Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/crypto/io/rsa.c
+++ new/usr/src/uts/common/crypto/io/rsa.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 */
25 25
26 26 /*
27 27 * RSA provider for the Kernel Cryptographic Framework (KCF)
28 28 */
29 29
30 30 #include <sys/types.h>
31 31 #include <sys/systm.h>
32 32 #include <sys/modctl.h>
33 33 #include <sys/cmn_err.h>
34 34 #include <sys/ddi.h>
35 35 #include <sys/crypto/spi.h>
36 36 #include <sys/sysmacros.h>
37 37 #include <sys/strsun.h>
38 38 #include <sys/md5.h>
39 39 #include <sys/sha1.h>
40 40 #define _SHA2_IMPL
41 41 #include <sys/sha2.h>
42 42 #include <sys/random.h>
43 43 #include <sys/crypto/impl.h>
44 44 #include <sha1/sha1_impl.h>
45 45 #include <sha2/sha2_impl.h>
46 46 #include <padding/padding.h>
47 47 #include <rsa/rsa_impl.h>
48 48
49 49 extern struct mod_ops mod_cryptoops;
50 50
51 51 /*
52 52 * Module linkage information for the kernel.
53 53 */
54 54 static struct modlcrypto modlcrypto = {
55 55 &mod_cryptoops,
56 56 "RSA Kernel SW Provider"
57 57 };
58 58
59 59 static struct modlinkage modlinkage = {
60 60 MODREV_1,
61 61 (void *)&modlcrypto,
62 62 NULL
63 63 };
64 64
65 65 /*
66 66 * CSPI information (entry points, provider info, etc.)
67 67 */
68 68 typedef enum rsa_mech_type {
69 69 RSA_PKCS_MECH_INFO_TYPE, /* SUN_CKM_RSA_PKCS */
70 70 RSA_X_509_MECH_INFO_TYPE, /* SUN_CKM_RSA_X_509 */
71 71 MD5_RSA_PKCS_MECH_INFO_TYPE, /* SUN_MD5_RSA_PKCS */
72 72 SHA1_RSA_PKCS_MECH_INFO_TYPE, /* SUN_SHA1_RSA_PKCS */
73 73 SHA256_RSA_PKCS_MECH_INFO_TYPE, /* SUN_SHA256_RSA_PKCS */
74 74 SHA384_RSA_PKCS_MECH_INFO_TYPE, /* SUN_SHA384_RSA_PKCS */
75 75 SHA512_RSA_PKCS_MECH_INFO_TYPE /* SUN_SHA512_RSA_PKCS */
76 76 } rsa_mech_type_t;
77 77
78 78 /*
79 79 * Context for RSA_PKCS and RSA_X_509 mechanisms.
80 80 */
81 81 typedef struct rsa_ctx {
82 82 rsa_mech_type_t mech_type;
83 83 crypto_key_t *key;
84 84 size_t keychunk_size;
85 85 } rsa_ctx_t;
86 86
87 87 /*
88 88 * Context for MD5_RSA_PKCS and SHA*_RSA_PKCS mechanisms.
89 89 */
90 90 typedef struct digest_rsa_ctx {
91 91 rsa_mech_type_t mech_type;
92 92 crypto_key_t *key;
93 93 size_t keychunk_size;
94 94 union {
95 95 MD5_CTX md5ctx;
96 96 SHA1_CTX sha1ctx;
97 97 SHA2_CTX sha2ctx;
98 98 } dctx_u;
99 99 } digest_rsa_ctx_t;
100 100
101 101 #define md5_ctx dctx_u.md5ctx
102 102 #define sha1_ctx dctx_u.sha1ctx
103 103 #define sha2_ctx dctx_u.sha2ctx
104 104
105 105 /*
106 106 * Mechanism info structure passed to KCF during registration.
107 107 */
108 108 static crypto_mech_info_t rsa_mech_info_tab[] = {
109 109 /* RSA_PKCS */
110 110 {SUN_CKM_RSA_PKCS, RSA_PKCS_MECH_INFO_TYPE,
111 111 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
112 112 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC |
113 113 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
114 114 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
115 115 CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
116 116 CRYPTO_FG_VERIFY_RECOVER | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
117 117 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
118 118
119 119 /* RSA_X_509 */
120 120 {SUN_CKM_RSA_X_509, RSA_X_509_MECH_INFO_TYPE,
121 121 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
122 122 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC |
123 123 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
124 124 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
125 125 CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
126 126 CRYPTO_FG_VERIFY_RECOVER | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
127 127 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
128 128
129 129 /* MD5_RSA_PKCS */
130 130 {SUN_CKM_MD5_RSA_PKCS, MD5_RSA_PKCS_MECH_INFO_TYPE,
131 131 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
132 132 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
133 133 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
134 134
135 135 /* SHA1_RSA_PKCS */
136 136 {SUN_CKM_SHA1_RSA_PKCS, SHA1_RSA_PKCS_MECH_INFO_TYPE,
137 137 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
138 138 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
139 139 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
140 140
141 141 /* SHA256_RSA_PKCS */
142 142 {SUN_CKM_SHA256_RSA_PKCS, SHA256_RSA_PKCS_MECH_INFO_TYPE,
143 143 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
144 144 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
145 145 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
146 146
147 147 /* SHA384_RSA_PKCS */
148 148 {SUN_CKM_SHA384_RSA_PKCS, SHA384_RSA_PKCS_MECH_INFO_TYPE,
149 149 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
150 150 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
151 151 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
152 152
153 153 /* SHA512_RSA_PKCS */
154 154 {SUN_CKM_SHA512_RSA_PKCS, SHA512_RSA_PKCS_MECH_INFO_TYPE,
155 155 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
156 156 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
157 157 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS}
158 158
159 159 };
160 160
161 161 #define RSA_VALID_MECH(mech) \
162 162 (((mech)->cm_type == RSA_PKCS_MECH_INFO_TYPE || \
163 163 (mech)->cm_type == RSA_X_509_MECH_INFO_TYPE || \
164 164 (mech)->cm_type == MD5_RSA_PKCS_MECH_INFO_TYPE || \
165 165 (mech)->cm_type == SHA1_RSA_PKCS_MECH_INFO_TYPE || \
166 166 (mech)->cm_type == SHA256_RSA_PKCS_MECH_INFO_TYPE || \
167 167 (mech)->cm_type == SHA384_RSA_PKCS_MECH_INFO_TYPE || \
168 168 (mech)->cm_type == SHA512_RSA_PKCS_MECH_INFO_TYPE) ? 1 : 0)
169 169
170 170 /* operations are in-place if the output buffer is NULL */
171 171 #define RSA_ARG_INPLACE(input, output) \
172 172 if ((output) == NULL) \
173 173 (output) = (input);
174 174
175 175 static void rsa_provider_status(crypto_provider_handle_t, uint_t *);
176 176
177 177 static crypto_control_ops_t rsa_control_ops = {
178 178 rsa_provider_status
179 179 };
180 180
181 181 static int rsa_common_init(crypto_ctx_t *, crypto_mechanism_t *,
182 182 crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
183 183 static int rsaprov_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
184 184 crypto_req_handle_t);
185 185 static int rsa_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
186 186 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
187 187 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
188 188 static int rsaprov_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
189 189 crypto_req_handle_t);
190 190 static int rsa_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
191 191 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
192 192 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
193 193
194 194 /*
195 195 * The RSA mechanisms do not have multiple-part cipher operations.
196 196 * So, the update and final routines are set to NULL.
197 197 */
198 198 static crypto_cipher_ops_t rsa_cipher_ops = {
199 199 rsa_common_init,
200 200 rsaprov_encrypt,
201 201 NULL,
202 202 NULL,
203 203 rsa_encrypt_atomic,
204 204 rsa_common_init,
205 205 rsaprov_decrypt,
206 206 NULL,
207 207 NULL,
208 208 rsa_decrypt_atomic
209 209 };
210 210
211 211 static int rsa_sign_verify_common_init(crypto_ctx_t *, crypto_mechanism_t *,
212 212 crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
213 213 static int rsaprov_sign(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
214 214 crypto_req_handle_t);
215 215 static int rsa_sign_update(crypto_ctx_t *, crypto_data_t *,
216 216 crypto_req_handle_t);
217 217 static int rsa_sign_final(crypto_ctx_t *, crypto_data_t *,
218 218 crypto_req_handle_t);
219 219 static int rsa_sign_atomic(crypto_provider_handle_t, crypto_session_id_t,
220 220 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
221 221 crypto_spi_ctx_template_t, crypto_req_handle_t);
222 222
223 223 /*
224 224 * We use the same routine for sign_init and sign_recover_init fields
225 225 * as they do the same thing. Same holds for sign and sign_recover fields,
226 226 * and sign_atomic and sign_recover_atomic fields.
227 227 */
228 228 static crypto_sign_ops_t rsa_sign_ops = {
229 229 rsa_sign_verify_common_init,
230 230 rsaprov_sign,
231 231 rsa_sign_update,
232 232 rsa_sign_final,
233 233 rsa_sign_atomic,
234 234 rsa_sign_verify_common_init,
235 235 rsaprov_sign,
236 236 rsa_sign_atomic
237 237 };
238 238
239 239 static int rsaprov_verify(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
240 240 crypto_req_handle_t);
241 241 static int rsa_verify_update(crypto_ctx_t *, crypto_data_t *,
242 242 crypto_req_handle_t);
243 243 static int rsa_verify_final(crypto_ctx_t *, crypto_data_t *,
244 244 crypto_req_handle_t);
245 245 static int rsa_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
246 246 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
247 247 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
248 248 static int rsa_verify_recover(crypto_ctx_t *, crypto_data_t *,
249 249 crypto_data_t *, crypto_req_handle_t);
250 250 static int rsa_verify_recover_atomic(crypto_provider_handle_t,
251 251 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
252 252 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
253 253 crypto_req_handle_t);
254 254
255 255 /*
256 256 * We use the same routine (rsa_sign_verify_common_init) for verify_init
257 257 * and verify_recover_init fields as they do the same thing.
258 258 */
259 259 static crypto_verify_ops_t rsa_verify_ops = {
260 260 rsa_sign_verify_common_init,
261 261 rsaprov_verify,
262 262 rsa_verify_update,
263 263 rsa_verify_final,
264 264 rsa_verify_atomic,
265 265 rsa_sign_verify_common_init,
266 266 rsa_verify_recover,
267 267 rsa_verify_recover_atomic
268 268 };
269 269
270 270 static int rsa_free_context(crypto_ctx_t *);
271 271
272 272 static crypto_ctx_ops_t rsa_ctx_ops = {
273 273 NULL,
274 274 rsa_free_context
275 275 };
276 276
277 277 static crypto_ops_t rsa_crypto_ops = {
278 278 &rsa_control_ops,
279 279 NULL,
280 280 &rsa_cipher_ops,
281 281 NULL,
282 282 &rsa_sign_ops,
283 283 &rsa_verify_ops,
284 284 NULL,
285 285 NULL,
286 286 NULL,
287 287 NULL,
288 288 NULL,
289 289 NULL,
290 290 NULL,
291 291 &rsa_ctx_ops,
292 292 NULL,
293 293 NULL,
294 294 NULL,
295 295 };
296 296
297 297 static crypto_provider_info_t rsa_prov_info = {
298 298 CRYPTO_SPI_VERSION_4,
299 299 "RSA Software Provider",
300 300 CRYPTO_SW_PROVIDER,
301 301 {&modlinkage},
302 302 NULL,
303 303 &rsa_crypto_ops,
304 304 sizeof (rsa_mech_info_tab)/sizeof (crypto_mech_info_t),
305 305 rsa_mech_info_tab
306 306 };
307 307
↓ open down ↓ |
307 lines elided |
↑ open up ↑ |
308 308 static int rsa_encrypt_common(rsa_mech_type_t, crypto_key_t *,
309 309 crypto_data_t *, crypto_data_t *);
310 310 static int rsa_decrypt_common(rsa_mech_type_t, crypto_key_t *,
311 311 crypto_data_t *, crypto_data_t *);
312 312 static int rsa_sign_common(rsa_mech_type_t, crypto_key_t *,
313 313 crypto_data_t *, crypto_data_t *);
314 314 static int rsa_verify_common(rsa_mech_type_t, crypto_key_t *,
315 315 crypto_data_t *, crypto_data_t *);
316 316 static int compare_data(crypto_data_t *, uchar_t *);
317 317
318 -/* EXPORT DELETE START */
319 -
320 318 static int core_rsa_encrypt(crypto_key_t *, uchar_t *, int, uchar_t *, int);
321 319 static int core_rsa_decrypt(crypto_key_t *, uchar_t *, int, uchar_t *);
322 320
323 -/* EXPORT DELETE END */
324 -
325 321 static crypto_kcf_provider_handle_t rsa_prov_handle = NULL;
326 322
327 323 int
328 324 _init(void)
329 325 {
330 326 int ret;
331 327
332 328 if ((ret = mod_install(&modlinkage)) != 0)
333 329 return (ret);
334 330
335 331 /* Register with KCF. If the registration fails, remove the module. */
336 332 if (crypto_register_provider(&rsa_prov_info, &rsa_prov_handle)) {
337 333 (void) mod_remove(&modlinkage);
338 334 return (EACCES);
339 335 }
340 336
341 337 return (0);
342 338 }
343 339
344 340 int
345 341 _fini(void)
346 342 {
347 343 /* Unregister from KCF if module is registered */
348 344 if (rsa_prov_handle != NULL) {
349 345 if (crypto_unregister_provider(rsa_prov_handle))
350 346 return (EBUSY);
351 347
352 348 rsa_prov_handle = NULL;
353 349 }
354 350
355 351 return (mod_remove(&modlinkage));
356 352 }
357 353
358 354 int
359 355 _info(struct modinfo *modinfop)
360 356 {
361 357 return (mod_info(&modlinkage, modinfop));
362 358 }
363 359
364 360 /* ARGSUSED */
365 361 static void
↓ open down ↓ |
31 lines elided |
↑ open up ↑ |
366 362 rsa_provider_status(crypto_provider_handle_t provider, uint_t *status)
367 363 {
368 364 *status = CRYPTO_PROVIDER_READY;
369 365 }
370 366
371 367 static int
372 368 check_mech_and_key(crypto_mechanism_t *mechanism, crypto_key_t *key)
373 369 {
374 370 int rv = CRYPTO_FAILED;
375 371
376 -/* EXPORT DELETE START */
377 -
378 372 uchar_t *modulus;
379 373 ssize_t modulus_len; /* In bytes */
380 374
381 375 if (!RSA_VALID_MECH(mechanism))
382 376 return (CRYPTO_MECHANISM_INVALID);
383 377
384 378 /*
385 379 * We only support RSA keys that are passed as a list of
386 380 * object attributes.
387 381 */
388 382 if (key->ck_format != CRYPTO_KEY_ATTR_LIST) {
389 383 return (CRYPTO_KEY_TYPE_INCONSISTENT);
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
390 384 }
391 385
392 386 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
393 387 &modulus_len)) != CRYPTO_SUCCESS) {
394 388 return (rv);
395 389 }
396 390 if (modulus_len < MIN_RSA_KEYLENGTH_IN_BYTES ||
397 391 modulus_len > MAX_RSA_KEYLENGTH_IN_BYTES)
398 392 return (CRYPTO_KEY_SIZE_RANGE);
399 393
400 -/* EXPORT DELETE END */
401 -
402 394 return (rv);
403 395 }
404 396
405 397 void
406 398 kmemset(uint8_t *buf, char pattern, size_t len)
407 399 {
408 400 int i = 0;
409 401
410 402 while (i < len)
411 403 buf[i++] = pattern;
412 404 }
413 405
414 406 /*
415 407 * This function guarantees to return non-zero random numbers.
416 408 * This is needed as the /dev/urandom kernel interface,
417 409 * random_get_pseudo_bytes(), may return zeros.
418 410 */
419 411 int
420 412 knzero_random_generator(uint8_t *ran_out, size_t ran_len)
421 413 {
422 414 int rv;
423 415 size_t ebc = 0; /* count of extra bytes in extrarand */
424 416 size_t i = 0;
425 417 uint8_t extrarand[32];
426 418 size_t extrarand_len;
427 419
428 420 if ((rv = random_get_pseudo_bytes(ran_out, ran_len)) != 0)
429 421 return (rv);
430 422
431 423 /*
432 424 * Walk through the returned random numbers pointed by ran_out,
433 425 * and look for any random number which is zero.
434 426 * If we find zero, call random_get_pseudo_bytes() to generate
435 427 * another 32 random numbers pool. Replace any zeros in ran_out[]
436 428 * from the random number in pool.
437 429 */
438 430 while (i < ran_len) {
439 431 if (ran_out[i] != 0) {
440 432 i++;
441 433 continue;
442 434 }
443 435
444 436 /*
445 437 * Note that it is 'while' so we are guaranteed a
446 438 * non-zero value on exit.
447 439 */
448 440 if (ebc == 0) {
449 441 /* refresh extrarand */
450 442 extrarand_len = sizeof (extrarand);
451 443 if ((rv = random_get_pseudo_bytes(extrarand,
452 444 extrarand_len)) != 0) {
453 445 return (rv);
454 446 }
455 447
456 448 ebc = extrarand_len;
457 449 }
458 450 /* Replace zero with byte from extrarand. */
459 451 -- ebc;
460 452
461 453 /*
462 454 * The new random byte zero/non-zero will be checked in
463 455 * the next pass through the loop.
464 456 */
465 457 ran_out[i] = extrarand[ebc];
466 458 }
467 459
468 460 return (CRYPTO_SUCCESS);
469 461 }
470 462
471 463 static int
472 464 compare_data(crypto_data_t *data, uchar_t *buf)
473 465 {
474 466 int len;
475 467 uchar_t *dptr;
476 468
477 469 len = data->cd_length;
478 470 switch (data->cd_format) {
479 471 case CRYPTO_DATA_RAW:
480 472 dptr = (uchar_t *)(data->cd_raw.iov_base +
481 473 data->cd_offset);
482 474
483 475 return (bcmp(dptr, buf, len));
484 476
485 477 case CRYPTO_DATA_UIO:
486 478 return (crypto_uio_data(data, buf, len,
487 479 COMPARE_TO_DATA, NULL, NULL));
488 480
489 481 case CRYPTO_DATA_MBLK:
490 482 return (crypto_mblk_data(data, buf, len,
491 483 COMPARE_TO_DATA, NULL, NULL));
492 484 }
493 485
494 486 return (CRYPTO_FAILED);
495 487 }
496 488
497 489 /* ARGSUSED */
498 490 static int
499 491 rsa_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
500 492 crypto_key_t *key, crypto_spi_ctx_template_t template,
501 493 crypto_req_handle_t req)
502 494 {
503 495 int rv;
504 496 int kmflag;
505 497 rsa_ctx_t *ctxp;
506 498
507 499 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
508 500 return (rv);
509 501
510 502 /*
511 503 * Allocate a RSA context.
512 504 */
513 505 kmflag = crypto_kmflag(req);
514 506 if ((ctxp = kmem_zalloc(sizeof (rsa_ctx_t), kmflag)) == NULL)
515 507 return (CRYPTO_HOST_MEMORY);
516 508
517 509 if ((rv = crypto_copy_key_to_ctx(key, &ctxp->key, &ctxp->keychunk_size,
518 510 kmflag)) != CRYPTO_SUCCESS) {
519 511 kmem_free(ctxp, sizeof (rsa_ctx_t));
520 512 return (rv);
521 513 }
522 514 ctxp->mech_type = mechanism->cm_type;
523 515
524 516 ctx->cc_provider_private = ctxp;
525 517
526 518 return (CRYPTO_SUCCESS);
527 519 }
528 520
529 521 /* ARGSUSED */
530 522 static int
531 523 rsaprov_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
532 524 crypto_data_t *ciphertext, crypto_req_handle_t req)
533 525 {
534 526 int rv;
535 527 rsa_ctx_t *ctxp;
536 528
537 529 ASSERT(ctx->cc_provider_private != NULL);
538 530 ctxp = ctx->cc_provider_private;
539 531
540 532 RSA_ARG_INPLACE(plaintext, ciphertext);
541 533
542 534 /*
543 535 * Note on the KM_SLEEP flag passed to the routine below -
544 536 * rsaprov_encrypt() is a single-part encryption routine which is
545 537 * currently usable only by /dev/crypto. Since /dev/crypto calls are
546 538 * always synchronous, we can safely pass KM_SLEEP here.
547 539 */
548 540 rv = rsa_encrypt_common(ctxp->mech_type, ctxp->key, plaintext,
549 541 ciphertext);
550 542
551 543 if (rv != CRYPTO_BUFFER_TOO_SMALL)
552 544 (void) rsa_free_context(ctx);
553 545
554 546 return (rv);
555 547 }
556 548
557 549 /* ARGSUSED */
558 550 static int
559 551 rsa_encrypt_atomic(crypto_provider_handle_t provider,
560 552 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
561 553 crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
562 554 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
563 555 {
564 556 int rv;
565 557
566 558 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
567 559 return (rv);
568 560 RSA_ARG_INPLACE(plaintext, ciphertext);
569 561
570 562 return (rsa_encrypt_common(mechanism->cm_type, key, plaintext,
571 563 ciphertext));
572 564 }
573 565
574 566 static int
575 567 rsa_free_context(crypto_ctx_t *ctx)
576 568 {
577 569 rsa_ctx_t *ctxp = ctx->cc_provider_private;
578 570
579 571 if (ctxp != NULL) {
580 572 bzero(ctxp->key, ctxp->keychunk_size);
581 573 kmem_free(ctxp->key, ctxp->keychunk_size);
582 574
583 575 if (ctxp->mech_type == RSA_PKCS_MECH_INFO_TYPE ||
584 576 ctxp->mech_type == RSA_X_509_MECH_INFO_TYPE)
585 577 kmem_free(ctxp, sizeof (rsa_ctx_t));
586 578 else
587 579 kmem_free(ctxp, sizeof (digest_rsa_ctx_t));
588 580
589 581 ctx->cc_provider_private = NULL;
590 582 }
↓ open down ↓ |
179 lines elided |
↑ open up ↑ |
591 583
592 584 return (CRYPTO_SUCCESS);
593 585 }
594 586
595 587 static int
596 588 rsa_encrypt_common(rsa_mech_type_t mech_type, crypto_key_t *key,
597 589 crypto_data_t *plaintext, crypto_data_t *ciphertext)
598 590 {
599 591 int rv = CRYPTO_FAILED;
600 592
601 -/* EXPORT DELETE START */
602 -
603 593 int plen;
604 594 uchar_t *ptptr;
605 595 uchar_t *modulus;
606 596 ssize_t modulus_len;
607 597 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
608 598 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
609 599 uchar_t cipher_data[MAX_RSA_KEYLENGTH_IN_BYTES];
610 600
611 601 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
612 602 &modulus_len)) != CRYPTO_SUCCESS) {
613 603 return (rv);
614 604 }
615 605
616 606 plen = plaintext->cd_length;
617 607 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
618 608 if (plen > (modulus_len - MIN_PKCS1_PADLEN))
619 609 return (CRYPTO_DATA_LEN_RANGE);
620 610 } else {
621 611 if (plen > modulus_len)
622 612 return (CRYPTO_DATA_LEN_RANGE);
623 613 }
624 614
625 615 /*
626 616 * Output buf len must not be less than RSA modulus size.
627 617 */
628 618 if (ciphertext->cd_length < modulus_len) {
629 619 ciphertext->cd_length = modulus_len;
630 620 return (CRYPTO_BUFFER_TOO_SMALL);
631 621 }
632 622
633 623 ASSERT(plaintext->cd_length <= sizeof (tmp_data));
634 624 if ((rv = crypto_get_input_data(plaintext, &ptptr, tmp_data))
635 625 != CRYPTO_SUCCESS)
636 626 return (rv);
637 627
638 628 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
639 629 rv = pkcs1_encode(PKCS1_ENCRYPT, ptptr, plen,
640 630 plain_data, modulus_len);
641 631
642 632 if (rv != CRYPTO_SUCCESS)
643 633 return (rv);
644 634 } else {
645 635 bzero(plain_data, modulus_len - plen);
646 636 bcopy(ptptr, &plain_data[modulus_len - plen], plen);
647 637 }
648 638
↓ open down ↓ |
36 lines elided |
↑ open up ↑ |
649 639 rv = core_rsa_encrypt(key, plain_data, modulus_len, cipher_data, 1);
650 640 if (rv == CRYPTO_SUCCESS) {
651 641 /* copy out to ciphertext */
652 642 if ((rv = crypto_put_output_data(cipher_data,
653 643 ciphertext, modulus_len)) != CRYPTO_SUCCESS)
654 644 return (rv);
655 645
656 646 ciphertext->cd_length = modulus_len;
657 647 }
658 648
659 -/* EXPORT DELETE END */
660 -
661 649 return (rv);
662 650 }
663 651
664 -/* EXPORT DELETE START */
665 -
666 652 static int
667 653 core_rsa_encrypt(crypto_key_t *key, uchar_t *in,
668 654 int in_len, uchar_t *out, int is_public)
669 655 {
670 656 int rv;
671 657 uchar_t *expo, *modulus;
672 658 ssize_t expo_len;
673 659 ssize_t modulus_len;
674 660 RSAbytekey k;
675 661
676 662 if (is_public) {
677 663 if ((rv = crypto_get_key_attr(key, SUN_CKA_PUBLIC_EXPONENT,
678 664 &expo, &expo_len)) != CRYPTO_SUCCESS)
679 665 return (rv);
680 666 } else {
681 667 /*
682 668 * SUN_CKA_PRIVATE_EXPONENT is a required attribute for a
683 669 * RSA secret key. See the comments in core_rsa_decrypt
684 670 * routine which calls this routine with a private key.
685 671 */
686 672 if ((rv = crypto_get_key_attr(key, SUN_CKA_PRIVATE_EXPONENT,
687 673 &expo, &expo_len)) != CRYPTO_SUCCESS)
688 674 return (rv);
689 675 }
690 676
691 677 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
692 678 &modulus_len)) != CRYPTO_SUCCESS) {
693 679 return (rv);
694 680 }
695 681
696 682 k.modulus = modulus;
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
697 683 k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len);
698 684 k.pubexpo = expo;
699 685 k.pubexpo_bytes = expo_len;
700 686 k.rfunc = NULL;
701 687
702 688 rv = rsa_encrypt(&k, in, in_len, out);
703 689
704 690 return (rv);
705 691 }
706 692
707 -/* EXPORT DELETE END */
708 -
709 693 /* ARGSUSED */
710 694 static int
711 695 rsaprov_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
712 696 crypto_data_t *plaintext, crypto_req_handle_t req)
713 697 {
714 698 int rv;
715 699 rsa_ctx_t *ctxp;
716 700
717 701 ASSERT(ctx->cc_provider_private != NULL);
718 702 ctxp = ctx->cc_provider_private;
719 703
720 704 RSA_ARG_INPLACE(ciphertext, plaintext);
721 705
722 706 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
723 707 rv = rsa_decrypt_common(ctxp->mech_type, ctxp->key,
724 708 ciphertext, plaintext);
725 709
726 710 if (rv != CRYPTO_BUFFER_TOO_SMALL)
727 711 (void) rsa_free_context(ctx);
728 712
729 713 return (rv);
730 714 }
731 715
732 716 /* ARGSUSED */
733 717 static int
734 718 rsa_decrypt_atomic(crypto_provider_handle_t provider,
735 719 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
736 720 crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
737 721 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
738 722 {
739 723 int rv;
740 724
741 725 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
742 726 return (rv);
743 727 RSA_ARG_INPLACE(ciphertext, plaintext);
744 728
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
745 729 return (rsa_decrypt_common(mechanism->cm_type, key, ciphertext,
746 730 plaintext));
747 731 }
748 732
749 733 static int
750 734 rsa_decrypt_common(rsa_mech_type_t mech_type, crypto_key_t *key,
751 735 crypto_data_t *ciphertext, crypto_data_t *plaintext)
752 736 {
753 737 int rv = CRYPTO_FAILED;
754 738
755 -/* EXPORT DELETE START */
756 -
757 739 size_t plain_len;
758 740 uchar_t *ctptr;
759 741 uchar_t *modulus;
760 742 ssize_t modulus_len;
761 743 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
762 744 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
763 745
764 746 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
765 747 &modulus_len)) != CRYPTO_SUCCESS) {
766 748 return (rv);
767 749 }
768 750
769 751 /*
770 752 * Ciphertext length must be equal to RSA modulus size.
771 753 */
772 754 if (ciphertext->cd_length != modulus_len)
773 755 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
774 756
775 757 ASSERT(ciphertext->cd_length <= sizeof (tmp_data));
776 758 if ((rv = crypto_get_input_data(ciphertext, &ctptr, tmp_data))
777 759 != CRYPTO_SUCCESS)
778 760 return (rv);
779 761
780 762 rv = core_rsa_decrypt(key, ctptr, modulus_len, plain_data);
781 763 if (rv == CRYPTO_SUCCESS) {
782 764 plain_len = modulus_len;
783 765
784 766 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
785 767 /* Strip off the PKCS block formatting data. */
786 768 rv = pkcs1_decode(PKCS1_DECRYPT, plain_data,
787 769 &plain_len);
788 770 if (rv != CRYPTO_SUCCESS)
789 771 return (rv);
790 772 }
791 773
792 774 if (plain_len > plaintext->cd_length) {
793 775 plaintext->cd_length = plain_len;
794 776 return (CRYPTO_BUFFER_TOO_SMALL);
↓ open down ↓ |
28 lines elided |
↑ open up ↑ |
795 777 }
796 778
797 779 if ((rv = crypto_put_output_data(
798 780 plain_data + modulus_len - plain_len,
799 781 plaintext, plain_len)) != CRYPTO_SUCCESS)
800 782 return (rv);
801 783
802 784 plaintext->cd_length = plain_len;
803 785 }
804 786
805 -/* EXPORT DELETE END */
806 -
807 787 return (rv);
808 788 }
809 789
810 -/* EXPORT DELETE START */
811 -
812 790 static int
813 791 core_rsa_decrypt(crypto_key_t *key, uchar_t *in, int in_len, uchar_t *out)
814 792 {
815 793 int rv;
816 794 uchar_t *modulus, *prime1, *prime2, *expo1, *expo2, *coef;
817 795 ssize_t modulus_len;
818 796 ssize_t prime1_len, prime2_len;
819 797 ssize_t expo1_len, expo2_len, coef_len;
820 798 RSAbytekey k;
821 799
822 800 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
823 801 &modulus_len)) != CRYPTO_SUCCESS) {
824 802 return (rv);
825 803 }
826 804
827 805 /*
828 806 * The following attributes are not required to be
829 807 * present in a RSA secret key. If any of them is not present
830 808 * we call the encrypt routine with a flag indicating use of
831 809 * private exponent (d). Note that SUN_CKA_PRIVATE_EXPONENT is
832 810 * a required attribute for a RSA secret key.
833 811 */
834 812 if ((crypto_get_key_attr(key, SUN_CKA_PRIME_1, &prime1, &prime1_len)
835 813 != CRYPTO_SUCCESS) ||
836 814 (crypto_get_key_attr(key, SUN_CKA_PRIME_2, &prime2, &prime2_len)
837 815 != CRYPTO_SUCCESS) ||
838 816 (crypto_get_key_attr(key, SUN_CKA_EXPONENT_1, &expo1, &expo1_len)
839 817 != CRYPTO_SUCCESS) ||
840 818 (crypto_get_key_attr(key, SUN_CKA_EXPONENT_2, &expo2, &expo2_len)
841 819 != CRYPTO_SUCCESS) ||
842 820 (crypto_get_key_attr(key, SUN_CKA_COEFFICIENT, &coef, &coef_len)
843 821 != CRYPTO_SUCCESS)) {
844 822 return (core_rsa_encrypt(key, in, in_len, out, 0));
845 823 }
846 824
847 825 k.modulus = modulus;
848 826 k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len);
849 827 k.prime1 = prime1;
850 828 k.prime1_bytes = prime1_len;
851 829 k.prime2 = prime2;
852 830 k.prime2_bytes = prime2_len;
853 831 k.expo1 = expo1;
854 832 k.expo1_bytes = expo1_len;
855 833 k.expo2 = expo2;
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
856 834 k.expo2_bytes = expo2_len;
857 835 k.coeff = coef;
858 836 k.coeff_bytes = coef_len;
859 837 k.rfunc = NULL;
860 838
861 839 rv = rsa_decrypt(&k, in, in_len, out);
862 840
863 841 return (rv);
864 842 }
865 843
866 -/* EXPORT DELETE END */
867 -
868 844 /* ARGSUSED */
869 845 static int
870 846 rsa_sign_verify_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
871 847 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
872 848 crypto_req_handle_t req)
873 849 {
874 850 int rv;
875 851 int kmflag;
876 852 rsa_ctx_t *ctxp;
877 853 digest_rsa_ctx_t *dctxp;
878 854
879 855 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
880 856 return (rv);
881 857
882 858 /*
883 859 * Allocate a RSA context.
884 860 */
885 861 kmflag = crypto_kmflag(req);
886 862 switch (mechanism->cm_type) {
887 863 case MD5_RSA_PKCS_MECH_INFO_TYPE:
888 864 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
889 865 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
890 866 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
891 867 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
892 868 dctxp = kmem_zalloc(sizeof (digest_rsa_ctx_t), kmflag);
893 869 ctxp = (rsa_ctx_t *)dctxp;
894 870 break;
895 871 default:
896 872 ctxp = kmem_zalloc(sizeof (rsa_ctx_t), kmflag);
897 873 break;
898 874 }
899 875
900 876 if (ctxp == NULL)
901 877 return (CRYPTO_HOST_MEMORY);
902 878
903 879 ctxp->mech_type = mechanism->cm_type;
904 880 if ((rv = crypto_copy_key_to_ctx(key, &ctxp->key, &ctxp->keychunk_size,
905 881 kmflag)) != CRYPTO_SUCCESS) {
906 882 switch (mechanism->cm_type) {
907 883 case MD5_RSA_PKCS_MECH_INFO_TYPE:
908 884 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
909 885 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
910 886 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
911 887 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
912 888 kmem_free(dctxp, sizeof (digest_rsa_ctx_t));
913 889 break;
914 890 default:
915 891 kmem_free(ctxp, sizeof (rsa_ctx_t));
916 892 break;
917 893 }
918 894 return (rv);
919 895 }
920 896
921 897 switch (mechanism->cm_type) {
922 898 case MD5_RSA_PKCS_MECH_INFO_TYPE:
923 899 MD5Init(&(dctxp->md5_ctx));
924 900 break;
925 901
926 902 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
927 903 SHA1Init(&(dctxp->sha1_ctx));
928 904 break;
929 905
930 906 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
931 907 SHA2Init(SHA256, &(dctxp->sha2_ctx));
932 908 break;
933 909
934 910 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
935 911 SHA2Init(SHA384, &(dctxp->sha2_ctx));
936 912 break;
937 913
938 914 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
939 915 SHA2Init(SHA512, &(dctxp->sha2_ctx));
940 916 break;
941 917 }
942 918
943 919 ctx->cc_provider_private = ctxp;
944 920
945 921 return (CRYPTO_SUCCESS);
946 922 }
947 923
948 924 #define SHA1_DIGEST_SIZE 20
949 925 #define MD5_DIGEST_SIZE 16
950 926
951 927 #define INIT_RAW_CRYPTO_DATA(data, base, len, cd_len) \
952 928 (data).cd_format = CRYPTO_DATA_RAW; \
953 929 (data).cd_offset = 0; \
↓ open down ↓ |
76 lines elided |
↑ open up ↑ |
954 930 (data).cd_raw.iov_base = (char *)base; \
955 931 (data).cd_raw.iov_len = len; \
956 932 (data).cd_length = cd_len;
957 933
958 934 static int
959 935 rsa_digest_svrfy_common(digest_rsa_ctx_t *ctxp, crypto_data_t *data,
960 936 crypto_data_t *signature, uchar_t flag)
961 937 {
962 938 int rv = CRYPTO_FAILED;
963 939
964 -/* EXPORT DELETE START */
965 -
966 940 uchar_t digest[SHA512_DIGEST_LENGTH];
967 941 /* The der_data size is enough for MD5 also */
968 942 uchar_t der_data[SHA512_DIGEST_LENGTH + SHA2_DER_PREFIX_Len];
969 943 ulong_t der_data_len;
970 944 crypto_data_t der_cd;
971 945 rsa_mech_type_t mech_type;
972 946
973 947 ASSERT(flag & CRYPTO_DO_SIGN || flag & CRYPTO_DO_VERIFY);
974 948 ASSERT(data != NULL || (flag & CRYPTO_DO_FINAL));
975 949
976 950 mech_type = ctxp->mech_type;
977 951 if (mech_type == RSA_PKCS_MECH_INFO_TYPE ||
978 952 mech_type == RSA_X_509_MECH_INFO_TYPE)
979 953 return (CRYPTO_MECHANISM_INVALID);
980 954
981 955 /*
982 956 * We need to do the BUFFER_TOO_SMALL check before digesting
983 957 * the data. No check is needed for verify as signature is not
984 958 * an output argument for verify.
985 959 */
986 960 if (flag & CRYPTO_DO_SIGN) {
987 961 uchar_t *modulus;
988 962 ssize_t modulus_len;
989 963
990 964 if ((rv = crypto_get_key_attr(ctxp->key, SUN_CKA_MODULUS,
991 965 &modulus, &modulus_len)) != CRYPTO_SUCCESS) {
992 966 return (rv);
993 967 }
994 968
995 969 if (signature->cd_length < modulus_len) {
996 970 signature->cd_length = modulus_len;
997 971 return (CRYPTO_BUFFER_TOO_SMALL);
998 972 }
999 973 }
1000 974
1001 975 if (mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE)
1002 976 rv = crypto_digest_data(data, &(ctxp->md5_ctx),
1003 977 digest, MD5Update, MD5Final, flag | CRYPTO_DO_MD5);
1004 978
1005 979 else if (mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE)
1006 980 rv = crypto_digest_data(data, &(ctxp->sha1_ctx),
1007 981 digest, SHA1Update, SHA1Final, flag | CRYPTO_DO_SHA1);
1008 982
1009 983 else
1010 984 rv = crypto_digest_data(data, &(ctxp->sha2_ctx),
1011 985 digest, SHA2Update, SHA2Final, flag | CRYPTO_DO_SHA2);
1012 986
1013 987 if (rv != CRYPTO_SUCCESS)
1014 988 return (rv);
1015 989
1016 990
1017 991 /*
1018 992 * Prepare the DER encoding of the DigestInfo value as follows:
1019 993 * MD5: MD5_DER_PREFIX || H
1020 994 * SHA-1: SHA1_DER_PREFIX || H
1021 995 *
1022 996 * See rsa_impl.c for more details.
1023 997 */
1024 998 switch (mech_type) {
1025 999 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1026 1000 bcopy(MD5_DER_PREFIX, der_data, MD5_DER_PREFIX_Len);
1027 1001 bcopy(digest, der_data + MD5_DER_PREFIX_Len, MD5_DIGEST_SIZE);
1028 1002 der_data_len = MD5_DER_PREFIX_Len + MD5_DIGEST_SIZE;
1029 1003 break;
1030 1004
1031 1005 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1032 1006 bcopy(SHA1_DER_PREFIX, der_data, SHA1_DER_PREFIX_Len);
1033 1007 bcopy(digest, der_data + SHA1_DER_PREFIX_Len,
1034 1008 SHA1_DIGEST_SIZE);
1035 1009 der_data_len = SHA1_DER_PREFIX_Len + SHA1_DIGEST_SIZE;
1036 1010 break;
1037 1011
1038 1012 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1039 1013 bcopy(SHA256_DER_PREFIX, der_data, SHA2_DER_PREFIX_Len);
1040 1014 bcopy(digest, der_data + SHA2_DER_PREFIX_Len,
1041 1015 SHA256_DIGEST_LENGTH);
1042 1016 der_data_len = SHA2_DER_PREFIX_Len + SHA256_DIGEST_LENGTH;
1043 1017 break;
1044 1018
1045 1019 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1046 1020 bcopy(SHA384_DER_PREFIX, der_data, SHA2_DER_PREFIX_Len);
1047 1021 bcopy(digest, der_data + SHA2_DER_PREFIX_Len,
1048 1022 SHA384_DIGEST_LENGTH);
1049 1023 der_data_len = SHA2_DER_PREFIX_Len + SHA384_DIGEST_LENGTH;
1050 1024 break;
1051 1025
1052 1026 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1053 1027 bcopy(SHA512_DER_PREFIX, der_data, SHA2_DER_PREFIX_Len);
1054 1028 bcopy(digest, der_data + SHA2_DER_PREFIX_Len,
1055 1029 SHA512_DIGEST_LENGTH);
1056 1030 der_data_len = SHA2_DER_PREFIX_Len + SHA512_DIGEST_LENGTH;
1057 1031 break;
1058 1032 }
1059 1033
1060 1034 INIT_RAW_CRYPTO_DATA(der_cd, der_data, der_data_len, der_data_len);
↓ open down ↓ |
85 lines elided |
↑ open up ↑ |
1061 1035 /*
1062 1036 * Now, we are ready to sign or verify the DER_ENCODED data.
1063 1037 */
1064 1038 if (flag & CRYPTO_DO_SIGN)
1065 1039 rv = rsa_sign_common(mech_type, ctxp->key, &der_cd,
1066 1040 signature);
1067 1041 else
1068 1042 rv = rsa_verify_common(mech_type, ctxp->key, &der_cd,
1069 1043 signature);
1070 1044
1071 -/* EXPORT DELETE END */
1072 -
1073 1045 return (rv);
1074 1046 }
1075 1047
1076 1048 static int
1077 1049 rsa_sign_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1078 1050 crypto_data_t *data, crypto_data_t *signature)
1079 1051 {
1080 1052 int rv = CRYPTO_FAILED;
1081 1053
1082 -/* EXPORT DELETE START */
1083 -
1084 1054 int dlen;
1085 1055 uchar_t *dataptr, *modulus;
1086 1056 ssize_t modulus_len;
1087 1057 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1088 1058 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1089 1059 uchar_t signed_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1090 1060
1091 1061 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1092 1062 &modulus_len)) != CRYPTO_SUCCESS) {
1093 1063 return (rv);
1094 1064 }
1095 1065
1096 1066 dlen = data->cd_length;
1097 1067 switch (mech_type) {
1098 1068 case RSA_PKCS_MECH_INFO_TYPE:
1099 1069 if (dlen > (modulus_len - MIN_PKCS1_PADLEN))
1100 1070 return (CRYPTO_DATA_LEN_RANGE);
1101 1071 break;
1102 1072 case RSA_X_509_MECH_INFO_TYPE:
1103 1073 if (dlen > modulus_len)
1104 1074 return (CRYPTO_DATA_LEN_RANGE);
1105 1075 break;
1106 1076 }
1107 1077
1108 1078 if (signature->cd_length < modulus_len) {
1109 1079 signature->cd_length = modulus_len;
1110 1080 return (CRYPTO_BUFFER_TOO_SMALL);
1111 1081 }
1112 1082
1113 1083 ASSERT(data->cd_length <= sizeof (tmp_data));
1114 1084 if ((rv = crypto_get_input_data(data, &dataptr, tmp_data))
1115 1085 != CRYPTO_SUCCESS)
1116 1086 return (rv);
1117 1087
1118 1088 switch (mech_type) {
1119 1089 case RSA_PKCS_MECH_INFO_TYPE:
1120 1090 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1121 1091 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1122 1092 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1123 1093 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1124 1094 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1125 1095 /*
1126 1096 * Add PKCS padding to the input data to format a block
1127 1097 * type "01" encryption block.
1128 1098 */
1129 1099 rv = pkcs1_encode(PKCS1_SIGN, dataptr, dlen, plain_data,
1130 1100 modulus_len);
1131 1101 if (rv != CRYPTO_SUCCESS)
1132 1102 return (rv);
1133 1103
1134 1104 break;
1135 1105
1136 1106 case RSA_X_509_MECH_INFO_TYPE:
1137 1107 bzero(plain_data, modulus_len - dlen);
1138 1108 bcopy(dataptr, &plain_data[modulus_len - dlen], dlen);
1139 1109 break;
1140 1110 }
1141 1111
↓ open down ↓ |
48 lines elided |
↑ open up ↑ |
1142 1112 rv = core_rsa_decrypt(key, plain_data, modulus_len, signed_data);
1143 1113 if (rv == CRYPTO_SUCCESS) {
1144 1114 /* copy out to signature */
1145 1115 if ((rv = crypto_put_output_data(signed_data,
1146 1116 signature, modulus_len)) != CRYPTO_SUCCESS)
1147 1117 return (rv);
1148 1118
1149 1119 signature->cd_length = modulus_len;
1150 1120 }
1151 1121
1152 -/* EXPORT DELETE END */
1153 -
1154 1122 return (rv);
1155 1123 }
1156 1124
1157 1125 /* ARGSUSED */
1158 1126 static int
1159 1127 rsaprov_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *signature,
1160 1128 crypto_req_handle_t req)
1161 1129 {
1162 1130 int rv;
1163 1131 rsa_ctx_t *ctxp;
1164 1132
1165 1133 ASSERT(ctx->cc_provider_private != NULL);
1166 1134 ctxp = ctx->cc_provider_private;
1167 1135
1168 1136 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
1169 1137 switch (ctxp->mech_type) {
1170 1138 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1171 1139 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1172 1140 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1173 1141 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1174 1142 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1175 1143 rv = rsa_digest_svrfy_common((digest_rsa_ctx_t *)ctxp, data,
1176 1144 signature, CRYPTO_DO_SIGN | CRYPTO_DO_UPDATE |
1177 1145 CRYPTO_DO_FINAL);
1178 1146 break;
1179 1147 default:
1180 1148 rv = rsa_sign_common(ctxp->mech_type, ctxp->key, data,
1181 1149 signature);
1182 1150 break;
1183 1151 }
1184 1152
1185 1153 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1186 1154 (void) rsa_free_context(ctx);
1187 1155
1188 1156 return (rv);
1189 1157 }
1190 1158
1191 1159 /* ARGSUSED */
1192 1160 static int
1193 1161 rsa_sign_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
1194 1162 {
1195 1163 int rv;
1196 1164 digest_rsa_ctx_t *ctxp;
1197 1165 rsa_mech_type_t mech_type;
1198 1166
1199 1167 ASSERT(ctx->cc_provider_private != NULL);
1200 1168 ctxp = ctx->cc_provider_private;
1201 1169 mech_type = ctxp->mech_type;
1202 1170
1203 1171 if (mech_type == RSA_PKCS_MECH_INFO_TYPE ||
1204 1172 mech_type == RSA_X_509_MECH_INFO_TYPE)
1205 1173 return (CRYPTO_MECHANISM_INVALID);
1206 1174
1207 1175 if (mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE)
1208 1176 rv = crypto_digest_data(data, &(ctxp->md5_ctx),
1209 1177 NULL, MD5Update, MD5Final,
1210 1178 CRYPTO_DO_MD5 | CRYPTO_DO_UPDATE);
1211 1179
1212 1180 else if (mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE)
1213 1181 rv = crypto_digest_data(data, &(ctxp->sha1_ctx),
1214 1182 NULL, SHA1Update, SHA1Final, CRYPTO_DO_SHA1 |
1215 1183 CRYPTO_DO_UPDATE);
1216 1184
1217 1185 else
1218 1186 rv = crypto_digest_data(data, &(ctxp->sha2_ctx),
1219 1187 NULL, SHA2Update, SHA2Final, CRYPTO_DO_SHA2 |
1220 1188 CRYPTO_DO_UPDATE);
1221 1189
1222 1190 return (rv);
1223 1191 }
1224 1192
1225 1193 /* ARGSUSED2 */
1226 1194 static int
1227 1195 rsa_sign_final(crypto_ctx_t *ctx, crypto_data_t *signature,
1228 1196 crypto_req_handle_t req)
1229 1197 {
1230 1198 int rv;
1231 1199 digest_rsa_ctx_t *ctxp;
1232 1200
1233 1201 ASSERT(ctx->cc_provider_private != NULL);
1234 1202 ctxp = ctx->cc_provider_private;
1235 1203
1236 1204 rv = rsa_digest_svrfy_common(ctxp, NULL, signature,
1237 1205 CRYPTO_DO_SIGN | CRYPTO_DO_FINAL);
1238 1206 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1239 1207 (void) rsa_free_context(ctx);
1240 1208
1241 1209 return (rv);
1242 1210 }
1243 1211
1244 1212 /* ARGSUSED */
1245 1213 static int
1246 1214 rsa_sign_atomic(crypto_provider_handle_t provider,
1247 1215 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1248 1216 crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
1249 1217 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1250 1218 {
1251 1219 int rv;
1252 1220 digest_rsa_ctx_t dctx;
1253 1221
1254 1222 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
1255 1223 return (rv);
1256 1224
1257 1225 if (mechanism->cm_type == RSA_PKCS_MECH_INFO_TYPE ||
1258 1226 mechanism->cm_type == RSA_X_509_MECH_INFO_TYPE)
1259 1227 rv = rsa_sign_common(mechanism->cm_type, key, data,
1260 1228 signature);
1261 1229
1262 1230 else {
1263 1231 dctx.mech_type = mechanism->cm_type;
1264 1232 dctx.key = key;
1265 1233 switch (mechanism->cm_type) {
1266 1234 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1267 1235 MD5Init(&(dctx.md5_ctx));
1268 1236 break;
1269 1237
1270 1238 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1271 1239 SHA1Init(&(dctx.sha1_ctx));
1272 1240 break;
1273 1241
1274 1242 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1275 1243 SHA2Init(SHA256, &(dctx.sha2_ctx));
1276 1244 break;
1277 1245
1278 1246 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1279 1247 SHA2Init(SHA384, &(dctx.sha2_ctx));
1280 1248 break;
1281 1249
1282 1250 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1283 1251 SHA2Init(SHA512, &(dctx.sha2_ctx));
1284 1252 break;
1285 1253 }
1286 1254
1287 1255 rv = rsa_digest_svrfy_common(&dctx, data, signature,
1288 1256 CRYPTO_DO_SIGN | CRYPTO_DO_UPDATE | CRYPTO_DO_FINAL);
1289 1257 }
↓ open down ↓ |
126 lines elided |
↑ open up ↑ |
1290 1258
1291 1259 return (rv);
1292 1260 }
1293 1261
1294 1262 static int
1295 1263 rsa_verify_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1296 1264 crypto_data_t *data, crypto_data_t *signature)
1297 1265 {
1298 1266 int rv = CRYPTO_FAILED;
1299 1267
1300 -/* EXPORT DELETE START */
1301 -
1302 1268 uchar_t *sigptr, *modulus;
1303 1269 ssize_t modulus_len;
1304 1270 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1305 1271 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1306 1272
1307 1273 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1308 1274 &modulus_len)) != CRYPTO_SUCCESS) {
1309 1275 return (rv);
1310 1276 }
1311 1277
1312 1278 if (signature->cd_length != modulus_len)
1313 1279 return (CRYPTO_SIGNATURE_LEN_RANGE);
1314 1280
1315 1281 ASSERT(signature->cd_length <= sizeof (tmp_data));
1316 1282 if ((rv = crypto_get_input_data(signature, &sigptr, tmp_data))
1317 1283 != CRYPTO_SUCCESS)
1318 1284 return (rv);
1319 1285
1320 1286 rv = core_rsa_encrypt(key, sigptr, modulus_len, plain_data, 1);
1321 1287 if (rv != CRYPTO_SUCCESS)
1322 1288 return (rv);
1323 1289
1324 1290 if (mech_type == RSA_X_509_MECH_INFO_TYPE) {
1325 1291 if (compare_data(data, (plain_data + modulus_len
1326 1292 - data->cd_length)) != 0)
1327 1293 rv = CRYPTO_SIGNATURE_INVALID;
1328 1294
1329 1295 } else {
1330 1296 size_t data_len = modulus_len;
1331 1297
1332 1298 /*
1333 1299 * Strip off the encoded padding bytes in front of the
1334 1300 * recovered data, then compare the recovered data with
1335 1301 * the original data.
1336 1302 */
1337 1303 rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len);
1338 1304 if (rv != CRYPTO_SUCCESS)
↓ open down ↓ |
27 lines elided |
↑ open up ↑ |
1339 1305 return (rv);
1340 1306
1341 1307 if (data_len != data->cd_length)
1342 1308 return (CRYPTO_SIGNATURE_LEN_RANGE);
1343 1309
1344 1310 if (compare_data(data, (plain_data + modulus_len
1345 1311 - data_len)) != 0)
1346 1312 rv = CRYPTO_SIGNATURE_INVALID;
1347 1313 }
1348 1314
1349 -/* EXPORT DELETE END */
1350 -
1351 1315 return (rv);
1352 1316 }
1353 1317
1354 1318 /* ARGSUSED */
1355 1319 static int
1356 1320 rsaprov_verify(crypto_ctx_t *ctx, crypto_data_t *data,
1357 1321 crypto_data_t *signature, crypto_req_handle_t req)
1358 1322 {
1359 1323 int rv;
1360 1324 rsa_ctx_t *ctxp;
1361 1325
1362 1326 ASSERT(ctx->cc_provider_private != NULL);
1363 1327 ctxp = ctx->cc_provider_private;
1364 1328
1365 1329 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
1366 1330 switch (ctxp->mech_type) {
1367 1331 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1368 1332 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1369 1333 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1370 1334 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1371 1335 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1372 1336 rv = rsa_digest_svrfy_common((digest_rsa_ctx_t *)ctxp, data,
1373 1337 signature, CRYPTO_DO_VERIFY | CRYPTO_DO_UPDATE |
1374 1338 CRYPTO_DO_FINAL);
1375 1339 break;
1376 1340 default:
1377 1341 rv = rsa_verify_common(ctxp->mech_type, ctxp->key, data,
1378 1342 signature);
1379 1343 break;
1380 1344 }
1381 1345
1382 1346 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1383 1347 (void) rsa_free_context(ctx);
1384 1348
1385 1349 return (rv);
1386 1350 }
1387 1351
1388 1352 /* ARGSUSED */
1389 1353 static int
1390 1354 rsa_verify_update(crypto_ctx_t *ctx, crypto_data_t *data,
1391 1355 crypto_req_handle_t req)
1392 1356 {
1393 1357 int rv;
1394 1358 digest_rsa_ctx_t *ctxp;
1395 1359
1396 1360 ASSERT(ctx->cc_provider_private != NULL);
1397 1361 ctxp = ctx->cc_provider_private;
1398 1362
1399 1363 switch (ctxp->mech_type) {
1400 1364
1401 1365 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1402 1366 rv = crypto_digest_data(data, &(ctxp->md5_ctx),
1403 1367 NULL, MD5Update, MD5Final, CRYPTO_DO_MD5 |
1404 1368 CRYPTO_DO_UPDATE);
1405 1369 break;
1406 1370
1407 1371 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1408 1372 rv = crypto_digest_data(data, &(ctxp->sha1_ctx),
1409 1373 NULL, SHA1Update, SHA1Final, CRYPTO_DO_SHA1 |
1410 1374 CRYPTO_DO_UPDATE);
1411 1375 break;
1412 1376
1413 1377 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1414 1378 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1415 1379 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1416 1380 rv = crypto_digest_data(data, &(ctxp->sha2_ctx),
1417 1381 NULL, SHA2Update, SHA2Final, CRYPTO_DO_SHA2 |
1418 1382 CRYPTO_DO_UPDATE);
1419 1383 break;
1420 1384
1421 1385 default:
1422 1386 return (CRYPTO_MECHANISM_INVALID);
1423 1387 }
1424 1388
1425 1389 return (rv);
1426 1390 }
1427 1391
1428 1392 /* ARGSUSED2 */
1429 1393 static int
1430 1394 rsa_verify_final(crypto_ctx_t *ctx, crypto_data_t *signature,
1431 1395 crypto_req_handle_t req)
1432 1396 {
1433 1397 int rv;
1434 1398 digest_rsa_ctx_t *ctxp;
1435 1399
1436 1400 ASSERT(ctx->cc_provider_private != NULL);
1437 1401 ctxp = ctx->cc_provider_private;
1438 1402
1439 1403 rv = rsa_digest_svrfy_common(ctxp, NULL, signature,
1440 1404 CRYPTO_DO_VERIFY | CRYPTO_DO_FINAL);
1441 1405 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1442 1406 (void) rsa_free_context(ctx);
1443 1407
1444 1408 return (rv);
1445 1409 }
1446 1410
1447 1411
1448 1412 /* ARGSUSED */
1449 1413 static int
1450 1414 rsa_verify_atomic(crypto_provider_handle_t provider,
1451 1415 crypto_session_id_t session_id,
1452 1416 crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data,
1453 1417 crypto_data_t *signature, crypto_spi_ctx_template_t ctx_template,
1454 1418 crypto_req_handle_t req)
1455 1419 {
1456 1420 int rv;
1457 1421 digest_rsa_ctx_t dctx;
1458 1422
1459 1423 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
1460 1424 return (rv);
1461 1425
1462 1426 if (mechanism->cm_type == RSA_PKCS_MECH_INFO_TYPE ||
1463 1427 mechanism->cm_type == RSA_X_509_MECH_INFO_TYPE)
1464 1428 rv = rsa_verify_common(mechanism->cm_type, key, data,
1465 1429 signature);
1466 1430
1467 1431 else {
1468 1432 dctx.mech_type = mechanism->cm_type;
1469 1433 dctx.key = key;
1470 1434
1471 1435 switch (mechanism->cm_type) {
1472 1436 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1473 1437 MD5Init(&(dctx.md5_ctx));
1474 1438 break;
1475 1439
1476 1440 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1477 1441 SHA1Init(&(dctx.sha1_ctx));
1478 1442 break;
1479 1443
1480 1444 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1481 1445 SHA2Init(SHA256, &(dctx.sha2_ctx));
1482 1446 break;
1483 1447
1484 1448 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1485 1449 SHA2Init(SHA384, &(dctx.sha2_ctx));
1486 1450 break;
1487 1451
1488 1452 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1489 1453 SHA2Init(SHA512, &(dctx.sha2_ctx));
1490 1454 break;
1491 1455 }
1492 1456
1493 1457 rv = rsa_digest_svrfy_common(&dctx, data, signature,
1494 1458 CRYPTO_DO_VERIFY | CRYPTO_DO_UPDATE | CRYPTO_DO_FINAL);
1495 1459 }
↓ open down ↓ |
135 lines elided |
↑ open up ↑ |
1496 1460
1497 1461 return (rv);
1498 1462 }
1499 1463
1500 1464 static int
1501 1465 rsa_verify_recover_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1502 1466 crypto_data_t *signature, crypto_data_t *data)
1503 1467 {
1504 1468 int rv = CRYPTO_FAILED;
1505 1469
1506 -/* EXPORT DELETE START */
1507 -
1508 1470 size_t data_len;
1509 1471 uchar_t *sigptr, *modulus;
1510 1472 ssize_t modulus_len;
1511 1473 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1512 1474 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1513 1475
1514 1476 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1515 1477 &modulus_len)) != CRYPTO_SUCCESS) {
1516 1478 return (rv);
1517 1479 }
1518 1480
1519 1481 if (signature->cd_length != modulus_len)
1520 1482 return (CRYPTO_SIGNATURE_LEN_RANGE);
1521 1483
1522 1484 ASSERT(signature->cd_length <= sizeof (tmp_data));
1523 1485 if ((rv = crypto_get_input_data(signature, &sigptr, tmp_data))
1524 1486 != CRYPTO_SUCCESS)
1525 1487 return (rv);
1526 1488
1527 1489 rv = core_rsa_encrypt(key, sigptr, modulus_len, plain_data, 1);
1528 1490 if (rv != CRYPTO_SUCCESS)
1529 1491 return (rv);
1530 1492
1531 1493 data_len = modulus_len;
1532 1494
1533 1495 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
1534 1496 /*
1535 1497 * Strip off the encoded padding bytes in front of the
1536 1498 * recovered data, then compare the recovered data with
1537 1499 * the original data.
1538 1500 */
1539 1501 rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len);
1540 1502 if (rv != CRYPTO_SUCCESS)
1541 1503 return (rv);
1542 1504 }
1543 1505
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
1544 1506 if (data->cd_length < data_len) {
1545 1507 data->cd_length = data_len;
1546 1508 return (CRYPTO_BUFFER_TOO_SMALL);
1547 1509 }
1548 1510
1549 1511 if ((rv = crypto_put_output_data(plain_data + modulus_len - data_len,
1550 1512 data, data_len)) != CRYPTO_SUCCESS)
1551 1513 return (rv);
1552 1514 data->cd_length = data_len;
1553 1515
1554 -/* EXPORT DELETE END */
1555 -
1556 1516 return (rv);
1557 1517 }
1558 1518
1559 1519 /* ARGSUSED */
1560 1520 static int
1561 1521 rsa_verify_recover(crypto_ctx_t *ctx, crypto_data_t *signature,
1562 1522 crypto_data_t *data, crypto_req_handle_t req)
1563 1523 {
1564 1524 int rv;
1565 1525 rsa_ctx_t *ctxp;
1566 1526
1567 1527 ASSERT(ctx->cc_provider_private != NULL);
1568 1528 ctxp = ctx->cc_provider_private;
1569 1529
1570 1530 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
1571 1531 rv = rsa_verify_recover_common(ctxp->mech_type, ctxp->key,
1572 1532 signature, data);
1573 1533
1574 1534 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1575 1535 (void) rsa_free_context(ctx);
1576 1536
1577 1537 return (rv);
1578 1538 }
1579 1539
1580 1540 /* ARGSUSED */
1581 1541 static int
1582 1542 rsa_verify_recover_atomic(crypto_provider_handle_t provider,
1583 1543 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1584 1544 crypto_key_t *key, crypto_data_t *signature, crypto_data_t *data,
1585 1545 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1586 1546 {
1587 1547 int rv;
1588 1548
1589 1549 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
1590 1550 return (rv);
1591 1551
1592 1552 return (rsa_verify_recover_common(mechanism->cm_type, key,
1593 1553 signature, data));
1594 1554 }
↓ open down ↓ |
29 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX