1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 #ifndef _DSA_IMPL_H 27 #define _DSA_IMPL_H 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #include <sys/types.h> 34 #include <bignum.h> 35 36 /* DSA Signature is always 40 bytes */ 37 #define DSA_SIGNATURE_LENGTH 40 38 #define MIN_DSA_KEY_LEN (512 >> 3) 39 #define MAX_DSA_KEY_LEN (1024 >> 3) 40 41 #define DSA_SUBPRIME_BITS 160 42 #define DSA_SUBPRIME_BYTES (DSA_SUBPRIME_BITS >> 3) 43 44 #ifdef _KERNEL 45 46 #include <sys/sunddi.h> 47 #include <sys/crypto/common.h> 48 49 #define CK_RV int 50 51 #define CKR_OK CRYPTO_SUCCESS 52 #define CKR_ARGUMENTS_BAD CRYPTO_ARGUMENTS_BAD 53 #define CKR_ATTRIBUTE_VALUE_INVALID CRYPTO_ATTRIBUTE_VALUE_INVALID 54 #define CKR_DEVICE_ERROR CRYPTO_DEVICE_ERROR 55 #define CKR_GENERAL_ERROR CRYPTO_GENERAL_ERROR 56 #define CKR_HOST_MEMORY CRYPTO_HOST_MEMORY 57 #define CKR_KEY_SIZE_RANGE CRYPTO_KEY_SIZE_RANGE 58 #define CKR_SIGNATURE_INVALID CRYPTO_SIGNATURE_INVALID 59 60 int random_get_bytes(uint8_t *ran_out, size_t ran_len); 61 int random_get_pseudo_bytes(uint8_t *ran_out, size_t ran_len); 62 63 #else 64 65 #include <security/cryptoki.h> 66 #include <security/pkcs11t.h> 67 68 #endif /* _KERNEL */ 69 70 71 /* DSA key using BIGNUM representations */ 72 typedef struct { 73 int size; /* key size in bits */ 74 BIGNUM p; /* p (<size-bit> prime) */ 75 BIGNUM q; /* q (160-bit prime) */ 76 BIGNUM g; /* g (the base) */ 77 BIGNUM x; /* private key (< q) */ 78 BIGNUM y; /* = g^x mod p */ 79 BIGNUM k; /* k (random number < q) */ 80 BIGNUM r; /* r (signature 1st part) */ 81 BIGNUM s; /* s (signature 2st part) */ 82 BIGNUM v; /* v (verification value - should be = r) */ 83 BIGNUM p_rr; /* 2^(2*(32*p->len)) mod p */ 84 BIGNUM q_rr; /* 2^(2*(32*q->len)) mod q */ 85 } DSAkey; 86 87 /* DSA key using byte string representations, useful for parameter lists */ 88 typedef struct { 89 uint32_t prime_bits; /* size */ 90 uchar_t *prime; /* p */ 91 uint32_t subprime_bits; /* = 160 */ 92 uchar_t *subprime; /* q */ 93 uint32_t base_bytes; 94 uchar_t *base; /* g */ 95 uchar_t *private_x; /* x */ 96 uint32_t private_x_bits; 97 uchar_t *public_y; /* y */ 98 uint32_t public_y_bits; 99 uchar_t *signature; /* concat(r, s) */ 100 int (*rfunc)(void *, size_t); /* random function */ 101 } DSAbytekey; 102 103 104 CK_RV dsa_genkey_pair(DSAbytekey *bkey); 105 106 CK_RV dsa_sign(DSAbytekey *bkey, uchar_t *msg, uint32_t msglen, uchar_t *sig); 107 108 CK_RV dsa_verify(DSAbytekey *bkey, uchar_t *msg, uchar_t *sig); 109 110 111 /* 112 * The following definitions and declarations are only used by DSA FIPS POST 113 */ 114 #ifdef _DSA_FIPS_POST 115 116 /* DSA FIPS Declarations */ 117 #define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ 118 #define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ 119 #define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ 120 #define FIPS_DSA_SEED_LENGTH 20 /* 160-bits */ 121 #define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ 122 #define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ 123 124 /* DSA FIPS functions */ 125 extern int fips_dsa_post(void); 126 extern int fips_dsa_genkey_pair(DSAbytekey *); 127 extern int fips_dsa_digest_sign(DSAbytekey *, uint8_t *, uint32_t, uint8_t *); 128 extern int fips_dsa_verify(DSAbytekey *, uint8_t *, uint8_t *); 129 130 #endif /* _DSA_FIPS_POST */ 131 132 #ifdef __cplusplus 133 } 134 #endif 135 136 #endif /* _DSA_IMPL_H */ 137