110500SHai-May.Chao@Sun.COM /* 210500SHai-May.Chao@Sun.COM * CDDL HEADER START 310500SHai-May.Chao@Sun.COM * 410500SHai-May.Chao@Sun.COM * The contents of this file are subject to the terms of the 510500SHai-May.Chao@Sun.COM * Common Development and Distribution License (the "License"). 610500SHai-May.Chao@Sun.COM * You may not use this file except in compliance with the License. 710500SHai-May.Chao@Sun.COM * 810500SHai-May.Chao@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 910500SHai-May.Chao@Sun.COM * or http://www.opensolaris.org/os/licensing. 1010500SHai-May.Chao@Sun.COM * See the License for the specific language governing permissions 1110500SHai-May.Chao@Sun.COM * and limitations under the License. 1210500SHai-May.Chao@Sun.COM * 1310500SHai-May.Chao@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 1410500SHai-May.Chao@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1510500SHai-May.Chao@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 1610500SHai-May.Chao@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 1710500SHai-May.Chao@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 1810500SHai-May.Chao@Sun.COM * 1910500SHai-May.Chao@Sun.COM * CDDL HEADER END 2010500SHai-May.Chao@Sun.COM */ 2110500SHai-May.Chao@Sun.COM /* 2210500SHai-May.Chao@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 2310500SHai-May.Chao@Sun.COM * Use is subject to license terms. 2410500SHai-May.Chao@Sun.COM */ 2510500SHai-May.Chao@Sun.COM 2610500SHai-May.Chao@Sun.COM #include <sys/types.h> 2710500SHai-May.Chao@Sun.COM #include <sys/param.h> 2810500SHai-May.Chao@Sun.COM #include <sys/errno.h> 2910500SHai-May.Chao@Sun.COM #include <sys/kmem.h> 3010500SHai-May.Chao@Sun.COM #include <sys/systm.h> 3110500SHai-May.Chao@Sun.COM #include <sys/sysmacros.h> 3210500SHai-May.Chao@Sun.COM #include <sys/sha1.h> 3310500SHai-May.Chao@Sun.COM #define _SHA2_IMPL 3410500SHai-May.Chao@Sun.COM #include <sys/sha2.h> 3510500SHai-May.Chao@Sun.COM #include <sys/crypto/common.h> 3610500SHai-May.Chao@Sun.COM #define _RSA_FIPS_POST 3710500SHai-May.Chao@Sun.COM #include <rsa/rsa_impl.h> 3810500SHai-May.Chao@Sun.COM #ifndef _KERNEL 3910500SHai-May.Chao@Sun.COM #include <stdlib.h> 4010500SHai-May.Chao@Sun.COM #include <string.h> 4110500SHai-May.Chao@Sun.COM #include <strings.h> 4210500SHai-May.Chao@Sun.COM #include <stdio.h> 4310500SHai-May.Chao@Sun.COM #include <security/cryptoki.h> 4410500SHai-May.Chao@Sun.COM #include <cryptoutil.h> 4510500SHai-May.Chao@Sun.COM #include "softMAC.h" 4610500SHai-May.Chao@Sun.COM #endif 4710500SHai-May.Chao@Sun.COM #include <sha2/sha2_impl.h> 4810500SHai-May.Chao@Sun.COM 4910500SHai-May.Chao@Sun.COM int 5010500SHai-May.Chao@Sun.COM fips_rsa_encrypt(uint8_t *modulus, int modulus_len, 5110500SHai-May.Chao@Sun.COM uint8_t *expo, int expo_len, 5210500SHai-May.Chao@Sun.COM uint8_t *in, int in_len, uint8_t *out) 5310500SHai-May.Chao@Sun.COM { 5410500SHai-May.Chao@Sun.COM 5510500SHai-May.Chao@Sun.COM RSAkey *rsakey; 5610500SHai-May.Chao@Sun.COM BIGNUM msg; 5710500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 5810500SHai-May.Chao@Sun.COM 5910500SHai-May.Chao@Sun.COM #ifdef _KERNEL 6010500SHai-May.Chao@Sun.COM if ((rsakey = kmem_zalloc(sizeof (RSAkey), KM_SLEEP)) == NULL) { 6110500SHai-May.Chao@Sun.COM #else 6210500SHai-May.Chao@Sun.COM if ((rsakey = calloc(1, sizeof (RSAkey))) == NULL) { 6310500SHai-May.Chao@Sun.COM #endif 6410500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 6510500SHai-May.Chao@Sun.COM goto clean1; 6610500SHai-May.Chao@Sun.COM } 6710500SHai-May.Chao@Sun.COM 6810500SHai-May.Chao@Sun.COM if (RSA_key_init(rsakey, modulus_len * 4, modulus_len * 4) != BIG_OK) { 6910500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 7010500SHai-May.Chao@Sun.COM goto clean2; 7110500SHai-May.Chao@Sun.COM } 7210500SHai-May.Chao@Sun.COM 7310500SHai-May.Chao@Sun.COM /* Size for big_init is in (32-bit) words. */ 7410500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { 7510500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 7610500SHai-May.Chao@Sun.COM goto clean3; 7710500SHai-May.Chao@Sun.COM } 7810500SHai-May.Chao@Sun.COM 7910500SHai-May.Chao@Sun.COM /* Convert octet string exponent to big integer format. */ 8010500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->e), expo, expo_len); 8110500SHai-May.Chao@Sun.COM 8210500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 8310500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->n), modulus, modulus_len); 8410500SHai-May.Chao@Sun.COM 8510500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 8610500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, in_len); 8710500SHai-May.Chao@Sun.COM 8810500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey->n)) > 0) { 8910500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 9010500SHai-May.Chao@Sun.COM goto clean4; 9110500SHai-May.Chao@Sun.COM } 9210500SHai-May.Chao@Sun.COM 9310500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 9410500SHai-May.Chao@Sun.COM if (big_modexp(&msg, &msg, &(rsakey->e), &(rsakey->n), NULL) != 9510500SHai-May.Chao@Sun.COM BIG_OK) { 9610500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 9710500SHai-May.Chao@Sun.COM goto clean4; 9810500SHai-May.Chao@Sun.COM } 9910500SHai-May.Chao@Sun.COM 10010500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 10110500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, modulus_len); 10210500SHai-May.Chao@Sun.COM 10310500SHai-May.Chao@Sun.COM clean4: 10410500SHai-May.Chao@Sun.COM big_finish(&msg); 10510500SHai-May.Chao@Sun.COM clean3: 10610500SHai-May.Chao@Sun.COM RSA_key_finish(rsakey); 10710500SHai-May.Chao@Sun.COM clean2: 10810500SHai-May.Chao@Sun.COM #ifndef _KERNEL 10910500SHai-May.Chao@Sun.COM free(rsakey); 11010500SHai-May.Chao@Sun.COM #else 11110500SHai-May.Chao@Sun.COM kmem_free(rsakey, sizeof (RSAkey)); 11210500SHai-May.Chao@Sun.COM #endif 11310500SHai-May.Chao@Sun.COM clean1: 11410500SHai-May.Chao@Sun.COM 11510500SHai-May.Chao@Sun.COM return (rv); 11610500SHai-May.Chao@Sun.COM } 11710500SHai-May.Chao@Sun.COM 11810500SHai-May.Chao@Sun.COM int 11910500SHai-May.Chao@Sun.COM fips_rsa_decrypt(RSAPrivateKey_t *key, uint8_t *in, int in_len, 12010500SHai-May.Chao@Sun.COM uint8_t *out) 12110500SHai-May.Chao@Sun.COM { 12210500SHai-May.Chao@Sun.COM 12310500SHai-May.Chao@Sun.COM RSAkey *rsakey; 12410500SHai-May.Chao@Sun.COM BIGNUM msg; 12510500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 12610500SHai-May.Chao@Sun.COM 12710500SHai-May.Chao@Sun.COM #ifdef _KERNEL 12810500SHai-May.Chao@Sun.COM if ((rsakey = kmem_zalloc(sizeof (RSAkey), KM_SLEEP)) == NULL) { 12910500SHai-May.Chao@Sun.COM #else 13010500SHai-May.Chao@Sun.COM if ((rsakey = calloc(1, sizeof (RSAkey))) == NULL) { 13110500SHai-May.Chao@Sun.COM #endif 13210500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 13310500SHai-May.Chao@Sun.COM goto clean1; 13410500SHai-May.Chao@Sun.COM } 13510500SHai-May.Chao@Sun.COM 13610500SHai-May.Chao@Sun.COM /* psize and qsize for RSA_key_init is in bits. */ 13710500SHai-May.Chao@Sun.COM if (RSA_key_init(rsakey, key->prime2_len * 8, key->prime1_len * 8) 13810500SHai-May.Chao@Sun.COM != BIG_OK) { 13910500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 14010500SHai-May.Chao@Sun.COM goto clean2; 14110500SHai-May.Chao@Sun.COM } 14210500SHai-May.Chao@Sun.COM 14310500SHai-May.Chao@Sun.COM /* Size for big_init is in (32-bit) words. */ 14410500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { 14510500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 14610500SHai-May.Chao@Sun.COM goto clean3; 14710500SHai-May.Chao@Sun.COM } 14810500SHai-May.Chao@Sun.COM 14910500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 15010500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, in_len); 15110500SHai-May.Chao@Sun.COM 15210500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 15310500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->n), key->modulus, key->modulus_len); 15410500SHai-May.Chao@Sun.COM 15510500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey->n)) > 0) { 15610500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 15710500SHai-May.Chao@Sun.COM goto clean4; 15810500SHai-May.Chao@Sun.COM } 15910500SHai-May.Chao@Sun.COM 16010500SHai-May.Chao@Sun.COM /* Convert the rest of private key attributes to big integer format. */ 16110500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->dmodpminus1), key->exponent2, 16210500SHai-May.Chao@Sun.COM key->exponent2_len); 16310500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->dmodqminus1), key->exponent1, 16410500SHai-May.Chao@Sun.COM key->exponent1_len); 16510500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->p), key->prime2, key->prime2_len); 16610500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->q), key->prime1, key->prime1_len); 16710500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey->pinvmodq), key->coef, key->coef_len); 16810500SHai-May.Chao@Sun.COM 16910500SHai-May.Chao@Sun.COM if ((big_cmp_abs(&(rsakey->dmodpminus1), &(rsakey->p)) > 0) || 17010500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey->dmodqminus1), &(rsakey->q)) > 0) || 17110500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey->pinvmodq), &(rsakey->q)) > 0)) { 17210500SHai-May.Chao@Sun.COM #ifndef _KERNEL 17310500SHai-May.Chao@Sun.COM rv = CKR_KEY_SIZE_RANGE; 17410500SHai-May.Chao@Sun.COM #else 17510500SHai-May.Chao@Sun.COM rv = CRYPTO_KEY_SIZE_RANGE; 17610500SHai-May.Chao@Sun.COM #endif 17710500SHai-May.Chao@Sun.COM goto clean4; 17810500SHai-May.Chao@Sun.COM } 17910500SHai-May.Chao@Sun.COM 18010500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 18110500SHai-May.Chao@Sun.COM if (big_modexp_crt(&msg, &msg, &(rsakey->dmodpminus1), 18210500SHai-May.Chao@Sun.COM &(rsakey->dmodqminus1), &(rsakey->p), &(rsakey->q), 18310500SHai-May.Chao@Sun.COM &(rsakey->pinvmodq), NULL, NULL) != BIG_OK) { 18410500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 18510500SHai-May.Chao@Sun.COM goto clean4; 18610500SHai-May.Chao@Sun.COM } 18710500SHai-May.Chao@Sun.COM 18810500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 18910500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, key->modulus_len); 19010500SHai-May.Chao@Sun.COM 19110500SHai-May.Chao@Sun.COM clean4: 19210500SHai-May.Chao@Sun.COM big_finish(&msg); 19310500SHai-May.Chao@Sun.COM clean3: 19410500SHai-May.Chao@Sun.COM RSA_key_finish(rsakey); 19510500SHai-May.Chao@Sun.COM clean2: 19610500SHai-May.Chao@Sun.COM #ifndef _KERNEL 19710500SHai-May.Chao@Sun.COM free(rsakey); 19810500SHai-May.Chao@Sun.COM #else 19910500SHai-May.Chao@Sun.COM kmem_free(rsakey, sizeof (RSAkey)); 20010500SHai-May.Chao@Sun.COM #endif 20110500SHai-May.Chao@Sun.COM clean1: 20210500SHai-May.Chao@Sun.COM 20310500SHai-May.Chao@Sun.COM return (rv); 20410500SHai-May.Chao@Sun.COM 20510500SHai-May.Chao@Sun.COM } 20610500SHai-May.Chao@Sun.COM 20710500SHai-May.Chao@Sun.COM int 20810500SHai-May.Chao@Sun.COM fips_rsa_sign(RSAPrivateKey_t *rsa_params, uint8_t *in, 20910500SHai-May.Chao@Sun.COM uint32_t inlen, uint8_t *out) 21010500SHai-May.Chao@Sun.COM { 21110500SHai-May.Chao@Sun.COM BIGNUM msg; 21210500SHai-May.Chao@Sun.COM RSAkey rsakey; 21310500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 21410500SHai-May.Chao@Sun.COM 21510500SHai-May.Chao@Sun.COM /* psize and qsize for RSA_key_init is in bits. */ 21610500SHai-May.Chao@Sun.COM if (RSA_key_init(&rsakey, rsa_params->prime2_len * 8, 21710500SHai-May.Chao@Sun.COM rsa_params->prime1_len * 8) != BIG_OK) { 21810500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 21910500SHai-May.Chao@Sun.COM goto clean1; 22010500SHai-May.Chao@Sun.COM } 22110500SHai-May.Chao@Sun.COM 22210500SHai-May.Chao@Sun.COM /* Size for big_init is in BIG_CHUNK_TYPE words. */ 22310500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(inlen)) != BIG_OK) { 22410500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 22510500SHai-May.Chao@Sun.COM goto clean2; 22610500SHai-May.Chao@Sun.COM } 22710500SHai-May.Chao@Sun.COM 22810500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 22910500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, inlen); 23010500SHai-May.Chao@Sun.COM 23110500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 23210500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.n), rsa_params->modulus, 23310500SHai-May.Chao@Sun.COM rsa_params->modulus_len); 23410500SHai-May.Chao@Sun.COM 23510500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey.n)) > 0) { 23610500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 23710500SHai-May.Chao@Sun.COM goto clean3; 23810500SHai-May.Chao@Sun.COM } 23910500SHai-May.Chao@Sun.COM 24010500SHai-May.Chao@Sun.COM /* Convert the rest of private key attributes to big integer format. */ 24110500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.dmodpminus1), rsa_params->exponent2, 24210500SHai-May.Chao@Sun.COM rsa_params->exponent2_len); 24310500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.dmodqminus1), rsa_params->exponent1, 24410500SHai-May.Chao@Sun.COM rsa_params->exponent1_len); 24510500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.p), rsa_params->prime2, 24610500SHai-May.Chao@Sun.COM rsa_params->prime2_len); 24710500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.q), rsa_params->prime1, 24810500SHai-May.Chao@Sun.COM rsa_params->prime1_len); 24910500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.pinvmodq), rsa_params->coef, 25010500SHai-May.Chao@Sun.COM rsa_params->coef_len); 25110500SHai-May.Chao@Sun.COM 25210500SHai-May.Chao@Sun.COM if ((big_cmp_abs(&(rsakey.dmodpminus1), &(rsakey.p)) > 0) || 25310500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey.dmodqminus1), &(rsakey.q)) > 0) || 25410500SHai-May.Chao@Sun.COM (big_cmp_abs(&(rsakey.pinvmodq), &(rsakey.q)) > 0)) { 25510500SHai-May.Chao@Sun.COM #ifndef _KERNEL 25610500SHai-May.Chao@Sun.COM rv = CKR_KEY_SIZE_RANGE; 25710500SHai-May.Chao@Sun.COM #else 25810500SHai-May.Chao@Sun.COM rv = CRYPTO_KEY_SIZE_RANGE; 25910500SHai-May.Chao@Sun.COM #endif 26010500SHai-May.Chao@Sun.COM goto clean3; 26110500SHai-May.Chao@Sun.COM } 26210500SHai-May.Chao@Sun.COM 26310500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 26410500SHai-May.Chao@Sun.COM if (big_modexp_crt(&msg, &msg, &(rsakey.dmodpminus1), 26510500SHai-May.Chao@Sun.COM &(rsakey.dmodqminus1), &(rsakey.p), &(rsakey.q), 26610500SHai-May.Chao@Sun.COM &(rsakey.pinvmodq), NULL, NULL) != BIG_OK) { 26710500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 26810500SHai-May.Chao@Sun.COM goto clean3; 26910500SHai-May.Chao@Sun.COM } 27010500SHai-May.Chao@Sun.COM 27110500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 27210500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, rsa_params->modulus_len); 27310500SHai-May.Chao@Sun.COM 27410500SHai-May.Chao@Sun.COM clean3: 27510500SHai-May.Chao@Sun.COM big_finish(&msg); 27610500SHai-May.Chao@Sun.COM clean2: 27710500SHai-May.Chao@Sun.COM RSA_key_finish(&rsakey); 27810500SHai-May.Chao@Sun.COM clean1: 27910500SHai-May.Chao@Sun.COM 28010500SHai-May.Chao@Sun.COM return (rv); 28110500SHai-May.Chao@Sun.COM 28210500SHai-May.Chao@Sun.COM } 28310500SHai-May.Chao@Sun.COM 28410500SHai-May.Chao@Sun.COM int 28510500SHai-May.Chao@Sun.COM fips_rsa_verify(RSAPrivateKey_t *rsa_params, uint8_t *in, uint32_t in_len, 28610500SHai-May.Chao@Sun.COM uint8_t *out) 28710500SHai-May.Chao@Sun.COM { 28810500SHai-May.Chao@Sun.COM 28910500SHai-May.Chao@Sun.COM BIGNUM msg; 29010500SHai-May.Chao@Sun.COM RSAkey rsakey; 29110500SHai-May.Chao@Sun.COM CK_RV rv = CKR_OK; 29210500SHai-May.Chao@Sun.COM 29310500SHai-May.Chao@Sun.COM if (RSA_key_init(&rsakey, rsa_params->modulus_len * 4, 29410500SHai-May.Chao@Sun.COM rsa_params->modulus_len * 4) != BIG_OK) { 29510500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 29610500SHai-May.Chao@Sun.COM goto clean1; 29710500SHai-May.Chao@Sun.COM } 29810500SHai-May.Chao@Sun.COM 29910500SHai-May.Chao@Sun.COM /* Size for big_init is in BIG_CHUNK_TYPE words. */ 30010500SHai-May.Chao@Sun.COM if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) { 30110500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 30210500SHai-May.Chao@Sun.COM goto clean2; 30310500SHai-May.Chao@Sun.COM } 30410500SHai-May.Chao@Sun.COM 30510500SHai-May.Chao@Sun.COM /* Convert octet string exponent to big integer format. */ 30610500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.e), rsa_params->public_expo, 30710500SHai-May.Chao@Sun.COM rsa_params->public_expo_len); 30810500SHai-May.Chao@Sun.COM 30910500SHai-May.Chao@Sun.COM /* Convert octet string modulus to big integer format. */ 31010500SHai-May.Chao@Sun.COM bytestring2bignum(&(rsakey.n), rsa_params->modulus, 31110500SHai-May.Chao@Sun.COM rsa_params->modulus_len); 31210500SHai-May.Chao@Sun.COM 31310500SHai-May.Chao@Sun.COM /* Convert octet string input data to big integer format. */ 31410500SHai-May.Chao@Sun.COM bytestring2bignum(&msg, (uchar_t *)in, in_len); 31510500SHai-May.Chao@Sun.COM 31610500SHai-May.Chao@Sun.COM if (big_cmp_abs(&msg, &(rsakey.n)) > 0) { 31710500SHai-May.Chao@Sun.COM rv = CKR_DATA_LEN_RANGE; 31810500SHai-May.Chao@Sun.COM goto clean3; 31910500SHai-May.Chao@Sun.COM } 32010500SHai-May.Chao@Sun.COM 32110500SHai-May.Chao@Sun.COM /* Perform RSA computation on big integer input data. */ 32210500SHai-May.Chao@Sun.COM if (big_modexp(&msg, &msg, &(rsakey.e), &(rsakey.n), NULL) != 32310500SHai-May.Chao@Sun.COM BIG_OK) { 32410500SHai-May.Chao@Sun.COM rv = CKR_HOST_MEMORY; 32510500SHai-May.Chao@Sun.COM goto clean3; 32610500SHai-May.Chao@Sun.COM } 32710500SHai-May.Chao@Sun.COM 32810500SHai-May.Chao@Sun.COM /* Convert the big integer output data to octet string. */ 32910500SHai-May.Chao@Sun.COM bignum2bytestring((uchar_t *)out, &msg, rsa_params->modulus_len); 33010500SHai-May.Chao@Sun.COM 33110500SHai-May.Chao@Sun.COM clean3: 33210500SHai-May.Chao@Sun.COM big_finish(&msg); 33310500SHai-May.Chao@Sun.COM clean2: 33410500SHai-May.Chao@Sun.COM RSA_key_finish(&rsakey); 33510500SHai-May.Chao@Sun.COM clean1: 33610500SHai-May.Chao@Sun.COM 33710500SHai-May.Chao@Sun.COM return (rv); 33810500SHai-May.Chao@Sun.COM } 33910500SHai-May.Chao@Sun.COM 34010500SHai-May.Chao@Sun.COM static CK_RV 34110500SHai-May.Chao@Sun.COM #ifdef _KERNEL 34210500SHai-May.Chao@Sun.COM fips_rsa_sign_verify_test(sha2_mech_t mechanism, 34310500SHai-May.Chao@Sun.COM #else 34410500SHai-May.Chao@Sun.COM fips_rsa_sign_verify_test(CK_MECHANISM_TYPE mechanism, 34510500SHai-May.Chao@Sun.COM #endif 34610500SHai-May.Chao@Sun.COM RSAPrivateKey_t *rsa_private_key, 34710500SHai-May.Chao@Sun.COM unsigned char *rsa_known_msg, 34810500SHai-May.Chao@Sun.COM unsigned int rsa_msg_length, 34910500SHai-May.Chao@Sun.COM unsigned char *rsa_computed_signature, 35010500SHai-May.Chao@Sun.COM unsigned char *der_data, int sign) 35110500SHai-May.Chao@Sun.COM 35210500SHai-May.Chao@Sun.COM { 35310500SHai-May.Chao@Sun.COM unsigned char hash[SHA512_DIGEST_LENGTH]; /* SHA digest */ 35410500SHai-May.Chao@Sun.COM SHA1_CTX *sha1_context = NULL; 35510500SHai-May.Chao@Sun.COM SHA2_CTX *sha2_context = NULL; 35610500SHai-May.Chao@Sun.COM int hash_len; 35710500SHai-May.Chao@Sun.COM CK_RV rv; 35810500SHai-May.Chao@Sun.COM CK_ULONG der_len; 35910500SHai-May.Chao@Sun.COM CK_BYTE *der_prefix; 36010500SHai-May.Chao@Sun.COM CK_ULONG der_data_len; 36110500SHai-May.Chao@Sun.COM CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; 36210500SHai-May.Chao@Sun.COM uint32_t modulus_len; 36310500SHai-May.Chao@Sun.COM 36410500SHai-May.Chao@Sun.COM switch (mechanism) { 36510500SHai-May.Chao@Sun.COM #ifdef _KERNEL 36610500SHai-May.Chao@Sun.COM case SHA1_TYPE: 36710500SHai-May.Chao@Sun.COM #else 36810500SHai-May.Chao@Sun.COM case CKM_SHA_1: 36910500SHai-May.Chao@Sun.COM #endif 37010500SHai-May.Chao@Sun.COM { 37110500SHai-May.Chao@Sun.COM 37210500SHai-May.Chao@Sun.COM #ifdef _KERNEL 37310500SHai-May.Chao@Sun.COM if ((sha1_context = kmem_zalloc(sizeof (SHA1_CTX), 37410500SHai-May.Chao@Sun.COM KM_SLEEP)) == NULL) 37510500SHai-May.Chao@Sun.COM #else 37610500SHai-May.Chao@Sun.COM if ((sha1_context = malloc(sizeof (SHA1_CTX))) == NULL) 37710500SHai-May.Chao@Sun.COM #endif 37810500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 37910500SHai-May.Chao@Sun.COM 38010500SHai-May.Chao@Sun.COM SHA1Init(sha1_context); 38110500SHai-May.Chao@Sun.COM 38210500SHai-May.Chao@Sun.COM #ifdef __sparcv9 38310500SHai-May.Chao@Sun.COM SHA1Update(sha1_context, rsa_known_msg, 38410500SHai-May.Chao@Sun.COM (uint_t)rsa_msg_length); 38510500SHai-May.Chao@Sun.COM #else /* !__sparcv9 */ 38610500SHai-May.Chao@Sun.COM SHA1Update(sha1_context, rsa_known_msg, rsa_msg_length); 38710500SHai-May.Chao@Sun.COM #endif /* __sparcv9 */ 38810500SHai-May.Chao@Sun.COM SHA1Final(hash, sha1_context); 38910500SHai-May.Chao@Sun.COM 39010500SHai-May.Chao@Sun.COM hash_len = SHA1_DIGEST_LENGTH; 39110500SHai-May.Chao@Sun.COM 39210500SHai-May.Chao@Sun.COM /* 39310500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 39410500SHai-May.Chao@Sun.COM * by setting it to: 39510500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 39610500SHai-May.Chao@Sun.COM */ 39710500SHai-May.Chao@Sun.COM der_len = SHA1_DER_PREFIX_Len; 39810500SHai-May.Chao@Sun.COM der_prefix = (CK_BYTE *)SHA1_DER_PREFIX; 39910500SHai-May.Chao@Sun.COM (void) memcpy(der_data, der_prefix, der_len); 40010500SHai-May.Chao@Sun.COM (void) memcpy(der_data + der_len, hash, hash_len); 40110500SHai-May.Chao@Sun.COM der_data_len = der_len + hash_len; 402*10979SHai-May.Chao@Sun.COM #ifdef _KERNEL 403*10979SHai-May.Chao@Sun.COM kmem_free(sha1_context, sizeof (SHA1_CTX)); 404*10979SHai-May.Chao@Sun.COM #else 405*10979SHai-May.Chao@Sun.COM free(sha1_context); 406*10979SHai-May.Chao@Sun.COM #endif 40710500SHai-May.Chao@Sun.COM break; 40810500SHai-May.Chao@Sun.COM } 40910500SHai-May.Chao@Sun.COM 41010500SHai-May.Chao@Sun.COM #ifdef _KERNEL 41110500SHai-May.Chao@Sun.COM case SHA256_TYPE: 41210500SHai-May.Chao@Sun.COM #else 41310500SHai-May.Chao@Sun.COM case CKM_SHA256: 41410500SHai-May.Chao@Sun.COM #endif 41510500SHai-May.Chao@Sun.COM { 41610500SHai-May.Chao@Sun.COM 41710500SHai-May.Chao@Sun.COM sha2_context = fips_sha2_build_context(mechanism); 41810500SHai-May.Chao@Sun.COM if (sha2_context == NULL) 41910500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 42010500SHai-May.Chao@Sun.COM 42110500SHai-May.Chao@Sun.COM rv = fips_sha2_hash(sha2_context, rsa_known_msg, 42210500SHai-May.Chao@Sun.COM rsa_msg_length, hash); 42310500SHai-May.Chao@Sun.COM hash_len = SHA256_DIGEST_LENGTH; 42410500SHai-May.Chao@Sun.COM 42510500SHai-May.Chao@Sun.COM /* 42610500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 42710500SHai-May.Chao@Sun.COM * by setting it to: 42810500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 42910500SHai-May.Chao@Sun.COM */ 43010500SHai-May.Chao@Sun.COM (void) memcpy(der_data, SHA256_DER_PREFIX, 43110500SHai-May.Chao@Sun.COM SHA2_DER_PREFIX_Len); 43210500SHai-May.Chao@Sun.COM (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); 43310500SHai-May.Chao@Sun.COM der_data_len = SHA2_DER_PREFIX_Len + hash_len; 43410500SHai-May.Chao@Sun.COM break; 43510500SHai-May.Chao@Sun.COM } 43610500SHai-May.Chao@Sun.COM #ifdef _KERNEL 43710500SHai-May.Chao@Sun.COM case SHA384_TYPE: 43810500SHai-May.Chao@Sun.COM #else 43910500SHai-May.Chao@Sun.COM case CKM_SHA384: 44010500SHai-May.Chao@Sun.COM #endif 44110500SHai-May.Chao@Sun.COM { 44210500SHai-May.Chao@Sun.COM 44310500SHai-May.Chao@Sun.COM sha2_context = fips_sha2_build_context(mechanism); 44410500SHai-May.Chao@Sun.COM if (sha2_context == NULL) 44510500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 44610500SHai-May.Chao@Sun.COM 44710500SHai-May.Chao@Sun.COM rv = fips_sha2_hash(sha2_context, rsa_known_msg, 44810500SHai-May.Chao@Sun.COM rsa_msg_length, hash); 44910500SHai-May.Chao@Sun.COM hash_len = SHA384_DIGEST_LENGTH; 45010500SHai-May.Chao@Sun.COM 45110500SHai-May.Chao@Sun.COM /* 45210500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 45310500SHai-May.Chao@Sun.COM * by setting it to: 45410500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 45510500SHai-May.Chao@Sun.COM */ 45610500SHai-May.Chao@Sun.COM (void) memcpy(der_data, SHA384_DER_PREFIX, 45710500SHai-May.Chao@Sun.COM SHA2_DER_PREFIX_Len); 45810500SHai-May.Chao@Sun.COM (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); 45910500SHai-May.Chao@Sun.COM der_data_len = SHA2_DER_PREFIX_Len + hash_len; 46010500SHai-May.Chao@Sun.COM break; 46110500SHai-May.Chao@Sun.COM } 46210500SHai-May.Chao@Sun.COM #ifdef _KERNEL 46310500SHai-May.Chao@Sun.COM case SHA512_TYPE: 46410500SHai-May.Chao@Sun.COM #else 46510500SHai-May.Chao@Sun.COM case CKM_SHA512: 46610500SHai-May.Chao@Sun.COM #endif 46710500SHai-May.Chao@Sun.COM { 46810500SHai-May.Chao@Sun.COM 46910500SHai-May.Chao@Sun.COM sha2_context = fips_sha2_build_context(mechanism); 47010500SHai-May.Chao@Sun.COM if (sha2_context == NULL) 47110500SHai-May.Chao@Sun.COM return (CKR_HOST_MEMORY); 47210500SHai-May.Chao@Sun.COM 47310500SHai-May.Chao@Sun.COM rv = fips_sha2_hash(sha2_context, rsa_known_msg, 47410500SHai-May.Chao@Sun.COM rsa_msg_length, hash); 47510500SHai-May.Chao@Sun.COM hash_len = SHA512_DIGEST_LENGTH; 47610500SHai-May.Chao@Sun.COM 47710500SHai-May.Chao@Sun.COM /* 47810500SHai-May.Chao@Sun.COM * Prepare the DER encoding of the DigestInfo value 47910500SHai-May.Chao@Sun.COM * by setting it to: 48010500SHai-May.Chao@Sun.COM * <MECH>_DER_PREFIX || H 48110500SHai-May.Chao@Sun.COM */ 48210500SHai-May.Chao@Sun.COM (void) memcpy(der_data, SHA512_DER_PREFIX, 48310500SHai-May.Chao@Sun.COM SHA2_DER_PREFIX_Len); 48410500SHai-May.Chao@Sun.COM (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); 48510500SHai-May.Chao@Sun.COM der_data_len = SHA2_DER_PREFIX_Len + hash_len; 48610500SHai-May.Chao@Sun.COM break; 48710500SHai-May.Chao@Sun.COM } 48810500SHai-May.Chao@Sun.COM } 48910500SHai-May.Chao@Sun.COM 49010500SHai-May.Chao@Sun.COM modulus_len = rsa_private_key->modulus_len; 49110500SHai-May.Chao@Sun.COM 49210500SHai-May.Chao@Sun.COM if (sign) { 49310500SHai-May.Chao@Sun.COM rv = soft_sign_rsa_pkcs_encode(der_data, der_data_len, 49410500SHai-May.Chao@Sun.COM plain_data, modulus_len); 49510500SHai-May.Chao@Sun.COM 49610500SHai-May.Chao@Sun.COM if (rv != CKR_OK) { 49710500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 49810500SHai-May.Chao@Sun.COM } 49910500SHai-May.Chao@Sun.COM 50010500SHai-May.Chao@Sun.COM rv = fips_rsa_sign(rsa_private_key, plain_data, modulus_len, 50110500SHai-May.Chao@Sun.COM rsa_computed_signature); 50210500SHai-May.Chao@Sun.COM 50310500SHai-May.Chao@Sun.COM if (rv != CKR_OK) { 50410500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 50510500SHai-May.Chao@Sun.COM } 50610500SHai-May.Chao@Sun.COM } else { 50710500SHai-May.Chao@Sun.COM /* 50810500SHai-May.Chao@Sun.COM * Perform RSA decryption with the signer's RSA public key 50910500SHai-May.Chao@Sun.COM * for verification process. 51010500SHai-May.Chao@Sun.COM */ 51110500SHai-May.Chao@Sun.COM rv = fips_rsa_verify(rsa_private_key, rsa_computed_signature, 51210500SHai-May.Chao@Sun.COM modulus_len, plain_data); 51310500SHai-May.Chao@Sun.COM 51410500SHai-May.Chao@Sun.COM if (rv == CKR_OK) { 51510500SHai-May.Chao@Sun.COM 51610500SHai-May.Chao@Sun.COM /* 51710500SHai-May.Chao@Sun.COM * Strip off the encoded padding bytes in front of the 51810500SHai-May.Chao@Sun.COM * recovered data, then compare the recovered data with 51910500SHai-May.Chao@Sun.COM * the original data. 52010500SHai-May.Chao@Sun.COM */ 52110500SHai-May.Chao@Sun.COM int data_len = modulus_len; 52210500SHai-May.Chao@Sun.COM 52310500SHai-May.Chao@Sun.COM rv = soft_verify_rsa_pkcs_decode(plain_data, &data_len); 52410500SHai-May.Chao@Sun.COM if (rv != CKR_OK) { 52510500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 52610500SHai-May.Chao@Sun.COM } 52710500SHai-May.Chao@Sun.COM 52810500SHai-May.Chao@Sun.COM if ((CK_ULONG)data_len != der_data_len) { 52910500SHai-May.Chao@Sun.COM #ifdef _KERNEL 53010500SHai-May.Chao@Sun.COM return (CRYPTO_SIGNATURE_LEN_RANGE); 53110500SHai-May.Chao@Sun.COM #else 53210500SHai-May.Chao@Sun.COM return (CKR_SIGNATURE_LEN_RANGE); 53310500SHai-May.Chao@Sun.COM #endif 53410500SHai-May.Chao@Sun.COM } else if (memcmp(der_data, 53510500SHai-May.Chao@Sun.COM &plain_data[modulus_len - data_len], 53610500SHai-May.Chao@Sun.COM data_len) != 0) { 53710500SHai-May.Chao@Sun.COM return (CKR_SIGNATURE_INVALID); 53810500SHai-May.Chao@Sun.COM } 53910500SHai-May.Chao@Sun.COM } else { 54010500SHai-May.Chao@Sun.COM 54110500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 54210500SHai-May.Chao@Sun.COM } 54310500SHai-May.Chao@Sun.COM } 54410500SHai-May.Chao@Sun.COM return (CKR_OK); 54510500SHai-May.Chao@Sun.COM } 54610500SHai-May.Chao@Sun.COM 54710500SHai-May.Chao@Sun.COM 54810500SHai-May.Chao@Sun.COM /* 54910500SHai-May.Chao@Sun.COM * RSA Power-On SelfTest(s). 55010500SHai-May.Chao@Sun.COM */ 55110500SHai-May.Chao@Sun.COM int 55210500SHai-May.Chao@Sun.COM fips_rsa_post(void) 55310500SHai-May.Chao@Sun.COM { 55410500SHai-May.Chao@Sun.COM /* 55510500SHai-May.Chao@Sun.COM * RSA Known Modulus used in both Public/Private Key Values (1024-bits). 55610500SHai-May.Chao@Sun.COM */ 55710500SHai-May.Chao@Sun.COM static uint8_t rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { 55810500SHai-May.Chao@Sun.COM 0xd5, 0x84, 0x95, 0x07, 0xf4, 0xd0, 0x1f, 0x82, 55910500SHai-May.Chao@Sun.COM 0xf3, 0x79, 0xf4, 0x99, 0x48, 0x10, 0xe1, 0x71, 56010500SHai-May.Chao@Sun.COM 0xa5, 0x62, 0x22, 0xa3, 0x4b, 0x00, 0xe3, 0x5b, 56110500SHai-May.Chao@Sun.COM 0x3a, 0xcc, 0x10, 0x83, 0xe0, 0xaf, 0x61, 0x13, 56210500SHai-May.Chao@Sun.COM 0x54, 0x6a, 0xa2, 0x6a, 0x2c, 0x5e, 0xb3, 0xcc, 56310500SHai-May.Chao@Sun.COM 0xa3, 0x71, 0x9a, 0xb2, 0x3e, 0x78, 0xec, 0xb5, 56410500SHai-May.Chao@Sun.COM 0x0e, 0x6e, 0x31, 0x3b, 0x77, 0x1f, 0x6e, 0x94, 56510500SHai-May.Chao@Sun.COM 0x41, 0x60, 0xd5, 0x6e, 0xd9, 0xc6, 0xf9, 0x29, 56610500SHai-May.Chao@Sun.COM 0xc3, 0x40, 0x36, 0x25, 0xdb, 0xea, 0x0b, 0x07, 56710500SHai-May.Chao@Sun.COM 0xae, 0x76, 0xfd, 0x99, 0x29, 0xf4, 0x22, 0xc1, 56810500SHai-May.Chao@Sun.COM 0x1a, 0x8f, 0x05, 0xfe, 0x98, 0x09, 0x07, 0x05, 56910500SHai-May.Chao@Sun.COM 0xc2, 0x0f, 0x0b, 0x11, 0x83, 0x39, 0xca, 0xc7, 57010500SHai-May.Chao@Sun.COM 0x43, 0x63, 0xff, 0x33, 0x80, 0xe7, 0xc3, 0x78, 57110500SHai-May.Chao@Sun.COM 0xae, 0xf1, 0x73, 0x52, 0x98, 0x1d, 0xde, 0x5c, 57210500SHai-May.Chao@Sun.COM 0x53, 0x6e, 0x01, 0x73, 0x0d, 0x12, 0x7e, 0x77, 57310500SHai-May.Chao@Sun.COM 0x03, 0xf1, 0xef, 0x1b, 0xc8, 0xa8, 0x0f, 0x97 57410500SHai-May.Chao@Sun.COM }; 57510500SHai-May.Chao@Sun.COM 57610500SHai-May.Chao@Sun.COM /* RSA Known Public Key Values (24-bits). */ 57710500SHai-May.Chao@Sun.COM static uint8_t rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 57810500SHai-May.Chao@Sun.COM 0x01, 0x00, 0x01 57910500SHai-May.Chao@Sun.COM }; 58010500SHai-May.Chao@Sun.COM 58110500SHai-May.Chao@Sun.COM /* 58210500SHai-May.Chao@Sun.COM * RSA Known Private Key Values (version is 8-bits), 58310500SHai-May.Chao@Sun.COM * (private exponent is 1024-bits), 58410500SHai-May.Chao@Sun.COM * (private prime0 is 512-bits), 58510500SHai-May.Chao@Sun.COM * (private prime1 is 512-bits), 58610500SHai-May.Chao@Sun.COM * (private prime exponent0 is 512-bits), 58710500SHai-May.Chao@Sun.COM * (private prime exponent1 is 512-bits), 58810500SHai-May.Chao@Sun.COM * and (private coefficient is 512-bits). 58910500SHai-May.Chao@Sun.COM */ 59010500SHai-May.Chao@Sun.COM static uint8_t rsa_version[] = { 0x00 }; 59110500SHai-May.Chao@Sun.COM 59210500SHai-May.Chao@Sun.COM static uint8_t rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] 59310500SHai-May.Chao@Sun.COM = { 59410500SHai-May.Chao@Sun.COM 0x85, 0x27, 0x47, 0x61, 0x4c, 0xd4, 0xb5, 0xb2, 59510500SHai-May.Chao@Sun.COM 0x0e, 0x70, 0x91, 0x8f, 0x3d, 0x97, 0xf9, 0x5f, 59610500SHai-May.Chao@Sun.COM 0xcc, 0x09, 0x65, 0x1c, 0x7c, 0x5b, 0xb3, 0x6d, 59710500SHai-May.Chao@Sun.COM 0x63, 0x3f, 0x7b, 0x55, 0x22, 0xbb, 0x7c, 0x48, 59810500SHai-May.Chao@Sun.COM 0x77, 0xae, 0x80, 0x56, 0xc2, 0x10, 0xd5, 0x03, 59910500SHai-May.Chao@Sun.COM 0xdb, 0x31, 0xaf, 0x8d, 0x54, 0xd4, 0x48, 0x99, 60010500SHai-May.Chao@Sun.COM 0xa8, 0xc4, 0x23, 0x43, 0xb8, 0x48, 0x0b, 0xc7, 60110500SHai-May.Chao@Sun.COM 0xbc, 0xf5, 0xcc, 0x64, 0x72, 0xbf, 0x59, 0x06, 60210500SHai-May.Chao@Sun.COM 0x04, 0x1c, 0x32, 0xf5, 0x14, 0x2e, 0x6e, 0xe2, 60310500SHai-May.Chao@Sun.COM 0x0f, 0x5c, 0xde, 0x36, 0x3c, 0x6e, 0x7c, 0x4d, 60410500SHai-May.Chao@Sun.COM 0xcc, 0xd3, 0x00, 0x6e, 0xe5, 0x45, 0x46, 0xef, 60510500SHai-May.Chao@Sun.COM 0x4d, 0x25, 0x46, 0x6d, 0x7f, 0xed, 0xbb, 0x4f, 60610500SHai-May.Chao@Sun.COM 0x4d, 0x9f, 0xda, 0x87, 0x47, 0x8f, 0x74, 0x44, 60710500SHai-May.Chao@Sun.COM 0xb7, 0xbe, 0x9d, 0xf5, 0xdd, 0xd2, 0x4c, 0xa5, 60810500SHai-May.Chao@Sun.COM 0xab, 0x74, 0xe5, 0x29, 0xa1, 0xd2, 0x45, 0x3b, 60910500SHai-May.Chao@Sun.COM 0x33, 0xde, 0xd5, 0xae, 0xf7, 0x03, 0x10, 0x21 61010500SHai-May.Chao@Sun.COM }; 61110500SHai-May.Chao@Sun.COM 61210500SHai-May.Chao@Sun.COM static uint8_t rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = { 61310500SHai-May.Chao@Sun.COM 0xf9, 0x74, 0x8f, 0x16, 0x02, 0x6b, 0xa0, 0xee, 61410500SHai-May.Chao@Sun.COM 0x7f, 0x28, 0x97, 0x91, 0xdc, 0xec, 0xc0, 0x7c, 61510500SHai-May.Chao@Sun.COM 0x49, 0xc2, 0x85, 0x76, 0xee, 0x66, 0x74, 0x2d, 61610500SHai-May.Chao@Sun.COM 0x1a, 0xb8, 0xf7, 0x2f, 0x11, 0x5b, 0x36, 0xd8, 61710500SHai-May.Chao@Sun.COM 0x46, 0x33, 0x3b, 0xd8, 0xf3, 0x2d, 0xa1, 0x03, 61810500SHai-May.Chao@Sun.COM 0x83, 0x2b, 0xec, 0x35, 0x43, 0x32, 0xff, 0xdd, 61910500SHai-May.Chao@Sun.COM 0x81, 0x7c, 0xfd, 0x65, 0x13, 0x04, 0x7c, 0xfc, 62010500SHai-May.Chao@Sun.COM 0x03, 0x97, 0xf0, 0xd5, 0x62, 0xdc, 0x0d, 0xbf 62110500SHai-May.Chao@Sun.COM }; 62210500SHai-May.Chao@Sun.COM 62310500SHai-May.Chao@Sun.COM static uint8_t rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = { 62410500SHai-May.Chao@Sun.COM 0xdb, 0x1e, 0xa7, 0x3d, 0xe7, 0xfa, 0x8b, 0x04, 62510500SHai-May.Chao@Sun.COM 0x83, 0x48, 0xf3, 0xa5, 0x31, 0x9d, 0x35, 0x5e, 62610500SHai-May.Chao@Sun.COM 0x4d, 0x54, 0x77, 0xcc, 0x84, 0x09, 0xf3, 0x11, 62710500SHai-May.Chao@Sun.COM 0x0d, 0x54, 0xed, 0x85, 0x39, 0xa9, 0xca, 0xa8, 62810500SHai-May.Chao@Sun.COM 0xea, 0xae, 0x19, 0x9c, 0x75, 0xdb, 0x88, 0xb8, 62910500SHai-May.Chao@Sun.COM 0x04, 0x8d, 0x54, 0xc6, 0xa4, 0x80, 0xf8, 0x93, 63010500SHai-May.Chao@Sun.COM 0xf0, 0xdb, 0x19, 0xef, 0xd7, 0x87, 0x8a, 0x8f, 63110500SHai-May.Chao@Sun.COM 0x5a, 0x09, 0x2e, 0x54, 0xf3, 0x45, 0x24, 0x29 63210500SHai-May.Chao@Sun.COM }; 63310500SHai-May.Chao@Sun.COM 63410500SHai-May.Chao@Sun.COM static uint8_t rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = { 63510500SHai-May.Chao@Sun.COM 0x6a, 0xd1, 0x25, 0x80, 0x18, 0x33, 0x3c, 0x2b, 63610500SHai-May.Chao@Sun.COM 0x44, 0x19, 0xfe, 0xa5, 0x40, 0x03, 0xc4, 0xfc, 63710500SHai-May.Chao@Sun.COM 0xb3, 0x9c, 0xef, 0x07, 0x99, 0x58, 0x17, 0xc1, 63810500SHai-May.Chao@Sun.COM 0x44, 0xa3, 0x15, 0x7d, 0x7b, 0x22, 0x22, 0xdf, 63910500SHai-May.Chao@Sun.COM 0x03, 0x58, 0x66, 0xf5, 0x24, 0x54, 0x52, 0x91, 64010500SHai-May.Chao@Sun.COM 0x2d, 0x76, 0xfe, 0x63, 0x64, 0x4e, 0x0f, 0x50, 64110500SHai-May.Chao@Sun.COM 0x2b, 0x65, 0x79, 0x1f, 0xf1, 0xbf, 0xc7, 0x41, 64210500SHai-May.Chao@Sun.COM 0x26, 0xcc, 0xc6, 0x1c, 0xa9, 0x83, 0x6f, 0x03 64310500SHai-May.Chao@Sun.COM }; 64410500SHai-May.Chao@Sun.COM 64510500SHai-May.Chao@Sun.COM static uint8_t rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = { 64610500SHai-May.Chao@Sun.COM 0x12, 0x84, 0x1a, 0x99, 0xce, 0x9a, 0x8b, 0x58, 64710500SHai-May.Chao@Sun.COM 0xcc, 0x47, 0x43, 0xdf, 0x77, 0xbb, 0xd3, 0x20, 64810500SHai-May.Chao@Sun.COM 0xae, 0xe4, 0x2e, 0x63, 0x67, 0xdc, 0xf7, 0x5f, 64910500SHai-May.Chao@Sun.COM 0x3f, 0x83, 0x27, 0xb7, 0x14, 0x52, 0x56, 0xbf, 65010500SHai-May.Chao@Sun.COM 0xc3, 0x65, 0x06, 0xe1, 0x03, 0xcc, 0x93, 0x57, 65110500SHai-May.Chao@Sun.COM 0x09, 0x7b, 0x6f, 0xe8, 0x81, 0x4a, 0x2c, 0xb7, 65210500SHai-May.Chao@Sun.COM 0x43, 0xa9, 0x20, 0x1d, 0xf6, 0x56, 0x8b, 0xcc, 65310500SHai-May.Chao@Sun.COM 0xe5, 0x4c, 0xd5, 0x4f, 0x74, 0x67, 0x29, 0x51 65410500SHai-May.Chao@Sun.COM }; 65510500SHai-May.Chao@Sun.COM 65610500SHai-May.Chao@Sun.COM static uint8_t rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = { 65710500SHai-May.Chao@Sun.COM 0x23, 0xab, 0xf4, 0x03, 0x2f, 0x29, 0x95, 0x74, 65810500SHai-May.Chao@Sun.COM 0xac, 0x1a, 0x33, 0x96, 0x62, 0xed, 0xf7, 0xf6, 65910500SHai-May.Chao@Sun.COM 0xae, 0x07, 0x2a, 0x2e, 0xe8, 0xab, 0xfb, 0x1e, 66010500SHai-May.Chao@Sun.COM 0xb9, 0xb2, 0x88, 0x1e, 0x85, 0x05, 0x42, 0x64, 66110500SHai-May.Chao@Sun.COM 0x03, 0xb2, 0x8b, 0xc1, 0x81, 0x75, 0xd7, 0xba, 66210500SHai-May.Chao@Sun.COM 0xaa, 0xd4, 0x31, 0x3c, 0x8a, 0x96, 0x23, 0x9d, 66310500SHai-May.Chao@Sun.COM 0x3f, 0x06, 0x3e, 0x44, 0xa9, 0x62, 0x2f, 0x61, 66410500SHai-May.Chao@Sun.COM 0x5a, 0x51, 0x82, 0x2c, 0x04, 0x85, 0x73, 0xd1 66510500SHai-May.Chao@Sun.COM }; 66610500SHai-May.Chao@Sun.COM 66710500SHai-May.Chao@Sun.COM /* RSA Known Plaintext Message (1024-bits). */ 66810500SHai-May.Chao@Sun.COM static uint8_t rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = { 66910500SHai-May.Chao@Sun.COM "Known plaintext message utilized" 67010500SHai-May.Chao@Sun.COM "for RSA Encryption & Decryption" 67110500SHai-May.Chao@Sun.COM "block, SHA1, SHA256, SHA384 and" 67210500SHai-May.Chao@Sun.COM "SHA512 RSA Signature KAT tests." 67310500SHai-May.Chao@Sun.COM }; 67410500SHai-May.Chao@Sun.COM 67510500SHai-May.Chao@Sun.COM /* RSA Known Ciphertext (1024-bits). */ 67610500SHai-May.Chao@Sun.COM static uint8_t rsa_known_ciphertext[] = { 67710500SHai-May.Chao@Sun.COM 0x1e, 0x7e, 0x12, 0xbb, 0x15, 0x62, 0xd0, 0x23, 67810500SHai-May.Chao@Sun.COM 0x53, 0x4c, 0x51, 0x97, 0x77, 0x06, 0xa0, 0xbb, 67910500SHai-May.Chao@Sun.COM 0x26, 0x99, 0x9a, 0x8f, 0x39, 0xad, 0x88, 0x5c, 68010500SHai-May.Chao@Sun.COM 0xc4, 0xce, 0x33, 0x40, 0x94, 0x92, 0xb4, 0x0e, 68110500SHai-May.Chao@Sun.COM 0xab, 0x71, 0xa9, 0x5d, 0x9a, 0x37, 0xe3, 0x9a, 68210500SHai-May.Chao@Sun.COM 0x24, 0x95, 0x13, 0xea, 0x0f, 0xbb, 0xf7, 0xff, 68310500SHai-May.Chao@Sun.COM 0xdf, 0x31, 0x33, 0x23, 0x1d, 0xce, 0x26, 0x9e, 68410500SHai-May.Chao@Sun.COM 0xd1, 0xde, 0x98, 0x40, 0xde, 0x57, 0x86, 0x12, 68510500SHai-May.Chao@Sun.COM 0xf1, 0xe6, 0x5a, 0x3f, 0x08, 0x02, 0x81, 0x85, 68610500SHai-May.Chao@Sun.COM 0xe0, 0xd9, 0xad, 0x3c, 0x8c, 0x71, 0xf8, 0xcf, 68710500SHai-May.Chao@Sun.COM 0x0a, 0x98, 0xc5, 0x08, 0xdc, 0xc4, 0xca, 0x8c, 68810500SHai-May.Chao@Sun.COM 0x23, 0x1b, 0x4d, 0x9b, 0xb5, 0x13, 0x44, 0xe1, 68910500SHai-May.Chao@Sun.COM 0x5f, 0xf9, 0x30, 0x80, 0x25, 0xe0, 0x1e, 0x94, 69010500SHai-May.Chao@Sun.COM 0xa3, 0x0c, 0xdc, 0x82, 0x2e, 0xfb, 0x30, 0xbe, 69110500SHai-May.Chao@Sun.COM 0x89, 0xba, 0x76, 0xb6, 0x23, 0xf7, 0xda, 0x7c, 69210500SHai-May.Chao@Sun.COM 0xca, 0xe6, 0x02, 0xbd, 0x92, 0xce, 0x64, 0xfc 69310500SHai-May.Chao@Sun.COM }; 69410500SHai-May.Chao@Sun.COM 69510500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 69610500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha1_signature[] = { 69710500SHai-May.Chao@Sun.COM 0xd2, 0xa4, 0xe0, 0x2b, 0xc7, 0x03, 0x7f, 0xc6, 69810500SHai-May.Chao@Sun.COM 0x06, 0x9e, 0xa2, 0x82, 0x19, 0xe9, 0x2b, 0xaf, 69910500SHai-May.Chao@Sun.COM 0xe3, 0x48, 0x88, 0xc1, 0xf3, 0xb5, 0x0d, 0xe4, 70010500SHai-May.Chao@Sun.COM 0x52, 0x9e, 0xad, 0xd5, 0x58, 0xb5, 0x9f, 0xe8, 70110500SHai-May.Chao@Sun.COM 0x40, 0xe9, 0xb7, 0x2e, 0xc6, 0x71, 0x58, 0x56, 70210500SHai-May.Chao@Sun.COM 0x04, 0xac, 0xb0, 0xf3, 0x3a, 0x42, 0x38, 0x08, 70310500SHai-May.Chao@Sun.COM 0xc4, 0x43, 0x39, 0xba, 0x19, 0xce, 0xb1, 0x99, 70410500SHai-May.Chao@Sun.COM 0xf1, 0x8d, 0x89, 0xd8, 0x50, 0x07, 0x14, 0x3d, 70510500SHai-May.Chao@Sun.COM 0xcf, 0xd0, 0xb6, 0x79, 0xde, 0x9c, 0x89, 0x32, 70610500SHai-May.Chao@Sun.COM 0xb0, 0x73, 0x3f, 0xed, 0x03, 0x0b, 0xdf, 0x6d, 70710500SHai-May.Chao@Sun.COM 0x7e, 0xc9, 0x1c, 0x39, 0xe8, 0x2b, 0x16, 0x09, 70810500SHai-May.Chao@Sun.COM 0xbb, 0x5f, 0x99, 0x2f, 0xeb, 0xf3, 0x37, 0x73, 70910500SHai-May.Chao@Sun.COM 0x0d, 0x0e, 0xcc, 0x95, 0xad, 0x90, 0x80, 0x03, 71010500SHai-May.Chao@Sun.COM 0x1d, 0x80, 0x55, 0x37, 0xa1, 0x2a, 0x71, 0x76, 71110500SHai-May.Chao@Sun.COM 0x23, 0x87, 0x8c, 0x9b, 0x41, 0x07, 0xc6, 0x3d, 71210500SHai-May.Chao@Sun.COM 0xc6, 0xa3, 0x7d, 0x1b, 0xff, 0x4e, 0x11, 0x19 71310500SHai-May.Chao@Sun.COM }; 71410500SHai-May.Chao@Sun.COM 71510500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 71610500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha256_signature[] = { 71710500SHai-May.Chao@Sun.COM 0x27, 0x35, 0xdd, 0xc4, 0xf8, 0xe2, 0x0b, 0xa3, 71810500SHai-May.Chao@Sun.COM 0xef, 0x63, 0x57, 0x3b, 0xe1, 0x58, 0x9a, 0xbc, 71910500SHai-May.Chao@Sun.COM 0x20, 0x9c, 0x25, 0x12, 0x01, 0xbf, 0xbb, 0x29, 72010500SHai-May.Chao@Sun.COM 0x80, 0x1a, 0xb1, 0x37, 0x9c, 0xcd, 0x67, 0xc7, 72110500SHai-May.Chao@Sun.COM 0x0d, 0xf8, 0x64, 0x10, 0x9f, 0xe2, 0xa1, 0x9b, 72210500SHai-May.Chao@Sun.COM 0x21, 0x90, 0xcc, 0xda, 0x8b, 0x76, 0x5e, 0x79, 72310500SHai-May.Chao@Sun.COM 0x00, 0x9d, 0x58, 0x8b, 0x8a, 0xb3, 0xc3, 0xb5, 72410500SHai-May.Chao@Sun.COM 0xf1, 0x54, 0xc5, 0x8c, 0x72, 0xba, 0xde, 0x51, 72510500SHai-May.Chao@Sun.COM 0x3c, 0x6b, 0x94, 0xd6, 0xf3, 0x1b, 0xa2, 0x53, 72610500SHai-May.Chao@Sun.COM 0xe6, 0x1a, 0x46, 0x1d, 0x7f, 0x14, 0x86, 0xcc, 72710500SHai-May.Chao@Sun.COM 0xa6, 0x30, 0x92, 0x96, 0xc0, 0x96, 0x24, 0xf0, 72810500SHai-May.Chao@Sun.COM 0x42, 0x53, 0x4c, 0xdd, 0x27, 0xdf, 0x1d, 0x2e, 72910500SHai-May.Chao@Sun.COM 0x8b, 0x83, 0xbe, 0xed, 0x85, 0x1d, 0x50, 0x46, 73010500SHai-May.Chao@Sun.COM 0xa3, 0x7d, 0x20, 0xea, 0x3e, 0x91, 0xfb, 0xf6, 73110500SHai-May.Chao@Sun.COM 0x86, 0x51, 0xfd, 0x8c, 0xe5, 0x31, 0xe6, 0x7e, 73210500SHai-May.Chao@Sun.COM 0x60, 0x08, 0x0e, 0xec, 0xa6, 0xea, 0x24, 0x8d 73310500SHai-May.Chao@Sun.COM }; 73410500SHai-May.Chao@Sun.COM 73510500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 73610500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha384_signature[] = { 73710500SHai-May.Chao@Sun.COM 0x0b, 0x03, 0x94, 0x4f, 0x94, 0x78, 0x9b, 0x96, 73810500SHai-May.Chao@Sun.COM 0x76, 0xeb, 0x72, 0x58, 0xe1, 0xc5, 0xc7, 0x5f, 73910500SHai-May.Chao@Sun.COM 0x85, 0x01, 0xa8, 0xc4, 0xf6, 0x1a, 0xb5, 0x2c, 74010500SHai-May.Chao@Sun.COM 0xd1, 0xd8, 0x87, 0xde, 0x3a, 0x9c, 0x9f, 0x57, 74110500SHai-May.Chao@Sun.COM 0x81, 0x2a, 0x1e, 0x23, 0x07, 0x70, 0xb0, 0xf9, 74210500SHai-May.Chao@Sun.COM 0x28, 0x3d, 0xfa, 0xe5, 0x2e, 0x1b, 0x9a, 0x72, 74310500SHai-May.Chao@Sun.COM 0xc3, 0x74, 0xb3, 0x42, 0x1c, 0x9a, 0x13, 0xdc, 74410500SHai-May.Chao@Sun.COM 0xc9, 0xd6, 0xd5, 0x88, 0xc9, 0x9c, 0x46, 0xf1, 74510500SHai-May.Chao@Sun.COM 0x0c, 0xa6, 0xf7, 0xd8, 0x06, 0xa3, 0x1b, 0xdf, 74610500SHai-May.Chao@Sun.COM 0x55, 0xb3, 0x1b, 0x7b, 0x58, 0x1d, 0xff, 0x19, 74710500SHai-May.Chao@Sun.COM 0xc7, 0xe0, 0xdd, 0x59, 0xac, 0x2f, 0x78, 0x71, 74810500SHai-May.Chao@Sun.COM 0xe7, 0xe0, 0x17, 0xa3, 0x1c, 0x5c, 0x92, 0xef, 74910500SHai-May.Chao@Sun.COM 0xb6, 0x75, 0xed, 0xbe, 0x18, 0x39, 0x6b, 0xd7, 75010500SHai-May.Chao@Sun.COM 0xc9, 0x08, 0x62, 0x55, 0x62, 0xac, 0x5d, 0xa1, 75110500SHai-May.Chao@Sun.COM 0x9b, 0xd5, 0xb8, 0x98, 0x15, 0xc0, 0xf5, 0x41, 75210500SHai-May.Chao@Sun.COM 0x85, 0x44, 0x96, 0xca, 0x10, 0xdc, 0x57, 0x21 75310500SHai-May.Chao@Sun.COM }; 75410500SHai-May.Chao@Sun.COM 75510500SHai-May.Chao@Sun.COM /* RSA Known Signed Hash (1024-bits). */ 75610500SHai-May.Chao@Sun.COM static uint8_t rsa_known_sha512_signature[] = { 75710500SHai-May.Chao@Sun.COM 0xa5, 0xd0, 0x80, 0x04, 0x22, 0xfc, 0x80, 0x73, 75810500SHai-May.Chao@Sun.COM 0x7d, 0x46, 0xc8, 0x7b, 0xac, 0x44, 0x7b, 0xe6, 75910500SHai-May.Chao@Sun.COM 0x07, 0xe5, 0x61, 0x4c, 0x33, 0x7f, 0x6f, 0x46, 76010500SHai-May.Chao@Sun.COM 0x7c, 0x30, 0xe3, 0x75, 0x59, 0x4b, 0x42, 0xf3, 76110500SHai-May.Chao@Sun.COM 0x9f, 0x35, 0x3c, 0x10, 0x56, 0xdb, 0xd2, 0x69, 76210500SHai-May.Chao@Sun.COM 0x43, 0xcb, 0x77, 0xe9, 0x7d, 0xcd, 0x07, 0x43, 76310500SHai-May.Chao@Sun.COM 0xc5, 0xd4, 0x0c, 0x9d, 0xf5, 0x92, 0xbd, 0x0e, 76410500SHai-May.Chao@Sun.COM 0x3b, 0xb7, 0x68, 0x88, 0x84, 0xca, 0xae, 0x0d, 76510500SHai-May.Chao@Sun.COM 0xab, 0x71, 0x10, 0xad, 0xab, 0x27, 0xe4, 0xa3, 76610500SHai-May.Chao@Sun.COM 0x24, 0x41, 0xeb, 0x1c, 0xa6, 0x5f, 0xf1, 0x85, 76710500SHai-May.Chao@Sun.COM 0xd0, 0xf6, 0x22, 0x74, 0x3d, 0x81, 0xbe, 0xdd, 76810500SHai-May.Chao@Sun.COM 0x1b, 0x2a, 0x4c, 0xd1, 0x6c, 0xb5, 0x6d, 0x7a, 76910500SHai-May.Chao@Sun.COM 0xbb, 0x99, 0x69, 0x01, 0xa6, 0xc0, 0x98, 0xfa, 77010500SHai-May.Chao@Sun.COM 0x97, 0xa3, 0xd1, 0xb0, 0xdf, 0x09, 0xe3, 0x3d, 77110500SHai-May.Chao@Sun.COM 0x88, 0xee, 0x90, 0xf3, 0x10, 0x41, 0x0f, 0x06, 77210500SHai-May.Chao@Sun.COM 0x31, 0xe9, 0x60, 0x2d, 0xbf, 0x63, 0x7b, 0xf8 77310500SHai-May.Chao@Sun.COM }; 77410500SHai-May.Chao@Sun.COM 77510500SHai-May.Chao@Sun.COM RSAPrivateKey_t rsa_private_key; 77610500SHai-May.Chao@Sun.COM CK_RV rv; 77710500SHai-May.Chao@Sun.COM uint8_t rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH]; 77810500SHai-May.Chao@Sun.COM uint8_t rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH]; 77910500SHai-May.Chao@Sun.COM uint8_t rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH]; 78010500SHai-May.Chao@Sun.COM CK_BYTE der_data[SHA512_DIGEST_LENGTH + SHA2_DER_PREFIX_Len]; 78110500SHai-May.Chao@Sun.COM 78210500SHai-May.Chao@Sun.COM /* 78310500SHai-May.Chao@Sun.COM * RSA Known Answer Encryption Test. 78410500SHai-May.Chao@Sun.COM */ 78510500SHai-May.Chao@Sun.COM 78610500SHai-May.Chao@Sun.COM /* Perform RSA Public Key Encryption. */ 78710500SHai-May.Chao@Sun.COM rv = fips_rsa_encrypt(rsa_modulus, FIPS_RSA_MODULUS_LENGTH, 78810500SHai-May.Chao@Sun.COM rsa_public_exponent, FIPS_RSA_PUBLIC_EXPONENT_LENGTH, 78910500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 79010500SHai-May.Chao@Sun.COM rsa_computed_ciphertext); 79110500SHai-May.Chao@Sun.COM 79210500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 79310500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_ciphertext, rsa_known_ciphertext, 79410500SHai-May.Chao@Sun.COM FIPS_RSA_ENCRYPT_LENGTH) != 0)) 79510500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 79610500SHai-May.Chao@Sun.COM 79710500SHai-May.Chao@Sun.COM /* 79810500SHai-May.Chao@Sun.COM * RSA Known Answer Decryption Test. 79910500SHai-May.Chao@Sun.COM */ 80010500SHai-May.Chao@Sun.COM rsa_private_key.version = rsa_version; 80110500SHai-May.Chao@Sun.COM rsa_private_key.version_len = FIPS_RSA_PRIVATE_VERSION_LENGTH; 80210500SHai-May.Chao@Sun.COM rsa_private_key.modulus = rsa_modulus; 80310500SHai-May.Chao@Sun.COM rsa_private_key.modulus_len = FIPS_RSA_MODULUS_LENGTH; 80410500SHai-May.Chao@Sun.COM rsa_private_key.public_expo = rsa_public_exponent; 80510500SHai-May.Chao@Sun.COM rsa_private_key.public_expo_len = FIPS_RSA_PUBLIC_EXPONENT_LENGTH; 80610500SHai-May.Chao@Sun.COM rsa_private_key.private_expo = rsa_private_exponent; 80710500SHai-May.Chao@Sun.COM rsa_private_key.private_expo_len = FIPS_RSA_PRIVATE_EXPONENT_LENGTH; 80810500SHai-May.Chao@Sun.COM rsa_private_key.prime1 = rsa_prime0; 80910500SHai-May.Chao@Sun.COM rsa_private_key.prime1_len = FIPS_RSA_PRIME0_LENGTH; 81010500SHai-May.Chao@Sun.COM rsa_private_key.prime2 = rsa_prime1; 81110500SHai-May.Chao@Sun.COM rsa_private_key.prime2_len = FIPS_RSA_PRIME1_LENGTH; 81210500SHai-May.Chao@Sun.COM rsa_private_key.exponent1 = rsa_exponent0; 81310500SHai-May.Chao@Sun.COM rsa_private_key.exponent1_len = FIPS_RSA_EXPONENT0_LENGTH; 81410500SHai-May.Chao@Sun.COM rsa_private_key.exponent2 = rsa_exponent1; 81510500SHai-May.Chao@Sun.COM rsa_private_key.exponent2_len = FIPS_RSA_EXPONENT1_LENGTH; 81610500SHai-May.Chao@Sun.COM rsa_private_key.coef = rsa_coefficient; 81710500SHai-May.Chao@Sun.COM rsa_private_key.coef_len = FIPS_RSA_COEFFICIENT_LENGTH; 81810500SHai-May.Chao@Sun.COM 81910500SHai-May.Chao@Sun.COM /* Perform RSA Private Key Decryption. */ 82010500SHai-May.Chao@Sun.COM rv = fips_rsa_decrypt(&rsa_private_key, rsa_known_ciphertext, 82110500SHai-May.Chao@Sun.COM FIPS_RSA_MESSAGE_LENGTH, rsa_computed_plaintext); 82210500SHai-May.Chao@Sun.COM 82310500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 82410500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_plaintext, rsa_known_plaintext_msg, 82510500SHai-May.Chao@Sun.COM FIPS_RSA_DECRYPT_LENGTH) != 0)) 82610500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 82710500SHai-May.Chao@Sun.COM 82810500SHai-May.Chao@Sun.COM /* SHA-1 Sign/Verify */ 82910500SHai-May.Chao@Sun.COM #ifdef _KERNEL 83010500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA1_TYPE, &rsa_private_key, 83110500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 83210500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 83310500SHai-May.Chao@Sun.COM #else 83410500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA_1, &rsa_private_key, 83510500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 83610500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 83710500SHai-May.Chao@Sun.COM #endif 83810500SHai-May.Chao@Sun.COM 83910500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 84010500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha1_signature, 84110500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 84210500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 84310500SHai-May.Chao@Sun.COM 84410500SHai-May.Chao@Sun.COM #ifdef _KERNEL 84510500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA1_TYPE, &rsa_private_key, 84610500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 84710500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 84810500SHai-May.Chao@Sun.COM #else 84910500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA_1, &rsa_private_key, 85010500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 85110500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 85210500SHai-May.Chao@Sun.COM #endif 85310500SHai-May.Chao@Sun.COM 85410500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 85510500SHai-May.Chao@Sun.COM goto rsa_loser; 85610500SHai-May.Chao@Sun.COM 85710500SHai-May.Chao@Sun.COM /* SHA256 Sign/Verify */ 85810500SHai-May.Chao@Sun.COM #ifdef _KERNEL 85910500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA256_TYPE, &rsa_private_key, 86010500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 86110500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 86210500SHai-May.Chao@Sun.COM #else 86310500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA256, &rsa_private_key, 86410500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 86510500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 86610500SHai-May.Chao@Sun.COM #endif 86710500SHai-May.Chao@Sun.COM 86810500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 86910500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha256_signature, 87010500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 87110500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 87210500SHai-May.Chao@Sun.COM 87310500SHai-May.Chao@Sun.COM #ifdef _KERNEL 87410500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA256_TYPE, &rsa_private_key, 87510500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 87610500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 87710500SHai-May.Chao@Sun.COM #else 87810500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA256, &rsa_private_key, 87910500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 88010500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 88110500SHai-May.Chao@Sun.COM #endif 88210500SHai-May.Chao@Sun.COM 88310500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 88410500SHai-May.Chao@Sun.COM goto rsa_loser; 88510500SHai-May.Chao@Sun.COM 88610500SHai-May.Chao@Sun.COM /* SHA384 Sign/Verify */ 88710500SHai-May.Chao@Sun.COM #ifdef _KERNEL 88810500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA384_TYPE, &rsa_private_key, 88910500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 89010500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 89110500SHai-May.Chao@Sun.COM #else 89210500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA384, &rsa_private_key, 89310500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 89410500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 89510500SHai-May.Chao@Sun.COM #endif 89610500SHai-May.Chao@Sun.COM 89710500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 89810500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha384_signature, 89910500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 90010500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 90110500SHai-May.Chao@Sun.COM 90210500SHai-May.Chao@Sun.COM #ifdef _KERNEL 90310500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA384_TYPE, &rsa_private_key, 90410500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 90510500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 90610500SHai-May.Chao@Sun.COM #else 90710500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA384, &rsa_private_key, 90810500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 90910500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 91010500SHai-May.Chao@Sun.COM #endif 91110500SHai-May.Chao@Sun.COM 91210500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 91310500SHai-May.Chao@Sun.COM goto rsa_loser; 91410500SHai-May.Chao@Sun.COM 91510500SHai-May.Chao@Sun.COM /* SHA512 Sign/Verify */ 91610500SHai-May.Chao@Sun.COM #ifdef _KERNEL 91710500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA512_TYPE, &rsa_private_key, 91810500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 91910500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 92010500SHai-May.Chao@Sun.COM #else 92110500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA512, &rsa_private_key, 92210500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 92310500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 1); 92410500SHai-May.Chao@Sun.COM #endif 92510500SHai-May.Chao@Sun.COM 92610500SHai-May.Chao@Sun.COM if ((rv != CKR_OK) || 92710500SHai-May.Chao@Sun.COM (memcmp(rsa_computed_signature, rsa_known_sha512_signature, 92810500SHai-May.Chao@Sun.COM FIPS_RSA_SIGNATURE_LENGTH) != 0)) 92910500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 93010500SHai-May.Chao@Sun.COM 93110500SHai-May.Chao@Sun.COM #ifdef _KERNEL 93210500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(SHA512_TYPE, &rsa_private_key, 93310500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 93410500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 93510500SHai-May.Chao@Sun.COM #else 93610500SHai-May.Chao@Sun.COM rv = fips_rsa_sign_verify_test(CKM_SHA512, &rsa_private_key, 93710500SHai-May.Chao@Sun.COM rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 93810500SHai-May.Chao@Sun.COM rsa_computed_signature, der_data, 0); 93910500SHai-May.Chao@Sun.COM #endif 94010500SHai-May.Chao@Sun.COM 94110500SHai-May.Chao@Sun.COM rsa_loser: 94210500SHai-May.Chao@Sun.COM if (rv != CKR_OK) 94310500SHai-May.Chao@Sun.COM return (CKR_DEVICE_ERROR); 94410500SHai-May.Chao@Sun.COM else 94510500SHai-May.Chao@Sun.COM return (CKR_OK); 94610500SHai-May.Chao@Sun.COM 94710500SHai-May.Chao@Sun.COM } 948