Print this page
first pass

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/crypto/io/rsa.c
          +++ new/usr/src/uts/common/crypto/io/rsa.c
↓ open down ↓ 307 lines elided ↑ open up ↑
 308  308  static int rsa_encrypt_common(rsa_mech_type_t, crypto_key_t *,
 309  309      crypto_data_t *, crypto_data_t *);
 310  310  static int rsa_decrypt_common(rsa_mech_type_t, crypto_key_t *,
 311  311      crypto_data_t *, crypto_data_t *);
 312  312  static int rsa_sign_common(rsa_mech_type_t, crypto_key_t *,
 313  313      crypto_data_t *, crypto_data_t *);
 314  314  static int rsa_verify_common(rsa_mech_type_t, crypto_key_t *,
 315  315      crypto_data_t *, crypto_data_t *);
 316  316  static int compare_data(crypto_data_t *, uchar_t *);
 317  317  
 318      -/* EXPORT DELETE START */
 319      -
 320  318  static int core_rsa_encrypt(crypto_key_t *, uchar_t *, int, uchar_t *, int);
 321  319  static int core_rsa_decrypt(crypto_key_t *, uchar_t *, int, uchar_t *);
 322  320  
 323      -/* EXPORT DELETE END */
 324      -
 325  321  static crypto_kcf_provider_handle_t rsa_prov_handle = NULL;
 326  322  
 327  323  int
 328  324  _init(void)
 329  325  {
 330  326          int ret;
 331  327  
 332  328          if ((ret = mod_install(&modlinkage)) != 0)
 333  329                  return (ret);
 334  330  
↓ open down ↓ 31 lines elided ↑ open up ↑
 366  362  rsa_provider_status(crypto_provider_handle_t provider, uint_t *status)
 367  363  {
 368  364          *status = CRYPTO_PROVIDER_READY;
 369  365  }
 370  366  
 371  367  static int
 372  368  check_mech_and_key(crypto_mechanism_t *mechanism, crypto_key_t *key)
 373  369  {
 374  370          int rv = CRYPTO_FAILED;
 375  371  
 376      -/* EXPORT DELETE START */
 377      -
 378  372          uchar_t *modulus;
 379  373          ssize_t modulus_len; /* In bytes */
 380  374  
 381  375          if (!RSA_VALID_MECH(mechanism))
 382  376                  return (CRYPTO_MECHANISM_INVALID);
 383  377  
 384  378          /*
 385  379           * We only support RSA keys that are passed as a list of
 386  380           * object attributes.
 387  381           */
↓ open down ↓ 2 lines elided ↑ open up ↑
 390  384          }
 391  385  
 392  386          if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
 393  387              &modulus_len)) != CRYPTO_SUCCESS) {
 394  388                  return (rv);
 395  389          }
 396  390          if (modulus_len < MIN_RSA_KEYLENGTH_IN_BYTES ||
 397  391              modulus_len > MAX_RSA_KEYLENGTH_IN_BYTES)
 398  392                  return (CRYPTO_KEY_SIZE_RANGE);
 399  393  
 400      -/* EXPORT DELETE END */
 401      -
 402  394          return (rv);
 403  395  }
 404  396  
 405  397  void
 406  398  kmemset(uint8_t *buf, char pattern, size_t len)
 407  399  {
 408  400          int i = 0;
 409  401  
 410  402          while (i < len)
 411  403                  buf[i++] = pattern;
↓ open down ↓ 179 lines elided ↑ open up ↑
 591  583  
 592  584          return (CRYPTO_SUCCESS);
 593  585  }
 594  586  
 595  587  static int
 596  588  rsa_encrypt_common(rsa_mech_type_t mech_type, crypto_key_t *key,
 597  589      crypto_data_t *plaintext, crypto_data_t *ciphertext)
 598  590  {
 599  591          int rv = CRYPTO_FAILED;
 600  592  
 601      -/* EXPORT DELETE START */
 602      -
 603  593          int plen;
 604  594          uchar_t *ptptr;
 605  595          uchar_t *modulus;
 606  596          ssize_t modulus_len;
 607  597          uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
 608  598          uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
 609  599          uchar_t cipher_data[MAX_RSA_KEYLENGTH_IN_BYTES];
 610  600  
 611  601          if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
 612  602              &modulus_len)) != CRYPTO_SUCCESS) {
↓ open down ↓ 36 lines elided ↑ open up ↑
 649  639          rv = core_rsa_encrypt(key, plain_data, modulus_len, cipher_data, 1);
 650  640          if (rv == CRYPTO_SUCCESS) {
 651  641                  /* copy out to ciphertext */
 652  642                  if ((rv = crypto_put_output_data(cipher_data,
 653  643                      ciphertext, modulus_len)) != CRYPTO_SUCCESS)
 654  644                          return (rv);
 655  645  
 656  646                  ciphertext->cd_length = modulus_len;
 657  647          }
 658  648  
 659      -/* EXPORT DELETE END */
 660      -
 661  649          return (rv);
 662  650  }
 663  651  
 664      -/* EXPORT DELETE START */
 665      -
 666  652  static int
 667  653  core_rsa_encrypt(crypto_key_t *key, uchar_t *in,
 668  654      int in_len, uchar_t *out, int is_public)
 669  655  {
 670  656          int rv;
 671  657          uchar_t *expo, *modulus;
 672  658          ssize_t expo_len;
 673  659          ssize_t modulus_len;
 674  660          RSAbytekey k;
 675  661  
↓ open down ↓ 21 lines elided ↑ open up ↑
 697  683          k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len);
 698  684          k.pubexpo = expo;
 699  685          k.pubexpo_bytes = expo_len;
 700  686          k.rfunc = NULL;
 701  687  
 702  688          rv = rsa_encrypt(&k, in, in_len, out);
 703  689  
 704  690          return (rv);
 705  691  }
 706  692  
 707      -/* EXPORT DELETE END */
 708      -
 709  693  /* ARGSUSED */
 710  694  static int
 711  695  rsaprov_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 712  696      crypto_data_t *plaintext, crypto_req_handle_t req)
 713  697  {
 714  698          int rv;
 715  699          rsa_ctx_t *ctxp;
 716  700  
 717  701          ASSERT(ctx->cc_provider_private != NULL);
 718  702          ctxp = ctx->cc_provider_private;
↓ open down ↓ 26 lines elided ↑ open up ↑
 745  729          return (rsa_decrypt_common(mechanism->cm_type, key, ciphertext,
 746  730              plaintext));
 747  731  }
 748  732  
 749  733  static int
 750  734  rsa_decrypt_common(rsa_mech_type_t mech_type, crypto_key_t *key,
 751  735      crypto_data_t *ciphertext, crypto_data_t *plaintext)
 752  736  {
 753  737          int rv = CRYPTO_FAILED;
 754  738  
 755      -/* EXPORT DELETE START */
 756      -
 757  739          size_t plain_len;
 758  740          uchar_t *ctptr;
 759  741          uchar_t *modulus;
 760  742          ssize_t modulus_len;
 761  743          uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
 762  744          uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
 763  745  
 764  746          if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
 765  747              &modulus_len)) != CRYPTO_SUCCESS) {
 766  748                  return (rv);
↓ open down ↓ 28 lines elided ↑ open up ↑
 795  777                  }
 796  778  
 797  779                  if ((rv = crypto_put_output_data(
 798  780                      plain_data + modulus_len - plain_len,
 799  781                      plaintext, plain_len)) != CRYPTO_SUCCESS)
 800  782                          return (rv);
 801  783  
 802  784                  plaintext->cd_length = plain_len;
 803  785          }
 804  786  
 805      -/* EXPORT DELETE END */
 806      -
 807  787          return (rv);
 808  788  }
 809  789  
 810      -/* EXPORT DELETE START */
 811      -
 812  790  static int
 813  791  core_rsa_decrypt(crypto_key_t *key, uchar_t *in, int in_len, uchar_t *out)
 814  792  {
 815  793          int rv;
 816  794          uchar_t *modulus, *prime1, *prime2, *expo1, *expo2, *coef;
 817  795          ssize_t modulus_len;
 818  796          ssize_t prime1_len, prime2_len;
 819  797          ssize_t expo1_len, expo2_len, coef_len;
 820  798          RSAbytekey k;
 821  799  
↓ open down ↓ 34 lines elided ↑ open up ↑
 856  834          k.expo2_bytes = expo2_len;
 857  835          k.coeff = coef;
 858  836          k.coeff_bytes = coef_len;
 859  837          k.rfunc = NULL;
 860  838  
 861  839          rv = rsa_decrypt(&k, in, in_len, out);
 862  840  
 863  841          return (rv);
 864  842  }
 865  843  
 866      -/* EXPORT DELETE END */
 867      -
 868  844  /* ARGSUSED */
 869  845  static int
 870  846  rsa_sign_verify_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 871  847      crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
 872  848      crypto_req_handle_t req)
 873  849  {
 874  850          int rv;
 875  851          int kmflag;
 876  852          rsa_ctx_t *ctxp;
 877  853          digest_rsa_ctx_t *dctxp;
↓ open down ↓ 76 lines elided ↑ open up ↑
 954  930          (data).cd_raw.iov_base = (char *)base;          \
 955  931          (data).cd_raw.iov_len = len;                    \
 956  932          (data).cd_length = cd_len;
 957  933  
 958  934  static int
 959  935  rsa_digest_svrfy_common(digest_rsa_ctx_t *ctxp, crypto_data_t *data,
 960  936      crypto_data_t *signature, uchar_t flag)
 961  937  {
 962  938          int rv = CRYPTO_FAILED;
 963  939  
 964      -/* EXPORT DELETE START */
 965      -
 966  940          uchar_t digest[SHA512_DIGEST_LENGTH];
 967  941          /* The der_data size is enough for MD5 also */
 968  942          uchar_t der_data[SHA512_DIGEST_LENGTH + SHA2_DER_PREFIX_Len];
 969  943          ulong_t der_data_len;
 970  944          crypto_data_t der_cd;
 971  945          rsa_mech_type_t mech_type;
 972  946  
 973  947          ASSERT(flag & CRYPTO_DO_SIGN || flag & CRYPTO_DO_VERIFY);
 974  948          ASSERT(data != NULL || (flag & CRYPTO_DO_FINAL));
 975  949  
↓ open down ↓ 85 lines elided ↑ open up ↑
1061 1035          /*
1062 1036           * Now, we are ready to sign or verify the DER_ENCODED data.
1063 1037           */
1064 1038          if (flag & CRYPTO_DO_SIGN)
1065 1039                  rv = rsa_sign_common(mech_type, ctxp->key, &der_cd,
1066 1040                      signature);
1067 1041          else
1068 1042                  rv = rsa_verify_common(mech_type, ctxp->key, &der_cd,
1069 1043                      signature);
1070 1044  
1071      -/* EXPORT DELETE END */
1072      -
1073 1045          return (rv);
1074 1046  }
1075 1047  
1076 1048  static int
1077 1049  rsa_sign_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1078 1050      crypto_data_t *data, crypto_data_t *signature)
1079 1051  {
1080 1052          int rv = CRYPTO_FAILED;
1081 1053  
1082      -/* EXPORT DELETE START */
1083      -
1084 1054          int dlen;
1085 1055          uchar_t *dataptr, *modulus;
1086 1056          ssize_t modulus_len;
1087 1057          uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1088 1058          uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1089 1059          uchar_t signed_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1090 1060  
1091 1061          if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1092 1062              &modulus_len)) != CRYPTO_SUCCESS) {
1093 1063                  return (rv);
↓ open down ↓ 48 lines elided ↑ open up ↑
1142 1112          rv = core_rsa_decrypt(key, plain_data, modulus_len, signed_data);
1143 1113          if (rv == CRYPTO_SUCCESS) {
1144 1114                  /* copy out to signature */
1145 1115                  if ((rv = crypto_put_output_data(signed_data,
1146 1116                      signature, modulus_len)) != CRYPTO_SUCCESS)
1147 1117                          return (rv);
1148 1118  
1149 1119                  signature->cd_length = modulus_len;
1150 1120          }
1151 1121  
1152      -/* EXPORT DELETE END */
1153      -
1154 1122          return (rv);
1155 1123  }
1156 1124  
1157 1125  /* ARGSUSED */
1158 1126  static int
1159 1127  rsaprov_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *signature,
1160 1128      crypto_req_handle_t req)
1161 1129  {
1162 1130          int rv;
1163 1131          rsa_ctx_t *ctxp;
↓ open down ↓ 126 lines elided ↑ open up ↑
1290 1258  
1291 1259          return (rv);
1292 1260  }
1293 1261  
1294 1262  static int
1295 1263  rsa_verify_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1296 1264      crypto_data_t *data, crypto_data_t *signature)
1297 1265  {
1298 1266          int rv = CRYPTO_FAILED;
1299 1267  
1300      -/* EXPORT DELETE START */
1301      -
1302 1268          uchar_t *sigptr, *modulus;
1303 1269          ssize_t modulus_len;
1304 1270          uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1305 1271          uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1306 1272  
1307 1273          if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1308 1274              &modulus_len)) != CRYPTO_SUCCESS) {
1309 1275                  return (rv);
1310 1276          }
1311 1277  
↓ open down ↓ 27 lines elided ↑ open up ↑
1339 1305                          return (rv);
1340 1306  
1341 1307                  if (data_len != data->cd_length)
1342 1308                          return (CRYPTO_SIGNATURE_LEN_RANGE);
1343 1309  
1344 1310                  if (compare_data(data, (plain_data + modulus_len
1345 1311                      - data_len)) != 0)
1346 1312                          rv = CRYPTO_SIGNATURE_INVALID;
1347 1313          }
1348 1314  
1349      -/* EXPORT DELETE END */
1350      -
1351 1315          return (rv);
1352 1316  }
1353 1317  
1354 1318  /* ARGSUSED */
1355 1319  static int
1356 1320  rsaprov_verify(crypto_ctx_t *ctx, crypto_data_t *data,
1357 1321      crypto_data_t *signature, crypto_req_handle_t req)
1358 1322  {
1359 1323          int rv;
1360 1324          rsa_ctx_t *ctxp;
↓ open down ↓ 135 lines elided ↑ open up ↑
1496 1460  
1497 1461          return (rv);
1498 1462  }
1499 1463  
1500 1464  static int
1501 1465  rsa_verify_recover_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1502 1466      crypto_data_t *signature, crypto_data_t *data)
1503 1467  {
1504 1468          int rv = CRYPTO_FAILED;
1505 1469  
1506      -/* EXPORT DELETE START */
1507      -
1508 1470          size_t data_len;
1509 1471          uchar_t *sigptr, *modulus;
1510 1472          ssize_t modulus_len;
1511 1473          uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1512 1474          uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1513 1475  
1514 1476          if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1515 1477              &modulus_len)) != CRYPTO_SUCCESS) {
1516 1478                  return (rv);
1517 1479          }
↓ open down ↓ 26 lines elided ↑ open up ↑
1544 1506          if (data->cd_length < data_len) {
1545 1507                  data->cd_length = data_len;
1546 1508                  return (CRYPTO_BUFFER_TOO_SMALL);
1547 1509          }
1548 1510  
1549 1511          if ((rv = crypto_put_output_data(plain_data + modulus_len - data_len,
1550 1512              data, data_len)) != CRYPTO_SUCCESS)
1551 1513                  return (rv);
1552 1514          data->cd_length = data_len;
1553 1515  
1554      -/* EXPORT DELETE END */
1555      -
1556 1516          return (rv);
1557 1517  }
1558 1518  
1559 1519  /* ARGSUSED */
1560 1520  static int
1561 1521  rsa_verify_recover(crypto_ctx_t *ctx, crypto_data_t *signature,
1562 1522      crypto_data_t *data, crypto_req_handle_t req)
1563 1523  {
1564 1524          int rv;
1565 1525          rsa_ctx_t *ctxp;
↓ open down ↓ 29 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX