add "dsa_dsa_mod_exp" - This mimics the software dsa_mod_exp funtion

using two mod_exp operations - otherwise we use BN_mod_exp2 entirely in software, which makes dsa verifications glacially slow while signatures, (which use mod_exp) are fast. This lets cards that can only do bn_mod_exp decently offload most of dsa.
author: beck <> 2002-06-11 16:07:14 +0000
committer: beck <> 2002-06-11 16:07:14 +0000
commit: 14da1a4449f342ed1a6e07d2c7f91244e782fee6 (patch)
tree: a586c6b46fe4b245307978e6b845bc27db34bad5 /src
parent: f93ac9817d952baaa63dc9f3008ea7678ccc1697 (diff)
download: openbsd-14da1a4449f342ed1a6e07d2c7f91244e782fee6.tar.gz
openbsd-14da1a4449f342ed1a6e07d2c7f91244e782fee6.tar.bz2
openbsd-14da1a4449f342ed1a6e07d2c7f91244e782fee6.zip
2 files changed, 74 insertions, 6 deletions
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
index 8eea1935a6..44ac38179f 100644
--- a/src/lib/libcrypto/engine/hw_cryptodev.c
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -795,6 +795,38 @@ cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
 }
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+        
+        BN_init(&t2);
+ 
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0; 
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+        BN_copy(t1,u1);
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
 static DSA_SIG *
 cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
@@ -850,7 +882,6 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
        struct crypt_kop kop;
        int dsaret = 1;
-        printf("foo\n");
        memset(&kop, 0, sizeof kop);
        kop.crk_op = CRK_DSA_VERIFY;
@@ -1029,10 +1060,12 @@ ENGINE_load_cryptodev(void)
                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); 
                if (cryptodev_asymfeat & CRF_DSA_SIGN) 
                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;   
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;   
-                if (cryptodev_asymfeat & CRF_MOD_EXP)
-                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
        }
                
@@ -1054,3 +1087,4 @@ ENGINE_load_cryptodev(void)
        ENGINE_free(engine);
        ERR_clear_error();
 }
diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
index 8eea1935a6..44ac38179f 100644
--- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
+++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -795,6 +795,38 @@ cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
 }
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+        
+        BN_init(&t2);
+ 
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0; 
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+        BN_copy(t1,u1);
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
 static DSA_SIG *
 cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
@@ -850,7 +882,6 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
        struct crypt_kop kop;
        int dsaret = 1;
-        printf("foo\n");
        memset(&kop, 0, sizeof kop);
        kop.crk_op = CRK_DSA_VERIFY;
@@ -1029,10 +1060,12 @@ ENGINE_load_cryptodev(void)
                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); 
                if (cryptodev_asymfeat & CRF_DSA_SIGN) 
                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;   
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;   
-                if (cryptodev_asymfeat & CRF_MOD_EXP)
-                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
        }
                
@@ -1054,3 +1087,4 @@ ENGINE_load_cryptodev(void)
        ENGINE_free(engine);
        ERR_clear_error();
 }
author	beck <>	2002-06-11 16:07:14 +0000
committer	beck <>	2002-06-11 16:07:14 +0000
commit	14da1a4449f342ed1a6e07d2c7f91244e782fee6 (patch)
tree	a586c6b46fe4b245307978e6b845bc27db34bad5 /src
parent	f93ac9817d952baaa63dc9f3008ea7678ccc1697 (diff)
download	openbsd-14da1a4449f342ed1a6e07d2c7f91244e782fee6.tar.gz openbsd-14da1a4449f342ed1a6e07d2c7f91244e782fee6.tar.bz2 openbsd-14da1a4449f342ed1a6e07d2c7f91244e782fee6.zip

diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 8eea1935a6..44ac38179f 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -795,6 +795,38 @@ cryptodev_dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
795	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));	795	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
796	}	796	}
797		797
		798	static int
		799	cryptodev_dsa_dsa_mod_exp(DSA dsa, BIGNUM t1, BIGNUM *g,
		800	BIGNUM u1, BIGNUM pub_key, BIGNUM u2, BIGNUM p,
		801	BN_CTX ctx, BN_MONT_CTX mont)
		802	{
		803	BIGNUM t2;
		804	int ret = 0;
		805
		806	BN_init(&t2);
		807
		808	/* v = ( g^u1 * y^u2 mod p ) mod q */
		809	/* let t1 = g ^ u1 mod p */
		810	ret = 0;
		811
		812	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
		813	goto err;
		814
		815	/* let t2 = y ^ u2 mod p */
		816	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
		817	goto err;
		818	/* let u1 = t1 * t2 mod p */
		819	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
		820	goto err;
		821
		822	BN_copy(t1,u1);
		823
		824	ret = 1;
		825	err:
		826	BN_free(&t2);
		827	return(ret);
		828	}
		829
798	static DSA_SIG *	830	static DSA_SIG *
799	cryptodev_dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)	831	cryptodev_dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)
800	{	832	{
@@ -850,7 +882,6 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
850	struct crypt_kop kop;	882	struct crypt_kop kop;
851	int dsaret = 1;	883	int dsaret = 1;
852		884
853	printf("foo\n");
854	memset(&kop, 0, sizeof kop);	885	memset(&kop, 0, sizeof kop);
855	kop.crk_op = CRK_DSA_VERIFY;	886	kop.crk_op = CRK_DSA_VERIFY;
856		887
@@ -1029,10 +1060,12 @@ ENGINE_load_cryptodev(void)
1029	memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));	1060	memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1030	if (cryptodev_asymfeat & CRF_DSA_SIGN)	1061	if (cryptodev_asymfeat & CRF_DSA_SIGN)
1031	cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;	1062	cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
		1063	if (cryptodev_asymfeat & CRF_MOD_EXP) {
		1064	cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
		1065	cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
		1066	}
1032	if (cryptodev_asymfeat & CRF_DSA_VERIFY)	1067	if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1033	cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;	1068	cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1034	if (cryptodev_asymfeat & CRF_MOD_EXP)
1035	cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1036	}	1069	}
1037		1070
1038		1071
@@ -1054,3 +1087,4 @@ ENGINE_load_cryptodev(void)
1054	ENGINE_free(engine);	1087	ENGINE_free(engine);
1055	ERR_clear_error();	1088	ERR_clear_error();
1056	}	1089	}
		1090


diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c index 8eea1935a6..44ac38179f 100644 --- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c +++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -795,6 +795,38 @@ cryptodev_dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
795	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));	795	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
796	}	796	}
797		797
		798	static int
		799	cryptodev_dsa_dsa_mod_exp(DSA dsa, BIGNUM t1, BIGNUM *g,
		800	BIGNUM u1, BIGNUM pub_key, BIGNUM u2, BIGNUM p,
		801	BN_CTX ctx, BN_MONT_CTX mont)
		802	{
		803	BIGNUM t2;
		804	int ret = 0;
		805
		806	BN_init(&t2);
		807
		808	/* v = ( g^u1 * y^u2 mod p ) mod q */
		809	/* let t1 = g ^ u1 mod p */
		810	ret = 0;
		811
		812	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
		813	goto err;
		814
		815	/* let t2 = y ^ u2 mod p */
		816	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
		817	goto err;
		818	/* let u1 = t1 * t2 mod p */
		819	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
		820	goto err;
		821
		822	BN_copy(t1,u1);
		823
		824	ret = 1;
		825	err:
		826	BN_free(&t2);
		827	return(ret);
		828	}
		829
798	static DSA_SIG *	830	static DSA_SIG *
799	cryptodev_dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)	831	cryptodev_dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)
800	{	832	{
@@ -850,7 +882,6 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
850	struct crypt_kop kop;	882	struct crypt_kop kop;
851	int dsaret = 1;	883	int dsaret = 1;
852		884
853	printf("foo\n");
854	memset(&kop, 0, sizeof kop);	885	memset(&kop, 0, sizeof kop);
855	kop.crk_op = CRK_DSA_VERIFY;	886	kop.crk_op = CRK_DSA_VERIFY;
856		887
@@ -1029,10 +1060,12 @@ ENGINE_load_cryptodev(void)
1029	memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));	1060	memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1030	if (cryptodev_asymfeat & CRF_DSA_SIGN)	1061	if (cryptodev_asymfeat & CRF_DSA_SIGN)
1031	cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;	1062	cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
		1063	if (cryptodev_asymfeat & CRF_MOD_EXP) {
		1064	cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
		1065	cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
		1066	}
1032	if (cryptodev_asymfeat & CRF_DSA_VERIFY)	1067	if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1033	cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;	1068	cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1034	if (cryptodev_asymfeat & CRF_MOD_EXP)
1035	cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1036	}	1069	}
1037		1070
1038		1071
@@ -1054,3 +1087,4 @@ ENGINE_load_cryptodev(void)
1054	ENGINE_free(engine);	1087	ENGINE_free(engine);
1055	ERR_clear_error();	1088	ERR_clear_error();
1056	}	1089	}
		1090