Print this page
first pass

Split Close
Expand all
Collapse all
          --- old/usr/src/common/crypto/rsa/rsa_impl.c
          +++ new/usr/src/common/crypto/rsa/rsa_impl.c
↓ open down ↓ 101 lines elided ↑ open up ↑
 102  102                  return (CKR_GENERAL_ERROR);
 103  103          }
 104  104  }
 105  105  
 106  106  /* psize and qsize are in bits */
 107  107  static BIG_ERR_CODE
 108  108  RSA_key_init(RSAkey *key, int psize, int qsize)
 109  109  {
 110  110          BIG_ERR_CODE err = BIG_OK;
 111  111  
 112      -/* EXPORT DELETE START */
 113      -
 114  112          int plen, qlen, nlen;
 115  113  
 116  114          plen = BITLEN2BIGNUMLEN(psize);
 117  115          qlen = BITLEN2BIGNUMLEN(qsize);
 118  116          nlen = plen + qlen;
 119  117          key->size = psize + qsize;
 120  118          if ((err = big_init(&(key->p), plen)) != BIG_OK)
 121  119                  return (err);
 122  120          if ((err = big_init(&(key->q), qlen)) != BIG_OK)
 123  121                  goto ret1;
↓ open down ↓ 32 lines elided ↑ open up ↑
 156  154          big_finish(&(key->e));
 157  155  ret4:
 158  156          big_finish(&(key->d));
 159  157  ret3:
 160  158          big_finish(&(key->n));
 161  159  ret2:
 162  160          big_finish(&(key->q));
 163  161  ret1:
 164  162          big_finish(&(key->p));
 165  163  
 166      -/* EXPORT DELETE END */
 167      -
 168  164          return (err);
 169  165  }
 170  166  
 171  167  static void
 172  168  RSA_key_finish(RSAkey *key)
 173  169  {
 174      -
 175      -/* EXPORT DELETE START */
 176      -
 177  170          big_finish(&(key->n_rr));
 178  171          big_finish(&(key->q_rr));
 179  172          big_finish(&(key->p_rr));
 180  173          big_finish(&(key->pinvmodq));
 181  174          big_finish(&(key->dmodqminus1));
 182  175          big_finish(&(key->dmodpminus1));
 183  176          big_finish(&(key->e));
 184  177          big_finish(&(key->d));
 185  178          big_finish(&(key->n));
 186  179          big_finish(&(key->q));
 187  180          big_finish(&(key->p));
 188      -
 189      -/* EXPORT DELETE END */
 190      -
 191  181  }
 192  182  
 193  183  /*
 194  184   * Generate RSA key
 195  185   */
 196  186  static CK_RV
 197  187  generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM *pubexp,
 198  188      int (*rfunc)(void *, size_t))
 199  189  {
 200  190          CK_RV           rv = CKR_OK;
 201  191  
 202      -/* EXPORT DELETE START */
 203      -
 204  192          int             (*rf)(void *, size_t);
 205  193          BIGNUM          a, b, c, d, e, f, g, h;
 206  194          int             len, keylen, size;
 207  195          BIG_ERR_CODE    brv = BIG_OK;
 208  196  
 209  197          size = psize + qsize;
 210  198          keylen = BITLEN2BIGNUMLEN(size);
 211  199          len = keylen * 2 + 1;
 212  200          key->size = size;
 213  201  
↓ open down ↓ 158 lines elided ↑ open up ↑
 372  360  ret1:
 373  361          big_finish(&h);
 374  362          big_finish(&g);
 375  363          big_finish(&f);
 376  364          big_finish(&e);
 377  365          big_finish(&d);
 378  366          big_finish(&c);
 379  367          big_finish(&b);
 380  368          big_finish(&a);
 381  369  
 382      -/* EXPORT DELETE END */
 383      -
 384  370          return (rv);
 385  371  }
 386  372  
 387  373  CK_RV
 388  374  rsa_genkey_pair(RSAbytekey *bkey)
 389  375  {
 390  376          /*
 391  377           * NOTE:  Whomever originally wrote this function swapped p and q.
 392  378           * This table shows the mapping between name convention used here
 393  379           * versus what is used in most texts that describe RSA key generation.
↓ open down ↓ 11 lines elided ↑ open up ↑
 405  391           * Also notice the struct member for coefficient is named .pinvmodq
 406  392           * rather than .qinvmodp, reflecting the switch.
 407  393           *
 408  394           * The code here wasn't unswapped, because "it works".  Further,
 409  395           * p and q are interchangeable as long as exponent 1 and 2 and
 410  396           * the coefficient are kept straight too.  This note is here to
 411  397           * make the reader aware of the switcheroo.
 412  398           */
 413  399          CK_RV   rv = CKR_OK;
 414  400  
 415      -/* EXPORT DELETE START */
 416      -
 417  401          BIGNUM  public_exponent = {0};
 418  402          RSAkey  rsakey;
 419  403          uint32_t modulus_bytes;
 420  404  
 421  405          if (bkey == NULL)
 422  406                  return (CKR_ARGUMENTS_BAD);
 423  407  
 424  408          /* Must have modulus bits set */
 425  409          if (bkey->modulus_bits == 0)
 426  410                  return (CKR_ARGUMENTS_BAD);
↓ open down ↓ 61 lines elided ↑ open up ↑
 488  472          bignum2bytestring(bkey->expo2,
 489  473              &(rsakey.dmodpminus1), bkey->expo2_bytes);
 490  474  
 491  475          bkey->coeff_bytes =
 492  476              rsakey.pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE);
 493  477          bignum2bytestring(bkey->coeff, &(rsakey.pinvmodq), bkey->coeff_bytes);
 494  478  
 495  479  clean1:
 496  480          RSA_key_finish(&rsakey);
 497  481  
 498      -/* EXPORT DELETE END */
 499      -
 500  482          return (rv);
 501  483  }
 502  484  
 503  485  /*
 504  486   * RSA encrypt operation
 505  487   */
 506  488  CK_RV
 507  489  rsa_encrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
 508  490  {
 509  491          CK_RV rv = CKR_OK;
 510  492  
 511      -/* EXPORT DELETE START */
 512      -
 513  493          BIGNUM msg;
 514  494          RSAkey rsakey;
 515  495          uint32_t modulus_bytes;
 516  496  
 517  497          if (bkey == NULL)
 518  498                  return (CKR_ARGUMENTS_BAD);
 519  499  
 520  500          /* Must have modulus and public exponent set */
 521  501          if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
 522  502              bkey->pubexpo_bytes == 0 || bkey->pubexpo == NULL)
↓ open down ↓ 36 lines elided ↑ open up ↑
 559  539          }
 560  540  
 561  541          /* Convert the big integer output data to octet string. */
 562  542          bignum2bytestring(out, &msg, modulus_bytes);
 563  543  
 564  544  clean3:
 565  545          big_finish(&msg);
 566  546  clean2:
 567  547          RSA_key_finish(&rsakey);
 568  548  
 569      -/* EXPORT DELETE END */
 570      -
 571  549          return (rv);
 572  550  }
 573  551  
 574  552  /*
 575  553   * RSA decrypt operation
 576  554   */
 577  555  CK_RV
 578  556  rsa_decrypt(RSAbytekey *bkey, uchar_t *in, uint32_t in_len, uchar_t *out)
 579  557  {
 580  558          CK_RV rv = CKR_OK;
 581  559  
 582      -/* EXPORT DELETE START */
 583      -
 584  560          BIGNUM msg;
 585  561          RSAkey rsakey;
 586  562          uint32_t modulus_bytes;
 587  563  
 588  564          if (bkey == NULL)
 589  565                  return (CKR_ARGUMENTS_BAD);
 590  566  
 591  567          /* Must have modulus, prime1, prime2, expo1, expo2, and coeff set */
 592  568          if (bkey->modulus_bits == 0 || bkey->modulus == NULL ||
 593  569              bkey->prime1_bytes == 0 || bkey->prime1 == NULL ||
↓ open down ↓ 54 lines elided ↑ open up ↑
 648  624          }
 649  625  
 650  626          /* Convert the big integer output data to octet string. */
 651  627          bignum2bytestring(out, &msg, modulus_bytes);
 652  628  
 653  629  clean4:
 654  630          big_finish(&msg);
 655  631  clean3:
 656  632          RSA_key_finish(&rsakey);
 657  633  
 658      -/* EXPORT DELETE END */
 659      -
 660  634          return (rv);
 661  635  }
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX