xref: /onnv-gate/usr/src/common/crypto/dsa/dsa_impl.h (revision 12573:fb4ef506980f)
1*12573SDina.Nimeh@Sun.COM /*
2*12573SDina.Nimeh@Sun.COM  * CDDL HEADER START
3*12573SDina.Nimeh@Sun.COM  *
4*12573SDina.Nimeh@Sun.COM  * The contents of this file are subject to the terms of the
5*12573SDina.Nimeh@Sun.COM  * Common Development and Distribution License (the "License").
6*12573SDina.Nimeh@Sun.COM  * You may not use this file except in compliance with the License.
7*12573SDina.Nimeh@Sun.COM  *
8*12573SDina.Nimeh@Sun.COM  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*12573SDina.Nimeh@Sun.COM  * or http://www.opensolaris.org/os/licensing.
10*12573SDina.Nimeh@Sun.COM  * See the License for the specific language governing permissions
11*12573SDina.Nimeh@Sun.COM  * and limitations under the License.
12*12573SDina.Nimeh@Sun.COM  *
13*12573SDina.Nimeh@Sun.COM  * When distributing Covered Code, include this CDDL HEADER in each
14*12573SDina.Nimeh@Sun.COM  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*12573SDina.Nimeh@Sun.COM  * If applicable, add the following below this CDDL HEADER, with the
16*12573SDina.Nimeh@Sun.COM  * fields enclosed by brackets "[]" replaced with your own identifying
17*12573SDina.Nimeh@Sun.COM  * information: Portions Copyright [yyyy] [name of copyright owner]
18*12573SDina.Nimeh@Sun.COM  *
19*12573SDina.Nimeh@Sun.COM  * CDDL HEADER END
20*12573SDina.Nimeh@Sun.COM  */
21*12573SDina.Nimeh@Sun.COM 
22*12573SDina.Nimeh@Sun.COM /*
23*12573SDina.Nimeh@Sun.COM  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24*12573SDina.Nimeh@Sun.COM  */
25*12573SDina.Nimeh@Sun.COM 
26*12573SDina.Nimeh@Sun.COM #ifndef _DSA_IMPL_H
27*12573SDina.Nimeh@Sun.COM #define	_DSA_IMPL_H
28*12573SDina.Nimeh@Sun.COM 
29*12573SDina.Nimeh@Sun.COM #ifdef __cplusplus
30*12573SDina.Nimeh@Sun.COM extern "C" {
31*12573SDina.Nimeh@Sun.COM #endif
32*12573SDina.Nimeh@Sun.COM 
33*12573SDina.Nimeh@Sun.COM #include <sys/types.h>
34*12573SDina.Nimeh@Sun.COM #include <bignum.h>
35*12573SDina.Nimeh@Sun.COM 
36*12573SDina.Nimeh@Sun.COM /* DSA Signature is always 40 bytes */
37*12573SDina.Nimeh@Sun.COM #define	DSA_SIGNATURE_LENGTH	40
38*12573SDina.Nimeh@Sun.COM #define	MIN_DSA_KEY_LEN		(512 >> 3)
39*12573SDina.Nimeh@Sun.COM #define	MAX_DSA_KEY_LEN		(1024 >> 3)
40*12573SDina.Nimeh@Sun.COM 
41*12573SDina.Nimeh@Sun.COM #define	DSA_SUBPRIME_BITS	160
42*12573SDina.Nimeh@Sun.COM #define	DSA_SUBPRIME_BYTES	(DSA_SUBPRIME_BITS >> 3)
43*12573SDina.Nimeh@Sun.COM 
44*12573SDina.Nimeh@Sun.COM #ifdef _KERNEL
45*12573SDina.Nimeh@Sun.COM 
46*12573SDina.Nimeh@Sun.COM #include <sys/sunddi.h>
47*12573SDina.Nimeh@Sun.COM #include <sys/crypto/common.h>
48*12573SDina.Nimeh@Sun.COM 
49*12573SDina.Nimeh@Sun.COM #define	CK_RV			int
50*12573SDina.Nimeh@Sun.COM 
51*12573SDina.Nimeh@Sun.COM #define	CKR_OK			CRYPTO_SUCCESS
52*12573SDina.Nimeh@Sun.COM #define	CKR_ARGUMENTS_BAD	CRYPTO_ARGUMENTS_BAD
53*12573SDina.Nimeh@Sun.COM #define	CKR_ATTRIBUTE_VALUE_INVALID	CRYPTO_ATTRIBUTE_VALUE_INVALID
54*12573SDina.Nimeh@Sun.COM #define	CKR_DEVICE_ERROR	CRYPTO_DEVICE_ERROR
55*12573SDina.Nimeh@Sun.COM #define	CKR_GENERAL_ERROR	CRYPTO_GENERAL_ERROR
56*12573SDina.Nimeh@Sun.COM #define	CKR_HOST_MEMORY		CRYPTO_HOST_MEMORY
57*12573SDina.Nimeh@Sun.COM #define	CKR_KEY_SIZE_RANGE	CRYPTO_KEY_SIZE_RANGE
58*12573SDina.Nimeh@Sun.COM #define	CKR_SIGNATURE_INVALID	CRYPTO_SIGNATURE_INVALID
59*12573SDina.Nimeh@Sun.COM 
60*12573SDina.Nimeh@Sun.COM int random_get_bytes(uint8_t *ran_out, size_t ran_len);
61*12573SDina.Nimeh@Sun.COM int random_get_pseudo_bytes(uint8_t *ran_out, size_t ran_len);
62*12573SDina.Nimeh@Sun.COM 
63*12573SDina.Nimeh@Sun.COM #else
64*12573SDina.Nimeh@Sun.COM 
65*12573SDina.Nimeh@Sun.COM #include <security/cryptoki.h>
66*12573SDina.Nimeh@Sun.COM #include <security/pkcs11t.h>
67*12573SDina.Nimeh@Sun.COM 
68*12573SDina.Nimeh@Sun.COM #endif	/* _KERNEL */
69*12573SDina.Nimeh@Sun.COM 
70*12573SDina.Nimeh@Sun.COM 
71*12573SDina.Nimeh@Sun.COM /* DSA key using BIGNUM representations */
72*12573SDina.Nimeh@Sun.COM typedef struct {
73*12573SDina.Nimeh@Sun.COM 	int 	size;		/* key size in bits */
74*12573SDina.Nimeh@Sun.COM 	BIGNUM	p;		/* p (<size-bit> prime) */
75*12573SDina.Nimeh@Sun.COM 	BIGNUM	q;		/* q (160-bit prime) */
76*12573SDina.Nimeh@Sun.COM 	BIGNUM	g;		/* g (the base) */
77*12573SDina.Nimeh@Sun.COM 	BIGNUM	x;		/* private key (< q) */
78*12573SDina.Nimeh@Sun.COM 	BIGNUM	y;		/* = g^x mod p */
79*12573SDina.Nimeh@Sun.COM 	BIGNUM	k;		/* k (random number < q) */
80*12573SDina.Nimeh@Sun.COM 	BIGNUM	r;		/* r (signature 1st part) */
81*12573SDina.Nimeh@Sun.COM 	BIGNUM	s;		/* s (signature 2st part) */
82*12573SDina.Nimeh@Sun.COM 	BIGNUM	v;		/* v (verification value - should be = r) */
83*12573SDina.Nimeh@Sun.COM 	BIGNUM	p_rr;		/* 2^(2*(32*p->len)) mod p */
84*12573SDina.Nimeh@Sun.COM 	BIGNUM	q_rr;		/* 2^(2*(32*q->len)) mod q */
85*12573SDina.Nimeh@Sun.COM } DSAkey;
86*12573SDina.Nimeh@Sun.COM 
87*12573SDina.Nimeh@Sun.COM /* DSA key using byte string representations, useful for parameter lists */
88*12573SDina.Nimeh@Sun.COM typedef struct {
89*12573SDina.Nimeh@Sun.COM 	uint32_t prime_bits;	/* size */
90*12573SDina.Nimeh@Sun.COM 	uchar_t	*prime;		/* p */
91*12573SDina.Nimeh@Sun.COM 	uint32_t subprime_bits;	/* = 160 */
92*12573SDina.Nimeh@Sun.COM 	uchar_t	*subprime;	/* q */
93*12573SDina.Nimeh@Sun.COM 	uint32_t base_bytes;
94*12573SDina.Nimeh@Sun.COM 	uchar_t	*base;		/* g */
95*12573SDina.Nimeh@Sun.COM 	uchar_t	*private_x;	/* x */
96*12573SDina.Nimeh@Sun.COM 	uint32_t private_x_bits;
97*12573SDina.Nimeh@Sun.COM 	uchar_t	*public_y;	/* y */
98*12573SDina.Nimeh@Sun.COM 	uint32_t public_y_bits;
99*12573SDina.Nimeh@Sun.COM 	uchar_t	*signature;	/* concat(r, s) */
100*12573SDina.Nimeh@Sun.COM 	int	(*rfunc)(void *, size_t);	/* random function */
101*12573SDina.Nimeh@Sun.COM } DSAbytekey;
102*12573SDina.Nimeh@Sun.COM 
103*12573SDina.Nimeh@Sun.COM 
104*12573SDina.Nimeh@Sun.COM CK_RV dsa_genkey_pair(DSAbytekey *bkey);
105*12573SDina.Nimeh@Sun.COM 
106*12573SDina.Nimeh@Sun.COM CK_RV dsa_sign(DSAbytekey *bkey, uchar_t *msg, uint32_t msglen, uchar_t *sig);
107*12573SDina.Nimeh@Sun.COM 
108*12573SDina.Nimeh@Sun.COM CK_RV dsa_verify(DSAbytekey *bkey, uchar_t *msg, uchar_t *sig);
109*12573SDina.Nimeh@Sun.COM 
110*12573SDina.Nimeh@Sun.COM 
111*12573SDina.Nimeh@Sun.COM /*
112*12573SDina.Nimeh@Sun.COM  * The following definitions and declarations are only used by DSA FIPS POST
113*12573SDina.Nimeh@Sun.COM  */
114*12573SDina.Nimeh@Sun.COM #ifdef _DSA_FIPS_POST
115*12573SDina.Nimeh@Sun.COM 
116*12573SDina.Nimeh@Sun.COM /* DSA FIPS Declarations */
117*12573SDina.Nimeh@Sun.COM #define	FIPS_DSA_PRIME_LENGTH		128 /* 1024-bits */
118*12573SDina.Nimeh@Sun.COM #define	FIPS_DSA_SUBPRIME_LENGTH	20 /*  160-bits */
119*12573SDina.Nimeh@Sun.COM #define	FIPS_DSA_BASE_LENGTH		128 /* 1024-bits */
120*12573SDina.Nimeh@Sun.COM #define	FIPS_DSA_SEED_LENGTH		20 /*  160-bits */
121*12573SDina.Nimeh@Sun.COM #define	FIPS_DSA_DIGEST_LENGTH		20 /*  160-bits */
122*12573SDina.Nimeh@Sun.COM #define	FIPS_DSA_SIGNATURE_LENGTH	40 /*  320-bits */
123*12573SDina.Nimeh@Sun.COM 
124*12573SDina.Nimeh@Sun.COM /* DSA FIPS functions */
125*12573SDina.Nimeh@Sun.COM extern int fips_dsa_post(void);
126*12573SDina.Nimeh@Sun.COM extern int fips_dsa_genkey_pair(DSAbytekey *);
127*12573SDina.Nimeh@Sun.COM extern int fips_dsa_digest_sign(DSAbytekey *, uint8_t *, uint32_t, uint8_t *);
128*12573SDina.Nimeh@Sun.COM extern int fips_dsa_verify(DSAbytekey *, uint8_t *, uint8_t *);
129*12573SDina.Nimeh@Sun.COM 
130*12573SDina.Nimeh@Sun.COM #endif /* _DSA_FIPS_POST */
131*12573SDina.Nimeh@Sun.COM 
132*12573SDina.Nimeh@Sun.COM #ifdef	__cplusplus
133*12573SDina.Nimeh@Sun.COM }
134*12573SDina.Nimeh@Sun.COM #endif
135*12573SDina.Nimeh@Sun.COM 
136*12573SDina.Nimeh@Sun.COM #endif /* _DSA_IMPL_H */
137