Print this page
3882 remove xmod & friends


  92                 return (CKR_HOST_MEMORY);
  93 
  94         case BIG_NO_RANDOM:
  95                 return (CKR_DEVICE_ERROR);
  96 
  97         case BIG_INVALID_ARGS:
  98                 return (CKR_ARGUMENTS_BAD);
  99 
 100         case BIG_DIV_BY_0:
 101         default:
 102                 return (CKR_GENERAL_ERROR);
 103         }
 104 }
 105 
 106 /* psize and qsize are in bits */
 107 static BIG_ERR_CODE
 108 RSA_key_init(RSAkey *key, int psize, int qsize)
 109 {
 110         BIG_ERR_CODE err = BIG_OK;
 111 
 112 /* EXPORT DELETE START */
 113 
 114         int plen, qlen, nlen;
 115 
 116         plen = BITLEN2BIGNUMLEN(psize);
 117         qlen = BITLEN2BIGNUMLEN(qsize);
 118         nlen = plen + qlen;
 119         key->size = psize + qsize;
 120         if ((err = big_init(&(key->p), plen)) != BIG_OK)
 121                 return (err);
 122         if ((err = big_init(&(key->q), qlen)) != BIG_OK)
 123                 goto ret1;
 124         if ((err = big_init(&(key->n), nlen)) != BIG_OK)
 125                 goto ret2;
 126         if ((err = big_init(&(key->d), nlen)) != BIG_OK)
 127                 goto ret3;
 128         if ((err = big_init(&(key->e), nlen)) != BIG_OK)
 129                 goto ret4;
 130         if ((err = big_init(&(key->dmodpminus1), plen)) != BIG_OK)
 131                 goto ret5;
 132         if ((err = big_init(&(key->dmodqminus1), qlen)) != BIG_OK)
 133                 goto ret6;


 146         big_finish(&(key->q_rr));
 147 ret9:
 148         big_finish(&(key->p_rr));
 149 ret8:
 150         big_finish(&(key->pinvmodq));
 151 ret7:
 152         big_finish(&(key->dmodqminus1));
 153 ret6:
 154         big_finish(&(key->dmodpminus1));
 155 ret5:
 156         big_finish(&(key->e));
 157 ret4:
 158         big_finish(&(key->d));
 159 ret3:
 160         big_finish(&(key->n));
 161 ret2:
 162         big_finish(&(key->q));
 163 ret1:
 164         big_finish(&(key->p));
 165 
 166 /* EXPORT DELETE END */
 167 
 168         return (err);
 169 }
 170 
 171 static void
 172 RSA_key_finish(RSAkey *key)
 173 {
 174 
 175 /* EXPORT DELETE START */
 176 
 177         big_finish(&(key->n_rr));
 178         big_finish(&(key->q_rr));
 179         big_finish(&(key->p_rr));
 180         big_finish(&(key->pinvmodq));
 181         big_finish(&(key->dmodqminus1));
 182         big_finish(&(key->dmodpminus1));
 183         big_finish(&(key->e));
 184         big_finish(&(key->d));
 185         big_finish(&(key->n));
 186         big_finish(&(key->q));
 187         big_finish(&(key->p));
 188 
 189 /* EXPORT DELETE END */
 190 
 191 }
 192 
 193 /*
 194  * Generate RSA key
 195  */
 196 static CK_RV
 197 generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM *pubexp,
 198     int (*rfunc)(void *, size_t))
 199 {
 200         CK_RV           rv = CKR_OK;
 201 
 202 /* EXPORT DELETE START */
 203 
 204         int             (*rf)(void *, size_t);
 205         BIGNUM          a, b, c, d, e, f, g, h;
 206         int             len, keylen, size;
 207         BIG_ERR_CODE    brv = BIG_OK;
 208 
 209         size = psize + qsize;
 210         keylen = BITLEN2BIGNUMLEN(size);
 211         len = keylen * 2 + 1;
 212         key->size = size;
 213 
 214         /*
 215          * Note: It is not really necessary to compute e, it is in pubexp:
 216          *      (void) big_copy(&(key->e), pubexp);
 217          */
 218 
 219         a.malloced = 0;
 220         b.malloced = 0;
 221         c.malloced = 0;
 222         d.malloced = 0;
 223         e.malloced = 0;


 362         if (big_cmp_abs(&b, &h) != 0) {
 363                 /* this should not happen */
 364                 rv = generate_rsa_key(key, psize, qsize, pubexp, rf);
 365                 goto ret1;
 366         } else {
 367                 brv = BIG_OK;
 368         }
 369 
 370 ret:
 371         rv = convert_rv(brv);
 372 ret1:
 373         big_finish(&h);
 374         big_finish(&g);
 375         big_finish(&f);
 376         big_finish(&e);
 377         big_finish(&d);
 378         big_finish(&c);
 379         big_finish(&b);
 380         big_finish(&a);
 381 
 382 /* EXPORT DELETE END */
 383 
 384         return (rv);
 385 }
 386 
 387 CK_RV
 388 rsa_genkey_pair(RSAbytekey *bkey)
 389 {
 390         /*
 391          * NOTE:  Whomever originally wrote this function swapped p and q.
 392          * This table shows the mapping between name convention used here
 393          * versus what is used in most texts that describe RSA key generation.
 394          *      This function:                  Standard convention:
 395          *      --------------                  --------------------
 396          *      modulus, n                      -same-
 397          *      prime 1, q                      prime 1, p
 398          *      prime 2, p                      prime 2, q
 399          *      private exponent, d             -same-
 400          *      public exponent, e              -same-
 401          *      exponent 1, d mod (q-1)         d mod (p-1)
 402          *      exponent 2, d mod (p-1)         d mod (q-1)
 403          *      coefficient, p^-1 mod q         q^-1 mod p
 404          *
 405          * Also notice the struct member for coefficient is named .pinvmodq
 406          * rather than .qinvmodp, reflecting the switch.
 407          *
 408          * The code here wasn't unswapped, because "it works".  Further,
 409          * p and q are interchangeable as long as exponent 1 and 2 and
 410          * the coefficient are kept straight too.  This note is here to
 411          * make the reader aware of the switcheroo.
 412          */
 413         CK_RV   rv = CKR_OK;
 414 
 415 /* EXPORT DELETE START */
 416 
 417         BIGNUM  public_exponent = {0};
 418         RSAkey  rsakey;
 419         uint32_t modulus_bytes;
 420 
 421         if (bkey == NULL)
 422                 return (CKR_ARGUMENTS_BAD);
 423 
 424         /* Must have modulus bits set */
 425         if (bkey->modulus_bits == 0)
 426                 return (CKR_ARGUMENTS_BAD);
 427 
 428         /* Must have public exponent set */
 429         if (bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
 430                 return (CKR_ARGUMENTS_BAD);
 431 
 432         /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
 433         modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
 434 
 435         /* Modulus length needs to be between min key size and max key size. */
 436         if ((modulus_bytes < MIN_RSA_KEYLENGTH_IN_BYTES) ||


 478         bkey->prime2_bytes = rsakey.p.len * (int)sizeof (BIG_CHUNK_TYPE);
 479         bignum2bytestring(bkey->prime2, &(rsakey.p), bkey->prime2_bytes);
 480 
 481         bkey->expo1_bytes =
 482             rsakey.dmodqminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
 483         bignum2bytestring(bkey->expo1, &(rsakey.dmodqminus1),
 484             bkey->expo1_bytes);
 485 
 486         bkey->expo2_bytes =
 487             rsakey.dmodpminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
 488         bignum2bytestring(bkey->expo2,
 489             &(rsakey.dmodpminus1), bkey->expo2_bytes);
 490 
 491         bkey->coeff_bytes =
 492             rsakey.pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE);
 493         bignum2bytestring(bkey->coeff, &(rsakey.pinvmodq), bkey->coeff_bytes);
 494 
 495 clean1:
 496         RSA_key_finish(&rsakey);
 497 
 498 /* EXPORT DELETE END */
 499 
 500         return (rv);
 501 }
 502 
 503 /*
 504  * RSA encrypt operation
 505  */
 506 CK_RV
 507 rsa_encrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
 508 {
 509         CK_RV rv = CKR_OK;
 510 
 511 /* EXPORT DELETE START */
 512 
 513         BIGNUM msg;
 514         RSAkey rsakey;
 515         uint32_t modulus_bytes;
 516 
 517         if (bkey == NULL)
 518                 return (CKR_ARGUMENTS_BAD);
 519 
 520         /* Must have modulus and public exponent set */
 521         if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
 522             bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
 523                 return (CKR_ARGUMENTS_BAD);
 524 
 525         /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
 526         modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
 527 
 528         if (bkey->pubexpo_bytes > modulus_bytes) {
 529                 return (CKR_KEY_SIZE_RANGE);
 530         }
 531 
 532         /* psize and qsize for RSA_key_init is in bits. */


 549         if (big_cmp_abs(&msg, &(rsakey.n)) > 0) {
 550                 rv = CKR_DATA_LEN_RANGE;
 551                 goto clean3;
 552         }
 553 
 554         /* Perform RSA computation on big integer input data. */
 555         if (big_modexp(&msg, &msg, &(rsakey.e), &(rsakey.n), NULL) !=
 556             BIG_OK) {
 557                 rv = CKR_HOST_MEMORY;
 558                 goto clean3;
 559         }
 560 
 561         /* Convert the big integer output data to octet string. */
 562         bignum2bytestring(out, &msg, modulus_bytes);
 563 
 564 clean3:
 565         big_finish(&msg);
 566 clean2:
 567         RSA_key_finish(&rsakey);
 568 
 569 /* EXPORT DELETE END */
 570 
 571         return (rv);
 572 }
 573 
 574 /*
 575  * RSA decrypt operation
 576  */
 577 CK_RV
 578 rsa_decrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
 579 {
 580         CK_RV rv = CKR_OK;
 581 
 582 /* EXPORT DELETE START */
 583 
 584         BIGNUM msg;
 585         RSAkey rsakey;
 586         uint32_t modulus_bytes;
 587 
 588         if (bkey == NULL)
 589                 return (CKR_ARGUMENTS_BAD);
 590 
 591         /* Must have modulus, prime1, prime2, expo1, expo2, and coeff set */
 592         if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
 593             bkey->prime1_bytes == 0 || bkey->prime1 == NULL ||
 594             bkey->prime2_bytes == 0 || bkey->prime2 == NULL ||
 595             bkey->expo1_bytes == 0 || bkey->expo1 == NULL ||
 596             bkey->expo2_bytes == 0 || bkey->expo2 == NULL ||
 597             bkey->coeff_bytes == 0 || bkey->coeff == NULL)
 598                 return (CKR_ARGUMENTS_BAD);
 599 
 600         /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
 601         modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
 602 
 603         /* psize and qsize for RSA_key_init is in bits. */


 638                 rv = CKR_KEY_SIZE_RANGE;
 639                 goto clean4;
 640         }
 641 
 642         /* Perform RSA computation on big integer input data. */
 643         if (big_modexp_crt(&msg, &msg, &(rsakey.dmodpminus1),
 644             &(rsakey.dmodqminus1), &(rsakey.p), &(rsakey.q),
 645             &(rsakey.pinvmodq), NULL, NULL) != BIG_OK) {
 646                 rv = CKR_HOST_MEMORY;
 647                 goto clean4;
 648         }
 649 
 650         /* Convert the big integer output data to octet string. */
 651         bignum2bytestring(out, &msg, modulus_bytes);
 652 
 653 clean4:
 654         big_finish(&msg);
 655 clean3:
 656         RSA_key_finish(&rsakey);
 657 
 658 /* EXPORT DELETE END */
 659 
 660         return (rv);
 661 }


  92                 return (CKR_HOST_MEMORY);
  93 
  94         case BIG_NO_RANDOM:
  95                 return (CKR_DEVICE_ERROR);
  96 
  97         case BIG_INVALID_ARGS:
  98                 return (CKR_ARGUMENTS_BAD);
  99 
 100         case BIG_DIV_BY_0:
 101         default:
 102                 return (CKR_GENERAL_ERROR);
 103         }
 104 }
 105 
 106 /* psize and qsize are in bits */
 107 static BIG_ERR_CODE
 108 RSA_key_init(RSAkey *key, int psize, int qsize)
 109 {
 110         BIG_ERR_CODE err = BIG_OK;
 111 


 112         int plen, qlen, nlen;
 113 
 114         plen = BITLEN2BIGNUMLEN(psize);
 115         qlen = BITLEN2BIGNUMLEN(qsize);
 116         nlen = plen + qlen;
 117         key->size = psize + qsize;
 118         if ((err = big_init(&(key->p), plen)) != BIG_OK)
 119                 return (err);
 120         if ((err = big_init(&(key->q), qlen)) != BIG_OK)
 121                 goto ret1;
 122         if ((err = big_init(&(key->n), nlen)) != BIG_OK)
 123                 goto ret2;
 124         if ((err = big_init(&(key->d), nlen)) != BIG_OK)
 125                 goto ret3;
 126         if ((err = big_init(&(key->e), nlen)) != BIG_OK)
 127                 goto ret4;
 128         if ((err = big_init(&(key->dmodpminus1), plen)) != BIG_OK)
 129                 goto ret5;
 130         if ((err = big_init(&(key->dmodqminus1), qlen)) != BIG_OK)
 131                 goto ret6;


 144         big_finish(&(key->q_rr));
 145 ret9:
 146         big_finish(&(key->p_rr));
 147 ret8:
 148         big_finish(&(key->pinvmodq));
 149 ret7:
 150         big_finish(&(key->dmodqminus1));
 151 ret6:
 152         big_finish(&(key->dmodpminus1));
 153 ret5:
 154         big_finish(&(key->e));
 155 ret4:
 156         big_finish(&(key->d));
 157 ret3:
 158         big_finish(&(key->n));
 159 ret2:
 160         big_finish(&(key->q));
 161 ret1:
 162         big_finish(&(key->p));
 163 


 164         return (err);
 165 }
 166 
 167 static void
 168 RSA_key_finish(RSAkey *key)
 169 {



 170         big_finish(&(key->n_rr));
 171         big_finish(&(key->q_rr));
 172         big_finish(&(key->p_rr));
 173         big_finish(&(key->pinvmodq));
 174         big_finish(&(key->dmodqminus1));
 175         big_finish(&(key->dmodpminus1));
 176         big_finish(&(key->e));
 177         big_finish(&(key->d));
 178         big_finish(&(key->n));
 179         big_finish(&(key->q));
 180         big_finish(&(key->p));



 181 }
 182 
 183 /*
 184  * Generate RSA key
 185  */
 186 static CK_RV
 187 generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM *pubexp,
 188     int (*rfunc)(void *, size_t))
 189 {
 190         CK_RV           rv = CKR_OK;
 191 


 192         int             (*rf)(void *, size_t);
 193         BIGNUM          a, b, c, d, e, f, g, h;
 194         int             len, keylen, size;
 195         BIG_ERR_CODE    brv = BIG_OK;
 196 
 197         size = psize + qsize;
 198         keylen = BITLEN2BIGNUMLEN(size);
 199         len = keylen * 2 + 1;
 200         key->size = size;
 201 
 202         /*
 203          * Note: It is not really necessary to compute e, it is in pubexp:
 204          *      (void) big_copy(&(key->e), pubexp);
 205          */
 206 
 207         a.malloced = 0;
 208         b.malloced = 0;
 209         c.malloced = 0;
 210         d.malloced = 0;
 211         e.malloced = 0;


 350         if (big_cmp_abs(&b, &h) != 0) {
 351                 /* this should not happen */
 352                 rv = generate_rsa_key(key, psize, qsize, pubexp, rf);
 353                 goto ret1;
 354         } else {
 355                 brv = BIG_OK;
 356         }
 357 
 358 ret:
 359         rv = convert_rv(brv);
 360 ret1:
 361         big_finish(&h);
 362         big_finish(&g);
 363         big_finish(&f);
 364         big_finish(&e);
 365         big_finish(&d);
 366         big_finish(&c);
 367         big_finish(&b);
 368         big_finish(&a);
 369 


 370         return (rv);
 371 }
 372 
 373 CK_RV
 374 rsa_genkey_pair(RSAbytekey *bkey)
 375 {
 376         /*
 377          * NOTE:  Whomever originally wrote this function swapped p and q.
 378          * This table shows the mapping between name convention used here
 379          * versus what is used in most texts that describe RSA key generation.
 380          *      This function:                  Standard convention:
 381          *      --------------                  --------------------
 382          *      modulus, n                      -same-
 383          *      prime 1, q                      prime 1, p
 384          *      prime 2, p                      prime 2, q
 385          *      private exponent, d             -same-
 386          *      public exponent, e              -same-
 387          *      exponent 1, d mod (q-1)         d mod (p-1)
 388          *      exponent 2, d mod (p-1)         d mod (q-1)
 389          *      coefficient, p^-1 mod q         q^-1 mod p
 390          *
 391          * Also notice the struct member for coefficient is named .pinvmodq
 392          * rather than .qinvmodp, reflecting the switch.
 393          *
 394          * The code here wasn't unswapped, because "it works".  Further,
 395          * p and q are interchangeable as long as exponent 1 and 2 and
 396          * the coefficient are kept straight too.  This note is here to
 397          * make the reader aware of the switcheroo.
 398          */
 399         CK_RV   rv = CKR_OK;
 400 


 401         BIGNUM  public_exponent = {0};
 402         RSAkey  rsakey;
 403         uint32_t modulus_bytes;
 404 
 405         if (bkey == NULL)
 406                 return (CKR_ARGUMENTS_BAD);
 407 
 408         /* Must have modulus bits set */
 409         if (bkey->modulus_bits == 0)
 410                 return (CKR_ARGUMENTS_BAD);
 411 
 412         /* Must have public exponent set */
 413         if (bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
 414                 return (CKR_ARGUMENTS_BAD);
 415 
 416         /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
 417         modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
 418 
 419         /* Modulus length needs to be between min key size and max key size. */
 420         if ((modulus_bytes < MIN_RSA_KEYLENGTH_IN_BYTES) ||


 462         bkey->prime2_bytes = rsakey.p.len * (int)sizeof (BIG_CHUNK_TYPE);
 463         bignum2bytestring(bkey->prime2, &(rsakey.p), bkey->prime2_bytes);
 464 
 465         bkey->expo1_bytes =
 466             rsakey.dmodqminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
 467         bignum2bytestring(bkey->expo1, &(rsakey.dmodqminus1),
 468             bkey->expo1_bytes);
 469 
 470         bkey->expo2_bytes =
 471             rsakey.dmodpminus1.len * (int)sizeof (BIG_CHUNK_TYPE);
 472         bignum2bytestring(bkey->expo2,
 473             &(rsakey.dmodpminus1), bkey->expo2_bytes);
 474 
 475         bkey->coeff_bytes =
 476             rsakey.pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE);
 477         bignum2bytestring(bkey->coeff, &(rsakey.pinvmodq), bkey->coeff_bytes);
 478 
 479 clean1:
 480         RSA_key_finish(&rsakey);
 481 


 482         return (rv);
 483 }
 484 
 485 /*
 486  * RSA encrypt operation
 487  */
 488 CK_RV
 489 rsa_encrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
 490 {
 491         CK_RV rv = CKR_OK;
 492 


 493         BIGNUM msg;
 494         RSAkey rsakey;
 495         uint32_t modulus_bytes;
 496 
 497         if (bkey == NULL)
 498                 return (CKR_ARGUMENTS_BAD);
 499 
 500         /* Must have modulus and public exponent set */
 501         if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
 502             bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
 503                 return (CKR_ARGUMENTS_BAD);
 504 
 505         /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
 506         modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
 507 
 508         if (bkey->pubexpo_bytes > modulus_bytes) {
 509                 return (CKR_KEY_SIZE_RANGE);
 510         }
 511 
 512         /* psize and qsize for RSA_key_init is in bits. */


 529         if (big_cmp_abs(&msg, &(rsakey.n)) > 0) {
 530                 rv = CKR_DATA_LEN_RANGE;
 531                 goto clean3;
 532         }
 533 
 534         /* Perform RSA computation on big integer input data. */
 535         if (big_modexp(&msg, &msg, &(rsakey.e), &(rsakey.n), NULL) !=
 536             BIG_OK) {
 537                 rv = CKR_HOST_MEMORY;
 538                 goto clean3;
 539         }
 540 
 541         /* Convert the big integer output data to octet string. */
 542         bignum2bytestring(out, &msg, modulus_bytes);
 543 
 544 clean3:
 545         big_finish(&msg);
 546 clean2:
 547         RSA_key_finish(&rsakey);
 548 


 549         return (rv);
 550 }
 551 
 552 /*
 553  * RSA decrypt operation
 554  */
 555 CK_RV
 556 rsa_decrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
 557 {
 558         CK_RV rv = CKR_OK;
 559 


 560         BIGNUM msg;
 561         RSAkey rsakey;
 562         uint32_t modulus_bytes;
 563 
 564         if (bkey == NULL)
 565                 return (CKR_ARGUMENTS_BAD);
 566 
 567         /* Must have modulus, prime1, prime2, expo1, expo2, and coeff set */
 568         if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
 569             bkey->prime1_bytes == 0 || bkey->prime1 == NULL ||
 570             bkey->prime2_bytes == 0 || bkey->prime2 == NULL ||
 571             bkey->expo1_bytes == 0 || bkey->expo1 == NULL ||
 572             bkey->expo2_bytes == 0 || bkey->expo2 == NULL ||
 573             bkey->coeff_bytes == 0 || bkey->coeff == NULL)
 574                 return (CKR_ARGUMENTS_BAD);
 575 
 576         /* Note: modulus_bits may not be same as (8 * sizeof (modulus)) */
 577         modulus_bytes = CRYPTO_BITS2BYTES(bkey->modulus_bits);
 578 
 579         /* psize and qsize for RSA_key_init is in bits. */


 614                 rv = CKR_KEY_SIZE_RANGE;
 615                 goto clean4;
 616         }
 617 
 618         /* Perform RSA computation on big integer input data. */
 619         if (big_modexp_crt(&msg, &msg, &(rsakey.dmodpminus1),
 620             &(rsakey.dmodqminus1), &(rsakey.p), &(rsakey.q),
 621             &(rsakey.pinvmodq), NULL, NULL) != BIG_OK) {
 622                 rv = CKR_HOST_MEMORY;
 623                 goto clean4;
 624         }
 625 
 626         /* Convert the big integer output data to octet string. */
 627         bignum2bytestring(out, &msg, modulus_bytes);
 628 
 629 clean4:
 630         big_finish(&msg);
 631 clean3:
 632         RSA_key_finish(&rsakey);
 633 


 634         return (rv);
 635 }