xref: /titanic_52/usr/src/common/crypto/rsa/rsa_impl.h (revision c92fa3b52130d028bbc9a30d4fc8169164cd7cbf)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 #ifndef _RSA_IMPL_H
27 #define	_RSA_IMPL_H
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 #include <sys/types.h>
34 #include <bignum.h>
35 
36 #define	MIN_RSA_KEYLENGTH_IN_BYTES	32
37 #define	MAX_RSA_KEYLENGTH_IN_BYTES	512
38 #define	RSA_MIN_KEY_LEN	256	/* RSA min key length in bits */
39 #define	RSA_MAX_KEY_LEN	4096	/* RSA max key length in bits */
40 
41 #ifdef _KERNEL
42 
43 #include <sys/sunddi.h>
44 #include <sys/crypto/common.h>
45 
46 #define	CK_BYTE			uchar_t
47 #define	CK_ULONG		ulong_t
48 #define	CK_RV			int
49 
50 #define	CKR_OK			CRYPTO_SUCCESS
51 #define	CKR_ARGUMENTS_BAD	CRYPTO_ARGUMENTS_BAD
52 #define	CKR_DATA_LEN_RANGE	CRYPTO_DATA_LEN_RANGE
53 #define	CKR_DEVICE_ERROR	CRYPTO_DEVICE_ERROR
54 #define	CKR_GENERAL_ERROR	CRYPTO_GENERAL_ERROR
55 #define	CKR_HOST_MEMORY		CRYPTO_HOST_MEMORY
56 #define	CKR_KEY_SIZE_RANGE	CRYPTO_KEY_SIZE_RANGE
57 
58 int random_get_bytes(uint8_t *ran_out, size_t ran_len);
59 int random_get_pseudo_bytes(uint8_t *ran_out, size_t ran_len);
60 
61 #else
62 
63 #include <security/cryptoki.h>
64 #include <security/pkcs11t.h>
65 
66 #endif	/* _KERNEL */
67 
68 #define	MD5_DER_PREFIX_Len	18
69 #define	SHA1_DER_PREFIX_Len	15
70 #define	SHA1_DER_PREFIX_OID_Len	13
71 #define	SHA2_DER_PREFIX_Len	19
72 #define	DEFAULT_PUB_EXPO_Len	3
73 
74 extern const CK_BYTE MD5_DER_PREFIX[MD5_DER_PREFIX_Len];
75 extern const CK_BYTE SHA1_DER_PREFIX[SHA1_DER_PREFIX_Len];
76 extern const CK_BYTE SHA1_DER_PREFIX_OID[SHA1_DER_PREFIX_OID_Len];
77 extern const CK_BYTE SHA256_DER_PREFIX[SHA2_DER_PREFIX_Len];
78 extern const CK_BYTE SHA384_DER_PREFIX[SHA2_DER_PREFIX_Len];
79 extern const CK_BYTE SHA512_DER_PREFIX[SHA2_DER_PREFIX_Len];
80 extern const CK_BYTE DEFAULT_PUB_EXPO[DEFAULT_PUB_EXPO_Len];
81 
82 
83 /* RSA key using BIGNUM representations */
84 typedef struct {
85 	int 	size;		/* key size in bits */
86 	BIGNUM	p;		/* p */
87 	BIGNUM	q;		/* q */
88 	BIGNUM	n;		/* n = p * q (the modulus) */
89 	BIGNUM	d;		/* private exponent */
90 	BIGNUM	e;		/* public exponent */
91 	BIGNUM	dmodpminus1;	/* d mod (p - 1) (exponent 1) */
92 	BIGNUM	dmodqminus1;	/* d mod (q - 1) (exponent 2) */
93 	BIGNUM	pinvmodq;	/* p^(-1) mod q (the coefficient) */
94 	BIGNUM	p_rr;		/* 2^(2*(32*p->len)) mod p */
95 	BIGNUM	q_rr;		/* 2^(2*(32*q->len)) mod q */
96 	BIGNUM	n_rr;		/* 2^(2*(32*n->len)) mod n */
97 } RSAkey;
98 
99 /* RSA key using byte string representations, useful for parameter lists */
100 typedef struct {
101 	uint32_t modulus_bits;	/* size */
102 	uchar_t	*modulus;	/* n */
103 	uint32_t privexpo_bytes;
104 	uchar_t	*privexpo;	/* d */
105 	uint32_t pubexpo_bytes;
106 	uchar_t	*pubexpo;	/* e */
107 	uint32_t prime1_bytes;
108 	uchar_t	*prime1;	/* p */
109 	uint32_t prime2_bytes;
110 	uchar_t	*prime2;	/* q */
111 	uint32_t expo1_bytes;
112 	uchar_t	*expo1;		/* = d mod (p - 1) */
113 	uint32_t expo2_bytes;
114 	uchar_t	*expo2;		/* = d mod (q - 1) */
115 	uint32_t coeff_bytes;	/* = q bytes, .... or = p bytes */
116 	uchar_t *coeff;		/* = p^(-1) mod q, or = q^(-1) mod p */
117 	int (*rfunc)(void *, size_t);	/* random function */
118 } RSAbytekey;
119 
120 
121 CK_RV rsa_genkey_pair(RSAbytekey *bkey);
122 
123 CK_RV rsa_encrypt(RSAbytekey *bkey,
124     uchar_t *msg, uint32_t msglen, uchar_t *encrmsg);
125 
126 CK_RV rsa_decrypt(RSAbytekey *bkey,
127     uchar_t *encrmsg, uint32_t encrmsglen, uchar_t *msg);
128 
129 #define	rsa_sign(key, msg, len, sig)	rsa_decrypt((key), (msg), (len), (sig))
130 #define	rsa_verify(key, msg, len, sig)	rsa_encrypt((key), (msg), (len), (sig))
131 
132 /*
133  * The following definitions and declarations are only used by RSA FIPS POST
134  */
135 #ifdef _RSA_FIPS_POST
136 
137 /* RSA FIPS Declarations */
138 #define	FIPS_RSA_PUBLIC_EXPONENT_LENGTH		  3 /*   24-bits */
139 #define	FIPS_RSA_PRIVATE_VERSION_LENGTH		  1 /*    8-bits */
140 #define	FIPS_RSA_MESSAGE_LENGTH			128 /* 1024-bits */
141 #define	FIPS_RSA_COEFFICIENT_LENGTH		 64 /*  512-bits */
142 #define	FIPS_RSA_PRIME0_LENGTH			 64 /*  512-bits */
143 #define	FIPS_RSA_PRIME1_LENGTH			 64 /*  512-bits */
144 #define	FIPS_RSA_EXPONENT0_LENGTH		 64 /*  512-bits */
145 #define	FIPS_RSA_EXPONENT1_LENGTH		 64 /*  512-bits */
146 #define	FIPS_RSA_PRIVATE_EXPONENT_LENGTH	128 /* 1024-bits */
147 #define	FIPS_RSA_ENCRYPT_LENGTH			128 /* 1024-bits */
148 #define	FIPS_RSA_DECRYPT_LENGTH			128 /* 1024-bits */
149 #define	FIPS_RSA_SIGNATURE_LENGTH		128 /* 1024-bits */
150 #define	FIPS_RSA_MODULUS_LENGTH			128 /* 1024-bits */
151 #define	MAX_KEY_ATTR_BUFLEN			1024
152 
153 typedef struct RSAPrivateKey_s {
154 	uint8_t		*version;
155 	int		version_len;
156 	RSAbytekey	bkey;
157 } RSAPrivateKey_t;
158 
159 /* RSA FIPS functions */
160 extern int fips_rsa_post(void);
161 extern int fips_rsa_encrypt(RSAPrivateKey_t *, uint8_t *, int, uint8_t *);
162 extern int fips_rsa_decrypt(RSAPrivateKey_t *, uint8_t *, int, uint8_t *);
163 
164 #endif /* _RSA_FIPS_POST */
165 
166 #ifdef	__cplusplus
167 }
168 #endif
169 
170 #endif /* _RSA_IMPL_H */
171