diff options
Diffstat (limited to 'usr/src/common/crypto/dsa/dsa_impl.h')
| -rw-r--r-- | usr/src/common/crypto/dsa/dsa_impl.h | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/usr/src/common/crypto/dsa/dsa_impl.h b/usr/src/common/crypto/dsa/dsa_impl.h new file mode 100644 index 0000000000..c550aaf517 --- /dev/null +++ b/usr/src/common/crypto/dsa/dsa_impl.h @@ -0,0 +1,136 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef _DSA_IMPL_H +#define _DSA_IMPL_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include <sys/types.h> +#include <bignum.h> + +/* DSA Signature is always 40 bytes */ +#define DSA_SIGNATURE_LENGTH 40 +#define MIN_DSA_KEY_LEN (512 >> 3) +#define MAX_DSA_KEY_LEN (1024 >> 3) + +#define DSA_SUBPRIME_BITS 160 +#define DSA_SUBPRIME_BYTES (DSA_SUBPRIME_BITS >> 3) + +#ifdef _KERNEL + +#include <sys/sunddi.h> +#include <sys/crypto/common.h> + +#define CK_RV int + +#define CKR_OK CRYPTO_SUCCESS +#define CKR_ARGUMENTS_BAD CRYPTO_ARGUMENTS_BAD +#define CKR_ATTRIBUTE_VALUE_INVALID CRYPTO_ATTRIBUTE_VALUE_INVALID +#define CKR_DEVICE_ERROR CRYPTO_DEVICE_ERROR +#define CKR_GENERAL_ERROR CRYPTO_GENERAL_ERROR +#define CKR_HOST_MEMORY CRYPTO_HOST_MEMORY +#define CKR_KEY_SIZE_RANGE CRYPTO_KEY_SIZE_RANGE +#define CKR_SIGNATURE_INVALID CRYPTO_SIGNATURE_INVALID + +int random_get_bytes(uint8_t *ran_out, size_t ran_len); +int random_get_pseudo_bytes(uint8_t *ran_out, size_t ran_len); + +#else + +#include <security/cryptoki.h> +#include <security/pkcs11t.h> + +#endif /* _KERNEL */ + + +/* DSA key using BIGNUM representations */ +typedef struct { + int size; /* key size in bits */ + BIGNUM p; /* p (<size-bit> prime) */ + BIGNUM q; /* q (160-bit prime) */ + BIGNUM g; /* g (the base) */ + BIGNUM x; /* private key (< q) */ + BIGNUM y; /* = g^x mod p */ + BIGNUM k; /* k (random number < q) */ + BIGNUM r; /* r (signature 1st part) */ + BIGNUM s; /* s (signature 2st part) */ + BIGNUM v; /* v (verification value - should be = r) */ + BIGNUM p_rr; /* 2^(2*(32*p->len)) mod p */ + BIGNUM q_rr; /* 2^(2*(32*q->len)) mod q */ +} DSAkey; + +/* DSA key using byte string representations, useful for parameter lists */ +typedef struct { + uint32_t prime_bits; /* size */ + uchar_t *prime; /* p */ + uint32_t subprime_bits; /* = 160 */ + uchar_t *subprime; /* q */ + uint32_t base_bytes; + uchar_t *base; /* g */ + uchar_t *private_x; /* x */ + uint32_t private_x_bits; + uchar_t *public_y; /* y */ + uint32_t public_y_bits; + uchar_t *signature; /* concat(r, s) */ + int (*rfunc)(void *, size_t); /* random function */ +} DSAbytekey; + + +CK_RV dsa_genkey_pair(DSAbytekey *bkey); + +CK_RV dsa_sign(DSAbytekey *bkey, uchar_t *msg, uint32_t msglen, uchar_t *sig); + +CK_RV dsa_verify(DSAbytekey *bkey, uchar_t *msg, uchar_t *sig); + + +/* + * The following definitions and declarations are only used by DSA FIPS POST + */ +#ifdef _DSA_FIPS_POST + +/* DSA FIPS Declarations */ +#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ +#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ +#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ +#define FIPS_DSA_SEED_LENGTH 20 /* 160-bits */ +#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ +#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ + +/* DSA FIPS functions */ +extern int fips_dsa_post(void); +extern int fips_dsa_genkey_pair(DSAbytekey *); +extern int fips_dsa_digest_sign(DSAbytekey *, uint8_t *, uint32_t, uint8_t *); +extern int fips_dsa_verify(DSAbytekey *, uint8_t *, uint8_t *); + +#endif /* _DSA_FIPS_POST */ + +#ifdef __cplusplus +} +#endif + +#endif /* _DSA_IMPL_H */ |