mech_ssl3.c

IBM的Linux上的PKCS#11实现

}


//
//
CK_RV
ssl3_mac_verify_update( SESSION              * sess,
                        SIGN_VERIFY_CONTEXT  * ctx,
                        CK_BYTE              * in_data,
                        CK_ULONG               in_data_len )
{
   OBJECT           * key_obj  = NULL;
   CK_ATTRIBUTE     * attr     = NULL;
   CK_BYTE          * key_data = NULL;
   SSL3_MAC_CONTEXT * context  = NULL;

   CK_BYTE           inner[48];
   CK_MECHANISM      digest_mech;
   CK_ULONG          key_bytes;
   CK_RV             rc;


   if (!sess || !ctx){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   context = (SSL3_MAC_CONTEXT *)ctx->context;

   if (context->flag == FALSE) {
      rc = object_mgr_find_in_map1( ctx->key, &key_obj );
      if (rc != CKR_OK){
         st_err_log(110, __FILE__, __LINE__);
         goto error;
      }
      rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
      if (rc == FALSE) {
         st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
         rc = CKR_FUNCTION_FAILED;
         goto error;
      }
      else {
         key_bytes = attr->ulValueLen;
         key_data  = attr->pValue;
      }

      // unlike an HMAC operation, we don't XOR the key with the 0x36 or 0x5C.
      // we just append 48 bytes to the key data
      //
      memset( inner, 0x36, 48 );

      if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
         digest_mech.mechanism   = CKM_MD5;
      else
         digest_mech.mechanism   = CKM_SHA_1;

      digest_mech.ulParameterLen = 0;
      digest_mech.pParameter     = NULL;

      // inner hash
      //
      rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
      if (rc != CKR_OK){
         st_err_log(123, __FILE__, __LINE__); 
         goto error;
      }
      rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );
      if (rc != CKR_OK){
         st_err_log(123, __FILE__, __LINE__); 
         goto error;
      }
      if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
         rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 48 );
      else
         rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 40 );
      if (rc != CKR_OK){
         st_err_log(123, __FILE__, __LINE__); 
         goto error;
      }
      context->flag = TRUE;
   }

   rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   return CKR_OK;

error:
   digest_mgr_cleanup( &context->hash_context );
   return rc;
}


//
//
CK_RV
ssl3_mac_verify_final( SESSION              * sess,
                       SIGN_VERIFY_CONTEXT  * ctx,
                       CK_BYTE              * signature,
                       CK_ULONG               sig_len )
{
   OBJECT           * key_obj  = NULL;
   CK_ATTRIBUTE     * attr     = NULL;
   CK_BYTE          * key_data = NULL;
   SSL3_MAC_CONTEXT * context  = NULL;
   CK_BYTE            hash[SHA1_HASH_SIZE];

   CK_BYTE           outer[48];
   CK_MECHANISM      digest_mech;
   CK_ULONG          key_bytes, hash_len, mac_len;
   CK_RV             rc;


   if (!sess || !ctx || !signature){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   mac_len = *(CK_ULONG *)ctx->mech.pParameter;

   context = (SSL3_MAC_CONTEXT *)ctx->context;

   rc = object_mgr_find_in_map1( ctx->key, &key_obj );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      goto error;
   }
   rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
   if (rc == FALSE) {
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_FUNCTION_FAILED;
      goto error;
   }
   else {
      key_bytes = attr->ulValueLen;
      key_data  = attr->pValue;
   }

   // finish the inner hash
   //
   hash_len = sizeof(hash);
   rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
   if (rc != CKR_OK){
      st_err_log(126, __FILE__, __LINE__); 
      goto error;
   }
   // now, do the outer hash
   //
   digest_mgr_cleanup( &context->hash_context );
   memset( &context->hash_context, 0x0, sizeof(SSL3_MAC_CONTEXT) );

   memset( outer, 0x5C, 48 );

   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
      digest_mech.mechanism   = CKM_MD5;
   else
      digest_mech.mechanism   = CKM_SHA_1;

   digest_mech.ulParameterLen = 0;
   digest_mech.pParameter     = NULL;

   rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
      rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 48 );
   else
      rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 40 );

   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess, &context->hash_context, hash, hash_len );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   hash_len = sizeof(hash);
   rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
   if (rc != CKR_OK){
      st_err_log(126, __FILE__, __LINE__); 
      goto error;
   }
   if ((mac_len != sig_len) || (mac_len > hash_len)){
      st_err_log(47, __FILE__, __LINE__); 
      rc = CKR_SIGNATURE_INVALID;
   }
   else if (memcmp(signature, hash, sig_len) != 0){
      rc = CKR_SIGNATURE_INVALID;
      st_err_log(47, __FILE__, __LINE__); 
   }
error:
   digest_mgr_cleanup( &context->hash_context );
   return rc;
}


//
//
CK_RV
ckm_ssl3_pre_master_key_gen( TEMPLATE     * tmpl,
                             CK_MECHANISM * mech )
{
   CK_ATTRIBUTE        * value_attr     = NULL;
   CK_ATTRIBUTE        * value_len_attr = NULL;
   CK_ATTRIBUTE        * key_type_attr  = NULL;
   CK_ATTRIBUTE        * class_attr     = NULL;
   CK_ATTRIBUTE        * local_attr     = NULL;
   CK_ATTRIBUTE        * derive_attr    = NULL;
   CK_VERSION          * version        = NULL;
   CK_BYTE               key[48];
   CK_ULONG              rc;


   rc = rng_generate( key, 48 );
   if (rc != CKR_OK){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   value_attr     = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + 48 );
   value_len_attr = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_ULONG) );
   key_type_attr  = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_KEY_TYPE) );
   class_attr     = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_OBJECT_CLASS) );
   local_attr     = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   derive_attr    = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );

   if (!value_attr || !value_len_attr || !key_type_attr ||
       !class_attr || !local_attr || !derive_attr) {
      if (value_attr)     free( value_attr );
      if (value_len_attr) free( value_len_attr );
      if (key_type_attr)  free( key_type_attr );
      if (class_attr)     free( class_attr );
      if (local_attr)     free( local_attr );
      if (derive_attr)    free( derive_attr );

      st_err_log(0, __FILE__, __LINE__); 
      return CKR_HOST_MEMORY;
   }

   version = (CK_VERSION *)mech->pParameter;
   key[0] = version->major;
   key[1] = version->minor;

   value_attr->type         = CKA_VALUE;
   value_attr->ulValueLen   = 48;
   value_attr->pValue       = (CK_BYTE *)value_attr + sizeof(CK_ATTRIBUTE);
   memcpy( value_attr->pValue, key, 48 );

   value_len_attr->type         = CKA_VALUE_LEN;
   value_len_attr->ulValueLen   = sizeof(CK_ULONG);
   value_len_attr->pValue       = (CK_BYTE *)value_len_attr + sizeof(CK_ATTRIBUTE);
   *(CK_ULONG *)value_len_attr->pValue = 48;

   key_type_attr->type         = CKA_KEY_TYPE;
   key_type_attr->ulValueLen   = sizeof(CK_KEY_TYPE);
   key_type_attr->pValue       = (CK_BYTE *)key_type_attr + sizeof(CK_ATTRIBUTE);
   *(CK_ATTRIBUTE_TYPE *)key_type_attr = CKK_GENERIC_SECRET;

   class_attr->type         = CKA_CLASS;
   class_attr->ulValueLen   = sizeof(CK_OBJECT_CLASS);
   class_attr->pValue       = (CK_BYTE *)class_attr + sizeof(CK_ATTRIBUTE);
   *(CK_OBJECT_CLASS *)class_attr->pValue = CKO_SECRET_KEY;

   local_attr->type         = CKA_LOCAL;
   local_attr->ulValueLen   = sizeof(CK_BBOOL);
   local_attr->pValue       = (CK_BYTE *)local_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)local_attr->pValue = TRUE;

   derive_attr->type         = CKA_DERIVE;
   derive_attr->ulValueLen   = sizeof(CK_BBOOL);
   derive_attr->pValue       = (CK_BYTE *)derive_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)derive_attr->pValue = TRUE;

   template_update_attribute( tmpl, value_attr );
   template_update_attribute( tmpl, value_len_attr );
   template_update_attribute( tmpl, key_type_attr );
   template_update_attribute( tmpl, class_attr );
   template_update_attribute( tmpl, local_attr );
   template_update_attribute( tmpl, derive_attr );

   return CKR_OK;
}


//
//
static CK_RV
ssl3_sha_then_md5( SESSION   * sess,
                   CK_BYTE   * secret,
                   CK_BYTE   * firstRandom,
                   CK_ULONG    firstRandomLen,
                   CK_BYTE   * secondRandom,
                   CK_ULONG    secondRandomLen,
                   CK_BYTE   * variableData,
                   CK_ULONG    variableDataLen,
                   CK_BYTE   * outBuff )
{
   DIGEST_CONTEXT digest_ctx;
   CK_MECHANISM   digest_mech;
   CK_BYTE        hash[SHA1_HASH_SIZE];
   CK_ULONG       len;
   CK_RV          rc;

   // SHA(variableData + secret + firstRandom + secondRandom)
   //
   memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
   digest_mech.mechanism      = CKM_SHA_1;
   digest_mech.ulParameterLen = 0;
   digest_mech.pParameter     = NULL;

   rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess,
                                  &digest_ctx,
                                  variableData,
                                  variableDataLen );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess, &digest_ctx, secret, 48 );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess,
                                  &digest_ctx,
                                  firstRandom,
                                  firstRandomLen );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess,
                                  &digest_ctx,
                                  secondRandom,
                                  secondRandomLen );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   len = sizeof(hash);
   rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len );
   if (rc != CKR_OK){
      st_err_log(126, __FILE__, __LINE__); 
      goto error;
   }
   digest_mgr_cleanup( &digest_ctx );

   // MD5(secret + SHA(...))
   //
   memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
   digest_mech.mechanism      = CKM_MD5;
   digest_mech.ulParameterLen = 0;
   digest_mech.pParameter     = NULL;

   rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess, &digest_ctx, secret, 48 );