CK_RV
digest_mgr_digest_key( STDLL_TokData_t *tokdata,
SESSION * sess,
DIGEST_CONTEXT * ctx,
CK_OBJECT_HANDLE key_handle )
{
CK_ATTRIBUTE * attr = NULL;
OBJECT * key_obj = NULL;
CK_OBJECT_CLASS class;
CK_RV rc;
if (!sess || !ctx){
TRACE_ERROR("Invalid function arguments.\n");
return CKR_FUNCTION_FAILED;
}
rc = object_mgr_find_in_map1( tokdata, key_handle, &key_obj );
if (rc != CKR_OK){
TRACE_ERROR("%s\n", ock_err(ERR_KEY_HANDLE_INVALID));
rc = CKR_KEY_HANDLE_INVALID;
goto out;
}
// only allow digesting of CKO_SECRET keys
//
rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr );
CK_RV
dsa_sign( SESSION * sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT * ctx,
CK_BYTE * in_data,
CK_ULONG in_data_len,
CK_BYTE * out_data,
CK_ULONG * out_data_len )
{
OBJECT *key_obj = NULL;
CK_ATTRIBUTE *attr = NULL;
CK_BYTE sig[DSA_SIGNATURE_SIZE];
CK_OBJECT_CLASS class;
CK_BBOOL flag;
CK_RV rc;
rc = object_mgr_find_in_map1( ctx->key, &key_obj );
if (rc != CKR_OK){
OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP);
return rc;
}
// must be a PRIVATE key operation
//
flag = template_attribute_find( key_obj->template, CKA_CLASS, &attr );
CK_RV
verify_mgr_init(SESSION * sess,
SIGN_VERIFY_CONTEXT * ctx,
CK_MECHANISM * mech,
CK_BBOOL recover_mode,
CK_OBJECT_HANDLE key)
{
OBJECT * key_obj = NULL;
CK_ATTRIBUTE * attr = NULL;
CK_KEY_TYPE keytype;
CK_OBJECT_CLASS class;
CK_BBOOL flag;
CK_RV rc;
if (! sess || ! ctx) {
return (CKR_FUNCTION_FAILED);
}
if (ctx->active != FALSE) {
return (CKR_OPERATION_ACTIVE);
}
// key usage restrictions
//
rc = object_mgr_find_in_map1(sess->hContext, key, &key_obj);
if (rc != CKR_OK) {
return (CKR_KEY_HANDLE_INVALID);
}
// is key allowed to verify signatures?
//
rc = template_attribute_find(key_obj->template, CKA_VERIFY, &attr);
CK_RV
des3_ecb_encrypt( SESSION *sess,
CK_BBOOL length_only,
ENCR_DECR_CONTEXT *ctx,
CK_BYTE *in_data,
CK_ULONG in_data_len,
CK_BYTE *out_data,
CK_ULONG *out_data_len )
{
OBJECT *key = NULL;
CK_ATTRIBUTE *attr = NULL;
CK_BYTE key_value[3*DES_KEY_SIZE];
CK_KEY_TYPE keytype;
CK_RV rc;
if (!sess || !ctx || !out_data_len){
OCK_LOG_ERR(ERR_FUNCTION_FAILED);
return CKR_FUNCTION_FAILED;
}
// CKM_DES3_ECB requires the input data to be an integral
// multiple of the block size
//
if (in_data_len % DES_BLOCK_SIZE != 0){
OCK_LOG_ERR(ERR_DATA_LEN_RANGE);
return CKR_DATA_LEN_RANGE;
}
rc = object_mgr_find_in_map1( ctx->key, &key );
if (rc != CKR_OK){
OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP);
return rc;
}
rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
// this routine gets called for two mechanisms actually:
// CKM_MD2_HMAC
// CKM_MD2_HMAC_GENERAL
//
CK_RV
md2_hmac_sign( STDLL_TokData_t *tokdata,
SESSION * sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT * ctx,
CK_BYTE * in_data,
CK_ULONG in_data_len,
CK_BYTE * out_data,
CK_ULONG * out_data_len )
{
OBJECT * key_obj = NULL;
CK_ATTRIBUTE * attr = NULL;
CK_BYTE hash[MD2_HASH_SIZE];
DIGEST_CONTEXT digest_ctx;
CK_MECHANISM digest_mech;
CK_BYTE k_ipad[MD2_BLOCK_SIZE];
CK_BYTE k_opad[MD2_BLOCK_SIZE];
CK_ULONG key_bytes, hash_len, hmac_len;
CK_ULONG i;
CK_RV rc;
if (!sess || !ctx || !out_data_len){
TRACE_ERROR("%s received bad argument(s)\n", __FUNCTION__);
return CKR_FUNCTION_FAILED;
}
if (ctx->mech.mechanism == CKM_MD2_HMAC_GENERAL) {
hmac_len = *(CK_ULONG *)ctx->mech.pParameter;
if (hmac_len == 0)
{
*out_data_len = 0;
return CKR_OK;
}
}
else
hmac_len = MD2_HASH_SIZE;
if (length_only == TRUE) {
*out_data_len = hmac_len;
return CKR_OK;
}
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
rc = object_mgr_find_in_map1( tokdata, ctx->key, &key_obj );
if (rc != CKR_OK){
TRACE_ERROR("Failed to acquire key from specified handle");
if (rc == CKR_OBJECT_HANDLE_INVALID)
return CKR_KEY_HANDLE_INVALID;
else
return rc;
}
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
// this routine gets called for two mechanisms actually:
// CKM_MD2_HMAC
// CKM_MD2_HMAC_GENERAL
//
CK_RV
md2_hmac_sign( SESSION * sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT * ctx,
CK_BYTE * in_data,
CK_ULONG in_data_len,
CK_BYTE * out_data,
CK_ULONG * out_data_len )
{
OBJECT * key_obj = NULL;
CK_ATTRIBUTE * attr = NULL;
CK_BYTE hash[MD2_HASH_SIZE];
DIGEST_CONTEXT digest_ctx;
CK_MECHANISM digest_mech;
CK_BYTE k_ipad[MD2_BLOCK_SIZE];
CK_BYTE k_opad[MD2_BLOCK_SIZE];
CK_ULONG key_bytes, hash_len, hmac_len;
CK_ULONG i;
CK_RV rc;
if (!sess || !ctx || !out_data_len) {
OCK_LOG_ERR(ERR_FUNCTION_FAILED);
return CKR_FUNCTION_FAILED;
}
if (ctx->mech.mechanism == CKM_MD2_HMAC_GENERAL) {
hmac_len = *(CK_ULONG *)ctx->mech.pParameter;
if (hmac_len == 0)
{
*out_data_len = 0;
return CKR_OK;
}
}
else
hmac_len = MD2_HASH_SIZE;
if (length_only == TRUE) {
*out_data_len = hmac_len;
return CKR_OK;
}
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
rc = object_mgr_find_in_map1( ctx->key, &key_obj );
if (rc != CKR_OK) {
OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP);
return rc;
}
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
CK_RV
sha1_hmac_sign(SESSION * sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT * ctx,
CK_BYTE * in_data,
CK_ULONG in_data_len,
CK_BYTE * out_data,
CK_ULONG * out_data_len) {
OBJECT * key_obj = NULL;
CK_ATTRIBUTE * attr = NULL;
CK_BYTE hash[SHA1_DIGEST_LENGTH];
DIGEST_CONTEXT digest_ctx;
CK_MECHANISM digest_mech;
CK_BYTE k_ipad[SHA1_BLOCK_SIZE];
CK_BYTE k_opad[SHA1_BLOCK_SIZE];
CK_ULONG key_bytes, hash_len, hmac_len;
CK_ULONG i;
CK_RV rc;
if (! sess || ! ctx || ! out_data_len) {
return (CKR_FUNCTION_FAILED);
}
if (ctx->mech.mechanism == CKM_SHA_1_HMAC_GENERAL) {
hmac_len = *(CK_ULONG *)ctx->mech.pParameter;
if (hmac_len == 0) {
*out_data_len = 0;
return (CKR_OK);
}
} else {
hmac_len = SHA1_DIGEST_LENGTH;
}
*out_data_len = hmac_len;
if (length_only == TRUE) {
return (CKR_OK);
}
(void) memset(&digest_ctx, 0x0, sizeof (DIGEST_CONTEXT));
rc = object_mgr_find_in_map1(sess->hContext, ctx->key, &key_obj);
if (rc != CKR_OK) {
return (rc);
}
rc = template_attribute_find(key_obj->template, CKA_VALUE, &attr);
CK_RV
decr_mgr_init( SESSION *sess,
ENCR_DECR_CONTEXT *ctx,
CK_ULONG operation,
CK_MECHANISM *mech,
CK_OBJECT_HANDLE key_handle )
{
OBJECT * key_obj = NULL;
CK_ATTRIBUTE * attr = NULL;
CK_BYTE * ptr = NULL;
CK_KEY_TYPE keytype;
CK_BBOOL flag;
CK_RV rc;
if (!sess){
OCK_LOG_ERR(ERR_FUNCTION_FAILED);
return CKR_FUNCTION_FAILED;
}
if (ctx->active != FALSE){
OCK_LOG_ERR(ERR_OPERATION_ACTIVE);
return CKR_OPERATION_ACTIVE;
}
// key usage restrictions
//
if (operation == OP_DECRYPT_INIT)
{
rc = object_mgr_find_in_map1( key_handle, &key_obj );
if (rc != CKR_OK){
OCK_LOG_ERR(ERR_KEY_HANDLE_INVALID);
return CKR_KEY_HANDLE_INVALID;
}
// is key allowed to do general decryption?
//
rc = template_attribute_find( key_obj->template, CKA_DECRYPT, &attr );
