1*12573SDina.Nimeh@Sun.COM /* 2*12573SDina.Nimeh@Sun.COM * CDDL HEADER START 3*12573SDina.Nimeh@Sun.COM * 4*12573SDina.Nimeh@Sun.COM * The contents of this file are subject to the terms of the 5*12573SDina.Nimeh@Sun.COM * Common Development and Distribution License (the "License"). 6*12573SDina.Nimeh@Sun.COM * You may not use this file except in compliance with the License. 7*12573SDina.Nimeh@Sun.COM * 8*12573SDina.Nimeh@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*12573SDina.Nimeh@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*12573SDina.Nimeh@Sun.COM * See the License for the specific language governing permissions 11*12573SDina.Nimeh@Sun.COM * and limitations under the License. 12*12573SDina.Nimeh@Sun.COM * 13*12573SDina.Nimeh@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*12573SDina.Nimeh@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*12573SDina.Nimeh@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*12573SDina.Nimeh@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*12573SDina.Nimeh@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*12573SDina.Nimeh@Sun.COM * 19*12573SDina.Nimeh@Sun.COM * CDDL HEADER END 20*12573SDina.Nimeh@Sun.COM */ 21*12573SDina.Nimeh@Sun.COM 22*12573SDina.Nimeh@Sun.COM /* 23*12573SDina.Nimeh@Sun.COM * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24*12573SDina.Nimeh@Sun.COM */ 25*12573SDina.Nimeh@Sun.COM 26*12573SDina.Nimeh@Sun.COM #ifndef _DSA_IMPL_H 27*12573SDina.Nimeh@Sun.COM #define _DSA_IMPL_H 28*12573SDina.Nimeh@Sun.COM 29*12573SDina.Nimeh@Sun.COM #ifdef __cplusplus 30*12573SDina.Nimeh@Sun.COM extern "C" { 31*12573SDina.Nimeh@Sun.COM #endif 32*12573SDina.Nimeh@Sun.COM 33*12573SDina.Nimeh@Sun.COM #include <sys/types.h> 34*12573SDina.Nimeh@Sun.COM #include <bignum.h> 35*12573SDina.Nimeh@Sun.COM 36*12573SDina.Nimeh@Sun.COM /* DSA Signature is always 40 bytes */ 37*12573SDina.Nimeh@Sun.COM #define DSA_SIGNATURE_LENGTH 40 38*12573SDina.Nimeh@Sun.COM #define MIN_DSA_KEY_LEN (512 >> 3) 39*12573SDina.Nimeh@Sun.COM #define MAX_DSA_KEY_LEN (1024 >> 3) 40*12573SDina.Nimeh@Sun.COM 41*12573SDina.Nimeh@Sun.COM #define DSA_SUBPRIME_BITS 160 42*12573SDina.Nimeh@Sun.COM #define DSA_SUBPRIME_BYTES (DSA_SUBPRIME_BITS >> 3) 43*12573SDina.Nimeh@Sun.COM 44*12573SDina.Nimeh@Sun.COM #ifdef _KERNEL 45*12573SDina.Nimeh@Sun.COM 46*12573SDina.Nimeh@Sun.COM #include <sys/sunddi.h> 47*12573SDina.Nimeh@Sun.COM #include <sys/crypto/common.h> 48*12573SDina.Nimeh@Sun.COM 49*12573SDina.Nimeh@Sun.COM #define CK_RV int 50*12573SDina.Nimeh@Sun.COM 51*12573SDina.Nimeh@Sun.COM #define CKR_OK CRYPTO_SUCCESS 52*12573SDina.Nimeh@Sun.COM #define CKR_ARGUMENTS_BAD CRYPTO_ARGUMENTS_BAD 53*12573SDina.Nimeh@Sun.COM #define CKR_ATTRIBUTE_VALUE_INVALID CRYPTO_ATTRIBUTE_VALUE_INVALID 54*12573SDina.Nimeh@Sun.COM #define CKR_DEVICE_ERROR CRYPTO_DEVICE_ERROR 55*12573SDina.Nimeh@Sun.COM #define CKR_GENERAL_ERROR CRYPTO_GENERAL_ERROR 56*12573SDina.Nimeh@Sun.COM #define CKR_HOST_MEMORY CRYPTO_HOST_MEMORY 57*12573SDina.Nimeh@Sun.COM #define CKR_KEY_SIZE_RANGE CRYPTO_KEY_SIZE_RANGE 58*12573SDina.Nimeh@Sun.COM #define CKR_SIGNATURE_INVALID CRYPTO_SIGNATURE_INVALID 59*12573SDina.Nimeh@Sun.COM 60*12573SDina.Nimeh@Sun.COM int random_get_bytes(uint8_t *ran_out, size_t ran_len); 61*12573SDina.Nimeh@Sun.COM int random_get_pseudo_bytes(uint8_t *ran_out, size_t ran_len); 62*12573SDina.Nimeh@Sun.COM 63*12573SDina.Nimeh@Sun.COM #else 64*12573SDina.Nimeh@Sun.COM 65*12573SDina.Nimeh@Sun.COM #include <security/cryptoki.h> 66*12573SDina.Nimeh@Sun.COM #include <security/pkcs11t.h> 67*12573SDina.Nimeh@Sun.COM 68*12573SDina.Nimeh@Sun.COM #endif /* _KERNEL */ 69*12573SDina.Nimeh@Sun.COM 70*12573SDina.Nimeh@Sun.COM 71*12573SDina.Nimeh@Sun.COM /* DSA key using BIGNUM representations */ 72*12573SDina.Nimeh@Sun.COM typedef struct { 73*12573SDina.Nimeh@Sun.COM int size; /* key size in bits */ 74*12573SDina.Nimeh@Sun.COM BIGNUM p; /* p (<size-bit> prime) */ 75*12573SDina.Nimeh@Sun.COM BIGNUM q; /* q (160-bit prime) */ 76*12573SDina.Nimeh@Sun.COM BIGNUM g; /* g (the base) */ 77*12573SDina.Nimeh@Sun.COM BIGNUM x; /* private key (< q) */ 78*12573SDina.Nimeh@Sun.COM BIGNUM y; /* = g^x mod p */ 79*12573SDina.Nimeh@Sun.COM BIGNUM k; /* k (random number < q) */ 80*12573SDina.Nimeh@Sun.COM BIGNUM r; /* r (signature 1st part) */ 81*12573SDina.Nimeh@Sun.COM BIGNUM s; /* s (signature 2st part) */ 82*12573SDina.Nimeh@Sun.COM BIGNUM v; /* v (verification value - should be = r) */ 83*12573SDina.Nimeh@Sun.COM BIGNUM p_rr; /* 2^(2*(32*p->len)) mod p */ 84*12573SDina.Nimeh@Sun.COM BIGNUM q_rr; /* 2^(2*(32*q->len)) mod q */ 85*12573SDina.Nimeh@Sun.COM } DSAkey; 86*12573SDina.Nimeh@Sun.COM 87*12573SDina.Nimeh@Sun.COM /* DSA key using byte string representations, useful for parameter lists */ 88*12573SDina.Nimeh@Sun.COM typedef struct { 89*12573SDina.Nimeh@Sun.COM uint32_t prime_bits; /* size */ 90*12573SDina.Nimeh@Sun.COM uchar_t *prime; /* p */ 91*12573SDina.Nimeh@Sun.COM uint32_t subprime_bits; /* = 160 */ 92*12573SDina.Nimeh@Sun.COM uchar_t *subprime; /* q */ 93*12573SDina.Nimeh@Sun.COM uint32_t base_bytes; 94*12573SDina.Nimeh@Sun.COM uchar_t *base; /* g */ 95*12573SDina.Nimeh@Sun.COM uchar_t *private_x; /* x */ 96*12573SDina.Nimeh@Sun.COM uint32_t private_x_bits; 97*12573SDina.Nimeh@Sun.COM uchar_t *public_y; /* y */ 98*12573SDina.Nimeh@Sun.COM uint32_t public_y_bits; 99*12573SDina.Nimeh@Sun.COM uchar_t *signature; /* concat(r, s) */ 100*12573SDina.Nimeh@Sun.COM int (*rfunc)(void *, size_t); /* random function */ 101*12573SDina.Nimeh@Sun.COM } DSAbytekey; 102*12573SDina.Nimeh@Sun.COM 103*12573SDina.Nimeh@Sun.COM 104*12573SDina.Nimeh@Sun.COM CK_RV dsa_genkey_pair(DSAbytekey *bkey); 105*12573SDina.Nimeh@Sun.COM 106*12573SDina.Nimeh@Sun.COM CK_RV dsa_sign(DSAbytekey *bkey, uchar_t *msg, uint32_t msglen, uchar_t *sig); 107*12573SDina.Nimeh@Sun.COM 108*12573SDina.Nimeh@Sun.COM CK_RV dsa_verify(DSAbytekey *bkey, uchar_t *msg, uchar_t *sig); 109*12573SDina.Nimeh@Sun.COM 110*12573SDina.Nimeh@Sun.COM 111*12573SDina.Nimeh@Sun.COM /* 112*12573SDina.Nimeh@Sun.COM * The following definitions and declarations are only used by DSA FIPS POST 113*12573SDina.Nimeh@Sun.COM */ 114*12573SDina.Nimeh@Sun.COM #ifdef _DSA_FIPS_POST 115*12573SDina.Nimeh@Sun.COM 116*12573SDina.Nimeh@Sun.COM /* DSA FIPS Declarations */ 117*12573SDina.Nimeh@Sun.COM #define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ 118*12573SDina.Nimeh@Sun.COM #define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ 119*12573SDina.Nimeh@Sun.COM #define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ 120*12573SDina.Nimeh@Sun.COM #define FIPS_DSA_SEED_LENGTH 20 /* 160-bits */ 121*12573SDina.Nimeh@Sun.COM #define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ 122*12573SDina.Nimeh@Sun.COM #define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ 123*12573SDina.Nimeh@Sun.COM 124*12573SDina.Nimeh@Sun.COM /* DSA FIPS functions */ 125*12573SDina.Nimeh@Sun.COM extern int fips_dsa_post(void); 126*12573SDina.Nimeh@Sun.COM extern int fips_dsa_genkey_pair(DSAbytekey *); 127*12573SDina.Nimeh@Sun.COM extern int fips_dsa_digest_sign(DSAbytekey *, uint8_t *, uint32_t, uint8_t *); 128*12573SDina.Nimeh@Sun.COM extern int fips_dsa_verify(DSAbytekey *, uint8_t *, uint8_t *); 129*12573SDina.Nimeh@Sun.COM 130*12573SDina.Nimeh@Sun.COM #endif /* _DSA_FIPS_POST */ 131*12573SDina.Nimeh@Sun.COM 132*12573SDina.Nimeh@Sun.COM #ifdef __cplusplus 133*12573SDina.Nimeh@Sun.COM } 134*12573SDina.Nimeh@Sun.COM #endif 135*12573SDina.Nimeh@Sun.COM 136*12573SDina.Nimeh@Sun.COM #endif /* _DSA_IMPL_H */ 137