# HG changeset patch # User Garrett D'Amore # Date 1284312350 25200 # Node ID 294b1fe4bc7f146a224f8b914c635025b58409cd # Parent 528fbffc41649d8cd0ebde2b0a00ef8ce6480309 6 Need open kcfd Reviewed by: gwr@nexenta.com, richlowe@richlowe.net, matt@greenviolet.net Approved by: richlowe@richlowe.net diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/Makefile --- a/usr/src/cmd/cmd-crypto/cryptoadm/Makefile Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/cryptoadm/Makefile Sun Sep 12 10:25:50 2010 -0700 @@ -20,6 +20,7 @@ # # Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. # +# Copyright 2010 Nexenta Systems, Inc. All rights reserved. PROG = cryptoadm @@ -28,9 +29,7 @@ adm_kef.o \ adm_kef_ioctl.o \ adm_kef_util.o \ - adm_fips_hw.o \ adm_util.o \ - start_stop.o \ adm_metaslot.o SRCS = $(OBJS:.o=.c) diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c --- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,328 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "cryptoadm.h" - -#define HW_CONF_DIR "/platform/sun4v/kernel/drv" - - -/* Get FIPS-140 status from .conf */ -int -fips_hw_status(char *filename, char *property, int *hw_fips_mode) -{ - FILE *pfile; - char buffer[BUFSIZ]; - char *str = NULL; - char *cursor = NULL; - - /* Open the .conf file */ - if ((pfile = fopen(filename, "r")) == NULL) { - cryptodebug("failed to open %s for write.", filename); - return (FAILURE); - } - - while (fgets(buffer, BUFSIZ, pfile) != NULL) { - if (buffer[0] == '#') { - /* skip comments */ - continue; - } - - /* find the property string */ - if ((str = strstr(buffer, property)) == NULL) { - /* didn't find the property string in this line */ - continue; - } - - cursor = strtok(str, "= ;"); - cursor = strtok(NULL, "= ;"); - if (cursor == NULL) { - cryptoerror(LOG_STDERR, gettext( - "Invalid config file contents: %s."), filename); - (void) fclose(pfile); - return (FAILURE); - } - *hw_fips_mode = atoi(cursor); - (void) fclose(pfile); - return (SUCCESS); - } - - /* - * If the fips property is not found in the config file, - * FIPS mode is false by default. - */ - *hw_fips_mode = CRYPTO_FIPS_MODE_DISABLED; - (void) fclose(pfile); - - return (SUCCESS); -} - -/* - * Update the HW .conf file with the updated entry. - */ -int -fips_update_hw_conf(char *filename, char *property, int action) -{ - FILE *pfile; - FILE *pfile_tmp; - char buffer[BUFSIZ]; - char buffer2[BUFSIZ]; - char *tmpfile_name = NULL; - char *str = NULL; - char *cursor = NULL; - int rc = SUCCESS; - boolean_t found = B_FALSE; - - /* Open the .conf file */ - if ((pfile = fopen(filename, "r+")) == NULL) { - cryptoerror(LOG_STDERR, - gettext("failed to update the configuration - %s"), - strerror(errno)); - cryptodebug("failed to open %s for write.", filename); - return (FAILURE); - } - - /* Lock the .conf file */ - if (lockf(fileno(pfile), F_TLOCK, 0) == -1) { - cryptoerror(LOG_STDERR, - gettext("failed to update the configuration - %s"), - strerror(errno)); - cryptodebug(gettext("failed to lock %s"), filename); - (void) fclose(pfile); - return (FAILURE); - } - - /* - * Create a temporary file to save updated configuration file first. - */ - tmpfile_name = tempnam(HW_CONF_DIR, NULL); - if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) { - cryptoerror(LOG_STDERR, gettext("failed to open %s - %s"), - tmpfile_name, strerror(errno)); - free(tmpfile_name); - (void) fclose(pfile); - return (FAILURE); - } - - - /* - * Loop thru entire .conf file, update the entry to be - * updated and save the updated file to the temporary file first. - */ - while (fgets(buffer, BUFSIZ, pfile) != NULL) { - if (buffer[0] == '#') { - /* comments: write to the file without modification */ - goto write_to_tmp; - } - - (void) strlcpy(buffer2, buffer, BUFSIZ); - - /* find the property string */ - if ((str = strstr(buffer2, property)) == NULL) { - /* - * Didn't find the property string in this line. - * Write to the file without modification. - */ - goto write_to_tmp; - } - - found = B_TRUE; - - cursor = strtok(str, "= ;"); - cursor = strtok(NULL, "= ;"); - if (cursor == NULL) { - cryptoerror(LOG_STDERR, gettext( - "Invalid config file contents %s: %s."), - filename, strerror(errno)); - goto errorexit; - } - - cursor = buffer + (cursor - buffer2); - *cursor = (action == FIPS140_ENABLE) ? '1' : '0'; - -write_to_tmp: - - if (fputs(buffer, pfile_tmp) == EOF) { - cryptoerror(LOG_STDERR, gettext( - "failed to write to a temp file: %s."), - strerror(errno)); - goto errorexit; - } - } - - /* if the fips mode property is not specified, FALSE by default */ - if (found == B_FALSE) { - (void) snprintf(buffer, BUFSIZ, "%s=%c;\n", - property, (action == FIPS140_ENABLE) ? '1' : '0'); - if (fputs(buffer, pfile_tmp) == EOF) { - cryptoerror(LOG_STDERR, gettext( - "failed to write to a tmp file: %s."), - strerror(errno)); - goto errorexit; - } - } - - (void) fclose(pfile); - if (fclose(pfile_tmp) != 0) { - cryptoerror(LOG_STDERR, - gettext("failed to close %s: %s"), tmpfile_name, - strerror(errno)); - free(tmpfile_name); - return (FAILURE); - } - - /* Copy the temporary file to the .conf file */ - if (rename(tmpfile_name, filename) == -1) { - cryptoerror(LOG_STDERR, - gettext("failed to update the configuration - %s"), - strerror(errno)); - cryptodebug("failed to rename %s to %s: %s", tmpfile_name, - filename, strerror(errno)); - rc = FAILURE; - } else if (chmod(filename, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) { - cryptoerror(LOG_STDERR, - gettext("failed to update the configuration - %s"), - strerror(errno)); - cryptodebug("failed to chmod to %s: %s", filename, - strerror(errno)); - rc = FAILURE; - } else { - rc = SUCCESS; - } - - if ((rc == FAILURE) && (unlink(tmpfile_name) != 0)) { - cryptoerror(LOG_STDERR, gettext( - "(Warning) failed to remove %s: %s"), - tmpfile_name, strerror(errno)); - } - - free(tmpfile_name); - return (rc); - -errorexit: - (void) fclose(pfile); - (void) fclose(pfile_tmp); - free(tmpfile_name); - - return (FAILURE); -} - - -/* - * Perform the FIPS related actions - */ -int -do_fips_hw_actions(int action, int provider) -{ - int rc = SUCCESS; - int fips_mode = 0; - char *filename; - char *propname; - char *provname; - - switch (provider) { - case HW_PROVIDER_NCP: - filename = "/platform/sun4v/kernel/drv/ncp.conf"; - propname = "ncp-fips-140"; - provname = "ncp"; - break; - case HW_PROVIDER_N2CP: - filename = "/platform/sun4v/kernel/drv/n2cp.conf"; - propname = "n2cp-fips-140"; - provname = "n2cp"; - break; - case HW_PROVIDER_N2RNG: - filename = "/platform/sun4v/kernel/drv/n2rng.conf"; - propname = "n2rng-fips-140"; - provname = "n2rng"; - break; - default: - (void) printf(gettext("Internal Error: Invalid HW " - "provider [%d] specified.\n")); - return (FAILURE); - } - - /* Get FIPS-140 status from .conf */ - if (fips_hw_status(filename, propname, &fips_mode) != SUCCESS) { - return (FAILURE); - } - - if (action == FIPS140_STATUS) { - if (fips_mode == CRYPTO_FIPS_MODE_ENABLED) - (void) printf(gettext( - "%s: FIPS-140 mode is enabled.\n"), provname); - else - (void) printf(gettext( - "%s: FIPS-140 mode is disabled.\n"), provname); - return (SUCCESS); - } - - /* Is it a duplicate operation? */ - if ((action == FIPS140_ENABLE) && - (fips_mode == CRYPTO_FIPS_MODE_ENABLED)) { - (void) printf( - gettext("%s: FIPS-140 mode has already been enabled.\n"), - provname); - return (FAILURE); - } - - if ((action == FIPS140_DISABLE) && - (fips_mode == CRYPTO_FIPS_MODE_DISABLED)) { - (void) printf( - gettext("%s: FIPS-140 mode has already been disabled.\n"), - provname); - return (FAILURE); - } - - if ((action == FIPS140_ENABLE) || (action == FIPS140_DISABLE)) { - /* Update .conf */ - if ((rc = fips_update_hw_conf(filename, propname, action)) - != SUCCESS) - return (rc); - } - - /* No need to inform kernel */ - if (action == FIPS140_ENABLE) { - (void) printf(gettext( - "%s: FIPS-140 mode was enabled successfully.\n"), - provname); - } else { - (void) printf(gettext( - "%s: FIPS-140 mode was disabled successfully.\n"), - provname); - } - - return (SUCCESS); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/adm_kef.c --- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef.c Sun Sep 12 10:25:50 2010 -0700 @@ -1195,21 +1195,6 @@ } } - /* - * handle fips_status=enabled|disabled - */ - { - int pkcs11_fips_mode = 0; - - /* Get FIPS-140 status from pkcs11.conf */ - fips_status_pkcs11conf(&pkcs11_fips_mode); - if (pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED) { - rc = do_fips_actions(FIPS140_ENABLE, REFRESH); - } else { - rc = do_fips_actions(FIPS140_DISABLE, REFRESH); - } - } - (void) close(fd); return (rc); } diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c --- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,9 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #include #include @@ -38,44 +41,8 @@ #define DEFAULT_DEV_NUM 5 #define DEFAULT_SOFT_NUM 10 -#define NUM_FIPS_SW_PROV \ - (sizeof (fips_sw_providers) / sizeof (char *)) - -static char *fips_sw_providers[] = { - "des", - "aes", - "ecc", - "sha1", - "sha2", - "rsa", - "swrand" -}; - static crypto_get_soft_info_t *setup_get_soft_info(char *, int); -static void -fips_sw_printf(const char *format, ...) -{ - va_list ap; - char message[1024]; - int i; - - va_start(ap, format); - (void) snprintf(message, sizeof (message), format, ap); - va_end(ap); - - (void) printf(gettext("\nUser-level providers:\n")); - (void) printf(gettext("=====================\n")); - (void) printf(gettext("/usr/lib/security/$ISA/pkcs11_softtoken: %s\n"), - message); - (void) printf(gettext("\nKernel software providers:\n")); - (void) printf(gettext("==========================\n")); - for (i = 0; i < NUM_FIPS_SW_PROV; i++) { - (void) printf(gettext("%s: %s\n"), - fips_sw_providers[i], message); - } -} - /* * Prepare the argument for the LOAD_SOFT_CONFIG ioctl call for the * provider pointed by pent. Return NULL if out of memory. @@ -641,119 +608,3 @@ (void) close(fd); return (SUCCESS); } - -/* - * Perform the FIPS related actions - */ -int -do_fips_actions(int action, int caller) -{ - - crypto_fips140_t fips_info; - int fd; - int rc = SUCCESS; - int pkcs11_fips_mode = 0; - - /* Get FIPS-140 status from pkcs11.conf */ - fips_status_pkcs11conf(&pkcs11_fips_mode); - - if (action == FIPS140_STATUS) { - if (pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED) - fips_sw_printf(gettext("FIPS-140 mode is enabled.")); - else - fips_sw_printf(gettext("FIPS-140 mode is disabled.")); - return (SUCCESS); - } - - if (caller == NOT_REFRESH) { - /* Is it a duplicate operation? */ - if ((action == FIPS140_ENABLE) && - (pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED)) { - fips_sw_printf(gettext("FIPS-140 mode has already " - "been enabled.")); - return (FAILURE); - } - - if ((action == FIPS140_DISABLE) && - (pkcs11_fips_mode == CRYPTO_FIPS_MODE_DISABLED)) { - fips_sw_printf(gettext("FIPS-140 mode has already " - "been disabled.")); - return (FAILURE); - } - - if ((action == FIPS140_ENABLE) || (action == FIPS140_DISABLE)) { - /* Update pkcs11.conf */ - if ((rc = fips_update_pkcs11conf(action)) != SUCCESS) - return (rc); - } - - /* No need to inform kernel */ - if (action == FIPS140_ENABLE) { - fips_sw_printf(gettext("FIPS-140 mode was enabled " - "successfully.")); - } else { - fips_sw_printf(gettext("FIPS-140 mode was disabled " - "successfully.")); - } - - return (SUCCESS); - - } - - /* This is refresh, need to inform kernel */ - (void) memset(&fips_info, 0, sizeof (crypto_fips140_t)); - - if ((fd = open(ADMIN_IOCTL_DEVICE, O_RDONLY)) == -1) { - cryptoerror(LOG_STDERR, gettext("failed to open %s: %s"), - ADMIN_IOCTL_DEVICE, strerror(errno)); - return (FAILURE); - } - - switch (action) { - case FIPS140_ENABLE: - /* make CRYPTO_FIPS_SET ioctl call */ - fips_info.fips140_op = FIPS140_ENABLE; - if ((rc = ioctl(fd, CRYPTO_FIPS140_SET, &fips_info)) == -1) { - cryptodebug("CRYPTO_FIPS140_ENABLE ioctl failed: %s", - strerror(errno)); - rc = FAILURE; - goto out; - } - - if (fips_info.fips140_return_value != CRYPTO_SUCCESS) { - cryptodebug("CRYPTO_FIPS140_ENABLE ioctl failed, " - "return_value = %d", - fips_info.fips140_return_value); - rc = FAILURE; - } - - break; - - case FIPS140_DISABLE: - /* make CRYPTO_FIPS140_SET ioctl call */ - fips_info.fips140_op = FIPS140_DISABLE; - if ((rc = ioctl(fd, CRYPTO_FIPS140_SET, &fips_info)) == -1) { - cryptodebug("CRYPTO_FIPS140_DISABLE ioctl failed: %s", - strerror(errno)); - rc = FAILURE; - goto out; - } - - if (fips_info.fips140_return_value != CRYPTO_SUCCESS) { - cryptodebug("CRYPTO_FIPS140_DISABLE ioctl failed, " - "return_value = %d", - fips_info.fips140_return_value); - rc = FAILURE; - } - - break; - - default: - rc = FAILURE; - break; - }; - -out: - (void) close(fd); - return (rc); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/adm_uef.c --- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_uef.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_uef.c Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,9 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights resrved. + */ #include #include @@ -1661,44 +1664,3 @@ "- - - - - - - - - - - - - -\n", gettext("----------------------------")); } - -int -fips_update_pkcs11conf(int action) -{ - - char *str; - - if (action == FIPS140_ENABLE) - str = "fips-140:fips_status=enabled\n"; - else - str = "fips-140:fips_status=disabled\n"; - - if (update_conf(_PATH_PKCS11_CONF, str) != SUCCESS) - return (FAILURE); - - return (SUCCESS); -} - -void -fips_status_pkcs11conf(int *status) -{ - - uentry_t *puent = NULL; - - if ((puent = getent_uef(FIPS_KEYWORD)) == NULL) { - /* - * By default (no fips-140 entry), we assume fips-140 - * mode is disabled. - */ - *status = CRYPTO_FIPS_MODE_DISABLED; - return; - } - - if (puent->flag_fips_enabled) - *status = CRYPTO_FIPS_MODE_ENABLED; - else - *status = CRYPTO_FIPS_MODE_DISABLED; - - return; - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c --- a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c Sun Sep 12 10:25:50 2010 -0700 @@ -207,8 +207,6 @@ " [mechanism=<%s>]\n", gettext("provider-name"), gettext("mechanism-list")); (void) fprintf(stderr, - " cryptoadm list fips-140\n"); - (void) fprintf(stderr, " cryptoadm disable provider=<%s>" " mechanism=<%s> | random | all\n", gettext("provider-name"), gettext("mechanism-list")); @@ -217,8 +215,6 @@ " [auto-key-migrate] [mechanism=<%s>]\n", gettext("mechanism-list")); (void) fprintf(stderr, - " cryptoadm disable fips-140\n"); - (void) fprintf(stderr, " cryptoadm enable provider=<%s>" " mechanism=<%s> | random | all\n", gettext("provider-name"), gettext("mechanism-list")); @@ -229,8 +225,6 @@ gettext("mechanism-list"), gettext("token-label"), gettext("slot-description")); (void) fprintf(stderr, - " cryptoadm enable fips-140\n"); - (void) fprintf(stderr, " cryptoadm install provider=<%s>\n", gettext("provider-name")); (void) fprintf(stderr, @@ -547,30 +541,6 @@ cryptoadm_provider_t *prov = NULL; int rc = SUCCESS; - if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD, - strlen(FIPS_KEYWORD))) == 0) { - int success_count = 0; - /* - * cryptoadm list fips-140 - */ - rc = do_fips_actions(FIPS140_STATUS, NOT_REFRESH); - if (rc == SUCCESS) - success_count++; - (void) printf(gettext("\nKernel hardware providers:\n")); - (void) printf(gettext("=========================:\n")); - rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_NCP); - if (rc == SUCCESS) - success_count++; - rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_N2CP); - if (rc == SUCCESS) - success_count++; - rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_N2RNG); - if (rc == SUCCESS) - success_count++; - /* succeed to get status from config file? */ - return ((success_count > 0) ? SUCCESS: FAILURE); - } - argc -= 1; argv += 1; @@ -753,38 +723,6 @@ int rc = SUCCESS; boolean_t auto_key_migrate_flag = B_FALSE; - if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD, - strlen(FIPS_KEYWORD))) == 0) { - int success_count = 0; - /* - * cryptoadm disable fips-140 - */ - rc = do_fips_actions(FIPS140_DISABLE, NOT_REFRESH); - if (rc == SUCCESS) - success_count++; - (void) printf(gettext("\nKernel hardware providers:\n")); - (void) printf(gettext("=========================:\n")); - rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_NCP); - if (rc == SUCCESS) - success_count++; - rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_N2CP); - if (rc == SUCCESS) - success_count++; - rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_N2RNG); - if (rc == SUCCESS) - success_count++; - - if (success_count > 0) { - (void) printf(gettext( - "\nThe FIPS-140 mode has changed.\n")); - (void) printf(gettext( - "The system will require a reboot.\n")); - return (SUCCESS); - } else { - return (FAILURE); - } - } - if ((argc < 3) || (argc > 5)) { usage(); return (ERROR_USAGE); @@ -904,38 +842,6 @@ boolean_t use_default = B_FALSE; boolean_t auto_key_migrate_flag = B_FALSE; - if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD, - strlen(FIPS_KEYWORD))) == 0) { - int success_count = 0; - /* - * cryptoadm enable fips-140 - */ - rc = do_fips_actions(FIPS140_ENABLE, NOT_REFRESH); - if (rc == SUCCESS) - success_count++; - (void) printf(gettext("\nKernel hardware providers:\n")); - (void) printf(gettext("=========================:\n")); - rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_NCP); - if (rc == SUCCESS) - success_count++; - rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_N2CP); - if (rc == SUCCESS) - success_count++; - rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_N2RNG); - if (rc == SUCCESS) - success_count++; - - if (success_count > 0) { - (void) printf(gettext( - "\nThe FIPS-140 mode has changed.\n")); - (void) printf(gettext( - "The system will require a reboot.\n")); - return (SUCCESS); - } else { - return (FAILURE); - } - } - if ((argc < 3) || (argc > 6)) { usage(); return (ERROR_USAGE); @@ -1302,26 +1208,24 @@ /* * The top level function for the "cryptoadm start" subcommand. + * This used to start up kcfd, but now all it does is load up the + * initial providers. */ static int do_start(int argc) { - int ret; - if (argc != 2) { usage(); return (ERROR_USAGE); } - ret = do_refresh(argc); - if (ret != SUCCESS) - return (ret); - - return (start_daemon()); + return (do_refresh(argc)); } /* * The top level function for the "cryptoadm stop" subcommand. + * This no longer does anything useful, but we leave it here + * for compatibility. */ static int do_stop(int argc) @@ -1331,7 +1235,7 @@ return (ERROR_USAGE); } - return (stop_daemon()); + return (SUCCESS); } diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h --- a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,9 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #ifndef _CRYPTOADM_H #define _CRYPTOADM_H @@ -34,7 +37,6 @@ extern "C" { #endif -#define _PATH_KCFD "/lib/crypto/kcfd" #define TMPFILE_TEMPLATE "/etc/crypto/admXXXXXX" #define ERROR_USAGE 2 @@ -99,8 +101,6 @@ /* adm_kef_util */ extern boolean_t is_device(char *); -extern int fips_update_pkcs11conf(int); -extern void fips_status_pkcs11conf(int *); extern char *ent2str(entry_t *); extern entry_t *getent_kef(char *provname, entrylist_t *pdevlist, entrylist_t *psoftlist); @@ -159,8 +159,6 @@ extern int uninstall_kef(char *); extern int unload_kef_soft(char *provname); extern int refresh(void); -extern int start_daemon(void); -extern int stop_daemon(void); /* adm_ioctl */ extern crypto_load_soft_config_t *setup_soft_conf(entry_t *); @@ -172,7 +170,6 @@ extern int get_soft_info(char *provname, mechlist_t **ppmechlist, entrylist_t *phardlist, entrylist_t *psoftlist); extern int get_soft_list(crypto_get_soft_list_t **); -extern int do_fips_actions(int, int); /* adm_metaslot */ extern int list_metaslot_info(boolean_t, boolean_t, mechlist_t *); @@ -181,9 +178,6 @@ extern int enable_metaslot(char *, char *, boolean_t, mechlist_t *, boolean_t, boolean_t); -/* adm_hw */ -extern int do_fips_hw_actions(int, int); - #ifdef __cplusplus } #endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/cryptoadm/start_stop.c --- a/usr/src/cmd/cmd-crypto/cryptoadm/start_stop.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,100 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include "cryptoadm.h" - -int -start_daemon(void) -{ - closefrom(0); - (void) open("/dev/null", O_RDONLY); - (void) open("/dev/null", O_WRONLY); - (void) dup(1); - (void) setsid(); - - return (execl(_PATH_KCFD, _PATH_KCFD, (char *)0)); -} - -int -stop_daemon(void) -{ - int fd = -1; - int err = 0; - struct door_info dinfo; - - /* read PID of kcfd process from kcfd lock file */ - if ((fd = open(_PATH_KCFD_DOOR, O_RDONLY)) == -1) { - err = errno; - cryptodebug("Can not open %s: %s", _PATH_KCFD_DOOR, - strerror(err)); - goto stop_fail; - } - - if (door_info(fd, &dinfo) == -1 || dinfo.di_target == -1) { - err = ENOENT; /* no errno if di_target == -1 */ - cryptodebug("no door server listening on %s", _PATH_KCFD_DOOR); - goto stop_fail; - } - - cryptodebug("Sending SIGINT to %d", dinfo.di_target); - /* send a signal to kcfd process */ - if ((kill(dinfo.di_target, SIGINT)) != 0) { - err = errno; - cryptodebug("failed to send a signal to kcfd: %s", - strerror(errno)); - goto stop_fail; - } - -stop_fail: - if (fd != -1) - (void) close(fd); - - if (err != 0) { - cryptoerror(LOG_STDERR, gettext( - "no kcfd available to stop - %s."), - strerror(err)); - /* - * We return with SMF_EXIT_OK because this was a request - * to stop something that wasn't running. - */ - return (SMF_EXIT_OK); - } - - return (SMF_EXIT_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/cmd/cmd-crypto/scripts/cryptosvc.xml --- a/usr/src/cmd/cmd-crypto/scripts/cryptosvc.xml Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/cmd/cmd-crypto/scripts/cryptosvc.xml Sun Sep 12 10:25:50 2010 -0700 @@ -4,6 +4,8 @@ Copyright 2009 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. + Copyright 2010 Nexenta Systems, Inc. All rights reserved. + CDDL HEADER START The contents of this file are subject to the terms of the @@ -73,6 +75,10 @@ exec='/sbin/cryptoadm %m' timeout_seconds='60' /> + + + + @@ -86,8 +92,6 @@ - diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/bignum/bignum.h --- a/usr/src/common/bignum/bignum.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/bignum/bignum.h Sun Sep 12 10:25:50 2010 -0700 @@ -173,11 +173,6 @@ BIG_CHUNK_TYPE big_n0(BIG_CHUNK_TYPE n); -/* - * Kernel bignum module: module integrity test - */ -extern int bignum_fips_check(void); - #if defined(HWCAP) #if (BIG_CHUNK_SIZE != 32) diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/aes/aes_impl.h --- a/usr/src/common/crypto/aes/aes_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/crypto/aes/aes_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -149,20 +149,7 @@ /* * The following definitions and declarations are only used by AES FIPS POST */ -#ifdef _AES_FIPS_POST - -#include - -/* - * FIPS preprocessor directives for AES-ECB and AES-CBC. - */ -#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */ -#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */ -#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */ -#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */ -#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */ -#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */ - +#ifdef _AES_IMPL #ifdef _KERNEL typedef enum aes_mech_type { @@ -175,51 +162,8 @@ AES_GMAC_MECH_INFO_TYPE /* SUN_CKM_AES_GMAC */ } aes_mech_type_t; -#undef CKM_AES_ECB -#undef CKM_AES_CBC -#undef CKM_AES_CTR - -#define CKM_AES_ECB AES_ECB_MECH_INFO_TYPE -#define CKM_AES_CBC AES_CBC_MECH_INFO_TYPE -#define CKM_AES_CTR AES_CTR_MECH_INFO_TYPE - -typedef struct soft_aes_ctx { - void *key_sched; /* pointer to key schedule */ - size_t keysched_len; /* Length of the key schedule */ - uint8_t ivec[AES_BLOCK_LEN]; /* initialization vector */ - uint8_t data[AES_BLOCK_LEN]; /* for use by update */ - size_t remain_len; /* for use by update */ - void *aes_cbc; /* to be used by CBC mode */ -} soft_aes_ctx_t; -#endif - -/* AES FIPS functions */ -extern int fips_aes_post(int); - -#ifdef _AES_IMPL -#ifndef _KERNEL -struct soft_aes_ctx; -extern void fips_aes_free_context(struct soft_aes_ctx *); -extern struct soft_aes_ctx *fips_aes_build_context(uint8_t *, int, - uint8_t *, CK_MECHANISM_TYPE); -extern CK_RV fips_aes_encrypt(struct soft_aes_ctx *, CK_BYTE_PTR, - CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, CK_MECHANISM_TYPE); -extern CK_RV fips_aes_decrypt(struct soft_aes_ctx *, CK_BYTE_PTR, - CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, CK_MECHANISM_TYPE); - -#else -extern void fips_aes_free_context(soft_aes_ctx_t *); -extern void *aes_cbc_ctx_init(void *, size_t, uint8_t *); -extern soft_aes_ctx_t *fips_aes_build_context(uint8_t *, int, - uint8_t *, aes_mech_type_t, boolean_t); -extern int fips_aes_encrypt(soft_aes_ctx_t *, uchar_t *, - ulong_t, uchar_t *, ulong_t *, aes_mech_type_t); -extern int fips_aes_decrypt(soft_aes_ctx_t *, uchar_t *, - ulong_t, uchar_t *, ulong_t *, aes_mech_type_t); - -#endif /* _KERNEL */ +#endif /* _KERNEL */ #endif /* _AES_IMPL */ -#endif /* _AES_FIPS_POST */ #ifdef __cplusplus } diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/des/des_impl.h --- a/usr/src/common/crypto/des/des_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/crypto/des/des_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -104,19 +104,7 @@ extern int des_decrypt_block(const void *, const uint8_t *, uint8_t *); extern int des3_decrypt_block(const void *, const uint8_t *, uint8_t *); -/* - * The following definitions and declarations are only used by DES FIPS POST - */ -#ifdef _DES_FIPS_POST - -#include -#include - -/* DES FIPS Declarations */ -#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */ -#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */ -#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */ -#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */ +#ifdef _DES_IMPL #ifdef _KERNEL typedef enum des_mech_type { @@ -128,42 +116,8 @@ DES3_CFB_MECH_INFO_TYPE /* SUN_CKM_DES3_CFB */ } des_mech_type_t; - -#undef CKM_DES_ECB -#undef CKM_DES3_ECB -#undef CKM_DES_CBC -#undef CKM_DES3_CBC - -#define CKM_DES_ECB DES_ECB_MECH_INFO_TYPE -#define CKM_DES3_ECB DES3_ECB_MECH_INFO_TYPE -#define CKM_DES_CBC DES_CBC_MECH_INFO_TYPE -#define CKM_DES3_CBC DES3_CBC_MECH_INFO_TYPE -#endif - -/* DES3 FIPS functions */ -extern int fips_des3_post(void); - -#ifndef _KERNEL -#ifdef _DES_IMPL -struct soft_des_ctx; -extern struct soft_des_ctx *des_build_context(uint8_t *, uint8_t *, - CK_KEY_TYPE, CK_MECHANISM_TYPE); -extern void fips_des_free_context(struct soft_des_ctx *); -extern CK_RV fips_des_encrypt(struct soft_des_ctx *, CK_BYTE_PTR, - CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, CK_MECHANISM_TYPE); -extern CK_RV fips_des_decrypt(struct soft_des_ctx *, CK_BYTE_PTR, - CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, CK_MECHANISM_TYPE); -#endif /* _DES_IMPL */ -#else -extern des_ctx_t *des_build_context(uint8_t *, uint8_t *, - des_mech_type_t); -extern void fips_des_free_context(des_ctx_t *); -extern int fips_des_encrypt(des_ctx_t *, uint8_t *, - ulong_t, uint8_t *, ulong_t *, des_mech_type_t); -extern int fips_des_decrypt(des_ctx_t *, uint8_t *, - ulong_t, uint8_t *, ulong_t *, des_mech_type_t); -#endif /* _KERNEL */ -#endif /* _DES_FIPS_POST */ +#endif /* _KERNEL */ +#endif /* _DES_IMPL */ #ifdef __cplusplus } diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/dsa/dsa_impl.h --- a/usr/src/common/crypto/dsa/dsa_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/crypto/dsa/dsa_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -107,28 +107,6 @@ CK_RV dsa_verify(DSAbytekey *bkey, uchar_t *msg, uchar_t *sig); - -/* - * The following definitions and declarations are only used by DSA FIPS POST - */ -#ifdef _DSA_FIPS_POST - -/* DSA FIPS Declarations */ -#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ -#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ -#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ -#define FIPS_DSA_SEED_LENGTH 20 /* 160-bits */ -#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ -#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ - -/* DSA FIPS functions */ -extern int fips_dsa_post(void); -extern int fips_dsa_genkey_pair(DSAbytekey *); -extern int fips_dsa_digest_sign(DSAbytekey *, uint8_t *, uint32_t, uint8_t *); -extern int fips_dsa_verify(DSAbytekey *, uint8_t *, uint8_t *); - -#endif /* _DSA_FIPS_POST */ - #ifdef __cplusplus } #endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_addchecksum.c --- a/usr/src/common/crypto/fips/fips_addchecksum.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,256 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -#define FAIL_EXIT \ - (void) fprintf(stderr, "failure at line %d\n", __LINE__); \ - return (-1) - -static const char fips_section_name[] = ".SUNW_fips"; - -static int -add_fips_section(int fd) -{ - Elf64_Ehdr *ehdrp; - Elf64_Shdr *section; - Elf *elf; - Elf_Scn *scn, *shstrtab_scn, *fips_scn = NULL; - Elf_Data *shstrtab_data; - Elf_Data *sdata; - unsigned int cnt, old_size, new_size; - char *sname, *newbuf; - - /* Obtain the ELF descriptor */ - (void) elf_version(EV_CURRENT); - if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) { - FAIL_EXIT; - } - - if ((ehdrp = elf64_getehdr(elf)) == NULL) { - FAIL_EXIT; - } else if ((shstrtab_scn = elf_getscn(elf, ehdrp->e_shstrndx)) == - NULL) { - FAIL_EXIT; - } else if ((shstrtab_data = elf_getdata(shstrtab_scn, NULL)) == NULL) { - FAIL_EXIT; - } - - /* Traverse input file to see if the fips section already exists */ - for (cnt = 1, scn = NULL; scn = elf_nextscn(elf, scn); cnt++) { - if ((section = elf64_getshdr(scn)) == NULL) { - FAIL_EXIT; - } - sname = (char *)shstrtab_data->d_buf + section->sh_name; - if (strcmp(sname, fips_section_name) == 0) { - /* - * If the fips section already exists, make sure that - * the section is large enough. - */ - fips_scn = scn; - if ((sdata = elf_getdata(scn, NULL)) == NULL) { - FAIL_EXIT; - } - if (sdata->d_size < SHA1_DIGEST_LENGTH) { - newbuf = malloc(SHA1_DIGEST_LENGTH); - sdata->d_size = SHA1_DIGEST_LENGTH; - sdata->d_buf = newbuf; - } - (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY); - (void) elf_flagscn(scn, ELF_C_SET, ELF_F_DIRTY); - (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY); - } - } - - /* If the fips section does not exist, allocate the section. */ - if (fips_scn == NULL) { - Elf64_Shdr *shdr; - - /* add the section name at the end of the .shstrtab section */ - old_size = shstrtab_data->d_size; - new_size = old_size + strlen(fips_section_name) + 1; - if ((newbuf = malloc(new_size)) == NULL) { - FAIL_EXIT; - } - - (void) memcpy(newbuf, shstrtab_data->d_buf, old_size); - (void) strlcpy(newbuf + old_size, fips_section_name, - new_size - old_size); - shstrtab_data->d_buf = newbuf; - shstrtab_data->d_size = new_size; - shstrtab_data->d_align = 1; - if ((fips_scn = elf_newscn(elf)) == 0) { - FAIL_EXIT; - } - - /* Initialize the fips section */ - if ((shdr = elf64_getshdr(fips_scn)) == NULL) { - FAIL_EXIT; - } - /* - * sh_name is the starting position of the name - * within the shstrtab_data->d_buf buffer - */ - shdr->sh_name = old_size; - shdr->sh_type = SHT_SUNW_SIGNATURE; - shdr->sh_flags = SHF_EXCLUDE; - shdr->sh_addr = 0; - shdr->sh_link = 0; - shdr->sh_info = 0; - shdr->sh_size = 0; - shdr->sh_offset = 0; - shdr->sh_addralign = 1; - - if ((sdata = elf_newdata(fips_scn)) == NULL) { - FAIL_EXIT; - } - if (sdata->d_size < SHA1_DIGEST_LENGTH) { - newbuf = malloc(SHA1_DIGEST_LENGTH); - sdata->d_size = SHA1_DIGEST_LENGTH; - sdata->d_buf = newbuf; - } - (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY); - (void) elf_flagscn(fips_scn, ELF_C_SET, ELF_F_DIRTY); - (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY); - } - (void) elf_update(elf, ELF_C_WRITE); - (void) elf_end(elf); - (void) close(fd); - - return (0); -} - -int -main(int argc, char **argv) -{ - Elf64_Ehdr ehdr; - Elf64_Ehdr *ehdrp; - Elf64_Shdr *section; - Elf *elf; - Elf_Scn *scn, *shstrtab_scn; - Elf_Data *shstrtab_data, *sdata; - int fd; - unsigned int size, i, cnt; - char sha1buf[SHA1_DIGEST_LENGTH]; - char *sname, *newbuf; - - if (argc != 2) { - (void) fprintf(stderr, "Usage: %s [filename]\n", argv[0]); - return (-1); - } - - /* Open the driver file */ - if ((fd = open(argv[1], O_RDWR)) == -1) { - goto errorexit; - } - - /* Read the ELF header */ - size = sizeof (ehdr); - if (fips_read_file(fd, (char *)(&ehdr), size, 0) < 0) { - goto errorexit; - } - - /* check if it is an ELF file */ - for (i = 0; i < SELFMAG; i++) { - if (ehdr.e_ident[i] != ELFMAG[i]) { - (void) fprintf(stderr, "%s not an elf file\n", argv[1]); - goto errorexit; - } - } - - if (add_fips_section(fd) < 0) { /* closes fd on success */ - goto errorexit; - } - - if ((fd = open(argv[1], O_RDWR)) == -1) { - FAIL_EXIT; - } - if (fips_read_file(fd, (char *)(&ehdr), size, 0) < 0) { - goto errorexit; - } - - /* calculate the file checksum */ - if (fips_calc_checksum(fd, &ehdr, sha1buf) < 0) { - goto errorexit; - } - - (void) elf_version(EV_CURRENT); - if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) { - goto errorexit; - } - - if ((ehdrp = elf64_getehdr(elf)) == NULL) { - goto errorexit; - } else if ((shstrtab_scn = elf_getscn(elf, ehdrp->e_shstrndx)) == - NULL) { - goto errorexit; - } else if ((shstrtab_data = elf_getdata(shstrtab_scn, NULL)) == NULL) { - goto errorexit; - } - - /* Add the checksum to the fips section */ - for (cnt = 1, scn = NULL; scn = elf_nextscn(elf, scn); cnt++) { - if ((section = elf64_getshdr(scn)) == NULL) { - goto errorexit; - } - - sname = (char *)shstrtab_data->d_buf + section->sh_name; - if (strcmp(sname, fips_section_name) == 0) { - if ((sdata = elf_getdata(scn, NULL)) == NULL) { - goto errorexit; - } - - newbuf = sdata->d_buf; - (void) memcpy(newbuf, sha1buf, SHA1_DIGEST_LENGTH); - (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY); - (void) elf_flagscn(scn, ELF_C_SET, ELF_F_DIRTY); - (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY); - } - } - (void) elf_update(elf, ELF_C_WRITE); - (void) elf_end(elf); - (void) close(fd); - - return (0); - - -errorexit: - - (void) close(fd); - - FAIL_EXIT; -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_aes_util.c --- a/usr/src/common/crypto/fips/fips_aes_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1361 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#define _AES_FIPS_POST -#include -#ifndef _KERNEL -#include -#include -#include -#include -#include -#include -#include "softCrypt.h" -#else -#define _AES_IMPL -#include -#endif - - -#ifdef _KERNEL -void * -aes_cbc_ctx_init(void *key_sched, size_t size, uint8_t *ivec) -{ - - cbc_ctx_t *cbc_ctx; - - if ((cbc_ctx = kmem_zalloc(sizeof (cbc_ctx_t), KM_SLEEP)) == NULL) - return (NULL); - - cbc_ctx->cbc_keysched = key_sched; - cbc_ctx->cbc_keysched_len = size; - - (void) memcpy(&cbc_ctx->cbc_iv[0], ivec, AES_BLOCK_LEN); - - cbc_ctx->cbc_lastp = (uint8_t *)cbc_ctx->cbc_iv; - cbc_ctx->cbc_flags |= CBC_MODE; - - return (cbc_ctx); -} - -/* - * Allocate and initialize a context for AES CTR mode of operation. - */ -void * -aes_ctr_ctx_init(void *key_sched, size_t size, uint8_t *param) -{ - - ctr_ctx_t *ctr_ctx; - CK_AES_CTR_PARAMS *pp; - - /* LINTED: pointer alignment */ - pp = (CK_AES_CTR_PARAMS *)param; - - if ((ctr_ctx = kmem_zalloc(sizeof (ctr_ctx_t), KM_SLEEP)) == NULL) - return (NULL); - - ctr_ctx->ctr_keysched = key_sched; - ctr_ctx->ctr_keysched_len = size; - - if (ctr_init_ctx(ctr_ctx, pp->ulCounterBits, pp->cb, - aes_copy_block) != CRYPTO_SUCCESS) { - kmem_free(ctr_ctx, sizeof (ctr_ctx_t)); - return (NULL); - } - ctr_ctx->ctr_flags |= CTR_MODE; - - return (ctr_ctx); -} - -/* - * Allocate and initialize a context for AES CCM mode of operation. - */ -void * -aes_ccm_ctx_init(void *key_sched, size_t size, uint8_t *param, - boolean_t is_encrypt_init) -{ - - ccm_ctx_t *ccm_ctx; - - if ((ccm_ctx = kmem_zalloc(sizeof (ccm_ctx_t), KM_SLEEP)) == NULL) - return (NULL); - - ccm_ctx->ccm_keysched = key_sched; - ccm_ctx->ccm_keysched_len = size; - - if (ccm_init_ctx(ccm_ctx, (char *)param, KM_SLEEP, - is_encrypt_init, AES_BLOCK_LEN, aes_encrypt_block, - aes_xor_block) != CRYPTO_SUCCESS) { - kmem_free(ccm_ctx, sizeof (ccm_ctx_t)); - return (NULL); - } - ccm_ctx->ccm_flags |= CCM_MODE; - - return (ccm_ctx); -} - -/* - * Allocate and initialize a context for AES CCM mode of operation. - */ -void * -aes_gcm_ctx_init(void *key_sched, size_t size, uint8_t *param) -{ - - gcm_ctx_t *gcm_ctx; - - if ((gcm_ctx = kmem_zalloc(sizeof (gcm_ctx_t), KM_SLEEP)) == NULL) - return (NULL); - - gcm_ctx->gcm_keysched = key_sched; - gcm_ctx->gcm_keysched_len = size; - - if (gcm_init_ctx(gcm_ctx, (char *)param, AES_BLOCK_LEN, - aes_encrypt_block, aes_copy_block, - aes_xor_block) != CRYPTO_SUCCESS) { - kmem_free(gcm_ctx, sizeof (gcm_ctx_t)); - return (NULL); - } - gcm_ctx->gcm_flags |= GCM_MODE; - - return (gcm_ctx); -} - -void * -aes_gmac_ctx_init(void *key_sched, size_t size, uint8_t *param) -{ - - gcm_ctx_t *gcm_ctx; - - if ((gcm_ctx = kmem_zalloc(sizeof (gcm_ctx_t), KM_SLEEP)) == NULL) - return (NULL); - - gcm_ctx->gcm_keysched = key_sched; - gcm_ctx->gcm_keysched_len = size; - - if (gmac_init_ctx(gcm_ctx, (char *)param, AES_BLOCK_LEN, - aes_encrypt_block, aes_copy_block, - aes_xor_block) != CRYPTO_SUCCESS) { - kmem_free(gcm_ctx, sizeof (gcm_ctx_t)); - return (NULL); - } - gcm_ctx->gcm_flags |= GMAC_MODE; - - return (gcm_ctx); -} -#endif - - -/* - * Allocate context for the active encryption or decryption operation, and - * generate AES key schedule to speed up the operation. - */ -soft_aes_ctx_t * -#ifdef _KERNEL -fips_aes_build_context(uint8_t *key, int key_len, uint8_t *iv, - aes_mech_type_t mechanism, boolean_t is_encrypt_init) -#else -fips_aes_build_context(uint8_t *key, int key_len, uint8_t *iv, - CK_MECHANISM_TYPE mechanism) -#endif -{ - size_t size; - soft_aes_ctx_t *soft_aes_ctx; - CK_AES_CTR_PARAMS pp; - -#ifdef _KERNEL - if ((soft_aes_ctx = kmem_zalloc(sizeof (soft_aes_ctx_t), - KM_SLEEP)) == NULL) -#else - if ((soft_aes_ctx = calloc(1, sizeof (soft_aes_ctx_t))) - == NULL) -#endif - return (NULL); - - - soft_aes_ctx->key_sched = aes_alloc_keysched(&size, 0); - - if (soft_aes_ctx->key_sched == NULL) { -#ifdef _KERNEL - kmem_free(soft_aes_ctx, sizeof (soft_aes_ctx_t)); -#else - free(soft_aes_ctx); -#endif - return (NULL); - } - - soft_aes_ctx->keysched_len = size; - -#ifdef __sparcv9 - aes_init_keysched(key, (uint_t)(key_len * 8), - soft_aes_ctx->key_sched); -#else /* !__sparcv9 */ - aes_init_keysched(key, (key_len * 8), - soft_aes_ctx->key_sched); -#endif /* __sparcv9 */ - - switch (mechanism) { - - case CKM_AES_CBC: - - /* Save Initialization Vector (IV) in the context. */ - (void) memcpy(soft_aes_ctx->ivec, iv, AES_BLOCK_LEN); - /* Allocate a context for AES cipher-block chaining. */ - soft_aes_ctx->aes_cbc = (void *)aes_cbc_ctx_init( - soft_aes_ctx->key_sched, - soft_aes_ctx->keysched_len, - soft_aes_ctx->ivec); - break; - - case CKM_AES_CTR: - - pp.ulCounterBits = 16; - (void) memcpy(pp.cb, iv, AES_BLOCK_LEN); - soft_aes_ctx->aes_cbc = aes_ctr_ctx_init( - soft_aes_ctx->key_sched, - soft_aes_ctx->keysched_len, - (uint8_t *)&pp); - break; - -#ifdef _KERNEL - case AES_CCM_MECH_INFO_TYPE: - soft_aes_ctx->aes_cbc = aes_ccm_ctx_init( - soft_aes_ctx->key_sched, - soft_aes_ctx->keysched_len, iv, - is_encrypt_init); - break; - - case AES_GCM_MECH_INFO_TYPE: - soft_aes_ctx->aes_cbc = aes_gcm_ctx_init( - soft_aes_ctx->key_sched, - soft_aes_ctx->keysched_len, iv); - break; - - case AES_GMAC_MECH_INFO_TYPE: - soft_aes_ctx->aes_cbc = aes_gmac_ctx_init( - soft_aes_ctx->key_sched, - soft_aes_ctx->keysched_len, iv); - break; -#endif - default: - return (soft_aes_ctx); - } - - if (soft_aes_ctx->aes_cbc == NULL) { - bzero(soft_aes_ctx->key_sched, - soft_aes_ctx->keysched_len); -#ifdef _KERNEL - kmem_free(soft_aes_ctx->key_sched, size); -#else - free(soft_aes_ctx->key_sched); -#endif - return (NULL); - } - - return (soft_aes_ctx); -} - -#ifdef _KERNEL -void -fips_aes_free_context(soft_aes_ctx_t *soft_aes_ctx) -{ - - common_ctx_t *aes_ctx; - - aes_ctx = (common_ctx_t *)soft_aes_ctx->aes_cbc; - - if (aes_ctx != NULL) { - bzero(aes_ctx->cc_keysched, aes_ctx->cc_keysched_len); - kmem_free(aes_ctx->cc_keysched, - aes_ctx->cc_keysched_len); - crypto_free_mode_ctx(aes_ctx); - } else { - /* ECB MODE */ - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - kmem_free(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - } - - kmem_free(soft_aes_ctx, sizeof (soft_aes_ctx_t)); - -} - -#else -void -fips_aes_free_context(soft_aes_ctx_t *soft_aes_ctx) -{ - - common_ctx_t *aes_ctx; - - aes_ctx = (common_ctx_t *)soft_aes_ctx->aes_cbc; - - if (aes_ctx != NULL) { - bzero(aes_ctx->cc_keysched, aes_ctx->cc_keysched_len); - free(aes_ctx->cc_keysched); - free(soft_aes_ctx->aes_cbc); - } else { - /* ECB MODE */ - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - } - - free(soft_aes_ctx); - -} -#endif - -/* - * fips_aes_encrypt() - * - * Arguments: - * soft_aes_ctx: pointer to AES context - * in_buf: pointer to the input data to be encrypted - * ulDataLen: length of the input data - * out_buf: pointer to the output data after encryption - * pulEncryptedLen: pointer to the length of the output data - * mechanism: CKM_AES_ECB or CKM_AES_CBC - * - * Description: - * This function calls the corresponding low-level encrypt - * routine based on the mechanism. - * - */ -#ifdef _KERNEL -int -fips_aes_encrypt(soft_aes_ctx_t *soft_aes_ctx, uchar_t *in_buf, - ulong_t ulDataLen, uchar_t *out_buf, - ulong_t *pulEncryptedLen, aes_mech_type_t mechanism) -#else -CK_RV -fips_aes_encrypt(soft_aes_ctx_t *soft_aes_ctx, CK_BYTE_PTR in_buf, - CK_ULONG ulDataLen, CK_BYTE_PTR out_buf, - CK_ULONG_PTR pulEncryptedLen, CK_MECHANISM_TYPE mechanism) -#endif -{ - - int rc = 0; - CK_RV rv = CKR_OK; - ulong_t out_len; - - /* - * AES only takes input length that is a multiple of 16-byte - */ - if ((ulDataLen % AES_BLOCK_LEN) != 0) - return (CKR_DATA_LEN_RANGE); - - /* - * For non-padding mode, the output length will - * be same as the input length. - */ - out_len = ulDataLen; - - /* - * Begin Encryption now. - */ - switch (mechanism) { - - case CKM_AES_ECB: - { - - ulong_t i; - uint8_t *tmp_inbuf; - uint8_t *tmp_outbuf; - - for (i = 0; i < out_len; i += AES_BLOCK_LEN) { - tmp_inbuf = &in_buf[i]; - tmp_outbuf = &out_buf[i]; - /* Crunch one block of data for AES. */ - (void) aes_encrypt_block(soft_aes_ctx->key_sched, - tmp_inbuf, tmp_outbuf); - } - - *pulEncryptedLen = out_len; - - break; - } - - case CKM_AES_CBC: - { - crypto_data_t out; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = out_len; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = out_len; - - /* Encrypt multiple blocks of data. */ - rc = aes_encrypt_contiguous_blocks( - (aes_ctx_t *)soft_aes_ctx->aes_cbc, - (char *)in_buf, out_len, &out); - - if (rc != 0) - goto encrypt_failed; - - if (rc == 0) { - *pulEncryptedLen = out_len; - break; - } -encrypt_failed: - *pulEncryptedLen = 0; - return (CKR_DEVICE_ERROR); - } - - case CKM_AES_CTR: - { - crypto_data_t out; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = out_len; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = out_len; - - rc = aes_encrypt_contiguous_blocks(soft_aes_ctx->aes_cbc, - (char *)in_buf, out_len, &out); - - if (rc != 0) { - *pulEncryptedLen = 0; - return (CKR_DEVICE_ERROR); - } - /* - * Since AES counter mode is a stream cipher, we call - * aes_counter_final() to pick up any remaining bytes. - * It is an internal function that does not destroy - * the context like *normal* final routines. - */ - if (((aes_ctx_t *)soft_aes_ctx->aes_cbc)->ac_remainder_len - > 0) { - rc = ctr_mode_final(soft_aes_ctx->aes_cbc, &out, - aes_encrypt_block); - if (rc != 0) { - *pulEncryptedLen = 0; - return (CKR_DEVICE_ERROR); - } - } - - *pulEncryptedLen = out_len; - break; - } - -#ifdef _KERNEL - case AES_CCM_MECH_INFO_TYPE: - { - crypto_data_t out; - size_t saved_length, length_needed; - aes_ctx_t *aes_ctx = soft_aes_ctx->aes_cbc; - ccm_ctx_t *ccm_ctx = soft_aes_ctx->aes_cbc; - - length_needed = ulDataLen + aes_ctx->ac_mac_len; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = length_needed; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = length_needed; - - saved_length = out.cd_length; - - rc = aes_encrypt_contiguous_blocks(aes_ctx, - (char *)in_buf, ulDataLen, &out); - - if (rc != 0) { - *pulEncryptedLen = 0; - return (rc); - } - - /* - * ccm_encrypt_final() will compute the MAC and append - * it to existing ciphertext. So, need to adjust the left over - * length value accordingly - */ - - /* order of following 2 lines MUST not be reversed */ - out.cd_offset = ccm_ctx->ccm_processed_data_len; - out.cd_length = saved_length - ccm_ctx->ccm_processed_data_len; - - rc = ccm_encrypt_final((ccm_ctx_t *)aes_ctx, &out, - AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block); - - if (rc != CRYPTO_SUCCESS) { - *pulEncryptedLen = 0; - return (rc); - } - - *pulEncryptedLen = length_needed; - break; - } - - case AES_GCM_MECH_INFO_TYPE: - { - crypto_data_t out; - size_t saved_length, length_needed; - aes_ctx_t *aes_ctx = soft_aes_ctx->aes_cbc; - gcm_ctx_t *gcm_ctx = soft_aes_ctx->aes_cbc; - - /* - * Output: - * A ciphertext, denoted C, whose bit length is the same as - * that of the plaintext. - * An authentication tag, or tag, for short, denoted T. - */ - - length_needed = ulDataLen + aes_ctx->ac_tag_len; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = length_needed; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = length_needed; - - saved_length = out.cd_length; - - rc = aes_encrypt_contiguous_blocks(aes_ctx, - (char *)in_buf, ulDataLen, &out); - - if (rc != 0) { - *pulEncryptedLen = 0; - return (rc); - } - - /* - * ccm_encrypt_final() will compute the MAC and append - * it to existing ciphertext. So, need to adjust the left over - * length value accordingly - */ - - /* order of following 2 lines MUST not be reversed */ - out.cd_offset = gcm_ctx->gcm_processed_data_len; - out.cd_length = saved_length - gcm_ctx->gcm_processed_data_len; - - rc = gcm_encrypt_final((gcm_ctx_t *)aes_ctx, &out, - AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, - aes_xor_block); - - if (rc != CRYPTO_SUCCESS) { - *pulEncryptedLen = 0; - return (rc); - } - - *pulEncryptedLen = length_needed; - break; - } - - case AES_GMAC_MECH_INFO_TYPE: - { - crypto_data_t out; - size_t length_needed; - aes_ctx_t *aes_ctx = soft_aes_ctx->aes_cbc; - - length_needed = aes_ctx->ac_tag_len; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = length_needed; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = length_needed; - - rc = gcm_encrypt_final((gcm_ctx_t *)aes_ctx, &out, - AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, - aes_xor_block); - - if (rc != CRYPTO_SUCCESS) { - *pulEncryptedLen = 0; - return (rc); - } - - *pulEncryptedLen = length_needed; - break; - } -#endif /* _KERNEL */ - } /* end switch */ - - return (rv); -} - -/* - * fips_aes_decrypt() - * - * Arguments: - * soft_aes_ctx: pointer to AES context - * in_buf: pointer to the input data to be decrypted - * ulEncryptedLen: length of the input data - * out_buf: pointer to the output data - * pulDataLen: pointer to the length of the output data - * mechanism: CKM_AES_ECB or CKM_AES_CBC - * - * Description: - * This function calls the corresponding low-level decrypt - * function based on the mechanism. - * - */ -#ifdef _KERNEL -int -fips_aes_decrypt(soft_aes_ctx_t *soft_aes_ctx, uchar_t *in_buf, - ulong_t ulEncryptedLen, uchar_t *out_buf, - ulong_t *pulDataLen, aes_mech_type_t mechanism) -#else -CK_RV -fips_aes_decrypt(soft_aes_ctx_t *soft_aes_ctx, CK_BYTE_PTR in_buf, - CK_ULONG ulEncryptedLen, CK_BYTE_PTR out_buf, - CK_ULONG_PTR pulDataLen, CK_MECHANISM_TYPE mechanism) -#endif -{ - - int rc = 0; - CK_RV rv = CKR_OK; - ulong_t out_len; - - /* - * AES only takes input length that is a multiple of 16 bytes - */ - if ((ulEncryptedLen % AES_BLOCK_LEN) != 0) - return (CKR_ENCRYPTED_DATA_LEN_RANGE); - - /* - * For non-padding mode, the output length will - * be same as the input length. - */ - out_len = ulEncryptedLen; - - /* - * Begin Decryption. - */ - switch (mechanism) { - - case CKM_AES_ECB: - { - - ulong_t i; - uint8_t *tmp_inbuf; - uint8_t *tmp_outbuf; - - for (i = 0; i < out_len; i += AES_BLOCK_LEN) { - tmp_inbuf = &in_buf[i]; - tmp_outbuf = &out_buf[i]; - /* Crunch one block of data for AES. */ - (void) aes_decrypt_block(soft_aes_ctx->key_sched, - tmp_inbuf, tmp_outbuf); - } - - *pulDataLen = out_len; - - break; - } - - case CKM_AES_CBC: - { - crypto_data_t out; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = out_len; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = out_len; - - /* Decrypt multiple blocks of data. */ - rc = aes_decrypt_contiguous_blocks( - (aes_ctx_t *)soft_aes_ctx->aes_cbc, - (char *)in_buf, out_len, &out); - - if (rc != 0) - goto decrypt_failed; - - - *pulDataLen = out_len; - - if (rc == 0) - break; -decrypt_failed: - *pulDataLen = 0; - return (CKR_DEVICE_ERROR); - } - - case CKM_AES_CTR: - { - crypto_data_t out; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = *pulDataLen; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = *pulDataLen; - - rc = aes_decrypt_contiguous_blocks(soft_aes_ctx->aes_cbc, - (char *)in_buf, out_len, &out); - - if (rc != 0) { - *pulDataLen = 0; - return (CKR_DEVICE_ERROR); - } - - /* - * Since AES counter mode is a stream cipher, we call - * aes_counter_final() to pick up any remaining bytes. - * It is an internal function that does not destroy - * the context like *normal* final routines. - */ - if (((aes_ctx_t *)soft_aes_ctx->aes_cbc)->ac_remainder_len - > 0) { - rc = ctr_mode_final(soft_aes_ctx->aes_cbc, &out, - aes_encrypt_block); - - if (rc == CKR_DATA_LEN_RANGE) - return (CKR_ENCRYPTED_DATA_LEN_RANGE); - } - - *pulDataLen = out_len; - break; - } - -#ifdef _KERNEL - case AES_CCM_MECH_INFO_TYPE: - { - crypto_data_t out; - size_t length_needed; - aes_ctx_t *aes_ctx = soft_aes_ctx->aes_cbc; - ccm_ctx_t *ccm_ctx = soft_aes_ctx->aes_cbc; - - length_needed = ulEncryptedLen + ccm_ctx->ccm_mac_len; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = ulEncryptedLen; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = ulEncryptedLen; - - rc = aes_decrypt_contiguous_blocks(aes_ctx, - (char *)in_buf, length_needed, &out); - - if (rc != 0) { - *pulDataLen = 0; - return (CRYPTO_FAILED); - } - - /* order of following 2 lines MUST not be reversed */ - out.cd_offset = 0; - out.cd_length = ulEncryptedLen; - - rc = ccm_decrypt_final((ccm_ctx_t *)aes_ctx, &out, - AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, - aes_xor_block); - - if (rc != CRYPTO_SUCCESS) { - *pulDataLen = 0; - return (CRYPTO_FAILED); - } - - *pulDataLen = ulEncryptedLen; - - break; - } - - case AES_GCM_MECH_INFO_TYPE: - { - crypto_data_t out; - size_t length_needed; - aes_ctx_t *aes_ctx = soft_aes_ctx->aes_cbc; - - length_needed = ulEncryptedLen + aes_ctx->ac_tag_len; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = ulEncryptedLen; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = ulEncryptedLen; - - rc = aes_decrypt_contiguous_blocks(aes_ctx, - (char *)in_buf, length_needed, &out); - - if (rc != 0) { - *pulDataLen = 0; - return (CRYPTO_FAILED); - } - - /* order of following 2 lines MUST not be reversed */ - out.cd_offset = 0; - out.cd_length = aes_ctx->ac_tag_len; - - rc = gcm_decrypt_final((gcm_ctx_t *)aes_ctx, &out, - AES_BLOCK_LEN, aes_encrypt_block, - aes_xor_block); - - if (rc != CRYPTO_SUCCESS) { - *pulDataLen = 0; - return (CRYPTO_FAILED); - } - - *pulDataLen = ulEncryptedLen; - - break; - } - - case AES_GMAC_MECH_INFO_TYPE: - { - crypto_data_t out; - size_t length_needed; - aes_ctx_t *aes_ctx = soft_aes_ctx->aes_cbc; - - length_needed = aes_ctx->ac_tag_len; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = 0; - out.cd_raw.iov_base = (char *)NULL; - out.cd_raw.iov_len = 0; - - rc = aes_decrypt_contiguous_blocks(aes_ctx, - (char *)in_buf, length_needed, &out); - - if (rc != 0) { - *pulDataLen = 0; - return (CRYPTO_FAILED); - } - - /* order of following 2 lines MUST not be reversed */ - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = 0; - out.cd_raw.iov_base = (char *)NULL; - out.cd_raw.iov_len = 0; - - rc = gcm_decrypt_final((gcm_ctx_t *)aes_ctx, &out, - AES_BLOCK_LEN, aes_encrypt_block, - aes_xor_block); - - if (rc != CRYPTO_SUCCESS) { - *pulDataLen = 0; - return (CRYPTO_FAILED); - } - - *pulDataLen = 0; - - break; - } -#endif - } /* end switch */ - - return (rv); -} - -/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes */ -int -fips_aes_post(int aes_key_size) -{ - uint8_t *aes_ecb_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ecb128_known_ciphertext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ecb192_known_ciphertext : - aes_ecb256_known_ciphertext; - - uint8_t *aes_cbc_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_cbc128_known_ciphertext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_cbc192_known_ciphertext : - aes_cbc256_known_ciphertext; - - uint8_t *aes_ctr_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ctr128_known_ciphertext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ctr192_known_ciphertext : - aes_ctr256_known_ciphertext; - - uint8_t *aes_ctr_known_key = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ctr128_known_key : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ctr192_known_key : - aes_ctr256_known_key; - -#ifdef _KERNEL - uint8_t *aes_ccm_known_plaintext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ccm128_known_plaintext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ccm192_known_plaintext : - aes_ccm256_known_plaintext; - - uint8_t *aes_ccm_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ccm128_known_ciphertext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ccm192_known_ciphertext : - aes_ccm256_known_ciphertext; - - uint8_t *aes_ccm_known_key = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ccm128_known_key : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ccm192_known_key : - aes_ccm256_known_key; - - uint8_t *aes_ccm_known_adata = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ccm128_known_adata : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ccm192_known_adata : - aes_ccm256_known_adata; - - uint8_t *aes_ccm_known_nonce = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_ccm128_known_nonce : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_ccm192_known_nonce : - aes_ccm256_known_nonce; - - uint8_t *aes_gcm_known_key = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gcm128_known_key : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gcm192_known_key : - aes_gcm256_known_key; - - uint8_t *aes_gcm_known_iv = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gcm128_known_iv : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gcm192_known_iv : - aes_gcm256_known_iv; - - uint8_t *aes_gcm_known_plaintext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gcm128_known_plaintext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gcm192_known_plaintext : - aes_gcm256_known_plaintext; - - uint8_t *aes_gcm_known_ciphertext = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gcm128_known_ciphertext : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gcm192_known_ciphertext : - aes_gcm256_known_ciphertext; - - uint8_t *aes_gcm_known_adata = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gcm128_known_adata : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gcm192_known_adata : - aes_gcm256_known_adata; - - uint8_t *aes_gmac_known_key = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gmac128_known_key : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gmac192_known_key : - aes_gmac256_known_key; - - uint8_t *aes_gmac_known_iv = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gmac128_known_iv : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gmac192_known_iv : - aes_gmac256_known_iv; - - uint8_t *aes_gmac_known_tag = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gmac128_known_tag : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gmac192_known_tag : - aes_gmac256_known_tag; - - uint8_t *aes_gmac_known_adata = - (aes_key_size == FIPS_AES_128_KEY_SIZE) ? - aes_gmac128_known_adata : - (aes_key_size == FIPS_AES_192_KEY_SIZE) ? - aes_gmac192_known_adata : - aes_gmac256_known_adata; - - /* AES variables. */ - uint8_t aes_ccm_computed_ciphertext[3*FIPS_AES_ENCRYPT_LENGTH]; - uint8_t aes_ccm_computed_plaintext[2*FIPS_AES_DECRYPT_LENGTH]; - uint8_t aes_gcm_computed_ciphertext[2*FIPS_AES_ENCRYPT_LENGTH]; - uint8_t aes_gcm_computed_plaintext[FIPS_AES_DECRYPT_LENGTH]; - uint8_t aes_gmac_computed_tag[FIPS_AES_ENCRYPT_LENGTH]; - CK_AES_CCM_PARAMS ccm_param; - CK_AES_GCM_PARAMS gcm_param; - CK_AES_GMAC_PARAMS gmac_param; -#endif - - uint8_t aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH]; - uint8_t aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH]; - soft_aes_ctx_t *aes_context; - ulong_t aes_bytes_encrypted; - ulong_t aes_bytes_decrypted; - int rv; - - /* check if aes_key_size is 128, 192, or 256 bits */ - if ((aes_key_size != FIPS_AES_128_KEY_SIZE) && - (aes_key_size != FIPS_AES_192_KEY_SIZE) && - (aes_key_size != FIPS_AES_256_KEY_SIZE)) - return (CKR_DEVICE_ERROR); - - /* - * AES-ECB Known Answer Encryption Test - */ -#ifdef _KERNEL - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, NULL, AES_ECB_MECH_INFO_TYPE, B_FALSE); -#else - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, NULL, CKM_AES_ECB); -#endif - - if (aes_context == NULL) { - return (CKR_HOST_MEMORY); - } - - rv = fips_aes_encrypt(aes_context, aes_known_plaintext, - FIPS_AES_ENCRYPT_LENGTH, aes_computed_ciphertext, - &aes_bytes_encrypted, CKM_AES_ECB); - - fips_aes_free_context(aes_context); - - if ((rv != CKR_OK) || - (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) || - (memcmp(aes_computed_ciphertext, aes_ecb_known_ciphertext, - FIPS_AES_ENCRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * AES-ECB Known Answer Decryption Test - */ -#ifdef _KERNEL - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, NULL, AES_ECB_MECH_INFO_TYPE, B_FALSE); -#else - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, NULL, CKM_AES_ECB); -#endif - - if (aes_context == NULL) { - return (CKR_HOST_MEMORY); - } - - rv = fips_aes_decrypt(aes_context, aes_ecb_known_ciphertext, - FIPS_AES_DECRYPT_LENGTH, aes_computed_plaintext, - &aes_bytes_decrypted, CKM_AES_ECB); - - fips_aes_free_context(aes_context); - - if ((rv != CKR_OK) || - (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) || - (memcmp(aes_computed_plaintext, aes_known_plaintext, - FIPS_AES_DECRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * AES-CBC Known Answer Encryption Test - */ -#ifdef _KERNEL - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, aes_cbc_known_initialization_vector, - AES_CBC_MECH_INFO_TYPE, B_FALSE); -#else - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, aes_cbc_known_initialization_vector, - CKM_AES_CBC); -#endif - - if (aes_context == NULL) { - return (CKR_HOST_MEMORY); - } - - rv = fips_aes_encrypt(aes_context, aes_known_plaintext, - FIPS_AES_ENCRYPT_LENGTH, aes_computed_ciphertext, - &aes_bytes_encrypted, CKM_AES_CBC); - - fips_aes_free_context(aes_context); - - if ((rv != CKR_OK) || - (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) || - (memcmp(aes_computed_ciphertext, aes_cbc_known_ciphertext, - FIPS_AES_ENCRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * AES-CBC Known Answer Decryption Test - */ -#ifdef _KERNEL - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, aes_cbc_known_initialization_vector, - AES_CBC_MECH_INFO_TYPE, B_FALSE); -#else - aes_context = fips_aes_build_context(aes_known_key, - aes_key_size, aes_cbc_known_initialization_vector, - CKM_AES_CBC); -#endif - - if (aes_context == NULL) - return (CRYPTO_HOST_MEMORY); - - rv = fips_aes_decrypt(aes_context, aes_cbc_known_ciphertext, - FIPS_AES_DECRYPT_LENGTH, aes_computed_plaintext, - &aes_bytes_decrypted, CKM_AES_CBC); - - fips_aes_free_context(aes_context); - - if ((rv != CKR_OK) || - (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) || - (memcmp(aes_computed_plaintext, aes_known_plaintext, - FIPS_AES_DECRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * AES-CTR Known Answer Encryption Test - */ -#ifdef _KERNEL - aes_context = fips_aes_build_context(aes_ctr_known_key, - aes_key_size, aes_ctr_known_counter, - AES_CTR_MECH_INFO_TYPE, B_FALSE); -#else - aes_context = fips_aes_build_context(aes_ctr_known_key, - aes_key_size, aes_ctr_known_counter, CKM_AES_CTR); -#endif - - if (aes_context == NULL) { - return (CKR_HOST_MEMORY); - } - - rv = fips_aes_encrypt(aes_context, aes_ctr_known_plaintext, - FIPS_AES_ENCRYPT_LENGTH, aes_computed_ciphertext, - &aes_bytes_encrypted, CKM_AES_CTR); - - fips_aes_free_context(aes_context); - - if ((rv != CKR_OK) || - (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) || - (memcmp(aes_computed_ciphertext, aes_ctr_known_ciphertext, - FIPS_AES_ENCRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * AES-CTR Known Answer Decryption Test - */ -#ifdef _KERNEL - aes_context = fips_aes_build_context(aes_ctr_known_key, - aes_key_size, aes_ctr_known_counter, - AES_CTR_MECH_INFO_TYPE, B_FALSE); -#else - aes_context = fips_aes_build_context(aes_ctr_known_key, - aes_key_size, aes_ctr_known_counter, - CKM_AES_CTR); -#endif - if (aes_context == NULL) { - return (CKR_HOST_MEMORY); - } - - rv = fips_aes_decrypt(aes_context, aes_ctr_known_ciphertext, - FIPS_AES_DECRYPT_LENGTH, aes_computed_plaintext, - &aes_bytes_decrypted, CKM_AES_CTR); - - fips_aes_free_context(aes_context); - - if ((rv != CKR_OK) || - (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) || - (memcmp(aes_computed_plaintext, aes_ctr_known_plaintext, - FIPS_AES_DECRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * The following POSTs are only available in Kernel - * - * CCM, GCM, and GMAC - */ -#ifdef _KERNEL - - /* - * AES-CCM Known Answer Encryption Test - */ - ccm_param.ulMACSize = 16; /* Tlen */ - ccm_param.ulNonceSize = 7; /* Nlen */ - ccm_param.ulAuthDataSize = 30; /* Alen */ - ccm_param.ulDataSize = 32; /* Plen or Clen */ - ccm_param.nonce = aes_ccm_known_nonce; - ccm_param.authData = aes_ccm_known_adata; - - aes_context = fips_aes_build_context(aes_ccm_known_key, - aes_key_size, (uint8_t *)&ccm_param, - AES_CCM_MECH_INFO_TYPE, B_TRUE); - - if (aes_context == NULL) { - return (CRYPTO_HOST_MEMORY); - } - - rv = fips_aes_encrypt(aes_context, aes_ccm_known_plaintext, - 2*FIPS_AES_ENCRYPT_LENGTH, aes_ccm_computed_ciphertext, - &aes_bytes_encrypted, AES_CCM_MECH_INFO_TYPE); - - fips_aes_free_context(aes_context); - - if ((rv != CRYPTO_SUCCESS) || - (aes_bytes_encrypted != 3*FIPS_AES_ENCRYPT_LENGTH) || - (memcmp(aes_ccm_computed_ciphertext, aes_ccm_known_ciphertext, - 3*FIPS_AES_ENCRYPT_LENGTH) != 0)) - return (CRYPTO_DEVICE_ERROR); - - /* - * AES-CCM Known Answer Decryption Test - */ - ccm_param.ulMACSize = 16; /* Tlen */ - ccm_param.ulNonceSize = 7; /* Nlen */ - ccm_param.ulAuthDataSize = 30; /* Alen */ - ccm_param.ulDataSize = 48; /* Plen or Clen */ - ccm_param.nonce = aes_ccm_known_nonce; - ccm_param.authData = aes_ccm_known_adata; - - aes_context = fips_aes_build_context(aes_ccm_known_key, - aes_key_size, (uint8_t *)&ccm_param, - AES_CCM_MECH_INFO_TYPE, B_FALSE); - - if (aes_context == NULL) { - return (CRYPTO_HOST_MEMORY); - } - - rv = fips_aes_decrypt(aes_context, aes_ccm_known_ciphertext, - 2*FIPS_AES_DECRYPT_LENGTH, aes_ccm_computed_plaintext, - &aes_bytes_decrypted, AES_CCM_MECH_INFO_TYPE); - - fips_aes_free_context(aes_context); - - if ((rv != CRYPTO_SUCCESS) || - (aes_bytes_decrypted != 2*FIPS_AES_DECRYPT_LENGTH) || - (memcmp(aes_ccm_computed_plaintext, aes_ccm_known_plaintext, - 2*FIPS_AES_DECRYPT_LENGTH) != 0)) - return (CRYPTO_DEVICE_ERROR); - - /* - * AES-GCM Known Answer Encryption Test - */ - gcm_param.pIv = aes_gcm_known_iv; - gcm_param.ulIvLen = AES_GMAC_IV_LEN; /* IVlen = 96 bits */ - gcm_param.ulTagBits = AES_GMAC_TAG_BITS; /* Taglen = 128 bits */ - gcm_param.ulAADLen = 16; - gcm_param.pAAD = aes_gcm_known_adata; - - aes_context = fips_aes_build_context(aes_gcm_known_key, - aes_key_size, (uint8_t *)&gcm_param, - AES_GCM_MECH_INFO_TYPE, B_TRUE); - - if (aes_context == NULL) { - return (CRYPTO_HOST_MEMORY); - } - - rv = fips_aes_encrypt(aes_context, aes_gcm_known_plaintext, - FIPS_AES_ENCRYPT_LENGTH, aes_gcm_computed_ciphertext, - &aes_bytes_encrypted, AES_GCM_MECH_INFO_TYPE); - - fips_aes_free_context(aes_context); - - if ((rv != CRYPTO_SUCCESS) || - (aes_bytes_encrypted != 2*FIPS_AES_ENCRYPT_LENGTH) || - (memcmp(aes_gcm_computed_ciphertext, aes_gcm_known_ciphertext, - 2*FIPS_AES_ENCRYPT_LENGTH) != 0)) - return (CRYPTO_DEVICE_ERROR); - - /* - * AES-GCM Known Answer Decryption Test - */ - aes_context = fips_aes_build_context(aes_gcm_known_key, - aes_key_size, (uint8_t *)&gcm_param, - AES_GCM_MECH_INFO_TYPE, B_FALSE); - - if (aes_context == NULL) { - return (CRYPTO_HOST_MEMORY); - } - - rv = fips_aes_decrypt(aes_context, aes_gcm_known_ciphertext, - FIPS_AES_DECRYPT_LENGTH, aes_gcm_computed_plaintext, - &aes_bytes_decrypted, AES_GCM_MECH_INFO_TYPE); - - fips_aes_free_context(aes_context); - - if ((rv != CRYPTO_SUCCESS) || - (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) || - (memcmp(aes_gcm_computed_plaintext, aes_gcm_known_plaintext, - FIPS_AES_DECRYPT_LENGTH) != 0)) - return (CRYPTO_DEVICE_ERROR); - - /* - * AES-GMAC Known Answer Encryption Test - */ - gmac_param.pIv = aes_gmac_known_iv; - gmac_param.ulAADLen = 16; - gmac_param.pAAD = aes_gmac_known_adata; - - aes_context = fips_aes_build_context(aes_gmac_known_key, - aes_key_size, (uint8_t *)&gmac_param, - AES_GMAC_MECH_INFO_TYPE, B_TRUE); - - if (aes_context == NULL) { - return (CRYPTO_HOST_MEMORY); - } - - rv = fips_aes_encrypt(aes_context, NULL, - 0, aes_gmac_computed_tag, - &aes_bytes_encrypted, AES_GMAC_MECH_INFO_TYPE); - - fips_aes_free_context(aes_context); - - if ((rv != CRYPTO_SUCCESS) || - (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) || - (memcmp(aes_gmac_computed_tag, aes_gmac_known_tag, - FIPS_AES_ENCRYPT_LENGTH) != 0)) - return (CRYPTO_DEVICE_ERROR); - - /* - * AES-GMAC Known Answer Decryption Test - */ - - aes_context = fips_aes_build_context(aes_gmac_known_key, - aes_key_size, (uint8_t *)&gmac_param, - AES_GMAC_MECH_INFO_TYPE, B_FALSE); - - if (aes_context == NULL) { - return (CRYPTO_HOST_MEMORY); - } - - rv = fips_aes_decrypt(aes_context, aes_gmac_known_tag, - FIPS_AES_DECRYPT_LENGTH, NULL, - &aes_bytes_decrypted, AES_GMAC_MECH_INFO_TYPE); - - fips_aes_free_context(aes_context); - - if ((rv != CRYPTO_SUCCESS) || - (aes_bytes_decrypted != 0)) - return (CRYPTO_DEVICE_ERROR); - -#endif /* _KERNEL */ - - return (CRYPTO_SUCCESS); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_checksum.c --- a/usr/src/common/crypto/fips/fips_checksum.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,346 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - - -#include - - -#ifdef _KERNEL -#define FIPS_ALLOC(size) kmem_alloc(size, KM_SLEEP) -#define FIPS_FREE(buf, size) kmem_free(buf, size) -#define FIPS_READ_FILE kobj_read_file -#define ERRLOG0(str) cmn_err(CE_NOTE, str) -#define ERRLOG1(fmt, arg) cmn_err(CE_NOTE, fmt, arg) -#include - -struct _buf *kobj_open_file(char *name); -int kobj_read_file(struct _buf *file, char *buf, uint_t size, uint_t off); -#else - -#define FIPS_ALLOC(size) malloc(size) -#define FIPS_FREE(buf, size) free(buf) -#define FIPS_READ_FILE fips_read_file -#define ERRLOG0(str) (void) printf(str) -#define ERRLOG1(fmt, arg) (void) printf(fmt, arg) -#endif - -#define NUM_SECTIONS (sizeof (checked_sec_names) / sizeof (char *)) - -static char *checked_sec_names[] = { - ".strtab", - ".dynamic", - ".compcom", - ".comment", - ".dynstr", - ".shstrtab", - ".rela.text", - ".rela.data", - ".text", - ".rodata", - ".rodata1", - ".data", - ".symtab", - ".SUNW_ctf", - ".bss" -}; - - -static int -#ifdef _KERNEL -process_section(SHA1_CTX *shactx, Elf64_Shdr *section, struct _buf *file, - char *shstrtab) -#else -process_section(SHA1_CTX *shactx, Elf64_Shdr *section, int file, - char *shstrtab) -#endif -{ - size_t size, offs; - char *name; - int doit = 0; - char *buf; - int i; - - size = section->sh_size; - offs = section->sh_offset; - name = shstrtab + section->sh_name; - for (i = 0; i < NUM_SECTIONS; i++) { - if (strncmp(name, checked_sec_names[i], - strlen(checked_sec_names[i]) + 1) == 0) { - doit++; - break; - } - } - - if (!doit) { - return (0); - } - - /* hash the size of .bss section */ - if (strcmp(name, ".bss") == 0) { - char szstr[32]; - (void) snprintf(szstr, sizeof (szstr), "%ld", size); - SHA1Update(shactx, szstr, strlen(szstr)); - return (0); - } - - - /* hash the contents of the section */ - if ((buf = FIPS_ALLOC(size)) == NULL) { - ERRLOG1("Not enough memory for section %s\n", name); - return (-1); - } - - if (FIPS_READ_FILE(file, buf, size, offs) < 0) { - FIPS_FREE(buf, size); - return (-2); - } - - SHA1Update(shactx, buf, size); - - FIPS_FREE(buf, size); - - return (0); -} - -int -#ifdef _KERNEL -fips_calc_checksum(struct _buf *file, Elf64_Ehdr *ehdr, char *sha1buf) -#else -fips_calc_checksum(int file, Elf64_Ehdr *ehdr, char *sha1buf) -#endif -{ - unsigned int size, numsec; - Elf64_Shdr *shdrs; - Elf64_Shdr *section; - SHA1_CTX sha1ctx; - char *shstrtab; - int i; - - numsec = ehdr->e_shnum; - size = ehdr->e_shentsize * numsec; - if ((shdrs = (Elf64_Shdr *)FIPS_ALLOC(size)) == NULL) { - ERRLOG0("Not enough memory for shdrs\n"); - return (FAILURE); - } - if (FIPS_READ_FILE(file, (char *)shdrs, size, ehdr->e_shoff) < 0) { - return (FAILURE); - } - - /* Obtain the .shstrtab data buffer */ - section = &(shdrs[ehdr->e_shstrndx]); - size = section->sh_size; - if ((shstrtab = (char *)FIPS_ALLOC(size)) == NULL) { - ERRLOG0("Not enough memory for shstrtab\n"); - return (FAILURE); - } - if (FIPS_READ_FILE(file, shstrtab, size, section->sh_offset) < 0) { - return (FAILURE); - } - - SHA1Init(&sha1ctx); - for (i = 0; i < numsec; i++) { - if (process_section(&sha1ctx, &(shdrs[i]), - file, shstrtab) < 0) { - return (FAILURE); - } - } - SHA1Final(sha1buf, &sha1ctx); - - return (0); -} - - -#ifndef _KERNEL - -int -fips_read_file(int fd, char *buf, int size, int offs) -{ - int i; - - if (lseek(fd, offs, SEEK_SET) == (off_t)(-1)) { - (void) fprintf(stderr, - "lseek returned an error for file %d\n", fd); - return (-1); - } - while ((i = read(fd, buf, size)) >= 0) { - if (size == i) { - break; - } else { - size -= i; - buf += i; - } - } - if (i < 0) { - (void) fprintf(stderr, "read failed for file %d\n", fd); - return (-2); - } - - return (0); -} - -#else - -static int -get_fips_section(Elf64_Ehdr *ehdr, struct _buf *file, char *expected_checksum) -{ - unsigned int shdrssz, shstrtabsz, numsec; - Elf64_Shdr *shdrs = NULL; - Elf64_Shdr *section; - char *shstrtab = NULL; - char *name; - int rv = FAILURE; - int i; - - numsec = ehdr->e_shnum; - shdrssz = ehdr->e_shentsize * numsec; - if ((shdrs = (Elf64_Shdr *)FIPS_ALLOC(shdrssz)) == NULL) { - ERRLOG0("Not enough memory for shdrs\n"); - return (FAILURE); - } - if (FIPS_READ_FILE(file, (char *)shdrs, shdrssz, ehdr->e_shoff) < 0) { - goto exit; - } - - /* Obtain the .shstrtab data buffer */ - section = &(shdrs[ehdr->e_shstrndx]); - shstrtabsz = section->sh_size; - if ((shstrtab = (char *)FIPS_ALLOC(shstrtabsz)) == NULL) { - ERRLOG0("Not enough memory for shstrtab\n"); - goto exit; - } - if (FIPS_READ_FILE(file, shstrtab, shstrtabsz, - section->sh_offset) < 0) { - goto exit; - } - - for (i = 0; i < numsec; i++) { - section = &shdrs[i]; - name = shstrtab + section->sh_name; - /* Get the checksum stored in the .SUNW_fips section */ - if (strcmp(name, ".SUNW_fips") == 0) { - if (section->sh_size != SHA1_DIGEST_LENGTH) { - goto exit; - } - if (FIPS_READ_FILE(file, expected_checksum, - section->sh_size, section->sh_offset) < 0) { - goto exit; - } - rv = 0; - goto exit; - } - } - - -exit: - if (shdrs != NULL) { - FIPS_FREE(shdrs, shdrssz); - } - if (shstrtab != NULL) { - FIPS_FREE(shstrtab, shstrtabsz); - } - - return (rv); -} - - -int -fips_check_module(char *modname, void *_initaddr) -{ - struct modctl *modctlp = NULL; - struct module *mp = NULL; - struct _buf *file; - char *filename; - Elf64_Ehdr ehdr; - unsigned int size, i; - char sha1buf[SHA1_DIGEST_LENGTH]; - char expected_checksum[SHA1_DIGEST_LENGTH]; - - modctlp = mod_find_by_filename(NULL, modname); - if (modctlp == NULL) { - ERRLOG1("module with modname %s not found\n", modname); - return (FAILURE); - } - mp = (struct module *)modctlp->mod_mp; - if (mp != NULL && mp->filename != NULL) { - filename = mp->filename; - } else { - /* filename does not exist */ - return (FAILURE); - } - if ((mp->text > (char *)_initaddr) || - (mp->text + mp->text_size < (char *)_initaddr)) { - ERRLOG1("_init() is not in module %s\n", modname); - return (FAILURE); - } - - if ((file = kobj_open_file(filename)) == (struct _buf *)-1) { - ERRLOG1("Cannot open %s\n", filename); - return (FAILURE); - } - /* Read the ELF header */ - size = sizeof (ehdr); - if (kobj_read_file(file, (char *)(&ehdr), size, 0) < 0) { - goto fail_exit; - } - - /* check if it is an ELF file */ - for (i = 0; i < SELFMAG; i++) { - if (ehdr.e_ident[i] != ELFMAG[i]) { - ERRLOG1("%s not an elf file\n", filename); - goto fail_exit; - } - } - - /* check if it is relocatable */ - if (ehdr.e_type != ET_REL) { - ERRLOG1("%s isn't a relocatable (ET_REL) " - "module\n", filename); - goto fail_exit; - } - - if (fips_calc_checksum(file, &ehdr, sha1buf) < 0) { - goto fail_exit; - } - - if (get_fips_section(&ehdr, file, expected_checksum) < 0) { - goto fail_exit; - } - - if (memcmp(sha1buf, expected_checksum, SHA1_DIGEST_LENGTH) != 0) { - goto fail_exit; - } - - kobj_close_file(file); - - return (SUCCESS); - -fail_exit: - - kobj_close_file(file); - - return (FAILURE); - -} - -#endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_checksum.h --- a/usr/src/common/crypto/fips/fips_checksum.h Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,70 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef _SYS_CRYPTO_FIPS_H -#define _SYS_CRYPTO_FIPS_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef _KERNEL -#include -#include -#include -#include -#include -#include -#else -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#endif - - -#define FAILURE -1 -#define SUCCESS 0 - -#ifdef _KERNEL -extern int fips_calc_checksum(struct _buf *, Elf64_Ehdr *, char *); -extern int fips_check_module(char *modname, void *_initaddr); -#else -extern int fips_read_file(int, char *, int, int); -extern int fips_calc_checksum(int, Elf64_Ehdr *, char *); -#endif - - -#ifdef __cplusplus -} -#endif - -#endif /* _SYS_CRYPTO_FIPS_H */ diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_des_util.c --- a/usr/src/common/crypto/fips/fips_des_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,660 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include -#include -#include -#include -#include -#include -#include -#define _DES_FIPS_POST -#ifndef _KERNEL -#include -#include -#include -#include -#include -#include -#include "softCrypt.h" -#else -#define _DES_IMPL -#include -#endif - -#ifndef _KERNEL -/* - * Allocate context for the DES encryption or decryption operation, and - * generate DES or DES3 key schedule to speed up the operation. - */ -soft_des_ctx_t * -des_build_context(uint8_t *key, uint8_t *iv, CK_KEY_TYPE key_type, - CK_MECHANISM_TYPE mechanism) -{ - - size_t size; - soft_des_ctx_t *soft_des_ctx; - - soft_des_ctx = calloc(1, sizeof (soft_des_ctx_t)); - if (soft_des_ctx == NULL) { - return (NULL); - } - - /* Allocate key schedule for DES or DES3 based on key type. */ - if (key_type == CKK_DES) { - soft_des_ctx->key_sched = des_alloc_keysched(&size, DES, 0); - if (soft_des_ctx->key_sched == NULL) { - free(soft_des_ctx); - return (NULL); - } - des_init_keysched(key, DES, soft_des_ctx->key_sched); - } else { - soft_des_ctx->key_sched = des_alloc_keysched(&size, DES3, 0); - if (soft_des_ctx->key_sched == NULL) { - free(soft_des_ctx); - return (NULL); - } - des_init_keysched(key, DES3, soft_des_ctx->key_sched); - } - - soft_des_ctx->keysched_len = size; - soft_des_ctx->key_type = key_type; - - if ((mechanism == CKM_DES_CBC) || (mechanism == CKM_DES3_CBC)) { - /* Save Initialization Vector (IV) in the context. */ - (void) memcpy(soft_des_ctx->ivec, iv, DES_BLOCK_LEN); - - /* Allocate a context for DES cipher-block chaining. */ - soft_des_ctx->des_cbc = (void *)des_cbc_ctx_init( - soft_des_ctx->key_sched, soft_des_ctx->keysched_len, - soft_des_ctx->ivec, soft_des_ctx->key_type); - - if (soft_des_ctx->des_cbc == NULL) { - bzero(soft_des_ctx->key_sched, - soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); - return (NULL); - } - } - - return (soft_des_ctx); -} - -/* - * Free the DES context. - */ -void -fips_des_free_context(soft_des_ctx_t *soft_des_ctx) -{ - - des_ctx_t *des_ctx; - - des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc; - if (des_ctx != NULL) { - bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len); - free(soft_des_ctx->des_cbc); - } - - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); - free(soft_des_ctx); -} -#else - -static void -des_copy_block64(uint8_t *in, uint64_t *out) -{ - if (IS_P2ALIGNED(in, sizeof (uint64_t))) { - /* LINTED: pointer alignment */ - out[0] = *(uint64_t *)&in[0]; - } else { - uint64_t tmp64; - -#ifdef _BIG_ENDIAN - tmp64 = (((uint64_t)in[0] << 56) | - ((uint64_t)in[1] << 48) | - ((uint64_t)in[2] << 40) | - ((uint64_t)in[3] << 32) | - ((uint64_t)in[4] << 24) | - ((uint64_t)in[5] << 16) | - ((uint64_t)in[6] << 8) | - (uint64_t)in[7]); -#else - tmp64 = (((uint64_t)in[7] << 56) | - ((uint64_t)in[6] << 48) | - ((uint64_t)in[5] << 40) | - ((uint64_t)in[4] << 32) | - ((uint64_t)in[3] << 24) | - ((uint64_t)in[2] << 16) | - ((uint64_t)in[1] << 8) | - (uint64_t)in[0]); -#endif /* _BIG_ENDIAN */ - - out[0] = tmp64; - } -} - -des_ctx_t * -des_build_context(uint8_t *key, uint8_t *iv, - des_mech_type_t mech_type) -{ - int rv = CRYPTO_SUCCESS; - void *keysched; - size_t size; - des_ctx_t *des_ctx = NULL; - des_strength_t strength; - - switch (mech_type) { - case DES_ECB_MECH_INFO_TYPE: - des_ctx = ecb_alloc_ctx(KM_SLEEP); - /* FALLTHRU */ - case DES_CBC_MECH_INFO_TYPE: - strength = DES; - if (des_ctx == NULL) - des_ctx = cbc_alloc_ctx(KM_SLEEP); - break; - case DES3_ECB_MECH_INFO_TYPE: - des_ctx = ecb_alloc_ctx(KM_SLEEP); - /* FALLTHRU */ - case DES3_CBC_MECH_INFO_TYPE: - strength = DES3; - if (des_ctx == NULL) - des_ctx = cbc_alloc_ctx(KM_SLEEP); - break; - default: - return (NULL); - } - - if ((keysched = des_alloc_keysched(&size, strength, - KM_SLEEP)) == NULL) - return (NULL); - - /* - * Initialize key schedule. - * Key length is stored in the key. - */ - des_init_keysched(key, strength, keysched); - - des_ctx->dc_flags |= PROVIDER_OWNS_KEY_SCHEDULE; - des_ctx->dc_keysched_len = size; - des_ctx->dc_keysched = keysched; - - if (strength == DES3) { - des_ctx->dc_flags |= DES3_STRENGTH; - } - - switch (mech_type) { - case DES_CBC_MECH_INFO_TYPE: - case DES3_CBC_MECH_INFO_TYPE: - /* Save Initialization Vector (IV) in the context. */ - rv = cbc_init_ctx((cbc_ctx_t *)des_ctx, (char *)iv, - DES_BLOCK_LEN, DES_BLOCK_LEN, des_copy_block64); - break; - case DES_ECB_MECH_INFO_TYPE: - case DES3_ECB_MECH_INFO_TYPE: - des_ctx->dc_flags |= ECB_MODE; - } - - if (rv != CRYPTO_SUCCESS) { - if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) { - bzero(keysched, size); - kmem_free(keysched, size); - } - } - - return (des_ctx); -} - -void -fips_des_free_context(des_ctx_t *des_ctx) -{ - - if (des_ctx != NULL) { - if (des_ctx->dc_flags & PROVIDER_OWNS_KEY_SCHEDULE) { - ASSERT(des_ctx->dc_keysched_len != 0); - bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len); - kmem_free(des_ctx->dc_keysched, - des_ctx->dc_keysched_len); - } - bzero(des_ctx, sizeof (des_ctx_t)); - kmem_free(des_ctx, sizeof (des_ctx_t)); - } -} -#endif - -/* - * fips_des_encrypt() - * - * Arguments: - * soft_des_ctx: pointer to DES context - * in_buf: pointer to the input data to be encrypted - * ulDataLen: length of the input data - * out_buf: pointer to the output data after encryption - * pulEncryptedLen: pointer to the length of the output data - * mechanism: CKM_DES_ECB, CKM_DES3_ECB, CKM_DES_CBC, CKM_DES3_CBC - * - * Description: - * This function calls the corresponding DES low-level encrypt - * routine based on the mechanism. - * - */ -#ifndef _KERNEL -CK_RV -fips_des_encrypt(soft_des_ctx_t *soft_des_ctx, CK_BYTE_PTR in_buf, - CK_ULONG ulDataLen, CK_BYTE_PTR out_buf, - CK_ULONG_PTR pulEncryptedLen, CK_MECHANISM_TYPE mechanism) -#else -int -fips_des_encrypt(des_ctx_t *des_ctx, uint8_t *in_buf, - ulong_t ulDataLen, uint8_t *out_buf, - ulong_t *pulEncryptedLen, des_mech_type_t mechanism) -#endif -{ - - CK_RV rv = CKR_OK; - int rc = 0; - ulong_t out_len; - - /* - * DES only takes input length that is a multiple of blocksize - * with the mechanism CKM_DES_ECB or CKM_DES_CBC. - */ - if ((ulDataLen % DES_BLOCK_LEN) != 0) { - return (CKR_DATA_LEN_RANGE); - } - - /* - * For non-padding mode, the output length will - * be same as the input length. - */ - out_len = ulDataLen; - - /* - * Begin Encryption now. - */ - switch (mechanism) { - case CKM_DES_ECB: - case CKM_DES3_ECB: - { - - ulong_t i; - uint8_t *tmp_inbuf; - uint8_t *tmp_outbuf; - - for (i = 0; i < out_len; i += DES_BLOCK_LEN) { - tmp_inbuf = &in_buf[i]; - tmp_outbuf = &out_buf[i]; - /* Crunch one block of data for DES. */ -#ifndef _KERNEL - if (soft_des_ctx->key_type == CKK_DES) - (void) des_crunch_block( - soft_des_ctx->key_sched, - tmp_inbuf, tmp_outbuf, B_FALSE); - else - (void) des3_crunch_block( - soft_des_ctx->key_sched, - tmp_inbuf, tmp_outbuf, B_FALSE); -#else - if (mechanism == DES_ECB_MECH_INFO_TYPE) - (void) des_crunch_block(des_ctx->dc_keysched, - tmp_inbuf, tmp_outbuf, B_FALSE); - else - (void) des3_crunch_block(des_ctx->dc_keysched, - tmp_inbuf, tmp_outbuf, B_FALSE); -#endif - } - - *pulEncryptedLen = out_len; - break; - } - - case CKM_DES_CBC: - case CKM_DES3_CBC: - { - crypto_data_t out; - - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = out_len; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = out_len; - - /* Encrypt multiple blocks of data. */ - rc = des_encrypt_contiguous_blocks( -#ifndef _KERNEL - (des_ctx_t *)soft_des_ctx->des_cbc, -#else - des_ctx, -#endif - (char *)in_buf, out_len, &out); - - if (rc != 0) - goto encrypt_failed; - - if (rc == 0) { - *pulEncryptedLen = out_len; - break; - } -encrypt_failed: - *pulEncryptedLen = 0; - - return (CKR_DEVICE_ERROR); - - } - } /* end switch */ - - return (rv); -} - -/* - * fips_des_decrypt() - * - * Arguments: - * soft_des_ctx: pointer to DES context - * in_buf: pointer to the input data to be decrypted - * ulEncryptedLen: length of the input data - * out_buf: pointer to the output data - * pulDataLen: pointer to the length of the output data - * mechanism: CKM_DES_ECB, CKM_DES3_ECB, CKM_DES_CBC, CKM_DES3_CBC - * - * Description: - * This function calls the corresponding DES low-level decrypt - * function based on the mechanism. - * - */ -#ifndef _KERNEL -CK_RV -fips_des_decrypt(soft_des_ctx_t *soft_des_ctx, CK_BYTE_PTR in_buf, - CK_ULONG ulEncryptedLen, CK_BYTE_PTR out_buf, - CK_ULONG_PTR pulDataLen, CK_MECHANISM_TYPE mechanism) -#else -int -fips_des_decrypt(des_ctx_t *des_ctx, uint8_t *in_buf, - ulong_t ulEncryptedLen, uint8_t *out_buf, - ulong_t *pulDataLen, des_mech_type_t mechanism) -#endif -{ - - CK_RV rv = CKR_OK; - int rc = 0; - ulong_t out_len; - - /* - * DES only takes input length that is a multiple of 8 bytes - * with the mechanism CKM_DES_ECB, CKM_DES_CBC or - * CKM_DES_CBC_PAD. - */ - if ((ulEncryptedLen % DES_BLOCK_LEN) != 0) { - return (CKR_DATA_LEN_RANGE); - } - - /* Set output length same as input length. */ - out_len = ulEncryptedLen; - - /* - * Begin Decryption. - */ - switch (mechanism) { - case CKM_DES_ECB: - case CKM_DES3_ECB: - { - uint8_t *tmp_inbuf; - uint8_t *tmp_outbuf; - ulong_t i; - - for (i = 0; i < out_len; i += DES_BLOCK_LEN) { - tmp_inbuf = &in_buf[i]; - tmp_outbuf = &out_buf[i]; - /* Crunch one block of data for DES. */ -#ifndef _KERNEL - if (soft_des_ctx->key_type == CKK_DES) - (void) des_crunch_block( - soft_des_ctx->key_sched, - tmp_inbuf, tmp_outbuf, B_TRUE); - else - (void) des3_crunch_block( - soft_des_ctx->key_sched, - tmp_inbuf, tmp_outbuf, B_TRUE); -#else - if (mechanism == DES_ECB_MECH_INFO_TYPE) - (void) des_crunch_block(des_ctx->dc_keysched, - tmp_inbuf, tmp_outbuf, B_TRUE); - else - (void) des3_crunch_block(des_ctx->dc_keysched, - tmp_inbuf, tmp_outbuf, B_TRUE); -#endif - } - - *pulDataLen = out_len; - break; - } - - case CKM_DES_CBC: - case CKM_DES3_CBC: - { - crypto_data_t out; - out.cd_format = CRYPTO_DATA_RAW; - out.cd_offset = 0; - out.cd_length = out_len; - out.cd_raw.iov_base = (char *)out_buf; - out.cd_raw.iov_len = out_len; - - /* Decrypt multiple blocks of data. */ - rc = des_decrypt_contiguous_blocks( -#ifndef _KERNEL - (des_ctx_t *)soft_des_ctx->des_cbc, -#else - des_ctx, -#endif - (char *)in_buf, out_len, &out); - - if (rc != 0) - goto decrypt_failed; - - *pulDataLen = out_len; - - if (rc == 0) - break; -decrypt_failed: - *pulDataLen = 0; - - return (CKR_DEVICE_ERROR); - - } - } /* end switch */ - - return (rv); -} - -/* - * DES3 Power-On SelfTest(s). - */ -int -fips_des3_post(void) -{ - - /* DES3 Known Key. */ - static uint8_t des3_known_key[] = { "ANSI Triple-DES Key Data" }; - - /* DES3-CBC Known Initialization Vector (64-bits). */ - static uint8_t des3_cbc_known_iv[] = { "Security" }; - - /* DES3 Known Plaintext (64-bits). */ - static uint8_t des3_ecb_known_plaintext[] = { "Solaris!" }; - static uint8_t des3_cbc_known_plaintext[] = { "Solaris!" }; - - /* DES3 Known Ciphertext (64-bits). */ - static uint8_t des3_ecb_known_ciphertext[] = { - 0x17, 0x0d, 0x1f, 0x13, 0xd3, 0xa0, 0x3a, 0x63 - }; - - static uint8_t des3_cbc_known_ciphertext[] = { - 0x7f, 0x62, 0x44, 0xb3, 0xf8, 0x77, 0xf8, 0xf8 - }; - - /* DES3 variables. */ - uint8_t des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH]; - uint8_t des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH]; - -#ifdef _KERNEL - des_ctx_t *des3_context; -#else - soft_des_ctx_t *des3_context; -#endif - - ulong_t des3_bytes_encrypted; - ulong_t des3_bytes_decrypted; - int rv; - - /* - * DES3 ECB Known Answer Encryption Test - */ -#ifdef _KERNEL - des3_context = des_build_context(des3_known_key, NULL, - DES3_ECB_MECH_INFO_TYPE); -#else - des3_context = des_build_context(des3_known_key, NULL, - CKK_DES3, CKM_DES3_ECB); -#endif - - if (des3_context == NULL) - return (CKR_HOST_MEMORY); - -#ifdef _KERNEL - rv = fips_des_encrypt(des3_context, des3_ecb_known_plaintext, - FIPS_DES3_ENCRYPT_LENGTH, des3_computed_ciphertext, - &des3_bytes_encrypted, DES3_ECB_MECH_INFO_TYPE); -#else - rv = fips_des_encrypt(des3_context, des3_ecb_known_plaintext, - FIPS_DES3_ENCRYPT_LENGTH, des3_computed_ciphertext, - &des3_bytes_encrypted, CKM_DES3_ECB); -#endif - - fips_des_free_context(des3_context); - - if ((rv != CRYPTO_SUCCESS) || - (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) || - (memcmp(des3_computed_ciphertext, des3_ecb_known_ciphertext, - FIPS_DES3_ENCRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * DES3 ECB Known Answer Decryption Test - */ -#ifdef _KERNEL - des3_context = des_build_context(des3_known_key, NULL, - DES3_ECB_MECH_INFO_TYPE); -#else - des3_context = des_build_context(des3_known_key, NULL, - CKK_DES3, CKM_DES3_ECB); -#endif - - if (des3_context == NULL) - return (CKR_HOST_MEMORY); - -#ifdef _KERNEL - rv = fips_des_decrypt(des3_context, des3_ecb_known_ciphertext, - FIPS_DES3_DECRYPT_LENGTH, des3_computed_plaintext, - &des3_bytes_decrypted, DES3_ECB_MECH_INFO_TYPE); -#else - rv = fips_des_decrypt(des3_context, des3_ecb_known_ciphertext, - FIPS_DES3_DECRYPT_LENGTH, des3_computed_plaintext, - &des3_bytes_decrypted, CKM_DES3_ECB); -#endif - - fips_des_free_context(des3_context); - - if ((rv != CRYPTO_SUCCESS) || - (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) || - (memcmp(des3_computed_plaintext, des3_ecb_known_plaintext, - FIPS_DES3_DECRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * DES3 CBC Known Answer Encryption Test - */ -#ifdef _KERNEL - des3_context = des_build_context(des3_known_key, des3_cbc_known_iv, - DES3_CBC_MECH_INFO_TYPE); -#else - des3_context = des_build_context(des3_known_key, des3_cbc_known_iv, - CKK_DES3, CKM_DES3_CBC); -#endif - - if (des3_context == NULL) - return (CKR_HOST_MEMORY); - -#ifdef _KERNEL - rv = fips_des_encrypt(des3_context, des3_cbc_known_plaintext, - FIPS_DES3_ENCRYPT_LENGTH, des3_computed_ciphertext, - &des3_bytes_encrypted, DES3_CBC_MECH_INFO_TYPE); -#else - rv = fips_des_encrypt(des3_context, des3_cbc_known_plaintext, - FIPS_DES3_ENCRYPT_LENGTH, des3_computed_ciphertext, - &des3_bytes_encrypted, CKM_DES3_CBC); -#endif - - fips_des_free_context(des3_context); - - if ((rv != CRYPTO_SUCCESS) || - (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) || - (memcmp(des3_computed_ciphertext, des3_cbc_known_ciphertext, - FIPS_DES3_ENCRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * DES3 CBC Known Answer Decryption Test - */ -#ifdef _KERNEL - des3_context = des_build_context(des3_known_key, des3_cbc_known_iv, - DES3_CBC_MECH_INFO_TYPE); -#else - des3_context = des_build_context(des3_known_key, des3_cbc_known_iv, - CKK_DES3, CKM_DES3_CBC); -#endif - - if (des3_context == NULL) - return (CKR_HOST_MEMORY); - -#ifdef _KERNEL - rv = fips_des_decrypt(des3_context, des3_cbc_known_ciphertext, - FIPS_DES3_DECRYPT_LENGTH, des3_computed_plaintext, - &des3_bytes_decrypted, DES3_CBC_MECH_INFO_TYPE); -#else - rv = fips_des_decrypt(des3_context, des3_cbc_known_ciphertext, - FIPS_DES3_DECRYPT_LENGTH, des3_computed_plaintext, - &des3_bytes_decrypted, CKM_DES3_CBC); -#endif - - fips_des_free_context(des3_context); - - if ((rv != CRYPTO_SUCCESS) || - (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) || - (memcmp(des3_computed_plaintext, des3_cbc_known_plaintext, - FIPS_DES3_DECRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - return (CKR_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_dsa_util.c --- a/usr/src/common/crypto/fips/fips_dsa_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,259 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#define _SHA2_IMPL -#include - -#ifdef _KERNEL -#include -#include -#else -#include -#include -#include "softMAC.h" -#endif - -#include -#include - -#include -#define _DSA_FIPS_POST -#include - - -/* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */ -static uint8_t dsa_P[] = { - 0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28, - 0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63, - 0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0, - 0x6d, 0xd2, 0x67, 0x6b, 0x37, 0x81, 0x83, 0x0c, - 0xfe, 0x3a, 0x8a, 0xfd, 0xa0, 0x3b, 0x08, 0x91, - 0x1c, 0xcb, 0xb5, 0x63, 0xb0, 0x1c, 0x70, 0xd0, - 0xae, 0xe1, 0x60, 0x2e, 0x12, 0xeb, 0x54, 0xc7, - 0xcf, 0xc6, 0xcc, 0xae, 0x97, 0x52, 0x32, 0x63, - 0xd3, 0xeb, 0x55, 0xea, 0x2f, 0x4c, 0xd5, 0xd7, - 0x3f, 0xda, 0xec, 0x49, 0x27, 0x0b, 0x14, 0x56, - 0xc5, 0x09, 0xbe, 0x4d, 0x09, 0x15, 0x75, 0x2b, - 0xa3, 0x42, 0x0d, 0x03, 0x71, 0xdf, 0x0f, 0xf4, - 0x0e, 0xe9, 0x0c, 0x46, 0x93, 0x3d, 0x3f, 0xa6, - 0x6c, 0xdb, 0xca, 0xe5, 0xac, 0x96, 0xc8, 0x64, - 0x5c, 0xec, 0x4b, 0x35, 0x65, 0xfc, 0xfb, 0x5a, - 0x1b, 0x04, 0x1b, 0xa1, 0x0e, 0xfd, 0x88, 0x15 -}; - -static uint8_t dsa_Q[] = { - 0xad, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e, - 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6, - 0x91, 0x99, 0x8b, 0xcf -}; - -static uint8_t dsa_G[] = { - 0x78, 0x6e, 0xa9, 0xd8, 0xcd, 0x4a, 0x85, 0xa4, - 0x45, 0xb6, 0x6e, 0x5d, 0x21, 0x50, 0x61, 0xf6, - 0x5f, 0xdf, 0x5c, 0x7a, 0xde, 0x0d, 0x19, 0xd3, - 0xc1, 0x3b, 0x14, 0xcc, 0x8e, 0xed, 0xdb, 0x17, - 0xb6, 0xca, 0xba, 0x86, 0xa9, 0xea, 0x51, 0x2d, - 0xc1, 0xa9, 0x16, 0xda, 0xf8, 0x7b, 0x59, 0x8a, - 0xdf, 0xcb, 0xa4, 0x67, 0x00, 0x44, 0xea, 0x24, - 0x73, 0xe5, 0xcb, 0x4b, 0xaf, 0x2a, 0x31, 0x25, - 0x22, 0x28, 0x3f, 0x16, 0x10, 0x82, 0xf7, 0xeb, - 0x94, 0x0d, 0xdd, 0x09, 0x22, 0x14, 0x08, 0x79, - 0xba, 0x11, 0x0b, 0xf1, 0xff, 0x2d, 0x67, 0xac, - 0xeb, 0xb6, 0x55, 0x51, 0x69, 0x97, 0xa7, 0x25, - 0x6b, 0x9c, 0xa0, 0x9b, 0xd5, 0x08, 0x9b, 0x27, - 0x42, 0x1c, 0x7a, 0x69, 0x57, 0xe6, 0x2e, 0xed, - 0xa9, 0x5b, 0x25, 0xe8, 0x1f, 0xd2, 0xed, 0x1f, - 0xdf, 0xe7, 0x80, 0x17, 0xba, 0x0d, 0x4d, 0x38 -}; - -/* - * DSA Known Random Values (known random key block is 160-bits) - * and (known random signature block is 160-bits). - * Note: known random key block must be numerically smaller than - * dsa_Q even after bignum_random() turns on the MSB. - */ -static uint8_t dsa_known_random_key_block[] = { - 0x91, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e, - 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6, - 0x91, 0x99, 0x8b, 0xcf -}; - -static uint8_t dsa_known_random_signature_block[] = { - "Random DSA Signature" -}; - -/* DSA Known Digest (160-bits) */ -static uint8_t dsa_known_digest[] = { - "DSA Signature Digest" -}; - -/* DSA Known Signature (320-bits). */ -static uint8_t dsa_known_signature[] = { - 0x25, 0x7c, 0x3a, 0x79, 0x32, 0x45, 0xb7, 0x32, - 0x70, 0xca, 0x62, 0x63, 0x2b, 0xf6, 0x29, 0x2c, - 0x22, 0x2a, 0x03, 0xce, 0x65, 0x02, 0x72, 0x5a, - 0x66, 0x29, 0xcf, 0x56, 0xe6, 0xdf, 0xb0, 0xcc, - 0x53, 0x72, 0x56, 0x70, 0x92, 0xb5, 0x45, 0x75 - -}; - - -static int -fips_dsa_random_func(void *buf, size_t buflen) -{ - /* should not happen */ - if (buflen != FIPS_DSA_SEED_LENGTH) - return (-1); - - (void) memcpy(buf, dsa_known_random_key_block, - FIPS_DSA_SEED_LENGTH); - return (0); -} - -static int -fips_dsa_signature_func(void *buf, size_t buflen) -{ - /* should not happen */ - if (buflen != FIPS_DSA_SEED_LENGTH) - return (-1); - - (void) memcpy(buf, dsa_known_random_signature_block, - FIPS_DSA_SEED_LENGTH); - return (0); -} - -int -fips_dsa_genkey_pair(DSAbytekey *bkey) -{ - return (dsa_genkey_pair(bkey)); -} - -int -fips_dsa_digest_sign(DSAbytekey *bkey, - uint8_t *in, uint32_t inlen, uint8_t *out) -{ - CK_RV rv; - SHA1_CTX *sha1_context; - uint8_t sha1_computed_digest[FIPS_DSA_DIGEST_LENGTH]; - - sha1_context = fips_sha1_build_context(); - if (sha1_context == NULL) - return (CKR_HOST_MEMORY); - - /* hash the message: context is freed by the function */ - rv = fips_sha1_hash(sha1_context, in, inlen, sha1_computed_digest); - if (rv != CKR_OK) - return (rv); - - return (dsa_sign(bkey, sha1_computed_digest, - FIPS_DSA_DIGEST_LENGTH, out)); -} - -int -fips_dsa_verify(DSAbytekey *bkey, uint8_t *data, uint8_t *sig) -{ - CK_RV rv; - SHA1_CTX *sha1_context; - uint8_t sha1_computed_digest[FIPS_DSA_DIGEST_LENGTH]; - - sha1_context = fips_sha1_build_context(); - if (sha1_context == NULL) - return (CKR_HOST_MEMORY); - - /* hash the message: context is freed by the function */ - rv = fips_sha1_hash(sha1_context, data, FIPS_DSA_DIGEST_LENGTH, - sha1_computed_digest); - if (rv != CKR_OK) - return (rv); - - return (dsa_verify(bkey, sha1_computed_digest, sig)); -} - -/* - * DSA Power-On SelfTest(s). - */ -int -fips_dsa_post(void) -{ - DSAbytekey dsa_params; - CK_RV rv; - uint8_t dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH]; - uint8_t pubvalue[FIPS_DSA_PRIME_LENGTH]; - uint8_t privalue[FIPS_DSA_SUBPRIME_LENGTH]; - - /* - * Generate a DSA public/private key pair. - */ - dsa_params.prime = dsa_P; - dsa_params.prime_bits = CRYPTO_BYTES2BITS(FIPS_DSA_PRIME_LENGTH); - dsa_params.subprime = dsa_Q; - dsa_params.subprime_bits = CRYPTO_BYTES2BITS(FIPS_DSA_SUBPRIME_LENGTH); - dsa_params.base = dsa_G; - dsa_params.base_bytes = FIPS_DSA_BASE_LENGTH; - - /* Output from DSA key pair generation */ - dsa_params.private_x = privalue; - dsa_params.private_x_bits = CRYPTO_BYTES2BITS(sizeof (privalue)); - dsa_params.public_y = pubvalue; - dsa_params.public_y_bits = CRYPTO_BYTES2BITS(sizeof (pubvalue)); - - dsa_params.rfunc = fips_dsa_random_func; - - rv = fips_dsa_genkey_pair(&dsa_params); - if (rv != CKR_OK) - return (CKR_DEVICE_ERROR); - - /* - * DSA Known Answer Signature Test - */ - - dsa_params.rfunc = fips_dsa_signature_func; - - /* Perform DSA signature process. */ - rv = fips_dsa_digest_sign(&dsa_params, - dsa_known_digest, FIPS_DSA_DIGEST_LENGTH, dsa_computed_signature); - - if ((rv != CKR_OK) || - (memcmp(dsa_computed_signature, dsa_known_signature, - FIPS_DSA_SIGNATURE_LENGTH) != 0)) { - goto clean; - } - - /* - * DSA Known Answer Verification Test - */ - - /* Perform DSA verification process. */ - rv = fips_dsa_verify(&dsa_params, - dsa_known_digest, dsa_computed_signature); - -clean: - if (rv != CKR_OK) - return (CKR_DEVICE_ERROR); - else - return (CKR_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_ecc_util.c --- a/usr/src/common/crypto/fips/fips_ecc_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,282 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef _KERNEL -#include -#include -#include -#include -#include -#include "softMAC.h" -#include "softEC.h" -#endif -#include -#include - - -#define MAX_ECKEY_LEN 72 -#define SHA1_DIGEST_SIZE 20 - -static void free_ecparams(ECParams *, boolean_t); -static void free_ecprivkey(ECPrivateKey *); -static void free_ecpubkey(ECPublicKey *); - -static int -fips_ecdsa_sign_verify(uint8_t *encodedParams, - unsigned int encodedParamsLen, - uint8_t *knownSignature, - unsigned int knownSignatureLen) { - - /* ECDSA Known Seed info for curves nistp256 */ - static uint8_t ecdsa_Known_Seed[] = { - 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11, - 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1, - 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc, - 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f - }; - - static uint8_t msg[] = { - "Sun Microsystems Solaris is awesome!" - }; - - unsigned char sha1[SHA1_DIGEST_SIZE]; /* SHA-1 hash (160 bits) */ - unsigned char sig[2*MAX_ECKEY_LEN]; - SECItem signature, digest; - SECItem encodedparams; - ECParams *ecparams = NULL; - ECPrivateKey *ecdsa_private_key = NULL; - ECPublicKey ecdsa_public_key; - SECStatus ecdsaStatus = SECSuccess; - SHA1_CTX *sha1_context = NULL; - int rv = CKR_DEVICE_ERROR; - - (void) memset(&ecdsa_public_key, 0, sizeof (ECPublicKey)); - /* construct the ECDSA private/public key pair */ - encodedparams.type = siBuffer; - encodedparams.data = (unsigned char *) encodedParams; - encodedparams.len = encodedParamsLen; - - if (EC_DecodeParams(&encodedparams, &ecparams, 0) != SECSuccess) { - return (CKR_ARGUMENTS_BAD); - } - - /* - * Generates a new EC key pair. The private key is a supplied - * random value (in seed) and the public key is the result of - * performing a scalar point multiplication of that value with - * the curve's base point. - */ - - ecdsaStatus = ec_NewKey(ecparams, &ecdsa_private_key, - ecdsa_Known_Seed, sizeof (ecdsa_Known_Seed), 0); - - if (ecdsaStatus != SECSuccess) { - goto loser; - } - - /* construct public key from private key. */ - ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena, - &ecdsa_public_key.ecParams, &ecdsa_private_key->ecParams); - - if (ecdsaStatus != SECSuccess) { - goto loser; - } - - ecdsa_public_key.publicValue = ecdsa_private_key->publicValue; - - /* validate public key value */ - ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams, - &ecdsa_public_key.publicValue, 0); - - if (ecdsaStatus != SECSuccess) { - goto loser; - } - - /* validate public key value */ - ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams, - &ecdsa_private_key->publicValue, 0); - - if (ecdsaStatus != SECSuccess) { - goto loser; - } - - /* - * ECDSA Known Answer Signature Test. - */ -#ifdef _KERNEL - if ((sha1_context = kmem_zalloc(sizeof (SHA1_CTX), - KM_SLEEP)) == NULL) { -#else - if ((sha1_context = malloc(sizeof (SHA1_CTX))) == NULL) { -#endif - ecdsaStatus = SECFailure; - rv = CKR_HOST_MEMORY; - goto loser; - } - - SHA1Init(sha1_context); - -#ifdef __sparcv9 - SHA1Update(sha1_context, msg, (uint_t)sizeof (msg)); -#else /* !__sparcv9 */ - SHA1Update(sha1_context, msg, sizeof (msg)); -#endif /* __sparcv9 */ - SHA1Final(sha1, sha1_context); - - digest.type = siBuffer; - digest.data = sha1; - digest.len = SHA1_DIGEST_SIZE; - - (void) memset(sig, 0, sizeof (sig)); - signature.type = siBuffer; - signature.data = sig; - signature.len = sizeof (sig); - - ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature, - &digest, ecdsa_Known_Seed, sizeof (ecdsa_Known_Seed), 0); - - if (ecdsaStatus != SECSuccess) { - goto loser; - } - - if ((signature.len != knownSignatureLen) || - (memcmp(signature.data, knownSignature, - knownSignatureLen) != 0)) { - ecdsaStatus = SECFailure; - goto loser; - } - - /* - * ECDSA Known Answer Verification Test. - */ - ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, - &digest, 0); - -loser: - if (ecdsa_public_key.publicValue.data != NULL) - free_ecpubkey(&ecdsa_public_key); - if (ecdsa_private_key != NULL) - free_ecprivkey(ecdsa_private_key); - free_ecparams(ecparams, B_TRUE); - - if (sha1_context != NULL) -#ifdef _KERNEL - kmem_free(sha1_context, sizeof (SHA1_CTX)); -#else - free(sha1_context); -#endif - - if (ecdsaStatus != SECSuccess) { - return (rv); - } - - return (CKR_OK); -} - -int -fips_ecdsa_post() { - - /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */ - static uint8_t ecdsa_known_P256_EncodedParams[] = { - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, - 0x01, 0x07 - }; - - static uint8_t ecdsa_known_P256_signature[] = { - 0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10, 0xd6, - 0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff, - 0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f, - 0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5, - 0x2b, 0xdb, 0x86, 0x76, 0xe7, 0x32, 0xba, 0x13, - 0x03, 0x7f, 0x7f, 0x92, 0x77, 0xd8, 0x35, 0xfe, - 0x99, 0xb4, 0xb7, 0x85, 0x5a, 0xfb, 0xfb, 0xce, - 0x5d, 0x0e, 0xbc, 0x01, 0xfa, 0x44, 0x97, 0x7e - }; - - int rv; - - /* ECDSA GF(p) prime field curve test */ - rv = fips_ecdsa_sign_verify(ecdsa_known_P256_EncodedParams, - sizeof (ecdsa_known_P256_EncodedParams), - ecdsa_known_P256_signature, - sizeof (ecdsa_known_P256_signature)); - - if (rv != CKR_OK) { - return (CKR_DEVICE_ERROR); - } - - return (CKR_OK); -} - -static void -free_ecparams(ECParams *params, boolean_t freeit) -{ - SECITEM_FreeItem(¶ms->fieldID.u.prime, B_FALSE); - SECITEM_FreeItem(¶ms->curve.a, B_FALSE); - SECITEM_FreeItem(¶ms->curve.b, B_FALSE); - SECITEM_FreeItem(¶ms->curve.seed, B_FALSE); - SECITEM_FreeItem(¶ms->base, B_FALSE); - SECITEM_FreeItem(¶ms->order, B_FALSE); - SECITEM_FreeItem(¶ms->DEREncoding, B_FALSE); - SECITEM_FreeItem(¶ms->curveOID, B_FALSE); - if (freeit) -#ifdef _KERNEL - kmem_free(params, sizeof (ECParams)); -#else - free(params); -#endif -} - -static void -free_ecprivkey(ECPrivateKey *key) -{ - free_ecparams(&key->ecParams, B_FALSE); - SECITEM_FreeItem(&key->publicValue, B_FALSE); - bzero(key->privateValue.data, key->privateValue.len); - SECITEM_FreeItem(&key->privateValue, B_FALSE); - SECITEM_FreeItem(&key->version, B_FALSE); -#ifdef _KERNEL - kmem_free(key, sizeof (ECPrivateKey)); -#else - free(key); -#endif -} - -static void -free_ecpubkey(ECPublicKey *key) -{ - free_ecparams(&key->ecParams, B_FALSE); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_post.h --- a/usr/src/common/crypto/fips/fips_post.h Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,63 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef _FIPS_POST_H -#define _FIPS_POST_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define FIPS_KNOWN_HMAC_MESSAGE_LENGTH 64 /* 512-bits */ - -#ifdef _KERNEL - -#define CK_BYTE uchar_t -#define CK_ULONG ulong_t -#define CK_RV int - -#define CKR_OK CRYPTO_SUCCESS -#define CKR_HOST_MEMORY CRYPTO_HOST_MEMORY -#define CKR_DEVICE_ERROR CRYPTO_DEVICE_ERROR -#define CKR_DATA_LEN_RANGE CRYPTO_DATA_LEN_RANGE -#define CKR_ENCRYPTED_DATA_LEN_RANGE CRYPTO_ENCRYPTED_DATA_LEN_RANGE -#define CKR_ENCRYPTED_DATA_INVALID CRYPTO_ENCRYPTED_DATA_INVALID -#define CKR_SIGNATURE_INVALID CRYPTO_SIGNATURE_INVALID -#define CKR_SIGNATURE_LEN_RANGE CRYPTO_SIGNATURE_LEN_RANGE -#define CKR_ARGUMENTS_BAD CRYPTO_ARGUMENTS_BAD - -#else - -#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */ -#define PAIRWISE_DIGEST_LENGTH 20 /* 160-bits */ -#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */ - -#endif /* _KERNEL */ - -#ifdef __cplusplus -} -#endif - -#endif /* _FIPS_POST_H */ diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_random_util.c --- a/usr/src/common/crypto/fips/fips_random_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,89 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef _KERNEL -#include -#include -#include -#include -#include -#include -#include "softMAC.h" -#endif -#include - - -int -fips_rng_post(void) -{ - static uint8_t XKeyValue[] = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 - }; - - static uint8_t XSeed[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 - }; - - static uint8_t rng_known_GENX[] = { - 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, - 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, - 0xaf, 0xd8, 0x07, 0x09 - }; - - uint8_t GENX[SHA1_HASH_SIZE]; - uint8_t XKey[SHA1_HASH_SIZE]; - - (void) memcpy(XKey, XKeyValue, SHA1_HASH_SIZE); - - /* Generate X with a known seed. */ - fips_random_inner( - /* LINTED E_BAD_PTR_CAST_ALIGN */ - (uint32_t *) - XKey, - /* LINTED E_BAD_PTR_CAST_ALIGN */ - (uint32_t *) - GENX, - /* LINTED E_BAD_PTR_CAST_ALIGN */ - (uint32_t *) - XSeed); - - /* Verify GENX to perform the RNG integrity check */ - if ((memcmp(GENX, rng_known_GENX, (SHA1_HASH_SIZE)) != 0)) - return (CKR_DEVICE_ERROR); - else - return (CKR_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_rsa_util.c --- a/usr/src/common/crypto/fips/fips_rsa_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,675 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#define _SHA2_IMPL -#include - -#ifdef _KERNEL - -#include -#include - -#else - -#include -#include -#include "softMAC.h" - -#include -#include - -#endif - -#include -#include -#define _RSA_FIPS_POST -#include - -int -fips_rsa_encrypt(RSAPrivateKey_t *key, uint8_t *in, int in_len, uint8_t *out) -{ - return (rsa_encrypt(&(key->bkey), in, in_len, out)); -} - -int -fips_rsa_decrypt(RSAPrivateKey_t *key, uint8_t *in, int in_len, - uint8_t *out) -{ - return (rsa_decrypt(&(key->bkey), in, in_len, out)); -} - -static CK_RV -#ifdef _KERNEL -fips_rsa_sign_verify_test(sha2_mech_t mechanism, -#else -fips_rsa_sign_verify_test(CK_MECHANISM_TYPE mechanism, -#endif - RSAPrivateKey_t *rsa_private_key, - unsigned char *rsa_known_msg, - unsigned int rsa_msg_length, - unsigned char *rsa_computed_signature, - unsigned char *der_data, int sign) - -{ - unsigned char hash[SHA512_DIGEST_LENGTH]; /* SHA digest */ - SHA1_CTX *sha1_context = NULL; - SHA2_CTX *sha2_context = NULL; - int hash_len; - CK_RV rv; - CK_ULONG der_len; - CK_BYTE *der_prefix; - CK_ULONG der_data_len; - CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; - uint32_t modulus_len; - - switch (mechanism) { -#ifdef _KERNEL - case SHA1_TYPE: -#else - case CKM_SHA_1: -#endif - { - -#ifdef _KERNEL - if ((sha1_context = kmem_zalloc(sizeof (SHA1_CTX), - KM_SLEEP)) == NULL) -#else - if ((sha1_context = malloc(sizeof (SHA1_CTX))) == NULL) -#endif - return (CKR_HOST_MEMORY); - - SHA1Init(sha1_context); - -#ifdef __sparcv9 - SHA1Update(sha1_context, rsa_known_msg, - (uint_t)rsa_msg_length); -#else /* !__sparcv9 */ - SHA1Update(sha1_context, rsa_known_msg, rsa_msg_length); -#endif /* __sparcv9 */ - SHA1Final(hash, sha1_context); - - hash_len = SHA1_DIGEST_LENGTH; - - /* - * Prepare the DER encoding of the DigestInfo value - * by setting it to: - * _DER_PREFIX || H - */ - der_len = SHA1_DER_PREFIX_Len; - der_prefix = (CK_BYTE *)SHA1_DER_PREFIX; - (void) memcpy(der_data, der_prefix, der_len); - (void) memcpy(der_data + der_len, hash, hash_len); - der_data_len = der_len + hash_len; -#ifdef _KERNEL - kmem_free(sha1_context, sizeof (SHA1_CTX)); -#else - free(sha1_context); -#endif - break; - } - -#ifdef _KERNEL - case SHA256_TYPE: -#else - case CKM_SHA256: -#endif - { - - sha2_context = fips_sha2_build_context(mechanism); - if (sha2_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha2_hash(sha2_context, rsa_known_msg, - rsa_msg_length, hash); - hash_len = SHA256_DIGEST_LENGTH; - - /* - * Prepare the DER encoding of the DigestInfo value - * by setting it to: - * _DER_PREFIX || H - */ - (void) memcpy(der_data, SHA256_DER_PREFIX, - SHA2_DER_PREFIX_Len); - (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); - der_data_len = SHA2_DER_PREFIX_Len + hash_len; - break; - } -#ifdef _KERNEL - case SHA384_TYPE: -#else - case CKM_SHA384: -#endif - { - - sha2_context = fips_sha2_build_context(mechanism); - if (sha2_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha2_hash(sha2_context, rsa_known_msg, - rsa_msg_length, hash); - hash_len = SHA384_DIGEST_LENGTH; - - /* - * Prepare the DER encoding of the DigestInfo value - * by setting it to: - * _DER_PREFIX || H - */ - (void) memcpy(der_data, SHA384_DER_PREFIX, - SHA2_DER_PREFIX_Len); - (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); - der_data_len = SHA2_DER_PREFIX_Len + hash_len; - break; - } -#ifdef _KERNEL - case SHA512_TYPE: -#else - case CKM_SHA512: -#endif - { - - sha2_context = fips_sha2_build_context(mechanism); - if (sha2_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha2_hash(sha2_context, rsa_known_msg, - rsa_msg_length, hash); - hash_len = SHA512_DIGEST_LENGTH; - - /* - * Prepare the DER encoding of the DigestInfo value - * by setting it to: - * _DER_PREFIX || H - */ - (void) memcpy(der_data, SHA512_DER_PREFIX, - SHA2_DER_PREFIX_Len); - (void) memcpy(der_data + SHA2_DER_PREFIX_Len, hash, hash_len); - der_data_len = SHA2_DER_PREFIX_Len + hash_len; - break; - } - } - - modulus_len = CRYPTO_BITS2BYTES(rsa_private_key->bkey.modulus_bits); - - if (sign) { - rv = pkcs1_encode(PKCS1_SIGN, der_data, der_data_len, - plain_data, modulus_len); - - if (rv != CKR_OK) { - return (CKR_DEVICE_ERROR); - } - - /* Sign operation uses decryption with private key */ - rv = fips_rsa_decrypt(rsa_private_key, plain_data, modulus_len, - rsa_computed_signature); - - if (rv != CKR_OK) { - return (CKR_DEVICE_ERROR); - } - } else { - /* - * Perform RSA decryption with the signer's RSA public key - * for verification process. - */ - rv = fips_rsa_encrypt(rsa_private_key, rsa_computed_signature, - modulus_len, plain_data); - - if (rv == CKR_OK) { - - /* - * Strip off the encoded padding bytes in front of the - * recovered data, then compare the recovered data with - * the original data. - */ - size_t data_len = modulus_len; - - rv = pkcs1_decode(PKCS1_VERIFY, plain_data, &data_len); - if (rv != CKR_OK) { - return (CKR_DEVICE_ERROR); - } - - if ((CK_ULONG)data_len != der_data_len) { - return (CKR_SIGNATURE_LEN_RANGE); - } else if (memcmp(der_data, - &plain_data[modulus_len - data_len], - data_len) != 0) { - return (CKR_SIGNATURE_INVALID); - } - } else { - - return (CKR_DEVICE_ERROR); - } - } - return (CKR_OK); -} - - -/* - * RSA Power-On SelfTest(s). - */ -int -fips_rsa_post(void) -{ - /* - * RSA Known Modulus used in both Public/Private Key Values (1024-bits). - */ - static uint8_t rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { - 0xd5, 0x84, 0x95, 0x07, 0xf4, 0xd0, 0x1f, 0x82, - 0xf3, 0x79, 0xf4, 0x99, 0x48, 0x10, 0xe1, 0x71, - 0xa5, 0x62, 0x22, 0xa3, 0x4b, 0x00, 0xe3, 0x5b, - 0x3a, 0xcc, 0x10, 0x83, 0xe0, 0xaf, 0x61, 0x13, - 0x54, 0x6a, 0xa2, 0x6a, 0x2c, 0x5e, 0xb3, 0xcc, - 0xa3, 0x71, 0x9a, 0xb2, 0x3e, 0x78, 0xec, 0xb5, - 0x0e, 0x6e, 0x31, 0x3b, 0x77, 0x1f, 0x6e, 0x94, - 0x41, 0x60, 0xd5, 0x6e, 0xd9, 0xc6, 0xf9, 0x29, - 0xc3, 0x40, 0x36, 0x25, 0xdb, 0xea, 0x0b, 0x07, - 0xae, 0x76, 0xfd, 0x99, 0x29, 0xf4, 0x22, 0xc1, - 0x1a, 0x8f, 0x05, 0xfe, 0x98, 0x09, 0x07, 0x05, - 0xc2, 0x0f, 0x0b, 0x11, 0x83, 0x39, 0xca, 0xc7, - 0x43, 0x63, 0xff, 0x33, 0x80, 0xe7, 0xc3, 0x78, - 0xae, 0xf1, 0x73, 0x52, 0x98, 0x1d, 0xde, 0x5c, - 0x53, 0x6e, 0x01, 0x73, 0x0d, 0x12, 0x7e, 0x77, - 0x03, 0xf1, 0xef, 0x1b, 0xc8, 0xa8, 0x0f, 0x97 - }; - - /* RSA Known Public Key Values (24-bits). */ - static uint8_t rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { - 0x01, 0x00, 0x01 - }; - - /* - * RSA Known Private Key Values (version is 8-bits), - * (private exponent is 1024-bits), - * (private prime0 is 512-bits), - * (private prime1 is 512-bits), - * (private prime exponent0 is 512-bits), - * (private prime exponent1 is 512-bits), - * and (private coefficient is 512-bits). - */ - static uint8_t rsa_version[] = { 0x00 }; - - static uint8_t rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] - = { - 0x85, 0x27, 0x47, 0x61, 0x4c, 0xd4, 0xb5, 0xb2, - 0x0e, 0x70, 0x91, 0x8f, 0x3d, 0x97, 0xf9, 0x5f, - 0xcc, 0x09, 0x65, 0x1c, 0x7c, 0x5b, 0xb3, 0x6d, - 0x63, 0x3f, 0x7b, 0x55, 0x22, 0xbb, 0x7c, 0x48, - 0x77, 0xae, 0x80, 0x56, 0xc2, 0x10, 0xd5, 0x03, - 0xdb, 0x31, 0xaf, 0x8d, 0x54, 0xd4, 0x48, 0x99, - 0xa8, 0xc4, 0x23, 0x43, 0xb8, 0x48, 0x0b, 0xc7, - 0xbc, 0xf5, 0xcc, 0x64, 0x72, 0xbf, 0x59, 0x06, - 0x04, 0x1c, 0x32, 0xf5, 0x14, 0x2e, 0x6e, 0xe2, - 0x0f, 0x5c, 0xde, 0x36, 0x3c, 0x6e, 0x7c, 0x4d, - 0xcc, 0xd3, 0x00, 0x6e, 0xe5, 0x45, 0x46, 0xef, - 0x4d, 0x25, 0x46, 0x6d, 0x7f, 0xed, 0xbb, 0x4f, - 0x4d, 0x9f, 0xda, 0x87, 0x47, 0x8f, 0x74, 0x44, - 0xb7, 0xbe, 0x9d, 0xf5, 0xdd, 0xd2, 0x4c, 0xa5, - 0xab, 0x74, 0xe5, 0x29, 0xa1, 0xd2, 0x45, 0x3b, - 0x33, 0xde, 0xd5, 0xae, 0xf7, 0x03, 0x10, 0x21 - }; - - static uint8_t rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = { - 0xf9, 0x74, 0x8f, 0x16, 0x02, 0x6b, 0xa0, 0xee, - 0x7f, 0x28, 0x97, 0x91, 0xdc, 0xec, 0xc0, 0x7c, - 0x49, 0xc2, 0x85, 0x76, 0xee, 0x66, 0x74, 0x2d, - 0x1a, 0xb8, 0xf7, 0x2f, 0x11, 0x5b, 0x36, 0xd8, - 0x46, 0x33, 0x3b, 0xd8, 0xf3, 0x2d, 0xa1, 0x03, - 0x83, 0x2b, 0xec, 0x35, 0x43, 0x32, 0xff, 0xdd, - 0x81, 0x7c, 0xfd, 0x65, 0x13, 0x04, 0x7c, 0xfc, - 0x03, 0x97, 0xf0, 0xd5, 0x62, 0xdc, 0x0d, 0xbf - }; - - static uint8_t rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = { - 0xdb, 0x1e, 0xa7, 0x3d, 0xe7, 0xfa, 0x8b, 0x04, - 0x83, 0x48, 0xf3, 0xa5, 0x31, 0x9d, 0x35, 0x5e, - 0x4d, 0x54, 0x77, 0xcc, 0x84, 0x09, 0xf3, 0x11, - 0x0d, 0x54, 0xed, 0x85, 0x39, 0xa9, 0xca, 0xa8, - 0xea, 0xae, 0x19, 0x9c, 0x75, 0xdb, 0x88, 0xb8, - 0x04, 0x8d, 0x54, 0xc6, 0xa4, 0x80, 0xf8, 0x93, - 0xf0, 0xdb, 0x19, 0xef, 0xd7, 0x87, 0x8a, 0x8f, - 0x5a, 0x09, 0x2e, 0x54, 0xf3, 0x45, 0x24, 0x29 - }; - - static uint8_t rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = { - 0x6a, 0xd1, 0x25, 0x80, 0x18, 0x33, 0x3c, 0x2b, - 0x44, 0x19, 0xfe, 0xa5, 0x40, 0x03, 0xc4, 0xfc, - 0xb3, 0x9c, 0xef, 0x07, 0x99, 0x58, 0x17, 0xc1, - 0x44, 0xa3, 0x15, 0x7d, 0x7b, 0x22, 0x22, 0xdf, - 0x03, 0x58, 0x66, 0xf5, 0x24, 0x54, 0x52, 0x91, - 0x2d, 0x76, 0xfe, 0x63, 0x64, 0x4e, 0x0f, 0x50, - 0x2b, 0x65, 0x79, 0x1f, 0xf1, 0xbf, 0xc7, 0x41, - 0x26, 0xcc, 0xc6, 0x1c, 0xa9, 0x83, 0x6f, 0x03 - }; - - static uint8_t rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = { - 0x12, 0x84, 0x1a, 0x99, 0xce, 0x9a, 0x8b, 0x58, - 0xcc, 0x47, 0x43, 0xdf, 0x77, 0xbb, 0xd3, 0x20, - 0xae, 0xe4, 0x2e, 0x63, 0x67, 0xdc, 0xf7, 0x5f, - 0x3f, 0x83, 0x27, 0xb7, 0x14, 0x52, 0x56, 0xbf, - 0xc3, 0x65, 0x06, 0xe1, 0x03, 0xcc, 0x93, 0x57, - 0x09, 0x7b, 0x6f, 0xe8, 0x81, 0x4a, 0x2c, 0xb7, - 0x43, 0xa9, 0x20, 0x1d, 0xf6, 0x56, 0x8b, 0xcc, - 0xe5, 0x4c, 0xd5, 0x4f, 0x74, 0x67, 0x29, 0x51 - }; - - static uint8_t rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = { - 0x23, 0xab, 0xf4, 0x03, 0x2f, 0x29, 0x95, 0x74, - 0xac, 0x1a, 0x33, 0x96, 0x62, 0xed, 0xf7, 0xf6, - 0xae, 0x07, 0x2a, 0x2e, 0xe8, 0xab, 0xfb, 0x1e, - 0xb9, 0xb2, 0x88, 0x1e, 0x85, 0x05, 0x42, 0x64, - 0x03, 0xb2, 0x8b, 0xc1, 0x81, 0x75, 0xd7, 0xba, - 0xaa, 0xd4, 0x31, 0x3c, 0x8a, 0x96, 0x23, 0x9d, - 0x3f, 0x06, 0x3e, 0x44, 0xa9, 0x62, 0x2f, 0x61, - 0x5a, 0x51, 0x82, 0x2c, 0x04, 0x85, 0x73, 0xd1 - }; - - /* RSA Known Plaintext Message (1024-bits). */ - static uint8_t rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = { - "Known plaintext message utilized" - "for RSA Encryption & Decryption" - "block, SHA1, SHA256, SHA384 and" - "SHA512 RSA Signature KAT tests." - }; - - /* RSA Known Ciphertext (1024-bits). */ - static uint8_t rsa_known_ciphertext[] = { - 0x1e, 0x7e, 0x12, 0xbb, 0x15, 0x62, 0xd0, 0x23, - 0x53, 0x4c, 0x51, 0x97, 0x77, 0x06, 0xa0, 0xbb, - 0x26, 0x99, 0x9a, 0x8f, 0x39, 0xad, 0x88, 0x5c, - 0xc4, 0xce, 0x33, 0x40, 0x94, 0x92, 0xb4, 0x0e, - 0xab, 0x71, 0xa9, 0x5d, 0x9a, 0x37, 0xe3, 0x9a, - 0x24, 0x95, 0x13, 0xea, 0x0f, 0xbb, 0xf7, 0xff, - 0xdf, 0x31, 0x33, 0x23, 0x1d, 0xce, 0x26, 0x9e, - 0xd1, 0xde, 0x98, 0x40, 0xde, 0x57, 0x86, 0x12, - 0xf1, 0xe6, 0x5a, 0x3f, 0x08, 0x02, 0x81, 0x85, - 0xe0, 0xd9, 0xad, 0x3c, 0x8c, 0x71, 0xf8, 0xcf, - 0x0a, 0x98, 0xc5, 0x08, 0xdc, 0xc4, 0xca, 0x8c, - 0x23, 0x1b, 0x4d, 0x9b, 0xb5, 0x13, 0x44, 0xe1, - 0x5f, 0xf9, 0x30, 0x80, 0x25, 0xe0, 0x1e, 0x94, - 0xa3, 0x0c, 0xdc, 0x82, 0x2e, 0xfb, 0x30, 0xbe, - 0x89, 0xba, 0x76, 0xb6, 0x23, 0xf7, 0xda, 0x7c, - 0xca, 0xe6, 0x02, 0xbd, 0x92, 0xce, 0x64, 0xfc - }; - - /* RSA Known Signed Hash (1024-bits). */ - static uint8_t rsa_known_sha1_signature[] = { - 0xd2, 0xa4, 0xe0, 0x2b, 0xc7, 0x03, 0x7f, 0xc6, - 0x06, 0x9e, 0xa2, 0x82, 0x19, 0xe9, 0x2b, 0xaf, - 0xe3, 0x48, 0x88, 0xc1, 0xf3, 0xb5, 0x0d, 0xe4, - 0x52, 0x9e, 0xad, 0xd5, 0x58, 0xb5, 0x9f, 0xe8, - 0x40, 0xe9, 0xb7, 0x2e, 0xc6, 0x71, 0x58, 0x56, - 0x04, 0xac, 0xb0, 0xf3, 0x3a, 0x42, 0x38, 0x08, - 0xc4, 0x43, 0x39, 0xba, 0x19, 0xce, 0xb1, 0x99, - 0xf1, 0x8d, 0x89, 0xd8, 0x50, 0x07, 0x14, 0x3d, - 0xcf, 0xd0, 0xb6, 0x79, 0xde, 0x9c, 0x89, 0x32, - 0xb0, 0x73, 0x3f, 0xed, 0x03, 0x0b, 0xdf, 0x6d, - 0x7e, 0xc9, 0x1c, 0x39, 0xe8, 0x2b, 0x16, 0x09, - 0xbb, 0x5f, 0x99, 0x2f, 0xeb, 0xf3, 0x37, 0x73, - 0x0d, 0x0e, 0xcc, 0x95, 0xad, 0x90, 0x80, 0x03, - 0x1d, 0x80, 0x55, 0x37, 0xa1, 0x2a, 0x71, 0x76, - 0x23, 0x87, 0x8c, 0x9b, 0x41, 0x07, 0xc6, 0x3d, - 0xc6, 0xa3, 0x7d, 0x1b, 0xff, 0x4e, 0x11, 0x19 - }; - - /* RSA Known Signed Hash (1024-bits). */ - static uint8_t rsa_known_sha256_signature[] = { - 0x27, 0x35, 0xdd, 0xc4, 0xf8, 0xe2, 0x0b, 0xa3, - 0xef, 0x63, 0x57, 0x3b, 0xe1, 0x58, 0x9a, 0xbc, - 0x20, 0x9c, 0x25, 0x12, 0x01, 0xbf, 0xbb, 0x29, - 0x80, 0x1a, 0xb1, 0x37, 0x9c, 0xcd, 0x67, 0xc7, - 0x0d, 0xf8, 0x64, 0x10, 0x9f, 0xe2, 0xa1, 0x9b, - 0x21, 0x90, 0xcc, 0xda, 0x8b, 0x76, 0x5e, 0x79, - 0x00, 0x9d, 0x58, 0x8b, 0x8a, 0xb3, 0xc3, 0xb5, - 0xf1, 0x54, 0xc5, 0x8c, 0x72, 0xba, 0xde, 0x51, - 0x3c, 0x6b, 0x94, 0xd6, 0xf3, 0x1b, 0xa2, 0x53, - 0xe6, 0x1a, 0x46, 0x1d, 0x7f, 0x14, 0x86, 0xcc, - 0xa6, 0x30, 0x92, 0x96, 0xc0, 0x96, 0x24, 0xf0, - 0x42, 0x53, 0x4c, 0xdd, 0x27, 0xdf, 0x1d, 0x2e, - 0x8b, 0x83, 0xbe, 0xed, 0x85, 0x1d, 0x50, 0x46, - 0xa3, 0x7d, 0x20, 0xea, 0x3e, 0x91, 0xfb, 0xf6, - 0x86, 0x51, 0xfd, 0x8c, 0xe5, 0x31, 0xe6, 0x7e, - 0x60, 0x08, 0x0e, 0xec, 0xa6, 0xea, 0x24, 0x8d - }; - - /* RSA Known Signed Hash (1024-bits). */ - static uint8_t rsa_known_sha384_signature[] = { - 0x0b, 0x03, 0x94, 0x4f, 0x94, 0x78, 0x9b, 0x96, - 0x76, 0xeb, 0x72, 0x58, 0xe1, 0xc5, 0xc7, 0x5f, - 0x85, 0x01, 0xa8, 0xc4, 0xf6, 0x1a, 0xb5, 0x2c, - 0xd1, 0xd8, 0x87, 0xde, 0x3a, 0x9c, 0x9f, 0x57, - 0x81, 0x2a, 0x1e, 0x23, 0x07, 0x70, 0xb0, 0xf9, - 0x28, 0x3d, 0xfa, 0xe5, 0x2e, 0x1b, 0x9a, 0x72, - 0xc3, 0x74, 0xb3, 0x42, 0x1c, 0x9a, 0x13, 0xdc, - 0xc9, 0xd6, 0xd5, 0x88, 0xc9, 0x9c, 0x46, 0xf1, - 0x0c, 0xa6, 0xf7, 0xd8, 0x06, 0xa3, 0x1b, 0xdf, - 0x55, 0xb3, 0x1b, 0x7b, 0x58, 0x1d, 0xff, 0x19, - 0xc7, 0xe0, 0xdd, 0x59, 0xac, 0x2f, 0x78, 0x71, - 0xe7, 0xe0, 0x17, 0xa3, 0x1c, 0x5c, 0x92, 0xef, - 0xb6, 0x75, 0xed, 0xbe, 0x18, 0x39, 0x6b, 0xd7, - 0xc9, 0x08, 0x62, 0x55, 0x62, 0xac, 0x5d, 0xa1, - 0x9b, 0xd5, 0xb8, 0x98, 0x15, 0xc0, 0xf5, 0x41, - 0x85, 0x44, 0x96, 0xca, 0x10, 0xdc, 0x57, 0x21 - }; - - /* RSA Known Signed Hash (1024-bits). */ - static uint8_t rsa_known_sha512_signature[] = { - 0xa5, 0xd0, 0x80, 0x04, 0x22, 0xfc, 0x80, 0x73, - 0x7d, 0x46, 0xc8, 0x7b, 0xac, 0x44, 0x7b, 0xe6, - 0x07, 0xe5, 0x61, 0x4c, 0x33, 0x7f, 0x6f, 0x46, - 0x7c, 0x30, 0xe3, 0x75, 0x59, 0x4b, 0x42, 0xf3, - 0x9f, 0x35, 0x3c, 0x10, 0x56, 0xdb, 0xd2, 0x69, - 0x43, 0xcb, 0x77, 0xe9, 0x7d, 0xcd, 0x07, 0x43, - 0xc5, 0xd4, 0x0c, 0x9d, 0xf5, 0x92, 0xbd, 0x0e, - 0x3b, 0xb7, 0x68, 0x88, 0x84, 0xca, 0xae, 0x0d, - 0xab, 0x71, 0x10, 0xad, 0xab, 0x27, 0xe4, 0xa3, - 0x24, 0x41, 0xeb, 0x1c, 0xa6, 0x5f, 0xf1, 0x85, - 0xd0, 0xf6, 0x22, 0x74, 0x3d, 0x81, 0xbe, 0xdd, - 0x1b, 0x2a, 0x4c, 0xd1, 0x6c, 0xb5, 0x6d, 0x7a, - 0xbb, 0x99, 0x69, 0x01, 0xa6, 0xc0, 0x98, 0xfa, - 0x97, 0xa3, 0xd1, 0xb0, 0xdf, 0x09, 0xe3, 0x3d, - 0x88, 0xee, 0x90, 0xf3, 0x10, 0x41, 0x0f, 0x06, - 0x31, 0xe9, 0x60, 0x2d, 0xbf, 0x63, 0x7b, 0xf8 - }; - - RSAPrivateKey_t rsa_private_key; - CK_RV rv; - uint8_t rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH]; - uint8_t rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH]; - uint8_t rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH]; - CK_BYTE der_data[SHA512_DIGEST_LENGTH + SHA2_DER_PREFIX_Len]; - - /* - * RSA Known Answer Encryption Test. - */ - rsa_private_key.bkey.modulus = rsa_modulus; - rsa_private_key.bkey.modulus_bits = - CRYPTO_BYTES2BITS(FIPS_RSA_MODULUS_LENGTH); - rsa_private_key.bkey.pubexpo = rsa_public_exponent; - rsa_private_key.bkey.pubexpo_bytes = FIPS_RSA_PUBLIC_EXPONENT_LENGTH; - rsa_private_key.bkey.rfunc = NULL; - - /* Perform RSA Public Key Encryption. */ - rv = fips_rsa_encrypt(&rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_ciphertext); - - if ((rv != CKR_OK) || - (memcmp(rsa_computed_ciphertext, rsa_known_ciphertext, - FIPS_RSA_ENCRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * RSA Known Answer Decryption Test. - */ - rsa_private_key.version = rsa_version; - rsa_private_key.version_len = FIPS_RSA_PRIVATE_VERSION_LENGTH; - rsa_private_key.bkey.modulus = rsa_modulus; - rsa_private_key.bkey.modulus_bits = - CRYPTO_BYTES2BITS(FIPS_RSA_MODULUS_LENGTH); - rsa_private_key.bkey.pubexpo = rsa_public_exponent; - rsa_private_key.bkey.pubexpo_bytes = FIPS_RSA_PUBLIC_EXPONENT_LENGTH; - rsa_private_key.bkey.privexpo = rsa_private_exponent; - rsa_private_key.bkey.privexpo_bytes = FIPS_RSA_PRIVATE_EXPONENT_LENGTH; - rsa_private_key.bkey.prime1 = rsa_prime0; - rsa_private_key.bkey.prime1_bytes = FIPS_RSA_PRIME0_LENGTH; - rsa_private_key.bkey.prime2 = rsa_prime1; - rsa_private_key.bkey.prime2_bytes = FIPS_RSA_PRIME1_LENGTH; - rsa_private_key.bkey.expo1 = rsa_exponent0; - rsa_private_key.bkey.expo1_bytes = FIPS_RSA_EXPONENT0_LENGTH; - rsa_private_key.bkey.expo2 = rsa_exponent1; - rsa_private_key.bkey.expo2_bytes = FIPS_RSA_EXPONENT1_LENGTH; - rsa_private_key.bkey.coeff = rsa_coefficient; - rsa_private_key.bkey.coeff_bytes = FIPS_RSA_COEFFICIENT_LENGTH; - - /* Perform RSA Private Key Decryption. */ - rv = fips_rsa_decrypt(&rsa_private_key, rsa_known_ciphertext, - FIPS_RSA_MESSAGE_LENGTH, rsa_computed_plaintext); - - if ((rv != CKR_OK) || - (memcmp(rsa_computed_plaintext, rsa_known_plaintext_msg, - FIPS_RSA_DECRYPT_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* SHA-1 Sign/Verify */ -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA1_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA_1, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#endif - - if ((rv != CKR_OK) || - (memcmp(rsa_computed_signature, rsa_known_sha1_signature, - FIPS_RSA_SIGNATURE_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA1_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA_1, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#endif - - if (rv != CKR_OK) - goto rsa_loser; - - /* SHA256 Sign/Verify */ -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA256_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA256, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#endif - - if ((rv != CKR_OK) || - (memcmp(rsa_computed_signature, rsa_known_sha256_signature, - FIPS_RSA_SIGNATURE_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA256_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA256, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#endif - - if (rv != CKR_OK) - goto rsa_loser; - - /* SHA384 Sign/Verify */ -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA384_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA384, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#endif - - if ((rv != CKR_OK) || - (memcmp(rsa_computed_signature, rsa_known_sha384_signature, - FIPS_RSA_SIGNATURE_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA384_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA384, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#endif - - if (rv != CKR_OK) - goto rsa_loser; - - /* SHA512 Sign/Verify */ -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA512_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA512, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 1); -#endif - - if ((rv != CKR_OK) || - (memcmp(rsa_computed_signature, rsa_known_sha512_signature, - FIPS_RSA_SIGNATURE_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#ifdef _KERNEL - rv = fips_rsa_sign_verify_test(SHA512_TYPE, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#else - rv = fips_rsa_sign_verify_test(CKM_SHA512, &rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, - rsa_computed_signature, der_data, 0); -#endif - -rsa_loser: - if (rv != CKR_OK) - return (CKR_DEVICE_ERROR); - else - return (CKR_OK); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_sha1_util.c --- a/usr/src/common/crypto/fips/fips_sha1_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,327 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef _KERNEL -#include -#include -#include -#include -#include -#include -#include "softMAC.h" -#endif -#include -#define _SHA1_FIPS_POST -#include - -/* - * fips_sha1_build_context() - * - * Description: - * This function allocates and initializes SHA1 context - * context. - */ -SHA1_CTX * -fips_sha1_build_context(void) -{ - SHA1_CTX *sha1_context; - - -#ifndef _KERNEL - if ((sha1_context = malloc(sizeof (SHA1_CTX))) == NULL) -#else - if ((sha1_context = kmem_zalloc(sizeof (SHA1_CTX), - KM_SLEEP)) == NULL) -#endif - return (NULL); - - SHA1Init(sha1_context); - - return (sha1_context); - -} - -/* - * fips_sha1_hash() - * - * Arguments: - * sha1_context: pointer to SHA1 context - * in: pointer to the input data to be hashed - * inlen: length of the input data - * out: pointer to the output data after hashing - * - * Description: - * This function calls the low-level SHA1 routines for hashing. - * - */ -int -fips_sha1_hash(SHA1_CTX *sha1_context, uchar_t *in, ulong_t inlen, uchar_t *out) -{ - - int rv; - - if (in != NULL) { -#ifdef __sparcv9 - SHA1Update((SHA1_CTX *)sha1_context, in, (uint_t)inlen); -#else /* !__sparcv9 */ - SHA1Update((SHA1_CTX *)sha1_context, in, inlen); -#endif /* __sparcv9 */ - SHA1Final(out, (SHA1_CTX *)sha1_context); - rv = CKR_OK; - } else - rv = CKR_ARGUMENTS_BAD; - - if (sha1_context) -#ifdef _KERNEL - kmem_free(sha1_context, sizeof (SHA1_CTX)); -#else - free(sha1_context); -#endif - return (rv); -} - - -#ifndef _KERNEL -soft_hmac_ctx_t * -fips_sha1_hmac_build_context(uint8_t *secret_key, - unsigned int secret_key_length) -{ - - soft_hmac_ctx_t *hmac_ctx; - uint32_t sha1_ipad[SHA1_HMAC_INTS_PER_BLOCK]; - uint32_t sha1_opad[SHA1_HMAC_INTS_PER_BLOCK]; - - hmac_ctx = malloc(sizeof (soft_hmac_ctx_t)); - - if (hmac_ctx == NULL) { - return (NULL); - } - - hmac_ctx->hmac_len = SHA1_HASH_SIZE; - bzero(sha1_ipad, SHA1_HMAC_BLOCK_SIZE); - bzero(sha1_opad, SHA1_HMAC_BLOCK_SIZE); - - (void) memcpy(sha1_ipad, secret_key, secret_key_length); - (void) memcpy(sha1_opad, secret_key, secret_key_length); - - sha1_hmac_ctx_init(&hmac_ctx->hc_ctx_u.sha1_ctx, sha1_ipad, - sha1_opad); - - return (hmac_ctx); - -} - -CK_RV -fips_hmac_sha1_hash(unsigned char *hmac_computed, - uint8_t *secret_key, - unsigned int secret_key_length, - uint8_t *message, - unsigned int message_length) -{ - - soft_hmac_ctx_t *hmac_ctx = NULL; - - hmac_ctx = fips_sha1_hmac_build_context(secret_key, - secret_key_length); - - if (hmac_ctx == NULL) - return (CKR_HOST_MEMORY); - - if (message != NULL) { - SOFT_MAC_UPDATE(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx), - message, message_length); - } - - SOFT_MAC_FINAL(SHA1, &(hmac_ctx->hc_ctx_u.sha1_ctx), hmac_computed); - - free(hmac_ctx); - return (CKR_OK); -} - -#else /* _KERNEL */ - -/* - * Initialize a SHA1-HMAC context. - */ -void -sha1_mac_init_ctx(sha1_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes) -{ - uint32_t ipad[SHA1_HMAC_INTS_PER_BLOCK]; - uint32_t opad[SHA1_HMAC_INTS_PER_BLOCK]; - uint_t i; - - bzero(ipad, SHA1_HMAC_BLOCK_SIZE); - bzero(opad, SHA1_HMAC_BLOCK_SIZE); - - bcopy(keyval, ipad, length_in_bytes); - bcopy(keyval, opad, length_in_bytes); - - /* XOR key with ipad (0x36) and opad (0x5c) */ - for (i = 0; i < SHA1_HMAC_INTS_PER_BLOCK; i++) { - ipad[i] ^= 0x36363636; - opad[i] ^= 0x5c5c5c5c; - } - - /* perform SHA1 on ipad */ - SHA1Init(&ctx->hc_icontext); - SHA1Update(&ctx->hc_icontext, (uint8_t *)ipad, SHA1_HMAC_BLOCK_SIZE); - - /* perform SHA1 on opad */ - SHA1Init(&ctx->hc_ocontext); - SHA1Update(&ctx->hc_ocontext, (uint8_t *)opad, SHA1_HMAC_BLOCK_SIZE); -} - -sha1_hmac_ctx_t * -fips_sha1_hmac_build_context(uint8_t *secret_key, - unsigned int secret_key_length) -{ - sha1_hmac_ctx_t *sha1_hmac_ctx_tmpl; - - - /* - * Allocate and initialize SHA1 context. - */ - sha1_hmac_ctx_tmpl = kmem_alloc(sizeof (sha1_hmac_ctx_t), - KM_SLEEP); - if (sha1_hmac_ctx_tmpl == NULL) - return (NULL); - - /* - * initialize ctx->hc_icontext and ctx->hc_ocontext - */ - sha1_mac_init_ctx(sha1_hmac_ctx_tmpl, secret_key, - secret_key_length); - - - sha1_hmac_ctx_tmpl->hc_mech_type = SHA1_HMAC_MECH_INFO_TYPE; - - - return (sha1_hmac_ctx_tmpl); -} - -void -fips_hmac_sha1_hash(sha1_hmac_ctx_t *sha1_hmac_ctx, - uint8_t *message, uint32_t message_len, - uint8_t *hmac_computed) -{ - - /* do a SHA1 update of the inner context using the specified data */ - SHA1Update(&((sha1_hmac_ctx)->hc_icontext), message, - message_len); - - /* - * Do a SHA1 final on the inner context. - */ - SHA1Final(hmac_computed, &((sha1_hmac_ctx)->hc_icontext)); - - /* - * Do an SHA1 update on the outer context, feeding the inner - * digest as data. - */ - SHA1Update(&((sha1_hmac_ctx)->hc_ocontext), hmac_computed, - SHA1_HASH_SIZE); - - /* - * Do a SHA1 final on the outer context, storing the computed - * digest in the caller's buffer. - */ - SHA1Final(hmac_computed, &((sha1_hmac_ctx)->hc_ocontext)); - - kmem_free(sha1_hmac_ctx, sizeof (sha1_hmac_ctx_t)); -} - -#endif - -/* - * SHA1 Power-On SelfTest(s). - */ -int -fips_sha1_post(void) -{ - static uint8_t HMAC_known_secret_key_length - = sizeof (HMAC_known_secret_key); - - /* SHA-1 variables. */ - uint8_t sha1_computed_digest[SHA1_DIGEST_LENGTH]; - uint8_t hmac_computed[SHA1_HMAC_BLOCK_SIZE]; - SHA1_CTX *sha1_context = NULL; - -#ifdef _KERNEL - sha1_hmac_ctx_t *sha1_hmac_ctx = NULL; -#endif - - int rv; - - /* SHA-1 Known Answer Hashing Test. */ - sha1_context = fips_sha1_build_context(); - if (sha1_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha1_hash(sha1_context, sha1_known_hash_message, - FIPS_KNOWN_HMAC_MESSAGE_LENGTH, sha1_computed_digest); - - if ((rv != CKR_OK) || - (memcmp(sha1_computed_digest, sha1_known_digest, - SHA1_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#ifdef _KERNEL - /* SHA-1 HMAC Known Answer Hashing Test */ - sha1_hmac_ctx = fips_sha1_hmac_build_context(HMAC_known_secret_key, - HMAC_known_secret_key_length); - - if (sha1_hmac_ctx == NULL) - return (CKR_HOST_MEMORY); - - fips_hmac_sha1_hash(sha1_hmac_ctx, hmac_sha1_known_hash_message, - sizeof (hmac_sha1_known_hash_message), hmac_computed); -#else - rv = fips_hmac_sha1_hash(hmac_computed, HMAC_known_secret_key, - HMAC_known_secret_key_length, hmac_sha1_known_hash_message, - sizeof (hmac_sha1_known_hash_message)); - -#endif - -#ifdef _KERNEL - if (memcmp(hmac_computed, known_SHA1_hmac, - sizeof (known_SHA1_hmac)) != 0) - return (CKR_DEVICE_ERROR); -#else - if ((rv != CKR_OK) || - (memcmp(hmac_computed, known_SHA1_hmac, - sizeof (known_SHA1_hmac)) != 0)) - return (CKR_DEVICE_ERROR); -#endif - - return (rv); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_sha2_util.c --- a/usr/src/common/crypto/fips/fips_sha2_util.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,792 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include -#include -#include -#include -#define _SHA2_IMPL -#include -#include -#include -#ifndef _KERNEL -#include -#include -#include -#include -#include -#include -#include "softMAC.h" -#endif -#include - - -/* - * fips_sha2_build_context() - * - * Description: - * This function allocates and initializes SHA2 context. - */ -#ifndef _KERNEL -SHA2_CTX * -fips_sha2_build_context(CK_MECHANISM_TYPE mechanism) -{ - SHA2_CTX *sha2_context; - - if ((sha2_context = malloc(sizeof (SHA2_CTX))) == NULL) - return (NULL); - - switch (mechanism) { - case CKM_SHA256: - SHA2Init(SHA256, sha2_context); - break; - - case CKM_SHA384: - SHA2Init(SHA384, sha2_context); - break; - - case CKM_SHA512: - SHA2Init(SHA512, sha2_context); - break; - } - - return (sha2_context); -} - -#else -SHA2_CTX * -fips_sha2_build_context(sha2_mech_t mechanism) -{ - SHA2_CTX *sha2_context; - - if ((sha2_context = kmem_zalloc(sizeof (SHA2_CTX), - KM_SLEEP)) == NULL) - return (NULL); - - switch (mechanism) { - case SHA256_TYPE: - SHA2Init(SHA256, sha2_context); - break; - - case SHA384_TYPE: - SHA2Init(SHA384, sha2_context); - break; - - case SHA512_TYPE: - SHA2Init(SHA512, sha2_context); - break; - } - - return (sha2_context); -} -#endif - -/* - * fips_sha2_hash() - * - * Arguments: - * sha2_context: pointer to SHA2 context - * in: pointer to the input data to be hashed - * inlen: length of the input data - * out: pointer to the output data after hashing - * - * Description: - * This function calls the low-level SHA2 routines for hashing. - * - */ -int -fips_sha2_hash(SHA2_CTX *sha2_context, uchar_t *in, - ulong_t inlen, uchar_t *out) -{ - - int rv; - - if (in != NULL) { - SHA2Update((SHA2_CTX *)sha2_context, in, inlen); - SHA2Final(out, (SHA2_CTX *)sha2_context); - rv = CKR_OK; - } else { - rv = CKR_ARGUMENTS_BAD; - } - - if (sha2_context) -#ifdef _KERNEL - kmem_free(sha2_context, sizeof (SHA2_CTX)); -#else - free(sha2_context); -#endif - return (rv); - -} - -#ifndef _KERNEL -soft_hmac_ctx_t * -fips_sha2_hmac_build_context(CK_MECHANISM_TYPE mechanism, - uint8_t *secret_key, - unsigned int secret_key_length) -{ - - soft_hmac_ctx_t *hmac_ctx; - - hmac_ctx = malloc(sizeof (soft_hmac_ctx_t)); - - if (hmac_ctx == NULL) { - return (NULL); - } - - switch (mechanism) { - case CKM_SHA256_HMAC: - { - uint64_t sha_ipad[SHA256_HMAC_INTS_PER_BLOCK]; - uint64_t sha_opad[SHA256_HMAC_INTS_PER_BLOCK]; - - hmac_ctx->hmac_len = SHA256_DIGEST_LENGTH; - bzero(sha_ipad, SHA256_HMAC_BLOCK_SIZE); - bzero(sha_opad, SHA256_HMAC_BLOCK_SIZE); - - (void) memcpy(sha_ipad, secret_key, secret_key_length); - (void) memcpy(sha_opad, secret_key, secret_key_length); - - sha2_hmac_ctx_init(CKM_TO_SHA2(mechanism), - &hmac_ctx->hc_ctx_u.sha2_ctx, - sha_ipad, sha_opad, - SHA256_HMAC_INTS_PER_BLOCK, - SHA256_HMAC_BLOCK_SIZE); - - break; - } - - case CKM_SHA384_HMAC: - { - uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK]; - uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK]; - - hmac_ctx->hmac_len = SHA384_DIGEST_LENGTH; - bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE); - bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE); - - (void) memcpy(sha_ipad, secret_key, secret_key_length); - (void) memcpy(sha_opad, secret_key, secret_key_length); - - sha2_hmac_ctx_init(CKM_TO_SHA2(mechanism), - &hmac_ctx->hc_ctx_u.sha2_ctx, - sha_ipad, sha_opad, - SHA512_HMAC_INTS_PER_BLOCK, - SHA512_HMAC_BLOCK_SIZE); - break; - } - - case CKM_SHA512_HMAC: - { - uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK]; - uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK]; - - hmac_ctx->hmac_len = SHA512_DIGEST_LENGTH; - bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE); - bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE); - - (void) memcpy(sha_ipad, secret_key, secret_key_length); - (void) memcpy(sha_opad, secret_key, secret_key_length); - - sha2_hmac_ctx_init(CKM_TO_SHA2(mechanism), - &hmac_ctx->hc_ctx_u.sha2_ctx, - sha_ipad, sha_opad, - SHA512_HMAC_INTS_PER_BLOCK, - SHA512_HMAC_BLOCK_SIZE); - - break; - } - } - - return (hmac_ctx); -} - -CK_RV -fips_hmac_sha2_hash(unsigned char *hmac_computed, - uint8_t *secret_key, - unsigned int secret_key_length, - uint8_t *message, - unsigned int message_length, - CK_MECHANISM_TYPE mechanism) -{ - - soft_hmac_ctx_t *hmac_ctx = NULL; - - hmac_ctx = fips_sha2_hmac_build_context(mechanism, - secret_key, secret_key_length); - - if (hmac_ctx == NULL) - return (CKR_HOST_MEMORY); - - switch (mechanism) { - case CKM_SHA256_HMAC: - if (message != NULL) - SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext), - message, message_length); - - SOFT_MAC_FINAL_2(SHA256, &(hmac_ctx->hc_ctx_u.sha2_ctx), - hmac_computed); - break; - - case CKM_SHA384_HMAC: - if (message != NULL) - SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext), - message, message_length); - - SOFT_MAC_FINAL_2(SHA384, &(hmac_ctx->hc_ctx_u.sha2_ctx), - hmac_computed); - break; - - case CKM_SHA512_HMAC: - if (message != NULL) - SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext), - message, message_length); - - SOFT_MAC_FINAL_2(SHA512, &(hmac_ctx->hc_ctx_u.sha2_ctx), - hmac_computed); - break; - } - - free(hmac_ctx); - return (CKR_OK); -} - -#else - -/* - * Initialize a SHA2-HMAC context. - */ -void -sha2_mac_init_ctx(sha2_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes) -{ - uint64_t ipad[SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t)]; - uint64_t opad[SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t)]; - int i, block_size, blocks_per_int64; - - /* Determine the block size */ - if (ctx->hc_mech_type <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { - block_size = SHA256_HMAC_BLOCK_SIZE; - blocks_per_int64 = SHA256_HMAC_BLOCK_SIZE / sizeof (uint64_t); - } else { - block_size = SHA512_HMAC_BLOCK_SIZE; - blocks_per_int64 = SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t); - } - - (void) bzero(ipad, block_size); - (void) bzero(opad, block_size); - (void) bcopy(keyval, ipad, length_in_bytes); - (void) bcopy(keyval, opad, length_in_bytes); - - /* XOR key with ipad (0x36) and opad (0x5c) */ - for (i = 0; i < blocks_per_int64; i ++) { - ipad[i] ^= 0x3636363636363636; - opad[i] ^= 0x5c5c5c5c5c5c5c5c; - } - - /* perform SHA2 on ipad */ - SHA2Init(ctx->hc_mech_type, &ctx->hc_icontext); - SHA2Update(&ctx->hc_icontext, (uint8_t *)ipad, block_size); - - /* perform SHA2 on opad */ - SHA2Init(ctx->hc_mech_type, &ctx->hc_ocontext); - SHA2Update(&ctx->hc_ocontext, (uint8_t *)opad, block_size); - -} - -sha2_hmac_ctx_t * -fips_sha2_hmac_build_context(sha2_mech_t mechanism, - uint8_t *secret_key, - unsigned int secret_key_length) -{ - sha2_hmac_ctx_t *sha2_hmac_ctx_tmpl; - - /* - * Allocate and initialize SHA2 context. - */ - sha2_hmac_ctx_tmpl = kmem_alloc(sizeof (sha2_hmac_ctx_t), - KM_SLEEP); - if (sha2_hmac_ctx_tmpl == NULL) - return (NULL); - - switch (mechanism) { - case SHA256_TYPE: - sha2_hmac_ctx_tmpl->hc_mech_type = - SHA256_HMAC_MECH_INFO_TYPE; - break; - - case SHA384_TYPE: - sha2_hmac_ctx_tmpl->hc_mech_type = - SHA384_HMAC_MECH_INFO_TYPE; - break; - - case SHA512_TYPE: - sha2_hmac_ctx_tmpl->hc_mech_type = - SHA512_HMAC_MECH_INFO_TYPE; - break; - } - - /* - * initialize ctx->hc_icontext and ctx->hc_ocontext - */ - sha2_mac_init_ctx(sha2_hmac_ctx_tmpl, secret_key, - secret_key_length); - - return (sha2_hmac_ctx_tmpl); -} - -void -fips_hmac_sha2_hash(sha2_hmac_ctx_t *sha2_hmac_ctx, - uint8_t *message, - uint32_t message_len, - uint8_t *hmac_computed, - sha2_mech_t mechanism) - -{ - - SHA2Update(&((sha2_hmac_ctx)->hc_icontext), message, - message_len); - SHA2Final(hmac_computed, &((sha2_hmac_ctx)->hc_icontext)); - - switch (mechanism) { - case SHA256_TYPE: - SHA2Update(&((sha2_hmac_ctx)->hc_ocontext), - hmac_computed, SHA256_DIGEST_LENGTH); - break; - - case SHA384_TYPE: - SHA2Update(&((sha2_hmac_ctx)->hc_ocontext), - hmac_computed, SHA384_DIGEST_LENGTH); - break; - - case SHA512_TYPE: - SHA2Update(&((sha2_hmac_ctx)->hc_ocontext), - hmac_computed, SHA512_DIGEST_LENGTH); - break; - } - - SHA2Final(hmac_computed, &((sha2_hmac_ctx)->hc_ocontext)); - - kmem_free(sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); -} - -#endif - -/* - * SHA2 Power-On SelfTest(s). - */ -int -fips_sha2_post(void) -{ - - /* - * SHA-256 Known Hash Message (512-bits). - * Source from NIST SHA256ShortMsg (Len = 512) - */ - static uint8_t sha256_known_hash_message[] = { - 0x35, 0x92, 0xec, 0xfd, 0x1e, 0xac, 0x61, 0x8f, - 0xd3, 0x90, 0xe7, 0xa9, 0xc2, 0x4b, 0x65, 0x65, - 0x32, 0x50, 0x93, 0x67, 0xc2, 0x1a, 0x0e, 0xac, - 0x12, 0x12, 0xac, 0x83, 0xc0, 0xb2, 0x0c, 0xd8, - 0x96, 0xeb, 0x72, 0xb8, 0x01, 0xc4, 0xd2, 0x12, - 0xc5, 0x45, 0x2b, 0xbb, 0xf0, 0x93, 0x17, 0xb5, - 0x0c, 0x5c, 0x9f, 0xb1, 0x99, 0x75, 0x53, 0xd2, - 0xbb, 0xc2, 0x9b, 0xb4, 0x2f, 0x57, 0x48, 0xad - }; - - /* known SHA256 Digest Message (32 bytes) */ - static uint8_t known_sha256_digest[] = { - 0x10, 0x5a, 0x60, 0x86, 0x58, 0x30, 0xac, 0x3a, - 0x37, 0x1d, 0x38, 0x43, 0x32, 0x4d, 0x4b, 0xb5, - 0xfa, 0x8e, 0xc0, 0xe0, 0x2d, 0xda, 0xa3, 0x89, - 0xad, 0x8d, 0xa4, 0xf1, 0x02, 0x15, 0xc4, 0x54 - }; - - /* - * SHA-384 Known Hash Message (512-bits). - * Source from NIST SHA384ShortMsg (Len = 512) - */ - static uint8_t sha384_known_hash_message[] = { - 0x58, 0xbe, 0xab, 0xf9, 0x79, 0xab, 0x35, 0xab, - 0xba, 0x29, 0x37, 0x6d, 0x5d, 0xc2, 0x27, 0xab, - 0xb3, 0xd2, 0xff, 0x4d, 0x90, 0x30, 0x49, 0x82, - 0xfc, 0x10, 0x79, 0xbc, 0x2b, 0x28, 0x80, 0xfc, - 0xb0, 0x12, 0x9e, 0x4f, 0xed, 0xf2, 0x78, 0x98, - 0xce, 0x58, 0x6a, 0x91, 0xb7, 0x68, 0x1e, 0x0d, - 0xba, 0x38, 0x5e, 0x80, 0x0e, 0x79, 0x26, 0xc0, - 0xbc, 0x5a, 0xfe, 0x0d, 0x9c, 0xa9, 0x86, 0x50 - }; - - /* known SHA384 Digest Message (48 bytes) */ - static uint8_t known_sha384_digest[] = { - 0xa0, 0x88, 0x8e, 0x1c, 0x4d, 0x7e, 0x80, 0xcb, - 0xaa, 0xaf, 0xa8, 0xbb, 0x1c, 0xa1, 0xca, 0x91, - 0x2a, 0x93, 0x21, 0x75, 0xc2, 0xef, 0x98, 0x2c, - 0xe1, 0xf1, 0x23, 0xa8, 0xc1, 0xae, 0xe9, 0x63, - 0x5a, 0xd7, 0x5b, 0xe5, 0x25, 0x90, 0xa9, 0x24, - 0xbe, 0xd3, 0xf5, 0xec, 0x36, 0xc3, 0x56, 0x90 - }; - - /* - * SHA-512 Known Hash Message (512-bits). - * Source from NIST SHA512ShortMsg (Len = 512) - */ - static uint8_t sha512_known_hash_message[] = { - 0x09, 0x5c, 0x7f, 0x30, 0x82, 0x4f, 0xc9, 0x28, - 0x58, 0xcc, 0x93, 0x47, 0xc0, 0x85, 0xd5, 0x78, - 0x88, 0x5f, 0xf3, 0x61, 0x4d, 0xd3, 0x8e, 0xe7, - 0xee, 0x94, 0xa0, 0xf4, 0x40, 0x72, 0xc8, 0x77, - 0x04, 0x7e, 0xe2, 0xad, 0x16, 0x6f, 0xdb, 0xa0, - 0xe7, 0x44, 0xc3, 0xed, 0x2c, 0x2b, 0x24, 0xc9, - 0xd8, 0xa2, 0x93, 0x46, 0x48, 0xdc, 0x84, 0xd3, - 0xbe, 0x66, 0x63, 0x02, 0x11, 0x0a, 0xe0, 0x8f - }; - - /* known SHA512 Digest Message (64 bytes) */ - static uint8_t known_sha512_digest[] = { - 0xd5, 0xcd, 0xaf, 0x83, 0xbb, 0x4a, 0x27, 0xea, - 0xad, 0x8d, 0x8f, 0x18, 0xe4, 0xbe, 0xe9, 0xc2, - 0x5b, 0xe9, 0x49, 0xa7, 0x61, 0xa0, 0xfd, 0x0f, - 0xb2, 0x28, 0x4c, 0xab, 0x14, 0x3c, 0xad, 0x60, - 0xbe, 0xb5, 0x68, 0x87, 0x34, 0xb2, 0xf8, 0x1e, - 0x9e, 0x2d, 0x64, 0x0b, 0x42, 0x5f, 0xd3, 0x2c, - 0xcb, 0x3d, 0x20, 0xd0, 0x2d, 0x63, 0xc2, 0xc9, - 0x4c, 0x03, 0xab, 0x3d, 0x9e, 0x7d, 0x9b, 0x4a - }; - - /* SHA-2 HMAC Test Vectors */ - - /* - * SHA-256 HMAC Known Hash Message (512-bits). - */ - static uint8_t sha256_hmac_known_hash_message[] = { - 0x54, 0x68, 0x65, 0x20, 0x74, 0x65, 0x73, 0x74, - 0x20, 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x4D, 0x44, 0x32, 0x2C, 0x20, 0x4D, 0x44, - 0x35, 0x2C, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x53, - 0x48, 0x41, 0x2D, 0x31, 0x20, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x6E, 0x67, 0x20, 0x61, 0x6C, 0x67, - 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x73, 0x2E - }; - - static uint8_t sha256_hmac_known_secret_key[] = { - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x53, 0x48, 0x41, 0x2D, - 0x32, 0x35, 0x36, 0x20, 0x48, 0x4D, 0x41, 0x43, - 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x20, - 0x6B, 0x65, 0x79, 0x21 - }; - - static uint8_t sha256_hmac_known_secret_key_length - = sizeof (sha256_hmac_known_secret_key); - - - /* known SHA256 hmac (32 bytes) */ - static uint8_t known_sha256_hmac[] = { - 0x02, 0x87, 0x21, 0x93, 0x84, 0x8a, 0x35, 0xae, - 0xdb, 0xb6, 0x79, 0x26, 0x96, 0xf0, 0x50, 0xeb, - 0x33, 0x49, 0x57, 0xf1, 0xb2, 0x32, 0xd3, 0x63, - 0x03, 0x65, 0x57, 0xa2, 0xba, 0xa2, 0x5f, 0x35 - }; - - /* - * SHA-384 HMAC Known Hash Message (512-bits). - * Source from NIST HMAC.txt (Count = 15, Klen = 16, Tlen = 48) - */ - static uint8_t sha384_hmac_known_secret_key[] = { - 0x01, 0xac, 0x59, 0xf4, 0x2f, 0x8b, 0xb9, 0x1d, - 0x1b, 0xd1, 0x0f, 0xe6, 0x99, 0x0d, 0x7a, 0x87 - }; - - static uint8_t sha384_hmac_known_secret_key_length - = sizeof (sha384_hmac_known_secret_key); - - static uint8_t sha384_hmac_known_hash_message[] = { - 0x3c, 0xaf, 0x18, 0xc4, 0x76, 0xed, 0xd5, 0x61, - 0x5f, 0x34, 0x3a, 0xc7, 0xb7, 0xd3, 0xa9, 0xda, - 0x9e, 0xfa, 0xde, 0x75, 0x56, 0x72, 0xd5, 0xba, - 0x4b, 0x8a, 0xe8, 0xa7, 0x50, 0x55, 0x39, 0xea, - 0x2c, 0x12, 0x4f, 0xf7, 0x55, 0xec, 0x04, 0x57, - 0xfb, 0xe4, 0x9e, 0x43, 0x48, 0x0b, 0x3c, 0x71, - 0xe7, 0xf4, 0x74, 0x2e, 0xc3, 0x69, 0x3a, 0xad, - 0x11, 0x5d, 0x03, 0x9f, 0x90, 0x22, 0x2b, 0x03, - 0x0f, 0xdc, 0x94, 0x40, 0x31, 0x36, 0x91, 0x71, - 0x6d, 0x53, 0x02, 0x00, 0x58, 0x08, 0xc0, 0x76, - 0x27, 0x48, 0x3b, 0x91, 0x6f, 0xdf, 0x61, 0x98, - 0x30, 0x63, 0xc2, 0xeb, 0x12, 0x68, 0xf2, 0xde, - 0xee, 0xf4, 0x2f, 0xc7, 0x90, 0x33, 0x44, 0x56, - 0xbc, 0x6b, 0xad, 0x25, 0x6e, 0x31, 0xfc, 0x90, - 0x66, 0xde, 0x7c, 0xc7, 0xe4, 0x3d, 0x13, 0x21, - 0xb1, 0x86, 0x6d, 0xb4, 0x5e, 0x90, 0x56, 0x22 - }; - - /* known SHA384 hmac (48 bytes) */ - static uint8_t known_sha384_hmac[] = { - 0x19, 0x85, 0xfa, 0x21, 0x63, 0xa5, 0x94, 0x3f, - 0xc5, 0xd9, 0x2f, 0x1f, 0xe8, 0x83, 0x12, 0x15, - 0xe7, 0xe9, 0x1f, 0x0b, 0xff, 0x53, 0x32, 0xbc, - 0x71, 0x3a, 0x07, 0x2b, 0xdb, 0x3a, 0x8f, 0x9e, - 0x5c, 0x51, 0x57, 0x46, 0x3a, 0x3b, 0xfe, 0xb3, - 0x62, 0x31, 0x41, 0x6e, 0x65, 0x97, 0x3e, 0x64 - }; - - /* - * SHA-512 HMAC Known Hash Message (512-bits). - * Source from NIST HMAC.txt (Count = 30, Klen = 20, Tlen = 64) - */ - static uint8_t sha512_hmac_known_secret_key[] = { - 0xa7, 0x36, 0xf2, 0x74, 0xfd, 0xa6, 0x8e, 0x1b, - 0xd5, 0xf9, 0x47, 0x1e, 0x85, 0xfd, 0x41, 0x5d, - 0x7f, 0x2b, 0xa1, 0xbc - }; - - static uint8_t sha512_hmac_known_secret_key_length - = sizeof (sha512_hmac_known_secret_key); - - static uint8_t sha512_hmac_known_hash_message[] = { - 0xa6, 0xcc, 0xc3, 0x55, 0x2c, 0x33, 0xe9, 0x17, - 0x8b, 0x6b, 0x82, 0xc6, 0x53, 0xd6, 0x3d, 0xe2, - 0x54, 0x0f, 0x17, 0x08, 0x07, 0xc3, 0xd9, 0x6a, - 0x2a, 0xc2, 0xe2, 0x7d, 0xab, 0x55, 0x26, 0xf1, - 0xc7, 0xd3, 0x77, 0xe6, 0x73, 0x6f, 0x04, 0x5d, - 0xfb, 0x54, 0x1f, 0xec, 0xe9, 0xf4, 0x43, 0xb7, - 0x28, 0x9c, 0x55, 0x9b, 0x69, 0x4c, 0x2a, 0xac, - 0xc6, 0xc7, 0x4a, 0xe2, 0xa5, 0xe6, 0xf3, 0x0f, - 0xe0, 0x31, 0x61, 0x14, 0x23, 0xb0, 0x4d, 0x55, - 0x95, 0xff, 0xb4, 0x6a, 0xba, 0xa1, 0xd9, 0x18, - 0x98, 0x96, 0x8d, 0x7f, 0x18, 0x30, 0xae, 0x94, - 0xb0, 0x22, 0xee, 0xd2, 0x3f, 0xda, 0xd5, 0x2d, - 0x38, 0x11, 0x0a, 0x48, 0x03, 0xa0, 0xce, 0xe7, - 0xa0, 0x95, 0xc9, 0xa7, 0x8e, 0x86, 0x09, 0xed, - 0xeb, 0x25, 0x48, 0x1c, 0xdc, 0x15, 0x6d, 0x0b, - 0x2f, 0xfc, 0x56, 0xb6, 0x3f, 0xda, 0xd5, 0x33 - }; - - /* known SHA512 hmac (64 bytes) */ - static uint8_t known_sha512_hmac[] = { - 0xf7, 0x18, 0x03, 0x43, 0x1e, 0x07, 0xa5, 0xa6, - 0xe5, 0xfd, 0x4a, 0xe4, 0xcf, 0xc2, 0x75, 0x3b, - 0xc8, 0x0d, 0x26, 0xe1, 0x67, 0x23, 0xd9, 0xe8, - 0x8b, 0x40, 0x5a, 0x02, 0x34, 0x8e, 0xf4, 0xb9, - 0x67, 0x92, 0xc9, 0x9c, 0xed, 0x64, 0xdc, 0x70, - 0xea, 0x47, 0x53, 0x78, 0xb7, 0x46, 0x6a, 0xc2, - 0xca, 0xf4, 0xa4, 0x20, 0xb0, 0x1f, 0xf6, 0x1e, - 0x72, 0xc5, 0xb5, 0xee, 0x8e, 0xaa, 0xd4, 0xd4 - }; - - /* SHA-2 variables. */ - uint8_t sha256_computed_digest[SHA256_DIGEST_LENGTH]; - uint8_t sha384_computed_digest[SHA384_DIGEST_LENGTH]; - uint8_t sha512_computed_digest[SHA512_DIGEST_LENGTH]; - - uint8_t hmac_computed[SHA512_DIGEST_LENGTH]; - SHA2_CTX *sha2_context = NULL; - -#ifdef _KERNEL - sha2_hmac_ctx_t *sha2_hmac_ctx; -#endif - - int rv; - - /* - * SHA-2 Known Answer Hashing Test. - */ - - /* SHA-256 POST */ - -#ifdef _KERNEL - sha2_context = fips_sha2_build_context(SHA256_TYPE); -#else - sha2_context = fips_sha2_build_context(CKM_SHA256); -#endif - - if (sha2_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha2_hash(sha2_context, - sha256_known_hash_message, - FIPS_KNOWN_HMAC_MESSAGE_LENGTH, - sha256_computed_digest); - - if ((rv != CKR_OK) || - (memcmp(sha256_computed_digest, known_sha256_digest, - SHA256_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* SHA-384 POST */ - -#ifdef _KERNEL - sha2_context = fips_sha2_build_context(SHA384_TYPE); -#else - sha2_context = fips_sha2_build_context(CKM_SHA384); -#endif - - if (sha2_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha2_hash(sha2_context, - sha384_known_hash_message, - FIPS_KNOWN_HMAC_MESSAGE_LENGTH, - sha384_computed_digest); - - if ((rv != CKR_OK) || - (memcmp(sha384_computed_digest, known_sha384_digest, - SHA384_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* SHA-512 POST */ - -#ifdef _KERNEL - sha2_context = fips_sha2_build_context(SHA512_TYPE); -#else - sha2_context = fips_sha2_build_context(CKM_SHA512); -#endif - - if (sha2_context == NULL) - return (CKR_HOST_MEMORY); - - rv = fips_sha2_hash(sha2_context, - sha512_known_hash_message, - FIPS_KNOWN_HMAC_MESSAGE_LENGTH, - sha512_computed_digest); - - if ((rv != CKR_OK) || - (memcmp(sha512_computed_digest, known_sha512_digest, - SHA512_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - - /* - * SHA-2 HMAC Known Answer Hashing Test. - */ - - /* HMAC SHA-256 POST */ - -#ifdef _KERNEL - sha2_hmac_ctx = fips_sha2_hmac_build_context( - SHA256_TYPE, - sha256_hmac_known_secret_key, - sha256_hmac_known_secret_key_length); - - if (sha2_hmac_ctx == NULL) - return (CKR_HOST_MEMORY); - - fips_hmac_sha2_hash(sha2_hmac_ctx, - sha256_hmac_known_hash_message, - FIPS_KNOWN_HMAC_MESSAGE_LENGTH, - hmac_computed, - SHA256_TYPE); - - if (memcmp(hmac_computed, known_sha256_hmac, - SHA256_DIGEST_LENGTH) != 0) - return (CKR_DEVICE_ERROR); - -#else - rv = fips_hmac_sha2_hash(hmac_computed, - sha256_hmac_known_secret_key, - sha256_hmac_known_secret_key_length, - sha256_hmac_known_hash_message, - FIPS_KNOWN_HMAC_MESSAGE_LENGTH, - CKM_SHA256_HMAC); - - if ((rv != CKR_OK) || - (memcmp(hmac_computed, known_sha256_hmac, - SHA256_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#endif - - /* HMAC SHA-384 POST */ - -#ifdef _KERNEL - sha2_hmac_ctx = fips_sha2_hmac_build_context( - SHA384_TYPE, - sha384_hmac_known_secret_key, - sha384_hmac_known_secret_key_length); - - if (sha2_hmac_ctx == NULL) - return (CKR_HOST_MEMORY); - - fips_hmac_sha2_hash(sha2_hmac_ctx, - sha384_hmac_known_hash_message, - sizeof (sha384_hmac_known_hash_message), - hmac_computed, - SHA384_TYPE); - - if (memcmp(hmac_computed, known_sha384_hmac, - SHA384_DIGEST_LENGTH) != 0) - return (CKR_DEVICE_ERROR); -#else - rv = fips_hmac_sha2_hash(hmac_computed, - sha384_hmac_known_secret_key, - sha384_hmac_known_secret_key_length, - sha384_hmac_known_hash_message, - sizeof (sha384_hmac_known_hash_message), - CKM_SHA384_HMAC); - - if ((rv != CKR_OK) || - (memcmp(hmac_computed, known_sha384_hmac, - SHA384_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#endif - - /* HMAC SHA-512 POST */ - -#ifdef _KERNEL - sha2_hmac_ctx = fips_sha2_hmac_build_context( - SHA512_TYPE, - sha512_hmac_known_secret_key, - sha512_hmac_known_secret_key_length); - - if (sha2_hmac_ctx == NULL) - return (CKR_HOST_MEMORY); - - fips_hmac_sha2_hash(sha2_hmac_ctx, - sha512_hmac_known_hash_message, - sizeof (sha512_hmac_known_hash_message), - hmac_computed, - SHA512_TYPE); - - if (memcmp(hmac_computed, known_sha512_hmac, - SHA512_DIGEST_LENGTH) != 0) - return (CKR_DEVICE_ERROR); - -#else - rv = fips_hmac_sha2_hash(hmac_computed, - sha512_hmac_known_secret_key, - sha512_hmac_known_secret_key_length, - sha512_hmac_known_hash_message, - sizeof (sha512_hmac_known_hash_message), - CKM_SHA512_HMAC); - - if ((rv != CKR_OK) || - (memcmp(hmac_computed, known_sha512_hmac, - SHA512_DIGEST_LENGTH) != 0)) - return (CKR_DEVICE_ERROR); - -#endif - - return (CKR_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_test_vectors.c --- a/usr/src/common/crypto/fips/fips_test_vectors.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1594 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include - -/* - * AES ECB/CBC test vectors - */ - -/* AES Known Key (up to 256-bits). */ -uint8_t aes_known_key[] = { - 'A', 'E', 'S', '-', '1', '2', '8', ' ', - 'R', 'I', 'J', 'N', 'D', 'A', 'E', 'L', - 'L', 'E', 'A', 'D', 'N', 'J', 'I', 'R', - ' ', '8', '2', '1', '-', 'S', 'E', 'A' -}; - -/* AES-CBC Known Initialization Vector (128-bits). */ -uint8_t aes_cbc_known_initialization_vector[] = { - 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', - 'y', 't', 'i', 'r', 'u', 'c', 'e', 'S' -}; - -/* AES Known Plaintext (128-bits). (blocksize is 128-bits) */ -uint8_t aes_known_plaintext[] = { - 'S', 'u', 'n', ' ', 'O', 'p', 'e', 'n', - ' ', 'S', 'o', 'l', 'a', 'r', 'i', 's' -}; - -/* AES Known Ciphertext (128-bit key). */ -uint8_t aes_ecb128_known_ciphertext[] = { - 0xcc, 0xd1, 0xd0, 0xf3, 0xfd, 0x44, 0xb1, 0x4d, - 0xfe, 0x33, 0x20, 0x72, 0x3c, 0xf3, 0x4d, 0x27 -}; - -uint8_t aes_cbc128_known_ciphertext[] = { - 0x59, 0x34, 0x55, 0xd1, 0x89, 0x9b, 0xf4, 0xa5, - 0x16, 0x2c, 0x4c, 0x14, 0xd3, 0xe2, 0xe5, 0xed -}; - -/* AES Known Ciphertext (192-bit key). */ -uint8_t aes_ecb192_known_ciphertext[] = { - 0xa3, 0x78, 0x10, 0x44, 0xd8, 0xee, 0x8a, 0x98, - 0x41, 0xa4, 0xeb, 0x96, 0x57, 0xd8, 0xa0, 0xc5 -}; - -uint8_t aes_cbc192_known_ciphertext[] = { - 0x22, 0x9c, 0x68, 0xc6, 0x86, 0x68, 0xcc, 0x6a, - 0x56, 0x2c, 0xb8, 0xe0, 0x16, 0x4e, 0x8b, 0x78 -}; - -/* AES Known Ciphertext (256-bit key). */ -uint8_t aes_ecb256_known_ciphertext[] = { - 0xe4, 0x65, 0x92, 0x7f, 0xd0, 0xdd, 0x59, 0x49, - 0x79, 0xc3, 0xac, 0x96, 0x30, 0xad, 0x32, 0x52 -}; - -uint8_t aes_cbc256_known_ciphertext[] = { - 0xd9, 0x44, 0x43, 0xe8, 0xdb, 0x60, 0x6b, 0xde, - 0xc2, 0x84, 0xbf, 0xb9, 0xaf, 0x43, 0x3f, 0x51 -}; - -/* AES-CTR Known Key (128-bits). */ -uint8_t aes_ctr128_known_key[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c -}; - -/* AES-CTR Known Key (192-bits). */ -uint8_t aes_ctr192_known_key[] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b -}; - -/* AES-CTR Known Key (256-bits). */ -uint8_t aes_ctr256_known_key[] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 -}; - -/* AES-CTR Known Initialization Counter (128-bits). */ -uint8_t aes_ctr_known_counter[] = { - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff -}; - -/* AES-CTR Known Plaintext (128-bits). */ -uint8_t aes_ctr_known_plaintext[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a -}; - -/* AES-CTR Known Ciphertext. */ -uint8_t aes_ctr128_known_ciphertext[] = { - 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, - 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce -}; - -uint8_t aes_ctr192_known_ciphertext[] = { - 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, - 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b -}; - -uint8_t aes_ctr256_known_ciphertext[] = { - 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, - 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28 -}; - -/* AES-CCM Known Key (128-bits). */ -uint8_t aes_ccm128_known_key[] = { - 0x06, 0xfd, 0xf0, 0x83, 0xb5, 0xcb, 0x3b, 0xc7, - 0xc0, 0x6d, 0x4d, 0xe5, 0xa6, 0x34, 0xc6, 0x50 -}; - -/* AES-CCM Known Key (192-bits). */ -uint8_t aes_ccm192_known_key[] = { - 0xde, 0x91, 0x08, 0x63, 0xbe, 0x59, 0xb8, 0x7a, - 0x45, 0x9b, 0xa6, 0xce, 0x2d, 0x7e, 0x71, 0x56, - 0x1c, 0x5c, 0x15, 0xea, 0x1b, 0x6b, 0x05, 0x06 -}; - -/* AES-CCM Known Key (256-bits). */ -uint8_t aes_ccm256_known_key[] = { - 0x84, 0x9c, 0x1d, 0xeb, 0x80, 0xf8, 0x5b, 0x7d, - 0x25, 0x33, 0x64, 0x75, 0x4b, 0xdc, 0x5d, 0xf0, - 0xe8, 0x1c, 0x98, 0x8a, 0x78, 0x8f, 0x15, 0xd1, - 0xa2, 0x52, 0x49, 0xfa, 0x18, 0x5e, 0x1f, 0xd3 -}; - -/* AES-CCM Known Nonce Nlen = 7 bytes (for 128-bits key). */ -uint8_t aes_ccm128_known_nonce[] = { - 0xfd, 0xe2, 0xd5, 0x4c, 0x65, 0x4e, 0xe4 -}; - -/* AES-CCM Known Nonce Nlen = 7 bytes (192-bits). */ -uint8_t aes_ccm192_known_nonce[] = { - 0xcf, 0xb3, 0x48, 0xfa, 0x04, 0x36, 0xa2 -}; - -/* AES-CCM Known Nonce Nlen = 7 bytes (256-bits). */ -uint8_t aes_ccm256_known_nonce[] = { - 0x75, 0xa5, 0x5b, 0x58, 0x33, 0x9d, 0x1c -}; - -/* AES-CCM Known Adata Alen = 30 bytes (128-bits). */ -uint8_t aes_ccm128_known_adata[] = { - 0xe0, 0xdf, 0xfc, 0x4c, 0x92, 0x90, 0xd8, 0x28, - 0xef, 0xe7, 0xc6, 0xbe, 0x4a, 0xbc, 0xd1, 0x3e, - 0x23, 0x61, 0x92, 0x2f, 0xfa, 0x27, 0xa4, 0x0e, - 0x61, 0x24, 0x58, 0x38, 0x55, 0x33 -}; - -/* AES-CCM Known Adata Alen = 30 bytes (192-bits). */ -uint8_t aes_ccm192_known_adata[] = { - 0x4c, 0x5b, 0x4f, 0xfe, 0x80, 0xba, 0x7a, 0xe5, - 0xd3, 0xe8, 0xbc, 0xf6, 0x55, 0x83, 0xcf, 0x58, - 0xa2, 0x82, 0x59, 0x65, 0xba, 0xbd, 0x63, 0x53, - 0x0c, 0xb0, 0x0c, 0x14, 0xd4, 0x7b -}; - -/* AES-CCM Known Adata Alen = 30 bytes (256-bits). */ -uint8_t aes_ccm256_known_adata[] = { - 0x27, 0xb7, 0xec, 0x91, 0x08, 0xe1, 0x4d, 0x12, - 0xd3, 0xd3, 0xb8, 0x49, 0x09, 0xde, 0xd0, 0x9a, - 0x8f, 0x23, 0xbf, 0xd6, 0x02, 0x9b, 0x2a, 0x5e, - 0x4a, 0x5a, 0x63, 0x8c, 0x72, 0x14 -}; -/* AES-CCM Known Payload Plen = 32 bytes (128-bits). */ -uint8_t aes_ccm128_known_plaintext[] = { - 0x77, 0xca, 0xdf, 0xa5, 0xb1, 0x23, 0xfe, 0x07, - 0x8d, 0xca, 0x94, 0xe2, 0x66, 0x3f, 0x73, 0xd0, - 0x3f, 0x0b, 0x4d, 0xc8, 0x05, 0xf6, 0x1c, 0xef, - 0x13, 0x79, 0xc0, 0xb1, 0xfc, 0x76, 0xea, 0x11 -}; - -/* AES-CCM Known Payload Plen = 32 bytes (192-bits). */ -uint8_t aes_ccm192_known_plaintext[] = { - 0xf9, 0x8a, 0x58, 0x59, 0x44, 0x2d, 0x2a, 0xf9, - 0x65, 0x03, 0x36, 0x6d, 0x8a, 0x58, 0x29, 0xf9, - 0xef, 0x47, 0x44, 0x30, 0xf4, 0x7e, 0x0d, 0xcd, - 0x73, 0x41, 0x45, 0xdf, 0x50, 0xb2, 0x1b, 0x29 -}; - -/* AES-CCM Known Payload Plen = 32 bytes (256-bits). */ -uint8_t aes_ccm256_known_plaintext[] = { - 0x25, 0x28, 0x3f, 0x05, 0x41, 0xd6, 0x66, 0x3b, - 0xdb, 0x8f, 0xe9, 0xe7, 0x7b, 0x06, 0xc0, 0xee, - 0xfe, 0xf6, 0xc9, 0x8b, 0x45, 0x08, 0x18, 0x4e, - 0x2e, 0xf7, 0x8e, 0x64, 0xc3, 0xf2, 0xad, 0x18 -}; - -/* - * AES-CCM Known Ciphertext - * Clen = 32 bytes + Tlen = 16 bytes (128-bits). - */ -uint8_t aes_ccm128_known_ciphertext[] = { - 0x33, 0x50, 0x58, 0xbb, 0x5f, 0x13, 0x8d, 0xc9, - 0x5b, 0x2c, 0xa4, 0x50, 0x1d, 0x7f, 0xd4, 0xa5, - 0xb9, 0xb8, 0x71, 0x83, 0x8f, 0x82, 0x27, 0x5f, - 0x75, 0x3e, 0x30, 0xf9, 0x9d, 0xad, 0xc2, 0xe9, - 0x66, 0x93, 0x56, 0x98, 0x01, 0x1e, 0x3c, 0x11, - 0x74, 0xdb, 0x9b, 0xca, 0xce, 0x0f, 0xc3, 0x35 -}; - -/* - * AES-CCM Known Ciphertext - * Clen = 32 bytes + Tlen = 16 bytes (192-bits). - */ -uint8_t aes_ccm192_known_ciphertext[] = { - 0xa7, 0x40, 0xd0, 0x25, 0xbd, 0x3e, 0x8f, 0xd5, - 0x28, 0x3e, 0xee, 0xaa, 0xf9, 0xa7, 0xfc, 0xf2, - 0x33, 0xf6, 0x69, 0xb8, 0xdc, 0x9c, 0x74, 0xb1, - 0x46, 0xf4, 0xd6, 0xcc, 0x0a, 0x16, 0x12, 0x0c, - 0x7c, 0x3c, 0x43, 0x76, 0x94, 0xf6, 0x9a, 0x14, - 0xa0, 0xfb, 0xab, 0x9c, 0x2c, 0xd3, 0x5c, 0x09 -}; - -/* - * AES-CCM Known Ciphertext - * Clen = 32 bytes + Tlen = 16 bytes (256-bits). - */ -uint8_t aes_ccm256_known_ciphertext[] = { - 0xf6, 0x4d, 0x24, 0x69, 0x0e, 0xde, 0xc9, 0xc0, - 0x1e, 0x42, 0xc0, 0x78, 0x29, 0xcf, 0xdb, 0xfe, - 0xab, 0x52, 0x9a, 0xb1, 0x07, 0xe4, 0xac, 0xdf, - 0x48, 0x46, 0x46, 0xc1, 0xe2, 0xb2, 0x0f, 0x36, - 0x5f, 0xeb, 0x44, 0xcf, 0xa8, 0x80, 0x80, 0x23, - 0xc9, 0xee, 0xc7, 0x56, 0x24, 0x63, 0x6e, 0x7e -}; - -/* AES-GCM Known Key (128-bits). */ -uint8_t aes_gcm128_known_key[] = { - 0x7d, 0xf9, 0x9c, 0xdf, 0x7d, 0x00, 0xd9, 0xea, - 0xd3, 0x85, 0x17, 0x1b, 0x29, 0xae, 0xcf, 0xbc -}; - -/* AES-GCM Known Key (192-bits). */ -uint8_t aes_gcm192_known_key[] = { - 0x85, 0xf4, 0x34, 0x7a, 0xf5, 0x98, 0x1e, 0xd9, - 0x89, 0x85, 0x98, 0x1a, 0x53, 0xfc, 0xc5, 0xbf, - 0x53, 0x6c, 0x91, 0x4b, 0x18, 0x3c, 0xe8, 0x12 -}; - -/* AES-GCM Known Key (256-bits). */ -uint8_t aes_gcm256_known_key[] = { - 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, - 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1, - 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, - 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f -}; - -/* AES-GCM Known Initialization Vector (128-bits). */ -uint8_t aes_gcm128_known_iv[] = { - 0x27, 0x4c, 0x4e, 0xae, 0xfe, 0xef, 0xae, 0x26, - 0x80, 0xb0, 0xef, 0xd5 -}; - -/* AES-GCM Known Initialization Vector (192-bits). */ -uint8_t aes_gcm192_known_iv[] = { - 0xd4, 0xfb, 0x33, 0xc6, 0x51, 0xc8, 0x86, 0xff, - 0x28, 0x80, 0xef, 0x96 -}; - -/* AES-GCM Known Initialization Vector (256-bits). */ -uint8_t aes_gcm256_known_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, - 0xee, 0xd0, 0x66, 0x84 -}; - -/* AES-GCM Known AAD Alen = 16 bytes (128-bits). */ -uint8_t aes_gcm128_known_adata[] = { - 0x60, 0xe8, 0xb0, 0x37, 0xec, 0xdf, 0x4d, 0x82, - 0x8c, 0x83, 0x0d, 0xcf, 0xc5, 0xce, 0xd4, 0x9c -}; - -/* AES-GCM Known AAD Alen = 16 bytes (192-bits). */ -uint8_t aes_gcm192_known_adata[] = { - 0x44, 0x3a, 0xdf, 0xad, 0xbb, 0x29, 0xd6, 0x8c, - 0x55, 0xe2, 0x02, 0x2d, 0xca, 0x62, 0x9b, 0x51 -}; - -/* AES-GCM Known AAD Alen = 16 bytes (256-bits). */ -uint8_t aes_gcm256_known_adata[] = { - 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, - 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde -}; - -/* AES-GCM Known Payload Plen = 16 bytes (128-bits). */ -uint8_t aes_gcm128_known_plaintext[] = { - 0x99, 0x66, 0x7d, 0xc9, 0x62, 0xb3, 0x9f, 0x14, - 0x8c, 0xdd, 0xfe, 0x68, 0xf9, 0x0a, 0x43, 0xf9 -}; -/* AES-GCM Known Payload Plen = 16 bytes (192-bits). */ -uint8_t aes_gcm192_known_plaintext[] = { - 0x7f, 0x9c, 0x08, 0x1d, 0x6a, 0xcc, 0xa8, 0xab, - 0x71, 0x75, 0xcb, 0xd0, 0x49, 0x42, 0xba, 0xad -}; -/* AES-GCM Known Payload Plen = 16 bytes (256-bits). */ -uint8_t aes_gcm256_known_plaintext[] = { - 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, - 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5 -}; - -/* AES-GCM Known Ciphertext Clen = 16 bytes (128-bits) + tag */ -uint8_t aes_gcm128_known_ciphertext[] = { - 0x2b, 0x5f, 0x57, 0xf2, 0x62, 0x27, 0xe0, 0x94, - 0xe7, 0xf8, 0x01, 0x23, 0xf9, 0xed, 0xbd, 0xe8, - 0x16, 0xee, 0x08, 0xb4, 0xd8, 0x07, 0xe5, 0xdb, - 0xd5, 0x70, 0x3c, 0xb3, 0xcf, 0x53, 0x8c, 0x14 -}; - -/* AES-GCM Known Ciphertext Clen = 16 bytes (192-bits) + tag */ -uint8_t aes_gcm192_known_ciphertext[] = { - 0xdd, 0x7e, 0x7e, 0x45, 0x5b, 0x21, 0xd8, 0x84, - 0x3d, 0x7b, 0xc3, 0x1f, 0x21, 0x07, 0xf9, 0x55, - 0x9f, 0x0e, 0x8d, 0xe2, 0x6d, 0xb4, 0x95, 0xf5, - 0x91, 0x1f, 0xb6, 0x0c, 0xf5, 0xf2, 0x3a, 0xf9 -}; - -/* AES-GCM Known Ciphertext Clen = 16 bytes (256-bits)+ tag */ -uint8_t aes_gcm256_known_ciphertext[] = { - 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, - 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36, - 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, - 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c -}; - -/* - * Source: NIST gcmEncryptExtIV128.txt - * Count = 0, [Keylen = 128], [IVlen = 96], [PTlen = 0], - * [AADlen = 128], [Taglen = 128] - * - * Source: NIST gcmEncryptExtIV192.txt - * Count = 0, [Keylen = 192], [IVlen = 96], [PTlen = 0], - * [AADlen = 128], [Taglen = 128] - * - * Source: NIST gcmEncryptExtIV256.txt - * Count = 0, [Keylen = 256], [IVlen = 96], [PTlen = 0], - * [AADlen = 128], [Taglen = 128] - */ - -/* AES-GMAC Known Key (128-bits). */ -uint8_t aes_gmac128_known_key[] = { - 0x7d, 0x70, 0xd2, 0x32, 0x48, 0xc4, 0x7e, 0xb3, - 0xd2, 0x73, 0xdf, 0x81, 0xed, 0x30, 0x24, 0xbd -}; - -/* AES-GMAC Known Key (192-bits). */ -uint8_t aes_gmac192_known_key[] = { - 0x03, 0x60, 0x22, 0xfe, 0x26, 0x9a, 0xdc, 0xad, - 0xb5, 0x73, 0x11, 0xa4, 0xa0, 0xed, 0x2a, 0x84, - 0x18, 0x34, 0xb8, 0xb6, 0xd8, 0xa0, 0x7f, 0x41 -}; - -/* AES-GMAC Known Key (256-bits). */ -uint8_t aes_gmac256_known_key[] = { - 0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23, - 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a, - 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa, - 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d -}; - -/* AES-GMAC Known Initialization Vector (128-bits). */ -uint8_t aes_gmac128_known_iv[] = { - 0xab, 0x53, 0x23, 0x33, 0xd6, 0x76, 0x51, 0x20, - 0x8b, 0x8c, 0x34, 0x85 -}; - -/* AES-GMAC Known Initialization Vector (192-bits). */ -uint8_t aes_gmac192_known_iv[] = { - 0x85, 0x65, 0xb2, 0x15, 0x3a, 0x3f, 0x34, 0x9a, - 0x07, 0x31, 0x06, 0x79 -}; - -/* AES-GMAC Known Initialization Vector (256-bits). */ -uint8_t aes_gmac256_known_iv[] = { - 0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73, - 0x43, 0xfb, 0xe0, 0x56 -}; - -/* AES-GMAC Known Tag (128-bits). */ -uint8_t aes_gmac128_known_tag[] = { - 0xcf, 0x89, 0x50, 0xa3, 0x10, 0xf5, 0xab, 0x8b, - 0x69, 0xd5, 0x00, 0x11, 0x1a, 0x44, 0xb0, 0x96 -}; - -/* AES-GMAC Known Tag (192-bits). */ -uint8_t aes_gmac192_known_tag[] = { - 0x90, 0x21, 0xaf, 0x4c, 0xa0, 0x8d, 0x01, 0xef, - 0x82, 0x5a, 0x42, 0xf9, 0xbe, 0x3a, 0xb3, 0xe9 -}; - -/* AES-GMAC Known Tag (256-bits). */ -uint8_t aes_gmac256_known_tag[] = { - 0xef, 0x06, 0xd5, 0x4d, 0xfd, 0x00, 0x02, 0x1d, - 0x75, 0x27, 0xdf, 0xf2, 0x6f, 0xc9, 0xd4, 0x84 -}; - -/* AES-GMAC Known AAD Alen = 16 bytes (128-bits). */ -uint8_t aes_gmac128_known_adata[] = { - 0x7d, 0x1d, 0x42, 0xe8, 0x94, 0x60, 0xe9, 0x44, - 0xbf, 0xa4, 0x83, 0xdb, 0xe6, 0x92, 0xf0, 0x8d -}; - -/* AES-GMAC Known AAD Alen = 16 bytes (192-bits). */ -uint8_t aes_gmac192_known_adata[] = { - 0xad, 0xcf, 0x4f, 0xbb, 0xa0, 0xe0, 0x6a, 0x63, - 0x70, 0x71, 0x1a, 0x57, 0xf8, 0xdc, 0xd0, 0xc9 -}; - -/* AES-GMAC Known AAD Alen = 16 bytes (256-bits). */ -uint8_t aes_gmac256_known_adata[] = { - 0xdb, 0x98, 0xd9, 0x0d, 0x1b, 0x69, 0x5c, 0xdb, - 0x74, 0x7a, 0x34, 0x3f, 0xbb, 0xc9, 0xf1, 0x41 -}; - -/* DES3 Known Key. */ -uint8_t des3_known_key[] = { - 'A', 'N', 'S', 'I', ' ', 'T', 'r', 'i', - 'p', 'l', 'e', '-', 'D', 'E', 'S', ' ', - 'K', 'e', 'y', ' ', 'D', 'a', 't', 'a' -}; - -/* DES3-CBC Known Initialization Vector (64-bits). */ -uint8_t des3_cbc_known_iv[] = { - 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y' -}; - -/* DES3 Known Plaintext (64-bits). */ -uint8_t des3_ecb_known_plaintext[] = { - 'S', 'o', 'l', 'a', 'r', 'i', 's', '!' -}; -uint8_t des3_cbc_known_plaintext[] = { - 'S', 'o', 'l', 'a', 'r', 'i', 's', '!' -}; - -/* DES3 Known Ciphertext (64-bits). */ -uint8_t des3_ecb_known_ciphertext[] = { - 0x17, 0x0d, 0x1f, 0x13, 0xd3, 0xa0, 0x3a, 0x63 -}; - -uint8_t des3_cbc_known_ciphertext[] = { - 0x7f, 0x62, 0x44, 0xb3, 0xf8, 0x77, 0xf8, 0xf8 -}; - - - -/* - * SHA-1 Known Hash Message - * Source from NIST SHA1ShortMsg (L = 512-bits). - */ -uint8_t sha1_known_hash_message[] = { - 0x7e, 0x3a, 0x4c, 0x32, 0x5c, 0xb9, 0xc5, 0x2b, - 0x88, 0x38, 0x7f, 0x93, 0xd0, 0x1a, 0xe8, 0x6d, - 0x42, 0x09, 0x8f, 0x5e, 0xfa, 0x7f, 0x94, 0x57, - 0x38, 0x8b, 0x5e, 0x74, 0xb6, 0xd2, 0x8b, 0x24, - 0x38, 0xd4, 0x2d, 0x8b, 0x64, 0x70, 0x33, 0x24, - 0xd4, 0xaa, 0x25, 0xab, 0x6a, 0xad, 0x15, 0x3a, - 0xe3, 0x0c, 0xd2, 0xb2, 0xaf, 0x4d, 0x5e, 0x5c, - 0x00, 0xa8, 0xa2, 0xd0, 0x22, 0x0c, 0x61, 0x16 -}; - -/* SHA-1 Known Digest Message (160-bits). */ -uint8_t sha1_known_digest[] = { - 0xa3, 0x05, 0x44, 0x27, 0xcd, 0xb1, 0x3f, 0x16, - 0x4a, 0x61, 0x0b, 0x34, 0x87, 0x02, 0x72, 0x4c, - 0x80, 0x8a, 0x0d, 0xcc -}; - -/* Source from NIST HMAC.txt Count = 0 */ -uint8_t HMAC_known_secret_key[] = { - 0x7b, 0x10, 0xf4, 0x12, 0x4b, 0x15, 0xc8, 0x2e -}; - -/* known SHA1 hmac - truncated (10 bytes) */ -uint8_t known_SHA1_hmac[] = { - 0x4e, 0xad, 0x12, 0xc2, 0xfe, 0x3d, 0x6e, 0xa4, - 0x3a, 0xcb -}; - -uint8_t hmac_sha1_known_hash_message[] = { - 0x27, 0xdc, 0xb5, 0xb1, 0xda, 0xf6, 0x0c, 0xfd, - 0x3e, 0x2f, 0x73, 0xd4, 0xd6, 0x4c, 0xa9, 0xc6, - 0x84, 0xf8, 0xbf, 0x71, 0xfc, 0x68, 0x2a, 0x46, - 0x79, 0x3b, 0x17, 0x90, 0xaf, 0xa4, 0xfe, 0xb1, - 0x00, 0xca, 0x7a, 0xaf, 0xf2, 0x6f, 0x58, 0xf0, - 0xe1, 0xd0, 0xed, 0x42, 0xf1, 0xcd, 0xad, 0x1f, - 0x47, 0x4a, 0xfa, 0x2e, 0x79, 0xd5, 0x3a, 0x0c, - 0x42, 0x89, 0x2c, 0x4d, 0x7b, 0x32, 0x7c, 0xbe, - 0x46, 0xb2, 0x95, 0xed, 0x8d, 0xa3, 0xb6, 0xec, - 0xab, 0x3d, 0x48, 0x51, 0x68, 0x7a, 0x6f, 0x81, - 0x2b, 0x79, 0xdf, 0x2f, 0x6b, 0x20, 0xf1, 0x1f, - 0x67, 0x06, 0xf5, 0x30, 0x17, 0x90, 0xca, 0x99, - 0x62, 0x5a, 0xad, 0x73, 0x91, 0xd8, 0x4f, 0x78, - 0x04, 0x3d, 0x2a, 0x0a, 0x23, 0x9b, 0x14, 0x77, - 0x98, 0x4c, 0x15, 0x7b, 0xbc, 0x92, 0x76, 0x06, - 0x4e, 0x7a, 0x1a, 0x40, 0x6b, 0x06, 0x12, 0xca -}; - -/* - * SHA-1 HMAC Known MAC (Case 2) - * Source from FIPS PUB 198 (A.2) - */ -uint8_t sha1_hmac_known_secret_key_2[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43 -}; - -uint8_t sha1_hmac_known_hash_message_2[] = { - 'S', 'a', 'm', 'p', 'l', 'e', ' ', '#', '2' -}; - -uint8_t sha1_known_hmac_2[] = { - 0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19, - 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c, - 0xc6, 0xc7, 0x5d, 0x24 -}; - -/* - * SHA-256 Known Hash Message (512-bits). - * Source from NIST SHA256ShortMsg (Len = 512) - */ -uint8_t sha256_known_hash_message[] = { - 0x35, 0x92, 0xec, 0xfd, 0x1e, 0xac, 0x61, 0x8f, - 0xd3, 0x90, 0xe7, 0xa9, 0xc2, 0x4b, 0x65, 0x65, - 0x32, 0x50, 0x93, 0x67, 0xc2, 0x1a, 0x0e, 0xac, - 0x12, 0x12, 0xac, 0x83, 0xc0, 0xb2, 0x0c, 0xd8, - 0x96, 0xeb, 0x72, 0xb8, 0x01, 0xc4, 0xd2, 0x12, - 0xc5, 0x45, 0x2b, 0xbb, 0xf0, 0x93, 0x17, 0xb5, - 0x0c, 0x5c, 0x9f, 0xb1, 0x99, 0x75, 0x53, 0xd2, - 0xbb, 0xc2, 0x9b, 0xb4, 0x2f, 0x57, 0x48, 0xad -}; - -/* known SHA256 Digest Message (32 bytes) */ -uint8_t known_sha256_digest[] = { - 0x10, 0x5a, 0x60, 0x86, 0x58, 0x30, 0xac, 0x3a, - 0x37, 0x1d, 0x38, 0x43, 0x32, 0x4d, 0x4b, 0xb5, - 0xfa, 0x8e, 0xc0, 0xe0, 0x2d, 0xda, 0xa3, 0x89, - 0xad, 0x8d, 0xa4, 0xf1, 0x02, 0x15, 0xc4, 0x54 -}; - -/* - * SHA-384 Known Hash Message (512-bits). - * Source from NIST SHA384ShortMsg (Len = 512) - */ -uint8_t sha384_known_hash_message[] = { - 0x58, 0xbe, 0xab, 0xf9, 0x79, 0xab, 0x35, 0xab, - 0xba, 0x29, 0x37, 0x6d, 0x5d, 0xc2, 0x27, 0xab, - 0xb3, 0xd2, 0xff, 0x4d, 0x90, 0x30, 0x49, 0x82, - 0xfc, 0x10, 0x79, 0xbc, 0x2b, 0x28, 0x80, 0xfc, - 0xb0, 0x12, 0x9e, 0x4f, 0xed, 0xf2, 0x78, 0x98, - 0xce, 0x58, 0x6a, 0x91, 0xb7, 0x68, 0x1e, 0x0d, - 0xba, 0x38, 0x5e, 0x80, 0x0e, 0x79, 0x26, 0xc0, - 0xbc, 0x5a, 0xfe, 0x0d, 0x9c, 0xa9, 0x86, 0x50 -}; - -/* known SHA384 Digest Message (48 bytes) */ -uint8_t known_sha384_digest[] = { - 0xa0, 0x88, 0x8e, 0x1c, 0x4d, 0x7e, 0x80, 0xcb, - 0xaa, 0xaf, 0xa8, 0xbb, 0x1c, 0xa1, 0xca, 0x91, - 0x2a, 0x93, 0x21, 0x75, 0xc2, 0xef, 0x98, 0x2c, - 0xe1, 0xf1, 0x23, 0xa8, 0xc1, 0xae, 0xe9, 0x63, - 0x5a, 0xd7, 0x5b, 0xe5, 0x25, 0x90, 0xa9, 0x24, - 0xbe, 0xd3, 0xf5, 0xec, 0x36, 0xc3, 0x56, 0x90 -}; - -/* - * SHA-512 Known Hash Message (512-bits). - * Source from NIST SHA512ShortMsg (Len = 512) - */ -uint8_t sha512_known_hash_message[] = { - 0x09, 0x5c, 0x7f, 0x30, 0x82, 0x4f, 0xc9, 0x28, - 0x58, 0xcc, 0x93, 0x47, 0xc0, 0x85, 0xd5, 0x78, - 0x88, 0x5f, 0xf3, 0x61, 0x4d, 0xd3, 0x8e, 0xe7, - 0xee, 0x94, 0xa0, 0xf4, 0x40, 0x72, 0xc8, 0x77, - 0x04, 0x7e, 0xe2, 0xad, 0x16, 0x6f, 0xdb, 0xa0, - 0xe7, 0x44, 0xc3, 0xed, 0x2c, 0x2b, 0x24, 0xc9, - 0xd8, 0xa2, 0x93, 0x46, 0x48, 0xdc, 0x84, 0xd3, - 0xbe, 0x66, 0x63, 0x02, 0x11, 0x0a, 0xe0, 0x8f -}; - -/* known SHA512 Digest Message (64 bytes) */ -uint8_t known_sha512_digest[] = { - 0xd5, 0xcd, 0xaf, 0x83, 0xbb, 0x4a, 0x27, 0xea, - 0xad, 0x8d, 0x8f, 0x18, 0xe4, 0xbe, 0xe9, 0xc2, - 0x5b, 0xe9, 0x49, 0xa7, 0x61, 0xa0, 0xfd, 0x0f, - 0xb2, 0x28, 0x4c, 0xab, 0x14, 0x3c, 0xad, 0x60, - 0xbe, 0xb5, 0x68, 0x87, 0x34, 0xb2, 0xf8, 0x1e, - 0x9e, 0x2d, 0x64, 0x0b, 0x42, 0x5f, 0xd3, 0x2c, - 0xcb, 0x3d, 0x20, 0xd0, 0x2d, 0x63, 0xc2, 0xc9, - 0x4c, 0x03, 0xab, 0x3d, 0x9e, 0x7d, 0x9b, 0x4a -}; - -/* SHA-2 HMAC Test Vectors */ - -/* - * SHA-256 HMAC Known Hash Message (512-bits). - * (Not used by HW provider because of the key size limitation - */ -uint8_t sha256_hmac_known_hash_message[] = { - 0x54, 0x68, 0x65, 0x20, 0x74, 0x65, 0x73, 0x74, - 0x20, 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x4D, 0x44, 0x32, 0x2C, 0x20, 0x4D, 0x44, - 0x35, 0x2C, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x53, - 0x48, 0x41, 0x2D, 0x31, 0x20, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x6E, 0x67, 0x20, 0x61, 0x6C, 0x67, - 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x73, 0x2E -}; - -uint8_t sha256_hmac_known_secret_key[] = { - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x53, 0x48, 0x41, 0x2D, - 0x32, 0x35, 0x36, 0x20, 0x48, 0x4D, 0x41, 0x43, - 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x20, - 0x6B, 0x65, 0x79, 0x21 -}; - -/* known SHA256 hmac (32 bytes) */ -uint8_t known_sha256_hmac[] = { - 0x02, 0x87, 0x21, 0x93, 0x84, 0x8a, 0x35, 0xae, - 0xdb, 0xb6, 0x79, 0x26, 0x96, 0xf0, 0x50, 0xeb, - 0x33, 0x49, 0x57, 0xf1, 0xb2, 0x32, 0xd3, 0x63, - 0x03, 0x65, 0x57, 0xa2, 0xba, 0xa2, 0x5f, 0x35 -}; - -/* - * SHA-256 HMAC Known Hash Message from RFC 4231 - * Test Case 2 and 4 - */ -uint8_t sha256_hmac_known_hash_message_1[] = { - 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, - 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, - 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, - 0x69, 0x6e, 0x67, 0x3f -}; -uint8_t sha256_hmac_known_secret_key_1[] = { - 0x4a, 0x65, 0x66, 0x65 -}; -uint8_t sha256_known_hmac_1[] = { - 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, - 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, - 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, - 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 -}; - -uint8_t sha256_hmac_known_hash_message_2[] = { - 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, - 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, - 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, - 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, - 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, - 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, - 0xcd, 0xcd -}; -uint8_t sha256_hmac_known_secret_key_2[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19 -}; -uint8_t sha256_known_hmac_2[] = { - 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, - 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, - 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, - 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b -}; - -/* - * SHA-384 HMAC Known Hash Message (512-bits). - * Source from NIST HMAC.txt (Count = 15, Klen = 16, Tlen = 48) - */ -uint8_t sha384_hmac_known_secret_key[] = { - 0x01, 0xac, 0x59, 0xf4, 0x2f, 0x8b, 0xb9, 0x1d, - 0x1b, 0xd1, 0x0f, 0xe6, 0x99, 0x0d, 0x7a, 0x87 -}; - -uint8_t sha384_hmac_known_hash_message[] = { - 0x3c, 0xaf, 0x18, 0xc4, 0x76, 0xed, 0xd5, 0x61, - 0x5f, 0x34, 0x3a, 0xc7, 0xb7, 0xd3, 0xa9, 0xda, - 0x9e, 0xfa, 0xde, 0x75, 0x56, 0x72, 0xd5, 0xba, - 0x4b, 0x8a, 0xe8, 0xa7, 0x50, 0x55, 0x39, 0xea, - 0x2c, 0x12, 0x4f, 0xf7, 0x55, 0xec, 0x04, 0x57, - 0xfb, 0xe4, 0x9e, 0x43, 0x48, 0x0b, 0x3c, 0x71, - 0xe7, 0xf4, 0x74, 0x2e, 0xc3, 0x69, 0x3a, 0xad, - 0x11, 0x5d, 0x03, 0x9f, 0x90, 0x22, 0x2b, 0x03, - 0x0f, 0xdc, 0x94, 0x40, 0x31, 0x36, 0x91, 0x71, - 0x6d, 0x53, 0x02, 0x00, 0x58, 0x08, 0xc0, 0x76, - 0x27, 0x48, 0x3b, 0x91, 0x6f, 0xdf, 0x61, 0x98, - 0x30, 0x63, 0xc2, 0xeb, 0x12, 0x68, 0xf2, 0xde, - 0xee, 0xf4, 0x2f, 0xc7, 0x90, 0x33, 0x44, 0x56, - 0xbc, 0x6b, 0xad, 0x25, 0x6e, 0x31, 0xfc, 0x90, - 0x66, 0xde, 0x7c, 0xc7, 0xe4, 0x3d, 0x13, 0x21, - 0xb1, 0x86, 0x6d, 0xb4, 0x5e, 0x90, 0x56, 0x22 -}; - -/* known SHA384 hmac (48 bytes) */ -uint8_t known_sha384_hmac[] = { - 0x19, 0x85, 0xfa, 0x21, 0x63, 0xa5, 0x94, 0x3f, - 0xc5, 0xd9, 0x2f, 0x1f, 0xe8, 0x83, 0x12, 0x15, - 0xe7, 0xe9, 0x1f, 0x0b, 0xff, 0x53, 0x32, 0xbc, - 0x71, 0x3a, 0x07, 0x2b, 0xdb, 0x3a, 0x8f, 0x9e, - 0x5c, 0x51, 0x57, 0x46, 0x3a, 0x3b, 0xfe, 0xb3, - 0x62, 0x31, 0x41, 0x6e, 0x65, 0x97, 0x3e, 0x64 -}; - -/* - * SHA-512 HMAC Known Hash Message (512-bits). - * Source from NIST HMAC.txt (Count = 30, Klen = 20, Tlen = 64) - */ -uint8_t sha512_hmac_known_secret_key[] = { - 0xa7, 0x36, 0xf2, 0x74, 0xfd, 0xa6, 0x8e, 0x1b, - 0xd5, 0xf9, 0x47, 0x1e, 0x85, 0xfd, 0x41, 0x5d, - 0x7f, 0x2b, 0xa1, 0xbc -}; - -uint8_t sha512_hmac_known_hash_message[] = { - 0xa6, 0xcc, 0xc3, 0x55, 0x2c, 0x33, 0xe9, 0x17, - 0x8b, 0x6b, 0x82, 0xc6, 0x53, 0xd6, 0x3d, 0xe2, - 0x54, 0x0f, 0x17, 0x08, 0x07, 0xc3, 0xd9, 0x6a, - 0x2a, 0xc2, 0xe2, 0x7d, 0xab, 0x55, 0x26, 0xf1, - 0xc7, 0xd3, 0x77, 0xe6, 0x73, 0x6f, 0x04, 0x5d, - 0xfb, 0x54, 0x1f, 0xec, 0xe9, 0xf4, 0x43, 0xb7, - 0x28, 0x9c, 0x55, 0x9b, 0x69, 0x4c, 0x2a, 0xac, - 0xc6, 0xc7, 0x4a, 0xe2, 0xa5, 0xe6, 0xf3, 0x0f, - 0xe0, 0x31, 0x61, 0x14, 0x23, 0xb0, 0x4d, 0x55, - 0x95, 0xff, 0xb4, 0x6a, 0xba, 0xa1, 0xd9, 0x18, - 0x98, 0x96, 0x8d, 0x7f, 0x18, 0x30, 0xae, 0x94, - 0xb0, 0x22, 0xee, 0xd2, 0x3f, 0xda, 0xd5, 0x2d, - 0x38, 0x11, 0x0a, 0x48, 0x03, 0xa0, 0xce, 0xe7, - 0xa0, 0x95, 0xc9, 0xa7, 0x8e, 0x86, 0x09, 0xed, - 0xeb, 0x25, 0x48, 0x1c, 0xdc, 0x15, 0x6d, 0x0b, - 0x2f, 0xfc, 0x56, 0xb6, 0x3f, 0xda, 0xd5, 0x33 -}; - -/* known SHA512 hmac (64 bytes) */ -uint8_t known_sha512_hmac[] = { - 0xf7, 0x18, 0x03, 0x43, 0x1e, 0x07, 0xa5, 0xa6, - 0xe5, 0xfd, 0x4a, 0xe4, 0xcf, 0xc2, 0x75, 0x3b, - 0xc8, 0x0d, 0x26, 0xe1, 0x67, 0x23, 0xd9, 0xe8, - 0x8b, 0x40, 0x5a, 0x02, 0x34, 0x8e, 0xf4, 0xb9, - 0x67, 0x92, 0xc9, 0x9c, 0xed, 0x64, 0xdc, 0x70, - 0xea, 0x47, 0x53, 0x78, 0xb7, 0x46, 0x6a, 0xc2, - 0xca, 0xf4, 0xa4, 0x20, 0xb0, 0x1f, 0xf6, 0x1e, - 0x72, 0xc5, 0xb5, 0xee, 0x8e, 0xaa, 0xd4, 0xd4 -}; - -/* - * RSA: 1024-bit RSA known key - */ -uint8_t rsa_modulus_1024[] = { - 0x94, 0x32, 0xb9, 0x12, 0x1d, 0x68, 0x2c, 0xda, - 0x2b, 0xe0, 0xe4, 0x97, 0x1b, 0x4d, 0xdc, 0x43, - 0xdf, 0x38, 0x6e, 0x7b, 0x9f, 0x07, 0x58, 0xae, - 0x9d, 0x82, 0x1e, 0xc7, 0xbc, 0x92, 0xbf, 0xd3, - 0xce, 0x00, 0xbb, 0x91, 0xc9, 0x79, 0x06, 0x03, - 0x1f, 0xbc, 0x9f, 0x94, 0x75, 0x29, 0x5f, 0xd7, - 0xc5, 0xf3, 0x73, 0x8a, 0xa4, 0x35, 0x43, 0x7a, - 0x00, 0x32, 0x97, 0x3e, 0x86, 0xef, 0x70, 0x6f, - 0x18, 0x56, 0x15, 0xaa, 0x6a, 0x87, 0xe7, 0x8d, - 0x7d, 0xdd, 0x1f, 0xa4, 0xe4, 0x31, 0xd4, 0x7a, - 0x8c, 0x0e, 0x20, 0xd2, 0x23, 0xf5, 0x57, 0x3c, - 0x1b, 0xa8, 0x44, 0xa4, 0x57, 0x8f, 0x33, 0x52, - 0xad, 0x83, 0xae, 0x4a, 0x97, 0xa6, 0x1e, 0xa6, - 0x2b, 0xfa, 0xea, 0xeb, 0x6e, 0x71, 0xb8, 0xb6, - 0x0a, 0x36, 0xed, 0x83, 0xce, 0xb0, 0xdf, 0xc1, - 0xd4, 0x3a, 0xe9, 0x99, 0x6f, 0xf3, 0x96, 0xb7 -}; -uint8_t rsa_public_exponent_1024[] = {0x01, 0x00, 0x01}; -uint8_t rsa_private_exponent_1024[] = { - 0x8e, 0xc9, 0x70, 0x57, 0x6b, 0xcd, 0xfb, 0xa9, - 0x19, 0xad, 0xcd, 0x91, 0x69, 0xd5, 0x52, 0xec, - 0x72, 0x1e, 0x45, 0x15, 0x06, 0xdc, 0x65, 0x2d, - 0x98, 0xc4, 0xce, 0x33, 0x54, 0x15, 0x70, 0x8d, - 0xfa, 0x65, 0xea, 0x53, 0x44, 0xf3, 0x3e, 0x3f, - 0xb4, 0x4c, 0x60, 0xd5, 0x01, 0x2d, 0xa4, 0x12, - 0x99, 0xbf, 0x3f, 0x0b, 0xcd, 0xbb, 0x24, 0x10, - 0x60, 0x30, 0x5e, 0x58, 0xf8, 0x59, 0xaa, 0xd1, - 0x63, 0x3b, 0xbc, 0xcb, 0x94, 0x58, 0x38, 0x24, - 0xfc, 0x65, 0x25, 0xc5, 0xa6, 0x51, 0xa2, 0x2e, - 0xf1, 0x5e, 0xf5, 0xc1, 0xf5, 0x46, 0xf7, 0xbd, - 0xc7, 0x62, 0xa8, 0xe2, 0x27, 0xd6, 0x94, 0x5b, - 0xd3, 0xa2, 0xb5, 0x76, 0x42, 0x67, 0x6b, 0x86, - 0x91, 0x97, 0x4d, 0x07, 0x92, 0x00, 0x4a, 0xdf, - 0x0b, 0x65, 0x64, 0x05, 0x03, 0x48, 0x27, 0xeb, - 0xce, 0x9a, 0x49, 0x7f, 0x3e, 0x10, 0xe0, 0x01 -}; -uint8_t rsa_prime1_1024[] = { - 0xe4, 0xe7, 0x50, 0x8c, 0x48, 0x2b, 0x0a, 0xda, - 0xb1, 0xf0, 0xd5, 0x1e, 0x0b, 0xf3, 0xdc, 0xfc, - 0xa9, 0x60, 0x20, 0x73, 0xa0, 0x89, 0x20, 0xa8, - 0x2e, 0x1a, 0x50, 0x95, 0xdc, 0x45, 0xef, 0x29, - 0x21, 0x69, 0x22, 0xca, 0x3f, 0x2c, 0xfe, 0x6e, - 0xb3, 0xc9, 0xee, 0x2d, 0xb1, 0xb9, 0xbd, 0x6c, - 0xdd, 0x89, 0xbb, 0x0a, 0x9a, 0x0e, 0x14, 0xa1, - 0x88, 0x4a, 0x56, 0x5d, 0xb5, 0x0f, 0xd2, 0x01 -}; -uint8_t rsa_prime2_1024[] = { - 0xa5, 0xbd, 0xb6, 0xb8, 0x49, 0x97, 0x9d, 0x2c, - 0x04, 0x06, 0x5b, 0xee, 0xae, 0x5f, 0x78, 0x06, - 0x49, 0xa2, 0x11, 0xbf, 0xff, 0x40, 0x4f, 0x56, - 0x88, 0xc7, 0xe9, 0x55, 0x79, 0xeb, 0xc6, 0x68, - 0x1c, 0xb3, 0x13, 0x9f, 0x41, 0x6c, 0x10, 0x3c, - 0x26, 0xd2, 0xd6, 0x68, 0xb3, 0x1e, 0x6b, 0x93, - 0x08, 0x86, 0xfe, 0x15, 0x47, 0xa7, 0x52, 0x3a, - 0xb4, 0x28, 0x43, 0x78, 0xef, 0x34, 0x78, 0xb7 -}; -uint8_t rsa_exponent1_1024[] = { - 0x58, 0x83, 0x51, 0xd4, 0x4c, 0xfb, 0xc7, 0xe0, - 0xb5, 0x3a, 0x09, 0x4e, 0xeb, 0x14, 0x4b, 0x79, - 0xb0, 0x0d, 0x29, 0xbf, 0x4c, 0x6e, 0x7a, 0x20, - 0x4e, 0x63, 0x82, 0x91, 0xd0, 0x71, 0x82, 0x7f, - 0x87, 0x19, 0xde, 0x88, 0x12, 0x51, 0xd5, 0xb8, - 0xfc, 0xf0, 0xb2, 0x97, 0x1c, 0xc8, 0x54, 0x05, - 0x4a, 0xcd, 0x3d, 0x74, 0x66, 0x09, 0xd7, 0xd4, - 0x76, 0x9d, 0x38, 0x34, 0x58, 0x15, 0x5c, 0x01 -}; -uint8_t rsa_exponent2_1024[] = { - 0x4a, 0xc6, 0x27, 0x6c, 0x47, 0x0f, 0x56, 0xc2, - 0x67, 0xe2, 0x72, 0x91, 0x61, 0x2c, 0x03, 0x1b, - 0x5b, 0x16, 0xfa, 0x49, 0x13, 0xa0, 0x70, 0xea, - 0xca, 0x74, 0xde, 0x89, 0x48, 0xa3, 0x1d, 0x75, - 0x15, 0x15, 0x99, 0x91, 0xac, 0xd3, 0x53, 0x13, - 0xc0, 0x34, 0x38, 0xb5, 0x2d, 0xb2, 0x58, 0xb8, - 0x12, 0x0d, 0xcd, 0x0d, 0xce, 0xb0, 0xe7, 0x41, - 0x42, 0xcc, 0x33, 0x7c, 0x98, 0xf6, 0xa4, 0x4b -}; -uint8_t rsa_coefficient_1024[] = { - 0x60, 0x6a, 0x6c, 0x5a, 0xf1, 0x55, 0xe9, 0xe4, - 0x67, 0x72, 0x2f, 0x99, 0x03, 0x6a, 0x56, 0xa1, - 0xed, 0xf2, 0x59, 0xfa, 0xec, 0x88, 0xc5, 0xb7, - 0xa8, 0x71, 0x4a, 0x5f, 0xab, 0x86, 0xb0, 0x50, - 0x93, 0x3c, 0xe3, 0x70, 0xf9, 0xf2, 0x72, 0xe6, - 0xd2, 0xb5, 0x30, 0x3e, 0x60, 0x29, 0x70, 0xd4, - 0xf0, 0x31, 0x15, 0x36, 0x3a, 0x27, 0xb6, 0xdf, - 0x18, 0xb0, 0xf0, 0x32, 0xef, 0xa3, 0x84, 0xcb -}; - - -/* - * RSA: 2048-bit RSA known key - */ -uint8_t rsa_modulus_2048[] = { - 0x7f, 0xf1, 0xed, 0x5a, 0xa0, 0xe2, 0x97, 0x05, - 0x03, 0xc0, 0xf3, 0xcf, 0x86, 0x4a, 0x01, 0x15, - 0xc3, 0x4f, 0x32, 0xf4, 0xf7, 0xbe, 0x57, 0x4a, - 0xe1, 0x87, 0xf2, 0x1c, 0xd3, 0xa5, 0x96, 0xc1, - 0x54, 0xe5, 0x97, 0x19, 0x7d, 0xf1, 0x13, 0xc3, - 0x4d, 0xcf, 0x5a, 0x08, 0x76, 0xfc, 0x6c, 0x93, - 0x87, 0x71, 0x20, 0x66, 0xb7, 0xbf, 0x37, 0xbb, - 0xc9, 0xf5, 0x16, 0xf4, 0x9c, 0x5c, 0x64, 0x58, - 0xc4, 0x9e, 0x17, 0x0e, 0x99, 0x6d, 0x3f, 0x7d, - 0x4f, 0xf1, 0x01, 0xde, 0x76, 0x55, 0xa9, 0xfe, - 0xa0, 0xa4, 0x95, 0xd1, 0x4e, 0xc6, 0x8b, 0x0a, - 0x86, 0x5b, 0x60, 0x40, 0xf1, 0x74, 0x91, 0x26, - 0xcf, 0xc4, 0xf7, 0x7a, 0x86, 0xd7, 0x72, 0x47, - 0x25, 0x9e, 0x3e, 0x5a, 0xbd, 0x7f, 0x11, 0x9a, - 0x28, 0x9e, 0x00, 0x8d, 0xfb, 0x9d, 0x93, 0x8e, - 0xb4, 0xcc, 0x7f, 0x22, 0x00, 0x8a, 0x3b, 0xbb, - 0xca, 0x45, 0x8e, 0x93, 0xd3, 0xe4, 0x89, 0x96, - 0xe1, 0xb8, 0x5f, 0xdf, 0x75, 0x94, 0x89, 0xa5, - 0xad, 0x39, 0x76, 0x43, 0xa7, 0xdf, 0xe4, 0x62, - 0x39, 0x01, 0x56, 0x31, 0x46, 0x2b, 0xf4, 0x05, - 0xa9, 0xa9, 0x33, 0x96, 0x16, 0x75, 0x3f, 0xf2, - 0xcd, 0x6b, 0x0d, 0xa9, 0xf2, 0x9b, 0x30, 0x6d, - 0x17, 0xec, 0x1a, 0x5a, 0x14, 0x5a, 0x8e, 0xaa, - 0x52, 0x35, 0x83, 0x0a, 0x59, 0xbc, 0x56, 0x96, - 0x18, 0x08, 0xbf, 0x91, 0xf7, 0x69, 0x81, 0x66, - 0xda, 0x13, 0xb6, 0x77, 0xb9, 0x6a, 0x4a, 0x71, - 0xd9, 0xae, 0x43, 0x0d, 0xad, 0xb4, 0x5f, 0x11, - 0x87, 0x91, 0x84, 0xc6, 0x59, 0xfe, 0xb0, 0x05, - 0x83, 0x21, 0x66, 0x7a, 0x70, 0xeb, 0x15, 0xbb, - 0xc3, 0x40, 0x37, 0xce, 0xbc, 0xe7, 0x4f, 0x95, - 0xf1, 0x83, 0xcf, 0x89, 0xdd, 0xdc, 0xea, 0x01, - 0xe1, 0x42, 0xe9, 0x52, 0x8b, 0x1f, 0x91, 0x25}; -uint8_t rsa_public_exponent_2048[] = { 0x3 }; -uint8_t rsa_private_exponent_2048[] = { - 0x55, 0x4b, 0xf3, 0x91, 0xc0, 0x97, 0x0f, 0x58, - 0xad, 0x2b, 0x4d, 0x35, 0x04, 0x31, 0x56, 0x0e, - 0x82, 0x34, 0xcc, 0xa3, 0x4f, 0xd4, 0x3a, 0x31, - 0xeb, 0xaf, 0xf6, 0xbd, 0xe2, 0x6e, 0x64, 0x80, - 0xe3, 0x43, 0xba, 0x10, 0xfe, 0xa0, 0xb7, 0xd7, - 0x89, 0x34, 0xe6, 0xb0, 0x4f, 0x52, 0xf3, 0x0d, - 0x04, 0xf6, 0x15, 0x99, 0xcf, 0xd4, 0xcf, 0xd2, - 0x86, 0xa3, 0x64, 0xa3, 0x12, 0xe8, 0x42, 0xe5, - 0xd8, 0x69, 0x64, 0xb4, 0x66, 0x48, 0xd4, 0xfe, - 0x35, 0x4b, 0x56, 0x94, 0x4e, 0xe3, 0xc6, 0xa9, - 0xc0, 0x6d, 0xb9, 0x36, 0x34, 0x84, 0x5c, 0xb1, - 0xae, 0xe7, 0x95, 0x80, 0xa0, 0xf8, 0x60, 0xc4, - 0x8a, 0x83, 0x4f, 0xa7, 0x04, 0x8f, 0xa1, 0x84, - 0xc3, 0xbe, 0xd4, 0x3c, 0x7e, 0x54, 0xb6, 0x66, - 0xc5, 0xbe, 0xab, 0x09, 0x52, 0x69, 0x0d, 0x09, - 0xcd, 0xdd, 0xaa, 0x16, 0xab, 0x06, 0xd2, 0x7c, - 0x3c, 0x58, 0x7d, 0x53, 0x4b, 0x14, 0x41, 0x35, - 0x9a, 0x78, 0x74, 0xf5, 0x8e, 0x67, 0x50, 0x52, - 0xc5, 0x17, 0xcd, 0xfd, 0x7a, 0xe4, 0x9b, 0xbb, - 0xaf, 0x4b, 0x17, 0xa7, 0x3c, 0x09, 0x1d, 0xd6, - 0xa1, 0x11, 0x06, 0x36, 0x68, 0x83, 0x66, 0xd6, - 0x49, 0x44, 0x9f, 0x0b, 0xe3, 0x17, 0x1a, 0xc5, - 0xd7, 0x9a, 0x65, 0x5d, 0x15, 0x81, 0x6a, 0x5d, - 0xdd, 0xd7, 0xf4, 0x54, 0xa3, 0x6f, 0x1e, 0x60, - 0x87, 0x2a, 0x59, 0xaa, 0x73, 0xf0, 0xdd, 0xdb, - 0x66, 0xa8, 0x19, 0x31, 0xfd, 0x00, 0x09, 0x8f, - 0xce, 0x9a, 0xec, 0xff, 0x88, 0x5c, 0x4e, 0x67, - 0x55, 0xa0, 0x14, 0xdf, 0x28, 0x61, 0x5f, 0x47, - 0x8d, 0x49, 0xb3, 0xee, 0x5e, 0xfc, 0xc8, 0x41, - 0x75, 0x59, 0x93, 0xa4, 0x24, 0x69, 0xc0, 0x1a, - 0x18, 0x04, 0xda, 0x38, 0x0e, 0xf3, 0xa5, 0x04, - 0xbf, 0xe3, 0xf9, 0xf3, 0x7c, 0xe5, 0x82, 0xeb}; -uint8_t rsa_prime1_2048[] = { - 0x97, 0x5e, 0xb8, 0x7b, 0x74, 0xe6, 0xe3, 0x7b, - 0x4b, 0xdf, 0x5b, 0xb8, 0x0f, 0xe6, 0xa1, 0xcc, - 0x1c, 0x84, 0xc9, 0x60, 0x5d, 0x80, 0x17, 0x6d, - 0x61, 0xc2, 0x4d, 0x14, 0x0c, 0x71, 0xda, 0x02, - 0x74, 0x6f, 0x1f, 0x85, 0x4f, 0xb9, 0x69, 0xb9, - 0x3c, 0x23, 0x74, 0x60, 0x14, 0xc2, 0xb2, 0x44, - 0x0c, 0x18, 0xde, 0xfa, 0x12, 0x2c, 0xb8, 0x68, - 0x71, 0x62, 0x07, 0x8c, 0x02, 0xe3, 0x08, 0xf9, - 0x49, 0xc1, 0x15, 0x13, 0x0f, 0x76, 0x50, 0xd6, - 0x6e, 0xd3, 0x7b, 0xfa, 0x68, 0x0e, 0x75, 0x07, - 0x0b, 0xee, 0x2c, 0xd7, 0x34, 0xc9, 0x98, 0x33, - 0x16, 0xca, 0x60, 0x54, 0x36, 0x12, 0x65, 0xc4, - 0x1c, 0xf1, 0xe5, 0x7c, 0x6a, 0x6a, 0x0f, 0x11, - 0x45, 0xbb, 0x60, 0xa0, 0x35, 0x97, 0xaa, 0x25, - 0x58, 0x29, 0x1b, 0xf8, 0x4d, 0xb5, 0x86, 0x58, - 0x68, 0x19, 0x30, 0x6d, 0x07, 0x78, 0x1d, 0x9d}; -uint8_t rsa_prime2_2048[] = { - 0xd8, 0x62, 0x1a, 0x1b, 0x6e, 0x5f, 0x44, 0x4b, - 0x2e, 0x24, 0x54, 0xb7, 0x10, 0x12, 0xef, 0x5d, - 0x69, 0x10, 0xf7, 0xe7, 0x12, 0x08, 0xe3, 0x5b, - 0x50, 0x4e, 0x65, 0xa2, 0x5f, 0xac, 0x6d, 0x41, - 0x43, 0xa0, 0x8a, 0xbf, 0x29, 0xf6, 0xbb, 0xf8, - 0x23, 0x60, 0xaa, 0xb8, 0x09, 0x35, 0xd6, 0x00, - 0x48, 0x6b, 0xa3, 0x54, 0x61, 0xeb, 0xb6, 0xb5, - 0x14, 0x0f, 0x8c, 0xff, 0x61, 0xb2, 0xa0, 0x0c, - 0x03, 0x88, 0x23, 0xff, 0x3a, 0x09, 0xe3, 0xc7, - 0x51, 0x44, 0x14, 0xb2, 0x55, 0xdb, 0xc7, 0x13, - 0x17, 0xd7, 0xb2, 0xb7, 0x2c, 0x60, 0x51, 0x43, - 0x70, 0x57, 0x05, 0x23, 0x67, 0x5a, 0x3b, 0x56, - 0x12, 0x40, 0xf3, 0x18, 0x78, 0x05, 0xda, 0x48, - 0x4d, 0x7e, 0x79, 0xb8, 0x50, 0xb1, 0x05, 0x49, - 0x75, 0x53, 0x6c, 0x3d, 0x79, 0xb9, 0xec, 0x22, - 0x59, 0x53, 0xc1, 0xf8, 0x48, 0x4f, 0x2f, 0x29}; -uint8_t rsa_exponent1_2048[] = { - 0x64, 0xe9, 0xd0, 0x52, 0x4d, 0xef, 0x42, 0x52, - 0x32, 0x94, 0xe7, 0xd0, 0x0a, 0x99, 0xc1, 0x32, - 0xbd, 0xad, 0xdb, 0x95, 0x93, 0xaa, 0xba, 0x48, - 0xeb, 0xd6, 0xde, 0x0d, 0x5d, 0xa1, 0x3c, 0x01, - 0xa2, 0xf4, 0xbf, 0xae, 0x35, 0x26, 0x46, 0x7b, - 0x7d, 0x6c, 0xf8, 0x40, 0x0d, 0xd7, 0x21, 0x82, - 0xb2, 0xbb, 0x3f, 0x51, 0x61, 0x73, 0x25, 0x9a, - 0xf6, 0x41, 0x5a, 0x5d, 0x57, 0x42, 0x05, 0xfb, - 0x86, 0x80, 0xb8, 0xb7, 0x5f, 0xa4, 0x35, 0xe4, - 0x49, 0xe2, 0x52, 0xa6, 0xf0, 0x09, 0xa3, 0x5a, - 0x07, 0xf4, 0x1d, 0xe4, 0xcd, 0xdb, 0xba, 0xcc, - 0xb9, 0xdc, 0x40, 0x38, 0x24, 0x0c, 0x43, 0xd8, - 0x13, 0x4b, 0xee, 0x52, 0xf1, 0x9c, 0x0a, 0x0b, - 0x83, 0xd2, 0x40, 0x6a, 0xce, 0x65, 0x1c, 0x18, - 0xe5, 0x70, 0xbd, 0x50, 0x33, 0xce, 0x59, 0x90, - 0x45, 0x66, 0x20, 0x48, 0xaf, 0xa5, 0x69, 0x13}; -uint8_t rsa_exponent2_2048[] = { - 0x90, 0x41, 0x66, 0xbc, 0xf4, 0x3f, 0x82, 0xdc, - 0xc9, 0x6d, 0x8d, 0xcf, 0x60, 0x0c, 0x9f, 0x93, - 0x9b, 0x60, 0xa5, 0x44, 0xb6, 0xb0, 0x97, 0x92, - 0x35, 0x89, 0x99, 0x16, 0xea, 0x72, 0xf3, 0x80, - 0xd7, 0xc0, 0x5c, 0x7f, 0x71, 0x4f, 0x27, 0xfa, - 0xc2, 0x40, 0x71, 0xd0, 0x06, 0x23, 0xe4, 0x00, - 0x30, 0x47, 0xc2, 0x38, 0x41, 0x47, 0xcf, 0x23, - 0x62, 0xb5, 0x08, 0xaa, 0x41, 0x21, 0xc0, 0x08, - 0x02, 0x5a, 0xc2, 0xaa, 0x26, 0xb1, 0x42, 0x84, - 0xe0, 0xd8, 0x0d, 0xcc, 0x39, 0x3d, 0x2f, 0x62, - 0x0f, 0xe5, 0x21, 0xcf, 0x72, 0xea, 0xe0, 0xd7, - 0xa0, 0x3a, 0x03, 0x6c, 0xef, 0x91, 0x7c, 0xe4, - 0x0c, 0x2b, 0x4c, 0xba, 0xfa, 0xae, 0x91, 0x85, - 0x88, 0xfe, 0xfb, 0xd0, 0x35, 0xcb, 0x58, 0xdb, - 0xa3, 0x8c, 0xf2, 0xd3, 0xa6, 0x7b, 0xf2, 0xc1, - 0x90, 0xe2, 0x81, 0x50, 0x30, 0x34, 0xca, 0x1b}; -uint8_t rsa_coefficient_2048[] = { - 0x86, 0xfd, 0x64, 0x2c, 0x28, 0x72, 0x4e, 0x59, - 0x2a, 0x29, 0xcd, 0xe2, 0xd1, 0xf6, 0x19, 0xc8, - 0xf8, 0xf0, 0x69, 0x77, 0x94, 0x03, 0x70, 0x0d, - 0x87, 0x27, 0x37, 0x4d, 0xe8, 0xed, 0x56, 0x9f, - 0x15, 0x99, 0x14, 0x3f, 0xf8, 0x35, 0x2f, 0x7c, - 0x01, 0x11, 0x82, 0x99, 0x90, 0x5f, 0x6d, 0xf8, - 0x2c, 0x81, 0x74, 0x22, 0xa1, 0x5c, 0x87, 0x93, - 0xc4, 0xa4, 0x0a, 0xd2, 0xf2, 0xe6, 0x51, 0x4d, - 0x3a, 0x24, 0x16, 0x7a, 0x8a, 0x36, 0xca, 0x03, - 0x58, 0xd7, 0xce, 0x5b, 0x16, 0x3f, 0x65, 0xf7, - 0xe8, 0xdc, 0x91, 0xee, 0x0b, 0x80, 0x20, 0x5d, - 0x12, 0x75, 0x0d, 0xe1, 0xe2, 0x78, 0x13, 0xcc, - 0x3d, 0xe6, 0x84, 0x56, 0x66, 0xa4, 0x69, 0x20, - 0x9f, 0x55, 0xf3, 0xcd, 0x48, 0x84, 0x93, 0xc0, - 0x4d, 0xf9, 0xa7, 0xb3, 0xfa, 0xf3, 0x31, 0x27, - 0x23, 0x70, 0x19, 0x6a, 0xf3, 0x02, 0x7f, 0x9d}; - -/* - * RSA: 1024-bit and 2048-bit known plaintext and signatures - */ -/* Plaintext message: 1024-bit including NULL termination */ -uint8_t rsa_known_plaintext_msg[] = { - 0x42, 0xad, 0xcb, 0xba, 0x92, 0x41, 0x72, 0xf3, - 0x3e, 0x7c, 0xc0, 0xf7, 0x2b, 0xbe, 0x30, 0xdf, - 0x97, 0xa2, 0x11, 0xd1, 0xa6, 0x43, 0x33, 0x22, - 0xc9, 0x14, 0xec, 0x07, 0x69, 0x4c, 0xa8, 0xbc, - 0xb9, 0x87, 0x54, 0xe1, 0x26, 0x2a, 0x9e, 0xfd, - 0xf7, 0xa2, 0x3b, 0xee, 0x77, 0x93, 0xff, 0xa8, - 0x34, 0xf5, 0x89, 0xef, 0xa4, 0xb9, 0x00, 0x86, - 0x46, 0x63, 0x07, 0x5a, 0x8f, 0x87, 0xb4, 0x6e, - 0x0d, 0xd6, 0xb2, 0x32, 0x21, 0x50, 0xab, 0x18, - 0xc0, 0x9c, 0x1e, 0xa1, 0x8a, 0x4e, 0xf3, 0x1f, - 0xe1, 0x4e, 0xf0, 0xe3, 0x9b, 0x9d, 0x33, 0x84, - 0x6d, 0x4b, 0x6f, 0x52, 0x65, 0x2c, 0xc1, 0x41, - 0x6a, 0x13, 0x10, 0xc2, 0xf6, 0x2f, 0xc6, 0xaf, - 0x35, 0xb4, 0xf2, 0xbf, 0x21, 0x16, 0x2b, 0x45, - 0x61, 0x97, 0xcf, 0x4f, 0xa0, 0x1d, 0x99, 0x9d, - 0xa0, 0x92, 0x11, 0x6d, 0x34, 0x63, 0x19, 0x73 -}; - -uint8_t rsa_x509_known_signature_1024[] = { - 0x43, 0xA3, 0x73, 0x60, 0xD7, 0x6F, 0xAB, 0x76, - 0x8C, 0xF7, 0x7C, 0xDD, 0x26, 0x59, 0x75, 0x91, - 0x0F, 0x06, 0x95, 0x4A, 0x3A, 0x02, 0x9A, 0x19, - 0x33, 0xF0, 0x98, 0x4E, 0x9A, 0x97, 0xEA, 0xFE, - 0x45, 0xB5, 0x94, 0xE0, 0x42, 0x46, 0xC7, 0x74, - 0x65, 0xE6, 0x0F, 0x81, 0xD0, 0x95, 0x17, 0x8F, - 0x82, 0xF6, 0x36, 0x02, 0x59, 0xE9, 0x20, 0x08, - 0x38, 0x70, 0x68, 0x67, 0xFE, 0x9B, 0xEA, 0xF8, - 0xBA, 0xD0, 0x00, 0x3F, 0x75, 0x2A, 0x2F, 0x7A, - 0xC7, 0xE9, 0x44, 0xA4, 0x39, 0xB6, 0x94, 0x85, - 0xA7, 0x8A, 0x3A, 0x97, 0x83, 0x93, 0x18, 0x93, - 0x99, 0xAC, 0xF7, 0x21, 0xD5, 0x76, 0x30, 0xA5, - 0xA1, 0xE5, 0x3B, 0x50, 0x2D, 0x10, 0xBE, 0xD1, - 0x96, 0x41, 0x9D, 0xD9, 0xCD, 0x68, 0xD4, 0x49, - 0x96, 0x78, 0xBB, 0x62, 0x7D, 0xEC, 0x0D, 0x09, - 0xA4, 0x84, 0x6B, 0x6F, 0xA8, 0x41, 0x03, 0x37 -}; - -uint8_t rsa_pkcs_known_signature_1024[] = { - 0x7B, 0x9C, 0x75, 0x6D, 0x45, 0xC3, 0xED, 0x9F, - 0xFA, 0xE9, 0x9C, 0xFA, 0x8B, 0x1A, 0xAF, 0x86, - 0x25, 0x45, 0x52, 0x21, 0x81, 0x94, 0x2C, 0x87, - 0x51, 0x65, 0x77, 0x2F, 0x25, 0xA8, 0x6C, 0x85, - 0x06, 0xA8, 0xA3, 0xF6, 0x3B, 0xA6, 0xC8, 0x44, - 0xF5, 0xBF, 0xE8, 0xE0, 0xF8, 0x20, 0xB5, 0x84, - 0xF3, 0xAE, 0x1B, 0x24, 0xA6, 0x19, 0xC5, 0x63, - 0xFD, 0x54, 0xFA, 0x88, 0xA2, 0x2D, 0x2C, 0x39, - 0x38, 0x4B, 0x68, 0x70, 0xF7, 0xD3, 0x8D, 0xE1, - 0x90, 0xE7, 0x41, 0x8D, 0x03, 0x75, 0x39, 0x38, - 0x3B, 0x96, 0x47, 0xFF, 0xA7, 0x9B, 0x72, 0x08, - 0x76, 0x7D, 0x00, 0x61, 0xD4, 0x07, 0x47, 0xED, - 0xB3, 0x62, 0x4D, 0xFD, 0x79, 0x44, 0xD5, 0xF5, - 0xDA, 0xDE, 0xE5, 0x89, 0xFB, 0x57, 0xA8, 0x0A, - 0x92, 0x41, 0x92, 0x3A, 0x47, 0x85, 0x1D, 0x72, - 0xAF, 0x58, 0x85, 0x9D, 0x46, 0x4A, 0xD2, 0x7D -}; - -uint8_t rsa_x509_known_signature_2048[] = { - 0x74, 0xEB, 0x2F, 0x01, 0x93, 0xF0, 0xB9, 0x64, - 0x12, 0xD6, 0xD6, 0x75, 0xF0, 0x6C, 0xDC, 0x44, - 0x5F, 0x09, 0xAC, 0x98, 0x6C, 0xF9, 0x23, 0x7E, - 0xBB, 0x44, 0xCB, 0x9A, 0x3C, 0xE9, 0x76, 0x7B, - 0x81, 0xAA, 0x69, 0xA6, 0x77, 0x34, 0x85, 0x8E, - 0xDB, 0x13, 0x9A, 0xE3, 0xD0, 0xBF, 0x2A, 0x3C, - 0x8B, 0x50, 0x3E, 0x8A, 0x95, 0xF7, 0x09, 0x39, - 0xED, 0x3F, 0x5A, 0x52, 0x68, 0xA1, 0xF3, 0x42, - 0xA8, 0x09, 0x13, 0xAE, 0xFD, 0x9F, 0x40, 0x0C, - 0x3D, 0x84, 0x68, 0x07, 0xFF, 0x30, 0x0F, 0x6B, - 0x6F, 0xB7, 0x1F, 0x09, 0x11, 0x8E, 0x7B, 0x3F, - 0x88, 0xF5, 0x41, 0x07, 0xE1, 0x5C, 0x71, 0x28, - 0xAE, 0x71, 0x51, 0xAE, 0xC3, 0xC9, 0xCB, 0xED, - 0xAC, 0x87, 0x32, 0xAB, 0xD0, 0x2F, 0x65, 0xA3, - 0x7D, 0x90, 0xDC, 0xFF, 0x7A, 0x9D, 0xCE, 0xBC, - 0xCA, 0x00, 0x6E, 0x65, 0x3C, 0x99, 0x2F, 0x00, - 0x8A, 0x5A, 0xD9, 0x5A, 0x01, 0x83, 0x99, 0x1D, - 0x8D, 0xD7, 0x10, 0x3B, 0xE2, 0x9C, 0x9C, 0x49, - 0xCA, 0x9C, 0xF6, 0x42, 0x0E, 0x4D, 0xCD, 0x11, - 0x70, 0x0C, 0xCC, 0x2C, 0x8F, 0xAA, 0xA5, 0x7C, - 0xA8, 0x1D, 0xBD, 0x99, 0x63, 0x6E, 0x44, 0x9D, - 0xE6, 0xC0, 0x55, 0x2F, 0x0F, 0x27, 0x43, 0xA3, - 0x3C, 0x46, 0xC4, 0x52, 0x59, 0x4F, 0xD4, 0x07, - 0xAD, 0xE2, 0xBA, 0x19, 0x23, 0x23, 0xB6, 0x78, - 0xFE, 0x65, 0x6D, 0x0D, 0x62, 0x0E, 0xAB, 0xE5, - 0x5A, 0x58, 0x28, 0x17, 0xE9, 0x1D, 0x2F, 0x3E, - 0x04, 0xED, 0x01, 0x56, 0x0B, 0xB9, 0x4E, 0x2D, - 0xF8, 0xC9, 0x7D, 0x12, 0xFE, 0x8A, 0x00, 0x3E, - 0x72, 0x9F, 0x28, 0x77, 0x92, 0x58, 0x6E, 0x11, - 0x75, 0xF1, 0x31, 0x5B, 0x43, 0xF4, 0x95, 0xD3, - 0x59, 0x31, 0xA7, 0xD1, 0x8B, 0x91, 0xED, 0xDE, - 0xD9, 0xC0, 0x04, 0xBA, 0x1F, 0x4E, 0x1D, 0xB6 -}; - -uint8_t rsa_pkcs_known_signature_2048[] = { - 0x77, 0x5A, 0x7C, 0x5B, 0x95, 0xB8, 0x02, 0xB5, - 0xF7, 0xDF, 0x8A, 0x3F, 0x90, 0x7D, 0x32, 0x6E, - 0x3B, 0x79, 0x0F, 0x74, 0xAD, 0x4D, 0xE1, 0x61, - 0xCD, 0x5D, 0x32, 0x4C, 0x4A, 0x94, 0x90, 0xB2, - 0xDB, 0xB0, 0xCE, 0x0E, 0xC8, 0xC2, 0x2D, 0x8B, - 0x26, 0x49, 0xE8, 0x0F, 0x37, 0x85, 0x64, 0xF0, - 0x2B, 0x94, 0xA5, 0x05, 0xC7, 0x32, 0x4C, 0xFD, - 0xE8, 0x1F, 0x5B, 0x3C, 0x74, 0x08, 0x16, 0x02, - 0xAE, 0xB6, 0xB8, 0xF1, 0x4A, 0x2F, 0x3F, 0x92, - 0xCD, 0x8B, 0x82, 0xCA, 0xCC, 0xB4, 0x8E, 0x68, - 0xD6, 0x2F, 0x21, 0x8C, 0x4C, 0x63, 0xA4, 0xEA, - 0xDE, 0xE5, 0xF2, 0x8A, 0x3F, 0x9B, 0x81, 0x50, - 0x12, 0x30, 0x05, 0xF2, 0x63, 0x64, 0xB2, 0x41, - 0x8A, 0x77, 0xAF, 0x07, 0xC1, 0x91, 0x6E, 0x32, - 0x43, 0xEC, 0x3B, 0xB2, 0xE5, 0xAE, 0x95, 0x81, - 0xEE, 0x34, 0x4C, 0xAF, 0x26, 0x8C, 0x14, 0x7D, - 0xB3, 0x0D, 0x47, 0x95, 0x46, 0xFF, 0x5E, 0x12, - 0xCC, 0x02, 0x68, 0x52, 0x58, 0x90, 0xE8, 0x38, - 0xC5, 0x7F, 0x6F, 0x6A, 0xA6, 0x1C, 0x92, 0xDB, - 0x43, 0x82, 0x13, 0x2A, 0x33, 0x0F, 0xEB, 0xEC, - 0xF3, 0x52, 0x47, 0x06, 0x0B, 0xB0, 0x38, 0x52, - 0xB7, 0x60, 0xB5, 0x4D, 0xC3, 0xF8, 0x26, 0x60, - 0x99, 0x67, 0xFA, 0x5C, 0x40, 0x3A, 0x71, 0x8F, - 0x30, 0x04, 0xEF, 0xD2, 0xBD, 0x31, 0xA3, 0x1F, - 0x9A, 0x5D, 0xAA, 0x0C, 0x8E, 0xA1, 0x87, 0x78, - 0x62, 0xFD, 0x15, 0x8C, 0xB4, 0xF5, 0xAF, 0x84, - 0xFB, 0x26, 0xC9, 0xDA, 0x58, 0x67, 0x55, 0x27, - 0x1C, 0x20, 0xEA, 0xDD, 0x5E, 0xC0, 0xBE, 0x88, - 0x46, 0x9C, 0xEF, 0x70, 0x75, 0x91, 0x31, 0x44, - 0x40, 0xCD, 0x61, 0x3F, 0xB6, 0x9C, 0x18, 0x6D, - 0xCD, 0x16, 0x07, 0x89, 0x7D, 0x73, 0x03, 0xE3, - 0x54, 0x22, 0x11, 0x76, 0xF5, 0xE6, 0x4F, 0xF0 -}; - - -uchar_t dsa_base_1024[] = { - 0x34, 0x32, 0xEF, 0xA6, 0x81, 0x0E, 0xF7, 0xA2, - 0x6F, 0x0C, 0x05, 0xB8, 0x6F, 0xE4, 0x0B, 0xD7, - 0xB4, 0x5B, 0x77, 0x3E, 0x0D, 0x6D, 0xA9, 0x37, - 0x39, 0x69, 0xEC, 0x26, 0x58, 0xDD, 0xE5, 0xF7, - 0x26, 0x2A, 0x8C, 0xBD, 0x47, 0x7B, 0x53, 0x12, - 0x65, 0xD5, 0x86, 0x7C, 0xAA, 0x47, 0x8D, 0x2C, - 0xBD, 0x8A, 0x82, 0x5B, 0x5E, 0xEB, 0x94, 0xAE, - 0x79, 0x1D, 0x76, 0x64, 0x9E, 0x3E, 0x33, 0x5A, - 0xFC, 0xB6, 0x86, 0x83, 0x6A, 0xAF, 0x7D, 0xC4, - 0x50, 0x56, 0x60, 0xEF, 0x57, 0x86, 0x6C, 0xD9, - 0x44, 0x72, 0xF2, 0x19, 0xB0, 0x46, 0x52, 0x04, - 0xC3, 0x92, 0xF4, 0xF1, 0x36, 0xEF, 0xFA, 0xAF, - 0xFA, 0x86, 0xBB, 0x2B, 0x07, 0x04, 0x9F, 0xF5, - 0xD4, 0xEC, 0xB5, 0x60, 0x81, 0x8A, 0x6E, 0x5F, - 0x96, 0x4C, 0x84, 0x9E, 0xD0, 0x9E, 0xA9, 0x28, - 0x95, 0xF9, 0x17, 0x5E, 0x95, 0x4F, 0xA8, 0x45 -}; -uchar_t dsa_prime_1024[] = { - 0xB6, 0x6F, 0x0C, 0xED, 0xAF, 0x2C, 0x79, 0x76, - 0x03, 0xC1, 0xB6, 0x4A, 0x60, 0x24, 0x89, 0x6D, - 0xFC, 0x8A, 0x8C, 0x4F, 0x0A, 0x61, 0x4B, 0x55, - 0xB2, 0x4E, 0xDC, 0x2E, 0xB7, 0xFA, 0xFF, 0x9A, - 0xF7, 0xA4, 0x86, 0x71, 0x0E, 0xBF, 0x2A, 0xBB, - 0x60, 0x64, 0x49, 0xFB, 0xB8, 0x8C, 0x86, 0xA1, - 0x92, 0xBC, 0x0A, 0xF8, 0xF3, 0x62, 0x5E, 0x0D, - 0x40, 0xA7, 0x61, 0xCB, 0x45, 0x21, 0x90, 0xF0, - 0x3F, 0xC9, 0x25, 0x79, 0x5B, 0x3A, 0xDE, 0x4E, - 0xAE, 0xFA, 0x21, 0x74, 0x6F, 0x9A, 0x09, 0xED, - 0xA6, 0x7D, 0x6C, 0x89, 0x5A, 0x3E, 0x28, 0xE8, - 0x5D, 0x31, 0x20, 0xD9, 0xAF, 0xE8, 0x9F, 0xA4, - 0xA6, 0xD7, 0xFE, 0x2F, 0x26, 0x4E, 0x85, 0x61, - 0x9B, 0xE6, 0x5E, 0x67, 0x90, 0xF5, 0xDA, 0x8F, - 0xE2, 0xD1, 0x26, 0xB1, 0x66, 0xC6, 0xB0, 0xCA, - 0x7C, 0xE8, 0x08, 0x85, 0x57, 0xE5, 0xAD, 0x01 -}; -uchar_t dsa_subprime_1024[] = { - 0x80, 0xBD, 0xBC, 0x1F, 0x32, 0x59, 0x51, 0xC6, - 0xE0, 0x36, 0xC7, 0x74, 0x47, 0x16, 0xCF, 0x06, - 0xDC, 0x8A, 0xA9, 0x07 -}; -uchar_t dsa_privalue_1024[] = { - 0x3F, 0x02, 0xC5, 0xA7, 0x0C, 0x35, 0xAE, 0xF9, - 0x9B, 0xED, 0xF4, 0x93, 0xB4, 0x10, 0x09, 0x68, - 0x83, 0x2F, 0xCB, 0x9C -}; -uchar_t dsa_pubvalue_1024[] = { - 0x10, 0xEF, 0xCB, 0x38, 0x16, 0xCC, 0xCA, 0x91, - 0x13, 0x6C, 0x56, 0x54, 0x67, 0xBF, 0x14, 0x98, - 0xB7, 0x9B, 0x67, 0x91, 0xC9, 0x43, 0x6E, 0x04, - 0x79, 0x85, 0x0D, 0x74, 0x4C, 0x8B, 0x0E, 0x33, - 0x8E, 0x2C, 0xF4, 0x47, 0x4D, 0x2C, 0x3D, 0xE3, - 0x50, 0x28, 0x0B, 0x19, 0x8E, 0x7F, 0x25, 0x85, - 0xD9, 0xF8, 0x75, 0xE3, 0xE8, 0xE7, 0xDF, 0xAE, - 0x6D, 0xC5, 0x63, 0x25, 0x1E, 0x4E, 0x69, 0xBF, - 0xCE, 0xA1, 0x9A, 0xEA, 0xDB, 0xC5, 0x73, 0x20, - 0x41, 0x9C, 0x1D, 0xCE, 0x28, 0x1D, 0xFE, 0x87, - 0x0C, 0x6A, 0x1D, 0x44, 0xF0, 0x56, 0x01, 0x0D, - 0xF7, 0x1D, 0x82, 0xFD, 0x8D, 0x20, 0xF2, 0xA3, - 0x83, 0x28, 0xD3, 0xED, 0x40, 0x36, 0x0A, 0x4C, - 0xAB, 0x2A, 0xB4, 0x9F, 0xA7, 0x9C, 0x53, 0x69, - 0xBB, 0xC6, 0xB8, 0x78, 0x5E, 0xAF, 0x8F, 0x4E, - 0xFF, 0xCB, 0x2C, 0xB7, 0xD3, 0x53, 0x6D, 0x0A -}; - -uchar_t dsa_known_data[] = { - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J' -}; - -/* - * NIST-Approved Curves - */ - -/* P-192 */ -uchar_t ec_param_oid_secp192r1[] = /* prime192v1/P192 */ - {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x3, 0x1, 0x1}; -uchar_t ec_point_p192r1[] = { - 0x04, 0xa8, 0x57, 0x22, 0x30, 0x43, 0x82, 0xa4, - 0x80, 0x2c, 0x46, 0x79, 0x23, 0x8b, 0xe5, 0x08, - 0x02, 0xf7, 0xc6, 0x86, 0xda, 0xe8, 0x9b, 0x7b, - 0x8c, 0x79, 0xa5, 0x6e, 0x0c, 0x1c, 0x37, 0x47, - 0x1d, 0x51, 0x67, 0xe3, 0xdd, 0x2a, 0xc3, 0x1a, - 0x29, 0xec, 0xd3, 0xbc, 0xf6, 0x95, 0xeb, 0x22, - 0xe0 -}; -uchar_t ec_value_p192r1[] = { - 0x52, 0x9b, 0x30, 0x58, 0x69, 0x72, 0x1b, 0x57, - 0x9c, 0xe5, 0x29, 0xa1, 0x52, 0x70, 0xb9, 0xbe, - 0xf4, 0x3a, 0x63, 0xdd, 0x89, 0xc0, 0xd0, 0xa8 -}; - -/* P-224 */ -uchar_t ec_param_oid_secp224r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21}; -uchar_t ec_point_p224r1[] = { - 0x04, - 0x2B, 0xFF, 0xAF, 0xA1, 0xAA, 0x9A, 0x05, 0x44, - 0xBC, 0xC8, 0xD4, 0xAF, 0xC8, 0x53, 0x92, 0xD8, - 0xC5, 0x01, 0x70, 0xF2, 0x97, 0x5B, 0x7A, 0x23, - 0x7D, 0x39, 0x6A, 0xCD, 0x32, 0xF3, 0x3C, 0x69, - 0x8F, 0x42, 0x00, 0xD6, 0x38, 0x0A, 0xF4, 0xCE, - 0x6D, 0x43, 0x98, 0xDF, 0x2E, 0x62, 0x90, 0x6E, - 0xAD, 0xF7, 0x4E, 0x6C, 0x67, 0x83, 0xC5, 0x69 - }; -uchar_t ec_value_p224r1[] = { - 0x91, 0xE9, 0x9A, 0xA5, 0x6F, 0xA7, 0x9D, 0x90, - 0xED, 0x41, 0x25, 0x42, 0xA8, 0x31, 0x4E, 0xE2, - 0xEB, 0x95, 0x14, 0x89, 0x6D, 0x78, 0xA0, 0x14, - 0x45, 0x8B, 0x85, 0x0E -}; - - -/* P-256 */ -uchar_t ec_param_oid_secp256r1[] = - {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x3, 0x1, 0x7}; -uchar_t ec_point_p256r1[] = { - 0x04, 0xa0, 0x90, 0x62, 0x74, 0x7d, 0x00, 0x6a, - 0x84, 0x01, 0xcd, 0x7b, 0x29, 0xf6, 0x53, 0xe3, - 0xd3, 0x2b, 0xb7, 0x1f, 0x51, 0x8a, 0x0c, 0xba, - 0xe9, 0x3e, 0xd6, 0xa4, 0x90, 0xd3, 0x3a, 0x70, - 0x29, 0x11, 0x70, 0xac, 0x03, 0x8b, 0xb0, 0x11, - 0xd7, 0x05, 0xd5, 0xce, 0x17, 0x4d, 0x1e, 0x50, - 0xdc, 0xea, 0x3b, 0x42, 0x0b, 0x94, 0xcb, 0xda, - 0x4a, 0x07, 0xc9, 0xe6, 0x8e, 0x1d, 0x59, 0xd2, 0x77 -}; -uchar_t ec_value_p256r1[] = { - 0xf3, 0x58, 0xee, 0xc7, 0xec, 0x32, 0x1c, 0x1a, - 0xc6, 0x10, 0xb2, 0x97, 0x15, 0x4e, 0x84, 0x5b, - 0xed, 0x36, 0x94, 0xc1, 0xa0, 0xaa, 0x8b, 0x91, - 0xba, 0x26, 0x73, 0xeb, 0x6b, 0x2d, 0x4c, 0xde -}; - -/* P-384 */ -uchar_t ec_param_oid_secp384r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22}; -uchar_t ec_point_p384r1[] = { - 0x04, 0x2a, 0x87, 0x73, 0x17, 0x2f, 0x61, 0xf6, - 0xbc, 0xd1, 0x8b, 0x31, 0x3d, 0xa1, 0x37, 0x4b, - 0x39, 0xa6, 0x1e, 0xe1, 0x8a, 0x88, 0x17, 0x2b, - 0x86, 0x1a, 0x36, 0xd1, 0x1c, 0x0f, 0x53, 0xd9, - 0xc7, 0x48, 0x31, 0x64, 0xcd, 0x20, 0x38, 0x14, - 0xdd, 0x16, 0xde, 0x8d, 0xf7, 0xf6, 0x89, 0x43, - 0xa0, 0x34, 0x15, 0x5f, 0x70, 0x99, 0x96, 0x55, - 0x03, 0x26, 0x7c, 0x34, 0x9f, 0xe4, 0xfe, 0xaa, - 0xcc, 0xbb, 0xa1, 0x91, 0x2c, 0xbd, 0xe8, 0xc6, - 0x7b, 0xef, 0x17, 0x87, 0x2d, 0x9f, 0xe3, 0x2b, - 0x99, 0x17, 0x6d, 0x96, 0xed, 0x44, 0x55, 0x28, - 0x53, 0xce, 0xcd, 0x31, 0x8c, 0x3d, 0x90, 0x2f, 0xcf -}; -uchar_t ec_value_p384r1[] = { - 0xfc, 0xcb, 0x14, 0xdd, 0x5f, 0x86, 0x31, 0x74, - 0x27, 0xef, 0x19, 0x18, 0x6c, 0x02, 0x2b, 0x94, - 0xbf, 0x56, 0x9f, 0x36, 0x5e, 0x38, 0x6b, 0x82, - 0x91, 0x70, 0xc4, 0x0f, 0xd6, 0xbe, 0x32, 0x5c, - 0x4d, 0xe3, 0x75, 0x98, 0x05, 0x8c, 0x61, 0xe8, - 0x70, 0x32, 0x6f, 0xbc, 0xc9, 0x85, 0x0a, 0x34 -}; - -/* P-521 */ -uchar_t ec_param_oid_secp521r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23}; -uchar_t ec_point_p521r1[] = { - 0x04, 0x01, 0x41, 0x65, 0x78, 0xe4, 0xbd, 0x99, - 0x50, 0xc8, 0x2e, 0x4a, 0x82, 0xac, 0x6c, 0x20, - 0xcf, 0xf8, 0x2e, 0x72, 0x40, 0x1d, 0x5f, 0x51, - 0x5f, 0xcc, 0xb3, 0xa8, 0x52, 0x8c, 0xa6, 0x41, - 0x43, 0xd6, 0xd8, 0x13, 0xfd, 0xd8, 0xbb, 0xd9, - 0x7c, 0xa7, 0xbf, 0xa8, 0xa8, 0x65, 0x0f, 0xc8, - 0xb9, 0x60, 0x13, 0xbc, 0xd3, 0x16, 0x6a, 0x5f, - 0xf0, 0x52, 0x49, 0xce, 0x61, 0x8f, 0x1a, 0xf3, - 0x6d, 0xe6, 0xce, 0x01, 0x15, 0x98, 0xb0, 0x2f, - 0xa0, 0x28, 0x4b, 0x2b, 0xf1, 0xf4, 0xd0, 0x9e, - 0xbd, 0xa2, 0xf5, 0xad, 0x04, 0x23, 0xf6, 0x55, - 0xdb, 0x08, 0x45, 0x7b, 0xde, 0x6e, 0x7b, 0xce, - 0x1d, 0x26, 0x08, 0xc3, 0x01, 0xfd, 0xb1, 0xe1, - 0x56, 0xd3, 0xcc, 0x38, 0x38, 0x93, 0x4d, 0x6e, - 0xb1, 0x95, 0xd1, 0x9c, 0x91, 0x65, 0x4c, 0x85, - 0xe7, 0x64, 0x4f, 0xe5, 0x27, 0x48, 0x81, 0x02, - 0x2f, 0x58, 0x29, 0x17, 0x6b -}; -uchar_t ec_value_p521r1[] = { - 0x01, 0x74, 0x8a, 0x92, 0xca, 0x6f, 0x31, 0x1f, - 0x45, 0x22, 0x84, 0x9f, 0x33, 0x20, 0x56, 0xb0, - 0x5a, 0xdd, 0xda, 0x73, 0x89, 0xb3, 0x21, 0xab, - 0xe5, 0xe0, 0xac, 0xe1, 0x6c, 0xa5, 0x59, 0x1b, - 0x54, 0x56, 0xd6, 0x45, 0xcb, 0xcf, 0x9f, 0xbd, - 0xec, 0x26, 0x43, 0xe8, 0xc4, 0x84, 0xec, 0xa6, - 0xdf, 0x09, 0xfc, 0xe3, 0xe3, 0xcb, 0x89, 0x01, - 0xce, 0x19, 0x12, 0x3d, 0x61, 0x10, 0x1d, 0x6a, - 0xca, 0x39 -}; - - -/* K-163 */ -uchar_t ec_param_oid_sect163k1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01}; -uchar_t ec_point_t163k1[] = { - 0x04, 0x05, 0x95, 0xe3, 0x64, 0xed, 0x0b, 0xf5, - 0x0b, 0x28, 0x20, 0x31, 0xb5, 0x25, 0x35, 0x0d, - 0xc0, 0x5b, 0x16, 0x64, 0x18, 0x7d, 0x01, 0xe4, - 0x11, 0xda, 0xa4, 0x1e, 0x79, 0x7b, 0xcd, 0x5a, - 0x29, 0xed, 0xdf, 0xec, 0xa0, 0xc2, 0xb5, 0xf7, - 0xf3, 0xf6, 0x5a -}; -uchar_t ec_value_t163k1[] = { - 0x03, 0x0d, 0x02, 0xa7, 0xb7, 0x7b, 0x86, 0xe1, - 0x6a, 0x4e, 0xea, 0xd5, 0xa5, 0x01, 0x5c, 0x7c, - 0x73, 0x60, 0x5b, 0x44, 0x80 -}; - -/* K-233 */ -uchar_t ec_param_oid_sect233k1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x1a}; -uchar_t ec_point_t233k1[] = { - 0x04, 0x00, 0xf1, 0x3e, 0x3d, 0xd9, 0xbf, 0x5c, - 0x68, 0x9d, 0xb3, 0x2a, 0x4f, 0x0e, 0xb0, 0xfa, - 0x97, 0x1a, 0x50, 0xbc, 0xbb, 0x5f, 0x86, 0x05, - 0xe3, 0x60, 0x04, 0x81, 0x4b, 0xce, 0x62, 0x01, - 0xe7, 0x57, 0xeb, 0xe2, 0x52, 0xc8, 0x4b, 0x84, - 0x46, 0xd4, 0xca, 0xce, 0x1d, 0xf8, 0x07, 0x0c, - 0x5b, 0x8c, 0x56, 0xce, 0x08, 0xdb, 0x4e, 0x1b, - 0xf7, 0xed, 0x56, 0x19, 0x13 -}; -uchar_t ec_value_t233k1[] = { - 0x00, 0x61, 0xba, 0xcf, 0x3f, 0x7c, 0x0c, 0x16, - 0x81, 0x84, 0x7a, 0x2b, 0x07, 0x88, 0x86, 0x83, - 0xc7, 0xdb, 0xc0, 0xc6, 0xc7, 0xb9, 0x55, 0x80, - 0x7d, 0x9b, 0x89, 0x0f, 0x6f, 0x9d -}; - - -/* K-283 */ -uchar_t ec_param_oid_sect283k1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x10}; -uchar_t ec_point_t283k1[] = { - 0x04, 0x03, 0x63, 0x96, 0xa4, 0xdd, 0x64, 0xf6, - 0x9a, 0x76, 0x4e, 0x46, 0x64, 0x39, 0x3f, 0x6d, - 0xb6, 0xcc, 0xf8, 0xa8, 0x85, 0xea, 0xd4, 0x59, - 0x38, 0xf5, 0xce, 0xb4, 0x57, 0xf3, 0x68, 0xd9, - 0x3a, 0x11, 0xd6, 0x88, 0x2f, 0x03, 0x7f, 0x23, - 0x70, 0x4a, 0x11, 0x3f, 0x4d, 0x04, 0x57, 0x48, - 0xa0, 0x31, 0xd7, 0x0f, 0xec, 0x35, 0x57, 0x4c, - 0x01, 0x11, 0xe5, 0xf0, 0x71, 0xa9, 0x69, 0x44, - 0xc9, 0xf1, 0xc1, 0xf9, 0xe8, 0xb3, 0x90, 0xae, 0x7f -}; -uchar_t ec_value_t283k1[] = { - 0x01, 0x4d, 0x29, 0x14, 0xf0, 0xed, 0xd5, 0x7d, - 0x44, 0x23, 0xc8, 0xa0, 0xc3, 0x4c, 0x90, 0x54, - 0x52, 0xaa, 0x30, 0x90, 0xd9, 0x85, 0xc1, 0x45, - 0xbf, 0x1d, 0xd6, 0x2b, 0x91, 0x47, 0x87, 0x40, - 0xcf, 0x76, 0xa7, 0xa4 -}; - -/* K-409 */ -uchar_t ec_param_oid_sect409k1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x24}; -uchar_t ec_point_t409k1[] = { - 0x04, 0x00, 0xed, 0xe7, 0xa4, 0xe0, 0xe6, 0x06, - 0xd5, 0xc7, 0x39, 0x08, 0xf3, 0x35, 0xe4, 0x20, - 0xd3, 0xb8, 0xbb, 0x24, 0x41, 0x6a, 0x7a, 0xa6, - 0x47, 0x72, 0x29, 0xc8, 0x57, 0x59, 0x3d, 0xc3, - 0x53, 0xac, 0x0e, 0xeb, 0x00, 0x48, 0xe4, 0x9b, - 0xa3, 0xc6, 0x05, 0x01, 0x7f, 0xa7, 0x81, 0xff, - 0x18, 0x48, 0xf6, 0x3b, 0x2a, 0x01, 0xb8, 0xef, - 0x75, 0x39, 0x2b, 0xb5, 0x3d, 0x80, 0x54, 0xef, - 0xee, 0x37, 0xc8, 0x59, 0xdb, 0xad, 0xff, 0xad, - 0x52, 0x42, 0x40, 0x2b, 0xcc, 0xdd, 0xa1, 0xd7, - 0x83, 0xd0, 0x7d, 0x21, 0xab, 0xc7, 0xbf, 0xb2, - 0x1a, 0x4e, 0xb4, 0xe6, 0xb4, 0x1c, 0xe5, 0x9b, - 0xbb, 0xb9, 0xef, 0x68, 0x5c, 0xbf, 0x0d, 0xfd, 0x42 -}; -uchar_t ec_value_t409k1[] = { - 0x00, 0x74, 0xa9, 0xea, 0x4e, 0xeb, 0x48, 0x7d, - 0xc4, 0x7c, 0xd6, 0x09, 0xf9, 0x1d, 0x06, 0x0c, - 0xbf, 0x61, 0xa8, 0x8a, 0x70, 0x11, 0x2c, 0xca, - 0x2d, 0xb8, 0x0b, 0x3a, 0x83, 0x22, 0x9b, 0x69, - 0x22, 0x25, 0x13, 0xe3, 0x4c, 0xe1, 0xed, 0x4e, - 0xdd, 0xe4, 0x27, 0x38, 0xc0, 0x75, 0x91, 0xb7, - 0xfd, 0x6a, 0x73, 0x1c -}; - - -/* K-571 */ -uchar_t ec_param_oid_sect571k1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x26}; -uchar_t ec_point_t571k1[] = { - 0x04, 0x02, 0x90, 0x9c, 0xfe, 0x4f, 0x09, 0x18, - 0x38, 0x71, 0xdc, 0x84, 0xda, 0x80, 0x1d, 0xa5, - 0xba, 0xad, 0x52, 0xce, 0x72, 0x19, 0x42, 0xb8, - 0x6f, 0xa4, 0x31, 0x68, 0xb6, 0xb2, 0x59, 0x4e, - 0x49, 0x73, 0x6e, 0xb6, 0xf7, 0x04, 0x19, 0x6d, - 0x78, 0x5b, 0x28, 0x5a, 0xf6, 0x9b, 0x33, 0x6b, - 0xac, 0x58, 0x1a, 0xcb, 0x52, 0xab, 0xb8, 0x51, - 0xe1, 0x27, 0x6e, 0x55, 0x2b, 0xaa, 0x78, 0xd8, - 0x27, 0x19, 0x2f, 0x3b, 0xfd, 0x5d, 0x4d, 0xa7, - 0x17, 0x05, 0x8a, 0x27, 0xfa, 0x9f, 0xd5, 0xf0, - 0xfe, 0xf7, 0x01, 0x7b, 0x2d, 0x53, 0xc5, 0x4a, - 0x82, 0xc9, 0xae, 0xb3, 0xde, 0xf8, 0x93, 0xc7, - 0x10, 0x2a, 0x95, 0x43, 0x3f, 0x1f, 0xdd, 0xcb, - 0x59, 0xf8, 0xc8, 0x2d, 0xa3, 0xce, 0x7e, 0x65, - 0x39, 0x85, 0x61, 0x01, 0xb3, 0x25, 0x11, 0xc8, - 0x7a, 0xed, 0x15, 0xc4, 0x9d, 0x60, 0x8e, 0xc7, - 0x34, 0x6e, 0x15, 0xa1, 0x0f, 0x9c, 0x86, 0x3d, - 0x8d, 0x2f, 0xdc, 0x9e, 0xb3, 0xfd, 0xb7, 0x1c, 0x98 -}; -uchar_t ec_value_t571k1[] = { - 0x00, 0x18, 0xf8, 0xad, 0x6b, 0x49, 0xa4, 0x31, - 0x97, 0x4b, 0xcf, 0x23, 0xa0, 0x7f, 0xf4, 0x66, - 0x81, 0x7d, 0xa2, 0x72, 0x11, 0x7d, 0x5b, 0xe1, - 0xab, 0x9f, 0xf1, 0xb7, 0xee, 0xea, 0x88, 0xee, - 0xd6, 0x20, 0x18, 0xfd, 0x51, 0xb2, 0xa4, 0x06, - 0xdc, 0x35, 0x13, 0x32, 0x93, 0x56, 0xbe, 0x55, - 0x01, 0xf3, 0xd3, 0x8c, 0xba, 0x8c, 0xcd, 0xd0, - 0xa2, 0x49, 0x9c, 0x7d, 0xac, 0x50, 0x4a, 0x17, - 0xca, 0xbc, 0x52, 0x39, 0x97, 0xf5, 0xfe, 0xc8 -}; - -/* B-163 */ -uchar_t ec_param_oid_sect163r2[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0f}; -uchar_t ec_point_t163r2[] = { - 0x04, 0x05, 0xe7, 0xb8, 0x3c, 0xd5, 0x6b, 0xc1, - 0xeb, 0x43, 0x0b, 0xbc, 0xc1, 0xd7, 0xc2, 0xf9, - 0xa2, 0xc5, 0x88, 0x4d, 0x48, 0x46, 0x04, 0xd2, - 0x80, 0x2f, 0x35, 0x35, 0x38, 0xda, 0x85, 0xab, - 0x23, 0xce, 0x85, 0xe5, 0x89, 0xcf, 0x00, 0x5d, - 0xf5, 0x39, 0xfc -}; -uchar_t ec_value_t163r2[] = { - 0x01, 0x4d, 0xbd, 0x26, 0x63, 0xc4, 0x6a, 0xec, - 0x6d, 0xa5, 0x46, 0x8d, 0xa2, 0x65, 0x64, 0x20, - 0xb5, 0x05, 0x8a, 0x94, 0x24 -}; - - -/* B-233 */ -uchar_t ec_param_oid_sect233r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x1b}; -uchar_t ec_point_t233r1[] = { - 0x04, 0x01, 0x68, 0x1d, 0x09, 0x0b, 0x67, 0xe4, - 0x9c, 0xc1, 0xd9, 0xac, 0x98, 0xec, 0x26, 0x91, - 0x0a, 0x08, 0x3b, 0xeb, 0x48, 0xc1, 0xea, 0x79, - 0x37, 0xff, 0xc5, 0x3d, 0xad, 0xe9, 0xea, 0x01, - 0xab, 0x06, 0x22, 0x4f, 0xb3, 0xfa, 0x23, 0xe3, - 0x15, 0xf3, 0x7d, 0xa0, 0x5a, 0xff, 0x1d, 0x00, - 0xe0, 0xa2, 0x70, 0xbc, 0x31, 0xef, 0xa0, 0xc9, - 0xd4, 0xba, 0xa5, 0x16, 0x62 -}; -uchar_t ec_value_t233r1[] = { - 0x00, 0x88, 0x3e, 0x26, 0x83, 0x08, 0x9c, 0xd9, - 0x7a, 0x46, 0xae, 0xf8, 0x6d, 0xd3, 0x9c, 0xee, - 0xd8, 0xae, 0xf9, 0xd0, 0x5d, 0x96, 0x7e, 0xf9, - 0xb0, 0x1c, 0x21, 0x26, 0x9d, 0x64 -}; - - -/* B-283 */ -uchar_t ec_param_oid_sect283r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x11}; -uchar_t ec_point_t283r1[] = { - 0x04, 0x03, 0x78, 0x8d, 0x40, 0xd6, 0x34, 0xb6, - 0xa0, 0x54, 0x66, 0x23, 0x9d, 0xc0, 0x60, 0x65, - 0x7f, 0xeb, 0x6d, 0xe1, 0x9e, 0xee, 0xc3, 0x7a, - 0xce, 0x50, 0x4f, 0x66, 0x45, 0x49, 0xcd, 0xbf, - 0x5a, 0x8c, 0x84, 0xa7, 0x30, 0x07, 0xc6, 0xbf, - 0x90, 0x6b, 0x6d, 0x9b, 0x50, 0x24, 0x66, 0x7b, - 0xd2, 0xc9, 0xfe, 0x27, 0xdd, 0xd3, 0xef, 0x15, - 0x2e, 0xca, 0x09, 0x93, 0x38, 0x4d, 0x90, 0x9c, - 0x0e, 0x6b, 0xad, 0x5b, 0x79, 0xef, 0x45, 0xb0, 0xef -}; -uchar_t ec_value_t283r1[] = { - 0x00, 0xa1, 0xbb, 0x28, 0x7a, 0xc8, 0x63, 0x2a, - 0xd4, 0x5e, 0xe1, 0xe2, 0x29, 0x33, 0x74, 0x0f, - 0xbb, 0x26, 0x06, 0x36, 0x4f, 0xab, 0x14, 0x35, - 0x87, 0x40, 0xb3, 0x99, 0x67, 0xe2, 0x83, 0xcd, - 0x44, 0xdf, 0xac, 0xff -}; - -/* B-409 */ -uchar_t ec_param_oid_sect409r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x25}; -uchar_t ec_point_t409r1[] = { - 0x04, 0x01, 0x28, 0x3c, 0x30, 0xa0, 0x5f, 0x13, - 0x3e, 0x72, 0xf5, 0x5f, 0xf6, 0xe9, 0x78, 0x20, - 0xb2, 0x8e, 0x81, 0xdd, 0x62, 0xa6, 0x8a, 0x57, - 0xaf, 0x94, 0xab, 0x0a, 0x7e, 0xef, 0xb5, 0xda, - 0xfe, 0xcf, 0x6f, 0x7f, 0xa7, 0x6d, 0x2c, 0xa6, - 0xe4, 0xca, 0x32, 0x7e, 0x7f, 0x45, 0xaa, 0xc8, - 0x88, 0x7a, 0x67, 0x36, 0x07, 0x00, 0xdc, 0x7d, - 0x11, 0xc7, 0x6e, 0x49, 0xc5, 0x57, 0x80, 0xf2, - 0x49, 0xf5, 0xce, 0x62, 0x7b, 0xad, 0xb8, 0xae, - 0x24, 0x8d, 0x1d, 0x77, 0xbf, 0x83, 0xd6, 0xc3, - 0xf3, 0xa9, 0xb9, 0xe3, 0xa6, 0x47, 0x1a, 0x4a, - 0x91, 0x11, 0xd1, 0x4a, 0x48, 0x21, 0x10, 0x16, - 0x85, 0x49, 0xb4, 0x45, 0x7f, 0xdf, 0x0f, 0x34, 0x8a -}; -uchar_t ec_value_t409r1[] = { - 0x00, 0xef, 0x9d, 0x02, 0xa8, 0xef, 0xe4, 0xa2, - 0xe7, 0x5b, 0x6e, 0x3f, 0x15, 0x2f, 0x64, 0x5b, - 0x55, 0xc8, 0xbf, 0xec, 0xca, 0x3a, 0xeb, 0x1c, - 0xdd, 0x97, 0x4f, 0x3f, 0xb0, 0x08, 0xfb, 0x4e, - 0x1d, 0xd3, 0x40, 0x83, 0x75, 0x82, 0x56, 0x27, - 0x6b, 0xfd, 0x83, 0xa8, 0xb7, 0xb6, 0x27, 0xc2, - 0x85, 0x22, 0x4f, 0x34 -}; - -/* B-571 */ -uchar_t ec_param_oid_sect571r1[] = - {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x27}; -uchar_t ec_point_t571r1[] = { - 0x04, 0x04, 0x30, 0x6c, 0xfe, 0x2b, 0xff, 0x12, - 0x23, 0x8a, 0x3b, 0xe0, 0x07, 0x19, 0x8b, 0xd1, - 0xf9, 0x8c, 0x14, 0x3e, 0xea, 0x5f, 0x85, 0x7f, - 0x03, 0x20, 0x89, 0x9f, 0x9f, 0x6d, 0xde, 0xcd, - 0x35, 0x24, 0xa1, 0x83, 0xf7, 0xb9, 0xd1, 0x4b, - 0x4f, 0x20, 0xa8, 0x91, 0x36, 0xa4, 0x75, 0x5e, - 0xee, 0x5a, 0x0e, 0x47, 0xf0, 0xa9, 0xff, 0xb6, - 0x62, 0x65, 0x2b, 0x85, 0x01, 0x49, 0x59, 0x5f, - 0x1d, 0x37, 0x54, 0xf5, 0xdc, 0x61, 0x37, 0x48, - 0xbd, 0x02, 0xf2, 0xa2, 0x7d, 0x73, 0x00, 0xfb, - 0x15, 0x6c, 0x4e, 0x16, 0x22, 0x82, 0xdb, 0x9d, - 0xed, 0x6e, 0xa6, 0x5d, 0x97, 0x19, 0xbb, 0x30, - 0x13, 0x22, 0x71, 0x04, 0xc7, 0xd3, 0x83, 0xc2, - 0x2c, 0xcf, 0x2f, 0xf9, 0x90, 0xe2, 0x9a, 0xca, - 0x97, 0x6b, 0x3c, 0x1d, 0x22, 0xf1, 0x38, 0x6c, - 0x14, 0x4e, 0xa9, 0x8d, 0x37, 0xf5, 0x51, 0xbc, - 0x2b, 0xc8, 0x03, 0x47, 0x25, 0xd5, 0x30, 0x9b, - 0x64, 0xfc, 0x7e, 0x80, 0x70, 0x63, 0xc1, 0x34, 0x86 -}; -uchar_t ec_value_t571r1[] = { - 0x03, 0xa0, 0xb6, 0xf6, 0x40, 0x71, 0x56, 0xd8, - 0x88, 0xf4, 0x08, 0x13, 0xa1, 0x20, 0x8b, 0x03, - 0x04, 0xae, 0x67, 0xc0, 0x7d, 0x1f, 0x19, 0x4b, - 0x40, 0xab, 0x75, 0x65, 0x5f, 0x61, 0x0b, 0x0b, - 0x72, 0x1d, 0xc3, 0xdf, 0x5c, 0xd2, 0x41, 0xf7, - 0x74, 0xe2, 0x26, 0x4d, 0xba, 0xab, 0xcb, 0x6e, - 0xcd, 0x86, 0x57, 0x48, 0x7f, 0x3f, 0x2b, 0x91, - 0xab, 0x50, 0x61, 0xd0, 0x01, 0xd9, 0x1a, 0xec, - 0x7b, 0xb8, 0xcb, 0x3c, 0x72, 0xa7, 0xd5, 0x39 -}; diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/fips/fips_test_vectors.h --- a/usr/src/common/crypto/fips/fips_test_vectors.h Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,246 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef _FIPS_TEST_VECTORS_H -#define _FIPS_TEST_VECTORS_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define DES3_KEY_SZ 24 -#define DES_IV_LEN 8 -#define DES_BLOCK_SZ 8 - -#define AES_BLOCK_SZ 16 -#define AES_MAX_KEY_SZ 32 - -#define AES_CCM_TLEN 16 -#define AES_CCM_NONCE_SZ 7 -#define AES_CCM_AUTHDATA_SZ 30 -#define AES_CCM_DATA_SZ 32 /* Payload size */ -#define AES_CCM_CIPHER_SZ (AES_CCM_DATA_SZ + AES_CCM_TLEN) - -#define AES_GCM_IV_LEN 12 -#define AES_GCM_AAD_LEN 16 -#define AES_GCM_DATA_SZ 16 -#define AES_GCM_CIPHER_SZ ((AES_GCM_DATA_SZ) + ((AES_GMAC_TAG_BITS) / 8)) - -#define AES_GMAC_IV_LEN 12 -#define AES_GMAC_AAD_LEN 16 -#define AES_GMAC_TAG_BITS 128 -#define AES_GMAC_TAG_SZ ((AES_GMAC_TAG_BITS) / 8) -#define AES_GMAC_CIPHER_SZ (AES_GMAC_TAG_SZ) - -#define SHA1_HASH_SZ 20 -#define SHA256_HASH_SZ 32 -#define SHA384_HASH_SZ 48 -#define SHA512_HASH_SZ 64 - - -extern uint8_t des3_known_key[DES3_KEY_SZ]; -extern uint8_t des3_cbc_known_iv[DES_IV_LEN]; -extern uint8_t des3_ecb_known_plaintext[DES_BLOCK_SZ]; -extern uint8_t des3_cbc_known_plaintext[DES_BLOCK_SZ]; -extern uint8_t des3_ecb_known_ciphertext[DES_BLOCK_SZ]; -extern uint8_t des3_cbc_known_ciphertext[DES_BLOCK_SZ]; - -extern uint8_t aes_known_key[AES_MAX_KEY_SZ]; -extern uint8_t aes_cbc_known_initialization_vector[AES_BLOCK_SZ]; -extern uint8_t aes_known_plaintext[AES_BLOCK_SZ]; -extern uint8_t aes_ecb128_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_cbc128_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_ecb192_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_cbc192_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_ecb256_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_cbc256_known_ciphertext[AES_BLOCK_SZ]; - -extern uint8_t aes_ctr128_known_key[16]; -extern uint8_t aes_ctr192_known_key[24]; -extern uint8_t aes_ctr256_known_key[32]; -extern uint8_t aes_ctr_known_counter[AES_BLOCK_SZ]; -extern uint8_t aes_ctr_known_plaintext[AES_BLOCK_SZ]; -extern uint8_t aes_ctr128_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_ctr192_known_ciphertext[AES_BLOCK_SZ]; -extern uint8_t aes_ctr256_known_ciphertext[AES_BLOCK_SZ]; - -extern uint8_t aes_ccm128_known_key[16]; -extern uint8_t aes_ccm192_known_key[24]; -extern uint8_t aes_ccm256_known_key[32]; -extern uint8_t aes_ccm128_known_nonce[AES_CCM_NONCE_SZ]; -extern uint8_t aes_ccm192_known_nonce[AES_CCM_NONCE_SZ]; -extern uint8_t aes_ccm256_known_nonce[AES_CCM_NONCE_SZ]; -extern uint8_t aes_ccm128_known_adata[AES_CCM_AUTHDATA_SZ]; -extern uint8_t aes_ccm192_known_adata[AES_CCM_AUTHDATA_SZ]; -extern uint8_t aes_ccm256_known_adata[AES_CCM_AUTHDATA_SZ]; -extern uint8_t aes_ccm128_known_plaintext[AES_CCM_DATA_SZ]; -extern uint8_t aes_ccm192_known_plaintext[AES_CCM_DATA_SZ]; -extern uint8_t aes_ccm256_known_plaintext[AES_CCM_DATA_SZ]; -extern uint8_t aes_ccm128_known_ciphertext[AES_CCM_CIPHER_SZ]; -extern uint8_t aes_ccm192_known_ciphertext[AES_CCM_CIPHER_SZ]; -extern uint8_t aes_ccm256_known_ciphertext[AES_CCM_CIPHER_SZ]; - -extern uint8_t aes_gcm128_known_key[16]; -extern uint8_t aes_gcm192_known_key[24]; -extern uint8_t aes_gcm256_known_key[32]; -extern uint8_t aes_gcm128_known_iv[AES_GCM_IV_LEN]; -extern uint8_t aes_gcm192_known_iv[AES_GCM_IV_LEN]; -extern uint8_t aes_gcm256_known_iv[AES_GCM_IV_LEN]; -extern uint8_t aes_gcm128_known_adata[AES_GCM_AAD_LEN]; -extern uint8_t aes_gcm192_known_adata[AES_GCM_AAD_LEN]; -extern uint8_t aes_gcm256_known_adata[AES_GCM_AAD_LEN]; -extern uint8_t aes_gcm128_known_plaintext[AES_BLOCK_SZ]; -extern uint8_t aes_gcm192_known_plaintext[AES_BLOCK_SZ]; -extern uint8_t aes_gcm256_known_plaintext[AES_BLOCK_SZ]; -extern uint8_t aes_gcm128_known_ciphertext[32]; -extern uint8_t aes_gcm192_known_ciphertext[32]; -extern uint8_t aes_gcm256_known_ciphertext[32]; - -extern uint8_t aes_gmac128_known_key[16]; -extern uint8_t aes_gmac192_known_key[24]; -extern uint8_t aes_gmac256_known_key[32]; -extern uint8_t aes_gmac128_known_iv[AES_GMAC_IV_LEN]; -extern uint8_t aes_gmac192_known_iv[AES_GMAC_IV_LEN]; -extern uint8_t aes_gmac256_known_iv[AES_GMAC_IV_LEN]; -extern uint8_t aes_gmac128_known_tag[AES_GMAC_TAG_SZ]; -extern uint8_t aes_gmac192_known_tag[AES_GMAC_TAG_SZ]; -extern uint8_t aes_gmac256_known_tag[AES_GMAC_TAG_SZ]; -extern uint8_t aes_gmac128_known_adata[AES_GMAC_AAD_LEN]; -extern uint8_t aes_gmac192_known_adata[AES_GMAC_AAD_LEN]; -extern uint8_t aes_gmac256_known_adata[AES_GMAC_AAD_LEN]; - - -extern uint8_t sha1_known_hash_message[64]; -extern uint8_t sha1_known_digest[SHA1_HASH_SZ]; -extern uint8_t HMAC_known_secret_key[8]; -extern uint8_t known_SHA1_hmac[10]; -extern uint8_t hmac_sha1_known_hash_message[128]; -extern uint8_t sha1_hmac_known_secret_key_2[SHA1_HASH_SZ]; -extern uint8_t sha1_hmac_known_hash_message_2[9]; -extern uint8_t sha1_known_hmac_2[SHA1_HASH_SZ]; - -extern uint8_t sha256_known_hash_message[64]; -extern uint8_t known_sha256_digest[SHA256_HASH_SZ]; -extern uint8_t sha384_known_hash_message[64]; -extern uint8_t known_sha384_digest[SHA384_HASH_SZ]; -extern uint8_t sha512_known_hash_message[64]; -extern uint8_t known_sha512_digest[SHA512_HASH_SZ]; -extern uint8_t sha256_hmac_known_hash_message[64]; -extern uint8_t sha256_hmac_known_secret_key[36]; -extern uint8_t known_sha256_hmac[SHA256_HASH_SZ]; -extern uint8_t sha256_hmac_known_hash_message_1[28]; -extern uint8_t sha256_hmac_known_secret_key_1[4]; -extern uint8_t sha256_known_hmac_1[SHA256_HASH_SZ]; -extern uint8_t sha256_hmac_known_hash_message_2[50]; -extern uint8_t sha256_hmac_known_secret_key_2[25]; -extern uint8_t sha256_known_hmac_2[SHA256_HASH_SZ]; -extern uint8_t sha384_hmac_known_secret_key[16]; -extern uint8_t sha384_hmac_known_hash_message[128]; -extern uint8_t known_sha384_hmac[SHA384_HASH_SZ]; -extern uint8_t sha512_hmac_known_secret_key[20]; -extern uint8_t sha512_hmac_known_hash_message[128]; -extern uint8_t known_sha512_hmac[SHA512_HASH_SZ]; - - -extern uint8_t rsa_modulus_1024[128]; -extern uint8_t rsa_public_exponent_1024[3]; -extern uint8_t rsa_private_exponent_1024[128]; -extern uint8_t rsa_prime1_1024[64]; -extern uint8_t rsa_prime2_1024[64]; -extern uint8_t rsa_exponent1_1024[64]; -extern uint8_t rsa_exponent2_1024[64]; -extern uint8_t rsa_coefficient_1024[64]; -extern uint8_t rsa_modulus_2048[256]; -extern uint8_t rsa_public_exponent_2048[1]; -extern uint8_t rsa_private_exponent_2048[256]; -extern uint8_t rsa_prime1_2048[128]; -extern uint8_t rsa_prime2_2048[128]; -extern uint8_t rsa_exponent1_2048[128]; -extern uint8_t rsa_exponent2_2048[128]; -extern uint8_t rsa_coefficient_2048[128]; -extern uint8_t rsa_known_plaintext_msg[128]; -extern uint8_t rsa_x509_known_signature_1024[128]; -extern uint8_t rsa_pkcs_known_signature_1024[128]; -extern uint8_t rsa_x509_known_signature_2048[256]; -extern uint8_t rsa_pkcs_known_signature_2048[256]; - -extern uint8_t dsa_base_1024[128]; -extern uint8_t dsa_prime_1024[128]; -extern uint8_t dsa_subprime_1024[20]; -extern uint8_t dsa_privalue_1024[20]; -extern uint8_t dsa_pubvalue_1024[128]; -extern uint8_t dsa_known_data[20]; - -extern uint8_t ec_param_oid_secp192r1[10]; -extern uint8_t ec_point_p192r1[49]; -extern uint8_t ec_value_p192r1[24]; -extern uint8_t ec_param_oid_secp224r1[7]; -extern uint8_t ec_point_p224r1[57]; -extern uint8_t ec_value_p224r1[28]; -extern uint8_t ec_param_oid_secp256r1[10]; -extern uint8_t ec_point_p256r1[65]; -extern uint8_t ec_value_p256r1[32]; -extern uint8_t ec_param_oid_secp384r1[7]; -extern uint8_t ec_point_p384r1[97]; -extern uint8_t ec_value_p384r1[48]; -extern uint8_t ec_param_oid_secp521r1[7]; -extern uint8_t ec_point_p521r1[133]; -extern uint8_t ec_value_p521r1[66]; -extern uint8_t ec_param_oid_sect163k1[7]; -extern uint8_t ec_point_t163k1[43]; -extern uint8_t ec_value_t163k1[21]; -extern uint8_t ec_param_oid_sect233k1[7]; -extern uint8_t ec_point_t233k1[61]; -extern uint8_t ec_value_t233k1[30]; -extern uint8_t ec_param_oid_sect283k1[7]; -extern uint8_t ec_point_t283k1[73]; -extern uint8_t ec_value_t283k1[36]; -extern uint8_t ec_param_oid_sect409k1[7]; -extern uint8_t ec_point_t409k1[105]; -extern uint8_t ec_value_t409k1[52]; -extern uint8_t ec_param_oid_sect571k1[7]; -extern uint8_t ec_point_t571k1[145]; -extern uint8_t ec_value_t571k1[72]; -extern uint8_t ec_param_oid_sect163r2[7]; -extern uint8_t ec_point_t163r2[43]; -extern uint8_t ec_value_t163r2[21]; -extern uint8_t ec_param_oid_sect233r1[7]; -extern uint8_t ec_point_t233r1[61]; -extern uint8_t ec_value_t233r1[30]; -extern uint8_t ec_param_oid_sect283r1[7]; -extern uint8_t ec_point_t283r1[73]; -extern uint8_t ec_value_t283r1[36]; -extern uint8_t ec_param_oid_sect409r1[7]; -extern uint8_t ec_point_t409r1[105]; -extern uint8_t ec_value_t409r1[52]; -extern uint8_t ec_param_oid_sect571r1[7]; -extern uint8_t ec_point_t571r1[145]; -extern uint8_t ec_value_t571r1[72]; - -#ifdef __cplusplus -} -#endif - -#endif /* _FIPS_TEST_VECTORS_H */ diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/rsa/rsa_impl.h --- a/usr/src/common/crypto/rsa/rsa_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/crypto/rsa/rsa_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -129,40 +129,6 @@ #define rsa_sign(key, msg, len, sig) rsa_decrypt((key), (msg), (len), (sig)) #define rsa_verify(key, msg, len, sig) rsa_encrypt((key), (msg), (len), (sig)) -/* - * The following definitions and declarations are only used by RSA FIPS POST - */ -#ifdef _RSA_FIPS_POST - -/* RSA FIPS Declarations */ -#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */ -#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */ -#define FIPS_RSA_MESSAGE_LENGTH 128 /* 1024-bits */ -#define FIPS_RSA_COEFFICIENT_LENGTH 64 /* 512-bits */ -#define FIPS_RSA_PRIME0_LENGTH 64 /* 512-bits */ -#define FIPS_RSA_PRIME1_LENGTH 64 /* 512-bits */ -#define FIPS_RSA_EXPONENT0_LENGTH 64 /* 512-bits */ -#define FIPS_RSA_EXPONENT1_LENGTH 64 /* 512-bits */ -#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 128 /* 1024-bits */ -#define FIPS_RSA_ENCRYPT_LENGTH 128 /* 1024-bits */ -#define FIPS_RSA_DECRYPT_LENGTH 128 /* 1024-bits */ -#define FIPS_RSA_SIGNATURE_LENGTH 128 /* 1024-bits */ -#define FIPS_RSA_MODULUS_LENGTH 128 /* 1024-bits */ -#define MAX_KEY_ATTR_BUFLEN 1024 - -typedef struct RSAPrivateKey_s { - uint8_t *version; - int version_len; - RSAbytekey bkey; -} RSAPrivateKey_t; - -/* RSA FIPS functions */ -extern int fips_rsa_post(void); -extern int fips_rsa_encrypt(RSAPrivateKey_t *, uint8_t *, int, uint8_t *); -extern int fips_rsa_decrypt(RSAPrivateKey_t *, uint8_t *, int, uint8_t *); - -#endif /* _RSA_FIPS_POST */ - #ifdef __cplusplus } #endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/sha1/sha1_impl.h --- a/usr/src/common/crypto/sha1/sha1_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/crypto/sha1/sha1_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -31,8 +31,6 @@ extern "C" { #endif -#include - #ifdef _KERNEL #define SHA1_HASH_SIZE 20 /* SHA_1 digest length in bytes */ #define SHA1_DIGEST_LENGTH 20 /* SHA1 digest length in bytes */ @@ -70,25 +68,6 @@ #endif -extern int fips_sha1_post(void); - -/* SHA1 funtions */ -extern SHA1_CTX *fips_sha1_build_context(void); -extern int fips_sha1_hash(SHA1_CTX *, uchar_t *, ulong_t, uchar_t *); - -/* SHA1 HMAC functions */ -#ifndef _KERNEL -extern soft_hmac_ctx_t *fips_sha1_hmac_build_context(uint8_t *, - unsigned int); -extern CK_RV fips_hmac_sha1_hash(unsigned char *, uint8_t *, - unsigned int, uint8_t *, unsigned int); -#else -extern sha1_hmac_ctx_t *fips_sha1_hmac_build_context(uint8_t *, - unsigned int); -extern void fips_hmac_sha1_hash(sha1_hmac_ctx_t *, uint8_t *, - uint32_t, uint8_t *); -#endif - #ifdef __cplusplus } #endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/common/crypto/sha2/sha2_impl.h --- a/usr/src/common/crypto/sha2/sha2_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/common/crypto/sha2/sha2_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -30,8 +30,6 @@ extern "C" { #endif -#include - typedef enum { SHA1_TYPE, SHA256_TYPE, @@ -61,27 +59,6 @@ #endif -extern int fips_sha2_post(void); -extern int fips_sha2_hash(SHA2_CTX *, uchar_t *, ulong_t, uchar_t *); - -#ifndef _KERNEL -/* SHA2 funtions */ -extern SHA2_CTX *fips_sha2_build_context(CK_MECHANISM_TYPE); - -/* SHA2 HMAC functions */ -extern soft_hmac_ctx_t *fips_sha2_hmac_build_context(CK_MECHANISM_TYPE, - uint8_t *, unsigned int); -extern CK_RV fips_hmac_sha2_hash(unsigned char *, uint8_t *, - unsigned int, uint8_t *, unsigned int, CK_MECHANISM_TYPE); -#else - -extern SHA2_CTX *fips_sha2_build_context(sha2_mech_t); -extern sha2_hmac_ctx_t *fips_sha2_hmac_build_context(sha2_mech_t, - uint8_t *, unsigned int); -extern void fips_hmac_sha2_hash(sha2_hmac_ctx_t *, uint8_t *, uint32_t, - uint8_t *, sha2_mech_t); -#endif - #ifdef __cplusplus } #endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/libcryptoutil/common/config_parsing.c --- a/usr/src/lib/libcryptoutil/common/config_parsing.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/libcryptoutil/common/config_parsing.c Sun Sep 12 10:25:50 2010 -0700 @@ -599,65 +599,3 @@ return (B_FALSE); } } - -CK_RV -get_fips_mode(int *mode) -{ - FILE *pfile = NULL; - char buffer[BUFSIZ]; - int len; - CK_RV rc = CKR_OK; - int found = 0; - char *token1; - boolean_t fips_mode = B_FALSE; - - if ((pfile = fopen(_PATH_PKCS11_CONF, "r")) == NULL) { - cryptoerror(LOG_DEBUG, - "failed to open the pkcs11.conf file for read only."); - *mode = CRYPTO_FIPS_MODE_DISABLED; - return (CKR_OK); - } - - while (fgets(buffer, BUFSIZ, pfile) != NULL) { - if (buffer[0] == '#' || buffer[0] == ' ' || - buffer[0] == '\n'|| buffer[0] == '\t') { - continue; /* ignore comment lines */ - } - - len = strlen(buffer); - if (buffer[len - 1] == '\n') { /* get rid of trailing '\n' */ - len--; - } - buffer[len] = '\0'; - - /* Get provider name */ - if ((token1 = strtok(buffer, SEP_COLON)) == - NULL) { /* buf is NULL */ - return (CKR_FUNCTION_FAILED); - }; - - if (is_fips(token1)) { - if ((rc = parse_fips_mode(buffer + strlen(token1) + 1, - &fips_mode)) != CKR_OK) { - goto out; - } else { - found++; - if (fips_mode == B_TRUE) - *mode = CRYPTO_FIPS_MODE_ENABLED; - else - *mode = CRYPTO_FIPS_MODE_DISABLED; - break; - } - } else { - continue; - } - } - - if (!found) { - *mode = CRYPTO_FIPS_MODE_DISABLED; - } - -out: - (void) fclose(pfile); - return (rc); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/libcryptoutil/common/cryptoutil.h --- a/usr/src/lib/libcryptoutil/common/cryptoutil.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/libcryptoutil/common/cryptoutil.h Sun Sep 12 10:25:50 2010 -0700 @@ -20,6 +20,9 @@ * * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #ifndef _CRYPTOUTIL_H #define _CRYPTOUTIL_H @@ -223,8 +226,6 @@ extern ssize_t writen_nointr(int fd, void *dbuf, size_t dlen); extern int update_conf(char *conf_file, char *entry); -extern CK_RV get_fips_mode(int *); - extern int pkcs11_parse_uri(const char *str, pkcs11_uri_t *uri); extern void pkcs11_free_uri(pkcs11_uri_t *uri); diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/libcryptoutil/common/mapfile-vers --- a/usr/src/lib/libcryptoutil/common/mapfile-vers Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/libcryptoutil/common/mapfile-vers Sun Sep 12 10:25:50 2010 -0700 @@ -49,7 +49,6 @@ free_uentrylist; free_umechlist; getent_uef; - get_fips_mode; get_fullpath; get_metaslot_info; get_pkcs11conf_info; diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/libpkcs11/common/pkcs11Conf.c --- a/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Conf.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Conf.c Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,9 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #include #include @@ -31,7 +34,6 @@ #include #include #include -#include #include #include #include @@ -65,9 +67,6 @@ static const char *conf_err = "See cryptoadm(1M). Skipping this plug-in."; -#define CRYPTOSVC_DEFAULT_INSTANCE_FMRI "svc:/system/cryptosvc:default" -#define MAX_CRYPTOSVC_ONLINE_TRIES 5 - /* * Set up metaslot for the framework using either user configuration * or system wide configuration options @@ -232,189 +231,6 @@ } /* - * cryptosvc_is_online() - * - * Determine if the SMF service instance is in the online state or - * not. A number of operations depend on this state. - */ -static boolean_t -cryptosvc_is_online(void) -{ - char *str; - boolean_t ret = B_FALSE; - - if ((str = smf_get_state(CRYPTOSVC_DEFAULT_INSTANCE_FMRI)) != NULL) { - ret = (strcmp(str, SCF_STATE_STRING_ONLINE) == 0); - free(str); - } - return (ret); -} - -/* - * cryptosvc_is_down() - * - * Determine if the SMF service instance is in the disabled state or - * maintenance state. A number of operations depend on this state. - */ -static boolean_t -cryptosvc_is_down(void) -{ - char *str; - boolean_t ret = B_FALSE; - - if ((str = smf_get_state(CRYPTOSVC_DEFAULT_INSTANCE_FMRI)) != NULL) { - ret = ((strcmp(str, SCF_STATE_STRING_DISABLED) == 0) || - (strcmp(str, SCF_STATE_STRING_MAINT) == 0)); - free(str); - } - return (ret); -} - - -/* Generic function for all door calls to kcfd. */ -ELFsign_status_t -kcfd_door_call(char *fullpath, boolean_t fips140, CK_RV *rv) -{ - boolean_t try_door_open_again = B_FALSE; - int kcfdfd = -1; - door_arg_t darg; - kcf_door_arg_t *kda = NULL; - kcf_door_arg_t *rkda = NULL; - int r; - int is_cryptosvc_up_count = 0; - int door_errno = 0; - ELFsign_status_t estatus = ELFSIGN_UNKNOWN; - -open_door_file: - while ((kcfdfd = open(_PATH_KCFD_DOOR, O_RDONLY)) == -1) { - /* save errno and test for EINTR or EAGAIN */ - door_errno = errno; - if (door_errno == EINTR || - door_errno == EAGAIN) - continue; - /* if disabled or maintenance mode - bail */ - if (cryptosvc_is_down()) - break; - /* exceeded our number of tries? */ - if (is_cryptosvc_up_count > MAX_CRYPTOSVC_ONLINE_TRIES) - break; - /* any other state, try again up to 1/2 minute */ - (void) sleep(5); - is_cryptosvc_up_count++; - } - if (kcfdfd == -1) { - if (!cryptosvc_is_online()) { - cryptoerror(LOG_ERR, "libpkcs11: unable to communicate" - " with kcfd, door_file %s: %s. %s is not online." - " (see svcs -xv for details).", - _PATH_KCFD_DOOR, strerror(door_errno), - CRYPTOSVC_DEFAULT_INSTANCE_FMRI); - } else { - cryptoerror(LOG_ERR, "libpkcs11: unable to open" - " kcfd door_file %s: %s.", _PATH_KCFD_DOOR, - strerror(door_errno)); - } - *rv = CKR_CRYPTOKI_NOT_INITIALIZED; - estatus = ELFSIGN_UNAVAILABLE; - goto verifycleanup; - } - - /* Mark the door "close on exec" */ - (void) fcntl(kcfdfd, F_SETFD, FD_CLOEXEC); - - if ((kda = malloc(sizeof (kcf_door_arg_t))) == NULL) { - cryptoerror(LOG_ERR, "libpkcs11: malloc of kda " - "failed: %s", strerror(errno)); - goto verifycleanup; - } - - if (fips140 == B_TRUE) - kda->da_version = KCFD_FIPS140_INTCHECK; - else { - kda->da_version = KCF_KCFD_VERSION1; - (void) strlcpy(kda->da_u.filename, fullpath, - strlen(fullpath) + 1); - } - - kda->da_iskernel = B_FALSE; - - darg.data_ptr = (char *)kda; - darg.data_size = sizeof (kcf_door_arg_t); - darg.desc_ptr = NULL; - darg.desc_num = 0; - darg.rbuf = (char *)kda; - darg.rsize = sizeof (kcf_door_arg_t); - - while ((r = door_call(kcfdfd, &darg)) != 0) { - /* save errno and test for certain errors */ - door_errno = errno; - if (door_errno == EINTR || door_errno == EAGAIN) - continue; - /* if disabled or maintenance mode - bail */ - if (cryptosvc_is_down()) - break; - /* exceeded our number of tries? */ - if (is_cryptosvc_up_count > MAX_CRYPTOSVC_ONLINE_TRIES) - break; - /* if stale door_handle, retry the open */ - if (door_errno == EBADF) { - try_door_open_again = B_TRUE; - is_cryptosvc_up_count++; - (void) sleep(5); - goto verifycleanup; - } else - break; - } - - if (r != 0) { - if (!cryptosvc_is_online()) { - cryptoerror(LOG_ERR, "%s is not online " - " - unable to utilize cryptographic " - "services. (see svcs -xv for details).", - CRYPTOSVC_DEFAULT_INSTANCE_FMRI); - } else { - cryptoerror(LOG_ERR, "libpkcs11: door_call " - "of door_file %s failed with error %s.", - _PATH_KCFD_DOOR, strerror(door_errno)); - } - *rv = CKR_CRYPTOKI_NOT_INITIALIZED; - estatus = ELFSIGN_UNAVAILABLE; - goto verifycleanup; - } - - /*LINTED*/ - rkda = (kcf_door_arg_t *)darg.rbuf; - if ((fips140 == B_FALSE && rkda->da_version != KCF_KCFD_VERSION1) || - (fips140 == B_TRUE && rkda->da_version != KCFD_FIPS140_INTCHECK)) { - cryptoerror(LOG_ERR, - "libpkcs11: kcfd and libelfsign versions " - "don't match: got %d expected %d", rkda->da_version, - (fips140) ? KCFD_FIPS140_INTCHECK : KCF_KCFD_VERSION1); - goto verifycleanup; - } - estatus = rkda->da_u.result.status; -verifycleanup: - if (kcfdfd != -1) { - (void) close(kcfdfd); - } - if (rkda != NULL && rkda != kda) - (void) munmap((char *)rkda, darg.rsize); - if (kda != NULL) { - bzero(kda, sizeof (kda)); - free(kda); - kda = NULL; - rkda = NULL; /* rkda is an alias of kda */ - } - if (try_door_open_again) { - try_door_open_again = B_FALSE; - goto open_door_file; - } - - return (estatus); -} - - -/* * For each provider found in pkcs11.conf: expand $ISA if necessary, * verify the module is signed, load the provider, find all of its * slots, and store the function list and disabled policy. @@ -454,21 +270,6 @@ /* number of slots in the framework, not including metaslot */ uint_t slot_count = 0; - ELFsign_status_t estatus = ELFSIGN_UNKNOWN; - char *estatus_str = NULL; - int fips140_mode = CRYPTO_FIPS_MODE_DISABLED; - - /* Check FIPS 140 configuration and execute check if enabled */ - (void) get_fips_mode(&fips140_mode); - if (fips140_mode) { - estatus = kcfd_door_call(NULL, B_TRUE, &rv); - if (estatus != ELFSIGN_SUCCESS) { - cryptoerror(LOG_ERR, "libpkcs11: failed FIPS 140 " - "integrity check."); - return (CKR_GENERAL_ERROR); - } - } - phead = pplist; /* Loop through all of the provider listed in pkcs11.conf */ @@ -684,63 +485,6 @@ goto contparse; } - /* - * Verify that the module is signed correctly. - * - * NOTE: there is a potential race condition here, - * since the module is verified well after we have - * opened the provider via dlopen(). This could be - * resolved by a variant of dlopen() that would take a - * file descriptor as an argument and by changing the - * kcfd libelfsign door protocol to use and fd instead - * of a path - but that wouldn't work in the kernel case. - */ - estatus = kcfd_door_call(fullpath, B_FALSE, &rv); - - switch (estatus) { - case ELFSIGN_SUCCESS: - break; - case ELFSIGN_NOTSIGNED: - estatus_str = "not a signed provider."; - break; - case ELFSIGN_FAILED: - estatus_str = "signature verification failed."; - break; - case ELFSIGN_UNAVAILABLE: - estatus_str = "kcfd(1m) is not available for " - "signature verification. Cannot continue loading " - "the cryptographic framework."; - break; - default: - estatus_str = "unexpected failure in ELF " - "signature verification."; - } - if (estatus_str != NULL) { - if (estatus != ELFSIGN_UNAVAILABLE) { - cryptoerror(LOG_ERR, "libpkcs11: %s %s %s", - fullpath, estatus_str, - estatus == ELFSIGN_UNKNOWN ? - "See cryptoadm (1M). " - "Cannot continue parsing " - _PATH_PKCS11_CONF : conf_err); - } else { - cryptoerror(LOG_ERR, "libpkcs11: %s", - estatus_str); - } - - (void) prov_funcs->C_Finalize(NULL); - (void) dlclose(dldesc); - estatus_str = NULL; - if (estatus == ELFSIGN_UNKNOWN || - estatus == ELFSIGN_UNAVAILABLE) { - prov_funcs = NULL; - dldesc = NULL; - rv = CKR_GENERAL_ERROR; - goto conferror; - } - goto contparse; - } - /* Allocate memory for the slot list */ prov_slots = calloc(prov_slot_count, sizeof (CK_SLOT_ID)); @@ -987,8 +731,7 @@ conferror: /* * This cleanup code is only exercised when a major, - * unrecoverable error like "out of memory" or - * kcfd is not reachable occurs. + * unrecoverable error like "out of memory". */ if (prov_funcs != NULL) { (void) prov_funcs->C_Finalize(NULL); diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com --- a/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,8 @@ # # Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. # +# Copyright 2010 Nexenta Systems, Inc. All rights reserved. +# # lib/pkcs11/pkcs11_softtoken/Makefile.com # @@ -61,9 +63,7 @@ softSSL.o \ softASN1.o \ softBlowfishCrypt.o \ - softEC.o \ - softFipsPost.o \ - softFipsPostUtil.o + softEC.o ASFLAGS = $(AS_PICFLAGS) -P -D__STDC__ -D_ASM $(CPPFLAGS) @@ -76,23 +76,16 @@ MPI_COBJECTS = mp_gf2m.o mpi.o mplogic.o mpmontg.o mpprime.o RNG_COBJECTS = fips_random.o -FIPS_COBJECTS = fips_aes_util.o fips_des_util.o \ - fips_sha1_util.o fips_sha2_util.o \ - fips_dsa_util.o fips_rsa_util.o \ - fips_ecc_util.o fips_random_util.o \ - fips_test_vectors.o ECC_OBJECTS = $(ECC_COBJECTS) $(ECC_PSR_OBJECTS) MPI_OBJECTS = $(MPI_COBJECTS) $(MPI_PSR_OBJECTS) RNG_OBJECTS = $(RNG_COBJECTS) -FIPS_OBJECTS = $(FIPS_COBJECTS) BER_OBJECTS = bprint.o decode.o encode.o io.o OBJECTS = \ $(LCL_OBJECTS) \ $(MPI_OBJECTS) \ $(RNG_OBJECTS) \ - $(FIPS_OBJECTS) \ $(BIGNUM_OBJECTS) \ $(BER_OBJECTS) \ $(ECC_OBJECTS) @@ -107,7 +100,6 @@ MPIDIR= $(SRC)/common/mpi RSADIR= $(SRC)/common/crypto/rsa RNGDIR= $(SRC)/common/crypto/rng -FIPSDIR= $(SRC)/common/crypto/fips SHA1DIR= $(SRC)/common/crypto/sha1 SHA2DIR= $(SRC)/common/crypto/sha2 BIGNUMDIR= $(SRC)/common/bignum @@ -125,8 +117,7 @@ $(LCL_OBJECTS:%.o=$(SRCDIR)/%.c) \ $(MPI_COBJECTS:%.o=$(MPIDIR)/%.c) \ $(ECC_COBJECTS:%.o=$(ECCDIR)/%.c) \ - $(RNG_COBJECTS:%.o=$(RNGDIR)/%.c) \ - $(FIPS_COBJECTS:%.o=$(FIPSDIR)/%.c) + $(RNG_COBJECTS:%.o=$(RNGDIR)/%.c) # libelfsign needs a static pkcs11_softtoken LIBS = $(DYNLIB) @@ -137,7 +128,7 @@ CPPFLAGS += -I$(AESDIR) -I$(BLOWFISHDIR) -I$(ARCFOURDIR) -I$(DESDIR) \ -I$(DHDIR) -I$(DSADIR) -I$(ECCDIR) -I$(SRC)/common/crypto \ -I$(MPIDIR) -I$(RSADIR) -I$(RNGDIR) \ - -I$(FIPSDIR) -I$(SHA1DIR) -I$(SHA2DIR) -I$(SRCDIR) \ + -I$(SHA1DIR) -I$(SHA2DIR) -I$(SRCDIR) \ -I$(BIGNUMDIR) -I$(PADDIR) -D_POSIX_PTHREAD_SEMANTICS \ -DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B @@ -148,8 +139,7 @@ LINTSRC = \ $(LCL_OBJECTS:%.o=$(SRCDIR)/%.c) \ - $(RNG_COBJECTS:%.o=$(RNGDIR)/%.c) \ - $(FIPS_COBJECTS:%.o=$(FIPSDIR)/%.c) + $(RNG_COBJECTS:%.o=$(RNGDIR)/%.c) .KEEP_STATE: @@ -175,8 +165,4 @@ $(COMPILE.c) -o $@ $< $(POST_PROCESS_O) -pics/%.o: $(FIPSDIR)/%.c - $(COMPILE.c) -o $@ $< - $(POST_PROCESS_O) - include $(SRC)/lib/Makefile.targ diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPost.c --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPost.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,160 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "softMAC.h" -#define _AES_FIPS_POST -#define _DES_FIPS_POST -#include "softCrypt.h" -#define _DSA_FIPS_POST -#include -#define _RSA_FIPS_POST -#include -#include -#include -#include - - -extern int fips_ecdsa_post(void); - - -/* - * FIPS Power-on SelfTest for the supported FIPS ciphers and - * components. - */ -CK_RV -soft_fips_post(void) -{ - CK_RV rv; - - /* - * SHA-1 Power-On SelfTest. - * - * 1. SHA-1 POST - * 2. HMAC SHA-1 POST - */ - rv = fips_sha1_post(); - if (rv != CKR_OK) - return (rv); - - /* - * SHA-2 Power-On SelfTest. - * - * 1. SHA-256 POST - * 2. SHA-384 POST - * 3. SHA-512 POST - * 4. HMAC SHA-256 POST - * 5. HMAC SHA-384 POST - * 6. HMAC SHA-512 POST - */ - rv = fips_sha2_post(); - - if (rv != CKR_OK) - return (rv); - - - /* - * Triple DES Power-On SelfTest. - * - * 1. DES3 ECB Encryption/Decryption - * 2. DES3 CBC Encryption/Decryption - */ - rv = fips_des3_post(); - - if (rv != CKR_OK) - return (rv); - - /* AES Power-On SelfTest for 128-bit key. */ - rv = fips_aes_post(FIPS_AES_128_KEY_SIZE); - - if (rv != CKR_OK) - return (rv); - - /* AES Power-On SelfTest for 192-bit key. */ - rv = fips_aes_post(FIPS_AES_192_KEY_SIZE); - - if (rv != CKR_OK) - return (rv); - - /* AES Power-On SelfTest for 256-bit key. */ - rv = fips_aes_post(FIPS_AES_256_KEY_SIZE); - - if (rv != CKR_OK) - return (rv); - - /* - * ECDSA Power-Up SelfTest - * - * 1. ECC Signature - * 2. ECC Verification - */ - rv = fips_ecdsa_post(); - - if (rv != CKR_OK) - return (rv); - - /* - * RSA Power-On SelfTest - * - * 1. RSA Encryption - * 2. RSA Decryption - * 3. RSA SHA-1 Sign/Verify - * 4. RSA SHA-256 Sign/Verify - * 5. RSA SHA-384 Sign/Verify - * 6. RSA SHA-512 Sign/Verify - * - */ - rv = fips_rsa_post(); - - if (rv != CKR_OK) - return (rv); - - /* - * DSA Power-On SelfTest - * - * 1. DSA Sign on SHA-1 digest - * 2. DSA Verification - */ - rv = fips_dsa_post(); - - if (rv != CKR_OK) - return (rv); - - /* RNG Power-On SelfTest. */ - rv = fips_rng_post(); - - if (rv != CKR_OK) - return (rv); - - /* Passed Power-On SelfTest. */ - return (CKR_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPostUtil.c --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softFipsPostUtil.c Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,175 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#define _SHA2_IMPL -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "softCrypt.h" -#include "softGlobal.h" -#include "softRSA.h" -#include "softDSA.h" -#include "softOps.h" -#include "softMAC.h" -#include - -#define MAX_ECKEY_LEN 72 - - -/* - * FIPS 140-2 pairwise consistency check utilized to validate key pair. - * - * This function returns - * CKR_OK if pairwise consistency check passed - * CKR_GENERAL_ERROR if pairwise consistency check failed - * other error codes if pairwise consistency check could not be - * performed, for example, CKR_HOST_MEMORY. - * - * Key type Mechanism type - * -------------------------------- - * - * For sign/verify: CKK_RSA => CKM_SHA1_RSA_PKCS - * CKK_DSA => CKM_DSA_SHA1 - * CKK_EC => CKM_ECDSA_SHA1 - * others => CKM_INVALID_MECHANISM - * - * None of these mechanisms has a parameter. - */ -CK_RV -fips_pairwise_check(soft_session_t *session_p, - soft_object_t *publicKey, soft_object_t *privateKey, - CK_KEY_TYPE keyType) -{ - - CK_MECHANISM mech = {0, NULL, 0}; - uchar_t modulus[MAX_KEY_ATTR_BUFLEN]; - uint32_t modulus_len = sizeof (modulus); - boolean_t can_sign_verify = B_FALSE; - CK_RV rv; - - /* Variables used for Signature/Verification functions. */ - /* always uses SHA-1 digest */ - unsigned char *known_digest = (unsigned char *)"OpenSolarisCommunity"; - unsigned char *signature; - CK_ULONG signature_length; - - if (keyType == CKK_RSA) { - /* Get modulus length of private key. */ - rv = soft_get_private_value(privateKey, CKA_MODULUS, - modulus, &modulus_len); - if (rv != CKR_OK) { - return (CKR_DEVICE_ERROR); - } - } - - /* - * Pairwise Consistency Check of Sign/Verify - */ - - /* Check to see if key object supports signature. */ - can_sign_verify = (privateKey->bool_attr_mask & SIGN_BOOL_ON); - - if (can_sign_verify) { - /* Determine length of signature. */ - switch (keyType) { - case CKK_RSA: - signature_length = modulus_len; - mech.mechanism = CKM_SHA1_RSA_PKCS; - break; - - case CKK_DSA: - signature_length = FIPS_DSA_SIGNATURE_LENGTH; - mech.mechanism = CKM_DSA_SHA1; - break; - - case CKK_EC: - signature_length = MAX_ECKEY_LEN * 2; - mech.mechanism = CKM_ECDSA_SHA1; - break; - - default: - return (CKR_DEVICE_ERROR); - } - - /* Allocate space for signature data. */ - signature = (unsigned char *) calloc(1, signature_length); - if (signature == NULL) { - return (CKR_HOST_MEMORY); - } - - /* Sign the known hash using the private key. */ - rv = soft_sign_init(session_p, &mech, privateKey); - if (rv != CKR_OK) { - free(signature); - return (rv); - } - - rv = soft_sign(session_p, known_digest, PAIRWISE_DIGEST_LENGTH, - signature, &signature_length); - if (rv != CKR_OK) { - free(signature); - return (rv); - } - - /* Verify the known hash using the public key. */ - rv = soft_verify_init(session_p, &mech, publicKey); - if (rv != CKR_OK) { - free(signature); - return (rv); - } - - rv = soft_verify(session_p, known_digest, - PAIRWISE_DIGEST_LENGTH, signature, - signature_length); - - /* Free signature data. */ - free(signature); - if ((rv == CKR_SIGNATURE_LEN_RANGE) || - (rv == CKR_SIGNATURE_INVALID)) { - return (CKR_GENERAL_ERROR); - } - - if (rv != CKR_OK) { - return (rv); - } - } - - return (CKR_OK); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/pkcs11_softtoken/common/softGeneral.c --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGeneral.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGeneral.c Sun Sep 12 10:25:50 2010 -0700 @@ -129,9 +129,6 @@ /* protects softtoken_initialized and access to C_Initialize/C_Finalize */ pthread_mutex_t soft_giant_mutex = PTHREAD_MUTEX_INITIALIZER; -/* fips mode setting */ -int softtoken_fips_mode = CRYPTO_FIPS_MODE_DISABLED; - static CK_RV finalize_common(boolean_t force, CK_VOID_PTR pReserved); static void softtoken_init(); static void softtoken_fini(); @@ -278,15 +275,6 @@ ses_delay_freed.first = NULL; ses_delay_freed.last = NULL; - /* - * Perform POST when fips mode is enabled. - */ - if ((rv = get_fips_mode(&softtoken_fips_mode)) == CKR_OK) { - if (softtoken_fips_mode == CRYPTO_FIPS_MODE_ENABLED) { - rv = soft_fips_post(); - } - } - if (rv != CKR_OK) { (void) pthread_mutex_destroy( &ses_delay_freed.ses_to_be_free_mutex); diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h Sun Sep 12 10:25:50 2010 -0700 @@ -41,7 +41,6 @@ extern struct slot soft_slot; extern struct obj_to_be_freed_list obj_delay_freed; extern struct ses_to_be_freed_list ses_delay_freed; -extern int softtoken_fips_mode; #define SOFTTOKEN_SLOTID 1 @@ -71,8 +70,6 @@ CKF_DUAL_CRYPTO_OPERATIONS|\ CKF_TOKEN_INITIALIZED -extern CK_RV soft_fips_post(void); - #ifdef __cplusplus } #endif diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c Sun Sep 12 10:25:50 2010 -0700 @@ -52,9 +52,6 @@ #define local_min(a, b) ((a) < (b) ? (a) : (b)) -extern CK_RV fips_pairwise_check(soft_session_t *, - soft_object_t *, soft_object_t *, CK_KEY_TYPE); - static CK_RV soft_pkcs12_pbe(soft_session_t *, CK_MECHANISM_PTR, soft_object_t *); @@ -519,32 +516,6 @@ return (rv); } - /* - * FIPS 140-2 pairwise consistency check utilized to - * validate key pair - */ - if ((key_type == CKK_RSA) || (key_type == CKK_DSA) || - (key_type == CKK_EC)) { - if (softtoken_fips_mode == CRYPTO_FIPS_MODE_ENABLED) { - rv = fips_pairwise_check(session_p, public_key, - private_key, key_type); - if (rv != CKR_OK) { - if (IS_TOKEN_OBJECT(public_key)) { - soft_delete_token_object(public_key, - B_FALSE, B_FALSE); - soft_delete_token_object(private_key, - B_FALSE, B_FALSE); - } else { - soft_delete_object(session_p, - public_key, B_FALSE, B_FALSE); - soft_delete_object(session_p, - private_key, B_FALSE, B_FALSE); - } - return (rv); - } - } - } - if (IS_TOKEN_OBJECT(public_key)) { /* * All the info has been filled, so we can write to diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/pkg/manifests/SUNWcs.mf --- a/usr/src/pkg/manifests/SUNWcs.mf Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/pkg/manifests/SUNWcs.mf Sun Sep 12 10:25:50 2010 -0700 @@ -500,7 +500,6 @@ file path=etc/user_attr group=sys preserve=true timestamp=19700101T000000Z file path=etc/user_attr.d/SUNWcs group=sys file path=etc/vfstab group=sys preserve=true -file path=lib/crypto/kcfd mode=0555 file path=lib/inet/in.mpathd mode=0555 file path=lib/inet/ipmgmtd mode=0555 file path=lib/inet/netcfgd mode=0555 diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/tools/Makefile --- a/usr/src/tools/Makefile Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/tools/Makefile Sun Sep 12 10:25:50 2010 -0700 @@ -53,8 +53,7 @@ # special versions of commands for use only in build # UNSHIPPED_SUBDIRS = \ - elfsign \ - fips_addchecksum + elfsign sparc_SUBDIRS= \ chk4ubin \ diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/tools/fips_addchecksum/Makefile --- a/usr/src/tools/fips_addchecksum/Makefile Sat Sep 11 23:00:34 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,65 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. -# -# - -CRYPTODIR = $(SRC)/common/crypto - -PROG = fips_addchecksum -OBJS = fips_addchecksum.o fips_checksum.o -SRCS = $(OBJS:.o=.c) -LINTFILES = $(OBJS:.o=.ln) - -include ../Makefile.tools - -INCS += -I $(CRYPTODIR) - -CFLAGS += $(CCVERBOSE) $(INCS) -LINTFLAGS += $(INCS) - -LDLIBS += -lmd -lelf - -.KEEP_STATE: - -all: $(PROG) - -$(PROG): $(OBJS) - $(LINK.c) $(OBJS) -o $@ $(LDLIBS) $(DYNFLAGS) - $(POST_PROCESS) - -%.o: $(CRYPTODIR)/fips/%.c - $(COMPILE.c) $(CFLAGS) -o $@ -c $< - - -install: all $(ROOTPROG) - -clean: - $(RM) -f $(OBJS) $(PROG) $(LINTFILES) - -%.ln: $(CRYPTODIR)/fips/%.c - $(LINT.c) -c $< - -lint: $(LINTFILES) - $(LINT) $(LINTFLAGS) $(LINTFILES) $(LDLIBS) - -include $(SRC)/cmd/Makefile.targ diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/tools/scripts/nightly.sh --- a/usr/src/tools/scripts/nightly.sh Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/tools/scripts/nightly.sh Sun Sep 12 10:25:50 2010 -0700 @@ -71,108 +71,6 @@ fi # -# Datestamp for crypto tarballs. We don't use BUILD_DATE because it -# doesn't sort right and it uses English abbreviations for the month. -# We want to guarantee a consistent string, so just invoke date(1) -# once and save the result in a global variable. YYYY-MM-DD is easier -# to parse visually than YYYYMMDD. -# -cryptostamp=$(date +%Y-%m-%d) - -# -# Echo the path for depositing a crypto tarball, creating the target -# directory if it doesn't already exist. -# usage: cryptodest suffix -# where "suffix" is "" or "-nd". -# -function cryptodest { - typeset suffix=$1 - # - # $PKGARCHIVE gets wiped out with each build, so put the - # tarball one level up. - # - typeset dir=$(dirname "$PKGARCHIVE") - [ -d "$dir" ] || mkdir -p "$dir" >> "$LOGFILE" 2>&1 - # - # Put the suffix after the datestamp to make it easier for - # gatelings to use crypto from a specific date (no need to - # copy and rename the gate tarball). - # - echo "$dir/on-crypto-$cryptostamp$suffix.$MACH.tar" -} - -# -# Create a non-stamped symlink to the given crypto tarball. -# Return 0 on success, non-zero on failure. -# -function cryptolink { - typeset targpath=$1 - typeset suffix=$2 - if [ ! -f "$targpath" ]; then - echo "no crypto at $targpath" - return 1 - fi - typeset dir=$(dirname "$targpath") - typeset targfile=$(basename "$targpath") - typeset link=on-crypto$suffix.$MACH.tar.bz2 - (cd "$dir"; rm -f "$link") - (cd "$dir"; ln -s "$targfile" "$link") - return $? -} - -# -# Generate a crypto tarball from the proto area and put it in the -# canonical location, along with the datestamp-free symlink. -# Sets build_ok to "n" if there is a problem. -# -function crypto_from_proto { - typeset label=$1 - typeset suffix=$2 - typeset -i stat - typeset to - - echo "Creating $label crypto tarball..." >> "$LOGFILE" - - # - # Generate the crypto THIRDPARTYLICENSE file. This needs to - # be done after the build has finished and before we run - # cryptodrop. We'll generate the file twice if we're building - # both DEBUG and non-DEBUG, but it's a cheap operation and not - # worth the complexity to only do once. - # - if [ -d ${ROOT}${suffix}/licenses/usr ]; then - ( cd ${ROOT}${suffix}/licenses ; \ - mktpl -c $SRC/pkg/license-list ) >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - echo "Couldn't create crypto THIRDPARTYLICENSE files" | - tee -a "$mail_msg_file" >> "$LOGFILE" - build_ok=n - return - fi - else - echo "No licenses found under ${ROOT}${suffix}/licenses" | - tee -a "$mail_msg_file" >> "$LOGFILE" - fi - - to=$(cryptodest "$suffix") - if [ "$suffix" = "-nd" ]; then - cryptodrop -n "$to" >> "$LOGFILE" 2>&1 - else - cryptodrop "$to" >> "$LOGFILE" 2>&1 - fi - if (( $? != 0 )) ; then - echo "\nCould not create $label crypto tarball." | - tee -a "$mail_msg_file" >> "$LOGFILE" - build_ok=n - else - cryptolink "$to.bz2" "$suffix" >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - build_ok=n - fi - fi -} - -# # Function to do a DEBUG and non-DEBUG build. Needed because we might # need to do another for the source build, and since we only deliver DEBUG or # non-DEBUG packages. @@ -182,28 +80,20 @@ function normal_build { typeset orig_p_FLAG="$p_FLAG" - typeset crypto_in="$ON_CRYPTO_BINS" typeset crypto_signer="$CODESIGN_USER" - typeset gencrypto=no suffix="" - [ -n "$CODESIGN_USER" ] && gencrypto=yes # non-DEBUG build begins if [ "$F_FLAG" = "n" ]; then set_non_debug_build_flags CODESIGN_USER="$crypto_signer" \ - build "non-DEBUG" "$suffix-nd" "-nd" "$MULTI_PROTO" \ - $(ndcrypto "$crypto_in") + build "non-DEBUG" "$suffix-nd" "-nd" "$MULTI_PROTO" if [ "$build_ok" = "y" -a "$X_FLAG" = "y" -a \ "$p_FLAG" = "y" ]; then copy_ihv_pkgs non-DEBUG -nd fi - - if [[ "$gencrypto" = yes && "$build_ok" = y ]]; then - crypto_from_proto non-DEBUG -nd - fi else echo "\n==== No non-DEBUG $open_only build ====\n" >> "$LOGFILE" fi @@ -215,15 +105,11 @@ if [ "$D_FLAG" = "y" ]; then set_debug_build_flags CODESIGN_USER="$crypto_signer" \ - build "DEBUG" "$suffix" "" "$MULTI_PROTO" "$crypto_in" + build "DEBUG" "$suffix" "" "$MULTI_PROTO" if [ "$build_ok" = "y" -a "$X_FLAG" = "y" -a \ "$p_FLAG" = "y" ]; then copy_ihv_pkgs DEBUG "" fi - - if [[ "$gencrypto" = yes && "$build_ok" = y ]]; then - crypto_from_proto DEBUG "" - fi else echo "\n==== No DEBUG $open_only build ====\n" >> "$LOGFILE" fi @@ -584,48 +470,20 @@ } # -# Unpack the crypto tarball into the proto area. We first extract the -# tarball into a temp directory so that we can handle the non-DEBUG -# tarball correctly with MULTI_PROTO=no. -# Return 0 on success, non-zero on failure. -# -function unpack_crypto { - typeset tarfile=$1 - typeset suffix=$2 - typeset ctop=$(mktemp -d /tmp/crypto.XXXXXX) - [ -n "$ctop" ] || return 1 - typeset croot=$ctop/proto/root_$MACH$suffix - echo "Unpacking crypto ($tarfile)..." - bzcat "$tarfile" | (cd "$ctop"; tar xfBp -) - if [[ $? -ne 0 || ! -d "$croot" ]]; then - return 1 - fi - # - # We extract with -p so that we maintain permissions on directories. - # - (cd "$croot"; tar cf - *) | (cd "$ROOT"; tar xfBp -) - typeset -i stat=$? - rm -rf "$ctop" - return $stat -} - -# # Function to do the build, including package generation. -# usage: build LABEL SUFFIX ND MULTIPROTO CRYPTO +# usage: build LABEL SUFFIX ND MULTIPROTO # - LABEL is used to tag build output. # - SUFFIX is used to distinguish files (e.g., DEBUG vs non-DEBUG, # open-only vs full tree). # - ND is "-nd" (non-DEBUG builds) or "" (DEBUG builds). # - If MULTIPROTO is "yes", it means to name the proto area according to # SUFFIX. Otherwise ("no"), (re)use the standard proto area. -# - CRYPTO is the path to the crypto tarball, or null. # function build { LABEL=$1 SUFFIX=$2 ND=$3 MULTIPROTO=$4 - CRYPTOPATH=$5 INSTALLOG=install${SUFFIX}-${MACH} NOISE=noise${SUFFIX}-${MACH} PKGARCHIVE=${PKGARCHIVE_ORIG}${SUFFIX} @@ -676,16 +534,6 @@ this_build_ok=n fi - if [ -n "$CRYPTOPATH" ]; then - unpack_crypto "$CRYPTOPATH" "$ND" >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - echo "Could not unpack crypto ($CRYPTOPATH)" | - tee -a "$mail_msg_file" >> "$LOGFILE" - build_ok=n - this_build_ok=n - fi - fi - if [ "$W_FLAG" = "n" ]; then echo "\n==== Build warnings ($LABEL) ====\n" >>$mail_msg_file egrep -i warning: $SRC/${INSTALLOG}.out \ @@ -1678,63 +1526,6 @@ export PATH export MAKE -# -# Make sure the crypto tarball is available if it's needed. -# - -# Echo the non-DEBUG name corresponding to the given crypto tarball path. -function ndcrypto { - typeset dir file - - if [ -z "$1" ]; then - echo "" - return - fi - - dir=$(dirname "$1") - file=$(basename "$1" ".$MACH.tar.bz2") - - echo "$dir/$file-nd.$MACH.tar.bz2" -} - -# Return 0 (success) if the required crypto tarball(s) are present. -function crypto_is_present { - if [ -z "$ON_CRYPTO_BINS" ]; then - echo "ON_CRYPTO_BINS is null or not set." - return 1 - fi - if [ "$D_FLAG" = y ]; then - if [ ! -f "$ON_CRYPTO_BINS" ]; then - echo "DEBUG crypto tarball is unavailable." - return 1 - fi - fi - if [ "$F_FLAG" = n ]; then - if [ ! -f $(ndcrypto "$ON_CRYPTO_BINS") ]; then - echo "Non-DEBUG crypto tarball is unavailable." - return 1 - fi - fi - - return 0 -} - -# -# Canonicalize ON_CRYPTO_BINS, just in case it was set to the -nd -# tarball. -# -if [ -n "$ON_CRYPTO_BINS" ]; then - export ON_CRYPTO_BINS=$(echo "$ON_CRYPTO_BINS" | - sed -e s/-nd.$MACH.tar/.$MACH.tar/) -fi - -if [[ "$O_FLAG" = y && -z "$CODESIGN_USER" ]]; then - if ! crypto_is_present; then - echo "OpenSolaris deliveries need signed crypto." - exit 1 - fi -fi - if [[ "$O_FLAG" = y ]]; then export TONICBUILD="" else @@ -2237,12 +2028,6 @@ ;; esac -# If CODESIGN_USER is set, we'll want the crypto that we just built. -if [[ -n "$CODESIGN_USER" && -n "$ON_CRYPTO_BINS" ]]; then - echo "Clearing ON_CRYPTO_BINS for signing build." >> "$LOGFILE" - unset ON_CRYPTO_BINS -fi - echo "\n==== Build version ====\n" | tee -a $mail_msg_file >> $LOGFILE echo $VERSION | tee -a $mail_msg_file >> $LOGFILE @@ -2708,27 +2493,6 @@ exit 1 fi -if [ "$CLOSED_IS_PRESENT" = no ]; then - # - # Not all consolidations have a closed tree, and even if they - # did, they wouldn't necessarily have signed crypto. But if - # the current source base does have signed crypto and it can't - # be generated, error out, rather than silently building - # unusable binaries. - # - grep -s ELFSIGN_CRYPTO "$SRC/Makefile.master" > /dev/null - if (( $? == 0 )); then - crypto_is_present >> "$LOGFILE" - if (( $? != 0 )); then - build_ok=n - echo "A crypto tarball must be provided when" \ - "there is no closed tree." | - tee -a "$mail_msg_file" >> "$LOGFILE" - exit 1 - fi - fi -fi - echo "\n==== Build environment ====\n" | tee -a $build_environ_file >> $LOGFILE # System @@ -3349,68 +3113,6 @@ # steps need to come after findunref and are commented below. # -# -# Copy an input crypto tarball to the canonical destination (with -# datestamp), and point the non-stamped symlink at it. -# Usage: copyin_crypto from_path suffix -# Returns 0 if successful, non-zero if not. -# -function copyin_crypto { - typeset from=$1 - typeset suffix=$2 - typeset to=$(cryptodest "$suffix").bz2 - typeset -i stat - cp "$from" "$to" - stat=$? - if (( $stat == 0 )); then - cryptolink "$to" "$suffix" - stat=$? - fi - return $stat -} - -# -# Copy a crypto tarball to $CODEMGR_WS to go with the other -# OpenSolaris deliverables. -# Usage: copyout_crypto suffix -# where $suffix is "" or "-nd". -# -function copyout_crypto { - typeset suffix=$1 - typeset cryptof=on-crypto$suffix.$MACH.tar.bz2 - [ -f $cryptof ] && rm $cryptof - cp $(cryptodest "$suffix").bz2 $cryptof -} - -# -# Pass through the crypto tarball(s) that we were given, putting it in -# the same place that crypto_from_proto puts things. -# Returns with non-zero status if there is a problem. -# -function crypto_passthrough { - echo "Reusing $ON_CRYPTO_BINS for crypto tarball(s)..." >> "$LOGFILE" - typeset -i stat=0 - if [ "$D_FLAG" = y ]; then - copyin_crypto "$ON_CRYPTO_BINS" "" >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - echo "Couldn't create DEBUG crypto tarball." | - tee -a "$mail_msg_file" >> "$LOGFILE" - stat=1 - fi - fi - if [ "$F_FLAG" = n ]; then - copyin_crypto $(ndcrypto "$ON_CRYPTO_BINS") "-nd" \ - >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - echo "Couldn't create non-DEBUG crypto tarball." | - tee -a "$mail_msg_file" >> "$LOGFILE" - stat=1 - fi - fi - - return $stat -} - # If we are doing an OpenSolaris _source_ build (-S O) then we do # not have usr/closed available to us to generate closedbins from, # so skip this part. @@ -3456,37 +3158,6 @@ tee -a $mail_msg_file >> $LOGFILE build_ok=n fi - - typeset have_crypto=y - if [ -n "$ON_CRYPTO_BINS" ]; then - crypto_passthrough || have_crypto=n - fi - # - # Make another copy of the crypto so that all the OpenSolaris - # deliverables are in $CODEMGR_WS. - # - if [ "$have_crypto" != y ]; then - build_ok=n - else - echo "Copying crypto tarball to $CODEMGR_WS" >> "$LOGFILE" - if [ "$D_FLAG" = y ]; then - copyout_crypto "" >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - echo "Couldn't create DEBUG crypto tarball" | - tee -a $mail_msg_file >> "$LOGFILE" - build_ok=n - fi - fi - if [ "$F_FLAG" = n ]; then - copyout_crypto "-nd" >> "$LOGFILE" 2>&1 - if (( $? != 0 )) ; then - echo "Couldn't create non-DEBUG" \ - "crypto tarball" | - tee -a $mail_msg_file >> "$LOGFILE" - build_ok=n - fi - fi - fi fi # Verify that the usual lists of files, such as exception lists, diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/Makefile.uts --- a/usr/src/uts/Makefile.uts Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/Makefile.uts Sun Sep 12 10:25:50 2010 -0700 @@ -674,9 +674,3 @@ # USBDEVS_AWK = $(SRC)/uts/common/io/usb/usbdevs2h.awk USBDEVS_DATA = $(SRC)/uts/common/io/usb/usbdevs - -# -# FIPS140 Self Integrity Check Command for HW Crypto modules -# -FIPS140_CMDDIR = $(SRC)/tools/fips_addchecksum -FIPS140_CHECK = $(FIPS140_CMDDIR)/fips_addchecksum $(BINARY) diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/Makefile.files --- a/usr/src/uts/common/Makefile.files Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/Makefile.files Sun Sep 12 10:25:50 2010 -0700 @@ -498,9 +498,9 @@ MD5_OBJS += md5.o md5_mod.o -SHA1_OBJS += sha1.o sha1_mod.o fips_sha1_util.o - -SHA2_OBJS += sha2.o sha2_mod.o fips_sha2_util.o +SHA1_OBJS += sha1.o sha1_mod.o + +SHA2_OBJS += sha2.o sha2_mod.o IPGPC_OBJS += classifierddi.o classifier.o filters.o trie.o table.o \ ba_table.o @@ -1519,7 +1519,7 @@ kcf_object.o kcf_policy.o kcf_prov_lib.o kcf_prov_tabs.o \ kcf_sched.o kcf_session.o kcf_sign.o kcf_spi.o kcf_verify.o \ kcf_random.o modes.o ecb.o cbc.o ctr.o ccm.o gcm.o \ - fips_random.o fips_checksum.o fips_test_vectors.o + fips_random.o CRYPTOADM_OBJS += cryptoadm.o @@ -1530,7 +1530,7 @@ DCA_OBJS += dca.o dca_3des.o dca_debug.o dca_dsa.o dca_kstat.o dca_rng.o \ dca_rsa.o -AESPROV_OBJS += aes.o aes_impl.o aes_modes.o fips_aes_util.o +AESPROV_OBJS += aes.o aes_impl.o aes_modes.o ARCFOURPROV_OBJS += arcfour.o arcfour_crypt.o @@ -1541,11 +1541,11 @@ ecp_jm.o ec2_233.o ecl_curve.o ecp_224.o ecp_aff.o \ ecp_mont.o ec2_aff.o ec_naf.o ecl_gf.o ecp_256.o mp_gf2m.o \ mpi.o mplogic.o mpmontg.o mpprime.o oid.o \ - secitem.o ec2_test.o ecp_test.o fips_ecc_util.o - -RSAPROV_OBJS += rsa.o rsa_impl.o pkcs1.o fips_rsa_util.o - -SWRANDPROV_OBJS += swrand.o fips_random_util.o + secitem.o ec2_test.o ecp_test.o + +RSAPROV_OBJS += rsa.o rsa_impl.o pkcs1.o + +SWRANDPROV_OBJS += swrand.o # # kernel SSL @@ -1664,7 +1664,7 @@ $(CRYPTO_OLD) \ $(CRYPTO_RAW) $(K5_KRB) $(K5_OS) -DES_OBJS += des_crypt.o des_impl.o des_ks.o des_soft.o fips_des_util.o +DES_OBJS += des_crypt.o des_impl.o des_ks.o des_soft.o DLBOOT_OBJS += bootparam_xdr.o nfs_dlinet.o scan.o diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/Makefile.rules --- a/usr/src/uts/common/Makefile.rules Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/Makefile.rules Sun Sep 12 10:25:50 2010 -0700 @@ -57,10 +57,6 @@ $(COMPILE.c) -o $@ $< $(CTFCONVERT_O) -$(OBJS_DIR)/%.o: $(COMMONBASE)/crypto/fips/%.c - $(COMPILE.c) -o $@ $< - $(CTFCONVERT_O) - $(OBJS_DIR)/%.o: $(COMMONBASE)/crypto/modes/%.c $(COMPILE.c) -o $@ $< $(CTFCONVERT_O) @@ -1561,9 +1557,6 @@ $(LINTS_DIR)/%.ln: $(COMMONBASE)/crypto/ecc/%.c @($(LHEAD) $(LINT.c) $< $(LTAIL)) -$(LINTS_DIR)/%.ln: $(COMMONBASE)/crypto/fips/%.c - @($(LHEAD) $(LINT.c) $< $(LTAIL)) - $(LINTS_DIR)/%.ln: $(COMMONBASE)/crypto/modes/%.c @($(LHEAD) $(LINT.c) $< $(LTAIL)) diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/bignum/bignum_mod.c --- a/usr/src/uts/common/bignum/bignum_mod.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/bignum/bignum_mod.c Sun Sep 12 10:25:50 2010 -0700 @@ -28,7 +28,6 @@ #include #include #include -#include extern struct mod_ops mod_cryptoops; @@ -61,14 +60,3 @@ { return (mod_info(&modlinkage, modinfop)); } - -int -bignum_fips_check() -{ - if (fips_check_module("misc/bignum", (void *)_init) != 0) { - cmn_err(CE_WARN, "bignum: FIPS-140 Software Integrity Test " - "failed"); - return (EINVAL); - } - return (0); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/api/kcf_random.c --- a/usr/src/uts/common/crypto/api/kcf_random.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/api/kcf_random.c Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,9 @@ /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ /* * This file implements the interfaces that the /dev/random @@ -1050,49 +1053,3 @@ return (0); return (kcf_rnd_get_bytes(ptr, len, B_TRUE)); } - -/* - * The two functions below are identical to random_get_pseudo_bytes() and - * random_get_bytes_fips, this function is called for consumers that want - * FIPS 140-2. This function waits until the FIPS boundary can be verified. - */ - -/* - * Get bytes from the /dev/urandom generator. This function - * always succeeds. Returns 0. - */ -int -random_get_pseudo_bytes_fips140(uint8_t *ptr, size_t len) -{ - ASSERT(!mutex_owned(&rndpool_lock)); - - mutex_enter(&fips140_mode_lock); - while (global_fips140_mode < FIPS140_MODE_ENABLED) { - cv_wait(&cv_fips140, &fips140_mode_lock); - } - mutex_exit(&fips140_mode_lock); - - if (len < 1) - return (0); - return (kcf_rnd_get_pseudo_bytes(ptr, len)); -} - -/* - * Get bytes from the /dev/random generator. Returns 0 - * on success. Returns EAGAIN if there is insufficient entropy. - */ -int -random_get_bytes_fips140(uint8_t *ptr, size_t len) -{ - ASSERT(!mutex_owned(&rndpool_lock)); - - mutex_enter(&fips140_mode_lock); - while (global_fips140_mode < FIPS140_MODE_ENABLED) { - cv_wait(&cv_fips140, &fips140_mode_lock); - } - mutex_exit(&fips140_mode_lock); - - if (len < 1) - return (0); - return (kcf_rnd_get_bytes(ptr, len, B_TRUE)); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/core/kcf.c --- a/usr/src/uts/common/crypto/core/kcf.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/core/kcf.c Sun Sep 12 10:25:50 2010 -0700 @@ -22,6 +22,9 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ /* * Core KCF (Kernel Cryptographic Framework). This file implements @@ -55,29 +58,6 @@ #define KCF_FRMWRK_DEBUG(l, x) #endif /* DEBUG */ -/* - * Door to make upcalls to kcfd. kcfd will send us this - * handle when it is coming up. - */ -kmutex_t kcf_dh_lock; -door_handle_t kcf_dh = NULL; - -/* Setup FIPS 140 support variables */ -uint32_t global_fips140_mode = FIPS140_MODE_UNSET; -kmutex_t fips140_mode_lock; -kcondvar_t cv_fips140; - -/* - * Kernel FIPS140 boundary module list - * NOTE: "swrand" must be the last entry. FIPS 140 shutdown functions stop - * before getting to swrand as it is used for non-FIPS 140 - * operations to. The FIPS 140 random API separately controls access. - */ -#define FIPS140_MODULES_MAX 7 -static char *fips140_module_list[FIPS140_MODULES_MAX] = { - "aes", "des", "ecc", "sha1", "sha2", "rsa", "swrand" -}; - static struct modlmisc modlmisc = { &mod_miscops, "Kernel Crypto Framework" }; @@ -86,15 +66,11 @@ MODREV_1, (void *)&modlmisc, NULL }; -static int rngtimer_started; extern int sys_shutdown; int _init() { - mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL); - cv_init(&cv_fips140, NULL, CV_DEFAULT, NULL); - /* initialize the mechanisms tables supported out-of-the-box */ kcf_init_mech_tabs(); @@ -114,9 +90,10 @@ kcf_sched_init(); /* initialize the RNG support structures */ - rngtimer_started = 0; kcf_rnd_init(); + kcf_rnd_schedule_timeout(B_TRUE); + return (mod_install(&modlinkage)); } @@ -136,276 +113,6 @@ } -/* Returns the value of global_fips140_mode */ -int -kcf_get_fips140_mode(void) -{ - return (global_fips140_mode); -} - -/* - * If FIPS 140 has failed its tests. The providers must be disabled from the - * framework. - */ -void -kcf_fips140_shutdown() -{ - kcf_provider_desc_t *pd; - int i; - - cmn_err(CE_WARN, - "Shutting down FIPS 140 boundary as verification failed."); - - /* Disable FIPS 140 modules, but leave swrand alone */ - for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { - /* - * Remove the predefined entries from the soft_config_list - * so the framework does not report the providers. - */ - remove_soft_config(fips140_module_list[i]); - - pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); - if (pd == NULL) - continue; - - /* Allow the unneeded providers to be unloaded */ - pd->pd_mctlp->mod_loadflags &= ~(MOD_NOAUTOUNLOAD); - - /* Invalidate the FIPS 140 providers */ - mutex_enter(&pd->pd_lock); - pd->pd_state = KCF_PROV_VERIFICATION_FAILED; - mutex_exit(&pd->pd_lock); - KCF_PROV_REFRELE(pd); - undo_register_provider(pd, B_FALSE); - - } -} - -/* - * Activates the kernel providers - * - * If we are getting ready to enable FIPS 140 mode, then all providers should - * be loaded and ready. - * - * If FIPS 140 is disabled, then we can skip any errors because some crypto - * modules may not have been loaded. - */ -void -kcf_activate() -{ - kcf_provider_desc_t *pd; - int i; - - for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { - pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); - if (pd == NULL) { - if (global_fips140_mode == FIPS140_MODE_DISABLED) - continue; - - /* There should never be a NULL value in FIPS 140 */ - cmn_err(CE_WARN, "FIPS 140 activation: %s not in " - "kernel provider table", fips140_module_list[i]); - kcf_fips140_shutdown(); - break; - } - - /* - * Change the provider state so the verification functions - * can signature verify, if necessary, and ready it. - */ - if (pd->pd_state == KCF_PROV_UNVERIFIED_FIPS140) { - mutex_enter(&pd->pd_lock); - pd->pd_state = KCF_PROV_UNVERIFIED; - mutex_exit(&pd->pd_lock); - } - - KCF_PROV_REFRELE(pd); - } - - /* If we are not in FIPS 140 mode, then exit */ - if (global_fips140_mode == FIPS140_MODE_DISABLED) - return; - - /* If we in the process of validating FIPS 140, enable it */ - mutex_enter(&fips140_mode_lock); - global_fips140_mode = FIPS140_MODE_ENABLED; - cv_signal(&cv_fips140); - mutex_exit(&fips140_mode_lock); - cmn_err(CE_CONT, "?FIPS 140 enabled. Boundary check complete."); - - verify_unverified_providers(); -} - - -/* - * Perform a door call to kcfd to have it check the integrity of the - * kernel boundary. Failure of the boundary will cause a FIPS 140 - * configuration to fail - */ -int -kcf_fips140_integrity_check() -{ - door_arg_t darg; - door_handle_t ldh; - kcf_door_arg_t *kda = { 0 }, *rkda = NULL; - int ret = 0; - - KCF_FRMWRK_DEBUG(1, ("Starting IC check")); - - mutex_enter(&kcf_dh_lock); - if (kcf_dh == NULL) { - mutex_exit(&kcf_dh_lock); - cmn_err(CE_WARN, "FIPS 140 Integrity Check failed, Door not " - "available\n"); - return (1); - } - - ldh = kcf_dh; - door_ki_hold(ldh); - mutex_exit(&kcf_dh_lock); - - kda = kmem_alloc(sizeof (kcf_door_arg_t), KM_SLEEP); - kda->da_version = KCFD_FIPS140_INTCHECK; - kda->da_iskernel = B_TRUE; - - darg.data_ptr = (char *)kda; - darg.data_size = sizeof (kcf_door_arg_t); - darg.desc_ptr = NULL; - darg.desc_num = 0; - darg.rbuf = (char *)kda; - darg.rsize = sizeof (kcf_door_arg_t); - - ret = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); - if (ret != 0) { - ret = 1; - goto exit; - } - - KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret)); - - rkda = (kcf_door_arg_t *)(void *)darg.rbuf; - if (rkda->da_u.result.status != ELFSIGN_SUCCESS) { - ret = 1; - KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n", - rkda->da_u.result.status)); - goto exit; - } - - KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n")); - -exit: - if ((rkda != NULL) && (rkda != kda)) - kmem_free(rkda, darg.rsize); - - kmem_free(kda, sizeof (kcf_door_arg_t)); - door_ki_rele(ldh); - if (ret) - cmn_err(CE_WARN, "FIPS 140 Integrity Check failed.\n"); - return (ret); -} - -/* - * If FIPS 140 is configured to be enabled, before it can be turned on, the - * providers must run their Power On Self Test (POST) and we must wait to sure - * userland has performed its validation tests. - */ -void -kcf_fips140_validate() -{ - kcf_provider_desc_t *pd; - kthread_t *post_thr; - int post_rv[FIPS140_MODULES_MAX]; - kt_did_t post_t_did[FIPS140_MODULES_MAX]; - int ret = 0; - int i; - - /* - * Run POST tests for FIPS 140 modules, if they aren't loaded, load them - */ - for (i = 0; i < FIPS140_MODULES_MAX; i++) { - pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); - if (pd == NULL) { - /* If the module isn't loaded, load it */ - ret = modload("crypto", fips140_module_list[i]); - if (ret == -1) { - cmn_err(CE_WARN, "FIPS 140 validation failed: " - "error modloading module %s.", - fips140_module_list[i]); - goto error; - } - - /* Try again to get provider desc */ - pd = kcf_prov_tab_lookup_by_name( - fips140_module_list[i]); - if (pd == NULL) { - cmn_err(CE_WARN, "FIPS 140 validation failed: " - "Could not find module %s.", - fips140_module_list[i]); - goto error; - } - } - - /* Make sure there are FIPS 140 entry points */ - if (KCF_PROV_FIPS140_OPS(pd) == NULL) { - cmn_err(CE_WARN, "FIPS 140 validation failed: " - "No POST function entry point in %s.", - fips140_module_list[i]); - goto error; - } - - /* Make sure the module is not unloaded */ - pd->pd_mctlp->mod_loadflags |= MOD_NOAUTOUNLOAD; - - /* - * With the FIPS 140 POST function provided by the module in - * SPI v4, start a thread to run the function. - */ - post_rv[i] = CRYPTO_OPERATION_NOT_INITIALIZED; - post_thr = thread_create(NULL, 0, - (*(KCF_PROV_FIPS140_OPS(pd)->fips140_post)), &post_rv[i], - 0, &p0, TS_RUN, MAXCLSYSPRI); - post_t_did[i] = post_thr->t_did; - KCF_FRMWRK_DEBUG(1, ("kcf_fips140_validate: started POST " - "for %s\n", fips140_module_list[i])); - KCF_PROV_REFRELE(pd); - } - - /* Do integrity check of kernel boundary */ - ret = kcf_fips140_integrity_check(); - if (ret == 1) - goto error; - - /* Wait for POST threads to come back and verify results */ - for (i = 0; i < FIPS140_MODULES_MAX; i++) { - /* If the POST has already returned a success, we can move on */ - if (post_rv[i] == CRYPTO_SUCCESS) - continue; - - /* POST test is taking more time, need to wait for thread */ - if (post_rv[i] == CRYPTO_OPERATION_NOT_INITIALIZED && - post_t_did[i] != NULL) - thread_join(post_t_did[i]); - - if (post_rv[i] != CRYPTO_SUCCESS) { - cmn_err(CE_WARN, "FIPS 140 POST failed for %s. " - "Error = 0x%x", fips140_module_list[i], post_rv[i]); - goto error; - } - } - - kcf_activate(); - return; - -error: - mutex_enter(&fips140_mode_lock); - global_fips140_mode = FIPS140_MODE_SHUTDOWN; - kcf_fips140_shutdown(); - cv_signal(&cv_fips140); - mutex_exit(&fips140_mode_lock); - -} - - /* * Return a pointer to the modctl structure of the * provider's module. @@ -432,304 +139,3 @@ return (mctlp); } - -/* Check if this provider requires to be verified. */ -int -verifiable_provider(crypto_ops_t *prov_ops) -{ - - if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL && - prov_ops->co_dual_cipher_mac_ops == NULL && - prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL && - prov_ops->co_verify_ops == NULL) - return (0); - - return (1); -} - -/* - * With a given provider being registered, this looks through the FIPS 140 - * modules list and returns a 1 if it's part of the FIPS 140 boundary and - * the framework registration must be delayed until we know the FIPS 140 mode - * status. A zero mean the provider does not need to wait for the FIPS 140 - * boundary. - * - * If the provider in the boundary only provides random (like swrand), we - * can let it register as the random API will block operations. - */ -int -kcf_need_fips140_verification(kcf_provider_desc_t *pd) -{ - int i, ret = 0; - - if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) - return (0); - - mutex_enter(&fips140_mode_lock); - - if (global_fips140_mode >= FIPS140_MODE_ENABLED) - goto exit; - - for (i = 0; i < FIPS140_MODULES_MAX; i++) { - if (strcmp(fips140_module_list[i], pd->pd_name) != 0) - continue; - - /* If this module is only random, we can let it register */ - if (KCF_PROV_RANDOM_OPS(pd) && - !verifiable_provider(pd->pd_ops_vector)) - break; - - if (global_fips140_mode == FIPS140_MODE_SHUTDOWN) { - ret = -1; - break; - } - - ret = 1; - break; - } - -exit: - mutex_exit(&fips140_mode_lock); - return (ret); -} - - -/* - * Check if signature verification is needed for a provider. - * - * Returns 0, if no verification is needed. Returns 1, if - * verification is needed. Returns -1, if there is an - * error. - */ -int -kcf_need_signature_verification(kcf_provider_desc_t *pd) -{ - struct module *mp; - struct modctl *mctlp = pd->pd_mctlp; - - if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) - return (0); - - if (mctlp == NULL || mctlp->mod_mp == NULL) - return (-1); - - mp = (struct module *)mctlp->mod_mp; - - /* - * Check if we need to verify this provider signature and if so, - * make sure it has a signature section. - */ - if (verifiable_provider(pd->pd_ops_vector) == 0) - return (0); - - /* See if this module has its required signature section. */ - if (mp->sigdata == NULL) - return (-1); - - return (1); -} - -/* - * Do the signature verification on the given module. This function can - * be called from user context or kernel context. - * - * We call kcfd with the full pathname of the module to be - * verified. kcfd will return success/fail, signature length - * and the actual signature in the ELF section of the module. If - * kcfd returns success, we compare the signature and the length - * with the values that krtld stored in the module structure. We - * log an error message in case of a failure. - * - * The provider state is changed to KCF_PROV_READY on success. - */ -void -kcf_verify_signature(void *arg) -{ - int rv; - int error = CRYPTO_MODVERIFICATION_FAILED; - door_arg_t darg; - door_handle_t ldh; - kcf_door_arg_t *kda; - char *filename; - kcf_provider_desc_t *pd = arg; - struct module *mp; - boolean_t do_notify = B_FALSE; - boolean_t modhold_done = B_FALSE; - struct modctl *mctlp = pd->pd_mctlp; - - ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); - ASSERT(mctlp != NULL); - - /* - * Because of FIPS 140 delays module loading, we may be running through - * this code with a non-crypto signed module; therefore, another - * check is necessary - */ - if (verifiable_provider(pd->pd_ops_vector) == 0) { - error = 0; - goto setverify; - } - - for (;;) { - mutex_enter(&pd->pd_lock); - /* No need to do verification */ - if (pd->pd_state != KCF_PROV_UNVERIFIED) { - mutex_exit(&pd->pd_lock); - goto out; - } - mutex_exit(&pd->pd_lock); - - mutex_enter(&mod_lock); - if (mctlp->mod_mp == NULL) { - mutex_exit(&mod_lock); - goto out; - } - - /* - * This check is needed since a software provider can call - * us directly from the _init->crypto_register_provider path. - */ - if (pd->pd_prov_type == CRYPTO_SW_PROVIDER && - mctlp->mod_inprogress_thread == curthread) { - mutex_exit(&mod_lock); - modhold_done = B_FALSE; - break; - } - - /* - * We could be in a race with the register thread or - * the unregister thread. So, retry if register or - * unregister is in progress. Note that we can't do - * mod_hold_by_modctl without this check since that - * could result in a deadlock with the other threads. - */ - if (mctlp->mod_busy) { - mutex_exit(&mod_lock); - /* delay for 10ms and try again */ - delay(drv_usectohz(10000)); - continue; - } - - (void) mod_hold_by_modctl(mctlp, - MOD_WAIT_FOREVER | MOD_LOCK_HELD); - mutex_exit(&mod_lock); - modhold_done = B_TRUE; - break; - } - - /* - * Check if the door is set up yet. This will be set when kcfd - * comes up. If not, we return and leave the provider state unchanged - * at KCF_PROV_UNVERIFIED. This will trigger the verification of - * the module later when kcfd is up. This is safe as we NEVER use - * a provider that has not been verified yet. - */ - mutex_enter(&kcf_dh_lock); - if (kcf_dh == NULL) { - mutex_exit(&kcf_dh_lock); - goto out; - } - - ldh = kcf_dh; - door_ki_hold(ldh); - mutex_exit(&kcf_dh_lock); - - mp = (struct module *)mctlp->mod_mp; - filename = mp->filename; - KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename)); - - kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP); - kda->da_version = KCF_KCFD_VERSION1; - kda->da_iskernel = B_TRUE; - bcopy(filename, kda->da_u.filename, strlen(filename) + 1); - - darg.data_ptr = (char *)kda; - darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize; - darg.desc_ptr = NULL; - darg.desc_num = 0; - darg.rbuf = (char *)kda; - darg.rsize = sizeof (kcf_door_arg_t); - - /* - * Make door upcall. door_ki_upcall() checks for validity of the handle. - */ - rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); - - if (rv == 0) { - kcf_door_arg_t *rkda = (kcf_door_arg_t *)(void *)darg.rbuf; - - KCF_FRMWRK_DEBUG(2, - ("passed: %d\n", rkda->da_u.result.status)); - KCF_FRMWRK_DEBUG(2, - ("signature length: %d\n", rkda->da_u.result.siglen)); - KCF_FRMWRK_DEBUG(2, - ("signature: %p\n", (void*)rkda->da_u.result.signature)); - - - /* Check kcfd result and compare against module struct fields */ - if ((rkda->da_u.result.status != ELFSIGN_SUCCESS) || - !(rkda->da_u.result.siglen == mp->sigsize) || - (bcmp(rkda->da_u.result.signature, mp->sigdata, - mp->sigsize))) { - cmn_err(CE_WARN, "Module verification failed for %s.", - filename); - } else { - error = 0; - } - - if (rkda != kda) - kmem_free(rkda, darg.rsize); - - } else if (sys_shutdown == 0) { - cmn_err(CE_WARN, "Unable to use door to kcfd during module " - "verification of %s. (errno: 0x%x)", filename, rv); - } - - kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize); - door_ki_rele(ldh); - -setverify: - mutex_enter(&pd->pd_lock); - /* change state only if the original state is unchanged */ - if (pd->pd_state == KCF_PROV_UNVERIFIED) { - if (error == 0) { - pd->pd_state = KCF_PROV_READY; - do_notify = B_TRUE; - } else { - pd->pd_state = KCF_PROV_VERIFICATION_FAILED; - } - } - mutex_exit(&pd->pd_lock); - - if (do_notify) { - /* Dispatch events for this new provider */ - kcf_do_notify(pd, B_TRUE); - } - -out: - if (modhold_done) - mod_release_mod(mctlp); - KCF_PROV_REFRELE(pd); -} - -/* called from the CRYPTO_LOAD_DOOR ioctl */ -int -crypto_load_door(uint_t did) -{ - door_handle_t dh; - - mutex_enter(&kcf_dh_lock); - dh = door_ki_lookup(did); - if (dh != NULL) - kcf_dh = dh; - mutex_exit(&kcf_dh_lock); - - verify_unverified_providers(); - - /* Start the timeout handler to get random numbers */ - if (rngtimer_started == 0) { - kcf_rnd_schedule_timeout(B_TRUE); - rngtimer_started = 1; - } - return (0); -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/core/kcf_prov_tabs.c --- a/usr/src/uts/common/crypto/core/kcf_prov_tabs.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/core/kcf_prov_tabs.c Sun Sep 12 10:25:50 2010 -0700 @@ -869,58 +869,6 @@ #endif /* DEBUG */ -/* - * This function goes through the provider table and verifies - * any KCF_PROV_UNVERIFIED providers. - * - * This is called when kcfd is up and the door handle is ready. It is - * again called when the status of FIPS 140 has been determined, so providers - * delayed by FIPS 140 can now be verified. - */ -void -verify_unverified_providers() -{ - int i; - kcf_provider_desc_t *pd; - boolean_t need_verify; - - if (kcf_dh == NULL) - return; - - mutex_enter(&prov_tab_mutex); - - for (i = 0; i < KCF_MAX_PROVIDERS; i++) { - if ((pd = prov_tab[i]) == NULL) - continue; - - if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) - continue; - - mutex_enter(&pd->pd_lock); - need_verify = pd->pd_state == KCF_PROV_UNVERIFIED; - mutex_exit(&pd->pd_lock); - - if (!need_verify) - continue; - - KCF_PROV_REFHOLD(pd); - - /* - * We need to drop this lock, since it could be - * acquired by kcf_verify_signature(). - * This is safe, as any providers that are - * added to the table after we dropped the - * lock *will see* a non NULL kcf_dh and hence - * would have been verified by other means. - */ - mutex_exit(&prov_tab_mutex); - /* This routine will release the above holds */ - kcf_verify_signature(pd); - mutex_enter(&prov_tab_mutex); - } - - mutex_exit(&prov_tab_mutex); -} /* protected by prov_tab_mutex */ boolean_t kcf_need_provtab_walk = B_FALSE; diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/core/kcf_sched.c --- a/usr/src/uts/common/crypto/core/kcf_sched.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/core/kcf_sched.c Sun Sep 12 10:25:50 2010 -0700 @@ -23,6 +23,10 @@ */ /* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ + +/* * This file contains the core framework routines for the * kernel cryptographic framework. These routines are at the * layer, between the kernel API/ioctls and the SPI. @@ -89,14 +93,15 @@ kcf_context_t *, crypto_call_req_t *, kcf_req_params_t *, boolean_t); static int kcf_disp_sw_request(kcf_areq_node_t *); static void process_req_hwp(void *); -static kcf_areq_node_t *kcf_dequeue(); +static kcf_areq_node_t *kcf_dequeue(void); static int kcf_enqueue(kcf_areq_node_t *); -static void kcf_failover_thread(); -static void kcfpool_alloc(); +static void kcfpool_alloc(void); static void kcf_reqid_delete(kcf_areq_node_t *areq); static crypto_req_id_t kcf_reqid_insert(kcf_areq_node_t *areq); static int kcf_misc_kstat_update(kstat_t *ksp, int rw); -static void compute_min_max_threads(); +static void compute_min_max_threads(void); +static void kcfpool_svc(void *); +static void kcfpoold(void *); /* @@ -198,18 +203,12 @@ /* * Queue the request node and do one of the following: * - If there is an idle thread signal it to run. - * - If there is no idle thread and max running threads is not - * reached, signal the creator thread for more threads. - * - * If the two conditions above are not met, we don't need to do - * any thing. The request will be picked up by one of the - * worker threads when it becomes available. + * - Else, signal the creator thread to possibly create more threads. */ static int kcf_disp_sw_request(kcf_areq_node_t *areq) { int err; - int cnt = 0; if ((err = kcf_enqueue(areq)) != 0) return (err); @@ -223,29 +222,10 @@ return (CRYPTO_QUEUED); } - /* - * We keep the number of running threads to be at - * kcf_minthreads to reduce gs_lock contention. - */ - cnt = kcf_minthreads - - (kcfpool->kp_threads - kcfpool->kp_blockedthreads); - if (cnt > 0) { - /* - * The following ensures the number of threads in pool - * does not exceed kcf_maxthreads. - */ - cnt = min(cnt, kcf_maxthreads - kcfpool->kp_threads); - if (cnt > 0) { - /* Signal the creator thread for more threads */ - mutex_enter(&kcfpool->kp_user_lock); - if (!kcfpool->kp_signal_create_thread) { - kcfpool->kp_signal_create_thread = B_TRUE; - kcfpool->kp_nthrs = cnt; - cv_signal(&kcfpool->kp_user_cv); - } - mutex_exit(&kcfpool->kp_user_lock); - } - } + /* Signal the creator thread for more threads */ + mutex_enter(&kcfpool->kp_lock); + cv_signal(&kcfpool->kp_cv); + mutex_exit(&kcfpool->kp_lock); return (CRYPTO_QUEUED); } @@ -959,7 +939,7 @@ * The caller must hold the queue lock. */ static kcf_areq_node_t * -kcf_dequeue() +kcf_dequeue(void) { kcf_areq_node_t *tnode = NULL; @@ -1019,27 +999,12 @@ } /* - * Decrement the thread pool count and signal the failover - * thread if we are the last one out. + * Function run by a thread from kcfpool to work on global software queue. */ -static void -kcf_decrcnt_andsignal() +void +kcfpool_svc(void *arg) { - KCF_ATOMIC_DECR(kcfpool->kp_threads); - - mutex_enter(&kcfpool->kp_thread_lock); - if (kcfpool->kp_threads == 0) - cv_signal(&kcfpool->kp_nothr_cv); - mutex_exit(&kcfpool->kp_thread_lock); -} - -/* - * Function run by a thread from kcfpool to work on global software queue. - * It is called from ioctl(CRYPTO_POOL_RUN, ...). - */ -int -kcf_svc_do_run(void) -{ + _NOTE(ARGUNUSED(arg)); int error = 0; clock_t rv; clock_t timeout_val = drv_usectohz(kcf_idlethr_timeout); @@ -1054,33 +1019,25 @@ while ((req = kcf_dequeue()) == NULL) { KCF_ATOMIC_INCR(kcfpool->kp_idlethreads); - rv = cv_reltimedwait_sig(&gswq->gs_cv, + rv = cv_reltimedwait(&gswq->gs_cv, &gswq->gs_lock, timeout_val, TR_CLOCK_TICK); KCF_ATOMIC_DECR(kcfpool->kp_idlethreads); switch (rv) { case 0: - /* - * A signal (as in kill(2)) is pending. We did - * not get any cv_signal(). - */ - kcf_decrcnt_andsignal(); - mutex_exit(&gswq->gs_lock); - return (EINTR); - case -1: /* - * Timed out and we are not signaled. Let us - * see if this thread should exit. We should - * keep at least kcf_minthreads. + * Woke up with no work to do. Check + * if this thread should exit. We keep + * at least kcf_minthreads. */ if (kcfpool->kp_threads > kcf_minthreads) { - kcf_decrcnt_andsignal(); + KCF_ATOMIC_DECR(kcfpool->kp_threads); mutex_exit(&gswq->gs_lock); - return (0); + return; } - /* Resume the wait for work */ + /* Resume the wait for work. */ break; default: @@ -1243,8 +1200,6 @@ sizeof (struct kcf_context), 64, kcf_context_cache_constructor, kcf_context_cache_destructor, NULL, NULL, NULL, 0); - mutex_init(&kcf_dh_lock, NULL, MUTEX_DEFAULT, NULL); - gswq = kmem_alloc(sizeof (kcf_global_swq_t), KM_SLEEP); mutex_init(&gswq->gs_lock, NULL, MUTEX_DEFAULT, NULL); @@ -1297,10 +1252,6 @@ if (kcf_sched_running) return; - /* Start the failover kernel thread for now */ - (void) thread_create(NULL, 0, &kcf_failover_thread, 0, 0, &p0, - TS_RUN, minclsyspri); - /* Start the background processing thread. */ (void) thread_create(NULL, 0, &crypto_bufcall_service, 0, 0, &p0, TS_RUN, minclsyspri); @@ -1426,94 +1377,96 @@ } /* - * Allocate the thread pool and initialize all the fields. + * kcfpool thread spawner. This runs as a process that never exits. + * Its a process so that the threads it owns can be manipulated via priocntl. */ static void -kcfpool_alloc() +kcfpoold(void *arg) { - kcfpool = kmem_alloc(sizeof (kcf_pool_t), KM_SLEEP); - - kcfpool->kp_threads = kcfpool->kp_idlethreads = 0; - kcfpool->kp_blockedthreads = 0; - kcfpool->kp_signal_create_thread = B_FALSE; - kcfpool->kp_nthrs = 0; - kcfpool->kp_user_waiting = B_FALSE; - - mutex_init(&kcfpool->kp_thread_lock, NULL, MUTEX_DEFAULT, NULL); - cv_init(&kcfpool->kp_nothr_cv, NULL, CV_DEFAULT, NULL); - - mutex_init(&kcfpool->kp_user_lock, NULL, MUTEX_DEFAULT, NULL); - cv_init(&kcfpool->kp_user_cv, NULL, CV_DEFAULT, NULL); + callb_cpr_t cprinfo; + user_t *pu = PTOU(curproc); + int cnt; + clock_t timeout_val = drv_usectohz(kcf_idlethr_timeout); + _NOTE(ARGUNUSED(arg)); - kcf_idlethr_timeout = KCF_DEFAULT_THRTIMEOUT; -} + CALLB_CPR_INIT(&cprinfo, &kcfpool->kp_lock, + callb_generic_cpr, "kcfpool"); -/* - * This function is run by the 'creator' thread in the pool. - * It is called from ioctl(CRYPTO_POOL_WAIT, ...). - */ -int -kcf_svc_wait(int *nthrs) -{ - clock_t rv; - clock_t timeout_val = drv_usectohz(kcf_idlethr_timeout); - - if (kcfpool == NULL) - return (ENOENT); + /* make our process "kcfpoold" */ + (void) snprintf(pu->u_psargs, sizeof (pu->u_psargs), "kcfpoold"); + (void) strlcpy(pu->u_comm, pu->u_psargs, sizeof (pu->u_comm)); - mutex_enter(&kcfpool->kp_user_lock); - /* Check if there's already a user thread waiting on this kcfpool */ - if (kcfpool->kp_user_waiting) { - mutex_exit(&kcfpool->kp_user_lock); - *nthrs = 0; - return (EBUSY); - } + mutex_enter(&kcfpool->kp_lock); - kcfpool->kp_user_waiting = B_TRUE; + /* + * Go to sleep, waiting for the signaled flag. Note that as + * we always do the same thing, and its always idempotent, we + * don't even need to have a real condition to check against. + */ + for (;;) { + int rv; + + CALLB_CPR_SAFE_BEGIN(&cprinfo); + rv = cv_reltimedwait(&kcfpool->kp_cv, + &kcfpool->kp_lock, timeout_val, TR_CLOCK_TICK); + CALLB_CPR_SAFE_END(&cprinfo, &kcfpool->kp_lock); - /* Go to sleep, waiting for the signaled flag. */ - while (!kcfpool->kp_signal_create_thread) { - rv = cv_reltimedwait_sig(&kcfpool->kp_user_cv, - &kcfpool->kp_user_lock, timeout_val, TR_CLOCK_TICK); switch (rv) { - case 0: - /* Interrupted, return to handle exit or signal */ - kcfpool->kp_user_waiting = B_FALSE; - kcfpool->kp_signal_create_thread = B_FALSE; - mutex_exit(&kcfpool->kp_user_lock); - /* - * kcfd is exiting. Release the door and - * invalidate it. - */ - mutex_enter(&kcf_dh_lock); - if (kcf_dh != NULL) { - door_ki_rele(kcf_dh); - kcf_dh = NULL; - } - mutex_exit(&kcf_dh_lock); - return (EINTR); - case -1: /* Timed out. Recalculate the min/max threads */ compute_min_max_threads(); break; default: - /* Worker thread did a cv_signal() */ + /* Someone may be looking for a worker thread */ break; } + + /* + * We keep the number of running threads to be at + * kcf_minthreads to reduce gs_lock contention. + */ + cnt = kcf_minthreads - + (kcfpool->kp_threads - kcfpool->kp_blockedthreads); + if (cnt > 0) { + /* + * The following ensures the number of threads in pool + * does not exceed kcf_maxthreads. + */ + cnt = min(cnt, kcf_maxthreads - kcfpool->kp_threads); + } + + for (int i = 0; i < cnt; i++) { + (void) lwp_kernel_create(curproc, + kcfpool_svc, NULL, TS_RUN, curthread->t_pri); + } } - - kcfpool->kp_signal_create_thread = B_FALSE; - kcfpool->kp_user_waiting = B_FALSE; - - *nthrs = kcfpool->kp_nthrs; - mutex_exit(&kcfpool->kp_user_lock); - - /* Return to userland for possible thread creation. */ - return (0); } +/* + * Allocate the thread pool and initialize all the fields. + */ +static void +kcfpool_alloc(void) +{ + kcfpool = kmem_alloc(sizeof (kcf_pool_t), KM_SLEEP); + + kcfpool->kp_threads = kcfpool->kp_idlethreads = 0; + kcfpool->kp_blockedthreads = 0; + + mutex_init(&kcfpool->kp_lock, NULL, MUTEX_DEFAULT, NULL); + cv_init(&kcfpool->kp_cv, NULL, CV_DEFAULT, NULL); + + kcf_idlethr_timeout = KCF_DEFAULT_THRTIMEOUT; + + /* + * Create the daemon thread. + */ + if (newproc(kcfpoold, NULL, syscid, minclsyspri, + NULL, 0) != 0) { + cmn_err(CE_PANIC, "unable to fork kcfpoold()"); + } +} /* * This routine introduces a locking order for gswq->gs_lock followed @@ -1522,7 +1475,7 @@ * k-api routines. */ static void -compute_min_max_threads() +compute_min_max_threads(void) { mutex_enter(&gswq->gs_lock); mutex_enter(&cpu_lock); @@ -1534,96 +1487,6 @@ } /* - * This is the main routine of the failover kernel thread. - * If there are any threads in the pool we sleep. The last thread in the - * pool to exit will signal us to get to work. We get back to sleep - * once we detect that the pool has threads. - * - * Note that in the hand-off from us to a pool thread we get to run once. - * Since this hand-off is a rare event this should be fine. - */ -static void -kcf_failover_thread() -{ - int error = 0; - kcf_context_t *ictx; - kcf_areq_node_t *req; - callb_cpr_t cpr_info; - kmutex_t cpr_lock; - static boolean_t is_logged = B_FALSE; - - mutex_init(&cpr_lock, NULL, MUTEX_DEFAULT, NULL); - CALLB_CPR_INIT(&cpr_info, &cpr_lock, callb_generic_cpr, - "kcf_failover_thread"); - - for (;;) { - /* - * Wait if there are any threads are in the pool. - */ - if (kcfpool->kp_threads > 0) { - mutex_enter(&cpr_lock); - CALLB_CPR_SAFE_BEGIN(&cpr_info); - mutex_exit(&cpr_lock); - - mutex_enter(&kcfpool->kp_thread_lock); - cv_wait(&kcfpool->kp_nothr_cv, - &kcfpool->kp_thread_lock); - mutex_exit(&kcfpool->kp_thread_lock); - - mutex_enter(&cpr_lock); - CALLB_CPR_SAFE_END(&cpr_info, &cpr_lock); - mutex_exit(&cpr_lock); - is_logged = B_FALSE; - } - - /* - * Get the requests from the queue and wait if needed. - */ - mutex_enter(&gswq->gs_lock); - - while ((req = kcf_dequeue()) == NULL) { - mutex_enter(&cpr_lock); - CALLB_CPR_SAFE_BEGIN(&cpr_info); - mutex_exit(&cpr_lock); - - KCF_ATOMIC_INCR(kcfpool->kp_idlethreads); - cv_wait(&gswq->gs_cv, &gswq->gs_lock); - KCF_ATOMIC_DECR(kcfpool->kp_idlethreads); - - mutex_enter(&cpr_lock); - CALLB_CPR_SAFE_END(&cpr_info, &cpr_lock); - mutex_exit(&cpr_lock); - } - - mutex_exit(&gswq->gs_lock); - - /* - * We check the kp_threads since kcfd could have started - * while we are waiting on the global software queue. - */ - if ((kcfpool->kp_threads == 0) && !is_logged) { - cmn_err(CE_WARN, "kcfd is not running. Please check " - "and restart kcfd. Using the failover kernel " - "thread for now.\n"); - is_logged = B_TRUE; - } - - /* - * Get to work on the request. - */ - ictx = req->an_context; - mutex_enter(&req->an_lock); - req->an_state = REQ_INPROGRESS; - mutex_exit(&req->an_lock); - - error = common_submit_request(req->an_provider, ictx ? - &ictx->kc_glbl_ctx : NULL, &req->an_params, req); - - kcf_aop_done(req, error); - } -} - -/* * Insert the async request in the hash table after assigning it * an ID. Returns the ID. * @@ -1831,7 +1694,6 @@ static int kcf_misc_kstat_update(kstat_t *ksp, int rw) { - uint_t tcnt; kcf_stats_t *ks_data; if (rw == KSTAT_WRITE) @@ -1840,14 +1702,7 @@ ks_data = ksp->ks_data; ks_data->ks_thrs_in_pool.value.ui32 = kcfpool->kp_threads; - /* - * The failover thread is counted in kp_idlethreads in - * some corner cases. This is done to avoid doing more checks - * when submitting a request. We account for those cases below. - */ - if ((tcnt = kcfpool->kp_idlethreads) == (kcfpool->kp_threads + 1)) - tcnt--; - ks_data->ks_idle_thrs.value.ui32 = tcnt; + ks_data->ks_idle_thrs.value.ui32 = kcfpool->kp_idlethreads; ks_data->ks_minthrs.value.ui32 = kcf_minthreads; ks_data->ks_maxthrs.value.ui32 = kcf_maxthreads; ks_data->ks_swq_njobs.value.ui32 = gswq->gs_njobs; diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/aes.c --- a/usr/src/uts/common/crypto/io/aes.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/aes.c Sun Sep 12 10:25:50 2010 -0700 @@ -37,7 +37,6 @@ #include #include #include -#define _AES_FIPS_POST #define _AES_IMPL #include @@ -186,12 +185,6 @@ aes_free_context }; -static void aes_POST(int *); - -static crypto_fips140_ops_t aes_fips140_ops = { - aes_POST -}; - static crypto_ops_t aes_crypto_ops = { &aes_control_ops, NULL, @@ -209,7 +202,7 @@ &aes_ctx_ops, NULL, NULL, - &aes_fips140_ops + NULL, }; static crypto_provider_info_t aes_prov_info = { @@ -1530,32 +1523,3 @@ return (aes_decrypt_atomic(provider, session_id, &gcm_mech, key, mac, &null_crypto_data, template, req)); } - -/* - * AES Power-Up Self-Test - */ -void -aes_POST(int *rc) -{ - - int ret; - - /* AES Power-Up Self-Test for 128-bit key. */ - ret = fips_aes_post(FIPS_AES_128_KEY_SIZE); - - if (ret != CRYPTO_SUCCESS) - goto out; - - /* AES Power-Up Self-Test for 192-bit key. */ - ret = fips_aes_post(FIPS_AES_192_KEY_SIZE); - - if (ret != CRYPTO_SUCCESS) - goto out; - - /* AES Power-Up Self-Test for 256-bit key. */ - ret = fips_aes_post(FIPS_AES_256_KEY_SIZE); - -out: - *rc = ret; - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/cryptoadm.c --- a/usr/src/uts/common/crypto/io/cryptoadm.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/cryptoadm.c Sun Sep 12 10:25:50 2010 -0700 @@ -172,7 +172,6 @@ return (DDI_FAILURE); } - mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL); cryptoadm_dip = dip; return (DDI_SUCCESS); @@ -770,119 +769,10 @@ return (error); } -/* - * This ioctl loads a door descriptor into the kernel. The descriptor - * is used for module verification. - */ -/* ARGSUSED */ -static int -load_door(dev_t dev, caddr_t arg, int mode, int *rval) -{ - crypto_load_door_t load_door; - uint32_t rv; - int error = 0; - - if (copyin(arg, &load_door, sizeof (crypto_load_door_t)) != 0) { - error = EFAULT; - goto out2; - } - - if (crypto_load_door(load_door.ld_did) != 0) { - rv = CRYPTO_FAILED; - goto out; - } - rv = CRYPTO_SUCCESS; -out: - load_door.ld_return_value = rv; - - if (copyout(&load_door, arg, sizeof (crypto_load_door_t)) != 0) - error = EFAULT; - -out2: - if (AU_AUDITING()) - audit_cryptoadm(CRYPTO_LOAD_DOOR, NULL, NULL, - 0, 0, rv, error); - return (error); -} - -/* - * This function enables/disables FIPS140 mode or gets the current - * FIPS 140 mode status. - * - * CRYPTO_FIPS140_STATUS: Returns back the value of global_fips140_mode. - * CRYPTO_FIPS140_SET: Recognizes 2 operations from userland: - * FIPS140_ENABLE or FIPS140_DISABLE. These can only be - * called when global_fips140_mode is FIPS140_MODE_UNSET - * as they are only operations that can be performed at - * bootup. - */ -/* ARGSUSED */ -static int -fips140_actions(dev_t dev, caddr_t arg, int mode, int *rval, int cmd) -{ - crypto_fips140_t fips140_info; - uint32_t rv = CRYPTO_SUCCESS; - int error = 0; - - if (copyin(arg, &fips140_info, sizeof (crypto_fips140_t)) != 0) - return (EFAULT); - - switch (cmd) { - case CRYPTO_FIPS140_STATUS: - fips140_info.fips140_status = global_fips140_mode; - break; - case CRYPTO_FIPS140_SET: - /* If the mode has been determined, there is nothing to set */ - mutex_enter(&fips140_mode_lock); - - if (fips140_info.fips140_op == FIPS140_ENABLE && - global_fips140_mode == FIPS140_MODE_UNSET) { - /* - * If FIPS 140 is enabled, all approriate modules - * must be loaded and validated. This can be done in - * the background as the rest of the OS comes up. - */ - global_fips140_mode = FIPS140_MODE_VALIDATING; - (void) thread_create(NULL, 0, kcf_fips140_validate, - NULL, 0, &p0, TS_RUN, MAXCLSYSPRI); - cv_signal(&cv_fips140); - - } else if (fips140_info.fips140_op == FIPS140_DISABLE && - global_fips140_mode == FIPS140_MODE_UNSET) { - /* - * If FIPS 140 is not enabled, any modules that are - * waiting for validation must be released so they - * can be verified. - */ - global_fips140_mode = FIPS140_MODE_DISABLED; - kcf_activate(); - cv_signal(&cv_fips140); - - } else if (fips140_info.fips140_op != FIPS140_DISABLE && - fips140_info.fips140_op != FIPS140_ENABLE) { - rv = CRYPTO_ARGUMENTS_BAD; - } - - mutex_exit(&fips140_mode_lock); - break; - - default: - rv = CRYPTO_ARGUMENTS_BAD; - } - - fips140_info.fips140_return_value = rv; - - if (copyout(&fips140_info, arg, sizeof (crypto_fips140_t)) != 0) - error = EFAULT; - - return (error); -} - static int cryptoadm_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c, int *rval) { - uint32_t auditing = AU_AUDITING(); int error; #define ARG ((caddr_t)arg) @@ -891,9 +781,6 @@ case CRYPTO_LOAD_SOFT_DISABLED: case CRYPTO_LOAD_SOFT_CONFIG: case CRYPTO_UNLOAD_SOFT_MODULE: - case CRYPTO_POOL_CREATE: - case CRYPTO_POOL_WAIT: - case CRYPTO_POOL_RUN: case CRYPTO_LOAD_DOOR: case CRYPTO_FIPS140_SET: if ((error = drv_priv(c)) != 0) @@ -926,55 +813,6 @@ case CRYPTO_UNLOAD_SOFT_MODULE: return (unload_soft_module(dev, ARG, mode, rval)); - - case CRYPTO_POOL_CREATE: - /* - * The framework allocates and initializes the pool. - * So, this is a no op. We are keeping this ioctl around - * to be used for any future threadpool related work. - */ - if (auditing) - audit_cryptoadm(CRYPTO_POOL_CREATE, NULL, NULL, - 0, 0, 0, 0); - return (0); - - case CRYPTO_POOL_WAIT: { - int nthrs = 0, err; - - if ((err = kcf_svc_wait(&nthrs)) == 0) { - if (copyout((caddr_t)&nthrs, ARG, sizeof (int)) - == -1) - err = EFAULT; - } - if (auditing) - audit_cryptoadm(CRYPTO_POOL_WAIT, NULL, NULL, - 0, 0, 0, err); - return (err); - } - - case CRYPTO_POOL_RUN: { - int err; - - err = kcf_svc_do_run(); - if (auditing) - audit_cryptoadm(CRYPTO_POOL_RUN, NULL, NULL, - 0, 0, 0, err); - return (err); - } - - case CRYPTO_LOAD_DOOR: - return (load_door(dev, ARG, mode, rval)); - case CRYPTO_FIPS140_STATUS: - return (fips140_actions(dev, ARG, mode, rval, cmd)); - case CRYPTO_FIPS140_SET: { - int err; - - err = fips140_actions(dev, ARG, mode, rval, cmd); - if (auditing) - audit_cryptoadm(CRYPTO_FIPS140_SET, NULL, NULL, - 0, 0, 0, err); - return (err); - } } return (EINVAL); diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/ecc.c --- a/usr/src/uts/common/crypto/io/ecc.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/ecc.c Sun Sep 12 10:25:50 2010 -0700 @@ -22,6 +22,9 @@ * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #include #include @@ -188,13 +191,6 @@ ecc_nostore_key_derive }; -static void ecc_POST(int *); - -static crypto_fips140_ops_t ecc_fips140_ops = { - ecc_POST -}; - - static crypto_ops_t ecc_crypto_ops = { &ecc_control_ops, NULL, @@ -212,7 +208,7 @@ NULL, NULL, &ecc_nostore_key_ops, - &ecc_fips140_ops + NULL, }; static crypto_provider_info_t ecc_prov_info = { @@ -239,10 +235,6 @@ static void free_ecparams(ECParams *, boolean_t); static void free_ecprivkey(ECPrivateKey *); -static int fips_pairwise_check(ECPrivateKey *); -extern int fips_ecdsa_post(void); - - int _init(void) { @@ -406,7 +398,7 @@ uint8_t extrarand[32]; size_t extrarand_len; - if ((rv = random_get_pseudo_bytes_fips140(ran_out, ran_len)) != 0) + if ((rv = random_get_pseudo_bytes(ran_out, ran_len)) != 0) return (rv); /* @@ -429,7 +421,7 @@ if (ebc == 0) { /* refresh extrarand */ extrarand_len = sizeof (extrarand); - if ((rv = random_get_pseudo_bytes_fips140(extrarand, + if ((rv = random_get_pseudo_bytes(extrarand, extrarand_len)) != 0) { return (rv); } @@ -1167,13 +1159,6 @@ bcopy(privKey->publicValue.data, point, xylen); pub_out_template[point_idx].oa_value_len = xylen; - if (kcf_get_fips140_mode() == FIPS140_MODE_ENABLED) { - /* Pair-wise consistency test */ - if ((rv = fips_pairwise_check(privKey)) != CRYPTO_SUCCESS) - cmn_err(CE_WARN, "ecc: fips_pairwise_check() " - "failed (0x%x).", rv); - } - out: free_ecprivkey(privKey); free_ecparams(ecparams, B_TRUE); @@ -1334,73 +1319,3 @@ SECITEM_FreeItem(&key->version, B_FALSE); kmem_free(key, sizeof (ECPrivateKey)); } - -/* - * Pair-wise Consistency Test - */ -static int -fips_pairwise_check(ECPrivateKey *ecdsa_private_key) -{ - - SECItem signature_item; - SECItem digest_item; - uchar_t signed_data[EC_MAX_SIG_LEN]; - uchar_t sha1[SHA1_DIGEST_SIZE]; - ECPublicKey ecdsa_public_key; - SHA1_CTX *sha1_context; - int rv; - static uint8_t msg[] = { - "OpenSolarisCommunity" - }; - - /* construct public key from private key. */ - if ((EC_CopyParams(ecdsa_private_key->ecParams.arena, - &ecdsa_public_key.ecParams, &ecdsa_private_key->ecParams)) - != SECSuccess) - return (CRYPTO_FAILED); - - ecdsa_public_key.publicValue = ecdsa_private_key->publicValue; - - if ((sha1_context = kmem_zalloc(sizeof (SHA1_CTX), - KM_SLEEP)) == NULL) - return (CRYPTO_HOST_MEMORY); - - SHA1Init(sha1_context); - SHA1Update(sha1_context, msg, SHA1_DIGEST_SIZE); - SHA1Final(sha1, sha1_context); - - digest_item.data = sha1; - digest_item.len = SHA1_DIGEST_SIZE; - signature_item.data = signed_data; - signature_item.len = sizeof (signed_data); - - if ((ECDSA_SignDigest(ecdsa_private_key, &signature_item, - &digest_item, 0)) != SECSuccess) { - rv = CRYPTO_FAILED; - goto loser; - } - - if (ECDSA_VerifyDigest(&ecdsa_public_key, &signature_item, - &digest_item, 0) != SECSuccess) { - rv = CRYPTO_SIGNATURE_INVALID; - } else { - rv = CRYPTO_SUCCESS; - } - -loser: - kmem_free(sha1_context, sizeof (SHA1_CTX)); - return (rv); - -} - - -/* - * ECC Power-Up Self-Test - */ -void -ecc_POST(int *rc) -{ - - *rc = fips_ecdsa_post(); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/rsa.c --- a/usr/src/uts/common/crypto/io/rsa.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/rsa.c Sun Sep 12 10:25:50 2010 -0700 @@ -44,7 +44,6 @@ #include #include #include -#define _RSA_FIPS_POST #include extern struct mod_ops mod_cryptoops; @@ -275,12 +274,6 @@ rsa_free_context }; -static void rsa_POST(int *); - -static crypto_fips140_ops_t rsa_fips140_ops = { - rsa_POST -}; - static crypto_ops_t rsa_crypto_ops = { &rsa_control_ops, NULL, @@ -298,7 +291,7 @@ &rsa_ctx_ops, NULL, NULL, - &rsa_fips140_ops + NULL, }; static crypto_provider_info_t rsa_prov_info = { @@ -432,7 +425,7 @@ uint8_t extrarand[32]; size_t extrarand_len; - if ((rv = random_get_pseudo_bytes_fips140(ran_out, ran_len)) != 0) + if ((rv = random_get_pseudo_bytes(ran_out, ran_len)) != 0) return (rv); /* @@ -455,7 +448,7 @@ if (ebc == 0) { /* refresh extrarand */ extrarand_len = sizeof (extrarand); - if ((rv = random_get_pseudo_bytes_fips140(extrarand, + if ((rv = random_get_pseudo_bytes(extrarand, extrarand_len)) != 0) { return (rv); } @@ -1599,14 +1592,3 @@ return (rsa_verify_recover_common(mechanism->cm_type, key, signature, data)); } - -/* - * RSA Power-On Self-Test - */ -void -rsa_POST(int *rc) -{ - - *rc = fips_rsa_post(); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/sha1_mod.c --- a/usr/src/uts/common/crypto/io/sha1_mod.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/sha1_mod.c Sun Sep 12 10:25:50 2010 -0700 @@ -163,12 +163,6 @@ sha1_free_context }; -static void sha1_POST(int *); - -static crypto_fips140_ops_t sha1_fips140_ops = { - sha1_POST -}; - static crypto_ops_t sha1_crypto_ops = { &sha1_control_ops, &sha1_digest_ops, @@ -186,7 +180,7 @@ &sha1_ctx_ops, NULL, NULL, - &sha1_fips140_ops + NULL, }; static crypto_provider_info_t sha1_prov_info = { @@ -1447,14 +1441,3 @@ return (CRYPTO_SUCCESS); } - -/* - * SHA-1 Power-Up Self-Test - */ -void -sha1_POST(int *rc) -{ - - *rc = fips_sha1_post(); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/sha2_mod.c --- a/usr/src/uts/common/crypto/io/sha2_mod.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/sha2_mod.c Sun Sep 12 10:25:50 2010 -0700 @@ -189,12 +189,6 @@ sha2_free_context }; -static void sha2_POST(int *); - -static crypto_fips140_ops_t sha2_fips140_ops = { - sha2_POST -}; - static crypto_ops_t sha2_crypto_ops = { &sha2_control_ops, &sha2_digest_ops, @@ -212,7 +206,7 @@ &sha2_ctx_ops, NULL, NULL, - &sha2_fips140_ops + NULL, }; static crypto_provider_info_t sha2_prov_info = { @@ -1616,14 +1610,3 @@ return (CRYPTO_SUCCESS); } - -/* - * SHA-2 Power-Up Self-Test - */ -void -sha2_POST(int *rc) -{ - - *rc = fips_sha2_post(); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/io/swrand.c --- a/usr/src/uts/common/crypto/io/swrand.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/io/swrand.c Sun Sep 12 10:25:50 2010 -0700 @@ -162,12 +162,6 @@ swrand_generate_random }; -static void swrand_POST(int *); - -static crypto_fips140_ops_t swrand_fips140_ops = { - swrand_POST -}; - static crypto_ops_t swrand_crypto_ops = { &swrand_control_ops, NULL, @@ -185,7 +179,7 @@ NULL, NULL, NULL, - &swrand_fips140_ops + NULL, }; static crypto_provider_info_t swrand_prov_info = { @@ -912,14 +906,3 @@ mutex_exit(&srndpool_lock); } - -/* - * Swrand Power-Up Self-Test - */ -void -swrand_POST(int *rc) -{ - - *rc = fips_rng_post(); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/crypto/spi/kcf_spi.c --- a/usr/src/uts/common/crypto/spi/kcf_spi.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/crypto/spi/kcf_spi.c Sun Sep 12 10:25:50 2010 -0700 @@ -22,6 +22,9 @@ * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ /* * This file is part of the core Kernel Cryptographic Framework. @@ -57,7 +60,6 @@ kcf_provider_desc_t *); static int init_prov_mechs(crypto_provider_info_t *, kcf_provider_desc_t *); static int kcf_prov_kstat_update(kstat_t *, int); -static void undo_register_provider_extra(kcf_provider_desc_t *); static void delete_kstat(kcf_provider_desc_t *); static kcf_prov_stats_t kcf_stats_ks_data_template = { @@ -129,7 +131,6 @@ crypto_register_provider(crypto_provider_info_t *info, crypto_kcf_provider_handle_t *handle) { - int need_fips140_verify, need_verify = 1; struct modctl *mcp; char *name; char ks_name[KSTAT_STRLEN]; @@ -250,21 +251,6 @@ goto bail; } - if ((need_verify = kcf_need_signature_verification(prov_desc)) == -1) { - undo_register_provider(prov_desc, B_TRUE); - ret = CRYPTO_MODVERIFICATION_FAILED; - goto bail; - } - - if ((need_fips140_verify = - kcf_need_fips140_verification(prov_desc)) == -1) { - mutex_enter(&prov_desc->pd_lock); - prov_desc->pd_state = KCF_PROV_VERIFICATION_FAILED; - mutex_exit(&prov_desc->pd_lock); - ret = CRYPTO_FIPS140_ERROR; - goto bail; - } - /* * We create a taskq only for a hardware provider. The global * software queue is used for software providers. We handle ordering @@ -367,47 +353,10 @@ if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER) process_logical_providers(info, prov_desc); - /* This provider needs to wait until we know the FIPS 140 status */ - if (need_fips140_verify == 1) { - mutex_enter(&prov_desc->pd_lock); - prov_desc->pd_state = KCF_PROV_UNVERIFIED_FIPS140; - mutex_exit(&prov_desc->pd_lock); - goto exit; - } - - /* This provider needs to have the signature verified */ - if (need_verify == 1) { - mutex_enter(&prov_desc->pd_lock); - prov_desc->pd_state = KCF_PROV_UNVERIFIED; - mutex_exit(&prov_desc->pd_lock); - - /* kcf_verify_signature routine will release this hold */ - KCF_PROV_REFHOLD(prov_desc); - - if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER) { - /* - * It is not safe to make the door upcall to kcfd from - * this context since the kcfd thread could reenter - * devfs. So, we dispatch a taskq job to do the - * verification and return to the provider. - */ - (void) taskq_dispatch(system_taskq, - kcf_verify_signature, (void *)prov_desc, TQ_SLEEP); - } else if (prov_desc->pd_prov_type == CRYPTO_SW_PROVIDER) { - kcf_verify_signature(prov_desc); - if (prov_desc->pd_state == - KCF_PROV_VERIFICATION_FAILED) { - undo_register_provider_extra(prov_desc); - ret = CRYPTO_MODVERIFICATION_FAILED; - goto bail; - } - } - } else { - mutex_enter(&prov_desc->pd_lock); - prov_desc->pd_state = KCF_PROV_READY; - mutex_exit(&prov_desc->pd_lock); - kcf_do_notify(prov_desc, B_TRUE); - } + mutex_enter(&prov_desc->pd_lock); + prov_desc->pd_state = KCF_PROV_READY; + mutex_exit(&prov_desc->pd_lock); + kcf_do_notify(prov_desc, B_TRUE); exit: *handle = prov_desc->pd_kcf_prov_handle; @@ -955,13 +904,6 @@ (void) kcf_prov_tab_rem_provider(desc->pd_prov_id); } -static void -undo_register_provider_extra(kcf_provider_desc_t *desc) -{ - delete_kstat(desc); - undo_register_provider(desc, B_TRUE); -} - /* * Utility routine called from crypto_load_soft_disabled(). Callers * should have done a prior undo_register_provider(). diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/des/des_crypt.c --- a/usr/src/uts/common/des/des_crypt.c Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/des/des_crypt.c Sun Sep 12 10:25:50 2010 -0700 @@ -48,7 +48,7 @@ #include #include #include -#define _DES_FIPS_POST +#define _DES_IMPL #include /* EXPORT DELETE START */ @@ -221,12 +221,6 @@ des_key_check }; -static void des_POST(int *); - -static crypto_fips140_ops_t des_fips140_ops = { - des_POST -}; - static crypto_ops_t des_crypto_ops = { &des_control_ops, NULL, @@ -244,7 +238,7 @@ &des_ctx_ops, NULL, NULL, - &des_fips140_ops + NULL }; static crypto_provider_info_t des_prov_info = { @@ -1232,14 +1226,3 @@ return (rv); } - -/* - * Triple DES Power-Up Self-Test - */ -void -des_POST(int *rc) -{ - - *rc = fips_des3_post(); - -} diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/sys/crypto/elfsign.h --- a/usr/src/uts/common/sys/crypto/elfsign.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/sys/crypto/elfsign.h Sun Sep 12 10:25:50 2010 -0700 @@ -21,6 +21,9 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #ifndef _SYS_CRYPTO_ELFSIGN_H #define _SYS_CRYPTO_ELFSIGN_H @@ -52,29 +55,10 @@ } ELFsign_status_t; -/* Version values for da_version in kcf_door_args_t */ -#define KCF_KCFD_VERSION1 1 -#define KCFD_FIPS140_INTCHECK 2 - #define SIG_MAX_LENGTH 1024 #define ELF_SIGNATURE_SECTION ".SUNW_signature" -typedef struct kcf_door_arg_s { - short da_version; - boolean_t da_iskernel; - - union { - char filename[MAXPATHLEN]; /* For request */ - - struct kcf_door_result_s { /* For response */ - ELFsign_status_t status; - uint32_t siglen; - uchar_t signature[1]; - } result; - } da_u; -} kcf_door_arg_t; - typedef uint32_t filesig_vers_t; /* @@ -134,8 +118,6 @@ #ifndef _KERNEL -#define _PATH_KCFD_DOOR "/etc/svc/volatile/kcfd_door" - #endif /* _KERNEL */ #ifdef __cplusplus diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/sys/crypto/impl.h --- a/usr/src/uts/common/sys/crypto/impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/sys/crypto/impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -525,13 +525,6 @@ #define KCF_MAX_PIN_LEN 1024 -/* Global FIPS 140 mode variable */ -extern uint32_t global_fips140_mode; -/* Global FIPS 140 mode lock */ -extern kmutex_t fips140_mode_lock; -/* Conditional variable for kcf to wait until kcfd tells the FIPS mode status */ -extern kcondvar_t cv_fips140; - /* * Per-minor info. * @@ -1409,11 +1402,6 @@ crypto_mech_name_t *, uint_t *, crypto_mech_name_t **); extern void remove_soft_config(char *); -/* FIPS 140 functions */ -extern int kcf_get_fips140_mode(void); -extern void kcf_fips140_validate(); -extern void kcf_activate(); - #endif /* _KERNEL */ #ifdef __cplusplus diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/sys/crypto/sched_impl.h --- a/usr/src/uts/common/sys/crypto/sched_impl.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/sys/crypto/sched_impl.h Sun Sep 12 10:25:50 2010 -0700 @@ -22,6 +22,10 @@ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ + #ifndef _SYS_CRYPTO_SCHED_IMPL_H #define _SYS_CRYPTO_SCHED_IMPL_H @@ -371,23 +375,11 @@ uint32_t kp_blockedthreads; /* Blocked threads in pool */ /* - * cv & lock to monitor the condition when no threads - * are around. In this case the failover thread kicks in. + * cv & lock for the condition where more threads need to be created. */ - kcondvar_t kp_nothr_cv; - kmutex_t kp_thread_lock; + kcondvar_t kp_cv; /* Creator cond. variable */ + kmutex_t kp_lock; /* Creator lock */ - /* Userspace thread creator variables. */ - boolean_t kp_signal_create_thread; /* Create requested flag */ - int kp_nthrs; /* # of threads to create */ - boolean_t kp_user_waiting; /* Thread waiting for work */ - - /* - * cv & lock for the condition where more threads need to be - * created. kp_user_lock also protects the three fileds above. - */ - kcondvar_t kp_user_cv; /* Creator cond. variable */ - kmutex_t kp_user_lock; /* Creator lock */ } kcf_pool_t; @@ -467,10 +459,6 @@ extern int kcf_maxthreads; extern int kcf_minthreads; -/* Door handle for talking to kcfd */ -extern door_handle_t kcf_dh; -extern kmutex_t kcf_dh_lock; - /* * All pending crypto bufcalls are put on a list. cbuf_list_lock * protects changes to this list. @@ -516,13 +504,7 @@ crypto_ctx_t *, kcf_req_params_t *, crypto_req_handle_t); extern void kcf_free_context(kcf_context_t *); -extern int kcf_svc_wait(int *); -extern int kcf_svc_do_run(void); -extern int kcf_need_fips140_verification(kcf_provider_desc_t *); -extern int kcf_need_signature_verification(kcf_provider_desc_t *); -extern void kcf_verify_signature(void *); extern struct modctl *kcf_get_modctl(crypto_provider_info_t *); -extern void verify_unverified_providers(); extern void kcf_free_req(kcf_areq_node_t *areq); extern void crypto_bufcall_service(void); diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/common/sys/random.h --- a/usr/src/uts/common/sys/random.h Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/common/sys/random.h Sun Sep 12 10:25:50 2010 -0700 @@ -22,6 +22,9 @@ * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ +/* + * Copyright 2010 Nexenta Systems, Inc. All rights reserved. + */ #ifndef _SYS_RANDOM_H #define _SYS_RANDOM_H @@ -60,14 +63,6 @@ extern int random_get_bytes(uint8_t *, size_t); extern int random_get_pseudo_bytes(uint8_t *, size_t); -/* - * Functions for FIPS 140 validated random. Thesse functions should not be used - * for early booting kernel modules as modules in a FIPS 140 boundary must wait - * until the SMF service "cryptosvc" to run. - */ -extern int random_get_bytes_fips140(uint8_t *, size_t); -extern int random_get_pseudo_bytes_fips140(uint8_t *, size_t); - #endif /* _KERNEL */ #ifdef __cplusplus diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/sparc/bignum/Makefile --- a/usr/src/uts/sparc/bignum/Makefile Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/sparc/bignum/Makefile Sun Sep 12 10:25:50 2010 -0700 @@ -48,12 +48,6 @@ include $(UTSBASE)/sparc/Makefile.sparc # -# FIPS-140 Self Integrity Test -# -POST_PROCESS += ; $(FIPS140_CHECK) - - -# # Define targets # ALL_TARGET = $(BINARY) diff -r 528fbffc4164 -r 294b1fe4bc7f usr/src/uts/sun4v/n2rng/Makefile --- a/usr/src/uts/sun4v/n2rng/Makefile Sat Sep 11 23:00:34 2010 -0400 +++ b/usr/src/uts/sun4v/n2rng/Makefile Sun Sep 12 10:25:50 2010 -0700 @@ -50,11 +50,6 @@ include $(UTSBASE)/sun4v/Makefile.sun4v # -# FIPS-140 Self Integrity Test -# -POST_PROCESS += ; $(FIPS140_CHECK) - -# # Override defaults to build a unique, local modstubs.o. # MODSTUBS_DIR = $(OBJS_DIR)