1*10500SHai-May.Chao@Sun.COM /* 2*10500SHai-May.Chao@Sun.COM * CDDL HEADER START 3*10500SHai-May.Chao@Sun.COM * 4*10500SHai-May.Chao@Sun.COM * The contents of this file are subject to the terms of the 5*10500SHai-May.Chao@Sun.COM * Common Development and Distribution License (the "License"). 6*10500SHai-May.Chao@Sun.COM * You may not use this file except in compliance with the License. 7*10500SHai-May.Chao@Sun.COM * 8*10500SHai-May.Chao@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*10500SHai-May.Chao@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*10500SHai-May.Chao@Sun.COM * See the License for the specific language governing permissions 11*10500SHai-May.Chao@Sun.COM * and limitations under the License. 12*10500SHai-May.Chao@Sun.COM * 13*10500SHai-May.Chao@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*10500SHai-May.Chao@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*10500SHai-May.Chao@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*10500SHai-May.Chao@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*10500SHai-May.Chao@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*10500SHai-May.Chao@Sun.COM * 19*10500SHai-May.Chao@Sun.COM * CDDL HEADER END 20*10500SHai-May.Chao@Sun.COM */ 21*10500SHai-May.Chao@Sun.COM /* 22*10500SHai-May.Chao@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23*10500SHai-May.Chao@Sun.COM * Use is subject to license terms. 24*10500SHai-May.Chao@Sun.COM */ 25*10500SHai-May.Chao@Sun.COM 26*10500SHai-May.Chao@Sun.COM #include <sys/types.h> 27*10500SHai-May.Chao@Sun.COM #include <sys/param.h> 28*10500SHai-May.Chao@Sun.COM #include <sys/errno.h> 29*10500SHai-May.Chao@Sun.COM #include <sys/kmem.h> 30*10500SHai-May.Chao@Sun.COM #include <sys/systm.h> 31*10500SHai-May.Chao@Sun.COM #include <sys/sysmacros.h> 32*10500SHai-May.Chao@Sun.COM #include <sys/sha1.h> 33*10500SHai-May.Chao@Sun.COM #define _SHA2_IMPL 34*10500SHai-May.Chao@Sun.COM #include <sys/sha2.h> 35*10500SHai-May.Chao@Sun.COM #include <sys/crypto/common.h> 36*10500SHai-May.Chao@Sun.COM #define _RSA_FIPS_POST 37*10500SHai-May.Chao@Sun.COM #include <rsa/rsa_impl.h> 38*10500SHai-May.Chao@Sun.COM #ifndef _KERNEL 39*10500SHai-May.Chao@Sun.COM #include <stdlib.h> 40*10500SHai-May.Chao@Sun.COM #include <string.h> 41*10500SHai-May.Chao@Sun.COM #include <strings.h> 42*10500SHai-May.Chao@Sun.COM #include <stdio.h> 43*10500SHai-May.Chao@Sun.COM #include <security/cryptoki.h> 44*10500SHai-May.Chao@Sun.COM #include <cryptoutil.h> 45*10500SHai-May.Chao@Sun.COM #include "softMAC.h" 46*10500SHai-May.Chao@Sun.COM #endif 47*10500SHai-May.Chao@Sun.COM #include <sha2/sha2_impl.h> 48*10500SHai-May.Chao@Sun.COM 49*10500SHai-May.Chao@Sun.COM int 50*10500SHai-May.Chao@Sun.COM fips_rsa_encrypt(uint8_t *modulus, int modulus_len, 51*10500SHai-May.Chao@Sun.COM uint8_t *expo, int expo_len, 52*10500SHai-May.Chao@Sun.COM uint8_t *in, int in_len, uint8_t *out) 53*10500SHai-May.Chao@Sun.COM { 54*10500SHai-May.Chao@Sun.COM 55*10500SHai-May.Chao@Sun.COM RSAkey *rsakey; 56*10500SHai-May.Chao@Sun.COM BIGNUM msg; 57*10500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 58*10500SHai-May.Chao@Sun.COM 59*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 60*10500SHai-May.Chao@Sun.COM if ((rsakey = kmem_zalloc(sizeof (RSAkey), KM_SLEEP)) == NULL) { 61*10500SHai-May.Chao@Sun.COM #else 62*10500SHai-May.Chao@Sun.COM if ((rsakey = calloc(1, sizeof (RSAkey))) == NULL) { 63*10500SHai-May.Chao@Sun.COM #endif 64*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 65*10500SHai-May.Chao@Sun.COM goto clean1; 66*10500SHai-May.Chao@Sun.COM } 67*10500SHai-May.Chao@Sun.COM 68*10500SHai-May.Chao@Sun.COM if (RSA_key_init(rsakey, modulus_len * 4, modulus_len * 4) != BIG_OK) { 69*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 70*10500SHai-May.Chao@Sun.COM goto clean2; 71*10500SHai-May.Chao@Sun.COM } 72*10500SHai-May.Chao@Sun.COM 73*10500SHai-May.Chao@Sun.COM /* Size for big_init is in (32-bit) words. */ 74*10500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { 75*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 76*10500SHai-May.Chao@Sun.COM goto clean3; 77*10500SHai-May.Chao@Sun.COM } 78*10500SHai-May.Chao@Sun.COM 79*10500SHai-May.Chao@Sun.COM /* Convert octet string exponent to big integer format. */ 80*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->e), expo, expo_len); 81*10500SHai-May.Chao@Sun.COM 82*10500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 83*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->n), modulus, modulus_len); 84*10500SHai-May.Chao@Sun.COM 85*10500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 86*10500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, in_len); 87*10500SHai-May.Chao@Sun.COM 88*10500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey->n)) > 0) { 89*10500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 90*10500SHai-May.Chao@Sun.COM goto clean4; 91*10500SHai-May.Chao@Sun.COM } 92*10500SHai-May.Chao@Sun.COM 93*10500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 94*10500SHai-May.Chao@Sun.COM if (big_modexp(&msg, &msg, &(rsakey->e), &(rsakey->n), NULL) != 95*10500SHai-May.Chao@Sun.COM BIG_OK) { 96*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 97*10500SHai-May.Chao@Sun.COM goto clean4; 98*10500SHai-May.Chao@Sun.COM } 99*10500SHai-May.Chao@Sun.COM 100*10500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 101*10500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, modulus_len); 102*10500SHai-May.Chao@Sun.COM 103*10500SHai-May.Chao@Sun.COM clean4: 104*10500SHai-May.Chao@Sun.COM big_finish(&msg); 105*10500SHai-May.Chao@Sun.COM clean3: 106*10500SHai-May.Chao@Sun.COM RSA_key_finish(rsakey); 107*10500SHai-May.Chao@Sun.COM clean2: 108*10500SHai-May.Chao@Sun.COM #ifndef _KERNEL 109*10500SHai-May.Chao@Sun.COM free(rsakey); 110*10500SHai-May.Chao@Sun.COM #else 111*10500SHai-May.Chao@Sun.COM kmem_free(rsakey, sizeof (RSAkey)); 112*10500SHai-May.Chao@Sun.COM #endif 113*10500SHai-May.Chao@Sun.COM clean1: 114*10500SHai-May.Chao@Sun.COM 115*10500SHai-May.Chao@Sun.COM return (rv); 116*10500SHai-May.Chao@Sun.COM } 117*10500SHai-May.Chao@Sun.COM 118*10500SHai-May.Chao@Sun.COM int 119*10500SHai-May.Chao@Sun.COM fips_rsa_decrypt(RSAPrivateKey_t *key, uint8_t *in, int in_len, 120*10500SHai-May.Chao@Sun.COM uint8_t *out) 121*10500SHai-May.Chao@Sun.COM { 122*10500SHai-May.Chao@Sun.COM 123*10500SHai-May.Chao@Sun.COM RSAkey *rsakey; 124*10500SHai-May.Chao@Sun.COM BIGNUM msg; 125*10500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 126*10500SHai-May.Chao@Sun.COM 127*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 128*10500SHai-May.Chao@Sun.COM if ((rsakey = kmem_zalloc(sizeof (RSAkey), KM_SLEEP)) == NULL) { 129*10500SHai-May.Chao@Sun.COM #else 130*10500SHai-May.Chao@Sun.COM if ((rsakey = calloc(1, sizeof (RSAkey))) == NULL) { 131*10500SHai-May.Chao@Sun.COM #endif 132*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 133*10500SHai-May.Chao@Sun.COM goto clean1; 134*10500SHai-May.Chao@Sun.COM } 135*10500SHai-May.Chao@Sun.COM 136*10500SHai-May.Chao@Sun.COM /* psize and qsize for RSA_key_init is in bits. */ 137*10500SHai-May.Chao@Sun.COM if (RSA_key_init(rsakey, key->prime2_len * 8, key->prime1_len * 8) 138*10500SHai-May.Chao@Sun.COM != BIG_OK) { 139*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 140*10500SHai-May.Chao@Sun.COM goto clean2; 141*10500SHai-May.Chao@Sun.COM } 142*10500SHai-May.Chao@Sun.COM 143*10500SHai-May.Chao@Sun.COM /* Size for big_init is in (32-bit) words. */ 144*10500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { 145*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 146*10500SHai-May.Chao@Sun.COM goto clean3; 147*10500SHai-May.Chao@Sun.COM } 148*10500SHai-May.Chao@Sun.COM 149*10500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 150*10500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, in_len); 151*10500SHai-May.Chao@Sun.COM 152*10500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 153*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->n), key->modulus, key->modulus_len); 154*10500SHai-May.Chao@Sun.COM 155*10500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey->n)) > 0) { 156*10500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 157*10500SHai-May.Chao@Sun.COM goto clean4; 158*10500SHai-May.Chao@Sun.COM } 159*10500SHai-May.Chao@Sun.COM 160*10500SHai-May.Chao@Sun.COM /* Convert the rest of private key attributes to big integer format. */ 161*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->dmodpminus1), key->exponent2, 162*10500SHai-May.Chao@Sun.COM key->exponent2_len); 163*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->dmodqminus1), key->exponent1, 164*10500SHai-May.Chao@Sun.COM key->exponent1_len); 165*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->p), key->prime2, key->prime2_len); 166*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->q), key->prime1, key->prime1_len); 167*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->pinvmodq), key->coef, key->coef_len); 168*10500SHai-May.Chao@Sun.COM 169*10500SHai-May.Chao@Sun.COM if ((big_cmp_abs(&(rsakey->dmodpminus1), &(rsakey->p)) > 0) || 170*10500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey->dmodqminus1), &(rsakey->q)) > 0) || 171*10500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey->pinvmodq), &(rsakey->q)) > 0)) { 172*10500SHai-May.Chao@Sun.COM #ifndef _KERNEL 173*10500SHai-May.Chao@Sun.COM rv = CKR_KEY_SIZE_RANGE; 174*10500SHai-May.Chao@Sun.COM #else 175*10500SHai-May.Chao@Sun.COM rv = CRYPTO_KEY_SIZE_RANGE; 176*10500SHai-May.Chao@Sun.COM #endif 177*10500SHai-May.Chao@Sun.COM goto clean4; 178*10500SHai-May.Chao@Sun.COM } 179*10500SHai-May.Chao@Sun.COM 180*10500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 181*10500SHai-May.Chao@Sun.COM if (big_modexp_crt(&msg, &msg, &(rsakey->dmodpminus1), 182*10500SHai-May.Chao@Sun.COM &(rsakey->dmodqminus1), &(rsakey->p), &(rsakey->q), 183*10500SHai-May.Chao@Sun.COM &(rsakey->pinvmodq), NULL, NULL) != BIG_OK) { 184*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 185*10500SHai-May.Chao@Sun.COM goto clean4; 186*10500SHai-May.Chao@Sun.COM } 187*10500SHai-May.Chao@Sun.COM 188*10500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 189*10500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, key->modulus_len); 190*10500SHai-May.Chao@Sun.COM 191*10500SHai-May.Chao@Sun.COM clean4: 192*10500SHai-May.Chao@Sun.COM big_finish(&msg); 193*10500SHai-May.Chao@Sun.COM clean3: 194*10500SHai-May.Chao@Sun.COM RSA_key_finish(rsakey); 195*10500SHai-May.Chao@Sun.COM clean2: 196*10500SHai-May.Chao@Sun.COM #ifndef _KERNEL 197*10500SHai-May.Chao@Sun.COM free(rsakey); 198*10500SHai-May.Chao@Sun.COM #else 199*10500SHai-May.Chao@Sun.COM kmem_free(rsakey, sizeof (RSAkey)); 200*10500SHai-May.Chao@Sun.COM #endif 201*10500SHai-May.Chao@Sun.COM clean1: 202*10500SHai-May.Chao@Sun.COM 203*10500SHai-May.Chao@Sun.COM return (rv); 204*10500SHai-May.Chao@Sun.COM 205*10500SHai-May.Chao@Sun.COM } 206*10500SHai-May.Chao@Sun.COM 207*10500SHai-May.Chao@Sun.COM int 208*10500SHai-May.Chao@Sun.COM fips_rsa_sign(RSAPrivateKey_t *rsa_params, uint8_t *in, 209*10500SHai-May.Chao@Sun.COM uint32_t inlen, uint8_t *out) 210*10500SHai-May.Chao@Sun.COM { 211*10500SHai-May.Chao@Sun.COM BIGNUM msg; 212*10500SHai-May.Chao@Sun.COM RSAkey rsakey; 213*10500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 214*10500SHai-May.Chao@Sun.COM 215*10500SHai-May.Chao@Sun.COM /* psize and qsize for RSA_key_init is in bits. */ 216*10500SHai-May.Chao@Sun.COM if (RSA_key_init(&rsakey, rsa_params->prime2_len * 8, 217*10500SHai-May.Chao@Sun.COM rsa_params->prime1_len * 8) != BIG_OK) { 218*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 219*10500SHai-May.Chao@Sun.COM goto clean1; 220*10500SHai-May.Chao@Sun.COM } 221*10500SHai-May.Chao@Sun.COM 222*10500SHai-May.Chao@Sun.COM /* Size for big_init is in BIG_CHUNK_TYPE words. */ 223*10500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(inlen)) != BIG_OK) { 224*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 225*10500SHai-May.Chao@Sun.COM goto clean2; 226*10500SHai-May.Chao@Sun.COM } 227*10500SHai-May.Chao@Sun.COM 228*10500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 229*10500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, inlen); 230*10500SHai-May.Chao@Sun.COM 231*10500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 232*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.n), rsa_params->modulus, 233*10500SHai-May.Chao@Sun.COM rsa_params->modulus_len); 234*10500SHai-May.Chao@Sun.COM 235*10500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey.n)) > 0) { 236*10500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 237*10500SHai-May.Chao@Sun.COM goto clean3; 238*10500SHai-May.Chao@Sun.COM } 239*10500SHai-May.Chao@Sun.COM 240*10500SHai-May.Chao@Sun.COM /* Convert the rest of private key attributes to big integer format. */ 241*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.dmodpminus1), rsa_params->exponent2, 242*10500SHai-May.Chao@Sun.COM rsa_params->exponent2_len); 243*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.dmodqminus1), rsa_params->exponent1, 244*10500SHai-May.Chao@Sun.COM rsa_params->exponent1_len); 245*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.p), rsa_params->prime2, 246*10500SHai-May.Chao@Sun.COM rsa_params->prime2_len); 247*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.q), rsa_params->prime1, 248*10500SHai-May.Chao@Sun.COM rsa_params->prime1_len); 249*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.pinvmodq), rsa_params->coef, 250*10500SHai-May.Chao@Sun.COM rsa_params->coef_len); 251*10500SHai-May.Chao@Sun.COM 252*10500SHai-May.Chao@Sun.COM if ((big_cmp_abs(&(rsakey.dmodpminus1), &(rsakey.p)) > 0) || 253*10500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey.dmodqminus1), &(rsakey.q)) > 0) || 254*10500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey.pinvmodq), &(rsakey.q)) > 0)) { 255*10500SHai-May.Chao@Sun.COM #ifndef _KERNEL 256*10500SHai-May.Chao@Sun.COM rv = CKR_KEY_SIZE_RANGE; 257*10500SHai-May.Chao@Sun.COM #else 258*10500SHai-May.Chao@Sun.COM rv = CRYPTO_KEY_SIZE_RANGE; 259*10500SHai-May.Chao@Sun.COM #endif 260*10500SHai-May.Chao@Sun.COM goto clean3; 261*10500SHai-May.Chao@Sun.COM } 262*10500SHai-May.Chao@Sun.COM 263*10500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 264*10500SHai-May.Chao@Sun.COM if (big_modexp_crt(&msg, &msg, &(rsakey.dmodpminus1), 265*10500SHai-May.Chao@Sun.COM &(rsakey.dmodqminus1), &(rsakey.p), &(rsakey.q), 266*10500SHai-May.Chao@Sun.COM &(rsakey.pinvmodq), NULL, NULL) != BIG_OK) { 267*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 268*10500SHai-May.Chao@Sun.COM goto clean3; 269*10500SHai-May.Chao@Sun.COM } 270*10500SHai-May.Chao@Sun.COM 271*10500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 272*10500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, rsa_params->modulus_len); 273*10500SHai-May.Chao@Sun.COM 274*10500SHai-May.Chao@Sun.COM clean3: 275*10500SHai-May.Chao@Sun.COM big_finish(&msg); 276*10500SHai-May.Chao@Sun.COM clean2: 277*10500SHai-May.Chao@Sun.COM RSA_key_finish(&rsakey); 278*10500SHai-May.Chao@Sun.COM clean1: 279*10500SHai-May.Chao@Sun.COM 280*10500SHai-May.Chao@Sun.COM return (rv); 281*10500SHai-May.Chao@Sun.COM 282*10500SHai-May.Chao@Sun.COM } 283*10500SHai-May.Chao@Sun.COM 284*10500SHai-May.Chao@Sun.COM int 285*10500SHai-May.Chao@Sun.COM fips_rsa_verify(RSAPrivateKey_t *rsa_params, uint8_t *in, uint32_t in_len, 286*10500SHai-May.Chao@Sun.COM uint8_t *out) 287*10500SHai-May.Chao@Sun.COM { 288*10500SHai-May.Chao@Sun.COM 289*10500SHai-May.Chao@Sun.COM BIGNUM msg; 290*10500SHai-May.Chao@Sun.COM RSAkey rsakey; 291*10500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 292*10500SHai-May.Chao@Sun.COM 293*10500SHai-May.Chao@Sun.COM if (RSA_key_init(&rsakey, rsa_params->modulus_len * 4, 294*10500SHai-May.Chao@Sun.COM rsa_params->modulus_len * 4) != BIG_OK) { 295*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 296*10500SHai-May.Chao@Sun.COM goto clean1; 297*10500SHai-May.Chao@Sun.COM } 298*10500SHai-May.Chao@Sun.COM 299*10500SHai-May.Chao@Sun.COM /* Size for big_init is in BIG_CHUNK_TYPE words. */ 300*10500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { 301*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 302*10500SHai-May.Chao@Sun.COM goto clean2; 303*10500SHai-May.Chao@Sun.COM } 304*10500SHai-May.Chao@Sun.COM 305*10500SHai-May.Chao@Sun.COM /* Convert octet string exponent to big integer format. */ 306*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.e), rsa_params->public_expo, 307*10500SHai-May.Chao@Sun.COM rsa_params->public_expo_len); 308*10500SHai-May.Chao@Sun.COM 309*10500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 310*10500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.n), rsa_params->modulus, 311*10500SHai-May.Chao@Sun.COM rsa_params->modulus_len); 312*10500SHai-May.Chao@Sun.COM 313*10500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 314*10500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, in_len); 315*10500SHai-May.Chao@Sun.COM 316*10500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey.n)) > 0) { 317*10500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 318*10500SHai-May.Chao@Sun.COM goto clean3; 319*10500SHai-May.Chao@Sun.COM } 320*10500SHai-May.Chao@Sun.COM 321*10500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 322*10500SHai-May.Chao@Sun.COM if (big_modexp(&msg, &msg, &(rsakey.e), &(rsakey.n), NULL) != 323*10500SHai-May.Chao@Sun.COM BIG_OK) { 324*10500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 325*10500SHai-May.Chao@Sun.COM goto clean3; 326*10500SHai-May.Chao@Sun.COM } 327*10500SHai-May.Chao@Sun.COM 328*10500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 329*10500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, rsa_params->modulus_len); 330*10500SHai-May.Chao@Sun.COM 331*10500SHai-May.Chao@Sun.COM clean3: 332*10500SHai-May.Chao@Sun.COM big_finish(&msg); 333*10500SHai-May.Chao@Sun.COM clean2: 334*10500SHai-May.Chao@Sun.COM RSA_key_finish(&rsakey); 335*10500SHai-May.Chao@Sun.COM clean1: 336*10500SHai-May.Chao@Sun.COM 337*10500SHai-May.Chao@Sun.COM return (rv); 338*10500SHai-May.Chao@Sun.COM } 339*10500SHai-May.Chao@Sun.COM 340*10500SHai-May.Chao@Sun.COM static CK_RV 341*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 342*10500SHai-May.Chao@Sun.COM fips_rsa_sign_verify_test(sha2_mech_t mechanism, 343*10500SHai-May.Chao@Sun.COM #else 344*10500SHai-May.Chao@Sun.COM fips_rsa_sign_verify_test(CK_MECHANISM_TYPE mechanism, 345*10500SHai-May.Chao@Sun.COM #endif 346*10500SHai-May.Chao@Sun.COM RSAPrivateKey_t *rsa_private_key, 347*10500SHai-May.Chao@Sun.COM unsigned char *rsa_known_msg, 348*10500SHai-May.Chao@Sun.COM unsigned int rsa_msg_length, 349*10500SHai-May.Chao@Sun.COM unsigned char *rsa_computed_signature, 350*10500SHai-May.Chao@Sun.COM unsigned char *der_data, int sign) 351*10500SHai-May.Chao@Sun.COM 352*10500SHai-May.Chao@Sun.COM { 353*10500SHai-May.Chao@Sun.COM unsigned char hash[SHA512_DIGEST_LENGTH]; /* SHA digest */ 354*10500SHai-May.Chao@Sun.COM SHA1_CTX *sha1_context = NULL; 355*10500SHai-May.Chao@Sun.COM SHA2_CTX *sha2_context = NULL; 356*10500SHai-May.Chao@Sun.COM int hash_len; 357*10500SHai-May.Chao@Sun.COM CK_RV rv; 358*10500SHai-May.Chao@Sun.COM CK_ULONG der_len; 359*10500SHai-May.Chao@Sun.COM CK_BYTE *der_prefix; 360*10500SHai-May.Chao@Sun.COM CK_ULONG der_data_len; 361*10500SHai-May.Chao@Sun.COM CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; 362*10500SHai-May.Chao@Sun.COM uint32_t modulus_len; 363*10500SHai-May.Chao@Sun.COM 364*10500SHai-May.Chao@Sun.COM switch (mechanism) { 365*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 366*10500SHai-May.Chao@Sun.COM case SHA1_TYPE: 367*10500SHai-May.Chao@Sun.COM #else 368*10500SHai-May.Chao@Sun.COM case CKM_SHA_1: 369*10500SHai-May.Chao@Sun.COM #endif 370*10500SHai-May.Chao@Sun.COM { 371*10500SHai-May.Chao@Sun.COM 372*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 373*10500SHai-May.Chao@Sun.COM if ((sha1_context = kmem_zalloc(sizeof (SHA1_CTX), 374*10500SHai-May.Chao@Sun.COM KM_SLEEP)) == NULL) 375*10500SHai-May.Chao@Sun.COM #else 376*10500SHai-May.Chao@Sun.COM if ((sha1_context = malloc(sizeof (SHA1_CTX))) == NULL) 377*10500SHai-May.Chao@Sun.COM #endif 378*10500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 379*10500SHai-May.Chao@Sun.COM 380*10500SHai-May.Chao@Sun.COM SHA1Init(sha1_context); 381*10500SHai-May.Chao@Sun.COM 382*10500SHai-May.Chao@Sun.COM #ifdef __sparcv9 383*10500SHai-May.Chao@Sun.COM SHA1Update(sha1_context, rsa_known_msg, 384*10500SHai-May.Chao@Sun.COM (uint_t)rsa_msg_length); 385*10500SHai-May.Chao@Sun.COM #else /* !__sparcv9 */ 386*10500SHai-May.Chao@Sun.COM SHA1Update(sha1_context, rsa_known_msg, rsa_msg_length); 387*10500SHai-May.Chao@Sun.COM #endif /* __sparcv9 */ 388*10500SHai-May.Chao@Sun.COM SHA1Final(hash, sha1_context); 389*10500SHai-May.Chao@Sun.COM 390*10500SHai-May.Chao@Sun.COM hash_len = SHA1_DIGEST_LENGTH; 391*10500SHai-May.Chao@Sun.COM 392*10500SHai-May.Chao@Sun.COM /* 393*10500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 394*10500SHai-May.Chao@Sun.COM * by setting it to: 395*10500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 396*10500SHai-May.Chao@Sun.COM */ 397*10500SHai-May.Chao@Sun.COM der_len = SHA1_DER_PREFIX_Len; 398*10500SHai-May.Chao@Sun.COM der_prefix = (CK_BYTE *)SHA1_DER_PREFIX; 399*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data, der_prefix, der_len); 400*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data + der_len, hash, hash_len); 401*10500SHai-May.Chao@Sun.COM der_data_len = der_len + hash_len; 402*10500SHai-May.Chao@Sun.COM break; 403*10500SHai-May.Chao@Sun.COM } 404*10500SHai-May.Chao@Sun.COM 405*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 406*10500SHai-May.Chao@Sun.COM case SHA256_TYPE: 407*10500SHai-May.Chao@Sun.COM #else 408*10500SHai-May.Chao@Sun.COM case CKM_SHA256: 409*10500SHai-May.Chao@Sun.COM #endif 410*10500SHai-May.Chao@Sun.COM { 411*10500SHai-May.Chao@Sun.COM 412*10500SHai-May.Chao@Sun.COM sha2_context = fips_sha2_build_context(mechanism); 413*10500SHai-May.Chao@Sun.COM if (sha2_context == NULL) 414*10500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 415*10500SHai-May.Chao@Sun.COM 416*10500SHai-May.Chao@Sun.COM rv = fips_sha2_hash(sha2_context, rsa_known_msg, 417*10500SHai-May.Chao@Sun.COM rsa_msg_length, hash); 418*10500SHai-May.Chao@Sun.COM hash_len = SHA256_DIGEST_LENGTH; 419*10500SHai-May.Chao@Sun.COM 420*10500SHai-May.Chao@Sun.COM /* 421*10500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 422*10500SHai-May.Chao@Sun.COM * by setting it to: 423*10500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 424*10500SHai-May.Chao@Sun.COM */ 425*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data, SHA256_DER_PREFIX, 426*10500SHai-May.Chao@Sun.COM SHA2_DER_PREFIX_Len); 427*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); 428*10500SHai-May.Chao@Sun.COM der_data_len = SHA2_DER_PREFIX_Len + hash_len; 429*10500SHai-May.Chao@Sun.COM break; 430*10500SHai-May.Chao@Sun.COM } 431*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 432*10500SHai-May.Chao@Sun.COM case SHA384_TYPE: 433*10500SHai-May.Chao@Sun.COM #else 434*10500SHai-May.Chao@Sun.COM case CKM_SHA384: 435*10500SHai-May.Chao@Sun.COM #endif 436*10500SHai-May.Chao@Sun.COM { 437*10500SHai-May.Chao@Sun.COM 438*10500SHai-May.Chao@Sun.COM sha2_context = fips_sha2_build_context(mechanism); 439*10500SHai-May.Chao@Sun.COM if (sha2_context == NULL) 440*10500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 441*10500SHai-May.Chao@Sun.COM 442*10500SHai-May.Chao@Sun.COM rv = fips_sha2_hash(sha2_context, rsa_known_msg, 443*10500SHai-May.Chao@Sun.COM rsa_msg_length, hash); 444*10500SHai-May.Chao@Sun.COM hash_len = SHA384_DIGEST_LENGTH; 445*10500SHai-May.Chao@Sun.COM 446*10500SHai-May.Chao@Sun.COM /* 447*10500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 448*10500SHai-May.Chao@Sun.COM * by setting it to: 449*10500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 450*10500SHai-May.Chao@Sun.COM */ 451*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data, SHA384_DER_PREFIX, 452*10500SHai-May.Chao@Sun.COM SHA2_DER_PREFIX_Len); 453*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); 454*10500SHai-May.Chao@Sun.COM der_data_len = SHA2_DER_PREFIX_Len + hash_len; 455*10500SHai-May.Chao@Sun.COM break; 456*10500SHai-May.Chao@Sun.COM } 457*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 458*10500SHai-May.Chao@Sun.COM case SHA512_TYPE: 459*10500SHai-May.Chao@Sun.COM #else 460*10500SHai-May.Chao@Sun.COM case CKM_SHA512: 461*10500SHai-May.Chao@Sun.COM #endif 462*10500SHai-May.Chao@Sun.COM { 463*10500SHai-May.Chao@Sun.COM 464*10500SHai-May.Chao@Sun.COM sha2_context = fips_sha2_build_context(mechanism); 465*10500SHai-May.Chao@Sun.COM if (sha2_context == NULL) 466*10500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 467*10500SHai-May.Chao@Sun.COM 468*10500SHai-May.Chao@Sun.COM rv = fips_sha2_hash(sha2_context, rsa_known_msg, 469*10500SHai-May.Chao@Sun.COM rsa_msg_length, hash); 470*10500SHai-May.Chao@Sun.COM hash_len = SHA512_DIGEST_LENGTH; 471*10500SHai-May.Chao@Sun.COM 472*10500SHai-May.Chao@Sun.COM /* 473*10500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 474*10500SHai-May.Chao@Sun.COM * by setting it to: 475*10500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 476*10500SHai-May.Chao@Sun.COM */ 477*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data, SHA512_DER_PREFIX, 478*10500SHai-May.Chao@Sun.COM SHA2_DER_PREFIX_Len); 479*10500SHai-May.Chao@Sun.COM (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); 480*10500SHai-May.Chao@Sun.COM der_data_len = SHA2_DER_PREFIX_Len + hash_len; 481*10500SHai-May.Chao@Sun.COM break; 482*10500SHai-May.Chao@Sun.COM } 483*10500SHai-May.Chao@Sun.COM } 484*10500SHai-May.Chao@Sun.COM 485*10500SHai-May.Chao@Sun.COM modulus_len = rsa_private_key->modulus_len; 486*10500SHai-May.Chao@Sun.COM 487*10500SHai-May.Chao@Sun.COM if (sign) { 488*10500SHai-May.Chao@Sun.COM rv = soft_sign_rsa_pkcs_encode(der_data, der_data_len, 489*10500SHai-May.Chao@Sun.COM plain_data, modulus_len); 490*10500SHai-May.Chao@Sun.COM 491*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) { 492*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 493*10500SHai-May.Chao@Sun.COM } 494*10500SHai-May.Chao@Sun.COM 495*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign(rsa_private_key, plain_data, modulus_len, 496*10500SHai-May.Chao@Sun.COM rsa_computed_signature); 497*10500SHai-May.Chao@Sun.COM 498*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) { 499*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 500*10500SHai-May.Chao@Sun.COM } 501*10500SHai-May.Chao@Sun.COM } else { 502*10500SHai-May.Chao@Sun.COM /* 503*10500SHai-May.Chao@Sun.COM * Perform RSA decryption with the signer's RSA public key 504*10500SHai-May.Chao@Sun.COM * for verification process. 505*10500SHai-May.Chao@Sun.COM */ 506*10500SHai-May.Chao@Sun.COM rv = fips_rsa_verify(rsa_private_key, rsa_computed_signature, 507*10500SHai-May.Chao@Sun.COM modulus_len, plain_data); 508*10500SHai-May.Chao@Sun.COM 509*10500SHai-May.Chao@Sun.COM if (rv == CKR_OK) { 510*10500SHai-May.Chao@Sun.COM 511*10500SHai-May.Chao@Sun.COM /* 512*10500SHai-May.Chao@Sun.COM * Strip off the encoded padding bytes in front of the 513*10500SHai-May.Chao@Sun.COM * recovered data, then compare the recovered data with 514*10500SHai-May.Chao@Sun.COM * the original data. 515*10500SHai-May.Chao@Sun.COM */ 516*10500SHai-May.Chao@Sun.COM int data_len = modulus_len; 517*10500SHai-May.Chao@Sun.COM 518*10500SHai-May.Chao@Sun.COM rv = soft_verify_rsa_pkcs_decode(plain_data, &data_len); 519*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) { 520*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 521*10500SHai-May.Chao@Sun.COM } 522*10500SHai-May.Chao@Sun.COM 523*10500SHai-May.Chao@Sun.COM if ((CK_ULONG)data_len != der_data_len) { 524*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 525*10500SHai-May.Chao@Sun.COM return (CRYPTO_SIGNATURE_LEN_RANGE); 526*10500SHai-May.Chao@Sun.COM #else 527*10500SHai-May.Chao@Sun.COM return (CKR_SIGNATURE_LEN_RANGE); 528*10500SHai-May.Chao@Sun.COM #endif 529*10500SHai-May.Chao@Sun.COM } else if (memcmp(der_data, 530*10500SHai-May.Chao@Sun.COM &plain_data[modulus_len - data_len], 531*10500SHai-May.Chao@Sun.COM data_len) != 0) { 532*10500SHai-May.Chao@Sun.COM return (CKR_SIGNATURE_INVALID); 533*10500SHai-May.Chao@Sun.COM } 534*10500SHai-May.Chao@Sun.COM } else { 535*10500SHai-May.Chao@Sun.COM 536*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 537*10500SHai-May.Chao@Sun.COM } 538*10500SHai-May.Chao@Sun.COM } 539*10500SHai-May.Chao@Sun.COM return (CKR_OK); 540*10500SHai-May.Chao@Sun.COM } 541*10500SHai-May.Chao@Sun.COM 542*10500SHai-May.Chao@Sun.COM 543*10500SHai-May.Chao@Sun.COM /* 544*10500SHai-May.Chao@Sun.COM * RSA Power-On SelfTest(s). 545*10500SHai-May.Chao@Sun.COM */ 546*10500SHai-May.Chao@Sun.COM int 547*10500SHai-May.Chao@Sun.COM fips_rsa_post(void) 548*10500SHai-May.Chao@Sun.COM { 549*10500SHai-May.Chao@Sun.COM /* 550*10500SHai-May.Chao@Sun.COM * RSA Known Modulus used in both Public/Private Key Values (1024-bits). 551*10500SHai-May.Chao@Sun.COM */ 552*10500SHai-May.Chao@Sun.COM static uint8_t rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { 553*10500SHai-May.Chao@Sun.COM 0xd5, 0x84, 0x95, 0x07, 0xf4, 0xd0, 0x1f, 0x82, 554*10500SHai-May.Chao@Sun.COM 0xf3, 0x79, 0xf4, 0x99, 0x48, 0x10, 0xe1, 0x71, 555*10500SHai-May.Chao@Sun.COM 0xa5, 0x62, 0x22, 0xa3, 0x4b, 0x00, 0xe3, 0x5b, 556*10500SHai-May.Chao@Sun.COM 0x3a, 0xcc, 0x10, 0x83, 0xe0, 0xaf, 0x61, 0x13, 557*10500SHai-May.Chao@Sun.COM 0x54, 0x6a, 0xa2, 0x6a, 0x2c, 0x5e, 0xb3, 0xcc, 558*10500SHai-May.Chao@Sun.COM 0xa3, 0x71, 0x9a, 0xb2, 0x3e, 0x78, 0xec, 0xb5, 559*10500SHai-May.Chao@Sun.COM 0x0e, 0x6e, 0x31, 0x3b, 0x77, 0x1f, 0x6e, 0x94, 560*10500SHai-May.Chao@Sun.COM 0x41, 0x60, 0xd5, 0x6e, 0xd9, 0xc6, 0xf9, 0x29, 561*10500SHai-May.Chao@Sun.COM 0xc3, 0x40, 0x36, 0x25, 0xdb, 0xea, 0x0b, 0x07, 562*10500SHai-May.Chao@Sun.COM 0xae, 0x76, 0xfd, 0x99, 0x29, 0xf4, 0x22, 0xc1, 563*10500SHai-May.Chao@Sun.COM 0x1a, 0x8f, 0x05, 0xfe, 0x98, 0x09, 0x07, 0x05, 564*10500SHai-May.Chao@Sun.COM 0xc2, 0x0f, 0x0b, 0x11, 0x83, 0x39, 0xca, 0xc7, 565*10500SHai-May.Chao@Sun.COM 0x43, 0x63, 0xff, 0x33, 0x80, 0xe7, 0xc3, 0x78, 566*10500SHai-May.Chao@Sun.COM 0xae, 0xf1, 0x73, 0x52, 0x98, 0x1d, 0xde, 0x5c, 567*10500SHai-May.Chao@Sun.COM 0x53, 0x6e, 0x01, 0x73, 0x0d, 0x12, 0x7e, 0x77, 568*10500SHai-May.Chao@Sun.COM 0x03, 0xf1, 0xef, 0x1b, 0xc8, 0xa8, 0x0f, 0x97 569*10500SHai-May.Chao@Sun.COM }; 570*10500SHai-May.Chao@Sun.COM 571*10500SHai-May.Chao@Sun.COM /* RSA Known Public Key Values (24-bits). */ 572*10500SHai-May.Chao@Sun.COM static uint8_t rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 573*10500SHai-May.Chao@Sun.COM 0x01, 0x00, 0x01 574*10500SHai-May.Chao@Sun.COM }; 575*10500SHai-May.Chao@Sun.COM 576*10500SHai-May.Chao@Sun.COM /* 577*10500SHai-May.Chao@Sun.COM * RSA Known Private Key Values (version is 8-bits), 578*10500SHai-May.Chao@Sun.COM * (private exponent is 1024-bits), 579*10500SHai-May.Chao@Sun.COM * (private prime0 is 512-bits), 580*10500SHai-May.Chao@Sun.COM * (private prime1 is 512-bits), 581*10500SHai-May.Chao@Sun.COM * (private prime exponent0 is 512-bits), 582*10500SHai-May.Chao@Sun.COM * (private prime exponent1 is 512-bits), 583*10500SHai-May.Chao@Sun.COM * and (private coefficient is 512-bits). 584*10500SHai-May.Chao@Sun.COM */ 585*10500SHai-May.Chao@Sun.COM static uint8_t rsa_version[] = { 0x00 }; 586*10500SHai-May.Chao@Sun.COM 587*10500SHai-May.Chao@Sun.COM static uint8_t rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] 588*10500SHai-May.Chao@Sun.COM = { 589*10500SHai-May.Chao@Sun.COM 0x85, 0x27, 0x47, 0x61, 0x4c, 0xd4, 0xb5, 0xb2, 590*10500SHai-May.Chao@Sun.COM 0x0e, 0x70, 0x91, 0x8f, 0x3d, 0x97, 0xf9, 0x5f, 591*10500SHai-May.Chao@Sun.COM 0xcc, 0x09, 0x65, 0x1c, 0x7c, 0x5b, 0xb3, 0x6d, 592*10500SHai-May.Chao@Sun.COM 0x63, 0x3f, 0x7b, 0x55, 0x22, 0xbb, 0x7c, 0x48, 593*10500SHai-May.Chao@Sun.COM 0x77, 0xae, 0x80, 0x56, 0xc2, 0x10, 0xd5, 0x03, 594*10500SHai-May.Chao@Sun.COM 0xdb, 0x31, 0xaf, 0x8d, 0x54, 0xd4, 0x48, 0x99, 595*10500SHai-May.Chao@Sun.COM 0xa8, 0xc4, 0x23, 0x43, 0xb8, 0x48, 0x0b, 0xc7, 596*10500SHai-May.Chao@Sun.COM 0xbc, 0xf5, 0xcc, 0x64, 0x72, 0xbf, 0x59, 0x06, 597*10500SHai-May.Chao@Sun.COM 0x04, 0x1c, 0x32, 0xf5, 0x14, 0x2e, 0x6e, 0xe2, 598*10500SHai-May.Chao@Sun.COM 0x0f, 0x5c, 0xde, 0x36, 0x3c, 0x6e, 0x7c, 0x4d, 599*10500SHai-May.Chao@Sun.COM 0xcc, 0xd3, 0x00, 0x6e, 0xe5, 0x45, 0x46, 0xef, 600*10500SHai-May.Chao@Sun.COM 0x4d, 0x25, 0x46, 0x6d, 0x7f, 0xed, 0xbb, 0x4f, 601*10500SHai-May.Chao@Sun.COM 0x4d, 0x9f, 0xda, 0x87, 0x47, 0x8f, 0x74, 0x44, 602*10500SHai-May.Chao@Sun.COM 0xb7, 0xbe, 0x9d, 0xf5, 0xdd, 0xd2, 0x4c, 0xa5, 603*10500SHai-May.Chao@Sun.COM 0xab, 0x74, 0xe5, 0x29, 0xa1, 0xd2, 0x45, 0x3b, 604*10500SHai-May.Chao@Sun.COM 0x33, 0xde, 0xd5, 0xae, 0xf7, 0x03, 0x10, 0x21 605*10500SHai-May.Chao@Sun.COM }; 606*10500SHai-May.Chao@Sun.COM 607*10500SHai-May.Chao@Sun.COM static uint8_t rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = { 608*10500SHai-May.Chao@Sun.COM 0xf9, 0x74, 0x8f, 0x16, 0x02, 0x6b, 0xa0, 0xee, 609*10500SHai-May.Chao@Sun.COM 0x7f, 0x28, 0x97, 0x91, 0xdc, 0xec, 0xc0, 0x7c, 610*10500SHai-May.Chao@Sun.COM 0x49, 0xc2, 0x85, 0x76, 0xee, 0x66, 0x74, 0x2d, 611*10500SHai-May.Chao@Sun.COM 0x1a, 0xb8, 0xf7, 0x2f, 0x11, 0x5b, 0x36, 0xd8, 612*10500SHai-May.Chao@Sun.COM 0x46, 0x33, 0x3b, 0xd8, 0xf3, 0x2d, 0xa1, 0x03, 613*10500SHai-May.Chao@Sun.COM 0x83, 0x2b, 0xec, 0x35, 0x43, 0x32, 0xff, 0xdd, 614*10500SHai-May.Chao@Sun.COM 0x81, 0x7c, 0xfd, 0x65, 0x13, 0x04, 0x7c, 0xfc, 615*10500SHai-May.Chao@Sun.COM 0x03, 0x97, 0xf0, 0xd5, 0x62, 0xdc, 0x0d, 0xbf 616*10500SHai-May.Chao@Sun.COM }; 617*10500SHai-May.Chao@Sun.COM 618*10500SHai-May.Chao@Sun.COM static uint8_t rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = { 619*10500SHai-May.Chao@Sun.COM 0xdb, 0x1e, 0xa7, 0x3d, 0xe7, 0xfa, 0x8b, 0x04, 620*10500SHai-May.Chao@Sun.COM 0x83, 0x48, 0xf3, 0xa5, 0x31, 0x9d, 0x35, 0x5e, 621*10500SHai-May.Chao@Sun.COM 0x4d, 0x54, 0x77, 0xcc, 0x84, 0x09, 0xf3, 0x11, 622*10500SHai-May.Chao@Sun.COM 0x0d, 0x54, 0xed, 0x85, 0x39, 0xa9, 0xca, 0xa8, 623*10500SHai-May.Chao@Sun.COM 0xea, 0xae, 0x19, 0x9c, 0x75, 0xdb, 0x88, 0xb8, 624*10500SHai-May.Chao@Sun.COM 0x04, 0x8d, 0x54, 0xc6, 0xa4, 0x80, 0xf8, 0x93, 625*10500SHai-May.Chao@Sun.COM 0xf0, 0xdb, 0x19, 0xef, 0xd7, 0x87, 0x8a, 0x8f, 626*10500SHai-May.Chao@Sun.COM 0x5a, 0x09, 0x2e, 0x54, 0xf3, 0x45, 0x24, 0x29 627*10500SHai-May.Chao@Sun.COM }; 628*10500SHai-May.Chao@Sun.COM 629*10500SHai-May.Chao@Sun.COM static uint8_t rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = { 630*10500SHai-May.Chao@Sun.COM 0x6a, 0xd1, 0x25, 0x80, 0x18, 0x33, 0x3c, 0x2b, 631*10500SHai-May.Chao@Sun.COM 0x44, 0x19, 0xfe, 0xa5, 0x40, 0x03, 0xc4, 0xfc, 632*10500SHai-May.Chao@Sun.COM 0xb3, 0x9c, 0xef, 0x07, 0x99, 0x58, 0x17, 0xc1, 633*10500SHai-May.Chao@Sun.COM 0x44, 0xa3, 0x15, 0x7d, 0x7b, 0x22, 0x22, 0xdf, 634*10500SHai-May.Chao@Sun.COM 0x03, 0x58, 0x66, 0xf5, 0x24, 0x54, 0x52, 0x91, 635*10500SHai-May.Chao@Sun.COM 0x2d, 0x76, 0xfe, 0x63, 0x64, 0x4e, 0x0f, 0x50, 636*10500SHai-May.Chao@Sun.COM 0x2b, 0x65, 0x79, 0x1f, 0xf1, 0xbf, 0xc7, 0x41, 637*10500SHai-May.Chao@Sun.COM 0x26, 0xcc, 0xc6, 0x1c, 0xa9, 0x83, 0x6f, 0x03 638*10500SHai-May.Chao@Sun.COM }; 639*10500SHai-May.Chao@Sun.COM 640*10500SHai-May.Chao@Sun.COM static uint8_t rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = { 641*10500SHai-May.Chao@Sun.COM 0x12, 0x84, 0x1a, 0x99, 0xce, 0x9a, 0x8b, 0x58, 642*10500SHai-May.Chao@Sun.COM 0xcc, 0x47, 0x43, 0xdf, 0x77, 0xbb, 0xd3, 0x20, 643*10500SHai-May.Chao@Sun.COM 0xae, 0xe4, 0x2e, 0x63, 0x67, 0xdc, 0xf7, 0x5f, 644*10500SHai-May.Chao@Sun.COM 0x3f, 0x83, 0x27, 0xb7, 0x14, 0x52, 0x56, 0xbf, 645*10500SHai-May.Chao@Sun.COM 0xc3, 0x65, 0x06, 0xe1, 0x03, 0xcc, 0x93, 0x57, 646*10500SHai-May.Chao@Sun.COM 0x09, 0x7b, 0x6f, 0xe8, 0x81, 0x4a, 0x2c, 0xb7, 647*10500SHai-May.Chao@Sun.COM 0x43, 0xa9, 0x20, 0x1d, 0xf6, 0x56, 0x8b, 0xcc, 648*10500SHai-May.Chao@Sun.COM 0xe5, 0x4c, 0xd5, 0x4f, 0x74, 0x67, 0x29, 0x51 649*10500SHai-May.Chao@Sun.COM }; 650*10500SHai-May.Chao@Sun.COM 651*10500SHai-May.Chao@Sun.COM static uint8_t rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = { 652*10500SHai-May.Chao@Sun.COM 0x23, 0xab, 0xf4, 0x03, 0x2f, 0x29, 0x95, 0x74, 653*10500SHai-May.Chao@Sun.COM 0xac, 0x1a, 0x33, 0x96, 0x62, 0xed, 0xf7, 0xf6, 654*10500SHai-May.Chao@Sun.COM 0xae, 0x07, 0x2a, 0x2e, 0xe8, 0xab, 0xfb, 0x1e, 655*10500SHai-May.Chao@Sun.COM 0xb9, 0xb2, 0x88, 0x1e, 0x85, 0x05, 0x42, 0x64, 656*10500SHai-May.Chao@Sun.COM 0x03, 0xb2, 0x8b, 0xc1, 0x81, 0x75, 0xd7, 0xba, 657*10500SHai-May.Chao@Sun.COM 0xaa, 0xd4, 0x31, 0x3c, 0x8a, 0x96, 0x23, 0x9d, 658*10500SHai-May.Chao@Sun.COM 0x3f, 0x06, 0x3e, 0x44, 0xa9, 0x62, 0x2f, 0x61, 659*10500SHai-May.Chao@Sun.COM 0x5a, 0x51, 0x82, 0x2c, 0x04, 0x85, 0x73, 0xd1 660*10500SHai-May.Chao@Sun.COM }; 661*10500SHai-May.Chao@Sun.COM 662*10500SHai-May.Chao@Sun.COM /* RSA Known Plaintext Message (1024-bits). */ 663*10500SHai-May.Chao@Sun.COM static uint8_t rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = { 664*10500SHai-May.Chao@Sun.COM "Known plaintext message utilized" 665*10500SHai-May.Chao@Sun.COM "for RSA Encryption & Decryption" 666*10500SHai-May.Chao@Sun.COM "block, SHA1, SHA256, SHA384 and" 667*10500SHai-May.Chao@Sun.COM "SHA512 RSA Signature KAT tests." 668*10500SHai-May.Chao@Sun.COM }; 669*10500SHai-May.Chao@Sun.COM 670*10500SHai-May.Chao@Sun.COM /* RSA Known Ciphertext (1024-bits). */ 671*10500SHai-May.Chao@Sun.COM static uint8_t rsa_known_ciphertext[] = { 672*10500SHai-May.Chao@Sun.COM 0x1e, 0x7e, 0x12, 0xbb, 0x15, 0x62, 0xd0, 0x23, 673*10500SHai-May.Chao@Sun.COM 0x53, 0x4c, 0x51, 0x97, 0x77, 0x06, 0xa0, 0xbb, 674*10500SHai-May.Chao@Sun.COM 0x26, 0x99, 0x9a, 0x8f, 0x39, 0xad, 0x88, 0x5c, 675*10500SHai-May.Chao@Sun.COM 0xc4, 0xce, 0x33, 0x40, 0x94, 0x92, 0xb4, 0x0e, 676*10500SHai-May.Chao@Sun.COM 0xab, 0x71, 0xa9, 0x5d, 0x9a, 0x37, 0xe3, 0x9a, 677*10500SHai-May.Chao@Sun.COM 0x24, 0x95, 0x13, 0xea, 0x0f, 0xbb, 0xf7, 0xff, 678*10500SHai-May.Chao@Sun.COM 0xdf, 0x31, 0x33, 0x23, 0x1d, 0xce, 0x26, 0x9e, 679*10500SHai-May.Chao@Sun.COM 0xd1, 0xde, 0x98, 0x40, 0xde, 0x57, 0x86, 0x12, 680*10500SHai-May.Chao@Sun.COM 0xf1, 0xe6, 0x5a, 0x3f, 0x08, 0x02, 0x81, 0x85, 681*10500SHai-May.Chao@Sun.COM 0xe0, 0xd9, 0xad, 0x3c, 0x8c, 0x71, 0xf8, 0xcf, 682*10500SHai-May.Chao@Sun.COM 0x0a, 0x98, 0xc5, 0x08, 0xdc, 0xc4, 0xca, 0x8c, 683*10500SHai-May.Chao@Sun.COM 0x23, 0x1b, 0x4d, 0x9b, 0xb5, 0x13, 0x44, 0xe1, 684*10500SHai-May.Chao@Sun.COM 0x5f, 0xf9, 0x30, 0x80, 0x25, 0xe0, 0x1e, 0x94, 685*10500SHai-May.Chao@Sun.COM 0xa3, 0x0c, 0xdc, 0x82, 0x2e, 0xfb, 0x30, 0xbe, 686*10500SHai-May.Chao@Sun.COM 0x89, 0xba, 0x76, 0xb6, 0x23, 0xf7, 0xda, 0x7c, 687*10500SHai-May.Chao@Sun.COM 0xca, 0xe6, 0x02, 0xbd, 0x92, 0xce, 0x64, 0xfc 688*10500SHai-May.Chao@Sun.COM }; 689*10500SHai-May.Chao@Sun.COM 690*10500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 691*10500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha1_signature[] = { 692*10500SHai-May.Chao@Sun.COM 0xd2, 0xa4, 0xe0, 0x2b, 0xc7, 0x03, 0x7f, 0xc6, 693*10500SHai-May.Chao@Sun.COM 0x06, 0x9e, 0xa2, 0x82, 0x19, 0xe9, 0x2b, 0xaf, 694*10500SHai-May.Chao@Sun.COM 0xe3, 0x48, 0x88, 0xc1, 0xf3, 0xb5, 0x0d, 0xe4, 695*10500SHai-May.Chao@Sun.COM 0x52, 0x9e, 0xad, 0xd5, 0x58, 0xb5, 0x9f, 0xe8, 696*10500SHai-May.Chao@Sun.COM 0x40, 0xe9, 0xb7, 0x2e, 0xc6, 0x71, 0x58, 0x56, 697*10500SHai-May.Chao@Sun.COM 0x04, 0xac, 0xb0, 0xf3, 0x3a, 0x42, 0x38, 0x08, 698*10500SHai-May.Chao@Sun.COM 0xc4, 0x43, 0x39, 0xba, 0x19, 0xce, 0xb1, 0x99, 699*10500SHai-May.Chao@Sun.COM 0xf1, 0x8d, 0x89, 0xd8, 0x50, 0x07, 0x14, 0x3d, 700*10500SHai-May.Chao@Sun.COM 0xcf, 0xd0, 0xb6, 0x79, 0xde, 0x9c, 0x89, 0x32, 701*10500SHai-May.Chao@Sun.COM 0xb0, 0x73, 0x3f, 0xed, 0x03, 0x0b, 0xdf, 0x6d, 702*10500SHai-May.Chao@Sun.COM 0x7e, 0xc9, 0x1c, 0x39, 0xe8, 0x2b, 0x16, 0x09, 703*10500SHai-May.Chao@Sun.COM 0xbb, 0x5f, 0x99, 0x2f, 0xeb, 0xf3, 0x37, 0x73, 704*10500SHai-May.Chao@Sun.COM 0x0d, 0x0e, 0xcc, 0x95, 0xad, 0x90, 0x80, 0x03, 705*10500SHai-May.Chao@Sun.COM 0x1d, 0x80, 0x55, 0x37, 0xa1, 0x2a, 0x71, 0x76, 706*10500SHai-May.Chao@Sun.COM 0x23, 0x87, 0x8c, 0x9b, 0x41, 0x07, 0xc6, 0x3d, 707*10500SHai-May.Chao@Sun.COM 0xc6, 0xa3, 0x7d, 0x1b, 0xff, 0x4e, 0x11, 0x19 708*10500SHai-May.Chao@Sun.COM }; 709*10500SHai-May.Chao@Sun.COM 710*10500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 711*10500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha256_signature[] = { 712*10500SHai-May.Chao@Sun.COM 0x27, 0x35, 0xdd, 0xc4, 0xf8, 0xe2, 0x0b, 0xa3, 713*10500SHai-May.Chao@Sun.COM 0xef, 0x63, 0x57, 0x3b, 0xe1, 0x58, 0x9a, 0xbc, 714*10500SHai-May.Chao@Sun.COM 0x20, 0x9c, 0x25, 0x12, 0x01, 0xbf, 0xbb, 0x29, 715*10500SHai-May.Chao@Sun.COM 0x80, 0x1a, 0xb1, 0x37, 0x9c, 0xcd, 0x67, 0xc7, 716*10500SHai-May.Chao@Sun.COM 0x0d, 0xf8, 0x64, 0x10, 0x9f, 0xe2, 0xa1, 0x9b, 717*10500SHai-May.Chao@Sun.COM 0x21, 0x90, 0xcc, 0xda, 0x8b, 0x76, 0x5e, 0x79, 718*10500SHai-May.Chao@Sun.COM 0x00, 0x9d, 0x58, 0x8b, 0x8a, 0xb3, 0xc3, 0xb5, 719*10500SHai-May.Chao@Sun.COM 0xf1, 0x54, 0xc5, 0x8c, 0x72, 0xba, 0xde, 0x51, 720*10500SHai-May.Chao@Sun.COM 0x3c, 0x6b, 0x94, 0xd6, 0xf3, 0x1b, 0xa2, 0x53, 721*10500SHai-May.Chao@Sun.COM 0xe6, 0x1a, 0x46, 0x1d, 0x7f, 0x14, 0x86, 0xcc, 722*10500SHai-May.Chao@Sun.COM 0xa6, 0x30, 0x92, 0x96, 0xc0, 0x96, 0x24, 0xf0, 723*10500SHai-May.Chao@Sun.COM 0x42, 0x53, 0x4c, 0xdd, 0x27, 0xdf, 0x1d, 0x2e, 724*10500SHai-May.Chao@Sun.COM 0x8b, 0x83, 0xbe, 0xed, 0x85, 0x1d, 0x50, 0x46, 725*10500SHai-May.Chao@Sun.COM 0xa3, 0x7d, 0x20, 0xea, 0x3e, 0x91, 0xfb, 0xf6, 726*10500SHai-May.Chao@Sun.COM 0x86, 0x51, 0xfd, 0x8c, 0xe5, 0x31, 0xe6, 0x7e, 727*10500SHai-May.Chao@Sun.COM 0x60, 0x08, 0x0e, 0xec, 0xa6, 0xea, 0x24, 0x8d 728*10500SHai-May.Chao@Sun.COM }; 729*10500SHai-May.Chao@Sun.COM 730*10500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 731*10500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha384_signature[] = { 732*10500SHai-May.Chao@Sun.COM 0x0b, 0x03, 0x94, 0x4f, 0x94, 0x78, 0x9b, 0x96, 733*10500SHai-May.Chao@Sun.COM 0x76, 0xeb, 0x72, 0x58, 0xe1, 0xc5, 0xc7, 0x5f, 734*10500SHai-May.Chao@Sun.COM 0x85, 0x01, 0xa8, 0xc4, 0xf6, 0x1a, 0xb5, 0x2c, 735*10500SHai-May.Chao@Sun.COM 0xd1, 0xd8, 0x87, 0xde, 0x3a, 0x9c, 0x9f, 0x57, 736*10500SHai-May.Chao@Sun.COM 0x81, 0x2a, 0x1e, 0x23, 0x07, 0x70, 0xb0, 0xf9, 737*10500SHai-May.Chao@Sun.COM 0x28, 0x3d, 0xfa, 0xe5, 0x2e, 0x1b, 0x9a, 0x72, 738*10500SHai-May.Chao@Sun.COM 0xc3, 0x74, 0xb3, 0x42, 0x1c, 0x9a, 0x13, 0xdc, 739*10500SHai-May.Chao@Sun.COM 0xc9, 0xd6, 0xd5, 0x88, 0xc9, 0x9c, 0x46, 0xf1, 740*10500SHai-May.Chao@Sun.COM 0x0c, 0xa6, 0xf7, 0xd8, 0x06, 0xa3, 0x1b, 0xdf, 741*10500SHai-May.Chao@Sun.COM 0x55, 0xb3, 0x1b, 0x7b, 0x58, 0x1d, 0xff, 0x19, 742*10500SHai-May.Chao@Sun.COM 0xc7, 0xe0, 0xdd, 0x59, 0xac, 0x2f, 0x78, 0x71, 743*10500SHai-May.Chao@Sun.COM 0xe7, 0xe0, 0x17, 0xa3, 0x1c, 0x5c, 0x92, 0xef, 744*10500SHai-May.Chao@Sun.COM 0xb6, 0x75, 0xed, 0xbe, 0x18, 0x39, 0x6b, 0xd7, 745*10500SHai-May.Chao@Sun.COM 0xc9, 0x08, 0x62, 0x55, 0x62, 0xac, 0x5d, 0xa1, 746*10500SHai-May.Chao@Sun.COM 0x9b, 0xd5, 0xb8, 0x98, 0x15, 0xc0, 0xf5, 0x41, 747*10500SHai-May.Chao@Sun.COM 0x85, 0x44, 0x96, 0xca, 0x10, 0xdc, 0x57, 0x21 748*10500SHai-May.Chao@Sun.COM }; 749*10500SHai-May.Chao@Sun.COM 750*10500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 751*10500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha512_signature[] = { 752*10500SHai-May.Chao@Sun.COM 0xa5, 0xd0, 0x80, 0x04, 0x22, 0xfc, 0x80, 0x73, 753*10500SHai-May.Chao@Sun.COM 0x7d, 0x46, 0xc8, 0x7b, 0xac, 0x44, 0x7b, 0xe6, 754*10500SHai-May.Chao@Sun.COM 0x07, 0xe5, 0x61, 0x4c, 0x33, 0x7f, 0x6f, 0x46, 755*10500SHai-May.Chao@Sun.COM 0x7c, 0x30, 0xe3, 0x75, 0x59, 0x4b, 0x42, 0xf3, 756*10500SHai-May.Chao@Sun.COM 0x9f, 0x35, 0x3c, 0x10, 0x56, 0xdb, 0xd2, 0x69, 757*10500SHai-May.Chao@Sun.COM 0x43, 0xcb, 0x77, 0xe9, 0x7d, 0xcd, 0x07, 0x43, 758*10500SHai-May.Chao@Sun.COM 0xc5, 0xd4, 0x0c, 0x9d, 0xf5, 0x92, 0xbd, 0x0e, 759*10500SHai-May.Chao@Sun.COM 0x3b, 0xb7, 0x68, 0x88, 0x84, 0xca, 0xae, 0x0d, 760*10500SHai-May.Chao@Sun.COM 0xab, 0x71, 0x10, 0xad, 0xab, 0x27, 0xe4, 0xa3, 761*10500SHai-May.Chao@Sun.COM 0x24, 0x41, 0xeb, 0x1c, 0xa6, 0x5f, 0xf1, 0x85, 762*10500SHai-May.Chao@Sun.COM 0xd0, 0xf6, 0x22, 0x74, 0x3d, 0x81, 0xbe, 0xdd, 763*10500SHai-May.Chao@Sun.COM 0x1b, 0x2a, 0x4c, 0xd1, 0x6c, 0xb5, 0x6d, 0x7a, 764*10500SHai-May.Chao@Sun.COM 0xbb, 0x99, 0x69, 0x01, 0xa6, 0xc0, 0x98, 0xfa, 765*10500SHai-May.Chao@Sun.COM 0x97, 0xa3, 0xd1, 0xb0, 0xdf, 0x09, 0xe3, 0x3d, 766*10500SHai-May.Chao@Sun.COM 0x88, 0xee, 0x90, 0xf3, 0x10, 0x41, 0x0f, 0x06, 767*10500SHai-May.Chao@Sun.COM 0x31, 0xe9, 0x60, 0x2d, 0xbf, 0x63, 0x7b, 0xf8 768*10500SHai-May.Chao@Sun.COM }; 769*10500SHai-May.Chao@Sun.COM 770*10500SHai-May.Chao@Sun.COM RSAPrivateKey_t rsa_private_key; 771*10500SHai-May.Chao@Sun.COM CK_RV rv; 772*10500SHai-May.Chao@Sun.COM uint8_t rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH]; 773*10500SHai-May.Chao@Sun.COM uint8_t rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH]; 774*10500SHai-May.Chao@Sun.COM uint8_t rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH]; 775*10500SHai-May.Chao@Sun.COM CK_BYTE der_data[SHA512_DIGEST_LENGTH + SHA2_DER_PREFIX_Len]; 776*10500SHai-May.Chao@Sun.COM 777*10500SHai-May.Chao@Sun.COM /* 778*10500SHai-May.Chao@Sun.COM * RSA Known Answer Encryption Test. 779*10500SHai-May.Chao@Sun.COM */ 780*10500SHai-May.Chao@Sun.COM 781*10500SHai-May.Chao@Sun.COM /* Perform RSA Public Key Encryption. */ 782*10500SHai-May.Chao@Sun.COM rv = fips_rsa_encrypt(rsa_modulus, FIPS_RSA_MODULUS_LENGTH, 783*10500SHai-May.Chao@Sun.COM rsa_public_exponent, FIPS_RSA_PUBLIC_EXPONENT_LENGTH, 784*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 785*10500SHai-May.Chao@Sun.COM rsa_computed_ciphertext); 786*10500SHai-May.Chao@Sun.COM 787*10500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 788*10500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_ciphertext, rsa_known_ciphertext, 789*10500SHai-May.Chao@Sun.COM FIPS_RSA_ENCRYPT_LENGTH) != 0)) 790*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 791*10500SHai-May.Chao@Sun.COM 792*10500SHai-May.Chao@Sun.COM /* 793*10500SHai-May.Chao@Sun.COM * RSA Known Answer Decryption Test. 794*10500SHai-May.Chao@Sun.COM */ 795*10500SHai-May.Chao@Sun.COM rsa_private_key.version = rsa_version; 796*10500SHai-May.Chao@Sun.COM rsa_private_key.version_len = FIPS_RSA_PRIVATE_VERSION_LENGTH; 797*10500SHai-May.Chao@Sun.COM rsa_private_key.modulus = rsa_modulus; 798*10500SHai-May.Chao@Sun.COM rsa_private_key.modulus_len = FIPS_RSA_MODULUS_LENGTH; 799*10500SHai-May.Chao@Sun.COM rsa_private_key.public_expo = rsa_public_exponent; 800*10500SHai-May.Chao@Sun.COM rsa_private_key.public_expo_len = FIPS_RSA_PUBLIC_EXPONENT_LENGTH; 801*10500SHai-May.Chao@Sun.COM rsa_private_key.private_expo = rsa_private_exponent; 802*10500SHai-May.Chao@Sun.COM rsa_private_key.private_expo_len = FIPS_RSA_PRIVATE_EXPONENT_LENGTH; 803*10500SHai-May.Chao@Sun.COM rsa_private_key.prime1 = rsa_prime0; 804*10500SHai-May.Chao@Sun.COM rsa_private_key.prime1_len = FIPS_RSA_PRIME0_LENGTH; 805*10500SHai-May.Chao@Sun.COM rsa_private_key.prime2 = rsa_prime1; 806*10500SHai-May.Chao@Sun.COM rsa_private_key.prime2_len = FIPS_RSA_PRIME1_LENGTH; 807*10500SHai-May.Chao@Sun.COM rsa_private_key.exponent1 = rsa_exponent0; 808*10500SHai-May.Chao@Sun.COM rsa_private_key.exponent1_len = FIPS_RSA_EXPONENT0_LENGTH; 809*10500SHai-May.Chao@Sun.COM rsa_private_key.exponent2 = rsa_exponent1; 810*10500SHai-May.Chao@Sun.COM rsa_private_key.exponent2_len = FIPS_RSA_EXPONENT1_LENGTH; 811*10500SHai-May.Chao@Sun.COM rsa_private_key.coef = rsa_coefficient; 812*10500SHai-May.Chao@Sun.COM rsa_private_key.coef_len = FIPS_RSA_COEFFICIENT_LENGTH; 813*10500SHai-May.Chao@Sun.COM 814*10500SHai-May.Chao@Sun.COM /* Perform RSA Private Key Decryption. */ 815*10500SHai-May.Chao@Sun.COM rv = fips_rsa_decrypt(&rsa_private_key, rsa_known_ciphertext, 816*10500SHai-May.Chao@Sun.COM FIPS_RSA_MESSAGE_LENGTH, rsa_computed_plaintext); 817*10500SHai-May.Chao@Sun.COM 818*10500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 819*10500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_plaintext, rsa_known_plaintext_msg, 820*10500SHai-May.Chao@Sun.COM FIPS_RSA_DECRYPT_LENGTH) != 0)) 821*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 822*10500SHai-May.Chao@Sun.COM 823*10500SHai-May.Chao@Sun.COM /* SHA-1 Sign/Verify */ 824*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 825*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA1_TYPE, &rsa_private_key, 826*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 827*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 828*10500SHai-May.Chao@Sun.COM #else 829*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA_1, &rsa_private_key, 830*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 831*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 832*10500SHai-May.Chao@Sun.COM #endif 833*10500SHai-May.Chao@Sun.COM 834*10500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 835*10500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha1_signature, 836*10500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 837*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 838*10500SHai-May.Chao@Sun.COM 839*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 840*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA1_TYPE, &rsa_private_key, 841*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 842*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 843*10500SHai-May.Chao@Sun.COM #else 844*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA_1, &rsa_private_key, 845*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 846*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 847*10500SHai-May.Chao@Sun.COM #endif 848*10500SHai-May.Chao@Sun.COM 849*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 850*10500SHai-May.Chao@Sun.COM goto rsa_loser; 851*10500SHai-May.Chao@Sun.COM 852*10500SHai-May.Chao@Sun.COM /* SHA256 Sign/Verify */ 853*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 854*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA256_TYPE, &rsa_private_key, 855*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 856*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 857*10500SHai-May.Chao@Sun.COM #else 858*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA256, &rsa_private_key, 859*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 860*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 861*10500SHai-May.Chao@Sun.COM #endif 862*10500SHai-May.Chao@Sun.COM 863*10500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 864*10500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha256_signature, 865*10500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 866*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 867*10500SHai-May.Chao@Sun.COM 868*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 869*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA256_TYPE, &rsa_private_key, 870*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 871*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 872*10500SHai-May.Chao@Sun.COM #else 873*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA256, &rsa_private_key, 874*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 875*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 876*10500SHai-May.Chao@Sun.COM #endif 877*10500SHai-May.Chao@Sun.COM 878*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 879*10500SHai-May.Chao@Sun.COM goto rsa_loser; 880*10500SHai-May.Chao@Sun.COM 881*10500SHai-May.Chao@Sun.COM /* SHA384 Sign/Verify */ 882*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 883*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA384_TYPE, &rsa_private_key, 884*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 885*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 886*10500SHai-May.Chao@Sun.COM #else 887*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA384, &rsa_private_key, 888*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 889*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 890*10500SHai-May.Chao@Sun.COM #endif 891*10500SHai-May.Chao@Sun.COM 892*10500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 893*10500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha384_signature, 894*10500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 895*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 896*10500SHai-May.Chao@Sun.COM 897*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 898*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA384_TYPE, &rsa_private_key, 899*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 900*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 901*10500SHai-May.Chao@Sun.COM #else 902*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA384, &rsa_private_key, 903*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 904*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 905*10500SHai-May.Chao@Sun.COM #endif 906*10500SHai-May.Chao@Sun.COM 907*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 908*10500SHai-May.Chao@Sun.COM goto rsa_loser; 909*10500SHai-May.Chao@Sun.COM 910*10500SHai-May.Chao@Sun.COM /* SHA512 Sign/Verify */ 911*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 912*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA512_TYPE, &rsa_private_key, 913*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 914*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 915*10500SHai-May.Chao@Sun.COM #else 916*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA512, &rsa_private_key, 917*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 918*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 919*10500SHai-May.Chao@Sun.COM #endif 920*10500SHai-May.Chao@Sun.COM 921*10500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 922*10500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha512_signature, 923*10500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 924*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 925*10500SHai-May.Chao@Sun.COM 926*10500SHai-May.Chao@Sun.COM #ifdef _KERNEL 927*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA512_TYPE, &rsa_private_key, 928*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 929*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 930*10500SHai-May.Chao@Sun.COM #else 931*10500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA512, &rsa_private_key, 932*10500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 933*10500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 934*10500SHai-May.Chao@Sun.COM #endif 935*10500SHai-May.Chao@Sun.COM 936*10500SHai-May.Chao@Sun.COM rsa_loser: 937*10500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 938*10500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 939*10500SHai-May.Chao@Sun.COM else 940*10500SHai-May.Chao@Sun.COM return (CKR_OK); 941*10500SHai-May.Chao@Sun.COM 942*10500SHai-May.Chao@Sun.COM } 943