1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 #include <stdlib.h>
27 #include <string.h>
28 #include <strings.h>
29 #include <stdio.h>
30 #include <sys/types.h>
31 #include <security/cryptoki.h>
32 #include <sys/sha1.h>
33 #include <sys/sha2.h>
34 #include "softMAC.h"
35 #define	_AES_FIPS_POST
36 #define	_DES_FIPS_POST
37 #include "softCrypt.h"
38 #define	_DSA_FIPS_POST
39 #include <dsa_impl.h>
40 #define	_RSA_FIPS_POST
41 #include <rsa_impl.h>
42 #include <sha1_impl.h>
43 #include <sha2_impl.h>
44 #include <fips_random.h>
45 
46 
47 extern int fips_ecdsa_post(void);
48 
49 
50 /*
51  * FIPS Power-on SelfTest for the supported FIPS ciphers and
52  * components.
53  */
54 CK_RV
soft_fips_post(void)55 soft_fips_post(void)
56 {
57 	CK_RV rv;
58 
59 	/*
60 	 * SHA-1 Power-On SelfTest.
61 	 *
62 	 * 1. SHA-1 POST
63 	 * 2. HMAC SHA-1 POST
64 	 */
65 	rv = fips_sha1_post();
66 	if (rv != CKR_OK)
67 		return (rv);
68 
69 	/*
70 	 * SHA-2 Power-On SelfTest.
71 	 *
72 	 * 1. SHA-256 POST
73 	 * 2. SHA-384 POST
74 	 * 3. SHA-512 POST
75 	 * 4. HMAC SHA-256 POST
76 	 * 5. HMAC SHA-384 POST
77 	 * 6. HMAC SHA-512 POST
78 	 */
79 	rv = fips_sha2_post();
80 
81 	if (rv != CKR_OK)
82 	return (rv);
83 
84 
85 	/*
86 	 * Triple DES Power-On SelfTest.
87 	 *
88 	 * 1. DES3 ECB Encryption/Decryption
89 	 * 2. DES3 CBC Encryption/Decryption
90 	 */
91 	rv = fips_des3_post();
92 
93 	if (rv != CKR_OK)
94 		return (rv);
95 
96 	/* AES Power-On SelfTest for 128-bit key. */
97 	rv = fips_aes_post(FIPS_AES_128_KEY_SIZE);
98 
99 	if (rv != CKR_OK)
100 		return (rv);
101 
102 	/* AES Power-On SelfTest for 192-bit key. */
103 	rv = fips_aes_post(FIPS_AES_192_KEY_SIZE);
104 
105 	if (rv != CKR_OK)
106 		return (rv);
107 
108 	/* AES Power-On SelfTest for 256-bit key. */
109 	rv = fips_aes_post(FIPS_AES_256_KEY_SIZE);
110 
111 	if (rv != CKR_OK)
112 		return (rv);
113 
114 	/*
115 	 * ECDSA Power-Up SelfTest
116 	 *
117 	 * 1. ECC Signature
118 	 * 2. ECC Verification
119 	 */
120 	rv = fips_ecdsa_post();
121 
122 	if (rv != CKR_OK)
123 		return (rv);
124 
125 	/*
126 	 * RSA Power-On SelfTest
127 	 *
128 	 * 1. RSA Encryption
129 	 * 2. RSA Decryption
130 	 * 3. RSA SHA-1 Sign/Verify
131 	 * 4. RSA SHA-256 Sign/Verify
132 	 * 5. RSA SHA-384 Sign/Verify
133 	 * 6. RSA SHA-512 Sign/Verify
134 	 *
135 	 */
136 	rv = fips_rsa_post();
137 
138 	if (rv != CKR_OK)
139 		return (rv);
140 
141 	/*
142 	 * DSA Power-On SelfTest
143 	 *
144 	 * 1. DSA Sign on SHA-1 digest
145 	 * 2. DSA Verification
146 	 */
147 	rv = fips_dsa_post();
148 
149 	if (rv != CKR_OK)
150 		return (rv);
151 
152 	/* RNG Power-On SelfTest. */
153 	rv = fips_rng_post();
154 
155 	if (rv != CKR_OK)
156 		return (rv);
157 
158 	/* Passed Power-On SelfTest. */
159 	return (CKR_OK);
160 }
161