CK_RV digest_mgr_digest_key( STDLL_TokData_t *tokdata, SESSION * sess, DIGEST_CONTEXT * ctx, CK_OBJECT_HANDLE key_handle ) { CK_ATTRIBUTE * attr = NULL; OBJECT * key_obj = NULL; CK_OBJECT_CLASS class; CK_RV rc; if (!sess || !ctx){ TRACE_ERROR("Invalid function arguments.\n"); return CKR_FUNCTION_FAILED; } rc = object_mgr_find_in_map1( tokdata, key_handle, &key_obj ); if (rc != CKR_OK){ TRACE_ERROR("%s\n", ock_err(ERR_KEY_HANDLE_INVALID)); rc = CKR_KEY_HANDLE_INVALID; goto out; } // only allow digesting of CKO_SECRET keys // rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr );
CK_RV dsa_sign( SESSION * sess, CK_BBOOL length_only, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, CK_ULONG * out_data_len ) { OBJECT *key_obj = NULL; CK_ATTRIBUTE *attr = NULL; CK_BYTE sig[DSA_SIGNATURE_SIZE]; CK_OBJECT_CLASS class; CK_BBOOL flag; CK_RV rc; rc = object_mgr_find_in_map1( ctx->key, &key_obj ); if (rc != CKR_OK){ OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP); return rc; } // must be a PRIVATE key operation // flag = template_attribute_find( key_obj->template, CKA_CLASS, &attr );
CK_RV verify_mgr_init(SESSION * sess, SIGN_VERIFY_CONTEXT * ctx, CK_MECHANISM * mech, CK_BBOOL recover_mode, CK_OBJECT_HANDLE key) { OBJECT * key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_KEY_TYPE keytype; CK_OBJECT_CLASS class; CK_BBOOL flag; CK_RV rc; if (! sess || ! ctx) { return (CKR_FUNCTION_FAILED); } if (ctx->active != FALSE) { return (CKR_OPERATION_ACTIVE); } // key usage restrictions // rc = object_mgr_find_in_map1(sess->hContext, key, &key_obj); if (rc != CKR_OK) { return (CKR_KEY_HANDLE_INVALID); } // is key allowed to verify signatures? // rc = template_attribute_find(key_obj->template, CKA_VERIFY, &attr);
CK_RV des3_ecb_encrypt( SESSION *sess, CK_BBOOL length_only, ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len ) { OBJECT *key = NULL; CK_ATTRIBUTE *attr = NULL; CK_BYTE key_value[3*DES_KEY_SIZE]; CK_KEY_TYPE keytype; CK_RV rc; if (!sess || !ctx || !out_data_len){ OCK_LOG_ERR(ERR_FUNCTION_FAILED); return CKR_FUNCTION_FAILED; } // CKM_DES3_ECB requires the input data to be an integral // multiple of the block size // if (in_data_len % DES_BLOCK_SIZE != 0){ OCK_LOG_ERR(ERR_DATA_LEN_RANGE); return CKR_DATA_LEN_RANGE; } rc = object_mgr_find_in_map1( ctx->key, &key ); if (rc != CKR_OK){ OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP); return rc; } rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
// this routine gets called for two mechanisms actually: // CKM_MD2_HMAC // CKM_MD2_HMAC_GENERAL // CK_RV md2_hmac_sign( STDLL_TokData_t *tokdata, SESSION * sess, CK_BBOOL length_only, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, CK_ULONG * out_data_len ) { OBJECT * key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE hash[MD2_HASH_SIZE]; DIGEST_CONTEXT digest_ctx; CK_MECHANISM digest_mech; CK_BYTE k_ipad[MD2_BLOCK_SIZE]; CK_BYTE k_opad[MD2_BLOCK_SIZE]; CK_ULONG key_bytes, hash_len, hmac_len; CK_ULONG i; CK_RV rc; if (!sess || !ctx || !out_data_len){ TRACE_ERROR("%s received bad argument(s)\n", __FUNCTION__); return CKR_FUNCTION_FAILED; } if (ctx->mech.mechanism == CKM_MD2_HMAC_GENERAL) { hmac_len = *(CK_ULONG *)ctx->mech.pParameter; if (hmac_len == 0) { *out_data_len = 0; return CKR_OK; } } else hmac_len = MD2_HASH_SIZE; if (length_only == TRUE) { *out_data_len = hmac_len; return CKR_OK; } memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); rc = object_mgr_find_in_map1( tokdata, ctx->key, &key_obj ); if (rc != CKR_OK){ TRACE_ERROR("Failed to acquire key from specified handle"); if (rc == CKR_OBJECT_HANDLE_INVALID) return CKR_KEY_HANDLE_INVALID; else return rc; } rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
// this routine gets called for two mechanisms actually: // CKM_MD2_HMAC // CKM_MD2_HMAC_GENERAL // CK_RV md2_hmac_sign( SESSION * sess, CK_BBOOL length_only, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, CK_ULONG * out_data_len ) { OBJECT * key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE hash[MD2_HASH_SIZE]; DIGEST_CONTEXT digest_ctx; CK_MECHANISM digest_mech; CK_BYTE k_ipad[MD2_BLOCK_SIZE]; CK_BYTE k_opad[MD2_BLOCK_SIZE]; CK_ULONG key_bytes, hash_len, hmac_len; CK_ULONG i; CK_RV rc; if (!sess || !ctx || !out_data_len) { OCK_LOG_ERR(ERR_FUNCTION_FAILED); return CKR_FUNCTION_FAILED; } if (ctx->mech.mechanism == CKM_MD2_HMAC_GENERAL) { hmac_len = *(CK_ULONG *)ctx->mech.pParameter; if (hmac_len == 0) { *out_data_len = 0; return CKR_OK; } } else hmac_len = MD2_HASH_SIZE; if (length_only == TRUE) { *out_data_len = hmac_len; return CKR_OK; } memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); rc = object_mgr_find_in_map1( ctx->key, &key_obj ); if (rc != CKR_OK) { OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP); return rc; } rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
CK_RV sha1_hmac_sign(SESSION * sess, CK_BBOOL length_only, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, CK_ULONG * out_data_len) { OBJECT * key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE hash[SHA1_DIGEST_LENGTH]; DIGEST_CONTEXT digest_ctx; CK_MECHANISM digest_mech; CK_BYTE k_ipad[SHA1_BLOCK_SIZE]; CK_BYTE k_opad[SHA1_BLOCK_SIZE]; CK_ULONG key_bytes, hash_len, hmac_len; CK_ULONG i; CK_RV rc; if (! sess || ! ctx || ! out_data_len) { return (CKR_FUNCTION_FAILED); } if (ctx->mech.mechanism == CKM_SHA_1_HMAC_GENERAL) { hmac_len = *(CK_ULONG *)ctx->mech.pParameter; if (hmac_len == 0) { *out_data_len = 0; return (CKR_OK); } } else { hmac_len = SHA1_DIGEST_LENGTH; } *out_data_len = hmac_len; if (length_only == TRUE) { return (CKR_OK); } (void) memset(&digest_ctx, 0x0, sizeof (DIGEST_CONTEXT)); rc = object_mgr_find_in_map1(sess->hContext, ctx->key, &key_obj); if (rc != CKR_OK) { return (rc); } rc = template_attribute_find(key_obj->template, CKA_VALUE, &attr);
CK_RV decr_mgr_init( SESSION *sess, ENCR_DECR_CONTEXT *ctx, CK_ULONG operation, CK_MECHANISM *mech, CK_OBJECT_HANDLE key_handle ) { OBJECT * key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE * ptr = NULL; CK_KEY_TYPE keytype; CK_BBOOL flag; CK_RV rc; if (!sess){ OCK_LOG_ERR(ERR_FUNCTION_FAILED); return CKR_FUNCTION_FAILED; } if (ctx->active != FALSE){ OCK_LOG_ERR(ERR_OPERATION_ACTIVE); return CKR_OPERATION_ACTIVE; } // key usage restrictions // if (operation == OP_DECRYPT_INIT) { rc = object_mgr_find_in_map1( key_handle, &key_obj ); if (rc != CKR_OK){ OCK_LOG_ERR(ERR_KEY_HANDLE_INVALID); return CKR_KEY_HANDLE_INVALID; } // is key allowed to do general decryption? // rc = template_attribute_find( key_obj->template, CKA_DECRYPT, &attr );