110500SHai-May.Chao@Sun.COM /* 210500SHai-May.Chao@Sun.COM * CDDL HEADER START 310500SHai-May.Chao@Sun.COM * 410500SHai-May.Chao@Sun.COM * The contents of this file are subject to the terms of the 510500SHai-May.Chao@Sun.COM * Common Development and Distribution License (the "License"). 610500SHai-May.Chao@Sun.COM * You may not use this file except in compliance with the License. 710500SHai-May.Chao@Sun.COM * 810500SHai-May.Chao@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 910500SHai-May.Chao@Sun.COM * or http://www.opensolaris.org/os/licensing. 1010500SHai-May.Chao@Sun.COM * See the License for the specific language governing permissions 1110500SHai-May.Chao@Sun.COM * and limitations under the License. 1210500SHai-May.Chao@Sun.COM * 1310500SHai-May.Chao@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 1410500SHai-May.Chao@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1510500SHai-May.Chao@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 1610500SHai-May.Chao@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 1710500SHai-May.Chao@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 1810500SHai-May.Chao@Sun.COM * 1910500SHai-May.Chao@Sun.COM * CDDL HEADER END 2010500SHai-May.Chao@Sun.COM */ 21*12573SDina.Nimeh@Sun.COM 2210500SHai-May.Chao@Sun.COM /* 23*12573SDina.Nimeh@Sun.COM * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 2410500SHai-May.Chao@Sun.COM */ 2510500SHai-May.Chao@Sun.COM 2610500SHai-May.Chao@Sun.COM #include <stdlib.h> 2710500SHai-May.Chao@Sun.COM #include <string.h> 2810500SHai-May.Chao@Sun.COM #include <strings.h> 2910500SHai-May.Chao@Sun.COM #include <stdio.h> 3010500SHai-May.Chao@Sun.COM #include <sys/types.h> 3110500SHai-May.Chao@Sun.COM #include <security/cryptoki.h> 3210500SHai-May.Chao@Sun.COM #include <sys/sha1.h> 3310500SHai-May.Chao@Sun.COM #include <sys/sha2.h> 3410500SHai-May.Chao@Sun.COM #include "softMAC.h" 3510500SHai-May.Chao@Sun.COM #define _AES_FIPS_POST 3610500SHai-May.Chao@Sun.COM #define _DES_FIPS_POST 3710500SHai-May.Chao@Sun.COM #include "softCrypt.h" 38*12573SDina.Nimeh@Sun.COM #define _DSA_FIPS_POST 39*12573SDina.Nimeh@Sun.COM #include <dsa_impl.h> 4010500SHai-May.Chao@Sun.COM #define _RSA_FIPS_POST 4110500SHai-May.Chao@Sun.COM #include <rsa_impl.h> 4210500SHai-May.Chao@Sun.COM #include <sha1_impl.h> 4310500SHai-May.Chao@Sun.COM #include <sha2_impl.h> 4410500SHai-May.Chao@Sun.COM #include <fips_random.h> 4510500SHai-May.Chao@Sun.COM 4610500SHai-May.Chao@Sun.COM 4710500SHai-May.Chao@Sun.COM extern int fips_ecdsa_post(void); 4810500SHai-May.Chao@Sun.COM 4910500SHai-May.Chao@Sun.COM 5010500SHai-May.Chao@Sun.COM /* 5110500SHai-May.Chao@Sun.COM * FIPS Power-on SelfTest for the supported FIPS ciphers and 5210500SHai-May.Chao@Sun.COM * components. 5310500SHai-May.Chao@Sun.COM */ 5410500SHai-May.Chao@Sun.COM CK_RV soft_fips_post(void)5510500SHai-May.Chao@Sun.COMsoft_fips_post(void) 5610500SHai-May.Chao@Sun.COM { 5710500SHai-May.Chao@Sun.COM CK_RV rv; 5810500SHai-May.Chao@Sun.COM 5910500SHai-May.Chao@Sun.COM /* 6010500SHai-May.Chao@Sun.COM * SHA-1 Power-On SelfTest. 6110500SHai-May.Chao@Sun.COM * 6210500SHai-May.Chao@Sun.COM * 1. SHA-1 POST 6310500SHai-May.Chao@Sun.COM * 2. HMAC SHA-1 POST 6410500SHai-May.Chao@Sun.COM */ 6510500SHai-May.Chao@Sun.COM rv = fips_sha1_post(); 6610500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 6710500SHai-May.Chao@Sun.COM return (rv); 6810500SHai-May.Chao@Sun.COM 6910500SHai-May.Chao@Sun.COM /* 7010500SHai-May.Chao@Sun.COM * SHA-2 Power-On SelfTest. 7110500SHai-May.Chao@Sun.COM * 7210500SHai-May.Chao@Sun.COM * 1. SHA-256 POST 7310500SHai-May.Chao@Sun.COM * 2. SHA-384 POST 7410500SHai-May.Chao@Sun.COM * 3. SHA-512 POST 7510500SHai-May.Chao@Sun.COM * 4. HMAC SHA-256 POST 7610500SHai-May.Chao@Sun.COM * 5. HMAC SHA-384 POST 7710500SHai-May.Chao@Sun.COM * 6. HMAC SHA-512 POST 7810500SHai-May.Chao@Sun.COM */ 7910500SHai-May.Chao@Sun.COM rv = fips_sha2_post(); 8010500SHai-May.Chao@Sun.COM 8110500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 8210500SHai-May.Chao@Sun.COM return (rv); 8310500SHai-May.Chao@Sun.COM 8410500SHai-May.Chao@Sun.COM 8510500SHai-May.Chao@Sun.COM /* 8610500SHai-May.Chao@Sun.COM * Triple DES Power-On SelfTest. 8710500SHai-May.Chao@Sun.COM * 8810500SHai-May.Chao@Sun.COM * 1. DES3 ECB Encryption/Decryption 8910500SHai-May.Chao@Sun.COM * 2. DES3 CBC Encryption/Decryption 9010500SHai-May.Chao@Sun.COM */ 9110500SHai-May.Chao@Sun.COM rv = fips_des3_post(); 9210500SHai-May.Chao@Sun.COM 9310500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 9410500SHai-May.Chao@Sun.COM return (rv); 9510500SHai-May.Chao@Sun.COM 9610500SHai-May.Chao@Sun.COM /* AES Power-On SelfTest for 128-bit key. */ 9710500SHai-May.Chao@Sun.COM rv = fips_aes_post(FIPS_AES_128_KEY_SIZE); 9810500SHai-May.Chao@Sun.COM 9910500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 10010500SHai-May.Chao@Sun.COM return (rv); 10110500SHai-May.Chao@Sun.COM 10210500SHai-May.Chao@Sun.COM /* AES Power-On SelfTest for 192-bit key. */ 10310500SHai-May.Chao@Sun.COM rv = fips_aes_post(FIPS_AES_192_KEY_SIZE); 10410500SHai-May.Chao@Sun.COM 10510500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 10610500SHai-May.Chao@Sun.COM return (rv); 10710500SHai-May.Chao@Sun.COM 10810500SHai-May.Chao@Sun.COM /* AES Power-On SelfTest for 256-bit key. */ 10910500SHai-May.Chao@Sun.COM rv = fips_aes_post(FIPS_AES_256_KEY_SIZE); 11010500SHai-May.Chao@Sun.COM 11110500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 11210500SHai-May.Chao@Sun.COM return (rv); 11310500SHai-May.Chao@Sun.COM 11410500SHai-May.Chao@Sun.COM /* 11510500SHai-May.Chao@Sun.COM * ECDSA Power-Up SelfTest 11610500SHai-May.Chao@Sun.COM * 11710500SHai-May.Chao@Sun.COM * 1. ECC Signature 11810500SHai-May.Chao@Sun.COM * 2. ECC Verification 11910500SHai-May.Chao@Sun.COM */ 12010500SHai-May.Chao@Sun.COM rv = fips_ecdsa_post(); 12110500SHai-May.Chao@Sun.COM 12210500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 12310500SHai-May.Chao@Sun.COM return (rv); 12410500SHai-May.Chao@Sun.COM 12510500SHai-May.Chao@Sun.COM /* 12610500SHai-May.Chao@Sun.COM * RSA Power-On SelfTest 12710500SHai-May.Chao@Sun.COM * 12810500SHai-May.Chao@Sun.COM * 1. RSA Encryption 12910500SHai-May.Chao@Sun.COM * 2. RSA Decryption 13010500SHai-May.Chao@Sun.COM * 3. RSA SHA-1 Sign/Verify 13110500SHai-May.Chao@Sun.COM * 4. RSA SHA-256 Sign/Verify 13210500SHai-May.Chao@Sun.COM * 5. RSA SHA-384 Sign/Verify 13310500SHai-May.Chao@Sun.COM * 6. RSA SHA-512 Sign/Verify 13410500SHai-May.Chao@Sun.COM * 13510500SHai-May.Chao@Sun.COM */ 13610500SHai-May.Chao@Sun.COM rv = fips_rsa_post(); 13710500SHai-May.Chao@Sun.COM 13810500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 13910500SHai-May.Chao@Sun.COM return (rv); 14010500SHai-May.Chao@Sun.COM 14110500SHai-May.Chao@Sun.COM /* 14210500SHai-May.Chao@Sun.COM * DSA Power-On SelfTest 14310500SHai-May.Chao@Sun.COM * 14410500SHai-May.Chao@Sun.COM * 1. DSA Sign on SHA-1 digest 14510500SHai-May.Chao@Sun.COM * 2. DSA Verification 14610500SHai-May.Chao@Sun.COM */ 147*12573SDina.Nimeh@Sun.COM rv = fips_dsa_post(); 14810500SHai-May.Chao@Sun.COM 14910500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 15010500SHai-May.Chao@Sun.COM return (rv); 15110500SHai-May.Chao@Sun.COM 15210500SHai-May.Chao@Sun.COM /* RNG Power-On SelfTest. */ 15310500SHai-May.Chao@Sun.COM rv = fips_rng_post(); 15410500SHai-May.Chao@Sun.COM 15510500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 15610500SHai-May.Chao@Sun.COM return (rv); 15710500SHai-May.Chao@Sun.COM 15810500SHai-May.Chao@Sun.COM /* Passed Power-On SelfTest. */ 15910500SHai-May.Chao@Sun.COM return (CKR_OK); 16010500SHai-May.Chao@Sun.COM } 161