]>
Commit | Line | Data |
---|---|---|
5572f482 RL |
1 | /* crypto/engine/hw_ubsec.c */ |
2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL | |
3 | * project 2000. | |
4 | * | |
5 | * Cloned shamelessly by Joe Tardo. | |
6 | */ | |
7 | /* ==================================================================== | |
8 | * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | |
13 | * | |
14 | * 1. Redistributions of source code must retain the above copyright | |
15 | * notice, this list of conditions and the following disclaimer. | |
16 | * | |
17 | * 2. Redistributions in binary form must reproduce the above copyright | |
18 | * notice, this list of conditions and the following disclaimer in | |
19 | * the documentation and/or other materials provided with the | |
20 | * distribution. | |
21 | * | |
22 | * 3. All advertising materials mentioning features or use of this | |
23 | * software must display the following acknowledgment: | |
24 | * "This product includes software developed by the OpenSSL Project | |
25 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
26 | * | |
27 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
28 | * endorse or promote products derived from this software without | |
29 | * prior written permission. For written permission, please contact | |
30 | * licensing@OpenSSL.org. | |
31 | * | |
32 | * 5. Products derived from this software may not be called "OpenSSL" | |
33 | * nor may "OpenSSL" appear in their names without prior written | |
34 | * permission of the OpenSSL Project. | |
35 | * | |
36 | * 6. Redistributions of any form whatsoever must retain the following | |
37 | * acknowledgment: | |
38 | * "This product includes software developed by the OpenSSL Project | |
39 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
42 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
44 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
45 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
46 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
47 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
48 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
49 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
50 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
51 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
52 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
53 | * ==================================================================== | |
54 | * | |
55 | * This product includes cryptographic software written by Eric Young | |
56 | * (eay@cryptsoft.com). This product includes software written by Tim | |
57 | * Hudson (tjh@cryptsoft.com). | |
58 | * | |
59 | */ | |
60 | ||
61 | #include <stdio.h> | |
62 | #include <openssl/crypto.h> | |
63 | #include "cryptlib.h" | |
64 | #include <openssl/dso.h> | |
65 | #include <openssl/engine.h> | |
66 | ||
67 | #ifndef OPENSSL_NO_HW | |
68 | #ifndef OPENSSL_NO_HW_UBSEC | |
69 | ||
70 | #ifdef FLAT_INC | |
71 | #include "hw_ubsec.h" | |
72 | #else | |
73 | #include "vendor_defns/hw_ubsec.h" | |
74 | #endif | |
75 | ||
76 | #define UBSEC_LIB_NAME "ubsec engine" | |
77 | #include "hw_ubsec_err.c" | |
78 | ||
79 | #define FAIL_TO_SOFTWARE -15 | |
80 | ||
81 | static int ubsec_destroy(ENGINE *e); | |
82 | static int ubsec_init(ENGINE *e); | |
83 | static int ubsec_finish(ENGINE *e); | |
84 | static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | |
85 | static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
86 | const BIGNUM *m, BN_CTX *ctx); | |
87 | static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
88 | const BIGNUM *q, const BIGNUM *dp, | |
89 | const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx); | |
90 | #ifndef OPENSSL_NO_RSA | |
91 | static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | |
92 | #endif | |
93 | static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
94 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | |
95 | #ifndef OPENSSL_NO_DSA | |
96 | #ifdef NOT_USED | |
97 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | |
98 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | |
99 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | |
100 | static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, | |
101 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
102 | BN_MONT_CTX *m_ctx); | |
103 | #endif | |
104 | static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | |
105 | static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, | |
106 | DSA_SIG *sig, DSA *dsa); | |
107 | #endif | |
108 | #ifndef OPENSSL_NO_DH | |
109 | static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | |
110 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
111 | BN_MONT_CTX *m_ctx); | |
112 | static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); | |
113 | static int ubsec_dh_generate_key(DH *dh); | |
114 | #endif | |
115 | ||
116 | #ifdef NOT_USED | |
117 | static int ubsec_rand_bytes(unsigned char *buf, int num); | |
118 | static int ubsec_rand_status(void); | |
119 | #endif | |
120 | ||
121 | #define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE | |
122 | static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = { | |
123 | {UBSEC_CMD_SO_PATH, | |
124 | "SO_PATH", | |
125 | "Specifies the path to the 'ubsec' shared library", | |
126 | ENGINE_CMD_FLAG_STRING}, | |
127 | {0, NULL, NULL, 0} | |
128 | }; | |
129 | ||
130 | #ifndef OPENSSL_NO_RSA | |
131 | /* Our internal RSA_METHOD that we provide pointers to */ | |
132 | static RSA_METHOD ubsec_rsa = | |
133 | { | |
134 | "UBSEC RSA method", | |
135 | NULL, | |
136 | NULL, | |
137 | NULL, | |
138 | NULL, | |
139 | ubsec_rsa_mod_exp, | |
140 | ubsec_mod_exp_mont, | |
141 | NULL, | |
142 | NULL, | |
143 | 0, | |
144 | NULL, | |
145 | NULL, | |
146 | NULL | |
147 | }; | |
148 | #endif | |
149 | ||
150 | #ifndef OPENSSL_NO_DSA | |
151 | /* Our internal DSA_METHOD that we provide pointers to */ | |
152 | static DSA_METHOD ubsec_dsa = | |
153 | { | |
154 | "UBSEC DSA method", | |
155 | ubsec_dsa_do_sign, /* dsa_do_sign */ | |
156 | NULL, /* dsa_sign_setup */ | |
157 | ubsec_dsa_verify, /* dsa_do_verify */ | |
158 | NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */ | |
159 | NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */ | |
160 | NULL, /* init */ | |
161 | NULL, /* finish */ | |
162 | 0, /* flags */ | |
163 | NULL /* app_data */ | |
164 | }; | |
165 | #endif | |
166 | ||
167 | #ifndef OPENSSL_NO_DH | |
168 | /* Our internal DH_METHOD that we provide pointers to */ | |
169 | static DH_METHOD ubsec_dh = | |
170 | { | |
171 | "UBSEC DH method", | |
172 | ubsec_dh_generate_key, | |
173 | ubsec_dh_compute_key, | |
174 | ubsec_mod_exp_dh, | |
175 | NULL, | |
176 | NULL, | |
177 | 0, | |
178 | NULL | |
179 | }; | |
180 | #endif | |
181 | ||
182 | /* Constants used when creating the ENGINE */ | |
183 | static const char *engine_ubsec_id = "ubsec"; | |
184 | static const char *engine_ubsec_name = "UBSEC hardware engine support"; | |
185 | ||
186 | /* This internal function is used by ENGINE_ubsec() and possibly by the | |
187 | * "dynamic" ENGINE support too */ | |
188 | static int bind_helper(ENGINE *e) | |
189 | { | |
190 | #ifndef OPENSSL_NO_RSA | |
191 | const RSA_METHOD *meth1; | |
192 | #endif | |
193 | #ifndef OPENSSL_NO_DH | |
194 | #ifndef HAVE_UBSEC_DH | |
195 | const DH_METHOD *meth3; | |
196 | #endif /* HAVE_UBSEC_DH */ | |
197 | #endif | |
198 | if(!ENGINE_set_id(e, engine_ubsec_id) || | |
199 | !ENGINE_set_name(e, engine_ubsec_name) || | |
200 | #ifndef OPENSSL_NO_RSA | |
201 | !ENGINE_set_RSA(e, &ubsec_rsa) || | |
202 | #endif | |
203 | #ifndef OPENSSL_NO_DSA | |
204 | !ENGINE_set_DSA(e, &ubsec_dsa) || | |
205 | #endif | |
206 | #ifndef OPENSSL_NO_DH | |
207 | !ENGINE_set_DH(e, &ubsec_dh) || | |
208 | #endif | |
209 | !ENGINE_set_destroy_function(e, ubsec_destroy) || | |
210 | !ENGINE_set_init_function(e, ubsec_init) || | |
211 | !ENGINE_set_finish_function(e, ubsec_finish) || | |
212 | !ENGINE_set_ctrl_function(e, ubsec_ctrl) || | |
213 | !ENGINE_set_cmd_defns(e, ubsec_cmd_defns)) | |
214 | return 0; | |
215 | ||
216 | #ifndef OPENSSL_NO_RSA | |
217 | /* We know that the "PKCS1_SSLeay()" functions hook properly | |
218 | * to the Broadcom-specific mod_exp and mod_exp_crt so we use | |
219 | * those functions. NB: We don't use ENGINE_openssl() or | |
220 | * anything "more generic" because something like the RSAref | |
221 | * code may not hook properly, and if you own one of these | |
222 | * cards then you have the right to do RSA operations on it | |
223 | * anyway! */ | |
224 | meth1 = RSA_PKCS1_SSLeay(); | |
225 | ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc; | |
226 | ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec; | |
227 | ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc; | |
228 | ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec; | |
229 | #endif | |
230 | ||
231 | #ifndef OPENSSL_NO_DH | |
232 | #ifndef HAVE_UBSEC_DH | |
233 | /* Much the same for Diffie-Hellman */ | |
234 | meth3 = DH_OpenSSL(); | |
235 | ubsec_dh.generate_key = meth3->generate_key; | |
236 | ubsec_dh.compute_key = meth3->compute_key; | |
237 | #endif /* HAVE_UBSEC_DH */ | |
238 | #endif | |
239 | ||
240 | /* Ensure the ubsec error handling is set up */ | |
241 | ERR_load_UBSEC_strings(); | |
242 | return 1; | |
243 | } | |
244 | ||
245 | static ENGINE *engine_ubsec(void) | |
246 | { | |
247 | ENGINE *ret = ENGINE_new(); | |
248 | if(!ret) | |
249 | return NULL; | |
250 | if(!bind_helper(ret)) | |
251 | { | |
252 | ENGINE_free(ret); | |
253 | return NULL; | |
254 | } | |
255 | return ret; | |
256 | } | |
257 | ||
258 | void ENGINE_load_ubsec(void) | |
259 | { | |
260 | /* Copied from eng_[openssl|dyn].c */ | |
261 | ENGINE *toadd = engine_ubsec(); | |
262 | if(!toadd) return; | |
263 | ENGINE_add(toadd); | |
264 | ENGINE_free(toadd); | |
265 | ERR_clear_error(); | |
266 | } | |
267 | ||
268 | /* This is a process-global DSO handle used for loading and unloading | |
269 | * the UBSEC library. NB: This is only set (or unset) during an | |
270 | * init() or finish() call (reference counts permitting) and they're | |
271 | * operating with global locks, so this should be thread-safe | |
272 | * implicitly. */ | |
273 | ||
274 | static DSO *ubsec_dso = NULL; | |
275 | ||
276 | /* These are the function pointers that are (un)set when the library has | |
277 | * successfully (un)loaded. */ | |
278 | ||
279 | static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL; | |
280 | static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL; | |
281 | static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL; | |
282 | static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL; | |
283 | #ifndef OPENSSL_NO_DH | |
284 | static t_UBSEC_diffie_hellman_generate_ioctl | |
285 | *p_UBSEC_diffie_hellman_generate_ioctl = NULL; | |
286 | static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL; | |
287 | #endif | |
288 | /* #ifndef OPENSSL_NO_RSA */ | |
289 | static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL; | |
290 | static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; | |
291 | /* #endif */ | |
292 | #ifndef OPENSSL_NO_DSA | |
293 | static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL; | |
294 | static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL; | |
295 | #endif | |
296 | static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL; | |
297 | static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL; | |
298 | static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL; | |
299 | ||
300 | static int max_key_len = 1024; /* ??? */ | |
301 | ||
302 | /* | |
303 | * These are the static string constants for the DSO file name and the function | |
304 | * symbol names to bind to. | |
305 | */ | |
306 | ||
307 | static const char *UBSEC_LIBNAME = NULL; | |
308 | static const char *get_UBSEC_LIBNAME(void) | |
309 | { | |
310 | if(UBSEC_LIBNAME) | |
311 | return UBSEC_LIBNAME; | |
312 | return "ubsec"; | |
313 | } | |
314 | static void free_UBSEC_LIBNAME(void) | |
315 | { | |
316 | if(UBSEC_LIBNAME) | |
317 | OPENSSL_free((void*)UBSEC_LIBNAME); | |
318 | UBSEC_LIBNAME = NULL; | |
319 | } | |
320 | static long set_UBSEC_LIBNAME(const char *name) | |
321 | { | |
322 | free_UBSEC_LIBNAME(); | |
323 | return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); | |
324 | } | |
325 | static const char *UBSEC_F1 = "ubsec_bytes_to_bits"; | |
326 | static const char *UBSEC_F2 = "ubsec_bits_to_bytes"; | |
327 | static const char *UBSEC_F3 = "ubsec_open"; | |
328 | static const char *UBSEC_F4 = "ubsec_close"; | |
329 | #ifndef OPENSSL_NO_DH | |
330 | static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl"; | |
331 | static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl"; | |
332 | #endif | |
333 | /* #ifndef OPENSSL_NO_RSA */ | |
334 | static const char *UBSEC_F7 = "rsa_mod_exp_ioctl"; | |
335 | static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl"; | |
336 | /* #endif */ | |
337 | #ifndef OPENSSL_NO_DSA | |
338 | static const char *UBSEC_F9 = "dsa_sign_ioctl"; | |
339 | static const char *UBSEC_F10 = "dsa_verify_ioctl"; | |
340 | #endif | |
341 | static const char *UBSEC_F11 = "math_accelerate_ioctl"; | |
342 | static const char *UBSEC_F12 = "rng_ioctl"; | |
343 | static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl"; | |
344 | ||
345 | /* Destructor (complements the "ENGINE_ubsec()" constructor) */ | |
346 | static int ubsec_destroy(ENGINE *e) | |
347 | { | |
348 | free_UBSEC_LIBNAME(); | |
349 | ERR_unload_UBSEC_strings(); | |
350 | return 1; | |
351 | } | |
352 | ||
353 | /* (de)initialisation functions. */ | |
354 | static int ubsec_init(ENGINE *e) | |
355 | { | |
356 | t_UBSEC_ubsec_bytes_to_bits *p1; | |
357 | t_UBSEC_ubsec_bits_to_bytes *p2; | |
358 | t_UBSEC_ubsec_open *p3; | |
359 | t_UBSEC_ubsec_close *p4; | |
360 | #ifndef OPENSSL_NO_DH | |
361 | t_UBSEC_diffie_hellman_generate_ioctl *p5; | |
362 | t_UBSEC_diffie_hellman_agree_ioctl *p6; | |
363 | #endif | |
364 | /* #ifndef OPENSSL_NO_RSA */ | |
365 | t_UBSEC_rsa_mod_exp_ioctl *p7; | |
366 | t_UBSEC_rsa_mod_exp_crt_ioctl *p8; | |
367 | /* #endif */ | |
368 | #ifndef OPENSSL_NO_DSA | |
369 | t_UBSEC_dsa_sign_ioctl *p9; | |
370 | t_UBSEC_dsa_verify_ioctl *p10; | |
371 | #endif | |
372 | t_UBSEC_math_accelerate_ioctl *p11; | |
373 | t_UBSEC_rng_ioctl *p12; | |
374 | t_UBSEC_max_key_len_ioctl *p13; | |
375 | int fd = 0; | |
376 | ||
377 | if(ubsec_dso != NULL) | |
378 | { | |
379 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED); | |
380 | goto err; | |
381 | } | |
382 | /* | |
383 | * Attempt to load libubsec.so/ubsec.dll/whatever. | |
384 | */ | |
385 | ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0); | |
386 | if(ubsec_dso == NULL) | |
387 | { | |
388 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); | |
389 | goto err; | |
390 | } | |
391 | ||
392 | if ( | |
393 | !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) || | |
394 | !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) || | |
395 | !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) || | |
396 | !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) || | |
397 | #ifndef OPENSSL_NO_DH | |
398 | !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) | |
399 | DSO_bind_func(ubsec_dso, UBSEC_F5)) || | |
400 | !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) | |
401 | DSO_bind_func(ubsec_dso, UBSEC_F6)) || | |
402 | #endif | |
403 | /* #ifndef OPENSSL_NO_RSA */ | |
404 | !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) || | |
405 | !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) || | |
406 | /* #endif */ | |
407 | #ifndef OPENSSL_NO_DSA | |
408 | !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) || | |
409 | !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) || | |
410 | #endif | |
411 | !(p11 = (t_UBSEC_math_accelerate_ioctl *) | |
412 | DSO_bind_func(ubsec_dso, UBSEC_F11)) || | |
413 | !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) || | |
414 | !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13))) | |
415 | { | |
416 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); | |
417 | goto err; | |
418 | } | |
419 | ||
420 | /* Copy the pointers */ | |
421 | p_UBSEC_ubsec_bytes_to_bits = p1; | |
422 | p_UBSEC_ubsec_bits_to_bytes = p2; | |
423 | p_UBSEC_ubsec_open = p3; | |
424 | p_UBSEC_ubsec_close = p4; | |
425 | #ifndef OPENSSL_NO_DH | |
426 | p_UBSEC_diffie_hellman_generate_ioctl = p5; | |
427 | p_UBSEC_diffie_hellman_agree_ioctl = p6; | |
428 | #endif | |
429 | #ifndef OPENSSL_NO_RSA | |
430 | p_UBSEC_rsa_mod_exp_ioctl = p7; | |
431 | p_UBSEC_rsa_mod_exp_crt_ioctl = p8; | |
432 | #endif | |
433 | #ifndef OPENSSL_NO_DSA | |
434 | p_UBSEC_dsa_sign_ioctl = p9; | |
435 | p_UBSEC_dsa_verify_ioctl = p10; | |
436 | #endif | |
437 | p_UBSEC_math_accelerate_ioctl = p11; | |
438 | p_UBSEC_rng_ioctl = p12; | |
439 | p_UBSEC_max_key_len_ioctl = p13; | |
440 | ||
441 | /* Perform an open to see if there's actually any unit running. */ | |
442 | if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0)) | |
443 | { | |
444 | p_UBSEC_ubsec_close(fd); | |
445 | return 1; | |
446 | } | |
447 | else | |
448 | { | |
449 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
450 | } | |
451 | ||
452 | err: | |
453 | if(ubsec_dso) | |
454 | DSO_free(ubsec_dso); | |
455 | p_UBSEC_ubsec_bytes_to_bits = NULL; | |
456 | p_UBSEC_ubsec_bits_to_bytes = NULL; | |
457 | p_UBSEC_ubsec_open = NULL; | |
458 | p_UBSEC_ubsec_close = NULL; | |
459 | #ifndef OPENSSL_NO_DH | |
460 | p_UBSEC_diffie_hellman_generate_ioctl = NULL; | |
461 | p_UBSEC_diffie_hellman_agree_ioctl = NULL; | |
462 | #endif | |
463 | #ifndef OPENSSL_NO_RSA | |
464 | p_UBSEC_rsa_mod_exp_ioctl = NULL; | |
465 | p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; | |
466 | #endif | |
467 | #ifndef OPENSSL_NO_DSA | |
468 | p_UBSEC_dsa_sign_ioctl = NULL; | |
469 | p_UBSEC_dsa_verify_ioctl = NULL; | |
470 | #endif | |
471 | p_UBSEC_math_accelerate_ioctl = NULL; | |
472 | p_UBSEC_rng_ioctl = NULL; | |
473 | p_UBSEC_max_key_len_ioctl = NULL; | |
474 | ||
475 | return 0; | |
476 | } | |
477 | ||
478 | static int ubsec_finish(ENGINE *e) | |
479 | { | |
480 | free_UBSEC_LIBNAME(); | |
481 | if(ubsec_dso == NULL) | |
482 | { | |
483 | UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED); | |
484 | return 0; | |
485 | } | |
486 | if(!DSO_free(ubsec_dso)) | |
487 | { | |
488 | UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE); | |
489 | return 0; | |
490 | } | |
491 | ubsec_dso = NULL; | |
492 | p_UBSEC_ubsec_bytes_to_bits = NULL; | |
493 | p_UBSEC_ubsec_bits_to_bytes = NULL; | |
494 | p_UBSEC_ubsec_open = NULL; | |
495 | p_UBSEC_ubsec_close = NULL; | |
496 | #ifndef OPENSSL_NO_DH | |
497 | p_UBSEC_diffie_hellman_generate_ioctl = NULL; | |
498 | p_UBSEC_diffie_hellman_agree_ioctl = NULL; | |
499 | #endif | |
500 | #ifndef OPENSSL_NO_RSA | |
501 | p_UBSEC_rsa_mod_exp_ioctl = NULL; | |
502 | p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; | |
503 | #endif | |
504 | #ifndef OPENSSL_NO_DSA | |
505 | p_UBSEC_dsa_sign_ioctl = NULL; | |
506 | p_UBSEC_dsa_verify_ioctl = NULL; | |
507 | #endif | |
508 | p_UBSEC_math_accelerate_ioctl = NULL; | |
509 | p_UBSEC_rng_ioctl = NULL; | |
510 | p_UBSEC_max_key_len_ioctl = NULL; | |
511 | return 1; | |
512 | } | |
513 | ||
514 | static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | |
515 | { | |
516 | int initialised = ((ubsec_dso == NULL) ? 0 : 1); | |
517 | switch(cmd) | |
518 | { | |
519 | case UBSEC_CMD_SO_PATH: | |
520 | if(p == NULL) | |
521 | { | |
522 | UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER); | |
523 | return 0; | |
524 | } | |
525 | if(initialised) | |
526 | { | |
527 | UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED); | |
528 | return 0; | |
529 | } | |
530 | return set_UBSEC_LIBNAME((const char *)p); | |
531 | default: | |
532 | break; | |
533 | } | |
534 | UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED); | |
535 | return 0; | |
536 | } | |
537 | ||
538 | static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
539 | const BIGNUM *m, BN_CTX *ctx) | |
540 | { | |
541 | int y_len = 0; | |
542 | int fd; | |
543 | ||
544 | if(ubsec_dso == NULL) | |
545 | { | |
546 | UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED); | |
547 | return 0; | |
548 | } | |
549 | ||
550 | /* Check if hardware can't handle this argument. */ | |
551 | y_len = BN_num_bits(m); | |
552 | if (y_len > max_key_len) { | |
553 | UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL); | |
554 | return BN_mod_exp(r, a, p, m, ctx); | |
555 | } | |
556 | ||
557 | if(!bn_wexpand(r, m->top)) | |
558 | { | |
559 | UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); | |
560 | return 0; | |
561 | } | |
562 | memset(r->d, 0, BN_num_bytes(m)); | |
563 | ||
564 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { | |
565 | fd = 0; | |
566 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
567 | return BN_mod_exp(r, a, p, m, ctx); | |
568 | } | |
569 | ||
570 | if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a), | |
571 | (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, | |
572 | BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0) | |
573 | { | |
574 | UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED); | |
575 | p_UBSEC_ubsec_close(fd); | |
576 | ||
577 | return BN_mod_exp(r, a, p, m, ctx); | |
578 | } | |
579 | ||
580 | p_UBSEC_ubsec_close(fd); | |
581 | ||
582 | r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2; | |
583 | return 1; | |
584 | } | |
585 | ||
586 | #ifndef OPENSSL_NO_RSA | |
587 | static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | |
588 | { | |
589 | BN_CTX *ctx; | |
590 | int to_return = 0; | |
591 | ||
592 | if((ctx = BN_CTX_new()) == NULL) | |
593 | goto err; | |
594 | ||
595 | if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) | |
596 | { | |
597 | UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS); | |
598 | goto err; | |
599 | } | |
600 | ||
601 | to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, | |
602 | rsa->dmq1, rsa->iqmp, ctx); | |
603 | if (to_return == FAIL_TO_SOFTWARE) | |
604 | { | |
605 | /* | |
606 | * Do in software as hardware failed. | |
607 | */ | |
608 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | |
609 | to_return = (*meth->rsa_mod_exp)(r0, I, rsa); | |
610 | } | |
611 | err: | |
612 | if(ctx) | |
613 | BN_CTX_free(ctx); | |
614 | return to_return; | |
615 | } | |
616 | #endif | |
617 | ||
618 | static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
619 | const BIGNUM *q, const BIGNUM *dp, | |
620 | const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) | |
621 | { | |
622 | int y_len, | |
623 | m_len, | |
624 | fd; | |
625 | ||
626 | m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; | |
627 | y_len = BN_num_bits(p) + BN_num_bits(q); | |
628 | ||
629 | /* Check if hardware can't handle this argument. */ | |
630 | if (y_len > max_key_len) { | |
631 | UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL); | |
632 | return FAIL_TO_SOFTWARE; | |
633 | } | |
634 | ||
635 | if (!bn_wexpand(r, p->top + q->top + 1)) { | |
636 | UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL); | |
637 | return 0; | |
638 | } | |
639 | ||
640 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { | |
641 | fd = 0; | |
642 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
643 | return FAIL_TO_SOFTWARE; | |
644 | } | |
645 | ||
646 | if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd, | |
647 | (unsigned char *)a->d, BN_num_bits(a), | |
648 | (unsigned char *)qinv->d, BN_num_bits(qinv), | |
649 | (unsigned char *)dp->d, BN_num_bits(dp), | |
650 | (unsigned char *)p->d, BN_num_bits(p), | |
651 | (unsigned char *)dq->d, BN_num_bits(dq), | |
652 | (unsigned char *)q->d, BN_num_bits(q), | |
653 | (unsigned char *)r->d, &y_len) != 0) { | |
654 | UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED); | |
655 | p_UBSEC_ubsec_close(fd); | |
656 | return FAIL_TO_SOFTWARE; | |
657 | } | |
658 | ||
659 | p_UBSEC_ubsec_close(fd); | |
660 | ||
661 | r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2; | |
662 | return 1; | |
663 | } | |
664 | ||
665 | #ifndef OPENSSL_NO_DSA | |
666 | #ifdef NOT_USED | |
667 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | |
668 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | |
669 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | |
670 | { | |
671 | BIGNUM t; | |
672 | int to_return = 0; | |
673 | ||
674 | BN_init(&t); | |
675 | /* let rr = a1 ^ p1 mod m */ | |
676 | if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end; | |
677 | /* let t = a2 ^ p2 mod m */ | |
678 | if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end; | |
679 | /* let rr = rr * t mod m */ | |
680 | if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; | |
681 | to_return = 1; | |
682 | end: | |
683 | BN_free(&t); | |
684 | return to_return; | |
685 | } | |
686 | ||
687 | static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, | |
688 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
689 | BN_MONT_CTX *m_ctx) | |
690 | { | |
691 | return ubsec_mod_exp(r, a, p, m, ctx); | |
692 | } | |
693 | #endif | |
694 | #endif | |
695 | ||
696 | /* | |
697 | * This function is aliased to mod_exp (with the mont stuff dropped). | |
698 | */ | |
699 | static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
700 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | |
701 | { | |
702 | int ret = 0; | |
703 | ||
704 | #ifndef OPENSSL_NO_RSA | |
705 | /* Do in software if the key is too large for the hardware. */ | |
706 | if (BN_num_bits(m) > max_key_len) | |
707 | { | |
708 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | |
709 | ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx); | |
710 | } | |
711 | else | |
712 | #endif | |
713 | { | |
714 | ret = ubsec_mod_exp(r, a, p, m, ctx); | |
715 | } | |
716 | ||
717 | return ret; | |
718 | } | |
719 | ||
720 | #ifndef OPENSSL_NO_DH | |
721 | /* This function is aliased to mod_exp (with the dh and mont dropped). */ | |
722 | static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | |
723 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
724 | BN_MONT_CTX *m_ctx) | |
725 | { | |
726 | return ubsec_mod_exp(r, a, p, m, ctx); | |
727 | } | |
728 | #endif | |
729 | ||
730 | #ifndef OPENSSL_NO_DSA | |
731 | static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |
732 | { | |
733 | DSA_SIG *to_return = NULL; | |
734 | int s_len = 160, r_len = 160, d_len, fd; | |
735 | BIGNUM m, *r=NULL, *s=NULL; | |
736 | ||
737 | BN_init(&m); | |
738 | ||
739 | s = BN_new(); | |
740 | r = BN_new(); | |
741 | if ((s == NULL) || (r==NULL)) | |
742 | goto err; | |
743 | ||
744 | d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen); | |
745 | ||
746 | if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) || | |
747 | (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) { | |
748 | UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); | |
749 | goto err; | |
750 | } | |
751 | ||
752 | if (BN_bin2bn(dgst,dlen,&m) == NULL) { | |
753 | UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); | |
754 | goto err; | |
755 | } | |
756 | ||
757 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { | |
758 | const DSA_METHOD *meth; | |
759 | fd = 0; | |
760 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
761 | meth = DSA_OpenSSL(); | |
762 | to_return = meth->dsa_do_sign(dgst, dlen, dsa); | |
763 | goto err; | |
764 | } | |
765 | ||
766 | if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ | |
767 | (unsigned char *)dgst, d_len, | |
768 | NULL, 0, /* compute random value */ | |
769 | (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), | |
770 | (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), | |
771 | (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), | |
772 | (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key), | |
773 | (unsigned char *)r->d, &r_len, | |
774 | (unsigned char *)s->d, &s_len ) != 0) { | |
775 | const DSA_METHOD *meth; | |
776 | ||
777 | UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED); | |
778 | p_UBSEC_ubsec_close(fd); | |
779 | meth = DSA_OpenSSL(); | |
780 | to_return = meth->dsa_do_sign(dgst, dlen, dsa); | |
781 | ||
782 | goto err; | |
783 | } | |
784 | ||
785 | p_UBSEC_ubsec_close(fd); | |
786 | ||
787 | r->top = (160+BN_BITS2-1)/BN_BITS2; | |
788 | s->top = (160+BN_BITS2-1)/BN_BITS2; | |
789 | ||
790 | to_return = DSA_SIG_new(); | |
791 | if(to_return == NULL) { | |
792 | UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); | |
793 | goto err; | |
794 | } | |
795 | ||
796 | to_return->r = r; | |
797 | to_return->s = s; | |
798 | ||
799 | err: | |
800 | if (!to_return) { | |
801 | if (r) BN_free(r); | |
802 | if (s) BN_free(s); | |
803 | } | |
804 | BN_clear_free(&m); | |
805 | return to_return; | |
806 | } | |
807 | ||
808 | static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, | |
809 | DSA_SIG *sig, DSA *dsa) | |
810 | { | |
811 | int v_len, d_len; | |
812 | int to_return = 0; | |
813 | int fd; | |
814 | BIGNUM v; | |
815 | ||
816 | BN_init(&v); | |
817 | ||
818 | if(!bn_wexpand(&v, dsa->p->top)) { | |
819 | UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL); | |
820 | goto err; | |
821 | } | |
822 | ||
823 | v_len = BN_num_bits(dsa->p); | |
824 | ||
825 | d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len); | |
826 | ||
827 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { | |
828 | const DSA_METHOD *meth; | |
829 | fd = 0; | |
830 | UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
831 | meth = DSA_OpenSSL(); | |
832 | to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); | |
833 | goto err; | |
834 | } | |
835 | ||
836 | if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */ | |
837 | (unsigned char *)dgst, d_len, | |
838 | (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), | |
839 | (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), | |
840 | (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), | |
841 | (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key), | |
842 | (unsigned char *)sig->r->d, BN_num_bits(sig->r), | |
843 | (unsigned char *)sig->s->d, BN_num_bits(sig->s), | |
844 | (unsigned char *)v.d, &v_len) != 0) { | |
845 | const DSA_METHOD *meth; | |
846 | UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED); | |
847 | p_UBSEC_ubsec_close(fd); | |
848 | ||
849 | meth = DSA_OpenSSL(); | |
850 | to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); | |
851 | ||
852 | goto err; | |
853 | } | |
854 | ||
855 | p_UBSEC_ubsec_close(fd); | |
856 | ||
857 | to_return = 1; | |
858 | err: | |
859 | BN_clear_free(&v); | |
860 | return to_return; | |
861 | } | |
862 | #endif | |
863 | ||
864 | #ifndef OPENSSL_NO_DH | |
865 | static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh) | |
866 | { | |
867 | int ret = -1, | |
868 | k_len, | |
869 | fd; | |
870 | ||
871 | k_len = BN_num_bits(dh->p); | |
872 | ||
873 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) | |
874 | { | |
875 | const DH_METHOD *meth; | |
876 | ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
877 | meth = DH_OpenSSL(); | |
878 | ret = meth->compute_key(key, pub_key, dh); | |
879 | goto err; | |
880 | } | |
881 | ||
882 | if (p_UBSEC_diffie_hellman_agree_ioctl(fd, | |
883 | (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key), | |
884 | (unsigned char *)pub_key->d, BN_num_bits(pub_key), | |
885 | (unsigned char *)dh->p->d, BN_num_bits(dh->p), | |
886 | key, &k_len) != 0) | |
887 | { | |
888 | /* Hardware's a no go, failover to software */ | |
889 | const DH_METHOD *meth; | |
890 | ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); | |
891 | p_UBSEC_ubsec_close(fd); | |
892 | ||
893 | meth = DH_OpenSSL(); | |
894 | ret = meth->compute_key(key, pub_key, dh); | |
895 | ||
896 | goto err; | |
897 | } | |
898 | ||
899 | p_UBSEC_ubsec_close(fd); | |
900 | ||
901 | ret = p_UBSEC_ubsec_bits_to_bytes(k_len); | |
902 | err: | |
903 | return ret; | |
904 | } | |
905 | ||
906 | static int ubsec_dh_generate_key (DH *dh) | |
907 | { | |
908 | int ret = 0, | |
909 | random_bits = 0, | |
910 | pub_key_len = 0, | |
911 | priv_key_len = 0, | |
912 | fd; | |
913 | BIGNUM *pub_key = NULL; | |
914 | BIGNUM *priv_key = NULL; | |
915 | ||
916 | /* | |
917 | * How many bits should Random x be? dh_key.c | |
918 | * sets the range from 0 to num_bits(modulus) ??? | |
919 | */ | |
920 | ||
921 | if (dh->priv_key == NULL) | |
922 | { | |
923 | priv_key = BN_new(); | |
924 | if (priv_key == NULL) goto err; | |
925 | priv_key_len = BN_num_bits(dh->p); | |
926 | bn_wexpand(priv_key, dh->p->top); | |
927 | do | |
928 | if (!BN_rand_range(priv_key, dh->p)) goto err; | |
929 | while (BN_is_zero(priv_key)); | |
930 | random_bits = BN_num_bits(priv_key); | |
931 | } | |
932 | else | |
933 | { | |
934 | priv_key = dh->priv_key; | |
935 | } | |
936 | ||
937 | if (dh->pub_key == NULL) | |
938 | { | |
939 | pub_key = BN_new(); | |
940 | pub_key_len = BN_num_bits(dh->p); | |
941 | bn_wexpand(pub_key, dh->p->top); | |
942 | if(pub_key == NULL) goto err; | |
943 | } | |
944 | else | |
945 | { | |
946 | pub_key = dh->pub_key; | |
947 | } | |
948 | ||
949 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) | |
950 | { | |
951 | const DH_METHOD *meth; | |
952 | ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
953 | meth = DH_OpenSSL(); | |
954 | ret = meth->generate_key(dh); | |
955 | goto err; | |
956 | } | |
957 | ||
958 | if (p_UBSEC_diffie_hellman_generate_ioctl(fd, | |
959 | (unsigned char *)priv_key->d, &priv_key_len, | |
960 | (unsigned char *)pub_key->d, &pub_key_len, | |
961 | (unsigned char *)dh->g->d, BN_num_bits(dh->g), | |
962 | (unsigned char *)dh->p->d, BN_num_bits(dh->p), | |
963 | 0, 0, random_bits) != 0) | |
964 | { | |
965 | /* Hardware's a no go, failover to software */ | |
966 | const DH_METHOD *meth; | |
967 | ||
968 | ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); | |
969 | p_UBSEC_ubsec_close(fd); | |
970 | ||
971 | meth = DH_OpenSSL(); | |
972 | ret = meth->generate_key(dh); | |
973 | ||
974 | goto err; | |
975 | } | |
976 | ||
977 | p_UBSEC_ubsec_close(fd); | |
978 | ||
979 | dh->pub_key = pub_key; | |
980 | dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2; | |
981 | dh->priv_key = priv_key; | |
982 | dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2; | |
983 | ||
984 | ret = 1; | |
985 | err: | |
986 | return ret; | |
987 | } | |
988 | #endif | |
989 | ||
990 | #ifdef NOT_USED | |
991 | static int ubsec_rand_bytes(unsigned char * buf, | |
992 | int num) | |
993 | { | |
994 | int ret = 0, | |
995 | fd; | |
996 | ||
997 | if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) | |
998 | { | |
999 | const RAND_METHOD *meth; | |
1000 | ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); | |
1001 | num = p_UBSEC_ubsec_bits_to_bytes(num); | |
1002 | meth = RAND_SSLeay(); | |
1003 | meth->seed(buf, num); | |
1004 | ret = meth->bytes(buf, num); | |
1005 | goto err; | |
1006 | } | |
1007 | ||
1008 | num *= 8; /* bytes to bits */ | |
1009 | ||
1010 | if (p_UBSEC_rng_ioctl(fd, | |
1011 | UBSEC_RNG_DIRECT, | |
1012 | buf, | |
1013 | &num) != 0) | |
1014 | { | |
1015 | /* Hardware's a no go, failover to software */ | |
1016 | const RAND_METHOD *meth; | |
1017 | ||
1018 | ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED); | |
1019 | p_UBSEC_ubsec_close(fd); | |
1020 | ||
1021 | num = p_UBSEC_ubsec_bits_to_bytes(num); | |
1022 | meth = RAND_SSLeay(); | |
1023 | meth->seed(buf, num); | |
1024 | ret = meth->bytes(buf, num); | |
1025 | ||
1026 | goto err; | |
1027 | } | |
1028 | ||
1029 | p_UBSEC_ubsec_close(fd); | |
1030 | ||
1031 | ret = 1; | |
1032 | err: | |
1033 | return(ret); | |
1034 | } | |
1035 | ||
1036 | ||
1037 | static int ubsec_rand_status(void) | |
1038 | { | |
1039 | return 0; | |
1040 | } | |
1041 | #endif | |
1042 | ||
1043 | /* This stuff is needed if this ENGINE is being compiled into a self-contained | |
1044 | * shared-library. */ | |
1045 | #ifdef ENGINE_DYNAMIC_SUPPORT | |
1046 | static int bind_fn(ENGINE *e, const char *id) | |
1047 | { | |
1048 | if(id && (strcmp(id, engine_ubsec_id) != 0)) | |
1049 | return 0; | |
1050 | if(!bind_helper(e)) | |
1051 | return 0; | |
1052 | return 1; | |
1053 | } | |
1054 | IMPLEMENT_DYNAMIC_CHECK_FN() | |
1055 | IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) | |
1056 | #endif /* ENGINE_DYNAMIC_SUPPORT */ | |
1057 | ||
1058 | #endif /* !OPENSSL_NO_HW_UBSEC */ | |
1059 | #endif /* !OPENSSL_NO_HW */ |