summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/engine')
-rw-r--r--src/lib/libcrypto/engine/enginetest.c11
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca.c6
-rw-r--r--src/lib/libcrypto/engine/hw_atalla.c2
-rw-r--r--src/lib/libcrypto/engine/hw_cryptodev.c540
-rw-r--r--src/lib/libcrypto/engine/hw_cswift.c73
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher.c68
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher_err.c3
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher_err.h1
-rw-r--r--src/lib/libcrypto/engine/hw_nuron.c2
-rw-r--r--src/lib/libcrypto/engine/hw_sureware.c1039
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec.c2
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h100
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h486
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/sureware.h239
14 files changed, 2390 insertions, 182 deletions
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
index 87fa8c57b7..c2d0297392 100644
--- a/src/lib/libcrypto/engine/enginetest.c
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -56,9 +56,17 @@
56 * 56 *
57 */ 57 */
58 58
59#include <openssl/e_os2.h>
60#include <stdio.h> 59#include <stdio.h>
61#include <string.h> 60#include <string.h>
61
62#ifdef OPENSSL_NO_ENGINE
63int main(int argc, char *argv[])
64{
65 printf("No ENGINE support\n");
66 return(0);
67}
68#else
69#include <openssl/e_os2.h>
62#include <openssl/buffer.h> 70#include <openssl/buffer.h>
63#include <openssl/crypto.h> 71#include <openssl/crypto.h>
64#include <openssl/engine.h> 72#include <openssl/engine.h>
@@ -272,3 +280,4 @@ end:
272 CRYPTO_mem_leaks_fp(stderr); 280 CRYPTO_mem_leaks_fp(stderr);
273 return to_return; 281 return to_return;
274 } 282 }
283#endif
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
index bfb80968e2..4f5ae8a46d 100644
--- a/src/lib/libcrypto/engine/hw_4758_cca.c
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -223,6 +223,7 @@ static int bind_helper(ENGINE *e)
223 return 1; 223 return 1;
224 } 224 }
225 225
226#ifndef ENGINE_DYNAMIC_SUPPORT
226static ENGINE *engine_4758_cca(void) 227static ENGINE *engine_4758_cca(void)
227 { 228 {
228 ENGINE *ret = ENGINE_new(); 229 ENGINE *ret = ENGINE_new();
@@ -244,6 +245,7 @@ void ENGINE_load_4758cca(void)
244 ENGINE_free(e_4758); 245 ENGINE_free(e_4758);
245 ERR_clear_error(); 246 ERR_clear_error();
246 } 247 }
248#endif
247 249
248static int ibm_4758_cca_destroy(ENGINE *e) 250static int ibm_4758_cca_destroy(ENGINE *e)
249 { 251 {
@@ -715,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
715 717
716 if (type == NID_sha1 || type == NID_md5) 718 if (type == NID_sha1 || type == NID_md5)
717 { 719 {
718 memset(hashBuffer, keyLength+1, 0); 720 OPENSSL_cleanse(hashBuffer, keyLength+1);
719 OPENSSL_free(hashBuffer); 721 OPENSSL_free(hashBuffer);
720 } 722 }
721 723
@@ -838,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
838 840
839 if (type == NID_sha1 || type == NID_md5) 841 if (type == NID_sha1 || type == NID_md5)
840 { 842 {
841 memset(hashBuffer, keyLength+1, 0); 843 OPENSSL_cleanse(hashBuffer, keyLength+1);
842 OPENSSL_free(hashBuffer); 844 OPENSSL_free(hashBuffer);
843 } 845 }
844 846
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
index 6151c46902..e9eff9fad1 100644
--- a/src/lib/libcrypto/engine/hw_atalla.c
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e)
242 return 1; 242 return 1;
243 } 243 }
244 244
245#ifndef ENGINE_DYNAMIC_SUPPORT
245static ENGINE *engine_atalla(void) 246static ENGINE *engine_atalla(void)
246 { 247 {
247 ENGINE *ret = ENGINE_new(); 248 ENGINE *ret = ENGINE_new();
@@ -264,6 +265,7 @@ void ENGINE_load_atalla(void)
264 ENGINE_free(toadd); 265 ENGINE_free(toadd);
265 ERR_clear_error(); 266 ERR_clear_error();
266 } 267 }
268#endif
267 269
268/* This is a process-global DSO handle used for loading and unloading 270/* This is a process-global DSO handle used for loading and unloading
269 * the Atalla library. NB: This is only set (or unset) during an 271 * the Atalla library. NB: This is only set (or unset) during an
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
index 7c3728f395..40af97ac24 100644
--- a/src/lib/libcrypto/engine/hw_cryptodev.c
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -1,6 +1,7 @@
1/* 1/*
2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org> 2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
3 * Copyright (c) 2002 Theo de Raadt 3 * Copyright (c) 2002 Theo de Raadt
4 * Copyright (c) 2002 Markus Friedl
4 * All rights reserved. 5 * All rights reserved.
5 * 6 *
6 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
@@ -28,33 +29,85 @@
28 * 29 *
29 */ 30 */
30 31
31#include <sys/types.h> 32#include <openssl/objects.h>
33#include <openssl/engine.h>
34#include <openssl/evp.h>
35
36#if (defined(__unix__) || defined(unix)) && !defined(USG)
32#include <sys/param.h> 37#include <sys/param.h>
38# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
39# define HAVE_CRYPTODEV
40# endif
41# if (OpenBSD >= 200110)
42# define HAVE_SYSLOG_R
43# endif
44#endif
45
46#ifndef HAVE_CRYPTODEV
47
48void
49ENGINE_load_cryptodev(void)
50{
51 /* This is a NOP on platforms without /dev/crypto */
52 return;
53}
54
55#else
56
57#include <sys/types.h>
33#include <crypto/cryptodev.h> 58#include <crypto/cryptodev.h>
34#include <sys/ioctl.h> 59#include <sys/ioctl.h>
35#include <errno.h> 60#include <errno.h>
36#include <stdio.h> 61#include <stdio.h>
37#include <unistd.h> 62#include <unistd.h>
38#include <fcntl.h> 63#include <fcntl.h>
39#include <syslog.h>
40#include <stdarg.h> 64#include <stdarg.h>
41#include <ssl/objects.h> 65#include <syslog.h>
42#include <ssl/engine.h> 66#include <errno.h>
43#include <ssl/evp.h> 67#include <string.h>
44 68
45static int cryptodev_fd = -1; 69struct dev_crypto_state {
46static int cryptodev_sessions = 0; 70 struct session_op d_sess;
47static u_int32_t cryptodev_symfeat = 0; 71 int d_fd;
72};
48 73
74static u_int32_t cryptodev_asymfeat = 0;
75
76static int get_asym_dev_crypto(void);
77static int open_dev_crypto(void);
78static int get_dev_crypto(void);
79static int cryptodev_max_iv(int cipher);
80static int cryptodev_key_length_valid(int cipher, int len);
81static int cipher_nid_to_cryptodev(int nid);
82static int get_cryptodev_ciphers(const int **cnids);
83static int get_cryptodev_digests(const int **cnids);
84static int cryptodev_usable_ciphers(const int **nids);
85static int cryptodev_usable_digests(const int **nids);
86static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
87 const unsigned char *in, unsigned int inl);
88static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
89 const unsigned char *iv, int enc);
90static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
91static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
92 const int **nids, int nid);
93static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
94 const int **nids, int nid);
49static int bn2crparam(const BIGNUM *a, struct crparam *crp); 95static int bn2crparam(const BIGNUM *a, struct crparam *crp);
50static int crparam2bn(struct crparam *crp, BIGNUM *a); 96static int crparam2bn(struct crparam *crp, BIGNUM *a);
51static void zapparams(struct crypt_kop *kop); 97static void zapparams(struct crypt_kop *kop);
98static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
99 int slen, BIGNUM *s);
52 100
53static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
54static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, 101static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
55 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 102 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
103static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
104 RSA *rsa);
105static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
56static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, 106static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
57 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 107 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
108static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
109 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
110 BN_CTX *ctx, BN_MONT_CTX *mont);
58static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, 111static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
59 int dlen, DSA *dsa); 112 int dlen, DSA *dsa);
60static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, 113static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
@@ -64,6 +117,9 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
64 BN_MONT_CTX *m_ctx); 117 BN_MONT_CTX *m_ctx);
65static int cryptodev_dh_compute_key(unsigned char *key, 118static int cryptodev_dh_compute_key(unsigned char *key,
66 const BIGNUM *pub_key, DH *dh); 119 const BIGNUM *pub_key, DH *dh);
120static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
121 void (*f)());
122void ENGINE_load_cryptodev(void);
67 123
68static const ENGINE_CMD_DEFN cryptodev_defns[] = { 124static const ENGINE_CMD_DEFN cryptodev_defns[] = {
69 { 0, NULL, NULL, 0 } 125 { 0, NULL, NULL, 0 }
@@ -77,11 +133,10 @@ static struct {
77} ciphers[] = { 133} ciphers[] = {
78 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, 134 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
79 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, 135 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
80 { CRYPTO_AES_CBC, NID_undef, 8, 24, }, 136 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
81 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, 137 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
82 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 8, }, 138 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
83 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, 139 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
84 { CRYPTO_ARC4, NID_rc4, 8, 16, },
85 { 0, NID_undef, 0, 0, }, 140 { 0, NID_undef, 0, 0, },
86}; 141};
87 142
@@ -99,33 +154,53 @@ static struct {
99}; 154};
100 155
101/* 156/*
102 * Return 1 if /dev/crypto seems usable, 0 otherwise , also 157 * Return a fd if /dev/crypto seems usable, 0 otherwise.
103 * does most of the work of initting the device, if not already
104 * done.. This should leave is with global fd initialized with CRIOGET.
105 */ 158 */
106static int 159static int
107check_dev_crypto() 160open_dev_crypto(void)
108{ 161{
109 int fd; 162 static int fd = -1;
110 163
111 if (cryptodev_fd == -1) { 164 if (fd == -1) {
112 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) 165 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
113 return (0); 166 return (-1);
114 if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) {
115 close(fd);
116 return (0);
117 }
118 close(fd);
119 /* close on exec */ 167 /* close on exec */
120 if (fcntl(cryptodev_fd, F_SETFD, 1) == -1) { 168 if (fcntl(fd, F_SETFD, 1) == -1) {
121 close(cryptodev_fd); 169 close(fd);
122 cryptodev_fd = -1; 170 fd = -1;
123 return (0); 171 return (-1);
124 } 172 }
125 } 173 }
126 ioctl(cryptodev_fd, CIOCSYMFEAT, &cryptodev_symfeat); 174 return (fd);
175}
127 176
128 return (1); 177static int
178get_dev_crypto(void)
179{
180 int fd, retfd;
181
182 if ((fd = open_dev_crypto()) == -1)
183 return (-1);
184 if (ioctl(fd, CRIOGET, &retfd) == -1)
185 return (-1);
186
187 /* close on exec */
188 if (fcntl(retfd, F_SETFD, 1) == -1) {
189 close(retfd);
190 return (-1);
191 }
192 return (retfd);
193}
194
195/* Caching version for asym operations */
196static int
197get_asym_dev_crypto(void)
198{
199 static int fd = -1;
200
201 if (fd == -1)
202 fd = get_dev_crypto();
203 return fd;
129} 204}
130 205
131/* 206/*
@@ -183,8 +258,12 @@ get_cryptodev_ciphers(const int **cnids)
183{ 258{
184 static int nids[CRYPTO_ALGORITHM_MAX]; 259 static int nids[CRYPTO_ALGORITHM_MAX];
185 struct session_op sess; 260 struct session_op sess;
186 int i, count = 0; 261 int fd, i, count = 0;
187 262
263 if ((fd = get_dev_crypto()) < 0) {
264 *nids = NULL;
265 return (0);
266 }
188 memset(&sess, 0, sizeof(sess)); 267 memset(&sess, 0, sizeof(sess));
189 sess.key = (caddr_t)"123456781234567812345678"; 268 sess.key = (caddr_t)"123456781234567812345678";
190 269
@@ -194,10 +273,12 @@ get_cryptodev_ciphers(const int **cnids)
194 sess.cipher = ciphers[i].id; 273 sess.cipher = ciphers[i].id;
195 sess.keylen = ciphers[i].keylen; 274 sess.keylen = ciphers[i].keylen;
196 sess.mac = 0; 275 sess.mac = 0;
197 if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 && 276 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
198 ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1) 277 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
199 nids[count++] = ciphers[i].nid; 278 nids[count++] = ciphers[i].nid;
200 } 279 }
280 close(fd);
281
201 if (count > 0) 282 if (count > 0)
202 *cnids = nids; 283 *cnids = nids;
203 else 284 else
@@ -216,18 +297,24 @@ get_cryptodev_digests(const int **cnids)
216{ 297{
217 static int nids[CRYPTO_ALGORITHM_MAX]; 298 static int nids[CRYPTO_ALGORITHM_MAX];
218 struct session_op sess; 299 struct session_op sess;
219 int i, count = 0; 300 int fd, i, count = 0;
220 301
302 if ((fd = get_dev_crypto()) < 0) {
303 *nids = NULL;
304 return (0);
305 }
221 memset(&sess, 0, sizeof(sess)); 306 memset(&sess, 0, sizeof(sess));
222 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { 307 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
223 if (digests[i].nid == NID_undef) 308 if (digests[i].nid == NID_undef)
224 continue; 309 continue;
225 sess.mac = digests[i].id; 310 sess.mac = digests[i].id;
226 sess.cipher = 0; 311 sess.cipher = 0;
227 if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 && 312 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
228 ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1) 313 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
229 nids[count++] = digests[i].nid; 314 nids[count++] = digests[i].nid;
230 } 315 }
316 close(fd);
317
231 if (count > 0) 318 if (count > 0)
232 *cnids = nids; 319 *cnids = nids;
233 else 320 else
@@ -256,25 +343,15 @@ get_cryptodev_digests(const int **cnids)
256 * want most of the decisions made about what we actually want 343 * want most of the decisions made about what we actually want
257 * to use from /dev/crypto. 344 * to use from /dev/crypto.
258 */ 345 */
259int 346static int
260cryptodev_usable_ciphers(const int **nids) 347cryptodev_usable_ciphers(const int **nids)
261{ 348{
262 if (!check_dev_crypto()) {
263 *nids = NULL;
264 return (0);
265 }
266
267 /* find what the device can do. Unfortunately, we don't
268 * necessarily want all of these yet, because we aren't
269 * yet set up to do them
270 */
271 return (get_cryptodev_ciphers(nids)); 349 return (get_cryptodev_ciphers(nids));
272} 350}
273 351
274int 352static int
275cryptodev_usable_digests(const int **nids) 353cryptodev_usable_digests(const int **nids)
276{ 354{
277#if 1
278 /* 355 /*
279 * XXXX just disable all digests for now, because it sucks. 356 * XXXX just disable all digests for now, because it sucks.
280 * we need a better way to decide this - i.e. I may not 357 * we need a better way to decide this - i.e. I may not
@@ -289,29 +366,19 @@ cryptodev_usable_digests(const int **nids)
289 */ 366 */
290 *nids = NULL; 367 *nids = NULL;
291 return (0); 368 return (0);
292#endif
293
294 if (!check_dev_crypto()) {
295 *nids = NULL;
296 return (0);
297 }
298 return (get_cryptodev_digests(nids));
299} 369}
300 370
301 371static int
302int
303cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 372cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
304 const unsigned char *in, unsigned int inl) 373 const unsigned char *in, unsigned int inl)
305{ 374{
306 struct crypt_op cryp; 375 struct crypt_op cryp;
307 struct session_op *sess = ctx->cipher_data; 376 struct dev_crypto_state *state = ctx->cipher_data;
377 struct session_op *sess = &state->d_sess;
308 void *iiv; 378 void *iiv;
309 unsigned char save_iv[EVP_MAX_IV_LENGTH]; 379 unsigned char save_iv[EVP_MAX_IV_LENGTH];
310 struct syslog_data sd = SYSLOG_DATA_INIT;
311 380
312 if (cryptodev_fd == -1) 381 if (state->d_fd < 0)
313 return (0);
314 if (sess == NULL)
315 return (0); 382 return (0);
316 if (!inl) 383 if (!inl)
317 return (1); 384 return (1);
@@ -338,11 +405,10 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
338 } else 405 } else
339 cryp.iv = NULL; 406 cryp.iv = NULL;
340 407
341 if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) { 408 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
342 /* XXX need better errror handling 409 /* XXX need better errror handling
343 * this can fail for a number of different reasons. 410 * this can fail for a number of different reasons.
344 */ 411 */
345 syslog_r(LOG_ERR, &sd, "CIOCCRYPT failed (%m)");
346 return (0); 412 return (0);
347 } 413 }
348 414
@@ -356,20 +422,17 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
356 return (1); 422 return (1);
357} 423}
358 424
359int 425static int
360cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 426cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
361 const unsigned char *iv, int enc) 427 const unsigned char *iv, int enc)
362{ 428{
363 struct session_op *sess = ctx->cipher_data; 429 struct dev_crypto_state *state = ctx->cipher_data;
364 struct syslog_data sd = SYSLOG_DATA_INIT; 430 struct session_op *sess = &state->d_sess;
365 int cipher; 431 int cipher;
366 432
367 if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) 433 if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
368 return (0); 434 return (0);
369 435
370 if (!check_dev_crypto())
371 return (0);
372
373 if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) 436 if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
374 return (0); 437 return (0);
375 438
@@ -378,15 +441,18 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
378 441
379 memset(sess, 0, sizeof(struct session_op)); 442 memset(sess, 0, sizeof(struct session_op));
380 443
444 if ((state->d_fd = get_dev_crypto()) < 0)
445 return (0);
446
381 sess->key = (unsigned char *)key; 447 sess->key = (unsigned char *)key;
382 sess->keylen = ctx->key_len; 448 sess->keylen = ctx->key_len;
383 sess->cipher = cipher; 449 sess->cipher = cipher;
384 450
385 if (ioctl(cryptodev_fd, CIOCGSESSION, sess) == -1) { 451 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
386 syslog_r(LOG_ERR, &sd, "CIOCGSESSION failed (%m)"); 452 close(state->d_fd);
453 state->d_fd = -1;
387 return (0); 454 return (0);
388 } 455 }
389 cryptodev_sessions++;
390 return (1); 456 return (1);
391} 457}
392 458
@@ -394,14 +460,14 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
394 * free anything we allocated earlier when initting a 460 * free anything we allocated earlier when initting a
395 * session, and close the session. 461 * session, and close the session.
396 */ 462 */
397int 463static int
398cryptodev_cleanup(EVP_CIPHER_CTX *ctx) 464cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
399{ 465{
400 int ret = 0; 466 int ret = 0;
401 struct session_op *sess = ctx->cipher_data; 467 struct dev_crypto_state *state = ctx->cipher_data;
402 struct syslog_data sd = SYSLOG_DATA_INIT; 468 struct session_op *sess = &state->d_sess;
403 469
404 if (sess == NULL) 470 if (state->d_fd < 0)
405 return (0); 471 return (0);
406 472
407 /* XXX if this ioctl fails, someting's wrong. the invoker 473 /* XXX if this ioctl fails, someting's wrong. the invoker
@@ -415,17 +481,14 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
415 * print messages to users of the library. hmm.. 481 * print messages to users of the library. hmm..
416 */ 482 */
417 483
418 if (ioctl(cryptodev_fd, CIOCFSESSION, &sess->ses) == -1) { 484 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
419 syslog_r(LOG_ERR, &sd, "CIOCFSESSION failed (%m)");
420 ret = 0; 485 ret = 0;
421 } else { 486 } else {
422 cryptodev_sessions--;
423 ret = 1; 487 ret = 1;
424 } 488 }
425 if (cryptodev_sessions == 0 && cryptodev_fd != -1 ) { 489 close(state->d_fd);
426 close(cryptodev_fd); /* XXX should this be closed? */ 490 state->d_fd = -1;
427 cryptodev_fd = -1; 491
428 }
429 return (ret); 492 return (ret);
430} 493}
431 494
@@ -434,20 +497,6 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
434 * gets called when libcrypto requests a cipher NID. 497 * gets called when libcrypto requests a cipher NID.
435 */ 498 */
436 499
437/* ARC4 (16 byte key) */
438const EVP_CIPHER cryptodev_arc4_cipher = {
439 NID_rc4,
440 1, 16, 0,
441 EVP_CIPH_VARIABLE_LENGTH,
442 cryptodev_init_key,
443 cryptodev_cipher,
444 cryptodev_cleanup,
445 sizeof(struct session_op),
446 NULL,
447 NULL,
448 NULL
449};
450
451/* DES CBC EVP */ 500/* DES CBC EVP */
452const EVP_CIPHER cryptodev_des_cbc = { 501const EVP_CIPHER cryptodev_des_cbc = {
453 NID_des_cbc, 502 NID_des_cbc,
@@ -456,7 +505,7 @@ const EVP_CIPHER cryptodev_des_cbc = {
456 cryptodev_init_key, 505 cryptodev_init_key,
457 cryptodev_cipher, 506 cryptodev_cipher,
458 cryptodev_cleanup, 507 cryptodev_cleanup,
459 sizeof(struct session_op), 508 sizeof(struct dev_crypto_state),
460 EVP_CIPHER_set_asn1_iv, 509 EVP_CIPHER_set_asn1_iv,
461 EVP_CIPHER_get_asn1_iv, 510 EVP_CIPHER_get_asn1_iv,
462 NULL 511 NULL
@@ -470,19 +519,57 @@ const EVP_CIPHER cryptodev_3des_cbc = {
470 cryptodev_init_key, 519 cryptodev_init_key,
471 cryptodev_cipher, 520 cryptodev_cipher,
472 cryptodev_cleanup, 521 cryptodev_cleanup,
473 sizeof(struct session_op), 522 sizeof(struct dev_crypto_state),
523 EVP_CIPHER_set_asn1_iv,
524 EVP_CIPHER_get_asn1_iv,
525 NULL
526};
527
528const EVP_CIPHER cryptodev_bf_cbc = {
529 NID_bf_cbc,
530 8, 16, 8,
531 EVP_CIPH_CBC_MODE,
532 cryptodev_init_key,
533 cryptodev_cipher,
534 cryptodev_cleanup,
535 sizeof(struct dev_crypto_state),
536 EVP_CIPHER_set_asn1_iv,
537 EVP_CIPHER_get_asn1_iv,
538 NULL
539};
540
541const EVP_CIPHER cryptodev_cast_cbc = {
542 NID_cast5_cbc,
543 8, 16, 8,
544 EVP_CIPH_CBC_MODE,
545 cryptodev_init_key,
546 cryptodev_cipher,
547 cryptodev_cleanup,
548 sizeof(struct dev_crypto_state),
474 EVP_CIPHER_set_asn1_iv, 549 EVP_CIPHER_set_asn1_iv,
475 EVP_CIPHER_get_asn1_iv, 550 EVP_CIPHER_get_asn1_iv,
476 NULL 551 NULL
477}; 552};
478 553
554const EVP_CIPHER cryptodev_aes_cbc = {
555 NID_aes_128_cbc,
556 16, 16, 16,
557 EVP_CIPH_CBC_MODE,
558 cryptodev_init_key,
559 cryptodev_cipher,
560 cryptodev_cleanup,
561 sizeof(struct dev_crypto_state),
562 EVP_CIPHER_set_asn1_iv,
563 EVP_CIPHER_get_asn1_iv,
564 NULL
565};
479 566
480/* 567/*
481 * Registered by the ENGINE when used to find out how to deal with 568 * Registered by the ENGINE when used to find out how to deal with
482 * a particular NID in the ENGINE. this says what we'll do at the 569 * a particular NID in the ENGINE. this says what we'll do at the
483 * top level - note, that list is restricted by what we answer with 570 * top level - note, that list is restricted by what we answer with
484 */ 571 */
485int 572static int
486cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 573cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
487 const int **nids, int nid) 574 const int **nids, int nid)
488{ 575{
@@ -490,15 +577,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
490 return (cryptodev_usable_ciphers(nids)); 577 return (cryptodev_usable_ciphers(nids));
491 578
492 switch (nid) { 579 switch (nid) {
493 case NID_rc4:
494 *cipher = &cryptodev_arc4_cipher;
495 break;
496 case NID_des_ede3_cbc: 580 case NID_des_ede3_cbc:
497 *cipher = &cryptodev_3des_cbc; 581 *cipher = &cryptodev_3des_cbc;
498 break; 582 break;
499 case NID_des_cbc: 583 case NID_des_cbc:
500 *cipher = &cryptodev_des_cbc; 584 *cipher = &cryptodev_des_cbc;
501 break; 585 break;
586 case NID_bf_cbc:
587 *cipher = &cryptodev_bf_cbc;
588 break;
589 case NID_cast5_cbc:
590 *cipher = &cryptodev_cast_cbc;
591 break;
592 case NID_aes_128_cbc:
593 *cipher = &cryptodev_aes_cbc;
594 break;
502 default: 595 default:
503 *cipher = NULL; 596 *cipher = NULL;
504 break; 597 break;
@@ -506,7 +599,7 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
506 return (*cipher != NULL); 599 return (*cipher != NULL);
507} 600}
508 601
509int 602static int
510cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, 603cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
511 const int **nids, int nid) 604 const int **nids, int nid)
512{ 605{
@@ -524,7 +617,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
524 return (*digest != NULL); 617 return (*digest != NULL);
525} 618}
526 619
527
528/* 620/*
529 * Convert a BIGNUM to the representation that /dev/crypto needs. 621 * Convert a BIGNUM to the representation that /dev/crypto needs.
530 * Upon completion of use, the caller is responsible for freeing 622 * Upon completion of use, the caller is responsible for freeing
@@ -533,7 +625,7 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
533static int 625static int
534bn2crparam(const BIGNUM *a, struct crparam *crp) 626bn2crparam(const BIGNUM *a, struct crparam *crp)
535{ 627{
536 int i, j, n; 628 int i, j, k;
537 ssize_t words, bytes, bits; 629 ssize_t words, bytes, bits;
538 u_char *b; 630 u_char *b;
539 631
@@ -550,17 +642,13 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
550 crp->crp_p = b; 642 crp->crp_p = b;
551 crp->crp_nbits = bits; 643 crp->crp_nbits = bits;
552 644
553 words = (bits + BN_BITS2 - 1) / BN_BITS2; 645 for (i = 0, j = 0; i < a->top; i++) {
554 646 for (k = 0; k < BN_BITS2 / 8; k++) {
555 n = 0; 647 if ((j + k) >= bytes)
556 for (i = 0; i < words && n < bytes; i++) { 648 return (0);
557 BN_ULONG word; 649 b[j + k] = a->d[i] >> (k * 8);
558
559 word = a->d[i];
560 for (j = 0 ; j < BN_BYTES && n < bytes; j++, n++) {
561 *b++ = (word & 0xff);
562 word >>= 8;
563 } 650 }
651 j += BN_BITS2 / 8;
564 } 652 }
565 return (0); 653 return (0);
566} 654}
@@ -569,15 +657,22 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
569static int 657static int
570crparam2bn(struct crparam *crp, BIGNUM *a) 658crparam2bn(struct crparam *crp, BIGNUM *a)
571{ 659{
660 u_int8_t *pd;
572 int i, bytes; 661 int i, bytes;
573 662
574 bytes = (crp->crp_nbits + 7)/8; 663 bytes = (crp->crp_nbits + 7) / 8;
575 664
576 BN_zero(a); 665 if (bytes == 0)
577 for (i = bytes - 1; i >= 0; i--) { 666 return (-1);
578 BN_lshift(a, a, 8); 667
579 BN_add_word(a, (u_char)crp->crp_p[i]); 668 if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
580 } 669 return (-1);
670
671 for (i = 0; i < bytes; i++)
672 pd[i] = crp->crp_p[bytes - i - 1];
673
674 BN_bin2bn(pd, bytes, a);
675 free(pd);
581 676
582 return (0); 677 return (0);
583} 678}
@@ -596,25 +691,32 @@ zapparams(struct crypt_kop *kop)
596} 691}
597 692
598static int 693static int
599cryptodev_sym(struct crypt_kop *kop, BIGNUM *r, BIGNUM *s) 694cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
600{ 695{
601 int ret = -1; 696 int fd, ret = -1;
697
698 if ((fd = get_asym_dev_crypto()) < 0)
699 return (ret);
602 700
603 if (r) { 701 if (r) {
604 kop->crk_param[kop->crk_iparams].crp_p = malloc(256); 702 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
605 kop->crk_param[kop->crk_iparams].crp_nbits = 256 * 8; 703 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
606 kop->crk_oparams++; 704 kop->crk_oparams++;
607 } 705 }
608 if (s) { 706 if (s) {
609 kop->crk_param[kop->crk_iparams+1].crp_p = malloc(256); 707 kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
610 kop->crk_param[kop->crk_iparams+1].crp_nbits = 256 * 8; 708 kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
611 kop->crk_oparams++; 709 kop->crk_oparams++;
612 } 710 }
613 711
614 if (ioctl(cryptodev_fd, CIOCKEY, &kop) == 0) { 712 if (ioctl(fd, CIOCKEY, kop) == 0) {
615 crparam2bn(&kop->crk_param[3], r); 713 if (r)
714 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
715 if (s)
716 crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
616 ret = 0; 717 ret = 0;
617 } 718 }
719
618 return (ret); 720 return (ret);
619} 721}
620 722
@@ -623,38 +725,58 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
623 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) 725 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
624{ 726{
625 struct crypt_kop kop; 727 struct crypt_kop kop;
626 int ret = 0; 728 int ret = 1;
729
730 /* Currently, we know we can do mod exp iff we can do any
731 * asymmetric operations at all.
732 */
733 if (cryptodev_asymfeat == 0) {
734 ret = BN_mod_exp(r, a, p, m, ctx);
735 return (ret);
736 }
627 737
628 memset(&kop, 0, sizeof kop); 738 memset(&kop, 0, sizeof kop);
629 kop.crk_op = CRK_MOD_EXP; 739 kop.crk_op = CRK_MOD_EXP;
630 740
631 /* inputs: a m p */ 741 /* inputs: a^p % m */
632 if (bn2crparam(a, &kop.crk_param[0])) 742 if (bn2crparam(a, &kop.crk_param[0]))
633 goto err; 743 goto err;
634 if (bn2crparam(m, &kop.crk_param[1])) 744 if (bn2crparam(p, &kop.crk_param[1]))
635 goto err; 745 goto err;
636 if (bn2crparam(p, &kop.crk_param[2])) 746 if (bn2crparam(m, &kop.crk_param[2]))
637 goto err; 747 goto err;
638 kop.crk_iparams = 3; 748 kop.crk_iparams = 3;
639 749
640 if (cryptodev_sym(&kop, r, NULL) == -1) { 750 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
641 ret = BN_mod_exp(r, a, p, m, ctx); 751 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
752 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
642 } 753 }
643err: 754err:
644 zapparams(&kop); 755 zapparams(&kop);
645 return (ret); 756 return (ret);
646} 757}
647 758
759static int
760cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
761{
762 int r;
763 BN_CTX *ctx;
764
765 ctx = BN_CTX_new();
766 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
767 BN_CTX_free(ctx);
768 return (r);
769}
648 770
649static int 771static int
650cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) 772cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
651{ 773{
652 struct crypt_kop kop; 774 struct crypt_kop kop;
653 int ret = 0; 775 int ret = 1;
654 776
655 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { 777 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
656 /* XXX 0 means failure?? */ 778 /* XXX 0 means failure?? */
657 goto err; 779 return (0);
658 } 780 }
659 781
660 memset(&kop, 0, sizeof kop); 782 memset(&kop, 0, sizeof kop);
@@ -674,9 +796,8 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
674 goto err; 796 goto err;
675 kop.crk_iparams = 6; 797 kop.crk_iparams = 6;
676 798
677 if (cryptodev_sym(&kop, r0, NULL) == -1) { 799 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
678 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); 800 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
679
680 ret = (*meth->rsa_mod_exp)(r0, I, rsa); 801 ret = (*meth->rsa_mod_exp)(r0, I, rsa);
681 } 802 }
682err: 803err:
@@ -690,8 +811,8 @@ static RSA_METHOD cryptodev_rsa = {
690 NULL, /* rsa_pub_dec */ 811 NULL, /* rsa_pub_dec */
691 NULL, /* rsa_priv_enc */ 812 NULL, /* rsa_priv_enc */
692 NULL, /* rsa_priv_dec */ 813 NULL, /* rsa_priv_dec */
693 cryptodev_rsa_mod_exp, /* rsa_mod_exp */ 814 NULL,
694 cryptodev_bn_mod_exp, /* bn_mod_exp */ 815 NULL,
695 NULL, /* init */ 816 NULL, /* init */
696 NULL, /* finish */ 817 NULL, /* finish */
697 0, /* flags */ 818 0, /* flags */
@@ -707,6 +828,38 @@ cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
707 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); 828 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
708} 829}
709 830
831static int
832cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
833 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
834 BN_CTX *ctx, BN_MONT_CTX *mont)
835{
836 BIGNUM t2;
837 int ret = 0;
838
839 BN_init(&t2);
840
841 /* v = ( g^u1 * y^u2 mod p ) mod q */
842 /* let t1 = g ^ u1 mod p */
843 ret = 0;
844
845 if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
846 goto err;
847
848 /* let t2 = y ^ u2 mod p */
849 if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
850 goto err;
851 /* let u1 = t1 * t2 mod p */
852 if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
853 goto err;
854
855 BN_copy(t1,u1);
856
857 ret = 1;
858err:
859 BN_free(&t2);
860 return(ret);
861}
862
710static DSA_SIG * 863static DSA_SIG *
711cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 864cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
712{ 865{
@@ -721,6 +874,7 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
721 goto err; 874 goto err;
722 } 875 }
723 876
877 printf("bar\n");
724 memset(&kop, 0, sizeof kop); 878 memset(&kop, 0, sizeof kop);
725 kop.crk_op = CRK_DSA_SIGN; 879 kop.crk_op = CRK_DSA_SIGN;
726 880
@@ -737,13 +891,13 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
737 goto err; 891 goto err;
738 kop.crk_iparams = 5; 892 kop.crk_iparams = 5;
739 893
740 if (cryptodev_sym(&kop, r, s) == 0) { 894 if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
895 BN_num_bytes(dsa->q), s) == 0) {
741 dsaret = DSA_SIG_new(); 896 dsaret = DSA_SIG_new();
742 dsaret->r = r; 897 dsaret->r = r;
743 dsaret->s = s; 898 dsaret->s = s;
744 } else { 899 } else {
745 const DSA_METHOD *meth = DSA_OpenSSL(); 900 const DSA_METHOD *meth = DSA_OpenSSL();
746
747 BN_free(r); 901 BN_free(r);
748 BN_free(s); 902 BN_free(s);
749 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); 903 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
@@ -759,7 +913,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
759 DSA_SIG *sig, DSA *dsa) 913 DSA_SIG *sig, DSA *dsa)
760{ 914{
761 struct crypt_kop kop; 915 struct crypt_kop kop;
762 int dsaret = 0; 916 int dsaret = 1;
763 917
764 memset(&kop, 0, sizeof kop); 918 memset(&kop, 0, sizeof kop);
765 kop.crk_op = CRK_DSA_VERIFY; 919 kop.crk_op = CRK_DSA_VERIFY;
@@ -781,7 +935,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
781 goto err; 935 goto err;
782 kop.crk_iparams = 7; 936 kop.crk_iparams = 7;
783 937
784 if (cryptodev_sym(&kop, NULL, NULL) == 0) { 938 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
785 dsaret = kop.crk_status; 939 dsaret = kop.crk_status;
786 } else { 940 } else {
787 const DSA_METHOD *meth = DSA_OpenSSL(); 941 const DSA_METHOD *meth = DSA_OpenSSL();
@@ -796,11 +950,11 @@ err:
796 950
797static DSA_METHOD cryptodev_dsa = { 951static DSA_METHOD cryptodev_dsa = {
798 "cryptodev DSA method", 952 "cryptodev DSA method",
799 cryptodev_dsa_do_sign, 953 NULL,
800 NULL, /* dsa_sign_setup */ 954 NULL, /* dsa_sign_setup */
801 cryptodev_dsa_verify, 955 NULL,
802 NULL, /* dsa_mod_exp */ 956 NULL, /* dsa_mod_exp */
803 cryptodev_dsa_bn_mod_exp, /* bn_mod_exp */ 957 NULL,
804 NULL, /* init */ 958 NULL, /* init */
805 NULL, /* finish */ 959 NULL, /* finish */
806 0, /* flags */ 960 0, /* flags */
@@ -819,8 +973,14 @@ static int
819cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 973cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
820{ 974{
821 struct crypt_kop kop; 975 struct crypt_kop kop;
822 int dhret = 0; 976 int dhret = 1;
823 int keylen; 977 int fd, keylen;
978
979 if ((fd = get_asym_dev_crypto()) < 0) {
980 const DH_METHOD *meth = DH_OpenSSL();
981
982 return ((meth->compute_key)(key, pub_key, dh));
983 }
824 984
825 keylen = BN_num_bits(dh->p); 985 keylen = BN_num_bits(dh->p);
826 986
@@ -840,7 +1000,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
840 kop.crk_param[3].crp_nbits = keylen * 8; 1000 kop.crk_param[3].crp_nbits = keylen * 8;
841 kop.crk_oparams = 1; 1001 kop.crk_oparams = 1;
842 1002
843 if (ioctl(cryptodev_fd, CIOCKEY, &kop) == -1) { 1003 if (ioctl(fd, CIOCKEY, &kop) == -1) {
844 const DH_METHOD *meth = DH_OpenSSL(); 1004 const DH_METHOD *meth = DH_OpenSSL();
845 1005
846 dhret = (meth->compute_key)(key, pub_key, dh); 1006 dhret = (meth->compute_key)(key, pub_key, dh);
@@ -854,8 +1014,8 @@ err:
854static DH_METHOD cryptodev_dh = { 1014static DH_METHOD cryptodev_dh = {
855 "cryptodev DH method", 1015 "cryptodev DH method",
856 NULL, /* cryptodev_dh_generate_key */ 1016 NULL, /* cryptodev_dh_generate_key */
857 cryptodev_dh_compute_key, 1017 NULL,
858 cryptodev_mod_exp_dh, 1018 NULL,
859 NULL, 1019 NULL,
860 NULL, 1020 NULL,
861 0, /* flags */ 1021 0, /* flags */
@@ -869,12 +1029,18 @@ static DH_METHOD cryptodev_dh = {
869static int 1029static int
870cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) 1030cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
871{ 1031{
1032#ifdef HAVE_SYSLOG_R
872 struct syslog_data sd = SYSLOG_DATA_INIT; 1033 struct syslog_data sd = SYSLOG_DATA_INIT;
1034#endif
873 1035
874 switch (cmd) { 1036 switch (cmd) {
875 default: 1037 default:
1038#ifdef HAVE_SYSLOG_R
876 syslog_r(LOG_ERR, &sd, 1039 syslog_r(LOG_ERR, &sd,
877 "cryptodev_ctrl: unknown command %d", cmd); 1040 "cryptodev_ctrl: unknown command %d", cmd);
1041#else
1042 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1043#endif
878 break; 1044 break;
879 } 1045 }
880 return (1); 1046 return (1);
@@ -884,14 +1050,24 @@ void
884ENGINE_load_cryptodev(void) 1050ENGINE_load_cryptodev(void)
885{ 1051{
886 ENGINE *engine = ENGINE_new(); 1052 ENGINE *engine = ENGINE_new();
887 const RSA_METHOD *rsa_meth; 1053 int fd;
888 const DH_METHOD *dh_meth;
889 1054
890 if (engine == NULL) 1055 if (engine == NULL)
891 return; 1056 return;
1057 if ((fd = get_dev_crypto()) < 0)
1058 return;
1059
1060 /*
1061 * find out what asymmetric crypto algorithms we support
1062 */
1063 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1064 close(fd);
1065 return;
1066 }
1067 close(fd);
892 1068
893 if (!ENGINE_set_id(engine, "cryptodev") || 1069 if (!ENGINE_set_id(engine, "cryptodev") ||
894 !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || 1070 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
895 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || 1071 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
896 !ENGINE_set_digests(engine, cryptodev_engine_digests) || 1072 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
897 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || 1073 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
@@ -900,27 +1076,57 @@ ENGINE_load_cryptodev(void)
900 return; 1076 return;
901 } 1077 }
902 1078
903 if ((cryptodev_symfeat & CRSFEAT_RSA) && 1079 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
904 ENGINE_set_RSA(engine, &cryptodev_rsa)) { 1080 const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
905 rsa_meth = RSA_PKCS1_SSLeay(); 1081
1082 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
1083 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
906 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; 1084 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
907 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; 1085 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
908 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_dec; 1086 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
909 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; 1087 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1088 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1089 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1090 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1091 cryptodev_rsa.rsa_mod_exp =
1092 cryptodev_rsa_mod_exp;
1093 else
1094 cryptodev_rsa.rsa_mod_exp =
1095 cryptodev_rsa_nocrt_mod_exp;
1096 }
910 } 1097 }
911 1098
912 if ((cryptodev_symfeat & CRSFEAT_DSA) && 1099 if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
913 ENGINE_set_DSA(engine, &cryptodev_dsa)) { 1100 const DSA_METHOD *meth = DSA_OpenSSL();
1101
1102 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1103 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1104 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1105 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1106 cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1107 cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1108 }
1109 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1110 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
914 } 1111 }
915 1112
916 if ((cryptodev_symfeat & CRSFEAT_DH) && 1113 if (ENGINE_set_DH(engine, &cryptodev_dh)){
917 ENGINE_set_DH(engine, &cryptodev_dh)) { 1114 const DH_METHOD *dh_meth = DH_OpenSSL();
918 dh_meth = DH_OpenSSL(); 1115
919 cryptodev_dh.generate_key = dh_meth->generate_key; 1116 cryptodev_dh.generate_key = dh_meth->generate_key;
920 cryptodev_dh.compute_key = dh_meth->compute_key; 1117 cryptodev_dh.compute_key = dh_meth->compute_key;
1118 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1119 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1120 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1121 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1122 cryptodev_dh.compute_key =
1123 cryptodev_dh_compute_key;
1124 }
921 } 1125 }
922 1126
923 ENGINE_add(engine); 1127 ENGINE_add(engine);
924 ENGINE_free(engine); 1128 ENGINE_free(engine);
925 ERR_clear_error(); 1129 ERR_clear_error();
926} 1130}
1131
1132#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index f5c897bdbb..f128ee5a68 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -121,6 +121,10 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
122#endif 122#endif
123 123
124/* RAND stuff */
125static int cswift_rand_bytes(unsigned char *buf, int num);
126static int cswift_rand_status(void);
127
124/* The definitions for control commands specific to this engine */ 128/* The definitions for control commands specific to this engine */
125#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE 129#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
126static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { 130static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
@@ -183,6 +187,18 @@ static DH_METHOD cswift_dh =
183 }; 187 };
184#endif 188#endif
185 189
190static RAND_METHOD cswift_random =
191 {
192 /* "CryptoSwift RAND method", */
193 NULL,
194 cswift_rand_bytes,
195 NULL,
196 NULL,
197 cswift_rand_bytes,
198 cswift_rand_status,
199 };
200
201
186/* Constants used when creating the ENGINE */ 202/* Constants used when creating the ENGINE */
187static const char *engine_cswift_id = "cswift"; 203static const char *engine_cswift_id = "cswift";
188static const char *engine_cswift_name = "CryptoSwift hardware engine support"; 204static const char *engine_cswift_name = "CryptoSwift hardware engine support";
@@ -208,6 +224,7 @@ static int bind_helper(ENGINE *e)
208#ifndef OPENSSL_NO_DH 224#ifndef OPENSSL_NO_DH
209 !ENGINE_set_DH(e, &cswift_dh) || 225 !ENGINE_set_DH(e, &cswift_dh) ||
210#endif 226#endif
227 !ENGINE_set_RAND(e, &cswift_random) ||
211 !ENGINE_set_destroy_function(e, cswift_destroy) || 228 !ENGINE_set_destroy_function(e, cswift_destroy) ||
212 !ENGINE_set_init_function(e, cswift_init) || 229 !ENGINE_set_init_function(e, cswift_init) ||
213 !ENGINE_set_finish_function(e, cswift_finish) || 230 !ENGINE_set_finish_function(e, cswift_finish) ||
@@ -242,6 +259,7 @@ static int bind_helper(ENGINE *e)
242 return 1; 259 return 1;
243 } 260 }
244 261
262#ifndef ENGINE_DYNAMIC_SUPPORT
245static ENGINE *engine_cswift(void) 263static ENGINE *engine_cswift(void)
246 { 264 {
247 ENGINE *ret = ENGINE_new(); 265 ENGINE *ret = ENGINE_new();
@@ -264,6 +282,7 @@ void ENGINE_load_cswift(void)
264 ENGINE_free(toadd); 282 ENGINE_free(toadd);
265 ERR_clear_error(); 283 ERR_clear_error();
266 } 284 }
285#endif
267 286
268/* This is a process-global DSO handle used for loading and unloading 287/* This is a process-global DSO handle used for loading and unloading
269 * the CryptoSwift library. NB: This is only set (or unset) during an 288 * the CryptoSwift library. NB: This is only set (or unset) during an
@@ -905,6 +924,60 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
905 } 924 }
906#endif 925#endif
907 926
927/* Random bytes are good */
928static int cswift_rand_bytes(unsigned char *buf, int num)
929{
930 SW_CONTEXT_HANDLE hac;
931 SW_STATUS swrc;
932 SW_LARGENUMBER largenum;
933 size_t nbytes = 0;
934 int acquired = 0;
935 int to_return = 0; /* assume failure */
936
937 if (!get_context(&hac))
938 {
939 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
940 goto err;
941 }
942 acquired = 1;
943
944 while (nbytes < (size_t)num)
945 {
946 /* tell CryptoSwift how many bytes we want and where we want it.
947 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
948 * - CryptoSwift can only do multiple of 32-bits. */
949 largenum.value = (SW_BYTE *) buf + nbytes;
950 if (4096 > num - nbytes)
951 largenum.nbytes = num - nbytes;
952 else
953 largenum.nbytes = 4096;
954
955 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
956 if (swrc != SW_OK)
957 {
958 char tmpbuf[20];
959 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
960 sprintf(tmpbuf, "%ld", swrc);
961 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
962 goto err;
963 }
964
965 nbytes += largenum.nbytes;
966 }
967 to_return = 1; /* success */
968
969err:
970 if (acquired)
971 release_context(hac);
972 return to_return;
973}
974
975static int cswift_rand_status(void)
976{
977 return 1;
978}
979
980
908/* This stuff is needed if this ENGINE is being compiled into a self-contained 981/* This stuff is needed if this ENGINE is being compiled into a self-contained
909 * shared-library. */ 982 * shared-library. */
910#ifdef ENGINE_DYNAMIC_SUPPORT 983#ifdef ENGINE_DYNAMIC_SUPPORT
diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c
index a43d4360f2..0d1c6b8df0 100644
--- a/src/lib/libcrypto/engine/hw_ncipher.c
+++ b/src/lib/libcrypto/engine/hw_ncipher.c
@@ -91,11 +91,19 @@ static int hwcrhk_init(ENGINE *e);
91static int hwcrhk_finish(ENGINE *e); 91static int hwcrhk_finish(ENGINE *e);
92static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 92static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93 93
94/* Functions to handle mutexes */ 94/* Functions to handle mutexes if have dynamic locks */
95static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); 95static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
96static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*); 96static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
97static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); 97static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
98static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); 98static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
99#if 1 /* This is a HACK which will disappear in 0.9.8 */
100/* Functions to handle mutexes if only have static locks */
101static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
102 HWCryptoHook_CallerContext *c);
103static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m);
104static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m);
105static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m);
106#endif
99 107
100/* BIGNUM stuff */ 108/* BIGNUM stuff */
101static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 109static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -373,6 +381,7 @@ static int bind_helper(ENGINE *e)
373 return 1; 381 return 1;
374 } 382 }
375 383
384#ifndef ENGINE_DYNAMIC_SUPPORT
376static ENGINE *engine_ncipher(void) 385static ENGINE *engine_ncipher(void)
377 { 386 {
378 ENGINE *ret = ENGINE_new(); 387 ENGINE *ret = ENGINE_new();
@@ -395,6 +404,7 @@ void ENGINE_load_chil(void)
395 ENGINE_free(toadd); 404 ENGINE_free(toadd);
396 ERR_clear_error(); 405 ERR_clear_error();
397 } 406 }
407#endif
398 408
399/* This is a process-global DSO handle used for loading and unloading 409/* This is a process-global DSO handle used for loading and unloading
400 * the HWCryptoHook library. NB: This is only set (or unset) during an 410 * the HWCryptoHook library. NB: This is only set (or unset) during an
@@ -558,15 +568,31 @@ static int hwcrhk_init(ENGINE *e)
558 568
559 /* Check if the application decided to support dynamic locks, 569 /* Check if the application decided to support dynamic locks,
560 and if it does, use them. */ 570 and if it does, use them. */
561 if (disable_mutex_callbacks == 0 && 571 if (disable_mutex_callbacks == 0)
562 CRYPTO_get_dynlock_create_callback() != NULL &&
563 CRYPTO_get_dynlock_lock_callback() != NULL &&
564 CRYPTO_get_dynlock_destroy_callback() != NULL)
565 { 572 {
566 hwcrhk_globals.mutex_init = hwcrhk_mutex_init; 573 if (CRYPTO_get_dynlock_create_callback() != NULL &&
567 hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; 574 CRYPTO_get_dynlock_lock_callback() != NULL &&
568 hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; 575 CRYPTO_get_dynlock_destroy_callback() != NULL)
569 hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; 576 {
577 hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
578 hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
579 hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
580 hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
581 }
582 else if (CRYPTO_get_locking_callback() != NULL)
583 {
584 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING);
585 ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
586#if 1 /* This is a HACK which will disappear in 0.9.8 */
587 hwcrhk_globals.maxmutexes = 1; /* Only have one lock */
588 hwcrhk_globals.mutex_init = hwcrhk_static_mutex_init;
589 hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock;
590 hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock;
591 hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy;
592#else
593 goto err;
594#endif
595 }
570 } 596 }
571 597
572 /* Try and get a context - if not, we may have a DSO but no 598 /* Try and get a context - if not, we may have a DSO but no
@@ -1020,7 +1046,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
1020 1046
1021 /* Perform the operation */ 1047 /* Perform the operation */
1022 ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, 1048 ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
1023 m_dmp1, m_dmq1, m_iqmp, &m_r, NULL); 1049 m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
1024 1050
1025 /* Convert the response */ 1051 /* Convert the response */
1026 r->top = m_r.size / sizeof(BN_ULONG); 1052 r->top = m_r.size / sizeof(BN_ULONG);
@@ -1171,6 +1197,26 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
1171 CRYPTO_destroy_dynlockid(mt->lockid); 1197 CRYPTO_destroy_dynlockid(mt->lockid);
1172 } 1198 }
1173 1199
1200/* Mutex upcalls to use if the application does not support dynamic locks */
1201
1202static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
1203 HWCryptoHook_CallerContext *c)
1204 {
1205 return 0;
1206 }
1207static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m)
1208 {
1209 CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK);
1210 return 0;
1211 }
1212static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m)
1213 {
1214 CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK);
1215 }
1216static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m)
1217 {
1218 }
1219
1174static int hwcrhk_get_pass(const char *prompt_info, 1220static int hwcrhk_get_pass(const char *prompt_info,
1175 int *len_io, char *buf, 1221 int *len_io, char *buf,
1176 HWCryptoHook_PassphraseContext *ppctx, 1222 HWCryptoHook_PassphraseContext *ppctx,
@@ -1318,7 +1364,7 @@ static void hwcrhk_log_message(void *logstr, const char *message)
1318 lstream=*(BIO **)logstr; 1364 lstream=*(BIO **)logstr;
1319 if (lstream) 1365 if (lstream)
1320 { 1366 {
1321 BIO_write(lstream, message, strlen(message)); 1367 BIO_printf(lstream, "%s\n", message);
1322 } 1368 }
1323 CRYPTO_w_unlock(CRYPTO_LOCK_BIO); 1369 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
1324 } 1370 }
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c
index 24024cfc6f..5bc94581b7 100644
--- a/src/lib/libcrypto/engine/hw_ncipher_err.c
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.c
@@ -1,6 +1,6 @@
1/* hw_ncipher_err.c */ 1/* hw_ncipher_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -86,6 +86,7 @@ static ERR_STRING_DATA HWCRHK_str_reasons[]=
86{HWCRHK_R_CHIL_ERROR ,"chil error"}, 86{HWCRHK_R_CHIL_ERROR ,"chil error"},
87{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, 87{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
88{HWCRHK_R_DSO_FAILURE ,"dso failure"}, 88{HWCRHK_R_DSO_FAILURE ,"dso failure"},
89{HWCRHK_R_DYNAMIC_LOCKING_MISSING ,"dynamic locking missing"},
89{HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, 90{HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"},
90{HWCRHK_R_NOT_INITIALISED ,"not initialised"}, 91{HWCRHK_R_NOT_INITIALISED ,"not initialised"},
91{HWCRHK_R_NOT_LOADED ,"not loaded"}, 92{HWCRHK_R_NOT_LOADED ,"not loaded"},
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h
index 4d65b1d470..d232d02319 100644
--- a/src/lib/libcrypto/engine/hw_ncipher_err.h
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.h
@@ -84,6 +84,7 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
84#define HWCRHK_R_CHIL_ERROR 102 84#define HWCRHK_R_CHIL_ERROR 102
85#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 85#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
86#define HWCRHK_R_DSO_FAILURE 104 86#define HWCRHK_R_DSO_FAILURE 104
87#define HWCRHK_R_DYNAMIC_LOCKING_MISSING 114
87#define HWCRHK_R_MISSING_KEY_COMPONENTS 105 88#define HWCRHK_R_MISSING_KEY_COMPONENTS 105
88#define HWCRHK_R_NOT_INITIALISED 106 89#define HWCRHK_R_NOT_INITIALISED 106
89#define HWCRHK_R_NOT_LOADED 107 90#define HWCRHK_R_NOT_LOADED 107
diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c
index 130b6d8b40..fb9188bfe5 100644
--- a/src/lib/libcrypto/engine/hw_nuron.c
+++ b/src/lib/libcrypto/engine/hw_nuron.c
@@ -374,6 +374,7 @@ static int bind_helper(ENGINE *e)
374 return 1; 374 return 1;
375 } 375 }
376 376
377#ifndef ENGINE_DYNAMIC_SUPPORT
377static ENGINE *engine_nuron(void) 378static ENGINE *engine_nuron(void)
378 { 379 {
379 ENGINE *ret = ENGINE_new(); 380 ENGINE *ret = ENGINE_new();
@@ -396,6 +397,7 @@ void ENGINE_load_nuron(void)
396 ENGINE_free(toadd); 397 ENGINE_free(toadd);
397 ERR_clear_error(); 398 ERR_clear_error();
398 } 399 }
400#endif
399 401
400/* This stuff is needed if this ENGINE is being compiled into a self-contained 402/* This stuff is needed if this ENGINE is being compiled into a self-contained
401 * shared-library. */ 403 * shared-library. */
diff --git a/src/lib/libcrypto/engine/hw_sureware.c b/src/lib/libcrypto/engine/hw_sureware.c
new file mode 100644
index 0000000000..fca467e690
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
1/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
2*
3*
4* Redistribution and use in source and binary forms, with or without
5* modification, are permitted provided that the following conditions
6* are met:
7*
8* 1. Redistributions of source code must retain the above copyright
9* notice, this list of conditions and the following disclaimer.
10*
11* 2. Redistributions in binary form must reproduce the above copyright
12* notice, this list of conditions and the following disclaimer in
13* the documentation and/or other materials provided with the
14* distribution.
15*
16* 3. All advertising materials mentioning features or use of this
17* software must display the following acknowledgment:
18* "This product includes software developed by the OpenSSL Project
19* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20*
21* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22* endorse or promote products derived from this software without
23* prior written permission. For written permission, please contact
24* licensing@OpenSSL.org.
25*
26* 5. Products derived from this software may not be called "OpenSSL"
27* nor may "OpenSSL" appear in their names without prior written
28* permission of the OpenSSL Project.
29*
30* 6. Redistributions of any form whatsoever must retain the following
31* acknowledgment:
32* "This product includes software developed by the OpenSSL Project
33* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34*
35* Written by Corinne Dive-Reclus(cdive@baltimore.com)
36*
37* Copyright@2001 Baltimore Technologies Ltd.
38* All right Reserved.
39* *
40* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
41* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
42* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
43* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
44* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
45* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
46* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
47* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
48* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
49* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
50* SUCH DAMAGE. *
51====================================================================*/
52
53#include <stdio.h>
54#include "cryptlib.h"
55#include <openssl/crypto.h>
56#include <openssl/pem.h>
57#include <openssl/dso.h>
58#include "eng_int.h"
59#include "engine.h"
60#include <openssl/engine.h>
61
62#ifndef OPENSSL_NO_HW
63#ifndef OPENSSL_NO_HW_SUREWARE
64
65#ifdef FLAT_INC
66#include "sureware.h"
67#else
68#include "vendor_defns/sureware.h"
69#endif
70
71#define SUREWARE_LIB_NAME "sureware engine"
72#include "hw_sureware_err.c"
73
74static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
75static int surewarehk_destroy(ENGINE *e);
76static int surewarehk_init(ENGINE *e);
77static int surewarehk_finish(ENGINE *e);
78static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
79 const BIGNUM *m, BN_CTX *ctx);
80
81/* RSA stuff */
82static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
83 RSA *rsa,int padding);
84static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
85 RSA *rsa,int padding);
86
87/* RAND stuff */
88static int surewarehk_rand_bytes(unsigned char *buf, int num);
89static void surewarehk_rand_seed(const void *buf, int num);
90static void surewarehk_rand_add(const void *buf, int num, double entropy);
91
92/* KM stuff */
93static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
94 UI_METHOD *ui_method, void *callback_data);
95static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
96 UI_METHOD *ui_method, void *callback_data);
97static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
98 int idx,long argl, void *argp);
99#if 0
100static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
101 int idx,long argl, void *argp);
102#endif
103
104#ifndef OPENSSL_NO_RSA
105/* This function is aliased to mod_exp (with the mont stuff dropped). */
106static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
107 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
108{
109 return surewarehk_modexp(r, a, p, m, ctx);
110}
111
112/* Our internal RSA_METHOD that we provide pointers to */
113static RSA_METHOD surewarehk_rsa =
114 {
115 "SureWare RSA method",
116 NULL, /* pub_enc*/
117 NULL, /* pub_dec*/
118 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
119 surewarehk_rsa_priv_dec, /* priv_dec*/
120 NULL, /*mod_exp*/
121 surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
122 NULL, /* init*/
123 NULL, /* finish*/
124 0, /* RSA flag*/
125 NULL,
126 NULL, /* OpenSSL sign*/
127 NULL /* OpenSSL verify*/
128 };
129#endif
130
131#ifndef OPENSSL_NO_DH
132/* Our internal DH_METHOD that we provide pointers to */
133/* This function is aliased to mod_exp (with the dh and mont dropped). */
134static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
135 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
136{
137 return surewarehk_modexp(r, a, p, m, ctx);
138}
139
140static DH_METHOD surewarehk_dh =
141 {
142 "SureWare DH method",
143 NULL,/*gen_key*/
144 NULL,/*agree,*/
145 surewarehk_modexp_dh, /*dh mod exp*/
146 NULL, /* init*/
147 NULL, /* finish*/
148 0, /* flags*/
149 NULL
150 };
151#endif
152
153static RAND_METHOD surewarehk_rand =
154 {
155 /* "SureWare RAND method", */
156 surewarehk_rand_seed,
157 surewarehk_rand_bytes,
158 NULL,/*cleanup*/
159 surewarehk_rand_add,
160 surewarehk_rand_bytes,
161 NULL,/*rand_status*/
162 };
163
164#ifndef OPENSSL_NO_DSA
165/* DSA stuff */
166static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
167static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
168 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
169 BN_CTX *ctx, BN_MONT_CTX *in_mont)
170{
171 BIGNUM t;
172 int to_return = 0;
173 BN_init(&t);
174 /* let rr = a1 ^ p1 mod m */
175 if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
176 /* let t = a2 ^ p2 mod m */
177 if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
178 /* let rr = rr * t mod m */
179 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
180 to_return = 1;
181end:
182 BN_free(&t);
183 return to_return;
184}
185
186static DSA_METHOD surewarehk_dsa =
187 {
188 "SureWare DSA method",
189 surewarehk_dsa_do_sign,
190 NULL,/*sign setup*/
191 NULL,/*verify,*/
192 surewarehk_dsa_mod_exp,/*mod exp*/
193 NULL,/*bn mod exp*/
194 NULL, /*init*/
195 NULL,/*finish*/
196 0,
197 NULL,
198 };
199#endif
200
201static const char *engine_sureware_id = "sureware";
202static const char *engine_sureware_name = "SureWare hardware engine support";
203
204/* Now, to our own code */
205
206/* As this is only ever called once, there's no need for locking
207 * (indeed - the lock will already be held by our caller!!!) */
208static int bind_sureware(ENGINE *e)
209{
210#ifndef OPENSSL_NO_RSA
211 const RSA_METHOD *meth1;
212#endif
213#ifndef OPENSSL_NO_DSA
214 const DSA_METHOD *meth2;
215#endif
216#ifndef OPENSSL_NO_DH
217 const DH_METHOD *meth3;
218#endif
219
220 if(!ENGINE_set_id(e, engine_sureware_id) ||
221 !ENGINE_set_name(e, engine_sureware_name) ||
222#ifndef OPENSSL_NO_RSA
223 !ENGINE_set_RSA(e, &surewarehk_rsa) ||
224#endif
225#ifndef OPENSSL_NO_DSA
226 !ENGINE_set_DSA(e, &surewarehk_dsa) ||
227#endif
228#ifndef OPENSSL_NO_DH
229 !ENGINE_set_DH(e, &surewarehk_dh) ||
230#endif
231 !ENGINE_set_RAND(e, &surewarehk_rand) ||
232 !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
233 !ENGINE_set_init_function(e, surewarehk_init) ||
234 !ENGINE_set_finish_function(e, surewarehk_finish) ||
235 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
236 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
237 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
238 return 0;
239
240#ifndef OPENSSL_NO_RSA
241 /* We know that the "PKCS1_SSLeay()" functions hook properly
242 * to the cswift-specific mod_exp and mod_exp_crt so we use
243 * those functions. NB: We don't use ENGINE_openssl() or
244 * anything "more generic" because something like the RSAref
245 * code may not hook properly, and if you own one of these
246 * cards then you have the right to do RSA operations on it
247 * anyway! */
248 meth1 = RSA_PKCS1_SSLeay();
249 if (meth1)
250 {
251 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 }
254#endif
255
256#ifndef OPENSSL_NO_DSA
257 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
258 * bits. */
259 meth2 = DSA_OpenSSL();
260 if (meth2)
261 {
262 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
263 }
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 if (meth3)
270 {
271 surewarehk_dh.generate_key = meth3->generate_key;
272 surewarehk_dh.compute_key = meth3->compute_key;
273 }
274#endif
275
276 /* Ensure the sureware error handling is set up */
277 ERR_load_SUREWARE_strings();
278 return 1;
279}
280
281#ifdef ENGINE_DYNAMIC_SUPPORT
282static int bind_helper(ENGINE *e, const char *id)
283 {
284 if(id && (strcmp(id, engine_sureware_id) != 0))
285 return 0;
286 if(!bind_sureware(e))
287 return 0;
288 return 1;
289 }
290IMPLEMENT_DYNAMIC_CHECK_FN()
291IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
292#else
293static ENGINE *engine_sureware(void)
294 {
295 ENGINE *ret = ENGINE_new();
296 if(!ret)
297 return NULL;
298 if(!bind_sureware(ret))
299 {
300 ENGINE_free(ret);
301 return NULL;
302 }
303 return ret;
304 }
305
306void ENGINE_load_sureware(void)
307 {
308 /* Copied from eng_[openssl|dyn].c */
309 ENGINE *toadd = engine_sureware();
310 if(!toadd) return;
311 ENGINE_add(toadd);
312 ENGINE_free(toadd);
313 ERR_clear_error();
314 }
315#endif
316
317/* This is a process-global DSO handle used for loading and unloading
318 * the SureWareHook library. NB: This is only set (or unset) during an
319 * init() or finish() call (reference counts permitting) and they're
320 * operating with global locks, so this should be thread-safe
321 * implicitly. */
322static DSO *surewarehk_dso = NULL;
323#ifndef OPENSSL_NO_RSA
324static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
325#endif
326#ifndef OPENSSL_NO_DSA
327static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
328#endif
329
330/* These are the function pointers that are (un)set when the library has
331 * successfully (un)loaded. */
332static SureWareHook_Init_t *p_surewarehk_Init = NULL;
333static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
334static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
335static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
336static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
337static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
338static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
339static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
340static SureWareHook_Free_t *p_surewarehk_Free=NULL;
341static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
342static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
343static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
344static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
345
346/* Used in the DSO operations. */
347static const char *surewarehk_LIBNAME = "SureWareHook";
348static const char *n_surewarehk_Init = "SureWareHook_Init";
349static const char *n_surewarehk_Finish = "SureWareHook_Finish";
350static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
351static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
352static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
353static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
354static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
355static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
356static const char *n_surewarehk_Free="SureWareHook_Free";
357static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
358static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
359static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
360static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
361static BIO *logstream = NULL;
362
363/* SureWareHook library functions and mechanics - these are used by the
364 * higher-level functions further down. NB: As and where there's no
365 * error checking, take a look lower down where these functions are
366 * called, the checking and error handling is probably down there.
367*/
368static int threadsafe=1;
369static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
370{
371 int to_return = 1;
372
373 switch(cmd)
374 {
375 case ENGINE_CTRL_SET_LOGSTREAM:
376 {
377 BIO *bio = (BIO *)p;
378 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
379 if (logstream)
380 {
381 BIO_free(logstream);
382 logstream = NULL;
383 }
384 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
385 logstream = bio;
386 else
387 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
388 }
389 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
390 break;
391 /* This will prevent the initialisation function from "installing"
392 * the mutex-handling callbacks, even if they are available from
393 * within the library (or were provided to the library from the
394 * calling application). This is to remove any baggage for
395 * applications not using multithreading. */
396 case ENGINE_CTRL_CHIL_NO_LOCKING:
397 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
398 threadsafe = 0;
399 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
400 break;
401
402 /* The command isn't understood by this engine */
403 default:
404 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
405 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
406 to_return = 0;
407 break;
408 }
409
410 return to_return;
411}
412
413/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
414static int surewarehk_destroy(ENGINE *e)
415{
416 ERR_unload_SUREWARE_strings();
417 return 1;
418}
419
420/* (de)initialisation functions. */
421static int surewarehk_init(ENGINE *e)
422{
423 char msg[64]="ENGINE_init";
424 SureWareHook_Init_t *p1=NULL;
425 SureWareHook_Finish_t *p2=NULL;
426 SureWareHook_Rand_Bytes_t *p3=NULL;
427 SureWareHook_Rand_Seed_t *p4=NULL;
428 SureWareHook_Load_Privkey_t *p5=NULL;
429 SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
430 SureWareHook_Free_t *p7=NULL;
431 SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
432 SureWareHook_Rsa_Sign_t *p9=NULL;
433 SureWareHook_Dsa_Sign_t *p12=NULL;
434 SureWareHook_Info_Pubkey_t *p13=NULL;
435 SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
436 SureWareHook_Mod_Exp_t *p15=NULL;
437
438 if(surewarehk_dso != NULL)
439 {
440 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
441 goto err;
442 }
443 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
444 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
445 if(surewarehk_dso == NULL)
446 {
447 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
448 goto err;
449 }
450 if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
451 !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
452 !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
453 !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
454 !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
455 !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
456 !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
457 !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
458 !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
459 !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
460 !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
461 !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
462 !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
463 {
464 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
465 goto err;
466 }
467 /* Copy the pointers */
468 p_surewarehk_Init = p1;
469 p_surewarehk_Finish = p2;
470 p_surewarehk_Rand_Bytes = p3;
471 p_surewarehk_Rand_Seed = p4;
472 p_surewarehk_Load_Privkey = p5;
473 p_surewarehk_Load_Rsa_Pubkey = p6;
474 p_surewarehk_Free = p7;
475 p_surewarehk_Rsa_Priv_Dec = p8;
476 p_surewarehk_Rsa_Sign = p9;
477 p_surewarehk_Dsa_Sign = p12;
478 p_surewarehk_Info_Pubkey = p13;
479 p_surewarehk_Load_Dsa_Pubkey = p14;
480 p_surewarehk_Mod_Exp = p15;
481 /* Contact the hardware and initialises it. */
482 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
483 {
484 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
485 goto err;
486 }
487 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
488 {
489 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
490 goto err;
491 }
492 /* try to load the default private key, if failed does not return a failure but
493 wait for an explicit ENGINE_load_privakey */
494 surewarehk_load_privkey(e,NULL,NULL,NULL);
495
496 /* Everything's fine. */
497#ifndef OPENSSL_NO_RSA
498 if (rsaHndidx == -1)
499 rsaHndidx = RSA_get_ex_new_index(0,
500 "SureWareHook RSA key handle",
501 NULL, NULL, surewarehk_ex_free);
502#endif
503#ifndef OPENSSL_NO_DSA
504 if (dsaHndidx == -1)
505 dsaHndidx = DSA_get_ex_new_index(0,
506 "SureWareHook DSA key handle",
507 NULL, NULL, surewarehk_ex_free);
508#endif
509
510 return 1;
511err:
512 if(surewarehk_dso)
513 DSO_free(surewarehk_dso);
514 surewarehk_dso = NULL;
515 p_surewarehk_Init = NULL;
516 p_surewarehk_Finish = NULL;
517 p_surewarehk_Rand_Bytes = NULL;
518 p_surewarehk_Rand_Seed = NULL;
519 p_surewarehk_Load_Privkey = NULL;
520 p_surewarehk_Load_Rsa_Pubkey = NULL;
521 p_surewarehk_Free = NULL;
522 p_surewarehk_Rsa_Priv_Dec = NULL;
523 p_surewarehk_Rsa_Sign = NULL;
524 p_surewarehk_Dsa_Sign = NULL;
525 p_surewarehk_Info_Pubkey = NULL;
526 p_surewarehk_Load_Dsa_Pubkey = NULL;
527 p_surewarehk_Mod_Exp = NULL;
528 return 0;
529}
530
531static int surewarehk_finish(ENGINE *e)
532{
533 int to_return = 1;
534 if(surewarehk_dso == NULL)
535 {
536 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
537 to_return = 0;
538 goto err;
539 }
540 p_surewarehk_Finish();
541 if(!DSO_free(surewarehk_dso))
542 {
543 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
544 to_return = 0;
545 goto err;
546 }
547 err:
548 if (logstream)
549 BIO_free(logstream);
550 surewarehk_dso = NULL;
551 p_surewarehk_Init = NULL;
552 p_surewarehk_Finish = NULL;
553 p_surewarehk_Rand_Bytes = NULL;
554 p_surewarehk_Rand_Seed = NULL;
555 p_surewarehk_Load_Privkey = NULL;
556 p_surewarehk_Load_Rsa_Pubkey = NULL;
557 p_surewarehk_Free = NULL;
558 p_surewarehk_Rsa_Priv_Dec = NULL;
559 p_surewarehk_Rsa_Sign = NULL;
560 p_surewarehk_Dsa_Sign = NULL;
561 p_surewarehk_Info_Pubkey = NULL;
562 p_surewarehk_Load_Dsa_Pubkey = NULL;
563 p_surewarehk_Mod_Exp = NULL;
564 return to_return;
565}
566
567static void surewarehk_error_handling(char *const msg,int func,int ret)
568{
569 switch (ret)
570 {
571 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
572 ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
573 break;
574 case SUREWAREHOOK_ERROR_FALLBACK:
575 ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
576 break;
577 case SUREWAREHOOK_ERROR_DATA_SIZE:
578 ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
579 break;
580 case SUREWAREHOOK_ERROR_INVALID_PAD:
581 ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
582 break;
583 default:
584 ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
585 break;
586 case 1:/*nothing*/
587 msg[0]='\0';
588 }
589 if (*msg)
590 {
591 ERR_add_error_data(1,msg);
592 if (logstream)
593 {
594 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
595 BIO_write(logstream, msg, strlen(msg));
596 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
597 }
598 }
599}
600
601static int surewarehk_rand_bytes(unsigned char *buf, int num)
602{
603 int ret=0;
604 char msg[64]="ENGINE_rand_bytes";
605 if(!p_surewarehk_Rand_Bytes)
606 {
607 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
608 }
609 else
610 {
611 ret = p_surewarehk_Rand_Bytes(msg,buf, num);
612 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
613 }
614 return ret==1 ? 1 : 0;
615}
616
617static void surewarehk_rand_seed(const void *buf, int num)
618{
619 int ret=0;
620 char msg[64]="ENGINE_rand_seed";
621 if(!p_surewarehk_Rand_Seed)
622 {
623 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
624 }
625 else
626 {
627 ret = p_surewarehk_Rand_Seed(msg,buf, num);
628 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
629 }
630}
631
632static void surewarehk_rand_add(const void *buf, int num, double entropy)
633{
634 surewarehk_rand_seed(buf,num);
635}
636
637static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
638{
639 EVP_PKEY *res = NULL;
640#ifndef OPENSSL_NO_RSA
641 RSA *rsatmp = NULL;
642#endif
643#ifndef OPENSSL_NO_DSA
644 DSA *dsatmp=NULL;
645#endif
646 char msg[64]="sureware_load_public";
647 int ret=0;
648 if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
649 {
650 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
651 goto err;
652 }
653 switch (keytype)
654 {
655#ifndef OPENSSL_NO_RSA
656 case 1: /*RSA*/
657 /* set private external reference */
658 rsatmp = RSA_new_method(e);
659 RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
660 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
661
662 /* set public big nums*/
663 rsatmp->e = BN_new();
664 rsatmp->n = BN_new();
665 bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
666 bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
667 if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
668 !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
669 goto err;
670 ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
671 (unsigned long *)rsatmp->n->d,
672 (unsigned long *)rsatmp->e->d);
673 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
674 if (ret!=1)
675 {
676 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
677 goto err;
678 }
679 /* normalise pub e and pub n */
680 rsatmp->e->top=el/sizeof(BN_ULONG);
681 bn_fix_top(rsatmp->e);
682 rsatmp->n->top=el/sizeof(BN_ULONG);
683 bn_fix_top(rsatmp->n);
684 /* create an EVP object: engine + rsa key */
685 res = EVP_PKEY_new();
686 EVP_PKEY_assign_RSA(res, rsatmp);
687 break;
688#endif
689
690#ifndef OPENSSL_NO_DSA
691 case 2:/*DSA*/
692 /* set private/public external reference */
693 dsatmp = DSA_new_method(e);
694 DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
695 /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
696
697 /* set public key*/
698 dsatmp->pub_key = BN_new();
699 dsatmp->p = BN_new();
700 dsatmp->q = BN_new();
701 dsatmp->g = BN_new();
702 bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
703 bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
704 bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
705 bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
706 if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
707 !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
708 !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
709 !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
710 goto err;
711
712 ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
713 (unsigned long *)dsatmp->pub_key->d,
714 (unsigned long *)dsatmp->p->d,
715 (unsigned long *)dsatmp->q->d,
716 (unsigned long *)dsatmp->g->d);
717 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
718 if (ret!=1)
719 {
720 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
721 goto err;
722 }
723 /* set parameters */
724 /* normalise pubkey and parameters in case of */
725 dsatmp->pub_key->top=el/sizeof(BN_ULONG);
726 bn_fix_top(dsatmp->pub_key);
727 dsatmp->p->top=el/sizeof(BN_ULONG);
728 bn_fix_top(dsatmp->p);
729 dsatmp->q->top=20/sizeof(BN_ULONG);
730 bn_fix_top(dsatmp->q);
731 dsatmp->g->top=el/sizeof(BN_ULONG);
732 bn_fix_top(dsatmp->g);
733
734 /* create an EVP object: engine + rsa key */
735 res = EVP_PKEY_new();
736 EVP_PKEY_assign_DSA(res, dsatmp);
737 break;
738#endif
739
740 default:
741 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
742 goto err;
743 }
744 return res;
745 err:
746 if (res)
747 EVP_PKEY_free(res);
748#ifndef OPENSSL_NO_RSA
749 if (rsatmp)
750 RSA_free(rsatmp);
751#endif
752#ifndef OPENSSL_NO_DSA
753 if (dsatmp)
754 DSA_free(dsatmp);
755#endif
756 return NULL;
757}
758
759static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
760 UI_METHOD *ui_method, void *callback_data)
761{
762 EVP_PKEY *res = NULL;
763 int ret=0;
764 unsigned long el=0;
765 char *hptr=NULL;
766 char keytype=0;
767 char msg[64]="ENGINE_load_privkey";
768
769 if(!p_surewarehk_Load_Privkey)
770 {
771 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
772 }
773 else
774 {
775 ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
776 if (ret!=1)
777 {
778 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
779 ERR_add_error_data(1,msg);
780 }
781 else
782 res=sureware_load_public(e,key_id,hptr,el,keytype);
783 }
784 return res;
785}
786
787static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
788 UI_METHOD *ui_method, void *callback_data)
789{
790 EVP_PKEY *res = NULL;
791 int ret=0;
792 unsigned long el=0;
793 char *hptr=NULL;
794 char keytype=0;
795 char msg[64]="ENGINE_load_pubkey";
796
797 if(!p_surewarehk_Info_Pubkey)
798 {
799 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
800 }
801 else
802 {
803 /* call once to identify if DSA or RSA */
804 ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
805 if (ret!=1)
806 {
807 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
808 ERR_add_error_data(1,msg);
809 }
810 else
811 res=sureware_load_public(e,key_id,hptr,el,keytype);
812 }
813 return res;
814}
815
816/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
817, called when ex_data is freed */
818static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
819 int idx,long argl, void *argp)
820{
821 if(!p_surewarehk_Free)
822 {
823 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
824 }
825 else
826 p_surewarehk_Free((char *)item,0);
827}
828
829#if 0
830/* This cleans up an DH KM key (destroys the key into hardware),
831called when ex_data is freed */
832static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
833 int idx,long argl, void *argp)
834{
835 if(!p_surewarehk_Free)
836 {
837 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
838 }
839 else
840 p_surewarehk_Free((char *)item,1);
841}
842#endif
843
844/*
845* return number of decrypted bytes
846*/
847#ifndef OPENSSL_NO_RSA
848static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
849 RSA *rsa,int padding)
850{
851 int ret=0,tlen;
852 char *buf=NULL,*hptr=NULL;
853 char msg[64]="ENGINE_rsa_priv_dec";
854 if (!p_surewarehk_Rsa_Priv_Dec)
855 {
856 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
857 }
858 /* extract ref to private key */
859 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
860 {
861 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
862 goto err;
863 }
864 /* analyse what padding we can do into the hardware */
865 if (padding==RSA_PKCS1_PADDING)
866 {
867 /* do it one shot */
868 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
869 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
870 if (ret!=1)
871 goto err;
872 ret=tlen;
873 }
874 else /* do with no padding into hardware */
875 {
876 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
877 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
878 if (ret!=1)
879 goto err;
880 /* intermediate buffer for padding */
881 if ((buf=OPENSSL_malloc(tlen)) == NULL)
882 {
883 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
884 goto err;
885 }
886 memcpy(buf,to,tlen);/* transfert to into buf */
887 switch (padding) /* check padding in software */
888 {
889#ifndef OPENSSL_NO_SHA
890 case RSA_PKCS1_OAEP_PADDING:
891 ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
892 break;
893#endif
894 case RSA_SSLV23_PADDING:
895 ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
896 break;
897 case RSA_NO_PADDING:
898 ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
899 break;
900 default:
901 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
902 goto err;
903 }
904 if (ret < 0)
905 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
906 }
907err:
908 if (buf)
909 {
910 OPENSSL_cleanse(buf,tlen);
911 OPENSSL_free(buf);
912 }
913 return ret;
914}
915
916/*
917* Does what OpenSSL rsa_priv_enc does.
918*/
919static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
920 RSA *rsa,int padding)
921{
922 int ret=0,tlen;
923 char *hptr=NULL;
924 char msg[64]="ENGINE_rsa_sign";
925 if (!p_surewarehk_Rsa_Sign)
926 {
927 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
928 }
929 /* extract ref to private key */
930 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
931 {
932 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
933 }
934 else
935 {
936 switch (padding)
937 {
938 case RSA_PKCS1_PADDING: /* do it in one shot */
939 ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
940 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
941 break;
942 case RSA_NO_PADDING:
943 default:
944 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
945 }
946 }
947 return ret==1 ? tlen : ret;
948}
949
950#endif
951
952#ifndef OPENSSL_NO_DSA
953/* DSA sign and verify */
954static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
955{
956 int ret=0;
957 char *hptr=NULL;
958 DSA_SIG *psign=NULL;
959 char msg[64]="ENGINE_dsa_do_sign";
960 if (!p_surewarehk_Dsa_Sign)
961 {
962 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
963 }
964 /* extract ref to private key */
965 else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
966 {
967 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
968 }
969 else
970 {
971 if((psign = DSA_SIG_new()) == NULL)
972 {
973 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
974 goto err;
975 }
976 psign->r=BN_new();
977 psign->s=BN_new();
978 bn_expand2(psign->r, 20/sizeof(BN_ULONG));
979 bn_expand2(psign->s, 20/sizeof(BN_ULONG));
980 if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
981 !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
982 goto err;
983 ret=p_surewarehk_Dsa_Sign(msg,flen,from,
984 (unsigned long *)psign->r->d,
985 (unsigned long *)psign->s->d,
986 hptr);
987 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
988 }
989 psign->r->top=20/sizeof(BN_ULONG);
990 bn_fix_top(psign->r);
991 psign->s->top=20/sizeof(BN_ULONG);
992 bn_fix_top(psign->s);
993
994err:
995 if (psign)
996 {
997 DSA_SIG_free(psign);
998 psign=NULL;
999 }
1000 return psign;
1001}
1002#endif
1003
1004static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1005 const BIGNUM *m, BN_CTX *ctx)
1006{
1007 int ret=0;
1008 char msg[64]="ENGINE_modexp";
1009 if (!p_surewarehk_Mod_Exp)
1010 {
1011 SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
1012 }
1013 else
1014 {
1015 bn_expand2(r,m->top);
1016 if (r && r->dmax==m->top)
1017 {
1018 /* do it*/
1019 ret=p_surewarehk_Mod_Exp(msg,
1020 m->top*sizeof(BN_ULONG),
1021 (unsigned long *)m->d,
1022 p->top*sizeof(BN_ULONG),
1023 (unsigned long *)p->d,
1024 a->top*sizeof(BN_ULONG),
1025 (unsigned long *)a->d,
1026 (unsigned long *)r->d);
1027 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
1028 if (ret==1)
1029 {
1030 /* normalise result */
1031 r->top=m->top;
1032 bn_fix_top(r);
1033 }
1034 }
1035 }
1036 return ret;
1037}
1038#endif /* !OPENSSL_NO_HW_SureWare */
1039#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index ed8401ec16..6286dd851c 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e)
242 return 1; 242 return 1;
243 } 243 }
244 244
245#ifndef ENGINE_DYNAMIC_SUPPORT
245static ENGINE *engine_ubsec(void) 246static ENGINE *engine_ubsec(void)
246 { 247 {
247 ENGINE *ret = ENGINE_new(); 248 ENGINE *ret = ENGINE_new();
@@ -264,6 +265,7 @@ void ENGINE_load_ubsec(void)
264 ENGINE_free(toadd); 265 ENGINE_free(toadd);
265 ERR_clear_error(); 266 ERR_clear_error();
266 } 267 }
268#endif
267 269
268/* This is a process-global DSO handle used for loading and unloading 270/* This is a process-global DSO handle used for loading and unloading
269 * the UBSEC library. NB: This is only set (or unset) during an 271 * the UBSEC library. NB: This is only set (or unset) during an
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
1/******************************************************************************
2 *
3 * Copyright 2000
4 * Broadcom Corporation
5 * 16215 Alton Parkway
6 * PO Box 57013
7 * Irvine CA 92619-7013
8 *
9 *****************************************************************************/
10/*
11 * Broadcom Corporation uBSec SDK
12 */
13/*
14 * Character device header file.
15 */
16/*
17 * Revision History:
18 *
19 * October 2000 JTT Created.
20 */
21
22#define MAX_PUBLIC_KEY_BITS (1024)
23#define MAX_PUBLIC_KEY_BYTES (1024/8)
24#define SHA_BIT_SIZE (160)
25#define MAX_CRYPTO_KEY_LENGTH 24
26#define MAX_MAC_KEY_LENGTH 64
27#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
28#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
29
30/* Math command types. */
31#define UBSEC_MATH_MODADD 0x0001
32#define UBSEC_MATH_MODSUB 0x0002
33#define UBSEC_MATH_MODMUL 0x0004
34#define UBSEC_MATH_MODEXP 0x0008
35#define UBSEC_MATH_MODREM 0x0010
36#define UBSEC_MATH_MODINV 0x0020
37
38typedef long ubsec_MathCommand_t;
39typedef long ubsec_RNGCommand_t;
40
41typedef struct ubsec_crypto_context_s {
42 unsigned int flags;
43 unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
44 unsigned char auth[MAX_MAC_KEY_LENGTH];
45} ubsec_crypto_context_t, *ubsec_crypto_context_p;
46
47/*
48 * Predeclare the function pointer types that we dynamically load from the DSO.
49 */
50
51typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
52
53typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
54
55typedef int t_UBSEC_ubsec_open(unsigned char *device);
56
57typedef int t_UBSEC_ubsec_close(int fd);
58
59typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
60 unsigned char *x, int *x_len, unsigned char *y, int *y_len,
61 unsigned char *g, int g_len, unsigned char *m, int m_len,
62 unsigned char *userX, int userX_len, int random_bits);
63
64typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
65 unsigned char *x, int x_len, unsigned char *y, int y_len,
66 unsigned char *m, int m_len, unsigned char *k, int *k_len);
67
68typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
69 unsigned char *x, int x_len, unsigned char *m, int m_len,
70 unsigned char *e, int e_len, unsigned char *y, int *y_len);
71
72typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
73 unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
74 unsigned char *edq, int edq_len, unsigned char *q, int q_len,
75 unsigned char *edp, int edp_len, unsigned char *p, int p_len,
76 unsigned char *y, int *y_len);
77
78typedef int t_UBSEC_dsa_sign_ioctl (int fd,
79 int hash, unsigned char *data, int data_len,
80 unsigned char *rndom, int random_len,
81 unsigned char *p, int p_len, unsigned char *q, int q_len,
82 unsigned char *g, int g_len, unsigned char *key, int key_len,
83 unsigned char *r, int *r_len, unsigned char *s, int *s_len);
84
85typedef int t_UBSEC_dsa_verify_ioctl (int fd,
86 int hash, unsigned char *data, int data_len,
87 unsigned char *p, int p_len, unsigned char *q, int q_len,
88 unsigned char *g, int g_len, unsigned char *key, int key_len,
89 unsigned char *r, int r_len, unsigned char *s, int s_len,
90 unsigned char *v, int *v_len);
91
92typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
93 unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
94 unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
95 unsigned char *Result, int *Result_len);
96
97typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
98 unsigned char *Result, int *Result_len);
99
100typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..aaa4d4575e
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
1/*
2 * ModExp / RSA (with/without KM) plugin API
3 *
4 * The application will load a dynamic library which
5 * exports entrypoint(s) defined in this file.
6 *
7 * This set of entrypoints provides only a multithreaded,
8 * synchronous-within-each-thread, facility.
9 *
10 *
11 * This file is Copyright 1998-2000 nCipher Corporation Limited.
12 *
13 * Redistribution and use in source and binary forms, with opr without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the copyright notice,
18 * this list of conditions, and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions, and the following
22 * disclaimer, in the documentation and/or other materials provided
23 * with the distribution
24 *
25 * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
26 * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
27 * damages arising directly or indirectly from this file, its use or
28 * this licence. Without prejudice to the generality of the
29 * foregoing: all liability shall be excluded for direct, indirect,
30 * special, incidental, consequential or other damages or any loss of
31 * profits, business, revenue goodwill or anticipated savings;
32 * liability shall be excluded even if nCipher or anyone else has been
33 * advised of the possibility of damage. In any event, if the
34 * exclusion of liability is not effective, the liability of nCipher
35 * or any author or distributor shall be limited to the lesser of the
36 * price paid and 1,000 pounds sterling. This licence only fails to
37 * exclude or limit liability for death or personal injury arising out
38 * of negligence, and only to the extent that such an exclusion or
39 * limitation is not effective.
40 *
41 * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
42 * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
43 * limited to, any implied warranties of merchantability, fitness for
44 * a particular purpose, satisfactory quality, and/or non-infringement
45 * of any third party rights.
46 *
47 * US Government use: This software and documentation is Commercial
48 * Computer Software and Computer Software Documentation, as defined in
49 * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
50 * Noncommercial Computer Software and Noncommercial Computer Software
51 * Documentation." Use, duplication or disclosure by the Government is
52 * subject to the terms and conditions specified here.
53 *
54 * By using or distributing this file you will be accepting these
55 * terms and conditions, including the limitation of liability and
56 * lack of warranty. If you do not wish to accept these terms and
57 * conditions, DO NOT USE THE FILE.
58 *
59 *
60 * The actual dynamically loadable plugin, and the library files for
61 * static linking, which are also provided in some distributions, are
62 * not covered by the licence described above. You should have
63 * received a separate licence with terms and conditions for these
64 * library files; if you received the library files without a licence,
65 * please contact nCipher.
66 *
67 *
68 * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $
69 */
70
71#ifndef HWCRYPTOHOOK_H
72#define HWCRYPTOHOOK_H
73
74#include <sys/types.h>
75#include <stdio.h>
76
77#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
78#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
79#endif
80
81#define HWCRYPTOHOOK_ERROR_FAILED -1
82#define HWCRYPTOHOOK_ERROR_FALLBACK -2
83#define HWCRYPTOHOOK_ERROR_MPISIZE -3
84
85#if HWCRYPTOHOOK_DECLARE_APPTYPES
86
87/* These structs are defined by the application and opaque to the
88 * crypto plugin. The application may define these as it sees fit.
89 * Default declarations are provided here, but the application may
90 * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
91 * to prevent these declarations, and instead provide its own
92 * declarations of these types. (Pointers to them must still be
93 * ordinary pointers to structs or unions, or the resulting combined
94 * program will have a type inconsistency.)
95 */
96typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
97typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
98typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
99typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
100
101#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
102
103/* These next two structs are opaque to the application. The crypto
104 * plugin will return pointers to them; the caller simply manipulates
105 * the pointers.
106 */
107typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
108typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
109
110typedef struct {
111 char *buf;
112 size_t size;
113} HWCryptoHook_ErrMsgBuf;
114/* Used for error reporting. When a HWCryptoHook function fails it
115 * will return a sentinel value (0 for pointer-valued functions, or a
116 * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
117 * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
118 * an error message there.
119 *
120 * size is the size of the buffer, and will not be modified. If you
121 * pass 0 for size you must pass 0 for buf, and nothing will be
122 * recorded (just as if you passed 0 for the struct pointer).
123 * Messages written to the buffer will always be null-terminated, even
124 * when truncated to fit within size bytes.
125 *
126 * The contents of the buffer are not defined if there is no error.
127 */
128
129typedef struct HWCryptoHook_MPIStruct {
130 unsigned char *buf;
131 size_t size;
132} HWCryptoHook_MPI;
133/* When one of these is returned, a pointer is passed to the function.
134 * At call, size is the space available. Afterwards it is updated to
135 * be set to the actual length (which may be more than the space available,
136 * if there was not enough room and the result was truncated).
137 * buf (the pointer) is not updated.
138 *
139 * size is in bytes and may be zero at call or return, but must be a
140 * multiple of the limb size. Zero limbs at the MS end are not
141 * permitted.
142 */
143
144#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
145#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
146/* Enable requesting fallback to software in case of problems with the
147 * hardware support. This indicates to the crypto provider that the
148 * application is prepared to fall back to software operation if the
149 * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
150 * Without this flag those calls will never return
151 * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
152 * provider to avoid repeatedly attempting to contact dead hardware
153 * within a short interval, if appropriate.
154 */
155
156#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
157/* Without _SimpleForkCheck the library is allowed to assume that the
158 * application will not fork and call the library in the child(ren).
159 *
160 * When it is specified, this is allowed. However, after a fork
161 * neither parent nor child may unload any loaded keys or call
162 * _Finish. Instead, they should call exit (or die with a signal)
163 * without calling _Finish. After all the children have died the
164 * parent may unload keys or call _Finish.
165 *
166 * This flag only has any effect on UN*X platforms.
167 */
168
169typedef struct {
170 unsigned long flags;
171 void *logstream; /* usually a FILE*. See below. */
172
173 size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
174 int mslimbfirst; /* 0 or 1 */
175 int msbytefirst; /* 0 or 1; -1 = native */
176
177 /* All the callback functions should return 0 on success, or a
178 * nonzero integer (whose value will be visible in the error message
179 * put in the buffer passed to the call).
180 *
181 * If a callback is not available pass a null function pointer.
182 *
183 * The callbacks may not call down again into the crypto plugin.
184 */
185
186 /* For thread-safety. Set everything to 0 if you promise only to be
187 * singlethreaded. maxsimultaneous is the number of calls to
188 * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
189 * put there then say 0 and the hook library will use a default.
190 *
191 * maxmutexes is a small limit on the number of simultaneous mutexes
192 * which will be requested by the library. If there is no small
193 * limit, set it to 0. If the crypto plugin cannot create the
194 * advertised number of mutexes the calls to its functions may fail.
195 * If a low number of mutexes is advertised the plugin will try to
196 * do the best it can. Making larger numbers of mutexes available
197 * may improve performance and parallelism by reducing contention
198 * over critical sections. Unavailability of any mutexes, implying
199 * single-threaded operation, should be indicated by the setting
200 * mutex_init et al to 0.
201 */
202 int maxmutexes;
203 int maxsimultaneous;
204 size_t mutexsize;
205 int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
206 int (*mutex_acquire)(HWCryptoHook_Mutex*);
207 void (*mutex_release)(HWCryptoHook_Mutex*);
208 void (*mutex_destroy)(HWCryptoHook_Mutex*);
209
210 /* For greater efficiency, can use condition vars internally for
211 * synchronisation. In this case maxsimultaneous is ignored, but
212 * the other mutex stuff must be available. In singlethreaded
213 * programs, set everything to 0.
214 */
215 size_t condvarsize;
216 int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
217 int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
218 void (*condvar_signal)(HWCryptoHook_CondVar*);
219 void (*condvar_broadcast)(HWCryptoHook_CondVar*);
220 void (*condvar_destroy)(HWCryptoHook_CondVar*);
221
222 /* The semantics of acquiring and releasing mutexes and broadcasting
223 * and waiting on condition variables are expected to be those from
224 * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
225 * fast mutexes, recursive mutexes, or nonrecursive ones.
226 *
227 * The _release/_signal/_broadcast and _destroy functions must
228 * always succeed when given a valid argument; if they are given an
229 * invalid argument then the program (crypto plugin + application)
230 * has an internal error, and they should abort the program.
231 */
232
233 int (*getpassphrase)(const char *prompt_info,
234 int *len_io, char *buf,
235 HWCryptoHook_PassphraseContext *ppctx,
236 HWCryptoHook_CallerContext *cactx);
237 /* Passphrases and the prompt_info, if they contain high-bit-set
238 * characters, are UTF-8. The prompt_info may be a null pointer if
239 * no prompt information is available (it should not be an empty
240 * string). It will not contain text like `enter passphrase';
241 * instead it might say something like `Operator Card for John
242 * Smith' or `SmartCard in nFast Module #1, Slot #1'.
243 *
244 * buf points to a buffer in which to return the passphrase; on
245 * entry *len_io is the length of the buffer. It should be updated
246 * by the callback. The returned passphrase should not be
247 * null-terminated by the callback.
248 */
249
250 int (*getphystoken)(const char *prompt_info,
251 const char *wrong_info,
252 HWCryptoHook_PassphraseContext *ppctx,
253 HWCryptoHook_CallerContext *cactx);
254 /* Requests that the human user physically insert a different
255 * smartcard, DataKey, etc. The plugin should check whether the
256 * currently inserted token(s) are appropriate, and if they are it
257 * should not make this call.
258 *
259 * prompt_info is as before. wrong_info is a description of the
260 * currently inserted token(s) so that the user is told what
261 * something is. wrong_info, like prompt_info, may be null, but
262 * should not be an empty string. Its contents should be
263 * syntactically similar to that of prompt_info.
264 */
265
266 /* Note that a single LoadKey operation might cause several calls to
267 * getpassphrase and/or requestphystoken. If requestphystoken is
268 * not provided (ie, a null pointer is passed) then the plugin may
269 * not support loading keys for which authorisation by several cards
270 * is required. If getpassphrase is not provided then cards with
271 * passphrases may not be supported.
272 *
273 * getpassphrase and getphystoken do not need to check that the
274 * passphrase has been entered correctly or the correct token
275 * inserted; the crypto plugin will do that. If this is not the
276 * case then the crypto plugin is responsible for calling these
277 * routines again as appropriate until the correct token(s) and
278 * passphrase(s) are supplied as required, or until any retry limits
279 * implemented by the crypto plugin are reached.
280 *
281 * In either case, the application must allow the user to say `no'
282 * or `cancel' to indicate that they do not know the passphrase or
283 * have the appropriate token; this should cause the callback to
284 * return nonzero indicating error.
285 */
286
287 void (*logmessage)(void *logstream, const char *message);
288 /* A log message will be generated at least every time something goes
289 * wrong and an ErrMsgBuf is filled in (or would be if one was
290 * provided). Other diagnostic information may be written there too,
291 * including more detailed reasons for errors which are reported in an
292 * ErrMsgBuf.
293 *
294 * When a log message is generated, this callback is called. It
295 * should write a message to the relevant logging arrangements.
296 *
297 * The message string passed will be null-terminated and may be of arbitrary
298 * length. It will not be prefixed by the time and date, nor by the
299 * name of the library that is generating it - if this is required,
300 * the logmessage callback must do it. The message will not have a
301 * trailing newline (though it may contain internal newlines).
302 *
303 * If a null pointer is passed for logmessage a default function is
304 * used. The default function treats logstream as a FILE* which has
305 * been converted to a void*. If logstream is 0 it does nothing.
306 * Otherwise it prepends the date and time and library name and
307 * writes the message to logstream. Each line will be prefixed by a
308 * descriptive string containing the date, time and identity of the
309 * crypto plugin. Errors on the logstream are not reported
310 * anywhere, and the default function doesn't flush the stream, so
311 * the application must set the buffering how it wants it.
312 *
313 * The crypto plugin may also provide a facility to have copies of
314 * log messages sent elsewhere, and or for adjusting the verbosity
315 * of the log messages; any such facilities will be configured by
316 * external means.
317 */
318
319} HWCryptoHook_InitInfo;
320
321typedef
322HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
323 size_t initinfosize,
324 const HWCryptoHook_ErrMsgBuf *errors,
325 HWCryptoHook_CallerContext *cactx);
326extern HWCryptoHook_Init_t HWCryptoHook_Init;
327
328/* Caller should set initinfosize to the size of the HWCryptoHook struct,
329 * so it can be extended later.
330 *
331 * On success, a message for display or logging by the server,
332 * including the name and version number of the plugin, will be filled
333 * in into *errors; on failure *errors is used for error handling, as
334 * usual.
335 */
336
337/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
338 * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
339 * the output MPI buffer(s) was too small; the sizes of all have been
340 * set to the desired size (and for those where the buffer was large
341 * enough, the value may have been copied in), and no error message
342 * has been recorded.
343 *
344 * You may pass 0 for the errors struct. In any case, unless you set
345 * _NoStderr at init time then messages may be reported to stderr.
346 */
347
348/* The RSAImmed* functions (and key managed RSA) only work with
349 * modules which have an RSA patent licence - currently that means KM
350 * units; the ModExp* ones work with all modules, so you need a patent
351 * licence in the software in the US. They are otherwise identical.
352 */
353
354typedef
355void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
356extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
357/* You must not have any calls going or keys loaded when you call this. */
358
359typedef
360int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
361 unsigned char *buf, size_t len,
362 const HWCryptoHook_ErrMsgBuf *errors);
363extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
364
365typedef
366int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
367 HWCryptoHook_MPI a,
368 HWCryptoHook_MPI p,
369 HWCryptoHook_MPI n,
370 HWCryptoHook_MPI *r,
371 const HWCryptoHook_ErrMsgBuf *errors);
372extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
373
374typedef
375int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
376 HWCryptoHook_MPI m,
377 HWCryptoHook_MPI e,
378 HWCryptoHook_MPI n,
379 HWCryptoHook_MPI *r,
380 const HWCryptoHook_ErrMsgBuf *errors);
381extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
382
383typedef
384int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
385 HWCryptoHook_MPI a,
386 HWCryptoHook_MPI p,
387 HWCryptoHook_MPI q,
388 HWCryptoHook_MPI dmp1,
389 HWCryptoHook_MPI dmq1,
390 HWCryptoHook_MPI iqmp,
391 HWCryptoHook_MPI *r,
392 const HWCryptoHook_ErrMsgBuf *errors);
393extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
394
395typedef
396int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
397 HWCryptoHook_MPI m,
398 HWCryptoHook_MPI p,
399 HWCryptoHook_MPI q,
400 HWCryptoHook_MPI dmp1,
401 HWCryptoHook_MPI dmq1,
402 HWCryptoHook_MPI iqmp,
403 HWCryptoHook_MPI *r,
404 const HWCryptoHook_ErrMsgBuf *errors);
405extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
406
407/* The RSAImmed* and ModExp* functions may return E_FAILED or
408 * E_FALLBACK for failure.
409 *
410 * E_FAILED means the failure is permanent and definite and there
411 * should be no attempt to fall back to software. (Eg, for some
412 * applications, which support only the acceleration-only
413 * functions, the `key material' may actually be an encoded key
414 * identifier, and doing the operation in software would give wrong
415 * answers.)
416 *
417 * E_FALLBACK means that doing the computation in software would seem
418 * reasonable. If an application pays attention to this and is
419 * able to fall back, it should also set the Fallback init flags.
420 */
421
422typedef
423int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
424 const char *key_ident,
425 HWCryptoHook_RSAKeyHandle *keyhandle_r,
426 const HWCryptoHook_ErrMsgBuf *errors,
427 HWCryptoHook_PassphraseContext *ppctx);
428extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
429/* The key_ident is a null-terminated string configured by the
430 * user via the application's usual configuration mechanisms.
431 * It is provided to the user by the crypto provider's key management
432 * system. The user must be able to enter at least any string of between
433 * 1 and 1023 characters inclusive, consisting of printable 7-bit
434 * ASCII characters. The provider should avoid using
435 * any characters except alphanumerics and the punctuation
436 * characters _ - + . / @ ~ (the user is expected to be able
437 * to enter these without quoting). The string may be case-sensitive.
438 * The application may allow the user to enter other NULL-terminated strings,
439 * and the provider must cope (returning an error if the string is not
440 * valid).
441 *
442 * If the key does not exist, no error is recorded and 0 is returned;
443 * keyhandle_r will be set to 0 instead of to a key handle.
444 */
445
446typedef
447int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
448 HWCryptoHook_MPI *n,
449 HWCryptoHook_MPI *e,
450 const HWCryptoHook_ErrMsgBuf *errors);
451extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
452/* The crypto plugin will not store certificates.
453 *
454 * Although this function for acquiring the public key value is
455 * provided, it is not the purpose of this API to deal fully with the
456 * handling of the public key.
457 *
458 * It is expected that the crypto supplier's key generation program
459 * will provide general facilities for producing X.509
460 * self-certificates and certificate requests in PEM format. These
461 * will be given to the user so that they can configure them in the
462 * application, send them to CAs, or whatever.
463 *
464 * In case this kind of certificate handling is not appropriate, the
465 * crypto supplier's key generation program should be able to be
466 * configured not to generate such a self-certificate or certificate
467 * request. Then the application will need to do all of this, and
468 * will need to store and handle the public key and certificates
469 * itself.
470 */
471
472typedef
473int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
474 const HWCryptoHook_ErrMsgBuf *errors);
475extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
476/* Might fail due to locking problems, or other serious internal problems. */
477
478typedef
479int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
480 HWCryptoHook_RSAKeyHandle k,
481 HWCryptoHook_MPI *r,
482 const HWCryptoHook_ErrMsgBuf *errors);
483extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
484/* RSA private key operation (sign or decrypt) - raw, unpadded. */
485
486#endif /*HWCRYPTOHOOK_H*/
diff --git a/src/lib/libcrypto/engine/vendor_defns/sureware.h b/src/lib/libcrypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000000..1d3789219d
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
1/*
2* Written by Corinne Dive-Reclus(cdive@baltimore.com)
3*
4* Copyright@2001 Baltimore Technologies Ltd.
5* *
6* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
7* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
8* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
9* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
10* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
11* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
12* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
13* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
14* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
15* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
16* SUCH DAMAGE. *
17*
18*
19*/
20#ifdef WIN32
21#define SW_EXPORT __declspec ( dllexport )
22#else
23#define SW_EXPORT
24#endif
25
26/*
27* List of exposed SureWare errors
28*/
29#define SUREWAREHOOK_ERROR_FAILED -1
30#define SUREWAREHOOK_ERROR_FALLBACK -2
31#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
32#define SUREWAREHOOK_ERROR_DATA_SIZE -4
33#define SUREWAREHOOK_ERROR_INVALID_PAD -5
34/*
35* -----------------WARNING-----------------------------------
36* In all the following functions:
37* msg is a string with at least 24 bytes free.
38* A 24 bytes string will be concatenated to the existing content of msg.
39*/
40/*
41* SureWare Initialisation function
42* in param threadsafe, if !=0, thread safe enabled
43* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
44*/
45typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
46extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
47/*
48* SureWare Finish function
49*/
50typedef void SureWareHook_Finish_t();
51extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
52/*
53* PRE_CONDITION:
54* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
55*/
56/*
57* SureWare RAND Bytes function
58* In case of failure, the content of buf is unpredictable.
59* return 1 if success
60* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
61* SureWareHOOK_ERROR_FAILED if error while processing
62* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
63* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
64*
65* in/out param buf : a num bytes long buffer where random bytes will be put
66* in param num : the number of bytes into buf
67*/
68typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
69extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
70
71/*
72* SureWare RAND Seed function
73* Adds some seed to the Hardware Random Number Generator
74* return 1 if success
75* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
76* SureWareHOOK_ERROR_FAILED if error while processing
77* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
78* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
79*
80* in param buf : the seed to add into the HRNG
81* in param num : the number of bytes into buf
82*/
83typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
84extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
85
86/*
87* SureWare Load Private Key function
88* return 1 if success
89* SureWareHOOK_ERROR_FAILED if error while processing
90* No hardware is contact for this function.
91*
92* in param key_id :the name of the private protected key file without the extension
93 ".sws"
94* out param hptr : a pointer to a buffer allocated by SureWare_Hook
95* out param num: the effective key length in bytes
96* out param keytype: 1 if RSA 2 if DSA
97*/
98typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
99extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
100
101/*
102* SureWare Info Public Key function
103* return 1 if success
104* SureWareHOOK_ERROR_FAILED if error while processing
105* No hardware is contact for this function.
106*
107* in param key_id :the name of the private protected key file without the extension
108 ".swp"
109* out param hptr : a pointer to a buffer allocated by SureWare_Hook
110* out param num: the effective key length in bytes
111* out param keytype: 1 if RSA 2 if DSA
112*/
113typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
114 char *keytype);
115extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
116
117/*
118* SureWare Load Public Key function
119* return 1 if success
120* SureWareHOOK_ERROR_FAILED if error while processing
121* No hardware is contact for this function.
122*
123* in param key_id :the name of the public protected key file without the extension
124 ".swp"
125* in param num : the bytes size of n and e
126* out param n: where to write modulus in bn format
127* out param e: where to write exponent in bn format
128*/
129typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
130 unsigned long *n, unsigned long *e);
131extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
132
133/*
134* SureWare Load DSA Public Key function
135* return 1 if success
136* SureWareHOOK_ERROR_FAILED if error while processing
137* No hardware is contact for this function.
138*
139* in param key_id :the name of the public protected key file without the extension
140 ".swp"
141* in param num : the bytes size of n and e
142* out param pub: where to write pub key in bn format
143* out param p: where to write prime in bn format
144* out param q: where to write sunprime (length 20 bytes) in bn format
145* out param g: where to write base in bn format
146*/
147typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
148 unsigned long *pub, unsigned long *p,unsigned long*q,
149 unsigned long *g);
150extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
151
152/*
153* SureWare Free function
154* Destroy the key into the hardware if destroy==1
155*/
156typedef void SureWareHook_Free_t(char *p,int destroy);
157extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
158
159#define SUREWARE_PKCS1_PAD 1
160#define SUREWARE_ISO9796_PAD 2
161#define SUREWARE_NO_PAD 0
162/*
163* SureWare RSA Private Decryption
164* return 1 if success
165* SureWareHOOK_ERROR_FAILED if error while processing
166* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
167* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
168*
169* in param flen : byte size of from and to
170* in param from : encrypted data buffer, should be a not-null valid pointer
171* out param tlen: byte size of decrypted data, if error, unexpected value
172* out param to : decrypted data buffer, should be a not-null valid pointer
173* in param prsa: a protected key pointer, should be a not-null valid pointer
174* int padding: padding id as follow
175* SUREWARE_PKCS1_PAD
176* SUREWARE_NO_PAD
177*
178*/
179typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
180 int *tlen,unsigned char *to,
181 char *prsa,int padding);
182extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
183/*
184* SureWare RSA Signature
185* return 1 if success
186* SureWareHOOK_ERROR_FAILED if error while processing
187* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
188* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
189*
190* in param flen : byte size of from and to
191* in param from : encrypted data buffer, should be a not-null valid pointer
192* out param tlen: byte size of decrypted data, if error, unexpected value
193* out param to : decrypted data buffer, should be a not-null valid pointer
194* in param prsa: a protected key pointer, should be a not-null valid pointer
195* int padding: padding id as follow
196* SUREWARE_PKCS1_PAD
197* SUREWARE_ISO9796_PAD
198*
199*/
200typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
201 int *tlen,unsigned char *to,
202 char *prsa,int padding);
203extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
204/*
205* SureWare DSA Signature
206* return 1 if success
207* SureWareHOOK_ERROR_FAILED if error while processing
208* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
209* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
210*
211* in param flen : byte size of from and to
212* in param from : encrypted data buffer, should be a not-null valid pointer
213* out param to : decrypted data buffer, should be a 40bytes valid pointer
214* in param pdsa: a protected key pointer, should be a not-null valid pointer
215*
216*/
217typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
218 unsigned long *r,unsigned long *s,char *pdsa);
219extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
220
221
222/*
223* SureWare Mod Exp
224* return 1 if success
225* SureWareHOOK_ERROR_FAILED if error while processing
226* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
227* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
228*
229* mod and res are mlen bytes long.
230* exp is elen bytes long
231* data is dlen bytes long
232* mlen,elen and dlen are all multiple of sizeof(unsigned long)
233*/
234typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
235 int elen,const unsigned long *exp,
236 int dlen,unsigned long *data,
237 unsigned long *res);
238extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
239
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 09:59:39 +0000