crypto/rsa/rsa_impl.c

	rsa_impl.c revision b60f2a0b921611326383e4789e0874e9e8a2e708
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/*
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * CDDL HEADER START
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * The contents of this file are subject to the terms of the
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * Common Development and Distribution License (the "License").
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * You may not use this file except in compliance with the License.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * or http://www.opensolaris.org/os/licensing.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * See the License for the specific language governing permissions
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * and limitations under the License.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * When distributing Covered Code, include this CDDL HEADER in each
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * If applicable, add the following below this CDDL HEADER, with the
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * fields enclosed by brackets "[]" replaced with your own identifying
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * information: Portions Copyright [yyyy] [name of copyright owner]
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * CDDL HEADER END
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/*
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * Use is subject to license terms.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#pragma ident   "%Z%%M% %I% %E% SMI"
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/*
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * This file contains RSA helper routines common to
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * the PKCS11 soft token code and the kernel RSA code.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#include <sys/types.h>
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#include "rsa_impl.h"
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#ifdef _KERNEL
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#include <sys/param.h>
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#else
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#include <strings.h>
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#include "softRandom.h"
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#endif
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/*
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * DER encoding T of the DigestInfo values for MD5, SHA1, and SHA2
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * from PKCS#1 v2.1: RSA Cryptography Standard Section 9.2 Note 1
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * MD5:     (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 || H
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * SHA-1:   (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * SHA-384: (0x)30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 30 || H.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * SHA-512: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40 || H.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * Where H is the digested output from MD5 or SHA1. We define the constant
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * byte array (the prefix) here and use it rather than doing the DER
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * encoding of the OID in a separate routine.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeconst CK_BYTE MD5_DER_PREFIX[MD5_DER_PREFIX_Len] = {0x30, 0x20, 0x30, 0x0c,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x04, 0x10};
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeconst CK_BYTE SHA1_DER_PREFIX[SHA1_DER_PREFIX_Len] = {0x30, 0x21, 0x30,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeconst CK_BYTE SHA1_DER_PREFIX_OID[SHA1_DER_PREFIX_OID_Len] = {0x30, 0x1f, 0x30,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14};
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeconst CK_BYTE SHA256_DER_PREFIX[SHA2_DER_PREFIX_Len] = {0x30, 0x31, 0x30, 0x0d,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x00, 0x04, 0x20};
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeconst CK_BYTE SHA384_DER_PREFIX[SHA2_DER_PREFIX_Len] = {0x30, 0x41, 0x30, 0x0d,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x00, 0x04, 0x30};
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeconst CK_BYTE SHA512_DER_PREFIX[SHA2_DER_PREFIX_Len] = {0x30, 0x51, 0x30, 0x0d,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    0x00, 0x04, 0x40};
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/* psize and qsize are in bits */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeBIG_ERR_CODE
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeRSA_key_init(RSAkey *key, int psize, int qsize)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee{
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    BIG_ERR_CODE err = BIG_OK;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/* EXPORT DELETE START */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    int plen, qlen, nlen;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    plen = BITLEN2BIGNUMLEN(psize);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    qlen = BITLEN2BIGNUMLEN(qsize);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    nlen = plen + qlen;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    key->size = psize + qsize;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->p), plen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        return (err);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->q), qlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret1;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->n), nlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret2;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->d), nlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret3;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->e), nlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret4;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->dmodpminus1), plen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret5;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->dmodqminus1), qlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret6;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->pinvmodq), qlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret7;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->p_rr), plen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret8;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->q_rr), qlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret9;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if ((err = big_init(&(key->n_rr), nlen)) != BIG_OK)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        goto ret10;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    return (BIG_OK);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret10:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->q_rr));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret9:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->p_rr));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret8:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->pinvmodq));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret7:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->dmodqminus1));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret6:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->dmodpminus1));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret5:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->e));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret4:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->d));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret3:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->n));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret2:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->q));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeret1:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->p));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/* EXPORT DELETE END */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    return (err);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee}
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeevoid
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeRSA_key_finish(RSAkey *key)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee{
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/* EXPORT DELETE START */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->n_rr));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->q_rr));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->p_rr));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->pinvmodq));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->dmodqminus1));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->dmodpminus1));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->e));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->d));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->n));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->q));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    big_finish(&(key->p));
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/* EXPORT DELETE END */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee}
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/*
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * To create a block type "02" encryption block for RSA PKCS encryption
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * process.
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * The RSA PKCS Padding before encryption is in the following format:
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * +------+--------------------+----+-----------------------------+
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * |0x0002| 8 bytes or more RN |0x00|       DATA                  |
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee * +------+--------------------+----+-----------------------------+
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee *
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeeCK_RV
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomeesoft_encrypt_rsa_pkcs_encode(uint8_t *databuf,
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    size_t datalen, uint8_t *padbuf, size_t padbuflen)
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee{
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee/* EXPORT DELETE START */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    size_t  padlen;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    CK_RV   rv;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    padlen = padbuflen - datalen;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if (padlen < MIN_PKCS1_PADLEN) {
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        return (CKR_DATA_LEN_RANGE);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    }
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    /* Pad with 0x0002+non-zero pseudorandom numbers+0x00. */
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    padbuf[0] = 0x00;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    padbuf[1] = 0x02;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#ifdef _KERNEL
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    rv = knzero_random_generator(padbuf + 2, padbuflen - 3);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#else
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    rv = soft_nzero_random_generator(padbuf + 2, padbuflen - 3);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee#endif
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    if (rv != CKR_OK) {
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee        return (rv);
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    }
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    padbuf[padlen - 1] = 0x00;
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee
fb3fb4f3d76d55b64440afd0af72775dfad3bd1dtomee    bcopy(databuf, padbuf + padlen, datalen);

/* EXPORT DELETE END */

    return (CKR_OK);
}


/*
 * The RSA PKCS Padding after decryption is in the following format:
 * +------+--------------------+----+-----------------------------+
 * |0x0002| 8 bytes or more RN |0x00|       DATA                  |
 * +------+--------------------+----+-----------------------------+
 *
 * 'padbuf' points to the recovered message which is the modulus
 * length. As a result, 'plen' is changed to hold the actual data length.
 */
CK_RV
soft_decrypt_rsa_pkcs_decode(uint8_t *padbuf, int *plen)
{

/* EXPORT DELETE START */

    int i;

    /* Check to see if the recovered data is padded is 0x0002. */
    if (padbuf[0] != 0x00 || padbuf[1] != 0x02) {
        return (CKR_ENCRYPTED_DATA_INVALID);
    }

    /* Remove all the random bits up to 0x00 (= NULL char) */
    for (i = 2; (*plen - i) > 0; i++) {
        if (padbuf[i] == 0x00) {
            i++;
            if (i < MIN_PKCS1_PADLEN) {
                return (CKR_ENCRYPTED_DATA_INVALID);
            }
            *plen -= i;

            return (CKR_OK);
        }
    }

/* EXPORT DELETE END */

    return (CKR_ENCRYPTED_DATA_INVALID);
}

/*
 * To create a block type "01" block for RSA PKCS signature process.
 *
 * The RSA PKCS Padding before Signing is in the following format:
 * +------+--------------+----+-----------------------------+
 * |0x0001| 0xFFFF.......|0x00|          DATA               |
 * +------+--------------+----+-----------------------------+
 */
CK_RV
soft_sign_rsa_pkcs_encode(uint8_t *pData, size_t dataLen, uint8_t *data,
    size_t mbit_l)
{

/* EXPORT DELETE START */

    size_t  padlen;

    padlen = mbit_l - dataLen;
    if (padlen < MIN_PKCS1_PADLEN) {
        return (CKR_DATA_LEN_RANGE);
    }

    padlen -= 3;
    data[0] = 0x00;
    data[1] = 0x01;
#ifdef _KERNEL
    kmemset(data + 2, 0xFF, padlen);
#else
    (void) memset(data + 2, 0xFF, padlen);
#endif
    data[padlen + 2] = 0x00;
    bcopy(pData, data + padlen + 3, dataLen);

/* EXPORT DELETE END */

    return (CKR_OK);
}


CK_RV
soft_verify_rsa_pkcs_decode(uint8_t *data, int *mbit_l)
{

/* EXPORT DELETE START */

    int i;

    /* Check to see if the padding of recovered data starts with 0x0001. */
    if ((data[0] != 0x00) || (data[1] != 0x01)) {
        return (CKR_SIGNATURE_INVALID);
    }
    /* Check to see if the recovered data is padded with 0xFFF...00. */
    for (i = 2; i < *mbit_l; i++) {
        if (data[i] == 0x00) {
            i++;
            if (i < MIN_PKCS1_PADLEN) {
                return (CKR_SIGNATURE_INVALID);
            }
            *mbit_l -= i;

            return (CKR_OK);
        } else if (data[i] != 0xFF) {
            return (CKR_SIGNATURE_INVALID);
        }
    }

/* EXPORT DELETE END */

    return (CKR_SIGNATURE_INVALID);
}