92 return (CKR_HOST_MEMORY);
93
94 case BIG_NO_RANDOM:
95 return (CKR_DEVICE_ERROR);
96
97 case BIG_INVALID_ARGS:
98 return (CKR_ARGUMENTS_BAD);
99
100 case BIG_DIV_BY_0:
101 default:
102 return (CKR_GENERAL_ERROR);
103 }
104 }
105
106 /* psize and qsize are in bits */
107 static BIG_ERR_CODE
108 RSA_key_init(RSAkey *key, int psize, int qsize)
109 {
110 BIG_ERR_CODE err = BIG_OK;
111
112 /* EXPORT DELETE START */
113
114 int plen, qlen, nlen;
115
116 plen = BITLEN2BIGNUMLEN(psize);
117 qlen = BITLEN2BIGNUMLEN(qsize);
118 nlen = plen + qlen;
119 key->size = psize + qsize;
120 if ((err = big_init(&(key->p), plen)) != BIG_OK)
121 return (err);
122 if ((err = big_init(&(key->q), qlen)) != BIG_OK)
123 goto ret1;
124 if ((err = big_init(&(key->n), nlen)) != BIG_OK)
125 goto ret2;
126 if ((err = big_init(&(key->d), nlen)) != BIG_OK)
127 goto ret3;
128 if ((err = big_init(&(key->e), nlen)) != BIG_OK)
129 goto ret4;
130 if ((err = big_init(&(key->dmodpminus1), plen)) != BIG_OK)
131 goto ret5;
132 if ((err = big_init(&(key->dmodqminus1), qlen)) != BIG_OK)
133 goto ret6;
146 big_finish(&(key->q_rr));
147 ret9:
148 big_finish(&(key->p_rr));
149 ret8:
150 big_finish(&(key->pinvmodq));
151 ret7:
152 big_finish(&(key->dmodqminus1));
153 ret6:
154 big_finish(&(key->dmodpminus1));
155 ret5:
156 big_finish(&(key->e));
157 ret4:
158 big_finish(&(key->d));
159 ret3:
160 big_finish(&(key->n));
161 ret2:
162 big_finish(&(key->q));
163 ret1:
164 big_finish(&(key->p));
165
166 /* EXPORT DELETE END */
167
168 return (err);
169 }
170
171 static void
172 RSA_key_finish(RSAkey *key)
173 {
174
175 /* EXPORT DELETE START */
176
177 big_finish(&(key->n_rr));
178 big_finish(&(key->q_rr));
179 big_finish(&(key->p_rr));
180 big_finish(&(key->pinvmodq));
181 big_finish(&(key->dmodqminus1));
182 big_finish(&(key->dmodpminus1));
183 big_finish(&(key->e));
184 big_finish(&(key->d));
185 big_finish(&(key->n));
186 big_finish(&(key->q));
187 big_finish(&(key->p));
188
189 /* EXPORT DELETE END */
190
191 }
192
193 /*
194 * Generate RSA key
195 */
196 static CK_RV
197 generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM *pubexp,
198 int (*rfunc)(void *, size_t))
199 {
200 CK_RV rv = CKR_OK;
201
202 /* EXPORT DELETE START */
203
204 int (*rf)(void *, size_t);
205 BIGNUM a, b, c, d, e, f, g, h;
206 int len, keylen, size;
207 BIG_ERR_CODE brv = BIG_OK;
208
209 size = psize + qsize;
210 keylen = BITLEN2BIGNUMLEN(size);
211 len = keylen * 2 + 1;
212 key->size = size;
213
214 /*
215 * Note: It is not really necessary to compute e, it is in pubexp:
216 * (void) big_copy(&(key->e), pubexp);
217 */
218
219 a.malloced = 0;
220 b.malloced = 0;
221 c.malloced = 0;
222 d.malloced = 0;
223 e.malloced = 0;
362 if (big_cmp_abs(&b, &h) != 0) {
363 /* this should not happen */
364 rv = generate_rsa_key(key, psize, qsize, pubexp, rf);
365 goto ret1;
366 } else {
367 brv = BIG_OK;
368 }
369
370 ret:
371 rv = convert_rv(brv);
372 ret1:
373 big_finish(&h);
374 big_finish(&g);
375 big_finish(&f);
376 big_finish(&e);
377 big_finish(&d);
378 big_finish(&c);
379 big_finish(&b);
380 big_finish(&a);
381
382 /* EXPORT DELETE END */
383
384 return (rv);
385 }
386
387 CK_RV
388 rsa_genkey_pair(RSAbytekey *bkey)
389 {
390 /*
391 * NOTE: Whomever originally wrote this function swapped p and q.
392 * This table shows the mapping between name convention used here
393 * versus what is used in most texts that describe RSA key generation.
394 * This function: Standard convention:
395 * -------------- --------------------
396 * modulus, n -same-
397 * prime 1, q prime 1, p
398 * prime 2, p prime 2, q
399 * private exponent, d -same-
400 * public exponent, e -same-
401 * exponent 1, d mod (q-1) d mod (p-1)
402 * exponent 2, d mod (p-1) d mod (q-1)
403 * coefficient, p^-1 mod q q^-1 mod p
404 *
405 * Also notice the struct member for coefficient is named .pinvmodq
406 * rather than .qinvmodp, reflecting the switch.
407 *
408 * The code here wasn't unswapped, because "it works". Further,
409 * p and q are interchangeable as long as exponent 1 and 2 and
410 * the coefficient are kept straight too. This note is here to
411 * make the reader aware of the switcheroo.
412 */
413 CK_RV rv = CKR_OK;
414
415 /* EXPORT DELETE START */
416
417 BIGNUM public_exponent = {0};
418 RSAkey rsakey;
419 uint32_t modulus_bytes;
420
421 if (bkey == NULL)
422 return (CKR_ARGUMENTS_BAD);
423
424 /* Must have modulus bits set */
425 if (bkey->modulus_bits == 0)
426 return (CKR_ARGUMENTS_BAD);
427
428 /* Must have public exponent set */
429 if (bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
430 return (CKR_ARGUMENTS_BAD);
431
432 /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
433 modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
434
435 /* Modulus length needs to be between min key size and max key size. */
436 if ((modulus_bytes < MIN_RSA_KEYLENGTH_IN_BYTES) ||
478 bkey->prime2_bytes = rsakey.p.len * (int)sizeof (BIG_CHUNK_TYPE);
479 bignum2bytestring(bkey->prime2, &(rsakey.p), bkey->prime2_bytes);
480
481 bkey->expo1_bytes =
482 rsakey.dmodqminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
483 bignum2bytestring(bkey->expo1, &(rsakey.dmodqminus1),
484 bkey->expo1_bytes);
485
486 bkey->expo2_bytes =
487 rsakey.dmodpminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
488 bignum2bytestring(bkey->expo2,
489 &(rsakey.dmodpminus1), bkey->expo2_bytes);
490
491 bkey->coeff_bytes =
492 rsakey.pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE);
493 bignum2bytestring(bkey->coeff, &(rsakey.pinvmodq), bkey->coeff_bytes);
494
495 clean1:
496 RSA_key_finish(&rsakey);
497
498 /* EXPORT DELETE END */
499
500 return (rv);
501 }
502
503 /*
504 * RSA encrypt operation
505 */
506 CK_RV
507 rsa_encrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
508 {
509 CK_RV rv = CKR_OK;
510
511 /* EXPORT DELETE START */
512
513 BIGNUM msg;
514 RSAkey rsakey;
515 uint32_t modulus_bytes;
516
517 if (bkey == NULL)
518 return (CKR_ARGUMENTS_BAD);
519
520 /* Must have modulus and public exponent set */
521 if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
522 bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
523 return (CKR_ARGUMENTS_BAD);
524
525 /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
526 modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
527
528 if (bkey->pubexpo_bytes > modulus_bytes) {
529 return (CKR_KEY_SIZE_RANGE);
530 }
531
532 /* psize and qsize for RSA_key_init is in bits. */
549 if (big_cmp_abs(&msg, &(rsakey.n)) > 0) {
550 rv = CKR_DATA_LEN_RANGE;
551 goto clean3;
552 }
553
554 /* Perform RSA computation on big integer input data. */
555 if (big_modexp(&msg, &msg, &(rsakey.e), &(rsakey.n), NULL) !=
556 BIG_OK) {
557 rv = CKR_HOST_MEMORY;
558 goto clean3;
559 }
560
561 /* Convert the big integer output data to octet string. */
562 bignum2bytestring(out, &msg, modulus_bytes);
563
564 clean3:
565 big_finish(&msg);
566 clean2:
567 RSA_key_finish(&rsakey);
568
569 /* EXPORT DELETE END */
570
571 return (rv);
572 }
573
574 /*
575 * RSA decrypt operation
576 */
577 CK_RV
578 rsa_decrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
579 {
580 CK_RV rv = CKR_OK;
581
582 /* EXPORT DELETE START */
583
584 BIGNUM msg;
585 RSAkey rsakey;
586 uint32_t modulus_bytes;
587
588 if (bkey == NULL)
589 return (CKR_ARGUMENTS_BAD);
590
591 /* Must have modulus, prime1, prime2, expo1, expo2, and coeff set */
592 if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
593 bkey->prime1_bytes == 0 || bkey->prime1 == NULL ||
594 bkey->prime2_bytes == 0 || bkey->prime2 == NULL ||
595 bkey->expo1_bytes == 0 || bkey->expo1 == NULL ||
596 bkey->expo2_bytes == 0 || bkey->expo2 == NULL ||
597 bkey->coeff_bytes == 0 || bkey->coeff == NULL)
598 return (CKR_ARGUMENTS_BAD);
599
600 /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
601 modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
602
603 /* psize and qsize for RSA_key_init is in bits. */
638 rv = CKR_KEY_SIZE_RANGE;
639 goto clean4;
640 }
641
642 /* Perform RSA computation on big integer input data. */
643 if (big_modexp_crt(&msg, &msg, &(rsakey.dmodpminus1),
644 &(rsakey.dmodqminus1), &(rsakey.p), &(rsakey.q),
645 &(rsakey.pinvmodq), NULL, NULL) != BIG_OK) {
646 rv = CKR_HOST_MEMORY;
647 goto clean4;
648 }
649
650 /* Convert the big integer output data to octet string. */
651 bignum2bytestring(out, &msg, modulus_bytes);
652
653 clean4:
654 big_finish(&msg);
655 clean3:
656 RSA_key_finish(&rsakey);
657
658 /* EXPORT DELETE END */
659
660 return (rv);
661 }
|
92 return (CKR_HOST_MEMORY);
93
94 case BIG_NO_RANDOM:
95 return (CKR_DEVICE_ERROR);
96
97 case BIG_INVALID_ARGS:
98 return (CKR_ARGUMENTS_BAD);
99
100 case BIG_DIV_BY_0:
101 default:
102 return (CKR_GENERAL_ERROR);
103 }
104 }
105
106 /* psize and qsize are in bits */
107 static BIG_ERR_CODE
108 RSA_key_init(RSAkey *key, int psize, int qsize)
109 {
110 BIG_ERR_CODE err = BIG_OK;
111
112 int plen, qlen, nlen;
113
114 plen = BITLEN2BIGNUMLEN(psize);
115 qlen = BITLEN2BIGNUMLEN(qsize);
116 nlen = plen + qlen;
117 key->size = psize + qsize;
118 if ((err = big_init(&(key->p), plen)) != BIG_OK)
119 return (err);
120 if ((err = big_init(&(key->q), qlen)) != BIG_OK)
121 goto ret1;
122 if ((err = big_init(&(key->n), nlen)) != BIG_OK)
123 goto ret2;
124 if ((err = big_init(&(key->d), nlen)) != BIG_OK)
125 goto ret3;
126 if ((err = big_init(&(key->e), nlen)) != BIG_OK)
127 goto ret4;
128 if ((err = big_init(&(key->dmodpminus1), plen)) != BIG_OK)
129 goto ret5;
130 if ((err = big_init(&(key->dmodqminus1), qlen)) != BIG_OK)
131 goto ret6;
144 big_finish(&(key->q_rr));
145 ret9:
146 big_finish(&(key->p_rr));
147 ret8:
148 big_finish(&(key->pinvmodq));
149 ret7:
150 big_finish(&(key->dmodqminus1));
151 ret6:
152 big_finish(&(key->dmodpminus1));
153 ret5:
154 big_finish(&(key->e));
155 ret4:
156 big_finish(&(key->d));
157 ret3:
158 big_finish(&(key->n));
159 ret2:
160 big_finish(&(key->q));
161 ret1:
162 big_finish(&(key->p));
163
164 return (err);
165 }
166
167 static void
168 RSA_key_finish(RSAkey *key)
169 {
170 big_finish(&(key->n_rr));
171 big_finish(&(key->q_rr));
172 big_finish(&(key->p_rr));
173 big_finish(&(key->pinvmodq));
174 big_finish(&(key->dmodqminus1));
175 big_finish(&(key->dmodpminus1));
176 big_finish(&(key->e));
177 big_finish(&(key->d));
178 big_finish(&(key->n));
179 big_finish(&(key->q));
180 big_finish(&(key->p));
181 }
182
183 /*
184 * Generate RSA key
185 */
186 static CK_RV
187 generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM *pubexp,
188 int (*rfunc)(void *, size_t))
189 {
190 CK_RV rv = CKR_OK;
191
192 int (*rf)(void *, size_t);
193 BIGNUM a, b, c, d, e, f, g, h;
194 int len, keylen, size;
195 BIG_ERR_CODE brv = BIG_OK;
196
197 size = psize + qsize;
198 keylen = BITLEN2BIGNUMLEN(size);
199 len = keylen * 2 + 1;
200 key->size = size;
201
202 /*
203 * Note: It is not really necessary to compute e, it is in pubexp:
204 * (void) big_copy(&(key->e), pubexp);
205 */
206
207 a.malloced = 0;
208 b.malloced = 0;
209 c.malloced = 0;
210 d.malloced = 0;
211 e.malloced = 0;
350 if (big_cmp_abs(&b, &h) != 0) {
351 /* this should not happen */
352 rv = generate_rsa_key(key, psize, qsize, pubexp, rf);
353 goto ret1;
354 } else {
355 brv = BIG_OK;
356 }
357
358 ret:
359 rv = convert_rv(brv);
360 ret1:
361 big_finish(&h);
362 big_finish(&g);
363 big_finish(&f);
364 big_finish(&e);
365 big_finish(&d);
366 big_finish(&c);
367 big_finish(&b);
368 big_finish(&a);
369
370 return (rv);
371 }
372
373 CK_RV
374 rsa_genkey_pair(RSAbytekey *bkey)
375 {
376 /*
377 * NOTE: Whomever originally wrote this function swapped p and q.
378 * This table shows the mapping between name convention used here
379 * versus what is used in most texts that describe RSA key generation.
380 * This function: Standard convention:
381 * -------------- --------------------
382 * modulus, n -same-
383 * prime 1, q prime 1, p
384 * prime 2, p prime 2, q
385 * private exponent, d -same-
386 * public exponent, e -same-
387 * exponent 1, d mod (q-1) d mod (p-1)
388 * exponent 2, d mod (p-1) d mod (q-1)
389 * coefficient, p^-1 mod q q^-1 mod p
390 *
391 * Also notice the struct member for coefficient is named .pinvmodq
392 * rather than .qinvmodp, reflecting the switch.
393 *
394 * The code here wasn't unswapped, because "it works". Further,
395 * p and q are interchangeable as long as exponent 1 and 2 and
396 * the coefficient are kept straight too. This note is here to
397 * make the reader aware of the switcheroo.
398 */
399 CK_RV rv = CKR_OK;
400
401 BIGNUM public_exponent = {0};
402 RSAkey rsakey;
403 uint32_t modulus_bytes;
404
405 if (bkey == NULL)
406 return (CKR_ARGUMENTS_BAD);
407
408 /* Must have modulus bits set */
409 if (bkey->modulus_bits == 0)
410 return (CKR_ARGUMENTS_BAD);
411
412 /* Must have public exponent set */
413 if (bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
414 return (CKR_ARGUMENTS_BAD);
415
416 /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
417 modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
418
419 /* Modulus length needs to be between min key size and max key size. */
420 if ((modulus_bytes < MIN_RSA_KEYLENGTH_IN_BYTES) ||
462 bkey->prime2_bytes = rsakey.p.len * (int)sizeof (BIG_CHUNK_TYPE);
463 bignum2bytestring(bkey->prime2, &(rsakey.p), bkey->prime2_bytes);
464
465 bkey->expo1_bytes =
466 rsakey.dmodqminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
467 bignum2bytestring(bkey->expo1, &(rsakey.dmodqminus1),
468 bkey->expo1_bytes);
469
470 bkey->expo2_bytes =
471 rsakey.dmodpminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
472 bignum2bytestring(bkey->expo2,
473 &(rsakey.dmodpminus1), bkey->expo2_bytes);
474
475 bkey->coeff_bytes =
476 rsakey.pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE);
477 bignum2bytestring(bkey->coeff, &(rsakey.pinvmodq), bkey->coeff_bytes);
478
479 clean1:
480 RSA_key_finish(&rsakey);
481
482 return (rv);
483 }
484
485 /*
486 * RSA encrypt operation
487 */
488 CK_RV
489 rsa_encrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
490 {
491 CK_RV rv = CKR_OK;
492
493 BIGNUM msg;
494 RSAkey rsakey;
495 uint32_t modulus_bytes;
496
497 if (bkey == NULL)
498 return (CKR_ARGUMENTS_BAD);
499
500 /* Must have modulus and public exponent set */
501 if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
502 bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
503 return (CKR_ARGUMENTS_BAD);
504
505 /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
506 modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
507
508 if (bkey->pubexpo_bytes > modulus_bytes) {
509 return (CKR_KEY_SIZE_RANGE);
510 }
511
512 /* psize and qsize for RSA_key_init is in bits. */
529 if (big_cmp_abs(&msg, &(rsakey.n)) > 0) {
530 rv = CKR_DATA_LEN_RANGE;
531 goto clean3;
532 }
533
534 /* Perform RSA computation on big integer input data. */
535 if (big_modexp(&msg, &msg, &(rsakey.e), &(rsakey.n), NULL) !=
536 BIG_OK) {
537 rv = CKR_HOST_MEMORY;
538 goto clean3;
539 }
540
541 /* Convert the big integer output data to octet string. */
542 bignum2bytestring(out, &msg, modulus_bytes);
543
544 clean3:
545 big_finish(&msg);
546 clean2:
547 RSA_key_finish(&rsakey);
548
549 return (rv);
550 }
551
552 /*
553 * RSA decrypt operation
554 */
555 CK_RV
556 rsa_decrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
557 {
558 CK_RV rv = CKR_OK;
559
560 BIGNUM msg;
561 RSAkey rsakey;
562 uint32_t modulus_bytes;
563
564 if (bkey == NULL)
565 return (CKR_ARGUMENTS_BAD);
566
567 /* Must have modulus, prime1, prime2, expo1, expo2, and coeff set */
568 if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
569 bkey->prime1_bytes == 0 || bkey->prime1 == NULL ||
570 bkey->prime2_bytes == 0 || bkey->prime2 == NULL ||
571 bkey->expo1_bytes == 0 || bkey->expo1 == NULL ||
572 bkey->expo2_bytes == 0 || bkey->expo2 == NULL ||
573 bkey->coeff_bytes == 0 || bkey->coeff == NULL)
574 return (CKR_ARGUMENTS_BAD);
575
576 /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
577 modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
578
579 /* psize and qsize for RSA_key_init is in bits. */
614 rv = CKR_KEY_SIZE_RANGE;
615 goto clean4;
616 }
617
618 /* Perform RSA computation on big integer input data. */
619 if (big_modexp_crt(&msg, &msg, &(rsakey.dmodpminus1),
620 &(rsakey.dmodqminus1), &(rsakey.p), &(rsakey.q),
621 &(rsakey.pinvmodq), NULL, NULL) != BIG_OK) {
622 rv = CKR_HOST_MEMORY;
623 goto clean4;
624 }
625
626 /* Convert the big integer output data to octet string. */
627 bignum2bytestring(out, &msg, modulus_bytes);
628
629 clean4:
630 big_finish(&msg);
631 clean3:
632 RSA_key_finish(&rsakey);
633
634 return (rv);
635 }
|