Print this page
fixup .text where possible
7127 remove -Wno-missing-braces from Makefile.uts
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/crypto/io/rsa.c
+++ new/usr/src/uts/common/crypto/io/rsa.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 */
25 25
26 26 /*
27 27 * RSA provider for the Kernel Cryptographic Framework (KCF)
28 28 */
29 29
30 30 #include <sys/types.h>
31 31 #include <sys/systm.h>
32 32 #include <sys/modctl.h>
33 33 #include <sys/cmn_err.h>
34 34 #include <sys/ddi.h>
35 35 #include <sys/crypto/spi.h>
36 36 #include <sys/sysmacros.h>
37 37 #include <sys/strsun.h>
38 38 #include <sys/md5.h>
39 39 #include <sys/sha1.h>
40 40 #define _SHA2_IMPL
41 41 #include <sys/sha2.h>
42 42 #include <sys/random.h>
43 43 #include <sys/crypto/impl.h>
44 44 #include <sha1/sha1_impl.h>
45 45 #include <sha2/sha2_impl.h>
46 46 #include <padding/padding.h>
47 47 #include <rsa/rsa_impl.h>
48 48
49 49 extern struct mod_ops mod_cryptoops;
50 50
|
↓ open down ↓ |
50 lines elided |
↑ open up ↑ |
51 51 /*
52 52 * Module linkage information for the kernel.
53 53 */
54 54 static struct modlcrypto modlcrypto = {
55 55 &mod_cryptoops,
56 56 "RSA Kernel SW Provider"
57 57 };
58 58
59 59 static struct modlinkage modlinkage = {
60 60 MODREV_1,
61 - (void *)&modlcrypto,
62 - NULL
61 + { (void *)&modlcrypto,
62 + NULL }
63 63 };
64 64
65 65 /*
66 66 * CSPI information (entry points, provider info, etc.)
67 67 */
68 68 typedef enum rsa_mech_type {
69 69 RSA_PKCS_MECH_INFO_TYPE, /* SUN_CKM_RSA_PKCS */
70 70 RSA_X_509_MECH_INFO_TYPE, /* SUN_CKM_RSA_X_509 */
71 71 MD5_RSA_PKCS_MECH_INFO_TYPE, /* SUN_MD5_RSA_PKCS */
72 72 SHA1_RSA_PKCS_MECH_INFO_TYPE, /* SUN_SHA1_RSA_PKCS */
73 73 SHA256_RSA_PKCS_MECH_INFO_TYPE, /* SUN_SHA256_RSA_PKCS */
74 74 SHA384_RSA_PKCS_MECH_INFO_TYPE, /* SUN_SHA384_RSA_PKCS */
75 75 SHA512_RSA_PKCS_MECH_INFO_TYPE /* SUN_SHA512_RSA_PKCS */
76 76 } rsa_mech_type_t;
77 77
78 78 /*
79 79 * Context for RSA_PKCS and RSA_X_509 mechanisms.
80 80 */
81 81 typedef struct rsa_ctx {
82 82 rsa_mech_type_t mech_type;
83 83 crypto_key_t *key;
84 84 size_t keychunk_size;
85 85 } rsa_ctx_t;
86 86
87 87 /*
88 88 * Context for MD5_RSA_PKCS and SHA*_RSA_PKCS mechanisms.
89 89 */
90 90 typedef struct digest_rsa_ctx {
91 91 rsa_mech_type_t mech_type;
92 92 crypto_key_t *key;
93 93 size_t keychunk_size;
94 94 union {
95 95 MD5_CTX md5ctx;
96 96 SHA1_CTX sha1ctx;
97 97 SHA2_CTX sha2ctx;
98 98 } dctx_u;
99 99 } digest_rsa_ctx_t;
100 100
101 101 #define md5_ctx dctx_u.md5ctx
102 102 #define sha1_ctx dctx_u.sha1ctx
103 103 #define sha2_ctx dctx_u.sha2ctx
104 104
105 105 /*
106 106 * Mechanism info structure passed to KCF during registration.
107 107 */
108 108 static crypto_mech_info_t rsa_mech_info_tab[] = {
109 109 /* RSA_PKCS */
110 110 {SUN_CKM_RSA_PKCS, RSA_PKCS_MECH_INFO_TYPE,
111 111 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
112 112 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC |
113 113 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
114 114 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
115 115 CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
116 116 CRYPTO_FG_VERIFY_RECOVER | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
117 117 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
118 118
119 119 /* RSA_X_509 */
120 120 {SUN_CKM_RSA_X_509, RSA_X_509_MECH_INFO_TYPE,
121 121 CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
122 122 CRYPTO_FG_DECRYPT | CRYPTO_FG_DECRYPT_ATOMIC |
123 123 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
124 124 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC |
125 125 CRYPTO_FG_SIGN_RECOVER | CRYPTO_FG_SIGN_RECOVER_ATOMIC |
126 126 CRYPTO_FG_VERIFY_RECOVER | CRYPTO_FG_VERIFY_RECOVER_ATOMIC,
127 127 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
128 128
129 129 /* MD5_RSA_PKCS */
130 130 {SUN_CKM_MD5_RSA_PKCS, MD5_RSA_PKCS_MECH_INFO_TYPE,
131 131 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
132 132 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
133 133 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
134 134
135 135 /* SHA1_RSA_PKCS */
136 136 {SUN_CKM_SHA1_RSA_PKCS, SHA1_RSA_PKCS_MECH_INFO_TYPE,
137 137 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
138 138 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
139 139 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
140 140
141 141 /* SHA256_RSA_PKCS */
142 142 {SUN_CKM_SHA256_RSA_PKCS, SHA256_RSA_PKCS_MECH_INFO_TYPE,
143 143 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
144 144 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
145 145 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
146 146
147 147 /* SHA384_RSA_PKCS */
148 148 {SUN_CKM_SHA384_RSA_PKCS, SHA384_RSA_PKCS_MECH_INFO_TYPE,
149 149 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
150 150 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
151 151 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS},
152 152
153 153 /* SHA512_RSA_PKCS */
154 154 {SUN_CKM_SHA512_RSA_PKCS, SHA512_RSA_PKCS_MECH_INFO_TYPE,
155 155 CRYPTO_FG_SIGN | CRYPTO_FG_SIGN_ATOMIC |
156 156 CRYPTO_FG_VERIFY | CRYPTO_FG_VERIFY_ATOMIC,
157 157 RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CRYPTO_KEYSIZE_UNIT_IN_BITS}
158 158
159 159 };
160 160
161 161 #define RSA_VALID_MECH(mech) \
162 162 (((mech)->cm_type == RSA_PKCS_MECH_INFO_TYPE || \
163 163 (mech)->cm_type == RSA_X_509_MECH_INFO_TYPE || \
164 164 (mech)->cm_type == MD5_RSA_PKCS_MECH_INFO_TYPE || \
165 165 (mech)->cm_type == SHA1_RSA_PKCS_MECH_INFO_TYPE || \
166 166 (mech)->cm_type == SHA256_RSA_PKCS_MECH_INFO_TYPE || \
167 167 (mech)->cm_type == SHA384_RSA_PKCS_MECH_INFO_TYPE || \
168 168 (mech)->cm_type == SHA512_RSA_PKCS_MECH_INFO_TYPE) ? 1 : 0)
169 169
170 170 /* operations are in-place if the output buffer is NULL */
171 171 #define RSA_ARG_INPLACE(input, output) \
172 172 if ((output) == NULL) \
173 173 (output) = (input);
174 174
175 175 static void rsa_provider_status(crypto_provider_handle_t, uint_t *);
176 176
177 177 static crypto_control_ops_t rsa_control_ops = {
178 178 rsa_provider_status
179 179 };
180 180
181 181 static int rsa_common_init(crypto_ctx_t *, crypto_mechanism_t *,
182 182 crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
183 183 static int rsaprov_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
184 184 crypto_req_handle_t);
185 185 static int rsa_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
186 186 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
187 187 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
188 188 static int rsaprov_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
189 189 crypto_req_handle_t);
190 190 static int rsa_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
191 191 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
192 192 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
193 193
194 194 /*
195 195 * The RSA mechanisms do not have multiple-part cipher operations.
196 196 * So, the update and final routines are set to NULL.
197 197 */
198 198 static crypto_cipher_ops_t rsa_cipher_ops = {
199 199 rsa_common_init,
200 200 rsaprov_encrypt,
201 201 NULL,
202 202 NULL,
203 203 rsa_encrypt_atomic,
204 204 rsa_common_init,
205 205 rsaprov_decrypt,
206 206 NULL,
207 207 NULL,
208 208 rsa_decrypt_atomic
209 209 };
210 210
211 211 static int rsa_sign_verify_common_init(crypto_ctx_t *, crypto_mechanism_t *,
212 212 crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
213 213 static int rsaprov_sign(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
214 214 crypto_req_handle_t);
215 215 static int rsa_sign_update(crypto_ctx_t *, crypto_data_t *,
216 216 crypto_req_handle_t);
217 217 static int rsa_sign_final(crypto_ctx_t *, crypto_data_t *,
218 218 crypto_req_handle_t);
219 219 static int rsa_sign_atomic(crypto_provider_handle_t, crypto_session_id_t,
220 220 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
221 221 crypto_spi_ctx_template_t, crypto_req_handle_t);
222 222
223 223 /*
224 224 * We use the same routine for sign_init and sign_recover_init fields
225 225 * as they do the same thing. Same holds for sign and sign_recover fields,
226 226 * and sign_atomic and sign_recover_atomic fields.
227 227 */
228 228 static crypto_sign_ops_t rsa_sign_ops = {
229 229 rsa_sign_verify_common_init,
230 230 rsaprov_sign,
231 231 rsa_sign_update,
232 232 rsa_sign_final,
233 233 rsa_sign_atomic,
234 234 rsa_sign_verify_common_init,
235 235 rsaprov_sign,
236 236 rsa_sign_atomic
237 237 };
238 238
239 239 static int rsaprov_verify(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
240 240 crypto_req_handle_t);
241 241 static int rsa_verify_update(crypto_ctx_t *, crypto_data_t *,
242 242 crypto_req_handle_t);
243 243 static int rsa_verify_final(crypto_ctx_t *, crypto_data_t *,
244 244 crypto_req_handle_t);
245 245 static int rsa_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
246 246 crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
247 247 crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
248 248 static int rsa_verify_recover(crypto_ctx_t *, crypto_data_t *,
249 249 crypto_data_t *, crypto_req_handle_t);
250 250 static int rsa_verify_recover_atomic(crypto_provider_handle_t,
251 251 crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *,
252 252 crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t,
253 253 crypto_req_handle_t);
254 254
255 255 /*
256 256 * We use the same routine (rsa_sign_verify_common_init) for verify_init
257 257 * and verify_recover_init fields as they do the same thing.
258 258 */
259 259 static crypto_verify_ops_t rsa_verify_ops = {
260 260 rsa_sign_verify_common_init,
261 261 rsaprov_verify,
262 262 rsa_verify_update,
263 263 rsa_verify_final,
264 264 rsa_verify_atomic,
265 265 rsa_sign_verify_common_init,
266 266 rsa_verify_recover,
|
↓ open down ↓ |
194 lines elided |
↑ open up ↑ |
267 267 rsa_verify_recover_atomic
268 268 };
269 269
270 270 static int rsa_free_context(crypto_ctx_t *);
271 271
272 272 static crypto_ctx_ops_t rsa_ctx_ops = {
273 273 NULL,
274 274 rsa_free_context
275 275 };
276 276
277 -static crypto_ops_t rsa_crypto_ops = {
278 - &rsa_control_ops,
279 - NULL,
280 - &rsa_cipher_ops,
281 - NULL,
282 - &rsa_sign_ops,
283 - &rsa_verify_ops,
284 - NULL,
285 - NULL,
286 - NULL,
287 - NULL,
288 - NULL,
289 - NULL,
290 - NULL,
291 - &rsa_ctx_ops,
292 - NULL,
293 - NULL,
294 - NULL,
295 -};
277 +static crypto_ops_t rsa_crypto_ops = {{{{{{
278 + &rsa_control_ops,
279 + NULL,
280 + &rsa_cipher_ops,
281 + NULL,
282 + &rsa_sign_ops,
283 + &rsa_verify_ops,
284 + NULL,
285 + NULL,
286 + NULL,
287 + NULL,
288 + NULL,
289 + NULL,
290 + NULL,
291 + &rsa_ctx_ops }, /* cou_v1 */
292 + NULL }, /* cou_v2 */
293 + NULL }, /* cou_v3 */
294 + NULL } /* cou_v4 */
295 +}};
296 296
297 -static crypto_provider_info_t rsa_prov_info = {
297 +static crypto_provider_info_t rsa_prov_info = {{{{
298 298 CRYPTO_SPI_VERSION_4,
299 299 "RSA Software Provider",
300 300 CRYPTO_SW_PROVIDER,
301 301 {&modlinkage},
302 302 NULL,
303 303 &rsa_crypto_ops,
304 304 sizeof (rsa_mech_info_tab)/sizeof (crypto_mech_info_t),
305 305 rsa_mech_info_tab
306 -};
306 +}}}};
307 307
308 308 static int rsa_encrypt_common(rsa_mech_type_t, crypto_key_t *,
309 309 crypto_data_t *, crypto_data_t *);
310 310 static int rsa_decrypt_common(rsa_mech_type_t, crypto_key_t *,
311 311 crypto_data_t *, crypto_data_t *);
312 312 static int rsa_sign_common(rsa_mech_type_t, crypto_key_t *,
313 313 crypto_data_t *, crypto_data_t *);
314 314 static int rsa_verify_common(rsa_mech_type_t, crypto_key_t *,
315 315 crypto_data_t *, crypto_data_t *);
316 316 static int compare_data(crypto_data_t *, uchar_t *);
317 317
318 318 static int core_rsa_encrypt(crypto_key_t *, uchar_t *, int, uchar_t *, int);
319 319 static int core_rsa_decrypt(crypto_key_t *, uchar_t *, int, uchar_t *);
320 320
321 321 static crypto_kcf_provider_handle_t rsa_prov_handle = NULL;
322 322
323 323 int
324 324 _init(void)
325 325 {
326 326 int ret;
327 327
328 328 if ((ret = mod_install(&modlinkage)) != 0)
329 329 return (ret);
330 330
331 331 /* Register with KCF. If the registration fails, remove the module. */
332 332 if (crypto_register_provider(&rsa_prov_info, &rsa_prov_handle)) {
333 333 (void) mod_remove(&modlinkage);
334 334 return (EACCES);
335 335 }
336 336
337 337 return (0);
338 338 }
339 339
340 340 int
341 341 _fini(void)
342 342 {
343 343 /* Unregister from KCF if module is registered */
344 344 if (rsa_prov_handle != NULL) {
345 345 if (crypto_unregister_provider(rsa_prov_handle))
346 346 return (EBUSY);
347 347
348 348 rsa_prov_handle = NULL;
349 349 }
350 350
351 351 return (mod_remove(&modlinkage));
352 352 }
353 353
354 354 int
355 355 _info(struct modinfo *modinfop)
356 356 {
357 357 return (mod_info(&modlinkage, modinfop));
358 358 }
359 359
360 360 /* ARGSUSED */
361 361 static void
362 362 rsa_provider_status(crypto_provider_handle_t provider, uint_t *status)
363 363 {
364 364 *status = CRYPTO_PROVIDER_READY;
365 365 }
366 366
367 367 static int
368 368 check_mech_and_key(crypto_mechanism_t *mechanism, crypto_key_t *key)
369 369 {
370 370 int rv = CRYPTO_FAILED;
371 371
372 372 uchar_t *modulus;
373 373 ssize_t modulus_len; /* In bytes */
374 374
375 375 if (!RSA_VALID_MECH(mechanism))
376 376 return (CRYPTO_MECHANISM_INVALID);
377 377
378 378 /*
379 379 * We only support RSA keys that are passed as a list of
380 380 * object attributes.
381 381 */
382 382 if (key->ck_format != CRYPTO_KEY_ATTR_LIST) {
383 383 return (CRYPTO_KEY_TYPE_INCONSISTENT);
384 384 }
385 385
386 386 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
387 387 &modulus_len)) != CRYPTO_SUCCESS) {
388 388 return (rv);
389 389 }
390 390 if (modulus_len < MIN_RSA_KEYLENGTH_IN_BYTES ||
391 391 modulus_len > MAX_RSA_KEYLENGTH_IN_BYTES)
392 392 return (CRYPTO_KEY_SIZE_RANGE);
393 393
394 394 return (rv);
395 395 }
396 396
397 397 void
398 398 kmemset(uint8_t *buf, char pattern, size_t len)
399 399 {
400 400 int i = 0;
401 401
402 402 while (i < len)
403 403 buf[i++] = pattern;
404 404 }
405 405
406 406 /*
407 407 * This function guarantees to return non-zero random numbers.
408 408 * This is needed as the /dev/urandom kernel interface,
409 409 * random_get_pseudo_bytes(), may return zeros.
410 410 */
411 411 int
412 412 knzero_random_generator(uint8_t *ran_out, size_t ran_len)
413 413 {
414 414 int rv;
415 415 size_t ebc = 0; /* count of extra bytes in extrarand */
416 416 size_t i = 0;
417 417 uint8_t extrarand[32];
418 418 size_t extrarand_len;
419 419
420 420 if ((rv = random_get_pseudo_bytes(ran_out, ran_len)) != 0)
421 421 return (rv);
422 422
423 423 /*
424 424 * Walk through the returned random numbers pointed by ran_out,
425 425 * and look for any random number which is zero.
426 426 * If we find zero, call random_get_pseudo_bytes() to generate
427 427 * another 32 random numbers pool. Replace any zeros in ran_out[]
428 428 * from the random number in pool.
429 429 */
430 430 while (i < ran_len) {
431 431 if (ran_out[i] != 0) {
432 432 i++;
433 433 continue;
434 434 }
435 435
436 436 /*
437 437 * Note that it is 'while' so we are guaranteed a
438 438 * non-zero value on exit.
439 439 */
440 440 if (ebc == 0) {
441 441 /* refresh extrarand */
442 442 extrarand_len = sizeof (extrarand);
443 443 if ((rv = random_get_pseudo_bytes(extrarand,
444 444 extrarand_len)) != 0) {
445 445 return (rv);
446 446 }
447 447
448 448 ebc = extrarand_len;
449 449 }
450 450 /* Replace zero with byte from extrarand. */
451 451 -- ebc;
452 452
453 453 /*
454 454 * The new random byte zero/non-zero will be checked in
455 455 * the next pass through the loop.
456 456 */
457 457 ran_out[i] = extrarand[ebc];
458 458 }
459 459
460 460 return (CRYPTO_SUCCESS);
461 461 }
462 462
463 463 static int
464 464 compare_data(crypto_data_t *data, uchar_t *buf)
465 465 {
466 466 int len;
467 467 uchar_t *dptr;
468 468
469 469 len = data->cd_length;
470 470 switch (data->cd_format) {
471 471 case CRYPTO_DATA_RAW:
472 472 dptr = (uchar_t *)(data->cd_raw.iov_base +
473 473 data->cd_offset);
474 474
475 475 return (bcmp(dptr, buf, len));
476 476
477 477 case CRYPTO_DATA_UIO:
478 478 return (crypto_uio_data(data, buf, len,
479 479 COMPARE_TO_DATA, NULL, NULL));
480 480
481 481 case CRYPTO_DATA_MBLK:
482 482 return (crypto_mblk_data(data, buf, len,
483 483 COMPARE_TO_DATA, NULL, NULL));
484 484 }
485 485
486 486 return (CRYPTO_FAILED);
487 487 }
488 488
489 489 /* ARGSUSED */
490 490 static int
491 491 rsa_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
492 492 crypto_key_t *key, crypto_spi_ctx_template_t template,
493 493 crypto_req_handle_t req)
494 494 {
495 495 int rv;
496 496 int kmflag;
497 497 rsa_ctx_t *ctxp;
498 498
499 499 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
500 500 return (rv);
501 501
502 502 /*
503 503 * Allocate a RSA context.
504 504 */
505 505 kmflag = crypto_kmflag(req);
506 506 if ((ctxp = kmem_zalloc(sizeof (rsa_ctx_t), kmflag)) == NULL)
507 507 return (CRYPTO_HOST_MEMORY);
508 508
509 509 if ((rv = crypto_copy_key_to_ctx(key, &ctxp->key, &ctxp->keychunk_size,
510 510 kmflag)) != CRYPTO_SUCCESS) {
511 511 kmem_free(ctxp, sizeof (rsa_ctx_t));
512 512 return (rv);
513 513 }
514 514 ctxp->mech_type = mechanism->cm_type;
515 515
516 516 ctx->cc_provider_private = ctxp;
517 517
518 518 return (CRYPTO_SUCCESS);
519 519 }
520 520
521 521 /* ARGSUSED */
522 522 static int
523 523 rsaprov_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
524 524 crypto_data_t *ciphertext, crypto_req_handle_t req)
525 525 {
526 526 int rv;
527 527 rsa_ctx_t *ctxp;
528 528
529 529 ASSERT(ctx->cc_provider_private != NULL);
530 530 ctxp = ctx->cc_provider_private;
531 531
532 532 RSA_ARG_INPLACE(plaintext, ciphertext);
533 533
534 534 /*
535 535 * Note on the KM_SLEEP flag passed to the routine below -
536 536 * rsaprov_encrypt() is a single-part encryption routine which is
537 537 * currently usable only by /dev/crypto. Since /dev/crypto calls are
538 538 * always synchronous, we can safely pass KM_SLEEP here.
539 539 */
540 540 rv = rsa_encrypt_common(ctxp->mech_type, ctxp->key, plaintext,
541 541 ciphertext);
542 542
543 543 if (rv != CRYPTO_BUFFER_TOO_SMALL)
544 544 (void) rsa_free_context(ctx);
545 545
546 546 return (rv);
547 547 }
548 548
549 549 /* ARGSUSED */
550 550 static int
551 551 rsa_encrypt_atomic(crypto_provider_handle_t provider,
552 552 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
553 553 crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
554 554 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
555 555 {
556 556 int rv;
557 557
558 558 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
559 559 return (rv);
560 560 RSA_ARG_INPLACE(plaintext, ciphertext);
561 561
562 562 return (rsa_encrypt_common(mechanism->cm_type, key, plaintext,
563 563 ciphertext));
564 564 }
565 565
566 566 static int
567 567 rsa_free_context(crypto_ctx_t *ctx)
568 568 {
569 569 rsa_ctx_t *ctxp = ctx->cc_provider_private;
570 570
571 571 if (ctxp != NULL) {
572 572 bzero(ctxp->key, ctxp->keychunk_size);
573 573 kmem_free(ctxp->key, ctxp->keychunk_size);
574 574
575 575 if (ctxp->mech_type == RSA_PKCS_MECH_INFO_TYPE ||
576 576 ctxp->mech_type == RSA_X_509_MECH_INFO_TYPE)
577 577 kmem_free(ctxp, sizeof (rsa_ctx_t));
578 578 else
579 579 kmem_free(ctxp, sizeof (digest_rsa_ctx_t));
580 580
581 581 ctx->cc_provider_private = NULL;
582 582 }
583 583
584 584 return (CRYPTO_SUCCESS);
585 585 }
586 586
587 587 static int
588 588 rsa_encrypt_common(rsa_mech_type_t mech_type, crypto_key_t *key,
589 589 crypto_data_t *plaintext, crypto_data_t *ciphertext)
590 590 {
591 591 int rv = CRYPTO_FAILED;
592 592
593 593 int plen;
594 594 uchar_t *ptptr;
595 595 uchar_t *modulus;
596 596 ssize_t modulus_len;
597 597 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
598 598 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
599 599 uchar_t cipher_data[MAX_RSA_KEYLENGTH_IN_BYTES];
600 600
601 601 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
602 602 &modulus_len)) != CRYPTO_SUCCESS) {
603 603 return (rv);
604 604 }
605 605
606 606 plen = plaintext->cd_length;
607 607 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
608 608 if (plen > (modulus_len - MIN_PKCS1_PADLEN))
609 609 return (CRYPTO_DATA_LEN_RANGE);
610 610 } else {
611 611 if (plen > modulus_len)
612 612 return (CRYPTO_DATA_LEN_RANGE);
613 613 }
614 614
615 615 /*
616 616 * Output buf len must not be less than RSA modulus size.
617 617 */
618 618 if (ciphertext->cd_length < modulus_len) {
619 619 ciphertext->cd_length = modulus_len;
620 620 return (CRYPTO_BUFFER_TOO_SMALL);
621 621 }
622 622
623 623 ASSERT(plaintext->cd_length <= sizeof (tmp_data));
624 624 if ((rv = crypto_get_input_data(plaintext, &ptptr, tmp_data))
625 625 != CRYPTO_SUCCESS)
626 626 return (rv);
627 627
628 628 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
629 629 rv = pkcs1_encode(PKCS1_ENCRYPT, ptptr, plen,
630 630 plain_data, modulus_len);
631 631
632 632 if (rv != CRYPTO_SUCCESS)
633 633 return (rv);
634 634 } else {
635 635 bzero(plain_data, modulus_len - plen);
636 636 bcopy(ptptr, &plain_data[modulus_len - plen], plen);
637 637 }
638 638
639 639 rv = core_rsa_encrypt(key, plain_data, modulus_len, cipher_data, 1);
640 640 if (rv == CRYPTO_SUCCESS) {
641 641 /* copy out to ciphertext */
642 642 if ((rv = crypto_put_output_data(cipher_data,
643 643 ciphertext, modulus_len)) != CRYPTO_SUCCESS)
644 644 return (rv);
645 645
646 646 ciphertext->cd_length = modulus_len;
647 647 }
648 648
649 649 return (rv);
650 650 }
651 651
652 652 static int
653 653 core_rsa_encrypt(crypto_key_t *key, uchar_t *in,
654 654 int in_len, uchar_t *out, int is_public)
655 655 {
656 656 int rv;
657 657 uchar_t *expo, *modulus;
658 658 ssize_t expo_len;
659 659 ssize_t modulus_len;
660 660 RSAbytekey k;
661 661
662 662 if (is_public) {
663 663 if ((rv = crypto_get_key_attr(key, SUN_CKA_PUBLIC_EXPONENT,
664 664 &expo, &expo_len)) != CRYPTO_SUCCESS)
665 665 return (rv);
666 666 } else {
667 667 /*
668 668 * SUN_CKA_PRIVATE_EXPONENT is a required attribute for a
669 669 * RSA secret key. See the comments in core_rsa_decrypt
670 670 * routine which calls this routine with a private key.
671 671 */
672 672 if ((rv = crypto_get_key_attr(key, SUN_CKA_PRIVATE_EXPONENT,
673 673 &expo, &expo_len)) != CRYPTO_SUCCESS)
674 674 return (rv);
675 675 }
676 676
677 677 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
678 678 &modulus_len)) != CRYPTO_SUCCESS) {
679 679 return (rv);
680 680 }
681 681
682 682 k.modulus = modulus;
683 683 k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len);
684 684 k.pubexpo = expo;
685 685 k.pubexpo_bytes = expo_len;
686 686 k.rfunc = NULL;
687 687
688 688 rv = rsa_encrypt(&k, in, in_len, out);
689 689
690 690 return (rv);
691 691 }
692 692
693 693 /* ARGSUSED */
694 694 static int
695 695 rsaprov_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
696 696 crypto_data_t *plaintext, crypto_req_handle_t req)
697 697 {
698 698 int rv;
699 699 rsa_ctx_t *ctxp;
700 700
701 701 ASSERT(ctx->cc_provider_private != NULL);
702 702 ctxp = ctx->cc_provider_private;
703 703
704 704 RSA_ARG_INPLACE(ciphertext, plaintext);
705 705
706 706 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
707 707 rv = rsa_decrypt_common(ctxp->mech_type, ctxp->key,
708 708 ciphertext, plaintext);
709 709
710 710 if (rv != CRYPTO_BUFFER_TOO_SMALL)
711 711 (void) rsa_free_context(ctx);
712 712
713 713 return (rv);
714 714 }
715 715
716 716 /* ARGSUSED */
717 717 static int
718 718 rsa_decrypt_atomic(crypto_provider_handle_t provider,
719 719 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
720 720 crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
721 721 crypto_spi_ctx_template_t template, crypto_req_handle_t req)
722 722 {
723 723 int rv;
724 724
725 725 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
726 726 return (rv);
727 727 RSA_ARG_INPLACE(ciphertext, plaintext);
728 728
729 729 return (rsa_decrypt_common(mechanism->cm_type, key, ciphertext,
730 730 plaintext));
731 731 }
732 732
733 733 static int
734 734 rsa_decrypt_common(rsa_mech_type_t mech_type, crypto_key_t *key,
735 735 crypto_data_t *ciphertext, crypto_data_t *plaintext)
736 736 {
737 737 int rv = CRYPTO_FAILED;
738 738
739 739 size_t plain_len;
740 740 uchar_t *ctptr;
741 741 uchar_t *modulus;
742 742 ssize_t modulus_len;
743 743 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
744 744 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
745 745
746 746 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
747 747 &modulus_len)) != CRYPTO_SUCCESS) {
748 748 return (rv);
749 749 }
750 750
751 751 /*
752 752 * Ciphertext length must be equal to RSA modulus size.
753 753 */
754 754 if (ciphertext->cd_length != modulus_len)
755 755 return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
756 756
757 757 ASSERT(ciphertext->cd_length <= sizeof (tmp_data));
758 758 if ((rv = crypto_get_input_data(ciphertext, &ctptr, tmp_data))
759 759 != CRYPTO_SUCCESS)
760 760 return (rv);
761 761
762 762 rv = core_rsa_decrypt(key, ctptr, modulus_len, plain_data);
763 763 if (rv == CRYPTO_SUCCESS) {
764 764 plain_len = modulus_len;
765 765
766 766 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
767 767 /* Strip off the PKCS block formatting data. */
768 768 rv = pkcs1_decode(PKCS1_DECRYPT, plain_data,
769 769 &plain_len);
770 770 if (rv != CRYPTO_SUCCESS)
771 771 return (rv);
772 772 }
773 773
774 774 if (plain_len > plaintext->cd_length) {
775 775 plaintext->cd_length = plain_len;
776 776 return (CRYPTO_BUFFER_TOO_SMALL);
777 777 }
778 778
779 779 if ((rv = crypto_put_output_data(
780 780 plain_data + modulus_len - plain_len,
781 781 plaintext, plain_len)) != CRYPTO_SUCCESS)
782 782 return (rv);
783 783
784 784 plaintext->cd_length = plain_len;
785 785 }
786 786
787 787 return (rv);
788 788 }
789 789
790 790 static int
791 791 core_rsa_decrypt(crypto_key_t *key, uchar_t *in, int in_len, uchar_t *out)
792 792 {
793 793 int rv;
794 794 uchar_t *modulus, *prime1, *prime2, *expo1, *expo2, *coef;
795 795 ssize_t modulus_len;
796 796 ssize_t prime1_len, prime2_len;
797 797 ssize_t expo1_len, expo2_len, coef_len;
798 798 RSAbytekey k;
799 799
800 800 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
801 801 &modulus_len)) != CRYPTO_SUCCESS) {
802 802 return (rv);
803 803 }
804 804
805 805 /*
806 806 * The following attributes are not required to be
807 807 * present in a RSA secret key. If any of them is not present
808 808 * we call the encrypt routine with a flag indicating use of
809 809 * private exponent (d). Note that SUN_CKA_PRIVATE_EXPONENT is
810 810 * a required attribute for a RSA secret key.
811 811 */
812 812 if ((crypto_get_key_attr(key, SUN_CKA_PRIME_1, &prime1, &prime1_len)
813 813 != CRYPTO_SUCCESS) ||
814 814 (crypto_get_key_attr(key, SUN_CKA_PRIME_2, &prime2, &prime2_len)
815 815 != CRYPTO_SUCCESS) ||
816 816 (crypto_get_key_attr(key, SUN_CKA_EXPONENT_1, &expo1, &expo1_len)
817 817 != CRYPTO_SUCCESS) ||
818 818 (crypto_get_key_attr(key, SUN_CKA_EXPONENT_2, &expo2, &expo2_len)
819 819 != CRYPTO_SUCCESS) ||
820 820 (crypto_get_key_attr(key, SUN_CKA_COEFFICIENT, &coef, &coef_len)
821 821 != CRYPTO_SUCCESS)) {
822 822 return (core_rsa_encrypt(key, in, in_len, out, 0));
823 823 }
824 824
825 825 k.modulus = modulus;
826 826 k.modulus_bits = CRYPTO_BYTES2BITS(modulus_len);
827 827 k.prime1 = prime1;
828 828 k.prime1_bytes = prime1_len;
829 829 k.prime2 = prime2;
830 830 k.prime2_bytes = prime2_len;
831 831 k.expo1 = expo1;
832 832 k.expo1_bytes = expo1_len;
833 833 k.expo2 = expo2;
834 834 k.expo2_bytes = expo2_len;
835 835 k.coeff = coef;
836 836 k.coeff_bytes = coef_len;
837 837 k.rfunc = NULL;
838 838
839 839 rv = rsa_decrypt(&k, in, in_len, out);
840 840
841 841 return (rv);
842 842 }
843 843
844 844 /* ARGSUSED */
845 845 static int
846 846 rsa_sign_verify_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
847 847 crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
848 848 crypto_req_handle_t req)
849 849 {
850 850 int rv;
851 851 int kmflag;
852 852 rsa_ctx_t *ctxp;
853 853 digest_rsa_ctx_t *dctxp;
854 854
855 855 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
856 856 return (rv);
857 857
858 858 /*
859 859 * Allocate a RSA context.
860 860 */
861 861 kmflag = crypto_kmflag(req);
862 862 switch (mechanism->cm_type) {
863 863 case MD5_RSA_PKCS_MECH_INFO_TYPE:
864 864 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
865 865 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
866 866 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
867 867 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
868 868 dctxp = kmem_zalloc(sizeof (digest_rsa_ctx_t), kmflag);
869 869 ctxp = (rsa_ctx_t *)dctxp;
870 870 break;
871 871 default:
872 872 ctxp = kmem_zalloc(sizeof (rsa_ctx_t), kmflag);
873 873 break;
874 874 }
875 875
876 876 if (ctxp == NULL)
877 877 return (CRYPTO_HOST_MEMORY);
878 878
879 879 ctxp->mech_type = mechanism->cm_type;
880 880 if ((rv = crypto_copy_key_to_ctx(key, &ctxp->key, &ctxp->keychunk_size,
881 881 kmflag)) != CRYPTO_SUCCESS) {
882 882 switch (mechanism->cm_type) {
883 883 case MD5_RSA_PKCS_MECH_INFO_TYPE:
884 884 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
885 885 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
886 886 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
887 887 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
888 888 kmem_free(dctxp, sizeof (digest_rsa_ctx_t));
889 889 break;
890 890 default:
891 891 kmem_free(ctxp, sizeof (rsa_ctx_t));
892 892 break;
893 893 }
894 894 return (rv);
895 895 }
896 896
897 897 switch (mechanism->cm_type) {
898 898 case MD5_RSA_PKCS_MECH_INFO_TYPE:
899 899 MD5Init(&(dctxp->md5_ctx));
900 900 break;
901 901
902 902 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
903 903 SHA1Init(&(dctxp->sha1_ctx));
904 904 break;
905 905
906 906 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
907 907 SHA2Init(SHA256, &(dctxp->sha2_ctx));
908 908 break;
909 909
910 910 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
911 911 SHA2Init(SHA384, &(dctxp->sha2_ctx));
912 912 break;
913 913
914 914 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
915 915 SHA2Init(SHA512, &(dctxp->sha2_ctx));
916 916 break;
917 917 }
918 918
919 919 ctx->cc_provider_private = ctxp;
920 920
921 921 return (CRYPTO_SUCCESS);
922 922 }
923 923
924 924 #define SHA1_DIGEST_SIZE 20
925 925 #define MD5_DIGEST_SIZE 16
926 926
927 927 #define INIT_RAW_CRYPTO_DATA(data, base, len, cd_len) \
928 928 (data).cd_format = CRYPTO_DATA_RAW; \
929 929 (data).cd_offset = 0; \
930 930 (data).cd_raw.iov_base = (char *)base; \
931 931 (data).cd_raw.iov_len = len; \
932 932 (data).cd_length = cd_len;
933 933
934 934 static int
935 935 rsa_digest_svrfy_common(digest_rsa_ctx_t *ctxp, crypto_data_t *data,
936 936 crypto_data_t *signature, uchar_t flag)
937 937 {
938 938 int rv = CRYPTO_FAILED;
939 939
940 940 uchar_t digest[SHA512_DIGEST_LENGTH];
941 941 /* The der_data size is enough for MD5 also */
942 942 uchar_t der_data[SHA512_DIGEST_LENGTH + SHA2_DER_PREFIX_Len];
943 943 ulong_t der_data_len;
944 944 crypto_data_t der_cd;
945 945 rsa_mech_type_t mech_type;
946 946
947 947 ASSERT(flag & CRYPTO_DO_SIGN || flag & CRYPTO_DO_VERIFY);
948 948 ASSERT(data != NULL || (flag & CRYPTO_DO_FINAL));
949 949
950 950 mech_type = ctxp->mech_type;
951 951 if (mech_type == RSA_PKCS_MECH_INFO_TYPE ||
952 952 mech_type == RSA_X_509_MECH_INFO_TYPE)
953 953 return (CRYPTO_MECHANISM_INVALID);
954 954
955 955 /*
956 956 * We need to do the BUFFER_TOO_SMALL check before digesting
957 957 * the data. No check is needed for verify as signature is not
958 958 * an output argument for verify.
959 959 */
960 960 if (flag & CRYPTO_DO_SIGN) {
961 961 uchar_t *modulus;
962 962 ssize_t modulus_len;
963 963
964 964 if ((rv = crypto_get_key_attr(ctxp->key, SUN_CKA_MODULUS,
965 965 &modulus, &modulus_len)) != CRYPTO_SUCCESS) {
966 966 return (rv);
967 967 }
968 968
969 969 if (signature->cd_length < modulus_len) {
970 970 signature->cd_length = modulus_len;
971 971 return (CRYPTO_BUFFER_TOO_SMALL);
972 972 }
973 973 }
974 974
975 975 if (mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE)
976 976 rv = crypto_digest_data(data, &(ctxp->md5_ctx),
977 977 digest, MD5Update, MD5Final, flag | CRYPTO_DO_MD5);
978 978
979 979 else if (mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE)
980 980 rv = crypto_digest_data(data, &(ctxp->sha1_ctx),
981 981 digest, SHA1Update, SHA1Final, flag | CRYPTO_DO_SHA1);
982 982
983 983 else
984 984 rv = crypto_digest_data(data, &(ctxp->sha2_ctx),
985 985 digest, SHA2Update, SHA2Final, flag | CRYPTO_DO_SHA2);
986 986
987 987 if (rv != CRYPTO_SUCCESS)
988 988 return (rv);
989 989
990 990
991 991 /*
992 992 * Prepare the DER encoding of the DigestInfo value as follows:
993 993 * MD5: MD5_DER_PREFIX || H
994 994 * SHA-1: SHA1_DER_PREFIX || H
995 995 *
996 996 * See rsa_impl.c for more details.
997 997 */
998 998 switch (mech_type) {
999 999 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1000 1000 bcopy(MD5_DER_PREFIX, der_data, MD5_DER_PREFIX_Len);
1001 1001 bcopy(digest, der_data + MD5_DER_PREFIX_Len, MD5_DIGEST_SIZE);
1002 1002 der_data_len = MD5_DER_PREFIX_Len + MD5_DIGEST_SIZE;
1003 1003 break;
1004 1004
1005 1005 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1006 1006 bcopy(SHA1_DER_PREFIX, der_data, SHA1_DER_PREFIX_Len);
1007 1007 bcopy(digest, der_data + SHA1_DER_PREFIX_Len,
1008 1008 SHA1_DIGEST_SIZE);
1009 1009 der_data_len = SHA1_DER_PREFIX_Len + SHA1_DIGEST_SIZE;
1010 1010 break;
1011 1011
1012 1012 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1013 1013 bcopy(SHA256_DER_PREFIX, der_data, SHA2_DER_PREFIX_Len);
1014 1014 bcopy(digest, der_data + SHA2_DER_PREFIX_Len,
1015 1015 SHA256_DIGEST_LENGTH);
1016 1016 der_data_len = SHA2_DER_PREFIX_Len + SHA256_DIGEST_LENGTH;
1017 1017 break;
1018 1018
1019 1019 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1020 1020 bcopy(SHA384_DER_PREFIX, der_data, SHA2_DER_PREFIX_Len);
1021 1021 bcopy(digest, der_data + SHA2_DER_PREFIX_Len,
1022 1022 SHA384_DIGEST_LENGTH);
1023 1023 der_data_len = SHA2_DER_PREFIX_Len + SHA384_DIGEST_LENGTH;
1024 1024 break;
1025 1025
1026 1026 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1027 1027 bcopy(SHA512_DER_PREFIX, der_data, SHA2_DER_PREFIX_Len);
1028 1028 bcopy(digest, der_data + SHA2_DER_PREFIX_Len,
1029 1029 SHA512_DIGEST_LENGTH);
1030 1030 der_data_len = SHA2_DER_PREFIX_Len + SHA512_DIGEST_LENGTH;
1031 1031 break;
1032 1032 }
1033 1033
1034 1034 INIT_RAW_CRYPTO_DATA(der_cd, der_data, der_data_len, der_data_len);
1035 1035 /*
1036 1036 * Now, we are ready to sign or verify the DER_ENCODED data.
1037 1037 */
1038 1038 if (flag & CRYPTO_DO_SIGN)
1039 1039 rv = rsa_sign_common(mech_type, ctxp->key, &der_cd,
1040 1040 signature);
1041 1041 else
1042 1042 rv = rsa_verify_common(mech_type, ctxp->key, &der_cd,
1043 1043 signature);
1044 1044
1045 1045 return (rv);
1046 1046 }
1047 1047
1048 1048 static int
1049 1049 rsa_sign_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1050 1050 crypto_data_t *data, crypto_data_t *signature)
1051 1051 {
1052 1052 int rv = CRYPTO_FAILED;
1053 1053
1054 1054 int dlen;
1055 1055 uchar_t *dataptr, *modulus;
1056 1056 ssize_t modulus_len;
1057 1057 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1058 1058 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1059 1059 uchar_t signed_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1060 1060
1061 1061 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1062 1062 &modulus_len)) != CRYPTO_SUCCESS) {
1063 1063 return (rv);
1064 1064 }
1065 1065
1066 1066 dlen = data->cd_length;
1067 1067 switch (mech_type) {
1068 1068 case RSA_PKCS_MECH_INFO_TYPE:
1069 1069 if (dlen > (modulus_len - MIN_PKCS1_PADLEN))
1070 1070 return (CRYPTO_DATA_LEN_RANGE);
1071 1071 break;
1072 1072 case RSA_X_509_MECH_INFO_TYPE:
1073 1073 if (dlen > modulus_len)
1074 1074 return (CRYPTO_DATA_LEN_RANGE);
1075 1075 break;
1076 1076 }
1077 1077
1078 1078 if (signature->cd_length < modulus_len) {
1079 1079 signature->cd_length = modulus_len;
1080 1080 return (CRYPTO_BUFFER_TOO_SMALL);
1081 1081 }
1082 1082
1083 1083 ASSERT(data->cd_length <= sizeof (tmp_data));
1084 1084 if ((rv = crypto_get_input_data(data, &dataptr, tmp_data))
1085 1085 != CRYPTO_SUCCESS)
1086 1086 return (rv);
1087 1087
1088 1088 switch (mech_type) {
1089 1089 case RSA_PKCS_MECH_INFO_TYPE:
1090 1090 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1091 1091 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1092 1092 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1093 1093 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1094 1094 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1095 1095 /*
1096 1096 * Add PKCS padding to the input data to format a block
1097 1097 * type "01" encryption block.
1098 1098 */
1099 1099 rv = pkcs1_encode(PKCS1_SIGN, dataptr, dlen, plain_data,
1100 1100 modulus_len);
1101 1101 if (rv != CRYPTO_SUCCESS)
1102 1102 return (rv);
1103 1103
1104 1104 break;
1105 1105
1106 1106 case RSA_X_509_MECH_INFO_TYPE:
1107 1107 bzero(plain_data, modulus_len - dlen);
1108 1108 bcopy(dataptr, &plain_data[modulus_len - dlen], dlen);
1109 1109 break;
1110 1110 }
1111 1111
1112 1112 rv = core_rsa_decrypt(key, plain_data, modulus_len, signed_data);
1113 1113 if (rv == CRYPTO_SUCCESS) {
1114 1114 /* copy out to signature */
1115 1115 if ((rv = crypto_put_output_data(signed_data,
1116 1116 signature, modulus_len)) != CRYPTO_SUCCESS)
1117 1117 return (rv);
1118 1118
1119 1119 signature->cd_length = modulus_len;
1120 1120 }
1121 1121
1122 1122 return (rv);
1123 1123 }
1124 1124
1125 1125 /* ARGSUSED */
1126 1126 static int
1127 1127 rsaprov_sign(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *signature,
1128 1128 crypto_req_handle_t req)
1129 1129 {
1130 1130 int rv;
1131 1131 rsa_ctx_t *ctxp;
1132 1132
1133 1133 ASSERT(ctx->cc_provider_private != NULL);
1134 1134 ctxp = ctx->cc_provider_private;
1135 1135
1136 1136 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
1137 1137 switch (ctxp->mech_type) {
1138 1138 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1139 1139 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1140 1140 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1141 1141 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1142 1142 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1143 1143 rv = rsa_digest_svrfy_common((digest_rsa_ctx_t *)ctxp, data,
1144 1144 signature, CRYPTO_DO_SIGN | CRYPTO_DO_UPDATE |
1145 1145 CRYPTO_DO_FINAL);
1146 1146 break;
1147 1147 default:
1148 1148 rv = rsa_sign_common(ctxp->mech_type, ctxp->key, data,
1149 1149 signature);
1150 1150 break;
1151 1151 }
1152 1152
1153 1153 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1154 1154 (void) rsa_free_context(ctx);
1155 1155
1156 1156 return (rv);
1157 1157 }
1158 1158
1159 1159 /* ARGSUSED */
1160 1160 static int
1161 1161 rsa_sign_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
1162 1162 {
1163 1163 int rv;
1164 1164 digest_rsa_ctx_t *ctxp;
1165 1165 rsa_mech_type_t mech_type;
1166 1166
1167 1167 ASSERT(ctx->cc_provider_private != NULL);
1168 1168 ctxp = ctx->cc_provider_private;
1169 1169 mech_type = ctxp->mech_type;
1170 1170
1171 1171 if (mech_type == RSA_PKCS_MECH_INFO_TYPE ||
1172 1172 mech_type == RSA_X_509_MECH_INFO_TYPE)
1173 1173 return (CRYPTO_MECHANISM_INVALID);
1174 1174
1175 1175 if (mech_type == MD5_RSA_PKCS_MECH_INFO_TYPE)
1176 1176 rv = crypto_digest_data(data, &(ctxp->md5_ctx),
1177 1177 NULL, MD5Update, MD5Final,
1178 1178 CRYPTO_DO_MD5 | CRYPTO_DO_UPDATE);
1179 1179
1180 1180 else if (mech_type == SHA1_RSA_PKCS_MECH_INFO_TYPE)
1181 1181 rv = crypto_digest_data(data, &(ctxp->sha1_ctx),
1182 1182 NULL, SHA1Update, SHA1Final, CRYPTO_DO_SHA1 |
1183 1183 CRYPTO_DO_UPDATE);
1184 1184
1185 1185 else
1186 1186 rv = crypto_digest_data(data, &(ctxp->sha2_ctx),
1187 1187 NULL, SHA2Update, SHA2Final, CRYPTO_DO_SHA2 |
1188 1188 CRYPTO_DO_UPDATE);
1189 1189
1190 1190 return (rv);
1191 1191 }
1192 1192
1193 1193 /* ARGSUSED2 */
1194 1194 static int
1195 1195 rsa_sign_final(crypto_ctx_t *ctx, crypto_data_t *signature,
1196 1196 crypto_req_handle_t req)
1197 1197 {
1198 1198 int rv;
1199 1199 digest_rsa_ctx_t *ctxp;
1200 1200
1201 1201 ASSERT(ctx->cc_provider_private != NULL);
1202 1202 ctxp = ctx->cc_provider_private;
1203 1203
1204 1204 rv = rsa_digest_svrfy_common(ctxp, NULL, signature,
1205 1205 CRYPTO_DO_SIGN | CRYPTO_DO_FINAL);
1206 1206 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1207 1207 (void) rsa_free_context(ctx);
1208 1208
1209 1209 return (rv);
1210 1210 }
1211 1211
1212 1212 /* ARGSUSED */
1213 1213 static int
1214 1214 rsa_sign_atomic(crypto_provider_handle_t provider,
1215 1215 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1216 1216 crypto_key_t *key, crypto_data_t *data, crypto_data_t *signature,
1217 1217 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1218 1218 {
1219 1219 int rv;
1220 1220 digest_rsa_ctx_t dctx;
1221 1221
1222 1222 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
1223 1223 return (rv);
1224 1224
1225 1225 if (mechanism->cm_type == RSA_PKCS_MECH_INFO_TYPE ||
1226 1226 mechanism->cm_type == RSA_X_509_MECH_INFO_TYPE)
1227 1227 rv = rsa_sign_common(mechanism->cm_type, key, data,
1228 1228 signature);
1229 1229
1230 1230 else {
1231 1231 dctx.mech_type = mechanism->cm_type;
1232 1232 dctx.key = key;
1233 1233 switch (mechanism->cm_type) {
1234 1234 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1235 1235 MD5Init(&(dctx.md5_ctx));
1236 1236 break;
1237 1237
1238 1238 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1239 1239 SHA1Init(&(dctx.sha1_ctx));
1240 1240 break;
1241 1241
1242 1242 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1243 1243 SHA2Init(SHA256, &(dctx.sha2_ctx));
1244 1244 break;
1245 1245
1246 1246 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1247 1247 SHA2Init(SHA384, &(dctx.sha2_ctx));
1248 1248 break;
1249 1249
1250 1250 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1251 1251 SHA2Init(SHA512, &(dctx.sha2_ctx));
1252 1252 break;
1253 1253 }
1254 1254
1255 1255 rv = rsa_digest_svrfy_common(&dctx, data, signature,
1256 1256 CRYPTO_DO_SIGN | CRYPTO_DO_UPDATE | CRYPTO_DO_FINAL);
1257 1257 }
1258 1258
1259 1259 return (rv);
1260 1260 }
1261 1261
1262 1262 static int
1263 1263 rsa_verify_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1264 1264 crypto_data_t *data, crypto_data_t *signature)
1265 1265 {
1266 1266 int rv = CRYPTO_FAILED;
1267 1267
1268 1268 uchar_t *sigptr, *modulus;
1269 1269 ssize_t modulus_len;
1270 1270 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1271 1271 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1272 1272
1273 1273 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1274 1274 &modulus_len)) != CRYPTO_SUCCESS) {
1275 1275 return (rv);
1276 1276 }
1277 1277
1278 1278 if (signature->cd_length != modulus_len)
1279 1279 return (CRYPTO_SIGNATURE_LEN_RANGE);
1280 1280
1281 1281 ASSERT(signature->cd_length <= sizeof (tmp_data));
1282 1282 if ((rv = crypto_get_input_data(signature, &sigptr, tmp_data))
1283 1283 != CRYPTO_SUCCESS)
1284 1284 return (rv);
1285 1285
1286 1286 rv = core_rsa_encrypt(key, sigptr, modulus_len, plain_data, 1);
1287 1287 if (rv != CRYPTO_SUCCESS)
1288 1288 return (rv);
1289 1289
1290 1290 if (mech_type == RSA_X_509_MECH_INFO_TYPE) {
1291 1291 if (compare_data(data, (plain_data + modulus_len
1292 1292 - data->cd_length)) != 0)
1293 1293 rv = CRYPTO_SIGNATURE_INVALID;
1294 1294
1295 1295 } else {
1296 1296 size_t data_len = modulus_len;
1297 1297
1298 1298 /*
1299 1299 * Strip off the encoded padding bytes in front of the
1300 1300 * recovered data, then compare the recovered data with
1301 1301 * the original data.
1302 1302 */
1303 1303 rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len);
1304 1304 if (rv != CRYPTO_SUCCESS)
1305 1305 return (rv);
1306 1306
1307 1307 if (data_len != data->cd_length)
1308 1308 return (CRYPTO_SIGNATURE_LEN_RANGE);
1309 1309
1310 1310 if (compare_data(data, (plain_data + modulus_len
1311 1311 - data_len)) != 0)
1312 1312 rv = CRYPTO_SIGNATURE_INVALID;
1313 1313 }
1314 1314
1315 1315 return (rv);
1316 1316 }
1317 1317
1318 1318 /* ARGSUSED */
1319 1319 static int
1320 1320 rsaprov_verify(crypto_ctx_t *ctx, crypto_data_t *data,
1321 1321 crypto_data_t *signature, crypto_req_handle_t req)
1322 1322 {
1323 1323 int rv;
1324 1324 rsa_ctx_t *ctxp;
1325 1325
1326 1326 ASSERT(ctx->cc_provider_private != NULL);
1327 1327 ctxp = ctx->cc_provider_private;
1328 1328
1329 1329 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
1330 1330 switch (ctxp->mech_type) {
1331 1331 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1332 1332 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1333 1333 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1334 1334 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1335 1335 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1336 1336 rv = rsa_digest_svrfy_common((digest_rsa_ctx_t *)ctxp, data,
1337 1337 signature, CRYPTO_DO_VERIFY | CRYPTO_DO_UPDATE |
1338 1338 CRYPTO_DO_FINAL);
1339 1339 break;
1340 1340 default:
1341 1341 rv = rsa_verify_common(ctxp->mech_type, ctxp->key, data,
1342 1342 signature);
1343 1343 break;
1344 1344 }
1345 1345
1346 1346 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1347 1347 (void) rsa_free_context(ctx);
1348 1348
1349 1349 return (rv);
1350 1350 }
1351 1351
1352 1352 /* ARGSUSED */
1353 1353 static int
1354 1354 rsa_verify_update(crypto_ctx_t *ctx, crypto_data_t *data,
1355 1355 crypto_req_handle_t req)
1356 1356 {
1357 1357 int rv;
1358 1358 digest_rsa_ctx_t *ctxp;
1359 1359
1360 1360 ASSERT(ctx->cc_provider_private != NULL);
1361 1361 ctxp = ctx->cc_provider_private;
1362 1362
1363 1363 switch (ctxp->mech_type) {
1364 1364
1365 1365 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1366 1366 rv = crypto_digest_data(data, &(ctxp->md5_ctx),
1367 1367 NULL, MD5Update, MD5Final, CRYPTO_DO_MD5 |
1368 1368 CRYPTO_DO_UPDATE);
1369 1369 break;
1370 1370
1371 1371 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1372 1372 rv = crypto_digest_data(data, &(ctxp->sha1_ctx),
1373 1373 NULL, SHA1Update, SHA1Final, CRYPTO_DO_SHA1 |
1374 1374 CRYPTO_DO_UPDATE);
1375 1375 break;
1376 1376
1377 1377 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1378 1378 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1379 1379 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1380 1380 rv = crypto_digest_data(data, &(ctxp->sha2_ctx),
1381 1381 NULL, SHA2Update, SHA2Final, CRYPTO_DO_SHA2 |
1382 1382 CRYPTO_DO_UPDATE);
1383 1383 break;
1384 1384
1385 1385 default:
1386 1386 return (CRYPTO_MECHANISM_INVALID);
1387 1387 }
1388 1388
1389 1389 return (rv);
1390 1390 }
1391 1391
1392 1392 /* ARGSUSED2 */
1393 1393 static int
1394 1394 rsa_verify_final(crypto_ctx_t *ctx, crypto_data_t *signature,
1395 1395 crypto_req_handle_t req)
1396 1396 {
1397 1397 int rv;
1398 1398 digest_rsa_ctx_t *ctxp;
1399 1399
1400 1400 ASSERT(ctx->cc_provider_private != NULL);
1401 1401 ctxp = ctx->cc_provider_private;
1402 1402
1403 1403 rv = rsa_digest_svrfy_common(ctxp, NULL, signature,
1404 1404 CRYPTO_DO_VERIFY | CRYPTO_DO_FINAL);
1405 1405 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1406 1406 (void) rsa_free_context(ctx);
1407 1407
1408 1408 return (rv);
1409 1409 }
1410 1410
1411 1411
1412 1412 /* ARGSUSED */
1413 1413 static int
1414 1414 rsa_verify_atomic(crypto_provider_handle_t provider,
1415 1415 crypto_session_id_t session_id,
1416 1416 crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data,
1417 1417 crypto_data_t *signature, crypto_spi_ctx_template_t ctx_template,
1418 1418 crypto_req_handle_t req)
1419 1419 {
1420 1420 int rv;
1421 1421 digest_rsa_ctx_t dctx;
1422 1422
1423 1423 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
1424 1424 return (rv);
1425 1425
1426 1426 if (mechanism->cm_type == RSA_PKCS_MECH_INFO_TYPE ||
1427 1427 mechanism->cm_type == RSA_X_509_MECH_INFO_TYPE)
1428 1428 rv = rsa_verify_common(mechanism->cm_type, key, data,
1429 1429 signature);
1430 1430
1431 1431 else {
1432 1432 dctx.mech_type = mechanism->cm_type;
1433 1433 dctx.key = key;
1434 1434
1435 1435 switch (mechanism->cm_type) {
1436 1436 case MD5_RSA_PKCS_MECH_INFO_TYPE:
1437 1437 MD5Init(&(dctx.md5_ctx));
1438 1438 break;
1439 1439
1440 1440 case SHA1_RSA_PKCS_MECH_INFO_TYPE:
1441 1441 SHA1Init(&(dctx.sha1_ctx));
1442 1442 break;
1443 1443
1444 1444 case SHA256_RSA_PKCS_MECH_INFO_TYPE:
1445 1445 SHA2Init(SHA256, &(dctx.sha2_ctx));
1446 1446 break;
1447 1447
1448 1448 case SHA384_RSA_PKCS_MECH_INFO_TYPE:
1449 1449 SHA2Init(SHA384, &(dctx.sha2_ctx));
1450 1450 break;
1451 1451
1452 1452 case SHA512_RSA_PKCS_MECH_INFO_TYPE:
1453 1453 SHA2Init(SHA512, &(dctx.sha2_ctx));
1454 1454 break;
1455 1455 }
1456 1456
1457 1457 rv = rsa_digest_svrfy_common(&dctx, data, signature,
1458 1458 CRYPTO_DO_VERIFY | CRYPTO_DO_UPDATE | CRYPTO_DO_FINAL);
1459 1459 }
1460 1460
1461 1461 return (rv);
1462 1462 }
1463 1463
1464 1464 static int
1465 1465 rsa_verify_recover_common(rsa_mech_type_t mech_type, crypto_key_t *key,
1466 1466 crypto_data_t *signature, crypto_data_t *data)
1467 1467 {
1468 1468 int rv = CRYPTO_FAILED;
1469 1469
1470 1470 size_t data_len;
1471 1471 uchar_t *sigptr, *modulus;
1472 1472 ssize_t modulus_len;
1473 1473 uchar_t plain_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1474 1474 uchar_t tmp_data[MAX_RSA_KEYLENGTH_IN_BYTES];
1475 1475
1476 1476 if ((rv = crypto_get_key_attr(key, SUN_CKA_MODULUS, &modulus,
1477 1477 &modulus_len)) != CRYPTO_SUCCESS) {
1478 1478 return (rv);
1479 1479 }
1480 1480
1481 1481 if (signature->cd_length != modulus_len)
1482 1482 return (CRYPTO_SIGNATURE_LEN_RANGE);
1483 1483
1484 1484 ASSERT(signature->cd_length <= sizeof (tmp_data));
1485 1485 if ((rv = crypto_get_input_data(signature, &sigptr, tmp_data))
1486 1486 != CRYPTO_SUCCESS)
1487 1487 return (rv);
1488 1488
1489 1489 rv = core_rsa_encrypt(key, sigptr, modulus_len, plain_data, 1);
1490 1490 if (rv != CRYPTO_SUCCESS)
1491 1491 return (rv);
1492 1492
1493 1493 data_len = modulus_len;
1494 1494
1495 1495 if (mech_type == RSA_PKCS_MECH_INFO_TYPE) {
1496 1496 /*
1497 1497 * Strip off the encoded padding bytes in front of the
1498 1498 * recovered data, then compare the recovered data with
1499 1499 * the original data.
1500 1500 */
1501 1501 rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len);
1502 1502 if (rv != CRYPTO_SUCCESS)
1503 1503 return (rv);
1504 1504 }
1505 1505
1506 1506 if (data->cd_length < data_len) {
1507 1507 data->cd_length = data_len;
1508 1508 return (CRYPTO_BUFFER_TOO_SMALL);
1509 1509 }
1510 1510
1511 1511 if ((rv = crypto_put_output_data(plain_data + modulus_len - data_len,
1512 1512 data, data_len)) != CRYPTO_SUCCESS)
1513 1513 return (rv);
1514 1514 data->cd_length = data_len;
1515 1515
1516 1516 return (rv);
1517 1517 }
1518 1518
1519 1519 /* ARGSUSED */
1520 1520 static int
1521 1521 rsa_verify_recover(crypto_ctx_t *ctx, crypto_data_t *signature,
1522 1522 crypto_data_t *data, crypto_req_handle_t req)
1523 1523 {
1524 1524 int rv;
1525 1525 rsa_ctx_t *ctxp;
1526 1526
1527 1527 ASSERT(ctx->cc_provider_private != NULL);
1528 1528 ctxp = ctx->cc_provider_private;
1529 1529
1530 1530 /* See the comments on KM_SLEEP flag in rsaprov_encrypt() */
1531 1531 rv = rsa_verify_recover_common(ctxp->mech_type, ctxp->key,
1532 1532 signature, data);
1533 1533
1534 1534 if (rv != CRYPTO_BUFFER_TOO_SMALL)
1535 1535 (void) rsa_free_context(ctx);
1536 1536
1537 1537 return (rv);
1538 1538 }
1539 1539
1540 1540 /* ARGSUSED */
1541 1541 static int
1542 1542 rsa_verify_recover_atomic(crypto_provider_handle_t provider,
1543 1543 crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
1544 1544 crypto_key_t *key, crypto_data_t *signature, crypto_data_t *data,
1545 1545 crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
1546 1546 {
1547 1547 int rv;
1548 1548
1549 1549 if ((rv = check_mech_and_key(mechanism, key)) != CRYPTO_SUCCESS)
1550 1550 return (rv);
1551 1551
1552 1552 return (rsa_verify_recover_common(mechanism->cm_type, key,
1553 1553 signature, data));
1554 1554 }
|
↓ open down ↓ |
1238 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX