diff options
Diffstat (limited to 'usr/src/lib/pkcs11/pkcs11_softtoken/common')
23 files changed, 371 insertions, 2012 deletions
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c index 213492e322..7f2810033b 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <pthread.h> @@ -726,7 +726,7 @@ do_decryption: * plaintext. */ rv = soft_remove_pkcs7_padding(last_block, - AES_BLOCK_LEN, &rem_len, AES_BLOCK_LEN); + AES_BLOCK_LEN, &rem_len); if (rv == CKR_OK) { if (rem_len != 0) (void) memcpy(out_buf + out_len, diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c index 0064e19db2..77f10e56d3 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c @@ -18,39 +18,37 @@ * * CDDL HEADER END */ + /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <stdlib.h> #include <string.h> #include <strings.h> #include <lber.h> #include <security/cryptoki.h> -#include <rsa_impl.h> #include "softDSA.h" #include "softDH.h" +#include "softRSA.h" #include "softObject.h" #include "softASN1.h" #define OID_TAG 0x06 -#define MAX_DH_KEY (MAX_DH_KEYLENGTH >> 3) /* bytes in a DH key */ +#define MAX_DH_KEY MAX_DH_KEYLENGTH_IN_BYTES /* bytes in DH key */ static uchar_t DH_OID[] = { /* DH key agreement OID: 1 . 2 . 840 . 113549 . 1 . 3 . 1 */ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x03, 0x01 }; -#define MAX_DH942_KEY (MAX_DH_KEYLENGTH >> 3) /* bytes in a DH X9.42 key */ +#define MAX_DH942_KEY MAX_DH_KEYLENGTH_IN_BYTES /* bytes in DH X9.42 key */ static uchar_t DH942_OID[] = { /* DH X9.42 OID: 1 . 2 . 840 . 10046 . 1 */ 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x01 }; -#define MAX_DSA_KEY MAX_DSA_KEY_LEN /* bytes in a DSA key */ +#define MAX_DSA_KEY MAX_DSA_KEY_LEN /* bytes in DSA key */ static uchar_t DSA_OID[] = { /* DSA algorithm OID: 1 . 2 . 840 . 10040 . 4 . 1 */ 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01 @@ -100,7 +98,7 @@ pad_bigint_attr(biginteger_t *src, biginteger_t *dst) /* Set zero-pad at first byte, then append actual big_value. */ dst->big_value[0] = 0x0; (void) memcpy(&(dst->big_value[padding]), src->big_value, - src->big_value_len); + src->big_value_len); return (CKR_OK); } @@ -268,7 +266,7 @@ rsa_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len) goto cleanup_rsapri2asn; } - /* ... coeffient } end-sequence */ + /* ... coefficient } end-sequence */ if ((rv = pad_bigint_attr(OBJ_PRI_RSA_COEF(objp), &tmp_pad)) != CKR_OK) goto cleanup_rsapri2asn; else if (ber_printf(key_asn, "to}", LBER_INTEGER, @@ -534,16 +532,16 @@ cleanup_dsapri2asn: } if (key_asn != NULLBER) - ber_free(key_asn, 1); + ber_free(key_asn, 1); if (key_octs != NULL) - ber_bvfree(key_octs); + ber_bvfree(key_octs); if (p8obj_asn != NULLBER) - ber_free(p8obj_asn, 1); + ber_free(p8obj_asn, 1); if (p8obj_octs != NULL) - ber_bvfree(p8obj_octs); + ber_bvfree(p8obj_octs); return (rv); } @@ -708,16 +706,16 @@ cleanup_dhpri2asn: } if (key_asn != NULLBER) - ber_free(key_asn, 1); + ber_free(key_asn, 1); if (key_octs != NULL) - ber_bvfree(key_octs); + ber_bvfree(key_octs); if (p8obj_asn != NULLBER) - ber_free(p8obj_asn, 1); + ber_free(p8obj_asn, 1); if (p8obj_octs != NULL) - ber_bvfree(p8obj_octs); + ber_bvfree(p8obj_octs); return (rv); } @@ -900,16 +898,16 @@ cleanup_x942dhpri2asn: } if (key_asn != NULLBER) - ber_free(key_asn, 1); + ber_free(key_asn, 1); if (key_octs != NULL) - ber_bvfree(key_octs); + ber_bvfree(key_octs); if (p8obj_asn != NULLBER) - ber_free(p8obj_asn, 1); + ber_free(p8obj_asn, 1); if (p8obj_octs != NULL) - ber_bvfree(p8obj_octs); + ber_bvfree(p8obj_octs); return (rv); } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.c deleted file mode 100644 index 6042004d56..0000000000 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - - -#include <sys/types.h> -#include <security/cryptoki.h> -#include <bignum.h> - - -CK_RV -convert_rv(BIG_ERR_CODE err) -{ - switch (err) { - - case BIG_OK: - return (CKR_OK); - - case BIG_NO_MEM: - return (CKR_HOST_MEMORY); - - case BIG_NO_RANDOM: - return (CKR_DEVICE_ERROR); - - case BIG_INVALID_ARGS: - return (CKR_ARGUMENTS_BAD); - - case BIG_DIV_BY_0: - default: - return (CKR_GENERAL_ERROR); - } -} - -BIG_ERR_CODE -convert_brv(CK_RV err) -{ - switch (err) { - - case CKR_OK: - return (BIG_OK); - - case CKR_HOST_MEMORY: - return (BIG_NO_MEM); - - case CKR_DEVICE_ERROR: - return (BIG_NO_RANDOM); - - case CKR_ARGUMENTS_BAD: - return (BIG_INVALID_ARGS); - - default: - return (BIG_GENERAL_ERR); - } -} diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.h index 8be7a430ed..d4c58bc9d3 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softCrypt.h @@ -18,16 +18,14 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SOFTCRYPT_H #define _SOFTCRYPT_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif @@ -38,7 +36,6 @@ extern "C" { #include <aes_impl.h> #include <blowfish_impl.h> #include <des_impl.h> -#include <bignum.h> #include "softObject.h" #include "softSession.h" @@ -99,7 +96,7 @@ CK_RV soft_des_mac_sign_verify_update(soft_session_t *session_p, void soft_add_pkcs7_padding(CK_BYTE *, int, CK_ULONG); -CK_RV soft_remove_pkcs7_padding(CK_BYTE *, CK_ULONG, CK_ULONG *, int); +CK_RV soft_remove_pkcs7_padding(CK_BYTE *, CK_ULONG, CK_ULONG *); CK_RV soft_arcfour_crypt_init(soft_session_t *, CK_MECHANISM_PTR, soft_object_t *, boolean_t); @@ -130,10 +127,6 @@ CK_RV soft_blowfish_encrypt_common(soft_session_t *, CK_BYTE_PTR, CK_ULONG, CK_RV soft_blowfish_decrypt_common(soft_session_t *, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, boolean_t); -CK_RV convert_rv(BIG_ERR_CODE); - -BIG_ERR_CODE convert_brv(CK_RV); - #ifdef __cplusplus } #endif diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c index 84f4fd00be..8159e93624 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <pthread.h> @@ -732,7 +732,7 @@ soft_des_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted, * plaintext. */ rv = soft_remove_pkcs7_padding(last_block, - DES_BLOCK_LEN, &rem_len, DES_BLOCK_LEN); + DES_BLOCK_LEN, &rem_len); if (rv == CKR_OK) { if (rem_len != 0) (void) memcpy(out_buf + out_len, diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c index 7991f7c267..06d9c22757 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c @@ -18,59 +18,39 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <stdlib.h> #include <string.h> #include <strings.h> #include <sys/types.h> #include <security/cryptoki.h> #include <sys/crypto/common.h> -#include <bignum.h> #include <des_impl.h> +#include <cryptoutil.h> #include "softGlobal.h" #include "softSession.h" #include "softObject.h" #include "softDH.h" -#include "softRandom.h" #include "softCrypt.h" /* - * This function converts the big integer of the specified attribute - * to an octet string and store it in the corresponding key object. + * This function takes a converted big integer of the specified attribute + * as an octet string and stores it in the corresponding key object. */ -CK_RV -soft_genDHkey_set_attribute(soft_object_t *key, BIGNUM *bn, - CK_ATTRIBUTE_TYPE type, uint32_t prime_len, boolean_t public) +static CK_RV +soft_genDHkey_set_attribute(soft_object_t *key, CK_ATTRIBUTE_TYPE type, + uchar_t *buf, uint32_t buflen, boolean_t public) { - uchar_t *buf; - uint32_t buflen; CK_RV rv = CKR_OK; biginteger_t *dst = NULL; biginteger_t src; - /* - * Allocate the buffer used to store the value of key fields - * for bignum2bytestring. Since bignum only deals with a buffer - * whose size is multiple of 4, prime_len is rounded up to be - * multiple of 4. - */ - if ((buf = malloc((prime_len + sizeof (BIG_CHUNK_TYPE) - 1) & - ~(sizeof (BIG_CHUNK_TYPE) - 1))) == NULL) { - rv = CKR_HOST_MEMORY; - goto cleanexit; - } - - buflen = bn->len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, bn, buflen); - switch (type) { case CKA_VALUE: @@ -89,19 +69,14 @@ soft_genDHkey_set_attribute(soft_object_t *key, BIGNUM *bn, break; } - src.big_value_len = buflen; - - if ((src.big_value = malloc(buflen)) == NULL) { - rv = CKR_HOST_MEMORY; + if ((rv = dup_bigint_attr(&src, buf, buflen)) != CKR_OK) goto cleanexit; - } - (void) memcpy(src.big_value, buf, buflen); /* Copy the attribute in the key object. */ copy_bigint_attr(&src, dst); cleanexit: - free(buf); + /* No need to free big_value because dst holds it now after copy. */ return (rv); } @@ -113,18 +88,15 @@ CK_RV soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) { CK_RV rv; - BIG_ERR_CODE brv; + CK_ATTRIBUTE template; uchar_t prime[MAX_KEY_ATTR_BUFLEN]; uint32_t prime_len = sizeof (prime); - uint32_t primebit_len; - uint32_t value_bits; uchar_t base[MAX_KEY_ATTR_BUFLEN]; uint32_t base_len = sizeof (base); - BIGNUM bnprime; - BIGNUM bnbase; - BIGNUM bnprival; - BIGNUM bnpubval; - CK_ATTRIBUTE template; + uint32_t value_bits; + uchar_t private_x[MAX_KEY_ATTR_BUFLEN]; + uchar_t public_y[MAX_KEY_ATTR_BUFLEN]; + DHbytekey k; if ((pubkey->class != CKO_PUBLIC_KEY) || (pubkey->key_type != CKK_DH)) { @@ -136,74 +108,19 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) return (CKR_KEY_TYPE_INCONSISTENT); } - /* - * The input to the first phase shall be the Diffie-Hellman - * parameters, which include prime, base, and private-value length. - */ - rv = soft_get_public_value(pubkey, CKA_PRIME, prime, &prime_len); - - if (rv != CKR_OK) { - return (rv); - } - - if ((prime_len < (MIN_DH_KEYLENGTH / 8)) || - (prime_len > (MAX_DH_KEYLENGTH / 8))) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto ret0; - } - - if ((brv = big_init(&bnprime, CHARLEN2BIGNUMLEN(prime_len))) != - BIG_OK) { - rv = convert_rv(brv); - goto ret0; - } - - /* Convert the prime octet string to big integer format. */ - bytestring2bignum(&bnprime, prime, prime_len); - - rv = soft_get_public_value(pubkey, CKA_BASE, base, &base_len); - - if (rv != CKR_OK) { - goto ret1; - } - - if ((brv = big_init(&bnbase, CHARLEN2BIGNUMLEN(base_len))) != BIG_OK) { - rv = convert_rv(brv); - goto ret1; - } - - /* Convert the base octet string to big integer format. */ - bytestring2bignum(&bnbase, base, base_len); - - if (big_cmp_abs(&bnbase, &bnprime) >= 0) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto ret2; - } - - primebit_len = big_bitlength(&bnprime); - + /* Get private-value length in bits */ template.pValue = malloc(sizeof (CK_ULONG)); - if (template.pValue == NULL) { - rv = CKR_HOST_MEMORY; - goto ret2; + return (CKR_HOST_MEMORY); } - template.ulValueLen = sizeof (CK_ULONG); - rv = get_ulong_attr_from_object(OBJ_PRI_DH_VAL_BITS(prikey), &template); - if (rv != CKR_OK) { - goto ret2; + free(template.pValue); + return (rv); } - /* - * The intention of selecting a private-value length is to reduce - * the computation time for key agreement, while maintaining a - * given level of security. - */ - #ifdef __sparcv9 /* LINTED */ value_bits = (uint32_t)(*((CK_ULONG *)(template.pValue))); @@ -211,109 +128,87 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) value_bits = *((CK_ULONG *)(template.pValue)); #endif /* __sparcv9 */ - if (value_bits > primebit_len) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto ret3; - } + free(template.pValue); - /* Generate DH key pair private and public values. */ - if ((brv = big_init(&bnprival, CHARLEN2BIGNUMLEN(prime_len))) - != BIG_OK) { - rv = convert_rv(brv); - goto ret3; + /* + * The input to the first phase shall be the Diffie-Hellman + * parameters, which include prime, base, and private-value length. + */ + rv = soft_get_public_value(pubkey, CKA_PRIME, prime, &prime_len); + if (rv != CKR_OK) { + return (rv); } - if ((brv = big_init(&bnpubval, CHARLEN2BIGNUMLEN(prime_len))) - != BIG_OK) { - rv = convert_rv(brv); - goto ret4; + rv = soft_get_public_value(pubkey, CKA_BASE, base, &base_len); + if (rv != CKR_OK) { + goto ret; } - /* - * The big integer of the private value shall be generated privately - * and randomly. - */ - if ((brv = random_bignum(&bnprival, (value_bits == 0) ? - primebit_len : value_bits, (IS_TOKEN_OBJECT(pubkey) || - IS_TOKEN_OBJECT(prikey)))) != BIG_OK) { - rv = convert_rv(brv); - goto ret5; - } + /* Inputs to DH key pair generation. */ + k.prime = prime; + k.prime_bits = CRYPTO_BYTES2BITS(prime_len); + k.base = base; + k.base_bytes = base_len; + k.value_bits = value_bits; + k.rfunc = (IS_TOKEN_OBJECT(pubkey) || IS_TOKEN_OBJECT(prikey)) ? + pkcs11_get_random : pkcs11_get_urandom; - /* - * The base g shall be raised to the private value x modulo p to - * give an integer y, the integer public value. - */ - if ((brv = big_modexp(&bnpubval, - &bnbase, &bnprival, &bnprime, NULL)) != BIG_OK) { - rv = convert_rv(brv); - goto ret5; + /* Outputs from DH key pair generation. */ + k.private_x = private_x; + k.public_y = public_y; + + /* If value_bits is 0, it will return as same size as prime */ + if ((rv = dh_genkey_pair(&k)) != CKR_OK) { + goto ret; } /* * The integer public value y shall be converted to an octet * string PV of length k, the public value. */ - if ((rv = soft_genDHkey_set_attribute(pubkey, &bnpubval, - CKA_VALUE, prime_len, B_TRUE)) != CKR_OK) { - goto ret5; + if ((rv = soft_genDHkey_set_attribute(pubkey, CKA_VALUE, public_y, + CRYPTO_BITS2BYTES(k.value_bits), B_TRUE)) != CKR_OK) { + goto ret; } /* Convert the big integer private value to an octet string. */ - if ((rv = soft_genDHkey_set_attribute(prikey, &bnprival, - CKA_VALUE, prime_len, B_FALSE)) != CKR_OK) { - goto ret5; + if ((rv = soft_genDHkey_set_attribute(prikey, CKA_VALUE, private_x, + CRYPTO_BITS2BYTES(k.value_bits), B_FALSE)) != CKR_OK) { + goto ret; } /* Convert the big integer prime to an octet string. */ - if ((rv = soft_genDHkey_set_attribute(prikey, &bnprime, - CKA_PRIME, prime_len, B_FALSE)) != CKR_OK) { - goto ret5; + if ((rv = soft_genDHkey_set_attribute(prikey, CKA_PRIME, prime, + CRYPTO_BITS2BYTES(k.prime_bits), B_FALSE)) != CKR_OK) { + goto ret; } /* Convert the big integer base to an octet string. */ - if ((rv = soft_genDHkey_set_attribute(prikey, &bnbase, - CKA_BASE, prime_len, B_FALSE)) != CKR_OK) { - goto ret5; - } - - if (value_bits == 0) { - OBJ_PRI_DH_VAL_BITS(prikey) = primebit_len; + if ((rv = soft_genDHkey_set_attribute(prikey, CKA_BASE, base, + k.base_bytes, B_FALSE)) != CKR_OK) { + goto ret; } + /* Update private-value length in bits; could have been 0 before */ + OBJ_PRI_DH_VAL_BITS(prikey) = k.value_bits; -ret5: - big_finish(&bnpubval); -ret4: - big_finish(&bnprival); -ret3: - free(template.pValue); -ret2: - big_finish(&bnbase); -ret1: - big_finish(&bnprime); -ret0: +ret: return (rv); } +/* ARGSUSED3 */ CK_RV soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey, void *publicvalue, size_t publicvaluelen) { + CK_RV rv; uchar_t privatevalue[MAX_KEY_ATTR_BUFLEN]; uint32_t privatevaluelen = sizeof (privatevalue); uchar_t privateprime[MAX_KEY_ATTR_BUFLEN]; uint32_t privateprimelen = sizeof (privateprime); - uchar_t *value; - uint32_t valuelen; + uchar_t key[MAX_KEY_ATTR_BUFLEN]; uint32_t keylen; - uchar_t *buf = NULL; - CK_RV rv; - BIG_ERR_CODE brv; - BIGNUM bnprime; - BIGNUM bnpublic; - BIGNUM bnprivate; - BIGNUM bnsecret; + DHbytekey k; rv = soft_get_private_value(basekey, CKA_VALUE, privatevalue, &privatevaluelen); @@ -324,123 +219,38 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey, rv = soft_get_private_value(basekey, CKA_PRIME, privateprime, &privateprimelen); if (rv != CKR_OK) { - goto ret0; - } - - if ((brv = big_init(&bnprime, CHARLEN2BIGNUMLEN(privateprimelen))) != - BIG_OK) { - rv = convert_rv(brv); - goto ret0; - } - - bytestring2bignum(&bnprime, privateprime, privateprimelen); - - if ((brv = big_init(&bnprivate, CHARLEN2BIGNUMLEN(privatevaluelen))) != - BIG_OK) { - rv = convert_rv(brv); - goto ret1; - } - - bytestring2bignum(&bnprivate, privatevalue, privatevaluelen); - -#ifdef __sparcv9 - if ((brv = big_init(&bnpublic, - (int)CHARLEN2BIGNUMLEN(publicvaluelen))) != BIG_OK) { -#else /* !__sparcv9 */ - if ((brv = big_init(&bnpublic, - CHARLEN2BIGNUMLEN(publicvaluelen))) != BIG_OK) { -#endif /* __sparcv9 */ - rv = convert_rv(brv); - goto ret2; - } - - bytestring2bignum(&bnpublic, (uchar_t *)publicvalue, publicvaluelen); - - if ((brv = big_init(&bnsecret, - CHARLEN2BIGNUMLEN(privateprimelen))) != BIG_OK) { - rv = convert_rv(brv); - goto ret3; - } - - if ((brv = big_modexp(&bnsecret, &bnpublic, &bnprivate, &bnprime, - NULL)) != BIG_OK) { - rv = convert_rv(brv); - goto ret4; + goto ret; } - if ((buf = malloc((privateprimelen + sizeof (BIG_CHUNK_TYPE) - 1) & - ~(sizeof (BIG_CHUNK_TYPE) - 1))) == NULL) { - rv = CKR_HOST_MEMORY; - goto ret4; + /* keylen may be 0 if CKA_VALUE_LEN did not specify */ + keylen = OBJ_SEC_VALUE_LEN(secretkey); + if (keylen > sizeof (key)) { /* check for overflow */ + rv = CKR_ATTRIBUTE_VALUE_INVALID; + goto ret; } - value = buf; - valuelen = bnsecret.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(value, &bnsecret, valuelen); - - switch (secretkey->key_type) { - - case CKK_DES: - keylen = DES_KEYSIZE; - break; - case CKK_DES2: - keylen = DES2_KEYSIZE; - break; - case CKK_DES3: - keylen = DES3_KEYSIZE; - break; - case CKK_RC4: - case CKK_AES: - case CKK_GENERIC_SECRET: -#ifdef __sparcv9 - /* LINTED */ - keylen = (uint32_t)OBJ_SEC_VALUE_LEN(secretkey); -#else /* !__sparcv9 */ - keylen = OBJ_SEC_VALUE_LEN(secretkey); -#endif /* __sparcv9 */ - break; - } + k.prime = privateprime; + k.prime_bits = CRYPTO_BYTES2BITS(privateprimelen); + k.value_bits = CRYPTO_BYTES2BITS(privatevaluelen); + k.private_x = privatevalue; + k.public_y = publicvalue; + k.rfunc = NULL; - if (keylen == 0) { - /* - * keylen == 0 only if CKA_VALUE_LEN did not specify. - */ - keylen = valuelen; - } - /* - * Note: No need to have "default:" case here since invalid key type - * if any has been detected at function soft_build_secret_key_object() - * before it gets here. - */ + /* keylen may be modified if it was 0 or conflicts with key type */ + rv = dh_key_derive(&k, secretkey->key_type, key, &keylen); - if (keylen > valuelen) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto ret5; + if (rv != CKR_OK) { + goto ret; } if ((OBJ_SEC_VALUE(secretkey) = malloc(keylen)) == NULL) { rv = CKR_HOST_MEMORY; - goto ret5; + goto ret; } + OBJ_SEC_VALUE_LEN(secretkey) = keylen; + (void) memcpy(OBJ_SEC_VALUE(secretkey), key, keylen); - /* - * The truncation removes bytes from the leading end of the - * secret value. - */ - (void) memcpy(OBJ_SEC_VALUE(secretkey), (value + valuelen - keylen), - keylen); - -ret5: - free(buf); -ret4: - big_finish(&bnsecret); -ret3: - big_finish(&bnpublic); -ret2: - big_finish(&bnprivate); -ret1: - big_finish(&bnprime); -ret0: +ret: return (rv); } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.h index 1e1db2bc22..ea0f83a962 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -19,29 +18,25 @@ * * CDDL HEADER END */ + /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SOFTDH_H #define _SOFTDH_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif #include <sys/types.h> #include <security/pkcs11t.h> +#include <dh_impl.h> #include "softObject.h" #include "softSession.h" -#define MIN_DH_KEYLENGTH 64 -#define MAX_DH_KEYLENGTH 4096 - /* * Function Prototypes. */ diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c index 24e3d1b7f5..b366cc2171 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <pthread.h> @@ -29,12 +29,11 @@ #include <strings.h> #include <sys/types.h> #include <security/cryptoki.h> -#include <bignum.h> +#include <cryptoutil.h> #include "softGlobal.h" #include "softSession.h" #include "softObject.h" #include "softDSA.h" -#include "softRandom.h" #include "softOps.h" #include "softMAC.h" #include "softCrypt.h" @@ -114,76 +113,11 @@ soft_dsa_sign_verify_init_common(soft_session_t *session_p, } -/* size is in bits */ -BIG_ERR_CODE -DSA_key_init(DSAkey *key, int size) -{ - BIG_ERR_CODE err; - int len, len160; - - len = BITLEN2BIGNUMLEN(size); - len160 = BIG_CHUNKS_FOR_160BITS; - key->size = size; - if ((err = big_init1(&(key->q), len160, NULL, 0)) != BIG_OK) - return (err); - if ((err = big_init1(&(key->p), len, NULL, 0)) != BIG_OK) - goto ret1; - if ((err = big_init1(&(key->g), len, NULL, 0)) != BIG_OK) - goto ret2; - if ((err = big_init1(&(key->x), len160, NULL, 0)) != BIG_OK) - goto ret3; - if ((err = big_init1(&(key->y), len, NULL, 0)) != BIG_OK) - goto ret4; - if ((err = big_init1(&(key->k), len160, NULL, 0)) != BIG_OK) - goto ret5; - if ((err = big_init1(&(key->r), len160, NULL, 0)) != BIG_OK) - goto ret6; - if ((err = big_init1(&(key->s), len160, NULL, 0)) != BIG_OK) - goto ret7; - if ((err = big_init1(&(key->v), len160, NULL, 0)) != BIG_OK) - goto ret8; - - return (BIG_OK); - -ret8: - big_finish(&(key->s)); -ret7: - big_finish(&(key->r)); -ret6: - big_finish(&(key->k)); -ret5: - big_finish(&(key->y)); -ret4: - big_finish(&(key->x)); -ret3: - big_finish(&(key->g)); -ret2: - big_finish(&(key->p)); -ret1: - big_finish(&(key->q)); - return (err); -} - - -void -DSA_key_finish(DSAkey *key) -{ - big_finish(&(key->v)); - big_finish(&(key->s)); - big_finish(&(key->r)); - big_finish(&(key->k)); - big_finish(&(key->y)); - big_finish(&(key->x)); - big_finish(&(key->g)); - big_finish(&(key->p)); - big_finish(&(key->q)); -} - - -CK_RV -dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out) +static CK_RV +local_dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, + CK_BYTE_PTR out) { - + CK_RV rv; uchar_t q[MAX_KEY_ATTR_BUFLEN]; uchar_t p[MAX_KEY_ATTR_BUFLEN]; uchar_t g[MAX_KEY_ATTR_BUFLEN]; @@ -192,22 +126,14 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out) uint_t plen = sizeof (p); uint_t glen = sizeof (g); uint_t xlen = sizeof (x); - DSAkey dsakey; - BIGNUM msg, tmp, tmp1, tmp2; - BIG_ERR_CODE err; - CK_RV rv; + DSAbytekey k; - rv = soft_get_private_value(key, CKA_SUBPRIME, q, &qlen); + rv = soft_get_private_value(key, CKA_PRIME, p, &plen); if (rv != CKR_OK) { goto clean1; } - if (DSA_SUBPRIME_BYTES != qlen) { - rv = CKR_KEY_SIZE_RANGE; - goto clean1; - } - - rv = soft_get_private_value(key, CKA_PRIME, p, &plen); + rv = soft_get_private_value(key, CKA_SUBPRIME, q, &qlen); if (rv != CKR_OK) { goto clean1; } @@ -222,103 +148,26 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out) goto clean1; } - if (DSA_SUBPRIME_BYTES < xlen) { - rv = CKR_KEY_SIZE_RANGE; - goto clean1; - } - - if ((err = DSA_key_init(&dsakey, plen * 8)) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean1; - } - - if ((err = big_init(&msg, BIG_CHUNKS_FOR_160BITS)) != BIG_OK) { - goto clean6; - } - if ((err = big_init(&tmp, CHARLEN2BIGNUMLEN(plen) + - 2 * BIG_CHUNKS_FOR_160BITS + 1)) != BIG_OK) { - goto clean7; - } - if ((err = big_init(&tmp1, 2 * BIG_CHUNKS_FOR_160BITS + 1)) != BIG_OK) { - goto clean8; - } - if ((err = big_init(&tmp2, BIG_CHUNKS_FOR_160BITS)) != BIG_OK) { - goto clean9; - } - - bytestring2bignum(&(dsakey.g), g, plen); - bytestring2bignum(&(dsakey.x), x, DSA_SUBPRIME_BYTES); - bytestring2bignum(&(dsakey.p), p, plen); - bytestring2bignum(&(dsakey.q), q, DSA_SUBPRIME_BYTES); - bytestring2bignum(&msg, (uchar_t *)in, inlen); - - if ((err = random_bignum(&(dsakey.k), DSA_SUBPRIME_BITS, - B_FALSE)) != BIG_OK) - goto clean10; - - if ((err = big_div_pos(NULL, &(dsakey.k), &(dsakey.k), - &(dsakey.q))) != BIG_OK) - goto clean10; - - if ((err = big_modexp(&tmp, &(dsakey.g), &(dsakey.k), &(dsakey.p), - NULL)) != BIG_OK) - goto clean10; - - if ((err = big_div_pos(NULL, &(dsakey.r), &tmp, &(dsakey.q))) != - BIG_OK) - goto clean10; + k.prime = p; + k.prime_bits = CRYPTO_BYTES2BITS(plen); + k.subprime = q; + k.subprime_bits = CRYPTO_BYTES2BITS(qlen); + k.base = g; + k.base_bytes = glen; + k.private_x_bits = CRYPTO_BYTES2BITS(xlen); + k.private_x = x; + k.rfunc = NULL; - if ((err = big_ext_gcd_pos(NULL, NULL, &tmp, &(dsakey.q), - &(dsakey.k))) != BIG_OK) - goto clean10; + rv = dsa_sign(&k, in, inlen, out); - if (tmp.sign == -1) - if ((err = big_add(&tmp, &tmp, &(dsakey.q))) != BIG_OK) - goto clean10; /* tmp <- k^-1 */ - - if ((err = big_mul(&tmp1, &(dsakey.x), &(dsakey.r))) != BIG_OK) - goto clean10; - - if ((err = big_add(&tmp1, &tmp1, &msg)) != BIG_OK) - goto clean10; - - if ((err = big_mul(&tmp, &tmp1, &tmp)) != BIG_OK) - goto clean10; - - if ((err = big_div_pos(NULL, &(dsakey.s), &tmp, &(dsakey.q))) != - BIG_OK) - goto clean10; - - bignum2bytestring((uchar_t *)out, &(dsakey.r), DSA_SUBPRIME_BYTES); - bignum2bytestring((uchar_t *)out + DSA_SUBPRIME_BYTES, &(dsakey.s), - DSA_SUBPRIME_BYTES); - - err = BIG_OK; - -clean10: - big_finish(&tmp2); -clean9: - big_finish(&tmp1); -clean8: - big_finish(&tmp); -clean7: - big_finish(&msg); -clean6: - DSA_key_finish(&dsakey); - if (err == BIG_OK) - rv = CKR_OK; - else if (err == BIG_NO_MEM) - rv = CKR_HOST_MEMORY; - else - rv = CKR_FUNCTION_FAILED; clean1: return (rv); } -CK_RV -dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) +static CK_RV +local_dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) { - + CK_RV rv; uchar_t g[MAX_KEY_ATTR_BUFLEN]; uchar_t y[MAX_KEY_ATTR_BUFLEN]; uchar_t p[MAX_KEY_ATTR_BUFLEN]; @@ -327,21 +176,14 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) uint_t ylen = sizeof (y); uint_t plen = sizeof (p); uint_t qlen = sizeof (q); - DSAkey dsakey; - BIGNUM msg, tmp1, tmp2, tmp3; - CK_RV rv; + DSAbytekey k; - rv = soft_get_public_value(key, CKA_SUBPRIME, q, &qlen); + rv = soft_get_public_value(key, CKA_PRIME, p, &plen); if (rv != CKR_OK) { goto clean1; } - if (DSA_SUBPRIME_BYTES != qlen) { - rv = CKR_KEY_SIZE_RANGE; - goto clean1; - } - - rv = soft_get_public_value(key, CKA_PRIME, p, &plen); + rv = soft_get_public_value(key, CKA_SUBPRIME, q, &qlen); if (rv != CKR_OK) { goto clean1; } @@ -351,99 +193,23 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) goto clean1; } - if (plen < glen) { - rv = CKR_KEY_SIZE_RANGE; - goto clean1; - } - rv = soft_get_public_value(key, CKA_VALUE, y, &ylen); if (rv != CKR_OK) { goto clean1; } - if (plen < ylen) { - rv = CKR_KEY_SIZE_RANGE; - goto clean1; - } - - if (DSA_key_init(&dsakey, plen * 8) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean1; - } - - rv = CKR_HOST_MEMORY; - if (big_init(&msg, BIG_CHUNKS_FOR_160BITS) != BIG_OK) { - goto clean6; - } - if (big_init(&tmp1, 2 * CHARLEN2BIGNUMLEN(plen)) != BIG_OK) { - goto clean7; - } - if (big_init(&tmp2, CHARLEN2BIGNUMLEN(plen)) != BIG_OK) { - goto clean8; - } - if (big_init(&tmp3, 2 * BIG_CHUNKS_FOR_160BITS) != BIG_OK) { - goto clean9; - } - - bytestring2bignum(&(dsakey.g), g, glen); - bytestring2bignum(&(dsakey.y), y, ylen); - bytestring2bignum(&(dsakey.p), p, plen); - bytestring2bignum(&(dsakey.q), q, DSA_SUBPRIME_BYTES); - bytestring2bignum(&(dsakey.r), (uchar_t *)sig, DSA_SUBPRIME_BYTES); - bytestring2bignum(&(dsakey.s), ((uchar_t *)sig) + DSA_SUBPRIME_BYTES, - DSA_SUBPRIME_BYTES); - bytestring2bignum(&msg, (uchar_t *)data, DSA_SUBPRIME_BYTES); - - if (big_ext_gcd_pos(NULL, &tmp2, NULL, &(dsakey.s), &(dsakey.q)) != - BIG_OK) - goto clean10; - - if (tmp2.sign == -1) - if (big_add(&tmp2, &tmp2, &(dsakey.q)) != BIG_OK) - goto clean10; /* tmp2 <- w */ + k.prime = p; + k.prime_bits = CRYPTO_BYTES2BITS(plen); + k.subprime = q; + k.subprime_bits = CRYPTO_BYTES2BITS(qlen); + k.base = g; + k.base_bytes = glen; + k.public_y_bits = CRYPTO_BYTES2BITS(ylen); + k.public_y = y; + k.rfunc = NULL; - if (big_mul(&tmp1, &msg, &tmp2) != BIG_OK) - goto clean10; + rv = dsa_verify(&k, data, sig); - if (big_div_pos(NULL, &tmp1, &tmp1, &(dsakey.q)) != BIG_OK) - goto clean10; /* tmp1 <- u_1 */ - - if (big_mul(&tmp2, &tmp2, &(dsakey.r)) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp2, &tmp2, &(dsakey.q)) != BIG_OK) - goto clean10; /* tmp2 <- u_2 */ - - if (big_modexp(&tmp1, &(dsakey.g), &tmp1, &(dsakey.p), NULL) != BIG_OK) - goto clean10; - - if (big_modexp(&tmp2, &(dsakey.y), &tmp2, &(dsakey.p), NULL) != BIG_OK) - goto clean10; - - if (big_mul(&tmp1, &tmp1, &tmp2) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp1, &tmp1, &(dsakey.p)) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp1, &tmp1, &(dsakey.q)) != BIG_OK) - goto clean10; - - if (big_cmp_abs(&tmp1, &(dsakey.r)) == 0) - rv = CKR_OK; - else - rv = CKR_SIGNATURE_INVALID; - -clean10: - big_finish(&tmp3); -clean9: - big_finish(&tmp2); -clean8: - big_finish(&tmp1); -clean7: - big_finish(&msg); -clean6: - DSA_key_finish(&dsakey); clean1: return (rv); } @@ -538,7 +304,7 @@ soft_dsa_sign(soft_session_t *session_p, CK_BYTE_PTR pData, return (CKR_BUFFER_TOO_SMALL); } - rv = dsa_sign(key, pData, ulDataLen, pSigned); + rv = local_dsa_sign(key, pData, ulDataLen, pSigned); if (rv == CKR_OK) { *pulSignedLen = DSA_SIGNATURE_LENGTH; } @@ -569,19 +335,19 @@ soft_dsa_verify(soft_session_t *session_p, CK_BYTE_PTR pData, goto clean_exit; } - /* The signature length is always 40 bytes. */ - if (ulSignatureLen != DSA_SIGNATURE_LENGTH) { - rv = CKR_SIGNATURE_LEN_RANGE; - goto clean_exit; - } - /* Input data length needs to be 20 bytes. */ if (ulDataLen != DSA_SUBPRIME_BYTES) { rv = CKR_DATA_LEN_RANGE; goto clean_exit; } - rv = dsa_verify(key, pData, pSignature); + /* The signature length is always 40 bytes. */ + if (ulSignatureLen != DSA_SIGNATURE_LENGTH) { + rv = CKR_SIGNATURE_LEN_RANGE; + goto clean_exit; + } + + rv = local_dsa_verify(key, pData, pSignature); clean_exit: (void) pthread_mutex_lock(&session_p->session_mutex); @@ -635,7 +401,7 @@ clean_exit: } -CK_RV +static CK_RV soft_genDSAkey_set_attribute(soft_object_t *key, CK_ATTRIBUTE_TYPE type, uchar_t *value, uint32_t value_len, boolean_t public) { @@ -644,7 +410,6 @@ soft_genDSAkey_set_attribute(soft_object_t *key, CK_ATTRIBUTE_TYPE type, biginteger_t *dst = NULL; biginteger_t src; - switch (type) { case CKA_VALUE: @@ -676,13 +441,14 @@ soft_genDSAkey_set_attribute(soft_object_t *key, CK_ATTRIBUTE_TYPE type, break; } - src.big_value_len = value_len; + /* Note: removal of preceding 0x00 imitates similar code in RSA */ + while (value[0] == 0) { /* remove preceding 0x00 */ + value++; + value_len--; + } - if ((src.big_value = malloc(value_len)) == NULL) { - rv = CKR_HOST_MEMORY; + if ((rv = dup_bigint_attr(&src, value, value_len)) != CKR_OK) goto cleanexit; - } - (void) memcpy(src.big_value, value, value_len); /* Copy the attribute in the key object. */ copy_bigint_attr(&src, dst); @@ -695,44 +461,20 @@ cleanexit: CK_RV -generate_dsa_key(DSAkey *key, boolean_t token_obj) -{ - BIG_ERR_CODE err; - - do { - if ((err = random_bignum(&(key->x), DSA_SUBPRIME_BITS, - token_obj)) != BIG_OK) { - return (convert_rv(err)); - } - } while (big_cmp_abs(&(key->x), &(key->q)) > 0); - - if ((err = big_modexp(&(key->y), &(key->g), (&key->x), - (&key->p), NULL)) != BIG_OK) - return (convert_rv(err)); - - return (CKR_OK); -} - - -CK_RV soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) { - BIG_ERR_CODE brv; CK_RV rv; - uchar_t prime[MAX_KEY_ATTR_BUFLEN]; + uchar_t prime[MAX_KEY_ATTR_BUFLEN]; uint32_t prime_len = sizeof (prime); uchar_t subprime[MAX_KEY_ATTR_BUFLEN]; uint32_t subprime_len = sizeof (subprime); uchar_t base[MAX_KEY_ATTR_BUFLEN]; uint32_t base_len = sizeof (base); - uchar_t *pubvalue; - uint32_t pubvalue_len; - uchar_t *privalue; - uint32_t privalue_len; - DSAkey dsakey = {0}; - - pubvalue = NULL; - privalue = NULL; + uchar_t pubvalue[MAX_KEY_ATTR_BUFLEN]; + uint32_t pubvalue_len = sizeof (pubvalue); + uchar_t privalue[DSA_SUBPRIME_BYTES]; + uint32_t privalue_len = sizeof (privalue); + DSAbytekey k; if ((pubkey == NULL) || (prikey == NULL)) { return (CKR_ARGUMENTS_BAD); @@ -745,12 +487,6 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) goto cleanexit; } - if ((prime_len < MIN_DSA_KEY_LEN) || - (prime_len > MAX_DSA_KEY_LEN)) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto cleanexit; - } - rv = soft_get_public_value(pubkey, CKA_SUBPRIME, subprime, &subprime_len); if (rv != CKR_OK) { @@ -758,109 +494,60 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) goto cleanexit; } - if (subprime_len != DSA_SUBPRIME_BYTES) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto cleanexit; - } - rv = soft_get_public_value(pubkey, CKA_BASE, base, &base_len); if (rv != CKR_OK) { rv = CKR_TEMPLATE_INCOMPLETE; goto cleanexit; } - /* - * initialize the dsa key - * Note: big_extend takes length in words - */ - if ((brv = DSA_key_init(&dsakey, prime_len * 8)) != BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - if ((brv = big_extend(&dsakey.p, - CHARLEN2BIGNUMLEN(prime_len))) != BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - bytestring2bignum(&dsakey.p, prime, prime_len); - - if ((brv = big_extend(&dsakey.q, CHARLEN2BIGNUMLEN(subprime_len))) != - BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - bytestring2bignum(&dsakey.q, subprime, subprime_len); + /* Inputs to DSA key pair generation. */ + k.prime = prime; + k.prime_bits = CRYPTO_BYTES2BITS(prime_len); + k.subprime = subprime; + k.subprime_bits = CRYPTO_BYTES2BITS(subprime_len); + k.base = base; + k.base_bytes = base_len; + k.rfunc = (IS_TOKEN_OBJECT(pubkey) || IS_TOKEN_OBJECT(prikey)) ? + pkcs11_get_random : pkcs11_get_urandom; - if ((brv = big_extend(&dsakey.g, CHARLEN2BIGNUMLEN(base_len))) != - BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } + /* Outputs from DSA key pair generation. */ + k.public_y = pubvalue; + k.public_y_bits = CRYPTO_BYTES2BITS(pubvalue_len); + k.private_x = privalue; + k.private_x_bits = CRYPTO_BYTES2BITS(privalue_len); - bytestring2bignum(&dsakey.g, base, base_len); + rv = dsa_genkey_pair(&k); - /* - * generate DSA key pair - * Note: bignum.len is length of value in words - */ - if ((rv = generate_dsa_key(&dsakey, (IS_TOKEN_OBJECT(pubkey) || - IS_TOKEN_OBJECT(prikey)))) != CKR_OK) { - goto cleanexit; - } - - pubvalue_len = prime_len; - if ((pubvalue = malloc(pubvalue_len)) == NULL) { - rv = CKR_HOST_MEMORY; - goto cleanexit; - } - bignum2bytestring(pubvalue, &dsakey.y, pubvalue_len); - - privalue_len = DSA_SUBPRIME_BYTES; - if ((privalue = malloc(privalue_len)) == NULL) { - rv = CKR_HOST_MEMORY; + if (rv != CKR_OK) { goto cleanexit; } - bignum2bytestring(privalue, &dsakey.x, privalue_len); /* Update attribute in public key. */ if ((rv = soft_genDSAkey_set_attribute(pubkey, CKA_VALUE, - pubvalue, pubvalue_len, B_TRUE)) != CKR_OK) { + pubvalue, CRYPTO_BITS2BYTES(k.public_y_bits), B_TRUE)) != CKR_OK) { goto cleanexit; } /* Update attributes in private key. */ if ((rv = soft_genDSAkey_set_attribute(prikey, CKA_PRIME, - prime, prime_len, B_FALSE)) != CKR_OK) { + prime, CRYPTO_BITS2BYTES(k.prime_bits), B_FALSE)) != CKR_OK) { goto cleanexit; } - if ((rv = soft_genDSAkey_set_attribute(prikey, CKA_SUBPRIME, - subprime, subprime_len, B_FALSE)) != CKR_OK) { + if ((rv = soft_genDSAkey_set_attribute(prikey, CKA_SUBPRIME, subprime, + CRYPTO_BITS2BYTES(k.subprime_bits), B_FALSE)) != CKR_OK) { goto cleanexit; } if ((rv = soft_genDSAkey_set_attribute(prikey, CKA_BASE, - base, base_len, B_FALSE)) != CKR_OK) { + base, k.base_bytes, B_FALSE)) != CKR_OK) { goto cleanexit; } - if ((rv = soft_genDSAkey_set_attribute(prikey, CKA_VALUE, - privalue, privalue_len, B_FALSE)) != CKR_OK) { + if ((rv = soft_genDSAkey_set_attribute(prikey, CKA_VALUE, privalue, + CRYPTO_BITS2BYTES(k.private_x_bits), B_FALSE)) != CKR_OK) { goto cleanexit; } cleanexit: - DSA_key_finish(&dsakey); - - if (pubvalue != NULL) { - free(pubvalue); - } - - if (privalue != NULL) { - free(privalue); - } - return (rv); } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h index 1cee89bc95..cceb6727f4 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h @@ -18,53 +18,31 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SOFTDSA_H #define _SOFTDSA_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif #include <sys/types.h> #include <security/pkcs11t.h> -#include <bignum.h> +#include <padding.h> +#define _DSA_FIPS_POST +#include <dsa_impl.h> #include "softObject.h" #include "softSession.h" -/* DSA Signature is always 40 bytes */ -#define DSA_SIGNATURE_LENGTH 40 -#define MAX_DSA_KEY_LEN (1024 >> 3) -#define MIN_DSA_KEY_LEN (512 >> 3) - -#define DSA_SUBPRIME_BITS 160 -#define DSA_SUBPRIME_BYTES (DSA_SUBPRIME_BITS >> 3) typedef struct soft_dsa_ctx { soft_object_t *key; } soft_dsa_ctx_t; -typedef struct { - int size; /* key size in bits */ - BIGNUM q; /* q (160-bit prime) */ - BIGNUM p; /* p (<size-bit> prime) */ - BIGNUM g; /* g (the base) */ - BIGNUM x; /* private key (< q) */ - BIGNUM y; /* = g^x mod p */ - BIGNUM k; /* k (random number < q) */ - BIGNUM r; /* r (signiture 1st part) */ - BIGNUM s; /* s (signiture 2nd part) */ - BIGNUM v; /* v (verification value - should be = r ) */ - BIGNUM p_rr; /* 2^(2*(32*p->len)) mod p */ - BIGNUM q_rr; /* 2^(2*(32*q->len)) mod q */ -} DSAkey; - /* * Function Prototypes. @@ -81,10 +59,6 @@ CK_RV soft_dsa_verify(soft_session_t *, CK_BYTE_PTR, CK_ULONG, CK_RV soft_dsa_sign(soft_session_t *, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR); -BIG_ERR_CODE DSA_key_init(DSAkey *, int); - -void DSA_key_finish(DSAkey *); - CK_RV soft_dsa_genkey_pair(soft_object_t *, soft_object_t *); CK_RV soft_dsa_digest_sign_common(soft_session_t *, CK_BYTE_PTR, diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c index 7b912c68ce..355c3b5bdd 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c @@ -18,13 +18,11 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <pthread.h> #include <stdlib.h> #include <string.h> @@ -44,24 +42,18 @@ */ CK_RV soft_remove_pkcs7_padding(CK_BYTE *pData, CK_ULONG padded_len, - CK_ULONG *pulDataLen, int block_size) + CK_ULONG *pulDataLen) { + CK_RV rv; - CK_BYTE pad_value; - ulong_t i; - - pad_value = pData[padded_len - 1]; - - - /* Make sure there is a valid padding value. */ - if ((pad_value == 0) || (pad_value > block_size)) - return (CKR_ENCRYPTED_DATA_INVALID); - - for (i = padded_len - pad_value; i < padded_len; i++) - if (pad_value != pData[i]) - return (CKR_ENCRYPTED_DATA_INVALID); +#ifdef __sparcv9 + if ((rv = pkcs7_decode(pData, (&padded_len))) != CKR_OK) +#else /* !__sparcv9 */ + if ((rv = pkcs7_decode(pData, (size_t *)(&padded_len))) != CKR_OK) +#endif /* __sparcv9 */ + return (rv); - *pulDataLen = padded_len - pad_value; + *pulDataLen = padded_len; return (CKR_OK); } @@ -604,7 +596,7 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, * plaintext. */ rv = soft_remove_pkcs7_padding(pLastPart, - DES_BLOCK_LEN, &out_len, DES_BLOCK_LEN); + DES_BLOCK_LEN, &out_len); if (rv != CKR_OK) *pulLastPartLen = 0; else @@ -713,7 +705,7 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, * plaintext. */ rv = soft_remove_pkcs7_padding(pLastPart, - AES_BLOCK_LEN, &out_len, AES_BLOCK_LEN); + AES_BLOCK_LEN, &out_len); if (rv != CKR_OK) *pulLastPartLen = 0; else diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c index 8fa02ea1d0..39e863065e 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <pthread.h> @@ -43,15 +43,7 @@ void soft_add_pkcs7_padding(CK_BYTE *buf, int block_size, CK_ULONG data_len) { - - ulong_t i, pad_len; - CK_BYTE pad_value; - - pad_len = block_size - (data_len % block_size); - pad_value = (CK_BYTE)pad_len; - - for (i = 0; i < pad_len; i++) - buf[i] = pad_value; + (void) pkcs7_encode(NULL, data_len, buf, block_size, block_size); } /* @@ -844,7 +836,7 @@ clean1: * or by the 2nd tier of session close routine. Since the 1st tier * caller will always call this function without locking the session * mutex and the 2nd tier caller will call with the lock, we add the - * third parameter "lock_held" to distiguish this case. + * third parameter "lock_held" to distinguish this case. */ void soft_crypt_cleanup(soft_session_t *session_p, boolean_t encrypt, diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsDSA.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsDSA.h deleted file mode 100644 index 52cea0dcee..0000000000 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsDSA.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _FIPS_DSA_H -#define _FIPS_DSA_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ -#define FIPS_DSA_SEED_LENGTH 20 /* 160-bits */ -#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ -#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ -#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ -#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ - -typedef struct DSAParams_s { - uint8_t *prime; - int prime_len; - uint8_t *subprime; - int subprime_len; - uint8_t *base; - int base_len; -} DSAParams_t; - -typedef struct fips_key_s { - uint8_t *key; - int key_len; -} fips_key_t; - - -/* DSA functions */ -extern CK_RV fips_generate_dsa_key(DSAkey *, uint8_t *, int); -extern CK_RV fips_dsa_genkey_pair(DSAParams_t *, - fips_key_t *, fips_key_t *, uint8_t *, int); -extern CK_RV fips_dsa_digest_sign(DSAParams_t *, - fips_key_t *, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, uint8_t *, int); -extern CK_RV fips_dsa_verify(DSAParams_t *, fips_key_t *, - CK_BYTE_PTR, CK_BYTE_PTR); - -#ifdef __cplusplus -} -#endif - -#endif /* _FIPS_DSA_H */ diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsDSAUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsDSAUtil.c deleted file mode 100644 index e8c7f2ee6f..0000000000 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsDSAUtil.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include <sys/types.h> -#include <sys/errno.h> -#include <sys/fcntl.h> -#include <sys/time.h> -#include <sys/unistd.h> -#include <sys/kmem.h> -#include <sys/systm.h> -#include <sys/sysmacros.h> -#include <sys/sha1.h> -#define _SHA2_IMPL -#include <sys/sha2.h> -#include <sys/crypto/common.h> -#include <modes/modes.h> -#include <bignum.h> -#include <stdlib.h> -#include <string.h> -#include <strings.h> -#include <stdio.h> -#include <security/cryptoki.h> -#include <cryptoutil.h> -#include "softCrypt.h" -#include "softGlobal.h" -#include "softRSA.h" -#include "softDSA.h" -#include "softRandom.h" -#include "softOps.h" -#include "softMAC.h" -#include "softFipsDSA.h" -#include <sha1_impl.h> - -CK_RV -fips_generate_dsa_key(DSAkey *key, uint8_t *seed, int seed_len) -{ - BIG_ERR_CODE err; - - - bytestring2bignum(&key->x, seed, seed_len); - - /* Compute public key y = g**x mod p */ - if ((err = big_modexp(&(key->y), &(key->g), (&key->x), - (&key->p), NULL)) != BIG_OK) - return (convert_rv(err)); - - return (CKR_OK); -} - -CK_RV -fips_dsa_genkey_pair(DSAParams_t *dsa_params, fips_key_t *pubkey, - fips_key_t *prikey, uint8_t *seed, int seed_len) -{ - BIG_ERR_CODE brv; - CK_RV rv; - DSAkey dsakey = {0}; - - /* - * initialize the dsa key - * Note: big_extend takes length in words - */ - if ((brv = DSA_key_init(&dsakey, dsa_params->prime_len * 8)) - != BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - if ((brv = big_extend(&dsakey.p, - CHARLEN2BIGNUMLEN(dsa_params->prime_len))) != BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - bytestring2bignum(&dsakey.p, dsa_params->prime, dsa_params->prime_len); - - if ((brv = big_extend(&dsakey.q, - CHARLEN2BIGNUMLEN(dsa_params->subprime_len))) != BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - bytestring2bignum(&dsakey.q, dsa_params->subprime, - dsa_params->subprime_len); - - if ((brv = big_extend(&dsakey.g, - CHARLEN2BIGNUMLEN(dsa_params->base_len))) != BIG_OK) { - rv = convert_rv(brv); - goto cleanexit; - } - - bytestring2bignum(&dsakey.g, dsa_params->base, dsa_params->base_len); - - /* - * generate DSA key pair - * Note: bignum.len is length of value in words - */ - if ((rv = fips_generate_dsa_key(&dsakey, seed, seed_len)) != CKR_OK) { - goto cleanexit; - } - - /* pubkey->key_len = dsakey.y.len * (int)sizeof (uint32_t); */ - pubkey->key_len = dsa_params->prime_len; - if ((pubkey->key = malloc(pubkey->key_len)) == NULL) { - rv = CKR_HOST_MEMORY; - goto cleanexit; - } - bignum2bytestring(pubkey->key, &dsakey.y, pubkey->key_len); - - /* prikey->key_len = dsakey.x.len * (int)sizeof (uint32_t); */ - prikey->key_len = DSA_SUBPRIME_BYTES; - if ((prikey->key = malloc(prikey->key_len)) == NULL) { - rv = CKR_HOST_MEMORY; - goto cleanexit; - } - bignum2bytestring(prikey->key, &dsakey.x, prikey->key_len); - DSA_key_finish(&dsakey); - return (CKR_OK); - -cleanexit: - DSA_key_finish(&dsakey); - - if (pubkey->key != NULL) { - free(pubkey->key); - } - - if (prikey->key != NULL) { - free(prikey->key); - } - - return (rv); -} - -CK_RV -fips_dsa_digest_sign(DSAParams_t *dsa_params, fips_key_t *key, - CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out, - uint8_t *seed, int seed_len) -{ - - - DSAkey dsakey; - BIGNUM msg, tmp, tmp1, tmp2; - BIG_ERR_CODE err; - CK_RV rv = CKR_OK; - SHA1_CTX *sha1_context = NULL; - uint8_t sha1_computed_digest[FIPS_DSA_DIGEST_LENGTH]; - - sha1_context = fips_sha1_build_context(); - if (sha1_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha1_hash(sha1_context, in, inlen, sha1_computed_digest); - - if ((err = DSA_key_init(&dsakey, dsa_params->prime_len * 8)) != - BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean1; - } - - if ((err = big_init(&msg, BIG_CHUNKS_FOR_160BITS)) != BIG_OK) { - goto clean2; - } - if ((err = big_init(&tmp, CHARLEN2BIGNUMLEN(dsa_params->prime_len) + - 2 * BIG_CHUNKS_FOR_160BITS + 1)) != BIG_OK) { - goto clean3; - } - if ((err = big_init(&tmp1, 2 * BIG_CHUNKS_FOR_160BITS + 1)) != BIG_OK) { - goto clean4; - } - if ((err = big_init(&tmp2, BIG_CHUNKS_FOR_160BITS)) != BIG_OK) { - goto clean5; - } - - bytestring2bignum(&(dsakey.g), dsa_params->base, - dsa_params->prime_len); - bytestring2bignum(&(dsakey.x), key->key, seed_len); - bytestring2bignum(&(dsakey.p), dsa_params->prime, - dsa_params->prime_len); - bytestring2bignum(&(dsakey.q), dsa_params->subprime, - DSA_SUBPRIME_BYTES); - bytestring2bignum(&msg, (uchar_t *)sha1_computed_digest, - FIPS_DSA_DIGEST_LENGTH); - - bytestring2bignum(&(dsakey.k), seed, seed_len); - - if ((err = big_div_pos(NULL, &(dsakey.k), &(dsakey.k), - &(dsakey.q))) != BIG_OK) - goto clean6; - - if ((err = big_modexp(&tmp, &(dsakey.g), &(dsakey.k), &(dsakey.p), - NULL)) != BIG_OK) - goto clean6; - - if ((err = big_div_pos(NULL, &(dsakey.r), &tmp, &(dsakey.q))) != - BIG_OK) - goto clean6; - - if ((err = big_ext_gcd_pos(NULL, NULL, &tmp, &(dsakey.q), - &(dsakey.k))) != BIG_OK) - goto clean6; - - if (tmp.sign == -1) - if ((err = big_add(&tmp, &tmp, &(dsakey.q))) != BIG_OK) - goto clean6; /* tmp <- k^-1 */ - - if ((err = big_mul(&tmp1, &(dsakey.x), &(dsakey.r))) != BIG_OK) - goto clean6; - - if ((err = big_add(&tmp1, &tmp1, &msg)) != BIG_OK) - goto clean6; - - if ((err = big_mul(&tmp, &tmp1, &tmp)) != BIG_OK) - goto clean6; - - if ((err = big_div_pos(NULL, &(dsakey.s), &tmp, &(dsakey.q))) != - BIG_OK) - goto clean6; - - bignum2bytestring((uchar_t *)out, &(dsakey.r), 20); - bignum2bytestring((uchar_t *)out + 20, &(dsakey.s), 20); - - err = BIG_OK; - -clean6: - big_finish(&tmp2); -clean5: - big_finish(&tmp1); -clean4: - big_finish(&tmp); -clean3: - big_finish(&msg); -clean2: - DSA_key_finish(&dsakey); - if (err == BIG_OK) - rv = CKR_OK; - else if (err == BIG_NO_MEM) - rv = CKR_HOST_MEMORY; - else - rv = CKR_FUNCTION_FAILED; -clean1: - free(sha1_context); - return (rv); -} - -CK_RV -fips_dsa_verify(DSAParams_t *dsa_params, fips_key_t *key, - CK_BYTE_PTR data, CK_BYTE_PTR sig) -{ - - DSAkey dsakey; - BIGNUM msg, tmp1, tmp2, tmp3; - CK_RV rv = CKR_OK; - SHA1_CTX *sha1_context = NULL; - uint8_t sha1_computed_digest[FIPS_DSA_DIGEST_LENGTH]; - - sha1_context = fips_sha1_build_context(); - if (sha1_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha1_hash(sha1_context, data, - FIPS_DSA_DIGEST_LENGTH, sha1_computed_digest); - - if (DSA_key_init(&dsakey, dsa_params->prime_len * 8) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean1; - } - - rv = CKR_HOST_MEMORY; - if (big_init(&msg, BIG_CHUNKS_FOR_160BITS) != BIG_OK) { - goto clean6; - } - if (big_init(&tmp1, 2 * CHARLEN2BIGNUMLEN(dsa_params->prime_len)) != - BIG_OK) { - goto clean7; - } - if (big_init(&tmp2, CHARLEN2BIGNUMLEN(dsa_params->prime_len)) != - BIG_OK) { - goto clean8; - } - if (big_init(&tmp3, 2 * BIG_CHUNKS_FOR_160BITS) != BIG_OK) { - goto clean9; - } - - bytestring2bignum(&(dsakey.g), dsa_params->base, - dsa_params->base_len); - bytestring2bignum(&(dsakey.y), key->key, key->key_len); - bytestring2bignum(&(dsakey.p), dsa_params->prime, - dsa_params->prime_len); - bytestring2bignum(&(dsakey.q), dsa_params->subprime, - DSA_SUBPRIME_BYTES); - bytestring2bignum(&(dsakey.r), (uchar_t *)sig, 20); - bytestring2bignum(&(dsakey.s), ((uchar_t *)sig) + 20, 20); - bytestring2bignum(&msg, (uchar_t *)sha1_computed_digest, - FIPS_DSA_DIGEST_LENGTH); - - if (big_ext_gcd_pos(NULL, &tmp2, NULL, &(dsakey.s), &(dsakey.q)) != - BIG_OK) - goto clean10; - - if (tmp2.sign == -1) - if (big_add(&tmp2, &tmp2, &(dsakey.q)) != BIG_OK) - goto clean10; /* tmp2 <- w */ - - if (big_mul(&tmp1, &msg, &tmp2) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp1, &tmp1, &(dsakey.q)) != BIG_OK) - goto clean10; /* tmp1 <- u_1 */ - - if (big_mul(&tmp2, &tmp2, &(dsakey.r)) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp2, &tmp2, &(dsakey.q)) != BIG_OK) - goto clean10; /* tmp2 <- u_2 */ - - if (big_modexp(&tmp1, &(dsakey.g), &tmp1, &(dsakey.p), NULL) != - BIG_OK) - goto clean10; - - if (big_modexp(&tmp2, &(dsakey.y), &tmp2, &(dsakey.p), NULL) != - BIG_OK) - goto clean10; - - if (big_mul(&tmp1, &tmp1, &tmp2) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp1, &tmp1, &(dsakey.p)) != BIG_OK) - goto clean10; - - if (big_div_pos(NULL, &tmp1, &tmp1, &(dsakey.q)) != BIG_OK) - goto clean10; - - if (big_cmp_abs(&tmp1, &(dsakey.r)) == 0) - rv = CKR_OK; - else - rv = CKR_SIGNATURE_INVALID; - -clean10: - big_finish(&tmp3); -clean9: - big_finish(&tmp2); -clean8: - big_finish(&tmp1); -clean7: - big_finish(&msg); -clean6: - DSA_key_finish(&dsakey); -clean1: - free(sha1_context); - return (rv); -} - -/* - * DSA Power-On SelfTest(s). - */ -CK_RV -soft_fips_dsa_post(void) -{ - /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */ - static uint8_t dsa_P[] = { - 0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28, - 0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63, - 0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0, - 0x6d, 0xd2, 0x67, 0x6b, 0x37, 0x81, 0x83, 0x0c, - 0xfe, 0x3a, 0x8a, 0xfd, 0xa0, 0x3b, 0x08, 0x91, - 0x1c, 0xcb, 0xb5, 0x63, 0xb0, 0x1c, 0x70, 0xd0, - 0xae, 0xe1, 0x60, 0x2e, 0x12, 0xeb, 0x54, 0xc7, - 0xcf, 0xc6, 0xcc, 0xae, 0x97, 0x52, 0x32, 0x63, - 0xd3, 0xeb, 0x55, 0xea, 0x2f, 0x4c, 0xd5, 0xd7, - 0x3f, 0xda, 0xec, 0x49, 0x27, 0x0b, 0x14, 0x56, - 0xc5, 0x09, 0xbe, 0x4d, 0x09, 0x15, 0x75, 0x2b, - 0xa3, 0x42, 0x0d, 0x03, 0x71, 0xdf, 0x0f, 0xf4, - 0x0e, 0xe9, 0x0c, 0x46, 0x93, 0x3d, 0x3f, 0xa6, - 0x6c, 0xdb, 0xca, 0xe5, 0xac, 0x96, 0xc8, 0x64, - 0x5c, 0xec, 0x4b, 0x35, 0x65, 0xfc, 0xfb, 0x5a, - 0x1b, 0x04, 0x1b, 0xa1, 0x0e, 0xfd, 0x88, 0x15 - }; - - static uint8_t dsa_Q[] = { - 0xad, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e, - 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6, - 0x91, 0x99, 0x8b, 0xcf - }; - - static uint8_t dsa_G[] = { - 0x78, 0x6e, 0xa9, 0xd8, 0xcd, 0x4a, 0x85, 0xa4, - 0x45, 0xb6, 0x6e, 0x5d, 0x21, 0x50, 0x61, 0xf6, - 0x5f, 0xdf, 0x5c, 0x7a, 0xde, 0x0d, 0x19, 0xd3, - 0xc1, 0x3b, 0x14, 0xcc, 0x8e, 0xed, 0xdb, 0x17, - 0xb6, 0xca, 0xba, 0x86, 0xa9, 0xea, 0x51, 0x2d, - 0xc1, 0xa9, 0x16, 0xda, 0xf8, 0x7b, 0x59, 0x8a, - 0xdf, 0xcb, 0xa4, 0x67, 0x00, 0x44, 0xea, 0x24, - 0x73, 0xe5, 0xcb, 0x4b, 0xaf, 0x2a, 0x31, 0x25, - 0x22, 0x28, 0x3f, 0x16, 0x10, 0x82, 0xf7, 0xeb, - 0x94, 0x0d, 0xdd, 0x09, 0x22, 0x14, 0x08, 0x79, - 0xba, 0x11, 0x0b, 0xf1, 0xff, 0x2d, 0x67, 0xac, - 0xeb, 0xb6, 0x55, 0x51, 0x69, 0x97, 0xa7, 0x25, - 0x6b, 0x9c, 0xa0, 0x9b, 0xd5, 0x08, 0x9b, 0x27, - 0x42, 0x1c, 0x7a, 0x69, 0x57, 0xe6, 0x2e, 0xed, - 0xa9, 0x5b, 0x25, 0xe8, 0x1f, 0xd2, 0xed, 0x1f, - 0xdf, 0xe7, 0x80, 0x17, 0xba, 0x0d, 0x4d, 0x38 - }; - - /* - * DSA Known Random Values (known random key block is 160-bits) - * and (known random signature block is 160-bits). - */ - static uint8_t dsa_known_random_key_block[] = { - "This is DSA RNG key!" - }; - - static uint8_t dsa_known_random_signature_block[] = { - "Random DSA Signature" - }; - - /* DSA Known Digest (160-bits) */ - static uint8_t dsa_known_digest[] = { - "DSA Signature Digest" - }; - - /* DSA Known Signature (320-bits). */ - static uint8_t dsa_known_signature[] = { - 0x25, 0x7c, 0x3a, 0x79, 0x32, 0x45, 0xb7, 0x32, - 0x70, 0xca, 0x62, 0x63, 0x2b, 0xf6, 0x29, 0x2c, - 0x22, 0x2a, 0x03, 0xce, 0x65, 0x02, 0x72, 0x5a, - 0x66, 0x29, 0xcf, 0x56, 0xe6, 0xdf, 0xb0, 0xcc, - 0x53, 0x72, 0x56, 0x70, 0x92, 0xb5, 0x45, 0x75 - - }; - - /* DSA variables. */ - DSAParams_t dsa_params; - CK_RV rv = CKR_OK; - - fips_key_t dsa_private_key; - fips_key_t dsa_public_key; - uint8_t dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH]; - - dsa_params.prime = dsa_P; - dsa_params.prime_len = FIPS_DSA_PRIME_LENGTH; - dsa_params.subprime = dsa_Q; - dsa_params.subprime_len = FIPS_DSA_SUBPRIME_LENGTH; - dsa_params.base = dsa_G; - dsa_params.base_len = FIPS_DSA_BASE_LENGTH; - - - /* Generate a DSA public/private key pair. */ - rv = fips_dsa_genkey_pair(&dsa_params, &dsa_public_key, - &dsa_private_key, dsa_known_random_key_block, - FIPS_DSA_SEED_LENGTH); - - if (rv != CKR_OK) - return (CKR_DEVICE_ERROR); - - /* - * DSA Known Answer Signature Test - */ - - /* Perform DSA signature process. */ - rv = fips_dsa_digest_sign(&dsa_params, &dsa_private_key, - dsa_known_digest, FIPS_DSA_DIGEST_LENGTH, - dsa_computed_signature, dsa_known_random_signature_block, - FIPS_DSA_SEED_LENGTH); - - if ((rv != CKR_OK) || - (memcmp(dsa_computed_signature, dsa_known_signature, - FIPS_DSA_SIGNATURE_LENGTH) != 0)) { - goto clean; - } - - /* - * DSA Known Answer Verification Test - */ - - /* Perform DSA verification process. */ - rv = fips_dsa_verify(&dsa_params, &dsa_public_key, - dsa_known_digest, dsa_computed_signature); - -clean: - free(dsa_private_key.key); - free(dsa_public_key.key); - - if (rv != CKR_OK) - return (CKR_DEVICE_ERROR); - else - return (CKR_OK); - -} diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPost.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPost.c index e9bc272eee..7fdec8d5cf 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPost.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPost.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <stdlib.h> @@ -35,6 +35,8 @@ #define _AES_FIPS_POST #define _DES_FIPS_POST #include "softCrypt.h" +#define _DSA_FIPS_POST +#include <dsa_impl.h> #define _RSA_FIPS_POST #include <rsa_impl.h> #include <sha1_impl.h> @@ -43,7 +45,6 @@ extern int fips_ecdsa_post(void); -extern CK_RV soft_fips_dsa_post(void); /* @@ -143,7 +144,7 @@ soft_fips_post(void) * 1. DSA Sign on SHA-1 digest * 2. DSA Verification */ - rv = soft_fips_dsa_post(); + rv = fips_dsa_post(); if (rv != CKR_OK) return (rv); diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPostUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPostUtil.c index 5c9ab5c6d8..7cdb65edc8 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPostUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPostUtil.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/types.h> @@ -36,7 +36,6 @@ #include <sys/sha2.h> #include <sys/crypto/common.h> #include <modes/modes.h> -#include <bignum.h> #include <stdlib.h> #include <string.h> #include <strings.h> @@ -47,12 +46,10 @@ #include "softGlobal.h" #include "softRSA.h" #include "softDSA.h" -#include "softRandom.h" #include "softOps.h" #include "softMAC.h" #include <fips_post.h> -#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ #define MAX_ECKEY_LEN 72 @@ -62,7 +59,7 @@ * This function returns * CKR_OK if pairwise consistency check passed * CKR_GENERAL_ERROR if pairwise consistency check failed - * other error codes if paiswise consistency check could not be + * other error codes if pairwise consistency check could not be * performed, for example, CKR_HOST_MEMORY. * * Key type Mechanism type diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h index 64e154c314..ea73e1a58d 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SOFTOBJECT_H @@ -922,6 +922,8 @@ CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p); CK_RV get_bigint_attr_from_template(biginteger_t *big, CK_ATTRIBUTE_PTR template); +CK_RV dup_bigint_attr(biginteger_t *bi, CK_BYTE *buf, CK_ULONG buflen); + #ifdef __cplusplus } #endif diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObjectUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObjectUtil.c index aacc01a5a7..9794565299 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObjectUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObjectUtil.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <pthread.h> @@ -1493,3 +1493,14 @@ cleanup: delete_all_objs_in_list(added_objs_list); return (rv); } + +CK_RV +dup_bigint_attr(biginteger_t *bi, CK_BYTE *buf, CK_ULONG buflen) +{ + bi->big_value_len = buflen; + if ((bi->big_value = malloc(buflen)) == NULL) { + return (CKR_HOST_MEMORY); + } + (void) memcpy(bi->big_value, buf, buflen); + return (CKR_OK); +} diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c index 669c1bfda4..a919b32d0e 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c @@ -18,27 +18,24 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <pthread.h> #include <stdlib.h> #include <string.h> #include <strings.h> #include <sys/types.h> #include <security/cryptoki.h> -#include <bignum.h> +#include <cryptoutil.h> #include "softGlobal.h" #include "softSession.h" #include "softObject.h" #include "softOps.h" #include "softRSA.h" #include "softMAC.h" -#include "softRandom.h" #include "softCrypt.h" CK_RV @@ -54,8 +51,7 @@ soft_rsa_encrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, uchar_t modulus[MAX_KEY_ATTR_BUFLEN]; uint32_t expo_len = sizeof (expo); uint32_t modulus_len = sizeof (modulus); - BIGNUM msg; - RSAkey *rsakey; + RSAbytekey k; if (realpublic) { rv = soft_get_public_value(key, CKA_PUBLIC_EXPONENT, expo, @@ -76,58 +72,14 @@ soft_rsa_encrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, goto clean1; } - if (expo_len > modulus_len) { - rv = CKR_KEY_SIZE_RANGE; - goto clean1; - } - - rsakey = calloc(1, sizeof (RSAkey)); - if (rsakey == NULL) { - rv = CKR_HOST_MEMORY; - goto clean1; - } + k.modulus = modulus; + k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len); + k.pubexpo = expo; + k.pubexpo_bytes = expo_len; + k.rfunc = NULL; - if (RSA_key_init(rsakey, modulus_len * 4, modulus_len * 4) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean4; - } - - /* Size for big_init is in BIG_CHUNK_TYPE words. */ - if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean5; - } - - /* Convert octet string exponent to big integer format. */ - bytestring2bignum(&(rsakey->e), expo, expo_len); - - /* Convert octet string modulus to big integer format. */ - bytestring2bignum(&(rsakey->n), modulus, modulus_len); - - /* Convert octet string input data to big integer format. */ - bytestring2bignum(&msg, (uchar_t *)in, in_len); - - if (big_cmp_abs(&msg, &(rsakey->n)) > 0) { - rv = CKR_DATA_LEN_RANGE; - goto clean6; - } + rv = rsa_encrypt(&k, in, in_len, out); - /* Perform RSA computation on big integer input data. */ - if (big_modexp(&msg, &msg, &(rsakey->e), &(rsakey->n), NULL) != - BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean6; - } - - /* Convert the big integer output data to octet string. */ - bignum2bytestring((uchar_t *)out, &msg, modulus_len); - -clean6: - big_finish(&msg); -clean5: - RSA_key_finish(rsakey); -clean4: - free(rsakey); clean1: /* EXPORT DELETE END */ @@ -157,8 +109,7 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, uint32_t expo1_len = sizeof (expo1); uint32_t expo2_len = sizeof (expo2); uint32_t coef_len = sizeof (coef); - BIGNUM msg; - RSAkey *rsakey; + RSAbytekey k; rv = soft_get_private_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { @@ -215,66 +166,22 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, goto clean1; } - rsakey = calloc(1, sizeof (RSAkey)); - if (rsakey == NULL) { - rv = CKR_HOST_MEMORY; - goto clean1; - } - - /* psize and qsize for RSA_key_init is in bits. */ - if (RSA_key_init(rsakey, prime2_len * 8, prime1_len * 8) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean8; - } - - /* Size for big_init is in BIG_CHUNK_TYPE words. */ - if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean9; - } - - /* Convert octet string input data to big integer format. */ - bytestring2bignum(&msg, (uchar_t *)in, in_len); - - /* Convert octet string modulus to big integer format. */ - bytestring2bignum(&(rsakey->n), modulus, modulus_len); - - if (big_cmp_abs(&msg, &(rsakey->n)) > 0) { - rv = CKR_DATA_LEN_RANGE; - goto clean10; - } + k.modulus = modulus; + k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len); + k.prime1 = prime1; + k.prime1_bytes = prime1_len; + k.prime2 = prime2; + k.prime2_bytes = prime2_len; + k.expo1 = expo1; + k.expo1_bytes = expo1_len; + k.expo2 = expo2; + k.expo2_bytes = expo2_len; + k.coeff = coef; + k.coeff_bytes = coef_len; + k.rfunc = NULL; - /* Convert the rest of private key attributes to big integer format. */ - bytestring2bignum(&(rsakey->dmodpminus1), expo2, expo2_len); - bytestring2bignum(&(rsakey->dmodqminus1), expo1, expo1_len); - bytestring2bignum(&(rsakey->p), prime2, prime2_len); - bytestring2bignum(&(rsakey->q), prime1, prime1_len); - bytestring2bignum(&(rsakey->pinvmodq), coef, coef_len); + rv = rsa_decrypt(&k, in, in_len, out); - if ((big_cmp_abs(&(rsakey->dmodpminus1), &(rsakey->p)) > 0) || - (big_cmp_abs(&(rsakey->dmodqminus1), &(rsakey->q)) > 0) || - (big_cmp_abs(&(rsakey->pinvmodq), &(rsakey->q)) > 0)) { - rv = CKR_KEY_SIZE_RANGE; - goto clean10; - } - - /* Perform RSA computation on big integer input data. */ - if (big_modexp_crt(&msg, &msg, &(rsakey->dmodpminus1), - &(rsakey->dmodqminus1), &(rsakey->p), &(rsakey->q), - &(rsakey->pinvmodq), NULL, NULL) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean10; - } - - /* Convert the big integer output data to octet string. */ - bignum2bytestring((uchar_t *)out, &msg, modulus_len); - -clean10: - big_finish(&msg); -clean9: - RSA_key_finish(rsakey); -clean8: - free(rsakey); clean1: /* EXPORT DELETE END */ @@ -397,7 +304,7 @@ soft_rsa_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData, * Add PKCS padding to the input data to format a block * type "02" encryption block. */ - rv = soft_encrypt_rsa_pkcs_encode(pData, ulDataLen, plain_data, + rv = pkcs1_encode(PKCS1_ENCRYPT, pData, ulDataLen, plain_data, modulus_len); if (rv != CKR_OK) @@ -474,11 +381,11 @@ soft_rsa_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted, } if (mechanism == CKM_RSA_PKCS) { - int plain_len = modulus_len; - uint32_t num_padding; + size_t plain_len = modulus_len; + size_t num_padding; /* Strip off the PKCS block formatting data. */ - rv = soft_decrypt_rsa_pkcs_decode(plain_data, &plain_len); + rv = pkcs1_decode(PKCS1_DECRYPT, plain_data, &plain_len); if (rv != CKR_OK) goto clean_exit; @@ -691,7 +598,7 @@ soft_rsa_sign_common(soft_session_t *session_p, CK_BYTE_PTR pData, * Add PKCS padding to the input data to format a block * type "01" encryption block. */ - rv = soft_sign_rsa_pkcs_encode(pData, ulDataLen, plain_data, + rv = pkcs1_encode(PKCS1_SIGN, pData, ulDataLen, plain_data, modulus_len); if (rv != CKR_OK) { @@ -755,6 +662,11 @@ soft_rsa_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData, goto clean_exit; } + if (ulDataLen == 0) { + rv = CKR_DATA_LEN_RANGE; + goto clean_exit; + } + if (ulSignatureLen != (CK_ULONG)modulus_len) { rv = CKR_SIGNATURE_LEN_RANGE; goto clean_exit; @@ -780,15 +692,15 @@ soft_rsa_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData, * recovered data, then compare the recovered data with * the original data. */ - int data_len = modulus_len; + size_t data_len = modulus_len; - rv = soft_verify_rsa_pkcs_decode(plain_data, &data_len); + rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len); if (rv != CKR_OK) { goto clean_exit; } if ((CK_ULONG)data_len != ulDataLen) { - rv = CKR_SIGNATURE_LEN_RANGE; + rv = CKR_DATA_LEN_RANGE; goto clean_exit; } else if (memcmp(pData, &plain_data[modulus_len - data_len], @@ -840,36 +752,17 @@ clean_exit: } CK_RV -soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey, - CK_ATTRIBUTE_TYPE type, uint32_t modulus_len, boolean_t public) +soft_genRSAkey_set_attribute(soft_object_t *key, CK_ATTRIBUTE_TYPE type, + uchar_t *buf, uint32_t buflen, boolean_t public) { - - uchar_t *buf, *buf1; - uint32_t buflen; CK_RV rv = CKR_OK; biginteger_t *dst = NULL; biginteger_t src; - /* - * Allocate the buffer used to store the value of key fields - * for bignum2bytestring. Since bignum only deals with a buffer - * whose size is multiple of sizeof (BIG_CHUNK_TYPE), - * modulus_len is rounded up to be multiple of that. - */ - if ((buf1 = malloc((modulus_len + sizeof (BIG_CHUNK_TYPE) - 1) & - ~(sizeof (BIG_CHUNK_TYPE) - 1))) == NULL) { - rv = CKR_HOST_MEMORY; - goto cleanexit; - } - - buf = buf1; - switch (type) { case CKA_MODULUS: - buflen = rsakey->n.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->n, buflen); if (public) dst = OBJ_PUB_RSA_MOD(key); else @@ -878,8 +771,6 @@ soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey, case CKA_PUBLIC_EXPONENT: - buflen = rsakey->e.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->e, buflen); if (public) dst = OBJ_PUB_RSA_PUBEXPO(key); else @@ -888,269 +779,90 @@ soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey, case CKA_PRIVATE_EXPONENT: - buflen = rsakey->d.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->d, buflen); dst = OBJ_PRI_RSA_PRIEXPO(key); break; case CKA_PRIME_1: - buflen = rsakey->q.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->q, buflen); dst = OBJ_PRI_RSA_PRIME1(key); break; case CKA_PRIME_2: - buflen = rsakey->p.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->p, buflen); dst = OBJ_PRI_RSA_PRIME2(key); break; case CKA_EXPONENT_1: - buflen = rsakey->dmodqminus1.len * - (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->dmodqminus1, buflen); dst = OBJ_PRI_RSA_EXPO1(key); break; case CKA_EXPONENT_2: - buflen = rsakey->dmodpminus1.len * - (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->dmodpminus1, buflen); dst = OBJ_PRI_RSA_EXPO2(key); break; case CKA_COEFFICIENT: - buflen = rsakey->pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE); - bignum2bytestring(buf, &rsakey->pinvmodq, buflen); dst = OBJ_PRI_RSA_COEF(key); break; } + /* Note: no explanation found for why this is needed */ while (buf[0] == 0) { /* remove proceeding 0x00 */ buf++; buflen--; } - src.big_value_len = buflen; - - if ((src.big_value = malloc(buflen)) == NULL) { - rv = CKR_HOST_MEMORY; + if ((rv = dup_bigint_attr(&src, buf, buflen)) != CKR_OK) goto cleanexit; - } - (void) memcpy(src.big_value, buf, buflen); /* Copy the attribute in the key object. */ copy_bigint_attr(&src, dst); cleanexit: - free(buf1); return (rv); } CK_RV -generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM * pubexp, - boolean_t token_obj) -{ - CK_RV rv = CKR_OK; - -/* EXPORT DELETE START */ - - BIGNUM a, b, c, d, e, f, g, h; - int len, keylen, size; - BIG_ERR_CODE brv = BIG_OK; - - size = psize + qsize; - keylen = BITLEN2BIGNUMLEN(size); - len = keylen * 2 + 1; - key->size = size; - - a.malloced = 0; - b.malloced = 0; - c.malloced = 0; - d.malloced = 0; - e.malloced = 0; - f.malloced = 0; - g.malloced = 0; - h.malloced = 0; - - if ((big_init(&a, len) != BIG_OK) || - (big_init(&b, len) != BIG_OK) || - (big_init(&c, len) != BIG_OK) || - (big_init(&d, len) != BIG_OK) || - (big_init(&e, len) != BIG_OK) || - (big_init(&f, len) != BIG_OK) || - (big_init(&g, len) != BIG_OK) || - (big_init(&h, len) != BIG_OK)) { - big_finish(&h); - big_finish(&g); - big_finish(&f); - big_finish(&e); - big_finish(&d); - big_finish(&c); - big_finish(&b); - big_finish(&a); - - return (CKR_HOST_MEMORY); - } -nextp: - if ((brv = random_bignum(&a, psize, token_obj)) != BIG_OK) { - goto ret; - } - - if ((brv = big_nextprime_pos(&b, &a)) != BIG_OK) { - goto ret; - } - (void) big_sub_pos(&a, &b, &big_One); - if ((brv = big_ext_gcd_pos(&f, &d, &g, pubexp, &a)) != BIG_OK) { - goto ret; - } - if (big_cmp_abs(&f, &big_One) != 0) { - goto nextp; - } - - if ((brv = random_bignum(&c, qsize, token_obj)) != BIG_OK) { - goto ret; - } - -nextq: - (void) big_add(&a, &c, &big_Two); - - if (big_bitlength(&a) != qsize) { - goto nextp; - } - if (big_cmp_abs(&a, &b) == 0) { - goto nextp; - } - if ((brv = big_nextprime_pos(&c, &a)) != BIG_OK) { - goto ret; - } - if ((brv = big_mul(&g, &b, &c)) != BIG_OK) { - goto ret; - } - if (big_bitlength(&g) != size) { - goto nextp; - } - - (void) big_sub_pos(&a, &b, &big_One); - (void) big_sub_pos(&d, &c, &big_One); - - if ((brv = big_mul(&a, &a, &d)) != BIG_OK) { - goto ret; - } - if ((brv = big_ext_gcd_pos(&f, &d, &h, pubexp, &a)) != BIG_OK) { - goto ret; - } - if (big_cmp_abs(&f, &big_One) != 0) { - goto nextq; - } else { - (void) big_copy(&e, pubexp); - } - if (d.sign == -1) { - if ((brv = big_add(&d, &d, &a)) != BIG_OK) { - goto ret; - } - } - (void) big_copy(&(key->p), &b); - (void) big_copy(&(key->q), &c); - (void) big_copy(&(key->n), &g); - (void) big_copy(&(key->d), &d); - (void) big_copy(&(key->e), &e); - - if ((brv = big_ext_gcd_pos(&a, &f, &h, &b, &c)) != BIG_OK) { - goto ret; - } - if (f.sign == -1) { - if ((brv = big_add(&f, &f, &c)) != BIG_OK) { - goto ret; - } - } - (void) big_copy(&(key->pinvmodq), &f); - - (void) big_sub(&a, &b, &big_One); - if ((brv = big_div_pos(&a, &f, &d, &a)) != BIG_OK) { - goto ret; - } - (void) big_copy(&(key->dmodpminus1), &f); - (void) big_sub(&a, &c, &big_One); - if ((brv = big_div_pos(&a, &f, &d, &a)) != BIG_OK) { - goto ret; - } - (void) big_copy(&(key->dmodqminus1), &f); - - if ((brv = random_bignum(&h, size, token_obj)) != BIG_OK) { - goto ret; - } - if ((brv = big_div_pos(&a, &h, &h, &g)) != BIG_OK) { - goto ret; - } - if ((brv = big_modexp(&a, &h, &d, &g, NULL)) != BIG_OK) { - goto ret; - } - - if ((brv = big_modexp(&b, &a, &e, &g, NULL)) != BIG_OK) { - goto ret; - } - - if (big_cmp_abs(&b, &h) != 0) { - rv = generate_rsa_key(key, psize, qsize, pubexp, token_obj); - goto ret1; - } else { - brv = BIG_OK; - } - -ret: - rv = convert_rv(brv); -ret1: - big_finish(&h); - big_finish(&g); - big_finish(&f); - big_finish(&e); - big_finish(&d); - big_finish(&c); - big_finish(&b); - big_finish(&a); - -/* EXPORT DELETE END */ - - return (rv); -} - - -CK_RV soft_rsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) { - CK_RV rv = CKR_OK; + CK_ATTRIBUTE template; + uchar_t modulus[MAX_KEY_ATTR_BUFLEN]; uint32_t modulus_len; - uchar_t pub_expo[MAX_KEY_ATTR_BUFLEN]; + uchar_t pub_expo[MAX_KEY_ATTR_BUFLEN]; uint32_t pub_expo_len = sizeof (pub_expo); - BIGNUM public_exponent = {0}; - RSAkey rsakey = {0}; - CK_ATTRIBUTE template; + uchar_t private_exponent[MAX_KEY_ATTR_BUFLEN]; + uint32_t private_exponent_len = sizeof (private_exponent); + uchar_t prime1[MAX_KEY_ATTR_BUFLEN]; + uint32_t prime1_len = sizeof (prime1); + uchar_t prime2[MAX_KEY_ATTR_BUFLEN]; + uint32_t prime2_len = sizeof (prime2); + uchar_t exponent1[MAX_KEY_ATTR_BUFLEN]; + uint32_t exponent1_len = sizeof (exponent1); + uchar_t exponent2[MAX_KEY_ATTR_BUFLEN]; + uint32_t exponent2_len = sizeof (exponent2); + uchar_t coefficient[MAX_KEY_ATTR_BUFLEN]; + uint32_t coefficient_len = sizeof (coefficient); + RSAbytekey k; if ((pubkey == NULL) || (prikey == NULL)) { return (CKR_ARGUMENTS_BAD); } template.pValue = malloc(sizeof (CK_ULONG)); - if (template.pValue == NULL) { return (CKR_HOST_MEMORY); } - template.ulValueLen = sizeof (CK_ULONG); rv = get_ulong_attr_from_object(OBJ_PUB_RSA_MOD_BITS(pubkey), &template); - if (rv != CKR_OK) { + free(template.pValue); goto clean0; } @@ -1161,15 +873,7 @@ soft_rsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) modulus_len = *((CK_ULONG *)(template.pValue)); #endif /* __sparcv9 */ - /* Convert modulus length from bit length to byte length. */ - modulus_len = (modulus_len + 7) / 8; - - /* Modulus length needs to be between min key size and max key size. */ - if ((modulus_len < MIN_RSA_KEYLENGTH_IN_BYTES) || - (modulus_len > MAX_RSA_KEYLENGTH_IN_BYTES)) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto clean0; - } + free(template.pValue); rv = soft_get_public_value(pubkey, CKA_PUBLIC_EXPONENT, pub_expo, &pub_expo_len); @@ -1177,82 +881,85 @@ soft_rsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) goto clean0; } - /* Create a public exponent in bignum format. */ - if (big_init(&public_exponent, CHARLEN2BIGNUMLEN(modulus_len)) != - BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean0; - } - bytestring2bignum(&public_exponent, pub_expo, pub_expo_len); - - if (RSA_key_init(&rsakey, modulus_len * 4, modulus_len * 4) != BIG_OK) { - rv = CKR_HOST_MEMORY; - goto clean2; - } + /* Inputs to RSA key pair generation */ + k.modulus_bits = modulus_len; /* save modulus len in bits */ + modulus_len = CRYPTO_BITS2BYTES(modulus_len); /* convert to bytes */ + k.modulus = modulus; + k.pubexpo = pub_expo; + k.pubexpo_bytes = pub_expo_len; + k.rfunc = (IS_TOKEN_OBJECT(pubkey) || IS_TOKEN_OBJECT(prikey)) ? + pkcs11_get_random : pkcs11_get_urandom; + + /* Outputs from RSA key pair generation */ + k.privexpo = private_exponent; + k.privexpo_bytes = private_exponent_len; + k.prime1 = prime1; + k.prime1_bytes = prime1_len; + k.prime2 = prime2; + k.prime2_bytes = prime2_len; + k.expo1 = exponent1; + k.expo1_bytes = exponent1_len; + k.expo2 = exponent2; + k.expo2_bytes = exponent2_len; + k.coeff = coefficient; + k.coeff_bytes = coefficient_len; + + rv = rsa_genkey_pair(&k); - /* Generate RSA key pair. */ - if ((rv = generate_rsa_key(&rsakey, modulus_len * 4, modulus_len * 4, - &public_exponent, (IS_TOKEN_OBJECT(pubkey) || - IS_TOKEN_OBJECT(prikey)))) != CKR_OK) { - goto clean3; + if (rv != CKR_OK) { + goto clean0; } /* * Add modulus in public template, and add all eight key fields * in private template. */ - if ((rv = soft_genRSAkey_set_attribute(pubkey, &rsakey, - CKA_MODULUS, modulus_len, B_TRUE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(pubkey, CKA_MODULUS, + modulus, CRYPTO_BITS2BYTES(k.modulus_bits), B_TRUE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_MODULUS, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_MODULUS, + modulus, CRYPTO_BITS2BYTES(k.modulus_bits), B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_PRIVATE_EXPONENT, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_PRIVATE_EXPONENT, + private_exponent, k.privexpo_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_PUBLIC_EXPONENT, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_PUBLIC_EXPONENT, + pub_expo, k.pubexpo_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_PRIME_1, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_PRIME_1, + prime1, k.prime1_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_PRIME_2, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_PRIME_2, + prime2, k.prime2_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_EXPONENT_1, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_EXPONENT_1, + exponent1, k.expo1_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_EXPONENT_2, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_EXPONENT_2, + exponent2, k.expo2_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } - if ((rv = soft_genRSAkey_set_attribute(prikey, &rsakey, - CKA_COEFFICIENT, modulus_len, B_FALSE)) != CKR_OK) { - goto clean3; + if ((rv = soft_genRSAkey_set_attribute(prikey, CKA_COEFFICIENT, + coefficient, k.coeff_bytes, B_FALSE)) != CKR_OK) { + goto clean0; } -clean3: - RSA_key_finish(&rsakey); -clean2: - big_finish(&public_exponent); clean0: - free(template.pValue); - return (rv); } @@ -1509,9 +1216,9 @@ soft_rsa_verify_recover(soft_session_t *session_p, CK_BYTE_PTR pSignature, * Strip off the encoded padding bytes in front of the * recovered data. */ - int data_len = modulus_len; + size_t data_len = modulus_len; - rv = soft_verify_rsa_pkcs_decode(plain_data, &data_len); + rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len); if (rv != CKR_OK) { goto clean_exit; } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h index ffc86f4370..e25390f2fa 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h @@ -18,26 +18,24 @@ * * CDDL HEADER END */ + /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SOFTRSA_H #define _SOFTRSA_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif #include <sys/types.h> #include <security/pkcs11t.h> -#include <bignum.h> #include "softObject.h" #include "softSession.h" -#include "rsa_impl.h" +#include <padding.h> +#include <rsa_impl.h> typedef struct soft_rsa_ctx { diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c deleted file mode 100644 index 0a63501cf2..0000000000 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include <fcntl.h> -#include <pthread.h> -#include <stdlib.h> -#include <string.h> -#include <strings.h> -#include <unistd.h> -#include <errno.h> -#include <sys/stat.h> -#include <sys/types.h> -#include <security/cryptoki.h> -#include <bignum.h> -#include <cryptoutil.h> -#include "softGlobal.h" -#include "softRandom.h" -#include "softCrypt.h" - -CK_RV -soft_random_generator(CK_BYTE *ran_out, CK_ULONG ran_len, boolean_t token) -{ - /* - * When random-number generator is called by asymmetric token - * (persistent) key generation, use /dev/random. Otherwise, - * use /dev/urandom. - */ - if (token) { - if (pkcs11_get_random(ran_out, ran_len) < 0) - return (CKR_DEVICE_ERROR); - } else { - if (pkcs11_get_urandom(ran_out, ran_len) < 0) - return (CKR_DEVICE_ERROR); - } - return (CKR_OK); -} - - -/* - * Generate random number in BIGNUM format. length is in bits - */ -BIG_ERR_CODE -random_bignum(BIGNUM *r, int length, boolean_t token_obj) -{ - size_t len1; - CK_RV rv = CKR_OK; - - /* Convert length of bits to length of word to hold valid data. */ - r->len = (length-1) / BIG_CHUNK_SIZE + 1; - - /* len1 is the byte count. */ - len1 = r->len * sizeof (BIG_CHUNK_TYPE); - - /* Generate len1 bytes of data and store in memory pointed by value. */ - rv = soft_random_generator((CK_BYTE *)(r->value), len1, token_obj); - - if (rv != CKR_OK) { - return (convert_brv(rv)); - } - - r->value[r->len - 1] |= BIG_CHUNK_HIGHBIT; - - /* - * If the bit length is not on word boundary, shift the existing - * bits in last word to right adjusted. - */ - if ((length % BIG_CHUNK_SIZE) != 0) - r->value[r->len - 1] = - r->value[r->len - 1] >> - (BIG_CHUNK_SIZE - (length % BIG_CHUNK_SIZE)); - r->sign = 1; - - return (BIG_OK); -} diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandom.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandom.h deleted file mode 100644 index 2307ac7264..0000000000 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandom.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _SOFTRANDOM_H -#define _SOFTRANDOM_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include <sys/types.h> -#include <security/pkcs11t.h> -#include <bignum.h> -#include "softSession.h" - -BIG_ERR_CODE random_bignum(BIGNUM *, int, boolean_t); - -#ifdef __cplusplus -} -#endif - -#endif /* _SOFTRANDOM_H */ diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.h index 9dba84c946..39bff659e2 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -19,23 +18,20 @@ * * CDDL HEADER END */ + /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SOFTSSL_H #define _SOFTSSL_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif #include <sys/types.h> #include <security/pkcs11t.h> -#include <bignum.h> #include "softObject.h" #include "softSession.h" diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c index 85249f6d45..a18633094d 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c @@ -18,6 +18,7 @@ * * CDDL HEADER END */ + /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ @@ -207,10 +208,10 @@ static CK_MECHANISM_INFO soft_mechanism_info[] = { {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_RSA_PKCS in bits */ {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_RSA_PKCS in bits */ {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_RSA_PKCS in bits */ - {MIN_DH_KEYLENGTH, MAX_DH_KEYLENGTH, CKF_GENERATE_KEY_PAIR}, + {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR}, /* CKM_DH_PKCS_KEY_PAIR_GEN */ /* in bits */ - {MIN_DH_KEYLENGTH, MAX_DH_KEYLENGTH, CKF_DERIVE}, + {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_DERIVE}, /* CKM_DH_PKCS_DERIVE; */ /* in bits */ {1, 16, CKF_DERIVE}, /* CKM_MD5_KEY_DERIVATION */ |