1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <stdlib.h>
27 #include <string.h>
28 #include <strings.h>
29 #include <stdio.h>
30 #include <sys/types.h>
31 #include <security/cryptoki.h>
32 #include <sys/sha1.h>
33 #include <sys/sha2.h>
34 #include "softMAC.h"
35 #define	_AES_FIPS_POST
36 #define	_DES_FIPS_POST
37 #include "softCrypt.h"
38 #define	_RSA_FIPS_POST
39 #include <rsa_impl.h>
40 #include <sha1_impl.h>
41 #include <sha2_impl.h>
42 #include <fips_random.h>
43 
44 
45 extern int fips_ecdsa_post(void);
46 extern CK_RV soft_fips_dsa_post(void);
47 
48 
49 /*
50  * FIPS Power-on SelfTest for the supported FIPS ciphers and
51  * components.
52  */
53 CK_RV
54 soft_fips_post(void)
55 {
56 	CK_RV rv;
57 
58 	/*
59 	 * SHA-1 Power-On SelfTest.
60 	 *
61 	 * 1. SHA-1 POST
62 	 * 2. HMAC SHA-1 POST
63 	 */
64 	rv = fips_sha1_post();
65 	if (rv != CKR_OK)
66 		return (rv);
67 
68 	/*
69 	 * SHA-2 Power-On SelfTest.
70 	 *
71 	 * 1. SHA-256 POST
72 	 * 2. SHA-384 POST
73 	 * 3. SHA-512 POST
74 	 * 4. HMAC SHA-256 POST
75 	 * 5. HMAC SHA-384 POST
76 	 * 6. HMAC SHA-512 POST
77 	 */
78 	rv = fips_sha2_post();
79 
80 	if (rv != CKR_OK)
81 	return (rv);
82 
83 
84 	/*
85 	 * Triple DES Power-On SelfTest.
86 	 *
87 	 * 1. DES3 ECB Encryption/Decryption
88 	 * 2. DES3 CBC Encryption/Decryption
89 	 */
90 	rv = fips_des3_post();
91 
92 	if (rv != CKR_OK)
93 		return (rv);
94 
95 	/* AES Power-On SelfTest for 128-bit key. */
96 	rv = fips_aes_post(FIPS_AES_128_KEY_SIZE);
97 
98 	if (rv != CKR_OK)
99 		return (rv);
100 
101 	/* AES Power-On SelfTest for 192-bit key. */
102 	rv = fips_aes_post(FIPS_AES_192_KEY_SIZE);
103 
104 	if (rv != CKR_OK)
105 		return (rv);
106 
107 	/* AES Power-On SelfTest for 256-bit key. */
108 	rv = fips_aes_post(FIPS_AES_256_KEY_SIZE);
109 
110 	if (rv != CKR_OK)
111 		return (rv);
112 
113 	/*
114 	 * ECDSA Power-Up SelfTest
115 	 *
116 	 * 1. ECC Signature
117 	 * 2. ECC Verification
118 	 */
119 	rv = fips_ecdsa_post();
120 
121 	if (rv != CKR_OK)
122 		return (rv);
123 
124 	/*
125 	 * RSA Power-On SelfTest
126 	 *
127 	 * 1. RSA Encryption
128 	 * 2. RSA Decryption
129 	 * 3. RSA SHA-1 Sign/Verify
130 	 * 4. RSA SHA-256 Sign/Verify
131 	 * 5. RSA SHA-384 Sign/Verify
132 	 * 6. RSA SHA-512 Sign/Verify
133 	 *
134 	 */
135 	rv = fips_rsa_post();
136 
137 	if (rv != CKR_OK)
138 		return (rv);
139 
140 	/*
141 	 * DSA Power-On SelfTest
142 	 *
143 	 * 1. DSA Sign on SHA-1 digest
144 	 * 2. DSA Verification
145 	 */
146 	rv = soft_fips_dsa_post();
147 
148 	if (rv != CKR_OK)
149 		return (rv);
150 
151 	/* RNG Power-On SelfTest. */
152 	rv = fips_rng_post();
153 
154 	if (rv != CKR_OK)
155 		return (rv);
156 
157 	/* Passed Power-On SelfTest. */
158 	return (CKR_OK);
159 }
160