PSARC 2007/446 Elliptic-Curve Cryptography for Solaris

5066901 Offer the PKCS#11 Elliptic Curve based mechanisms in Solaris
6562402 kernel software provider for Elliptic Curve mechanisms

1 files changed, 29 insertions, 7 deletions

diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c
index 3eabed15e0..586dd76fdc 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -35,6 +35,7 @@
 #include "softMAC.h"
 #include "softRSA.h"
 #include "softDSA.h"
+#include "softEC.h"
 #include "softCrypt.h"
 
 /*
@@ -90,6 +91,12 @@ soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
 		return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
 		    key_p, B_TRUE));
 
+	case CKM_ECDSA:
+	case CKM_ECDSA_SHA1:
+
+		return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
+		    key_p, B_TRUE));
+
 	case CKM_DES_MAC_GENERAL:
 	case CKM_DES_MAC:
 
@@ -167,13 +174,12 @@ soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
 		if (pSignature != NULL) {
 			/* Pass local buffer to avoid overflow. */
 			rv = soft_des_sign_verify_common(session_p, pData,
-				ulDataLen, signature, pulSignatureLen, B_TRUE,
-				B_FALSE);
+			    ulDataLen, signature, pulSignatureLen, B_TRUE,
+			    B_FALSE);
 		} else {
 			/* Pass NULL, let callee to handle it. */
 			rv = soft_des_sign_verify_common(session_p, pData,
-				ulDataLen, NULL, pulSignatureLen, B_TRUE,
-				B_FALSE);
+			    ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
 		}
 
 		if ((rv == CKR_OK) && (pSignature != NULL))
@@ -206,6 +212,16 @@ soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
 		return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen,
 		    pSignature, pulSignatureLen, B_FALSE));
 
+	case CKM_ECDSA:
+
+		return (soft_ecc_sign(session_p, pData, ulDataLen,
+		    pSignature, pulSignatureLen));
+
+	case CKM_ECDSA_SHA1:
+
+		return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen,
+		    pSignature, pulSignatureLen, B_FALSE));
+
 	default:
 		return (CKR_MECHANISM_INVALID);
 	}
@@ -267,6 +283,7 @@ soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
 		 * signing.
 		 */
 	case CKM_DSA_SHA1:
+	case CKM_ECDSA_SHA1:
 
 		return (soft_digest_update(session_p, pPart, ulPartLen));
 
@@ -338,11 +355,11 @@ soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
 		if (pSignature != NULL) {
 			/* Pass local buffer to avoid overflow. */
 			rv = soft_des_sign_verify_common(session_p, NULL, 0,
-				signature, pulSignatureLen, B_TRUE, B_TRUE);
+			    signature, pulSignatureLen, B_TRUE, B_TRUE);
 		} else {
 			/* Pass NULL, let callee to handle it. */
 			rv = soft_des_sign_verify_common(session_p, NULL, 0,
-				NULL, pulSignatureLen, B_TRUE, B_TRUE);
+			    NULL, pulSignatureLen, B_TRUE, B_TRUE);
 		}
 
 		if ((rv == CKR_OK) && (pSignature != NULL))
@@ -364,6 +381,11 @@ soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
 		return (soft_dsa_digest_sign_common(session_p, NULL, 0,
 		    pSignature, pulSignatureLen, B_TRUE));
 
+	case CKM_ECDSA_SHA1:
+
+		return (soft_ecc_digest_sign_common(session_p, NULL, 0,
+		    pSignature, pulSignatureLen, B_TRUE));
+
 	default:
 		/* PKCS11: The mechanism only supports single-part operation. */
 		return (CKR_MECHANISM_INVALID);