Print this page
Raise max RSA keysize (WIP)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/common/crypto/rsa/rsa_impl.h
+++ new/usr/src/common/crypto/rsa/rsa_impl.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 */
25 25
26 26 #ifndef _RSA_IMPL_H
|
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
27 27 #define _RSA_IMPL_H
28 28
29 29 #ifdef __cplusplus
30 30 extern "C" {
31 31 #endif
32 32
33 33 #include <sys/types.h>
34 34 #include <bignum.h>
35 35
36 36 #define MIN_RSA_KEYLENGTH_IN_BYTES 32
37 -#define MAX_RSA_KEYLENGTH_IN_BYTES 512
37 +#define MAX_RSA_KEYLENGTH_IN_BYTES 2048
38 38 #define RSA_MIN_KEY_LEN 256 /* RSA min key length in bits */
39 -#define RSA_MAX_KEY_LEN 4096 /* RSA max key length in bits */
39 +#define RSA_MAX_KEY_LEN 16384 /* RSA max key length in bits */
40 40
41 41 #ifdef _KERNEL
42 42
43 43 #include <sys/sunddi.h>
44 44 #include <sys/crypto/common.h>
45 45
46 46 #define CK_BYTE uchar_t
47 47 #define CK_ULONG ulong_t
48 48 #define CK_RV int
49 49
50 50 #define CKR_OK CRYPTO_SUCCESS
51 51 #define CKR_ARGUMENTS_BAD CRYPTO_ARGUMENTS_BAD
52 52 #define CKR_DATA_LEN_RANGE CRYPTO_DATA_LEN_RANGE
53 53 #define CKR_DEVICE_ERROR CRYPTO_DEVICE_ERROR
54 54 #define CKR_GENERAL_ERROR CRYPTO_GENERAL_ERROR
55 55 #define CKR_HOST_MEMORY CRYPTO_HOST_MEMORY
56 56 #define CKR_KEY_SIZE_RANGE CRYPTO_KEY_SIZE_RANGE
57 57
58 58 int random_get_bytes(uint8_t *ran_out, size_t ran_len);
59 59 int random_get_pseudo_bytes(uint8_t *ran_out, size_t ran_len);
60 60
61 61 #else
62 62
63 63 #include <security/cryptoki.h>
64 64 #include <security/pkcs11t.h>
65 65
66 66 #endif /* _KERNEL */
67 67
68 68 #define MD5_DER_PREFIX_Len 18
69 69 #define SHA1_DER_PREFIX_Len 15
70 70 #define SHA1_DER_PREFIX_OID_Len 13
71 71 #define SHA2_DER_PREFIX_Len 19
72 72 #define DEFAULT_PUB_EXPO_Len 3
73 73
74 74 extern const CK_BYTE MD5_DER_PREFIX[MD5_DER_PREFIX_Len];
75 75 extern const CK_BYTE SHA1_DER_PREFIX[SHA1_DER_PREFIX_Len];
76 76 extern const CK_BYTE SHA1_DER_PREFIX_OID[SHA1_DER_PREFIX_OID_Len];
77 77 extern const CK_BYTE SHA256_DER_PREFIX[SHA2_DER_PREFIX_Len];
78 78 extern const CK_BYTE SHA384_DER_PREFIX[SHA2_DER_PREFIX_Len];
79 79 extern const CK_BYTE SHA512_DER_PREFIX[SHA2_DER_PREFIX_Len];
80 80 extern const CK_BYTE DEFAULT_PUB_EXPO[DEFAULT_PUB_EXPO_Len];
81 81
82 82
83 83 /* RSA key using BIGNUM representations */
84 84 typedef struct {
85 85 int size; /* key size in bits */
86 86 BIGNUM p; /* p */
87 87 BIGNUM q; /* q */
88 88 BIGNUM n; /* n = p * q (the modulus) */
89 89 BIGNUM d; /* private exponent */
90 90 BIGNUM e; /* public exponent */
91 91 BIGNUM dmodpminus1; /* d mod (p - 1) (exponent 1) */
92 92 BIGNUM dmodqminus1; /* d mod (q - 1) (exponent 2) */
93 93 BIGNUM pinvmodq; /* p^(-1) mod q (the coefficient) */
94 94 BIGNUM p_rr; /* 2^(2*(32*p->len)) mod p */
95 95 BIGNUM q_rr; /* 2^(2*(32*q->len)) mod q */
96 96 BIGNUM n_rr; /* 2^(2*(32*n->len)) mod n */
97 97 } RSAkey;
98 98
99 99 /* RSA key using byte string representations, useful for parameter lists */
100 100 typedef struct {
101 101 uint32_t modulus_bits; /* size */
102 102 uchar_t *modulus; /* n */
103 103 uint32_t privexpo_bytes;
104 104 uchar_t *privexpo; /* d */
105 105 uint32_t pubexpo_bytes;
106 106 uchar_t *pubexpo; /* e */
107 107 uint32_t prime1_bytes;
108 108 uchar_t *prime1; /* p */
109 109 uint32_t prime2_bytes;
110 110 uchar_t *prime2; /* q */
111 111 uint32_t expo1_bytes;
112 112 uchar_t *expo1; /* = d mod (p - 1) */
113 113 uint32_t expo2_bytes;
114 114 uchar_t *expo2; /* = d mod (q - 1) */
115 115 uint32_t coeff_bytes; /* = q bytes, .... or = p bytes */
116 116 uchar_t *coeff; /* = p^(-1) mod q, or = q^(-1) mod p */
117 117 int (*rfunc)(void *, size_t); /* random function */
118 118 } RSAbytekey;
119 119
120 120
121 121 CK_RV rsa_genkey_pair(RSAbytekey *bkey);
122 122
123 123 CK_RV rsa_encrypt(RSAbytekey *bkey,
124 124 uchar_t *msg, uint32_t msglen, uchar_t *encrmsg);
125 125
126 126 CK_RV rsa_decrypt(RSAbytekey *bkey,
127 127 uchar_t *encrmsg, uint32_t encrmsglen, uchar_t *msg);
128 128
129 129 #define rsa_sign(key, msg, len, sig) rsa_decrypt((key), (msg), (len), (sig))
130 130 #define rsa_verify(key, msg, len, sig) rsa_encrypt((key), (msg), (len), (sig))
131 131
132 132 #ifdef __cplusplus
133 133 }
134 134 #endif
135 135
136 136 #endif /* _RSA_IMPL_H */
|
↓ open down ↓ |
87 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX