softFipsPostUtil.c revision 726fad2a65f16c200a03969c29cb5c86c2d427db
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#include <sys/sysmacros.h>
#define _SHA2_IMPL
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <stdio.h>
#include <security/cryptoki.h>
#include <cryptoutil.h>
#include "softCrypt.h"
#include "softGlobal.h"
#include "softRSA.h"
#include "softDSA.h"
#include "softOps.h"
#include "softMAC.h"
#include <fips_post.h>
#define MAX_ECKEY_LEN 72
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
* This function returns
* CKR_OK if pairwise consistency check passed
* CKR_GENERAL_ERROR if pairwise consistency check failed
* other error codes if pairwise consistency check could not be
* performed, for example, CKR_HOST_MEMORY.
*
* Key type Mechanism type
* --------------------------------
*
* CKK_DSA => CKM_DSA_SHA1
* CKK_EC => CKM_ECDSA_SHA1
* others => CKM_INVALID_MECHANISM
*
* None of these mechanisms has a parameter.
*/
{
/* Variables used for Signature/Verification functions. */
/* always uses SHA-1 digest */
unsigned char *known_digest = (unsigned char *)"OpenSolarisCommunity";
unsigned char *signature;
/* Get modulus length of private key. */
modulus, &modulus_len);
return (CKR_DEVICE_ERROR);
}
}
/*
*/
/* Check to see if key object supports signature. */
if (can_sign_verify) {
/* Determine length of signature. */
switch (keyType) {
case CKK_RSA:
break;
case CKK_DSA:
break;
case CKK_EC:
break;
default:
return (CKR_DEVICE_ERROR);
}
/* Allocate space for signature data. */
return (CKR_HOST_MEMORY);
}
/* Sign the known hash using the private key. */
return (rv);
}
return (rv);
}
/* Verify the known hash using the public key. */
return (rv);
}
/* Free signature data. */
if ((rv == CKR_SIGNATURE_LEN_RANGE) ||
(rv == CKR_SIGNATURE_INVALID)) {
return (CKR_GENERAL_ERROR);
}
return (rv);
}
}
return (CKR_OK);
}