sign_mgr.c

IBM的Linux上的PKCS#11实现

            if (!ctx->context){
               st_err_log(0, __FILE__, __LINE__); 
               return CKR_HOST_MEMORY;
            }
            memset( ctx->context, 0x0, sizeof(SSL3_MAC_CONTEXT));
         }
         break;

      default:
         st_err_log(28, __FILE__, __LINE__); 
         return CKR_MECHANISM_INVALID;
   }


   if (mech->ulParameterLen > 0) {
      ptr = (CK_BYTE *)malloc(mech->ulParameterLen);
      if (!ptr){
         st_err_log(0, __FILE__, __LINE__); 
         return CKR_HOST_MEMORY;
      }
      memcpy( ptr, mech->pParameter, mech->ulParameterLen );
   }

   ctx->key                 = key;
   ctx->mech.ulParameterLen = mech->ulParameterLen;
   ctx->mech.mechanism      = mech->mechanism;
   ctx->mech.pParameter     = ptr;
   ctx->multi               = FALSE;
   ctx->active              = TRUE;
   ctx->recover             = recover_mode;

   return CKR_OK;
}


//
//
CK_RV
sign_mgr_cleanup( SIGN_VERIFY_CONTEXT *ctx )
{
   if (!ctx){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   ctx->key                 = 0;
   ctx->mech.ulParameterLen = 0;
   ctx->mech.mechanism      = 0;
   ctx->multi               = FALSE;
   ctx->active              = FALSE;
   ctx->recover             = FALSE;
   ctx->context_len         = 0;

   if (ctx->mech.pParameter) {
      free( ctx->mech.pParameter );
      ctx->mech.pParameter = NULL;
   }

   if (ctx->context) {
      free( ctx->context );
      ctx->context = NULL;
   }

   return CKR_OK;
}


//
//
CK_RV
sign_mgr_sign( SESSION              * sess,
               CK_BBOOL               length_only,
               SIGN_VERIFY_CONTEXT  * ctx,
               CK_BYTE              * in_data,
               CK_ULONG               in_data_len,
               CK_BYTE              * out_data,
               CK_ULONG             * out_data_len )
{
   if (!sess || !ctx){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (ctx->active == FALSE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   if (ctx->recover == TRUE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }

   // if the caller just wants the signature length, there is no reason to
   // specify the input data.  I just need the input data length
   //
   if ((length_only == FALSE) && (!in_data || !out_data)){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (ctx->multi == TRUE){
      st_err_log(31, __FILE__, __LINE__); 
      return CKR_OPERATION_ACTIVE;
   }
   switch (ctx->mech.mechanism) {
      case CKM_RSA_PKCS:
         return rsa_pkcs_sign( sess,     length_only,  ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

      case CKM_RSA_X_509:
         return rsa_x509_sign( sess,     length_only,  ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

#if !(NOMD2)
      case CKM_MD2_RSA_PKCS:
#endif
      case CKM_MD5_RSA_PKCS:
      case CKM_SHA1_RSA_PKCS:
         return rsa_hash_pkcs_sign( sess,     length_only, ctx,
                                    in_data,  in_data_len,
                                    out_data, out_data_len );

#if !(NODSA)
      case CKM_DSA:
         return dsa_sign( sess,     length_only,  ctx,
                          in_data,  in_data_len,
                          out_data, out_data_len );
#endif

#if !(NOMD2)
      case CKM_MD2_HMAC:
      case CKM_MD2_HMAC_GENERAL:
         return md2_hmac_sign( sess,     length_only, ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );
#endif

      case CKM_MD5_HMAC:
      case CKM_MD5_HMAC_GENERAL:
         return md5_hmac_sign( sess,     length_only, ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

      case CKM_SHA_1_HMAC:
      case CKM_SHA_1_HMAC_GENERAL:
         return sha1_hmac_sign( sess,     length_only, ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

      case CKM_SSL3_MD5_MAC:
      case CKM_SSL3_SHA1_MAC:
         return ssl3_mac_sign( sess,     length_only, ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

      default:
         st_err_log(28, __FILE__, __LINE__); 
         return CKR_MECHANISM_INVALID;
   }

   st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
   return CKR_FUNCTION_FAILED;
}


//
//
CK_RV
sign_mgr_sign_update( SESSION             * sess,
                      SIGN_VERIFY_CONTEXT * ctx,
                      CK_BYTE             * in_data,
                      CK_ULONG              in_data_len )
{
   if (!sess || !ctx || !in_data){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }

   if (ctx->active == FALSE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   if (ctx->recover == TRUE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   ctx->multi = TRUE;

   switch (ctx->mech.mechanism) {
#if !(NOMD2)
      case CKM_MD2_RSA_PKCS:
#endif
      case CKM_MD5_RSA_PKCS:
      case CKM_SHA1_RSA_PKCS:
         return rsa_hash_pkcs_sign_update( sess, ctx, in_data, in_data_len );

      case CKM_SSL3_MD5_MAC:
      case CKM_SSL3_SHA1_MAC:
         return ssl3_mac_sign_update( sess, ctx, in_data, in_data_len );

      default:
         st_err_log(28, __FILE__, __LINE__); 
         return CKR_MECHANISM_INVALID;
   }
   st_err_log(28, __FILE__, __LINE__); 
   return CKR_MECHANISM_INVALID;
}


//
//
CK_RV
sign_mgr_sign_final( SESSION             * sess,
                     CK_BBOOL              length_only,
                     SIGN_VERIFY_CONTEXT * ctx,
                     CK_BYTE             * signature,
                     CK_ULONG            * sig_len )
{
   if (!sess || !ctx){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (ctx->active == FALSE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   if (ctx->recover == TRUE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   switch (ctx->mech.mechanism) {
#if !(NOMD2)
      case CKM_MD2_RSA_PKCS:
#endif
      case CKM_MD5_RSA_PKCS:
      case CKM_SHA1_RSA_PKCS:
         return rsa_hash_pkcs_sign_final( sess, length_only, ctx, signature, sig_len );

      case CKM_SSL3_MD5_MAC:
      case CKM_SSL3_SHA1_MAC:
         return ssl3_mac_sign_final( sess, length_only, ctx, signature, sig_len );

      default:
         st_err_log(28, __FILE__, __LINE__); 
         return CKR_MECHANISM_INVALID;
   }

   st_err_log(28, __FILE__, __LINE__); 
   return CKR_MECHANISM_INVALID;
}


//
//
CK_RV
sign_mgr_sign_recover( SESSION             * sess,
                       CK_BBOOL              length_only,
                       SIGN_VERIFY_CONTEXT * ctx,
                       CK_BYTE             * in_data,
                       CK_ULONG              in_data_len,
                       CK_BYTE             * out_data,
                       CK_ULONG            * out_data_len )
{
   if (!sess || !ctx){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (ctx->active == FALSE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   if (ctx->recover == FALSE){
      st_err_log(32, __FILE__, __LINE__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }

   // if the caller just wants the signature length, there is no reason to
   // specify the input data.  I just need the input data length
   //
   if ((length_only == FALSE) && (!in_data || !out_data)){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (ctx->multi == TRUE){
      st_err_log(31, __FILE__, __LINE__); 
      return CKR_OPERATION_ACTIVE;
   }
   switch (ctx->mech.mechanism) {
      case CKM_RSA_PKCS:
         // we can use the same sign mechanism to do sign-recover
         //
         return rsa_pkcs_sign( sess,     length_only,  ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

      case CKM_RSA_X_509:
         return rsa_x509_sign( sess,     length_only,  ctx,
                               in_data,  in_data_len,
                               out_data, out_data_len );

      default:
         st_err_log(28, __FILE__, __LINE__); 
         return CKR_MECHANISM_INVALID;
   }

   st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
   return CKR_FUNCTION_FAILED;
}