameter, mech->ulParameterLen);`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`ctx->key = key;`
Packit	8681c6	`ctx->mech.ulParameterLen = mech->ulParameterLen;`
Packit	8681c6	`ctx->mech.mechanism = mech->mechanism;`
Packit	8681c6	`ctx->mech.pParameter = ptr;`
Packit	8681c6	`ctx->multi_init = FALSE;`
Packit	8681c6	`ctx->multi = FALSE;`
Packit	8681c6	`ctx->active = TRUE;`
Packit	8681c6	`ctx->recover = recover_mode;`
Packit	8681c6
Packit	8681c6	`rc = CKR_OK;`
Packit	8681c6
Packit	8681c6	`done:`
Packit	8681c6	`object_put(tokdata, key_obj, TRUE);`
Packit	8681c6	`key_obj = NULL;`
Packit	8681c6
Packit	8681c6	`return rc;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`//`
Packit	8681c6	`//`
Packit	8681c6	`CK_RV sign_mgr_cleanup(SIGN_VERIFY_CONTEXT *ctx)`
Packit	8681c6	`{`
Packit	8681c6	`if (!ctx) {`
Packit	8681c6	`TRACE_ERROR("Invalid function argument.\n");`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`ctx->key = 0;`
Packit	8681c6	`ctx->mech.ulParameterLen = 0;`
Packit	8681c6	`ctx->mech.mechanism = 0;`
Packit	8681c6	`ctx->multi_init = FALSE;`
Packit	8681c6	`ctx->multi = FALSE;`
Packit	8681c6	`ctx->active = FALSE;`
Packit	8681c6	`ctx->init_pending = FALSE;`
Packit	8681c6	`ctx->recover = FALSE;`
Packit	8681c6	`ctx->context_len = 0;`
Packit	8681c6
Packit	8681c6	`if (ctx->mech.pParameter) {`
Packit	8681c6	`free(ctx->mech.pParameter);`
Packit	8681c6	`ctx->mech.pParameter = NULL;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (ctx->context) {`
Packit	8681c6	`free(ctx->context);`
Packit	8681c6	`ctx->context = NULL;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`return CKR_OK;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`//`
Packit	8681c6	`//`
Packit	8681c6	`CK_RV sign_mgr_sign(STDLL_TokData_t *tokdata,`
Packit	8681c6	`SESSION *sess,`
Packit	8681c6	`CK_BBOOL length_only,`
Packit	8681c6	`SIGN_VERIFY_CONTEXT *ctx,`
Packit	8681c6	`CK_BYTE *in_data,`
Packit	8681c6	`CK_ULONG in_data_len,`
Packit	8681c6	`CK_BYTE out_data, CK_ULONG out_data_len)`
Packit	8681c6	`{`
Packit	8681c6	`if (!sess \|\| !ctx) {`
Packit	8681c6	`TRACE_ERROR("Invalid function arguments.\n");`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->active == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->recover == TRUE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi_init == FALSE) {`
Packit	8681c6	`ctx->multi = FALSE;`
Packit	8681c6	`ctx->multi_init = TRUE;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`// if the caller just wants the signature length, there is no reason to`
Packit	8681c6	`// specify the input data. I just need the input data length`
Packit	8681c6	`//`
Packit	8681c6	`if ((length_only == FALSE) && (!in_data \|\| !out_data)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi == TRUE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));`
Packit	8681c6	`return CKR_OPERATION_ACTIVE;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`switch (ctx->mech.mechanism) {`
Packit	8681c6	`case CKM_RSA_PKCS:`
Packit	8681c6	`return rsa_pkcs_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_RSA_X_509:`
Packit	8681c6	`return rsa_x509_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_RSA_PKCS_PSS:`
Packit	8681c6	`return rsa_pss_sign(tokdata, sess, length_only, ctx, in_data,`
Packit	8681c6	`in_data_len, out_data, out_data_len);`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_RSA_PKCS:`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS:`
Packit	8681c6	`return rsa_hash_pkcs_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS_PSS:`
Packit	8681c6	`return rsa_hash_pss_sign(tokdata, sess, length_only, ctx, in_data,`
Packit	8681c6	`in_data_len, out_data, out_data_len);`
Packit	8681c6	`#if !(NODSA)`
Packit	8681c6	`case CKM_DSA:`
Packit	8681c6	`return dsa_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`#endif`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_HMAC:`
Packit	8681c6	`case CKM_MD2_HMAC_GENERAL:`
Packit	8681c6	`return md2_hmac_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_HMAC:`
Packit	8681c6	`case CKM_MD5_HMAC_GENERAL:`
Packit	8681c6	`return md5_hmac_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_SHA_1_HMAC:`
Packit	8681c6	`case CKM_SHA_1_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA224_HMAC:`
Packit	8681c6	`case CKM_SHA224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA256_HMAC:`
Packit	8681c6	`case CKM_SHA256_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA384_HMAC:`
Packit	8681c6	`case CKM_SHA384_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_HMAC:`
Packit	8681c6	`case CKM_SHA512_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_224_HMAC:`
Packit	8681c6	`case CKM_SHA512_224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_256_HMAC:`
Packit	8681c6	`case CKM_SHA512_256_HMAC_GENERAL:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_224_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_256_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_384_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_512_HMAC:`
Packit Service	8aa27d	`return sha_hmac_sign(tokdata, sess, length_only, ctx,`
Packit Service	8aa27d	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_SSL3_MD5_MAC:`
Packit	8681c6	`case CKM_SSL3_SHA1_MAC:`
Packit	8681c6	`return ssl3_mac_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_ECDSA_SHA1:`
Packit	8681c6	`case CKM_ECDSA_SHA224:`
Packit	8681c6	`case CKM_ECDSA_SHA256:`
Packit	8681c6	`case CKM_ECDSA_SHA384:`
Packit	8681c6	`case CKM_ECDSA_SHA512:`
Packit	8681c6	`return ec_hash_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_ECDSA:`
Packit	8681c6	`return ec_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_DES3_MAC:`
Packit	8681c6	`case CKM_DES3_MAC_GENERAL:`
Packit	8681c6	`return des3_mac_sign(tokdata, sess, length_only, ctx, in_data,`
Packit	8681c6	`in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_DES3_CMAC:`
Packit	8681c6	`case CKM_DES3_CMAC_GENERAL:`
Packit	8681c6	`return des3_cmac_sign(tokdata, sess, length_only, ctx, in_data,`
Packit	8681c6	`in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_AES_MAC:`
Packit	8681c6	`case CKM_AES_MAC_GENERAL:`
Packit	8681c6	`return aes_mac_sign(tokdata, sess, length_only, ctx, in_data,`
Packit	8681c6	`in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_AES_CMAC:`
Packit	8681c6	`case CKM_AES_CMAC_GENERAL:`
Packit	8681c6	`return aes_cmac_sign(tokdata, sess, length_only, ctx, in_data,`
Packit	8681c6	`in_data_len, out_data, out_data_len);`
Packit	8681c6	`default:`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));`
Packit	8681c6	`return CKR_MECHANISM_INVALID;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));`
Packit	8681c6
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`//`
Packit	8681c6	`//`
Packit	8681c6	`CK_RV sign_mgr_sign_update(STDLL_TokData_t *tokdata,`
Packit	8681c6	`SESSION *sess,`
Packit	8681c6	`SIGN_VERIFY_CONTEXT *ctx,`
Packit	8681c6	`CK_BYTE *in_data, CK_ULONG in_data_len)`
Packit	8681c6	`{`
Packit	8681c6	`if (!sess \|\| !ctx) {`
Packit	8681c6	`TRACE_ERROR("Invalid function arguments.\n");`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`if (ctx->active == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->recover == TRUE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi_init == FALSE) {`
Packit	8681c6	`ctx->multi = TRUE;`
Packit	8681c6	`ctx->multi_init = TRUE;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));`
Packit	8681c6	`return CKR_OPERATION_ACTIVE;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`switch (ctx->mech.mechanism) {`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_RSA_PKCS:`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS:`
Packit	8681c6	`return rsa_hash_pkcs_sign_update(tokdata, sess, ctx, in_data,`
Packit	8681c6	`in_data_len);`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS_PSS:`
Packit	8681c6	`return rsa_hash_pss_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_SSL3_MD5_MAC:`
Packit	8681c6	`case CKM_SSL3_SHA1_MAC:`
Packit	8681c6	`return ssl3_mac_sign_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_DES3_MAC:`
Packit	8681c6	`case CKM_DES3_MAC_GENERAL:`
Packit	8681c6	`return des3_mac_sign_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_DES3_CMAC:`
Packit	8681c6	`case CKM_DES3_CMAC_GENERAL:`
Packit	8681c6	`return des3_cmac_sign_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_AES_MAC:`
Packit	8681c6	`case CKM_AES_MAC_GENERAL:`
Packit	8681c6	`return aes_mac_sign_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_AES_CMAC:`
Packit	8681c6	`case CKM_AES_CMAC_GENERAL:`
Packit	8681c6	`return aes_cmac_sign_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_ECDSA_SHA1:`
Packit	8681c6	`case CKM_ECDSA_SHA224:`
Packit	8681c6	`case CKM_ECDSA_SHA256:`
Packit	8681c6	`case CKM_ECDSA_SHA384:`
Packit	8681c6	`case CKM_ECDSA_SHA512:`
Packit	8681c6	`return ec_hash_sign_update(tokdata, sess, ctx, in_data, in_data_len);`
Packit	8681c6	`case CKM_SHA_1_HMAC:`
Packit	8681c6	`case CKM_SHA224_HMAC:`
Packit	8681c6	`case CKM_SHA256_HMAC:`
Packit	8681c6	`case CKM_SHA384_HMAC:`
Packit	8681c6	`case CKM_SHA512_HMAC:`
Packit	8681c6	`case CKM_SHA512_224_HMAC:`
Packit	8681c6	`case CKM_SHA512_256_HMAC:`
Packit	8681c6	`case CKM_SHA_1_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA256_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA384_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_256_HMAC_GENERAL:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_224_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_256_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_384_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_512_HMAC:`
Packit	8681c6	`return hmac_sign_update(tokdata, sess, in_data, in_data_len);`
Packit	8681c6	`default:`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));`
Packit	8681c6	`return CKR_MECHANISM_INVALID;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));`
Packit	8681c6
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`//`
Packit	8681c6	`//`
Packit	8681c6	`CK_RV sign_mgr_sign_final(STDLL_TokData_t *tokdata,`
Packit	8681c6	`SESSION *sess,`
Packit	8681c6	`CK_BBOOL length_only,`
Packit	8681c6	`SIGN_VERIFY_CONTEXT *ctx,`
Packit	8681c6	`CK_BYTE signature, CK_ULONG sig_len)`
Packit	8681c6	`{`
Packit	8681c6	`if (!sess \|\| !ctx) {`
Packit	8681c6	`TRACE_ERROR("Invalid function arguments.\n");`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->active == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->recover == TRUE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi_init == FALSE) {`
Packit	8681c6	`ctx->multi = TRUE;`
Packit	8681c6	`ctx->multi_init = TRUE;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));`
Packit	8681c6	`return CKR_OPERATION_ACTIVE;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`switch (ctx->mech.mechanism) {`
Packit	8681c6	`#if !(NOMD2)`
Packit	8681c6	`case CKM_MD2_RSA_PKCS:`
Packit	8681c6	`#endif`
Packit	8681c6	`case CKM_MD5_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS:`
Packit	8681c6	`return rsa_hash_pkcs_sign_final(tokdata, sess, length_only, ctx,`
Packit	8681c6	`signature, sig_len);`
Packit	8681c6	`case CKM_SHA1_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA224_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA256_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA384_RSA_PKCS_PSS:`
Packit	8681c6	`case CKM_SHA512_RSA_PKCS_PSS:`
Packit	8681c6	`return rsa_hash_pss_sign_final(tokdata, sess, length_only, ctx,`
Packit	8681c6	`signature, sig_len);`
Packit	8681c6	`case CKM_SSL3_MD5_MAC:`
Packit	8681c6	`case CKM_SSL3_SHA1_MAC:`
Packit	8681c6	`return ssl3_mac_sign_final(tokdata, sess, length_only, ctx, signature,`
Packit	8681c6	`sig_len);`
Packit	8681c6	`case CKM_DES3_MAC:`
Packit	8681c6	`case CKM_DES3_MAC_GENERAL:`
Packit	8681c6	`return des3_mac_sign_final(tokdata, sess, length_only, ctx,`
Packit	8681c6	`signature, sig_len);`
Packit	8681c6	`case CKM_DES3_CMAC:`
Packit	8681c6	`case CKM_DES3_CMAC_GENERAL:`
Packit	8681c6	`return des3_cmac_sign_final(tokdata, sess, length_only, ctx,`
Packit	8681c6	`signature, sig_len);`
Packit	8681c6	`case CKM_AES_MAC:`
Packit	8681c6	`case CKM_AES_MAC_GENERAL:`
Packit	8681c6	`return aes_mac_sign_final(tokdata, sess, length_only, ctx, signature,`
Packit	8681c6	`sig_len);`
Packit	8681c6	`case CKM_AES_CMAC:`
Packit	8681c6	`case CKM_AES_CMAC_GENERAL:`
Packit	8681c6	`return aes_cmac_sign_final(tokdata, sess, length_only, ctx, signature,`
Packit	8681c6	`sig_len);`
Packit	8681c6	`case CKM_ECDSA_SHA1:`
Packit	8681c6	`case CKM_ECDSA_SHA224:`
Packit	8681c6	`case CKM_ECDSA_SHA256:`
Packit	8681c6	`case CKM_ECDSA_SHA384:`
Packit	8681c6	`case CKM_ECDSA_SHA512:`
Packit	8681c6	`return ec_hash_sign_final(tokdata, sess, length_only, ctx, signature,`
Packit	8681c6	`sig_len);`
Packit	8681c6	`case CKM_SHA_1_HMAC:`
Packit	8681c6	`case CKM_SHA224_HMAC:`
Packit	8681c6	`case CKM_SHA256_HMAC:`
Packit	8681c6	`case CKM_SHA384_HMAC:`
Packit	8681c6	`case CKM_SHA512_HMAC:`
Packit	8681c6	`case CKM_SHA512_224_HMAC:`
Packit	8681c6	`case CKM_SHA512_256_HMAC:`
Packit	8681c6	`case CKM_SHA_1_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA256_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA384_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_224_HMAC_GENERAL:`
Packit	8681c6	`case CKM_SHA512_256_HMAC_GENERAL:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_224_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_256_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_384_HMAC:`
Packit Service	8aa27d	`case CKM_IBM_SHA3_512_HMAC:`
Packit	8681c6	`return hmac_sign_final(tokdata, sess, signature, sig_len);`
Packit	8681c6	`default:`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));`
Packit	8681c6	`return CKR_MECHANISM_INVALID;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));`
Packit	8681c6
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6
Packit	8681c6	`//`
Packit	8681c6	`//`
Packit	8681c6	`CK_RV sign_mgr_sign_recover(STDLL_TokData_t *tokdata,`
Packit	8681c6	`SESSION *sess,`
Packit	8681c6	`CK_BBOOL length_only,`
Packit	8681c6	`SIGN_VERIFY_CONTEXT *ctx,`
Packit	8681c6	`CK_BYTE *in_data,`
Packit	8681c6	`CK_ULONG in_data_len,`
Packit	8681c6	`CK_BYTE out_data, CK_ULONG out_data_len)`
Packit	8681c6	`{`
Packit	8681c6	`if (!sess \|\| !ctx) {`
Packit	8681c6	`TRACE_ERROR("Invalid function arguments.\n");`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->active == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->recover == FALSE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));`
Packit	8681c6	`return CKR_OPERATION_NOT_INITIALIZED;`
Packit	8681c6	`}`
Packit	8681c6	`// if the caller just wants the signature length, there is no reason to`
Packit	8681c6	`// specify the input data. I just need the input data length`
Packit	8681c6	`//`
Packit	8681c6	`if ((length_only == FALSE) && (!in_data \|\| !out_data)) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));`
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`
Packit	8681c6	`if (ctx->multi == TRUE) {`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));`
Packit	8681c6	`return CKR_OPERATION_ACTIVE;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`switch (ctx->mech.mechanism) {`
Packit	8681c6	`case CKM_RSA_PKCS:`
Packit	8681c6	`// we can use the same sign mechanism to do sign-recover`
Packit	8681c6	`//`
Packit	8681c6	`return rsa_pkcs_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`case CKM_RSA_X_509:`
Packit	8681c6	`return rsa_x509_sign(tokdata, sess, length_only, ctx,`
Packit	8681c6	`in_data, in_data_len, out_data, out_data_len);`
Packit	8681c6	`default:`
Packit	8681c6	`TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_INVALID));`
Packit	8681c6	`return CKR_MECHANISM_INVALID;`
Packit	8681c6	`}`
Packit	8681c6
Packit	8681c6	`TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));`
Packit	8681c6
Packit	8681c6	`return CKR_FUNCTION_FAILED;`
Packit	8681c6	`}`

source-git / opencryptoki

Source Code

Blame usr/lib/common/sign_mgr.c