Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 8b7080b0 编写于 作者: M Matt Caswell
浏览文件
操作

Remove Obsolete engines 

There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.
Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 f51e5ed6
隐藏空白更改
内联 并排
Showing with 9 addition and 7785 deletion
CHANGES
浏览文件 @ 8b7080b0
......@@ -4,6 +4,9 @@
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
*) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron and sureware.
[Matt Caswell]
*) New ASN.1 embed macro.
New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the
......
crypto/engine/eng_all.c
浏览文件 @ 8b7080b0
......@@ -73,29 +73,11 @@ void ENGINE_load_builtin_engines(void)
ENGINE_load_dynamic();
#ifndef OPENSSL_NO_STATIC_ENGINE
# ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_4758_CCA
ENGINE_load_4758cca();
# endif
/*-
* These engines have been disabled as they do not currently build
#ifndef OPENSSL_NO_HW_AEP
ENGINE_load_aep();
#endif
#ifndef OPENSSL_NO_HW_ATALLA
ENGINE_load_atalla();
#endif
#ifndef OPENSSL_NO_HW_CSWIFT
ENGINE_load_cswift();
#endif
#ifndef OPENSSL_NO_HW_NCIPHER
ENGINE_load_chil();
#endif
#ifndef OPENSSL_NO_HW_NURON
ENGINE_load_nuron();
#endif
#ifndef OPENSSL_NO_HW_SUREWARE
ENGINE_load_sureware();
#endif
#ifndef OPENSSL_NO_HW_UBSEC
ENGINE_load_ubsec();
#endif
......
doc/crypto/engine.pod
浏览文件 @ 8b7080b0
......@@ -24,14 +24,8 @@ engine - ENGINE cryptographic module support
void ENGINE_load_openssl(void);
void ENGINE_load_dynamic(void);
#ifndef OPENSSL_NO_STATIC_ENGINE
void ENGINE_load_4758cca(void);
void ENGINE_load_aep(void);
void ENGINE_load_atalla(void);
void ENGINE_load_chil(void);
void ENGINE_load_cswift(void);
void ENGINE_load_gmp(void);
void ENGINE_load_nuron(void);
void ENGINE_load_sureware(void);
void ENGINE_load_ubsec(void);
#endif
void ENGINE_load_cryptodev(void);
......
engines/Makefile
浏览文件 @ 8b7080b0
......@@ -3,7 +3,7 @@
#
#The following engines have been disabled as they currently do not build
# aep atalla cswift chil nuron sureware ubsec
# sureware ubsec
DIR= engines
TOP= ..
......@@ -31,13 +31,11 @@ AFLAGS= $(ASFLAGS)
GENERAL=Makefile engines.com install.com engine_vector.mar
LIB=$(TOP)/libcrypto.a
LIBNAMES= 4758cca gmp padlock capi
LIBSRC= e_4758cca.c \
e_gmp.c \
LIBNAMES= gmp padlock capi
LIBSRC= e_gmp.c \
e_padlock.c \
e_capi.c
LIBOBJ= e_4758cca.o \
e_gmp.o \
LIBOBJ= e_gmp.o \
e_padlock.o \
e_capi.o \
$(ENGINES_ASM_OBJ)
......@@ -48,11 +46,8 @@ TESTLIBOBJ= e_ossltest.o
SRC= $(LIBSRC)
HEADER= e_4758cca_err.c e_4758cca_err.h \
e_gmp_err.c e_gmp_err.h \
HEADER= e_gmp_err.c e_gmp_err.h \
e_chil_err.c e_chil_err.h \
e_nuron_err.c e_nuron_err.h \
e_sureware_err.c e_sureware_err.h \
e_ubsec_err.c e_ubsec_err.h \
e_capi_err.c e_capi_err.h \
e_ossltest_err.c e_ossltest_err.h
......@@ -159,22 +154,6 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h
e_4758cca.o: vendor_defns/hw_4758_cca.h
e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_capi.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
e_capi.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
......
engines/e_4758cca.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* Author: Maurice Gittens <maurice@gittens.nl> */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_4758_CCA
# ifdef FLAT_INC
# include "hw_4758_cca.h"
# else
# include "vendor_defns/hw_4758_cca.h"
# endif
# include "e_4758cca_err.c"
static int ibm_4758_cca_destroy(ENGINE *e);
static int ibm_4758_cca_init(ENGINE *e);
static int ibm_4758_cca_finish(ENGINE *e);
static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void));
/* rsa functions */
/* -------------*/
# ifndef OPENSSL_NO_RSA
static int cca_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa);
static int cca_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa);
/* utility functions */
/* ---------------------*/
static EVP_PKEY *ibm_4758_load_privkey(ENGINE *, const char *,
UI_METHOD *ui_method,
void *callback_data);
static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *, const char *,
UI_METHOD *ui_method,
void *callback_data);
static int getModulusAndExponent(const unsigned char *token,
long *exponentLength,
unsigned char *exponent, long *modulusLength,
long *modulusFieldLength,
unsigned char *modulus);
# endif
/* RAND number functions */
/* ---------------------*/
static int cca_get_random_bytes(unsigned char *, int);
static int cca_random_status(void);
# ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
# endif
/* Function pointers for CCA verbs */
/* -------------------------------*/
# ifndef OPENSSL_NO_RSA
static F_KEYRECORDREAD keyRecordRead;
static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
static F_PUBLICKEYEXTRACT publicKeyExtract;
static F_PKAENCRYPT pkaEncrypt;
static F_PKADECRYPT pkaDecrypt;
# endif
static F_RANDOMNUMBERGENERATE randomNumberGenerate;
/* static variables */
/* ----------------*/
static const char *CCA4758_LIB_NAME = NULL;
static const char *get_CCA4758_LIB_NAME(void)
{
if (CCA4758_LIB_NAME)
return CCA4758_LIB_NAME;
return CCA_LIB_NAME;
}
static void free_CCA4758_LIB_NAME(void)
{
if (CCA4758_LIB_NAME)
OPENSSL_free((void *)CCA4758_LIB_NAME);
CCA4758_LIB_NAME = NULL;
}
static long set_CCA4758_LIB_NAME(const char *name)
{
free_CCA4758_LIB_NAME();
return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
# ifndef OPENSSL_NO_RSA
static const char *n_keyRecordRead = CSNDKRR;
static const char *n_digitalSignatureGenerate = CSNDDSG;
static const char *n_digitalSignatureVerify = CSNDDSV;
static const char *n_publicKeyExtract = CSNDPKX;
static const char *n_pkaEncrypt = CSNDPKE;
static const char *n_pkaDecrypt = CSNDPKD;
# endif
static const char *n_randomNumberGenerate = CSNBRNG;
# ifndef OPENSSL_NO_RSA
static int hndidx = -1;
# endif
static DSO *dso = NULL;
/* openssl engine initialization structures */
/* ----------------------------------------*/
# define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
{CCA4758_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the '4758cca' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
static RSA_METHOD ibm_4758_cca_rsa = {
"IBM 4758 CCA RSA method",
cca_rsa_pub_enc,
NULL,
NULL,
cca_rsa_priv_dec,
NULL, /* rsa_mod_exp, */
NULL, /* mod_exp_mont, */
NULL, /* init */
NULL, /* finish */
RSA_FLAG_SIGN_VER, /* flags */
NULL, /* app_data */
cca_rsa_sign, /* rsa_sign */
cca_rsa_verify, /* rsa_verify */
NULL /* rsa_keygen */
};
# endif
static RAND_METHOD ibm_4758_cca_rand = {
/* "IBM 4758 RAND method", */
NULL, /* seed */
cca_get_random_bytes, /* get random bytes from the card */
NULL, /* cleanup */
NULL, /* add */
cca_get_random_bytes, /* pseudo rand */
cca_random_status, /* status */
};
static const char *engine_4758_cca_id = "4758cca";
static const char *engine_4758_cca_name =
"IBM 4758 CCA hardware engine support";
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Compatibility hack, the dynamic library uses this form in the path */
static const char *engine_4758_cca_id_alt = "4758_cca";
# endif
/* engine implementation */
/* ---------------------*/
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_4758_cca_id) ||
!ENGINE_set_name(e, engine_4758_cca_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
# endif
!ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
!ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
!ENGINE_set_init_function(e, ibm_4758_cca_init) ||
!ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
!ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
!ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
# endif
!ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
return 0;
/* Ensure the error handling is set up */
ERR_load_CCA4758_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_4758_cca(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_4758cca(void)
{
ENGINE *e_4758 = engine_4758_cca();
if (!e_4758)
return;
ENGINE_add(e_4758);
ENGINE_free(e_4758);
ERR_clear_error();
}
# endif
static int ibm_4758_cca_destroy(ENGINE *e)
{
ERR_unload_CCA4758_strings();
free_CCA4758_LIB_NAME();
return 1;
}
static int ibm_4758_cca_init(ENGINE *e)
{
if (dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED);
goto err;
}
dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
if (!dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
#define BINDIT(t, name) (t)DSO_bind_func(dso, name)
# ifndef OPENSSL_NO_RSA
if ((keyRecordRead = BINDIT(F_KEYRECORDREAD, n_keyRecordRead)) == NULL
|| (randomNumberGenerate = BINDIT(F_RANDOMNUMBERGENERATE, n_randomNumberGenerate)) == NULL
|| (digitalSignatureGenerate = BINDIT(F_DIGITALSIGNATUREGENERATE, n_digitalSignatureGenerate)) == NULL
|| (digitalSignatureVerify = BINDIT(F_DIGITALSIGNATUREVERIFY, n_digitalSignatureVerify)) == NULL
|| (publicKeyExtract = BINDIT(F_PUBLICKEYEXTRACT, n_publicKeyExtract)) == NULL
|| (pkaEncrypt = BINDIT(F_PKAENCRYPT, n_pkaEncrypt)) == NULL
|| (pkaDecrypt = BINDIT(F_PKADECRYPT, n_pkaDecrypt)) == NULL)
{
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# else
if ((randomNumberGenerate = BINDIT(F_RANDOMNUMBERGENERATE, n_randomNumberGenerate)) == NULL) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# endif
# ifndef OPENSSL_NO_RSA
hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
NULL, NULL, cca_ex_free);
# endif
return 1;
err:
DSO_free(dso);
dso = NULL;
# ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD) 0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT) 0;
pkaDecrypt = (F_PKADECRYPT) 0;
# endif
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
return 0;
}
static int ibm_4758_cca_finish(ENGINE *e)
{
free_CCA4758_LIB_NAME();
if (!dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED);
return 0;
}
if (!DSO_free(dso)) {
CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_UNIT_FAILURE);
return 0;
}
dso = NULL;
# ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD) 0;
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT) 0;
pkaDecrypt = (F_PKADECRYPT) 0;
# endif
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
return 1;
}
static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void))
{
int initialised = ((dso == NULL) ? 0 : 1);
switch (cmd) {
case CCA4758_CMD_SO_PATH:
if (p == NULL) {
CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, CCA4758_R_ALREADY_LOADED);
return 0;
}
return set_CCA4758_LIB_NAME((const char *)p);
default:
break;
}
CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
CCA4758_R_COMMAND_NOT_IMPLEMENTED);
return 0;
}
# ifndef OPENSSL_NO_RSA
# define MAX_CCA_PKA_TOKEN_SIZE 2500
static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data)
{
RSA *rtmp = NULL;
EVP_PKEY *res = NULL;
unsigned char *keyToken = NULL;
unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
long returnCode;
long reasonCode;
long exitDataLength = 0;
long ruleArrayLength = 0;
unsigned char exitData[8];
unsigned char ruleArray[8];
unsigned char keyLabel[64];
unsigned long keyLabelLength = strlen(key_id);
unsigned char modulus[256];
long modulusFieldLength = sizeof(modulus);
long modulusLength = 0;
unsigned char exponent[256];
long exponentLength = sizeof(exponent);
if (keyLabelLength > sizeof(keyLabel)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return NULL;
}
memset(keyLabel, ' ', sizeof(keyLabel));
memcpy(keyLabel, key_id, keyLabelLength);
keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
if (!keyToken) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray, keyLabel,
&keyTokenLength, keyToken + sizeof(long));
if (returnCode) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
keyToken + sizeof(long), &pubKeyTokenLength,
pubKeyToken);
if (returnCode) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
if (!getModulusAndExponent(pubKeyToken, &exponentLength,
exponent, &modulusLength, &modulusFieldLength,
modulus)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
rtmp->flags |= RSA_FLAG_EXT_PKEY;
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
return res;
err:
OPENSSL_free(keyToken);
return NULL;
}
static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data)
{
RSA *rtmp = NULL;
EVP_PKEY *res = NULL;
unsigned char *keyToken = NULL;
long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
long returnCode;
long reasonCode;
long exitDataLength = 0;
long ruleArrayLength = 0;
unsigned char exitData[8];
unsigned char ruleArray[8];
unsigned char keyLabel[64];
unsigned long keyLabelLength = strlen(key_id);
unsigned char modulus[512];
long modulusFieldLength = sizeof(modulus);
long modulusLength = 0;
unsigned char exponent[512];
long exponentLength = sizeof(exponent);
if (keyLabelLength > sizeof(keyLabel)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return NULL;
}
memset(keyLabel, ' ', sizeof(keyLabel));
memcpy(keyLabel, key_id, keyLabelLength);
keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
if (!keyToken) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
keyToken + sizeof(long));
if (returnCode) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength,
exponent, &modulusLength, &modulusFieldLength,
modulus)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
goto err;
}
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
rtmp->flags |= RSA_FLAG_EXT_PKEY;
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
return res;
err:
OPENSSL_free(keyToken);
return NULL;
}
static int cca_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
long returnCode;
long reasonCode;
long lflen = flen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.2";
long dataStructureLength = 0;
unsigned char dataStructure[8];
long outputLength = RSA_size(rsa);
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
&dataStructureLength, dataStructure, &keyTokenLength,
keyToken, &outputLength, to);
if (returnCode || reasonCode)
return -(returnCode << 16 | reasonCode);
return outputLength;
}
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
long returnCode;
long reasonCode;
long lflen = flen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.2";
long dataStructureLength = 0;
unsigned char dataStructure[8];
long outputLength = RSA_size(rsa);
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
&dataStructureLength, dataStructure, &keyTokenLength,
keyToken, &outputLength, to);
return (returnCode | reasonCode) ? 0 : 1;
}
# define SSL_SIG_LEN 36
static int cca_rsa_verify(int type, const unsigned char *m,
unsigned int m_len, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa)
{
long returnCode;
long reasonCode;
long lsiglen = siglen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.1";
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
long length = SSL_SIG_LEN;
long keyLength;
unsigned char *hashBuffer = NULL;
X509_SIG sig;
ASN1_TYPE parameter;
X509_ALGOR algorithm;
ASN1_OCTET_STRING digest;
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
if (type == NID_md5 || type == NID_sha1) {
sig.algor = &algorithm;
algorithm.algorithm = OBJ_nid2obj(type);
if (!algorithm.algorithm) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
if (!OBJ_length(algorithm.algorithm)) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
algorithm.parameter = &parameter;
sig.digest = &digest;
sig.digest->data = (unsigned char *)m;
sig.digest->length = m_len;
length = i2d_X509_SIG(&sig, NULL);
}
keyLength = RSA_size(rsa);
if (length - RSA_PKCS1_PADDING > keyLength) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
switch (type) {
case NID_md5_sha1:
if (m_len != SSL_SIG_LEN) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
hashBuffer = (unsigned char *)m;
length = m_len;
break;
case NID_md5:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
case NID_sha1:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
default:
return 0;
}
digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray,
&keyTokenLength, keyToken, &length, hashBuffer,
&lsiglen, (unsigned char *)sigbuf);
if (type == NID_sha1 || type == NID_md5)
OPENSSL_clear_free(hashBuffer, keyLength + 1);
return ((returnCode || reasonCode) ? 0 : 1);
}
# define SSL_SIG_LEN 36
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa)
{
long returnCode;
long reasonCode;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.1";
long outputLength = 256;
long outputBitLength;
long keyTokenLength;
unsigned char *hashBuffer = NULL;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
long length = SSL_SIG_LEN;
long keyLength;
X509_SIG sig;
ASN1_TYPE parameter;
X509_ALGOR algorithm;
ASN1_OCTET_STRING digest;
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
if (type == NID_md5 || type == NID_sha1) {
sig.algor = &algorithm;
algorithm.algorithm = OBJ_nid2obj(type);
if (!algorithm.algorithm) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
if (!OBJ_length(algorithm.algorithm)) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
algorithm.parameter = &parameter;
sig.digest = &digest;
sig.digest->data = (unsigned char *)m;
sig.digest->length = m_len;
length = i2d_X509_SIG(&sig, NULL);
}
keyLength = RSA_size(rsa);
if (length - RSA_PKCS1_PADDING > keyLength) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
switch (type) {
case NID_md5_sha1:
if (m_len != SSL_SIG_LEN) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
hashBuffer = (unsigned char *)m;
length = m_len;
break;
case NID_md5:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
case NID_sha1:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
default:
return 0;
}
digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray,
&keyTokenLength, keyToken, &length, hashBuffer,
&outputLength, &outputBitLength, sigret);
if (type == NID_sha1 || type == NID_md5)
OPENSSL_clear_free(hashBuffer, keyLength + 1);
*siglen = outputLength;
return ((returnCode || reasonCode) ? 0 : 1);
}
static int getModulusAndExponent(const unsigned char *token,
long *exponentLength,
unsigned char *exponent, long *modulusLength,
long *modulusFieldLength,
unsigned char *modulus)
{
unsigned long len;
if (*token++ != (char)0x1E) /* internal PKA token? */
return 0;
if (*token++) /* token version must be zero */
return 0;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
token += 4; /* skip reserved bytes */
if (*token++ == (char)0x04) {
if (*token++) /* token version must be zero */
return 0;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
token += 2; /* skip reserved section */
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
*exponentLength = len;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
*modulusLength = len;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
*modulusFieldLength = len;
memcpy(exponent, token, *exponentLength);
token += *exponentLength;
memcpy(modulus, token, *modulusFieldLength);
return 1;
}
return 0;
}
# endif /* OPENSSL_NO_RSA */
static int cca_random_status(void)
{
return 1;
}
static int cca_get_random_bytes(unsigned char *buf, int num)
{
long ret_code;
long reason_code;
long exit_data_length;
unsigned char exit_data[4];
unsigned char form[] = "RANDOM ";
unsigned char rand_buf[8];
while (num >= (int)sizeof(rand_buf)) {
randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
exit_data, form, rand_buf);
if (ret_code)
return 0;
num -= sizeof(rand_buf);
memcpy(buf, rand_buf, sizeof(rand_buf));
buf += sizeof(rand_buf);
}
if (num) {
randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
form, rand_buf);
if (ret_code)
return 0;
memcpy(buf, rand_buf, num);
}
return 1;
}
# ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
long argl, void *argp)
{
OPENSSL_free(item);
}
# endif
/* Goo to handle building as a dynamic engine */
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_4758_cca_id) != 0) &&
(strcmp(id, engine_4758_cca_id_alt) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_4758_CCA */
#endif /* !OPENSSL_NO_HW */
engines/e_4758cca.ec 已删除 100644 → 0
浏览文件 @ f51e5ed6
L CCA4758 e_4758cca_err.h e_4758cca_err.c
engines/e_4758cca_err.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* e_4758cca_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_4758cca_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA CCA4758_str_functs[] = {
{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
{0, NULL}
};
static ERR_STRING_DATA CCA4758_str_reasons[] = {
{ERR_REASON(CCA4758_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),
"asn1 oid unknown for md"},
{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),
"command not implemented"},
{ERR_REASON(CCA4758_R_DSO_FAILURE), "dso failure"},
{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),
"failed loading private key"},
{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),
"failed loading public key"},
{ERR_REASON(CCA4758_R_NOT_LOADED), "not loaded"},
{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(CCA4758_R_UNIT_FAILURE), "unit failure"},
{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
{0, NULL}
};
#endif
#ifdef CCA4758_LIB_NAME
static ERR_STRING_DATA CCA4758_lib_name[] = {
{0, CCA4758_LIB_NAME},
{0, NULL}
};
#endif
static int CCA4758_lib_error_code = 0;
static int CCA4758_error_init = 1;
static void ERR_load_CCA4758_strings(void)
{
if (CCA4758_lib_error_code == 0)
CCA4758_lib_error_code = ERR_get_next_error_library();
if (CCA4758_error_init) {
CCA4758_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_functs);
ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
#endif
#ifdef CCA4758_LIB_NAME
CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code, 0, 0);
ERR_load_strings(0, CCA4758_lib_name);
#endif
}
}
static void ERR_unload_CCA4758_strings(void)
{
if (CCA4758_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_functs);
ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
#endif
#ifdef CCA4758_LIB_NAME
ERR_unload_strings(0, CCA4758_lib_name);
#endif
CCA4758_error_init = 1;
}
}
static void ERR_CCA4758_error(int function, int reason, char *file, int line)
{
if (CCA4758_lib_error_code == 0)
CCA4758_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CCA4758_lib_error_code, function, reason, file, line);
}
engines/e_4758cca_err.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_CCA4758_ERR_H
# define HEADER_CCA4758_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CCA4758_strings(void);
static void ERR_unload_CCA4758_strings(void);
static void ERR_CCA4758_error(int function, int reason, char *file, int line);
# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CCA4758 functions. */
/* Function codes. */
# define CCA4758_F_CCA_RSA_SIGN 105
# define CCA4758_F_CCA_RSA_VERIFY 106
# define CCA4758_F_IBM_4758_CCA_CTRL 100
# define CCA4758_F_IBM_4758_CCA_FINISH 101
# define CCA4758_F_IBM_4758_CCA_INIT 102
# define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
# define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
/* Reason codes. */
# define CCA4758_R_ALREADY_LOADED 100
# define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
# define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
# define CCA4758_R_DSO_FAILURE 103
# define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
# define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
# define CCA4758_R_NOT_LOADED 106
# define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
# define CCA4758_R_UNIT_FAILURE 108
# define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
#ifdef __cplusplus
}
#endif
#endif
engines/e_aep.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/bn.h>
#include <string.h>
#include <openssl/e_os2.h>
#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) || defined(__MINGW32__)
# include <sys/types.h>
# include <unistd.h>
#else
# include <process.h>
typedef int pid_t;
#endif
#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
# define getpid GetThreadID
extern int GetThreadID(void);
#elif defined(_WIN32) && !defined(__WATCOMC__)
# define getpid _getpid
#endif
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/buffer.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_AEP
# ifdef FLAT_INC
# include "aep.h"
# else
# include "vendor_defns/aep.h"
# endif
# define AEP_LIB_NAME "aep engine"
# define FAIL_TO_SW 0x10101010
# include "e_aep_err.c"
static int aep_init(ENGINE *e);
static int aep_finish(ENGINE *e);
static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
static int aep_destroy(ENGINE *e);
static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
/* BIGNUM stuff */
# ifndef OPENSSL_NO_RSA
static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
# endif
/* RSA stuff */
# ifndef OPENSSL_NO_RSA
static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
# ifndef OPENSSL_NO_RSA
static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* DSA stuff */
# ifndef OPENSSL_NO_DSA
static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
/* DH stuff */
/* This function is aliased to mod_exp (with the DH and mont dropped). */
# ifndef OPENSSL_NO_DH
static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
/* rand stuff */
# ifdef AEPRAND
static int aep_rand(unsigned char *buf, int num);
static int aep_rand_status(void);
# endif
/* Bignum conversion stuff */
static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize);
static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
unsigned char *AEP_BigNum);
static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
unsigned char *AEP_BigNum);
/* The definitions for control commands specific to this engine */
# define AEP_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN aep_cmd_defns[] = {
{AEP_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'aep' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD aep_rsa = {
"Aep RSA method",
NULL, /* rsa_pub_encrypt */
NULL, /* rsa_pub_decrypt */
NULL, /* rsa_priv_encrypt */
NULL, /* rsa_priv_encrypt */
aep_rsa_mod_exp, /* rsa_mod_exp */
aep_mod_exp_mont, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* rsa_sign */
NULL, /* rsa_verify */
NULL /* rsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD aep_dsa = {
"Aep DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
aep_dsa_mod_exp, /* dsa_mod_exp */
aep_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* dsa_paramgen */
NULL /* dsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD aep_dh = {
"Aep DH method",
NULL,
NULL,
aep_mod_exp_dh,
NULL,
NULL,
0,
NULL,
NULL
};
# endif
# ifdef AEPRAND
/* our internal RAND_method that we provide pointers to */
static RAND_METHOD aep_random = {
/*
* "AEP RAND method",
*/
NULL,
aep_rand,
NULL,
NULL,
aep_rand,
aep_rand_status,
};
# endif
/*
* Define an array of structures to hold connections
*/
static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
/*
* Used to determine if this is a new process
*/
static pid_t recorded_pid = 0;
# ifdef AEPRAND
static AEP_U8 rand_block[RAND_BLK_SIZE];
static AEP_U32 rand_block_bytes = 0;
# endif
/* Constants used when creating the ENGINE */
static const char *engine_aep_id = "aep";
static const char *engine_aep_name = "Aep hardware engine support";
static int max_key_len = 2176;
/*
* This internal function is used by ENGINE_aep() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_aep(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_aep_id) ||
!ENGINE_set_name(e, engine_aep_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &aep_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &aep_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &aep_dh) ||
# endif
# ifdef AEPRAND
!ENGINE_set_RAND(e, &aep_random) ||
# endif
!ENGINE_set_init_function(e, aep_init) ||
!ENGINE_set_destroy_function(e, aep_destroy) ||
!ENGINE_set_finish_function(e, aep_finish) ||
!ENGINE_set_ctrl_function(e, aep_ctrl) ||
!ENGINE_set_cmd_defns(e, aep_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* aep-specific mod_exp and mod_exp_crt so we use those functions. NB: We
* don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
aep_dsa = *DSA_get_default_method();
aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
aep_dh.generate_key = meth3->generate_key;
aep_dh.compute_key = meth3->compute_key;
aep_dh.bn_mod_exp = meth3->bn_mod_exp;
# endif
/* Ensure the aep error handling is set up */
ERR_load_AEPHK_strings();
return 1;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_aep_id) != 0))
return 0;
if (!bind_aep(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
# else
static ENGINE *engine_aep(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_aep(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_aep(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_aep();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This is a process-global DSO handle used for loading and unloading the Aep
* library. NB: This is only set (or unset) during an init() or finish() call
* (reference counts permitting) and they're operating with global locks, so
* this should be thread-safe implicitly.
*/
static DSO *aep_dso = NULL;
/*
* These are the static string constants for the DSO file name and the
* function symbol names to bind to.
*/
static const char *AEP_LIBNAME = NULL;
static const char *get_AEP_LIBNAME(void)
{
if (AEP_LIBNAME)
return AEP_LIBNAME;
return "aep";
}
static void free_AEP_LIBNAME(void)
{
OPENSSL_free(AEP_LIBNAME);
AEP_LIBNAME = NULL;
}
static long set_AEP_LIBNAME(const char *name)
{
free_AEP_LIBNAME();
return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
}
static const char *AEP_F1 = "AEP_ModExp";
static const char *AEP_F2 = "AEP_ModExpCrt";
# ifdef AEPRAND
static const char *AEP_F3 = "AEP_GenRandom";
# endif
static const char *AEP_F4 = "AEP_Finalize";
static const char *AEP_F5 = "AEP_Initialize";
static const char *AEP_F6 = "AEP_OpenConnection";
static const char *AEP_F7 = "AEP_SetBNCallBacks";
static const char *AEP_F8 = "AEP_CloseConnection";
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
static t_AEP_ModExp *p_AEP_ModExp = NULL;
static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
# ifdef AEPRAND
static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
# endif
static t_AEP_Initialize *p_AEP_Initialize = NULL;
static t_AEP_Finalize *p_AEP_Finalize = NULL;
static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
/* (de)initialisation functions. */
static int aep_init(ENGINE *e)
{
t_AEP_ModExp *p1;
t_AEP_ModExpCrt *p2;
# ifdef AEPRAND
t_AEP_GenRandom *p3;
# endif
t_AEP_Finalize *p4;
t_AEP_Initialize *p5;
t_AEP_OpenConnection *p6;
t_AEP_SetBNCallBacks *p7;
t_AEP_CloseConnection *p8;
int to_return = 0;
if (aep_dso != NULL) {
AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libaep.so. */
aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
if (aep_dso == NULL) {
AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
goto err;
}
#define BINDIT(t, name) (t *)DSO_bind_func(aep_dso, name)
if ((p1 = BINDIT(t_AEP_ModExp, AEP_F1)) == NULL
|| (p2 = BINDIT(t_AEP_ModExpCrt, AEP_F2)) == NULL
# ifdef AEPRAND
|| (p3 = BINDIT(t_AEP_GenRandom, AEP_F3)) == NULL
# endif
|| (p4 = BINDIT(t_AEP_Finalize, AEP_F4)) == NULL
|| (p5 = BINDIT(t_AEP_Initialize, AEP_F5)) == NULL
|| (p6 = BINDIT(t_AEP_OpenConnection, AEP_F6)) == NULL
|| (p7 = BINDIT(t_AEP_SetBNCallBacks, AEP_F7)) == NULL
|| (p8 = BINDIT(t_AEP_CloseConnection, AEP_F8)) == NULL) {
AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
goto err;
}
/* Copy the pointers */
p_AEP_ModExp = p1;
p_AEP_ModExpCrt = p2;
# ifdef AEPRAND
p_AEP_GenRandom = p3;
# endif
p_AEP_Finalize = p4;
p_AEP_Initialize = p5;
p_AEP_OpenConnection = p6;
p_AEP_SetBNCallBacks = p7;
p_AEP_CloseConnection = p8;
to_return = 1;
return to_return;
err:
DSO_free(aep_dso);
aep_dso = NULL;
p_AEP_OpenConnection = NULL;
p_AEP_ModExp = NULL;
p_AEP_ModExpCrt = NULL;
# ifdef AEPRAND
p_AEP_GenRandom = NULL;
# endif
p_AEP_Initialize = NULL;
p_AEP_Finalize = NULL;
p_AEP_SetBNCallBacks = NULL;
p_AEP_CloseConnection = NULL;
return to_return;
}
/* Destructor (complements the "ENGINE_aep()" constructor) */
static int aep_destroy(ENGINE *e)
{
free_AEP_LIBNAME();
ERR_unload_AEPHK_strings();
return 1;
}
static int aep_finish(ENGINE *e)
{
int to_return = 0, in_use;
AEP_RV rv;
if (aep_dso == NULL) {
AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_NOT_LOADED);
goto err;
}
rv = aep_close_all_connections(0, &in_use);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CLOSE_HANDLES_FAILED);
goto err;
}
if (in_use) {
AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CONNECTIONS_IN_USE);
goto err;
}
rv = p_AEP_Finalize();
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_FINALIZE_FAILED);
goto err;
}
if (!DSO_free(aep_dso)) {
AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_UNIT_FAILURE);
goto err;
}
aep_dso = NULL;
p_AEP_CloseConnection = NULL;
p_AEP_OpenConnection = NULL;
p_AEP_ModExp = NULL;
p_AEP_ModExpCrt = NULL;
# ifdef AEPRAND
p_AEP_GenRandom = NULL;
# endif
p_AEP_Initialize = NULL;
p_AEP_Finalize = NULL;
p_AEP_SetBNCallBacks = NULL;
to_return = 1;
err:
return to_return;
}
static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int initialised = ((aep_dso == NULL) ? 0 : 1);
switch (cmd) {
case AEP_CMD_SO_PATH:
if (p == NULL) {
AEPHKerr(AEPHK_F_AEP_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_ALREADY_LOADED);
return 0;
}
return set_AEP_LIBNAME((const char *)p);
default:
break;
}
AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
int to_return = 0;
int r_len = 0;
AEP_CONNECTION_HNDL hConnection;
AEP_RV rv;
r_len = BN_num_bits(m);
/* Perform in software if modulus is too large for hardware. */
if (r_len > max_key_len) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return BN_mod_exp(r, a, p, m, ctx);
}
/*
* Grab a connection from the pool
*/
rv = aep_get_connection(&hConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_GET_HANDLE_FAILED);
return BN_mod_exp(r, a, p, m, ctx);
}
/*
* To the card with the mod exp
*/
rv = p_AEP_ModExp(hConnection, (void *)a, (void *)p, (void *)m, (void *)r,
NULL);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_MOD_EXP_FAILED);
rv = aep_close_connection(hConnection);
return BN_mod_exp(r, a, p, m, ctx);
}
/*
* Return the connection to the pool
*/
rv = aep_return_connection(hConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_RETURN_CONNECTION_FAILED);
goto err;
}
to_return = 1;
err:
return to_return;
}
# ifndef OPENSSL_NO_RSA
static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx)
{
AEP_RV rv = AEP_R_OK;
AEP_CONNECTION_HNDL hConnection;
/*
* Grab a connection from the pool
*/
rv = aep_get_connection(&hConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_GET_HANDLE_FAILED);
return FAIL_TO_SW;
}
/*
* To the card with the mod exp
*/
rv = p_AEP_ModExpCrt(hConnection, (void *)a, (void *)p, (void *)q,
(void *)dmp1, (void *)dmq1, (void *)iqmp, (void *)r,
NULL);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_MOD_EXP_CRT_FAILED);
rv = aep_close_connection(hConnection);
return FAIL_TO_SW;
}
/*
* Return the connection to the pool
*/
rv = aep_return_connection(hConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_RETURN_CONNECTION_FAILED);
goto err;
}
err:
return rv;
}
# endif
# ifdef AEPRAND
static int aep_rand(unsigned char *buf, int len)
{
AEP_RV rv = AEP_R_OK;
AEP_CONNECTION_HNDL hConnection;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/*
* Can the request be serviced with what's already in the buffer?
*/
if (len <= rand_block_bytes) {
memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
rand_block_bytes -= len;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
} else
/*
* If not the get another block of random bytes
*/
{
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
rv = aep_get_connection(&hConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_HANDLE_FAILED);
goto err_nounlock;
}
if (len > RAND_BLK_SIZE) {
rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
goto err_nounlock;
}
} else {
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2,
&rand_block[0], NULL);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
goto err;
}
rand_block_bytes = RAND_BLK_SIZE;
memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
rand_block_bytes -= len;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
rv = aep_return_connection(hConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_RETURN_CONNECTION_FAILED);
goto err_nounlock;
}
}
return 1;
err:
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
err_nounlock:
return 0;
}
static int aep_rand_status(void)
{
return 1;
}
# endif
# ifndef OPENSSL_NO_RSA
static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
int to_return = 0;
AEP_RV rv = AEP_R_OK;
if (!aep_dso) {
AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_NOT_LOADED);
goto err;
}
/*
* See if we have all the necessary bits for a crt
*/
if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
rv = aep_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1,
rsa->iqmp, ctx);
if (rv == FAIL_TO_SW) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
goto err;
} else if (rv != AEP_R_OK)
goto err;
} else {
if (!rsa->d || !rsa->n) {
AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_MISSING_KEY_COMPONENTS);
goto err;
}
rv = aep_mod_exp(r0, I, rsa->d, rsa->n, ctx);
if (rv != AEP_R_OK)
goto err;
}
to_return = 1;
err:
return to_return;
}
# endif
# ifndef OPENSSL_NO_DSA
static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!aep_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!aep_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return aep_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return aep_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return aep_mod_exp(r, a, p, m, ctx);
}
# endif
static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
{
int count;
AEP_RV rv = AEP_R_OK;
/*
* Get the current process id
*/
pid_t curr_pid;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
curr_pid = getpid();
/*
* Check if this is the first time this is being called from the current
* process
*/
if (recorded_pid != curr_pid) {
/*
* Remember our pid so we can check if we're in a new process
*/
recorded_pid = curr_pid;
/*
* Call Finalize to make sure we have not inherited some data from a
* parent process
*/
p_AEP_Finalize();
/*
* Initialise the AEP API
*/
rv = p_AEP_Initialize(NULL);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_INIT_FAILURE);
recorded_pid = 0;
goto end;
}
/*
* Set the AEP big num call back functions
*/
rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
&ConvertAEPBigNum);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,
AEPHK_R_SETBNCALLBACK_FAILURE);
recorded_pid = 0;
goto end;
}
# ifdef AEPRAND
/*
* Reset the rand byte count
*/
rand_block_bytes = 0;
# endif
/*
* Init the structures
*/
for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
aep_app_conn_table[count].conn_state = NotConnected;
aep_app_conn_table[count].conn_hndl = 0;
}
/*
* Open a connection
*/
rv = p_AEP_OpenConnection(phConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
recorded_pid = 0;
goto end;
}
aep_app_conn_table[0].conn_state = InUse;
aep_app_conn_table[0].conn_hndl = *phConnection;
goto end;
}
/*
* Check the existing connections to see if we can find a free one
*/
for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
if (aep_app_conn_table[count].conn_state == Connected) {
aep_app_conn_table[count].conn_state = InUse;
*phConnection = aep_app_conn_table[count].conn_hndl;
goto end;
}
}
/*
* If no connections available, we're going to have to try to open a new
* one
*/
for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
if (aep_app_conn_table[count].conn_state == NotConnected) {
/*
* Open a connection
*/
rv = p_AEP_OpenConnection(phConnection);
if (rv != AEP_R_OK) {
AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
goto end;
}
aep_app_conn_table[count].conn_state = InUse;
aep_app_conn_table[count].conn_hndl = *phConnection;
goto end;
}
}
rv = AEP_R_GENERAL_ERROR;
end:
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return rv;
}
static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
{
int count;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/*
* Find the connection item that matches this connection handle
*/
for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
if (aep_app_conn_table[count].conn_hndl == hConnection) {
aep_app_conn_table[count].conn_state = Connected;
break;
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return AEP_R_OK;
}
static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
{
int count;
AEP_RV rv = AEP_R_OK;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/*
* Find the connection item that matches this connection handle
*/
for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
if (aep_app_conn_table[count].conn_hndl == hConnection) {
rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
if (rv != AEP_R_OK)
goto end;
aep_app_conn_table[count].conn_state = NotConnected;
aep_app_conn_table[count].conn_hndl = 0;
break;
}
}
end:
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return rv;
}
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
{
int count;
AEP_RV rv = AEP_R_OK;
*in_use = 0;
if (use_engine_lock)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
switch (aep_app_conn_table[count].conn_state) {
case Connected:
rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
if (rv != AEP_R_OK)
goto end;
aep_app_conn_table[count].conn_state = NotConnected;
aep_app_conn_table[count].conn_hndl = 0;
break;
case InUse:
(*in_use)++;
break;
case NotConnected:
break;
}
}
end:
if (use_engine_lock)
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return rv;
}
/*
* BigNum call back functions, used to convert OpenSSL bignums into AEP
* bignums. Note only 32bit Openssl build support
*/
static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize)
{
BIGNUM *bn;
/*
* Cast the ArbBigNum pointer to our BIGNUM struct
*/
bn = (BIGNUM *)ArbBigNum;
*BigNumSize = bn->top * BN_BYTES;
if (BN_BYTES > sizeof(AEP_U32) && (bn->d[bn->top - 1] >> BN_BITS4) == 0)
*BigNumSize -= 4;
return AEP_R_OK;
}
static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
unsigned char *AEP_BigNum)
{
BIGNUM *bn;
const union {
long one;
char little;
} is_endian = {
1
};
AEP_U32 i, j;
/*
* Cast the ArbBigNum pointer to our BIGNUM struct
*/
bn = (BIGNUM *)ArbBigNum;
/*
* Must copy data into a (monotone) least significant byte first format
* performing endian conversion if necessary
*/
if (is_endian.little && sizeof(bn->d[0]) == BN_BYTES)
memcpy(AEP_BigNum, bn->d, BigNumSize);
else {
BN_ULONG di;
for (i = 0; BigNumSize >= BN_BYTES; i++) {
di = bn->d[i];
for (j = 0; j < BN_BYTES; j++) {
AEP_BigNum[j] = (unsigned char)di;
di >>= 8;
}
AEP_BigNum += BN_BYTES;
BigNumSize -= BN_BYTES;
}
if (BigNumSize) {
di = bn->d[i];
for (j = 0; j < BigNumSize; j++) {
AEP_BigNum[j] = (unsigned char)di;
di >>= 8;
}
}
}
return AEP_R_OK;
}
/*
* Turn an AEP Big Num back to a user big num
*/
static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
unsigned char *AEP_BigNum)
{
BIGNUM *bn;
const union {
long one;
char little;
} is_endian = {
1
};
int i, j, top;
bn = (BIGNUM *)ArbBigNum;
/*
* Expand the result bn so that it can hold our big num. Size is in bits
*/
top = (BigNumSize + BN_BYTES - 1) / BN_BYTES;
bn_expand(bn, top);
bn->top = top;
bn->d[top - 1] = 0;
if (is_endian.little && sizeof(bn->d[0]) == BN_BYTES)
memcpy(bn->d, AEP_BigNum, BigNumSize);
else {
BN_ULONG di;
for (i = 0; BigNumSize >= BN_BYTES; i++) {
for (di = 0, j = BN_BYTES; j != 0;) {
di <<= 8;
di |= AEP_BigNum[--j];
}
bn->d[i] = di;
AEP_BigNum += BN_BYTES;
BigNumSize -= BN_BYTES;
}
if (BigNumSize) {
for (di = 0, j = BigNumSize; j != 0;) {
di <<= 8;
di |= AEP_BigNum[--j];
}
bn->d[i] = di;
}
}
return AEP_R_OK;
}
# endif /* !OPENSSL_NO_HW_AEP */
#endif /* !OPENSSL_NO_HW */
engines/e_aep.ec 已删除 100644 → 0
浏览文件 @ f51e5ed6
L AEPHK e_aep_err.h e_aep_err.c
engines/e_aep_err.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* e_aep_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_aep_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA AEPHK_str_functs[] = {
{ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
{ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
{ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
{ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
{ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
{ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
{ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
{ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA AEPHK_str_reasons[] = {
{ERR_REASON(AEPHK_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED), "close handles failed"},
{ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE), "connections in use"},
{ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(AEPHK_R_FINALIZE_FAILED), "finalize failed"},
{ERR_REASON(AEPHK_R_GET_HANDLE_FAILED), "get handle failed"},
{ERR_REASON(AEPHK_R_GET_RANDOM_FAILED), "get random failed"},
{ERR_REASON(AEPHK_R_INIT_FAILURE), "init failure"},
{ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED), "mod exp crt failed"},
{ERR_REASON(AEPHK_R_MOD_EXP_FAILED), "mod exp failed"},
{ERR_REASON(AEPHK_R_NOT_LOADED), "not loaded"},
{ERR_REASON(AEPHK_R_OK), "ok"},
{ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),
"return connection failed"},
{ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE), "setbncallback failure"},
{ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(AEPHK_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef AEPHK_LIB_NAME
static ERR_STRING_DATA AEPHK_lib_name[] = {
{0, AEPHK_LIB_NAME},
{0, NULL}
};
#endif
static int AEPHK_lib_error_code = 0;
static int AEPHK_error_init = 1;
static void ERR_load_AEPHK_strings(void)
{
if (AEPHK_lib_error_code == 0)
AEPHK_lib_error_code = ERR_get_next_error_library();
if (AEPHK_error_init) {
AEPHK_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_functs);
ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
#endif
#ifdef AEPHK_LIB_NAME
AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code, 0, 0);
ERR_load_strings(0, AEPHK_lib_name);
#endif
}
}
static void ERR_unload_AEPHK_strings(void)
{
if (AEPHK_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_functs);
ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
#endif
#ifdef AEPHK_LIB_NAME
ERR_unload_strings(0, AEPHK_lib_name);
#endif
AEPHK_error_init = 1;
}
}
static void ERR_AEPHK_error(int function, int reason, char *file, int line)
{
if (AEPHK_lib_error_code == 0)
AEPHK_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(AEPHK_lib_error_code, function, reason, file, line);
}
engines/e_aep_err.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_AEPHK_ERR_H
# define HEADER_AEPHK_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_AEPHK_strings(void);
static void ERR_unload_AEPHK_strings(void);
static void ERR_AEPHK_error(int function, int reason, char *file, int line);
# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
/* Error codes for the AEPHK functions. */
/* Function codes. */
# define AEPHK_F_AEP_CTRL 100
# define AEPHK_F_AEP_FINISH 101
# define AEPHK_F_AEP_GET_CONNECTION 102
# define AEPHK_F_AEP_INIT 103
# define AEPHK_F_AEP_MOD_EXP 104
# define AEPHK_F_AEP_MOD_EXP_CRT 105
# define AEPHK_F_AEP_RAND 106
# define AEPHK_F_AEP_RSA_MOD_EXP 107
/* Reason codes. */
# define AEPHK_R_ALREADY_LOADED 100
# define AEPHK_R_CLOSE_HANDLES_FAILED 101
# define AEPHK_R_CONNECTIONS_IN_USE 102
# define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define AEPHK_R_FINALIZE_FAILED 104
# define AEPHK_R_GET_HANDLE_FAILED 105
# define AEPHK_R_GET_RANDOM_FAILED 106
# define AEPHK_R_INIT_FAILURE 107
# define AEPHK_R_MISSING_KEY_COMPONENTS 108
# define AEPHK_R_MOD_EXP_CRT_FAILED 109
# define AEPHK_R_MOD_EXP_FAILED 110
# define AEPHK_R_NOT_LOADED 111
# define AEPHK_R_OK 112
# define AEPHK_R_RETURN_CONNECTION_FAILED 113
# define AEPHK_R_SETBNCALLBACK_FAILURE 114
# define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
# define AEPHK_R_UNIT_FAILURE 115
#ifdef __cplusplus
}
#endif
#endif
engines/e_atalla.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* crypto/engine/hw_atalla.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_ATALLA
# ifdef FLAT_INC
# include "atalla.h"
# else
# include "vendor_defns/atalla.h"
# endif
# define ATALLA_LIB_NAME "atalla engine"
# include "e_atalla_err.c"
static int atalla_destroy(ENGINE *e);
static int atalla_init(ENGINE *e);
static int atalla_finish(ENGINE *e);
static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
/* BIGNUM stuff */
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
# ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
/* The definitions for control commands specific to this engine */
# define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
{ATALLA_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'atasi' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD atalla_rsa = {
"Atalla RSA method",
NULL,
NULL,
NULL,
NULL,
atalla_rsa_mod_exp,
atalla_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD atalla_dsa = {
"Atalla DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
atalla_dsa_mod_exp, /* dsa_mod_exp */
atalla_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* dsa_paramgen */
NULL /* dsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD atalla_dh = {
"Atalla DH method",
NULL,
NULL,
atalla_mod_exp_dh,
NULL,
NULL,
0,
NULL,
NULL
};
# endif
/* Constants used when creating the ENGINE */
static const char *engine_atalla_id = "atalla";
static const char *engine_atalla_name = "Atalla hardware engine support";
/*
* This internal function is used by ENGINE_atalla() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_atalla_id) ||
!ENGINE_set_name(e, engine_atalla_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &atalla_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &atalla_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &atalla_dh) ||
# endif
!ENGINE_set_destroy_function(e, atalla_destroy) ||
!ENGINE_set_init_function(e, atalla_init) ||
!ENGINE_set_finish_function(e, atalla_finish) ||
!ENGINE_set_ctrl_function(e, atalla_ctrl) ||
!ENGINE_set_cmd_defns(e, atalla_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* atalla-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
atalla_dh.generate_key = meth3->generate_key;
atalla_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the atalla error handling is set up */
ERR_load_ATALLA_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_atalla(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_atalla(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_atalla();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This is a process-global DSO handle used for loading and unloading the
* Atalla library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *atalla_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics =
NULL;
/*
* These are the static string constants for the DSO file name and the
* function symbol names to bind to. Regrettably, the DSO name on *nix
* appears to be "atasi.so" rather than something more consistent like
* "libatasi.so". At the time of writing, I'm not sure what the file name on
* win32 is but clearly native name translation is not possible (eg
* libatasi.so on *nix, and atasi.dll on win32). For the purposes of testing,
* I have created a symbollic link called "libatasi.so" so that we can use
* native name-translation - a better solution will be needed.
*/
static const char *ATALLA_LIBNAME = NULL;
static const char *get_ATALLA_LIBNAME(void)
{
if (ATALLA_LIBNAME)
return ATALLA_LIBNAME;
return "atasi";
}
static void free_ATALLA_LIBNAME(void)
{
OPENSSL_free(ATALLA_LIBNAME);
ATALLA_LIBNAME = NULL;
}
static long set_ATALLA_LIBNAME(const char *name)
{
free_ATALLA_LIBNAME();
return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
/* Destructor (complements the "ENGINE_atalla()" constructor) */
static int atalla_destroy(ENGINE *e)
{
free_ATALLA_LIBNAME();
/*
* Unload the atalla error strings so any error state including our
* functs or reasons won't lead to a segfault (they simply get displayed
* without corresponding string data because none will be found).
*/
ERR_unload_ATALLA_strings();
return 1;
}
/* (de)initialisation functions. */
static int atalla_init(ENGINE *e)
{
tfnASI_GetHardwareConfig *p1;
tfnASI_RSAPrivateKeyOpFn *p2;
tfnASI_GetPerformanceStatistics *p3;
/*
* Not sure of the origin of this magic value, but Ben's code had it and
* it seemed to have been working for a few people. :-)
*/
unsigned int config_buf[1024];
if (atalla_dso != NULL) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_ALREADY_LOADED);
goto err;
}
/*
* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
* unfortunately because the Atalla drivers don't have standard library
* names that can be platform-translated well.
*/
/*
* TODO: Work out how to actually map to the names the Atalla drivers
* really use - for now a symbollic link needs to be created on the host
* system from libatasi.so to atasi.so on unix variants.
*/
atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
if (atalla_dso == NULL) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
goto err;
}
#define BINDIT(t, name) (t *)DSO_bind_func(atalla_dso, name)
if ((p1 = BINDIT(tfnASI_GetHardwareConfig, ATALLA_F1)) == NULL
|| (p2 = BINDIT(tfnASI_RSAPrivateKeyOpFn, ATALLA_F2)) == NULL
|| (p3 = BINDIT(tfnASI_GetPerformanceStatistics, ATALLA_F3)) == NULL) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
goto err;
}
/* Copy the pointers */
p_Atalla_GetHardwareConfig = p1;
p_Atalla_RSAPrivateKeyOpFn = p2;
p_Atalla_GetPerformanceStatistics = p3;
/*
* Perform a basic test to see if there's actually any unit running.
*/
if (p1(0L, config_buf) != 0) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_UNIT_FAILURE);
goto err;
}
/* Everything's fine. */
return 1;
err:
DSO_free(atalla_dso);
atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
return 0;
}
static int atalla_finish(ENGINE *e)
{
free_ATALLA_LIBNAME();
if (atalla_dso == NULL) {
ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_NOT_LOADED);
return 0;
}
if (!DSO_free(atalla_dso)) {
ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_UNIT_FAILURE);
return 0;
}
atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
return 1;
}
static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int initialised = ((atalla_dso == NULL) ? 0 : 1);
switch (cmd) {
case ATALLA_CMD_SO_PATH:
if (p == NULL) {
ATALLAerr(ATALLA_F_ATALLA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_ALREADY_LOADED);
return 0;
}
return set_ATALLA_LIBNAME((const char *)p);
default:
break;
}
ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/*
* I need somewhere to store temporary serialised values for use with the
* Atalla API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
* access their arrays directly as byte arrays <grin>. This way I don't
* have to clean anything up.
*/
BIGNUM *modulus;
BIGNUM *exponent;
BIGNUM *argument;
BIGNUM *result;
RSAPrivateKey keydata;
int to_return, numbytes;
modulus = exponent = argument = result = NULL;
to_return = 0; /* expect failure */
if (!atalla_dso) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_NOT_LOADED);
goto err;
}
/* Prepare the params */
BN_CTX_start(ctx);
modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if (!result) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_EXPAND_FAIL);
goto err;
}
/* Prepare the key-data */
memset(&keydata, 0, sizeof(keydata));
numbytes = BN_num_bytes(m);
memset(exponent->d, 0, numbytes);
memset(modulus->d, 0, numbytes);
BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
keydata.privateExponent.data = (unsigned char *)exponent->d;
keydata.privateExponent.len = numbytes;
keydata.modulus.data = (unsigned char *)modulus->d;
keydata.modulus.len = numbytes;
/* Prepare the argument */
memset(argument->d, 0, numbytes);
memset(result->d, 0, numbytes);
BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
/* Perform the operation */
if (p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
(unsigned char *)argument->d,
keydata.modulus.len) != 0) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, numbytes, r);
to_return = 1;
err:
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_RSA
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
int to_return = 0;
if (!atalla_dso) {
ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, ATALLA_R_NOT_LOADED);
goto err;
}
if (!rsa->d || !rsa->n) {
ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,
ATALLA_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
err:
return to_return;
}
# endif
# ifndef OPENSSL_NO_DSA
/*
* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
* doesn't have a CRT form for RSA), this function means that an Atalla
* system running with a DSA server certificate can handshake around 5 or 6
* times faster/more than an equivalent system running with RSA. Just check
* out the "signs" statistics from the RSA and DSA parts of "openssl speed
* -engine atalla dsa1024 rsa1024".
*/
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!atalla_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!atalla_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
# endif
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_atalla_id) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_ATALLA */
#endif /* !OPENSSL_NO_HW */
engines/e_atalla.ec 已删除 100644 → 0
浏览文件 @ f51e5ed6
L ATALLA e_atalla_err.h e_atalla_err.c
engines/e_atalla_err.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* e_atalla_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_atalla_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA ATALLA_str_functs[] = {
{ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
{ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
{ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA ATALLA_str_reasons[] = {
{ERR_REASON(ATALLA_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(ATALLA_R_BN_CTX_FULL), "bn ctx full"},
{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL), "bn expand fail"},
{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(ATALLA_R_NOT_LOADED), "not loaded"},
{ERR_REASON(ATALLA_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(ATALLA_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef ATALLA_LIB_NAME
static ERR_STRING_DATA ATALLA_lib_name[] = {
{0, ATALLA_LIB_NAME},
{0, NULL}
};
#endif
static int ATALLA_lib_error_code = 0;
static int ATALLA_error_init = 1;
static void ERR_load_ATALLA_strings(void)
{
if (ATALLA_lib_error_code == 0)
ATALLA_lib_error_code = ERR_get_next_error_library();
if (ATALLA_error_init) {
ATALLA_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_functs);
ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
#endif
#ifdef ATALLA_LIB_NAME
ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code, 0, 0);
ERR_load_strings(0, ATALLA_lib_name);
#endif
}
}
static void ERR_unload_ATALLA_strings(void)
{
if (ATALLA_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_functs);
ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
#endif
#ifdef ATALLA_LIB_NAME
ERR_unload_strings(0, ATALLA_lib_name);
#endif
ATALLA_error_init = 1;
}
}
static void ERR_ATALLA_error(int function, int reason, char *file, int line)
{
if (ATALLA_lib_error_code == 0)
ATALLA_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(ATALLA_lib_error_code, function, reason, file, line);
}
engines/e_atalla_err.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ATALLA_ERR_H
# define HEADER_ATALLA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ATALLA_strings(void);
static void ERR_unload_ATALLA_strings(void);
static void ERR_ATALLA_error(int function, int reason, char *file, int line);
# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ATALLA functions. */
/* Function codes. */
# define ATALLA_F_ATALLA_CTRL 100
# define ATALLA_F_ATALLA_FINISH 101
# define ATALLA_F_ATALLA_INIT 102
# define ATALLA_F_ATALLA_MOD_EXP 103
# define ATALLA_F_ATALLA_RSA_MOD_EXP 104
/* Reason codes. */
# define ATALLA_R_ALREADY_LOADED 100
# define ATALLA_R_BN_CTX_FULL 101
# define ATALLA_R_BN_EXPAND_FAIL 102
# define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define ATALLA_R_MISSING_KEY_COMPONENTS 104
# define ATALLA_R_NOT_LOADED 105
# define ATALLA_R_REQUEST_FAILED 106
# define ATALLA_R_UNIT_FAILURE 107
#ifdef __cplusplus
}
#endif
#endif
engines/e_cswift.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* crypto/engine/hw_cswift.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/rand.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_CSWIFT
/*
* Attribution notice: Rainbow have generously allowed me to reproduce the
* necessary definitions here from their API. This means the support can
* build independently of whether application builders have the API or
* hardware. This will allow developers to easily produce software that has
* latent hardware support for any users that have accelerators installed,
* without the developers themselves needing anything extra. I have only
* clipped the parts from the CryptoSwift header files that are (or seem)
* relevant to the CryptoSwift support code. This is simply to keep the file
* sizes reasonable. [Geoff]
*/
# ifdef FLAT_INC
# include "cswift.h"
# else
# include "vendor_defns/cswift.h"
# endif
# define CSWIFT_LIB_NAME "cswift engine"
# include "e_cswift_err.c"
# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
static int cswift_destroy(ENGINE *e);
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
# ifndef OPENSSL_NO_RSA
static int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in);
# endif
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
# ifndef OPENSSL_NO_RSA
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
# endif
# ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen,
DSA *dsa);
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
# endif
# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
/* RAND stuff */
static int cswift_rand_bytes(unsigned char *buf, int num);
static int cswift_rand_status(void);
/* The definitions for control commands specific to this engine */
# define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
{CSWIFT_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'cswift' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD cswift_rsa = {
"CryptoSwift RSA method",
NULL,
NULL,
NULL,
NULL,
cswift_rsa_mod_exp,
cswift_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD cswift_dsa = {
"CryptoSwift DSA method",
cswift_dsa_sign,
NULL, /* dsa_sign_setup */
cswift_dsa_verify,
NULL, /* dsa_mod_exp */
NULL, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* dsa_paramgen */
NULL /* dsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD cswift_dh = {
"CryptoSwift DH method",
NULL,
NULL,
cswift_mod_exp_dh,
NULL,
NULL,
0,
NULL,
NULL
};
# endif
static RAND_METHOD cswift_random = {
/* "CryptoSwift RAND method", */
NULL,
cswift_rand_bytes,
NULL,
NULL,
cswift_rand_bytes,
cswift_rand_status,
};
/* Constants used when creating the ENGINE */
static const char *engine_cswift_id = "cswift";
static const char *engine_cswift_name = "CryptoSwift hardware engine support";
/*
* This internal function is used by ENGINE_cswift() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
# endif
if (!ENGINE_set_id(e, engine_cswift_id) ||
!ENGINE_set_name(e, engine_cswift_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &cswift_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &cswift_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &cswift_dh) ||
# endif
!ENGINE_set_RAND(e, &cswift_random) ||
!ENGINE_set_destroy_function(e, cswift_destroy) ||
!ENGINE_set_init_function(e, cswift_init) ||
!ENGINE_set_finish_function(e, cswift_finish) ||
!ENGINE_set_ctrl_function(e, cswift_ctrl) ||
!ENGINE_set_cmd_defns(e, cswift_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
cswift_dh.generate_key = meth2->generate_key;
cswift_dh.compute_key = meth2->compute_key;
# endif
/* Ensure the cswift error handling is set up */
ERR_load_CSWIFT_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_cswift(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_cswift(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_cswift();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This is a process-global DSO handle used for loading and unloading the
* CryptoSwift library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *cswift_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
/* Used in the DSO operations. */
static const char *CSWIFT_LIBNAME = NULL;
static const char *get_CSWIFT_LIBNAME(void)
{
if (CSWIFT_LIBNAME)
return CSWIFT_LIBNAME;
return "swift";
}
static void free_CSWIFT_LIBNAME(void)
{
OPENSSL_free(CSWIFT_LIBNAME);
CSWIFT_LIBNAME = NULL;
}
static long set_CSWIFT_LIBNAME(const char *name)
{
free_CSWIFT_LIBNAME();
return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
static const char *CSWIFT_F1 = "swAcquireAccContext";
static const char *CSWIFT_F2 = "swAttachKeyParam";
static const char *CSWIFT_F3 = "swSimpleRequest";
static const char *CSWIFT_F4 = "swReleaseAccContext";
/*
* CryptoSwift library functions and mechanics - these are used by the
* higher-level functions further down. NB: As and where there's no error
* checking, take a look lower down where these functions are called, the
* checking and error handling is probably down there.
*/
/* utility function to obtain a context */
static int get_context(SW_CONTEXT_HANDLE *hac)
{
SW_STATUS status;
status = p_CSwift_AcquireAccContext(hac);
if (status != SW_OK)
return 0;
return 1;
}
/* similarly to release one. */
static void release_context(SW_CONTEXT_HANDLE hac)
{
p_CSwift_ReleaseAccContext(hac);
}
/* Destructor (complements the "ENGINE_cswift()" constructor) */
static int cswift_destroy(ENGINE *e)
{
free_CSWIFT_LIBNAME();
ERR_unload_CSWIFT_strings();
return 1;
}
/* (de)initialisation functions. */
static int cswift_init(ENGINE *e)
{
SW_CONTEXT_HANDLE hac;
t_swAcquireAccContext *p1;
t_swAttachKeyParam *p2;
t_swSimpleRequest *p3;
t_swReleaseAccContext *p4;
if (cswift_dso != NULL) {
CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libswift.so/swift.dll/whatever. */
cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
if (cswift_dso == NULL) {
CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
goto err;
}
#define BINDIT(t, name) (t *)DSO_bind_func(cswift_dso, name)
if ((p1 = BINDIT(t_swAcquireAccContext, CSWIFT_F1)) == NULL
|| (p2 = BINDIT(t_swAttachKeyParam, CSWIFT_F2)) == NULL
|| (p3 = BINDIT(t_swSimpleRequest *) DSO_bind_func(cswift_dso, CSWIFT_F3)) == NULL
|| (p4 = BINDIT(t_swReleaseAccContext *) DSO_bind_func(cswift_dso, CSWIFT_F4)) == NULL) {
CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
goto err;
}
/* Copy the pointers */
p_CSwift_AcquireAccContext = p1;
p_CSwift_AttachKeyParam = p2;
p_CSwift_SimpleRequest = p3;
p_CSwift_ReleaseAccContext = p4;
/*
* Try and get a context - if not, we may have a DSO but no accelerator!
*/
if (!get_context(&hac)) {
CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_UNIT_FAILURE);
goto err;
}
release_context(hac);
/* Everything's fine. */
return 1;
err:
DSO_free(cswift_dso);
cswift_dso = NULL;
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
p_CSwift_ReleaseAccContext = NULL;
return 0;
}
static int cswift_finish(ENGINE *e)
{
free_CSWIFT_LIBNAME();
if (cswift_dso == NULL) {
CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_NOT_LOADED);
return 0;
}
if (!DSO_free(cswift_dso)) {
CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_UNIT_FAILURE);
return 0;
}
cswift_dso = NULL;
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
p_CSwift_ReleaseAccContext = NULL;
return 1;
}
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int initialised = ((cswift_dso == NULL) ? 0 : 1);
switch (cmd) {
case CSWIFT_CMD_SO_PATH:
if (p == NULL) {
CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_ALREADY_LOADED);
return 0;
}
return set_CSWIFT_LIBNAME((const char *)p);
default:
break;
}
CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
/* Un petit mod_exp */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/*
* I need somewhere to store temporary serialised values for use with the
* CryptoSwift API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX
* but access their arrays directly as byte arrays <grin>. This way I
* don't have to clean anything up.
*/
BIGNUM *modulus;
BIGNUM *exponent;
BIGNUM *argument;
BIGNUM *result;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
int to_return, acquired;
modulus = exponent = argument = result = NULL;
to_return = 0; /* expect failure */
acquired = 0;
if (!get_context(&hac)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
BN_CTX_start(ctx);
modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if (!result) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_EXP;
sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
(unsigned char *)modulus->d);
sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
(unsigned char *)exponent->d);
sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch (sw_status) {
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
arg.value = (unsigned char *)argument->d;
res.nbytes = BN_num_bytes(m);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
&res, 1)) != SW_OK) {
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
if (acquired)
release_context(hac);
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_RSA
int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in)
{
int mod;
int numbytes = BN_num_bytes(in);
mod = 0;
while (((out->nbytes = (numbytes + mod)) % 32)) {
mod++;
}
out->value = OPENSSL_malloc(out->nbytes);
if (!out->value) {
return 0;
}
BN_bn2bin(in, &out->value[mod]);
if (mod)
memset(out->value, 0, mod);
return 1;
}
# endif
# ifndef OPENSSL_NO_RSA
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx)
{
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
BIGNUM *result = NULL;
BIGNUM *argument = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
sw_param.up.crt.p.value = NULL;
sw_param.up.crt.q.value = NULL;
sw_param.up.crt.dmp1.value = NULL;
sw_param.up.crt.dmq1.value = NULL;
sw_param.up.crt.iqmp.value = NULL;
if (!get_context(&hac)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
argument = BN_new();
result = BN_new();
if (!result || !argument) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_CTX_FULL);
goto err;
}
sw_param.type = SW_ALG_CRT;
/************************************************************************/
/*
* 04/02/2003
*/
/*
* Modified by Frederic Giudicelli (deny-all.com) to overcome the
*/
/*
* limitation of cswift with values not a multiple of 32
*/
/************************************************************************/
if (!cswift_bn_32copy(&sw_param.up.crt.p, p)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if (!cswift_bn_32copy(&sw_param.up.crt.q, q)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if (!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if (!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if (!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if (!bn_wexpand(argument, a->top) || !bn_wexpand(result, p->top + q->top)) {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch (sw_status) {
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
arg.value = (unsigned char *)argument->d;
res.nbytes = 2 * BN_num_bytes(p);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
&res, 1)) != SW_OK) {
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
OPENSSL_free(sw_param.up.crt.p.value);
OPENSSL_free(sw_param.up.crt.q.value);
OPENSSL_free(sw_param.up.crt.dmp1.value);
OPENSSL_free(sw_param.up.crt.dmq1.value);
OPENSSL_free(sw_param.up.crt.iqmp.value);
BN_free(result);
BN_free(argument);
if (acquired)
release_context(hac);
return to_return;
}
# endif
# ifndef OPENSSL_NO_RSA
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
int to_return = 0;
const RSA_METHOD *def_rsa_method;
if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,
CSWIFT_R_MISSING_KEY_COMPONENTS);
goto err;
}
/* Try the limits of RSA (2048 bits) */
if (BN_num_bytes(rsa->p) > 128 ||
BN_num_bytes(rsa->q) > 128 ||
BN_num_bytes(rsa->dmp1) > 128 ||
BN_num_bytes(rsa->dmq1) > 128 || BN_num_bytes(rsa->iqmp) > 128) {
# ifdef RSA_NULL
def_rsa_method = RSA_null_method();
# else
def_rsa_method = RSA_PKCS1_SSLeay();
# endif
if (def_rsa_method)
return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
}
to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
err:
return to_return;
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
const RSA_METHOD *def_rsa_method;
/* Try the limits of RSA (2048 bits) */
if (BN_num_bytes(r) > 256 ||
BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) {
# ifdef RSA_NULL
def_rsa_method = RSA_null_method();
# else
def_rsa_method = RSA_PKCS1_SSLeay();
# endif
if (def_rsa_method)
return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
}
return cswift_mod_exp(r, a, p, m, ctx);
}
# endif /* OPENSSL_NO_RSA */
# ifndef OPENSSL_NO_DSA
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
BIGNUM *dsa_g = NULL;
BIGNUM *dsa_key = NULL;
BIGNUM *result = NULL;
DSA_SIG *to_return = NULL;
int acquired = 0;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if (!get_context(&hac)) {
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
BN_CTX_start(ctx);
dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if (!result) {
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(dsa_p, dsa->p->top) ||
!bn_wexpand(dsa_q, dsa->q->top) ||
!bn_wexpand(dsa_g, dsa->g->top) ||
!bn_wexpand(dsa_key, dsa->priv_key->top) ||
!bn_wexpand(result, dsa->p->top)) {
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_DSA;
sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
(unsigned char *)dsa_key->d);
sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch (sw_status) {
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = dlen;
arg.value = (unsigned char *)dgst;
res.nbytes = BN_num_bytes(dsa->p);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
&res, 1);
if (sw_status != SW_OK) {
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
/* Convert the response */
if ((to_return = DSA_SIG_new()) == NULL)
goto err;
to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
err:
if (acquired)
release_context(hac);
if (ctx)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return to_return;
}
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg[2], res;
unsigned long sig_result;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
BIGNUM *dsa_g = NULL;
BIGNUM *dsa_key = NULL;
BIGNUM *argument = NULL;
int to_return = -1;
int acquired = 0;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if (!get_context(&hac)) {
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
BN_CTX_start(ctx);
dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
if (!argument) {
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(dsa_p, dsa->p->top) ||
!bn_wexpand(dsa_q, dsa->q->top) ||
!bn_wexpand(dsa_g, dsa->g->top) ||
!bn_wexpand(dsa_key, dsa->pub_key->top) ||
!bn_wexpand(argument, 40)) {
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_DSA;
sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
(unsigned char *)dsa_key->d);
sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch (sw_status) {
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg[0].nbytes = dgst_len;
arg[0].value = (unsigned char *)dgst;
arg[1].nbytes = 40;
arg[1].value = (unsigned char *)argument->d;
memset(arg[1].value, 0, 40);
BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
res.nbytes = 4; /* unsigned long */
res.value = (unsigned char *)(&sig_result);
/* Perform the operation */
sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
&res, 1);
if (sw_status != SW_OK) {
char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
/* Convert the response */
to_return = ((sig_result == 0) ? 0 : 1);
err:
if (acquired)
release_context(hac);
if (ctx)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return to_return;
}
# endif
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cswift_mod_exp(r, a, p, m, ctx);
}
# endif
/* Random bytes are good */
static int cswift_rand_bytes(unsigned char *buf, int num)
{
SW_CONTEXT_HANDLE hac;
SW_STATUS swrc;
SW_LARGENUMBER largenum;
int acquired = 0;
int to_return = 0; /* assume failure */
unsigned char buf32[1024];
if (!get_context(&hac)) {
CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/************************************************************************/
/*
* 04/02/2003
*/
/*
* Modified by Frederic Giudicelli (deny-all.com) to overcome the
*/
/*
* limitation of cswift with values not a multiple of 32
*/
/************************************************************************/
while (num >= (int)sizeof(buf32)) {
largenum.value = buf;
largenum.nbytes = sizeof(buf32);
/*-
* tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
* - CryptoSwift can only do multiple of 32-bits.
*/
swrc =
p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK) {
char tmpbuf[20];
CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", swrc);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
buf += sizeof(buf32);
num -= sizeof(buf32);
}
if (num) {
largenum.nbytes = sizeof(buf32);
largenum.value = buf32;
swrc =
p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK) {
char tmpbuf[20];
CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", swrc);
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
memcpy(buf, largenum.value, num);
}
to_return = 1; /* success */
err:
if (acquired)
release_context(hac);
return to_return;
}
static int cswift_rand_status(void)
{
return 1;
}
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_cswift_id) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_CSWIFT */
#endif /* !OPENSSL_NO_HW */
engines/e_cswift.ec 已删除 100644 → 0
浏览文件 @ f51e5ed6
L CSWIFT e_cswift_err.h e_cswift_err.c
engines/e_cswift_err.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* e_cswift_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_cswift_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA CSWIFT_str_functs[] = {
{ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
{ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
{ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
{ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
{ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA CSWIFT_str_reasons[] = {
{ERR_REASON(CSWIFT_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(CSWIFT_R_BAD_KEY_SIZE), "bad key size"},
{ERR_REASON(CSWIFT_R_BN_CTX_FULL), "bn ctx full"},
{ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL), "bn expand fail"},
{ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(CSWIFT_R_NOT_LOADED), "not loaded"},
{ERR_REASON(CSWIFT_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(CSWIFT_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef CSWIFT_LIB_NAME
static ERR_STRING_DATA CSWIFT_lib_name[] = {
{0, CSWIFT_LIB_NAME},
{0, NULL}
};
#endif
static int CSWIFT_lib_error_code = 0;
static int CSWIFT_error_init = 1;
static void ERR_load_CSWIFT_strings(void)
{
if (CSWIFT_lib_error_code == 0)
CSWIFT_lib_error_code = ERR_get_next_error_library();
if (CSWIFT_error_init) {
CSWIFT_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
#endif
#ifdef CSWIFT_LIB_NAME
CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code, 0, 0);
ERR_load_strings(0, CSWIFT_lib_name);
#endif
}
}
static void ERR_unload_CSWIFT_strings(void)
{
if (CSWIFT_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
#endif
#ifdef CSWIFT_LIB_NAME
ERR_unload_strings(0, CSWIFT_lib_name);
#endif
CSWIFT_error_init = 1;
}
}
static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
{
if (CSWIFT_lib_error_code == 0)
CSWIFT_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CSWIFT_lib_error_code, function, reason, file, line);
}
engines/e_cswift_err.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_CSWIFT_ERR_H
# define HEADER_CSWIFT_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CSWIFT_strings(void);
static void ERR_unload_CSWIFT_strings(void);
static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CSWIFT functions. */
/* Function codes. */
# define CSWIFT_F_CSWIFT_CTRL 100
# define CSWIFT_F_CSWIFT_DSA_SIGN 101
# define CSWIFT_F_CSWIFT_DSA_VERIFY 102
# define CSWIFT_F_CSWIFT_FINISH 103
# define CSWIFT_F_CSWIFT_INIT 104
# define CSWIFT_F_CSWIFT_MOD_EXP 105
# define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
# define CSWIFT_F_CSWIFT_RAND_BYTES 108
# define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
/* Reason codes. */
# define CSWIFT_R_ALREADY_LOADED 100
# define CSWIFT_R_BAD_KEY_SIZE 101
# define CSWIFT_R_BN_CTX_FULL 102
# define CSWIFT_R_BN_EXPAND_FAIL 103
# define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
# define CSWIFT_R_MISSING_KEY_COMPONENTS 105
# define CSWIFT_R_NOT_LOADED 106
# define CSWIFT_R_REQUEST_FAILED 107
# define CSWIFT_R_UNIT_FAILURE 108
#ifdef __cplusplus
}
#endif
#endif
engines/e_nuron.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* crypto/engine/hw_nuron.c */
/*
* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
* Thorpe's Atalla implementation.
*/
/* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_NURON
# define NURON_LIB_NAME "nuron engine"
# include "e_nuron_err.c"
static const char *NURON_LIBNAME = NULL;
static const char *get_NURON_LIBNAME(void)
{
if (NURON_LIBNAME)
return NURON_LIBNAME;
return "nuronssl";
}
static void free_NURON_LIBNAME(void)
{
OPENSSL_free(NURON_LIBNAME);
NURON_LIBNAME = NULL;
}
static long set_NURON_LIBNAME(const char *name)
{
free_NURON_LIBNAME();
return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
static const char *NURON_F1 = "nuron_mod_exp";
/* The definitions for control commands specific to this engine */
# define NURON_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
{NURON_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'nuronssl' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
typedef int tfnModExp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m);
static tfnModExp *pfnModExp = NULL;
static DSO *pvDSOHandle = NULL;
static int nuron_destroy(ENGINE *e)
{
free_NURON_LIBNAME();
ERR_unload_NURON_strings();
return 1;
}
static int nuron_init(ENGINE *e)
{
if (pvDSOHandle != NULL) {
NURONerr(NURON_F_NURON_INIT, NURON_R_ALREADY_LOADED);
return 0;
}
pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
if (!pvDSOHandle) {
NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_NOT_FOUND);
return 0;
}
pfnModExp = (tfnModExp *) DSO_bind_func(pvDSOHandle, NURON_F1);
if (!pfnModExp) {
NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_FUNCTION_NOT_FOUND);
return 0;
}
return 1;
}
static int nuron_finish(ENGINE *e)
{
free_NURON_LIBNAME();
if (pvDSOHandle == NULL) {
NURONerr(NURON_F_NURON_FINISH, NURON_R_NOT_LOADED);
return 0;
}
if (!DSO_free(pvDSOHandle)) {
NURONerr(NURON_F_NURON_FINISH, NURON_R_DSO_FAILURE);
return 0;
}
pvDSOHandle = NULL;
pfnModExp = NULL;
return 1;
}
static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
switch (cmd) {
case NURON_CMD_SO_PATH:
if (p == NULL) {
NURONerr(NURON_F_NURON_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
NURONerr(NURON_F_NURON_CTRL, NURON_R_ALREADY_LOADED);
return 0;
}
return set_NURON_LIBNAME((const char *)p);
default:
break;
}
NURONerr(NURON_F_NURON_CTRL, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int nuron_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
if (!pvDSOHandle) {
NURONerr(NURON_F_NURON_MOD_EXP, NURON_R_NOT_LOADED);
return 0;
}
return pfnModExp(r, a, p, m);
}
# ifndef OPENSSL_NO_RSA
static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
return nuron_mod_exp(r0, I, rsa->d, rsa->n, ctx);
}
# endif
# ifndef OPENSSL_NO_DSA
/*
* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
* doesn't have a CRT form for RSA), this function means that an Atalla
* system running with a DSA server certificate can handshake around 5 or 6
* times faster/more than an equivalent system running with RSA. Just check
* out the "signs" statistics from the RSA and DSA parts of "openssl speed
* -engine atalla dsa1024 rsa1024".
*/
static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!nuron_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!nuron_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
# ifndef OPENSSL_NO_RSA
static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_RSA
static RSA_METHOD nuron_rsa = {
"Nuron RSA method",
NULL,
NULL,
NULL,
NULL,
nuron_rsa_mod_exp,
nuron_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
static DSA_METHOD nuron_dsa = {
"Nuron DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
nuron_dsa_mod_exp, /* dsa_mod_exp */
nuron_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* dsa_paramgen */
NULL /* dsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DH
static DH_METHOD nuron_dh = {
"Nuron DH method",
NULL,
NULL,
nuron_mod_exp_dh,
NULL,
NULL,
0,
NULL,
NULL
};
# endif
/* Constants used when creating the ENGINE */
static const char *engine_nuron_id = "nuron";
static const char *engine_nuron_name = "Nuron hardware engine support";
/*
* This internal function is used by ENGINE_nuron() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_nuron_id) ||
!ENGINE_set_name(e, engine_nuron_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &nuron_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &nuron_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &nuron_dh) ||
# endif
!ENGINE_set_destroy_function(e, nuron_destroy) ||
!ENGINE_set_init_function(e, nuron_init) ||
!ENGINE_set_finish_function(e, nuron_finish) ||
!ENGINE_set_ctrl_function(e, nuron_ctrl) ||
!ENGINE_set_cmd_defns(e, nuron_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
nuron_dh.generate_key = meth3->generate_key;
nuron_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the nuron error handling is set up */
ERR_load_NURON_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_nuron(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_nuron(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_nuron();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_nuron_id) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_NURON */
#endif /* !OPENSSL_NO_HW */
engines/e_nuron.ec 已删除 100644 → 0
浏览文件 @ f51e5ed6
L NURON e_nuron_err.h e_nuron_err.c
engines/e_nuron_err.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* e_nuron_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_nuron_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA NURON_str_functs[] = {
{ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
{ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
{ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
{ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA NURON_str_reasons[] = {
{ERR_REASON(NURON_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(NURON_R_DSO_FAILURE), "dso failure"},
{ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND), "dso function not found"},
{ERR_REASON(NURON_R_DSO_NOT_FOUND), "dso not found"},
{ERR_REASON(NURON_R_NOT_LOADED), "not loaded"},
{0, NULL}
};
#endif
#ifdef NURON_LIB_NAME
static ERR_STRING_DATA NURON_lib_name[] = {
{0, NURON_LIB_NAME},
{0, NULL}
};
#endif
static int NURON_lib_error_code = 0;
static int NURON_error_init = 1;
static void ERR_load_NURON_strings(void)
{
if (NURON_lib_error_code == 0)
NURON_lib_error_code = ERR_get_next_error_library();
if (NURON_error_init) {
NURON_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(NURON_lib_error_code, NURON_str_functs);
ERR_load_strings(NURON_lib_error_code, NURON_str_reasons);
#endif
#ifdef NURON_LIB_NAME
NURON_lib_name->error = ERR_PACK(NURON_lib_error_code, 0, 0);
ERR_load_strings(0, NURON_lib_name);
#endif
}
}
static void ERR_unload_NURON_strings(void)
{
if (NURON_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(NURON_lib_error_code, NURON_str_functs);
ERR_unload_strings(NURON_lib_error_code, NURON_str_reasons);
#endif
#ifdef NURON_LIB_NAME
ERR_unload_strings(0, NURON_lib_name);
#endif
NURON_error_init = 1;
}
}
static void ERR_NURON_error(int function, int reason, char *file, int line)
{
if (NURON_lib_error_code == 0)
NURON_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(NURON_lib_error_code, function, reason, file, line);
}
engines/e_nuron_err.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_NURON_ERR_H
# define HEADER_NURON_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_NURON_strings(void);
static void ERR_unload_NURON_strings(void);
static void ERR_NURON_error(int function, int reason, char *file, int line);
# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
/* Error codes for the NURON functions. */
/* Function codes. */
# define NURON_F_NURON_CTRL 100
# define NURON_F_NURON_FINISH 101
# define NURON_F_NURON_INIT 102
# define NURON_F_NURON_MOD_EXP 103
/* Reason codes. */
# define NURON_R_ALREADY_LOADED 100
# define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
# define NURON_R_DSO_FAILURE 102
# define NURON_R_DSO_FUNCTION_NOT_FOUND 103
# define NURON_R_DSO_NOT_FOUND 104
# define NURON_R_NOT_LOADED 105
#ifdef __cplusplus
}
#endif
#endif
engines/e_sureware.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/*-
* Written by Corinne Dive-Reclus(cdive@baltimore.com)
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* Written by Corinne Dive-Reclus(cdive@baltimore.com)
*
* Copyright@2001 Baltimore Technologies Ltd.
* All right Reserved.
* *
* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
* SUCH DAMAGE. *
====================================================================*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_SUREWARE
# ifdef FLAT_INC
# include "sureware.h"
# else
# include "vendor_defns/sureware.h"
# endif
# define SUREWARE_LIB_NAME "sureware engine"
# include "e_sureware_err.c"
static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void));
static int surewarehk_destroy(ENGINE *e);
static int surewarehk_init(ENGINE *e);
static int surewarehk_finish(ENGINE *e);
static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
/* RSA stuff */
# ifndef OPENSSL_NO_RSA
static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int surewarehk_rsa_sign(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
# endif
/* RAND stuff */
static int surewarehk_rand_bytes(unsigned char *buf, int num);
static int surewarehk_rand_seed(const void *buf, int num);
static int surewarehk_rand_add(const void *buf, int num, double entropy);
/* KM stuff */
static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data);
static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data);
static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return surewarehk_modexp(r, a, p, m, ctx);
}
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD surewarehk_rsa = {
"SureWare RSA method",
NULL, /* pub_enc */
NULL, /* pub_dec */
surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */
surewarehk_rsa_priv_dec, /* priv_dec */
NULL, /* mod_exp */
surewarehk_mod_exp_mont, /* mod_exp_mongomery */
NULL, /* init */
NULL, /* finish */
0, /* RSA flag */
NULL,
NULL, /* OpenSSL sign */
NULL, /* OpenSSL verify */
NULL /* keygen */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return surewarehk_modexp(r, a, p, m, ctx);
}
static DH_METHOD surewarehk_dh = {
"SureWare DH method",
NULL, /* gen_key */
NULL, /* agree, */
surewarehk_modexp_dh, /* dh mod exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL,
NULL
};
# endif
static RAND_METHOD surewarehk_rand = {
/* "SureWare RAND method", */
surewarehk_rand_seed,
surewarehk_rand_bytes,
NULL, /* cleanup */
surewarehk_rand_add,
surewarehk_rand_bytes,
NULL, /* rand_status */
};
# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa);
static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!surewarehk_modexp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!surewarehk_modexp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static DSA_METHOD surewarehk_dsa = {
"SureWare DSA method",
surewarehk_dsa_do_sign,
NULL, /* sign setup */
NULL, /* verify, */
surewarehk_dsa_mod_exp, /* mod exp */
NULL, /* bn mod exp */
NULL, /* init */
NULL, /* finish */
0,
NULL,
NULL,
NULL
};
# endif
static const char *engine_sureware_id = "sureware";
static const char *engine_sureware_name = "SureWare hardware engine support";
/* Now, to our own code */
/*
* As this is only ever called once, there's no need for locking (indeed -
* the lock will already be held by our caller!!!)
*/
static int bind_sureware(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_sureware_id) ||
!ENGINE_set_name(e, engine_sureware_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &surewarehk_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &surewarehk_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &surewarehk_dh) ||
# endif
!ENGINE_set_RAND(e, &surewarehk_rand) ||
!ENGINE_set_destroy_function(e, surewarehk_destroy) ||
!ENGINE_set_init_function(e, surewarehk_init) ||
!ENGINE_set_finish_function(e, surewarehk_finish) ||
!ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
!ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
!ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
if (meth1) {
surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
}
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
if (meth2) {
surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
}
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
if (meth3) {
surewarehk_dh.generate_key = meth3->generate_key;
surewarehk_dh.compute_key = meth3->compute_key;
}
# endif
/* Ensure the sureware error handling is set up */
ERR_load_SUREWARE_strings();
return 1;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_sureware_id) != 0))
return 0;
if (!bind_sureware(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
# else
static ENGINE *engine_sureware(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_sureware(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_sureware(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_sureware();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This is a process-global DSO handle used for loading and unloading the
* SureWareHook library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *surewarehk_dso = NULL;
# ifndef OPENSSL_NO_RSA
/* Index for KM handle. Not really used yet. */
static int rsaHndidx = -1;
# endif
# ifndef OPENSSL_NO_DSA
/* Index for KM handle. Not really used yet. */
static int dsaHndidx = -1;
# endif
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static SureWareHook_Init_t *p_surewarehk_Init = NULL;
static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
static SureWareHook_Free_t *p_surewarehk_Free = NULL;
static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL;
static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL;
static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL;
static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL;
/* Used in the DSO operations. */
static const char *surewarehk_LIBNAME = "SureWareHook";
static const char *n_surewarehk_Init = "SureWareHook_Init";
static const char *n_surewarehk_Finish = "SureWareHook_Finish";
static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes";
static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed";
static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey";
static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey";
static const char *n_surewarehk_Load_Rsa_Pubkey =
"SureWareHook_Load_Rsa_Pubkey";
static const char *n_surewarehk_Load_Dsa_Pubkey =
"SureWareHook_Load_Dsa_Pubkey";
static const char *n_surewarehk_Free = "SureWareHook_Free";
static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec";
static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign";
static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign";
static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp";
static BIO *logstream = NULL;
/*
* SureWareHook library functions and mechanics - these are used by the
* higher-level functions further down. NB: As and where there's no error
* checking, take a look lower down where these functions are called, the
* checking and error handling is probably down there.
*/
static int threadsafe = 1;
static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void))
{
int to_return = 1;
switch (cmd) {
case ENGINE_CTRL_SET_LOGSTREAM:
{
BIO *bio = (BIO *)p;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
BIO_free(logstream);
logstream = NULL;
if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
logstream = bio;
else
SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
SUREWARE_R_BIO_WAS_FREED);
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
break;
/*
* This will prevent the initialisation function from "installing"
* the mutex-handling callbacks, even if they are available from
* within the library (or were provided to the library from the
* calling application). This is to remove any baggage for
* applications not using multithreading.
*/
case ENGINE_CTRL_CHIL_NO_LOCKING:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
threadsafe = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
break;
/* The command isn't understood by this engine */
default:
SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
to_return = 0;
break;
}
return to_return;
}
/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
static int surewarehk_destroy(ENGINE *e)
{
ERR_unload_SUREWARE_strings();
return 1;
}
/* (de)initialisation functions. */
static int surewarehk_init(ENGINE *e)
{
char msg[64] = "ENGINE_init";
SureWareHook_Init_t *p1 = NULL;
SureWareHook_Finish_t *p2 = NULL;
SureWareHook_Rand_Bytes_t *p3 = NULL;
SureWareHook_Rand_Seed_t *p4 = NULL;
SureWareHook_Load_Privkey_t *p5 = NULL;
SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL;
SureWareHook_Free_t *p7 = NULL;
SureWareHook_Rsa_Priv_Dec_t *p8 = NULL;
SureWareHook_Rsa_Sign_t *p9 = NULL;
SureWareHook_Dsa_Sign_t *p12 = NULL;
SureWareHook_Info_Pubkey_t *p13 = NULL;
SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL;
SureWareHook_Mod_Exp_t *p15 = NULL;
if (surewarehk_dso != NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
if (surewarehk_dso == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
goto err;
}
if (!
(p1 =
(SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Init))
|| !(p2 =
(SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Finish))
|| !(p3 =
(SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Rand_Bytes))
|| !(p4 =
(SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Rand_Seed))
|| !(p5 =
(SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Load_Privkey))
|| !(p6 =
(SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Load_Rsa_Pubkey))
|| !(p7 =
(SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free))
|| !(p8 =
(SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Rsa_Priv_Dec))
|| !(p9 =
(SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Rsa_Sign))
|| !(p12 =
(SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Dsa_Sign))
|| !(p13 =
(SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Info_Pubkey))
|| !(p14 =
(SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Load_Dsa_Pubkey))
|| !(p15 =
(SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso,
n_surewarehk_Mod_Exp))) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_surewarehk_Init = p1;
p_surewarehk_Finish = p2;
p_surewarehk_Rand_Bytes = p3;
p_surewarehk_Rand_Seed = p4;
p_surewarehk_Load_Privkey = p5;
p_surewarehk_Load_Rsa_Pubkey = p6;
p_surewarehk_Free = p7;
p_surewarehk_Rsa_Priv_Dec = p8;
p_surewarehk_Rsa_Sign = p9;
p_surewarehk_Dsa_Sign = p12;
p_surewarehk_Info_Pubkey = p13;
p_surewarehk_Load_Dsa_Pubkey = p14;
p_surewarehk_Mod_Exp = p15;
/* Contact the hardware and initialises it. */
if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
goto err;
}
if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
goto err;
}
/*
* try to load the default private key, if failed does not return a
* failure but wait for an explicit ENGINE_load_privakey
*/
surewarehk_load_privkey(e, NULL, NULL, NULL);
/* Everything's fine. */
# ifndef OPENSSL_NO_RSA
if (rsaHndidx == -1)
rsaHndidx = RSA_get_ex_new_index(0,
"SureWareHook RSA key handle",
NULL, NULL, surewarehk_ex_free);
# endif
# ifndef OPENSSL_NO_DSA
if (dsaHndidx == -1)
dsaHndidx = DSA_get_ex_new_index(0,
"SureWareHook DSA key handle",
NULL, NULL, surewarehk_ex_free);
# endif
return 1;
err:
DSO_free(surewarehk_dso);
surewarehk_dso = NULL;
p_surewarehk_Init = NULL;
p_surewarehk_Finish = NULL;
p_surewarehk_Rand_Bytes = NULL;
p_surewarehk_Rand_Seed = NULL;
p_surewarehk_Load_Privkey = NULL;
p_surewarehk_Load_Rsa_Pubkey = NULL;
p_surewarehk_Free = NULL;
p_surewarehk_Rsa_Priv_Dec = NULL;
p_surewarehk_Rsa_Sign = NULL;
p_surewarehk_Dsa_Sign = NULL;
p_surewarehk_Info_Pubkey = NULL;
p_surewarehk_Load_Dsa_Pubkey = NULL;
p_surewarehk_Mod_Exp = NULL;
return 0;
}
static int surewarehk_finish(ENGINE *e)
{
int to_return = 1;
if (surewarehk_dso == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED);
to_return = 0;
goto err;
}
p_surewarehk_Finish();
if (!DSO_free(surewarehk_dso)) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE);
to_return = 0;
goto err;
}
err:
BIO_free(logstream);
surewarehk_dso = NULL;
p_surewarehk_Init = NULL;
p_surewarehk_Finish = NULL;
p_surewarehk_Rand_Bytes = NULL;
p_surewarehk_Rand_Seed = NULL;
p_surewarehk_Load_Privkey = NULL;
p_surewarehk_Load_Rsa_Pubkey = NULL;
p_surewarehk_Free = NULL;
p_surewarehk_Rsa_Priv_Dec = NULL;
p_surewarehk_Rsa_Sign = NULL;
p_surewarehk_Dsa_Sign = NULL;
p_surewarehk_Info_Pubkey = NULL;
p_surewarehk_Load_Dsa_Pubkey = NULL;
p_surewarehk_Mod_Exp = NULL;
return to_return;
}
static void surewarehk_error_handling(char *const msg, int func, int ret)
{
switch (ret) {
case SUREWAREHOOK_ERROR_UNIT_FAILURE:
ENGINEerr(func, SUREWARE_R_UNIT_FAILURE);
break;
case SUREWAREHOOK_ERROR_FALLBACK:
ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK);
break;
case SUREWAREHOOK_ERROR_DATA_SIZE:
ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
break;
case SUREWAREHOOK_ERROR_INVALID_PAD:
ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED);
break;
default:
ENGINEerr(func, SUREWARE_R_REQUEST_FAILED);
break;
case 1: /* nothing */
msg[0] = '\0';
}
if (*msg) {
ERR_add_error_data(1, msg);
if (logstream) {
CRYPTO_w_lock(CRYPTO_LOCK_BIO);
BIO_write(logstream, msg, strlen(msg));
CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
}
}
}
static int surewarehk_rand_bytes(unsigned char *buf, int num)
{
int ret = 0;
char msg[64] = "ENGINE_rand_bytes";
if (!p_surewarehk_Rand_Bytes) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,
ENGINE_R_NOT_INITIALISED);
} else {
ret = p_surewarehk_Rand_Bytes(msg, buf, num);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret);
}
return ret == 1 ? 1 : 0;
}
static int surewarehk_rand_seed(const void *buf, int num)
{
int ret = 0;
char msg[64] = "ENGINE_rand_seed";
if (!p_surewarehk_Rand_Seed) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,
ENGINE_R_NOT_INITIALISED);
return 0;
} else {
ret = p_surewarehk_Rand_Seed(msg, buf, num);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret);
if (ret == 1)
return 1;
else
return 0;
}
}
static int surewarehk_rand_add(const void *buf, int num, double entropy)
{
return surewarehk_rand_seed(buf, num);
}
static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
char *hptr, unsigned long el,
char keytype)
{
EVP_PKEY *res = NULL;
# ifndef OPENSSL_NO_RSA
RSA *rsatmp = NULL;
# endif
# ifndef OPENSSL_NO_DSA
DSA *dsatmp = NULL;
# endif
char msg[64] = "sureware_load_public";
int ret = 0;
if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) {
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
ENGINE_R_NOT_INITIALISED);
goto err;
}
switch (keytype) {
# ifndef OPENSSL_NO_RSA
case 1:
/*RSA*/
/* set private external reference */
rsatmp = RSA_new_method(e);
RSA_set_ex_data(rsatmp, rsaHndidx, hptr);
rsatmp->flags |= RSA_FLAG_EXT_PKEY;
/* set public big nums */
rsatmp->e = BN_new();
rsatmp->n = BN_new();
if (!rsatmp->e || !rsatmp->n)
goto err;
bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
goto err;
ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
(unsigned long *)rsatmp->n->d,
(unsigned long *)rsatmp->e->d);
surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
if (ret != 1) {
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
goto err;
}
/* normalise pub e and pub n */
rsatmp->e->top = el / sizeof(BN_ULONG);
bn_fix_top(rsatmp->e);
rsatmp->n->top = el / sizeof(BN_ULONG);
bn_fix_top(rsatmp->n);
/* create an EVP object: engine + rsa key */
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rsatmp);
break;
# endif
# ifndef OPENSSL_NO_DSA
case 2:
/*DSA*/
/* set private/public external reference */
dsatmp = DSA_new_method(e);
DSA_set_ex_data(dsatmp, dsaHndidx, hptr);
/*
* dsatmp->flags |= DSA_FLAG_EXT_PKEY;
*/
/* set public key */
dsatmp->pub_key = BN_new();
dsatmp->p = BN_new();
dsatmp->q = BN_new();
dsatmp->g = BN_new();
if (!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g)
goto err;
bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
|| dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
|| dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
|| dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
goto err;
ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
(unsigned long *)dsatmp->
pub_key->d,
(unsigned long *)dsatmp->p->d,
(unsigned long *)dsatmp->q->d,
(unsigned long *)dsatmp->g->d);
surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
if (ret != 1) {
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
goto err;
}
/* set parameters */
/* normalise pubkey and parameters in case of */
dsatmp->pub_key->top = el / sizeof(BN_ULONG);
bn_fix_top(dsatmp->pub_key);
dsatmp->p->top = el / sizeof(BN_ULONG);
bn_fix_top(dsatmp->p);
dsatmp->q->top = 20 / sizeof(BN_ULONG);
bn_fix_top(dsatmp->q);
dsatmp->g->top = el / sizeof(BN_ULONG);
bn_fix_top(dsatmp->g);
/* create an EVP object: engine + rsa key */
res = EVP_PKEY_new();
EVP_PKEY_assign_DSA(res, dsatmp);
break;
# endif
default:
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
return res;
err:
# ifndef OPENSSL_NO_RSA
RSA_free(rsatmp);
# endif
# ifndef OPENSSL_NO_DSA
DSA_free(dsatmp);
# endif
return NULL;
}
static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data)
{
EVP_PKEY *res = NULL;
int ret = 0;
unsigned long el = 0;
char *hptr = NULL;
char keytype = 0;
char msg[64] = "ENGINE_load_privkey";
if (!p_surewarehk_Load_Privkey) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
ENGINE_R_NOT_INITIALISED);
} else {
ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype);
if (ret != 1) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
ERR_add_error_data(1, msg);
} else
res = sureware_load_public(e, key_id, hptr, el, keytype);
}
return res;
}
static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data)
{
EVP_PKEY *res = NULL;
int ret = 0;
unsigned long el = 0;
char *hptr = NULL;
char keytype = 0;
char msg[64] = "ENGINE_load_pubkey";
if (!p_surewarehk_Info_Pubkey) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
ENGINE_R_NOT_INITIALISED);
} else {
/* call once to identify if DSA or RSA */
ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype);
if (ret != 1) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
ERR_add_error_data(1, msg);
} else
res = sureware_load_public(e, key_id, hptr, el, keytype);
}
return res;
}
/*
* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
* , called when ex_data is freed
*/
static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp)
{
if (!p_surewarehk_Free) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED);
} else
p_surewarehk_Free((char *)item, 0);
}
/*
* return number of decrypted bytes
*/
# ifndef OPENSSL_NO_RSA
static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int ret = 0, tlen;
char *buf = NULL, *hptr = NULL;
char msg[64] = "ENGINE_rsa_priv_dec";
if (!p_surewarehk_Rsa_Priv_Dec) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
ENGINE_R_NOT_INITIALISED);
}
/* extract ref to private key */
else if ((hptr = RSA_get_ex_data(rsa, rsaHndidx)) == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
SUREWARE_R_MISSING_KEY_COMPONENTS);
goto err;
}
/* analyse what padding we can do into the hardware */
if (padding == RSA_PKCS1_PADDING) {
/* do it one shot */
ret =
p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
to, hptr, SUREWARE_PKCS1_PAD);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
ret);
if (ret != 1)
goto err;
ret = tlen;
} else { /* do with no padding into hardware */
ret =
p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
to, hptr, SUREWARE_NO_PAD);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
ret);
if (ret != 1)
goto err;
/* intermediate buffer for padding */
if ((buf = OPENSSL_malloc(tlen)) == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
ERR_R_MALLOC_FAILURE);
goto err;
}
memcpy(buf, to, tlen); /* transfert to into buf */
switch (padding) { /* check padding in software */
case RSA_PKCS1_OAEP_PADDING:
ret =
RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
tlen, tlen, NULL, 0);
break;
case RSA_SSLV23_PADDING:
ret =
RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
tlen);
break;
case RSA_NO_PADDING:
ret =
RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen,
tlen);
break;
default:
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
SUREWARE_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (ret < 0)
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
SUREWARE_R_PADDING_CHECK_FAILED);
}
err:
OPENSSL_clear_free(buf, tlen);
return ret;
}
/*
* Does what OpenSSL rsa_priv_enc does.
*/
static int surewarehk_rsa_sign(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int ret = 0, tlen;
char *hptr = NULL;
char msg[64] = "ENGINE_rsa_sign";
if (!p_surewarehk_Rsa_Sign) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED);
}
/* extract ref to private key */
else if ((hptr = RSA_get_ex_data(rsa, rsaHndidx)) == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
SUREWARE_R_MISSING_KEY_COMPONENTS);
} else {
switch (padding) {
case RSA_PKCS1_PADDING: /* do it in one shot */
ret =
p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen,
to, hptr, SUREWARE_PKCS1_PAD);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN,
ret);
break;
case RSA_NO_PADDING:
default:
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
SUREWARE_R_UNKNOWN_PADDING_TYPE);
}
}
return ret == 1 ? tlen : ret;
}
# endif
# ifndef OPENSSL_NO_DSA
/* DSA sign and verify */
static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
DSA *dsa)
{
int ret = 0;
char *hptr = NULL;
DSA_SIG *psign = NULL;
char msg[64] = "ENGINE_dsa_do_sign";
if (!p_surewarehk_Dsa_Sign) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
ENGINE_R_NOT_INITIALISED);
goto err;
}
/* extract ref to private key */
else if ((hptr = DSA_get_ex_data(dsa, dsaHndidx)) == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
SUREWARE_R_MISSING_KEY_COMPONENTS);
goto err;
} else {
if ((psign = DSA_SIG_new()) == NULL) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
ERR_R_MALLOC_FAILURE);
goto err;
}
psign->r = BN_new();
psign->s = BN_new();
if (!psign->r || !psign->s)
goto err;
bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
if (psign->r->dmax != 20 / sizeof(BN_ULONG) ||
psign->s->dmax != 20 / sizeof(BN_ULONG))
goto err;
ret = p_surewarehk_Dsa_Sign(msg, flen, from,
(unsigned long *)psign->r->d,
(unsigned long *)psign->s->d, hptr);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
ret);
}
psign->r->top = 20 / sizeof(BN_ULONG);
bn_fix_top(psign->r);
psign->s->top = 20 / sizeof(BN_ULONG);
bn_fix_top(psign->s);
err:
if (psign) {
DSA_SIG_free(psign);
psign = NULL;
}
return psign;
}
# endif
static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
int ret = 0;
char msg[64] = "ENGINE_modexp";
if (!p_surewarehk_Mod_Exp) {
SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
} else if (r) {
bn_expand2(r, m->top);
if (r->dmax == m->top) {
/* do it */
ret = p_surewarehk_Mod_Exp(msg,
m->top * sizeof(BN_ULONG),
(unsigned long *)m->d,
p->top * sizeof(BN_ULONG),
(unsigned long *)p->d,
a->top * sizeof(BN_ULONG),
(unsigned long *)a->d,
(unsigned long *)r->d);
surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret);
if (ret == 1) {
/* normalise result */
r->top = m->top;
bn_fix_top(r);
}
}
}
return ret;
}
# endif /* !OPENSSL_NO_HW_SUREWARE */
#endif /* !OPENSSL_NO_HW */
engines/e_sureware.ec 已删除 100644 → 0
浏览文件 @ f51e5ed6
L SUREWARE e_sureware_err.h e_sureware_err.c
engines/e_sureware_err.c 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* e_sureware_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_sureware_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA SUREWARE_str_functs[] = {
{ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
{ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
{0, NULL}
};
static ERR_STRING_DATA SUREWARE_str_reasons[] = {
{ERR_REASON(SUREWARE_R_BIO_WAS_FREED), "bio was freed"},
{ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED), "padding check failed"},
{ERR_REASON(SUREWARE_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(SUREWARE_R_REQUEST_FALLBACK), "request fallback"},
{ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(SUREWARE_R_UNIT_FAILURE), "unit failure"},
{ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
{0, NULL}
};
#endif
#ifdef SUREWARE_LIB_NAME
static ERR_STRING_DATA SUREWARE_lib_name[] = {
{0, SUREWARE_LIB_NAME},
{0, NULL}
};
#endif
static int SUREWARE_lib_error_code = 0;
static int SUREWARE_error_init = 1;
static void ERR_load_SUREWARE_strings(void)
{
if (SUREWARE_lib_error_code == 0)
SUREWARE_lib_error_code = ERR_get_next_error_library();
if (SUREWARE_error_init) {
SUREWARE_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
#endif
#ifdef SUREWARE_LIB_NAME
SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code, 0, 0);
ERR_load_strings(0, SUREWARE_lib_name);
#endif
}
}
static void ERR_unload_SUREWARE_strings(void)
{
if (SUREWARE_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
#endif
#ifdef SUREWARE_LIB_NAME
ERR_unload_strings(0, SUREWARE_lib_name);
#endif
SUREWARE_error_init = 1;
}
}
static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
{
if (SUREWARE_lib_error_code == 0)
SUREWARE_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(SUREWARE_lib_error_code, function, reason, file, line);
}
engines/e_sureware_err.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_SUREWARE_ERR_H
# define HEADER_SUREWARE_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_SUREWARE_strings(void);
static void ERR_unload_SUREWARE_strings(void);
static void ERR_SUREWARE_error(int function, int reason, char *file,
int line);
# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
/* Error codes for the SUREWARE functions. */
/* Function codes. */
# define SUREWARE_F_SUREWAREHK_CTRL 100
# define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
# define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
# define SUREWARE_F_SUREWAREHK_EX_FREE 102
# define SUREWARE_F_SUREWAREHK_FINISH 103
# define SUREWARE_F_SUREWAREHK_INIT 104
# define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
# define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
# define SUREWARE_F_SUREWAREHK_MODEXP 107
# define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
# define SUREWARE_F_SUREWAREHK_RAND_SEED 109
# define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
# define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
# define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
/* Reason codes. */
# define SUREWARE_R_BIO_WAS_FREED 100
# define SUREWARE_R_MISSING_KEY_COMPONENTS 105
# define SUREWARE_R_PADDING_CHECK_FAILED 106
# define SUREWARE_R_REQUEST_FAILED 101
# define SUREWARE_R_REQUEST_FALLBACK 102
# define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
# define SUREWARE_R_UNIT_FAILURE 104
# define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
#ifdef __cplusplus
}
#endif
#endif
engines/makeengines.com
浏览文件 @ 8b7080b0
......@@ -94,7 +94,7 @@ $! library that isn't necessarely ported to VMS.
$!
$ ENGINES = "," + P6
$ IF ENGINES .EQS. "," THEN -
ENGINES = ",4758cca,padlock,capi,"
ENGINES = ",padlock,capi,"
$!
$! GOST requires a 64-bit integer type, unavailable on VAX.
$!
......@@ -155,7 +155,6 @@ $ ENGINE_ = "engine_vector.mar"
$ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
$ TV_OBJ = ",''TV_OBJ_NAME'"
$ ENDIF
$ ENGINE_4758CCA = "e_4758cca"
$ ENGINE_padlock = "e_padlock"
$ ENGINE_capi = "e_capi"
$
......
engines/vendor_defns/aep.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/*
* This header declares the necessary definitions for using the
* exponentiation acceleration capabilities, and rnd number generation of the
* AEP card.
*/
/*
*
* Some AEP defines
*
*/
/*
* Successful return value
*/
#define AEP_R_OK 0x00000000
/*
* Miscelleanous unsuccessful return value
*/
#define AEP_R_GENERAL_ERROR 0x10000001
/*
* Insufficient host memory
*/
#define AEP_R_HOST_MEMORY 0x10000002
#define AEP_R_FUNCTION_FAILED 0x10000006
/*
* Invalid arguments in function call
*/
#define AEP_R_ARGUMENTS_BAD 0x10020000
#define AEP_R_NO_TARGET_RESOURCES 0x10030000
/*
* Error occuring on socket operation
*/
#define AEP_R_SOCKERROR 0x10000010
/*
* Socket has been closed from the other end
*/
#define AEP_R_SOCKEOF 0x10000011
/*
* Invalid handles
*/
#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
/*
* Transaction has not yet returned from accelerator
*/
#define AEP_R_TRANSACTION_NOT_READY 0x00010000
/*
* There is already a thread waiting on this transaction
*/
#define AEP_R_TRANSACTION_CLAIMED 0x10050000
/*
* The transaction timed out
*/
#define AEP_R_TIMED_OUT 0x10060000
#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
#define AEP_R_TARGET_ERROR 0x10080000
/*
* Error in the AEP daemon process
*/
#define AEP_R_DAEMON_ERROR 0x10090000
/*
* Invalid ctx id
*/
#define AEP_R_INVALID_CTX_ID 0x10009000
#define AEP_R_NO_KEY_MANAGER 0x1000a000
/*
* Error obtaining a mutex
*/
#define AEP_R_MUTEX_BAD 0x000001A0
/*
* Fxn call before AEP_Initialise ot after AEP_Finialise
*/
#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
/*
* AEP_Initialise has already been called
*/
#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
/*
* Maximum number of connections to daemon reached
*/
#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
/*
*
* Some AEP Type definitions
*
*/
/* an unsigned 8-bit value */
typedef unsigned char AEP_U8;
/* an unsigned 8-bit character */
typedef char AEP_CHAR;
/* a BYTE-sized Boolean flag */
typedef AEP_U8 AEP_BBOOL;
/*
* Unsigned value, at least 16 bits long
*/
typedef unsigned short AEP_U16;
/* an unsigned value, at least 32 bits long */
#ifdef SIXTY_FOUR_BIT_LONG
typedef unsigned int AEP_U32;
#else
typedef unsigned long AEP_U32;
#endif
#ifdef SIXTY_FOUR_BIT_LONG
typedef unsigned long AEP_U64;
#else
typedef struct {
unsigned long l1, l2;
} AEP_U64;
#endif
/* at least 32 bits; each bit is a Boolean flag */
typedef AEP_U32 AEP_FLAGS;
typedef AEP_U8 *AEP_U8_PTR;
typedef AEP_CHAR *AEP_CHAR_PTR;
typedef AEP_U32 *AEP_U32_PTR;
typedef AEP_U64 *AEP_U64_PTR;
typedef void *AEP_VOID_PTR;
/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
/*
* Used to identify an AEP connection handle
*/
typedef AEP_U32 AEP_CONNECTION_HNDL;
/*
* Pointer to an AEP connection handle
*/
typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
/*
* Used by an application (in conjunction with the apps process id) to
* identify an individual transaction
*/
typedef AEP_U32 AEP_TRANSACTION_ID;
/*
* Pointer to an applications transaction identifier
*/
typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
/*
* Return value type
*/
typedef AEP_U32 AEP_RV;
#define MAX_PROCESS_CONNECTIONS 256
#define RAND_BLK_SIZE 1024
typedef enum {
NotConnected = 0,
Connected = 1,
InUse = 2
} AEP_CONNECTION_STATE;
typedef struct AEP_CONNECTION_ENTRY {
AEP_CONNECTION_STATE conn_state;
AEP_CONNECTION_HNDL conn_hndl;
} AEP_CONNECTION_ENTRY;
typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
AEP_VOID_PTR pA, AEP_VOID_PTR pP,
AEP_VOID_PTR pN,
AEP_VOID_PTR pResult,
AEP_TRANSACTION_ID *pidTransID);
typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
AEP_VOID_PTR pA, AEP_VOID_PTR pP,
AEP_VOID_PTR pQ,
AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
AEP_VOID_PTR pIqmp,
AEP_VOID_PTR pResult,
AEP_TRANSACTION_ID *pidTransID);
#ifdef AEPRAND
typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
AEP_U32 Len,
AEP_U32 Type,
AEP_VOID_PTR pResult,
AEP_TRANSACTION_ID *pidTransID);
#endif
typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
typedef AEP_RV t_AEP_Finalize(void);
typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)
(AEP_VOID_PTR ArbBigNum,
AEP_U32 *BigNumSize),
AEP_RV (*MakeAEPBigNumFunc) (AEP_VOID_PTR
ArbBigNum,
AEP_U32
BigNumSize,
unsigned char
*AEP_BigNum),
AEP_RV (*ConverAEPBigNumFunc) (void
*ArbBigNum,
AEP_U32
BigNumSize,
unsigned
char
*AEP_BigNum));
engines/vendor_defns/atalla.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/*
* This header declares the necessary definitions for using the
* exponentiation acceleration capabilities of Atalla cards. The only
* cryptographic operation is performed by "ASI_RSAPrivateKeyOpFn" and this
* takes a structure that defines an "RSA private key". However, it is really
* only performing a regular mod_exp using the supplied modulus and exponent
* - no CRT form is being used. Hence, it is a generic mod_exp function in
* disguise, and we use it as such. Thanks to the people at Atalla for
* letting me know these definitions are fine and that they can be reproduced
* here. Geoff.
*/
typedef struct ItemStr {
unsigned char *data;
int len;
} Item;
typedef struct RSAPrivateKeyStr {
void *reserved;
Item version;
Item modulus;
Item publicExponent;
Item privateExponent;
Item prime[2];
Item exponent[2];
Item coefficient;
} RSAPrivateKey;
/*
* Predeclare the function pointer types that we dynamically load from the
* DSO. These use the same names and form that Ben's original support code
* had (in crypto/bn/bn_exp.c) unless of course I've inadvertently changed
* the style somewhere along the way!
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
unsigned char *output,
unsigned char *input,
unsigned int modulus_len);
engines/vendor_defns/cswift.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/*
* Attribution notice: Rainbow have generously allowed me to reproduce the
* necessary definitions here from their API. This means the support can
* build independently of whether application builders have the API or
* hardware. This will allow developers to easily produce software that has
* latent hardware support for any users that have accelertors installed,
* without the developers themselves needing anything extra. I have only
* clipped the parts from the CryptoSwift header files that are (or seem)
* relevant to the CryptoSwift support code. This is simply to keep the file
* sizes reasonable. [Geoff]
*/
/*
* NB: These type widths do *not* seem right in general, in particular
* they're not terribly friendly to 64-bit architectures (unsigned long) will
* be 64-bit on IA-64 for a start. I'm leaving these alone as they agree with
* Rainbow's API and this will only be called into question on platforms with
* Rainbow support anyway! ;-)
*/
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
typedef long SW_STATUS; /* status */
typedef unsigned char SW_BYTE; /* 8 bit byte */
typedef unsigned short SW_U16; /* 16 bit number */
#if defined(_IRIX)
# include <sgidefs.h>
typedef __uint32_t SW_U32;
#else
typedef unsigned long SW_U32; /* 32 bit integer */
#endif
#if defined(OPENSSL_SYS_WIN32)
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#else /* Unix variants */
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#endif
/* status codes */
#define SW_OK (0L)
#define SW_ERR_BASE (-10000L)
#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
/* up yet */
#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
/* time out */
#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
/* execute the command */
#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
/* NULL */
#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
/* small, too large. */
#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
/* handle */
#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
/* standing at this */
/* context handle */
#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
#define SW_ERR_NO_PENDING (SW_ERR_BASE-10) /* No request is pending. */
#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11) /* Not enough memory */
#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12) /* Invalid algorithm type */
/* in SW_PARAM structure */
#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13) /* No key is associated with */
/* context. */
/* swAttachKeyParam() is */
/* not called. */
#define SW_ERR_KEY_CMD_MISMATCH \
(SW_ERR_BASE-14) /* Cannot perform requested */
/* SW_COMMAND_CODE since */
/* key attached via */
/* swAttachKeyParam() */
/* cannot be used for this */
/* SW_COMMAND_CODE. */
#define SW_ERR_NOT_IMPLEMENTED \
(SW_ERR_BASE-15) /* Not implemented */
#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16) /* Bad command code */
#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17) /* too small or too large in */
/* the "initems" or */
/* "outitems". */
#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18) /* Bad accelerator number */
#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19) /* At least one of the self */
/* test fail, look at the */
/* selfTestBitmap in */
/* SW_ACCELERATOR_INFO for */
/* details. */
#define SW_ERR_MISALIGN (SW_ERR_BASE-20) /* Certain alogrithms require */
/* key materials aligned */
/* in certain order, e.g. */
/* 128 bit for CRT */
#define SW_ERR_OUTPUT_NULL_PTR \
(SW_ERR_BASE-21) /* a required pointer is */
/* NULL */
#define SW_ERR_OUTPUT_SIZE \
(SW_ERR_BASE-22) /* size is invalid, too */
/* small, too large. */
#define SW_ERR_FIRMWARE_CHECKSUM \
(SW_ERR_BASE-23) /* firmware checksum mismatch */
/* download failed. */
#define SW_ERR_UNKNOWN_FIRMWARE \
(SW_ERR_BASE-24) /* unknown firmware error */
#define SW_ERR_INTERRUPT (SW_ERR_BASE-25) /* request is abort when */
/* it's waiting to be */
/* completed. */
#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26) /* error in writing to Non- */
/* volatile memory */
#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27) /* out of range error in */
/* writing to NV memory */
#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28) /* Random Number Generation */
/* failure */
#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29) /* DSS Sign or Verify failure */
#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30) /* Failure in various math */
/* calculations */
#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31) /* Error in accessing on - */
/* board memory */
#define SW_ERR_FIRMWARE_VERSION \
(SW_ERR_BASE-32) /* Wrong version in firmware */
/* update */
#define SW_ERR_ZERO_WORKING_ACCELERATOR \
(SW_ERR_BASE-44) /* All accelerators are bad */
/* algorithm type */
#define SW_ALG_CRT 1
#define SW_ALG_EXP 2
#define SW_ALG_DSA 3
#define SW_ALG_NVDATA 4
/* command code */
#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
/* Chinese Remainder Theorem (CRT) */
#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
#define SW_CMD_RAND 5 /* perform random number generation */
#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
typedef SW_U32 SW_STATE; /* state */
typedef SW_U32 SW_COMMAND_CODE; /* command code */
typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
typedef struct _SW_LARGENUMBER {
SW_U32 nbytes; /* number of bytes in the buffer "value" */
SW_BYTE *value; /* the large integer as a string of */
/* bytes in network (big endian) order */
} SW_LARGENUMBER;
#if defined(OPENSSL_SYS_WIN32)
# include <windows.h>
typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
# define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
# define SW_CALLCONV _stdcall
#else /* Unix variants */
typedef int SW_OSHANDLE; /* handle to driver */
# define SW_OS_INVALID_HANDLE (-1)
# define SW_CALLCONV
#endif
typedef struct _SW_CRT {
SW_LARGENUMBER p; /* prime number p */
SW_LARGENUMBER q; /* prime number q */
SW_LARGENUMBER dmp1; /* exponent1 */
SW_LARGENUMBER dmq1; /* exponent2 */
SW_LARGENUMBER iqmp; /* CRT coefficient */
} SW_CRT;
typedef struct _SW_EXP {
SW_LARGENUMBER modulus; /* modulus */
SW_LARGENUMBER exponent; /* exponent */
} SW_EXP;
typedef struct _SW_DSA {
SW_LARGENUMBER p; /* */
SW_LARGENUMBER q; /* */
SW_LARGENUMBER g; /* */
SW_LARGENUMBER key; /* private/public key */
} SW_DSA;
typedef struct _SW_NVDATA {
SW_U32 accnum; /* accelerator board number */
SW_U32 offset; /* offset in byte */
} SW_NVDATA;
typedef struct _SW_PARAM {
SW_ALGTYPE type; /* type of the alogrithm */
union {
SW_CRT crt;
SW_EXP exp;
SW_DSA dsa;
SW_NVDATA nvdata;
} up;
} SW_PARAM;
typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
/*
* Now the OpenSSL bits, these function types are the for the function
* pointers that will bound into the Rainbow shared libraries.
*/
typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE
*hac);
typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
SW_PARAM *key_params);
typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
SW_COMMAND_CODE cmd,
SW_LARGENUMBER pin[],
SW_U32 pin_count,
SW_LARGENUMBER pout[],
SW_U32 pout_count);
typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE
hac);
#ifdef __cplusplus
}
#endif /* __cplusplus */
engines/vendor_defns/hw_4758_cca.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/**********************************************************************/
/* */
/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
/* */
/* Maurice Gittens <maurice@gittens.nl> */
/* */
/**********************************************************************/
#ifndef __HW_4758_CCA__
# define __HW_4758_CCA__
/*
* Only WIN32 support for now
*/
# if defined(WIN32)
# define CCA_LIB_NAME "CSUNSAPI"
# define CSNDPKX "CSNDPKX_32"
# define CSNDKRR "CSNDKRR_32"
# define CSNDPKE "CSNDPKE_32"
# define CSNDPKD "CSNDPKD_32"
# define CSNDDSV "CSNDDSV_32"
# define CSNDDSG "CSNDDSG_32"
# define CSNBRNG "CSNBRNG_32"
# define SECURITYAPI __stdcall
# else
/*
* Fixme!! Find out the values of these constants for other platforms.
*/
# define CCA_LIB_NAME "CSUNSAPI"
# define CSNDPKX "CSNDPKX"
# define CSNDKRR "CSNDKRR"
# define CSNDPKE "CSNDPKE"
# define CSNDPKD "CSNDPKD"
# define CSNDDSV "CSNDDSV"
# define CSNDDSG "CSNDDSG"
# define CSNBRNG "CSNBRNG"
# define SECURITYAPI
# endif
/*
* security API prototypes
*/
/* PKA Key Record Read */
typedef void (SECURITYAPI * F_KEYRECORDREAD)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
unsigned char *key_label, long *key_token_length, unsigned char *key_token);
/* Random Number Generate */
typedef void (SECURITYAPI * F_RANDOMNUMBERGENERATE)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
unsigned char *form, unsigned char *random_number);
/* Digital Signature Generate */
typedef void (SECURITYAPI * F_DIGITALSIGNATUREGENERATE)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long *PKA_private_key_id_length,
unsigned char *PKA_private_key_id,
long *hash_length,
unsigned char *hash,
long *signature_field_length,
long *signature_bit_length, unsigned char *signature_field);
/* Digital Signature Verify */
typedef void (SECURITYAPI * F_DIGITALSIGNATUREVERIFY) (long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char
*exit_data,
long *rule_array_count,
unsigned char
*rule_array,
long
*PKA_public_key_id_length,
unsigned char
*PKA_public_key_id,
long *hash_length,
unsigned char *hash,
long
*signature_field_length,
unsigned char
*signature_field);
/* PKA Public Key Extract */
typedef void (SECURITYAPI * F_PUBLICKEYEXTRACT) (long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long
*source_key_identifier_length,
unsigned char
*source_key_identifier,
long
*target_key_token_length,
unsigned char
*target_key_token);
/* PKA Encrypt */
typedef void (SECURITYAPI * F_PKAENCRYPT)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long *key_value_length,
unsigned char *key_value,
long *data_struct_length,
unsigned char *data_struct,
long *RSA_public_key_length,
unsigned char *RSA_public_key,
long *RSA_encipher_length, unsigned char *RSA_encipher);
/* PKA Decrypt */
typedef void (SECURITYAPI * F_PKADECRYPT)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long *enciphered_key_length,
unsigned char *enciphered_key,
long *data_struct_length,
unsigned char *data_struct,
long *RSA_private_key_length,
unsigned char *RSA_private_key,
long *key_value_length, unsigned char *key_value);
#endif
engines/vendor_defns/sureware.h 已删除 100644 → 0
浏览文件 @ f51e5ed6
/*-
* Written by Corinne Dive-Reclus(cdive@baltimore.com)
*
* Copyright@2001 Baltimore Technologies Ltd.
*
* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef WIN32
# define SW_EXPORT __declspec ( dllexport )
#else
# define SW_EXPORT
#endif
/*
* List of exposed SureWare errors
*/
#define SUREWAREHOOK_ERROR_FAILED -1
#define SUREWAREHOOK_ERROR_FALLBACK -2
#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
#define SUREWAREHOOK_ERROR_DATA_SIZE -4
#define SUREWAREHOOK_ERROR_INVALID_PAD -5
/*-
* -----------------WARNING-----------------------------------
* In all the following functions:
* msg is a string with at least 24 bytes free.
* A 24 bytes string will be concatenated to the existing content of msg.
*/
/*-
* SureWare Initialisation function
* in param threadsafe, if !=0, thread safe enabled
* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
*/
typedef int SureWareHook_Init_t(char *const msg, int threadsafe);
extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
/*-
* SureWare Finish function
*/
typedef void SureWareHook_Finish_t(void);
extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
/*-
* PRE_CONDITION:
* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
*/
/*-
* SureWare RAND Bytes function
* In case of failure, the content of buf is unpredictable.
* return 1 if success
* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in/out param buf : a num bytes long buffer where random bytes will be put
* in param num : the number of bytes into buf
*/
typedef int SureWareHook_Rand_Bytes_t(char *const msg, unsigned char *buf,
int num);
extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
/*-
* SureWare RAND Seed function
* Adds some seed to the Hardware Random Number Generator
* return 1 if success
* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param buf : the seed to add into the HRNG
* in param num : the number of bytes into buf
*/
typedef int SureWareHook_Rand_Seed_t(char *const msg, const void *buf,
int num);
extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
/*-
* SureWare Load Private Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the private protected key file without the extension
".sws"
* out param hptr : a pointer to a buffer allocated by SureWare_Hook
* out param num: the effective key length in bytes
* out param keytype: 1 if RSA 2 if DSA
*/
typedef int SureWareHook_Load_Privkey_t(char *const msg, const char *key_id,
char **hptr, unsigned long *num,
char *keytype);
extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
/*-
* SureWare Info Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the private protected key file without the extension
".swp"
* out param hptr : a pointer to a buffer allocated by SureWare_Hook
* out param num: the effective key length in bytes
* out param keytype: 1 if RSA 2 if DSA
*/
typedef int SureWareHook_Info_Pubkey_t(char *const msg, const char *key_id,
unsigned long *num, char *keytype);
extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
/*-
* SureWare Load Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the public protected key file without the extension
".swp"
* in param num : the bytes size of n and e
* out param n: where to write modulus in bn format
* out param e: where to write exponent in bn format
*/
typedef int SureWareHook_Load_Rsa_Pubkey_t(char *const msg,
const char *key_id,
unsigned long num,
unsigned long *n,
unsigned long *e);
extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
/*-
* SureWare Load DSA Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the public protected key file without the extension
".swp"
* in param num : the bytes size of n and e
* out param pub: where to write pub key in bn format
* out param p: where to write prime in bn format
* out param q: where to write sunprime (length 20 bytes) in bn format
* out param g: where to write base in bn format
*/
typedef int SureWareHook_Load_Dsa_Pubkey_t(char *const msg,
const char *key_id,
unsigned long num,
unsigned long *pub,
unsigned long *p, unsigned long *q,
unsigned long *g);
extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
/*-
* SureWare Free function
* Destroy the key into the hardware if destroy==1
*/
typedef void SureWareHook_Free_t(char *p, int destroy);
extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
#define SUREWARE_PKCS1_PAD 1
#define SUREWARE_ISO9796_PAD 2
#define SUREWARE_NO_PAD 0
/*-
* SureWare RSA Private Decryption
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param flen : byte size of from and to
* in param from : encrypted data buffer, should be a not-null valid pointer
* out param tlen: byte size of decrypted data, if error, unexpected value
* out param to : decrypted data buffer, should be a not-null valid pointer
* in param prsa: a protected key pointer, should be a not-null valid pointer
* int padding: padding id as follow
* SUREWARE_PKCS1_PAD
* SUREWARE_NO_PAD
*
*/
typedef int SureWareHook_Rsa_Priv_Dec_t(char *const msg, int flen,
unsigned char *from, int *tlen,
unsigned char *to, char *prsa,
int padding);
extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
/*-
* SureWare RSA Signature
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param flen : byte size of from and to
* in param from : encrypted data buffer, should be a not-null valid pointer
* out param tlen: byte size of decrypted data, if error, unexpected value
* out param to : decrypted data buffer, should be a not-null valid pointer
* in param prsa: a protected key pointer, should be a not-null valid pointer
* int padding: padding id as follow
* SUREWARE_PKCS1_PAD
* SUREWARE_ISO9796_PAD
*
*/
typedef int SureWareHook_Rsa_Sign_t(char *const msg, int flen,
unsigned char *from, int *tlen,
unsigned char *to, char *prsa,
int padding);
extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
/*-
* SureWare DSA Signature
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param flen : byte size of from and to
* in param from : encrypted data buffer, should be a not-null valid pointer
* out param to : decrypted data buffer, should be a 40bytes valid pointer
* in param pdsa: a protected key pointer, should be a not-null valid pointer
*
*/
typedef int SureWareHook_Dsa_Sign_t(char *const msg, int flen,
const unsigned char *from,
unsigned long *r, unsigned long *s,
char *pdsa);
extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
/*-
* SureWare Mod Exp
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* mod and res are mlen bytes long.
* exp is elen bytes long
* data is dlen bytes long
* mlen,elen and dlen are all multiple of sizeof(unsigned long)
*/
typedef int SureWareHook_Mod_Exp_t(char *const msg, int mlen,
const unsigned long *mod, int elen,
const unsigned long *exponent, int dlen,
unsigned long *data, unsigned long *res);
extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册